Avaya AP-4, AP-5, AP-6

Security

Avaya Wireles s AP-4/5/6 Us er’s Guide 4 -123

Prior to successful authentication, an unauthenticated client PC cannot

send any data traffic through the AP device to other systems on the LAN.

The AP inhibits all data traffic from a particular client PC until the client PC

is authenticated. Regardless of its authentication status, a client PC can

always exchange 802.1x messages in the clear with the AP (the client

begins encrypting data after it has been authenticated).

Figure 4-16. RADIUS Authentication Illustrated

The AP acts as a pass-through device to facilitate communications

between the client PC and the RADIUS server. The AP (2) and the client

(1) exchange 802.1x messages using an EAPOL (EAP Over LAN)

protocol (A). Messages sent from the client station are encapsulated by

the AP and transmitted to the RADIUS (3) server using EAP extensions

(B).

Contents

Main Page Page Page Page Page AP-4/5/6 Users Guide Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 3 Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 4 Advanced Configuration . . . . . . . . . . . . . . . . . . . . . . . 4-1 Page 5 Monitor Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 6 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 7 Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Page Page Page Page B ASCII Character Chart. . . . . . . . . . . . . . . . . . . . . . . . . B-1 C Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C-1 Page Page Page Introduction to Wireless Networking Site Survey Guidelines for Roaming Wireless Standard Support Network Names Security Settings Cell Coverage Data Rates Channels IEEE 802.11 Specifications 802.11b 802.11a 802.11g Management and Monitoring Capabilities HTTP/HTTPS Interface Command Line Interface How To Access the CLI SNMP Management SNMPv3 Secure Management Page Page Page Page Page Product Package MiniPCI Upgrade Kits System Requirements Hardware Installation Page Page Page Page Page Page Page Page Page Initialization ScanTool Default IP Address ScanTool Instructions Page Page Page Page Page Page Setup Wizard Setup Wizard Instructions Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Download the Latest Software Setup your TFTP Server Download Updates from a TFTP Server using the Web Interface Download Updates from a TFTP Server using the CLI Interface Additional Hardware Features Mounting Options Desktop Mount Wall Mount Page Page Page Ceiling Mount Page Installing the AP in a Plenum Kensington Security Slot Page Power over Ethernet LED Indicators 1 of 3 2 of 3 3 of 3 Figure 2-15. LED Indicators Illustrated Related Topics Page Page Page Page Page Page Page Advanced Configuration Configuring the AP Using the HTTP/HTTPS Interface Page Page System Dynamic DNS Support Access Point System Naming Convention Page Network IP Configuration Basic IP Parameters DNS Client Advanced DHCP Server Page Page Page Page Link Integrity Page Page Interfaces Page Page Wireless (802.11a) Page Page Page Dynamic Frequency Selection (DFS) RTS/CTS Medium Reservation Page Wireless (802.11b) Page Page Page Page Page Page Page Page Distance Between APs Coverage Page Multicast Rate Page Wireless (802.11b/g) Page Page Page Page Page Page Page Page Page Page Page Page Page Wireless Distribution System (WDS) Page Bridging WDS WDS Setup Procedure Page Ethernet Management Passwords Page IP Access Table Services Secure Management SNMP Settings HTTP Access Page Configuring Secure Socket Layer (SSL) Accessing the AP through the HTTPS interface Telnet Configuration Settings Page Serial Configuration Settings Automatic Configuration Set up Automatic Configuration for Static IP Page Set up Automatic Configuration for Dynamic IP Page Page Filtering Ethernet Protocol Page Static MAC Page Example Page Page Static MAC Filter Examples Prevent Two Specific Devices from Communicating Prevent Multiple Wireless Devices From Communicating With a Single Wired Device Page Prevent Messages Destined for a Specific Multicast Group from Being Forwarded to the Wireless LAN Advanced TCP/UDP Port Adding TCP/UDP Port Filters Editing TCP/UDP Port Filters Alarms Groups Page Page Page Page Page Page Page Page Page Severity Levels Alarm Host Table Add an Entry or Enable the AP Page Page Setting Syslog Event Notifications Configuring Syslog Event Notifications Bridge Spanning Tree Storm Threshold Intra BSS Packet Forwarding Configuring Interfaces for Packet Forwarding Security Authentication and Encryption Modes WEP Encryption 802.1x Authentication Page Authentication Process Page Wi-Fi Protected Access (WPA) Page Page Configuring Security Settings Page Page Authentication Protocol Hierarchy SSID, VLAN, and Security Modes VLAN Overview Page Page Page VLAN Workgroups and Traffic Management Traffic Management Typical User VLAN Configurations Configure Multiple SSID/VLAN/Security Mode Entries Page Page Page Page Enable WEP Encryption Enable 802.1x Security Enable Mixed Mode (802.1x and WEP Encryption) Enable WPA Mode Enable WPA-PSK Mode Typical VLAN Management Configurations Control Access to the AP Provide Access to a Wireless Host in the Same Workgroup Disable VLAN Management MAC Access Page Page Page RAD Configuration Requirements Page Configuring RAD Page RADIUS MAC Access Control by Means of RADIUS Authentication Page Page Page Page RADIUS Authentication with 802.1x Page Page RADIUS Accounting Session Length Configuring RADIUS Accounting Page Page Page Page Page Monitor Information Logging into the HTTP Interface Page Page Page Version Page Page Page Page Page Page Page Page Link Test Page Page Page Page Station Statistics Enabling and Viewing Station Statistics Refreshing Station Statistics Page Description of Station Statistics Page Page Commands Logging into the HTTP Interface Page Page Introduction to File Transfer via TFTP or HTTP TFTP File Transfer Guidelines HTTP File Transfer Guidelines Image Error Checking during File Transfer Update AP by Using TFTP Page Page Page Page Page Upload File by Using TFTP Page Upload File by Using HTTP Page Page Page Page Reset Help Link Page Page Page Troubleshooting Concepts Symptoms and Solutions Ethernet Link Does Not Work Page AP Has Incorrect IP Address HTTP (browser) or Telnet Interface Does Not Work HTML Help Files Do Not Appear Telnet CLI Does Not Work Page Page VLAN Operation Issues Verifying Proper Operation of the VLAN Feature Page Power over Ethernet (PoE) The AP Does Not Work There Is No Data Link Overload Indications Recovery Procedures Reset to Factory Default Procedure Page Forced Reload Procedure Download a New Image Using ScanTool Preparing to Download the AP Image Download Procedure Page Download a New Image Using the Bootloader CLI Preparing to Download the AP Image Download Procedure Page Recovery Procedures 7. Enter only the following statements: Example: Page Initializing the IP Address using CLI Page Page Related Applications RADIUS Authentication Server TFTP Server Page Page A Page General Notes Prerequisite Skills and Knowledge Notation Conventions Important Terminology Page Navigation and Special Keys CLI Error Messages Bootloader CLI Page Page CLI Conventions Command Conventions Page Entering Text Strings CLI Help The Question Mark Example 1. Displaying the command list Page Page Example 3b. Displaying parameters based on letter sequence Example 4. Displaying prompts for successive parameters The Help Command Page Accessing the AP CLI Using HyperTerminal to Log in to the AP Using Telnet to Log in to the AP Page CLI Commands Page Example: exit help Syntax: Page history passwd Page Page Page Examples Set the Access Point IP Address Parameter Create a table entry or row Modify a table entry or row Enable, Disable, or Delete a table entry or row show Syntax Examples Show Group Parameters Show Individual and Table Parameters upload Syntax: Example: Parameter Tables Auto Configuration Commands Auto Configuration Commands Auto Configuration Parameters DHCP Server Commands DHCP Server Commands DHCP Server Parameters DHCP Server Commands IP Address Pool Parameters Page DNS Client Commands DNS Client Commands DNS Client for RADIUS Name Resolution Page Ethernet Interface Commands Ethernet Interface Commands Ethernet Interface Parameters Ethernet Interface Commands Filtering Commands Ethernet Protocol Filtering Parameters Identify the different filters by using the table index. Ethernet Protocol Filtering Table Parameters Static MAC Address Filter Table Proxy ARP Parameters IP ARP Filtering Parameters Broadcast Filtering Table TCP/UDP Port Filtering The following parameters are used to enable/disable the Port filter feature. The following parameters are used to configure TCP/UDP Port filters. TCP/UDP Port Filtering Table Page Page HTTP and HTTPS Commands HTTP and HTTPS Commands HTTP (Web browser) Parameters Change HTTP Interface Password Set TCP Port Configure Secure Socket Layer (HTTPS) IAPP Commands IAPP Commands IAPP Parameters Intra BSS Commands Intra BSS Commands Intra BSS Parameters Syntax Example Inventory Management Commands Inventory Management Parameters IP Access Table Commands IP Access Table Parameters IP Access Table Commands Edit Management IP Access Table IP Commands IP Commands IP Configuration Parameters The IP Subnet Mask of the AP must match your networks Subnet Mask. Link Integrity Commands Link Integrity Parameters IP Target Table Parameters Page MAC Access Control Commands MAC Access Control Commands MAC Access Control Parameters MAC Access Control Table Parameters MAC Access Control Commands Setup MAC (Address) Access Control Add an Entry to the MAC Access Control Table Disable or Delete an Entry in the MAC Access Control Table Monitoring Parameters Packet Forwarding Commands Packet Forwarding Commands Packet Forwarding Parameters RAD Commands RAD Commands Rogue Access Point Detection (RAD) Parameters Figure A-14. Results of show rad CLI command RADIUS Commands General RADIUS Parameters RADIUS Authentication Parameters Use a server name only if you have enabled the DNS Client functionality. See DNS Client Commands. Page RADIUS Accounting Parameters Use a server name only if you have enabled the DNS Client functionality. See DNS Client Commands. Configure RADIUS Authentication server Page Page Page Page Serial Port Commands Serial Port Parameters SNMP Commands SNMP Commands SNMP Trap Host Table Parameters SNMP Commands Change SNMP Passwords Choose from the following values: Spanning Tree Commands Spanning Tree Commands Spanning Tree Parameters Spanning Tree Commands Spanning Tree Priority and Path Cost Table SpectraLink VoIP Commands SpectraLink VoIP Parameters (802.11b and bg Modes Only) Storm Threshold Commands Storm Threshold Commands Storm Threshold Parameters Storm Threshold Table Syslog Commands Syslog Commands Syslog Parameters The following parameters configure the Syslog settings. Page Syslog Commands Syslog Host Table Parameters System Information Commands System Information Commands System Parameters System Information Commands Telnet Commands Figure A-19. Result of show system CLI Command Tel net Co mma nds Telnet Parameters Telnet Commands Choose from the following values: TFTP Commands TFTP Commands Download an AP Configuration File from a TFTP Server First start your TFTP program. It must be running and configured to transmit and receive. address are correct) Backup your AP Configuration File to a TFTP Server WDS Commands WDS Commands Wireless Distribution System (WDS) Parameters The WDS Security Table manages WDS related security objects. Wireless Distribution System (WDS) Security Table Parameters 802.11a Wireless Interface Commands 802.11a Wireless Interface Commands 802.11a Parameters 802.11a Wireless Interface Commands Page Page Autochannel Select (ACS) Enable/Disable Closed System 802.11b Wireless Interface Commands 802.11b Parameters Page Page Page Autochannel Select (ACS) Enable/Disable Closed System Page Set the Multicast Rate (802.11b Only) 802.11b/g Wireless Interface Commands 802.11b/g Parameters Page Page Network Name (SSID) For results of the show wif command, see Figure A-20. Page Page Wireless Interface SSID/VLAN/Security Commands Wireless Interface SSID Table Parameters Page Wireless Interface SSID/VLAN/Security Commands To display the supported security modes on the wireless interfaces, use the following command: Page VLAN/SSID Pair Commands VLAN/SSID Parameters VLAN/SSID Pair Commands VLAN ID Table Page Page B ASCII Character Chart Description Description C Number of Stations per BSS Management Functions Advanced Bridging Functions Medium Access Control (MAC) Functions Security Functions Page Network Functions Advanced Wireless Functions Hardware Specifications Page Power over Ethernet Interface HTTP Interface Radio Specifications 802.11a Channel Frequencies Page 802.11b Channel Frequencies Page 802.11g Channel Frequencies Page Wireless Communication Range AP-4 802.11b Wireless Communication Ranges AP-5 802.11a Wireless Communication Ranges AP-6 802.11 b/g Wireless Communication Ranges Page D Technical Support Before You Seek Help