FCC ID: HEDSMC2555WA EliteConnect 2.4GHz/5GHz Wireless Access Point

 

SMC2555W-AG EliteConnect Universal 2.4GHz/5GHz Wireless Access Point User Guide The easy way to make all your network connections 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 September 2003 Revision Number: R01, F2.0.5 Copyright Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. Copyright 2003 by SMC Networks, Inc. 38 Tesla Irvine, CA 92618 All rights reserved. Trademarks:

SMC is a registered trademark; and EliteConnect are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders. LIMITED WARRANTY Limited Warranty Statement: SMC Networks, Inc. (SMC) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product. The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC Web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an Active SMC product. A product is considered to be Active while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an Active SMC product. A list of discontinued products with their respective dates of discontinuance can be found at:

http://www.smc.com/index.cfm?action=customer_service_warranty. All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product. Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customers expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. i LIMITED WARRANTY Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer. WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMERS SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMCS OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMERS OR ANY THIRD PERSONS MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD. LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase. SMC Networks, Inc. 38 Tesla Irvine, CA 92618 ii COMPLIANCES Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:

Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver

Connect the equipment into an outlet on a circuit different from that to which the receiver is connected

Consult the dealer or an experienc ed radio/TV technician for help FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. IMPORTANT NOTE:

FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20 centimeters (8 inches) between the radiator and your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. iii

COMPLIANCES Industry Canada - Class B This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled Digital Apparatus, ICES-003 of Industry Canada. Cet appareil numrique respecte les limites de bruits radiolectriques applicables aux appareils numriques de Classe B prescrites dans la norme sur le matrial brouilleur: Appareils Numriques, NMB-003 dicte par lIndustrie. EC Conformance Declaration - Class B SMC contact for these products in Europe is:

SMC Networks Europe, Edificio Conata II, Calle Fructus Gelabert 6-8, 2o, 4a, 08970 - Sant Joan Desp, Barcelona, Spain. This information technology equipment complies with the requirements of the Council Directive 89/336/EEC on the Approximation of the laws of the Member States relating to Electromagnetic Compatibility and 73/23/EEC for electrical equipment used within certain voltage limits and the Amendment Directive 93/68/

EEC. For the evaluation of the compliance with these Directives, the following standards were applied:

RFI Emission:

Limit class B according to EN 55022:1998, IEC 60601-1-2

(EMC, medical) Immunity:

Limit class B for harmonic current emission according to EN 61000-3-2/1995

Limitation of voltage fluctuation and flicker in low-voltage supply system according to EN 61000-3-3/1995

Product family standard according to EN 55024:1998

Electrostatic Discharge according to EN 61000-4-2:1995

(Contact Discharge: 4 kV, Air Discharge: 8 kV)

Radio-frequency electromagnetic field according to EN 61000-4-3:1996 (80 - 1000 MHz with 1 kHz AM 80%

Modulation: 3 V/m)

Electrical fast transient/burst according to EN 61000-4-4:1995

(AC/DC power supply: 1 kV, Data/Signal lines: 0.5 kV)

Surge immunity test according to EN 61000-4-5:1995

(AC/DC Line to Line: 1 kV, AC/DC Line to Earth: 2 kV) iv COMPLIANCES Immunity to conducted disturbances, Induced by radio-frequency fields: EN 61000-4-6:1996 (0.15 - 80 MHz with 1 kHz AM 80% Modulation: 3 V/m)

Power frequency magnetic field immunity test according to EN 61000-4-8:1993 (1 A/m at frequency 50 Hz)

Voltage dips, short interruptions and voltage variations immunity test according to EN 61000-4-11:1994 (>95% Reduction @10 ms, 30% Reduction @500 ms, >95% Reduction @5000 ms)

EN 60950 (A1/1992; A2/1993; A3/1993; A4/1995; A11/1997) IEC 60601-1 LVD:

MDD:

Safety Compliance Wichtige Sicherheitshinweise (Germany) 1. Bitte lesen Sie diese Hinweise sorgfltig durch. 2. Heben Sie diese Anleitung fr den spteren Gebrauch auf. 3. Vor jedem Reinigen ist das Gert vom Stromnetz zu trennen. Verwenden Sie keine Flssigoder Aerosolreiniger. Am besten eignet sich ein angefeuchtetes Tuch zur Reinigung. 4. Die Netzanschlu steckdose soll nahe dem Gert angebracht und leicht zugnglich sein. 5. Das Gert ist vor Feuchtigkeit zu schtzen. 6. Bei der Aufstellung des Gertes ist auf sicheren Stand zu achten. Ein Kippen oder Fallen knnte Beschdigungen hervorrufen. 7. Die Belftungsffnungen dienen der Luftzirkulation, die das Gert vor berhitzung schtzt. Sorgen Sie dafr, da diese ffnungen nicht abgedeckt werden. 8. Beachten Sie beim Anschlu an das Stromnetz die Anschluwerte. 9. Verlegen Sie die Netzanschluleitung so, da niemand darber fallen kann. Es sollte auch nichts auf der Leitung abgestellt werden. 10. Alle Hinweise und Warnungen, die sich am Gert befinden, sind zu beachten. 11. Wird das Gert ber einen lngeren Zeitraum nicht benutzt, sollten Sie es vom Stromnetz trennen. Somit wird im Falle einer berspannung eine Beschdigung vermieden. 12. Durch die Lftungsffnungen drfen niemals Gegenstnde oder Flssigkeiten in das Gert gelangen. Dies knnte einen Brand bzw. elektrischen Schlag auslsen. v

COMPLIANCES 13. ffnen sie niemals das Gert. Das Gert darf aus Grnden der elektrischen Sicherheit nur von authorisiertem Servicepersonal geffnet werden. 14. Wenn folgende Situationen auftreten ist das Gert vom Stromnetz zu trennen und von einer qualifizierten Servicestelle zu berprfen:

a. Netzkabel oder Netzstecker sind beschdigt. b. Flssigkeit ist in das Gert eingedrungen. c. Das Gert war Feuchtigkeit ausgesetzt. d. Wenn das Gert nicht der Bedienungsanleitung entsprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. e. Das Gert ist gefallen und/oder das Gehuse ist beschdigt. f. Wenn das Gert deutliche Anzeichen eines Defektes aufweist. 15. Stellen Sie sicher, da die Stromversorgung dieses Gertes nach der EN 60950 geprft ist. Ausgangswerte der Stromversorgung sollten die Werte von AC 7,5-8V, 50-60Hz nicht ber oder unterschreiten sowie den minimalen Strom von 1A nicht unterschreiten. Der arbeitsplatzbezogene Schalldruckpegel nach DIN 45 635 Teil 1000 betrgt 70dB(A) oder weniger. vi 1 2 3 4 5 TABLE OF CONTENTS Introduction . 1-1 Package Checklist . 1-2 Hardware Description . 1-3 Component Description . 1-4 Features and Benefits . 1-7 Applications . 1-8 Hardware Installation . 2-1 Network Configuration . 3-1 Network Topologies . 3-2 Ad Hoc Wireless LAN (no AP or Bridge) . 3-2 Infrastructure Wireless LAN . 3-3 Infrastructure Wireless LAN for Roaming Wireless PCs 3-4 Initial Configuration . 4-1 Initial Setup through the CLI . 4-1 Required Connections . 4-1 Initial Configuration Steps . 4-2 Using Web-based Management . 4-4 System Configuration . 5-1 Advanced Configuration . 5-2 System Identification . 5-4 TCP / IP Settings . 5-5 Radius . 5-7 Authentication . 5-9 Filter Control . 5-13 SNMP . 5-16 Administration . 5-18 System Log . 5-22 Radio Interface . 5-25 Radio Settings (802.11a) . 5-26 Radio Settings (802.11g) . 5-29 Security . 5-31 Status Information . 5-40 Access Point Status . 5-40 Station Status . 5-42 vii TABLE OF CONTENTS Event Logs . 5-44 Command Line Interface . 6-1 Using the Command Line Interface . 6-1 Accessing the CLI . 6-1 Console Connection . 6-1 Telnet Connection . 6-2 Entering Commands . 6-3 Keywords and Arguments . 6-3 Minimum Abbreviation . 6-4 Command Completion . 6-4 Getting Help on Commands . 6-4 Partial Keyword Lookup . 6-5 Negating the Effect of Commands . 6-6 Using Command History . 6-6 Understanding Command Modes . 6-6 Exec Commands . 6-7 Configuration Commands . 6-7 Command Line Processing . 6-8 Command Groups . 6-10 General Commands . 6-11 configure . 6-11 end . 6-12 exit . 6-12 ping . 6-13 reset . 6-14 show history . 6-14 show line . 6-15 System Management Commands . 6-16 prompt . 6-17 system name . 6-18 username . 6-19 password . 6-19 ip http port . 6-20 ip http server . 6-20 logging on . 6-21 logging host . 6-22 logging console . 6-22 6 viii TABLE OF CONTENTS logging level . 6-23 logging facility-type . 6-24 show logging . 6-25 sntp-server ip . 6-25 sntp-server enable . 6-26 sntp-server date-time . 6-27 sntp-server daylight-saving . 6-28 sntp-server timezone . 6-29 show sntp . 6-29 show system . 6-30 show version . 6-31 SNMP Commands . 6-32 snmp-server community . 6-32 snmp-server contact . 6-33 snmp-server enable server . 6-34 snmp-server host . 6-35 snmp-server location . 6-36 show snmp . 6-37 Flash/File Commands . 6-37 bootfile . 6-38 copy . 6-39 delete . 6-40 dir . 6-41 RADIUS Client . 6-42 radius-server address . 6-43 radius-server port . 6-43 radius-server key . 6-44 radius-server retransmit . 6-44 radius-server timeout . 6-45 show radius . 6-46 802.1x Port Authentication . 6-47 802.1x . 6-48 802.1x broadcast-key-refresh-rate . 6-49 802.1x session-key-refresh-rate . 6-50 802.1x session-timeout . 6-51 address filter default . 6-51 address filter entry . 6-52 address filter delete . 6-53 ix TABLE OF CONTENTS mac-authentication server . 6-54 mac-authentication session-timeout . 6-55 show authentication . 6-56 Filtering Commands . 6-57 filter local-bridge . 6-57 filter ap-manage . 6-58 filter ethernet-type enable . 6-59 filter ethernet-type protocol . 6-60 show filters . 6-61 Interface Commands . 6-62 interface . 6-65 dns server . 6-66 ip address . 6-67 ip dhcp . 6-68 shutdown . 6-69 speed-duplex . 6-70 show interface ethernet . 6-71 description . 6-71 closed-system . 6-72 speed . 6-73 channel . 6-74 turbo . 6-75 ssid . 6-76 beacon-interval . 6-76 dtim-period . 6-77 fragmentation-length . 6-78 rts-threshold . 6-79 authentication . 6-80 encryption . 6-81 key . 6-82 transmit-key . 6-83 transmit-power . 6-84 max-association . 6-85 multicast-cipher . 6-86 wpa-clients . 6-87 wpa-mode . 6-89 wpa-preshared-key . 6-90 wpa-psk-type . 6-91 x TABLE OF CONTENTS shutdown . 6-92 show interface wireless . 6-93 show station . 6-94 IAPP Commands . 6-95 iapp . 6-95 VLAN Commands . 6-96 vlan . 6-97 native-vlanid . 6-98 Troubleshooting . A-1 Maximum Distance Table . A-4 Cables and Pinouts . B-1 Twisted-Pair Cable Assignments . B-1 10/100BASE-TX Pin Assignments . B-2 Straight-Through Wiring . B-3 Crossover Wiring . B-3 Console Port Pin Assignments . B-4 Wiring Map for Serial Cable . B-4 Serial Cable Signal Directions for DB-9 Ports . B-5 Serial Cable Signal Directions for DB-25 Ports . B-5 Specifications . C-1 General Specifications . C-1 Sensitivity . C-4 Transmit Power . C-5 A B C Glossary Index xi TABLE OF CONTENTS xii Chapter 1 Introduction SMCs EliteConnect Universal 2.4GHz/5GHz Wireless Access Point (SMC2555W-AG) is an IEEE 802.11a/g access point that provides transparent, wireless high-speed data communications between the wired LAN and fixed, portable or mobile devices equipped with an 802.11a, 802.11b, or 802.11g wireless adapter. This solution offers fast, reliable wireless connectivity with considerable cost savings over wired LANs (which include long-term maintenance overhead for cabling). Using 802.11a, 802.11b, and 802.11g technology, this access point can easily replace a 10 Mbps Ethernet connection or seamlessly integrate into a 10/100 Mbps Ethernet LAN. In addition, the access point offers full network management capabilities through an easy to configure web interface, a command line interface for initial configuration and troubleshooting, and support for Simple Network Management tools, such as SMCs EliteView (available in Q4 of 2003). Radio Characteristics The IEEE 802.11a/g standard uses a radio modulation technique known as Orthogonal Frequency Division Multiplexing (OFDM), and a shared collision domain

(CSMA/CA). It operates at the 5 GHz Unlicensed National Information Infrastructure (UNII) band for connections to 802.11a clients, and at 2.4 GHz for connections to 802.11g clients. IEEE 802.11g includes backward compatibility with the IEEE 802.11b standard. IEEE 802.11b also operates at 2.4 GHz, but uses Direct Sequence Spread Spectrum (DSSS) modulation technology to achieve a communication rate of up to 11 Mbps. 1-1 Introduction The access point also supports a 54 Mbps half-duplex connection to Ethernet networks for each active channel (up to 108 Mbps in turbo mode on the 802.11a interface). Package Checklist The EliteConnect Universal 2.4GHz/5GHz Wireless Access Point package includes:

One Wireless Dual-band Access Point (SMC2555W-AG) One Category 5 network cable One RS-232 console cable One 5.1 VDC power adapter and power cord Four rubber feet Three mounting screws One Documentation CD This User Guide Inform your dealer if there are any incorrect, missing or damaged parts. If possible, retain the carton, including the original packing materials. Use them again to repack the product in case there is a need to return it. Please register this product and upgrade the product warranty at www.smc.com 1-2 Hardware Description Hardware Description Front Panel Antennas Rear Panel Security Slot Console Port RJ-45 Port, PoE Connector Reset Button 5 VDC Power Socket Indicator Panel 1-3 Introduction Component Description Antennas The access point includes two antennas for wireless communications. The signal transmitted from both antennas is identical, but only the best signal received on one of the antennas is used. The antennas transmit the outgoing signal as a toroidal sphere, so the antennas should be adjusted to different angles to provide better coverage. For further information, see Positioning the Antennas on page 2-2. LED Indicators The access point includes four status LED indicators, as described in the following figure and table. Power Ethernet Link/Activity 802.11a Wireless Link/Activity 802.11b/g Wireless Link/Activity LED PWR Status On Flashing Flashing

(Prolonged) Description Indicates that power is being supplied. Indicates -

running a self-test loading software program Indicates system errors Ethernet Link On Indicates a valid 10/100 Mbps Ethernet cable link. Flashing Indicates that the access point is transmitting or receiving data on a 10/100 Mbps Ethernet LAN. Flashing rate is proportional to your network activity. 1-4

LED

.11a Status On Very Slow Flashing Slow Flashing Fast Flashing

.11g On Very Slow Flashing Slow Flashing Fast Flashing Hardware Description Description Indicates a valid 802.11a wireless link. Searching for network association. Associated with network but no activity. Indicates that the access point is transmitting or receiving data through wireless links. Flashing rate is proportional to network activity. Indicates a valid 802.11g or 802.11b wireless link. Searching for network association. Associated with network but no activity. Indicates that the access point is transmitting or receiving data through wireless links. Flashing rate is proportional to network activity. Security Slot The access point includes a Kensington security slot on the rear panel. You can prevent unauthorized removal of the access point by wrapping the Kensington security cable (not provided) around an unmovable object, inserting the lock into the slot, and turning the key. Console Port This port is used to connect a console device to the access point through a serial cable. This connection is described under Console Port Pin Assignments on page B-4. The console device can be a PC or workstation running a VT-100 terminal emulator, or a VT-100 terminal. 1-5 Introduction Ethernet Port The access point has one 10BASE-T/100BASE-TX RJ-45 port that can be attached directly to 10BASE-T/100BASE-TX LAN segments. These segments must conform to the IEEE 802.3 or 802.3u specifications. This port uses an MDI (i.e., internal straight-through) pin configuration. You can therefore use straight-through twisted-pair cable to connect this port to most network interconnection devices such as a switch or router that provide MDI-X ports. However, when connecting the access point to a workstation or other device that does not have MDI-X ports, you must use crossover twisted-pair cable. The access point appears as an Ethernet node and performs a bridging function by moving packets from the wired LAN to remote workstations on the wireless infrastructure. Note: The RJ-45 port also supports Power over Ethernet (PoE) based on the IEEE 802.3af standard. Refer to the description for the Power Connector for information on supplying power to the access points network port from a network device, such as a switch, that provides Power over Ethernet (PoE). Reset Button This button is used to reset the access point or restore the factory default configuration. If you hold down the button for less than 5 seconds, the access point will perform a hardware reset. If you hold down the button for 5 seconds or more, any configuration changes you may have made are removed, and the factory default configuration is restored to the access point. Power Connector The access point does not have a power switch. It is powered on when connected to the AC power adapter, and the power adapter is connected to a power source. The access point automatically 1-6 Features and Benefits adjusts to any voltage between 100-240 volts at 50 or 60 Hz. No voltage range settings are required. The access point may also receive Power over Ethernet (PoE) from a switch or other network device that supplies power over the network cable based on the IEEE 802.3af standard. Note that if the access point is connected to a PoE source device and also connected to a local power source through the AC power adapter, PoE will be disabled. Features and Benefits Local network connection via 10/100 Mbps Ethernet ports or 54 Mbps wireless interface (supporting up to 64 mobile users) IEEE 802.11a, 802.11b, and 802.11g compliant Advanced security through 64/128/152-bit Wired Equivalent Protection (WEP) encryption, IEEE 802.1x port authentication, Wi-Fi Protected Access (WPA), SSID broadcast disable, remote authentication via RADIUS server, and MAC address filtering features to protect your sensitive data and authenticate only authorized users to your network Provides seamless roaming within the IEEE 802.11a, 802.11b, and 802.11g WLAN environment Scans all available channels and selects the best channel for each client based on the signal-to-noise ratio 1-7 Introduction Applications The Wireless products offer a high speed, reliable, cost-effective solution for 10/100 Mbps wireless Ethernet client access to the network in applications such as:

Remote access to corporate network information E-mail, file transfer, and terminal emulation. Difficult-to-wire environments Historical or old buildings, asbestos installations, and open areas where wiring is difficult to employ. Frequently changing environments Retailers, manufacturers, and banks that frequently rearrange the workplace or change location. Temporary LANs for special projects or peak times Trade shows, exhibitions and construction sites which need temporary setup for a short time period. Retailers, airline and shipping companies that need additional workstations for a peak period. Auditors who require workgroups at customer sites. Access to databases for mobile workers Doctors, nurses, retailers, or white-collar workers who need access to databases while being mobile in a hospital, retail store, or an office campus. 1-8 Chapter 2 Hardware Installation 1. Select a Site Choose a proper place for the access point. In general, the best location is at the center of your wireless coverage area, within line of sight of all wireless devices. Try to place the access point in a position that can best cover its Basic Service Set (refer to Infrastructure Wireless LAN on page 3-3). Normally, the higher you place the access point, the better the performance. 2. Mount the Access Point The access point can be mounted on any horizontal surface or wall. Mounting on a horizontal surface To keep the access point from sliding on the surface, attach the four rubber feet provided in the accessory kit to the embossed circles on the bottom of the access point. Mounting on a wall The access point should be mounted only to a wall or wood surface that is at least 1/2-inch plywood or its equivalent. Mark the position of the mounting screws

(included) on the wall. Set the 5/8-inch number 12 wood screws into the wall, leaving about 3 mm (0.12 in.) clearance from the wall. And then slide the access point down onto the screws. 3. Lock the Access Point in Place To prevent unauthorized removal of the access point, you can use a Kensington Slim MicroSaver security cable (not included) to attach the access point to a fixed object. 4. Connect the Power Cord Connect the power adapter to the access point, and the power cord to an AC power outlet. 2-1 Hardware Installation Otherwise, the access point can derive its operating power directly from the RJ-45 port when connected to a device that provides IEEE 802.3af compliant Power over Ethernet (PoE). Note: If the access point is connected to both a PoE source device and an AC power source, PoE will be disabled. Warning: Use ONLY the power adapter supplied with this access point. Otherwise, the product may be damaged. 5. Observe the Self Test When you power on the access point, verify that the PWR indicator stops flashing and remains on, and that the other indicators start functioning as described under LED Indicators on page 1-4. If the PWR LED does not stop flashing, the self test has not completed correctly. Refer to Troubleshooting on page A-1. 6. Connect the Ethernet Cable The access point can be wired to a 10/100 Mbps Ethernet through a network device such as a hub or a switch. Connect your network to the RJ-45 port on the back panel with category 3, 4, or 5 UTP Ethernet cable. When the access point and the connected device are powered on, the Ethernet Link LED should light indicating a valid network connection. Note: The RJ-45 port on the access point uses an MDI pin configuration, so you must use straight-through cable for network connections to hubs or switches that only have MDI-X ports, and crossover cable for network connections to PCs, servers or other end nodes that only have MDI ports. However, if the device to which you are connecting supports auto-MDI/MDI-X operation, you can use either straight-through or crossover cable. 7. Position the Antennas The antennas emit signals along a toroidal plane, and thus provide more effective coverage when positioned along different axes. For example, you might position the antennas around 45 to 90 degrees from each other. 2-2 Hardware Installation The access point also compares the strength of an incoming signal on both antennas, and uses the antenna receiving the stronger signal to communicate with a wireless client. 8. Connect the Console Port Connect the console cable

(included) to the RS-232 console port for accessing the command-line interface. You can manage the access point using the console port (Chapter 6), the web interface

(Chapter 5), or SNMP management software such as SMCs EliteView. 2-3 Hardware Installation 2-4 Chapter 3 Network Configuration The wireless solution supports a stand-alone wireless network configuration as well as an integrated configuration with 10/100 Mbps Ethernet LANs. Wireless network cards, adapters, and access points can be configured as:

Ad hoc for departmental, SOHO, or enterprise LANs Infrastructure for wireless LANs Infrastructure wireless LAN for roaming wireless PCs The 802.11b and 802.11g frequency band which operates at 2.4 GHz can easily encounter interference from other 2.4 GHz devices, such as other 802.11b or g wireless devices, cordless phones and microwave ovens. If you experience poor wireless LAN performance, try the following measures:

Limit any possible sources of radio interference within the service area Increase the distance between neighboring access points Decrease the signal strength of neighboring access points Increase the channel separation of neighboring access points

(e.g., up to 3 channels of separation for 802.11b, up to 4 channels for 802.11a, or up to 5 channels for 802.11g) 3-1 Network Configuration Network Topologies Ad Hoc Wireless LAN (no AP or Bridge) An ad hoc wireless LAN consists of a group of computers, each equipped with a wireless adapter, connected via radio signals as an independent wireless LAN. Computers in a specific ad hoc wireless LAN must therefore be configured to the same radio channel. Ad Hoc Wireless LAN Notebook with Wireless USB Adapter Notebook with Wireless PC Card PC with Wireless PCI Adapter 3-2 Network Topologies Infrastructure Wireless LAN The access point also provides access to a wired LAN for wireless workstations. An integrated wired/wireless LAN is called an Infrastructure configuration. A Basic Service Set (BSS) consists of a group of wireless PC users, and an access point that is directly connected to the wired LAN. Each wireless PC in this BSS can talk to any computer in its wireless group via a radio link, or access other computers or network resources in the wired LAN infrastructure via the access point. The infrastructure configuration not only extends the accessibility of wireless PCs to the wired LAN, but also increases the effective wireless transmission range for wireless PCs by passing their signal through one or more access points. A wireless infrastructure can be used for access to a central database, or for connection between mobile workers, as shown in the following figure. Wired LAN Extension to Wireless Adapters File Server Desktop PC Switch Notebook with Wireless PC Card Adapter Access Point PC with Wireless PCI Adapter 3-3 Network Configuration Infrastructure Wireless LAN for Roaming Wireless PCs The Basic Service Set (BSS) is the communications domain for each wireless access point. For wireless PCs that do not need to support roaming, set the domain identifier (SSID) for the wireless card to the SSID of the access point to which you want to connect. Check with your administrator for the SSID of the access point or bridge to which he wants you to connect. A wireless infrastructure can also support roaming for mobile workers. More than one access point can be configured to create an Extended Service Set (ESS). By placing the access points so that a continuous coverage area is created, wireless users within this ESS can roam freely. All SMC wireless network cards and adapters and SMC2555W-AG wireless access points within a specific ESS must be configured with the same SSID. File Server Desktop PC Switch Notebook with Wireless PC Card Adapter Switch Access Point

<BSS2>

Notebook with Wireless PC Card Adapter Access Point PC with Wireless PCI Adapter

<ESS>

<BSS1>

Seamless Roaming 3-4 Chapter 4 Initial Configuration The EliteConnect Universal 2.4GHz/5GHz Wireless Access Point SMC2555W-AG offers a variety of management options, including a web-based interface, a direct connection to the console port, or using SNMP software such as SMCs EliteView. The initial configuration steps can be made through the web browser interface using the Setup Wizard (page 4-4). The default IP address is 192.168.2.2. If this address is not compatible with your network, you can first use the command line interface (CLI) as described below to configure a valid address. Initial Setup through the CLI Required Connections The SMC2555W-AG provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuration. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the access point. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown on page B-4. To connect to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC running terminal emulation software, and tighten the captive retaining screws on the DB-9 connector. 4-1 Initial Configuration 2. Connect the other end of the cable to the RS-232 serial port on the access point. 3. Make sure the terminal emulation software is set as follows:

Select the appropriate serial port (COM port 1 or 2). Set the data rate to 9600 baud. Set the data format to 8 data bits, 1 stop bit, and no parity. Set flow control to none. Set the emulation mode to VT100. When using HyperTerminal, select Terminal keys, not Windows keys. Note: When using HyperTerminal with Microsoft Windows 2000, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminals VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs. 4. Once you have set up the terminal correctly, press the [Enter]

key to initiate the console connection. The console login screen will be displayed. For a description of how to use the CLI, see Using the Command Line Interface on page 6-1. For a list of all the CLI commands and detailed information on using the CLI, refer to Command Groups on page 6-10. Initial Configuration Steps Logging In Enter admin for the user name. The default password is null, so just press [Enter] at the password prompt. The CLI prompt appears displaying the access points model number. Username: admin Password:

SMC Enterprise AP#

4-2 Initial Setup through the CLI Setting the IP Address By default, the access point is configured to obtain IP address settings from a DHCP server. You will therefore have to use the command line interface (CLI) to assign an IP address that is compatible with your network. Type configure to enter configuration mode, then type interface ethernet to access the Ethernet interface-configuration mode. SMC Enterprise AP#configure SMC Enterprise AP(config)#interface ethernet SMC Enterprise AP(config-if)#

First type no dhcp to disable DHCP client mode. Then type ip address ip-address netmask gateway, where ip-address is the access points IP address, netmask is the network mask for the network, and gateway is the default gateway router. Check with your system administrator to obtain an IP address that is compatible with your network. SMC Enterprise AP(if-ethernet)#no dhcp SMC Enterprise AP(if-ethernet)#ip address 192.168.2.2 255.255.255.0 192.168.2.254 SMC Enterprise AP(if-ethernet)#

After configuring the access points IP parameters, you can access the management interface from anywhere within the attached network. The command line interface can also be accessed using Telnet from any computer attached to the network. 4-3 Initial Configuration Using Web-based Management Setup Wizard There are only a few basic steps you need to complete to connect the SMC2555W-AG to your corporate network, and provide network access to wireless clients. The Setup Wizard takes you through configuration procedures for the wireless Service Set Identifier, the radio channel selection, IP configuration, and basic WEP authentication for wireless clients. The SMC2555W-AG can be managed by any computer using a web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Enter the default IP address:

http://192.168.2.2 4-4 Using Web-based Management Logging In Enter the username smcadmin, the password admin, and click LOGIN. For information on configuring a user name and password, refer to page 5-18. The home page displays the Main Menu. 4-5 Initial Configuration Launching the Setup Wizard To perform initial configuration, click Setup Wizard on the home page, then click on the [Next]

button to start the process. 1. Service Set ID Enter the service set identifier in the SSID box which all wireless clients must use to associate with the access point. The SSID is case sensitive and can consist of up to 32 alphanumeric characters.

(Default: SMC) 4-6 Using Web-based Management 2. Radio Channel You must enable radio communications for 802.11a and 802.11b/g, and set the operating radio channel.

802.11a Turbo Mode If you select Enable, the access point will operate in turbo mode with a data rate of up to 108 Mbps. Normal mode support 13 channels, Turbo mode supports only 5 channels. (Default: Disable) 802.11a Radio Channel Set the operating radio channel number. (Default: 64ch, 5.320GHz) Auto Channel Select Select Enable for automatic radio channel detection. (Default: Enable)

802.11b/g 802.11g Radio Channel: Set the operating radio channel number. (Default: 1) Note: Available channel settings are limited by local regulations which determine which channels are available. (See Maximum Channels on page C-1.) 4-7 Initial Configuration 3. IP Configuration Either enable or disable (Dynamic Host Configuration Protocol (DHCP) for automatic IP configuration. If you disable DHCP, then manually enter the IP address and subnet mask. If a management station exists on another network segment, then you must enter the IP address for a gateway that can route traffic between these segments. Then enter the IP address for the primary and secondary Domain Name Servers (DNS) servers to be used for host-name to IP address resolution. DHCP Client With DHCP Client enabled, the IP address, subnet mask and default gateway can be dynamically assigned to the access point by the network DHCP server.

(Default: Disable) Note: If there is no DHCP server on your network, then the access point will automatically start up with its default IP address, 192.168.2.2. 4-8 Using Web-based Management 4. Security Set the Authentication Type to Open System to allow open access without authentication, or Shared Key to require authentication based on a shared key. Enable Wired Equivalent Privacy (WEP) to encrypt data transmissions. To configure other security features use the Advanced Setup menu as described in Chapter 5. Authentication Type Use Open System to allow open access to all wireless clients without performing authentication, or Shared Key to perform authentication based on a shared key that has been distributed to all stations. (Default: Open System) WEP Wired Equivalent Privacy is used to encrypt transmissions passing between wireless clients and the access point. (Default: Disabled) Shared Key Setup If you selected Shared Key authentication type or enabled WEP, then you also need to configure the shared key by selecting 64-bit or 128-bit key 4-9 Initial Configuration type, and entering a hexadecimal or ASCII string of the appropriate length. The key can be entered as alphanumeric characters or hexadecimal (0~9, A~F, e.g., D7 0A 9C 7F E5).

(Default: 128 bit, hexadecimal key type) 64-Bit Manual Entry: The key can contain 10 hexadecimal digits, or 5 alphanumeric characters. 128-Bit Manual Entry: The key can contain 26 hexadecimal digits or 13 alphanumeric characters. Note: All wireless devices must be configured with the same Key ID values to communicate with the access point. 5. Click Finish. 6. Click the OK button to restart the access point. 4-10 Chapter 5 System Configuration Before continuing with advanced configuration, first complete the initial configuration steps described in Chapter 4 to set up an IP address for the SMC2555W-AG. The SMC2555W-AG can be managed by any computer using a web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Enter the default IP address:

http://192.168.2.2 To log into the SMC2555W-AG, enter the default user name smcadmin and password smc. When the home page displays, click on Advanced Setup. The following page will display. 5-1 System Configuration The information in this chapter is organized to reflect the structure of the web screens for easy reference. However, we recommend that you configure a user name and password as the first step under advanced configuration to control management access to this device (page 5-18). Advanced Configuration The Advanced Configuration pages include the following options. Menu System Identification Description Configures basic administrative and client access Specifies the host name and Service Set Identifier (SSID) TCP / IP Settings Configures the IP address, subnet mask, gateway, and domain name servers Configures the RADIUS server for wireless client authentication Configures 802.1x client authentication, with an option for MAC address authentication Filters communications between wireless clients, access to the management interface from wireless clients, and traffic matching specific Ethernet protocol types Controls access to this access point from management stations using SNMP, as well as the hosts that will receive trap messages Configures user name and password for management access; upgrades software from local file, FTP or TFTP server; resets configuration settings to factory defaults;

and resets the access point Controls logging of error messages; sets the system clock via SNTP server or manual configuration Radius Authentication Filter Control SNMP Administration System Log 5-2 Page 5-4 5-4 5-5 5-7 5-9 5-13 5-16 5-18 5-22 Advanced Configuration Menu Radio Interface 1 Configures the IEEE 802.11a interface Description Radio Settings Security Configures radio signal parameters, such as radio channel, transmission rate, and beacon settings Configures data encryption with Wired Equivalent Protection (WEP) or Wi-Fi Protected Access (WPA) Radio Interface 2 Configures the IEEE 802.11b/g interface Radio Settings Security Configures radio signal parameters, such as radio channel, transmission rate, and beacon settings Configures data encryption with Wired Equivalent Protection (WEP) or Wi-Fi Protected Access (WPA) Page 5-25 5-26 5-31 5-25 5-29 5-31 5-3 System Configuration System Identification The system information parameters for the SMC2555W-AG can be left at their default settings. However, modifying these parameters can help you to more easily distinguish different devices in your network. You should set a Service Set Identification (SSID) to identify the wireless network service provided by the SMC2555W-AG. Only clients with the same SSID can associate with the access point. System Name An alias for the access point, enabling the device to be uniquely identified on the network. (Default: Enterprise AP;

Range: 1-22 characters) SSID The name of the basic service set provided by the access point. Clients that want to connect to the network through the access point must set their SSID to the same as that of the access point. (Default: SMC; Range: 1-32 characters) 5-4 Advanced Configuration TCP / IP Settings Configuring the SMC2555W-AG with an IP address expands your ability to manage the access point. A number of access point features depend on IP addressing to operate. Note: You can use the web browser interface to access IP addressing only if the access point already has an IP address that is reachable through your network. By default, the SMC2555W-AG will be automatically configured with IP settings from a Dynamic Host Configuration Protocol

(DHCP) server. However, if you are not using a DHCP server to configure IP addressing, use the CLI to manually configure the initial IP values (page 4-2). After you have network access to the access point, you can use the web browser interface to modify the initial IP configuration, if needed. Note: If there is no DHCP server on your network, or DHCP fails, the access point will automatically start up with a default IP address of 192.168.2.2. 5-5 System Configuration DHCP Client (Enable) Select this option to obtain the IP settings for the access point from a DHCP (Dynamic Host Configuration Protocol) server. The IP address, subnet mask, default gateway, and Domain Name Server (DNS) address are dynamically assigned to the access point by the network DHCP server. (Default: Disable) DHCP Client (Disable) Select this option to manually configure a static address for the access point. IP Address: The IP address of the access point. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Subnet Mask: The mask that identifies the host address bits used for routing to specific subnets. Default Gateway: The default gateway is the IP address of the router for the access point, which is used if the requested destination address is not on the local subnet. If you have management stations, DNS, RADIUS, or other network servers located on another subnet, type the IP address of the default gateway router in the text field provided. Otherwise, leave the address as all zeros (0.0.0.0). Primary and Secondary DNS Address: The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses. If you have one or more DNS servers located on the local network, type the IP addresses in the text fields provided. Otherwise, leave the addresses as all zeros (0.0.0.0). 5-6 Advanced Configuration Radius Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of user credentials for each user that requires access to the network. A primary RADIUS server must be specified for the SMC2555W-AG to implement IEEE 802.1x network access control and Wi-Fi Protected Access (WPA) wireless security. A secondary RADIUS server may also be specified as a backup should the primary server fail or become inaccessible. Note: This guide assumes that you have already configured RADIUS server(s) to support the access point. Configuration of RADIUS server software is beyond the scope of this guide, refer to the documentation provided with the RADIUS server software. 5-7 System Configuration Primary Radius Server Setup Configure the following settings to use RADIUS authentication on the access point. IP Address: Specifies the IP address or host name of the RADIUS server. Port: The UDP port number used by the RADIUS server for authentication messages. (Range: 1024-65535;

Default: 1812) Key: A shared text string used to encrypt messages between the access point and the RADIUS server. Be sure that the same text string is specified on the RADIUS server. Do not use blank spaces in the string. (Maximum length: 255 characters) Timeout: Number of seconds the access point waits for a reply from the RADIUS server before resending a request.

(Range: 1-60 seconds; Default: 5) Retransmit attempts: The number of times the access point tries to resend a request to the RADIUS server before authentication fails. (Range: 1-30; Default: 3) Note: For the Timeout and Retransmit attempts fields, accept the default values unless you experience problems connecting to the RADIUS server over the network. Secondary Radius Server Setup Configure a secondary RADIUS server to provide a backup in case the primary server fails. The access point uses the secondary server if the primary server fails or becomes inaccessible. Once the access point switches over to the secondary server, it periodically attempts to establish communication again with primary server. If communication with the primary server is re-established, the secondary server reverts to a backup role. 5-8 Advanced Configuration Authentication Wireless clients can be authenticated for network access by checking their MAC address against the local database configured on the access point, or by using the IEEE 802.1x network access authentication protocol to look up their MAC addresses on a RADIUS server. The 802.1x protocol can also be configured to check other user credentials such as a user name and password. 5-9 System Configuration MAC Authentication You can configure a list of the MAC addresses for wireless clients that are authorized to access the network. This provides a basic level of authentication for wireless clients attempting to gain access to the network. A database of authorized MAC addresses can be stored locally on the SMC2555W-AG or remotely on a central RADIUS server.

(Default: Local MAC) Local MAC: The MAC address of the associating station is compared against the local database stored on the access point. The Local MAC Authentication section enables the local database to be set up. Radius MAC: The MAC address of the associating station is sent to a configured RADIUS server for authentication. When using a RADIUS authentication server for MAC address authentication, the server must first be configured in the Radius window (page 5-7). Disable: No checks are performed on an associating stations MAC address. Local MAC Authentication Configures the local MAC authentication database. The MAC database provides a mechanism to take certain actions based on a wireless clients MAC address. The MAC list can be configured to allow or deny network access to specific clients. System Default: Specifies a default action for all unknown MAC addresses (that is, those not listed in the local MAC database).

Deny: Blocks access for all MAC addresses except those listed in the local database as allowed. Allow: Permits access for all MAC addresses except those listed in the local database as denied.

5-10 Advanced Configuration MAC Authentication Settings: Enters specified MAC addresses and permissions into the local MAC database.

- MAC Address: Physical address of a client. Enter six pairs of hexadecimal digits separated by hyphens; for example, 00-90-D1-12-AB-89. Permission: Select Allow to permit access or Deny to block access. If Delete is selected, the specified MAC address entry is removed from the database. Update: Enters the specified MAC address and permission setting into the local database.

MAC Authentication Table: Displays current entries in the local MAC database. 802.1x Setup IEEE 802.1x is a standard framework for network access control that uses a central RADIUS server for user authentication. This control feature prevents unauthorized access to the network by requiring an 802.1x client application to submit user credentials for authentication. The 802.1x standard uses the Extensible Authentication Protocol (EAP) to pass user credentials

(either digital certificates, user names and passwords, or other) from the client to the RADIUS server. Client authentication is then verified on the RADIUS server before the access point grants client access to the network. The 802.1x EAP packets are also used to pass dynamic unicast session keys and static broadcast keys to wireless clients. Session keys are unique to each client and are used to encrypt and correlate traffic passing between a specific client and the access point. You can also enable broadcast key rotation, so the access point provides a dynamic broadcast key and changes it at a specified interval. You can enable 802.1x as optionally supported or as required to enhance the security of the wireless network. Disable: The access point does not support 802.1x authentication for any wireless client. After successful 5-11 System Configuration wireless association with the access point, each client is allowed to access the network. Supported: The access point supports 802.1x authentication only for clients initiating the 802.1x authentication process (the access point does not initiate 802.1x authentication). For clients initiating 802.1x, only those successfully authenticated are allowed to access the network. For those clients not initiating 802.1x, access to the network is allowed after successful wireless association with the access point. Required: The access point enforces 802.1x authentication for all associated wireless clients. If 802.1x authentication is not initiated by a client, the access point will initiate authentication. Only those clients successfully authenticated with 802.1x are allowed to access the network. When 802.1x is enabled, the broadcast and session key rotation intervals can also be configured. Broadcast Key Refresh Rate: Sets the interval at which the broadcast keys are refreshed for stations using 802.1x dynamic keying. (Range: 0-1440 minutes; Default: 0 means disabled) Session Key Refresh Rate: The interval at which the access point refreshes unicast session keys for associated clients.

(Range: 0-1440 minutes; Default: 0 means disabled) 802.1x Re-authentication Refresh Rate: The time period after which a connected client must be re-authenticated. During the re-authentication process of verifying the clients credentials on the RADIUS server, the client remains connected the network. Only if re-authentication fails is network access blocked. (Range: 0-65535 seconds; Default: 0 means disabled) 5-12 Advanced Configuration Filter Control The access point can employ VLAN ID and network traffic frame filtering to control access to network resources and increase security. 5-13 System Configuration Native VLAN ID The VLAN ID assigned to wireless clients that are not assigned to a specific VLAN by RADIUS server configuration. VLAN Enables or disables VLAN tagging support on the SMC2555W-AG. If enabled, the access point will tag traffic passing from wireless clients to the wired network with the VLAN ID associated with each client on the RADIUS server. Up to 64 VLAN IDs can be mapped to specific wireless clients, allowing users to remain within the same VLAN as they move around a campus site. This feature can also be used to control access to network resources from wireless clients, thereby improving security. A VLAN ID (1-4095) is assigned to a client after successful authentication using IEEE 802.1x and a central RADIUS server. The user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network. If a user does not have a configured VLAN ID, the access point assigns the user to its own configured native VLAN ID. When setting up VLAN IDs for each user on the RADIUS server, be sure to use the RADIUS attributes and values as indicated in the following table. Number 64 65 81 RADIUS Attribute Tunnel-Type Tunnel-Medium-Type Tunnel-Private-Group Value VLAN (13) 802 VLANID

(1 to 4095 in hexadecimal) Note: The specific configuration of RADIUS server software is beyond the scope of this guide. Refer to the documentation provided with the RADIUS server software. 5-14 Advanced Configuration When VLAN filtering is enabled, the access point must also have 802.1x authentication enabled and a RADIUS server configured. Wireless clients must also support 802.1x client software to be assigned to a specific VLAN. When VLAN filtering is disabled, the access point ignores the VLAN tags on any received frames. Local Bridge Filter Controls wireless-to-wireless communications between clients through the SMC2555W-AG. However, it does not affect communications between wireless clients and the wired network. Disable: Allows wireless-to-wireless communications between clients through the access point. Enable: Blocks wireless-to-wireless communications between clients through the access point. AP Management Filter Controls management access to the SMC2555W-AG from wireless clients. Management interfaces include the web, Telnet, or SNMP. Disable: Allows management access from wireless clients. Enable: Blocks management access from wireless clients. Ethernet Type Filter Controls checks on the Ethernet type of all incoming and outgoing Ethernet packets against the protocol filtering table. Disable: Access point does not filter Ethernet protocol types. Enable: Access point filters Ethernet protocol types based on the configuration of protocol types in the filter table. If a protocol has its status set to ON, the protocol is filtered from the access point. 5-15 System Configuration SNMP You can use a network management application such as SMCs EliteView (EliteView v6.11, available in Q4 of 2003) to manage the SMC2555W-AG via the Simple Network Management Protocol (SNMP) from a network management station. To implement SNMP management, the SMC2555W-AG must have an IP address and subnet mask, configured either manually or dynamically. Once an IP address has been configured, appropriate SNMP communities and trap receivers should be configured. Community names are used to control management access to SNMP stations, as well as to authorize SNMP stations to receive trap messages from the access point. To communicate with the access point, a management station must first submit a valid community name for authentication. You therefore need to assign community names to specified users or user groups and set the access level. 5-16 Advanced Configuration SNMP Enables or disables SNMP management access and also enables the access point to send SNMP traps (notifications). SNMP management is enabled by default. Location A text string that describes the system location.

(Maximum length: 20 characters) Contact A text string that describes the system contact.

(Maximum length: 255 characters) Community Name (Read Only) Defines the SNMP community access string that has read-only access. Authorized management stations are only able to retrieve MIB objects. (Maximum length:

23 characters, case sensitive) Community Name (Read/Write) Defines the SNMP community access string that has read/write access. Authorized management stations are able to both retrieve and modify MIB objects. (Maximum length: 23 characters, case sensitive) Trap Destination IP Address Specifies the recipient of SNMP notifications. Enter the IP address or the host name. (Host Name:

1 to 20 characters) Trap Destination Community Name The community string sent with the notification operation. (Maximum length: 23 characters) 5-17 System Configuration Administration Changing the Password Management access to the web and CLI interface on the SMC2555W-AG is controlled through a single user name and password. You can also gain additional access security by using control filters (see Filter Control on page 5-13). To protect access to the management interface, you need to configure an Administrators user name and password as soon as possible. If the user name and password are not configured, then anyone having access to the access point may be able to compromise access point and network security. Note: Pressing the Reset button on the back of the SMC2555W-AG for more than five seconds resets the user name and password to the factory defaults. For this reason, we recommend that you protect the access point from physical access by unauthorized persons. Username The name of the user. The default name is admin.

(Length: 3-16 characters, case sensitive.) New Password The password for management access.

(Length: 3-16 characters, case sensitive) Confirm New Password Enter the password again for verification. 5-18 Advanced Configuration Upgrading Firmware You can upgrade new SMC2555W-AG software from a local file on the management workstation, or from an FTP or TFTP server. New software may be provided periodically on SMCs web site

(http://www.smc.com). After upgrading new software, you must reboot the SMC2555W-AG to implement the new code. Until a reboot occurs, the SMC2555W-AG will continue to run the software it was using before the upgrade started. Also note that rebooting the access point with new software will reset the configuration to the factory default settings. 5-19 System Configuration Before upgrading new software, verify that the SMC2555W-AG is connected to the network and has been configured with a compatible IP address and subnet mask. If you need to download from an FTP or TFTP server, take the following additional steps:

Obtain the IP address of the FTP or TFTP server where the access point software is stored. If upgrading from an FTP server, be sure that you have an account configured on the server with a user name and password. If VLANs are configured on the access point, determine the VLAN ID with which the FTP or TFTP server is associated, and then configure the management station with the same VLAN ID. If you are managing the access point from a wireless client, the VLAN ID for the the wireless client must be configured on a RADIUS server. Current version Version number of runtime code. Firmware Upgrade Local Downloads an operation code image file from the web management station to the access point using HTTP. Use the Browse button to locate the image file locally on the management station and click Start Upgrade to proceed. New firmware file: Specifies the name of the code file on the server. The new firmware file name should not contain slashes

(\ or /), the leading letter of the file name should not be a period

(.), and the maximum length for file names is 32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, .,

-, _) 5-20 Advanced Configuration Firmware Upgrade Remote Downloads an operation code image file from a specified remote FTP or TFTP server. After filling in the following fields, click Start Upgrade to proceed. New firmware file: Specifies the name of the code file on the server. The new firmware file name should not contain slashes

(\ or /), the leading letter of the file name should not be a period

(.), and the maximum length for file names on the FTP/TFTP server is 255 characters or 32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, ., -, _) IP Address: IP address or host name of FTP or TFTP server. Username: The user ID used for login on an FTP server. Password: The password used for login on an FTP server. Restore Factory Settings Click the Restore button to reset the configuration settings for the SMC2555W-AG to the factory defaults and reboot the system. Note that all user configured information will be lost. You will have to re-enter the default user name (admin) to re-gain management access to this device. Reset Access Point Click the Reset button to reboot the system. Note: If you have upgraded system software, then you must reboot the SMC2555W-AG to implement the new operation code. 5-21 System Configuration System Log The SMC2555W-AG can be configured to send event and error messages to a System Log Server. The system clock can also be synchronized with a time server, so that all the messages sent to the Syslog server are stamped with the correct time and date. Enabling System Logging The SMC2555W-AG supports a logging process that can control error messages saved to memory or sent to a Syslog server. The logged messages serve as a valuable tool for isolating access point and network problems. System Log Setup Enables the logging of error messages. Logging Host Enables the sending of log messages to a Syslog server host. 5-22 Advanced Configuration Server Name/IP The IP address or name of a Syslog server. Logging Console Enables the logging of error messages to the console. Logging Level Sets the minimum severity level for event logging. The system allows you to limit the messages that are logged by specifying a minimum severity level. The following table lists the error message levels from the most severe (Alert) to least severe

(Debug). The message levels that are logged include the specified minimum level up to the Alert level. Error Level Alerts Critical Error Warning Notice Informational Debug Description Immediate action needed Critical conditions (e.g., memory allocation, or free memory error - resource exhausted) Error conditions (e.g., invalid input, default used) Warning conditions (e.g., return false, unexpected return) Normal but significant condition, such as cold start Informational messages only Debugging messages Note: The access point error log can be viewed using the Event Logs window in the Status section (page 5-44).The Event Logs window displays the last 128 messages logged in chronological order, from the newest to the oldest. Log messages saved in the access points memory are erased when the device is rebooted. Configuring SNTP Simple Network Time Protocol (SNTP) allows the SMC2555W-AG to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the access point enables the system log to record meaningful dates and times for event entries. If the clock is 5-23 System Configuration not set, the access point will only record the time from the factory default set at the last bootup. The SMC2555W-AG acts as an SNTP client, periodically sending time synchronization requests to specific time servers. You can configure up to two time server IP addresses. The access point will attempt to poll each server in the configured sequence. SNTP Server Configures the access point to operate as an SNTP client. When enabled, at least one time server IP address must be specified. Primary Server: The IP address of an SNTP or NTP time server that the access point attempts to poll for a time update. Secondary Server: The IP address of a secondary SNTP or NTP time server. The access point first attempts to update the time from the primary server; if this fails it attempts an update from the secondary server. Note: The SMC2555W-AG also allows you to disable SNTP and set the system clock manually using the CLI. Set Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earths prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours your time zone is located before (east) or after

(west) UTC. Enable Daylight Saving The access point provides a way to automatically adjust the system clock for Daylight Savings Time changes. To use this feature you must define the month and date to begin and to end the change from standard time. During this period the system clock is set back by one hour. 5-24 Radio Interface Radio Interface The IEEE 802.11a and 802.11g interfaces include configuration options for radio signal characteristics and wireless security features. The configuration options are nearly identical, and are therefore both covered in this section of the manual. The access point can operate in three modes, IEEE 802.11a only, 802.11b/g only, or a mixed 802.11a/b/g mode. Also note that 802.11g is backward compatible with 802.11b. These interfaces are configured independently under the following web pages:

Radio Interface 1: 802.11a Radio Interface 2: 802.11b/g Note: The radio channel settings for the SMC2555W-AG are limited by local regulations, which determine the number of channels that are available. 5-25 System Configuration Radio Settings (802.11a) The IEEE 802.11a interface operates within the 5 GHz band, at up to 54 Mbps in normal mode or up to 108 Mbps in Turbo mode. Enable Enables radio communications on the SMC2555W-AG.

(Default: Enabled) Turbo Mode The normal 802.11a wireless operation mode provides connections up to 54 Mbps. Turbo Mode is an enhanced mode (not regulated in IEEE 802.11a) that provides a higher data rate of up to 108 Mbps. Enabling Turbo Mode allows the SMC2555W-AG to provide connections up to 108 Mbps.

(Default: Disabled) 5-26 Radio Interface Note: In normal mode, the access point provides a channel bandwidth of 20 MHz, and supports the maximum number of channels permitted by local regulations (e.g., 11 channels for the United States). In Turbo Mode, the channel bandwidth is increased to 40 MHz to support the increased data rate. However, this reduces the number of channels supported (e.g., 5 channels for the United States). Normal Mode Turbo Mode Radio Channel The radio channel that the access point uses to communicate with wireless clients. When multiple access points are deployed in the same area, set the channel on neighboring access points at least four channels apart to avoid interference with each other. For example, in the United States you can deploy up to four access points in the same area (e.g., channels 36, 56, 149, 165). Also note that the channel for wireless clients is automatically set to the same as that used by the access point to which it is linked. (Default:

Channel 60 for normal mode, and channel 42 for Turbo mode) Auto Channel Select Enables the access point to automatically select an unoccupied radio channel. (Default: Enabled) Transmit Power Adjusts the power of the radio signals transmitted from the access point. The higher the transmission power, the farther the transmission range. Power selection is not just a trade off between coverage area and maximum supported clients. You also have to ensure that high-power signals do not interfere with the operation of other radio devices in the service area. (Options: 100%, 50%, 25%, 12%, minimum; Default: 100%) 5-27 System Configuration Maximum Supported Rate The maximum data rate at which a client can connect to the access point. The maximum transmission distance is affected by the data rate. The lower the data rate, the longer the transmission distance.

(Options: 54, 48, 36, 24 Mbps; Default: 54 Mbps) Beacon Interval The rate at which beacon signals are transmitted from the access point. The beacon signals allow wireless clients to maintain contact with the access point. They may also carry power-management information.

(Range: 20-1000 TUs; Default: 100 TUs) Data Beacon Rate The rate at which stations in sleep mode must wake up to receive broadcast/multicast transmissions. Known also as the Delivery Traffic Indication Map (DTIM) interval, it indicates how often the MAC layer forwards broadcast/multicast traffic, which is necessary to wake up stations that are using Power Save mode. The default value of 2 indicates that the access point will save all broadcast/multicast frames for the Basic Service Set (BSS) and forward them after every second beacon. Using smaller DTIM intervals delivers broadcast/multicast frames in a more timely manner, causing stations in Power Save mode to wake up more often and drain power faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames.

(Range: 1-255 beacons; Default: 2 beacons) RTS Threshold Sets the packet size threshold at which a Request to Send (RTS) signal must be sent to a receiving station prior to the sending station starting communications. The access point sends RTS frames to a receiving station to negotiate the sending of a data frame. After receiving an RTS frame, the station sends a CTS (clear to send) frame to notify the sending station that it can start sending data. 5-28 Radio Interface If the RTS threshold is set to 0, the access point never sends RTS signals. If set to 2347, the access point always sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send /

Clear to Send) mechanism will be enabled. The access points contending for the medium may not be aware of each other. The RTS/CTS mechanism can solve this Hidden Node Problem. (Range: 0-2347 bytes: Default: 2347 bytes) Radio Settings (802.11g) The IEEE 802.11g standard operates within the 2.4 GHz band at up to 54 Mbps. Also note that because the IEEE 802.11g standard is an extension of the IEEE 802.11b standard, it allows clients with 802.11b wireless network cards to associate to an 802.11g access point. 5-29 System Configuration Enable Enables radio communications on the SMC2555W-AG.

(Default: Enabled) Radio Channel The radio channel that the access point uses to communicate with wireless clients. When multiple access points are deployed in the same area, set the channel on neighboring access points at least five channels apart to avoid interference with each other. For example, in the United States you can deploy up to three access points in the same area (e.g., channels 1, 6, 11). Also note that the channel for wireless clients is automatically set to the same as that used by the access point to which it is linked. (Range: 1-11; Default: 1) Auto Channel Select Enables the access point to automatically select an unoccupied radio channel. (Default: Enabled) Maximum Supported Rate The maximum data rate at which a client can connect to the access point. The maximum transmission distance is affected by the data rate. The lower the data rate, the longer the transmission distance. (Default: 54 Mbps) For a description of the remaining configuration items, see Radio Settings (802.11a) on page 5-26. 5-30 Radio Interface Security The SMC2555W-AG is configured by default as an open system, which broadcasts a beacon signal including the configured SSID. Wireless clients can read the SSID from the beacon, and automatically reset their SSID to allow immediate connection to the nearest access point. To improve wireless network security, you have to implement two main functions:

Authentication: It must be verified that clients attempting to connect to the network are authorized users. Traffic Encryption: Data passing between the access point and clients must be protected from interception and evesdropping. For a more secure network, the access point can implement one or a combination of the following security mechanisms:

Wired Equivalent Privacy (WEP) Wireless MAC address filtering Wi-Fi Protected Access (WPA) page 5-33 page 5-11 page 5-10 page 5-36 IEEE 802.1x 5-31 System Configuration The security mechanisms that may be employed depend on the level of security required, the network and management resources available, and the software support provided on wireless clients. A summary of wireless security considerations is listed in the following table. Security Mechanism Client Support Implementation Considerations WEP WEP with 802.1x Built-in support on all 802.11a, 802.11b and 802.11g devices Requires 802.1x client support in system or by add-in software

(native support provided in Windows XP)

Provides only weak security

Requires manual key management

Provides dynamic key rotation for improved WEP security

Requires configured RADIUS server

802.1x EAP type may require management of digital certificates for clients and server MAC Address Filtering Uses the MAC address of client network card

Provides only weak user authentication

Management of authorized MAC addresses

Can be combined with other methods for improved security

Optionally configured RADIUS server

Provides robust security in WPA-only mode

Offers support for legacy WEP clients, but with increased security risk

Requires configured RADIUS server

802.1x EAP type may require management of digital certificates for clients and server

Provides good security in small networks

Requires manual management of pre-shared key WPA Enterprise Mode Requires WPA-enabled system and network card driver

(native support provided in Windows XP) WPA PSK Mode Requires WPA-enabled system and network card driver

(native support provided in Windows XP) 5-32 Radio Interface Wired Equivalent Privacy (WEP) WEP provides a basic level of security, preventing unauthorized access to the network and encrypting data transmitted between wireless clients and the access point. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network. WEP is the security protocol initially specified in the IEEE 802.11 standard for wireless communications. Unfortunately, WEP has been found to be seriously flawed and cannot be recommended for a high level of network security. For more robust wireless security, the SMC2555W-AG provides Wi-Fi Protected Access

(WPA) for improved data encryption and user authentication. 5-33 System Configuration Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy (WEP) on the access point to prevent unauthorized access to the network. If you choose to use WEP shared keys instead of an open system, be sure to define at least one static WEP key for user authentication and data encryption. Also, be sure that the WEP shared keys are the same for each client in the wireless network. Authentication Type Setup Sets the access point to communicate as an open system that accepts network access attempts from any client, or with clients using pre-configured static shared keys. Open System: Select this option if you plan to use WPA or 802.1x as a security mechanism. If you dont set up any other security mechanism on the access point, the network has no protection and is open to all users. This is the default setting. Shared Key: Sets the access point to use WEP shared keys. If this option is selected, you must configure at least one key on the access point and all clients. Wired Equivalent Privacy (WEP) Setup Enable or disable the access point to use WEP shared keys for data encryption. If this option is selected, you must configure at least one key on the access point and all clients. (Default: Disable) Shared Key Setup Select 64 Bit, 128 Bit, or 152 Bit key length. Note that the same size of encryption key must be supported on all wireless clients. (Default: 128 Bit) 5-34 Radio Interface Key Type Select the preferred method of entering WEP encryption keys on the access point and enter up to four keys:

Hexadecimal: Enter keys as 10 hexadecimal digits (0 to 9 and A to F) for 64 bit keys, 26 hexadecimal digits for 128 bit keys, or 32 hexadecimal digits for 152 bit keys. Alphanumeric: Enter keys as 5 alphanumeric characters for 64 bit keys, 13 alphanumeric characters for 128 bit keys, or 16 alphanumeric characters for 152 bit keys. Transmit Key Select: Selects the key number to use for encryption. If the clients have all four keys configured to the same values, you can change the encryption key to any of the four settings without having to update the client keys. 5-35 System Configuration Wi-Fi Protected Access (WPA) WPA employs a combination of several technologies to provide an enhanced security solution for 802.11 wireless networks. The SMC2555W-AG supports the following WPA components and features:

IEEE 802.1x and the Extensible Authentication Protocol (EAP):

WPA employs 802.1x as its basic framework for user authentication and dynamic key management. The 802.1x client and RADIUS server should use an appropriate EAP typesuch as EAP-TLS (Transport Layer Security), EAP-TTLS (Tunneled TLS), or PEAP (Protected EAP)for strongest authentication. Working together, these protocols provide mutual authentication between a client, the access point, and a RADIUS server that prevents users from accidentally joining a rogue network. Only when a RADIUS server has authenticated a users credentials will encryption keys be sent to the access point and client. 5-36 Radio Interface Note: To implement WPA on wireless clients requires a WPA-enabled network card driver and 802.1x client software that supports the EAP authentication type that you want to use. Windows XP provides native WPA support, other systems require additional software. Temporal Key Integrity Protocol (TKIP): WPA specifies TKIP as the data encryption method to replace WEP. TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys. Basically, TKIP starts with a master (temporal) key for each user session and then mathematically generates other keys to encrypt each data packet. TKIP provides further data encryption enhancements by including a message integrity check for each packet and a re-keying mechanism, which periodically changes the master key. WPA Pre-Shared Key (PSK) Mode: For enterprise deployment, WPA requires a RADIUS authentication server to be configured on the wired network. However, for small office networks that may not have the resources to configure and maintain a RADIUS server, WPA provides a simple operating mode that uses just a pre-shared password for network access. The Pre-Shared Key mode uses a common password for user authentication that is manually entered on the access point and all wireless clients. The PSK mode uses the same TKIP packet encryption and key management as WPA in the enterprise, providing a robust and manageable alternative for small networks. Mixed WPA and WEP Client Support: WPA enables the access point to indicate its supported encryption and authentication mechanisms to clients using its beacon signal. WPA-compatible clients can likewise respond to indicate their WPA support. This enables the access point to determine which clients are using WPA security and which are using legacy WEP. The access point uses TKIP unicast data encryption keys for WPA clients and WEP unicast keys for WEP clients. The global encryption key for 5-37 System Configuration multicast and broadcast traffic must be the same for all clients, therefore it restricts encryption to a WEP key. Advanced Encryption Standard (AES) Support: WPA specifies AES encryption as an optional alternative to TKIP and WEP. AES provides very strong encryption using a completely different ciphering algorithm to TKIP and WEP. The developing IEEE 802.11i wireless security standard has specified AES as an eventual replacement for TKIP and WEP. However, because of the difference in ciphering algorithms, AES requires new hardware support in client network cards that is currently not widely available. The access point includes AES support as a future security enhancement. The WPA configuration parameters are described below:

WPA Configuration Mode The access point can be configured to allow only WPA-enabled clients to access the network, or also allow clients only capable of supporting WEP. WPA Key Management WPA can be configured to work in an enterprise environment using IEEE 802.1x and a RADIUS server for user authentication. For smaller networks, WPA can be enabled using a common pre-shared key for client authentication with the access point. WPA authentication over 802.1x: The WPA enterprise mode that uses IEEE 802.1x to authenticate users and to dynamically distribute encryption keys to clients. WPA Pre-shared Key: The WPA mode for small networks that uses a common password string that is manually distributed. If this mode is selected, be sure to also specify the key string. 5-38 Radio Interface Multicast Cipher Mode Selects an encryption method for the global key used for multicast and broadcast traffic, which is supported by all wireless clients. WEP: WEP is the first generation security protocol used to encrypt data crossing the wireless medium using a fairly short key. Communicating devices must use the same WEP key to encrypt and decrypt radio signals. WEP has many security flaws, and is not recommended for transmitting highly-sensitive data. TKIP: TKIP provides data encryption enhancements including per-packet key hashing (that is, changing the encryption key on each packet), a message integrity check, an extended initialization vector with sequencing rules, and a re-keying mechanism. AES: AES has been designated by the National Institute of Standards and Technology as the successor to the Data Encryption Standard (DES) encryption algorithm, and will be used by the U.S. government for encrypting all sensitive, nonclassified information. Because of its strength, and resistance to attack, AES is also being incorporated as part of the 802.11 standard. WPA Pre-Shared Key Type If the WPA pre-shared-key mode is used, all wireless clients must be configured with the same key to communicate with the access point. Hexadecimal: Enter a key as a string of 64 hexadecimal numbers. Alphanumeric: Enter a key as an easy-to-remember form of letters and numbers. The string must be from 8 to 63 characters, which can include spaces. 5-39 System Configuration Status Information The Status page includes information on the following items:

Menu AP Status Station Status Event Logs Description Displays configuration settings for the basic system and the wireless interface Shows the wireless clients currently associated with the access point Shows log messages stored in memory Page 5-40 5-42 5-44 Access Point Status The AP Status window displays basic system configuration settings, as well as the settings for the wireless interface. 5-40 Status Information AP System Configuration The AP System Configuration table displays the basic system configuration settings:

System Up Time: Length of time the management agent has been up. MAC Address: The physical layer address for this device. System Name: Name assigned to this system. System Contact: Administrator responsible for the system. IP Address: IP address of the management interface for this device. IP Default Gateway: IP address of the gateway router between this device and management stations that exist on other network segments. HTTP Server: Shows if management access via HTTP is enabled. HTTP Server Port: Shows the TCP port used by the HTTP interface. Version: Shows the version number for the runtime code. AP Wireless Configuration The AP Wireless Configuration table displays the wireless interface settings listed below. Note that Radio 1 refers to the 802.11a interface and Radio 2 refers the 802.11b/g interface. Radio Channel: The radio channel through which the access point communicates with wireless clients. SSID: The service set identifier for this wireless group. Radio Encryption: The key size used for data encryption. Radio Authentication Type: Shows if open system or shared key authentication is used. 802.1x: Shows if IEEE 802.1x access control for wireless clients is enabled. 5-41 System Configuration Station Status The Station Status window shows the wireless clients currently associated with the SMC2555W-AG. The Station Configuration page displays basic connection information for all associated stations as described below. Note that this page is automatically refreshed every five seconds. Station Address: The MAC address of the wireless client. Authenticated: Shows if the station has been authenticated. The two basic methods of authentication supported for 802.11 wireless networks are open system and shared key. Open-system authentication accepts any client attempting to connect to the access point without verifying its identity. The shared-key approach uses Wired Equivalent Privacy (WEP) to verify client identity by distributing a shared key to stations before attempting authentication. Associated: Shows if the station has been successfully associated with the access point. Once authentication is 5-42 Status Information completed, stations can associate with the current access point, or reassociate with a new access point. The association procedure allows the wireless system to track the location of each mobile client, and ensure that frames destined for each client are forwarded to the appropriate access point. Forwarding Allowed: Shows if the station has passed 802.1x authentication and is now allowed to forward traffic to the access point. Key Type: Displays Open System or Shared Key. 5-43 System Configuration Event Logs The Event Logs window shows the log messages generated by the access point and stored in memory. The Event Logs table displays the following information:

Log Time: The time the log message was generated. Event Level: The logging level associated with this message. For a description of the various levels, see logging level on page 5-22. Event Message: The content of the log message. 5-44 Chapter 6 Command Line Interface Using the Command Line Interface Accessing the CLI When accessing the management interface for the SMC2555W-AG over a direct connection to the console port, or via a Telnet connection, the access point can be managed by entering command keywords and parameters at the prompt. Using the access points command-line interface (CLI) is very similar to entering commands on a UNIX system. Console Connection To access the access point through the console port, perform these steps:

1. At the console prompt, enter the user name and password.

(The default user name is smcadmin and the default password is admin.) When the user name is entered, the CLI displays the SMC Enterprise AP# prompt. 2. Enter the necessary commands to complete your desired tasks. 3. When finished, exit the session with the exit command. 6-1 Command Line Interface After connecting to the system through the console port, the login screen displays:

Username: admin Password:

SMC Enterprise AP#

Note: Command examples shown later in this chapter abbreviate the console prompt to SMC-AP for simplicity. Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Each address consists of a network portion and host portion. For example, if the access point cannot acquire an IP address from a DHCP server, the default IP address used by the access point, 192.168.1.1, consists of a network portion

(192.168.1) and a host portion (1). To access the access point through a Telnet session, you must first set the IP address for the access point, and set the default gateway if you are managing the access point from a different IP subnet. For example:

SMC-AP#configure SMC-AP(config)#interface ethernet SMC-AP(if-ethernet)#ip address 10.1.0.1 255.255.255.0 10.1.0.254 SMC-AP(if-ethernet)#

If your corporate network is connected to another network outside your office or to the Internet, you need to apply for a registered IP address. However, if you are attached to an isolated network, then you can use any IP address that matches the network segment to which you are attached. 6-2 Entering Commands After you configure the access point with an IP address, you can open a Telnet session by performing these steps. 1. From the remote host, enter the Telnet command and the IP address of the device you want to access. 2. At the prompt, enter the user name and system password. The CLI will display the SMC Enterprise AP# prompt to show that you are using executive access mode (i.e., Exec). 3. Enter the necessary commands to complete your desired tasks. 4. When finished, exit the session with the quit or exit command. After entering the Telnet command, the login screen displays:

Username: admin Password:

SMC-AP#

Note: You can open up to four sessions to the device via Telnet. Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command show interfaces ethernet, show and interfaces are keywords, and ethernet is an argument that specifies the interface type. 6-3 Command Line Interface To enter a simple command, enter the command keyword. You can enter commands as follows:

To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter:

SMC Enterprise AP(config)#username smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command. For example, the command configure can be entered as con. If an entry is ambiguous, the system will prompt for further input. Command Completion If you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to the point of ambiguity. In the configure example, typing con followed by a tab will result in printing the command up to configure. Getting Help on Commands You can display a brief description of the help system by entering the help command. You can also display command syntax by following a command with the ? character to list keywords or parameters. Showing Commands If you enter a ? at the command prompt, the system will display the first level of keywords for the current configuration mode

(Exec, Global Configuration, or Interface). You can also display a 6-4 Entering Commands list of valid keywords for a specific command. For example, the command show ? displays a list of possible show commands:

SMC-AP#show ?

authentication Show Authentication parameters bootfile Show bootfile name filters Show filters hardware Show hardware version history Display the session history interface Show interface information line TTY line information logging Show the logging buffers radius Show radius server snmp Show snmp statistics sntp Show sntp statistics station Show 802.11 station table system Show system information version Show system version SMC-AP#show The command show interface ? will display the following information:

SMC-AP#show interface ?

ethernet Show Ethernet interface wireless Show wireless interface

<cr>

SMC-AP#show interface Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example s? shows all the keywords starting with s. SMC-AP#show s?

snmp sntp station system SMC-AP#show s 6-5 Command Line Interface Negating the Effect of Commands For many configuration commands you can enter the prefix keyword no to cancel the effect of a command or reset the configuration to the default value. For example, the logging command will log system messages to a host server. To disable logging, specify the no logging command. This guide describes the negation effect for all applicable commands. Using Command History The CLI maintains a history of commands that have been entered. You can scroll back through the history of commands by pressing the up arrow key. Any command displayed in the history list can be executed again, or first modified and then executed. Using the show history command displays a longer list of recently executed commands. Understanding Command Modes The command set is divided into Exec and Configuration classes. Exec commands generally display information on system status or clear statistical counters. Configuration commands, on the other hand, modify interface parameters or enable certain functions. These classes are further divided into different modes. Available commands depend on the selected mode. You can always enter a question mark ? at the prompt to display a list of the commands available for the current mode. The command classes and associated modes are displayed in the following table:

Class Exec Configuration Mode Privileged Global Interface-ethernet Interface-wireless 6-6 Entering Commands Exec Commands When you open a new console session on access point, the system enters Exec command mode. Only a limited number of the commands are available in this mode. You can access all other commands only from the configuration mode. To access Exec mode, open a new console session with the user name admin. The command prompt displays as SMC Enterprise AP#

for Exec mode. Username: admin Password: [system login password]

SMC-AP#

Configuration Commands Configuration commands are used to modify access point settings. These commands modify the running configuration and are saved in memory. The configuration commands are organized into three different modes:

Global Configuration - These commands modify the system level configuration, and include commands such as username and password. Interface-Ethernet Configuration - These commands modify the Ethernet port configuration, and include command such as dns and ip. Interface-Wireless Configuration - These commands modify the wireless port configuration, and include command such as ssid and authentication. 6-7 Command Line Interface To enter the Global Configuration mode, enter the command configure in Exec mode. The system prompt will change to SMC Enterprise AP(config)# which gives you access privilege to all Global Configuration commands. SMC-AP#configure SMC-AP(config)#

To enter Interface mode, you must enter the interface ethernet, or interface wireless a, or interface wireless g command while in Global Configuration mode. The system prompt will change to SMC Enterprise AP(if-ethernet)#, or SMC Enterprise AP(if-wireless) indicating that you have access privileges to the associated commands. You can use the end command to return to the Exec mode. SMC-AP(config)#interface ethernet SMC-AP(if-ethernet)#

Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the ?

character to display a list of possible matches. You can also use the following editing keystrokes for command-line processing:

Keystroke Ctrl-A Ctrl-B Ctrl-C Ctrl-E Ctrl-F Ctrl-K Ctrl-L Function Shifts cursor to start of command line. Shifts cursor to the left one character. Terminates a task and displays the command prompt. Shifts cursor to end of command line. Shifts cursor to the right one character. Deletes from cursor to the end of the command line. Repeats current command line on a new line. 6-8 Entering Commands Keystroke Ctrl-N Ctrl-P Ctrl-R Ctrl-U Ctrl-W Esc-B Esc-D Esc-F Delete key or backspace key Function Enters the next command line in the history buffer. Shows the last command. Repeats current command line on a new line. Deletes the entire line. Deletes the last word typed. Moves the cursor backward one word. Deletes from the cursor to the end of the word. Moves the cursor forward one word. Erases a mistake when entering a command. 6-9 Command Line Interface Command Groups The system commands can be broken down into the functional groups shown below. Command Group General System Management SNMP Flash/File RADIUS Description Basic commands for entering configuration mode, restarting the system, or quitting the CLI Controls user name, password, system logs, browser management options, clock settings, and a variety of other system information Configures community access strings and trap managers Manages code image or access point configuration files Configures the RADIUS client used with 802.1x authentication Authentication Configures IEEE 802.1x port access control and Filtering Interface IAPP VLANs address filtering Filters communications between wireless clients, controls access to the management interface from wireless clients, and filters traffic using specific Ethernet protocol types Configures connection parameters for the Ethernet port and wireless interface Enables roaming between multi-vendor access points Configures VLAN membership Page 6-11 6-16 6-32 6-37 6-42 6-47 6-57 6-62 6-95 6-96 The access mode shown in the following tables is indicated by these abbreviations: GC (Global Configuration), and IC (Interface Configuration. 6-10 General Commands General Commands Command configure end exit ping Function Activates global configuration mode Returns to Exec mode Returns to the previous configuration mode, or exits the CLI Sends ICMP echo request packets to another node on the network Restarts the system reset show history Shows the command history buffer show line Shows the configuration settings for the console port Mode Page Exec 6-11 GC, IC 6-12 any 6-12 Exec 6-13 Exec Exec Exec 6-14 6-14 6-15 configure This command activates Global Configuration mode. You must enter this mode to modify most of the settings on the access point. You must also enter Global Configuration mode prior to enabling the context modes for Interface Configuration. see Using the Command Line Interface on page 6-1 Default Setting None Command Mode Exec Example SMC-AP#configure SMC-AP(config)#

Related Commands end (page 6-12) 6-11 Command Line Interface end exit This command returns to the previous configuration mode. Default Setting None Command Mode Global Configuration, Interface Configuration Example This example shows how to return to the Configuration mode from the Interface Configuration mode:

SMC-AP(if-ethernet)#end SMC-AP(config)#

This command returns to the Exec mode or exits the configuration program. Default Setting None Command Mode Any Example This example shows how to return to the Exec mode from the Interface Configuration mode, and then quit the CLI session:

SMC-AP(if-ethernet)#exit SMC-AP#exit CLI session with the Access Point is now closed Username:

6-12 General Commands ping This command sends ICMP echo request packets to another node on the network. Syntax ping <host_name | ip_address>

host_name - Alias of the host. ip_address - IP address of the host. Default Setting None Command Mode Exec Command Usage

Use the ping command to see if another site on the network can be reached.

The following are some results of the ping command:

Normal response - The normal response occurs in one to ten seconds, depending on network traffic. Destination does not respond - If the host does not respond, a timeout appears in ten seconds. Destination unreachable - The gateway for this destination indicates that the destination is unreachable. Network or host unreachable - The gateway found no corresponding entry in the route table.

Press <Esc> to stop pinging. Example SMC-AP#ping 10.1.0.19 192.168.1.19 is alive SMC-AP#

6-13

Command Line Interface reset This command restarts the system or restores the factory default settings. Syntax reset <board | configuration>

board - Reboots the system.

configuration - Resets the configuration settings to the factory defaults, and then reboots the system. Default Setting None Command Mode Exec Command Usage When the system is restarted, it will always run the Power-On Self-Test. Example This example shows how to reset the system:

SMC-AP#reset board Reboot system now? <y/n>: y show history This command shows the contents of the command history buffer. Default Setting None Command Mode Exec 6-14 General Commands Command Usage

The history buffer size is fixed at 10 commands.

Use the up or down arrow keys to scroll through the commands in the history buffer. Example In this example, the show history command lists the contents of the command history buffer:

SMC-AP#show history config exit show history SMC-AP#

show line This command displays the console ports configuration settings. Command Mode Exec Example The console port settings are fixed at the values shown below. SMC-AP#show line Console Line Information

databits : 8 parity : none speed : 9600 stop bits : 1

SMC-AP#

6-15 Command Line Interface System Management Commands These commands are used to configure the user name, password, system logs, browser management options, clock settings, and a variety of other system information. Mode Page Command Device Designation prompt system name snmp-server contact snmp-server location User Access username password Web Server ip http port ip http server Event Logging logging on logging host Function Configures information that uniquely identifies this device Customizes the command line prompt GC Specifies the host name for the access GC point Sets the system contact string GC Sets the system location string GC Configures the user name and password for management access Configures the user name for management access Specifies the password for management access Enables management access via a web browser Specifies the port to be used by the web browser interface Allows the access point to be monitored or configured from a browser Controls logging of error messages Controls logging of error messages Adds a syslog server host IP address that will receive logging messages GC GC GC GC GC GC GC logging console Initiates logging of error messages to the console 6-16 6-17 6-18 6-33 6-36 6-19 6-19 6-20 6-20 6-21 6-22 6-22 System Management Commands Command logging level logging facility-type show logging System Clock sntp-server ip sntp-server enable sntp-server date-time sntp-server daylight-saving sntp-server timezone show sntp System Status show system show version Function Defines the minimum severity level for event logging Sets the facility type for remote logging of syslog messages Displays the state of logging Sets the system clock via an NTP/

SNTP server Specifies one or more time servers Accepts time from the specified time servers Manually sets the system date and time Sets the start and end dates for daylight savings time Sets the time zone for the access points internal clock Shows current SNTP configuration settings Displays system configuration and version information Displays system information Displays version information for the system Mode Page GC 6-23 GC 6-24 Exec 6-25 GC GC GC GC GC 6-25 6-26 6-27 6-28 6-29 Exec 6-29 Exec Exec 6-30 6-31 prompt This command customizes the CLI prompt. Use the no form to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt.

(Maximum length: 255 characters) 6-17 Command Line Interface Default Setting SMC Enterprise AP Command Mode Global Configuration Example SMC Enterprise AP(config)#prompt RD2 RD2(config)#

system name This command specifies or modifies the system name for this device. Use the no form to restore the default system name. Syntax system name name no system name name - The name of this host.

(Maximum length: 32 characters) Default Setting Enterprise AP Command Mode Global Configuration Example SMC-AP(config)#system name SMC-AP SMC-AP(config)#

6-18 System Management Commands username This command configures the user name for management access. Syntax username name name - The name of the user.

(Length: 3-16 characters, case sensitive) Default Setting smcadmin Command Mode Global Configuration Example SMC-AP(config)#username bob SMC-AP(config)#

password After initially logging onto the system, you should set the password. Remember to record it in a safe place. Use the no form to reset the default password. Syntax password password no password password - Password for management access.

(Length: 3-16 characters, case sensitive) Default Setting admin Command Mode Global Configuration 6-19 Command Line Interface Example SMC-AP(config)#password smc SMC-AP(config)#

ip http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1024-65535) Default Setting 80 Command Mode Global Configuration Example SMC-AP(config)#ip http port 769 SMC-AP(config)#

Related Commands ip http server (page 6-20) ip http server This command allows this device to be monitored or configured from a browser. Use the no form to disable this function. Syntax ip http server no ip http server 6-20 System Management Commands Default Setting Enabled Command Mode Global Configuration Example SMC-AP(config)#ip http server SMC-AP(config)#

Related Commands ip http port (page 6-20) logging on This command controls logging of error messages; i.e., sending debug or error messages to memory. The no form disables the logging process. Syntax logging on no logging on Default Setting None Command Mode Global Configuration Command Usage The logging process controls error messages saved to memory. You can use the logging level command to control the type of error messages that are stored in memory. Example SMC-AP(config)#logging on SMC-AP(config)#

6-21 Command Line Interface logging host This command specifies a syslog server host that will receive logging messages. Use the no form to remove syslog server host. Syntax logging host <host_name | host_ip_address>

no logging host

host_name - The name of a syslog server.

(Range: 1-20 characters)

host_ip_address - The IP address of a syslog server. Default Setting None Command Mode Global Configuration Example SMC-AP(config)#logging host 10.1.0.3 SMC-AP(config)#

logging console This command initiates logging of error messages to the console. Use the no form to disable logging to the console. Syntax logging console no logging console Default Setting Disabled Command Mode Global Configuration 6-22 System Management Commands Example SMC-AP(config)#logging console SMC-AP(config)#

logging level This command sets the minimum severity level for event logging. Syntax logging level <Alert | Critical | Error | Warning | Notice |

Informational | Debug>

Default Setting Error Command Mode Global Configuration Command Usage Messages sent include the selected level down to Alert level. Level Argument Description Alerts Critical Error Warning Immediate action needed Critical conditions (e.g., memory allocation, or free memory error - resource exhausted) Error conditions (e.g., invalid input, default used) Warning conditions (e.g., return false, unexpected return) Notice Normal but significant condition, such as cold start Informational Informational messages only Debug Debugging messages

* There are only Critical, Notice, and Informational messages for the current firmware. 6-23 Command Line Interface Example SMC-AP(config)#logging level alert SMC-AP(config)#

logging facility-type This command sets the facility type for remote logging of syslog messages. Syntax logging facility-type <type>

type - A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service.

(Range: 16-23) Default Setting 16 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the access point. However, it may be used by the syslog server to sort messages or to store messages in the corresponding database. Example SMC-AP(config)#logging facility 19 SMC-AP(config)#

6-24 System Management Commands show logging This command displays the logging configuration. Syntax show logging Command Mode Exec Example SMC-AP#show logging Logging Information

Syslog State : Disabled Logging Host State : Enabled Logging Console State : Disabled Server Domain name/IP : none Logging Level : Error Logging Facility Type : 16

SMC-AP#

sntp-server ip This command sets the IP address of the servers to which SNTP time requests are issued. Use the this command with no arguments to clear all time servers from the current list. Syntax sntp-server ip <1 | 2> <ip>

1 - First time server.

2 - Second time server. ip - IP address of an time server (NTP or SNTP). 6-25

Command Line Interface Default Setting 137.92.140.80 192.43.244.18 Command Mode Global Configuration Command Usage When SNTP client mode is enabled using the sntp-server enable command, the sntp-server ip command specifies the time servers from which the access point polls for time updates. The access point will poll the time servers in the order specified until a response is received. Example SMC-AP(config)#sntp-server ip 10.1.0.19 SMC-AP#

Related Commands sntp-server enable (page 6-26) show sntp (page 6-29) sntp-server enable This command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests. Syntax sntp-server enable no sntp-server enable Default Setting Disabled 6-26 System Management Commands Command Mode Global Configuration Command Usage The time acquired from time servers is used to record accurate dates and times for log events. Without SNTP, the access point only records the time starting from the factory default set at the last bootup (i.e., 00:14:00, January 1, 1970). Example SMC-AP(config)#sntp-server enable SMC-AP(config)#

Related Commands sntp-server ip (page 6-25) show sntp (page 6-29) sntp-server date-time This command sets the system clock. Default Setting 00:14:00, January 1, 1970 Command Mode Global Configuration Example This example sets the system clock to 17:37 June 19, 2003. SMC-AP#sntp-server date-time Enter Year<1970-2100>: 2003 Enter Month<1-12>: 6 Enter Day<1-31>: 19 Enter Hour<0-23>: 17 Enter Min<0-59>: 37 SMC-AP#

6-27 Command Line Interface Related Commands sntp-server enable (page 6-26) sntp-server daylight-saving This command sets the start and end dates for daylight savings time. Use the no form to disable daylight savings time. Syntax sntp-server daylight-saving no sntp-server daylight-saving Default Setting Disabled Command Mode Global Configuration Command Usage The command sets the system clock back one hour during the specified period. Example This sets daylight savings time to be used from July 1st to September 1st. SMC-AP(config)#sntp-server daylight-saving Enter Daylight saving from which month<1-12>: 6 and which day<1-31>: 1 Enter Daylight saving end to which month<1-12>: 9 and which day<1-31>: 1 SMC-AP(config)#

6-28 System Management Commands sntp-server timezone This command sets the time zone for the access points internal clock. Syntax sntp-server timezone <hours>

hours - Number of hours before/after UTC.

(Range: -12 to +12 hours) Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mean Time or GMT), based on the earths prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC. Example SMC-AP(config)#sntp-server timezone +8 SMC-AP(config)#

show sntp This command displays the current time and configuration settings for the SNTP client. Command Mode Exec 6-29 Command Line Interface Example SMC-AP#show sntp SNTP Information

Service State : Enabled SNTP (server 1) IP : 137.92.140.80 SNTP (server 2) IP : 192.43.244.18 Current Time : 08 : 04, Jun 20th, 2003 Time Zone : +8 (TAIPEI, BEIJING) Daylight Saving : Enabled, from Jun, 1st to Sep, 1st

SMC-AP#

show system This command displays basic system configuration settings. Default Setting None Command Mode Exec 6-30 System Management Commands Example SMC-AP#show system System Information

Serial Number : A252014354 System Up time : 0 days, 1 hours, 28 minutes, 9 seconds System Name : Enterprise AP System Location :

System Contact : Contact System Country Code : 99 - NO_COUNTRY_SET MAC Address : 00-30-F1-71-D6-40 IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 0.0.0.0 VLAN State : DISABLED IAPP State : ENABLED DHCP Client : ENABLED HTTP Server : ENABLED HTTP Server Port : 80 Slot Status : 802.11g only Software Version : v2.0.0

SMC-AP#

show version This command displays the software version for the system. Default Setting None Command Mode Exec Example SMC-AP#show version Version v2.0.0 SMC-AP#

6-31 Command Line Interface SNMP Commands Controls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages. Command Function Mode Page GC 6-32 Sets up the community access string to permit access to SNMP commands Sets the system contact string GC 6-33 Enables SNMP service and traps GC 6-34 snmp-server community snmp-server contact snmp-server enable server snmp-server host Specifies the recipient of an SNMP notification operation GC 6-35 snmp-server location show snmp Sets the system location string GC 6-36 Displays the status of SNMP communications Exec 6-37 snmp-server community This command defines the community access string for the Simple Network Management Protocol. Use the no form to remove the specified community string. Syntax snmp-server community string [ro | rw]

no snmp-server community string

string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 23 characters, case sensitive) 6-32 SNMP Commands ro - Specifies read-only access. Authorized management stations are only able to retrieve MIB objects. rw - Specifies read/write access. Authorized management stations are able to both retrieve and modify MIB objects. Default Setting

public - Read-only access. Authorized management stations are only able to retrieve MIB objects.

private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects. Command Mode Global Configuration Command Usage If you enter a community string without the ro or rw option, the default is read only. Example SMC-AP(config)#snmp-server community alpha rw SMC-AP(config)#

snmp-server contact This command sets the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact.

(Maximum length: 255 characters) Default Setting Contact 6-33

Command Line Interface Command Mode Global Configuration Example SMC-AP(config)#snmp-server contact Paul SMC-AP(config)#

Related Commands snmp-server location (page 6-36) snmp-server enable server This command enables SNMP management access and also enables this device to send SNMP traps (i.e., notifications). Use the no form to disable SNMP service and trap messages. Syntax snmp-server enable server no snmp-server enable server Default Setting Enabled Command Mode Global Configuration Command Usage

This command enables both authentication failure notifications and link-up-down notifications.

The snmp-server host command specifies the host device that will receive SNMP notifications. Example SMC-AP(config)#snmp-server enable server SMC-AP(config)#

6-34 SNMP Commands Related Commands snmp-server host (page 6-35) snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to remove the specified host. Syntax snmp-server host <host_ip_address | host_name>

<community-string>

no snmp-server host

host_ip_address - IP of the host (the targeted recipient).

host_name - Name of the host. (Range: 1-20 characters)

community-string - Password-like community string sent with the notification operation. Although you can set this string using the snmp-server host command by itself, we recommend that you define this string using the snmp-server community command prior to using the snmp-server host command. (Maximum length: 23 characters) Default Setting Host Address: None Community String: public Command Mode Global Configuration Command Usage The snmp-server host command is used in conjunction with the snmp-server enable server command to enable SNMP notifications. 6-35 Command Line Interface Example SMC-AP(config)#snmp-server host 10.1.19.23 batman SMC-AP(config)#

Related Commands snmp-server enable server (page 6-34) snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location text no snmp-server location text - String that describes the system location.

(Maximum length: 20 characters) Default Setting None Command Mode Global Configuration Example SMC-AP(config)#snmp-server location WC-19 SMC-AP(config)#

Related Commands snmp-server contact (page 6-33) 6-36 Flash/File Commands show snmp This command displays the SNMP configuration settings. Command Mode Exec Example SMC-AP#show snmp SNMP Information

Service State : Enable Community (ro) : *****

Community (rw) : *****

Location : WC-19 Contact : Paul Traps : Enabled Host Name/IP : 10.1.19.23 Trap Community : *****

SMC-AP#

Flash/File Commands These commands are used to manage the system code or configuration files. Command Function bootfile copy delete dir Specifies the file or image used to start up the system Copies a code image or configuration between flash memory and a FTP/

TFTP server Mode Page GC 6-38 Exec 6-39 Deletes a file or code image Exec Displays a list of files in flash memory Exec 6-40 6-41 6-37 Command Line Interface bootfile This command specifies the image used to start up the system. Syntax bootfile <filename>

filename - Name of the image file. Default Setting None Command Mode Exec Command Usage

The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters. (Valid characters: A-Z, a-z, 0-9, ., -, _)

If the file contains an error, it cannot be set as the default file. Example SMC-AP#bootfile smc-img.bin SMC-AP#

6-38 Flash/File Commands copy This command copies a boot file, code image, or configuration file between the access points flash memory and a FTP/TFTP server. When you save the configuration settings to a file on a FTP/TFTP server, that file can later be downloaded to the access point to restore system operation. The success of the file transfer depends on the accessibility of the FTP/TFTP server and the quality of the network connection. Syntax copy <ftp | tftp> file copy config <ftp | tftp>

ftp - Keyword that allows you to copy to/from an FTP server. tftp - Keyword that allows you to copy to/from a TFTP server. file - Keyword that allows you to copy to/from a flash memory file.

config - Keyword that allows you to upload the configuration file from flash memory. Default Setting None Command Mode Exec Command Usage

The system prompts for data required to complete the copy command.

Only a configuration file can be uploaded to an FTP/TFTP server, but every type of file can be downloaded to the access point.

The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP 6-39

Command Line Interface server is 255 characters or 32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, ., -, _)

Due to the size limit of the flash memory, the access point supports only two operation code files.

The system configuration file must be named syscfg in all copy commands. Example The following example shows how to upload the configuration settings to a file on the TFTP server:

SMC-AP#copy config tftp TFTP Source file name:syscfg TFTP Server IP:192.168.1.19 SMC-AP#

The following example shows how to download a configuration file:

SMC-AP#copy tftp file 1. Application image 2. Config file 3. Boot block image Select the type of download<1,2,3>: [1]:2 TFTP Source file name:syscfg TFTP Server IP:192.168.1.19 SMC-AP#

delete This command deletes a file or image. Syntax delete filename filename - Name of the configuration file or image name. Default Setting None 6-40 Flash/File Commands Command Mode Exec Caution: Beware of deleting application images from flash memory. At least one application image is required in order to boot the access point. If there are multiple image files in flash memory, and the one used to boot the access point is deleted, be sure you first use the bootfile command to update the application image file booted at startup before you reboot the access point. Example This example shows how to delete the test.cfg configuration file from flash memory. SMC-AP#delete test.cfg Are you sure you wish to delete this file? <y/n>:

SMC-AP#

Related Commands bootfile (page 6-38) dir (page 6-41) dir This command displays a list of files in flash memory. Command Mode Exec Command Usage File information is shown below:

Column Heading Description File Name Type File Size The name of the file.

(2) Operation Code and (5) Configuration file The length of the file in bytes. 6-41 Command Line Interface Example The following example shows how to display all file information:

SMC-AP#dir File Name Type File Size

dflt-img.bin 2 1044140 syscfg 5 16860 syscfg_bak 5 16860 zz-img.bin 2 1044140 1048576 byte(s) available SMC-AP#

RADIUS Client Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access for RADIUS-aware devices to the network. An authentication server contains a database of credentials, such as users names and passwords, for each wireless client that requires access to the access point. Command Function Mode Page radius-server address Specifies the RADIUS server GC 6-43 radius-server port Sets the RADIUS server network port GC radius-server key Sets the RADIUS encryption key Sets the number of retries 6-43 6-44 6-44 GC GC Sets the interval between sending authentication requests GC 6-45 show radius Shows the current RADIUS settings Exec 6-46 6-42 radius-server retransmit radius-server timeout RADIUS Client radius-server address This command specifies the primary and secondary RADIUS servers. Syntax radius-server address [secondary] <host_ip_address |

host_name>

secondary - Secondary server.

host_ip_address - IP address of server.

host_name - Host name of server. (Range: 1-20 characters) Default Setting None Command Mode Global Configuration Example SMC-AP(config)#radius-server address 192.168.1.25 SMC-AP(config)#

radius-server port This command sets the RADIUS server network port. Syntax radius-server [secondary] port <port_number>

secondary - Secondary server.

port_number - RADIUS server UDP port used for authentication messages. (Range: 1024-65535) Default Setting 1812 Command Mode Global Configuration 6-43 Command Line Interface Example SMC-AP(config)#radius-server port 181 SMC-AP(config)#

radius-server key This command sets the RADIUS encryption key. Syntax radius-server [secondary] key <key_string>

secondary - Secondary server.

key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.

(Maximum length: 20 characters) Default Setting DEFAULT Command Mode Global Configuration Example SMC-AP(config)#radius-server key green SMC-AP(config)#

radius-server retransmit This command sets the number of retries. Syntax radius-server [secondary] retransmit number_of_retries

secondary - Secondary server.

number_of_retries - Number of times the access point will try to authenticate logon access via the RADIUS server.

(Range: 1 - 30) 6-44 RADIUS Client Default Setting 3 Command Mode Global Configuration Example SMC-AP(config)#radius-server retransmit 5 SMC-AP(config)#

radius-server timeout This command sets the interval between transmitting authentication requests to the RADIUS server. Syntax radius-server [secondary] timeout number_of_seconds

secondary - Secondary server.

number_of_seconds - Number of seconds the access point waits for a reply before resending a request. (Range: 1-60) Default Setting 5 Command Mode Global Configuration Example SMC-AP(config)#radius-server timeout 10 SMC-AP(config)#

6-45 Command Line Interface show radius This command displays the current settings for the RADIUS server. Default Setting None Command Mode Exec Example SMC-AP#show radius Radius Server Information

IP : 192.168.1.25 Port : 181 Key : *****

Retransmit : 5 Timeout : 10

Radius Secondary Server Information

IP : 0.0.0.0 Port : 1812 Key : *****

Retransmit : 3 Timeout : 5

SMC-AP#

6-46 802.1x Port Authentication 802.1x Port Authentication The access point supports IEEE 802.1x access control for wireless clients. This control feature prevents unauthorized access to the network by requiring a 802.1x client application to submit a user name and password for authentication. Client authentication is then verified via by a RADIUS server using EAPOL (Extensible Authentication Protocol Over LAN) before the access point grants client access to the network. Command Function 802.1x Configures 802.1x as disabled, supported, or required 802.1x broadcast-key-

refresh-rate Sets the interval at which the primary broadcast keys are refreshed for stations using 802.1x dynamic keying 802.1x session-key-

refresh-rate Sets the interval at which unicast session keys are refreshed for associated stations using dynamic keying 802.1x session-timeout Sets the timeout after which a connected client must be re-authenticated Mode Page GC 6-48 GC 6-49 GC 6-50 GC 6-51 address filter default address filter entry address filter delete mac-

authentication server Sets filtering to allow or deny listed addresses GC 6-51 Enters a MAC address in the filter table GC 6-52 Removes a MAC address from the filter table GC 6-53 Sets address filtering to be performed with local or remote options GC 6-54 6-47 Command Line Interface Command Function mac-

authentication session-timeout show authentication Sets the interval at which associated clients will be re-authenticated with the RADIUS server authentication database Shows all 802.1x authentication settings, as well as the address filter table Mode Page GC 6-55 Exec 6-56 802.1x This command configures 802.1x as optionally supported or as required for wireless clients. Use the no form to disable 802.1x support. Syntax 802.1x <supported | required>

no 802.1x

supported - Authenticates clients that initiate the 802.1x authentication process. Uses standard 802.11 authentication for all others. required - Requires 802.1x authentication for all clients. Default Setting Disabled Command Mode Global Configuration Command Usage

When 802.1x is disabled, the access point does not support 802.1x authentication for any station. After successful 802.11 association, each client is allowed to access the network.

When 802.1x is supported, the access point supports 802.1x authentication only for clients initiating the 802.1x 6-48

802.1x Port Authentication authentication process (i.e., the access point does NOT initiate 802.1x authentication). For stations initiating 802.1x, only those stations successfully authenticated are allowed to access the network. For those stations not initiating 802.1x, access to the network is allowed after successful 802.11 association.

When 802.1x is required, the access point enforces 802.1x authentication for all 802.11 associated stations. If 802.1x authentication is not initiated by the station, the access point will initiate authentication. Only those stations successfully authenticated with 802.1x are allowed to access the network.

802.1x does not apply to the 10/100Base-TX port. Example SMC-AP(config)#802.1x supported SMC-AP(config)#

802.1x broadcast-key-refresh-rate This command sets the interval at which the broadcast keys are refreshed for stations using 802.1x dynamic keying. Syntax 802.1x broadcast-key-refresh-rate <rate>

rate - The interval at which the access point rotates broadcast keys. (Range: 0 - 1440 minutes) Default Setting 0 (Disabled) Command Mode Global Configuration 6-49 Command Line Interface Command Usage

The access point uses EAPOL (Extensible Authentication Protocol Over LANs) packets to pass dynamic unicast session and broadcast keys to wireless clients. The 802.1x broadcast-key-refresh-rate command specifies the interval after which the broadcast keys are changed. The 802.1x session-key-refresh-rate command specifies the interval after which unicast session keys are changed.

Dynamic broadcast key rotation allows the access point to generate a random group key and periodically update all key-management capable wireless clients. Example SMC-AP(config)#802.1x broadcast-key-refresh-rate 5 SMC-AP(config)#

802.1x session-key-refresh-rate This command sets the interval at which unicast session keys are refreshed for associated stations using dynamic keying. Syntax 802.1x session-key-refresh-rate <rate>

rate - The interval at which the access point refreshes a session key. (Range: 0 - 1440 minutes) Default Setting 0 (Disabled) Command Mode Global Configuration Command Usage Session keys are unique to each client, and are used to authenticate a client connection, and correlate traffic passing between a specific client and the access point. 6-50 802.1x Port Authentication Example SMC-AP(config)#802.1x session-key-refresh-rate 5 SMC-AP(config)#

802.1x session-timeout This command sets the time period after which a connected client must be re-authenticated. Use the no form to disable 802.1x re-authentication. Syntax 802.1x session-timeout <seconds>

no 802.1x session-timeout seconds - The number of seconds. (Range: 0-65535) Default 0 (Disabled) Command Mode Global Configuration Example SMC-AP(config)#802.1x session-timeout 300 SMC-AP(config)#

address filter default This command sets filtering to allow or deny listed MAC addresses. Syntax address filter default <allowed | denied>

allowed - Only MAC addresses entered as denied in the address filtering table are denied.

denied - Only MAC addresses entered as allowed in the address filtering table are allowed. 6-51 Command Line Interface Default allowed Command Mode Global Configuration Example SMC-AP(config)#address filter default denied SMC-AP(config)#

Related Commands address filter entry (page 6-52) show authentication (page 6-56) address filter entry This command enters a MAC address in the filter table. Syntax address filter entry <mac-address> <allowed | denied>

mac-address - Physical address of client. (Enter six pairs of hexadecimal digits separated by hyphens; e.g., 00-90-D1-12-AB-89.)

allowed - Entry is allowed access.

denied - Entry is denied access. Default None Command Mode Global Configuration Command Mode

The access point supports up to 1024 MAC addresses. 6-52 802.1x Port Authentication

An entry in the address table may be allowed or denied access depending on the global setting configured for the address entry default command. Example SMC-AP(config)#address filter entry 00-70-50-cc-99-1a allowed SMC-AP(config)#

Related Commands address filter default (page 6-51) show authentication (page 6-56) address filter delete This command deletes a MAC address from the filter table. Syntax address filter delete <mac-address>

mac-address - Physical address of client. (Enter six pairs of hexadecimal digits separated by hyphens.) Default None Command Mode Global Configuration Example SMC-AP(config)#address filter delete 00-70-50-cc-99-1b SMC-AP(config)#

Related Commands show authentication (page 6-56) 6-53 Command Line Interface mac-authentication server This command sets address filtering to be performed with local or remote options. Use the no form to disable MAC address authentication. Syntax mac-authentication server [local | remote]

local - Authenticate the MAC address of wireless clients with the local authentication database during 802.11 association. remote - Authenticate the MAC address of wireless clients with the RADIUS server during 802.1x authentication. Default local Command Mode Global Configuration Example SMC-AP(config)#mac-authentication server remote SMC-AP(config)#

Related Commands address filter entry (page 6-52) radius-server address (page 6-43) show authentication (page 6-56) 6-54

802.1x Port Authentication mac-authentication session-timeout This command sets the interval at which associated clients will be re-authenticated with the RADIUS server authentication database. Use the no form to disable reauthentication. Syntax mac-authentication session-timeout <seconds>

seconds - Re-authentication interval. (Range: 0-65535) Default 0 (disabled) Command Mode Global Configuration Example SMC-AP(config)#mac-authentication session-timeout 1 SMC-AP(config)#

6-55 Command Line Interface show authentication This command shows all 802.1x authentication settings, as well as the address filter table. Command Mode Exec Example SMC-AP#show authentication Authentication Information

MAC Authentication Server : REMOTE MAC Auth Session Timeout Value : 1 secs 802.1x : SUPPORTED Broadcast Key Refresh Rate : 5 min Session Key Refresh Rate : 5 min 802.1x Session Timeout Value : 300 secs Address Filtering : DENIED System Default : DENY addresses not found in filter table. Filter Table MAC Address Status

00-70-50-cc-99-1a DENIED 00-70-50-cc-99-1b ALLOWED

SMC-AP(config)#

6-56 Filtering Commands Filtering Commands The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types. Command Function filter local-bridge Disables communication between wireless clients filter ap-manage Prevents wireless clients from accessing the management interface Mode Page GC 6-57 GC 6-58 GC 6-59 filter ethernet-type enable filter ethernet-type protocol Checks the Ethernet type for all incoming and outgoing Ethernet packets against the protocol filtering table Sets a filter for a specific Ethernet type GC 6-60 show filter Shows the filter configuration Exec 6-61 filter local-bridge This command disables communication between wireless clients. Use the no form to disable this filtering. Syntax filter local-bridge no filter local-bridge Default Disabled Command Mode Global Configuration 6-57 Command Line Interface Command Usage This command can disable wireless-to-wireless communications between clients via the access point. However, it does not affect communications between wireless clients and the wired network. Example SMC-AP(config)#filter local-bridge SMC-AP(config)#

filter ap-manage This command prevents wireless clients from accessing the management interface on the access point. Use the no form to disable this filtering. Syntax filter ap-manage no filter ap-manage Default Disabled Command Mode Global Configuration Example SMC-AP(config)#filter ap-manage SMC-AP(config)#

6-58 Filtering Commands filter ethernet-type enable This command checks the Ethernet type on all incoming and outgoing Ethernet packets against the protocol filtering table. Use the no form to disable this feature. Syntax filter ethernet-type enable no filter ethernet-type enable Default Disabled Command Mode Global Configuration Command Usage This command is used in conjunction with the filter ethernet-type protocol command to determine which Ethernet protocol types are to be filtered. Example SMC-AP(config)#filter ethernet-type enable SMC-AP(config)#

Related Commands filter ethernet-type protocol (page 6-60) 6-59 Command Line Interface filter ethernet-type protocol This command sets a filter for a specific Ethernet type. Use the no form to disable filtering for a specific Ethernet type. Syntax filter ethernet-type protocol <protocol>

no filter ethernet-type protocol <protocol>

protocol - An Ethernet protocol type. (Options: ARP, RARP, Berkeley-Trailer-Negotiation, LAN-Test, X25-Level-3, Banyan, CDP, DEC XNS, DEC-MOP-Dump-Load, DEC-MOP, DEC-LAT, Ethertalk, Appletalk-ARP, Novell-IPX(old), Novell-IPX(new), EAPOL, Telxon-TXP, Aironet-DDP, Enet-Config-Test) Default None Command Mode Global Configuration Command Usage Use the filter ethernet-type enable command to enable filtering for Ethernet types specified in the filtering table, or the no filter ethernet-type enable command to disable all filtering based on the filtering table. Example SMC-AP(config)#filter ethernet-type protocol ARP SMC-AP(config)#

Related Commands filter ethernet-type enable (page 6-59) 6-60 Filtering Commands show filters This command shows the filter options and protocol entries in the filter table. Command Mode Exec Example SMC-AP#show filters Protocol Filter Information

Local Bridge :ENABLED AP Management :ENABLED Ethernet Type Filter :ENABLED Enabled Protocol Filters

Protocol: ARP ISO: 0x0806

SMC-AP#

6-61 Command Line Interface Interface Commands The commands described in this section configure connection parameters for the Ethernet port and wireless interface. Command Function Mode Page General Interface interface Ethernet Interface dns primary-server Enters specified interface configuration mode GC 6-65 Specifies the primary name server IC-E 6-66 dns secondary-server Specifies the secondary name server IC-E 6-66 ip address ip dhcp shutdown speed-duplex Sets the IP address for the Ethernet interface IC-E 6-67 Submits a DHCP request for an IP address IC-E 6-68 Disables the Ethernet interface IC-E 6-69 Configures speed and duplex operation IC-E 6-70 show interface ethernet Shows the status for the Ethernet interface Exec 6-71 Wireless Interface description closed-system Adds a description to the wireless interface Closes access to clients without a pre-configured SSID IC-W 6-71 IC-W 6-72 6-62 Command speed channel turbo ssid beacon-interval dtim-period fragmentation-length rts-threshold authentication encryption Interface Commands Function Configures the maximum data rate at which a station can connect to the access point Mode Page IC-W 6-73 Configures the radio channel IC-W 6-74 Configures turbo mode to use faster data rate IC-W 6-75 Configures the service set identifier IC-W 6-76 Configures the rate at which beacon signals are transmitted from the access point Configures the rate at which stations in sleep mode must wake up to receive broadcast/multicast transmissions Configures the minimum packet size that can be fragmented Sets the packet size threshold at which an RTS must be sent to the receiving station prior to the sending station starting communications Defines the 802.11 authentication type allowed by the access point Defines whether or not WEP encryption is used to provide privacy for wireless communications IC-W 6-76 IC-W 6-77 IC-W 6-78 IC-W 6-79 IC-W 6-80 IC-W 6-81 6-63 Command Line Interface Command key transmit-key transmit-power turbo max-association multicast-cipher wpa-clients wpa-mode wpa-preshared-key wpa-psk-type shutdown Function Sets the keys used for WEP encryption Sets the index of the key to be used for encrypting data frames sent between the access point and wireless clients Adjusts the power of the radio signals transmitted from the access point Mode Page IC-W 6-82 IC-W 6-83 IC-W 6-84 Configures turbo mode to use faster data rate IC-W Configures the maximum number of clients that can be associated with the access point at the same time IC-W 6-85 Defines the cipher algorithm used for multicasting IC-W 6-86 Defines whether WPA is required or optionally supported for client stations IC-W 6-87 Specifies dynamic keys or a pre-shared key IC-W 6-89 Defines a WPA preshared-key value Defines the type of the preshared-key Disables the wireless interface IC-W 6-90 IC-W 6-91 IC-W 6-92 6-64 Interface Commands Command Function show interface wireless show station Shows the status for the wireless interface Shows the wireless clients associated with the access point Mode Page Exec 6-93 Exec 6-94 interface This command configures an interface type and enters interface configuration mode. Syntax interface <ethernet | wireless <a | g>>

ethernet - Interface for wired network.

wireless - Interface for wireless clients.

a - 802.11a radio interface.

g - 802.11g radio interface. Default Setting None Command Mode Global Configuration Example To specify the 10/100Base-TX network interface, enter the following command:

SMC-AP(config)#interface ethernet SMC-AP(if-ethernet)#

6-65 Command Line Interface dns server This command specifies the address for the primary or secondary domain name server to be used for name-to-address resolution. Syntax dns primary-server <server-address>

dns secondary-server <server-address>

primary-server - Primary server used for name resolution.

secondary-server - Secondary server used for name resolution.

server-address - IP address of domain-name server. Default Setting None Command Mode Global Configuration Command Usage The primary and secondary name servers are queried in sequence. Example This example specifies two domain-name servers. SMC-AP(if-ethernet)#dns primary-server 192.168.1.55 SMC-AP(if-ethernet)#dns secondary-server 10.1.0.55 SMC-AP(if-ethernet)#

Related Commands show interface ethernet (page 6-71) 6-66 Interface Commands ip address This command sets the IP address for the (10/100Base-TX) Ethernet interface. Use the no form to restore the default IP address. Syntax ip address <ip-address> <netmask> <gateway>

no ip address ip-address - IP address

netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets.

gateway - IP address of the default gateway Default Setting IP address: 192.168.1.1 Netmask: 255.255.255.0 Command Mode Interface Configuration (Ethernet) Command Usage

DHCP is enabled by default. To manually configure a new IP address, you must first disable the DHCP client with the no ip dhcp command.

You must assign an IP address to this device to gain management access over the network or to connect the access point to existing IP subnets. You can manually configure a specific IP address using this command, or direct the device to obtain an address from a DHCP server using the ip dhcp command. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the configuration program. 6-67

Command Line Interface Example SMC-AP(config)#interface ethernet Enter Ethernet configuration commands, one per line. SMC-AP(if-ethernet)#ip address 192.168.1.2 255.255.255.0 192.168.1.253 SMC-AP(if-ethernet)#

Related Commands ip dhcp (page 6-68) ip dhcp This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the default IP address. Syntax ip dhcp no ip dhcp Default Setting Enabled Command Mode Interface Configuration (Ethernet) Command Usage

You must assign an IP address to this device to gain management access over the network or to connect the access point to existing IP subnets. You can manually configure a specific IP address using the ip address command, or direct the device to obtain an address from a DHCP server using this command.

When you use this command, the access point will begin broadcasting DHCP client requests. The current IP address

(i.e., default or manually configured address) will continue to be effective until a DHCP reply is received. Requests will be 6-68 Interface Commands broadcast periodically by this device in an effort to learn its IP address. (DHCP values can include the IP address, subnet mask, and default gateway.) Example SMC-AP(config)#interface ethernet Enter Ethernet configuration commands, one per line. SMC-AP(if-ethernet)#ip dhcp SMC-AP(if-ethernet)#

Related Commands ip address (page 6-67) shutdown This command disables the Ethernet interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown Default Setting Interface enabled Command Mode Interface Configuration (Ethernet) Command Usage This command allows you to disable the Ethernet port due to abnormal behavior (e.g., excessive collisions), and reenable it after the problem has been resolved. You may also want to disable the Ethernet port for security reasons. 6-69 Command Line Interface Example The following example disables the Ethernet port. SMC-AP(if-ethernet)#shutdown SMC-AP(if-ethernet)#

speed-duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default. Syntax speed-duplex <auto | 10MH | 10MF | 100MF | 100MH>

auto - autonegotiate speed and duplex mode

10MH - Forces 10 Mbps, half-duplex operation

10MF - Forces 10 Mbps, full-duplex operation

100MH - Forces 100 Mbps, half-duplex operation

100MF - Forces 100 Mbps, full-duplex operation Default Setting Auto-negotiation is enabled by default. Command Mode Interface Configuration (Ethernet) Command Usage If autonegotiation is disabled, the speed and duplex mode must be configured to match the setting of the attached device. Example The following example configures the Ethernet port to 100 Mbps, half-duplex operation. SMC-AP(if-ethernet)#speed-duplex 100mf SMC-AP(if-ethernet)#

6-70 Interface Commands show interface ethernet This command displays the status for the Ethernet interface. Syntax show interface [ethernet]

Default Setting Ethernet interface Command Mode Exec Example SMC-AP#show interface ethernet Ethernet Interface Information

IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.253 Primary DNS : 192.168.1.55 Secondary DNS : 10.1.0.55 Speed-duplex : 100Base-TX Half Duplex Admin status : Up Operational status : Up

SMC-AP#

description This command adds a description to a the wireless interface. Use the no form to remove the description. Syntax description <string>

no description string - Comment or a description for this interface.

(Range: 1-80 characters) 6-71 Command Line Interface Default Setting None Command Mode Interface Configuration (Wireless) Example SMC-AP(config)#interface wireless g SMC-AP(if-wireless g)#description RD-AP#3 SMC-AP(if-wireless g)#

closed-system This command closes access to clients without a pre-configured SSID. Use the no form to disable this feature. Syntax closed-system no closed-system Default Setting Disabled Command Mode Interface Configuration (Wireless) Command Usage When closed system is enabled, the access point will not include its SSID in beacon messages. Nor will it respond to probe requests from clients that do not include a fixed SSID. Example SMC-AP(if-wireless g)#closed-system SMC-AP(if-wireless g)#

6-72 Interface Commands speed This command configures the maximum data rate at which a station can connect to the access point. Syntax speed <speed>

speed - Maximum access speed allowed for wireless clients.

(Options: 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps) Default Setting 54 Mbps Command Mode Interface Configuration (Wireless) Command Usage The maximum transmission distance is affected by the data rate. The lower the data rate, the longer the transmission distance. Please refer to the table for maximum distances on page A-4. Example SMC-AP(if-wireless g)#speed 6 SMC-AP(if-wireless g)#

6-73 Command Line Interface channel This command configures the radio channel through which the access point communicates with wireless clients. Syntax channel <channel | auto>

channel - Manually sets the radio channel used for communications with wireless clients. (Range: 802.11a -

36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165 for normal mode, and 42, 50, 58, 152, 160 for turbo mode;

802.11g - 1 to 11)

auto - Automatically selects an unoccupied channel (if available). Otherwise, the lowest channel is selected. Default Setting Automatic channel selection Command Mode Interface Configuration (Wireless) Command Usage

The available channel settings are limited by local regulations, which determine the number of channels that are available.

When multiple access points are deployed in the same area, be sure to choose a channel separated by at least four channels for 802.11a to avoid having the channels interfere with each other, and at least five channels for 802.11g. You can deploy up to four access points in the same area for 802.11a (e.g., channels 36, 56, 149, 165) and three access points for 802.11g (e.g., channels 1, 6, 11).

For most wireless adapters, the channel for wireless clients is automatically set to the same as that used by the access point to which it is linked. 6-74 Interface Commands Example SMC-AP(if-wireless g)#channel 1 SMC-AP(if-wireless g)#

turbo This command sets the access point to an enhanced mode (not regulated in IEEE 802.11a) that provides a higher data rate of up to 108 Mbps. Default Setting Disabled Command Mode Interface Configuration (Wireless - 802.11a) Command Usage

The normal 802.11a wireless operation mode provides connections up to 54 Mbps. Turbo Mode is an enhanced mode (not regulated in IEEE 802.11a) that provides a higher data rate of up to 108 Mbps. Enabling Turbo Mode allows the access point to provide connections up to 108 Mbps.

In normal mode, the access point provides a channel bandwidth of 20 MHz, and supports the maximum number of channels permitted by local regulations (e.g., 11 channels for the United States). In Turbo Mode, the channel bandwidth is increased to 40 MHz to support the increased data rate. However, this reduces the number of channels supported (e.g., 5 channels for the United States). Example SMC-AP(if-wireless a)#turbo SMC-AP(if-wireless a)#

6-75 Command Line Interface ssid This command configures the service set identifier (SSID). Syntax ssid string string - The name of a basic service set supported by the access point. (Range: 1 - 32 characters) Default Setting smc Command Mode Interface Configuration (Wireless) Command Usage Clients that want to connect to the wireless network via an access point must set their SSIDs to the same as that of the access point. Example SMC-AP(if-wireless g)#ssid RD-AP#3 SMC-AP(if-wireless g)#

beacon-interval This command configures the rate at which beacon signals are transmitted from the access point. Syntax beacon-interval <interval>

interval - The rate for transmitting beacon signals.

(Range: 20-1000 milliseconds) Default Setting 100 6-76 Interface Commands Command Mode Interface Configuration (Wireless) Command Usage The beacon signals allow wireless clients to maintain contact with the access point. They may also carry power-management information. Example SMC-AP(if-wireless g)#beacon-interval 150 SMC-AP(if-wireless g)#

dtim-period This command configures the rate at which stations in sleep mode must wake up to receive broadcast/multicast transmissions. Syntax dtim-period <interval>

interval - Interval between the beacon frames that transmit broadcast or multicast traffic. (Range: 1-255 beacon frames) Default Setting 2 Command Mode Interface Configuration (Wireless) Command Usage

The Delivery Traffic Indication Map (DTIM) packet interval value indicates how often the MAC layer forwards broadcast/multicast traffic. This parameter is necessary to wake up stations that are using Power Save mode.

The DTIM is the interval between two synchronous frames with broadcast/multicast information. The default value of 2 6-77 Command Line Interface indicates that the access point will save all broadcast/

multicast frames for the Basic Service Set (BSS) and forward them after every second beacon.

Using smaller DTIM intervals delivers broadcast/multicast frames in a more timely manner, causing stations in Power Save mode to wake up more often and drain power faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames. Example SMC-AP(if-wireless g)#dtim-period 100 SMC-AP(if-wireless g)#

fragmentation-length This command configures the minimum packet size that can be fragmented when passing through the access point. Syntax fragmentation-length <length>

length - Minimum packet size for which fragmentation is allowed. (Range: 256-2346 bytes) Default Setting 2346 Command Mode Interface Configuration (Wireless) Command Usage

If the packet size is smaller than the preset Fragment size, the packet will not be segmented.

Fragmentation of the PDUs (Package Data Unit) can increase the reliability of transmissions because it increases the probability of a successful transmission due to smaller frame size. If there is significant interference present, or 6-78 Interface Commands collisions due to high network utilization, try setting the fragment size to send smaller fragments. This will speed up the retransmission of smaller frames. However, it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames. Example SMC-AP(if-wireless g)#fragmentation-length 512 SMC-AP(if-wireless g)#

rts-threshold This command sets the packet size threshold at which a Request to Send (RTS) signal must be sent to the receiving station prior to the sending station starting communications. Syntax rts-threshold <threshold>

threshold - Threshold packet size for which to send an RTS.

(Range: 0-2347 bytes) Default Setting 2347 Command Mode Interface Configuration (Wireless) Command Usage

If the threshold is set to 0, the access point never sends RTS signals. If set to 2347, the access point always sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS threshold, the RTS/CTS

(Request to Send / Clear to Send) mechanism will be enabled.

The access point sends RTS frames to a receiving station to negotiate the sending of a data frame. After receiving an 6-79 Command Line Interface RTS frame, the station sends a CTS frame to notify the sending station that it can start sending data.

Access points contending for the wireless medium may not be aware of each other. The RTS/CTS mechanism can solve this Hidden Node problem. Example SMC-AP(if-wireless g)#rts-threshold 256 SMC-AP(if-wireless g)#

authentication This command defines the 802.11 authentication type allowed by the access point. Syntax authentication <open | shared>

open - Accepts the client without verifying its identity using a shared key.

shared - Authentication is based on a shared key that has been distributed to all stations. Default Setting open Command Mode Interface Configuration (Wireless) Command Usage

Shared key authentication can only be used when WEP is enabled with the encryption command, and at least one static WEP key has been defined with the key command.

When using WPA or 802.1x for authentication and dynamic keying, the access point must be set to open. 6-80 Interface Commands Example SMC-AP(if-wireless g)#authentication shared SMC-AP(if-wireless g)#

Related Commands encryption (page 6-81) key (page 6-82) encryption This command defines whether or not WEP encryption is used to provide privacy for wireless communications. Use the no form to disable encryption. Syntax encryption <key-length>

no encryption key-length - Size of encryption key.

(Options: 64, 128, or 152 bits) Default Setting disabled Command Mode Interface Configuration (Wireless) Command Usage

Wired Equivalent Privacy (WEP) is implemented in this device to prevent unauthorized access to your wireless network. For more secure data transmissions, enable WEP with this command, and set at least one static WEP key with the key command.

The WEP settings must be the same on each client in your wireless network. 6-81 Command Line Interface

Note that WEP protects data transmitted between wireless nodes, but does not protect any transmissions over your wired network or over the Internet. Example SMC-AP(if-wireless g)#encryption 128 SMC-AP(if-wireless g)#

Related Commands key (page 6-82) key This command sets the keys used for WEP encryption. Use the no form to delete a configured key. Syntax key <index> <size> <type> <value>

no key index index - Key index. (Range: 1-4)

size - Key size. (Options: 64, 128, or 152 bits) type - Input format. (Options: ASCII, HEX)

value - The key string. For ASCII input, use 5/13 alphanumeric characters for 64/128 bit strings. For HEX input, use 10/26 hexadecimal digits for 64/128 bit strings. Default Setting None Command Mode Interface Configuration (Wireless) Command Usage

To enable Wired Equivalent Privacy (WEP), use the authentication command to select the shared key authentication type, use the encryption command to 6-82

Interface Commands specify the key length, and use the key command to configure at least one key.

If WEP is enabled, all wireless clients must be configured with the same shared keys to communicate with the access point. Example SMC-AP(if-wireless g)#key 1 64 hex 1234512345 SMC-AP(if-wireless g)#key 2 128 ascii asdeipadjsipd SMC-AP(if-wireless g)#key 3 64 hex 12345123451234512345123456 SMC-AP(if-wireless g)#

Related Commands authentication (page 6-80) encryption (page 6-81) transmit-key This command sets the index of the key to be used for encrypting data frames broadcast or multicast from the access point to wireless clients. Syntax transmit-key <index>

index - Key index. (Range: 1-4) Default Setting 1 Command Mode Interface Configuration (Wireless) Command Usage

If you use WEP key encryption, the access point uses the transmit key to encrypt multicast and broadcast data signals 6-83 Command Line Interface that it sends to client devices. Other keys can be used for decryption of data from clients.

When using IEEE 802.1x, the access point uses a dynamic WEP key to encrypt unicast and broadcast messages to 802.1x-enabled clients. However, because the access point sends the WEP keys during the 802.1x authentication process, these keys do not have to appear in the clients WEP key list. Example SMC-AP(if-wireless g)#transmit-key 2 SMC-AP(if-wireless g)#

transmit-power This command adjusts the power of the radio signals transmitted from the access point. Syntax transmit-power <signal-strength>

signal-strength - Signal strength transmitted from the access point. (Options: full, half, quarter, eighth, min) Default Setting full Command Mode Interface Configuration (Wireless) Command Usage

The min keyword indicates minimum power.

The longer the transmission distance, the higher the transmission power required. But to support the maximum number of users in an area, you must keep the power as low as possible. Power selection is not just a trade off between coverage area and maximum supported clients. You also 6-84 Interface Commands have to ensure that high strength signals do not interfere with the operation of other radio devices in your area. Example SMC-AP(if-wireless g)#transmit-power half SMC-AP(if-wireless g)#

max-association This command configures the maximum number of clients that can be associated with the access point at the same time. Syntax max-association <count>

count - Maximum number of associated stations.

(Range: 0-64) Default Setting 64 Command Mode Interface Configuration (Wireless) Example SMC-AP(if-wireless g)#max-association 32 SMC-AP(if-wireless g)#

6-85 Command Line Interface multicast-cipher This command defines the cipher algorithm used for broadcasting and multicasting when using Wi-Fi Protected Access (WPA) security. Syntax multicast-cipher <AES | TKIP | WEP>

AES - Advanced Encryption Standard

TKIP - Temporal Key Integrity Protocol

WEP - Wired Equivalent Privacy Default Setting WEP Command Mode Interface Configuration (Wireless) Command Usage

WPA enables the access point to support different unicast encryption keys for each client. However, the global encryption key for multicast and broadcast traffic must be the same for all clients. This command sets the encryption type that is supported by all clients.

If any clients supported by the access point are not WPA enabled, the multicast-cipher algorithm must be set to WEP.

WEP is the first generation security protocol used to encrypt data crossing the wireless medium using a fairly short key. Communicating devices must use the same WEP key to encrypt and decrypt radio signals. WEP has many security flaws, and is not recommended for transmitting highly sensitive data.

TKIP provides data encryption enhancements including per-packet key hashing (i.e., changing the encryption key on each packet), a message integrity check, an extended initialization vector with sequencing rules, and a re-keying mechanism. 6-86 Interface Commands

TKIP defends against attacks on WEP in which the unencrypted initialization vector in encrypted packets is used to calculate the WEP key. TKIP changes the encryption key on each packet, and rotates not just the unicast keys, but the broadcast keys as well. TKIP is a replacement for WEP that removes the predictability that intruders relied on to determine the WEP key.

AES has been designated by the National Institute of Standards and Technology as the successor to the Data Encryption Standard (DES) encryption algorithm, and will be used by the U.S. government for encrypting all sensitive, nonclassified information. Because of its strength, and resistance to attack, AES is also being incorporated as part of the 802.11 standard. Example SMC-AP(if-wireless g)#multicast-cipher TKIP SMC-AP(if-wireless g)#

wpa-clients This command defines whether Wi-Fi Protected Access (WPA) is required or optionally supported for client stations. Syntax wpa-clients <required | supported>

required - Supports only clients using WPA.

supported - Support clients with or without WPA. Default Setting Supported Command Mode Interface Configuration (Wireless) 6-87

Command Line Interface Command Usage Wi-Fi Protected Access (WPA) provides improved data encryption, which was weak in WEP, and user authentication, which was largely missing in WEP. WPA uses the following security mechanisms. Enhanced Data Encryption through TKIP WPA uses Temporal Key Integrity Protocol (TKIP). TKIP provides data encryption enhancements including per-packet key hashing (i.e., changing the encryption key on each packet), a message integrity check, an extended initialization vector with sequencing rules, and a re-keying mechanism. Enterprise-level User Authentication via 802.1x and EAP To strengthen user authentication, WPA uses 802.1x and the Extensible Authentication Protocol (EAP). Used together, these protocols provide strong user authentication via a central RADIUS authentication server that authenticates each user on the network before they join it. WPA also employs mutual authentication to prevent a wireless client from accidentally joining a rogue network. Example SMC-AP(if-wireless g)#wpa-client required SMC-AP(if-wireless g)#

Related Commands wpa-mode (page 6-89) 6-88 Interface Commands wpa-mode This command specifies whether Wi-Fi Protected Access (WPA) is to use 802.1x dynamic keys or a pre-shared key. Syntax wpa-mode <dynamic | pre-shared-key>

dynamic - WPA with 802.1x dynamic keys.

pre-shared-key - WPA with a pre-shared key. Default Setting dynamic Command Mode Interface Configuration (Wireless) Command Usage

When the WPA mode is set to dynamic, clients are authenticated using 802.1x via a RADIUS server. Each client has to be WPA-enabled or support 802.1x client software. A RADIUS server must also be configured and be available in the wired network.

In the dynamic mode, keys are generated for each wireless client associating with the access point. These keys are regenerated periodically, and also each time the wireless client is re-authenticated.

When the WPA mode is set to pre-shared-key, the key must first be generated and distributed to all wireless clients before they can successfully associate with the access point. Example SMC-AP(if-wireless g)#wpa-mode pre-shared-key SMC-AP(if-wireless g)#

Related Commands wpa-clients (page 6-87) wpa-preshared-key (page 6-90) 6-89 Command Line Interface wpa-preshared-key This command defines a Wi-Fi Protected Access (WPA) preshared-key. Syntax wpa-preshared-key <type> <value>

type - Input format. (Options: ASCII, HEX)

value - The key string. For ASCII input, use 5/13 alphanumeric characters for 64/128 bit strings. For HEX input, use 10/26 hexadecimal digits for 64/128 bit strings. Command Mode Interface Configuration (Wireless) Command Usage

To support Wi-Fi Protected Access (WPA) for client authentication, use the wpa-clients command to specify the authentication type, use the wpa-mode command to specify pre-shared-key mode, and use this command to configure one static key.

If WPA is used with pre-shared-key mode, all wireless clients must be configured with the same pre-shared key to communicate with the access point. Example SMC-AP(if-wireless g)#wpa-preshared-key ASCII agoodsecret SMC-AP(if-wireless g)#

Related Commands wpa-clients (page 6-87) wpa-mode (page 6-89) 6-90

Interface Commands wpa-psk-type This command defines the Wi-Fi Protected Access (WPA) preshared-key type. Syntax wpa-psk-type <type>

type - Input format. (Options: Alphanumeric, HEX) Default Setting HEX Command Mode Interface Configuration (Wireless) Example SMC-AP(if-wireless a)#wpa-preshared-key ASCII agoodsecret SMC-AP(if-wireless a)#

Related Commands wpa-preshared-key (page 6-90) 6-91 Command Line Interface shutdown This command disables the wireless interface. Use the no form to restart the interface. Syntax shutdown no shutdown Default Setting Interface enabled Command Mode Interface Configuration (Wireless) Example SMC-AP(if-wireless g)#shutdown SMC-AP(if-wireless g)#

6-92 Interface Commands show interface wireless This command displays the status for the wireless interface. Syntax show interface wireless <a | g>

a - 802.11a radio interface.

g - 802.11g radio interface. Command Mode Exec Example SMC-AP#show interface wireless g Wireless Interface Information

----------------Identification---------------------------

Description : Enterprise 802.11g Access Point SSID : Enterprise Wireless AP Channel : 0 (AUTO) Status : Disable

----------------802.11 Parameters------------------------

Transmit Power : FULL (5 dBm) Max Station Data Rate : 54Mbps Fragmentation Threshold : 2346 bytes RTS Threshold : 2347 bytes Beacon Interval : 100 TUs DTIM Interval : 2 beacons Maximum Association : 64 stations

----------------Security---------------------------------

Closed System : DISABLED Multicast cipher : WEP Unicast cipher : WEP WPA clients : SUPPORTED Encryption : DISABLED Default Transmit Key : 1 Static Keys :

Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Authentication Type : OPEN

SMC-AP#

6-93 Command Line Interface show station This command shows the wireless clients associated with the access point. Command Mode Exec Example SMC-AP#show station 802.11g Station Table Station Address : 00-04-E2-41-C2-9D Authenticated : TRUE Associated : TRUE Forwarding Allowed : TRUE SMC-AP#

6-94 IAPP Commands IAPP Commands The command described in this section enables the protocol signaling required to ensure the successful handover of wireless clients roaming between different 802.11f-compliant access points. In other words, the 802.11f protocol can ensure successful roaming between access points in a multi-vendor environment. iapp This command enables the protocol signaling required to hand over wireless clients roaming between different 802.11f-compliant access points. Use the no form to disable 802.11f signaling. Syntax iapp no iapp Default Enabled Command Mode Global Configuration Command Usage The current 802.11 standard does not specify the signaling required between access points in order to support clients roaming from one access point to another. In particular, this can create a problem for clients roaming between access points from different vendors. This command is used to enable or disable 802.11f handover signaling between different access points, especially in a multi-vendor environment. Example SMC-AP(config)#iapp SMC-AP(config)#

6-95 Command Line Interface VLAN Commands The access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired network. Up to 64 VLAN IDs can be mapped to specific wireless clients, allowing users to remain within the same VLAN as they move around a campus site. When VLAN is enabled on the access point, a VLAN ID (a number between 1 and 4095) can be assigned to each client after successful authentication using IEEE 802.1x and a central RADIUS server. The user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network. If a user does not have a configured VLAN ID, the access point assigns the user to its own configured native VLAN ID. Note: When VLANs are enabled, the access points Ethernet port drops all received traffic that does not include a VLAN tag. To maintain network connectivity to the access point and wireless clients, be sure that the access point is connected to a device port that supports IEEE 802.1Q VLAN tags. The VLAN commands supported by the access point are listed below. Command Function vlan Enables a single VLAN for all traffic native-vlanid Configures the native VLAN for the access point Mode Page GC GC 6-97 6-98 6-96 VLAN Commands vlan This command enables VLANs for all traffic. Use the no form to disable VLANs. Syntax vlan enable no vlan Default Disabled Command Mode Global Configuration Command Description

When VLANs are enabled, the access point tags frames received from wireless clients with the VLAN ID configured for each client on the RADIUS server. If the VLAN ID has not been configured for a client on the RADIUS server, then the frames are tagged with the access points native VLAN ID.

Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access points native VLAN ID, or with a VLAN tag that matches one of the wireless clients currently associated with the access point. Example SMC-AP(config)#vlan enable Reboot system now? <y/n>: y Related Commands native-vlanid (page 6-98) 6-97 Command Line Interface native-vlanid This command configures the native VLAN ID for the access point. Syntax native-vlanid <vlan-id>

vlan-id - Native VLAN ID. (Range: 1-64) Default Setting 1 Command Mode Global Configuration Command Usage When VLANs are enabled on the access point, a VLAN ID (a number between 1 and 4095) can be assigned to each client after successful authentication using IEEE 802.1x and a central RADIUS server. If a wireless client does not have a VLAN ID configured on the RADIUS server, the access point assigns the user to its own configured native VLAN ID (a number between 1 and 64). Example SMC-AP(config)#native-vlanid 3 SMC-AP(config)#

Related Commands vlan (page 6-97) 6-98 Appendix A Troubleshooting Check the following items before you contact local Technical Support. 1. If wireless clients cannot access the network, check the following:

Be sure the access point and the wireless clients are configured with the same Service Set ID (SSID). If authentication or encryption are enabled, ensure that the wireless clients are properly configured with the appropriate authentication or encryption keys. If authentication is being performed through a RADIUS server, ensure that the clients are properly configured on the RADIUS server. If authentication is being performed through IEEE 802.1x, be sure the wireless users have installed and properly configured 802.1x client software. If MAC address filtering is enabled, be sure the clients address is included in the local filtering database or on the RADIUS server database. If the wireless clients are roaming between access points, make sure that all the access points and wireless devices in the Extended Service Set (ESS) are configured to the same SSID, and authentication method. A-1

Troubleshooting 2. If the access point cannot be configured using the Telnet, a web browser, or SNMP software:

Be sure to have configured the access point with a valid IP address, subnet mask and default gateway. If VLANs are enabled on the access point, the management station should be configured to send tagged frames with a VLAN ID that matches the access points native VLAN (default VLAN 1, page 5-13). However, to manage the access point from a wireless client, the AP Management Filter should be disabled (page 5-13). Check that you have a valid network connection to the access point and that the Ethernet port or the wireless interface that you are using has not been disabled. If you are connecting to the access point through the wired Ethernet interface, check the network cabling between the management station and the access point. If you are connecting to access point from a wireless client, ensure that you have a valid connection to the access point. If you cannot connect using Telnet, you may have exceeded the maximum number of concurrent Telnet sessions permitted (i.e, four sessions). Try connecting again at a later time. 3. If you cannot access the on-board configuration program via a serial port connection:

Be sure you have set the terminal emulator program to VT100 compatible, 8 data bits, 1 stop bit, no parity and 9600 bps. Check that the null-modem serial cable conforms to the pin-out connections provided in Appendix B. A-2

Troubleshooting 4. If you forgot or lost the password:

Set the access point to its default configuration by pressing the reset button on the back panel for 5 seconds or more. Then use the default user name smcadmin with the password admin to access the management interface. 5. If all other recovery measure fail, and the access point is still not functioning properly, take any of these steps:

Reset the access points hardware using the console interface, web interface, or through a power reset. Reset the access point to its default configuration by pressing the reset button on the back panel for 5 seconds or more. Then use the default user name smcadmin with the password admin to access the management interface. A-3

Troubleshooting Maximum Distance Table Important Notice Maximum distances posted below are actual tested distance thresholds. However, there are many variables such as barrier composition and construction and local environmental interference that may impact your actual distances and cause you to experience distance thresholds far lower than those posted below. 802.11a Wireless Distance Table Speed and Distance Ranges Environment Outdoors1 Indoors2 72 Mbps 40 m 131 ft 20 m 66 ft 54 Mbps 85 m 279 ft 25 m 82 ft 48 Mbps 250 m 820 ft 35 m 115 ft 36 Mbps 310 m 1016 ft 40 m 131 ft 24 Mbps 400 m 1311 ft 45 m 148 ft 18 Mbps 445 m 1459 ft 50 m 164 ft 12 Mbps 455 m 1492 ft 55 m 180 ft 9 Mbps 465 m 1525 ft 66 m 216 ft 6 Mbps 510 m 1672 ft 70 m 230 ft 802.11b Wireless Distance Table Speed and Distance Ranges Environment Outdoors1 Indoors2 11 Mbps 300 m 984 ft 60 m 197 ft 5.5 Mbps 465 m 1525 ft 70 m 230 ft 2 Mbps 500 m 1639 ft 83 m 272 ft 1 Mbps 515 m 1689 ft 85 m 279 ft 802.11g Wireless Distance Table Outdoors1 Environment 54 Mbps 82 m 269 ft 20 m 66 ft Indoors2 Speed and Distance Ranges 6 24 Mbps 330 m 1082 ft 43 m 141 ft 11 Mbps 470 m 1541 ft 66 m 216 ft 12 Mbps 450 m 1475 ft 57 m 187 ft 18 Mbps 350 m 1148 ft 50 m 164 ft Mbps 485 m 1590 ft 71 m 233 ft Mbps 495 m 1623 ft 80 m 262 ft 9 48 Mbps 100 m 328 ft 25 m 82 ft 36 Mbps 300 m 984 ft 35 m 115 ft 5 Mbps 510 m 1672 ft 85 m 279 ft 2 Mbps 520 m 1705 ft 90 m 295 ft 1 Mbps 525 m 1722 ft 93 m 305 ft Notes: 1. Outdoor Environment: A line-of-sight environment with no 2. interference or obstruction between the access point and clients. Indoor Environment: A typical office or home environment with floor to ceiling obstructions between the access point and clients. A-4 Appendix B Cables and Pinouts Twisted-Pair Cable Assignments Caution: DO NOT plug a phone jack connector into the RJ-45 port. Use only twisted-pair cables with RJ-45 connectors that conform with FCC standards. For 10/100BASE-TX connections, a twisted-pair cable must have two pairs of wires. Each wire pair is identified by two different colors. For example, one wire might be red and the other, red with white stripes. Also, an RJ-45 connector must be attached to both ends of the cable. Caution: Each wire pair must be attached to the RJ-45 connectors in a specific orientation. (See Straight-Through Wiring on page B-3 and Crossover Wiring on page B-3 for an explanation.) The following figure illustrates how the pins on the RJ-45 connector are numbered. Be sure to hold the connectors in the same orientation when attaching the wires to the pins. 8 8 1 1 B-1 Cables and Pinouts 10/100BASE-TX Pin Assignments Use unshielded twisted-pair (UTP) or shielded twisted-pair (STP) cable for RJ-45 connections: 100-ohm Category 3 or better cable for 10 Mbps connections, or 100-ohm Category 5 or better cable for 100 Mbps connections. Also be sure that the length of any twisted-pair connection does not exceed 100 meters (328 feet). The RJ-45 port on the access point is wired with MDI pinouts. This means that you must use crossover cables for connections to PCs or servers, and straight-through cable for connections to switches or hubs. However, when connecting to devices that support automatic MDI/MDI-X pinout configuration, you can use either straight-through or crossover cable. MDI-X Signal Name Receive Data plus (RD+) Receive Data minus (RD-) Transmit Data plus (TD+) Transmit Data minus (TD-) 10/100BASE-TX MDI and MDI-X Port Pinouts MDI Signal Name Transmit Data plus (TD+) Transmit Data minus (TD-) Receive Data plus (RD+) Receive Data minus (RD-) Not used Pin 1 2 3 6 4,5,7,8 Not used Note: The + and - signs represent the polarity of the wires that make up each wire pair. B-2 Twisted-Pair Cable Assignments Straight-Through Wiring Because the 10/100 Mbps port on the access point uses an MDI pin configuration, you must use straight-through cable for network connections to hubs or switches that only have MDI-X ports. However, if the device to which you are connecting supports auto-MDIX operation, you can use either straight-through or crossover cable. EIA/TIA 568B RJ-45 Wiring Standard 10/100BASE-TX Straight-through Cable White/Orange Stripe Orange White/Green Stripe Green End B 1 2 3 4 5 6 7 8 End A 1 2 3 4 5 6 7 8 Crossover Wiring Because the 10/100 Mbps port on the access point uses an MDI pin configuration, you must use crossover cable for network connections to PCs, servers or other end nodes that only have MDI ports. However, if the device to which you are connecting supports auto-MDIX operation, you can use either straight-through or crossover cable. EIA/TIA 568B RJ-45 Wiring Standard 10/100BASE-TX Crossover Cable End A 1 2 3 4 5 6 7 8 White/Orange Stripe Orange White/Green Stripe Green End B 1 2 3 4 5 6 7 8 B-3 Cables and Pinouts Console Port Pin Assignments The DB-9 DCE serial port on the front panel of the SMC2555W-AG is used to connect to the access point for out-of-band console configuration. The on-board menu-driven configuration program can be accessed from a terminal, or a PC running a terminal emulation program. The pin assignments used to connect to the serial port are provided in the following tables. Wiring Map for Serial Cable Pin 1 2 3 4 5 6 7 8 9 Signal (serial port) Unused TXD (transmit data) RXD (receive data) Unused GND (ground) Unused CTS (clear to send) RTS (request to send) Unused Note: The left hand column pin assignments are for the female DB-9 connector on the access point. Pin 2 (TXD or transmit data) must emerge on the management consoles end of the connection as RXD (receive data). Pin 7 (CTS or clear to send) must emerge on the management consoles end of the connection as RTS (request to send). Signal (management console port) Unused RXD (receive data) TXD (transmit data) Unused GND (ground) Unused RTS (request to send) CTS (clear to send) Unused B-4 Console Port Pin Assignments Serial Cable Signal Directions for DB-9 Ports DB-9 to DB-9 AP 1 2 3 4 5 6 7 8 9 Reserved Reserved Reserved Reserved Terminal or PC 1 2 3 4 5 6 7 8 9 Serial Cable Signal Directions for DB-25 Ports DB-9 to DB-25 AP 1 2 3 4 5 6 7 8 9 Reserved Reserved Reserved Reserved Terminal or PC 8 3 2 20 7 6 4 5 22 B-5 Cables and Pinouts B-6 Appendix C Specifications General Specifications Maximum Channels 802.11a:

US & Canada: 13 (normal mode), 5 (turbo mode) Japan: 4 (normal mode), 1 (turbo mode) ETSI: 11 channels (normal mode), 4 (turbo mode) 802.11g:

FCC/IC: 1-11, ETSI: 1-13, France: 10-13, MKK: 1-14 Maximum Clients 64 Operating Range See Maximum Distance Table on page A-4 Data Rate 802.11a:

Normal Mode: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel Turbo Mode: 12, 18, 24, 36, 48, 72, 96, 108 Mbps per channel 802.11g: 6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps per channel 802.11b: 1, 2, 5.5, 11 Mbps per channel Modulation Type 802.11a: BPSK, QPSK, 16-QAM, 64-QAM 802.11g: CCK, BPSK, QPSK, OFDM 802.11b: CCK, BPSK, QPSK Network Configuration Infrastructure C-1 Specifications Operating Frequency 802.11a:

5.15 ~ 5.25 GHz (lower band) US/Canada, Japan 5.25 ~ 5.35 GHz (middle band) US/Canada 5.725 ~ 5.825 GHz (upper band) US/Canada 5.50~ 5.70 GHz Europe 802.11b:

2.4 ~ 2.4835 GHz (US, Canada, ETSI) 2.4 ~ 2.497 GHz (Japan) Power supply Input: 100-240 AC, 50-60 Hz Output: 3.3 VDC, 4A Power consumption: 13.2 watts PoE (DC) Input voltage: 48 volts, 0.27A, 12.96 watts Note: Power can also be provided to the access point through the Ethernet port based on IEEE 802.3af Power over Ethernet (PoE) specifications. When both PoE is provided and the adapter is plugged in, PoE will be turned off. Physical Size 21.83 x 13.73 x 3.27 cm (8.60 x 5.40 x 1.29 in) Weight 0.80 kg (1.76 lbs) LED Indicators PWR (Power), Ethernet Link (Ethernet Link/Activity), .11a and .11g (Wireless Link/Activity) Network Management Web-browser, RS232 console, Telnet, SNMP Temperature Operating: 0 to 40 C (32 to 104 F) Storage: 0 to 70 C (32 to 158 F) C-2 General Specifications Humidity 15% to 95% (non-condensing) Compliances IEC 61000-4-2/3/4/6/11 EMC Compliance (Class B) FCC Class B (US) ICES-003 (Canada) VCCI (Japan) RCR STD-33A Radio Signal Certification FCC Part 15.247 (2.4GHz) FCC part 15 15.407(b), CISPR 22-96 RSS-210 (Canada) EN 55022, EN55024, EN 300.328 EN 300 826, EN 61000-3-2, EN61000-3-3 ETSI300.328; ETS 300 826 (802.11b) MPT RCR std.33 (D33 1~13 Channel, T66 Channel 14) Safety CSA/NTRL (CSA 22.2 No. 950 & UL 1950) EN60950 (TV/GS), IEC60950 (CB) LVD/EN 60950 Standards IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX, IEEE 802.11a, b, g C-3 Specifications Sensitivity IEEE 802.11a Modulation/Rates BPSK (6 Mbps) BPSK (9 Mbps) QPSK (12 Mbps) QPSK (18 Mbps) 16 QAM (24 Mbps) 16 QAM (36 Mbps) 64 QAM (48 Mbps) 64QAM(54 Mbps) Sensitivity (GHz - dBm) 5.15-5.250 5.25-5.350 5.50-5.700 5.725-5.825

-88

-87

-86

-84

-82

-80

-73

-70

-88

-87

-86

-84

-81

-79

-73

-70

-88

-87

-86

-84

-81

-78

-73

-69

-88

-87

-86

-84

-81

-78

-73

-67 IEEE 802.11g Data Rate 6 Mbps 9 Mbps 12 Mbps 17 Mbps 24 Mbps 36 Mbps 48 Mbps 54 Mbps IEEE 802.11b Data Rate 1 Mbps 2 Mbps 5.5 Mbps 11 Mbps C-4 Sensitivity (dBm)

-88

-87

-86

-85

-81

-77

-72

-70 Sensitivity (dBm)

-93

-90

-90

-87 General Specifications Transmit Power IEEE 802.11a Data Rate Maximum Output Power (GHz - dBm) 5.15-5.250 5.25-5.350 5.50-5.700 5.725-5.825 6 Mbps 9 Mbps 12 Mbps 8 Mbps 24 Mbps 36 Mbps 48 Mbps 54 Mbps 17 17 17 17 17 17 17 12 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 16 IEEE 802.11g Data Rate Maximum Output Power (GHz - dBm) 2.412 2.472 2.417~2.467 6 Mbps 9 Mbps 12 Mbps 18 Mbps 24 Mbps 36 Mbps 48 Mbps 54 Mbps 20 20 20 20 20 18 17 15 20 20 20 20 20 19 16 14 18 18 18 18 18 17 15 13 IEEE 802.11b Data Rate Maximum Output Power (GHz - dBm) 2.472 2.412 2.417~2.467 1 Mbps 2 Mbps 5.5 Mbps 11 Mbps 15 15 15 15 16 16 16 16 15 15 15 15 C-5 Specifications C-6 Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3 or better UTP cable. 100BASE-TX IEEE 802.3u specification for 100 Mbps Fast Ethernet over two pairs of Category 5 or better UTP cable. Access Point An internetworking device that seamlessly connects wired and wireless networks. Access points attached to a wired network, support the creation of multiple radio cells that enable roaming throughout a facility. Ad Hoc A group of computers connected as an independent wireless network, without an access point. Advanced Encryption Standard (AES) An encryption algorithm that implements symmetric key cryptography. AES provides very strong encryption using a completely different ciphering algorithm to TKIP and WEP. Authentication The process to verify the identity of a client requesting network access. IEEE 802.11 specifies two forms of authentication: open system and shared key. Glossary-1 Glossary Backbone The core infrastructure of a network. The portion of the network that transports information from one central location to another central location where it is unloaded onto a local system. Basic Service Set (BSS) A set of 802.11-compliant stations and an access point that operate as a fully-connected wireless network. Beacon A signal periodically transmitted from the access point that is used to identify the service set, and to maintain contact with wireless clients. Broadcast Key Broadcast keys are sent to stations using 802.1x dynamic keying. Dynamic broadcast key rotation is often used to allow the access point to generate a random group key and periodically update all key-management capable wireless clients. CSMA/CA Carrier Sense Multiple Access with Collision Avoidance. Dynamic Host Configuration Protocol (DHCP) Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allocation of reusable network addresses and additional configuration options. Encryption Data passing between the access point and clients can use encryption to protect from interception and evesdropping. Glossary-2 Glossary Extended Service Set (ESS) More than one wireless cell can be configured with the same Service Set Identifier to allow mobile users can roam between different cells with the Extended Service Set. Extensible Authentication Protocol (EAP) An authentication protocol used to authenticate network clients. EAP is combined with IEEE 802.1x port authentication and a RADIUS authentication server to provide mutual authentication between a client, the access point, and the a RADIUS server Ethernet A popular local area data communications network, which accepts transmission from computers and terminals. File Transfer Protocol (FTP) A TCP/IP protocol used for file transfer. Hypertext Transfer Protocol (HTTP) HTTP is a standard used to transmit and receive all data over the World Wide Web. Internet Control Message Protocol (ICMP) A network layer protocol that reports errors in processing IP packets. ICMP is also used by routers to feed back information about better routing choices. IEEE 802.11a A wireless standard that supports high-speed communications in the 5 GHz band using Orthogonal Frequency Division Multiplexing (OFDM). The standard supports data rates of 6, 12, 24, and 54 Mbps. Glossary-3 Glossary IEEE 802.11b A wireless standard that supports wireless communications in the 2.4 GHz band using Direct Sequence Spread Spectrum (DSSS). The standard provides for data rates of 1, 2, 5.5, and 11 Mbps. IEEE 802.11g A wireless standard that supports wireless communications in the 2.4 GHz band using supports high-speed communications in the 5 GHz band using Orthogonal Frequency Division Multiplexing

(OFDM). The standard provides for data rates of 6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps. IEEE 802.11g is also backward compatible with IEEE 802.11b. IEEE 802.1x Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication. Infrastructure An integrated wireless and wired LAN is called an infrastructure configuration. Inter Access Point Protocol (IAPP) A protocol that specifies the wireless signaling required to ensure the successful handover of wireless clients roaming between different 802.11f-compliant access points. Local Area Network (LAN) A group of interconnected computer and support devices. MAC Address The physical layer address used to uniquely identify network nodes. Glossary-4 Glossary Network Time Protocol (NTP) NTP provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master-slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. Open System A security option which broadcasts a beacon signal including the access points configured SSID. Wireless clients can read the SSID from the beacon, and automatically reset their SSID to allow immediate connection to the nearest access point. Orthogonal Frequency Division Multiplexing (ODFM) OFDM/ allows multiple users to transmit in an allocated band by dividing the bandwidth into many narrow bandwidth carriers. Power over Ethernet (PoE) A specification for providing both power and data to low-power network devices using a single Category 5 Ethernet cable. PoE provides greater flexibility in the locating of access points and network devices, and significantly decreased installation costs. RADIUS A logon authentication protocol that uses software running on a central server to control access to the network. Roaming A wireless LAN mobile user moves around an ESS and maintains a continuous connection to the infrastructure network. RTS Threshold Transmitters contending for the medium may not be aware of each other. RTS/CTS mechanism can solve this Hidden Node Glossary-5 Glossary Problem. If the packet size is smaller than the preset RTS Threshold size, the RTS/CTS mechanism will NOT be enabled. Service Set Identifier (SSID) An identifier that is attached to packets sent over the wireless LAN and functions as a password for joining a particular radio cell; i.e., Basic Service Set (BSS). Session Key Session keys are unique to each client, and are used to authenticate a client connection, and correlate traffic passing between a specific client and the access point. Shared Key A shared key can be used to authenticate each client attached to a wireless network. Shared Key authentication must be used along with the 802.11 Wireless Equivalent Privacy algorithm. Simple Network Management Protocol (SNMP) The application protocol in the Internet suite of protocols which offers network management services. Simple Network Time Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol (NTP) server. Updates can be requested from a specific NTP server, or can be received via broadcasts sent by NTP servers. Temporal Key Integrity Protocol (TKIP) A data encryption method designed as a replacement for WEP. TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys. Glossary-6 Glossary Trivial File Transfer Protocol (TFTP) A TCP/IP protocol commonly used for software downloads. Virtual LAN (VLAN) A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. A VLAN serves as a logical workgroup with no physical barriers, and allows users to share information and resources as though located on the same LAN. Wi-Fi Protected Access WPA employs 802.1x as its basic framework for user authentication and dynamic key management to provide an enhanced security solution for 802.11 wireless networks. Wired Equivalent Privacy (WEP) WEP is based on the use of security keys and the popular RC4 encryption algorithm. Wireless devices without a valid WEP key will be excluded from network traffic. WPA Pre-shared Key (PSK) PSK can be used for small office networks that may not have the resources to configure and maintain a RADIUS server, WPA provides a simple operating mode that uses just a pre-shared password for network access. Glossary-7 Glossary Glossary-8 Numerics 802.11g 6-65 A Advanced Encryption Standard See AES AES 5-38 antennas, positioning 2-2 authentication 5-9, 6-80 configuring 5-9, 6-80 MAC address 5-10, 6-51, 6-52 type 4-9, 5-31, 6-72 B Basic Service Set See BSS beacon interval 5-28, 6-76 rate 5-28, 6-77 BOOTP 6-67, 6-68 BSS 3-3 C cable assignments B-1 crossover B-3 straight-through B-3 channel 5-27, 6-74 channels, maximum C-1 Clear To Send See CTS CLI 6-1 command modes 6-6 clients, maximum C-1 closed system 6-72 command line interface See CLI Index community name, configuring 5-16, 6-32 community string 5-17, 6-32 configuration settings, saving or restoring 5-21, 6-39 configuration, initial setup 4-1 console port 1-5 connecting 2-3 pin assignments B-4 required settings 4-2 crossover cable B-3 CSMA/CA 1-1 CTS 5-28, 6-79 D data rate, options C-1 device status, displaying 5-40, 6-30 DHCP 4-8, 5-5, 5-6, 6-67, 6-68 distances, maximum A-4 DNS 5-6, 6-66 Domain Name Server See DNS downloading software 5-19, 6-39 DTIM 5-28, 6-77 Dynamic Host Configuration Protocol See DHCP E EAP 5-36, 6-88 encryption 5-31, 5-33, 5-36, 6-81 Ethernet cable 2-2 port 1-6 event logs 5-44, 6-25 Extensible Authentication Protocol See EAP Index-1 Index F factory defaults restoring 5-21, 6-14 filter 5-13, 6-51 address 5-9, 6-51 between wireless clients 5-15, 6-57 local bridge 5-15, 6-57 local or remote 5-9, 6-54 management access 5-15, 6-58 protocol types 5-15, 6-59 VLANs 5-14, 6-96 firmware displaying version 5-20, 6-31 upgrading 5-19, 5-20, 6-39 fragmentation 6-78 G gateway address 4-3, 5-6, 6-2, 6-67 H IEEE 802.1x 5-36, 6-47 configuring 5-11, 6-47 initial setup 4-1 installation hardware 2-1 mounting 2-1 IP address BOOTP/DHCP 6-67, 6-68 configuring 4-3, 4-8, 5-5, 6-67, 6-68 L LED indicators 1-4 lock, Kensington 2-1 log messages 5-23, 5-44, 6-22 server 5-22, 6-22 login CLI 6-1 web 4-5 logon authentication RADIUS client 5-10, 6-42 hardware version, displaying 6-31 M MAC address, authentication 5-10, 6-51, 6-52 maximum data rate 5-28, 5-30, 6-73 802.11a interface 5-28, 6-73 802.11g interface 5-30, 6-73 maximum distances A-4 MDI, RJ-45 pin configuration 1-6 mounting the access point 2-1 multicast cipher 5-39, 6-86 I IAPP 6-95 IEEE 802.11a 1-1, 5-25, 6-65 configuring interface 5-26, 6-65 maximum data rate 5-28, 6-73 radio channel 5-27, 6-74 IEEE 802.11b 5-25 IEEE 802.11f 6-95 IEEE 802.11g 5-25 configuring interface 5-29, 6-65 maximum data rate 5-30, 6-73 radio channel 5-30, 6-74 Index-2 N network topologies infrastructure 3-3 infrastructure for roaming 3-4 O OFDM 1-1 open system 4-9, 5-31, 6-72 operating frequency C-2 P package checklist 1-2 password configuring 5-18, 6-19 management 5-18, 6-19 pin assignments console port B-4 DB-9 port B-4 PoE 1-6 specifications C-2 power connection 2-1 Power over Ethernet See PoE power supply, specifications C-2 PSK 5-37, 6-89 R radio channel 802.11a interface 5-27, 6-74 802.11g interface 5-30, 6-74 configuring 4-7 RADIUS 5-7, 5-36, 6-42 RADIUS, logon authentication 5-10, 6-42 Remote Authentication Dial-in User Service See RADIUS Request to Send See RTS Index reset 5-21, 6-14 reset button 1-6, 5-21 resetting the access point 5-21, 6-14 restarting the system 5-21, 6-14 RJ-45 port configuring duplex mode 6-70 configuring speed 6-70 RTS threshold 5-28, 5-29, 6-79 S security, options 5-31, 5-32 session key 5-11, 5-12, 6-50 shared key 4-9, 5-34, 6-82 Simple Network Management Protocol See SNMP Simple Network Time Protocol See SNTP SNMP 5-16, 6-32 community name 5-16, 6-32 community string 6-32 enabling traps 5-17, 6-34 trap destination 5-17, 6-35 trap manager 5-17, 6-35 SNTP 5-23, 5-24, 6-25 enabling client 5-24, 6-26 server 5-24, 6-25 software displaying version 5-19, 5-40, 6-31 downloading 5-20, 5-21, 6-39 specifications C-1 SSID 5-4, 6-76 configuring 4-6 startup files, setting 6-38 station status 5-42, 6-94 status displaying device status 5-40, 6-30 displaying station status 5-42, 6-94 straight-through cable B-3 system clock, setting 5-24, 6-27 Index-3 Index system log enabling 5-22, 6-21 server 5-22, 6-22 system software, downloading from server 5-19, 6-39 T Telnet for managenet access 6-2 Temporal Key Integrity Protocol See TKIP time zone 5-24, 6-29 TKIP 5-37, 6-86 transmit power, configuring 5-27, 6-84 trap destination 5-17, 6-35 trap manager 5-17, 6-35 troubleshooting A-1 U user name, manager 5-18, 6-19 user password 5-18, 6-19 V VLAN configuration 5-14, 6-97 native ID 5-14, 6-98 W WEP 5-33, 6-81 configuring 5-33, 5-34, 6-81 shared key 5-34, 6-82 Wi-Fi Protected Access See WPA Wired Equivalent Protection See WEP WPA 5-36, 6-89 authentication over 802.11x 5-38, 6-88 pre-shared key 5-38, 5-39, 6-90, 6-91 upgrading software 5-19, 6-39 WPA, pre-shared key See PSK Index-4 FOR TECHNICAL SUPPORT, CALL:

From U.S.A. and Canada (24 hours a day, 7 days a week)

(800) SMC-4-YOU; (949) 679-8000; Fax: (949) 679-1481 From Europe (8:00 AM - 5:30 PM UK Time) 44 (0) 118 974 8700; Fax: 44 (0) 118 974 8701 INTERNET E-mail addresses:

techsupport@smc.com european.techsupport@smc-europe.com support@smc-asia.com Driver updates:

http://www.smc.com/index.cfm?action=tech_support_drivers_downloads World Wide Web:

http://www.smc.com http://www.smc-europe.com http://www.smc-asia.com FOR LITERATURE OR ADVERTISING RESPONSE, CALL:

U.S.A. and Canada:

Spain:

UK:

France:

Italy:

Benelux:

Central Europe:

Nordic:

Eastern Europe:

Sub Saharian Africa:

North West Africa:

CIS:

PRC (Beijing):

PRC (Shanghai):

Taiwan:

Asia Pacific:

Korea:

Japan:

Australia:

India:

Middle East:

Thailand:

(800) SMC-4-YOU;

34-93-477-4935;

44 (0) 1932 866553;

33 (0) 41 38 32 32;

39 (0) 335 5708602;

31 33 455 72 88;

49 (0) 89 92861-0;

46 (0) 868 70700;

34 -93-477-4920;

27 0126610232;

216 71236616;

7 (095) 789 35 73;

86-10-8251-1550;

86-21-6485-9922;

886-2-8797-8006;

(65) 6 238 6556;

82-2-553-0860;

81-3-5645-5715;

61-2-8875-7887;

91 22 5696 2790;

97 14 299 4466 66 2 651 8733 Fax (949) 679-1481 Fax 34-93-477-3774 Fax 44 (0) 118 974 8701 Fax 33 (0) 41 38 01 58 Fax 39 02 739 14 17 Fax 31 33 455 73 30 Fax 49 (0) 89 92861-230 Fax 46 (0) 887 62 62 Fax 34 93 477 3774 Fax 27-11 314 9133 Fax 216 71751415 Fax 7 (095) 789 35 73 Fax 86-10-8251-1551 Fax 86-21-6495-7924 Fax 886-2-8797-6288 Fax (65) 6 238 6466 Fax 82-2-553-7202 Fax 81-3-5645-5716 Fax 61-2-8875-7777 Fax 91 22 5696 2794 Fax 97 14 299 4664 Fax 66 2 651 8737 If you are looking for further contact information, please visit www.smc.com, www.smc-europe.com, or www.smc-asia.com. 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 Model Number: SMC2555W-AG Pub. Number: 150000029500E, E092003-R01