MRW55-MRW55M User Guide 042805

MRW55-MRW55M User Guide 042805
MRW55
MRW55M
Dual-Band Outdoor
Access Point/Bridge
User Guide
User Guide
Dual-Band Outdoor Access Point/Bridge
IEEE 802.11a/b/g Access Point / Bridge
Master Unit with External Antenna Options (MRW55M)
Slave Unit with Integrated High-Gain Antenna (MRW55)
MRW55
MRW55M
E022005-R01
Compliances
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference in a residential installation. This
equipment generates, uses and can radiate radio frequency energy and, if not installed
and used in accordance with the instructions, may cause harmful interference to radio
communications. However, there is no guarantee that interference will not occur in a
particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the
user is encouraged to try to correct the interference by one of the following measures:
• Reorient or relocate the receiving antenna
• Increase the separation between the equipment and receiver
• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected
• Consult the dealer or an experienced radio/TV technician for help
Warnings: 1.Wear an anti-static wrist strap or take other suitable measures to prevent
electrostatic discharge when handling this equipment.
2.When connecting this device to a power outlet, connect the field ground
lead on the tri-pole power plug to a valid earth ground line to prevent
electrical hazards.
IMPORTANT NOTE: FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled
environment. This equipment should be installed and operated with a minimum distance
of 20 centimeters (8 inches) between the radiator and your body. This transmitter must
not be co-located or operating in conjunction with any other antenna or transmitter.
Wireless 5 GHz Band Statement:
As the access point can operate in the 5150-5250 MHz frequency band it is limited by the
FCC, Industry Canada and some other countries to indoor use only so as to reduce the
potential for harmful interference to co-channel Mobile Satellite systems.
High power radars are allocated as primary users (meaning they have priority) of the
5250-5350 MHz and 5650-5850 MHz bands. These radars could cause interference and/
or damage to the access point.
i
EC Conformance Declaration
0560
Marking by the above symbol indicates compliance with the Essential Requirements of
the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the
following conformance standards:
•
•
•
•
EN 60950 (IEC 60950) - Product Safety
EN 301 893 - Technical requirements for 5 GHz radio equipment
EN 300 328 - Technical requirements for 2.4 GHz radio equipment
EN 301 489-1 / EN 301 489-17 - EMC requirements for radio equipment
Countries of Operation & Conditions of Use in the European
Community
This device is intended to be operated in all countries of the European Community.
Requirements for indoor vs. outdoor operation, license requirements and allowed
channels of operation apply in some countries as described below:
Note: The user must use the configuration utility provided with this product to ensure the
channels of operation are in conformance with the spectrum usage rules for
European Community countries as described below.
• This device requires that the user or installer properly enter the current country of
operation in the command line interface as described in the user guide, before operating
this device.
• This device will automatically limit the allowable channels determined by the current
country of operation. Incorrectly entering the country of operation may result in illegal
operation and may cause harmful interference to other system. The user is obligated to
ensure the device is operating according to the channel limitations, indoor/outdoor
restrictions and license requirements for each European Community country as
described in this document.
• This device employs a radar detection feature required for European Community
operation in the 5 GHz band. This feature is automatically enabled when the country of
operation is correctly configured for any European Community country. The presence of
nearby radar operation may result in temporary interruption of operation of this device.
The radar detection feature will automatically restart operation on a channel free of
radar.
• The 5 GHz Turbo Mode feature is not allowed for operation in any European Community
country. The current setting for this feature is found in the 5 GHz 802.11a Radio Settings
Window as described in the user guide.
• The 5 GHz radio's Auto Channel Select setting described in the user guide must always
remain enabled to ensure that automatic 5 GHz channel selection complies with
European requirements. The current setting for this feature is found in the 5 GHz
802.11a Radio Settings Window as described in the user guide.
ii
• This device may be operated indoors or outdoors in all countries of the European
Community using the 2.4 GHz band: Channels 1 - 13, except where noted below.
- In Italy the end-user must apply for a license from the national spectrum authority to
operate this device outdoors.
- In Belgium outdoor operation is only permitted using the 2.46 - 2.4835 GHz band:
Channel 13.
- In France outdoor operation is only permitted using the 2.4 - 2.454 GHz band:
Channels 1 - 7
Operation Using 5 GHz Channels in the European Community
The user/installer must use the provided configuration utility to check the current channel
of operation and make necessary configuration changes to ensure operation occurs in
conformance with European National spectrum usage laws as described below and
elsewhere in this document.
Allowed 5GHz Channels in Each European Community Country
Allowed Frequency Bands
Allowed Channel Numbers
Countries
5.15 - 5.25 GHz*
36, 40, 44, 48
Austria, Belgium
5.15 - 5.35 GHz*
36, 40, 44, 48, 52, 56, 60, 64
France, Switzerland,
Liechtenstein
5.15 - 5.35* & 5.470 - 5.725
GHz
36, 40, 44, 48, 52, 56, 60, 64,
100, 104, 108, 112, 116, 120,
124, 128, 132, 136, 140
Denmark, Finland,
Germany, Iceland,
Ireland, Italy,
Luxembourg,
Netherlands, Norway,
Portugal, Spain,
Sweden, U.K.
5 GHz Operation Not Allowed
None
Greece
* Outdoor operation is not allowed using 5.15-5.35 GHz bands (Channels 36 - 64).
Channels 36 - 64 are currently not available for use.
iii
Safety Compliance
Power Cord Safety
Please read the following safety information carefully before installing the device:
Warning: Installation and removal of the unit must be carried out by qualified personnel
only.
• The unit must be connected to an earthed (grounded) outlet to comply with international
safety standards.
• Do not connect the unit to an A.C. outlet (power supply) without an earth (ground)
connection.
• The appliance coupler (the connector to the unit and not the wall plug) must have a
configuration for mating with an EN 60320/IEC 320 appliance inlet.
• The socket outlet must be near to the unit and easily accessible. You can only remove
power from the unit by disconnecting the power cord from the outlet.
• This unit operates under SELV (Safety Extra Low Voltage) conditions according to IEC
60950. The conditions are only maintained if the equipment to which it is connected also
operates under SELV conditions.
France and Peru only
This unit cannot be powered from IT† supplies. If your supplies are of IT type, this unit
must be powered by 230 V (2P+T) via an isolation transformer ratio 1:1, with the
secondary connection point labelled Neutral, connected directly to earth (ground).
†
Impédance à la terre
Important! Before making connections, make sure you have the correct cord set. Check
it (read the label on the cable) against the following:
Power Cord Set
U.S.A. and
Canada
The cord set must be UL-approved and CSA certified.
The minimum specifications for the flexible cord are:
- No. 18 AWG - not longer than 2 meters, or 16 AWG.
- Type SV or SJ
- 3-conductor
The cord set must have a rated current capacity of at least 10 A
The attachment plug must be an earth-grounding type with
NEMA 5-15P (15 A, 125 V) or NEMA 6-15P (15 A, 250 V)
configuration.
Denmark
The supply plug must comply with Section 107-2-D1, Standard
DK2-1a or DK2-5a.
Switzerland
The supply plug must comply with SEV/ASE 1011.
U.K.
The supply plug must comply with BS1363 (3-pin 13 A) and be
fitted with a 5 A fuse which complies with BS1362.
The mains cord must be <HAR> or <BASEC> marked and be of
type HO3VVF3GO.75 (minimum).
iv
Power Cord Set
Europe
The supply plug must comply with CEE7/7 (“SCHUKO”).
The mains cord must be <HAR> or <BASEC> marked and be of
type HO3VVF3GO.75 (minimum).
IEC-320 receptacle.
Veuillez lire à fond l'information de la sécurité suivante avant d'installer l’appareil:
AVERTISSEMENT: L’installation et la dépose de ce groupe doivent être confiés à un
personnel qualifié.
• Ne branchez pas votre appareil sur une prise secteur (alimentation électrique) lorsqu'il
n'y a pas de connexion de mise à la terre (mise à la masse).
• Vous devez raccorder ce groupe à une sortie mise à la terre (mise à la masse) afin de
respecter les normes internationales de sécurité.
• Le coupleur d’appareil (le connecteur du groupe et non pas la prise murale) doit
respecter une configuration qui permet un branchement sur une entrée d’appareil EN
60320/IEC 320.
• La prise secteur doit se trouver à proximité de l’appareil et son accès doit être facile.
Vous ne pouvez mettre l’appareil hors circuit qu’en débranchant son cordon électrique
au niveau de cette prise.
• L’appareil fonctionne à une tension extrêmement basse de sécurité qui est conforme à
la norme IEC 60950. Ces conditions ne sont maintenues que si l’équipement auquel il
est raccordé fonctionne dans les mêmes conditions.
France et Pérou uniquement:
Ce groupe ne peut pas être alimenté par un dispositif à impédance à la terre. Si vos
alimentations sont du type impédance à la terre, ce groupe doit être alimenté par une
tension de 230 V (2 P+T) par le biais d’un transformateur d’isolement à rapport 1:1, avec
un point secondaire de connexion portant l’appellation Neutre et avec raccordement
direct à la terre (masse).
Cordon électrique - Il doit être agréé dans le pays d’utilisation
Etats-Unis et
Canada:
Le cordon doit avoir reçu l’homologation des UL et un certificat
de la CSA.
Les spe'cifications minimales pour un cable flexible sont AWG
No. 18, ouAWG No. 16 pour un cable de longueur infe'rieure a`
2 me'tres.
- type SV ou SJ
- 3 conducteurs
Le cordon doit être en mesure d’acheminer un courant nominal
d’au moins 10 A.
La prise femelle de branchement doit être du type à mise à la
terre (mise à la masse) et respecter la configuration NEMA
5-15P (15 A, 125 V) ou NEMA 6-15P (15 A, 250 V).
Danemark:
La prise mâle d’alimentation doit respecter la section 107-2 D1
de la norme DK2 1a ou DK2 5a.
v
Cordon électrique - Il doit être agréé dans le pays d’utilisation
Suisse:
La prise mâle d’alimentation doit respecter la norme SEV/ASE
1011.
Europe
La prise secteur doit être conforme aux normes CEE 7/7
(“SCHUKO”)
LE cordon secteur doit porter la mention <HAR> ou <BASEC> et
doit être de type HO3VVF3GO.75 (minimum).
Bitte unbedingt vor dem Einbauen des Geräts die folgenden
Sicherheitsanweisungen durchlesen (Germany):
WARNUNG: Die Installation und der Ausbau des Geräts darf nur durch Fachpersonal
erfolgen.
• Das Gerät sollte nicht an eine ungeerdete Wechselstromsteckdose angeschlossen
werden.
• Das Gerät muß an eine geerdete Steckdose angeschlossen werden, welche die
internationalen Sicherheitsnormen erfüllt.
• Der Gerätestecker (der Anschluß an das Gerät, nicht der Wandsteckdosenstecker) muß
einen gemäß EN 60320/IEC 320 konfigurierten Geräteeingang haben.
• Die Netzsteckdose muß in der Nähe des Geräts und leicht zugänglich sein. Die
Stromversorgung des Geräts kann nur durch Herausziehen des Gerätenetzkabels aus
der Netzsteckdose unterbrochen werden.
• Der Betrieb dieses Geräts erfolgt unter den SELV-Bedingungen
(Sicherheitskleinstspannung) gemäß IEC 60950. Diese Bedingungen sind nur gegeben,
wenn auch die an das Gerät angeschlossenen Geräte unter SELV-Bedingungen
betrieben werden.
vi
Stromkabel. Dies muss von dem Land, in dem es benutzt wird geprüft werden:
U.S.A und Canada
Der Cord muß das UL gepruft und war das CSA beglaubigt.
Das Minimum spezifikation fur der Cord sind:
- Nu. 18 AWG - nicht mehr als 2 meter, oder 16 AWG.
- Der typ SV oder SJ
- 3-Leiter
Der Cord muß haben eine strombelastbarkeit aus wenigstens
10 A
Dieser Stromstecker muß hat einer erdschluss mit der typ
NEMA 5-15P (15A, 125V) oder NEMA 6-15P (15A, 250V)
konfiguration.
Danemark
Dieser Stromstecker muß die ebene 107-2-D1, der standard
DK2-1a oder DK2-5a Bestimmungen einhalten.
Schweiz
Dieser Stromstecker muß die SEV/ASE 1011Bestimmungen
einhalten.
Europe
Das Netzkabel muß vom Typ HO3VVF3GO.75
(Mindestanforderung) sein und die Aufschrift <HAR> oder
<BASEC> tragen.
Der Netzstecker muß die Norm CEE 7/7 erfüllen (”SCHUKO”).
vii
viii
Contents
Chapter 1: Introduction
Package Checklist
Hardware Description
Integrated High-Gain Antenna
External Antenna Options
Ethernet Port
Power Injector Module
Receive Signal Strength Indicator (RSSI) BNC Connector
Grounding Point
Wall- and Pole-Mounting Bracket Kits
System Configuration
Features and Benefits
System Defaults
1-1
1-2
1-2
1-3
1-3
1-4
1-4
1-5
1-5
1-5
1-5
1-6
1-6
Chapter 2: Network Configuration
Access Point Topologies
Ad Hoc Wireless LAN (no Access Point or Bridge)
Infrastructure Wireless LAN
Infrastructure Wireless LAN for Roaming Wireless PCs
Bridge Link Topologies
Point-to-Point Configuration
Point-to-Multipoint Configuration
2-1
2-1
2-1
2-2
2-3
2-4
2-4
2-4
Chapter 3: Bridge Link Planning
Data Rates
Radio Path Planning
Antenna Height
Antenna Position and Orientation
Radio Interference
Weather Conditions
Ethernet Cabling
Grounding
3-1
3-1
3-2
3-4
3-5
3-6
3-6
3-7
3-7
Chapter 4: Hardware Installation
Testing Basic Link Operation
Mount the Unit
Using the Pole-Mounting Bracket
Using the Wall-Mounting Bracket
Connect External Antennas
Connect Cables to the Unit
Connect the Power Injector
4-1
4-1
4-1
4-1
4-3
4-4
4-5
4-5
ix
Contents
Align Antennas
Chapter 5: Initial Configuration
Initial Setup through the CLI
Initial Configuration Steps
Using the Web-based Management Setup Wizard
Chapter 6: System Configuration
Advanced Configuration
System Identification
TCP / IP Settings
Radius
PPPoE Settings
Authentication
Filter Control
SNMP
Administration
System Log
Wireless Distribution System (WDS)
Bridge
Spanning Tree Protocol (STP)
RSSI
Radio Interface
Radio Settings A (802.11a)
Radio Settings G (802.11g)
Security (Bridge Mode)
Security (Access Point Mode)
Status Information
AP Status
Station Status
Event Logs
Chapter 7: Command Line Interface
Using the Command Line Interface
Accessing the CLI
Telnet Connection
Entering Commands
Keywords and Arguments
Minimum Abbreviation
Command Completion
Getting Help on Commands
Partial Keyword Lookup
Negating the Effect of Commands
Using Command History
x
4-6
5-1
5-1
5-2
5-3
6-1
6-2
6-3
6-5
6-7
6-9
6-11
6-18
6-20
6-23
6-27
6-31
6-33
6-36
6-40
6-41
6-42
6-46
6-48
6-53
6-63
6-64
6-66
6-68
7-1
7-1
7-1
7-1
7-2
7-2
7-2
7-2
7-2
7-3
7-3
7-3
Contents
Understanding Command Modes
Exec Commands
Configuration Commands
Command Line Processing
Command Groups
General Commands
configure
end
exit
ping
reset
show history
show line
System Management Commands
country
prompt
system name
username
password
ip http port
ip http server
show system
show version
System Logging Commands
logging on
logging host
logging console
logging level
logging facility-type
show logging
System Clock Commands
sntp-server ip
sntp-server enable
sntp-server date-time
sntp-server daylight-saving
sntp-server timezone
show sntp
SNMP Commands
snmp-server community
snmp-server contact
snmp-server enable server
snmp-server host
snmp-server location
show snmp
Flash/File Commands
7-4
7-4
7-4
7-5
7-6
7-6
7-7
7-7
7-7
7-8
7-9
7-9
7-10
7-10
7-11
7-12
7-12
7-13
7-13
7-14
7-14
7-15
7-15
7-16
7-16
7-17
7-17
7-18
7-18
7-19
7-20
7-20
7-21
7-21
7-22
7-22
7-23
7-24
7-24
7-25
7-25
7-26
7-27
7-27
7-28
xi
Contents
bootfile
copy
delete
dir
RADIUS Client
radius-server address
radius-server port
radius-server key
radius-server retransmit
radius-server timeout
show radius
Authentication
802.1x
802.1x broadcast-key-refresh-rate
802.1x session-key-refresh-rate
802.1x session-timeout
802.1x supplicant
address filter default
address filter entry
address filter delete
mac-authentication server
mac-authentication session-timeout
show authentication
WDS Commands
wds channel
wds mac-address
wds enable
show wds
Bridge Commands
bridge timeout
bridge stp-bridge spanning-tree
bridge stp-bridge forward-time
bridge stp-bridge hello-time
bridge stp-bridge max-age
bridge stp-bridge priority
bridge stp-port path-cost
bridge stp-port priority
bridge stp-port portfast
bridge stp-port spanning-disabled
show bridge
Filtering Commands
filter local-bridge
filter ap-manage
filter ethernet-type enable
filter ethernet-type protocol
xii
7-28
7-29
7-30
7-30
7-31
7-32
7-32
7-33
7-33
7-34
7-34
7-35
7-35
7-36
7-37
7-38
7-38
7-39
7-40
7-40
7-41
7-41
7-42
7-42
7-43
7-43
7-44
7-44
7-46
7-46
7-47
7-47
7-48
7-48
7-49
7-50
7-50
7-51
7-52
7-52
7-53
7-53
7-54
7-54
7-55
Contents
show filters
PPPoE Commands
ip pppoe
pppoe ip allocation mode
pppoe ipcp dns
pppoe lcp echo-interval
pppoe lcp echo-failure
pppoe local ip
pppoe remote ip
pppoe username
pppoe password
pppoe service-name
pppoe restart
show pppoe
Ethernet Interface Commands
interface ethernet
dns server
ip address
ip dhcp
shutdown
show interface ethernet
Wireless Interface Commands
interface wireless
description
ssid
closed-system
speed
channel
turbo
beacon-interval
dtim-period
fragmentation-length
rts-threshold
transmit-power
max-association
authentication
encryption
key
transmit-key
multicast-cipher
wpa-clients
wpa-mode
wpa-preshared-key
wpa-psk-type
shutdown
7-56
7-56
7-57
7-57
7-58
7-58
7-59
7-60
7-60
7-61
7-61
7-62
7-62
7-63
7-63
7-64
7-64
7-65
7-66
7-66
7-67
7-68
7-69
7-69
7-70
7-70
7-71
7-71
7-72
7-72
7-73
7-74
7-74
7-75
7-76
7-76
7-77
7-78
7-79
7-80
7-81
7-82
7-82
7-83
7-84
xiii
Contents
show interface wireless
show station
IAPP Commands
iapp
VLAN Commands
vlan
native-vlanid
7-84
7-85
7-86
7-86
7-86
7-87
7-87
Appendix A: Troubleshooting
A-1
Appendix B: Specifications
General Specifications
Antenna Specifications
17 dBi Integrated Panel
8 dBi Omnidirectional (2.4 GHz)
8 dBi Omnidirectional (5 GHz)
13.5 dBi 120-Degree Sector
16.5 dBi 60-Degree Sector
23 dBi High-Gain Panel
B-1
B-1
B-3
B-3
B-4
B-6
B-7
B-9
B-11
Appendix C: Cables and Pinouts
Twisted-Pair Cable Assignments
10/100BASE-TX Pin Assignments
Straight-Through Wiring
Crossover Wiring
8-Pin DIN Connector Pinout
8-Pin DIN to RJ-45 Cable Wiring
C-1
C-1
C-2
C-2
C-3
C-3
C-4
Appendix D: Customer Support
Contact Information
D-1
D-1
Glossary
Index
xiv
Chapter 1: Introduction
The MRV Dual-band Outdoor Access Point / Bridge system consists of two models
that provide point-to-point or point-to-multipoint bridge links between remote
Ethernet LANs, and wireless access point services for clients in the local LAN area:
• MRW55 – Includes an integrated high-gain antenna for the 802.11a radio and is
designed to operate as a “Slave” bridge in point-to-multipoint configurations, or
provide a high-speed point-to-point wireless link between two sites that can be up
to 15.4 km (9.6 miles) apart. The 802.11b/g radio requires an external antenna
option.
• MRW55M – Provides only external antenna options and is designed to operate as
the “Master” bridge in point-to-multipoint configurations, supporting wireless bridge
connections to as many as 16 MRW55 Slave units.
Each model is housed in a weatherproof enclosure for mounting outdoors and
includes its own brackets for attaching to a wall, pole, radio mast, or tower structure.
The unit is powered through its Ethernet cable connection from a power injector
module that is installed indoors.
The wireless bridge system offers a fast, reliable, and cost-effective solution for
connectivity between remote Ethernet wired LANs or to provide Internet access to
an isolated site. The system is also easy to install and operate, ideal for situations
where a wired link may be difficult or expensive to deploy. The wireless bridge
connection provides data rates of up to 108 Mbps.
In addition, both wireless bridge models offer full network management capabilities
through an easy-to-use web interface, a command-line interface, and support for
Simple Network Management Protocol (SNMP) tools.
Radio Characteristics – The IEEE 802.11a and 802.11g standards use a radio
modulation technique known as Orthogonal Frequency Division Multiplexing
(OFDM), and a shared collision domain (CSMA/CA). The 802.11a standard operates
in the 5 GHz Unlicensed National Information Infrastructure (UNII) band, and the
802.11g standard in the 2.4 GHz band.
IEEE 802.11g includes backward compatibility with the IEEE 802.11b standard.
IEEE 802.11b also operates at 2.4 GHz, but uses Direct Sequence Spread
Spectrum (DSSS) and Complementary Code Keying (CCK) modulation technology
to achieve a communication rate of up to 11 Mbps.
The wireless bridge provides a 54 Mbps half-duplex connection for each active
channel (up to 108 Mbps in turbo mode on the 802.11a interface).
1-1
1
Introduction
Package Checklist
The Dual-band Outdoor Access Point / Bridge package includes:
• One Dual-band Outdoor Access Point / Bridge (MRW55 or MRW55M)
• One Category 5 network cable, length 100 ft (30 m)
• One power injector module and power cord
• One N-type RF coaxial cable, two for MRW55M (optional)
• Outdoor pole-mounting bracket kit
• Outdoor wall-mounting bracket kit (optional)
• This User Guide
Inform your dealer if there are any incorrect, missing or damaged parts. If possible,
retain the carton, including the original packing materials. Use them again to repack
the product in case there is a need to return it.
Hardware Description
Bottom View
Ethernet Port
RSSI Connector with
Protective Cap
Grounding Point
Screw
Integrated Antenna
Top View (MRW55)
N-Type External
Antenna Connector
(2.4 GHz)
1-2
N-Type External
Antenna Connector
(2.4 GHz)
1
Hardware Description
Top View (MRW55M)
N-Type External
Antenna Connector
(2.4 GHz)
N-Type External
Antenna Connector
(5 GHz)
Integrated High-Gain Antenna
The MRW55 wireless bridge includes an integrated high-gain (17 dBi) flat-panel
antenna for 5 GHz operation. The antenna can provide a direct line-of-sight link up
to 15.4 km (9.6 miles) with a 36 Mbps data rate.
External Antenna Options
The MRW55M Master bridge unit does not include an integrated antenna, but
provides various external antenna options for both 5 GHz and 2.4 GHz operation. In
a point-to-multipoint configuration, an external high-gain omnidirectional, sector, or
high-gain panel antenna can be attached to communicate with bridges spread over
a wide area. The MRW55 and MRW55M units both require the 2.4 GHz 8 dBi
omnidirectional external antenna for 2.4 GHz operation. The following table
summarizes the external antenna options:
Antenna Type
Gain (dBi) HPBW*
Horizontal
HPBW*
Vertical
Polarization
Max Range/Speed
5 GHz Omnidirectional
8
360
12
Linear, vertical
3.2 km at 6 Mbps
5 GHz 120-Degree Sector
14
120
6
Linear, vertical
14.5 km at 6 Mbps
5 GHz 60-Degree Sector
17
60
6
Linear, vertical
28 km at 6 Mbps
5 GHz High-Gain Panel
23
9
9
Linear
28 km at 36 Mbps
2.4 GHz Omnidirectional
8
360
15
Linear, vertical
7.6 km at 6 Mbps
* Half-power beam width in degrees
External antennas connect to the N-type RF connectors on the wireless bridge using
the provided coaxial cables.
1-3
1
Introduction
Ethernet Port
The wireless bridge has one 10BASE-T/100BASE-TX 8-pin DIN port that connects
to the power injector module using the included Ethernet cable. The Ethernet port
connection provides power to the wireless bridge as well as a data link to the local
network.
The wireless bridge appears as an Ethernet node and performs a bridging function
by moving packets from the wired LAN to the remote end of the wireless bridge link.
Note: The power injector module does not support Power over Ethernet (PoE) based on
the IEEE 802.3af standard. The wireless bridge unit must always be powered on
by being connected to the power injector module.
Power Injector Module
The wireless bridge receives power through its network cable connection using
power-over-Ethernet technology. A power injector module is included in the wireless
bridge package and provides two RJ-45 Ethernet ports, one for connecting to the
wireless bridge (Output), and the other for connecting to a local LAN switch (Input).
The Input port uses an MDI (i.e., internal straight-through) pin configuration. You can
therefore use straight-through twisted-pair cable to connect this port to most network
interconnection devices such as a switch or router that provide MDI-X ports.
However, when connecting the access point to a workstation or other device that
does not have MDI-X ports, you must use crossover twisted-pair cable.
LED Indicator
Input
Ethernet from
Local Network
AC Power Socket
(Hidden)
Output
Ethernet and Power to
Wireless Bridge
The wireless bridge does not have a power switch. It is powered on when its
Ethernet port is connected to the power injector module, and the power injector
module is connected to an AC power source. The power injector includes one LED
indicator that turns on when AC power is applied.
1-4
1
System Configuration
The power injector module automatically adjusts to any AC voltage between
100-240 volts at 50 or 60 Hz. No voltage range settings are required.
Warning: The power injector module is designed for indoor use only. Never mount the
power injector outside with the wireless bridge unit.
Receive Signal Strength Indicator (RSSI) BNC Connector
The RSSI connector provides an output voltage that is proportional to the received
radio signal strength. A DC voltmeter can be connected the this port to assist in
aligning the antennas at both ends of a wireless bridge link.
Grounding Point
Even though the wireless bridge includes its own built-in lightning protection, it is
important that the unit is properly connected to ground. A grounding screw is
provided for attaching a ground wire to the unit.
Wall- and Pole-Mounting Bracket Kits
The wireless bridge includes bracket kits that can be used to mount the bridge to a
wall, pole, radio mast, or part of a tower structure.
System Configuration
At each location where a unit is installed, it must be connected to the local network
using the power injector module. The following figure illustrates the system
component connections.
External Antenna
Indoor
Outdoor
RF Coaxial Cable
Wireless Bridge Unit
LAN Switch
Ethernet Cable
Ethernet Cable
Power
Injector
AC Power
Ground Wire
1-5
1
Introduction
Features and Benefits
• MRW55 Slave units support a 5 GHz point-to-point wireless link up 15.4 km (at
36 Mbps data rate) using integrated high-gain 17 dBi antennas
• MRW55M Master units support 5 GHz point-to-multipoint links using various
external antenna options
• Both MRW55 and MRW55M units also support access point services for the 5 GHz
and 2.4 GHz radios using various external antenna options
•
•
•
•
•
•
•
Maximum data rate up to 108 Mbps on the 802.11a (5 GHz) radio
Outdoor weatherproof design
IEEE 802.11a and 802.11b/g compliant
Local network connection via 10/100 Mbps Ethernet port
Powered through its Ethernet cable connection to the power injector module
Includes wall- and pole-mount brackets
Security through 64/128/152-bit Wired Equivalent Protection (WEP) or 128-bit
Advanced Encryption Standard (AES) encryption
• Scans all available channels and selects the best channel and data rate based on
the signal-to-noise ratio
• Manageable through an easy-to-use web-browser interface, command line (via
Telnet), or SNMP network management tools
System Defaults
The following table lists some of the wireless bridge’s basic system defaults. To
reset the bridge defaults, use the CLI command “reset configuration” from the Exec
level prompt.
Feature
Parameter
Default
Identification
System Name
MRW55 Wireless Outdoor
Bridge/AP
Administration
User Name
admin
General
TCP/IP
1-6
Password
admin
HTTP Server
Enabled
HTTP Server Port
80
IP Address
192.168.1.1
Subnet Mask
255.255.255.0
Default Gateway
0.0.0.0
Primary DNS IP
0.0.0.0
Secondary DNS IP
0.0.0.0
System Defaults
Feature
Parameter
Default
VLANs
Status
Disabled
Native VLAN ID
1
Filter Control
Ethernet Type
Disabled
SNMP
Status
Enabled
Location
null
Contact
Contact
Community (Read Only)
Public
Community (Read/Write)
Private
Traps
Enabled
Trap Destination IP Address
null
Trap Destination Community Name
Public
Syslog
Disabled
Logging Host
Disabled
Logging Console
Disabled
IP Address / Host Name
0.0.0.0
Logging Level
Informational
Logging Facility Type
16
Spanning Tree
Status
Enabled
Ethernet Interface
Speed and Duplex
Auto
WDS Bridging
Outdoor Bridge Band
A (802.11a)
Wireless Interface
802.11a
Status
Enabled
SSID
MRW55
Turbo Mode
Disabled
Radio Channel
Default to first channel
Auto Channel Select
Enabled
Transmit Power
Full
System Logging
Maximum Data Rate
54 Mbps
Beacon Interval
100 TUs
Data Beacon Rate (DTIM Interval)
2 beacons
RTS Threshold
2347 bytes
1
1-7
1
Introduction
Feature
Parameter
Default
Wireless Security
802.11a
Authentication Type
Open System
AES Encryption
Disabled
WEP Encryption
Disabled
WEP Key Length
128 bits
WEP Key Type
Hexadecimal
WEP Transmit Key Number
1
Status
Enabled
SSID
MRW55
Radio Channel
Default to first channel
Auto Channel Select
Enabled
Transmit Power
Full
Maximum Data Rate
54 Mbps
Beacon Interval
100 TUs
Data Beacon Rate (DTIM Interval)
2 beacons
Wireless Interface
802.11b/g
Wireless Security
802.11b/g
1-8
RTS Threshold
2347 bytes
Authentication Type
Open System
AES Encryption
Disabled
WEP Encryption
Disabled
WEP Key Length
128 bits
WEP Key Type
Hexadecimal
WEP Transmit Key Number
1
WEP Keys
null
WEP Keys
null
Chapter 2: Network Configuration
The Dual-band Outdoor Access Point / Bridge system provides access point or
bridging services through either the 5 GHz or 2.4 GHz radio interfaces.
The wireless bridge units can be used just as normal 802.11a/b/g access points
connected to a local wired LAN, providing connectivity and roaming services for
wireless clients in an outdoor area. Units can also be used purely as bridges
connecting remote LANs. Alternatively, you can employ both access point and
bridging functions together, offering a flexible and convenient wireless solution for
many applications.
This chapter describes the role of wireless bridge in various wireless network
configurations.
Access Point Topologies
Wireless networks support a stand-alone wireless configuration as well as an
integrated configuration with 10/100 Mbps Ethernet LANs.
Wireless network cards, adapters, and access points can be configured as:
• Ad hoc for departmental, SOHO, or enterprise LANs
• Infrastructure for wireless LANs
• Infrastructure wireless LAN for roaming wireless PCs
The 802.11b and 802.11g frequency band, which operates at 2.4 GHz, can easily
encounter interference from other 2.4 GHz devices, such as other 802.11b or g
wireless devices, cordless phones and microwave ovens. If you experience poor
wireless LAN performance, try the following measures:
• Limit any possible sources of radio interference within the service area
• Increase the distance between neighboring access points
• Increase the channel separation of neighboring access points (e.g., up to 3
channels of separation for 802.11b or up to 5 channels for 802.11g)
Ad Hoc Wireless LAN (no Access Point or Bridge)
An ad hoc wireless LAN consists of a group of computers, each equipped with a
wireless adapter, connected through radio signals as an independent wireless LAN.
Computers in a specific ad hoc wireless LAN must therefore be configured to the
same radio channel.
2-1
2
Network Configuration
Ad Hoc Wireless LAN
Notebook with
Wireless USB Adapter
Notebook with
Wireless PC Card
PC with Wireless
PCI Adapter
Infrastructure Wireless LAN
The access point function of the wireless bridge provides access to a wired LAN for
802.11a/b/g wireless workstations. An integrated wired/wireless LAN is called an
Infrastructure configuration. A Basic Service Set (BSS) consists of a group of
wireless PC users and an access point that is directly connected to the wired LAN.
Each wireless PC in a BSS can connect to any computer in its wireless group or
access other computers or network resources in the wired LAN infrastructure
through the access point.
The infrastructure configuration not only extends the accessibility of wireless PCs to
the wired LAN, but also increases the effective wireless transmission range for
wireless PCs by passing their signals through one or more access points.
A wireless infrastructure can be used for access to a central database, or for
connection between mobile workers, as shown in the following figure.
Wired LAN Extension
to Wireless Clients
Server
Desktop PC
Switch
Notebook with Wireless
PC Card Adapter
Access Point
PC with Wireless
PCI Adapter
2-2
2
Access Point Topologies
Infrastructure Wireless LAN for Roaming Wireless PCs
The Basic Service Set (BSS) defines the communications domain for each access
point and its associated wireless clients. The BSS ID is a 48-bit binary number
based on the access point’s wireless MAC address, and is set automatically and
transparently as clients associate with the access point. The BSS ID is used in
frames sent between the access point and its clients to identify traffic in the service
area.
The BSS ID is only set by the access point, never by its clients. The clients only
need to set the Service Set Identifier (SSID) that identifies the service set provided
by one or more access points. The SSID can be manually configured by the clients,
can be detected in an access point’s beacon, or can be obtained by querying for the
identity of the nearest access point. For clients that do not need to roam, set the
SSID for the wireless card to that used by the access point to which you want to
connect.
A wireless infrastructure can also support roaming for mobile workers. More than
one access point can be configured to create an Extended Service Set (ESS). By
placing the access points so that a continuous coverage area is created, wireless
users within this ESS can roam freely. All wireless network card adapters and
wireless access points within a specific ESS must be configured with the same
SSID.
Seamless Roaming
for Wireless Clients
Server
Desktop PC
Switch
Notebook with Wireless
PC Card Adapter
Switch
Access Point
Notebook with Wireless
PC Card Adapter
<BSS2>
Access Point
<ESS>
PC with Wireless
PCI Adapter
<BSS1>
2-3
2
Network Configuration
Bridge Link Topologies
The IEEE 802.11 standard defines a WIreless Distribution System (WDS) for bridge
connections between BSS areas (access points). The outdoor wireless bridge uses
WDS to forward traffic on links between units. Up to 16 WDS links can be specified
for a MRW55M unit, which acts as the “Master” in the wireless bridge network.
MRW55 units support only one WDS link, which must be to the network’s master
unit.
The MRW55M and MRW55 support WDS bridge links on either the 5 GHz (802.11a)
or 2.4 GHz (802.11b/g) bands and can be used with various external antennas to
offer flexible deployment options.
Note: The external antennas offer longer range options using the 5 GHz radio, which
makes this interface more suitable for bridge links. The 2.4 GHz radio has only the
8 dBi omnidirectional antenna option, which is better suited for local access point
services.
When using WDS on a radio band, only wireless bridge units can associate to each
other. Wireless clients can only associate with the wireless bridge using a radio band
set to access point mode.
Point-to-Point Configuration
Two MRW55 bridges can form a wireless point-to-point link using their 5 GHz
(802.11a) integrated antennas. A point-to-point configuration can provide a limited
data rate (36 Mbps) link over a long range (up to 28 km), or a high data rate (108
Mbps) over a short range (1.6 km).
MRW55
MRW55
LAN
LAN
up to 28 km at 36 Mbps
Point-to-Multipoint Configuration
A MRW55M wireless bridge can use an omnidirectional or sector antenna to
connect to as many as 16 bridges in a point-to-multipoint configuration. There can
only be one MRW55M “Master” unit in the wireless bridge network, all other bridges
must be MRW55 “Slave” units.
Using the 5 GHz 8 dBi omnidirectional external antenna, the Master unit can
connect to Slave units up to 3.2 km (1.9 miles) away. Using the 13.5 dBi 120-degree
sector antenna, the Master can connect to Slave units up to 14.5 km (9 miles) away.
2-4
Bridge Link Topologies
MRW55
Slave
MRW55
Slave
MRW55
Slave
MRW55M
Master with
Omnidirectional
Antenna
MRW55
Slave
2
MRW55
Slave
MRW55
Slave
MRW55
Slave
MRW55M
Master with
Sector Antenna
MRW55
Slave
MRW55
2-5
2
2-6
Network Configuration
Chapter 3: Bridge Link Planning
The Dual-band Outdoor Access Point / Bridge supports fixed point-to-point or
point-to-multipoint wireless links. A single link between two points can be used to
connect a remote site to larger core network. Multiple bridge links can provide a way
to connect widespread Ethernet LANs.
For each link in a wireless bridge network to be reliable and provide optimum
performance, some careful site planning is required. This chapter provides guidance
and information for planning your wireless bridge links.
Note: The planning and installation of the wireless bridge requires professional
personnel that are trained in the installation of radio transmitting equipment. The
user is responsible for compliance with local regulations concerning items such as
antenna power, use of lightning arrestors, grounding, and radio mast or tower
construction. Therefore, it is recommended to consult a professional contractor
knowledgeable in local radio regulations prior to equipment installation.
Data Rates
Using its 5 GHz integrated antenna, the MRW55 Slave bridge can operate over a
range of up to 15.4 km (9.6 miles) or provide a high-speed connection of 54 Mbps
(108 Mbps in turbo mode). However, the maximum data rate for a link decreases as
the operating range increases. A 15.4 km link can only operate up to 36 Mbps,
whereas a 108 Mbps connection is limited to a range of 1.2 km.
When you are planning each wireless bridge link, take into account the maximum
distance and data rates for the various antenna options. A summary for 5 GHz
(802.11a) antennas is provided in the following table. For full specifications for each
antenna, see “Antenna Specifications” on page B-3.
..
Distances Achieved Using Normal Mode
Data Rate
17 dBi
Integrated
8 dBi Omni
13.5 dBi
120-Degree
Sector
16.5 dBi
60-Degree
Sector
23 dBi Panel
6 Mbps
14 km
3.3 km
10.3 km
14 km
24.4 km
9 Mbps
13.4 km
2.9 km
9.2 km
13.4 km
23.3 km
12 Mbps
12.8 km
2.6 km
8.2 km
12.8 km
22.2 km
18 Mbps
11.7 km
2.1 km
6.5 km
11.7 km
20.3 km
24 Mbps
9.2 km
1.5 km
4.6 km
9.2 km
17.7 km
36 Mbps
5.2 km
0.8 km
2.6 km
5.2 km
14 km
3-1
3
Bridge Link Planning
Distances Achieved Using Normal Mode
Data Rate
17 dBi
Integrated
8 dBi Omni
13.5 dBi
120-Degree
Sector
16.5 dBi
60-Degree
Sector
23 dBi Panel
48 Mbps
2.3 km
0.4 km
1.2 km
2.3 km
9.2 km
54 Mbps
1.5 km
0.2 km
0.7 km
1.5 km
5.8 km
Distances provided in this table are an estimate for a typical deployment and may be reduced by local
regulatory limits. For accurate distances, you need to calculate the power link budget for your specific
environment.
Distances Achieved Using Turbo Mode
Data Rate
17 dBi
Integrated
8 dBi Omni
13.5 dBi
120-Degree
Sector
16.5 dBi
60-Degree
Sector
23 dBi Panel
12 Mbps
12.2 km
2.3 km
7.3 km
12.2 km
21.2 km
18 Mbps
11.7 km
2.1 km
6.5 km
11.7 km
20.3 km
24 Mbps
11.1 km
1.8 km
5.8 km
11.1 km
19.4 km
36 Mbps
9.2 km
1.5 km
4.6 km
9.2 km
17.7 km
48 Mbps
6.5 km
1 km
3.3 km
6.5 km
15.4 km
72 Mbps
3.7 km
0.6 km
1.8 km
3.7 km
12.2 km
96 Mbps
1.6 km
0.3 km
0.8 km
1.6 km
6.5 km
108 Mbps
1 km
0.2 km
0.5 km
1 km
4.1 km
Distances provided in this table are an estimate for a typical deployment and may be reduced by local
regulatory limits. For accurate distances, you need to calculate the power link budget for your specific
environment.
Radio Path Planning
Although the wireless bridge uses IEEE 802.11a radio technology, which is capable
of reducing the effect of multipath signals due to obstructions, the wireless bridge
link requires a “radio line-of-sight” between the two antennas for optimum
performance.
The concept of radio line-of-sight involves the area along a radio link path through
which the bulk of the radio signal power travels. This area is known as the first
Fresnel Zone of the radio link. For a radio link not to be affected by obstacles along
its path, no object, including the ground, must intrude within 60% of the first Fresnel
Zone.
3-2
Radio Path Planning
3
The following figure illustrates the concept of a good radio line-of-sight.
Visual Line of Sight
Radio Line of Sight
If there are obstacles in the radio path, there may still be a radio link but the quality
and strength of the signal will be affected. Calculating the maximum clearance from
objects on a path is important as it directly affects the decision on antenna
placement and height. It is especially critical for long-distance links, where the radio
signal could easily be lost.
Note: For wireless links less than 500 m, the IEEE 802.11a radio signal will tolerate
some obstacles in the path and may not even require a visual line of sight between
the antennas.
When planning the radio path for a wireless bridge link, consider these factors:
• Avoid any partial line-of-sight between the antennas.
• Be cautious of trees or other foliage that may be near the path, or may grow and
obstruct the path.
• Be sure there is enough clearance from buildings and that no building construction
may eventually block the path.
• Check the topology of the land between the antennas using topographical maps,
aerial photos, or even satellite image data (software packages are available that
may include this information for your area)
• Avoid a path that may incur temporary blockage due to the movement of cars,
trains, or aircraft.
3-3
3
Bridge Link Planning
Antenna Height
A reliable wireless link is usually best achieved by mounting the antennas at each
end high enough for a clear radio line of sight between them. The minimum height
required depends on the distance of the link, obstacles that may be in the path,
topology of the terrain, and the curvature of the earth (for links over 3 miles).
For long-distance links, a mast or pole may need to be contsructed to attain the
minimum required height. Use the following table to estimate the required minimum
clearance above the ground or path obstruction (for 5 GHz bridge links).
.
Total Link Distance
Max Clearance for
60% of First Fresnel
Zone at 5.8 GHz
Approximate
Clearance for
Earth Curvature
Total Clearance
Required at
Mid-point of Link
0.25 mile (402 m)
4.5 ft (1.4 m)
0
4.5 ft (1.4 m)
0.5 mile (805 m)
6.4 ft (1.95 m)
0
6.4 ft (1.95 m)
1 mile (1.6 km)
9 ft (2.7 m)
0
9 ft (2.7 m)
2 miles (3.2 km)
12.7 ft (3.9 m)
0
12.7 ft (3.9 m)
3 miles (4.8 km)
15.6 ft (4.8 m)
1.8 ft (0.5 m)
17.4 ft (5.3 m)
4 miles (6.4 km)
18 ft (5.5 m)
3.2 ft (1.0 m)
21.2 ft (6.5 m)
5 miles (8 km)
20 ft (6.1 m)
5 ft (1.5 m)
25 ft (7.6 m)
7 miles (11.3 km)
24 ft (7.3 m)
9.8 ft (3.0 m)
33.8 ft (10.3 m)
9 miles (14.5 km)
27 ft (8.2 m)
16 ft (4.9 m)
43 ft (13.1 m)
12 miles (19.3 km)
31 ft (9.5 m)
29 ft (8.8 m)
60 ft (18.3 m)
15 miles (24.1 km)
35 ft (10.7 m)
45 ft (13.7 m)
80 ft (24.4 m)
17 miles (27.4 km)
37 ft (11.3 m)
58 ft (17.7 m)
95 ft (29 m)
Note that to avoid any obstruction along the path, the height of the object must be
added to the minimum clearance required for a clear radio line-of-sight. Consider the
following simple example, illustrated in the figure below.
3-4
Radio Path Planning
3
Radio Line of Sight
Visual Line of Sight
3 miles (4.8 km)
2.4 m
A
5.4 m
B
1.4 m
9m
20 m
17 m
12 m
A wireless bridge link is deployed to connect building A to a building B, which is
located three miles (4.8 km) away. Mid-way between the two buidings is a small
tree-covered hill. From the above table it can be seen that for a three-mile link, the
object clearance required at the mid-point is 5.3 m (17.4 ft). The tree-tops on the hill
are at an elevation of 17 m (56 ft), so the antennas at each end of the link need to be
at least 22.3 m (73 ft) high. Building A is six stories high, or 20 m (66 ft), so a 2.3 m
(7.5 ft) mast or pole must be contructed on its roof to achieve the required antenna
height. Building B is only three stories high, or 9 m (30 ft), but is located at an
elevation that is 12 m (39 ft) higher than bulding A. To mount an anntena at the
required height on building B, a mast or pole of only 1.3 m (4.3 ft) is needed.
Warning: Never construct a radio mast, pole, or tower near overhead power lines.
Note: Local regulations may limit or prevent construction of a high radio mast or tower. If
your wireless bridge link requires a high radio mast or tower, consult a
professional contractor for advice.
Antenna Position and Orientation
Once the required antenna height has been determined, other factors affecting the
precise position of the wireless bridge must be considered:
• Be sure there are no other radio antennas within 2 m (6 ft) of the wireless bridge
• Place the wireless bridge away from power and telephone lines
• Avoid placing the wireless bridge too close to any metallic reflective surfaces, such
as roof-installed air-conditioning equipment, tinted windows, wire fences, or water
pipes
• The wireless bridge antennas at both ends of the link must be positioned with the
same polarization direction, either horizontal or vertical
3-5
3
Bridge Link Planning
Antenna Polarization — The wireless bridge’s integrated antenna sends a radio
signal that is polarized in a particular direction. The antenna’s receive sensitivity is
also higher for radio signals that have the same polarization. To maximize the
performance of the wireless link, both antennas must be set to the same polarization
direction. The antenna polarization is marked on the wireless bridge, as indicated in
the following figure.
V
H
Radio Interference
The avoidance of radio interference is an important part of wireless link planning.
Interference is caused by other radio transmissions using the same or an adjacent
channel frequency. You should first scan your proposed site using a spectrum
analyzer to determine if there are any strong radio signals using the 802.11a
channel frequencies. Always use a channel frequency that is furthest away from
another signal.
If radio interference is still a problem with your wireless bridge link, changing the
antenna polarization direction may improve the situation.
Weather Conditions
When planning wireless bridge links, you must take into account any extreme
weather conditions that are known to affect your location. Consider these factors:
• Temperature — The wireless bridge is tested for normal operation in temperatures
from -33°C to 55°C. Operating in temperatures outside of this range may cause the
unit to fail.
• Wind Velocity — The wireless bridge can operate in winds up to 90 MPH and
survive higher wind speeds up to 125 MPH. You must consider the known
maximum wind velocity and direction at the site and be sure that any supporting
structure, such as a pole, mast, or tower, is built to withstand this force.
• Lightning — The wireless bridge includes its own built-in lightning protection.
However, you should make sure that the unit, any supporting structure, and cables
are all properly grounded. Additional protection using lightning rods, lightning
arrestors, or surge suppressors may also be employed.
3-6
Ethernet Cabling
3
• Rain — The wireless bridge is weatherproofed against rain. Also, prolonged heavy
rain has no significant effect on the radio signal. However, it is recommended to
apply weatherproof sealing tape around the Ethernet port and antenna connectors
for extra protection. If moisture enters a connector, it may cause a degradation in
performance or even a complete failure of the link.
• Snow and Ice — Falling snow, like rain, has no significant effect on the radio
signal. However, a build up of snow or ice on antennas may cause the link to fail.
In this case, the snow or ice has to be cleared from the antennas to restore
operation of the link.
Ethernet Cabling
When a suitable antenna location has been determined, you must plan a cable route
form the wireless bridge outdoors to the power injector module indoors. Consider
these points:
• The Ethernet cable length should never be longer than 100 m (328 ft)
• Determine a building entry point for the cable
• Determine if conduits, bracing, or other structures are required for safety or
protection of the cable
• For lightning protection at the power injector end of the cable, consider using a
lightning arrestor immediately before the cable enters the building
Grounding
It is important that the wireless bridge, cables, and any supporting structures are
properly grounded. The wireless bridge unit includes a grounding screw for
attaching a ground wire. Be sure that grounding is available and that it meets local
and national electrical codes.
3-7
3
3-8
Bridge Link Planning
Chapter 4: Hardware Installation
Before mounting antennas to set up your wireless bridge links, be sure you have
selected appropriate locations for each antenna. Follow the guidance and
information in Chapter 2, “Wireless Link Planning.”
Also, before mounting units in their intended locations, you should first perform initial
configuration and test the basic operation of the wireless bridge links in a controlled
environment over a very short range. (See the section “Testing Basic Link
Operation” in this chapter.)
The wireless bridge includes its own bracket kit for mounting the unit to a 1.5 to
2 inch diameter steel pole or tube. The pole-mounting bracket allows the unit to be
mounted to part of a radio mast or tower structure. The unit also has a wall-mounting
bracket kit that enables it to be fixed to a building wall or roof when using external
antennas.
Hardware installation of the wireless bridge involves these steps:
1.
Mount the unit on a wall, pole, mast, or tower using the mounting bracket.
2.
Mount external antennas on the same supporting structure as the bridge and
connect them to the bridge unit.
3.
Connect the Ethernet cable and a grounding wire to the unit.
4.
Connect the power injector to the Ethernet cable, a local LAN switch, and an
AC power source.
5.
Align antennas at both ends of the link.
Testing Basic Link Operation
Set up the units over a very short range (15 to 25 feet), either outdoors or indoors.
Connect the units as indicated in this chapter and be sure to perform all the basic
configuration tasks outlined in Chapter 4, “Initial Configuration.” When you are
satisfied that the links are operating correctly, proceed to mount the units in their
intended locations.
Mount the Unit
Using the Pole-Mounting Bracket
Perform the following steps to mount the unit to a 1.5 to 2 inch diameter steel pole or
tube using the mounting bracket:
1.
Always attach the bracket to a pole with the open end of the mounting grooves
facing up.
4-1
4
2.
Hardware Installation
Place the U-shaped part of the bracket around the pole and tighten the securing
nut just enough to hold the bracket to the pole. (The bracket may need to be
rotated around the pole during the alignment process.)
Attach bracket to
pole with mounting
grooves facing up
3.
Use the included nuts to tightly secure the wireless bridge to the bracket. Be
sure to take account of the antenna polarization direction; both antennas in a
link must be mounted with the same polarization.
Antenna Polarization
Direction
4-2
Mount the Unit
4
Mounting on Larger Diameter Poles
In addition, there is a method for attaching the pole-mounting bracket to a pole that
is 2 to 5 inches in diameter using an adjustable steel band clamp (not included in the
kit). A steel band clamp up to 0.5 inch (1.27 cm) wide can be threaded through the
main part of the bracket to secure it to a larger diameter pole without using the
U-shaped part of the bracket. This method is illustrated in the following figure.
Steel Band Clamp
Using the Wall-Mounting Bracket
Perform the following steps to mount the unit to a wall using the wall-mounting
bracket:
Note: The wall-mounting bracket does not allow the wireless bridge’s intrgrated antenna
to be aligned. It is intended for use with the unit using an external antenna.
1.
Always attach the bracket to a wall with the open end of the mounting grooves
facing up (see following figure).
Mounting Grooves
4-3
4
Hardware Installation
2.
Position the bracket in the intended location and mark the position of the three
mounting screw holes.
3.
Drill three holes in the wall that match the screws and wall plugs included in the
bracket kit, then secure the bracket to the wall.
4.
Use the included nuts to tightly secure the wireless bridge to the bracket.
Connect External Antennas
When deploying a MRW55M Master bridge unit for a bridge link or access point
operation, you need to mount external antennas and connect them to the bridge.
Typically, a bridge link requires a 5 GHz antenna, and access point operation a
2.4 GHz antenna. MRW55 Slave units also require an external antenna for 2.4 GHz
operation.
Perform these steps:
1.
Mount the external antenna to the same supporting structure as the bridge,
within 3 m (10 ft) distance, using the bracket supplied in the antenna package.
2.
Connect the antenna to the bridge’s N-type connector using the RF coaxial
cable provided in the antenna package.
3.
Apply weatherproofing tape to the antenna connectors to help prevent water
entering the connectors.
2.4 GHz
N-type Connector
5 GHz
N-type Connector
5 GHz External
High-gain Panel
Antenna
MRW55M
2.4 GHz External
Omnidirectional
Antenna
RF Coaxial Cable
4-4
Connect Cables to the Unit
4
Connect Cables to the Unit
1.
Attach the Ethernet cable to the Ethernet port on the wireless bridge.
Note: The Ethernet cable included with the package is 30 m (100 ft) long. To wire a
longer cable (maximum 100 m, 325 ft), use the connector pinout information in
Appendix B.
2.
For extra protection against rain or moisture, apply weatherproofing tape (not
included) around the Ethernet connector.
3.
Be sure to ground the unit with an appropriate grounding wire (not included) by
attaching it to the grounding screw on the unit.
Caution: Be sure that grounding is available and that it meets local and national
electrical codes. For additional lightning protection, use lightning rods, lightning
arrestors, or surge suppressors.
Ethernet Cable
Ground Wire
Connect the Power Injector
To connect the wireless bridge to a power source:
Caution: Do not install the power injector outdoors. The unit is for indoor installation only.
Note: The wireless bridge’s Ethernet port does not support Power over Ethernet (PoE)
based on the IEEE 802.3af standard. Do not try to power the unit by connecting it
directly to a network switch that provides IEEE 802.3af PoE. Always connect the
unit to the included power injector module.
1.
Connect the Ethernet cable from the wireless bridge to the RJ-45 port labeled
“Output” on the power injector.
2.
Connect a straight-through unshielded twisted-pair (UTP) cable from a local
LAN switch to the RJ-45 port labeled “Input” on the power injector. Use
Category 5 or better UTP cable for 10/100BASE-TX connections.
Note: The RJ-45 port on the power injector is an MDI port. If connecting directly to a
computer for testing the link, use a crossover cable.
4-5
4
Hardware Installation
AC power
Ethernet cable
from LAN switch
Inp
ut
Ou
tpu
t
Power LED indicator
Ethernet cable to
wireless bridge
3.
Insert the power cable plug directly into the standard AC receptacle on the
power injector.
4.
Plug the other end of the power cable into a grounded, 3-pin socket, AC power
source.
Note: For International use, you may need to change the AC line cord. You must use a
line cord set that has been approved for the receptacle type in your country.
5.
Check the LED on top of the power injector to be sure that power is being
supplied to the wireless bridge through the Ethernet connection.
Align Antennas
After wireless bridge units have been mounted, connected, and their radios are
operating, the antennas must be accurately aligned to ensure optimum performance
on the bridge links. This alignment process is particularly important for long-range
point-to-point links. In a point-to-multipoint configuration the Master bridge uses an
omnidirectional or sector antenna, which does not require alignment, but Slave
bridges still need to be correctly aligned with the Master bridge antennna.
• Point-to-Point Configurations – In a point-to-point configuration, the alignment
process requires two people at each end of the link. The use of cell phones or
two-way radio communication may help with coordination. To start, you can just
point the antennas at each other, using binoculars or a compass to set the general
direction. For accurate alignment, you must connect a DC voltmeter to the RSSI
connector on the wireless bridge and monitor the voltage as the antenna moves
horizontally and vertically.
• Point-to-Multipoint Configurations – In a point-to-multipoint configuration all
Slave bridges must be aligned with the Master bridge antenna. The alignment
process is the same as in point-to-point links, but only the Slave end of the link
requires the alignment.
4-6
Align Antennas
4
The RSSI connector provides an output voltage between 0 and 3.28 VDC that is
proportional to the received radio signal strength. The higher the voltage reading,
the stronger the signal. The radio signal from the remote antenna can be seen to
have a strong central main lobe and smaller side lobes. The object of the alignment
process is to set the antenna so that it is receiving the strongest signal from the
central main lobe.
Vertical Scan
Remote
Antenna
Maximum Signal
Strength Position for
Vertical Alignment
Horizontal Scan
Main Lobe
Maximum
RSSI
Voltage
RSSI Voltage
Side Lobe
Maximum
Maximum Signal Strength Position
for Horizontal Alignment
To align the antennas in the link using the RSSI output voltage, start with one
antenna fixed and then perform the following procedure on the other antenna:
Note: The RSSI output can be configured through management interfaces to output a
value for specific WDS ports. See page 6-40 for more information.
1.
Remove the RSSI connector cover and connect a voltmeter using a cable with
a male BNC connector (not included).
4-7
4
Hardware Installation
RSSI BNC
Connection
Voltmeter
2.
Pan the antenna horizontally back and forth while checking the RSSI voltage. If
using the pole-mounting bracket with the unit, you must rotate the mounting
bracket around the pole. Other external antenna brackets may require a
different horizontal adjustment.
3.
Find the point where the signal is strongest (highest voltage) and secure the
horizontal adjustment in that position.
Note: Sometimes there may not be a central lobe peak in the voltage because vertical
alignment is too far off; only two similar peaks for the side lobes are detected. In
this case, fix the antenna so that it is halfway between the two peaks.
4.
Loosen the vertical adjustment on the mounting bracket and tilt the antenna
slowly up and down while checking the RSSI voltage.
5.
Find the point where the signal is strongest and secure the vertical adjustment
in that position.
6.
Remove the voltmeter cable and replace the RSSI connector cover.
4-8
Chapter 5: Initial Configuration
The wireless bridge offers a variety of management options, including a web-based
interface, a command line interface (CLI), or using SNMP management software.
Most initial configuration steps can be made through the web browser interface
using the Setup Wizard (page 5-3). However, for units that do not have a preset
country code, you must first set the country code using the CLI.
Note: Units sold in some countries are not configured with a specific country code. You
must use the CLI to set the country code and enable wireless operation
(page 5-2).
The wireless bridge requests an IP address via DHCP by default. If no response is
received from a DHCP server, then the wireless bridge uses the default address
192.168.1.1. If this address is not compatible with your network, you can first
perform initial configuration using a PC that has IP settings compatible with this
subnet (for example, 192.168.1.2) and connecting it directly to the wireless bridge.
When the basic configuration is completed, you can set new IP settings for the
wireless bridge before connecting it to your network.
Initial Setup through the CLI
The wireless bridge provides access to the CLI through a Telnet connection. You
can open a Telnet session by performing these steps:
1.
From the host computer, enter the Telnet command and the IP address of the
wireless bridge unit (default 192.168.1.1 if not set via DHCP).
2.
At the prompt, enter “admin” for the user name.
3.
The default password is null, so just press [Enter] at the password prompt.
The CLI will display the “MRW55#” prompt to show that you are using executive
access mode (i.e., Exec).
Username: admin
Password:
MRW55#
For a full description of how to use the CLI, see “Using the Command Line Interface”
on page 7-1. For a list of all the CLI commands and detailed information on using the
CLI, refer to “Command Groups” on page 7-6.
5-1
5
Initial Configuration
Initial Configuration Steps
Setting the Country Code – Regulations for wireless products differ from country to
country. Setting the country code restricts the wireless bridge to use only the radio
channels and power settings permitted in the specified country of operation. If the
wireless bridge unit is shipped with a preset country code, you are not permitted to
change it, as required by country regulations. If the unit is set to the default “99,” you
must set the country code to the country of operation.
At the Exec prompt, type “country ?” to display the list of country codes. Check the
code for your country, then enter the country command again followed by your
country code (e.g., IE for Ireland).
MRW55#country ie
MRW55#
Setting the IP Address – By default, the wireless bridge is configured to obtain IP
address settings from a DHCP server. You may also use the CLI to assign an IP
address that is compatible with your network.
Type “configure” to enter configuration mode, then type “interface ethernet” to
access the Ethernet interface-configuration mode.
MRW55#configure
MRW55(config)#interface ethernet
MRW55(config-if)#
First type “no dhcp” to disable DHCP client mode. Then type “ip address ip-address
netmask gateway,” where “ip-address” is the wireless bridge’s IP address, “netmask”
is the network mask for the network, and “gateway” is the default gateway router.
Check with your system administrator to obtain an IP address that is compatible with
your network.
MRW55(if-ethernet)#no ip dhcp
MRW55(if-ethernet)#ip address 192.168.2.2 255.255.255.0
192.168.2.254
MRW55(if-ethernet)#
After configuring the wireless bridge’s IP parameters, you can access the
management interface from anywhere within the attached network. The command
line interface can also be accessed using Telnet from any computer attached to the
network.
5-2
Using the Web-based Management Setup Wizard
5
Using the Web-based Management Setup Wizard
There are only a few basic steps you need to complete to set up the wireless bridge
for your network. The Setup Wizard takes you through configuration procedures for
the radio channel selection, IP configuration, and basic WEP encryption for wireless
security.
The wireless bridge can be managed by any computer using a web browser
(Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Enter the IP
configured for the unit or the default IP address: http://192.168.1.1
Logging In – Enter the default username “admin” and click LOGIN (there is no
default password). For information on configuring a user name and password, refer
to page 6-23.
The home page displays the Main Menu.
5-3
5
Initial Configuration
Launching the Setup Wizard – To perform initial configuration, click Setup Wizard
on the home page, then click on the [Next] button to start the process.
5-4
Using the Web-based Management Setup Wizard
5
1.
Service Set ID – Enter the service set identifier in the SSID box which all
wireless 802.11g clients must use to associate with the access point. The SSID
is case sensitive and can consist of up to 32 alphanumeric characters
(Defaults: MRW55).
2.
Radio Channel – You must enable radio communications for the 802.11a and
802.11g radios and set the operating channel.
• 802.11a
Turbo Mode – If you select Enable, the wireless bridge will operate in turbo
mode with a data rate of up to 108 Mbps. Normal mode supports 13 channels,
Turbo mode supports only 5 channels. (Default: Disable)
802.11a Radio Channel – Set the operating radio channel number. (Default:
56ch, 5.280 GHz)
5-5
5
Initial Configuration
Auto Channel Select – Select Enable to automatically select an unoccupied
radio channel. (Default: Enable)
• 802.11b/g
802.11g Radio Channel: Set the operating radio channel number. (Range
1-11; Default: 1)
Note: Available channel settings are limited by local regulations which determine which
channels are available.
3.
IP Configuration – Either enable or disable (Dynamic Host Configuration
Protocol (DHCP) for automatic IP configuration. If you disable DHCP, then
manually enter the IP address and subnet mask. If a management station exists
on another network segment, then you must enter the IP address for a gateway
that can route traffic between these segments. Then enter the IP address for
the primary and secondary Domain Name Servers (DNS) servers to be used for
host-name to IP address resolution.
DHCP Client – With DHCP Client enabled, the IP address, subnet mask and
default gateway can be dynamically assigned to the access point by the
network DHCP server. (Default: Enable)
5-6
Using the Web-based Management Setup Wizard
5
Note: If there is no DHCP server on your network, then the access point will
automatically start up with its default IP address, 192.168.1.1.
4.
WDS Settings – To set up a wireless bridge link, you must configure the WDS
forwarding table by specifying the wireless MAC address of the bridge to which
you want to forward traffic. For a Slave bridge unit, you need to specify the
MAC address of the wireless bridge unit at the opposite end of the link. For a
Master bridge unit, you need to specify the MAC addresses of all the Slave
bridge units in the network.
5-7
5
5.
Initial Configuration
Security (802.11g) – Set the Authentication Type to “Open System” to allow
open access without authentication, or “Shared Key” to require authentication
based on a shared key. Enable Wired Equivalent Privacy (WEP) to encrypt data
transmissions. To configure other security features use the Advanced Setup
menu as described in Chapter 5.
Authentication Type – Use “Open System” to allow open access to all wireless
clients without performing authentication, or “Shared Key” to perform authentication
based on a shared key that has been distributed to all stations. (Default: Open
System)
WEP – Wired Equivalent Privacy is used to encrypt transmissions passing between
wireless clients and the access point. (Default: Disabled)
Shared Key Setup – If you select “Shared Key” authentication type or enable WEP,
then you also need to configure the shared key by selecting 64-bit or 128-bit key
type, and entering a hexadecimal or ASCII string of the appropriate length. The key
can be entered as alphanumeric characters or hexadecimal (0~9, A~F, e.g., D7 0A
9C 7F E5). (Default: 128 bit, hexadecimal key type)
64-Bit Manual Entry: The key can contain 10 hexadecimal digits, or 5 alphanumeric
characters.
5-8
Using the Web-based Management Setup Wizard
5
128-Bit Manual Entry: The key can contain 26 hexadecimal digits or 13
alphanumeric characters.
Note: All wireless devices must be configured with the same Key ID values to
communicate with the access point.
6.
Click Finish.
7.
Click the OK button to restart the access point.
5-9
5
5-10
Initial Configuration
Chapter 6: System Configuration
Before continuing with advanced configuration, first complete the initial configuration
steps described in Chapter 4 to set up an IP address for the wireless bridge.
The wireless bridge can be managed by any computer using a web browser
(Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Enter the
default IP address: http://192.168.1.1
To log into the wireless bridge, enter the default user name and password, both of
which are “admin” and click LOGIN. When the home page displays, click on
Advanced Setup. The following page will display.
The information in this chapter is organized to reflect the structure of the web
screens for easy reference. However, it is recommended that you configure a user
name and password as the first step under advanced configuration to control
management access to the wireless bridge (page 6-23).
6-1
6
System Configuration
Advanced Configuration
The Advanced Configuration pages include the following options.
Menu
System
Description
Page
Configures basic administrative and client access
6-3
Identification
Specifies the system name, location and contact information
6-3
TCP / IP Settings
Configures the IP address, subnet mask, gateway, and domain name
servers
6-5
Radius
Configures the RADIUS server for wireless client authentication
6-7
PPPoE Settings
Configures PPPoE on the Ethernet interface for a connection to an ISP
Authentication
Configures 802.1X client authentication and MAC address
authentication
6-11
Filter Control
Enables VLAN support and filters traffic matching specific Ethernet
protocol types
6-18
SNMP
Controls access to this wireless bridge from management stations
using SNMP, as well as the hosts that will receive trap messages
6-20
Administration
Configures user name and password for management access;
upgrades software from local file, FTP or TFTP server; resets
configuration settings to factory defaults; and resets the wireless
bridge
6-23
System Log
Controls logging of error messages; sets the system clock via SNTP
server or manual configuration
6-27
WDS
Sets the MAC addresses of other units in the wireless bridge network
6-31
Bridge
Sets the time for aging out entries in the bridge MAC address table
6-33
STP
Configures Spanning Tree Protocol parameters
6-36
RSSI
6-9
Controls the maximum RSSI voltage output for specific WDS ports
6-40
Configures the IEEE 802.11a interface
6-41
Radio Settings
Configures radio signal parameters, such as radio channel,
transmission rate, and beacon settings
6-42
Security
Configures data encryption using Wired Equivalent Protection (WEP)
or Wi-Fi Protected Access (WPA)
6-48
Configures the IEEE 802.11b/g interface
6-46
Radio Settings
Configures radio signal parameters, such as radio channel,
transmission rate, and beacon settings
6-46
Security
Configures data encryption using Wired Equivalent Protection (WEP)
or Wi-Fi Protected Access (WPA)
6-48
Radio Interface A
Radio Interface G
6-2
Advanced Configuration
6
System Identification
The system information parameters for the wireless bridge can be left at their default
settings. However, modifying these parameters can help you to more easily
distinguish different devices in your network.
The wireless bridge allows the selection of the band to be used for bridge links. The
bridge band can support no wireless clients. Alternatively, bridging can be disabled
and both bands can support access point functions.
System Name – An alias for the wireless bridge, enabling the device to be uniquely
identified on the network. (Default: MRW55 Wireless Outdoor Bridge/AP; Range:
1-22 characters)
Outdoor Bridge Band – Selects the radio band used for bridge links.
• A – Bridging is supported on the 802.11a 5 GHz band.
• G – Bridging is supported on the 802.11b/g 2.4 GHz band.
• None – Bridging is not supported on either radio band. Allows both bands to
support access point operations for wireless clients.
Location – A text string that describes the system location. (Maximum length: 20
characters)
Contact – A text string that describes the system contact. (Maximum length: 255
characters)
6-3
6
System Configuration
CLI Commands for System Identification – Enter the global configuration mode and
use the system name command to specify a new system name. Use the
snmp-server location and snmp-server contact commands to indicate the physical
location of the wireless bridge and define a system contact. Then return to the Exec
mode, and use the show system command to display the changes to the system
identification settings.
MRW55#configure
MRW55(config)#system name R&D
MRW55(config)#snmp-server location building-1
MRW55(config)#snmp-server contact Paul
MRW55(config)#exit
MRW55#show system
7-7
7-12
7-27
7-25
7-15
System Information
===================================================
Serial Number
: 0000000005
System Up time
: 0 days, 0 hours, 35 minutes, 56 seconds
System Name
: R&D
System Location
: building-1
System Contact
: Paul
System Country Code : US - UNITED STATES
MAC Address
: 00-20-1A-20-54-23
IP Address
: 192.168.1.1
Subnet Mask
: 255.255.255.0
Default Gateway
: 0.0.0.0
VLAN State
: DISABLED
Native VLAN ID
: 1
IAPP State
: ENABLED
DHCP Client
: ENABLED
HTTP Server
: ENABLED
HTTP Server Port
: 80
Slot Status
: Dual band(a/g)
Software Version
: v1.1.3.4B05
===================================================
MRW55#
CLI Commands for Bridge Band Selection – Enter the global configuration mode
and use the wds channel command to specify the bridge band.
MRW55#configure
MRW55(config)#wds channel a
MRW55(config)#
6-4
7-7
7-43
Advanced Configuration
6
TCP / IP Settings
Configuring the wireless bridge with an IP address expands your ability to manage
the wireless bridge. A number of wireless bridge features depend on IP addressing
to operate.
Note: You can use the web browser interface to access IP addressing only if the
wireless bridge already has an IP address that is reachable through your
network.
By default, the wireless bridge will be automatically configured with IP settings from
a Dynamic Host Configuration Protocol (DHCP) server. However, if you are not
using a DHCP server to configure IP addressing, use the CLI to manually configure
the initial IP values (page 5-2). After you have network access to the wireless bridge,
you can use the web browser interface to modify the initial IP configuration, if
needed.
Note: If there is no DHCP server on your network, or DHCP fails, the wireless
bridge will automatically start up with a default IP address of 192.168.1.1.
DHCP Client (Enable) – Select this option to obtain the IP settings for the wireless
bridge from a DHCP (Dynamic Host Configuration Protocol) server. The IP address,
subnet mask, default gateway, and Domain Name Server (DNS) address are
dynamically assigned to the wireless bridge by the network DHCP server.
(Default: Enabled)
6-5
6
System Configuration
DHCP Client (Disable) – Select this option to manually configure a static address for
the wireless bridge.
• IP Address: The IP address of the wireless bridge. Valid IP addresses consist of
four decimal numbers, 0 to 255, separated by periods.
• Subnet Mask: The mask that identifies the host address bits used for routing to
specific subnets.
• Default Gateway: The default gateway is the IP address of the router for the
wireless bridge, which is used if the requested destination address is not on the
local subnet.
If you have management stations, DNS, or other network servers located on
another subnet, type the IP address of the default gateway router in the text field
provided. Otherwise, leave the address as all zeros (0.0.0.0).
• Primary and Secondary DNS Address: The IP address of Domain Name Servers
on the network. A DNS maps numerical IP addresses to domain names and can
be used to identify network hosts by familiar names instead of the IP addresses.
If you have one or more DNS servers located on the local network, type the IP
addresses in the text fields provided. Otherwise, leave the addresses as all zeros
(0.0.0.0).
CLI Commands for TCP/IP Settings – From the global configuration mode, enter the
interface configuration mode with the interface ethernet command. Use the ip dhcp
command to enable the DHCP client, or no ip dhcp to disable it. To manually
configure an address, specify the new IP address, subnet mask, and default
gateway using the ip address command. To specify DNS server addresses use the
dns server command. Then use the show interface ethernet command from the
Exec mode to display the current IP settings.
MRW55(config)#interface ethernet
Enter Ethernet configuration commands, one per line.
MRW55(if-ethernet)#no ip dhcp
MRW55(if-ethernet)#ip address 192.168.1.2
255.255.255.0 192.168.1.253
MRW55(if-ethernet)#dns primary-server 192.168.1.55
MRW55(if-ethernet)#dns secondary-server 10.1.0.55
MRW55(config)#end
MRW55#show interface ethernet
Ethernet Interface Information
========================================
IP Address
: 192.168.1.2
Subnet Mask
: 255.255.255.0
Default Gateway
: 192.168.1.253
Primary DNS
: 192.168.1.55
Secondary DNS
: 10.1.0.55
Admin status
: Up
Operational status : Up
========================================
MRW55#
6-6
7-64
7-66
7-65
7-64
7-64
7-7
7-67
Advanced Configuration
6
Radius
Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol
that uses software running on a central server to control access to RADIUS-aware
devices on the network. An authentication server contains a database of user
credentials for each user that requires access to the network.
A primary RADIUS server must be specified for the access point to implement IEEE
802.1X network access control and Wi-Fi Protected Access (WPA) wireless security.
A secondary RADIUS server may also be specified as a backup should the primary
server fail or become inaccessible.
Note: This guide assumes that you have already configured RADIUS server(s) to
support the access point. Configuration of RADIUS server software is
beyond the scope of this guide, refer to the documentation provided with the
RADIUS server software.
Primary Radius Server Setup – Configure the following settings to use RADIUS
authentication on the access point.
• IP Address: Specifies the IP address or host name of the RADIUS server.
• Port: The UDP port number used by the RADIUS server for authentication
messages. (Range: 1024-65535; Default: 1812)
• Key: A shared text string used to encrypt messages between the access point and
the RADIUS server. Be sure that the same text string is specified on the RADIUS
server. Do not use blank spaces in the string. (Maximum length: 255 characters)
6-7
6
System Configuration
• Timeout: Number of seconds the access point waits for a reply from the RADIUS
server before resending a request. (Range: 1-60 seconds; Default: 5)
• Retransmit attempts: The number of times the access point tries to resend a
request to the RADIUS server before authentication fails. (Range: 1-30; Default: 3)
Note: For the Timeout and Retransmit attempts fields, accept the default values
unless you experience problems connecting to the RADIUS server over the
network.
Secondary Radius Server Setup – Configure a secondary RADIUS server to provide
a backup in case the primary server fails. The access point uses the secondary
server if the primary server fails or becomes inaccessible. Once the access point
switches over to the secondary server, it periodically attempts to establish
communication again with primary server. If communication with the primary server
is re-established, the secondary server reverts to a backup role.
CLI Commands for RADIUS – From the global configuration mode, use the
radius-server address command to specify the address of the primary or
secondary RADIUS servers. (The following example configures the settings for the
primary RADIUS server.) Configure the other parameters for the RADIUS server.
Then use the show show radius command from the Exec mode to display the
current settings for the primary and secondary RADIUS servers.
MRW55(config)#radius-server
MRW55(config)#radius-server
MRW55(config)#radius-server
MRW55(config)#radius-server
MRW55(config)#radius-server
MRW55(config)#exit
MRW55#show radius
address 192.168.1.25
port 181
key green
timeout 10
retransmit 5
Radius Server Information
========================================
IP
: 192.168.1.25
Port
: 181
Key
: *****
Retransmit
: 5
Timeout
: 10
========================================
Radius Secondary Server Information
========================================
IP
: 0.0.0.0
Port
: 1812
Key
: *****
Retransmit
: 3
Timeout
: 5
========================================
MRW55#
6-8
7-32
7-32
7-33
7-34
7-33
7-34
Advanced Configuration
6
PPPoE Settings
The wireless bridge uses a Point-to-Point Protocol over Ethernet (PPPoE)
connection, or tunnel, only for management traffic between the wireless bridge and a
remote PPPoE server (typically at an ISP). Examples of management traffic that
may initiated by the wireless bridge and carried over a PPPoE tunnel are RADIUS,
Syslog, or DHCP traffic.
PPP over Ethernet – Enable PPPoE on the RJ-45 Ethernet interface to pass
management traffic between the unit and a remote PPPoE server. (Default: Disable)
PPPoE Username – The user name assigned for the PPPoE tunnel. (Range: 1-63
alphanumeric characters)
PPPoE Password – The password assigned for the PPPoE tunnel. (Range: 1-63
alphanumeric characters)
Confirm Password – Use this field to confirm the PPPoE password.
PPPoE Service Name – The service name assigned for the PPPoE tunnel. The
service name is normally optional, but may be required by some service providers.
(Range: 1-63 alphanumeric characters)
IP Allocation Mode – This field specifies how IP adresses for the PPPoE tunnel are
configured on the RJ-45 interface. The allocation mode depends on the type of
service provided by the PPPoE server. If automatic mode is selected, DHCP is used
6-9
6
System Configuration
to allocate the IP addresses for the PPPoE connection. If static addresses have
been assigned to you by the service provider, you must manually enter the assigned
addresses. (Default: Automatic)
• Automatically allocated: IP addresses are dynamically assigned by the service
provider during PPPoE session initialization.
• Static assigned: Fixed addresses are assigned by the service provider for both the
local and remote IP addresses.
Local IP Address – IP address of the local end of the PPPoE tunnel. (Must be
entered for static IP allocation mode.)
Remote IP Address – IP address of the remote end of the PPPoE tunnel. (Must be
entered for static IP allocation mode.)
CLI Commands for PPPoE – From the CLI configuration mode, use the interface
ethernet command to access interface configuration mode. Use the ip pppoe
command to enable PPPoE on the Ethernet interface. Use the other PPPoE
commands shown in the example below to set a user name and password, IP
settings, and other PPPoE parameters as required by the service provider. The
pppoe restart command can then be used to start a new connection using the
modified settings. To display the current PPPoE settings, use the show pppoe
command from the Exec mode.
MRW55(config)#interface ethernet
Enter Ethernet configuration commands, one per line.
MRW55(if-ethernet)#ip pppoe
MRW55(if-ethernet)#pppoe username mike
MRW55(if-ethernet)#pppoe password 12345
MRW55(if-ethernet)#pppoe service-name classA
MRW55(if-ethernet)#pppoe ip allocation mode static
MRW55(if-ethernet)#pppoe local ip 10.7.1.200
MRW55(if-ethernet)#pppoe remote ip 192.168.1.20
MRW55(if-ethernet)#pppoe ipcp dns
MRW55(if-ethernet)#pppoe lcp echo-interval 30
MRW55(if-ethernet)#pppoe lcp echo-failure 5
MRW55(if-ethernet)#pppoe restart
MRW55(if-ethernet)#end
MRW55#show pppoe
PPPoE Information
======================================================
State
: Link up
Username
: mike
Service Name
: classA
IP Allocation Mode
: Static
DNS Negotiation
: Enabled
Local IP
: 10.7.1.200
Echo Interval
: 30
Echo Failure
: 5
======================================================
MRW55#
6-10
7-64
7-57
7-61
7-61
7-62
7-57
7-60
7-60
7-58
7-58
7-59
7-62
7-63
Advanced Configuration
6
Authentication
Wireless clients can be authenticated for network access by checking their MAC
address against the local database configured on the access point, or by using a
database configured on a central RADIUS server. Alternatively, authentication can
be implemented using the IEEE 802.1X network access control protocol.
The access point can also operate in a 802.1X supplicant mode. This enables the
access point itself and any bridge-connected units to be authenticated with a
RADIUS server using a configured MD5 user name and password. This mechanism
can prevent rogue access points from gaining access to the network.
Ethernet Supplicant Setup – Allows the access point to act as an 802.1X supplicant
so it can be authenticated through its Ethernet port with a RADIUS server on the
local network. When enabled, a unique MD5 user name and password needs to be
configured. (Default: Disabled)
• Enabled/Disabled – Enables/Disables the 802.1X supplicant function.
- Username – Specifies the MD5 user name. (Range: 1-22 characters)
- Password – Specifies the MD5 password. (Range: 1-22 characters)
WDS Supplicant Setup – Allows the access point to act as an 802.1X supplicant so
it can be authenticated through a WDS (wireless) port with a RADIUS server on the
remote network. When enabled, a unique MD5 user name and password needs to
be configured for the WDS port. For a MRW55 Slave unit, there is only one WDS
port. For a MRW55M Master unit, there are 16 WDS ports. (Default: Disabled)
6-11
6
System Configuration
.
.
.
MAC Authentication – You can configure a list of the MAC addresses for wireless
clients that are authorized to access the network. This provides a basic level of
authentication for wireless clients attempting to gain access to the network. A
database of authorized MAC addresses can be stored locally on the access point or
remotely on a central RADIUS server. (Default: Local MAC)
• Local MAC: The MAC address of the associating station is compared against the
local database stored on the access point. The Local MAC Authentication section
enables the local database to be set up.
• Radius MAC: The MAC address of the associating station is sent to a configured
RADIUS server for authentication. When using a RADIUS authentication server for
MAC address authentication, the server must first be configured in the Radius
window (page 6-7).
• Disable: No checks are performed on an associating station’s MAC address.
Note: Client station MAC authentication occurs prior to the IEEE 802.1X
authentication procedure configured for the access point. However, a client’s
MAC address provides relatively weak user authentication, since MAC
addresses can be easily captured and used by another station to break into
the network. Using 802.1X provides more robust user authentication using
user names and passwords or digital certificates. So, although you can
configure the access point to use MAC address and 802.1X authentication
together, it is better to choose one or the other, as appropriate.
802.1X Setup – IEEE 802.1X is a standard framework for network access control
that uses a central RADIUS server for user authentication. This control feature
prevents unauthorized access to the network by requiring an 802.1X client
application to submit user credentials for authentication. The 802.1X standard uses
the Extensible Authentication Protocol (EAP) to pass user credentials (either digital
certificates, user names and passwords, or other) from the client to the RADIUS
6-12
6
Advanced Configuration
server. Client authentication is then verified on the RADIUS server before the
access point grants client access to the network.
The 802.1X EAP packets are also used to pass dynamic unicast session keys and
static broadcast keys to wireless clients. Session keys are unique to each client and
are used to encrypt and correlate traffic passing between a specific client and the
access point. You can also enable broadcast key rotation, so the access point
provides a dynamic broadcast key and changes it at a specified interval.
You can enable 802.1X as optionally supported or as required to enhance the
security of the wireless network.
• Disable: The access point does not support 802.1X authentication for any wireless
client. After successful wireless association with the access point, each client is
allowed to access the network.
• Supported: The access point supports 802.1X authentication only for clients
initiating the 802.1X authentication process (i.e., the access point does not initiate
802.1X authentication). For clients initiating 802.1X, only those successfully
authenticated are allowed to access the network. For those clients not initiating
802.1X, access to the network is allowed after successful wireless association with
the access point.
• Required: The access point enforces 802.1X authentication for all associated
wireless clients. If 802.1X authentication is not initiated by a client, the access point
will initiate authentication. Only those clients successfully authenticated with
802.1X are allowed to access the network.
When 802.1X is enabled, the broadcast and session key rotation intervals can also
be configured.
• Broadcast Key Refresh Rate: Sets the interval at which the broadcast keys are
refreshed for stations using 802.1X dynamic keying. (Range: 0-1440 minutes;
Default: 0 means disabled)
• Session Key Refresh Rate: The interval at which the access point refreshes
unicast session keys for associated clients. (Range: 0-1440 minutes; Default: 0
means disabled)
• 802.1X Re-authentication Refresh Rate: The time period after which a connected
client must be re-authenticated. During the re-authentication process of verifying
the client’s credentials on the RADIUS server, the client remains connected the
network. Only if re-authentication fails is network access blocked. (Range: 0-65535
seconds; Default: 0 means disabled)
6-13
6
System Configuration
.
.
.
Local MAC Authentication – Configures the local MAC authentication database. The
MAC database provides a mechanism to take certain actions based on a wireless
client’s MAC address. The MAC list can be configured to allow or deny network
access to specific clients.
• System Default: Specifies a default action for all unknown MAC addresses (that is,
those not listed in the local MAC database).
- Deny: Blocks access for all MAC addresses except those listed in the local
database as “Allow.”
- Allow: Permits access for all MAC addresses except those listed in the local
database as “Deny.”
• MAC Authentication Settings: Enters specified MAC addresses and permissions
into the local MAC database.
- MAC Address: Physical address of a client. Enter six pairs of hexadecimal digits
separated by hyphens; for example, 00-03-7F-E0-06-EA.
- Permission: Select Allow to permit access or Deny to block access. If Delete is
selected, the specified MAC address entry is removed from the database.
- Update: Enters the specified MAC address and permission setting into the local
database.
• MAC Authentication Table: Displays current entries in the local MAC database.
CLI Commands for 802.1X Suppicant Configuration – Use the 802.1X supplicant
commands to set the Ethernet and WDS user names and passwords, and to enable
the feature.
MRW55#(config)#802.1X supplicant eth_user David
MRW55#(config)#802.1X supplicant eth_password DEF
MRW55#(config)#802.1X supplicant eth
MRW55#(config)#
6-14
7-38
7-38
7-38
6
Advanced Configuration
MRW55#(config)#802.1X supplicant wds_user 1 David
MRW55#(config)#802.1X supplicant wds_password 1 ABC
MRW55#(config)#802.1X supplicant wds 1
MRW55#(config)#
7-38
7-38
7-38
CLI Commands for Local MAC Authentication – Use the mac-authentication
server command from the global configuration mode to enable local MAC
authentication. Set the default for MAC addresses not in the local table using the
address filter default command, then enter MAC addresses in the local table using
the address filter entry command. To remove an entry from the table, use the
address filter delete command. To display the current settings, use the show
authentication command from the Exec mode.
MRW55(config)#mac-authentication server local
MRW55(config)#address filter default denied
MRW55(config)#address filter entry 00-70-50-cc-99-1a
denied
MRW55(config)#address filter entry 00-03-7F-E0-06-EA allowed
MRW55(config)#address filter entry 00-70-50-cc-99-1c allowed
MRW55(config)#address filter delete 00-70-50-cc-99-1c
MRW55(config)#exit
MRW55#show authentication
7-41
7-39
7-40
7-40
7-42
Authentication Information
=========================================================
MAC Authentication Server
: LOCAL
MAC Auth Session Timeout Value : 300 secs
802.1X
: DISABLED
Broadcast Key Refresh Rate
: 5 min
Session Key Refresh Rate
: 5 min
802.1X Session Timeout Value
: 300 secs
Address Filtering
: DENIED
System Default : DENY addresses not found in filter table.
Filter Table
MAC Address
Status
-------------------------00-70-50-cc-99-1a
DENIED
00-03-7F-E0-06-EA
ALLOWED
=========================================================
MRW55#
6-15
6
System Configuration
CLI Commands for RADIUS MAC Authentication – Use the mac-authentication
server command from the global configuration mode to enable remote MAC
authentication. Set the timeout value for re-authentication using the
mac-authentication session-timeout command. Be sure to also configure
connection settings for the RADIUS server (not shown in the following example). To
display the current settings, use the show authentication command from the Exec
mode.
MRW55(config)#mac-authentication server remote
MRW55(config)#mac-authentication session-timeout 300
MRW55(config)#exit
MRW55#show authentication
Authentication Information
=========================================================
MAC Authentication Server
: REMOTE
MAC Auth Session Timeout Value : 300 secs
802.1X
: DISABLED
Broadcast Key Refresh Rate
: 5 min
Session Key Refresh Rate
: 5 min
802.1X Session Timeout Value
: 300 secs
Address Filtering
: DENIED
System Default : DENY addresses not found in filter table.
Filter Table
MAC Address
Status
-------------------------00-70-50-cc-99-1a
DENIED
00-03-7F-E0-06-EA
ALLOWED
=========================================================
MRW55#
6-16
7-41
7-41
7-42
6
Advanced Configuration
CLI Commands for 802.1X Authentication – Use the 802.1X supported command
from the global configuration mode to enable 802.1X authentication. Set the session
and broadcast key refresh rate, and the re-authentication timeout. To display the
current settings, use the show authentication command from the Exec mode.
MRW55(config)#802.1X supported
MRW55(config)#802.1X broadcast-key-refresh-rate 5
MRW55(config)#802.1X session-key-refresh-rate 5
MRW55(config)#802.1X session-timeout 300
MRW55(config)#exit
MRW55#show authentication
7-35
7-36
7-37
7-38
7-42
Authentication Information
=========================================================
MAC Authentication Server
: REMOTE
MAC Auth Session Timeout Value : 300 secs
802.1X
: SUPPORTED
Broadcast Key Refresh Rate
: 5 min
Session Key Refresh Rate
: 5 min
802.1X Session Timeout Value
: 300 secs
Address Filtering
: DENIED
System Default : DENY addresses not found in filter table.
Filter Table
MAC Address
Status
-------------------------00-70-50-cc-99-1a
DENIED
00-03-7F-E0-06-EA
ALLOWED
=========================================================
MRW55#
6-17
6
System Configuration
Filter Control
The wireless bridge can employ VLAN tagging support and network traffic frame
filtering to control access to network resources and increase security.
Native VLAN ID – The VLAN ID assigned to wireless clients that are not assigned to
a specific VLAN by RADIUS server configuration. (Range: 1-64)
VLAN – Enables or disables VLAN tagging support on the wireless bridge (changing
the VLAN status forces a system reboot). When VLAN support is enabled, the
wireless bridge tags traffic passing to the wired network with the assigned VLAN ID
associated with each client on the RADIUS server or the configured native VLAN ID.
Traffic received from the wired network must also be tagged with a known VLAN ID.
Received traffic that has an unknown VLAN ID or no VLAN tag is dropped. When
VLAN support is disabled, the wireless bridge does not tag traffic passing to the
wired network and ignores the VLAN tags on any received frames.
Note: Before enabling VLANs on the wireless bridge, you must configure the connected
LAN switch port to accept tagged VLAN packets with the wireless bridge’s native
VLAN ID. Otherwise, connectivity to the wireless bridge will be lost when you
enable the VLAN feature.
Up to 64 VLAN IDs can be mapped to specific wireless clients, allowing users to
remain within the same VLAN as they move around a campus site. This feature can
6-18
Advanced Configuration
6
also be used to control access to network resources from wireless clients, thereby
improving security.
A VLAN ID (1-4094) is assigned to a client after successful authentication using
IEEE 802.1X and a central RADIUS server. The user VLAN IDs must be configured
on the RADIUS server for each user authorized to access the network. If a user
does not have a configured VLAN ID, the access point assigns the user to its own
configured native VLAN ID.
When setting up VLAN IDs for each user on the RADIUS server, be sure to use the
RADIUS attributes and values as indicated in the following table.
Number
RADIUS Attribute
Value
64
Tunnel-Type
VLAN (13)
65
Tunnel-Medium-Type
802
81
Tunnel-Private-Group
VLANID
(1 to 4094 in hexadecimal)
Note: The specific configuration of RADIUS server software is beyond the scope of
this guide. Refer to the documentation provided with the RADIUS server
software.
When VLAN filtering is enabled, the access point must also have 802.1X
authentication enabled and a RADIUS server configured. Wireless clients must also
support 802.1X client software to be assigned to a specific VLAN.
When VLAN filtering is disabled, the access point ignores the VLAN tags on any
received frames.
Local Bridge Filter – Controls wireless-to-wireless communications between clients
through the access point. However, it does not affect communications between
wireless clients and the wired network.
• Disable: Allows wireless-to-wireless communications between clients through the
access point.
• Enable: Blocks wireless-to-wireless communications between clients through the
access point.
AP Management Filter – Controls management access to the access point from
wireless clients. Management interfaces include the web, Telnet, or SNMP.
• Disable: Allows management access from wireless clients.
• Enable: Blocks management access from wireless clients.
Ethernet Type Filter – Controls checks on the Ethernet type of all incoming and
outgoing Ethernet packets against the protocol filtering table.
• Disable: Wireless bridge does not filter Ethernet protocol types.
6-19
6
System Configuration
• Enable: Wireless bridge filters Ethernet protocol types based on the configuration
of protocol types in the filter table. If a protocol has its status set to “ON,” the
protocol is filtered from the wireless bridge.
CLI Commands for VLAN Support – From the global configuration mode use the
native-vlanid command to set the default VLAN ID for the Ethernet interface, then
enable VLANs using the vlan enable command. When you change the access
point’s VLAN support setting, you must reboot the access point to implement the
change. To view the current VLAN settings, use the show system command.
MRW55(config)#native-vlanid 3
MRW55(config)#vlan enable
Reboot system now? <y/n>: y
7-87
7-87
CLI Commands for Bridge Filtering – Use the filter ap-manage command to restrict
management access from wireless clients. To configure Ethernet protocol filtering,
use the filter ethernet-type enable command to enable filtering and the filter
ethernet-type protocol command to define the protocols that you want to filter. To
display the current settings, use the show filters command from the Exec mode.
MRW55(config)#filter ap-manage
MRW55(config)#filter ethernet-type enable
MRW55(config)#filter ethernet-type protocol ARP
MRW55(config)#exit
MRW55#show filters
7-54
7-54
7-55
7-56
Protocol Filter Information
=========================================================
AP Management
:ENABLED
Ethernet Type Filter :ENABLED
Enabled Protocol Filters
--------------------------------------------------------Protocol: ARP
ISO: 0x0806
=========================================================
MRW55#
SNMP
You can use a network management application to manage the wireless bridge via
the Simple Network Management Protocol (SNMP) from a management station. To
implement SNMP management, the wireless bridge must have an IP address and
subnet mask, configured either manually or dynamically. Once an IP address has
been configured, appropriate SNMP communities and trap receivers should be
configured.
Community names are used to control management access to SNMP stations, as
well as to authorize SNMP stations to receive trap messages from the wireless
bridge. To communicate with the wireless bridge, a management station must first
6-20
Advanced Configuration
6
submit a valid community name for authentication. You therefore need to assign
community names to specified users or user groups and set the access level.
SNMP – Enables or disables SNMP management access and also enables the
wireless bridge to send SNMP traps (notifications). SNMP management is enabled
by default.
Community Name (Read Only) – Defines the SNMP community access string that
has read-only access. Authorized management stations are only able to retrieve
MIB objects. (Maximum length: 23 characters, case sensitive; Default: public)
Community Name (Read/Write) – Defines the SNMP community access string that
has read/write access. Authorized management stations are able to both retrieve
and modify MIB objects. (Maximum length: 23 characters, case sensitive;
Default: private)
Trap Destination IP Address – Specifies the recipient of SNMP notifications. Enter
the IP address or the host name. (Host Name: 1 to 20 characters)
Trap Destination Community Name – The community string sent with the notification
operation. (Maximum length: 23 characters; Default: public)
6-21
6
System Configuration
CLI Commands for SNMP – Use the snmp-server enable server command from the
global configuration mode to enable SNMP. To set read/write and read-only
community names, use the snmp-server community command. The snmp-server
host command defines a trap receiver host. To view the current SNMP settings, use
the show snmp command.
MRW55(config)#snmp-server
MRW55(config)#snmp-server
MRW55(config)#snmp-server
MRW55(config)#snmp-server
MRW55(config)#exit
MRW55#show snmp
enable server
community alpha rw
community beta ro
host 10.1.19.23 alpha
SNMP Information
============================================
Service State : Enable
Community (ro) : ****
Community (rw) : *****
Location
: building-1
Contact
: Paul
Traps
: Enabled
Host Name/IP
: 10.1.19.23
Trap Community : *****
=============================================
MRW55#
6-22
7-25
7-24
7-26
7-27
6
Advanced Configuration
Administration
Changing the Password
Management access to the web and CLI interface on the wireless bridge is
controlled through a single user name and password. You can also gain additional
access security by using control filters (see “Filter Control” on page 6-18).
To protect access to the management interface, you need to configure an
Administrator’s user name and password as soon as possible. If the user name and
password are not configured, then anyone having access to the wireless bridge may
be able to compromise wireless bridge and network security.
Note: Pressing the Reset button on the back of the wireless bridge for more than
five seconds resets the user name and password to the factory defaults. For
this reason, we recommend that you protect the wireless bridge from
physical access by unauthorized persons.
Username – The name of the user. The default name is “admin.” (Length: 3-16
characters, case sensitive.)
New Password – The password for management access. (Length: 3-16 characters,
case sensitive)
Confirm New Password – Enter the password again for verification.
CLI Commands for the User Name and Password – Use the username and
password commands from the CLI configuration mode.
MRW55(config)#username bob
MRW55(config)#password spiderman
MRW55#
7-13
7-13
6-23
6
System Configuration
Upgrading Firmware
You can upgrade new wireless bridge software from a local file on the management
workstation, or from an FTP or TFTP server.
After upgrading new software, you must reboot the wireless bridge to implement the
new code. Until a reboot occurs, the wireless bridge will continue to run the software
it was using before the upgrade started. Also note that rebooting the wireless bridge
with new software will reset the configuration to the factory default settings.
Note: Before upgrading your wireless bridge software, it is recommended to save a
copy of the current configuration file. See “copy” on page 7-29 for information
on saving the configuration file to a TFTP or FTP server.
Before upgrading new software, verify that the wireless bridge is connected to the
network and has been configured with a compatible IP address and subnet mask.
If you need to download from an FTP or TFTP server, take the following additional
steps:
• Obtain the IP address of the FTP or TFTP server where the wireless bridge
software is stored.
• If upgrading from an FTP server, be sure that you have an account configured on
the server with a user name and password.
Current version – Version number of runtime code.
6-24
6
Advanced Configuration
Firmware Upgrade Local – Downloads an operation code image file from the web
management station to the wireless bridge using HTTP. Use the Browse button to
locate the image file locally on the management station and click Start Upgrade to
proceed.
• New firmware file: Specifies the name of the code file on the server. The new
firmware file name should not contain slashes (\ or /), the leading letter of the file
name should not be a period (.), and the maximum length for file names is 32
characters for files on the wireless bridge. (Valid characters: A-Z, a-z, 0-9, “.”, “-”,
“_”)
Firmware Upgrade Remote – Downloads an operation code image file from a
specified remote FTP or TFTP server. After filling in the following fields, click Start
Upgrade to proceed.
• New firmware file: Specifies the name of the code file on the server. The new
firmware file name should not contain slashes (\ or /), the leading letter of the file
name should not be a period (.), and the maximum length for file names on the
FTP/TFTP server is 255 characters or 32 characters for files on the wireless bridge.
(Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
• IP Address: IP address or host name of FTP or TFTP server.
• Username: The user ID used for login on an FTP server.
• Password: The password used for login on an FTP server.
Restore Factory Settings – Click the Restore button to reset the configuration
settings for the wireless bridge to the factory defaults and reboot the system. Note
that all user configured information will be lost. You will have to re-enter the default
user name (admin) to re-gain management access to this device.
Reset wireless bridge – Click the Reset button to reboot the system.
Note: If you have upgraded system software, then you must reboot the wireless
bridge to implement the new operation code.
6-25
6
System Configuration
CLI Commands for Downloading Software from a TFTP Server – Use the copy tftp
file command from the Exec mode and then specify the file type, name, and IP
address of the TFTP server. When the download is complete, the dir command can
be used to check that the new file is present in the wireless bridge file system. To run
the new software, use the reset board command to reboot the wireless bridge.
MRW55#copy tftp file
1. Application image
2. Config file
3. Boot block image
Select the type of download<1,2,3>: [1]:1
TFTP Source file name:bridge-img.bin
TFTP Server IP:192.168.1.19
7-29
MRW55#dir
File Name
-------------------------dflt-img.bin
bridge-img.bin
syscfg
syscfg_bak
7-30
Type
---2
2
5
5
File Size
----------1319939
1629577
17776
17776
262144 byte(s) available
MRW55#reset board
Reboot system now? <y/n>: y
6-26
7-9
Advanced Configuration
6
System Log
The wireless bridge can be configured to send event and error messages to a
System Log Server. The system clock can also be synchronized with a time server,
so that all the messages sent to the Syslog server are stamped with the correct time
and date.
Enabling System Logging
The wireless bridge supports a logging process that can control error messages
saved to memory or sent to a Syslog server. The logged messages serve as a
valuable tool for isolating wireless bridge and network problems.
System Log Setup – Enables the logging of error messages.
Logging Host – Enables the sending of log messages to a Syslog server host.
Server Name/IP – The IP address or name of a Syslog server.
Logging Console – Enables the logging of error messages to the console.
Logging Level – Sets the minimum severity level for event logging.
6-27
6
System Configuration
The system allows you to limit the messages that are logged by specifying a
minimum severity level. The following table lists the error message levels from the
most severe (Emergency) to least severe (Debug). The message levels that are
logged include the specified minimum level up to the Emergency level.
Error Level
Description
Emergency
System unusable
Alert
Immediate action needed
Critical
Critical conditions (e.g., memory allocation, or free memory error - resource
exhausted)
Error
Error conditions (e.g., invalid input, default used)
Warning
Warning conditions (e.g., return false, unexpected return)
Notice
Normal but significant condition, such as cold start
Informational
Informational messages only
Debug
Debugging messages
Note: The wireless bridge error log can be viewed using the Event Logs window in
the Status section (page 6-68).The Event Logs window displays the last 128
messages logged in chronological order, from the newest to the oldest. Log
messages saved in the wireless bridge’s memory are erased when the
device is rebooted.
6-28
6
Advanced Configuration
CLI Commands for System Logging – To enable logging on the wireless bridge, use
the logging on command from the global configuration mode. The logging level
command sets the minimum level of message to log. Use the logging console
command to enable logging to the console. Use the logging host command to
specify up to four Syslog servers. The CLI also allows the logging facility-type
command to set the facility-type number to use on the Syslog server. To view the
current logging settings, use the show logging command.
MRW55(config)#logging
MRW55(config)#logging
MRW55(config)#logging
MRW55(config)#logging
MRW55(config)#logging
MRW55(config)#exit
MRW55#show logging
on
level alert
console
host 1 10.1.0.3 514
facility-type 19
7-16
7-18
7-17
7-17
7-18
7-19
Logging Information
============================================
Syslog State
: Enabled
Logging Host State
: Enabled
Logging Console State
: Enabled
Server Domain name/IP
: 1 10.1.0.3
Logging Level
: Error
Logging Facility Type
: 16
=============================================
MRW55#
Configuring SNTP
Simple Network Time Protocol (SNTP) allows the wireless bridge to set its internal
clock based on periodic updates from a time server (SNTP or NTP). Maintaining an
accurate time on the wireless bridge enables the system log to record meaningful
dates and times for event entries. If the clock is not set, the wireless bridge will only
record the time from the factory default set at the last bootup.
The wireless bridge acts as an SNTP client, periodically sending time
synchronization requests to specific time servers. You can configure up to two time
server IP addresses. The wireless bridge will attempt to poll each server in the
configured sequence.
SNTP Server – Configures the wireless bridge to operate as an SNTP client. When
enabled, at least one time server IP address must be specified.
• Primary Server: The IP address of an SNTP or NTP time server that the wireless
bridge attempts to poll for a time update.
• Secondary Server: The IP address of a secondary SNTP or NTP time server. The
wireless bridge first attempts to update the time from the primary server; if this fails
it attempts an update from the secondary server.
Note: The wireless bridge also allows you to disable SNTP and set the system
clock manually using the CLI.
6-29
6
System Configuration
Set Time Zone – SNTP uses Coordinated Universal Time (or UTC, formerly
Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian,
zero degrees longitude. To display a time corresponding to your local time, you must
indicate the number of hours your time zone is located before (east) or after (west)
UTC.
Enable Daylight Saving – The wireless bridge provides a way to automatically adjust
the system clock for Daylight Savings Time changes. To use this feature you must
define the month and date to begin and to end the change from standard time.
During this period the system clock is set back by one hour.
CLI Commands for SNTP – To enable SNTP support on the wireless bridge, from
the global configuration mode specify SNTP server IP addresses using the
sntp-server ip command, then use the sntp-server enable command to enable the
service. Use the sntp-server timezone command to set the location time zone and
the sntp-server daylight-saving command to set up a daylight saving. To view the
current SNTP settings, use the show sntp command.
MRW55(config)#sntp-server ip 10.1.0.19
MRW55(config)#sntp-server enable
MRW55(config)#sntp-server timezone +8
MRW55(config)#sntp-server daylight-saving
Enter Daylight saving from which month<1-12>: 3
and which day<1-31>: 31
Enter Daylight saving end to which month<1-12>: 10
and which day<1-31>: 31
MRW55(config)#exit
MRW55#show sntp
SNTP Information
=========================================================
Service State
: Enabled
SNTP (server 1) IP
: 137.92.140.80
SNTP (server 2) IP
: 192.43.244.18
Current Time
: 19 : 35, Oct 10th, 2003
Time Zone
: +8 (TAIPEI, BEIJING)
Daylight Saving
: Enabled, from Mar, 31th to Oct, 31th
=========================================================
MRW55#
6-30
7-20
7-21
7-22
7-22
7-23
6
Advanced Configuration
CLI Commands for the System Clock – The following example shows how to
manually set the system time when SNTP server support is disabled on the wireless
bridge.
MRW55(config)#no sntp-server enable
MRW55(config)#sntp-server date-time
Enter Year<1970-2100>: 2003
Enter Month<1-12>: 10
Enter Day<1-31>: 10
Enter Hour<0-23>: 18
Enter Min<0-59>: 35
MRW55(config)#
7-21
7-21
Wireless Distribution System (WDS)
The IEEE 802.11 standard defines a WIreless Distribution System (WDS) for
connections between wireless bridges. The access point uses WDS to forward
traffic on bridge links between units. When using WDS, only wireless bridge units
can associate to each other using the bridge band. A wireless client cannot
associate with the access point on the wireless bridge band.
To set up a wireless bridge link, you must configure the WDS forwarding table by
specifying the wireless MAC address of the bridge to which you want to forward
traffic. For a Slave bridge unit, you need to specify the MAC address of the wireless
bridge unit at the opposite end of the link. For a Master bridge unit, you need to
specify the MAC addresses of all the Slave bridge units in the network.
6-31
6
System Configuration
Mode – The wireless bridge is set to operate as a Slave or Master unit:
• Master Mode: In a point-to-multipoint network configuration, only one wireless
bridge unit must be a Master unit (all others must be Slave units). A Master wireless
bridge provides support for up to 16 MAC addresses in the WDS forwarding table.
The MAC addresses of all other Slave bridge units in the network must be
configured in the forwarding table.
• Slave Mode: A Slave wireless bridge provides support for only one MAC address
in the WDS forwarding table. A Slave bridge communicates with only one other
wireless bridge, either another Slave bridge in a point-to-point configuration, or to
the Master bridge in a point-to-multipoint configuration.
Port Number (Master bridge only) – The wireless port identifier.
MAC Address – The physical layer address of the wireless bridge unit at the other
end of the wireless link. (12 hexadecimal digits in the form “xx:xx:xx:xx:xx:xx”)
6-32
6
Advanced Configuration
Port Status – Enables or disables the wireless bridge link.
Note: The wireless MAC address for each bridge unit is printed on the label on the
back of the unit.
CLI Commands for WDS – The following example shows how to configure the MAC
address of the wireless bridge at the opposite end of a point-to-point link, and then
enable forwarding on the link.
MRW55(config)#wds mac-address 1 00-12-34-56-78-9a
MRW55(config)#wds enable
MRW55(config)#exit
MRW55#show wds
7-43
7-44
7-44
Outdoor_Mode
:
SLAVE
==================================================
Port ID |
Status
|
Mac-Address
==================================================
01
|
ENABLE
|
00-12-34-56-78-9A
==================================================
MRW55#
Bridge
The wireless bridge can store the MAC addresses for all known devices in the
connected networks. All the addresses are learned by monitoring traffic received by
the wireless bridge and are stored in a dynamic MAC address table. This information
is then used to forward traffic directly between the Ethernet port and the
corresponding wireless interface.
6-33
6
System Configuration
The Bridging page allows the MAC address aging time to be set for both the
Ethernet port and the bridge radio interface. If the MAC address of an entry in the
address table is not seen on the associated interface for longer than the aging time,
the entry is discarded.
Bridge Aging Time – Changes the aging time for entries in the dynamic address
table:
• Ethernet: The time after which a learned Ethernet port entry is discarded. (Range:
60-1800 seconds; Default: 100 seconds)
• Wireless 802.11a (g): The time after which a learned wireless entry is discarded.
(Range: 60-1800 seconds; Default: 1800 seconds)
6-34
6
Advanced Configuration
CLI Commands for Bridging – The following example shows how to set the MAC
address aging time for the wireless bridge.
MRW55(config)#bridge timeout 0 300
MRW55(config)#bridge timeout 2 1000
MRW55(config)#exit
MRW55#show bridge
7-46
7-46
7-52
Bridge Information
=================================================
Media Type | Age Time(sec)|
=================================================
EtherNet |
300
|
WLAN_A
| 1000
|
==================================================
Bridge Id
: 32768.037fbef192
Root Bridge Id
: 32768.01f47483e2
Root Path Cost
: 25
Root Port Id
: 0
Bridge Status
: Enabled
Bridge Priority
: 32768
Bridge Hello Time
: 2 Seconds
Bridge Maximum Age : 20 Seconds
Bridge Forward Delay: 15 Seconds
============================= Port Summary =============================
Id| Priority | Path Cost | Fast Forward | Status |
State
|
0
128
25
Enable
Enabled
Forwarding
MRW55#
6-35
6
System Configuration
Spanning Tree Protocol (STP)
The Spanning Tree Protocol (STP) can be used to detect and disable network loops,
and to provide backup links between switches, bridges or routers. This allows the
wireless bridge to interact with other bridging devices (that is, an STP-compliant
switch, bridge or router) in your network to ensure that only one route exists between
any two stations on the network, and provide backup links which automatically take
over when a primary link goes down.
STP uses a distributed algorithm to select a bridging device (STP-compliant switch,
bridge or router) that serves as the root of the spanning tree network. It selects a
root port on each bridging device (except for the root device) which incurs the lowest
path cost when forwarding a packet from that device to the root device. Then it
selects a designated bridging device from each LAN which incurs the lowest path
cost when forwarding a packet from that LAN to the root device. All ports connected
to designated bridging devices are assigned as designated ports. After determining
the lowest cost spanning tree, it enables all root ports and designated ports, and
disables all other ports. Network packets are therefore only forwarded between root
ports and designated ports, eliminating any possible network loops.
Once a stable network topology has been established, all bridges listen for Hello
BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge
does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge
assumes that the link to the root bridge is down. This bridge will then initiate
negotiations with other bridges to reconfigure the network to reestablish a valid
network topology.
Enable – Enables/disables STP on the wireless bridge. (Default: Enabled)
6-36
6
Advanced Configuration
Forward Delay – The maximum time (in seconds) this device waits before changing
states (i.e., discarding to learning to forwarding). This delay is required because
every device must receive information about topology changes before it starts to
forward frames. In addition, each port needs time to listen for conflicting information
that would make it return to a discarding state; otherwise, temporary data loops
might result. (Range: 4-30 seconds)
• Default: 15
• Minimum: The higher of 4 or [(Max. Message Age / 2) + 1]
• Maximum: 30
Hello Time – Interval (in seconds) at which the root device transmits a configuration
message. (Range: 1-10 seconds)
• Default: 2
• Minimum: 1
• Maximum: The lower of 10 or [(Max. Message Age / 2) -1]
Maximum Age – The maximum time (in seconds) a device can wait without receiving
a configuration message before attempting to reconfigure. All device ports (except
for designated ports) should receive configuration messages at regular intervals.
Any port that ages out STP information (provided in the last configuration message)
becomes the designated port for the attached LAN. If it is a root port, a new root port
is selected from among the device ports attached to the network. (Range: 6-40
seconds)
• Default: 20
• Minimum: The higher of 6 or [2 x (Hello Time + 1)].
• Maximum: The lower of 40 or [2 x (Forward Delay - 1)]
Bridge Priority – Used in selecting the root device, root port, and designated port.
The device with the highest priority becomes the STP root device. However, if all
devices have the same priority, the device with the lowest MAC address will then
become the root device. (Note that lower numeric values indicate higher priority.)
• Range: 0-65535
• Default: 32768
Port Cost – This parameter is used by the STP to determine the best path between
devices. Therefore, lower values should be assigned to ports attached to faster
media, and higher values assigned to ports with slower media. (Path cost takes
precedence over port priority.)
• Range: 1-65535
• Default: Ethernet interface: 19; Wireless interface: 40
6-37
6
System Configuration
Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the
path cost for all ports on a switch are the same, the port with the highest priority (i.e.,
lowest value) will be configured as an active link in the spanning tree. This makes a
port with higher priority less likely to be blocked if the Spanning Tree Protocol is
detecting network loops. Where more than one port is assigned the highest priority,
the port with lowest numeric identifier will be enabled.
• Default: 128
• Range: 0-240, in steps of 16
Port Fast (Fast Forwarding) – You can enable this option if an interface is attached
to a LAN segment that is at the end of a bridged LAN or to an end node. Since end
nodes cannot cause forwarding loops, they can pass directly through to the
spanning tree forwarding state. Specifying fast forwarding provides quicker
convergence for devices such as workstations or servers, retains the current
forwarding database to reduce the amount of frame flooding required to rebuild
address tables during reconfiguration events, does not cause the spanning tree to
initiate reconfiguration when the interface changes state, and also overcomes other
STP-related timeout problems. However, remember that fast forwarding should only
be enabled for ports connected to an end-node device. (Default: Disabled)
Status – Enables/disables STP on this interface. (Default: Enabled)
6-38
6
Advanced Configuration
CLI Commands for STP – The following example configures spanning tree
paramters for the bridge and wireless port 5.
MRW55(config)#bridge stp-bridge priority 40000
MRW55(config)#bridge stp-bridge hello-time 5
MRW55(config)#bridge stp-bridge max-age 38
MRW55(config)#bridge stp-bridge forward-time 20
MRW55(config)#no bridge stp-port spanning-disabled 5
MRW55(config)#bridge stp-port priority 5 0
MRW55(config)#bridge stp-port path-cost 5 50
MRW55(config)#no bridge stp-port portfast 5
MRW55(config)#end
MRW55#show bridge
7-49
7-48
7-48
7-47
7-52
7-50
7-50
7-51
7-52
Bridge Information
=================================================
Media Type | Age Time(sec)|
=================================================
EtherNet |
300
|
WLAN_A
| 1000
|
==================================================
Bridge Id
: 32768.037fbef192
Root Bridge Id
: 32768.01f47483e2
Root Path Cost
: 25
Root Port Id
: 0
Bridge Status
: Enabled
Bridge Priority
: 40000
Bridge Hello Time
: 5 Seconds
Bridge Maximum Age : 38 Seconds
Bridge Forward Delay: 20 Seconds
============================= Port Summary =============================
Id| Priority | Path Cost | Fast Forward | Status |
State
|
0
128
25
Enable
Enabled
Forwarding
MRW55#
6-39
6
System Configuration
RSSI
The RSSI value displayed on the RSSI page represents a signal to noise ratio. A
value of 30 would indicate that the power of the received signal is 30 dBm above the
signal noise threshold. This value can be used to align antennas (see page 4-6) and
monitor the quality of the received signal for bridge links. An RSSI value of about 30
or more indicates a strong enough signal to support the maximum data rate of
54 Mbps. Below a value of 30, the supported data rate would drop to lower rates. A
value of 15 or less indicates that the signal is weak and the antennas may require
realignment.
The RSSI controls allow the external connector to be disabled and the receive signal
for each WDS port displayed.
RSSI – The RSSI value for a selected port can be displayed and a representative
voltage output can be enabled.
• Output Activate: Enables or disables the RSSI voltage output on the external RSSI
connector. (Default: Enabled)
• Port Number: Selects a specific WDS port for which to set the maximum RSSI
output voltage level. Ports 1-16 are available for a Master unit, only port 1 for a
Slave unit. (Default: 1)
• Output Value: The maximum RSSI voltage level for the current selected WDS port.
A value of zero indicates that there is no received signal or that the WDS port is
disabled.
6-40
6
Radio Interface
Distance – This value is used to adjust timeout values to take into account transmit
delays due to link distances in the wireless bridge network. For a point-to-point link,
specify the approximate distance between the two bridges. For a point-to-multipoint
network, specify the distance of the Slave bridge farthest from the Master bridge
• Mode: Indicates if the 802.11a radio is operating in normal or Turbo mode. (See
"Radio Settings A" on page 6-42.)
• Distance: The approximate distance between antennas in a bridge link.
Note: There are currently no equivalent CLI commands for the RSSI controls.
Radio Interface
The IEEE 802.11a and 802.11g interfaces include configuration options for radio
signal characteristics and wireless security features. The configuration options are
nearly identical, but depend on which interface is operating as the bridge band. Both
interfaces and operating modes are covered in this section of the manual.
The access point can operate in the following modes:
• 802.11a in bridge mode and 802.11g in access point mode
• 802.11a in access point mode and 802.11g in bridge mode
• 802.11a and 802.11g both in access point mode (no bridging)
• 802.11a only in bridge or access point mode
• 802.11g only in bridge or access point mode
Note that 802.11g is backward compatible with 802.11b and can be configured to
support both client types or restricted to 802.11g clients only. Both wireless
interfaces are configured independently under the following web pages:
• Radio Interface A: 802.11a
• Radio Interface G: 802.11b/g
Note: The radio channel settings for the wireless bridge are limited by local
regulations, which determine the number of channels that are available.
6-41
6
System Configuration
Radio Settings A (802.11a)
The IEEE 802.11a interface operates within the 5 GHz band, at up to 54 Mbps in
normal mode or up to 108 Mbps in Turbo mode.
Enable – Enables radio communications on the wireless interface. (Default:
Enabled)
Description – Adds a comment or description to the wireless interface. (Range: 1-80
characters)
Network Name (SSID) – (Access point mode only) The name of the basic service
set provided by the access point. Clients that want to connect to the network through
the access point must set their SSID to the same as that of the access point.
(Default: MRW55; Range: 1-32 characters)
Note: The SSID is not configurable when the radio band is set to Bridge mode.
Secure Access – When enabled, the access point radio does not include its SSID in
beacon messages. Nor does it respond to probe requests from clients that do not
include a fixed SSID. (Default: Disable)
Turbo Mode – The normal 802.11a wireless operation mode provides connections
up to 54 Mbps. Turbo Mode is an enhanced mode (not regulated in IEEE 802.11a)
that provides a higher data rate of up to 108 Mbps. Enabling Turbo Mode allows the
wireless bridge to provide connections up to 108 Mbps. (Default: Disabled)
6-42
Radio Interface
6
Note: In normal mode, the wireless bridge provides a channel bandwidth of 20
MHz, and supports the maximum number of channels permitted by local
regulations (e.g., 11 channels for the United States). In Turbo Mode, the
channel bandwidth is increased to 40 MHz to support the increased data
rate. However, this reduces the number of channels supported (e.g., 5
channels for the United States).
Radio Channel – The radio channel that the wireless bridge
Normal Mode
uses to communicate with wireless clients. When multiple
wireless bridges are deployed in the same area, set the
channel on neighboring wireless bridges at least four channels
apart to avoid interference with each other. For example, in the
United States you can deploy up to four wireless bridges in the
same area (e.g., channels 36, 56, 149, 165). Also note that the
channel for wireless clients is automatically set to the same as
that used by the wireless bridge to which it is linked. (Default:
Channel 60 for normal mode, and channel 42 for Turbo mode)
Auto Channel Select – Enables the wireless bridge to
automatically select an unoccupied radio channel. (Default:
Enabled)
Turbo Mode
Transmit Power – Adjusts the power of the radio signals
transmitted from the wireless bridge. The higher the
transmission power, the farther the transmission range. Power
selection is not just a trade off between coverage area and
maximum supported clients. You also have to ensure that
high-power signals do not interfere with the operation of other
radio devices in the service area. (Options: 100%, 50%, 25%, 12%, minimum;
Default: 100%)
Maximum Supported Rate – The maximum data rate at which the access point
transmits unicast packets on the wireless interface. The maximum transmission
distance is affected by the data rate. The lower the data rate, the longer the
transmission distance.
(Options: 54, 48, 36, 24, 18, 12, 9, 6 Mbps; Default: 54 Mbps)
Beacon Interval – The rate at which beacon signals are transmitted from the
wireless bridge. The beacon signals allow wireless clients to maintain contact with
the wireless bridge. They may also carry power-management information.
(Range: 20-1000 TUs; Default: 100 TUs)
Data Beacon Rate – The rate at which stations in sleep mode must wake up to
receive broadcast/multicast transmissions.
Known also as the Delivery Traffic Indication Map (DTIM) interval, it indicates how
often the MAC layer forwards broadcast/multicast traffic, which is necessary to wake
up stations that are using Power Save mode. The default value of 2 indicates that
the wireless bridge will save all broadcast/multicast frames for the Basic Service Set
6-43
6
System Configuration
(BSS) and forward them after every second beacon. Using smaller DTIM intervals
delivers broadcast/multicast frames in a more timely manner, causing stations in
Power Save mode to wake up more often and drain power faster. Using higher DTIM
values reduces the power used by stations in Power Save mode, but delays the
transmission of broadcast/multicast frames.
(Range: 1-255 beacons; Default: 2 beacons)
Fragment Length – Configures the minimum packet size that can be fragmented
when passing through the wireless bridge. Fragmentation of the PDUs (Package
Data Unit) can increase the reliability of transmissions because it increases the
probability of a successful transmission due to smaller frame size. If there is
significant interference present, or collisions due to high network utilization, try
setting the fragment size to send smaller fragments. This will speed up the
retransmission of smaller frames. However, it is more efficient to set the fragment
size larger if very little or no interference is present because it requires overhead to
send multiple frames. (Range: 256-2346 bytes; Default: 2346 bytes)
RTS Threshold – Sets the packet size threshold at which a Request to Send (RTS)
signal must be sent to a receiving station prior to the sending station starting
communications. The wireless bridge sends RTS frames to a receiving station to
negotiate the sending of a data frame. After receiving an RTS frame, the station
sends a CTS (clear to send) frame to notify the sending station that it can start
sending data.
If the RTS threshold is set to 0, the wireless bridge always sends RTS signals. If set
to 2347, the wireless bridge never sends RTS signals. If set to any other value, and
the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to
Send / Clear to Send) mechanism will be enabled.
The wireless bridges contending for the medium may not be aware of each other.
The RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 0-2347
bytes: Default: 2347 bytes)
Maximum Associations – (Access point mode only) Sets the maximum number of
clients that can be associated with the access point radio at the same time.
(Range: 1-64 per radio: Default: 64)
6-44
6
Radio Interface
CLI Commands for the 802.11a Wireless Interface – From the global configuration
mode, enter the interface wireless a command to access the 802.11a radio
interface. If required, configure a name for the interface using the description
command. Use the turbo command to enable this feature before setting the radio
channel with the channel command. Set any other parameters as required. To view
the current 802.11a radio settings, use the show interface wireless a command.
MRW55(config)#interface wireless a
Enter Wireless configuration commands, one per line.
MRW55(if-wireless a)#description RD-AP#3
MRW55(if-wireless a)#ssid r&d
MRW55(if-wireless a)#no turbo
MRW55(if-wireless a)#channel 44
MRW55(if-wireless a)#closed-system
MRW55(if-wireless a)#transmit-power full
MRW55(if-wireless a)#speed 9
MRW55(if-wireless a)#max-association 32
MRW55(if-wireless a)#beacon-interval 150
MRW55(if-wireless a)#dtim-period 5
MRW55(if-wireless a)#fragmentation-length 512
MRW55(if-wireless a)#rts-threshold 256
MRW55(if-wireless a)#exit
MRW55#show interface wireless a
7-69
7-69
7-70
7-72
7-71
7-70
7-75
7-71
7-76
7-72
7-73
7-74
7-74
7-84
Wireless Interface Information
===========================================================
----------------Identification----------------------------Description
: RD-AP#3
Service Type
: Access Point
SSID
: r&d
Turbo Mode
: OFF
Channel
: 44
Status
: Disable
----------------802.11 Parameters-------------------------Transmit Power
: FULL (15 dBm)
Max Station Data Rate
: 9Mbps
Fragmentation Threshold
: 512 bytes
RTS Threshold
: 256 bytes
Beacon Interval
: 150 TUs
DTIM Interval
: 5 beacons
Maximum Association
: 32 stations
----------------Security----------------------------------Closed System
: ENABLED
Multicast cipher
: WEP
Unicast cipher
: WEP
WPA clients
: SUPPORTED
WPA Key Mgmt Mode
: DYNAMIC
WPA PSK Key Type
: HEX
Encryption
: DISABLED
Default Transmit Key
: 1
Static Keys :
Key 1: EMPTY
Key 2: EMPTY
Key 3: EMPTY
Key 4: EMPTY
Authentication Type
: OPEN
===========================================================
MRW55#
6-45
6
System Configuration
Radio Settings G (802.11g)
The IEEE 802.11g standard operates within the 2.4 GHz band at up to 54 Mbps.
Also note that because the IEEE 802.11g standard is an extension of the IEEE
802.11b standard, it allows clients with 802.11b wireless network cards to associate
to an 802.11g access point.
Enable – Enables radio communications on the access point. (Default: Enabled)
Radio Channel – The radio channel that the access point uses to communicate with
wireless clients. When multiple access points are deployed in the same area, set the
channel on neighboring access points at least five channels apart to avoid
interference with each other. For example, in the United States you can deploy up to
three access points in the same area (e.g., channels 1, 6, 11). Also note that the
channel for wireless clients is automatically set to the same as that used by the
access point to which it is linked. (Range: 1-11 (US/Canada); Default: 1)
Auto Channel Select – Enables the access point to automatically select an
unoccupied radio channel. (Default: Enabled)
6-46
6
Radio Interface
Working Mode – Selects the operating mode for the 802.11g wireless interface.
(Default: b & g mixed mode)
• b & g mixed mode: Both 802.11b and 802.11g clients can communicate with the
access point (up to 54 Mbps).
• g only: Only 802.11g clients can communicate with the access point (up to
54 Mbps).
• b only: Both 802.11b and 802.11g clients can communicate with the access point,
but 802.11g clients can only transfer data at 802.11b standard rates (up to
11 Mbps).
Maximum Station Data Rate – The maximum data rate at which the access
point transmits unicast packets on the wireless interface. The maximum
transmission distance is affected by the data rate. The lower the data rate,
the longer the transmission distance. (Default: 54 Mbps)
For a description of the remaining configuration items, see “Radio Settings A
(802.11a)” on page 6-42.
CLI Commands for the 802.11g Wireless Interface – From the global
configuration mode, enter the interface wireless g command to access the
802.11g radio interface. Set the interface SSID using the ssid command
and, if required, configure a name for the interface using the description
command. You can also use the closed-system command to stop sending
the SSID in beacon messages. Select a radio channel or set selection to Auto using
the channel command. Set any other parameters as required. To view the current
802.11g radio settings, use the show interface wireless g command.
MRW55(config)#interface wireless g
Enter Wireless configuration commands, one per line.
MRW55(if-wireless g)#description RD-AP#3
MRW55(if-wireless g)#ssid r&d
MRW55(if-wireless g)#channel auto
MRW55(if-wireless a)#closed-system
MRW55(if-wireless a)#transmit-power full
MRW55(if-wireless g)#speed 6
MRW55(if-wireless g)#max-association 32
MRW55(if-wireless g)#beacon-interval 150
MRW55(if-wireless g)#dtim-period 5
MRW55(if-wireless g)#fragmentation-length 512
MRW55(if-wireless g)#rts-threshold 256
MRW55(if-wireless g)#exit
7-69
7-69
7-70
7-71
7-70
7-75
7-71
7-76
7-72
7-73
7-74
7-74
6-47
6
System Configuration
MRW55#show interface wireless g
7-84
Wireless Interface Information
===========================================================
----------------Identification----------------------------Description
: Enterprise 802.11g Access Point
Service Type
: Access Point
SSID
: r&d
Channel
: 11 (AUTO)
Status
: Enable
----------------802.11 Parameters-------------------------Transmit Power
: FULL (14 dBm)
Max Station Data Rate
: 6Mbps
Fragmentation Threshold
: 512 bytes
RTS Threshold
: 256 bytes
Beacon Interval
: 150 TUs
DTIM Interval
: 5 beacons
Maximum Association
: 64 stations
----------------Security----------------------------------Closed System
: DISABLED
Multicast cipher
: WEP
Unicast cipher
: TKIP
WPA clients
: SUPPORTED
WPA Key Mgmt Mode
: DYNAMIC
WPA PSK Key Type
: HEX
Encryption
: DISABLED
Default Transmit Key
: 1
Static Keys :
Key 1: EMPTY
Key 2: EMPTY
Key 3: EMPTY
Key 4: EMPTY
Authentication Type
: OPEN
===========================================================
MRW55#
Security (Bridge Mode)
Wired Equivalent Privacy (WEP) and Advanced Encryption Standard (AES) are
implemented for security in bridge mode to prevent unauthorized access to network
data. To secure bridge link data transmissions, enable WEP or AES encryption for
the bridge radio and set at least one encryption key.
Wired Equivalent Privacy (WEP)
WEP provides a basic level of security, preventing unauthorized access to the
network and encrypting data transmitted between wireless bridge units. WEP uses
static shared keys (fixed-length hexadecimal or alphanumeric strings) that are
manually configured on all units in the wireless bridge network.
6-48
6
Radio Interface
Setting up IEEE 802.11 Wired Equivalent Privacy (WEP) shared keys prevents
unauthorized access to the wireless bridge network.
Be sure to define at least one static WEP key for data encryption. Also, be sure that
the WEP keys are the same for all bridge units in the wireless network.
Data Encryption Setup – Enable or disable the wireless bridge to use either WEP or
AES for data encryption. If WEP encryption is selected and enabled, you must
configure at least one encryption key on the wireless bridge. (Default: Disable)
Shared Key Setup – Select 64 Bit, 128 Bit, or 152 Bit key length. Note that the same
size of WEP encryption key must be set on all bridge units in the wireless network.
(Default: 128 Bit)
Key Type – Select the preferred method of entering WEP encryption keys on the
wireless bridge and enter up to four keys:
• Hexadecimal: Enter keys as 10 hexadecimal digits (0 to 9 and A to F) for 64 bit
keys, 26 hexadecimal digits for 128 bit keys, or 32 hexadecimal digits for 152 bit
keys.
• Alphanumeric: Enter keys as 5 alphanumeric characters for 64 bit keys, 13
alphanumeric characters for 128 bit keys, or 16 alphanumeric characters for 152
bit keys.
6-49
6
System Configuration
• Transmit Key Select: Selects the key number to use for encryption. Bridge units in
the wireless network must have all four keys configured to the same values.
Note: Key index and type must match on all bridge units in the wireless network.
Advanced Encryption Standard (AES)
AES has been designated by the National Institute of Standards and Technology as
the successor to the Data Encryption Standard (DES) encryption algorithm, and will
be used by the U.S. government for encrypting all sensitive, nonclassified
information. Because of its strength, and resistance to attack, AES is also being
incorporated as part of the 802.11 security standard.
The bridge radio band uses 128-bit static AES keys (hexadecimal or alphanumeric
strings) that are configured for each link pair in the wireless bridge network. For a
Slave bridge unit, only one encryption key needs to be defined. A Master bridge
allows a different key to be defined for each wireless bridge link in the network.
Configuring AES encryption keys on the wireless bridge provides far more robust
security than using WEP. Also, a unique AES key can be used for each bridge link in
the wireless network, instead of all bridges sharing the same WEP keys.
Data Encryption Setup – Enable or disable the wireless bridge to use either WEP or
AES for data encryption. If AES encryption is selected and enabled, you must
configure one encryption key for each wireless port link on the wireless bridge. A
Slave bridge supports only one wireless port link, but a Master bridge supports up to
16 links. (Default: Disable)
6-50
6
Radio Interface
Key Type – Select the preferred method of entering AES encryption keys on the
wireless bridge and enter a key for each bridge link in the network:
• Hexadecimal: Enter keys as exactly 32 hexadecimal digits (0 to 9 and A to F).
• Alphanumeric: Enter keys as an alphanumeric string using between 8 and 31
characters.
Note: For each wireless port link (1 to 16), the AES keys must match on the
corresponding bridge unit.
CLI Commands for WEP Security – From the 802.11a interface configuration mode,
use the encryption command to enable WEP encryption. To enter WEP keys, use the
key command, and then set one key as the transmit key using the transmit-key
command. To view the current security settings, use the show interface wireless a
command.
MRW55(config)#interface wireless a
Enter Wireless configuration commands, one per line.
MRW55(if-wireless a)#encryption wep 128
MRW55(if-wireless a)#key wep 1 128 ascii abcdeabcdeabc
MRW55(if-wireless a)#transmit-key 1
MRW55(if-wireless a)#exit
MRW55#show interface wireless a
7-69
7-77
7-78
7-79
7-84
Wireless Interface Information
===========================================================
----------------Identification----------------------------Description
: Enterprise 802.11a Access Point
Service Type
: WDS Bridge
SSID
: MRW55
Turbo Mode
: OFF
Channel
: 36
Status
: Disable
----------------802.11 Parameters-------------------------Transmit Power
: FULL (15 dBm)
Max Station Data Rate
: 54Mbps
Fragmentation Threshold
: 2346 bytes
RTS Threshold
: 2347 bytes
Beacon Interval
: 100 TUs
DTIM Interval
: 2 beacons
Maximum Association
: 64 stations
----------------Security----------------------------------Encryption
: 128-BIT WEP ENCRYPTION
WEP Key type
: Alphanumeric
Default Transmit Key
: 1
Static Keys :
Key 1: *****
Key 2: EMPTY
Key 3: EMPTY
Key 4: EMPTY
===========================================================
MRW55#
Note: The index and length values used in the key command must be the same
values used in the encryption and transmit-key commands.
6-51
6
System Configuration
CLI Commands for AES Security – From the 802.11a interface configuration mode,
use the encryption command to enable AES encryption. To enter AES keys, use the
key command. To view the current security settings, use the show interface wireless
a command.
MRW55(config)#interface wireless a
Enter Wireless configuration commands, one per line.
MRW55(if-wireless a)#encryption wdsaes alphanumeric
MRW55(if-wireless a)#key wdsaes 1 agoodsecretkey
MRW55(if-wireless a)#exit
MRW55#show interface wireless a
7-69
7-77
7-78
7-84
Wireless Interface Information
===========================================================
----------------Identification----------------------------Description
: Enterprise 802.11a Access Point
Service Type
: WDS Bridge
SSID
: MRW55
Turbo Mode
: OFF
Channel
: 36
Status
: Disable
----------------802.11 Parameters-------------------------Transmit Power
: FULL (15 dBm)
Max Station Data Rate
: 54Mbps
Fragmentation Threshold
: 2346 bytes
RTS Threshold
: 2347 bytes
Beacon Interval
: 100 TUs
DTIM Interval
: 2 beacons
Maximum Association
: 64 stations
----------------Security----------------------------------Encryption
: 128-BIT AES ENCRYPTION
AES Key type
: Alphanumeric
===========================================================
MRW55#
Note: The key type value entered using the key command must be the same as the
type specified in the encryption command.
6-52
6
Radio Interface
Security (Access Point Mode)
A radio band set to access point mode is configured by default as an “open system,”
which broadcasts a beacon signal including the configured SSID. Wireless clients
can read the SSID from the beacon, and automatically reset their SSID to allow
immediate connection to the access point.
To improve wireless network security for access point operation, you have to
implement two main functions:
• Authentication: It must be verified that clients attempting to connect to the network
are authorized users.
• Traffic Encryption: Data passing between the access point and clients must be
protected from interception and evesdropping.
For a more secure network, the access point can implement one or a combination of
the following security mechanisms:
• Wired Equivalent Privacy (WEP) page 6-48
• IEEE 802.1X
page 6-12
• Wireless MAC address filtering
page 6-13
• Wi-Fi Protected Access (WPA)
page 6-59
The security mechanisms that may be employed depend on the level of security
required, the network and management resources available, and the software
support provided on wireless clients. A summary of wireless security considerations
is listed in the following table.
Security
Mechanism
Client Support
Implementation Considerations
WEP
Built-in support on all
802.11a and 802.11g
devices
• Provides only weak security
• Requires manual key management
WEP over
802.1X
Requires 802.1X client
support in system or by
add-in software
• Provides dynamic key rotation for
improved WEP security
• Requires configured RADIUS server
• 802.1X EAP type may require
management of digital certificates for
clients and server
(support provided in
Windows 2000 SP3 or
later and Windows XP)
MAC Address Uses the MAC address of
Filtering
client network card
• Provides only weak user authentication
• Management of authorized MAC
addresses
• Can be combined with other methods for
improved security
• Optionally configured RADIUS server
6-53
6
System Configuration
Security
Mechanism
Client Support
Implementation Considerations
WPA over
Requires WPA-enabled
802.1X Mode system and network card
driver
• Provides robust security in WPA-only
mode (i.e., WPA clients only)
• Offers support for legacy WEP clients, but
with increased security risk (i.e., WEP
(native support provided in
authentication keys disabled)
Windows XP)
• Requires configured RADIUS server
• 802.1X EAP type may require
management of digital certificates for
clients and server
WPA PSK
Mode
Requires WPA-enabled
system and network card
driver
• Provides good security in small networks
• Requires manual management of
pre-shared key
(native support provided in
Windows XP)
Note: Although a WEP static key is not needed for WEP over 802.1X, WPA over
802.1X, and WPA PSK modes, you must enable WEP encryption through the
web or CLI in order to enable all types of encryption in the access point.
Wired Equivalent Privacy (WEP)
WEP provides a basic level of security, preventing unauthorized access to the
network and encrypting data transmitted between wireless clients and the access
point. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric
strings) that are manually distributed to all clients that want to use the network.
WEP is the security protocol initially specified in the IEEE 802.11 standard for
wireless communications. Unfortunately, WEP has been found to be seriously
flawed and cannot be recommended for a high level of network security. For more
robust wireless security, the access point provides Wi-Fi Protected Access (WPA)
for improved data encryption and user authentication.
6-54
6
Radio Interface
Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy
(WEP) on the access point to prevent unauthorized access to the network.
If you choose to use WEP shared keys instead of an open system, be sure to define
at least one static WEP key for user authentication and data encryption. Also, be
sure that the WEP shared keys are the same for each client in the wireless network.
Authentication Type Setup – Sets the access point to communicate as an open
system that accepts network access attempts from any client, or with clients using
pre-configured static shared keys.
• Open System: Select this option if you plan to use WPA or 802.1X as a security
mechanism. If you don’t set up any other security mechanism on the access point,
the network has no protection and is open to all users. This is the default setting.
• Shared Key: Sets the access point to use WEP shared keys. If this option is
selected, you must configure at least one key on the access point and all clients.
Note: To use 802.1X on wireless clients requires a network card driver and 802.1X
client software that supports the EAP authentication type that you want to
use. Windows 2000 SP3 or later and Windows XP provide 802.1X client
support. Windows XP also provides native WPA support. Other systems
require additional client software to support 802.1X and WPA.
Data Encryption Setup – Enable or disable the access point to use WEP shared
keys for data encryption. If this option is selected, you must configure at least one
key on the access point and all clients. (Default: Disable)
Note: You must enable data encryption through the web or CLI in order to enable
all types of encryption (WEP, TKIP, and AES) in the access point.
6-55
6
System Configuration
Shared Key Setup – Select 64 Bit, 128 Bit, or 152 Bit key length. Note that the same
size of encryption key must be supported on all wireless clients. 152 Bit key length is
only supported on 802.11a radio. (Default: 128 Bit)
Key Type – Select the preferred method of entering WEP encryption keys on the
access point and enter up to four keys:
• Hexadecimal: Enter keys as 10 hexadecimal digits (0 to 9 and A to F) for 64 bit
keys, 26 hexadecimal digits for 128 bit keys, or 32 hexadecimal digits for 152 bit
keys (802.11a radio only).
• Alphanumeric: Enter keys as 5 alphanumeric characters for 64 bit keys, 13
alphanumeric characters for 128 bit keys, or 16 alphanumeric characters for 152
bit keys (802.11a radio only).
• Transmit Key Select: Selects the key number to use for encryption. If the clients
have all four keys configured to the same values, you can change the encryption
key to any of the four settings without having to update the client keys.
Note: Key index and type must match that configured on the clients.
6-56
6
Radio Interface
The configuration settings for WEP are summarized below:
WEP only
WEP over 802.1X
Authentication Type: Shared Key
WEP (encryption): Enable
WPA clients only: Disable
Multicast Cipher: WEP
Shared Key: 64/128/152
Key Type Hex: 10/26/32 characters
ASCII: 5/13/16 characters
Transmit Key: 1/2/3/4 (set index)
802.1X = Disabled1
MAC Authentication: Any setting2
Authentication Type: Open System
WEP (encryption): Enable
WPA clients only: Disable
Multicast Cipher: WEP
Shared Key: 64/128
802.1X = Required1
MAC Authentication: Disabled/Local2
1: See Authentication (page 6-11)
2: See Radius (page 6-7)
CLI Commands for static WEP Shared Key Security – From the 802.11a or 802.11g
interface configuration mode, use the authentication command to enable WEP
shared-key authentication and the encryption command to enable WEP encryption.
Use the multicast-cipher command to select WEP cipher type. To enter WEP keys,
use the key command, and then set one key as the transmit key using the
transmit-key command. Then disable 802.1X port authentication with the no
802.1X command. To view the current security settings, use the show interface
wireless a or show interface wireless g command.
MRW55(config)#interface wireless g
Enter Wireless configuration commands, one per line.
MRW55(if-wireless g)#authentication shared
MRW55(if-wireless g)#encryption 128
MRW55(if-wireless g)#multicast-cipher wep
MRW55(if-wireless g)#key 1 128 ascii abcdeabcdeabc
MRW55(if-wireless g)#transmit-key 1
MRW55(if-wireless g)#end
MRW55(config)#no 802.1X
MRW55(config)#end
MRW55#show interface wireless g
7-69
7-76
7-77
7-80
7-78
7-79
7-35
7-84
Wireless Interface Information
===========================================================
----------------Identification----------------------------Description
: Enterprise 802.11g Access Point
Service Type
: Access Point
SSID
: MRW55
Channel
: 5 (AUTO)
Status
: Disable
----------------802.11 Parameters-------------------------Transmit Power
: FULL (20 dBm)
Max Station Data Rate
: 54Mbps
Fragmentation Threshold
: 2346 bytes
RTS Threshold
: 2347 bytes
Beacon Interval
: 100 TUs
DTIM Interval
: 2 beacons
Maximum Association
: 64 stations
6-57
6
System Configuration
----------------Security----------------------------------Closed System
: DISABLED
Multicast cipher
: WEP
Unicast cipher
: TKIP
WPA clients
: SUPPORTED
WPA Key Mgmt Mode
: DYNAMIC
WPA PSK Key Type
: HEX
Encryption
: 128-BIT ENCRYPTION
Default Transmit Key
: 1
Static Keys :
Key 1: *****
Key 2: EMPTY
Key 3: EMPTY
Key 4: EMPTY
Authentication Type
: SHARED
===========================================================
MRW55#
Note: The index and length values used in the key command must be the same
values used in the encryption and transmit-key commands.
CLI Commands for WEP over 802.1X Security – From the 802.11a or 802.11g
interface configuration mode, use the authentication command to select open
system authentication. Use the multicast-cipher command to select WEP cipher
type. Then set 802.1X to required with 802.1X command, and disable MAC
authentication with the mac-authentication command. To view the current 802.11g
security settings, use the show interface wireless g command (not shown in
example).
MRW55(config)#interface wireless g
Enter Wireless configuration commands, one per line.
MRW55(if-wireless g)#authentication open
MRW55(if-wireless g)#encryption 128
MRW55(if-wireless g)#multicast-cipher wep
MRW55(if-wireless g)#end
MRW55(config)#802.1X required
MRW55(config)#no mac-authentication
MRW55(config)#
6-58
7-69
7-76
7-77
7-80
7-35
7-41
Radio Interface
6
Wi-Fi Protected Access (WPA)
WPA employs a combination of several technologies to provide an enhanced
security solution for 802.11 wireless networks.
The access point supports the following WPA components and features:
IEEE 802.1X and the Extensible Authentication Protocol (EAP): WPA employs
802.1X as its basic framework for user authentication and dynamic key
management. The 802.1X client and RADIUS server should use an appropriate EAP
type—such as EAP-TLS (Transport Layer Security), EAP-TTLS (Tunneled TLS), or
PEAP (Protected EAP)—for strongest authentication. Working together, these
protocols provide “mutual authentication” between a client, the access point, and a
RADIUS server that prevents users from accidentally joining a rogue network. Only
when a RADIUS server has authenticated a user’s credentials will encryption keys
be sent to the access point and client.
Note: To implement WPA on wireless clients requires a WPA-enabled network
card driver and 802.1X client software that supports the EAP authentication
type that you want to use. Windows XP provides native WPA support, other
systems require additional software.
Temporal Key Integrity Protocol (TKIP): WPA specifies TKIP as the data
encryption method to replace WEP. TKIP avoids the problems of WEP static keys by
dynamically changing data encryption keys. Basically, TKIP starts with a master
(temporal) key for each user session and then mathematically generates other keys
6-59
6
System Configuration
to encrypt each data packet. TKIP provides further data encryption enhancements
by including a message integrity check for each packet and a re-keying mechanism,
which periodically changes the master key.
WPA Pre-Shared Key (PSK) Mode: For enterprise deployment, WPA requires a
RADIUS authentication server to be configured on the wired network. However, for
small office networks that may not have the resources to configure and maintain a
RADIUS server, WPA provides a simple operating mode that uses just a pre-shared
password for network access. The Pre-Shared Key mode uses a common password
for user authentication that is manually entered on the access point and all wireless
clients. The PSK mode uses the same TKIP packet encryption and key
management as WPA in the enterprise, providing a robust and manageable
alternative for small networks.
Mixed WPA and WEP Client Support: WPA enables the access point to indicate its
supported encryption and authentication mechanisms to clients using its beacon
signal. WPA-compatible clients can likewise respond to indicate their WPA support.
This enables the access point to determine which clients are using WPA security
and which are using legacy WEP. The access point uses TKIP unicast data
encryption keys for WPA clients and WEP unicast keys for WEP clients. The global
encryption key for multicast and broadcast traffic must be the same for all clients,
therefore it restricts encryption to a WEP key.
When access is opened to both WPA and WEP clients, no authentication is
provided for the WEP clients through shared keys. To support authentication for
WEP clients in this mixed mode configuration, you can use either MAC
authentication or 802.1X authentication.
Advanced Encryption Standard (AES) Support: WPA specifies AES encryption
as an optional alternative to TKIP and WEP. AES provides very strong encryption
using a completely different ciphering algorithm to TKIP and WEP. The developing
IEEE 802.11i wireless security standard has specified AES as an eventual
replacement for TKIP and WEP. However, because of the difference in ciphering
algorithms, AES requires new hardware support in client network cards that is
currently not widely available. The access point includes AES support as a future
security enhancement.
The WPA configuration parameters are described below:
Authentication Type Setup – When using WPA, set the access point to communicate
as an open system to disable WEP keys.
Note: Although WEP keys are not needed for WPA, you must enable WEP
encryption through the web or CLI in order to enable all types of encryption in
the access point. For example, set Wired Equivalent Privacy (WEP) Setup to
“Enable” on the Security page.
WPA Configuration Mode – The access point can be configured to allow only
WPA-enabled clients to access the network, or also allow clients only capable of
supporting WEP.
6-60
Radio Interface
6
WPA Key Management – WPA can be configured to work in an enterprise
environment using IEEE 802.1X and a RADIUS server for user authentication. For
smaller networks, WPA can be enabled using a common pre-shared key for client
authentication with the access point.
• WPA authentication over 802.1X: The WPA enterprise mode that uses IEEE
802.1X to authenticate users and to dynamically distribute encryption keys to
clients.
• WPA Pre-shared Key: The WPA mode for small networks that uses a common
password string that is manually distributed. If this mode is selected, be sure to also
specify the key string.
Multicast Cipher Mode – Selects an encryption method for the global key used for
multicast and broadcast traffic, which is supported by all wireless clients.
• WEP: WEP is the first generation security protocol used to encrypt data crossing
the wireless medium using a fairly short key. Communicating devices must use the
same WEP key to encrypt and decrypt radio signals. WEP has many security flaws,
and is not recommended for transmitting highly-sensitive data.
• TKIP: TKIP provides data encryption enhancements including per-packet key
hashing (that is, changing the encryption key on each packet), a message integrity
check, an extended initialization vector with sequencing rules, and a re-keying
mechanism.
• AES: AES has been designated by the National Institute of Standards and
Technology as the successor to the Data Encryption Standard (DES) encryption
algorithm, and will be used by the U.S. government for encrypting all sensitive,
nonclassified information. Because of its strength, and resistance to attack, AES is
also being incorporated as part of the 802.11 standard.
WPA Pre-Shared Key Type – If the WPA pre-shared-key mode is used, all wireless
clients must be configured with the same key to communicate with the access point.
• Hexadecimal: Enter a key as a string of 64 hexadecimal numbers.
• Alphanumeric: Enter a key as an easy-to-remember form of letters and numbers.
The string must be from 8 to 63 characters, which can include spaces.
6-61
6
System Configuration
The configuration settings for WPA are summarized below:
WPA pre-shared key only
WPA over 802.1X
Authentication Type: Open System
WEP (encryption): Enable1
WPA clients only: Enable
WPA Mode: Pre-shared-key
Multicast Cipher: WEP/TKIP/AES2
WPA PSK Type Hex: 64 characters
ASCII: 8-63 characters
Shared Key: 64/128/152
802.1X = Disabled3
MAC Authentication: Disabled/Local4
Authentication Type: Open System
WEP (encryption): Enable1
WPA clients only: Enable
WPA Mode: WPA over 802.1X
Multicast Cipher: WEP/TKIP/AES2
Shared Key: 64/128/152
802.1X = Required3
MAC Authentication: Disabled/Local4
1: Although WEP keys are not needed for WPA, you must enable WEP encryption
through the web or CLI in order to enable all types of encryption in the access point.
For example, use the CLI encryption command to set Encryption = 64, 128 or 152,
thus enabling encryption (i.e., all types of encryption) in the access point.
2: Do not use WEP unless the access point must support both WPA and WEP clients.
3: See Authentication (page 6-11)
4: See Radius (page 6-7)
CLI Commands for WPA Pre-shared Key Security – From the 802.11a or 802.11g
interface configuration mode, use the authentication command to set the access
point to “Open System.” Use the WEP encryption command to enable all types of
encryption. To enable WPA to be required for all clients, use the wpa-clients
command. Use the wpa-mode command to enable the Pre-shared Key mode. To
enter a key value, use the wpa-psk-type command to specify a hexadecimal or
alphanumeric key, and then use the wpa-preshared-key command to define the
key. Then disable 802.1X and MAC authentication. To view the current 802.11g
security settings, use the show interface wireless a or show interface wireless g
command (not shown in example).
AP(config)#interface wireless g
Enter Wireless configuration commands, one per line.
AP(if-wireless g)#authentication open
AP(if-wireless g)#encryption 128
AP(if-wireless g)#wpa-clients required
AP(if-wireless g)#wpa-mode pre-shared-key
AP(if-wireless g)#wpa-psk-type alphanumeric
AP(if-wireless g)#wpa-preshared-key ASCII asecret
AP(if-wireless g)#end
AP(config)#no 802.1X
AP(config)#no mac-authentication
7-69
7-76
7-77
7-81
7-82
7-83
7-82
7-35
7-41
CLI Commands for WPA over 802.1X Security – From the 802.11a or 802.11g
interface configuration mode, use the authentication command to set the access
point to “Open System.” Use the WEP encryption command to enable all types of
encryption. Use the wpa-clients command to set WPA to be required or supported
for clients. Use the wpa-mode command to enable WPA dynamic keys over 802.1X.
Set the broadcast and multicast key encryption using the multicast-cipher
command. Then set 802.1X to required, and disable MAC authentication. To view
6-62
6
Status Information
the current 802.11g security settings, use the show interface wireless g command
(not shown in example).
AP(config)#interface wireless g
Enter Wireless configuration commands, one per line.
AP(if-wireless g)#authentication open
AP(if-wireless g)#encryption 128
AP(if-wireless g)#wpa-clients required
AP(if-wireless g)#wpa-mode dynamic
AP(if-wireless g)#multicast-cipher TKIP
AP(if-wireless g)#end
AP(config)#802.required
AP(config)#no mac-authentication
7-69
7-76
7-77
7-81
7-82
7-80
7-35
7-41
Status Information
The Status page includes information on the following items:
Menu
Description
Page
AP Status
Displays configuration settings for the basic system and the wireless
interfaces
6-64
Station Status
Shows wireless clients currently associated with the access point
6-66
Event Logs
Shows log messages stored in memory
6-68
6-63
6
System Configuration
AP Status
The AP Status window displays basic system configuration settings, as well as the
settings for the wireless interfaces.
AP System Configuration – The AP System Configuration table displays the basic
system configuration settings:
• System Up Time: Length of time the management agent has been up.
• MAC Address: The physical layer address for this device.
• System Name: Name assigned to this system.
• System Contact: Administrator responsible for the system.
• IP Address: IP address of the management interface for this device.
• IP Default Gateway: IP address of the gateway router between this device and
management stations that exist on other network segments.
• HTTP Server: Shows if management access via HTTP is enabled.
• HTTP Server Port: Shows the TCP port used by the HTTP interface.
• Version: Shows the version number for the runtime code.
AP Wireless Configuration – The AP Wireless Configuration table displays the
wireless interface settings listed below. Note that Radio A refers to the 802.11a
interface and Radio G to the 802.11b/g interface.
• Network Name (SSID): The service set identifier for this wireless group.
• Radio Channel: The radio channel currently used on the wireless bridge.
6-64
6
Status Information
• Radio Encryption: The key size used for data encryption.
• Radio Authentication Type: Shows the bridge is set as an open system.
• 802.1X: Shows if IEEE 802.1X access control for wireless clients is enabled.
CLI Commands for Displaying System Settings – To view the current wireless bridge
system settings, use the show system command from the Exec mode. To view the
current radio interface settings, use the show interface wireless a command (see
page 7-84).
MRW55#show system
System Information
============================================================
Serial Number
: .
System Up time
: 0 days, 5 hours, 2 minutes, 4 seconds
System Name
: MRW55 Wireless Outdoor Bridge/AP
System Location
:
System Contact
: Contact
System Country Code : US - UNITED STATES
MAC Address
: 00-20-1A-20-54-23
IP Address
: 192.168.1.1
Subnet Mask
: 255.255.255.0
Default Gateway
: 0.0.0.0
VLAN State
: DISABLED
Native VLAN ID
: 1
IAPP State
: ENABLED
DHCP Client
: ENABLED
HTTP Server
: ENABLED
HTTP Server Port
: 80
Slot Status
: Dual band(a/g)
Software Version
: v1.1.3.4B05
============================================================
MRW55#
7-15
6-65
6
System Configuration
Station Status
The Station Status window shows wireless clients currently associated with the
access point.
The Station Status page displays basic connection information for all associated
stations. Note that this page is automatically refreshed every five seconds.
• Station Address: The MAC address of the remote wireless bridge.
• Authenticated: Shows if the station has been authenticated. The two basic
methods of authentication supported for 802.11 wireless networks are “open
system” and “shared key.” Open-system authentication accepts any client
attempting to connect to the access point without verifying its identity. The
shared-key approach uses Wired Equivalent Privacy (WEP) to verify client identity
by distributing a shared key to stations before attempting authentication.
• Associated: Shows if the station has been successfully associated with the access
point.
• Forwarding Allowed: Shows if the station has passed authentication and is now
allowed to forward traffic.
• Key Type: Displays one of the following:
- Disabled: The client is not using Wired Equivalent Privacy (WEP) encryption
keys.
- Dynamic: The client is using Wi-Fi Protected Access (802.1X or pre-shared key
mode) or using 802.1X authentication with dynamic keying.
- Static: The client is using static WEP keys for encryption.
CLI Commands for Displaying Station Information – To view status of clients
currently associated with the access point, use the show station command from the
Exec mode.
6-66
6
Status Information
MRW55#show station
7-85
Station Table Information
===========================================================
802.11a Channel : 56
No 802.11a Channel Stations.
802.11g Channel : 11
802.11g Channel Station Table
Station Address
: 00-04-E2-41-C2-9D VLAN ID: 0
Authenticated Associated
Forwarding
KeyType
TRUE
TRUE
TRUE
NONE
Counters:pkts
Tx
/
Rx
bytes
Tx
/
Rx
4/
0
1440/
0
Time:Associated LastAssoc
LastDisAssoc LastAuth
143854
0
0
0
===========================================================
MRW55#
6-67
6
System Configuration
Event Logs
The Event Logs window shows the log messages generated by the wireless bridge
and stored in memory.
The Event Logs table displays the following information:
• Log Time: The time the log message was generated.
• Event Level: The logging level associated with this message. For a description of
the various levels, see “logging level” on page 6-27.
• Event Message: The content of the log message.
CLI Commands for Displaying the Event Logs – From the global configuration mode,
use the show logging command.
MRW55#show loggging
Logging Information
============================================
Syslog State
: Enabled
Logging Host State
: Enabled
Logging Console State
: Enabled
Server Domain name/IP
: 192.168.1.19
Logging Level
: Alert
Logging Facility Type
: 16
=============================================
MRW55#
6-68
7-19
Chapter 7: Command Line Interface
Using the Command Line Interface
Accessing the CLI
When accessing the management interface for the wireless bridge via a Telnet
connection, the wireless bridge can be managed by entering command keywords
and parameters at the prompt. Using the wireless bridge’s command-line interface
(CLI) is very similar to entering commands on a UNIX system.
Telnet Connection
Telnet operates over the IP transport protocol. In this environment, your
management station and any network device you want to manage over the network
must have a valid IP address. Valid IP addresses consist of four decimal numbers, 0
to 255, separated by periods. Each address consists of a network portion and host
portion. For example, if the wireless bridge cannot acquire an IP address from a
DHCP server, the default IP address used by the wireless bridge, 192.168.1.1,
consists of a network portion (192.168.1) and a host portion (1).
To access the wireless bridge through a Telnet session, you must first set the IP
address for the wireless bridge, and set the default gateway if you are managing the
wireless bridge from a different IP subnet. For example:
MRW55##configure
MRW55#(config)#interface ethernet
MRW55#(if-ethernet)#ip address 10.1.0.1 255.255.255.0 10.1.0.254
MRW55#(if-ethernet)#
After you configure the wireless bridge with an IP address, you can open a Telnet
session by performing these steps.
1.
From the remote host, enter the Telnet command and the IP address of the
device you want to access.
2.
At the prompt, enter the user name and system password. The CLI will display
the “MRW55##” prompt to show that you are using executive access mode (i.e.,
Exec).
3.
Enter the necessary commands to complete your desired tasks.
4.
When finished, exit the session with the “quit” or “exit” command.
After entering the Telnet command, the login screen displays:
Username: admin
Password: admin
MRW55##
Note: You can open up to four sessions to the device via Telnet.
7-1
7
Command Line Interface
Entering Commands
This section describes how to enter CLI commands.
Keywords and Arguments
A CLI command is a series of keywords and arguments. Keywords identify a
command, and arguments specify configuration parameters. For example, in the
command “show interface ethernet,” show and interface are keywords, and
ethernet is an argument that specifies the interface type.
You can enter commands as follows:
• To enter a simple command, enter the command keyword.
• To enter commands that require parameters, enter the required parameters after
the command keyword. For example, to set a password for the administrator,
enter:
MRW55#(config)#username smith
Minimum Abbreviation
The CLI will accept a minimum number of characters that uniquely identify a
command. For example, the command “configure” can be entered as con. If an
entry is ambiguous, the system will prompt for further input.
Command Completion
If you terminate input with a Tab key, the CLI will print the remaining characters of a
partial keyword up to the point of ambiguity. In the “configure” example, typing con
followed by a tab will result in printing the command up to “configure.”
Getting Help on Commands
You can display a brief description of the help system by entering the help
command. You can also display command syntax by following a command with the
“?” character to list keywords or parameters.
Showing Commands
If you enter a “?” at the command prompt, the system will display the first level of
keywords for the current configuration mode (Exec, Global Configuration, or
7-2
Entering Commands
7
Interface). You can also display a list of valid keywords for a specific command. For
example, the command “show ?” displays a list of possible show commands:
Outdoor Bridge#show ?
authentication
Show Authentication parameters
bootfile
Show bootfile name
bridge
Show bridge table
filters
Show filters
hardware
Show hardware version
history
Display the session history
interface
Show interface information
line
TTY line information
logging
Show the logging buffers
memory-allocation Show memory allocation
pppoe
Show PPPoE parameters
radius
Show radius server
snmp
Show snmp statistics
sntp
Show sntp statistics
station
Show 802.11 station table
system
Show system information
version
Show system version
wds
Show wds table
MRW55##showMRW55##show ?
The command “show interface ?” will display the following information:
MRW55##show
ethernet
wireless
<cr>
MRW55##show
interface ?
Show Ethernet interface
Show wireless interface
interface
Partial Keyword Lookup
If you terminate a partial keyword with a question mark, alternatives that match the
initial letters are provided. (Remember not to leave a space between the command
and question mark.) For example “s?” shows all the keywords starting with “s.”
MRW55##show s?
snmp
sntp
MRW55##show s
station
system
Negating the Effect of Commands
For many configuration commands you can enter the prefix keyword “no” to cancel
the effect of a command or reset the configuration to the default value. For example,
the logging command will log system messages to a host server. To disable
logging, specify the no logging command. This guide describes the negation effect
for all applicable commands.
Using Command History
The CLI maintains a history of commands that have been entered. You can scroll
back through the history of commands by pressing the up arrow key. Any command
displayed in the history list can be executed again, or first modified and then
executed.
7-3
7
Command Line Interface
Using the show history command displays a longer list of recently executed
commands.
Understanding Command Modes
The command set is divided into Exec and Configuration classes. Exec commands
generally display information on system status or clear statistical counters.
Configuration commands, on the other hand, modify interface parameters or enable
certain functions. These classes are further divided into different modes. Available
commands depend on the selected mode. You can always enter a question mark “?”
at the prompt to display a list of the commands available for the current mode. The
command classes and associated modes are displayed in the following table:
Class
Mode
Exec
Privileged
Configuration
Global
Interface-ethernet
Interface-wireless
Exec Commands
When you open a new console session on wireless bridge, the system enters Exec
command mode. Only a limited number of the commands are available in this mode.
You can access all other commands only from the configuration mode. To access
Exec mode, open a new console session with the user name “admin.” The
command prompt displays as “MRW55##” for Exec mode.
Username: admin
Password: [system login password]
MRW55##
Configuration Commands
Configuration commands are used to modify wireless bridge settings. These
commands modify the running configuration and are saved in memory.
The configuration commands are organized into three different modes:
• Global Configuration - These commands modify the system level configuration,
and include commands such as username and password.
• Interface-Ethernet Configuration - These commands modify the Ethernet port
configuration, and include command such as dns and ip.
• Interface-Wireless Configuration - These commands modify the wireless port
configuration, and include command such as channel and encryption.
To enter the Global Configuration mode, enter the command configure in Exec
mode. The system prompt will change to “MRW55#(config)#” which gives you
access privilege to all Global Configuration commands.
MRW55##configure
MRW55#(config)#
7-4
Entering Commands
7
To enter Interface mode, you must enter the “interface ethernet” or “interface
wireless a” command while in Global Configuration mode. The system prompt will
change to “MRW55#(if-ethernet)#,” or “MRW55#(if-wireless a)” indicating that you
have access privileges to the associated commands. You can use the end
command to return to the Exec mode.
MRW55#(config)#interface ethernet
MRW55#(if-ethernet)#
Command Line Processing
Commands are not case sensitive. You can abbreviate commands and parameters
as long as they contain enough letters to differentiate them from any other currently
available commands or parameters. You can use the Tab key to complete partial
commands, or enter a partial command followed by the “?” character to display a list
of possible matches. You can also use the following editing keystrokes for
command-line processing:
Keystroke
Function
Ctrl-A
Shifts cursor to start of command line.
Ctrl-B
Shifts cursor to the left one character.
Ctrl-C
Terminates a task and displays the command prompt.
Ctrl-E
Shifts cursor to end of command line.
Ctrl-F
Shifts cursor to the right one character.
Ctrl-K
Deletes from cursor to the end of the command line.
Ctrl-L
Repeats current command line on a new line.
Ctrl-N
Enters the next command line in the history buffer.
Ctrl-P
Shows the last command.
Ctrl-R
Repeats current command line on a new line.
Ctrl-U
Deletes the entire line.
Ctrl-W
Deletes the last word typed.
Esc-B
Moves the cursor backward one word.
Esc-D
Deletes from the cursor to the end of the word.
Esc-F
Moves the cursor forward one word.
Delete key or
backspace key
Erases a mistake when entering a command.
7-5
7
Command Line Interface
Command Groups
The system commands can be broken down into the functional groups shown below.
Command Group
Description
General
Basic commands for entering configuration mode, restarting the system,
or quitting the CLI
Page
System Management
Controls user name, password, browser management options, and a
variety of other system information
7-10
System Logging
Configures system logging parameters
7-16
System Clock
Configures SNTP and system clock settings
7-20
SNMP
Configures community access strings and trap managers
7-24
Flash/File
Manages code image or wireless bridge configuration files
7-28
RADIUS
Configures the RADIUS client used with 802.1x authentication
7-31
Authentication
Configures IEEE 802.1x port access control and address filtering
7-35
WDS
Configures the Wireless Distribution System forwarding table
7-42
Bridge
Configures MAC address table aging time settings and spanning tree
parameters
7-46
Filtering
Filters access to the management interface from wireless nodes, and
filters traffic using specific Ethernet protocol types
7-53
PPPoE
Configures parameters for a PPPoE management tunnel on the Ethernet
interface
7-56
Ethernet Interface
Configures connection parameters for the Ethernet interface
7-63
Wireless Interface
Configures connection parameters for the wireless interface
7-68
IAPP
Enables roaming between multi-vendor access points
7-86
VLANs
Configures VLAN support
7-86
7-6
The access mode shown in the following tables is indicated by these abbreviations:
GC (Global Configuration), IC-E (Ethernet Interface Configuration), and IC-W
(Wireless Interface Configuration).
General Commands
Command
Function
Mode
configure
Activates global configuration mode
Exec
7-7
end
Returns to the previous configuration mode
GC, IC
7-7
exit
Returns to Exec mode, or exits the CLI
any
ping
Sends ICMP echo request packets to another node on the network Exec
7-8
reset
Restarts the system
7-9
show history
Shows the command history buffer
Exec
7-9
show line
Shows the configuration settings for the console port
Exec
7-10
7-6
Exec
Page
7-7
General Commands
7
configure
This command activates Global Configuration mode. You must enter this mode to
modify most of the settings on the wireless bridge. You must also enter Global
Configuration mode prior to enabling the context modes for Interface Configuration.
See “Using the Command Line Interface” on page 1.
Default Setting
None
Command Mode
Exec
Example
MRW55##configure
MRW55#(config)#
Related Commands
end (7-7)
end
This command returns to the previous configuration mode.
Default Setting
None
Command Mode
Global Configuration, Interface Configuration
Example
This example shows how to return to the Configuration mode from the Interface
Configuration mode:
MRW55#(if-ethernet)#end
MRW55#(config)#
exit
This command returns to the Exec mode or exits the configuration program.
Default Setting
None
Command Mode
Any
7-7
7
Command Line Interface
Example
This example shows how to return to the Exec mode from the Interface
Configuration mode, and then quit the CLI session:
MRW55#(if-ethernet)#exit
MRW55##exit
CLI session with the wireless bridge is now closed
Username:
ping
This command sends ICMP echo request packets to another node on the network.
Syntax
ping <host_name | ip_address>
• host_name - Alias of the host.
• ip_address - IP address of the host.
Default Setting
None
Command Mode
Exec
Command Usage
• Use the ping command to see if another site on the network can be
reached.
• The following are some results of the ping command:
- Normal response - The normal response occurs in one to ten seconds,
depending on network traffic.
- Destination does not respond - If the host does not respond, a “timeout”
appears in ten seconds.
- Destination unreachable - The gateway for this destination indicates that
the destination is unreachable.
- Network or host unreachable - The gateway found no corresponding
entry in the route table.
• Press <Esc> to stop pinging.
Example
MRW55##ping 10.1.0.19
192.168.1.19 is alive
MRW55##
7-8
General Commands
7
reset
This command restarts the system or restores the factory default settings.
Syntax
reset <board | configuration>
• board - Reboots the system.
• configuration - Resets the configuration settings to the factory defaults,
and then reboots the system.
Default Setting
None
Command Mode
Exec
Command Usage
When the system is restarted, it will always run the Power-On Self-Test.
Example
This example shows how to reset the system:
MRW55##reset board
Reboot system now? <y/n>: y
show history
This command shows the contents of the command history buffer.
Default Setting
None
Command Mode
Exec
Command Usage
• The history buffer size is fixed at 10 commands.
• Use the up or down arrow keys to scroll through the commands in the
history buffer.
Example
In this example, the show history command lists the contents of the command
history buffer:
MRW55##show history
config
exit
show history
MRW55##
7-9
7
Command Line Interface
show line
This command displays the console port’s configuration settings.
Command Mode
Exec
Example
The console port settings are fixed at the values shown below.
MRW55##show line
Console Line Information
======================================================
databits
: 8
parity
: none
speed
: 9600
stop bits : 1
======================================================
MRW55##
System Management Commands
These commands are used to configure the user name, password, browser
management options, and a variety of other system information.
Command
Function
Mode
Page
Sets the wireless bridge country code for correct radio
operation
Exec
7-11
prompt
Customizes the command line prompt
GC
7-12
system name
Specifies the host name for the wireless bridge
GC
7-12
snmp-server contact
Sets the system contact string
GC
7-25
snmp-server location
Sets the system location string
GC
7-27
Country Setting
country
Device Designation
User Access
username
Configures the user name for management access
GC
7-13
password
Specifies the password for management access
GC
7-13
ip http port
Specifies the port to be used by the web browser interface
GC
7-14
ip http server
Allows the wireless bridge to be monitored or configured from GC
a browser
7-14
Web Server
System Status
show system
Displays system information
Exec
7-15
show version
Displays version information for the system
Exec
7-15
7-10
7
System Management Commands
country
This command configures the wireless bridge’s country code, which identifies the
country of operation and sets the authorized radio channels.
Syntax
country <country_code>
country_code - A two character code that identifies the country of
operation. See the following table for a full list of codes.
Country
Code
Country
Code
Country
Code
Country
Code
Albania
AL
Dominican
Republic
DO
Kuwait
KW
Romania
RO
Algeria
DZ
Ecuador
EC
Latvia
LV
Russia
RU
Argentina
AR
Egypt
EG
Lebanon
LB
Saudi Arabia
SA
SG
Armenia
AM
Estonia
EE
Liechtenstein
LI
Singapore
Australia
AU
Finland
FI
Lithuania
LT
Slovak Republic SK
Austria
AT
France
FR
Luxembourg
LU
Slovenia
SI
Azerbaijan
AZ
Georgia
GE
Macao
MO
South Africa
ZA
Bahrain
BH
Germany
DE
Macedonia
MK
Spain
ES
Belarus
BY
Greece
GR
Malaysia
MY
Sweden
SE
Belgium
BE
Guatemala
GT
Mexico
MX
Switzerland
CH
Belize
BZ
Hong Kong
HK
Monaco
MC
Syria
SY
Bolivia
BO
Hungary
HU
Morocco
MA
Taiwan
TW
Brazil
BR
Iceland
IS
Netherlands
NL
Thailand
TH
Brunei
Darussalam
BN
India
IN
New Zealand
NZ
Turkey
TR
Bulgaria
BG
Indonesia
ID
Norway
NO
Ukraine
UA
Canada
CA
Iran
IR
Oman
OM
United Arab
Emirates
AE
Chile
CL
Ireland
IE
Pakistan
PK
United Kingdom GB
China
CN
Israel
IL
Panama
PA
United States
US
Colombia
CO
Italy
IT
Peru
PE
Uruguay
UY
Costa Rica
CR
Japan
JP
Philippines
PH
Venezuela
VE
Croatia
HR
Jordan
JO
Poland
PL
Vietnam
VN
Cyprus
CY
Kazakhstan
KZ
Portugal
PT
Czech
Republic
CZ
North Korea
KP
Puerto Rico
PR
Denmark
DK
Korea
Republic
KR
Qatar
QA
7-11
7
Command Line Interface
Default Setting
US - for units sold in the United States
99 (no country set) - for units sold in other countries
Command Mode
Exec
Command Usage
• If you purchased an wireless bridge outside of the United States, the
country code must be set before radio functions are enabled.
• The available Country Code settings can be displayed by using the country
? command.
Example
MRW55##country us
MRW55##
prompt
This command customizes the CLI prompt. Use the no form to restore the default
prompt.
Syntax
prompt string
no prompt
string - Any alphanumeric string to use for the CLI prompt.
(Maximum length: 255 characters)
Default Setting
MRW55#
Command Mode
Global Configuration
Example
MRW55#(config)#prompt RD2
RD2(config)#
system name
This command specifies or modifies the system name for this device. Use the no
form to restore the default system name.
Syntax
system name name
no system name
name - The name of this host.
(Maximum length: 32 characters)
7-12
System Management Commands
7
Default Setting
Outdoor Bridge
Command Mode
Global Configuration
Example
MRW55#(config)#system name bridge-link
MRW55#(config)#
username
This command configures the user name for management access.
Syntax
username name
name - The name of the user.
(Length: 3-16 characters, case sensitive)
Default Setting
admin
Command Mode
Global Configuration
Example
MRW55#(config)#username bob
MRW55#(config)#
password
After initially logging onto the system, you should set the password. Remember to
record it in a safe place. Use the no form to reset the default password.
Syntax
password password
no password
password - Password for management access.
(Length: 3-16 characters, case sensitive)
Default Setting
admin
Command Mode
Global Configuration
7-13
7
Command Line Interface
Example
MRW55#(config)#password bridgelink
MRW55#(config)#
ip http port
This command specifies the TCP port number used by the web browser interface.
Use the no form to use the default port.
Syntax
ip http port port-number
no ip http port
port-number - The TCP port to be used by the browser interface.
(Range: 1024-65535)
Default Setting
80
Command Mode
Global Configuration
Example
MRW55#(config)#ip http port 1143
MRW55#(config)#
Related Commands
ip http server (7-14)
ip http server
This command allows this device to be monitored or configured from a browser. Use
the no form to disable this function.
Syntax
ip http server
no ip http server
Default Setting
Enabled
Command Mode
Global Configuration
7-14
System Management Commands
7
Example
MRW55#(config)#ip http server
MRW55#(config)#
Related Commands
ip http port (7-14)
show system
This command displays basic system configuration settings.
Default Setting
None
Command Mode
Exec
Example
MRW55##show system
System Information
===========================================================
Serial Number
: 0000000000
System Up time
: 0 days, 0 hours, 33 minutes, 45 seconds
System Name
: MRW55 Wireless Outdoor Bridge/AP
System Location
:
System Contact
: Contact
System Country Code : 99 - NO_COUNTRY_SET
MAC Address
: 00-20-1A-20-54-23
IP Address
: 192.168.1.1
Subnet Mask
: 255.255.255.0
Default Gateway
: 0.0.0.0
VLAN State
: DISABLED
Native VLAN ID
: 1
IAPP State
: ENABLED
DHCP Client
: DISABLED
HTTP Server
: ENABLED
HTTP Server Port
: 80
Slot Status
: Dual band(a/g)
Software Version
: v1.1.3.4B05
===========================================================
MRW55##
show version
This command displays the software version for the system.
Default Setting
None
Command Mode
Exec
7-15
7
Command Line Interface
Example
MRW55##show version
Version v1.1.2.1B05
MRW55##
System Logging Commands
These commands are used to configure system logging on the wireless bridge.
Command
Function
Mode
Page
logging on
Controls logging of error messages
GC
7-16
logging host
Adds a syslog server host IP address that will receive logging GC
messages
7-17
logging console
Initiates logging of error messages to the console
GC
7-17
logging level
Defines the minimum severity level for event logging
GC
7-18
logging facility-type
Sets the facility type for remote logging of syslog messages
GC
7-18
show logging
Displays the state of logging
Exec
7-19
logging on
This command controls logging of error messages; i.e., sending debug or error
messages to memory. The no form disables the logging process.
Syntax
logging on
no logging on
Default Setting
None
Command Mode
Global Configuration
Command Usage
The logging process controls error messages saved to memory. You can use
the logging level command to control the type of error messages that are
stored in memory.
Example
MRW55#(config)#logging on
MRW55#(config)#
7-16
7
System Logging Commands
logging host
This command specifies a syslog server host that will receive logging messages.
Use the no form to remove syslog server host.
Syntax
logging host <host_name | host_ip_address>
no logging host
• host_name - The name of a syslog server.
(Range: 1-20 characters)
• host_ip_address - The IP address of a syslog server.
Default Setting
None
Command Mode
Global Configuration
Example
MRW55#(config)#logging host 10.1.0.3
MRW55#(config)#
logging console
This command initiates logging of error messages to the console. Use the no form
to disable logging to the console.
Syntax
logging console
no logging console
Default Setting
Disabled
Command Mode
Global Configuration
7-17
7
Command Line Interface
Example
MRW55#(config)#logging console
MRW55#(config)#
logging level
This command sets the minimum severity level for event logging.
Syntax
logging level <Emergency | Alert | Critical | Error | Warning | Notice |
Informational | Debug>
Default Setting
Error
Command Mode
Global Configuration
Command Usage
Messages sent include the selected level down to the Emergency level.
Level Argument
Description
Emergency
System unusable
Alert
Immediate action needed
Critical
Critical conditions (e.g., memory allocation, or free memory error resource exhausted)
Error
Error conditions (e.g., invalid input, default used)
Warning
Warning conditions (e.g., return false, unexpected return)
Notice
Normal but significant condition, such as cold start
Informational
Informational messages only
Debug
Debugging messages
Example
MRW55#(config)#logging level alert
MRW55#(config)#
logging facility-type
This command sets the facility type for remote logging of syslog messages.
Syntax
logging facility-type <type>
type - A number that indicates the facility used by the syslog server to
dispatch log messages to an appropriate service. (Range: 16-23)
Default Setting
16
7-18
System Logging Commands
7
Command Mode
Global Configuration
Command Usage
The command specifies the facility type tag sent in syslog messages. (See
RFC 3164.) This type has no effect on the kind of messages reported by the
wireless bridge. However, it may be used by the syslog server to sort
messages or to store messages in the corresponding database.
Example
MRW55#(config)#logging facility 19
MRW55#(config)#
show logging
This command displays the logging configuration.
Syntax
show logging
Command Mode
Exec
Example
MRW55##show logging
Logging Information
============================================
Syslog State
: Disabled
Logging Host State
: Enabled
Logging Console State
: Disabled
Server Domain name/IP
: none
Logging Level
: Error
Logging Facility Type
: 16
=============================================
MRW55##
7-19
7
Command Line Interface
System Clock Commands
These commands are used to configure SNTP and system clock settings on the
wireless bridge.
Command
Function
Mode
sntp-server ip
Specifies one or more time servers
GC
Page
7-20
sntp-server enable
Accepts time from the specified time servers
GC
7-21
sntp-server date-time
Manually sets the system date and time
GC
7-21
sntp-server
daylight-saving
Sets the start and end dates for daylight savings time
GC
7-22
sntp-server timezone
Sets the time zone for the wireless bridge’s internal clock
GC
7-22
show sntp
Shows current SNTP configuration settings
Exec
7-23
sntp-server ip
This command sets the IP address of the servers to which SNTP time requests are
issued. Use the this command with no arguments to clear all time servers from the
current list.
Syntax
sntp-server ip <1 | 2> <ip>
• 1 - First time server.
• 2 - Second time server.
• ip - IP address of an time server (NTP or SNTP).
Default Setting
137.92.140.80
192.43.244.18
Command Mode
Global Configuration
Command Usage
When SNTP client mode is enabled using the sntp-server enable command,
the sntp-server ip command specifies the time servers from which the
wireless bridge polls for time updates. The wireless bridge will poll the time
servers in the order specified until a response is received.
Example
MRW55#(config)#sntp-server ip 10.1.0.19
MRW55##
Related Commands
sntp-server enable (7-21)
show sntp (7-23)
7-20
System Clock Commands
7
sntp-server enable
This command enables SNTP client requests for time synchronization with NTP or
SNTP time servers specified by the sntp-server ip command. Use the no form to
disable SNTP client requests.
Syntax
sntp-server enable
no sntp-server enable
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
The time acquired from time servers is used to record accurate dates and
times for log events. Without SNTP, the wireless bridge only records the time
starting from the factory default set at the last bootup (i.e., 00:14:00,
January 1, 1970).
Example
MRW55#(config)#sntp-server enable
MRW55#(config)#
Related Commands
sntp-server ip (7-20)
show sntp (7-23)
sntp-server date-time
This command sets the system clock.
Default Setting
00:14:00, January 1, 1970
Command Mode
Global Configuration
Example
This example sets the system clock to 17:37 June 19, 2003.
MRW55##sntp-server date-time
Enter Year<1970-2100>: 2003
Enter Month<1-12>: 6
Enter Day<1-31>: 19
Enter Hour<0-23>: 17
Enter Min<0-59>: 37
MRW55##
7-21
7
Command Line Interface
Related Commands
sntp-server enable (7-21)
sntp-server daylight-saving
This command sets the start and end dates for daylight savings time. Use the no
form to disable daylight savings time.
Syntax
sntp-server daylight-saving
no sntp-server daylight-saving
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
The command sets the system clock back one hour during the specified
period.
Example
This sets daylight savings time to be used from July 1st to September 1st.
MRW55#(config)#sntp-server daylight-saving
Enter Daylight saving from which month<1-12>: 6
and which day<1-31>: 1
Enter Daylight saving end to which month<1-12>: 9
and which day<1-31>: 1
MRW55#(config)#
sntp-server timezone
This command sets the time zone for the wireless bridge’s internal clock.
Syntax
sntp-server timezone <hours>
hours - Number of hours before/after UTC.
(Range: -12 to +12 hours)
Default Setting
None
Command Mode
Global Configuration
7-22
7
System Clock Commands
Command Usage
This command sets the local time zone relative to the Coordinated Universal
Time (UTC, formerly Greenwich Mean Time or GMT), based on the earth’s
prime meridian, zero degrees longitude. To display a time corresponding to
your local time, you must indicate the number of hours and minutes your time
zone is east (before) or west (after) of UTC.
Example
MRW55#(config)#sntp-server timezone +8
MRW55#(config)#
show sntp
This command displays the current time and configuration settings for the SNTP
client.
Command Mode
Exec
Example
MRW55##show sntp
SNTP Information
=========================================================
Service State
: Enabled
SNTP (server 1) IP
: 137.92.140.80
SNTP (server 2) IP
: 192.43.244.18
Current Time
: 08 : 04, Jun 20th, 2003
Time Zone
: +8 (TAIPEI, BEIJING)
Daylight Saving
: Enabled, from Jun, 1st to Sep, 1st
=========================================================
MRW55##
7-23
7
Command Line Interface
SNMP Commands
Controls access to this wireless bridge from management stations using the Simple
Network Management Protocol (SNMP), as well as the hosts that will receive trap
messages.
Command
Function
Mode
Page
snmp-server community Sets up the community access string to permit access to
SNMP commands
GC
7-24
snmp-server contact
Sets the system contact string
GC
7-25
snmp-server enable
server
Enables SNMP service and traps
GC
7-25
snmp-server host
Specifies the recipient of an SNMP notification operation
GC
7-26
snmp-server location
Sets the system location string
GC
7-27
show snmp
Displays the status of SNMP communications
Exec
7-27
snmp-server community
This command defines the community access string for the Simple Network
Management Protocol. Use the no form to remove the specified community string.
Syntax
snmp-server community string [ro | rw]
no snmp-server community string
• string - Community string that acts like a password and permits access to
the SNMP protocol. (Maximum length: 23 characters, case sensitive)
• ro - Specifies read-only access. Authorized management stations are only
able to retrieve MIB objects.
• rw - Specifies read/write access. Authorized management stations are able
to both retrieve and modify MIB objects.
Default Setting
• public - Read-only access. Authorized management stations are only able
to retrieve MIB objects.
• private - Read/write access. Authorized management stations are able to
both retrieve and modify MIB objects.
Command Mode
Global Configuration
Command Usage
If you enter a community string without the ro or rw option, the default is read
only.
Example
MRW55#(config)#snmp-server community alpha rw
MRW55#(config)#
7-24
7
SNMP Commands
snmp-server contact
This command sets the system contact string. Use the no form to remove the
system contact information.
Syntax
snmp-server contact string
no snmp-server contact
string - String that describes the system contact. (Maximum length: 255
characters)
Default Setting
Contact
Command Mode
Global Configuration
Example
MRW55#(config)#snmp-server contact Paul
MRW55#(config)#
Related Commands
snmp-server location (7-27)
snmp-server enable server
This command enables SNMP management access and also enables this device to
send SNMP traps (i.e., notifications). Use the no form to disable SNMP service and
trap messages.
Syntax
snmp-server enable server
no snmp-server enable server
Default Setting
Enabled
Command Mode
Global Configuration
Command Usage
• This command enables both authentication failure notifications and
link-up-down notifications.
• The snmp-server host command specifies the host device that will receive
SNMP notifications.
7-25
7
Command Line Interface
Example
MRW55#(config)#snmp-server enable server
MRW55#(config)#
Related Commands
snmp-server host (7-26)
snmp-server host
This command specifies the recipient of an SNMP notification. Use the no form to
remove the specified host.
Syntax
snmp-server host <host_ip_address | host_name> <community-string>
no snmp-server host
• host_ip_address - IP of the host (the targeted recipient).
• host_name - Name of the host. (Range: 1-20 characters)
• community-string - Password-like community string sent with the
notification operation. Although you can set this string using the
snmp-server host command by itself, we recommend that you define this
string using the snmp-server community command prior to using the
snmp-server host command. (Maximum length: 23 characters)
Default Setting
Host Address: None
Community String: public
Command Mode
Global Configuration
Command Usage
The snmp-server host command is used in conjunction with the
snmp-server enable server command to enable SNMP notifications.
Example
MRW55#(config)#snmp-server host 10.1.19.23 batman
MRW55#(config)#
Related Commands
snmp-server enable server (7-25)
7-26
SNMP Commands
7
snmp-server location
This command sets the system location string. Use the no form to remove the
location string.
Syntax
snmp-server location text
no snmp-server location
text - String that describes the system location.
(Maximum length: 20 characters)
Default Setting
None
Command Mode
Global Configuration
Example
MRW55#(config)#snmp-server location building-1
MRW55#(config)#
Related Commands
snmp-server contact (7-25)
show snmp
This command displays the SNMP configuration settings.
Command Mode
Exec
Example
MRW55##show snmp
SNMP Information
============================================
Service State : Enable
Community (ro) : *****
Community (rw) : *****
Location
: WC-19
Contact
: Paul
Traps
: Enabled
Host Name/IP
: 10.1.19.23
Trap Community : *****
=============================================
MRW55##
7-27
7
Command Line Interface
Flash/File Commands
These commands are used to manage the system code or configuration files.
Command
Function
Mode
bootfile
Specifies the file or image used to start up the system
Exec
Page
7-28
copy
Copies a code image or configuration between flash memory Exec
and a FTP/TFTP server
7-29
delete
Deletes a file or code image
Exec
7-30
dir
Displays a list of files in flash memory
Exec
7-30
bootfile
This command specifies the image used to start up the system.
Syntax
bootfile <filename>
filename - Name of the image file.
Default Setting
None
Command Mode
Exec
Command Usage
• The file name should not contain slashes (\ or /), the leading letter of the file
name should not be a period (.), and the maximum length for file names is
32 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
• If the file contains an error, it cannot be set as the default file.
Example
MRW55##bootfile bridge-img.bin
MRW55##
7-28
7
Flash/File Commands
copy
This command copies a boot file, code image, or configuration file between the
wireless bridge’s flash memory and a FTP/TFTP server. When you save the
configuration settings to a file on a FTP/TFTP server, that file can later be
downloaded to the wireless bridge to restore system operation. The success of the
file transfer depends on the accessibility of the FTP/TFTP server and the quality of
the network connection.
Syntax
copy <ftp | tftp> file
copy config <ftp | tftp>
•
•
•
•
ftp - Keyword that allows you to copy to/from an FTP server.
tftp - Keyword that allows you to copy to/from a TFTP server.
file - Keyword that allows you to copy to/from a flash memory file.
config - Keyword that allows you to upload the configuration file from flash
memory.
Default Setting
None
Command Mode
Exec
Command Usage
• The system prompts for data required to complete the copy command.
• Only a configuration file can be uploaded to an FTP/TFTP server, but every
type of file can be downloaded to the wireless bridge.
• The destination file name should not contain slashes (\ or /), the leading
letter of the file name should not be a period (.), and the maximum length
for file names on the FTP/TFTP server is 255 characters or 32 characters
for files on the wireless bridge. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
• Due to the size limit of the flash memory, the wireless bridge supports only
two operation code files.
• The system configuration file must be named “syscfg” in all copy
commands.
Example
The following example shows how to upload the configuration settings to a file on
the TFTP server:
MRW55##copy config tftp
TFTP Source file name:syscfg
TFTP Server IP:192.168.1.19
MRW55##
7-29
7
Command Line Interface
The following example shows how to download a configuration file:
MRW55##copy tftp file
1. Application image
2. Config file
3. Boot block image
Select the type of download<1,2,3>:
TFTP Source file name:syscfg
TFTP Server IP:192.168.1.19
MRW55##
[1]:2
delete
This command deletes a file or image.
Syntax
delete filename
filename - Name of the configuration file or image name.
Default Setting
None
Command Mode
Exec
Caution: Beware of deleting application images from flash memory. At least one
application image is required in order to boot the wireless bridge. If there are
multiple image files in flash memory, and the one used to boot the wireless
bridge is deleted, be sure you first use the bootfile command to update the
application image file booted at startup before you reboot the wireless bridge.
Example
This example shows how to delete the test.cfg configuration file from flash memory.
MRW55##delete test.cfg
Are you sure you wish to delete this file? <y/n>:
MRW55##
Related Commands
bootfile (7-28)
dir (7-30)
dir
This command displays a list of files in flash memory.
Command Mode
Exec
7-30
7
RADIUS Client
Command Usage
File information is shown below:
Column Heading
Description
File Name
The name of the file.
Type
(2) Operation Code and (5) Configuration file
File Size
The length of the file in bytes.
Example
The following example shows how to display all file information:
MRW55##dir
apimg1
MRW55.bin
dflt-img.bin
ap3xart.sys
syscfg_bak
syscfg
apcfg
zz-imgf.bin
apcfg.bak
765652
1309756
1177004
641540
26928
26928
2932
1177004
2932
2502656 bytes free
MRW55##
RADIUS Client
Remote Authentication Dial-in User Service (RADIUS) is a logon authentication
protocol that uses software running on a central server to control access for
RADIUS-aware devices to the network. An authentication server contains a
database of credentials, such as users names and passwords, for each wireless
client that requires access to the access point.
Command
Function
Mode
radius-server address
Specifies the RADIUS server
GC
radius-server port
Sets the RADIUS server network port
GC
7-32
radius-server key
Sets the RADIUS encryption key
GC
7-33
radius-server retransmit
Sets the number of retries
GC
7-33
radius-server timeout
Sets the interval between sending authentication requests GC
7-34
show radius
Shows the current RADIUS settings
7-34
Exec
Page
7-32
7-31
7
Command Line Interface
radius-server address
This command specifies the primary and secondary RADIUS servers.
Syntax
radius-server address [secondary] <host_ip_address | host_name>
• secondary - Secondary server.
• host_ip_address - IP address of server.
• host_name - Host name of server. (Range: 1-20 characters)
Default Setting
None
Command Mode
Global Configuration
Example
MRW55#(config)#radius-server address 192.168.1.25
MRW55#(config)#
radius-server port
This command sets the RADIUS server network port.
Syntax
radius-server [secondary] port <port_number>
• secondary - Secondary server.
• port_number - RADIUS server UDP port used for authentication messages.
(Range: 1024-65535)
Default Setting
1812
Command Mode
Global Configuration
Example
MRW55#(config)#radius-server port 181
MRW55#(config)#
7-32
RADIUS Client
7
radius-server key
This command sets the RADIUS encryption key.
Syntax
radius-server [secondary] key <key_string>
• secondary - Secondary server.
• key_string - Encryption key used to authenticate logon access for client. Do
not use blank spaces in the string. (Maximum length: 20 characters)
Default Setting
DEFAULT
Command Mode
Global Configuration
Example
MRW55#(config)#radius-server key green
MRW55#(config)#
radius-server retransmit
This command sets the number of retries.
Syntax
radius-server [secondary] retransmit number_of_retries
• secondary - Secondary server.
• number_of_retries - Number of times the access point will try to
authenticate logon access via the RADIUS server. (Range: 1 - 30)
Default Setting
3
Command Mode
Global Configuration
Example
MRW55#(config)#radius-server retransmit 5
MRW55#(config)#
7-33
7
Command Line Interface
radius-server timeout
This command sets the interval between transmitting authentication requests to the
RADIUS server.
Syntax
radius-server [secondary] timeout number_of_seconds
• secondary - Secondary server.
• number_of_seconds - Number of seconds the access point waits for a reply
before resending a request. (Range: 1-60)
Default Setting
5
Command Mode
Global Configuration
Example
MRW55#(config)#radius-server timeout 10
MRW55#(config)#
show radius
This command displays the current settings for the RADIUS server.
Default Setting
None
Command Mode
Exec
Example
MRW55##show radius
Radius Server Information
========================================
IP
: 192.168.1.25
Port
: 181
Key
: *****
Retransmit
: 5
Timeout
: 10
========================================
Radius Secondary Server Information
========================================
IP
: 0.0.0.0
Port
: 1812
Key
: *****
Retransmit
: 3
Timeout
: 5
========================================
AP#
7-34
7
Authentication
Authentication
The access point supports IEEE 802.1x access control for wireless clients. This
control feature prevents unauthorized access to the network by requiring a 802.1x
client application to submit user credentials for authentication. Client authentication
is then verified via by a RADIUS server using EAP (Extensible Authentication
Protocol) before the access point grants client access to the network.
Client MAC addresses can also be used for authentication on the access point. For
local MAC authentication, first define the default filtering policy using the address
filter default command. Then enter the MAC addresses to be filtered, indicating if
they are allowed or denied. For RADIUS MAC authentication, the MAC addresses
and filtering policy must be configured on the RADIUS server.
Command
Function
Mode
802.1x
Configures 802.1x as disabled, supported, or required
GC
Page
7-35
802.1x broadcast-keyrefresh-rate
Sets the interval at which the primary broadcast keys are GC
refreshed for stations using 802.1x dynamic keying
7-36
802.1x session-keyrefresh-rate
Sets the interval at which unicast session keys are
refreshed for associated stations using dynamic keying
GC
7-37
802.1x session-timeout
Sets the timeout after which a connected client must be
re-authenticated
GC
7-38
802.1x supplicant
Sets the supplicant user name and password for the
access point and enables the feature
GC
7-42
address filter default
Sets filtering to allow or deny listed addresses
GC
7-39
address filter entry
Enters a MAC address in the filter table
GC
7-40
address filter delete
Removes a MAC address from the filter table
GC
7-40
mac-authentication server
Sets address filtering to be performed with local or remote GC
options
7-41
mac-authentication
session-timeout
Sets the interval at which associated clients will be
re-authenticated with the RADIUS server authentication
database
GC
7-41
show authentication
Shows all 802.1x authentication settings, as well as the
address filter table
Exec
7-42
802.1x
This command configures 802.1x as optionally supported or as required for wireless
clients. Use the no form to disable 802.1x support.
Syntax
802.1x <supported | required>
no 802.1x
• supported - Authenticates clients that initiate the 802.1x authentication
process. Uses standard 802.11 authentication for all others.
• required - Requires 802.1x authentication for all clients.
7-35
7
Command Line Interface
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
• When 802.1x is disabled, the access point does not support 802.1x
authentication for any station. After successful 802.11 association, each
client is allowed to access the network.
• When 802.1x is supported, the access point supports 802.1x authentication
only for clients initiating the 802.1x authentication process (i.e., the access
point does NOT initiate 802.1x authentication). For stations initiating
802.1x, only those stations successfully authenticated are allowed to
access the network. For those stations not initiating 802.1x, access to the
network is allowed after successful 802.11 association.
• When 802.1x is required, the access point enforces 802.1x authentication
for all 802.11 associated stations. If 802.1x authentication is not initiated by
the station, the access point will initiate authentication. Only those stations
successfully authenticated with 802.1x are allowed to access the network.
• 802.1x does not apply to the 10/100Base-TX port.
Example
MRW55#(config)#802.1x supported
MRW55#(config)#
802.1x broadcast-key-refresh-rate
This command sets the interval at which the broadcast keys are refreshed for
stations using 802.1x dynamic keying.
Syntax
802.1x broadcast-key-refresh-rate <rate>
rate - The interval at which the access point rotates broadcast keys.
(Range: 0 - 1440 minutes)
Default Setting
0 (Disabled)
Command Mode
Global Configuration
7-36
Authentication
7
Command Usage
• The access point uses EAPOL (Extensible Authentication Protocol Over
LANs) packets to pass dynamic unicast session and broadcast keys to
wireless clients. The 802.1x broadcast-key-refresh-rate command
specifies the interval after which the broadcast keys are changed. The
802.1x session-key-refresh-rate command specifies the interval after
which unicast session keys are changed.
• Dynamic broadcast key rotation allows the access point to generate a
random group key and periodically update all key-management capable
wireless clients.
Example
MRW55#(config)#802.1x broadcast-key-refresh-rate 5
MRW55#(config)#
802.1x session-key-refresh-rate
This command sets the interval at which unicast session keys are refreshed for
associated stations using dynamic keying.
Syntax
802.1x session-key-refresh-rate <rate>
rate - The interval at which the access point refreshes a session key.
(Range: 0 - 1440 minutes)
Default Setting
0 (Disabled)
Command Mode
Global Configuration
Command Usage
Session keys are unique to each client, and are used to authenticate a client
connection, and correlate traffic passing between a specific client and the
access point.
Example
MRW55#(config)#802.1x session-key-refresh-rate 5
MRW55#(config)#
7-37
7
Command Line Interface
802.1x session-timeout
This command sets the time period after which a connected client must be
re-authenticated. Use the no form to disable 802.1x re-authentication.
Syntax
802.1x session-timeout <seconds>
no 802.1x session-timeout
seconds - The number of seconds. (Range: 0-65535)
Default
0 (Disabled)
Command Mode
Global Configuration
Example
MRW55#(config)#802.1x session-timeout 300
MRW55#(config)#
802.1x supplicant
This command sets the user name and password used for authentication of the
access point when operating as a 802.1x supplicant and enables supplicant
authentication. Use the no form to disable the feature.
Syntax
802.1x
802.1x
802.1x
802.1x
supplicant
supplicant
supplicant
supplicant
eth_password <password>
eth_user <username>
wds_password <port> <password>
wds_user <port> <username>
802.1x supplicant <eth | wds port>
no 802.1x supplicant <eth | wds port>
• eth_password - Specifies a password for authentication using the Ethernet
port. (Range: 1-32 alphanumeric characters)
• eth_user - Specifies a username for authentication using the Ethernet port.
(Range: 1-32 alphanumeric characters)
• wds_password - Specifies a password for authentication using the
specified WDS port. (Range: 1-32 alphanumeric characters)
• wds_user - Specifies a username for authentication using the specified
WDS port. (Range: 1-32 alphanumeric characters)
• eth - Enables 802.1X supplicant authentication using the Ethernet port.
• wds - Enables 802.1X supplicant authentication using the specified WDS
port.
- port - Specifies a WDS port number. (Range: 1-16 Master; 1 Slave)
7-38
Authentication
7
Default
Disabled
Command Mode
Global Configuration
Command Usage
• Ethernet and WDS user names and passwords must be set before enabling
the 802.1x supplicant feature for the specified port.
• The access point currently only supports EAP-MD5 CHAP for 802.1x
supplicant authentication.
Example
MRW55#(config)#802.1x supplicant wds_user 1 David
MRW55#(config)#802.1x supplicant wds_password 1 ABC
MRW55#(config)#802.1x supplicant wds 1
MRW55#(config)#
address filter default
This command sets filtering to allow or deny listed MAC addresses.
Syntax
address filter default <allowed | denied>
• allowed - Only MAC addresses entered as “denied” in the address filtering
table are denied.
• denied - Only MAC addresses entered as “allowed” in the address filtering
table are allowed.
Default
allowed
Command Mode
Global Configuration
Example
MRW55#(config)#address filter default denied
MRW55#(config)#
Related Commands
address filter entry (7-40)
show authentication (7-42)
7-39
7
Command Line Interface
address filter entry
This command enters a MAC address in the filter table.
Syntax
address filter entry <mac-address> <allowed | denied>
• mac-address - Physical address of client. (Enter six pairs of hexadecimal
digits separated by hyphens; e.g., 00-90-D1-12-AB-89.)
• allowed - Entry is allowed access.
• denied - Entry is denied access.
Default
None
Command Mode
Global Configuration
Command Mode
• The access point supports up to 1024 MAC addresses.
• An entry in the address table may be allowed or denied access depending
on the global setting configured for the address entry default command.
Example
MRW55#(config)#address filter entry 00-70-50-cc-99-1a allowed
MRW55#(config)#
Related Commands
address filter default (7-39)
show authentication (7-42)
address filter delete
This command deletes a MAC address from the filter table.
Syntax
address filter delete <mac-address>
mac-address - Physical address of client. (Enter six pairs of hexadecimal
digits separated by hyphens.)
Default
None
Command Mode
Global Configuration
7-40
Authentication
7
Example
MRW55#(config)#address filter delete 00-70-50-cc-99-1b
MRW55#(config)#
Related Commands
show authentication (7-42)
mac-authentication server
This command sets address filtering to be performed with local or remote options.
Use the no form to disable MAC address authentication.
Syntax
mac-authentication server [local | remote]
• local - Authenticate the MAC address of wireless clients with the local
authentication database during 802.11 association.
• remote - Authenticate the MAC address of wireless clients with the
RADIUS server during 802.1x authentication.
Default
local
Command Mode
Global Configuration
Example
MRW55#(config)#mac-authentication server remote
MRW55#(config)#
Related Commands
address filter entry (7-40)
radius-server address (7-32)
show authentication (7-42)
mac-authentication session-timeout
This command sets the interval at which associated clients will be re-authenticated
with the RADIUS server authentication database. Use the no form to disable
reauthentication.
Syntax
mac-authentication session-timeout <seconds>
seconds - Re-authentication interval. (Range: 0-65535)
Default
0 (disabled)
7-41
7
Command Line Interface
Command Mode
Global Configuration
Example
MRW55#(config)#mac-authentication session-timeout 1
MRW55#(config)#
show authentication
This command shows all 802.1x authentication settings, as well as the address filter
table.
Command Mode
Exec
Example
MRW55##show authentication
Authentication Information
=========================================================
MAC Authentication Server
: REMOTE
MAC Auth Session Timeout Value : 1 secs
802.1x
: SUPPORTED
Broadcast Key Refresh Rate
: 5 min
Session Key Refresh Rate
: 5 min
802.1x Session Timeout Value
: 300 secs
Address Filtering
: DENIED
System Default : DENY addresses not found in filter table.
Filter Table
MAC Address
Status
-------------------------00-70-50-cc-99-1a
DENIED
00-70-50-cc-99-1b
ALLOWED
=========================================================
MRW55##
WDS Commands
The commands described in this section are used to configure the WIreless
Distribution System (WDS) forwarding table.
Command
Function
Mode
wds channel
Selects the radio band to be used for bridge links
GC
7-43
wds mac-address
Configures MAC addresses of nodes in the wireless bridge GC
network
7-43
wds enable
Enables WDS forwarding for specific wireless port IDs
GC
7-44
show wds
Displays the current entries in the WDS forwarding table
Exec
7-44
7-42
Page
7
WDS Commands
wds channel
This command selects the radio band to be used for WDS forwarding (bridging).
Syntax
wds channel <a | g | none>
• a - Bridging is supported on the 802.11a 5 GHz band.
• g - Bridging is supported on the 802.11b/g 2.4 GHz band.
• none - Bridging is not supported for either band.
Default
802.11a
Command Mode
Global Configuration
Example
MRW55#(config)#wds channel a
MRW55#(config)#
wds mac-address
This command enters wireless MAC addresses in the WDS forwarding table for
each node in the wireless bridge network.
Syntax
wds mac-address <port-id> <mac-address>
• port-id - The wireless port number for the bridge link. (1 for Slave units; 1-16
for Master units)
• mac-address - The wireless MAC address of the remote bridge unit for this
link. (12 hexadecimal digits in the form “xx-xx-xx-xx-xx-xx”)
Default
none
Command Mode
Global Configuration
Command Usage
• You can only configure one MAC address per wireless port ID.
• The wireless MAC address for each bridge unit is printed on the label on the
back of the unit.
Example
MRW55#(config)#wds mac-address 1 00-12-34-56-78-9a
MRW55#(config)#
7-43
7
Command Line Interface
wds enable
This command enables WDS forwarding for a wireless port ID. Use the no form to
disable WDS forwarding for a wireless port ID.
Syntax
[no] wds enable <port-id>
• port-id - The wireless port number for the link. (1 for Slave units; 1-16 for
Master units)
Default
WDS forwarding disabled on all ports
Command Mode
Global Configuration
Example
MRW55#(config)#wds enable 1
MRW55#(config)#
show wds
This command displays the current entries in the WDS forwarding table.
Syntax
show wds
Command Mode
Exec
7-44
WDS Commands
7
Example
MRW55##show wds
Outdoor_Mode
:
MASTER
==================================================
Port ID |
Status
|
Mac-Address
==================================================
01
|
ENABLE
|
00-12-34-56-78-9A
02
|
ENABLE
|
00-1A-2B-3C-4D-5E
03
|
DISABLE
|
00-01-02-03-04-05
04
|
ENABLE
|
00-0E-87-3B-60-51
05
|
DISABLE
|
00-00-00-00-00-00
06
|
DISABLE
|
00-00-00-00-00-00
07
|
DISABLE
|
00-00-00-00-00-00
08
|
DISABLE
|
00-00-00-00-00-00
09
|
DISABLE
|
00-00-00-00-00-00
10
|
DISABLE
|
00-00-00-00-00-00
11
|
DISABLE
|
00-00-00-00-00-00
12
|
DISABLE
|
00-00-00-00-00-00
13
|
DISABLE
|
00-00-00-00-00-00
14
|
DISABLE
|
00-00-00-00-00-00
15
|
DISABLE
|
00-00-00-00-00-00
16
|
DISABLE
|
00-00-00-00-00-00
==================================================
MRW55#(config)#
7-45
7
Command Line Interface
Bridge Commands
The commands described in this section are used to set the MAC address table
aging time and spanning tree parameters for both the Ethernet and wireless
interfaces.
Command
Function
Mode
bridge timeout
Sets the aging time for the address table
GC
Page
7-46
bridge stp-bridge spanning-tree Enables the spanning tree protocol for the bridge
GC
7-47
bridge stp-bridge forward-time
Configures the spanning tree bridge forward time
GC
7-47
bridge stp-bridge hello-time
Configures the spanning tree bridge hello time
GC
7-48
bridge stp-bridge max-age
Configures the spanning tree bridge maximum age
GC
7-48
bridge stp-bridge priority
Configures the spanning tree bridge priority
GC
7-49
bridge stp-port path-cost
Configures the spanning tree path cost of a port
GC
7-50
bridge stp-port priority
Configures the spanning tree priority of a port
GC
7-50
bridge stp-port portfast
Sets a port to fast forwarding
GC
7-51
bridge stp-port
spanning-disabled
Disables the spanning tree protocol on a port
GC
7-52
show bridge
Displays the current aging time settings
Exec
7-52
bridge timeout
This command sets the aging time for both the Ethernet port and the wireless
interface.
Syntax
bridge timeout <interface-id> <seconds>
• interface-id - An identifier that specifies the interface. (0 for Ethernet, 2 for
802.11a wireless)
• seconds - The time to age out an address entry. (Range: 60-1800 seconds)
Default
Ethernet: 100
802.11a wireless: 1800
Command Mode
Global Configuration
Command Usage
• If the MAC address of an entry in the address table is not seen on the
associated interface for longer than the aging time, the entry is discarded.
Example
MRW55#(config)#bridge timeout 0 300
MRW55#(config)#bridge timeout 2 1000
MRW55#(config)#
7-46
7
Bridge Commands
bridge stp-bridge spanning-tree
Use this command to enable the Spanning Tree Protocol globally for the wireless
bridge. Use the no form to disable it.
Syntax
bridge stp-bridge spanning-tree
no bridge stp-bridge spanning-tree
Default Setting
Spanning tree is enabled.
Command Mode
Global Configuration
Command Usage
The Spanning Tree Protocol (STP) can be used to detect and disable network
loops, and to provide backup links between switches, bridges or routers. This
allows the wireless bridge to interact with other bridging devices (that is, an
STP-compliant switch, bridge or router) in your network to ensure that only
one route exists between any two stations on the network, and provide backup
links which automatically take over when a primary link goes down.
Example
This example shows how to enable the Spanning Tree Protocol for the wireless
bridge:
MRW55#(config)#bridge stp-bridge spanning-tree
MRW55#(config)#
bridge stp-bridge forward-time
Use this command to configure the spanning tree bridge forward time globally for the
wireless bridge. Use the no form to restore the default.
Syntax
bridge stp-bridge forward-time seconds
no bridge stp-bridge forward-time
seconds - Time in seconds. (Range: 4 - 30 seconds)
The minimum value is the higher of 4 or [(max-age / 2) + 1].
Default Setting
15 seconds
Command Mode
Global Configuration
7-47
7
Command Line Interface
Command Usage
This command sets the maximum time (in seconds) the root device will wait
before changing states (i.e., discarding to learning to forwarding). This delay is
required because every device must receive information about topology
changes before it starts to forward frames. In addition, each port needs time to
listen for conflicting information that would make it return to the discarding
state; otherwise, temporary data loops might result.
Example
MRW55#(config)#bridge stp-bridge forward-time 20
MRW55#(config)#
bridge stp-bridge hello-time
Use this command to configure the spanning tree bridge hello time globally for the
wireless bridge. Use the no form to restore the default.
Syntax
bridge stp-bridge hello-time time
no bridge stp-bridge hello-time
time - Time in seconds. (Range: 1-10 seconds).
The maximum value is the lower of 10 or [(max-age / 2) -1].
Default Setting
2 seconds
Command Mode
Global Configuration
Command Usage
This command sets the time interval (in seconds) at which the root device
transmits a configuration message.
Example
MRW55#(config)#bridge stp-bridge hello-time 5
MRW55#(config)#
bridge stp-bridge max-age
Use this command to configure the spanning tree bridge maximum age globally for
the wireless bridge. Use the no form to restore the default.
Syntax
bridge stp-bridge max-age seconds
no bridge stp-bridge max-age
seconds - Time in seconds. (Range: 6-40 seconds)
The minimum value is the higher of 6 or [2 x (hello-time + 1)].
The maximum value is the lower of 40 or [2 x (forward-time - 1)].
7-48
7
Bridge Commands
Default Setting
20 seconds
Command Mode
Global Configuration
Command Usage
This command sets the maximum time (in seconds) a device can wait without
receiving a configuration message before attempting to reconfigure. All device
ports (except for designated ports) should receive configuration messages at
regular intervals. Any port that ages out STP information (provided in the last
configuration message) becomes the designated port for the attached LAN. If
it is a root port, a new root port is selected from among the device ports
attached to the network.
Example
MRW55#(config)#bridge stp-bridge max-age 40
MRW55#(config)#
bridge stp-bridge priority
Use this command to configure the spanning tree priority globally for the wireless
bridge. Use the no form to restore the default.
Syntax
bridge stp-bridge priority priority
no bridge stp-bridge priority
priority - Priority of the bridge. (Range: 0 - 65535)
Default Setting
32768
Command Mode
Global Configuration
Command Usage
Bridge priority is used in selecting the root device, root port, and designated
port. The device with the highest priority becomes the STP root device.
However, if all devices have the same priority, the device with the lowest MAC
address will then become the root device.
Example
MRW55#(config)#bridge stp-bridge priority 40000
MRW55#(config)#
7-49
7
Command Line Interface
bridge stp-port path-cost
Use this command to configure the spanning tree path cost for the specified port.
Use the no form to restore the default for the specified port.
Syntax
bridge stp-port path-cost <port> cost
no bridge stp-port path-cost <port>
• port - Specifies the port number on the wireless bridge. (Range: 0, Ethernet
interface; 1-16 wireless interface)
• cost - The path cost for the port. (Range: 1-65535)
Default Setting
• Ethernet interface – 19
• Wireless interface – 40
Command Mode
Global Configuration
Command Usage
• This command is used by the Spanning Tree Protocol to determine the best
path between devices. Therefore, lower values should be assigned to ports
attached to faster media, and higher values assigned to ports with slower
media.
• Path cost takes precedence over port priority.
Example
MRW55#(config)#bridge stp-port path-cost 1 50
MRW55#(config)#
bridge stp-port priority
Use this command to configure the priority for the specified port. Use the no form to
restore the default for the specified port.
Syntax
bridge stp-port priority <port> priority
no bridge stp-port priority <port>
• port - Specifies the port number on the wireless bridge. (Range: 0, Ethernet
interface; 1-16 wireless interface)
• priority - The priority for a port. (Range: 1-255)
Default Setting
128
Command Mode
Global Configuration
7-50
Bridge Commands
7
Command Usage
• This command defines the priority for the use of a port in the Spanning Tree
Protocol. If the path cost for all ports on a wireless bridge are the same, the
port with the highest priority (that is, lowest value) will be configured as an
active link in the spanning tree.
• Where more than one port is assigned the highest priority, the port with lowest
numeric identifier will be enabled.
Example
MRW55#(config)#bridge stp-port priority 1 64
MRW55#(config)#
Related Commands
bridge stp-port path-cost (7-50)
bridge stp-port portfast
Use this command to set an interface to fast forwarding. Use the no form to disable
fast forwarding.
Syntax
bridge stp-port portfast <port>
no bridge stp-port portfast <port>
port - Specifies the port number on the wireless bridge. (Range: 0,
Ethernet interface; 1-16 wireless interface)
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
• This command is used to enable/disable the fast spanning-tree mode for the
selected port. In this mode, ports skip the Discarding and Learning states, and
proceed straight to Forwarding.
• Since end-nodes cannot cause forwarding loops, they can be passed through
the spanning tree state changes more quickly than allowed by standard
convergence time. Fast forwarding can achieve quicker convergence for
end-node devices, and also overcome other STP related timeout problems.
(Remember that fast forwarding should only be enabled for ports connected
to a LAN segment that is at the end of a bridged LAN or for an end-node
device.)
Example
MRW55#(config)#bridge stp-port portfast 15
MRW55#(config)#
7-51
7
Command Line Interface
bridge stp-port spanning-disabled
This command disables the Spanning Tree Protocol for the specified interface. Use
the no form to reenable the Spanning Tree Protocol for the specified interface.
Syntax
bridge stp-port spanning-disabled <port>
no bridge stp-port spanning-disabled <port>
port - Specifies the port number on the wireless bridge. (Range: 0,
Ethernet interface; 1-16 wireless interface)
Default Setting
Enabled
Command Mode
Global Configuration
Example
This example disables the Spanning Tree Protocol for port 5.
MRW55#(config)#bridge stp-port spanning-disabled 5
MRW55#(config)#
show bridge
This command displays aging time and spanning tree settings for the Ethernet and
wireless interfaces.
Syntax
show bridge
Command Mode
Exec
7-52
7
Filtering Commands
Example
MRW55##show bridge
Bridge Information
=================================================
Media Type | Age Time(sec)|
=================================================
EtherNet |
300
|
WLAN_A
| 1000
|
==================================================
Bridge Id
: 32768.037fbef192
Root Bridge Id
: 32768.01f47483e2
Root Path Cost
: 25
Root Port Id
: 0
Bridge Status
: Enabled
Bridge Priority
: 32768
Bridge Hello Time
: 2 Seconds
Bridge Maximum Age : 20 Seconds
Bridge Forward Delay: 15 Seconds
============================= Port Summary =============================
Id| Priority | Path Cost | Fast Forward | Status |
State
|
0
128
25
Enable
Enabled
Forwarding
MRW55##
Filtering Commands
The commands described in this section are used to control access to the
management interface from the wireless interface and filter traffic using specific
Ethernet protocol types.
Command
Function
Mode
filter local-bridge
Disables communication between wireless clients
GC
Page
7-53
filter ap-manage
Prevents access to the management interface over the
wireless bridge link
GC
7-54
filter ethernet-type enable Checks the Ethernet type for all incoming and outgoing
Ethernet packets against the protocol filtering table
GC
7-54
filter ethernet-type
protocol
Sets a filter for a specific Ethernet type
GC
7-55
show filter
Shows the filter configuration
Exec
7-56
filter local-bridge
This command disables communication between wireless clients. Use the no form
to disable this filtering.
Syntax
filter local-bridge
no filter local-bridge
7-53
7
Command Line Interface
Default
Disabled
Command Mode
Global Configuration
Command Usage
This command can disable wireless-to-wireless communications between
clients via the access point. However, it does not affect communications
between wireless clients and the wired network.
Example
MRW55#(config)#filter local-bridge
MRW55#(config)#
Related Commands
filter ethernet-type enable (7-54)
filter ap-manage
This command prevents access to wireless bridge management from the wireless
interface. Use the no form to disable this filtering.
Syntax
filter ap-manage
no filter ap-manage
Default
Disabled
Command Mode
Global Configuration
Example
MRW55#(config)#filter ap-manage
MRW55#(config)#
filter ethernet-type enable
This command checks the Ethernet type on all incoming and outgoing Ethernet
packets against the protocol filtering table. Use the no form to disable this feature.
Syntax
filter ethernet-type enable
no filter ethernet-type enable
Default
Disabled
7-54
Filtering Commands
7
Command Mode
Global Configuration
Command Usage
This command is used in conjunction with the filter ethernet-type protocol
command to determine which Ethernet protocol types are to be filtered.
Example
MRW55#(config)#filter ethernet-type enable
MRW55#(config)#
Related Commands
filter ethernet-type protocol (7-55)
filter ethernet-type protocol
This command sets a filter for a specific Ethernet type. Use the no form to disable
filtering for a specific Ethernet type.
Syntax
filter ethernet-type protocol <protocol>
no filter ethernet-type protocol <protocol>
protocol - An Ethernet protocol type. (Options: ARP, RARP,
Berkeley-Trailer-Negotiation, LAN-Test, X25-Level-3, Banyan, CDP, DEC
XNS, DEC-MOP-Dump-Load, DEC-MOP, DEC-LAT, Ethertalk,
Appletalk-ARP, Novell-IPX(old), Novell-IPX(new), EAPOL, Telxon-TXP,
Aironet-DDP, Enet-Config-Test)
Default
None
Command Mode
Global Configuration
Command Usage
Use the filter ethernet-type enable command to enable filtering for Ethernet
types specified in the filtering table, or the no filter ethernet-type enable
command to disable all filtering based on the filtering table.
Example
MRW55#(config)#filter ethernet-type protocol ARP
MRW55#(config)#
Related Commands
filter ethernet-type enable (7-54)
7-55
7
Command Line Interface
show filters
This command shows the filter options and protocol entries in the filter table.
Command Mode
Exec
Example
MRW55##show filters
Protocol Filter Information
=========================================================
AP Management
:ENABLED
Ethernet Type Filter :ENABLED
Enabled Protocol Filters
--------------------------------------------------------Protocol: ARP
ISO: 0x0806
=========================================================
MRW55##
PPPoE Commands
The commands described in this section configure PPPoE management tunnel
connection parameters for the Ethernet port.
Command
Function
Mode
ip pppoe
Enables PPPoE on the Ethernet interface
IC-E
Page
7-57
pppoe ip allocation mode
Specifies how IP addresses for the PPPoE tunnel are
configured on the interface
IC-E
7-57
pppoe ipcp dns
Negotiates DNS for the PPPoE tunnel
IC-E
7-58
pppoe lcp echo-interval
Sets LCP echo interval for the PPPoE tunnel
IC-E
7-58
pppoe lcp echo-failure
Sets LCP echo timeout for the PPPoE tunnel
IC-E
7-59
pppoe local ip
Sets local IP address for the PPPoE tunnel
IC-E
7-60
pppoe remote ip
Sets remote IP address for the PPPoE tunnel
IC-E
7-60
pppoe username
Sets the user name for the PPPoE tunnel
IC-E
7-61
pppoe password
Sets the password for the PPPoE tunnel
IC-E
7-61
pppoe service-name
Sets the service name for the PPPoE tunnel
IC-E
7-62
pppoe restart
Restarts the PPPoE connection with updated
parameters
IC-E
7-62
show pppoe
Shows information about the PPPoE configuration
PE
7-63
7-56
7
PPPoE Commands
ip pppoe
This command enables Point-to-Point Protocol over Ethernet (PPPoE) on the
Ethernet interface. Use the no form to disable PPPoE on the Ethernet interface.
Syntax
ip pppoe
no ip pppoe
Default Setting
Disabled
Command Mode
Interface Configuration (Ethernet)
Command Usage
The access point uses a PPPoE connection, or tunnel, only for management
traffic between the access point and a remote PPPoE server (typically at an
ISP). Examples of management traffic that may initiated by the access point
and carried over a PPPoE tunnel are RADIUS, Syslog, or DHCP traffic.
Example
MRW55##(if-ethernet)#ip pppoe
MRW55##
pppoe ip allocation mode
This command specifies how IP addresses for the PPPoE tunnel are configured on
this interface.
Syntax
pppoe ip allocation mode {automatic | static}
• automatic - IP addresses are dynamically assigned by the ISP during
PPPoE session initialization.
• static - Fixed addresses are assigned by the ISP for both the local and
remote IP addresses.
Default Setting
automatic
Command Mode
Interface Configuration (Ethernet)
Command Usage
The IP address allocation mode depends on the type of service provided by
the ISP. If automatic mode is selected, DHCP is used to allocate the IP
addresses for the PPPoE connection. If static addresses have been assigned
to by the ISP, these must be entered using the pppoe local ip and pppoe
remote ip commands.
7-57
7
Command Line Interface
Example
MRW55##(if-ethernet)#pppoe ip allocation mode static
MRW55##
Related Commands
pppoe local ip (7-60)
pppoe remote ip (7-60)
pppoe ipcp dns
This command requests allocation of IP addresses for Dynamic Naming System
(DNS) servers from the device at the remote end of the PPPoE tunnel.
Syntax
pppoe ipcp dns
no pppoe ipcp dns
Default Setting
Disabled
Command Mode
Interface Configuration (Ethernet)
Command Usage
DNS servers are used to translate host computer names into IP addresses.
PPPoE clients can request a primary and secondary DNS server from the
network connection device at the remote end of the PPPoE tunnel. This
request is passed to the remote end during the IP Control Protocol (IPCP)
negotiation phase during session initialization.
Example
MRW55##(if-ethernet)#pppoe ipcp dns
MRW55##
pppoe lcp echo-interval
This command sets the Link Control Protocol (LCP) echo interval for the PPPoE
tunnel.
Syntax
pppoe lcp echo-interval <interval>
interval - The interval between sending echo requests.
(Range: 1-60 seconds)
Default Setting
10
Command Mode
Interface Configuration (Ethernet)
7-58
7
PPPoE Commands
Command Usage
• Echo requests are used to verify the integrity of the link through the PPPoE
tunnel. Devices at either end of the link can issue an echo-request. Devices
receiving an echo-request must return an echo-reply.
• If a link is busy with large data transfers, the echo-reply may not be issued
in a timely manner causing the link to timeout. If you experience this kind of
problem, try extending the echo interval or timeout.
Example
MRW55##(if-ethernet)#pppoe lcp echo-interval 30
MRW55##
Related Commands
pppoe lcp echo-failure (7-59)
pppoe lcp echo-failure
This command sets the Link Control Protocol (LCP) echo timeout for the PPPoE
tunnel.
Syntax
pppoe lcp echo-failure <timeout>
timeout - The number of timeouts allowed. (Range: 1-10)
Default Setting
3
Command Mode
Interface Configuration (Ethernet)
Command Usage
• Echo requests are used to verify the integrity of the link through the PPPoE
tunnel. Devices at either end of the link can issue an echo-request. Devices
receiving an echo-request must return an echo-reply.
• If a link is busy with large data transfers, the echo-reply may not be issued
in a timely manner causing the link to timeout. If you experience this kind of
problem, try extending the echo interval or timeout.
Example
MRW55##(if-ethernet)#pppoe lcp echo-failure 5
MRW55##
Related Commands
pppoe lcp echo-interval (7-58)
7-59
7
Command Line Interface
pppoe local ip
This command sets the local IP address for the PPPoE tunnel.
Syntax
pppoe local ip <ip-address>
ip-address - IP address of the local end of the PPPoE tunnel.
Default Setting
None
Command Mode
Interface Configuration (Ethernet)
Command Usage
If the pppoe ip allocation mode is set to static, the local IP address must be
entered with this command, and the remote IP address must be entered with
the pppoe remote ip command.
Example
MRW55##(if-ethernet)#pppoe local ip 10.7.1.200
MRW55##
Related Commands
pppoe ip allocation mode (7-57)
pppoe remote ip (7-60)
pppoe remote ip
This command sets the remote IP address for the PPPoE tunnel.
Syntax
pppoe remote ip <ip-address>
ip-address - IP address of the remote end of the PPPoE tunnel.
Default Setting
None
Command Mode
Interface Configuration (Ethernet)
Command Usage
If the pppoe ip allocation mode is set to static, the remote IP address must
be entered with this command, and the local IP address must be entered with
the pppoe local ip command.
7-60
PPPoE Commands
7
Example
MRW55##(if-ethernet)#pppoe remote ip 192.168.1.20
MRW55##
Related Commands
pppoe ip allocation mode (7-57)
pppoe local ip (7-60)
pppoe username
This command sets the user name for the PPPoE tunnel.
Syntax
pppoe username <username>
username - User name assigned by the service provider.
(Range: 1-63 alphanumeric characters)
Default Setting
None
Command Mode
Interface Configuration (Ethernet)
Command Usage
You must enter a user name with this command, and a password with the
pppoe password command.
Example
MRW55##(if-ethernet)#pppoe username mike
MRW55##
Related Commands
pppoe password (7-61)
pppoe password
This command sets the password for the PPPoE tunnel.
Syntax
pppoe password <string>
string - Password assigned by the service provider.
(Range: 1-63 alphanumeric characters)
Default Setting
None
Command Mode
Interface Configuration (Ethernet)
7-61
7
Command Line Interface
Command Usage
You must enter a password with this command, and a user name with the
pppoe username command.
Example
MRW55##(if-ethernet)#pppoe password 12345
MRW55##
Related Commands
pppoe username (7-61)
pppoe service-name
This command sets the service name for the PPPoE tunnel.
Syntax
pppoe service-name <string>
string - Service name assigned by the service provider.
(Range: 1-63 alphanumeric characters)
Default Setting
None
Command Mode
Interface Configuration (Ethernet)
Command Usage
The service name is normally optional, but may be required by some service
providers.
Example
MRW55##(if-ethernet)#pppoe service-name classA
MRW55##
pppoe restart
This command restarts the PPPoE connection with updated parameters.
Command Mode
Interface Configuration (Ethernet)
Command Usage
This command restarts PPPoE service using the most recently configured
parameters.
Example
MRW55##(if-ethernet)#pppoe restart
MRW55##
7-62
7
Ethernet Interface Commands
show pppoe
This command shows information about the PPPoE configuration.
Command Mode
Privileged Exec
Example
MRW55##show pppoe
PPPoE Information
======================================================
State
: Link up
Username
: mike
Service Name
: classA
IP Allocation Mode
: Static
DNS Negotiation
: Enabled
Local IP
: 10.7.1.200
Echo Interval
: 30
Echo Failure
: 5
======================================================
MRW55##
Ethernet Interface Commands
The commands described in this section configure connection parameters for the
Ethernet interface.
Command
Function
Mode
interface ethernet
Enters Ethernet interface configuration mode
GC
Page
7-64
dns primary-server
Specifies the primary name server
IC-E
7-64
dns secondary-server
Specifies the secondary name server
IC-E
7-64
ip address
Sets the IP address for the Ethernet interface
IC-E
7-65
ip dhcp
Submits a DHCP request for an IP address
IC-E
7-66
shutdown
Disables the Ethernet interface
IC-E
7-66
show interface ethernet
Shows the status for the Ethernet interface
Exec
7-67
7-63
7
Command Line Interface
interface ethernet
This command enters Ethernet interface configuration mode.
Syntax
interface ethernet
Default Setting
None
Command Mode
Global Configuration
Example
To specify the 10/100Base-TX network interface, enter the following command:
MRW55#(config)#interface ethernet
MRW55#(if-ethernet)#
dns server
This command specifies the address for the primary or secondary domain name
server to be used for name-to-address resolution.
Syntax
dns primary-server <server-address>
dns secondary-server <server-address>
• primary-server - Primary server used for name resolution.
• secondary-server - Secondary server used for name resolution.
• server-address - IP address of domain-name server.
Default Setting
None
Command Mode
Global Configuration
Command Usage
The primary and secondary name servers are queried in sequence.
Example
This example specifies two domain-name servers.
MRW55#(if-ethernet)#dns primary-server 192.168.1.55
MRW55#(if-ethernet)#dns secondary-server 10.1.0.55
MRW55#(if-ethernet)#
Related Commands
show interface ethernet (7-67)
7-64
Ethernet Interface Commands
7
ip address
This command sets the IP address for the (10/100Base-TX) Ethernet interface. Use
the no form to restore the default IP address.
Syntax
ip address <ip-address> <netmask> <gateway>
no ip address
• ip-address - IP address
• netmask - Network mask for the associated IP subnet. This mask identifies
the host address bits used for routing to specific subnets.
• gateway - IP address of the default gateway
Default Setting
IP address: 192.168.1.1
Netmask: 255.255.255.0
Command Mode
Interface Configuration (Ethernet)
Command Usage
• DHCP is enabled by default. To manually configure a new IP address, you
must first disable the DHCP client with the no ip dhcp command.
• You must assign an IP address to this device to gain management access
over the network or to connect the wireless bridge to existing IP subnets.
You can manually configure a specific IP address using this command, or
direct the device to obtain an address from a DHCP server using the ip
dhcp command. Valid IP addresses consist of four numbers, 0 to 255,
separated by periods. Anything outside this format will not be accepted by
the configuration program.
Example
MRW55#(config)#interface ethernet
Enter Ethernet configuration commands, one per line.
MRW55#(if-ethernet)#ip address 192.168.1.2 255.255.255.0 192.168.1.253
MRW55#(if-ethernet)#
Related Commands
ip dhcp (7-66)
7-65
7
Command Line Interface
ip dhcp
This command enables the access point to obtain an IP address from a DHCP
server. Use the no form to restore the default IP address.
Syntax
ip dhcp
no ip dhcp
Default Setting
Enabled
Command Mode
Interface Configuration (Ethernet)
Command Usage
• You must assign an IP address to this device to gain management access
over the network or to connect the wireless bridge to existing IP subnets.
You can manually configure a specific IP address using the ip address
command, or direct the device to obtain an address from a DHCP server
using this command.
• When you use this command, the wireless bridge will begin broadcasting
DHCP client requests. The current IP address (i.e., default or manually
configured address) will continue to be effective until a DHCP reply is
received. Requests will be broadcast periodically by this device in an effort
to learn its IP address. (DHCP values can include the IP address, subnet
mask, and default gateway.)
Example
MRW55#(config)#interface ethernet
Enter Ethernet configuration commands, one per line.
MRW55#(if-ethernet)#ip dhcp
MRW55#(if-ethernet)#
Related Commands
ip address (7-65)
shutdown
This command disables the Ethernet interface. To restart a disabled interface, use
the no form.
Syntax
shutdown
no shutdown
Default Setting
Interface enabled
7-66
7
Ethernet Interface Commands
Command Mode
Interface Configuration (Ethernet)
Command Usage
This command allows you to disable the Ethernet port due to abnormal
behavior (e.g., excessive collisions), and reenable it after the problem has
been resolved. You may also want to disable the Ethernet port for security
reasons.
Example
The following example disables the Ethernet port.
MRW55#(if-ethernet)#shutdown
MRW55#(if-ethernet)#
show interface ethernet
This command displays the status for the Ethernet interface.
Syntax
show interface [ethernet]
Default Setting
Ethernet interface
Command Mode
Exec
Example
MRW55##show interface ethernet
Ethernet Interface Information
========================================
IP Address
: 192.168.1.1
Subnet Mask
: 255.255.255.0
Default Gateway
: 192.168.1.253
Primary DNS
: 192.168.1.55
Secondary DNS
: 10.1.0.55
Admin status
: Up
Operational status : Up
========================================
MRW55##
7-67
7
Command Line Interface
Wireless Interface Commands
The commands described in this section configure connection parameters for the
wireless interface.
Command
Function
Mode
interface wireless
Enters wireless interface configuration mode
GC
Page
7-69
description
Adds a description to the wireless interface
IC-W
7-69
ssid
Configures the service set identifier
IC-W
7-72
closed system
Prohibits access to clients without a pre-configured
SSID
IC-W
6-75
speed
Configures the maximum data rate for transmitting
unicast packets on the wireless interface
IC-W
7-71
channel
Configures the radio channel
IC-W
7-71
turbo
Configures the 802.11a radio to use a faster proprietary IC-W
modulation mode
7-72
beacon-interval
Configures the rate at which beacon signals are
transmitted from the wireless bridge
IC-W
7-72
dtim-period
Configures the rate at which stations in sleep mode
must wake up to receive broadcast/multicast
transmissions
IC-W
7-73
fragmentation-length
Configures the minimum packet size that can be
fragmented
IC-W
7-74
rts-threshold
Sets the packet size threshold at which an RTS must be IC-W
sent to the receiving station prior to the sending station
starting communications
7-74
transmit-power
Adjusts the power of the radio signals transmitted from IC-W
the wireless bridge
7-75
max-association
Configures the maximum number of clients that can be IC-W
associated with the access point radio at the same time
7-76
authentication
Defines the 802.11 authentication type allowed by the
access point
IC-W
7-76
encryption
Defines whether or not WEP or AES encryption is used IC-W
to provide privacy for wireless communications
7-77
key
Sets the keys used for WEP or AES encryption
IC-W
7-78
transmit-key
Sets the index of the key to be used for WEP encryption IC-W
7-79
multicast-cipher
Defines the cipher algorithm used for multicasting
IC-W
7-80
wpa-clients
Defines whether WPA is required or optionally
supported for client stations
IC-W
7-81
wpa-mode
Specifies dynamic keys or a pre-shared key
IC-W
7-82
wpa-preshared-key
Defines a WPA preshared-key value
IC-W
7-82
wpa-psk-type
Defines the type of the preshared-key
IC-W
7-84
shutdown
Disables the wireless interface
IC-W
7-84
help
Displays the help menu
IC-W
7-2
7-68
7
Wireless Interface Commands
Command
Function
Mode
show interface wireless
Shows the status for the wireless interface
Exec
Page
7-84
show station
Shows the wireless clients associated with the access Exec
point
7-85
interface wireless
This command enters wireless interface configuration mode.
Syntax
interface wireless a
• a - 802.11a radio interface.
• g - 802.11g radio interface
Default Setting
None
Command Mode
Global Configuration
Example
To specify the wireless interface, enter the following command:
MRW55#(config)#interface wireless a
MRW55#(if-wireless a)#
description
This command adds a description to the wireless interface. Use the no form to
remove the description.
Syntax
description <string>
no description
string - Comment or a description for this interface.
(Range: 1-80 characters)
Default Setting
None
Command Mode
Interface Configuration (Wireless)
Example
MRW55#(config)#interface wireless a
MRW55#(if-wireless a)#description RD-AP#3
MRW55#(if-wireless a)#
7-69
7
Command Line Interface
ssid
This command configures the service set identifier (SSID).
Syntax
ssid <string>
string - The name of a basic service set supported by the access point.
(Range: 1 - 32 characters)
Default Setting
MRW55 Wireless Outdoor Bridge/AP
Command Mode
Interface Configuration (Wireless)
Command Usage
Clients that want to connect to the wireless network via an access point must
set their SSIDs to the same as that of the access point.
Example
AP(if-wireless g)#ssid RD-AP#3
AP(if-wireless g)#
closed-system
This command closes access to clients without a pre-configured SSID. Use the no
form to disable this feature.
Syntax
closed-system
no closed-system
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless)
Command Usage
When closed system is enabled, the access point will not include its SSID in
beacon messages. Nor will it respond to probe requests from clients that do
not include a fixed SSID.
Example
AP(if-wireless g)#closed-system
AP(if-wireless g)#
7-70
Wireless Interface Commands
7
speed
This command configures the maximum data rate for transmitting unicast packets on
the wireless interface.
Syntax
speed <speed>
speed - Maximum access speed allowed for remote bridges.
(Options: 802.11a: 6, 9, 12, 18, 24, 36, 48, 54 Mbps; 802.11g:1, 2, 5.5, 6,
9, 11, 12, 18, 24, 36, 48, 54 Mbps)
Default Setting
54 Mbps
Command Mode
Interface Configuration (Wireless)
Command Usage
The maximum transmission distance is affected by the data rate. The lower
the data rate, the longer the transmission distance.
Example
MRW55#(if-wireless a)#speed 6
MRW55#(if-wireless a)#
channel
This command configures the radio channel through which the local wireless bridge
communicates with remote bridges.
Syntax
channel <channel | auto>
• channel - Manually sets the radio channel used for communications with
remote bridges. (Range: 802.11a - 36, 40, 44, 48, 52, 56, 60, 64, 149, 153,
157, 161, 165 for normal mode, and 42, 50, 58, 152, 160 for turbo mode;
802.1g - 1 to 14)
• auto - Automatically selects an unoccupied channel (if available).
Otherwise, the lowest channel is selected.
Default Setting
Automatic channel selection
Command Mode
Interface Configuration (Wireless)
Command Usage
The available channel settings are limited by local regulations, which
determine the number of channels that are available.
7-71
7
Command Line Interface
Example
MRW55#(if-wireless a)#channel 36
MRW55#(if-wireless a)#
turbo
This command sets the wireless bridge to an enhanced mode (not regulated in IEEE
802.11a) that provides a higher data rate of up to 108 Mbps.
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless - 802.11a)
Command Usage
• The normal 802.11a wireless operation mode provides connections up to
54 Mbps. Turbo Mode is an enhanced mode (not regulated in IEEE
802.11a) that provides a higher data rate of up to 108 Mbps. Enabling Turbo
Mode allows the wireless bridge to provide connections up to 108 Mbps.
• In normal mode, the wireless bridge provides a channel bandwidth of 20
MHz, and supports the maximum number of channels permitted by local
regulations (e.g., 11 channels for the United States). In Turbo Mode, the
channel bandwidth is increased to 40 MHz to support the increased data
rate. However, this reduces the number of channels supported (e.g., 5
channels for the United States).
Example
MRW55#(if-wireless a)#turbo
MRW55#(if-wireless a)#
beacon-interval
This command configures the rate at which beacon signals are transmitted from the
wireless bridge.
Syntax
beacon-interval <interval>
interval - The rate for transmitting beacon signals.
(Range: 20-1000 milliseconds)
Default Setting
100
Command Mode
Interface Configuration (Wireless)
7-72
7
Wireless Interface Commands
Command Usage
The beacon signals allow remote bridges to maintain contact with the local
wireless bridge. They may also carry power-management information.
Example
MRW55#(if-wireless a)#beacon-interval 150
MRW55#(if-wireless a)#
dtim-period
This command configures the rate at which remote bridges in sleep mode must
wake up to receive broadcast/multicast transmissions.
Syntax
dtim-period <interval>
interval - Interval between the beacon frames that transmit broadcast or
multicast traffic. (Range: 1-255 beacon frames)
Default Setting
2
Command Mode
Interface Configuration (Wireless)
Command Usage
• The Delivery Traffic Indication Map (DTIM) packet interval value indicates
how often the MAC layer forwards broadcast/multicast traffic. This
parameter is necessary to wake up remote bridges that are using Power
Save mode.
• The DTIM is the interval between two synchronous frames with broadcast/
multicast information. The default value of 2 indicates that the wireless
bridge will save all broadcast/multicast frames for the Basic Service Set
(BSS) and forward them after every second beacon.
• Using smaller DTIM intervals delivers broadcast/multicast frames in a more
timely manner, causing remote bridges in Power Save mode to wake up
more often and drain power faster. Using higher DTIM values reduces the
power used by remote bridges in Power Save mode, but delays the
transmission of broadcast/multicast frames.
Example
MRW55#(if-wireless a)#dtim-period 100
MRW55#(if-wireless a)#
7-73
7
Command Line Interface
fragmentation-length
This command configures the minimum packet size that can be fragmented when
passing through the wireless bridge.
Syntax
fragmentation-length <length>
length - Minimum packet size for which fragmentation is allowed.
(Range: 256-2346 bytes)
Default Setting
2346
Command Mode
Interface Configuration (Wireless)
Command Usage
• If the packet size is smaller than the preset Fragment size, the packet will
not be segmented.
• Fragmentation of the PDUs (Package Data Unit) can increase the reliability
of transmissions because it increases the probability of a successful
transmission due to smaller frame size. If there is significant interference
present, or collisions due to high network utilization, try setting the fragment
size to send smaller fragments. This will speed up the retransmission of
smaller frames. However, it is more efficient to set the fragment size larger
if very little or no interference is present because it requires overhead to
send multiple frames.
Example
MRW55#(if-wireless a)#fragmentation-length 512
MRW55#(if-wireless a)#
rts-threshold
This command sets the packet size threshold at which a Request to Send (RTS)
signal must be sent to the receiving remote bridge prior to the sending bridge
starting communications.
Syntax
rts-threshold <threshold>
threshold - Threshold packet size for which to send an RTS.
(Range: 0-2347 bytes)
Default Setting
2347
Command Mode
Interface Configuration (Wireless)
7-74
Wireless Interface Commands
7
Command Usage
• If the threshold is set to 0, the wireless bridge always sends RTS signals. If
set to 2347, the wireless bridge never sends RTS signals. If set to any other
value, and the packet size equals or exceeds the RTS threshold, the RTS/
CTS (Request to Send / Clear to Send) mechanism will be enabled.
• The wireless bridge sends RTS frames to a receiving remote bridge to
negotiate the sending of a data frame. After receiving an RTS frame, the
remote bridge sends a CTS frame to notify the local bridge that it can start
sending data.
• Wireless bridges contending for the wireless medium may not be aware of
each other. The RTS/CTS mechanism can solve this “Hidden Node”
problem.
Example
MRW55#(if-wireless a)#rts-threshold 256
MRW55#(if-wireless a)#
transmit-power
This command adjusts the power of the radio signals transmitted from the wireless
bridge.
Syntax
transmit-power <signal-strength>
signal-strength - Signal strength transmitted from the wireless bridge.
(Options: full, half, quarter, eighth, min)
Default Setting
full
Command Mode
Interface Configuration (Wireless)
Command Usage
• The “min” keyword indicates minimum power.
• The longer the transmission distance, the higher the transmission power
required. Power selection is not just a trade off between coverage area and
maximum data rates. You also have to ensure that high strength signals do
not interfere with the operation of other radio devices in your area.
Example
MRW55#(if-wireless a)#transmit-power half
MRW55#(if-wireless a)#
7-75
7
Command Line Interface
max-association
This command configures the maximum number of clients that can be associated
with the access point at the same time.
Syntax
max-association <count>
count - Maximum number of associated stations. (Range: 0-64)
Default Setting
64
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless g)#max-association 32
AP(if-wireless g)#
authentication
This command defines the 802.11 authentication type allowed by the access point.
Syntax
authentication <open | shared>
• open - Accepts the client without verifying its identity using a shared key.
• shared - Authentication is based on a shared key that has been distributed
to all stations.
Default Setting
open
Command Mode
Interface Configuration (Wireless)
Command Usage
• Shared key authentication can only be used when WEP is enabled with the
encryption command, and at least one static WEP key has been defined
with the key command.
• When using WPA or 802.1x for authentication and dynamic keying, the
access point must be set to open.
Example
AP(if-wireless g)#authentication shared
AP(if-wireless g)#
Related Commands
encryption (7-77)
key (7-78)
7-76
Wireless Interface Commands
7
encryption
This command defines whether WEP or AES encryption is used to provide privacy
for wireless communications. Use the no form to disable encryption.
Syntax
encryption {wep <key-length> | wdsaes <alphanumeric | hex>}
no encryption
• wep - The keyword that enables WEP encryption.
- key-length - Size of encryption key. (Options: 64, 128, or 152 bits)
• wdsaes - The keyword that enables 128-bit AES encryption.
- alphanumeric - Specifies an encryption key entered as an alphanumeric
string.
- hex - Specifies an encryption key entered as hexadecimal digits.
Default Setting
disabled
Command Mode
Interface Configuration (Wireless)
Command Usage
• Wired Equivalent Privacy (WEP) and Advanced Encryption Standard (AES)
are implemented in this device to prevent unauthorized access to your
network. For more secure data transmissions, enable WEP or AES
encryption with this command, and set at least one key with the key
command.
• AES has been designated by the National Institute of Standards and
Technology as the successor to the Data Encryption Standard (DES)
encryption algorithm, and will be used by the U.S. government for
encrypting all sensitive, nonclassified information. Because of its strength,
and resistance to attack, AES is also being incorporated as part of the
802.11 standard.
• The WEP settings must be the same on all bridges in your wireless network.
• The WEP encryption length specified in the encryption command and the
key command must match.
• The AES keys must match for each wireless bridge link pair.
• The AES key type value entered using the key command must be the same
as the type specified in the encryption command.
• Note that encryption protects data transmitted between wireless nodes, but
does not protect any transmissions over your wired network or over the
Internet.
7-77
7
Command Line Interface
Example
MRW55#(if-wireless a)#encryption wep 128
MRW55#(if-wireless a)#
Related Commands
key (7-78)
key
This command sets the keys used for WEP and AES encryption. Use the no form to
delete a configured key.
Syntax
key {wep <index size type wep-value> | wdsaes <port-id aes-value>}
no key {wep <index> | wdsaes}
• wep - The keyword that specifies a WEP encryption key.
- index - Key index. (Range: 1-4)
- size - Key size. (Options: 64, 128, or 152 bits)
- type - Input format. (Options: ASCII, HEX)
- wep-value - The WEP key string. For ASCII input, use 5/13/16
alphanumeric characters for 64/128/152 bit keys. For HEX input, use 10/
26/32 hexadecimal digits for 64/128/152 bit keys.
• wdsaes - The keyword that specifies an AES encryption key
- port-id - The ID for the wireless port on the bridge. For Slave units, the ID
is 1. For Master units, the ID can be from 1 to 16.
- aes-value - The AES key string. For alphanumeric input, use 8 to 31
characters. For hexadecimal input, use exactly 32 digits.
Default Setting
None
Command Mode
Interface Configuration (Wireless)
Command Usage
• To enable WEP encryption, use the encryption command to specify the
key type and length, and use the key command to configure at least one
key.
• To enable AES encryption, use the encryption command to specify the key
type, and use the key command to configure a key for each wireless port.
• If WEP is enabled, all units in the wireless bridge network must be
configured with the same keys.
• The WEP key length specified in the encryption command and the key
command must match.
• The WEP key index, length and type configured on the local wireless bridge
must match those configured on other wireless bridges.
7-78
Wireless Interface Commands
7
• If AES is enabled, each wireless bridge link in the network must be
configured to use the same AES key
• The AES key type value entered using the key command must be the same
as the type specified in the encryption command.
Example
MRW55#(if-wireless a)#key wep 1 64 ascii 12345
MRW55#(if-wireless a)#key wep 2 64 ascii abcde
MRW55#(if-wireless a)#
Related Commands
encryption (7-77)
transmit-key
This command sets the index of the WEP key to be used for encrypting data frames
broadcast or multicast from the wireless bridge.
Syntax
transmit-key <index>
index - Key index. (Range: 1-4)
Default Setting
1
Command Mode
Interface Configuration (Wireless)
Command Usage
• If you use WEP key encryption, the wireless bridge uses the transmit key to
encrypt multicast and broadcast data signals that it sends to other nodes.
Other keys can be used for decryption of data from other nodes.
Example
MRW55#(if-wireless a)#transmit-key 2
MRW55#(if-wireless a)#
7-79
7
Command Line Interface
multicast-cipher
This command defines the cipher algorithm used for broadcasting and multicasting
when using Wi-Fi Protected Access (WPA) security.
Syntax
multicast-cipher <AES | TKIP | WEP>
• AES - Advanced Encryption Standard
• TKIP - Temporal Key Integrity Protocol
• WEP - Wired Equivalent Privacy
Default Setting
WEP
Command Mode
Interface Configuration (Wireless)
Command Usage
• WPA enables the access point to support different unicast encryption keys
for each client. However, the global encryption key for multicast and
broadcast traffic must be the same for all clients. This command sets the
encryption type that is supported by all clients.
• If any clients supported by the access point are not WPA enabled, the
multicast-cipher algorithm must be set to WEP.
• WEP is the first generation security protocol used to encrypt data crossing
the wireless medium using a fairly short key. Communicating devices must
use the same WEP key to encrypt and decrypt radio signals. WEP has
many security flaws, and is not recommended for transmitting highly
sensitive data.
• TKIP provides data encryption enhancements including per-packet key
hashing (i.e., changing the encryption key on each packet), a message
integrity check, an extended initialization vector with sequencing rules, and
a re-keying mechanism.
• TKIP defends against attacks on WEP in which the unencrypted
initialization vector in encrypted packets is used to calculate the WEP key.
TKIP changes the encryption key on each packet, and rotates not just the
unicast keys, but the broadcast keys as well. TKIP is a replacement for
WEP that removes the predictability that intruders relied on to determine the
WEP key.
• AES has been designated by the National Institute of Standards and
Technology as the successor to the Data Encryption Standard (DES)
encryption algorithm, and will be used by the U.S. government for
encrypting all sensitive, nonclassified information. Because of its strength,
and resistance to attack, AES is also being incorporated as part of the
802.11 standard.
7-80
Wireless Interface Commands
7
Example
AP(if-wireless g)#multicast-cipher TKIP
AP(if-wireless g)#
wpa-clients
This command defines whether Wi-Fi Protected Access (WPA) is required or
optionally supported for client stations.
Syntax
wpa-clients <required | supported>
• required - Supports only clients using WPA.
• supported - Support clients with or without WPA.
Default Setting
Supported
Command Mode
Interface Configuration (Wireless)
Command Usage
Wi-Fi Protected Access (WPA) provides improved data encryption, which was
weak in WEP, and user authentication, which was largely missing in WEP.
WPA uses the following security mechanisms.
Enhanced Data Encryption through TKIP
WPA uses Temporal Key Integrity Protocol (TKIP). TKIP provides data
encryption enhancements including per-packet key hashing (i.e., changing the
encryption key on each packet), a message integrity check, an extended
initialization vector with sequencing rules, and a re-keying mechanism.
Enterprise-level User Authentication via 802.1x and EAP
To strengthen user authentication, WPA uses 802.1x and the Extensible
Authentication Protocol (EAP). Used together, these protocols provide strong
user authentication via a central RADIUS authentication server that
authenticates each user on the network before they join it. WPA also employs
“mutual authentication” to prevent a wireless client from accidentally joining a
rogue network.
Example
AP(if-wireless g)#wpa-client required
AP(if-wireless g)#
Related Commands
wpa-mode (7-82)
7-81
7
Command Line Interface
wpa-mode
This command specifies whether Wi-Fi Protected Access (WPA) is to use 802.1x
dynamic keys or a pre-shared key.
Syntax
wpa-mode <dynamic | pre-shared-key>
• dynamic - WPA with 802.1x dynamic keys.
• pre-shared-key - WPA with a pre-shared key.
Default Setting
dynamic
Command Mode
Interface Configuration (Wireless)
Command Usage
• When the WPA mode is set to “dynamic,” clients are authenticated using
802.1x via a RADIUS server. Each client has to be WPA-enabled or support
802.1x client software. A RADIUS server must also be configured and be
available in the wired network.
• In the dynamic mode, keys are generated for each wireless client
associating with the access point. These keys are regenerated periodically,
and also each time the wireless client is re-authenticated.
• When the WPA mode is set to “pre-shared-key,” the key must first be
generated and distributed to all wireless clients before they can successfully
associate with the access point.
Example
AP(if-wireless g)#wpa-mode pre-shared-key
AP(if-wireless g)#
Related Commands
wpa-clients (7-81)
wpa-preshared-key (7-82)
wpa-preshared-key
This command defines a Wi-Fi Protected Access (WPA) preshared-key.
Syntax
wpa-preshared-key <type> <value>
• type - Input format. (Options: ASCII, HEX)
• value - The key string. For ASCII input, use 5/13 alphanumeric characters
for 64/128 bit strings. For HEX input, use 10/26 hexadecimal digits for 64/
128 bit strings.
7-82
Wireless Interface Commands
7
Command Mode
Interface Configuration (Wireless)
Command Usage
• To support Wi-Fi Protected Access (WPA) for client authentication, use the
wpa-clients command to specify the authentication type, use the
wpa-mode command to specify pre-shared-key mode, and use this
command to configure one static key.
• If WPA is used with pre-shared-key mode, all wireless clients must be
configured with the same pre-shared key to communicate with the access
point.
Example
AP(if-wireless g)#wpa-preshared-key ASCII agoodsecret
AP(if-wireless g)#
Related Commands
wpa-clients (7-81)
wpa-mode (7-82)
wpa-psk-type
This command defines the Wi-Fi Protected Access (WPA) preshared-key type.
Syntax
wpa-psk-type <type>
type - Input format. (Options: Alphanumeric, HEX)
Default Setting
HEX
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless a)#wpa-preshared-key ASCII agoodsecret
AP(if-wireless a)#
Related Commands
wpa-preshared-key (7-82)
7-83
7
Command Line Interface
shutdown
This command disables the wireless interface. Use the no form to restart the
interface.
Syntax
shutdown
no shutdown
Default Setting
Interface enabled
Command Mode
Interface Configuration (Wireless)
Example
MRW55#(if-wireless a)#shutdown
MRW55#(if-wireless a)#
show interface wireless
This command displays the status for the wireless interface.
Syntax
show interface wireless <a | g>
• a - 802.11a radio interface.
• g - 802.11g radio interface
Command Mode
Exec
7-84
Wireless Interface Commands
7
Example
MRW55##show interface wireless a
Wireless Interface Information
=========================================================
----------------Identification----------------------------Description
: Enterprise 802.11a Access Point
Service Type
: WDS Bridge
SSID
: MRW55 Wireless Outdoor Bridge/AP
Turbo Mode
: OFF
Channel
: 36
Status
: Enable
----------------802.11 Parameters-------------------------Transmit Power
: FULL (15 dBm)
Max Station Data Rate
: 54Mbps
Fragmentation Threshold
: 2346 bytes
RTS Threshold
: 2347 bytes
Beacon Interval
: 100 TUs
DTIM Interval
: 2 beacons
Maximum Association
: 64 stations
----------------Security----------------------------------Encryption
: 128-BIT AES ENCRYPTION
AES Key type
: Alphanumeric
=========================================================
MRW55##
show station
This command shows the wireless clients associated with the access point.
Command Mode
Exec
Example
MRW55##show station
Station Table Information
===========================================================
802.11a Channel : 56
No 802.11a Channel Stations.
802.11g Channel : 11
802.11g Channel Station Table
Station Address
: 00-04-E2-41-C2-9D VLAN ID: 0
Authenticated Associated
Forwarding
KeyType
TRUE
TRUE
TRUE
NONE
Counters:pkts
Tx
/
Rx
bytes
Tx
/
Rx
4/
0
1440/
0
Time:Associated LastAssoc
LastDisAssoc LastAuth
143854
0
0
0
===========================================================
MRW55##
7-85
7
Command Line Interface
IAPP Commands
The command described in this section enables the protocol signaling required to
ensure the successful handover of wireless clients roaming between different
802.11f-compliant access points. In other words, the 802.11f protocol can ensure
successful roaming between access points in a multi-vendor environment.
iapp
This command enables the protocol signaling required to hand over wireless clients
roaming between different 802.11f-compliant access points. Use the no form to
disable 802.11f signaling.
Syntax
iapp
no iapp
Default
Enabled
Command Mode
Global Configuration
Command Usage
The current 802.11 standard does not specify the signaling required between
access points in order to support clients roaming from one access point to
another. In particular, this can create a problem for clients roaming between
access points from different vendors. This command is used to enable or
disable 802.11f handover signaling between different access points, especially
in a multi-vendor environment.
Example
AP(config)#iapp
AP(config)#
VLAN Commands
The wireless bridge can enable the support of VLAN-tagged traffic passing between
the wireless interface and the wired network.
When VLAN support is enabled, the wireless bridge tags traffic passing to the wired
network with the assigned native VLAN ID (a number between 1 and 64). Traffic
received from the wired network must also be tagged with the same VLAN ID.
Received traffic that has an unknown VLAN ID or no VLAN tag is dropped.
When VLAN support is disabled, the wireless bridge does not tag traffic passing to
the wired network and ignores the VLAN tags on any received frames.
7-86
7
VLAN Commands
Note: Before enabling VLANs on the wireless bridge, you must configure the connected
LAN switch port to accept tagged VLAN packets with the wireless bridge’s native
VLAN ID. Otherwise, connectivity to the wireless bridge will be lost when you
enable the VLAN feature.
The VLAN commands supported by the wireless bridge are listed below.
Command
Function
Mode
Page
vlan
Enables a single VLAN for all traffic
GC
7-87
native-vlanid
Configures the native VLAN for the access point
GC
7-87
vlan
This command enables VLANs for all traffic. Use the no form to disable VLANs.
Syntax
vlan enable
no vlan
Default
Disabled
Command Mode
Global Configuration
Command Description
• Changing the VLAN status of the wireless bridge forces a system reboot.
• When VLANs are enabled, the wireless bridge tags frames received from
wireless interface with the configured native VLAN ID.
• Traffic entering the Ethernet port must be tagged with a VLAN ID that
matches the wireless bridge’s native VLAN ID.
Example
MRW55#(config)#vlan enable
Reboot system now? <y/n>: y
Related Commands
native-vlanid (7-87)
native-vlanid
This command configures the native VLAN ID for the wireless bridge.
Syntax
native-vlanid <vlan-id>
vlan-id - Native VLAN ID. (Range: 1-64)
Default Setting
1
7-87
7
Command Line Interface
Command Mode
Global Configuration
Command Usage
When VLANs are enabled, the wireless bridge tags traffic passing to the wired
network with the configured native VLAN ID (a number between 1 and 64).
Example
MRW55#(config)#native-vlanid 3
MRW55#(config)#
Related Commands
vlan (7-87)
7-88
Appendix A: Troubleshooting
Check the following items before you contact local Technical Support.
1.
If wireless bridge units do not associate with each other, check the following:
• Check the power injector LED for each bridge unit to be sure that power is
being supplied
• Be sure that antennas in the link are properly aligned.
• Be sure that channel settings match on all bridges
• If encryption is enabled, ensure that all bridge links are configured with the
same encryption keys.
2.
If you experience poor performance (high packet loss rate) over the wireless
bridge link:
• Check that the range of the link is within the limits for the antennas used.
• Be sure that antennas in the link are properly aligned.
• Check that there is an unobstructed radio line-of-sight between the antennas.
• Be sure there is no interference from other radio sources. Try setting the
bridge link to another radio channel.
• Be sure there is no other radio transmitter too close to either antenna. If
necessary, move the antennas to another location.
3.
If the wireless bridge cannot be configured using Telnet, a web browser, or
SNMP software:
• Be sure to have configured the wireless bridge with a valid IP address, subnet
mask and default gateway.
• Check that you have a valid network connection to the wireless bridge and
that the Ethernet port or the wireless interface has not been disabled.
• If you are connecting to the wireless bridge through the wired Ethernet
interface, check the network cabling between the management station and the
wireless bridge.
• If you cannot connect using Telnet, you may have exceeded the maximum
number of concurrent Telnet sessions permitted (i.e, four sessions). Try
connecting again at a later time.
4.
If all other recovery measures fail, and the wireless bridge is still not functioning
properly, take any of these steps:
• Reset the wireless bridge’s hardware using the CLI, web interface, or through
a power reset.
• Reset the wireless bridge to its default configuration.
A-1
A
5.
Troubleshooting
If you forgot or lost the password:
• Contact Technical Support.
A-2
Appendix B: Specifications
General Specifications
Maximum Channels (Outdoor)
802.11a:
US & Canada: 9 (normal mode), 3 (turbo mode)
Japan: 4 (normal mode), 1 (turbo mode)
ETSI: 11 channels (normal mode), 4 (turbo mode)
Taiwan: 4 (normal mode), 1 (turbo mode)
802.11g:
FCC/IC: 1-11
ETSI: 1-13
France: 1-7
MKK: 1-14
Taiwan: 1-11
Data Rates
802.11a:
Normal Mode: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel
Turbo Mode: 12, 18, 24, 36, 48, 72, 96, 108 Mbps per channel
802.11g:
6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps per channel
802.11b:
1, 2, 5.5, 11 Mbps per channel
Maximum Clients
64 for the radio interface set to access point mode
Modulation Types
802.11a: BPSK, QPSK, 16-QAM, 64-QAM
802.11g: CCK, BPSK, QPSK, OFDM
802.11b: CCK, BPSK, QPSK
Network Configuration
Bridge Mode:
Point-to-point and point-to-multipoint
Access Point Mode:
Infrastructure
B-1
B
Specifications
Operating Frequency
802.11a:
5.15 ~ 5.25 GHz (lower band) US/Canada
5.25 ~ 5.35 GHz (middle band) US/Canada
5.725 ~ 5.825 GHz (upper band) US/Canada
5.25 ~ 5.35 GHz (middle band) Taiwan
5.725 ~ 5.825 GHz (high band) Taiwan
802.11b/g:
2.4 ~ 2.4835 GHz (US, Canada, ETSI)
2.4 ~ 2.497 GHz (Japan)
2.400 ~ 2.4835 GHz (Taiwan)
Power Injector
Input: 100-240 VAC, 47-63 Hz, 1.5 A
Output: 48 VDC, 1.2 A
Bridge Power (DC)
Input voltage: 48 volts, 1.2 A, 30 watts maximum
Physical Size
19.8 x 19.8 x 6.33 cm (7.8 x 7.8 x 2.49 in)
Weight
4.8 kg (10.58 lbs)
Network Management
Web-browser, Telnet, SNMP
Temperature
Operating: -33 to 55 °C (-27.4 to 131 °F)
Storage: -40 to 80 °C (-40 to 176 °F)
Humidity
5% to 95% (non-condensing)
EMC Compliance (Class B)
FCC Class B (US)
RTTED 1999/5/EC
DGT (Taiwan)
B-2
Antenna Specifications
B
Radio Signal Certification
FCC Part 15 15.407(b) (5 GHz)
FCC Part 15.247 (2.4 GHz)
EN 300.328, EN 302.893
EN 300 826, EN 301.489-1, EN 301.489-17
ETSI 300.328; ETS 300 826 (802.11b)
Safety
CSA/NTRL (CSA 22.2 No. 950 & UL 1950)
Standards
IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX,
IEEE 802.11a, b, g
Antenna Specifications
17 dBi Integrated Panel
Frequency Range
5.150 - 5.850 GHz
Gain
17 dBi
VSWR
1.8 : 1 max
Polarization
Linear, vertical/horizontal
HPBW
Horizontal: 20°
Vertical: 22°
Front-to-Back Ratio
>25 dB
Power Handling
10 W (cw)
Impedance
50 Ohms
Connector
SMA female
B-3
B
Specifications
17 dBi Integrated Panel Antenna Link Budget
(5.825 GHz, Cable Loss 1 dB, Fade Margin 5 dB)
Modulation/Rates
Transmit Power
(dBm)
Receive Sensitivity
(dBm)
Maximum Range (km)
with 17 dBi Panel*
BPSK (6 Mbps)
20
-91
28.000
BPSK (9 Mbps)
20
-90
28.000
QPSK (12 Mbps)
20
-89
28.000
Normal Mode
QPSK (18 Mbps)
20
-87
28.000
16 QAM (24 Mbps)
20
-84
28.000
16 QAM (36 Mbps)
20
-80
28.000
64 QAM (48 Mbps)
18
-75
4.100
64 QAM (54 Mbps)
16
-70
1.832
BPSK (12 Mbps)
20
-88
14.000
BPSK (18 Mbps)
20
-87
14.000
QPSK (24 Mbps)
20
-86
14.000
QPSK (36 Mbps)
20
-84
14.000
16 QAM (48 Mbps)
20
-81
14.000
16 QAM (72 Mbps)
20
-77
14.000
Turbo Mode
64 QAM (96 Mbps)
18
-72
3.655
64 QAM (108 Mbps)
16
-67
1.632
* The maximum range calculated with a 17 dBi panel antenna at the far end of the link.
The maximum transmit power (hence range) may be lowered by regulatory (FCC etc) EIRP (effective
isotropic radiated power) limits.
8 dBi Omnidirectional (2.4 GHz)
Model Number
R0205-135
Frequency Range
2.400 - 2.500 GHz
Gain
8 dBi
VSWR
2.0 : 1 max
Polarization
Linear, vertical
B-4
Antenna Specifications
B
HPBW
Horizontal: 360°
Vertical: 15°
Downtilt
0°
Power Handling
50 W (cw)
Impedance
50 Ohms
Connector
N type, male
Radome
Material: Fiber glass
Color: Gray-white
Environmental
Survival Wind Speed: 216 km/hr
Temperature: -40 °C to 80 °C
Humidity: 95% @ 25 °C
Mechanical
Dimensions: 46 x 1.9 cm (diameter) (18.11 x 0.75 in)
Weight: 200 g (0.44 lbs)
8 dBi Omnidirectional Antenna Link Budget
(2.483 GHz, Cable Loss 0 dB, Fade Margin 3 dB)
Modulation/Rates
Transmit Power
(dBm)
Receive Sensitivity
(dBm)
Maximum Range (km)
with 2 dBi NIC
BPSK (6 Mbps)
20
-91
7.641
BPSK (9 Mbps)
20
-90
6.810
QPSK (12 Mbps)
20
-89
6.070
QPSK (18 Mbps)
20
-87
4.821
16 QAM (24 Mbps)
20
-84
3.413
16 QAM (36 Mbps)
20
-80
2.154
64 QAM (48 Mbps)
18
-75
1.079
64 QAM (54 Mbps)
16
-70
0.541
* The maximum range calculated with a 2 dBi NIC antenna at the far end of the link.
The maximum transmit power (hence range) may be lowered by regulatory (FCC etc) EIRP (effective
isotropic radiated power) limits.
B-5
B
Specifications
8 dBi Omnidirectional (5 GHz)
Model Number
MTI 09038
Frequency range
5.725 - 5.875 GHz
Gain
8 dBi
VSWR
2.0 : 1 max
Polarization
Linear, vertical
HPBW
Horizontal: 360°
Vertical: 12°
Downtilt
0°
Power Handling
5 W (cw)
Impedance
50 Ohms
Connector
N type, female
Radome
Material: Fiber glass
Color: Gray-white
Environmental
Survival Wind Speed: 216 km/hr
Temperature: -40 °C to 80 °C
Humidity: 95% @ 25 °C
Mechanical
Dimensions: 7 x 8 x 37.3 cm (2.76 x 3.15 x 14.69 in)
Weight: 245 g (0.54 lbs)
B-6
Antenna Specifications
B
8 dBi Omnidirectional Antenna Link Budget
(5.825 GHz, Cable Loss 0 dB, Fade Margin 3 dB)
Modulation/Rates
Transmit Power
(dBm)
Receive Sensitivity
(dBm)
Maximum Range (km)
with 2 dBi NIC
BPSK (6 Mbps)
20
-91
3.257
BPSK (9 Mbps)
20
-90
2.903
QPSK (12 Mbps)
20
-89
2.587
Normal Mode
QPSK (18 Mbps)
20
-87
2.055
16 QAM (24 Mbps)
20
-84
1.455
16 QAM (36 Mbps)
20
-80
0.918
64 QAM (48 Mbps)
18
-75
0.410
64 QAM (54 Mbps)
16
-70
0.183
BPSK (12 Mbps)
20
-88
2.306
BPSK (18 Mbps)
20
-87
2.055
QPSK (24 Mbps)
20
-86
1.832
QPSK (36 Mbps)
20
-84
1.455
16 QAM (48 Mbps)
20
-81
1.030
16 QAM (72 Mbps)
20
-77
0.650
Turbo Mode
64 QAM (96 Mbps)
18
-72
0.290
64 QAM (108 Mbps)
16
-67
0.130
* The maximum range calculated with a 2 dBi NIC antenna at the far end of the link.
The maximum transmit power (hence range) may be lowered by regulatory (FCC etc) EIRP (effective
isotropic radiated power) limits.
13.5 dBi 120-Degree Sector
Model Number
R0320-099
Frequency range
5.150 - 5.875 GHz
Gain
13.5 dBi
VSWR
2.0 : 1 max
Polarization
Linear, vertical
B-7
B
Specifications
HPBW
Horizontal: 120°
Vertical: 6°
Downtilt
0°
Power Handling
5 W (cw)
Impedance
50 Ohms
Connector
N type, female
Radome
Material: ABS
Color: Gray, white
Environmental
Survival Wind Speed: 216 km/hr
Temperature: -40 °C to 80 °C
Humidity: 95% @ 25 °C
Mechanical
Dimensions: 62 x 8.8 x 7 cm (24.4 x 3.46 x 2.76 in)
Weight: 590 g (1.3 lbs)
13.5 dBi 120-Degree Sector Antenna Link Budget
(5.825 GHz, Cable Loss 1 dB, Fade Margin 5 dB)
Modulation/Rates
Transmit Power
(dBm)
Receive Sensitivity
(dBm)
Maximum Range (km)
with 13.5 dBi Sector
BPSK (6 Mbps)
20
-91
14.549
BPSK (9 Mbps)
20
-90
12.967
QPSK (12 Mbps)
20
-89
11.557
QPSK (18 Mbps)
20
-87
9.180
16 QAM (24 Mbps)
20
-84
6.499
16 QAM (36 Mbps)
20
-80
4.100
64 QAM (48 Mbps)
18
-75
1.832
64 QAM (54 Mbps)
16
-70
0.818
BPSK (12 Mbps)
20
-88
12.967
BPSK (18 Mbps)
20
-87
11.557
Normal Mode
Turbo Mode
B-8
Antenna Specifications
B
13.5 dBi 120-Degree Sector Antenna Link Budget
(5.825 GHz, Cable Loss 1 dB, Fade Margin 5 dB)
Modulation/Rates
Transmit Power
(dBm)
Receive Sensitivity
(dBm)
Maximum Range (km)
with 13.5 dBi Sector
QPSK (24 Mbps)
20
-86
10.300
QPSK (36 Mbps)
20
-84
8.182
16 QAM (48 Mbps)
20
-81
5.792
16 QAM (72 Mbps)
20
-77
3.655
64 QAM (96 Mbps)
18
-72
1.632
64 QAM (108 Mbps)
16
-67
0.729
* The maximum range calculated with a 13.5 dBi sector antenna at the far end of the link.
The maximum transmit power (hence range) may be lowered by regulatory (FCC etc) EIRP (effective
isotropic radiated power) limits.
16.5 dBi 60-Degree Sector
Model Number
R0320-100
Frequency range
5.150 - 5.875 GHz
Gain
16.5 dBi
VSWR
2.0 : 1 max
Polarization
Linear, vertical
HPBW
Horizontal: 60°
Vertical: 6°
Downtilt
0°
Power Handling
5 W (cw)
Impedance
50 Ohms
Connector
N type, female
B-9
B
Specifications
Radome
Material: ABS
Color: Gray, white
Environmental
Survival Wind Speed: 216 km/hr
Temperature: -40 °C to 80 °C
Humidity: 95% @ 25 °C
Mechanical
Dimensions: 62 x 8.8 x 7 cm (24.41 x 3.46 x 2.76 in)
Weight: 565 g (1.25 lbs)
16.5 dBi 60-Degree Sector Antenna Link Budget
(5.825 GHz, Cable Loss 1 dB, Fade Margin 5 dB)
Modulation/Rates
Transmit Power
(dBm)
Receive Sensitivity
(dBm)
Maximum Range (km)
with 16.5 dBi Sector
BPSK (6 Mbps)
20
-91
28.000
BPSK (9 Mbps)
20
-90
25.000
QPSK (12 Mbps)
20
-89
23.059
Normal Mode
QPSK (18 Mbps)
20
-87
18.316
16 QAM (24 Mbps)
20
-84
12.967
16 QAM (36 Mbps)
20
-80
8.182
64 QAM (48 Mbps)
18
-75
3.655
64 QAM (54 Mbps)
16
-70
1.632
BPSK (12 Mbps)
20
-88
14.000
BPSK (18 Mbps)
20
-87
14.000
QPSK (24 Mbps)
20
-86
14.000
QPSK (36 Mbps)
20
-84
14.000
16 QAM (48 Mbps)
20
-81
11.557
16 QAM (72 Mbps)
20
-77
7.292
Turbo Mode
64 QAM (96 Mbps)
18
-72
3.257
64 QAM (108 Mbps)
16
-67
1.455
* The maximum range calculated with a 16.5 dBi sector antenna at the far end of the link.
The maximum transmit power (hence range) may be lowered by regulatory (FCC etc) EIRP (effective
isotropic radiated power) limits.
B-10
Antenna Specifications
B
23 dBi High-Gain Panel
Model Number
MTI 09009
Frequency range
5.725 - 5.875 GHz
Gain
23 dBi
VSWR
1.5 : 1 max
Polarization
Linear, vertical/horizontal
HPBW
Horizontal: 9°
Vertical: 9°
Front-to-Back Ratio
40 dB
Cross Polarization
25 dB
Power Handling
20 W (cw)
Impedance
50 Ohms
Connector
N type, female
Radome
Material: ABS, UV resistant
Color: White
Environmental
Survival Wind Speed: 216 km/hr
Temperature: -40 °C to 80 °C
Humidity: 95% @ 25 °C
Mechanical
Dimensions: 36 x 36 x 1.6 cm (14.17 x 14.17 x 0.63 in)
Weight: 1600 g (3.53 lbs)
B-11
B
Specifications
23 dBi Panel Antenna Link Budget
(5.825 GHz, Cable Loss 1 dB, Fade Margin 5 dB)
Modulation/Rates
Transmit Power
(dBm)
Receive Sensitivity
(dBm)
Maximum Range (km)
with 23 dBi Panel
BPSK (6 Mbps)
20
-91
28.000
BPSK (9 Mbps)
20
-90
28.000
QPSK (12 Mbps)
20
-89
28.000
Normal Mode
QPSK (18 Mbps)
20
-87
28.000
16 QAM (24 Mbps)
20
-84
28.000
16 QAM (36 Mbps)
20
-80
28.000
64 QAM (48 Mbps)
18
-75
16.324
64 QAM (54 Mbps)
16
-70
7.292
BPSK (12 Mbps)
20
-88
14.000
BPSK (18 Mbps)
20
-87
14.000
QPSK (24 Mbps)
20
-86
14.000
QPSK (36 Mbps)
20
-84
14.000
16 QAM (48 Mbps)
20
-81
14.000
16 QAM (72 Mbps)
20
-77
14.000
64 QAM (96 Mbps)
18
-72
14.000
64 QAM (108 Mbps)
16
-67
6.499
Turbo Mode
* The maximum range calculated with a 23 dBi panel antenna at the far end of the link.
The maximum transmit power (hence range) may be lowered by regulatory (FCC etc) EIRP (effective
isotropic radiated power) limits.
B-12
Appendix C: Cables and Pinouts
Twisted-Pair Cable Assignments
For 10/100BASE-TX connections, a twisted-pair cable must have two pairs of wires.
Each wire pair is identified by two different colors. For example, one wire might be
green and the other, green with white stripes. Also, an RJ-45 connector must be
attached to both ends of the cable.
Caution: Each wire pair must be attached to the RJ-45 connectors in a specific
orientation.
Caution: DO NOT plug a phone jack connector into a power injector RJ-45 port. Use
only twisted-pair cables with RJ-45 connectors that conform with FCC
standards.
The following figure illustrates how the pins on the RJ-45 connector are numbered.
Be sure to hold the connectors in the same orientation when attaching the wires to
the pins.
8
1
8
1
C-1
C
Cables and Pinouts
10/100BASE-TX Pin Assignments
Use unshielded twisted-pair (UTP) or shielded twisted-pair (STP) cable for RJ-45
connections: 100-ohm Category 3 or better cable for 10 Mbps connections, or
100-ohm Category 5 or better cable for 100 Mbps connections. Also be sure that the
length of any twisted-pair connection does not exceed 100 meters (328 feet).
The RJ-45 Input port on the power injector is wired with MDI pinouts. This means
that you must use crossover cables for connections to PCs or servers, and
straight-through cable for connections to switches or hubs. However, when
connecting to devices that support automatic MDI/MDI-X pinout configuration, you
can use either straight-through or crossover cable.
10/100BASE-TX MDI and MDI-X Port Pinouts
Pin
MDI-X Signal Name
MDI Signal Name
1
Receive Data plus (RD+)
Transmit Data plus (TD+)
2
Receive Data minus (RD-)
Transmit Data minus (TD-)
3
Transmit Data plus (TD+)
Receive Data plus (RD+)
6
Transmit Data minus (TD-)
Receive Data minus (RD-)
4,5,7,8
Not used
Not used
Note: The “+” and “-” signs represent the polarity of the wires that make up each wire pair.
Straight-Through Wiring
Because the 10/100 Mbps Input port on the power injector uses an MDI pin
configuration, you must use “straight-through” cable for network connections to hubs
or switches that only have MDI-X ports. However, if the device to which you are
connecting supports automatic MDI/MDI-X operation, you can use either
“straight-through” or “crossover” cable.
EIA/TIA 568B RJ-45 Wiring Standard
10/100BASE-TX Straight-through Cable
White/Orange Stripe
Orange
End A
1
2
3
4
5
6
7
8
White/Green Stripe
Blue
White/Blue Stripe
Green
White/Brown Stripe
Brown
C-2
1
2
3
4
5
6
7
8
End B
8-Pin DIN Connector Pinout
C
Crossover Wiring
Because the 10/100 Mbps port on the power injector uses an MDI pin configuration,
you must use “crossover” cable for network connections to PCs, servers or other
end nodes that only have MDI ports. However, if the device to which you are
connecting supports automatic MDI/MDI-X operation, you can use either
“straight-through” or “crossover” cable.
EIA/TIA 568B RJ-45 Wiring Standard
10/100BASE-TX Crossover Cable
White/Orange Stripe
Orange
End A
White/Green Stripe
1
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
Blue
White/Blue Stripe
Green
White/Brown Stripe
End B
Brown
8-Pin DIN Connector Pinout
The Ethernet cable from the power injector connects to an 8-pin DIN connector on
the wireless bridge. This connector is described in the following figure and table.
2
1
3
7
4
8
5
6
8-Pin DIN Ethernet Port Pinout
Pin
Signal Name
1
Transmit Data plus (TD+)
2
Transmit Data minus (TD-)
3
Receive Data plus (RD+)
4
+48 VDC power
5
+48 VDC power
6
Receive Data minus (RD-)
7
Return power
8
Return power
Note: The “+” and “-” signs represent the polarity of the
wires that make up each wire pair.
C-3
C
Cables and Pinouts
8-Pin DIN to RJ-45 Cable Wiring
To construct an extended Ethernet cable to connect from the power injector’s RJ-45
Output port to the wireless bridge’s 8-pin DIN connector, follow the wiring diagram
below. Use Category 5 or better UTP or STP cable, maximum length 100 m (328 ft),
and be sure to connect all four wire pairs.
Note: To construct a reliable Ethernet cable, always use the proper tools or ask a
professional cable supplier to construct the cable.
White/Orange Stripe
Orange
8-Pin DIN
Female
1
7
2
3
8
4
6
5
8-Pin DIN Female
Front View
C-4
1
2
3
4
5
6
7
8
White/Green Stripe
Blue
White/Blue Stripe
Green
White/Brown Stripe
Brown
1
2
3
4
5
6
7
8
RJ-45
Appendix D: Customer Support
Contact Information
If you have any questions, please do not hesitate to contact us at:
Americas Support
MRV (East Coast USA)
295 Foster Street
Littleton, MA 01460-2016
Tech Support: (800) 338-5316
Tech Support: (978) 952-4700
E-mail:
[email protected]
Fax: (978) 952-4880
URL: http:www.fiberdriver.com
MRV (West Coast USA)
20415 Nordhoff St.
Chatsworth, CA 91311
Tel. (800) 338-5316
Tel. (818) 773-0900
International Support
Europe – Asia – Africa
Industrial Zone P.O Box 614
Yokneam, 20682
Israel
Tel: 972-4-993-6200
Fax: 972-4-989-2743
Email:
[email protected]
International Support:
[email protected]
International Field Offices
UK
Tel: 011-44-20-8564-0562
South Africa
Tel: 011-27-11-664-6963
Israel
Tel: 972-4-9936221
Australia & New Zealand
Email: [email protected]
Asia (excluding China)
Email: [email protected]
Benelux
Hof van den Houte 77
4873 AZ Etten Leur
The Netherlands
Tel: (31) 76-508-3525
Fax: (31) 76-508-3535
Email: [email protected]
China COFCO PLAZA,
Room B1020
Tower B,
8 Jianguomennei Ave.
Beijing 100005 China
Tel: (86) 10-652-77-539
Fax: (86) 10-652-69-921
Email: [email protected]
France
11 Avenue de l'Isle St. Martin
92737 Nanterre Cedex
France
Tel: (33) 01- 47 84 78 66
Fax: (33) 01 - 47 84 78 67
Email: [email protected]
Germany
Business Park Moerfelden
Waldeckerstrasse 13
64546 Moerfelden-Walldorf
Germany
Tel: (49) 6105/207-0
Fax: (49) 6105/207-100
Email: [email protected]
Italy
Via Carlo Borromeo, 8
20059 Vimercate (MI)
Italy
Tel: (39) 039-661-2908
Fax: (39) 039-661-2943
Email: [email protected]
Latin America
Av. Alicia Moreau de Just
1050 - P.2
Buenos Aires 1107,
Capital Federal
Argentina
Tel/Fax: (541) 14 345 6456
Email: [email protected]
Russia
Trubnaya str.,12
Moscow 103045
Russia
Tel: (007) 095-787-2783 Fax:
(007) 095-787-2759 Email:
[email protected]
Scandinavia
Email: [email protected]
UK
2 Manor Court, High Street
Harmondsworth,
Middlesex UB7 OAQ
United Kingdom
Tel: (44) 0208 - 564 0564
Fax: (44) 0208 - 564 0501
Email: [email protected]
D-1
D
D-2
Customer Support
Glossary
10BASE-T
IEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3 or better
UTP cable.
100BASE-TX
IEEE 802.3u specification for 100 Mbps Fast Ethernet over two pairs of Category 5
or better UTP cable.
Access Point
An internetworking device that seamlessly connects wired and wireless networks.
Access points attached to a wired network, support the creation of multiple radio
cells that enable roaming throughout a facility.
Advanced Encryption Standard (AES)
An encryption algorithm that implements symmetric key cryptography. AES provides
very strong encryption using a completely different ciphering algorithm to TKIP and
WEP.
Authentication
The process to verify the identity of a client requesting network access. IEEE 802.11
specifies two forms of authentication: open system and shared key.
Backbone
The core infrastructure of a network. The portion of the network that transports
information from one central location to another central location where it is unloaded
onto a local system.
Basic Service Set (BSS)
A set of 802.11-compliant stations and an access point that operate as a
fully-connected wireless network.
Beacon
A signal periodically transmitted from the access point that is used to identify the
service set, and to maintain contact with wireless clients.
CSMA/CA
Carrier Sense Multiple Access with Collision Avoidance.
Glossary-1
Glossary
dBm
The unit dBm refers to a precise measure of power based upon the decibel scale,
but referenced to the milliwatt: i.e. 1 dBm = .001 Watt. The dBm is often used to
describe absolute power level where the point of reference is 1 milliwatt.
Dynamic Host Configuration Protocol (DHCP)
Provides a framework for passing configuration information to hosts on a TCP/IP
network. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability
of automatic allocation of reusable network addresses and additional configuration
options.
Encryption
Data passing between the access point and clients can use encryption to protect
from interception and evesdropping.
Ethernet
A popular local area data communications network, which accepts transmission
from computers and terminals.
File Transfer Protocol (FTP)
A TCP/IP protocol used for file transfer.
Hypertext Transfer Protocol (HTTP)
HTTP is a standard used to transmit and receive all data over the World Wide Web.
IEEE 802.11a
A wireless standard that supports high-speed communications in the 5 GHz band
using Orthogonal Frequency Division Multiplexing (OFDM). The standard supports
data rates of 6, 12, 24, and 54 Mbps.
Local Area Network (LAN)
A group of interconnected computer and support devices.
MAC Address
The physical layer address used to uniquely identify network nodes.
Network Time Protocol (NTP)
NTP provides the mechanisms to synchronize time across the network. The time
servers operate in a hierarchical-master-slave configuration in order to synchronize
local clocks within the subnet and to national time standards via wire or radio.
Open System
A security option which broadcasts a beacon signal including the access point’s
configured SSID. Wireless clients can read the SSID from the beacon, and
Glossary-2
Glossary
automatically reset their SSID to allow immediate connection to the nearest access
point.
Orthogonal Frequency Division Multiplexing (ODFM)
OFDM/ allows multiple users to transmit in an allocated band by dividing the
bandwidth into many narrow bandwidth carriers.
RTS Threshold
Transmitters contending for the medium may not be aware of each other. RTS/CTS
mechanism can solve this “Hidden Node Problem.” If the packet size is smaller than
the preset RTS Threshold size, the RTS/CTS mechanism will NOT be enabled.
Service Set Identifier (SSID)
An identifier that is attached to packets sent over the wireless LAN and functions as
a password for joining a particular radio cell; i.e., Basic Service Set (BSS).
Session Key
Session keys are unique to each client, and are used to authenticate a client
connection, and correlate traffic passing between a specific client and the access
point.
Shared Key
A shared key can be used to authenticate each client attached to a wireless network.
Shared Key authentication must be used along with the 802.11 Wireless Equivalent
Privacy algorithm.
Simple Network Management Protocol (SNMP)
The application protocol in the Internet suite of protocols which offers network
management services.
Simple Network Time Protocol (SNTP)
SNTP allows a device to set its internal clock based on periodic updates from a
Network Time Protocol (NTP) server. Updates can be requested from a specific NTP
server, or can be received via broadcasts sent by NTP servers.
Trivial File Transfer Protocol (TFTP)
A TCP/IP protocol commonly used for software downloads.
Wired Equivalent Privacy (WEP)
WEP is based on the use of security keys and the popular RC4 encryption
algorithm. Wireless devices without a valid WEP key will be excluded from network
traffic.
Glossary-3
Glossary
Glossary-4
Index
CTS 6-44, 7-75
A
Advanced Encryption Standard See
AES
AES 6-60
configuring 6-50
AES, configuring 6-48, 7-77
authentication 6-11, 7-76
configuring 6-11, 7-76
MAC address 6-12, 7-39, 7-40
type 5-8, 6-53, 7-70
B
Basic Service Set See BSS
beacon
interval 6-43, 7-72
rate 6-43, 7-73
BOOTP 7-65, 7-66
BPDU 6-36
BSS 2-2
C
cable
assignments C-1
crossover C-3
straight-through C-2
channel 6-43, 7-71
channels, maximum B-1
Clear To Send See CTS
CLI 7-1
command modes 7-4
clients, maximum B-1
closed system 7-70
command line interface See CLI
community name, configuring 6-21,
7-24
community string 6-21, 7-24
configuration settings, saving or
restoring 6-25, 7-29
configuration, initial setup 5-1
country code
configuring 5-2, 7-11
crossover cable C-3
CSMA/CA 1-1
D
data rate, options B-1
default settings 1-6
device status, displaying 6-64, 7-15
DHCP 5-6, 6-5, 6-6, 7-65, 7-66
DNS 6-6, 7-64
Domain Name Server See DNS
downloading software 6-24, 7-29
DTIM 6-43, 7-73
Dynamic Host Configuration Protocol
See DHCP
E
EAP 6-59, 7-81
encryption 6-48, 6-53, 6-54, 6-59, 7-77
Ethernet
port 1-4
event logs 6-68, 7-19
Extensible Authentication Protocol See
EAP
F
factory defaults
restoring 6-25, 7-9
fast forwarding, STP 6-38
filter 6-18, 7-39
address 6-11, 7-39
between wireless clients 6-19, 7-53
local bridge 6-19, 7-53
local or remote 6-11, 7-41
management access 6-19, 7-54
protocol types 6-19, 7-54
VLANs 6-18, 7-86
firmware
displaying version 6-24, 7-15
upgrading 6-24, 6-25, 7-29
fragmentation 7-74
G
gateway address 5-2, 6-6, 7-1, 7-65
Index-1
Index
H
N
hardware version, displaying 7-15
network topologies
infrastructure 2-2
infrastructure for roaming 2-3
I
IAPP 7-86
IEEE 802.11a 1-1, 6-41, 7-69
configuring interface 6-42, 7-69
maximum data rate 6-43, 7-71
radio channel 6-43, 7-71
IEEE 802.11b 6-41
IEEE 802.11f 7-86
IEEE 802.11g 6-41
configuring interface 6-46
maximum data rate 6-47, 7-71
radio channel 6-46, 7-71
IEEE 802.1x 6-59, 7-35
configuring 6-11, 6-12, 7-35
initial setup 5-1
installation
hardware 4-1
IP address
BOOTP/DHCP 7-65, 7-66
configuring 5-2, 5-6, 6-5, 7-65, 7-66
L
log
messages 6-28, 6-68, 7-17
server 6-27, 7-17
login
web 5-3
logon authentication
RADIUS client 6-14, 7-31
M
MAC address, authentication 6-12,
7-39, 7-40
maximum data rate 6-43, 6-47, 7-71
802.11a interface 6-43, 7-71
802.11g interface 6-47, 7-71
MDI, RJ-45 pin configuration 1-4
multicast cipher 6-61, 7-80
O
OFDM 1-1
open system 5-8, 6-53, 7-70
operating frequency B-2
P
package checklist 1-2
password
configuring 6-23, 7-13
management 6-23, 7-13
PoE 4-5
specifications B-2
port priority
STA 7-50
Power over Ethernet See PoE
power supply, specifications B-2
PSK 6-60, 7-82
R
radio channel
802.11a interface 6-43, 7-71
802.11g interface 6-46, 7-71
configuring 5-5
RADIUS 6-7, 6-59, 7-31
RADIUS, logon authentication 6-14,
7-31
Remote Authentication Dial-in User
Service See RADIUS
Request to Send See RTS
reset 6-25, 7-9
reset button 1-4, 6-25
resetting the access point 6-25, 7-9
restarting the system 6-25, 7-9
RSSI BNC 1-5
RTS
threshold 6-44, 7-74
S
security, options 6-53
session key 6-13, 7-37
Index-2
Index
shared key 5-8, 6-49, 6-56, 7-78
Simple Network Management Protocol
See SNMP
Simple Network Time Protocol See
SNTP
SNMP 6-20, 7-24
community name 6-21, 7-24
community string 7-24
enabling traps 6-21, 7-25
trap destination 6-21, 7-26
trap manager 6-21, 7-26
SNTP 6-29, 7-20
enabling client 6-29, 7-21
server 6-29, 7-20
software
displaying version 6-24, 6-64, 7-15
downloading 6-25, 7-29
specifications B-1
SSID 7-70
configuring 5-5
STA
global settings, configuring 7-47–??
interface settings 7-50–??
path cost 7-50
port priority 7-50
startup files, setting 7-28
station status 6-66, 7-85
status
displaying device status 6-64, 7-15
displaying station status 6-66, 7-85
STP
fast forwarding 6-38
straight-through cable C-2
system clock, setting 6-29, 7-21
system log
enabling 6-27, 7-16
server 6-27, 7-17
system software, downloading from
server 6-24, 7-29
T
Telnet
for managenet access 7-1
Temporal Key Integrity Protocol See
TKIP
time zone 6-30, 7-22
TKIP 6-59, 7-80
transmit power, configuring 6-43, 7-75
trap destination 6-21, 7-26
trap manager 6-21, 7-26
troubleshooting A-1
U
upgrading software 6-24, 7-29
user name, manager 6-23, 7-13
user password 6-23, 7-13
V
VLAN
configuration 6-18, 7-87
native ID 6-18, 7-87
W
WEP 6-48, 6-54, 7-77
configuring 6-48, 6-54, 7-77
shared key 6-49, 6-56, 7-78
Wi-Fi Protected Access See WPA
Wired Equivalent Protection See WEP
WPA 6-59, 7-82
authentication over 802.11x 6-61,
7-81
pre-shared key 6-61, 7-82, 7-83
WPA, pre-shared key See PSK
Index-3
Index
Index-4
MRW55
MRW55M
E022005-R01
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement