How it Works
Symbol Technologies
Loading...
AP5181D
User Manual
2 pgs285.43 Kb0
User Manual
282 pgs2.8 Mb0
User Manual
100 pgs2.38 Mb0
Users Manual
100 pgs2.54 Mb0
Users Manual
100 pgs2.99 Mb0

Symbol Technologies AP5181D Users Manual

System Configuration
The access point SNMP agent functions as a command responder and is a multilingual agent responding to SNMPv1, v2c and v3 managers (command generators). The factory default configuration maintains SNMPv1/2c support of the community names, hence providing backward compatibility.
SNMP v1/v2c community definitions and SNMP v3 user definitions work independently, and both use the Access Control List (ACL) of the SNMP Access Control sub-screen.
To configure SNMP v1/v2c community definitions and SNMP v3 user definitions for the access point:
1. Select System Configuration - > SNMP Access from the access point menu tree.
4-19
SNMP v1/v2c community definitions allow read-only or read/write access to access point management information. The SNMP community includes users whose IP addresses are specified on the SNMP Access Control screen.
A read-only community string allows a remote device to retrieve information, while a read/ write community string allows a remote device to modify settings. Symbol recommends
4-20
AP-51xx Access Point Product Reference Guide
considering adding a community definition using a site-appropriate name and access level. Set up a read/write definition (at a minimum) to facilitate full access by the access point administrator.
2. Configure the SNMP v1/v2 Configuration field (if SNMP v1/v2 is used) to add or delete
community definitions, name the community, specify the OID and define community access.
Add Click Add to create a new SNMP v1/v2c community definition.
Delete Select Delete to remove a SNMP v1/v2c community definition.
Community
OID Use the OID (Object Identifier) pull-down list to specify a setting of
Access Use the Access pull-down list to specify read-only (R) access or
3. Configure the
Use the Community field to specify a site-appropriate name for the community. The name is required to match the name used within the remote network management software.
All or a enter a Custom OID. Select All to assign the user access to all OIDs in the MIB. The OID field uses numbers expressed in dot notation.
read/write (RW) access for the community. Read-only access allows a remote device to retrieve access point information, while read/write access allows a remote device to modify access point settings.
SNMP v3 User Definitions field (if SNMP v3 is used) to add and configure
SNMP v3 user definitions.
SNMP v3 user definitions allow read-only or read/write access to management information as appropriate.
Add
Delete Select Delete to remove an entry for an SNMP v3 user.
Username
Click Add to create a new entry for an SNMP v3 user.
Specify a username by typing an alphanumeric string of up to 31 characters.
System Configuration
Security Level Use the Security Level area to specify a security level of noAuth
(no authorization), AuthNoPriv (authorization without privacy), or AuthPriv (authorization with privacy).
The NoAuth setting specifies no login authorization or encryption for the user.
The AuthNoPriv setting requires login authorization, but no encryption.
The AuthPriv setting requires login authorization and uses the
Data Encryption Standard (DES) protocol.
OID Use the OID (Object Identifier) area to specify a setting of All or
enter a Custom OID. Select All to assign the user access to all OIDs in the MIB. The OID field uses numbers expressed in dot notation.
Passwords Select Passwords to display the Password Settings screen for
specifying authentication and password settings for an SNMP v3 user. The maximum password length is 11 characters. Use the
Authentication Algorithm drop-down menu to specify MD5 or SHA1 as the authentication algorithm. Use the Privacy Algorithm
drop-down menu to define an algorithm of DES or AES-128bit. When entering the same username on the SNMP Traps and
SNMP Access screens, the password entered on the SNMP Traps
page overwrites the password entered on the SNMP Access page. To avoid this problem, enter the same password on both pages.
4-21
Access Use the Access pull-down list to specify read-only (R) access or
read/write (RW) access for a user. Read-only access permits a user
to retrieve allows a user to modify
access point information, while read/write access
access pointsettings.
4. Specify the users who can read and optionally modify the SNMP-capable client.
4-22
AP-51xx Access Point Product Reference Guide
SNMP Access Control Click the SNMP Access Control button to display the SNMP
5. If configuring SNMP v3 user definitions, set the SNMP v3 engine ID.
Access Control screen for specifying which users can read
SNMP-generated information and potentially modify related settings from an SNMP-capable client.
The SNMP Access Control screen's Access Control List (ACL) uses Internet Protocol (IP) addresses to restrict access to the AP’s SNMP interface. The ACL applies to both SNMP v3 user definitions and SNMP v1/v2c community definitions.
For detailed instructions of configuring SNMP user access and modification privileges, see Configuring SNMP Access Control on
page 4-22.
access point SNMP
v3 Engine ID
The access point SNMP v3 Engine ID field lists the unique SNMP v3 Engine ID for the v3 as the source for a trap, response or report. It is also used as the destination ID when sending get, getnext, getbulk, set or inform commands.
access point. This ID is used in SNMP
6. Click Apply to save any changes to the SNMP Access screen. Navigating away from the
screen without clicking the Apply button results in all changes to the screen being lost.
7. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the
settings displayed on the SNMP Access screen to the last saved configuration.
8. Click Logout to securely exit the access point Symbol Access Point applet. A prompt
displays confirming the logout before the applet is closed.
For additional SNMP configuration information, see:
Configuring SNMP Access Control
Enabling SNMP Traps
Configuring Specific SNMP Traps
Configuring SNMP RF Trap Thresholds
4.4.1 Configuring SNMP Access Control
Use the SNMP Access Control screen (as launched from the SNMP Access screen) to specify which users can read SNMP generated information and, if capable, modify related settings from an SNMP-capable client.
System Configuration
Use the SNMP Access Control screen's Access Control List (ACL) to limit, by Internet Protocol (IP) address, who can access the access point SNMP interface.
NOTE The ACL applies to both SNMP v3 user definitions and SNMP v1/v2c
community definitions on the access point SNMP Access screen.
To configure SNMP user access control for the access point:
1. Select System Configuration - > SNMP Access from the access point menu tree. Click on the SNMP Access Control button from within the SNMP Access screen.
4-23
2. Configure the SNMP Access Control screen to add the IP addresses of those users receiving SNMP access.
4-24
AP-51xx Access Point Product Reference Guide
Access Control List Enter Start IP and End IP addresses (numerical addresses only, no
Add Click Add to create a new ACL entry.
Edit Click Edit to revise an existing ACL entry.
Delete Click Delete to remove a selected ACL entry for one or more SNMP
OK Click Ok to return to the SNMP Access screen. Click Apply within
DNS names supported) to specify a range of user that can access the
access point SNMP interface. An SNMP-capable client can be
set up whereby only the administrator (for example) can use a read/ write community definition.
Use just the Starting IP Address column to specify a single SNMP user. Use both the Starting IP Address and Ending IP Address columns to specify a range of addresses for SNMP users.
To add a single IP address to the ACL, enter the same IP address in the Start IP and End IP fields.
Leave the ACL blank to allow access to the SNMP interface from the IP addresses of all authorized users.
users.
the SNMP Access screen to save any changes made on the SNMP Access Control screen.
Cancel Click Cancel to undo any changes made on the SNMP Access
Control screen. This reverts all settings for this screen to the last saved configuration.
4.4.2 Enabling SNMP Traps
SNMP provides the ability to send traps to notify the administrator that trap conditions are met. Traps are network packets containing data relating to network devices, or SNMP agents, that send the traps. SNMP management applications can receive and interpret these packets, and optionally can perform responsive actions. SNMP trap generation is programmable on a trap-by-trap basis.
Use the SNMP Traps Configuration screen to enable traps and to configure appropriate settings for reporting this information. Trap configuration depends on the network machine that receives the generated traps. SNMP v1/v2c and v3 trap configurations function independently. In a mixed SNMP environment, generated traps can be sent using configurations for both SNMP v1/v2c and v3.
To configure SNMP traps on the access point:
System Configuration
1. Select System Configuration - > SNMP Access - > SNMP Trap Configuration from the access point menu tree.
2. Configure the SNMP v1/v2c Trap Configuration field (if SNMP v1/v2c Traps are used) to modify the following:
4-25
Click
Add
Delete Click
Destination IP
Port Specify a destination User Datagram Protocol (UDP) port for
Community Enter a community name specific to the SNMP-capable client that
SNMP Version
Add to create a new SNMP v1/v2c Trap Configuration entry.
Delete to remove a selected SNMP v1/v2c Trap
Configuration entry.
Specify a receiving the traps sent by the
receiving traps. The default is 162.
receives the traps.
Use the SNMP Version drop-down menu to specify v1 or v2. Some SNMP clients support only SNMP v1 traps, while others
support SNMP v2 traps and possibly both, verify the correct traps are in use with clients that support them.
numerical (non DNS name) destination IP address for
access point SNMP agent.
3. Configure the SNMP v3 Trap Configuration field (if SNMP v3 Traps are used) to modify the following:
4-26
AP-51xx Access Point Product Reference Guide
Add Click Add to create a new SNMP v3 Trap Configuration entry.
Delete Select Delete to remove an entry for an SNMP v3 user.
Destination IP
Port Specify a destination User Datagram Protocol (UDP) port for
Username Enter a username specific to the SNMP-capable client receiving
Security Level Use the Security Level drop-down menu to specify a security
Passwords Select Passwords to display the Password Settings screen for
Specify a receiving the traps sent by the
receiving traps.
the traps.
level of noAuth (no authorization), AuthNoPriv (authorization without privacy), or AuthPriv (authorization with privacy).
The “NoAuth” setting specifies no login authorization or encryption for the user. The “AuthNoPriv” setting requires login authorization, but no encryption. The “AuthPriv” setting requires login authorization and uses the Data Encryption Standard (DES).
specifying authentication and password settings for an SNMP v3 user. The maximum password length is 11 characters. Use the
Authentication Algorithm drop-down menu to specify MD5 or SHA1 as the authentication algorithm. Use the Privacy Algorithm
drop-down menu to define an algorithm of DES or AES-128bit. If entering the same username on the SNMP Traps and SNMP Access screens, the password entered on the SNMP Traps page overwrites the password entered on the SNMP Access page. To avoid this problem, enter the same password on both pages.
numerical (non DNS name) destination IP address for
access point SNMP agent.
4. Click Apply to save any changes to the SNMP Trap Configuration screen. Navigating away
from the screen without clicking the Apply button results in all changes to the screen being lost.
5. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the
settings displayed on SNMP Trap Configuration screen to the last saved configuration.
6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt
displays confirming the logout before the applet is closed.
System Configuration
4.4.3 Configuring Specific SNMP Traps
Use the SNMP Traps screen to enable specific traps on the access point. Symbol recommends defining traps to capture unauthorized devices operating within the access point coverage area. Trap configuration depends on the network machine that receives the generated traps. SNMP v1/v2c and v3 trap configurations function independently. In a mixed SNMP environment, traps can be sent using configurations for both SNMP v1/v2c and v3.
To configure specific SNMP traps on the access point:
1. Select System Configuration - > SNMP Access - > SNMP Traps from the access point menu tree.
4-27
2. Configure the MU Traps field to generate traps for MU associations, MU association denials and MU authentication denials. When a trap is enabled, a trap is sent every 10 seconds until the condition no longer exists.
MU associated Generates a trap when an MU becomes associated with one of the
access point’s W L ANs .
MU unassociated Generates a trap when an MU becomes unassociated with (or gets
dropped from) one of the
access point’s W L ANs .
4-28
AP-51xx Access Point Product Reference Guide
MU denied association
MU denied authentication
Generates a trap when an MU is denied association to a access
WLAN. Can be caused when the maximum number of MUs
point
for a WLAN is exceeded or when an MU violates the
’s Access Control List (ACL).
point
Generates a trap when an MU is denied authentication on one of the AP’s WLANs. Can be caused by the MU being set for the wrong authentication type for the WLAN or by an incorrect key or password.
access
3. Configure the SNMP Traps field to generate traps when SNMP capable MUs are denied
authentication privileges or are subject of an ACL violation. When a trap is enabled, a trap is sent every 5 seconds until the condition no longer exists.
SNMP authentication failures
SNMP ACL violation Generates a trap when an SNMP client cannot access SNMP
Generates a trap when an SNMP-capable client is denied access to the
access point’s SNMP management functions or data. This
can result from an incorrect login, or missing/incorrect user credentials.
management functions or data due to an Access Control List (ACL) violation. This can result from a missing/incorrect IP address entered within the SNMP Access Control screen.
4. Configure the Network Traps field to generate traps when the access point’s link status
changes or when the AP’s firewall detects a DOS attack.
Physical port status change
Denial of service (DOS) attempts
Send trap every Defines the interval in seconds the
Generates a trap whenever the status changes on the
. The physical port status changes when a link is lost between
point
the
access point and a connected device.
Generates a trap whenever a Denial of Service (DOS) attack is detected by the specified interval until the attack has stopped.
a trap until the Denial of Service attack is stopped. Default is 10 seconds.
access point firewall. A new trap is sent at the
access point uses to generate
access
5. Configure the System Traps field to generate traps when the access point re-initializes
during transmission, saves its configuration file. When a trap is enabled, a trap is sent every 5 seconds until the condition no longer exists.
System Configuration
4-29
System Cold Start
Configuration Changes
Rogue AP detection
AP Radar detection
WPA Counter Measure
MU Hotspot Status Generates a trap when a change to the status of MU hotspot
Generates a trap when the transmitting, possibly altering the SNMP agent's configuration or protocol entity implementation.
Generates a trap whenever changes to the configuration file are saved.
Generates a trap if a Rogue AP is detected by the
Generates a trap if an AP is detected using a form of radar detection.
Generates a trap if an attack is detected against the WPA Key Exchange Mechanism.
member is detected.
access point re-initializes while
access point’s
access point.
6. Click Apply to save any changes to the SNMP Traps screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
7. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on SNMP Traps screen to the last saved configuration.
8. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
4.4.4 Configuring SNMP RF Trap Thresholds
Use the SNMP RF Trap Threshold screen as a means to track RF activity and the access point’s radio and associated MU performance. SNMP RF Traps are sent when RF traffic exceeds defined limits set in the RF Trap Thresholds field of the SNMP RF Traps screen. Thresholds are displayed for the access point, WLAN, selected radio and the associated MU.
To configure specific SNMP RF Traps on the access point:
1. Select System Configuration - > SNMP Access - > SNMP RF Trap Thresholds from the access point menu tree.
4-30
AP-51xx Access Point Product Reference Guide
2. Configure the RF Trap Thresholds field to define device threshold values for SNMP traps.
NOTE Average Bit Speed,% of Non-Unicast, Average Signal, Average Retries,%
Dropped and % Undecryptable are not access point statistics.
Pkts/s
Throughput Set a maximum threshold for the total throughput in Mbps
Average Bit Speed
Average Signal
Average Retries
% Dropped
Enter a maximum threshold for the total throughput in Pps (Packets per second).
(Megabits per second).
Enter a minimum threshold for the average bit speed in Mbps (Megabits per second).
Enter a minimum threshold for the average signal strength in dBm for each device.
Set a maximum threshold for the average number of retries for each device.
Enter a maximum threshold for the total percentage of packets dropped for each device. Dropped packets can be caused by poor RF signal or interference on the channel.
System Configuration
4-31
% Undecryptable
Associated MUs
Define a maximum threshold for the total percentage of packets undecryptable for each device. Undecryptable packets can be the result of corrupt packets, bad CRC checks or incomplete packets.
Set a maximum threshold for the total number of MUs associated with each device.
3. Configure the Minimum Packets field to define a minimum packet throughput value for trap generation.
Minimum number of packets required for a trap to fire
Enter the minimum number of packets that must pass through the device before an SNMP rate trap is sent. Symbol recommends using the default setting of 1000 as a minimum setting for the field.
4. Click Apply to save any changes to the SNMP RF Traps screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
5. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on SNMP RF Traps screen to the last saved configuration.
6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
4.5 Configuring Network Time Protocol (NTP)
Network Time Protocol (NTP) manages time and/or network clock synchronization in the access point­managed network environment. NTP is a client/server implementation. The access point (an NTP client) periodically synchronizes its clock with a master clock (an NTP server). For example, the access point resets its clock to 07:04:59 upon reading a time of 07:04:59 from its designated NTP server.
Time synchronization is recommended for the access point’s network operations. For sites using Kerberos authentication, time synchronization is required.
Use the Date and Time Settings screen to enable NTP and specify the IP addresses and ports of available NTP servers.
NOTE The current time is not set accurately when initially connecting to the
access point. Until a server is defined to provide the access point the correct time, or the correct time is manually set, the access point displays 1970-01-01 00:00:00 as the default time.
4-32
AP-51xx Access Point Product Reference Guide
To manage clock synchronization on the access point:
1. Select System Configuration - > Date/Time from the access point menu tree.
2. From within the Current Time field, click the Refresh button to update the time since the
screen was displayed by the user.
The Current Time field displays the current time based on the access point system clock. If NTP is disabled or if there are no servers available, the system time displays the access point uptime starting at 1970-01-01 00:00:00, with the time and date advancing.
3. Select the Set Date/Time button to display the Manual Date/Time Setting screen.
This screen enables the user to manually enter the access point’s system time using a Year-Month-Day HH:MM:SS format.
This option is disabled when the Enable NTP checkbox has been selected, and therefore should be viewed as a second means to define the access point system time.
4. If using the Manual Date/Time Setting screen to define the access point’s system time, refer
to the Time Zone field to select the time used to use as complimentary information to the information entered within the Manual Date/Time Setting screen.
5. If using an NTP server to supply system time to the access point, configure the NTP Server
Configuration field to define the server network address information required to acquire
the access point network time.
System Configuration
4-33
Enable NTP on access
point
Preferred Time Server Specify the
First Alternate Time Server
Second Alternate Time Server
Synchronization Interval
Select the Enable NTP on access point checkbox to allow a connection between the NTP servers. A preferred, first alternate and second alternate NTP server cannot be defined unless this checkbox is selected.
Disable this option (uncheck the checkbox) if Kerberos is not in use and time synchronization is not necessary.
access point and one or more specified
numerical (non DNS name) IP address and port of the
primary NTP server. The default port is 123.
Optionally, specify the port of an alternative NTP server to use for time synchronization if the primary NTP server goes down.
Optionally, specify the another NTP server for the greatest assurance of uninterrupted time synchronization.
Define an interval in minutes the its system time with the NTP server. A synchronization interval value from 15 minutes to 65535 minutes can be specified. For implementations using Kerberos, a synchronization interval of 15 minutes (default interval) or sooner is recommended.
numerical (non DNS name) IP address and
numerical (non DNS name) and port of yet
access point uses to synchronize
6. Click Apply to save any changes to the Date and time Settings screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
7. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on Date and Time Settings screen to the last saved configuration.
8. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
4-34
AP-51xx Access Point Product Reference Guide
4.6 Logging Configuration
The access point provides the capability for periodically logging system events that prove useful in assessing the throughput and performance of the access point or troubleshooting problems on the access point managed Local Area Network (LAN). Use the Logging Configuration screen to set the desired logging level (standard syslog levels) and view or save the current access point system log.
To configure event logging for the access point:
1. Select System Configuration - > Logging Configuration from the access point menu
tree.
2. Configure the Log Options field to save event logs, set the log level and optionally port the
access point’s log to an external server.
System Configuration
View Log Click View to save a log of events retained on the access point.
The system displays a prompt requesting the administrator password before saving the log. After the password has been entered, click Get File to display a dialogue with buttons to Open or Save the log.txt file. Click Save and specify a location to save the log file.
Use the WordPad application to view the saved log.txt file on a Microsoft Windows based computer. Do not view the log file using Notepad, as the Notepad application does not properly display the formatting of the in the
access point. While the AP is in operation, log data
temporarily resides in memory. AP memory is completely cleared each time the AP reboots.
Logging Level Use the Logging Level drop-down menu to select the desired log
level for tracking system events. Eight logging levels, (0 to 7) are available. Log Level 6: Info is the These are the standard UNIX/LINUX syslog levels.The levels are as follows:
0 - Emergency 1 - Alert 2 - Critical 3 - Errors 4 - Warning 5 - Notice 6 - Info 7 - Debug
access point log file. Log entries are not saved
access point default log level.
4-35
The
Enable logging to an external syslog server
Syslog server IP address
access point can log events to an external syslog (system log)
server. Select the Enable logging to an external syslog server checkbox to enable the server to listen for incoming syslog messages and decode the messages into a log for viewing.
If the Enable logging to an external syslog server checkbox is selected, the external syslog server is required in order to route the syslog events to that destination.
numerical (non DNS name) IP address of an
3. Click Apply to save any changes to the Logging Configuration screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
4-36
AP-51xx Access Point Product Reference Guide
4. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the
settings displayed on the Logging Configuration screen to the last saved configuration.
5. Click Logout to securely exit the access point Symbol Access Point applet. A prompt
displays confirming the logout before the applet is closed.
4.7 Importing/Exporting Configurations
All of the configuration settings for an access point can be obtained from another access point in the form of a text file. Additionally, all of the access point’s settings can be downloaded to another access point. Use the file-based configuration feature to speed up the setup process significantly at sites using multiple access points.
Another benefit is the opportunity to save the current AP configuration before making significant changes or restoring the default configuration. All options on the access point are deleted and updated by the imported file. Therefore, the imported configuration is not a merge with the configuration of the target access point. The exported file can be edited with any document editor if necessary.
The export function will always export the encrypted Admin User password. The import function will import the Admin Password only if the access point is set to factory default. If the access point is not configured to factory default settings, the Admin User password WILL NOT get imported.
CAUTION A single-radio model access point cannot import/export its
!
Use the Config Import/Export screen to configure an import or export operation for access point configuration settings.
NOTE Use the System Settings screen as necessary to restore an access point
configuration to a dual-radio model access point. In turn, a dual-radio model access point cannot import/export its configuration to a single­radio access point.
default configuration. For more information on restoring configurations, see Configuring System Settings on page 4-2.
System Configuration
CAUTION Symbol discourages importing a 1.0 baseline configuration file to a
!
To create an importable/exportable access point configuration file:
1. Select System Configuration - > Config Import/Export from the access point menu tree.
1.1 version access point. Similarly, a 1.1 baseline configuration file should not be imported to a 1.0 version access point. Importing configuration files between different version access point’s results in broken configurations, since new features added to the 1.1 version access point cannot be supported in a 1.0 version access point.
4-37
2. Configure the FTP and TFTP Import/Export field to import/export configuration settings.
Filename Specify the name of the configuration file to be written to the FTP
or TFTP server.
Server IP Enter the
destination FTP or TFTP server where the configuration file is imported or exported.
Filepath (optional) Defines the optional path name used to import/export the target
configuration file.
FT P Select the FTP radio button if using an FTP server to import or export
the configuration.
numerical (non DNS name) IP address of the
4-38
AP-51xx Access Point Product Reference Guide
TFTP Select the TFTP radio button if using an FTP server to import or
Username Specify a username to be used when logging in to the FTP server. A
Password Define a password allowing access to the FTP server for the import
Import Configuration Click the Import Configuration button to import the configuration
Export Configuration Click the Export Configuration button to export the configuration
export the configuration.
username is not required for TFTP server logins.
or export operation.
file from the server with the assigned filename and login information. The system displays a confirmation window indicating the administrator must log out of the operation completes for the changes to take effect. Click Yes to continue the operation. Click No to cancel the configuration file import.
file from the server with the assigned filename and login information. If the IP mode is set to DHCP Client, IP address information is not exported (true for both LAN1, LAN2 and the WAN port). For LAN1 and LAN2, IP address information is only exported when the IP mode is set to either static or DHCP Server. For the WAN port, IP address information is only exported when the
access point after the
This interface is a DHCP Client checkbox is not selected. For
more information on these settings, see
Configuring the LAN Interface on page 5-1 and Configuring WAN Settings on page 5-14.
The system displays a confirmation window prompting the administrator to log out of the completes for the changes to take effect. Click Yes to continue the operation. Click No to cancel the configuration file export.
access point after the operation
3. Configure the HTTP Import/Export field to import/export access point configuration
settings using HTTP.
CAUTION For HTTP downloads (exports) to be successful, pop-up messages
!
must be disabled.
System Configuration
4-39
Upload and Apply A Configuration File
Download Configuration File
Click the Upload and Apply A Configuration File button to upload a configuration file to this access point using HTTP.
Click the Download Configuration File button to download this access point’s configuration file using HTTP.
4. Refer to the Status field to assess the completion of the import/export operation.
Status After executing an operation (by clicking any of the buttons in the
window), check the Status field for a progress indicator and messages about the success or errors in executing the Import/ Export operation. Possible status messages include:
ambiguous input before marker: line <number > unknown input before marker: line <number> ignored input after marker: line <number> additional input required after marker: line <number> invalid input length: line <number> error reading input: line <number> import file from incompatible hardware type: line <number> [0] Import operation done [1] Export operation done [2] Import operation failed [3] Export operation failed [4] File transfer in progress [5] File transfer failed [6] File transfer done Auto cfg update: Error in applying config Auto cfg update: Error in getting config file Auto cfg update: Aborting due to fw update failure
The <number> value appearing at the end of some messages relates to the line of the configuration file where an error or ambiguous input was detected.
4-40
AP-51xx Access Point Product Reference Guide
CAUTION If errors occur when importing the configuration file, a parsing
!
NOTE Symbol recommends importing configuration files using the CLI. If errors
occur using the CLI, they display all at once and are easier to troubleshoot. The access point GUI displays errors one at a time, and troubleshooting can be a more time-consuming process.
5. Click Apply to save the filename and Server IP information. The Apply button does not
execute the import or export operation, only saves the settings entered.
6. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the
settings displayed on Config Import/Export screen to the last saved configuration.
7. Click Logout to securely exit the access point Symbol Access Point applet. A prompt
displays confirming the logout before the applet is closed.
message displays defining the line number where the error occurred. The configuration is still imported, except for the error. Consequently, it is possible to import an invalid configuration. The user is required to fix the problem and repeat the import operation until an error-free import takes place.
NOTE For a discussion on the implications of replacing an existing Symbol
AP-4131 deployment with an AP-5131 or AP-5181, see
Replacing an AP-4131 with an AP-5131 or AP-5181 on page B-18.
4.8 Updating Device Firmware
Symbol periodically releases updated versions of the access point device firmware to the Symbol Web site. If the access point firmware version displayed on the System Settings page (see
Configuring System Settings on page 4-2) is older than the version on the Web site, Symbol
recommends updating the access point to the latest firmware version for full feature functionality.
The access point’s update feature updates the access point’s firmware and configuration file automatically when the access point is reset or when the access point initiates a DHCP discovery.
The firmware is automatically updated each time firmware versions are found to be different between the access point and the firmware file located on the DHCP/BootP server. If the
System Configuration
configuration file is selected for automatic update, the configuration is automatically updated since the access point is unable to compare the differences between configuration files.
CAUTION If downgrading firmware from a 1.1 to a 1.0 version, the access point
!
For detailed update scenarios involving both a Windows DHCP and a Linux BootP server configuration, see Configuring Automatic Updates using a DHCP or Linux BootP Server Configuration
on page B-1.
CAUTION Loaded and signed CA certificates will be lost when changing the
!
If a firmware update is required, use the Firmware Update screen to specify a filename and define a file location for updating the firmware.
automatically reverts to 1.0 default settings, regardless of whether you are downloading the firmware manually or using the automatic download feature. The automatic feature allows the user to download the configuration file at the same time, but since the firmware reverts to 1.0 default settings, the configuration file is ignored.
access point’s firmware version using either the GUI or CLI. After a certificate has been successfully loaded, export it to a secure location to ensure its availability after a firmware update.
4-41
NOTE The firmware file must be available from an FTP or TFTP site to perform
the update.
CAUTION Make sure a copy of the access point’s configuration is exported
!
To conduct a firmware update on the access point:
1. Export the access point current configuration settings before updating the firmware to have the most recent settings available after the firmware is updated.
Refer to Importing/Exporting Configurations on page 4-36 for instructions on exporting the access point’s current configuration to have it available after the firmware is updated.
2. Select System Configuration - > Firmware Update from the access point menu tree.
before updating the firmware.
4-42
AP-51xx Access Point Product Reference Guide
3. Configure the DHCP Options field to enable automatic firmware and/or configuration file
updates.
DHCP options are used for out-of-the-box rapid deployment for Symbol wireless products. The following are the two DHCP options available on the access point:
• Enable Automatic Firmware Update
• Enable Automatic Configuration Update
These options can be used to update newer firmware and configuration files on the access point. The access point uses DHCP Vendor Specific Option 43 with the following options embedded within it:
Option Code Data Type
TFTP Server Name 181 IP address
Firmware File Name 187 String
Configuration File Name 188 String
The Vendor Class Identifier used is SymbolAP.5131-V1-0
The DHCP Server needs to be configured with the above mentioned vendor specific options and vendor class identifier. The update is conducted over the LAN or WAN port depending on which is the active port at the time the firmware update request is made.
System Configuration
4-43
Enable Automatic Firmware Update
Enable Automatic Configuration Update
Select this checkbox to allow an automatic firmware update each time firmware versions are found to be different between the
access point and the LAN or WAN interface. This option is used
in conjunction with other DHCP options configured on a DHCP server.
Symbol recommends selecting the Enable Automatic
Configuration Update checkbox if auto-updating
firmware, as backing up the recommended before updating device firmware. If this function is disabled, the firmware update is required to be done manually. If this option is enabled, the access point initiates an update any time the access point reboots. If the files located on the DHCP server are different from the existing files on the access point, the files are updated. The default setting is enabled on the WAN port.
Select this checkbox to allow an automatic configuration file update each time the configuration file versions are found to be different between the interface. If this function is disabled, the configuration file update is required to be done manually. If this function is disabled, the firmware update is required to be done manually. If this option is enabled, the access point initiates an update any time the access point reboots. If the files located on the DHCP server are different from the existing files on the access point, the files are updated. The default setting is enabled on the WAN port.
access point configuration is always
access point and the LAN or WAN
access point
Configure the Update Firmware field as required to set a filename and target firmware file upload location for manual firmware updates.
4. Specify the name of the target firmware file within the Filename field.
5. If the target firmware file resides within a directory, specify a complete path for the file within the Filepath(optional) field.
6. Enter an IP address for the FTP or TFTP server used for the update. Only numerical IP address names are supported, no DNS can be used.
7. Select either the FTP or TFTP button to define whether the firmware file resides on a FTP or TFTP server.
8. Set the following FTP or TFTP parameters:
Username - Specify a username for the FTP server login.
Password - Specify a password for FTP server login. Default is symbol.
4-44
AP-51xx Access Point Product Reference Guide
NOTE Click Apply to save the settings before performing the firmware update.
The user is not able to navigate the access point user interface while the firmware update is in process.
9. Click the Perform Update button to initiate the update. Upon confirming the firmware
update, the AP reboots and completes the update.
NOTE The access point must complete the reboot process to successfully update
the device firmware, regardless of whether the reboot is conducted using the GUI or CLI interfaces.
10. After the AP reboots, return to the Firmware Update screen. Check the Status field to verify
whether the firmware update was successful. If an error occurs, one of the following error messages will display:
FAIL: auto fw update check
FAIL: network activity time out
FAIL: firmware check
FAIL: exceed memory limit
FAIL: authentication
FAIL: connection time out
FAIL: control channel error
FAIL: data channel error
FAIL: channel closed unexpected
FAIL: establish data channel
FAIL: accept data channel
FAIL: user interrupted
FAIL: no valid interface found
FAIL: conflict ip address
FAIL: command exchange time out
FAIL: invalid subnet number
11. Confirm the access point configuration is the same as it was before the firmware update. If they are not, restore the settings. Refer to Importing/Exporting Configurations on page 4-36 for instructions on exporting the configuration back to the access point.
System Configuration
12. Click Apply to save the filename and filepath information entered into the Firmware Update
screen. The Apply button does not execute the firmware, only saves the update settings entered.
13. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the
settings displayed on Firmware Update screen to the last saved configuration.
14. Click Logout to securely exit the access point Symbol Access Point applet. A prompt
displays confirming the logout before the applet is closed.
4.8.1 Upgrade/Downgrade Considerations
When upgrading or downgrading access point configurations between the 1.0.0.0-XX (or 1.0.1.0-XX) and 1.1.0.0-XX baselines, the following should be taken into consideration as certain functionalities may not be available to the user after an upgrade/downgrade:
CAUTION Prior to upgrading/downgrading the access point’s configuration,
!
ensure the access point’s current configuration has been exported to a secure location. Having the configuration available is recommended in case errors occur in the upgrade/downgrade process.
4-45
When downgrading from 1.1 to 1.0, the access point is configured to default values.
After a downgrade from 1.1.0.0-XX to 1.0.0.0-XX, WLANs mapped to LAN2 would still be
usable, but now only available on LAN1. Once upgraded back to 1.1.0.0-XX, those WLANs previously available on LAN2 would still be mapped to LAN2.
If downgraded to the 1.0.0.0-XX baseline, and a restore factory defaults function is
performed, only 1.0.0.0-XX default values are restored to their factory default values. The feature set unique to 1.1.0.0-XX can only be restored to factory default when the access point is running 1.1.0.0-XX firmware.
Export either a CA or Self Certificate to a safe and secure location before upgrading or
downgrading your access point firmware. If the certificate is not saved, it will be discarded and not available to the user after the upgrade or downgrade. If discarded, a new certificate request would be required.
NOTE For a discussion on the implications of replacing an existing Symbol
AP-4131 deployment with an AP-5131 or AP-5181, see
Replacing an AP-4131 with an AP-5131 or AP-5181 on page B-18.
4-46
AP-51xx Access Point Product Reference Guide
Network Management
Configuring network management includes configuring network aspects in numerous areas. See the following sections for more information on access point network management:
Configuring the LAN Interface
Configuring WAN Settings
Enabling Wireless LANs (WLANs)
Configuring Router Settings
5.1 Configuring the LAN Interface
The access point has one physical LAN port supporting two unique LAN interfaces. The access point LAN port has its own MAC address. The LAN port MAC address is always the value of the access point WAN port MAC address plus 1. The LAN and WAN port MAC addresses can be located within the LAN and WAN Stats screens.
For information on locating the access point MAC addresses, see
Viewing WAN Statistics on page 7-2 and Viewing LAN Statistics on page 7-6.
5-2
AP-51xx Access Point Product Reference Guide
Use the LAN Configuration screen to enable one (or both) of the access point’s LAN interfaces, assign them names, define which LAN is currently active on the access point Ethernet port and assign a timeout value to disable the LAN connection if no data traffic is detected within a defined interval.
To configure the access point LAN interface:
1. Select Network Configuration -> LAN from the access point menu tree.
2. Configure the LAN Settings field to enable the access point LAN1 and/or LAN2 interface, assign a timeout value, enable 802.1q trunking, configure WLAN mapping and enable
802.1x port authentication.
Enable
LAN Name Use the LAN Name field to modify the existing name of LAN1 and
Select the LAN1 and/or LAN2 checkbox to allow the forwarding of data traffic over the specified LAN connection. The LAN1 connection is enabled by default, but both LAN interfaces can be enabled simultaneously.
LAN2. LAN1 and LAN2 are the default names assigned to the LANs until modified by the user.
Loading...
+ 70 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use