Smc-networks SMC2552W-G2-17 Instrukcja Użytkownika

COMPLIANCESviiVeuillez lire à fond l'information de la sécurité suivante avant d'installer le access point:AVERTISSEMENT: L’installation et

Radio Interface6-536CLI Commands for Radio Settings – From the global configuration mode, enter the interface wireless g command to access the 802.11g

System Configuration6-546Configuring VAP Radio SettingsTo configure VAP radio settings, select the Radio Settings page.Default VLAN ID – The VLAN ID a

Radio Interface6-556WPA2 PMKSA Life Time – WPA2 provides fast roaming for authenticated clients by retaining keys and other security settings in a cac

System Configuration6-566Rogue AP – A “rogue AP” is either an access point that is not authorized to participate in the wireless network, or an access

Radio Interface6-576rogue-ap scan command. To view the database of detected access points, use the show rogue-ap command from the Exec level.Configuri

System Configuration6-586WMM Operation — WMM uses traffic priority based on the four ACs; Voice, Video, Best Effort, and Background. The higher the AC

Radio Interface6-596Figure 6-1. WMM Backoff Wait TimesFor high-priority traffic, the AIFSN and CW values are smaller. The smaller values equate to l

System Configuration6-606WMM – Sets the WMM operational mode on the access point. When enabled, the parameters for each AC queue will be employed on t

Radio Interface6-616CLI Commands for WMM – Enter interface wireless mode and type wmm required for clients that want to associate with the access poin

System Configuration6-626SecurityThe access point is configured by default as an “open system,” which broadcasts a beacon signal including the configu

COMPLIANCESviiiBitte unbedingt vor dem Einbauen des Access Point die folgenden Sicherheitsanweisungen durchlesen (Germany):WARNUNG: Die Installation u

Radio Interface6-636• Wi-Fi Protected Access (WPA or WPA2)page 6-73Both WEP and WPA security settings are configurable separately for each virtual acc

System Configuration6-646Note: You must enable data encryption through the web or CLI in order to enable all types of encryption (WEP, TKIP, or AES) i

Radio Interface6-656802.1x WPA only Interface Detail Settings:Authentication: WPAEncryption: EnableWPA Clients: RequiredCipher Suite: TKIP802.1x: Requ

System Configuration6-666Note: If you choose to configure RADIUS MAC authentication together with 802.1X, the RADIUS MAC address authentication occurs

Radio Interface6-676Before enabling the radio service for any VAP, first configure the WEP, WPA, and 802.1X security settings described in the followi

System Configuration6-686Enable – Enables radio communications on the VAP interface. (Default: Disabled)Note: You must first enable VAP interface 0 be

Radio Interface6-696• Alphanumeric: Enter keys as 5 alphanumeric characters for 64 bit keys, 13 alphanumeric characters for 128 bit keys, or 16 alphan

System Configuration6-706Note: To use 802.1X on wireless clients requires a network card driver and 802.1X client software that supports the EAP authe

Radio Interface6-716Enterprise AP(config)#interface wireless g 7-88Enter Wireless configuration commands, one per line.Enterprise AP(if-wireless g)#ke

System Configuration6-726----------------Security------------------------------------------------Closed System : DisabledMulticast c

COMPLIANCESixStromkabel. Dies muss von dem Land, in dem es benutzt wird geprüft werden: U.S.A und KanadaDer Cord muß das UL gepruft und war das CSA be

Radio Interface6-736CLI Commands for WEP over 802.1X Security – Use the vap command to access each VAP interface to configure the security settings. F

System Configuration6-746WPA Pre-Shared Key Mode (WPA-PSK, WPA2-PSK): For enterprise deployment, WPA requires a RADIUS authentication server to be con

Radio Interface6-756the cipher used for broadcast frames is always TKIP. WEP encryption is not allowed.• Key Caching: WPA2 provides fast roaming for a

System Configuration6-766To configure WPA, click Security under Radio A or Radio G. Select one of the VAP interfaces by clicking More. Select one of t

Radio Interface6-776• WPA: Clients using WPA over 802.1X are accepted for authentication.• WPA-PSK: Clients using WPA with a Pre-shared Key are accept

System Configuration6-786CLI Commands for WPA Using Pre-shared Key Security – Be sure to first disable 802.1X port authentication using the 802.1X com

Radio Interface6-796CLI Commands for WPA Over 802.1X Security – First set 802.1X to required using the 802.1X command and set the 802.1X key refresh r

System Configuration6-806Open the Security page, and click More for one of the VAP interfaces.You can enable 802.1X as optionally supported or as requ

Radio Interface6-816• 802.1X Reauthentication Refresh Rate: The time period after which a connected client must be re-authenticated. During the re-aut

System Configuration6-826Status InformationThe Status page includes information on the following items:Access Point StatusThe AP Status window display

COMPLIANCESx

Status Information6-836AP System Configuration – The AP System Configuration table displays the basic system configuration settings:• System Up Time:

System Configuration6-846CLI Commands for Displaying System Settings – To view the current access point system settings, use the show system command f

Status Information6-856Station StatusThe Station Status window shows the wireless clients currently associated with the access point.The Station Confi

System Configuration6-866shared-key approach uses Wired Equivalent Privacy (WEP) to verify client identity by distributing a shared key to stations be

Status Information6-876CLI Commands for Displaying Station Status – To view status of clients currently associated with the access point, use the show

System Configuration6-886Event LogsThe Event Logs window shows the log messages generated by the access point and stored in memory.The Event Logs tabl

Status Information6-896CLI Commands for Displaying Event Logs – To view the access point log entries, use the show event-log command from the Exec mod

System Configuration6-906

7-1Chapter 7: Command Line InterfaceUsing the Command Line InterfaceAccessing the CLIWhen accessing the management interface for the over a direct con

Command Line Interface7-27If your corporate network is connected to another network outside your office or to the Internet, you need to apply for a re

xiTable of ContentsChapter 1: Introduction 1-1Package Checklist 1-2Hardware Description 1-2Component Description 1-3Features and Benefits 1-5Syst

Entering Commands7-37Command CompletionIf you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to t

Command Line Interface7-47Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters a

Entering Commands7-57Exec CommandsWhen you open a new console session on an access point, the system enters Exec command mode. Only a limited number o

Command Line Interface7-67Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain e

General Commands7-77The access mode shown in the following tables is indicated by these abbreviations: Exec (Executive Mode), GC (Global Configuration

Command Line Interface7-87configureThis command activates Global Configuration mode. You must enter this mode to modify most of the settings on the ac

General Commands7-97Example This example shows how to return to the Exec mode from the Interface Configuration mode, and then quit the CLI session:pin

Command Line Interface7-107resetThis command restarts the system or restores the factory default settings.Syntax reset <board | configuration> •

System Management Commands7-117show lineThis command displays the console port’s configuration settings.Command Mode ExecExampleThe console port setti

Command Line Interface7-127countryThis command configures the access point’s country code, which identifies the country of operation and sets the auth

xiiContentsVLAN 6-19WDS Settings 6-21AP Management 6-27Administration 6-28System Log 6-32SNMP 6-36Configuring SNMP and Trap Message Parameters 6-3

System Management Commands7-137Default Setting US - for units sold in the United States99 (no country set) - for units sold in other countriesCommand

Command Line Interface7-147Command Usage• If you purchased an access point outside of the United States, the country code must be set before radio fun

System Management Commands7-157Command Mode Global ConfigurationExample usernameThis command configures the user name for management access.Syntax use

Command Line Interface7-167ip ssh-server enable This command enables the Secure Shell server. Use the no form to disable the server.Syntax ip ssh-serv

System Management Commands7-177ip telnet-server enable This command enables the Telnet server. Use the no form to disable the server.Syntax ip telnet-

Command Line Interface7-187ip http serverThis command allows this device to be monitored or configured from a browser. Use the no form to disable this

System Management Commands7-197Example ip https serverUse this command to enable the secure hypertext transfer protocol (HTTPS) over the Secure Socket

Command Line Interface7-207web-redirectUse this command to enable web-based authentication of clients. Use the no form to disable this function.Syntax

System Management Commands7-217APmgmtIPThis command specifies the client IP addresses that are allowed management access to the access point through v

Command Line Interface7-227APmgmtUIThis command enables and disables management access to the access point through SNMP, Telnet and web interfaces.Cau

xiiiContentscountry 7-12prompt 7-14system name 7-14username 7-15password 7-15ip ssh-server enable 7-16ip ssh-server port 7-16ip telnet-server enabl

System Management Commands7-237show systemThis command displays basic system configuration settings.Default SettingNoneCommand Mode ExecExampleEnterpr

Command Line Interface7-247show versionThis command displays the software version for the system.Command Mode ExecExample show configThis command disp

System Management Commands7-257Hardware Version Information===========================================Hardware version R01A===========================

Command Line Interface7-267Logging Information=====================================================Syslog State : DisabledLogging Consol

System Management Commands7-277 dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11Sta

Command Line Interface7-287show hardwareThis command displays the hardware version of the system.Command Mode ExecExample System Logging CommandsThese

System Logging Commands7-297logging onThis command controls logging of error messages; i.e., sending debug or error messages to memory. The no form di

Command Line Interface7-307Example logging consoleThis command initiates logging of error messages to the console. Use the no form to disable logging

System Logging Commands7-317Command Usage Messages sent include the selected level down to Emergency level.Example logging facility-typeThis command s

Command Line Interface7-327Command Usage The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect

xivContentssnmp-server host 7-43snmp-server trap 7-44snmp-server engine-id 7-46snmp-server user 7-46snmp-server targets 7-48snmp-server filter

System Clock Commands7-337show event-logThis command displays log messages stored in the access point’s memory.Syntaxshow event-logCommand Mode ExecEx

Command Line Interface7-347sntp-server ipThis command sets the IP address of the servers to which SNTP time requests are issued. Use the this command

System Clock Commands7-357Command Mode Global ConfigurationCommand Usage The time acquired from time servers is used to record accurate dates and time

Command Line Interface7-367sntp-server daylight-savingThis command sets the start and end dates for daylight savings time. Use the no form to disable

System Clock Commands7-377Command Usage This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mean

Command Line Interface7-387DHCP Relay CommandsDynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuratio

DHCP Relay Commands7-397dhcp-relayThis command configures the primary and secondary DHCP server addresses.Syntaxdhcp-relay <primary | secondary>

Command Line Interface7-407SNMP CommandsControls access to this access point from management stations using the Simple Network Management Protocol (SN

SNMP Commands7-417snmp-server communityThis command defines the community access string for the Simple Network Management Protocol. Use the no form to

Command Line Interface7-427Command Mode Global ConfigurationExample Related Commandssnmp-server location (7-43)snmp-server locationThis command sets t

xvContentsFiltering Commands 7-73filter local-bridge 7-73filter ap-manage 7-74filter uplink enable 7-74filter uplink 7-75filter ethernet-type ena

SNMP Commands7-437Command Mode Global ConfigurationCommand Usage • This command enables both authentication failure notifications and link-up-down not

Command Line Interface7-447Command Usage The snmp-server host command is used in conjunction with the snmp-server enable server command to enable SNMP

SNMP Commands7-457- dot1xAuthFail - A 802.1X client station has failed RADIUS authentication.- dot1xSuppAuthenticated - A supplicant station has been

Command Line Interface7-467snmp-server engine-idThis command is used for SNMP v3. It is used to uniquely identify the access point among all access po

SNMP Commands7-477• The SNMP engine ID is used to compute the authentication/privacy digests from the pass phrase. You should therefore configure the

Command Line Interface7-487Example snmp-server targetsThis command configures SNMP v3 notification targets. Use the no form to delete an SNMP v3 targe

SNMP Commands7-497snmp-server filterThis command configures SNMP v3 notification filters. Use the no form to delete an SNMP v3 filter or remove a subt

Command Line Interface7-507snmp-server filter-assignmentsThis command assigns SNMP v3 notification filters to targets. Use the no form to remove an SN

SNMP Commands7-517Example show snmp usersThis command displays the SNMP v3 users and settings.Syntax show snmp usersCommand ModeExecExample show snmp

Command Line Interface7-527Example show snmp targetThis command displays the SNMP v3 notification target settings.Syntaxshow snmp targetCommand Mode E

xviContentsbeacon-interval 7-101dtim-period 7-102fragmentation-length 7-102rts-threshold 7-103super-g 7-104description 7-104ssid 7-105closed-system 7-

SNMP Commands7-537show snmp filter-assignmentsThis command displays the SNMP v3 notification filter assignments.Syntaxshow snmp filter-assignmentsComm

Command Line Interface7-547show snmpThis command displays the SNMP configuration settings.Command Mode ExecExampleEnterprise AP#show snmpSNMP Informat

Flash/File Commands7-557Flash/File CommandsThese commands are used to manage the system code or configuration files.bootfileThis command specifies the

Command Line Interface7-567copy This command copies a boot file, code image, or configuration file between the access point’s flash memory and a FTP/T

Flash/File Commands7-577The following example shows how to download a configuration file: deleteThis command deletes a file or image.Syntaxdelete <

Command Line Interface7-587dirThis command displays a list of files in flash memory.Command Mode ExecCommand Usage File information is shown below:Exa

RADIUS Client7-597RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a

Command Line Interface7-607Command Mode Global ConfigurationExample radius-server portThis command sets the RADIUS server network port. Syntaxradius-s

RADIUS Client7-617radius-server retransmitThis command sets the number of retries. Syntaxradius-server [secondary] retransmit number_of_retries• secon

Command Line Interface7-627radius-server port-accountingThis command sets the RADIUS Accounting server network port. Syntaxradius-server [secondary] p

38 TeslaIrvine, CA 92618Phone: (949) 679-8000EliteConnect™ SMC2552W-G2 2.4GHz Wireless Access PointThe easy way to make all your network connectionsMa

xviiContentswmm 7-131wmm-acknowledge-policy 7-131wmmparam 7-132Appendix A: Troubleshooting A-1Appendix B: Cables and Pinouts B-1Twisted-Pair Cable A

RADIUS Client7-637Example radius-server radius-mac-formatThis command sets the format for specifying MAC addresses on the RADIUS server.Syntaxradius-s

Command Line Interface7-647show radiusThis command displays the current settings for the RADIUS server.Default SettingNoneCommand Mode ExecExample Ent

802.1X Authentication7-657802.1X AuthenticationThe access point supports IEEE 802.1X access control for wireless clients. This control feature prevent

Command Line Interface7-667Command ModeGlobal ConfigurationCommand Usage• When 802.1X is disabled, the access point does not support 802.1X authentica

802.1X Authentication7-677command specifies the interval after which unicast session keys are changed.• Dynamic broadcast key rotation allows the acce

Command Line Interface7-687Command ModeGlobal ConfigurationExample802.1x-supplicant enableThis command enables the access point to operate as an 802.1

802.1X Authentication7-697Command ModeGlobal ConfigurationCommand UsageThe access point currently only supports EAP-MD5 CHAP for 802.1X supplicant aut

Command Line Interface7-707MAC Address Authentication Use these commands to define MAC authentication on the access point. For local MAC authenticatio

MAC Address Authentication7-717Related Commandsaddress filter entry (7-72)802.1x-supplicant user (7-69)address filter entryThis command enters a MAC a

Command Line Interface7-727Command ModeGlobal ConfigurationExampleRelated Commands802.1x-supplicant user (7-69)mac-authentication serverThis command s

xviiiContents

Filtering Commands7-737Default0 (disabled)Command ModeGlobal ConfigurationExampleFiltering CommandsThe commands described in this section are used to

Command Line Interface7-747Global ConfigurationCommand UsageThis command can disable wireless-to-wireless communications between clients via the acces

Filtering Commands7-757filter uplinkThis command adds or deletes MAC addresses from the uplink filtering table.Syntaxfilter uplink <add | delete>

Command Line Interface7-767ExampleRelated Commandsfilter ethernet-type protocol (7-77)filter ethernet-type protocolThis command sets a filter for a sp

WDS Bridge Commands7-777show filtersThis command shows the filter options and protocol entries in the filter table. Command ModeExecExampleWDS Bridge

Command Line Interface7-787bridge role (WDS)This command selects the bridge operation mode for the radio interface.Syntaxbridge role <ap | repeater

WDS Bridge Commands7-797Default Setting NoneCommand Mode Interface Configuration (Wireless)Command Usage Every bridge (except the root bridge) in the

Command Line Interface7-807bridge dynamic-entry age-timeThis command sets the time for aging out dynamic entries in the WDS forwarding table.Syntaxbri

WDS Bridge Commands7-817show bridge filter-entryThis command displays current entries in the WDS forwarding table.Command Mode ExecExample show bridge

Command Line Interface7-827Example Enterprise AP#show bridge link wireless aInterface Wireless A WDS Information====================================AP

1-1Chapter 1: IntroductionThe 2.4 GHz Wireless Access Point is an IEEE 802.11b/g access point that provides transparent, wireless high-speed data comm

Spanning Tree Commands7-837Spanning Tree CommandsThe commands described in this section are used to set the MAC address table aging time and spanning

Command Line Interface7-847bridge stp forwarding-delayUse this command to configure the spanning tree bridge forward time globally for the wireless br

Spanning Tree Commands7-857Example bridge stp max-ageUse this command to configure the spanning tree bridge maximum age globally for the wireless brid

Command Line Interface7-867Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device, root port, and designa

Spanning Tree Commands7-877Default Setting 128Command Mode Interface ConfigurationCommand Usage • This command defines the priority for the use of a p

Command Line Interface7-887Ethernet Interface Commands The commands described in this section configure connection parameters for the Ethernet port an

Ethernet Interface Commands7-897dns serverThis command specifies the address for the primary or secondary domain name server to be used for name-to-ad

Command Line Interface7-907Command Mode Interface Configuration (Ethernet)Command Usage • DHCP is enabled by default. To manually configure a new IP a

Ethernet Interface Commands7-917• When you use this command, the access point will begin broadcasting DHCP client requests. The current IP address (i.

Command Line Interface7-927shutdown This command disables the Ethernet interface. To restart a disabled interface, use the no form.Syntax shutdownno s

Introduction1-21Package ChecklistThe 2.4 GHz Wireless Access Point package includes:• One 2.4 GHz Wireless Access Point • One Category 5 network cab

Wireless Interface Commands7-937Example Wireless Interface CommandsThe commands described in this section configure connection parameters for the wire

Command Line Interface7-947beacon-interval Configures the rate at which beacon signals are transmitted from the access pointIC-W 7-102dtim-period Conf

Wireless Interface Commands7-957interface wirelessThis command enters wireless interface configuration mode.Syntaxinterface wireless <g>• g - 80

Command Line Interface7-967speedThis command configures the maximum data rate at which the access point transmits unicast packets. Syntaxspeed <spe

Wireless Interface Commands7-977channelThis command configures the radio channel through which the access point communicates with wireless clients. Sy

Command Line Interface7-987Default Setting fullCommand Mode Interface Configuration (Wireless)Command Usage • The “min” keyword indicates minimum powe

Wireless Interface Commands7-997ExamplepreambleThis command sets the length of the signal preamble that is used at the start of a 802.11b/g data trans

Command Line Interface7-1007to the access point LEDs). Select this method when using an optional external antenna that is connected to the right anten

Wireless Interface Commands7-1017Example antenna locationThis command selects the antenna mounting location for the radio interface.Syntaxantenna loca

Command Line Interface7-1027The beacon signals allow wireless clients to maintain contact with the access point. They may also carry power-management

Hardware Description1-31Rear PanelComponent DescriptionAntennasThe access point includes integrated diversity antennas for wireless communications. A

Wireless Interface Commands7-1037Syntaxfragmentation-length <length>length - Minimum packet size for which fragmentation is allowed. (Range: 256

Command Line Interface7-1047to 2347, the access point never sends RTS signals. If set to any other value, and the packet size equals or exceeds the RT

Wireless Interface Commands7-1057Default Setting NoneCommand Mode Interface Configuration (Wireless-VAP)ExamplessidThis command configures the service

Command Line Interface7-1067Command Usage When closed system is enabled, the access point will not include its SSID in beacon messages. Nor will it re

Wireless Interface Commands7-1077Command Mode Interface Configuration (Wireless-VAP)Exampleauth-timeout-valueThis command configures the time interval

Command Line Interface7-1087Example show interface wirelessThis command displays the status for the wireless interface.Syntaxshow interface wireless &

Rogue AP Detection Commands7-1097show stationThis command shows the wireless clients associated with the access point.Command Mode ExecExample Rogue A

Command Line Interface7-1107rogue-ap enableThis command enables the periodic detection of nearby access points. Use the no form to disable periodic de

Rogue AP Detection Commands7-1117Example rogue-ap authenticateThis command forces the unit to authenticate all access points on the network. Use the n

Command Line Interface7-1127Default Setting350 millisecondsCommand Mode Interface Configuration (Wireless)Command Usage • During a scan, client access

Introduction1-41Security SlotThe access point includes a Kensington security slot on the rear panel. You can prevent unauthorized removal of the acces

Rogue AP Detection Commands7-1137rogue-ap scanThis command starts an immediate scan for access points on the radio interface.Default SettingDisabledCo

Command Line Interface7-1147Wireless Security CommandsThe commands described in this section configure parameters for wireless security on the 802.11g

Wireless Security Commands7-1157• wpa2-psk - Clients using WPA2 with a Pre-shared Key are accepted for authentication.• wpa-wpa2-mixed - Clients using

Command Line Interface7-1167association request to the access point. For mixed-mode operation, the cipher used for broadcast frames is always TKIP. WE

Wireless Security Commands7-1177ExampleRelated Commandskey (7-118)key This command sets the keys used for WEP encryption. Use the no form to delete a

Command Line Interface7-1187match those configured in the clients.ExampleRelated Commandskey (7-118)encryption (7-117)transmit-key (7-119)transmit-key

Wireless Security Commands7-1197cipher-suite This command defines the cipher algorithm used to encrypt the global key for broadcast and multicast traf

Command Line Interface7-1207• AES-CCMP (Advanced Encryption Standard Counter-Mode/CBCMAC Protocol): WPA2 is backward compatible with WPA, including th

Wireless Security Commands7-1217Example wpa-pre-shared-key This command defines a Wi-Fi Protected Access (WPA/WPA2) preshared-key.Syntaxwpa-pre-shared

Command Line Interface7-1227Command Mode Interface Configuration (Wireless-VAP)Command Usage • WPA2 provides fast roaming for authenticated clients by

Features and Benefits1-51Reset ButtonThis button is used to reset the access point or restore the factory default configuration. If you hold down the

Link Integrity Commands7-1237known to be already authenticated, so it proceeds directly to key exchange and association.• To support pre-authenticatio

Command Line Interface7-1247link-integrity ping-detectThis command enables link integrity detection. Use the no form to disable link integrity detecti

Link Integrity Commands7-1257link-integrity ping-intervalThis command configures the time between each Ping sent to the link host. Syntaxlink-integrit

Command Line Interface7-1267Command Mode Global ConfigurationExample show link-integrityThis command displays the current link integrity configuration

IAPP Commands7-1277IAPP CommandsThe command described in this section enables the protocol signaling required to ensure the successful handover of wir

Command Line Interface7-1287VLAN CommandsThe access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired

VLAN Commands7-1297• Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point’s native VLAN ID, or with a VLAN t

Command Line Interface7-1307Default Setting 1Command Mode Interface Configuration (Wireless-VAP)Command Usage • To implement the default VLAN ID setti

WMM Commands7-1317wmmThis command sets the WMM operational mode on the access point. Use the no form to disable WMM.Syntax[no] wmm <supported | req

Command Line Interface7-1327interpretability with other wired network QoS policies. While the four ACs are specified for specific types of traffic, WM

Introduction1-61System DefaultsThe following table lists some of the access point’s basic system defaults. To reset the access point defaults, use the

WMM Commands7-1337• admission_control - The admission control mode for the access category. When enabled, clients are blocked from using the access ca

Command Line Interface7-1347

A-1Appendix A: TroubleshootingCheck the following items before you contact local Technical Support.1. If wireless clients cannot access the network, c

TroubleshootingA-2A3. If you cannot access the on-board configuration program via a serial port connection:• Be sure you have set the terminal emulato

B-1Appendix B: Cables and PinoutsTwisted-Pair Cable Assignments For 10/100BASE-TX connections, a twisted-pair cable must have two pairs of wires. Each

Cables and PinoutsB-2BStraight-Through WiringBecause the 10/100 Mbps port on the access point uses an MDI pin configuration, you must use “straight-th

Console Port Pin AssignmentsB-3BCrossover WiringBecause the 10/100 Mbps port on the access point uses an MDI pin configuration, you must use “crossove

Cables and PinoutsB-4BWiring Map for Serial Cable Table B-2. Wiring Map for Serial CableDB9 Male (AP Console) DB9 Male (PC DTE)Pin Function Pin Func

C-1Appendix C: SpecificationsGeneral SpecificationsMaximum Channels802.11g:US & Canada: 13 (normal mode), 5 (turbo mode)Japan: 4 (normal mode), 1

SpecificationsC-2CAC Power AdapterInput: 100-240 AC, 50-60 HzOutput: 5.1 VDC, 3APower consumption: 13.2 wattsUnit Power SupplyDC Input: 5 VDC, 2 A max

System Defaults1-71MAC Authentication MAC DisabledAuthentication Session Timeout 0 minutes (disabled)Local MAC System Default AllowedLocal MAC Permiss

General SpecificationsC-3CMPT RCR std.33 (D33 1~13 Channel, T66 Channel 14)SafetycCSAus(CSA 22.2 No. 60950-1 & UL60950-1)EN60950-1 (TÜV/GS), IEC60

SpecificationsC-4CSensitivityTransmit Power IEEE 802.11gData Rate Sensitivity (dBm) 6 Mbps -889 Mbps -8712 Mbps -8617 Mbps -8524 Mbps -8136 Mbps -7748

Transmit PowerC-5CIEEE 802.11b Maximum Output Power (GHz - dBm)Data Rate 2.412 2.417~2.467 2.4721 Mbps 15 16 152 Mbps 15 16 155.5 Mbps 15 16 1511 Mbp

SpecificationsC-6COperating RangeImportant NoticeMaximum distances posted below are actual tested distance thresholds. However, there are many variabl

Glossary-1Glossary10BASE-TIEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3 or better UTP cable.100BASE-TXIEEE 802.3u specifi

Glossary-2GlossaryBroadcast KeyBroadcast keys are sent to stations using 802.1X dynamic keying. Dynamic broadcast key rotation is often used to allow

Glossary-3GlossaryIEEE 802.11gA wireless standard that supports wireless communications in the 2.4 GHz band using using Orthogonal Frequency Division

Glossary-4GlossaryRADIUSA logon authentication protocol that uses software running on a central server to control access to the network.RoamingA wirel

Glossary-5GlossaryVirtual Access Point (VAP)Virtual AP technology multiplies the number of Access Points present within the RF footprint of a single p

Glossary-6Glossary

Introduction1-81System Logging Syslog DisabledLogging Host DisabledLogging Console DisabledIP Address / Host Name 0.0.0.0Logging Level InformationalLo

Index-1Numerics802.11g 7-95AAES 6-75antennas, positioning 2-2authentication 6-12, 7-114cipher suite 6-78, 7-115closed system 7-106configuring 6-12, 7-

IndexIndex-2filter 6-17, 7-70address 6-12, 7-70between wireless clients 6-17, 7-73local bridge 6-17, 7-73local or remote 6-12, 7-72management access 6

IndexIndex-3PoE 1-4specifications C-2port prioritySTA 7-86power connection 2-2Power over Ethernet See PoEpower supply, specifications C-2PSK 6-75Rrad

IndexIndex-4VVLANconfiguration 6-54, 7-128native ID 6-54WWEP 6-69configuring 6-69shared key 6-70, 7-117Wi-Fi Multimedia See WMMWi-Fi Protected Access

Model Number: SMC2552W-G2-17Pub. Number: 150000030500EE052006-DT-R01

38 TeslaIrvine, CA 92618Phone: (949) 679-8000TECHNICAL SUPPORTFrom U.S.A. and Canada (24 hours a day, 7 days a week)(800) SMC-4-YOUPhn: (949) 679-8000

CopyrightInformation furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for i

System Defaults1-91Wireless Interface 802.11b/g (contd.)Antenna ID 0x0000Antenna Location IndoorWireless Security 802.11b/gAuthentication Type Open Sy

Introduction1-101

2-1Chapter 2: Hardware Installation1. Select a Site – Choose a proper place for the access point. In general, the best location is at the center of yo

Hardware Installation2-223. Connect the Power Cord – Connect the power adapter to the access point, and the power cord to an AC power outlet. Otherwis

3-1Chapter 3: External AntennasThe SMC2552W-G2 provides a variety of external antenna options for extending the radio range and shaping the coverge ar

External Antennas3-23• Omnidirectional Antennas - Consider these factors when selecting a location for these antennas:• Always mount the antenna in

Installation Procedures3-33To connect pigtail cables to the access point, follow these steps:1. Disable the access point radio using the web browser i

External Antennas3-435. Reconnect power to the access point.Note: Before enabling the radio with an external antenna attached, be sure to first config

4-1Chapter 4: Network Configuration Wireless networks support a stand-alone configuration as well as an integrated configuration with 10/100 Mbps Ethe

Network Configuration4-24Network TopologiesAd Hoc Wireless LAN (no Access Point)An ad hoc wireless LAN consists of a group of computers, each equipped

iCOMPLIANCESFederal Communication Commission Interference StatementThis equipment has been tested and found to comply with the limits for a Class B di

Network Topologies4-34Infrastructure Wireless LANThe access point also provides access to a wired LAN for wireless workstations. An integrated wired/w

Network Configuration4-44Infrastructure Wireless LAN for Roaming Wireless PCsThe Basic Service Set (BSS) defines the communications domain for each ac

Network Topologies4-54Infrastructure Wireless BridgeThe IEEE 802.11 standard defines a WIreless Distribution System (WDS) for bridge connections betwe

Network Configuration4-64Infrastructure Wireless RepeaterThe access point can also operate in a bridge “repeater” mode to extend the range of links to

5-1Chapter 5: Initial ConfigurationThe 2.4 GHz Wireless Access Point offers a variety of management options, including a web-based interface, a direc

Initial Configuration5-25Note: When using HyperTerminal with Microsoft® Windows® 2000, make sure that you have Windows 2000 Service Pack 2 or later in

Logging In5-35After configuring the access point’s IP parameters, you can access the management interface from anywhere within the attached network. T

Initial Configuration5-45The home page displays the Main Menu.

6-1Chapter 6: System ConfigurationBefore continuing with advanced configuration, first complete the initial configuration steps described in Chapter 4

System Configuration6-26Advanced ConfigurationThe Advanced Configuration pages include the following options.Table 6-2. MenuMenu Description PageSys

COMPLIANCESiiaux appareils numériques de Classe B prescrites dans la norme sur le matérial brouilleur: “Appareils Numériques,” NMB-003 édictée par l’I

Advanced Configuration6-36System IdentificationThe system name for the access point can be left at its default setting. However, modifying this parame

System Configuration6-46CLI Commands for System Identification – Enter the global configuration mode, and use the system name command to specify a new

Advanced Configuration6-56TCP / IP SettingsConfiguring the access point with an IP address expands your ability to manage the access point. A number o

System Configuration6-66• Subnet Mask: The mask that identifies the host address bits used for routing to specific subnets.• Default Gateway: The defa

Advanced Configuration6-76RADIUSRemote Authentication Dial-in User Service (RADIUS) is an authentication protocol that uses software running on a cent

System Configuration6-86

Advanced Configuration6-96MAC Address Format – MAC addresses can be specified in one of four formats, using no delimeter, with a single dash delimeter

System Configuration6-106CLI Commands for RADIUS – From the global configuration mode, use the radius-server address command to specify the address of

Advanced Configuration6-116SSH SettingsTelnet is a remote management tool that can be used to configure the access point from anywhere in the network.

System Configuration6-126CLI Commands for SSH – To enable the SSH server, use the ip ssh-server enable command from the CLI Ethernet interface configu

COMPLIANCESiii• This device will automatically limit the allowable channels determined by the current country of operation. Incorrectly entering the c

Advanced Configuration6-136MAC Authentication – You can configure a list of the MAC addresses for wireless clients that are authorized to access the n

System Configuration6-146802.1X Supplicant – The access point can also operate in a 802.1X supplicant mode. This enables the access point itself to be

Advanced Configuration6-156CLI Commands for Local MAC Authentication – Use the mac-authentication server command from the global configuration mode to

System Configuration6-166CLI Commands for RADIUS MAC Authentication – Use the mac-authentication server command from the global configuration mode to

Advanced Configuration6-176Filter ControlThe access point can employ network traffic frame filtering to control access to network resources and increa

System Configuration6-186• MAC Address: Specifies a MAC address to filter, in the form xx-xx-xx-xx-xx-xx.• Permission: Adds or deletes a MAC address f

Advanced Configuration6-196VLANThe access point can employ VLAN tagging support to control access to network resources and increase security. VLANs se

System Configuration6-206When setting up VLAN IDs for each user on the RADIUS server, be sure to use the RADIUS attributes and values as indicated in

Advanced Configuration6-216WDS SettingsEach access point radio interface can be configured to operate in a bridge or repeater mode, which allows it to

System Configuration6-226• Bridge: Operates as a bridge to other access points. The “Parent” link to the root bridge must be configured. Up to five ot

COMPLIANCESivDeclaration of Conformity in Languages of the EuropeanCommunityEnglish Hereby, SMC, declares that this Radio LAN device is in compliance

Advanced Configuration6-236Spanning Tree Protocol – STP uses a distributed algorithm to select a bridging device (STP-compliant switch, bridge or rout

System Configuration6-246designated ports. After determining the lowest cost spanning tree, it enables all root ports and designated ports, and disabl

Advanced Configuration6-256• Link Path Cost – This parameter is used by the STP to determine the best path between devices. Therefore, lower values sh

System Configuration6-266CLI Commands for STP Settings – If the role of a radio interface is set to Repeater, Bridge or Root Bridge, STP can be enable

Advanced Configuration6-276AP ManagementThe Web, Telnet, and SNMP management interfaces are enabled and open to all IP addresses by default. To provid

System Configuration6-286CLI Commands for AP Management features.AdministrationChanging the PasswordManagement access to the web and CLI interface on

Advanced Configuration6-296Upgrading FirmwareYou can upgrade new access point software from a local file on the management workstation, or from an FTP

System Configuration6-306Before upgrading new software, verify that the access point is connected to the network and has been configured with a compat

Advanced Configuration6-316CLI Commands for Downloading Software from a TFTP Server – Use the copy tftp file command from the Exec mode and then speci

System Configuration6-326System Log The access point can be configured to send event and error messages to a System Log Server. The system clock can a

COMPLIANCESvSafety CompliancePower Cord SafetyPlease read the following safety information carefully before installing the access point:WARNING: Insta

Advanced Configuration6-336Logging Level – Sets the minimum severity level for event logging. (Default: Informational)The system allows you to limit t

System Configuration6-346CLI Commands for System Logging – To enable logging on the access point, use the logging on command from the global configura

Advanced Configuration6-356Note: The access point also allows you to disable SNTP and set the system clock manually. Set Time Zone – SNTP uses Coordin

System Configuration6-366CLI Commands for the System Clock – The following example shows how to manually set the system time when SNTP server support

SNMP6-376Configuring SNMP and Trap Message ParametersThe access point SNMP agent must be enabled to function (for versions 1, 2c, and 3 clients). Man

System Configuration6-386Community Name (Read/Write) – Defines the SNMP community access string that has read/write access. Authorized management stat

SNMP6-396Trap Configuration – Allows selection of specific SNMP notifications to send. The following items are available:• sysSystemUp - The access po

System Configuration6-406• dot11StationAuthenticateFail - A client station has tried and failed to authenticate to the network.• Enable All Traps - Cl

SNMP6-416To view the current SNMP settings, use the show snmp command.Enterprise AP#show snmp 7-54SNMP Information====================================

System Configuration6-426Configuring SNMPv3 UsersThe access point allows up to 10 SNMP v3 users to be configured. Each user must be defined by a uniqu

COMPLIANCESviImportant! Before making connections, make sure you have the correct cord set. Check it (read the label on the cable) against the followi

SNMP6-436CLI Commands for Configuring SNMPv3 Users – Use the snmp-server engine-id command to define the SNMP v3 engine before assigning users to grou

System Configuration6-446Configuring SNMPv3 Trap FiltersSNMP v3 users can be configured to receive notification messages from the access point. An SNM

SNMP6-456Note: Only the New Filter page allows the Filter ID to be configured.Filter ID – A user-defined name that identifies the filter. (Maximum len

System Configuration6-466Configuring SNMPv3 TargetsAn SNMP v3 notification Target ID is specified by the SNMP v3 user, IP address, and UDP port. A use

SNMP6-476Target ID – A user-defined name that identifies a receiver of notifications. The access point supports up to 10 target IDs. (Maximum length:

System Configuration6-486Radio InterfaceThe IEEE 802.11b/g interface includes configuration options for radio signal characteristics and wireless secu

Radio Interface6-496Radio Channel – The radio channel that the access point uses to communicate with wireless clients. When multiple access points are

System Configuration6-506Maximum Station Data Rate – The maximum data rate at which the access point transmits unicast packets on the wireless interfa

Radio Interface6-516Super G – The Atheros proprietary Super G performance enhancements are supported by the access point. These enhancements include b

System Configuration6-526Fragmentation Length – Configures the minimum packet size that can be fragmented when passing through the access point. Fragm