Nortel 2200 Series Product Guide

Nortel 2200 Series Product Guide
Part No. 320298-A Rev 00
April 2005
4655 Great America Parkway
Santa Clara, CA 95054
Nortel 2200 Series
Product Guide
System Release 2.2
*320298-A rev 00*
2
Copyright © Nortel Networks Limited 2005. All rights reserved.
The information in this document is subject to change without notice. The statements, configurations, technical data, and
recommendations in this document are believed to be accurate and reliable, but are presented without express or implied
warranty. Users must take full responsibility for their applications of any products specified in this document. The
information in this document is proprietary to Nortel.
Trademarks
Nortel Networks, the Nortel Networks logo, the Globemark, and Unified Networks are trademarks of Nortel.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated.
Airespace is a trademark of Airespace, Inc.
The asterisk after a name denotes a trademarked item.
Restricted rights legend
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,
the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the
Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
Statement of conditions
In the interest of improving internal design, operational function, and/or reliability, Nortel Inc. reserves the right to make
changes to the products described in this document without notice.
Nortel Inc. does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s)
described herein.
Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. All
rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above
copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials,
and other materials related to such distribution and use acknowledge that such portions of the software were developed
by the University of California, Berkeley. The name of the University may not be used to endorse or promote products
derived from such portions of the software without specific prior written permission.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains
restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third
parties).
320298-A Rev 00
USA requirements only 3
USA requirements only
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to
Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when
the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy. If it is not installed and used in accordance with the instruction manual, it may cause harmful interference to
radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which
case users will be required to take whatever measures may be necessary to correct the interference at their own expense.
Nortel Inc. software license agreement
This Software License Agreement (“License Agreement”) is between you, the end-user (“Customer”) and Nortel
Corporation and its subsidiaries and affiliates (“Nortel Networks”). PLEASE READ THE FOLLOWING CAREFULLY.
YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE.
USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT. If you do not
accept these terms and conditions, return the Software, unused and in the original shipping container, within 30 days of
purchase to obtain a credit for the full purchase price.
“Software” is owned or licensed by Nortel, its parent or one of its subsidiaries or affiliates, and is copyrighted and
licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such
as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel grants
you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than
those granted to you under this License Agreement. You are responsible for the selection of the Software and for the
installation of, use of, and results obtained from the Software.
1.Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on
only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To
the extent Software is furnished for use with designated hardware or Customer furnished equipment (“CFE”), Customer
is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains trade
secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer
uses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure that
anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not a) use,
copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile,
reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly
authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel are beneficiaries of
this provision. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no
longer in use, Customer will promptly return the Software to Nortel or certify its destruction. Nortel may audit by
remote polling or other reasonable means to determine Customer’s Software activation or usage levels. If suppliers of
third party software included in Software require Nortel to include additional or different terms, Customer agrees to
abide by such terms provided by Nortel with respect to such third party software.
2.Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,
Software is provided “AS IS” without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS
ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING,
BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to
provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in
such event, the above exclusions may not apply.
3.Limitation of Remedies. IN NO EVENT SHALL NORTEL OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR
ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE
TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL,
PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN
Nortel 2200 Series Product Guide
4 Legal Information
CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE
SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR
POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplier of the Software. Such
developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow these limitations or
exclusions and, in such event, they may not apply.
4.General
a)If Customer is the United States Government, the following paragraph shall apply: All Nortel Software available
under this License Agreement is commercial computer software and commercial computer software documentation and,
in the event Software is licensed for or on behalf of the United States Government, the respective rights to the software
and software documentation are governed by Nortel standard commercial license in accordance with U.S. Federal
Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).
b)Customer may terminate the license at any time. Nortel may terminate the license if Customer fails to comply with the
terms and conditions of this license. In either event, upon termination, Customer must either return the Software to
Nortel or certify its destruction.
c)Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customer’s use of
the Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and
regulations.
d)Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.
e)The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer
and Nortel.
f)This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the
Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York.
Legal Information
This section includes the following legal information:
•
“Limited Product Warranty” on page 4
•
“Software License Agreement” on page 6
•
“SSH Source Code Statement” on page 8
•
“OpenSSL Project License Statements” on page 9
•
“Trademarks and Service Marks” on page 9
Limited Product Warranty
The following sections describe the Nortel standard Product Warranty for End Users.
Products
Nortel WLAN — Wireless Security Switch (2270) Family
WLAN — Access Ports (223x) Family
Limited Warranty
Nortel standard warranty for hardware is one (1) year. Nortel warrants software materials to be defect free for
90 Days from time of purchase. Nortel requires purchasing the software subscription if a customer would like
to receive new Nortel WLAN — Wireless Security Switch (2270), Nortel WLAN — Controller (2270), Nortel
320298-A Rev 00
Legal Information 5
WLAN — Management System, or Site Survey software. This limited warranty extends only to you the
original purchaser of the Product.
Exclusive Remedy
Your sole remedy under the limited warranty described above is, at Nortel ’s sole option and expense, the
repair or replacement of the non-conforming Product or refund of the purchase price of the non-conforming
Products. Nortel ’s obligation under this limited warranty is subject to compliance with Nortel ’s then-current
Return Material Authorization (“RMA”) procedures. All replaced Products will become the property of Nortel
. Exchange Products not returned to Nortel will be invoiced at full Product list prices. Replacement Products
may be new, reconditioned or contain refurbished materials. In connection with any warranty services hereunder, Nortel may in its sole discretion modify the Product at no cost to you to improve its reliability or
performance.
Warranty Claim Procedures
Should a Product fail to conform to the limited warranty during the applicable warranty period as described
above, Nortel must be notified during the applicable warranty period in order to have any obligation under the
limited warranty.
The End Customer or their designated reseller must obtain a Return Material Authorization number (RMA
number) from Nortel for the non-conforming Product and the non-conforming Product must be returned to
Nortel according to the then-current RMA procedures. The End Customer or their designated reseller is
responsible to ensure that the shipments are insured, with the transportation charges prepaid and that the RMA
number is clearly marked on the outside of the package. Nortel will not accept collect shipments or those
returned without an RMA number clearly visible on the outside of the package.
Exclusions and Restrictions
Nortel shall not be responsible for any software, firmware, information or memory data contained in, stored
on or integrated with any Product returned to Nortel pursuant to any warranty or repair.
Upon return of repaired or replaced Products by Nortel , the warranty with respect to such Products will
continue for the remaining unexpired warranty or sixty (60) days, whichever is longer. Nortel may provide
out-of-warranty repair for the Products at its then-prevailing repair rates.
The limited warranty for the Product does not apply if, in the judgment of Nortel , the Product fails due to
damage from shipment, handling, storage, accident, abuse or misuse, or it has been used or maintained in a
manner not conforming to Product manual instructions, has been modified in any way, or has had any Serial
Number removed or defaced. Repair by anyone other than Nortel or an approved agent will void this
warranty.
EXCEPT FOR ANY EXPRESS LIMITED WARRANTIES FROM Nortel Networks SET FORTH ABOVE,
THE PRODUCT IS PROVIDED “AS IS”, AND Nortel Networks AND ITS SUPPLIERS MAKE NO
WARRANTY, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, WITH RESPECT TO PRODUCT
OR ANY PART THEREOF, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF
TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR
THOSE ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. Nortel
Networks’S SUPPLIERS MAKE NO DIRECT WARRANTY OF ANY KIND TO END CUSTOMER FOR
THE LICENSED MATERIALS. NEITHER Nortel Networks NOR ANY OF ITS SUPPLIERS WARRANT
THAT THE LICENSED MATERIALS OR ANY PART THEREOF WILL MEET END CUSTOMER'S
REQUIREMENTS OR BE UNINTERRUPTED, OR ERROR-FREE, OR THAT ANY ERRORS IN THE
Nortel 2200 Series Product Guide
6 Software License Agreement
PRODUCT WILL BE CORRECTED. SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO END
CUSTOMER. THIS LIMITED WARRANTY GIVES END CUSTOMER SPECIFIC LEGAL RIGHTS. END
CUSTOMER MAY ALSO HAVE OTHER RIGHTS, WHICH VARY FROM STATE/JURISDICTION TO
STATE/JURISDICTION.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL Nortel
Networks OR ITS SUPPLIERS BE LIABLE FOR THE COST OF PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES, LOSS OF PROFITS, OR FOR ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL, PUNITIVE OR INDIRECT DAMAGES (OR DIRECT DAMAGES IN THE CASE OF Nortel
Networks’S SUPPLIERS) ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT
(INCLUDING WITHOUT LIMITATION NEGLIGENCE), STRICT LIABILITY OR OTHERWISE
ARISING OUT OF OR RELATED TO THE PRODUCT OR ANY USE OR INABILITY TO USE THE
PRODUCT. Nortel Networks’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THE
PRODUCT, OR USE OR INABILITY TO USE THE PRODUCT, WHETHER IN CONTRACT, TORT
(INCLUDING WITHOUT LIMITATION NEGLIGENCE), STRICT LIABILITY OR OTHERWISE,
SHALL NOT EXCEED THE PRICE PAID FOR THE PRODUCT. THE LIMITATIONS SET FORTH IN
THIS SECTION SHALL APPLY EVEN IF Nortel Networks AND/OR ITS SUPPLIERS ARE ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE, AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL
PURPOSE OF ANY LIMITED REMEDY. Nortel Networks NEITHER ASSUMES NOR AUTHORIZES
ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE
SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS.
Software License Agreement
PLEASE READ THIS SOFTWARE LICENSE AGREEMENT (“AGREEMENT”) CAREFULLY BEFORE USING THE SOFTWARE AND ASSOCIATED DOCUMENTATION THAT IS PROVIDED WITH THIS AGREEMENT (“SOFTWARE,” “DOCUMENTATION,” AND COLLECTIVELY, “LICENSED MATERIALS”).
BY USING ANY LICENSED MATERIALS, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD ALL THE TERMS AND
CONDITIONS OF THIS AGREEMENT AND YOU WILL BE CONSENTING TO BE BOUND BY THEM. IF YOU DO NOT ACCEPT
THESE TERMS AND CONDITIONS, DO NOT USE THE LICENSED MATERIALS AND RETURN THE LICENSED MATERIALS AND
ANY EQUIPMENT PROVIDED BY Nortel IN CONNECTION THEREWITH (“EQUIPMENT”) UNUSED IN THE ORIGINAL SHIPPING
CONTAINER TO THE PLACE OF PURCHASE FOR A FULL REFUND.
Software may be provided by Nortel on a standalone basis (“Standalone Software”) or it may be provided embedded in
Equipment (“Embedded Software”).
1.
License.
(a)
Subject to the terms and conditions of this Agreement, Nortel (“Nortel ”), grants to you (“Licensee”) a limited,
non-exclusive, non-transferable license, without the right to sublicense: (i) to install and use the Standalone Software, in
object code format only, on computer hardware for which all corresponding license fees have been paid; (ii) use one (1)
copy of the Embedded Software, in object code format only, solely as embedded in Equipment, each solely in accordance
with the Documentation for Licensee’s internal business purposes.
(b)
The license set forth above does not include any rights to and Licensee shall not (i) reproduce (except as set
forth in Section 1(c)), modify, translate or create any derivative work of all or any portion of the Licensed Materials or Equipment, (ii) sell, rent, lease, loan, provide, distribute or otherwise transfer all or any portion of the Licensed Materials (except
as set forth in Section 1(f)), (iii) reverse engineer, reverse assemble or otherwise attempt to gain access to the source code
of all or any portion of the Licensed Materials or Equipment, (iv) use the Licensed Materials for third-party training, commercial time-sharing or service bureau use, (v) remove, alter, cover or obfuscate any copyright notices, trademark notices
or other proprietary rights notices placed or embedded on or in the Licensed Materials or Equipment, (vi) use any component
of the Software or Equipment other than solely in conjunction with operation of the Software and as applicable, Equipment,
(vii) unbundle any component of the Software or Equipment, (viii) use any component of the Software for the development
of or in conjunction with any software application intended for resale that employs any such component, (ix) use the Licensed Materials or Equipment in life support systems, human implantation, nuclear facilities or systems or any other application where failure could lead to a loss of life or catastrophic property damage, or (x) cause or permit any third party to
do any of the foregoing.
If Licensee is a European Union resident, Licensee acknowledges that information necessary to achieve interoperability of
the Software with other programs is available upon request.
320298-A Rev 00
Software License Agreement 7
(c)
Licensee may make a single copy of the Standalone Software and Documentation solely for its back-up purposes;
provided that any such copy is the exclusive property of Nortel and its suppliers and includes all copyright and other intellectual property right notices that appear on the original.
(d)
Nortel may provide updates, corrections, enhancements, modifications or bug fixes for the Licensed Materials
(“Updates”) to Licensee. Any such Update shall be deemed part of the Licensed Materials and subject to the license and all
other terms and conditions hereunder.
(e)
Nortel shall have the right to inspect and audit Licensee’s use, deployment, and exploitation of the Licensed
Materials for compliance with the terms and conditions of this Agreement.
(f)
Licensee shall have the right to transfer the Embedded Software as embedded in Equipment in connection with
a transfer of all of Licensee’s right, title and interest in such Equipment to a third party; provided, that, Licensee transfers
the Embedded Software and any copies thereof subject to the terms and conditions of this Agreement and such third party
agrees in writing to be bound by all the terms and conditions of this Agreement.
(g)
Notwithstanding anything to the contrary herein, certain portions of the Software are licensed under and Licensee's use of such portions are only subject to the GNU General Public License version 2. If Licensee or any third party sends
a request in writing to Nortel at 110 Nortech Parkway, San Jose CA 95134, ATTN: Contracts Administration, Nortel will
provide a complete machine-readable copy of the source code of such portions for a nominal cost to cover Nortel 's cost in
physically providing such code.
2.
Ownership. Nortel or its suppliers own and shall retain all right, title and interest (including without limitation all intellectual property rights), in and to the Licensed Materials and any Update, whether or not made by Nortel . Licensee acknowledges that the licenses granted under this Agreement do not provide Licensee with title to or ownership of the Licensed
Materials, but only a right of limited use under the terms and conditions of this Agreement. Except as expressly set forth in
Section 1, Nortel reserves all rights and grants Licensee no licenses of any kind hereunder. All information or feedback
provided by Licensee to Nortel with respect to the Software or Equipment shall be Nortel ’s property and deemed confidential
information of Nortel .
3.
Confidentiality. Licensee agrees that the Licensed Materials contain confidential information, including trade secrets,
know-how, and information pertaining to the technical structure or performance of the Software, that is the exclusive property of Nortel as between Licensee and Nortel . In addition, Nortel ’s confidential information includes any confidential or
trade secret information related to the Licensed Materials. During the period this Agreement is in effect and at all times
thereafter, Licensee shall maintain Nortel ’s confidential information in confidence and use the same degree of care, but in
no event less than reasonable care, to avoid disclosure of Nortel ’s confidential information as it uses with respect to its own
confidential and proprietary information of similar type and importance. Licensee agrees to only disclose Nortel ’s confidential information to its directors, officers and employees who have a bona fide need to know solely to exercise Licensee’s
rights under this Agreement and to only use Nortel ’s confidential information incidentally in the customary operation of the
Software and Equipment. Licensee shall not sell, license, sublicense, publish, display, distribute, disclose or otherwise make
available Nortel ’s confidential information to any third party nor use such information except as authorized by this Agreement. Licensee agrees to immediately notify Nortel of the unauthorized disclosure or use of the Licensed Materials and to
assist Nortel in remedying such unauthorized use or disclosure. It is further understood and agreed that any breach of this
Section 3 or Section 1(b) is a material breach of this Agreement and any such breach would cause irreparable harm to Nortel
and its suppliers, entitling Nortel or its suppliers to injunctive relief in addition to all other remedies available at law.
4.
Limited Warranty & Disclaimer. Any limited warranty for the Licensed Materials and Nortel ’s sole and exclusivity liability thereunder is as set forth in Nortel ’s standard warranty documentation. In addition, any limited warranty for the Software does not apply to any component of the Software but only to the Software as a whole. EXCEPT FOR ANY EXPRESS
LIMITED WARRANTIES FROM Nortel Networks IN SUCH DOCUMENTATION, THE LICENSED MATERIALS ARE PROVIDED “AS
IS”, AND Nortel Networks AND ITS SUPPLIERS MAKE NO WARRANTY, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
WITH RESPECT TO LICENSED MATERIALS OR ANY PART THEREOF, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THOSE ARISING
FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. Nortel Networks’S SUPPLIERS MAKE NO DIRECT WARRANTY OF ANY KIND TO LICENSEE FOR THE LICENSED MATERIALS. NEITHER Nortel Networks NOR ANY OF ITS SUPPLIERS
WARRANT THAT THE LICENSED MATERIALS OR ANY PART THEREOF WILL MEET LICENSEE’S REQUIREMENTS OR BE UNINTERRUPTED, OR ERROR-FREE, OR THAT ANY ERRORS IN THE LICENSED MATERIALS WILL BE CORRECTED. SOME STATES/
JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES SO THE ABOVE EXCLUSIONS MAY NOT APPLY
TO LICENSEE. THIS LIMITED WARRANTY GIVES LICENSEE SPECIFIC LEGAL RIGHTS. LICENSEE MAY ALSO HAVE OTHER
RIGHTS, WHICH VARY FROM STATE/JURISDICTION TO STATE/JURISDICTION.
5.
Term and Termination. This Agreement is effective until terminated. License may terminate this Agreement at any
time by destroying all copies of the Software. This Agreement and all licenses granted hereunder will terminate immediately
without notice from Nortel if Licensee fails to comply with any provision of this Agreement. Upon any termination, Licensee
must destroy all copies of the Licensed Materials. Sections 1(b), 2, 3, 4(b), 5, 6, 7, 8, 9 and 10 shall survive any termination
of this Agreement.
6.
Export. The Software is specifically subject to U.S. Export Administration Regulations. Licensee agrees to strictly comply with all export, re-export and import restrictions and regulations of the Department of Commerce or other agency or
authority of the United States or other applicable countries, and not to transfer, or authorize the transfer of, directly or indirectly, the Software or any direct product thereof to a prohibited country or otherwise in violation of any such restrictions
or regulations. Licensee’s failure to comply with this Section is a material breach of this Agreement. Licensee acknowledges
that Licensee is not a national of Cuba, Iran, Iraq, Libya, North Korea, Sudan or Syria or a party listed in the U.S. Table of
Denial Orders or U.S. Treasury Department List of Specially Designated Nationals.
7.
Government Restricted Rights. As defined in FAR section 2.101, DFAR section 252.227-7014(a)(1) and DFAR section
252.227-7014(a)(5) or otherwise, the Software provided in connection with this Agreement are “commercial items,” “com-
Nortel 2200 Series Product Guide
8 SSH Source Code Statement
mercial computer software” and/or “commercial computer software documentation.” Consistent with DFAR section
227.7202, FAR section 12.212 and other sections, any use, modification, reproduction, release, performance, display, disclosure or distribution thereof by or for the U.S. Government shall be governed solely by the terms of this Agreement and
shall be prohibited except to the extent expressly permitted by the terms of this Agreement. Any technical data provided
that is not covered by the above provisions shall be deemed “technical data-commercial items” pursuant to DFAR section
227.7015(a). Any use, modification, reproduction, release, performance, display or disclosure of such technical data shall
be governed by the terms of DFAR section 227.7015(b).
8.
Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL Nortel Networks OR ITS SUPPLIERS BE LIABLE FOR THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
PROFITS, OR FOR ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL, PUNITIVE OR INDIRECT DAMAGES (OR DIRECT DAMAGES
IN THE CASE OF Nortel Networks’S SUPPLIERS) ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT (INCLUDING
WITHOUT LIMITATION NEGLIGENCE), STRICT LIABILITY OR OTHERWISE ARISING OUT OF OR UNDER THIS AGREEMENT
OR ANY USE OR INABILITY TO USE THE LICENSED MATERIALS OR EQUIPMENT, OR FOR BREACH OF THIS AGREEMENT.
Nortel Networks’S TOTAL LIABILITY ARISING OUT OF OR UNDER THIS AGREEMENT, OR USE OR INABILITY TO USE THE
LICENSED MATERIALS OR EQUIPMENT, OR FOR BREACH OF THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING WITHOUT LIMITATION NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, SHALL NOT EXCEED THE PRICE PAID FOR
THE SOFTWARE (FOR THE STANDALONE SOFTWARE) AND THE PRICE PAID FOR THE EQUIPMENT (FOR THE EMBEDDED
SOFTWARE AND EQUIPMENT). THE LIMITATIONS SET FORTH IN THIS SECTION SHALL APPLY EVEN IF Nortel Networks AND/
OR ITS SUPPLIERS ARE ADVISED OF THE POSSIBILITY OF SUCH DAMAGE, AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
9.
Third Party Beneficiaries. Nortel ’s suppliers are intended third party beneficiaries of this Agreement. The terms and
conditions herein are made expressly for the benefit of and are enforceable by Nortel ’s suppliers; provided, however, that
Nortel ’s suppliers are not in any contractual relationship with Licensee. Nortel ’s suppliers include without limitation: (a)
Hifn, Inc., a Delaware corporation with principal offices at 750 University Avenue, Los Gatos, California; and (b) Wind River
Systems, Inc. and its suppliers.
10.
General. This Agreement is governed and interpreted in accordance with the laws of the State of California, U.S.A.
without reference to conflicts of laws principles and excluding the United Nations Convention on Contracts for the Sale of
Goods. The parties consent to the exclusive jurisdiction of, and venue in, Santa Clara County, California, U.S.A. Licensee
shall not transfer, assign or delegate this Agreement or any rights or obligations hereunder, whether voluntarily, by operation of law or otherwise, without the prior written consent of Nortel (except as expressly set forth in Section 1(f)). Subject
to the foregoing, the terms and conditions of this Agreement shall be binding upon and inure to the benefit of the parties to
it and their respective heirs, successors, assigns and legal representatives. This Agreement constitutes the entire agreement
between Nortel and Licensee with respect to the subject matter hereof, and merges all prior negotiations and drafts of the
parties with regard thereto. No modification of or amendment to this Agreement, nor any waiver of any rights under this
Agreement, by Nortel shall be effective unless in writing. If any of the provisions of this Agreement is held by a court of
competent jurisdiction to be invalid or unenforceable under any applicable statute or rule of law, such provision shall, to that
extent, be deemed omitted.
SSH Source Code Statement
C 1995 - 2004 SAFENET, Inc. This software is protected by international copyright laws. All rights reserved. SafeNet is a
registered trademark of SAFENET, Inc., in the United States and in certain other jurisdictions. SAFENET and the SAFENET
logo are trademarks of SAFENET, Inc., and may be registered in certain jurisdictions. All other names and marks are property of their respective owners.
Copyright (c) 1983, 1990, 1992, 1993, 1995 The Regents of the University of California. All rights reserved.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Components of the software are provided under a standard 2-term BSD licence with the following names as copyright holders:
o Markus Friedl
o Theo de Raadt
o Niels Provos
o Dug Song
o Aaron Campbell
o Damien Miller
o Kevin Steves
320298-A Rev 00
SSH Source Code Statement 9
o Daniel Kouril
o Per Allansson
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
OpenSSL Project License Statements
Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Trademarks and Service Marks
Nortel , and the Nortel logo are registered trademarks, and management software is a trademark of Nortel All other
trademarks belong to their respective holders.
Nortel 2200 Series Product Guide
10 FCC Statements for WLAN — Security Switches (2270)
FCC Statements for WLAN — Security Switches (2270)
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case
the user will be required to correct the interference at his own expense.
320298-A Rev 00
FCC Statements for Nortel WLAN — Controllers (2270) 11
FCC Statements for Nortel WLAN — Controllers (2270)
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This
device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause unwanted operation
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of
the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential
installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try
to correct the interference by one or more of the following safety measures.
•
Reorient or relocate the receiving antenna.
•
Increase the separation between the equipment and the receiver.
•
Consult the dealer or an experienced radio/modem technician for help.
Nortel 2200 Series Product Guide
12 FCC Statements for WLAN — Access Ports (223x)
FCC Statements for WLAN — Access Ports (223x)
This section includes the following FCC statements for WLAN — Access Ports (223x):
•
“Class A Statement” on page 12
•
“RF Radiation Hazard Warning” on page 12
•
“Non-Modification Statement” on page 12
•
“Deployment Statement” on page 12
Class A Statement
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy
and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the
user will be required to correct the interference at his own expense.
RF Radiation Hazard Warning
To ensure compliance with FCC RF exposure requirements, this device must be installed in a location such that the
antenna of the device will be greater than 20 cm (8 in.) from all persons. Using higher gain antennas and types of
antennas not covered under the FCC certification of this product is not allowed.
Installers of the radio and end users of the Nortel 2200 Series must adhere to the installation instructions provided in this
manual.
Non-Modification Statement
Use only the supplied internal antenna, or external antennas supplied by the manufacturer. Unauthorized antennas, modifications, or attachments could damage the badge and could violate FCC regulations and void the user’s authority to
operate the equipment.
Note: Refer to the Nortel 2200 Series Release Notes Part # 216400-B for 802.11a external antenna
information. Contact Nortel for a list of FCC-approved 802.11a and 802.11b/g external antennas.
Deployment Statement
This product is certified for indoor deployment only. Do not install or use this product outdoors.
320298-A Rev 00
Industry Canada Required User Information for WLAN — Access Ports (223x) 13
Industry Canada Required User Information for WLAN — Access
Ports (223x)
This device has been designed to operate with antennae having maximum gains of 7.8 dBi (2.4 GHz) and 7.4 dBi
(5 GHz).
Antennae having higher gains is strictly prohibited per regulations of Industry Canada. The required antenna impedance
is 50 ohms.
To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the equivalent isotropically radiated power (EIRP) is not more than that required for successful communication.
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case
the user will be required to correct the interference at his own expense.
To ensure compliance with EMC standards applied to the Nortel WLAN — Wireless Security Switches (2270), shielded
twisted pair (STP) 10/100Base-T cabling must be used.
Nortel 2200 Series Product Guide
14 Industry Canada Required User Information for WLAN — Access Ports (223x)
320298-A Rev 00
15
Table of Contents
Welcome to the Nortel 2200 Series Product Guide . . . . . . . . . . . . . . . . . . . .19
Safety Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Contacting Nortel Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Overviews. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
About the Nortel 2200 Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Nortel WLAN — Security Switches (2270) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Nortel WLAN — Access Ports (223x) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rogue Access Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Nortel WLAN — Management System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Nortel WLAN — Security Switch Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
43
49
59
72
74
79
80
Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Operating System Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Converting a Nortel 2200 Series from Layer 2 to Layer 3 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Converting a Nortel 2200 Series from Layer 3 to Layer 2 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Configuring a Firewall for WLAN Management System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Configuring the System for SpectraLink NetLink Telephones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Using Management over Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Configuring a WLAN for a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Customizing the Web Auth Login Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Configuring Identity Networking for Operating System 2.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Using the Nortel 2200 Series CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Nortel WLAN — Management System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Starting and Stopping the WLAN — Management System Web Interface . . . . . . . . . . . . . . . . . . . . . . . .
Using WMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the WLAN — Security Switch Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Authorizing APs against AAA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
113
154
160
163
222
226
230
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Nortel 2200 Series Product Guide
16 Table of Contents
Nortel 2200 Series Supported Regulatory Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Contivity Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Configuring Contivity VPN for the Nortel WLAN — Security Switch (2270) . . . . . . . . . . . . . . . . . . . . 268
Configuring Contivity VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
SONMP Auto Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284
KRS Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .289
Nortel 2200 Series CLI Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
? command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Help Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Advanced 802.11A Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Advanced 802.11B Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Certificate Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Mirror Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Mobility Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Radius Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Rogue AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Rogue Adhoc Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Rogue Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Stats Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config 802.11A Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config 802.11B Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config Advanced 802.11A Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config Advanced 802.11B Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config Advanced Timers Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config Macfilter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config MGMTUSER Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config Mirror Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config Mobility Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG MSGLOG LEVEL COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG NETUSER COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG NETWORK COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG PORT COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG RADIUS ACCT COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG RADIUS AUTH COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
320298-A Rev 00
299
300
300
306
311
318
329
331
345
347
353
355
358
359
369
383
385
392
403
418
434
436
449
454
458
460
462
463
466
469
476
481
483
Table of Contents 17
CONFIG ROUTE COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG SERIAL COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG SESSIONS COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG SNMP COMMUNITY COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG SNMP TRAPRECEIVER COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG SNMP V3USER COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG SPANNINGTREE PORT COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG SPANNINGTREE SWITCH COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG TRAPFLAGS COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG WATCHLIST COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG WLAN COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG WLAN SECURITY COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG WPS COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONFIG WPS-PEERS COMMANDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Saving Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Clearing Configurations, Logfiles, and Other Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Uploading and Downloading Files and Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
488
489
490
491
494
496
498
500
505
512
513
520
532
542
543
544
550
559
Nortel 2200 Series Product Guide
18 Table of Contents
320298-A Rev 00
19
Welcome to the Nortel 2200 Series Product Guide
The Nortel 2200 Series Product Guide describes the following Nortel 2200 Series products:
•
The Service Only — supports client voice and data services, and client monitoring and control, but no
Rogue AP detection, monitoring or containment functions. See “Service-Only Nortel 2200 Series” on page 26
Refer to “Overviews” on page 23 to see a big picture view of Nortel 2200 Series products and features.
See “Solutions” on page 81 to look through real-world network and application- specific solutions
to real-world problems.
Go to “Tasks” on page 111 to find detailed instructions on how to install, configure, use, and troubleshoot Nortel 2200 Series products and supported 802.11 networks.
Visit “References” on page 237 to find technical information, such as the Glossary, Supported
Regulatory Domains, CLI Reference, Web Browser Online Help files, WLAN Management System Online Help files, WLAN — Access Ports 223x Deployment Guide, Hardware and Software
Quick Installation Guides, and pointers to the current Release Notes.
•
“FCC Statements for WLAN — Security Switches (2270)” on page 10
•
“FCC Statements for Nortel WLAN — Controllers (2270)” on page 11
•
“FCC Statements for WLAN — Access Ports (223x)” on page 12
•
“Industry Canada Required User Information for WLAN — Access Ports (223x)” on page 13
•
“Legal Information” on page 4
•
“Contacting Nortel Technical Support” on page 22
Nortel 2200 Series Product Guide
20 Welcome to the Nortel 2200 Series Product Guide
•
Nortel 2200 Series Operating System Release Notes Part # 216400-B
•
Nortel WLAN — Management System Software Release Notes Part # 216401-B
320298-A Rev 00
Safety Considerations 21
Safety Considerations
•
The Nortel WLAN — Wireless Security Switches (2270) contain Class 1 Lasers (Laser Klasse 1) according to
EN 60825-1+A1+A2.
•
Nortel WLAN — Wireless Security Switches (2270) Model PoE are only intended for installation in
Environment A (same-building deployment) as defined in IEEE 802.3af. All interconnected equipment must
be contained within the same building including the interconnected equipment's associated LAN connections.
•
The 2230/2231/2232 WLAN — Access Ports 223x with or without external antenna ports are only intended
for installation in Environment A as defined in IEEE 802.3af. All interconnected equipment must be contained
within the same building including the interconnected equipment's associated LAN connections.
•
For WLAN — Access Ports 223x provided with optional external antenna ports, ensure that all external
antennas and their associated wiring are located entirely indoors. WLAN — Access Ports 223x and their
optional external antennas are not suitable for outdoor use.
•
ENSURE that plenum-mounted WLAN — Access Ports 223x are powered using Power over Ethernet (PoE)
to comply with safety regulations.
•
For Nortel WLAN — Wireless Security Switches (2270), verify that the ambient temperature remains between
0 to 40° C (32 to 104° F), taking into account the elevated temperatures when installed in a rack.
•
When multiple Nortel WLAN — Wireless Security Switches (2270) are mounted in an equipment rack, be
sure that the power source is sufficiently rated to safety run all of the equipment in the rack.
•
Verify the integrity of the ground before installing the Nortel WLAN — Wireless Security Switches (2270) in
an equipment rack with other Nortel WLAN — Wireless Security Switches (2270).
•
Suitable for use in environmental air space in accordance with Section 300.22.C of the National Electrical
Code, and Sections 2-128, 12-010(3) and 12-100 of the Canadian Electrical Code, Part 1, C22.1.
Nortel 2200 Series Product Guide
22 Contacting Nortel Technical Support
Contacting Nortel Technical Support
If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical
support staff for that distributor or reseller for assistance.
Additional information about the Nortel Technical Solutions Centers is available from the www.nortel.com/contactus
URL.
An Express Routing Code (ERC) is available for many Nortel products and services. When you use an ERC, your call is
routed to a technical support person who specializes in supporting that product or service. To locate an ERC for your
product or service, go to the www.nortel.com/erc URL.
If you purchased a Nortel service program, contact one of the following Nortel Technical Solutions Centers:
Technical Solutions Center
Telephone
Europe, Middle East, and Africa
00800 8008 9009
or
+44 (0) 870 907 9009
North America
(800) 4NORTEL or (800) 466-7835
Asia Pacific
(61) (2) 9927-8800
China
(800) 810-5000
RMA Procedures
RMA Procedures
Contact Nortel Technical Support for a Return Material Authorization (RMA) for your Nortel WLAN — Access Port
(223x).
Please have the following available when making a call:
•
Company and Contact information
•
Equipment model number(s)
•
Operating System software revision level (NT_2_2_0_0_x_x)
•
WLAN — Management System Software revision level (2.2.x.x)
•
Symptom(s)
•
Network configuration
You can find Nortel Technical Support information at www.nortel.com/support.
320298-A Rev 00
23
Overviews
Refer to the following for information about the Nortel 2200 Series and other high-level subjects:
•
•
“About the Nortel 2200 Series” on page 25
-
“Service-Only Nortel 2200 Series” on page 26
-
“Single-WLAN — Security Switch (2270) Deployments” on page 26
-
“Multiple-WLAN — Security Switch (2270) Deployments” on page 27
-
“Operating System Software” on page 29
-
“Operating System Security” on page 29
-
“Operating System Security” on page 29
-
“Nortel Wired Security” on page 30
-
“Layer 2 and Layer 3 LWAPP Operation” on page 30
-
“Management Software” on page 31
-
“Master WLAN — Security Switch (2270)” on page 32
-
“Primary, Secondary, and Tertiary WLAN — Security Switch (2270)” on page 33
-
“Client Roaming” on page 33
-
“Client Location” on page 34
-
“External DHCP Servers” on page 34
-
“Nortel Mobility Group” on page 35
-
“Nortel Wired Connections” on page 37
-
“Nortel WLANs” on page 38
-
“Access Control Lists” on page 39
-
“Identity Networking” on page 39
-
“Port Mirroring” on page 40
-
“File Transfers” on page 41
-
“Power Over Ethernet” on page 41
-
“Intrusion Detection Service (IDS)” on page 41
“Nortel WLAN — Security Switches (2270)” on page 43
-
“Nortel WLAN — Security Switches (2270)” on page 44
-
“WLAN — Security Switch (2270) Features” on page 44
-
“WLAN — Security Switch (2270) Model Numbers” on page 45
-
“Appliance Mode” on page 46
Nortel 2200 Series Product Guide
24 Overviews
-
“Distribution System Ports” on page 47
•
“Management Interface” on page 49
•
“Nortel WLAN — Access Ports (223x)” on page 59
•
“Rogue Access Ports” on page 72
•
“Nortel WLAN — Management System Software” on page 74
•
“Nortel WLAN — Security Switch Web Interface” on page 79
•
“Command Line Interface” on page 80
320298-A Rev 00
About the Nortel 2200 Series 25
About the Nortel 2200 Series
The Nortel 2200 Series is designed to provide 802.11 wireless networking solutions for enterprises and service
providers. The Nortel 2200 Series simplifies deploying and managing large-scale wireless LANs and enables a unique
best-in-class security infrastructure. The Operating System manages all data client, communications, and system administration functions, performs management functions, manages system-wide mobility policies using the Operating System
Security solution, and coordinates all security functions using the operating system security framework. See “Management Software” on page 31 and “Operating System Security” on page 29
The Nortel 2200 Series consists of Nortel WLAN — Wireless Security Switches (2270) and their associated WLAN —
Access Ports (223x) controlled by the Operating System, all managed by any or all of the Operating System user interfaces. See “Nortel WLAN — Security Switches (2270)” on page 43) and “Nortel WLAN — Access Ports (223x)” on
page 59
•
An HTTP and/or HTTPS full-featured Nortel WLAN — Security Switch Web Interface hosted by Nortel 2270
WLAN — Controllers, and Nortel WLAN — Security Switches (2270), running on any workstation with a
supported Web browser can be used to configure and monitor individual Nortel WLAN — Security Switches
(2270). See “Nortel WLAN — Security Switch Web Interface” on page 79.
•
A full-featured CLI (command line interface) can be used to configure and monitor individual Nortel WLAN
— Security Switches (2270). Refer to “Command Line Interface” on page 80.
•
TheWLAN — Management System Software interface is used to configure and monitor one or more Nortel
WLAN — Security Switches (2270) and associated APs, and has tools to facilitate large-system monitoring
and control. The Nortel WLAN — Management System Software runs on Windows 2000, Windows 2003
Server workstations. See “Nortel WLAN — Management System Software” on page 74
•
An industry-standard SNMP V1, V2c, and V3 interface can be used with any SNMP-compliant third-party
network management system.
The Nortel 2200 Series is currently available in the following configuration:
•
Service Only -- Supports client voice and data services, and client monitoring and control, but no Rogue AP
detection, monitoring or containment functions. See “Service-Only Nortel 2200 Series” on page 26
The following figure shows the Nortel 2200 Series components, which can be simultaneously deployed across multiple
floors and buildings.
Note: This document refers to Nortel WLAN — Security Switches (2270) throughout. Refer to
“Nortel WLAN — Security Switches (2270)” on page 43 for more information.
Nortel 2200 Series Product Guide
26 Service-Only Nortel 2200 Series
Figure - 1: Nortel 2200 Series Components in Appliance Mode
Service-Only Nortel 2200 Series
The Service-Only Nortel 2200 Series uses unique software to provide WLAN access for wireless clients, without the
overhead of an active Wireless Protection System. The Service-Only Nortel 2200 Series uses the following components:
•
Nortel WLAN — Security Switches (2270), described in “Nortel WLAN — Security Switches (2270)” on
page 44.
•
Nortel WLAN — Access Ports (223x), described in “Nortel WLAN — Access Ports (223x)” on page 59.
•
“Operating System Software” on page 29, which provides all the Data features and functions while operating
the Nortel WLAN — Security Switches (2270), WLAN — Access Ports (223x).
•
“WLAN — Management System Basic (Low-Resolution) Software” on page 75, which manages the
Service-Only Nortel 2200 Series.
•
“WMS Web Interface” on page 76, which manages the Service-Only Nortel 2200 Series, which provides
Client location to within ten meters.
The Service-Only Nortel 2200 Series provides wireless access services to data clients. As such, it supports the full suite
of Nortel 2200 Series data and voice features and functions.
Single-WLAN — Security Switch (2270) Deployments
As described in “About the Nortel 2200 Series” on page 25, a standalone WLAN — Security Switch (2270) can support
Nortel WLAN — Access Ports (223x) (WLAN — Access Ports [223x]) across multiple floors and buildings simultaneously, and supports the following features:
•
Autodetecting and autoconfiguring WLAN — Access Ports (223x) as they are added to the network, as
described in “Management Software” on page 31.
•
Full control of “Nortel WLAN — Access Ports (223x)” on page 59.
320298-A Rev 00
Multiple-WLAN — Security Switch (2270) Deployments 27
•
Control of associated Rogue Access Ports through the real-time control of system-wide WLAN Web, 802.1X,
and IPSec policies.
•
Full control of up to 16 WLAN — Access Ports (223x) and policies, as described in the Nortel WLAN —
Security Switch (2270) Quick Installation Guide Part # 216395-B.
•
In Appliance Mode, WLAN — Access Ports (223x) connect to the 2270 Nortel WLAN — Wireless Security
Switches (2270) through the network. The network equipment may or may not provide Power over Ethernet to
the WLAN — Access Ports (223x). See “Power Over Ethernet” on page 41
Note: Nortel WLAN — Wireless Security Switches (2270) can connect through the Management
Interface to multiple subnets in the Network. This can be helpful, for instance, when Nortel 2200
Series operators want to confine multiple VLANs to separate subnets using “Operator-Defined
Interfaces” on page 50.
Note that the Nortel WLAN — Wireless Security Switch (2270) uses two redundant GigE connections to
bypass single network failures. At any given time, one of the Nortel WLAN — Wireless Security Switch
(2270) GigE connections is active and the other is passive. Upon a network failure, the active connection
becomes passive, and the passive connection becomes active.
Figure - 2: Typical Nortel WLAN — Wireless Security Switches (2270) Deployed in Appliance Mode
Note: Nortel WLAN — Security Switches (2270) can connect through the Management Interface to
multiple subnets in the Network. This can be helpful, for instance, when Nortel 2200 Series
operators want to confine multiple VLANs to separate subnets using “Operator-Defined Interfaces”
on page 50.
Multiple-WLAN — Security Switch (2270) Deployments
Each Nortel WLAN — Wireless Security Switch (2270) can support WLAN — Access Ports (223x) across multiple
floors and buildings simultaneously. However, full functionality of the Nortel 2200 Series is realized when it includes
multiple Nortel WLAN — Security Switches (2270). That is, a multiple-WLAN — Security Switch (2270) system has
the following additional features over a single-WLAN — Security Switch (2270) deployment:
Nortel 2200 Series Product Guide
28 Multiple-WLAN — Security Switch (2270) Deployments
•
Autodetecting and autoconfiguring WLAN — Security Switch (2270) RF parameters as the Nortel WLAN —
Security Switches (2270) are added to the network, as described in “Management Software” on page 31.
•
Same-WLAN — Security Switch (2270) (Layer 2) Roaming and Inter-Subnet (Layer 3) Roaming.
•
Automatic WLAN — Access Port (223x) failover to any redundant WLAN — Security Switch (2270) with
unused ports (refer to “WLAN — Security Switch (2270) Failover Protection” on page 53).
The following figure shows a typical multiple-WLAN — Security Switch (2270) deployment, with the WLAN —
Security Switch (2270) in Appliance Mode. The figure also shows an optional dedicated Service Network, and the three
physical connection types between the network and the WLAN — Security Switch (2270), as further described in
“Network Connection to the WLAN — Security Switch (2270)” on page 55.
Note: Nortel WLAN — Wireless Security Switches (2270) can connect through the Management
Interface to multiple subnets in the Network. This can be helpful, for instance, when Nortel 2200
Series operators want to confine multiple VLANs to separate subnets using “Operator-Defined
Interfaces” on page 50.
Figure - 3: Typical Multiple-WLAN — Security Switch (2270) Deployment
320298-A Rev 00
Operating System Software 29
Operating System Software
The Operating System Software controls Nortel WLAN — Security Switches (2270), Nortel WLAN — Security
Switches (2270), Nortel WLAN — Access Ports (223x). It includes full Operating System Security, Management
Software and Operating System Security functions.
Operating System Security
Operating System Security bundles Layer 1, Layer 2 and Layer 3 security components into a simple, system-wide policy
manager that creates independent security policies for each of up to 16 Nortel WLANs. (Refer to “Nortel WLANs” on
page 38.)
One of the barriers that made enterprises avoid deploying 802.11 networks was the inherent weakness of 802.11 Static
WEP (Wired Equivalent Privacy) encryption. Because WEP is so insecure, enterprises have been looking for more
secure solutions for business-critical traffic.
The 802.11 Static WEP weakness problem can be overcome using robust industry-standard security solutions, such as:
•
802.1X dynamic keys with EAP (extended authorization protocol).
•
WPA (Wi-Fi protected access) dynamic keys. The Nortel WPA implementation includes:
-
TKIP + Michael (temporal key integrity protocol + message integrity code checksum) dynamic
keys, or
-
WEP (Wired Equivalent Privacy) keys, with or without Pre-Shared key Passphrase.
•
RSN () with or without Pre-Shared key.
•
Cranite FIPS140-2 compliant passthrough.
•
Fortress FIPS140-2 compliant passthrough.
•
Optional MAC Filtering.
The WEP problem can be further solved using industry-standard Layer 3 security solutions, such as:
•
Terminated and passthrough VPNs (virtual private networks), and
•
Terminated and passthrough L2TP (Layer Two Tunneling Protocol), which uses the IPSec (IP Security)
protocol.
•
Terminated and pass-through IPSec (IP security) protocols. The terminated Nortel IPSec implementation
includes:
-
IKE (internet key exchange),
-
DH (Diffie-Hellman) groups, and
-
Three optional levels of encryption: DES (ANSI X.3.92 data encryption standard), 3DES (ANSI
X9.52-1998 data encryption standard), or AES/CBC (advanced encryption standard/cipher block
chaining).
The Nortel IPSec implementation also includes industry-standard authentication using:
-
MD5 (message digest algorithm), or
-
SHA-1 (secure hash algorithm-1).
Nortel 2200 Series Product Guide
30 Nortel Wired Security
•
The Nortel 2200 Series supports local and RADIUS MAC Address (media access control) filtering.
•
The Nortel 2200 Series supports local and RADIUS user/password authentication.
•
The Nortel 2200 Series also uses manual and automated Disabling to block access to network services. In
manual Disabling, the operator blocks access using client MAC addresses. In automated Disabling, which is
always active, the Operating System software automatically blocks access to network services for an
operator-defined period of time when a client fails to authenticate for a fixed number of consecutive attempts.
This can be used to deter brute-force login attacks.
These and other Operating System Security features use industry-standard authorization and authentication methods to
ensure the highest possible security for your business-critical wireless LAN traffic.
For information about Nortel wired security, refer to “Nortel Wired Security” on page 30.
Nortel Wired Security
Many traditional Access Port vendors concentrate on security for the Wireless interface similar to that described in
“Operating System Security” on page 29. However, for secure WLAN — Security Switch (2270) Service Interfaces
(“Nortel WLAN — Management System Software” on page 74, “Nortel WLAN — Security Switch Web Interface” on
page 79, and “Command Line Interface” on page 80), WLAN — Security Switch (2270) to AP, and inter-WLAN —
Security Switch (2270) communications during device servicing and Client Roaming, the Operating System includes
built-in security.
Each Nortel WLAN — Wireless Security Switch (2270), and WLAN — Access Port (223x) is manufactured with a
unique, signed X.509 certificate. This certificate is used to authenticate IPSec tunnels between devices. These IPSec
tunnels ensure secure communications for mobility and device servicing.
Nortel WLAN — Security Switches (2270) and WLAN — Access Ports (223x) also use the signed certificates to verify
downloaded code before it is loaded, ensuring that hackers do not download malicious code into any Nortel WLAN —
Wireless Security Switch (2270) or WLAN — Access Port (223x).
For information about Nortel wireless security, refer to “Operating System Security” on page 29.
Layer 2 and Layer 3 LWAPP Operation
The LWAPP communications between Nortel WLAN — Security Switches (2270) and WLAN — Access Ports (223x)
can be conducted at ISO Data Link Layer 2 or Network Layer 3, when the connections are made in Appliance Mode.
Operational Requirements
The requirement for Layer 2 LWAPP communications is that the Nortel WLAN — Security Switches (2270), Nortel
WLAN — Wireless Security Switches (2270), and WLAN — Access Ports (223x) must be connected directly to each
other or connected through Layer 2 devices on the same subnet. This is the default operational mode for the Nortel 2200
Series. Note that when the Nortel WLAN — Security Switches (2270), WLAN — Access Ports (223x) are on different
subnets, these devices must be operated in Layer 3 mode.
The requirement for Layer 3 LWAPP communications is that the Nortel WLAN — Security Switches (2270), WLAN —
Access Ports (223x) can be connected directly to each other, connected through Layer 2 devices on the same subnet, or
connected through Layer 3 devices across subnets.
Note that all Nortel WLAN — Security Switches (2270) in a Nortel Mobility Group must use the same LWAPP Layer 2
or Layer 3 mode, or you will defeat the Mobility software algorithm.
320298-A Rev 00
Management Software 31
Configuration Requirements
When you are operating the Nortel 2200 Series in Layer 2 mode, you must configure a Management Interface to control
your Layer 2 communications.
When you are operating the Nortel 2200 Series in Layer 3 mode, you must configure a Management Interface to control
your Layer 2 communications, and an AP-Manager Interface to control WLAN — Access Port (223x)- to-WLAN —
Security Switch (2270) Layer 3 communications.
Management Software
Nortel is the only company to offer the powerful, comprehensive, and dynamic Management Software solution to the
802.11 market. The Management Software (also known as Radio Resource Management, or RRM) allows Nortel
WLAN — Security Switches (2270) to continually monitor their associated APs for the following information:
•
Traffic Load -- How much total bandwidth is used for transmitting and receiving traffic. This allows WLAN
managers to track and plan network growth ahead of client demand.
•
Interference -- How much traffic is coming from other 802.11 sources.
•
Noise -- How much non-802.11 noise is interfering with the currently-assigned channel.
•
Coverage -- Received Signal Strength (RSSI) and Signal to Noise Ratio (SNR) for all clients.
•
Nearby APs.
Using the collected information, the Management Software can periodically reconfigure the 802.11 RF network within
operator-defined limits for best efficiency. To do this, Management Software:
•
Dynamically reassigns channels to increase capacity and performance, both within the same WLAN —
Security Switch (2270) and across multiple Nortel WLAN — Security Switches (2270).
•
Adjusts the transmit power to balance coverage and capacity, both within the same WLAN — Security Switch
(2270) and across multiple Nortel WLAN — Security Switches (2270).
•
Allows the operator to assign nearby WLAN — Access Ports (223x) into groups to streamline Management
Software algorithm processing.
•
As new clients associate, they are load-balanced across grouped WLAN — Access Ports (223x) reporting to
each WLAN — Security Switch (2270). This is particularly important when many clients converge in one spot
(such as a conference room or auditorium), because Management Software can automatically force some
subscribers to associate with nearby APs, allowing higher throughput for all clients.
•
Automatically detects and configures new WLAN — Access Ports (223x) as they are added to the network.
The Management Software automatically adjusts nearby WLAN — Access Ports (223x) to accommodate the
increased coverage and capacity.
•
Automatically detects and configures new Nortel WLAN — Security Switches (2270) as they are added to the
network. The Management Software automatically distributes associated WLAN — Access Ports (223x) to
maximize coverage and capacity.
•
Detects and reports coverage holes, where clients consistently connect to WLAN — Access Ports (223x) at a
very low signal strength. Quanitfiable information is available from Nortel upon request.
•
Automatically defines WLAN — Security Switch (2270) Groups within operator-defined Mobility Groups.
Nortel 2200 Series Product Guide
32 Master WLAN — Security Switch (2270)
The Management Software solution thus allows the operator to avoid the costs of laborious historical data interpretation
and individual Nortel WLAN — Access Port (223x) reconfiguration. The power control features of Management
Software ensure client satisfaction, and the coverage hole detection feature can alert the operator to the need for an additional (or relocated) WLAN — Access Ports (223x).
Note that the Management Software uses separate monitoring and control for each of the deployed networks: 802.11a
and 802.11b/802.11g. Also note that the Management Software is automatically enabled, but can be customized or
disabled for individual WLAN — Access Ports (223x).
Finally, for operators requiring easy manual configuration, the Management Software can recommend the best Nortel
Networks Radio settings, and then assign them on operator command.
The Management Software controls produce a network that has optimal capacity, performance, and reliability. The
Management Software functions also free the operator from having to continually monitor the network for noise and
interference problems, which can be transient and difficult to troubleshoot. Finally, the Management Software controls
ensure that clients enjoy a seamless, trouble-free connection through the Nortel 802.11 network.
Master WLAN — Security Switch (2270)
When you are adding WLAN — Access Ports (223x) to a Multiple-WLAN — Security Switch (2270) Deployments
network configured in Appliance Mode, it is convenient to have all APs associate with one Master WLAN — Security
Switch (2270) on the same subnet. That way, the operator does not have to log into multiple Nortel WLAN — Security
Switches (2270) to find out which WLAN — Security Switch (2270) newly-added WLAN — Access Ports (223x) are
associated with.
One WLAN — Security Switch (2270) in each subnet can be assigned as the Master WLAN — Security Switch (2270)
while adding WLAN — Access Ports (223x). As long as a Master WLAN — Security Switch (2270) is active on the
same subnet, all new WLAN — Access Ports (223x) without a Primary, Secondary, and Tertiary WLAN — Security
Switch (2270) assigned automatically attempt to associate with the Master WLAN — Security Switch (2270). This
process is described in “WLAN — Security Switch (2270) Failover Protection” on page 53.
The operator can monitor the Master WLAN — Security Switch (2270) using the Nortel WLAN — Security Switch
Web Interface or the Nortel WLAN — Management System Software GUI, and watch as WLAN — Access Ports
(223x) associate with the Master WLAN — Security Switch (2270). The operator can then verify configuration and
assign a Primary, Secondary, and Tertiary WLAN — Security Switch (2270) to the WLAN — Access Port (223x), and
reboot the WLAN — Access Ports (223x) so it reassociates with its Primary, Secondary, or Tertiary WLAN — Security
Switch (2270).
Note: WLAN — Access Ports (223x) without a Primary, Secondary, and Tertiary WLAN —
Security Switch (2270) assigned always search for a Master WLAN — Security Switch (2270) first
upon reboot. After adding WLAN — Access Ports (223x) through the Master WLAN — Security
Switch (2270), assign Primary, Secondary, and Tertiary WLAN Security Switches (2270) to each
WLAN — Access Ports (223x).
Nortel recommends that you disable the Master WLAN — Security Switch (2270) setting on all
Nortel WLAN — Security Switches (2270) after initial configuration.
Because the Master WLAN — Security Switch (2270) is normally not used in a deployed network,
the Master WLAN — Security Switch (2270) setting is automatically disabled upon reboot or
Operating System code upgrade.
320298-A Rev 00
Primary, Secondary, and Tertiary WLAN — Security Switch (2270) 33
Primary, Secondary, and Tertiary WLAN — Security Switch (2270)
In Multiple-WLAN — Security Switch (2270) Deployments networks, WLAN — Access Ports (223x) can associate
with any WLAN — Security Switch (2270) in Appliance Mode on the same subnet. To ensure that each WLAN —
Access Ports (223x) associates with a particular WLAN — Security Switch (2270), the operator can assign Primary,
Secondary, and Tertiary WLAN Security Switches (2270) to the WLAN — Access Ports (223x).
When an WLAN — Access Ports (223x) is added to a network, it looks for its Primary, Secondary, and Tertiary WLAN
Security Switches (2270) first, then a Master WLAN — Security Switch (2270), then the least-loaded WLAN —
Security Switch (2270) with available WLAN — Access Ports (223x) ports. Refer to “WLAN — Security Switch (2270)
Failover Protection” on page 53 for more information.
Client Roaming
The Nortel 2200 Series supports seamless client roaming across WLAN — Access Ports (223x) managed by the same
WLAN — Security Switch (2270), between Nortel WLAN — Security Switches (2270) in the same Nortel Mobility
Group on the same subnet, and across Nortel WLAN — Security Switches (2270) in the same Mobility Group on
different subnets. The following chapters describe the three modes of roaming supported by the Nortel 2200 Series.
Same-WLAN — Security Switch (2270) (Layer 2) Roaming
Each WLAN — Security Switch (2270) supports Same-WLAN — Security Switch (2270) client roaming across WLAN
— Access Ports (223x), managed by the same WLAN — Security Switch (2270), when in Appliance Mode. This
roaming is transparent to the client, as the session is sustained and the client continues using the same DHCP-assigned or
client-assigned IP Address. The WLAN — Security Switch (2270) provides DHCP functionality by providing a relay
function. Same-WLAN — Security Switch (2270) roaming is supported in Single-WLAN — Security Switch (2270)
Deployments and Multiple-WLAN — Security Switch (2270) Deployments.
Inter-WLAN — Security Switch (2270) (Layer 2) Roaming
Similarly, in Multiple-WLAN — Security Switch (2270) Deployments, the Nortel 2200 Series supports client roaming
across WLAN — Access Ports (223x), managed by Nortel WLAN — Security Switches (2270) in the same mobility
group and on the same subnet. This roaming is also transparent to the client, as the session is sustained and a tunnel
between Nortel WLAN — Security Switches (2270) allows the client to continue using the same DHCP- or
client-assigned IP Address as long as the session remains active. Note that the tunnel is torn down and the client must
reauthenticate when the client sends a DHCP Discover with a 0.0.0.0 client IP Address or a 169.254.*.* client auto-IP
Address, or when the operator-set session timeout is exceeded.
Inter-Subnet (Layer 3) Roaming
Similarly, in Multiple-WLAN — Security Switch (2270) Deployments, the Nortel 2200 Series supports client roaming
across WLAN — Access Ports (223x), managed by Nortel WLAN — Security Switches (2270) in the same mobility
group on different subnets. This roaming is transparent to the client, because the session is sustained and a tunnel
between the Nortel WLAN — Security Switches (2270) allows the client to continue using the same DHCP-assigned or
client-assigned IP Address as long as the session remains active. Note that the tunnel is torn down and the client must
reauthenticate when the client sends a DHCP Discover with a 0.0.0.0 client IP Address or a 169.254.*.* client auto-IP
Address, or when the operator-set session timeout is exceeded.
Nortel 2200 Series Product Guide
34 Client Location
Special Case: Voice Over IP Telephone Roaming
802.11 VoIP telephones actively seek out associations with the strongest RF signal to ensure best Quality of Service
(QoS) and maximum throughput. The minimum VoIP telephone requirement of 20 millisecond or shorter latency time
for the roaming handover is easily met by the Nortel 2200 Series, which has an average handover latency of nine or
fewer milliseconds.
This short latency period is controlled by Nortel WLAN — Security Switches (2270), rather than allowing independent
APs to negotiate roaming handovers.
The Nortel 2200 Series supports 802.11 VoIP telephone roaming across WLAN — Access Ports (223x), managed by
Nortel WLAN — Security Switches (2270) on different subnets, as long as the Nortel WLAN — Security Switches
(2270) are in the same mobility group. This roaming is transparent to the VoIP telephone, because the session is
sustained and a tunnel between Nortel WLAN — Security Switches (2270) allows the VoIP telephone to continue using
the same DHCP-assigned IP Address as long as the session remains active. Note that the tunnel is torn down and the
VoIP client must reauthenticate when the VoIP telephone sends a DHCP Discover with a 0.0.0.0 VoIP telephone IP
Address or a 169.254.*.* VoIP telephone auto-IP Address, or when the operator-set session timeout is exceeded.
Client Location
The Nortel 2200 Series periodically determines client location and stores the locations in the WLAN — Management
System database. To view the client location history, display the WLAN — Management System Monitor Client
<client> - <vendor:MACaddr> page and select Recent Map (High Resolution) or Present Map (High Resolution).
External DHCP Servers
The Operating System is designed to appear as a DHCP Relay to the network and as a DHCP Server to clients with
industry-standard external DHCP Servers that support DHCP Relay. This means that each WLAN — Security Switch
(2270) appears as a DHCP Relay agent to the DHCP Server. This also means that the WLAN — Security Switch (2270)
appears as a DHCP Server at the virtual IP Address to wireless clients.
Because the WLAN — Security Switch (2270) captures the client IP Address obtained from a DHCP Server, it
maintains the same IP Address for that client during same-WLAN — Security Switch (2270), inter-WLAN — Security
Switch (2270), and inter-subnet Client Roaming.
Per-WLAN Assignment
All Nortel WLANs can be configured to use the same or different DHCP Servers, or no DHCP Server. This allows
operators considerable flexibility in configuring their Wireless LANs, as further described in the “Nortel WLANs” on
page 38.
Note that Nortel WLANs that support Management over Wireless must allow the management (device servicing) clients
to obtain an IP Address from a DHCP Server. See “Using Management over Wireless” on page 96.
Per-Interface Assignment
•
The Layer 2 Management Interface can be configured for a primary and secondary DHCP server.
•
The Layer 3 AP-Manager Interface can be configured for a primary and secondary DHCP server.
•
Each of the Operator-Defined Interfaces can be configured for a primary and secondary DHCP server.
•
The Virtual Interface does not use DHCP servers.
320298-A Rev 00
Nortel Mobility Group 35
•
The Service-Port Interface can be configured to enable or disable DHCP servers.
Security Considerations
For enhanced security, it is recommended that operators require all clients to obtain their IP Addresses from a DHCP
server. To enforce this requirement, all Nortel WLANs can be configured with a ‘DHCP Required’ setting and a valid
DHCP Server IP Address, which disallows client static IP Addresses. If a client associating with a WLAN with ‘DHCP
Required’ set does not obtain its IP Address from the designated DHCP Server, it is not allowed access to any network
services.
Note that if ‘DHCP Required’ is selected, clients must obtain an IP address through DHCP. Any client with a static IP
address will not be allowed on the network. The WLAN — Security Switch (2270) monitors DHCP traffic since it acts
as a DHCP proxy for the clients.
If slightly less security is tolerable, operators can create Nortel WLANs with ‘DHCP Required’ disabled and a valid
DHCP Server IP Address. Clients then have the option of using a static IP Address or obtaining an IP Address from the
designated DHCP Server.
Operators are also allowed to create separate Nortel WLANs with ‘DHCP Required’ disabled and a DHCP Server IP
Address of 0.0.0.0. These WLANs drop all DHCP requests and force clients to use a static IP Address. Note that these
WLANs do not support Management over Wireless.
Nortel Mobility Group
Nortel 2200 Series operators can define Mobility Groups to allow client roaming across groups of Nortel WLAN —
Wireless Security Switches (2270). Because the Nortel WLAN — Security Switches (2270) in Multiple-WLAN —
Security Switch (2270) Deployments can detect each other across the network and over the air, it is important that each
enterprise, institution, and wireless internet service provider isolate their Nortel WLAN — Security Switches (2270).
The Operating System makes it easy for operators to create this isolation by allowing them to assign a Mobility Group
Name to their Nortel WLAN — Security Switches (2270). This assignment can be made using the Nortel WLAN —
Security Switch Web Interface, the Nortel WLAN — Management System Software, or the Command Line Interface.
Note that all the Nortel WLAN — Security Switches (2270) in a Mobility Group must use the same LWAPP Layer 2
and Layer 3 LWAPP Operation, or you will defeat the Mobility software algorithm.
The following figure shows the results of creating Mobility Group Names for two groups of Nortel WLAN — Security
Switches (2270). The Nortel WLAN — Security Switches (2270) in the ABC Mobility Group recognize and communicate with each other through their Nortel WLAN — Access Ports (223x) and through their shared subnets, but the ABC
Mobility Group tags the XYZ WLAN — Access Ports (223x) as Rogue Access Ports. Likewise, the Nortel WLAN —
Security Switches (2270) in the XYZ Mobility Group do not recognize or communicate with the Nortel WLAN —
Security Switches (2270) in the ABC Mobility Group. This feature ensures Mobility Group isolation across the network.
Nortel 2200 Series Product Guide
36 Nortel Mobility Group
Figure - 4: Typical Nortel Mobility Group Name Application
CAUTION: Nortel recommends that you assign one set of VLANs for WLANs and a different set
of VLANs for Management Interfaces to ensure that Nortel WLAN — Security Switches (2270)
properly route VLAN traffic.
The Nortel Mobility Group feature can also be used to limit roaming between different floors, buildings, or campuses in
the same enterprise by assigning different Mobility Group names to different Nortel WLAN — Security Switches (2270)
within the same wireless network.
CAUTION: The Nortel 2200 Series does not support simultaneous inter-switch and inter-subnet
roaming. Either install all the WLAN — Security Switch (2270) Mobility group members in the
same subnet or install all the WLAN — Security Switch (2270) Mobility group members in
different subnets.
If enabled, Management Software operation is constrained within each Nortel Mobility Group.
320298-A Rev 00
Nortel Wired Connections 37
Note: Because the Nortel WLAN — Security Switches (2270) talk to each other when they are in
the same mobility group, Nortel recommends that operators do not add physically separated Nortel
WLAN — Security Switches (2270) to the same static mobility group to avoid unnecessary traffic
on the network.
Nortel Wired Connections
The Nortel 2200 Series components communicate with each other using industry-standard Ethernet cables and connectors. The following sections contain details of the Nortel wired connections.
Between Nortel WLAN — Security Switches (2270) and APs
Nortel WLAN — Security Switches (2270) use standard 802.3 CAT-5 (Category 5) or higher twisted-pair Ethernet
cables to connect to Nortel WLAN — Access Ports (223x), and Rogue Access Ports. The CAT-5 cable is rated to carry
100 Mbps (recommended for 802.11a, 802.11a/b, 802.11a/g or 802.11a/b/g installations) or 10 Mbps (only recommended for low-bandwidth applications and 802.11b-only installations).
The Nortel WLAN — Security Switches (2270) connect to the network using one or more copper 10/100Base-T cables
and/or copper or fiber-optic GigE cables.
Note that the 2270 Nortel WLAN — Wireless Security Switches (2270) operate only in Appliance Mode, and do not
connect directly to any Access Ports. This is illustrated in the following figure.
Figure - 5: Appliance mode operation
When the WLAN — Security Switch (2270) is operated in Appliance Mode, the WLAN — Access Ports (223x)
communicate with the WLAN — Security Switch (2270) through the network. The Nortel WLAN — Security Switches
(2270) connect to the network using one or more copper 10/100Base-T cables and/or copper or fiber-optic GigE cables.
The Nortel WLAN — Wireless Security Switch (2270) connects to the network using two fiber-optic GigE cables: two
redundant GigE connections are used to bypass single network failures. At any given time, one of the Nortel WLAN —
Wireless Security Switch (2270) GigE connections is active and the other is passive. Upon a network failure, the active
connection becomes passive, and the passive connection becomes active.
Note that the Nortel WLAN — Wireless Security Switches (2270) only operate in Appliance Mode, and do not connect
directly to any Access Ports.
Nortel 2200 Series Product Guide
38 Nortel WLANs
Figure - 6: Typical Nortel WLAN — Wireless Security Switch (2270) in Appliance Mode
When the Nortel WLAN — Security Switches (2270) are operated in Appliance Mode, the switch connects to the
network using one or more copper 10/100Base-T cables and/or copper or fiber-optic GigE cables.
Standard CAT-5 cable supports a 100 meter (m) (328 ft.) run between the WLAN — Access Ports (223x) and the switch.
This allows a single switch to serve WLAN — Access Ports (223x) in multiple buildings and/or floors in a single
building.
The standard CAT-5 cable can also be used to conduct power for the WLAN — Access Ports (223x) from a network
device equipped with Power Over Ethernet (PoE) capability. This power distribution plan can be used to reduce the cost
of individual AP power supplies and related cabling.
Between Nortel WLAN — Security Switches (2270) and Other Network Devices
The Nortel WLAN — Security Switches (2270) communicate with other Nortel WLAN — Wireless Security Switches
(2270) or network devices through one or more standard CAT-5 cables connected to any front-panel port, which
supports up to 100 Mbps, and/or through standard rear-panel Gigabit Ethernet (or GigE) cables, which support up to
1 Gbps (1,000 Mbps).
The Nortel WLAN — Wireless Security Switch (2270) connects to the network using a front-panel fiber-optic GigE
cable. The 2270 Nortel WLAN — Wireless Security Switch (2270) connects to the network using two front-panel
fiber-optic GigE cables: two redundant GigE connections to bypass single network failures. At any given time, one of
the 2270 Nortel WLAN — Wireless Security Switch (2270) GigE connections is active and the other is passive. Upon a
network failure, the active connection becomes passive, and the passive connection becomes active.
Nortel WLANs
The Nortel 2200 Series can control up to 16 Wireless LANs for Nortel WLAN — Access Ports (223x), plus one WLAN
for Rogue Access Ports. Each WLAN has a separate WLAN ID (1 through 16), a separate WLAN SSID (WLAN Name),
and can be assigned unique security policies.
The WLAN — Access Ports (223x) broadcast all active Nortel WLAN SSIDs and enforce the policies defined for each
WLAN, as described in “Rogue Access Ports” on page 72.
Note that many enterprises use different WLANs to separate traffic for different sections or departments.
320298-A Rev 00
Access Control Lists 39
CAUTION: Nortel recommends that you assign one set of VLANs for WLANs and a different set
of VLANs for Management Interfaces to ensure that Nortel WLAN — Security Switches (2270)
properly route VLAN traffic.
If Management over Wireless is enabled across Nortel 2200 Series installation, the Nortel 2200 Series operator can
manage the System across the enabled WLAN using CLI and Telnet (“Command Line Interface” on page 80), http/https
(“Nortel WLAN — Security Switch Web Interface” on page 79), and SNMP (“Nortel WLAN — Management System
Software” on page 74).
To configure the Nortel WLANs, refer to “Configuring WLANs” on page 127.
Access Control Lists
The Operating System allows you to define up to 64 Access Control Lists (ACLs), similar to standard firewall Access
Control Lists. Each ACL can have up to 64 Rules (filters).
Operators can use ACLs to control client access to multiple VPN servers within a given WLAN. If all the clients on a
WLAN must access a single VPN server, use the IPSec/VPN Gateway Passthrough setting in IPSec Passthrough,
WLANs > Edit or Configure <IPaddr> > WLAN > Add From Template section.
After they are defined, the ACLs can be applied to the Management Interface, the AP-Manager Interface, or any of the
“Operator-Defined Interfaces” on page 50.
Refer to Access Control Lists > New in the WLAN Security Switch Web Interface Online Help or “Creating Access
Control Lists” on page 127 in the Configuring the WLAN — Security Switch (2270) sections for instructions on how to
configure the Access Control Lists.
Identity Networking
Nortel WLAN — Wireless Security Switches (2270) can have the following parameters applied to all clients associating
with a particular WLAN: QoS, global or Interface-specific DHCP server, Layer 2 and Layer 3 Security Policies, and
default Interface (which includes physical port, VLAN and ACL assignments).
However, the WLAN — Security Switch (2270) can also have individual clients (MAC addresses) override the preset
WLAN parameters by using MAC Filtering or by allowing AAA override parameters. This configuration can be used,
for example, to have all company clients log into the corporate WLAN, and then have clients connect using different
QoS, DHCP server, Layer 2 and Layer 3 Security Policies, and Interface (which includes physical port, VLAN and ACL
assignments) settings on a per-MAC Address basis.
When Nortel 2200 Series operators configure MAC Filtering for a client, they can assign a different VLAN to the MAC
Address, which can be used to have Operating System automatically reroute the client to the Management Interface or
any of the Operator-Defined Interfaces, each of which have their own VLAN, ACL, DHCP server, and physical port
assignments. This MAC Filtering can be used as a coarse version of AAA Override, and normally takes precedence over
any AAA (RADIUS or other) Override.
However, when Allow AAA Override is enabled, the RADIUS (or other AAA) server can alternatively be configured to
return QoS and ACL on a per-MAC Address basis. Allow AAA Override gives the AAA Override precedence over the
MAC Filtering parameters set in the WLAN — Security Switch (2270); if there are no AAA Overrides available for a
given MAC Address, the Operating System uses the MAC Filtering parameters already in the WLAN — Security
Switch (2270). This AAA (RADIUS or other) Override can be used as a finer version of AAA Override, but only takes
precedence over MAC Filtering when Allow AAA Override is enabled.
Nortel 2200 Series Product Guide
40 Port Mirroring
Note that in all cases, the Override parameters (Operator-Defined Interface and QoS, for example) must already be
defined in the WLAN — Security Switch (2270) configuration.
In all cases, the Operating System uses QoS and ACL provided by the AAA server or MAC Filtering regardless of the
Layer 2 and/or Layer 3 authentication used.
Also note that the Operating System will only move clients from the default Nortel WLAN VLAN to a different VLAN
when configured for MAC filtering, 802.1X, and/or WPA Layer 2 authentication.
To configure the Nortel WLANs, refer to “Configuring WLANs” on page 127.
Port Mirroring
For troubleshooting, the Nortel 2200 Series operator can mirror a transmit and receive data stream through a WLAN —
Access Port (223x) to another physical port on a switch.
Step 1
Set up a Mirror Port on the switch.
1.
In the Command Line Interface (CLI), use the config mirror port command and enable Mirror Mode for the
physical front-panel port.
2.
In the Nortel WLAN — Security Switch Web Interface, navigate to the Port > Configure page and enable
Mirror Mode for the physical front-panel port.
3.
In the WMS Web Interface, navigate to the Monitor Switches > <IPaddr> > Ports > n page and enable Mirror
Mode for the physical front-panel port.
All data to and from mirrored clients, WLAN — Access Ports (223x), will now appear on this port.
Step 2
Once you have set up a front-panel Mirror Port, configure one or more clients, WLAN — Access Ports (223x), to mirror
data to the selected Mirror Port.
1.
2.
Mirror a client by enabling Mirror Mode:
a.
In the Command Line Interface (CLI), use the config mirror mac command and enable Mirror Mode
for the client.
b.
In the Nortel WLAN — Security Switch Web Interface, navigate to the Clients > Detail page and
enable Mirror Mode for the client.
c.
In the WMS Web Interface, navigate to Configure Access Ports > Access Port > <name> and enable
Mirror Mode for the client.
Mirror WLAN — Access Ports (223x) by enabling Mirror Mode:
a.
In the CLI, navigate to the config mirror ap command and enable Mirror Mode for the WLAN —
Access Ports (223x).
b.
In the Nortel WLAN — Security Switch Web Interface, use the Nortel Networks APs > Details page
and enable Mirror Mode for the WLAN — Access Port (223x).
c.
In the WMS Web Interface, navigate to Configure <IPaddr> > Nortel Networks WLAN AP and
enable Mirror Mode for the WLAN — Access Ports (223x).
320298-A Rev 00
File Transfers 41
File Transfers
The Nortel 2200 Series operator can upload and download Operating System code, configuration, and certificate files to
and from an WLAN — Security Switch (2270) using CLI commands, Nortel Nortel WLAN — Security Switch Web
Interface commands, or Nortel WLAN — Management System Software (WLAN — Management System Software)
commands.
•
To use CLI commands, refer to “Transferring Files To and From an WLAN — Security Switch (2270)” on
page 141.
•
To use the Nortel WLAN — Security Switch Web Interface, go to “Using the WLAN — Security Switch Web
Interface” on page 222.
•
To use WLAN — Management System Software commands, continue with “Using the Nortel WLAN —
Management System Software” on page 154.
Power Over Ethernet
Nortel PoE-equipped Switches such as the BayStack 460 and Nortel WLAN — Access Ports (223x) support
802.3af-compatible Power over Ethernet (PoE), which can reduce the cost of discrete power supplies, additional wiring,
conduits, outlets, and installer time. PoE also frees installers from having to mount Nortel WLAN — Access Ports
(223x) or other powered equipment near AC outlets, providing greater flexibility in positioning WLAN — Access Ports
(223x) for maximum coverage.
When you are using PoE, the installer runs a single CAT-5 cable from each WLAN — Access Ports (223x) to the
PoE-equipped Switches or other network elements, to a PoE power hub, or to a Nortel Single-Line PoE Injector,
described in “WLAN — Access Ports (223x) Models” on page 61. When the PoE equipment determines that the WLAN
— Access Ports (223x) is PoE-enabled, it sends 48 VDC over the unused pairs in the Ethernet cable to power the WLAN
— Access Ports (223x).
The PoE cable length is limited by the 100Base-T or 10Base-T specification to 100 m or 200 m, respectively.
Note: Nortel WLAN — Access Ports (223x) can receive power from any other network device
conforming to the IEEE 802.3af standard.
Note: Each WLAN — Access Ports (223x) can alternatively receive power from “WLAN —
Access Ports (223x) External Power Supply” on page 71.
The product can be ordered with or without PoE, as required. It can be ordered with internal PoE, an external third-party
PoE hub, or an Nortel Single-Line PoE Injector. Contact Nortel for recommended external PoE equipment.
Intrusion Detection Service (IDS)
Intrusion Detection Service includes the following:
•
Sensing Clients probing for “ANY” SSID
•
Sensing if AeS is being contained
•
Notification of MiM Attacks, NetStumbler, Wellenreiter
•
Management Frame Detection and RF Jamming Detection
•
Airjack Detection (Spoofed Deauthorization detection)
Nortel 2200 Series Product Guide
42 Intrusion Detection Service (IDS)
•
Broadcast Deauthorization Detection
•
Null Probe Response Detection
•
Fake AP Detection
•
Detection of Weak WEP Encryption
•
MAC Spoofing Detection
•
AP Impersonation Detection
•
Honeypot AP Detection
•
Valid Station Protection
•
Misconfigured AP Protection
•
Rogue AP Detection
•
AD-HOC Detection and Protection
•
Wireless Bridge Detection
•
Asleep Detection / Protection
320298-A Rev 00
Nortel WLAN — Security Switches (2270) 43
Nortel WLAN — Security Switches (2270)
Nortel WLAN — Wireless Security Switches (2270) are enterprise-class high-performance wireless switching platforms
that support 802.11a and 802.11b/802.11g protocols. They operate under control of the Operating System, which
includes the Management Software, resulting in a Nortel 2200 Series that can automatically adjust to real-time changes
in the 802.11 RF environment. The Nortel WLAN — Security Switches (2270) are built around high-performance
network and security hardware, resulting in highly reliable 802.11 enterprise networks with unparalleled security. Also
see:
•
“Nortel WLAN — Security Switches (2270)” on page 44
•
“WLAN — Security Switch (2270) Features” on page 44
•
“WLAN — Security Switch (2270) Model Numbers” on page 45
•
“Appliance Mode” on page 46
•
“Distribution System Ports” on page 47
•
“Management Interface” on page 49
•
“AP-Manager Interface” on page 49
•
“Operator-Defined Interfaces” on page 50
•
“Virtual Interface” on page 51
•
“Service Port” on page 51
•
“Service-Port Interface” on page 51
•
“Startup Wizard” on page 52
•
“WLAN — Security Switch (2270) Memory” on page 53
•
“WLAN — Security Switch (2270) Failover Protection” on page 53
•
“WLAN — Security Switch (2270) Automatic Time Setting” on page 54
•
“WLAN — Security Switch (2270) Time Zones” on page 54
•
“Network Connection to the WLAN — Security Switch (2270)” on page 55
•
“Crypto Accelerator Module” on page 57
•
“Nortel Wired Connections” on page 37
•
“Nortel WLAN — Access Ports (223x)” on page 59
•
“Nortel WLANs” on page 38
•
“Identity Networking” on page 39
•
“Port Mirroring” on page 40
•
“Configuring the WLAN — Security Switch (2270)” on page 118
•
“Transferring Files To and From an WLAN — Security Switch (2270)” on page 141
•
“Updating the Operating System Software” on page 141
•
“Clearing Configurations” on page 151
•
“Resetting the WLAN — Security Switch (2270)” on page 152
Nortel 2200 Series Product Guide
44 Nortel WLAN — Security Switches (2270)
•
WLAN — Security Switch (2270) Quick Installation Guide Part # 216395-B
Nortel WLAN — Security Switches (2270)
The Nortel 2200 Series Security Switches are one-unit high 802.11 wireless Switches that control up to 12 and 24 Nortel
WLAN — Access Ports (223x), and/or Rogue Access Ports, respectively, making them ideal for larger enterprise and
high-density applications, and applications that require integration of existing Rogue Access Ports. The Nortel WLAN
— Security Switches (2270) communicate indirectly (Appliance Mode) with up to 12 or 24 associated Nortel WLAN —
Access Ports (223x) and/or Rogue Access Ports.
The Nortel WLAN — Security Switches (2270) are factory equipped with a Crypto Accelerator Module (Crypto Card)
to support VPN, IPSec and other processor-intensive tasks, and with a single- or dual-1000Base-SX (fiber-optic)
Network Adaptor Module to allow communications with the network at GigE (Gigabit Ethernet) speeds.
The two redundant GigE connections on the dual-1000Base-SX (fiber-optic) Network Adaptor Module allow bypass of
single network failures. At any given time, one of the dual-1000Base-SX (fiber-optic) Network Adaptor Module GigE
connections is active and the other is passive. Upon a network failure, the active connection becomes passive, and the
passive connection becomes active.
The 2270 Nortel WLAN — Security Switches (2270) is part of the Nortel 2200 Series. The Nortel WLAN — Security
Switches (2270) is a one-unit high 802.11 wireless WLAN — Security Switches (2270) that communicate indirectly
through the network (Appliance Mode) with up to 36 associated Nortel WLAN — Access Ports (223x), making it ideal
for larger enterprise and high-density applications.
The following figure shows the 2270 WLAN — Security Switch (2270), which has two redundant front-panel SX/LC
jacks.
Figure - 7: WLAN — Security Switch (2270)
The Nortel WLAN — Security Switches (2270) are factory-equipped with a Crypto Accelerator Module (Crypto Card)
to support VPN, IPSec and other processor-intensive tasks, and the two redundant GigE connections on the 2270 allow
the WLAN — Security Switch (2270) to bypass single network failures. At any given time, one of the 2270 WLAN —
Security Switch (2270) GigE connections is active and the other is passive. Upon a network failure, the active connection becomes passive, and the passive connection becomes active.
WLAN — Security Switch (2270) Features
When operated in Appliance Mode, Nortel WLAN — Security Switches (2270) connect to the associated Nortel WLAN
— Access Ports (223x) through the network.
320298-A Rev 00
WLAN — Security Switch (2270) Model Numbers 45
Note that the 2270 Nortel WLAN — Wireless Security Switches (2270) are designed to operate exclusively in
Appliance Mode. As such, they are limited to controlling Nortel WLAN — Access Ports (223x).
After each WLAN — Security Switch (2270) is installed and configured, the Operating System Management Software is
activated, and the Operating System manages and controls associated Nortel WLAN — Access Ports (223x), with information about their relative positions, IP Addresses, and MAC addresses. This information allows all Nortel WLAN —
Security Switches (2270) within each Nortel Mobility Group to constantly monitor and dynamically adjust the RF environment, maximizing performance, minimizing interference, and distributing the client load.
When operated in Appliance Mode, the Nortel WLAN — Security Switches (2270) communicate with WLAN —
Access Ports (223x) 1000Base-SX cables through the network. Note that the optional dual-1000Base-SX module uses
two redundant GigE connections to bypass single network failures. At any given time, one of the dual-1000Base-SX
module GigE connections is active and the other is passive. Upon a network failure, the active connection becomes
passive, and the passive connection becomes active. Note that each 1000Base-SX module provides a 100/1000 Mbps
wired connection to a network through an 850nM (SX) fiber-optic link using an LC physical connector.
The Nortel WLAN — Security Switches (2270) communicate with network through one or more front-panel
1000Base-SX Network ports. The 2270 Nortel WLAN — Wireless Security Switches (2270) communicate with
network through one or two (2270) 1000Base-SX Network Ports: the 2270 Nortel WLAN — Wireless Security Switch
(2270) uses two redundant GigE connections to bypass single network failures.
Regardless of operating mode, the network operator can control the Nortel WLAN — Security Switches (2270) with the
following Operating System device servicing interfaces:
•
With optional “Nortel WLAN — Management System Software” on page 74 (WLAN — Management System
Software) inband or out-of-band through a front-panel 10/100Base-T Service port (Service Interface), or
through the network (Management Interface).
•
With the built-in “Command Line Interface” on page 80 through a serial RS232-C Console Port (direct
connection), or through the network (Telnet connection).
•
With the built-in “Nortel WLAN — Security Switch Web Interface” on page 79 through a dedicated 10/
100Base-T Service port (recommended), or through the network, using either http or https (http + SSL).
WLAN — Security Switch (2270) Model Numbers
Nortel WLAN — Wireless Security Switches (2270) models are as follows:
•
36-Port Nortel WLAN — Wireless Security Switches (2270) with one 1000Base-SX/LC Network Adapter,
used only in Appliance Mode. The Nortel WLAN — Wireless Security Switches (2270) uses two redundant
GigE connections to bypass single network failures. That is, at any given time, one of the Nortel WLAN —
Wireless Security Switches (2270) GigE connections is active and the other is passive. Upon a network failure,
the active connection becomes passive, and the passive connection becomes active. Note that the
1000Base-SX Network Adapters provide 100/1000 Mbps wired connections to a network through 850nM
(SX) fiber-optic links using LC physical connectors.
Note that all WLAN — Security Switch (2270) models come from the factory with a 19-inch EIA equipment rack,
flush-mount ears, and tabletop mounting feet.
The following upgrade modules are also available:
•
Crypto Accelerator Module: Supports VPN, L2TP, IPSec and other processor-intensive security options. This
is a factory-orderable and installed option for all Nortel WLAN — Security Switches (2270).
Nortel 2200 Series Product Guide
46 Appliance Mode
•
WLAN — Security Switch (2270) - Dual-1000Base-SX (1000Base-T) 1GE copper port: Supports two
1000Base-SX connections to the network. This is a factory-orderable and installed option for Nortel WLAN
— Security Switches (2270). The dual-1000Base-SX module uses two redundant GigE connections to bypass
single network failures. At any given time, one of the dual-1000Base-SX module GigE connections is active
and the other is passive. Upon a network failure, the active connection becomes passive, and the passive
connection becomes active. Note that the 1000Base-SX (1000Base-T) 1GE copper port provides 100/
1000 Mbps wired connections to a network through 850nM (SX) fiber-optic links using LC physical
connectors.
The Nortel WLAN — Security Switches (2270) communicate with the backbone network through a 1000Base-T or
1000Base-SX Network Port, or through any front-panel 10/100Base-T Ethernet port as described in the “Network
Connection to the WLAN — Security Switch (2270)” on page 55 section.
The WLAN — Security Switch (2270) uses industry-standard SNMP protocol to communicate with the Nortel WLAN
— Management System Software, and communicates with Operating System device servicing interfaces as follows:
•
With an optional WLAN — Management System Software or other Operating System Service Interface, either
directly connected or through an out-of-band Operating System Service Network, or through a dedicated 10/
100Base-T Service Port.
•
With an optional VT-100 CLI console through a serial RS232-C Console Port.
Note: Nortel recommends that you not use the network for your Operating System device service,
because a service outage on your network means that you have no dedicated path to the switch.
The switch can be equipped with built-in Power Over Ethernet circuitry, an external PoE hub, or an Nortel Single Inline
Power over Ethernet Injector which allows associated WLAN — Access Ports (223x), to receive power over the CAT-5
Ethernet cabling.
Appliance Mode
All Nortel WLAN — Security Switches (2270) and 2270 Nortel WLAN — Wireless Security Switches (2270) can be
operated in Appliance Mode. In Appliance Mode, the WLAN — Security Switch (2270) communicates indirectly with
up to 36 Model 2270 Switches, and up to 12 or up to 24 associated WLAN — Access Ports (223x) through the network.
The following figure shows a WLAN — Security Switch (2270) in Appliance Mode.
320298-A Rev 00
Distribution System Ports 47
Figure - 8: WLAN — Security Switch (2270) Deployed in Appliance Mode
The WLAN — Security Switch (2270) communicates with the network using one of the interfaces described in
“Network Connection to the WLAN — Security Switch (2270)” on page 55.
Distribution System Ports
A Distribution System (DS) port is a physical port (see “Nortel Wired Connections” on page 37) through which the
WLAN — Security Switch (2270) talks to the network and other Access Ports. DS Ports are where packets are
exchanged between the Nortel 2200 Series WLANs and the rest of the network. The DS Ports can also be used to
communicate with WLAN — Access Ports (223x) in Appliance Mode.
•
The Nortel WLAN — Wireless Security Switch (2270) supports a single Distribution System port because it
has only one physical port, and the 2270 Nortel WLAN — Wireless Security Switch (2270) supports a single
Distribution System port because it has two redundant 1000Base-SX physical ports that must connect to the
same subnet.
•
The switch can have as many Distribution System ports as it has 10/100/1000Base-T/-SX physical ports,
except when the Switch is equipped with a dual-port 1000Base-SX (1000Base-T) 1GE copper port. When the
Switch is equipped with a dual-port 1000Base-SX (1000Base-T) 1GE copper port, the (1000Base-T) 1GE
copper port’s two redundant physical ports must connect to the same subnet.
Note: The Distribution System Port cannot be assigned to the dedicated WLAN — Security Switch
(2270) front-panel Service Port.
As described in Layer 2 and Layer 3 LWAPP Operation, when the LWAPP communications are set to Layer 2 (same
subnet) operation, the Distribution System must have one Management Interface to control all inter-WLAN — Security
Switch (2270) and all WLAN — Security Switch (2270)-to-WLAN — Access Ports (223x) communications, regardless
of the number of physical Distribution System ports.
Also as described in Layer 2 and Layer 3 LWAPP Operation, when the LWAPP communications are set to Layer 3
(different subnet) operation, the Distribution System must have one Management Interface to control all inter-WLAN —
Security Switch (2270) communications, and must have one AP-Manager Interface to control all WLAN — Security
Nortel 2200 Series Product Guide
48 Distribution System Ports
Switch (2270)-to-WLAN — Access Ports (223x) communications, regardless of the number of physical Distribution
System ports.
Each physical Distribution System port can also have between 1 and 512 Operator-Defined Interfaces assigned to it.
Each Operator-Defined Interface is individually configured, and allows VLAN communications to exist on the Distribution System port(s).
Refer to “Configuring the WLAN — Security Switch (2270)” on page 118 for configuration instructions.
320298-A Rev 00
Management Interface 49
Management Interface
The logical Management Interface controls Layer 2 communications between Nortel WLAN — Wireless Security
Switches (2270), Nortel WLAN — Access Ports (223x), and Rogue Access Ports.
CAUTION: Nortel recommends that you assign one set of VLANs for WLANs and a different set
of VLANs for Management Interfaces to ensure that Nortel WLAN — Security Switches (2270)
properly route VLAN traffic.
The Management Interface is assigned to one physical port (“Nortel Wired Connections” on page 37), through which it
communicates with other network devices and other access ports. However, the Management Interface can also communicate through all other physical ports except the front-panel Service Port as follows:
•
Sends messages through the Layer 2 network to autodiscover and communicate with other Nortel WLAN —
Security Switches (2270) through all physical ports except the front-panel Service Port.
•
Listens across the Layer 2 network for WLAN — Access Port (223x) LWAPP polling messages to autodiscover, associate with, and communicate with as many Nortel WLAN — Access Ports (223x) as it can.
Note: Should a Nortel WLAN — Wireless Security Switch (2270) in Appliance Mode fail, its
dropped Nortel WLAN — Access Ports (223x) poll the network for another WLAN — Security
Switch (2270). When an online WLAN — Security Switch (2270) has any remaining WLAN —
Access Ports (223x) ports, the Management Interface listens to the network for WLAN — Access
Ports (223x) polling messages to autodiscover, associate with, and communicate with as many
Nortel WLAN — Access Ports (223x) as it can. Refer to “WLAN — Security Switch (2270)
Failover Protection” on page 53 for more information.
Note: The Management Interface cannot be assigned to the dedicated WLAN — Security Switch
(2270) front-panel Service Port.
The Management Interface uses the burned-in WLAN — Security Switch (2270) Distribution System MAC address, and
must be configured for the following:
•
VLAN assignment.
•
Fixed IP Address, IP netmask, and default gateway.
•
Physical port assignment.
•
Primary and Secondary DHCP Servers.
•
Access Control List, if required.
Refer to “Configuring the WLAN — Security Switch (2270)” on page 118 for configuration instructions.
AP-Manager Interface
The logical AP-Manager Interface controls Layer 3 communications between Nortel WLAN — Wireless Security
Switches (2270) and Nortel WLAN — Access Ports (223x).
Nortel 2200 Series Product Guide
50 Operator-Defined Interfaces
The AP-Manager Interface is assigned to one physical port (“Nortel Wired Connections” on page 37), and can be on the
same subnet and physical port as the page 49. The AP-Manager Interface can communicate through any physical port
except the front-panel Service Port as follows:
•
Sends Layer 3 messages through the network to autodiscover and communicate with other Nortel WLAN —
Security Switches (2270).
•
Listens across the network for Layer 3 WLAN — Access Ports (223x) LWAPP polling messages to autodiscover, associate with, and communicate with as many WLAN — Access Ports (223x) as it can.
Note: Should a Nortel WLAN — Wireless Security Switch (2270) in Appliance Mode fail, its
dropped WLAN — Access Ports (223x) poll the network for another WLAN — Security Switch
(2270). When an online WLAN — Security Switch (2270) has any remaining WLAN — Access
Ports (223x) ports, the AP-Manager Interface listens to the network for WLAN — Access Ports
(223x) polling messages to autodiscover, associate with, and communicate with as many WLAN —
Access Ports (223x) as it can. Refer to “WLAN — Security Switch (2270) Failover Protection” on
page 53 for more information.
Note: The AP-Manager Interface cannot be assigned to the dedicated WLAN — Security Switch
(2270) front-panel Service Port.
The AP-Manager Interface must be configured for the following:
•
VLAN assignment.
•
Fixed IP Address (must be different than the Management Interface IP address, but must be on the same
subnet as the Management Interface), IP netmask, and default gateway.
•
Physical port assignment.
•
Primary and Secondary DHCP Servers.
•
Access Control List, if required.
Refer to “Configuring the WLAN — Security Switch (2270)” on page 118 for configuration instructions.
Operator-Defined Interfaces
Each WLAN — Security Switch (2270) can support up to 512 Operator-Defined Interfaces. Each Operator-Defined
Interface controls VLAN and other communications between Nortel WLAN — Wireless Security Switches (2270) and
all other network devices connected to an individual physical port. Between 1 and 512 Operator-Defined Interfaces can
be assigned to physical Distribution System Ports, the Layer 2 Management Interface, and the Layer 3 AP-Manager
Interface.
Note: Operator-Defined Interfaces cannot be assigned to the dedicated WLAN — Security Switch
(2270) front-panel Service Port.
CAUTION: Operator-Defined Interface names cannot have spaces in them. If an Operator-Defined
Interface name contains a space, you may not be able to edit its configuration using the Command
Line Interface.
Each Operator-Defined Interface must be configured for the following:
320298-A Rev 00
Virtual Interface 51
•
VLAN number.
•
Fixed IP Address, IP netmask, and default gateway.
•
Physical port assignment.
•
Primary and Secondary DHCP Servers.
•
Access Control List, if required.
Refer to “Configuring the WLAN — Security Switch (2270)” on page 118 for configuration instructions.
Virtual Interface
The Virtual Interface controls Layer 3 Security and Mobility manager communications for Nortel WLAN — Wireless
Security Switches (2270). It maintains the DNS Gateway hostname used by Layer 3 Security and Mobility managers to
verify the source of certificates when Layer 3 Web Auth is enabled.
The Virtual Interface must be configured for the following:
•
Any fictitious, unassigned, unused Gateway IP Address.
•
DNS Gateway Host Name.
Refer to “Configuring the WLAN — Security Switch (2270)” on page 118 for configuration instructions.
Service Port
The physical Service port on the WLAN — Security Switch (2270) front panel is a 10/100Base-T Ethernet port
dedicated to Operating System device service, and was formerly known as the Management port. The Service Port is
controlled by the Service-Port Interface.
The Service Port is configured with an IP Address, subnet mask, and IP assignment protocol different from the Management Interface. This allows the operator to manage the WLAN — Security Switch (2270) directly or through a dedicated
Operating System service network, such as 10.1.2.x, which can ensure Operating System device service access during
network downtime.
Nortel created the Service port to remove the Nortel 2200 Series device service from the network data stream to improve
security and to provide a faster service connection.
Note that you cannot assign a Gateway to the Service port, so the port is not routable, unlike the other front-panel 10/
100Base-T ports. However, you can set up dedicated routes to network management devices.
Also note that the Service Port is not auto-sensing, unlike the other front-panel 10/100Base-T ports: you must use the
correct straight-through or crossover Ethernet cable to communicate with the Service Port.
Refer to “Configuring Other Ports and Parameters” on page 136 information on how to configure the Service Port.
Service-Port Interface
The Service-Port Interface controls communications through the dedicated WLAN — Security Switch (2270)
front-panel Service Port.
Note: The Service-Port Interface can only be assigned to the dedicated WLAN — Security Switch
(2270) front-panel Service Port.
Nortel 2200 Series Product Guide
52 Startup Wizard
The Service-Port Interface uses the burned-in WLAN — Security Switch (2270) Service Port MAC address, and must be
configured for the following:
•
Whether or not DHCP Protocol is activated.
•
IP Address and IP netmask.
Refer to “Configuring the WLAN — Security Switch (2270)” on page 118 for configuration instructions.
Startup Wizard
When a WLAN — Security Switch (2270) is powered up with a new factory Operating System software load or after
being reset to factory defaults, the bootup script runs the Startup Wizard, which prompts the installer for initial configuration. The Startup Wizard:
•
Ensures that the WLAN — Security Switch (2270) has a System Name, up to 32 characters.
•
Adds an Administrative User Name and Password, each up to 24 characters.
•
Ensures that the WLAN — Security Switch (2270) can communicate with the CLI, WLAN — Management
System Software, or Web Browser Operating System device service interfaces (either directly or indirectly)
through the Service Port by accepting a valid IP configuration protocol (none or DHCP), and if ‘none’, IP
Address and netmask. If you do not want to use the Service port, enter 0.0.0.0 for the IP Address and netmask;
this disables the Service Port.
Note: Nortel recommends that you not use the network for your Operating System management,
because a service outage on your network means that you have no dedicated path to the switch.
•
Ensures that the WLAN — Security Switch (2270) can communicate with the network (802.11 Distribution
System) through the Management Interface by collecting a valid static IP Address, netmask, default router IP
address, VLAN identifier, and physical port assignment.
•
Prompts for the IP address of the DHCP server used to supply IP addresses to clients, the WLAN — Security
Switch (2270) Management Interface, and optionally to the Service Port Interface.
•
Asks for the LWAPP Transport Mode, described in “Layer 2 and Layer 3 LWAPP Operation” on page 30.
•
Collects the Virtual Gateway IP Address; any fictitious, unassigned IP address (such as 1.1.1.1) to be used by
Layer 3 Security and Mobility managers.
•
Allows you to enter the Nortel Mobility Group (RF Group) Name.
•
Collects the WLAN 1 802.11 SSID, or Network Name.
•
Asks you to define whether or not clients can use static IP addresses. Yes = more convenient, but lower
security (session can be hijacked), clients can supply their own IP Address, better for devices that cannot use
DHCP. No = less convenient, higher security, clients must DHCP for an IP Address, works well for Windows
XP devices.
•
To configure a RADIUS server from the Startup Wizard, the RADIUS server IP address, communication port,
and Secret password are needed.
•
Collects the Country Code. (Refer to “Configuring the WLAN — Security Switch (2270)” on page 118 and
“Nortel 2200 Series Supported Regulatory Domains” on page 259.
•
Enables and/or disables the 802.11a, 802.11b and 802.11g WLAN — Access Port (223x) networks.
320298-A Rev 00
WLAN — Security Switch (2270) Memory 53
•
Enables or disables Management Software.
To use the Startup Wizard, refer to “Using the Startup Wizard” on page 143.
WLAN — Security Switch (2270) Memory
The Nortel WLAN — Wireless Security Switches (2270) contain two kinds of memory: volatile RAM, which holds the
current, active WLAN — Security Switch (2270) configuration, and NVRAM (non-volatile RAM), which holds the
reboot configuration. When you are configuring the Operating System in an WLAN — Security Switch (2270), you are
modifying volatile RAM; you must save the configuration from the volatile RAM to the NVRAM to ensure that the
WLAN — Security Switch (2270) reboots in the current configuration.
Knowing which memory you are modifying is important when you are:
•
Using the “Startup Wizard” on page 52
•
“Clearing Configurations” on page 151
•
“Saving Configurations” on page 151
•
“Resetting the WLAN — Security Switch (2270)” on page 152
•
“Logging Out of the CLI” on page 116
WLAN — Security Switch (2270) Failover Protection
Each WLAN — Security Switch (2270) with front-panel 10/100Base-T ports can normally associate with as many
WLAN — Access Ports (223x) as it has physical ports. Thus, a 12-port switch can associate with 12 WLAN — Access
Ports (223x), and a 24-port switch can associate with 24 WLAN — Access Ports (223x).
However, if a WLAN — Security Switch (2270) in Appliance Mode fails, the remaining WLAN — Security Switch
(2270) can associate with twice as many WLAN — Access Ports (223x) as it has physical ports. Thus, a 12-port switch
can associate with 24 WLAN — Access Ports (223x), and a 24-port switch can associate with 48 WLAN — Access
Ports (223x).
CAUTION: This excess WLAN — Access Port (223x) load will cause your Nortel WLAN —
Security Switches (2270) to slow down, generate log messages, and provide lower data throughput
for the associated clients.
Model 2270 Nortel WLAN — Wireless Security Switches (2270) can associate with up to 36 WLAN — Access Ports
(223x) in Appliance Mode, and have no front-panel 10/100Base-T ports. Note that the 2270 Nortel WLAN — Wireless
Security Switches (2270) can only associate with 36 (not 72) WLAN — Access Ports (223x).
Nortel 2200 Series Product Guide
54 WLAN — Security Switch (2270) Automatic Time Setting
Note: During installation, Nortel recommends that you connect all WLAN — Access Ports (223x)
to a configured WLAN — Security Switch (2270), and configure each WLAN — Access Port
(223x) for final operation. This step configures each WLAN — Access Port (223x) for Primary,
Secondary, and Tertiary WLAN — Security Switch (2270), and allows it to store the configured
Nortel Mobility Group information.
During failover recovery, the configured WLAN — Access Ports (223x) obtain an IP address from
the local DHCP server (only in Layer 3 Operation), attempt to contact their Primary, Secondary, and
Tertiary WLAN Security Switches (2270), and then attempt to contact the IP addresses of the other
Nortel WLAN — Security Switches (2270) in the Mobility group. This will prevent the WLAN —
Access Ports (223x) from spending time sending out blind polling messages, resulting in a faster
recovery period.
In a multiple-WLAN — Security Switch (2270) system (refer to Multiple-WLAN — Security Switch (2270) Deployments), this means that if one WLAN — Security Switch (2270) fails, its dropped WLAN — Access Ports (223x) reboot
and do the following under direction of the Management Software:
•
Obtain an IP address from a local DHCP server (one on the local subnet).
•
If the WLAN — Access Port (223x) has a Primary, Secondary, and Tertiary WLAN — Security Switch (2270)
assigned, it attempts to associate with that WLAN — Security Switch (2270).
•
If the WLAN — Access Port (223x) has no Primary, Secondary, or Tertiary WLAN Security Switches (2270)
assigned or if its Primary, Secondary, and Tertiary WLAN Security Switches (2270) are unavailable, it
attempts to associate with a Master WLAN — Security Switch (2270) on the same subnet.
•
If the WLAN — Access Port (223x) finds no Master WLAN — Security Switch (2270) on the same subnet, it
attempts to contact stored Mobility Group members by IP address.
•
Should none of the Mobility Group members be available, and if the WLAN — Access Port (223x) has no
Primary, Secondary, and Tertiary WLAN Security Switches (2270) assigned and there is no Master WLAN —
Security Switch (2270) active, it attempts to associate with the least-loaded WLAN — Security Switch (2270)
on the same subnet to respond to its discovery messages with unused ports.
This means that when sufficient Nortel WLAN — Security Switches (2270) are deployed in Appliance Mode, should
one WLAN — Security Switch (2270) fail, active WLAN — Access Port (223x) client sessions are momentarily
dropped while the dropped WLAN — Access Port (223x) associates with an unused port on another WLAN — Security
Switch (2270), allowing the client device to immediately reassociate and reauthenticate.
WLAN — Security Switch (2270) Automatic Time Setting
Each WLAN — Security Switch (2270) can have its time manually set or can be configured to obtain the current time
from one or more Network Time Protocol (NTP) servers. Each NTP server IP address is added to the WLAN — Security
Switch (2270) database. Each WLAN — Security Switch (2270) searches for an NTP server and obtains the current time
upon reboot and at each user-defined polling interval (daily to weekly).
WLAN — Security Switch (2270) Time Zones
Each WLAN — Security Switch (2270) can have its time manually set or can be configured to obtain the current time
from one or more Network Time Protocol (NTP) servers. Each NTP server IP address is added to the WLAN — Security
Switch (2270) database. Each WLAN — Security Switch (2270) can search for an NTP server and obtain the current
time upon reboot and at each user-defined (daily to weekly) polling interval.
320298-A Rev 00
Network Connection to the WLAN — Security Switch (2270) 55
This option can be configured in the WLAN — Management System Configure <IPaddr> > Set Time page.
Network Connection to the WLAN — Security Switch (2270)
The 2270 Nortel WLAN — Wireless Security Switch (2270) can be operated in Appliance Mode. Regardless of
operating mode, the Nortel WLAN — Security Switches (2270) use the network as an 802.11 Distribution System.
Regardless of the Ethernet port type or speed, each WLAN — Security Switch (2270) monitors and communicates with
its related Nortel WLAN — Security Switches (2270) across the network.
Model Nortel WLAN — Security Switches (2270)
The switch can communicate with the network through one or more physical interfaces. The three physical interface
types are:
•
A GigE 1000Base-SX fiber-optic cable with an LC connector can plug into the optional Single-Port
(1000Base-T) 1GE copper port, or two GigE 1000Base-SX fiber-optic cables with LC connectors can plug
into the optional Dual-Port (AS-Switch-GSX2) (1000Base-T) 1GE copper port on the rear of the switch. Note
that the 1000Base-SX circuits provides a 100/1000 Mbps wired connection to a network through an 850nM
(SX) fiber-optic link using an LC physical connector.
•
Alternatively, a GigE 1000Base-T copper cable can plug into the optional RJ-45 (1000Base-T) 1GE copper
port connector on the rear of the switch.
•
Alternatively, an Ethernet 10/100Base-T cable can plug into any of RJ-45 10/100Base-T connectors on the
front of the switch.
Note: The Nortel WLAN — Security Switches (2270) can have multiple physical connections to
different subnets to allow the switch) to control WLAN — Access Ports (223x) on the different
subnets. The Management Interface that allows Nortel WLAN — Security Switches (2270) to
communicate with each other can only be assigned to one subnet.
This means that a Nortel 2200 Series network with all Nortel WLAN — Security Switches (2270) on the same subnet
can be operated in Layer 2 mode, and that a Nortel 2200 Series network with Nortel WLAN — Security Switches (2270)
on the different subnets must be operated in Layer 3 mode, and that the Nortel WLAN — Security Switches (2270) on
different subnets must communicate with each other through a router.
The following figure illustrates the physical network connections to the various switches.
Nortel 2200 Series Product Guide
56 Network Connection to the WLAN — Security Switch (2270)
Figure - 9: Physical Network Connections to the switch)
As described in Layer 2 and Layer 3 LWAPP Operation, when the Nortel 2200 Series operates in Layer 2 mode, a
Management Interface is automatically created and then assigned to one physical port, and an AP-Manager Interface is
not required. However, when the Nortel 2200 Series operates in Layer 3 mode, a Management Interface is created and
then assigned to one physical port, and an AP-Manager Interface must be created to allow the WLAN — Security
Switch (2270) to support communications between Nortel WLAN — Security Switches (2270) and WLAN — Access
Ports (223x); the AP-Manager Interface can be on the same subnet as the Management Interface, and can be assigned to
the same physical port as the Management Interface.
Model 2270 Nortel WLAN — Wireless Security Switches (2270)
The 2270 Nortel WLAN — Wireless Security Switches (2270) can communicate with the network through one or two
(2270) physical ports, and the logical Management Interface can be assigned to the one or two physical ports. The
physical port description follows:
•
A GigE 1000Base-SX fiber-optic cable can plug into the LC connector on the front of the Nortel WLAN —
Wireless Security Switch (2270).
•
Two GigE 1000Base-SX fiber-optic cables can plug into the LC connectors on the front of the 2270 Nortel
WLAN — Wireless Security Switch (2270), and they must be connected to the same subnet. Note that the two
GigE ports are redundant--the first port that becomes active is the master, and the second port becomes the
backup port. If the first connection fails, the standby connection becomes the master, and the failed connection
becomes the backup port.
Note that the 1000Base-SX circuits provides 100/1000 Mbps wired connections to the network through
850nM (SX) fiber-optic links using LC physical connectors.
The following figure illustrates the physical connections to the network.
320298-A Rev 00
Crypto Accelerator Module 57
Figure - 10: Physical Network Connections to the 2270 Nortel WLAN — Wireless Security Switch (2270)
Crypto Accelerator Module
All Nortel WLAN — Wireless Security Switches (2270) can be equipped with an optional Crypto Accelerator Module,
which slides into the rear panel of the WLAN — Security Switch (2270). The Crypto Accelerator Module adds significant hardware encryption acceleration to the WLAN — Security Switch (2270), which enables the following through the
Management Interface:
•
Sustain up to 1 Gbps throughput with Layer 2 and Layer 3 encryption enabled.
•
Provide a built-in VPN server for mission-critical traffic.
•
Support high-speed, processor-intensive encryption, such as L2TP, IPSec and 3DES.
The following figure shows the Crypto Accelerator Module sliding into the rear of a Nortel WLAN — Wireless Security
Switches (2270). The 1000Base-T card is not an option on the 2270 Nortel WLAN — Wireless Security Switch (2270).
The crypto accelerator module is shown in the following figure.
Nortel 2200 Series Product Guide
58 Crypto Accelerator Module
Figure - 11: WLAN — Security Switch (2270) Crypto Accelerator Module Location
320298-A Rev 00
Nortel WLAN — Access Ports (223x) 59
Nortel WLAN — Access Ports (223x)
The WLAN — Access Ports (223x) is a part of the innovative Nortel 2200 Series. When associated with Nortel WLAN
— Security Switches (2270), the WLAN — Access Ports (223x) provide advanced 802.11a and/or 802.11b/g Access
Port functions in a single aesthetically pleasing plenum-rated enclosure. The following figure shows the two types of
Nortel WLAN — Access Ports (223x): without and with connectors for external antennas.
Note that Nortel also offers an 802.11a/b/g Nortel WLAN — Access Ports (223x) that is designed for remote deployment, Management Software control through a WAN link, and includes connectors for external antennas.
Figure - 12: Nortel WLAN — Access Port (223x)
Note that the WLAN — Access Ports (223x) is manufactured in a neutral color so it blends into most environments (but
can be painted), contains pairs of high-gain internal antennas for unidirectional (180-degree) or omnidirectional
(360-degree) coverage (“WLAN — Access Ports (223x) External and Internal Antennas” on page 62), and is
plenum-rated for installations in hanging ceiling spaces.
In the Nortel 2200 Series, most of the processing responsibility is removed from traditional SOHO (small office, home
office) APs and resides in the Nortel WLAN — Wireless Security Switches (2270).
Nortel 2200 Series Product Guide
60 Nortel WLAN — Access Ports (223x)
The only exception to the general rule of Nortel WLAN — Access Ports (223x) being continuously controlled by
WLAN Security Switches (2270) is if the port is intended to be located at a remote site, initially configured by a WLAN
Security Switch (2270), and normally controlled by a WLAN Security Switch (2270).
However, because the port bridges the client data (compared with other WLAN — Access Ports (223x), which pass all
client data through their respective WLAN — Security Switch (2270)), if the WAN link breaks between the port and its
WLAN — Security Switch (2270), continues transmitting WLAN 1 client data through other ports on its local subnet.
However, it cannot take advantage of features accessed from the WLAN — Security Switch (2270), such as establishing
new VLANs, until communication is reestablished.
The port includes the traditional SOHO (small office, home office) AP processing power, and thus can continue
operating if the WAN link to its associated WLAN — Security Switch (2270) fails. Because it is configured by its associated WLAN — Security Switch (2270), it has the same WLAN configuration as the rest of the Nortel 2200 Series
(refer to Nortel WLANs). As long as it remains connected to its WLAN — Security Switch (2270), it varies its transmit
power and channel selection under control of the Management Software, and performs the same Rogue AP location as
any other WLAN — Access Port (223x).
Note that the switch can support multiple WLANs while it is connected to its WLAN — Security Switch (2270).
However, when it loses connection to its WLAN — Security Switch (2270), it supports only one WLAN on its local
subnet.
The following figure shows a typical configuration:
Figure - 13: Typical network configuration.
320298-A Rev 00
WLAN — Access Ports (223x) Models 61
Note that the access port must have a DHCP server available on its local subnet, so it can obtain an IP address upon
reboot. Also note that the access port at each remote location must be on the same subnet to allow client roaming.
WLAN — Access Ports (223x) Models
The WLAN — Access Ports (223x) includes one 802.11b/802.11g radio, or one 802.11a and one 802.11b/g radio. The
WLAN — Access Ports (223x) is available in the following configurations:
•
WLAN — Access Ports (223x) with one 802.11b/g radio and four high-gain internal antennas, one 5 GHz
external antenna adapter, and two 2.4 GHz external antenna adapters.
•
WLAN — Access Ports (223x) with one 802.11b/g radio, four high-gain internal antennas, and no external
antenna adapters.
•
WLAN — Access Port (223x) with one 802.11a and one 802.11b/g radio and four high-gain internal antennas,
one 5 GHz external antenna adapter, and two 2.4 GHz external antenna adapters.
•
WLAN — Access Port (223x) with one 802.11a and one 802.11b/g radio, four high-gain internal antennas,
and no external antenna adapters.
•
WLAN — Access Port (223x) with one 802.11a and one 802.11b/g radio and four high-gain internal antennas,
one 5 GHz external antenna adapter, and two 2.4 GHz external antenna adapters.
The WLAN — Access Ports (223x) is shipped with a color-coordinated ceiling mount base and hanging-ceiling rail
clips. You can also order projection- and flush-mount sheet metal wall mounting bracket kits. The base, clips, and
optional brackets allow quick mounting to ceiling or wall.
The WLAN — Access Ports (223x) can be powered by Power Over Ethernet or by an WLAN — Access Ports (223x)
External Power Supply.
Intentional radiators
Intentional radiators, such as Nortel WLAN — Access Ports (223x) and Mobile Adaptors are not intended to be operated
with any antenna(s) other than those furnished by Nortel. An intentional radiator may only be operated with the
antenna(s) with which it is authorized. For a complete listing of the authorized antennas for use with this product, visit
http://www.nortel.com/support.
In order to ensure continued compliance, use of an antenna not on the Nortel approved antenna list is not allowed
without specific authorization from Nortel . For additional questions or inquiries regarding specific antennas contact
Nortel at: 1-800-4NORTEL or on the web at http://www.nortel.com/erc use express routing code (ERC)1572.
Use of an antenna not specifically authorized by Nortel may not comply with local regulatory requirements with respect
to radiated emission limits and may result in illegal operation of the product. The installer of the wireless system and
associated antenna is required to ensure that only those antennas on the Nortel approved antenna list or those antennas
specifically approved by Nortel on a case by case basis are deployed with the intentional radiator.
Please be sure to associate the appropriate antenna model number and localized regulatory region when selecting the
Nortel authorized antenna(s).
Nortel 2200 Series Product Guide
62 WLAN — Access Ports (223x) External and Internal Antennas
WLAN — Access Ports (223x) External and Internal Antennas
Note: Nortel WLAN — Access Ports (223x) must use the factory-supplied internal or external
antennas to avoid violating FCC requirements and voiding the user’s authority to operate the equipment. Refer to “FCC Statements for WLAN — Access Ports (223x)” on page 12 for detailed
information.
The 2230 WLAN — Access Port (223x) enclosure contains one 802.11a and/or one 802.11b/g radio and four (two
802.11a and two 802.11b/g) high-gain antennas, which can be independently enabled or disabled to produce a
180-degree sectorized or 360-degree omnidirectional coverage area.
Note that the wireless LAN operator can disable either one of each pair of the WLAN — Access Ports (223x) internal
antennas to produce a 180-degree sectorized coverage area. This feature can be useful, for instance, for outside-wall
mounting locations where coverage is only desired inside the building, and in a back-to-back arrangement that can allow
twice as many clients in a given area.
The following sections contain more information about WLAN — Access Port (223x) internal and external antennas:
•
“External Antenna Connectors” on page 62
•
“Antenna Sectorization” on page 62
•
“802.11a Internal Antenna Patterns” on page 63
•
“802.11b/g Internal Antenna Patterns” on page 65
External Antenna Connectors
The WLAN — Access Ports (223x) have male reverse-polarity TNC jacks for installations requiring factory-supplied
external directional or high-gain antennas. The external antenna option can create more flexibility in WLAN — Access
Ports (223x) antenna placement.
Note: The WLAN — Access Ports (223x) are designed to be used exclusively with the internal
high-gain antennas, and have no jacks for external antennas.
Note that the 802.11b/g 2.4 GHz Left external antenna connector is associated with the internal Side A antenna, and that
the 2.4 GHz Right external antenna connector is associated with the internal Side B antenna. When you have 802.11b/g
diversity enabled, the Left external or Side A internal antennas are diverse from the Right external or Side B internal
antennas.
Also note that the 802.11a 5 GHz Left external antenna connector is separate from the internal antennas, and adds
diversity to the 802.11a transmit and receive path. Note that no external 802.11a antennas are certified in FCC-regulated
areas, but external 802.11a antennas may be certified for use in other regulatory domains.
Antenna Sectorization
Note that the Nortel 2200 Series supports Antenna Sectorization, which can be used to increase the number of clients
and/or client throughput in a given air space. Installers can mount two WLAN — Access Ports (223x) back-to-back, and
the Nortel 2200 Series operator can disable the second antenna in both WLAN — Access Ports (223x) to create a
360-degree coverage area with two sectors.
Installers can also mount WLAN — Access Ports (223x) on the periphery of a building and disable the Side B internal
antennas. This configuration can be used to supply service to the building interior without extending coverage to the
parking lot, at the cost of eliminating the internal antenna diversity function.
320298-A Rev 00
WLAN — Access Ports (223x) External and Internal Antennas 63
802.11a Internal Antenna Patterns
The WLAN — Access Ports (223x) contain one 802.11a radio, which drives two fully-enclosed high-gain antennas that
provide a large 360-degree coverage area. The two internal antennas are used at the same time to provide a 360-degree
omnidirectional coverage area, or either antenna can be disabled to provide a 180-degree sectorized coverage area.
When equipped with an optional factory-supplied external antenna, the WLAN — Access Ports (223x) 802.11a Nortel
Networks Radio supports receive and transmit diversity between the internal antennas and the external antenna. The
diversity function provided by Nortel Networks Radios can result in lower multipath fading, fewer packet retransmissions, and higher client throughput.
Figure - 14: 223x WLAN — Access Ports (223x) 802.11a OMNI (Dual Internal) Azimuth Antenna Gain Pattern
Nortel 2200 Series Product Guide
64 WLAN — Access Ports (223x) External and Internal Antennas
Figure - 15: 223x WLAN — Access Ports (223x) 802.11a OMNI (Dual Internal) Elevation Antenna Gain Pattern
Figure - 16: 223x WLAN — Access Ports (223x) 802.11a Sectorized (Single Internal) Azimuth Antenna Gain Pattern
320298-A Rev 00
WLAN — Access Ports (223x) External and Internal Antennas 65
Figure - 17: 223x WLAN — Access Ports (223x) 802.11a Sectorized (Single Internal) Elevation Antenna Gain
Pattern
802.11b/g Internal Antenna Patterns
The 223x contain one 802.11b/g radio which drives two fully-enclosed high-gain antennas which can provide a large
360-degree coverage area. The two internal antennas can be used at the same time to provide a 360-degree omnidirectional coverage area, or either antenna can be disabled to provide a 180-degrees sectorized coverage area. The 223x
802.11b/g Nortel Networks Radios support receive and transmit diversity between the internal antennas and/or optional
factory-supplied external antennas.
Nortel 2200 Series Product Guide
66 WLAN — Access Ports (223x) External and Internal Antennas
Figure - 18: 223x WLAN — Access Ports (223x) 802.11b/g OMNI (Dual Internal) Azimuth Antenna Gain Pattern
Figure - 19: 223x WLAN — Access Ports (223x) 802.11b/g OMNI (Dual Internal) Elevation Antenna Gain Pattern
320298-A Rev 00
WLAN — Access Ports (223x) External and Internal Antennas 67
Figure - 20: 223x WLAN — Access Ports (223x) 802.11b/g Sectorized (Single Internal) Azimuth Antenna Gain
Pattern
Figure - 21: 223x WLAN — Access Ports (223x) 802.11b/g Sectorized (Single Internal) Elevation Antenna Gain
Pattern
Nortel 2200 Series Product Guide
68 WLAN — Access Ports (223x) LEDs
WLAN — Access Ports (223x) LEDs
Each WLAN — Access Port (223x) is equipped with four LEDs across the top of the case. They can be viewed from
nearly any angle. The LEDs indicate power and fault status, 2.4 GHz (802.11b/g) Nortel Networks Radio activity, and
5 GHz (802.11a) Nortel Networks Radio activity.
This LED display allows the wireless LAN manager to quickly monitor the WLAN — Access Ports (223x) status. For
more detailed troubleshooting instructions, refer to the “Troubleshooting Tips” on page 230 section.
WLAN — Access Ports (223x) Connectors
The WLAN — Access Ports (223x) have the following external connectors:
•
One RJ-45 Ethernet jack, used for connecting the WLAN — Access Ports (223x) to the network.
•
One 48 VDC power input jack, used to plug in an optional factory-supplied external power adapter.
•
Three male reverse-polarity TNC antenna jacks, used to plug optional external antennas into the WLAN —
Access Ports (223x) two for an 802.11b/g radio, and one for an 802.11a radio.
Note: The WLAN — Access Ports (223x) are designed to be used exclusively with the internal
high-gain antennas, and have no jacks for external antennas.
320298-A Rev 00
WLAN — Access Ports (223x) Connectors 69
Figure - 22: WLAN — Access Ports (223x) External Antenna Connectors
The WLAN — Access Ports (223x) communicate with an WLAN — Security Switch (2270) using standard CAT-5
(Category 5) or higher 10/100 Mbps twisted pair cable with RJ-45 connectors. Plug the CAT-5 cable into the RJ-45 jack
on the side of the WLAN — Access Ports (223x).
Note that the WLAN — Access Ports (223x) can receive power over the CAT-5 cable from the network equipment.
Refer to “Power Over Ethernet” on page 41 for more information about this option.
The WLAN — Access Ports (223x) can be powered from an optional factory-supplied external AC-to-48 VDC power
adapter. If you are powering the WLAN — Access Ports (223x) using an external adapter, plug the adapter into the
48 VDC power jack on the side of the WLAN — Access Ports (223x).
The WLAN — Access Ports (223x) includes two 802.11a and two 802.11b/g high-gain internal antennas, which provide
omnidirectional coverage. However, some WLAN — Access Ports (223x) models can also use optional factory-supplied
Nortel 2200 Series Product Guide
70 WLAN — Access Port (223x) Power Requirements
external high-gain and/or directional antennas, as described in “WLAN — Access Ports (223x) External and Internal
Antennas” on page 62. When you are using external antennas, plug them into the male reverse-polarity TNC jacks on the
side of the WLAN — Access Ports (223x)
Note: The WLAN — Access Ports (223x) must use the factory-supplied internal or external
antennas to avoid violating FCC regulations and voiding the user’s authority to operate the equipment, as described in “FCC Statements for WLAN — Access Ports (223x)” on page 12.
WLAN — Access Port (223x) Power Requirements
Each WLAN — Access Port (223x) requires a 48 VDC nominal (between 38 and 57 VDC) power source capable of
providing 7 Watts. The polarity of the DC source does not matter because the WLAN — Access Port (223x) can use
either a +48 VDC or a -48 VDC nominal source.
WLAN — Access Ports (223x) can receive power from an WLAN — Access Ports (223x) External Power Supply
(which draws power from a 110-220 VAC electrical outlet) plugged into the side of the WLAN — Access Port (223x)
case, or from Power Over Ethernet.
Figure - 23: Typical WLAN — Access Port (223x) External Power Supply
For more information about the WLAN — Access Port (223x) specifications and capacities, refer to the Nortel
marketing literature.
320298-A Rev 00
WLAN — Access Ports (223x) External Power Supply 71
WLAN — Access Ports (223x) External Power Supply
The WLAN — Access Port (223x) can receive power from an external 110-220 VAC-to-48 VDC power supply or from
Power Over Ethernet equipment.
The external power supply plugs into a secure 110 through 220 VAC electrical outlet. The converter produces the
required 48 VDC output (“WLAN — Access Port (223x) Power Requirements” on page 70) for the WLAN — Access
Port (223x). The converter output feeds into the side of the WLAN — Access Port (223x) through a 48 VDC jack
(“WLAN — Access Ports (223x) Connectors” on page 68).
Note that the external power supply can be ordered with country-specific electrical outlet power cords. Contact Nortel
when ordering to receive the correct power cord.
WLAN — Access Port (223x) Mounting Options
Refer to Nortel WLAN — Access Port (223x) Quick Installation Guide Part # 216394-B for the WLAN — Access Port
(223x) mounting options.
WLAN — Access Port (223x) Physical Security
The side of the WLAN — Access Port (223x) housing includes a slot for a Kensington MicroSaver Security Cable. You
can use any MicroSaver Security Cable to ensure that your WLAN — Access Port (223x) stays where you mounted it!
Refer to the Kensington website for more information about their security products, or to Nortel WLAN — Access Port
(223x) Quick Installation Guide for installation instructions.
WLAN — Access Port (223x) Monitor Mode
The WLAN — Access Ports (223x), Nortel WLAN — Security Switches (2270), and Nortel WLAN — Wireless
Security Switches (2270) are capable of performing Rogue AP detection and containment while providing regular
service. The Rogue AP detection is performed across all 801.11 channels, regardless of the Country Code selected.
(Refer to “Nortel 2200 Series Supported Regulatory Domains” on page 259 for more details).
The Monitor function is set for all 802.11 Nortel Networks Radios on a per-WLAN — Access Port (223x) basis in the
Nortel Networks APs > Details section in the WLAN Security Switch Web Interface Online Help.
Nortel 2200 Series Product Guide
72 Rogue Access Ports
Rogue Access Ports
Because they are inexpensive and readily available, employees are plugging unauthorized rogue access ports
(Rogue APs) into existing LANs and building ad hoc wireless networks without IT department knowledge or consent.
These Rogue APs can be a serious breach of network security, because they can be plugged into a network port behind
the corporate firewall. Because employees generally do not enable any security settings on the Rogue APs, it is easy for
unauthorized users to use the access port to intercept network traffic and hijack client sessions. Even more alarming,
wireless users and war chalkers frequently publish unsecure access port locations, increasing the odds of having the
enterprise security breached.
Rather than using a person with a scanner to manually detect Rogue APs, the Nortel 2200 Series automatically collects
information on Rogue APs detected by its managed Nortel WLAN — Access Ports (223x) and Rogue Access Ports, by
MAC and IP Address, and allows the system operator to locate, tag and monitor them as described in the “Detecting and
Locating Rogue Access Points” on page 206 section. The Operating System can also be used to discourage Rogue AP
clients by sending them deauthenticate and disassociate messages from one to four WLAN — Access Ports (223x).
Finally, the Operating System can be used to automatically discourage all clients attempting to authenticate with all
Rogue APs on the enterprise subnet. Because this real-time detection is automated, it saves labor costs used for detecting
and monitoring Rogue APs while vastly improving LAN security.
Note that the peer-to-peer, or ad-hoc, clients can also be considered Rogue APs.
See also “Rogue AP Location, Tagging and Containment” on page 72.
Rogue AP Location, Tagging and Containment
This built-in detection, tagging, monitoring and containment capability allows system administrators to take required
actions:
•
Locate Rogue APs as described in “Detecting and Locating Rogue Access Points” on page 206.
•
Receive new Rogue AP notifications, eliminating hallway scans.
•
Monitor unknown Rogue APs until they are eliminated or acknowledged.
•
Determine the closest authorized Nortel WLAN — Access Ports (223x) and Rogue Access Ports, making
directed scans faster and more effective.
•
Contain Rogue APs by sending their clients deauthenticate and disassociate messages from one to four WLAN
— Access Ports (223x). This containment can be done for individual Rogue APs by MAC address, or can be
mandated for all Rogue APs connected to the enterprise subnet.
•
Tag Rogue APs:
-
Acknowledge Rogue APs when they are outside of the LAN and do not compromise the LAN or
WLAN security.
-
Accept Rogue APs when they do not compromise the LAN or WLAN security.
-
Tag Rogue APs as unknown until they are eliminated or acknowledged.
-
Tag Rogue APs as contained and discourage clients from associating with the Rogue AP by having
between one and four WLAN — Access Ports (223x) transmit deauthenticate and disassociate messages to all Rogue AP clients. This function contains all active channels on the same Rogue AP.
320298-A Rev 00
Rogue AP Location, Tagging and Containment 73
Rogue Detector mode detects whether or not a rogue is on a trusted network. It does not provide RF service of any kind,
but rather receives periodic rogue reports from the switch, and sniffs all ARP packets. If it finds a match between an
ARP request and a MAC address it receives from the switch, it generates a rogue alert to the switch.
To facilitate automated Rogue AP detection in a crowded RF space, WLAN — Access Ports (223x) can be configured to
operate in Monitor Mode, allowing monitoring without creating unnecessary interference. For more information about
Monitor Mode see “WLAN — Access Port (223x) Monitor Mode” on page 71.
Nortel 2200 Series Product Guide
74 Nortel WLAN — Management System Software
Nortel WLAN — Management System Software
The Nortel WLAN — Management System Software is the Nortel 2200 Series network management tool that adds to
the capabilities of the Nortel WLAN — Security Switch Web Interface and the Command Line Interface, moving from
individual Nortel WLAN — Wireless Security Switches (2270) to a network of Nortel WLAN — Security Switches
(2270). The Nortel WLAN — Management System Software runs on Windows 2000, Windows 2003 Server
workstations.
The WLAN — Management System Software includes the same configuration, performance monitoring, security, fault
management, and accounting options used at the WLAN — Security Switch (2270) level, but adds a graphical view of
multiple Nortel WLAN — Security Switches (2270), Nortel WLAN — Wireless Security Switches (2270) and managed
Access ports.
The WLAN — Management System Software consists of WLAN — Management System Software modules which
support different feature levels:
“WLAN — Management System Basic (Low-Resolution) Software” on page 75, which includes wireless client data
access, Nortel 2200 Series monitoring and control, and which allows Client and Rogue AP location to the nearest
WLAN — Access Port (223x).
Table 1 lists these features.
Table - 1: Nortel WLAN — Management System Software
Features
WLAN — Management
System Basic
(Low-Resolution)
Software
Location and Tracking:
• Low-Resolution Client Location
Yes
• High-Resolution Client Location
-
• Low-Resolution Rogue AP Location
Yes
• High-Resolution Rogue AP Location
-
Client Data Services, Security and Monitoring:
• Client Access through WLAN — Access Ports (223x)
Yes
• Multiple WLANs (Individual SSIDs and Policies)
Yes
Rogue AP Detecting and Containing using WLAN —
Access Ports (223x)
Yes
802.11a/b/g Bands
Yes
management software (real-time assigning channels,
and detecting and containing rogue APs)
Yes
320298-A Rev 00
WLAN — Management System Basic (Low-Resolution) Software 75
Table - 1: Nortel WLAN — Management System Software
Features
WLAN — Management
System Basic
(Low-Resolution)
Software
management software (real-time detecting and
avoiding interference, controlling transmit power,
assigning channels, managing client mobility, distributing client load, and detecting coverage holes)
Yes
Automated Software and Configuration Updates
Yes
Wireless Intrusion Protection
Yes
Global and Individual AP Security Policies
Yes
Controls Nortel WLAN — Security Switches (2270)
Yes
Supported Workstations:
• Windows 2000 or Windows 2003
Yes
The Nortel WLAN — Management System Software runs on Windows 2000 or 2003 workstations. The Windows
WLAN — Management System Software can run as a normal Windows application, or can be installed as a service,
which runs continuously and resumes running after a reboot.
The WMS Web Interface allows WLAN — Management System operators to control all permitted Nortel configuration,
monitoring, and control functions through Internet Explorer 6.0 on a Windows workstation (or other) web browser
window. The WLAN — Management System operator permissions are defined by the WLAN — Management System
administrator in the WMS Web Interface using the WMS Web Interface Admin tab, which allows the WLAN —
Management System administrator to administer user accounts and schedule periodic maintenance tasks.
WLAN — Management System simplifies WLAN — Security Switch (2270) configuring and monitoring while
decreasing data entry errors with the WLAN — Management System WLAN — Security Switch (2270) Autodiscovery
algorithm. The WLAN — Management System Software uses industry-standard SNMP protocol to communicate with
Nortel WLAN — Security Switches (2270).
WLAN — Management System Basic (Low-Resolution) Software
The WLAN — Management System Basic (Low-Resolution) Software supports wireless client data access, Nortel 2200
Series monitoring and control, and includes graphical views of the following:
•
Auto-discovery of Nortel WLAN — Access Ports (223x) as they associate with Nortel WLAN — Security
Switches (2270), and manual association of Rogue Access Ports with Nortel WLAN — Security Switches
(2270).
•
Auto-discovery, and containment or notification of Rogue Access Ports.
Nortel 2200 Series Product Guide
76 WMS Web Interface
•
Map-based organization of Access Port coverage areas, helpful when the enterprise spans more than one
geographical area. (Refer to “Using WMS” on page 163 and “Checking the Nortel 2200 Series Network
Summary” on page 163.)
•
User-supplied Campus, Building and Floor graphics, which show the following:
•
-
Locations and status of managed Access Ports. (Refer to “Adding a WLAN — Security Switch
(2270) to WLAN — Management System” on page 165.)
-
Locations of Rogue APs, based on signal strength received by nearest managed WLAN — Access
Ports (223x). (Refer to “Detecting and Locating Rogue Access Points” on page 206.)
-
Coverage hole alarm information for WLAN — Access Ports (223x) is based on received signal
strength from clients. This information appears in a tabular rather than map format. (Refer to “Finding Coverage Holes” on page 213.)
-
RF coverage maps.
System-wide control:
-
Network, WLAN — Security Switch (2270), and managed WLAN — Access Port (223x) configuration is streamlined using customer-defined templates.
-
Network, WLAN — Security Switch (2270), and managed WLAN — Access Port (223x) status and
alarm monitoring.
-
Automated and manual data client monitoring and control functions.
-
Automated monitoring: Rogue APs, coverage holes, security violations, Nortel WLAN — Security
Switches (2270), and WLAN — Access Ports (223x).
-
Full event logs available for data clients, Rogue APs, coverage holes, security violations, Nortel
WLAN — Security Switches (2270), and WLAN — Access Ports (223x).
-
Automatic channel and power level assignment by Management Software.
-
User-defined automatic WLAN — Security Switch (2270) status audits, missed trap polling, configuration backups, and policy cleanups.
•
Real-time location of Rogue APs to the nearest WLAN — Access Port (223x).
•
Real-time and historical location of clients to the nearest WLAN — Access Port (223x).
Runs on Windows 2000 or 2003 Server workstations.
WMS Web Interface
The WMS Web Interface allows the WLAN — Management System Software operator to create and configure Nortel
2200 Series coverage area layouts, configure system operating parameters, monitor real-time Nortel 2200 Series operation, and perform troubleshooting tasks using a standard HTTP or HTTPS Web Browser window. The WMS Web
Interface also allows the WLAN — Management System Software administrator to create, modify and delete user
accounts, change passwords, assign permissions, and schedule periodic maintenance tasks.
Nortel recommends Internet Explorer 6.0 or later on a Windows workstation Web Browser for full access to the WLAN
— Management System functionality.
320298-A Rev 00
WLAN — Management System WLAN — Security Switch (2270) Autodiscovery 77
Note: The HTTPS (SSL over HTTP) interface is enabled by default, and the HTTP interface can be
manually activated in the “Command Line Interface” on page 80, “Nortel WLAN — Security
Switch Web Interface” on page 79 and “WMS Web Interface” on page 76.
The WLAN — Management System Software administrator creates new usernames passwords and assigns them to
predefined permissions groups. This task is described in “Installing WLAN — Management System Software” on
page 217.
WMS Web Interface operators perform their tasks as described in “Using the Nortel WLAN — Management System
Software” on page 154.
WLAN — Management System WLAN — Security Switch (2270) Autodiscovery
Manually adding WLAN — Security Switch (2270) data to a management database can be time consuming, and is
susceptible to data entry errors. The Nortel WLAN — Management System Software (WLAN — Management System
Software) includes a built-in WLAN — Security Switch (2270) configuration upload function that speeds up database
creation while eliminating errors.
WLAN — Security Switch (2270) Autodiscovery is limited to the Nortel Mobility Group subnets defined by the Nortel
2200 Series operator.
WLAN — Management System WLAN — Security Switch (2270) Autodiscovery allows operators to search for a
single WLAN — Security Switch (2270) by IP Address. The Autodiscovery function finds the WLAN — Security
Switch (2270) on the network with the specified IP Address, and automatically enters the discovered WLAN — Security
Switch (2270) information into the WLAN — Management System Software database.
As Nortel WLAN — Access Ports (223x) associate with a WLAN Security Switch (2270), the WLAN — Security
Switch (2270) immediately transmits the WLAN — Access Port (223x) information to the Nortel WLAN — Management System Software, which automatically adds the WLAN — Access Port (223x)to the WLAN — Management
System Software database.
Once the WLAN — Access Port (223x) information is in the WLAN — Management System Software database,
operators can add the WLAN — Access Port (223x) to the appropriate spot on a WMS Web Interface map using Adding
APs to Floor Plan and Outdoor Area Maps, so the topological map of the air space remains current.
WLAN — Management System Alarm Email Notification
The Nortel WLAN — Management System Software includes a built-in email notification function, which can notify
Nortel 2200 Series operators when Critical alarms occur.
Refer to the WLAN — Management System Monitor All Alarms > Email Notification page to view the current alarm
notification settings.
WLAN — Management System Location Calibration
The Nortel WLAN — Management System Software includes a calibration tool which allows Nortel 2200 Series
operators to accurately measure actual signal strength and attenuation in RF coverage areas, which creates an accurate
calibration model in the WLAN — Management System database. This calibration model allows more precise client and
rogue AP location after calibration is completed. To save effort, the calibration model can also be reused as a template
for areas with an identical WLAN — Access Port (223x) layout and identical wall layout.
Nortel 2200 Series Product Guide
78 WLAN — Management System Location Calibration
The calibration tool is used much like a site survey tool, and allows a technician to take a WLAN — Management
System-equipped laptop to multiple locations on a floor or outdoor area and measure actual signal strength at selected
locations on the floor or outdoor area map. The technician then uses the calibration tool in WLAN — Management
System to process the collected data ports for the floor or outdoor area.
320298-A Rev 00
Nortel WLAN — Security Switch Web Interface 79
Nortel WLAN — Security Switch Web Interface
The Nortel WLAN — Security Switch Web Interface is built into each WLAN — Security Switch (2270). The Nortel
WLAN — Security Switch Web Interface allows up to five users to simultaneously browse the built-in WLAN —
Security Switch (2270) http/https (http + SSL) Web server, configure parameters, and monitor operational status for the
WLAN — Security Switch (2270) and its associated Access Ports.
Note: Nortel strongly recommends that you enable the https: and disable the http: interfaces to
ensure more robust security for your Nortel 2200 Series.
Because the Nortel WLAN — Security Switch Web Interface works with one WLAN — Security Switch (2270) at a
time, the Nortel WLAN — Security Switch Web Interface is especially useful to configure or monitor a single WLAN
— Security Switch (2270).
Note: Some popup window filters can be configured to block the Nortel Web Browser Online Help
windows. If your system cannot display the Online Help windows, disable or reconfigure your
browser popup filter software.
Refer to “Using the WLAN — Security Switch Web Interface” on page 222 for more information on the Nortel WLAN
— Security Switch Web Interface.
Nortel 2200 Series Product Guide
80 Command Line Interface
Command Line Interface
The Nortel 2200 Series Command Line Interface (CLI) is built into the Nortel WLAN — Wireless Security Switches
(2270), and is one of the Operating System user interfaces described in “About the Nortel 2200 Series” on page 25. The
CLI allows operators to use a VT-100 emulator to locally or remotely configure, monitor and control individual Nortel
WLAN — Security Switches (2270), and to access extensive debugging capabilities.
Because the CLI works with one WLAN — Security Switch (2270) at a time, the CLI is especially useful to configure or
monitor a single WLAN — Security Switch (2270).
The WLAN — Security Switch (2270) and its associated WLAN — Access Ports (223x) can be configured and
monitored using the CLI, which consists of a text-based, tree-structured interface that allows up to five users with
Telnet-capable terminal emulators to simultaneously configure and monitor all aspects of the WLAN — Security Switch
(2270) and associated WLAN — Access Ports (223x).
Refer to “Using the Nortel 2200 Series CLI” on page 113 and the “Nortel 2200 Series CLI Reference” on page 299 for
more information.
320298-A Rev 00
81
Solutions
This chapter includes information on the following topics:
•
“Operating System Security” on page 82
•
“Converting a Nortel 2200 Series from Layer 2 to Layer 3 Mode” on page 85
•
“Converting a Nortel 2200 Series from Layer 3 to Layer 2 Mode” on page 90
•
“Configuring a Firewall for WLAN Management System Software” on page 92
•
“Configuring the System for SpectraLink NetLink Telephones” on page 93
•
“Using Management over Wireless” on page 96
•
“Configuring a WLAN for a DHCP Server” on page 97
•
“Customizing the Web Auth Login Screen” on page 98
•
“Configuring Identity Networking for Operating System 2.2” on page 106
Nortel 2200 Series Product Guide
82 Operating System Security
Operating System Security
Operating System Security includes the following sections:
•
“Overview” on page 82
•
“Layer 1 Solutions” on page 82
•
“Layer 2 Solutions” on page 82
•
“Layer 3 Solutions” on page 83
•
“Single Point of Configuration Policy Manager Solutions” on page 83
•
“Rogue Access Point Solutions” on page 83
•
“Integrated Security Solutions” on page 84
•
“Simple, Cost-Effective Solutions” on page 84
Overview
The Operating System Security solution bundles potentially complicated Layer 1, Layer 2 and Layer 3 802.11 Access
Port security components into a simple policy manager that customizes system-wide security policies on a per-WLAN
basis (“Operating System Security” on page 29). Unlike SOHO (small office, home office) 802.11 products, the
Operating System Security solution included in the Nortel 2200 Series provides simple, unified, and systematic security
management tools.
One of the biggest hurdles to WLAN deployment in the enterprise is the WEP (Wired Equivalent Privacy) encryption,
which has proven to be a weak standalone encryption method. A newer problem is the availability of low-cost APs,
which can be connected to the enterprise network and used to mount ‘man-in-the-middle’ and denial-of-service attacks.
Also, the complexity of add-on security solutions has prevented many IT managers from embracing the new 802.11
benefits. Finally, the 802.11 security configuration and management cost has been daunting for resource-bound IT
departments.
Layer 1 Solutions
Layer 1 Solutions
The Operating System Security solution ensures that all clients gain access within an operator-set number of attempts.
Should a client fail to gain access within that limit, it is automatically excluded (blocked from access) until the operator-set timer expires. The Operating System can also disable SSID broadcasts on a per-WLAN basis.
Layer 2 Solutions
Layer 2 Solutions
If a higher level of security and encryption is required, the network administrator can also implement industry-standard
security solutions, such as: 802.1X dynamic keys with EAP (extended authorization protocol), or WPA (Wi-Fi protected
access) dynamic keys. The Nortel WPA implementation includes AES (advanced encryption standard), TKIP + Michael
(temporal key integrity protocol + message integrity code checksum) dynamic keys, or WEP (Wired Equivalent Privacy)
static keys. Disabling is also used to automatically block Layer 2 access after an operator-set number of failed authentication attempts.
Regardless of the wireless security solution selected, all Layer 2 wired communications between WLAN Security
Switches (2270) and WLAN — Access Ports (223x) are secured by passing data through IPSec tunnels.
320298-A Rev 00
Layer 3 Solutions 83
Layer 3 Solutions
Layer 3 Solutions
The WEP problem can be further solved using industry-standard Layer 3 security solutions, such as VPNs (virtual
private networks), L2TP (Layer Two Tunneling Protocol), and IPSec (IP security) protocols. The Nortel L2TP implementation includes IPsec, and the IPSec implementation includes IKE (internet key exchange), DH (Diffie-Hellman)
groups, and three optional levels of encryption: DES (ANSI X.3.92 data encryption standard), 3DES (ANSI X9.52-1998
data encryption standard), or AES/CBC (advanced encryption standard/cipher block chaining). Disabling is also used to
automatically block Layer 3 access after an operator-set number of failed authentication attempts.
The Nortel IPSec implementation also includes industry-standard authentication using: MD5 (message digest algorithm), or SHA-1 (secure hash algorithm-1).
The Nortel 2200 Series supports local and RADIUS MAC (media access control) filtering. This filtering is best suited to
smaller client groups with a known list of 802.11 access card MAC addresses.
Finally, the Nortel 2200 Series supports local and RADIUS user/password authentication. This authentication is best
suited to small to medium client groups.
Single Point of Configuration Policy Manager Solutions
Single Point of Configuration Policy Manager Solutions
When the Nortel 2200 Series is equipped with Nortel WLAN — Management System Software, you can configure
system-wide security policies on a per-WLAN basis. SOHO Access Ports force you to individually configure security
policies on each AP, or use a third-party appliance to configure security policies across multiple APs.
Because the Nortel 2200 Series security policies can be applied across the whole system from the Nortel WLAN —
Management System Software, errors can be eliminated and the overall effort is greatly reduced.
Rogue Access Point Solutions
Rogue Access Point Solutions
Rogue Access Point Challenges
Rogue Access Point Challenges
“Rogue Access Ports” on page 72 can disrupt WLAN operations by hijacking legitimate clients and using plaintext or
other denial-of-service or man-in-the-middle attacks. That is, a hacker can use a Rogue AP to capture sensitive information, such as passwords and username. The hacker can then transmit a series of clear-to-send (CTS) frames, which
mimics an access point informing a particular NIC to transmit and instructing all others to wait, which results in legitimate clients being unable to access the WLAN resources. WLAN service providers thus have a strong interest in
banning Rogue APs from the air space.
The Operating System Security solution uses the “Management Software” on page 31 function to continuously monitor
all nearby WLAN — Access Ports (223x), and automatically discover Rogue APs, and locate them as described in
“Detecting and Locating Rogue Access Points” on page 206.
Tagging and Containing Rogue Access Points
Tagging and Containing Rogue Access Points
When the Nortel 2200 Series is monitored using “Nortel WLAN — Management System Software” on page 74, the
WLAN Management System Software generates the flags as Rogue AP traps, and displays the known Rogue APs by
MAC address. The operator can then display a map showing the location of the WLAN — Access Ports (223x) closest to
each Rogue AP, allowing Known or Acknowledged rogues (no further action), marking them as Alert rogues (watch for
and notify when active), or marking them as Contained rogues (have between one and four WLAN — Access Ports
(223x) Discourage Rogue AP clients by sending the clients deauthenticate and disassociate messages whenever they
associate with the Rogue AP).
Nortel 2200 Series Product Guide
84 Integrated Security Solutions
When the Nortel 2200 Series is monitored using an “Nortel WLAN — Security Switch Web Interface” on page 79 or an
“Command Line Interface” on page 80, the interface displays the known Rogue APs by MAC address. The operator then
has the option of marking them as Known or Acknowledged rogues (no further action), marking them as Alert rogues
(watch for and notify when active), or marking them as Contained rogues (have between one and four WLAN — Access
Ports (223x) Discourage Rogue AP clients by sending the clients deauthenticate and disassociate messages whenever
they associate with the Rogue AP).
Integrated Security Solutions
Integrated Security Solutions
•
Operating System Security is built around a robust 802.1X AAA (authorization, authentication and
accounting) engine, which allows operators to rapidly configure and enforce a variety of security policies
across the Nortel 2200 Series.
•
The “Nortel WLAN — Security Switches (2270)” on page 43 and “Nortel WLAN — Access Ports (223x)” on
page 59 are equipped with system-wide authentication and authorization protocols across all ports and interfaces, maximizing system security.
•
Operating System Security policies are assigned to individual WLANs, and “Nortel WLAN — Access Ports
(223x)” on page 59 simultaneously broadcast all (up to 16) configured WLANs. This can eliminate the need
for additional APs, which can increase interference and degrade system throughput.
•
The “Nortel WLAN — Security Switches (2270)” on page 43 securely terminates IPSec VPN clients, which
can reduce the load on centralized VPN concentrators.
•
Operating System Security uses the “Management Software” on page 31 function to continually monitor the
air space for interference and security breaches, and notify the operator when they are detected.
•
Operating System Security works with industry-standard aaa (authorization, authentication and accounting)
servers, making system integration simple and easy.
•
The Operating System Security solution offers comprehensive Layer 2 and Layer 3 encryption algorithms
which typically require a large amount of processing power. Rather than assigning the encryption tasks to yet
another server, the WLAN Security Switch (2270) can be equipped with an Crypto Accelerator Module that
provides extra hardware required for the most demanding security configurations.
Simple, Cost-Effective Solutions
Simple, Cost-Effective Solutions
Because the Nortel management software function is enabled from the factory, the IT department does not need to create
a detailed rollout plan to continually monitor APs, or to individually update APs, resulting in very low input required
from the IT department or Wireless LAN manager. This means less money spent deploying, configuring, updating, and
monitoring the Nortel 2200 Series.
320298-A Rev 00
Converting a Nortel 2200 Series from Layer 2 to Layer 3 Mode 85
Converting a Nortel 2200 Series from Layer 2 to Layer 3 Mode
To convert a Nortel 2200 Series from Layer 2 to Layer 3 Mode, use one of the following procedures:
•
“Using the WLAN — Security Switch (2270) Web Browser” on page 85
•
“Using the WMS Web Interface” on page 90
Using the WLAN — Security Switch (2270) Web Browser
Using the WLAN — Security Switch (2270) Web Browser
To convert a Nortel 2200 Series from Layer 2 to Layer 3 LWAPP Transport Mode using the WLAN — Security Switch
Web Interface, complete the following steps:
CAUTION: This procedure will cause your WLAN — Access Ports (223x) to go offline until the
WLAN — Security Switch (2270) reboots and the associated WLAN — Access Ports (223x) reassociate with the WLAN — Security Switch (2270).
Note: Layer 3 Mode requires that all subnets that the WLAN — Security Switches (2270) are
connected to include at least one DHCP server. When you have completed this procedure, the
WLAN — Security Switch (2270) stores its IP address in its associated WLAN — Access Ports
(223x). When each WLAN — Access Port (223x) is powered up, it obtains an IP address from the
local DHCP server, and connects to its Primary, Secondary, or Tertiary WLAN — Security Switch
(2270).
Note: Layer 3 Mode requires that all subnets that contain Nortel WLAN — Wireless Security
Switches (2270), Nortel WLAN — Wireless Security Switches (2270) and WLAN — Access Ports
(223x) are routable to each other.
1.
To use the Nortel 2200 Series in Layer 3 mode, you must create an AP Manager Interface, which manages
communications between each WLAN — Security Switch (2270) and its associated WLAN — Access Ports
(223x). This AP Manager Interface will require a fixed IP address, which must be different from the Management Interface IP address, but which can be on the same subnet as the Management Interface.
2.
ENSURE that all the Nortel WLAN — Wireless Security Switches (2270), Nortel WLAN — Wireless
Security Switches (2270), and WLAN — Access Ports (223x) are on the same subnet: that they are only
connected through Layer 2 devices. If possible, connect the WLAN — Access Ports (223x) directly (or
through Layer 2 devices) to the front-panel 10/100Base-T ports.
CAUTION: This step is very important! You must configure the WLAN — Security Switches
(2270) and associated WLAN — Access Ports (223x) to operate in Layer 3 mode BEFORE
completing the conversion.
3.
Verify that the WLAN — Access Ports (223x) are assigned to the desired WLAN — Security Switch (2270).
If you do not complete this step, the WLAN — Access Ports (223x) will fail to associate with the WLAN —
Security Switch (2270) after completing the conversion.
a.
Select WIRELESS/WLAN — Access Ports (223x) to navigate to the WLAN — Access
Ports (223x) page, and click Detail to have the WLAN — Security Switch Web Interface display
the WLAN — Access Ports (223x) > Details page.
b.
On the WLAN — Access Ports (223x) > Details page for each WLAN — Access Port (223x), verify
that the Primary, Secondary, and Tertiary Switch Names are correct. If you change the Pri-
Nortel 2200 Series Product Guide
86 Using the WLAN — Security Switch (2270) Web Browser
mary, Secondary, or Tertiary Switch Names, click Apply to save the change to the WLAN —
Access Port (223x).
4.
Select WIRELESS/WLAN — Access Ports (223x) to navigate to the WLAN — Access Ports (223x)
page, and ENSURE that all the WLAN — Access Ports (223x) are listed before you continue with the next
step.
If you do not complete this step, the WLAN — Access Ports (223x) may fail to associate with the WLAN —
Security Switch (2270) after completing the conversion.
5.
Change the LWAPP Transport Mode from Layer 2 to Layer 3:
a.
Select SWITCH/General to navigate to the General page, and change Layer 2 LWAPP Transport
Mode to Layer 3.
b.
Click Apply to send the changes to the WLAN — Security Switch (2270) and the associated
WLAN — Access Ports (223x). Click OK to continue.
6.
Select COMMANDS/Reboot to navigate to the System Reboot page, and click Reboot to display the
Reboot System > Save? page.
7.
In the Reboot System > Save? page, click Save and Reboot to have the Operating System save the new configuration to and reboot the WLAN — Security Switch (2270).
The WLAN — Security Switch (2270) reboots.
8.
Select SWITCH/Interfaces to navigate to the Interfaces page, and verify that Operating System has automatically added the ap-manager interface.
9.
Configure the ap-manager interface. In the Interfaces page, click the ap-manager Interface Edit button to have
the Web Browser display the Interfaces > Edit page. In the Interfaces > Edit page:
a.
Optionally add a VLAN Identifier.
b.
Enter the ap-manager IP Address and Netmask obtained in Step 1.
c.
Add a Gateway IP address.
d.
Enter the physical port number for the Distribution System connection to the WLAN — Security Switch (2270).
e.
Enter a Primary DHCP Server IP address.
f.
Enter a Secondary DHCP Server IP address. (This can be the same as the Primary DHCP
Server IP address if you do not have a second DHCP server on this subnet.)
g.
Optionally select an ACL (Access Control List) from the pulldown menu.
h.
Click Apply to add the edited AP Manager Interface definition to the list of interfaces.
10.
From the Interfaces page, verify that the management interface is properly configured with a different IP
Address than the ap-manager interface.
11.
Save the new configuration and restart your Nortel 2200 Series:
a.
Select COMMANDS/Reboot to navigate to the System Reboot page, and select Reboot.
b.
On the Reboot System > Save page, click Save and Reboot to save the changes to and reboot the
WLAN — Security Switch (2270).
c.
Click OK to confirm the save and reboot.
320298-A Rev 00
Using the WMS Web Interface 87
12.
After the WLAN — Security Switch (2270) has rebooted, select SWITCH/General to navigate to the
General page, and verify that the LWAPP Transport Mode is set to Layer 3.
13.
Power down each WLAN — Access Port (223x) to save the Layer 3 configuration to nonvolatile memory.
14.
Connect each WLAN — Access Port (223x) to its final location in the network. Each WLAN — Access Port
(223x) connects to its Primary, Secondary, or Tertiary WLAN — Security Switch (2270), downloads a copy
of the latest Operating System code, and starts reporting its status to the WLAN — Security Switch (2270).
Note that this can take a few minutes for each WLAN — Access Port (223x).
You have completed the LWAPP Transport Mode conversion from Layer 2 to Layer 3. The ap-manager interface now
controls all communications between WLAN — Security Switches (2270) and WLAN — Access Ports (223x) on
different subnets.
Using the WMS Web Interface
To convert a Nortel 2200 Series from Layer 2 to Layer 3 LWAPP Transport Mode using the WMS Web Interface,
complete the following steps:
CAUTION: This procedure will cause your WLAN — Access Ports (223x) to go offline until the
WLAN — Security Switch (2270) reboots and the associated WLAN — Access Ports (223x) reassociate with the WLAN — Security Switch (2270).
Note: Layer 3 Mode requires that all subnets that the WLAN Security Switches (2270) and are
connected to include at least one DHCP server. When you have completed this procedure, the
WLAN — Security Switch (2270) stores its IP address in its associated WLAN — Access Ports
(223x). When each WLAN — Access Port (223x) is powered up, it obtains an IP address from the
local DHCP server, and connects to its Primary, Secondary, or Tertiary WLAN — Security Switch
(2270).
Note: Layer 3 Mode requires that all subnets that contain Nortel WLAN — Wireless Security
Switches (2270) and WLAN — Access Ports (223x) are routable to each other.
1.
To use the Nortel 2200 Series in Layer 3 mode, you will need to create an AP Manager Interface, which manages communications between each WLAN — Security Switch (2270) and its associated WLAN — Access
Ports (223x). This AP Manager Interface will require a fixed IP address, which must be different from, but
which must be on the same subnet as the Management Interface.
2.
ENSURE that all the Nortel WLAN — Wireless Security Switches (2270), Nortel WLAN — Wireless
Security Switches (2270), and WLAN — Access Ports (223x) are on the same subnet: that they are only
connected through Layer 2 devices. If possible, connect the WLAN — Access Ports (223x) directly (or
through Layer 2 devices) to the front-panel 10/100Base-T ports.
CAUTION: This step is very important! You must configure the WLAN — Security Switches
(2270) and associated WLAN — Access Ports (223x) to operate in Layer 3 mode BEFORE
completing the conversion.
3.
Select CONFIGURE/Access Ports to navigate to the All Access Ports page, and verify that the
Primary, Secondary, and Tertiary Switch Names are correct for all WLAN — Access Ports (223x). If
you change the Primary, Secondary, or Tertiary Switch Names, click Apply to save the change to each
WLAN — Access Port (223x).
Nortel 2200 Series Product Guide
88 Using the WMS Web Interface
4.
Select CONFIG/Access Ports to navigate to the All Access Ports page, and ENSURE that the WLAN
— Access Ports (223x) are associated with the WLAN — Security Switch (2270) before you continue with the
next step.
If you do not complete this step, the WLAN — Access Ports (223x) may fail to associate with the WLAN —
Security Switch (2270) after completing the conversion.
5.
6.
Change the LWAPP Transport Mode from Layer 2 to Layer 3:
a.
Select CONFIGURE/Switches to navigate to the All Switches page, and select the WLAN —
Security Switch (2270) by IP address to have WLAN Management System display the <IP
address> > Switch General page.
b.
From the <IP address> > Switch General page, select System/Networking to display the <IP
address> > Networking Setups page.
c.
On the <IP address> > Networking Setups page, change Layer 2 LWAPP Transport Mode to
Layer 3 and click Save.
d.
WLAN Management System displays a Please reboot the system for the LWAPP
Mode change to take effect message; click OK.
Create a new AP Manager Interface:
a.
Select CONFIGURE/Switches to navigate to the All Switches page, and select the desired
WLAN — Security Switch (2270) by IP address to have WLAN Management System display the
<IP address> > Switch General page.
b.
In the <IP address> > Switch General page, select System/Interfaces to have WLAN Management System display the <IP address> > Interface page.
c.
In the <IP address> > Interface page, select System/Interfaces and then click GO to have WLAN
Management System display a second <IP address> > Interface page.
d.
- Add an Interface Name ap manager.
e.
- Enter the AP Manager IP Address obtained in Step 1.
f.
- Optionally add a VLAN ID.
g.
- Add a Gateway IP address.
h.
- Enter the physical port number for the Distribution System connection to the WLAN — Security Switch (2270).
i.
- Enter a Primary DHCP Server IP address.
j.
- Enter a Secondary DHCP Server IP address. (This can be the same as the Primary DHCP
Server IP address if you do not have a second DHCP server on this subnet.)
k.
- Optionally select an ACL (Access Control List) from the pulldown menu.
l.
- Click Save to add the AP Manager Interface to the list of interfaces.
m.
Use the browser Back button (ALT-Left Arrow) to return to the first <IP address> > Interface
page, and verify that WLAN Management System has added the ap manager Interface Name to
the list of Interfaces.
320298-A Rev 00
Using the WMS Web Interface 89
7.
From the first <IP address> > Switch General page, verify that the management interface is properly
configured with a different IP Address than the ap manager interface.
8.
Save the new configuration and restart your WLAN — Security Switch (2270):
9.
a.
Select CONFIGURE/Switches to navigate to the All Switches page.
b.
Select the WLAN — Security Switch (2270) by IP address to have WLAN Management System display the <IP address> > Switch General page.
c.
From the <IP address> > Switch General page, select System/Commands to display the <IP
address> > Switch Commands page.
d.
On the <IP address> > Switch Commands page, under Administrative Commands, select Save
Config to Flash and click GO to save the changed configuration to the WLAN — Security Switch
(2270).
e.
On the <IP address> > Switch Commands page, under Administrative Commands, select Reboot
and click GO to reboot the WLAN — Security Switch (2270). Then click OK to confirm the save
and reboot.
After the WLAN — Security Switch (2270) has rebooted, verify that the LWAPP Transport Mode is now
Layer 3:
a.
Select CONFIGURE/Switches to navigate to the All Switches page, and select the desired
WLAN — Security Switch (2270) by IP address to have WLAN Management System display the
<IP address> > Switch General page.
b.
From the <IP address> > Switch General page, select System/Networking to display the <IP
address> > Networking Setups page.
c.
On the <IP address> > Networking Setups page, verify that the Current LWAPP Transport Mode is
Layer 3.
10.
Select CONFIGURE/Access Ports to navigate to the All Access Ports page, and ENSURE that the
WLAN — Access Ports (223x) are associated with the WLAN — Security Switch (2270) before you continue
with the next step. If you do not complete this step, the WLAN — Access Ports (223x) may fail to associate
with the desired WLAN — Security Switch (2270) after completing the conversion.
11.
Power down each WLAN — Access Port (223x) to save the Layer 3 configuration to nonvolatile memory.
12.
Connect each WLAN — Access Port (223x) to its final location in the network. Each WLAN — Access Port
(223x) connects to its Primary, Secondary, or Tertiary WLAN — Security Switch (2270), downloads a copy
of the latest Operating System code, and starts reporting its status to the WLAN — Security Switch (2270).
Note that this can take a few minutes for each WLAN — Access Port (223x).
You have completed the LWAPP Transport Mode conversion from Layer 2 to Layer 3. The ap-manager interface now
controls all communications between WLAN — Security Switches (2270) and WLAN — Access Ports (223x) on
different subnets.
Nortel 2200 Series Product Guide
90 Converting a Nortel 2200 Series from Layer 3 to Layer 2 Mode
Converting a Nortel 2200 Series from Layer 3 to Layer 2 Mode
To convert Nortel 2200 Series system from Layer 3 to Layer 2 Mode, perform one of the following tasks:
1.
“Using the WLAN — Security Switch Web Interface” on page 93
2.
“Using the WMS Web Interface” on page 87
Using the WLAN — Security Switch Web Interface
Using the WLAN — Security Switch (2270) Web Browser
To convert a Nortel 2200 Series system from Layer 3 to Layer 2 LWAPP Transport Mode using the WLAN — Security
Switch Web Interface, complete the following steps:
CAUTION: This procedure will cause your WLAN — Access Ports (223x) to go offline until the
WLAN — Security Switch (2270) reboots and the associated WLAN — Access Ports (223x) reassociate with the WLAN — Security Switch (2270).
1.
ENSURE that all the Nortel WLAN — Wireless Security Switches (2270), Nortel WLAN — Wireless Security Switches (2270), and WLAN — Access Ports (223x) are on the same subnet: that they are only connected
through Layer 2 devices.
CAUTION: This step is very important! If you change the Nortel 2200 Series From Layer 3 to
Layer 2 while the WLAN — Security Switches (2270) and WLAN — Access Ports (223x) are on
different subnets, they will be UNABLE TO COMMUNICATE with each other after the conversion
to Layer 2 mode.
2.
Select SWITCH/General to navigate to the General page, and change Layer 3 LWAPP Transport Mode to
Layer 2. Then click Apply to send the changes to the WLAN — Security Switch (2270). Click OK to
continue.
3.
Select COMMANDS/Reboot to navigate to the System Reboot page, and select Reboot. On the Reboot
System > Save page, click Save and Reboot to save the changes to and to reboot the WLAN — Security
Switch (2270). Then click OK to confirm the save and reboot.
4.
After the WLAN — Security Switch (2270) has rebooted, select SWITCH/General to navigate to the
General page, and verify that the current LWAPP Transport Mode is set to Layer 2.
5.
Also select SWITCH/Interfaces to navigate to the Interfaces page, and verify that the ap-manager interface is removed from the list of Interface Names.
You have completed the LWAPP Transport Mode conversion from Layer 3 to Layer 2. The Operating System software
will now control all communications between WLAN — Security Switches (2270) and WLAN — Access Ports (223x)
on the same subnet.
Using the WMS Web Interface
Using the WMS Web Interface
To convert a Nortel 2200 Series from Layer 3 to Layer 2 LWAPP Transport Mode using the WMS Web Interface,
complete the following steps:
CAUTION: This procedure will cause your WLAN — Access Ports (223x) to go offline until the
WLAN — Security Switch (2270) reboots and the associated WLAN — Access Ports (223x) reassociate with the WLAN — Security Switch (2270).
320298-A Rev 00
Using the WMS Web Interface 91
1.
ENSURE that all the Nortel WLAN — Wireless Security Switches (2270), Nortel WLAN — Wireless Security Switches (2270), and WLAN — Access Ports (223x) are on the same subnet: that they are only connected
through Layer 2 devices.
CAUTION: This step is very important! If you change the Nortel 2200 Series From Layer 3 to
Layer 2 while the WLAN — Security Switches (2270) and WLAN — Access Ports (223x) are on
different subnets, they will be UNABLE TO COMMUNICATE with each other after the conversion
to Layer 2 mode.
2.
3.
4.
Change the LWAPP Transport Mode from Layer 3 to Layer 2:
a.
Select CONFIGURE/Switches to navigate to the All Switches page, and select the WLAN —
Security Switch (2270) by IP address to have WLAN Management System display the <IP
address> > Switch General page.
b.
On the <IP address> > Switch General page, select System/Networking to display the <IP
address> > Networking Setups page.
c.
On the <IP address> > Networking Setups page, change Layer 3 LWAPP Transport Mode to
Layer 2 and click Save.
d.
WLAN Management System may display a Please reboot the system for the LWAPP
Mode change to take effect message; if so, click OK.
Restart your Nortel 2200 Series:
a.
On the <IP address> > Networking Setups page, select System/Commands to display the <IP
address> > Switch Commands page.
b.
On the <IP address> > Switch Commands page, under Administrative Commands, select Save
Config to Flash and click GO to save the changed configuration to the WLAN — Security Switch
(2270). Click OK to continue.
c.
On the <IP address> > Switch Commands page, under Administrative Commands, select Reboot
and click GO to reboot the WLAN — Security Switch (2270). Then click OK to confirm the save
and reboot.
After the WLAN — Security Switch (2270) has rebooted, verify that the LWAPP Transport Mode is now
Layer 2:
a.
Select CONFIGURE/Switches to navigate to the All Switches page, and select the WLAN —
Security Switch (2270) by IP address to have WLAN Management System display the <IP
address> > Switch General page.
b.
On the <IP address> > Switch General page, select System/Networking to display the <IP
address> > Networking Setups page.
c.
On the <IP address> > Networking Setups page, verify that the LWAPP Transport Mode is set to
Layer 2.
You have completed the LWAPP Transport Mode conversion from Layer 3 to Layer 2. The Operating System software
will now control all communications between WLAN — Security Switches (2270) and WLAN — Access Ports (223x)
on the same subnet.
Nortel 2200 Series Product Guide
92 Configuring a Firewall for WLAN Management System Software
Configuring a Firewall for WLAN Management System Software
When a WMS Server and a WMS Web Interface are on different sides of a firewall, they cannot communicate unless the
following ports on the firewall are opened to two-way traffic:
•
80 (TCP)
•
1299 (TCP)
•
4000 (TCP)
•
5009 (TCP)
•
5010 (TCP)
•
6789 (RMI)
Open these ports to configure your firewall to allow communications between a WMS Server and a WMS Web
Interface.
Refer to the WLAN Management System Software Release Notes 216401-B for any other ports that need to be opened for
a WMS Server-to-WMS Web Interface communications.
320298-A Rev 00
Configuring the System for SpectraLink NetLink Telephones 93
Configuring the System for SpectraLink NetLink Telephones
SpectraLink NetLink Telephones require an extra Operating System configuration step to optimize integration with
Operating System. That configuration step enables long preambles in the Operating System as described in the:
•
“Using the WLAN — Security Switch Web Interface” on page 90
•
“Using the Command Line Interface” on page 93
•
“Using the Nortel WLAN — Management System Software” on page 94
Using the Command Line Interface
Use this procedure to optimize the Operating System to communicate with SpectraLink NetLink Telephones using a
long preamble.
1.
Log into the Command Line Interface as described in “Logging Into the CLI” on page 113.
2.
Use the show 802.11b command to view the following parameter:
Short Preamble mandatory....................... Enabled
which shows the Operating System default, Short Preamble Enabled; if this is the case, continue
with this procedure.
3.
If this parameter indicates Short Preamble Disabled, this WLAN — Security Switch (2270) is already optimized for SpectraLink NetLink Telephones; if desired, continue with the configuration.
4.
Disable the 802.11b/g network using the config 802.11b disable network command.
5.
Enable long preambles using the config 802.11b preamble long command.
6.
Enable the 802.11b/g network using the config 802.11b enable network command.
7.
Reboot the WLAN — Security Switch (2270) using the reset system command.
8.
Answer y to the The system has unsaved changes. Would you like to save them
now? (y/n) prompt.
9.
The WLAN — Security Switch (2270) reboots.
10.
Verify that the WLAN — Security Switch (2270) is properly configured by logging back into the CLI and
using the show 802.11b command to view the following parameters:
802.11b Network................................ Enabled
Short Preamble mandatory....................... Disabled
which shows that the 802.11b/g Network is Enabled and the Short Preamble is Disabled (Long
Preamble is Enabled).
11.
This WLAN — Security Switch (2270) is now optimized for SpectraLink NetLink Telephones; if desired,
continue with the configuration.
Using the WLAN — Security Switch Web Interface
Use this procedure to optimize the Operating System to communicate with SpectraLink NetLink Telephones using a
long preamble.
1.
Log into the WLAN — Security Switch Web Interface as described in “Using the WLAN — Security Switch
Web Interface” on page 222.
Nortel 2200 Series Product Guide
94 Using the Nortel WLAN — Management System Software
2.
Use Wireless / Global RF / 802.11b/g Network to view the 802.11b/g Global Parameters
page.
3.
When the Short Preamble Enabled box is checked, the Operating System is set to the default, Short
Preamble Enabled; if this is the case, continue with this procedure.
4.
If this parameter indicates that Short Preamble is Disabled (box is unchecked), this WLAN — Security Switch
(2270) is already optimized for SpectraLink NetLink Telephones; if desired, continue with the configuration.
5.
Enable long preambles by unchecking the Short Preamble Enabled box.
6.
Click the Apply button to update the WLAN — Security Switch (2270).
Note: If you do not already have a CLI session active, Nortel strongly recommends that you start a
CLI session to reboot the WLAN — Security Switch (2270) with Save and watch the reboot process.
Another reason to use the CLI is that the Web Browser loses its connection to the WLAN —
Security Switch (2270) when it reboots.
7.
If you decide to reboot the WLAN — Security Switch (2270) using the CLI, continue with the Reboot and
Verify steps found in the “Using the Command Line Interface” on page 93 section. Otherwise, continue with
this section.
8.
Reboot the WLAN — Security Switch (2270) using Commands / Reboot / Reboot.
9.
Click OK in response to the Configuration will be saved and switch will be
rebooted. Click ok to confirm. prompt.
10.
The WLAN — Security Switch (2270) reboots.
11.
Verify that the WLAN — Security Switch (2270) is properly configured by logging back into the WLAN —
Security Switch Web Interface and using the Wireless / Global RF / 802.11b/g Network
command to view the 802.11b/g Global Parameters page.
12.
When the Short Preamble Enabled box is unchecked, this WLAN — Security Switch (2270) is optimized for SpectraLink NetLink Telephones; if desired, continue with the configuration.
Using the Nortel WLAN — Management System Software
Using the Nortel WLAN — Management System Software
Use this procedure to optimize the Operating System to communicate with SpectraLink NetLink Telephones using a
long preamble.
1.
Log into the Nortel WLAN — Management System Software using the WMS Web Interface as described in
“Starting a WMS Web Interface” on page 160.
2.
Navigate to the Configuration / Configure Switches / <WLAN — Security Switch (2270) IP
Address> / 802.11b/g / 802.11b/g Params page.
3.
When Short Preamble is Enabled, the Operating System is set to the default, Short Preamble Enabled; if
this is the case, continue with this procedure.
4.
If this parameter shows Short Preamble Disabled, this WLAN — Security Switch (2270) is already optimized
for SpectraLink NetLink Telephones; if desired, continue with the configuration.
5.
Enable long preambles by setting Short Preamble to Disabled.
6.
Click the Apply button to update the WLAN — Security Switch (2270).
7.
Save the WLAN — Security Switch (2270) configuration using the Switch Config/Save Config command.
320298-A Rev 00
Using the Nortel WLAN — Management System Software 95
8.
Reboot the WLAN — Security Switch (2270) using Switch Commands/Reboot.
9.
Click OK in response to the Please save configuration by clicking ‘Save Config’
under ‘Switch Config’ menu. Do you want to continue Rebooting anyway?
prompt.
10.
The WLAN — Security Switch (2270) reboots. This will take some time, during which WLAN Management
System loses its connection to the WLAN — Security Switch (2270).
Note: You can use a CLI session to view the WLAN — Security Switch (2270) reboot process.
When you can log into the WLAN — Security Switch (2270) CLI, continue with this procedure.
11.
Verify that the WLAN — Security Switch (2270) is properly configured by navigating to the Monitor/Troubleshoot/Switch Status/<WLAN — Security Switch (2270) IP Address>/ 802.11b/g/Stats page.
12.
On the Stats page, verify that Short Preamble Implemented is set to No, which indicates that this WLAN
— Security Switch (2270) is optimized for SpectraLink NetLink Telephones; if desired, continue with the
configuration.
Nortel 2200 Series Product Guide
96 Using Management over Wireless
Using Management over Wireless
The Nortel Management over Wireless feature allows a Nortel 2200 Series operator to monitor and configure the local
WLAN — Security Switch (2270) using a wireless client. This feature is supported for all management tasks except
uploads to and downloads from (transfers to and from) the WLAN — Security Switch (2270).
Before you can use the Management over Wireless feature, you must properly configure the WLAN — Security Switch
(2270) using either of the following two sections:
•
“Using the Command Line Interface” on page 93
•
“Using the WLAN — Security Switch Web Interface” on page 90
Using the Command Line Interface
Using the Command Line Interface
1.
In the CLI, use the show network command to verify whether the Mgmt Via Wireless Interface
is Enabled or Disabled. If Mgmt Via Wireless Interface is Disabled, continue with Step 2.
Otherwise, continue with Step 3.
2.
To Enable Management over Wireless, use the following command:
>config network mgmt-via-wireless enable
to enable Management over Wireless for the WLAN.
3.
Use a wireless client to associate with an WLAN — Access Port (223x) connected to the WLAN — Security
Switch (2270) you wish to manage.
4.
Use the telnet < WLAN — Security Switch (2270) Network or DS Port IP Address>
command and log into the CLI to verify that you can manage the WLAN using a wireless client.
Using the WLAN — Security Switch Web Interface
1.
In the WLAN — Security Switch Web Interface, use the Management/Mgmt Via Wireless links to navigate to the Management Via Wireless page.
2.
In the Management Via Wireless page, verify that the Enable Switch Management to be accessible from Wireless Clients selection box is checked. If the selection box is not checked, continue with
Step 2. Otherwise, continue with Step 3.
3.
In the Management Via Wireless page, check the Enable Switch Management to be accessible
from Wireless Clients selection box to select Management over Wireless for the WLAN.
4.
Click Apply to enable Management over Wireless for the WLAN.
5.
Use a wireless client web browser to connect to the WLAN — Security Switch (2270) Management Port or
DS Port IP Address, and log into the WLAN — Security Switch Web Interface to verify that you can manage
the WLAN using a wireless client.
320298-A Rev 00
Configuring a WLAN for a DHCP Server 97
Configuring a WLAN for a DHCP Server
Using the Command Line Interface
Using the Command Line Interface
1.
In the CLI, use the show wlan command to verify whether you have a valid DHCP server assigned to the
WLAN. If you have no DHCP server assigned to the WLAN, continue with Step 2. Otherwise, continue with
Step 4.
2.
If necessary, use the following commands:
>config wlan disable <WLAN id>
>config wlan dhcp_server <WLAN id> <DHCP IP Address>
>config wlan enable <WLAN id>
where <WLAN id> = 1 through 16, and <DHCP IP Address> = DHCP server IP Address.
3.
Use the show wlan command to verify that you have a DHCP server assigned to the WLAN.
4.
Use the ping <DHCP IP Address> command to verify that the WLAN can communicate with the DHCP
server.
Using the WLAN — Security Switch Web Interface
1.
In the WLAN — Security Switch Web Interface, navigate to the WLANs page.
2.
Locate the WLAN which you wish to configure for Management over Wireless, and click the associated Edit
link to display the WLANs > Edit page.
3.
Under General Policies, check the DHCP Relay/DHCP Server IP Addr to verify whether you have a
valid DHCP server assigned to the WLAN. If you have no DHCP server assigned to the WLAN, continue with
Step 4. Otherwise, continue with Step 9.
4.
Under General Policies, deselect the Admin Status Enabled box.
5.
Click Apply to disable the WLAN.
6.
In the DHCP Relay/DHCP Server IP Addr box, enter a valid DHCP server IP Address for this WLAN.
7.
Under General Policies, select the Admin Status Enabled box.
8.
Click Apply to assign the DHCP server to the WLAN and to enable the WLAN. You are returned to the
WLANs page.
9.
In the upper-right corner of the WLANs page, click Ping and enter the DHCP server IP Address to verify that
the WLAN can communicate with the DHCP server.
Nortel 2200 Series Product Guide
98 Customizing the Web Auth Login Screen
Customizing the Web Auth Login Screen
When a Nortel system operator uses Web Authorization (Web Auth) to authenticate clients, the operator must define
User Names and Passwords for each client, and then the clients must enter a valid User Name and Password when
prompted. Because the Nortel 2200 Series operator may want to customize the Web Auth Login screen, the following
sections describe the default operation and how to customize the Web Auth Login screen.
•
“Default Web Auth Operation” on page 98
•
“Customizing Web Auth Operation” on page 100
•
“Sample Customized Web Auth Login Page” on page 104
Default Web Auth Operation
Default Web Auth Operation
When the network operator uses Web Authorization (Web Auth) to authorize clients, the first time clients attempt to
access a URL they may receive a Security Alert from their web browser similar to the following:
Figure - 1: Typical Security Alert
After answering Yes to the Do you want to Proceed? prompt or if there is no Security Alert, Operating System
redirects the client to a Login screen that the client must use to log in using an authorized user name and password. The
following figure shows a typical default Nortel Login Screen:
320298-A Rev 00
Default Web Auth Operation 99
Figure - 2: Default Nortel Login Screen
The client must respond with a User Name and Password predefined using the Local Net Users > New Web Browser
page, or using the “config netuser add” on page 466 Command Line Interface (CLI) command.
Note that the Default Nortel Login Screen contains Nortel-specific text and a logo in four customizable areas:
•
The Nortel logo in the upper-right corner can be deleted and restored.
•
The Web Title “Welcome to the Nortel wireless network”.
•
The Web Message “Nortel is pleased to provide the Wireless LAN infrastructure for your network. Please
login and put your air space to work.”
•
A blank area on the right side of the screen for a user-supplied Logo or other graphic.
The Nortel logo, Web Title, Web Message, and Logo can be customized for each Nortel 2200 Series as described in the
“Customizing Web Auth Operation” on page 100 section.
When the client has entered a valid User Name and Password, Operating System typically displays some version of the
following Login Successful page, and then redirects the authenticated client to the originally-requested URL.
Nortel 2200 Series Product Guide
100 Customizing Web Auth Operation
Figure - 3: Default Login Successful Screen
Note that the Default Login Successful Screen contains a pointer to the operator-defined Virtual Gateway Address URL,
redirect https://1.1.1.1/logout.html. This redirect is defined by the Virtual Gateway IP Address parameter (1.1.1.1)
entered while “Using the Startup Wizard” on page 143, as the Virtual Gateway Address in the Interfaces Web Browser
page, or using the “config interface create” on page 450 Command Line Interface (CLI) command.
Also note that the Nortel 2200 Series operator may want to redirect the authenticated client to a different URL. This is
described in the “Customizing Web Auth Operation” on page 100 section.
Customizing Web Auth Operation
Customizing Web Auth Operation
You can customize Web Auth operation “Using the Nortel 2200 Series CLI” on page 113 commands as follows:
•
“Clearing and Restoring the Nortel Logo” on page 100
•
“Changing the Web Title” on page 101
•
“Changing the Web Message” on page 101
•
“Changing the Logo” on page 101
•
“Creating a Custom URL Redirect” on page 103
•
“Verifying your Web Auth Changes” on page 103
•
“Sample Customized Web Auth Login Page” on page 104
Clearing and Restoring the Nortel Logo
Clearing and Restoring the Nortel Logo
You can delete or restore the Nortel logo shown in “Default Web Auth Operation” on page 98 using the config
custom-web weblogo command:
>config custom-web weblogo <disable/enable>
Refer to “Sample Customized Web Auth Login Page” on page 104 for an example.
320298-A Rev 00
Customizing Web Auth Operation 101
Changing the Web Title
Changing the Web Title
You can change the Web Title shown in the “Default Web Auth Operation” on page 98 section using the config
custom-web webtitle command:
>config custom-web webtitle <string>
To change the Web Title again, enter the config custom-web webtitle command again with a new <string>. Refer to the
“Sample Customized Web Auth Login Page” on page 104 for an example.
To change the Web Title back to the Nortel default “Welcome to the Nortel wireless network”, use the clear webtitle
command:
>clear webtitle
Changing the Web Message
Changing the Web Message
You can change the Web Message shown in the Default Web Auth Operation section using the config custom-web
webmessage command:
>config custom-web webmessage <string>
To change the Web Message again, enter the config custom-web webtitle command again with a new <string>. Refer to
the “Sample Customized Web Auth Login Page” on page 104 for an example.
To change the Web Message back to the Nortel default “Nortel is pleased to provide the Wireless LAN infrastructure for
your network. Please login and put your air space to work.”, use the clear webmessage command:
>clear webmessage
Changing the Logo
Changing the Logo
You can add or change a Logo or other graphic in the right side of the Web Auth Login screen as described in the
“Default Web Auth Operation” on page 98 section using the following instructions.
•
“Preparing the TFTP Server” on page 101
•
“Copying the Logo or Graphic to the TFTP Server” on page 102
•
“Downloading the Logo or Graphic” on page 102
Preparing the TFTP Server
Preparing the TFTP Server
•
•
ENSURE you have a TFTP server available for the Logo or Graphic image download.
-
If you are downloading through the Service port, the TFTP server MUST be on the same subnet as
the Service port, because the Service port is not routable.
-
If you are downloading through the DS (Distribution System) network port, the TFTP server can be
on the same or a different subnet, because the DS port is routable.
In the CLI, use the ping <IP Address> command to ensure the WLAN — Security Switch (2270) can
contact the TFTP server.
Note: The TFTP server cannot run on the same computer as the “Nortel WLAN — Management
System Software” on page 74, because the WLAN Management System Software and the TFTP
server use the same communication port.
Nortel 2200 Series Product Guide
102 Customizing Web Auth Operation
Copying the Logo or Graphic to the TFTP Server
Copying the Logo or Graphic to the TFTP Server
1.
Create a Logo or Graphic image in .JPG, .GIF, or .PNG format with a maximum size of 30 kilobits (recommended size of 180 W x 360 H pixels).
2.
ENSURE the Logo or Graphic image filename contains no spaces.
3.
Copy the desired Logo or Graphic image file to the default directory on your TFTP server.
Downloading the Logo or Graphic
Downloading the Logo or Graphic
1.
In the CLI, use the transfer download start command, and answer ‘n’ to the prompt to view the current download settings:
>transfer download start
Mode........................................... TFTP
Data Type...................................... Code
TFTP Server IP................................. xxx.xxx.xxx.xxx
TFTP Path...................................... <directory path>
TFTP Filename.....................................
<filename.jpg|.gif|.png>
Are you sure you want to start? (y/n) n
Transfer Canceled
>
2.
To change the download settings, use the following:
>transfer download mode tftp
>transfer download datatype image
>transfer download serverip <TFTP server IP address>
>transfer download filename <filename.gif|filename.jpg|filename.png>
>transfer download path <absolute TFTP server path to the update file>
Note: Some TFTP servers require only a forward slash “/” as the <TFTP server IP
address>, and the TFTP server automatically determines the path to the correct directory.
3.
In the CLI, use the transfer download start command to view the updated settings, and answer ‘y’
to the prompt to confirm the current download settings and start the Operating System code download:
>transfer download start
Mode...........................................
Data Type......................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
<filename.jpg|.gif|.png>
320298-A Rev 00
TFTP
Login Image
xxx.xxx.xxx.xxx
<directory path>
Customizing Web Auth Operation 103
This may take some time.
Are you sure you want to start? (y/n) y
TFTP Image transfer starting.
Image installed.
To change the Logo or Graphic image again, repeat these commands again using a new filename. Refer to the “Sample
Customized Web Auth Login Page” on page 104 for an example.
To remove the Logo or Graphic image from the Web Browser Login screen, use the clear webimage command:
>clear webimage
Creating a Custom URL Redirect
Creating a Custom URL Redirect
To have Operating System redirect all clients to a specific URL (including http:// or https://) after Web Authentication,
use the config custom-web redirect url command:
>config custom-web redirecturl <URL>
To change the Web Message again, enter the config custom-web redirect-url command again with a new <URL>.
For example, if you want to redirect all clients to www.AcompanyBC.com, use the following command:
>config custom-web redirecturl www.AcompanyBC.com
To change the redirect back to the originally-requested URL, use the clear redirect-url command:
>clear redirecturl
Verifying your Web Auth Changes
Verifying your Web Auth Changes
Use the show custom-web command to verify your Web Auth operation changes:
Default State
>show custom-web
Nortel Logo................................. Enabled
CustomLogo..................................... Disabled
Custom Title................................... Disabled
Custom Message................................. Disabled
Custom Redirect URL............................ Disabled
External Web Authentication Mode............... Disabled
External Web Authentication URL................ Disabled
Typical Modified State
>show custom-web
Nortel Logo................................. Disabled
CustomLogo..................................... 00_logo.gif
Nortel 2200 Series Product Guide
104 Sample Customized Web Auth Login Page
Custom Title................................... Welcome to the AcompanyBC
Wireless LAN!
Custom Message................................. Contact the System Administrator for a
Username and Password.
Custom Redirect URL............................ http://www.AcompanyBC.com
External Web Authentication Mode............... Disabled
External Web Authentication URL................ Disabled
Sample Customized Web Auth Login Page
Sample Customized Web Auth Login Page
Following is a sample of a customized Web Auth Login page, and the commands used to create it:
>config custom-web weblogo disable
>config custom-web webtitle Welcome to the AcompanyBC Wireless LAN!
>config custom-web webmessage Contact the System Administrator for a
Username and Password.
>transfer download start
Mode...........................................
Data Type......................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
TFTP
Login Image
xxx.xxx.xxx.xxx
/
Logo.gif
This may take some time.
Are you sure you want to start? (y/n) y
TFTP Image transfer starting.
Image installed.
>config custom-web redirecturl http://www.AcompanyBC.com
>show custom-web
Nortel Logo................................. Disabled
CustomLogo..................................... 00_logo.gif
Custom Title................................... Welcome to the AcompanyBC
Wireless LAN!
Custom Message................................. Contact the System Administrator for a
Username and Password.
Custom Redirect URL............................ http://www.AcompanyBC.com
External Web Authentication Mode............... Disabled
External Web Authentication URL................ Disabled
When a client attempts to connect to a URL, the following customized Web Auth screen appears:
320298-A Rev 00
Sample Customized Web Auth Login Page 105
Figure - 4: Sample Customized Login Screen
After a successful Web Authorization, the client is redirected to the http://www.AcompanyBC.com URL.
Nortel 2200 Series Product Guide
106 Configuring Identity Networking for Operating System 2.2
Configuring Identity Networking for Operating System 2.2
This document explains the Identity Networking feature of Operating System 2.2, how it is configured and the expected
behavior for various security policies.
In previous Operating System releases, each WLAN had a static policy that would be applied to all mobile clients associated with the SSID. Although very powerful, this method has limitations since it requires clients to associate with
different SSIDs to inherit different QoS and security policies.
The 2.2 version of the Operating System introduces a new feature, Identity Networking, that allows the network to
advertise a single SSID, yet allow for specific users to inherit different QoS or security policies, based on their user
profiles. The specific policies that may be overridden include:
•
Quality of Service. When present in a RADIUS Access Accept, the “QoS-Level” on page 107 value overrides
the QoS value specified in the WLAN profile.
•
ACL. When the ACL attribute is present in the RADIUS Access Accept, the system applies the “ACL-Name”
on page 107 to the client station after authentication occurs. This overrides any ACLs that are assigned to the
interface.
•
VLAN. When a VLAN “Interface-Name” on page 108 or “VLAN-Tag” on page 109 is present in a RADIUS
Access Accept, the system places the client on a specific interface.
Note: This feature is ONLY available with MAC Filtering, 802.1X and WPA. This feature WILL
NOT WORK with Web Auth or IPSec.
•
Tunnel Attributes.
Note: When any of the other RADIUS attributes in this section are returned, the “Tunnel
Attributes” on page 109 must also be returned.
In order for this feature to be enabled, on a per WLAN basis, the Enable AAA Override configuration flag must be
enabled.
The Operating System’s local MAC Filter database has been extended to include the interface name, allowing local
MAC filters to specify to which interface the client should be assigned. A separate RADIUS server can also be used, but
the RADIUS server must be defined using the Security menus.
320298-A Rev 00
RADIUS Attributes 107
The following sections explain the RADIUS attributes.
RADIUS Attributes
QoS-Level
QoS-Level
This attribute indicates the Quality of Service level to be applied to the mobile client's traffic within the switching fabric,
as well as over the air. A summary of the QoS-Level Attribute format follows. The fields are transmitted from left to
right.
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Type
|
Length
|
Vendor-Id
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id (cont.)
| Vendor type
| Vendor length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
QoS Level
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
•
Type - 26 for Vendor-Specific
•
Length - 10
•
Vendor-Id - 14179
•
Vendor type - 2
•
Vendor length - 4
•
Value - Three octets:
-
0 - Bronze (Background)
-
1 - Silver (Best Effort)
-
2 - Gold (Video)
-
3 - Platinum (Voice)
ACL-Name
ACL-Name
This attribute indicates the ACL name to be applied to the client. A summary of the ACL-Name Attribute format is
shown below. The fields are transmitted from left to right.
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Type
|
Length
|
Vendor-Id
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Nortel 2200 Series Product Guide
108 RADIUS Attributes
Vendor-Id (cont.)
| Vendor type
| Vendor length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
ACL Name...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+•
Type - 26 for Vendor-Specific
•
Length - >7
•
Vendor-Id - 14179
•
Vendor type - 6
•
Vendor length - >0
•
Value - A string that includes the name of the ACL to use for the client
Interface-Name
Interface-Name
This attribute indicates the VLAN Interface a client is to be associated to.
A summary of the Interface-Name Attribute format is shown below. The fields are transmitted from left to right.
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Type
|
Length
|
Vendor-Id
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id (cont.)
|
Vendor type
| Vendor length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Interface Name...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+•
Type - 26 for Vendor-Specific
•
Length - >7
•
Vendor-Id - 14179
•
Vendor type - 5
•
Vendor length - >0
•
Value - A string that includes the name of the interface the client is to be assigned to.
Note: This Attribute only works when MAC Filtering is enabled, or if 802.1X or WPA is used as
the security policy.
320298-A Rev 00
RADIUS Attributes 109
VLAN-Tag
VLAN-Tag
This attribute indicates the group ID for a particular tunneled session, and is also known as the Tunnel-Private-Group-ID
attribute.
This attribute MAY be included in the Access-Request packet if the tunnel initiator can predetermine the group resulting
from a particular connection and SHOULD be included in the Access-Accept packet if this tunnel session is to be treated
as belonging to a particular private group. Private groups may be used to associate a tunneled session with a particular
group of users. For example, it may be used to facilitate routing of unregistered IP addresses through a particular interface. It SHOULD be included in Accounting-Request packets which contain Acct-Status-Type attributes with values of
either Start or Stop and which pertain to a tunneled session.
A summary of the Tunnel-Private-Group-ID Attribute format follows. The fields are transmitted from left to right.
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Type
|
Length
|
Tag
|
String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
•
Type - 81 for Tunnel-Private-Group-ID.
•
Length - >= 3
•
Tag - The Tag field is one octet in length and is intended to provide a means of grouping attributes in the same
packet which refer to the same tunnel. If the value of the Tag field is greater than 0x00 and less than or equal
to 0x1F, it SHOULD be interpreted as indicating which tunnel (of several alternatives) this attribute pertains.
If the Tag field is greater than 0x1F, it SHOULD be interpreted as the first byte of the following String field.
•
String - This field must be present. The group is represented by the String field. There is no restriction on the
format of group IDs.
Tunnel Attributes
Tunnel Attributes
Note: When any of the other RADIUS attributes in this section are returned, the Tunnel Attributes
must also be returned.
Reference [RFC2868] defines RADIUS tunnel attributes used for authentication and authorization, and [RFC2867]
defines tunnel attributes used for accounting. Where the IEEE 802.1X Authenticator supports tunneling, a compulsory
tunnel may be set up for the Supplicant as a result of the authentication.
In particular, it may be desirable to allow a port to be placed into a particular Virtual LAN (VLAN), defined in
[IEEE8021Q], based on the result of the authentication. This can be used, for example, to allow a wireless host to remain
on the same VLAN as it moves within a campus network.
The RADIUS server typically indicates the desired VLAN by including tunnel attributes within the Access-Accept.
However, the IEEE 802.1X Authenticator may also provide a hint as to the VLAN to be assigned to the Supplicant by
including Tunnel attributes within the Access- Request.
For use in VLAN assignment, the following tunnel attributes are used:
•
Tunnel-Type=VLAN (13)
Nortel 2200 Series Product Guide
110 RADIUS Attributes
•
Tunnel-Medium-Type=802
•
Tunnel-Private-Group-ID=VLANID
Note that the VLANID is 12-bits, taking a value between 1 and 4094, inclusive. Since the Tunnel-Private-Group-ID is of
type String as defined in [RFC2868], for use with IEEE 802.1X, the VLANID integer value is encoded as a string.
When Tunnel attributes are sent, it is necessary to fill in the Tag field. As noted in [RFC2868], section 3.1:
•
The Tag field is one octet in length and is intended to provide a means of grouping attributes in the same
packet which refer to the same tunnel. Valid values for this field are 0x01 through 0x1F, inclusive. If the Tag
field is unused, it MUST be zero (0x00).
•
For use with Tunnel-Client-Endpoint, Tunnel-Server-Endpoint, Tunnel-Private-Group-ID,
Tunnel-Assignment-ID, Tunnel-Client-Auth-ID or Tunnel-Server-Auth-ID attributes (but not Tunnel-Type,
Tunnel-Medium-Type, Tunnel-Password, or Tunnel-Preference), a tag field of greater than 0x1F is interpreted
as the first octet of the following field.
•
Unless alternative tunnel types are provided, (e.g. for IEEE 802.1X Authenticators that may support tunneling
but not VLANs), it is only necessary for tunnel attributes to specify a single tunnel. As a result, where it is only
desired to specify the VLANID, the tag field SHOULD be set to zero (0x00) in all tunnel attributes. Where
alternative tunnel types are to be provided, tag values between 0x01 and 0x1F SHOULD be chosen.
320298-A Rev 00
111
Tasks
This chapter provides information about tasks performed when using the Nortel 2200 Series System. :
Deployment and Quick Installation Guides
•
The Nortel WLAN — Access Port (223x) Deployment Guide Part # 216503-B on page 14 helps you determine
the number of Nortel WLAN — Access Ports (223x) a site needs, where to place the Nortel WLAN — Access
Ports (223x), and to perform a minimal site survey, if necessary.
•
The Nortel WLAN — Access Port (223x) Quick Installation Guide Part # 216394-B on page 13 provides steps
for installing WLAN — Access Ports (223x) with internal antennas and connectors for external antennas.
•
The WLAN — Security Switch (2270) Quick Installation Guide Part # 216395-B on page 14 guides you
through installing Nortel WLAN — Wireless Security Switches (2270).
•
The Windows WLAN — Management System Quick Installation Guide Part # 216396-B on page 13 gives
details on how to install Nortel WLAN — Management System Software (WLAN — Management System
Software).
Operating System Command Line Interface (CLI)
•
“Using the Nortel 2200 Series CLI on page 113” describes how to access and use the Nortel 2200 Series
Command Line Interface.
•
“Configuring the WLAN — Security Switch (2270) on page 118” details how to use the CLI to configure a
WLAN — Security Switch (2270).
Nortel Switch Web Interface
•
“Using the WLAN — Security Switch Web Interface on page 222” helps operators access and use the WLAN
— Security Switch Web Interface.
Nortel WLAN — Management System (WLAN — Management System)
•
“Using the Nortel WLAN — Management System Software on page 154” describes how to access and use
the Nortel WLAN — Management System Software.
•
“Updating the Operating System Software on page 141” provides operators with instructions on how to
update the WLAN — Security Switch (2270) (and associated WLAN — Access Port (223x)) Operating
System software.
•
“Updating the Windows WLAN — Management System Software on page 217” describes how to update
WLAN — Management System Software loads on WLAN — Management System Software workstations.
•
“Reinitializing the Windows WLAN — Management System Software Database on page 219” describes how
to reinitialize the WLAN — Management System Software database on Windows WLAN — Management
System Software workstations.
Nortel 2200 Series Product Guide
112 Tasks
•
“Transferring Files To and From an WLAN — Security Switch (2270) on page 141” describes uploading and
downloading files from an WLAN — Security Switch (2270).
•
“Viewing Network Status on page 117” helps you monitor the Nortel 2200 Series network status.
Troubleshooting
•
“Troubleshooting Tips on page 230” contains information you can use to troubleshoot the Nortel 2200 Series.
320298-A Rev 00
Using the Nortel 2200 Series CLI 113
Using the Nortel 2200 Series CLI
The Nortel 2200 Series CLI Reference allows operators to configure any WLAN — Security Switch (2270) and its associated WLAN — Access Ports (223x) using the CLI. Refer to the following sections or refer to the “Nortel 2200 Series
CLI Reference on page 299” for more information:
•
“Logging Into the CLI on page 113”
-
“Using a Local Serial Connection on page 113”
-
“Using a Remote Ethernet Connection on page 115”
•
“Logging Out of the CLI on page 116”
•
“Navigating the CLI on page 117”
•
“Using the Startup Wizard on page 143”
•
“Saving Configurations on page 151”
•
“Erasing the WLAN — Security Switch (2270) Configuration on page 152”
•
“Resetting the WLAN — Security Switch (2270) on page 152”
Logging Into the CLI
You can access the WLAN — Security Switch (2270) CLI using either of two methods:
•
A direct ASCII serial connection to the WLAN — Security Switch (2270) Console Port.
•
A remote console session over Ethernet through the pre-configured Service Port or Distribution System Ports
(configured using the WLAN — Security Switch (2270) Quick Installation Guide Part # 216395-B on
page 14).
The following sections contain information on how to use the CLI. This document assumes the WLAN — Security
Switch (2270) has been initialized as described in the WLAN — Security Switch (2270) Quick Installation Guide Part #
216395-B on page 14.
Before you log into the CLI, you must configure your connectivity and environment variables based on the type of
connection you are using. Refer to the appropriate section for your connection:
•
“Using a Local Serial Connection on page 113”
•
“Using a Remote Ethernet Connection on page 115”
Using a Local Serial Connection
Note: You can use the local serial connection at any time, whether or not the WLAN — Security
Switch (2270) has been configured as described in the WLAN — Security Switch (2270)
Quick Installation Guide Part # 216395-B on page 14.
You will need:
•
A computer running a terminal emulation program and a DB-9 serial port.
•
A DB-9 male to female null-modem serial cable.
Nortel 2200 Series Product Guide
114 Logging Into the CLI
Use this procedure to configure a serial connection to your WLAN — Security Switch (2270):
1.
Connect your computer to the WLAN — Security Switch (2270) using the DB-9 null-modem serial cable as
shown in the following figure.
2.
Verify that your terminal emulation (HyperTerminal, ProComm, minicom, tip, or other) interface is configured with the following parameters:
-
9600 baud
-
8 data bits
-
1 stop bit
-
no parity
-
no hardware flow control
3.
In your terminal emulation program, open a session with the WLAN — Security Switch (2270).
4.
Press <RETURN>. The CLI returns a login prompt.
5.
Enter a valid login and password to enter the CLI. (The default login and password are admin and admin,
respectively.)
User:
Password:
Note that the login and password functions are case sensitive.
6.
The CLI displays the root level system prompt:
(system prompt)>
The CLI allows a default of five users to be logged in at a time, but this number can be set from zero to five
users.
The system prompt can be any alphanumeric string, up to 31 characters. Because this is a user-defined variable, it is omitted from the rest of this documentation.
320298-A Rev 00
Logging Into the CLI 115
The CLI automatically logs you out without saving any changes after a short period of inactivity. This automatic logout can be set from 0 (never log out), or from 1 to 160 minutes. (Use the CLI command config serial
timeout x, where x is a number between 0 and 160.)
You are now logged into the CLI.
Using a Remote Ethernet Connection
You will need:
1.
A computer with access to the WLAN — Security Switch (2270) over the Ethernet network
2.
The IP Address of the WLAN — Security Switch (2270)
3.
You may use either a terminal emulation program or a DOS shell for the Telnet session.
Note: By default, Telnet sessions are not allowed. You will need to enable Telnet sessions using
your serial connection, and using the Nortel CLI or WLAN — Security Switch Web Interface.
Your computer may connect to the WLAN — Security Switch (2270) through the network using one of a variety of
paths as shown in the following illustration.
1.
Verify that your terminal emulation or DOS shell interface is configured with the following parameters:
-
Ethernet address
-
Port 23
2.
In your terminal emulation interface, use the WLAN — Security Switch (2270) IP Address to Telnet to the
WLAN — Security Switch (2270) Command Line Interface. The CLI returns a login prompt.
3.
Enter a valid login and password to enter the CLI. (The default login and password are admin and admin,
respectively.)
User:
Password:
Note that the login and password functions are case sensitive. The CLI allows a default of five users to be
logged in at a time, but this number can be set from zero to five users.
4.
The CLI displays the root level system prompt:
(system prompt)>
Nortel 2200 Series Product Guide
116 Logging Out of the CLI
The CLI allows a default of five users to be logged in at a time, but this number can be set from zero to five
users.
The system prompt can be any alphanumeric string, up to 31 characters, and can be changed. Because this is a
user-defined variable, it is omitted from the rest of this documentation.
The CLI automatically logs you out without saving any changes after a short period of inactivity. This automatic logout can be set from 0 (never log out), or from 1 to 160 minutes. (Use the CLI command config serial
timeout x, where x is a number between 0 and 160.)
You are now logged into the CLI.
Logging Out of the CLI
When finished using the CLI, navigate to the root level and enter logout. You will be prompted to save any changes
you have made to the volatile RAM.
Note: If you have recently cleared the volatile RAM configurations using “Clearing Configurations on page 151” and you save the configuration from the volatile RAM to the NVRAM, you must
reconfigure the WLAN — Security Switch (2270) after reboot using the “Startup Wizard on
page 52”.
CLI Tree Structure
The CLI tree structure is organized around five levels:
Root Level
Level 2
Level 3
Level 4
Level 5
Following are some examples of CLI commands and their position in the tree structure.
?
help
clear
config
show
802.11a
config
advanced
802.11a
profile
noise
level
320298-A Rev 00
Navigating the CLI 117
save
config
transfer
download
start
To view the latest CLI tree structure, log onto the CLI and use the Navigating the CLI commands.
Navigating the CLI
1.
You start at the root level.
2.
At the root level, type ‘help’ to see systemwide navigation commands.
3.
At all levels, type ‘?’ to view the commands available from the current location.
4.
At all levels, type a command followed by ‘?’ or ‘ ?’ to view the parameters available for the command.
5.
Type any command name to move up to that level.
6.
Type ‘exit’ to go down a level.
7.
Enter <CTRL-Z> to return to the root level.
8.
From the root level, you can enter the whole command name. For instance, you can enter:
>config prompt “Ent1”
to change the system prompt to Ent1 >.
9.
To save your changes from active working RAM to non-volatile RAM (NVRAM) so they are retained upon
reboot, use the save config command at the CLI root level.
10.
To reset the WLAN — Security Switch (2270) without logging out, use the reset system command at
the root level of the CLI tree structure.
11.
When you are done using the CLI console, navigate to the root level and enter logout. You will be prompted
to save any changes you have made from the active working RAM to the non-volatile RAM (NVRAM).
Viewing Network Status
Use the following Command Line Interface commands to view the status of the network controlled by a WLAN —
Security Switch.
•
Use the show client commands to display client information for each WLAN — Access Port (223x)
802.11a and 802.11b/g RF coverage area, to display detailed information for a client connected through a
particular WLAN — Access Port (223x), and display a summary of clients connected through the Nortel 2200
Series:
>show client ap [802.11a/802.11b] <WLAN — Access Port (223x)>
>show client detail <MAC addr>
>show client summary
If you need to, use the config client deauthenticate command to deauthenticate an individual
<MAC address>.
Nortel 2200 Series Product Guide
118 Configuring the WLAN — Security Switch (2270)
•
Use the show rogue-ap summary and show rogue-ap detail commands to discover Rogue APs
on the subnet. If necessary, use the config rogue-ap acknowledged, config rogue-ap
alert, and config rogue-ap known commands to mark the Rogue APs in the Nortel 2200 Series
database.
•
In general, use the show commands to view the Nortel 2200 Series status.
•
To test a link to a MAC address, use the linktest command at the CLI root level. Note that linktest
does not work for IPSec links and does not work from Nortel WLAN — Access Ports (223x).
•
To ping an IP Address, use the ping command at the CLI root level.
Continue with “Using the Nortel 2200 Series CLI on page 113”.
Configuring the WLAN — Security Switch (2270)
This section assumes that the WLAN — Security Switch (2270) is already installed, initially configured, and connected
as described in WLAN — Security Switch (2270) Quick Installation Guide Part # 216395-B.
Continue with the following sections to configure a WLAN — Security Switch (2270) using the Command Line
Interface (CLI):
•
“Logging Into the CLI on page 113”
•
“Navigating the CLI on page 117”
•
“Collecting WLAN — Security Switch (2270) Parameters on page 119”
•
“Configuring System Parameters on page 120”
•
“Configuring WLAN Security Switch (2270) Interfaces on page 121”
•
“Configuring WLANs on page 127”
•
“Configuring Mobility Groups on page 135”
•
“Configuring RADIUS on page 135”
•
“Configuring SNMP on page 136”
•
“Configuring Other Ports and Parameters on page 136”
•
“Transferring Files To and From an WLAN — Security Switch (2270) on page 141”
•
“Updating the Operating System Software on page 141”
•
“Using the Startup Wizard on page 143”
•
“Adding SSL to the WLAN — Security Switch Web Interface on page 144”
•
“Adding SSL to the 802.11 Interface on page 148”
•
“Saving Configurations on page 151”
•
“Clearing Configurations on page 151”
•
“Resetting the WLAN — Security Switch (2270) on page 152”
•
“Erasing the WLAN — Security Switch (2270) Configuration on page 152”
•
“Logging Out of the CLI on page 116”
320298-A Rev 00
Collecting WLAN — Security Switch (2270) Parameters 119
Continue with “Using the Nortel 2200 Series CLI on page 113”.
Collecting WLAN — Security Switch (2270) Parameters
Collect the high-level WLAN — Security Switch (2270) parameters:
System Parameters
-
Supported protocols: 802.11a and/or 802.11b/g.
-
New usernames and passwords (optional).
Network (Distribution System) Parameters
-
Distribution System (network) port static IP Address, netmask, and optional default gateway IP
Address from the network planner.
-
Service port static IP Address and netmask from the network planner (optional).
-
Distribution System physical port (1000Base-T, 1000Base-SX, or 10/100Base-T). Note that the
1000Base-SX (1000Base-T) 1GE copper port provides a 100/1000 Mbps wired connection to a network through an 850nM (SX) fiber-optic link using an LC physical connector.
-
Distribution System port VLAN assignment (optional).
-
Distribution System port Web and Secure Web mode settings, enabled or disabled.
-
Distribution System port Spanning Tree Protocol: enabled/disabled, 802.1D/fast/off mode per port,
path cost per port, priority per port, bridge priority, forward delay, hello time, maximum age.
WLAN Parameters
-
WLAN Configuration: VLAN assignments, Layer 2 Security settings, Layer 3 Security settings,
QoS assignments.
Mobility Parameters
-
Mobility Settings: Mobility Group Name (optional).
RADIUS Parameters
-
RADIUS Settings.
SNMP Parameters
-
SNMP Settings.
Other Parameters
-
Other Port and Parameter Settings: Service port, Nortel Management Software, Serial/CLI Console
port, 802.3x Flow Control, System Logging.
Other Actions
-
Assemble all files that may need uploading or downloading to the WLAN — Security Switch
(2270), including the latest Operating System code.
Continue with “Configuring System Parameters on page 120”.
Nortel 2200 Series Product Guide
120 Configuring System Parameters
Configuring System Parameters
The WLAN — Security Switch (2270) requires a few basic system parameters to communicate with other network
devices. Perform the following to set these parameters:
Time and Date
•
Use the show time command to view the WLAN — Security Switch (2270) time and date.
•
If necessary, set the WLAN — Security Switch (2270) time and date by entering:
>config time MM/DD/YY HH:MM:SS
•
Use the show time command to verify that the WLAN — Security Switch (2270) has stored your input.
Continue with the next parameter.
Country
The WLAN — Security Switch (2270) has been designed to be used in countries with different 802.11 regulatory
domains.
•
Use the show country command to view the WLAN — Security Switch (2270) country regulatory
domain.
•
If necessary, set the WLAN — Security Switch (2270) regulatory domain by entering:
>config country <domain>
Where <domain> =
-
US (United States of America), which allows 802.11b and 802.11g operation and 802.11a Low,
Medium, and High bands.
-
USL (US Low), which allows 802.11b and 802.11g operation and 802.11a Low and Medium bands.
(Used for legacy 802.11a interface cards that do not support 802.11a High band.)
-
AU (Australia), which allows 802.11a and 802.11b/g.
-
AT (Austria), which allows 802.11a and 802.11b/g.
-
BE (Belgium), which allows 802.11a and 802.11b/g.
-
CA (Canada), which allows 802.11b/g.
-
DK (Denmark), which allows 802.11a and 802.11b/g.
-
FI (Finland), which allows 802.11a and 802.11b/g.
-
FR (France), which allows 802.11a and 802.11b/g.
-
DE (Germany), which allows 802.11a and 802.11b/g.
-
GR (Greece), which allows 802.11b/g.
-
IE (Ireland), which allows 802.11a and 802.11b/g.
-
IN (India), which allows 802.11a and 802.11b.
-
IT (Italy), which allows 802.11a and 802.11b/g.
-
JP (Japan), which allows 802.11a and 802.11b/g.
-
KR (Republic of Korea), which allows 802.11a and 802.11b/g.
320298-A Rev 00
Configuring WLAN Security Switch (2270) Interfaces 121
•
-
LU (Luxembourg), which allows 802.11a and 802.11b/g.
-
NL (Netherlands), which allows 802.11a and 802.11b/g.
-
PT (Portugal), which allows 802.11a and 802.11b/g.
-
ES (Spain), which allows 802.11a and 802.11b/g.
-
SE (Sweden), which allows 802.11a and 802.11b/g.
-
GB (United Kingdom), which allows 802.11a and 802.11b/g.
Continue with the next parameter.
Supported 802.11a and 802.11b/g Protocols
The 802.11a and 802.11b/g protocols can be independently enabled or disabled.
•
Use the show sysinfo command to view the 802.11a and 802.11b/g enabled/disabled status.
•
ENSURE these protocols are configured to agree with your wireless network plan and to comply with the
Country regulatory domain entered in the previous step using the following commands:
>config
>config
>config
>config
•
802.11a
802.11a
802.11b
802.11b
enable network
disable network
enable network
disable network
Use the show sysinfo command to verify that the WLAN — Security Switch (2270) has stored your
input. Continue with the next parameter.
Users and Passwords
After you have configured other system parameters, you are urged to change the username and password so unauthorized personnel cannot easily log into the Nortel 2200 Series.
•
Use the show mgmtuser command to view the current management user names.
•
Use the following commands to add new usernames and add or change passwords:
>config mgmtuser add <username> <password> [read-write/read-only]
>config mgmtuser password <username> <new password>
where <username>, <password> and <new password> = Any ASCII character string, up to 24 characters, case
sensitive, with no spaces.
•
Use the show mgmtuser command to verify that your users have been accepted by the system. Continue
with “Configuring WLAN Security Switch (2270) Interfaces on page 121”.
Configuring WLAN Security Switch (2270) Interfaces
As described in “Distribution System Ports on page 47”, the Nortel WLAN — Wireless Security Switch (2270) has one
or two redundant (2270) physical ports. This means that the Nortel WLAN — Wireless Security Switch (2270) can
physically connect to one subnet. Each of the physical ports can have multiple Interfaces applied to it.
•
The “Management Interface on page 49” controls communications with network equipment for all physical
ports in all cases.
Nortel 2200 Series Product Guide
122 Configuring WLAN Security Switch (2270) Interfaces
When the Nortel 2200 Series is operated in Layer 2 Mode (see “Layer 2 and Layer 3 LWAPP Operation on
page 30”), the Management Interface also controls communications between the WLAN — Security Switch
(2270) and Nortel WLAN — Access Ports (223x) and Rogue Access Ports.
When the Nortel 2200 Series is operated in Layer 3 Mode, the Management Interface no longer controls
communications between the WLAN — Security Switch (2270) and WLAN — Access Ports (223x).
•
When the Nortel 2200 Series is operated in Layer 3 Mode (see “Layer 2 and Layer 3 LWAPP Operation on
page 30”), the AP-Manager Interface controls all communications between the WLAN — Security Switch
(2270) and Nortel WLAN — Access Ports (223x).
•
Each physical port can also have between one and 512 Operator-Defined Interfaces, also known as VLAN
Interfaces, assigned to it. Each Operator-Defined Interface is individually configured, and allows separate
communication streams to exist on any or all of the physical port(s).
•
The Virtual Interface controls Layer 3 Security and Mobility manager communications for Nortel WLAN —
Wireless Security Switches (2270) for all physical Ports. It also maintains the DNS Gateway hostname used
by Layer 3 Security and Mobility managers to verify the source of certificates when Layer 3 Web Authorization is enabled.
•
Note that the WLAN — Security Switch (2270) also has a Service-Port Interface, but that Interface can only
be applied to the front-panel Service Port.
If you have not already done so, you must decide which physical port(s) you want to use, and then perform the following
tasks:
•
“Verifying and Changing the Management Interface on page 122”
•
“Creating and Assigning the AP-Manager Interface on page 123”
•
“Creating, Assigning and Deleting Operator-Defined Interfaces on page 124”
•
“Verifying and Changing the Virtual Interface on page 125”
Continue with the next section to configure the Distribution System IP Address.
Verifying and Changing the Management Interface
Normally, the static Management Interface parameters are defined when the WLAN — Security Switch (2270) is
initially configured using the Startup Wizard. However, you may want to verify and/or change its parameters:
1.
Use the show interface detailed management command to view the current Management Interface settings. Note that the Management Interface uses the burned-in MAC address.
2.
To change any of the parameters, disable all WLANs.
>show wlan summary
>config wlan disable <1-16, or 17 for Third-Party APs> (repeat for all enabled
WLANs)
3.
And then use the following:
>config interface address management <IP addr> <IP netmask> [optional
gateway]
>config interface vlan management <VLAN ID|’0’ for untagged>
>config interface port management <Physical DS Port Number>
320298-A Rev 00
Configuring WLAN Security Switch (2270) Interfaces 123
>config interface dhcp management <IP addr of Primary DHCP server> <IP
addr of optional Secondary DHCP server>
>config interface acl management <Access Control List Name> (Note)
using the values collected from the network planner in “Collecting WLAN — Security Switch (2270) Parameters on page 119”.
Note: If you are applying an Access Control List (ACL) to the Management Interface, you must
first configure the ACL using the Creating Access Control Lists section.
Use the show interface detailed management command to verify that the WLAN — Security Switch
(2270) has correctly stored your inputs. Note that this Interface cannot be deleted. Continue with the next section.
Creating and Assigning the AP-Manager Interface
The static AP-Manager Interface only exists when the Nortel 2200 Series is operating in LWAPP Layer 3 Mode (see
“Layer 2 and Layer 3 LWAPP Operation on page 30”).
1.
Use the show interface summary command to view the current Interfaces.
If the Nortel 2200 Series is operating in Layer 2 Mode, the ap-manager interface will not be listed. Either
skip this section and continue with Creating, Assigning and Deleting Operator-Defined Interfaces, or go to
Converting a Nortel 2200 Series from Layer 2 to Layer 3 Mode.
2.
Use the show interface detailed ap-manager command to view the current AP-Manager Interface settings.
3.
To change any of the parameters, disable all WLANs.
>show wlan summary
>config wlan disable <1-16, or 17 for Third-Party APs> (repeat for all enabled
WLANs)
4.
And then use the following:
>config interface address ap-manager <IP addr> <IP netmask> [optional
gateway]
>config interface vlan ap-manager <VLAN ID|’0’ for untagged>
>config interface port ap-manager <Physical DS Port Number>
>config interface dhcp ap-manager <IP addr of Primary DHCP server> <IP
addr of optional Secondary DHCP server>
>config interface acl ap-manager <Access Control List Name> (Note)
using the values collected from the network planner in “Collecting WLAN — Security Switch (2270) Parameters on page 119”.
Note: If you are applying an Access Control List (ACL) to the Management Interface, you must
first configure the ACL using “Creating Access Control Lists on page 127”.
Use the show interface detailed ap-manager command to verify that the WLAN — Security Switch
(2270) has correctly stored your inputs. Note that this Interface cannot be deleted. Continue with the next section.
Nortel 2200 Series Product Guide
124 Configuring WLAN Security Switch (2270) Interfaces
Creating, Assigning and Deleting Operator-Defined Interfaces
Each WLAN Security Switch (2270) can support up to 512 dynamic Operator-Defined Interfaces. Each Operator-Defined Interface controls VLAN and other communications between Nortel WLAN — Wireless Security Switches
(2270) and all other network devices. Between one and 512 Operator-Defined Interfaces can be assigned to Nortel
WLANs, physical Distribution System Ports, the Layer 2 Management Interface, and the Layer 3 AP-Manager Interface.
Note: Operator-Defined Interfaces cannot be assigned to the dedicated WLAN — Security Switch
(2270) front-panel Service Port.
CAUTION: Operator-Defined Interface names cannot have spaces in them. If an Operator-Defined Interface name contains a space, you may not be able to edit its configuration using the
“Command Line Interface on page 80”.
•
Use the show interface summary command to view the current Operator-Defined Interfaces. They can
be identified by the ‘dynamic’ Interface type.
•
To view the details of an Operator-Defined Interface, use the show interface detailed
<operator-defined interface name> command to view the current Operator-Defined Interface
settings.
•
To change any of the parameters or add another Operator-Defined Interface, disable all WLANs.
>show wlan summary
>config wlan disable <1-16, or 17 for Third-Party APs> (repeat for all enabled
WLANs)
•
And then use the following:
>config interface create <operator-defined interface name> <VLAN
ID|’0’ for untagged>
>config interface address <operator-defined interface name> <IP addr>
<IP netmask> [optional gateway]
>config interface vlan <operator-defined interface name> <VLAN ID|’0’
for untagged>
>config interface port <operator-defined interface name> <Physical DS
Port Number>
>config interface dhcp <operator-defined interface name> <IP addr of
Primary DHCP server> <IP addr of optional Secondary DHCP server>
>config interface acl <operator-defined interface name> <Access
Control List Name> (Note)
using the values collected from the network planner in “Collecting WLAN — Security Switch (2270) Parameters on page 119”.
Note: If you are applying an Access Control List (ACL) to the Operator-Defined Interface, you
must first configure the ACL using the “Creating Access Control Lists on page 127” section.
320298-A Rev 00
Configuring WLAN Security Switch (2270) Interfaces 125
Use the show interface detailed <operator-defined interface name> and show interface
summary commands to verify that the WLAN — Security Switch (2270) has correctly stored your inputs.
To delete an Operator-Defined Interface, use the following command:
>config interface delete <operator-defined interface name>
Continue with the next section.
Verifying and Changing the Virtual Interface
The static Virtual Interface controls Layer 3 Security and Mobility manager communications for Nortel WLAN —
Wireless Security Switches (2270), and it maintains the DNS Gateway hostname used by Layer 3 Security and Mobility
managers to verify the source of certificates when Layer 3 Web Authorization is enabled.
1.
Use the show interface detailed virtual command to view the current AP-Manager Interface
settings.
2.
To change any of the parameters, disable all WLANs.
>show wlan summary
>config wlan disable <1-16, or 17 for Third-Party APs> (repeat for all enabled
WLANs)
3.
And then use the following:
>config interface address virtual <IP addr> where <IP addr> is any fictitious,
unassigned, unused Gateway IP Address.
>config interface hostname virtual <DNS Host Name>
using the values collected from the network planner in “Collecting WLAN — Security Switch (2270) Parameters on page 119”.
Note: If you change any of the Virtual Interface settings, reset the WLAN — Security Switch
(2270) and save the configuration as described in “Resetting the WLAN — Security Switch (2270)
on page 152”.
Use the show interface detailed virtual command to verify that the WLAN — Security Switch (2270) has
correctly stored your inputs. Note that this Interface cannot be deleted. Continue with the next section.
Enabling Web and Secure Web Modes
Use the following commands to enable (default) or disable the Distribution System port as a Web port and/or a Secure
Web port:
>config network webmode [enable/disable]
>config network secureweb [enable/disable]
Use the show network command to verify that your inputs were accepted. Continue with the next parameter.
Configuring Spanning Tree Protocol
Spanning Tree Protocol is initially disabled for the Distribution System (network) ports. You can enable STP on the
WLAN — Security Switch (2270) for all physical ports using the following commands. If you are not configuring
Spanning Tree Protocol at this time, skip this section.
Nortel 2200 Series Product Guide
126 Configuring WLAN Security Switch (2270) Interfaces
1.
Use the show spanningtree port and show spanningtree switch commands to view the
current STP status.
2.
Disable STP on the WLAN — Security Switch (2270) by entering:
>config spanningtree switch mode disable
This causes the WLAN — Security Switch (2270) to disable support for STP on all ports.
Note: STP must be disabled before the STP parameters can be changed; leave STP disabled until you have
finished configuring all associated parameters.
3.
Configure the STP port administrative mode on the desired ports using one of the following commands:
>config spanningtree port mode 802.1d [<port number>/all] (default)
>config spanningtree port mode fast [<port number>/all]
>config spanningtree port mode off <[<port number>/all]
where <port number> = 1 through 13 or 1 through 25, and all = all ports.
4.
Configure STP port path cost on the STP ports using one of the following commands:
>config spanningtree port pathcost <1-65535> [<port number>/all]
>config spanningtree port mode pathcost auto [<port number>/all]
(default)
where <1-65535> = Path cost supplied by the network planner, and auto = allow the STP algorithm to automatically assign the path cost (default).
5.
Configure port priority on the STP ports using the following command:
>config spanningtree port priority <0-255> <port number>
where <0-255> = STP priority for this port (default priority = 128).
6.
If required, configure the WLAN — Security Switch (2270) STP bridge priority using the following
command:
>config spanningtree switch bridgepriority <0-65535>
where <0-65535> = STP bridge priority for this WLAN — Security Switch (2270) (default priority = 32768).
7.
If required, configure the WLAN — Security Switch (2270) STP forward delay using the following command:
>config spanningtree switch forwarddelay <4-30>
where <4-30> seconds = STP forward delay for this WLAN — Security Switch (2270) (default forward delay
= 15 seconds).
8.
If required, configure the WLAN — Security Switch (2270) STP hello time using the following command:
>config spanningtree switch hellotime <1-10>
where <1-10> seconds = STP hello time for this WLAN — Security Switch (2270) (default hello time =
2 seconds).
9.
If required, configure the WLAN — Security Switch (2270) STP maximum age using the following
command:
>config spanningtree switch maxage <6-40>
320298-A Rev 00
Creating Access Control Lists 127
where <6-40> seconds = STP maximum age for this WLAN — Security Switch (2270) (default = 20 seconds).
10.
After all the ports have been configured for the desired STP settings, enter the following:
>config spanningtree switch mode enable
This procedure allows the WLAN — Security Switch (2270) to most efficiently set up STP, detect logical
network loops, place redundant ports on standby, and build a network with the most efficient pathways.
You have configured STP for the WLAN — Security Switch (2270). Verify that your settings are stored in memory
using the show spanningtree port and show spanningtree switch commands. Continue with
“Configuring WLANs on page 127”.
Creating Access Control Lists
To create Access Control Lists, Nortel strongly recommends that you use the WLAN — Security Switch Web Interface.
Refer to “Access Control Lists on page 39” in the WLAN Security Switch Web Interface Online Help document.
Configuring WLANs
WLAN — Security Switches (2270) can control up to 16 Nortel Wireless LANs as described in “Nortel WLANs on
page 38”.
If you are not configuring WLANs at this time, skip this section and continue with “Configuring Mobility Groups on
page 135”.
WLANs
•
Use the show wlan summary command to display the current WLANs and whether they are enabled or
disabled. Note that each Nortel WLAN is assigned a WLAN ID from 1 to 16.
Note: Because the Nortel WLAN — Wireless Security Switches (2270) operate exclusively in
Appliance Mode.
•
If you are creating WLANs, use the following commands:
>config wlan create <wlan id> <wlan name>
where <wlan id> = 1 through 16, <wlan name> = SSID (up to 31 alphanumeric characters).
Note: When WLAN 1 is created in the Startup Wizard , it is created in enabled mode; disable it
until you have finished configuring it. When you create a new WLAN using the config wlan
create command, it is created in disabled mode; leave it disabled until you have finished configuring it.
•
If you are modifying enabled WLANs, ensure they are disabled using the show wlan summary
command. If they are not disabled, use the following to disable them:
>config wlan disable <wlan id>
where <wlan id> = 1 through 16. Leave the WLANs in disabled mode until you have finished configuring
them.
•
If you are deleting WLANs, use the following command:
Nortel 2200 Series Product Guide
128 Configuring WLANs
>config wlan delete <wlan id>
where <wlan id> = 1 through 16.
DHCP Server
Each WLAN can be assigned to a DHCP server. Any or all WLANs can be assigned to the same DHCP server, and each
WLAN can be assigned to a different DHCP servers. This assignment is mandatory for WLANs that allow “Using
Management over Wireless on page 96” , as described in “External DHCP Servers on page 34”.
•
Use the show wlan command to verify whether you have a DHCP Server assigned to the WLAN.
•
If necessary, use the following command:
>config wlan dhcp_server <WLAN id> <IP Address>
where <WLAN id> = 1 through 16, <IP Address> = DHCP Server IP Address,
•
Use the show wlan command to verify that you have a DHCP Server assigned to the WLAN.
MAC Filtering
Whenever you are going to use MAC filtering for WLAN — Security Switch (2270) or RADIUS authorization, you
need to enable it at the WLAN level first. If you plan to use local MAC address filtering for any WLAN, use the
following commands to configure the MAC Address Filter List:
•
Use the show wlan command to verify whether you have MAC filtering enabled or disabled for each
WLAN.
•
If necessary, use the following command:
>config wlan mac-filtering enable <WLAN id>
where <WLAN id> = 1 through 16.
•
Use the show wlan command to verify that you have MAC filtering enabled or disabled for each WLAN.
Local MAC Filter
WLAN — Security Switches (2270) have built-in MAC filtering capability, similar to that provided by a RADIUS
authorization server.
•
Use the show macfilter command to verify that you have MAC addresses assigned to WLANs.
•
If required, use the following commands to assign local MAC addresses to WLANs, and to configure a
WLAN to filter a local client:
>config macfilter add <MAC addr> <WLAN id>
>config macfilter wlan-id <MAC addr> <WLAN id>
where <MAC addr> = client MAC address and <WLAN id> = 1 through 16.
•
Use the show macfilter command to verify that you have MAC addresses assigned to WLANs.
Disable Timeout
Each WLAN can have a variable timeout for excluded, or disabled clients. Clients who fail to authenticate three times
when attempting to associate are automatically excluded, or disabled, from further association attempts. After the
320298-A Rev 00
Configuring WLANs 129
exclusion timeout period expires, the client is allowed to retry authentication until it associates or fails authentication
and is excluded again.
•
Use the show wlan command to check the current WLAN Disable (Excluded) Timeout.
•
If necessary, use the following command to change the Disable (Excluded) Timeout:
>config wlan blacklist <WLAN id> <timeout>
where <WLAN id> = 1 through 16, and <timeout> = 1 to 65535 seconds, 0 to add to the Exclusion List
(formerly blacklist) permanently until the operator manually removes the exclusion.
•
Use the show wlan command to verify the current WLAN Disable (Excluded) Timeout.
VLANs
Note: WLANs are created in disabled mode; leave them disabled until you have finished configuring them.
•
Use the show wlan command to verify VLAN assignment status.
•
To assign a VLAN to a WLAN, use the following command:
>config wlan vlan <wlan id> [<default>/<untagged>/<VLAN ID> <IP
Address> <VLAN Netmask> <VLAN Gateway>]
where <WLAN id> = 1 through 16, <default> = use the VLAN configured on the network port, <untagged> =
use VLAN 0, <VLAN id> = 1 through 4095, <IP Address> = the VLAN IP Address on the WLAN —
Security Switch (2270), <VLAN Netmask> = VLAN local IP netmask, and <VLAN Gateway> = VLAN local
IP gateway.
•
To remove a VLAN assignment from a WLAN, use the following command:
>config wlan vlan <WLAN id> untagged
where <WLAN id> = 1 through 16.
•
Use the show wlan <wlan id> command to verify that you have correctly assigned a VLAN to the
WLAN.
Layer 2 Security
Note: WLANs are created in disabled mode; leave them disabled until you have finished configuring
them.
Dynamic 802.1X Keys and Authorization
WLAN — Security Switches (2270) can control 802.1X dynamic keys using EAP (extended authorization protocol)
across WLAN — Access Ports (223x), and supports 802.1X dynamic key settings for the WLAN — Access Port (223x)
WLAN(s).
•
Use the show wlan <wlan id> command to check the security settings of each WLAN. The default for
new WLANs is 802.1X with dynamic keys enabled. If you want to keep a robust Layer 2 policy, leave 802.1X
on.
•
If you want to change the 802.1X configuration, use the following commands:
Nortel 2200 Series Product Guide
130 Configuring WLANs
>config wlan security 802.1X [enable/disable] <wlan id>
where <WLAN id> = 1 through 16.
•
If you want to change the 802.1X encryption for an WLAN — Access Port (223x) WLAN (not a Third-Party
WLAN), use the following command:
>config wlan security 802.1X encryption <wlan id> [40/104/128]
where <WLAN id> = 1 through 16, and [40/104/128] = 40/64, 104/128 (default) or 128/152 encryption bits
(default = 104/128).
WEP Keys
WLAN — Security Switches (2270) can only control WEP keys across WLAN — Access Ports (223x). Third-party
APs control their own WEP keys.
•
Use the show wlan <wlan id> command to check the security settings of each WLAN. The default is
802.1X with dynamic keys enabled.
•
If you want to configure the less-robust WEP (Wired Equivalent Privacy) authorization policy, turn 802.1X
off:
>config wlan security 802.1X disable <wlan id>
where <wlan id> = 1 through 16.
•
Then configure 40/64, 104/128 or 128/152 bit WEP keys on 802.1X disabled WLANs using the following
command:
>config wlan security static-wep-key encryption <wlan id> [40/104/128]
[hex/ascii] <key> <key-index>
where:
-
<wlan id> = 1 through 16;
-
[hex/ascii] = key character format;
-
<key> = Ten hexadecimal digits (any combination of 0-9, a-f, or A-F), or five printable ASCII characters for 40-bit/64-bit WEP keys, 26 hexadecimal or 13 ASCII characters for 104-bit/128-bit keys,
or 32 hexadecimal or 16 ASCII characters for 128-bit/152-bit keys; and
-
<key-index> = 1 through 4.
Note: One unique WEP Key Index can be applied to each WLAN. Because there are only four
<key-index> numbers, only four WLANs can be configured for Static WEP Layer 2 encryption.
Also note that some legacy clients can only access Key Index 1 through 3 but cannot access Key
Index 4.
Dynamic WPA Keys and Encryption
WLAN — Security Switches (2270) can only control WPA (Wi-Fi Protected Access) authorization policy across
WLAN — Access Ports (223x). Third-party (foreign) APs control their own authorization policies.
•
Use the show wlan <wlan id> command to check the security settings of each WLAN. The default is
802.1X with dynamic keys enabled.
•
If you want to configure the more-robust WPA authorization policy, turn 802.1X off:
320298-A Rev 00
Configuring WLANs 131
>config wlan security 802.1X disable <wlan id>
where <wlan id> = 1 through 16.
•
Then configure authorization and dynamic key exchange on 802.1X disabled WLANs using the following
commands:
>config wlan security wpa enable <wlan id>
>config wlan security wpa encryption aes-ocb <wlan id>
>config wlan security wpa encryption tkip <wlan id>
>config wlan security wpa encryption wep <wlan id> [40/104/128]
where <wlan id> = 1 through 16, and [40/104/128] = 40/64, 104/128, or 128/156 encryption bits (default =
104).
•
Use the show wlan command to verify that you have WPA enabled.
Layer 3 Security
Note: WLANs are created in disabled mode; leave them disabled until you have finished configuring them.
Note: Using Layer 3 security requires that the WLAN — Security Switch (2270) be equipped with
a Crypto Accelerator Module (Crypto Module). The ESM plugs into the rear and is factory-installed
in the 2270 , and provides the extra processing power needed for processor-intensive security
algorithms.
IPSec
IPSec (Internet Protocol Security) supports many Layer 3 security protocols.
•
Use the show wlan command to show the current IPSec configuration.
•
Use the following command to enable IPSec on a WLAN:
>config wlan security ipsec [enable/disable] <WLAN id>
where <WLAN id> = 1 through 16.
•
Use the show wlan command to verify that you have IPSec enabled.
config wlan security ipsec ike contivity
To change the IP Security settings, use the config wlan security ipsec command.
>config wlan security ipsec ike contivity <xxxx>
•
Use the following command to enable IPSec ike contivity on a WLAN:
>config wlan security ipsec ike contivity enable
•
Use the show wlan command to verify that you have IPSec ike contivity enabled.
Nortel 2200 Series Product Guide
132 Configuring WLANs
config wlan security ipsec config qotd
To change the IP Security settings for qotd, use the config wlan security ipsec config qotd command.
>config wlan security ipsec config qotd <server ip> <wlan id>
<foreignAP>
•
Use the following command structure to enable IPSec config qotd on a WLAN:
>config wlan security ipsec config qotd 127.0.0.0 1 17
•
Use the show wlan command to verify that you have IPSec config qotd enabled.
IPSec Authentication
IPSec uses hmac-sha-1 authentication as the default for encrypting WLAN data, but can also use hmac-md5, or no
authentication.
•
Use the show wlan command to view the current IPSec authentication protocol.
•
Use the following command to configure the IPSec IP authentication:
>config wlan security ipsec authentication [hmac-md5/hmac-sha-1/none]
<WLAN id>
where <WLAN id> = 1 through 16.
•
Use the show wlan command to verify that you have correctly set the IPSec authentication.
IPSec Encryption
IPSec uses 3DES encryption as the default for encrypting WLAN data, but can also use AES, DES, or no encryption.
•
Use the show wlan command to view the current IPSec encryption.
•
Use the following command to configure the IPSec encryption:
>config wlan security ipsec encryption [3des/aes/des/none] <WLAN id>
where aes= AES-CBC, and where <WLAN id> = 1 through 16.
•
Use the show wlan command to verify that you have correctly set the IPSec encryption.
IKE Authentication
IPSec IKE (Internet Key Exchange) uses pre-shared key exchanges, x.509 (RSA Signatures) certificates, and XAuth-psk
for authentication.
•
Use the show wlan command to see if IPSec IKE is enabled.
•
Use the following commands to configure IKE authentication on a WLAN with IPSec enabled:
>config wlan security ipsec ike authentication certificates <wlan id>
>config wlan security ipsec ike authentication xauth-psk <wlan id>
<key>
>config wlan security ipsec ike authentication pre-shared-key
<wlan id> <key>
where <wlan id> = 1 through 16, certificates = RSA signatures, xauth-psk = XAuth pre-shared key, and
<key> = Preshared Key (Eight to 255 ASCII characters, case sensitive).
320298-A Rev 00
Configuring WLANs 133
•
Use the show wlan command to verify that you have IPSec IKE enabled.
IKE Diffie-Hellman Group
IPSec IKE uses Diffie-Hellman groups to block easily-decrypted keys.
•
Use the show wlan command to verify whether or not the WLAN — Security Switch (2270) has IPSec IKE
DH Groups properly set.
•
Use the following command to configure the IKE Diffie-Hellman group on a WLAN with IPSec enabled:
>config wlan security ipsec ike DH-Group <WLAN id> <group-id>
where <WLAN id> = 1 through 16, <group-id> = group-1, group-2 (default), or group-5.
•
Use the show wlan command to verify that the WLAN — Security Switch (2270) has IPSec IKE DH
Groups properly set.
IKE Phase 1 Aggressive and Main Modes
IPSec IKE uses the Phase 1 Aggressive (faster) or Main (more secure) mode to set up encryption between clients and the
WLAN — Security Switch (2270).
•
Use the show wlan command to see if the WLAN — Security Switch (2270) has IPSec IKE Aggressive
mode enabled.
•
If necessary, use the following command to configure the IKE Aggressive or Main mode on a WLAN with
IPSec enabled:
>config wlan security ipsec ike phase1 [aggressive/main] <WLAN id>
where <WLAN id> = 1 through 16.
•
Use the show wlan command to verify that you have IPSec IKE Aggressive or Main mode enabled.
IKE Lifetime Timeout
IPSec IKE uses its timeout to limit the time that an IKE key is active.
•
Use the show wlan command to see the current IPSec IKE lifetime timeout.
•
Use the following command to configure the IKE lifetime on a WLAN with IPSec enabled:
>config wlan security ipsec ike lifetime <WLAN id> <seconds>
where <WLAN id> = 1 through 16, and <seconds> = 1800 through 345600 seconds (default =
28800 seconds).
•
Use the show wlan command to verify that you have IPSec IKE timeout properly set.
IPSec Passthrough
IPSec IKE uses IPSec Passthrough to allow IPSec-capable clients to communicate directly with other IPSec equipment.
IPSec Passthrough is also known as VPN Passthrough.
•
Use the show wlan command to see the current IPSec passthrough status.
•
Use the following command to configure IKE passthrough for a WLAN:
>config wlan security passthru [enable/disable] <WLAN id> [gateway]
Nortel 2200 Series Product Guide
134 Configuring WLANs
where <WLAN id> = 1 through 16, and [gateway] = IP Address of IPSec (VPN) passthrough gateway.
•
Use the show wlan command to verify that you have IPSec passthrough properly set.
Web Based Authentication
WLANs can use Web Authentication if IPSec is not enabled on the WLAN — Security Switch (2270). Web Authentication is simple to set up and use, and can be used with SSL to improve the overall security of the wireless LAN.
•
Use the show wlan command to see the current Web Authentication status.
•
Use the following command to configure Web Authentication for a WLAN:
>config wlan security web [enable/disable] <WLAN id>
where <WLAN id> = 1 through 16.
•
Use the show wlan command to verify that you have Web Authentication properly set.
Local Netuser
Note: WLANs are created in disabled mode; leave them disabled until you have finished configuring them.
WLAN — Security Switches (2270) have built-in network client authentication capability, similar to that provided by a
RADIUS authentication server.
•
Use the show netuser command to see if the WLAN — Security Switch (2270) has network client names
assigned to WLANs.
•
If required, use the following commands to assign a network client name and password to a particular WLAN,
delete a network client, assign a network client password, and assign a network client name to a WLAN
without a password:
>config netuser add <username> <password> <WLAN id>
>config netuser delete <username>
>config netuser password <username> <password>
>config netuser wlan-id <username> <WLAN id>
where <WLAN id> = 1 through 16.
•
Use the show netuser command to verify that you have net user names assigned to WLANs.
Quality of Service
Note: WLANs are created in disabled mode; leave them disabled until you have finished configuring them.
Nortel 2200 Series WLANs support four levels of QoS: Platinum/Voice, Gold/Video, Silver/Best Effort (default) and
Bronze/Background. Network administrators can choose to assign the voice traffic WLAN to use Platinum QoS, assign
the low-bandwidth WLAN to use Bronze QoS, and assign all other traffic between the remaining QoS levels.
•
Use the show wlan command to verify that you have QoS properly set for each WLAN.
320298-A Rev 00
Configuring Mobility Groups 135
•
If required, use the following command to configure QoS for each WLAN:
>config wlan qos <WLAN id> [bronze/silver/gold/platinum]
where <WLAN id> = 1 through 16.
•
Use the show wlan command to verify that you have QoS properly set for each WLAN.
Activating WLANs
After you have completely configured your WLAN settings, activate the WLAN using the config wlan enable
command.
Continue with “Configuring Mobility Groups on page 135”.
Configuring Mobility Groups
All Nortel WLAN — Wireless Security Switches (2270) that can communicate with each other through their Distribution System (network) ports can automatically discover each other and form themselves into groups. Once they are
grouped, the Nortel Management Software function maximizes its inter-WLAN Security Switch (2270) processing efficiency and mobility processing, described in “Client Roaming on page 33” in the Welcome to the Nortel 2200 Series
Product Guide.
WLAN Security Switch (2270) group discovery is automatically enabled when two or more members are assigned to the
same mobility group name. Note that this feature must be enabled on each WLAN Security Switch (2270) to be included
in the discovery process.
•
Use the show mobility summary command to verify the current WLAN Security Switch (2270)
mobility settings.
•
To give a Mobility Group a name, use the following command:
>config mobility group name <group_name>
where <group_name> = Any ASCII character string, up to 31 characters, case sensitive, with no spaces.
•
To manually add or delete members to a mobility group, use the following commands:
>config mobility group member add <mac-address> <IP addr>
>config mobility group member delete <mac-address> <IP addr>
where <mac-address> is the MAC address and where <IP addr> is the IP Address of the group member to be
added or deleted.
Use the show mobility summary commands to verify that the WLAN — Security Switch (2270) mobility is set
up correctly. Continue with “Configuring RADIUS on page 135”.
Configuring RADIUS
When your Nortel 2200 Series is to use an external RADIUS server for accounting and/or authentication, set up the links
using the following commands. If you are not configuring RADIUS links at this time, continue with “Configuring
SNMP on page 136”.
>config
>config
>config
>config
radius
radius
radius
radius
acct
acct
acct
acct
<address>
<port>
<secret>
[disable/enable]
Nortel 2200 Series Product Guide
136 Configuring SNMP
>config
>config
>config
>config
radius
radius
radius
radius
auth
auth
auth
auth
<address>
<port>
<secret>
[disable/enable]
where <address> = server name or IP Address, <port> = UDP port number, <secret> = the RADIUS server's
secret.
When you have completed these configurations, use the show radius acct statistics, show radius
auth statistics and show radius summary commands to verify that the RADIUS links are correctly
configured. Continue with “Configuring SNMP on page 136”.
Configuring SNMP
When your Nortel 2200 Series is to send SNMP protocol to the Nortel WLAN — Management System Software or any
other SNMP manager, configure the SNMP environment using the following commands. If you are not configuring
SNMP traps at this time, continue with “Configuring Other Ports and Parameters on page 136”.
>config
>config
>config
>config
>config
snmp
snmp
snmp
snmp
snmp
community
community
community
community
community
>config
>config
>config
>config
snmp
snmp
snmp
snmp
trapreceiver
trapreceiver
trapreceiver
trapreceiver
accessmode <ro/rw> <name>
create <name>
delete <name>
ipaddr <ipaddr> <ipmask> <name>
mode [enable/disable]
create <name> <ipaddr>
delete <name>
ipaddr <old ipaddr> <name> <new ipaddr>
mode [enable/disable]
>config snmp syscontact <syscontact name>
>config snmp syslocation <syslocation name>
where <ro/rw> = read only/read-write, <name> = SNMP community name, <ipaddr> = SNMP community IP
Address, <ipmask> = SNMP community IP mask, <old ipaddr> = old SNMP IP Address, <new ipaddr> = new
SNMP IP Address, <syscontact name> = system contact, up to 31 alphanumeric characters, <syslocation
name> = system location, up to 31 alphanumeric characters.
When you have completed these configurations, use the show snmpcommunity and show snmptrap commands
to verify that the SNMP traps and communities are correctly configured.
Also use the show trapflags command to see the enabled and disabled trapflags. If necessary, use the config
trapflags commands to enable and disable any or all trapflags.
Continue with “Configuring Other Ports and Parameters on page 136”.
Configuring Other Ports and Parameters
Use the following sections to configure the remaining WLAN — Security Switch (2270) ports and parameters:
•
“Service Port on page 137”
•
“Management Software on page 137”
•
“Serial (CLI Console) Port on page 137”
320298-A Rev 00
Adding SSL to the WLAN — Security Switch Web Interface 137
•
“802.3x Flow Control on page 137”
•
“System Logging on page 137”
Service Port
The Service port on the WLAN — Security Switch (2270) front panel can be configured with a separate IP Address,
subnet mask, and IP assignment protocol from the Distribution System (network) port. To display and configure the
Service port parameters, use the following commands:
>show serviceport
>config serviceport params
>config serviceport protocol
Management Software
The Operating System Management Software function automatically recognizes WLAN — Access Ports (223x) as they
appear in the air space, and when they are part of the same Nortel Mobility Group , automatically configures them for
optimal operation in their respective frequency bands.
Typically, you will not need to manually configure anything after enabling and/or disabling the 802.11a
and 802.11b/g networks as described in “Configuring System Parameters on page 120”. However, you may
want to fine-tune the network operation using the config 802.11a, config 802.11b, config
advanced 802.11a, config advanced 802.11b, config cell, and config load
balancing command sets.
Serial (CLI Console) Port
The WLAN — Security Switch (2270) front-panel serial port is set for a 9600 baud rate and a short timeout. If you
would like to change either of these values, use the config serial baudrate and config serial
timeout commands to make your changes. Note that if you enter config serial timeout 0, serial sessions
never time out.
802.3x Flow Control
802.3x Flow Control is normally disabled on the WLAN Security Switch (2270). If you would like to change either of
these settings, use the config switchconfig flowcontrol command.
System Logging
WLAN — Security Switches (2270) are shipped with the syslog function disabled. Use the show syslog command to
view the current syslog status, and if required, use the config syslog command to send a WLAN — Security
Switch (2270) log to a remote IP Address or hostname.
You have configured the basic parameters for a Nortel 2200 Series. Continue with “Using the Nortel 2200 Series CLI
on page 113”.
Adding SSL to the WLAN — Security Switch Web Interface
When you plan to secure the WLAN — Security Switch (2270) HTTP: WLAN — Security Switch Web Interface using
the https: (HTTP + SSL) protocol, note that the Operating System automatically generates its own local Web Administration SSL certificate and automatically applies it to the WLAN — Security Switch Web Interface. Verify whether the
locally-generated Web Administration certificate is already loaded:
Nortel 2200 Series Product Guide
138 Adding SSL to the WLAN — Security Switch Web Interface
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
Continue with either of the following two sections:
•
“Locally-Generated Certificate on page 145” or an
•
“Externally-Generated Certificate on page 146”.
Locally-Generated Certificate
If you desire to have the Operating System generate a new Web Administration SSL certificate, complete the following:
1.
In the CLI, enter:
>config certificate generate webadmin
Wait a few seconds, and the WLAN — Security Switch (2270) returns:
Web Administration certificate has been generated
2.
Verify that the Web Administration certificate is properly loaded:
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
3.
Enable Secure Web mode:
>config network secureweb enable
4.
Save the SSL certificate, key and secure web password in active working memory to NVRAM (non-volatile
RAM) so your changes are retained across reboots:
>save config
Are you sure you want to save? (y/n) y
Configuration Saved!
5.
Reboot the WLAN — Security Switch (2270):
>reset system
Are you sure you would like to reset the system? (y/n) y
System will now restart!
The WLAN — Security Switch (2270) completes the bootup process as described in Step 4: Connecting and
Using the CLI Console in the Nortel WLAN — Security Switch (2270) Quick Installation Guide Part #
216395-B on page 14.
6.
Ensure that operators using the WLAN — Security Switch Web Interface know that they may securely log
into the WLAN — Security Switch (2270) using “https://<WLAN — Security Switch (2270)_IPaddress>.
Refer to the “Transferring Files To and From an WLAN — Security Switch (2270) on page 141” section for other file
upload and download instructions.
320298-A Rev 00
Adding SSL to the WLAN — Security Switch Web Interface 139
Externally-Generated Certificate
Should you desire to use your own Web Administration SSL certificate, complete the following:
1.
Ensure you have a TFTP server available for the certificate download:
a.
If you are downloading through the Service port, the TFTP server MUST be on the same subnet as
the Service port, because the Service port is not routable.
b.
If you are downloading through the DS (Distribution System) network port, the TFTP server can be
on the same or a different subnet, because the DS port is routable.
Note: The TFTP server cannot run on the same computer as the Nortel WLAN — Management
System Software, because the WLAN — Management System Software and the TFTP server use
the same communication port.
CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from
512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you are
obtaining a new certificate from a Certificate Authority (such as the Microsoft CA), ENSURE the
RSA key embedded in the certificate is AT LEAST 768 Bits.
2.
Buy or create your own Web Administration SSL key and certificate. If not already done, use a password,
<private_key_password>, to encrypt the key and certificate in a .PEM encoded file. The PEM-encoded file is
called a Web Administration Certificate file (<webadmincert_name>.pem).
3.
Move the <webadmincert_name>.pem file to the default directory on your TFTP server.
4.
Refer to the “Using the Nortel 2200 Series CLI on page 113” section to connect and use the CLI.
5.
In the CLI, use the transfer download start command, and answer ‘n’ to the prompt, to view the
current download settings:
>transfer download start
Mode...........................................
Data Type......................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
TFTP
Admin Cert
xxx.xxx.xxx.xxx
<directory path>
Are you sure you want to start? (y/n) n
Transfer Canceled
6.
To change the download settings, use the following:
>transfer download mode tftp
>transfer download datatype webauthcert
>transfer download serverip <TFTP server IP address>
>transfer download path <absolute TFTP server path to the update file>
>transfer download filename <webadmincert_name>.pem
Note: Some TFTP servers require only a forward slash “/” as the <TFTP server IP
address>, and the TFTP server automatically determines the path to the correct directory.
Nortel 2200 Series Product Guide
140 Adding SSL to the WLAN — Security Switch Web Interface
7.
Enter the password for the .PEM file, so Operating System can decrypt the Web Administration SSL key and
certificate:
>transfer download certpassword <private_key_password>
>Setting password to <private_key_password>
8.
In the CLI, use the transfer download start command to view the updated settings, and answer ‘y’
to the prompt to confirm the current download settings and start the certificate and key download:
>transfer download start
Mode...........................................
Data Type......................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
TFTP
Site Cert
xxx.xxx.xxx.xxx
<directory path>
<webadmincert_name>
Are you sure you want to start? (y/n) y
TFTP Webadmin cert transfer starting.
Certificate installed.
Please restart the switch (reset system) to use the new certificate.
9.
Verify that the Web Administration certificate is properly loaded:
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
10.
Enable Secure Web mode:
>config network secureweb enable
11.
Save the SSL certificate, key and secure web password in active working memory to NVRAM (non-volatile
RAM) so your changes are retained across reboots:
>save config
Are you sure you want to save? (y/n) y
Configuration Saved!
12.
Reboot the WLAN — Security Switch (2270):
>reset system
Are you sure you would like to reset the system? (y/n) y
System will now restart!
The WLAN — Security Switch (2270) completes the bootup process as described in Step 4: Connecting and
Using the CLI Console in the WLAN — Security Switch (2270) Quick Installation Guide Part # 216395-B on
page 14.
13.
Ensure that operators using the WLAN — Security Switch Web Interface know that they may securely log
into the WLAN — Security Switch (2270) using “https://<WLAN — Security Switch (2270)_IPaddress>.
320298-A Rev 00
Transferring Files To and From an WLAN — Security Switch (2270) 141
Refer to the “Transferring Files To and From an WLAN — Security Switch (2270) on page 141” section for other file
upload and download instructions.
Transferring Files To and From an WLAN — Security Switch (2270)
WLAN — Security Switches (2270) have built-in utilities for uploading and downloading Operating System software,
certificate and configuration files. Refer to the following for additional information.
CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from
512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you are
obtaining a new certificate from a Certificate Authority (such as the Microsoft CA), ENSURE the
RSA key embedded in the certificate is AT LEAST 768 Bits.
Use the CLI transfer commands to perform these actions:
>transfer
>transfer
>transfer
>transfer
>transfer
>transfer
download
download
download
download
download
download
>transfer
>transfer
>transfer
>transfer
>transfer
>transfer
upload
upload
upload
upload
upload
upload
datatype
filename
mode
path
serverip
start
datatype
filename
mode
path
serverip
start
Continue with “Using the Nortel 2200 Series CLI on page 113”.
Updating the Operating System Software
When you plan to update the WLAN Security Switch (2270) (and WLAN — Access Port [223x]) Operating System
software, complete the following.
Note: You can start the Operating System software update using the Nortel WLAN — Security
Switch Web Interface, or Using Management over Wireless. However, in both cases, you will lose
your connection to the WLAN — Security Switch (2270) some time during the update process. For
this reason, Nortel strongly recommends that you use a direct CLI Console Port connection to update
the Operating System software.
Note: On the Nortel 2270 WLAN Controller, the TFTP server MUST be on the same subnet
because this switch does not have a service port.
1.
Ensure you have a TFTP server available for the Operating System software download.
a.
If you are downloading through the Service port, the TFTP server MUST be on the same subnet as
the Service port, because the Service port is not routable.
b.
If you are downloading through the DS (Distribution System) network port, the TFTP server can be
on the same or a different subnet, because the DS port is routable.
Nortel 2200 Series Product Guide
142 Updating the Operating System Software
Note: The TFTP server cannot run on the same computer as the Nortel WLAN — Management
System Software, because the WLAN — Management System Software and the TFTP server use
the same communication port.
2.
Download the desired Operating System software update file from the Nortel website to the default directory
on your TFTP server. The Operating System code update file is named NORTEL_4000_2_0_0_0_x_x for the
2270 WLAN — Security Switches (2270). Note that the Nortel 2200 Series can be updated or reverted
between the 2.0 and 2.2 Operating System releases.
3.
Refer to the “Using the Nortel 2200 Series CLI on page 113” section to connect and use the CLI.
4.
In the CLI, use the ping <IP Address> command to ensure the WLAN — Security Switch (2270) can
contact the TFTP server.
5.
In the CLI, use the transfer download start command, and answer ‘n’ to the prompt, to view the
current download settings:
>transfer download start
Mode........................................... TFTP
Data Type...................................... Code
TFTP Server IP................................. xxx.xxx.xxx.xxx
TFTP Path...................................... <directory path>
TFTP
Filename.................................. NORTEL_4000_2_0_0_0_x_x
Are you sure you want to start? (y/n) n
Transfer Canceled
>
6.
To change the download settings, use the following:
>transfer download mode tftp
>transfer download datatype code
>transfer download serverip <TFTP server IP address>
>transfer download filename NORTEL_4000_<release_number>.aes
>transfer download path <absolute TFTP server path to the update file>
Note: All TFTP servers require the full pathname. For example in Windows, C:\TFTP-Root. (In
UNIX forward slashes “/” are required.)
7.
In the CLI, use the transfer download start command to view the updated settings, and answer ‘y’
to the prompt to confirm the current download settings and start the Operating System code download:
>transfer download start
Mode........................................... TFTP
Data Type...................................... Code
TFTP Server IP................................. xxx.xxx.xxx.xxx
TFTP Path...................................... <directory path>
TFTP Filename..................................NORTEL_4000_2_0_0_0_x_x
320298-A Rev 00
Using the Startup Wizard 143
Are you sure you want to start? (y/n) y
TFTP Code transfer starting.
TFTP receive complete... extracting components.
Writing new bootloader to flash.
Making backup copy of RTOS.
Writing new RTOS to flash.
Making backup copy of Code.
Writing new Code to flash.
TFTP File transfer operation completed successfully.
Please restart the switch (reset system) for update to complete.
8.
The WLAN — Security Switch (2270) now has the code update in active volatile RAM, but you must save the
code update to non-volatile NVRAM and reboot the WLAN — Security Switch (2270):
>reset system
The system has unsaved changes.
Would you like to save them now? (y/n) y
The WLAN — Security Switch (2270) completes the bootup process as described in Step 5: Performing
Power On Self Test in the WLAN — Security Switch (2270) Quick Installation Guide Part # 216395-B.
Note: If you wish to run a previous version of the WLAN — Security Switch (2270) code, follow
the instructions in Step 4: Connecting and Using the CLI Console in the WLAN — Security Switch
(2270) Quick Installation Guide Part # 216395-B.
Refer to the “Transferring Files To and From an WLAN — Security Switch (2270) on page 141” section for other file
upload and download instructions.
Using the Startup Wizard
When a WLAN — Security Switch (2270) is powered up with a new factory Operating System software load or after
being reset to factory defaults, the bootup script runs the Startup Wizard , which prompts the installer for initial WLAN
— Security Switch (2270) configuration.
Note: To reset the WLAN — Security Switch (2270) to factory defaults and rerun the Startup
Wizard, refer to “Erasing the WLAN — Security Switch (2270) Configuration on page 152”.
Use the Startup Wizard to do the following:
1.
Enter the System (WLAN — Security Switch (2270)) Name, up to 32 printable ASCII characters.
2.
Enter the Administrative User Name and Password, each up to 24 printable ASCII characters. The default
Administrative User login and password are admin and admin, respectively.
Note: The Service-Port Interface and Management Interface must be on different subnets.
3.
Enter the Service-Port Interface IP configuration protocol (none, or DHCP). If you do not want to use the
Service port or if you want to assign a static IP Address to the Service port, enter none.
Nortel 2200 Series Product Guide
144 Adding SSL to the WLAN — Security Switch Web Interface
If you entered none, enter Service-Port Interface IP Address and netmask on the next two lines. If you do not
want to use the Service port, enter 0.0.0.0 for the IP Address and netmask.
4.
Enter the Management Interface IP Address, netmask, default router IP address, and optional VLAN identifier
(a valid VLAN identifier, or ‘0’ for untagged).
5.
Network Interface (Distribution System) Physical Port number:
* : 1 - 12 for front panel or 13 for GigE port
* : 1 - 24 for front panel or 25 for GigE port
* : 1 for the front panel GigE port
* 2270: 1 or 2 for the front panel GigE port
6.
Enter the IP address of the default DHCP Server that will supply IP Addresses to clients, the WLAN —
Security Switch (2270) Management Interface, and optionally to the Service Port Interface.
7.
Enter the LWAPP Transport Mode, LAYER2 or LAYER3 (refer to “Layer 2 and Layer 3 LWAPP Operation
on page 30”).
8.
Enter the Virtual Gateway IP Address; any fictitious, unassigned IP address (such as 1.1.1.1) to be used by
Layer 3 Security and Mobility managers.
9.
Enter the Nortel Mobility Group (RF Group) Name.
10.
Enter the WLAN 1 SSID, or Network Name. This is the default SSID that the WLAN — Access Ports (223x)
and Nortel WLAN — Access Ports (223x), or WLAN — Access Ports (223x), broadcast when they associate
with the WLAN — Security Switch (2270).
11.
Allow or disallow Static IP Addresses for clients. (Yes = clients can supply their own IP Address. No = clients
must request an IP Address from a DHCP server.)
12.
If you are configuring a RADIUS Server now, enter YES, and the RADIUS Server IP Address, communication port, and Secret. Otherwise, enter NO.
13.
Enter the Country Code for this installation. Type ‘help’ to list the supported countries, and refer to “Configuring the WLAN — Security Switch (2270) on page 118” and “Nortel 2200 Series Supported Regulatory
Domains on page 259”.
14.
Independently enable and/or disable the 802.11b, 802.11a, and 802.11g WLAN — Access Port (223x)
networks.
15.
Enable or disable the Management Software (Auto RF).
16.
The WLAN — Security Switch (2270) saves your configuration, reboots with your changes, and prompts you
to log in or enter ‘Recover-Config’ to reset the WLAN — Security Switch (2270) to factory default configuration and return to the Startup Wizard.
Continue with “Using the Nortel 2200 Series CLI on page 113”.
Adding SSL to the WLAN — Security Switch Web Interface
When you plan to secure the WLAN — Security Switch (2270) HTTP: WLAN — Security Switch Web Interface using
the https: (HTTP + SSL) protocol, note that the Operating System automatically generates its own local Web Adminis-
320298-A Rev 00
Adding SSL to the WLAN — Security Switch Web Interface 145
tration SSL certificate and automatically applies it to the WLAN — Security Switch Web Interface. Verify whether the
locally-generated Web Administration certificate is already loaded:
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
Continue with either of the following two sections:
•
“Locally-Generated Certificate on page 145” or an
•
“Externally-Generated Certificate on page 146”.
Locally-Generated Certificate
If you desire to have the Operating System generate a new Web Administration SSL certificate, complete the following:
1.
In the CLI, enter:
>config certificate generate webadmin
Wait a few seconds, and the WLAN — Security Switch (2270) returns:
Web Administration certificate has been generated
2.
Verify that the Web Administration certificate is properly loaded:
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
3.
Enable Secure Web mode:
>config network secureweb enable
4.
Save the SSL certificate, key and secure web password in active working memory to NVRAM (non-volatile
RAM) so your changes are retained across reboots:
>save config
Are you sure you want to save? (y/n) y
Configuration Saved!
5.
Reboot the WLAN — Security Switch (2270):
>reset system
Are you sure you would like to reset the system? (y/n) y
System will now restart!
The WLAN — Security Switch (2270) completes the bootup process as described in Step 4: Connecting and
Using the CLI Console in the Nortel WLAN — Security Switch (2270) Quick Installation Guide Part #
216395-B.
6.
Ensure that operators using the WLAN — Security Switch Web Interface know that they may securely log
into the WLAN — Security Switch (2270) using “https://<WLAN — Security Switch (2270)_IPaddress>.
Nortel 2200 Series Product Guide
146 Adding SSL to the WLAN — Security Switch Web Interface
Refer to the “Transferring Files To and From an WLAN — Security Switch (2270) on page 141” section for other file
upload and download instructions.
Externally-Generated Certificate
If you desire to use your own Web Administration SSL certificate, complete the following:
1.
Ensure you have a TFTP server available for the certificate download:
a.
If you are downloading through the Service port, the TFTP server MUST be on the same subnet as
the Service port, because the Service port is not routable.
b.
If you are downloading through the DS (Distribution System) network port, the TFTP server can be
on the same or a different subnet, because the DS port is routable.
Note: The TFTP server cannot run on the same computer as the Nortel WLAN — Management
System Software, because the WLAN — Management System Software and the TFTP server use the
same communication port.
CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from
512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you are
obtaining a new certificate from a Certificate Authority (such as the Microsoft CA), ENSURE the
RSA key embedded in the certificate is AT LEAST 768 Bits.
2.
Buy or create your own Web Administration SSL key and certificate. If not already done, use a password,
<private_key_password>, to encrypt the key and certificate in a .PEM encoded file. The PEM-encoded file is
called a Web Administration Certificate file (<webadmincert_name>.pem).
3.
Move the <webadmincert_name>.pem file to the default directory on your TFTP server.
4.
Refer to the “Using the Nortel 2200 Series CLI on page 113” section to connect and use the CLI.
5.
In the CLI, use the transfer download start command, and answer ‘n’ to the prompt, to view the
current download settings:
>transfer download start
Mode...........................................
Data Type......................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
TFTP
Admin Cert
xxx.xxx.xxx.xxx
<directory path>
Are you sure you want to start? (y/n) n
Transfer Canceled
6.
To change the download settings, use the following:
>transfer download mode tftp
>transfer download datatype webauthcert
>transfer download serverip <TFTP server IP address>
>transfer download path <absolute TFTP server path to the update file>
>transfer download filename <webadmincert_name>.pem
320298-A Rev 00
Adding SSL to the WLAN — Security Switch Web Interface 147
Note: Some TFTP servers require only a forward slash “/” as the <TFTP server IP address>,
and the TFTP server automatically determines the path to the correct directory.
7.
Enter the password for the .PEM file, so Operating System can decrypt the Web Administration SSL key and
certificate:
>transfer download certpassword <private_key_password>
>Setting password to <private_key_password>
8.
In the CLI, use the transfer download start command to view the updated settings, and answer ‘y’
to the prompt to confirm the current download settings and start the certificate and key download:
>transfer download start
Mode...........................................
Data Type......................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
TFTP
Site Cert
xxx.xxx.xxx.xxx
<directory path>
<webadmincert_name>
Are you sure you want to start? (y/n) y
TFTP Webadmin cert transfer starting.
Certificate installed.
Please restart the switch (reset system) to use the new certificate.
9.
Verify that the Web Administration certificate is properly loaded:
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
10.
Enable Secure Web mode:
>config network secureweb enable
11.
Save the SSL certificate, key and secure web password in active working memory to NVRAM (non-volatile
RAM) so your changes are retained across reboots:
>save config
Are you sure you want to save? (y/n) y
Configuration Saved!
12.
Reboot the WLAN — Security Switch (2270):
>reset system
Are you sure you would like to reset the system? (y/n) y
System will now restart!
The WLAN — Security Switch (2270) completes the bootup process as described in Step 4: Connecting and
Using the CLI Console in the Nortel WLAN — Security Switch (2270) Quick Installation Guide Part #
216395-B.
Nortel 2200 Series Product Guide
148 Adding SSL to the 802.11 Interface
13.
Ensure that operators using the WLAN — Security Switch Web Interface know that they may securely log
into the WLAN — Security Switch (2270) using “https://<WLAN — Security Switch (2270)_IPaddress>.
Refer to the “Transferring Files To and From an WLAN — Security Switch (2270) on page 141” section for other file
upload and download instructions.
Adding SSL to the 802.11 Interface
When you plan to use a Web Authorization (WebAuth) certificate to secure the WLAN — Security Switch (2270) to
associate new clients, note that the Operating System automatically generates its own local Web Authentication SSL
certificate and automatically applies the certificate to the 802.11 Interface. Verify whether the locally-generated Web
Authentication certificate is already loaded:
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
Continue with one of the following two sections to add a “Locally-Generated Certificate on page 148” or an “Externally-Generated Certificate on page 149”.
Locally-Generated Certificate
If you desire to have the Operating System generate another Web Authentication SSL certificate, complete the
following:
1.
In the CLI, enter:
>config certificate generate webauth
2.
Wait a few seconds, and the WLAN — Security Switch (2270) returns:
Web Authentication certificate has been generated
3.
Verify that the Web Administration certificate is properly loaded:
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
4.
Save the SSL certificate, key and secure web password in active working memory to NVRAM (non-volatile
RAM) so your changes are retained across reboots:
>save config
Are you sure you want to save? (y/n) y
Configuration Saved!
5.
Reboot the WLAN — Security Switch (2270):
>reset system
Are you sure you would like to reset the system? (y/n) y
System will now restart!
320298-A Rev 00
Adding SSL to the 802.11 Interface 149
The WLAN — Security Switch (2270) completes the bootup process as described inStep 4: Connecting and
Using the CLI Console in the Nortel WLAN — Security Switch (2270) Quick Installation Guide Part #
216395-B.
6.
Ensure that client operators know that they may securely associate with the Nortel 2200 Series.
Refer to the “Transferring Files To and From an WLAN — Security Switch (2270) on page 141” section for other file
upload and download instructions.
Externally-Generated Certificate
If you desire to use your own WebAuth SSL certificates, complete the following:
1.
Ensure you have a TFTP server available for the Operating System software download:
a.
If you are downloading through the Service port, the TFTP server MUST be on the same subnet as
the Service port, because the Service port is not routable.
b.
If you are downloading through the DS (Distribution System) network port, the TFTP server can be
on the same or a different subnet, because the DS port is routable.
Note: The TFTP server cannot run on the same computer as theNortel WLAN — Management
System Software, because the WLAN — Management System Software and the TFTP server use
the same communication port.
CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from
512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you are
obtaining a new certificate from a Certificate Authority (such as the Microsoft CA), ENSURE the
RSA key embedded in the certificate is AT LEAST 768 Bits.
2.
Buy or create your own WebAuth SSL key and certificate. If not already done, encode the key and certificate,
virtual gateway IP Address, and a password, <private_key_password>, in a .PEM formatted file. The
PEM-encoded file is called a WebAuth Site Certificate file (<webauthcert_name>.pem).
3.
Move the <webadmincert_name>.pem file to the default directory on your TFTP server.
4.
Refer to the “Using the Nortel 2200 Series CLI on page 113” section to connect and use the CLI.
5.
In the CLI, use the transfer download start command, and answer ‘n’ to the prompt, to view the
current download settings:
>transfer download start
Mode...........................................
Data Type......................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
TFTP
Site Cert
xxx.xxx.xxx.xxx
<directory path>
Are you sure you want to start? (y/n) n
Transfer Canceled
6.
To change the download settings, use the following:
>transfer download mode tftp
Nortel 2200 Series Product Guide
150 Adding SSL to the 802.11 Interface
>transfer download datatype webauthcert
>transfer download serverip <TFTP server IP address>
>transfer download path <absolute TFTP server path to the update file>
>transfer download filename <webauthcert_name>.pem
Note: Some TFTP servers require only a forward slash “/” as the <TFTP server IP address>,
and the TFTP server automatically determines the path to the correct directory.
7.
Enter the password included in the .PEM file, so the Operating System can decode the Web Administration
SSL key and certificate:
>transfer download certpassword <private_key_password>
>Setting password to <private_key_password>
8.
In the CLI, use the transfer download start command to view the updated settings, and answer ‘y’
to the prompt to confirm the current download settings and start the certificate and key download:
>transfer download start
Mode...........................................
Data Type......................................
TFTP Server IP.................................
TFTP Path......................................
TFTP Filename..................................
TFTP
Site Cert
xxx.xxx.xxx.xxx
<directory path>
<webauthcert_name>
Are you sure you want to start? (y/n) y
TFTP Webauth cert transfer starting.
TFTP receive complete... Installing Certificate.
Certificate installed.
Please restart the switch (reset system) to use new certificate.
9.
Verify that the Web Administration certificate is properly loaded:
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
10.
Save the SSL certificate, key and secure web password in active working memory to NVRAM (non-volatile
RAM) so your changes are retained across reboots:
>save config
Are you sure you want to save? (y/n) y
Configuration Saved!
11.
Reboot the WLAN — Security Switch (2270):
>reset system
Are you sure you would like to reset the system? (y/n) y
System will now restart!
320298-A Rev 00
Saving Configurations 151
The WLAN — Security Switch (2270) completes the bootup process as described in Step 4: Connecting and
Using the CLI Console in the Nortel WLAN — Security Switch (2270) Quick Installation Guide Part #
216395-B.
12.
Ensure that client operators know that they may securely associate with the Nortel 2200 Series.
Refer to the “Transferring Files To and From an WLAN — Security Switch (2270) on page 141” section for other file
upload and download instructions.
Saving Configurations
As described in “WLAN — Security Switch (2270) Memory on page 53” , the Nortel WLAN — Wireless Security
Switches (2270) contain two kinds of memory: volatile RAM and NVRAM. At any time, you can save the configuration
changes from active volatile RAM to non-volatile RAM (NVRAM) using one of three commands:
1.
Use the save config command as detailed below.
2.
Use the reset system command, described in “Resetting the WLAN — Security Switch (2270) on
page 152”, which will ask you whether you would like to save configuration changes before the system
reboots.
3.
Use the logout command, described in “Logging Out of the CLI on page 116”, which asks you whether
you would like to save configuration changes before logging out.
4.
To save the configurations without resetting the WLAN — Security Switch (2270) or logging out of the CLI,
type:
>save config
Are you sure you want to save? (y/n)
Enter ‘y’ to save the current configurations from volatile RAM to non-volatile RAM (NVRAM).
5.
You can now continue using the system, log out, or reboot knowing that the WLAN — Security Switch (2270)
will come up in the same configuration after reboot.
Continue with “Using the Nortel 2200 Series CLI on page 113”.
Clearing Configurations
As described in “WLAN — Security Switch (2270) Memory on page 53”, the WLAN Security Switch (2270) contain
two kinds of memory: volatile RAM and NVRAM. To clear the active configuration in the non-volatile RAM, complete
the following.
1.
To clear the WLAN — Security Switch (2270) configuration from non-volatile RAM, use the clear config command:
>clear config
Are you sure you want to clear the configuration? (y/n)
Enter ‘y’ to clear the current configurations from non-volatile RAM.
2.
After clearing the WLAN — Security Switch (2270) configuration in NVRAM, perform a “Reboot without
Save”:
>reset system
The system has unsaved changes.
Would you like to save them now? (y/n)
Nortel 2200 Series Product Guide
152 Erasing the WLAN — Security Switch (2270) Configuration
Enter “n” to reset the WLAN — Security Switch (2270) without saving any outstanding configuration
changes from volatile RAM to non-volatile RAM.
3.
When the WLAN — Security Switch (2270) reboots, the Operating System displays the Startup Wizard.
Continue with “Using the Nortel 2200 Series CLI on page 113”.
Erasing the WLAN — Security Switch (2270) Configuration
The Wireless LAN operator may wish to move a WLAN — Security Switch (2270) to a different location and reconfigure it.
If the moved WLAN — Security Switch (2270) uses the same or nearly the same configuration, use the Nortel WLAN
— Management System Software, Nortel WLAN — Security Switch Web Interface, or Command Line Interface to
reconfigure individual WLAN — Security Switch (2270) parameters.
If the moved WLAN — Security Switch (2270) uses a significantly different configuration, erase the WLAN — Security
Switch (2270) configuration using the following procedure.
1.
Enter the reset system command. The reset script prompts you if there are any unsaved changes. Enter
‘y’ to save changes from active volatile RAM to NVRAM before rebooting the WLAN — Security Switch
(2270). The WLAN — Security Switch (2270) reboots.
2.
When you are prompted for a User Name, enter recover-config to restore the factory default configurations. The WLAN — Security Switch (2270) reboots and displays the Welcome to the Nortel
Wizard Configuration Tool message.
3.
Enter the initial configuration of the WLAN — Security Switch (2270) as described in “Using the Startup
Wizard on page 143”.
Continue with “Using the Nortel 2200 Series CLI on page 113”.
Resetting the WLAN — Security Switch (2270)
After you have installed and configured an WLAN — Security Switch (2270), you can reset the WLAN — Security
Switch (2270) and view the reboot process on the CLI Console using one of the following two methods:
1.
Unplug the WLAN — Security Switch (2270) from its power source.
2.
Enter the reset system command. The reset script prompts you if there are any unsaved changes. Enter
‘y’ to save changes from active volatile RAM to NVRAM (non-volatile RAM) before rebooting the WLAN
— Security Switch (2270).
Note: If you have already cleared the active volatile RAM as described in “Clearing Configurations on
page 151”, entering ‘n’ in response to this prompt prevents the volatile RAM to NVRAM (non-volatile
RAM) from overwriting the cleared configuration in NVRAM. In this case you will be directed to the
“Startup Wizard on page 52”.
When the WLAN — Security Switch (2270) reboots, the CLI Console displays the following reboot information:
3.
Initializing the system.
4.
Verifying the hardware configuration.
5.
Loading microcode into memory.
320298-A Rev 00
Resetting the WLAN — Security Switch (2270) 153
6.
Verifying the Operating System software load.
7.
Initializing with its stored configurations.
8.
Displaying the login prompt.
You have seen the boot process on the CLI Console. Either unplug your serial connection, or enter a valid login and
password to reenter the CLI.
Continue with “Using the Nortel 2200 Series CLI on page 113”.
Nortel 2200 Series Product Guide
154 Using the Nortel WLAN — Management System Software
Using the Nortel WLAN — Management System Software
Refer to the following to start, stop, use, and manage WLAN — Management System Software.
•
•
•
•
“Starting WLAN — Management System Software as a Windows Application on page 155”
-
“Starting WLAN — Management System Software as a Windows Application on page 155”
-
“Starting WLAN — Management System Software as a Windows Service on page 156”
-
“Stopping the WLAN — Management System Software Windows Application on page 157”
-
“Stopping the WLAN — Management System Software Windows Service on page 158”
-
“Checking the WLAN — Management System Software Windows Service Status on page 158”
“Starting and Stopping the WLAN — Management System Web Interface on page 160”
-
“Starting a WMS Web Interface on page 160”
-
“Stopping a WMS Web Interface on page 161”
“Using WMS on page 163”
-
“Checking the Nortel 2200 Series Network Summary on page 163”
-
“Adding a WLAN — Security Switch (2270) to WLAN — Management System on page 165”
-
“Creating an RF Calibration Model on page 169”
-
“Adding a Campus Map to the WLAN — Management System Database on page 169”
-
“Adding a Building to a Campus on page 172”
-
“Adding a Standalone Building to the WLAN — Management System Database on page 177”
-
“Adding an Outdoor Area to a Campus on page 179”
-
“Adding Floor Plans to a Campus Building on page 183”
-
“Adding Floor Plans to a Standalone Building on page 190”
-
“Adding APs to Floor Plan and Outdoor Area Maps on page 195”
-
“Monitoring Predicted Coverage (RSSI) on page 202”
-
“Monitoring Channels on Floor Map on page 203”
-
“Monitoring Transmit Power Levels on a Floor Map on page 204”
-
“Monitoring Coverage Holes on a Floor Map on page 204”
-
“Monitoring Users on a Floor Map on page 204”
-
“Monitoring Clients From a Floor Map on page 205”
“Troubleshooting with WLAN — Management System Software on page 205”
-
“Checking the Nortel 2200 Series Network Summary on page 163”
-
“Viewing Current WLAN — Security Switch (2270) Status and Configurations on page 214”
-
“Viewing WLAN — Management System Statistics Reports on page 214”
-
“Detecting and Locating Rogue Access Points on page 206”
-
“Acknowledging Rogue APs on page 211”
-
“Locating Clients on page 211”
320298-A Rev 00
Starting WLAN — Management System Software as a Windows Application 155
-
“Finding Coverage Holes on page 213”
-
“Pinging a Network Device from a WLAN — Security Switch (2270) on page 214”
•
“Updating the Operating System Software from WLAN — Management System on page 215”
•
“Installing WLAN — Management System Software on page 217”
-
“Installing WLAN — Management System Software on page 217”
-
“Updating the Windows WLAN — Management System Software on page 217”
-
“Reinitializing the Windows WLAN — Management System Software Database on page 219”
•
“Starting WLAN — Management System Software as a Windows Application on page 155”
•
“Starting WLAN — Management System Software as a Windows Service on page 156”
•
“Stopping the WLAN — Management System Software Windows Application on page 157”
•
“Stopping the WLAN — Management System Software Windows Service on page 158”
•
“Checking the WLAN — Management System Software Windows Service Status on page 158”
Starting WLAN — Management System Software as a Windows Application
When the WLAN — Management System Software has been installed as an application, you can start the WLAN —
Management System Software application at any time.
1.
From the Windows START button, select the Programs menu, and click Nortel WLAN — Management
System 2.2/Start WLAN — Management System Server.
The start WLAN — Management System Software script opens a Start WLAN — Management System
Server DOS window, which displays many Created table and Process: Started messages.
2.
When the Start WLAN — Management System Server window displays Please connect your
client (WMS Web Interface) to the web server on port 80, the WLAN — Management
System Software has started and is ready to host WMS Web Interfaces.
Nortel 2200 Series Product Guide
156 Starting WLAN — Management System Software as a Windows Service
CAUTION: The WLAN — Management System Software may display Start WLAN —
Management System Server, Solid Database, and Apache windows, which you can
minimize. DO NOT CLOSE any of these windows, or you can abnormally halt the WLAN —
Management System Software. When you plan to shut down the WLAN — Management System
Software, refer to “Stopping the WLAN — Management System Software Windows Application
on page 157” or “Stopping the WLAN — Management System Software Windows Service on
page 158”.
If desired, continue with “Starting and Stopping the WLAN — Management System Web Interface on page 160”.
Starting WLAN — Management System Software as a Windows Service
When the WLAN — Management System Software has been installed as a service, you can start the WLAN — Management System Software service at any time.
1.
From the Windows START button, select the Programs menu, and select Nortel WLAN — Management
System 2.2/Start WLAN — Management System Service.
2.
The start WLAN — Management System Software script opens a Start WLAN — Management System
Service DOS window, which displays the following messages:
The Nms Server service is starting. .
(in the background)
The Nms Server service was started successfully.
Launching Server Status Window
3.
The Start WLAN — Management System Service window displays the WLAN — Management
System Server Status window. You can close the Start WLAN — Management System Service
DOS window, and view the current WLAN — Management System Software Service status in the WLAN —
Management System Server Status window. When the Start WLAN — Management System
Service window displays the WLAN — Management System Software is Up message, the WLAN
— Management System Software service has started and is ready to host WMS Web Interfaces.
320298-A Rev 00
Stopping the WLAN — Management System Software Windows Application 157
4.
Note that the WLAN — Management System Server Status window is updated about every five
seconds. When the WLAN — Management System Server Status window displays the WLAN —
Management System Software is Up message, the WLAN — Management System Software
service is ready to host WMS Web Interfaces.
Note: You can close the WLAN — Management System Server Status window at any time,
if you wish. When you want to view the current WLAN — Management System Software status,
from the Windows START button, select the Programs menu, and select Nortel WLAN —
Management System 2.2/Check Server Status to view the WLAN — Management
System Server Status window again.
If desired, continue with “Starting a WMS Web Interface on page 160” or “Using the Nortel WLAN — Management
System Software on page 154” in the “Welcome to the Nortel 2200 Series Product Guide on page 19”.
Stopping the WLAN — Management System Software Windows Application
You can stop the WLAN — Management System Software application at any time.
Note: If there are any WMS Web Interfaces logged in when you stop the WLAN — Management
System Software, the WMS Web Interface sessions will stop functioning.
1.
From the Windows START button, select the Programs menu, and select Nortel WLAN — Management
System 2.2/Stop WLAN — Management System Server.
Nortel 2200 Series Product Guide
158 Stopping the WLAN — Management System Software Windows Service
The stop WLAN — Management System Software script opens a Stop WLAN — Management System
Server DOS window, which displays the Shutdown Web NMS Server window.
2.
The Stop WLAN — Management System Server window displays the Press any key to
continue prompt.
3.
Press any key to complete the stop WLAN — Management System Software script.
You have shut down the WLAN — Management System Software application. If desired, continue with the “Welcome
to the Nortel 2200 Series Product Guide on page 19”.
Stopping the WLAN — Management System Software Windows Service
You can stop the WLAN — Management System Software service at any time.
Note: If there are any WMS Web Interfaces logged in when you stop the WLAN — Management
System Software, the WMS Web Interface sessions will stop functioning.
1.
From the Windows START button, select the Programs menu, and select Nortel WLAN — Management
System 2.2/Stop WLAN — Management System Service.
2.
The stop WLAN — Management System Software script opens a Stop WLAN — Management System
Service DOS window and halts the WLAN — Management System Software service.
You have shut down the WLAN — Management System Software service. If desired, continue with the “Welcome to
the Nortel 2200 Series Product Guide on page 19”.
Checking the WLAN — Management System Software Windows Service Status
When WLAN — Management System Software is installed as a Service, it runs in the background. That is, it has no
windows open, so you cannot directly view its current status. To allow you to check the WLAN — Management System
Software Service status, Nortel has provided a convenient WLAN — Management System Software Status utility.
1.
To activate the WLAN — Management System Software Status utility, from the Windows START button,
select the Programs menu, and select Nortel WLAN — Management System Software 2.2/Check
Server Status.
The Check Server Status script launches the Start WLAN — Management System Service DOS
window, which in turn launches the WLAN — Management System Server Status window.
320298-A Rev 00
Checking the WLAN — Management System Software Windows Service Status 159
When the WLAN — Management System Software Service is active, the WLAN — Management System
Server Status window reports that the WLAN — Management System Software is Up. When the
WLAN — Management System Software Service is inactive, the WLAN — Management System Server
Status window reports that the WLAN — Management System Software is down. Checking
if database has started ...
2.
You can close the Start WLAN — Management System Service DOS window and the WLAN —
Management System Server Status window at any time.
You have viewed the WLAN — Management System Software service status. If desired, continue with the “Welcome
to the Nortel 2200 Series Product Guide on page 19”.
Nortel 2200 Series Product Guide
160 Starting and Stopping the WLAN — Management System Web Interface
Starting and Stopping the WLAN — Management System Web
Interface
Starting a WMS Web Interface
This WLAN — Management System interface is used by WLAN — Management System operators as described in
“WMS Web Interface on page 76”.
1.
If not already done, start the WLAN — Management System Software as described in “Starting WLAN —
Management System Software as a Windows Application on page 155”.
2.
Launch an Internet Explorer 6.0 (or other Web Browser).
Note: Some documented features may not function properly if you choose to use any Web Browser
other than Internet Explorer 6.0 on a Windows workstation.
https://<localhost|WLAN — Management System Software IP Address>
--or-http://<localhost|WLAN — Management System Software IP Address>
where https:// is a secure (http + Secure Sockets Layer) login, to which the WLAN — Management
System Software usually returns a Security Alert message before continuing, and http:// is an unsecure
login, and where localhost is used when the WMS Web Interface is on the WLAN — Management
System Server, and where WLAN — Management System Software IP Address is the IP Address
of the WLAN — Management System Software on any other workstation.
Examples: http://localhost or https://176.89.43.44.
The WMS Web Interface displays the WLAN — Management System Login page.
3.
In the WLAN — Management System Login page, enter the following:
a.
User Name: Your username (default root).
320298-A Rev 00
Stopping a WMS Web Interface 161
b.
4.
Password: Your password (default public).
When you have made these entries in the WLAN — Management System Login page, click Submit.
The WMS Web Interface is now active and available for your use, and displays the Network Summary (Network Dashboard) similar to the following figure, which provides a summary of the Nortel 2200 Series, including reported coverage
holes, WLAN — Access Port (223x) operational data, most recent detected rogue APs, and client distribution over time.
Continue with “Using the Nortel WLAN — Management System Software on page 154” or “Stopping a WMS Web
Interface on page 161”.
Stopping a WMS Web Interface
This section includes the following topics:
•
“Manually Stopping the WMS Web Interface on page 161”
•
“WLAN — Management System Software Shutdown Stopping the WMS Web Interface on page 162”
Manually Stopping the WMS Web Interface
When you are finished working in the WMS Web Interface application, exit the WMS Web Interface application page
by clicking Logout in the upper right corner of the WMS Web Interface page. The WMS Web Interface displays the
WLAN — Management System Login page.
Note that you can return to the previous cached screen in the Web Browser. However, if you attempt to access any of the
parameters in that screen, you are returned to the WLAN — Management System Login page.
Alternatively, you can shut down the Web Browser.
The WMS Web Interface window shuts down, leaving the WLAN — Management System Software running. If desired,
continue with the “Welcome to the Nortel 2200 Series Product Guide on page 19”.
Nortel 2200 Series Product Guide
162 Stopping a WMS Web Interface
WLAN — Management System Software Shutdown Stopping the WMS Web Interface
Occasionally, the system administrator may stop the WLAN — Management System Software while a WMS Web
Interface is logged in. If this happens, the Web Browser displays a The page cannot be displayed message.
Note: When the WMS Web Interface has been stopped by a WMS Server shutdown, it does not
reassociate with the WLAN — Management System Software when the WLAN — Management
System Server restarts. You must restart the WMS Web Interface as described in “Starting a WMS
Web Interface on page 160”.
320298-A Rev 00
Using WMS 163
Using WMS
•
“Checking the Nortel 2200 Series Network Summary on page 163”
•
“Adding a WLAN — Security Switch (2270) to WLAN — Management System on page 165”
•
“Creating an RF Calibration Model on page 169”
•
“Adding a Campus Map to the WLAN — Management System Database on page 169”
•
“Adding a Building to a Campus on page 172”
•
“Adding a Standalone Building to the WLAN — Management System Database on page 177”
•
“Adding an Outdoor Area to a Campus on page 179”
•
“Adding Floor Plans to a Campus Building on page 183”
•
“Adding Floor Plans to a Standalone Building on page 190”
•
“Adding APs to Floor Plan and Outdoor Area Maps on page 195”
•
“Monitoring Predicted Coverage (RSSI) on page 202”
•
“Monitoring Channels on Floor Map on page 203”
•
“Monitoring Transmit Power Levels on a Floor Map on page 204”
•
“Monitoring Coverage Holes on a Floor Map on page 204”
•
“Monitoring Users on a Floor Map on page 204”
•
“Monitoring Clients From a Floor Map on page 205”
Checking the Nortel 2200 Series Network Summary
When you use WLAN — Management System for the first time, the Network Summary page shows that the Coverage
Areas, Most Recent Rogue APs, Top Five WLAN — Access Ports (223x), and the Most Recent Coverage Holes
database is empty, as shown in the following figure. The following figure also shows that there are no Clients connected
to the Nortel 2200 Series at this time.
Nortel 2200 Series Product Guide
164 Checking the Nortel 2200 Series Network Summary
Figure - 1: Network Summary for Unconfigured WLAN — Management System Software Database
After you have configured the WLAN — Management System database with one or more WLAN — Security Switches
(2270), the Network Summary page shows that the Coverage Areas, Most Recent Rogue APs, the Top Five WLAN —
Access Ports (223x), and the Top Five Coverage Holes databases are updated, as shown in the following figure. The
following figure also shows that there has been one Client connected to the Nortel 2200 Series over the last 24 hours.
320298-A Rev 00
Adding a WLAN — Security Switch (2270) to WLAN — Management System 165
Figure - 2: Network Summary for Configured WLAN — Management System Software Database
Adding a WLAN — Security Switch (2270) to WLAN — Management System
When you know the IP Address of a WLAN — Security Switch (2270) Service Port or a WLAN — Security Switch
(2270) name, perform the following steps to add the WLAN — Security Switch (2270) to the WLAN — Management
System Software database.
Note: Nortel recommends that you manage the 2270 WLAN — Security Switches (2270) through
the dedicated front-panel Service Port for improved security. When you are managing a 2270
WLAN — Security Switch (2270) that has its Service port disabled, you must manage the WLAN
— Security Switch (2270) through its Management Interface.
Nortel 2200 Series Product Guide
166 Adding a WLAN — Security Switch (2270) to WLAN — Management System
1.
Select Configure/Switches to have WLAN — Management System display the All Switches page.
Figure - 3: Configuration - Adding All Switches
2.
In the Button Area, select Add Switch.
Figure - 4: Selecting Add Switch
320298-A Rev 00
Adding a WLAN — Security Switch (2270) to WLAN — Management System 167
3.
Click GO to have the WMS Web Interface display the Add Switch page.
Figure - 5: Adding the Switch
4.
Enter the WLAN — Security Switch (2270) IP Address, Network Mask, and required SNMP settings in the
Add Switch data entry fields.
Note: Nortel recommends that you manage each WLAN Security Switch (2270) through the
dedicated front-panel Service Port for highest security. If any WLAN — Security Switch (2270) has
its Service ports disabled, you will manage the WLAN — Security Switch (2270) through its
Management Interface.
Nortel 2200 Series Product Guide
168 Adding a WLAN — Security Switch (2270) to WLAN — Management System
Note: WLAN — Security Switches (2270) are factory-configured with SNMP Version 2C enabled, which
is the most secure and slowest version. After you have logged into the WLAN — Security Switch (2270),
you can change the SNMP parameters and re-add the WLAN — Security Switch (2270) to the WLAN —
Management System Software database.
5.
Click OK, and the WMS Web Interface displays the Please wait. . . dialog screen while it contacts the
WLAN — Security Switch (2270), adds the current WLAN — Security Switch (2270) configuration to the
WLAN — Management System Software database, and then returns you to the Add Switch page.
Figure - 6: Switch Discovery
Note: If WLAN — Management System Software does not find an WLAN — Security Switch
(2270) at the selected IP Address, the Discovery Status page displays a No response from
device, check SNMP. . . message. Either the Service Port IP Address is set incorrectly
(refer to “Configuring Other Ports and Parameters on page 136”), or WLAN — Management
System Software was unable to contact the WLAN — Security Switch (2270) (ensure that you can
ping the WLAN — Security Switch (2270) from the WLAN — Management System Server and
retry), or the device has different SNMP settings (verify that the SNMP settings match and retry).
320298-A Rev 00
Creating an RF Calibration Model 169
6.
You may now add additional WLAN — Security Switches (2270) in the Add Switch page, or click the
Configure Tab to have the WMS Web Interface display the All Switches page.
Figure - 7: Displaying All Switches
You have added WLAN Security Switches (2270) to the WLAN — Management System Software database. Continue
“Using the Nortel WLAN — Management System Software on page 154”.
Creating an RF Calibration Model
When you are using Nortel WLAN — Management System Location Software and want to improve client and rogue AP
location accuracy across one or more floors, you can create an RF Calibration Model that uses manually-collected RF
measurements to calibrate the location algorithm.
When you have multiple floors in a building with the same physical layout as the calibrated floor, you can save time calibrating the remaining floors by applying the same RF Calibration Model to the remaining floors.
Follow the RF Calibration procedures included in the WLAN — Management System Web Interface Online Help to
create an RF Prediction Model.
Adding a Campus Map to the WLAN — Management System Database
Rather than forcing the WLAN — Management System Software operator to use only a text-based map to manage the
Nortel 2200 Series, the WLAN — Management System Software allows the operator to view the managed System on
realistic campus, building, and floor plan maps. This section describes how to add a single campus map to the WLAN —
Management System Software database.
1.
First, save your maps in .PNG, .JPG, .JPEG, or .GIF format. They can be any size, as WLAN — Management
System automatically resizes the map to fit in its working areas.
Nortel 2200 Series Product Guide
170 Adding a Campus Map to the WLAN — Management System Database
2.
Browse to and import the map(s) from anywhere in your file system.
3.
Select the Monitor Tab.
4.
Click Maps to have WLAN — Management System display the Maps page.
Figure - 8: Click Maps
5.
In the Button Area, select New Campus.
Figure - 9: Button Area > New Campus
320298-A Rev 00
Adding a Campus Map to the WLAN — Management System Database 171
6.
Click GO to have the WMS Web Interface display the Maps > New Campus page.
Figure - 10: Maps for the New Campus
7.
In the Maps > New Campus page, enter the Campus Name and Campus Contact Information, click Browse
to search for and select the Campus graphic name, select Maintain Aspect Ratio (if desired), and enter the
Horizontal Span and the Vertical Span of the map in feet. (Note that the Campus Horizontal Span and the
Vertical Span should be larger than any building or floor plan to be added to the campus.)
8.
Click OK to add the Campus Map to the WLAN — Management System database. The WMS Web Interface
displays the Maps page.
Figure - 11: Map page
The Maps page contains a current list of Campus Names, the map type (Campus or Building), and the current
Campus Status (Green for OK, Red for Failure, Amber for Alarm).
9.
You have added a map to the WLAN — Management System database, which corresponds to a single
Campus.
Nortel 2200 Series Product Guide
172 Adding a Building to a Campus
10.
Ensure that the graphic has been added correctly by clicking the new Campus Name to have the WMS Web
Interface display the Maps > <Campus Name> page as shown in the following figure.
Figure - 12: Campus Name Map
11.
Repeat this section for any remaining Campuses.
When you have completed this section, continue with “Adding an Outdoor Area to a Campus on page 179” or “Adding
a Standalone Building to the WLAN — Management System Database on page 177”.
Adding a Building to a Campus
You can add buildings to the WLAN — Management System database whether or not you have added maps or
campuses as described in “Adding a Campus Map to the WLAN — Management System Database on page 169”.
To add a building to the WLAN — Management System database without associating it with a campus, continue with
“Adding a Standalone Building to the WLAN — Management System Database on page 177”. To add an Outdoor Area
to a campus in the WLAN — Management System database, continue with “Adding an Outdoor Area to a Campus on
page 179”. Otherwise, add a building to a campus in the WLAN — Management System database by performing the
following steps:
1.
Select the Monitor Tab.
320298-A Rev 00
Adding a Building to a Campus 173
2.
Click Maps to have WLAN — Management System display the Maps page.
Figure - 13: Campus Map selection
3.
In the Maps Page, select the desired Campus.
Figure - 14: Selecting the Campus
The WMS Web Interface displays the Maps > <Campus Name> page.
Nortel 2200 Series Product Guide
174 Adding a Building to a Campus
4.
In the Maps > <Campus Name> page Button Area, select New Building.
Figure - 15: New Building Command
320298-A Rev 00
Adding a Building to a Campus 175
5.
Click GO to have the WMS Web Interface display the <Campus Name> > New Building page.
Figure - 16: New Building Area
6.
In the <Campus Name> > New Building page, you can create a virtual Building to organize related Floor
Plan maps. To do this:
a.
Enter the Building Name.
b.
Enter the Building Contact Name.
c.
Enter the number of Floors and Basements.
d.
Enter an approximate Building Horizontal Span and Vertical Span (width and depth on the map) in
feet. Note that these numbers should be larger than or the same size as any floors that might be
added later.
Nortel 2200 Series Product Guide
176 Adding a Building to a Campus
Note: Alternatively, you can use <CTRL-Left-Click> to resize the bounding area in the upper left corner
of the Campus map. As you change the size of the bounding area, the Building Horizontal Span and
Vertical Span parameters vary to match your changes.
e.
Click Place to locate the Building on the Campus map. WLAN — Management System creates a
Building rectangle scaled to the size of the Campus map.
f.
Left-click on the Building rectangle and drag it to the desired position on the Campus map.
Figure - 17: Building Rectangle selection and placement
320298-A Rev 00
Adding a Standalone Building to the WLAN — Management System Database 177
g.
Click Save to save the Building definition and its Campus location in the WLAN — Management
System database. WLAN — Management System saves the Building name in the Building rectangle
on the Campus map. Note that there will be a hyperlink associated with the Building that takes you
to the corresponding Map page.
Figure - 18: Building Definition Map
7.
Repeat this procedure for any remaining Campus Buildings.
When you have completed this section for all Campus Buildings, continue with “Adding Floor Plans to a Campus
Building on page 183”.
Adding a Standalone Building to the WLAN — Management System Database
You can add Buildings to the WLAN — Management System database whether or not you have added maps or
Campuses as described in “Adding a Campus Map to the WLAN — Management System Database on page 169”.
To add a building to a Campus in the WLAN — Management System database, continue with “Adding a Building to a
Campus on page 172”. To add an Outdoor Area to a Campus in the WLAN — Management System database, continue
with “Adding an Outdoor Area to a Campus on page 179”. Otherwise, add a standalone building to a Campus by
performing the following steps:
1.
Select the Monitor Tab.
Nortel 2200 Series Product Guide
178 Adding a Standalone Building to the WLAN — Management System Database
2.
Click Maps to have WLAN — Management System display the Maps page.
Figure - 19: Making the Map Selection
3.
In the Button Area, select New Building.
Figure - 20: Choosing the New Building
320298-A Rev 00
Adding an Outdoor Area to a Campus 179
4.
Click GO to have the WMS Web Interface display the Maps > New Building page.
Figure - 21: New Building Maps
5.
6.
In the Maps > New Building page, you can create a virtual Building to organize related Floor Plan maps. To
do this:
a.
Enter the Building Name.
b.
Enter the Building Contact Name.
c.
Enter the number of Floors and Basements.
d.
Enter an approximate Building Horizontal Span and Vertical Span (width and depth on the map) in
feet. Note that these numbers should be larger than or the same as any floors that might be added
later.
e.
Click OK to save the Building definition to the WLAN — Management System Software database.
Repeat this section for any remaining Standalone Buildings.
When you have completed this section for all Standalone Buildings, continue with “Adding Floor Plans to a Standalone
Building on page 190”.
Adding an Outdoor Area to a Campus
You can add Outdoor Areas to a Campus in the WLAN — Management System database whether or not you have added
Outdoor Area maps to the WLAN — Management System database.
To add a building to the WLAN — Management System database without associating it with a Campus, continue with
“Adding a Standalone Building to the WLAN — Management System Database on page 177”. To add a building to a
Nortel 2200 Series Product Guide
180 Adding an Outdoor Area to a Campus
Campus in the WLAN — Management System database, continue with “Adding a Building to a Campus on page 172”.
Otherwise, add an Outdoor Area to a Campus by performing the following steps:
1.
If desired, save Outdoor Area maps in .PNG, .JPG, .JPEG, or .GIF format. Note that you do not need to have a
map for the Outdoor Area map(s). The maps can be any size, as WLAN — Management System automatically
resizes the map(s) to fit in its working areas.
2.
Browse to and import the map(s) from anywhere in your file system.
3.
Select the Monitor Tab.
4.
Click Maps to have WLAN — Management System display the Maps page.
Figure - 22: Displaying Maps
5.
In the Maps Page, select the desired Campus.
Figure - 23: Selecting the desired Campus
The WMS Web Interface displays the Maps > <Campus Name> page.
320298-A Rev 00
Adding an Outdoor Area to a Campus 181
6.
In the Maps > <Campus Name> page Button Area, select New Outdoor Area.
Figure - 24: Selecting New Outdoor Area
Nortel 2200 Series Product Guide
182 Adding an Outdoor Area to a Campus
7.
Click GO to have the WMS Web Interface display the <Campus Name> > New Outdoor Area page.
Figure - 25: Campus Name > New Outdoor Area
8.
In the <Campus Name> > New Outdoor Area page, you can create a manageable Outdoor Area. To do
this:
a.
Enter the Outdoor Area Name.
b.
Enter the Outdoor Area Contact Name.
c.
Enter the Outdoor Area Map filename (optional).
d.
Enter an approximate Outdoor Area Horizontal Span and Vertical Span (width and depth on the
map) in feet.
320298-A Rev 00
Adding Floor Plans to a Campus Building 183
Note: Alternatively, you can use <CTRL-Left-Click> to resize the bounding area in the upper left
corner of the Campus map. As you change the size of the bounding area, the Building Horizontal
Span and Vertical Span parameters vary to match your changes.
e.
Click Place to locate the Outdoor Area on the Campus map. WLAN — Management System creates an Outdoor Area rectangle scaled to the size of the Campus map.
f.
Left-click on the Outdoor Area rectangle and drag it to the desired position on the Campus map.
g.
Click Save to save the Outdoor Area definition and its Campus location in the WLAN — Management System database. WLAN — Management System saves the Outdoor Area name in the Outdoor Area rectangle on the Campus map. Note that there will be a hyperlink associated with the
Building Name or Outdoor Area.
Figure - 26: Building Name or Outdoor Area
9.
Repeat this procedure for any remaining Outdoor Areas.
When you have completed this section for all Outdoor Areas, continue with “Using the Nortel WLAN — Management
System Software on page 154”.
Adding Floor Plans to a Campus Building
Once you have added a Building to a Campus as described in “Adding a Building to a Campus on page 172”, you can
add individual floor plan and basement maps to the Building. Proceed with the following:
1.
If not already done, save your floor plan map(s) in .FPE, .PNG, .JPG, or .GIF format. They can be any size, as
WLAN — Management System automatically resizes the map(s) to fit in its working areas.
Note: When you are importing a .FPE floor plan map, you will also need to import a
corresponding .PNG, .JPG, or .GIF format floor plan map. Importing the .PNG, .JPG, or .GIF
format floor plan map allows WLAN — Management System to correctly display the floor plan, and
importing the .FPE floor plan map allows WLAN — Management System to properly adjust the RF
signal strengths as modified by the walls and other RF obstructions.
Nortel 2200 Series Product Guide
184 Adding Floor Plans to a Campus Building
2.
Browse to and import the map(s) from anywhere in your file system.
3.
Select the Monitor Tab.
4.
Click Maps to have WLAN — Management System display the Maps page.
Figure - 27: Selecting Maps Configuration
5.
In the Maps Page, select the desired Campus.
Figure - 28: Selecting Campus
The WMS Web Interface displays the Maps > <Campus Name> page.
320298-A Rev 00
Adding Floor Plans to a Campus Building 185
6.
In the Maps > <Campus Name> page Button Area, move the cursor over an existing Building rectangle to
highlight it. Note that when you highlight the Building rectangle, the Building description appears in the
Sidebar area.
Figure - 29: Building Description
7.
Left-click on the Building rectangle to have WLAN — Management System display the Maps > <Campus
Name> > <Building Name> page.
Nortel 2200 Series Product Guide
186 Adding Floor Plans to a Campus Building
8.
In the Button Area, select New Floor Area.
Figure - 30: Selecting New Floor Area
320298-A Rev 00
Adding Floor Plans to a Campus Building 187
9.
Click GO to have the WMS Web Interface display the <Building Name> > New Floor page.
Figure - 31: New Floor addition
10.
In the <Building Name> > New Floor page, you can add floors to a Building to organize related Floor Plan
maps. To do this:
a.
Enter the Floor or Basement Name.
b.
Enter the Floor or Basement Contact Name.
c.
Select the Floor or Basement number.
d.
Enter the Floor-to-Floor Height in feet.
e.
Also, when you are importing a .FPE floor plan map file from the Nortel WLAN — Floor Plan Editor, click Browse to search for and select the desired .FPE Floor or Basement graphic name.
Nortel 2200 Series Product Guide
188 Adding Floor Plans to a Campus Building
f.
In all cases, click Browse to search for and select the desired Floor or Basement graphic name.
Note that when you select the Floor or Basement graphic, WLAN — Management System displays
the graphic in the Building-sized grid.
g.
Enter an approximate Floor or Basement Horizontal Span and Vertical Span (width and depth on the
map) in feet. Note that these numbers should be smaller than or the same as the Building Horizontal
Span and Vertical Span in the WLAN — Management System database.
h.
If necessary, click Place to locate the Floor or Basement graphic on the Building grid.
Note: You can use <CTRL-Left-Click> to resize the graphic within the Building-sized grid. Leave
Maintain Aspect Ratio checked to preserve the original graphic aspect ratio, or uncheck the Maintain
Aspect Ratio box to change the graphic aspect ratio. Once again, use <CTRL-Left-Click> to change the
graphic aspect ratio.
320298-A Rev 00
Adding Floor Plans to a Campus Building 189
i.
Click Save to save the Building definition to the WLAN — Management System database. The
WMS Web Interface displays the floor plan graphic in the Maps > <Campus Name> > <Building Name> page.
Figure - 32: Campus and Building Name Mapping
Nortel 2200 Series Product Guide
190 Adding Floor Plans to a Standalone Building
11.
In the Maps > <Campus Name> > <Building Name> page, left-click any of the Floor or Basement
images to view the floor plan or basement map as shown in the following figure. Note that you can zoom in
and out to view the map at different sizes, and can add APs from this page.
Figure - 33: Adding Floors to Standalone Building
12.
Repeat this section for any remaining Floors or Basements.
Continue with “Adding Floor Plans to a Standalone Building on page 190” or “Adding APs to Floor Plan and Outdoor
Area Maps on page 195”.
Adding Floor Plans to a Standalone Building
Once you have added a standalone Building to the WLAN — Management System database as described in “Adding a
Standalone Building to the WLAN — Management System Database on page 177”, you can add individual floor plan
maps to the Building. Proceed with the following:
1.
If not already done, save your floor plan map(s) in .FPE, .PNG, .JPG, or .GIF format. They can be any size, as
WLAN — Management System automatically resizes the map(s) to fit in its working areas.
320298-A Rev 00
Adding Floor Plans to a Standalone Building 191
Note: When you are importing a .FPE floor plan map, you will also need to import a
corresponding .PNG, .JPG, or .GIF format floor plan map. Importing the .PNG, .JPG, or .GIF format floor
plan map allows WLAN — Management System to correctly display the floor plan, and importing
the .FPE floor plan map allows WLAN — Management System to properly adjust the RF signal strengths
as modified by the walls and other RF obstructions.
2.
Browse to and import the map(s) from anywhere in your file system.
3.
Select the Monitor Tab.
4.
Click Maps to have WLAN — Management System display the Maps page.
Figure - 34: Selecting Maps
5.
In the Main Data Page, select the desired Building.
Figure - 35: Selecting the Building
The WMS Web Interface displays the Maps > <Building Name> page.
Nortel 2200 Series Product Guide
192 Adding Floor Plans to a Standalone Building
6.
In the Button Area, select New Floor Area.
Figure - 36: Adding New Floor Area
320298-A Rev 00
Adding Floor Plans to a Standalone Building 193
7.
Click GO to have the WMS Web Interface display the <Building Name> > New Floor page.
Figure - 37: Building Map adding New Floor
8.
In the <Building Name> > New Floor page, you can add floors to a Building to organize related Floor Plan
maps. To do this:
a.
Enter the Floor or Basement Name.
b.
Enter the Floor or Basement Contact Name.
c.
Select the Floor or Basement number.
d.
Enter the Floor-to-Floor Height in feet.
e.
If you are importing a .FPE floor plan map file from the Floor Plan Editor, check the Import FPE
File box. Otherwise, leave this box unchecked.
f.
Also, when you are importing a .FPE floor plan map file from the Floor Plan Editor, click Browse
to search for and select the .FPE desired Floor or Basement graphic name.
g.
In all cases, click Browse to search for and select the desired Floor or Basement graphic name.
Note that when you select the Floor or Basement graphic, WLAN — Management System displays
the graphic in the Building-sized grid.
Nortel 2200 Series Product Guide
194 Adding Floor Plans to a Standalone Building
h.
Enter an approximate Floor or Basement Horizontal Span and Vertical Span (width and depth on the
map) in feet. Note that these numbers should be smaller than or the same as the Building Horizontal
Span and Vertical Span in the WLAN — Management System database.
i.
If necessary, click Place to locate the Floor or Basement graphic on the Building grid.
Note: You can use <CTRL-Left-Click> to resize the graphic within the Building-sized grid. Leave
Maintain Aspect Ratio checked to preserve the original graphic aspect ratio, or uncheck the Maintain
Aspect Ratio box to change the graphic aspect ratio. Once again, use <CTRL-Left-Click> to change the
graphic aspect ratio.
j.
Click Save to save the Building definition to the WLAN — Management System database. The
WMS Web Interface displays the floor plan graphic in the Maps > <Building Name> page.
Figure - 38: Typical Building Map
320298-A Rev 00
Adding APs to Floor Plan and Outdoor Area Maps 195
9.
In the Maps > <Building Name> page, left-click any of the Floor or Basement images to view the floor
plan or basement map as shown in the following figure. Note that you can zoom in and out to view the map at
different sizes, and can add APs from this page.
Figure - 39: Sample Building Map
10.
Repeat this section for any remaining Floors or Basements.
Continue with “Adding Floor Plans to a Campus Building on page 183” or “Adding APs to Floor Plan and Outdoor
Area Maps on page 195”.
Adding APs to Floor Plan and Outdoor Area Maps
This procedure assumes that you have added the Floor Plan and/or Outdoor Area maps as described in “Adding Floor
Plans to a Campus Building on page 183”, “Adding Floor Plans to a Standalone Building on page 190” and “Adding an
Outdoor Area to a Campus on page 179”. This procedure also assumes that you have added WLAN — Security
Switches (2270) to the WLAN — Management System database as described in “Adding a WLAN — Security Switch
(2270) to WLAN — Management System on page 165” before continuing.
After you have added the .FPE and/or .PNG, .JPG, or .GIF format Floor Plan and Outdoor Area (Coverage Area) maps
and WLAN — Security Switches (2270) to the WLAN — Management System database, you can position WLAN —
Access Port (223x) icons on the WLAN — Management System Software maps to show where they are installed in the
Buildings.
Nortel 2200 Series Product Guide
196 Adding APs to Floor Plan and Outdoor Area Maps
Add APs to the Coverage Area maps as follows:
1.
Select the Monitor Tab.
2.
Click Network to have WLAN — Management System display the Network Summary page.
Figure - 40: Selecting Network Summary
3.
In the Network Summary page, left-click the desired Floor Plan or Outdoor Area map.
Figure - 41: Network Summary
320298-A Rev 00
Adding APs to Floor Plan and Outdoor Area Maps 197
WLAN — Management System displays the associated Coverage Area Map similar to the following:
Figure - 42: Coverage Area Map
Nortel 2200 Series Product Guide
198 Adding APs to Floor Plan and Outdoor Area Maps
4.
In the Button Area, select Add Access Points.
Figure - 43: Sample Add Access Points
5.
Click GO to have the WMS Web Interface display the Add Access Points page.
320298-A Rev 00
Adding APs to Floor Plan and Outdoor Area Maps 199
6.
In the Add Access Points page, check the WLAN — Access Ports (223x) to add to the map.
Figure - 44: Adding Access Points
Nortel 2200 Series Product Guide
200 Adding APs to Floor Plan and Outdoor Area Maps
7.
Click OK to have the WMS Web Interface add the WLAN — Access Ports (223x) to the map and display the
Position Access Points map similar to the following:
Figure - 45: Position Access Points Map
Note that the WLAN — Access Port (223x) icons appear in the upper left area of the map.
8.
Left-click and drag the WLAN — Access Port (223x) icons to indicate their physical locations.
9.
Highlight each WLAN — Access Port (223x) icon in turn, and select the Antenna Angle.
Note: The Antenna Angle is relative to the Map “X” axis. Because the origin of the “X” and “Y” axes is at
the upper left hand corner of the Map, 0 degrees points Side A of the WLAN — Access Port (223x) to the
right, 90 degrees points Side A down, 180 degrees points Side A to the left, and so on.
Note: In the following example, AP1 and AP3 are set to 90 degrees, and AP2 is set to 0 degrees, so the
three WLAN — Access Ports (223x) provide maximum coverage for the inside of the building and not the
loading dock.
Also note that the first display is only an approximation of the actual RF signal intensity, because it does
not take into account the attenuation of various building materials, such as drywall or metal objects, nor
does it display the effects of RF signals bouncing off obstructions.
320298-A Rev 00
Adding APs to Floor Plan and Outdoor Area Maps 201
10.
If you have imported a .PNG, .JPG, or .GIF format Coverage Area map, click Save to store the WLAN —
Access Port (223x) locations and orientations, and have WLAN — Management System compute the
first-order RF prediction (or “Heat Map”) for the Coverage Area.
Figure - 46: Outdoor Area Map
11.
If you have imported a .FPE and a .PNG, .JPG, or .GIF format Coverage Area map, click Save to store the
WLAN — Access Port (223x) locations and orientations, and have WLAN — Management System compute
the second-order RF prediction (or “Heat Map”) for the Coverage Area.
Note: In the following example, AP1 is set to 0 degrees, and AP2 and AP3 are set to 90 degrees, so
the three WLAN — Access Ports (223x) provide maximum coverage for the right wing of the
building.
Note: Also note that in the following example, each WLAN — Access Port (223x) covers a much
smaller area, because of the wall attenuation factored in by the RF Prediction algorithm.
Nortel 2200 Series Product Guide
202 Monitoring Predicted Coverage (RSSI)
Figure - 47: Monitoring Coverage
Note: These two displays are popularly known as a “heat maps”, because they shows the relative intensity
of the RF signals on the Coverage Area map.
Note: ENSURE you have the correct WLAN — Access Port (223x) in each location on the map with the
correct antenna angle. This will become critical later on when you are Finding Coverage Holes and
Detecting and Locating Rogue Access Points.
12.
Repeat this section to assign WLAN — Access Ports (223x) to the remaining floor plan maps.
You have added WLAN — Access Ports (223x) to floor plan maps. Continue with “Using the Nortel WLAN —
Management System Software on page 154”.
Monitoring Predicted Coverage (RSSI)
Use MONITOR/Maps, click an item in the Name column, left-click the floor map, from the Protocol pulldown menu,
select a protocol to access this page.
This page assumes that you have already added active APs to the selected map.
The display of predicted RF coverage on the map is determined by the selection you make from the Protocol pulldown:
1.
For 802.11a and 802.11b/g: This information is displayed in the panel next to the WLAN — Access Port
(223x) icon as follows: n% Failed (a+b), where n is the percentage of Nortel Networks Radios that failed.
2.
For 802.11a: A colored overlay appears on the map displaying the coverage patterns for the 802.11a Nortel
Networks Radios. A Received Signal Strength Indicator (RSSI) Color Lookup appears at the top of the map
320298-A Rev 00
Monitoring Channels on Floor Map 203
indicating the meaning of the colors. The colors show the signal strength form RED (-35 dBm) through DARK
BLUE (-85 dBm). Next to each WLAN — Access Port (223x) is a percentage of failure.
3.
For 802.11b/g: A colored overlay appears on the map displaying the coverage patterns for the 802.11b/g
Nortel Networks Radios. Received Signal Strength Indicator (RSSI) Color Lookup appears at the top of the
map indicating the meaning of the colors. The colors show the signal strength form RED (-35 dBm) through
DARK BLUE (-85 dBm). Next to each WLAN — Access Port (223x) is a percentage of failure.
A sample RF Prediction Heat Map with WLAN — Access Ports (223x) providing coverage at one end of a building
appears in the following figure:
Figure - 48: Sample RF Prediction Heat Map
Refer to “Master WLAN — Security Switch (2270) on page 32”.
Monitoring Channels on Floor Map
Use MONITOR/Maps, click an item in the Name column, double-click the floor map, from the Display pulldown
menu, select Channel to access this page.
When you select this option, the channel number being used by the Nortel Networks Radio is displayed on the panel next
to each WLAN — Access Port (223x). This display depends upon the selection made from the Protocol pulldown as
follows:
•
802.11a: The display shows the channel in the following format: Ch#n, where n is the channel number.
•
802.11b/g: The display shows the channel in the following format: Ch#n, where n is the channel number.
•
802.11a and 802.11b/g: The display shows the channels in the following format: Ch#n/x, where n represents
the channel being used by the 802.11a Nortel Networks Radio and x represents the channel being used by the
802.11b/g Nortel Networks Radio.
Nortel 2200 Series Product Guide
204 Monitoring Transmit Power Levels on a Floor Map
Monitoring Transmit Power Levels on a Floor Map
Use MONITOR/Maps, click an item in the Name column, double-click the floor map, from the Display pulldown
menu, select Tx Power Level to access this page.
When you select this option, the power level number being used by the Nortel Networks Radio is displayed on the panel
next to each WLAN — Access Port (223x).
Power Level (1, highest through 5, lowest) WLAN — Access Port (223x) transmit power level are as follows:
•
1 = Maximum power allowed per Country Code setting
•
2 = 50% power
•
3 = 25% power
•
4 = 6.25 to 12.5% power
•
5 = 0.195 to 6.25% power
The power levels and available channels are defined by the Country Code setting and are regulated on a country by
country basis. Refer to Nortel 2200 Series Supported Regulatory Domains in the Nortel 2200 Series Product Guide for
the maximum Transmit Power Levels for each country.
Monitoring Coverage Holes on a Floor Map
Use MONITOR/Maps, click an item in the Name column, left-click the floor map, from the Display pulldown menu,
select Coverage Holes to access this page.
In the Alarm Monitor, click on a colored Coverage alarm to access this page.
Coverage holes are areas where clients cannot receive a signal from the wireless network. When deploying wireless
networks, there is a trade-off between the cost of the initial network deployment and the percentage of coverage hole
areas. A reasonable coverage hole criterion for launch is between 2 and 10 percent. This means that between two and ten
test locations out of 100 random test locations may receive marginal service. After launch, the Nortel Management
Software identifies these coverage areas and reports them to the IT manager, allowing the IT manager to fill holes based
on user demand. This percentage is shown in the panel next to each WLAN — Access Port (223x) on the map. They are
displayed as follows:
•
802.11a: The display shows the coverage hole percentage for this Nortel Networks Radio.
•
802.11b/g: The display shows the coverage hole percentage for this Nortel Networks Radio.
•
802.11a and 802.11b/g: The display shows the total coverage hole percentage for both Nortel Networks
Radios.
Monitoring Users on a Floor Map
Use MONITOR/Maps, click an item in the Name column, single-click the floor map, from the Display pulldown menu,
select Users to access this page.
When you select this option, the number of clients being used by the Nortel Networks Radio is displayed on the panel
next to each WLAN — Access Port (223x). This display depends upon the selection made from the Protocol pulldown
as follows:
320298-A Rev 00
Monitoring Clients From a Floor Map 205
•
802.11a: The display shows the number of clients using this protocol in the form n clients, where n is the
number of clients. Click “n clients” to display a list of clients. Refer to “Monitoring Clients From a Floor Map
on page 205”.
•
802.11b/g: The display shows the number of clients using this protocol. Click “n clients” to display a list of
clients. Refer to “Monitoring Clients From a Floor Map on page 205”.
•
802.11a and 802.11b/g: The display shows the total number of clients using a combination of both protocols.
Click “n clients” to display a list of clients. Refer to “Monitoring Clients From a Floor Map on page 205”.
Monitoring Clients From a Floor Map
Use MONITOR/Maps, click an item in the Name column, double-click the floor map, from the Display pulldown
menu, select Users, click n clients to access this page.
This page displays client parameters, as described in Table 2.
Table - 1.Client Parameters
Parameter
Description
Checkbox
Click to select, so that a command can be applied.
User Name
Name of the user. Refer to Monitor Client <client name> in the WMS Web Interface
Online Help.
IP Address
IP Address of the client.
MAC Address
MAC address of the client.
Access Point
Access Point Name. Refer to Monitor Access Points <name> in the WMS Web
Interface Online Help.
Switch
IP Address of WLAN — Security Switch (2270) to which this WLAN — Access Port
(223x) is attached. Refer to Monitor Switches <IPaddress> Summary in the WMS
Web Interface Online Help.
Port
Port number of the WLAN — Security Switch (2270) to which this WLAN — Access
Port (223x) is attached.
Status
Associated or non-associated.
SSID
Service Set Identifier being broadcast by the Nortel Networks Radio.
Auth
Authentication enabled. Yes or No.
Protocol
802.11a or 802.11b/g.
Troubleshooting with WLAN — Management System Software
•
“Checking the Nortel 2200 Series Network Summary on page 163”
•
“Viewing Current WLAN — Security Switch (2270) Status and Configurations on page 214”
Nortel 2200 Series Product Guide
206 Detecting and Locating Rogue Access Points
•
“Viewing WLAN — Management System Statistics Reports on page 214”
•
“Checking the Nortel 2200 Series Network Summary on page 163”
•
“Viewing Current WLAN — Security Switch (2270) Status and Configurations on page 214”
•
“Viewing WLAN — Management System Statistics Reports on page 214”
•
“Detecting and Locating Rogue Access Points on page 206”
•
“Acknowledging Rogue APs on page 211”
•
“Locating Clients on page 211”
•
“Finding Coverage Holes on page 213”
•
“Pinging a Network Device from a WLAN — Security Switch (2270) on page 214”
Detecting and Locating Rogue Access Points
When the Nortel WLAN — Access Ports (223x) are powered up and associated with Nortel WLAN — Security
Switches (2270) , the Nortel WLAN — Management System Software built into the Operating System immediately
starts listening for Rogue Access Ports. When the WLAN — Security Switch (2270) detects a Rogue AP, it immediately
notifies the WLAN — Management System Software, which creates a rogue AP alarm.
When the WLAN — Management System Software receives a rogue AP message from an WLAN — Security Switch
(2270), WLAN — Management System generates an alarm, with an indicator visible in the lower left corner of all WMS
Web Interface pages. Notice that the following example shows 72 WLAN — Management System Software Rogue AP
alarms.
Figure - 49: Detecting and Locating Rogue Access Points
To see more detail on the Rogue APs, click the Rogues indicator to display the Rogue AP Alarms page.
320298-A Rev 00
Detecting and Locating Rogue Access Points 207
Figure - 50: Locating and Detecting Rogue APs
In the Rogue AP Alarms page, you can see the severity of the alarms, the Rogue AP MAC addresses, the
Rogue AP types, the owners (WLAN — Management System operators), the date and time when the
rogue APs were first detected, the channel numbers they are broadcasting on, and their SSIDs.
Also in this page, you can highlight one or more entries by checking the desired checkboxes, and then allows
you to apply the following commands to all selected Rogue AP alarms: Assign to me, Unassign, Delete,
Clear, or configure Email Notification.
Nortel 2200 Series Product Guide
208 Detecting and Locating Rogue Access Points
Figure - 51: Applying Selections
To see more Rogue AP information, click any Rogue MAC Address link to have WLAN — Management System
display the associated Alarms > Rogue AP <MAC address> page.
320298-A Rev 00
Detecting and Locating Rogue Access Points 209
Figure - 52: Alarms for Rogue AP MAC
The Alarms > Rogue AP <MAC address> page shows detailed information about the rogue AP alarm,
and allows you to modify the Rogue AP alarm with the following commands:
•
Assign to me.
•
Unassign.
•
Delete.
•
Show the Event History.
•
Display the Detecting APs (with Radio Band, Location, SSID, Channel Number, WEP state, short or long
preamble, RSSI and SNR).
•
Show a high-resolution Map with the current calculated location, or a low-resolution Map with the Rogue AP
located at the WLAN — Access Port (223x) that detects strongest RSSI transmissions.
•
Show a Trend of recent RSSI signal strength.
•
Set the State to Unknown, Known-Internal, or Known-External (as described in “Rogue AP Location,
Tagging and Containment on page 72”).
•
Set up Level 1 through Level 4 Containment (as described in “Rogue AP Location, Tagging and
Containment on page 72”).
Nortel 2200 Series Product Guide
210 Detecting and Locating Rogue Access Points
Figure - 53: Mapping
In the Alarms > Rogue AP <MAC address> page, select Map to have WLAN — Management System display the
current calculated rogue AP location on the Maps > <building name> > <floor name> page.
320298-A Rev 00
Acknowledging Rogue APs 211
Figure - 54: Rogue AP Alarm Mapping
Note that the WLAN Management System Basic (Low-Resolution) Software function compares RSSI signal
strength from the rogue AP, and places a small “skull-and-crossbones” indicator next to the WLAN — Access
Port (223x) receiving the strongest RSSI signal from the Rogue AP.
Acknowledging Rogue APs
•
To acknowledge known Rogue APs, navigate to the Rogue AP Alarms page. Right-click the Rogue AP
(red, unknown) to be acknowledged, and select Set State to ‘Known Internal’ or Set State to ‘Known
External’. In either case, the red Rogue AP entry is removed from the Alarms Page.
Locating Clients
The WLAN — Management System Software allows system operators to locate clients in the enterprise. Do the
following:
1.
Use Monitor/Clients to navigate to the Clients Summary page.
2.
On the Clients Summary page, in the left sidebar Search for All Clients to have WLAN — Management
System display the Clients page.
3.
From the Clients page, click the User Name of the client you want to locate. WLAN — Management
System displays the corresponding Clients <client name> page.
4.
From the Clients <client name> page, you have two choices for locating the client:
a.
In the pulldown menu, select Recent Map (high/low resolution) to locate the client without dissociating it.
Nortel 2200 Series Product Guide
212 Locating Clients
b.
In the pulldown menu, select Present Map (high/low resolution) to dissociate and then locate
the client after reassociation. If you make this choice, WLAN — Management System displays a
warning message and asks you to confirm that you want to continue.
Note that the WLAN Management System Basic (Low-Resolution) Software compares RSSI signal strength
from the client, and places a small “Laptop” icon next to the WLAN — Access Port (223x) receiving the
strongest RSSI signal from the client.
Refer to the following illustration for a Heat Map showing client location.
320298-A Rev 00
Finding Coverage Holes 213
Figure - 55: Heat Map
Finding Coverage Holes
Coverage holes are areas where clients cannot receive a signal from the wireless network. The Operating System
Management Software identifies these coverage hole areas and reports them to WLAN — Management System,
allowing the IT manager to fill holes based on user demand.
When WLAN — Management System displays the Top 5 Coverage Holes, click the Coverage indicator on the bottom
left of the WMS Web Interface page (or click MONITOR/Alarms and then search for Alarm Category Coverage) to
have WLAN — Management System display the Coverage Hole Alarms page. On the Coverage Hole Alarms
page, click MONITOR/Maps and then search for Access Points by WLAN — Access Port (223x) Name (this
Nortel 2200 Series Product Guide
214 Pinging a Network Device from a WLAN — Security Switch (2270)
search tool is case-sensitive). WLAN — Management System displays the Maps > Search Results page, which lists
the Floor or Outdoor Area where the WLAN — Access Port (223x) is located. Click the link to display the related Maps
> <building name> > <floor name> page.
On the Maps > <building name> > <floor name> page, look for areas of low signal strength near the WLAN —
Access Port (223x) that reported the coverage hole. Those are the most likely locations of coverage holes. If there do not
appear to be any areas of weak signal strength, ensure that the floor plan map is accurate, and that you have not left out
any metal obstructions, such as walls, elevator shafts, stairwells, or bookcases. If so, add them to the .FPE floor plan file
and replace the old floor plan with the new floor plan.
Pinging a Network Device from a WLAN — Security Switch (2270)
To ping other devices from a WLAN — Security Switch (2270):
1.
Use CONFIGURE/Switches and click an IP address under the IP Address column to have WLAN — Management System display the <IPaddress> > Switch Properties page.
2.
On the <IPaddress> > Switch Properties page, in the left sidebar select System/Commands to have
WLAN — Management System display the <IPaddress> > Switch Commands page.
3.
On the <IPaddress> > Switch Commands page, select Administrative Commands/Ping from
Switch and click GO.
4.
In the Enter an IP Address (x.x.x.x) to Ping window, enter the IP address of the network device that the
WLAN — Security Switch (2270) is to ping, and click OK.
5.
WLAN — Management System displays the Ping Results window showing the packets sent and received.
Click Restart to ping the network device again, or click Close to stop pinging the network device and close
the Ping Results window.
Viewing Current WLAN — Security Switch (2270) Status and Configurations
Once you have added Nortel WLAN — Security Switches (2270) and Nortel WLAN — Access Ports (223x) to the
WLAN — Management System Software database as described in “Using WMS on page 163”, you can view the Nortel
2200 Series status as follows:
•
In the WMS Web Interface, click MONITOR/Network to display the Monitor Network Summary. Refer to the
following figure and the Monitor Network Summary for more information.
Viewing WLAN — Management System Statistics Reports
WLAN — Management System periodically collects statistics, such as RSSI, SNR, profile failures, client counts, rogue
AP trend, and busy clients, and organizes them into reports. To view these reports, use the MONITOR/Reports screens.
320298-A Rev 00
Updating the Operating System Software from WLAN — Management System 215
Figure - 56: Typical Network Summary Page
Updating the Operating System Software from WLAN — Management System
When you plan to update the WLAN Security Switch (2270) (and WLAN — Access Point [223x]) Operating System
software from WLAN — Management System, complete the following.
Note: On the Nortel 2270 WLAN Controller, the WLAN — Management System Server MUST be
on the same subnet as the Nortel 2270 management Interface because this switch does not have a
service port.
1.
Use the ping <IP Address> command in a Command Prompt window to ensure that WLAN — Management System Server can contact the WLAN — Security Switch (2270).
a.
When you are downloading through the 2270 Service port, the TFTP server MUST be on the same
subnet as the Service port, because the Service port is not routable.
b.
When you are downloading through the 2270 DS (Distribution System) network port, the TFTP
server can be on the same or a different subnet, because the DS port is routable.
2.
When you are planning to use an external TFTP server, use the ping <IP Address> command in a
Command Prompt window to ensure that the WLAN — Management System Server can contact the TFTP
server.
3.
Use WLAN — Management System Configure/Switches to navigate to the All Switches page.
Nortel 2200 Series Product Guide
216 Updating the Operating System Software from WLAN — Management System
4.
In the All Switches page, select the desired WLAN — Security Switch (2270) checkbox, select the
Command Download Software, and click GO to have WLAN — Management System display the
Download Software to Switch page.
5.
When you are using the built-in WLAN — Management System TFTP server, in the Download Software
to Switch page, ensure that TFTP Server on WLAN — Management System System checkbox is
selected.
-- OR --
6.
When you are using an external TFTP server, in the Download Software to Switch page, ensure that
TFTP Server on WLAN — Management System System is deselected. Then add the external TFTP
server IP address.
7.
In the Download Software to Switch page, click the Browse button and navigate to the Operating
System code update file named NORTEL_4000_<release_number>.aes for Nortel 2270 WLAN Controllers or
NORTEL_4000_<release_number>.aes for 2270 WLAN — Security Switches (2270). (For example,
NORTEL_4000_2_0_0_0_60_0.aes.) The path and filename of the Operating System code appear in the File
Name box.
Note: ENSURE you have the correct Operating System code file:
• Nortel 2270 Operating System code files are named
NORTEL_4000_<release_number>.aes.
• 2270 Operating System code files are named NORTEL_4000_<release_number>.aes.
Figure - 57: WMS WSS (2270) Software Download
•
Click Download.
320298-A Rev 00
Managing WLAN — Management System Software and Database 217
WLAN — Management System downloads the Operating System code file to the WLAN — Management
System Server /aes-tftp directory, then downloads the Operating System code to the WLAN — Security
Switch (2270), an then the WLAN — Security Switch (2270) writes the code to flash RAM. As WLAN —
Management System performs these functions, it displays its progress in the Status box.
Refer to the “Transferring Files To and From an WLAN — Security Switch (2270) on page 141” section for other file
upload and download instructions.
Managing WLAN — Management System Software and Database
•
“Installing WLAN — Management System Software on page 217”
•
“Updating the Windows WLAN — Management System Software on page 217”
•
“Reinitializing the Windows WLAN — Management System Software Database on page 219”
•
“Administering WLAN — Management System Users and Passwords on page 219”
•
“Administering WLAN — Management System Users and Passwords on page 219”
Installing WLAN — Management System Software
Refer to the Nortel WLAN — Management System Quick Installation Guide Part # 216396-B for instructions on how to
install WLAN — Management System Software on a WMS Server.
Updating the Windows WLAN — Management System Software
Do the following:
1.
If possible, stop all WMS Web Interfaces ( “Stopping a WMS Web Interface on page 161”) to stabilize the
database.
2.
Stop the WLAN — Management System Software ( “Stopping the WLAN — Management System Software
Windows Application on page 157” or “Stopping the WLAN — Management System Software Windows
Service on page 158”).
3.
Manually create a backup directory with no spaces in the name, such as C:\ WMS22_Backup\.
Note: Ensure the directory name does not include any spaces, or the backup script will generate
error messages.
4.
From the Windows START button, select the Programs menu, and then select Nortel WLAN — Management System 2.2/Backup.
The backup script opens the Backup DOS window and the Select Backup directory window.
5.
In the Select Backup directory window, highlight the backup directory you created above and click OK.
The backup database script creates subdirectories in the C:\WMS22_Backup\ directory, and backs up the
WLAN — Management System Software database and the floor plan, building, and area maps to the
C:\WMS22_Backup\conf and C:\WMS22_Backup\mapimages directories.
Nortel 2200 Series Product Guide
218 Updating the Windows WLAN — Management System Software
Figure - 58: Selecting Backup Directory
6.
When the Backup Status window opens and displays the Backup Succeeded. You may restart
the WLAN — Management System Server now. message, click OK.
7.
Uninstall the Nortel WLAN — Management System Software application using the Control Panel/Add or
Remove Programs application.
8.
When the JExpress Uninstaller window displays Program uninstalled message, click Finished to
close the JExpress Uninstaller window.
9.
If any part of the C:\Program Files\WMS22 folder remains on the hard drive, manually delete the folder and
all contents.
Note: If you fail to delete the previous WLAN — Management System Software installation, you
will receive the following error message upon reinstall: WLAN — Management System
Software already installed. Please uninstall the older version
before installing this version.
10.
Reinstall the WLAN — Management System Software application as described in “Installing WLAN —
Management System Software on page 217”.
11.
From the Windows START button, select the Programs menu, and then select Nortel WLAN — Management System 2.2/Restore.
12.
In the Select Backup directory window, highlight the backup directory you created above and click OK.
13.
The restore database script restores the WLAN — Management System Software database and the floor plan,
building, and area maps to the new WLAN — Management System Software installation.
14.
When the Restore Status page opens and displays the Restore Succeeded. You may restart
the WLAN — Management System Server now. message, click OK.
320298-A Rev 00
Reinitializing the Windows WLAN — Management System Software Database 219
If you receive an error message, scroll down the page to find the error. Normally, the only error that will halt a
backup is if an incorrect directory is specified; if this is the case, repeat this procedure with the correct directory to complete the backup.
15.
Start the WLAN — Management System Software as described in “Starting WLAN — Management System
Software as a Windows Application on page 155” or “Starting WLAN — Management System Software as a
Windows Service on page 156”.
16.
Start one or more WMS Web Interfaces as described in “Starting a WMS Web Interface on page 160”.
Reinitializing the Windows WLAN — Management System Software Database
You only have to reinitialize the Windows WLAN — Management System Software database when the WLAN —
Management System Software database becomes corrupted.
CAUTION: If you reinitialize the WLAN — Management System Software database after you
have been working in the WLAN — Management System Software application, you will delete all
your saved WLAN — Management System Software data!
1.
Navigate to the \WMS22 directory.
2.
Navigate to the \bin subdirectory.
3.
In the \bin subdirectory, double-click the reinitDatabase.bat file.
4.
The database reinitialize script displays the startdb.bat DOS window.
5.
Select the startdb.bat window, and press any key to continue.
6.
The startdb.bat script displays the Reinitialize Web NMS Database window.
7.
In response to the Do you want to Reinitialize Web NMS? prompt in the Reinitialize Web
NMS Database window, select Yes.
8.
The startdb.bat window displays many “accomplished” messages. When the WLAN — Management
System Software database is reinitialized, the Reinitialize Web NMS Database window reappears.
9.
In response to the Successfully reinitialized the Database prompt in the Reinitialize Web
NMS Database window, select OK.
10.
The Reinitialize Web NMS Database window closes, and the startdb.bat window displays a Press
any key to continue prompt.
11.
In the startdb.bat window, press any key. The startdb.bat window closes.
You have reinitialized the WLAN — Management System Software database. Continue with “Using the Nortel WLAN
— Management System Software on page 154”.
Administering WLAN — Management System Users and Passwords
WLAN — Management System supports four User Groups:
1.
To monitor WLAN — Management System operations, users must be part of the System Monitoring
Group.
Nortel 2200 Series Product Guide
220 Administering WLAN — Management System Users and Passwords
2.
To monitor and configure WLAN — Management System operations, users must be part of the ConfigManagers Group.
3.
To monitor and configure WLAN — Management System operations, and perform all system administration
tasks except administering WLAN — Management System users and passwords, users must be part of the
Admin Group.
4.
To monitor and configure WLAN — Management System operations, and perform all system administration
tasks including administering WLAN — Management System users and passwords, users must be part of the
SuperUsers Group.
This section describes how to add user accounts and assign them to a User Group, change passwords, and delete user
accounts using the WLAN — Management System Administration function.
Adding User Accounts
1.
If not already done, start the WLAN — Management System Software as described in the “Starting WLAN
— Management System Software as a Windows Application on page 155” or “Starting WLAN — Management System Software as a Windows Service on page 156”.
CAUTION: As soon as you have logged into the WMS Web Interface as Super1, Nortel recommends that you create a new superuser assigned to the Super Users Group, and then delete the
Super1 user to prevent undesired access to WLAN — Management System Super User operations.
2.
Select User Admin/Security Administration to display the Security Administration page.
3.
In the Security Administration page, click the Add User (single person) icon to display the User
Administration page.
4.
In the User Administration page, add the new user name and password. Click Next to display the User
account expiry and Password expiry parameters.
5.
In this page, accept or change the desired expiration times for the user account and password. Click Next to
display the Group based permissions, Direct Assignment, and Assign groups for the user
parameters.
6.
As you are going to assign the new user account to a group which already has permissions assigned, ensure the
Group based permissions and Direct Assignment boxes are checked.
7.
In the Assign groups for the user section, assign the new user account to one of the four User Group
names: System Monitoring, ConfigManagers, Admin, or SuperUsers.
8.
Ignore the rest of the fields in this page, and click Finish to complete adding the new user account.
9.
Close the Security Administration page.
10.
Close the Nortel WLAN — Management System Release 2.2 page.
The new User Account has been added and can be used immediately. If necessary, refer to the “Deleting User Accounts
on page 221” section to delete the default user accounts provided with Nortel WLAN — Management System Software.
Changing Passwords
1.
If not already done, start the WLAN — Management System Software as described in the “Starting WLAN
— Management System Software as a Windows Application on page 155” or “Starting WLAN — Management System Software as a Windows Service on page 156”.
320298-A Rev 00
Administering WLAN — Management System Users and Passwords 221
2.
If not already done, log into WLAN — Management System Administration as a user assigned to the SuperUsers Group as described in “Adding User Accounts on page 220”.
3.
Select User Admin/Security Administration to display the Security Administration page.
4.
In the Security Administration page, highlight a user account, and select Edit/Change Password to
display the Change Password dialog.
5.
In the Change Password dialog, enter the new password and click Ok to change the password for the
selected user account.
6.
Close the Security Administration page.
7.
Close the Nortel WLAN — Management System Release 2.2 page.
The User Account has been changed and can be used immediately.
Deleting User Accounts
1.
If not already done, start the WLAN — Management System Software as described in the “Starting WLAN
— Management System Software as a Windows Application on page 155” or “Starting WLAN — Management System Software as a Windows Service on page 156”.
2.
If not already done, log into WLAN — Management System Administration as a user assigned to the SuperUsers Group as described in “Adding User Accounts on page 220”.
3.
Select User Admin/Security Administration to display the Security Administration page.
4.
In the Security Administration page, highlight the user account to delete, and select Edit/Delete to
display the Warning! On deleting this user you would no longer be able to log on with this user
name, are you sure you want to do this? dialog.
5.
In the Warning! dialog, click Yes to delete the selected user account.
6.
Close the Security Administration page.
7.
Close the Nortel WLAN — Management System Release 2.2 page.
The deleted User Account can no longer be used.
Nortel 2200 Series Product Guide
222 Using the WLAN — Security Switch Web Interface
Using the WLAN — Security Switch Web Interface
The WLAN — Security Switch Web Interface is described in “Nortel WLAN — Security Switch Web Interface on
page 79” section.
Note that you can use either the “Service-Port Interface on page 51” (recommended) or “Management Interface on
page 49”, whose IP Address(es) were set using the “Startup Wizard on page 52” or the “Configuring System Parameters on page 120” section. Also note that you can have up to 21 simultaneous Web Browser sessions, but the automatic
refresh time for the Monitor/Summary page will be longer if there are more than 10 simultaneous sessions.
Note: Some popup window filters can be configured to block the Nortel Web Browser Online Help
pages. If your system cannot display the Online Help windows, disable or reconfigure your browser
popup filter software.
Log into the WLAN — Security Switch Web Interface by doing the following:
1.
Start a Web Browser on any workstation connected to the Internet (Nortel recommends Internet Explorer 6.0
or later on a Windows workstation for full functionality).
2.
For an unsecure http connection, enter the WLAN — Security Switch (2270) IP Address (http://<WLAN —
Security Switch (2270)_IPaddress>/) in the Web Browser Address field and press <RETURN>.
--OR--
3.
For a secure https (HTTP + SSL) connection, enter the WLAN — Security Switch (2270) IP Address (https://
<WLAN — Security Switch (2270)_IPaddress>/) in the Web Browser Address field and press <RETURN>.
(This connection was configured using the “Adding SSL to the WLAN — Security Switch Web Interface on
page 144” procedure.)
Note: If you receive a “The Document contains no data” error message, the corresponding http
Web Mode and/or https Secure Web Mode is disabled. If you receive the error when attempting to
use http AND https, use the CLI to log into the WLAN — Security Switch (2270) as described in
the “Using the Nortel 2200 Series CLI on page 113” section, or use WLAN — Management
System Software to log into the WLAN — Security Switch (2270) as described in “Using the
Nortel WLAN — Management System Software on page 154”.
Note: Each time you access the secure https (http + SSL) WLAN — Security Switch (2270)
website, you may receive the following Security Alert:
320298-A Rev 00
Adding WLAN — Access Ports (223x) to a WLAN — Security Switch (2270) 223
Figure - 59: Security Certificate Alert
When you see the Security Alert, click Yes.
Once you have logged into the WLAN — Security Switch Web Interface, use the context-sensitive (F1) online help
(included in “Operating System Software on page 29”) to configure and monitor the WLAN — Security Switch (2270).
Adding WLAN — Access Ports (223x) to a WLAN — Security Switch (2270)
The scenario when adding WLAN — Access Ports (223x) to an existing WLAN — Security Switch (2270) using the
WLAN — Security Switch Web Interface: adding to a WLAN — Security Switch (2270) in Appliance Mode.
•
In Appliance Mode, the WLAN — Access Ports (223x) connect to the WLAN — Security Switch (2270)
through the network as described in “Nortel Wired Connections on page 37”. When an WLAN — Access Port
(223x) powers up, it searches for an WLAN — Security Switch (2270) as described in “WLAN — Security
Switch (2270) Failover Protection on page 53”.
Adding CA Certificates to an WLAN — Security Switch (2270)
Certification Authority public-key certificates are used to authenticate the Web server and encrypt data transmissions
between Web server and browser. The CA certificates are issued by a trusted Certification Authority, or CA.
Note: You can obtain a CA Certificate from three sources: Factory-supplied, Operator-generated,
and Purchased from a trusted CA. This procedure only applies to adding an Operator-generated or
Purchased ID Certificate, as the Factory-supplied Certificate is already stored in the WLAN —
Security Switch (2270) NVRAM. You do not need to complete this procedure if you choose to use
the Factory-supplied CA Certificate.
Nortel 2200 Series Product Guide
224 Adding ID Certificates to a WLAN — Security Switch (2270)
CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from
512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you are
obtaining a new certificate from a Certificate Authority (such as the Microsoft CA), ENSURE the RSA key
embedded in the certificate is AT LEAST 768 Bits.
When you obtain certificates (usually in an email from the CA or from your key-generation program), it is a simple
matter to add the CA certificate to your WLAN — Security Switch (2270):
1.
Launch a WLAN — Security Switch Web Interface session as described in “Using the WLAN — Security
Switch Web Interface on page 222”.
2.
Navigate to the CA Certification page in the WLAN — Security Switch Web Interface.
3.
Copy the Certificate (a large block of ASCII characters) from your email or text viewer program, and paste it
into the CA Certification box.
4.
Click Apply.
The CA Certificate is now in the WLAN — Security Switch (2270) Volatile RAM. Use ‘System Reboot with Save’ to
save the CA Certificate to NVRAM, so the CA Certificate is preserved across restarts.
Adding ID Certificates to a WLAN — Security Switch (2270)
ID Certificates and Private Keys are used by Web server operators to ensure secure server operation. The ID certificate
and key are used to authenticate the server and encrypt data transmissions between server and browser.
Note: You can obtain an ID Certificate and Private Key from three sources: Factory-supplied, Operator-generated, and Purchased from a trusted CA. This procedure only applies to adding an
Operator-generated or Purchased ID Certificate and Key, as the Factory-supplied Certificate and Key are
already stored in the WLAN — Security Switch (2270) NVRAM. You do not need to complete this
procedure if you choose to use the Factory-supplied ID Certificate and Key.
CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from
512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you are
obtaining a new certificate from a Certificate Authority (such as the Microsoft CA), ENSURE the RSA key
embedded in the certificate is AT LEAST 768 Bits.
When you obtain ID certificates (usually in an email from the CA or from your key-generation program), it is a simple
matter to add the ID certificate and key to your WLAN — Security Switch (2270):
1.
Launch a WLAN — Security Switch Web Interface session as described in “Using the WLAN — Security
Switch Web Interface on page 222”.
2.
Navigate to the ID Certificate > New page in the WLAN — Security Switch Web Interface.
3.
Type or paste the ID Certificate Name into the Certificate Name box.
4.
Type a Private Key (Password) into the Certificate Password box.
5.
Copy the Certificate (a large block of ASCII characters) from your email or text viewer program, and paste it
into the ID Certification box.
6.
Click Apply.
320298-A Rev 00
Adding ID Certificates to a WLAN — Security Switch (2270) 225
The ID Certificate and Key are now in the WLAN — Security Switch (2270) Volatile RAM. Use ‘System Reboot with
Save’ to save the ID Certificate and Key to NVRAM, so the Certificate and Key are preserved across restarts.
Nortel 2200 Series Product Guide
226 Authorizing APs against AAA
Authorizing APs against AAA
To set the AAA Authorization Security Policy for the WLAN — Access Ports (223x) from within the WLAN —
Security Switch (2270) Web UI use the following procedure:
1.
Login to the WLAN — Security Switch (2270) using the Web UI.
Figure - 60: WLAN — Security Switch (2270) Web UI Login
320298-A Rev 00
Authorizing APs against AAA 227
2.
Select Security from the menu bar.
Figure - 61: Selecting SECURITY
Nortel 2200 Series Product Guide
228 Authorizing APs against AAA
3.
From the Security Screen, select AP Policies.
Figure - 62: Selecting AP Policies
320298-A Rev 00
Authorizing APs against AAA 229
4.
From the Security AP Policies screen, click the Enabled box and then click Apply.
Figure - 63: Selecting Enabled and Apply to invoke Authorize APs against AAA.
5.
Save your configuration as normal and logout.
The APs are now authorized against AAA. The same settings can be accomplished using the CLI through Telnet or by a
terminal connected to the WLAN — Security Switch (2270) serial port. Refer to “config wps rogue-ap aaa on page 537”
Nortel 2200 Series Product Guide
230 Troubleshooting Tips
Troubleshooting Tips
You can use the following sections to troubleshoot your Nortel 2200 Series:
•
“Using Error Messages on page 230”
•
“Using Client Reason and Status Codes in the Trap Log on page 233”
•
“Using WLAN — Access Port (223x) LEDs on page 235”
Using Error Messages
The Operating System may display any of the error messages described below.
Table - 2.Error Messages and Descriptions
Error Message
Description
STATION_DISASSOCIATE
Client may have intentionally terminated usage or may have
experienced a service disruption.
STATION_DEAUTHENTICATE
Client may have intentionally terminated usage or it could
indicate an authentication issue.
STATION_AUTHENTICATION_FAIL
Check disable, key mismatch or other configuration issues.
STATION_ASSOCIATE_FAIL
Check load on the Nortel Networks Radio or signal quality
issues.
LRAD_ASSOCIATED
The associated WLAN — Access Port (223x) is now
managed by this WLAN — Security Switch (2270).
LRAD_DISASSOCIATED
WLAN — Access Port (223x) may have associated with a
different WLAN — Security Switch (2270) or may have
become completely unreachable.
LRAD_UP
WLAN — Access Port (223x) is operational, no action
required.
LRAD_DOWN
WLAN — Access Port (223x) may have a problem or is
administratively disabled.
AIRONETAP_UP
Aironet AP is responding to SNMP polls.
AIRONETAP_DOWN
Aironet AP is not responding to SNMP polls, check network
connections, WLAN — Access Port (223x) and its SNMP
settings.
ORINOCOAP_UP
ORINOCO AP is responding to SNMP polls.
ORINOCOAP_DOWN
ORINOCO AP is not responding to SNMP polls, check
network connections, ORINOCO AP and its SNMP settings.
320298-A Rev 00
Using Error Messages 231
Table - 2.Error Messages and Descriptions (Continued)
Error Message
Description
LRADIF_UP
Nortel Networks Radio is UP.
LRADIF_DOWN
Nortel Networks Radio may have a problem or is administratively disabled.
LRADIF_LOAD_PROFILE_FAILED
Client density may have exceeded system capacity.
LRADIF_NOISE_PROFILE_FAILED
The non-802.11 noise has exceed configured threshold.
LRADIF_INTERFERENCE_PROFILE_FAILED
802.11 interference has exceeded threshold on channel -check channel assignments.
LRADIF_COVERAGE_PROFILE_FAILED
Possible coverage hole detected - check WLAN — Access
Port (223x) history to see if common problem - add WLAN —
Access Ports (223x) if necessary.
LRADIF_LOAD_PROFILE_PASSED
Load is now within threshold limits.
LRADIF_NOISE_PROFILE_PASSED
Detected noise is now less than threshold.
LRADIF_INTERFERENCE_PROFILE_PASSED
Detected interference is now less than threshold.
LRADIF_COVERAGE_PROFILE_PASSED
Number of clients receiving poor signal are within threshold.
LRADIF_CURRENT_TXPOWER_CHANGED
Informational message.
LRADIF_CURRENT_CHANNEL_CHANGED
Informational message.
LRADIF_RTS_THRESHOLD_CHANGED
Informational message.
LRADIF_ED_THRESHOLD_CHANGED
Informational message.
LRADIF_FRAGMENTATION_THRESHOLD_
CHANGED
Informational message.
RRM_DOT11_A_GROUPING_DONE
Informational message.
RRM_DOT11_B_GROUPING_DONE
Informational message.
ROGUE_AP_DETECTED
May be a security issue, use maps and trends to investigate.
ROGUE_AP_REMOVED
Detected Rogue has timed out - May have shut down or
moved out of coverage area.
AP_MAX_ROGUE_COUNT_EXCEEDED
The current number of active rogues has exceeded system
threshold.
LINK_UP
Positive confirmation message.
Nortel 2200 Series Product Guide
232 Using Error Messages
Table - 2.Error Messages and Descriptions (Continued)
Error Message
Description
LINK_DOWN
Port may have a problem or is administratively disabled.
LINK_FAILURE
Port may have a problem or is administratively disabled.
AUTHENTICATION_FAILURE
Attempted security breech - please investigate.
STP_NEWROOT
Informational message.
STP_TOPOLOGY_CHANGE
Informational message.
IPSEC_ESP_AUTH_FAILURE
Check WLAN IPSec configuration.
IPSEC_ESP_REPLAY_FAILURE
Check for attempt to spoof IP Address.
IPSEC_ESP_POLICY_FAILURE
Check for IPSec configuration mismatch between WLAN
and client.
IPSEC_ESP_INVALID_SPI
Informational message.
IPSEC_OTHER_POLICY_FAILURE
Check for IPSec configuration mismatch between WLAN
and client.
IPSEC_IKE_NEG_FAILURE
Check for IPSec IKE configuration mismatch between
WLAN and client.
IPSEC_SUITE_NEG_FAILURE
Check for IPSec IKE configuration mismatch between
WLAN and client.
IPSEC_INVALID_COOKIE
Informational message.
RADIOS_EXCEEDED
Maximum number of supported Nortel Networks Radios
exceeded - Check for WLAN — Security Switch (2270)
failure in the same Layer 2 network or add another WLAN —
Security Switch (2270).
SENSED_TEMPERATURE_HIGH
Check fan, air conditioning and/or other cooling
arrangements.
SENSED_TEMPERATURE_LOW
Check room temperature and/or other reasons for low
temperature.
TEMPERATURE_SENSOR_FAILURE
Replace temperature sensor ASAP.
TEMPERATURE_SENSOR_CLEAR
Temperature sensor is operational.
POE_CONTROLLER_FAILURE
Check Direct-Connect APs - possible serious failure
detected.
320298-A Rev 00
Using Client Reason and Status Codes in the Trap Log 233
Table - 2.Error Messages and Descriptions (Continued)
Error Message
Description
MAX_ROGUE_COUNT_EXCEEDED
The current number of active rogues has exceeded system
threshold.
SWITCH_UP
WLAN — Security Switch (2270) is responding to SNMP
polls.
SWITCH_DOWN
WLAN — Security Switch (2270) is not responding to SNMP
polls, check WLAN — Security Switch (2270) and SNMP
settings.
RADIUS_SERVERS_FAILED
Check network connectivity between RADIUS and the
WLAN — Security Switch (2270).
CONFIG_SAVED
Running configuration has been saved to flash - will be
active after reboot.
MULTIPLE_USERS
Another user with the same username has logged in.
FAN_FAILURE
Monitor WLAN — Security Switch (2270) temperature to
avoid overheating.
POWER_SUPPLY_CHANGE
Check for power-supply malfunction.
COLD_START
WLAN — Security Switch (2270) may have been rebooted.
WARM_START
WLAN — Security Switch (2270) may have been rebooted.
Using Client Reason and Status Codes in the Trap Log
As described in WLAN Security Switch Web Interface Online Help, the Clients > Detail page lists the Reason and
Status Codes you are likely to encounter when reviewing the Trap Logs. For your convenience the Reason and Status
Codes and their descriptions are listed in the following sections:
•
“Client Reason Codes on page 234”
•
“Client Status Codes on page 234”
Nortel 2200 Series Product Guide
234 Using Client Reason and Status Codes in the Trap Log
Client Reason Codes
The Client Reason code may be any of the following:
Table - 3.Client Reason Code Descriptions and Meanings
Client
Reason
Code
Description
Meaning
0
noReasonCode
normal operation
1
unspecifiedReason
client associated but no longer authorized
2
previousAuthNotValid
client associated but not authorized
3
deauthenticationLeaving
the WLAN — Access Port (223x) went offline, deauthenticating the client
4
disassociationDueToInactivity
client session timeout exceeded
5
disassociationAPBusy
the WLAN — Access Port (223x) is busy, performing load
balancing, for example
6
class2FrameFromNonAuthStation
client attempted to transfer data before it was
authenticated
7
class2FrameFromNonAssStation
client attempted to transfer data before it was associated
8
disassociationStaHasLeft
Operating System moved the client to another WLAN —
Access Port (223x) using non-aggressive load balancing
9
staReqAssociationWithoutAuth
client not authorized yet, still attempting to associate with
an WLAN — Access Port (223x)
99
missingReasonCode
client momentarily in an unknown state
Client Status Codes
The Client Status code may be any of the following:
Table - 4.Client Status Code Descriptions and Meanings
Client
Status
Code
0
Description
idle
320298-A Rev 00
Meaning
normal operation -- no rejections of client association
requests
Using WLAN — Access Port (223x) LEDs 235
Table - 4.Client Status Code Descriptions and Meanings (Continued)
Client
Status
Code
Description
Meaning
1
aaaPending
completing an aaa transaction
2
authenticated
802.11 authentication completed
3
associated
802.11 association completed
4
powersave
client in powersave mode
5
disassociated
802.11 disassociation completed
6
tobedeleted
to be deleted after disassociation
7
probing
client not associated or authorized yet
8
disabled
automatically disabled by Operating System for an
operator-defined time
Using WLAN — Access Port (223x) LEDs
Table - 5.WLAN — Access Port (223x) LED Conditions and Status
LED Conditions
Status
Power
Alarm
2.4 GHz
5 GHz
Green ON
off
on or off
on or off
WLAN — Security Switch (2270) found, code OK,
normal status.
Green ON
off
Yellow ON
on or off
802.11b/g Activity.
Green ON
off
on or off
Amber ON
off
Red ON
off
off
off
802.11a Activity.
WLAN — Access Port (223x) starting up.
All LEDs cycle back and forth
WLAN — Access Port (223x) searching for WLAN —
Security Switch (2270).
Stops after WLAN — Security Switch (2270) and
DHCP server found.
All LEDs blink on and off together
WLAN — Security Switch (2270) found, code upgrade
in process.
Red
FLASHING
off
off
Duplicate WLAN — Access Port (223x) or WLAN —
Access Port (223x) IP address.
Nortel 2200 Series Product Guide
236 Using WLAN — Access Port (223x) LEDs
320298-A Rev 00
237
References
REFERENCES
This chapter provides information about the Nortel 2200 Series WLAN — Security Switch (2270) and Nortel WLAN —
Access Port (223x). The chapter includes the following:
•
“Glossary” on page 238
•
“Nortel 2200 Series Supported Regulatory Domains” on page 259
•
“Nortel 2200 Series CLI Reference” on page 299
•
Nortel WLAN — Access Port (223x) Deployment Guide Part # 216503-B
•
Nortel WLAN — Access Port (223x) Quick Installation Guide Part # 216394-B
•
Nortel WLAN — Security Switch (2270) Quick Installation Guide Part # 216395-B
•
Nortel WLAN — Management System Quick Installation Guide Part # 216396-B
•
Nortel 2200 Series Operating System Release Notes Part # 216400-B
•
Nortel WLAN — Management System Software Release Notes Part # 216401-B
Nortel 2200 Series Product Guide
238 Glossary
Glossary
Glossary
10Base-T
An IEEE standard (802.3) for operating 10 Mbps Ethernet networks (LANs) with twisted pair cabling and wiring hubs.
100Base-T
An IEEE standard (802.3) for operating 100 Mbps Ethernet networks (LANs) with twisted pair cabling and wiring hubs.
1000Base-SX
An IEEE standard (802.3) for operating 1000 Mbps Ethernet networks (LANs) with fiber optic cables and wiring hubs.
Also known as Gigabit Ethernet (GigE). Note that the Nortel implementation uses small form-factor LC physical
connectors for 1000Base-SX connections.
1000Base-T
An IEEE standard (802.3) for operating 1000 Mbps Ethernet networks (LANs) with twisted pair cabling and wiring
hubs. Also known as Gigabit Ethernet (GigE).
802.11
802.11, or IEEE 802.11, is a type of radio technology used for wireless local area networks (WLANs). It is a standard
that has been developed by the IEEE (Institute of Electrical and Electronic Engineers), http://standards.ieee.org. The
IEEE is an international organization that develops standards for hundreds of electronic and electrical technologies. The
organization uses a series of numbers, to differentiate between the various technology families.
The 802 LAN/MAN Standards Committee (of the IEEE) develops standards for local and metropolitan area networks
with the 802.11 section creating standards for wireless local area networks.
802.11 is composed of several standards operating in different radio frequencies. 802.11b is a standard for wireless
LANs operating in the 2.4 GHz spectrum with a bandwidth of 11 Mbps; 802.11g is a standard for wireless LANs
operating in the 2.4 GHz spectrum with a bandwidth of 54 Mbps; 802.11a is a different standard for wireless LANs, and
pertains to systems operating in the 5 GHz frequency range with a bandwidth of 54 Mbps. Another proposed standard,
802.11g, is for WLANs operating in the 2.4 GHz frequency but with a bandwidth of 54 Mbps.
802.11a
An IEEE specification for wireless networking that operates in the 5 GHz frequency range with a maximum 54 Mbps
data transfer rate. The 5 GHz frequency band is not as crowded as the 2.4 GHz frequency, because the 802.11a specification offers more radio channels than the 802.11b/g. These additional channels can help avoid radio and microwave
interference.
802.11b
International standard for wireless networking that operates in the 2.4 GHz frequency range (2.4 GHz to 2.4835 GHz)
and provides a throughput of up to 11 Mbps. This is a very commonly used frequency. Microwave ovens, cordless
phones, medical and scientific equipment, as well as Bluetooth devices, all work within the 2.4 GHz frequency band.
320298-A Rev 00
Glossary 239
802.11g
Similar to 802.11b, but this proposed standard provides a throughput of up to 54 Mbps. It also operates in the 2.4 GHz
frequency band but uses a different radio technology from 802.11b in order to increase bandwidth.
802.11i
A developing IEEE wireless LAN security standard. A subset of the 802.11i standard, WPA, is being deployed at this
time.
802.1X
An IEEE authentication framework for 802.11 networks. Allows multiple authentication algorithms, including EAP and
RADIUS.
Access Point
A wireless LAN transceiver or “base station” that can connect a wired LAN to one or many wireless devices. Some
access points can also bridge to each other.
ACL
ACL
Access Control List. ACLs define what traffic types will be allowed or denied across one or more Interfaces. Each traffic
type can be used in multiple ACLs, depending on up to 64 Rules defined for each ACL. If no ACL is applied to an Interface, all traffic types are allowed.
Ad-Hoc Mode
A client setting that provides independent peer-to-peer connectivity in a wireless LAN. An alternative set-up is one
where PCs communicate with each other through an AP. See access point and Infrastructure mode.
AES
Advanced Encryption Standard. An encryption algorithm selected by the 802.11i task group to provide robust security in
wireless networks.
Operating System
Operating System. Software that controls Nortel WLAN — Wireless Security Switches (2270), Nortel WLAN —
Wireless Security Switches (2270) and Nortel WLAN — Access Ports (223x). Includes management software and
Operating System Security functions.
Operating System Security
Part of the Operating System that controls all aspects of Security and roaming for the Nortel 2200 Series (Nortel 2200
Series), providing seamless access to business-critical resources.
Nortel 2200 Series Product Guide
240 Glossary
management software
Part of the Operating System that continually monitors associated WLAN — Access Ports (223x) for Traffic Load,
Interference, Noise, Coverage, and Nearby APs.
Using the collected information, the management software dynamically reassigns channels, adjusts the transmit power to
load balance coverage and capacity, allows the operator to group nearby WLAN Access Ports (2230/2231), automatically detects and configures new WLAN — Access Ports (223x), automatically detects and configures new WLAN —
Security Switches (2270), and detects and reports coverage holes.
AP
See Access Point.
API
API
Application Programming Interface. The interface an application uses to call the operating system and other services.
The API is usually defined at the source code level, and provides an interface between the application and the operating
system.
Applet
An application or utility program that is designed to do a very specific and limited task.
Application Software
A computer program that is designed to do a general task. For example, word processing, payroll, Internet browsers and
graphic design programs would all be considered applications.
Association
The process used by a client to connect to an Access Point.
Authentication
The process used to confirm a client’s identity before communication is allowed with other devices connected to the
Access Point.
Backbone
The central part of a large network that links two or more subnetworks and is the primary path for data transmission for
a large business or corporation. A network can have a wired backbone or a wireless backbone.
Bandwidth
The amount of transmission capacity that is available on a network at any point in time. Available bandwidth depends on
several variables such as the rate of data transmission speed between networked devices, network overhead, number of
clients, and the type of device used to connect PCs to a network. It is similar to a pipeline in that capacity is determined
by size: the wider the pipe, the more water can flow through it; the more bandwidth a network provides, the more data
320298-A Rev 00
Glossary 241
can flow through it. Standard 802.11b provides a bandwidth of 11 Mbps; Standards 802.11a and 802.11g provide a
bandwidth of 54 Mbps. These are the raw capabilities of the network. Many things conspire to reduce these values,
including protocol overhead, collisions, and implementation inefficiencies.
BIOS
BIOS
Basic Input/Output System.
Bits per Second (bps)
A measure of data transmission speed over communication lines based on the number of bits that can be sent or received
per second. Bits per second-bps-is often confused with bytes per second-Bps. 8 bits make a byte, so if a wireless network
is operating at a bandwidth of 11 megabits per second (11 Mbps), it is sending data at 1.375 megabytes per second
(1.375 Mbps).
Blacklist
Obsolete reference to the Exclusion List.
Bluetooth Wireless
A technology specification for linking portable computers, personal digital assistants (PDAs) and mobile phones for
short-range transmission of voice and data across a global radio frequency band without the need for cables or wires.
Bluetooth is a frequency-hopping technology in the 2.4 GHz frequency spectrum, with a range of 30 feet.
Bootloader
An operating system module (ppcboot) that loads software entities in a defined order to create a functional operating
system.
Bridge
A product that connects a local area network (LAN) to another local area network that uses the same protocol (for
example, wireless, Ethernet or token ring). Wireless bridges are commonly used to link buildings in campuses.
Broadband
A comparatively fast Internet connection. Services such as ISDN, cable modem, DSL and satellite are all considered
broadband as compared to dial-up Internet access. There is no official speed definition of broadband but services of
100 Kbps and above are commonly thought of as broadband.
Bus Adapter
A special adapter card that installs in a PC's PCI or ISA slot and enables the use of PC Card radios in desktop computers.
Some companies offer one-piece PCI or ISA Card radios that install directly into an open PC or ISA slot.
CA
Certification Authority. A trusted entity or person who issues public-key certificates for data encryption.
Nortel 2200 Series Product Guide
242 Glossary
Cable Modem
A kind of converter used to connect a computer to a cable TV service that provides Internet access. Most cable modems
have an Ethernet Out cable that attaches to a client’s Wi-Fi gateway.
Cert.
Certificate. Used to authenticate the server and encrypt data transmissions between server and browser. See CA and ID
Certificate.
Certification Authority
See CA.
Cipher
An algorithm used to encrypt data.
Client
Any computer or handheld device connected to a network that requests services (files, print capability) from another
member of the network. Each client is associated with a unique MAC address.
Client Device
A Client is an wireless LAN end user. Wi-Fi client devices include PC Cards that slide into laptop computers, mini-PCI
modules embedded in laptop computers and mobile computing devices, as well as USB radios and PCI/ISA bus Wi-Fi
radios. Client devices usually communicate with hub devices like Access Points and Gateways.
Collision Avoidance
A network node characteristic for detecting traffic before transmitting so it can transmit a signal without risking a
collision.
CPU
CPU
Central Processing Unit. The microprocessor part of a computer that interprets and executes instructions.
Crossover Cable
A special cable used for networking two computers without the use of a hub. Crossover cables may also be required for
connecting a cable or DSL modem to a wireless gateway or access point. Instead of the signals transferring in parallel
paths from one plug to another, the signals cross over.
For instance, in an eight-wire crossover cable, the signal starts on pin one at one end of the cable and ends up on
pin eight at the other end. Similarly, the other wires cross over from pin two to pin seven, pin three to pin six, and
pin four to pin five.
320298-A Rev 00
Glossary 243
CSMA/CA
CSMA/CA is the principle medium access method employed by IEEE 802.11 WLANs. It is a “listen before talk”
method of minimizing (but not eliminating) collisions caused by simultaneous transmission by multiple radios. IEEE
802.11 states collision avoidance method rather than collision detection must be used, because the standard employs half
duplex radios-radios capable of transmission or reception-but not both simultaneously.
Unlike conventional wired Ethernet nodes, a WLAN station cannot detect a collision while transmitting. If a collision
occurs, the transmitting station will not receive an ACKnowledge packet from the intended receive station. For this
reason, ACK packets have a higher priority than all other network traffic. After completion of a data transmission, the
receive station will begin transmission of the ACK packet before any other node can begin transmitting a new data
packet. All other stations must wait a longer pseudo randomized period of time before transmitting. If an ACK packet is
not received, the transmitting station will wait for a subsequent opportunity to retry transmission.
CSMA/CD
A method of managing traffic and reducing noise on an Ethernet network. A network device transmits data after
detecting that a channel is available. However, if two devices transmit data simultaneously, the sending devices detect a
collision and retransmit after a random time delay.
DC Power Supply
A module that converts AC power to DC. Depending on manufacturer and product, these modules can range from
typical “wall wart” transformers that plug into a wall socket and provide DC power through a tiny plug to larger, enterprise-level Power over Ethernet (PoE) systems that inject DC power into the Ethernet cables connecting access points.
DES
Data Encryption Standard. A cryptographic algorithm used to protect data transmitted through an unsecured network.
DHCP
A utility that enables a server to dynamically assign IP Addresses from a predefined list and limit their time of use so that
they can be reassigned. Without DHCP, an IT Manager would have to manually enter in all the IP Addresses of all the
computers on the network. When DHCP is used, it automatically assigns an IP Address to each computing device as it
logs onto the network.
Dialup
A communication connection through the standard telephone network, or Plain Old Telephone Service (POTS).
Digital Certificate
An electronic message used to verify a client’s identity, and which can be used to encrypt data. Used in asymmetric
public/private key encryption, in which public-key encrypted data can only be decrypted with the private key, and vice
versa.
Nortel 2200 Series Product Guide
244 Glossary
Disable
Obsolete reference to the Exclusion List.
Diversity Antenna
A type of antenna system that uses two antennas to maximize reception and transmission quality and reduce interference.
DMZ
Demilitarized Zone. A network layer added between the outside network (least secure) and internal network (most
secure) in order to add an extra level of security protection. Many companies choose to locate Wireless Switches, mail
servers, Web servers, and remote access servers in the DMZ.
DNS
A program that translates URLs to IP Addresses by accessing a database maintained on a collection of Internet servers.
The program works behind the scenes to facilitate surfing the Web with alpha versus numeric addresses. A DNS server
converts a name like mywebsite.com to a series of numbers like 107.22.55.26. Every website has its own specific IP
Address on the Internet.
DOS Attacks
Denial of Service Attacks. A network attack that creates enough congestion to block normal traffic.
DSCP
DSCP
Differentiated Services Code Point. A packet header code from 0 - 63 that can be used to define quality of service across
the Internet.
DSL
Various technology protocols for high-speed data, voice and video transmission over ordinary twisted-pair copper POTS
(Plain Old Telephone Service) telephone wires.
DSSS
DSSS
Direct Sequence Spread Spectrum. A carrier modulation technique used for 802.11b transmissions.
DTIM
DTIM
Delivery Traffic Indication Map. A part of the TIM element in 802.11 beacons when a client has frames buffered in the
AP for broadcasting or multicasting. The buffered frames are broadcasted or multicasted at each DTIM, when all
power-saving clients expecting this data should be awake. See also TIM.
Dynamic Encryption Keys
Regularly-refreshed encryption keys. Used in LEAP and WPA protocols to decrease the ability to decrypt the encoded
data.
320298-A Rev 00
Glossary 245
EAP
Extensible Authentication Protocol. Used under 802.1X framework as a PPP extension to provide additional authentication options.
EIRP
Effective Isotropic Radiated Power. The equivalent transmitted signal power relative to a hypothetical isotropic (omnidirectional) radiator, measured in dBi (decibels isotropic).
Encryption
A method of scrambling data to maintain privacy.
Encryption Key
An alphanumeric (letters and/or numbers) series that enables data to be encrypted and then decrypted so it can be safely
shared among members of a network. WEP uses an encryption key that automatically encrypts outgoing wireless data.
On the receiving side, the same encryption key enables the computer to automatically decrypt the information so it can
be read.
Enterprise
A term that is often applied to large corporations and businesses. The enterprise market can incorporate office buildings,
manufacturing plants, warehouses and R&D facilities, as well as large colleges and universities.
ESSID
The identifying name of an 802.11 wireless network. When you specify your correct ESSID in your client setup you
ensure that you connect to your wireless network rather than another network in range. (See SSID.) ESSID is also known
as Network Name, Preferred Network, SSID or Wireless LAN Service Area.
Ethernet
International standard networking technology for wired implementations. Basic 10Base-T networks offer a bandwidth of
about 10 Mbps. Fast Ethernet (100 Mbps) and Gigabit Ethernet (1000 Mbps) are becoming popular.
Exclusion List
Exclusion List
Clients who fail to authenticate three times when attempting to associate are automatically blocked, or Excluded, from
further association attempts for an operator-defined timeout. After the Exclusion timeout, the client is allowed to retry
authentication until it associates or fails authentication and is Exclusion again.
The Operating System also allows operators to permanently Exclude clients by MAC address.
Note that this feature was formerly known as Blacklisting and Disabling.
FCS
Frame Check Sequence. A cyclic redundancy check (CRC) Physical Layer 1 error-detection algorithm.
Nortel 2200 Series Product Guide
246 Glossary
FIPS
Federal Information Processing Standard. Refer to FIPS Publication 197 (http://csrc.nist.gov/publications/fips/fips197/
fips-197.pdf) for more information.
Firewall
A system that enforces an access control policy between two or more networks, securing the network(s) and preventing
access by unauthorized users. Firewalls can be software, hardware or a combination of both. Firewalls can prevent unrestricted access into a network, as well as restrict data from flowing out of a network.
FireWire
A high-speed serial bus system, FireWire is the IEEE 1394 standard for input/output technology that connects multimedia and storage peripherals to a PC. FireWire (Apple), 1394 (Linux) and iLink (Sony) are different names for
products that perform the same function. FireWire can provide a bandwidth of about 400 Mbps.
.FPE
.FPE
A filename extension used by the Nortel WLAN — Floor Plan Editor for wall map configuration files. Requires a
corresponding .GIF, .JPG, .BMP, or .PNG file when importing into WLAN Management System.
GARP
General Attribute Registration Protocol.
Gateway
In the wireless world, a gateway is an access point with additional software capabilities such as providing NAT and
DHCP. Gateways may also provide VPN support, roaming, firewalls, various levels of security, etc.
GigE
A Gigabit Ethernet IEEE standard (802.3) for operating 1000 Mbps Ethernet networks (LANs) with fiber optic cables
and wiring hubs. See also 1000Base-SX.
GUI
Graphical User Interface. A computer user interface based on graphics rather than text; uses a mouse or other input
device as well as a keyboard.
GVRP
GARP VLAN Registration Protocol.
HotSpot
A place where you can access Wi-Fi service. This can be for free or for a fee. HotSpots can be inside a coffee shop,
airport lounge, train station, convention center, hotel or any other public meeting area. Corporations and campuses are
320298-A Rev 00
Glossary 247
also implementing HotSpots to provide wireless Internet access to their visitors and guests. In some parts of the world,
HotSpots are known as CoolSpots.
Hub
A multiport device used to connect PCs to a network through Ethernet cabling or through wireless connections. Wired
hubs can have numerous ports and can transmit data at speeds ranging from 10 Mbps to multigigabyte speeds per
second. A hub transmits packets it receives to all the connected ports. A small wired hub may only connect 4 computers;
a large hub can connect 48 or more. Wireless hubs can connect hundreds.
Hz
The international unit for measuring frequency, equivalent to the older unit of cycles per second. One megahertz (MHz)
is one million hertz. One gigahertz (GHz) is one billion hertz. The standard US electrical power frequency is 60 Hz, the
AM broadcast radio frequency band is 535-1605 kHz, the FM broadcast radio frequency band is 88-108 MHz, and
wireless 802.11b/g LANs operate at 2.4 GHz.
I/O
The term used to describe any operation, program or device that transfers data to or from a computer.
ID Certificate
A Certificate used by Web server operators to ensure secure server operation. Usually accompanied by a Private Key.
IEEE
Institute of Electrical and Electronics Engineers, New York, www.ieee.org. A membership organization that includes
engineers, scientists and students in electronics and allied fields. It has more than 300,000 members and is involved with
setting standards for computers and communications.
IEEE 802.11
A set of specifications for LANs from The Institute of Electrical and Electronics Engineers (IEEE). Most wired networks
conform to 802.3, the specification for CSMA/CD based Ethernet networks or 802.5, the specification for token ring
networks. 802.11 defines the standard for wireless LANs encompassing three incompatible (non-interoperable) technologies: Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS) and Infrared. See also
802.11, 802.11a, 802.11b, 802.11g and 802.1X. See also WECA.
IKE
Internet Key Exchange. A protocol used to start, stop and monitor IPSec dynamic tunnels.
iLink
Sony's term for IEEE1394 technology that provides a bandwidth of about 400 Mbps. Many people also refer to this
high-speed communication technology using Apple's original term, FireWire. Future versions of 1394 will greatly
increase the bandwidth.
Nortel 2200 Series Product Guide
248 Glossary
Infrastructure Mode
A client setting providing connectivity to an AP. As compared to Ad-Hoc mode, whereby PCs communicate directly
with each other, clients set in Infrastructure Mode all pass data through a central AP. The AP not only mediates wireless
network traffic in the immediate neighborhood, but also provides communication with the wired network. See Ad-Hoc
and AP.
Internet Appliance
A computer that is intended primarily for Internet access, is simple to set up and usually does not support installation of
third-party software. These computers generally offer customized web browsing, touch-screen navigation, email
services, entertainment and personal information management applications. An Internet appliance can be Wi-Fi enabled
or it can be connected through a cable to the local network.
IP
Internet Protocol. A set of rules used to send and receive messages at the Internet address level.
IP Address
A 32-bit number that identifies each sender or receiver of information that is sent across the Internet. An IP Address has
two parts: an identifier of a particular network on the Internet and an identifier of the particular device (which can be a
server or a workstation) within that network.
IP Telephony
Internet Protocol Technology that supports voice, data and video transmission through IP-based LANs, WANs, and the
Internet. This includes VoIP (Voice over IP).
IPSec
IP Security. Protocol used to authenticate and/or encrypt IP data using IPSec and/or IKE secure tunnels. Used to support
VPN tunnels across the internet.
IPSec Passthrough
Operating System Security feature that allows IPSec-equipped clients to communicate directly with other IPSec
equipment.
IPX-SPX
IPX, short for Internetwork Packet Exchange, a networking protocol used by the Novell NetWare operating systems.
Like UDP/IP, IPX is a datagram protocol used for connectionless communications. Higher-level protocols, such as SPX
and NCP, are used for additional error recovery services. Sequenced Packet Exchange, SPX, a transport layer protocol
(layer 4 of the OSI Model) used in Novell Netware networks. The SPX layer sits on top of the IPX layer (layer 3) and
provides connection-oriented services between two nodes on the network. SPX is used primarily by client/server applications. Whereas the IPX protocol is similar to IP, SPX is similar to TCP. Together, therefore, IPX-SPX provides
connection services similar to TCP/IP.
320298-A Rev 00
Glossary 249
ISA
A type of internal computer bus that allows the addition of card-based components like modems and network adapters.
ISA has been replaced by PCI and is not very common anymore.
ISDN
A type of broadband Internet connection that provides digital service from the customer's premises to the dial-up
telephone network. ISDN uses standard POTS copper wiring to deliver voice, data or video.
ISO Network Model
A network model developed by the International Standards Organization (ISO) that consists of seven different levels, or
layers. By standardizing these layers, and the interfaces in between, different portions of a given protocol can be
modified or changed as technologies advance or systems requirements are altered. The seven layers are:
•
Application, Layer 7
•
Presentation, Layer 6
•
Session, Layer 5
•
Transport, Layer 4
•
Network, Layer 3
•
Data Link, Layer 2
•
Physical, Layer 1
The IEEE 802.11 Standard encompasses the physical layer (PHY) and the lower portion of the data link layer. The lower
portion of the data link layer is often referred to as the Medium Access Controller (MAC) sublayer.
ISS
A special software application that allows all PCs on a network access to the Internet simultaneously through a single
connection and Internet Service Provider (ISP) account.
Key Management
Ensuring that encryption keys are current and synchronized between clients and Access Points. Key management can be
performed manually or automatically using 802.1X.
L2TP
Layer 2 Tunneling Protocol, a PPP protocol extension enabling providers to operate Virtual Private Networks (VPNs).
LAN
A system of connecting PCs and other devices within close physical proximity for sharing resources such as an Internet
connections, printers, files and drives. When Wi-Fi is used to connect the devices, the system is known as a wireless
LAN or WLAN.
Nortel 2200 Series Product Guide
250 Glossary
LEAP
Cisco Wireless EAP. EAP used by Cisco equipment to secure wireless networks with WEP-based devices.
LWAPP
LWAPP
The pending IETF (Internet Engineering Task Force) Lightweight Access Point Protocol standard defining communications between Wireless LAN Switches and “Light” Access Points.
MAC
Medium Access Control. This is the function of a network controller that determines who gets to transmit when. Each
network adapter must be uniquely identified. Every wireless 802.11 device has its own specific MAC address
hard-coded into it. This unique identifier can be used to provide security for wireless networks. When a network uses a
MAC table, only the 802.11 radios that have had their MAC addresses added to that network's MAC table will be able to
get onto the network.
Mapping
Assigning a PC to a shared drive or printer port on a network.
MIC
Message Integrity Check. Used to ensure the integrity of a received message.
Mobile Device
See Client, Client Device.
Mobile Professional
A salesperson or a “road warrior” who travels frequently and requires the ability to regularly access his or her corporate
networks, through the Internet, to post and retrieve files and data and to send and receive email.
NAT
A network capability that enables a houseful of computers to dynamically share a single incoming IP Address from a
dial-up, cable or xDSL connection. NAT takes the single incoming IP Address and creates new IP Address for each
client computer on the network.
NetBIOS
Network Basic Input/Output System. An API, or set of network commands, which activates network data transfer operations between IBM PC compatibles.
320298-A Rev 00
Glossary 251
Network Name
Identifies the wireless network for all the shared components. During the installation process for most wireless networks,
you need to enter the network name or SSID. Different network names are used when setting up your individual
computer, wired network or workgroup.
NIC
A type of PC adapter card that either works without wires (Wi-Fi) or attaches to a network cable to provide two-way
communication between the computer and network devices such as a hub or switch. Most office wired NICs operate at
10 Mbps (Ethernet), 100 Mbps (Fast Ethernet) or 10/100 Mbps dual speed. High-speed Gigabit and 10 Gigabit NIC
cards are also available. See PC Card.
NVRAM
Non-Volatile Random Access Memory. Any type of memory that does not lose its contents when the main power is
removed. (See also Volatile RAM.)
OFDM
Orthogonal Frequency Division Multiplexing. A multi-carrier modulation technique used for 802.11a and 802.11g
transmissions.
PC Card
A removable, credit-card-sized memory or I/O device that fits into a Type 2 PCMCIA standard slot, PC Cards are used
primarily in PCs, portable computers, PDAs and laptops. PC Card peripherals include Wi-Fi cards, memory cards,
modems, NICs, hard drives, etc.
PCI
A high-performance I/O computer bus used internally on most computers. Other bus types include ISA and AGP. PCIs
and other computer buses enable the addition of internal cards that provide services and features not supported by the
motherboard or other connectors.
PCMCIA
Expansion cards now referred to as “PC Cards” were originally called “PCMCIA Cards” because they met the standards
created by the Personal Computer Memory Card International Association.
PDA
Smaller than laptop computers but with many of the same computing and communication capabilities, PDAs range
greatly in size, complexity and functionality. PDAs can provide wireless connectivity through embedded Wi-Fi Card
radios, slide-in PC Card radios, or Compact Flash Wi-Fi radios.
Nortel 2200 Series Product Guide
252 Glossary
Peer-to-Peer Network
A wireless or wired computer network that has no server or central hub or router. All the networked PCs are equally able
to act as a network server or client, and each client computer can talk to all the other wireless computers without having
to go through an access point or hub. However, since there is no central base station to monitor traffic or provide Internet
access, the various signals can collide with each other, reducing overall performance.
PEM
Privacy Enhanced Mail. PEM files are created from CSR files by a Certification Authority (CA) using base64 encoding
with additional header and footer lines.
PHY
The lowest layer within the OSI Network Model. It deals primarily with transmission of the raw bit stream over the
PHYsical transport medium. In the case of wireless LANs, the transport medium is free space. The PHY defines parameters such as data rates, modulation method, signaling parameters, transmitter/receiver synchronization, etc. Within an
actual radio implementation, the PHY corresponds to the radio front end and baseband signal processing sections.
Plug and Play
A computer system feature that automatic configures of add-ons and peripheral devices such as wireless PC Cards,
printers, scanners and multimedia devices.
POTS
Plain Old Telephone Service. Wired analog telephone service.
ppcboot
ppcboot
Nortel 2200 Series WLAN — Security Switch (2270) Bootloader.
PPP
Point-to-Point Protocol.
Proxy Server
Used in larger companies and organizations to improve network operations and security, a proxy server is able to
prevent direct communication between two or more networks. The proxy server forwards allowable data requests to
remote servers and/or responds to data requests directly from stored remote server data.
QoS
QoS
Quality of Service. A term that guarantees a specific throughput level. For instance, high QoS can be used to ensure
adequate throughput for Voice over WLAN.
320298-A Rev 00
Glossary 253
Range
How far will your wireless network stretch? Most Wi-Fi systems will provide a range of a hundred feet or more.
Depending on the environment and the type of antenna used, Wi-Fi signals can have a range of up to mile.
RADIUS
Remote Authentication Dial-In User Service. An authentication and accounting system used to exclude unauthorized
clients.
Residential Gateway
A wireless device that connects multiple PCs, peripherals and the Internet on a home network. Most Wi-Fi residential
gateways provide DHCP and NAT as well.
RF
Radio Frequency. A frequency within which radio waves may be transmitted.
RJ-45
Standard connectors used in Ethernet networks. Even though they look very similar to standard RJ-11 telephone connectors, RJ-45 connectors can have up to eight wires, whereas telephone connectors have only four.
Roaming
Moving seamlessly from one AP coverage area to another with no loss in connectivity.
Router
A device that forwards data packets from one local area network (LAN) or wide area network (WAN) to another. Based
on routing tables and routing protocols, routers can read the network address in each transmitted frame and make a
decision on how to send it through the most efficient route based on traffic load, line costs, speed, bad connections, etc.
RSN
Robust Security Network. An IEEE 802.11i working group strong authentication and encryption standard that uses
802.1X, EAP, AES, TKIP, and MIC.
RSSI
Received Signal Strength Indicator, also known as Signal Strength. A measure of received RF energy, measured in dBm.
RTOS
Real-time operating system. An operating system that features a guaranteed performance per time unit.
Nortel 2200 Series Product Guide
254 Glossary
Rx
Receive.
Satellite Broadband
A wireless high-speed Internet connection provided by satellites. Some satellite broadband connections are two-way-up
and down. Others are one-way, with the satellite providing a high-speed downlink and then using a dial-up telephone
connection or other land-based system for the uplink to the Internet.
Server
A computer that provides its resources to other computers and devices on a network. These include print servers, Internet
servers and data servers. A server can also be combined with a hub or router.
Site Survey
The process whereby a wireless network installer inspects a location prior to putting in a wireless network. Site surveys
are used to identify the radio- and client-use properties of a facility so that access points can be optimally placed.
SNR
Signal to Noise Ratio. The ratio of signal intensity to noise intensity, measured in dB.
SOHO
A term generally used to describe an office or business with ten or fewer computers and/or employees.
SSH
Secure Shell; also known as Secure Socket Shell. SSH data transmissions and passwords to and from Nortel WLAN —
Wireless Security Switches (2270) are encrypted and use digital certificates for authentication from both ends of the
connection. SSH is always enabled for WLAN — Security Switches (2270).
When you plan to secure the WLAN — Security Switch (2270) Telnet Interface using the SSH protocol, note that the
Operating System automatically generates its own local SSH certificate and automatically applies it to the Telnet
Interface.
SSID
A 32-character unique identifier attached to the header of packets sent over a WLAN that acts as a name when a mobile
device tries to connect to an access point. (Also called ESSID.) The SSID differentiates one WLAN from another, so all
access points and all devices attempting to connect to a specific WLAN must use the same SSID. A device will not be
permitted to associate with the AP unless it can provide the unique SSID. Because an SSID can be sniffed in plain text
from a packet, it does not supply any security to the network. An SSID is also referred to as a Network Name because
essentially it is a name that identifies a wireless network.
320298-A Rev 00
Glossary 255
SSL
Secure Sockets Layer. Commonly used encryption protocol used by many enterprises to protect the security and
integrity of transactions. When an SSL session begins, the server sends its public key to the browser. The browser then
sends a randomly generated secret key back to the server to complete a secret key exchange for that session.
When you plan to secure the WLAN — Security Switch (2270) HTTP: WLAN Security Switch Web Interface using the
https: (HTTP + SSL) protocol, note that the Operating System automatically generates its own local Web Administration
SSL certificate and automatically applies it to the WLAN Security Switch Web Interface.
Static Key
An encryption key that has been entered into both access point and client, used for encrypting data communications.
Static WEP keys can be cracked, but AES keys are currently safe for wireless transmissions.
Subnetwork or Subnet
Found in larger networks, these smaller networks are used to simplify addressing between numerous computers. Subnets
connect to the central network through a router, hub or gateway. Each individual wireless LAN will probably use the
same subnet for all the local computers it talks to.
Subscriber
Subscriber
A subscriber is the user who accesses network services through an 802.11 client.
Switch
A type of hub that efficiently controls the way multiple devices use the same network so that each can operate at optimal
performance. A switch acts as a network traffic policeman: rather than transmitting all the packets it receives to all ports
as a hub does, a switch transmits packets to only the receiving port.
TCP
A protocol used along with the Internet Protocol (IP) to send data in the form of individual units (called packets)
between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care of
keeping track of the packets that a message is divided into for efficient routing through the Internet. For example, when
a web page is downloaded from a web server, the TCP program layer in that server divides the file into packets, numbers
the packets, and then forwards them individually to the IP program layer. Although each packet has the same destination
IP Address, it may get routed differently through the network. At the other end, TCP reassembles the individual packets
and waits until they have all arrived to forward them as a single file.
TCP/IP
The underlying technology behind the Internet and communications between computers in a network. The first part,
TCP, is the transport part, which matches the size of the messages on either end and guarantees that the correct message
has been received. The IP part is the client's computer address on a network. Every computer in a TCP/IP network has its
own IP Address that is either dynamically assigned at startup or permanently assigned. All TCP/IP messages contain the
address of the destination network as well as the address of the destination station. This enables TCP/IP messages to be
transmitted to multiple networks (subnets) within an organization or worldwide.
Nortel 2200 Series Product Guide
256 Glossary
TFTP
Trivial File Transfer Protocol.
TIM
TIM
Traffic Indication Map. An element in all 802.11 beacons when a client has frames buffered in the AP. The buffered
frames are broadcasted or multicasted at each DTIM, when all power-saving clients expecting this data should be awake.
See also DTIM.
TKIP
Temporal Key Integrity Protocol. Generates new keys every 10 kb of payload traffic.
Tx
Transmit.
USB
A high-speed bidirectional serial connection between a PC and a peripheral that transmits data at the rate of 12 megabits
per second. The new USB 2.0 specification provides a data rate of up to 480 Mbps, compared to standard USB at only
12 Mbps. 1394, FireWire and iLink all provide a bandwidth of up to 400 Mbps.
VLAN
Virtual LAN. A networking mechanism that makes clients appear as if they are connected to the same network, even if
they are physically located on different LAN segments. Nortel recommends that you assign one set of VLANs for
WLANs and a different set of VLANs for mobility groups to ensure that WLAN — Security Switches (2270) properly
route VLAN traffic.
VoIP
Voice transmission using Internet Protocol to create digital packets distributed over the Internet. VoIP can be less
expensive than voice transmission using standard analog packets over POTS (Plain Old Telephone Service).
Volatile RAM
Volatile Random Access Memory. The basic form of computer memory, which can be accessed randomly. In the Nortel
products, the Volatile RAM contains the active settings for current operations. Upon reboot, the Volatile RAM is
cleared, and the configurations stored in the NVRAM are copied into the Volatile RAM. (See also NVRAM.)
VPN
A type of technology designed to increase the security of information transferred over the Internet. VPN can work with
either wired or wireless networks, as well as with dial-up connections over POTS. VPN creates a private encrypted
tunnel from the end user's computer, through the local wireless network, through the Internet, all the way to the
corporate servers and database.
320298-A Rev 00
Glossary 257
WAN
A communication system of connecting PCs and other computing devices across a large local, regional, national or international geographic area. Also used to distinguish between phone-based data networks and Wi-Fi. Telephone networks
are considered WANs and Wi-Fi networks are considered Wireless Local Area Networks (WLANs).
War Chalking
Marking symbols on sidewalks and walls to indicate nearby APs. This allows other 802.11-equipped clients to connect
to the Internet using other peoples’ APs. This practice was inspired by hobos during the Great Depression who used
chalk marks to indicate friendly homes.
WebAuth
Web Authentication. An application-layer authentication of a user by username and password contained in either a local
or RADIUS database.
WECA
Wireless Ethernet Compatibility Alliance, the former name of the Wi-Fi Alliance.
WEP
Wired Equivalent Privacy. Basic wireless security provided by Wi-Fi. In some instances, WEP may be all a home or
small-business user needs to protect wireless data. Nortel equipment supports the following WEP versions:
•
40-bit, also called 64-bit encryption.
•
108-bit, also called 128-bit encryption.
•
128-bit, also called 152-bit encryption.
Wi-Fi Alliance
An organization of wireless equipment and software providers, formerly known as the Wireless Ethernet Compatibility
Alliance (WECA), organized to certify 802.11-based products for interoperability and to promote Wi-Fi as the universal
brand name for 802.11-based wireless LAN products.
While all 802.11a/b/g products are called Wi-Fi, only products that have passed the Wi-Fi Alliance testing are allowed to
refer to their products as ‘Wi-Fi Certified’. Currently, all Nortel WLAN — Access Ports (223x) have 802.11a and
802.11b Wi-Fi certification.
WISP
Wireless Internet Service Provider.
WLAN
Also referred to as Wireless LAN. A type of local-area network that uses high-frequency radio waves rather than wires
to communicate between nodes.
Nortel 2200 Series Product Guide
258 Glossary
WME
Microsoft Wireless Multimedia Extensions, which is a precursor to 802.11e QoS standard.
WPA
Wi-Fi Protected Access. A subset of the IEEE 802.11i wireless LAN security/encryption standard. Uses TKIP. Currently
supported by the Nortel 2200 Series WLAN — Security Switch (2270).
VG
Virtual Gateway. A virtual (unassigned, reserved) IP address, such as 1.1.1.1, used by Nortel Layer 3 Security and
Mobility managers.
XAuth
Extended Authentication. A client authentication protocol used with other protocols, such as IKE.
320298-A Rev 00
Nortel 2200 Series Supported Regulatory Domains 259
Nortel 2200 Series Supported Regulatory Domains
Nortel 2200 Series Supported Regulatory Domains
The Nortel 2200 Series has been approved or is being approved to operate in the following regulatory domains, and fully
conforms with current regulatory domain requirements. Note that some of these entries may change over time; consult
Nortel Technical Support for current approvals.
Frequency
Range
(GHz)
36, 40, 44, 48
60 mW EIRP
In
5.15-5.25
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.725-5.825
b
1 - 11
200 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
120 mW EIRP
120 mW EIRP
In
In
5.15-5.25
b/g
1 - 12
13
100 mW EIRP
100 mW EIRP
In
Out
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
200 mW EIRP
In
5.725-5.85
1 W EIRP
Both
(b/g
1 - 11
1 W EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
1 W+6 dBi=4 W
In
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
b/g
1 - 11
1 W+Restricted Antennas
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
200 mW EIRP
200 mW EIRP
In
In
5.15-5.25
5.25-5.35
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
Country
Code/
Country
802.11
Bands
Maximum Transmit
Power
(RadioTx + Antenna
Gain = EIRP)
Indoor/
Outdoor Use
Note that the maximum regulatory Transmit Power Level Limits published here are defined by the Country Code
setting, and are regulated on a country by country basis. Also note that the actual maximum transmit power levels may
be less than the published regulatory limits.
AT/
Austria
a
AU/
Australia
BE/
Belgium
BR/
Brazil
CA/
Canada
CH/
Switzerland and
Liechtenstein
Channels
Allowed
Regulatory
Authority
BMV/
FSB-LD047
ACA
BIPT/
Annexe B3 Interface radio HIPERLAN
Anatel/
Resolution 305
Industry
Canada
RSS-210
OFCOM
Nortel 2200 Series Product Guide
Frequency
Range
(GHz)
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
1 W+6 dBi=4 W
In
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
b/g
1 - 11
1 W+Restricted Antennas
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.725-5.825
b
1 - 11
200 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
1 W+6 dBi=4 W
In
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
b/g
1 - 11
1 W+Restricted Antennas
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
In
2.412-2.472
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
Country
Code/
Country
802.11
Bands
Maximum Transmit
Power
(RadioTx + Antenna
Gain = EIRP)
Indoor/
Outdoor Use
260 Nortel 2200 Series Supported Regulatory Domains
CY/
Cyprus
a
CZ/
Czech
Republic
DE/
Germany
DK/
Denmark
EE/
Estonia
ES/
Spain
FI/
Finland
320298-A Rev 00
Channels
Allowed
Regulatory
Authority
(tbd)
CTO
RegTP/
wlan35
ITST/
Radio interface
specification 00 007
SIDEAMET
Ministry of Telecommunications
FICORA/
RLAN Notice
Frequency
Range
(GHz)
36, 40, 44, 48
52, 56, 60, 64
200 mW EIRP
200 mW EIRP
In
In
5.15-5.25
5.25-5.35
b/g
1-7
8 - 11
100 mW EIRP
100 mW EIRP
Both
In
2.4-2.4835
2.4-2.454
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
GR/
Greece
b/g
1 - 11
100 mW EIRP
In
2.4-2.4835
Ministry of Transport & Communications
HK/
Hong
Kong
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
200 mW EIRP
200 mW EIRP
1 W+6 dBi=4 W
Both
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
OFTA
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
200 mW EIRP
In
5.15-5.25
5.25-5.35
b/g
1 - 11
1 W EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
Country
Code/
Country
802.11
Bands
Maximum Transmit
Power
(RadioTx + Antenna
Gain = EIRP)
Indoor/
Outdoor Use
Nortel 2200 Series Supported Regulatory Domains 261
FR/
France
a
GB/
United
Kingdom
HU/
Hungary
IE/
Ireland
IL/
Israel
ILO/
Israel
OUTDOOR
Channels
Allowed
Regulatory
Authority
A.R.T./
Decision 01-441
UKRA/
IR2006
HIF
COMREG/
ODTR 00/61, ODTR
0062
MOC
MOC
Nortel 2200 Series Product Guide
IN/
India
a
Channels
Allowed
(tbd)
b/g
IS/
Iceland
IT/
Italy
JP/
Japan
KR/
Republic
of Korea
LT/
Lithuania
LU/
Luxembourg
Maximum Transmit
Power
(RadioTx + Antenna
Gain = EIRP)
Indoor/
Outdoor Use
Country
Code/
Country
802.11
Bands
262 Nortel 2200 Series Supported Regulatory Domains
Frequency
Range
(GHz)
(tbd)
(tbd)
(tbd)
4 W EIRP
In
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
In
2.4-2.4835
a
1-3
1-4
100 mW EIRP
100 mW EIRP
Both
In
5.03-5.09
5.15-5.25
b
1-14
10 mW/
MHz~200mW EIRP
Both
2.4-2.497
g
1-13
10 mW/
MHz~200mW EIRP
Both
2.4-2.497
a
149, 153, 157,
161
150 mW+6 dBi~600 m
W
Both
5.725-5.825
b/g
1-13
150 mW+6 dBi~600 m
W
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
1 W+6 dBi=4 W
In
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
b/g
1 - 11
1 W+Restricted Antennas
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
320298-A Rev 00
Regulatory
Authority
WPC
PTA
Ministry of Comm
Telec/ARIB
STD-T66
RRL/
MIC Notice 2003-13
LTR
ILR
Frequency
Range
(GHz)
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
1 W+6 dBi=4 W
In
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
b/g
1 - 11
1 W+Restricted Antennas
Both
2.4-2.4835
MY/
Malaysia
b/g
1-13
100 mW EIRP
In
2.4-2.5
CMC
NL/
Netherlands
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
Radiocom Agency
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
1 W+6 dBi=4 W
In
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
b/g
1 - 11
1 W+Restricted Antennas
Both
2.4-2.4835
a
(tbd)
(tbd)
(tbd)
5.725-5.875
b
(tbd)
100 mW EIRP
(tbd)
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
200 mW EIRP
In
2.4-2.4835
1 W EIRP
Both
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
Country
Code/
Country
802.11
Bands
Maximum Transmit
Power
(RadioTx + Antenna
Gain = EIRP)
Indoor/
Outdoor Use
Nortel 2200 Series Supported Regulatory Domains 263
LV/
Latvia
a
NO/
Norway
NZ/
New
Zealand
PH/
Philippines
PL/
Poland
PT/
Portugal
Channels
Allowed
Regulatory
Authority
(tbd)
NPT
RSM
PDC
Office of Telecom &
Post
NCA
Nortel 2200 Series Product Guide
Frequency
Range
(GHz)
36, 40, 44, 48
52, 56, 60, 64
104, 108, 112,
116, 120, 124,
128, 132, 140
200 mW EIRP
200 mW EIRP
1 W EIRP
In
In
Both
5.15-5.25
5.25-5.35
5.47-5.725
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
(tbd)
100 mW EIRP
100 mW EIRP
Both
Both
5.15-5.25
5.725-5.85
b/g
1 - 11
100 mW EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
1 W+6 dBi=4 W
In
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
b/g
1 - 11
1 W+Restricted Antennas
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
1 W+6 dBi=4 W
In
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
b/g
1 - 11
1 W+Restricted Antennas
Both
2.4-2.4835
a
(tbd)
(tbd)
(tbd)
5.725-5.875
b/g
1-13
100 mW EIRP
In
2.4-2.5
a
(tbd)
149, 153, 157,
161
50 mW+6 dBi=200 mW
1 W EIRP
In
Both
5.25-5.35
5.725-5.825
b/g
1-13
1 W EIRP
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
149, 153, 157,
161
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
1 W+6 dBi=4 W
In
Both
Both
5.15-5.25
5.25-5.35
5.725-5.85
b/g
1 - 11
1 W Conducted Output
Both
2.4-2.4835
a
36, 40, 44, 48
52, 56, 60, 64
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
In
Both
5.15-5.25
5.25-5.35
b/g
1 - 11
1 W Conducted Output
Both
2.4-2.4835
Country
Code/
Country
802.11
Bands
Maximum Transmit
Power
(RadioTx + Antenna
Gain = EIRP)
Indoor/
Outdoor Use
264 Nortel 2200 Series Supported Regulatory Domains
SE/
Sweden
a
SG/
Singapore
SI/
Slovenia
SK/
Slovak
Republic
TH/
Thailand
TW/
Taiwan
US/
United
States of
America
USE/
United
States of
America
320298-A Rev 00
Channels
Allowed
Regulatory
Authority
PTS
IDA/
TS SSS Issue 1
ATRP
Telecom Admin.
PDT
PDT
FCC
Part 15
FCC
Part 15
Frequency
Range
(GHz)
36, 40, 44, 48
52, 56, 60, 64
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
In
Both
5.15-5.25
5.25-5.35
b/g
1 - 11
1 W Conducted Output
Both
2.4-2.4835
USX/
United
States of
America
EXTENDE
D
a
36, 40, 44, 48
52, 56, 60, 64
50 mW+6 dBi=200 mW
250 mW+6 dBi=1 W
In
Both
5.15-5.25
5.25-5.35
b/g
1 - 11
1 W Conducted Output
Both
2.4-2.4835
ZA/
South
Africa
a
(tbd)
149, 153, 157,
161
50 mW+6 dBi=200 mW
1 W EIRP
In
Both
5.25-5.35
5.725-5.825
b/g
1-13
1 W EIRP
Both
2.4-2.4835
Country
Code/
Country
802.11
Bands
Maximum Transmit
Power
(RadioTx + Antenna
Gain = EIRP)
Indoor/
Outdoor Use
Nortel 2200 Series Supported Regulatory Domains 265
USL/
United
States of
America
LOW
a
Channels
Allowed
Regulatory
Authority
FCC
Part 15
FCC
Part 15
(tbd)
Nortel 2200 Series Product Guide
266 Nortel 2200 Series Supported Regulatory Domains
320298-A Rev 00
267
Contivity Client Configuration
This Guide contains several sections guiding you through the configuration and operation of the Nortel Contivity Client
Software:
Contivity Client software installation is generally a straight-forward procedure and requires little input from the user to
achieve satisfactory results. As with most Windows installations, you will require sufficient hard disk space and proper
network access to the desired switch through the VPN connection.
Getting Started
To
The Nortel Contivity Client Software allows for quick and easy access to the office or corporate LAN via the Internet
using VPN (Virtual Private Network) from remotely connected computers. Access the WSS (2270) through IP address
or by host name as configured in the Hosts file.
Nortel 2200 Series Product Guide
268 Configuring Contivity VPN for the Nortel WLAN — Security Switch (2270)
Configuring Contivity VPN for the Nortel WLAN — Security Switch
(2270)
Switch side:
1.
Creating a WLAN on the Nortel WLAN — Security Switch (2270)
2.
Open the WSS (2270) Web User Interface and click Login a new dialog opens
3.
Enter the login and password.
Figure - 1. WSS (2270) Web User Interface
320298-A Rev 00
Configuring Contivity VPN for the Nortel WLAN — Security Switch (2270) 269
4.
From the WSS (2270) Web User Interface browser screen, click WLANS > New...
Figure - 2. New WLAN
Nortel 2200 Series Product Guide
270 Configuring Contivity VPN for the Nortel WLAN — Security Switch (2270)
5.
Type in a name for the SSID and click Apply. (This will be used later by the clients as the Group Authentication ID)
Figure - 3. SSID Name
320298-A Rev 00
Configuring Contivity VPN for the Nortel WLAN — Security Switch (2270) 271
6.
Enable Admin Status, and change Layer 2 Security to "None", L3 Security to "IPSec".
Figure - 4. Enabling Admin Status, L2, and L3 Security
Nortel 2200 Series Product Guide
272 Configuring Contivity VPN for the Nortel WLAN — Security Switch (2270)
7.
DHCP Address Assignment must be selected. Click the dialog box to select. (This must be enabled for
Contivity)
Figure - 5. DHCP Address Assignment
8.
Select Xauth-Pre-Shared-Key under IKE Authentication and enter a password (the password will be used later
by the clients as the Group Authentication password)
9.
Set IKE Phase 1 to Aggressive mode (This must be set to Aggressive mode for Contivity)
10.
Click in the box to Enable Contivty Mode, click again to Disable Contivity Mode by removing the check
mark.
320298-A Rev 00
Configuring Contivity VPN for the Nortel WLAN — Security Switch (2270) 273
11.
For QOTD Server enter the IP address of the host which has the QOTD service configured, or set the IP
address to 0.0.0.0 to disable (This is used to present banner messages to clients as they log in)
Figure - 6. Setting Xauth-Pre-Shared-Key, IKE Aggressive Mode, Contivity Mode and QOTD
Nortel 2200 Series Product Guide
274 Configuring Contivity VPN Client
Configuring Contivity VPN Client
The version of Contivity VPN Client supported in release 2.2 is V04_91.021 or higher. To configure the Contivity VPN
Client complete the following steps.
Figure - 7. About Contivity VPN Client
1.
Open the Contivity VPN Client using either the shortcut placed on the desktop during software installation or
by opening the Start menu and selecting Programs > Nortel Networks > Contivity VPN Client as indicated
in Figure - 8.
Figure - 8. Starting the Contivity VPN Client
320298-A Rev 00
Configuring Contivity VPN Client 275
2.
Once the client software starts, click File on the Menu bar and select Connection Wizard to create a New
Connection.
Figure - 9. Contivity Connection Wizard
Nortel 2200 Series Product Guide
276 Configuring Contivity VPN Client
3.
Enter the new connection profile name as defined by the System Administrator.
Figure - 10. Contivity Connection Profile
320298-A Rev 00
Configuring Contivity VPN Client 277
4.
Select the “Username and Password” as Authentication type for this connection radio button. Then click
Next.
Figure - 11. Contivity Username and Password
Nortel 2200 Series Product Guide
278 Configuring Contivity VPN Client
5.
Enter the User Name and Password. This must match either the local net user on the Nortel WLAN —
Security Switch (2270) or the Radius login. Then click Next.
Figure - 12. User Identification
320298-A Rev 00
Configuring Contivity VPN Client 279
6.
On the Group Authentication Information dialog, select the “Yes, I have a Group ID and Group Password”
radio button.
7.
Enter the appropriate WLAN ID in the Group ID field and the PSK in the “Group Password” field and click
Next.
Figure - 13. Contivity Group Authentication Information
Nortel 2200 Series Product Guide
280 Configuring Contivity VPN Client
8.
Enter the Virtual Interface IP address of the Contivity VPN Switch at the remote location.
Figure - 14. Contivity VPN IP Address
320298-A Rev 00
Configuring Contivity VPN Client 281
9.
On the Dial-up Connection dialog select the “No, I do not want to dial first” radio button and click Next.
Figure - 15. Contivity Dial-up Connection
Nortel 2200 Series Product Guide
282 Configuring Contivity VPN Client
10.
Setup is now complete, click Finish to close the dialog and connect to the Nortel WLAN — Security Switch
(2270).
Figure - 16. Completing Contivity Connection Profile
320298-A Rev 00
Configuring Contivity VPN Client 283
11.
Confirm that a QOTD server is running on the network and the Nortel WLAN — Wireless Security Switch
(2270) is able to connect to it. Also confirm that “DHCP Address Assignment” is selected in the WLAN
Settings.
Figure - 17. launching Contivity VPN Client
12.
Cick on the Connect button to engage the Contivity VPN session with the Nortel WLAN — Security Switch
(2270).
The connection should now be established and the WSS (2270) Web User Interface will be displayed in the browser
window.
Nortel 2200 Series Product Guide
284
SONMP Auto Discovery
The Ethernet Auto-topology feature on the WLAN — Security Switch (2270) allows it participate in Nortel's proprietary
device discovery protocol. When enabled, the WLAN — Security Switch (2270) will be seen/discovered by other
Nortel devices that have the protocol enabled and are directly connected to the WLAN — Security Switch (2270) active
management interface port.
When the Optivity Windows WLAN — Management System (WMS) is used to manage a network containing devices
implementing and running the device discovery protocol, it can draw a network map showing the physical topology
connecting these devices.
SONMP and auto discovery are elements of the same function. SONMP is the protocol used, while auto discovery is the
end result. The Ethernet Auto-topology feature on the WLAN — Security Switch (2270) can be enabled or disabled
from the WLAN — Security Switch (2270) command line interface (CLI) or WEB interface.
The steps to enable or disable the Ethernet Auto-topology feature from the CLI are shown below:
1.
Login to the WLAN — Security Switch (2270) CLI using either the console port or a Telnet session. The
command line prompt will then appear as "(Nortel Switch) > ".
Figure - 18. Telnet Login Screen
Nortel 2200 Series Product Guide
SONMP Auto Discovery 285
2.
Type "config emt enable" and press Enter to enable the feature
Figure - 19. Enabling EMT
Nortel 2200 Series Product Guide
286 SONMP Auto Discovery
3.
Type "config emt disable" and press Enter to disable the feature.
Figure - 20. Disabling EMT
The steps to check the status of the Ethernet Auto-topology feature from the CLI are shown below:
1.
Login to the WLAN — Security Switch (2270) CLI from either the console port or a Telnet session. The command line prompt will then appear as "(Nortel Switch) > ".
320298-A Rev 00
SONMP Auto Discovery 287
2.
Type "show emt" and press Enter.
Figure - 21. EMT Status check
Nortel 2200 Series Product Guide
288 SONMP Auto Discovery
The WSS (2270) Web User Interface page to accomplish the same functionality follows.
Figure - 22. Browser view EMT
1.
Login to the WLAN — Security Switch (2270) and select “SWITCH” from the menu bar. The default selection under the Switch menu is General.
2.
If the General information screen is not displayed, click General on the left side of the browser window to
re-display the information.
3.
To select or deselect the Auto topology feature, click the radio button that appears beside Ehternet
Multi-Segment Topology operation on the browser page. A checkmark appears when Auto topology is
enabled.
320298-A Rev 00
289
KRS Keying
The Licensing feature on the WLAN — Security Switch (2270) allows for upgrading the number of APs it can support.
By default, the WSS (2270) will support 12 APs if no additional license is loaded. Licenses can be purchased from
Nortel to increase the number of APs supported to 24 or 36. Each of the license documents will have a unique Certificate number. You will receive this license after having paid the fee for the upgrade. The process for this is that you will
contact Global Ware with the WSS (2270) MAC address and this certificate number. You will then be mailed the Binary
License File from Global Ware that will be unique to the WSS (2270). Once an upgrade license has been purchased from
Nortel in must be loaded into the WSS (2270) via the TFTP protocol, which can be done from the WSS (2270)
command line interface (CLI) or WEB User Interface.
Nortel 2200 Series Product Guide
290 KRS Keying
The steps to load a license into the WSS (2270) from the CLI are shown below:
1.
Login to the WSS (2270) CLI from either the console port or a Telnet session. The command line prompt will
then appear as "(Nortel Switch) > ".
Figure - 23. Telnet or Console Port Login
320298-A Rev 00
KRS Keying 291
2.
Enter "transfer download serverip <IP_Address>", where <IP_Address> is the IP address of the TFTP
server where the license is stored.
Figure - 24. License transfer
Nortel 2200 Series Product Guide
292 KRS Keying
3.
Enter "transfer download datatype license" to specify that the type of file to be downloaded to the Nortel
WSS (2270) is a license.
Figure - 25. Transfer License datatype
320298-A Rev 00
KRS Keying 293
4.
Enter "transfer download filename <License_File_Name>", where <License_File_Name> is the name of
the license file on the TFTP server.
Figure - 26. License download filename
Nortel 2200 Series Product Guide
294 KRS Keying
5.
Enter "transfer download start" and verify that all information is correct.
Figure - 27. Begin License download
6.
If all the information is correct and you would like to continue, enter "y" to begin the TFTP of the license into
the WSS (2270). If the information is not correct or you do not wish to continue enter "n".
7.
Once completed the WSS (2270) must be rebooted for the license to take effect. Do this by entering "reset
system".
The steps to check the number of APs licensed from the CLI are shown below:
1.
Login to the WSS (2270) CLI from either the console port or a Telnet session. The command line prompt will
appear as "(Nortel Switch) > ".
320298-A Rev 00
KRS Keying 295
2.
Type "show license" and press Enter.
Figure - 28. Show license
Nortel 2200 Series Product Guide
296 KRS Keying
The WSS (2270) Web User Interface page to accomplish the same functionality is shown in Figure - 29.
Figure - 29. Browser view License
320298-A Rev 00
KRS Keying 297
To confirm the number of licenses installed on the WSS (2270) click SWITCH from the Menu bar and then click
Inventory. The screen will update to show the number of installed licenses. A sample display follows in Figure -
30.
Figure - 30. Installed licenses
Nortel 2200 Series Product Guide
298 KRS Keying
320298-A Rev 00
299
Nortel 2200 Series CLI Reference
Nortel 2200 Series CLI Reference
The Nortel 2200 Series Command Line Interface (CLI) allows operators to connect an ASCII console to the WLAN —
Security Switch (2270) and configure the WLAN — Security Switch (2270) and its associated WLAN — Access Ports
(223x) using the Command Line Interface. “Using the Nortel 2200 Series CLI” on page 113 describes most of the
high-level CLI tasks, and the following sections provide additional information:
•
“? command” on page 299
•
“Help Command” on page 300
•
“Viewing Configurations” on page 300
•
“Setting Configurations” on page 383
•
“Saving Configurations” on page 543
•
“Clearing Configurations, Logfiles, and Other Functions” on page 544
•
“Uploading and Downloading Files and Configurations” on page 550
•
“Troubleshooting” on page 559
? command
? command
To display all of the commands in your current level of the command tree, or to display more information about a particular command, use the ? command.
>?
>(command name) ?
When you enter a command information request, put a space between the (command name) and the ? (question mark).
Example 1
>? (at root level)
Clear
Config
Debug
Help
Linktest <MAC addr>
Logout
Ping <ip address>
Reset
Reset the switch or reset configuration to factory defaults.
Configure switch options and settings.
Manages system debug options.
Help.
Perform a link test to a specified MAC
address.
Exit this session. Any unsaved changes
are lost.
Send ICMP echo packets to a specified
IP address.
Reset options.
Nortel 2200 Series Product Guide
300 Help Command
Save
Save current switch settings to
Non-volatile RAM.
Show
Display switch options and settings.
Transfer
Transfer a file to or from the switch.
shows you all the commands and levels available from the root level.
Example 2
>transfer download d?
datatype
shows you that datatype is the only entry at the transfer download level.
Example 3
>transfer download datatype ?
<config/code> Enter datatype: config or code.
shows you the permissible entries for the transfer download datatype command.
Help Command
Help Command
To look up keyboard commands, use the help command at the root level.
>help
Example
>help
HELP:
Special keys:
DEL, BS .... delete previous character
Ctrl-A .... go to beginning of line
Ctrl-E .... go to end of line
Ctrl-F .... go forward one character
Ctrl-B .... go backward one character
Ctrl-D .... delete current character
Ctrl-U, X . delete to beginning of line
Ctrl-K .... delete to end of line
Ctrl-W .... delete previous word
Ctrl-T .... transpose previous character
Ctrl-P .... go to previous line in history buffer
Ctrl-N .... go to next line in history buffer
Ctrl-Z .... return to root command prompt
Tab, <SPACE> command-line completion
Exit ...... go to next lower command prompt
? ......... list choices
Viewing Configurations
Viewing Configurations
To view WLAN — Security Switch (2270) options and settings, use the show commands.
•
“show 802.11a” on page 303
•
“show 802.11b” on page 304
320298-A Rev 00
Viewing Configurations 301
•
“show aepi” on page 305
•
“show acl” on page 305
•
“show advanced 802.11a” on page 306
•
“show advanced 802.11b” on page 311
•
“show advanced client-handoff” on page 317
•
“show ap” on page 318
•
“show arp switch” on page 328
•
“show exclusionlist” on page 328
•
“show boot” on page 329
•
“show certificate” on page 329
•
“show client” on page 331
•
“show country” on page 334
•
“show cpu” on page 336
•
“show custom-web” on page 336
•
“show debug” on page 337
•
“show dhcp” on page 337
•
“show dhcp summary” on page 338
•
“show eventlog” on page 339
•
“show ike” on page 339
•
“show ipsec” on page 340
•
“show interface” on page 340
•
“show inventory” on page 341
•
“show l2tp” on page 342
•
“show load-balancing” on page 343
•
“show loginsession” on page 343
•
“show known” on page 342
•
“show macfilter” on page 344
•
“show mgmtuser” on page 344
•
“show mirror” on page 345
•
“show mobility statistics” on page 347
•
“show mobility summary” on page 348
•
“show msglog” on page 348
•
“show netuser” on page 349
Nortel 2200 Series Product Guide
302 Viewing Configurations
•
“show network” on page 350
•
“show port” on page 351
•
“show qos queue_length all” on page 352
•
“show radius” on page 353
•
“show rogue ap” on page 355
•
“show rogue ap detailed” on page 356
•
“show rogue ap summary” on page 357
•
“show rogue adhoc” on page 358
•
“show rogue client” on page 359
•
“show route summary” on page 361
•
“show rules” on page 361
•
“show run-config” on page 362
•
“show serial” on page 365
•
“show sessions” on page 365
•
“show snmpcommunity” on page 366
•
“show snmptrap” on page 366
•
“show snmpv3user” on page 367
•
“show snmpversion” on page 367
•
“show spanningtree port” on page 367
•
“show spanningtree switch” on page 368
•
“show stats” on page 369
•
“show switchconfig” on page 372
•
“show sysinfo” on page 373
•
“show syslog” on page 374
•
“show tech-support” on page 374
•
“show time” on page 375
•
“show trapflags” on page 376
•
“show traplog” on page 377
•
“show watchlist” on page 378
•
“show wlan” on page 379
•
“show wlan summary” on page 380
•
“show wps summary” on page 381
320298-A Rev 00
show 802.11a 303
show 802.11a
show 802.11a
To display basic 802.11a options and settings, use the show 802.11a command.
>show 802.11a
Syntax
show
802.11a
Display configurations.
802.11a configurations.
Defaults
(none)
Examples
>show 802.11a
802.11a Network................................ Enabled
802.11a Low Band.......................... Enabled
802.11a Mid Band.......................... Enabled
802.11a High Band......................... Enabled
802.11a Operational Rates
802.11a 6M Rate............................ Mandatory
802.11a 9M Rate............................ Supported
802.11a 12M Rate........................... Mandatory
802.11a 18M Rate........................... Supported
802.11a 24M Rate........................... Mandatory
802.11a 36M Rate........................... Supported
802.11a 48M Rate........................... Supported
802.11a 54M Rate........................... Supported
Beacon Interval................................. 100
CF Pollable mandatory........................... Disabled
CF Poll Request mandatory....................... Disabled
CFP Period...................................... 4
CFP Maximum Duration............................ 100
Default Channel................................. 36
Default Tx Power Level.......................... 1
DTIM Period..................................... 10
Fragmentation Threshold......................... 2346
Long Retry Limit................................ 4
Maximum Rx Life Time............................ 512
Max Tx MSDU Life Time........................... 512
Medium Occupancy Limit.......................... 100
Pico-Cell Status................................ Disabled
Fast-Roaming Status............................. Disabled
RTS Threshold................................... 2347
Short Retry Limit............................... 7
TI Threshold.................................... -50
Related Commands
show 802.11b, show advanced 802.11a channel, show advanced 802.11a group, show
advanced 802.11a logging, show advanced 802.11a monitor
Nortel 2200 Series Product Guide
304 show 802.11b
show advanced 802.11a power, show advanced 802.11a profile, show advanced 802.11a
summary
show 802.11b
show 802.11b
To display basic 802.11b/g options and settings, use the show 802.11b command.
>show 802.11b
Syntax
show
802.11b
Display configurations.
802.11b/g configurations.
Defaults
(none)
Examples
>show 802.11b
802.11b Network................................
11gSupport.....................................
802.11b Operational Rates
802.11b 1M Rate............................
802.11b 2M Rate............................
802.11b 5.5M Rate..........................
802.11b 11M Rate...........................
802.11b 11M Rate...........................
Beacon Interval................................
CF Pollable mode...............................
CF Poll Request mandatory......................
CFP Period.....................................
CFP Maximum Duration...........................
Default Channel................................
Default Tx Power Level.........................
DTIM Period....................................
ED Threshold...................................
Fragmentation Threshold........................
Long Retry Limit...............................
Maximum Rx Life Time...........................
Max Tx MSDU Life Time..........................
Medium Occupancy Limit.........................
PBCC mandatory.................................
Enabled
Disabled
Mandatory
Mandatory
Mandatory
Mandatory
Mandatory
100
Disabled
Disabled
4
60
1
1
1
-50
2346
4
512
512
100
Disabled
Pico-Cell Status................................ Disabled
Fast-Roaming Status............................. Disabled
RTS Threshold.................................. 2347
Short Preamble mandatory....................... Enabled
Short Retry Limit.............................. 7
320298-A Rev 00
show aepi 305
Related Commands
show 802.11a, show advanced 802.11b channel, show advanced 802.11b group, show
advanced 802.11b logging, show advanced 802.11b monitor, show advanced 802.11b
txpower, show advanced 802.11b profile, show advanced 802.11b summary
show aepi
show aepi
To display external policy server information, use the show aepi command.
>show aepi [summary/detailed]
Syntax
show aepi
summary
detailed
Command action.
Display a summary of External Policy Server
information.
Display detailed External Policy Server
information.
Defaults
(none)
Examples
>show aepi summary
AEPI ACL Name
Index Server Address Port Stats
----- -------------- ---- --------Related Commands
config aepi acl
show acl
show acl
To display system Access Control Lists, use the show acl command.
>show acl [summary/detailed]
Syntax
show acl
summary
detailed
Command action.
Display a summary of the Access Control
Lists.
Display detailed Access Control List
information.
Defaults
(none)
Examples
>acl summary
ACL Name
Applied
-------------------------------- ------Pubs Only
Yes
Nortel 2200 Series Product Guide
306 Show Advanced 802.11A Commands
Macnica
Yes
Related Commands
config interface acl
Show Advanced 802.11A Commands
show advanced 802.11a
Use the following show advanced 802.11a commands:
•
“show advanced 802.11a channel” on page 306
•
“show advanced 802.11a group” on page 307
•
“show advanced 802.11a logging” on page 307
•
“show advanced 802.11a monitor” on page 308
•
“show advanced 802.11a txpower” on page 309
•
“show advanced 802.11a profile” on page 309
•
“show advanced 802.11a summary” on page 310
show advanced 802.11a channel
show advanced 802.11a channel
To display the automatic channel assignment configuration and statistics, use the show advanced 802.11a channel
command.
>show advanced 802.11a channel
Syntax
show
advanced
802.11a
channel
Display configurations.
Advanced parameters.
802.11a network.
Channel status.
Defaults
(none)
Examples
>show advanced 802.11a channel
Automatic Channel Assignment
Channel Assignment Mode........................
Channel Update Interval........................
seconds
Channel Update Contribution....................
Channel Assignment Leader......................
00:0b:85:02:0d:20
Last Run.......................................
seconds ago
Channel Energy Levels
Minimum......................................
Average......................................
320298-A Rev 00
AUTO
600
SNI.
374
unknown
unknown
show advanced 802.11a group 307
Maximum......................................
Channel Dwell Times
Minimum......................................
h 07 m 57 s
Average......................................
h 08 m 29 s
Maximum......................................
h 09 m 11 s
unknown
0 days, 19
0 days, 19
0 days, 19
Related Commands
config 802.11a channel
show advanced 802.11a group
show advanced 802.11a group
To display the advanced 802.11a Nortel Networks Radio RF grouping, use the show advanced 802.11a group command.
>show advanced 802.11a group
Syntax
show
advanced
802.11a
group
Display configurations.
Advanced parameters.
802.11a network.
RF grouping values.
Defaults
(none)
Examples
>show advanced 802.11a group
Radio RF Grouping
802.11a Group Mode................................... AUTO
802.11a Group Update Interval........................ 600
seconds
802.11a Group Leader.................................
a5:6b:ac:10:01:6b
802.11a Group Member...............................
a5:6b:ac:10:01:6b
802.11a Last Run..................................... 133
seconds ago
Related Commands
config advanced 802.11a group-mode
show advanced 802.11a logging
show advanced 802.11a logging
To display advanced 802.11a RF event and performance logging, use the show advanced 802.11a logging command.
>show advanced 802.11a logging
Syntax
show
Display configurations.
Nortel 2200 Series Product Guide
308 show advanced 802.11a monitor
advanced
802.11a
logging
Advanced parameters.
802.11a network.
RF event and performance logging.
Defaults
(none)
Examples
>show advanced 802.11a logging
RF Event and Performance Logging
Channel Update Logging.........................
Coverage Profile Logging.......................
Foreign Profile Logging........................
Load Profile Logging...........................
Noise Profile Logging..........................
Performance Profile Logging....................
TxPower Update Logging.........................
Off
Off
Off
Off
Off
Off
Off
Related Commands
config advanced 802.11a logging channel, config advanced 802.11a logging coverage,
config advanced 802.11a logging foreign, config advanced 802.11a logging load, config
advanced 802.11a logging noise, config advanced 802.11a logging performance, config
advanced 802.11a logging power
show advanced 802.11a monitor
show advanced 802.11a monitor
To display the advanced 802.11a default Nortel Networks Radio monitoring, use the show advanced 802.11a monitor
command.
>show advanced 802.11a monitor
Syntax
show
advanced
802.11a
monitor
Display configurations.
Advanced parameters.
802.11a network.
Nortel Networks Radio monitoring values.
Defaults
(none)
Examples
>show advanced 802.11a monitor
Default 802.11a AP monitoring
802.11a Monitor Mode...........................
802.11a AP Coverage Interval...................
seconds
802.11a AP Load Interval.......................
802.11a AP Noise Interval......................
seconds
802.11a AP Signal Strength Interval............
320298-A Rev 00
enable
180
60 seconds
180
60 seconds
show advanced 802.11a txpower 309
Related Commands
config advanced 802.11a monitor coverage, config advanced 802.11a monitor load, config
advanced 802.11a monitor noise, config advanced 802.11a monitor signal
show advanced 802.11a txpower
show
advanced 802.11a txpower
To view the advanced 802.11a automatic transmit power assignment, use the show advanced 802.11a txpower
command.
>show advanced 802.11a txpower
Syntax
show
advanced
802.11a
txpower
Display configurations.
Advanced parameters.
802.11a network.
Transmit Power.
Defaults
(none)
Examples
>show advanced 802.11a txpower
Automatic Transmit Power Assignment
Transmit Power Assignment Mode..................
Transmit Power Update Interval..................
seconds
Transmit Power Threshold........................
Transmit Power Neighbor Count...................
Transmit Power Update Contribution..............
Power Assignment Leader.........................
a5:6b:ac:10:01:6b
Last Run........................................
seconds ago
AUTO
600
-65 dBm
3 APs
SN.
384
Related Commands
config advanced 802.11a txpower-update, config 802.11a txPower
show advanced 802.11a profile
show advanced 802.11a profile
To display the advanced 802.11a AP performance profiles, use the show advanced 802.11a profile command.
>show advanced 802.11a profile global
>show advanced 802.11a profile <AP name>
Syntax
show
advanced
802.11a
profile
Display configurations.
Advanced parameters.
802.11a network.
Nortel Networks Radio performance profile.
Nortel 2200 Series Product Guide
310 show advanced 802.11a summary
Defaults
(none)
Examples
>show advanced 802.11a profile global
Default 802.11a Cell performance profiles
802.11a Global Interference threshold..............
802.11a Global noise threshold.....................
-70 dBm
802.11a Global RF utilization threshold............
802.11a Global throughput threshold................
1000000 bps
802.11a Global clients threshold...................
clients
802.11a Global coverage threshold..................
802.11a Global coverage exception level............
802.11a Global client minimum exception lev........
clients
10%
80%
12
12 dB
80%
3
>show advanced 802.11a profile AP1
WLAN — Access Port (223x) performance profile not customized
This response indicates that the performance profile for this AP is using the global defaults
and has not been individually configured.
Related Commands
config advanced 802.11b profile clients, config advanced 802.11b profile coverage, config
advanced 802.11b profile customize, config advanced 802.11b profile exception, config
advanced 802.11b profile foreign, config advanced 802.11b profile level, config advanced
802.11b profile noise, config advanced 802.11b profile throughput, config advanced
802.11b profile utilization
show advanced 802.11a summary
show advanced 802.11a summary
To display the advanced 802.11a AP name, channel, and transmit level summary, use the show advanced 802.11a
summary command.
>show advanced 802.11a summary
Syntax
show
advanced
802.11a
summary
Display configurations.
Advanced parameters.
802.11a network.
AP name, channel, and transmit level
summary.
Defaults
(none)
Examples
>show advanced 802.11a summary
320298-A Rev 00
Show Advanced 802.11B Commands 311
AP Name
Channel
TxPower Level
-------------------------------- ----------- ------------AP03
36*
1*
AP02
52
5*
AP01
64
5
Asterisks next to channel numbers or power levels indicate that they are being controlled
by the global algorithm settings.
Related Commands
show advanced 802.11b summary
Show Advanced 802.11B Commands
show advanced 802.11b
Use the following show advanced 802.11b commands:
•
“show advanced 802.11b channel” on page 311
•
“show advanced 802.11b group” on page 312
•
“show advanced 802.11b logging” on page 313
•
“show advanced 802.11b monitor” on page 313
•
“show advanced 802.11b receiver” on page 314
•
“show advanced 802.11b txpower” on page 315
•
“show advanced 802.11b profile” on page 315
•
“show advanced 802.11b summary” on page 316
show advanced 802.11b channel
show advanced 802.11b channel
To display the automatic channel assignment status and statistics, use the show advanced 802.11b channel command.
>show advanced 802.11b channel
Syntax
show
advanced
802.11b
channel
Display configurations.
Advanced parameters.
802.11b/g network.
Channel status.
Defaults
(none)
Examples
>show advanced 802.11b channel
Automatic Channel Assignment
Channel Assignment Mode........................ OFF
Channel Update Interval........................ 600
seconds
Channel Update Contribution.................... SNI.
Nortel 2200 Series Product Guide
312 show advanced 802.11b group
Channel Assignment Leader......................
00:0b:85:02:0d:20
Last Run.......................................
seconds ago
Channel Energy Levels
Minimum......................................
Average......................................
Maximum......................................
Channel Dwell Times
Minimum......................................
Average......................................
Maximum......................................
157
unknown
unknown
unknown
unknown
unknown
unknown
Related Commands
config 802.11b channel
show advanced 802.11b group
show advanced 802.11b group
To display the advanced 802.11b/g Nortel Networks Radio RF grouping, use the show advanced 802.11b group
command.
>show advanced 802.11b group
Syntax
show
advanced
802.11b
group
Display configurations.
Advanced parameters.
802.11b/g network.
RF grouping values.
Defaults
(none)
Examples
>show advanced 802.11b group
Radio RF Grouping
802.11b Group Mode.............................. AUTO
802.11b Group Update Interval................... 600
seconds
802.11b Group Leader............................
a5:6b:ac:10:01:6b
802.11b Group Member..........................
a5:6b:ac:10:01:6b
802.11b Last Run................................ 511
seconds ago
Related Commands
config advanced 802.11b group-mode
320298-A Rev 00
show advanced 802.11b logging 313
show advanced 802.11b logging
show advanced 802.11b logging
To display advanced 802.11b/g RF event and performance logging, use the show advanced 802.11b logging command.
>show advanced 802.11b logging
Syntax
show
advanced
802.11b
logging
Display configurations.
Advanced parameters.
802.11b network.
RF event and performance logging.
Defaults
(none)
Examples
>show advanced 802.11b logging
RF Event and Performance Logging
Channel Update Logging...........................
Coverage Profile Logging.........................
Foreign Profile Logging..........................
Load Profile Logging.............................
Noise Profile Logging............................
Performance Profile Logging......................
TxPower Update Logging...........................
Off
Off
Off
Off
Off
Off
Off
Related Commands
config advanced 802.11b logging channel, config advanced 802.11b logging coverage,
config advanced 802.11b logging foreign, config advanced 802.11b logging load, config
advanced 802.11b logging noise, config advanced 802.11b logging performance, config
advanced 802.11b logging power
show advanced 802.11b monitor
show advanced 802.11b monitor
To display the advanced 802.11b/g default Nortel Networks Radio monitoring, use the show advanced 802.11b monitor
command.
>show advanced 802.11b monitor
Syntax
show
advanced
802.11b
monitor
Display configurations.
Advanced parameters.
802.11b/g network.
Nortel Networks Radio monitoring values.
Defaults
(none)
Examples
>show advanced 802.11b monitor
Default 802.11b AP monitoring
Nortel 2200 Series Product Guide
314 show advanced 802.11b receiver
802.11b Monitor Mode......................... enable
802.11b Monitor Channels..................... Country
channels
802.11b
802.11b
802.11b
802.11b
AP
AP
AP
AP
Coverage Interval.................
Load Interval.....................
Noise Interval....................
Signal Strength Interval..........
180 seconds
60 seconds
180 seconds
60 seconds
Related Commands
config advanced 802.11b monitor coverage, config advanced 802.11b monitor load,
config advanced 802.11b monitor noise, config advanced 802.11b monitor signal
show advanced 802.11b receiver
show advanced 802.11b receiver
To display the advanced 802.11b/g default Nortel Networks Radio receiver parameters, use the show advanced 802.11b
receiver command.
>show advanced 802.11b receiver
Syntax
show
advanced
802.11b
receiver
Display configurations.
Advanced parameters.
802.11b/g network.
Nortel Networks Radio receiver values.
Defaults
(none)
Examples
>show advanced 802.11b receiver
Default 802.11b Receiver Settings
RxStart
: Signal Threshold...............
RxStart
: Signal Jump Threshold..........
RxStart
: Preamble Power Threshold.......
RxRestart : Signal Jump Status.............
RxRestart : Signal Jump Threshold..........
TxStomp
: Low RSS Status. ..............
TxStomp
: Low RSSI Threshold.............
TxStomp
: Wrong BSSID Status.............
TxStomp
: Wrong BSSID Data Only Status...
RxAbort
: Raw Power Drop Status..........
RxAbort
: Raw Power Drop Threshold.......
RxAbort
: Low RSSI Status................
RxAbort
: Low RSSI Threshold.............
RxAbort
: Wrong BSSID Status.............
RxAbort
: Wrong BSSID Data Only Status...
15
5
2
Enabled
10
Disabled
37
Disabled
Disabled
Disabled
0
Enabled
0
Disabled
Disabled
Related Commands
config advanced 802.11b monitor coverage, config advanced 802.11b monitor load,
config advanced 802.11b monitor noise, config advanced 802.11b monitor signal
320298-A Rev 00
show advanced 802.11b profile 315
show advanced 802.11b profile
show advanced 802.11b profile
To display the advanced 802.11b/g Nortel Networks Radio performance profiles, use the show advanced 802.11b profile
command.
>show advanced 802.11b profile global
>show advanced 802.11b profile <AP name>
Syntax
show
advanced
802.11b
profile
Display configurations.
Advanced parameters.
802.11b/g network.
AP performance profile.
Defaults
(none)
Examples
>show advanced 802.11b profile global
Default 802.11b Cell performance profiles
802.11b Global Interference threshold..............
802.11b Global noise threshold.....................
-70 dBm
802.11b Global RF utilization threshold............
802.11b Global throughput threshold................
1000000 bps
802.11b Global clients threshold...................
clients
802.11b Global coverage threshold..................
802.11b Global coverage exception level............
802.11b Global client minimum exception lev........
clients
10%
80%
12
12 dB
80%
3
>show advanced 802.11b profile AP1
WLAN — Access Port (223x) performance profile not customized
This response indicates that the performance profile for this AP is using the global defaults
and has not been individually configured.
Related Commands
config advanced 802.11b profile clients, config advanced 802.11b profile coverage, config
advanced 802.11b profile customize, config advanced 802.11b profile exception, config
advanced 802.11b profile foreign, config advanced 802.11b profile level, config advanced
802.11b profile noise, config advanced 802.11b profile throughput, config advanced
802.11b profile utilization
show advanced 802.11b txpower
show advanced 802.11b txpower
To view the advanced 802.11b/g automatic transmit power assignment, use the show advanced 802.11b txpower
command.
Nortel 2200 Series Product Guide
316 show advanced 802.11b summary
>show advanced 802.11b txpower
Syntax
show
advanced
802.11b
txpower
Display configurations.
Advanced parameters.
802.11b/g network.
Transmit power.
Defaults
(none)
Examples
>show advanced 802.11b txpower
Automatic Transmit Power Assignment
Transmit Power Assignment Mode.................
Transmit Power Update Interval.................
seconds
Transmit Power Threshold.......................
Transmit Power Neighbor Count..................
Transmit Power Update Contribution.............
Transmit Power Assignment Leader...............
00:0b:85:02:0d:20
Last Run.......................................
seconds ago
AUTO
600
-65 dBm
3 APs
SNI.
427
Related Commands
config 802.11b txPower
show advanced 802.11b summary
show advanced 802.11b summary
To display the advanced 802.11b/g WLAN — Access Port (223x) name, channel, and transmit level summary, use the
show advanced 802.11b summary command.
>show advanced 802.11b summary
Syntax
show
advanced
802.11b
summary
Display configurations.
Advanced parameters.
802.11b/g network.
AP name, channel, and transmit level
summary.
Defaults
(none)
Examples
>show advanced 802.11b summary
AP name
Channel
---------------------------AP1
11*
320298-A Rev 00
Txpower Level
-----------1*
show advanced client-handoff 317
AP2
AP3
10*
6*
4
2
Asterisks next to channel numbers or power levels indicate that they are being controlled
by the global algorithm settings.
Related Commands
show advanced 802.11a summary
show advanced client-handoff
show advanced client-handoff
To display the number of automatic client handoffs after retries, use the show advanced client-handoff command.
>show advanced client-handoff
Syntax
show
advanced
client-handoff
Display configurations.
Advanced parameters.
Advanced client handoff count.
Defaults
(none)
Examples
>show advanced client-handoff
Client auto handoff after retries................
130
Related Commands
config advanced timers auth-timeout, config advanced timers rogue-ap
show advanced statistics
show advanced timers
To display whether or not the WLAN — Security Switch (2270) port statistics are enabled or disabled, use the show
advanced statistics command.
>show advanced statistics
Syntax
show
advanced
statistics
Display configurations.
Advanced parameters.
Show WLAN — Security Switch (2270) port
statistics state.
Defaults
(none)
Examples
>show advanced statistics
Switch port statistics...........................
Enabled
Nortel 2200 Series Product Guide
318 show advanced timers
Related Commands
config advanced timers auth-timeout, config advanced timers rogue-ap
show advanced timers
show advanced timers
To display the advanced mobility anchor, authentication response, and Rogue AP entry timers, use the show advanced
timers command.
>show advanced timers
Syntax
show
advanced
timers
Display configurations.
Advanced parameters.
Advanced system timers.
Defaults
Shown below in examples.
Examples
>show advanced timers
Authentication Response Timeout (seconds)......
Rogue Entry Timeout (seconds)..................
AP Heart Beat Timeout (seconds)................
AP Discovery Timeout (seconds).................
10
1200
30
10
EAP Request Timeout (seconds).................. 8
Related Commands
config advanced timers auth-timeout, config advanced timers rogue-ap
Show AP Commands
show ap
Use the following show ap commands:
•
“show ap auto-rf” on page 318
•
“show ap config” on page 320
•
“show ap stats” on page 326
•
“show ap summary” on page 327
•
“show ap wlan” on page 327
show ap auto-rf
show ap auto-rf
To display the auto-rf settings for an WLAN — Access Port (223x), use the show ap auto-rf command.
>show ap auto-rf <802.11a/802.11b> <AP name>
Syntax
show
ap auto-rf
<802.11a/802.11b>
320298-A Rev 00
Display configurations.
Nortel Networks Radio.
802.11a or 802.11b setting.
show ap auto-rf 319
<AP name>
WLAN — Access Port (223x) name.
Defaults
(none)
Examples
>show ap auto-rf 802.11a AP1
Number Of Slots..................................
Rad Name.........................................
MAC Address......................................
00:0b:85:01:18:b7
Radio Type.....................................
RADIO_TYPE_80211a
Noise Information
Noise Profile................................
Channel 36...................................
Channel 40...................................
Channel 44...................................
Channel 48...................................
Channel 52...................................
Channel 56...................................
Channel 60...................................
Channel 64...................................
Interference Information
Interference Profile.........................
Channel 36...................................
@ 1% busy
Channel 40...................................
@ 0% busy
Channel 44...................................
@ 0% busy
Channel 48...................................
@ 0% busy
Channel 52...................................
@ 0% busy
Channel 56...................................
@ 1% busy
Channel 60...................................
@ 1% busy
Channel 64...................................
@ 1% busy
Load Information
Load Profile.................................
Receive Utilization..........................
Transmit Utilization.........................
Channel Utilization..........................
Attached Clients.............................
Coverage Information
2
AP03
PASSED
-88 dBm
-86 dBm
-87 dBm
-85 dBm
-84 dBm
-83 dBm
-84 dBm
-85 dBm
PASSED
-66 dBm
-128 dBm
-128 dBm
-128 dBm
-128 dBm
-73 dBm
-55 dBm
-69 dBm
PASSED
0%
0%
1%
1 clients
Nortel 2200 Series Product Guide
320 show ap config
Coverage Profile.............................
Failed Clients...............................
Client Signal Strengths
RSSI -100 dBm................................
RSSI -92 dBm................................
RSSI -84 dBm................................
RSSI -76 dBm................................
RSSI -68 dBm................................
RSSI -60 dBm................................
RSSI -52 dBm................................
Client Signal To Noise Ratios
SNR
0 dBm.................................
SNR
5 dBm.................................
SNR
10 dBm.................................
SNR
15 dBm.................................
SNR
20 dBm.................................
SNR
25 dBm.................................
SNR
30 dBm.................................
SNR
35 dBm.................................
SNR
40 dBm.................................
SNR
45 dBm.................................
Nearby RADs
RAD 00:0b:85:01:05:08 slot 0.................
on 10.1.30.170
RAD 00:0b:85:01:12:65 slot 0.................
on 10.1.30.170
Channel Assignment Information
Current Channel Average Energy...............
Previous Channel Average Energy..............
Channel Change Count.........................
Last Channel Change Time.....................
12:53e:34 2004
Recommended Best Channel.....................
RF Parameter Recommendations
Power Level..................................
RTS/CTS Threshold............................
Fragmentation Threshold......................
Antenna Pattern..............................
PASSED
0 clients
0
0
0
0
0
0
0
clients
clients
clients
clients
clients
clients
clients
0
0
0
0
0
0
0
0
0
0
clients
clients
clients
clients
clients
clients
clients
clients
clients
clients
-46 dBm
-24 dBm
-86 dBm
-75 dBm
109
Wed Sep 29
44
1
2347
2346
0
Related Commands
config 802.11a antenna, config 802.11b antenna, config cell
show ap config
show ap config
To display the detailed configuration for an 802.11b/g WLAN — Access Port (223x), use the show ap config command.
>show ap config <802.11a/802.11b/general> <AP name>
320298-A Rev 00
show ap config 321
Syntax
show
ap
<802.11a/802.11b/
general>
<AP name>
Display configurations.
Nortel Networks Radio.
802.11a, 802.11b/g or general settings.
WLAN — Access Port (223x) name.
Defaults
(none)
Examples
>show ap config 802.11a AP01
WLAN — Access Port (223x) Identifier.......................... 5
WLAN — Access Port (223x)
Name................................ AP01
AP Type.......................................... Nortel
Networks
Switch Port Number............................... 19
MAC Address......................................
00:0b:85:01:05:00
IP Address....................................... Disabled
WLAN — Access Port (223x) Location............................ default location
Primary Nortel Networks Switch.........................
AirePubs
Secondary Nortel Networks Switch.......................
Tertiary Nortel Networks Switch........................
Administrative State.............................
ADMIN_ENABLED
Operation State.................................. REGISTERED
Mirroring Mode................................... Disabled
AP Mode.......................................... Local
AP Type.......................................... 5212
Remote AP Debug.................................. Disabled
S/W Version..................................... 2.2.133.0
Boot Version.................................... 0.0.0.0
Stats Reporting Period........................... 180
Number Of Slots.................................. 2
Rad Model........................................
Rad Serial Number................................
Attributes for Slot 0
Radio Type...................................
RADIO_TYPE_80211a
Administrative State.........................
ADMIN_ENABLED
Operation State.............................. UP
Nortel 2200 Series Product Guide
322 show ap config
WLAN Override................................ Disabled
CellId....................................... 0
Station Configuration
Configuration..............................
Number Of WLANs............................
Medium Occupancy Limit.....................
CFP Period.................................
CFP MaxDuration............................
BSSID......................................
00:0b:85:01:05:00
Operation Rate Set
6000 Kilo Bits...........................
9000 Kilo Bits...........................
12000 Kilo Bits..........................
18000 Kilo Bits..........................
24000 Kilo Bits..........................
36000 Kilo Bits..........................
48000 Kilo Bits..........................
54000 Kilo Bits..........................
Beacon Period..............................
DTIM Period................................
Multi Domain Capability Implemented........
Multi Domain Capability Enabled............
Country String.............................
320298-A Rev 00
AUTOMATIC
1
100
4
60
MANDATORY
SUPPORTED
MANDATORY
SUPPORTED
MANDATORY
SUPPORTED
SUPPORTED
SUPPORTED
100
1
TRUE
TRUE
US
Multi Domain Capability
Configuration..............................
First Chan Num.............................
Number Of Channels.........................
Maximum Tx Power Level.....................
AUTOMATIC
36
4
17
MAC Operation Parameters
Configuration..............................
RTS Threshold..............................
Short Retry Limit..........................
Long Retry Limit...........................
Fragmentation Threshold....................
Maximum Tx MSDU Life Time..................
Maximum Rx Life Time.......................
AUTOMATIC
2347
7
4
2346
512
512
Tx Power
Num Of Supported Power Levels..............
Tx Power Level 1...........................
Tx Power Level 2...........................
Tx Power Level 3...........................
Tx Power Level 4...........................
Tx Power Level 5...........................
5
32
16
8
4
1
show ap config 323
Tx Power Level 6...........................
Tx Power Level 7...........................
Tx Power Level 8...........................
Tx Power Configuration.....................
Current Tx Power Level.....................
0
0
0
CUSTOMIZED
5
Phy OFDM parameters
Configuration.............................. CUSTOMIZED
Current Channel............................ 64
TI Threshold............................... -50
Antenna Type...............................
EXTERNAL_ANTENNA
AntennaMode................................
ANTENNA_OMNI
Performance Profile Parameters
Configuration..............................
Interference threshold.....................
Noise threshold............................
RF utilization threshold...................
Data-rate threshold........................
AUTOMATIC
10%
-70 dBm
80%
1000000
bps
Client threshold...........................
Coverage SNR threshold.....................
Coverage exception level...................
Client minimum exception level.............
Rogue Containment Information
Containment Count............................
12 clients
16 dB
25%
3 clients
00
>show ap config 802.11b AP01
WLAN — Access Port (223x) Identifier.......................... 5
WLAN — Access Port (223x) Name................................
AP01
AP Type.......................................... Nortel
Switch Port Number............................... 19
MAC Address...................................... 00:0b:85:01:05:00
IP Address....................................... Disabled
WLAN — Access Port (223x) Location............................
default location
Primary Switch...................................
Secondary Nortel Networks Switch.......................
Tertiary Nortel Networks Switch........................
Administrative State.............................
Operation State..................................
Mirroring Mode...................................
AP Mode..........................................
Remote AP Debug..................................
S/W Version.....................................
Boot Version....................................
ADMIN_ENABLED
REGISTERED
Disabled
Local
Disabled
2.2.133.0
0.0.0.0
Nortel 2200 Series Product Guide
324 show ap config
Stats Reporting Period........................... 180
Number Of Slots.................................. 2
Rad Model........................................
Rad Serial Number................................
Attributes for Slot 1
Radio Type...................................
Administrative State.........................
Operation State..............................
WLAN Override................................
CellId.......................................
Station Configuration
Configuration..............................
Number Of WLANs............................
Medium Occupancy Limit.....................
CFP Period.................................
CFP MaxDuration............................
BSSID......................................
Operation Rate Set
1000 Kilo Bits...........................
2000 Kilo Bits...........................
5500 Kilo Bits...........................
11000 Kilo Bits..........................
Beacon Period..............................
DTIM Period................................
Multi Domain Capability Implemented........
Multi Domain Capability Enabled............
Country String.............................
320298-A Rev 00
RADIO_TYPE_80211b
ADMIN_ENABLED
DOWN
Disabled
0
AUTOMATIC
0
100
4
60
00:0b:85:01:05:00
MANDATORY
MANDATORY
MANDATORY
MANDATORY
100
1
TRUE
TRUE
US
Multi Domain Capability
Configuration..............................
First Chan Num.............................
Number Of Channels.........................
Maximum Tx Power Level.....................
AUTOMATIC
1
11
30
MAC Operation Parameters
Configuration..............................
RTS Threshold..............................
Short Retry Limit..........................
Long Retry Limit...........................
Fragmentation Threshold....................
Maximum Tx MSDU Life Time..................
Maximum Rx Life Time.......................
AUTOMATIC
2347
7
4
2346
512
512
Tx Power
Num Of Supported Power Levels..............
Tx Power Level 1...........................
Tx Power Level 2...........................
Tx Power Level 3...........................
Tx Power Level 4...........................
Tx Power Level 5...........................
5
32
16
8
4
1
show ap config 325
Tx Power Level 6...........................
Tx Power Level 7...........................
Tx Power Level 8...........................
Tx Power Configuration.....................
Current Tx Power Level.....................
Phy DSSS parameters
Configuration..............................
Current Channel............................
Current CCA Mode...........................
ED Threshold...............................
Antenna Type...............................
EXTERNAL_ANTENNA
Diversity..................................
DIVERSITY_ENABLED
Performance Profile Parameters
Configuration..............................
Interference threshold.....................
Noise threshold............................
RF utilization threshold...................
Data-rate threshold........................
Client threshold...........................
Coverage SNR threshold.....................
Coverage exception level...................
Client minimum exception level.............
Rogue Containment Information
Containment Count............................
>show ap config general AP1
WLAN — Access Port (223x) Identifier.......................... 5
WLAN — Access Port (223x)
Name................................ AP01
AP Type..........................................
Switch Port Number...............................
MAC Address......................................
00:0b:85:01:05:00
IP Address.......................................
WLAN — Access Port (223x) Location............................ default location
Primary Switch...................................
Administrative State.............................
ADMIN_ENABLED
Operation State..................................
Mirroring Mode...................................
AP Mode..........................................
Remote AP Debug..................................
0
0
0
AUTOMATIC
1
AUTOMATIC
1
0
-50
AUTOMATIC
10%
-70 dBm
80%
1000000 bps
12 clients
12 dB
25%
3 clients
0
Nortel
19
Disabled
REGISTERED
Disabled
Local
Disabled
Nortel 2200 Series Product Guide
326 show ap stats
S/W Version.....................................
Boot Version....................................
Stats Reporting Period...........................
Number Of Slots..................................
Rad Model........................................
Rad Serial Number................................
01012203-10057105-01182
2.2.133.0
0.0.0.0
180
2
Related Commands
config 802.11a antenna, config 802.11b antenna, config cell
show ap stats
show ap stats
To display the statistics for an 802.11b/g WLAN — Access Port (223x), use the show ap stats command.
>show ap stats <802.11a/802.11b> <AP name>
Syntax
show
ap
<802.11a/802.11b>
<AP name>
Display configurations.
Nortel Networks Radio.
802.11a or 802.11b/g statistics.
WLAN — Access Port (223x) name.
Defaults
(none)
Examples
>show ap stats 802.11b AP01
Number Of Slots..................................
Rad Name.........................................
MAC Address......................................
00:0b:85:01:05:00
Radio Type.....................................
RADIO_TYPE_80211a
Stats Information
Number of Users..............................
TxFragmentCount..............................
MulticastTxFrameCnt..........................
FailedCount..................................
RetryCount...................................
MultipleRetryCount...........................
FrameDuplicateCount..........................
RtsSuccessCount..............................
RtsFailureCount..............................
AckFailureCount..............................
RxFragmentCount..............................
MulticastRxFrameCnt..........................
FcsErrorCount................................
TxFrameCount.................................
WepUndecryptableCount........................
320298-A Rev 00
2
AP01
0
24904
11710
91534
5582
0
0
0
0
473136
12978548
0
230771
24904
130
show ap summary 327
Related Commands
config ap stats-timer
show ap summary
show ap summary
To display a summary of all APs attached to the WLAN — Security Switch (2270), use the show ap summary command.
A list containing each AP name, number of slots, manufacturer, MAC address, location and WLAN — Security Switch
(2270) port number will be displayed.
>show ap summary
Syntax
show
ap
summary
Display configurations.
All APs.
Summary of all APs.
Defaults
(none)
Examples
>show ap summary
AP Name
Slots
Addr
Location
------------------ ------------- ---AP03
2
location 12
AP02
2
location 11
AP01
2
location 19
AP Type
MAC
Port
--------- ----------------- ------Nortel 00:0b:85:01:18:b0 default
Nortel 00:0b:85:01:12:60 default
Nortel 00:0b:85:01:05:00 default
Related Commands
show advanced 802.11a summary, show advanced 802.11b summary, show certificate
summary, show client summary, show mobility summary, show radius summary, show
rogue-ap summary, show wlan summary
show ap wlan
show ap wlan
To display whether or not a WLAN — Security Switch (2270) radio is in WLAN Override mode (as described in the
Nortel 2200 Series Product Guide), use the show ap wlan command.
>show ap wlan [802.11a/802.11b] <AP Name>
Syntax
show
ap
wlan
<802.11a/802.11b>
<AP name>
Display configurations.
All APs.
WLAN parameter.
802.11a or 802.11b/g statistics.
WLAN — Access Port (223x) name.
Nortel 2200 Series Product Guide
328 show arp switch
Defaults
(none)
Examples
>show ap wlan 802.11a AP01
WLAN — Access Port (223x) is not in override mode.
Related Commands
show advanced 802.11a summary, show advanced 802.11b summary, show certificate
summary, show client summary, show mobility summary, show radius summary, show
rogue-ap summary, show wlan summary
show arp switch
show arp switch
To display the WLAN — Security Switch (2270) MAC addresses, IP Addresses, and port types, use the show arp switch
command.
>show arp switch
Syntax
show
arp
switch
Display configurations.
arp MAC addresses, IP Addresses, and port
types.
WLAN — Security Switch (2270) parameters.
Defaults
(none)
Examples
>show arp switch
MAC Address
IP
Address
Port
VLAN
Type
------------------- ---------------- -----------00:C0:A8:87:EA:78
172.19.1.158
service
port
1
00:06:5B:3D:0B:5C
172.19.1.2
service
port
00:D0:59:9D:5E:06
172.19.1.106
service
port
Related Commands
debug arp
show exclusionlist
show exclusionlist
To display a summary of all clients on the manual Exclusion List (blacklisted) from associating with this WLAN —
Security Switch (2270), use the show exclusionlist command. A list containing each manually Excluded MAC address is
displayed.
Note: Use the show exclusionlist command to view clients on the Exclusion List.
320298-A Rev 00
show boot 329
>show exclusionlist
Syntax
show
exclusionist
Display configurations.
Manual Exclusion List.
Defaults
(none)
Examples
>show exclusionlist
MAC Address
----------------------00:50:08:00:00:f5
Description
-------------------------------Disallowed Client
Related Commands
config exclusionlist add, config exclusionlist delete, config exclusionlist description, show
client
show boot
show boot
Each WLAN — Security Switch (2270) retains one primary and one backup Operating System software load in
non-volatile RAM. This allows operators to have the WLAN — Security Switches (2270) boot off the primary load
(default), or revert to the backup load when desired. To display the primary and backup software build numbers with an
indication of which is active, use the show boot command.
>show boot
Syntax
show
boot
Display configurations.
Software bootable versions.
Defaults
(none)
Examples
>show boot
Primary Boot Image............................... 2.2.133.0
(active)
Backup Boot Image................................ 2.2.125.0
Related Commands
config exclusionlist add, config exclusionlist delete, config exclusionlist description, show
client
Show Certificate Commands
show certificate
Use the following show certificate commands:
•
“show certificate compatibility” on page 330
Nortel 2200 Series Product Guide
330 show certificate compatibility
•
“show certificate summary” on page 330
show certificate compatibility
show certificate compatibility
To display whether or not certificates are verified as compatible in the WLAN — Security Switch (2270), use the show
certificate compatibility command.
>show certificate compatibility
Syntax
show
certificate
compatibility
Display configurations.
All certificates.
Compatibility of certificates.
Defaults
(none)
Examples
>show certificate compatibility
Certificate compatibility mode:................ off
Related Commands
show certificate summary
show certificate summary
show certificate summary
To display a summary of all certificates active in the WLAN — Security Switch (2270), use the show certificate
summary command.
>show certificate summary
Syntax
show
certificate
summary
Display configurations.
All certificates.
Synopsis of all certificates.
Defaults
(none)
Examples
>show certificate summary
Web Administration Certificate................. Locally
Generated
Web Authentication Certificate................. Locally
Generated
Certificate compatibility mode:................ off
Related Commands
show certificate compatibility
320298-A Rev 00
Show Client Commands 331
Show Client Commands
show client
Use the following show client commands:
•
“show client ap” on page 331
•
“show client detail” on page 331
•
“show client summary” on page 333
•
“show client username” on page 333
show client ap
show client ap
To display the clients on an WLAN — Access Port (223x), use the show client ap command.
Note: The show client ap command may list the status of automatically disabled clients. Use the
show blacklist command to view clients on the Exclusion List (blacklisted).
>show client ap <802.11a/802.11b> <AP name>
Syntax
show
ap
<802.11a/802.11b>
<AP name>
Display configurations.
Nortel Networks Radio.
802.11a or 802.11b/g clients.
WLAN — Access Port (223x) name.
Defaults
(none)
Examples
>show client ap 802.11b AP1
MAC Address
AP Id
Status
Id
Authenticated
----------------- ------ -----------------00:0c:41:0a:33:13
1
Associated
WLAN
---------
-------
1
No
Related Commands
show client detail, show client summary, show client username, show blacklist
show client detail
show client detail
To display detailed information for a client on an WLAN — Access Port (223x), use the show client detail command.
Note: The show client ap command may list the status of automatically disabled clients. Use the show
blacklist command to view clients on the Exclusion List (blacklisted).
>show client detail <MAC address>
Syntax
show
Display configurations.
Nortel 2200 Series Product Guide
332 show client detail
client
detail
<MAC address>
802.11a or 802.11b/g client.
Connectivity information.
MAC address of the specific client.
Defaults
(none)
Examples
>show client detail 00:0c:41:07:33:a6
Client MAC Address...............................
00:0c:41:07:33:a6
Client Username..................................
AP MAC Address...................................
00:0b:85:01:18:b0
Client State.....................................
Wireless LAN Id..................................
IP Address.......................................
Association Id...................................
Authentication Algorithm.........................
Reason Code......................................
Status Code......................................
Session Timeout..................................
Mirroring........................................
QoS Level........................................
Diff Serv Code Point (DSPC)......................
802.1P Priority Tag..............................
Mobility State...................................
Mobility Move Count..............................
Security Policy Completed........................
Policy Manager State.............................
Policy Manager Rule Created......................
NPU Fast Notified................................
Policy Type......................................
Encryption Cipher................................
EAP Type.........................................
Interface........................................
VLAN.............................................
Associated
1
Unknown
1
Shared Key
0
0
0
Disabled
Gold
disabled
disabled
Local
0
No
DHCP_REQD
No
Yes
N/A
WEP (104 bits)
Unknown
management
0
Client Capabilities:
CF Pollable................................
implemented
CF Poll Request............................
implemented
Short Preamble.............................
implemented
PBCC.......................................
implemented
Channel Agility............................
implemented
Listen Interval............................
320298-A Rev 00
N/A
Not
Not
Not
Not
Not
0
show client summary 333
Client Statistics:
Number of Bytes Received...................
Number of Bytes Sent.......................
Number of Packets Received.................
Number of Packets Sent.....................
Number of Policy Errors....................
Radio Signal Strength Indicator............
Unavailable
Signal to Noise Ratio......................
Unavailable
Nearby AP Statistics:
AP03(slot 0) 24643 seconds ago.............
0
0
0
0
0
-11 dBm
Related Commands
show client ap, show client summary, show client username, show blacklist
show client summary
show client summary
To display a summary of clients associated with an WLAN — Access Port (223x), use the show client summary
command.
Note: The show client ap command may list the status of automatically disabled clients. Use the show
blacklist command to view clients on the Exclusion List (blacklisted).
>show client summary
Syntax
show
client
summary
Display configurations.
802.11a or 802.11b/g client.
All attached clients.
Defaults
(none)
Examples
>show client summary
MAC Address
AP
Name
Status
WLAN Auth Protocol Port
----------------- ----------------- ------------- ---- ----------- ---00:0c:41:0a:33:13 AP01
Associated
1
No
802.11g 5
Related Commands
show client ap, show client detail, show client username, show blacklist
show client username
show client username
To display client data by user name, use the show client username command.
Nortel 2200 Series Product Guide
334 show country
>show client username <User Name>
Syntax
show
username
<User Name>
Display configurations.
Nortel Networks Radio.
Client User Name.
Defaults
(none)
Examples
>show client username IT_007
MAC Address
AP ID
Status
Id
Authenticated
----------------- ------ -----------------00:0c:41:0a:33:13 1
Associated
WLAN
---------
-------
1
No
Related Commands
show client ap, show client detail, show client summary
show country
show country
The WLAN — Security Switch (2270) must be configured to comply with the target country's permitted 802.11a and/or
802.11b frequency bands. To display a list of supported countries and their permitted frequency bands, use the show
country command. This command also shows you the current country setting for the WLAN — Security Switch (2270).
>show country
Syntax
show
country
Display configuration options.
Supported Countries.
Defaults
(none)
Examples
>show country
Supported Regulatory Domains
AT..............................................
802.11b/802.11g
AU..............................................
802.11b/802.11g
BE..............................................
802.11b/802.11g
CA..............................................
802.11b/802.11g
DE..............................................
802.11b/802.11g
320298-A Rev 00
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
show country 335
DK..............................................
802.11b/802.11g
EE..............................................
802.11b/802.11g
ES..............................................
802.11g
FI..............................................
802.11b/802.11g
FR..............................................
802.11b/802.11g
GB..............................................
802.11b/802.11g
GR..............................................
802.11g
HK..............................................
802.11b/802.11g
HU..............................................
802.11b/802.11g
IE..............................................
802.11b/802.11g
IN..............................................
802.11g
IS..............................................
802.11b/802.11g
IT..............................................
802.11b/802.11g
JP..............................................
802.11b/802.11g
KR..............................................
802.11b
NZ..............................................
802.11b/802.11g
NO..............................................
802.11b/802.11g
PL..............................................
802.11b/802.11g
PT..............................................
802.11b/802.11g
SE..............................................
802.11b/802.11g
SG..............................................
802.11b/802.11g
SI..............................................
802.11b/802.11g
SK..............................................
802.11b/802.11g
TH..............................................
802.11g
802.11a/
802.11a/
802.11b/
802.11a/
802.11a/
802.11a/
802.11b/
802.11a/
802.11a/
802.11a/
802.11b/
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
802.11b/
Nortel 2200 Series Product Guide
336 show cpu
TW..............................................
802.11b/802.11g
US..............................................
802.11b/802.11g
USL.............................................
802.11b/802.11g
USE.............................................
802.11b/802.11g
ZA..............................................
802.11b/802.11g
802.11a/
802.11a/
802.11a/
802.11a/
802.11a/
Configured Country......................... United States
(Legacy)
Related Commands
show sysinfo
show cpu
show cpu
To display current CPU usage information, use the show cpu command.
>show cpu
Syntax
show cpu
Command action.
Defaults
(none)
Examples
>show cpu
Current CPU load: 2.50%
Related Commands
show sysinfo
show custom-web
show custom-web
To display Web Authentication customization information, use the show custom-web command.
>show custom-web
Syntax
show custom-web
Command action.
Defaults
(none)
Examples
>show custom-web
Nortel Logo................................... Enabled
320298-A Rev 00
show debug 337
CustomLogo.......................................
Custom Title.....................................
Custom Message...................................
Custom Redirect URL..............................
External Web Authentication Mode.................
External Web Authentication URL..................
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Related Commands
config custom-web
show debug
show debug
Use the show debug command, to determine if MAC address and other flag debugging is enabled or disabled.
>show debug
Syntax
show
debug
Display configurations.
MAC address debugging.
Defaults
disabled
Examples
>show debug
MAC debugging............................... disabled
Debug Flags Enabled:
arp error enabled.
bcast error enabled.
Related Commands
debug mac
show dhcp
show dhcp
Use the show dhcp command, to display the DHCP server configuration.
>show dhcp <scope name>
Syntax
show dhcp
<scope name>
Command action.
The scope name set with the config dhcp
command.
Defaults
None
Examples
>show dhcp 003
Enabled....................................... No
Nortel 2200 Series Product Guide
338 show dhcp summary
Lease Time....................................
Pool Start....................................
Pool End......................................
Network.......................................
Netmask.......................................
Default Routers...............................
0.0.0.0 0.0.0.0
DNS Domain....................................
DNS...........................................
0.0.0.0 0.0.0.0
Netbios Name Servers..........................
0.0.0.0 0.0.0.0
0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
Related Commands
config dhcp, show dhcp summary
show dhcp summary
show dhcp summary
Use the show dhcp summary command, to display a summary of DHCP server configurations.
>show dhcp summary
Syntax
show dhcp
summary
Command action.
List information about DHCP servers.
Defaults
None
Examples
>show dhcp summary
Scope Name
003
Enabled
No
Address Range
0.0.0.0 -> 0.0.0.0
Related Commands
config dhcp, show dhcp
show dhcp leases
show dhcp summary
Use the show dhcp leases command, to display DHCP leases.
>show dhcp leases
Syntax
show dhcp
leases
Defaults
None
320298-A Rev 00
Command action.
List information about DHCP leases.
show eventlog 339
Examples
>show dhcp leases
Scope Name
003
Enabled
No
Address Range
0.0.0.0 -> 0.0.0.0
Related Commands
config dhcp, show dhcp
show eventlog
show eventlog
Use the show eventlog command, to display the event log.
>show eventlog
Syntax
show
eventlog
Display configurations.
System events.
Defaults
(none)
Examples
>show eventlog
File
Line TaskID
EVENT> nim.c
154 1234B2DC
EVENT> bootos.c 447 12346F44
EVENT> nim.c
154 121160B4
EVENT> bootos.c 447 12111D1C
EVENT> nim.c
154 121180A4
EVENT> bootos.c 447 12113C24
EVENT> nim.c
154 1210D5CC
EVENT> bootos.c 445 12109154
EVENT> nim.c
154 121176C4
EVENT> bootos.c 445 12113244
EVENT> nim.c
154 121176C4
EVENT> bootos.c 445 12113244
EVENT> nim.c
154 121176C4
EVENT> bootos.c 445 12113244
EVENT> nim.c
154 1210D44C
Would you like to display the
Code
d h m s
00000000
0 0 0 44
AAAAAAAA
0 0 0 17
00000000
0 0 0 44
AAAAAAAA
0 0 0 17
00000000
0 0 0 44
AAAAAAAA
0 0 0 17
00000000
0 0 0 44
AAAAAAAA
0 0 0 17
00000000
0 0 0 44
AAAAAAAA
0 0 0 17
00000000
0 0 0 43
AAAAAAAA
0 0 0 17
00000000
0 0 0 44
AAAAAAAA
0 0 0 17
00000000
0 0 0 42
next 15 entries? (y/n)
Related Commands
show msglog
show ike
show ike
Use the show ike command, to display active IKE SAs.
>show ike
Nortel 2200 Series Product Guide
340 show ipsec
Syntax
show
ike
<IP or MAC address>
Command action.
Display active IKE SAs
IP or MAC address of active IKE SA.
Defaults
(none)
Examples
>show ike
Related Commands
None
show ipsec
show ipsec
Use the show ipsec command, to display active IPSEC SAs.
>show ipsec
Syntax
show
ipsec
<IP or MAC address>
Command action.
Display active IPSEC SAs
Display active IPSEC SAs.
Defaults
(none)
Examples
>show ipsec
Related Commands
None
show interface
show interface
Use the show interface command to display details of the system interfaces.
>show interface [summary/detailed <interface name>]
Syntax
show interface
summary
detailed
interface name
Command action
Display a summary of the local interfaces.
Display detailed interface information.
Identifies interface name for detailed display
Defaults
(none)
Examples
>show interface summary
320298-A Rev 00
show inventory 341
Interface Name
Address
Type
-------------------------------------management
Static
service-port
A
172.16.16.199
virtual
A
0.0.0.0
vlan_301
Dynamic
Vlan Id
IP
--------
--------------
2
192.168.2.36
N/
Static
N/
Static
301
192.168.2.200
>show interface detailed management
Interface Name.................................
MAC Address....................................
00:0b:85:02:0d:20
IP Address.....................................
IP Netmask.....................................
255.255.255.0
IP Gateway.....................................
VLAN...........................................
Physical Port..................................
Primary DHCP Server............................
Secondary DHCP Server..........................
ACL............................................
management
192.168.2.36
192.168.2.1
2
1
10.1.2.11
Unconfigured
Unconfigured
Related Commands
config interface
show inventory
show inventory
To display a physical inventory of the WLAN — Security Switch (2270), use the show inventory command.
>show inventory
Syntax
show
inventory
Display configurations.
Physical WLAN — Security Switch (2270)
configuration.
Defaults
(none)
Examples
>show inventory
Switch Description.............................. (UNUSED
PRODUCT)
Machine Model................................... switch
Nortel 2200 Series Product Guide
342 show l2tp
Serial Number................................... 102389954
Burned-in MAC Address...........................
00:0B:85:02:01:00
Gig Ethernet/Fiber Card......................... Present
Crypto Accelerator.............................. Present
Related Commands
show sysinfo
show l2tp
show l2tp
To display L2TP sessions, use the show l2tp command.
>show l2tp
Syntax
show
summary
<LAC IP addr>
Display configurations.
Displays all L2TP sessions.
Displays a L2TP session.
Defaults
(none)
Examples
>show l2tp summary
LAC_IPaddr LTid LSid RTid RSid ATid ASid State
---------- ---- ---- ---- ---- ---- ---- ----Related Commands
None
show known
show known
To display known AP information, use the show known command.
>show known ap <summary/detailed>
Syntax
show
known ap
<summary/
detailed>
Display configurations.
Known AP information.
Displays a list of all Known APs
Provides detailed information for a Known AP
Defaults
Examples
>show known ap summary
MAC Address
State
Heard
------------------
320298-A Rev 00
---------------------------
# APs
-----
# Clients
Last
show load-balancing 343
Related Commands
config ap
show load-balancing
show load-balancing
To display the status of the load-balancing feature, use the show load-balancing command.
>show load-balancing
Syntax
show
load-balancing
Display configurations.
Status load-balancing.
Defaults
Enabled
Examples
>show load-balancing
Aggressive Load Balancing...................... Enabled
Aggressive Load Balancing Window............... 0 clients
Related Commands
config load-balancing
show loginsession
show loginsession
To display the existing sessions, use the show loginsession command.
>show loginsession
Syntax
show
loginsession
Display configurations.
Current session details.
Defaults
(none)
Examples
>show loginsession
ID User Name
Connection From Idle Time
Time
---------------- --------------- -----------00 admin
172.18.4.84
00:00:00
Session
-----------01:08:18
Related Commands
config loginsession close
Nortel 2200 Series Product Guide
344 show macfilter
show macfilter
show macfilter
To display the MAC filter parameters, use the show macfilter commands. The MAC delimiter (none, colon, or hyphen)
for MAC addresses sent to RADIUS servers is displayed. The MAC filter table lists the clients that are always allowed
to associate with a WLAN.
>show macfilter [summary/detail <MAC address>]
Syntax
show
macfilter
Display configurations.
Filter details.
Defaults
(none)
Examples
>show macfilter summary
MAC Filter RADIUS Compatibility mode............. Cisco ACS
MAC Filter Delimiter............................. None
>show macfilter detail
Unable to retrieve MAC filter.
Related Commands
config macfilter mac-delimiter, config macfilter add, config macfilter delete, config
macfilter description, config macfilter wlan-id
show mgmtuser
show mgmtuser
To display the local management user accounts on the WLAN — Security Switch (2270), use the show mgmtuser
command.
>show mgmtuser
Syntax
show
mgmtuser
Display configurations.
Management users.
Defaults
(none)
Examples
>show mgmtuser
User Name
--------------------------------admin
Permissions
------------
Description
---------------------
read-write
Related Commands
config mgmtuser add, config mgmtuser delete, config mgmtuser password
320298-A Rev 00
Show Mirror Commands 345
Show Mirror Commands
show mirror
Use the following show mirror commands.
•
“show mirror ap” on page 345
•
“show mirror foreignap” on page 345
•
“show mirror mac” on page 346
•
“show mirror port” on page 346
show mirror ap
show mirror ap
To view the WLAN — Access Ports (223x) whose transmit and receive data appears on the Mirror Port (see config
mirror port) for troubleshooting, use the show mirror ap command.
>show mirror ap
Syntax
show
mirror
ap
Configure parameters.
Mirror command.
WLAN — Access Port (223x).
Defaults
(none)
Examples
>show mirror ap
AP
----------------AP3
Related Commands
config mirror ap, show mirror foreignap, show mirror mac, show mirror port
show mirror foreignap
show mirror foreignap
To view the Third-Party APs whose transmit and receive data appears on the Mirror Port (see “config mirror port” on
page 462) for troubleshooting, use the show mirror foreignap command.
>show mirror foreignap
Syntax
show
mirror
foreignap
Configure parameters.
Mirror command.
Third-Party Access Point.
Defaults
(none)
Examples
>show mirror foreignap
Nortel 2200 Series Product Guide
346 show mirror mac
Foreign AP Port
--------------2
Related Commands
config mirror foreignap, show mirror ap, show mirror mac, show mirror port
show mirror mac
show mirror mac
To view the clients whose transmit and receive data appears on the Mirror Port (see “config mirror port” on page 462) by
MAC address, use the show mirror mac command.
>show mirror mac
Syntax
show
mirror
mac
Configure parameters.
Mirror command.
Client MAC address.
Defaults
(none)
Examples
>show mirror mac
Client MAC
Type
----------------- ------23:0c:41:0a:33:a3 Static
Related Commands
config mirror mac, show mirror ap, show mirror foreignap, show mirror port
show mirror port
show mirror port
To view the Mirror Port on the Nortel WLAN — Wireless Security Switches (2270) (used for troubleshooting using a
protocol analyzer), use the show mirror port command.
>show mirror port
Syntax
show
mirror
port
Configure parameters.
Mirror command.
Client, WLAN — Access Port (223x), and/or
Third-Party AP data stream is Mirrored to
this port.
Defaults
(none)
Examples
>show mirror port
Mirror Port................................. 23
320298-A Rev 00
Show Mobility Commands 347
Related Commands
config mirror port, show mirror ap, show mirror foreignap, show mirror mac
Show Mobility Commands
show mirror
Use the following show mobility commands.
•
“show mobility statistics” on page 347
•
“show mobility summary” on page 348
show mobility statistics
show mobility statistics
To display the statistics information for the WLAN — Security Switch (2270) mobility groups, use the show mobility
statistics command.
>show mobility statistics
Syntax
show
mobility
statistics
Display configurations.
Mobility group.
Statistics details.
Defaults
(none)
Examples
>show mobility statistics
Global Mobility Statistics
Rx Errors.....................................
Tx Errors.....................................
Responses Retransmitted.......................
Handoff Requests Received.....................
Handoff End Requests Received.................
State Transitions Disallowed..................
Resource Unavailable..........................
Mobility Initiator Statistics
Handoff Requests Sent.........................
Handoff Replies Received......................
Handoff as Local Received.....................
Handoff as Foreign Received...................
Handoff Denys Received........................
Anchor Request Sent...........................
Anchor Deny Received..........................
Anchor Grant Received.........................
Anchor Transfer Received......................
Mobility Responder Statistics
Handoff Requests Ignored......................
Ping Pong Handoff Requests Dropped............
Handoff Requests Dropped......................
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
Nortel 2200 Series Product Guide
348 show mobility summary
Handoff Requests Denied.......................
Client Handoff as Local.......................
Client Handoff as Foreign ...................
Anchor Requests Received......................
Anchor Requests Denied........................
Anchor Requests Granted.......................
Anchor Transferred............................
0
0
0
0
0
0
0
Related Commands
config mobility group discovery, config mobility group member
show mobility summary
show mobility summary
To display the summary information for the WLAN — Security Switch (2270) mobility groups, use the show mobility
summary command.
>show mobility summary
Syntax
show
mobility
summary
Display configurations.
Mobility group.
Summary details
Defaults
(none)
Examples
>show mobility summary
Mobility Protocol Port........................... 16666
Mobility Security Mode........................... Disabled
Mobility Group................................... Eng_Test
Mobility Group members configured................ 1
Switches configured in the Mobility Group
MAC Address
IP Address
Group Name
00:0b:85:02:0d:26 10.1.77.170
<local>
Related Commands
config mobility group discovery, config mobility group member
show msglog
show msglog
To display the message logs written to the WLAN — Security Switch (2270) database, use the show msglog command.
If there are more that 15 entries you are prompted to display the messages shown in the example.
>show msglog
Syntax
show
msglog
320298-A Rev 00
Display configurations.
Message logs.
show netuser 349
Defaults
(none)
Examples
>show msglog
Fri Aug 8 17:25:51
Transmitting msg.
Fri Aug 8 17:25:50
Transmitting msg.
Fri Aug 8 17:25:50
Transmitting msg.
Fri Aug 8 17:25:49
Transmitting msg.
Fri Aug 8 17:25:49
Transmitting msg.
Fri Aug 8 17:25:49
Transmitting msg.
Fri Aug 8 17:25:35
Transmitting msg.
Fri Aug 8 17:25:35
Transmitting msg.
Fri Aug 8 17:25:34
Transmitting msg.
Fri Aug 8 17:25:34
Transmitting msg.
Fri Aug 8 17:25:34
Transmitting msg.
Fri Aug 8 17:25:33
Transmitting msg.
Fri Aug 8 17:25:22
Transmitting msg.
Fri Aug 8 17:25:22
Transmitting msg.
Fri Aug 8 17:25:21
Transmitting msg.
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
2003 File: gvr.c : Line: 777 : GVRP:
Related Commands
show eventlog
show netuser
show netuser
To display local network user accounts, use the show netuser command.
>show netuser
Syntax
show
netuser
Display configurations.
Network users.
Nortel 2200 Series Product Guide
350 show network
Defaults
(none)
Examples
>show netuser
User Name
WLAN Id
Description
----------------------- -------------- ------------------------------krebbis
1
all krebbis
Related Commands
config netuser add, config netuser delete, config netuser password, config netuser wlan-id
show network
show network
To display the network configuration of the WLAN — Security Switch (2270), use the show network command.
>show network
Syntax
show
network
Display configurations.
Network configuration.
Defaults
(none)
Examples
>show network
RF/Mobility Domain Name..................... Engr_Test
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Mode..................... Enable
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
WLAN — Access Port (223x) Default Master.................
Disable
Mgmt Via Wireless Interface................. Disable
Over The Air Provisioning of APs............ Enable
Mobile Peer to Peer Blocking................ Enable
Apple Talk.................................. Disable
AP Fallback................................. Enable
Web Auth Redirect Ports..................... 80
Related Commands
config network arptimeout, config network bcast-ssid, config network dsport, config
network master-base, config network mgmt-via-wireless, config network params, config
network rf-mobility-domain, config network secureweb, config network secweb-passwd,
320298-A Rev 00
show port 351
config network ssh, config network telnet, config network usertimeout, config network
vlan, config network webmode
show port
show port
To display the WLAN — Security Switch (2270) port settings on an individual or global basis, use the show port
command.
>show port <port number>
>show port summary
Syntax
show
Display configurations.
port
WLAN — Security Switch (2270) port.
<port number>/summary Individual port or all ports
Defaults
(none)
Examples
>show port 7
STP Admin
Physical
cast
Pr Type
Stat Mode
Mode
ppliance POE
-- ------- ---- ------- --------------- -----7 Normal Disa Enable Auto
Half
Down
Enable Enable
Physical
Link
Link
M
Status
Status Trap
A
---------- ------ ------10
Enable
>show port summary
STP Admin
Physical Physical
Link
Link
M
cast
Pr Type
Stat Mode
Mode
Status
Status Trap
A
ppliance POE
-- ------- ---- ------- -------- ---------- ------ -------------- -----1 Normal Disa Enable Auto
10
Half
Down
Enable Enable
Enable
2 Normal Disa Disable Auto
10
Half
Down
Enable Enable
Enable
3 Normal Disa Disable Auto
10
Half
Down
Enable Disable Enable
4 Normal Disa Disable Auto
10
Half
Down
Enable Disable Enable
5 Normal Disa Disable Auto
10
Half
Down
Enable Disable Enable
6 Normal Disa Enable Auto
10
Half
Down
Enable Enable
Enable
Nortel 2200 Series Product Guide
352 show qos queue_length all
7 Normal Disa Enable Auto
Half
Down
Enable Enable
8 Normal Disa Disable Auto
Half
Down
Enable Disable
9 Normal Disa Enable Auto
Half
Down
Enable Enable
10 Normal Disa Enable Auto
Half
Down
Enable Enable
11 Normal Disa Enable Auto
Half
Down
Enable Enable
12 Normal Disa Enable Auto
Half
Down
Enable Enable
13 Normal Disa Enable Auto
Half
Down
Enable Enable
14 Normal Disa Enable Auto
Half
Down
Enable Enable
15 Normal Disa Enable Auto
Half
Down
Enable Disable
16 Normal Disa Enable Auto
Half
Down
Enable Enable
17 Normal Disa Enable Auto
Half
Down
Enable Enable
18 Normal Disa Enable Auto
Half
Down
Enable Enable
19 Normal Disa Enable Auto
Half
Down
Enable Enable
20 Normal Disa Enable Auto
Half
Down
Enable Enable
21 Normal Disa Enable Auto
Half
Down
Enable Enable
22 Normal Disa Enable Auto
Half
Down
Enable Enable
23 Normal Disa Enable Auto
Half
Down
Enable Enable
24 Normal Disa Enable Auto
Half
Down
Enable Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
10
Enable
Related Commands
config ap port, config network dsport, config mirror port, config port adminmode, config
port autoneg, config port linktrap, config port physicalmode, config port power
show qos queue_length all
show qos queue_length all
To display quality of service (qos) information (queue length), use the show qos command.
>show qos queue_length all
Syntax
show qos
320298-A Rev 00
Command action
Show Radius Commands 353
queue_length all
Display all quality of service queue lengths.
Defaults
(none)
Examples
>show qos queue_length all
Uranium queue length...........................
Platinum queue length..........................
Gold queue length..............................
Silver queue length............................
Bronze queue length............................
255
255
255
150
100
Related Commands
config qos
Show Radius Commands
show radius
Use the following show radius commands:
•
“show radius acct statistics” on page 353
•
“show radius auth statistics” on page 354
•
“show radius summary” on page 355
show radius acct statistics
show radius acct statistics
To display the RADIUS accounting server statistics for the WLAN — Security Switch (2270), use the show radius acct
statistics command.
>show radius acct statistics
Syntax
show
radius acct
statistics
Display configurations.
RADIUS accounting server.
Statistics
Defaults
(none)
Examples
>show radius acct statistics
Accounting Servers:
Server Index.....................................
Server Address...................................
Msg Round Trip Time..............................
second)
First Requests...................................
Retry Requests...................................
1
10.1.17.10
0 (1/100
0
0
Nortel 2200 Series Product Guide
354 show radius auth statistics
Accounting Responses.............................
Malformed Msgs...................................
Bad Authenticator Msgs...........................
Pending Requests.................................
Timeout Requests.................................
Unknowntype Msgs.................................
Other Drops......................................
0
0
0
0
0
0
0
Related Commands
show radius auth statistics, show radius summary
show radius auth statistics
show radius auth statistics
To display the RADIUS authentication server statistics for the WLAN — Security Switch (2270), use the show radius
auth statistics command.
>show radius auth statistics
Syntax
show
radius auth
statistics
Display configurations.
RADIUS authentication server.
Statistics.
Defaults
(none)
Examples
>show radius auth statistics
Authentication Servers:
Server Index..................................... 1
Server Address................................... 1.1.1.1
Msg Round Trip Time.............................. 0 (1/100
second)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
Related Commands
show radius acct statistics, show radius summary
320298-A Rev 00
show radius summary 355
show radius summary
show radius summary
To display the RADIUS authentication and accounting server summary, use the show radius summary command.
>show radius summary
Syntax
show
radius
summary
Display configurations.
RADIUS authentication server.
server summary.
Defaults
(none)
Examples
>show radius summary
Vendor Id Backward Compatibility................. Enabled
Credentials Caching.............................. Enabled
Call Station Id Type............................. IP Address
Authentication Servers
Index Server
Address
Port
State
----- ----------------------------------------------------------1
10.1.3.10
Accounting Servers
Index Server
Address
Port
State
----- ----------------------------------------------------------1
10.1.3.10
Enabled
-----1812
-----1813
Related Commands
show radius auth statistics, show radius acct statistics
Show Rogue AP Commands
show rogue ap
Use the following Rogue AP commands:
•
“show rogue ap clients” on page 356
•
“show rogue ap detailed” on page 356
•
“show rogue ap summary” on page 357
Nortel 2200 Series Product Guide
356 show rogue ap clients
show rogue ap clients
show rogue ap clients
To show details of a rogue access point clients detected by the WLAN — Security Switch (2270), use the show rogue ap
clients command.
>show rogue ap clients <Rogue AP MAC address>
Syntax
show
Display configurations.
rogue ap
Rogue access points.
clients
Summary information.
<Rogue AP MAC address>Rogue AP MAC address.
Defaults
(none)
Examples
>show rogue ap clients 00:0b:85:01:39:13
MAC Address
-----------------
State
------
00:0b:85:01:39:13
# APs
1
Alert
Last Heard
---------------------------
1
Tue Oct 5 11:36:44 2004
Related Commands
show rogue ap summary
show rogue ap detailed
show rogue ap detailed
To show details of a rogue access point detected by the WLAN — Security Switch (2270), use the show rogue-ap
detailed command.
>show rogue ap detailed <MAC address>
Syntax
show
rogue ap
detailed
<MAC address>
Display configurations.
Rogue access points.
Summary information.
AP MAC address.
Defaults
(none)
Examples
>show rogue ap detailed 00:40:96:90:d1:6a
Rogue MAC Address..............................
00:40:96:90:d1:6a
State.......................................... Alert
First Time Rogue was Reported.................. Sat Aug
15:48:50 2003
320298-A Rev 00
9
show rogue ap summary 357
Last Time Rogue was Reported...................
21:16:50 2003
Reported By
AP 1
MAC Address............................
00:0b:85:01:88:b0
Name...................................
Radio Type.............................
SSID...................................
Channel................................
RSSI...................................
SNR....................................
Sat Aug
9
AP1
802.11b
Chichen
6
-60 dBm
40 dB
Related Commands
show rogue ap summary, show rogue ap clients
show rogue ap summary
show rogue ap summary
To display a summary of the rogue access points detected by the WLAN — Security Switch (2270), use the show
rogue-ap summary command.
>show rogue ap summary
Syntax
show
rogue ap
summary
Display configurations.
Rogue access points.
Summary information.
Defaults
(none)
Examples
>show rogue ap summary
Rogue Location Discovery Protocol................
RLDP Auto-Contain................................
MAC Address
State
----------------- ---------------------------------00:02:6d:28:37:ab Alert
2004
00:09:6b:54:23:90 Alert
2003
00:0b:65:00:80:40 Alert
2003
Disabled
Disabled
# APs Last Heard
----1
Sat Aug
9 21:12:50
1
Sat Aug
9 21:12:50
1
Sat Aug
9 21:10:50
Related Commands
show rogue ap detailed, show rogue ap clients
Nortel 2200 Series Product Guide
358 Show Rogue Adhoc Commands
Show Rogue Adhoc Commands
show rogue adhoc
Use the following Rogue AP commands:
•
“show rogue adhoc detailed” on page 358
•
“show rogue adhoc summary” on page 359
show rogue adhoc detailed
show rogue adhoc detailed
To show details of an adhoc rogue access detected by the WLAN — Security Switch (2270), use the show rogue adhoc
client detailed command.
>show rogue adhoc detailed <Adhoc Rogue MAC address>
Syntax
show
rogue adhoc
detailed
<MAC address>
Display configurations.
Adhoc Rogue.
Summary information.
Adhoc Rogue MAC address.
Defaults
(none)
Examples
>show rogue adhoc detailed 00:40:96:90:d1:6a
Adhoc Rogue MAC Address..............................
00:40:96:90:d1:6a
State.......................................... Alert
First Time Adhoc Rogue was Reported............ Sat Aug
15:48:50 2003
Last Time Adhoc Rogue was Reported............. Sat Aug
21:16:50 2003
Reported By
AP 1
MAC Address............................
00:0b:85:01:88:b0
Name................................... AP1
Radio Type............................. 802.11b
SSID................................... Chichen
Channel................................ 6
RSSI................................... -60 dBm
SNR.................................... 40 dB
Related Commands
show rogue adhoc summary
320298-A Rev 00
9
9
show rogue adhoc summary 359
show rogue adhoc summary
show rogue adhoc summary
To display a summary of the adhoc rogues detected by the WLAN — Security Switch (2270), use the show rogue adhoc
summary command.
>show rogue adhoc summary
Syntax
show
rogue adhoc
summary
Display configurations.
Adhoc Rogue.
Summary information.
Defaults
(none)
Examples
>show rogue adhoc summary
Client MAC Address
Adhoc BSSID
Heard
---------------------- ----------------00:02:6d:28:37:ab
Aug 9 21:12:50 2004
00:09:6b:54:23:90
21:12:50 2003
00:0b:65:00:80:40
21:10:50 2003
Related Commands
State
# APs
Alert
1
Sat
Alert
1
Aug
1
Sat Aug
Alert
Last
9
9
show rogue adhoc detailed
Show Rogue Client Commands
show rogue client
Use the following Rogue Client commands:
•
“show rogue client detailed” on page 359
•
“show rogue client summary” on page 360
show rogue client detailed
show rogue client detailed
To show details of a rogue client detected by the WLAN — Security Switch (2270), use the show rogue client detailed
command.
>show rogue client detailed <MAC address>
Syntax
show
rogue client
detailed
<MAC address>
Display configurations.
Rogue client.
Summary information.
Rogue client MAC address.
Nortel 2200 Series Product Guide
360 show rogue client summary
Defaults
(none)
Examples
>show rogue client detailed 00:40:96:90:d1:6a
Rogue Client MAC Address.......................
00:40:96:90:d1:6a
State..........................................
First Time Rogue Client was Reported...........
15:48:50 2003
Last Time Rogue Client was Reported............
21:16:50 2003
Reported By
AP 1
Rogue Client MAC Address...............
00:0b:85:01:88:b0
Name...................................
Radio Type.............................
SSID...................................
Channel................................
RSSI...................................
SNR....................................
Alert
Sat Aug
9
Sat Aug
9
AP1
802.11b
Chichen
6
-60 dBm
40 dB
Related Commands
show rogue client summary
show rogue client summary
show rogue client summary
To display a summary of the rogue clients detected by the WLAN — Security Switch (2270), use the show rogue client
summary command.
>show rogue client summary
Syntax
show
rogue client
summary
Display configurations.
Rogue client.
Summary information.
Defaults
(none)
Examples
>show rogue client summary
MAC Address
State
# APs Last Heard
----------------- ------------ --------------------------00:02:6d:28:37:ab Alert
1
Sat Aug 9 21:12:50
2004
320298-A Rev 00
show route summary 361
00:09:6b:54:23:90
2003
00:0b:65:00:80:40
2003
Alert
1
Sat Aug
9 21:12:50
Alert
1
Sat Aug
9 21:10:50
Related Commands
show rogue client detailed
show route summary
show route summary
To a show the routes assigned to the WLAN — Security Switch (2270) Service port, use the show route summary
command.
>show route summary
Syntax
show route
summary
Command action
Summary information.
Defaults
(none)
Examples
>show route summary
Number of Routes............................... 1
Destination Network
---------------------193.122.17.3
Genmask
-------------------
Gateway
---------------
255.255.255.0
172.99.3.89
Related Commands
config route
show rules
show rules
To a show the active internal firewall rules, use the show rules command.
>show rules
Syntax
show rules
Command action
Defaults
(none)
Examples
>show rules
Related Commands
None
Nortel 2200 Series Product Guide
362 show run-config
show run-config
show run-config
To a show the routes assigned to the WLAN — Security Switch (2270) Service port, use the show route summary
command.
>show route summary
Syntax
show route
summary
Command action
Summary information.
Defaults
(none)
Examples
>System Inventory
System Inventory
Switch Description...............................
Access Port (223x)
Machine Model....................................
Serial Number....................................
01012403-10037905-01007
Burned-in MAC Address............................
00:0B:85:02:0D:20
Gig Ethernet/Fiber Card..........................
Crypto Accelerator...............................
System Information
Manufacturer's Name..............................
Product Name.....................................
Access Port (223x)
Product Version..................................
RTOS Version.....................................
Bootloader Version...............................
WLAN —
switch
Present
Present
Nortel
WLAN —
2.2.133.0
2.2.133.0
2.2.133.0
System Name...................................... Pubs01
System Location..................................
System Contact...................................
System ObjectID..................................
1.3.6.1.4.1.45.3.60.1
IP Address.......................................
10.1.44.170
System Up Time................................... 1 days 2
hrs 15 mins 28 secs
Configured Country............................... United
States (Legacy)
Operating Environment............................ Commercial
(0 to 40 C)
320298-A Rev 00
show run-config 363
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +46 C
State of 802.11b Network.........................
State of 802.11a Network.........................
Number of WLANs..................................
3rd Party Access Point Support...................
Number of Active Clients.........................
Disabled
Enabled
1
Disabled
1
Switch Configuration
802.3x Flow Control Mode......................... Enable
Current LWAPP Transport Mode..................... Layer 2
LWAPP Transport Mode after next switch reboot.... Layer 2
Network Information
RF/Mobility Domain Name..................... Engr_Test
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Mode..................... Enable
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Nortel Networks AP Default Master................. Disable
Mgmt Via Wireless Interface................. Disable
Over The Air Provisioning of APs............ Enable
Mobile Peer to Peer Blocking................ Enable
Apple Talk.................................. Disable
AP Fallback................................. Enable
Web Auth Redirect Ports..................... Enable
Port Summary
STP
Admin
Physical
Physical
Link
Link
Mcast
Pr Type
Stat
Mode
Mode
Status
Status Trap
Applia
nce POE
-- ------- ---- ------- ---------- ---------- ------ ------- -----------1 Normal Forw Enable Auto
100
Full
Up
Enable Enable Enable
2 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
3 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
4 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
5 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
6 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
Nortel 2200 Series Product Guide
364 show run-config
7 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
8 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
9 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
10 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
11 Normal Forw Enable Auto
100
Full
Up
Enable Enable Enable
12 Normal Forw Enable Auto
100
Full
Up
Enable Enable Enable
13 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
14 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
15 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
16 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
17 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
18 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
19 Normal Forw Enable Auto
100
Full
Up
Enable Enable Enable
20 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
21 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
22 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
23 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
24 Normal Disa Enable Auto
10
Half
Down
Enable Enable Enable
25 Normal Forw Enable 1000 Full 1000
Full Up
Enable Enable N/A
AP Summary
AP Name
Slots AP Type
MAC
Addr
Location
Port
------------------ ------------- ----------------- ---------------- ---AP03
2
Nortel 00:0b:85:01:18:b0 default
location 12
AP02
2
Nortel 00:0b:85:01:12:60 default
location 11
AP01
2
Nortel 00:0b:85:01:05:00 default
location 19
Press Enter to continue. . .
320298-A Rev 00
show serial 365
Related Commands
config route
show serial
show serial
To a show the serial (Console) port configuration, use the show serial command.
>show serial
Syntax
show
serial
Display configurations.
Console serial port.
Defaults
9600, 8, OFF, 1, (none)
Examples
>show serial
Serial Port Login Timeout (minutes).........
Baud Rate...................................
Character Size..............................
Flow Control:...............................
Stop Bits...................................
Parity Type:................................
0
9600
8
Disable
1
none
Related Commands
config serial baudrate, config serial timeout
show sessions
show sessions
To a show the Console port login timeout and maximum number of simultaneous CLI sessions, use the show sessions
command.
>show sessions
Syntax
show
sessions
Display configurations.
CLI session limits.
Defaults
5 minutes, 5 sessions.
Examples
>show sessions
CLI Login Timeout (minutes)............ 0
Maximum Number of CLI Sessions......... 5
which indicates that the CLI sessions never time out, and that the WLAN — Security
Switch (2270) can host up to five simultaneous CLI sessions.
Related Commands
config sessions maxsessions, config sessions timeout
Nortel 2200 Series Product Guide
366 show snmpcommunity
show snmpcommunity
show snmpcommunity
To a show the SNMP version 1/version 2c community configuration, use the show snmpcommunity command.
>show snmpcommunity
Syntax
show
snmpcommunity
Display configurations.
SNMP version 1/version 2c community
configuration.
Defaults
(none)
Examples
>show snmpcommunity
SNMP Community Name Client IP Address
Mask
Access Mode Status
------------------- ---------------------- -----**********
0.0.0.0
Write Enable
public
0.0.0.0
Only
Enable
Client IP
---------------- ----0.0.0.0
Read/
0.0.0.0
Read
Related Commands
config snmp version, config snmp community mode, config snmp community accessmode, config snmp community create, config snmp community delete, config snmp
community ipaddr
show snmptrap
show snmptrap
To a show the WLAN — Security Switch (2270) SNMP trap receivers and their status, use the show snmptrap
command.
>show snmptrap
Syntax
show
snmptrap
Display configurations.
SNMP trap receivers.
Defaults
(none)
Examples
>show snmptrap
SNMP Trap Receiver Name
-----------------------180.16.19.81
320298-A Rev 00
IP Address
Status
----------------- -------172.16.16.81
Enable
show snmpv3user 367
Related Commands
config snmp version, config snmp trapreceiver
show snmpv3user
show snmpv3user
To a show the SNMP version 3 configuration, use the show snmpv3user command.
>show snmpv3user
Syntax
show
snmpv3user
Display configurations.
SNMP version 3 configuration.
Defaults
(none)
Examples
>show snmpv3user
SNMP v3 User Name
AccessMode Authentication Encryption
-------------------- ----------- -------------- ---------default
Read/Write HMAC-MD5
CBC-DES
Related Commands
config snmp version, config snmp v3user
show snmpversion
show snmpversion
To a show the SNMP version status, use the show snmpversion command.
>show snmpversion
Syntax
show
snmpversion
Display configurations.
SNMP states.
Defaults
Enable.
Examples
>show snmpversion
SNMP v1 Mode.................................. Disable
SNMP v2c Mode.................................. Enable
SNMP v3 Mode.................................. Enable
Related Commands
config snmp version
show spanningtree port
show spanningtree port
To a show the WLAN — Security Switch (2270) spanning tree port configuration, use the show spanningtree port
command.
Nortel 2200 Series Product Guide
368 show spanningtree switch
>show spanningtree port <port>
Syntax
show
spanningtree
port
<port>
Display configurations.
Spanning tree.
Physical port.
Physical port number:
- 1 through 13 on switch
- 1 through 25 on switch
- 1 on 2270
- 1 or 2 on 2270
Defaults
800C, Disabled, 802.1D, 128, 100, Auto.
Examples
>show spanningtree port 3
STP Port ID.................................
STP Port State..............................
STP Port Administrative Mode................
STP Port Priority...........................
STP Port Path Cost..........................
STP Port Path Cost Mode.....................
800C
Disabled
802.1D
128
100
Auto
Related Commands
config spanningtree port
show spanningtree switch
show spanningtree switch
To a show the WLAN — Security Switch (2270) network (DS Port) spanning tree configuration, use the show spanningtree switch command.
>show spanningtree switch
Syntax
show
spanningtree
switch
<port>
Display configurations.
Spanning tree.
WLAN — Security Switch (2270)
configuration.
Physical port number:
- 1 through 13 on switch
- 1 through 25 on switch
- 1 on 2270
- 1 or 2 on 2270
Defaults
(none)
Examples
>show spanningtree switch
320298-A Rev 00
Show Stats Commands 369
STP Specification......................
STP Base MAC Address...................
Spanning Tree Algorithm................
STP Bridge Priority....................
STP Bridge Max. Age (seconds)..........
STP Bridge Hello Time (seconds)........
STP Bridge Forward Delay (seconds).....
IEEE 802.1D
00:0B:85:02:0D:20
Disable
32768
20
2
15
Related Commands
config spanningtree switch bridgepriority, config spanningtree switch forwarddelay,
config spanningtree switch hellotime, config spanningtree switch maxage, config spanningtree switch mode
Show Stats Commands
show stats
Use the following show stats commands:
•
“show stats port” on page 369
•
“show stats switch” on page 371
show stats port
show stats port
To a show physical port receive and transmit statistics, use the show stats port command.
>show stats port detailed <port>
>show stats port summary <port>
Syntax
show
stats
port
detailed
summary
<port>
Display configurations.
Statistics.
Port.
Details for a port.
Summary of all ports.
Physical port number:
- 1 through 13 on switch
- 1 through 25 on switch
- 1 on 2270
- 1 or 2 on 2270
Defaults
(none)
Examples
>show stats port summary 5
Packets Received Without Error.................
Packets Received With Error....................
Broadcast Packets Received.....................
Packets Transmitted Without Error..............
Transmit Packets Errors........................
399958
0
8350
106060
0
Nortel 2200 Series Product Guide
370 show stats port
Collisions Frames.............................. 0
Time Since Counters Last Cleared............... 2 day 11 hr
16 min 23 sec
>show stats port detailed 5
PACKETS RECEIVED (OCTETS)
Total Bytes...................................... 267799881
64 byte pkts
:918281
65-127 byte pkts
:354016
128-255 byte
pkts
:1283092
256-511 byte pkts
:8406
512-1023 byte
pkts :3006
1024-1518 byte pkts :1184
1519-1530 byte pkts :0
> 1530 byte pkts
:2
PACKETS RECEIVED SUCCESSFULLY
Total............................................ 2567987
Unicast
Pkts :2547844
Multicast Pkts:0
Broadcast
Pkts:20143
PACKETS RECEIVED WITH MAC ERRORS
Total............................................ 0
Jabbers
:0
Undersize :0
ent :0
FCS Errors:0
Overruns :0
Alignm
RECEIVED PACKETS NOT FORWARDED
Total............................................ 0
Local Traffic Frames:0
RX Pause Frames
:0
Unacceptable Frames :0
VLAN Membership
:0
VLAN Viable Discards:0
MulticastTree Viable:0
ReserveAddr Discards:0
CFI Discards
:0
Upstream Threshold :0
PACKETS TRANSMITTED (OCTETS)
Total Bytes...................................... 52132995
64 byte pkts
:647066
65-127 byte
pkts
:28346
128-255 byte pkts
:26988
256-511 byte
pkts
:11595
512-1023 byte pkts :114
1024-1518 byte
pkts :1324
1519-1530 byte pkts :0
Max
Info
:1522
PACKETS TRANSMITTED SUCCESSFULLY
320298-A Rev 00
show stats switch 371
Total............................................ 715435
Unicast Pkts :117570
Multicast
Pkts:597864
Broadcast Pkts:1
TRANSMIT ERRORS
Total Errors..................................... 0
FCS Error
:0
TX
Oversized :0
Underrun Error:0
TRANSMIT DISCARDS
Total Discards................................... 0
Single Coll Frames :0
Multiple Coll Frames:0
Excessive Coll Frame:0
Port Membership
:0
VLAN Viable Discards:0
PROTOCOL STATISTICS
BPDUs Received
:1450
802.3x RX PauseFrame:0
BPDUs Transmitted
:0
Time Since Counters Last Cleared............... 6 day 23 hr
49 min 1 sec
Related Commands
config port physicalmode
show stats switch
show stats switch
To a show the network (DS Port) receive and transmit statistics, use the show stats switch command.
>show stats switch detailed
>show stats switch summary
Syntax
show
stats
switch
detailed
summary
Display configurations.
Statistics.
WLAN — Security Switch (2270).
Details for a port.
Summary of all ports.
Defaults
(none)
Examples
>show stats switch summary
Packets Received Without Error.................
Broadcast Packets Received.....................
Packets Received With Error....................
Packets Transmitted Without Error..............
136410
18805
0
78002
Nortel 2200 Series Product Guide
372 show switchconfig
Broadcast Packets Transmitted..................
Transmit Packet Errors.........................
Address Entries Currently In Use...............
VLAN Entries Currently In Use..................
Time Since Counters Last Cleared...............
22 min 17 sec
3340
2
26
1
2 day 11 hr
>show stats switch detailed
RECEIVE
Octets.........................................
Total Pkts.....................................
Unicast Pkts...................................
Multicast Pkts.................................
Broadcast Pkts.................................
Pkts Discarded.................................
13973582
136441
117636
0
18805
0
TRANSMIT
Octets.........................................
Total Pkts.....................................
Unicast Pkts...................................
Multicast Pkts.................................
Broadcast Pkts.................................
Pkts Discarded.................................
5919784
78028
33448
41240
3340
2
ADDRESS ENTRIES
Most Ever Used................................. 26
Currently In Use............................... 26
VLAN ENTRIES
Maximum........................................
Most Ever Used.................................
Static In Use..................................
Dynamic In Use.................................
VLANs Deleted..................................
Time Since Ctrs Last Cleared...................
23 min 43 sec
128
1
1
0
0
2 day 11 hr
Related Commands
config network dsport
show switchconfig
show switchconfig
To a show the network (DS Port) 802.3x flow control mode, use the show switchconfig command.
>show switchconfig
Syntax
show
switchconfig
320298-A Rev 00
Display configurations.
WLAN — Security Switch (2270)
configuration.
show sysinfo 373
Defaults
(none)
Examples
>show switchconfig
802.3x Flow Control Mode....................... Disable
Current LWAPP Transport Mode................... Layer 2
LWAPP Transport Mode after next switch reboot . Layer 2
Related Commands
config switchconfig flowcontrol, config switchconfig mode
show sysinfo
show sysinfo
To a show high-level WLAN — Security Switch (2270) information, use the show sysinfo command.
>show sysinfo
Syntax
show
sysinfo
Display configurations.
WLAN — Security Switch (2270) information.
Defaults
(none)
Examples
>show sysinfo
Manufacturer's Name..........................
Product Name.................................
PRODUCT)
Product Version..............................
RTOS Version.................................
Bootloader Version...........................
<company name>
(UNUSED
1.2.48.0
1.2.48.0
1.1.11.0
System Name..................................
System Location..............................
System Contact...............................
Wireless_administrator
System ObjectID..............................
1.3.6.1.4.1.14179
IP Address...................................
System Up Time...............................
30 mins 1 secs
IT2003
Andrew 1
Configured Country...........................
Operating Environment........................
to 40 C)
Internal Temp Alarm Limits...................
Internal Temperature.........................
United States
Commercial (0
172.168.2.36
2 days 11 hrs
0 to 65 C
+38 C
Nortel 2200 Series Product Guide
374 show syslog
State of 802.11b Network.....................
State of 802.11a Network.....................
Number of WLANs..............................
3rd Party Access Point Support...............
Number of Active Clients.....................
Enabled
Enabled
2
Disabled
1
Related Commands
config country, config wlan, config ap
show syslog
show syslog
To a show the WLAN — Security Switch (2270) SNMP trap logging status or target IP Address, use the show syslog
command.
>show syslog
Syntax
show
syslog
Display configurations.
WLAN — Security Switch (2270) SNMP trap
logging status or target IP Address.
Defaults
(none)
Examples
>show syslog
Syslog destination............................. disabled
>show syslog
Syslog destination............................. 10.10.2.7
Related Commands
config syslog
show tech-support
show tech-support
To a show WLAN — Security Switch (2270) variables frequently requested by Technical Support, use the show
tech-support command.
>show tech-support
Syntax
show
tech-support
Display configurations.
WLAN — Security Switch (2270) variables.
Defaults
(none)
Examples
>show tech-support
Current CPU Load................................. 0%
320298-A Rev 00
show time 375
System Buffers
Max Free Buffers.............................. 4608
Free Buffers.................................. 4604
Buffers In Use................................ 4
Web Server Resources
Descriptors Allocated.........................
Descriptors Used..............................
Segments Allocated............................
Segments Used.................................
System Resources
Uptime........................................
Secs
Total Ram.....................................
Kbytes
Free Ram......................................
Kbytes
Shared Ram....................................
Buffer Ram....................................
152
3
152
3
747040
127552
19540
0 Kbytes
460 Kbytes
Related Commands
(none)
show time
show time
To a show the WLAN — Security Switch (2270) time and date, use the show time command.
>show time
Syntax
show
time
Display configurations.
WLAN — Security Switch (2270) time and
date.
Defaults
(none)
Examples
>show time
Time........................................... Sun Aug 10 03:04:51
2004
Timezone delta................................. 0:0
Daylight savings............................... disabled
NTP Servers
NTP Polling Interval................... 86400
Index
NTP Server
Nortel 2200 Series Product Guide
376 show trapflags
----- ---------------------------------
Related Commands
config time
show trapflags
show trapflags
To a show the WLAN — Security Switch (2270) SNMP trap flags, use the show trapflags command.
>show trapflags
Syntax
show
trapflags
Display configurations.
WLAN — Security Switch (2270) SNMP trap
flags.
Defaults
(none)
Examples
>show trapflags
Authentication Flag............................
Link Up/Down Flag..............................
Multiple Users Flag............................
Spanning Tree Flag.............................
Enable
Enable
Enable
Enable
Client Related Traps
802.11 Disassociation..................
802.11 Deauthenticate..................
802.11 Authenticate Failure............
802.11 Association Failure.............
Excluded...............................
Disable
Disable
Disable
Disable
Disable
802.11 Security related traps
WEP Decrypt Error...................... Enable
Nortel AP
Register............................... Enable
InterfaceUp............................ Enable
Auto-RF Profiles
Load..................................
Noise.................................
Interference..........................
Coverage..............................
Enable
Enable
Enable
Enable
Auto-RF Thresholds
tx-power.............................. Enable
channel............................... Enable
antenna............................... Enable
320298-A Rev 00
show traplog 377
AAA
auth.................................. Enable
servers............................... Enable
rogueap....................................... Enable
wps.......................................... Enable
configsave................................... Enable
IP Security
esp-auth.............................
esp-replay...........................
invalidSPI...........................
ike-neg..............................
suite-neg............................
invalid-cookie.......................
Enable
Enable
Enable
Enable
Enable
Enable
Related Commands
config trapflags authentication, config trapflags linkmode, config trapflags multiusers,
config trapflags stpmode, config trapflags client, config trapflags ap, config trapflags
rrm-profile, config trapflags rrm-params, config trapflags aaa, config trapflags rogueap,
config trapflags configsave, config trapflags ipsec, show traplog
show traplog
show traplog
To a show the WLAN — Security Switch (2270) SNMP trap log, use the show traplog command.
>show traplog
Syntax
show
traplog
Display configurations.
WLAN — Security Switch (2270) SNMP trap
log.
Defaults
(none)
Examples
>show traplog
Number of Traps Since Last Reset ............ 1316
Number of Traps Since Log Last Displayed .... 6
Log System Time
Trap
--- ------------------------ ------------------------------------------0 Sun Aug 10 03:13:03 2003 Rogue
AP: 00:0b:85:01:2f:90 removed from AP:0
Nortel 2200 Series Product Guide
378 show watchlist
0:0b:85:01:18:b0 Interface no:1
(unknowntype)
1 Sun Aug 10 03:10:06 2003 Rogue
AP: 00:0b:85:01:02:40 removed from AP:0
0:0b:85:01:18:b0 Interface
no:1(unknowntype)
2 Sun Aug 10 03:10:06 2003 Rogue
AP: 00:0b:85:01:4c:90 removed from AP:0
0:0b:85:01:18:b0 Interface
no:1(unknowntype)
3 Sun Aug 10 03:07:53 2003 Rogue
AP: 00:0b:85:01:2e:30 detected on AP:00
:0b:85:01:18:b0 Interface
no:1(unknown
type) with RSSI: -66 and SNR:
29
4 Sun Aug 10 03:05:53 2003 Rogue
AP: 00:40:96:40:82:89 detected on AP:
00:0b:85:01:18:b0 Interface
no:1(unknown
type) with RSSI: -68 and SNR:
27
Would you like to display more entries? (y/n)
Related Commands
show trapflags
show watchlist
show watchlist
To display the client watchlist, use the show watchlist command.
>show watchlist
Syntax
show
watchlist
Command action.
Display client watchlist entry.
Defaults
(none)
Examples
>show watchlist
client watchlist state is disabled
Related Commands
config watchlist delete, config watchlist enable/disable, config watchlist add
320298-A Rev 00
show wlan 379
show wlan
show wlan
To show a summary of the WLAN — Security Switch (2270) WLANs and their status, use the show wlan summary
command.
>show wlan <WLAN id>
Syntax
show
wlan
summary
<WLAN id>
Display configurations.
Wireless LAN.
Displays a summary of all WLANs.
Nortel WLAN 1 through 16
Defaults
(none)
Examples
>show wlan 1
WLAN Identifier.............................
Network Name (SSID).........................
Status......................................
MAC Filtering...............................
AAA Policy Override.........................
1
Controller
Enabled
Disabled
Disabled
External Policy Server...................... Disabled
Number of Active Clients....................
Exclusionlist...............................
Session Timeout.............................
Interface...................................
DHCP Server.................................
Quality of Service..........................
1
Disabled
Infinity
management
10.1.2.119
Bronze (low)
WME......................................... Allowed
Wired Protocol.............................. None
Radio Policy................................ All
Security
802.11 Authentication:................... Open System
(Allow shared key)
Static WEP Keys.......................... Enabled
Key Index:................................. 1
Encryption:................................ 104-bit
WEP
802.1X................................... Disabled
Wi-Fi Protected Access................... Disabled
Robust Secure Network.................... Disabled
IP Security.............................. Disabled
IP Security Passthru..................... Disabled
L2TP..................................... Disabled
Web Based Authentication................. Disabled
Cranite Passthru......................... Disabled
Fortress Passthru........................ Disabled
Nortel 2200 Series Product Guide
380 show wlan summary
Related Commands
config wlan blacklist, config wlan create, config wlan delete, config wlan dhcp_server,
config wlan disable, config wlan enable, config wlan mac-filtering, config wlan qos,
config wlan radio, config wlan security 802.1X, config wlan security 802.1X encryption,
config wlan security cranite, config wlan security ipsec, config wlan security ipsec authentication, config wlan security ipsec encryption, config wlan security ipsec ike
authentication, config wlan security ipsec ike DH-Group, config wlan security ipsec ike
lifetime, config wlan security ipsec ike phase1, config wlan security passthru, config wlan
security static-wep-key, config wlan security static-wep-key encryption, config wlan
security web, config wlan security web passthru, config wlan security wpa, config wlan
security wpa encryption, config wlan timeout, config wlan vlan
show wlan summary
show wlan summary
To show a summary of the WLAN — Security Switch (2270) WLANs and their status, use the show wlan summary
command.
>show wlan summary
Syntax
show
wlan
summary
Display configurations.
Wireless LAN.
WLAN — Security Switch (2270) Virtual
Gateway IP Address.
Defaults
(none)
Examples
>show wlan summary
WLAN ID WLAN Name
------- ---------------------1
Controller
2
Marketing
Status
--------Enabled
Enabled
Related Commands
config wlan summary
show wps signature summary
show wps signature summary
To show installed signatures of the Wireless Protection System (WPS) Peer Management, use the show wps signature
summary command.
>show wps signature
Syntax
show
wps
signature summary
320298-A Rev 00
Display configurations.
Wireless Protection System Peer
Management.
Installed signatures.
show wps summary 381
Defaults
(none)
Example
>show wps signature summary
Precedence...................................... 1
Signature Name.................................. Bcast
deauth
Type............................................ Standard
Frame Type...................................... Management
State........................................... Enabled
Action.......................................... report
Frequency....................................... 30 pkts/sec
Quiet Time...................................... 300 sec
Description..................................... Broadcast
Deauthentication Frame
Patterns:
0:0x01:0xx01
4:0x01:0x01...........
...............
--More-- or (q)uit
Related Commands
config wps signature, config wps client-exclusion, config wps rogue-ap
show wps summary
show wps summary
To show a summary of the Wireless Protection System (WPS) Peer Management Configuration, use the show wps
summary command.
>show wps summary
Syntax
show
wps
summary
Display configurations.
Wireless Protection System Management.
Summary of WPS manager.
Defaults
(none)
Example
>show wps summary
Client Exclusion Policy
Excessive 802.11-association failures..................... Enabled
Excessive 802.11-authentication failures.................. Enabled
Nortel 2200 Series Product Guide
382 show wps summary
Excessive 802.1x-authentication........................... Enabled
External policy server
failure............................ Enabled
IP-theft.................................................
. Enabled
Excessive Web authentication
failure...................... Enabled
Trusted AP Policy
Mis-configured AP
Action.................................. Alarm Only
Enforced encryption policy..............................
Enforced preamble policy................................
Enforced radio type policy..............................
Validate SSID...........................................
Disabled
Alert if Trusted AP is missing............................
Disabled
Trusted AP timeout........................................
none
none
none
120
Untrusted AP Policy
Rogue Location Discover
Protocol.......................... Disabled
RLDP Action.............................................
Only
Rogue APs
Automatically contain rogues advertising................
Only
Detect Ad-Hoc Networks..................................
Only
Rogue Clients
Validate rogue clients against AAA......................
Disabled
Detect trusted clients on rogue APs.....................
Only
Rogue AP timeout..........................................
Alarm
Alarm
Alarm
Alarm
1200
Signature Policy
Signature Processing......................................
Enabled
Related Commands
config wps client-exclusion 802.11-auth, config wps client-exclusion 802.1x-auth, config
wps client-exclusion all, config wps client-exclusion external-policy, config wps
client-exclusion ip-theft, config wps client-exclusion web-auth, config wps rogue-ap aaa,
config wps rogue-ap adhoc, config wps rogue-ap rldp, config wps rogue-ap ssid, config
wps rogue-ap timeout, config wps rogue-ap valid-client, config wps rogue-ap encryption,
config wps rogue-ap misconfigured-ap, config wps rogue-ap missing-ap, config wps
rogue-ap preamble, config wps rogue-ap radio, config wps signature, show wps summary.
320298-A Rev 00
Setting Configurations 383
Setting Configurations
Setting Configurations
Use the following config commands to configure WLAN — Security Switch (2270) options and settings.
•
“config 802.11a” on page 385
•
“config 802.11b” on page 392
•
“config aepi” on page 402
•
“config acl” on page 402
•
“config advanced 802.11a” on page 403
•
“config advanced 802.11b” on page 418
•
“config advanced client-handoff” on page 434
•
“config advanced statistics” on page 434
•
“config advanced timers” on page 434
•
“config ap” on page 436
•
“config exclusionlist” on page 445
•
“config boot” on page 445
•
“config certificate” on page 446
•
“config client deauthenticate” on page 446
•
“config country” on page 447
•
“config custom-web” on page 447
•
“config dhcp” on page 448
•
“config known ap” on page 449
•
“config interface” on page 449
•
“config load-balancing” on page 453
•
“config loginsession close” on page 453
•
“config macfilter” on page 454
•
“config mgmtuser” on page 458
•
“config mirror” on page 460
•
“config mobility” on page 462
•
“config msglog level” on page 463
•
“config netuser” on page 466
•
“config network” on page 469
•
“config port” on page 476
•
“config prompt” on page 480
•
“config qos queue_length” on page 481
Nortel 2200 Series Product Guide
384 config rogue ap
•
“config radius acct” on page 481
•
“config radius auth” on page 483
•
“config radius backward compatibility” on page 485
•
“config radius callStationIdType” on page 486
•
“config rogue ap” on page 486
•
“config rogue adhoc” on page 487
•
“config rogue client” on page 487
•
“config route” on page 488
•
“config serial” on page 489
•
“config sessions” on page 490
•
“config snmp community” on page 491
•
“config snmp syscontact” on page 494
•
“config snmp syslocation” on page 494
•
“config snmp trapreceiver” on page 494
•
“config snmp v3user” on page 496
•
“config snmp version” on page 497
•
“config spanning tree port” on page 498
•
“config spanningtree switch” on page 500
•
“config switchconfig” on page 503
•
“config syslog” on page 504
•
“config sysname” on page 504
•
“config time” on page 504
•
“config trapflags” on page 505
•
“config watchlist” on page 512
•
“config wlan” on page 513
•
“config wps” on page 532
config rogue ap
config rogue ap
To configure the status of a rogue access point, use the config rogue ap command.
>config rogue ap <acknowledged/alert/contain/known> <MAC address> <num
of APs>
Syntax
config
rogue ap
320298-A Rev 00
Configure parameters.
Rogue AP status.
Config 802.11A Commands 385
acknowledged
alert
contain
known
<MAC address>
<num of APs>
This AP has been identified and belongs to an
external network.
This AP has not been identified. Generates a
trap upon detection of this access point.
Start containing a rogue access point.
This AP has been identified and is part of an
internal network.
MAC address of the AP.
Number of APs.
Defaults
(none)
Example
>config rogue ap acknowledge 11:11:11:11:11:11
Related Commands
•
show rogue ap summary, show rogue ap detailed
Config 802.11A Commands
config 802.11a
Use the following config 802.11a commands:
•
“config 802.11a antMode” on page 385
•
“config 802.11a beaconperiod” on page 386
•
“config 802.11a channel” on page 386
•
“config 802.11a disable” on page 387
•
“config 802.11a dtim” on page 388
•
“config 802.11a fragmentation” on page 389
•
“config 802.11a enable” on page 389
•
“config 802.11a fast-roaming” on page 390
•
“config 802.11a rate” on page 391
•
“config 802.11a txPower” on page 391
config 802.11a antMode
config 802.11a antMode
To configure the WLAN — Access Port (223x) to use one internal antenna for an 802.11a sectorized 180-degree
coverage pattern, or both internal antennas for an 802.11a 360-degree omnidirectional pattern, use the config 802.11a
antMode command.
>config 802.11a antMode <Nortel WLAN — AP> <omni/sectorA/sectorB>
Syntax
config
802.11a antMode
Configure parameters.
Antenna for 802.11a Nortel Networks Radio.
Nortel 2200 Series Product Guide
386 config 802.11a beaconperiod
<Nortel WLAN — AP>
omni
sectorA
sectorB
Nortel WLAN — Access Port (223x) name.
Use both internal antennas.
Use only the Side A internal antenna.
Use only the Side B internal antenna.
Defaults
internal
Examples
>config 802.11a antMode AP1 omni
Related Commands
show ap config 802.11a, config 802.11b antMode
config 802.11a beaconperiod
config 802.11a beaconperiod
In Nortel 802.11a networks, all WLAN — Access Port (223x) WLANs broadcast a beacon at regular intervals. This
beacon notifies clients that 802.11a service is available, and allows the clients to synchronize with the WLAN — Access
Port (223x). To change the 802.11a beacon period for the whole 802.11a network, use the config 802.11a beaconperiod
command.
Before you change the beacon period using the config 802.11a beaconperiod command, ensure that you have disabled
the 802.11a network using the config 802.11a disable command. When you are done changing the beacon period,
remember to enable the 802.11a network using the config 802.11a enable command.
>config 802.11a beaconperiod <Time Units>
Syntax
config
802.11a
beaconperiod
<time units>
Configure parameters.
802.11a network parameters.
Send a beacon every 100 to 600
milliseconds.
Beacon interval in milliseconds.
Defaults
100 milliseconds
Examples
>config 802.11a beaconperiod 120
to configure an 802.11a network for a beacon period of 120 milliseconds.
Related Commands
show 802.11a, config 802.11b beaconperiod, config 802.11a disable, config 802.11a
enable
config 802.11a channel
config 802.11a channel
To configure an 802.11a network for automatic or manual channel selection, use the config 802.11a channel command.
When configuring 802.11a channels for a single WLAN — Access Port (223x), use the config 802.11a disable command
to disable the 802.11a network. Then use the config 802.11a channel command to set automatic channel selection by
320298-A Rev 00
config 802.11a disable 387
management software or manually set the channel for the 802.11a Nortel Networks Radio. Then enable the 802.11a
network using the config 802.11a enable command.
>config 802.11a channel {global <auto/once/off>}/{<WLAN — Access Port
(223x)> <global/channel #>}
Syntax
config
Configure parameters.
802.11a channel
Nortel Networks Radio channel number.
global
Global channel control.
<WLAN — Access Port (223x)>Name of WLAN — Access Port (223x) or
global setting for all WLAN — Access Ports
(223x).
Defaults
(none)
Examples
To have management software automatically configure all 802.11a channels based on
availability and interference:
>config 802.11a channel global auto
To have management software automatically reconfigure all 802.11a channels one time
based on availability and interference:
>config 802.11a channel global once
To turn 802.11a management software automatic configuration off:
>config 802.11a channel global off
To configure all 802.11a channels in AP1:
>config 802.11a channel AP1 global
To configure 802.11a channel 36 in AP1:
>config 802.11a channel AP1 36
Related Commands
show 802.11a, config 802.11a disable, config 802.11a enable, config 802.11b channel
config 802.11a disable
config 802.11a disable
To disable 802.11a transmission, use the config 802.11a disable command.
Disable 802.11a transmissions for the whole network or for an individual Nortel Networks Radio using the config
802.11a disable command.
Note that you must use this command to disable the network before using many config 802.11a commands.
This command can be used any time the CLI interface is active.
>config 802.11a disable {network/<WLAN — Access Port (223x)>}
Nortel 2200 Series Product Guide
388 config 802.11a dtim
Syntax
config
Configure parameters.
802.11a
802.11a network parameters.
disable
Disable 802.11a.
network
Whole network.
<WLAN — Access Port (223x)>Override the network setting for an
individual <WLAN — Access Port (223x)>
Nortel Networks Radio.
Defaults
Network = enabled.
Examples
To disable the whole 802.11 a network:
>config 802.11a disable network
To disable AP1 802.11a transmissions:
>config 802.11a disable AP1
Related Commands
show sysinfo, show 802.11a, config 802.11a enable, config 802.11b disable, config
802.11b enable, config 802.11a beaconperiod
config 802.11a dtim
config 802.11a dtim
In 802.11 networks, the WLAN — Access Port (223x) WLANs broadcast a beacon at regular intervals, which coincides
with the DTIM (Delivery Traffic Indication Map). After the DTIM, if the WLAN — Access Port (223x) has any frames
buffered for broadcast or multicast, it transmits the buffered frames. This protocol allows power-saving clients to wake
up at the appropriate time if they are expecting broadcast or multicast data.
Normally, the DTIM value is set to 1 (transmit broadcast and multicast after every beacon) or 2 (transmit after every
other beacon). For instance, if the beaconperiod is 100 ms, and the DTIM value is set to 1, the WLAN — Access Port
(223x) transmits buffered broadcast and multicast frames 10 times a second; if the beaconperiod is 100 ms, and the
DTIM value is set to 2, the WLAN — Access Port (223x) transmits buffered broadcast and multicast frames five times a
second; either of these settings may be suitable for applications, including VoIP, that expect frequent broadcast and
multicast frames.
However, the DTIM value can be set as high as 255 (transmit broadcast and multicast after every 255th beacon), if all
802.11a clients have power save enabled. Because the clients only have to listen when the DTIM time is reached, they
can be set to listen for broadcasts and multicasts less frequently, resulting in longer battery life. For instance, if the
beaconperiod is 100 ms, and the DTIM value is set to 100, the WLAN — Access Port (223x) transmits buffered
broadcast and multicast frames once every 10 seconds, allowing the power saving clients to sleep longer between
periods when they have to wake up and listen for broadcasts and multicasts, resulting in longer battery life.
Many applications cannot tolerate a long time between broadcast and multicast messages, resulting in poor protocol and
application performance. A low DTIM value is indicated for 802.11a networks that support such clients.
To change the DTIM value for the whole 802.11a network, use the config 802.11a dtim command.
>config 802.11a dtim <value>
320298-A Rev 00
config 802.11a fragmentation 389
Syntax
config
802.11a
dtim
<value>
Configure parameters.
802.11a network parameters.
Delivery Traffic Indication Map.
DTIM value in number of beaconperiods.
Defaults
1 (every beaconperiod)
Examples
>config 802.11a dtim 2
to configure the 802.11a network to transmit multicast and broadcast messages every
other DTIM, or beaconperiod.
Related Commands
show 802.11a, config 802.11a beaconperiod, config 802.11b dtim, config 802.11a disable,
config 802.11a enable
config 802.11a fragmentation
config 802.11a fragmentation
To configure the 802.11a fragmentation threshold, use the config 802.11a fragmentation command.
This command can only be used when the network is not operational.
>config 802.11a fragmentation <threshold>}
Syntax
config
802.11a
fragmentation
<threshold>
Configure parameters.
802.11a network parameters.
Fragmentation threshold.
Fragmentation threshold value.
Defaults
None.
Example
>config 802.11a fragmentation 6500
Related Commands
config 802.11b fragmentation, show 802.11b, show ap auto-rtf
config 802.11a enable
config 802.11a enable
Enable 802.11a transmissions for the whole network or for an individual WLAN — Access Port (223x) using the config
802.11a enable command. You must use this command to enable the network after configuring other 802.11a
parameters.
Note that this command only enables the Nortel 802.11a network. To disable the 802.11a, 802.11b and/or 802.11g
networks for an individual WLAN, use the config wlan radio command.
This command can be used any time the CLI interface is active.
Nortel 2200 Series Product Guide
390 config 802.11a fast-roaming
>config 802.11a enable {network/<WLAN — Access Port (223x)>}
Syntax
config
Configure parameters.
802.11a
802.11a network parameters.
enable
Enable 802.11a.
network
For the whole network.
<WLAN — Access Port (223x)>Override the network setting for an
individual <WLAN — Access Port (223x)>
Nortel Networks Radio.
Defaults
Network = enabled.
Examples
To enable the whole 802.11a network:
>config 802.11a enable network
To enable AP1 802.11a transmissions:
>config 802.11a enable AP1
Related Commands
show sysinfo, show 802.11a, config wlan radio, config 802.11a disable, config 802.11b
disable, config 802.11b enable, config 802.11b 11gSupport enable, config 802.11b
11gSupport disable
config 802.11a fast-roaming
config 802.11a fast-roaming
To configure the 802.11a fast roaming extensions, use the config 802.11a fast-roaming command.
>config 802.11a fast-roaming <enable/disable/voip-minrate{AP mac
address/1, 2, 5.5, 11 Mbps}/voip-percentage{0, 25, 50, or 100}>}
Syntax
config
802.11a
fast-roaming
<enable/disable>
voip-minrate
voip-percentage
Configure parameters.
802.11a network parameters.
Fast roaming feature.
Enable or disable.
Voice over internet AP mac address and rate
Voice over internet percentage
Defaults
(None.)
Examples
>config 802.11a fast-roaming enable
>config 802.11a fast-roaming voip-percentage 50
320298-A Rev 00
config 802.11a rate 391
Related Commands
config 802.11b fast-roaming, config 802.11a fast-roaming, show 802.11a
config 802.11a rate
config 802.11a rate
To set 802.11a mandatory and supported operational rates, use the config 802.11a rate command.
Note: The data rates set here are negotiated between the client and the WLAN — Security Switch (2270).
If the data rate is set to Mandatory, the client must support it in order to use the network.
If a data rate is set as Supported by the WLAN — Security Switch (2270), any associated client that also
supports that rate may communicate with the Nortel WLAN — Access Port (223x) using that rate. But it is
not required that a client be able to use all the rates marked Supported in order to associate.
>config 802.11a rate <disabled/mandatory/supported> <rate>
Syntax
config
Configure parameters.
802.11a
802.11a network parameters.
rate
Data rate.
disabled/mandatory/supported
See Note above.
rate
6000, 9000, 12000, 18000, 24000, 36000,
48000, or 54000 Kbps.
Defaults
(none)
Examples
To set 802.11a transmission at a mandatory rate at 12000 Kbps:
>config 802.11a rate mandatory 12000
Related Commands
show ap config 802.11a, config 802.11b rate
config 802.11a txPower
config 802.11a txPower
To configure the 802.11a Tx (Transmit) Power Level, use the config 802.11a txPower command.
>config 802.11a txPower {global <auto/power level #>}/{<AP Name>
<global/power level #>}
Syntax
config
802.11a
txPower
global
auto
<AP Name>
power level #
Configure parameters.
802.11a network parameters.
Transmit power parameter.
All WLAN — Access Ports (223x).
Periodic management software automatic
configuration.
Nortel WLAN — Access Port (223x) name.
Transmit power level number.
Nortel 2200 Series Product Guide
392 Config 802.11B Commands
Note: The 802.11a Nortel Networks Radio currently supports five transmit power levels:
1 = Maximum transmit power level allowed per Country Code setting, 2 = 50% power,
3 = 25% power, 4 = 6.25 to 12.5% power, and 5 = 0.195 to 6.25% power.
Refer to Nortel 2200 Series Supported Regulatory Domains in the Nortel 2200 Series Product Guide
for the maximum regulatory Transmit Power Level Limits published for each Country Code. Note
that the power levels and available channels are defined by the Country Code setting, and are
regulated on a country by country basis. Also note that the actual maximum transmit power levels
may be less than the published regulatory limits.
Defaults
Global, Auto.
Examples
To have management software automatically set the transmit power for all 802.11a Nortel
Networks Radios at periodic intervals:
>config 802.11a txPower global auto
To set transmit power for all 802.11a Nortel Networks Radios to power level 5 (lowest):
>config 802.11a txPower global 5
To set transmit power for 802.11a AP1 to global:
>config 802.11a txPower AP1 global
To set transmit power for 802.11a AP1 to power level 2:
>config 802.11a txPower AP1 2
Related Commands
show ap config 802.11a, config 802.11b txPower, config country
Config 802.11B Commands
config 802.11b
Use the following config 802.11b command:
•
“config 802.11b 11gSupport” on page 393
•
“config 802.11b antenna” on page 393
•
“config 802.11b beaconperiod” on page 394
•
“config 802.11b channel” on page 395
•
“config 802.11b disable” on page 396
•
“config 802.11b diversity” on page 396
•
“config 802.11b dtim” on page 397
•
“config 802.11b fragmentation” on page 398
•
“config 802.11b enable” on page 398
320298-A Rev 00
config 802.11b 11gSupport 393
•
“config 802.11b fast-roaming” on page 399
•
“config 802.11b preamble” on page 400
•
“config 802.11b rate” on page 400
•
“config 802.11b txPower” on page 401
config 802.11b 11gSupport
config 802.11b 11gSupport
After enabling the Nortel 802.11b network using the config 802.11b enable command, enable or disable the Nortel
802.11g network using the config 802.11b 11gSupport command. Note that you must use this command to enable the
network after configuring other 802.11b parameters.
Note that this command only enables the Nortel 802.11g network after the Nortel 802.11b network is enabled using the
config 802.11b enable command. To disable the 802.11a, 802.11b and/or 802.11g networks for an individual WLAN,
use the config wlan radio command.
This command can be used any time the CLI interface is active.
>config 802.11b 11gSupport {enable/disable}
Syntax
config
Configure parameters.
802.11b
802.11b network parameters.
11gSupport
Support for the 802.11g network.
enable/disable
Enable or disable 802.11b/g.
<WLAN — Access Port (223x)>To override the network setting for individual <WLAN — Access Port (223x)> Nortel
Networks Radio.
Defaults
Enabled.
Examples
>config 802.11b 11gSupport enable
Changing the 11gSupport will cause all the APs to reboot when
you enable 802.11b network.
Are you sure you want to continue? (y/n) n
11gSupport not changed!
Related Commands
show sysinfo, show 802.11b, config 802.11b enable, config wlan radio, config 802.11b
disable, config 802.11a disable, config 802.11a enable
config 802.11b antenna
config 802.11b antenna
To configure the 802.11b/g antenna, use the config 802.11b antenna command.
Use the config 802.11b disable command to disable the 802.11b/g Nortel Networks Radio before using the config
802.11b antenna command. Then use the config 802.11b antenna command to configure the WLAN — Access Port
(223x) to use internal or external antennas. Then use the config 802.11b enable command to enable the 802.11b/g Nortel
Networks Radio.
Nortel 2200 Series Product Guide
394 config 802.11b beaconperiod
>config 802.11b antenna <WLAN — Access Port (223x)> <internal/
external>
Syntax
config
802.11b antenna
Configure parameters.
Antennas for 802.11b/g Nortel Networks
Radio.
<WLAN — Access Port (223x)> WLAN — Access Port (223x) name.
<internal/external>
Configure for internal or external antennas.
Defaults
Internal.
Examples
>config 802.11b antenna AP1 internal
to set AP1 to use the 802.11b/g internal antennas.
Related Commands
config 802.11b disable, config 802.11b enable, config 802.11a antMode
config 802.11b beaconperiod
config 802.11b beaconperiod
In Nortel 802.11b/g networks, all WLAN — Access Port (223x) WLANs broadcast a beacon at regular intervals. This
beacon notifies clients that 802.11b/g service is available, and allows the clients to synchronize with the WLAN —
Access Port (223x). To change the 802.11b/g beacon period for the whole 802.11b/g network, use the config 802.11b
beaconperiod command.
Before you change the beacon period using the config 802.11b beaconperiod command, ensure that you have disabled
the 802.11b/g network using the config 802.11b disable command. When you are done changing the beacon period,
remember to enable the 802.11b/g network using the config 802.11b enable command.
>config 802.11b beaconperiod <Time Units>
Syntax
config
802.11b
beaconperiod
<time units>
Configure parameters.
802.11b/g network parameters.
Send a beacon every 100 to 600
milliseconds.
Beacon interval in milliseconds.
Defaults
100 milliseconds.
Examples
To configure an 802.11b/g network for a beacon period of 180 milliseconds.
>config 802.11b beaconperiod 180
Related Commands
show 802.11a, config 802.11a beaconperiod, config 802.11b disable, config 802.11b
enable
320298-A Rev 00
config 802.11b channel 395
config 802.11b channel
config 802.11b channel
To configure the 802.11b/g network for automatic or manual channel selection, use the config 802.11b channel
command.
When configuring 802.11b/g channels for a single WLAN — Access Port (223x), use the config 802.11b disable
command to disable the 802.11b/g network. Then use the config 802.11b channel command to set automatic channel
selection by management software or manually set the channel for the 802.11b/g Nortel Networks Radio. Then enable
the 802.11b/g network using the config 802.11b enable command.
>config 802.11b channel {global <auto/once/off>}/{<WLAN — Access Port
(223x)> <global/channel #>}
Syntax
config
802.11b channel
Configure parameters.
802.11b/g Nortel Networks Radio channel
number.
global
Global channel control.
<WLAN — Access Port (223x)>Name of WLAN — Access Port (223x) or
global setting for all WLAN — Access Ports
(223x).
Defaults
(none)
Examples
To have management software automatically configure all 802.11b/g channels based on
availability and interference:
>config 802.11b channel global auto
To have management software automatically reconfigure all 802.11b/g channels one time
based on availability and interference:
>config 802.11b channel global once
To turn 802.11b/g management software automatic configuration off:
>config 802.11b channel global off
To have AP1 use the global (whole network) settings.
>config 802.11b channel AP1 global
To have AP1 start and continue using channel 11.
>config 802.11b channel AP1 channel 11
Note: Only channels 1, 6 and 11 are nonoverlapping.
Related Commands
show 802.11b, config 802.11b disable, config 802.11b enable, config 802.11a channel
Nortel 2200 Series Product Guide
396 config 802.11b disable
config 802.11b disable
config 802.11b disable
Disable or enable 802.11b/g transmissions for the whole network or for an individual Nortel Networks Radio using the
config 802.11b disable command.
Note that you must use this command to disable the network before using other config 802.11b commands.
This command can be used any time the CLI interface is active.
>config 802.11b disable <enable/disable>{network/<WLAN — Access Port
(223x)>}
Syntax
config
Configure parameters.
802.11b
802.11b/g network parameters.
disable
Disable 802.11b/g.
enable/disable
Enable or disable.
network
Whole network.
<WLAN — Access Port (223x)>Override the network setting for an
individual <WLAN — Access Port (223x)>
Nortel Networks Radio.
Defaults
Enabled.
Examples
>config 802.11b disable network
to disable the whole 802.11b/g network.
>config 802.11b disable AP1
to disable AP1 802.11b/g transmissions.
Related Commands
show sysinfo, show 802.11b, config 802.11a disable, config 802.11a enable, config
802.11b enable, config 802.11b beaconperiod
config 802.11b diversity
config 802.11b diversity
To configure the diversity option for 802.11b/g antennas, use the config 802.11b diversity command.
>config 802.11b diversity <WLAN — Access Port (223x)> <enable/sideA/
sideB>
Syntax
config
Configure parameters.
802.11b diversity
Diversity antennas for 802.11b/g.
<WLAN — Access Port (223x)>WLAN — Access Port (223x) name.
enable
Between the two internal antennas.
sideA
Between the internal antennas and an
external antenna connected to the WLAN —
Access Port (223x) Left port.
320298-A Rev 00
config 802.11b dtim 397
sideB
Between the internal antennas and an
external antenna connected to the WLAN —
Access Port (223x) Right port.
Defaults
Enabled.
Examples
To enable diversity for AP1:
>config 802.11b diversity AP1 enable
To enable diversity for AP1 using an external antenna connected to the WLAN — Access
Port (223x) Left port (sideA).
>config 802.11b diversity AP1 sideA
Related Commands
show ap config 802.11b
config 802.11b dtim
config 802.11b dtim
In 802.11 networks, the WLAN — Access Port (223x) WLANs broadcast a beacon at regular intervals, which coincide
with the DTIM (Delivery Traffic Indication Map). After the DTIM, if the WLAN — Access Port (223x) has any frames
buffered for broadcast or multicast, it transmits the buffered frames. This protocol allows power-saving clients to wake
up at the appropriate time if they are expecting broadcast or multicast data.
Normally, the DTIM value is set to 1 (transmit broadcast and multicast after every beacon) or 2 (transmit after every
other beacon). For instance, if the 802.11b/g beaconperiod is 100 ms, and the DTIM value is set to 1, the WLAN —
Access Port (223x) transmits buffered broadcast and multicast frames 10 times a second; if the beaconperiod is 100 ms,
and the DTIM value is set to 2, the WLAN — Access Port (223x) transmits buffered broadcast and multicast frames five
times a second; either of these settings may be suitable for applications, including VoIP, that expect frequent broadcast
and multicast frames.
However, the DTIM value can be set as high as 255 (transmit broadcast and multicast after every 255th beacon), if all
802.11a clients have power save enabled. Because the clients only have to listen when the DTIM time is reached, they
can be set to listen for broadcasts and multicasts less frequently, resulting in longer battery life. For instance, if the
802.11b/g beaconperiod is 100 ms, and the DTIM value is set to 100, the WLAN — Access Port (223x) transmits
buffered broadcast and multicast frames once every 10 seconds, allowing the power saving clients to sleep longer
between periods when they have to wake up and listen for broadcasts and multicasts, resulting in longer battery life.
Note that many applications cannot tolerate a long time between broadcast and multicast messages, resulting in poor
protocol and application performance. A low DTIM value is indicated for 802.11b/g networks that support such clients.
To change the DTIM value for the whole 802.11b/g network, use the config 802.11b dtim command.
Before you change the 802.11b/g DTIM value using the config 802.11b dtim command, ensure that you have disabled
the 802.11b/g network using the config 802.11b disable command. When you are done changing the DTIM value,
remember to enable the 802.11b/g network using the config 802.11b enable command.
>config 802.11b dtim <period>
Syntax
config
Configure parameters.
Nortel 2200 Series Product Guide
398 config 802.11b fragmentation
802.11b
dtim
<period>
802.11b/g network parameters.
Delivery Traffic Indication Map.
DTIM period in number of beaconperiods.
Defaults
1 (every beaconperiod)
Examples
>config 802.11b dtim 1
to configure the 802.11b/g network to transmit multicast and broadcast messages every
DTIM, or beaconperiod.
Related Commands
show 802.11b, config 802.11b beaconperiod, config 802.11a dtim, config 802.11b disable,
config 802.11b enable
config 802.11b fragmentation
config 802.11b fragmentation
To configure the 802.11b/g fragmentation threshold, use the config 802.11b fragmentation command.
This command can only be used when the network is not operational.
>config 802.11b fragmentation <threshold>}
Syntax
config
802.11b
fragmentation
<threshold>
Configure parameters.
802.11b network parameters.
Fragmentation threshold.
Fragmentation threshold value.
Defaults
None.
Example
>config 802.11b fragmentation 6500
Related Commands
config 802.11a fragmentation, show 802.11a, show auto-rft
config 802.11b enable
config 802.11b enable
Note that you must use this command to enable the network after configuring other 802.11b parameters.
Note that this command only enables the Nortel 802.11b network. To enable the Nortel 802.11g network, you MUST
have the 802.11b network enabled, and then use the config 802.11b 11gSupport enable command. To disable the
802.11a, 802.11b and/or 802.11g networks for an individual WLAN, use the config wlan radio command.
This command can be used any time the CLI interface is active. Note that you must reboot the WLAN — Security
Switch (2270) to implement this command.
>config 802.11b enable {network/<WLAN — Access Port (223x)>}
320298-A Rev 00
config 802.11b fast-roaming 399
Syntax
config
Configure parameters.
802.11b
802.11b network parameters.
enable
Enable 802.11b. Allow support for 802.11g.
network
For the whole network.
<WLAN — Access Port (223x)>To override the network setting for individual <WLAN — Access Port (223x)> Nortel
Networks Radio.
Defaults
Enabled.
Examples
>config 802.11b enable network
to enable the whole 802.11b network and provide support for the 802.11g network.
>config 802.11b enable AP1
to enable AP1 802.11b transmissions and support AP1 802.11g transmissions.
Related Commands
show sysinfo, show 802.11b, config 802.11b 11gSupport, config wlan radio, config
802.11b disable, config 802.11a disable, config 802.11a enable
config 802.11b fast-roaming
config 802.11b fast-roaming
To configure the 802.11b/g fast roaming extensions, use the config 802.11b fast-roaming command.
>config 802.11b fast-roaming <enable/disable/voip-minrate{AP mac
address/1, 2, 5.5, 11 Mbps}/voip-percentage{0, 25, 50, or 100}>}
Syntax
config
802.11ab
fast-roaming
<enable/disable>
voip-minrate
voip-percentage
Configure parameters.
802.11ab network parameters.
Fast roaming feature.
Enable or disable.
Voice over internet AP mac address and rate
Voice over internet percentage
Defaults
(None.)
Examples
>config 802.11b fast-roaming enable
>config 802.11b fast-roaming voip-percentage 50
Related Commands
config 802.11a fast-roaming, show 802.11b
Nortel 2200 Series Product Guide
400 config 802.11b preamble
config 802.11b preamble
config 802.11b preamble
Use this command to change the 802.11b preamble as defined in subclause 18.2.2.2 to long (slower, but more reliable)
or short (faster, but less reliable). This command can be used any time the CLI interface is active.
This parameter must be set to long to optimize this WLAN — Security Switch (2270) for some clients, including SpectraLink NetLink Telephones.
Note that you must reboot the WLAN — Security Switch (2270) (reset system) with save to implement this command.
>config 802.11b preamble [short/long]
Syntax
config
802.11b
preamble
short/long
Configure parameters.
802.11b network parameters.
As defined in subclause 18.2.2.2.
Short or long 802.11b preamble.
Defaults
Short.
Examples
>config 802.11b preamble short
>(reset system with save)
>show 802.11b
Short Preamble mandatory......................... Enabled
>config 802.11b preamble long
>(reset system with save)
>show 802.11b
Short Preamble mandatory......................... Disabled
Related Commands
show 802.11b
config 802.11b rate
config 802.11b rate
To configure 802.11b/g mandatory and supported operational rates, use the config 802.11b rate command.
>config 802.11b rate <disabled/mandatory/supported> <rate>
Note: The data rates set here are negotiated between the client and the WLAN — Security Switch
(2270). If the data rate is set to Mandatory, the client must support it in order to use the network.
If a data rate is set as Supported by the WLAN — Security Switch (2270), any associated client that
also supports that rate may communicate with the Nortel WLAN — Access Port (223x) using that
rate. But it is not required that a client be able to use all the rates marked Supported in order to
associate.
Syntax
config
802.11b
320298-A Rev 00
Configure parameters.
802.11b/g network parameters.
config 802.11b txPower 401
disabled/mandatory/supported
See the Note above.
rate
1, 2, 5.5, or 11 Mbps data rate.
Defaults
(none)
Examples
To set 802.11b/g transmission at a mandatory rate at 5.5 Mbps:
>config 802.11b rate mandatory 5.5
Related Commands
show ap config 802.11b, config 802.11a rate
config 802.11b txPower
config 802.11b txPower
To configure the 802.11b/g Tx (Transmit) Power Level, use the config 802.11b txPower command.
>config 802.11b txPower {global <auto/powerLevel #>}/{<WLAN — Access
Port (223x)> <global/powerLevel #>}
Syntax
config
802.11b
txPower
global
auto/
Configure parameters.
802.11b/g network parameters.
Transmit power parameter.
All WLAN — Access Ports (223x).
Periodic management software automatic
configuration.
<WLAN — Access Port (223x)>Nortel WLAN — Access Port (223x)
name.
power level #
Transmit power level number.
Note: The WLAN — Access Port (223x) 802.11b Nortel Networks Radio currently supports
five transmit power levels: 1 = Maximum transmit power level allowed per Country Code
setting, 2 = 50% power, 3 = 25% power, 4 = 6.25 to 12.5% power, and 5 = 0.195 to 6.25%
power.
Refer to Nortel 2200 Series Supported Regulatory Domains in the Nortel 2200 Series Product Guide
Part # 320298-A for the maximum regulatory Transmit Power Level Limits published for each
Country Code. Note that the power levels and available channels are defined by the Country Code
setting, and are regulated on a country by country basis. Also note that the actual maximum transmit
power levels may be less than the published regulatory limits.
Defaults
Global, Auto.
Examples
To have management software automatically set the transmit power for all 802.11b/g
Nortel Networks Radios at periodic intervals:
Nortel 2200 Series Product Guide
402 config aepi
>config 802.11a txPower global auto
To have management software automatically reset the transmit power for all 802.11b/g
Nortel Networks Radios one time:
>config 802.11b txPower global once
To set transmit power for all 802.11b/g Nortel Networks Radios to power level 5 (lowest):
>config 802.11b txPower global 5
To set transmit power for 802.11b/g AP1 to global:
>config 802.11b txPower AP1 global
To set transmit power for 802.11b/g AP1 to power level 2:
>config 802.11b txPower AP1 2
Related Commands
show ap config 802.11b, config 802.11a txPower, config country
config aepi
config aepi
To configure External Policy Servers, use the config aepi command.
>config aepi [acl/add/delete/disable/enable] [index]
Syntax
config aepi
Command action.
acl
Configures the AEPI ACL Name.
add <index> <IP addr> <port> <secret>
Configures the External Policy Server.
delete <index>
Deletes the External Policy Server.
disable <index>
Disables the External Policy Server.
enable <index>
Enables the External Policy Server.
Defaults
N/A
Examples
>config aepi enable acl01
Related Commands
show aepi
config acl
config acl
To configure Access Control Lists, use the config acl commands.
>config acl [apply/create/delete/rule] [name]
Syntax
config acl
320298-A Rev 00
Command action.
Config Advanced 802.11A Commands 403
apply <name>
create
delete
rule
Name
Applies the ACL (name with up to 32 alphanumeric characters) to the data path.
Create a new ACL.
Delete an ACL.
Configure rules in the ACL.
ACL name.
Defaults
N/A
Examples
>config acl create acl01
Related Commands
show acl
Config Advanced 802.11A Commands
config advanced 802.11a
Use the following advanced 802.11a commands:
•
“config advanced 802.11a channel foreign” on page 404
•
“config advanced 802.11a channel load” on page 404
•
“config advanced 802.11a channel noise” on page 405
•
“config advanced 802.11a channel update” on page 405
•
“config advanced 802.11a factory” on page 406
•
“config advanced 802.11a group-mode” on page 406
•
“config advanced 802.11a logging channel” on page 407
•
“config advanced 802.11a logging coverage” on page 407
•
“config advanced 802.11a logging foreign” on page 407
•
“config advanced 802.11a logging load” on page 408
•
“config advanced 802.11a logging noise” on page 408
•
“config advanced 802.11a logging performance” on page 409
•
“config advanced 802.11a logging txpower” on page 409
•
“config advanced 802.11a monitor coverage” on page 409
•
“config advanced 802.11a monitor load” on page 410
•
“config advanced 802.11a monitor mode” on page 410
•
“config advanced 802.11a monitor noise” on page 411
•
“config advanced 802.11a monitor signal” on page 411
•
“config advanced 802.11a receiver” on page 412
•
“config advanced 802.11a txpower-update” on page 412
Nortel 2200 Series Product Guide
404 config advanced 802.11a channel foreign
•
“config advanced 802.11a profile clients” on page 413
•
“config advanced 802.11a profile coverage” on page 413
•
“config advanced 802.11a profile customize” on page 414
•
“config advanced 802.11a profile exception” on page 414
•
“config advanced 802.11a profile foreign” on page 415
•
“config advanced 802.11a profile level” on page 416
•
“config advanced 802.11a profile noise” on page 416
•
“config advanced 802.11a profile throughput” on page 417
•
“config advanced 802.11a profile utilization” on page 417
config advanced 802.11a channel foreign
config advanced 802.11a channel foreign
To have management software consider or ignore foreign 802.11a interference in making channel selection updates for
all 802.11a WLAN — Access Ports (223x), use the config advanced 802.11a channel foreign command.
>config advanced 802.11a channel foreign [enable/disable]
Syntax
config
advanced 802.11a
channel
foreign
[enable/disable]
Configure parameters.
Advanced 802.11a parameters.
management software channel selections.
Foreign interference.
Consider or ignore.
Defaults
Enabled.
Examples
>config advanced 802.11a channel foreign enable
to have management software consider foreign 802.11a interference when making channel
selection updates for all 802.11a WLAN — Access Ports (223x).
Related Commands
show advanced 802.11a channel, config advanced 802.11b channel foreign
config advanced 802.11a channel load
config advanced 802.11a channel load
To have management software consider or ignore traffic load in making channel selection updates for all 802.11a
WLAN — Access Ports (223x), use the config advanced 802.11a channel load command.
>config advanced 802.11a channel load [enable/disable]
Syntax
config
advanced 802.11a
channel
load
320298-A Rev 00
Configure parameters.
Advanced 802.11a parameters.
management software channel selections.
Traffic load.
config advanced 802.11a channel noise 405
[enable/disable]
Consider or ignore.
Defaults
Disabled.
Examples
>config advanced 802.11a channel load enable
to have management software consider traffic load when making channel selection
updates for all 802.11a WLAN — Access Ports (223x).
Related Commands
show advanced 802.11a channel, config advanced 802.11b channel load
config advanced 802.11a channel noise
config advanced 802.11a channel noise
To have management software consider or ignore non-802.11a noise in making channel selection updates for all 802.11a
WLAN — Access Ports (223x), use the config advanced 802.11a channel noise command.
>config advanced 802.11a channel noise [enable/disable]
Syntax
config
advanced 802.11a
channel
noise
[enable/disable]
Configure parameters.
Advanced 802.11a parameters.
management software channel selections.
Non-802.11a noise.
Consider or ignore.
Defaults
Disabled.
Examples
>config advanced 802.11a channel noise enable
to have management software consider non-802.11a noise when making channel selection
updates for all 802.11a WLAN — Access Ports (223x).
Related Commands
show advanced 802.11a channel, config advanced 802.11b channel noise
config advanced 802.11a channel update
config advanced 802.11a channel update
To have management software initiate a channel selection update for all 802.11a WLAN — Access Ports (223x), use the
config advanced 802.11a channel update command.
>config advanced 802.11a channel update
Syntax
config
advanced 802.11a
channel update
Configure parameters.
Advanced 802.11a parameters.
Have management software update the
channel selections.
Nortel 2200 Series Product Guide
406 config advanced 802.11a factory
Defaults
(none)
Examples
>config advanced 802.11a channel update
Related Commands
show advanced 802.11a channel, config advanced 802.11b channel update
config advanced 802.11a factory
config advanced 802.11a factory
To reset 802.11a advanced settings back to the factory defaults, use the config advanced 802.11a factory command.
>config advanced 802.11a factory
Syntax
config
advanced 802.11a
factory
Configure parameters.
Advanced 802.11a parameters.
Return all 802.11a advanced settings to their
factory defaults.
Defaults
(none)
Examples
>config advanced 802.11a factory
Related Commands
show advanced 802.11a channel
config advanced 802.11a group-mode
config advanced 802.11a group-mode
To set the 802.11a automatic RF group selection mode on or off, use the config advanced 802.11a group-mode
command.
>config advanced 802.11a group-mode <auto/off>
Syntax
config
advanced 802.11a
group-mode
auto/off
Configure parameters.
Advanced 802.11a parameters.
Nortel Networks Radio RF grouping.
Sets to automatic or disables.
Defaults
Auto.
Examples
To turn the 802.11a automatic RF group selection mode on:
>config advanced 802.11a group-mode auto
To turn the 802.11a automatic RF group selection mode off:
320298-A Rev 00
config advanced 802.11a logging channel 407
>config advanced 802.11a group-mode off
Related Commands
show advanced 802.11a group, config advanced 802.11b group-mode
config advanced 802.11a logging channel
config advanced 802.11a logging channel
To turn the channel change logging mode on or off, use the config advanced 802.11a logging channel command.
>config advanced 802.11a logging channel <on/off>
Syntax
config
advanced 802.11a
logging channel
<on/off>
Configure parameters.
Advanced 802.11a parameters.
Log channel changes.
Enable or Disable logging.
Defaults
Off (disabled).
Examples
>config advanced 802.11a logging channel on
Related Commands
show advanced 802.11a logging, config advanced 802.11b logging channel
config advanced 802.11a logging coverage
config advanced 802.11a logging coverage
To turn the channel change logging mode on or off, use the config advanced 802.11a logging channel command.
>config advanced 802.11a logging coverage <on/off>
Syntax
config
advanced 802.11a
logging coverage
<on/off>
Configure parameters.
Advanced 802.11a parameters.
Log coverage changes.
Enable or Disable logging
Defaults
Off (disabled).
Examples
>config advanced 802.11a logging coverage on
Related Commands
show advanced 802.11a logging, config advanced 802.11b logging coverage
config advanced 802.11a logging foreign
config advanced 802.11a logging foreign
To turn the channel change logging mode on or off, use the config advanced 802.11a logging channel command.
>config advanced 802.11a logging foreign <on/off>
Nortel 2200 Series Product Guide
408 config advanced 802.11a logging load
Syntax
config
advanced 802.11a
logging foreign
<on/off>
Configure parameters.
Advanced 802.11a parameters.
Log foreign changes.
Enable or Disable logging
Defaults
Off (disabled).
Examples
>config advanced 802.11a logging foreign on
Related Commands
show advanced 802.11a logging, config advanced 802.11b logging foreign
config advanced 802.11a logging load
config advanced 802.11a logging load
To turn the channel change logging mode on or off, use the config advanced 802.11a logging channel command.
>config advanced 802.11a logging load <on/off>
Syntax
config
advanced 802.11a
logging load
<on/off>
Configure parameters.
Advanced 802.11a parameters.
Log load changes.
Enable or Disable logging
Defaults
Off (disabled).
Examples
>config advanced 802.11a logging load on
Related Commands
show advanced 802.11a logging, config advanced 802.11b logging load
config advanced 802.11a logging noise
config advanced 802.11a logging noise
To turn the channel change logging mode on or off, use the config advanced 802.11a logging channel command.
>config advanced 802.11a logging noise <on/off>
Syntax
config
advanced 802.11a
logging noise
<on/off>
Defaults
Off (disabled).
320298-A Rev 00
Configure parameters.
Advanced 802.11a parameters.
Log noise changes.
Enable or Disable logging
config advanced 802.11a logging performance 409
Examples
>config advanced 802.11a logging noise on
Related Commands
show advanced 802.11a logging, config advanced 802.11b logging noise
config advanced 802.11a logging performance
config advanced 802.11a logging performance
To turn the channel change logging mode on or off, use the config advanced 802.11a logging performance command.
>config advanced 802.11a logging performance <on/off>
Syntax
config
advanced 802.11a
logging performance
<on/off>
Configure parameters.
Advanced 802.11a parameters.
Log performance changes.
Enable or Disable logging.
Defaults
Off (disabled).
Examples
>config advanced 802.11a logging performance on
Related Commands
show advanced 802.11a logging, config advanced 802.11b logging performance
config advanced 802.11a logging txpower
config advanced 802.11a logging txpower
To turn the transmit power change logging mode on or off, use the config advanced 802.11a logging txpower command.
>config advanced 802.11a logging txpower <on/off>
Syntax
config
advanced 802.11a
logging txpower
<on/off>
Configure parameters.
Advanced 802.11a parameters.
Log power changes.
Enable or disable logging.
Defaults
Off (disabled).
Examples
>config advanced 802.11a logging txpower off
Related Commands
show advanced 802.11a logging, config advanced 802.11b logging power
config advanced 802.11a monitor coverage
config advanced 802.11a monitor coverage
To set the coverage measurement interval between 60 and 3600 seconds, use the config advanced 802.11a monitor
coverage command.
Nortel 2200 Series Product Guide
410 config advanced 802.11a monitor load
>config advanced 802.11a monitor coverage <seconds>
Syntax
config
advanced 802.11a
monitor coverage
<seconds>
Configure parameters.
Advanced 802.11a parameters.
Monitor coverage interval.
60 to 3600 seconds.
Defaults
180 seconds.
Examples
>config advanced 802.11a monitor coverage 60
to set the coverage measurement interval to 60 seconds.
Related Commands
show advanced 802.11a monitor, config advanced 802.11b monitor coverage
config advanced 802.11a monitor load
config advanced 802.11a monitor load
To set the load measurement interval between 60 and 3600 seconds, use the config advanced 802.11a monitor load
command.
>config advanced 802.11a monitor load <seconds>
Syntax
config
advanced 802.11a
monitor load
<seconds>
Configure parameters.
Advanced 802.11a parameters.
Monitor load interval.
60 to 3600 seconds.
Defaults
60 seconds.
Examples
>config advanced 802.11a monitor load 60
to set the load measurement interval to 60 seconds.
Related Commands
show advanced 802.11a monitor, config advanced 802.11b monitor load
config advanced 802.11a monitor mode
config advanced 802.11a monitor mode
To enable or disable the 802.11a monitor mode, use the config advanced 802.11a monitor mode command.
>config advanced 802.11a monitor mode <enable/disable>
Syntax
config
advanced 802.11a
monitor mode
320298-A Rev 00
Configure parameters.
Advanced 802.11a parameters.
Monitor mode.
config advanced 802.11a monitor noise 411
<enable/disable>
Enable or disable.
Defaults
Enabled.
Examples
>config advanced 802.11a monitor mode enable
Related Commands
show advanced 802.11a monitor, config advanced 802.11b monitor mode
config advanced 802.11a monitor noise
config advanced 802.11a monitor noise
To set the noise measurement interval between 60 and 3600 seconds, use the config advanced 802.11a monitor noise
command.
>config advanced 802.11a monitor noise <seconds>
Syntax
config
advanced 802.11a
monitor noise
<seconds>
Configure parameters.
Advanced 802.11a parameters.
Monitor noise interval.
60 to 3600 seconds
Defaults
180 seconds.
Examples
>config advanced 802.11a monitor noise 120
to set the noise measurement interval to 120 seconds.
Related Commands
show advanced 802.11a monitor, config advanced 802.11b monitor noise
config advanced 802.11a monitor signal
config advanced 802.11a monitor signal
To set the signal measurement interval between 60 and 3600 seconds, use the config advanced 802.11a monitor signal
command.
>config advanced 802.11a monitor signal <seconds>
Syntax
config
advanced 802.11a
monitor signal
<seconds>
Configure parameters.
Advanced 802.11a parameters.
Monitor signal interval.
60 to 3600 seconds
Defaults
60 seconds.
Nortel 2200 Series Product Guide
412 config advanced 802.11a receiver
Examples
>config advanced 802.11a monitor signal 120
to set the signal measurement interval to 120 seconds.
Related Commands
show advanced 802.11a monitor, config advanced 802.11b monitor signal
config advanced 802.11a receiver
config advanced 802.11a receiver
To set the advanced receiver configuration, use the config advanced 802.11a receiver command.
>config advanced 802.11a receiver <default/rxstart>
Syntax
config
advanced 802.11a
receiver
<default/rxstart>
Configure parameters.
Advanced 802.11a parameters.
Receiver configuration.
default configuration/start configuration
Defaults
(None)
Examples
>config advanced 802.11a receiver default
Cannot change receiver params while network is enabled
Related Commands
config advanced 802.11b receiver
config advanced 802.11a txpower-update
config advanced 802.11a txpower-update
To initiate updates of the 802.11a transmit power for every WLAN — Access Port (223x), use the config advanced
802.11a txpower-update command.
>config advanced 802.11a txpower-update
Syntax
config
advanced 802.11a
txpower-update
Defaults
(None)
320298-A Rev 00
Configure parameters.
Advanced 802.11a parameters.
Update transmission power
config advanced 802.11a profile clients 413
Examples
>config advanced 802.11a txpower-update
Related Commands
config advance 802.11b txpower-update
config advanced 802.11a profile clients
config advanced 802.11a profile clients
To set the Nortel WLAN — Access Port (223x) clients threshold between 1 and 75 clients, use the config advanced
802.11a profile clients command.
>config advanced 802.11a profile clients <global/WLAN — Access Port
(223x)> <value>
Syntax
config
Configure parameters.
advanced 802.11a
Advanced 802.11a parameters.
profile clients
WLAN — Access Port (223x) Client profile
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
<value>
1 to 75 clients.
Defaults
12 clients.
Examples
To set all WLAN — Access Port (223x) clients thresholds to 25 clients:
>config advanced 802.11a profile clients global 25
To set the AP1 clients threshold to 75 clients:
>config advanced 802.11a profile clients AP1 75
Related Commands
show advanced 802.11a profile, config advanced 802.11b profile clients
config advanced 802.11a profile coverage
config advanced 802.11a profile coverage
To set the WLAN — Access Port (223x) coverage threshold between 3 and 50 dB, use the config advanced 802.11a
profile coverage command.
>config advanced 802.11a profile coverage <global/WLAN — Access Port
(223x)> <value>
Syntax
config
Configure parameters.
advanced 802.11a
Advanced 802.11a parameters.
profile coverage
WLAN — Access Port (223x) profile coverage
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
Nortel 2200 Series Product Guide
414 config advanced 802.11a profile customize
<value>
3 to 50 dB.
Defaults
12 dB.
Examples
To set all WLAN — Access Port (223x) coverage thresholds to 30 dB:
>config advanced 802.11a profile coverage global 30
To set AP1 coverage thresholds to 50 dB:
>config advanced 802.11a profile coverage AP1 50
Related Commands
show advanced 802.11a profile, config advanced 802.11b profile coverage
config advanced 802.11a profile customize
config advanced 802.11a profile customize
To turn customizing on or off for an 802.11a WLAN — Access Port (223x) performance profile, use the config
advanced 802.11a profile customize command.
>config advanced 802.11a profile customize <WLAN — Access Port (223x)>
<on|off>
Syntax
config
Configure parameters.
advanced 802.11a
Advanced 802.11a parameters.
customize
Performance profile.
WLAN — Access Port (223x)WLAN — Access Port (223x).
on/off
Enable or disable.
Defaults
Off.
Examples
To turn performance profile customization on for 802.11a WLAN — Access Port (223x)
AP1:
>config advanced 802.11a profile customize AP1 on
Related Commands
show advanced 802.11a profile, config advanced 802.11b profile customize
config advanced 802.11a profile exception
config advanced 802.11a profile exception
To set the WLAN — Access Port (223x) coverage exception level between 0 and 100 percent, use the config advanced
802.11a profile exception command.
>config advanced 802.11a profile exception <global/WLAN — Access Port
(223x)> <value>
Syntax
config
320298-A Rev 00
Configure parameters.
config advanced 802.11a profile foreign 415
advanced 802.11a
Advanced 802.11a parameters.
profile exception
WLAN — Access Port (223x) profile exception
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
<value>
0 to 100 percent.
Defaults
25 percent.
Examples
To set all WLAN — Access Port (223x) coverage exception levels to 0 percent:
>config advanced 802.11a profile exception global 0
To set the AP1 coverage exception level to 100 percent:
>config advanced 802.11a profile exception AP1 100
Related Commands
show advanced 802.11a profile, config advanced 802.11b profile exception
config advanced 802.11a profile foreign
config advanced 802.11a profile foreign
To set the foreign 802.11a transmitter interference threshold between 0 and 100 percent, use the config advanced
802.11a profile foreign command.
>config advanced 802.11a profile foreign {global/<WLAN — Access Port
(223x)>} <value>
Syntax
config
Configure parameters.
advanced 802.11a
Advanced 802.11a parameters.
profile foreign
foreign interference profile.
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
<value>
0 to 100 percent.
Defaults
10 percent.
Examples
To set the Other 802.11a transmitter interference threshold for all WLAN — Access Ports
(223x) to 50 percent:
>config advanced 802.11a profile foreign global 50
To set the Other 802.11a transmitter interference threshold for AP1 to 0 percent:
>config advanced 802.11a profile foreign AP1 0
Related Commands
show advanced 802.11a profile, config advanced 802.11b profile foreign
Nortel 2200 Series Product Guide
416 config advanced 802.11a profile level
config advanced 802.11a profile level
config advanced 802.11a profile level
To set the WLAN — Access Port (223x) client minimum exception level between 1 and 75 clients, use the config
advanced 802.11a profile level command.
>config advanced 802.11a profile level <global/WLAN — Access Port
(223x)> <value>
Syntax
config
Configure parameters.
advanced 802.11a
Advanced 802.11a parameters.
profile level
WLAN — Access Port (223x) profile level
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
<value>
1 to 75 clients.
Defaults
3 clients.
Examples
>config advanced 802.11a profile level global 10
to set all WLAN — Access Port (223x) client minimum exception levels to 10 clients.
>config advanced 802.11a profile level AP1 25
to set the AP1 client minimum exception level to 25 clients.
Related Commands
show advanced 802.11a profile, config advanced 802.11b profile level
config advanced 802.11a profile noise
config advanced 802.11a profile noise
To set the 802.11a foreign noise threshold between -127 and 0 dBm, use the config advanced 802.11a profile noise
command.
>config advanced 802.11a profile noise <global/WLAN — Access Port
(223x)> <value>
Syntax
config
Configure parameters.
advanced 802.11a
Advanced 802.11a parameters.
profile noise
Profile noise limits
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
<value>
-127 to 0 dBm.
Defaults
-70 dBm.
Examples
To set the 802.11a foreign noise threshold for all WLAN — Access Ports (223x) to
-127 dBm:
320298-A Rev 00
config advanced 802.11a profile throughput 417
>config advanced 802.11a profile noise global -127
To set the 802.11a foreign noise threshold for AP1 to 0 dBm:
>config advanced 802.11a profile noise AP1 0
Related Commands
show advanced 802.11a profile, config advanced 802.11b profile noise
config advanced 802.11a profile throughput
config advanced 802.11a profile throughput
To set the WLAN — Access Port (223x) data-rate throughput threshold between 1000 and 10000000 bytes per second,
use the config advanced 802.11a profile throughput command.
>config advanced 802.11a profile throughput {global/<WLAN — Access
Port (223x)>} <value>
Syntax
config
Configure parameters.
advanced 802.11a
Advanced 802.11a parameters.
profile throughput
Data rate threshold
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
<value>
1,000 to 10,000,000 bps.
Defaults
1,000,000 bps.
Examples
To set all WLAN — Access Port (223x) data-rate thresholds to 1000 bytes per second.
>config advanced 802.11a profile data-rate global 1000
To set the AP1 data-rate threshold to 10000000 bytes per second.
>config advanced 802.11a profile data-rate AP1 10000000
Related Commands
show advanced 802.11a profile, config advanced 802.11b profile data-rate
config advanced 802.11a profile utilization
config advanced 802.11a profile utilization
To set the RF utilization threshold between 0 and 100 percent, use the config advanced 802.11a profile utilization
command. Operating System generates a trap when this threshold is exceeded.
>config advanced 802.11a profile utilization <global/WLAN — Access
Port (223x)> <value>
Syntax
config
advanced 802.11a
profile utilization
Configure parameters.
Advanced 802.11a parameters.
WLAN — Access Port (223x) profile
utilization
Nortel 2200 Series Product Guide
418 Config Advanced 802.11B Commands
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
<value>
0 to 100 percent.
Defaults
80 percent.
Examples
To set the RF utilization threshold for all WLAN — Access Ports (223x) to 0 percent:
>config advanced 802.11a profile utilization global 0
To set the RF utilization threshold for AP1 to 100 percent
>config advanced 802.11a profile utilization AP1 100
Related Commands
show advanced 802.11a profile, config advanced 802.11b profile utilization
Config Advanced 802.11B Commands
config advanced 802.11b
Use the following config advanced 802.11b commands:
•
“config advanced 802.11b channel foreign” on page 419
•
“config advanced 802.11b channel load” on page 419
•
“config advanced 802.11b channel noise” on page 420
•
“config advanced 802.11b channel update” on page 420
•
“config advanced 802.11b factory” on page 421
•
“config advanced 802.11b group-mode” on page 421
•
“config advanced 802.11b logging channel” on page 422
•
“config advanced 802.11b logging coverage” on page 422
•
“config advanced 802.11b logging foreign” on page 423
•
“config advanced 802.11b logging load” on page 423
•
“config advanced 802.11b logging noise” on page 423
•
“config advanced 802.11b logging performance” on page 424
•
“config advanced 802.11b logging txpower” on page 424
•
“config advanced 802.11b monitor channel-list” on page 425
•
“config advanced 802.11b monitor coverage” on page 425
•
“config advanced 802.11b monitor load” on page 426
•
“config advanced 802.11b monitor mode” on page 426
•
“config advanced 802.11b monitor noise” on page 427
•
“config advanced 802.11b monitor signal” on page 427
320298-A Rev 00
config advanced 802.11b channel foreign 419
•
“config advanced 802.11b receiver” on page 427
•
“config advanced 802.11b txpower-update” on page 428
•
“config advanced 802.11b profile clients” on page 428
•
“config advanced 802.11b profile coverage” on page 429
•
“config advanced 802.11b profile customize” on page 430
•
“config advanced 802.11b profile exception” on page 430
•
“config advanced 802.11b profile foreign” on page 431
•
“config advanced 802.11b profile level” on page 431
•
“config advanced 802.11b profile noise” on page 432
•
“config advanced 802.11b profile throughput” on page 432
•
“config advanced 802.11b profile utilization” on page 433
config advanced 802.11b channel foreign
config advanced 802.11b channel foreign
To have management software consider or ignore foreign 802.11b/g interference in making channel selection updates for
all 802.11b/g WLAN — Access Ports (223x), use the config advanced 802.11b channel foreign command.
>config advanced 802.11b channel foreign [enable/disable]
Syntax
config
advanced 802.11b
channel
foreign
[enable/disable]
Configure parameters.
Advanced 802.11b/g parameters.
management software channel selections.
Foreign interference.
Consider or ignore.
Defaults
Enabled.
Examples
>config advanced 802.11b channel foreign enable
to have management software consider foreign 802.11b/g interference when making
channel selection updates for all 802.11b/g WLAN — Access Ports (223x).
Related Commands
show advanced 802.11b channel, config advanced 802.11a channel foreign
config advanced 802.11b channel load
config advanced 802.11b channel load
To have management software consider or ignore traffic load in making channel selection updates for all 802.11b/g
WLAN — Access Ports (223x), use the config advanced 802.11b channel load command.
>config advanced 802.11b channel load [enable/disable]
Syntax
config
Configure parameters.
Nortel 2200 Series Product Guide
420 config advanced 802.11b channel noise
advanced 802.11b
channel
load
[enable/disable]
Advanced 802.11b/g parameters.
management software channel selections.
Traffic load.
Consider or ignore.
Defaults
Disabled.
Examples
>config advanced 802.11b channel load enable
to have management software consider traffic load when making channel selection
updates for all 802.11b/g WLAN — Access Ports (223x).
Related Commands
show advanced 802.11b channel, config advanced 802.11a channel load
config advanced 802.11b channel noise
config advanced 802.11b channel noise
To have management software consider or ignore non-802.11b/g noise in making channel selection updates for all
802.11b/g WLAN — Access Ports (223x), use the config advanced 802.11b channel noise command.
>config advanced 802.11b channel noise [enable/disable]
Syntax
config
advanced 802.11b
channel
noise
[enable/disable]
Configure parameters.
Advanced 802.11b/g parameters.
management software channel selections.
Non-802.11b/g noise.
Consider or ignore.
Defaults
Disabled.
Examples
>config advanced 802.11b channel noise enable
to have management software consider non-802.11b/g noise when making channel selection updates for all 802.11b/g WLAN — Access Ports (223x).
Related Commands
show advanced 802.11b channel, config advanced 802.11a channel noise
config advanced 802.11b channel update
config advanced 802.11b channel update
To have management software initiate a channel selection update for all 802.11b/g WLAN — Access Ports (223x), use
the config advanced 802.11b channel update command.
>config advanced 802.11b channel update
Syntax
config
advanced 802.11b
320298-A Rev 00
Configure parameters.
Advanced 802.11b/g parameters.
config advanced 802.11b factory 421
channel update
Update the channel selections.
Defaults
(none)
Examples
>config advanced 802.11b channel update
Related Commands
show advanced 802.11b channel, config advanced 802.11a channel update
config advanced 802.11b factory
config advanced 802.11b factory
To reset 802.11b/g advanced settings back to the factory defaults, use the config advanced 802.11b factory command.
>config advanced 802.11b factory
Syntax
config
advanced 802.11b
factory
Configure parameters.
Advanced 802.11b/g parameters.
Return all 802.11b/g advanced settings to
their factory defaults.
Defaults
(none)
Examples
>config advanced 802.11b factory
to reset all 802.11b/g advanced settings back to the factory defaults.
Related Commands
show advanced 802.11b channel
config advanced 802.11b group-mode
config advanced 802.11b group-mode
To set the 802.11b/g RF group selection mode on or off, use the config advanced 802.11b group-mode command.
>config advanced 802.11b group-mode <auto/off>
Syntax
config
advanced 802.11b
group-mode
<auto/off>
Configure parameters.
Advanced 802.11b/g parameters.
Nortel Networks Radio RF grouping.
Automatic selection or off.
Defaults
Auto.
Usage
Use to enable or disable 802.11b/g automatic RF group selection mode.
Nortel 2200 Series Product Guide
422 config advanced 802.11b logging channel
Examples
>config advanced 802.11b group-mode auto
to set the 802.11b/g RF group selection mode to automatic.
>config advanced 802.11b group-mode off
to disable the 802.11b/g RF group selection mode.
Related Commands
show advanced 802.11b group, config advanced 802.11a group-mode
config advanced 802.11b logging channel
config advanced 802.11b logging channel
To turn the 802.11b/g channel change logging mode on or off, use the config advanced 802.11b logging channel
command.
>config advanced 802.11b logging channel <on/off>
Syntax
config
advanced 802.11b
logging channel
<on/off>
Configure parameters.
Advanced 802.11b/g parameters.
Log channel changes.
Enable or Disable logging.
Defaults
Disabled.
Examples
>config advanced 802.11b logging channel on
Related Commands
show advanced 802.11b logging, config advanced 802.11a logging channel
config advanced 802.11b logging coverage
config advanced 802.11b logging coverage
To turn the 802.11b/g channel change logging mode on or off, use the config advanced 802.11b logging channel
command.
>config advanced 802.11b logging coverage <on/off>
Syntax
config
advanced 802.11b
logging coverage
<on/off>
Configure parameters.
Advanced 802.11b/g parameters.
Log coverage changes.
Enable or Disable logging
Defaults
Off (disabled).
Examples
>config advanced 802.11b logging coverage on
320298-A Rev 00
config advanced 802.11b logging foreign 423
Related Commands
show advanced 802.11b logging, config advanced 802.11a logging coverage
config advanced 802.11b logging foreign
config advanced 802.11b logging foreign
To turn the 802.11b/g channel foreign logging mode on or off, use the config advanced 802.11b logging foreign
command.
>config advanced 802.11b logging foreign <on/off>
Syntax
config
advanced 802.11b
logging foreign
<on/off>
Configure parameters.
Advanced 802.11b/g parameters.
Log foreign changes.
Enable or Disable logging
Defaults
Off (disabled).
Examples
>config advanced 802.11b logging foreign on
Related Commands
show advanced 802.11b logging, config advanced 802.11a logging foreign
config advanced 802.11b logging load
config advanced 802.11b logging load
To turn the 802.11b/g channel load logging mode on or off, use the config advanced 802.11b logging load command.
>config advanced 802.11b logging load <on/off>
Syntax
config
advanced 802.11b
logging load
<on/off>
Configure parameters.
Advanced 802.11b/g parameters.
Log load changes.
Enable or Disable logging
Defaults
Off (disabled).
Examples
>config advanced 802.11b logging load on
Related Commands
show advanced 802.11b logging, config advanced 802.11a logging load
config advanced 802.11b logging noise
config advanced 802.11b logging noise
To turn the 802.11b/g channel noise logging mode on or off, use the config advanced 802.11b logging noise command.
>config advanced 802.11b logging noise <on/off>
Nortel 2200 Series Product Guide
424 config advanced 802.11b logging performance
Syntax
config
advanced 802.11b
logging noise
<on/off>
Configure parameters.
Advanced 802.11b/g parameters.
Log noise changes.
Enable or Disable logging
Defaults
Off (disabled).
Examples
>config advanced 802.11b logging noise on
Related Commands
show advanced 802.11b logging, config advanced 802.11a logging noise
config advanced 802.11b logging performance
config advanced 802.11b logging performance
To turn the 802.11b/g channel performance logging mode on or off, use the config advanced 802.11b logging performance command.
>config advanced 802.11b logging performance <on/off>
Syntax
config
advanced 802.11b
logging performance
<on/off>
Configure parameters.
Advanced 802.11b/g parameters.
Log performance changes.
Enable or Disable logging
Defaults
Off (disabled).
Examples
>config advanced 802.11b logging performance on
Related Commands
show advanced 802.11b logging, config advanced 802.11a logging performance
config advanced 802.11b logging txpower
config advanced 802.11b logging txpower
To turn the 802.11b/g transmit power logging mode on or off, use the config advanced 802.11b logging txpower
command.
>config advanced 802.11b logging txpower <on/off>
Syntax
config
advanced 802.11b
logging txpower
<on/off>
320298-A Rev 00
Configure parameters.
Advanced 802.11b/g parameters.
Log power changes.
Enable or Disable logging.
config advanced 802.11b monitor channel-list 425
Defaults
Off (disabled).
Examples
>config advanced 802.11b logging txpower off
Related Commands
show advanced 802.11b logging, config advanced 802.11a logging power
config advanced 802.11b monitor channel-list
config advanced 802.11b monitor channel-list
To set the 802.11b/g noise/interference/rogue monitoring channel list coverage, use the config advanced 802.11b
monitor channel-list command.
>config advanced 802.11b monitor channel-list <all/country/dca>
Syntax
config
advanced 802.11b
monitor channel-list
<all/
country/
dca>
Configure parameters.
Advanced 802.11b/g parameters.
Monitor channel list.
Monitor all channels
Monitor channels used in configured country
code
Monitor channels used by automatic channel
assignment
Defaults
180 seconds.
Examples
>config advanced 802.11b monitor channel-list country
Related Commands
show advanced 802.11b monitor, config advanced 802.11a monitor coverage
config advanced 802.11b monitor coverage
config advanced 802.11b monitor coverage
To set the 802.11b/g coverage measurement interval between 60 and 3600 seconds, use the config advanced 802.11b
monitor coverage command.
>config advanced 802.11b monitor coverage <seconds>
Syntax
config
advanced 802.11b
monitor coverage
<seconds>
Configure parameters.
Advanced 802.11b/g parameters.
Monitor coverage interval.
60 to 3600 seconds.
Defaults
180 seconds.
Nortel 2200 Series Product Guide
426 config advanced 802.11b monitor load
Examples
>config advanced 802.11b monitor coverage 60
to set the coverage measurement interval to 60 seconds.
Related Commands
show advanced 802.11b monitor, config advanced 802.11a monitor coverage
config advanced 802.11b monitor load
config advanced 802.11b monitor load
To set the 802.11b/g load measurement interval between 60 and 3600 seconds, use the config advanced 802.11b monitor
load command.
>config advanced 802.11b monitor load <seconds>
Syntax
config
advanced 802.11b
monitor load
<seconds>
Configure parameters.
Advanced 802.11b/g parameters.
Monitor load interval.
60 to 3600 seconds
Defaults
60 seconds.
Examples
>config advanced 802.11b monitor load 60
to set the load measurement interval to 60 seconds.
Related Commands
show advanced 802.11b monitor, config advanced 802.11a monitor load
config advanced 802.11b monitor mode
config advanced 802.11b monitor mode
To enable or disable the 802.11b monitor mode, use the config advanced 802.11b monitor mode command.
>config advanced 802.11b monitor mode <enable/disable>
Syntax
config
advanced 802.11b
monitor mode
<enable/disable>
Configure parameters.
Advanced 802.11b parameters.
Monitor mode.
Enable or disable.
Defaults
Enabled.
Examples
>config advanced 802.11b monitor mode enable
Related Commands
show advanced 802.11b monitor, config advanced 802.11a monitor mode
320298-A Rev 00
config advanced 802.11b monitor noise 427
config advanced 802.11b monitor noise
config advanced 802.11b monitor noise
To set the 802.11b/g noise measurement interval between 60 and 3600 seconds, use the config advanced 802.11b
monitor noise command.
>config advanced 802.11b monitor noise <seconds>
Syntax
config
advanced 802.11b
monitor noise
<seconds>
Configure parameters.
Advanced 802.11b/g parameters.
Monitor noise interval.
60 to 3600 seconds
Defaults
180 seconds.
Examples
>config advanced 802.11b monitor noise 120
to set the noise measurement interval to 120 seconds.
Related Commands
show advanced 802.11b monitor, config advanced 802.11a monitor noise
config advanced 802.11b monitor signal
config advanced 802.11b monitor signal
To set the 802.11b/g signal measurement interval between 60 and 3600 seconds, use the config advanced 802.11b
monitor signal command.
>config advanced 802.11b monitor signal <seconds>
Syntax
config
advanced 802.11b
monitor signal
<seconds>
Configure parameters.
Advanced 802.11b/g parameters.
Monitor signal interval.
60 to 3600 seconds
Defaults
60 seconds.
Examples
>config advanced 802.11b monitor signal 120
to set the signal measurement interval to 120 seconds.
Related Commands
show advanced 802.11b monitor, config advanced 802.11a monitor signal
config advanced 802.11b receiver
config advanced 802.11b receiver
To set the advanced receiver configuration, use the config advanced 802.11b receiver command.
Nortel 2200 Series Product Guide
428 config advanced 802.11b txpower-update
>config advanced 802.11b receiver <default/rxstart>
Syntax
config
advanced 802.11b
receiver
<default/rxstart>
Configure parameters.
Advanced 802.11b parameters.
Receiver configuration.
default configuration/start configuration
Defaults
(None)
Examples
>config advanced 802.11b receiver default
Cannot change receiver params while network is enabled
Related Commands
config advanced 802.11a receiver
config advanced 802.11b txpower-update
config advanced 802.11b txpower-update
To initiate updates of the 802.11b transmit power for every WLAN — Access Port (223x), use the config advanced
802.11b txpower-update command.
>config advanced 802.11b txpower-update
Syntax
config
advanced 802.11b
txpower-update
Configure parameters.
Advanced 802.11b parameters.
Update transmission power
Defaults
(None)
Examples
>config advanced 802.11b txpower-update
Related Commands
config advance 802.11a txpower-update
config advanced 802.11b profile clients
config advanced 802.11b profile clients
To set the number of 802.11b/g WLAN — Access Port (223x) clients threshold between 1 and 75 clients, use the config
advanced 802.11b profile clients command.
>config advanced 802.11b profile clients <global/WLAN — Access Port
(223x)> <value>
320298-A Rev 00
config advanced 802.11b profile coverage 429
Syntax
config
Configure parameters.
advanced 802.11b
Advanced 802.11b/g parameters.
profile clients
Client profiles.
global/<WLAN — Access Port (223x)>Global or WLAN — Access Port
(223x) specific profile.
<value>
1 to 75 clients.
Defaults
12 clients
Examples
>config advanced 802.11b profile clients global 25
to set the WLAN — Access Port (223x) clients threshold for all Nortel Networks Radios
to 25.
>config advanced 802.11b profile clients AP1 75
to set the WLAN — Access Port (223x) clients threshold for AP1 to 75.
Related Commands
config advanced 802.11a profile clients
config advanced 802.11b profile coverage
config advanced 802.11b profile coverage
To set the 802.11b/g WLAN — Access Port (223x) coverage threshold between 3 and 50 dB, use the config advanced
802.11b profile coverage command.
>config advanced 802.11b profile coverage <global/WLAN — Access Port
(223x)> <value>
Syntax
config
Configure parameters.
advanced 802.11b
Advanced 802.11b/g parameters.
profile coverage
WLAN — Access Port (223x) profile coverage
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile
<value>
3 to 50 dB
Defaults
12 dB
Examples
>config advanced 802.11b profile coverage global 30
to set the WLAN — Access Port (223x) coverage threshold for all WLAN — Access Ports
(223x) to 30 dB.
>config advanced 802.11b profile coverage AP1 50
to set the WLAN — Access Port (223x) coverage threshold for AP1 to 50 dB.
Nortel 2200 Series Product Guide
430 config advanced 802.11b profile customize
Related Commands
config advanced 802.11a profile coverage
config advanced 802.11b profile customize
config advanced 802.11b profile customize
To turn customization on or off for an 802.11b/g WLAN — Access Port (223x) performance profile, use the config
advanced 802.11b profile customize command.
>config advanced 802.11b profile customize <WLAN — Access Port (223x)>
<on|off>
Syntax
config
advanced 802.11b
Configure parameters.
Advanced 802.11b/g parameters.
Defaults
Off
Example:
>config advanced 802.11b profile customize on
to turn customization on for the AP1 performance profile.
Related Commands
config advanced 802.11a profile customize
config advanced 802.11b profile exception
config advanced 802.11b profile exception
To set the 802.11b/g WLAN — Access Port (223x) coverage exception level between 0 and 100 percent, use the config
advanced 802.11b profile exception command.
>config advanced 802.11b profile exception <global/WLAN — Access Port
(223x)> <value=0 to 100 percent>
Syntax
config
Configure parameters.
advanced 802.11b
Advanced 802.11b/g parameters.
profile exception
WLAN — Access Port (223x) profile exception
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile
<value>
0 to 100 percent
Defaults
25%
Examples
>config advanced 802.11b profile exception global 0
to set the WLAN — Access Port (223x) coverage exception level for all WLAN —
Access Ports (223x) to 0 percent.
>config advanced 802.11b profile exception AP1 100
to set the WLAN — Access Port (223x) coverage exception level for AP1 to 100 percent.
320298-A Rev 00
config advanced 802.11b profile foreign 431
Related Commands
config advanced 802.11a profile exception
config advanced 802.11b profile foreign
config advanced 802.11b profile foreign
To set the foreign 802.11b/g transmitter interference threshold between 0 and 100 percent, use the config advanced
802.11b profile foreign command.
>config advanced 802.11b profile foreign {global/<WLAN — Access Port
(223x)>} <value> (0 to 100 percent)
Syntax
config
Configure parameters.
advanced 802.11b
Advanced 802.11b/g parameters.
profile foreign
foreign interference profile.
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
<value>
0 to 100 percent.
Defaults
802.11b/g foreign profile = (tbd) percent.
Examples
>config advanced 802.11b profile foreign global 50
to set the foreign 802.11b/g transmitter interference threshold for the whole 802.11b/g
network to 50 percent.
>config advanced 802.11b profile foreign AP1 0
to set the foreign 802.11b/g transmitter interference threshold for AP1 to 0 percent.
Related Commands
config advanced 802.11b profile foreign
config advanced 802.11b profile level
config advanced 802.11b profile level
To set the 802.11b/g WLAN — Access Port (223x) client minimum exception level between 1 and 75 clients, use the
config advanced 802.11b profile level command.
>config advanced 802.11b profile level <global/WLAN — Access Port
(223x)> <value>
Syntax
config
Configure parameters.
advanced 802.11b
Advanced 802.11b/g parameters.
profile minimum
WLAN — Access Port (223x) profile level
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile
<value>
1 to 75 clients
Defaults
3 clients
Nortel 2200 Series Product Guide
432 config advanced 802.11b profile noise
Examples
>config advanced 802.11b profile level global 75
to set the WLAN — Access Port (223x) client minimum exception level for all Nortel
Networks Radios to 75 clients.
>config advanced 802.11b profile level AP1 25
to set the WLAN — Access Port (223x) client minimum exception level for AP1 to
25 clients.
Related Commands
config advanced 802.11a profile level
config advanced 802.11b profile noise
config advanced 802.11b profile noise
To set the 802.11b/g foreign noise threshold between -127 and 0 dBm, use the config advanced 802.11b profile noise
command.
>config advanced 802.11b profile noise <global/WLAN — Access Port
(223x)> <value>
Syntax
config
Configure parameters.
advanced 802.11b
Advanced 802.11b/g parameters.
profile noise
WLAN — Access Port (223x) profile noise
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile
<value>
-127 to 0 dBm
Defaults
-70 dB
Examples
>config advanced 802.11b profile noise global -90
to set the 802.11b/g foreign noise threshold for the whole 802.11b/g network to -90 dBm.
>config advanced 802.11b profile noise AP1 -30
to set the 802.11b/g foreign noise threshold for AP1 to -30 dBm.
Related Commands
config advanced 802.11a profile noise
config advanced 802.11b profile throughput
config advanced 802.11b profile throughput
To set the 802.11b/g WLAN — Access Port (223x) throughput threshold between 1000 and 10000000 bytes per second,
use the config advanced 802.11b profile throughput command.
>config advanced 802.11b profile throughput <global/WLAN — Access Port
(223x)> <value>
Syntax
config
320298-A Rev 00
Configure parameters.
config advanced 802.11b profile utilization 433
advanced 802.11b
Advanced 802.11b/g parameters.
profile throughput
Throughput profile.
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile.
<value>
1,000 to 10,000,000 bps.
Defaults
1,000,000 bps
Examples
>config advanced 802.11b profile throughput global 1000
to set the WLAN — Access Port (223x) throughput threshold for all Nortel Networks
Radios to 1000 bytes per second.
>config advanced 802.11b profile throughput AP1 10000000
to set the WLAN — Access Port (223x) throughput threshold for AP1 to 10000000 bytes
per second.
Related Commands
config advanced 802.11a profile throughput
config advanced 802.11b profile utilization
config advanced 802.11b profile utilization
To set the 802.11b/g RF utilization threshold between 0 and 100 percent, use the config advanced 802.11b profile utilization command.
>config advanced 802.11b profile utilization <global/WLAN — Access
Port (223x)> <value>
Syntax
config
advanced 802.11b
profile utilization
Configure parameters.
Advanced 802.11b/g parameters.
WLAN — Access Port (223x) profile
utilization
global/<WLAN — Access Port (223x)>global or WLAN — Access Port
(223x) specific profile
<value>
0 to 100 percent
Defaults
80%
Examples
>config advanced 802.11b profile utilization global 100
to set the RF utilization threshold for the whole 802.11b/g network to 100 percent.
>config advanced 802.11b profile utilization AP1 50
to set the RF utilization threshold for the AP1 to 50 percent.
Related Commands
config advanced 802.11a profile utilization
Nortel 2200 Series Product Guide
434 config advanced client-handoff
config advanced client-handoff
config advanced client-handoff
To set the client handoff to occur after a selected number of 802.11 data packet excessive retries, use the config
advanced client-handoff command.
>config advanced client-handoff <value = 0-255>
Syntax
config
advanced
client-handoff <value>
Configure parameters.
Advanced parameters.
0 to 255 excessive retries before client
handoff.
Defaults
0 excessive retries (disabled).
Examples
>config advanced client-handoff 100
to set the client handoff to 100 excessive retries.
Related Commands
show advanced client-handoff
config advanced statistics
config advanced statistics
To enable or disable WLAN — Security Switch (2270) port statistics collection, use the config advanced statistics
command.
>config advanced statistics <enable/disable>
Syntax
config
advanced
statistics
<enable/disable>
Configure parameters.
Advanced parameters.
Statistics.
Enable or disable statistics.
Defaults
Enabled.
Examples
>config advanced statistics disable
to disable statistics.
Related Commands
show advanced statistics, show stats port, show stats switch
Config Advanced Timers Commands
config advanced timers
User the following config advanced timers commands:
•
“config advanced timers ap-discovery-timeout” on page 435
320298-A Rev 00
config advanced timers ap-discovery-timeout 435
•
“config advanced timers ap-heartbeat-timeout” on page 435
•
“config advanced timers auth-timeout” on page 436
•
“config advanced timers eap-timeout” on page 436
config advanced timers ap-discovery-timeout
config advanced timers ap-discovery-timeout
The WLAN — Access Port (223x) discovery time-out is how often a WLAN — Security Switch (2270) attempts to
discover an unconnected WLAN — Access Port (223x). To configure the WLAN — Access Port (223x) discovery
time-out, use the config advanced timers ap-discovery-timeout command.
>config advanced timers ap-discovery-timeout <seconds>
Syntax
config
advanced
timers
ap-discovery-timeout
<seconds>
Configure parameters.
Advanced parameters.
Network timers.
WLAN — Access Port (223x) discovery
timeout.
Timeout period 1-10 seconds.
Defaults
10 seconds.
Example
>config advanced timers ap-discovery-timeout 20
Related Commands
show advanced timers
config advanced timers ap-heartbeat-timeout
config advanced timers ap-heartbeat-timeout
The WLAN — Access Port (223x) heartbeat timeout controls how often the WLAN — Access Port (223x) sends a
heartbeat keep-alive signal to the WLAN — Security Switch (2270). To configure the WLAN — Access Port (223x)
heartbeat timeout, use the config advanced timers ap-heartbeat-timeout command.
>config advanced timers ap-heartbeat-timeout <seconds>
Syntax
config
advanced
timers
ap-heartbeat-timeout
<seconds>
Configure parameters.
Advanced parameters.
Network timers.
WLAN — Access Port (223x) heartbeat
timeout.
Timeout period 1-30 seconds.
Defaults
30 seconds.
Example
>config advanced timers ap-heartbeat-timeout 20
Nortel 2200 Series Product Guide
436 config advanced timers auth-timeout
Related Commands
show advanced timers
config advanced timers auth-timeout
config advanced timers auth-timeout
To configure the authentication timeout, use the config advanced timers auth-timeout command.
>config advanced timers auth-timeout <seconds>
Syntax
config
advanced
timers
auth-timeout
<seconds>
Configure parameters.
Advanced parameters.
Network timers.
Authentication response timeout.
Timeout period in seconds.
Defaults
10 seconds.
Example
>config advanced timers auth-timeout 20
Related Commands
show advanced timers
config advanced timers eap-timeout
config advanced timers eap-timeout
To configure the EAP expiration timeout, use the config advanced timers eap-timeout command. U
>config advanced timers eap-timeout <seconds>
Syntax
config
advanced
timers
eap-timeout
<seconds>
Configure parameters.
Advanced parameters.
Network timers.
EAP timeout.
Timeout period in seconds between 8 and
60.
Defaults
(None.)
Example
>config advanced timers eap-timeout 10
Related Commands
show advanced timers
Config AP Commands
Use the following config ap commands:
320298-A Rev 00
config ap
config ap disable 437
•
“config ap disable” on page 437
•
“config ap enable” on page 437
•
“config ap get-crash-data” on page 438
•
“config ap location” on page 438
•
“config ap mode” on page 439
•
“config ap name” on page 439
•
“config ap primary-base” on page 440
•
“config ap remote-debug” on page 440
•
“config ap reporting-period” on page 441
•
“config ap reset” on page 441
•
“config ap stats-timer” on page 442
•
“config ap secondary-base” on page 442
•
“config ap tertiary-base” on page 443
•
“config ap static-ip” on page 443
•
“config ap wlan” on page 444
config ap disable
config ap disable
To disable a WLAN — Access Port (223x), use the config ap disable command.
>config ap disable <WLAN — Access Port (223x)>
Syntax
config
Configure parameters.
ap
WLAN — Access Port (223x).
disable
Disable command.
<WLAN — Access Port (223x)>Name of the WLAN — Access Port
(223x).
Defaults
(none)
Examples
>config ap disable AP1
Related Commands
config ap enable
config ap enable
config ap enable
To enable a WLAN — Access Port (223x), use the config ap enable command.
>config ap enable <WLAN — Access Port (223x)>
Nortel 2200 Series Product Guide
438 config ap get-crash-data
Syntax
config
Configure parameters.
ap
WLAN — Access Port (223x).
enable
Enable command.
<WLAN — Access Port (223x)>Name of the WLAN — Access Port
(223x).
Defaults
(none)
Examples
>config ap enable AP1
Related Commands
config ap disable
config ap get-crash-data
config ap get-crash-data
To collect the latest crash data for a WLAN — Access Port (223x), use the config ap get-crash-data command. Use the
“transfer upload datatype” on page 555 command to transfer the collected data to the WLAN — Security Switch (2270).
>config ap get-crash-data <WLAN — Access Port (223x)>
Syntax
config
Configure parameters.
ap
WLAN — Access Port (223x).
get-crash-data
Enable command.
<WLAN — Access Port (223x)>Name of the WLAN — Access Port
(223x).
Defaults
(none)
Examples
>config ap get-crash-data AP3
config ap location
config ap location
To modify the descriptive location of a WLAN — Access Port (223x), use the config ap location command. The WLAN
— Access Port (223x) must be disabled before changing this parameter.
>config ap location “<location>” <WLAN — Access Port (223x)>
Syntax
config
ap
location
“<location>”
Configure parameters.
WLAN — Access Port (223x).
Descriptive location.
Location name (enclosed by double quotation marks).
<WLAN — Access Port (223x)>Name of the WLAN — Access Port
(223x).
320298-A Rev 00
config ap mode 439
Defaults
(none)
Examples
>config ap location “Building 1” AP1
Related Commands
show ap summary
config ap mode
config ap mode
WLAN — Security Switches (2270) communicate with WLAN — Access Ports (223x) in one of three modes: local
(normal), reap (remote office, must connect to a 2260), or monitor (listen-only). To change a WLAN — Security Switch
(2270) communication option for an individual WLAN — Access Port (223x), use the config ap mode command.
>config ap mode [local/reap/monitor/rogue] <WLAN — Access Port (223x)>
Syntax
config ap mode
Configure boot option.
local/reap/monitor/rogue Set the WLAN — Access Port (223x) for local
(normal), reap (remote office), monitor
(listen-only) or rogue mode.
<WLAN — Access Port (223x)>Name of the WLAN — Access Port
(223x).
Defaults
Local.
Examples
>config ap mode local AP01
sets the WLAN — Security Switch (2270) to communicate with AP01 in local (normal)
mode.
>config ap mode reap AP91
sets the WLAN — Security Switch (2270) to communicate with AP91 in remote office
mode.
>config ap mode monitor AP02
sets the WLAN — Security Switch (2270) to communicate with AP02 in monitor
(listen-only) mode.
Related Commands
show ap config
config ap name
config ap name
To modify the name of a WLAN — Access Port (223x), use the config ap name command.
>config ap name <New AP name> <Old AP name>
Nortel 2200 Series Product Guide
440 config ap primary-base
Syntax
config
ap
name
<New AP name>
<Old AP name>
Configure parameters.
WLAN — Access Port (223x).
Name of the WLAN — Access Port (223x).
Desired WLAN — Access Port (223x) name.
Current WLAN — Access Port (223x) name.
Defaults
(none)
Examples
>config ap name AP1 AP2
Related Commands
show ap config
config ap primary-base
config ap primary-base
To set the WLAN — Access Port (223x) primary WLAN — Security Switch (2270), use the config ap primary-base
command. The WLAN — Access Port (223x) associates with this WLAN — Security Switch (2270) for all network
operation and in the event of a hardware reset.
>config ap primary-base <Switch name> <WLAN — Access Port (223x)>
Syntax
config
ap
primary-base
Configure parameters.
WLAN — Access Port (223x).
WLAN — Access Port (223x) primary WLAN
— Security Switch (2270).
<Switch name>
Name of WLAN — Security Switch (2270).
<WLAN — Access Port (223x)>WLAN — Access Port (223x) name.
Defaults
(none)
Examples
>config ap primary-base SW_1 AP2
Related Commands
show sysinfo, config sysname, config ap secondary-base, config ap tertiary-base
config ap remote-debug
config ap remote-debug
To enable or disable remote debugging of a WLAN — Access Port (223x) or to remotely execute a command on a
WLAN — Access Port (223x), use the config ap remote-debug command.
>config ap remote-debug [enable/disable/exc-command] (command) <WLAN —
Access Port (223x)>
Syntax
config
320298-A Rev 00
Configure parameters.
config ap reporting-period 441
ap
remote-debug
WLAN — Access Port (223x).
WLAN — Access Port (223x) remote debug/
remote command.
[enable/disable/
Enable or disable remote debugging of
exc-command]
a WLAN — Access Port (223x), or remotely
execute a command.
(command)
Optional command to be executed.
<WLAN — Access Port (223x)>WLAN — Access Port (223x) name.
Defaults
Disabled.
Examples
>config ap remote-debug enable AP01
to enable remote debugging on AP01.
>config ap remote-debug disable AP02
to disable remote debugging on AP02.
>config ap remote-debug exc-command (command) AP03
to execute Technical Support-provided commands on AP03.
Related Commands
show sysinfo, config sysname
config ap reporting-period
config ap reporting-period
To reset a WLAN — Access Port (223x), use the config ap reset command.
>config ap reporting-period <period>
Syntax
config
ap
reporting-period
<period>
Configure parameters.
WLAN — Access Port (223x).
Reporting-period command.
Time period in seconds between 10 and 120.
Defaults
(none)
Example
>config ap reporting-period 120
Related Commands
show ap config 802.11a, show ap config 802.11ab
config ap reset
config ap reset
To reset a WLAN — Access Port (223x), use the config ap reset command.
>config ap reset <WLAN — Access Port (223x)>
Nortel 2200 Series Product Guide
442 config ap stats-timer
Syntax
config
Configure parameters.
ap
WLAN — Access Port (223x).
reset
Reset command.
<WLAN — Access Port (223x)>WLAN — Access Port (223x) name.
Defaults
(none)
Example
>config ap reset AP2
Related Commands
show ap config
config ap stats-timer
config ap stats-timer
Use this command to set the time in seconds that the WLAN — Access Port (223x) sends its DOT11 statistics to the
WLAN — Security Switch (2270). A value of 0 (zero) means the WLAN — Access Port (223x) will not send any
DOT11 statistics. The acceptable range for the timer is from 0 to 65535 seconds, and the WLAN — Access Port (223x)
must be disabled to set this value.
>config ap stats-timer <period> <WLAN — Access Port (223x)>
Syntax
config
ap
stats-timer
Configure parameters.
WLAN — Access Port (223x).
WLAN — Access Port (223x) primary WLAN
— Security Switch (2270).
<period>
Time in seconds.
<WLAN — Access Port (223x)>WLAN — Access Port (223x) name.
Defaults
0 (disabled)
Examples
>config ap stats-timer 600 AP2
Related Commands
config ap disable
config ap secondary-base
config ap secondary-base
To set the WLAN — Access Port (223x) secondary WLAN — Security Switch (2270), use the config ap secondary-base
command. The WLAN — Access Port (223x) associates with this WLAN — Security Switch (2270) for all network
operation and in the event of a hardware reset.
>config ap secondary-base <Switch name> <WLAN — Access Port (223x)>
Syntax
config
320298-A Rev 00
Configure parameters.
config ap tertiary-base 443
ap
primary-base
WLAN — Access Port (223x).
WLAN — Access Port (223x) secondary
WLAN — Security Switch (2270).
<Switch name>
Name of WLAN — Security Switch (2270).
<WLAN — Access Port (223x)>WLAN — Access Port (223x) name.
Defaults
(none)
Examples
>config ap secondary-base SW_1 AP2
Related Commands
show sysinfo, config sysname, config ap primary-base, config ap tertiary-base
config ap tertiary-base
config ap tertiary-base
To set the WLAN — Access Port (223x) tertiary WLAN — Security Switch (2270), use the config ap tertiary-base
command. The WLAN — Access Port (223x) associates with this WLAN — Security Switch (2270) for all network
operation and in the event of a hardware reset.
>config ap tertiary-base <Switch name> <WLAN — Access Port (223x)>
Syntax
config
ap
tertiary-base
Configure parameters.
WLAN — Access Port (223x).
WLAN — Access Port (223x) tertiary WLAN —
Security Switch (2270).
<Switch name>
Name of WLAN — Security Switch (2270).
<WLAN — Access Port (223x)>WLAN — Access Port (223x) name.
Defaults
(none)
Examples
>config ap tertiary-base SW_1 AP2
Related Commands
show sysinfo, config sysname, config ap secondary-base, config ap primary-base
config ap static-ip
config ap static-ip
To configure an WLAN — Access Port (223x) static IP address configuration, use the config ap static-ip command.
>config ap static-ip [enable/disable <WLAN — Access Port (223x) name>
<IP addr> <IP mask> <gateway>
Syntax
config
ap
static-ip
Configure parameters.
WLAN — Access Port (223x).
WLAN — Access Port (223x) static IP address
Nortel 2200 Series Product Guide
444 config ap wlan
[enable/
Configure the WLAN — Access Port (223x)
static IP address
disable]
Disable the WLAN — Access Port (223x)
static IP address. The AP will use DHCP to
get the IP address.
<WLAN — Access Port (223x) name>WLAN — Access Port (223x)
name.
<IP address>
WLAN — Access Port (223x) IP address
<IP mask>
IP Mask
<gateway>
Gateway
Defaults
(none)
Examples
>config ap static-ip enable AP2 1.1.1.1 255.255.255.0
10.1.1.1
Related Commands
show sysinfo, config sysname, config ap secondary-base, config ap primary-base
config ap wlan
config ap wlan
To enable or disable WLAN Override for a WLAN — Access Port (223x) radio, and to add or delete WLANs to or from
a WLAN — Access Port (223x) radio, as described in the Nortel 2200 Series Product Guide, use the config ap wlan
commands.
>config ap wlan [add/delete/enable/disable] [802.11a/802.11b]
(WLAN ID) <WLAN — Access Port (223x)>
Syntax
config
ap
wlan
enable/disable/
add/delete
Configure parameters.
WLAN — Access Port (223x).
Reset command.
Enable or disable WLAN Override mode.
Add or delete a WLAN override. (WLAN —
Access Port (223x) must have WLAN
Override enabled to add or delete a WLAN.)
802.11a/802.11b
802.11a or 802.11b/g radio.
(WLAN ID)
Optional WLAN — Security Switch (2270) ID
assigned to a WLAN.
<WLAN — Access Port (223x)>WLAN — Access Port (223x) name.
Defaults
(none)
Example
>config ap wlan enable 802.11a AP03
to enable WLAN Override on the AP03 802.11a radio.
320298-A Rev 00
config exclusionlist 445
>config ap wlan add 802.11a 1 AP03
to add WLAN ID 1 on the AP03 802.11a radio.
>config ap wlan delete 802.11a AP03
to delete WLAN ID 1 from the AP03 802.11a radio.
>config ap wlan disable 802.11a AP03
to disable WLAN Override on the AP03 802.11a radio.
Related Commands
show ap wlan
config exclusionlist
config exclusionlist
To create or delete an Exclusion List (blacklisted) entry, use the config exclusionlist command.
>config exclusionlist [add/delete] <MAC addr> [description]
Syntax
config exclusionlist
add/delete
MAC addr
description
Configure the Exclusion List.
Creates/deletes a local Excluded entry.
MAC address of the local Excluded entry.
Sets the description for a Excluded entry.
Defaults
(none)
Examples
>config exclusionlist add 0:0b:85:01:18:b0 lab
>config exclusionlist delete 0:0b:85:01:18:b0 lab
Related Commands
show exclusionlist
config boot
config boot
Each WLAN — Security Switch (2270) can boot off the primary, last-loaded Operating System image or boot off the
backup, earlier-loaded Operating System image. To change a WLAN — Security Switch (2270) boot option, use the
config boot command.
>config boot [primary/backup]
Syntax
config boot
primary/backup
Configure boot option.
Primary image or backup image.
Defaults
primary
Examples
>config boot primary
Nortel 2200 Series Product Guide
446 config certificate
>config boot backup
Related Commands
show boot
config certificate
config certificate
To configures SSL Certificates, use the config certificate command.
>config certificate [generate[webadmin/webauth]/compatibility[on/off]]
Syntax
config certificate
generate
webadmin
webauth
compatibility[on/off]
Command action.
Generates new certificates.
Generates a new web administration
certificate
Generates a new web authentication
certificate
Enables or disables compatibility mode for
inter-switch ipsec
Defaults
N/A
Examples
>config certificate generate webadmin
Creating a certificate may take some time. Do you wish to
continue? (y/n)
>config certificate compatibility
Related Commands
show certificate summary, show certificate compatibility
config client deauthenticate
config client deauthenticate
To disconnect a client, use the config client deauthenticate command.
>config client deauthenticate <MAC Address>
Syntax
config
client
deauthenticate
<MAC address>
Configure parameters.
Network client.
Deauthenticate command.
Client MAC address.
Defaults
(none)
Examples
>config client deauthenticate 11:11:11:11:11:11
320298-A Rev 00
config country 447
Related Commands
show client summary, show client detail
config country
config country
To configure the country code, use the config country command. Use the show country command to display a list of
supported countries. Note that the supported country codes are described in the Nortel 2200 Series Supported Regulatory
Domains section in the Nortel 2200 Series Product Guide.
>config country <country-code>
Syntax
config
country
<country-code>
Configure parameters.
Set this WLAN — Security Switch (2270) to
comply with selected country's regulations.
Select country.
Defaults
Country code = US (United States of America).
Examples
>config country US
to configure the country code for use in the United States of America, which allows
802.11a and 802.11b/g transmissions.
Related Commands
show country
config custom-web
config custom-web
To configure the custom-web authentication page, use the config custom-web command.
>config custom-web {redirectUrl <string>/weblogo [enable/disable]/
webmessage <string>/webtitle <string>/ext-webauth-mode [enable/
disable]/ext-webauth-url <ExternalAuthorizationURL>}
Syntax
config custom-web
redirectUrl <string>
weblogo [enable/disable]
webmessage <string>
webtitle <string>
ext-webauth-mode
ext-webauth-url
Command action.
Enable/disable the custom redirect URL.
Enable/disable the Web Authentication logo.
Set the customer message text for Web
Authentication.
Set the custom title text for Web
Authentication.
Enable or disable external URL web-based
client authorization.
The URL used for web-based client
authorization.
Defaults
(none)
Nortel 2200 Series Product Guide
448 config dhcp
Examples
>config custom-web redirectUrl abc.com
>config custom-web weblogo/weblogo enable
>config custom-web webmessage Thisistheplace
>config custom-web webtitle Helpdesk
>config custom-web ext-webauth-mode enable
>config custom-web ext-webauth-url http://
www.AuthorizationURL.com/
Related Commands
show custom-web
config dhcp
config dhcp
To configure the DHCP, use the config dhcp command. Use the show dhcp command to display dhcp configuration.
>config dhcp
Syntax
config dhcp
Command action.
address-pool <scope name> <start> <end>
Configure an address range to allocate.
create-scope <scope name>Create a new dhcp scope.
default-router <scope name> <routerIP1> <routerIP2> <routerIP3)
Configure the default routers.
delete-scope <scope name>
Delete a dhcp scope.
disable
<scope name>
Disable a scope.
dns-servers <scope name> <dns1> [dns2] [dns3]
Configure the name servers.
domain <scope name> <domain>
Configure the DNS Domain Name.
enable
<scope name>
Enable a scope
lease <scope name> <lease seconds>
Configure the lease time (in seconds).
netbios-name-server <scope name> <server1IP> <server2IP>
<server3IP>
Configure the netbios name servers.
network <scope name> <network> <netmask>
Configure the network and netmask.
Defaults
None.
Examples
>config dhcp lease 003
Configures the dhcp lease for the scope 003
320298-A Rev 00
config known ap 449
Related Commands
show dhcp
config known ap
config known ap
To configure a known AP, use the config known ap command. T
>config known ap <add/alert/delete> <Known AP MAC address>
Syntax
config
known ap
add/alert/delete
<MAC address>
Configure parameters.
Known access point.
Command action.
MAC address of the known AP.
Defaults
(none)
Example
>config known ap add ac:10:02:72:2f:bf 12
Related Commands
config ap
Config Interface Commands
config interface
Use the following config interface commands:
•
“config interface acl” on page 449
•
“config interface address” on page 450
•
“config interface create” on page 450
•
“config interface delete” on page 451
•
“config interface dhcp” on page 451
•
“config interface hostname” on page 452
•
“config interface port” on page 452
•
“config interface vlan” on page 452
config interface acl
config interface acl
To configure an interface's Access Control List, use the config interface acl command.
>config interface acl <ap-manager/management/vlan-intf-name> <ACL
name/none>
Syntax
config interface acl
ap-manager
management
Command action
Configures the AP Manager interface.
Configures the management interface.
Nortel 2200 Series Product Guide
450 config interface address
<vlan-intf-name>
<ACL name/none>
Enter interface name.
Access control list or none.
Defaults
N/A
Examples
>config interface acl management none
Related Commands
show interface
config interface address
config interface address
To configure an interface's address information, use the config interface address command.
>config interface address [ap-manager <ipaddress>/management <addr>
<netmask> <gateway>/service port <addr> <netmask>/virtual <addr>]
<interface-name>
Syntax
config interface address Command action.
ap-manager <IP address>Configures the AP Manager interface.
management <addr>
Configures the management interface.
<netmask> <gateway>
service-port <addr>
Configures the out-of-band service Port.
<netmask>
virtual <addr>
Configures the virtual gateway interface.
<interface-name>
Enter interface name.
Defaults
N/A
Examples
>config interface address ap-manger 172.168.2.3
Related Commands
show interface
config interface create
config interface create
To add a new dynamic interface, use the config interface create command.
>config interface create <interface-name> <vlan-id>
Syntax
config interface create
<interface-name>
<vlan-id>
320298-A Rev 00
Command action
Interface name.
VLAN id.
config interface delete 451
Defaults
N/A
Examples
>config interface create lab2 6
Related Commands
show interface
config interface delete
config interface delete
To delete a dynamic interface, use the config interface delete command.
>config interface delete <interface-name>
Syntax
config interface delete
<interface-name>
Command action.
Interface name.
Defaults
N/A
Examples
>config interface delete VLAN501
Related Commands
show interface
config interface dhcp
config interface dhcp
To configure DHCP options on an interface, use the config interface dhcp command.
>config interface dhcp ap-manager/management/service-port
<interface-name>
Syntax
config interface dhcp
ap-manager
management
service-port
<interface-name>
Command action.
Configures the AP Manager interface.
Configures the Management Interface.
Configures the out-of-band service Port with
disable or enable.
Enter interface name.
Defaults
N/A
Examples
>config interface dhcp service-port DHCP02
Related Commands
show interface
Nortel 2200 Series Product Guide
452 config interface hostname
config interface hostname
config interface hostname
To configure the virtual interface's virtual DNS host name, use the config interface hostname command.
>config interface hostname <virtual> <DNS Host Name>
Syntax
config interface hostname Command action.
virtual
Configures the virtual gateway interface.
(The Virtual Gateway IP Address is any fictitious, unassigned IP address, such as
1.1.1.1, to be used by Layer 3 Security and
Mobility managers.)
<DNS Host Name>
DNS Host Name.
Defaults
N/A
Examples
>config interface hostname 1.1.1.1 DNS_Host
Related Commands
show interface
config interface port
config interface port
To assign an interface to a physical port, use the config interface port command.
>config interface port <ap-manager/management/vlan-intf-name> <port
number>
Syntax
config interface port
ap-manager
management
vlan-intf-name
<port number>
Command action.
AP management interface
The Management Interface.
VLAN or interface name
Port number for the interface.
Defaults
N/A
Examples
>config interface port management 3
Related Commands
show interface
config interface vlan
config interface vlan
To configure an interface's VLAN Identifier, use the config interface vlan command.
>config interface vlan <management/vlan-intf-name> <vlan>
320298-A Rev 00
config load-balancing 453
Syntax
config interface vlan
management
vlan-intf-name
<vlan>
Command action.
The management interface.
VLAN identifier name.
VLAN id.
Defaults
N/A
Examples
>config interface vlan management 01
Request failed - Active WLAN using interface. Disable WLAN
first.
Related Commands
show interface
config load-balancing
config load-balancing
To change the state of the load-balancing feature, use the config load-balancing command.
>config load-balancing status[enable/disable]/window <client count>
Syntax
config
load-balancing
status[enable/disable]
window<client count>
Configure parameters.
Aggressive load-balancing
Enable or disable the aggressive load
balancing status
Set the aggressive load balancing client
window with the number of clients from 0 to
20.
Defaults
Enabled
Examples
>config load-balancing enable
Related Command
show load-balancing
config loginsession close
config loginsession close
To close active telnet sessions, use the config loginsession close command. Use this command to terminate an individual
or all active telnet sessions with the WLAN — Security Switch (2270). If you are using a telnet session for your CLI
interface and terminate your session or all sessions, you will need to reconnect and log back into the WLAN — Security
Switch (2270).
>config loginsession close [<session id>/ all]
Nortel 2200 Series Product Guide
454 Config Macfilter Commands
Syntax
config
loginsession
close
<session id>
all
Configure parameters.
Telnet sessions.
Terminate session.
Terminate a specific telnet session.
Terminate all telnet sessions.
Defaults
(none)
Examples
>config loginsession close all
Related Commands
show loginsession
Config Macfilter Commands
config macfilter
Use the following config macfilter commands.
•
“config macfilter add” on page 454
•
“config macfilter delete” on page 455
•
“config macfilter description” on page 455
•
“config macfilter interface” on page 456
•
“config macfilter mac-delimiter” on page 456
•
“config macfilter radius-compat” on page 457
•
“config macfilter wlan-id” on page 457
config macfilter add
config macfilter add
To create a MAC filter entry on the WLAN — Security Switch (2270), use the config mac filter add command. Use this
command to add a client locally to a WLAN on the WLAN — Security Switch (2270). This filter bypasses the RADIUS
authentication process.
>config macfilter add <MAC address> <WLAN ID>[interface
name][description]
Syntax
config
macfilter
add
<MAC address
<WLAN ID>
[interface name]
[description]
Defaults
(none)
320298-A Rev 00
Configure parameters.
Local MAC address filter.
Add a client.
Client MAC address.
Client WLAN.
Name of the interface
Short description of the interface
config macfilter delete 455
Examples
>config macfilter add 11:11:11:11:11:11 1 lab02 labconnect
Related Commands
show macfilter
config macfilter delete
config macfilter delete
Use to remove a local client from the WLAN — Security Switch (2270).
>config macfilter delete <MAC addr>
Syntax
config
macfilter
delete
<MAC addr>
Configure parameters.
Local MAC address filter.
Delete a client.
Client MAC address.
Defaults
(none)
Examples
>config macfilter delete 11:11:11:11:11:11
Deleted user 111111111111
Related Commands
show macfilter
config macfilter description
config macfilter description
Use to add a description to a MAC filter.
>config macfilter description <MAC addr> <username>“<description>”
Syntax
config
macfilter
delete
<MAC address>
<username>
“<description>”
Configure parameters.
Local MAC address filter.
Delete a client.
Client MAC address.
An existing MAC filter user name.
Optional description, up to 32 characters, in
double quotes.
Defaults
(none)
Examples
>config macfilter description 11:11:11:11:11:11 engineer1
“MAC Filter 01”
Nortel 2200 Series Product Guide
456 config macfilter interface
Related Commands
show macfilter
config macfilter interface
config macfilter interface
Use to add a MAC filter client interface name.
>config macfilter interface <MAC addr> <interface>
Syntax
config
macfilter
interface
<MAC address>
<interface>”
Configure parameters.
Local MAC address filter.
Interface name.
Client MAC address.
interface name.
Defaults
(none)
Examples
>config macfilter interface 11:11:11:11:11:11 Lab01
Related Commands
show macfilter
config macfilter mac-delimiter
config macfilter mac-delimiter
To set the MAC delimiter (none, colon, or hyphen) for MAC addresses sent to RADIUS servers, use the config macfilter
mac-delimiter command.
>config macfilter mac-delimiter <colon|hyphen|none|single-hyphen>
Syntax
config
Configure parameters.
macfilter
Local MAC address filter.
mac-delimiter
MAC address format for RADIUS servers.
<none|colon|hyphen|single-hyphen>
MAC delimiter format. (“none” disables
delimiters.)
Defaults
(none)
Examples
>config macfilter mac-delimiter colon
To have Operating System send MAC address to RADIUS servers in the form
aa:bb:cc:dd:ee:ff.
>config macfilter mac-delimiter hyphen
320298-A Rev 00
config macfilter radius-compat 457
To have Operating System send MAC address to RADIUS servers in the form
aa-bb-cc-dd-ee-ff.
>config macfilter mac-delimiter none
To have Operating System send MAC address to RADIUS servers in the form
aabbccddeeff.
Related Commands
show macfilter
config macfilter radius-compat
config macfilter radius-compat
Use to configure the WLAN — Security Switch (2270) for compatibility with selected RADIUS servers.
>config macfilter radius-compat {cisco/free/other}
Syntax
config
macfilter
radius-compat
{cisco/free/other}
Configure parameters.
Local MAC address filter.
Compatibility with selected RADIUS server.
RADIUS server compatibility.
Defaults
Other.
Examples
>config macfilter radius-compat other
Related Commands
show macfilter
config macfilter wlan-id
config macfilter wlan-id
To modify a client WLAN, use the config macfilter wlan-id command.
>config macfilter wlan-id <MAC address> <wlan-id>
Syntax
config
macfilter
wlan-id
<MAC address
<wlan-id>
Configure parameters.
Local MAC address filter
Modify client WLAN
Client MAC address
New WLAN identification number
Defaults
(none)
Examples
>config macfilter wlanid 11:11:11:11:11:11 2
Nortel 2200 Series Product Guide
458 Config MGMTUSER Commands
Related Commands
show macfilter, show wlan
Config MGMTUSER Commands
config mgmtuser
Use the following config mgmtuser commands:
•
“config mgmtuser add” on page 458
•
“config mgmtuser delete” on page 458
•
“config mgmtuser description” on page 459
•
“config mgmtuser password” on page 459
config mgmtuser add
config mgmtuser add
To add a management user login to the WLAN — Security Switch (2270), use the config mgmtuser add command.
>config mgmtuser add <username> <password> [read-write/
read-only][description]
Syntax
config
mgmtuser
add
<username>
<password>
[read-write/read-only]
[description]
Configure parameters.
Management user account
Add a management user account
Account username
Account password
Account privileges
Short description
Defaults
(none)
Examples
>config mgmtuser add admin admin read-write
Related Commands
show mgmtuser
config mgmtuser delete
config mgmtuser delete
To delete a management user login to the WLAN — Security Switch (2270), use the config mgmtuser delete command.
>config mgmtuser delete <username>
Syntax
config
mgmtuser
delete
<username>
320298-A Rev 00
Configure parameters.
Management user account
Delete a management user account
Account username up to 24 alphanumeric
characters
config mgmtuser description 459
Defaults
(none)
Examples
>config mgmtuser delete admin
Deleted user admin
Related Commands
show mgmtuser
config mgmtuser description
config mgmtuser description
To add a description to an existing management user login to the WLAN — Security Switch (2270), use the config
mgmtuser delete command.
>config mgmtuser description <username> <description>
Syntax
config
mgmtuser
description
<username>
<description>
Configure parameters.
Management user account.
Delete a management user account.
Account username.
Account description, up 24 alphanumeric
characters,.
Defaults
(none)
Examples
>config mgmtuser description admin master-user
Related Commands
show mgmtuser
config mgmtuser password
config mgmtuser password
To change a management user password, use the config mgmtuser password command.
>config mgmtuser password <username> <password>
Syntax
config
mgmtuser
password
<username>
<password>
Configure parameters.
Management user account
Add a management user account
Account username up to 24 alphanumeric
characters.
New password
Defaults
(none)
Nortel 2200 Series Product Guide
460 Config Mirror Commands
Examples
>config mgmtuser password admin
Related Commands
show mgmtuser
Config Mirror Commands
config mirror
Use the following config mirror commands.
•
“config mirror ap” on page 460
•
“config mirror foreignap” on page 460
•
“config mirror mac” on page 461
•
“config mirror port” on page 462
config mirror ap
config mirror ap
To have all WLAN — Access Port (223x) transmit and receive data appear on the Mirror Port (see “config mirror port”
on page 462) for troubleshooting, use the config mirror ap command.
>config mirror ap [enable/disable] <AP name>
Syntax
config
mirror
ap
[enable/disable]
<AP name>
Configure parameters.
Mirror command.
WLAN — Access Port (223x).
Enable or Disable Mirroring for this WLAN —
Access Port (223x).
WLAN — Access Port (223x) name.
Defaults
(none)
Examples
>config mirror ap enable AP5
configures the switch so the WLAN — Access Port (223x) AP5 data stream is Mirrored
on the port selected using the “config mirror port” on page 462 command.
Related Commands
config mirror foreignap, config mirror mac, config mirror port, show mirror ap, show
mirror foreignap, show mirror mac, show mirror port
config mirror foreignap
config mirror foreignap
To have all transmit and receive data from a Third-Party AP appear on the Mirror Port (see “config mirror port” on
page 462) for troubleshooting, use the config mirror foreignap command.
>config mirror foreignap [enable/disable] <port number>
320298-A Rev 00
config mirror mac 461
Syntax
config
mirror
foreignap
[enable/disable]
<port number>
Configure parameters.
Mirror command.
Third-Party Access Point.
Enable or Disable Mirroring for this
Third-Party AP.
Front-panel port the Third-Party AP is
connected to.
Defaults
(none)
Examples
>config mirror foreignap enable 3
configures the switch so the data stream from the Third-Party AP on Port 3 is Mirrored on
the port selected using the “config mirror port” on page 462 command.
Related Commands
config mirror ap, config mirror mac, config mirror port, show mirror ap, show mirror
foreignap, show mirror mac, show mirror port
config mirror mac
config mirror mac
To have all client transmit and receive data appear on the Mirror Port (see “config mirror port” on page 462) for troubleshooting, use the config mirror mac command.
>config mirror mac [enable/disable] <MAC Address>
Syntax
config
mirror
mac
[enable/disable]
<MAC address>
Configure parameters.
Mirror command.
WLAN — Access Port (223x).
Enable or Disable Mirroring for this WLAN —
Access Port (223x).
WLAN — Access Port (223x) MAC address.
Defaults
(none)
Examples
>config mirror mac enable 02:03:sd:66:85:4a
configures the switch so the data stream from client 02:03:sd:66:85:4a is Mirrored on the
port selected using the “config mirror port” on page 462 command.
Related Commands
config mirror ap, config mirror foreignap, config mirror port, show mirror ap, show mirror
foreignap, show mirror mac, show mirror port
Nortel 2200 Series Product Guide
462 config mirror port
config mirror port
config mirror port
To set up a Mirror Port on the switch for troubleshooting using a protocol analyzer, use the config mirror port command.
>config mirror port <Port number/none>
Syntax
config
mirror
port
<Port number>
Configure parameters.
Mirror command.
Mirror client, WLAN — Access Port (223x).
Front-panel port to mirror on.
Defaults
(none)
Examples
>config mirror port 23
configures the switch so all client, WLAN — Access Port (223x) data stream is Mirrored
to port 23.
To transfer the Mirrored data to another port, repeat the command with a new port
number.
Related Commands
config mirror ap, config mirror foreignap, config mirror mac, show mirror ap, show mirror
foreignap, show mirror mac, show mirror port
Config Mobility Commands
config mobility
Use the following config mobility commands:
•
“config mobility group member” on page 462
•
“config mobility secure-mode” on page 463
•
“config mobility statistics” on page 463
config mobility group member
config mobility group member
To add or delete users from the mobility group member list, use the config mobility group member command.
>config mobility group member [add/delete] <MAC address>
Syntax
config
mobility group
[add/delete]
<MAC address>
Configure parameters.
Mobility group member.
Enable or disable mobility group feature.
Client MAC address.
Defaults
(none)
Examples
>config mobility group member add 11:11:11:11:11:11
320298-A Rev 00
config mobility secure-mode 463
Related Commands
show mobility
config mobility secure-mode
config mobility secure-mode
To enable or disable secure mode for the mobility messages between mobility group WLAN — Security Switches
(2270), use the config mobility secure-mode command.
>config mobility secure-mode [enable/disable]
Syntax
config
mobility
secure-mode
[enable/disable]
Configure parameters.
Mobility group member.
Secure mode.
Enable or disable mobility group message
security.
Defaults
(none)
Examples
>config mobility secure-mode enable
Related Commands
show mobility summary
config mobility statistics
config mobility statistics
To reset the mobility group statistics, use the config mobility statistics command.
>config mobility statistics reset
Syntax
config
mobility
statistics
reset
Configure parameters.
Mobility group.
Mobility group statistics.
Reset the mobility group statistics.
Defaults
(none)
Examples
>config mobility statistics reset
Related Commands
show mobility statistics
show mirror foreignap, show mirror mac, show mirror port
CONFIG MSGLOG LEVEL COMMANDS
config msglog level
Use the following msglog level commands:
Nortel 2200 Series Product Guide
464 config msglog level critical
•
“config msglog level critical” on page 464
•
“config msglog level error” on page 464
•
“config msglog level security” on page 465
•
“config msglog level warning” on page 465
•
“config msglog level verbose” on page 466
config msglog level critical
config msglog level critical
To reset the message log so it only collects and displays critical (highest-level) messages, use the config msglog level
critical command. Note that the message log always collects and displays critical messages, regardless of the message
log level setting.
>config msglog level critical
Syntax
config
msglog level
critical
Configure parameters.
Message log message levels.
Collect and display critical messages.
Defaults
Config msglog level error.
Examples
>config msglog level critical
>show msglog
Message Log Severity Level...................... CRITICAL
(messages)
Related Commands
show msglog
config msglog level error
config msglog level error
To reset the message log so it only collects and displays critical (highest-level) and error (second-highest) messages, use
the config msglog level error command.
>config msglog level error
Syntax
config
msglog level
error
Configure parameters.
Message log message levels.
Collect and display error messages.
Defaults
Config msglog level error.
Examples
>config msglog level error
>show msglog
320298-A Rev 00
config msglog level security 465
Message Log Severity Level...................... ERROR
(messages)
Related Commands
show msglog
config msglog level security
config msglog level security
To reset the message log so it only collects and displays critical (highest-level), error (second-highest) and security
(third-highest) messages, use the config msglog level security command.
>config msglog level security
Syntax
config
msglog level
security
Configure parameters.
Message log message levels.
Collect and display security messages.
Defaults
Config msglog level error.
Examples
>config msglog level security
>show msglog
Message Log Severity Level...................... SECURITY
(messages)
Related Commands
show msglog
config msglog level warning
config msglog level warning
To reset the message log so it only collects and displays critical (highest-level), error (second-highest), security
(third-highest) and warning (fourth-highest) messages, use the config msglog level warning command.
>config msglog level warning
Syntax
config
msglog level
warning
Configure parameters.
Message log message levels.
Collect and display warning messages.
Defaults
Config msglog level error.
Examples
>config msglog level warning
>show msglog
Message Log Severity Level...................... WARNING
(messages)
Nortel 2200 Series Product Guide
466 config msglog level verbose
Related Commands
show msglog
config msglog level verbose
config msglog level verbose
To reset the message log so it collects and displays all messages, use the config msglog level verbose command.
>config msglog level verbose
Syntax
config
msglog level
verbose
Configure parameters.
Message log message levels.
Collect and display all messages.
Defaults
Config msglog level error.
Examples
>config msglog level verbose
>show msglog
Message Log Severity Level...................... VERBOSE
(messages)
Related Commands
show msglog
CONFIG NETUSER COMMANDS
config netuser
Use the following config netuser commands.
•
“config netuser add” on page 466
•
“config netuser delete” on page 467
•
“config netuser description” on page 467
•
“config netuser maxUserLogin” on page 468
•
“config netuser password” on page 468
•
“config netuser wlan-id” on page 469
config netuser add
config netuser add
To add a user to the local network, use the config netuser add command.
>config netuser add <username> <password> <WLAN ID> [description}
Syntax
config
netuser
add
<username>
320298-A Rev 00
Configure parameters.
Local network user.
Add a user.
Network username of up to 24 alphanumeric
characters.
config netuser delete 467
<password>
<WLAN ID
[description]
User password.
WLAN assigned to the user.
Short optional description
Defaults
(none)
Examples
>config netuser add able1 able1 1
Related Commands
show netuser
config netuser delete
config netuser delete
To delete an existing user from the local network, use the config netuser delete command.
>config netuser delete <username>
Syntax
config
netuser
delete
<username>
Configure parameters.
Local network user.
Add a user.
Network username of up to 24 alphanumeric
characters.
Defaults
(none)
Examples
>config netuser delete able1
Deleted user able1
Related Commands
show netuser
config netuser description
config netuser description
To add a description to an existing net user, use the config netuser description command.
>config netuser description <username> “<description>”
Syntax
config
netuser
description
<username>
“<description>”
Configure parameters.
Local network user of up to 24 alphanumeric
characters.
Add a user description.
Network username.
Net user description, up to 32 alphanumeric
characters, in double quotes.
Nortel 2200 Series Product Guide
468 config netuser maxUserLogin
Defaults
(none)
Examples
>config netuser description able1 “HQ1 Contact”
Related Commands
show netuser
config netuser maxUserLogin
config netuser maxUserLogin
To set the maximum number of simultaneous users using the same login, use the config netuser maxUserLogin
command.
>config netuser maxUserLogin <count>
Syntax
config
netuser
maxUserLogin
<count>
Configure parameters.
Local network user.
Maximum number of simultaneous users
using the same login.
Maximum number of logins under the same
username (0 to 8).
Defaults
Unlimited (0).
Examples
>config netuser maxUserLogin 8
Related Commands
show netuser
config netuser password
config netuser password
To change a local network user password, use the config netuser password command.
>config netuser password <username> <password>
Syntax
config
netuser
password
<username>
<password>
Defaults
(none)
320298-A Rev 00
Configure parameters.
Local network user
Modify the password
Network username of up to 24 alphanumeric
characters.
New user password
config netuser wlan-id 469
Examples
>config netuser password aire1 aire2
Related Commands
show netuser
config netuser wlan-id
config netuser wlan-id
To change a user WLAN ID, use the config netuser wlan-id command.
>config netuser wlan-id <username> <WAN ID>
Syntax
config
netuser
wlan-id
<username>
Configure parameters.
Local network user
Modify the WLAN ID
Network username of up to 24 alphanumeric
characters.
New WLAN assigned to the user
<WLAN ID
Defaults
(none)
Examples
>config netuser wlan-id aire1 2
Related Commands
show netuser, show wlan summary
CONFIG NETWORK COMMANDS
config network
Use the following config network commands:
•
“config network ap-fallback” on page 470
•
“config network apple-talk” on page 470
•
“config network arptimeout” on page 470
•
“config network master-base” on page 471
•
“config network mgmt-via-wireless” on page 471
•
“config network multicast” on page 472
•
“config network otap-mode” on page 472
•
“config network peer-blocking” on page 473
•
“config network rf-mobility-domain” on page 473
•
“config network secureweb” on page 474
•
“config network ssh” on page 474
•
“config network telnet” on page 475
Nortel 2200 Series Product Guide
470 config network ap-fallback
•
“config network usertimeout” on page 475
•
“config network webmode” on page 475
config network ap-fallback
config network ap-fallback
To enable or disable AP fallback, use the config network ap-fallback command.
>config network ap-fallback <enable/disable>
Syntax
config
network
ap-fallback
<enable/disable>
Configure parameters.
WLAN — Security Switch (2270) network
parameter.
AP fallback.
Enable or disable.
Default
Enabled.
Examples
>config network ap-fallback enable
Related Commands
show network
config network apple-talk
config network apple-talk
To enable or disable apple talk, use the config network apple-talk command.
>config network apple-talk <enable/disable>
Syntax
config
network
apple-talk
<enable/disable>
Configure parameters.
WLAN — Security Switch (2270) network
parameter.
Modify Apple-talk
Enable or disable.
Defaults
(None).
Examples
>config network apple-talk enable
Related Commands
show network
config network arptimeout
config network arptimeout
To set the ARP entry timeout value, use the config network arptimeout command.
>config network arptimeout <seconds>
320298-A Rev 00
config network master-base 471
Syntax
config
network
Configure parameters.
WLAN — Security Switch (2270) network
parameter.
Modify the ARP timeout value.
Timeout in seconds.
arptimeout
<seconds>
Defaults
300 with a minimum of 10.
Examples
>config network arptimeout 240
Related Commands
show network
config network master-base
config network master-base
To set the WLAN — Security Switch (2270) as a master, use the config network master-base command. This setting is
only used upon network installation and should be disabled after the initial network configuration.
Because the Master WLAN — Security Switch (2270) is normally not used in a deployed network, the Master WLAN
— Security Switch (2270) setting is automatically disabled upon reboot or Operating System code upgrade.
>config network master-base <enable/disable>
Syntax
config
network
Configure parameters.
WLAN — Security Switch (2270) network
parameter.
Master WLAN — Security Switch (2270).
Enables or disables an WLAN — Security
Switch (2270) acting as an AP default
master.
master-base
<enable/disable>
Defaults
(none)
Examples
>config network master-base
Related Commands
None
config network mgmt-via-wireless
config network mgmt-via-wireless
To enable WLAN — Security Switch (2270) management from an associated wireless client, use the config network
mgmt-via-wireless command. Note that this feature allows wireless clients to manage only the WLAN — Security
Switch (2270) associated with the client AND the associated WLAN — Access Port (223x). That is, clients cannot
manage another WLAN — Security Switch (2270) with which they are not associated.
Nortel 2200 Series Product Guide
472 config network multicast
>config network mgmt-via-wireless [enable/disable]
Syntax
config
network
mgmt-via-wireless
[enable/disable]
Configure parameters.
WLAN — Security Switch (2270) network
parameter.
Management sessions.
Enable or disable.
Defaults
Disabled.
Examples
>config network mgmt-via-wireless enable
Related Commands
show network
config network multicast
config network multicast
To enable or disable the WLAN — Security Switch (2270) multicast feature, use the config network multicast
command.
>config network multicast [enable/disable]
Syntax
config
network
multicast
[enable/disable]
Configure parameters.
Network parameters.
Ethernet multicast mode.
Change the multicast state.
Defaults
Disabled.
Examples
>config network multicast enable
Related Commands
show network
config network otap-mode
config network otap-mode
To enable or disable over-the-air provisioning (OTAP) of WLAN — Access Ports (223x), use the config network
otap-mode command.
>config network otap-mode [enable/disable]
Syntax
config
network
320298-A Rev 00
Configure parameters.
Network parameters.
config network peer-blocking 473
otap-mode
Over-the-air WLAN — Access Port (223x)
provisioning.
Change the OTAP state.
[enable/disable]
Defaults
Enabled.
Examples
>config network otap-mode disable
Related Commands
show network
config network peer-blocking
config network peer-blocking
Disabled allows same-subnet clients to communicate through the WLAN — Security Switch (2270). Enabled (default)
forces same-subnet clients to communicate through a higher-level router. To enable or disable peer blocking, use the
config network peer-blocking command.
>config network peer-blocking [enable/disable]
Syntax
config
network
peer-blocking
[enable/disable]
Configure parameters.
Network parameters.
Peer communications requirement.
Change the peer-blocking state.
Defaults
Disabled.
Examples
>config network peer-blocking enable
Related Commands
show network
config network rf-mobility-domain
config network rf-mobility-domain
To set the RF mobility group domain name, use the config network rf-mobility-domain command.
>config network rf-mobility-domain <domain_name>
Syntax
config
network
rf-mobility-domain
<domain_name>
Configure parameters.
WLAN — Security Switch (2270) network
parameter.
Mobility group domain.
Mobility group name, an ASCII string of up
to 31 characters (case-sensitive).
Nortel 2200 Series Product Guide
474 config network secureweb
Defaults
(none)
Examples
>config network rf-mobility-domain travelers_group
Related Commands
show network
config network secureweb
config network secureweb
To change the state of the secure web (https = http + SSL) interface, use the config network secureweb command.
>config network secureweb [enable/disable]
Syntax
config
network
secureweb
[enable/disable]
Configure parameters.
Network parameters.
Secure WLAN Security Switch Web Interface.
Change the interface state.
Defaults
Enabled.
Examples
>config network secureweb enable
Related Commands
show network
config network ssh
config network ssh
To change the state of Secure Shell sessions, use the config network ssh command.
>config network ssh [enable/disable]
Syntax
config
network
ssh
[enable/disable]
Configure parameters.
Network parameters.
Secure Shell sessions
Change the state of the SSH session.
Defaults
Enabled.
Examples
>config network ssh enable
Related Commands
show network
320298-A Rev 00
config network telnet 475
config network telnet
config network telnet
To change the state of telnet sessions, use the config network telnet command.
>config network telnet [enable/disable]
Syntax
config
network
telnet
[enable/disable]
Configure parameters.
Network parameters.
Telnet sessions.
Change the state of the telnet session.
Defaults
Disabled.
Examples
>config network telnet enable
Related Commands
show network
config network usertimeout
config network usertimeout
To change the timeout for idle client sessions, use the config network usertimeout command. Use this command to set
the idle client session duration on the WLAN — Security Switch (2270). The minimum duration is 10 seconds.
>config network usertimeout <seconds>
Syntax
config
network
usertimeout
<seconds>
Configure parameters.
Network parameters.
Timeout for sessions.
Duration in seconds.
Defaults
300, minimum is 10.
Examples
>config network usertimeout 1200
Related Commands
show network
config network webmode
config network webmode
To enable or disable web access, use the config network webmode command.
>config network webmode [enable/disable]
Syntax
config
network
Configure parameters.
Network parameters.
Nortel 2200 Series Product Guide
476 config network webmode
webmode
[enable/disable]
WLAN Security Switch Web Interface.
Change the interface state.
Defaults
Enabled.
Examples
>config network webmode disable
Related Commands
show network
config network webmode
config network webmode
To enable or disable web access, use the config network webmode command.
>config network webmode [enable/disable]
Syntax
config
network
webmode
[enable/disable]
Configure parameters.
Network parameters.
WLAN Security Switch Web Interface.
Change the interface state.
Defaults
Enabled.
Examples
>config network webmode disable
Related Commands
show network
CONFIG PORT COMMANDS
config port
Use the following config port commands:
•
“config port adminmode” on page 476
•
“config port autoneg” on page 477
•
“config port linktrap” on page 478
•
“config port multicast” on page 478
•
“config port physicalmode” on page 479
•
“config port power” on page 479
config port adminmode
config port adminmode
To configure the administration mode of a single port or all WLAN — Security Switch (2270) ports, use the config port
adminmode command.
320298-A Rev 00
config port autoneg 477
>config port adminmode [<port>/all] [enable/disable]
Syntax
config
port
adminmode
[<port>/all]
[enable/disable]
Configure parameters.
Port parameters
Administrative mode
Individual port number or all ports
Port state
Default
Enabled
Examples
To disable port 8:
>config port adminmode 8 disable
To enable all ports:
>config port adminmode all enable
Related Commands
show port
config port autoneg
config port autoneg
To configure 10/100BASE-T Ethernet ports for physical port autonegotiation, use the config port autoneg command.
Note that port autoconfiguration must be disabled before you make physical mode manual settings using the config port
physicalmode command. Also note that the config port autoneg command overrides settings made using the config port
physicalmode command.
>config port autoneg [<port>/all] [enable/disable]
Syntax
config
port
<port>
all
enable
disable
Configure parameters.
10/100BASE-T Ethernet.
Physical port number.
All Ports.
Turn autonegotiation on.
Turn autonegotiation off.
Defaults
All Ports = autonegotiation enabled.
Examples
>config port autoneg all enable
to turn on physical port autonegotiation for all front-panel Ethernet ports.
>config port autoneg 19 disable
to disable physical port autonegotiation for front-panel Ethernet port 19.
Nortel 2200 Series Product Guide
478 config port linktrap
Related Commands
show port, config port physicalmode
config port linktrap
config port linktrap
To change trap settings for link status alert for a single port or all WLAN — Security Switch (2270) ports, use the config
port linktrap command.
>config port linktrap [<port>/all] [enable/disable]
Syntax
config
port
linktrap
[<port>/all]
[enable/disable]
Configure parameters.
Port parameters.
Link status alert.
Individual port number or all ports.
Port state.
Default
Enabled.
Examples
To disable port 8 traps:
>config port linktrap 8 disable
To enable all port traps:
>config port linktrap all enable
Related Commands
show port
config port multicast
config port multicast
To change the multicast appliance service for a single port or all WLAN — Security Switch (2270) ports, use the config
port multicast command.
>config port multicast vlan [<port>/all] [enable/disable]
Syntax
config
port
multicast
vlan
[<port>/all]
[enable/disable]
Configure parameters.
Port parameters.
Multicast appliance.
Vlan
Individual port number or all ports.
Port state.
Default
Enabled.
Example
To enable all port traps:
>config port multicast vlan all enable
320298-A Rev 00
config port physicalmode 479
Related Commands
show port
config port physicalmode
config port physicalmode
To set any or all front-panel 10/100BASE-T Ethernet ports for dedicated 10 Mbps or 100 Mbps, Half or Full Duplex
operation, use the config port physicalmode command.
Note that you must disable autonegotiation using the config port autoneg command before manually configuring any
port's physical mode. Also note that the config port autoneg command overrides settings made using the config port
physicalmode command.
>config port physicalmode [<port>/all] [enable/disable] [100h/100f/
10h/10f]
Syntax
config
port
physicalmode
[<port>/all]
[enable/disable]
[100h/100f/10h/10f]
Configure parameters.
Port parameters.
Port physical mode.
Individual port number or all ports
Port state
o 100h = 100 Mbps/Half Duplex operation
o 100f = 100 Mbps/Full Duplex operation
o 10h = 10 Mbps/Half Duplex operation
o 10f = 10 Mbps/Full Duplex operation
Defaults
All Ports are set to auto negotiate.
Examples
To set all ports to 100 Mbps/Full Duplex operation:
>config port physicalmode all 100f
To set port 20 to 100 Mbps/Half Duplex operation:
>config port physicalmode 20 100h
To set port 21 to 10 Mbps/Full Duplex operation:
>config port physicalmode 21 10f
To set port 22 to 10 Mbps/Half Duplex operation:
>config port physicalmode 22 10h
Related Commands
config port autoneg, show port
config port power
config port power
To change Power over Ethernet (PoE) settings for a single port or all WLAN — Security Switch (2270) ports, use the
config port power command. NOT ALL APs are PoE (802.3af) compatible! If you are using Third-Party access points,
Nortel 2200 Series Product Guide
480 config prompt
refer to your user documentation to determine compatibility. Enabling PoE to non-compatible APs can result in severe
equipment damage including fire!
>config port power [<port>/all] [enable/disable]
Syntax
config
port
power
[<port>/all]
[enable/disable]
Configure parameters.
Port parameters
PoE mode
Individual port number or all ports
Port state
Default
Enabled
Examples
To disable PoE on port 8:
>config port power 8 disable
To enable PoE on all ports:
>config port power all enable
Related Commands
show port
config prompt
config prompt
To change the CLI system prompt, use the config prompt command.
This command can be used any time the CLI interface is active.
>config prompt <system prompt>
Because the system prompt is a user-defined variable, it is omitted from the rest of this documentation.
Syntax
config
prompt
<system prompt>
Configure parameters.
CLI system prompt, up to 31 alphanumeric
characters.
New CLI system prompt, in double quotes.
Defaults
The system prompt is configured using the startup wizard.
Examples
(old CLI prompt >config prompt “Type here”
Type here>
Related Commands
(none)
320298-A Rev 00
config qos queue_length 481
config qos queue_length
config qos queue_length
To configure the Quality of Service parameter, use the config qos command.
>config qos queue_length [bronze/silver/gold/platinum] <length>
Syntax
config qos
queue_length
bronze/silver/gold/
<length>
Command action.
Configure QoS queue length.
Level of quality of service: Background, Best
Effort,
Queue length.
Defaults
N/A
Examples
>config qos queue_length gold 12
Related Commands
show qos queue_length all
CONFIG RADIUS ACCT COMMANDS
config radius acct
Use the following config radius acct commands:
•
“config radius acct add” on page 481
•
“config radius acct delete” on page 482
•
“config radius acct disable” on page 482
•
“config radius acct enable” on page 483
config radius acct add
config radius acct add
To configure a RADIUS accounting server for the WLAN — Security Switch (2270), use the config radius acct add
command.
>config radius acct add <index> <IP addr> <port> <ascii/hex> <secret>
Syntax
config
radius acct
add
<index>
<IP addr>
<port>
<ascii/hex>
<secret>
Configure parameters.
RADIUS accounting server.
Add a RADIUS server.
Priority index (WLAN — Security Switch
(2270) begins search with 1).
IP Address.
Port number for the interface protocols.
ASCII or Hex
Login password.
Nortel 2200 Series Product Guide
482 config radius acct delete
Defaults
When added the port number defaults to 1813 and state is enabled.
Examples
>config radius acct add 1 10.10.10.10 1813 ascii admin
to configure a priority 1 RADIUS server at 10.10.10.10 using port 1813 with a login
password of admin.
Related Commands
show radius acct statistics
config radius acct delete
config radius acct delete
To delete a RADIUS accounting server for the WLAN — Security Switch (2270), use the config radius acct delete
command.
>config radius acct add <index>
Syntax
config
radius acct
delete
<index>
Configure parameters.
RADIUS accounting server.
Remove a RADIUS server.
Priority index.
Defaults
(none)
Examples
>config radius acct delete 1
Related Commands
show radius acct statistics
config radius acct disable
config radius acct disable
To disable a RADIUS accounting server for the WLAN — Security Switch (2270), use the config radius acct disable
command.
>config radius acct disable <index>
Syntax
config
radius acct
disable
<index>
Configure parameters.
RADIUS accounting server.
Disable a RADIUS server.
Priority index.
Defaults
(none)
Examples
>config radius acct disable 1
320298-A Rev 00
config radius acct enable 483
Related Commands
show radius acct statistics
config radius acct enable
config radius acct enable
To enable a RADIUS accounting server for the WLAN — Security Switch (2270), use the config radius acct enable
command.
>config radius acct enable <index>
Syntax
config
radius acct
enable
<index>
Configure parameters.
RADIUS accounting server.
Enable a RADIUS server.
Priority index.
Defaults
(none)
Examples
>config radius acct enable 1
Related Commands
show radius acct statistics
CONFIG RADIUS AUTH COMMANDS
config radius auth
Use the following config radius auth commands:
•
“config radius auth add” on page 483
•
“config radius auth delete” on page 484
•
“config radius auth disable” on page 484
•
“config radius auth enable” on page 485
config radius auth add
config radius auth add
To configure a RADIUS authentication server for the WLAN — Security Switch (2270), use the config radius auth add
command.
>config radius auth add <index> <IP addr> <port> <ascii/hex> <secret>
Syntax
config
radius auth
add
<index>
<IP addr>
<port>
<ascii/hex>
Configure parameters.
RADIUS authentication server.
Add a RADIUS server.
Priority index (WLAN — Security Switch
(2270) begins search with 1).
IP Address.
Port number for the interface protocols.
ASCII or Hex.
Nortel 2200 Series Product Guide
484 config radius auth delete
<secret>
Login password.
Defaults
When added the port number defaults to 1812 and state is enabled.
Examples
>config radius auth add 1 10.10.10.10 1812 ascii admin
to configure a priority 1 RADIUS server at 10.10.10.10 using port 1812 with a login
password of admin.
Related Commands
show radius auth statistics
config radius auth delete
config radius auth delete
To delete a RADIUS authentication server for the WLAN — Security Switch (2270), use the config radius auth delete
command.
>config radius auth add <index>
Syntax
config
radius auth
delete
<index>
Configure parameters.
RADIUS authentication server.
Remove a RADIUS server.
Priority index.
Defaults
(none)
Examples
>config radius auth delete 1
Related Commands
show radius auth statistics
config radius auth disable
config radius auth disable
To disable a RADIUS authentication server for the WLAN — Security Switch (2270), use the config radius auth disable
command.
>config radius auth disable <index>
Syntax
config
radius auth
disable
<index>
Defaults
(none)
320298-A Rev 00
Configure parameters.
RADIUS authentication server.
Disable a RADIUS server.
Priority index.
config radius auth enable 485
Examples
>config radius auth disable 1
Related Commands
show radius auth statistics
config radius auth enable
config radius auth enable
To enable a RADIUS authentication server for the WLAN — Security Switch (2270), use the config radius auth enable
command.
>config radius acct enable <index>
Syntax
config
radius auth
enable
<index>
Configure parameters.
RADIUS authentication server.
Enable a RADIUS server.
Priority index.
Defaults
(none)
Examples
>config radius auth enable 1
Related Commands
show radius auth statistics
config radius backward compatibility
config radius backward compatibility
To enable RADIUS backward compatibility for the WLAN — Security Switch (2270), use the config radius backward
command.
>config radius backward compatibility [enable/disable]
Syntax
config
radius backward
compatibility
[enable/disable]
Configure parameters.
RADIUS authentication server.
Backward compatibility state.
Defaults
Enabled.
Examples
>config radius backward compatibility disable
Related Commands
show radius summary
Nortel 2200 Series Product Guide
486 config radius callStationIdType
config radius callStationIdType
config radius callStationIdType
To enable callStationIdType for the WLAN — Security Switch (2270), use the config radius callStationIdType
command. This command uses the selected calling station ID for communications with RADIUS servers and other
applications.
>config radius callStationIdType {ipAddr/macAddr/ap-macAddr}
Syntax
config
callStationIdType
ipAddr
macAddr
ap-macAddr
Configure parameters.
WLAN — Security Switch (2270) IP address.
WLAN — Security Switch (2270) MAC
address.
WLAN — Access Port (223x) or WLAN —
Access Port (2232) MAC address.
Defaults
Enabled.
Examples
>config radius callStationIdType ipAddr (Layer 3 Only)
>config radius callStationIdType macAddr (Layers 2 and/or 3)
>config radius callStationIdType ap-macAddr (Layers 2 and/
or 3)
Related Commands
show radius summary
config rogue ap
config rogue ap
To configure the status of a rogue access point, use the config rogue ap command.
>config rogue ap <acknowledged/alarm/known> <MAC address> <num of APs>
Syntax
config
rogue ap
acknowledged
alarm
known
<MAC address>
<num of APs>
Defaults
(none)
320298-A Rev 00
Configure parameters.
Rogue AP status.
This AP has been identified and belongs to an
external network.
This AP has not been identified. Generates a
trap upon detection of this access point.
This AP has been identified and is part of an
internal network.
MAC address of the AP.
Number of APs.
config rogue adhoc 487
Example
>config rogue ap acknowledge 11:11:11:11:11:11
Related Commands
show rogue ap summary, show rogue ap detailed, config rogue ap
config rogue adhoc
config rogue adhoc
To configure the status of an adhoc rogue access point (IBSS), use the config rogue adhoc command.
>config rogue adhoc <acknowledged/alarm/known/contain> <MAC address>
<num of APs>
Syntax
config
rogue adhoc
acknowledged
alarm
known
contain
<MAC address>
<num of APs>
Configure parameters.
Adhoc Rogue AP.
This AP has been identified and belongs to an
external network.
This AP has not been identified. Generates a
trap upon detection of this access point.
Information known about this AP
Start containing an adhoc rogue access
point.
MAC address of the adhoc rogue.
Number of APs.
Defaults
(none)
Example
>config rogue adhoc acknowledge 11:11:11:11:11:11
Related Commands
show rogue adhoc summary, show rogue adhoc detailed, config adhoc rogue
config rogue client
config rogue client
To configure rogue clients, use the config rogue client command.
>config rogue client <alert/contain> <MAC address> <num of APs>
Syntax
config
rogue client
alert
contain
<MAC address>
<num of APs>
Configure parameters.
Rogue client status.
This client has not been identified. Generates
a trap upon detection of this access point.
Start containing a rogue access point.
MAC address of the AP.
Number of APs.
Nortel 2200 Series Product Guide
488 CONFIG ROUTE COMMANDS
Defaults
(none)
Example
>config rogue client acknowledge 11:11:11:11:11:11 5
Related Commands
show rogue client summary, show rogue client detailed, config rogue client
CONFIG ROUTE COMMANDS
config route
Use the following config route commands:
•
“config route add” on page 488
•
“config route delete” on page 488
config route add
config route add
To configure a network route from the Service Port to a dedicated workstation IP address range, use the config route add
command.
>config route add <Network IP address> <IP netmask> <gateway>
Syntax
config
route
add
<Network IP Address>
<IP netmask>
<gateway>
Configure parameters.
Network route.
Add a route.
Destination network IP Address range.
Destination subnet mask.
IP Address of the Service Port gateway
router.
Defaults
(none)
Examples
>config route add 10.1.1.0 255.255.255.0 10.1.1.1
Related Commands
show route summary, config route delete
config route delete
config route delete
To remove a network route from the Service Port, use the config route delete command.
>config route delete <Network IP address>
Syntax
config
route
delete
320298-A Rev 00
Configure parameters.
Network route.
Delete a route.
CONFIG SERIAL COMMANDS 489
<Network IP Address>
Destination network IP Address range.
Defaults
(none)
Examples
>config route delete 10.1.1.0
Related Commands
show route all, config route add
CONFIG SERIAL COMMANDS
config serial
Use the following config serial commands:
•
“config serial baudrate” on page 489
•
“config serial timeout” on page 489
config serial baudrate
config serial baudrate
To set the serial baud rate, use the config serial baudrate command.
>config serial [1200/2400/4800/9600/19200/38400/57600/115200]
Syntax
config
Configure parameters.
serial
Serial connection settings.
[1200/2400/4800/9600/ Connection speed.
19200/38400/57600/
115200]
Defaults
9600.
Examples
>config serial baudrate 9600
Related Commands
config serial timeout
config serial timeout
config serial timeout
To set the timeout of a serial session, use the config serial timeout command.
Use this command to set the timeout for a serial connection to the front of the WLAN — Security Switch (2270) from 0
to 160 minutes where 0 is no timeout.
>config serial timeout <minutes>
Syntax
config
serial
Configure parameters.
Serial connection settings.
Nortel 2200 Series Product Guide
490 CONFIG SESSIONS COMMANDS
timeout
<minutes>
Connection duration.
Timeout in minutes from 0 to 160.
Defaults
0 (no timeout).
Examples
>config serial timeout 10
Related Commands
config serial timeout
CONFIG SESSIONS COMMANDS
config sessions
Use the following config sessions commands:
•
“config sessions maxsessions” on page 490
•
“config sessions timeout” on page 490
config sessions maxsessions
config sessions maxsessions
To configure the number of telnet CLI sessions allowed by the WLAN — Security Switch (2270), use the config
sessions maxsessions command. Up to five sessions are possible while a setting of zero prohibits any telnet CLI
sessions.
>config sessions maxsessions <0-5>
Syntax
config
sessions
maxsessions
<0-5>
Configure parameters.
Telnet CLI session parameters.
Number of allowed CLI sessions.
Number of sessions from 0 to 5.
Defaults
5.
Examples
>config sessions maxsessions 2
Related Commands
show sessions
config sessions timeout
config sessions timeout
To configure the inactivity timeout for telnet CLI sessions, use the config sessions timeout command.
>config sessions timeout <0-160>
Syntax
config
sessions
320298-A Rev 00
Configure parameters.
Telnet CLI session parameters.
CONFIG SNMP COMMUNITY COMMANDS 491
timeout
<0-160>
Duration of CLI sessions.
Timeout of telnet session in minutes.
Defaults
5.
Examples
>config sessions timeout 20
Related Commands
show sessions
CONFIG SNMP COMMUNITY COMMANDS
config snmp community
Use the following config snmp community commands:
•
“config snmp community accessmode” on page 491
•
“config snmp community create” on page 492
•
“config snmp community delete” on page 492
•
“config snmp community ipaddr” on page 493
•
“config snmp community mode” on page 493
config snmp community accessmode
config snmp community accessmode
To modify the access mode (Read only or Read/Write) of an SNMP community, use the config snmp community accessmode command.
>config snmp community accessmode [ro/rw] <name>
Syntax
config
snmp
community
accessmode
ro/rw
<name>
Configure parameters.
SNMP parameters.
SNMP community parameters.
Access privileges.
Read only or Read/Write.
Community name.
Defaults
Two communities are provided by default with the following parameters:
SNMP Community Name Client IP Address Client IP
Mask
Access Mode Status
------------------- ----------------- -------------------------- -----public
0.0.0.0
0.0.0.0
Read
Only
Enable
private
0.0.0.0
0.0.0.0
Read/
Write Enable
Nortel 2200 Series Product Guide
492 config snmp community create
Examples
>config snmp community accessmode rw private
Related Commands
show snmp community, config snmp community mode, config snmp community create,
config snmp community delete, config snmp community ipaddr
config snmp community create
config snmp community create
To create a new SNMP community, use the config snmp community create command. Use this command to create a new
community with the following default configuration:
name
0.0.0.0
0.0.0.0
Read Only
Disable
>config snmp community create <name>
Syntax
config
snmp
community
create
<name>
Configure parameters.
SNMP parameters.
SNMP community parameters.
Create a new community.
Community name of up to 16 characters.
Defaults
(none)
Examples
>config snmp community create test
Related Commands
show snmp community, config snmp community mode, config snmp community accessmode, config snmp community delete, config snmp community ipaddr
config snmp community delete
config snmp community delete
To delete an SNMP community, use the config snmp community delete command.
>config snmp community delete <name>
Syntax
config
snmp
community
delete
<name>
Configure parameters.
SNMP parameters.
SNMP community parameters.
Delete a new community.
Community name.
Defaults
N/A
Examples
>config snmp community delete test
320298-A Rev 00
config snmp community ipaddr 493
Related Commands
show snmp community, config snmp community mode, config snmp community accessmode, config snmp community create, config snmp community ipaddr
config snmp community ipaddr
config snmp community ipaddr
To modify the IP Address of an SNMP community, use the config snmp community ipaddr command.
>config snmp community ipaddr <ipaddr> <ipmask> <name>
Syntax
config
snmp
community
ipaddr
<ipaddr>
<ipmask>
<name>
Configure parameters.
SNMP parameters.
SNMP community parameters.
Set IP Address parameters.
IP Address.
Subnet mask.
Community name.
Defaults
(none)
Examples
>config snmp community ipaddr 10.10.10.10.2 255.255.255.0
public
Related Commands
show snmp community, config snmp community mode, config snmp community accessmode, config snmp community create, config snmp community delete, config snmp
community ipaddr
config snmp community mode
config snmp community mode
To enable or disable an SNMP community, use the config snmp community mode command.
>config snmp community mode <enable/disable> <name>
Syntax
config snmp community
mode
<enable/disable>
<name>
Configure SNMP community parameters.
Change the state.
Enable or disable the community.
Community name.
Defaults
(none)
Examples
>config snmp community mode disable public
Nortel 2200 Series Product Guide
494 config snmp syscontact
Related Commands
show snmp community, config snmp community accessmode, config snmp community
create, config snmp community delete, config snmp community ipaddr
config snmp syscontact
config snmp syscontact
To set the SNMP system contact name, use the config snmp syscontact command.
>config snmp syscontact <contact>
Syntax
config
snmp
syscontact
<contact>
Configure parameters.
SNMP parameters.
System contact.
Name (Up to 31 alphanumeric characters).
Defaults
(none)
Examples
>config snmp syscontact Nortel_administrator
Related Commands
show snmpcommunity
config snmp syslocation
config snmp syslocation
To set the SNMP system location name, use the config snmp syslocation command.
>config snmp syslocation <location>
Syntax
config
snmp
syslocation
<location>
Configure parameters.
SNMP parameters.
System location.
Name (Up to 31 alphanumeric characters).
Defaults
(none)
Examples
>config snmp syslocation Building_2a
Related Commands
show snmpcommunity
CONFIG SNMP TRAPRECEIVER COMMANDS
config snmp trapreceiver
Use the following config snmp trapreceiver commands:
•
“config snmp trapreceiver create” on page 495
•
“config snmp trapreceiver delete” on page 495
320298-A Rev 00
config snmp trapreceiver create 495
•
“config snmp trapreceiver mode” on page 496
config snmp trapreceiver create
config snmp trapreceiver create
To add server to receive a SNMP traps, use the config snmp trapreceiver create command. The IP Address must be valid
for the command to add the new server.
>config snmp trapreceiver create <name> <ipaddr>
Syntax
config
snmp
trapreceiver
create
<name>
<ipaddr>
Configure parameters.
SNMP parameters.
SNMP trap server parameters.
Create a new server.
Server name.
Server IP Address.
Defaults
(none)
Examples
>config snmp trapreceiver create test 10.1.1.1
Related Commands
show snmp trap
config snmp trapreceiver delete
config snmp trapreceiver delete
To delete a server from the trap receiver list, use the config snmp trapreceiver delete command.
>config snmp trapreceiver delete <name>
Syntax
config
snmp
trapreceiver
delete
<name>
Configure parameters.
SNMP parameters.
Server to receive traps.
Remove a server.
Server name
Defaults
(none)
Examples
>config snmp trapreceiver delete test
Related Commands
show snmp trap
Nortel 2200 Series Product Guide
496 config snmp trapreceiver mode
config snmp trapreceiver mode
config snmp trapreceiver mode
To send or disable sending traps to a selected server, use the config snmp trapreceiver mode command. This enables or
disables the WLAN — Security Switch (2270) from sending the traps to the selected server.
>config snmp trapreceiver mode <enable/disable> <name>
Syntax
config
snmp
trapreceiver
mode
<enable/disable>
<name>
Configure parameters.
SNMP parameters.
Server to receive traps.
Change the state.
Enable or disable.
Server name.
Defaults
(none)
Examples
>config snmp trapreceiver mode disable server1
Related Commands
show snmp trap
CONFIG SNMP V3USER COMMANDS
config snmp v3user
Use the following config snmp v3user commands:
•
“config snmp v3user create” on page 496
•
“config snmp v3user delete” on page 497
config snmp v3user create
config snmp v3user create
To add a version 3 SNMP user, use the config snmp v3user create command.
>config snmp v3user <username> [rw/ro] [none/hmacmd5/hmacsha] [none/
des] <authkey> <encrypkey>
Syntax
config
Configure parameters.
snmp
SNMP parameters.
v3user
Version 3 SNMP.
<username>
New user name.
[rw/ro]
Read/write or read/only user privileges.
[none/hmacmd5/hmacsha]Authentication protocol.
[none/des]
Encryption protocol.
<authkey>
Authentication key, if enabled.
<encrypkey>
Encryption key, if enabled.
Defaults
SNMP v3 User Name
320298-A Rev 00
AccessMode
Authentication Encryption
config snmp v3user delete 497
-------------------- ----------- -------------- ---------default
Read/Write HMAC-MD5
CBC-DES
Examples
>config snmp v3user test ro 3
to add an SNMP username test with read-only privileges and no encryption or
authentication.
Related Commands
show snmp v3user
config snmp v3user delete
config snmp v3user delete
To delete a version 3 SNMP user, use the config snmp v3user delete command.
>config snmp v3user delete <username>
Syntax
config
snmp
v3user
delete
<username>
Configure parameters.
SNMP parameters.
Version 3 SNMP.
Remove user.
Username to delete.
Defaults
SNMP v3 User Name
AccessMode Authentication Encryption
-------------------- ----------- -------------- ---------default
Read/Write HMAC-MD5
CBC-DES
Examples
>config snmp v3user delete test
This will remove an SNMP user named test.
Related Commands
show snmp v3user
config snmp version
config snmp version
To enable or disable selected SNMP versions, use the config snmp version command.
>config snmp version <v1/v2/v3> <enable/disable>
Syntax
config
snmp
version
<v1/v2/v3>
<enable/disable>
Configure parameters.
SNMP parameters.
Duration of CLI sessions.
SNMP version to enable or disable
Enable or disable specified version
Defaults
All versions enabled
Nortel 2200 Series Product Guide
498 CONFIG SPANNINGTREE PORT COMMANDS
Examples
>config sessions timeout 20
Related Commands
show snmpversion
CONFIG SPANNINGTREE PORT COMMANDS
config spanning tree port
Use the following config spanningtree port commands:
•
“config spanningtree port mode” on page 498
•
“config spanningtree port pathcost” on page 499
•
“config spanningtree port priority” on page 499
config spanningtree port mode
config spanningtree port mode
To turn fast or 802.1D Spanning Tree Protocol on or off for one or all WLAN — Security Switch (2270) ports, use the
config spanningtree port mode command.
Note that you must disable WLAN — Security Switch (2270) STP using the config spanningtree switch mode
command, select STP mode for all Ethernet ports using this command, and then enable WLAN — Security Switch
(2270) STP using the config spanningtree switch mode command. This procedure allows the WLAN — Security Switch
(2270) to most efficiently set up STP, detect logical network loops, place redundant ports on standby, and build a
network with the most efficient pathways.
>config spanningtree port mode [off/802.1d/fast] [<port>/all]
Syntax
config
spanningtree
port
mode
[off/802.1d/fast]
[<port>/all]
Configure parameters.
Spanning Tree Protocol.
WLAN — Security Switch (2270) Ethernet
port.
STP mode.
STP off/802.1D/fast.
Port 1 through 12 or 1 through 24, or all
ports.
Defaults
Port STP = off.
Examples
>config spanningtree port mode off all
to disable STP for all Ethernet ports.
>config spanningtree port mode 802.1d 24
to turn on STP 802.1D mode for Ethernet port 24.
>config spanningtree port mode fast 2
to turn on fast STP mode for Ethernet port 2.
320298-A Rev 00
config spanningtree port pathcost 499
Related Commands
show spanningtree port, config spanningtree switch mode, config spanningtree port pathcost, config spanningtree port priority
config spanningtree port pathcost
config spanningtree port pathcost
To set the STP path cost for an Ethernet port, use the config spanningtree port pathcost command.
>config spanningtree port pathcost [1-65535/auto] [<port>/all]
Syntax
config
spanningtree
port
Configure parameters.
Spanning Tree Protocol.
WLAN — Security Switch (2270) Ethernet
port.
STP path cost.
Port pathcost, as determined by the network
planner, or auto (default)
Port 1 through 12 or 1 through 24, or all
ports.
pathcost
[1-65535/auto]
[<port>/all]
Defaults
Pathcost = Automatic.
Examples
>config spanningtree port pathcost auto all
to have the STP algorithm automatically assign a path cost for all ports.
>config spanningtree port pathcost 200 22
to have the STP algorithm use a port cost of 200 for port 22.
Related Commands
show spanningtree port, config spanningtree port mode, config spanningtree port priority
config spanningtree port priority
config spanningtree port priority
To configure the STP port priority, use the >config spanningtree port priority command.
>config spanningtree port priority [0-255] <port>
Syntax
config
spanningtree
port
priority [0-255]
<port>
Configure parameters.
Spanning Tree Protocol.
WLAN — Security Switch (2270) Ethernet
port.
STP priority, 0 through 255.
Port 1 through 12 or 1 through 24.
Defaults
STP Priority = 128.
Nortel 2200 Series Product Guide
500 CONFIG SPANNINGTREE SWITCH COMMANDS
Examples
>config spanningtree port priority 100 2
to set Ethernet port 2 to STP priority 100.
Related Commands
show spanningtree port, config spanningtree switch mode, config spanningtree port mode,
config spanningtree port pathcost
CONFIG SPANNINGTREE SWITCH COMMANDS
config spanningtree switch
Use the following config spanningtree switch commands:
•
“config spanningtree switch bridgepriority” on page 500
•
“config spanningtree switch forwarddelay” on page 500
•
“config spanningtree switch hellotime” on page 501
•
“config spanningtree switch maxage” on page 501
•
“config spanningtree switch mode” on page 502
config spanningtree switch bridgepriority
config spanningtree switch bridgepriority
To set the bridge ID, use the config spanningtree switch bridgepriority command. The value of the writable portion of
the Bridge ID, that is, the first two octets of the (8 octet long) Bridge ID. The other (last) 6 octets of the Bridge ID are
given by the value of Bridge MAC Address. The value may be specified as a number between 0 and 65535.
>config spanningtree switch bridgepriority [0-65535]
Syntax
config
spanningtree
switch
bridgepriority
[0-65535]
Configure parameters.
Spanning Tree Protocol.
WLAN — Security Switch (2270).
Bridge ID.
Decimal number range.
Defaults
The factory default is 32768.
Examples
>config spanningtree switch bridgepriority 40230
Related Commands
show spanningtree switch, config spanningtree switch forwarddelay, config spanningtree
switch hellotime, config spanningtree switch maxage, config spanningtree switch mode
config spanningtree switch forwarddelay
config spanningtree switch forwarddelay
To set the bridge timeout, use the config spanningtree switch forwarddelay command.
The value that all bridges use for ForwardDelay when this bridge is acting as the root. Note that 802.1D-1990 specifies
that the range for this parameter is related to the value of Stp Bridge Maximum Age. The granularity of this timer is
320298-A Rev 00
config spanningtree switch hellotime 501
specified by 802.1D-1990 to be 1 second. An agent may return a badValue error if a set is attempted to a value which is
not a whole number of seconds. The Factory default is 15. Valid values are 4 through 30 seconds.
>config spanningtree switch forwarddelay [4-30]
Syntax
config
spanningtree
switch
forwarddelay
[4-30]
Configure parameters.
Spanning Tree Protocol.
WLAN — Security Switch (2270).
Forward delay setting.
Range in seconds.
Defaults
The factory default is 15.
Examples
>config spanningtree switch forwarddelay 20
Related Commands
show spanningtree switch, config spanningtree switch bridgepriority, config spanningtree
switch hellotime, config spanningtree switch maxage, config spanningtree switch mode
config spanningtree switch hellotime
config spanningtree switch hellotime
To set the hello time, use the config spanningtree switch hellotime command.
This is the value all bridges use for HelloTime when this bridge is acting as the root. The granularity of this timer is
specified by 802.1D- 1990 to be 1 second. Valid values are 1 through 10 seconds.
>config spanningtree switch hellotime [1 -10]
Syntax
config
spanningtree
switch
hellotime
[1-10]
Configure parameters.
Spanning Tree Protocol.
WLAN — Security Switch (2270).
Hello time setting.
Range in seconds.
Defaults
The factory default is 15.
Examples
>config spanningtree switch hellotime 4
Related Commands
show spanningtree switch, spanningtree switch bridgepriority, config spanningtree switch
forwarddelay, config spanningtree switch maxage, config spanningtree switch mode
config spanningtree switch maxage
config spanningtree switch maxage
To set the maximum age, use the config spanningtree switch maxage command.
Nortel 2200 Series Product Guide
502 config spanningtree switch mode
This is the value all bridges use for MaxAge when this bridge is acting as the root. Note that 802.1D-1990 specifies that
the range for this parameter is related to the value of Stp Bridge Hello Time. The granularity of this timer is specified by
802.1D-1990 to be 1 second. Valid values are 6 through 40 seconds.
>config spanningtree switch maxage [6-40]
Syntax
config
spanningtree
switch
maxage
[6-40]
Configure parameters.
Spanning Tree Protocol.
WLAN — Security Switch (2270).
Forward delay setting.
Range in seconds.
Defaults
The factory default is 20.
Examples
>config spanningtree switch maxage 30
Related Commands
show spanningtree switch, config spanningtree switch bridgepriority, config spanningtree
switch forwarddelay, config spanningtree switch hellotime, config spanningtree switch
mode
config spanningtree switch mode
config spanningtree switch mode
To turn WLAN — Security Switch (2270) Spanning Tree Protocol on or off, use the config spanningtree switch mode
command.
Note that you must disable the WLAN — Security Switch (2270) STP using this command, select STP mode for all
Ethernet ports using the config spanningtree port mode command, and then enable the WLAN — Security Switch
(2270) STP using this command. This procedure allows the WLAN — Security Switch (2270) to most efficiently set up
STP, detect logical network loops, place redundant ports on standby, and build a network with the most efficient
pathways.
>config spanningtree switch mode [enable/disable]
Syntax
config
spanningtree
switch
mode
[enable/disable]
Configure parameters.
Spanning Tree Protocol.
WLAN — Security Switch (2270).
STP mode.
Turn on/off.
Defaults
STP = Disabled.
Examples
>config spanningtree switch mode enable
to support STP on all WLAN — Security Switch (2270) Ports.
320298-A Rev 00
CONFIG SWITCHCONFIG COMMANDS 503
Related Commands
show spanningtree switch, config spanningtree switch bridgepriority, config spanningtree
switch forwarddelay, config spanningtree switch hellotime, config spanningtree switch
maxage, config spanningtree port mode
CONFIG SWITCHCONFIG COMMANDS
config switchconfig
Use the following config switchconfig commands:
•
“config switchconfig flowcontrol” on page 503
•
“config switchconfig mode” on page 503
config switchconfig flowcontrol
config switchconfig flowcontrol
To enable or disable 802.3x flow control, use the config switchconfig flowcontrol command.
>config switchconfig flowcontrol [enable/disable]
Syntax
config
switchconfig
flowcontrol
[enable/disable]
Configure parameters.
WLAN — Security Switch (2270) parameters.
Flow control.
Turn on/off.
Defaults
Disabled
Examples
>config switchconfig flowcontrol enable
Related Commands
show switchconfig
config switchconfig mode
config switchconfig mode
To configure LWAPP transport mode for Layer 2 or Layer 3, use the config switchconfig flowcontrol command.
>config switchconfig mode [L2/L3]
Syntax
config
switchconfig
mode [L2/L3]
Configure parameters.
WLAN — Security Switch (2270) parameters.
Layer 2 or Layer 3 mode.
Defaults
L3
Examples
>config switchconfig mode L3
Related Commands
show switchconfig
Nortel 2200 Series Product Guide
504 config syslog
config syslog
config syslog
To send or disable sending system logs, use the config syslog command.
>config syslog [<ipaddr>/disable]
Syntax
config
syslog
<ipaddr>
disable
Configure parameters.
System logs.
Specify an IP Address to send logs.
Disable logs
Defaults
Disable
Examples
>config syslog 10.1.1.1
Sending logs to 10.1.1.1
>config syslog disable
Syslog disabled.
Related Commands
show syslog
config sysname
config sysname
To set the WLAN — Security Switch (2270) system name, use the config sysname command.
>config sysname <name>
Syntax
config
sysname
<name>
Configure parameters.
WLAN — Security Switch (2270) name.
Name (Up to 31 alphanumeric characters).
Defaults
(none)
Examples
>config sysname Ent_01
Related Commands
show sysinfo
config time
config time
To set the system time, use the config time command.
>config time
320298-A Rev 00
CONFIG TRAPFLAGS COMMANDS 505
Syntax
config
Command action.
manual MM/DD/YYYY HH:MM:SS
Configures the system time.
ntp Interval/server
Configures the Network Time Protocol Polling
Interval or the Network Time Protocol
Servers.
timezone <disable/enable> <hours> [minutes]
Disables or enables daylight savings time for
the system.
Defaults
(none)
Examples
>config time manual 02/11/2003 15:29:00
Related Commands
show time
CONFIG TRAPFLAGS COMMANDS
config trapflags
Use the following config trapflags commands:
•
“config trapflags 802.11-Security” on page 505
•
“config trapflags aaa” on page 506
•
“config trapflags ap” on page 506
•
“config trapflags authentication” on page 507
•
“config trapflags client” on page 507
•
“config trapflags configsave” on page 508
•
“config trapflags ipsec” on page 508
•
“config trapflags linkmode” on page 509
•
“config trapflags multiusers” on page 509
•
“config trapflags rogueap” on page 509
•
“config trapflags rrm-params” on page 510
•
“config trapflags rrm-profile” on page 510
•
“config trapflags stpmode” on page 511
•
“config trapflags wps” on page 511
config trapflags 802.11-Security
config trapflags 802.11-Security
To enable or disable sending 802.11 Security related traps, use the config trapflags 802.11-Security command.
>config trapflags 802.11-Security <wepDecryptError> [enable/disable]
Nortel 2200 Series Product Guide
506 config trapflags aaa
Syntax
config
trapflags
802.11-Security
<wepDecryptError>
[enable/disable]
Configure parameters.
Trap parameters.
802.11 security traps flag.
WEP decryption error.
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags aaa disable
Related Commands
show trapflags
config trapflags aaa
config trapflags aaa
To enable or disable sending AAA server related traps, use the config trapflags aaa command.
>config trapflags aaa <auth/servers> [enable/disable]
Syntax
config
trapflags
aaa
<auth/servers>
[enable/disable]
Configure parameters.
Trap parameters.
AAA traps flag.
Authentication/Servers
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags aaa auth disable
Related Commands
show trapflags
config trapflags ap
config trapflags ap
To enable or disable sending WLAN — Access Port (223x) related traps, use the config trapflags ap command.
>config trapflags ap <register/interfaceUp>[enable/disable]
Syntax
config
trapflags
ap
<register/interfaceUp>
[enable/disable]
320298-A Rev 00
Configure parameters.
Trap parameters.
WLAN — Access Port (223x) traps flag.
Register/Interface Up
Modify the state of the parameter.
config trapflags authentication 507
Defaults
Enabled
Examples
>config trapflags ap register disable
Related Commands
show trapflags
config trapflags authentication
config trapflags authentication
To enable or disable sending traps on invalid SNMP access, use the config trapflags authentication command.
>config trapflags authentication [enable/disable]
Syntax
config
trapflags
authentication
[enable/disable]
Configure parameters.
Trap parameters.
Authentication of SNMP access.
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags authentication disable
Related Commands
show trapflags
config trapflags client
config trapflags client
To enable or disable sending client related DOT11 traps, use the config trapflags client command.
>config trapflags client <802.11-disassocate/802.11-deauthenticate/
802.11-authfail/802.11-assocfail>[enable/disable]
Syntax
config
trapflags
client
802.11-disassocate/
802.11-deauthenticate/
802.11-authfail/
802.11-assocfail>
[enable/disable]
Configure parameters.
Trap parameters.
DOT11 traps flag.
Enable or send the indicated trap for clients.
Modify the state of the parameter.
Defaults
Disabled
Nortel 2200 Series Product Guide
508 config trapflags configsave
Examples
>config trapflags client 802.11-disassociate disable
Related Commands
show trapflags
config trapflags configsave
config trapflags configsave
To enable or disable sending configuration saved trap, use the config trapflags configsave command.
>config trapflags configsave [enable/disable]
Syntax
config
trapflags
configsave
[enable/disable]
Configure parameters.
Trap parameters.
Saved configuration trap flag.
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags configsave disable
Related Commands
show trapflags
config trapflags ipsec
config trapflags ipsec
To enable or disable sending IPSec traps, use the config trapflags ipsec command.
>config trapflags ipsec <esp-auth/esp-reply/invalidSPI/ike-neg/
suite-neg/invalid-cookie> [enable/disable]
Syntax
config
trapflags
ipsec
<esp-auth/
esp-reply/
nvalidSPI/
ike-neg/suite-neg/
invalid-cookie>
[enable/disable]
Configure parameters.
Trap parameters.
IPSec trap flags.
Send IPSec traps when the indicated trap
occurs.
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags ipsec esp-auth disable
320298-A Rev 00
config trapflags linkmode 509
Related Commands
show trapflags
config trapflags linkmode
config trapflags linkmode
To enable or disable WLAN — Security Switch (2270) level Link Up/Down trap flag, use the config trapflags linkmode
command.
>config trapflags linkmode [enable/disable]
Syntax
config
trapflags
linkmode
[enable/disable]
Configure parameters.
Trap parameters.
Link status flag.
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags linkmode disable
Related Commands
show trapflags
config trapflags multiusers
config trapflags multiusers
To enable or disable sending traps when multiple logins active, use the config trapflags multiusers command.
>config trapflags multiusers [enable/disable]
Syntax
config
trapflags
multiusers
[enable/disable]
Configure parameters.
Trap parameters.
Multiple user flag.
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags multiusers disable
Related Commands
show trapflags
config trapflags rogueap
config trapflags rogueap
To enable or disable sending Rogue AP detection traps, use the config trapflags rogueap command.
>config trapflags rogueap [enable/disable]
Nortel 2200 Series Product Guide
510 config trapflags rrm-params
Syntax
config
trapflags
rogueap
[enable/disable]
Configure parameters.
Trap parameters.
Rogue AP detection trap flag.
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags rogueap disable
Related Commands
show trapflags
config trapflags rrm-params
config trapflags rrm-params
To enable or disable sending RRM profile related traps, use the config trapflags rrm-params command.
>config trapflags rrm-params <tx-power/channel/antenna> [enable/
disable]
Syntax
config
trapflags
rrm-params
<tx-power/
channel/
antenna>
[enable/disable]
Configure parameters.
Trap parameters.
RRM parameters traps flag.
Enable sending trap when RF manager automatically changes tx-power level for the
WLAN — Access Port (223x) interface.
Enable sending trap when RF manager automatically changes channel for the WLAN —
Access Port (223x) interface.
Enable sending trap when RF manager automatically changes antenna for the WLAN —
Access Port (223x) interface.
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags rrm-params tx-power disable
Related Commands
show trapflags
config trapflags rrm-profile
config trapflags rrm-profile
To enable or disable sending RRM profile related traps, use the config trapflags rrm-profile command.
320298-A Rev 00
config trapflags stpmode 511
>config trapflags rrm-profile <load/noise/interference/coverage>
[enable/disable]
Syntax
config
trapflags
rrm-profile
<load/noise/
interference/coverage>
[enable/disable]
Configure parameters.
Trap parameters.
RRM profile traps flag.
Profile parameters
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags rrm-profile load disable
Related Commands
show trapflags
config trapflags stpmode
config trapflags stpmode
To enable or disable sending spanning tree traps, use the config trapflags stpmode command.
>config trapflags stpmode [enable/disable]
Syntax
config
trapflags
stpmode
[enable/disable]
Configure parameters.
Trap parameters.
Spanning traps flag.
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags stpmode disable
Related Commands
show trapflags
config trapflags wps
config trapflags wps
To enable or disable sending wireless protection system (WPS) traps, use the config trapflags wps command.
>config trapflags wps [enable/disable]
Syntax
config
trapflags
wps
Configure parameters.
Trap parameters.
Wireless Protection System traps.
Nortel 2200 Series Product Guide
512 CONFIG WATCHLIST COMMANDS
[enable/disable]
Modify the state of the parameter.
Defaults
Enabled
Examples
>config trapflags wps disable
Related Commands
show trapflags
CONFIG WATCHLIST COMMANDS
config watchlist
Use the following config watchlist commands.
•
“config watchlist add” on page 512
•
“config watchlist delete” on page 512
•
“config watchlist enable/disable” on page 513
config watchlist add
config watchlist add
To add a watchlist entry for a wireless LAN, use the config watchlist add command.
>config watchlist add [mac <MAC addr>/username <User Name>]
Syntax
config watchlist
add
mac <MAC addr>
username <User Name>
Command action.
Add a watchlist entry.
MAC address of new entry.
User name.
Defaults
(none)
Examples
>config watchlist add a5:6b:ac:10:01:6b Able1
Related Commands
config watchlist delete, config watchlist enable/disable, show watchlist
config watchlist delete
config watchlist delete
To delete a watchlist entry for a wireless LAN, use the config watchlist delete command.
>config watchlist delete [mac <MAC addr>/username <User Name>]
Syntax
config watchlist
delete
mac <MAC addr>
username <User Name>
320298-A Rev 00
Command action.
Delete a watchlist entry.
MAC address of new entry.
User name.
config watchlist enable/disable 513
Defaults
(none)
Examples
>config watchlist delete a5:6b:ac:10:01:6b Able1
Related Commands
config watchlist add, config watchlist enable/disable, show watchlist
config watchlist enable/disable
config watchlist enable/disable
To delete a watchlist entry for a wireless LAN, use the config watchlist delete command.
>config watchlist enable/disable
Syntax
config watchlist
enable/disable
Command action.
Enable or disable the client watchlist.
Defaults
(none)
Examples
>config watchlist enable
>config watchlist disable
Related Commands
config watchlist add, config watchlist delete, show watchlist
CONFIG WLAN COMMANDS
config wlan
Use the following config wlan commands.
•
“config wlan aaa-override” on page 514
•
“config wlan broadcast-ssid” on page 515
•
“config wlan create” on page 516
•
“config wlan delete” on page 516
•
“config wlan dhcp_server” on page 516
•
“config wlan disable” on page 517
•
“config wlan enable” on page 517
•
“config wlan exclusionlist” on page 515
•
“config wlan interface” on page 518
•
“config wlan mac-filtering” on page 518
•
“config wlan qos” on page 519
•
“config wlan radio” on page 519
Nortel 2200 Series Product Guide
514 config wlan aaa-override
•
“config wlan security” on page 520
•
“config wlan timeout” on page 531
•
“config wlan vlan” on page 532
•
“config wlan wme” on page 520
•
“config wlan security ipsec” on page 523
•
“config wlan security ipsec authentication” on page 523
•
“config wlan security ipsec encryption” on page 524
•
“config wlan security ipsec ike authentication” on page 524
•
“config wlan security ipsec ike dh-group” on page 525
•
“config wlan security ipsec ike lifetime” on page 525
•
“config wlan security ipsec ike phase1” on page 526
•
“config wlan security passthru” on page 527
config wlan aaa-override
config wlan aaa-override
To create a wireless LAN, use the config wlan aaa-override command.
When AAA Override is enabled, and a client has conflicting AAA and WLAN — Security Switch (2270) WLAN
authentication parameters, client authentication is performed by the AAA server. As part of this authentication, the
Operating System will move clients from the default Nortel WLAN VLAN to a VLAN returned by the AAA server and
predefined in the WLAN — Security Switch (2270) Interface configuration (only when configured for MAC filtering,
802.1X, and/or WPA operation). In all cases, the Operating System will also use QoS and ACL provided by the AAA
server, as long as they are predefined in the WLAN — Security Switch (2270) Interface configuration. (This VLAN
switching by AAA Override is also referred to as Identity Networking.)
For instance, if the Corporate WLAN primarily uses a Management Interface assigned to VLAN 2, and if AAA Override
returns a redirect to VLAN 100, the Operating System redirects all client transmissions to VLAN 100, regardless of the
physical port to which VLAN 100 is assigned.
When AAA Override is disabled, all client authentication defaults to the WLAN — Security Switch (2270) authentication parameter settings, and authentication is only performed by the AAA server if the WLAN — Security Switch
(2270) WLAN do not contain any client-specific authentication parameters.
The AAA override values may come from a RADIUS server, for example.
>config wlan aaa-override [enable/disable] [<WLAN id>]
Syntax
config
wlan
aaa-override
enable/disable
<WLAN id>
Defaults
Disabled.
320298-A Rev 00
Configure parameters.
Wireless LAN parameters.
WLAN AAA Override.
Change state command.
WLAN identifier between 1 and 16.
config wlan broadcast-ssid 515
Examples
>config wlan aaa-override enable
Related Commands
show wlan
config wlan broadcast-ssid
config wlan broadcast-ssid
To configure an SSID broadcast on a WLAN, use the config wlan broadcast-ssid command.
>config wlan broadcast-ssid [enable/disable] <WLAN id>
Syntax
config
wlan
broadcast-ssid
enable/disable
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Broadcast SSID.
Change state command.
WLAN identifier between 1 and 16.
Defaults
Disabled.
Examples
>config wlan broadcast-ssid enable
Related Commands
show wlan
config wlan exclusionlist
config wlan exclusionlist
To modify the Exclusion List (blacklist) timeout for a wireless LAN, use the config wlan exclusionlist command.
Set the timeout in seconds for an automatically disabled client. Client machines are disabled by MAC address. A timeout
setting of 0 indicates that the client is permanently disabled and that administrative control is required to remove the
client from the automatic disable.
>config wlan exclusionlist [<WLAN id>] <seconds>
Syntax
config
wlan
exclusionlist
<WLAN id>
<seconds>
Configure parameters.
Wireless LAN parameters.
Exclusion List.
WLAN identifier between 1 and 16.
Timeout in seconds.
Defaults
Not enabled
Examples
>config wlan exclusionlist foreignAp 2
Nortel 2200 Series Product Guide
516 config wlan create
Related Commands
show exclusionlist
config wlan create
config wlan create
To create a wireless LAN, use the config wlan create command.
>config wlan create <WLAN id> [<WLAN id]
Syntax
config
wlan
create
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Add a WLAN.
WLAN identifier between 1 and 16.
Defaults
(none)
Examples
>config wlan create 1 SSID01
Related Commands
show trapflags
config wlan delete
config wlan delete
To delete a wireless LAN, use the config wlan delete command.
>config wlan delete [<WLAN id>]
Syntax
config
wlan
delete
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Remove a WLAN.
WLAN identifier between 1 and 16.
Defaults
(none)
Examples
>config wlan delete 5
Related Commands
show wlan, show wlan summary
config wlan dhcp_server
config wlan dhcp_server
To configure the DHCP server for a wireless LAN, use the config wlan dhcp_server command.
>config wlan dhcp_server [<WLAN id>] <ipaddr>
320298-A Rev 00
config wlan disable 517
Syntax
config
wlan
dhcp_server
<WLAN id>
<ipaddr>
Configure parameters.
Wireless LAN parameters.
Configure DHCP server.
WLAN identifier between 1 and 16.
IP Address of the DHCP server (this parameter is required).
Defaults
(none)
Examples
>config wlan dhcp_server foreignAp 10.10.2.1
Related Commands
show wlan
config wlan disable
config wlan disable
To disable a wireless LAN, use the config wlan disable command.
>config wlan disable [<WLAN id>]
Syntax
config
wlan
disable
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Change state of WLAN.
WLAN identifier between 1 and 16.
Defaults
(none)
Examples
>config wlan disable foreignAp
Related Commands
show wlan
config wlan enable
config wlan enable
To enable a wireless LAN, use the config wlan enable command.
>config wlan enable [<WLAN id>]
Syntax
config
wlan
enable
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Change state of WLAN.
WLAN identifier between 1 and 16.
Nortel 2200 Series Product Guide
518 config wlan interface
Defaults
(none)
Examples
>config wlan enable
Related Commands
show wlan
config wlan interface
config wlan interface
To associate a wireless LAN with an existing interface, use the config wlan interface command.
>config wlan interface [<WLAN id>] <interface-name>
Syntax
config
wlan
interface
<WLAN id>
<interface-name>
Configure parameters.
Wireless LAN parameters.
Change state of WLAN.
WLAN identifier between 1 and 16.
Existing interface name.
Defaults
(none)
Examples
>config wlan interface
Related Commands
show wlan
config wlan mac-filtering
config wlan mac-filtering
To change the state of MAC filtering on a wireless LAN, use the config wlan mac-filtering command.
>config wlan mac-filtering [enable/disable] [<WLAN id>]
Syntax
config
wlan
mac-filtering
enable/disable
<WLAN id>
Configure parameters.
Wireless LAN parameters.
MAC filtering feature.
Change state command.
WLAN identifier between 1 and 16.
Defaults
(none)
Examples
>config wlan mac-filtering enable 1
320298-A Rev 00
config wlan qos 519
Related Commands
show wlan
config wlan qos
config wlan qos
To change the quality of service for a wireless LAN, use the config wlan qos command.
>config wlan qos [<WLAN id>] [bronze/silver/gold/platinum]
Syntax
config
wlan
qos
<WLAN id>
bronze/silver/gold/
platinum
Configure parameters.
Wireless LAN parameters.
Quality of service.
WLAN identifier between 1 and 16.
Grades of service: Background, Best Effort,
Video,
and Voice, respectively.
Defaults
(none)
Examples
To set the highest level of service on WLAN 1, use the following command:
>config wlan qos 1 gold
Related Commands
show wlan
config wlan radio
config wlan radio
To the set the Nortel Networks Radio policy on a wireless LAN, use the config wlan radio command. Set the WLAN
policy to apply to 802.11a, 802.11g, 802.11b, 802.11a/g, 802.11b/g, or All = 802.11a/b/g Nortel Networks Radios.
>config wlan radio <WLAN id> [all/802.11a/802.11bg/802.11g/802.11ag]
Syntax
config
wlan
radio
<WLAN id>
802.11a
802.11bg
802.11g
all
Configure parameters.
Wireless LAN parameters.
Nortel Networks Radio policy.
WLAN identifier between 1 and 16.
Only 802.11a supported, when 802.11a is
enabled.
Only 802.11b supported, when 802.11b is
enabled and 802.11g support is disabled.
Only 802.11g supported, when 802.11b and
802.11g support are enabled.
Only 802.11a/b supported, when 802.11a
and 802.11b are enabled and 802.11g
support is disabled.
Nortel 2200 Series Product Guide
520 config wlan wme
802.11bg
802.11ag
all
Only 802.11b/g supported, when 802.11b
and 802.11g support are enabled.
Only 802.11a/g supported, when 802.11a,
802.11b and 802.11g support are enabled.
802.11a/b/g supported, when 802.11a,
802.11b and 802.11g support are enabled.
Defaults
(none)
Examples
>config wlan radio 1 all
Related Commands
config 802.11a enable, config 802.11a disable, config 802.11b enable, config 802.11b
disable, config 802.11b 11gSupport enable, config 802.11b 11gSupport disable, show
wlan
config wlan wme
config wlan wme
To configure WME, use the config wlan wme command.
>config wlan wme <allow/disable/require> [<WLAN id]
Syntax
config
wlan
wme
<allow/
disable/
require>
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Configure WME.
Allows WME on the WLAN.
Disables WME on the WLAN.
Requires WME enabled clients on the WLAN.
WLAN identifier between 1 and 16.
Defaults
(none)
Examples
>config wlan wme allow 1 SSID01
Related Commands
show trapflags
CONFIG WLAN SECURITY COMMANDS
Use the following wlan security commands.
•
“config wlan security 802.1X” on page 521
•
“config wlan security cranite” on page 522
•
“config wlan security fortress” on page 522
320298-A Rev 00
config wlan security
config wlan security 802.1X 521
•
“config wlan security ipsec” on page 523
•
“config wlan security ipsec authentication” on page 523
•
“config wlan security ipsec encryption” on page 524
•
“config wlan security ipsec ike authentication” on page 524
•
“config wlan security ipsec ike dh-group” on page 525
•
“config wlan security ipsec ike lifetime” on page 525
•
“config wlan security ipsec ike phase1” on page 526
•
“config wlan security ipsec ike contivity” on page 526
•
“config wlan security ipsec config qotd” on page 527
•
“config wlan security passthru” on page 527
•
“config wlan security l2tp” on page 528
•
“config wlan security static-wep-key” on page 528
•
“config wlan security static-wep-key authentication” on page 529
•
“config wlan security static-wep-key encryption” on page 529
•
“config wlan security web” on page 530
•
“config wlan security wpa” on page 531
•
“config wlan timeout” on page 531
•
“config wlan vlan” on page 532
config wlan security 802.1X
config wlan security 802.1X
To change the state of 802.1X security on the wireless LAN Nortel Networks Radios, use the config wlan security
802.1X command.
Use to change the encryption level of 802.1X security on the WLAN Nortel Networks Radios to:
- 40/64 bit key
- 104/128 bit key
- 128/152 bit key
>config wlan security 802.1X [enable/disable/encryption] [<WLAN id>/
foreignAp]
Syntax
config
wlan
security
802.1X
enable/disable/
encryption
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
802.1X security.
Change state command.
Sets the static WEP keys and indexes.
WLAN identifier between 1 and 16.
Nortel 2200 Series Product Guide
522 config wlan security cranite
Defaults
(none)
Examples
>config wlan security 802.1X enable 2
Related Commands
show wlan
Related Commands
show wlan
config wlan security cranite
config wlan security cranite
To change the state of the Cranite passthrough, use the config wlan security cranite command.
>config wlan security cranite [enable/disable] [<WLAN id>]
Syntax
config
wlan
security
cranite
enable/disable
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
Cranite passthrough.
Change state command.
WLAN identifier between 1 and 16.
Defaults
(none)
Examples
>config wlan security cranite enable 3
Related Commands
show wlan
config wlan security fortress
config wlan security fortress
To change the state of the Fortress passthrough, use the config wlan security fortress command.
>config wlan security fortress [enable/disable] [<WLAN id>]
Syntax
config
wlan
security
fortress
enable/disable
<WLAN id>
Defaults
(none)
320298-A Rev 00
Configure parameters.
Wireless LAN parameters.
Security policy.
Fortress passthrough.
Change state command.
WLAN identifier between 1 and 16.
config wlan security ipsec 523
Examples
>config wlan security fortress enable 5
Related Commands
show wlan
config wlan security ipsec
config wlan security ipsec
To change the state of the IPSec security, use the config wlan security ipsec command.
>config wlan security ipsec [enable/disable] [<WLAN id>]
Syntax
config
wlan
security
ipsec
enable/disable
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
IPSec parameters.
Change state command.
WLAN identifier between 1 and 16.
Defaults
N/A
Examples
>config wlan security IPSec enable 2
Related Commands
show wlan
config wlan security ipsec authentication
config wlan security ipsec authentication
To modify the IPSec security authentication protocol used on the wireless LAN, use the config wlan security ipsec
authentication command.
Use to change the authentication protocol for IPSec to:
- hmac-md5
Enables IPSec HMAC-MD5 authentication.
- hmac-sha-1 Enables IPSec HMAC-SHA-1 authentication.
- none
Disables IPSec authentication.
>config wlan security ipsec authentication [hmac-md5/hmac-sha-1/none]
[<WLAN id>]
Syntax
config
wlan
security
ipsec
authentication
[hmac-md5/hmacsha-1/none]
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
IPSec security.
Authentication parameter.
Authentication protocol.
WLAN identifier between 1 and 16.
Nortel 2200 Series Product Guide
524 config wlan security ipsec encryption
Defaults
N/A
Examples
>config wlan security ipsec authentication hmac-sha-1 1
Related Commands
show wlan
config wlan security ipsec encryption
config wlan security ipsec encryption
To modify the IPSec security encryption protocol used on the wireless LAN, use the config wlan security ipsec encryption command.
>config wlan security ipsec encryption [3des/des] [<WLAN id>]
Syntax
config
wlan
security
ipsec
encryption
[3des/des]
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
IPSec security.
Encryption parameter.
Encryption protocol.
WLAN identifier between 1 and 16.
Defaults
N/A
Examples
>config wlan security ipsec encryption aes 1
Related Commands
show wlan
config wlan security ipsec ike authentication
config wlan security ipsec ike authentication
To modify the IPSec ike authentication protocol used on the wireless LAN, use the config wlan security ipsec ike
authentication command.
>config wlan security ipsec ike authentication <certificates/
pre-share-key/xauth-psk> [<WLAN id>] [<key>]
Syntax
config
wlan
security
ipsec
ike
authentication
certificates
pre-share-key
320298-A Rev 00
Configure parameters.
Wireless LAN parameters.
Security policy.
IPSec security.
IKE protocol.
Authentication parameter.
Certificate authentication (no key required).
Pre-shared key
config wlan security ipsec ike dh-group 525
xauth-psk
<WLAN id>
<key>
XAuth pre-shared key.
WLAN identifier between 1 and 16.
Key required for pre-share and xauth-psk.
Defaults
N/A
Examples
>config wlan security ipsec ike authentication certificates
Related Commands
show wlan
config wlan security ipsec ike dh-group
config wlan security ipsec ike DH-Group
To modify the IPSec IKE Diffie Hellman group used on the wireless LAN, use the config wlan security ipsec ike authentication command.
>config wlan security ipsec ike dh-group [<WLAN id>] <group-id>
Syntax
config
wlan
security
ipsec
ike
dh-group
<WLAN id>
<group-id>
Configure parameters.
Wireless LAN parameters.
Security policy.
IPSec security.
IKE protocol.
Diffie Hellman group parameter.
WLAN identifier between 1 and 16.
Group 1, 2 or 5
Defaults
N/A
Examples
>config wlan security ipsec ike dh-group 1 1
Related Commands
show wlan
config wlan security ipsec ike lifetime
config wlan security ipsec ike lifetime
To modify the IPSec IKE timeout used on the wireless LAN, use the config wlan security ipsec ike lifetime command.
>config wlan security ipsec ike lifetime [<WLAN id>] <group-id>
<seconds>
Syntax
config
wlan
security
ipsec
Configure parameters.
Wireless LAN parameters.
Security policy.
IPSec security.
Nortel 2200 Series Product Guide
526 config wlan security ipsec ike phase1
ike
lifetime
<WLAN id>
<seconds>
IKE protocol.
IKE timeout.
WLAN identifier between 1 and 16.
Timeout in seconds
Defaults
N/A
Examples
>config wlan security ipsec ike lifetime 1 10
Related Commands
show wlan
config wlan security ipsec ike phase1
config wlan security ipsec ike phase1
To modify IPSec IKE Phase 1 used on the wireless LAN, use the config wlan security ipsec ike phase1 command.
>config wlan security ipsec ike phase1 [aggressive/main] [<WLAN id>]
Syntax
config
wlan
security
ipsec
ike
phase1
[aggressive]
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
IPSec security.
IKE protocol.
Phase 1 command.
Phase 1 setting.
WLAN identifier between 1 and 16.
Defaults
N/A
Examples
>config wlan security ipsec ike phase1 aggressive 1
Related Commands
show wlan
config wlan security ipsec ike contivity
To change the IP Security settings, use the config wlan security ipsec command.
>config wlan security ipsec ike contivity <xxxx>
Syntax
config
wlan
security
ipsec
ike
320298-A Rev 00
Configure parameters.
Wireless LAN parameters.
Security policy.
IP Security protocols.
internet key exchange
config wlan security ipsec config qotd 527
contivity
<enable>
<disable>
Modify status.
Enables Contivity support for this WLAN
Disables Contivity support for this WLAN
Defaults
N/A
Examples
>config wlan security ipsec ike contivity enable
Related Commands
show wlan
config wlan security ipsec config qotd
To change the IP Security settings, use the config wlan security ipsec command.
>config wlan security ipsec config qotd <server ip> <wlan id>
Syntax
config
wlan
security
ipsec
config
qotd
<server ip>
Configure parameters.
Wireless LAN parameters.
Security policy.
IP Security protocols.
Modify status
quote of the day.
Configures quote-of-the-day server IP for
cfg-mode
WLAN identifier between 1 and 16.
<WLAN id>
Defaults
N/A
Examples
>config wlan security ipsec config qotd 127.0.0.0 1 17
Related Commands
show wlan
config wlan security passthru
config wlan security passthru
To modify Passthru used on the wireless LAN, use the config wlan security ipsec ike passthru command.
>config wlan security passthru [enable/disable] [<WLAN id>]
Syntax
config
wlan
Configure parameters.
Wireless LAN parameters.
Nortel 2200 Series Product Guide
528 config wlan security l2tp
security
passthru
[enable/disable]
<WLAN id>
Security policy.
Passthru command.
Passthru setting.
WLAN identifier between 1 and 16.
Defaults
N/A
Examples
>config wlan security ipsec enable 3 17
Related Commands
show wlan
config wlan security l2tp
config wlan security l2tp
To configure l2tp used on the wireless LAN, use the config wlan security l2tp command.
>config wlan security l3tp [authentication/enable/disable/encryption/
ike] [<WLAN id>/foreignAp] [gateway]
Syntax
config
wlan
security
l2tp
authentication/
enable/disable
encryption/
ike
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
L2tp.
IPSec authentication transform (hmac-md5
or hmac-sha-1).
Modify l2tp status.
IPSEC configuration transform (3des, aes or
des).
Internal Key Exchange (authentication,
DH-Group, lifetime or phase1).
WLAN identifier between 1 and 16.
Defaults
N/A
Examples
>config wlan security l2tp enable 1
Related Commands
show wlan
config wlan security static-wep-key
config wlan security static-wep-key
To change the status of static WEP key authentication, use the config wlan security static-wep-key command.
>config wlan security static-wep-key [enable/disable] <WLAN id>
320298-A Rev 00
config wlan security static-wep-key authentication 529
Syntax
config
wlan
security
static-wep-key
enable/disable
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
Static WEP key authentication.
Modify status.
WLAN identifier between 1 and 16.
Defaults
N/A
Examples
>config wlan security static-wep-key enable 1
Related Commands
config wlan security wpa encryption
config wlan security static-wep-key authentication
config wlan security static-wep-key authentication
To change the status of static WEP key authentication, use the config wlan security static-wep-key authentication
command.
>config wlan security static-wep-key authentication <shared-key/open>
<WLAN id>
Syntax
config
wlan
security
static-wep-key
authentication
shared-key
open
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
Static WEP key authentication.
Authentication setting.
Shared-key authentication.
Open authentication.
WLAN identifier between 1 and 16.
Defaults
N/A
Examples
>config wlan security static-wep-key authentication
shared-key 1
>config wlan security static-wep-key authentication open 1
Related Commands
show wlan
config wlan security static-wep-key encryption
config wlan security static-wep-key encryption
To change the status of static WEP key encryption, use the config wlan security static-wep-key encryption command.
Use to enable or disable static wep key encryption. Static WEP encryption parameters:
Nortel 2200 Series Product Guide
530 config wlan security web
- Key sizes: 40/64, 104/128 and 128/152 bit key sizes.
- Key Index: 1 to 4.
- Enter encryption key.
- Select encryption key format in ASCII or HEX.
One unique WEP Key Index can be applied to each WLAN. As there are only four WEP Key Indexes, only four WLANs
can be configured for Static WEP Layer 2 encryption.
>config wlan security static-wep-key encryption <WLAN id> [40/104/128]
[hex/ascii] <key> <key-index>
Syntax
config
wlan
security
static-wep-key
encryption
<WLAN id>
[40/104/128]
hex/ascii
<key>
<key-index>
Configure parameters.
Wireless LAN parameters.
Security policy.
Static WEP key authentication.
Encryption setting.
WLAN identifier between 1 and 16.
Encryption level.
Key format
Hex or ASCII key
Key index
Defaults
N/A
Examples
>config wlan security wpa encryption 1 40 hex 0201702001 2
Related Commands
show wlan
config wlan security web
config wlan security web
To change the status of Web authentication used on the wireless LAN, use the config wlan security web command.
>config wlan security web [acl/enable/disable] [<WLAN id>] <ACL name/
none>
Syntax
config
wlan
security
web
acl
enable/disable
<WLAN id>
<ACL name/none>
320298-A Rev 00
Configure parameters.
Wireless LAN parameters.
Security policy.
Web authentication.
Add an ACL to the WLAN definition.
Modify status.
WLAN identifier between 1 and 16.
Existing ACL name or blank.
config wlan security wpa 531
Defaults
N/A
Examples
>config wlan security web acl 1 ACL03
>config wlan security web enable
>config wlan security web disable
Related Commands
show wlan
config wlan security wpa
config wlan security wpa
To change the status of WPA authentication, use the config wlan security wpa command.
>config wlan security wpa [enable/disable] <WLAN id>
Syntax
config
wlan
security
wpa
enable/disable
<WLAN id>
Configure parameters.
Wireless LAN parameters.
Security policy.
WPA authentication.
Modify status.
WLAN identifier between 1 and 16.
Defaults
N/A
Examples
>config wlan security wpa enable 1
Related Commands
show wlan
config wlan timeout
config wlan timeout
To change the timeout of WLAN clients, use the config wlan timeout command.
>config wlan timeout [<WLAN id>] <seconds>
Syntax
config
wlan
timeout
<WLAN id>
<seconds>
Configure parameters.
Wireless LAN parameters.
Client timeout.
WLAN identifier between 1 and 16.
Timeout in seconds.
Defaults
N/A
Nortel 2200 Series Product Guide
532 config wlan vlan
Examples
>config wlan timeout 1 6000
Related Commands
show wlan
config wlan vlan
config wlan vlan
To add a Virtual LAN, use the config wlan vlan command.
>config wlan vlan [<WLAN id>] [<VLAN id/untagged> [<IP Address>
<Netmask> <Gateway>]/default]
Syntax
config
Configure parameters.
wlan
Wireless LAN parameters.
vlan
Virtual LAN.
<WLAN id>
WLAN identifier between 1 and 16.
default
Use the network port configuration
<VLAN id/untagged>
VLAN ID or untagged
<IP Address> <Netmask>If untagged, enter the IP Address, netmask
and
<Gateway>
gateway
Defaults
N/A
Examples
>config wlan vlan 1 untagged default
Related Commands
show wlan
CONFIG WPS COMMANDS
config wps
Use the following config wps commands.
•
“config wps client-exclusion 802.11-assoc” on page 533
•
“config wps client-exclusion 802.11-auth” on page 533
•
“config wps client-exclusion 802.1x-auth” on page 534
•
“config wps client-exclusion all” on page 534
•
“config wps client-exclusion external-policy” on page 535
•
“config wps client-exclusion ip-theft” on page 535
•
“config wps client-exclusion web-auth” on page 536
•
“config wps rogue-ap aaa” on page 537
320298-A Rev 00
config wps client-exclusion 802.11-assoc 533
•
“config wps rogue-ap adhoc” on page 536
•
“config wps rogue-ap rldp” on page 542
•
“config wps rogue-ap ssid” on page 539
•
“config wps rogue-ap timeout” on page 537
•
“config wps rogue-ap valid-client” on page 539
•
“config wps rogue-ap encryption” on page 538
•
“config wps rogue-ap misconfigured-ap” on page 540
•
“config wps rogue-ap missing-ap” on page 540
•
“config wps rogue-ap preamble” on page 541
•
“config wps rogue-ap radio” on page 541
•
“config wps signature” on page 542
config wps client-exclusion 802.11-assoc
config wps client-exclusion 802.11-assoc
To configures response to excess 802.11 association failures, use the config wps client-exclusion 802.11-assoc
command.
>config wps client-exclusion 802.11-assoc <enable/disable>
Syntax
config
wps
client-exclusion
802.11-assoc
<enable/disable>
Configure parameters.
Wireless protection system.
Client Exclusion
802.11 association.
Enable or disable the client exclusion.
Defaults
N/A
Examples
>config wps client-exclusion 802.11-assoc enable
Related Commands
config wps client-exclusion 802.11-assoc, config wps client-exclusion 802.1x-auth, config
wps client-exclusion all, config wps client-exclusion external-policy, config wps
client-exclusion ip-theft, config wps client-exclusion web-auth, show wps summary
config wps client-exclusion 802.11-auth
config wps client-exclusion 802.11-auth
To configures response to excess 802.11 authentication failures, use the config wps client-exclusion 802.11-auth
command.
>config wps client-exclusion 802.11-auth <enable/disable>
Nortel 2200 Series Product Guide
534 config wps client-exclusion 802.1x-auth
Syntax
config
wps
client-exclusion
802.11-auth
<enable/disable>
Configure parameters.
Wireless protection system.
Client Exclusion
802.11 authentication.
Enable or disable the client exclusion.
Defaults
N/A
Examples
>config wps client-exclusion 802.11-auth enable
Related Commands
config wps client-exclusion 802.11-assoc, config wps client-exclusion 802.1x-auth, config
wps client-exclusion all, config wps client-exclusion external-policy, config wps
client-exclusion ip-theft, config wps client-exclusion web-auth, show wps summary
config wps client-exclusion 802.1x-auth
config wps client-exclusion 802.1x-auth
To configures response to excess 802.1x authentication failures, use the config wps client-exclusion 802.1x-auth
command.
>config wps client-exclusion 802.1x-auth <enable/disable>
Syntax
config
wps
client-exclusion
802.1x-auth
<enable/disable>
Configure parameters.
Wireless protection system.
Client Exclusion
802.11 authentication.
Enable or disable the client exclusion.
Defaults
N/A
Examples
>config wps client-exclusion 802.1x-auth enable
Related Commands
config wps client-exclusion 802.11-auth, config wps client-exclusion all, config wps
client-exclusion external-policy, config wps client-exclusion ip-theft, config wps
client-exclusion web-auth, show wps summary
config wps client-exclusion all
config wps client-exclusion all
To configures response to excess 802.11 association, 802.11 authentication, and 802.1x authentication failures, use the
config wps client-exclusion all command.
>config wps client-exclusion all <enable/disable>
320298-A Rev 00
config wps client-exclusion external-policy 535
Syntax
config
wps
client-exclusion
all
<enable/disable>
Configure parameters.
Wireless protection system.
Client Exclusion
All association and authentication failures.
Enable or disable the client exclusions
Defaults
N/A
Examples
>config wps client-exclusion all enable
Related Commands
config wps client-exclusion 802.11-assoc, config wps client-exclusion 802.11-auth, config
wps client-exclusion 802.1x-auth, config wps client-exclusion external-policy, config wps
client-exclusion ip-theft, config wps client-exclusion web-auth, show wps summary
config wps client-exclusion external-policy
config wps client-exclusion external-policy
To configures response to excess external policy server failures, use the config wps client-exclusion external-policy
command.
>config wps client-exclusion external-policy <enable/disable>
Syntax
config
wps
client-exclusion
external policy
<enable/disable>
Configure parameters.
Wireless protection system.
Client Exclusion
External policy server failures.
Enable or disable the client exclusions
Defaults
N/A
Examples
>config wps client-exclusion external-policy enable
Related Commands
config wps client-exclusion 802.11-assoc, config wps client-exclusion 802.11-auth, config
wps client-exclusion 802.1x-auth, config wps client-exclusion ip-theft, config wps
client-exclusion web-auth, show wps summary
config wps client-exclusion ip-theft
config wps client-exclusion ip-theft
To configures response to IP theft or re-use, use the config wps client-exclusion ip-theft command.
>config wps client-exclusion if-theft <enable/disable>
Nortel 2200 Series Product Guide
536 config wps client-exclusion web-auth
Syntax
config
wps
client-exclusion
ip-theft
<enable/disable>
Configure parameters.
Wireless protection system.
Client Exclusion
Internet Protocol theft or re-use.
Enable or disable the client exclusion.
Defaults
N/A
Examples
>config wps client-exclusion ip-theft enable
Related Commands
config wps client-exclusion 802.11-assoc, config wps client-exclusion 802.11-auth, config
wps client-exclusion 802.1x-auth, config wps client-exclusion external-policy, config wps
client-exclusion web-auth, show wps summary
config wps client-exclusion web-auth
config wps client-exclusion web-auth
To configures response to excess web authentication failures, use the config wps client-exclusion web-auth command.
>config wps client-exclusion if-theft <enable/disable>
Syntax
config
wps
client-exclusion
web-auth
<enable/disable>
Configure parameters.
Wireless protection system.
Client Exclusion
Web authorization.
Enable or disable the client exclusion.
Defaults
N/A
Examples
>config wps client-exclusion web-auth enable
Related Commands
config wps client-exclusion 802.11-assoc, config wps client-exclusion 802.11-auth, config
wps client-exclusion 802.1x-auth, config wps client-exclusion external-policy, config wps
client-exclusion ip-theft, show wps summary
config wps rogue-ap adhoc
config wps rogue-ap adhoc
To configure the ad-hoc client feature, use the config wps rogue-ap adhoc command.
>config wps rogue-ap adhoc <alarm/contain>
320298-A Rev 00
config wps rogue-ap aaa 537
Syntax
config
wps
rogue-ap
adhoc
<alarm/
contain>
Configure parameters.
Wireless protection system.
Auto-contain ad-hoc feature.
Alarm when detecting ad-hoc clients.
Auto-contain ad-hoc clients.
Defaults
N/A
Examples
>config wps rogue-ap adhoc enable
Related Commands
config wps rogue-ap rldp, config wps rogue-ap ssid, config wps rogue-ap timeout, config
wps rogue-ap valid-client, config wps rogue-ap encryption, config wps rogue-ap misconfigured-ap, config wps rogue-ap missing-ap, config wps rogue-ap preamble, config wps
rogue-ap radio, config wps signature, show wps summary.
config wps rogue-ap aaa
config wps rogue-ap aaa
To configure the rogue-ap aaa feature, use the config wps rogue-ap aaa command.
>config wps rogue-ap aaa <disable/enable>
Alternate command:
>config rogue-ap aaa <disable/enable>
Syntax
config
wps
rogue-ap aaa
<enable/disable>
Configure parameters.
Wireless protection system.
Rogue AP aaa feature.
Enable or disable.
Defaults
N/A
Examples
>config rogue-ap ips aaa enable
Related Commands
config wps rogue-ap adhoc, config wps rogue-ap rldp, config wps rogue-ap ssid, config
wps rogue-ap timeout, config wps rogue-ap valid-client, config wps rogue-ap encryption,
config wps rogue-ap misconfigured-ap, config wps rogue-ap missing-ap, config wps
rogue-ap preamble, config wps rogue-ap radio, config wps signature, show wps summary.
config wps rogue-ap timeout
config wps rogue-ap timeout
To configure the expiration time for rogue entries, use the config wps rogue-ap timeout command.
Nortel 2200 Series Product Guide
538 config wps rogue-ap encryption
>config wps rogue-ap timeout <seconds>
Syntax
config
wps
rogue-ap
timeout
<seconds>
Configure parameters.
Wireless protection system.
Rogue AP
Expiration time for rogue entries.
Period in seconds for timeout.
Defaults
N/A
Examples
>config wps rogue-ap timeout 350
Related Commands
config wps rogue-ap aaa, config wps rogue-ap adhoc, config wps rogue-ap rldp, config
wps rogue-ap ssid, config wps rogue-ap valid-client, config wps rogue-ap encryption,
config wps rogue-ap misconfigured-ap, config wps rogue-ap missing-ap, config wps
rogue-ap preamble, config wps rogue-ap radio, config wps signature, show wps summary.
config wps rogue-ap encryption
config wps rogue-ap encryption
To configure the trusted AP encryption policy to be enforced, use the config wps rogue-ap encryption command.
>config wps rogue-ap encryption <open/none/wep/wpa>
Syntax
config
wps
rogue-ap
encryption
none
open
wep
wpa
Configure parameters.
Wireless protection system.
Rogue AP.
AP encryption policy.
Disable encryption policy enforcement.
Enforce open mode on trusted APs.
Enforce WEP encryption on trusted APs.
Enforce WPA encryption on trusted APs.
Defaults
N/A
Examples
>config wps rogue-ap encryption open
Related Commands
config wps rogue-ap aaa, config wps rogue-ap adhoc, config wps rogue-ap rldp, config
wps rogue-ap ssid, config wps rogue-ap timeout, config wps rogue-ap valid-client, config
wps rogue-ap misconfigured-ap, config wps rogue-ap missing-ap, config wps rogue-ap
preamble, config wps rogue-ap radio, config wps signature, show wps summary.
320298-A Rev 00
config wps rogue-ap ssid 539
config wps rogue-ap ssid
config wps rogue-ap ssid
To configure policy for rogue APs advertising your SSID, use the config wps rogue-ap ssid command.
>config wps rogue-ap ssid <alarm/contain>
Syntax
config
wps
rogue-ap
ssid
<alarm/
Configure parameters.
Wireless protection system.
Rogue AP
SSID.
Alarm only upon detecting a rogue advertising your SSID.
Auto contain upon detecting a rogue advertising your SSID.
contain>
Defaults
N/A
Examples
>config wps rogue-ap ssid alarm
Related Commands
config wps rogue-ap aaa, config wps rogue-ap adhoc, config wps rogue-ap rldp, config
wps rogue-ap timeout, config wps rogue-ap valid-client, config wps rogue-ap encryption,
config wps rogue-ap misconfigured-ap, config wps rogue-ap missing-ap, config wps
rogue-ap preamble, config wps rogue-ap radio, config wps signature, show wps summary.
config wps rogue-ap valid-client
config wps rogue-ap valid-client
To configure policy for valid clients using rogue APs, use the config wps rogue-ap valid-client command.
>config wps rogue-ap valid-client <alarm/contain>
Syntax
config
wps
rogue-ap
valid-client
<alarm/
contain>
Configure parameters.
Wireless protection system.
Rogue AP
Valid client.
Alarm only upon detecting valid clients using
rogue APs.
Auto contain upon detecting valid clients
using rogue APs.
Defaults
N/A
Examples
>config wps rogue-ap valid-client alarm
Nortel 2200 Series Product Guide
540 config wps rogue-ap misconfigured-ap
Related Commands
config wps rogue-ap aaa, config wps rogue-ap adhoc, config wps rogue-ap rldp, config
wps rogue-ap ssid, config wps rogue-ap timeout, config wps rogue-ap encryption, config
wps rogue-ap misconfigured-ap, config wps rogue-ap missing-ap, config wps rogue-ap
preamble, config wps rogue-ap radio, config wps signature, show wps summary.
config wps rogue-ap misconfigured-ap
config wps rogue-ap misconfigured-ap
To configure auto-contain of misconfigured trusted AP, use the config wps rogue-ap misconfigured-ap command.
>config wps rogue-ap misconfigured-ap <alarm/contain>
Syntax
config
wps
misconfigured-ap
<enable/disable>
Configure parameters.
Wireless protection system.
Misconfigured AP.
Enable or disable auto-configuration of
misconfigured trusted APs.
Defaults
N/A
Examples
>config wps rogue-ap misconfigured-ap enable
Related Commands
config wps rogue-ap aaa, config wps rogue-ap adhoc, config wps rogue-ap rldp, config
wps rogue-ap ssid, config wps rogue-ap timeout, config wps rogue-ap valid-client, config
wps rogue-ap encryption, config wps rogue-ap missing-ap, config wps rogue-ap preamble,
config wps rogue-ap radio, config wps signature, show wps summary.
config wps rogue-ap missing-ap
config wps rogue-ap missing-ap
To configure alert of a missing trusted AP, use the config wps rogue-ap missing-ap command.
>config wps rogue-ap missing-ap <disable/enable>
Syntax
config
wps
missing-ap
<enable/disable>
Configure parameters.
Wireless protection system.
Missing AP.
Enable or disable.
Defaults
N/A
Examples
>config wps rogue-ap missing-ap enable
320298-A Rev 00
config wps rogue-ap preamble 541
Related Commands
config wps rogue-ap aaa, config wps rogue-ap adhoc, config wps rogue-ap rldp, config
wps rogue-ap ssid, config wps rogue-ap timeout, config wps rogue-ap valid-client, config
wps rogue-ap encryption, config wps rogue-ap misconfigured-ap, config wps rogue-ap
preamble, config wps rogue-ap radio, config wps signature, show wps summary.
config wps rogue-ap preamble
config wps rogue-ap preamble
To configure the trusted AP preamble policy to be enforced, use the config wps preamble command.
>config wps rogue-ap preamble <long/none/short>
Syntax
config
wps
rogue-ap
preamble
long
none
short
Configure parameters.
Wireless protection system.
Rogue AP
Preamble policy.
Enforce long preamble on trusted APs.
Disable preamble policy enforcement.
Enforce short preamble on trusted APs.
Defaults
N/A
Examples
>config wps rogue-ap preamble short
Related Commands
config wps rogue-ap aaa, config wps rogue-ap adhoc, config wps rogue-ap rldp, config
wps rogue-ap ssid, config wps rogue-ap timeout, config wps rogue-ap valid-client, config
wps rogue-ap encryption, config wps rogue-ap misconfigured-ap, config wps rogue-ap
missing-ap, config wps rogue-ap radio, config wps signature, show wps summary.
config wps rogue-ap radio
config wps rogue-ap radio
To configure the trusted AP Nortel Networks Radio policy to be enforced., use the config wps rogue-ap radio command.
>config wps rogue-ap radio <802.11a/802.11b/802.11bg/none>
ASyntax
config
wps
rogue-ap
radio
802.11a
802.11b
802.11bg
none
Configure parameters.
Wireless protection system.
Rogue AP.
Nortel Networks Radio policy.
Enforce 802.11a only on trusted APs.
Enforce 802.11b only on trusted APs.
Enforce 802.11bg only on trusted APs.
Disable Nortel Networks Radio policy
enforcement.
Nortel 2200 Series Product Guide
542 config wps rogue-ap rldp
Defaults
N/A
Examples
>config wps rogue-ap radio 802.11a
Related Commands
config wps rogue-ap aaa, config wps rogue-ap adhoc, config wps rogue-ap rldp, config
wps rogue-ap ssid, config wps rogue-ap timeout, config wps rogue-ap valid-client, config
wps rogue-ap encryption, config wps rogue-ap misconfigured-ap, config wps rogue-ap
missing-ap, config wps rogue-ap preamble, config wps signature, show wps summary.
config wps rogue-ap rldp
config wps rogue-ap rldp
To configure Rogue Location Discovery Protocol, use the config wps rogue-ap rldp command.
>config wps rogue-ap rldp <disable/enable/initiate>
Syntax
config
wps
rldp
<enable/disable/
initiate>
Configure parameters.
Wireless protection system.
Rogue Location Discovery Protocol.
Enable or disable.
Initiate RLDP on a given rogue-ap.
Defaults
N/A
Examples
>config wps rogue-ap rldp enable
Related Commands
config wps rogue-ap aaa, config wps rogue-ap adhoc, config wps rogue-ap ssid, config
wps rogue-ap timeout, config wps rogue-ap valid-client, config wps rogue-ap encryption,
config wps rogue-ap misconfigured-ap, config wps rogue-ap missing-ap, config wps
rogue-ap preamble, config wps rogue-ap radio, config wps signature, show wps summary.
CONFIG WPS-PEERS COMMANDS
config wps-peers
Use the following config wps-peers commands to configure the inter-WLAN — Security Switch (2270) Mobility
manager.
•
“config wps signature” on page 542
•
“config wps-peers secure-mode” on page 543
config wps signature
config wps signature
To configure the signatures for WPS, use the config wps signature command.
>config wps signature <enable/disable>
320298-A Rev 00
config wps-peers secure-mode 543
Syntax
show
wps
signatures
<enable/disable>
Display configurations.
Wireless Protection System.
Signatures
Enable or disable.
Defaults
(none)
Example
>config wps signature enable
Related Commands
show wps summary.
config wps-peers secure-mode
config wps-peers secure-mode
To configure the security of WPS peer messages between WLAN Security Switches (2270), use the config wps-peers
secure-mode command.
>config wps-peers secure-mode [enable/disable] <MAC addr>
Syntax
show
wps-peers
secure-mode
enable/disable
Display configurations.
Wireless Protection System Peer
Management.
The WPS peer group parameters
Enable/disable WPS Peer messages between
WLAN — Security Switches (2270).
Defaults
(none)
Examples
>config wps-peers secure-mode enable
Related Commands
show wps, show wps-config, config wps, config wps-peers
Saving Configurations
Saving Configurations
Use the save config command before you log out of the Command Line Interface to save all previous configuration
changes.
•
“save config” on page 543
save config
save config
To save WLAN — Security Switch (2270) configurations, use the save config command.
>save config
Nortel 2200 Series Product Guide
544 Clearing Configurations, Logfiles, and Other Actions
Syntax
save
config
Save
Configuration changes.
Defaults
(none)
Examples
>save config
Are you sure you want to save? y/n y
Configuration Saved!
Related Commands
show sysinfo
Clearing Configurations, Logfiles, and Other Actions
Clearing Configurations, Logfiles, and Other Functions
To clear existing configurations, logfiles, and other functions, use the clear commands.
•
“clear ap-config” on page 544
•
“clear arp” on page 545
•
“clear config” on page 545
•
“clear stats port” on page 546
•
“clear stats mobility” on page 546
•
“clear stats switch” on page 547
•
“clear redirect-url” on page 547
•
“clear transfer” on page 548
•
“clear traplog” on page 548
•
“clear webimage” on page 549
•
“clear webmessage” on page 549
•
“clear webtitle” on page 549
•
“clear ext-webauth-url” on page 550
clear ap-config
clear ap-config
To restore a WLAN — Access Port (223x) configuration database to its factory default, use the clear ap-config
command.
>clear ap-config <WLAN — Access Port (223x)>
Syntax
clear
ap-config
320298-A Rev 00
Clear.
WLAN — Access Port (223x) configuration.
clear arp 545
<WLAN — Access Port (223x)>Name of the WLAN — Access Port
(223x).
Defaults
N/A
Examples
>clear ap-config aire1
Related Commands
clear transfer, clear download filename, clear download mode, clear download path, clear
download serverip, clear download start, clear upload datatype, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
clear arp
clear arp
To clear the ARP table to a WLAN — Access Port (223x) its factory default, use the clear arp command.
>clear arp
Syntax
clear arp
Command action.
Defaults
N/A
Examples
>clear arp
Are you sure you want to clear the ARP cache? (y/n)
Related Commands
clear transfer, clear download filename, clear download mode, clear download path, clear
download serverip, clear download start, clear upload datatype, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
clear config
clear config
To remove the WLAN — Security Switch (2270) configuration, use the clear config command.
>clear config
Syntax
clear
config
Clear.
WLAN — Security Switch (2270)
configuration.
Defaults
N/A
Examples
>clear config
Nortel 2200 Series Product Guide
546 clear stats mobility
Are you sure you want to clear the configuration? y/n
n
Configuration not cleared!
Related Commands
clear transfer, clear download filename, clear download mode, clear download path, clear
download serverip, clear download start, clear upload datatype, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
clear stats mobility
clear stats mobility
To clear the mobility statistics counters for a specific port, use the clear stats mobility command.
>clear stats mobility
Syntax
clear
stats
mobility
Clear.
Statistics counters.
Mobility statistics.
Defaults
N/A
Examples
>clear stats mobility
Mobility stats cleared.
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download serverip, clear download start, clear upload datatype, clear upload filename, clear upload mode, clear upload path, clear upload serverip, clear upload start, clear
stats port
clear stats port
clear stats port
To clear the statistics counters for a specific port, use the clear stats port command.
>clear stats port <port>
Syntax
clear
stats
port
<port>
Clear.
Statistics counters.
Port level.
WLAN — Security Switch (2270) port.
Defaults
N/A
Examples
>clear stats port 9
Are you sure you want to clear the port stats? y/n
320298-A Rev 00
clear stats switch 547
y
Port stats cleared!
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download serverip, clear download start, clear upload datatype, clear upload filename, clear upload mode, clear upload path, clear upload serverip, clear upload start
clear stats switch
clear stats switch
To clear all statistics counters on the WLAN — Security Switch (2270), use the clear stats switch command.
>clear stats switch
Syntax
clear
stats
switch
Clear.
Statistics counters.
WLAN — Security Switch (2270).
Defaults
N/A
Examples
>clear stats switch
Are you sure you want to clear the switch stats? y/n
y
Switch stats cleared!
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download path, clear download start, clear upload datatype, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
clear redirect-url
clear redirect-url
To clear the custom Web Authentication Redirect URL on the WLAN — Security Switch (2270), use the clear redirect-url command.
>clear redirect-url
Syntax
clear redirect-url
Command action.
Defaults
N/A
Examples
>clear redirect-url
URL cleared.
Nortel 2200 Series Product Guide
548 clear transfer
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download path, clear download start, clear upload datatype, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
clear transfer
clear transfer
To clear transfer information, use the clear transfer command.
>clear transfer
Syntax
clear
transfer
Clear.
Transfer data.
Defaults
N/A
Examples
>clear transfer
Are you sure you want to clear the transfer information? (y/
n)
y
Transfer Information Cleared!
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download path, clear download serverip, clear upload datatype, clear download filename, clear download mode, clear download path, clear download serverip, clear
download start
clear traplog
clear traplog
To clear traplog information, use the clear traplog command.
>clear traplog
Syntax
clear
traplog
Clear.
Trap logs.
Defaults
N/A
Examples
>clear traplog
Are you sure you want to clear the trap log? (y/n)
y
Trap Log Cleared!
320298-A Rev 00
clear webimage 549
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download path, clear download serverip, clear download start, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
clear webimage
clear webimage
To clear the custom Web Authentication Image, use the clear webimage command.
>clear webimage
Syntax
clear webimage
Command action.
Defaults
N/A
Examples
>clear webimage
Logo not installed.
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download path, clear download serverip, clear download start, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
clear webmessage
clear webmessage
To clear the custom Web Authentication Message, use the clear webmessage command.
>clear webmessage
Syntax
clear webmessage
Command action.
Defaults
N/A
Examples
>clear webmessage
Message cleared.
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download path, clear download serverip, clear download start, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
clear webtitle
clear webtitle
To clear the custom Web Authentication Title, use the clear webtitle command.
>clear webtitle
Nortel 2200 Series Product Guide
550 clear ext-webauth-url
Syntax
clear webtitle
Command action.
Defaults
N/A
Examples
>clear webtitle
Title cleared.
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download path, clear download serverip, clear download start, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
clear ext-webauth-url
clear ext-webauth-url
To clear the custom Web Authentication URL, use the clear ext-webauth-url command.
>clear ext-webauth-url
Syntax
clear URL
Command action.
Defaults
N/A
Examples
>clear ext-webauth-url
URL cleared.
Related Commands
clear transfer, clear download datatype, clear download filename, clear download mode,
clear download path, clear download serverip, clear download start, clear upload filename,
clear upload mode, clear upload path, clear upload serverip, clear upload start
Uploading and Downloading Files and Configurations
Uploading and Downloading Files and Configurations
To transfer files to or from the WLAN — Security Switch (2270), use the transfer commands.
•
transfer download
-
“transfer download certpassword” on page 551
-
“transfer download datatype” on page 551
-
“transfer download filename” on page 552
-
“transfer download mode” on page 552
-
“transfer download path” on page 553
-
“transfer download serverip” on page 553
-
“transfer download start” on page 554
320298-A Rev 00
transfer download certpassword 551
•
-
“transfer download tftpPktTimeout” on page 555
-
“transfer download tftpMaxRetries” on page 555
transfer upload
-
“transfer upload datatype” on page 555
-
“transfer upload filename” on page 556
-
“transfer upload mode” on page 557
-
“transfer upload path” on page 557
-
“transfer upload serverip” on page 557
-
“transfer upload start” on page 558
transfer download certpassword
transfer download certpassword
To set a certificate’s private password, use the transfer download certpassword command.
>transfer download certpassword [password]
Syntax
transfer
download
certpassword
password
Move a file or configuration.
Download operation to WLAN — Security
Switch (2270).
Certificate’s private key password
Password or blank to clear password
Defaults
N/A
Examples
>transfer download certpassword
Clearing Password
Related Commands
clear transfer, transfer download filename, transfer download mode, transfer download
path, transfer download serverip, transfer download start, transfer upload datatype,
transfer upload filename, transfer upload mode, transfer upload path, transfer upload serverip, transfer upload start
transfer download datatype
transfer download datatype
To set the download data type, use the transfer download datatype command.
>transfer download datatype [code/config/webauthcert/webadmincert/
image]
Syntax
transfer
download
datatype
Move a file or configuration.
Download operation to WLAN — Security
Switch (2270).
Type of data.
Nortel 2200 Series Product Guide
552 transfer download filename
code
config
signature
license
webauthcert
webadmincert
image
WLAN — Security Switch (2270) code.
Configuration file.
Signature file
License file
Authentication certificate.
Administration certificate.
Image
Defaults
N/A
Examples
>transfer datatype code
Related Commands
clear transfer, transfer download filename, transfer download mode, transfer download
path, transfer download serverip, transfer download start, transfer upload datatype,
transfer upload filename, transfer upload mode, transfer upload path, transfer upload serverip, transfer upload start, transfer download datatype image, transfer download start
transfer download filename
transfer download filename
To download a specific file, use the transfer download filename command.
>transfer download filename <filename>
Syntax
transfer
download
filename <filename>
Move a file
Download operation to WLAN — Security
Switch (2270)
Enter filename up to 31 alphanumeric
characters.
Defaults
N/A
Examples
>transfer download filename build603
Related Commands
clear transfer, transfer download datatype, transfer download mode, transfer download
path, transfer download serverip, transfer download start, transfer upload datatype,
transfer upload filename, transfer upload mode, transfer upload path, transfer upload serverip, transfer upload start
transfer download mode
transfer download mode
To download a specific file, use the transfer download mode command.
>transfer download mode <mode>
320298-A Rev 00
transfer download path 553
Syntax
transfer
download mode
<mode>
Move a file.
Download mode for WLAN — Security Switch
(2270).
Enter mode of tftp.
Defaults
N/A
Example
>transfer download mode tftp
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
path, transfer download serverip, transfer download start, transfer upload datatype,
transfer upload filename, transfer upload mode, transfer upload path, transfer upload serverip, transfer upload start
transfer download path
transfer download path
To set a specific path, use the transfer download path command.
>transfer download path <path>
Syntax
transfer
download
path <path>
Move a file
Download operation for WLAN — Security
Switch (2270)
Enter filename directory path.
Defaults
N/A
Example
>transfer download c:\install\version2
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download serverip, transfer download start, transfer upload datatype,
transfer upload filename, transfer upload mode, transfer upload path, transfer upload serverip, transfer upload start
transfer download serverip
transfer download serverip
To download a specific server, use the transfer download serverip command.
>transfer download serverip <ip addr>
Syntax
transfer
Move a file
Nortel 2200 Series Product Guide
554 transfer download start
download
serverip <IP addr>
Download operation for WLAN — Security
Switch (2270)
Enter IP address of the server.
Defaults
N/A
Examples
>transfer download serverip 175.34.56.78
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download start, transfer upload datatype, transfer
upload filename, transfer upload mode, transfer upload path, transfer upload serverip,
transfer upload start
transfer download start
transfer download start
To start a download transfer, use the transfer download start command.
>transfer download start
Syntax
transfer
download start
Move a file
Download start operation for WLAN —
Security Switch (2270)
Defaults
N/A
Example
>transfer download start
Mode........................................... TFTP
Data Type...................................... Code
TFTP Server IP................................. 172.16.16.78
TFTP Packet Timeout............................ 6
TFTP Max Retries............................... 10
TFTP Path...................................... c:\find\off/
TFTP Filename...................... NORTEL_400_2_2_148_2.aes
This may take some time.
Are you sure you want to start? (y/n) n
Transfer Cancelled
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download serverip, transfer upload datatype,
transfer download filename, transfer download mode, transfer download path, transfer
download serverip, transfer download start
320298-A Rev 00
transfer download tftpPktTimeout 555
transfer download tftpPktTimeout
transfer download tftpPktTimeout
To enter the tftp Packet Timeout in secs between 1 and 254, use the transfer download tftpPktTimeout command.
>transfer download tftpPktTimeout <time out>
Syntax
transfer
Move a file
download tftpPktTimeout The tftp Packet Timeout in secs between 1
and 254.
Defaults
N/A
Example
>transfer download tftpPktTimeout 55
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download serverip, transfer upload datatype,
transfer download filename, transfer download mode, transfer download path, transfer
download serverip, transfer download start
transfer download tftpMaxRetries
transfer download tftpMaxRetries
To enter the tftp Packet Max Retries in secs between 1 and 254, use the transfer download tftpMax Timeout command.
>transfer download tftpPktMaxTimeout <time out>
Syntax
transfer
Move a file
download tftpPktMaxTimeoutThe tftp Packet Maximum timeout in secs
between 1 and 254.
Defaults
N/A
Example
>transfer download tftpPktMaxTimeout 55
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download serverip, transfer upload datatype,
transfer download filename, transfer download mode, transfer download path, transfer
download serverip, transfer download start
transfer upload datatype
transfer upload datatype
To set the upload data type, use the transfer upload datatype command.
>transfer upload datatype [config/crashfile/errorlog/systemtrace/
traplog]
Nortel 2200 Series Product Guide
556 transfer upload filename
Syntax
transfer
upload
datatype
errorlog
crashfile
signature
systemtrace
config
traplog
Move a file or configuration.
Upload operation to WLAN — Security Switch
(2270).
Type of data
Error log file
Crash file
Signature file
System trace file
Configuration log
Trap log
Defaults:
N/A
Examples
>transfer upload datatype errorlog
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download serverip, transfer download start,
transfer upload filename, transfer upload mode, transfer upload path, transfer upload serverip, transfer upload start
transfer upload filename
transfer upload filename
To upload a specific file, use the transfer upload filename command.
>transfer upload filename <filename>
Syntax
transfer
upload
filename <filename>
Move a file
Upload operation to WLAN — Security Switch
(2270)
Enter filename up to 31 alphanumeric
characters.
Defaults
N/A
Examples
>transfer upload filename build603
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download serverip, transfer download start,
transfer upload datatype, transfer upload mode, transfer upload path, transfer upload serverip, transfer upload start
320298-A Rev 00
transfer upload mode 557
transfer upload mode
transfer upload mode
To upload a specific file, use the transfer upload mode command.
>transfer upload mode <mode>
Syntax
transfer
upload mode
<mode>
Move a file
Download mode for WLAN — Security Switch
(2270)
Enter mode of tftp.
Defaults
N/A
Examples
>transfer upload mode tftp
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download serverip, transfer download start,
transfer upload datatype, transfer upload filename, transfer upload path, transfer upload
serverip, transfer upload start
transfer upload path
transfer upload path
To set a specific upload path, use the transfer upload path command.
>transfer upload path <path>
Syntax
transfer
upload
path <path>
Move a file
Upload operation for WLAN — Security
Switch (2270)
Enter filename directory path up to 31
characters.
Defaults
N/A
Examples
>transfer upload path c:\install\version2
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download serverip, transfer download start,
transfer upload datatype, transfer upload filename, transfer upload mode, transfer upload
serverip, transfer upload start
transfer upload serverip
transfer upload serverip
To upload a specific server, use the transfer upload serverip command.
Nortel 2200 Series Product Guide
558 transfer upload start
>transfer upload serverip <ip addr>
Syntax
transfer
upload
serverip <IP addr>
Move a file
Upload operation for WLAN — Security
Switch (2270)
Enter IP address of the server.
Defaults
N/A
Examples
>transfer upload serverip 175.34.56.78
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download serverip, transfer download start,
transfer upload datatype, transfer upload filename, transfer upload mode, transfer upload
path, transfer upload start
transfer upload start
transfer upload start
To start an upload transfer, use the transfer upload start command.
>transfer download start
Syntax
transfer
upload start
Move a file
Download start operation for WLAN —
Security Switch (2270)
Defaults
N/A
Examples
>transfer upload start
Mode........................................... TFTP
Data Type...................................... Code
TFTP Server IP................................. 172.16.16.78
TFTP Packet Timeout............................ 6
TFTP Max Retries............................... 10
TFTP Path...................................... c:\find\off/
TFTP Filename...................... NORTEL_400_2_2_148_2.aes
This may take some time.
Are you sure you want to start? (y/n) n
Transfer Cancelled
320298-A Rev 00
Troubleshooting 559
Related Commands
clear transfer, transfer download datatype, transfer download filename, transfer download
mode, transfer download path, transfer download serverip, transfer download start,
transfer upload datatype, transfer upload filename, transfer upload mode, transfer upload
path, transfer upload serverip
Troubleshooting
Troubleshooting
Use the debug commands to manage system debugging.
CAUTION: Debug commands are reserved for use only under direction of Nortel personnel. Please
do not use these commands without direction from Nortel.
Nortel 2200 Series Product Guide
560 Troubleshooting
320298-A Rev 00
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising