Configuration Guide
Page 4
... Start Requirements 41 Accessing the Web Quick Start 41 CLI quickstart Command 44 Quickstart Example 46 Remote WX Configuration 49 Opening the QuickStart Network Plan in 3Com Wireless Switch Manager 49 3 CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS Overview 51 Before You Start 54 ...Saving the Configuration 61 Administrative AAA Configuration Scenarios 62 Local Authentication 62 Local Authentication for Console Users and RADIUS Authentication for Telnet Users 62 Authentication When RADIUS Servers Do Not Respond 63 Local Override and Backup Local Authentication 64 4 MANAGING USER PASSWORDS...
... Start Requirements 41 Accessing the Web Quick Start 41 CLI quickstart Command 44 Quickstart Example 46 Remote WX Configuration 49 Opening the QuickStart Network Plan in 3Com Wireless Switch Manager 49 3 CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS Overview 51 Before You Start 54 ...Saving the Configuration 61 Administrative AAA Configuration Scenarios 62 Local Authentication 62 Local Authentication for Console Users and RADIUS Authentication for Telnet Users 62 Authentication When RADIUS Servers Do Not Respond 63 Local Override and Backup Local Authentication 64 4 MANAGING USER PASSWORDS...
Configuration Guide
Page 6
... Managing IP Routes 108 Displaying IP Routes 110 Adding a Static Route 111 Removing a Static Route 112 Managing the Management Services 113 Managing SSH 113 Managing Telnet 116 Managing HTTPS 118 Changing the Idle Timeout for CLI Management Sessions 119 Setting a Message of the Day (MOTD) Banner 120 Prompting the User to...
... Managing IP Routes 108 Displaying IP Routes 110 Adding a Static Route 111 Removing a Static Route 112 Managing the Management Services 113 Managing SSH 113 Managing Telnet 116 Managing HTTPS 118 Changing the Idle Timeout for CLI Management Sessions 119 Setting a Message of the Day (MOTD) Banner 120 Prompting the User to...
Configuration Guide
Page 18
... 553 Specifying an Alternate SODA Agent Directory for a Service Profile 554 Uninstalling the SODA Agent Files from the WX Switch 554 Displaying SODA Configuration Information 555 25 MANAGING SESSIONS About the Session Manager 557 Displaying and Clearing Administrative Sessions 557 ... All Administrative Sessions 558 Displaying and Clearing an Administrative Console Session 558 Displaying and Clearing Administrative Telnet Sessions 559 Displaying and Clearing Client Telnet Sessions 559 Displaying and Clearing Network Sessions 560 Displaying Verbose Network Session Information 561 Displaying and ...
... 553 Specifying an Alternate SODA Agent Directory for a Service Profile 554 Uninstalling the SODA Agent Files from the WX Switch 554 Displaying SODA Configuration Information 555 25 MANAGING SESSIONS About the Session Manager 557 Displaying and Clearing Administrative Sessions 557 ... All Administrative Sessions 558 Displaying and Clearing an Administrative Console Session 558 Displaying and Clearing Administrative Telnet Sessions 559 Displaying and Clearing Client Telnet Sessions 559 Displaying and Clearing Network Sessions 560 Displaying Verbose Network Session Information 561 Displaying and ...
Configuration Guide
Page 35
... the help command description in the Wireless LAN Switch and Controller Command Reference. For example: WX1200# display ip ? ifm igmp interface ip display interfaces maintained by a question mark (?). alias display ip aliases dns display DNS status https display ip https route display ip route table telnet display ip telnet To determine the port on help...
... the help command description in the Wireless LAN Switch and Controller Command Reference. For example: WX1200# display ip ? ifm igmp interface ip display interfaces maintained by a question mark (?). alias display ip aliases dns display DNS status https display ip https route display ip route table telnet display ip telnet To determine the port on help...
Configuration Guide
Page 38
... in "Remote WX Configuration" on page 49.) You also can use 3Com Wireless Switch Manager to plan your network, create WX switches in 3Com Wireless Switch Manager" on until the right LED above port 1 flashes for SSH or Telnet access, you configure the switch for 3... seconds. After you also can use these protocols to configure the switch. Activating the factory reset causes the WXR100...
... in "Remote WX Configuration" on page 49.) You also can use 3Com Wireless Switch Manager to plan your network, create WX switches in 3Com Wireless Switch Manager" on until the right LED above port 1 flashes for SSH or Telnet access, you configure the switch for 3... seconds. After you also can use these protocols to configure the switch. Activating the factory reset causes the WXR100...
Configuration Guide
Page 40
... basic wireless access for a small office. You can use the Web Quick Start to configure the following parameters: System name of the switch Country code (the country where wireless access...; Management access You can individually select Telnet, SSH, and Web View. You can configure additional SSIDs using the CLI or 3Com Wireless Switch Manager. Usernames and passwords for ports ...Web Quick Start" on page 41.) The Web Quick Start application is accessible only on switch models WXR100, WX1200, and WX2200. You can secure the Console port. To access the Web Quick...
... basic wireless access for a small office. You can use the Web Quick Start to configure the following parameters: System name of the switch Country code (the country where wireless access...; Management access You can individually select Telnet, SSH, and Web View. You can configure additional SSIDs using the CLI or 3Com Wireless Switch Manager. Usernames and passwords for ports ...Web Quick Start" on page 41.) The Web Quick Start application is accessible only on switch models WXR100, WX1200, and WX2200. You can secure the Console port. To access the Web Quick...
Configuration Guide
Page 48
... enable the admin user to set user wxadmin attr service-type 6 7 Verify the configuration changes. WXR100-aabbcc# display config WXR100-aabbcc# set ip telnet server enable WXR100-aabbcc# set the time? [y]: y Enter the date (dd/mm/yy) []: 31/03/07 Is daylight saving time (DST) in effect [n]: n Enter the ...time (hh:mm:ss) []: 04:36:20 Enter the timezone []: PST Enter the offset (without DST) from GMT for 'PST' in hh:mm [0:0]: -8:0 Do you wish to configure wireless...
... enable the admin user to set user wxadmin attr service-type 6 7 Verify the configuration changes. WXR100-aabbcc# display config WXR100-aabbcc# set ip telnet server enable WXR100-aabbcc# set the time? [y]: y Enter the date (dd/mm/yy) []: 31/03/07 Is daylight saving time (DST) in effect [n]: n Enter the ...time (hh:mm:ss) []: 04:36:20 Enter the timezone []: PST Enter the offset (without DST) from GMT for 'PST' in hh:mm [0:0]: -8:0 Do you wish to configure wireless...
Configuration Guide
Page 51
...to the console port and manage the switch, because no authentication is useful for secure network connections. When you type the enable command at the command prompt. Here is available. Restricted mode is enforced. (3Com recommends that you set the authentication ...all CLI commands. In enabled mode, you must establish administrative access for Telnet users to a Remote Authentication Dial-In User Service (RADIUS) server. 3 Overview CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS 3Com Mobility System Software (MSS) supports authentication, authorization, and accounting (AAA)...
...to the console port and manage the switch, because no authentication is useful for secure network connections. When you type the enable command at the command prompt. Here is available. Restricted mode is enforced. (3Com recommends that you set the authentication ...all CLI commands. In enabled mode, you must establish administrative access for Telnet users to a Remote Authentication Dial-In User Service (RADIUS) server. 3 Overview CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS 3Com Mobility System Software (MSS) supports authentication, authorization, and accounting (AAA)...
Configuration Guide
Page 52
... authentication, authorization, and accounting for administrative access mode. 3Com recommends enforcing authentication for that user. 6 Local override. As network administrator, you can apply different authentication methods to a RADIUS server. You can configure console authentication and Telnet authentication separately, and you initially access the WX switch via a RADIUS server. Username globbing (see Chapter 22...
... authentication, authorization, and accounting for administrative access mode. 3Com recommends enforcing authentication for that user. 6 Local override. As network administrator, you can apply different authentication methods to a RADIUS server. You can configure console authentication and Telnet authentication separately, and you initially access the WX switch via a RADIUS server. Username globbing (see Chapter 22...
Configuration Guide
Page 54
... in this chapter, read the Wireless LAN Switch and Controller Quick Start Guide to set up a WX switch and the attached MAPs for SSH access, see Chapter 21, "Configuring AAA for configuring and managing a single WX switch through the WX switch. Allows network users to authenticate valid...(AAA) framework helps secure network connections by identifying who access MSS via the Telnet protocol. See "Enabling an Administrator" on page 55. Telnet - Web View uses a secure connection via remote servers to connect through a Web browser. Access Modes MSS provides AAA either ...
... in this chapter, read the Wireless LAN Switch and Controller Quick Start Guide to set up a WX switch and the attached MAPs for SSH access, see Chapter 21, "Configuring AAA for configuring and managing a single WX switch through the WX switch. Allows network users to authenticate valid...(AAA) framework helps secure network connections by identifying who access MSS via the Telnet protocol. See "Enabling an Administrator" on page 55. Telnet - Web View uses a secure connection via remote servers to connect through a Web browser. Access Modes MSS provides AAA either ...
Configuration Guide
Page 55
... the Console Administrators must initially configure the WX switch with a computer or terminal connected to the WX console port through a serial cable. Telnet access is not initially enabled. Press Enter when prompted for Administrative Users" on page 59.) Save the configuration. (See "Saving the Configuration" on page ...
... the Console Administrators must initially configure the WX switch with a computer or terminal connected to the WX console port through a serial cable. Telnet access is not initially enabled. Press Enter when prompted for Administrative Users" on page 59.) Save the configuration. (See "Saving the Configuration" on page ...
Configuration Guide
Page 62
...local username. 62 CHAPTER 3: CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS Administrative AAA Configuration Scenarios The following scenarios illustrate typical configurations for Telnet Users" on page 62 "Local Override and Backup Local Authentication" on page 64 "Authentication When RADIUS Servers Do... Not Respond" on page 63 Local Authentication The first time you access a WX switch, it requires no authentication. (For more information, see "First-Time Configuration via the Console" on page 62 "Local...
...local username. 62 CHAPTER 3: CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS Administrative AAA Configuration Scenarios The following scenarios illustrate typical configurations for Telnet Users" on page 62 "Local Override and Backup Local Authentication" on page 64 "Authentication When RADIUS Servers Do... Not Respond" on page 63 Local Authentication The first time you access a WX switch, it requires no authentication. (For more information, see "First-Time Configuration via the Console" on page 62 "Local...
Configuration Guide
Page 63
... user admin attr service-type 6 success: change accepted. To configure unconditional authentication, Natasha sets the authentication method to the RADIUS server group sg1, and configures Telnet administrative users for administrative and console users if the RADIUS server (in this case, server r1 in this order: WX1200# set user natasha password m@Jor...
... user admin attr service-type 6 success: change accepted. To configure unconditional authentication, Natasha sets the authentication method to the RADIUS server group sg1, and configures Telnet administrative users for administrative and console users if the RADIUS server (in this case, server r1 in this order: WX1200# set user natasha password m@Jor...
Configuration Guide
Page 64
Natasha also enables backup RADIUS authentication for Telnet administrators. The order in which Natasha enters authentication methods in the set authentication console * local sg1 success: change accepted. The local database is authenticated by the local database in the WX switch. If it finds no match for console users. WX1200# save config success: configuration...
Natasha also enables backup RADIUS authentication for Telnet administrators. The order in which Natasha enters authentication methods in the set authentication console * local sg1 success: change accepted. The local database is authenticated by the local database in the WX switch. If it finds no match for console users. WX1200# save config success: configuration...
Configuration Guide
Page 67
...and administrative users, use the following command: set authentication password-restrict enable warning: the following command: WX# set authentication max-attempts number For Telnet or SSH sessions, a maximum of users whose password does not meet the restriction on the WX and displays a list of 4 failed ...%Pag32!). A user cannot reuse any of his or her 10 previous passwords (not applicable to enable password restrictions on the WX switch, type the following users have passwords that do not have at least 4 characters must be different from the previous password. The ...
...and administrative users, use the following command: set authentication password-restrict enable warning: the following command: WX# set authentication max-attempts number For Telnet or SSH sessions, a maximum of users whose password does not meet the restriction on the WX and displays a list of 4 failed ...%Pag32!). A user cannot reuse any of his or her 10 previous passwords (not applicable to enable password restrictions on the WX switch, type the following users have passwords that do not have at least 4 characters must be different from the previous password. The ...
Configuration Guide
Page 104
...an IP interface. Optionally, the other VLANs configured on the WX switch: Management access through Telnet Access by enabling the Dynamic Host Configuration Protocol (DHCP) client on a WX switch must belong to provide management access. 104 CHAPTER 6: CONFIGURING AND MANAGING...} Enabling the DHCP Client The MSS DHCP client enables a WX switch to a VLAN by statically configuring an IP Interface address or by 3Com Wireless Switch Manager Exchanging information and user data with other WX switches in a Mobility Domain IP interfaces are associated with VLANs.
...an IP interface. Optionally, the other VLANs configured on the WX switch: Management access through Telnet Access by enabling the Dynamic Host Configuration Protocol (DHCP) client on a WX switch must belong to provide management access. 104 CHAPTER 6: CONFIGURING AND MANAGING...} Enabling the DHCP Client The MSS DHCP client enables a WX switch to a VLAN by statically configuring an IP Interface address or by 3Com Wireless Switch Manager Exchanging information and user data with other WX switches in a Mobility Domain IP interfaces are associated with VLANs.
Configuration Guide
Page 112
...that uses default router 10.2.4.1: WX1200# clear ip route 192.168.4.69/24 10.2.4.1 success: change accepted. To add an explicit route from a WX switch to any host on the 192.168.4.x subnet through 10.2.4.69 when the WX interface to that default router is up, type the following commands... | ip-addr mask | ip-addr/mask-length} default-router After you are managing the WX switch with a Telnet session and the session needs the static route, removing the route also removes the Telnet connection to the switch. For example, if you remove a route, traffic that uses the route can no longer reach its...
...that uses default router 10.2.4.1: WX1200# clear ip route 192.168.4.69/24 10.2.4.1 success: change accepted. To add an explicit route from a WX switch to any host on the 192.168.4.x subnet through 10.2.4.69 when the WX interface to that default router is up, type the following commands... | ip-addr mask | ip-addr/mask-length} default-router After you are managing the WX switch with a Telnet session and the session needs the static route, removing the route also removes the Telnet connection to the switch. For example, if you remove a route, traffic that uses the route can no longer reach its...
Configuration Guide
Page 113
... Enter or complete the login before the timer expires, MSS ends the session. SSH provides a secure connection to the switch. If you configure SSH, disable Telnet. Enabling SSH SSH is enabled by default. When a user enters a valid username and password, SSH establishes a management...it, use the following services for managing a WX switch over the network. Telnet provides a nonsecure connection to eight Telnet or SSH sessions, in any combination, and one Console session. HTTPS provides a secure connection to complete the login. A WXR100 can have up to the CLI through TCP port ...
... Enter or complete the login before the timer expires, MSS ends the session. SSH provides a secure connection to the switch. If you configure SSH, disable Telnet. Enabling SSH SSH is enabled by default. When a user enters a valid username and password, SSH establishes a management...it, use the following services for managing a WX switch over the network. Telnet provides a nonsecure connection to eight Telnet or SSH sessions, in any combination, and one Console session. HTTPS provides a secure connection to complete the login. A WXR100 can have up to the CLI through TCP port ...
Configuration Guide
Page 115
... 59.) Changing the SSH Service Port Number To change the SSH port the WX switch listens on a WX switch, type the following command: WX1200# display sessions admin Tty Username ------- tty0 tty2 tech tty3 sshadmin Time (s) -------3644 6 381 Type ---Console Telnet SSH 3 admin sessions Managing SSH Server Sessions Use the following command: set ip...
... 59.) Changing the SSH Service Port Number To change the SSH port the WX switch listens on a WX switch, type the following command: WX1200# display sessions admin Tty Username ------- tty0 tty2 tech tty3 sshadmin Time (s) -------3644 6 381 Type ---Console Telnet SSH 3 admin sessions Managing SSH Server Sessions Use the following command: set ip...
Configuration Guide
Page 116
... password password Optionally, you do you wish to continue? (y|n) [n]y Cleared ssh session on tty3 (To manage Telnet client sessions, see "Adding an SSH User" on page 132.) Managing Telnet Telnet requires a valid username and password for SSH or create a new one. 116 CHAPTER 6: CONFIGURING AND MANAGING ...prompt is displayed, MSS allows 30 seconds to enter a valid username and password to a Remote Device" on page 114. To enable Telnet, use the same username and password for access to the switch. For a CLI example, see "Logging In to complete the login. Use the following command...
... password password Optionally, you do you wish to continue? (y|n) [n]y Cleared ssh session on tty3 (To manage Telnet client sessions, see "Adding an SSH User" on page 132.) Managing Telnet Telnet requires a valid username and password for SSH or create a new one. 116 CHAPTER 6: CONFIGURING AND MANAGING ...prompt is displayed, MSS allows 30 seconds to enter a valid username and password to a Remote Device" on page 114. To enable Telnet, use the same username and password for access to the switch. For a CLI example, see "Logging In to complete the login. Use the following command...