SMC EliteConnect Wireless Bridge User's Guide

USER GUIDESMC2890W-AG / SMC2891W-AGElite Connect™802.11a/g Outdoor Enterprise Access Point

viiBitte unbedingt vor dem Einbauen des Geräts die folgenden Sicherheitsanweisungen durchlesen (Germany):WARNUNG: Die Installation und der Ausbau des

System Configuration6-486Configuring SNMPv3 Trap FiltersSNMP v3 users can be configured to receive notification messages from the access point. An SNM

SNMP6-496Filter ID – A user-defined name that identifies the filter. (Maximum length: 32 characters)Subtree OID – Specifies MIB subtree to be filtered

System Configuration6-506Configuring SNMPv3 TargetsAn SNMP v3 notification Target ID is specified by the SNMP v3 user, IP address, and UDP port. A use

Radio Interface6-516UDP Port – The UDP port that is used on the receiving management station for notification messages.SNMP User – The defined SNMP v3

System Configuration6-526Each radio supports up to four virtual access point (VAP) interfaces numbered 0 to 3. Each VAP functions as a separate access

Radio Interface6-536Radio Settings A (802.11a)The IEEE 802.11a interface operates within the 5 GHz band, at up to 54 Mbps in normal mode or up to 108

System Configuration6-546Default VLAN ID – The VLAN ID assigned to wireless clients associated to the VAP interface that are not assigned to a specifi

Radio Interface6-556CLI Commands for the Configuring the VAPs – From the global configuration mode, enter the interface wireless a command to access t

System Configuration6-566• AP Detection – Enables the periodic scanning for other access points. (Default: Disable)• AP Scan Interval – Sets the time

Radio Interface6-576using the rogue-ap scan command. To view the database of detected access points, use the show rogue-ap command from the Exec level

viiiStromkabel. Dies muss von dem Land, in dem es benutzt wird geprüft werden: U.S.A und Canada Der Cord muß das UL gepruft und war das CSA beglaubigt

System Configuration6-586Configuring Common Radio SettingsTo configure common radio settings, select the Radio Settings page, and scroll down to below

Radio Interface6-596Radio Channel – The radio channel that the access point uses to communicate with wireless clients. When multiple access points are

System Configuration6-606• Right: The radio uses a single antenna on the right side. Select this method when using an optional external antenna that i

Radio Interface6-616Multicast Data Rate – The maximum data rate at which the access point transmits multicast and broadcast packets on the wireless in

System Configuration6-626CLI Commands for the Common Radio Settings – From the global configuration mode, enter the interface wireless a command to ac

Radio Interface6-636types of traffic, WMM allows the priority levels to be configured to match any network-wide QoS policy. WMM also specifies a proto

System Configuration6-646Figure 6-1. WMM Backoff Wait TimesFor high-priority traffic, the AIFSN and CW values are smaller. The smaller values equate

Radio Interface6-656WMM – Sets the WMM operational mode on the access point. When enabled, the parameters for each AC queue will be employed on the ac

System Configuration6-666CLI Commands for WMM – Enter interface wireless mode and type wmm required for clients that want to associate with the access

Radio Interface6-676To view the current 802.11a radio settings for the VAP interface, use the show interface wireless a [0-3] command.SMC AP#show inte

ixTable of ContentsChapter 1: Introduction 1-1Radio Characteristics 1-1Package Checklist 1-2Hardware Description 1-2LED Indicators 1-3Integrated

System Configuration6-686Radio Settings G (802.11g)The IEEE 802.11g standard operates within the 2.4 GHz band at up to 54 Mbps. Also note that because

Radio Interface6-696Most of the 802.11g commands are identical to those used by the 802.11a interface. For information on the these commands, refer to

System Configuration6-706Auto Channel Select – Enables the access point to automatically select an unoccupied radio channel. (Default: Enabled)Maximum

Radio Interface6-716To improve wireless network security, you have to implement two main functions:• Authentication: It must be verified that clients

System Configuration6-726Note: You must enable data encryption through the web or CLI in order to enable all types of encryption (WEP, TKIP, or AES) i

Radio Interface6-736Dynamic WEP (802.1x) onlyInterface Detail Settings:Authentication: Open SystemEncryption: Enable802.1x: RequiredSet 802.1x key ref

System Configuration6-746Note: If you choose to configure RADIUS MAC authentication together with 802.1X, the RADIUS MAC address authentication occurs

Radio Interface6-756Enabling the VAPsBefore enabling the Virtual Access Point (VAP) radio interfaces, first configure all of the relevant raido settin

System Configuration6-766Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy (WEP) on the access point to prevent unauthoriz

Radio Interface6-776To enable WEP shared keys for a VAP interface, click Security under Radio A or Radio G. Then, select the VAP interface that will u

xContentsMounting to a Wall 4-4Connect External Antennas 4-5Connect Cables to the Unit 4-6Connect the Power Injector 4-7Align Antennas 4-8Chapter

System Configuration6-786key command to define up to four WEP keys that can be used for all VAP interfaces on the radio. Then use the vap command to a

Radio Interface6-796SMC AP(config)#interface wireless g 7-90Enter Wireless configuration commands, one per line.SMC AP(if-wireless g)#key 1 128 ascii

System Configuration6-806CLI Commands for WEP over 802.1X Security – Use the vap command to access each VAP interface to configure the security settin

Radio Interface6-816to enable data encryption. To view the current security settings, use the show interface wireless a [0-3] or show interface wirele

System Configuration6-826the access point and all wireless clients. The PSK mode uses the same TKIP packet encryption and key management as WPA in the

Radio Interface6-836information form a Security Association that the access point names and holds in a cache. • Preauthentication: Each time a client

System Configuration6-846The WPA configuration parameters are described below:Encryption – You must enable data encryption in order to enable all type

Radio Interface6-856The configuration settings for WPA are summarized below:CLI Commands for WPA Using Pre-shared Key Security – From the VAP interfac

System Configuration6-866CLI Commands for WPA Over 802.1X Security – From the VAP interface configuration mode, use the auth wpa required command to s

Radio Interface6-876Open the Security page, and click More for one of the VAP interfaces.You can enable 802.1X as optionally supported or as required

xiContentsChapter 7: Command Line Interface 7-1Using the Command Line Interface 7-1Accessing the CLI 7-1Console Connection 7-1Telnet Connection 7

System Configuration6-886• 802.1X Reauthentication Refresh Rate: The time period after which a connected client must be re-authenticated. During the r

Status Information6-896AP System Configuration – The AP System Configuration table displays the basic system configuration settings:• System Up Time:

System Configuration6-906AP Wireless Configuration – The AP Wireless Configuration tables display the radio and VAP interface settings listed below. N

Status Information6-916Station StatusThe Station Status window shows the wireless clients currently associated with the access point.The Station Confi

System Configuration6-926CLI Commands for Displaying Station Status – To view status of clients currently associated with the access point, use the sh

Status Information6-936Event LogsThe Event Logs window shows the log messages generated by the access point and stored in memory.The Event Logs table

System Configuration6-946CLI Commands for Displaying the Logging Status – From the global configuration mode, use the show logging command.CLI Command

Status Information6-956STP StatusThe STP Status window shows the STP status for each port.• ID: Displays the port ID number.• Priority: The priority d

System Configuration6-966

7-1Chapter 7: Command Line InterfaceUsing the Command Line InterfaceAccessing the CLIWhen accessing the management interface for the over a direct con

xiiContentsshow system 7-24show version 7-25show config 7-25show hardware 7-29System Logging Commands 7-29logging on 7-30logging host 7-30loggi

Command Line Interface7-27If your corporate network is connected to another network outside your office or to the Internet, you need to apply for a re

Entering Commands7-37Command CompletionIf you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to t

Command Line Interface7-47Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters a

Entering Commands7-57Exec CommandsWhen you open a new console session on an access point, the system enters Exec command mode. Only a limited number o

Command Line Interface7-67Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain e

General Commands7-77The access mode shown in the following tables is indicated by these abbreviations: Exec (Executive Mode), GC (Global Configuration

Command Line Interface7-87configureThis command activates Global Configuration mode. You must enter this mode to modify most of the settings on the ac

General Commands7-97Example This example shows how to return to the Exec mode from the Interface Configuration mode, and then quit the CLI session:pin

Command Line Interface7-107resetThis command restarts the system or restores the factory default settings.Syntax reset <board | configuration> •

System Management Commands7-117show lineThis command displays the console port’s configuration settings.Command Mode ExecExampleThe console port setti

xiiiContentscopy 7-57delete 7-58dir 7-59show bootfile 7-59RADIUS Client 7-60radius-server address 7-60radius-server port 7-61radius-server key

Command Line Interface7-127countryThis command configures the access point’s country code, which identifies the country of operation and sets the auth

System Management Commands7-137Default Setting US - for units sold in the United States99 (no country set) - for units sold in other countriesCommand

Command Line Interface7-147Command Usage• If you purchased an access point outside of the United States, the country code must be set before radio fun

System Management Commands7-157Command Mode Global ConfigurationExample usernameThis command configures the user name for management access.Syntax use

Command Line Interface7-167ip ssh-server enable This command enables the Secure Shell server. Use the no form to disable the server.Syntax ip ssh-serv

System Management Commands7-177ip telnet-server enable This command enables the Telnet server. Use the no form to disable the server.Syntax ip telnet-

Command Line Interface7-187ip http serverThis command allows this device to be monitored or configured from a browser. Use the no form to disable this

System Management Commands7-197ip https portUse this command to specify the UDP port number used for HTTPS/SSL connection to the access point’s Web in

Command Line Interface7-207Syntax ip https serverno ip https serverDefault Setting EnabledCommand Mode Global ConfigurationCommand Usage • Both HTTP a

System Management Commands7-217attempted. The client is then authenticated by entering a user name and password on the web page. This process allows c

xivContentsshow bridge filter-entry 7-83show bridge link 7-83Spanning Tree Commands 7-85bridge stp enable 7-85bridge stp forwarding-delay 7-86bri

Command Line Interface7-227the access point will not accept overlapping address ranges. When entering addresses for different groups, the access point

System Management Commands7-237Command Mode ExecExampleSMC AP#show apmanagementManagement AP Information=================================AP Management

Command Line Interface7-247show systemThis command displays basic system configuration settings.Default SettingNoneCommand Mode ExecExampleSMC AP#show

System Management Commands7-257show versionThis command displays the software version for the system.Command Mode ExecExample show configThis command

Command Line Interface7-267Hardware Version Information===========================================Hardware version R01A===============================

System Management Commands7-277Logging Information=====================================================Syslog State : DisabledLogging Co

Command Line Interface7-287 dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11Station

System Logging Commands7-297show hardwareThis command displays the hardware version of the system.Command Mode ExecExample System Logging CommandsThes

Command Line Interface7-307logging onThis command controls logging of error messages; i.e., sending debug or error messages to memory. The no form dis

System Logging Commands7-317Example logging consoleThis command initiates logging of error messages to the console. Use the no form to disable logging

xvContentsshow interface wireless 7-113show station 7-115Rogue AP Detection Commands 7-116rogue-ap enable 7-116rogue-ap authenticate 7-117rogue-a

Command Line Interface7-327Command Usage Messages sent include the selected level down to Emergency level.Example logging facility-typeThis command se

System Logging Commands7-337Command Usage The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect

Command Line Interface7-347show event-logThis command displays log messages stored in the access point’s memory.Syntaxshow event-logCommand Mode ExecE

System Clock Commands7-357sntp-server ipThis command sets the IP address of the servers to which SNTP time requests are issued. Use the this command w

Command Line Interface7-367Command Mode Global ConfigurationCommand Usage The time acquired from time servers is used to record accurate dates and tim

System Clock Commands7-377sntp-server daylight-savingThis command sets the start and end dates for daylight savings time. Use the no form to disable d

Command Line Interface7-387Command Usage This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mea

DHCP Relay Commands7-397DHCP Relay CommandsDynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration i

Command Line Interface7-407dhcp-relayThis command configures the primary and secondary DHCP server addresses.Syntaxdhcp-relay <primary | secondary&

SNMP Commands7-417SNMP CommandsControls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as w

xviContentsCrossover Wiring B-38-Pin DIN Connector Pinout B-38-Pin DIN to RJ-45 Cable Wiring B-4Appendix C: Specifications C-1General Specificatio

Command Line Interface7-427snmp-server communityThis command defines the community access string for the Simple Network Management Protocol. Use the n

SNMP Commands7-437Command Mode Global ConfigurationExample Related Commandssnmp-server location (7-43)snmp-server locationThis command sets the system

Command Line Interface7-447Command Mode Global ConfigurationCommand Usage • This command enables both authentication failure notifications and link-up

SNMP Commands7-457Command Usage The snmp-server host command is used in conjunction with the snmp-server enable server command to enable SNMP notifica

Command Line Interface7-467- iappStationRoamedTo - A client station has roamed to another access point (identified by its IP address).- localMacAddrAu

SNMP Commands7-477Command Mode Global ConfigurationCommand Usage • This command is used in conjunction with the snmp-server user command. • Entering t

Command Line Interface7-487- RWAuth - A read/write group using authentication, but no data encryption. Users in this group send SNMP messages that use

SNMP Commands7-497snmp-server targetsThis command configures SNMP v3 notification targets. Use the no form to delete an SNMP v3 target.Syntaxsnmp-serv

Command Line Interface7-507snmp-server filterThis command configures SNMP v3 notification filters. Use the no form to delete an SNMP v3 filter or remo

SNMP Commands7-517snmp-server filter-assignmentsThis command assigns SNMP v3 notification filters to targets. Use the no form to remove an SNMP v3 fil

20 Mason,Irvine, CA 92618Phone: (949) 679-8000EliteConnect™ SMC2890W-AG and SMC2891W-AG Universal 2.4GHz/5GHz Wireless Dual-Band Outdoor Access PointT

1-1Chapter 1: IntroductionThe Dual-band Outdoor Access Point / Bridge system consists of two models that provide point-to-point or point-to-multipoint

Command Line Interface7-527Example show snmp usersThis command displays the SNMP v3 users and settings.Syntax show snmp usersCommand ModeExecExample s

SNMP Commands7-537Example show snmp targetThis command displays the SNMP v3 notification target settings.Syntaxshow snmp targetCommand Mode ExecExampl

Command Line Interface7-547show snmp filter-assignmentsThis command displays the SNMP v3 notification filter assignments.Syntaxshow snmp filter-assign

SNMP Commands7-557show snmpThis command displays the SNMP configuration settings.Command Mode ExecExampleSMC AP#show snmpSNMP Information=============

Command Line Interface7-567Flash/File CommandsThese commands are used to manage the system code or configuration files.bootfileThis command specifies

Flash/File Commands7-577copy This command copies a boot file, code image, or configuration file between the access point’s flash memory and a FTP/TFTP

Command Line Interface7-587The following example shows how to download a configuration file: deleteThis command deletes a file or image.Syntaxdelete &

Flash/File Commands7-597dirThis command displays a list of files in flash memory.Command Mode ExecCommand Usage File information is shown below:Exampl

Command Line Interface7-607RADIUS ClientRemote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software runn

RADIUS Client7-617Command Mode Global ConfigurationExample radius-server portThis command sets the RADIUS server network port. Syntaxradius-server [se

Introduction1-21Package ChecklistThe Dual-band Outdoor Access Point / Bridge package includes:• One Wireless Dual-band Access Point (SMC2890W-AG or S

Command Line Interface7-627radius-server retransmitThis command sets the number of retries. Syntaxradius-server [secondary] retransmit number_of_retri

RADIUS Client7-637radius-server port-accountingThis command sets the RADIUS Accounting server network port. Syntaxradius-server [secondary] port-accou

Command Line Interface7-647Example radius-server radius-mac-formatThis command sets the format for specifying MAC addresses on the RADIUS server.Synta

RADIUS Client7-657show radiusThis command displays the current settings for the RADIUS server.Default SettingNoneCommand Mode ExecExample SMC AP#show

Command Line Interface7-667802.1X AuthenticationThe access point supports IEEE 802.1X access control for wireless clients. This control feature preven

802.1X Authentication7-677Command ModeGlobal ConfigurationCommand Usage• When 802.1X is disabled, the access point does not support 802.1X authenticat

Command Line Interface7-687• Dynamic broadcast key rotation allows the access point to generate a random group key and periodically update all key-man

802.1X Authentication7-697Global ConfigurationExample802.1x-supplicant enableThis command enables the access point to operate as an 802.1X supplicant

Command Line Interface7-707Command ModeGlobal ConfigurationCommand UsageThe access point currently only supports EAP-MD5 CHAP for 802.1X supplicant au

MAC Address Authentication7-717MAC Address Authentication Use these commands to define MAC authentication on the access point. For local MAC authentic

LED Indicators1-31LED IndicatorsThe access point includes eight status LED indicators, as indicated in the following figure. The following table descr

Command Line Interface7-727Related Commandsaddress filter entry (7-72)802.1x-supplicant user (7-69)address filter entryThis command enters a MAC addre

MAC Address Authentication7-737Command ModeGlobal ConfigurationExampleRelated Commands802.1x-supplicant user (7-69)mac-authentication serverThis comma

Command Line Interface7-747Default0 (disabled)Command ModeGlobal ConfigurationExampleFiltering CommandsThe commands described in this section are used

Filtering Commands7-757filter local-bridgeThis command disables communication between wireless clients. Use the no form to disable this filtering.Synt

Command Line Interface7-767filter uplink enableThis command enables filtering of MAC addresses from the Ethernet port.Syntax[no] filter uplink enableD

Filtering Commands7-777Global ConfigurationCommand UsageThis command is used in conjunction with the filter ethernet-type protocol command to determin

Command Line Interface7-787show filtersThis command shows the filter options and protocol entries in the filter table. Command ModeExecExampleWDS Brid

WDS Bridge Commands7-797bridge modeThis command selects between Master and Slave mode.Syntaxbridge mode <master | slave>• master - Operates as a

Command Line Interface7-807configured as the “root bridge” in the wireless network. The root bridge is the unit connected to the main core of the wire

WDS Bridge Commands7-817Default Setting NoneCommand Mode Interface Configuration (Wireless)Command Usage Every bridge (except the root bridge) in the

Introduction1-41The 11a and 11b/g LEDs operate in two display modes, which are configurable through the management interface. The RSSI mode is for ali

Command Line Interface7-827bridge dynamic-entry age-timeThis command sets the time for aging out dynamic entries in the WDS forwarding table.Syntaxbri

WDS Bridge Commands7-837show bridge filter-entryThis command displays current entries in the WDS forwarding table.Command Mode ExecExample show bridge

Command Line Interface7-847Example SMC AP#show bridge link wireless aInterface Wireless A WDS Information====================================AP Role:

Spanning Tree Commands7-857Spanning Tree CommandsThe commands described in this section are used to set the MAC address table aging time and spanning

Command Line Interface7-867bridge stp forwarding-delayUse this command to configure the spanning tree bridge forward time globally for the wireless br

Spanning Tree Commands7-877Example bridge stp max-ageUse this command to configure the spanning tree bridge maximum age globally for the wireless brid

Command Line Interface7-887Command Mode Global ConfigurationCommand Usage Bridge priority is used in selecting the root device, root port, and designa

Spanning Tree Commands7-897Default Setting 128Command Mode Interface ConfigurationCommand Usage • This command defines the priority for the use of a p

Command Line Interface7-907Ethernet Interface Commands The commands described in this section configure connection parameters for the Ethernet port an

Ethernet Interface Commands7-917dns serverThis command specifies the address for the primary or secondary domain name server to be used for name-to-ad

Introduction1-61Ethernet PortThe wireless bridge has one 10BASE-T/100BASE-TX 8-pin DIN port that connects to the power injector module using the inclu

Command Line Interface7-927Command Mode Interface Configuration (Ethernet)Command Usage • DHCP is enabled by default. To manually configure a new IP a

Ethernet Interface Commands7-937• When you use this command, the access point will begin broadcasting DHCP client requests. The current IP address (i.

Command Line Interface7-947shutdown This command disables the Ethernet interface. To restart a disabled interface, use the no form.Syntax shutdownno s

Wireless Interface Commands7-957Example Wireless Interface CommandsThe commands described in this section configure connection parameters for the wire

Command Line Interface7-967beacon-interval Configures the rate at which beacon signals are transmitted from the access pointIC-W 7-105dtim-period Conf

Wireless Interface Commands7-977interface wirelessThis command enters wireless interface configuration mode.Syntaxinterface wireless <a | g>• a

Command Line Interface7-987speedThis command configures the maximum data rate at which the access point transmits unicast packets. Syntaxspeed <spe

Wireless Interface Commands7-997Command Usage • The normal 802.11a wireless operation mode provides connections up to 54 Mbps. Turbo Mode is an enhanc

Command Line Interface7-1007channelThis command configures the radio channel through which the access point communicates with wireless clients. Syntax

Wireless Interface Commands7-1017Default Setting fullCommand Mode Interface Configuration (Wireless)Command Usage • The “min” keyword indicates minimu

Grounding Point1-71The power injector module automatically adjusts to any AC voltage between 100-240 volts at 50 or 60 Hz. No voltage range settings a

Command Line Interface7-1027ExamplepreambleThis command sets the length of the signal preamble that is used at the start of a 802.11b/g data transmiss

Wireless Interface Commands7-1037antenna controlThis command selects the use of two diversity antennas or a single antenna for the radio interface.Syn

Command Line Interface7-1047Command ModeInterface Configuration (Wireless)Command Usage• See “External Antenna Options” on page 1-5 for a list of the

Wireless Interface Commands7-1057beacon-interval This command configures the rate at which beacon signals are transmitted from the access point. Synta

Command Line Interface7-1067will save all broadcast/multicast frames for the Basic Service Set (BSS) and forward them after every second beacon.• Usin

Wireless Interface Commands7-1077rts-thresholdThis command sets the packet size threshold at which a Request to Send (RTS) signal must be sent to the

Command Line Interface7-1087super-a This command enables Atheros proprietary Super A performance enhancements. Use the no form to disable this functio

Wireless Interface Commands7-1097description This command adds a description to a the wireless interface. Use the no form to remove the description.Sy

Command Line Interface7-1107closed-systemThis command prohibits access to clients without a pre-configured SSID. Use the no form to disable this featu

Wireless Interface Commands7-1117assoc-timeout-intervalThis command configures the idle time interval (when no frames are sent) after which the client

Introduction1-81System ConfigurationAt each location where a unit is installed, it must be connected to the local network using the power injector mod

Command Line Interface7-1127Default Setting Interface enabledCommand Mode Interface Configuration (Wireless-VAP)Command UsageYou must first enable VAP

Wireless Interface Commands7-1137show interface wirelessThis command displays the status for the wireless interface.Syntaxshow interface wireless <

Command Line Interface7-1147----------------802.1x---------------------------------------------------802.1x : DISABLEDBroadca

Wireless Interface Commands7-1157show stationThis command shows the wireless clients associated with the access point.Command Mode ExecExample SMC AP#

Command Line Interface7-1167Rogue AP Detection CommandsA “rogue AP” is either an access point that is not authorized to participate in the wireless ne

Rogue AP Detection Commands7-1177• A “rogue AP” is either an access point that is not authorized to participate in the wireless network, or an access

Command Line Interface7-1187rogue-ap durationThis command sets the scan duration for detecting access points.Syntaxrogue-ap duration <milliseconds&

Rogue AP Detection Commands7-1197Example Related Commandsrogue-ap duration (7-118)rogue-ap scanThis command starts an immediate scan for access points

Command Line Interface7-1207show rogue-apThis command displays the current rogue AP database.Command Mode ExecExample Wireless Security CommandsThe co

Wireless Security Commands7-1217authThis command configures authentication for the VAP interface.Syntaxauth <open-system | shared-key | wpa | wpa-p

2-1Chapter 2: Network Configuration The Dual-band Outdoor Access Point / Bridge system provides access point and bridging services through either the

Command Line Interface7-1227• To use WEP shared-key authentication, set the authentication type to “shared-key” and define at least one static WEP key

Wireless Security Commands7-1237ExampleRelated Commandsencryption (7-123)key (7-124)encryption This command enables data encryption for wireless commu

Command Line Interface7-1247key This command sets the keys used for WEP encryption. Use the no form to delete a configured key.Syntaxkey <index>

Wireless Security Commands7-1257transmit-keyThis command sets the index of the key to be used for encrypting data frames for broadcast or multicast tr

Command Line Interface7-1267cipher-suite This command defines the cipher algorithm used to encrypt the global key for broadcast and multicast traffic

Wireless Security Commands7-1277• AES-CCMP (Advanced Encryption Standard Counter-Mode/CBCMAC Protocol): WPA2 is backward compatible with WPA, includin

Command Line Interface7-1287Example wpa-pre-shared-key This command defines a Wi-Fi Protected Access (WPA/WPA2) Pre-shared-key.Syntaxwpa-pre-shared-ke

Wireless Security Commands7-1297Command Mode Interface Configuration (Wireless-VAP)Command Usage • WPA2 provides fast roaming for authenticated client

Command Line Interface7-1307known to be already authenticated, so it proceeds directly to key exchange and association.• To support pre-authentication

Link Integrity Commands7-1317link-integrity ping-detectThis command enables link integrity detection. Use the no form to disable link integrity detect

Network Configuration2-22Infrastructure Wireless LANThe access point function of the wireless bridge provides access to a wired LAN for 802.11a/b/g wi

Command Line Interface7-1327link-integrity ping-intervalThis command configures the time between each Ping sent to the link host. Syntaxlink-integrity

Link Integrity Commands7-1337Command Mode Global ConfigurationExample show link-integrityThis command displays the current link integrity configuratio

Command Line Interface7-1347IAPP CommandsThe command described in this section enables the protocol signaling required to ensure the successful handov

VLAN Commands7-1357VLAN CommandsThe access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired network.

Command Line Interface7-1367• Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point’s native VLAN ID, or with

WMM Commands7-1377Default Setting 1Command Mode Interface Configuration (Wireless-VAP)Command Usage • To implement the default VLAN ID setting for VAP

Command Line Interface7-1387wmmThis command sets the WMM operational mode on the access point. Use the no form to disable WMM.Syntax[no] wmm <suppo

WMM Commands7-1397interpretability with other wired network QoS policies. While the four ACs are specified for specific types of traffic, WMM allows t

Command Line Interface7-1407• admission_control - The admission control mode for the access category. When enabled, clients are blocked from using the

A-1Appendix A: TroubleshootingCheck the following items before you contact local Technical Support.1. If wireless clients cannot access the network, c

Access Point Topologies2-32Infrastructure Wireless LAN for Roaming Wireless PCsThe Basic Service Set (BSS) defines the communications domain for each

TroubleshootingA-2A3. If you cannot access the on-board configuration program via a serial port connection:• Be sure you have set the terminal emulato

B-1Appendix B: Cables and PinoutsTwisted-Pair Cable Assignments For 10/100BASE-TX connections, a twisted-pair cable must have two pairs of wires. Each

Cables and PinoutsB-2BStraight-Through WiringBecause the 10/100 Mbps port on the access point uses an MDI pin configuration, you must use “straight-th

Twisted-Pair Cable AssignmentsB-3BCrossover WiringBecause the 10/100 Mbps port on the access point uses an MDI pin configuration, you must use “crosso

Cables and PinoutsB-4B8-Pin DIN to RJ-45 Cable WiringTo construct an extended Ethernet cable to connect from the power injector’s RJ-45 Output port to

C-1Appendix C: SpecificationsGeneral SpecificationsMaximum Channels802.11a:US & Canada: 13 (normal mode), 5 (turbo mode)Japan: 4 (normal mode), 1

SpecificationsC-2COperating Frequency802.11a:5.15 ~ 5.25 GHz (lower band) US/Canada, Japan5.25 ~ 5.35 GHz (middle band) US/Canada5.725 ~ 5.825 GHz (up

General SpecificationsC-3CWireless Radio/Regulatory CertificationETSI 300 328 (11b/g), 301 893 (11a Full range), 301 489 (DC power)FCC Part 15C 15.247

SpecificationsC-4CSensitivityTable C-1 Sensitivity 802.11aIEEE 802.11a Sensitivity (GHz - dBm)Modulation/Rates 5.15-5.250 5.25-5.350 5.50-5.700 5.725

Transmit PowerC-5CTransmit Power Table C-4 Transmit Power 802.11aIEEE 802.11a Maximum Output Power (GHz - dBm)Data Rate 5.15-5.250 5.25-5.350 5.50-5.

CopyrightInformation furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for i

Network Configuration2-42Bridge Link TopologiesThe IEEE 802.11 standard defines a WIreless Distribution System (WDS) for bridge connections between BS

SpecificationsC-6C

D-1D-1Appendix D: Montieren der BridgeDie Bridge kann auf folgenden Oberflächentypen montiert werden:•Mast• Wand oder elektrischer Kasten (NEMA Enclos

Montieren der BridgeD-2D3. Stecken Sie die Ränder der V-förmigen Halterung in die Aussparungen in der rechteckigen Platte und ziehen Sie die Muttern f

Verwenden der Halterung für WandmontageD-3D5. Befestigen Sie die Bridge mit Halter an der am Mast angebrachten Platte.Befestigen Sie die drahtlose Bri

Montieren der BridgeD-4D2. Halten Sie die Halterung an der gewünschten Stelle an und markieren Sie die Positionen der drei Löcher für die Montageschra

Anschließen der externen AntennenD-5D5. Verbinden Sie das Ethernet-Kabel (und das Netzkabel, falls erforderlich) mit den Anschlüssen auf der Vordersei

Montieren der BridgeD-6D\Anschließen der Kabel an das Gerät1. Verbinden Sie das Ethernet-Kabel mit dem Ethernet-Port der drahtlosen Bridge.2. Umwickel

Anschließen des PoE InjectorsD-7DAnschließen des PoE InjectorsSo schließen Sie die drahtlose Bridge an eine Stromquelle an:Achtung: Installieren Sie

Montieren der BridgeD-8D1. Stecken Sie den Netzleitungsstecker direkt in den standardmäßigen Netzanschluss des Injector-Moduls.2. Verbinden Sie das an

Glossary-1Glossary10BASE-TIEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3 or better UTP cable.100BASE-TXIEEE 802.3u specifi

Bridge Link Topologies2-52Point-to-Multipoint ConfigurationA SMC2890W-AG wireless bridge can use an omnidirectional or sector antenna to connect to as

Glossary-2GlossaryBroadcast KeyBroadcast keys are sent to stations using 802.1X dynamic keying. Dynamic broadcast key rotation is often used to allow

Glossary-3GlossaryIEEE 802.11bA wireless standard that supports wireless communications in the 2.4 GHz band using Direct Sequence Spread Spectrum (DSS

Glossary-4GlossaryPower over Ethernet (PoE)A specification for providing both power and data to low-power network devices using a single Category 5 Et

Glossary-5GlossaryTemporal Key Integrity Protocol (TKIP)A data encryption method designed as a replacement for WEP. TKIP avoids the problems of WEP st

Index-1Numerics802.11g 7-97AAES 6-82authentication 6-12cipher suite 6-84, 7-122closed system 7-110configuring 6-12MAC address 6-13, 7-71, 7-72type 6-7

IndexIndex-2firmwaredisplaying version 6-30, 7-25upgrading 6-29, 6-31, 7-57fragmentation 7-106Ggateway address 5-2, 6-6, 7-1, 7-91Hhardware version, d

IndexIndex-3RSSI BNC 1-7RTSthreshold 6-61, 7-107SSecure Socket Layer See SSLsecurity, options 6-70, 6-71session key 6-86, 6-87, 7-68shared key 6-76, 7

Model Number: SMC2890W-AG / SMC2891W-AGPub. Number: 149100034900E

TECHNICAL SUPPORT From U.S.A. and Canada (24 hours a day, 7 days a week) Phn: 800-SMC-4-YOU / 949-679-8000 Fax: 949-502-3400ENGLISHTechnical Support

Network Configuration2-62

3-1Chapter 3: Bridge Link PlanningThe Dual-band Outdoor Access Point / Bridge supports fixed point-to-point or point-to-multipoint wireless links. A s

Bridge Link Planning3-23If there are obstacles in the radio path, there may still be a radio link but the quality and strength of the signal will be a

Radio Path Planning3-33.Note that to avoid any obstruction along the path, the height of the object must be added to the minimum clearance required fo

Bridge Link Planning3-43(7.5 ft) mast or pole must be contructed on its roof to achieve the required antenna height. Building B is only three stories

Ethernet Cabling3-53Radio InterferenceThe avoidance of radio interference is an important part of wireless link planning. Interference is caused by ot

Bridge Link Planning3-63• Determine if conduits, bracing, or other structures are required for safety or protection of the cable• For lightning protec

4-14-1Chapter 4: Hardware InstallationBefore mounting antennas to set up your wireless bridge links, be sure you have selected appropriate locations f

iCompliancesFederal Communication Commission Interference StatementThis equipment has been tested and found to comply with the limits for a Class B di

Hardware Installation4-24The bridge’s mounting bracket has four parts. One rectangular plate that is used for pole and wall mounting, one square plate

Mount the Unit4-344. Attach the bridge with its mounting plate to the bracket already fixed to the pole.5. Use the included nuts to secure the wireles

Hardware Installation4-44Be sure to take account of the antenna polarization direction; all antennas in a link must be mounted with the same polarizat

Connect External Antennas4-54Connect External AntennasWhen deploying a SMC2891W-AG unit for a bridge link or access point operation, you need to mount

Hardware Installation4-64Connect Cables to the UnitWarning: Do not connect or disconnect cables or otherwise work with the bridge during periods of li

Connect the Power Injector4-74Connect the Power InjectorTo connect the wireless bridge to a power source:Caution: Do not install the power injector o

Hardware Installation4-841. Insert the power cable plug directly into the standard AC receptacle on the power injector.2. Plug the other end of the po

Align Antennas4-94The signal strength LEDs indicate the received radio signal strength for a particular bridge link. The more LEDs that turn on, the s

Hardware Installation4-1041. Pan the antenna horizontally back and forth while checking the LEDs. If using the pole-mounting bracket with the unit, yo

5-1Chapter 5: Initial ConfigurationThe Dual-band Outdoor Access Point / Bridge offers a variety of management options, including a web-based interface

iiVCCI NoticeThis is a class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VC

Initial Configuration5-25For a description of how to use the CLI, see “Using the Command Line Interface” on page 7-1. For a list of all the CLI comman

Logging In5-35Setting the Country Code – Units sold in the United States are configured by default to use only radio channels 1-11 in 802.11b or 802.1

Initial Configuration5-45The home page displays the Main Menu.

6-1Chapter 6: System ConfigurationBefore continuing with advanced configuration, first complete the initial configuration steps described in Chapter 4

System Configuration6-26Advanced ConfigurationThe Advanced Configuration pages include the following options.Table 6-1. MenuMenu Description PageSys

Advanced Configuration6-36System IdentificationThe system name for the access point can be left at its default setting. However, modifying this parame

System Configuration6-46CLI Commands for System Identification – Enter the global configuration mode, and use the system name command to specify a new

Advanced Configuration6-56TCP / IP SettingsConfiguring the access point with an IP address expands your ability to manage the access point. A number o

System Configuration6-66• Default Gateway: The default gateway is the IP address of the router for the access point, which is used if the requested de

Advanced Configuration6-76RADIUSRemote Authentication Dial-in User Service (RADIUS) is an authentication protocol that uses software running on a cent

iii• This device employs a radar detection feature required for European Community operation in the 5 GHz band. This feature is automatically enabled

System Configuration6-86

Advanced Configuration6-96MAC Address Format – MAC addresses can be specified in one of four formats, using no delimeter, with a single dash delimeter

System Configuration6-106CLI Commands for RADIUS – From the global configuration mode, use the radius-server address command to specify the address of

Advanced Configuration6-116SSH SettingsTelnet is a remote management tool that can be used to configure the access point from anywhere in the network.

System Configuration6-126CLI Commands for SSH – To enable the SSH server, use the ip ssh-server enable command from the CLI Ethernet interface configu

Advanced Configuration6-136MAC Authentication – You can configure a list of the MAC addresses for wireless clients that are authorized to access the n

System Configuration6-146Local MAC Authentication – Configures the local MAC authentication database. The MAC database provides a mechanism to take ce

Advanced Configuration6-156CLI Commands for Local MAC Authentication – Use the mac-authentication server command from the global configuration mode to

System Configuration6-166CLI Commands for RADIUS MAC Authentication – Use the mac-authentication server command from the global configuration mode to

Advanced Configuration6-176Filter ControlThe access point can employ network traffic frame filtering to control access to network resources and increa

ivSafety CompliancePower Cord SafetyPlease read the following safety information carefully before installing the device:Warning:Installation and remov

System Configuration6-186Uplink Port MAC Address Filtering Status – Prevents traffic with specified source MAC addresses from being forwarded to wirel

Advanced Configuration6-196VLANThe access point can employ VLAN tagging support to control access to network resources and increase security. VLANs se

System Configuration6-206When setting up VLAN IDs for each user on the RADIUS server, be sure to use the RADIUS attributes and values as indicated in

Advanced Configuration6-216WDS SettingsEach access point radio interface can be configured to operate in a bridge or repeater mode, which allows it to

System Configuration6-226• Bridge: Operates as a bridge to other access points. The “Parent” link to the root bridge must be configured. Up to five ot

Advanced Configuration6-236Spanning Tree Protocol – STP uses a distributed algorithm to select a bridging device (STP-compliant switch, bridge or rout

System Configuration6-246Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmit

Advanced Configuration6-256• Range: 1-65535• Default: Ethernet interface: 19; Wireless interface: 40• Link Port Priority – Defines the priority used f

System Configuration6-266CLI Commands for STP Settings – If the role of a radio interface is set to Repeater, Bridge or Root Bridge, STP can be enable

Advanced Configuration6-276AP ManagementThe Web, Telnet, and SNMP management interfaces are enabled and open to all IP addresses by default. To provid

vVeuillez lire à fond l'information de la sécurité suivante avant d'installer l’appareil:AVERTISSEMENT: L’installation et la dépose de ce gr

System Configuration6-286CLI Commands for AP Management features.AdministrationChanging the PasswordManagement access to the web and CLI interface on

Advanced Configuration6-296Session Timeout for WEB – Sets the time limit for an idle web interface session. (Range: 0-1800 seconds; Default: 300 secon

System Configuration6-306Before upgrading new software, verify that the access point is connected to the network and has been configured with a compat

Advanced Configuration6-316Firmware Upgrade Local – Downloads an operation code image file from the web management station to the access point using H

System Configuration6-326Upon uploading a new configuration file you will be prompted to either restore factory settings, or reboot the unit.CLI Comma

Advanced Configuration6-336System Log The access point can be configured to send event and error messages to a System Log Server. The system clock can

System Configuration6-346Logging Level – Sets the minimum severity level for event logging. (Default: Informational)The system allows you to limit the

Advanced Configuration6-356CLI Commands for System Logging – To enable logging on the access point, use the logging on command from the global configu

System Configuration6-366Note: The access point also allows you to disable SNTP and set the system clock manually. Set Time Zone – SNTP uses Coordinat

Advanced Configuration6-376CLI Commands for the System Clock – The following example shows how to manually set the system time when SNTP server suppor

vi• L’appareil fonctionne à une tension extrêmement basse de sécurité qui est conforme à la norme IEC 60950. Ces conditions ne sont maintenues que si

System Configuration6-386The RSSI controls allow the external connector to be disabled and the receive signal for each WDS port displayed.RSSI:• Auto

Advanced Configuration6-396•Port Number: Selects a specific WDS port for which to display the RSSI output value. Ports 1-6 are available for a Master

System Configuration6-406SNMPSimple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a net

SNMP6-416Configuring SNMP and Trap Message ParametersThe access point SNMP agent must be enabled to function (for versions 1, 2c, and 3 clients). Man

System Configuration6-426Community Name (Read/Write) – Defines the SNMP community access string that has read/write access. Authorized management stat

SNMP6-436Trap Configuration – Allows selection of specific SNMP notifications to send. The following items are available:• sysSystemUp - The access po

System Configuration6-446• dot11StationDisassociate - A client station no longer associates with the network.• dot11StationAuthenticateFail - A client

SNMP6-456To view the current SNMP settings, use the show snmp command.SMC AP#show snmp 7-55SNMP Information===========================================

System Configuration6-466Configuring SNMPv3 UsersThe access point allows up to 10 SNMP v3 users to be configured. Each user must be defined by a uniqu

SNMP6-476CLI Commands for Configuring SNMPv3 Users – Use the snmp-server engine-id command to define the SNMP v3 engine before assigning users to grou