3com WX2200 3CRWX220095A Configuration manual

http://www.3Com.com/

Part No. 10015909

Published June 2007

Wireless LAN Mobility System

Wireless LAN Switch and Controller

Configuration Guide

WX4400 3CRWX440095A

WX2200 3CRWX220095A

WX1200 3CRWX120695A

WXR100 3CRWXR10095A

3Com Corporation

350 Campus Drive

Marlborough, MA USA

01752-3064

in any form or by any means or used to make any derivative work (such as translation, transformation, or

adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time

to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either

implied or expressed, including, but not limited to, the implied warranties, terms or conditions of

merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or

changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license

agreement included with the product as a separate document, in the hard copy documentation, or on the

removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,

please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are

provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense.

Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or

as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are

provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights

only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.

You agree not to remove or deface any portion of any legend provided on any licensed program or

documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may

not be registered in other countries.

3Com is a registered trademark of 3Com Corporation. The 3Com logo is a trademark of 3Com Corporation.

Mobility Domain, Managed Access Point, Mobility Profile, Mobility System, Mobility System Software, MP,

MSS, and SentrySweep are trademarks of Trapeze Networks, Inc.

Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, Windows XP,

and Windows NT are registered trademarks of Microsoft Corporation.

All other company and product names may be trademarks of the respective companies with which they are

associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we

are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental

standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation

The documentation for this product is printed on paper that comes from sustainable, managed forests; it is

fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and

the inks are vegetable-based with a low heavy-metal content.

CONTENTS

ABOUT THIS GUIDE

Conventions 23

Documentation 24

Documentation Comments 25

1 USING THE COMMAND-LINE INTERFACE

Overview 27

CLI Conventions 27

Command Prompts 28

Syntax Notation 28

Text Entry Conventions and Allowed Characters 28

User Globs, MAC Address Globs, and VLAN Globs 30

Port Lists 32

Virtual LAN Identification 33

Command-Line Editing 33

Keyboard Shortcuts 33

History Buffer 34

Tabs 34

Single-Asterisk (*) Wildcard Character 34

Double-Asterisk (**) Wildcard Characters 34

Using CLI Help 34

Understanding Command Descriptions 36

2 WX SETUP METHODS

Overview 37

Quick Starts 37

3Com Wireless Switch Manager 38

CLI 38

Web Manager 38

How a WX Switch Gets its Configuration 39

Web Quick Start (WXR100, WX1200 and WX2200 Only) 40

Web Quick Start Parameters 40

Web Quick Start Requirements 41

Accessing the Web Quick Start 41

CLI quickstart Command 44

Quickstart Example 46

Remote WX Configuration 49

Opening the QuickStart Network Plan in 3Com Wireless Switch

Manager 49

3 CONFIGURING AAA FOR ADMINISTRATIVE AND LOCAL ACCESS

Overview 51

Before You Start 54

About Administrative Access 54

Access Modes 54

Types of Administrative Access 54

First-Time Configuration via the Console 55

Enabling an Administrator 55

Setting the WX Switch Enable Password 56

Authenticating at the Console 57

Customizing AAA with “Globs” and Groups 58

Setting User Passwords 58

Adding and Clearing Local Users for Administrative Access 59

Configuring Accounting for Administrative Users 59

Displaying the AAA Configuration 61

Saving the Configuration 61

Administrative AAA Configuration Scenarios 62

Local Authentication 62

Local Authentication for Console Users and RADIUS Authentication for

Telnet Users 62

Authentication When RADIUS Servers Do Not Respond 63

Local Override and Backup Local Authentication 64

4 MANAGING USER PASSWORDS

Overview 65

Configuring Passwords 66

Setting Passwords for Local Users 66

Enabling Password Restrictions 67

Setting the Maximum Number of Login Attempts 67

Specifying Minimum Password Length 68

Configuring Password Expiration Time 69

Restoring Access to a Locked-Out User 70

Displaying Password Information 70

5 CONFIGURING AND MANAGING PORTS AND VLANS

Configuring and Managing Ports 71

Setting the Port Type 71

Configuring a Port Name 77

Configuring Interface Preference on a Dual-Interface Gigabit Ethernet

Port (WX4400 only) 78

Configuring Port Operating Parameters 79

Displaying Port Information 81

Configuring Load-Sharing Port Groups 85

Configuring and Managing VLANs 87

Understanding VLANs in 3Com MSS 87

Configuring a VLAN 91

Changing Tunneling Affinity 93

Restricting Layer 2 Forwarding Among Clients 94

Displaying VLAN Information 95

Managing the Layer 2 Forwarding Database 96

Types of Forwarding Database Entries 96

How Entries Enter the Forwarding Database 96

Displaying Forwarding Database Information 97

Adding an Entry to the Forwarding Database 98

Removing Entries from the Forwarding Database 98

Configuring the Aging Timeout Period 99

Port and VLAN Configuration Scenario 100

6 CONFIGURING AND MANAGING IP INTERFACES AND SERVICES

MTU Support 103

Configuring and Managing IP Interfaces 104

Adding an IP Interface 104

Disabling or Reenabling an IP Interface 107

Removing an IP Interface 107

Displaying IP Interface Information 107

Configuring the System IP Address 108

Designating the System IP Address 108

Displaying the System IP Address 108

Clearing the System IP Address 108

Configuring and Managing IP Routes 108

Displaying IP Routes 110

Adding a Static Route 111

Removing a Static Route 112

Managing the Management Services 113

Managing SSH 113

Managing Telnet 116

Managing HTTPS 118

Changing the Idle Timeout for CLI Management Sessions 119

Setting a Message of the Day (MOTD) Banner 120

Prompting the User to Acknowledge the MOTD Banner 120

Configuring and Managing DNS 121

Enabling or Disabling the DNS Client 121

Configuring DNS Servers 121

Configuring a Default Domain Name 122

Displaying DNS Server Information 122

Configuring and Managing Aliases 123

Adding an Alias 123

Removing an Alias 123

Displaying Aliases 123

Configuring and Managing Time Parameters 124

Setting the Time Zone 125

Configuring the Summertime Period 125

Statically Configuring the System Time and Date 127

Displaying the Time and Date 127

Configuring and Managing NTP 127

Adding an NTP Server 128

Removing an NTP Server 128

Changing the NTP Update Interval 128

Resetting the Update Interval to the Default 129

Enabling the NTP Client 129

Displaying NTP Information 129

Managing the ARP Table 130

Displaying ARP Table Entries 130

Adding an ARP Entry 131

Changing the Aging Timeout 131

Pinging Another Device 132

Logging In to a Remote Device 132

Tracing a Route 133

IP Interfaces and Services Configuration Scenario 135

7 CONFIGURING SNMP

Overview 139

Configuring SNMP 139

Setting the System Location and Contact Strings 140

Enabling SNMP Versions 140

Configuring Community Strings (SNMPv1 and SNMPv2c Only) 140

Creating a USM User for SNMPv3 141

Setting SNMP Security 143

Configuring a Notification Profile 144

Configuring a Notification Target 148

Enabling the SNMP Service 151

Displaying SNMP Information 151

Displaying SNMP Version and Status Information 151

Displaying the Configured SNMP Community Strings 151

Displaying USM Settings 151

Displaying Notification Profiles 152

Displaying Notification Targets 152

Displaying SNMP Statistics Counters 152

8 CONFIGURING AND MANAGING MOBILITY DOMAIN ROAMING

About the Mobility Domain Feature 153

Configuring a Mobility Domain 154

Configuring the Seed 154

Configuring Member WX Switches on the Seed 155

Configuring a Member 155

Configuring Mobility Domain Seed Redundancy 156

Displaying Mobility Domain Status 157

Displaying the Mobility Domain Configuration 157

Clearing a Mobility Domain from a WX Switch 157

Clearing a Mobility Domain Member from a Seed 157

Configuring WX-WX Security 158

Monitoring the VLANs and Tunnels in a Mobility Domain 159

Displaying Roaming Stations 159

Displaying Roaming VLANs and Their Affinities 160

Displaying Tunnel Information 160

Understanding the Sessions of Roaming Users 161

Requirements for Roaming to Succeed 161

Effects of Timers on Roaming 162

Monitoring Roaming Sessions 162

Mobility Domain Scenario 163

9 CONFIGURING NETWORK DOMAINS

About the Network Domain Feature 165

Network Domain Seed Affinity 168

Configuring a Network Domain 169

Configuring Network Domain Seeds 169

Specifying Network Domain Seed Peers 170

Configuring Network Domain Members 171

Displaying Network Domain Information 172

Clearing Network Domain Configuration from a WX Switch 173

Clearing a Network Domain Seed from a WX Switch 173

Clearing a Network Domain Peer from a Network Domain Seed 173

Clearing Network Domain Seed or Member Configuration from a WX

Switch 173

Network Domain Scenario 174

10 CONFIGURING MAP ACCESS POINTS

MAP Overview 177

Country of Operation 179

Directly Connected MAPs and Distributed MAPs 179

Boot Process for Distributed MAPs 189

Contacting a WX Switch 190

Loading and Activating an Operational Image 195

Obtaining Configuration Information from the WX Switch 195

Service Profiles 202

Radio Profiles 209

Configuring MAPs 213

Specifying the Country of Operation 213

Configuring an Auto-AP Profile for Automatic MAP Configuration 218

Configuring MAP Port Parameters 224

Configuring MAP-WX Security 229

Configuring a Service Profile 233

Configuring a Radio Profile 240

Configuring Radio-Specific Parameters 246

Mapping the Radio Profile to Service Profiles 249

Assigning a Radio Profile and Enabling Radios 249

Disabling or Reenabling Radios 250

Enabling or Disabling Individual Radios 250

Disabling or Reenabling All Radios Using a Profile 250

Resetting a Radio to its Factory Default Settings 251

Restarting a MAP 251

Configuring Local Packet Switching on MAPs 252

Configuring Local Switching 253

Displaying MAP Information 256

Displaying MAP Configuration Information 256

Displaying Connection Information for Distributed MAPs 257

Displaying a List of Distributed MAPs that Are Not Configured 258

Displaying Active Connection Information for Distributed MAPs 258

Displaying Service Profile Information 259

Displaying Radio Profile Information 260

Displaying MAP Status Information 260

Displaying Static IP Address Information for Distributed MAPs 261

Displaying MAP Statistics Counters 262

Displaying the Forwarding Database for a MAP 264

Displaying VLAN Information for a MAP 264

Displaying ACL Information for a MAP 265

11 CONFIGURING RF LOAD BALANCING FOR MAPS

RF Load Balancing Overview 267

Configuring RF Load Balancing 268

Disabling or Re-Enabling RF Load Balancing 268

Assigning Radios to Load Balancing Groups 269

Specifying Band Preference for RF Load Balancing 269

Setting Strictness for RF Load Balancing 270

Exempting an SSID from RF Load Balancing 271

Displaying RF Load Balancing Information 271

12 CONFIGURING WLAN MESH SERVICES

WLAN Mesh Services Overview 273

Configuring WLAN Mesh Services 274

Configuring the Mesh AP 275

Configuring the Service Profile for Mesh Services 276

Configuring Security 276

Enabling Link Calibration Packets on the Mesh Portal MAP 277

Deploying the Mesh AP 277

Configuring Wireless Bridging 278

Displaying WLAN Mesh Services Information 279

13 CONFIGURING USER ENCRYPTION

Overview 281

Configuring WPA 284

WPA Cipher Suites 284

TKIP Countermeasures 287

WPA Authentication Methods 288

WPA Information Element 288

Client Support 289

Configuring WPA 290

Configuring RSN (802.11i) 296

Creating a Service Profile for RSN 296

Enabling RSN 296

Specifying the RSN Cipher Suites 297

Changing the TKIP Countermeasures Timer Value 298

Enabling PSK Authentication 298

Displaying RSN Settings 298

Assigning the Service Profile to Radios and Enabling the Radios 298

Configuring WEP 299

Setting Static WEP Key Values 301

Assigning Static WEP Keys 301

Encryption Configuration Scenarios 302

Enabling WPA with TKIP 302

Enabling Dynamic WEP in a WPA Network 304

Configuring Encryption for MAC Clients 306

14 CONFIGURING RF AUTO-TUNING

Overview 311

Initial Channel and Power Assignment 311

Channel and Power Tuning 312

RF Auto-Tuning Parameters 314

Changing RF Auto-Tuning Settings 316

Selecting Available Channels on the 802.11a Radio 316

Changing Channel Tuning Settings 316

Changing Power Tuning Settings 317

Locking Down Tuned Settings 318

Displaying RF Auto-Tuning Information 319

Displaying RF Auto-Tuning Settings 319

Displaying RF Neighbors 320

Displaying RF Attributes 321

15 CONFIGURING MAPS TO BE AEROSCOUT LISTENERS

Configuring MAP Radios to Listen for AeroScout RFID Tags 324

Locating an RFID Tag 325

Using an AeroScout Engine 325

Using 3Com Wireless Switch Manager 325

16 CONFIGURING QUALITY OF SERVICE

About QoS 327

Summary of QoS Features 327

QoS Mode 330

WMM QoS Mode 331

WMM QoS on a MAP 337

Call Admission Control 340

Broadcast Control 341

Static CoS 341

Overriding CoS 341

Changing QoS Settings 342

Changing the QoS Mode 342

Enabling U-APSD Support 342

Configuring Call Admission Control 343

Configuring Static CoS 343

Changing CoS Mappings 344

Using the Client’s DSCP Value to Classify QoS Level 344

Enabling Broadcast Control 345

Displaying QoS Information 345

Displaying a Radio Profile’s QoS Settings 345

Displaying a Service Profile’s QoS Settings 346

Displaying CoS Mappings 347

Displaying the DSCP Table 349

Displaying MAP Forwarding Queue Statistics 349

17 CONFIGURING AND MANAGING SPANNING TREE PROTOCOL

Overview 351

Enabling the Spanning Tree Protocol 352

Changing Standard Spanning Tree Parameters 352

Bridge Priority 352

Port Cost 353

Port Priority 353

Changing the Bridge Priority 353

Changing STP Port Parameters 354

Changing Spanning Tree Timers 357

Configuring and Managing STP Fast Convergence Features 358

Configuring Port Fast Convergence 359

Displaying Port Fast Convergence Information 360

Configuring Backbone Fast Convergence 360

Displaying the Backbone Fast Convergence State 360

Configuring Uplink Fast Convergence 361

Displaying Uplink Fast Convergence Information 361

Displaying Spanning Tree Information 361

Displaying STP Bridge and Port Information 361

Displaying the STP Port Cost on a VLAN Basis 362

Displaying Blocked STP Ports 363

Displaying Spanning Tree Statistics 363

Clearing STP Statistics 365

Spanning Tree Configuration Scenario 365

18 CONFIGURING AND MANAGING IGMP SNOOPING

Overview 369

Disabling or Reenabling IGMP Snooping 369

Disabling or Reenabling Proxy Reporting 370

Enabling the Pseudo-Querier 370

Changing IGMP Timers 370

Changing the Query Interval 371

Changing the Other-Querier-

Present Interval 371

Changing the Query Response Interval 371

Changing the Last Member Query Interval 371

Changing Robustness 371

Enabling Router Solicitation 372

Changing the Router Solicitation Interval 372

Configuring Static Multicast Ports 372

Adding or Removing a Static Multicast Router Port 373

Adding or Removing a Static Multicast Receiver Port 373

Displaying Multicast Information 373

Displaying Multicast Configuration Information and Statistics 373

Displaying Multicast Queriers 375

Displaying Multicast Routers 375

Displaying Multicast Receivers 376

19 CONFIGURING AND MANAGING SECURITY ACLS

About Security Access Control Lists 377

Overview of Security ACL Commands 377

Security ACL Filters 378

Order in Which ACLs are Applied to Traffic 379

Creating and Committing a Security ACL 380

Setting a Source IP ACL 380

Setting an ICMP ACL 383

Setting TCP and UDP ACLs 385

Determining the ACE Order 386

Committing a Security ACL 387

Viewing Security ACL Information 387

Clearing Security ACLs 390

Mapping Security ACLs 390

Mapping User-Based Security ACLs 390

Mapping Security ACLs to Ports, VLANs, Virtual Ports, or Distributed

MAPs 392

Modifying a Security ACL 394

Adding Another ACE to a Security ACL 394

Placing One ACE before Another 395

Modifying an Existing Security ACL 396

Clearing Security ACLs from the Edit Buffer 397

Using ACLs to Change CoS 399

Filtering Based on DSCP Values 399

Enabling Prioritization for Legacy Voice over IP 401

General Guidelines 402

Enabling VoIP Support for TeleSym VoIP 403

Enabling SVP Optimization for SpectraLink Phones 404

Restricting Client-To-Client Forwarding Among IP-Only Clients 409

Security ACL Configuration Scenario 410

20 MANAGING KEYS AND CERTIFICATES

Why Use Keys and Certificates? 413

Wireless Security through TLS 414

PEAP-MS-CHAP-V2 Security 414

About Keys and Certificates 415

Public Key Infrastructures 416

Public and Private Keys 416

Digital Certificates 416

PKCS #7, PKCS #10, and PKCS #12 Object Files 417

Certificates Automatically Generated by MSS 418

Creating Keys and Certificates 419

Choosing the Appropriate Certificate Installation Method for Your

Network 420

Creating Public-Private Key Pairs 421

Generating Self-Signed Certificates 422

Installing a Key Pair and Certificate from a PKCS #12 Object File 423

Creating a CSR and Installing a Certificate from a PKCS #7 Object

File 424

Installing a CA’s Own Certificate 425

Displaying Certificate and Key Information 426

Key and Certificate Configuration Scenarios 427

Creating Self-Signed Certificates 427

Installing CA-Signed Certificates from PKCS #12 Object Files 429

Installing CA-Signed Certificates Using a PKCS #10 Object File (CSR) and a

PKCS #7 Object File 431

21 CONFIGURING AAA FOR NETWORK USERS

About AAA for Network Users 433

Authentication 433

Authorization 438

Accounting 440

Summary of AAA Features 440

AAA Tools for Network Users 441

“Globs” and Groups for Network User Classification 442

AAA Methods for IEEE 802.1X and Web Network Access 442

IEEE 802.1X Extensible Authentication Protocol Types 446

Ways a WX Switch Can Use EAP 447

Effects of Authentication Type on Encryption Method 448

Configuring 802.1X Authentication 449

Configuring EAP Offload 449

Using Pass-Through 450

Authenticating via a Local Database 450

Binding User Authentication to Machine Authentication 451

Configuring Authentication and Authorization by MAC Address 456

Adding and Clearing MAC Users and User Groups Locally 456

Configuring MAC Authentication and Authorization 457

Changing the MAC Authorization Password for RADIUS 459

Configuring Web Portal WebAAA 460

How WebAAA Portal Works 460

WebAAA Requirements and Recommendations 462

Configuring Web Portal WebAAA 467

Using a Custom Login Page 471

Using Dynamic Fields in WebAAA Redirect URLs 475

Using an ACL Other Than portalacl 476

Configuring the Web Portal WebAAA Session Timeout Period 477

Configuring the Web Portal Logout Function 478

Configuring Last-Resort Access 479

Configuring Last-Resort Access for Wired Authentication Ports 481

Configuring AAA for Users of Third-Party APs 482

Authentication Process for Users of a Third-Party AP 482

Requirements 483

Configuring Authentication for 802.1X Users of a Third-Party AP with

Tagged SSIDs 484

Configuring Authentication for Non-802.1X Users of a Third-Party AP

with Tagged SSIDs 487

Configuring Access for Any Users of a Non-Tagged SSID 487

Assigning Authorization Attributes 487

Assigning Attributes to Users and Groups 492

Assigning SSID Default Attributes to a Service Profile 493

Assigning a Security ACL to a User or a Group 494

Clearing a Security ACL from a User or Group 495

Assigning Encryption Types to Wireless Users 496

Keeping Users on the Same VLAN Even After Roaming 498

Overriding or Adding Attributes Locally with a Location Policy 499

About the Location Policy 500

How the Location Policy Differs from a Security ACL 500

Setting the Location Policy 501

Clearing Location Policy Rules and Disabling the Location Policy 503

Configuring Accounting for Wireless Network Users 504

Viewing Local Accounting Records 505

Viewing Roaming Accounting Records 505

Displaying the AAA Configuration 507

Avoiding AAA Problems in Configuration Order 508

Using the Wildcard “Any” as the SSID Name in Authentication

Rules 508

Using Authentication and Accounting Rules Together 508

Configuring a Mobility Profile 510

Network User Configuration Scenarios 512

General Use of Network User Commands 512

Enabling RADIUS Pass-Through Authentication 514

Enabling PEAP-MS-CHAP-V2 Authentication 514

Enabling PEAP-MS-CHAP-V2 Offload 515

Combining EAP Offload with Pass-Through Authentication 516

Overriding AAA-Assigned VLANs 516

22 CONFIGURING COMMUNICATION WITH RADIUS

RADIUS Overview 519

Before You Begin 521

Configuring RADIUS Servers 521

Configuring Global RADIUS Defaults 522

Setting the System IP Address as the Source Address 523

Configuring Individual RADIUS Servers 523

Deleting RADIUS Servers 524

Configuring RADIUS Server Groups 524

Creating Server Groups 525

Deleting a Server Group 527

RADIUS and Server Group Configuration Scenario 528

23 MANAGING 802.1X ON THE WX SWITCH

Managing 802.1X on Wired Authentication Ports 531

Enabling and Disabling 802.1X Globally 531

Setting 802.1X Port Control 532

Managing 802.1X Encryption Keys 533

Enabling 802.1X Key Transmission 533

Configuring 802.1X Key Transmission Time Intervals 533

Managing WEP Keys 534

Setting EAP Retransmission Attempts 535

Managing 802.1X Client Reauthentication 536

Enabling and Disabling 802.1X Reauthentication 536

Setting the Maximum Number of 802.1X Reauthentication

Attempts 536

Setting the 802.1X Reauthentication Period 537

Setting the Bonded Authentication Period 538

Managing Other Timers 538

Setting the 802.1X Quiet Period 538

Setting the 802.1X Timeout for an Authorization Server 539

Setting the 802.1X Timeout for a Client 539

Displaying 802.1X Information 540

Viewing 802.1X Clients 540

Viewing the 802.1X Configuration 540

Viewing 802.1X Statistics 541

24 CONFIGURING SODA ENDPOINT SECURITY FOR A WX SWITCH

About SODA Endpoint Security 543

SODA Endpoint Security Support on WX Switches 544

How SODA Functionality Works on WX Switches 545

Configuring SODA Functionality 546

Configuring Web Portal WebAAA for the Service Profile 547

Creating the SODA Agent with SODA Manager 547

Copying the SODA Agent to the WX Switch 549

Installing the SODA Agent Files on the WX Switch 549

Enabling SODA Functionality for the Service Profile 550

Disabling Enforcement of SODA Agent Checks 550

Specifying a SODA Agent Success Page 551

Specifying a SODA Agent Failure Page 551

Specifying a Remediation ACL 552

Specifying a SODA Agent Logout Page 553

Specifying an Alternate SODA Agent Directory for a Service Profile 554

Uninstalling the SODA Agent Files from the WX Switch 554

Displaying SODA Configuration Information 555

25 MANAGING SESSIONS

About the Session Manager 557

Displaying and Clearing Administrative Sessions 557

Displaying and Clearing All Administrative Sessions 558

Displaying and Clearing an Administrative Console Session 558

Displaying and Clearing Administrative Telnet Sessions 559

Displaying and Clearing Client Telnet Sessions 559

Displaying and Clearing Network Sessions 560

Displaying Verbose Network Session Information 561

Displaying and Clearing Network Sessions by Username 562

Displaying and Clearing Network Sessions by MAC Address 563

Displaying and Clearing Network Sessions by VLAN Name 563

Displaying and Clearing Network Sessions by Session ID 564

Displaying and Changing Network Session Timers 565

Disabling Keepalive Probes 566

Changing or Disabling the User Idle Timeout 566

26 ROGUE DETECTION AND COUNTERMEASURES

Overview 567

About Rogues and RF Detection 567

Rogue Access Points and Clients 567

RF Detection Scans 571

Countermeasures 572

Mobility Domain Requirement 572

Summary of Rogue Detection Features 573

Configuring Rogue Detection Lists 574

Configuring a Permitted Vendor List 574

Configuring a Permitted SSID List 576

Configuring a Client Black List 577

Configuring an Attack List 578

Configuring an Ignore List 579

Enabling Countermeasures 580

Using On-Demand Countermeasures in a Mobility Domain 581

Disabling or Reenabling Active Scan 582

Enabling MAP Signatures 582

Creating an Encrypted RF Fingerprint Key as a MAP Signature 583

Disabling or Reenabling Logging of Rogues 584

Enabling Rogue and Countermeasures Notifications 584

IDS and DoS Alerts 584

Flood Attacks 585

DoS Attacks 585

Netstumbler and Wellenreiter Applications 586

Wireless Bridge 586

Ad-Hoc Network 586

Weak WEP Key Used by Client 587

Disallowed Devices or SSIDs 587

Displaying Statistics Counters 587

IDS Log Message Examples 587

Displaying RF Detection Information 590

Displaying Rogue Clients 592

Displaying Rogue Detection Counters 593

Displaying SSID or BSSID Information for a Mobility Domain 594

Displaying RF Detect Data 596

Displaying the APs Detected by MAP Radio 596

Displaying Countermeasures Information 597

27 MANAGING SYSTEM FILES

About System Files 599

Displaying Software Version Information 599

Displaying Boot Information 601

Working with Files 602

Displaying a List of Files 602

Copying a File 604

Using an Image File’s MD5 Checksum To Verify Its Integrity 606

Deleting a File 607

Creating a Subdirectory 608

Removing a Subdirectory 608

Managing Configuration Files 609

Displaying the Running Configuration 609

Saving Configuration Changes 610

Specifying the Configuration File to Use After the Next Reboot 611

Loading a Configuration File 611

Specifying a Backup Configuration File 612

Resetting to the Factory Default Configuration 612

Backing Up and Restoring the System 613

Managing Configuration Changes 615

Backup and Restore Examples 615

Upgrading the System Image 616

Preparing the WX Switch for the Upgrade 616

Upgrading an Individual Switch Using the CLI 617

Command Changes During Upgrade 618

A TROUBLESHOOTING A WX SWITCH

Fixing Common WX Setup Problems 619

Recovering the System When the Enable Password is Lost 622

WXR100 622

WX1200, WX2200, or WX4400 622

Configuring and Managing the System Log 623

Log Message Components 623

Logging Destinations and Levels 623

Using Log Commands 625

Running Traces 631

Using the Trace Command 631

Page is loading ...

3com WX2200 3CRWX220095A, 3CRWX120695A, 3CRWX440095A, OfficeConnect WX1200, OfficeConnect WX2200, OfficeConnect WX4400, OfficeConnect WXR100, WXR100 3CRWXR10095A Configuration manual

Related papers

Other documents