Manuals / Symbol Technologies / Computer Equipment / Network Router

Symbol Technologies AP-4131 manual Configuring SNMPv3 Security

Models: AP-4131

1 250

Download 250 pages 60.1 Kb

Page 118

Configuring the AP

2.7.1Configuring SNMPv3 Security

SNMPv3 defines a method of access point data control known as the View- Based Access Control Model (VACM). It is a means of restricting access to a particular subset of data based on the security level used in the request and specifies whether access should be allowed.

SNMPv3 defines data access for each user (user group) based on identity and security level. Write access and read access to proprietary information can be limited to selective users increasing configuration alternatives in respect to sensitive data.

Select SNMPv3 Security Admin from the SNMP Configuration screen to display the SNMP User Security Configuration screen. Use this window to view defined user groups, their context (group definition) and security level.

Symbol Access Point

	SNMPv3 User Security Configuration
User/Group Name	Context Name	Security Level

-------------------------------------------------------------------------------------

1)		guest		noAuthNoPrivacy
2)		Symbol		noAuthNoPrivacy
3)	user3	admin3		authNoPrivacy
4)	user4	admin4		authPrivacy
5)	user5	admin5		authNoPrivacy
6)	user6	admin6		authPrivacy
		Configure User/Group-[CR]	Save All APs-[F2]	Exit-[ESC]

108	AP-4131 Access Point Product Reference Guide

Image 118

Symbol Technologies AP-4131 manual Configuring SNMPv3 Security

Contents

Spectrum24 AP-4131 Access Point 72E-56316-01 Revision a FebruaryCopyright About This Document ItalicsAP-4131 Access Point Product Reference Guide Contents Manual Kerberos Authentication Configuration 157 182 Appendix E Installing and Configuring Kerberos Setup Service AP-4131 Access Point Product Reference Guide Access Point AP IntroductionBootp Radio Basics 1 S24 Network TopologyIntroduction Introduction Introduction Introduction Cellular Coverage Introduction Root AP and Association Process Site Topography Ieee 802.1d Spanning Tree SupportSite Surveys Access Point Functional Theory MAC Layer Bridging Filtering and Access Control Auto Fallback to Wireless ModeDhcp Support Media Types EssidIntroduction Direct-Sequence Spread Spectrum MU Association Process Introduction Mobile IP Introduction Introduction Supporting CAM and PSP Stations Data Encryption Kerberos Authentication Introduction Introduction Page Introduction KSS Open Enrollment Roaming and Authentication KSS DatabasesMixed Mode Security Web Management SupportManagement Options Programmable Snmp Trap SupportUsing Snmp Increased MIB SupportSee .1.2 Using a Direct Serial Connection on Using the UISee .1.1 Using Telnet on See .1.3 Using a Dial-Up Connection onGaining Access to the UI Using TelnetAt the prompt type the password Using a Direct Serial Connection EmulationUsing a Dial-Up Connection Refer to .12.2 Updating Using Xmodem on page 132 toUsing a Web Browser Setup Network Web Server Help File Access From this menu select Microsoft Internet ServercommonAccessing Web Browser UI WWW Service Properties window opens Select DirectoriesSelect Reset AP Http//xxx.xxx.xxx.xxx Configuring the AP Type the password AP displays a Main Menu when gaining access to the UI Navigating the UIConfiguring the AP Entering Admin Mode Changing the Access to the UI Change System Passwords screen displays As asterisks. The default password is SymbolConfiguring for Dial-Up to the UI EmulationAccess Point Installation Navigating the UI Using a Web BrowserSelect AP Installation from the Main Menu DHCP/BOOTPIP Address Country ConfigUnit Name Gateway IP AddressSecondary antenna which ever has Best signal strength and transmits onRadio receives on the primary or Last antenna it received onBy the AP. If both Dhcp and Bootp Dhcp and Bootp interoperateOnly Bootp responses will be accepted Services are required, do not selectedConfiguring System Parameters On the next power up, the AP scans all To enable or disable. To saveConfiguration, select F1 Channel in Flash the power LEDConfiguring the AP Serial allows users with admin privileges to Encryption maintenance page to changeAny allows users with admin privileges to change See .4.1 Encryption Administration onIf enabled, mobile units associated with the same Specifies if the AP can perform Wnmp functionsSystem Allows the user to change the passwords for Password Default interface is Ethernet. The AP defaults to Encryption Administration Encryption Parameter Access to Web Interface Encryption Parameter Access to Telnet and Serial InterfacesParameter Access Method Interface Serial Encryption Parameter Access for Snmp Interface System Password Administration Any alphanumeric, case-sensitive entry up to User PasswordAsterisks. The default password is Symbol Characters, the characters selected are displayed asConfiguring Radio Parameters Select Set RF Configuration from the Main Menu to displayConfiguring the AP Configuring the AP Configuring the AP Wlap Mode Wlap Priority Wlap Manual Wlap Hello Time Wlap Max AgeTo the packet prior to transmission Wlap Forward DelayPreamble length is transmission data rate Eiap F4 Configuring the AP Wireless AP Operation Parameters Configuring the AP AP sets up automatically for wireless Select Set RF Configuration from the Main MenuWlap Mode No wireless operation possible. DefaultMinimizes confusion when more than two If setting the Wlap Manual Bssid toThis feature speeds up the association process Wlap Manual Specifies the Bssid of a particular WlapConfiguring the AP Enhanced Packet Prioritization EPP Enhanced Interference Avoidance Properties Eiap Configuring the AP Encryption Configuration and Key Maintenance Configuring the AP 1 40-Bit WEP Encryption Configuring the AP 2 128-Bit WEP Encryption Configuring the AP Manual Kerberos Authentication Configuration User ID Ap3 Password OK-CR Save-F1Cancel-ESC Enable Kerberos KSS Secret Address Backup KDCKSS Port KSS NameConfiguring EAP-TLS Support Configure Authenticator screen displays Re-authentication For an MU’s response once the access pointRequests an MUs identity. Default is 30 seconds Re-authenticate after the re-authentication periodConfiguring Mixed Mode Security Snmp and Mixed Mode Security Configuring the Snmp Agent AP-4131 Access Point Product Reference Guide 103 For SNMPv3 operations. Changing the factory Configuration could adversely effect SNMPv1/2cOperation AP-4131 Access Point Product Reference Guide 105 If the current Wlap fails to receive a Config Bpdu Root AP lost. The Wlap eventually resets itself toSetup and ready to forward data Connection Generated Change Root Wlap UpAP-4131 Access Point Product Reference Guide 107 Configuring SNMPv3 Security AP-4131 Access Point Product Reference Guide 109 Authentication ACL and Address Filtering Access Address Filtering Access Control List Results ListConfiguring the ACL Range of MUs114 Adding Allowed MUs Removing Allowed MUsRemoving All Allowed MUs Use ACL options from the Set System Configuration menuACL Options Load ACL from MU ListLoad ACL from File ACLIndividual FlushConfiguring Address Filtering Adding Disallowed MUs Removing Disallowed MUsRemoving Filter Types Configuring Type FilteringAdding Filter Types Controlling Type FiltersManually Updating the AP Configuration Clearing MUs from the AP122 AP-4131 Access Point Product Reference Guide 123 124 AP-4131 Access Point Product Reference Guide 125 126 AP-4131 Access Point Product Reference Guide 127 128 Updating Using Tftp AP displays the Main Menu Firmware Update Menu displays Are You Sure? yes no Type Y Firmware Update Menu displays Are You Sure? yes no Type YUpdating Using Xmodem Select Enter Admin Mode and enter the password From the Main Menu select Special Functions Press F3 to view the Firmware Update Menu Special Functions Menu displays Are You Sure? yes no Type YDownload is complete when the UI displays Setting Logging Options 138 Update Using Tftp Updating AP Firmware140 AP-4131 Access Point Product Reference Guide 141 142 AP-4131 Access Point Product Reference Guide 143 144 Select Enter Admin Mode and type the password From the Main Menu select Special Functions and press Enter Select Send File Auto Upgrade all APs Through Messaging AP-4131 Access Point Product Reference Guide 149 Type the firmware filename in the Download Filename field Press Enter Select Save-F1to save settings Performing Pings Select Regular to display Select Echo-F1to display the Packet Ping Setup screen Mobile IP Using MD5 Authentication Saving the Configuration Select Special Functions from the Main Menu to displayRestoring the Factory Configuration Resetting the APSelect Special Functions from the Main Menu Configuring Network Time System Summary Select Show System Summary from the Main Menu to displayAuthentication using 40 or 128-bit WEP Access pointEnables Windows XP MUs to use EAP/TLS for Range required for the operating countryAP Configuration ACL & Filters When Disallowed is selected, only MAC Are allowed to associate with the APInterface Statistics screen provides Interface StatisticsSelect Interface Statistics from the Main Menu to display Forwarding Counts Select Forwarding Counts from the Main Menu to displayMobile Units Select Show Mobile Units from the Main Menu to displayShared Key is enabled for this device AP-4131 Access Point Product Reference Guide 167 High priority MU power mode PSP or CAMVoice indicates packet delivery is time critical and a Normal indicates packet delivery is not time criticalBytes Sent Packets SentPackets Rcvd Bytes RcvdMobile IP Known APs HSQ MUSSelect Switch to view the Unit Name for each known AP Per second MUs associated with the APData traffic handled by the AP in kilobytes in and out FWVer Firmware version used by the specified AP AwayEthernet Statistics Select Ethernet Statistics from the Main Menu to displayEthernet because of a busy medium Radio Statistics Select Show RF Statistics from the Main Menu to displayIf the device fails to receive an acknowledgment ACK from a destinationCalculated ICV value does not match with the ICV Value errors. An MU transmitted a corrupt dataPacket and failed to pass the ICV verification. Value in the received packetTo display the Wlap RF Statistics screen select WLAP-F3 Current # Wlap Itf Send Cfg Bpdu configuration BridgeUnder .5 Configuring Radio Parameters Current StateBecomes the Root AP. The Root ID and the Wlap ID Negotiate the position of Root AP at power up.AP with the lowest Root ID, path and Wlap ID Are 16-digit numbers. The first 4 digits representMiscellaneous Statistics Select Show Misc Statistics from the Main Menu to displayReceived Analyzing Channel Use Analyzing Retries Select Show Misc Statistics from the Main MenuEvent History Clearing Statistics Select Special Functions from the Main MenuMonitoring Statistics 188 Precautions Package ContentsNetwork Connection Requirements2 10/100Base-T UTP Placing the AP Single CellPower Options Resting flat Rests on the four rubber pads on the underside Connecting the Power AdapterMounting the AP From trafficBIAS-T Low Power Distribution System Bias -T 196 AP-4131 Access Point Product Reference Guide 197 Power LED IndicatorsSteady Green during operation Power Wired LAN Activity Wlap mode LED displayWireless LAN Activity Special cases Ensure wired network is operating TroubleshootingElectrical Management System EMS operating outlet Setting Up MUs Physical Characteristics Meets CE-MarkRadio Characteristics Network Characteristics S24dsap.mib, MIB-II and 802.1x.mibSpecifications Appendix B Supported Modems Supported Modems Appendix C Customer Support North American ContactsInternational Contacts Appendix D Country Identification Codes Country Identification Codes UAE Country Identification Codes Creating a Windows 2000 Environment for the KSS Installing the KSS in a Windows 2000 Environment Creating a User Account and Password in Active Directory Click OK Preparing the KSS for Access Point Validation Installing and Configuring Kerberos Setup Service Kerberos Account Entry dialog box displays Installing and Configuring Kerberos Setup Service Enable Open Enrollment info box appears Listen For Connection Box displays Installing and Configuring Kerberos Setup Service Manually Creating an Access Point Setup Account Installing and Configuring Kerberos Setup Service Implementing Kerberos without the KSS Installing and Configuring Kerberos Setup Service Installing and Configuring Kerberos Setup Service Index Dtim Index-3 Index-4 Index-5 LAN Index-7 Index-8 TIM Wlap