Manuals / Enterasys Networks / Computer Equipment / Network Router

Enterasys Networks RBT-4102 manual

Models: RBT-4102

1 168

Download 168 pages 49.88 Kb

Page 121

Security

If you specify RADIUS MAC for this default interface or VAP, you must specify the following parameters:

–MAC Authentication Password specifies the authentication password this radio interface or VAP sends to the RADIUS server to authenticate MAC addresses.

–MAC Authentication Session Timeout specifies the amount of time after which you want a MAC authentication session to timeout between the AP and the RADIUS server.

If you specify Local MAC for this default interface or VAP, you must specify Local MAC Authentication settings that configure the local MAC authentication database. The MAC database provides a mechanism to take certain actions based on a wireless client’s MAC address. You can configure The MAC list can be configured to allow or deny network access to specific clients.

–System Default specifies a default action for all unknown MAC addresses (that is, those not listed in the local MAC database).

‐Deny blocks access for all MAC addresses except those listed in the local database as “Allow”.

‐Allow permits access for all MAC addresses except those listed in the local database as “Deny”.

–Local MAC Filter Settings adds MAC addresses and permissions into the local MAC database.

‐MAC Address is the physical address of a client. Enter six pairs of hexadecimal digits separated by hyphens; for example, 00‐01‐F4‐12‐AB‐89.

‐Permission specifies whether to allow or deny access to this MAC address. Allow permits access; Deny blocks access; Delete removes the specified MAC address entry from the database.

‐Update enters the specified MAC address and permission setting into the local database.

‐MAC Authentication Table displays current entries in the local MAC database.

RoamAbout RBT-4102 Wireless Access Point Configuration Guide 4-85

Image 121

Enterasys Networks RBT-4102 manual

Contents

Wireless Networking RBT-4102 Wireless Access Point Configuration GuideEnterasys RoamAbout Page Enterasys Networks, Inc 50 Minuteman Road Andover, MA BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT Enterasys Networks, Inc. Firmware License AgreementCAREFULLY READ THIS LICENSE AGREEMENT You and Enterasys agree as follows5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program i was developed solely at private expense ii contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 a through d of the Commercial Computer Software‐Restricted Rights Clause and its successors, and iii in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein 11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement 4. TITLE AND PROPRIETARY RIGHTS Enterasys Networks, Inc. Software License Agreementto Enterasys 12. GENERAL viii Chapter 2 Network Configuration ContentsChapter 3 Initial Configuration Chapter 4 Advanced ConfigurationFilter Control and VLANs Appendix B Troubleshooting Appendix A Default SettingsIndex Page Purpose of This Manual PrefaceIntended Audience Firmware Version SupportConvention Getting HelpDescription Overview IntroductionPolicy FeaturesApplications 1-4 Introduction ApplicationsOverview Network ConfigurationNetwork Topologies Figure 2-1 Ad Hoc Wireless LANAd Hoc Wireless LAN no Access Point or Bridge Figure 2-2 Infrastructure Wireless LAN Infrastructure Wireless LANFigure 2-3 Infrastructure Wireless LAN for Roaming Infrastructure Wireless LAN for Roaming Wireless PCsFigure 2-4 Infrastructure Wireless Bridge Infrastructure Wireless BridgeNetwork Topologies 2-6 Network ConfigurationInitial Setup Using the CLI Initial ConfigurationRequired Connections OverviewLogging In c. Reboot the RoamAbout RBT‐4102 Using Web Management If applicable, the County Code page appears, go to step d. Click OK The access point reboots, and the Login window appears 4. Enter the following information, and click Apply d. Click Apply at the bottom of the page h. Click OK The access point reboots c. Specify a new password in the Password field Using the Web Interface Advanced ConfigurationUsing the Command Line Interface CLI Table 4-1 Advanced ConfigurationMenu Table 4-1 Advanced Configuration continuedDescription PageIdentification Using Web Management to Configure System InformationUsing the CLI to Configure System Information TCP / IP Settings Using Web Management to Configure TCP/IP The access point only supports SSH version TCP/IP Configuration Using the CLI to Configure TCP/IPExample Ethernet Settings Configuration SSH ConfigurationExample ExampleTCP / IP Settings Auto Negotiate Disable Speed-duplexAdmin 100Base-TX Full Duplex4-10 Advanced Configuration Speed-duplexOper 100Base-TX Full DuplexRADIUS Using Web Management to Configure RADIUS RADIUS Accounting Attribute Table 4-2 RADIUS AttributesRADIUS Accounting enables or disables the AP to send RADIUS accounting information for clients to the RADIUS accounting server. Default Disable DescriptionTable 4-2 RADIUS Attributes continued Using the CLI to Configure RADIUSExample RADIUS Accounting AttributeAuthentication Using Web Management to Configure Authentication Example Using the CLI to Configure AuthenticationFilter Control and VLANs Using Web Management to Configure Filter Control and VLANsIBSS Relay Control, in conjunction with radio interface and Virtual AP VAP IBSS settings, controls whether clients associated with an interface or VAP can establish wireless communications with clients associated with other interfaces or VAPs. Default All VAP mode CLI Commands for VLAN Support Using the CLI to Configure Filter Control and VLANsExample Page Example CLI Commands for FilteringExample SVP CommandsUsing Web Management to Configure CDP CDP SettingsGlobal Status Port Status Disable ‐ disables this AP from using CDP Example Using the CLI to Configure CDPRogue AP Detection Using Web Management to Configure Rogue AP DetectionExample Using the CLI to Configure Rogue AP Detection802.11a Rogue AP Status SNMP Using Web Management to Configure SNMPNotification Table 4-3 SNMP NotificationsSNMP allows you to enable or disable SNMP management access and also enables the access point to send SNMP traps notifications. SNMP management is enabled by default DescriptionTable 4-3 SNMP Notifications continued User specifies string to identify an SNMP user. 32 characters maximum Security LevelSNMP Filter SNMP TargetsIP Address is the IP address of the user CLI Commands for SNMP Using the CLI to Configure SNMPExamples Examples CLI Commands for Configuring SNMPv3 Users and GroupsPassphrase PrivType DES Passphrase RoamAbout RBT-4102 Wireless Access Point Configuration Guide============================================= RoamAbout 4102#show snmp group-assignments GroupName TPSCLI Commands for Configuring SNMPv3 Trap Filters CLI Commands for Configuring SNMPv3 TargetsExample ExampleChanging the Password AdministrationUsing Web Management to Change the Password Using Web Management to Enable and Disable Com Port Using the CLI to Change the PasswordUsing the CLI to Enable and Disable Com Port Enabling and Disabling Com PortUpgrading Firmware Using Web Management to Upgrade Firmware Example Using the CLI to Upgrade FirmwareSystem Log Using Web Management to Configure System LogTable 4-4 Logging Level Descriptions Error LevelLogging Level sets the severity level for event logging DescriptionExamples Using the CLI to Configure System LogUsing Web Management to Configure SNTP Examples Using the CLI to Configure SNTP4-50 Advanced Configuration WDS and STPWDS and STP RoamAbout RBT-4102 Wireless Access Point Configuration Guide Using Web Management to Configure WDS and STPSelect WDS & STP from the menu WDS and STPBridge enables/disables STP on the wireless bridge. Default Disabled ‐ Range 0‐65535 ‐ Default Examples Using the CLI to Configure WDSExample Example Using the CLI to Configure STPRadio Interface Radio Signal CharacteristicsUsing Web Management to Configure Interface Radio Settings Radio SettingsNumber Table 4-5 VLAN ID RADIUS AttributesRADIUS Attribute ValueNote The Antenna ID must be selected in conjunction with the Antenna Control Method to configure proper use of any of the antenna options Default 802.11b and 802.11g faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames. Range 1‐255 beacons Default 2 beacons Example Using the CLI to Configure the 802.11a Interface Radio SettingsSet any other parameters as required Quality of Service Authentication ParametersExample 802.11 ParametersAdmission Control No Example Using the CLI to Configure the 802.11b/g Interface Radio SettingsQuality of Service Authentication ParametersExample Radio Interface Table 4-6 WMM Access Categories Wi-Fi Multimedia WMM ConfigurationAccess WMM OperationFigure 4-1 WMM Backoff Wait times Using Web Management to Configure WMMExamples Using the CLI to Configure WMMSecurity AntennaAdmission Control No Using Web Management to Configure Virtual APs Virtual APs VAPs ConfigurationRadio Interface 4-74 Advanced ConfigurationExamples Using the CLI to Configure Virtual APs802.11 Parameters To view VAP settings, use the show interface wireless ag vap# commandAdmission Control No Table 4-7 Security Mechanisms SecuritySecurity MechanismUsing Web Management to Configure Security Settings Wired Equivalent Privacy WEPKey Len specifies whether to use 64, 128 or 152 bit keys Security RoamAbout RBT-4102 Wireless Access Point Configuration GuideTo use Pre‐Authentication, you must have the following AuthenticationHexadecimal uses a key made up of a string of 64 hexadecimal numbers 802.1x AuthenticationThe 802.1x EAP packets are also used to pass dynamic unicast session keys and static broadcast keys to wireless clients. Session keys are unique to each client and are used to encrypt and correlate traffic passing between a specific client and the access point. You can also enable broadcast key rotation, so the access point provides a dynamic broadcast key and changes it at a specified interval If you specify RADIUS MAC for this default interface or VAP, you must specify the following parameters Using the CLI to Configure WPA over 802.1X Security Using the CLI to Configure WPA Pre-Shared KeyExample ExampleAuthentication Parameters g commandQuality of Service ExampleAC1Background Examples Using the CLI to Configure Local MAC AuthenticationIndex MAC Address 4-90 Advanced ConfigurationStatus 802.11aExamples Using the CLI to Configure RADIUS MAC AuthenticationExample Examples Using the CLI to Configure WEP Shared Key SecurityPage Examples Using the CLI to Configure WEP over 802.1x SecurityWPA Key Mgmt Mode Examples Using the CLI to Configure WPA2 SecurityWPA PSK Key Type Examples Using the CLI to Configure WPA2 Pre-Shared Key SecurityExamples Multicast cipher Table 4-8 Status Status InformationStatus information is described in Table 4‐8 Menu4-102 Advanced Configuration Using Web Management to View AP StatusSelect AP Status from the menu Status InformationSystem Up Time is the length of time the management agent has been up Examples Using the CLI to Display AP StatusUsing Web Management to View CDP Status Example Using the CLI to Display CDP StatusRoamAbout RBT-4102 Wireless Access Point Configuration Guide Using Web Management to View Station StatusStatus Information Station Address is the MAC address of the wireless client Using Web Management to View Neighbor AP Detection Status Example Using the CLI to View Neighbor AP Detection StatusForward Transitions Using Web Management to View WDS-STP Statusshow bridge Using the CLI to View WDS-STP StatusExample Child Status show bridge linkExample Example Root Bridge StatusUsing Web Management to View Event Logs From the global configuration mode, use the show logging command Using the CLI to View Event Logscommand from the Executive mode. clear command from the Global ExamplesStatus Information RoamAbout RBT-4102 Wireless Access Point Configuration GuideStatus Information 4-118 Advanced ConfigurationFeature Default SettingsDefault ParameterDefault FeatureA-2 Default Settings ParameterDefault FeatureRoamAbout RBT-4102 Wireless Access Point Configuration Guide A-3 ParameterDefault FeatureA-4 Default Settings ParameterDefault FeatureRoamAbout RBT-4102 Wireless Access Point Configuration Guide A-5 ParameterDefault FeatureA-6 Default Settings ParameterTroubleshooting Steps Troubleshooting4. If you forgot or lost the password Table B-2 802.11b Wireless Distance Speed and Distance Ranges1 Table B-1 802.11a Wireless Distance Speed and Distance Ranges1Table B-3 802.11g Wireless Distance Table Speed and Distance Ranges1 Maximum Distance TablesMaximum Distance Tables B-4 TroubleshootingNumerics IndexCLI 4-28 detection WDS 4-50 bridge 4-52 CLI Index-4