3Com WX1200 3CRWX120695A, WXR100 3CRWXR10095A Enabling Soda Functionality for the Service Profile

Page 550

550CHAPTER 24: CONFIGURING SODA ENDPOINT SECURITY FOR A WX SWITCH

Enabling SODA Functionality for the Service Profile

To enable SODA functionality for a service profile, use the following command:

set service-profile name soda mode {enable disable}

When SODA functionality is enabled for a service profile, a SODA agent is downloaded to clients attempting to connect to a MAP managed by the service profile. The SODA agent performs a series of security-related checks on the client. By default, enforcement of SODA agent checks is enabled, so that a connecting client must pass the SODA agent checks in order to gain access to the network.

For example, the following command enables SODA functionality for service profile sp1:

WX1200# set service-profile sp1 soda mode enable success: change accepted.

Disabling When SODA functionality is enabled for a service profile, by default the Enforcement of SODA SODA agent checks are downloaded to a client and run before the client

Agent Checks is allowed on the network. You can optionally disable the enforcement of the SODA security checks, so that the client is allowed access to the network immediately after the SODA agent is downloaded, rather than waiting for the security checks to be run.

To disable (or re-enable) the enforcement of the SODA security checks, use the following command:

set service-profile name enforce-checks {enable disable}

For example, the following command disables the enforcement of the SODA security checks, allowing network access to clients after they have downloaded the SODA agent, but without requiring that the SODA agent checks be completed:

WX1200# set service-profile sp1 enforce-checks disable success: change accepted.

Note that if you disable the enforcement of the SODA security checks, you cannot apply the success and failure URLs to client devices. In addition, you should not configure the SODA agent to refer to the success and failure pages on the WX switch if you have disabled enforcement of SODA agent checks.

Page 549 Page 551
Image 550
Page 549 Page 551
Contents Wireless LAN Mobility System 3Com Corporation 350 Campus Drive Marlborough, MA USA United States Government LegendContents Configuring AAA for Administrative and Local Access Managing User PasswordsConfiguring and Managing IP Interfaces and Services Configuring and Managing Ports and VlansDisplaying Password Information 108 Configuring Snmp Configuring and Managing Mobility Domain RoamingConfiguring MAP Access Points Configuring Network DomainsMAP Overview Country of Operation 179 RF Load Balancing Overview 267 Configuring RF Load Balancing for Maps268 Configuring Wlan Mesh Services Configuring User EncryptionConfiguring Maps to be Aeroscout Listeners Configuring RF AUTO-TUNINGConfiguring Quality of Service Configuring and Managing Spanning Tree Protocol Configuring and Managing Security Acls Configuring and Managing Igmp Snooping380 414 Why Use Keys and Certificates? 413Managing Keys and Certificates 416460 Configuring AAA for Network Users475 Using an ACL Other Than portalacl 479503 494 Clearing a Security ACL from a User or Group 495496 514Configuring Communication with Radius Managing 802.1X on the WX SwitchConfiguring Soda Endpoint Security for a WX Switch Managing SessionsRogue Detection and Countermeasures 631 Using the Trace Command Troubleshooting a WX SwitchManaging System Files Enabling and Logging Into WEB View Traffic Ports Used by MSS Glossary Index Command IndexSupported Radius Attributes Obtaining Support for Your 3COM ProductsList conventions that are used throughout this guide ConventionsIcon Description Documentation Including new features and bug fixes3WXM for advanced configuration and management This manual uses the following text and syntax conventionsComments Pddtechpubscomments@3com.comAbout this Guide Overview To configure and manage the switch and its attached MAPsOverwrite a parameter with another set command. Use display Network operationsCase-insensitive Text EntryConventions Alphanumeric characters, except for tabs and spaces, and isMAC Address Notation IP Address and Mask NotationUser Globs User GlobsUser Glob Users Designated MAC Address Globs Vlan GlobsMatching Order for Globs WX1200# set port enableWX1200# reset port WX1200# display port poe 1,2,4,6Operating systems Command-LineEditing CLI Keyboard ShortcutsAt your access level, type the following command Using CLI HelpCommands that begin with those characters. For example Wildcard CharactersWX1200# display ip ? WX1200# display i?WX1200# display ip telnet Set ap Understanding Command DescriptionsSet ap name command has the following complete syntax Set ap apnumber auto securityMethods Switches„ CLI quickstart command „ Web Quick Start WXR100, WX1200, and WX2200WX Setup Methods How a WX Switch Gets its ConfigurationWX2200 Only Accessing the Web To access the Web Quick Start Quick StartWX Setup Methods Web Quick Start WXR100, WX1200 and WX2200 Only CLI quickstart Set enablepass command WX Setup Methods Single-Switch Deployment Verify the configuration changes Remote WX Start 3WXM by doing one of the following Select File Switch Network PlanTo open the network plan „ On Linux systems, change directories toHere is an overview of configuration topics 3Com Mobility System Software MSS supports authenticationOperation Configuring AAA for Administrative and Local Access Building Before You Start AdministrativeAccess AboutFirst-Time Configuration viaAdministrator ConsoleWX1200# set enablepass PasswordSetting the WX Enable Password for the First Time WX1200# save configWX1200# set authentication console * local 3WXM Enable PasswordWX1200# set authentication console * none Configuring AAA for Administrative and Local Access Configuring Configuring AAA for Administrative and Local Access Displaying the AAA Configday. To do this, type the following commandConfiguration, all changes are lost SavingScenarios Administrative AAARadius Administrative AAA Configuration Scenarios Success configuration saved Passwords, and how to display password information Restrictions apply to user passwordsWX# set user Jose password spRin9 Configuring PasswordsSet user username password encrypted password Clear user usernameWX# set authentication password-restrict enable Setting the Maximum Number of Login AttemptsSet authentication password-restrict enable disable Set authentication max-attempts numberPassword Length Configuring Password Expiration Time WX# clear user Nin lockout Clear user username lockoutWX# display aaa Configuring Managing PortsPort Type Parameter MAP Access Wired Authentication Network VlanSetting a Port for a Directly Connected MAP Maximum MAPs Supported Per SwitchConfiguring a MAP Connection WX1200# set port type wired-auth 7 success change accepted Setting a Port for a Wired Authentication UserSwitch Model Valid Range Valid dap-num ValuesClearing a Port Clearing a Distributed MAP Name Setting a Port NameRemoving a Port Name Clear port media-type port-list Set port media-type port-listrj45Display port media-type port-list 10/100 Ports-Autonegotiation and Port Speed ParametersSet port speed port-list10 100 auto Gigabit Ports Autonegotiation and Flow Control Disabling or Reenabling Power over EthernetDisabling or Reenabling a Port To reset a port, use the following command Resetting a PortDisplaying Port Configuration and Status Displaying PoE State To display port statistics, use the following commandDisplaying Port Statistics Monitoring Port Statistics Clearing Statistics CountersCounters begin incrementing again, starting from Clear port countersKey Effect on monitor display Use the keys listed in to control the monitor displayKey Controls for Monitor Port Counters Display WX1200# monitor port countersGroups can participate in a port group Configuring a Port GroupTo configure a port group, use the following command Load SharingRemoving a Port Group To remove a port group, use the following commandWX1200# display vlan config Clear port-group name nameDisplay port-group name group-name Displaying Port Group InformationInteroperating with Cisco Systems EtherChannel WX1200# display port-group name server2VLANs, IP Subnets, and IP Addressing Users and VLANsVlan Names Roaming and VLANs802.1Q Tagging Traffic ForwardingTunnel Affinity Creating a Vlan To create a VLAN, use the following commandSet vlan vlan-numname name You can specify a tag value from 1 through To add a port to a VLAN, use the following commandAdding Ports to a Vlan WX1200# set vlan 2 name redSpecify a value from 1 through 10. The default is To completely remove Vlan ecru, type the following commandTo change the tunneling affinity, use the following command Removing an Entire Vlan or a Vlan PortDisplay security l2-restrict vlan vlan-idall Security l2-restrict Display vlan config vlan-idWX1200# display vlan config burgundy Clear security l2-restrict counters vlan vlan-idallDatabase ForwardingPort associated with the MAC address Information Displaying the Size of the Forwarding Database DisplayingDisplaying Forwarding Database Entries WX1200# display fdb Adding an Entry to the Forwarding DatabaseRemoving Entries from the Forwarding Database WX1200# clear fdb dynamic success change acceptedDisplaying the Aging Timeout Period Changing the Aging Timeout PeriodPort and Vlan Configuration change. Type the following commandsScenario Port status WX1200# set port type ap 2-4 model ap2750 poe enableWX1200# display port poe WX1200# set vlan default port Save the configuration. Type the following commandSet port type wired-auth 5,6 Display Port statusMTU Support To add an IP interface to a VLAN, use the following command Configuring Managing IP InterfacesStatically Configuring an IP Interface Adding an IP InterfaceConfiguring and Managing IP Interfaces WX1200# set interface corpvlan ip dhcp-client enable Set interface vlan-idip dhcp-client enable disableWX1200# display interface Disabling or Reenabling an IP Interface To remove an IP interface, use the following commandDisplaying IP To display the system IP address, use the following command Configuring the System IP AddressTo clear the system IP address, use the following command Configuring and Managing IP Routes Display ip route destination WX1200# display ip routeWX1200# display ip route To remove a static route, use the following command Set ip ssh server enable disable Managing Management ServicesLogin Timeouts Managing SSHFor example You can verify the key using the following commandAdding an SSH User These commands display and clear SSH server sessions Changing the SSH Service Port NumberUse the following commands to manage SSH server sessions Managing SSH Server SessionsEnabling Telnet Telnet Login TimersSet ip telnet server enable disable Adding a Telnet UserUse the following commands to manage Telnet server sessions Changing the Telnet Service Port NumberResetting the Telnet Service Port Number to Its Default Displaying Telnet StatusManaging Https Enabling Https Displaying Https InformationClear system idle-timeout Set system idle-timeout secondsSessions Following command sets the Motd banner on the WX To specify a Motd banner, use the following commandPrompting the User to Acknowledge the Motd Banner Adding a DNS Server To add a DNS server, use the following commandTo remove a DNS server, use the following command Removing a DNS ServerRemoving the Default Domain Name Adding the Default Domain NameTo add the default domain name, use the following command Specify a domain name of up to 64 alphanumeric charactersClear ip alias name Here is an exampleSet ip alias name ip-addr Display ip alias nameParameters Managing TimeDaylight savings time or similar summertime period Displaying the Time Zone To display the time zone, use the following commandTo clear the time zone, use the following command Clearing the Time ZoneDisplaying the Summertime Period To display the summertime period, use the following commandTo clear the summertime period, use the following command Clearing the Summertime PeriodWX1200# set timedate date feb 29 2004 time 235800 Statically Configuring System Time DateSet timedate date mmm dd yyyy time hhmmss Display timedateNTP client is disabled by default To remove an NTP server, use the following commandTo display NTP information, use the following command Resetting the Update Interval to DefaultDisplaying NTP Information Permanent entries to the ARP table Managing the ARPIP address to the ARP table EntriesSet arp agingtime seconds Set arp permanent static dynamic ip-addrmac-addrWX1200# set arp agingtime Logging In to a Pinging AnotherDevice Remote DeviceTracing a Route WX1200# traceroute server1 IP Interfaces Time and date parametersWX1200# Set ip Dns Server WX1200# set ip dns enableIp dns Sun Feb 29 2004, 235902 PST Configuring and Managing IP Interfaces and Services Authentication options, and encryption options „ SNMPv3-SNMPv3 adds authentication and encryption optionsUSM users, with individually configurable access levels All Snmp versions are disabled by defaultSet snmp protocol v1 v2c usm all enable disable To enable an Snmp protocol, use the following commandConfiguring Community Strings SNMPv1 SNMPv2c Only Set system location string set system contact stringClear snmp community name comm-string To create a USM user for SNMPv3, use the following commandTo clear a USM user, use the following command Clear snmp usm usm-usernameConfiguring Snmp Command Examples WX1200# set snmp security encrypted success change accepted To clear a notification profile, use the following commandClear snmp notify profile profile-name ClientRoamingTraps-Generated when a client roams Configuring Snmp Command Examples Configuring Snmp Security unsecured authenticated encrypted To clear a notification target, use the following commandClear snmp notify target target-num Command Examples To display USM settings, use the following command To enable the MSS Snmp service, use the following commandFollowing command enables the Snmp service InformationDisplay snmp notify target To display notification profiles, use the following commandDisplay snmp notify profile Display snmp countersMobility Domain Roaming Set mobility-domain mode seed domain-name mob-domain-name Configuring aConfiguring the System IP Address on Mobility DomainSet mobility-domain mode member seed-ip ip-addr Set mobility-domain member ip-addrOn the primary seed On the other member switches in the Mobility DomainOn the secondary seed Displaying Mobility Domain Configuration Domain Status display mobility-domain command. For exampleSwitch WX-WX Security A Mobility MonitoringVLANs and Tunnels DomainWX1200# display roaming vlan WX1200# display tunnelUnderstanding Sessions Roaming Users WX1200 display sessions network verbose VlanWX1200# set mobility-domain member seed-ip Mobility-domainVlan-wep 192.168.12.7 192.168.15.5 Domains Network Domain How a user connects to a remote Vlan in a Network Domain Configuring a WX Switch’s affinity for a Network Domain seed Set network-domain mode seed domain-name net-domain-name Network DomainSet network-domain mode member seed-ip ip-addraffinity num Set network-domain peer ip-addrSet network-domain mode member seed-ip ip-addraffinity num WX4400# display network-domain Clear network-domain WX Switch following commandClear network-domain mode seed member Clear network-domain seed-ip ip-addrConfiguring Network Domains WX1200# display network-domain Upseed Upmember 30.30.30.1 MAP Overview Through radio signals„ Two direct connections to a single WX or two WX switches Combinations of multiple connectionsExample 3Com Network MAP Overview Distributed MAP Network Requirements Distributed MAPs and STP No configuration is required on the WX Distributed MAPs and Dhcp OptionMAP Parameters Resiliency and Dual-Homing Options for MAPs Dual-Homed Configuration Examples Dual-Homed Direct Connections to a Single WXDual-Homed Direct and Distributed Connections to WX Switches Network Backbone WX switch Establishing Connectivity on the Network How a Distributed MAP Obtains an IP Address through DhcpStatic IP Address Configuration for Distributed MAPs DNS server replies with the system IP address of a WX switch Configuring MAP Access Points MAP Overview Configuring MAP Access Points MAP Boot Examples MAP Booting over Layer 2 Network MAP Overview MAP Booting over Layer 3 Network MAP sends Dhcp Discover message from the MAP’s portMAP sends a unicast Find WX message to WX1 Dual-Homed MAP Booting MAP Booting with a Static IP Address MAP sends a Dhcp Discover message from the MAP’s portDefaults for Service Profile Parameters Auth-dot1x EnableCipher-ccmp Disable Auth-psk DisableBeacon Enable Cipher-tkip EnableSet radio-profile auth-psk command No-broadcast DisableProxy-arp Disable Soda DisableUser-idle-timeout 180 12.0,24.0Web-portal-form TimeoutWeb-portal Web-portal-sessionMAC Address Allocations on MAPs Public and Private SSIDsEach radio can support the following types of SSIDs Model Address AllocationAP7250 Radios AP2750SSIDs AP8250Encryption Defaults for Radio Profile ParametersNot configured Beacon-interval 100Service-profile Parameter Default Value Frag-threshold 2346Rfid-mode Disable Max-rx-lifetime 2000Lists the defaults for these parameters RF Auto-TuningDefault Radio Profile Radio-Specific ParametersMode Disable Parameter Default Value Description AntennatypeMax-power ANT-5360-OUTYou specify the country of operation To specify the country, use the following commandSet system countrycode code Country Codes Country Codes Country Codes CountryCode WX switch can have one Auto-AP profile How an Unconfigured MAP Finds a WX To Configure ItExample WX1200 MAP Capacities and Loads Configured MAPs Have Precedence Over Unconfigured MAPsWX1200 a WX1200 B Configuring an Auto-AP Profile WX1200# set ap auto success change acceptedConfigurable Profile Parameters for Distributed MAPs MAP Parameters WX# set ap auto mode enable success change acceptedRadio Parameters WX# display ap status auto Set ap auto persistent apnumber allConfiguring a MAP Auto-AP profile is not used to configure the MAP. Instead,MAP configuration persistent across switch restarts Configure the MAP using the following commandConfiguring Static IP Addresses on Distributed MAPs Success change accepted Changing MAP Names Clearing a MAP from the ConfigurationTo clear a MAP, use the following command Changing BiasForcing a MAP To Download its Operational Image from the WX Disabling or Reenabling Automatic Firmware UpgradesSet ap apnumber upgrade-firmware enable disable WX# set ap 1 bias low success change acceptedEnabling LED Blink Mode Set ap apnumber blink enable disableEncryption Key Fingerprint Encryption OptionsMAP Can Establish Verifying a MAP Fingerprint on a WX SwitchWX# display ap status Set ap security require optional none Setting the MAP Security Requirement on a WXWX# set ap security require Fingerprint Log Message Creating a Service ProfileSet service-profile name ssid-name ssid-name An Ssid can be up to 32 alphanumeric characters longDisabling or Reenabling Encryption for an Ssid Removing a Service ProfileChanging a Service Profile Setting Disabling or Reenabling Beaconing of an SsidTo change the fallthru method, use the following command SSIDs are beaconed by defaultChanging the Fallthru Authentication Type Lists the rate settings and their defaults11g-1.0,2.0,5.5,11.0 Transmit Rates11b-1.0,2.0 Beacon-rateEnforcing the Data Rates Transmit RatesWX# set radio-profile rp1 service-profile sp1 WX# set radio-profile rp1 rate-enforcement mode enableDisabling Idle-Client Probing Threshold can be a value from 1 through 15. The default is Changing the User Idle TimeoutChanging the Short Retry Threshold Set service-profile name long-retry threshold Changing the Long Retry ThresholdCreating a New Profile To create a radio profile, use the following commandChanging Radio Parameters To change the Dtim interval, use the following command Set radio-profile name dtim-interval intervalSet radio-profile name frag-threshold threshold To change the RTS threshold, use the following commandSet radio-profile name rts-threshold threshold Set radio-profile name max-rx-lifetime timeSet radio-profile name max-tx-lifetime time To remove a radio profile, use the following command Resetting a Radio Profile Parameter to its Default ValueRemoving a Radio Profile Configuring the Channel and Transmit Power Configuring the External Antenna Model and Location Model Type Gain dBi DescriptionMP-620 External Antenna Models Specifying the External Antenna ModelMP-341, MP-352, MP-262 External Antenna Models Beamwidth Model Type Horizontal VerticalProfiles Set radio-profile name service-profile nameSpecifying the External Antenna Location Assigning a Radio Profile and Enabling RadiosDisabling or Reenabling RadiosClear ap apnumber radio 1 2 all To restart a MAP, use the following commandReset ap apnumber WX1200# clear ap 3 radioConfiguring MAP Access Points Enabling Local Switching on a MAP Configuring a Vlan ProfileSet ap apnumber local-switching mode enable disable Applying a Vlan Profile to a MAP Set ap apnumber local-switching vlan-profile profile-nameClear ap ap-numberlocal-switching vlan-profile Clearing the Vlan Profile from a MAPClear vlan-profile profile-namevlan vlan-name Removing a Vlan Profile from the WX SwitchTo remove Vlan profile locals, type the following command WX# clear vlan-profile locals vlan redWX1200# display ap config Displaying MAP Configuration InformationDisplay ap config apnumber radio 1 Displaying MAP InformationDisplay ap global apnumber serial-id serial-ID Displaying Connection Information for Distributed MAPsWX4400# display ap global Connection Displaying a List Distributed MAPs That Are Not ConfiguredInformation for Display service-profile name ? WX# display service-profile sp1Display radio-profile name ? WX# display radio-profile defaultDisplaying MAP Display ap status terse apnumber all radio 1Following command displays the status of a Distributed MAP Displaying Static IPDisplay ap counters apnumber radio 1 WX# display ap countersDisplaying Vlan Profile Information Following command displays ARP entries for APDisplaying the ARP Table for a MAP Following command displays FDB entries for AP Displaying Forwarding Database For a MAPWX# display ap acl hits Display ap acl hits ap-numberDisplay ap acl map ap-number WX# display ap acl map Configuring RF Load Set load-balancing mode enable disable Configuring RF Load BalancingDisabling or Re-Enabling RF Load Balancing Clear ap apnumber radio radio-numload-balancing group Set band-preference none 11bg 11aSet load-balancing strictness low med high max Radios in the same load-balancing group as ap2/radio1 Displaying RF Load Balancing InformationExempting an Ssid From RF Load Balancing WX# display load-balancing group ap 2 radioConfiguring RF Load Balancing for Maps Services Configuring Wlan Mesh ServicesSet ap num boot-configuration mesh mode enable disable Use the following command to specify the pre-shared keySet ap num boot-configuration mesh ssid mesh-ssid Mesh Services following commands Set ap num radio num link-calibration mode enable disable Wireless Bridging Following illustrationWX# display ap status terse Total number of entries Rfid Reports Inactive Antenna Link Calibration EnabledDisplaying Wlan AP, m = mesh AP = mesh portalBssid1 000b0efdfdcd, ssid mesh-ssid mesh „ WPA2 Robust Security Network Encryption settings are configured in the service profileThen authorized to join a Vlan 802.11i standardConfiguration Required Wireless Encryption DefaultsEncryption Type Client Support Default State MSS Default Encryption Configuring User Encryption WPA Encryption with Tkip Only WPA Encryption with Tkip and WEP Configuring WPA Configuring User Encryption Configuring WPA Lists the encryption support for WPA and non-WPA clients Encryption Support for WPA and Non-WPA ClientsEnabling WPA Creating a Service Profile for WPASpecifying the WPA Cipher Suites Set service-profile name tkip-mc-time wait-time Changing the Tkip Countermeasures Timer ValueEnabling PSK Authentication Set service-profile name auth-psk enable disableSet service-profile name psk-raw hex Set service-profile name auth-dot1x enable disableWPA settings appear at the bottom of the output Displaying WPA SettingsWX1200# display service-profile sp1 Set radio-profile name service-profile name WX1200# set service-profile rsn success change accepted Set service-profile name rsn-ie enable disableCcmp Assigning the Service Profile to Radios Enabling the Radios RSN settings appear at the bottom of the outputConfiguring WEP Encryption for Dynamic and Static WEP Traffic, use the following commands To set the value of a WEP key, use the following commandSet service-profile name wep key-index num key value Encryption Configuration Scenarios TkipEncryption Configuration Scenarios WX1200# set service-profile wpa-wep success change accepted 305 Clients WX1200# display aaa Default Values WX1200# display service-profile sp1 Save the configuration. Type the following command Configuring User Encryption Disabled for power configuration RF Auto-Tuning can perform the following tasksPower setting if needed RF Auto-TuningHow Channels Are Selected Power Tuning Channel TuningTuning the Transmit Data Rate Defaults for RF Auto-Tuning ParametersDefaults for RF Auto-Tuning Parameters Settings RF Auto-TuningChanging Changing the Channel Holddown Interval Changing the Channel Tuning IntervalEnabling Power Tuning Set radio-profile name auto-tune channel-interval secondsChanging the Maximum Default Power Allowed On a Radio Tuned SettingsChanging the Power Tuning Interval Channel or set ap dap radio tx-power command for each radioRadios in radio profile rp2 Displaying RF Auto-Tuning SettingsDisplaying Values of RF attributesWX# display ap config 2 radio WX# display ap configDisplay auto-tune Neighbors ap 2 radio CommandsWX1200# display auto-tune attributes ap 2 radio Configuring RF AUTO-TUNING Aeroscout Listeners Configuring MAP Radios to Listen for AeroScout Rfid Tags Using an AeroScout Engine StatusSelect Locate AeroScout Tag About QoS MSS and how to configure and manage themOptimized forwarding of wireless traffic for time-sensitive QoS ParametersSet service-profile cac-mode QoS Parameters Keepalives and timeouts for clients set service-profile QoS Feature Description Configuration CommandSet service-profile proxy-arp Set service-profile idle-client-probingOn page 332 shows how WX switches classify ingress traffic QoS on WX Switches-Classification of Ingress Packets QoS on WX Switches-Marking of Egress Packets Configuring Quality of Service WMM QoS Mode WMM Priority Mappings WMM QoS on the WX SwitchService Forwarding Type IP ToSDefault CoS-to-MAP-Forwarding-Queue Mappings CoS MAP Forwarding QueueWMM QoS in a 3Com Network MAP B receives the packet and does the following SVP QoS Mode To configure CAC, see Configuring Call Admission Control onWMM QoS Mode Set radio-profile name wmm-powersave enable disable Changing QoS SettingsSet radio-profile name qos-mode svp wmm Enabling CAC Set service-profile name cac-mode none sessionSet service-profile name cac-session max-sessions Changing the Maximum Number of Active SessionsSet service-profile name use-client-dscp enable disable To change CoS mappings, use the following commandsUsing the Client’s Dscp Value to Classify QoS Level Changing CoS MappingsDisplaying QoS Information Profile’s QoS Settings following commandWX1200# display radio-profile rp1 Displaying a Service This example, the QoS mode is WMMQoS Mode Wmm WX# display service-profile sp1 cac session Displaying the Default CoS MappingsDisplay service-profile name cac session WX1200# display qos defaultDisplay qos dscp-to-cos-map dscp-value Displaying a DSCP-to-CoS MappingDisplaying a CoS-to-DSCP Mapping Display qos cos-to-dscp-map cos-valueDisplay ap qos-stats apnumber clear Displaying MAP Forwarding Queue StatisticsWX1200# display qos dscp-table WX# display ap qos-statsConfiguring Quality of Service All network ports as untagged members of the same Vlan Loop in the topology and blocks one or more redundant pathsTree protocol PVST+ Separate instance of PVST+ on each tagged VlanSpanning Tree EnablingProtocol Port Priority Snmp Port Path Cost DefaultsPort Speed Link Type Default Port Path Cost Set spantree priority value all vlan vlan-idResetting the STP Port Cost to the Default Value Changing the STP Port CostChanging the STP Port Priority WX1200# clear spantree portcost 3-4 success change acceptedResetting the STP Port Priority to the Default Value To change the forwarding delay, use the following command To change the hello interval, use the following commandChanging the STP Forwarding Delay Changing the STP Hello IntervalConvergence FeaturesManaging STP Fast Changing the STP Maximum AgeSet spantree portfast port port-listenable disable Displaying Port Fast Convergence Information Configuring Backbone Fast ConvergenceThis example, backbone fast convergence is enabled Displaying Backbone Fast Convergence StateFast Convergence Displaying Spanning Tree InformationDisplaying Uplink Fast Convergence Information WX1200# display spantree vlan mauve Active optionDisplaying the STP Port Cost on a Vlan Basis Display spantree portvlancost port-listDisplay spantree statistics port-listvlan vlan-id WX1200# display spantree blockedports Vlan defaultDisplay spantree blockedports vlan vlan-id WX1200# display spantree statisticsInactive Counters again Enables STP on the Vlan to prevent loopsClearing STP Statistics Clear spantree statistics port-listvlan vlan-idWX1200# set vlan 10 name backbone port Set port enable Configuring and Managing Spanning Tree Protocol Disabling or Reenabling Igmp Snooping Traffic. Igmp snooping is enabled by defaultFeature on an individual Vlan basis IP address, the group addressReporting Changing Igmp TimersReenabling Proxy Pseudo-QuerierChanging Other-Querier Present Interval You can specify a value from 2 through 255. The default isChanging the Last Member Query Interval Set igmp mrsol enable disable vlan vlan-id Set igmp mrsol mrsi seconds vlan vlan-idDisplaying Multicast Configuration Information Statistics Displaying Multicast InformationDisplay igmp statistics vlan vlan-id Displaying Multicast Statistics OnlyClearing Multicast Statistics Clear igmp statistics vlan vlan-idDisplay igmp mrouter vlan vlan-id Display igmp querier vlan vlan-idDisplay igmp querier vlan orange WX1200# display igmp Mrouter vlan orangeIgmp receiver-table group 237.255.255.0/24 About Security Access Control ListsACL Commands Overview of SecuritySetting Security ACLs „ Vlan Traffic DirectionSecurity ACL CreatingCommitting a ACLWX1200# set security acl ip acl-1 permit 192.168.1.4 Set security acl ip acl-namepermit cos cos denyCommon IP Protocol Numbers Class of ServiceWildcard Masks Number ProtocolClass-of-Service CoS Packet Handling Common Icmp Message Types and Codes Icmp Message Type Number Icmp Message Code NumberSetting a TCP ACL Following command filters TCP packetsSetting a UDP ACL Following command filters UDP packetsWX1200# commit security acl acl-99 success change accepted Commit acl-99, type the following commandWX1200# commit security acl all success change accepted Viewing Committed Security ACLs Viewing the Edit BufferViewing Security ACL Details Displaying Security ACL Hits WX1200# display security acl hitsMapping Security ACLsTo map a security ACL to a user session, follow these steps WX1200# commit security acl acl-222 success change acceptedDisplaying ACL Maps to Ports, VLANs, and Virtual Ports WX1200# display security acl map Acl-999Clearing a Security ACL Map WX1200# display security acl map acljoeModifying a Security ACL Modifying a Security ACL WX1200# display security acl info To view the results, type the following commandSet security acl ip acl-111 hits #4 ACL edit-buffer table WX1200# rollback security acl acl-111 Filtering Based on Using ACLs toChange CoS Dscp ValuesUsing the dscp Option Using the precedence and tos OptionsLegacy Voice over Following commands perform the same CoS reassignment asPrioritization for Are forwarded to any 10.10.90.x address on Distributed MAPConfiguring and Managing Security Acls VoIP ServiceWX4400# set security acl ip voip permit any Known Limitations Commit the ACL to the configurationWX4400# commit security acl voip Configuring a Service Profile for RSN WPA2 Configuring a Service Profile for WPAConfiguring a Radio Profile Configuring a Vlan for Voice Clients Configuring an ACL to Prioritize Voice TrafficConfiguring and Managing Security Acls Forwarding Among RestrictingClient-To-Client IP-Only ClientsWX1200# commit security acl c2c Address, and how to map the ACL to a port and a userWX1200# set security acl ip c2c permit 0.0.0.0 WX1200# set security acl map c2c vlan vlan-1 OutTo save your configuration, type the following command Configuring and Managing Security Acls Certificates Managing Keys and Certificates About Keys and Certificates Managing Keys and Certificates Pkcs Object Files Supported by 3Com Generate key commandGenerate request command. Copy File Type Standard PurposeAutomatically CertificatesGenerated by MSS Creating Keys and Certificates File Type Steps Required Instructions Self-signed Procedures for Creating and Validating CertificatesFor Your Network more complex to use CertificateCrypto generate key admin domain eap ssh web 128 512 1024 # crypto generate key admin 1024 admin key pair generatedCrypto generate self-signed admin eap web # crypto generate self-signed admin Country Name USCrypto otp admin eap web one-time-password To enter the one-time password, use the following commandFilename is the location of the file on the WX switch Crypto pkcs12 admin eap web filename# crypto generate request admin Country Name US Crypto generate request admin eap webCrypto certificate admin eap web PEM-formatted # crypto ca-certificate admin Enter PEM-encoded certificate END Certificate# display crypto certificate admin Certificate Displaying Certificate and Key InformationObject files For SSH configuration information, see Managing SSH onKey and Certificate Generate self-signed certificatesWX1200# crypto generate self-signed web WX1200# display crypto certificate adminDisplay certificate information for verification WX1200# display crypto certificate eapWX1200# display crypto certificate web WX1200# crypto otp eap SeC%#6@o%d WX1200# crypto otp admin SeC%#6@o%cPkcs12 admin 2048admn.p12 WX1200# crypto otp web SeC%#6@o%eWX1200# crypto generate request admin CSR and a Pkcs #7 Object FileWX1200# crypto ca-certificate admin WX1200# crypto certificate adminWX1200# display crypto ca-certificate admin Authentication About AAA for Network UsersAuthentication Types MSS provides the following types of authenticationAuthentication Algorithm „ Web „ Last-resort „ NoneAuthentication Flowchart for Network Users Last-Resort Processing Ssid Name AnyUser Credential Requirements Configuring AAA for Network Users About AAA for Network Users Configuring AAA for Network Users AAA Tools for Network UsersWildcard Any for Ssid Matching AAA Rollover Process Local Override ExceptionRemote Authentication with Local Backup Shows the results of this combination of methods EAP Authentication Protocols for Local Processing EAP Type Description UseThree Basic WX Approaches to EAP Authentication Approach DescriptionAuthentication Last-Resort WebAAA Effects Authentication Type On Encryption MethodEncryption Available to Various Authentication Methods EapConfiguring 802.1X Authentication Success change accepted Configuring 802.1X Authentication Authentication Rule Requirements Set dot1x bonded-period seconds To set the Bonded Auth period, use the following commandBonded Auth Period Clear dot1x bonded-periodDisplay dot1x config Bonded Auth Configuration ExampleDisplaying Bonded Auth Configuration Information WX1200# set dot1x bonded-period 60 success change acceptedWX1200# display dot1x config Authorization by AuthenticationMAC Address Clear mac-user mac-address Clearing MAC Users and GroupsClear mac-user mac-addrgroup WX1200# clear mac-user 010f03040506 success change acceptedFor a complete list of authorization attributes, see on For example, to add the MAC user 000102030405 to Vlan redSet radius server server-nameauthor-password password How WebAAA Portal Works Display of the Login WX Switch Requirements WebAAAConfiguring Web Portal WebAAA Configuring AAA for Network Users Portal ACL and User ACLs Network Requirements WX Switch Recommendations„ Configure the NIC to use Dhcp to obtain its IP address Client NIC RequirementsWeb Portal WebAAA Configuration Example Configuring Web To configure Web Portal WebAAAPortal WebAAA Display the service profile to verify the changes Configure individual WebAAA usersDisplay the configuration WX1200# display configDisplay sessions network user user-glob Displaying Session Information for Web Portal WebAAA UsersWX4400# display sessions network ssid mycorp Configuring Web Portal WebAAA „ If the switch nonvolatile storage has a page in web named Copying and Modifying the Web LoginSave the modified Custom Login Page ScenarioMap a radio to the temporary radio profile and enable it Change the logoChange the greeting Change the warning statement if desiredVariables for Redirect URLs URLs variables you can include in a redirect URLValues for Literal Characters Add the last rule contained in portalacl Display security acl info acl-nameall editbufferPeriod Set service-profile name web-portal-acl aclnameCommit security acl Set service-profile name web-portal-session-timeout seconds Last-Resort Access WX1200# display service-profile last-resort-srvcprof 481 Configuring AAA for Users of Third-Party APs Process for Users of a Third-Party APRequirements Third-Party AP Requirements Radius Server Requirements Set authentication proxy ssid ssid-nameuser-glob Set authentication mac wired mac-addr-glob method1Set radius proxy port port-listtag tag-valuessid WX4400# set authentication mac wired aabbcc010101 srvrgrp1 WX4400# set authentication proxy ssid mycorp ** srvrgrp1Assigning AuthorizationAttributes Authentication Attributes for Local Users Start-date,end-date, or both Idle-timeoutAttribute Description Valid Values End-date Filter-idSession-timeout Attribute Description Valid Values Service-typeSsid Attribute Description Valid Values Start-date Time-of-dayAttribute Description Valid Values Url Or group in the local WX database and specify its valueVlan-name Set service-profile name attr attribute-name value Commands for Assigning a Security ACL Locally Assigning a Security ACL LocallyAssigning a Security ACL on a Radius Server Assigning and Clearing Encryption Types Locally Encryption-Type Encryption Algorithm Value AssignedAssigning and Clearing Encryption Types on a Radius Server Encryption Type Values and Associated AlgorithmsLocation Policy After RoamingVlan Assignment After Roaming from One WX to Another Vlan Assigned ByOverriding or Configuring AAA for Network Users Set location policy permit Set location policy deny ifWX1200# set location policy deny if user eq *.theirfirm.com Applying Security ACLs in a Location Policy Rule Displaying and Positioning Location Policy RulesWX1200 display location policy To delete a location policy rule, use the following commandClearing Location Policy Rules Disabling Clear location policy rule-numberUsers Wireless NetworkAccounting for Network resource usageWX1200# display accounting statistics User started on WX1200-0013User roamed to WX1200-0017 WX1200-0013#display accounting statisticsUser terminated the session on WX1200-0017 WX1200# display aaa WX switch and how to avoid them ProblemsConfiguration Order Avoiding AAAConfiguration Producing an Incorrect Processing Order Configuration for a Correct Processing OrderMobility Profile Name and identifying the accessible port or portsAccessing any MAP access ports, Distributed MAPs, or wired All of the ports or Distributed MAPsWX1200# display mobility-profile Mobility Profiles To remove a Mobility Profile, type the following commandClear mobility-profile name Network User NamePorts ========================= Tulip WX1200# set radius server r1 address 10.1.1.1 key sunny Save the configurationWX1200# set user Natasha password moon WX1200# set server group sg1 members r1WX1200# set user Natasha attr vlan-name red WX1200# set user Natasha attr session-timeoutWX1200 save config WX1200# set radius server r1 address 10.1.1.1 key starrySave the configuration Redirect bldga-prof-VLAN users to the Vlan bldgb-eng WX1200# display location policyConfiguring AAA for Network Users With Radius Wireless Client, MAP, WX Switch, and Radius Servers Radius Servers „ Timeout WX wait for a server response 5 secondsBefore You Begin „ Transmission attemptsWX switch uses to authenticate itself to the Radius server Clear radius deadtime key retransmit timeoutWX1200# set radius client system-ip success change accepted Configuring Individual Radius ServersWX1200# clear radius deadtime success change accepted Set radius server server-nameaddress ip-address key stringRadius Server Ordering Server Groups Radius servers, type the following commandSet server group group-namemembers server-name1 Enable load balancing by typing the following command Configuring Load BalancingTo configure load balancing, use the following command Set server group group-nameload-balance enableSet server group group-namemembers To remove a server group, type the following commandAdding Members to a Server Group Clear server group group-nameRadius and Server Configure Radius servers. Type the following commandsGroup Display the configuration. Type the following command Configuring Communication with Radius Ports On WiredManaging EnablingSet dot1x port-control Forceauth forceunauth auto port-list WX1200# clear dot1x port-control success change acceptedSet dot1x key-tx enable disable AuthenticationConfiguring Key Transmission Time Intervals Set dot1x tx-period secondsWX1200# clear dot1x tx-period success change accepted Retransmission Setting EAPAttempts Set dot1x reauth enable disable Enabling Disabling ReauthenticationSetting the Maximum Number Reauthentication Attempts Set dot1x reauth-max number-of-attemptsSet dot1x reauth-period seconds Setting Reauthentication PeriodWX1200# clear dot1x reauth-max success change accepted WX1200# set dot1x reauth-periodClear dot1x max-req Set dot1x quiet-period secondsSet dot1x timeout auth-server seconds Setting Timeout for an Authorization ServerType the following command to reset the timeout period Set dot1x timeout supplicant secondsDisplay dot1x clients stats config ConfigurationWX1200# display dot1x clients WX1200# display dot1x stats Managing 802.1X on the WX Switch About Soda Endpoint SecuritySoda Endpoint Security Support on WX Switches About Soda Endpoint Security Functionality tasks Configuring Soda Functionality Https//hostname/soda/ssid/xxx.html WX1200# install soda agent soda.ZIP agent-directory sp1 Install soda agent agent-fileagent-directory directoryWX1200# copy tftp//172.21.12.247/soda.ZIP soda.ZIP Set service-profile name soda mode enable disable Enabling Soda Functionality for the Service ProfileSet service-profile name enforce-checks enable disable Clear service-profile name soda success-page Set service-profile name soda success-pageSet service-profile name soda failure-page Set service-profile name soda remediation-acl acl-name Clear service-profile name soda failure-pageClear service-profile name soda remediation-acl Clear service-profile name soda logout-page Set service-profile name soda logout-pageSet ip https server enable Clear service-profile name soda agent-directory Uninstalling the Soda Agent Files from the WX SwitchSet service-profile name soda agent-directory directory Uninstall soda agent agent-directory directoryWX1200# uninstall soda agent agent-directory sp1 Configuring Soda Endpoint Security for a WX Switch Display sessions admin console telnet client Displaying Clearing Administrative SessionsClear sessions admin console telnet client session-id WX1200 display sessions admin Displaying Clearing All Administrative SessionsDisplaying Clearing an Administrative Console Session WX1200# clear sessions adminDisplaying Clearing Client Telnet Sessions Displaying Clearing Administrative Telnet SessionsWX1200 display sessions telnet Display sessions network Displaying Clearing Network SessionsWX1200# display sessions network Network Session to get more in-depth information Clear sessions network user user-glob Displaying Clearing Network Sessions by UsernameWX1200# display sessions network user E WX1200# clear sessions network user BobAddress set of MAC addresses, type the following command For example, to clear all sessions for MAC addressWX1200# clear sessions network vlan red Clear sessions network vlan vlan-globWX1200 display session network session-id Session-id command Session TimersChanging Network Changing or Disabling the User Idle Timeout To disable the user idle timeout, use the following commandAbout Rogues RF DetectionRogue Classification Rogue Detection Lists Rogue Detection Algorithm Dynamic Frequency Selection DFS Rogue Detection and Countermeasures Summary of Rogue lists the rogue detection features in MSS Detection FeaturesRogue Detection Features Countermeasures Set rfdetect vendor-list client ap mac-addr Clear rfdetect vendor-list client ap mac-addrallWX1200# display rfdetect ssid-list Total number of entries Set rfdetect ssid-list ssid-nameClear rfdetect ssid-list ssid-name Set rfdetect black-list mac-addr To display the client black list, use the following commandFollowing example shows the client black list on WX switch Rfdetect Black-listSet rfdetect attack-list mac-addr To display the attack list, use the following commandFollowing example shows the attack list on a switch Rfdetect Attack-listSet rfdetect ignore mac-addr To display the ignore list, use the following commandMac-addris the Bssid of the device you want to ignore Clear rfdetect ignore mac-addrCountermeasures Enabling Countermeasures Enabling MAP Reenabling ActiveScan SignaturesWXR100desk# set rfdetect ? Creating an Encrypted RF Fingerprint Key as MAP SignatureSet rfdetect signature key encrypted keyvalue WXR100desk# set rfdetect signature ?Enabling Rogue Reenabling LoggingRogues NotificationsIDS and DoS Alerts Rogue Detection and Countermeasures IDS and DoS Log Messages ExamplesMessage Type Example Log Message Client aabbccddeeff is sending rsvd mgmt frame D IDS and DoS Log Messages Displaying RF You can use the CLI commands listed in to display rogueRogue Detection Display Commands DetectionRogue Detection Display Commands Display rfdetect clients mac mac-addr WX# display rfdetect clientsDisplay rfdetect counters Detection Counters commandWX1200# display rfdetect counters Display rfdetect mobility-domain ssid ssid-namebssid Displaying Ssid or Bssid Information for a Mobility DomainWX1200# display rfdetect mobility-domain Displaying RF Detection Information WX1200# display rfdetect data Displaying the APs Detected by MAP RadioDisplay rfdetect data WX1200# display rfdetect visible ap RadioDisplay rfdetect countermeasures Displaying Countermeasures InformationWX# display rfdetect countermeasures Rogue Detection and Countermeasures Displaying Software About System FilesVersion Information WX# display version To also display MAP information, type the following commandWX# display version details To display boot information, type the following command BootWorking with Files Following command displays the files in the old subdirectory WX1200# dir fileURL can be one of the following WX1200# dir boot0WX1200# dir core „ boot0/filename „ boot1/filename WX1200# copy floor2wx tftp//10.1.1.1/floor2wxWX1200# copy tftp//10.1.1.107/wxb04102.rel boot1wxb04102.rel Md5 boot0 boot1filenameWX1200# md5 boot0wxb04102.rel To delete a file, use the following commandDelete url WX1200# mkdir corp2 success change accepted. WX1200# dir To remove subdirectory corp2, type the following exampleWX1200# rmdir corp2 success change accepted Configuration Files RunningWX1200# display config area vlan Save config filenameLoad config url WX1200# save config newconfigSet boot configuration-file filename WX1200# load config newconfigBackup boot configuration Backup.cfg Set boot backup-configuration filenameWX1200# clear boot backup-config Clear boot configSystem Managing System Files WX1200# backup system tftp/10.10.20.9/sysabak critical Upgrading Switch forUpgrade System ImageUpgrading an Individual Switch Using the CLI Reset system forceWX1200# copy tftp//172.16.0.10/WX040101.20 boot1WX040100.20 Upgrade ScenarioWX1200# backup system tftp//172.16.0.10/sysabak WX1200# reset systemTroubleshooting a WX Setup Problems and Remedies WX Setup Problems and Remedies Type the save configSystem When RecoveringEnable Password Is LostComponents System LogLog Message LevelsSystem Log Destinations and Defaults Event Severity LevelsClear log buffer trace Display log buffer traceClear log server ip-addr Logging to the Log Buffer WX1200# display log buffer severity errorSet log buffer severity severity-level To disable console logging, type the following command To clear the buffer, type the following commandLogging to the Console Logging Messages to a Syslog Server Setting Telnet Session DefaultsSet log sessions severity severity-levelenable For information on severity levels, see onTo disable trace logging, use the following command To disable session logging, use the following commandChanging the Current Telnet Session Defaults Logging to the Trace BufferDisplaying the Log Configuration Saving Trace Messages in a FileTracing Authentication Activity Using the TraceCommand Tracing Session Manager ActivityWX1200# display trace Tracing Authorization ActivityTracing 802.1X Sessions Clear trace all trace areaWX1200# display log trace severity error WX1200# display log trace facility WX1200# set trace ?For more information about Vlan interfaces, see Configuring Using displayCommands InterfacesDatabase FDB information, type the following command Requirements Configuring PortPort Mirroring MirroringRemotely Monitoring TrafficRemote Traffic MonitoringWX1200# set snoop snoop1 observer 10.10.30.2 snap-length Editing a Snoop Filter Displaying Configured Snoop FiltersTo delete a snoop filter, use the following command Deleting a Snoop FilterDisplaying the Snoop Filter Mappings for All Radios Following command shows the mapping for snoop filter snoop1Displaying the Snoop Filters Mapped to a Radio Removing Snoop Filter MappingsFollowing command shows statistics for snoop filter snoop1 Filter operates until you manually disable itFollowing command enables snoop filter snoop1 Preparing an Observer Capturing TrafficSet snoop filter-nameall mode enable disable Sending it to Capturing SystemTechnical Support Corenetsys.core.217.tar Corenetsys.core.217.tar Support WEB View System RequirementsLogging Into Web View Attributes VSAs, listed in on 3Com Mobility System Software MSS supports the standardOn page 652. Also supported are 3Com vendor-specific StatedRcv Sent Access Acct Attribute Type Resp? Reqst? Description Supported Standard Extended AttributesSupported Standard and Extended Attributes Filter-id inboundacl.in Filter-id outboundacl.outDisplayed, they must NAS Radius Acct-Output Yes Vendor-Specific 3ComUsers, on 3Com VSAs YY/MM/DD-HHMMTraffic Ports Used by MSS Protocol Port FunctionIP/ICMP Dhcp Server Chapter E Dhcp Server Set ip dns server command Set interface dhcp-server command’s primary-dnsDhcp Server Server Information Displaying DhcpDisplayed instead Register Your Service BenefitsSolve Problems Online Product to GainPurchase Extended WarrantyAccess Software ProfessionalCountry Telephone Number Latin America Telephone Technical Support and Repair US and Canada Telephone Technical Support and RepairGlossary GHz and data rates of up to 54 Mbps Radio that can receive and transmit signals at Ieee 802.11b802.11a 802.11bSee ACE See security ACLAES BSS CCI BssidCBC-MAC CcmpCPC ChapCRC CSR DES DhcpDynamic Host See Dhcp Configuration Protocol EAP EAP-TLSEtsi ESSFCC Fhss FDBGbic GTK GMKHmac IAS HpovHttps ICVInformation element Igmp snoopingIndustry Canada InfrastructureLawn ISLISO LdapMAC MAP MD5Mpdu MICMS-CHAP-V2 MTU MsduMSS NATPIM PeapPEM PkcsPMK Prng PRFPSK PTK PVST+RC4 RSN RSARssi SSH SHASIP SsidSSL STPTLV TLSTtls NII VlanWatch list Vlan globVSA Web ViewWEP WPA WispWlan WPA IEGlossary Glossary Index NumbersSessions, clearing 557 sessions, displaying Cipher suites, RSN enabling ARP Index Index See also MAC addresses MAC addresses Names Https Radius Repair support, Europe, Middle East, and Africa Configuring 717Seed, Mobility Domain configuring 154 defined STP Index Usernames Invalid certificate Case-sensitive Index Command Index Clear summertime Load config 61 Md5 606 mkdir Monitor port counters Command Index Set radius proxy port 729Command Index
Related manuals
Manual 198 pages 38.27 Kb

WX1200 3CRWX120695A, WX4400 3CRWX440095A, WXR100 3CRWXR10095A, WX2200 3CRWX220095A specifications

The 3Com WX2200 (3CRWX220095A), WX4400 (3CRWX440095A), WX1200 (3CRWX120695A), and WXR100 (3CRWXR10095A) are part of a robust suite of wireless networking solutions offered by 3Com, designed to meet the needs of modern enterprise environments. These devices provide reliable connectivity, flexibility, and scalability, making them ideal for businesses of all sizes.

The 3Com WX2200 is a high-performance wireless switch that supports up to 64 access points, making it suitable for medium to large deployments. It boasts advanced features such as dynamic RF management, which optimizes channel selection and power levels based on real-time network conditions. This ensures maximum coverage and minimizes interference, leading to improved user experiences. Additionally, it supports dual-band operation and can seamlessly integrate with various wireless access points, providing enhanced throughput and robust performance.

The WX4400 is designed for high-density environments and offers extensive scalability. It supports up to 128 access points and is equipped with advanced security features, including WPA2 enterprise encryption and role-based access control. This switch also features intelligent load balancing, allowing it to dynamically distribute user traffic across available access points, thus enhancing overall network efficiency.

The WX1200, positioned as an entry-level solution, is well-suited for small to medium-sized businesses. It offers a user-friendly management interface, allowing IT staff to quickly configure and monitor the network. This device supports a variety of deployment scenarios and can be easily integrated into existing infrastructure. It also comes equipped with essential security features to protect the network from unauthorized access.

The WXR100 complements the series by providing simplified management for access points, ensuring that businesses can easily deploy and maintain their wireless networks. It supports various management protocols and integrates with a variety of third-party systems, enhancing inter-operability. With Power over Ethernet (PoE) support, the WXR100 can deliver power to connected access points, reducing the complexity and costs associated with additional power infrastructure.

Together, these solutions embody 3Com's commitment to delivering high-quality networking products that enhance connectivity and performance. With features such as scalability, advanced security, dynamic load balancing, and centralized management, the WX2200, WX4400, WX1200, and WXR100 form a comprehensive wireless networking ecosystem tailored for today’s enterprise challenges.
Top Page Image Contents