Cisco WAP200 Administration Guide

Cisco WAP200 - Small Business Wireless-G Access Point Manual

Get Cisco WAP200 - Small Business Wireless-G Access Point PDF manuals and user guides
UPC - 745883574452
View all Cisco WAP200 manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco WAP200 manual content summary:

  • Cisco WAP200 | Administration Guide - Page 1
    WAP-200 Administrator's Guide
  • Cisco WAP200 | Administration Guide - Page 2
    the tag line The Intelligent Wireless Networking Choice and TriPlane are the service marks, trademarks, registered trademarks, or registered service marks download the most up-to-date product information from the Colubris Networks website. Go to www.colubris.com and on the home page select Support
  • Cisco WAP200 | Administration Guide - Page 3
    -building connections 58 Guidelines 59 Setting up a wireless link 60 VLAN support 62 Creating VLANs 62 Default VLAN 63 Assigning traffic to VLANs 63 VLAN bridging 63 Firmware management 64 Manual update 64 Scheduled install 65 Using cURL 65 Configuration management 66 Manual management
  • Cisco WAP200 | Administration Guide - Page 4
    4
  • Cisco WAP200 | Administration Guide - Page 5
    Introduction Chapter 1 Introduction In this chapter you can find an explanation of the conventions used in this manual, an overview of the hardware, and instructions on how to power-up the WAP-200 wireless client bridge.
  • Cisco WAP200 | Administration Guide - Page 6
    Chapter 1 Introduction Chapter 1 About this guide This manual shows you how to install, configure, and operate the Colubris® Networks WAP-200 wireless access point. Important terms Term MSC Customer Description Refers to all Colubris Networks MSC-3000 series and MSC-5000 series products. The
  • Cisco WAP200 | Administration Guide - Page 7
    Chapter 1 Introduction Chapter 1 RRelated documentation For information on related documentation, see the Colubris Networks Technical Documentation Road Map, available on the Colubris Networks Documentation CD and for download on the Colubris Networks web site. 7
  • Cisco WAP200 | Administration Guide - Page 8
    . Front and rear panels The following figures show the front and rear panels of the WAP-200. Front panel 5 volts Port 1 802.3af 10101 Reset Power Ethernet Wireless light light light Power connector Rear panel Serial port Reset button Antenna connector MAIN Antenna connector AUX 8
  • Cisco WAP200 | Administration Guide - Page 9
    -200 has a single Ethernet port. By default the WAP-200 is configured to operate as a DHCP client to set the address of port 1. If a DHCP server is not found connected to Port 1, the address 192.168.1.1 is assigned to Port 1 and the wireless port. Note: Do not connect the Ethernet ports directly to
  • Cisco WAP200 | Administration Guide - Page 10
    Resetting the WAP-200 to factory defaults deletes all your configuration settings, resets the Administrator username and password to 'admin', and sets the IP address of Port 1 via DHCP. If a DHCP server is not found connected to Port 1, the address 192.168.1.1 is assigned to Port 1 and the wireless
  • Cisco WAP200 | Administration Guide - Page 11
    Networks supplied PoE injectors (available separately) cannot be installed inside the plenum. Configuring the Before attaching the WAP-200 to your network, Colubris recommends that you start the WAP-200 management tool and define basic configuration settings as outlined in the quick start guide
  • Cisco WAP200 | Administration Guide - Page 12
    . Installers and end users must be provided with operating instructions and antenna installation conditions for satisfying RF exposure compliance requirements. Canada- Industry Canada (IC) This device complies with RSS 210 of Industry Canada. Cet appareil numérique de la classe B est conforme aux
  • Cisco WAP200 | Administration Guide - Page 13
    limits for a Class B digital device, user is encouraged to try to correct the interference by one or more of the following measures: • Reorient or relocate the receiving antenna • Increase the distance between the WAP-200 and the receiver • Connect Networks products must be set to the correct country
  • Cisco WAP200 | Administration Guide - Page 14
    Chapter 1 Introduction Chapter 1 Las unidades Colubris Networks vendidas en Europa usan una técnica llamada Selección dinámica de frecuencias (Dynamic Frequency Selection, DFS) para seleccionar automaticamente un canal de operación. El Instituto Europeo de Normas de Telecomunicaciones (European
  • Cisco WAP200 | Administration Guide - Page 15
    sono contrassegnati di seguito. 1313 Important Notice Low power radio LAN product operating in 5 GHz band User Guide) per avere informazione dettagliata sulle restrizioni. Information for the user This document provides regulatory information for the following product: WAP-200. These are wireless
  • Cisco WAP200 | Administration Guide - Page 16
    from deliberations of panels and committees of scientists who continually review and interpret the extensive research literature. In some situations or other devices or services is perceived or identified as harmful If you are uncertain about the policy that applies to the use of wireless devices in
  • Cisco WAP200 | Administration Guide - Page 17
    in the 2.4 GHz ISM band • 301 893 V1.2.3 5 GHz high performance RLAN • EN 301 489-1 V1.4.1 EMC Standard for radio equipment and services; Part 1 • EN 301 489-17 V1.2.1 EMC Standard for radio equipment and services; Part 17; Specific conditions for 2.4 GHz wideband transmission systems and 5 GHz
  • Cisco WAP200 | Administration Guide - Page 18
    Chapter 1 Introduction Chapter 1 18
  • Cisco WAP200 | Administration Guide - Page 19
    How it works Chapter 2 How it works This chapter describes the most important features of the WAP-200 and explains how it can be used to address your most important wireless connectivity challenges. The WAP-200 provides support for all MultiService Access Point (MAP) features, with the following
  • Cisco WAP200 | Administration Guide - Page 20
    WL AN PUBLIC WL AN PUBLIC WL AN Wireless bridge Reset PUBLIC WL AN The WAP-200 uses the services of an access controller-such as a Colubris Networks MultiService Controller-to manage customer logins to the public access network. In most setups the access controller uses a RADIUS server to store
  • Cisco WAP200 | Administration Guide - Page 21
    . Corporate Backbone RADIUS server Backbone LAN Reset Reset Reset PUBLIC WL AN PUBLIC WL AN PUBLIC WL AN Wireless bridge Reset PUBLIC WL AN In this type of scenario, the WAP-200 provides wireless access to users of a corporate network. The WAP-200 supports 802.1x/WPA and WEP security
  • Cisco WAP200 | Administration Guide - Page 22
    station for wireless access Install and configure the wireless adapter in the management station according to the directions that came with it. During installation ensure that • Encryption is disabled • TCP/IP is installed and configured with addressing set to DHCP • SSID is set to Colubris
  • Cisco WAP200 | Administration Guide - Page 23
    Chapter 2 How it works Chapter 2 Administrator account Administrator password Access to the Management Tool is protected by a username and password. The factory default setting for both is admin. Colubris Networks recommends that you change both on the Management tool configuration page, which
  • Cisco WAP200 | Administration Guide - Page 24
    Chapter 2 How it works Chapter 2 • Click Save. 24
  • Cisco WAP200 | Administration Guide - Page 25
    Chapter 2 How it works Chapter 2 Security The Management Tool is protected by the following Tool, administrators must accept a Colubris Networks certificate. You can replace this certificate with your own. • Port blocking-Access to the Management Tool can be explicitly enabled or disabled for
  • Cisco WAP200 | Administration Guide - Page 26
    2 How it works Chapter 2 Virtual service communities The WAP-200 enables you to create up to 16 virtual service communities (VSCs), each with its own configuration settings. Each VSC is a distinct entity and can provide its own wireless network with its own SSID, user authentication settings, QoS
  • Cisco WAP200 | Administration Guide - Page 27
    Chapter 2 How it works Chapter 2 27
  • Cisco WAP200 | Administration Guide - Page 28
    Chapter 2 How it works Chapter 2 If under General you enable Use Colubris access controller, only the options shown in the following figure are available. For complete descriptions of all VSC settings, see the following sections. 28
  • Cisco WAP200 | Administration Guide - Page 29
    stations in low-power mode wake up every 500 ms (0.5 seconds) to receive multicast traffic. Permit traffic exchange between wireless clients Use this option to control traffic exchange between wireless clients on the WLAN. • No: Blocks all inter-client communications. Default setting. • 802.1x: Only
  • Cisco WAP200 | Administration Guide - Page 30
    can only be used if both radios are operating in the same wireless mode (a/b/g). Maximum rate Set the maximum transmission rate that clients stations must respect in order to connect with this SSID. Clients stations that attempt to associate at a higher data rate will be refused. Select the Highest
  • Cisco WAP200 | Administration Guide - Page 31
    Chapter 2 How it works Chapter 2 Broadcast WLAN name (SSID) When this option is enabled, the WAP-200 will broadcast its wireless network name (SSID) to all client stations. Most wireless adapter cards have a setting that enables them to automatically discover access points that broadcast their
  • Cisco WAP200 | Administration Guide - Page 32
    filter definitions The following filter definitions are defined by default. Incoming wireless traffic filters Applies to traffic sent from wireless client stations to the WAP-200. Accepted • Any IP traffic addressed to the access controller. • PPPoE traffic (The PPPoe server must be the upstream
  • Cisco WAP200 | Administration Guide - Page 33
    and must communicate with the RADIUS server or access controller to validate login credentials. Therefore, the RADIUS server or access controller must be reachable. WPA This option enables support for users with WPA client software. Mode Select the WPA mode that the WAP-200 will use. • WPA (TKIP
  • Cisco WAP200 | Administration Guide - Page 34
    software. The WAP-200 supports 802.1x client software that uses EAP-TLS, EAP-TTLS, EAP-SIM, and PEAP. Note: Colubris Networks recommends that you do not use 802.1x unless you enable WEP encryption. RADIUS profile Select the RADIUS profile the WAP-200 will use to validate user logins. Select Access
  • Cisco WAP200 | Administration Guide - Page 35
    is enabled, wireless stations that do not support encryption cannot configurable, it is possible to use a different RADIUS server for each one. To successfully authenticate a client station, an account must be created on the RADIUS server with both username and password set to the MAC address
  • Cisco WAP200 | Administration Guide - Page 36
    controller is enabled under General. This feature enables you to control logins to the public access network based on the wireless access point to which a customer is connected. For details see the documentation that came with the access controller you are using. Group name Specify a group name for
  • Cisco WAP200 | Administration Guide - Page 37
    default gateway. However, to successfully connect to the access controller, you must define settings as follows: 1. Select the Security > Access controller. The Access controller page opens. Note: If DHCP is not used to set the default gateway address, you can specify the MAC address of the access
  • Cisco WAP200 | Administration Guide - Page 38
    Chapter 2 How it works Chapter 2 2. Click the Colubris Networks profile to edit it. The Add/Edit Virtual Service Communities page opens-see page 26. 3. Under Wireless security filters, Restrict wireless traffic to, • Select MAC address • In the field that then appears, enter the MAC address of the
  • Cisco WAP200 | Administration Guide - Page 39
    enables you to control logins to the public access network based on the wireless access point a customer is connected to. When a customer attempts to login to the public access network, the access controller sets the Called-Station-ID in the RADIUS access request to the MAC address of the WAP-200
  • Cisco WAP200 | Administration Guide - Page 40
    Chapter 2 How it works Chapter 2 The Authentication settings page enables you to specify the following global (EAPOL) packet before resending it. Default is 3 seconds. If wireless client stations are configured to manually enter an 802.1x username or password or both, you must increase the
  • Cisco WAP200 | Administration Guide - Page 41
    Chapter 2 How it works Chapter 2 MAC + 802.1x Not Mandatory MAC + 802.1x Mandatory mandatory 802.1x authentication option disabled Wireless clients are automatically authenticated by their MAC address. • If MAC authentication succeeds, the client gains access. Next the client station can initiate
  • Cisco WAP200 | Administration Guide - Page 42
    . Radio power More radio power means better signal quality and the ability to create bigger wireless cells. However, cell size should generally not exceed the range of transmission supported by client stations. If it does, client stations will be able to receive signals from the access point, but
  • Cisco WAP200 | Administration Guide - Page 43
    How it works Chapter 2 Interference Interference is caused by other access points or devices that operate in the same frequency band as the WAP-200. This can substantially affect throughput. The WAP-200 provides advanced wireless configuration features to automatically eliminate this problem. See
  • Cisco WAP200 | Administration Guide - Page 44
    Chapter 2 How it works Chapter 2 Configuring overlapping wireless cells Overlapping wireless cells are caused when two or more access points are within transmission range of each other. This may be under your control (when setting up multiple cells to cover a large location), or out of your
  • Cisco WAP200 | Administration Guide - Page 45
    Chapter 2 How it works Chapter 2 Selecting channels For optimum performance when operating in 802.11b or 802.11g modes, choose a frequency that differs from other wireless access points operating in neighboring cells by at least 25 MHz. Two channels with the minimum 25 MHz frequency separation
  • Cisco WAP200 | Administration Guide - Page 46
    Chapter 2 How it works Chapter 2 In North America you would create the following installation: Reset Reset Reset cell 1 channel = 1 cell 2 channel = 6 cell 3 channel = 11 Reducing transmission delays by using different operating frequencies. However, it is possible to stagger your cells to
  • Cisco WAP200 | Administration Guide - Page 47
    frequently. Note: The distance between access points option provides the best performance benefit when client stations are equipped with wireless adapters that are configured with the same setting. However, not all manufacturers support this feature. Automatic power control The WAP-200's automatic
  • Cisco WAP200 | Administration Guide - Page 48
    find all active access points. For example: Note: If an access point is not broadcasting its name, the SSID is blank. Monitor mode The radio(s) in the WAP-200 can be configured to operate in monitor mode (Wireless > Radio(s) page). In this mode, both access point and wireless links functionality
  • Cisco WAP200 | Administration Guide - Page 49
    it works Chapter 2 Identifying unauthorized access points Improperly configured wireless access points can seriously compromise the security of a corporate network. Therefore, it is important that they be identified as quickly as possible. The wireless neighborhood feature can be configured to
  • Cisco WAP200 | Administration Guide - Page 50
    (s) configuration page. The following figure shows how this page appears on a MAP-300. Operating mode Select the Operating mode for each radio from the following options: • Access point and Wireless links-Standard operating mode that provides support for all wireless functions. • Access point only
  • Cisco WAP200 | Administration Guide - Page 51
    the radio. You must set the channel manually to ensure that it matches the radio on the other side of the link. For optimum performance when operating in 802.11b or 802.11g modes, select a channel that is different by at least 25 MHz from the channel used by other wireless access points operating in
  • Cisco WAP200 | Administration Guide - Page 52
    in Monitor mode. You can use Distance between access points to adjust the receiver sensitivity of the WAP-200. Change this parameter only if you have more than one wireless access point installed in your location and are experiencing throughput problems In all other cases, use the default setting of
  • Cisco WAP200 | Administration Guide - Page 53
    to determine its optimal power setting. This option is relevant only when Automatic Power Control is enabled. Default is one hour. Guidelines for configuring transmit power Transmit power control works best when the entire network uses only Colubris Networks access points, as third-party products
  • Cisco WAP200 | Administration Guide - Page 54
    Multicast Tx rate). By default this is set to the lowest rate for the current wireless mode. If there is a lot of multicast traffic on your network, raising the multicast rate can improve throughput. Note: If you raise the multicast rate, client stations that do not support the new rate will not
  • Cisco WAP200 | Administration Guide - Page 55
    Chapter 2 How it works Chapter 2 Addressing The WAP-200 is a wireless bridge, which means that all its ports share the same IP address. The address can be set statically or via DHCP on the Network > Ports page. Default settings By default the WAP-200 is configured as a DHCP client on both LAN
  • Cisco WAP200 | Administration Guide - Page 56
    : Before a user gains access to the wireless network, they must first log in. The login process is managed by 802.1x client software which must be installed on the user's computer. It communicates with the WAP-200, which in turn uses the services of a RADIUS server to validate user login credentials
  • Cisco WAP200 | Administration Guide - Page 57
    key is defined for all user connections. This key is used for encryption only. This mode does not provide user authentication (there is no username and password). To use WPA, wireless client stations must install WPA client software. Do not broadcast wireless network name You can disable the
  • Cisco WAP200 | Administration Guide - Page 58
    configuration, both the WAP-200 and the access controller (MSC-3200/3300) are equipped with omnidirectional antennas, enabling them to deliver both access point functionality and wireless bridging. MSC-3200 MSC-3300 wireless bridge WAP-200 Reset Building-tobuilding connections The wireless
  • Cisco WAP200 | Administration Guide - Page 59
    is shared by all bridged access points and all their associated client stations. • All wireless ports must be on the same subnet, with each port having a unique IP address. • If WEP is enabled, the same settings must be used on all access points. • If you establish a wireless link between two WAP
  • Cisco WAP200 | Administration Guide - Page 60
    This is the MAC address of the other access point. 7. Click Save. 8. Select Wireless > Radio. The Radio(s) configuration page opens-see page 50. 9. Set the Operating mode to Access point and Wireless links. 10. Set the Wireless mode to the same value as the other access point. 11. Set the Channel to
  • Cisco WAP200 | Administration Guide - Page 61
    Chapter 2 How it works Chapter 2 each change, allow a minimum of two minutes for the Link speed field to settle down and report its new value. 61
  • Cisco WAP200 | Administration Guide - Page 62
    be defined on the LAN ports, as well as on wireless links. User traffic can be mapped to a VLAN on a per-VSC basis, or on a per-user basis. For scenarios that illustrate how to work with VLANs, see the Colubris Networks Configuration Guide. Creating VLANs Use the following steps to create a VLAN
  • Cisco WAP200 | Administration Guide - Page 63
    logging in, user-specific settings (retrieved from a RADIUS server) could override this setting by assigning VLAN 40. Per-VSC VLAN assignment Each VSC can be mapped to its own VLAN. Wireless clients that connect to a VSC with VLAN support are bridged to the appropriate VLAN. Address allocation and
  • Cisco WAP200 | Administration Guide - Page 64
    will make new versions of the firmware available. Firmware updates can be handled manually, automatically, or with a tool like cURL. Important: When a WAP-200 is restarted it automatically initializes itself to the default address 192.168.1.1 on all ports. If the DHCP client is enabled, it takes
  • Cisco WAP200 | Administration Guide - Page 65
    version. If different, the firmware is downloaded and installed. Configuration settings are preserved. However, all connections will be terminated forcing users to log in again. Using cURL It is possible to automate management tasks using a tool like cURL. cURL is a software client that can be
  • Cisco WAP200 | Administration Guide - Page 66
    . Configuration management can also be performed using the command line interface via an SSH session. For details, see the Command Line Interface Reference Guide. Important: When a WAP-200 is restarted it automatically initializes itself to the default address 192.168.1.1 on all ports. If the DHCP
  • Cisco WAP200 | Administration Guide - Page 67
    want to directly edit the configuration file. Reset configuration Use this option to return the configuration of the WAP-200 to its factory default settings. Note: Resetting sets the administrator password to 'admin' and resets all configuration settings. Restore configuration file Enables you to
  • Cisco WAP200 | Administration Guide - Page 68
    designed to work without user interaction or any kind of interactivity. It is available for Windows and LINUX at: http://curl.haxx.se/. You must use version 7.9.8 or higher. The following cURL commands illustrate how to manage the configuration file. The following setup is assumed: • IP address of
  • Cisco WAP200 | Administration Guide - Page 69
    --cookie cookie.txt "https://24.28.15.22/download/config.cfg" -o config.cfg 5. Logout. curl -s -k --cookie cookie.txt "https://24.28.15.22/goform/Logout" -d logout=Logout Resetting the configuration to factory defaults 1. Prepare the WAP-200 to receive the login. curl -s -k "https://24.28.15.22/home
  • Cisco WAP200 | Administration Guide - Page 70
    on the RADIUS server for each one that you intend to install. Configuration settings You may need to supply the following information when setting up a RADIUS client entry: • Client IP address: This is the IP address assigned to the WAP-200's LAN ports. • Shared secret: Secret the WAP-200 will
  • Cisco WAP200 | Administration Guide - Page 71
    Chapter 2 How it works Chapter 2 Configuring the connection To configure the connection to a RADIUS server, do the following: 1. Open the Security > RADIUS page. 2. Click Add New Profile. The RADIUS profiles configuration page opens. 3. Configure the parameters as described in the sections that
  • Cisco WAP200 | Administration Guide - Page 72
    reply, the RADIUS access request is retransmitted to the primary RADIUS server. The WAP-200 always alternates between the two servers, when configured. Primary RADIUS server Server address Specify the IP address of the RADIUS server. Secret/Confirm secret Specify the secret (password) that WAP-200
  • Cisco WAP200 | Administration Guide - Page 73
    type number = 0 • Attribute type = string Access Request Attribute Acct-Session-Id Called-Station-Id Calling-Station-Id EAP-Message Framed-MTU Message-Authenticator NAS-Identifier NAS-Ip-Address NAS-Port NAS-Port-Type Service-Type State User-Name User-Password Colubris-AVPair (SSID) Web Admin 802
  • Cisco WAP200 | Administration Guide - Page 74
    19, which represents WIRELESS_802_11.) • Service-Type (32-bit unsigned integer): Set to Framed-User. • State (string): As defined in RFC 2865. • User-Name (string): The username assigned to the user. Or if MAC-authentication is enabled, the MAC address of the wireless client station. The following
  • Cisco WAP200 | Administration Guide - Page 75
    works Chapter 2 Access Accept Attribute Class EAP-Message MS-MPPE-Recv-Key MS-MPPE-Send-Key Session-TImeout Termination-Action Tunnel-Medium-Type Tunnel-Private-Group-ID Tunnel-Type Web Admin 802.1x MAC Descriptions • Class (string): As defined in RFC 2865. Multiple instances are supported set
  • Cisco WAP200 | Administration Guide - Page 76
    Chapter 2 How it works Chapter 2 Access Challenge Attribute EAP-Message Message-Authenticator State Web Admin 802.1x MAC ■ -Status-Type Called-Station-Id Calling-Station-Id Class Framed-MTU NAS-Identifier NAS-Port NAS-Port-Type User-Name Colubris-AVPair (SSID) Web Admin 802.1x MAC ■ 76
  • Cisco WAP200 | Administration Guide - Page 77
    in IEEE format. By default, the MAC address is sent in IEEE format. For example: 00-02-035E-32-1A. This can be changed on the Security > 802.1x page. • Class (string): As defined in RFC 2865. Multiple instances are supported. • Framed-MTU (32-bit unsigned integer): Hard-coded value of 1496. The
  • Cisco WAP200 | Administration Guide - Page 78
    of a standard user account is the setting of the service type. Make sure that a user is not granted access if service type is not Administrative. Supported RADIUS attributes Following are supported RADIUS attributes. Access Request • User-Name (string): The username assigned to the user or a device
  • Cisco WAP200 | Administration Guide - Page 79
    Chapter 3: More from Colubris Chapter 3 More from Colubris In this chapter you can find information about the resources that are available to you at the Colubris website, as well as information about how to contact Colubris support, training, and sales.
  • Cisco WAP200 | Administration Guide - Page 80
    • Administrator's guides • Quickstart guides • Quick setup tools • SNMP MIBs • Software license agreement • Return Material Authorization (RMA) procedures and forms For Annual Maintenance Support Program customers Colubris Networks offers a comprehensive set of annual support programs that focus
  • Cisco WAP200 | Administration Guide - Page 81
    • Telephone toll-free from within the United States and Canada by dialing 1-866-241-8324, then select option 1 To telephone the Colubris Customer Support team from other countries, dial the International Direct Dialing prefix (IDD) for the country from which you are calling, then dial 1-781-684-0001
  • Cisco WAP200 | Administration Guide - Page 82
    Chapter 3 More from Colubris Chapter 3 82
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
WAP-200
Administrator’s Guide