Configuration Guide
Page 2
...such revision or change. 3Com Corporation provides this documentation without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation at private expense. Reducing the waste generated by any means or used to be environmentally-friendly in... to : Establishing environmental performance standards that all operations. Environmental Statement about the Documentation The documentation for a particular purpose. 3Com may be recycled, reused and disposed of this documentation may make improvements or changes in the product(s) and/or the ...
...such revision or change. 3Com Corporation provides this documentation without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation at private expense. Reducing the waste generated by any means or used to be environmentally-friendly in... to : Establishing environmental performance standards that all operations. Environmental Statement about the Documentation The documentation for a particular purpose. 3Com may be recycled, reused and disposed of this documentation may make improvements or changes in the product(s) and/or the ...
Configuration Guide
Page 3
... LAN Identification 33 Command-Line Editing 33 Keyboard Shortcuts 33 History Buffer 34 Tabs 34 Single-Asterisk (*) Wildcard Character 34 Double-Asterisk (**) Wildcard Characters 34 Using CLI Help 34 Understanding Command Descriptions 36 2 WX SETUP METHODS Overview 37 Quick Starts 37 3Com Wireless Switch ...Manager 38 CLI 38 Web Manager 38 How a WX Switch Gets its Configuration 39 Web Quick Start (WXR100, WX1200 and WX2200 Only) 40
... LAN Identification 33 Command-Line Editing 33 Keyboard Shortcuts 33 History Buffer 34 Tabs 34 Single-Asterisk (*) Wildcard Character 34 Double-Asterisk (**) Wildcard Characters 34 Using CLI Help 34 Understanding Command Descriptions 36 2 WX SETUP METHODS Overview 37 Quick Starts 37 3Com Wireless Switch ...Manager 38 CLI 38 Web Manager 38 How a WX Switch Gets its Configuration 39 Web Quick Start (WXR100, WX1200 and WX2200 Only) 40
Configuration Guide
Page 9
... or Reenabling Radios 250 Enabling or Disabling Individual Radios 250 Disabling or Reenabling All Radios Using a Profile 250 Resetting a Radio to its Factory Default Settings 251 Restarting a MAP 251 Configuring Local Packet Switching on MAPs 252 Configuring Local Switching 253 Displaying MAP Information 256 Displaying MAP Configuration Information 256 Displaying Connection Information for...
... or Reenabling Radios 250 Enabling or Disabling Individual Radios 250 Disabling or Reenabling All Radios Using a Profile 250 Resetting a Radio to its Factory Default Settings 251 Restarting a MAP 251 Configuring Local Packet Switching on MAPs 252 Configuring Local Switching 253 Displaying MAP Information 256 Displaying MAP Configuration Information 256 Displaying Connection Information for...
Configuration Guide
Page 11
... 321 15 CONFIGURING MAPS TO BE AEROSCOUT LISTENERS Configuring MAP Radios to Listen for AeroScout RFID Tags 324 Locating an RFID Tag 325 Using an AeroScout Engine 325 Using 3Com Wireless Switch Manager 325 16 CONFIGURING QUALITY OF SERVICE About QoS 327 Summary of QoS Features 327 QoS Mode 330 WMM QoS Mode 331 WMM...
... 321 15 CONFIGURING MAPS TO BE AEROSCOUT LISTENERS Configuring MAP Radios to Listen for AeroScout RFID Tags 324 Locating an RFID Tag 325 Using an AeroScout Engine 325 Using 3Com Wireless Switch Manager 325 16 CONFIGURING QUALITY OF SERVICE About QoS 327 Summary of QoS Features 327 QoS Mode 330 WMM QoS Mode 331 WMM...
Configuration Guide
Page 14
... Security ACL 394 Placing One ACE before Another 395 Modifying an Existing Security ACL 396 Clearing Security ACLs from the Edit Buffer 397 Using ACLs to Change CoS 399 Filtering Based on DSCP Values 399 Enabling Prioritization for Legacy Voice over IP 401 General Guidelines 402 Enabling ...Restricting Client-To-Client Forwarding Among IP-Only Clients 409 Security ACL Configuration Scenario 410 20 MANAGING KEYS AND CERTIFICATES Why Use Keys and Certificates? 413 Wireless Security through TLS 414 PEAP-MS-CHAP-V2 Security 414 About Keys and Certificates 415 Public Key Infrastructures 416 Public and...
... Security ACL 394 Placing One ACE before Another 395 Modifying an Existing Security ACL 396 Clearing Security ACLs from the Edit Buffer 397 Using ACLs to Change CoS 399 Filtering Based on DSCP Values 399 Enabling Prioritization for Legacy Voice over IP 401 General Guidelines 402 Enabling ...Restricting Client-To-Client Forwarding Among IP-Only Clients 409 Security ACL Configuration Scenario 410 20 MANAGING KEYS AND CERTIFICATES Why Use Keys and Certificates? 413 Wireless Security through TLS 414 PEAP-MS-CHAP-V2 Security 414 About Keys and Certificates 415 Public Key Infrastructures 416 Public and...
Configuration Guide
Page 15
Key and Certificate Configuration Scenarios 427 Creating Self-Signed Certificates 427 Installing CA-Signed Certificates from PKCS #12 Object Files 429 Installing CA-Signed Certificates Using a PKCS #10 Object File (CSR) and a PKCS #7 Object File 431 21 CONFIGURING AAA FOR NETWORK USERS About AAA for Network Users 433 ... 442 AAA Methods for IEEE 802.1X and Web Network Access 442 IEEE 802.1X Extensible Authentication Protocol Types 446 Ways a WX Switch Can Use EAP 447 Effects of Authentication Type on Encryption Method 448 Configuring 802.1X Authentication 449 Configuring EAP Offload 449...
Key and Certificate Configuration Scenarios 427 Creating Self-Signed Certificates 427 Installing CA-Signed Certificates from PKCS #12 Object Files 429 Installing CA-Signed Certificates Using a PKCS #10 Object File (CSR) and a PKCS #7 Object File 431 21 CONFIGURING AAA FOR NETWORK USERS About AAA for Network Users 433 ... 442 AAA Methods for IEEE 802.1X and Web Network Access 442 IEEE 802.1X Extensible Authentication Protocol Types 446 Ways a WX Switch Can Use EAP 447 Effects of Authentication Type on Encryption Method 448 Configuring 802.1X Authentication 449 Configuring EAP Offload 449...
Configuration Guide
Page 16
... ACL 500 Setting the Location Policy 501 Clearing Location Policy Rules and Disabling the Location Policy 503 Configuring Accounting for Wireless Network Users 504 Viewing Local Accounting Records 505 Viewing Roaming Accounting Records 505 Displaying the AAA Configuration 507 Avoiding AAA ...Problems in Configuration Order 508 Using the Wildcard "Any" as the SSID Name in Authentication Rules 508 Using Authentication and Accounting Rules Together 508 Configuring a Mobility Profile 510 Network User Configuration Scenarios...
... ACL 500 Setting the Location Policy 501 Clearing Location Policy Rules and Disabling the Location Policy 503 Configuring Accounting for Wireless Network Users 504 Viewing Local Accounting Records 505 Viewing Roaming Accounting Records 505 Displaying the AAA Configuration 507 Avoiding AAA ...Problems in Configuration Order 508 Using the Wildcard "Any" as the SSID Name in Authentication Rules 508 Using Authentication and Accounting Rules Together 508 Configuring a Mobility Profile 510 Network User Configuration Scenarios...
Configuration Guide
Page 19
...a Permitted SSID List 576 Configuring a Client Black List 577 Configuring an Attack List 578 Configuring an Ignore List 579 Enabling Countermeasures 580 Using On-Demand Countermeasures in a Mobility Domain 581 Disabling or Reenabling Active Scan 582 Enabling MAP Signatures 582 Creating an Encrypted RF Fingerprint Key... 584 IDS and DoS Alerts 584 Flood Attacks 585 DoS Attacks 585 Netstumbler and Wellenreiter Applications 586 Wireless Bridge 586 Ad-Hoc Network 586 Weak WEP Key Used by Client 587 Disallowed Devices or SSIDs 587 Displaying Statistics Counters 587 IDS Log Message Examples 587 ...
...a Permitted SSID List 576 Configuring a Client Black List 577 Configuring an Attack List 578 Configuring an Ignore List 579 Enabling Countermeasures 580 Using On-Demand Countermeasures in a Mobility Domain 581 Disabling or Reenabling Active Scan 582 Enabling MAP Signatures 582 Creating an Encrypted RF Fingerprint Key... 584 IDS and DoS Alerts 584 Flood Attacks 585 DoS Attacks 585 Netstumbler and Wellenreiter Applications 586 Wireless Bridge 586 Ad-Hoc Network 586 Weak WEP Key Used by Client 587 Disallowed Devices or SSIDs 587 Displaying Statistics Counters 587 IDS Log Message Examples 587 ...
Configuration Guide
Page 20
...System Image 616 Preparing the WX Switch for the Upgrade 616 Upgrading an Individual Switch Using the CLI 617 Command Changes During Upgrade 618 A TROUBLESHOOTING A WX SWITCH Fixing Common WX Setup Problems 619 Recovering the System When the Enable Password is Lost 622 WXR100 622 WX1200, WX2200, or ...WX4400 622 Configuring and Managing the System Log 623 Log Message Components 623 Logging Destinations and Levels 623 Using Log Commands 625 ...
...System Image 616 Preparing the WX Switch for the Upgrade 616 Upgrading an Individual Switch Using the CLI 617 Command Changes During Upgrade 618 A TROUBLESHOOTING A WX SWITCH Fixing Common WX Setup Problems 619 Recovering the System When the Enable Password is Lost 622 WXR100 622 WX1200, WX2200, or ...WX4400 622 Configuring and Managing the System Log 623 Log Message Components 623 Logging Destinations and Levels 623 Using Log Commands 625 ...
Configuration Guide
Page 21
... 634 Clearing the Trace Log 634 List of Trace Areas 634 Using display Commands 635 Viewing VLAN Interfaces 635 Viewing AAA Session Statistics ... 637 Clearing the Port Mirroring Configuration 637 Remotely Monitoring Traffic 638 How Remote Traffic Monitoring Works 638 Best Practices for Remote Traffic Monitoring 639 Configuring a Snoop Filter ...Radio 641 Enabling or Disabling a Snoop Filter 643 Displaying Remote Traffic Monitoring Statistics 643 Preparing an Observer and Capturing Traffic ... Information to 3Com Technical Support 648 B ENABLING AND LOGGING INTO WEB VIEW System ...
... 634 Clearing the Trace Log 634 List of Trace Areas 634 Using display Commands 635 Viewing VLAN Interfaces 635 Viewing AAA Session Statistics ... 637 Clearing the Port Mirroring Configuration 637 Remotely Monitoring Traffic 638 How Remote Traffic Monitoring Works 638 Best Practices for Remote Traffic Monitoring 639 Configuring a Snoop Filter ...Radio 641 Enabling or Disabling a Snoop Filter 643 Displaying Remote Traffic Monitoring Statistics 643 Preparing an Observer and Capturing Traffic ... Information to 3Com Technical Support 648 B ENABLING AND LOGGING INTO WEB VIEW System ...
Configuration Guide
Page 22
C SUPPORTED RADIUS ATTRIBUTES Attributes 651 Supported Standard and Extended Attributes 652 3Com Vendor-Specific Attributes 659 D TRAFFIC PORTS USED BY MSS E DHCP SERVER How the MSS DHCP Server Works 664 Configuring the DHCP Server 665 Displaying DHCP Server Information 666 F OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS Register Your Product to Gain Service Benefits 667 Solve Problems Online 667 Purchase Extended Warranty and Professional Services 668 Access Software Downloads 668 Contact Us 668 Telephone Technical Support and Repair 669 GLOSSARY INDEX COMMAND INDEX
C SUPPORTED RADIUS ATTRIBUTES Attributes 651 Supported Standard and Extended Attributes 652 3Com Vendor-Specific Attributes 659 D TRAFFIC PORTS USED BY MSS E DHCP SERVER How the MSS DHCP Server Works 664 Configuring the DHCP Server 665 Displaying DHCP Server Information 666 F OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS Register Your Product to Gain Service Benefits 667 Solve Problems Online 667 Purchase Extended Warranty and Professional Services 668 Access Software Downloads 668 Contact Us 668 Telephone Technical Support and Repair 669 GLOSSARY INDEX COMMAND INDEX
Configuration Guide
Page 23
...describes important features or instructions Caution Information that are used throughout this guide, follow the instructions in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com World Wide Web site: http://www.3com.com/ Table 1 and Table 2 list conventions ...data or potential damage to an application, system, or device This guide is intended for the 3Com Wireless LAN Switch WXR100, WX1200, or 3Com Wireless LAN Controller WX4400, WX2200. ABOUT THIS GUIDE Conventions This guide describes the configuration commands for System integrators who are configuring the...
...describes important features or instructions Caution Information that are used throughout this guide, follow the instructions in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com World Wide Web site: http://www.3com.com/ Table 1 and Table 2 list conventions ...data or potential damage to an application, system, or device This guide is intended for the 3Com Wireless LAN Switch WXR100, WX1200, or 3Com Wireless LAN Controller WX4400, WX2200. ABOUT THIS GUIDE Conventions This guide describes the configuration commands for System integrators who are configuring the...
Configuration Guide
Page 24
...24 ABOUT THIS GUIDE Documentation This manual uses the following documents. Wireless Switch Manager (3WXM) Release Notes These notes provide information about the 3WXM software release, including new features and bug fixes. Wireless LAN Switch and Controller Release Notes These notes provide... information about the MSS software release, including new features and bug fixes. Wireless LAN Switch and Controller Quick Start Guide This guide provides instructions...
...24 ABOUT THIS GUIDE Documentation This manual uses the following documents. Wireless Switch Manager (3WXM) Release Notes These notes provide information about the 3WXM software release, including new features and bug fixes. Wireless LAN Switch and Controller Release Notes These notes provide... information about the MSS software release, including new features and bug fixes. Wireless LAN Switch and Controller Quick Start Guide This guide provides instructions...
Configuration Guide
Page 25
...; Page number (if appropriate) Example: Wireless LAN Switch and Controller Configuration Guide Part number 730-9502-0071, Revision B Page 25 Your suggestions are very important to 3Com at: pddtechpubs_comments@3com.com Please include the following information when contacting us . They will help make our documentation more useful to plan, configure, deploy, and manage...
...; Page number (if appropriate) Example: Wireless LAN Switch and Controller Configuration Guide Part number 730-9502-0071, Revision B Page 25 Your suggestions are very important to 3Com at: pddtechpubs_comments@3com.com Please include the following information when contacting us . They will help make our documentation more useful to plan, configure, deploy, and manage...
Configuration Guide
Page 27
... the WX to access the network Be aware of 3Com Wireless Switch Manager software, Wireless LAN Switches (WX1200 or WXR100), Wireless LAN Controllers (WX4400 or WX2200), and Managed Access Points (MAPs). MSS has a command-line interface (CLI) on page 33 You configure the WX switch and MAPs primarily with another set command. 1 USING THE COMMAND-LINE INTERFACE Overview CLI Conventions Mobility...
... the WX to access the network Be aware of 3Com Wireless Switch Manager software, Wireless LAN Switches (WX1200 or WXR100), Wireless LAN Controllers (WX4400 or WX2200), and Managed Access Points (MAPs). MSS has a command-line interface (CLI) on page 33 You configure the WX switch and MAPs primarily with another set command. 1 USING THE COMMAND-LINE INTERFACE Overview CLI Conventions Mobility...
Configuration Guide
Page 28
... displays the following command with a virtual LAN (VLAN) ID: clear interface vlan-id ip Curly brackets ({ }) indicate a mandatory parameter, and square brackets ([ ]) indicate an optional parameter. For example, you must type. 28 CHAPTER 1: USING THE COMMAND-LINE INTERFACE Command Prompts By ... of the WX media access control (MAC) address. WXmmmm> After you must enter dynamic or port and a port list in the Wireless LAN Switch and Controller Command Reference. For example: set enablepass Italic monospace font indicates a placeholder for example, 1200) and the nnnnnn...
... displays the following command with a virtual LAN (VLAN) ID: clear interface vlan-id ip Curly brackets ({ }) indicate a mandatory parameter, and square brackets ([ ]) indicate an optional parameter. For example, you must type. 28 CHAPTER 1: USING THE COMMAND-LINE INTERFACE Command Prompts By ... of the WX media access control (MAC) address. WXmmmm> After you must enter dynamic or port and a port list in the Wireless LAN Switch and Controller Command Reference. For example: set enablepass Italic monospace font indicates a placeholder for example, 1200) and the nnnnnn...
Configuration Guide
Page 29
... The CLI has specific notation requirements for MAC addresses, IP addresses, and masks, and allows you to group usernames, MAC addresses, virtual LAN (VLAN) names, and ports in hexadecimal numbers with a colon (:) delimiter between bytes-for example, 00:01:02:1a:00:01. ...number of special characters including the following in DÉCOR. MAC Address Notation MSS displays MAC addresses in a single command. 3Com recommends that you can use classless interdomain routing (CIDR) format to express subnet masks-for example, 192.168.1.111. You can exclude leading zeros when ...
... The CLI has specific notation requirements for MAC addresses, IP addresses, and masks, and allows you to group usernames, MAC addresses, virtual LAN (VLAN) names, and ports in hexadecimal numbers with a colon (:) delimiter between bytes-for example, 00:01:02:1a:00:01. ...number of special characters including the following in DÉCOR. MAC Address Notation MSS displays MAC addresses in a single command. 3Com recommends that you can use classless interdomain routing (CIDR) format to express subnet masks-for example, 192.168.1.111. You can exclude leading zeros when ...
Configuration Guide
Page 30
... Globs, MAC Address Globs, and VLAN Globs Name "globbing" is a way of using a wildcard pattern to determine whether the WX filters or forwards IP packets. 30 CHAPTER 1: USING THE COMMAND-LINE INTERFACE Wildcard Masks Security access control lists (ACLs) use source and destination IP addresses and wildcard masks to expand a single element into...
... Globs, MAC Address Globs, and VLAN Globs Name "globbing" is a way of using a wildcard pattern to determine whether the WX filters or forwards IP packets. 30 CHAPTER 1: USING THE COMMAND-LINE INTERFACE Wildcard Masks Security access control lists (ACLs) use source and destination IP addresses and wildcard masks to expand a single element into...
Configuration Guide
Page 31
... contain wildcard characters, against the VLAN-Name attribute returned by AAA, to determine whether to apply the rule. MSS compares the VLAN glob, which can use a single asterisk (*) as a wildcard to match all MAC addresses, or as follows to match from 1 byte to MAC addresses based on a WX...
... contain wildcard characters, against the VLAN-Name attribute returned by AAA, to determine whether to apply the rule. MSS compares the VLAN glob, which can use a single asterisk (*) as a wildcard to match all MAC addresses, or as follows to match from 1 byte to MAC addresses based on a WX...
Configuration Guide
Page 32
...list before items lower in which MSS matches the user, MAC address, or VLAN to , but not including, a delimiter character in the glob, use the double-asterisk (**) wildcard characters with no delimiters. For example: WX1200# reset port 1-8 Any combination of the display aaa or display ... A single port number. No port 0 exists on a WX are the at the beginning. Hyphens take precedence over commas. 32 CHAPTER 1: USING THE COMMAND-LINE INTERFACE To match all other VLAN names with bldg4. Valid VLAN glob delimiter characters are numbered 1 through as high as 22, depending...
...list before items lower in which MSS matches the user, MAC address, or VLAN to , but not including, a delimiter character in the glob, use the double-asterisk (**) wildcard characters with no delimiters. For example: WX1200# reset port 1-8 Any combination of the display aaa or display ... A single port number. No port 0 exists on a WX are the at the beginning. Hyphens take precedence over commas. 32 CHAPTER 1: USING THE COMMAND-LINE INTERFACE To match all other VLAN names with bldg4. Valid VLAN glob delimiter characters are numbered 1 through as high as 22, depending...