Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
3CRGPOE10075
(WL-529)
http://www.3com.com/
Part No. DUAPOE10075BAA01
Published December 2004
3Com Corporation
350 Campus Drive
Marlborough, MA USA
01752-3064
Copyright 2004, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced
in any form or by any means or used to make any derivative work (such as translation, transformation, or
adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are
provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or
as a commercial item as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Coms standard commercial license for the Software. Technical data is provided with limited rights
only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.
You agree not to remove or deface any portion of any legend provided on any licensed program or
documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not
be registered in other countries.
3Com, the 3Com logo, and OfficeConnect are registered trademarks of 3Com Corporation.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows
NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of
Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively
through X/Open Company, Ltd.
Netscape Navigator is a registered trademark of Netscape Communications.
JavaScript is a trademark of Sun Microsystems
All other company and product names may be trademarks of the respective companies with which they are
associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we
are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental
standards. Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labeled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is
fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and
the inks are vegetable-based with a low heavy-metal content.
CONTENTS
ABOUT THIS GUIDE
Conventions 1
Related Documentation 3
Documentation Comments 3
18
21
63
TROUBLESHOOTING
Basic Connection Checks 97
Cannot Connect to the Wireless Access Point to Configure It 97
Forgotten Password and Reset to Factory Defaults 98
Wireless Station Cannot Connect to the LAN via the Access Point 98
TECHNICAL SPECIFICATIONS
Hardware Specifications 99
Wireless Specifications 100
Software Specifications 102
SAFETY INFORMATION
Important Safety Information 139
Wichtige Sicherheitshinweise 140
Consignes Importantes de Scurit 141
136
GLOSSARY
INDEX
REGULATORY NOTICES
Conventions
Throughout this guide, the OfficeConnect Wireless 108 Mbps 11g PoE
Access Point is referred to as the Access Point.
The computer used to configure the Access Point is referred to as the
admin computer. During the initial configuration, the admin computer
must be connected to the same switch or hub as the Access Point.
Table 1 and Table 2 list conventions that are used throughout this guide.
Notice Type
Description
Information note
Caution
Warning
Description
The word syntax means that you must evaluate the syntax
provided and then supply the appropriate values for the
placeholders that appear in angle brackets. Example:
To change your password, use the following syntax:
system password <password>
In this example, you must supply a password for
<password>.
Commands
When you see the word enter in this guide, you must type
something, and then press Return or Enter. Do not press
Return or Enter when an instruction simply says type.
Words in italics
Press Ctrl+Alt+Del
Emphasize a point.
Related Documentation
Related
Documentation
In addition to this guide, each OfficeConnect Wireless 108 Mbps 11g PoE
Access Point documentation set includes the following:
Online Help
This online help system is accessible from the Web interface. It
provides information that helps you perform tasks using the Web
interface.
Release Notes
These notes provide information about the current software release,
including new features, modifications, and known problems.
Documentation
Comments
Your suggestions are very important to us. They will help make our
documentation more useful to you. Please e-mail comments about this
document to 3Com at:
pddtechpubs_comments@3com.com
Please include the following information when contacting us:
Document title
Example:
Page 25
Please note that we can only respond to comments and questions about
3Com product documentation at this e-mail address. Questions related to
technical support or sales should be directed in the first instance to your
network supplier.
INTRODUCING THE
OFFICECONNECT WIRELESS
ACCESS POINT
This chapter provides an overview of the features and capabilities of the
OfficeConnect Wireless 108 Mbps 11g PoE Access Point. It also
identifies the contents of the Access Point kit and helps you get to know
the physical features of the device.
Overview
3Com wireless systems let you simply and confidently extend network
information and applications to difficult-to-wire locations and to your
mobile workforce, making your business more productive, competitive
and successful. The 3Com OfficeConnect Wireless 108 Mbps 11g PoE
Access Point is the affordable choice for extending your network to
places where wires cannot go.
A single Access Point can make the Internet, e-mail, and network
resources such as printers available to dozens of wireless station users.
And because 3Com OfficeConnect Wireless 108 Mbps 11g PoE Access
Point is Wi-Fi certified, you can be sure it will work reliably with certified
equipment from other manufacturers.
Wired Local
Area Network
3Com Wireless
Access Point
Stat
us
Pow
er
LA
N
Wire
less
Wireless
Stations
Features and
Capabilities
Wireless and
Networking
Description
Standards compliance
802.11g-802.11b
backward-compatibility
Description
User support
WDS support
Simple configuration
Upgradeable firmware
PoE Support
PoE support makes it easier to overcome installation problems with
difficult-to-wire or hard-to-reach locations. The same Category 5 cable
that connects the Access Point to the wired network also provides its
power, so AC power outlet locations and extra cabling are no longer
issues. You can source power from an 802.3af-compliant power sourcing
equipment (PSE) or use the supplied power adapter to power the Access
Point.
You can use the following 3Com PoE products to supply power to
OfficeConnect Wireless 108 Mbps 11g PoE Access Point:
WDS Support
Wireless Distribution System (WDS) allows you to build a completely
wireless infrastructure using access points, instead of wires, to
interconnect multiple networks. WDS also helps you create large wireless
networks by linking several wireless access points with WDS links. WDS is
normally used in large, open areas where pulling wires is cost prohibitive,
restricted, or physically impossible.
You can use the Access Point to build a WDS on the network. It can
function either as a wireless bridge or wireless client/repeater.
For WDS to work, all participating access points in the distribution system
must support WDS. If you are using access points other than the
OfficeConnect Wireless 108 Mbps 11g PoE Access Point to build a WDS,
check the documentation for these access points and verify that they
support WDS.
Wireless Bridge
In a wireless bridge configuration, access points are configured to
interconnect or bridge two or more wired local networks at the link
layer. When wired local networks are bridged, devices on each network
can access resources on the other network.
The Access Point supports two wireless bridge modes:
Point-to-Point (PTP)
Point-to-Multipoint (PTMP)
In PTP mode, only two access points are configured to bridge two wired
networks. To configure the OfficeConnect Wireless Access Point to bridge
with a compatible access point, you need to specify the MAC address of
each device on the other to establish a PTP bridge. Figure 2 illustrates
how two access points in PTP mode connect two wired networks.
Wired
Network B
Wired
Network A
WDS Link
atS
sut
oP
rew
NA
sse
ler
iW
Statu
s
Powe
r
LA
N
Wire
les
10
Slave,
Set to
PTP Mode
Wired
Network A
`
Statu
s
Powe
r
LA
N
Wire
les
WDS Link
Wired
Network C
Master,
Set to
PTMP Mode
atS
sut
oP
rew
NA
sse
ler
iW
WDS Link
Statu
s
Powe
r
LA
N
Wire
les
Slave,
Set to
PTP Mode
11
atS
sut
oP
rew
NA
sse
ler
iW
WDS Link
Statu
s
Powe
r
LA
N
Wire
les
12
atS
sut
oP
rew
NA
sse
ler
iW
Ethernet Cable
Statu
s
Powe
r
LA
N
Wire
les
Access Point
in Client Mode
Security
Table 2 lists the security features that the Access Point provides.
Table 2 Security Features
Feature
Description
64-/128-/152-bit
Basic and advanced encryption methods protect the privacy
WEP and WPA
of data transmitted over the wireless LAN
128-bit AES and TKIP
encryption
802.1x RADIUS
Helps ensure that only authorized users can access your
server authentication network and centralizes authentication of wireless users
across the network
Security profiles and
multiple SSIDs
Multiple SSIDs
Multiple SSID
isolation
13
Description
VLAN support
RADIUS client
support
RADIUS MAC
authentication
Rogue AP detection
Password-protected
configuration
Multiple SSIDs
Using multiple SSIDs provides you with more flexibility in configuring your
wireless network, including supporting multiple security schemes
simultaneously.
For example, if you have a number of wireless stations that can only
support WEP encryption while the rest can support WPA, you do not have
to lower the security level for the WPA compliant devices to
accommodate non-WPA compliant stations.
You can configure two security profiles with two different SSIDs one
using WEP and the other using WPA for encryption. And then, let the
wireless stations that can only support WEP associate with the SSID that is
using WEP for encryption. The rest of the wireless stations can associate
with the other SSID that uses WPA.
14
Sta
tus
Pow
er
LA
N
Wire
SSID 1
Using WPA
less
SSID 2
Using WEP
VLAN Support
A virtual LAN (VLAN) is a network of computers that behave as if they are
on the same local network, even if they are physically located on different
segments of the network.
If you have VLANs set up on the network, you can configure the Access
Point to work with a switch to segment associated wireless stations into
different VLANs. Membership of wireless stations in the VLANs can be
defined by mapping SSIDs to available VLAN IDs.
For example, you have two active SSIDs (SSID1 and SSID2) and two
existing VLANs (VLAN1 and VLAN2). To segment wireless stations
associated with SSID1 into VLAN1, you need to map SSID1 to VLAN1
using the VLAN Configuration screen of the Web interface. Do the same
with SSID2 to segment wireless stations that are associated with it into
VLAN2. Figure 7 illustrates this VLAN setup.
VLAN support requires a one-to-one mapping of SSIDs to VLAN IDs. This
means you can segment wireless stations associated with one SSID into
only a single VLAN.
When wireless stations are segmented into a VLAN using the SSID to
which they are associated, they can communicate with other members of
the VLAN.
15
VLAN1
`
N
Wire
les
Wireless
Stations Connected
to SSID2
Wireless
Stations Connected
to SSID1
To enable the switch to forward packets from the wireless stations to the
correct VLAN, the Access Point inserts VLAN membership information
into the packets sent by the wireless stations before forwarding them to
the switch. The switch reads the VLAN tag in each packet, and then
forwards it to the correct VLAN destination.
Since VLAN membership of the wireless stations are configured through
the SSIDs and up to four SSIDs can be enabled at any time, you can
configure the Access Point to forward packets to up to four different
VLANs.
Configuration and
Management
Table 3 lists the configuration and management features that the Access
Point provides.
Table 3 Configuration and Management Features
Feature
Description
Web-based
administration
Works with any Web browser that supports HTML and Java
Script, allowing you to configure and manage the Access
Point from anywhere on the network
16
Package Contents
Feature
Description
Auto configuration
Auto update
Command Line
Interface
RADIUS accounting
support
Syslog support
SNMP support
UAM support
OfficeConnect Wireless 108 Mbps 11g PoE Access Point Quick Start
Guide
One CD-ROM, which contains the setup files for the 3Com Access
Point Manager and a PDF version of the OfficeConnect 108 Mbps 11g
Wireless Access Point User Guide
If any of the above items are damaged or missing, please contact your
3Com network supplier immediately.
Physical Features
Physical Features
Front Panel
17
Before setting up the Access Point, 3Com recommends that you first
familiarize yourself with the physical features of the device.
The front panel of the Access Point includes LEDs that indicate the status
of the device. For information on what these LEDs indicate, refer to the
table below.
Table 4 Front Panel LEDs
LED
Description
Status
Off No power
Green Idle
Power
LAN
Wireless
Back Panel
The back panel of the Access Point is where you make the physical
connections power, Ethernet cable, and serial cable for console
connection. It also includes the antenna port and the Reset button.
Table 5 Back Panel Ports and Connections
Part
Description
Antenna
Console port
18
Description
Reset button
Overview of Setup
and Management
Tasks
Ethernet
Power port
The following are tasks that you need to perform to get the Access Point
up and running, and to enable wireless stations on the network to
associate with it.
1 Install the Access Point Information on preparing for, performing, and
verifying the installation is available in Chapter 2 starting on page 19.
2 Access the Web interface and configure the Access Point
Information on connecting to the Web interface and configuring the
Access Point is available in Chapter 3 starting on page 27.
3 Configure the wireless stations Information on configuring the
clients to ensure that they can successfully connect to the Access Point is
available in Chapter 4 starting on page 59.
From time to time, you may need to perform administrative tasks such as
changing the password to the Web interface, backing up the
configuration file, and upgrading the device firmware. Step-by-step
procedures for these tasks are available in Chapter 5 starting on page 79.
Troubleshooting information is available in Chapter 6 starting on
page 97.
Installation
Requirements
Before starting with the installation, make sure that you have the
required items for the installation ready. In addition, verify that the
wireless stations on the network have the required components for
wireless communication with the Access Point.
To install the Access Point, you need the following:
Access Point
20
Positioning the
Access Point
Allows easy viewing of the front panel LED indicator lights, and access
to the rear panel connectors, if necessary.
There are no thick walls or metal shielding between the Access Point
and the wireless stations. In ideal conditions, the Access Point has a
range of around 150 meters (450 feet). The range is reduced, and
transmission speed is lower, if there are any obstructions between the
wireless devices.
Air flow around the unit and through the vents in the side of the case
is not restricted. 3Com recommends you provide a minimum of 25
mm (1 in.) clearance.
Powering On and
Connecting the
Access Point
21
The procedure for connecting the Ethernet cable to and powering on the
Access Point depends on whether you want to use the supplied power
adapter or PoE.
To use PoE, you must have a power sourcing equipment (PSE). You may
also need an additional Ethernet cable for connecting the PSE unit to a
hub, router, or switch.
If you have a PoE switch, such as the 3Com Baseline Switch 2226-PWR
Plus 3C16490, you can plug the Ethernet cable from the Access Point
directly to a PoE port on the switch to supply power.
22
Verifying the
Installation
To verify that the Access Point has been successfully installed, check the
LEDs on the front panel.
23
To connect to the Web interface, you need to know the IP address that
the DHCP server has assigned to the Access Point. To do this, use the
3Com Access Point Manager that is included on the CD-ROM.
Before continuing, check the sticker on the base of the Access Point, and
take note of the Access Point name (for example, SCB8CF22). You may
need this information to select the right Access Point, if the 3Com Access
Point Manager detects other access points on the network.
If the Access Point fails to obtain an IP address from the DHCP server, it
will automatically use its default IP address, 192.168.0.228. If this
happens, follow the instructions in Without a DHCP Server on page 26
to connect to the Web interface.
1 On a computer that is connected to the same local network, insert the
CD-ROM into the CD drive.
The setup program for the 3Com Access Point Manager starts
automatically. If it does not start automatically, run setup.exe in the root
folder of the CD-ROM.
2 Follow the setup wizard instructions to install the utility.
Setup installs the utility and adds the 3Com Access Point Manager folder
to the Windows program menu.
3 Start the 3Com Access Point Manager by pointing to the 3Com Access
Point Manager folder on the program menu, and then clicking 3Com
Access Point Manager.
The 3Com Access Point Manager starts, and then searches the network
for active OfficeConnect Wireless Access Points. When the search is
complete, the utility displays all detected access points, as shown in
Figure 10.
24
4 Click the access point name that corresponds to the name on the base of
the Access Point.
5 Click Web Management to start the Web interface.
If the Web Management button is unavailable, it means that the Access
Point and the admin computer are on different subnets. Change the
subnet mask for the Access Point so you can connect to the Web
interface. For more information, refer to If the Access Point Is on a
Different Subnet.
The interface loads in your Web browser and an authentication dialog
box appears.
6 In User name, type admin, and in Password, type password.
User name and password are case-sensitive.
7 Click OK.
If the Access Point Is on a Different Subnet
The default subnet for the Access Point is 255.255.255.0. If your local
network is using a different subnet, the Set IP Address button will be
active. You need to change the subnet mask for the Access Point so you
can connect to the Web interface.
25
IP Address
Subnet Mask This mask must be the same as the subnet mask for
the admin computer
Gateway
DNS
3 Click OK, and then click Refresh. The 3Com Access Point Manager screen
refreshes, and then the Web Management button becomes available.
4 Click Web Management to start the Web interface.
The interface loads in your Web browser and an authentication dialog
box appears.
5 In User name, type admin, and in Password, type password.
User name and password are case-sensitive.
26
6 Click OK.
Without a DHCP
Server
5 Click OK.
6 Start your Web browser.
7 In the Address or Location bar, type http://192.168.0.228. An
authentication dialog box appears.
8 In User name, type admin, and in Password, type password.
User name and password are case-sensitive.
9 Click OK.
The interface loads in your Web browser.
The Web interface has been designed to enable you to easily perform
configuration tasks and view information about the Access Point.
Figure 12 Access Point Web Interface
The menu is on the left side of the Web interface. When you click an item
on the menu, the related screen will appear in the main part of the
28
interface. If there are more options for the menu selection, then tabs
containing these additional options appear above the main part.
Buttons
Save Click this button to save changes that you have made to the
Access Point settings. These changes will be saved to memory, but will
not be applied until you click Apply/Restart.
Timeout Setting
Defining Security
Profiles
The Web interface has a timeout mechanism that automatically logs you
off if it does not detect any activity within five minutes. This mechanism
helps prevent unauthorized users from accessing the Web interface and
modifying the Access Point configuration.
A security profile contains a service set identifier (SSID) and the wireless
security settings for connections to the Access Point. You can define up
to eight security profiles and enable up to four of them simultaneously.
Although you can enable four security profiles simultaneously, the Access
Point will only broadcast one SSID (based on IEEE standards). Wireless
stations will still be able to connect to the other SSIDs, but users need to
manually add these SSIDs to their list of wireless networks.
With multiple profiles, you can segregate wireless stations into groups
and assign them different security settings based on the SSIDs to which
they will be connecting.
Configuring and
Enabling a Profile
29
To define a security profile, you need to set the wireless security settings
and the encryption and authentication methods.
1 On the menu, click Security Profiles.
2 Under Current Profiles, select a profile, and then click Configure.
Figure 13 Security Profile Screen with Wireless Security Disabled
30
31
Description
Data Encryption
Authentication
Key input
Key values
Type the keys that you want to use. Other stations must have
the same key. Alternatively, you can automatically generate
keys by clicking Generate Key in Passphrase.
32
Description
Passphrase
WPA-PSK Options
If you selected WPA-PSK, you need to configure the settings listed in
Table 7.
Figure 15 Security Options for WPA-PSK
Description
Network Key
Type the key value. Data is encrypted using this key. Other
wireless stations must use the same key.
33
Description
WPA Encryption
34
WPA-802.1x Options
If you selected WPA-802.1x, you need to configure the settings listed in
Table 8.
Figure 16 Security Options for WPA-802.1x
Description
RADIUS Server
Address
RADIUS Port
This read-only field displays the name used for the Client
Login on the RADIUS Server. This login name must be
created on the RADIUS Server. On some RADIUS Servers, you
can use the Access Points IP address instead of this name.
Shared Key
Key used for client logon to the RADIUS Server. Type a key
value that matches the value on the RADIUS Server.
35
Description
WPA Encryption
RADIUS Accounting
36
802.1x Options
If you selected 802.1x, you need to configure the settings listed in
Table 9.
Figure 17 Security Options for 802.1x
37
Description
RADIUS Server
Address
RADIUS Port
This read-only field displays the name used for the client
login on the RADIUS server. This logon name must be
created on the RADIUS server. On some RADIUS servers, you
can use the Access Points IP address instead of this name.
Shared Key
Key used for client logon to the RADIUS Server. Type a key
value that matches the value on the RADIUS Server.
If enabled, this uses EAP-MD5. You must enter the WEP key
on the WEP Key field below, and on each wireless station.
The WEP Key Index must also match the key index used on
other wireless stations.
RADIUS Accounting
38
Create a RADIUS client account for the Access Point on the RADIUS
server. Use the Access Points IP address or name and specify the same
shared key as configured on the Access Point.
To ensure that the Access Point can log on to the RADIUS server, verify
that the correct RADIUS server address, port, and shared key are
configured on the Access Point. This information is entered either on
the Security screen or the RADIUS-based MAC Authentication screen,
depending on the security method used.
2 On the RADIUS server, create a RADIUS client account for each wireless
station that will authenticate with it. Use the stations MAC address for
the user name, and leave the password blank. The RADIUS server stores
these MAC addresses on a database, which it queries whenever a
wireless station needs to be authenticated.
When RADIUS MAC authentication is enabled and configured, the Access
Point will forward the MAC address of every client that tries to associate
with it to the RADIUS server. Then, the RADIUS server will check if the
stations MAC address is on its database. If it is, the wireless station will
be allowed to associate with the Access Point.
If the wireless stations MAC address is on the RADIUS database, the
entry xx:xx:xx:xx:xx:xx MAC authentication (where
39
If the wireless stations MAC address is not on the RADIUS database, the
entry xx:xx:xx:xx:xx:xx MAC authentication failed is added to the
log, and the stations status appears as Authenticating on the list of
associated stations.
Configuring the RADIUS MAC Authentication Options
The options on the RADIUS-based MAC Authentication screen appear
different, depending on the wireless security setting that you selected.
Figure 18 RADIUS-based MAC Authentication Screen
Description
Enable RADIUS-based MAC Select this check box to enable MAC authentication
authentication
using the RADIUS server
RADIUS Server Address
RADIUS Port
40
Description
Shared Key
WEP Key
Click the preferred key index. You can use any value,
as long as it matches the value on the RADIUS server.
Configuring UAM
Universal Access Method (UAM) is a client authentication method that is
typically used in Internet cafes, hot spots, and similar sites that provide
Internet access.
Any wireless station attempting to connect to the Internet using a Web
browser is directed to a logon page. On this logon page, the user must
enter a user name and password, which are authenticated by a RADIUS
server.
If authentication is successful, the user is granted access to the Internet. If
the user is not authenticated, the Access Point blocks user access to the
Internet and displays another Web page (login failure URL) that provides
information on how to pay for and obtain Internet access. This login
failure Web page is typically on your Web server.
When UAM is enabled and configured, HTTP (TCP, port 80) connections
are checked. UAM only works on HTTP connections; other types of traffic
are ignored.
To use UAM, you need the RADIUS server for client authentication, and
configure the UAM settings. There are two types of UAM authentication
that you can use:
Internal authentication Uses the Web page that is built into the
Access Point
41
Create a RADIUS client account for the Access Point on the RADIUS
server. Use the Access Points IP address or name and specify the same
shared key as configured on the Access Point.
Verify that the correct RADIUS server address, port, and shared key are
configured on the Access Point. This information is entered either on
the Security screen or the UAM screen, depending on the security
settings used.
2 Create user accounts on the RADIUS server database, and then grant
them access to the Internet.
3 Verify that the wireless security settings on the wireless stations match
the security settings on the Access Point, including the key (if any).
4 Configure the internal UAM authentication settings.
a On the UAM screen, select the UAM (Universal Access Method) check
box.
b Click Internal Web-based Authentication.
42
Create a RADIUS client account for the Access Point on the RADIUS
server. Use the Access Points IP address or name and specify the same
shared key as configured on the Access Point.
Verify that the correct RADIUS server address, port, and shared key are
configured on the Access Point. This information is entered either on
the Security screen or the UAM screen, depending on the security
method used.
2 Create user accounts on the RADIUS server database, and then grant
them access to the Internet.
43
3 On your Web server, create a welcome page that has a button or link to
the uamlogon.htm page on the Access Point. Users will enter their user
name and password on the uamlogon.htm page.
4 Verify that the wireless security settings on the wireless stations match
the security settings on the Access Point, including the key (if any).
5 Configure the external UAM authentication settings.
a On the UAM screen, select the UAM (Universal Access Method) check
box.
b Click External Web-based Authentication.
c In Login URL, type the URL to the welcome page that you created in
step 3. This is the Web page that users will see when they attempt to
connect to the Internet using a Web browser.
d In Login Failure URL, type the URL to a Web page that you want users
to see if they are not successfully authenticated (for example, if they
used invalid logon credentials). This page can also provide new users
with information on how to pay for and obtain Internet access.
e In RADIUS Server Address, type the IP address or host name of the
RADIUS server that will authenticate clients.
f In RADIUS Port, type the port number on the RADIUS server that is
configured for communication with RADIUS clients.
g In Shared Key, type the same key value as the one you set on the
RADIUS server.
6 Click Save, and then click Close.
When external UAM authentication is enabled and configured, any
wireless user that attempts to connect to the Internet using a Web
browser (HTTP/TCP port 80) is redirected to the welcome page you
created. User must click a link or button to the uamlogon.htm page,
where he needs to enter his user name and password. After the user
enters a user name and password on the logon page, the RADIUS server
checks its database to verify that the logon credentials are valid.
If the logon credentials are valid, user will be allowed access to the
Internet. An entry xx:xx:xx:xx:xx:xx WEB authentication (where
xx:xx:xx:xx:xx:xx is the wireless stations MAC address) is added to
the Access Point log. The wireless stations status also appears as
Authenticated on the list of associated stations.
44
If the logon credentials are invalid, the user will not be able to access any
other Web page, except for the logon page. An entry
xx:xx:xx:xx:xx:xx WEB authentication failed is added to the log,
and the stations status appears as Authenticating on the list of
associated stations.
Setting the Primary
Profile
Although you can enable up to four security profiles with each profile
having a different SSID, the Access Point only broadcasts one SSID. If you
enabled the Broadcast SSID check box on the Wireless > Basic screen, the
Access Point will broadcast the SSID for the primary profile that you set.
You can set the primary profile under the Primary Profile section of the
Security Profiles screen.
1 In 802.11b/g AP Mode, select the profile that you want to set as primary
when the Access Point is in AP mode.
2 In 802.11b/g Bridge Mode, select the profile that you want to set as
primary when the Access Point is in bridge mode.
Figure 20 Primary Profile Options
Isolating Wireless
Clients with Different
Profiles
On the Security Profiles screen, under Isolation, click one of the following
options:
Use VLAN (802.1Q) standard Click this option only if the hubs or
switches on your local network support the VLAN (802.1Q) standard.
On a network that supports VLAN, each network packet contains an
ID that identifies the VLAN to which it belongs.
45
Devices that are on different VLANs are isolated from each other. For
VLAN to work correctly, all network devices (for example, hubs,
switches, routers, and gateways) must support the 802.1Q standard.
For an overview of the VLAN support provided by the Access Point, refer
to VLAN Support on page 14.
If you click this option, you also need to assign a VLAN ID to each
security profile. To assign a VLAN ID to each profile, click Configure
VLAN, and then provide the required information on the VLAN screen.
Figure 21 VLAN Screen
Controlling Access
to the Wireless
Network
By default, the Access Points security settings are disabled to allow you
to easily connect and configure it after the initial setup. Anyone that can
detect the SSID that is broadcast on the wireless network can therefore
connect to it.
You can configure the Access Point to prevent unauthorized or untrusted
wireless stations from accessing your wireless network. To do this, you
need to:
1 Define the list of trusted wireless stations. These are the wireless stations
that will be allowed to access the wireless network.
2 Enable access control based on MAC addresses (also known as physical
address)
Before performing these steps, you first need to get the MAC addresses
of the wireless stations that you want to add to the access control list. To
46
47
Repeat steps 3 to 5 for each wireless station that you want to add to the
access control list.
To delete a MAC address from the list, click the MAC address under
Trusted Wireless Stations, and then click the >> button.
Importing the MAC Address List of Trusted Stations
To create the text-based access control list:
1 On the computer that you are using to configure the Access Point, create
a text file using a text editor (for example, Notepad).
2 Type the MAC addresses of all the wireless stations that you want to add
to the access control list. Each line in the text file must have only one
MAC address.
3 Save the file to your computer.
To upload the access control list:
1 Start the Web interface.
2 On the menu, click Access Control.
3 On the Access Control tab, click Read from File. The Upload Access
Control screen appears.
48
4 Click Browse, and then browse to the location of the text-based access
control list.
Figure 23 Uploading the Text File That Lists the Trusted MAC Addresses
After defining the access control list, you need to enable the access
control function of the Access Point.
Before performing this procedure, make sure that the MAC address or
addresses of the admin computer is included in the access control list.
Otherwise, you will no longer be able to access the Web interface after
you enable the access control function.
1 On the Access Control tab, select the Enable Access Control by MAC
Address check box.
2 Click Save.
49
Backing Up the
Access Control List
To ensure that you can easily restore the access control list if it
accidentally erased, 3Com recommends that you back it up periodically.
To back up the access control list:
1 On the Access Control tab, click Write to File. The File Download dialog
box appears.
2 Click Save. The Save As dialog box appears.
3 Specify a location on the local disk to which to save the file and modify
the file name (if necessary). The default file name is maclist.acl.
4 Click Save.
5 Verify that the list was successfully saved by checking if the file exists in
the target location.
Configuring System
Settings
System settings include information that helps identifies the Access Point
on the network, including the Access Point name, IP address settings, and
WINS configuration.
If you only need to view the current system settings, click Status on the
menu, and then check the information on the Status tab.
50
Access Point Name This is the name that identifies the Access Point
when you are using the Access Point Management utility.
51
If you have a DHCP server on the network and you want the Access
Point to automatically obtain its IP address from the DHCP server, click
DHCP Client.
4 If you have a WINS server on the network, and you want to use it to
resolve names and addresses used by the Access Point, click Enable WINS,
and then type the host name or IP address in WINS Server Name/IP
Address.
5 Click Save, and then Apply/Restart.
52
Configuring the
Wireless Settings
Basic Wireless
Settings
The Access Point can function either as a standard wireless access point
or a wireless client/repeater.
Basic wireless settings include the settings for the different modes
supported by the Access Point and wireless channel selection.
Figure 26 Basic Wireless Settings Screen
Description
Disable 2.4GHz band Disables the wireless function of the Access Point
802.11b and
802.11g (default)
53
Description
802.11b
802.11g
Dynamic Super
802.11g (108Mbps)
Static Super 802.11g Uses Packet Bursting, FastFrame, Compression, and channel
(108Mbps)
bonding (using 2 channels) to increase throughput.
Because this mode always uses channel bonding, it not
compatible with 802.11b and (standard) 802.11g.
Only clients that support the Atheros Super G mode can
connect at 108Mbps; they will always connect at this speed.
Select this only if all wireless stations on the network support
the Atheros Super G mode.
3 In AP Mode, select the appropriate mode for the Access Point. Available
options include:
If you set the AP mode to Client/Repeater, you will not be able to use the
Bridge Mode.
4 To broadcast the Access Points SSID, verify that the Broadcast SSID check
box is selected.
To prevent unauthorized clients from detecting your SSID and attempting
to connect to the network, clear the Broadcast SSID check box. You can
54
None (disable) Disables bridge mode. Select this if you want the
Access Point to function as a regular access point only.
6 In Channel, select the wireless channel that you want the Access Point to
use. If set to Automatic, the Access Point will select the best available
channel.
Use of certain wireless channels is restricted in some countries. To ensure
that you are using only the approved channels, select your country from
the list of countries on the System screen. For information on the
channels approved by your country, refer to Channel Restrictions at
the end of this guide.
If you experience interference (some symptoms of which are unstable
connections or slow data transfers), try experimenting with other
channels that are allowed in your country and use that which has the
fastest connection speed.
7 Click Save, and then click Apply/Restart.
55
Slave,
Set to
PTP Mode
Wired
Network A
`
Statu
s
Powe
r
LA
N
Wire
les
WDS Link
Wired
Network C
Master,
Set to
PTMP Mode
atS
sut
oP
rew
NA
sse
ler
iW
WDS Link
Statu
s
Powe
r
LA
N
Wire
les
Slave,
Set to
PTP Mode
If you set the Access Point to PTMP bridge mode, you need to set the
other access points to PTP bridge mode, and specify the Access Points
MAC address in their PTP bridge access point settings. In this setup, all
traffic will be sent to the master access point.
56
For increased security, you can restrict the access points that can bridge
with the OfficeConnect Wireless Access Point. To do this:
1 Under the Bridge Mode section of the Basic tab, select the In PTMP mode,
only allow specified APs check box.
2 Click Set PTMP APs. The PTMP AP List screen appears.
3 Type the MAC addresses of the access points that you want to bridge
with the OfficeConnect Wireless Access Point. You can specify up to
eight access points.
4 Click Save.
Advanced Wireless
Settings
57
Basic Rate
The basic rate is used for broadcasting. It does not determine the data
transmission rate, which is determined by the Mode setting on the
Basic screen. Available options for basic rate include:
Do not select the 802.11g or ODFM option unless all your wireless
stations support this. If either option is selected, 802.11b clients will not
be able to connect to the Access Point.
58
Options
Worldwide Mode (802.11d) Select this check box if you want to use
the 802.11d mode and your wireless stations support this mode.
Parameters
Preamble Type Select the desired option. The default is Long. The
Short setting takes less time when used in a good environment.
Output Power Level Select the desired power output. Higher levels
will give a greater range, but are also more likely to cause interference
with other devices.
802.11b
Short Slot Time Enable or disable this setting as required. The default
is Enabled.
This chapter describes how to configure the wireless stations with the
appropriate security settings to ensure successful association with the
Access Point. It also provides information on how to configure other
devices, such as the RADIUS server, that may be required to support the
wireless security settings.
Configuration
Overview
No Security
Set to No Security
Using WEP
Using WPA-PSK
Using WPA-802.1x
Using 802.1x
If the Access Points wireless security settings are disabled, any wireless
station user that knows the SSID will be able to successfully associate
with it.
60
The only settings that must be configured on the wireless station are the
wireless mode and SSID. For more information on these settings, refer to
Table 12.
Table 12 Client Wireless Settings When Security Is Disabled
Setting
Description
Mode
SSID (ESSID)
Using WEP
If you configured the Access Point to use WEP for encryption, the wireless
stations on the network must have matching settings to ensure successful
communication and association.
For information on the settings that must be configured for WEP, refer to
Table 13.
Table 13 Client Wireless Settings When Using WEP
Setting
Description
Mode
SSID (ESSID)
Wireless Security
The WEP key size (64 bit, 128 bit, 152 bit) must be set to
match the key size specified on the Access Point.
Using WPA-PSK
61
Using WPA-PSK
If you configured the Access Point to use WPA-PSK for encryption and
authentication, the wireless stations on the network must have matching
settings to ensure successful communication and association.
Table 14 lists the settings that must be configured on the wireless station
for WPA-PSK.
Table 14 Client Wireless Settings When Using WPA-PSK
Setting
Description
Mode
SSID (ESSID)
Wireless Security
Using WPA-802.1x
Configuring the
RADIUS Server
62
A client logon account for the Access Point must be configured on the
RADIUS server.
Configuring the
Wireless Stations
The Access Point normally uses its default name as its client logon
name. However, the RADIUS server may ignore this and use the IP
address instead.
The shared secret value on the RADIUS server must match the
shared key that was configured on the Access Point.
The encryption settings on the RADIUS server must be correct.
Description
Mode
SSID (ESSID)
802.1x
Authentication
802.1x Encryption
Using 802.1x
Using 802.1x
Setting Up Microsoft
IAS as RADIUS Server
63
DHCPD
DNS
RRAS
Certificate Authority
64
Certificate Services After enabling this, you will see a warning that
the computer cannot be renamed and joined after installing certificate
services. Click Yes to select certificate services and continue.
World Wide Web Server Select World Wide Web Server on the
Internet Information Services (IIS) component.
Using 802.1x
65
7 Type the required the information for the Certificate Authority, and then
click Next.
Figure 31 CA Identifying Information Screen
8 Click Next to use the CAs default configuration. Windows setup displays
a warning message that IIS is running and must be stopped before
continuing.
9 Click OK, and then click Finish.
Configuring the DHCP Server
1 From the Start menu, point to Programs > Administrative Tools, and then
click DHCP.
2 Right-click the server name, and then click New Scope.
66
Using 802.1x
67
68
3 Hold down the Ctrl key, and then on the Select Certificate Template
screen, click Authenticated Session and Smartcard Logon.
4 Click OK.
5 From the Start menu, point to Programs > Administrative Tools, and then
click Active Directory Users and Computers. The Active Directory Users
and Computers screen appears.
6 Right-click on your active directory domain, and then click Properties.
7 Click the Group Policy tab, click Default Domain Policy, and then click
Edit.
Using 802.1x
69
8 Under the Default Domain Policy tree, click Computer Configuration >
Windows Settings > Security Settings > Public Key Policies.
9 Under Public Key Policies, right-click Automatic Certificate Request
Settings, point to New, and then click Automatic Certificate Request.
The Automatic Certificate Request Setup Wizard appears.
10 Click Next.
11 Click Computer, and then click Next.
70
12 Verify that your certificate authority is selected, and then click Next.
13 Review the policy change information, and then click Finish.
14 From the Start menu, click Run, and then enter cmd. A command prompt
appears.
15 Enter secedit /refreshpolicy machine_policy
It may take a few minutes for this command to take effect.
Setting Up the Internet Authentication Service (RADIUS)
1 From the Start menu, point to Programs > Administrative Tools, and then
click Internet Authentication Service. The Internet Authentication Service
screen appears.
2 Right-click Clients, and then click New Client.
3 Type a name for the Access Point, and then click Next.
4 Type the address or name of the Access Point, and then set the shared
secret. This shared secret must be the same as the shared key that you
specified on the Access Point.
5 Click Finish.
Using 802.1x
71
6 Right-click Remote Access Policies, and then click New Remote Access
Policy.
7 Assuming that you are using EAP-TLS, name the policy eap-tls, and then
click Next. The Select Attribute screen appears.
8 Click Add. If you do not want to set any restrictions, click
Day-And-Time-Restrictions, and then click Add.
9 Click Permitted, click OK, and then click Next.
10 Click Grant remote access permission, and then click Next.
11 Click Edit Profile, and then click the Authentication tab. The Edit Dial-in
Profile screen appears.
12 Select the Extensible Authentication Protocol check box, and then select
Smart Card or other Certificate from the drop-down menu.
Figure 37 Edit Dial-in Profile Screen
13 Clear the check boxes for other authentication methods, and then click
OK.
72
4 Click OK.
Setting Up Windows
XP for 802.1x
Using 802.1x
73
ask users to install the Windows 2000 Service Pack 3 to gain the same
functionality.
If your wireless stations are running neither Windows XP nor Windows
2000, they need to use the 802.1x client software provided with the
wireless adapters. For information on how to set up and configure the
802.1x client software for these adapters, refer to the documentation for
the wireless adapters.
The following procedures assume that:
You already have a logon account (user name and password) on the
Windows 2000 Server.
74
6 Click User certificate request, select User Certificate, and then click Next.
7 Click Submit. A message appears, and then the Certificate Issued screen
appears.
8 Click Install this certificate. A confirmation message appears.
9 Click Yes.
Certificate setup is now complete.
Setting Up 802.1x Client Authentication
1 From the Start menu, point to All Programs > Connect To, and then click
Network Connections.
2 Right-click Wireless Network Connection, and then click Properties. The
Wireless Network Connection Properties screen appears.
Using 802.1x
75
76
Enabling Encryption
To enable encryption for a wireless network:
1 Click the Wireless Networks tab.
Figure 41 Wireless Networks Tab
2 From the list of available networks, click the SSID for the Access Point,
and then click Configure.
3 On the Wireless Network Properties screen, specify the SSID for the
Access Point, and then configure the wireless network key settings.
For example, if you need to use EAP-TLS:
77
4 Click OK.
Windows XP configuration for 802.1x is now complete.
Using 802.1x
Without WPA
The procedure for setting up 802.1x without WPA is almost the same as
for WPA-802.1x. The only difference is that on the wireless station, the
The key is provided for me automatically check box (see Figure 42) must
not be selected. Instead, the user must manually enter a WEP key that
matches the WEP key specified on the Access Point.
To set up 802.1x, follow the procedures in Using 802.1x starting on
page 62, except for the difference mentioned above.
On some systems, the 64 bit WEP key is shown as 40 bit, and the
128 bit WEP key is shown as 104 bit. This difference arises because
the key entered by the user is 24 bits less than the key size used for
encryption.
78
PERFORMING ADDITIONAL
ADMINISTRATIVE TASKS
This chapter provides information on other tasks that you can perform
after setting up and configuring the Access Point and wireless stations.
Configuring
Administrator
Access
Change the default logon account and change the admin password
periodically
80
To change the admin user name, type a new name in User name.
Use the Admin Connections section of the Admin Login screen to restrict
access to the Web interface and to specify the protocols that can be used
to connect to it.
1 On the menu, click Management.
2 On the Admin Login tab, under Admin connections, configure the
following options:
81
Allow Admin connections via wired Ethernet only Select this check
box to prevent wireless access to the Web interface.
To ensure that you can always connect to the Web interface, you must
keep at least one of these admin connection types enabled.
3 Click Save.
Viewing
Information About
the Device
There are three types of status information that you can view on the
Access Point:
Device status
Summary of profiles
On the menu, click Status. Information about the current device status
and components appears on the Status tab.
The following tables list the information that you can view on the Status
tab.
Table 16 Access Point Information
Field
Description
MAC Address
82
Description
Domain
Firmware Version
Description
IP Address
Subnet Mask
Gateway
DHCP Client
Viewing Profiles
Field
Description
Channel/Frequency
Wireless Mode
AP Mode
Bridge Mode
To view a summary of the all current profiles (both enabled and disabled):
1 On the menu, click Status.
2 Click the Profiles tab.
Information about all current profiles, including the profile name, SSID,
security settings, status, and the number of currently associated clients,
appears on the Profiles tab.
83
Viewing Associated
Wireless Stations
84
System information, including the date and time when the device was
started
The date and time displayed in the Access Point logs are queried from a
public Network Time Protocol (NTP) time server on the Internet. The time
zone is set when you select your country/domain on the System screen.
For the logs to show the correct date and time, select your country from
the list and make sure the Access Point is connected to a local network
that has an Internet connection.
Figure 45 Viewing Log Entries
85
If you have a syslog server on the network, you can automate this process
by configuring the Access Point to forward its log entries to the syslog
server. For information, refer to Sending Device Logs to a Syslog Server
on page 88.
To save the logs to a file:
1 On the Log screen, click Save to File. The File Download dialog box
appears.
2 Click Save, and then choose as location on local disk.
3 Rename the file, if necessary. The default file name is ap11g.log.
4 Click Save.
To purge logs that are currently saved on the device, click Clear Log. The
screen refreshes, and then displays a blank Log screen.
Viewing Device
Statistics
86
Field
Description
Up Time
Displays how long the Access Point has been running since
the last restart or reboot
Authentication
Deauthentication
Association
Disassociation
Reassociation
MSDU
Data
Displays the number of valid data packets (at the driver level)
that have been sent to or received from wireless stations
Multicast Packets
Management
Control
Access Point settings are saved to a configuration file that is stored on the
device. To ensure that you can easily restore your settings if the
configuration file becomes corrupt for any reason, 3Com recommends
backing up the configuration file.
87
Backing Up the
Configuration File
88
Restoring Settings
from a Backup
Restoring Settings to
Factory Defaults
To erase the current settings and restore the original factory default
settings, click Set to Defaults on the Config File screen.
Restoring settings to factory defaults all the current settings.
Resetting to default requires the Access Point to restart itself. The device
will terminate your connection to the Web interface when it restarts.
By default, the Access Point acts as a DHCP client. If there is a DHCP
server on the network, the device will automatically obtain an IP address
from it. The new IP address will most likely be different from the old one.
Use the 3Com Access Point Manager to determine the new IP address.
Sending Device
Logs to a Syslog
Server
If you have a syslog server on the network, you can configure the Access
Point to send the device logs to the server.
To send the device logs to a syslog server:
1 On the menu, click Management.
2 Click the Log Settings tab.
3 Click one of the following options:
89
4 In Minimum Severity Level, specify the type of log information that will be
sent to the syslog server. Available options include:
2 - Critical
3 - Error
4 - Warning
5 - Notice
6 - Informational
5 Click Save.
Configuring the
SNMP Agent
90
To configure the SNMP agent that is built into the Access Point:
1 On the menu, click Management.
2 Click the SNMP tab.
3 Select the Enable SNMP check box.
4 In Community, type the name SNMP community name (normally, either
Private or Public).
5 In Access Rights, select either:
Read-only Allows get and trap operations; data can be read, but not
changed
Read/Write Allows get, set, and trap operations; data can be read,
and setting changed
Any Station
Only this Station Send traps to a specific computer. If you select this
option, you also need to type the IP address of the computer.
7 In Traps, specify how the traps will be sent. You can select:
91
8 In Trap Version, select the version that is supported by your SNMP server.
9 Click Save.
Upgrading the
Firmware
The upgrade function allows you to install on the Access Point any new
firmware releases that 3Com may make available. To install the new
firmware, you first need to download the firmware from the 3Com
support Web site to the admin computer.
Although the upgrade process has been designed to preserve your
configuration settings, 3Com recommends that you make a backup of
the configuration beforehand, in case the upgrade process fails for any
reason. For example, if the connection between the computer and the
Access Point is lost while the new software is being copied to the Access
Point, your configuration settings may be erased.
After downloading the firmware upgrade to the admin computer, do the
following to upgrade the firmware on the Access Point:
1 Start the Web interface.
2 On the menu, click Management.
3 Click the Upgrade Firmware tab.
4 Click Browse, and then locate and select the firmware upgrade you
downloaded.
Figure 50 Click Browse to Select the Firmware Upgrade
5 Click OK.
The Access Point installs the firmware upgrade. When upgrade is
complete, the Access Point restarts itself.
92
The upgrade process can take up to two minutes, and is complete when
the Status LED has stopped flashing and is permanently off. Make sure
that you do not interrupt power to the Access Point during the upgrade
process; if you do, the software may be corrupted and the Access Point
may not start up properly afterwards.
Automating
Updates and
Configuration
Automating
Configuration
When you set the Access Point to automatically copy the settings of a
compatible access point, it will only copy the configuration settings.
Other settings, such the IP address and operating mode (repeater or
bridge mode) will not be copied.
93
To automate configuration:
1 On the menu, click Advanced.
2 Click the Auto Config/Update tab.
3 Under Auto Config, select the Perform Auto Configuration on this AP
next restart check box.
4 To allow other access points (that are also set to auto config) to copy the
Access Points configuration, select the Respond to Auto-configuration
request by other AP check box.
To allow other access points to copy the admin logon account (name
and password), select the Provide admin login name and password
check box.
To allow other access points to copy the Access Points settings for
responding to auto config requests, select the Provide Respond to
Auto-configuration setting check box.
5 Click Save.
At the next restart, the Access Point will search the wired (not wireless)
network for compatible access points. If it finds a compatible access
point, it will copy its configuration settings. If it finds more than one
compatible access point, it will copy the configuration of the first that
was detected.
After the Access Point successfully copies another access points
configuration, it automatically clears the Perform Auto Configuration on
this AP next restart check box. This is to prevent the device from
performing auto config at every restart.
Automating Updates
If you have multiple OfficeConnect Wireless 108 Mbps 11g PoE Access
Points installed on the network and you want to automate firmware
upgrades, you can use auto update to simplify the process. When auto
update is enabled and configured, the Access Points will periodically
check the specified FTP, and download and install any available updates.
1 On the menu, click Advanced.
2 Click the Auto Config/Update tab.
3 Under Auto Update, select the Check for Firmware upgrade every [ ] days
check box.
4 Specify which firmware version to install. You can click:
94
Install later version only Checks only for firmware versions that are
newer than the one installed
5 In FTP Server address, type the domain name or IP address of the FTP
server on which you will store firmware updates.
6 In Firmware pathname, type the full path (including the file name) to the
firmware file on the FTP server.
7 In FTP Login Name, type a logon name that is authorized to access the
FTP server.
8 In FTP Password, type the password for the logon name.
9 Click Save.
Detecting Rogue
Access Points
Access points that are not in your list of authorized access points
Detected rogue access points are recorded into the log file. If you are an
SNMP server on the network, you can configure it to generate a trap
whenever a rogue access point is detected.
95
7 Click Save.
96
Viewing Detected
Rogue Access Points
SSID Displays the SSID that the rogue access point is broadcasting to
the network
Channel Displays the wireless channel that the rogue access point is
using
Cause Displays the reason why the access point was considered as
rogue. Possible reasons include:
TROUBLESHOOTING
This chapter lists some issues that you may encounter while installing,
configuring, and using the Access Point, and provides information on
how to resolve them.
Basic Connection
Checks
Cannot Connect to
the Wireless Access
Point to Configure
It
Verify that the Access Point is connected to your switch or hub and
that all the equipment is powered on. Check that the LAN LED is on,
and that any corresponding LEDs are also illuminated.
If the LAN LED is not on, check if the cable you are using is not faulty.
Try a different cable. Check also that the Uplink/Normal switch on the
hub or switch is in the correct position.
The Access Point is properly installed, LAN connections are OK, and it
is powered on. Check the LEDs for port status.
Ensure that the admin computer and the Access Point are on the same
network segment.
98
CHAPTER 6: TROUBLESHOOTING
Forgotten
Password and Reset
to Factory Defaults
If you can browse to the Access Point configuration screen but cannot log
on because you have forgotten the password, follow the steps below to
reset the Access Point to its factory default configuration.
All your configuration changes will be lost, and you will need to run the
configuration wizard again before you can re-establish your wireless
network. All other computer users will lose their network connections
whilst this process is taking place, so choose a time when this would be
convenient.
1 Power off the Access Point.
2 Hold down the Reset button on the rear of the unit and re-apply power
to the Access Point. The Status LED will flash as the Access Point starts
up, and after approximately 30 seconds will start to flash more slowly
(typically 2 seconds on, 2 seconds off).
3 Keep Reset button held down and remove power from the Access Point.
4 Release the Reset button.
5 Re-apply power to the Access Point, and when the startup sequence has
completed, browse to the IP address of the Access Point and run the
configuration wizard. You may need to restart your computer before you
attempt this.
6 When the configuration wizard has completed, you may reconnect your
network as it was before.
Wireless Station
Cannot Connect to
the LAN via the
Access Point
The SSID and WEP settings on the wireless station match the settings
on the Access Point.
TECHNICAL SPECIFICATIONS
Hardware
Specifications
Description
CPU
AR2312
Radio-on-chip
AR2112
DRAM
8 MB
Flash ROM
2 MB
Ethernet port
Wireless interface
Operating temperature 0 C to 40 C
Storage temperature
-20 C to 70 C
Power adapter
24VDC 300ma
PD classification
characteristics
Dimensions
100
Wireless
Specifications
Description
Receive sensitivity at
11 Mbps
min. -85dBm
Receive sensitivity at
5.5 Mbps
min. -89dBm
Receive sensitivity at 2
Mbps
min. -90dBm
Receive sensitivity at 1
Mbps
min. -93dBm
18 dBm
Modulation
Wireless Specifications
Description
Operating range
802.11b
Indoors
Outdoors
802.11g
Indoors
Outdoors
101
102
Software
Specifications
Description
Wireless
Roaming supported
Antenna selection
Tx power adjustment
Country selection
SSID assignment
Operating mode
802.1x support
Software Specifications
Description
Management
Web-based configuration
RADIUS accounting
RADIUS-on feature
CLI
Message log
Statistics support
Windows utility
DHCP client
WINS client
Rogue AP detection
Auto configuration
Other features
Firmware upgrade
103
104
This appendix describes how to use Telnet and the serial port (RS232) to
access the command line interface (CLI) for configuration. It also provides
a complete list of all commands that can be executed at the CLI. You can
use the CLI to create scripts that automate basic configuration changes.
Use the CLI to configure the Access Point only if you are an advanced user
with previous experience in using the command interface. Incorrect
commands executed at the CLI may delete the settings on the Access
Point.
Connecting to the
CLI via Telnet
To use Telnet session to gain access to the CLI, the computer that you are
using must have a TCP/IP stack. This computer can be on either the wired
or wireless local network.
To connect to the CLI via Telnet:
1 From the command prompt, telnet to the Access Points IP address. For
example, if the Access Point is using its default IP address
(192.168.0.228), enter Telnet 192.168.0.228.
A prompt appears for the user name and password.
2 Enter your logon name and password. These are the same as the user
name and password that you use for the Web interface.
The default user name is admin, and the default password is password.
Once connected, you can use any of the commands listed in Command
Reference starting on page 108.
106
Connecting to the
CLI via the Serial
Port
1 Using a standard serial port cable, connect your computer to the serial
(RS232) port on the Access Point.
2 Start your communications program. For example, in Windows, you can
use HyperTerminal.
If HyperTerminal is not installed on your computer, open Add/Remove
Programs in Control Panel. And then, click Windows Setup or
Add/Remove Windows Components (depending on your version of
Windows). Select the check box for HyperTerminal, and then click OK to
install it.
3 Configure the connection properties:
In Port or Connect Using, select the serial port to which the cable is
connected. Do not select your modem.
107
108
Access Point
Cable Connector:
9-Pin Female
Screen
TxD
RxD
Ground
RTS
CTS
DSR
DCD
DTR
PC/Terminal
Cable Connector:
25-Pin Male/Female
Shell
3
2
5
7
8
6
1
4
1
3
2
7
4
20
5
6
8
Screen
RxD
TxD
Ground
RTS
DTR
CTS
DSR
DCD
Access Point
Cable Connector:
9-Pin Female
Screen
DTR
TxD
RxD
CTS
Ground
DSR
RTS
DCD
Command
Reference
Shell
4
3
2
8
5
6
7
1
Shell
1
2
3
4
5
6
7
8
Screen
DCD
RxD
TxD
DTR
Ground
DSR
RTS
CTS
Table 24 lists all the commands that you use on the Access Point through
the CLI.
Table 24 Console Commands
Command
Description
admin
config wlan
config wlanX
Command Reference
109
Description
config profile
Configure profile
del acl
del key
find bss
Find BSS
find channel
find all
format
bootrom
ftp
get 11gonly
get 11goptimize
get 11goverlapbss
get acl
get aging
get antenna
get association
get authentication
get autochannelselect
get basic11b
get basic11g
get beaconinterval
get burstSeqThreshold
get burstTime
get calibration
get cckTrigHigh
get cckTrigLow
get cckWeakSigThr
get channel
get cipher
get compproc
get compwinsize
110
Description
get config
get countrycode
get ctsmode
get ctsrate
get ctstype
get domainsuffix
get dtim
get enableANI
get encryption
get extendedchanmode
get firStepLvl
get fragmentthreshold
get frequency
get gateway
get gbeaconrate
get gdraft5
get groupkeyupdate
get hardware
get hostipaddr
get ipaddr
Display IP address
get ipmask
get keyentrymethod
get keysource
get login
get minimumrate
get nameaddr
get nf
get noiseImmunityLvl
get ofdmTrigHigh
get ofdmTrigLow
get ofdmWeakSigDet
Command Reference
111
Description
get overRidetxpower
get operationMode
get power
get quietAckCtsAllow
get quietDuration
get quietOffset
get radiusname
get radiusport
get rate
get remoteAp
get hwtxretries
get swtxretries
get rtsthreshold
get shortpreamble
get shortslottime
get sntpserver
get softwareretry
get spurImmunityLvl
get ssid
get ssidsuppress
get station
get SuperG
get systemname
get telnet
get timeout
get tzone
get updateparam
get uptime
Display uptime
get watchdog
get wds
get wep
112
Description
get wirelessmode
get 80211d
get http
get HttpPort
get https
get HttpsPort
get syslog
get syslogSeverity
get syslogServer
get manageOnlyLan
get roguedetect
get rogueinteval
get rogueband
get roguetype
get roguesnmp
get roguelegal
get autoConfig
get autoResponse
get autoChangeName
get autoSetResp
get autoUpdate
get autoUpgradeOnly
get autoUpdateInterval
get ftpServer
get fwPathname
get ftpLogin
get ftpPassword
get
activeCurrentProfile
get profileName
Command Reference
113
Description
get profileVlanId
get APPrimaryProfile
get WDSPrimaryProfile
get securityMode
get Accounting
get Accountingport
get keyValue
get keyLength
get keyIndex
get UAM
get UAMMethod
get UAMLoginURL
get UAMLoginFailURL
get macAuth
get snmpMode
get snmpCommunity
get snmpAccessRight
get snmpAnyStaMode
get snmpStationIPAddr
get trapMode
get trapVersion
get trapSendMode
get trapRecvIp
get wdsMacList
get
enableWirelessClient
get isolationType
get winsEnable
get winsserveraddr
get wirelessSeparate
get description
get dhcpmode
get wlanstate
114
Description
help
Lebradeb
ls
List directory
mem
np
Network performance
ns
ping
Ping
radar!
reboot
rm
Remove file
run
quit
Log off
set 11gonly
set 11goptimize
set 11goverlapbss
set acl
set aging
set antenna
Set antenna
set authentication
set autochannelselect
set basic11b
set basic11g
set beaconinterval
set burstSeqThreshold
set burstTime
set calibration
set cckTrigHigh
set cckTrigLow
set cckWeakSigThr
set channel
set cipher
Set cipher
Command Reference
115
Description
set compproc
set compwinsize
set countrycode
set ctsmode
set ctsrate
set ctstype
set domainsuffix
set dtim
set enableANI
set encryption
set extendedchanmode
set factorydefault
set firStepLvl
set fragmentthreshold
set frequency
set gateway
set gbeaconrate
set groupkeyupdate
set gdraft5
set hostipaddr
set ipaddr
Set IP address
set ipmask
set keyentrymethod
set keysource
set login
set minimumrate
set nameaddress
set noiseImmunityLvl
set ofdmTrigHigh
set ofdmTrigLow
set ofdmWeakSigDet
116
Description
set overRidetxpower
set operationMode
set password
Modify password
set passphrase
Modify passphrase
set power
set quietAckCtsAllow
set quietDuration
set quietOffset
set radiusname
set radiusport
set radiussecret
set rate
set regulatorydomain
set remoteAP
set hwtxretries
set swtxretries
set rtsthreshold
set shortpreamble
set shortslottime
set sntpserver
set softwareretry
set spurImmunityLvl
set ssid
set ssidsuppress
set SuperG
SuperG features
set systemname
set telnet
set timeout
set tzone
set updateparam
set watchdog
set wds
set wep
Command Reference
117
Description
set wlanstate
set wirelessmode
set 80211d
set http
set HttpPort
set https
set HttpsPort
set syslog
set syslogSeverity
set syslogServer
set manageOnlyLan
set roguedetect
set rogueinteval
set rogueband
set roguetype
set roguesnmp
set roguelegal
set autoConfig
set autoResponse
set autoChangeName
set autoSetResp
set autoUpdate
set autoUpgradeOnly
set autoUpdateInterval
set ftpServer
set fwPathname
set ftpLogin
set ftpPassword
set
activeCurrentProfile
118
Description
set profileName
set profileVlanId
set APPrimaryProfile
set WDSPrimaryProfile
set securityMode
set Accounting
set Accountingport
set keyValue
set keyLength
set keyIndex
set UAM
set UAMMethod
set UAMLoginURL
set UAMLoginFailURL
set macAuth
set snmpMode
set snmpCommunity
set snmpAccessRight
set snmpAnyStaMode
set snmpStationIPAddr
set trapMode
set trapVersion
set trapSendMode
set trapRecvIp
set description
set dhcpMode
set wdsMacList
set
enableWirelessClient
set isolationType
set winsEnable
set winsServerAddr
set wirelessSeparate
Command Reference
Description
set sdSet
set sdAdd
set sdDel
start wlan
stop wlan
timeofday
version
Software version
119
120
Wireless Modes
Ad Hoc Mode
Infrastructure Mode
There are two modes in which wireless local networks can operate:
Ad hoc mode
Infrastructure mode
Ad hoc mode does not require an Access Point or a wired local network.
Wireless stations (for example, notebook with wireless cards installed) can
communicate directly with each other.
In infrastructure mode, one or more Access Points are used to connect
wireless stations to a wired local network. The wireless stations that are
associated with the Access Point can access all resources on the local
network.
Access Points can only function in infrastructure mode and can
communicate only with wireless stations that are set to infrastructure
mode.
SSID/ESSID
BSS/SSID
A group of wireless stations and a single Access Point, all using the same
ID (SSID), form a Basic Service Set (BSS).
Using the same SSID is essential. Wireless devices that use different SSIDs
may not be able to communicate with each other. However, some Access
Points allow connections from wireless stations that have their SSID set to
any or whose SSID is blank (null).
122
ESS/ESSID
A group of wireless stations and multiple Access Points, all using the
same ID (ESSID), form an Extended Service Set (ESS).
Different Access Points within an ESS can use different channels. To
reduce interference, it is recommended that adjacent Access Points
should use different channels.
As wireless stations are physically moved through the area covered by an
ESS, they will automatically change to the Access Point which has the
least interference or best performance. This capability is called roaming.
Access Points do not have or require roaming capabilities.
Wireless Channels
The wireless channel sets the radio frequency used for communication.
In ad hoc mode, all wireless stations should be set to use the same
channel. However, most wireless stations will still scan all channels to
see if there is an existing ad hoc group they can join.
Security Settings
WEP
Security Settings
123
WPA-PSK
WPA-802.1x
802.1x
The Access Point must have a client logon account on the RADIUS
server.
Each user must have a user logon account on the RADIUS server.
Each wireless station must support 802.1x and provide the logon data
when required.
All data transmission is encrypted using the WPA standard. Keys are
automatically generated, so no key input is required.
This uses the 802.1x standard for client authentication, and WEP for data
encryption. If possible, you should use WPA-802.1x instead, because
WPA encryption is much stronger than WEP encryption.
If this option is used:
The Access Point must have a client login on the RADIUS server.
Each user must have a user logon account on the RADIUS server.
Each wireless station must support 802.1x and provide the logon data
when required.
All data transmission is encrypted using the WEP standard. You only
have to select the WEP key size; the WEP key is automatically
generated.
124
Overview of TCP/IP
Configuring TCP/IP
on Windows XP
126
3 Click Internet Protocol (TCP/IP), and then click Properties. The TCP/IP
Properties dialog box, as shown in Figure 61, appears.
127
5 Click OK.
You may have to restart the wireless station for the changes to take
effect.
128
Configuring TCP/IP
on Windows 2000
3 Click Internet Protocol (TCP/IP), and then click Properties. The TCP/IP
Properties dialog box, as shown in Figure 61, appears.
129
5 Click OK.
You may have to restart the wireless station for the changes to take
effect.
130
Configuring TCP/IP
on Windows
Me/98/95
3 Select the TCP/IP component for the wireless network card, and then click
Properties. The TCP/IP Properties dialog box, as shown in Figure 61,
appears.
Figure 61 TCP/IP Properties Dialog Box
131
5 Click OK.
You may have to restart the wireless station for the changes to take
effect.
Configuring TCP/IP
on Windows NT 4.0
132
3 Select the TCP/IP component for the wireless network card, and then click
Properties. The Microsoft TCP/IP Properties dialog box, as shown in
Figure 61, appears.
133
5 Click OK.
You may have to restart the wireless station for the changes to take
effect.
134
E
Register Your
Product
Warranty and other service benefits start from the date of purchase, so it
is important to register your product quickly to ensure you get full use of
the warranty and other service benefits available to you.
Warranty and other service benefits are enabled through product
registration. Register your product at http://eSupport.3com.com/.
3Com eSupport services are based on accounts that you create or have
authorization to access. First time users must apply for a user name and
password that provides access to a number of eSupport features
including Product Registration, Repair Services, and Service Request. If
you have trouble registering your product, please contact 3Com Global
Services for assistance.
Purchase
Value-Added
Services
136
Troubleshoot
Online
You will find support tools posted on the 3Com Web site at
http://www.3com.com/
Access Software
Downloads
Software Updates are the bug fix / maintenance releases for the version
of software initially purchased with the product. In order to access these
Software Updates you must first register your product on the 3Com Web
site at http://eSupport.3com.com/
First time users will need to apply for a user name and password. A link to
software downloads can be found at http://eSupport.3com.com/, or
under the Product Support heading at http://www.3com.com/
Software Upgrades are the software releases that follow the software
version included with your original product. In order to access upgrades
and related documentation you must first purchase a service contract
from 3Com or your 3Com network supplier.
Telephone
Technical Support
and Repair
To enable telephone support and other service benefits, you must first
register your product at http://eSupport.3com.com/
Warranty and other service benefits start from the date of purchase, so it
is important to register your product quickly to ensure you get full use of
the warranty and other service benefits available to you.
When you contact 3Com for assistance, please have the following
information ready:
Contact Us
137
To send a product directly to 3Com for repair, you must first obtain a
return authorization number (RMA). Products sent to 3Com, without
authorization numbers clearly marked on the outside of the package, will
be returned to the sender unopened, at the senders expense. If your
product is registered and under warranty, you can obtain an RMA
number online at http://eSupport.3com.com/. First time users will
need to apply for a user name and password.
Contact Us
Country
Telephone Number
Country
Telephone Number
Philippines
P.R. of China
Singapore
S. Korea
Taiwan
Thailand
You can also obtain support in this region using the following e-mail: apr_technical_support@3com.com
Or request a repair authorization number (RMA) by fax using this number:
Europe, Middle East, and Africa Telephone Technical Support and Repair
From anywhere in these
regions, call:
From the following countries, you may use the numbers shown:
+ 65 543 6348
138
Country
Telephone Number
Country
Telephone Number
Austria
Belgium
Denmark
Finland
France
Germany
Hungary
Ireland
Israel
Italy
01 7956 7124
070 700 770
7010 7289
01080 2783
0825 809 622
01805 404 747
06800 12813
1407 3387
1800 945 3794
199 161346
Luxembourg
Netherlands
Norway
Poland
Portugal
South Africa
Spain
Sweden
Switzerland
U.K.
342 0808128
0900 777 7737
815 33 047
00800 441 1357
707 200 123
0800 995 014
9 021 60455
07711 14453
08488 50112
0870 909 3266
You can also obtain support in this region using the following URL:
http://emea.3com.com/support/email.html
Latin America Telephone Technical Support and Repair
Antigua
Argentina
Aruba
Bahamas
Barbados
Belize
Bermuda
Bonaire
Brazil
Cayman
Chile
Colombia
Costa Rica
Curacao
Ecuador
Dominican Republic
Guatemala
Haiti
Honduras
Jamaica
Martinique
Mexico
Nicaragua
Panama
Paraguay
Peru
Puerto Rico
Salvador
Trinidad and Tobago
Uruguay
Venezuela
Virgin Islands
You can also obtain support in this region using the following:
Spanish speakers, enter the URL:
http://lat.3com.com/lat/support/form.html
Portuguese speakers, enter the URL:
http://lat.3com.com/br/support/form.html
English speakers in Latin America should send e-mail to:
lat_support_anc@3com.com
US and Canada Telephone Technical Support and Repair
1 800 876 3266
SAFETY INFORMATION
Important Safety
Information
WARNING: Warnings contain directions that you must follow for your
personal safety. Follow all directions carefully. You must read the
following safety information carefully before you install or remove the
unit.
WARNING: The Access Point generates and uses radio frequency (rf)
energy. In some environments, the use of rf energy is not permitted. The
user should seek local advice on whether or not rf energy is permitted
within the area of intended use.
WARNING: Exceptional care must be taken during installation and
removal of the unit.
WARNING: Only stack the Access Point with other OfficeConnect units.
WARNING: To ensure compliance with international safety standards,
only use the power adapter that is supplied with the unit.
WARNING: The socket outlet must be near to the unit and easily
accessible. You can only remove power from the unit by disconnecting
the power cord from the outlet.
WARNING: This unit operates under SELV (Safety Extra Low Voltage)
conditions according to IEC 60950. The conditions are only maintained if
the equipment to which it is connected also operates under SELV
conditions.
WARNING: There are no user-replaceable fuses or user-serviceable parts
inside the Access Point. If you have a physical problem with the unit that
cannot be solved with problem solving actions in this guide, contact your
supplier.
WARNING: Disconnect the power adapter before moving the unit.
140
WARNING: RJ-45 ports. These are shielded RJ-45 data sockets. They
cannot be used as telephone sockets. Connect only RJ-45 data
connectors to these sockets.
Wichtige
Sicherheitshinweise
VORSICHT: Warnhinweise enthalten Anweisungen, die Sie zu Ihrer
eigenen Sicherheit befolgen mssen. Alle Anweisungen sind sorgfltig zu
befolgen.
Sie mssen die folgenden Sicherheitsinformationen sorgfltig durchlesen,
bevor Sie das Gerts installieren oder ausbauen.
VORSICHT: Der Access Point erzeugt und verwendet Funkfrequenz (RF).
In manchen Umgebungen ist die Verwendung von Funkfrequenz nicht
gestattet. Erkundigen Sie sich bei den zustndigen Stellen, ob die
Verwendung von Funkfrequenz in dem Bereich, in dem der Bluetooth
Access Point eingesetzt werden soll, erlaubt ist.
VORSICHT: Bei der Installation und beim Ausbau des Gerts ist mit
hchster Vorsicht vorzugehen.
VORTSICHT: Stapeln Sie das Gerts nur mit anderen OfficeConnect
Gertes zusammen.
VORSICHT: Aufgrund von internationalen Sicherheitsnormen darf das
Gert nur mit dem mitgelieferten Netzadapter verwendet werden.
VORSICHT: Die Netzsteckdose mu in der Nhe des Gerts und leicht
zugnglich sein. Die Stromversorgung des Gerts kann nur durch
Herausziehen des Gertenetzkabels aus der Netzsteckdose unterbrochen
werden.
VORSICHT: Der Betrieb dieses Gerts erfolgt unter den
SELV-Bedingungen (Sicherheitskleinstspannung) gem IEC 60950. Diese
Bedingungen sind nur gegeben, wenn auch die an das Gert
angeschlossenen Gerte unter SELV-Bedingungen betrieben werden.
VORSICHT: Es sind keine von dem Benutzer zu ersetzende oder zu
wartende Teile in dem Gert vorhanden. Wenn Sie ein Problem mit dem
Access Point haben, das nicht mittels der Fehleranalyse in dieser
Anleitung behoben werden kann, setzen Sie sich mit Ihrem Lieferanten in
Verbindung.
VORSICHT: Vor dem Ausbau des Gerts das Netzadapterkabel
herausziehen.
141
Consignes
Importantes de
Scurit
AVERTISSEMENT: Les avertissements prsentent des consignes que vous
devez respecter pour garantir votre scurit personnelle. Vous devez
respecter attentivement toutes les consignes.
Nous vous demandons de lire attentivement les consignes suivantes de
scurit avant dinstaller ou de retirer lappareil.
AVERTISSEMENT: LAccess Point fournit et utilise de l'nergie
radiolectrique (radio frquence -rf). L'utilisation de l'nergie
radiolectrique est interdite dans certains environnements. L'utilisateur
devra se renseigner sur l'autorisation de cette nergie dans la zone
prvue.
AVERTISSEMENT: Faites trs attention lors de l'installation et de la
dpose du groupe.
AVERTISSEMENT: Seulement entasser le moyer avec les autres moyeux
OfficeConnects.
AVERTISSEMENT: Pour garantir le respect des normes internationales de
scurit, utilisez uniquement l'adaptateur lectrique remis avec cet
appareil.
AVERTISSEMENT: La prise secteur doit se trouver proximit de
lappareil et son accs doit tre facile. Vous ne pouvez mettre lappareil
hors circuit qu'en dbranchant son cordon lectrique au niveau de cette
prise.
AVERTISSEMENT: Lappareil fonctionne une tension extrmement
basse de scurit qui est conforme la norme CEI 60950. Ces conditions
ne sont maintenues que si l'quipement auquel il est raccord fonctionne
dans les mmes conditions.
AVERTISSEMENT: Il ny a pas de parties remplaceables par les
utilisateurs ou entretenues par les utilisateurs lintrieur du moyeu. Si
vous avez un problme physique avec le moyeu qui ne peut pas tre
rsolu avec les actions de la rsolution des problmes dans ce guide,
contacter votre fournisseur.
142
GLOSSARY
802.11a
802.11b
802.11g
access point
ad hoc mode
bandwidth
144
GLOSSARY
channel
Similar to any radio device, the OfficeConnect Wireless 108 Mbps 11g
PoE Access Point allows you to choose different radio channels in the
wireless spectrum. A channel is a particular frequency within the
2.4GHz spectrum within which the gateway operates.
client
DHCP
DNS stands for Domain Name System, which allows Internet host
computers to have a domain name (such as 3com.com) and one or
more IP addresses (such as 192.34.45.8). A DNS server keeps a
database of host computers and their respective domain names and IP
addresses, so that when a domain name is requested (as in typing
3com.com into your Internet browser), the user is sent to the proper
IP address. The DNS server address used by the computers on your
home network is the location of the DNS server your ISP has assigned.
encryption
ESSID
Ethernet
Ethernet Address
hub
GLOSSARY
145
they connect LANs of the same type; however they connect more LANs
than a repeater and are generally more sophisticated.
IEEE
IETF
infrastructure mode
IP
IP Address
LAN
MAC
MAC address
146
GLOSSARY
network
network interface
card (NIC)
protocol
RJ-45
server
SSID
subnet address
subnet mask
subnet
switch
TCP/IP
GLOSSARY
147
WEP
Wi-Fi
wireless client or
wireless station
Wireless LAN Service
Area
wizard
WLAN
WPA
148
GLOSSARY
INDEX
Numbers
3Com Access Point Manager 23, 88
802.1x client authentication 74
A
access control 45
backing up trusted list 49
deleting a MAC address 47
importing trusted list 47
MAC address-based 48
manually adding a trusted station 46
administrator access
configuring 79
connection types 80
logon account 80
antenna 17
auto configuration 92
auto update 93
available modes
bridge 8
client 11
repeater 10
B
basic rate 57
beacon interval 58
C
CLI 105
available commands 108
cable pinouts 107
connecting via serial port 106
connecting via Telnet 105
client certificate 73
command line interface. See CLI
configuration file 86
backing up 87
restoring from backup 88
console port 17
conventions
D
DHCP support 7
disassociated timeout 58
E
Ethernet port 18
F
features 6
configuration and management 15
security 12
wireless and networking 6
firmware
downloading updates 91
upgrading 91
fragmentation length 58
I
installation
on a network with DHCP 23
on a network without DHCP 26
positioning 20
requirements 19
verifying 22
L
LAN port. See Ethernet port
LEDs 17
LAN 17
Power 17
Status 17
Wireless 17
logs 83
clearing 84
saving to file 84
sending to syslog server 88
150
INDEX
viewing 83
M
maximum throughput 6
Microsoft IAS
as RADIUS server 63
CA server setup 68
DHCP server setup 65
domain controller setup 63
required services 64
setting up as RADIUS server 70
multiple SSIDs 13
benefits 13
O
output power level 58
P
package contents 16
physical features 17
back panel 17
front panel 17
PoE 7
support 7
point-to-multipoint mode. See PTMP
Power over Ethernet. See PoE
powering on 21
using PoE 21
using power adapter 21
preamble type 58
primary profile
broadcast SSID 44
setting 44
PTMP
configuring 55
master AP 9
number of bridges 9
slave AP 9
R
RADIUS MAC authentication
configuring 38
RADIUS server
configuring for MAC authentication 38
configuring for UAM authentication 40
configuring for WPA-802.1x 61
setting up Microsoft IAS 63
requirements
installation 19
wireless stations 19
Reset button 18
resetting to factory defaults 88, 98
rogue access points
detecting 94
viewing detected 96
RTS/CTS threshold 58
S
security information 139
security profile 28
configuring 29
viewing summary 82
security settings
802.1x 36
configuring 31
WEP 31
WPA-802.1x 34
WPA-PSK 32
SNMP
configuring 89
SSID
number of broadcast 28
statistics
viewing 85
status
viewing 81
system settings
configuring 49
T
tasks
configuring the Access Point 27
configuring wireless stations 59
connecting to Web interface 22
installing 19
overview 18
troubleshooting 97
technical specifications 99
hardware 99
software 102
wireless 100
troubleshooting
basic checks 97
connection issues 97, 98
forgotten password 98
trusted wireless stations
manually adding 46
INDEX
UAM
configuring 40
external authentication 42
internal authentication 41
Universal Access Method. See UAM
V
VLAN 14
VLAN support 44
W
WDS 7, 8
supported encryption 10
Web interface
buttons 28
connecting 22
menu 27
navigating 27
tabs 27
timeout setting 28
WEP
key 40
key index 40
wireless bridge 8
point-to-multipoint (PTMP) 9
point-to-point (PTP) 8
wireless clients. See wireless stations
Wireless Distribution System 7
Wireless Distribution System. See WDS
wireless security 29
802.1x 30
WEP 29
WPA-802.1x 29
WPA-PSK 29
wireless separation 58
wireless settings
802.11b 58
advanced 57
basic 52
configuring 52
wireless stations
configuring for 802.1x 72
configuring for 802.1x (without WPA) 77
configuring for WEP 60
configuring for WPA-802.1x 62
configuring for WPA-PSK 61
isolating 44
maximum number (simultaneous) 7
requirements 19
supported 6
trusted 46
viewing associated 83
worldwide mode (802.11d) 58
151
152
INDEX
REGULATORY NOTICES
CHANNEL RESTRICTIONS
Use of the OfficeConnect Wireless 108 Mbps 11g PoE Access Point is only authorized for the channels
approved by each country. For proper installation, log on to the Web interface, and then select your country
from the drop-down list.
Table 1 below details the channels permitted by the local regulatory agencies.
Table 1 Channels Approved by Country
FCC STATEMENT
Country
Channels
Australia, Austria, Bahrain, Belarus, Belgium, Chile, China, Costa Rica, Croatia,
Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hong
Kong, Hungary, Iceland, India, Indonesia, Ireland, Italy, Liechtenstein, Lithuania,
Luxembourg, Malaysia, Netherlands, New Zealand, Norway, Paraguay, Peru,
Philippines, Poland, Portugal, Russia, Saudi Arabia, Singapore, Slovenia, South
Africa, South Korea, Spain, Sweden, Switzerland, Thailand, Turkey, United
Kingdom, Uruguay, Venezuela.
113
111
Jordan
1013
Israel
57
Japan
114
If this equipment does cause interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of
the following measures:
Plug the equipment into a different outlet so that equipment and receiver are on different branch circuits.
If necessary, the user should consult the dealer or an experienced radio/television technician for additional
suggestions. The user may find the following booklet prepared by the Federal Communications Commission
helpful:
How to Identify and Resolve Radio-TV Interference Problems
This booklet is available from the U.S. Government Printing Office, Washington, DC 20402, Stock No.
004-000-00345-4.
In order to meet FCC emissions limits, this equipment must be used only with cables which comply with IEEE
802.3.
CSA STATEMENT
This Class B digital apparatus meets all requirements of the Canadian Interference-Causing Equipment
Regulations.
Cet appareil numrique de la classe A respecte toutes les exigences du Rglement sur le matriel brouilleur
du Canada.
CE STATEMENT (EUROPE)
VCCI STATEMENT
This product complies with the European Low Voltage Directive 73/23/EEC and EMC Directive 89/336/EEC as
amended by European Directive 93/68/EEC.
IC STATEMENT
This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set
out in the interference-causing equipment standard entitled Digital Apparatus, ICES-003 of Industry
Canada.
Cet appareil numrique respecte les limites de bruits radiolectriques applicables aux appareils numriques de
Classe B prscrites dans la norme sur le matriel brouilleur: Appareils Numriques, NMB-003 dicte par
l'Industrie Canada.