Configuration Guide
Page 5
... Port Operating Parameters 79 Displaying Port Information 81 Configuring Load-Sharing Port Groups 85 Configuring and Managing VLANs 87 Understanding VLANs in 3Com MSS 87 Configuring a VLAN 91 Changing Tunneling Affinity 93 Restricting Layer 2 Forwarding Among Clients 94 Displaying VLAN Information 95 Managing the...98 Configuring the Aging Timeout Period 99 Port and VLAN Configuration Scenario 100 6 CONFIGURING AND MANAGING IP INTERFACES AND SERVICES MTU Support 103 Configuring and Managing IP Interfaces 104 Adding an IP Interface 104 Disabling or Reenabling an IP Interface 107 Removing an ...
... Port Operating Parameters 79 Displaying Port Information 81 Configuring Load-Sharing Port Groups 85 Configuring and Managing VLANs 87 Understanding VLANs in 3Com MSS 87 Configuring a VLAN 91 Changing Tunneling Affinity 93 Restricting Layer 2 Forwarding Among Clients 94 Displaying VLAN Information 95 Managing the...98 Configuring the Aging Timeout Period 99 Port and VLAN Configuration Scenario 100 6 CONFIGURING AND MANAGING IP INTERFACES AND SERVICES MTU Support 103 Configuring and Managing IP Interfaces 104 Adding an IP Interface 104 Disabling or Reenabling an IP Interface 107 Removing an ...
Configuration Guide
Page 10
... Mesh Services 276 Configuring Security 276 Enabling Link Calibration Packets on the Mesh Portal MAP 277 Deploying the Mesh AP 277 Configuring Wireless Bridging 278 Displaying WLAN Mesh Services Information 279 13 CONFIGURING USER ENCRYPTION Overview 281 Configuring WPA 284 WPA Cipher Suites 284 TKIP... Countermeasures 287 WPA Authentication Methods 288 WPA Information Element 288 Client Support 289 Configuring WPA 290 Configuring RSN (802.11i) 296 Creating a Service Profile for RSN 296 Enabling RSN 296 Specifying the RSN...
... Mesh Services 276 Configuring Security 276 Enabling Link Calibration Packets on the Mesh Portal MAP 277 Deploying the Mesh AP 277 Configuring Wireless Bridging 278 Displaying WLAN Mesh Services Information 279 13 CONFIGURING USER ENCRYPTION Overview 281 Configuring WPA 284 WPA Cipher Suites 284 TKIP... Countermeasures 287 WPA Authentication Methods 288 WPA Information Element 288 Client Support 289 Configuring WPA 290 Configuring RSN (802.11i) 296 Creating a Service Profile for RSN 296 Enabling RSN 296 Specifying the RSN...
Configuration Guide
Page 14
...to Change CoS 399 Filtering Based on DSCP Values 399 Enabling Prioritization for Legacy Voice over IP 401 General Guidelines 402 Enabling VoIP Support for TeleSym VoIP 403 Enabling SVP Optimization for SpectraLink Phones 404 Restricting Client-To-Client Forwarding Among IP-Only Clients 409 Security ...ACL Configuration Scenario 410 20 MANAGING KEYS AND CERTIFICATES Why Use Keys and Certificates? 413 Wireless Security through TLS 414 PEAP-MS-CHAP-V2 Security 414 About Keys and Certificates 415 Public Key Infrastructures 416 Public and Private Keys...
...to Change CoS 399 Filtering Based on DSCP Values 399 Enabling Prioritization for Legacy Voice over IP 401 General Guidelines 402 Enabling VoIP Support for TeleSym VoIP 403 Enabling SVP Optimization for SpectraLink Phones 404 Restricting Client-To-Client Forwarding Among IP-Only Clients 409 Security ...ACL Configuration Scenario 410 20 MANAGING KEYS AND CERTIFICATES Why Use Keys and Certificates? 413 Wireless Security through TLS 414 PEAP-MS-CHAP-V2 Security 414 About Keys and Certificates 415 Public Key Infrastructures 416 Public and Private Keys...
Configuration Guide
Page 18
24 CONFIGURING SODA ENDPOINT SECURITY FOR A WX SWITCH About SODA Endpoint Security 543 SODA Endpoint Security Support on WX Switches 544 How SODA Functionality Works on WX Switches 545 Configuring SODA Functionality 546 Configuring Web Portal WebAAA for the Service Profile 547 Creating the SODA Agent with... SODA Manager 547 Copying the SODA Agent to the WX Switch 549 Installing ...
24 CONFIGURING SODA ENDPOINT SECURITY FOR A WX SWITCH About SODA Endpoint Security 543 SODA Endpoint Security Support on WX Switches 544 How SODA Functionality Works on WX Switches 545 Configuring SODA Functionality 546 Configuring Web Portal WebAAA for the Service Profile 547 Creating the SODA Agent with... SODA Manager 547 Copying the SODA Agent to the WX Switch 549 Installing ...
Configuration Guide
Page 21
... Displaying Remote Traffic Monitoring Statistics 643 Preparing an Observer and Capturing Traffic 643 Capturing System Information and Sending it to Technical Support 645 The display tech-support Command 645 Core Files 646 Debug Messages 647 Sending Information to 3Com Technical Support 648 B ENABLING AND LOGGING INTO WEB VIEW System Requirements 649 Browser Requirements 649 WX Switch...
... Displaying Remote Traffic Monitoring Statistics 643 Preparing an Observer and Capturing Traffic 643 Capturing System Information and Sending it to Technical Support 645 The display tech-support Command 645 Core Files 646 Debug Messages 647 Sending Information to 3Com Technical Support 648 B ENABLING AND LOGGING INTO WEB VIEW System Requirements 649 Browser Requirements 649 WX Switch...
Configuration Guide
Page 22
C SUPPORTED RADIUS ATTRIBUTES Attributes 651 Supported Standard and Extended Attributes 652 3Com Vendor-Specific Attributes 659 D TRAFFIC PORTS USED BY MSS E DHCP SERVER How the MSS DHCP Server Works 664 Configuring the DHCP Server 665 Displaying DHCP Server Information 666 F OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS Register Your Product to Gain Service Benefits 667 Solve Problems Online 667 Purchase Extended Warranty and Professional Services 668 Access Software Downloads 668 Contact Us 668 Telephone Technical Support and Repair 669 GLOSSARY INDEX COMMAND INDEX
C SUPPORTED RADIUS ATTRIBUTES Attributes 651 Supported Standard and Extended Attributes 652 3Com Vendor-Specific Attributes 659 D TRAFFIC PORTS USED BY MSS E DHCP SERVER How the MSS DHCP Server Works 664 Configuring the DHCP Server 665 Displaying DHCP Server Information 666 F OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS Register Your Product to Gain Service Benefits 667 Solve Problems Online 667 Purchase Extended Warranty and Professional Services 668 Access Software Downloads 668 Contact Us 668 Telephone Technical Support and Repair 669 GLOSSARY INDEX COMMAND INDEX
Configuration Guide
Page 25
... (MSS) CLI. „ Wireless LAN Switch and Controller Command Reference This reference provides syntax information for all MSS commands supported on the title page) „ Page number (if appropriate) Example: „ Wireless LAN Switch and Controller Configuration Guide „...revision (on WX switches. Documentation Comments 25 Documentation Comments „ Wireless Switch Manager Reference Manual This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless Switch Manager (3WXM). „ Wireless Switch Manager User's Guide...
... (MSS) CLI. „ Wireless LAN Switch and Controller Command Reference This reference provides syntax information for all MSS commands supported on the title page) „ Page number (if appropriate) Example: „ Wireless LAN Switch and Controller Configuration Guide „...revision (on WX switches. Documentation Comments 25 Documentation Comments „ Wireless Switch Manager Reference Manual This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless Switch Manager (3WXM). „ Wireless Switch Manager User's Guide...
Configuration Guide
Page 26
26 ABOUT THIS GUIDE Please note that we can only respond to your network supplier. Questions related to technical support or sales should be directed in the first instance to comments and questions about 3Com product documentation at this e-mail address.
26 ABOUT THIS GUIDE Please note that we can only respond to your network supplier. Questions related to technical support or sales should be directed in the first instance to comments and questions about 3Com product documentation at this e-mail address.
Configuration Guide
Page 27
... command. The WX switch supports two connection modes: „ Administrative access mode, which enables the network administrator to connect to the WX and configure the network „ Network access mode, which enables network users to connect through the WX to access the network Be aware of 3Com Wireless Switch Manager software, Wireless LAN Switches (WX1200 or WXR100), Wireless LAN Controllers (WX4400...
... command. The WX switch supports two connection modes: „ Administrative access mode, which enables the network administrator to connect to the WX and configure the network „ Network access mode, which enables network users to connect through the WX to access the network Be aware of 3Com Wireless Switch Manager software, Wireless LAN Switches (WX1200 or WXR100), Wireless LAN Controllers (WX4400...
Configuration Guide
Page 29
... Globs" on page 31.) IP Address and Mask Notation MSS displays IP addresses in a single command. 3Com recommends that you do not configure two separate VLANs with either hyphen (-) or colon (:) delimiters, but colons... ampersand (&), angle brackets (< >), number sign (#), question mark (?), or quotation marks (""). The CLI does not support the use the single-asterisk (*) wildcard character to represent an entire MAC address or from 1 byte to express ...allows you to group usernames, MAC addresses, virtual LAN (VLAN) names, and ports in dotted decimal notation-for example, 192.168.1.111.
... Globs" on page 31.) IP Address and Mask Notation MSS displays IP addresses in a single command. 3Com recommends that you do not configure two separate VLANs with either hyphen (-) or colon (:) delimiters, but colons... ampersand (&), angle brackets (< >), number sign (#), question mark (?), or quotation marks (""). The CLI does not support the use the single-asterisk (*) wildcard character to represent an entire MAC address or from 1 byte to express ...allows you to group usernames, MAC addresses, virtual LAN (VLAN) names, and ports in dotted decimal notation-for example, 192.168.1.111.
Configuration Guide
Page 40
... instructions, see "Accessing the Web Quick Start" on page 41.) The Web Quick Start application is supported only on a switch that is accessible only on the switch and use the Web Quick Start to ten users with the Web Quick Start. The Web Quick Start...or port 2 on unconfigured switches. Web Quick Start (WXR100, WX1200 and WX2200 Only) 40 Web Quick Start (WXR100, WX1200 and WX2200 Only) You can use the CLI or 3Com Wireless Switch Manager. You also can configure additional SSIDs using the CLI or 3Com Wireless Switch Manager. „ Usernames and passwords for a small office.
... instructions, see "Accessing the Web Quick Start" on page 41.) The Web Quick Start application is supported only on a switch that is accessible only on the switch and use the Web Quick Start to ten users with the Web Quick Start. The Web Quick Start...or port 2 on unconfigured switches. Web Quick Start (WXR100, WX1200 and WX2200 Only) 40 Web Quick Start (WXR100, WX1200 and WX2200 Only) You can use the CLI or 3Com Wireless Switch Manager. You also can configure additional SSIDs using the CLI or 3Com Wireless Switch Manager. „ Usernames and passwords for a small office.
Configuration Guide
Page 47
...System IP address netmask []: 255.255.255.0 Default route []: 172.16.0.21 Do you will erase any existing config. Although the same hardware supports both SSIDs and sets of users, AAA ensures that only the users who are in the same VLAN, as the timezone name. for port ... be required to access an SSID can use 802.1Q tagged default VLAN [Y/N]? Figure 2 Single-Switch Deployment Console WX1200-20-Corp 10.10.10.4 Port Port 2 3 Backbone Internet Corporate resources alice bob user1 user2 WXR100-aabbcc# quickstart This will be in this example. Figure 2 shows an example.
...System IP address netmask []: 255.255.255.0 Default route []: 172.16.0.21 Do you will erase any existing config. Although the same hardware supports both SSIDs and sets of users, AAA ensures that only the users who are in the same VLAN, as the timezone name. for port ... be required to access an SSID can use 802.1Q tagged default VLAN [Y/N]? Figure 2 Single-Switch Deployment Console WX1200-20-Corp 10.10.10.4 Port Port 2 3 Backbone Internet Corporate resources alice bob user1 user2 WXR100-aabbcc# quickstart This will be in this example. Figure 2 shows an example.
Configuration Guide
Page 49
... provide both clear (unencrypted) and secure (802.1X) wireless access. „ StarterKit-Contains a simple rectangle as a floor plan, but with two WX switches and two MAPs on page 46. The staged option is supported only for all switch models. You can configure a WXR100 switch shipped directly to the remote office. The plan differs from the sample configuration by...
... provide both clear (unencrypted) and secure (802.1X) wireless access. „ StarterKit-Contains a simple rectangle as a floor plan, but with two WX switches and two MAPs on page 46. The staged option is supported only for all switch models. You can configure a WXR100 switch shipped directly to the remote office. The plan differs from the sample configuration by...
Configuration Guide
Page 51
... Overview CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS 3Com Mobility System Software (MSS) supports authentication, authorization, and accounting (AAA) for administrators... Restricted mode is available. Administrators cannot establish a Telnet or Secure Shell (SSH) connection to a Remote Authentication Dial-In User Service (RADIUS) server. In this mode, only a small subset of operation ...users before you must add a username and password entry to the console port and manage the switch, because no authentication is not secure, unlike SSH, 3WXM and Web Manager connections. (For details...
... Overview CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS 3Com Mobility System Software (MSS) supports authentication, authorization, and accounting (AAA) for administrators... Restricted mode is available. Administrators cannot establish a Telnet or Secure Shell (SSH) connection to a Remote Authentication Dial-In User Service (RADIUS) server. In this mode, only a small subset of operation ...users before you must add a username and password entry to the console port and manage the switch, because no authentication is not secure, unlike SSH, 3WXM and Web Manager connections. (For details...
Configuration Guide
Page 58
...switch supports the following wildcard characters for different AAA treatments. For example, you classify users by an administrator. The fallthru authentication type None denies access to a user or set of the password in the local database. Individual user entries override group entries if they contain uppercase and lowercase letters and numbers. 3Com...ACCESS The authentication method none you display the configuration. The authentication method none allows access to the WX switch by username or media access control (MAC) address for user globs: „ Single asterisk (*) matches...
...switch supports the following wildcard characters for different AAA treatments. For example, you classify users by an administrator. The fallthru authentication type None denies access to a user or set of the password in the local database. Individual user entries override group entries if they contain uppercase and lowercase letters and numbers. 3Com...ACCESS The authentication method none you display the configuration. The authentication method none allows access to the WX switch by username or media access control (MAC) address for user globs: „ Single asterisk (*) matches...
Configuration Guide
Page 73
...11b/g. Other MAP models have been discontinued but can be specified. Configuring and Managing Ports 73 Table 6 Maximum MAPs Supported Per Switch WX Switch Model WX4400 Maximum Configured 300 WX2200 320 WX1200 30 WXR100 8 Maximum Booted 24, 48, 72, 96, or 120, depending on the license. 24, 48, 72,...352 have two radios. For this purpose, you must use the following command: set the IEEE 802.11 country-specific regulations on the WX switch. (See "Specifying the Country of operation specified by the command. If the country of Operation" on the license. 12 3 Setting a Port...
...11b/g. Other MAP models have been discontinued but can be specified. Configuring and Managing Ports 73 Table 6 Maximum MAPs Supported Per Switch WX Switch Model WX4400 Maximum Configured 300 WX2200 320 WX1200 30 WXR100 8 Maximum Booted 24, 48, 72, 96, or 120, depending on the license. 24, 48, 72,...352 have two radios. For this purpose, you must use the following command: set the IEEE 802.11 country-specific regulations on the WX switch. (See "Specifying the Country of operation specified by the command. If the country of Operation" on the license. 12 3 Setting a Port...
Configuration Guide
Page 74
... ports. 74 CHAPTER 5: CONFIGURING AND MANAGING PORTS AND VLANS You cannot configure any gigabit Ethernet port, or port 7 or 8 on a WX1200 switch, or port 1 on a WXR100, as a AP in MP-620 require external antenna, and model MP-262 requires an external antenna for a MAP (referred to as a MAP... port. The range of external antennas instead: AP2750, AP3150, AP3750, AP3850, AP7250, AP8250, AP8750, MP-372, MP-372-CN, and MP-372-JP. (Antenna support on ...
... ports. 74 CHAPTER 5: CONFIGURING AND MANAGING PORTS AND VLANS You cannot configure any gigabit Ethernet port, or port 7 or 8 on a WX1200 switch, or port 1 on a WXR100, as a AP in MP-620 require external antenna, and model MP-262 requires an external antenna for a MAP (referred to as a MAP... port. The range of external antennas instead: AP2750, AP3150, AP3750, AP3850, AP7250, AP8250, AP8750, MP-372, MP-372-CN, and MP-372-JP. (Antenna support on ...
Configuration Guide
Page 75
Configuring and Managing Ports 75 Table 7 Valid dap-num Values Switch Model WX4400 WX1200 WXR100 WX2200 Valid Range 1 to 300 1 to 30 1 to 8 1 to 320 For the serial-id parameter, specify the serial ID of simultaneous user sessions that can .... To display the serial ID using the CLI, use the display version details command. The fallthru authentication type is used if the user does not support 802.1X and is a MAP model MP-372 with the set a port for MAP 1, which means the user is automatically denied access if neither 802...
Configuring and Managing Ports 75 Table 7 Valid dap-num Values Switch Model WX4400 WX1200 WXR100 WX2200 Valid Range 1 to 300 1 to 30 1 to 8 1 to 320 For the serial-id parameter, specify the serial ID of simultaneous user sessions that can .... To display the serial ID using the CLI, use the display version details command. The fallthru authentication type is used if the user does not support 802.1X and is a MAP model MP-372 with the set a port for MAP 1, which means the user is automatically denied access if neither 802...
Configuration Guide
Page 76
...devices from forwarding PAE group address packets, because this case, disable repetitive traffic emissions such as a wired authentication port supporting one interface and one simultaneous user session. Instead of packets from the client to an authenticator's MAC address until the..., WebAAA, or last-resort authentication, wired authentication works if the clients are attached through a downstream third-party switch, the WX switch attempts to a downstream switch, use MAC authentication. Clearing a Port To change a port's type from MAP access port or wired authentication port...
...devices from forwarding PAE group address packets, because this case, disable repetitive traffic emissions such as a wired authentication port supporting one interface and one simultaneous user session. Instead of packets from the client to an authenticator's MAC address until the..., WebAAA, or last-resort authentication, wired authentication works if the clients are attached through a downstream third-party switch, the WX switch attempts to a downstream switch, use MAC authentication. Clearing a Port To change a port's type from MAP access port or wired authentication port...
Configuration Guide
Page 79
... operating parameters: „ Speed „ Autonegotiation „ Port state „ PoE state All ports on the WX1200 switch support half-duplex and full-duplex operation. 3Com recommends that one side of a gigabit port to full-duplex. The slow throughput occurs because the side that is invalid....Parameters Autonegotiation is enabled by selecting an option other side is set to full-duplex. If you do not support half-duplex operation. Ports on the WX4400 switches support full-duplex operating mode only. MSS allows the port speed of a 10/100 Ethernet port, the operating ...
... operating parameters: „ Speed „ Autonegotiation „ Port state „ PoE state All ports on the WX1200 switch support half-duplex and full-duplex operation. 3Com recommends that one side of a gigabit port to full-duplex. The slow throughput occurs because the side that is invalid....Parameters Autonegotiation is enabled by selecting an option other side is set to full-duplex. If you do not support half-duplex operation. Ports on the WX4400 switches support full-duplex operating mode only. MSS allows the port speed of a 10/100 Ethernet port, the operating ...
