System Configuration 4-19
The access point SNMP agent functions as a command responder and is a multilingual agent responding to SNMPv1, v2c and v3 managers (command generators). The factory default configuration maintains SNMPv1/2c support of the community names, hence providing backward compatibility.
SNMP v1/v2c community definitions and SNMP v3 user definitions work independently, and both use the Access Control List (ACL) of the SNMP Access Control sub-screen.
Use the SNMP Access screen to define SNMP v1/v2c community definitions and SNMP v3 user definitions. SNMP version 1 (v1) provides a strong network management system, but its security is relatively weak. The improvements in SNMP version 2c (v2c) do not include the attempted security enhancements of other version-2 protocols. Instead, SNMP v2c defaults to SNMP-standard community strings for read-only and read/write access. SNMP version 3 (v3) further enhances protocol features, providing much improved security. SNMP v3 encrypts transmissions and provides authentication for users generating requests.
To configure SNMP v1/v2c community definitions and SNMP v3 user definitions for the access point:
1. Select System Configuration - > SNMP Access from the access point menu tree.
SNMP v1/v2c community definitions allow read-only or read/write access to access point management information. The SNMP community includes users whose IP addresses are specified on the SNMP Access Control screen.
A read-only community string allows a remote device to retrieve information, while a read/ write community string allows a remote device to modify settings. Symbol recommends
4-20 AP-51xx Access Point Product Reference Guide
considering adding a community definition using a site-appropriate name and access level. Set up a read/write definition (at a minimum) to facilitate full access by the access point administrator.
2.Configure the SNMP v1/v2 Configuration field (if SNMP v1/v2 is used) to add or delete community definitions, name the community, specify the OID and define community access.
Add |
Click Add to create a new SNMP v1/v2c community definition. |
Delete |
Select Delete to remove a SNMP v1/v2c community definition. |
Community |
Use the Community field to specify a site-appropriate name for |
|
the community. The name is required to match the name used |
|
within the remote network management software. |
OID |
Use the OID (Object Identifier) pull-down list to specify a setting of |
|
All or a enter a Custom OID. Select All to assign the user access to |
|
all OIDs in the MIB. The OID field uses numbers expressed in dot |
|
notation. |
Access |
Use the Access pull-down list to specify read-only (R) access or |
|
read/write (RW) access for the community. Read-only access |
|
allows a remote device to retrieve access point information, while |
|
read/write access allows a remote device to modify access point |
|
settings. |
3.Configure the SNMP v3 User Definitions field (if SNMP v3 is used) to add and configure SNMP v3 user definitions.
SNMP v3 user definitions allow read-only or read/write access to management information as appropriate.
Add |
Click Add to create a new entry for an SNMP v3 user. |
Delete |
Select Delete to remove an entry for an SNMP v3 user. |
Username |
Specify a username by typing an alphanumeric string of up to 31 |
|
characters. |
System Configuration 4-21
Security Level |
Use the Security Level area to specify a security level of noAuth |
|
(no authorization), AuthNoPriv (authorization without privacy), or |
|
AuthPriv (authorization with privacy). |
|
The NoAuth setting specifies no login authorization or encryption |
|
for the user. |
|
The AuthNoPriv setting requires login authorization, but no |
|
encryption. |
|
The AuthPriv setting requires login authorization and uses the |
|
Data Encryption Standard (DES) protocol. |
OID |
Use the OID (Object Identifier) area to specify a setting of All or |
|
enter a Custom OID. Select All to assign the user access to all OIDs |
|
in the MIB. The OID field uses numbers expressed in dot notation. |
Passwords |
Select Passwords to display the Password Settings screen for |
|
specifying authentication and password settings for an SNMP v3 |
|
user. The maximum password length is 11 characters. Use the |
|
Authentication Algorithm drop-down menu to specify MD5 or |
|
SHA1 as the authentication algorithm. Use the Privacy Algorithm |
|
drop-down menu to define an algorithm of DES or AES-128bit. |
|
When entering the same username on the SNMP Traps and |
|
SNMP Access screens, the password entered on the SNMP Traps |
|
page overwrites the password entered on the SNMP Access page. |
|
To avoid this problem, enter the same password on both pages. |
Access |
Use the Access pull-down list to specify read-only (R) access or |
|
read/write (RW) access for a user. Read-only access permits a user |
|
to retrieve access point information, while read/write access |
|
allows a user to modify access pointsettings. |
4. Specify the users who can read and optionally modify the SNMP-capable client.
4-22 AP-51xx Access Point Product Reference Guide
SNMP Access Control Click the SNMP Access Control button to display the SNMP Access Control screen for specifying which users can read SNMP-generated information and potentially modify related settings from an SNMP-capable client.
The SNMP Access Control screen's Access Control List (ACL) uses Internet Protocol (IP) addresses to restrict access to the AP’s SNMP interface. The ACL applies to both SNMP v3 user definitions and SNMP v1/v2c community definitions.
For detailed instructions of configuring SNMP user access and modification privileges, see Configuring SNMP Access Control on page 4-22.
5. If configuring SNMP v3 user definitions, set the SNMP v3 engine ID.
access point SNMP The access point SNMP v3 Engine ID field lists the unique
v3 Engine ID SNMP v3 Engine ID for the access point. This ID is used in SNMP v3 as the source for a trap, response or report. It is also used as the destination ID when sending get, getnext, getbulk, set or inform commands.
6.Click Apply to save any changes to the SNMP Access screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
7.Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the SNMP Access screen to the last saved configuration.
8.Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
For additional SNMP configuration information, see:
•Configuring SNMP Access Control
•Enabling SNMP Traps
•Configuring Specific SNMP Traps
•Configuring SNMP RF Trap Thresholds
4.4.1 Configuring SNMP Access Control
Use the SNMP Access Control screen (as launched from the SNMP Access screen) to specify which users can read SNMP generated information and, if capable, modify related settings from an SNMP-capable client.
System Configuration 4-23
Use the SNMP Access Control screen's Access Control List (ACL) to limit, by Internet Protocol (IP) address, who can access the access point SNMP interface.
NOTE The ACL applies to both SNMP v3 user definitions and SNMP v1/v2c community definitions on the access point SNMP Access screen.
To configure SNMP user access control for the access point:
1.Select System Configuration - > SNMP Access from the access point menu tree. Click on the SNMP Access Control button from within the SNMP Access screen.
2.Configure the SNMP Access Control screen to add the IP addresses of those users receiving SNMP access.
4-24 AP-51xx Access Point Product Reference Guide
Access Control List |
Enter Start IP and End IP addresses (numerical addresses only, no |
|
DNS names supported) to specify a range of user that can access |
|
the access point SNMP interface. An SNMP-capable client can be |
|
set up whereby only the administrator (for example) can use a read/ |
|
write community definition. |
|
Use just the Starting IP Address column to specify a single SNMP |
|
user. Use both the Starting IP Address and Ending IP Address |
|
columns to specify a range of addresses for SNMP users. |
|
To add a single IP address to the ACL, enter the same IP address in |
|
the Start IP and End IP fields. |
|
Leave the ACL blank to allow access to the SNMP interface from |
|
the IP addresses of all authorized users. |
Add |
Click Add to create a new ACL entry. |
Edit |
Click Edit to revise an existing ACL entry. |
Delete |
Click Delete to remove a selected ACL entry for one or more SNMP |
|
users. |
OK |
Click Ok to return to the SNMP Access screen. Click Apply within |
|
the SNMP Access screen to save any changes made on the SNMP |
|
Access Control screen. |
Cancel |
Click Cancel to undo any changes made on the SNMP Access |
|
Control screen. This reverts all settings for this screen to the last |
|
saved configuration. |
4.4.2 Enabling SNMP Traps
SNMP provides the ability to send traps to notify the administrator that trap conditions are met. Traps are network packets containing data relating to network devices, or SNMP agents, that send the traps. SNMP management applications can receive and interpret these packets, and optionally can perform responsive actions. SNMP trap generation is programmable on a trap-by-trap basis.
Use the SNMP Traps Configuration screen to enable traps and to configure appropriate settings for reporting this information. Trap configuration depends on the network machine that receives the generated traps. SNMP v1/v2c and v3 trap configurations function independently. In a mixed SNMP environment, generated traps can be sent using configurations for both SNMP v1/v2c and v3.
To configure SNMP traps on the access point:
System Configuration 4-25
1.Select System Configuration - > SNMP Access - > SNMP Trap Configuration from the access point menu tree.
2.Configure the SNMP v1/v2c Trap Configuration field (if SNMP v1/v2c Traps are used) to modify the following:
Add
Delete
Destination IP
Port
Community
SNMP Version
Click Add to create a new SNMP v1/v2c Trap Configuration entry.
Click Delete to remove a selected SNMP v1/v2c Trap Configuration entry.
Specify a numerical (non DNS name) destination IP address for receiving the traps sent by the access point SNMP agent.
Specify a destination User Datagram Protocol (UDP) port for receiving traps. The default is 162.
Enter a community name specific to the SNMP-capable client that receives the traps.
Use the SNMP Version drop-down menu to specify v1 or v2. Some SNMP clients support only SNMP v1 traps, while others support SNMP v2 traps and possibly both, verify the correct traps are in use with clients that support them.
3.Configure the SNMP v3 Trap Configuration field (if SNMP v3 Traps are used) to modify the following:
4-26 AP-51xx Access Point Product Reference Guide
Add |
Click Add to create a new SNMP v3 Trap Configuration entry. |
Delete |
Select Delete to remove an entry for an SNMP v3 user. |
Destination IP |
Specify a numerical (non DNS name) destination IP address for |
|
receiving the traps sent by the access point SNMP agent. |
Port |
Specify a destination User Datagram Protocol (UDP) port for |
|
receiving traps. |
Username |
Enter a username specific to the SNMP-capable client receiving |
|
the traps. |
Security Level |
Use the Security Level drop-down menu to specify a security |
|
level of noAuth (no authorization), AuthNoPriv (authorization |
|
without privacy), or AuthPriv (authorization with privacy). |
|
The “NoAuth” setting specifies no login authorization or encryption |
|
for the user. The “AuthNoPriv” setting requires login authorization, |
|
but no encryption. The “AuthPriv” setting requires login |
|
authorization and uses the Data Encryption Standard (DES). |
Passwords |
Select Passwords to display the Password Settings screen for |
|
specifying authentication and password settings for an SNMP v3 |
|
user. The maximum password length is 11 characters. Use the |
|
Authentication Algorithm drop-down menu to specify MD5 or |
|
SHA1 as the authentication algorithm. Use the Privacy Algorithm |
|
drop-down menu to define an algorithm of DES or AES-128bit. |
|
If entering the same username on the SNMP Traps and SNMP |
|
Access screens, the password entered on the SNMP Traps page |
|
overwrites the password entered on the SNMP Access page. To |
|
avoid this problem, enter the same password on both pages. |
4.Click Apply to save any changes to the SNMP Trap Configuration screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
5.Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on SNMP Trap Configuration screen to the last saved configuration.
6.Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
System Configuration 4-27
4.4.3 Configuring Specific SNMP Traps
Use the SNMP Traps screen to enable specific traps on the access point. Symbol recommends defining traps to capture unauthorized devices operating within the access point coverage area. Trap configuration depends on the network machine that receives the generated traps. SNMP v1/v2c and v3 trap configurations function independently. In a mixed SNMP environment, traps can be sent using configurations for both SNMP v1/v2c and v3.
To configure specific SNMP traps on the access point:
1.Select System Configuration - > SNMP Access - > SNMP Traps from the access point menu tree.
2.Configure the MU Traps field to generate traps for MU associations, MU association denials and MU authentication denials. When a trap is enabled, a trap is sent every 10 seconds until the condition no longer exists.
MU associated |
Generates a trap when an MU becomes associated with one of the |
|
access point’s WLANs. |
MU unassociated |
Generates a trap when an MU becomes unassociated with (or gets |
|
dropped from) one of the access point’s WLANs. |
4-28 AP-51xx Access Point Product Reference Guide
MU denied |
Generates a trap when an MU is denied association to a access |
association |
point WLAN. Can be caused when the maximum number of MUs |
|
for a WLAN is exceeded or when an MU violates the access |
|
point’s Access Control List (ACL). |
MU denied |
Generates a trap when an MU is denied authentication on one of |
authentication |
the AP’s WLANs. Can be caused by the MU being set for the wrong |
|
authentication type for the WLAN or by an incorrect key or |
|
password. |
3.Configure the SNMP Traps field to generate traps when SNMP capable MUs are denied authentication privileges or are subject of an ACL violation. When a trap is enabled, a trap is sent every 5 seconds until the condition no longer exists.
SNMP authentication failures
Generates a trap when an SNMP-capable client is denied access to the access point’s SNMP management functions or data. This can result from an incorrect login, or missing/incorrect user credentials.
SNMP ACL violation Generates a trap when an SNMP client cannot access SNMP management functions or data due to an Access Control List (ACL) violation. This can result from a missing/incorrect IP address entered within the SNMP Access Control screen.
4.Configure the Network Traps field to generate traps when the access point’s link status changes or when the AP’s firewall detects a DOS attack.
Physical port status change
Denial of service (DOS) attempts
Send trap every
Generates a trap whenever the status changes on the access point. The physical port status changes when a link is lost between the access point and a connected device.
Generates a trap whenever a Denial of Service (DOS) attack is detected by the access point firewall. A new trap is sent at the specified interval until the attack has stopped.
Defines the interval in seconds the access point uses to generate a trap until the Denial of Service attack is stopped. Default is 10 seconds.
5.Configure the System Traps field to generate traps when the access point re-initializes during transmission, saves its configuration file. When a trap is enabled, a trap is sent every 5 seconds until the condition no longer exists.
System Cold Start
Configuration
Changes
Rogue AP detection
AP Radar detection
WPA Counter
Measure
MU Hotspot Status
System Configuration 4-29
Generates a trap when the access point re-initializes while transmitting, possibly altering the SNMP agent's configuration or protocol entity implementation.
Generates a trap whenever changes to the access point’s configuration file are saved.
Generates a trap if a Rogue AP is detected by the access point.
Generates a trap if an AP is detected using a form of radar detection.
Generates a trap if an attack is detected against the WPA Key Exchange Mechanism.
Generates a trap when a change to the status of MU hotspot member is detected.
6.Click Apply to save any changes to the SNMP Traps screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
7.Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on SNMP Traps screen to the last saved configuration.
8.Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
4.4.4Configuring SNMP RF Trap Thresholds
Use the SNMP RF Trap Threshold screen as a means to track RF activity and the access point’s radio and associated MU performance. SNMP RF Traps are sent when RF traffic exceeds defined limits set in the RF Trap Thresholds field of the SNMP RF Traps screen. Thresholds are displayed for the access point, WLAN, selected radio and the associated MU.
To configure specific SNMP RF Traps on the access point:
1.Select System Configuration - > SNMP Access - > SNMP RF Trap Thresholds from the access point menu tree.
4-30 AP-51xx Access Point Product Reference Guide
2. Configure the RF Trap Thresholds field to define device threshold values for SNMP traps.
NOTE Average Bit Speed,% of Non-Unicast, Average Signal, Average Retries,% Dropped and % Undecryptable are not access point statistics.
Pkts/s |
Enter a maximum threshold for the total throughput in Pps (Packets |
|
per second). |
Throughput |
Set a maximum threshold for the total throughput in Mbps |
|
(Megabits per second). |
Average Bit Speed
Average Signal
Average Retries
% Dropped
Enter a minimum threshold for the average bit speed in Mbps (Megabits per second).
Enter a minimum threshold for the average signal strength in dBm for each device.
Set a maximum threshold for the average number of retries for each device.
Enter a maximum threshold for the total percentage of packets dropped for each device. Dropped packets can be caused by poor RF signal or interference on the channel.
% Undecryptable
Associated MUs
System Configuration 4-31
Define a maximum threshold for the total percentage of packets undecryptable for each device. Undecryptable packets can be the result of corrupt packets, bad CRC checks or incomplete packets.
Set a maximum threshold for the total number of MUs associated with each device.
3.Configure the Minimum Packets field to define a minimum packet throughput value for trap generation.
Minimum number of Enter the minimum number of packets that must pass through the
packets required for a device before an SNMP rate trap is sent. Symbol recommends trap to fire using the default setting of 1000 as a minimum setting for the field.
4.Click Apply to save any changes to the SNMP RF Traps screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
5.Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on SNMP RF Traps screen to the last saved configuration.
6.Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
4.5Configuring Network Time Protocol (NTP)
Network Time Protocol (NTP) manages time and/or network clock synchronization in the access pointmanaged network environment. NTP is a client/server implementation. The access point (an NTP client) periodically synchronizes its clock with a master clock (an NTP server). For example, the access point resets its clock to 07:04:59 upon reading a time of 07:04:59 from its designated NTP server.
Time synchronization is recommended for the access point’s network operations. For sites using Kerberos authentication, time synchronization is required.
Use the Date and Time Settings screen to enable NTP and specify the IP addresses and ports of available NTP servers.
NOTE The current time is not set accurately when initially connecting to the access point. Until a server is defined to provide the access point the correct time, or the correct time is manually set, the access point displays 1970-01-01 00:00:00 as the default time.
4-32 AP-51xx Access Point Product Reference Guide
To manage clock synchronization on the access point:
1. Select System Configuration - > Date/Time from the access point menu tree.
2.From within the Current Time field, click the Refresh button to update the time since the screen was displayed by the user.
The Current Time field displays the current time based on the access point system clock. If NTP is disabled or if there are no servers available, the system time displays the access point uptime starting at 1970-01-01 00:00:00, with the time and date advancing.
3.Select the Set Date/Time button to display the Manual Date/Time Setting screen.
This screen enables the user to manually enter the access point’s system time using a Year-Month-Day HH:MM:SS format.
This option is disabled when the Enable NTP checkbox has been selected, and therefore should be viewed as a second means to define the access point system time.
4.If using the Manual Date/Time Setting screen to define the access point’s system time, refer to the Time Zone field to select the time used to use as complimentary information to the information entered within the Manual Date/Time Setting screen.
5.If using an NTP server to supply system time to the access point, configure the NTP Server Configuration field to define the server network address information required to acquire the access point network time.
System Configuration 4-33
Enable NTP on access |
Select the Enable NTP on access point checkbox to allow a |
point |
connection between the access point and one or more specified |
|
NTP servers. A preferred, first alternate and second alternate NTP |
|
server cannot be defined unless this checkbox is selected. |
|
Disable this option (uncheck the checkbox) if Kerberos is not in use |
|
and time synchronization is not necessary. |
Preferred Time Server |
Specify the numerical (non DNS name) IP address and port of the |
|
primary NTP server. The default port is 123. |
First Alternate Time |
Optionally, specify the numerical (non DNS name) IP address and |
Server |
port of an alternative NTP server to use for time synchronization if |
|
the primary NTP server goes down. |
Second Alternate |
Optionally, specify the numerical (non DNS name) and port of yet |
Time Server |
another NTP server for the greatest assurance of uninterrupted |
|
time synchronization. |
Synchronization |
Define an interval in minutes the access point uses to synchronize |
Interval |
its system time with the NTP server. A synchronization interval |
|
value from 15 minutes to 65535 minutes can be specified. For |
|
implementations using Kerberos, a synchronization interval of 15 |
|
minutes (default interval) or sooner is recommended. |
6.Click Apply to save any changes to the Date and time Settings screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
7.Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on Date and Time Settings screen to the last saved configuration.
8.Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
4-34 AP-51xx Access Point Product Reference Guide
4.6 Logging Configuration
The access point provides the capability for periodically logging system events that prove useful in assessing the throughput and performance of the access point or troubleshooting problems on the access point managed Local Area Network (LAN). Use the Logging Configuration screen to set the desired logging level (standard syslog levels) and view or save the current access point system log.
To configure event logging for the access point:
1.Select System Configuration - > Logging Configuration from the access point menu tree.
2.Configure the Log Options field to save event logs, set the log level and optionally port the access point’s log to an external server.
View Log
Logging Level
Enable logging to an external syslog server
System Configuration 4-35
Click View to save a log of events retained on the access point. The system displays a prompt requesting the administrator password before saving the log. After the password has been entered, click Get File to display a dialogue with buttons to Open or Save the log.txt file. Click Save and specify a location to save the log file.
Use the WordPad application to view the saved log.txt file on a Microsoft Windows based computer. Do not view the log file using Notepad, as the Notepad application does not properly display the formatting of the access point log file. Log entries are not saved in the access point. While the AP is in operation, log data temporarily resides in memory. AP memory is completely cleared each time the AP reboots.
Use the Logging Level drop-down menu to select the desired log level for tracking system events. Eight logging levels, (0 to 7) are available. Log Level 6: Info is the access point default log level. These are the standard UNIX/LINUX syslog levels.The levels are as follows:
0 - Emergency
1 - Alert
2 - Critical
3 - Errors
4 - Warning
5 - Notice
6 - Info
7 - Debug
The access point can log events to an external syslog (system log) server. Select the Enable logging to an external syslog server checkbox to enable the server to listen for incoming syslog messages and decode the messages into a log for viewing.
Syslog server IP |
If the Enable logging to an external syslog server checkbox is |
address |
selected, the numerical (non DNS name) IP address of an |
|
external syslog server is required in order to route the syslog events |
|
to that destination. |
3.Click Apply to save any changes to the Logging Configuration screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
4-36 AP-51xx Access Point Product Reference Guide
4.Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Logging Configuration screen to the last saved configuration.
5.Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
4.7Importing/Exporting Configurations
All of the configuration settings for an access point can be obtained from another access point in the form of a text file. Additionally, all of the access point’s settings can be downloaded to another access point. Use the file-based configuration feature to speed up the setup process significantly at sites using multiple access points.
Another benefit is the opportunity to save the current AP configuration before making significant changes or restoring the default configuration. All options on the access point are deleted and updated by the imported file. Therefore, the imported configuration is not a merge with the configuration of the target access point. The exported file can be edited with any document editor if necessary.
The export function will always export the encrypted Admin User password. The import function will import the Admin Password only if the access point is set to factory default. If the access point is not configured to factory default settings, the Admin User password WILL NOT get imported.
CAUTION A single-radio model access point cannot import/export its
! configuration to a dual-radio model access point. In turn, a dual-radio model access point cannot import/export its configuration to a singleradio access point.
Use the Config Import/Export screen to configure an import or export operation for access point configuration settings.
NOTE Use the System Settings screen as necessary to restore an access point default configuration. For more information on restoring configurations, see Configuring System Settings on page 4-2.
System Configuration 4-37
CAUTION Symbol discourages importing a 1.0 baseline configuration file to a ! 1.1 version access point. Similarly, a 1.1 baseline configuration file
should not be imported to a 1.0 version access point. Importing configuration files between different version access point’s results in broken configurations, since new features added to the 1.1 version access point cannot be supported in a 1.0 version access point.
To create an importable/exportable access point configuration file:
1. Select System Configuration - > Config Import/Export from the access point menu tree.
2. Configure the FTP and TFTP Import/Export field to import/export configuration settings.
Filename |
Specify the name of the configuration file to be written to the FTP |
|
or TFTP server. |
Server IP |
Enter the numerical (non DNS name) IP address of the |
|
destination FTP or TFTP server where the configuration file is |
|
imported or exported. |
Filepath (optional) |
Defines the optional path name used to import/export the target |
|
configuration file. |
FTP |
Select the FTP radio button if using an FTP server to import or export |
|
the configuration. |
4-38 AP-51xx Access Point Product Reference Guide
TFTP |
Select the TFTP radio button if using an FTP server to import or |
|
export the configuration. |
Username |
Specify a username to be used when logging in to the FTP server. A |
|
username is not required for TFTP server logins. |
Password |
Define a password allowing access to the FTP server for the import |
|
or export operation. |
Import Configuration |
Click the Import Configuration button to import the configuration |
|
file from the server with the assigned filename and login |
|
information. The system displays a confirmation window indicating |
|
the administrator must log out of the access point after the |
|
operation completes for the changes to take effect. Click Yes to |
|
continue the operation. Click No to cancel the configuration file |
|
import. |
Export Configuration |
Click the Export Configuration button to export the configuration |
|
file from the server with the assigned filename and login |
|
information. If the IP mode is set to DHCP Client, IP address |
|
information is not exported (true for both LAN1, LAN2 and the |
|
WAN port). For LAN1 and LAN2, IP address information is only |
|
exported when the IP mode is set to either static or DHCP Server. |
|
For the WAN port, IP address information is only exported when the |
|
This interface is a DHCP Client checkbox is not selected. For |
|
more information on these settings, see |
|
Configuring the LAN Interface on page 5-1 and |
|
Configuring WAN Settings on page 5-14. |
|
The system displays a confirmation window prompting the |
|
administrator to log out of the access point after the operation |
|
completes for the changes to take effect. Click Yes to continue the |
|
operation. Click No to cancel the configuration file export. |
3.Configure the HTTP Import/Export field to import/export access point configuration settings using HTTP.
|
CAUTION For HTTP downloads (exports) to be successful, pop-up messages |
! |
must be disabled. |
|
|
|
|
System Configuration 4-39
Upload and Apply A |
Click the Upload and Apply A Configuration File button to |
Configuration File |
upload a configuration file to this access point using HTTP. |
Download |
Click the Download Configuration File button to download this |
Configuration File |
access point’s configuration file using HTTP. |
4. Refer to the Status field to assess the completion of the import/export operation.
Status |
After executing an operation (by clicking any of the buttons in the |
|
window), check the Status field for a progress indicator and |
|
messages about the success or errors in executing the Import/ |
|
Export operation. Possible status messages include: |
|
ambiguous input before marker: line <number > |
|
unknown input before marker: line <number> |
|
ignored input after marker: line <number> |
|
additional input required after marker: line <number> |
|
invalid input length: line <number> |
|
error reading input: line <number> |
|
import file from incompatible hardware type: line <number> |
|
[0] Import operation done |
|
[1] Export operation done |
|
[2] Import operation failed |
|
[3] Export operation failed |
|
[4] File transfer in progress |
|
[5] File transfer failed |
|
[6] File transfer done |
|
Auto cfg update: Error in applying config |
|
Auto cfg update: Error in getting config file |
|
Auto cfg update: Aborting due to fw update failure |
|
The <number> value appearing at the end of some messages |
|
relates to the line of the configuration file where an error or |
|
ambiguous input was detected. |
4-40 AP-51xx Access Point Product Reference Guide
CAUTION If errors occur when importing the configuration file, a parsing
! message displays defining the line number where the error occurred. The configuration is still imported, except for the error. Consequently, it is possible to import an invalid configuration. The user is required to fix the problem and repeat the import operation until an error-free import takes place.
NOTE Symbol recommends importing configuration files using the CLI. If errors occur using the CLI, they display all at once and are easier to troubleshoot. The access point GUI displays errors one at a time, and troubleshooting can be a more time-consuming process.
5.Click Apply to save the filename and Server IP information. The Apply button does not execute the import or export operation, only saves the settings entered.
6.Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on Config Import/Export screen to the last saved configuration.
7.Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
NOTE For a discussion on the implications of replacing an existing Symbol
AP-4131 deployment with an AP-5131 or AP-5181, see
Replacing an AP-4131 with an AP-5131 or AP-5181 on page B-18.
4.8 Updating Device Firmware
Symbol periodically releases updated versions of the access point device firmware to the Symbol Web site. If the access point firmware version displayed on the System Settings page (see Configuring System Settings on page 4-2) is older than the version on the Web site, Symbol recommends updating the access point to the latest firmware version for full feature functionality.
The access point’s update feature updates the access point’s firmware and configuration file automatically when the access point is reset or when the access point initiates a DHCP discovery.
The firmware is automatically updated each time firmware versions are found to be different between the access point and the firmware file located on the DHCP/BootP server. If the
System Configuration 4-41
configuration file is selected for automatic update, the configuration is automatically updated since the access point is unable to compare the differences between configuration files.
CAUTION If downgrading firmware from a 1.1 to a 1.0 version, the access point ! automatically reverts to 1.0 default settings, regardless of whether
you are downloading the firmware manually or using the automatic download feature. The automatic feature allows the user to download the configuration file at the same time, but since the firmware reverts to 1.0 default settings, the configuration file is ignored.
For detailed update scenarios involving both a Windows DHCP and a Linux BootP server configuration, see Configuring Automatic Updates using a DHCP or Linux BootP Server Configuration on page B-1.
CAUTION Loaded and signed CA certificates will be lost when changing the ! access point’s firmware version using either the GUI or CLI. After a
certificate has been successfully loaded, export it to a secure location to ensure its availability after a firmware update.
If a firmware update is required, use the Firmware Update screen to specify a filename and define a file location for updating the firmware.
NOTE The firmware file must be available from an FTP or TFTP site to perform the update.
|
CAUTION Make sure a copy of the access point’s configuration is exported |
! |
before updating the firmware. |
To conduct a firmware update on the access point:
1.Export the access point current configuration settings before updating the firmware to have the most recent settings available after the firmware is updated.
Refer to Importing/Exporting Configurations on page 4-36 for instructions on exporting the access point’s current configuration to have it available after the firmware is updated.
2.Select System Configuration - > Firmware Update from the access point menu tree.
4-42 AP-51xx Access Point Product Reference Guide
3.Configure the DHCP Options field to enable automatic firmware and/or configuration file updates.
DHCP options are used for out-of-the-box rapid deployment for Symbol wireless products. The following are the two DHCP options available on the access point:
•Enable Automatic Firmware Update
•Enable Automatic Configuration Update
These options can be used to update newer firmware and configuration files on the access point. The access point uses DHCP Vendor Specific Option 43 with the following options embedded within it:
|
Option Code |
Data Type |
TFTP Server Name |
181 |
IP address |
Firmware File Name |
187 |
String |
Configuration File Name |
188 |
String |
The Vendor Class Identifier used is SymbolAP.5131-V1-0
The DHCP Server needs to be configured with the above mentioned vendor specific options and vendor class identifier. The update is conducted over the LAN or WAN port depending on which is the active port at the time the firmware update request is made.
System Configuration 4-43
Enable Automatic Select this checkbox to allow an automatic firmware update each Firmware Update time firmware versions are found to be different between the
access point and the LAN or WAN interface. This option is used in conjunction with other DHCP options configured on a DHCP server.
Symbol recommends selecting the Enable Automatic Configuration Update checkbox if auto-updating access point firmware, as backing up the access point configuration is always recommended before updating device firmware. If this function is disabled, the firmware update is required to be done manually. If this option is enabled, the access point initiates an update any time the access point reboots. If the files located on the DHCP server are different from the existing files on the access point, the files are updated. The default setting is enabled on the WAN port.
Enable Automatic Select this checkbox to allow an automatic configuration file Configuration Update update each time the configuration file versions are found to be
different between the access point and the LAN or WAN interface. If this function is disabled, the configuration file update is required to be done manually. If this function is disabled, the firmware update is required to be done manually. If this option is enabled, the access point initiates an update any time the access point reboots. If the files located on the DHCP server are different from the existing files on the access point, the files are updated. The default setting is enabled on the WAN port.
Configure the Update Firmware field as required to set a filename and target firmware file upload location for manual firmware updates.
4.Specify the name of the target firmware file within the Filename field.
5.If the target firmware file resides within a directory, specify a complete path for the file within the Filepath(optional) field.
6.Enter an IP address for the FTP or TFTP server used for the update. Only numerical IP address names are supported, no DNS can be used.
7.Select either the FTP or TFTP button to define whether the firmware file resides on a FTP or TFTP server.
8.Set the following FTP or TFTP parameters:
•Username - Specify a username for the FTP server login.
•Password - Specify a password for FTP server login. Default is symbol.
4-44 AP-51xx Access Point Product Reference Guide
NOTE Click Apply to save the settings before performing the firmware update. The user is not able to navigate the access point user interface while the firmware update is in process.
9.Click the Perform Update button to initiate the update. Upon confirming the firmware update, the AP reboots and completes the update.
NOTE The access point must complete the reboot process to successfully update the device firmware, regardless of whether the reboot is conducted using the GUI or CLI interfaces.
10.After the AP reboots, return to the Firmware Update screen. Check the Status field to verify whether the firmware update was successful. If an error occurs, one of the following error messages will display:
FAIL: auto fw update check FAIL: network activity time out FAIL: firmware check
FAIL: exceed memory limit FAIL: authentication
FAIL: connection time out FAIL: control channel error FAIL: data channel error
FAIL: channel closed unexpected FAIL: establish data channel FAIL: accept data channel
FAIL: user interrupted
FAIL: no valid interface found FAIL: conflict ip address
FAIL: command exchange time out FAIL: invalid subnet number
11.Confirm the access point configuration is the same as it was before the firmware update. If they are not, restore the settings. Refer to Importing/Exporting Configurations on page 4-36 for instructions on exporting the configuration back to the access point.
System Configuration 4-45
12.Click Apply to save the filename and filepath information entered into the Firmware Update screen. The Apply button does not execute the firmware, only saves the update settings entered.
13.Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on Firmware Update screen to the last saved configuration.
14.Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
4.8.1Upgrade/Downgrade Considerations
When upgrading or downgrading access point configurations between the 1.0.0.0-XX (or 1.0.1.0-XX) and 1.1.0.0-XX baselines, the following should be taken into consideration as certain functionalities may not be available to the user after an upgrade/downgrade:
CAUTION Prior to upgrading/downgrading the access point’s configuration,
! ensure the access point’s current configuration has been exported to a secure location. Having the configuration available is recommended in case errors occur in the upgrade/downgrade process.
•When downgrading from 1.1 to 1.0, the access point is configured to default values.
•After a downgrade from 1.1.0.0-XX to 1.0.0.0-XX, WLANs mapped to LAN2 would still be usable, but now only available on LAN1. Once upgraded back to 1.1.0.0-XX, those WLANs previously available on LAN2 would still be mapped to LAN2.
•If downgraded to the 1.0.0.0-XX baseline, and a restore factory defaults function is performed, only 1.0.0.0-XX default values are restored to their factory default values. The feature set unique to 1.1.0.0-XX can only be restored to factory default when the access point is running 1.1.0.0-XX firmware.
•Export either a CA or Self Certificate to a safe and secure location before upgrading or downgrading your access point firmware. If the certificate is not saved, it will be discarded and not available to the user after the upgrade or downgrade. If discarded, a new certificate request would be required.
NOTE For a discussion on the implications of replacing an existing Symbol AP-4131 deployment with an AP-5131 or AP-5181, see
Replacing an AP-4131 with an AP-5131 or AP-5181 on page B-18.
4-46 AP-51xx Access Point Product Reference Guide
Network Management
Configuring network management includes configuring network aspects in numerous areas. See the following sections for more information on access point network management:
•Configuring the LAN Interface
•Configuring WAN Settings
•Enabling Wireless LANs (WLANs)
•Configuring Router Settings
5.1Configuring the LAN Interface
The access point has one physical LAN port supporting two unique LAN interfaces. The access point LAN port has its own MAC address. The LAN port MAC address is always the value of the access point WAN port MAC address plus 1. The LAN and WAN port MAC addresses can be located within the LAN and WAN Stats screens.
For information on locating the access point MAC addresses, see
Viewing WAN Statistics on page 7-2 and Viewing LAN Statistics on page 7-6.
5-2 AP-51xx Access Point Product Reference Guide
Use the LAN Configuration screen to enable one (or both) of the access point’s LAN interfaces, assign them names, define which LAN is currently active on the access point Ethernet port and assign a timeout value to disable the LAN connection if no data traffic is detected within a defined interval.
To configure the access point LAN interface:
1. Select Network Configuration -> LAN from the access point menu tree.
2.Configure the LAN Settings field to enable the access point LAN1 and/or LAN2 interface, assign a timeout value, enable 802.1q trunking, configure WLAN mapping and enable 802.1x port authentication.
Enable
LAN Name
Select the LAN1 and/or LAN2 checkbox to allow the forwarding of data traffic over the specified LAN connection. The LAN1 connection is enabled by default, but both LAN interfaces can be enabled simultaneously.
Use the LAN Name field to modify the existing name of LAN1 and LAN2. LAN1 and LAN2 are the default names assigned to the LANs until modified by the user.