SMC Networks SMC2555W-AG 5-51

Radio Interface

5-51

The security mechanisms that may be employed depend on the

level of security required, the network and management

resources available, and the software support provided on

wireless clients. A summary of wireless security considerations is

listed in the following table.

Note: Although a WEP static key is not needed for WEP over 802.1x,

WPA over 802.1x, and WPA PSK modes, you must enable WEP

encryption through the web or CLI in order to enable all types of

encryption in the access point.

Security

Mechanism Client

Support Implementation Considerations

WEP Built-in support on all

802.11a, 802.11b and

802.11g devices

• Provides only weak security

• Requires manual key management

WEP over

802.1x Requires 802.1x client

support in system or by

add-in software

(native support provided

in Windows XP)

• Provides dynamic key rotation for

improved WEP security

• Requires configured RADIUS server

• 802.1x EAP type may require

management of digital certificates for

clients and server

MAC Address

Filtering Uses the MAC address

of client network card • Provides only weak user

authentication

• Management of authorized MAC

addresses

• Can be combined with other methods

for improved security

• Optionally configured RADIUS server

WPA over

802.1x mode Requires WPA-enabled

system and network

card driver

(native support provided

in Windows XP)

• Prov ides robust security in WPA-only

mode (i.e., WPA clients only)

• Offers support for legacy WEP clients,

but with increased security risk (i.e.,

WEP authentication keys disabled)

• Requires configured RADIUS server

• 802.1x EAP type may require

management of digital certificates for

clients and server

WPA PSK

mode Requires WPA-enabled

system and network

card driver

(native support provided

in Windows XP)

• Provides good secur ity in small

networks

• Requires manual management of

pre-shared key

Contents

Main Page Page Copyright i LIMITED WARRANTY LIMITED WARRANTY ii iii C Federal Communication Commission Interference Statement IMPORTANT NOTE: FCC Radiation Exposure Statement Wireless 2.4 Ghz and 5 GHz Band Statements: Page v EC Conformance Declaration Countries of Operation & Conditions of Use in the European vi vii Operation Using 5 GHz Channels in the European Declaration of Conformity in Languages of the European viii ix Safety Compliance Power Cord Safety x xi Veuillez lire fond l'information de la scurit suivante avant d'installer le Switch: xii xiii Page T C OF ABLE C xvi 6 Command Line Interface . . . . . . . . . . . . . . . . . . . 6-1 C xvii C xviii Page Page 1-1 Chapter 1 Introduction 1-2 Package Checklist Hardware Description 1-3 Hardware Description Rear Panel Front Panel 1-4 Component Description Hardware Description 1-5 1-6 Features and Benefits 1-7 Features and Benefits 1-8 Applications 1-9 System Defaults 1-10 1-11 1-12 1-13 Page 2-1 Chapter 2 Hardware Installation Hardware Installation Bracket Back of Access Point 2-2 Hardware Installation 2-3 Page 3-1 Chapter 3 Network Configuration Network Topologies Network Topologies 3-3 Infrastructure Wireless LAN Page Network Topologies 3-5 Page 4-1 Chapter 4 Initial Configuration Initial Setup through the CLI Required Connections 4-2 Initial Setup through the CLI 4-3 Initial Configuration Steps 4-4 Using the Web-based Management Setup Wizard Page Page Using the Web-based Management Setup Wizard 4-7 4-8 Page Page Page 5-2 Advanced Configuration The Advanced Configuration pages include the following options. 5-3 Page 5-5 Page 5-7 Page 5-9 Page 5-11 Page 5-13 Page 5-15 5-16 5-17 5-18 5-19 5-20 Page 5-22 5-23 5-24 5-25 Page 5-27 5-28 5-29 Administration Page 5-31 5-32 5-33 5-34 Page 5-36 5-37 5-38 5-39 daylight savings. To view the current SNTP settings, use the show sntp command. 5-40 Radio Interface Page 5-42 5-43 5-44 5-45 Page 5-47 5-48 5-49 5-50 Security 5-51 Page 5-53 5-54 5-55 5-56 5-57 Wi-Fi Protected Access (WPA) 5-58 5-59 5-60 5-61 5-62 Status Information 5-64 5-65 Page 5-67 Page 5-69 Page 6-1 Chapter 6 Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection 6-2 Telnet Connection 6-3 Entering Commands Keywords and Arguments Page 6-5 Partial Keyword Lookup 6-6 Negating the Effect of Commands Using Command History Understanding Command Modes 6-7 Exec Commands Configuration Commands 6-8 Command Line Processing Page 6-10 Command Groups The system commands can be broken down into the functional groups shown below. 6-11 General Commands configure 6-12 end exit 6-13 ping 6-14 reset show history 6-15 show line 6-16 System Management Commands 6-17 6-18 country 6-19 6-20 prompt system name 6-21 username 6-22 password ip http port 6-23 ip http server 6-24 logging on logging host 6-25 logging console 6-26 logging level 6-27 logging facility-type show logging 6-28 sntp-server ip 6-29 sntp-server enable 6-30 sntp-server date-time 6-31 sntp-server daylight-saving 6-32 sntp-server timezone show sntp 6-33 show system 6-34 show version 6-35 SNMP Commands snmp-server community 6-36 snmp-server contact 6-37 snmp-server enable server 6-38 snmp-server host 6-39 snmp-server location 6-40 show snmp Flash/File Commands Flash/File Commands 6-41 bootfile 6-42 copy Flash/File Commands 6-43 delete 6-44 dir 6-45 RADIUS Client 6-46 radius-server address radius-server port 6-47 radius-server key radius-server retransmit 6-48 radius-server timeout 6-49 show radius 6-50 802.1x Port Authentication 6-51 802.1x 6-52 802.1x broadcast-key-refresh-rate 6-53 802.1x session-key-refresh-rate 6-54 802.1x session-timeout address filter default 6-55 address filter entry 6-56 address filter delete 6-57 mac-authentication server Page 6-59 show authentication 6-60 Filtering Commands filter local-bridge Filtering Commands 6-61 filter ap-manage 6-62 filter ethernet-type enable Filtering Commands 6-63 filter ethernet-type protocol 6-64 show filters Interface Commands 6-65 6-66 6-67 6-68 interface dns server 6-69 ip address 6-70 6-71 ip dhcp 6-72 shutdown show interface ethernet 6-73 radio-mode 6-74 select-antenna-mode 6-75 description ssid-broadcast 6-76 speed 6-77 channel 6-78 turbo 6-79 ssid beacon-interval 6-80 dtim-period 6-81 fragmentation-length 6-82 rts-threshold 6-83 authentication 6-84 encryption 6-85 key 6-86 transmit-key 6-87 transmit-power 6-88 max-association 6-89 multicast-cipher 6-90 wpa-clients 6-91 6-92 wpa-mode 6-93 wpa-preshared-key 6-94 wpa-psk-type shutdown Page 6-96 Example Page 6-98 IAPP Commands iapp VLAN Commands 6-99 VLAN Commands 6-100 vlan VLAN Commands 6-101 native-vlanid Page A-1 Appendix A Troubleshooting A-2 A-3 A-4 Maximum Distance Table that may impact your actual distances and cause you to experience distance thresholds far lower than those posted below. 802.11a Wireless Distance Table 802.11b Wireless Distance Table Appendix B Cables and Pinouts Twisted-Pair Cable Assignments Cables and Pinouts B-2 10/100BASE-TX Pin Assignments Twisted-Pair Cable Assignments B-3 Straight-Through Wiring S / Console Port Pin Assignments Wiring Map for Serial Cable Console Port Pin Assignments B-5 Serial Cable Signal Directions for DB-9 Ports Serial Cable Signal Directions for DB-25 Ports Page C-1 Appendix C Specifications General Specifications Specifications C-2 General Specifications C-3 Specifications C-4 Sensitivity General Specifications C-5 Transmit Power Page Glossary-1 Glossary Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Page Index Index-1 A B C G H I L M O P R S Index-4 T U V W