11111111M
AAAAcc
Mbp
MM
cceeeess
cccc
ss PPPPooooiiiinnnnt
ss ss
bps
bpbp
s W
s s
WiiiirrrreeeelllleeeessssssssLLLLAN
WW
t 8000
8000
t t
8000 8000
AN
AN AN
UUUUsssseeeer
Version 1.0
r GGGGuuuuiiiiddddeeee
r r
http://www.3com.com/
http://support.3com.com/registration/frontpg.pl/
Published January, 2002
Version 1.0
3Com Corporation
5400 Bayfront Plaza
Santa Clara, California
95052-8145
Copyright © 2002 3Com Corporation. All rights reserved. No part of this documentation may be reproduced
in any form or by any means or used to make any derivative work (such as translation, transformation, or
adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein
are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995)
or as a commercial item as defined in FAR2. 1 01(a) and as such is provided with only such rights as are
provided in 3Coms standard commercial license for the Software. Technical data is provided with limited
rights only as provided in DFAR 252.227-7015 (Nov1995) or FAR 52.227-14 (June 1987), whichever is
applicable. You agree not to remove or deface any portion of any legend provided on any licensed program
or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may
not be registered in other countries.
3Com and AirConnect are registered trademarks and the 3Com logo is a trademark of 3ComCorporation.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation.
All other company and product names may be trademarks of the respective companies with which they
are associated.
EXPORT RESTRICTIONS:
transferred from the US or Canada without an approved US Department of Commerce export license.
This product or software contains encryption code which may not be exported or
ONTENTS
CCCC
I
1
NTRODUCTION
Setting up a Wireless Network 1
Wireless and Wired Networks 1
Network Security and RADIUS Support 1
AP8000 Feature Summary 2
Installation Overview 3
Software Utilities 4
I
2
NSTALLING THEACCESSPOINT
Before You Begin 5
Deciding Where to Place Equipment 6
Connecting the Standard Antenna 6
Placing the Access Point 7
Mounting on a Wall 7
Mounting on a Ceiling 8
Connecting Power 9
Connecting to an Ethernet Network 10
Checking the LEDs 10
Antenna Options 11
Omnidirectional Antenna 11
Ceiling Mount Omnidirectional Antenna 11
Ceiling Mount Hallway Antenna 12
Directional Panel Antenna 12
Connecting an Optional Antenna 13
A
3
4
CCESSPOINTSECURITY
Security Configuration Options 15
Using the Wireless 802.1X Agent 16
Authentication and Login 16
802.1x Client Properties 17
M
ANAGING THEWIRELESS
Overview 19
Starting the Device Manager 19
Selecting a Device 19
The Pre-IP Configuration Wizard 20
Installing the Management Device on a Computer 21
LAN
Using the Configuration Management System 21
System Configuration 21
Access Point Properties 22
Network Properties 22
Data Transmission Properties 23
Security 24
AP Encryption 24
User Access List 25
RADIUS Authentication and Accounting 26
Management 26
SNMP Management 26
TFTP Setup 26
System Log Setup 26
Too ls 27
Upgrade System 27
Downloading Upgrade Files 27
Installing an Upgrade 27
Change Administration Password 27
Configuration Backups 28
Statistics 28
System Status 29
Restoring an Access Point to Factory Defaults 29
Interoperating with Third-Party Equipment 29
C
5
ONDUCTING ASITESURVEY
Choosing Trial Locations 31
Environmental Requirements 31
Electrical Requirements 32
Summary of the Survey Procedure 32
Using the Site Survey Tool 32
Setting up Equipment 33
Launching the Tool 33
Configuring the Site Survey 33
Running the Tests 33
Interpreting Test Results 35
Site Survey Menus 36
T
6
ROUBLESHOOTING
T
A
ECHNICALSUPPORT
Online Technical Services 39
World Wide Web Site 39
3Com Knowledgebase Web Services 39
3Com FTP Site 39
Support fromYour Network Supplier 40
Support from 3Com 40
I
NDEX
R
EGULATORYCOMPLIANCEINFORMATION
1
1
11
NTRODUCTION
IIII
The 3Com wireless product family lets you set up a local area network (LAN)
without the restraints of network cabling. If your office already has an Ethernet
LAN, the 3Com 11 Mbps Wireless LAN Access Point 8000 can extend the network
without additional cabling. The access point security features will also extend the
security of installed wired networks to include all wireless components.
Setting up a Wireless
Network
Wireless and Wired
Networks
Network Security and
RADIUS Support
The type of network you configure depends on the size of your office and whether
you require a connection to a wired LAN. A simple configuration consists of an
access point and several clients. The clients can associate with the wireless
network anywhere within the coverage area of the access point.
For more complex requirements, you can configure several access points as
separate networks at the same site. The access points use different network
identifiers called wireless LAN service areas (WLAN service areas) or Extended
Service Set Identities (ESSID). Client computers can roam within the coverage areas
of access points that have the same WLAN service areas.
An access point can be connected to a wired LAN by an Ethernet cable acting as a
bridge between the wired and wireless networks. In this configuration, the access
point provides the link between the wired network and wireless clients. Clients can
move freely throughout the service area of the access point and remain associated
with the larger network, allowing client access to the full range of network
services.
For complete wireless coverage, several access points can be connected to an
existing LAN. Wireless clients can roam freely between different access points with
the same WLAN service areas and remain associated with the larger network.
The Access Point 8000 provides a multiple-layer security solution, supporting the
IEEE 802.1x, Remote Access Dial-In User Service (RADIUS) Authentication, and the
Extensible Authentication Protocol (EAP). If you do not have a centralized RADIUS
server, the access points Dynamic Security Link manages network login. The
access points internal data base supports up to 1000 users.
1: I
HAPTER
2
C
NTRODUCTION
The security configuration options include:
Authentication Encryption Description
802.11 standard
Open
802.11 standard
40-bit shared key
802.11 standard
128-bit shared key
Dynamic Security Link
128-bit dynamic key
802.1x/RADIUS
Authentication
(EAP-MD5)
802.1x/RADIUS
Authentication
(EAP-TLS)
802.1x/RADIUS
Serial Authentication
(EAP-TLS, EAP-MD5)
No encryption Basic area network name with no encryption.
40-bit shared key Standard WiFi Requirement to insure
interoperability.
128-bit shared key Strong encryption. Compatible with other
vendors' 128-bit shared key scheme including
AirConnect, Agere, and Cisco.
128-bit dynamic key 3Com proprietary scheme to enable user-level
authentication with 128-bit dynamic per user,
per session key.
No encryption
40-bit shared key
128-bit shared key
40-bit dynamic key
128-bit dynamic key
40-bit dynamic key
128-bit dynamic key
RADIUS authentication using the MD5
authentication method (username- and
password-based) and access point encryption.
Certificate-based mutual RADIUS
authentication with 40 and128-bit Dynamic
encryption key.
Mutual RADIUS authentication
implementation base on proposed IEEE draft.
Uses 3Com Universal Client Certificate to
allow client and RADIUS to mutually
authenticate (EAP-TLS) and perform User
authentication (EAP-MD5).
AP8000 Feature
Summary
Clear channel select When initializing, automatically scans the frequency spectrum and
Power over Ethernet Powered over the Ethernet cable to reduce the number of cables.
Access point discovery Clients and network administrators can discover access points and
Rate control Rate Control options available in the access point to select
Transmit power control Adjustable power level from minimum tomaximum to extend
Roaming within segments Allows client to roam between access points within the same
User support Supports up to 256 simultaneous users, regardless of mode of
DHCP support Uses DHCP to obtain a leased IP address and network
SNMP and MIB interfaces SNMP, HP OpenView, and 3Com Network Supervisor (3NS).
Support for multiple
access points
Authentication features Supports RADIUS authentication between the wireless client and
selects the channel with the least interference.
ESSIDs within the same network segment. The network
administrator can also discover, manage, and upgrade access
points across routers by means of the 3Com Network Supervisor
(3NS).
Optional, Required, or Not Used.
transmission range.
segment.
operation.
configuration information from a server. If the network has no
DHCP server, the access points internal DHCP server assigns IP
addresses to clients in a stand-alone wireless network.
Simultaneous setup and configuration of multiple access points, as
well as simultaneous upgrades.
Bulk configuration and profile download capability.
the RADIUS servers, in conjunction with the IEEE 802.1x.
Installation Overview
3
Installation Overview
802.1x Support Port-based network access control utilizes the physical
Encryption Supports 40-bit and 128-bit shared encryption, and 128-bit
Management tools Web server in the access point supports device configuration and
1
Choose the best place for the installation (flat surface, wall, or acoustical ceiling).
characteristics of the switched LAN infrastructures to authenticate
devices attached to a LAN port, and prevent access to that port in
cases where the authentication process fails.
dynamic encryption key. Compatible with Cisco and Agere/Lucent
Access Points and Clients, Microsoft
management through your web browser. Access point software
tools run under Windows 95, 98, 98se, Me, WinNT 4.0 SP4 or
above, Windows 2000, and Windows XP. The 3Com Network
Supervisor discovers and displays a map of all Wireless Clients
within a segment. Built-in Web server simplifies firmware
upgrades. Web-based interface requires Java script support and so
is compatible with Internet Explorer 5.0 or greater and Netscape
Communicator 6.0 or greater.
Look for a location away from equipment that might cause radio interference. The
site should be elevated and centrally located relative to the users on your wireless
network.
2
Make sure that you are familiar with the following items and have them available
where required for your installation:
Access point
■
3Com Integrated Power-over-Ethernet power supply and power cord
■
Standard category 5 straight (8-wire) Ethernet cable
■
Mounting hardware (for wall- or ceiling-mount installations)
■
It may be useful for you to conduct a site survey before permanently installing the
access point. See Conducting a Site Survey on page 31.
3
Install the access point following the steps outlined in Installing the Access Point
on page 5.
4
Connect the access point to the power supply and connect the power supply to a
power source. (If you use your own power-over-Ethernet hub or switch, ensure
that your equipment also complies with the IEEE 802.3af standard.)
5
If you are linking your wireless network to your wired Ethernet network, run an
Ethernet segment from the To Hub/Switch port on the power brick to a LAN port.
(Be sure you do not connect the Ethernet segment to the port labeled To Access
Point. Doing so may damage network components.)
6
After hardware installation is complete, install the access point tools, utilities, and
user guide from the installation CD.
7
To set access point security or configure the wireless network, refer to Managing
the Wireless LAN on page19.
8
To set up a wireless client to authenticate through the access point to your RADIUS
server , refer to Using the Wireless 802.1X Agent on page16.
9
For information on improving the signal between the access point and a wireless
client, see Antenna Options on page 11.
1: I
HAPTER
4
C
NTRODUCTION
Software Utilities
The 3Com Administrator Utilities CD includes tools and utilities to help you set up
and administer the wireless components of your network. Software tools and
utilities are presented as Tools and Utilities options on the main menu of the CD
and include:
■
Install the Utility Software and Documentation.
This option installs the
Wireless Infrastructure Device Manager Tool which you can use to monitor
access points and select devices for administrative changes. It also installs the
Site Survey Tool and product documentation in other languages as translations
become available.
■
Install TFTP Server Tool.
A TFTP server is required for firmware upgrades and
for backing up and restoring access point configuration files. This option
launches 3CDaemon, which installs a TFTP server for you. You do not have to
select this option if you already have a TFTP server set up.
■
Install 802.1x Client Tool.
This option installs the Wireless Authentication
Agent for 802.1x support. If you will be using the access point in conjunction
with a RADIUS authentication server, you must install this agent on each
wireless client PC in the network. On systems running Windows XP this agent
is not required because 802.1x support is built into the operating system.
■
Install the 3Com Network Supervisor.
The 3Com Network Supervisor is a
centralized network management software program. It is not required for
managing access points. It is included for sites that require centralized network
management and are not already using an SNMP-based tool.
■
Install the 3Com Network Supervisor Service Pack 2.
This is an upgrade
package for the 3Com Network Supervisor. You should install the service pack
only after installing the 3Com Network Supervisor.
■
Install Adobe Acrobat Reader.
For users who do not already have Acrobat
Reader for viewing the PDF documentation, a current version is included on the
CD.
■
Install Internet Explorer 5.5.
For users who do not already have a browser
that supports the HTML version 4 (required for the Configuration Management
System user interface), a current version of Internet Explorer is included on the
CD. If you need to change or upgrade to a browser that supports the HTML
version 4 interface of the Configuration Management System, you can install
this software.
2
2
22
NSTALLING
IIII
THE
CCESS
AAAA
PPPP
OINT
Before You Begin
The following items are required for installation:
3Com Integrated Power-over-Ethernet power supply and power cord.
■
Standard category 5 straight (8-wire) Ethernet cable for connecting the access
■
point to the power supply. This length of cable must reach from the access
point to the power supply.
If you plan to connect the access point to a wired network, you will need an
additional length of Ethernet cable.
If you plan to mount the access point on a wall:
■
Mounting template
■
Wall mount hardware kit
■
If you plan to mount the access point to the T-rail grid of an acoustical ceiling:
■
Mounting bracket
■
Two #6 panhead screws
■
For advanced installations, we recommend that you conduct a site survey before
permanently installing the access point. A site survey tool is provided on the
3Com Administrator Utilities CD. To conduct the survey, you must also use the
administrator utilities to set up a wireless client. See Conducting a Site Survey
on page 31.
CAUTION:
cables, and antennas.
After hardware installation is complete:
Install the access point tools, utilities, and user guide from the installation CD.
■
Review the default system settings and ensure they are suitable for your site.
■
If required, use the administrative utilities to change configuration parameters.
■
See Using the Configuration Management System on page21.
For the latest networking information, see the 3Com Corporation World Wide
Web at:
http://www.3com.com/
Only professional network personnel should install the access point,
2: I
HAPTER
6
C
NSTALLING THEACCESSPOINT
Deciding Where to
Place Equipment
Connecting the
Standard Antenna
Select a clean, dry location that provides good reception. The site should not be
close to transformers, heavy-duty motors, fluorescent lights, microwave ovens,
refrigerators and other equipment.
If you are connecting the access point to a wired network, the location must
provide an Ethernet connection. The power supply also requires an Ethernet
connection, and in addition must be located near a power source. An Ethernet
cable will have to run from the power supply to the access point.
An access point provides coverage at distances of up to 1000 feet. Signal loss can
occur if metal, concrete, brick, walls, or floors block transmission. If your office has
these kinds of obstructions, you may need to add additional access points to
improve coverage.
If you plan to use one the available optional antennas instead of the standard
detachable antennas, review Antenna Options on page 11 before selecting the
final location and be sure to allow for routing the antenna cable.
Do not install the access point in wet ordusty areas without protection. Make sure
the temperature ranges between 20° C to 55° C (4° F to 131° F).
The access point is supplied with standard detachable antennas. These should be
attached before the access point is installed.
1
Carefully unpack the standard detachable antennas.
2
Screw an antenna into each of the sockets in the access point housing.
3
Hand-tighten the antennas.
4
Position the antennas so they turn out and away from the access point at a
45-degree angle.
As a rule, the initial orientation of the antennas should be perpendicular to the
floor. After network startup, you may need to adjust the antennas to fine-tune
coverage in your area.
Depending on the coverage required for your site, you may want to replace the
standard detachable antennas with one of the external antennas available for use
with the access point. See Antenna Options on page11 .
The standard detachable antennas do not have an electrical connection between
the mask mount and the coaxial cable shield. However, adding a lightning arrestor
will correct this situation by grounding the outer shield as recommended. Some
arrestor designs provide over-voltage protection for the signal sent down the
cable. If you use such a design, be sure tha t it can pass signals used in the 2.5GHz
signal range. Many inexpensive units are available with F connectors, but these are
typically designed for cable TV-UHF applications and may degrade the signals in
the band used by the wireless bridge.
Placing the Access Point
7
Placing the Access
Point
Mounting on a Wall
The access point can be placed on a flat surface such as a table or desktop or it
can be mounted on a wall or to theT-rail grid of an acoustical ceiling. If you
choose a flat surface, select one clear of obstructions and provides good
reception. Place the access point and adjust the antenna so that the arms point up
and away from the access point at a 45-degree angle.
To mount an access point on a wall, follow the instructions on the mounting
template supplied in the box and refer to the following illustration. Preferably,
mount the access point near the ceiling above any obstructions that could block
transmission. Position the antenna so that the arms point out and away from the
access point at a 45-degree angle
2: I
HAPTER
8
C
NSTALLING THEACCESSPOINT
Mounting on a Ceiling
To mount an access point to theT-rail grid of an acoustical ceiling, you must first
attach the mounting bracket to the access point as shown.
R
E
S
E
T
T
O
P
O
W
E
R
SU
P
P
L
Y
Align the T-rail grips with the ceiling T-rail, adjusting them so they grip the T-rail
snugly. Tighten the screws on the T-rail grip. Position the antenna so that the arms
point down and away from the access point at a 45-degree angle.
R
E
SET
TO P
O
W
E
R
SUP
P
LY
P
O
W
WIR
E
R
E
LE
E
T
S
H
S
E
R
NET
NOTE: After installation, there maybe some play in the fit of the T-rail grips on the
T-rail. This is likely due to the size of the T-rails but should not prevent a secure
grip.
Connecting Power
9
Connecting Power
The access point is powered by the 3Com Integrated Power-over-Ethernet power
supply, which provides power over a standard category 5 straight (8-wire) Ethernet
cable. This eliminates the need to run standard power directly to the access point.
The power supply can be located at any point between the access point and the
LAN access port (if you plan to connect to a wired LAN), where a convenient
power outlet exists.
NOTE: The access point is IEEE 802.3af compliant. Before connecting the access
point to your own power-over-Ethernet hub or switch, ensure that your
equipment also complies with the IEEE 802.3af standard.
When you connect the power make sure you connect the cable to the port labeled
To Access Point
on the power supply. When the access point receives power, the
LEDs light.
CAUTION
: If you supply your own Ethernet cable for connecting power, be sure
that it is standard cable that has not been altered in any way. Use of
nonstandard cable could damage the access point.
POW
ER
WI
RE
L
ESS
ET
H
ERN
RESET
ET
T
O
POW
ER S
UP
PLY
T
O
AC
C
ESS POI
N
T
TO
H
UB/
S
W
I
T
C
H
Connecting to an
Ethernet Network
Use a standard Ethernet cable to connect the access point to an Ethernet network,
as shown below.
CAUTION
: To avoid damaging other components connected to the network,
make sure that the Ethernet cable connected to the LAN port is plugged into the
To Hub/Switch
RESET
port on the power supply (not the
POW
ER
W
I
RELESS
ET
H
ERN
ET
T
O POW
ER S
UPPLY
T
O
A
CC
ESS
POI
NT
T
O
H
UB/
S
WI
T
C
H
To Access Point
port).
E
t
h
e
r
n
e
t
Checking the LEDs
Table 1
LED Description
Power
Wireless
Ethernet
OnAccess point has power.
■
OffAccess point is not receiving power.
■
BlinkingThe access point is operating. The blink speed ranges from
■
approximately once every 2.5 seconds to approximately 10 times per
second, depending on the signal strength and transmission speed.
OffThe access point is not receiving power.
■
BlinkingWired LAN traffic is detected. Faster blinking indicates
■
heavier traffic.
OffThere is no wired LAN connection or the access point is not
■
receiving power.