Avaya W310 User Manual

Avaya W310 WLAN Gateway

Installation and Configuration

User Guide

Document No. 21-300041

Issue 2

October 13, 2004

Copyright 2004, Avaya Inc.
All Rights Reserved

Notice

Every effort was made to ensure that the information in this document
was complete and accurate at the time of printing. However,
information is subject to change.

Warranty

Avaya Inc. provides a limited warranty on this product. Refer to your
sales agreement to establish the terms of the limited warranty. In
addition, Avaya’s standard warranty language as well as information
regarding support for this product, while under warranty, is available
through the following Web site: http://www.avaya.com/support

.

How to Get Help

For additional support telephone numbers, go to the Avaya support
Web site: http://www.avaya.com/support

. If you are:

• Within the United States, click the Escalation Management link.
Then click the appropriate link for the type of support you need.

• Outside the United States, click the Escalation Management link.
Then click the International Services link that includes telephone
numbers for the international Centers of Excellence.

Providing Telecommunications Security

Telecommunications security (of voice, data, and/or video
communications) is the prevention of any type of intrusion to (that is,
either unauthorized or malicious access to or use of) your company's
telecommunications equipment by some party.

Your company's “telecommunications equipment” includes both this
Avaya product and any other voice/data/video equipment that could be
accessed via this Avaya product (that is, “networked equipment”).

An “outside party” is anyone who is not a corporate employee, agent,
subcontractor, or is not working on your company's behalf. Whereas, a
“malicious party” is anyone (including someone who may be
otherwise authorized) who accesses your telecommunications
equipment with either malicious or mischievous intent.

Such intrusions may be either to/through synchronous (time­multiplexed and/or circuit-based) or asynchronous (character-,
message-, or packet-based) equipment or interfaces for reasons of:

• Utilization (of capabilities special to the accessed equipment)

• Theft (such as, of intellectual property, financial assets, or toll
facility access)

• Eavesdropping (privacy invasions to humans)

• Mischief (troubling, but apparently innocuous, tampering)

• Harm (such as harmful tampering, data loss or alteration,
regardless of motive or intent)

Be aware that there may be a risk of unauthorized intrusions
associated with your system and/or its networked equipment. Also
realize that, if such an intrusion should occur, it could result in a
variety of losses to your company (including but not limited to,
human/data privacy, intellectual property, material assets, financial
resources, labor costs, and/or legal costs).

Responsibility for Your Company’s Telecommunications Security

The final responsibility for securing both this system and its
networked equipment rests with you - Avaya’s customer system
administrator, your telecommunications peers, and your managers.
Base the fulfillment of your responsibility on acquired knowledge and
resources from a variety of sources including but not limited to:

• Installation documents

• System administration documents

• Security documents

• Hardware-/software-based security tools

• Shared information between you and your peers

• Telecommunications security experts

To prevent intrusions to your telecommunications equipment, you and
your peers should carefully program and configure:

• Your Avaya-provided telecommunications systems and their
interfaces

• Your Avaya-provided software applications, as well as their
underlying hardware/software platforms and interfaces

• Any other equipment networked to your Avaya products

TCP/IP Facilities

Customers may experience differences in product performance,
reliability and security depending upon network configurations/design
and topologies, even when the product performs as warranted.

Standards Compliance

Avaya Inc. is not responsible for any radio or television interference
caused by unauthorized modifications of this equipment or the
substitution or attachment of connecting cables and equipment other
than those specified by Avaya Inc. The correction of interference
caused by such unauthorized modifications, substitution or attachment
will be the responsibility of the user. Pursuant to Part 15 of the Federal
Communications Commission (FCC) Rules, the user is cautioned that
changes or modifications not expressly approved by Avaya Inc. could
void the user’s authority to operate this equipment.

Product Safety Standards

This product complies with and conforms to the following
international Product Safety standards as applicable:

Safety of Information Technology Equipment, IEC 60950, 3rd Edition
including all relevant national deviations as listed in Compliance with
IEC for Electrical Equipment (IECEE) CB-96A.

Safety of Information Technology Equipment, CAN/CSA-C22.2
No. 60950-00 / UL 60950, 3rd Edition

Safety Requirements for Customer Equipment, ACA Technical
Standard (TS) 001 - 1997

One or more of the following Mexican national standards, as
applicable: NOM 001 SCFI 1993, NOM SCFI 016 1993, NOM 019
SCFI 1998

The equipment described in this document may contain Class 1
LASER Device(s). These devices comply with the following
standards:

• EN 60825-1, Edition 1.1, 1998-01

• 21 CFR 1040.10 and CFR 1040.11.

The LASER devices operate within the following parameters:

• Maximum power output: -5 dBm to -8 dBm

• Center Wavelength: 1310 nm to 1360 nm

Luokan 1 Laserlaite

Klass 1 Laser Apparat

Use of controls or adjustments or performance of procedures other
than those specified herein may result in hazardous radiation
exposures. Contact your Avaya representative for more laser product
information.

Electromagnetic Compatibility (EMC) Standards

This product complies with and conforms to the following
international EMC standards and all relevant national deviations:

Limits and Methods of Measurement of Radio Interference of
Information Technology Equipment, CISPR 22:1997 and
EN55022:1998.

Information Technology Equipment – Immunity Characteristics –
Limits and Methods of Measurement, CISPR 24:1997 and
EN55024:1998, including:

• Electrostatic Discharge (ESD) IEC 61000-4-2

• Radiated Immunity IEC 61000-4-3

• Electrical Fast Transient IEC 61000-4-4

• Lightning Effects IEC 61000-4-5

• Conducted Immunity IEC 61000-4-6

• Mains Frequency Magnetic Field IEC 61000-4-8

• Voltage Dips and Variations IEC 61000-4-11

• Powerline Harmonics IEC 61000-3-2

• Voltage Fluctuations and Flicker IEC 61000-3-3

Federal Communications Commission Statement

Part 15:

Canadian Department of Communications (DOC) Interference
Information

This Class A digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe A est conforme à la norme
NMB-003 du Canada.

This equipment meets the applicable Industry Canada Terminal
Equipment Technical Specifications. This is confirmed by the
registration number. The abbreviation, IC, before the registration
number signifies that registration was performed based on a
Declaration of Conformity indicating that Industry Canada technical
specifications were met. It does not imply that Industry Canada
approved the equipment.

Note: This equipment has been tested and found to comply with
the limits for a Class A digital device, pursuant to Part 15 of the
FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is
operated in a commercial environment. This equipment generates,
uses, and can radiate radio frequency energy and, if not installed
and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this
equipment in a residential area is likely to cause harmful
interference in which case the user will be required to correct the
interference at his own expense.

Declarations of Conformity

United States FCC Part 68 Supplier’s Declaration of Conformity
(SDoC)

Avaya Inc. in the United States of America hereby certifies that the
equipment described in this document and bearing a TIA TSB-168
label identification number complies with the FCC’s Rules and
Regulations 47 CFR Part 68, and the Administrative Council on
Terminal Attachments (ACTA) adopted technical criteria.

Avaya further asserts that Avaya handset-equipped terminal
equipment described in this document complies with Paragraph

68.316 of the FCC Rules and Regulations defining Hearing Aid
Compatibility and is deemed compatible with hearing aids.

Copies of SDoCs signed by the Responsible Party in the U. S. can be
obtained by contacting your local sales representative and are
available on the following Web site: http://www.avaya.com/support

.

All Avaya media servers and media gateways are compliant with FCC
Part 68, but many have been registered with the FCC before the SDoC
process was available. A list of all Avaya registered products may be
found at: http://www.part68.org

by conducting a search using “Avaya”

as manufacturer.

European Union Declarations of Conformity

Avaya Inc. declares that the equipment specified in this document
bearing the “CE” (Conformité Europeénne) mark conforms to the
European Union Radio and Telecommunications Terminal Equipment
Directive (1999/5/EC), including the Electromagnetic Compatibility
Directive (89/336/EEC) and Low Voltage Directive (73/23/EEC). This
equipment has been certified to meet CTR3 Basic Rate Interface (BRI)
and CTR4 Primary Rate Interface (PRI) and subsets thereof in CTR12
and CTR13, as applicable.

Copies of these Declarations of Conformity (DoCs) can be obtained
by contacting your local sales representative and are available on the
following Web site: http://www.avaya.com/support

.

Japan

This is a Class A product based on the standard of the Voluntary
Control Council for Interference by Information Technology
Equipment (VCCI). If this equipment is used in a domestic
environment, radio disturbance may occur, in which case, the user
may be required to take corrective actions.

To order copies of this and other documents:

Call: Avaya Publications Center

Voice 1.800.457.1235 or 1.207.866.6701
FAX 1.800.457.1764 or 1.207.626.7269

Write: Globalware Solutions

200 Ward Hill Avenue
Haverhill, MA 01835 USA
Attention: Avaya Account Management

E-mail: totalware@gwsmail.com

For the most current versions of documentation, go to the Avaya
support Web site: http://www.avaya.com/support

.

Avaya W310 Installation and Configuration Guide i

Contents

Safety Information .................................................................................................. xi

Conventions Used in the Documentation...............................................................xii

CLI Conventions ...........................................................................................xii

Helpful Hints, Notes, Cautions and Warnings ..............................................xii

Chapter 1 Avaya W310 WLAN Gateway Overview........................................................................ 1

About the W310 WLAN Gateway........................................................................... 1

Voice-Enabled Wireless Local Area Network (WLAN) Infrastructure .........1

Superior infrastructure for Voice over IP (VoIP) ....................................1

Investment Protection ..............................................................................1

Avaya W310 Features.............................................................................................. 2

Network Management and Monitoring.................................................................... 2

Device Manager (Embedded Web) ................................................................. 2

Command Line Interface (CLI) ......................................................................2

Avaya Integrated Management Suite (IM) .....................................................3

Port Mirroring ................................................................................................. 3

Switched Network Monitoring (SMON) ........................................................ 3

Fan and Power Supply ....................................................................................3

Chapter 2 Standards and Compatibility ............................................................................................ 5

Avaya W310 WLAN Gateway Ethernet Standards Supported................................ 5

IEEE ................................................................................................................ 5

IETF - Layer 2 ................................................................................................. 5

IETF - Network Monitoring..................................................................................... 6

Wireless.................................................................................................................... 6

IEEE ................................................................................................................ 6

Chapter 3 Specifications ................................................................................................................... 7

W310 WLAN Gateway............................................................................................ 7

Physical ........................................................................................................... 7

Power Requirements ...................................................................................... 7

Environmental .................................................................................................7

Safety ............................................................................................................... 8

Safety - AC Version ........................................................................................ 8

EMC Emissions ............................................................................................... 8

Emissions ................................................................................................8

Immunity .................................................................................................8

Interfaces .........................................................................................................8

Contents

ii Avaya W310 Installation and Configuration Guide

Basic MTBF ....................................................................................................8

W110 Power Requirements......................................................................................9

10/100 Base-T Copper Cabling................................................................................9

Approved SFF/SFP GBIC Transceivers...................................................................9

Safety Information ...........................................................................................9

Laser Classification .................................................................................9

Usage Restriction ...................................................................................10

Installation .....................................................................................................10

Installing and Removing a SFF/SFP GBIC Transceiver .......................10

Specifications ................................................................................................11

LX Transceiver ......................................................................................11

SX Transceiver ......................................................................................11

ELX Transceiver ....................................................................................11

Copper GBIC Transceiver Installation Notes ........................................11

Agency Approval ...........................................................................................12

Gigabit Fiber Optic Cabling ...................................................................................12

Connector Pin Assignments ...................................................................................13

Console Pin Assignments ..............................................................................13

Chapter 4 Installation ...................................................................................................................... 15

Required Tools .......................................................................................................15

Site Preparation ......................................................................................................15

Rack Mounting (Optional) .....................................................................................16

Before You Install the W310 In a Rack ........................................................17

Placing the W310 in the Rack .......................................................................17

Wall Mounting (Optional)......................................................................................19

Making Connections to Network Equipment .........................................................20

Prerequisites ..........................................................................................20

Connecting Cables to Network Equipment ...........................................20

Chapter 5 Powering Up the W310 WLAN Gateway ...................................................................... 21

Using the DC Input ................................................................................21

Location of Power Inputs ..............................................................................21

Powering On...........................................................................................................22

Connecting an Additional/Backup Inline Power Supply Source ...........................22

Recommended Power Supply Redundancy Scheme .............................................. 23

Budgeting Power ....................................................................................................25

Post-Installation......................................................................................................25

Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels .................................................. 27

Avaya W310 WLAN Gateway Front Panel ...........................................................27

Right and Left Arrow Buttons ...............................................................31

Avaya W310 Back Panel........................................................................................32

DC Input Connector ......................................................................................32

Contents

Avaya W310 Installation and Configuration Guide iii

Chapter 7 Establishing Switch Access............................................................................................ 33

Establishing a Serial Connection ........................................................................... 34

Configuring the Terminal Serial Port Parameters ......................................... 34

Connecting a Terminal to the W310 Serial Port ...........................................34

Establishing a Telnet Connection .......................................................................... 35

Establishing a Modem (PPP) Connection with the W310 ..................................... 36

Overview .......................................................................................................36

Connecting a Modem to the Console Port ....................................................36

Assigning the W310 IP Address ............................................................................ 37

Chapter 8 User Authentication ....................................................................................................... 39

Introduction ............................................................................................................ 39

Security Levels....................................................................................................... 39

Login Name and Password ....................................................................39

Switching Between Entities ..................................................................40

Using the CLI: Entering the Supervisor Level .............................................. 40

Defining New Local Users Using the CLI ............................................ 40

Exiting the Supervisor Level ................................................................. 41

Entering the CLI or the W310 Device Manager.................................................... 41

Entering the CLI ............................................................................................ 41

Entering the W310 Manager .........................................................................41

RADIUS................................................................................................................. 44

Introduction to RADIUS ...............................................................................44

How It Works ........................................................................................ 44

Using RADIUS CLI Commands ...................................................................46

Using the W310 Manager .............................................................................46

Allowed Managers ................................................................................................. 49

Allowed Manager CLI Commands ...............................................................49

Chapter 9 W310 WLAN Gateway Default Settings ....................................................................... 49

Configuring the Switch .......................................................................................... 49

W310 Default Settings ..................................................................................49

Chapter 10 Basic Switch Configuration ........................................................................................... 53

Introduction ............................................................................................................ 53

Setting Up Your Display or Terminal For the CLI .......................................53

System Parameter Configuration ........................................................................... 54

Identifying the System Using the CLI ..........................................................54

Displaying Operating Parameters Using the CLI .......................................... 54

Identifying the System and Displaying the Operating Parameters Using the

W310 Manager ...........................................................................................54

Network Time Acquiring Protocols Parameter Configuration .............................. 56

Contents

iv Avaya W310 Installation and Configuration Guide

Chapter 11 W310 WLAN Gateway Layer 2 Features ...................................................................... 59

Overview ................................................................................................................59

Ethernet ..................................................................................................................60

Fast Ethernet ..........................................................................................60

Gigabit Ethernet .....................................................................................60

Configuring Ethernet Parameters ..................................................................60

Auto-Negotiation ...................................................................................60

Full-Duplex/Half-Duplex ......................................................................60

Speed .....................................................................................................60

Flow Control ..........................................................................................61

Priority ...................................................................................................61

Media Access Control (MAC) Address .................................................62

Channel Access Method (CAM) Table .................................................62

Ethernet Configuration CLI Commands .......................................................63

Ethernet Port Configuration Using the W310 Manager ................................64

VLAN Configuration .............................................................................................68

VLAN Overview ...........................................................................................68

VLAN Tagging ..............................................................................................69

Multi VLAN Binding ....................................................................................69

Ingress VLAN Security .................................................................................71

VLAN CLI Commands .................................................................................71

VLAN Configuration Using the W310 Manager ..........................................72

IEEE 802.1X PBNAC (Port Based Network Access Control)...............................74

How “Port-Based” Authentication Works .....................................................74

PBNAC Implementation in the W310 ...........................................................75

Configuring the W310 for PBNAC ...............................................................75

PBNAC CLI Commands ...............................................................................76

Spanning Tree Protocol ..........................................................................................78

Overview .......................................................................................................78

Spanning Tree Protocol .................................................................................78

Spanning Tree per Port ..................................................................................79

Rapid Spanning Tree Protocol (RSTP) .........................................................79

About the 802.1w Standard ...................................................................79

Port Roles ..............................................................................................79

Spanning Tree Implementation in the W310 Family ....................................80

Spanning Tree Protocol CLI Commands ......................................................81

Spanning Tree Configuration Using the W310 Manager ..............................83

MAC Aging............................................................................................................86

Overview .......................................................................................................86

Configuring the W310 for MAC Aging ........................................................86

MAC Aging CLI Commands ........................................................................86

Link Aggregation Group (LAG) ............................................................................87

LAG Overview ..............................................................................................87

LAG CLI Commands ....................................................................................87

Contents

Avaya W310 Installation and Configuration Guide v

LAG Configuration Using the W310 Manager .............................................88

LAG Implementation in the W310 ............................................................... 89

Port Redundancy .................................................................................................... 89

Port Redundancy Operation .......................................................................... 89

Port Redundancy CLI Commands ................................................................ 91

Port Redundancy Using the W310 Manager .................................................91

IP Multicast Filtering ............................................................................................. 94

Overview .......................................................................................................94

How IP Multicast Filtering Works ........................................................ 94

Setting Up Timers for IP Multicast Filtering ........................................ 95

IP Multicast CLI Commands ........................................................................ 95

IP Multicast Implementation in the Avaya W310 .........................................96

IP Multicast Filtering Configuration Using the W310 Manager .................. 96

Weighted Queuing ................................................................................................. 98

Implementation of Weighted Queuing in the W310 .....................................98

Weighted Queuing CLI Commands .............................................................. 98

Port Classification .................................................................................................. 99

Overview .......................................................................................................99

Port Classification CLI Commands .............................................................. 99

Port Classification Using the W310 Manager ............................................... 99

Ports connected to W110 LAP ............................................................................. 101

Chapter 12 W310 WLAN Gateway Wireless Features .................................................................. 103

Overview.............................................................................................................. 103

W310 Wireless Configuration Procedure ............................................................ 103

W310 Wireless Network Configuration Using the W310 Manager Web Inter-

face ............................................................................................................104

Step 1: Start the W310 Manager Web Interface ................................. 104

Step 2: Configure the Wireless Domain Servers .................................105

Step 3: Create a Service Set Identifier (SSID) For The W310 Light Access

Point Ports ......................................................................................... 108

Step 4: Define User Groups ................................................................ 113

Step 5: Set Policy for the W310 .......................................................... 116

Step 6: Define Access Point Groups ................................................... 120

Step 7: Configure the W110 (LAP(s)) ................................................ 121

Step 8: Create or Modify a MAC Access Control List ....................... 124

Step 9: Create or Modify a Rogue AP Detection List ......................... 126

Step 10: Copy the Running Configuratin to the

Startup Configuration ........................................................................ 128

W310 Wireless Network Configuration Using the Command Line Interface ..... 128

Step 1: Entering the CLI ..................................................................... 128

Step 2: Review the W310 Default Settings ......................................... 128

Step 3: Configure the Wireless Domain Parameters ........................... 131

Step 4: Configure the RADIUS Authentication Server(s) ..................132

Contents

vi Avaya W310 Installation and Configuration Guide

Step 5: Configure the Service Set Identifier (SSID)

Table Entry Parameters .....................................................................133

Step 6: Define User Groups .................................................................136

Step 7: Set Policy for the W310 ..........................................................138

Step 8: Define Access Point Groups ....................................................142

Step 9: Configure Basic W110 (LAP) Parameters ..............................143

Step 10: Copy the Running Configuration

to the Startup Configuration ..............................................................144

Seamless Roaming ...............................................................................................145

Multiple Service Set Identifiers (SSIDs)..............................................................145

Multiple SSIDs: Virtual Local Area Network (VLAN) ..............................145

Accessible VLAN ................................................................................146

Multiple SSIDs: SSID Broadcast ................................................................147

Multiple SSIDs: Closed System ..................................................................147

Multiple SSIDs: Security .............................................................................147

Configuring an SSID Entry .........................................................................148

Example ...............................................................................................148

SSID Table CLI Commands ........................................................................149

SSID Table Configuration Using the W310 Wireless Manager .................151

User Group Table .................................................................................................154

User Group Table Attributes ...............................................................156

User Group CLI Commands ................................................................159

Policy User Group .......................................................................................161

Policy User Group CLI Command ......................................................161

Policy User Group Using the W310 Manager .....................................161

Allowed Access Point Group ......................................................................162

Allowed Access Point Group CLI Commands ....................................162

Allowed Access Point Group Using the W310 Manager ....................162

Home W310 Gateway .................................................................................164

Home W310 Gateway CLI Command ................................................164

Home W310 Gateway Using the W310 Manager ...............................165

VLAN ..........................................................................................................166

VLAN Overview .................................................................................166

VLAN Workgroups and Traffic Management ....................................167

Traffic Management ............................................................................168

Typical User VLAN Configurations ...................................................168

Typical VLAN Management Configurations ......................................169

Configuring VLAN Flow Chart ..........................................................170

VLAN CLI Commands .......................................................................171

VLAN Using the W310 Manager ........................................................171

Configuring a User Group Table .................................................................172

Access Point (AP) Group .....................................................................................173

Configuring an Access Point Group Interface .............................................174

AP Group CLI Commands ..........................................................................174

Contents

Avaya W310 Installation and Configuration Guide vii

AP Group Configuration Using the W310 Manager ................................... 175

Authentication and Encryption Modes ................................................................ 176

Open Authentication ...................................................................................176

WEP Encryption .......................................................................................... 176

WEP Key Management ...............................................................................177

WEP Encryption with the Temporal Key Integrity Protocol (TKIP) ......... 177

How To Configure WEP ............................................................................. 178

Configuring WEP Using the CLI ........................................................ 178

Configuring WEP Using the W310 Manager .....................................180

802.1x Authentication ................................................................................. 183

Wi-Fi Protected Access (WPA) ..................................................................183

Mixed Mode (802.1x and WEP Encryption) ..............................................185

Authentication Process ................................................................................185

Authentication and Encryption CLI Commands .........................................186

Authentication and Encryption Configuration Using the W310 Manager .. 187

Wireless Domain Parameters ............................................................................... 189

Configuring Wireless Domain Parameters .................................................. 190

Wireless Domain Configuration Using the W310 Manager ....................... 192

MAC Access Control List.................................................................................... 194

MAC Access CLI Commands ..................................................................... 195

MAC Access Configuration Using the W310 Manager .............................195

Rogue Access Point Detection............................................................................. 196

Rogue AP Detection CLI Commands ......................................................... 197

Rogue AP Detection Configuration Using the W310 Manager .................. 197

RADIUS............................................................................................................... 198

MAC Access Control Via RADIUS Authentication ................................... 199

RADIUS Authentication with 802.1x ......................................................... 199

RADIUS Authentication CLI Commands ..................................................199

RADIUS Authentication Configuration Using the W310 Manager ........... 200

W110 (LAP) Configuration ................................................................................. 202

General LAP CLI Configuration Parameters .............................................. 203

LAP Configuration Using the W310 Manager ...........................................205

Radio Card Parameters ................................................................................205

Rogue Access Point Status and Detection .......................................... 206

Load Balancing ...................................................................................206

Multicast Transmission Rates ............................................................. 207

Unicast Transmission Rate .................................................................. 208

Channel Selection ................................................................................208

Operational Mode ................................................................................209

802.11 Interfaces ........................................................................................ 210

Interface Parameters ............................................................................210

802.11i ......................................................................................................... 213

Radio Card CLI Commands ........................................................................ 214

W110 (LAP) and Radio Card Configuration Using the W310 Manager .... 215

Contents

viii Avaya W310 Installation and Configuration Guide

Advanced - 802.11a/802.11g Configuration Using the W310 Manager ...

215

LAP Template Configuration - Operational Mode Tab Using the W310

Manager .............................................................................................220

Viewing LAP Configuration Using the W310 Manager .....................222

Configuring Basic LAP Parameters .....................................................................224

Saving the W310 and W110 Configurations........................................................225

Chapter 13 PoE (Power over Ethernet) Features ............................................................................ 227

Introduction ..........................................................................................................227

Power Over Ethernet ............................................................................................227

Load Detection ............................................................................................227

How the W310 Switches Detect a Powered Device ....................................228

Specific Resistance Signature (IEEE 802.3af) ............................................228

PD Connected ..............................................................................................228

"Plug and Play" Operation....................................................................................229

Powering Devices ........................................................................................229

Priority .........................................................................................................229

PoE Configuration CLI Commands .....................................................................230

PoE Configuration Using the W310 Manager .............................................231

Chapter 14 Embedded Web Manager ............................................................................................. 233

Overview ..............................................................................................................233

System Requirements ...........................................................................................233

Running the Embedded Web Manager.................................................................234

Installing the Java Plug-in ....................................................................................237

Installing from the W310 Documentation and Utilities CD ................237

Install from the Avaya Site ..................................................................237

Install from your Local Web Site ........................................................237

Installing the On-Line Help and Java Plug-In on your Web Site.........................238

Chapter 15 Configuring Policy ....................................................................................................... 239

Policy Overview ...................................................................................................239

General Guidelines for W310 Policy ..........................................................239

Access Control Lists (ACL) .......................................................................241

Quality of Service (QoS) Lists ....................................................................241

Managing Policy Lists .................................................................................242

Defining Policy Lists............................................................................................243

Creating and Editing a Policy List ...............................................................243

Defining List Identification Attributes ........................................................244

Default Actions ............................................................................................245

Deleting a Policy List ..................................................................................245

Attaching policy lists to an interface ....................................................................245

Device-Wide Policy Lists.....................................................................................248

Contents

Avaya W310 Installation and Configuration Guide ix

Defining Global Rules ......................................................................................... 248

Defining Rules ..................................................................................................... 249

Overview of Rule Criteria ........................................................................... 249

Editing and Creating Rules .........................................................................250

Rule Criteria ................................................................................................ 250

IP Protocol ...........................................................................................251

Source and Destination IP Address .....................................................251

Source and Destination Port Range ..................................................... 252

ICMP Type and Code ..........................................................................253

TCP Establish Bit (Access Control Lists only) ................................... 254

Operation .............................................................................................254

Composite Operations.......................................................................................... 255

Overview of Composite Operations ............................................................255

Pre-configured Composite Operations for Access Control Lists ................ 255

Pre-configured Composite Operations for QoS Lists .................................256

Configuring Composite Operations ............................................................ 257

Composite Operation Example ...................................................................258

DSCP Table.......................................................................................................... 258

Displaying and Testing Policy Lists .................................................................... 259

Displaying Policy Lists ............................................................................... 259

Simulating Packets ...................................................................................... 261

Policy Capabilities ............................................................................................... 262

Chapter 16 Troubleshooting the Installation .................................................................................. 251

Troubleshooting the Installation .......................................................................... 251

Troubleshooting Image Downloads ..................................................................... 252

Chapter 17 Updating the Software.................................................................................................. 253

Software Download.............................................................................................. 253

Obtain Software Online ............................................................................... 253

Downloading Software ................................................................................ 253

Download New Version without Overwriting Existing Version......................... 254

Contents

x Avaya W310 Installation and Configuration Guide

Avaya W310 User’s Guide xi

Before You Install the W310 WLAN Gateway

Safety Information

Caution: The W310 WLAN Gateway contains components sensitive to electrostatic
discharge. Do not touch the circuit boards unless instructed to do so.

Warning: Only trained and qualified personnel should be allowed to install or replace this
equipment.

Warning: Risk of electric shock and energy hazard. To isolate the unit completely
disconnect all power supplies.

Achtung: Gafahr des elektrischen Schocks. Um alle Einheiten spannungsfrei zu machen,
sind die Netzstecker aller Netzteile zu entfernen.

Attention: Risque de choc et de danger électriques. Pour isoler completement le module en
cause, il faut débrancher tous les alimentations stabilisées.

Preface

xii Avaya W310 User’s Guide

Conventions Used in the Documentation

Documentation for this product uses the following conventions to convey instructions and
information:

CLI Conventions

• Mandatory keywords are in the computer bold font.

• Information displayed on screen is displayed in computer font.

• Variables that you supply are in pointed brackets <>.

• Optional keywords are in square brackets [].

• Alternative but mandatory keywords are grouped in braces {} and separated by a
vertical bar |.

• Lists of parameters from which you should choose are enclosed in square brackets [ ]
and separated by a vertical bar |.

• If you enter an alphanumeric string of two words or more, enclose the string in inverted
“commas”.

Helpful Hints, Notes, Cautions and Warnings

Note: Notes contain helpful information or hints or reference to material in other

documentation.

Caution: You should take care. You could do something that may damage equipment or
result in loss of data.

Warning: This means danger. Failure to follow the instructions or warnings may result in
bodily injury. You should ensure that you are qualified for this task and have read and
understood all the instructions

This provides a helpful hint for successfully installing or configuring the W310.

Section 1

OVERVIEW OF THE W310

Avaya W310 User’s Guide 1

Chapter 1

Avaya W310 WLAN Gateway Overview

About the W310 WLAN Gateway

The W310 WLAN Gateway is a Converged Mobility Gateway plus Light Access Point that
provides a standards-based infrastructure and a new solution for wireless applications.

W310 provides a richer feature set in the security, mobility and management area and also
provides a lower overall cost of ownership for medium/large enterprise or a hotspot service
provider. Instead of adding functionality to the Access Point, the W310 serves as a
Converged Mobility Gateway that centralizes the Access Point features, while the Access
Points are reduced to simpler, cheaper devices, responsible for only basic functions.

Figure 1.1 Avaya W310 Front Panel

Voice-Enabled Wireless Local Area Network (WLAN) Infrastructure

The Avaya infrastructure centralizes much of the WLAN intelligence in a gateway platform.
This provides better integration into the enterprise network and solves the problems that
plague wireless today:

• Management: Reduces deployment complexities / management

• Security: Increases security by maintaining a single entry point

Superior infrastructure for Voice over IP (VoIP)

• Supports subnet and Virtual Local Area Network (VLAN) roaming for better in­building mobility and higher voice quality

• Low-cost Avaya™ W110 (LAPs) (Light Access Points) enable dense deployments
required for in-building mobility

Investment Protection

• New features can be centrally stored for easy W110 upgrades

Chapter 1 Avaya W310 WLAN Gateway Overview

2 Avaya W310 User’s Guide

Avaya W310 Features

• IP Multicast filtering

• Terminal and modem interface

• Wireless Services

• LAN Services
— Multiple Virtual Local Area Networks (VLANs) per port
— RADIUS protocol for security
— 802.1w Rapid Spanning Tree Protocol
— 802.1X PBNAC (Port Based Network Access Control)
— 802.3af Power over LAN

• Seamless Roaming

• Policy Management

• Stations Power Saving

• MAC Access Control List

• Multiple Service Set Identifiers (SSIDs)

• User Group·Monitoring

• W110 Controller

• Wireless Applications

Network Management and Monitoring

Comprehensive network management and monitoring are key to today’s networks. Avaya
has provided multiple ways for managing the W310 to suit your needs. Each management
tool is explained in detail starting below.

Device Manager (Embedded Web)

The built-in Device Manager (Embedded Web Manager) allows you to manage a W310
using a Web browser without purchasing additional software. This application works with
the

• Microsoft Internet Explorer and Netscape Navigator Web browsers and a

• Sun Microsystems Java Plug-in.

Command Line Interface (CLI)

The W310 CLI provides a terminal type configuration tool for configuration of W310
features and functions. You can access the CLI

• locally, through the serial interface, or

• remotely via Telnet.

Chapter 1 Avaya W310 WLAN Gateway Overview

Avaya W310 User’s Guide 3

Avaya Integrated Management Suite (IM)

When you need extra control and monitoring or need to manage other Avaya equipment, you
can use the Avaya Integrated Management suite. This suite provides the ease-of-use and
features necessary for optimal network utilization.

For further information:

1 Go to www.avaya.com
2 Click Products and Services
3 Click System and Network Management
4 Click Integrated Management

Port Mirroring

The W310 provides port mirroring for additional network monitoring functionality. You can
filter the traffic and mirror either incoming traffic to the source port or both incoming and
outgoing traffic. This allows you to select the network traffic that you need to monitor.

Switched Network Monitoring (SMON)

The W310 supports SMON Switched Network Monitoring, which the IETF has now adopted
as a standard (RFC2613). SMON provides unprecedented top-down monitoring of switched
network traffic at the following levels:

• Enterprise Monitoring

• Device Monitoring

• VLAN Monitoring

• Port-level Monitoring

This top-down approach gives you rapid troubleshooting and performance trending to keep
the network running optimally.

You require the Avaya Integrated Management Enhanced offer to run SMON monitoring.

You need to purchase one SMON License per W310.

Fan and Power Supply

The W310 has integrated sensors which provide warnings of fan failure or pending power
supply failure.

Chapter 1 Avaya W310 WLAN Gateway Overview

4 Avaya W310 User’s Guide

Avaya W310 User’s Guide 5

Chapter 2

Standards and Compatibility

Avaya W310 WLAN Gateway Ethernet Standards Supported

The Avaya W310 WLAN Gateway complies with the following standards:

IEEE

• 802.3x Flow Control on all ports

• 802.1Q VLAN Tagging support on all ports

• 802.1p Priority Tagging compatible on all ports

• 802.1D Bridges and STA

• 802.1w Rapid Spanning Tree Protocol

• 802.1X Port Based Network Access Control

• 802.3z Gigabit Ethernet on ports 51 and 52

• 802.3u Ethernet/Fast Ethernet on ports 1 to 16

• 802.3af DTE Power via MDI on ports 1 to 16

IETF - Layer 2

• MIB-II – RFC 1213

• Structure and identification of management information for TCP/IP-based Internet –
RFC 1155

• Simple Network Management Protocol (SNMP) – RFC 1157

• PPP Internet Protocol Control Protocol (IPCP) – RFC 1332

• PPP Authentication Protocols (PAP & CHAP) – RFC 1334

• PPP – RFC 1661

• ATM Management - RFC 1695

• RMON –RFC 1757

• SMON – RFC 2613

• Bridge MIB Groups – RFC 2674 dot1dbase and dot1dStp fully implemented. Support
for relevant MIB objects: dot1q (dot1qBase, dot1qVlanCurrent)

• The Interfaces Group MIB – RFC 2863

• Remote Authentication Dial In User Service (RADIUS) – RFC 2865

Chapter 2 Standards and Compatibility

6 Avaya W310 User’s Guide

IETF - Network Monitoring

• RMON (RFC 1757) support for groups 1, 2, 3 and 9
— Statistics
— History
—Alarms
— Events

• SMON (RFC 2613) support for groups
— Data Source Capabilities
— Port Copy
— VLAN and Priority Statistics

• Bridge MIB Groups - RFC 2674
— dot1dbase and dot1dStp fully implemented.
— Support for relevant MIB objects: dot1q (dot1qBase, dot1qVlanCurrent)

Wireless

IEEE

• 802.11a

• 802.11b

• 802.11g

Avaya W310 User’s Guide 7

Chapter 3

Specifications

W310 WLAN Gateway

Physical

Power Requirements

Environmental

Height 1U (44 mm, 1.75”)

Width 440 mm (17.32” fits in

19” rack using brackets)

Depth 400 mm (15.75”)

Weight 5 Kg (12 lbs.)

AC BUPS Input

Input voltage 100 to 240 VAC, 50/60 Hz 50 to 57 VDC

Power dissipation 100 W max N/A

Input current 4 A@100 VAC

? A@200VAC

8 A (max.)

Inrush current 15 A@100 VAC (max.)

30 A@200VAC (max.)

N/A

Isolation N/A 1500V RMS with respect to

protective ground

Operating Temp. 0 to 40°C (32 to 104°F)

Rel. Humidity 5% to 95% non-condensing

Chapter 3 Specifications

8 Avaya W310 User’s Guide

Safety

• UL for US approved according to UL60950 Std 3rd Edition.

• C-UL(UL for Canada) approved according to C22.2 No. 60958-00 Std.

• CE for Europe approved according to EN 60950 Std.

• Laser components are Laser Class I approved:
— EN-60825/IEC-825 for Europe
— FDA CFR 1040 for USA

Safety - AC Version

• Overcurrent Protection: A readily accessible listed safety-approved protective device
with a 10A rating must be incorporated in series with building installation AC power
wiring for the equipment under protection.

EMC Emissions

Emissions

Approved according to:

• US - FCC Part 15 sub part B, class A

• Europe - EN55022 class A and EN61000-3-2

• Japan - VCCI-A

Immunity

Approved according to:

• EN 55024 and EN61000-3-3

Interfaces

• W310:
— 16 x 10/100 Base-T RJ-45 port connectors
— 2 x Small Form-Factor Pluggable (SFP) gigabit Ethernet fiber optic connectors

• RS-232 for terminal setup via RJ-45 connector on front panel.

Basic MTBF

• 110,000 hrs minimum.

Chapter 3 Specifications

Avaya W310 User’s Guide 9

W110 Power Requirements

The W310 provides 150W of 802.af compliant power over the 16 ports. There is 9.4W per
port. This allows you to attach up to 16 W110s to the W310. The W110 must use Power over
Ethernet.

10/100 Base-T Copper Cabling

Use a Category 5 copper cable with RJ-45 termination for 100Base-T ports.

The maximum copper cable length connected to a 10/100Base-T port is 100 m
(328 ft.)

Approved SFF/SFP GBIC Transceivers

The Small Form Factor (SFF)/SFP GBIC (Gigabit Interface Converter) have been tested for
use with the Avaya

W310 Gigabit Ethernet ports. For a list of approved SFF/SFP GBIC

transceivers, see: www.avaya.com/support/

 SFF/SFP GBIC transceivers are hot-swappable.

Safety Information

The SFF/SFP GBIC transceivers are Class 1 Laser products. The transceivers comply with
EN 60825-1 and Food and Drug Administration (FDA) 21 CFR 1040.10 and 1040.11.

Caution: The SFF/SFP GBIC transceivers must be operated under recommended operating
conditions.

Laser Classification

 Class 1 lasers are inherently safe under reasonably foreseeable conditions of operation.

Caution: The use of optical instruments with this product will increase eye hazards. Always
wear proper eye protection.

CLASS 1

LASER PRODUCT

LUOKAN 1

LASERLAITE

KLASS 1

LASER APPARAT

Chapter 3 Specifications

10 Avaya W310 User’s Guide

Usage Restriction

When a SFF/SFP GBIC transceiver is inserted in the module but is not in use, the
Tx and Rx ports should be protected with an optical connector or a dust plug.

Installation

Installing and Removing a SFF/SFP GBIC Transceiver

Caution: Use only 3.3V Avaya-authorized SFF/SFP GBIC transceivers.

Use only SFF/SFP GBIC transceivers that are 3.3V and use Serial Identification.

The SFF/SFP GBIC transceiver is fastened using a snap-in clip.

To Install the SFF/SFP GBIC transceiver:

• Insert the transceiver (take care to insert it the right way up) until it clicks in place.

• Refer to Copper GBIC Transceiver Installation Notes if you are installing a copper
GBIC transceiver.

To Remove the SFF/SFP GBIC transceiver:

1 Press the clip on the bottom side of the transceiver.
2 Pull the transceiver out.

Figure 3.1 Clip Location on Base of the Transceiver

Chapter 3 Specifications

Avaya W310 User’s Guide 11

Specifications

LX Transceiver

• To connect to a 1000Base-LX SFF/SFP GBIC port, use one of the following:
—A 9 µm or 10 µm single-mode fiber (SMF) cable. The maximum length is 10 km

(32,808 ft).

—A 50 µm or 62.5 µm multimode (MMF) fiber cable. The maximum length is 550 m

(1,804 ft.).

• The LX transceiver has a Wavelength of 1300 nm, Transmission Rate of 1.25 Gbps,
Input Voltage of 3.3V, and Maximum Output Wattage of -3 dBm.

SX Transceiver

• To connect to a 1000Base-SX SFF/SFP GBIC port, use a 50 µm or 62.5 µm multimode
(MMF) fiber cable. The maximum length is 500 m (1,640 ft.).

• The SX transceiver has a Wavelength of 850 nm, Transmission Rate of 1.25 Gbps,
Input Voltage of 3.3V, and Maximum Output Wattage of -4 dBm.

ELX Transceiver

• To connect to a 1000Base-ELX SFP GBIC port, use a 9 µm or 10 µm single-mode fiber
(SMF) cable. Ensure that the fiber length is between a minimum length of 10 km
(32,808) and a maximum length of 70 km (229,656 ft.). The fiber attenuation must be
less than 0.3 dB/km for 70 km of fiber length.

• The ELX transceiver has a Wavelength of 1550 nm, Transmission Rate of 1.25 Gbps,
Input Power of 3.3V, and Maximum Output Optical Power of +5 dBm.

Copper GBIC Transceiver Installation Notes

Before installing a copper SFP transceiver, ensure that auto-negotiation is enabled for the
transceiver ports. You should also ensure that the auto-negotiation is enabled for the port at
the other end of the link:

1Use the

show port command to check the auto-negotiation status of the transceiver

ports.

2Use the

set port negotiation <module>/<port> enable command to enable

autonegotiation if necessary.

Chapter 3 Specifications

12 Avaya W310 User’s Guide

Agency Approval

The transceivers comply with:

• EMC Emission: US – FCC Part 15, Subpart B, Class A;
Europe – EN55022 class A

• Immunity: EN50082-1

• Safety
— UL for US UL 40950 Std.
— C-UL (UL for Canada) C22.2 No. 40950 Std.
— Food and Drug Administration (FDA) 21 CFR 1040.10 and 1040.11
— CE for Europe EN60950 Std.
— Complies with EN 60825-1.

Gigabit Fiber Optic Cabling

Table 3.1 Gigabit Fiber Optic Cabling

Gigabit Interface

Fiber
Type

Diameter
(µm)

Modal
Bandwidth
(MhzKm)

Maximum
Distance
(m)

Minimum
Distance
(m)

Wavelength
(nm)

1000BASE-SX MM 62.5 160 220 2 850

1000BASE-SX MM 62.5 200 275 2 850

1000BASE-SX MM 50 400 500 2 850

1000BASE-SX MM 50 500 550 2 850

1000BASE-LX MM 62.5 500 550 2 1310

1000BASE-LX MM 50 400 550 2 1310

1000BASE-LX SM 9 NA 10,000 2 1310

1000BASE-ELX SM 9 NA 70,000 2 1550

Chapter 3 Specifications

Avaya W310 User’s Guide 13

Connector Pin Assignments

Console Pin Assignments

For direct Console communications, connect the W310 to the Console Terminal using the
supplied RJ-45 crossed cable and RJ-45 to DB-9 adapter.

* Pin 1 of the Modem DB-25 connector is internally connected to Pin 7 GND.

Table B.4 Pinout of the Required Connection for Console Communications

Avaya W310 RJ-45 Pin

Name

(DCE View)

Terminal

DB-9 Pins

Modem

DB-25 Pins

1 For future use NC *

2TXD

(W310 input)

33

3RXD

(W310 output)

22

4CD48

5GND57

6DTR120

7RTS84

8CTS75

Chapter 3 Specifications

14 Avaya W310 User’s Guide

Section 2

HARDWARE INSTALLATION

Avaya W310 User’s Guide 15

Chapter 4

Installation

The W310 WLAN Gateway is ready to configure once you complete the installation
instructions below.

Required Tools

You will need the following tools before starting the installation procedure:

• Phillips (cross-blade) screwdriver

Site Preparation

You can mount the Avaya W310 in a standard 19-inch equipment rack in a wiring closet or
equipment room. When deciding where to position the unit, ensure that the W310 is:

• Accessible and cables can be connected easily and according to network design.

• Attached to cables away from sources of electrical noise such as radio transmitters,
broadcast amplifiers, power lines and fluorescent lighting fixtures.

• Positioned so that water or moisture cannot enter the case of the unit.

• Placed in a free flow of air around the unit and that the vents in the sides of the case are
not blocked.

• Matched to the environmental conditions listed below:

Table 4.1 Environmental Prerequisites

• Matches the power source specifications listed below:

Table 4.2 Power Requirements

– AC

Operating Temp. 0 to 40°C (32 to 104°F)

Rel. Humidity 5% to 95% non-condensing

Input voltage 100 to 240 VAC, 50/60 Hz

Power dissipation 280 W max

Input current 7 A maximum

Chapter 4 Installation

16 Avaya W310 User’s Guide

Table 4.3 Power Requirements – BUPS

Rack Mounting (Optional)

The W310 case fits in most standard 19-inch racks. It is 1U (44.45 mm, 1.75î) high.

You can mount the Avaya W310 in a standard 19" rack either in front-mount or mid-mount
positions with the brackets supplied with the chassis.

The brackets are symmetric: you can fix either bracket on either side.

Figure 4.1 shows the two available rack mounting positions:

Figure 4.1 Front and Mid-Mount Positions

Input voltage 50 to 57 VDC

Input current 8 A (max)

Isolation 1500V RMS with respect to protective ground

Chapter 4 Installation

Avaya W310 User’s Guide 17

Before You Install the W310 In a Rack

1 When installing a W310 in a rack, ensure that equipment is positioned such that it will

not cause the rack to become unstable or tip over.

2 Ensure that the combination of equipment in the rack will not cause an overload or

overcurrent condition on the power strip being used and/or the customer's branch circuit.

3 The W310 units weigh a maximum of 12 pounds (5.5 kg). Be careful when installing or

removing the W310 product from the rack.

4 If a power strip is being used in the rack, ensure that it has a reliable earth connection. If

the W310 equipment will be plugged directly into a wall outlet, ensure that there is a
reliable ground connection at the outlet.

5 Ensure that the internal rack ambient temperature is within the operating specification

limits of the W310.

6 Ventilation for the W310 is from side to side. Ensure that there is adequate space on

each side of the W310 equipment when installed in the rack to allow sufficient airflow.

Placing the W310 in the Rack

Place the W310 in the rack as follows:

1 Using four screws, attach one rack bracket to each side of the unit. Ensure that the “ear”

of the bracket is positioned as required (see Figure 4.1)

2 Position the unit in the rack.

3 Secure the unit to the rack by using a screwdriver inserted through the screw holes on

the front panel, tighten the two floating screws on each of the new rack brackets.

Be careful not to overtighten the screws.

4 Insert the unit into the rack. Ensure that the four W310 screw holes are aligned with the

rack hole positions as shown in Figure 4.1 and Figure 4.3.

Chapter 4 Installation

18 Avaya W310 User’s Guide

Figure 4.2 W310 Rack Mounting – Front

Figure 4.3 W310 Rack Mounting – Mid

F

Chapter 4 Installation

Avaya W310 User’s Guide 19

5 Secure the unit in the rack using the screws. Use two screws on each side. Do not

overtighten the screws.

Ensure that ventilation holes are not obstructed to ensure proper air flow.

Wall Mounting (Optional)

Affix the W310 to the wall as follows:

Caution: Ensure that the wall and screws can support the weight of the W310. The
minimum weight of the W310 is 12 lb (5.5 kg).

1 Place the unit on the wall. Ensure that the four W310 screw holes are aligned with the

rack hole positions as shown in Figure 4.4.

Figure 4.4 W310 Wall Mounting

2 Secure the unit to the wall using screws. Use two screws on each side. Do not

overtighten the screws.

Chapter 4 Installation

20 Avaya W310 User’s Guide

You can attach the brackets to either side of the unit, depending whether you want the top
panel or bottom panel of the unit to face the wall.

3 Ensure that ventilation holes are not obstructed to ensure proper air flow.

Making Connections to Network Equipment

This section describes the physical connections that you can make between the W310 switch
and other network equipment.

Prerequisites

Make sure you have the following before attempting to connect network equipment to the
switch:

• A list of network equipment to be connected to the switch, detailing the connector types
on the various units

• All required cables (see below). You can obtain appropriate cables from your local
supplier.

Connecting Cables to Network Equipment

W310 switches include the following types of ports (according to the speed and standard
each port supports):

• 10/100Base-T,

• SFP GBIC and

To connect the cables:

1 For all Ethernet ports (ports 1 through 16), connect an Ethernet copper cable (not

supplied) directly to the ports. The copper ports can function at

— 100 Mbps only with 2 pair (4 wire) CAT5 Ethernet cables.
The maximum cable length is 100 m (328 ft.).

2 Insert an SFP GBIC (Small Form Factor Plugable Gigabit Interface Converter)

transceiver (not supplied) to port housings numbered 51 and 52.
 GBICs are 3.3V.

Chapter 4 Installation

Avaya W310 User’s Guide 21

3 Connect an Ethernet fiberoptic cable (not supplied) to the GBIC transceiver. You can

use LC or MT-RJ fiberoptic cables, depending on the GBIC type you are using. For a
list of approved SFP GBIC transceivers, see www.avaya.com/support

. For fiberoptic

cable properties, see Table 4.4.

4 Connect the other end of the cable to the Ethernet port of the PC, server, router,

workstation, switch, or hub.

5 Check that the appropriate link (LNK) LED lights up.

Table 4.4 displays the different types of SFP GBIC interfaces, their fiber type, diameter,
modal bandwidth, wavelengths, minimum and maximum distance.

Table 4.4 Gigabit Ethernet Cabling

Gigabit Interface

Fiber
Type

Diameter
(µm)

Modal
Bandwidth
(MhzKm)

Maximum
Distance
(m)

Minimum
Distance
(m)

Wavelength
(nm)

1000BASE-SX MM 62.5 160 220 2 850

1000BASE-SX MM 62.5 200 275 2 850

1000BASE-SX MM 50 400 500 2 850

1000BASE-SX MM 50 500 550 2 850

1000BASE-LX MM 62.5 500 550 2 1310

1000BASE-LX MM 50 400 550 2 1310

1000BASE-LX SM 9 NA 10,000 2 1310

1000BASE-ELX SM 9 NA 70,000 2 1550

Chapter 4 Installation

22 Avaya W310 User’s Guide

Avaya W310 User’s Guide 21

Chapter 5

Powering Up the W310 WLAN Gateway

This section describes the procedures for powering up the W310 unit.

Warning: To remove power from the switch, you must disconnect the AC and DC (if
connected) power supplies.

Using the DC Input

You can use the DC input to provide backup power if the AC power source fails.

Location of Power Inputs

Figure 5.1 Avaya W310 Power Inputs

Key

1 AC power inlet
2 Backup Power Supply (BUPS) input (DC)
3 Ground terminal

2

3

1

Chapter 5 Powering Up the W310 WLAN Gateway

22 Avaya W310 User’s Guide

Powering On

Insert the AC power cord into the power inlet in the back of the unit. The unit powers up.
 After power up or reset, the W310 performs a self-test procedure.

— The top row of LEDs (LNK, COL, Tx, etc.) will light up.
— The port LEDs will flash
— The Rout, Sys and Pwr LEDs will stay on solid.

Connecting an Additional/Backup Inline Power Supply Source

The specification for the external DC power supply is as follows (as specified in IEEE

802.3af standard):

• Input voltage: 50 to 57 VDC

• Input current: 7 A maximum

• Isolation: 1500V RMS with respect to protective ground

Table 5.1 below shows the configuration options available when using an external DC power
supply.

Table 5.1 External DC Power Supply Configurations

DC voltage Functions Provided

50 to 57 VDC • Power for the switch, Power over Ethernet

(PoE) and Accelerator Module (up to 300
W)

• Backup to the internal power supply

• Additional power for PoE.

Chapter 5 Powering Up the W310 WLAN Gateway

Avaya W310 User’s Guide 23

Figure 5-2 Avaya W310 External Inline DC Input Terminal Block

• The terminals are marked “+” and “-“.

• The size of the two screws in the terminal block is M3.5; the pitch between each screw
is 9.5mm.

Warning: Make sure that you connect the cables between the W310 and the external power
supply correctly:
Positive (“+”) to positive (“+”)
Negative (“-”) to negative (“-”)

Warning: Make sure that you use cable conductors that have the ampacity of not less than
125 percent of the total conducted load.

Recommended Power Supply Redundancy Scheme

In order to ensure full power supply redundancy for both data switching and Inline power,
you can use an external Inline DC power supply shelf (made by Advanced Power
Conversion (APC), providing isolated 54 VDC) that also provides additional Inline power
(see Figure 5.2).

 Avaya recommends using the APC (Advanced Power Conversion PLC) Front End AC-

DC Power Shelf (catalog number APC-R2400A111) populated with APC 800W PSUs
(catalog number APC-A0800-085-545-CA1).

This power shelf can house up to three 800W power supplies, yielding up to 2,400W of
external power. It can provide up to 300W of Inline power per W310 switch. In a fully
populated power shelf configuration, you can provide additional backup power for eight
W310 switches (depending on configuration -- see Table 3).

Chapter 5 Powering Up the W310 WLAN Gateway

24 Avaya W310 User’s Guide

Figure 5.2 Connecting Redundant Power Supplies to the W310

Table 5.2 Required Equipment

Quantity Description Material code

3 W310 Mobility Gateway

1 APC (Advanced Power Conversion

PLC) Front End AC-DC Power Shelf

APC-R2400A111*

2 APC 800W PSUs (see "Budgeting

Power" for details)

APC-A0800-085-545-CA1*

6 Power cables* to connect APC Power

Shelf to W310 switches.* (20AWG or
thicker cable; with terminals suitable for
M3.5 screws)

N/A

* These items are not available from Avaya.

AC power

DC power (-)

DC power (+)

Chapter 5 Powering Up the W310 WLAN Gateway

Avaya W310 User’s Guide 25

Budgeting Power

When deciding how many 800W PSUs to install in the APC external DC power shelf, you
need to take into account the configuration of the powerinline external power parameter in
the W310 switch (set using the set powerinline external power CLI command).
Refer to Table 5.3 for guidelines:

If you set the powerinline external power parameter to other values, you need to recalculate
the number of switches supported accordingly.

Post-Installation

The following indicate that you have performed the installation procedure correctly:

If you do not receive the appropriate indication, please refer to “Troubleshooting the

Installation“.

Table 5.3 Budgeting Power

No. of APC PSUs

No. of W310 Mobility Gateways
supported

powerinline external power = 300 W (default, maximum)

12

25

38

Table 5.4 Post-Installation Indications

Procedure Indication

Troubleshooting
Information

Powering the W310 All front panel LEDs illuminate

briefly

Page 251

Chapter 5 Powering Up the W310 WLAN Gateway

26 Avaya W310 User’s Guide

Avaya W310 User’s Guide 27

Chapter 6

Avaya W310 WLAN Gateway Front and Rear Panels

Avaya W310 WLAN Gateway Front Panel

The W310 front panel contains LEDs, controls, and connectors. The status LEDs and control
buttons provide at-a-glance information. The LEDs are described in Table 6.1 and Table 6.2.

The front panel LEDs consist of Port LEDs and Function LEDs.

• Port LEDs display information for each port according to the illuminated function LED.

• Function LEDs are selected by pressing the left or right button until the desired
parameter LED is illuminated. Each function is displayed first for ports 1 to 16.

The 10/100Base-T ports of the W310 are numbered 1 to 16. The two SFP GBIC Gigabit
Ethernet ports are numbered 51 and 52.

Figure 6.1 W310 Front Panel

Key

1 Console port
2 GBIC ports
3 10/100BASE-T ports
4 “Left” and “right” buttons
5 Slot for accelerator module

2

3

4

1

5

Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels

28 Avaya W310 User’s Guide

Figure 6.2 W310 LEDs

Key

1 Function LEDs
2System LEDs
3Port LEDs

2

3

1

Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels

Avaya W310 User’s Guide 29

Figure 6.3 Order of Function Parameters Selected with the Left/Right Front Panel

Buttons

Table 6.1 Avaya W310 Function LED Descriptions

LED Description State Meaning

ROUT Router function

OFF Layer 2 mode.

ON Router mode.

SYS System Status ON Cascade Ring is enabled.

PWR Power Status

OFF Power is off.

ON Power is on.

Blinking

Main power is down, Backup power
supply (BUPS) is active.

Continued

COL

Tx

Rx

FDX

Hspd

LAG

PoE

LNK

Left

Button

Right

Button

Starting Point

(after Power-up or Reset)

Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels

30 Avaya W310 User’s Guide

The function LEDs apply to all ports.

LNK Port status

OFF Port is disabled.

ON Port is enabled and link is up.

Blinking Port is enabled but the link is down.

COL Collision

OFF

• Ports 1 through 16: No collision or
full-duplex port

• Ports 51 and 52: Always off

ON

Collision occurred on line.

Tx Transmit to line.

OFF No transmit activity.

ON Data transmitted on line.

Rx Receive from line.

OFF No receive activity.

ON Data received from the line.

FDX Duplex mode

OFF Ports 1 through 16: Half-duplex mode.

OFF

• Ports 1 through 16: Full duplex
mode.

• Ports 51 and 52: Always on. (Full
duplex mode only)

Hspd Port speed

OFF

• For 10/100 Ports: 10 Mbps

• For Ports 51 and 52: Not applicable

ON

• For 10/100 Ports: 100 Mbps

• For Ports 51 and 52: 1000 Mbps

LAG

Link Aggregation
Group (LAG) ­Trunking

OF No LAG is defined for the port.

ON Port is a member of a LAG

Continued

LED Description State Meaning

Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels

Avaya W310 User’s Guide 31

 All LEDs are lit during reset.

Right and Left Arrow Buttons

See Table 6.2 for a description of the left and right buttons on the W310 front panel.

Figure 6.4 Left and Right Arrow Buttons

PoE

Power over Ethernet
(PoE)

OFF PoE is disabled for this port.

ON

PoE is powered on and power is being
supplied to a W110.

Blinking

• PoE enabled, but no powered device
is detected, or

• Power supply error, or

• Not enough power

Table 6.2 Avaya W310   Select buttons

Description Function

LED Selection Select LED function using either the right or left button (see Table 6.1)

Reset the W310

Press both right and left buttons together for approximately two
seconds. All LEDs on the switch remain lit until the procedure is
complete.

Reset Stack Not Applicable.

LED Description State Meaning

Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels

32 Avaya W310 User’s Guide

Avaya W310 Back Panel

The W310 back panel contains an AC and DC power supply connectors. Figure 6.5 shows
the back panel.

Figure 6.5 Avaya W310 Back Panel

Key

1 AC input
2 DC input
3 Earthing terminal

DC Input Connector

Figure 6.6 shows the DC input connector.

Figure 6.6 DC Input Connector

2

3

1

Avaya W310 User’s Guide 33

Chapter 7

Establishing Switch Access

There are various methods for accessing the W310 WLAN Gateway command line interface
(CLI), including:

• a terminal connected to the serial port on the switch. See Establishing a Serial

Connection.

• a workstation running a Telnet session connected via the network. See Establishing a

Telnet Connection.

• a remote terminal/workstation attached via a modem (Point to Point Protocol (PPP)
connection). See Establishing a Modem (PPP) Connection with the W310.

You must assign the W310 its own IP address once you have connected. See for more

Assigning the W310 IP Address information.

Chapter 7 Establishing Switch Access

34 Avaya W310 User’s Guide

Establishing a Serial Connection

This section provides the procedure for establishing switch access between a terminal and
the W310 switch over the serial port provided on the front panel of the W310 (RJ-45
connector labeled “CONSOLE”).

Figure 7.1 W310 Console Port

Configuring the Terminal Serial Port Parameters

The serial port settings for using a terminal or terminal emulator are as follows:

• Baud Rate - 9600 bps

• Data Bits - 8 bits

• Parity - None

• Stop Bit - 1

• Flow Control - None

• Terminal Emulation - VT-100

Connecting a Terminal to the W310 Serial Port

Perform the following steps to connect a terminal to the W310 Console port for accessing the
text-based CLI:

1 The W310 is supplied with a console cable and a RJ-45-to-DB-9 adaptor. Use these

items to connect the serial (COM) port on your PC/terminal to the W310 console port.

2 Ensure that the serial port settings on the terminal are:

— 9600 baud
— 8 bits
— 1 stop bit
— no parity.

3 When you are prompted for a Login Name, enter the default login. The default login is

root.

4 When you are promoted for a password, enter the supervisor level password root.
5 Go to Assigning the W310 IP Address.

Chapter 7 Establishing Switch Access

Avaya W310 User’s Guide 35

Establishing a Telnet Connection

Perform the following steps to establish a Telnet connection to the W310 for configuration:

1 Connect your station to the network.
2 Verify that you can communicate with the W310 using Ping to the IP of the W310. If

there is no response using Ping, check the IP address and default gateway of both the
W310 and the station.

 The W310 default IP address is 149.49.32.134 and the default subnet mask is

255.255.255.0.

3 From the Microsoft Windows taskbar of your PC click Start and then Run (or from the

DOS prompt of your PC), then start the Telnet session by typing: telnet
<W310_IP_address>

— For example: telnet 149.49.32.134

4 If the IP Address in the Telnet command is the IP address of the switch, then the

connection is established with the Switch CLI entity.

5 When you see the “Welcome to W310” menu and are prompted for a Login Name, enter

the default name root

6 When you are prompted for a password, enter the Supervisor Level password root in

lower case letters (do not use uppercase letters).

 The User level prompt will appear when you have established communications

with the W310.

 You can now configure the W310

7 Go to Assigning the W310 IP Address.

Chapter 7 Establishing Switch Access

36 Avaya W310 User’s Guide

Establishing a Modem (PPP) Connection with the W310

Overview

Point-to-Point Protocol (PPP) provides a Layer 2 method for transporting multi-protocol
datagrams over modem links.

Connecting a Modem to the Console Port

A PPP connection with a modem can be established only after the

• W310 is configured with an IP address and net-mask, and the

• PPPP parameters used in the W310 are compatible with the modem’s PPP parameters.

Use the following procedure to connect a modem to the W310 Console port.

1 Connect a terminal to the console port of the W310 switch as described in Connecting a

Terminal to the W310 Serial Port.

2 When you are prompted for a Login Name, enter the default name root.
3 When you are prompted for a Password, enter the password root. You are now in

Supervisor Level.

4 At the prompt, type:

set interface ppp <ip_addr><net-mask>

with an IP address and netmask to be used by the W310 to connect via its PPP interface.

 The PPP interface configured with the set interface ppp command must

be on a different subnet from the inband interface.

5 Set the baud rate, ppp authentication, and ppp time out required to match your modem.

These commands are described in the “Avaya™ W310 Reference Guide”.

6 At the prompt, type:

set interface ppp enable

 The CLI responds with the following:

Entering the Modem mode within 60 seconds...
Please check that the proprietary modem cable is
plugged into the console port

7 Use the DB-25 to RJ-45 connector to plug the console cable to the modem DB-25

connector. Insert the RJ-45 connector at the other end of the cable into the W310
console port.

 The W310 enters modem mode.

8 You can now dial into the switch from a remote station, and open a Telnet session to the

PPP interface IP address.

9 Go to Assigning the W310 IP Address.

Chapter 7 Establishing Switch Access

Avaya W310 User’s Guide 37

Assigning the W310 IP Address

 All W310 switches are shipped with the same default IP address. You must change the

IP address of the W310 switch in order to guarantee that it has its own unique IP address
in the network.

The network management station or a workstation running a Telnet session can establish
communications with the switch once this address had been assigned and the switch has been
inserted into the network. Use the CLI to assign the W310 an IP address and net mask.

To assign the IP address:

1 Establish a serial connection by connecting a terminal to the W310 switch.
2 When prompted for a Login Name, enter the default name root
3 When you are prompted for a password, enter the password root.

 You are now in Supervisor Level.

4 At the prompt, type:

set interface inband <vlan> <ip_address> <netmask>

Replace <vlan>, <ip_address> and <netmask> with the VLAN,
IP address and net mask of the switch.

5Press Enter to save the IP address and net mask.
6 At the prompt, type reset and press Enter to reset the switch. After the Reset, log in

again as described above.

7 At the prompt, type set ip route <dest> <gateway> and replace <dest> and

<gateway> with the destination and gateway IP addresses.

8Press Enter to save the destination and gateway IP addresses.

Chapter 7 Establishing Switch Access

38 Avaya W310 User’s Guide

Avaya W310 User’s Guide 39

Chapter 8

User Authentication

Introduction

A secure system provides safeguards to insure that only authorized personnel can perform
configuration procedures. In the W310 WLAN Gateway, these safeguards form part of the
CLI architecture and conventions, as well as, the W310 Device Manager.

Security Levels

There are four security access levels – User, Privileged, Configure and Supervisor.

• The User level (‘read-only’) is a general access level used to show system parameter
values.

• The Privileged level (‘read-write’) is used by site personnel to access switch
configuration options.

• The Configure level lets you configure the Layer 3 level configuration.

• The Supervisor level (‘administrator’) is used to define user names, passwords, and
access levels of up to 10 local users. In Supervisor level you can also access RADIUS
authentication configuration commands.

 If you wish to define more than ten users per switch, or accounts for a user on

multiple switches, you should use RADIUS (Remote Authentication Dial-In User
Service).

Login Name and Password

A login name and password are always required to access the CLI and the commands or the
W310 Device Manager. The login name, password, and access-type (i.e., security level) for a
user account are established using the username CLI command.

Chapter 8 User Authentication

40 Avaya W310 User’s Guide

Switching Between Entities

Switching between the entities, does not effect the security level since security levels are
established specifically for each user. For example, if the operator with a privileged security
level in the Switch entity switches to the Router entity the privileged security level is
retained.

If you wish to increase security, you can change the default user accounts and SNMP
communities. It is strongly recommended that you change the default user account
authentication credentials and SNMP communities

The W310 Device Manager Web management passwords are the same as those of the CLI. If
you change the passwords of the CLI then those passwords become active for the W310
Device Manager as well.

Using the CLI: Entering the Supervisor Level

The Supervisor level is the level in which you first enter W310 CLI and establish user names
for up to 10 local users. When you enter the Supervisor level, you are asked for a Login
name. Type root as the Login name and the default password root (in lowercase
letters):

Welcome to W310

Login: root

Password:****

Password accepted.

W310(super)#

Defining New Local Users Using the CLI

Define new users and access levels using the following command in Supervisor Level.

In order to... Use the following CLI command...

Add a local user account and configure
a user (name, password and access
level)

username

To remove a local user account no username

Display the username, password and
access type for all users on the switch

show username

Chapter 8 User Authentication

Avaya W310 User’s Guide 41

Exiting the Supervisor Level

To exit the Supervisor level, type the command exit.

Entering the CLI or the W310 Device Manager

Entering the CLI

To enter the CLI, enter your username and password. Your access level is indicated in the
prompt as follows:

• The User level prompt is shown below:

W310>

• The Privileged level prompt is shown below:

W310#

• The Configure level prompt for Layer 3 configuration is shown below:

W310-N(configure)#

• The Supervisor level prompt is shown below:

W310(super)#

Entering the W310 Manager

If you installed the Avaya W310 Manager as part of Avaya Network Management, the
following table provides instructions for starting Avaya W310 Manager.

If you run the Avaya W310
Manager from:

Then use this procedure:

Avaya Network Management
Console

From the network management map:

1 Select the Avaya W310 Device you want to

manage.

2 Click .

Or

Double-click on the Avaya W310 Device.

Or
Select Tools > Avaya Device Manager.

Continued

Chapter 8 User Authentication

42 Avaya W310 User’s Guide

HP Network Node Manager
(NNM)

From the network management map:

1 Select the Avaya W310 Device you want to

manage.

2 Click in the OpenView toolbar.

Or

Double-click on the Avaya W310 Device.

Or
Select Tools > Avaya Device Manager.

Continued

If you run the Avaya W310
Manager from:

Then use this procedure:

Chapter 8 User Authentication

Avaya W310 User’s Guide 43

Web Management To start Avaya W310 Web Management:

1 Point your web browser to http://

xxx.xxx.xxx.xxx, where
xxx.xxx.xxx.xxx is the IP address of the

Avaya W310 Device you want to manage.
The Enter Network Password dialog box
opens.

Figure 8.1 Enter Network Password Dialog
Box

2 Enter root in the User Name field and root

in the Password field.

3 To save the password on your computer,

check the Save this password in your
password list checkbox.

4Click OK. The Avaya W310 Welcome page

opens.

— If the required Java plug-in is installed

on your computer, the Java Plug-in
Security Warning dialog box opens after
a few seconds.

— If the required Java plug-in is not

installed, the plug-in is automatically
downloaded to your computer. Follow
the instructions on the Avaya W310
Welcome page to install the plug-in.

If you run the Avaya W310
Manager from:

Then use this procedure:

Chapter 8 User Authentication

44 Avaya W310 User’s Guide

RADIUS

Introduction to RADIUS

User accounts are typically maintained locally on the W310. Therefore, if a site contains
multiple Avaya W310 gateways, it is necessary to configure each with its own user accounts.
In addition, for example, a 'read-write' user has to be changed into a 'read-only' user, you
must change all the 'read-write' passwords configured locally in every W310, in order to
prevent the user from accessing this level. This is obviously not effective management. A
better solution is to have all of the user login information kept in a central location where all
the W310s can access it. W310 features such a solution: the Remote Authentication Dial-In
User Service (RADIUS).

How It Works

A RADIUS authentication server is installed on a central computer at the user's site. On this
server, user authentication (account) information is configured that provides various degrees
of access to the switch. The W310 will run as a RADIUS client. When a user attempts to log
into the W310, if there is no local user account for the entered user name and password, then
the W310 will send an Authentication Request to the RADIUS server in an attempt to
authenticate the user remotely. If the user name and password are authenticated, then the
RADIUS server responds to the W310 with an Authentication Acknowledgement that
includes information on the user's privileges ('administrator', 'read-write', or 'read-only'), and
the user is allowed to gain access to the switch. If the user is not authenticated, then an
Authentication Reject is sent to the W310 and the user is not allowed access to the W310's
embedded management.

The Remote Authentication Dial-In User Service (RADIUS) is an IETF standard (RFC

2138) client/server security protocol. Security and login information is stored in a central
location known as the RADIUS server. RADIUS clients such as the W310, communicate
with the RADIUS server to authenticate users.

All transactions between the RADIUS client and server are authenticated through the use of
a “shared secret” which is not sent over the network. The shared secret is an authentication
password configured on both the RADIUS client and its RADIUS servers. The shared secret
is stored as clear text in the client’s file on the RADIUS server, and in the non-volatile
memory of the W310. In addition, user passwords are sent between the client and server are
encrypted for increased security.

Chapter 8 User Authentication

Avaya W310 User’s Guide 45

Figure 8.2 illustrates the RADIUS authentication procedure:

Figure 8.2 RADIUS Authentication Procedure

User attempts login

Local User

account

authenticated in

swi tch?

Perform log-in according

to user's priviliege level

to switch

Yes

Authentication
request sent to

RADI US Ser ver

No

User name and

password

authenticated?

Yes

Authentication Reject

sent t o swi t ch

User cannot access switch

emb edd ed m anagegment

No

Chapter 8 User Authentication

46 Avaya W310 User’s Guide

Using RADIUS CLI Commands

The following RADIUS commands are accessible from Supervisor level.

For a complete description of the RADIUS CLI commands, including syntax and output
examples, refer to W310 CLI Reference Guide.

Using the W310 Manager

1 To view or set the RADIUS configuration information about the device:

— Click the device symbol in the Tree View.

Or

— Click the device’s label in the Chassis View. The Device Information dialog box

opens.

In order to... Use the following command...

Enable or disable authentication for the
W310 switch. RADIUS authentication
is disabled by default

set radius authentication

Set a primary or secondary RADIUS
server IP address

set radius authentication server

Configure a character string to be used
as a “shared secret” between the switch
and the RADIUS server.

set radius authentication secret

Set the RFC 2138 approved UDP port
number.

set radius authentication udp-port

Set the number of times an access
request is sent when there is no
response

set radius authentication retry-number

Set the time to wait before re-sending
an access request.

set radius authentication retry-time

Remove a primary or secondary
RADIUS authentication server

clear radius authentication server

Display all RADIUS authentication
configurations. The shared secrets will
not be displayed

show radius authentication

Chapter 8 User Authentication

Avaya W310 User’s Guide 47

2 Click the RADIUS tab. The RADIUS dialog appears as shown below.

Figure 8.3 Device Information Dialog Box - RADIUS Tab

The following table provides a list of the fields in the RADIUS tab of the Device Information
dialog box and their descriptions.

Table 8.1 Device Information Fields - RADIUS Tab

In order to . . . Do the following . . .

Enable or disable a primary
server

Use the Set Primary Server Status field.

•Set to True so the configured primary RADIUS
server is available for connection.

•Set to False so the primary RADIUS server is not
available for connection.

Continued

Chapter 8 User Authentication

48 Avaya W310 User’s Guide

Enable or disable a
secondary server

Use the Set Secondary Server Status field.

•Set to True so the configured secondary RADIUS
server is available for connection.

•Set to False so the secondary RADIUS server is not
available for connection.

Set the primary server IP
address

Use the Primary Server IP Address field. Enter the IP
address of the primary RADIUS server.

Set the secondary server IP
address

Use the Secondary Server IP Address field. Enter the
IP address of the secondary RADIUS server.

Set the RFC 2138
approved UDP port
number.

Use the Port field. Enter the TCP port used for RADIUS
communication. The default is 1812

Configure a character
string to be used as a
“shared secret” between
the switch and the
RADIUS server.

Use the Shared Secret field. The encrypted password
for accessing the RADIUS server.

Verify the shared secret Use the Retype Shared Secret field. Verify the shared

secret password by typing in the character string exactly
as you did for the Shared Secret field.

Set the time to wait before
re-sending a RADIUS
server access request.

Use the Retry Time (seconds) field. The amount of
time for the device to attempt a connection with the
RADIUS server after a previous communication attempt
failed.

Set the number of times a
RADIUS server access
request is sent when there
is no response

Use the Maximum Retransmission field. The number
of times the device will attempt to connect to the
RADIUS server without successfully connecting.

Remove a primary or
secondary RADIUS
authentication server

•Use the Set Primary Server Status and/or the Set
Secondary Server Status field(s). Set to False so
the RADIUS server is not available for connection.

•Use the Primary Server IP Address and/or
Secondary Server IP Address field(s). Remove the
IP address.

Table 8.1 Device Information Fields - RADIUS Tab (Continued)

In order to . . . Do the following . . .

Chapter 8 User Authentication

Avaya W310 User’s Guide 49

Allowed Managers

With the Allowed Managers feature, the network manager can determine who may or may
not gain management access to the switch. The feature can be enabled or disabled (default is
disabled). When enabled, only those users that are configured in the Allowed Managers table
are able to gain Telnet, HTTP, and SNMP management access to the switch.

You can configure up to 20 Allowed Mangers by adding or removing their IP address from
the Allowed Managers List.

Note: The identification of an “Allowed Manager” is done by checking the Source IP
address of the packets, thus if the Source IP address is modified on the way (Network
Address Translation (NAT), Proxy, etc.), even an “Allowed Manager” will not be able to
access the W310.

Allowed Manager CLI Commands

In order to... Use the following command...

When set to enabled - only managers
with ip address specified in the allowed
table will be able to access the device

set allowed managers

Add/delete ip address of manager to/
from the allowed table

set allowed managers ip

Show the IP addresses of the managers
that are allowed to access the device

show allowed managers table

Show whether the status of allowed
managers is enabled or disabled

show allowed managers status

Show the IP addresses of the managers
that are currently connected

show secure current

Chapter 8 User Authentication

50 Avaya W310 User’s Guide

Section 3

CONFIGURATION

Avaya W310 User’s Guide 49

Chapter 9

W310 WLAN Gateway Default Settings

This section describes the procedures for the first-time configuration of the W310. The
factory defaults are set out in detail in the tables included in this chapter.

Configuring the Switch

The W310 may be configured using the text-based Command Line Interface (CLI), the built­in W310 Device Manager (Embedded Web) or Avaya Multi-Service Network Manager™.

For instructions on the text-based CLI, see the Avaya0 W310 CLI Reference Guide.

For instructions on installation of the graphical user interfaces, see Embedded Web

Manager. For instructions on the use of the graphical user interfaces, refer to the W310

Device Manager User’s Guide on the Documentation and Utilities CD.

W310 Default Settings

The default settings for the W310 switch and its ports are determined by the W310 software.
These default settings are subject to change in newer versions of the W310 software. See the
Release Notes for the most up-to-date settings.

Table 9.1 Default Switch Settings

Function Default Setting

IP address 149.49.32.134

Subnet Mask 255.255.255.0

Default gateway 0.0.0.0

Management VLAN ID 1

Spanning tree Enabled

Bridge priority for Spanning Tree 32768

Keep alive frame transmission Enabled

Network time acquisition Enabled, Time

protocol

Time server IP address 0.0.0.0

Continued

Chapter 9 W310 WLAN Gateway Default Settings

50 Avaya W310 User’s Guide

Functions operate in their default settings unless configured otherwise.

Table 9.2 Default Port Settings

Timezone offset 0 hours

SNMP communities:
Read-only
Read-write
Trap SNMP

Public
Public
Public

SNMP authentication trap Disabled

CLI timeout 15 Minutes

User Name/Password root/root

Function Default Setting

Ports 1 to 16 Ports 51 and 52

Duplex mode Half/Full duplex

depends on auto­negotiation results

Full duplex only

Port speed 10/100 Mbps

Depends on auto­negotiation results

1000 Mbps

Auto-negotiation

1

Enable Enable

Flow control Disabled (no pause) Disabled (no pause)

Flow control auto­negotiation
advertisement

Not applicable Disabled (no pause)

Administrative state Enable Enable

Port VLAN ID 1 1

Continued

Table 9.1 Default Switch Settings

Function Default Setting

Chapter 9 W310 WLAN Gateway Default Settings

Avaya W310 User’s Guide 51

Eavesdropping
Prevention

Intrusion Prevention

Tagging mode Clear Clear

Port priority 0 0

Spanning Tree cost 19 4

Spanning Tree port
priority

128 128

InLine Power Enabled Not applicable

InLine Power Priority Low Not applicable

1 Ensure that the other side is also set to Autonegotiation Enabled.

Function Default Setting

Chapter 9 W310 WLAN Gateway Default Settings

52 Avaya W310 User’s Guide

Avaya W310 User’s Guide 53

Chapter 10

Basic Switch Configuration

Introduction

This section describes the parameters you can define for the chassis, such as its name and
location, time parameters, and so on.

Setting Up Your Display or Terminal For the CLI

Use the CLI commands described below for configuring the display on your terminal or
workstation.

In order to... Use the following command...

Display or set the terminal width (in
characters)

terminal width

Display or set the terminal length (in
lines)

terminal length

Display or set the prompt hostname

Return the prompt to its default value no hostname

Clear the current terminal display clear screen

Set the number of minutes before an
inactive CLI session automatically logs
out

set logout

Display the number of minutes before
an inactive CLI session automatically
times out

show logout

Chapter 10 Basic Switch Configuration

54 Avaya W310 User’s Guide

System Parameter Configuration

Identifying the System Using the CLI

In order to make a W310 WLAN Gateway switch easier to identify, you can define a

• name for the switch,

• contact information for the switch technician and the

• location of the switch in the organization.

Displaying Operating Parameters Using the CLI

You can use the following commands to

• configure and display the mode of operation for the switch and

• display key parameters.

Identifying the System and Displaying the Operating Parameters Using the W310 Manager

The W310 Device Manager’s Device Information Dialog Box - General Tab provides you
with general system information about the Avaya W310 device.

To view the information about the device:

• Click the device symbol in the Tree View.

or

• Click the device’s label in the Chassis View. The Device Information dialog box opens.

In order to... Use the following command...

Configure the system name. set system name

Configure the system contact person set system contact

Configure the system location set system location

In order to... Use the following command...

Display system parameters show system

Display information on the switch show module

Chapter 10 Basic Switch Configuration

Avaya W310 User’s Guide 55

Figure 10.1 Device Information Dialog Box - General Tab

The following table provides a list of the fields in the General tab of the Device Information
dialog box and their descriptions.

Table 10.1 Device Information Fields - General Tab

In order to . . . Do the following . . .

Set a system name Use the System Name field to enter a logical name of

the device, as defined on the SNMP agent of the device.

View the device IP
Address

See the IP Address field.

View the device MAC
Address

See the MAC Address of the device.

Set a contact name for
device maintenance

Use the Contact field to enter the name of the individual
responsible for the maintenance of this device.

Set the physical location of
the W310

Use the Physical Location field to enter the current
physical location of this device.

View the identify of the
device family

See the Device Family field to view the model of the
device.

Continued

Chapter 10 Basic Switch Configuration

56 Avaya W310 User’s Guide

Network Time Acquiring Protocols Parameter Configuration

The W310 can acquire the time from a Network Time Server. W310 supports the

• Simple Network Time Protocol (SNTP) Protocol (RFC 958) over User Datagram
Protocol (UDP) port 123 or

• TIME protocol over UDP port 37.

Use the CLI commands briefly described below for configuring and display time
information and acquiring parameters.

View the device’s system
description

See the System Description field for a description of
the device and its current software version.

View the number of
modules installed on the
device

See the Number of Modules field. This is 1 by default.

Set the management
VLAN

Use the Management VLAN field to enter the VLAN
of which this device is a member. If you change the
management VLAN, you must reset all W310s in your
domain so that the change takes effect.

View the device’s
operational status

See the Operational Status field to view the operational
status of the device. Possible values are:

• OK - Device is functioning normally.

• Down - Device is reporting errors that make it
unable to function.

• Fatal - Device is reporting errors that are not
recoverable.

In order to... Use the following command...

Restore the time zone to its default,
UTC.

clear timezone

Configure the time zone for the system set timezone

Configure the time protocol for use in
the system

set time protocol

Continued

Table 10.1 Device Information Fields - General Tab (Continued)

In order to . . . Do the following . . .

Chapter 10 Basic Switch Configuration

Avaya W310 User’s Guide 57

Enable or disable the time client set time client

Configure the network time server IP
address

set time server

Display the current time show time

Display the time status and parameters show time parameters

Display the current time zone offset show timezone

Get the time from the time server get time

In order to... Use the following command...

Chapter 10 Basic Switch Configuration

58 Avaya W310 User’s Guide

Avaya W310 User’s Guide 59

Chapter 11

W310 WLAN Gateway Layer 2 Features

This section describes the W310 Layer 2 features. It provides the basic procedures for
configuring the W310 for Layer 2 operation.

Overview

The W310 family supports a range of Layer 2 features. Each feature has CLI commands
associated with it. These commands are used to configure, operate, or monitor switch
activity for each of the Layer 2 features.

This section of the User’s Guide explains each of the features. Specifically, the topics
discussed here include:

• Ethernet

• VLAN Configuration

• IEEE 802.1X PBNAC (Port Based Network Access Control)

• Spanning Tree Protocol

• Rapid Spanning Tree Protocol (RSTP)

• MAC Aging

• Link Aggregation Group (LAG)

• Port Redundancy

• IP Multicast Filtering

• Multilayer Policy

• Weighted Queuing

• Port Classification

When a data port is connected to a W110 (LAP), the behavior of the port is changed.
Please refer to "Ports connected to W110 LAP" for a summary of the
changes.

Chapter 11 W310 WLAN Gateway Layer 2 Features

60 Avaya W310 User’s Guide

Ethernet

Ethernet is one of the most widely implemented LAN standards. It uses the Carrier Sense
Multiple Access with Collision Detection (CSMA/CD) access method to handle
simultaneous demands. CSMA/CD is a multi-user network allocation procedure in which
every station can receive the transmissions of every other station. Each station waits for the
network to be idle before transmitting and each station can detect collisions by other stations.

The first version of Ethernet supported data transfer rates of 10 Mbps, and is therefore
known as 10Base-T.

Fast Ethernet

Fast Ethernet is a newer version of Ethernet, supporting data transfer rates of 100 Mbps. Fast
Ethernet is sufficiently similar to Ethernet to support the use of most existing Ethernet
applications and network management tools. Fast Ethernet is also known as 100Base-T (over
copper) or 100Base-FX (over fiber).

Fast Ethernet is standardized as IEEE 802.3u.

Gigabit Ethernet

Gigabit Ethernet supports data rates of 1 Gbps. It is also known as 1000Base-T (over copper)
or 1000Base-FX (over fiber).

Gigabit Ethernet is standardized as IEEE 802.3z.

Configuring Ethernet Parameters

Auto-Negotiation

Auto-Negotiation is a protocol that runs between two stations, two W310s or a station and a
switch. When enabled, Auto-Negotiation negotiates port speed and duplex mode by
detecting the highest common denominator port connection for the endstations. For example,
if one workstation supports both 10 Mbps and 100 Mbps speed ports, while the other
workstation only supports 10 Mbps, then Auto-Negotiation sets the port speed to 10 Mbps.

For Gigabit ports, Auto-Negotiation determines the Flow Control configuration of the port.

Full-Duplex/Half-Duplex

Devices that support Full-Duplex can transmit and receive data simultaneously, as opposed
to half-duplex transmission where each device can only communicate in turn.

Full-Duplex provides higher throughput than half-duplex.

Speed

The IEEE defines three standard speeds for Ethernet: 10, 100 and 1000 Mbps (also known as
Ethernet, Fast Ethernet and Gigabit Ethernet respectively).

Chapter 11 W310 WLAN Gateway Layer 2 Features

Avaya W310 User’s Guide 61

Flow Control

The process of adjusting the flow of data from one device to another to ensure that the
receiving device can handle all of the incoming data. This is particularly important where the
sending device is capable of sending data much faster than the receiving device can receive
it.

There are many flow control mechanisms. One of the most common flow control protocols,
used in Ethernet full-duplex, is called xon-xoff. In this case, the receiving device sends a an
xoff message to the sending device when its buffer is full. The sending device then stops
sending data. When the receiving device is ready to receive more data, it sends an xon signal.

Priority

By its nature, network traffic varies greatly over time, so short-term peak loads may exceed
the W310 capacity. When this occurs, the W310 must buffer frames until there is enough
capacity to forward them to the appropriate ports.

This, however, can interrupt time-sensitive traffic streams, such as Voice and other
converged applications. These packets need to be forwarded with the minimum of delay or
buffering. In other words, the packets need to be given high priority over other types of
network traffic.

Priority determines which order packets are sent on the network and is a key part of QoS
(Quality of Service). The IEEE standard for priority on Ethernet networks is 802.1p.

The Avaya W310 supports two internal priority queues – the High Priority queue and the
Normal Priority queue – on its Gigabit Ethernet ports (51,52) and four internal priority
queues on its 10/100Mbps ports. The classification of packets within the queues is as
follows:

• Gigabit Ethernet ports:
— packets tagged with priorities 4-7 are assigned to the High Priority queue
— packets tagged with priorities 0-3 are assigned to the Normal Priority queue.

• 10/100 Mbps ports:
— packets tagged with priorities 0-1 are assigned to the Low Priority queue
— packets tagged with priorities 2-3 are assigned to the Normal Priority queue;
— packets tagged with priorities 4-5 are assigned to the High Priority queue
— packets tagged with priorities 6-7 are assigned to the Highest Priority queue.

This classification is based either on the packet’s original priority tag, or, if the packet
arrives at the port untagged, based on the priority configured for the ingress port (using the
set port level CLI command).

In cases where the packet was received tagged, this priority tag is retained when the packet is
transmitted through a tagging port.

Chapter 11 W310 WLAN Gateway Layer 2 Features

62 Avaya W310 User’s Guide

In cases where the priority is assigned based on the ingress priority of the port, then on an
egress tagging port the packet will carry a priority tag as follows:

• If the ingress port was a W310 port or a W310 Gigabit Ethernet port (51,52), the packet
will be tagged either priority 0 or priority 4, depending on the queue it was assigned to
(High Priority=4, Normal Priority=0).

• If the ingress port was a W310 10/100 Ethernet port, the packet will be tagged according
to the ingress port priority value configured by the set port level CLI command.

Media Access Control (MAC) Address

The MAC address is a unique 48-bit value associated with any network adapter. MAC
addresses are also known as hardware addresses or physical addresses. They uniquely
identify an adapter on a LAN.

MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC
addresses are usually written in one of the following two formats:

• MM:MM:MM:SS:SS:SS

• MM-MM-MM-SS-SS-SS

The first half of a MAC address contains the ID number of the device manufacturer. These
IDs are regulated by an IEEE standards body. The second half of a MAC address represents
the serial number assigned to the device by the manufacturer.

Channel Access Method (CAM) Table

The CAM Table contains a mapping of learned MAC addresses to port

and VLANs. The

W310 checks forwarding requests against the addresses contained in the CAM Table:

• If the MAC address appears in the CAM Table, the packet is forwarded to the
appropriate port.

• If the MAC address does not appear in the CAM Table, or the MAC Address mapping
has changed, the frame is duplicated and copied to all the ports. Once a reply is received,
the CAM table is updated with the new address/VLAN port mapping.

Chapter 11 W310 WLAN Gateway Layer 2 Features

Avaya W310 User’s Guide 63

Ethernet Configuration CLI Commands

The following table contains a list of the configuration CLI commands for the Ethernet
feature. The rules of syntax and output examples are all set out in detail in the Avaya W310

CLI Reference Guide.

Table 11.1 Configuration CLI Commands for Ethernet Feature

In order to... Use the following command...

Set the auto negotiation mode of a port set port negotiation

Administratively enable a port set port enable

Administratively disable a port set port disable

Set the speed for a 10/100 port set port speed

Configure the duplex mode of a
10/100BASE-T port

set port duplex

Configure a name for a port set port name

Set the send/receive mode for flow­control frames for a full duplex port

set port flowcontrol

Set the flow control advertisement for a
Gigabit port when performing
autonegotiation

set port auto-negotiation-flowcontrol­advertisement

Set the priority level of a port set port level

Display settings and status for all ports show port

Display per-port status information
related to flow control*

show port flowcontrol

Display the flow control advertisement
for a Gigabit port used to perform auto­negotiation*

show port auto-negotiation­flowcontrol-advertisement

Display the CAM table entries for a
specific port

show cam

Clear all the CAM entries. clear cam

Display the autopartition settings show autopartition

Chapter 11 W310 WLAN Gateway Layer 2 Features

64 Avaya W310 User’s Guide

Ethernet Port Configuration Using the W310 Manager

To view the General tab of the Port Configuration dialog box for a selected port:

• Click the port symbol in the Chassis View.

Or

• Click the port’s icon in the Tree View. The Port Configuration dialog box opens to the
General tab.

Figure 11.1 Port Configuration Dialog Box - General Tab

* It is recommended to set ports connected to W110 to flow-control off and auto­negotiation enabled.

In order to... Use the following command...

Chapter 11 W310 WLAN Gateway Layer 2 Features

Avaya W310 User’s Guide 65

The following table provides a list of the fields in the Port Configuration dialog box of the
General tab and their descriptions.

Table 11.2 Port Configuration Dialog Box - General Tab Parameters

Field Description

Set the port name Use the Port Name field to define a logical name to the

port for ease of use.

View the port type for a
selected port

Select the port you want to view by clicking on the port
icon in the Tree View or Chassis View. See the Port
Type field to view the port type; optionally includes
reference to the port connector type. For example, a port
connector type may include 10 or 100TPort +In PWR.

View the port functionality Use the Port Functionality field to view the physical

media type of the selected port.

• If the port conforms to a certain standard (Repeater,
Transceiver, 10BaseT, etc.), this standard is
displayed.

• If the port does not conform to any standard, Private
is displayed.

Example: A 100BaseT Ethernet port functionality is
shown as ethBaseTXwinPWR

Set the administrative
status of a port

Use the Administrative Status field to set the
administrative state of the selected port:

• Enable - The port is enabled and can transmit and
receive packets.

• Disable - The port is disabled and cannot transmit or
receive packets.

View the Link Aggregation
(LAG) name

Use the LAG Name field to view the name of LAG the
port belongs to, if configured. If it does not belong to a
LAG, Not in LAG is displayed.
To set a LAG:
1 Select the LAG icon or go to Configure and select

LAG. The LAG Information page appears.

2 Click Wizard to start the LAG Wizard.

Continued

Chapter 11 W310 WLAN Gateway Layer 2 Features

66 Avaya W310 User’s Guide

Tagging Mode The port’s operational mode regarding VLANs. The

possible modes are:

• Clear - Transmits each outgoing packet in untagged
format if it belongs to the port’s VLAN. Otherwise,
it discards the packet.

• IEEE-802.1Q - VLAN tagging, per IEEE 802.1Q

VLAN standard.

The port will transmit frames with a VLAN ID of
1 - 3071.

VLAN ID The VLAN number of the port.

Port Priority Level The priority level of packets exiting the port or ports.

For effective transmission, multimedia packets must be
received at regular intervals. To ensure this, you can
assign priorities to packets coming out of a port.
Whenever traffic load is extreme and a port cannot
accept all incoming packets, packets sent from a port
with the highest priority will pass through first.
However, a fairness mechanism will allow low priority
packets to eventually enter the bus.
Possible values are: User Priority 0...User

Priority 7

Auto Negotiation Mode* The configured state of the Auto-Negotiation protocol

between two stations. When enabled, Auto-Negotiation
detects the highest common denominator for
communication between end stations, and sets both to
the same highest common setting. It also delivers remote
link status.

• For 10BaseT and 100BaseT ports,
Auto-Negotiation determines the speed and Duplex
Mode of communication between the end stations.

• For Gigabit ports, Auto-Negotiation determines the
Flow Control setting of the ports.

For more information, refer to Auto-Negotiation in The

Reference Guide.

Continued

Table 11.2 Port Configuration Dialog Box - General Tab Parameters (Continued)

Field Description

Chapter 11 W310 WLAN Gateway Layer 2 Features

Avaya W310 User’s Guide 67

Auto Negotiation Status The operational state of the Auto-Negotiation protocol

between two stations. Possible statuses are:

• Pass - The Auto-Negotiation protocol is enabled and
a common protocol has been established.

• In progress - The Auto-Negotiation protocol is in
the process of detecting the communication
capabilities of the endstations and setting them to the
highest common denominator.

• Fail - The Auto-Negotiation protocol was not able to
detect the communication capabilities of the end
station, or was unable to set them to the highest
common denominator.

• Disabled - The Auto-Negotiation protocol is
disabled.

Duplex Mode The state of communication of the selected port.

Possible values are:

• Full Duplex - The port can send and receive
simultaneously.

• Half Duplex - The port can either receive or send,
but cannot do both simultaneously.

Speed Mode The rate of communication of the selected port. Possible

values are:

• Ethernet

• Fast Ethernet

• Gigabit Ethernet

Flow Control Mode* The state of flow control on the selected port.

Operational Status The warning level of the selected port. Possible values

are:

• OK

• Warning

• Fatal

Fault Messages A list of fault messages.

* It is recommended to set ports connected to W110 LAPs to flow-control off and auto­negotiation enabled.

Table 11.2 Port Configuration Dialog Box - General Tab Parameters (Continued)

Field Description

Chapter 11 W310 WLAN Gateway Layer 2 Features

68 Avaya W310 User’s Guide

VLAN Configuration

VLAN Overview

A VLAN is made up of a group of devices on one or more LANs that are configured so that
they operate as if they form an independent LAN, when in fact they may be located on a
number of different LAN segments. VLANs can be used to group together departments and
other logical groups, thereby reducing network traffic flow and increasing security within the
VLAN.

The figure below illustrates how a simple VLAN can connect several endpoints in different
locations and attached to different hubs. In this example, the Management VLAN consists of
stations on numerous floors of the building and which are connected to both Device A and
Device B.

Figure 11.2 VLAN Overview

In virtual topological networks, the network devices may be located in diverse places around
the LAN—such as in different departments, on different floors or in different buildings.
Connections are made through software. Each network device is connected to a hub, and the
network manager uses management software to assign each device to a virtual topological
network. Elements can be combined into a VLAN even if they are connected to different
devices.

VLANs should be used whenever there are one or more groups of network users that you
want to separate from the rest of the network.

Chapter 11 W310 WLAN Gateway Layer 2 Features

Avaya W310 User’s Guide 69

In Figure 11.3, the W310 has three separate VLANs: Sales, Engineering, and Marketing.
Each VLAN has several physical ports assigned to it with PCs connected to those ports.
When traffic flows from a PC on the Sales VLAN for example, that traffic is only forwarded
out the other ports assigned to that VLAN. Thus, the Engineering and Marketing VLANs are
not burdened with processing that traffic.

Figure 11.3 VLAN Switching and Bridging

VLAN Tagging

VLAN Tagging is a method of controlling the distribution of information on the network.
The ports on devices supporting VLAN Tagging are configured with the following
parameters:

• Port VLAN ID is the number of the VLAN to which the port is assigned.

• Tagging Mode. Untagged frames (and frames tagged with VLAN 0) entering the port
are assigned the port's VLAN ID. Tagged frames are unaffected by the port's VLAN ID.
The Tagging Mode determines the behavior of the port that processes outgoing frames:

— If Tagging Mode is set to “Clear”, the port transmits frames that belong to the port's

VLAN table. These frames leave the device untagged.

— If Tagging Mode is set to “IEEE-802.1Q”, all frames keep their tags when they

leave the device. Frames that enter the switch without a VLAN tag will be tagged
with the VLAN ID of the port they entered through.

Multi VLAN Binding

Multi VLAN binding (Multiple VLANs per port) allows access to shared resources by
stations that belong to different VLANs through the same port. This is useful in applications
such as multi-tenant networks, where each user has a VLAN for privacy, but the whole
building has a shared high-speed connection to the ISP.

Sales

Sales

Marketing

Marketing

Engineering

Engineering

Chapter 11 W310 WLAN Gateway Layer 2 Features

70 Avaya W310 User’s Guide

In order to accomplish this, W310 allows you to set multiple VLANs per port. The three
available Port Multi-VLAN binding modes are:

• Bind to All – the port is programmed to support the entire 3K VLANs range. Traffic
from any VLAN is forwarded through a port defined as “Bind to All”. This is intended
mainly for easy backbone link configuration

• Bind to Configured – the port supports all the VLANs configured in the switch. These
may be either Port VLAN IDs (PVID) or VLANs that were manually added to the
switch.

• Statically Bound – the port supports VLANs manually configured on it.

VLAN Binding – The forwarding mechanism of the W310 is based on a frame’s VLAN
and MAC address. If a frame is destined to a known MAC address but arrives on a
different VLAN than the VLAN on which this MAC address was learned. This frame
will be flooded as unknown to all ports that are bound to its VLAN. So VLAN binding
should be executed with care, especially on ports connected to workstations or servers.

Figure 11.4 illustrates these binding modes in W310.

Figure 11.4 Multiple VLAN Per-port Binding Modes

Static Binding

• The user manually specifies
the list of VLAN IDs to be
bound to the port, up to 253
VLANs

• Default mode for every port

• Only VLAN 9, and any other
VLANs statically configured
on the portwill be allowed to
access this port

Bind to Configured

• The VLAN table of the port will
support all the Static VLAN
entries and all the ports’ VLAN
IDs (PVIDs) present in the
switch

• VLANs 1,3,5,9,10 coming from
the bus will be allowed access
through this port

Bind to All

• Any VLAN in the range of
1-4094 will be allowed
access through this
port

Chapter 11 W310 WLAN Gateway Layer 2 Features

Avaya W310 User’s Guide 71

Ingress VLAN Security

When a VLAN-tagged packet arrives at a port, only the packets with the VLAN tag
corresponding to the VLANs which are configured on the port will be accepted. Packets with
other VLAN tags will be dropped.

VLAN CLI Commands

The following table contains a list of the CLI commands for the VLAN feature. The rules of
syntax and output examples are all set out in detail in the W310 CLI Reference Guide.

Table 11.3 VLAN CLI Commands

In order to... Use the following command...

Assign the Port VLAN ID (PVID) set port vlan

Define the port binding method set port vlan-binding-mode

Define a static VLAN for a port set port static-vlan

Configure the tagging mode of a port set trunk

Create VLANs set vlan

Display the port VLAN binding mode
settings

show port vlan-binding-mode

Display VLAN tagging information of
the ports, port binding mode, port
VLAN ID and the allowed VLANs on
a port

show trunk

Display the VLANs configured in the
switch.

show vlan

Clear VLAN entries clear vlan

Clear a VLAN statically configured on
a port

clear port static-vlan

Clear the dynamic vlans learned by the
switch from incoming traffic

clear dynamic vlans

Chapter 11 W310 WLAN Gateway Layer 2 Features

72 Avaya W310 User’s Guide

VLAN Configuration Using the W310 Manager

To configure VLAN names, numbers, and component switch ports:

1Click .

Or

Select Configure > VLANs. The VLAN Configuration dialog box opens.

2 Click the New button on the bottom of the dialog. The Port Configuration dialog

appears.

Figure 11.5 Port Configuration Area

The following table provides a list of the configuration parameters in the Port Configuration
tab and their description.

Table 11.4 Port Configuration Area Parameters

In order to . . . Do the following . . .

Create a Port VLAN ID
(PVID) for a port or
group of ports

In the PVID field, from the drop-down menu, select the
Port VLAN ID (PVID) of the port. This is the VLAN of
which the port is a member. THE PVID pull-down list
contains all VLANS known to the network and VLANs
on the device.

Set a tagging mode for
the port

In the Tagging Mode field, from the drop-down menu,
select the tagging mode of the port. The tagging mode
controls the tagging of packets that can be forwarded by
the port. The following tagging modes are available.

• Clear - The packet is forwarded with no VLAN tag.

• IEEE-802.1Q - The packet is forwarded with a
VLAN tag in conformance with the IEEE-802.1q
standard.

Continued

Chapter 11 W310 WLAN Gateway Layer 2 Features

Avaya W310 User’s Guide 73

Set the configured
binding style on the port

In the Binding Style field, from the drop-down menu,
select the binding style configured on the port. The
binding style defines which packets can be forwarded by
the port. The following binding styles are available:

• Bind to All - The port is bound to all VLANs known
to the device. This is also known as persistent
binding. If a packet is on a VLAN not known to the
device, the packet is discarded.

• Bind to Configured - The port is bound to all
VLANs known to the device and to the VLANs with
which packets reaching the ports are tagged. This is
also known as dynamic binding. If a packet is on a
VLAN not known to the device, the packet is
discarded.

• Static - The port is bound to the VLANs checked in
the Static Binding VLANs list. Packets on all other
VLANs are discarded.

Set the parameters for
static binding VLANs

In the Static Binding VLANs field, select from the
VLANs to which you want to bind to the port being
configured.

• Checked - The VLAN is bound to the port being
configured.

• Unchecked - The VLAN is not bound to the port
being configured.

Note: The settings are only used when the
port is configured with the Static Binding
Style.

Table 11.4 Port Configuration Area Parameters (Continued)

In order to . . . Do the following . . .

Chapter 11 W310 WLAN Gateway Layer 2 Features

74 Avaya W310 User’s Guide

IEEE 802.1X PBNAC (Port Based Network Access Control)

Port Based Network Access Control is a method for performing authentication to obtain
access to IEEE 802 LANs. The protocol defines an interaction between 3 entities:

• Supplicant — an entity at one end of a point-to-point LAN segment that is being
authenticated by an authenticator attached to the other end of that link.

• Authenticator — an entity at one end of a point-to-point LAN segment that facilitates
authentication of the entity attached to the other end of that link; in this case, the W310.

• Authentication (RADIUS) Server — an entity that provides an authentication service
to an authenticator. This service determines, from the credentials provided by the
supplicant, whether the supplicant is authorized to access the services provided by the
authenticator.

The process begins with the supplicant trying to access a certain restricted network resource,
and upon successful authentication by the authentication server, the supplicant is granted
access to the network resources.

How “Port-Based” Authentication Works

802.1X provides a means of

• authenticating and authorizing users attached to a LAN port and

• preventing access to that port in cases where the authentication process fails.

The authentication procedure is port based, which means:

• access control is achieved by enforcing authentication on connected ports

• if an end-point station that connects to a port is not authorized, the port state is set to
“unauthorized” which closes the port to any traffic.

• As a result of an authentication attempt, the W310 port can be either in a “blocked” or a
“forwarding” state.

802.1X interacts with existing standards to perform its authentication operation. Specifically,

it makes use of Extensible Authentication Protocol (EAP) messages encapsulated within
Ethernet frames (EAPOL), and EAP over RADIUS for the communication between the
Authenticator and the Authentication Server.