3Com SRWL-306 User Manual

11111111M AAAAcc
Mbp
MM
cceeeess
cccc
ss PPPPooooiiiinnnnt
ss ss
bps
s W
s s
WiiiirrrreeeelllleeeessssssssLLLLAN
WW
t 8000
8000
t t
8000 8000
AN
AN AN
UUUUsssseeeer
Version 1.0
r GGGGuuuuiiiiddddeeee
r r
http://www.3com.com/ http://support.3com.com/registration/frontpg.pl/
Published January, 2002 Version 1.0
3Com Corporation
5400 Bayfront Plaza Santa Clara, California 95052-8145
Copyright © 2002 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or as a commercial item as defined in FAR2. 1 01(a) and as such is provided with only such rights as are provided in 3Coms standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com and AirConnect are registered trademarks and the 3Com logo is a trademark of 3ComCorporation. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation.
All other company and product names may be trademarks of the respective companies with which they are associated.
EXPORT RESTRICTIONS:
transferred from the US or Canada without an approved US Department of Commerce export license.
This product or software contains encryption code which may not be exported or
ONTENTS
CCCC
I
1
NTRODUCTION
Setting up a Wireless Network 1
Wireless and Wired Networks 1
Network Security and RADIUS Support 1 AP8000 Feature Summary 2 Installation Overview 3 Software Utilities 4
I
2
NSTALLING THEACCESSPOINT
Before You Begin 5 Deciding Where to Place Equipment 6 Connecting the Standard Antenna 6 Placing the Access Point 7
Mounting on a Wall 7
Mounting on a Ceiling 8 Connecting Power 9 Connecting to an Ethernet Network 10 Checking the LEDs 10 Antenna Options 11
Omnidirectional Antenna 11 Ceiling Mount Omnidirectional Antenna 11 Ceiling Mount Hallway Antenna 12 Directional Panel Antenna 12
Connecting an Optional Antenna 13
A
3
4
CCESSPOINTSECURITY
Security Configuration Options 15 Using the Wireless 802.1X Agent 16
Authentication and Login 16
802.1x Client Properties 17
M
ANAGING THEWIRELESS
Overview 19 Starting the Device Manager 19
Selecting a Device 19
The Pre-IP Configuration Wizard 20
Installing the Management Device on a Computer 21
LAN
Using the Configuration Management System 21 System Configuration 21
Access Point Properties 22 Network Properties 22 Data Transmission Properties 23
Security 24
AP Encryption 24 User Access List 25 RADIUS Authentication and Accounting 26
Management 26
SNMP Management 26 TFTP Setup 26 System Log Setup 26
Too ls 27
Upgrade System 27
Downloading Upgrade Files 27 Installing an Upgrade 27
Change Administration Password 27 Configuration Backups 28 Statistics 28 System Status 29 Restoring an Access Point to Factory Defaults 29 Interoperating with Third-Party Equipment 29
C
5
ONDUCTING ASITESURVEY
Choosing Trial Locations 31
Environmental Requirements 31
Electrical Requirements 32 Summary of the Survey Procedure 32 Using the Site Survey Tool 32
Setting up Equipment 33
Launching the Tool 33
Configuring the Site Survey 33
Running the Tests 33 Interpreting Test Results 35 Site Survey Menus 36
T
6
ROUBLESHOOTING
T
A
ECHNICALSUPPORT
Online Technical Services 39
World Wide Web Site 39
3Com Knowledgebase Web Services 39
3Com FTP Site 39 Support fromYour Network Supplier 40 Support from 3Com 40
I
NDEX
R
EGULATORYCOMPLIANCEINFORMATION
1
1
11
NTRODUCTION
IIII
The 3Com wireless product family lets you set up a local area network (LAN) without the restraints of network cabling. If your office already has an Ethernet LAN, the 3Com 11 Mbps Wireless LAN Access Point 8000 can extend the network without additional cabling. The access point security features will also extend the security of installed wired networks to include all wireless components.

Setting up a Wireless Network

Wireless and Wired
Networks
Network Security and
RADIUS Support
The type of network you configure depends on the size of your office and whether you require a connection to a wired LAN. A simple configuration consists of an access point and several clients. The clients can associate with the wireless network anywhere within the coverage area of the access point.
For more complex requirements, you can configure several access points as separate networks at the same site. The access points use different network identifiers called wireless LAN service areas (WLAN service areas) or Extended Service Set Identities (ESSID). Client computers can roam within the coverage areas of access points that have the same WLAN service areas.
An access point can be connected to a wired LAN by an Ethernet cable acting as a bridge between the wired and wireless networks. In this configuration, the access point provides the link between the wired network and wireless clients. Clients can move freely throughout the service area of the access point and remain associated with the larger network, allowing client access to the full range of network services.
For complete wireless coverage, several access points can be connected to an existing LAN. Wireless clients can roam freely between different access points with the same WLAN service areas and remain associated with the larger network.
The Access Point 8000 provides a multiple-layer security solution, supporting the IEEE 802.1x, Remote Access Dial-In User Service (RADIUS) Authentication, and the Extensible Authentication Protocol (EAP). If you do not have a centralized RADIUS server, the access points Dynamic Security Link manages network login. The access points internal data base supports up to 1000 users.
1: I
HAPTER
2
C
NTRODUCTION
The security configuration options include:
Authentication Encryption Description
802.11 standard Open
802.11 standard 40-bit shared key
802.11 standard 128-bit shared key
Dynamic Security Link 128-bit dynamic key
802.1x/RADIUS Authentication (EAP-MD5)
802.1x/RADIUS Authentication (EAP-TLS)
802.1x/RADIUS Serial Authentication (EAP-TLS, EAP-MD5)
No encryption Basic area network name with no encryption.
40-bit shared key Standard WiFi Requirement to insure
interoperability.
128-bit shared key Strong encryption. Compatible with other
vendors' 128-bit shared key scheme including AirConnect, Agere, and Cisco.
128-bit dynamic key 3Com proprietary scheme to enable user-level
authentication with 128-bit dynamic per user, per session key.
No encryption 40-bit shared key 128-bit shared key
40-bit dynamic key 128-bit dynamic key
40-bit dynamic key 128-bit dynamic key
RADIUS authentication using the MD5 authentication method (username- and password-based) and access point encryption.
Certificate-based mutual RADIUS authentication with 40 and128-bit Dynamic encryption key.
Mutual RADIUS authentication implementation base on proposed IEEE draft. Uses 3Com Universal Client Certificate to allow client and RADIUS to mutually authenticate (EAP-TLS) and perform User authentication (EAP-MD5).

AP8000 Feature Summary

Clear channel select When initializing, automatically scans the frequency spectrum and
Power over Ethernet Powered over the Ethernet cable to reduce the number of cables. Access point discovery Clients and network administrators can discover access points and
Rate control Rate Control options available in the access point to select
Transmit power control Adjustable power level from minimum tomaximum to extend
Roaming within segments Allows client to roam between access points within the same
User support Supports up to 256 simultaneous users, regardless of mode of
DHCP support Uses DHCP to obtain a leased IP address and network
SNMP and MIB interfaces SNMP, HP OpenView, and 3Com Network Supervisor (3NS). Support for multiple
access points
Authentication features Supports RADIUS authentication between the wireless client and
selects the channel with the least interference.
ESSIDs within the same network segment. The network administrator can also discover, manage, and upgrade access points across routers by means of the 3Com Network Supervisor (3NS).
Optional, Required, or Not Used.
transmission range.
segment.
operation.
configuration information from a server. If the network has no DHCP server, the access points internal DHCP server assigns IP addresses to clients in a stand-alone wireless network.
Simultaneous setup and configuration of multiple access points, as well as simultaneous upgrades.
Bulk configuration and profile download capability.
the RADIUS servers, in conjunction with the IEEE 802.1x.

Installation Overview

3
Installation Overview
802.1x Support Port-based network access control utilizes the physical
Encryption Supports 40-bit and 128-bit shared encryption, and 128-bit
Management tools Web server in the access point supports device configuration and
1
Choose the best place for the installation (flat surface, wall, or acoustical ceiling).
characteristics of the switched LAN infrastructures to authenticate devices attached to a LAN port, and prevent access to that port in cases where the authentication process fails.
dynamic encryption key. Compatible with Cisco and Agere/Lucent Access Points and Clients, Microsoft
management through your web browser. Access point software tools run under Windows 95, 98, 98se, Me, WinNT 4.0 SP4 or above, Windows 2000, and Windows XP. The 3Com Network Supervisor discovers and displays a map of all Wireless Clients within a segment. Built-in Web server simplifies firmware upgrades. Web-based interface requires Java script support and so is compatible with Internet Explorer 5.0 or greater and Netscape Communicator 6.0 or greater.
Look for a location away from equipment that might cause radio interference. The site should be elevated and centrally located relative to the users on your wireless network.
2
Make sure that you are familiar with the following items and have them available where required for your installation:
Access point
3Com Integrated Power-over-Ethernet power supply and power cord
Standard category 5 straight (8-wire) Ethernet cable
Mounting hardware (for wall- or ceiling-mount installations)
It may be useful for you to conduct a site survey before permanently installing the access point. See Conducting a Site Survey on page 31.
3
Install the access point following the steps outlined in Installing the Access Point on page 5.
4
Connect the access point to the power supply and connect the power supply to a power source. (If you use your own power-over-Ethernet hub or switch, ensure that your equipment also complies with the IEEE 802.3af standard.)
5
If you are linking your wireless network to your wired Ethernet network, run an Ethernet segment from the To Hub/Switch port on the power brick to a LAN port. (Be sure you do not connect the Ethernet segment to the port labeled To Access Point. Doing so may damage network components.)
6
After hardware installation is complete, install the access point tools, utilities, and user guide from the installation CD.
7
To set access point security or configure the wireless network, refer to Managing the Wireless LAN on page19.
8
To set up a wireless client to authenticate through the access point to your RADIUS server , refer to Using the Wireless 802.1X Agent on page16.
9
For information on improving the signal between the access point and a wireless client, see Antenna Options on page 11.
1: I
HAPTER
4
C
NTRODUCTION

Software Utilities

The 3Com Administrator Utilities CD includes tools and utilities to help you set up and administer the wireless components of your network. Software tools and utilities are presented as Tools and Utilities options on the main menu of the CD and include:
Install the Utility Software and Documentation.
This option installs the Wireless Infrastructure Device Manager Tool which you can use to monitor access points and select devices for administrative changes. It also installs the Site Survey Tool and product documentation in other languages as translations become available.
Install TFTP Server Tool.
A TFTP server is required for firmware upgrades and for backing up and restoring access point configuration files. This option launches 3CDaemon, which installs a TFTP server for you. You do not have to select this option if you already have a TFTP server set up.
Install 802.1x Client Tool.
This option installs the Wireless Authentication Agent for 802.1x support. If you will be using the access point in conjunction with a RADIUS authentication server, you must install this agent on each wireless client PC in the network. On systems running Windows XP this agent is not required because 802.1x support is built into the operating system.
Install the 3Com Network Supervisor.
The 3Com Network Supervisor is a centralized network management software program. It is not required for managing access points. It is included for sites that require centralized network management and are not already using an SNMP-based tool.
Install the 3Com Network Supervisor Service Pack 2.
This is an upgrade package for the 3Com Network Supervisor. You should install the service pack only after installing the 3Com Network Supervisor.
Install Adobe Acrobat Reader.
For users who do not already have Acrobat Reader for viewing the PDF documentation, a current version is included on the CD.
Install Internet Explorer 5.5.
For users who do not already have a browser that supports the HTML version 4 (required for the Configuration Management System user interface), a current version of Internet Explorer is included on the CD. If you need to change or upgrade to a browser that supports the HTML version 4 interface of the Configuration Management System, you can install this software.
2
2
22
NSTALLING
IIII
THE
CCESS
AAAA
PPPP
OINT

Before You Begin

The following items are required for installation:
3Com Integrated Power-over-Ethernet power supply and power cord.
Standard category 5 straight (8-wire) Ethernet cable for connecting the access
point to the power supply. This length of cable must reach from the access point to the power supply.
If you plan to connect the access point to a wired network, you will need an additional length of Ethernet cable.
If you plan to mount the access point on a wall:
Mounting template
Wall mount hardware kit
If you plan to mount the access point to the T-rail grid of an acoustical ceiling:
Mounting bracket
Two #6 panhead screws
For advanced installations, we recommend that you conduct a site survey before permanently installing the access point. A site survey tool is provided on the 3Com Administrator Utilities CD. To conduct the survey, you must also use the administrator utilities to set up a wireless client. See Conducting a Site Survey on page 31.
CAUTION:
cables, and antennas.
After hardware installation is complete:
Install the access point tools, utilities, and user guide from the installation CD.
Review the default system settings and ensure they are suitable for your site.
If required, use the administrative utilities to change configuration parameters.
See Using the Configuration Management System on page21.
For the latest networking information, see the 3Com Corporation World Wide Web at:
http://www.3com.com/
Only professional network personnel should install the access point,
2: I
HAPTER
6
C
NSTALLING THEACCESSPOINT

Deciding Where to Place Equipment

Connecting the Standard Antenna

Select a clean, dry location that provides good reception. The site should not be close to transformers, heavy-duty motors, fluorescent lights, microwave ovens, refrigerators and other equipment.
If you are connecting the access point to a wired network, the location must provide an Ethernet connection. The power supply also requires an Ethernet connection, and in addition must be located near a power source. An Ethernet cable will have to run from the power supply to the access point.
An access point provides coverage at distances of up to 1000 feet. Signal loss can occur if metal, concrete, brick, walls, or floors block transmission. If your office has these kinds of obstructions, you may need to add additional access points to improve coverage.
If you plan to use one the available optional antennas instead of the standard detachable antennas, review Antenna Options on page 11 before selecting the final location and be sure to allow for routing the antenna cable.
Do not install the access point in wet ordusty areas without protection. Make sure
the temperature ranges between 20° C to 5 C (4° F to 131° F).
The access point is supplied with standard detachable antennas. These should be attached before the access point is installed.
1
Carefully unpack the standard detachable antennas.
2
Screw an antenna into each of the sockets in the access point housing.
3
Hand-tighten the antennas.
4
Position the antennas so they turn out and away from the access point at a 45-degree angle.
As a rule, the initial orientation of the antennas should be perpendicular to the floor. After network startup, you may need to adjust the antennas to fine-tune coverage in your area.
Depending on the coverage required for your site, you may want to replace the standard detachable antennas with one of the external antennas available for use with the access point. See Antenna Options on page11 .
The standard detachable antennas do not have an electrical connection between the mask mount and the coaxial cable shield. However, adding a lightning arrestor will correct this situation by grounding the outer shield as recommended. Some arrestor designs provide over-voltage protection for the signal sent down the cable. If you use such a design, be sure tha t it can pass signals used in the 2.5GHz signal range. Many inexpensive units are available with F connectors, but these are typically designed for cable TV-UHF applications and may degrade the signals in the band used by the wireless bridge.

Placing the Access Point

7
Placing the Access Point

Mounting on a Wall

The access point can be placed on a flat surface such as a table or desktop or it can be mounted on a wall or to theT-rail grid of an acoustical ceiling. If you choose a flat surface, select one clear of obstructions and provides good reception. Place the access point and adjust the antenna so that the arms point up and away from the access point at a 45-degree angle.
To mount an access point on a wall, follow the instructions on the mounting template supplied in the box and refer to the following illustration. Preferably, mount the access point near the ceiling above any obstructions that could block transmission. Position the antenna so that the arms point out and away from the access point at a 45-degree angle
2: I
HAPTER
8
C
NSTALLING THEACCESSPOINT

Mounting on a Ceiling

To mount an access point to theT-rail grid of an acoustical ceiling, you must first attach the mounting bracket to the access point as shown.
R
E
S
E
T
T
O
P
O
W
E
R
SU
P
P
L
Y
Align the T-rail grips with the ceiling T-rail, adjusting them so they grip the T-rail snugly. Tighten the screws on the T-rail grip. Position the antenna so that the arms point down and away from the access point at a 45-degree angle.
R
E
SET
TO P
O
W
E
R
SUP
P
LY
P
O
W
WIR
E
R
E
LE
E
T
S
H
S
E
R
NET
NOTE: After installation, there maybe some play in the fit of the T-rail grips on the T-rail. This is likely due to the size of the T-rails but should not prevent a secure grip.
Connecting Power
9

Connecting Power

The access point is powered by the 3Com Integrated Power-over-Ethernet power supply, which provides power over a standard category 5 straight (8-wire) Ethernet cable. This eliminates the need to run standard power directly to the access point.
The power supply can be located at any point between the access point and the LAN access port (if you plan to connect to a wired LAN), where a convenient power outlet exists.
NOTE: The access point is IEEE 802.3af compliant. Before connecting the access point to your own power-over-Ethernet hub or switch, ensure that your equipment also complies with the IEEE 802.3af standard.
When you connect the power make sure you connect the cable to the port labeled
To Access Point
on the power supply. When the access point receives power, the
LEDs light.
CAUTION
: If you supply your own Ethernet cable for connecting power, be sure that it is standard cable that has not been altered in any way. Use of nonstandard cable could damage the access point.
POW
ER WI
RE
L
ESS
ET
H
ERN
RESET
ET
T
O
POW
ER S
UP
PLY
T
O
AC
C
ESS POI
N
T
TO
H
UB/
S
W
I
T
C
H

Connecting to an Ethernet Network

Use a standard Ethernet cable to connect the access point to an Ethernet network, as shown below.
CAUTION
: To avoid damaging other components connected to the network,
make sure that the Ethernet cable connected to the LAN port is plugged into the
To Hub/Switch
RESET
port on the power supply (not the
POW
ER
W
I
RELESS
ET
H
ERN
ET
T
O POW
ER S
UPPLY
T
O
A
CC
ESS
POI
NT
T
O
H
UB/
S
WI
T
C
H
To Access Point
port).
E
t h
e
r n
e
t

Checking the LEDs

Table 1
LED Description
Power
Wireless
Ethernet
OnAccess point has power.
OffAccess point is not receiving power.
BlinkingThe access point is operating. The blink speed ranges from
approximately once every 2.5 seconds to approximately 10 times per second, depending on the signal strength and transmission speed.
OffThe access point is not receiving power.
BlinkingWired LAN traffic is detected. Faster blinking indicates
heavier traffic. OffThere is no wired LAN connection or the access point is not
receiving power.
Loading...
+ 36 hidden pages