3Com 3CRWX120695A WXR100 Switch User Manual
Contents
1. Adjusting the Scale of a Drawing U A WN If you imported a DWG or DXF drawing you might need to adjust the scale of the drawing because the units used in these drawings might not have a one to one correspondence to meters and feet To adjust the scale of the drawing you draw a line between two points of known distance and adjust the measurement To adjust the scale Display the floor plan in the Content panel Click E on the toolbar Drag to create a line between two points A dialog box appears In the dialog box type the actual distance between the two points Click OK 86 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Adjusting the Origin Point 3WXM uses a building s origin point to understand what is above or below a given floor When calculating RF coverage 3WXM needs to understand where MAP access points on adjacent floors are located so that 3WXM can take RF from those MAPs into account when assigning channels If an imported drawing has an origin point defined 3WXM tries to use that origin point Otherwise 3WXM places the origin point in the upper left corner of the drawing by default You are not required to use the upper left corner of the building as the origin point You can select an easily identifiable feature on all floors such as an elevator shaft Or to include additional features that2. Refreshed at Fri Dec 02 20 09 30 PST 2005 On the Session Statistics tab you can select statistics for the MAP the client is associated with or total statistics for the client s entire roaming history For the current statistics select Current AP For the totals for the entire roaming history select Lifetime Table 51 lists the information displayed on the tab Table 51 Session Statistics Columns Column Description Operational Rate Data rate of the last packet received by the radio from the client SNR SNR of data transmissions from the client to the radio RSSI RSSI of data transmissions from the client to the radio Bandwidth Bytes sec Bytes per second rate of traffic between the radio and the client The rate includes both send and receive traffic Unicast Bytes Out Number of unicast bytes transmitted by the radio to the client during this session Unicast Packets Out Number of unicast packets transmitted by the radio to the client during this session B i SE Alpha Equip E 3ComAir E Alphawx1 wx4400 DAP 1 FishBowl352 DAP12 MikesOffice Using the Client Monitor View 433 Table 51 Session Statistics Columns continued Column Description Transmit Timeouts Number of times a packet transmitted by the radio to a client remained unacknowledged long enough for the transmission attempt to time out Unicast Bytes In Number of unicast bytes received by the radio from the
3. PO2 OutsideHotHouse Receiver Threshold 2 Rx Frames 3094540 Tx Unicast Frames 222827 14 od DAP1 DAP SQALab A Tx Multicast Frames 47477051 POS WXS P3 Alphawx4 wx1200 o DAP 1 DAF SQALab A G Alerts A gt Double click on the object with the red flag to drill down to even more detailed information In the example below the client counts for each MAP being actively managed by the switch are displayed Using the Explore Window 409 B a Explore RAe e aves SE alphaNET4_1_0 K Equipment By Alphaw x 1 w x4400 3 Clients zl HAlphawx2 wx1200 Alphaw x 3 WX1200 fg Alph 0 P02 OutsideHotHouse DAP1 DAP SQALab A Alphawx4 Wx1200 Sites a Alpha X5 WXR100 6 Clients a eure o oie 4 3 Clients Alerts a When a red flag appears in the Explore view the column for the statistic whose threshold was exceeded also turns red in the RF Trends view fi 2 RF Trends pe B haaa current 1Hour 2 Hours 7Days 30Days a Show Values s eH Alphas 1 wx4400 Throw autho Client 802 11 Non 8 Re tra Receiv Noise f Alphawx2 W 1200 99603 5 5187 491961 0 2931855 1 89 Alpha
4. Out ACL Name ACL applies to packets sent from the WX See step 13 VLAN Name See step 14 a Deny Refuses network access if the conditions in the location policy rule are matched If you select Deny go to step 14 In the In ACL Name box type the name of the input ACL that applies if the location policy rules are matched The ACL name can be 1 to 32 alphanumeric characters with no spaces or tabs The name can include hyphens underscores _ or periods ACL names are case sensitive and must begin with a letter Do not include any of the following terms in the name all default action map help editbuffer In the Out ACL Name box type the name of the output ACL that applies if the location policy rules are matched In the VLAN Name box type the name of the VLAN to which users are assigned if the location policy rules are matched The name can be 1 to 32 alphanumeric characters with no spaces or tabs Click Finish 328 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Viewing and Changing Mobility Profiles Viewing Mobility Profiles Creating a Mobility Profile A W N 1 Mobility Profile attributes allow or deny access to the network for a specific user or group of users When you create a Mobility Profile you specify which MAP ports Distributed MAPs or wired authentication ports are to be included Typically you include ports that are defined as
5. ik p Back Forward Policies RF Planning Rogue Detection Verification BEAJ AABaL de Coverage Areas Show Layers RF Planning Floort Level 1 i Qcovera i 2 L1 CoverA S Radio2 Qeovers gt Import Floor Layout gt Clean Layout gt Create RF Obstacles Compute and Place gt Assign Channels gt Compute Optimal Power gt Work Order Report Site Survey gt Import Points gt Import Measurement D Optimize D Report You must now compute the optimal power See Computing Optimal Power on page 147 Locking and Unlocking MAPs After you compute and place the necessary MAPs for a coverage area you can move them to fine tune the wireless coverage If you need a MAP to be located at a fixed location on the floor you can lock its current location when you recompute the necessary coverage A dual radio MAP model that is part of two coverage areas and is not locked can be placed in the shared coverage area To lock a MAP 1 Select the MAP you want to lock 2 Right click and select Lock You can no longer move the MAP 144 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Assigning MAP If you do not plan to use the RF Auto Tuning feature to automatically set Channels the channels on the MAPs after deployment and installation use the Assign Channels to MAPs option to assign channels to the MAPs Appropriate assignment of chan
6. Hardware Requirements Hardware Requirements for 3WXM Client Table 3 shows the minimum and recommended requirements to run the 3WXM client Table 3 Hardware Requirements for Running 3WXM Client Minimum Recommended Processor Intel Pentium 4 2 GHz or Intel Pentium 4 3 GHz or equivalent equivalent RAM 512 MB 1 GB Hard drive space 100 MB 200 MB available Monitor resolution 1024x768 pixels 24 bit color 1600x1200 pixels 32 bit color CD ROM drive CD ROM or equivalent CD ROM 22 CHAPTER 1 INSTALLING 3WXM Hardware Table 4 shows the minimum and recommended requirements to run the Requirements for 3WXM monitoring service 3WXM Monitoring ae Table 4 Hardware Requirements for Running 3WXM Monitoring Service Service Minimum Recommended Processor Intel Pentium 4 2 4 GHz or Intel Pentium 4 3 6 GHz or equivalent equivalent RAM 1 GB 2 GB Hard drive space 1 GB 2 GB available Monitor resolution 1024x768 pixels 24 bit 1600x1200 pixels 32 bit color color CD ROM drive CD ROM or equivalent CD ROM Table 5 contains general recommended guidelines for hardware requirements and memory allocation based on the number of radios and WX switches your server will support A larger number of WX switches implies more connections and data processing and consequently more CPU is required A larger number of radios implies more data including client sessions which requires more RAM and storage Table 5 Recommended Server Hardware Alloca
7. Viewing and Configuring Radio Profiles gt Viewing Radio Profile Settings A W N A radio profile is a set of attributes that you can apply to multiple radios A default radio profile named default is provided and cannot be deleted Rather than configuring each radio individually you can create a new radio profile and apply it to multiple radios that you select You can also create a radio profile as part of a domain policy and apply it to MAPs on different WX switches 3Com recommends that you create a new radio profile and leave the default radio profile unchanged as a backup The default radio profile is associated with a WX switch s MAPs unless you created a new radio profile while configuring a floor plan s coverage area and configured the WX switches with the information in the floor plan If you create a new radio profile while configuring a coverage area for a floor 3WXM automatically copies the new profile to the domain policy of the Mobility Domain selected for the coverage area Later when you configure WX switches in the Mobility Domain using the information in the floor plan 3WXM also copies the radio profile to the Radio Profiles policy of each of the switches To view radio profile settings Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to Wireless Select Radio Profiles The radio profiles appear in the Conte
8. 2 Select the type of entries you want to display a Rogue APs APs that are on the 3Com network but do not belong there a Interfering APs Devices that are not part of the 3Com network but also are not rogues No clients connected to these devices have been detected communicating with any network entity listed in the forwarding database FDB of any WX switch in the Mobility Domain Although interfering devices are not connected to your network they might be causing RF interference with MAP radios Displaying Rogue Details Using the Rogue Detection Screen 465 a Ad hoc clients Wireless clients who are configured to communicate wirelessly outside of the network infrastructure Ad hoc clients are not necessarily malicious but they do steal bandwidth from your infrastructure users Ad hoc clients are further categorized into rogues and interfering devices The word Rogue or Interfering appears in parentheses next to the word Ad hoc By default all these entry types are displayed Select the period by which you want to filter the list from the Filter By listbox a Current Lists the rogues detected during the most recent polling interval Go to step 5 a Current Hour Lists the rogues detected during the most recent hour Go to step 5 a Current Day Lists the rogues detected during the most recent day Go to step 5 a History Lists the rogues detected during a specific date range Go to step 4 To change the s
9. 10 11 To prevent 3WXM from replacing an existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option Click Generate When the report is generated click the report link to view it The report lists the BSSIDs of the rogues detected by each WX switch The report also shows graphs of the distribution of rogues on the WX switches and of trend data Generating a Site Survey Order gt A W N The site survey order contains the locations and MAC addresses of the line of site LOS points for use when conducting a site survey and also provides a GIF image of the floor For the site survey order to be meaningful you must specify the line of site LOS points first See Importing RF Obstacle Data from a Site Survey on page 98 To generate a site survey order Select the Reports tool bar option In the Report Category list select RF Plan Reports In the Reports list select Site Survey Order Select the scope for the work order You can select the network plan a site a building or an individual floor Select the language a English a German To change the output directory for the report click on the button next to output directory navigate to the new directory and click Select Click Generate 8 When the report is generated click View A browser window containing 10 the report opens Optionally select the floor Click View Site Su
10. 3 In the Coverage Area task group under Wiring Closet Misc click the ail Insert Measurement Point icon 152 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 4 On the floor plan click where you want the measurement point to be placed The Create RF Measurement Point dialog box appears Create RF Measurement Point Create RF Measurement Please enter description Description Floor 1 RF Point RF Point x Feet 187 9 Y Feet RSSI Options Show Unreachable APs v Show Disabled APs Show APs on Other Floors Indicated by 802 11a AP AP Distance Feet Channel RSSI dBm Status AP L1 Cover4 6 67 8 36 76 7 OK AP L1 CoverG 7 48 0 36 150 0 Disabled 802 1 1b g AP AP Distance Feet Channel RSSI d8m Status AP L1 Cover4 6 67 8 6 150 0 Disabled AP L1 CoverG 7 48 0 6 65 5 OK Updated Description Value Floor 1 RF Point 5 In the Description box type a description for the measurement point 1 to 60 characters 6 In the RSSI Options box select display options for the dialog box a To list access points that cannot be detected from this RF measurement point select Show Unreachable MAPs a To list disabled access points select Show Disabled MAPs a To list access on other floors that can be detected from this RF measurement point select Show MAPs on Other Floors See Reading the RF Measu
11. Click Finish to exit the wizard lt Previous Finish Cancel gt Editing Coverage Areas 1 Defining Wireless Coverage Areas 125 Specifying Mobility Domain Radio Profile and Wiring Closet Associations To specify association information for the coverage area In the Mobility Domain list select the Mobility Domain that contains the MAPs used for this coverage area In the Radio Profile list select the radio profile used for this coverage area The profiles available depend on the Mobility Domain you selected in step 1 For a policy to appear in this list you must have already configured a policy and selected the Wireless Service Profiles and Radio Profiles checkbox in the Policy Areas dialog The policy you select applies to all radios associated with the coverage area If you type the name of a radio profile that does not already exist 3WXM creates it In the Wiring Closet list select the wiring closet that contains the WX switch or switches to be connected to the shared MAP access points If the MAPs will be directly connected to WX switches a wiring closet is required If all the MAPs in the coverage area will be indirectly connected to WX switches through the network a wiring closet is not required In the Redundant Wiring Closet list select the wiring closet that will provide redundant connection to the MAP access points This is required for directly connected MAPs if you require the MAPs to
12. In the Certificate Type list select one of the following a EAP To install an 802 1X EAP certificate a Web To install a WebAAA certificate a Admin To install an administrative certificate Click Start Download Download progress appears in the Status column When the download process is complete you see a message indicating that the certificate was installed 13 CONFIGURING AND APPLYING POLICIES A policy is a set of WX configuration parameters that you can define once in 3WXM and then apply to multiple WX switches When you apply a policy to a set of WX switches all parameter settings in the policy are applied to the switches and update the settings already on the switches How Changes Are Managed Policies Created When You Migrate a 3 x Network Plan to 4 1 When you create a new policy none of the policy s settings are applied to WX switches even the ones you associate with the policy when you create it until you explicitly apply the policy to the switches After you associate a new policy with a switch all new switches switches you create using the WX Switch wizard or switches you upload that match the WX model and version number of the policy automatically receive the parameter settings in the policy However after you have associated a policy with at least one switch any changes you later make to the policy are not automatically applied to any switches To apply the changes you make to a po
13. Overview MAP radios automatically scan the RF spectrum for other devices transmitting in the same spectrum The RF scans discover third party transmitters in addition to other 3Com radios MSS considers the third party transmitters to be devices of interest which are potential rogues You can display information about the devices of interest To identify friendly devices such as non 3Com access points in your network or neighbor s network you can add them to the known devices list You also can enable countermeasures to prevent clients from using the devices that truly are rogues With 3WXM you also can display the physical location of a rogue device 458 CHAPTER 17 DETECTING AND COMBATTING ROGUE DEVICES Rogue Detection Requirements Rogue detection in 3WXM has the following requirements a The Enable Rogue Detection option must be selected on the Monitoring Settings tab of the 3WXM Services Setup dialog See Changing Monitoring Settings on page 500 To use countermeasures they must be enabled You can enable them on an individual radio profile basis See Viewing and Configuring Radio Profiles on page 263 a SNMP notifications must be enabled on the WX switches Table 58 lists the notification types related to RF detection The notification types for Intrusion Detection System IDS and Denial of Service DoS protection are also listed To enable notifications on a switch see Configuring SNMP o
14. Table 24 lists the tasks you can select on the Devices tab Table 24 Devices Tasks Task Task Option Group Task Description Change Local Review Management Changes Display the configuration changes that have occurred in 3WXM for the selected switch See Reviewing Switch Configuration Changes on page 350 Deploy Send the configuration changes to the same switch in the network See Deploying Switch Configuration Changes on page 352 Schedule Deploy Schedule configuration changes to be sent from 3WXM to the same switch in the network Deploying Switch Configuration Changes on page 352 Undo Remove the changes from the switch in the network plan See Undoing Local or Network Changes on page 351 Network Review Changes Display the configuration changes that have occurred in the network for the selected switch See Reviewing Switch Configuration Changes on page 350 Accept Update the switch in the network plan with the changes from the live switch See Accepting Network Changes on page 351 Undo Remove the changes from the switch in the network See Undoing Local or Network Changes on page 351 348 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Table 24 Devices Tasks continued Task Task Option Group Task Description Other Upload Add a WX switch to the network plan by WX
15. Use this option to accept the certificate and consider the certificate to be valid for future connections When you use this option the Certificate Check dialog box is not shown again for the certificate even if the certificate becomes out of date 2 Do one of the following a Click Accept to allow the connection to the WX switch If you did not select either of the options in step 1 when you click Accept a secure connection with these certificate credentials is allowed for this session until you close the network plan a Click Reject to reject the connection to the WX switch Managing Certificates 371 Managing Certificates Reviewing Certificate Details After you have installed certificates you can review a certificate or delete a certificate that is stored in the 3WXM certificate store After installing a certificate in 3WXM you can see information such as the time frame for which the certificate is valid and who issued the certificate To review certificate details Select Tools gt Certificate Management from the toolbar in the main 3WXM window Select a certificate from the list and click Details You can also double click the certificate to see its details The Certificate Details dialog box appears listing the certificate information Click Close 4 In the Certificate Management dialog box click Close Deleting Certificates A W N To delete certificates follow these steps Select
16. Use this option to accept the certificate and consider the certificate to be valid for future connections When you use this option the Certificate Check dialog box is not shown again for the certificate even if the certificate becomes out of date Click Accept To reject the certificate and refuse the connection click Reject The 3WXM ends the connection The Certificate Check dialog box is redisplayed each time the 3WXM client attempts to establish a connection with 3WXM Services Verifying that the 3WXM Client is Receiving Service Data If you are using a network plan that already contains equipment use the following procedure to verify that the 3WXM client is receiving data for the equipment Select an object in the Organizer panel then right click and select Monitor The Monitor tab appears in the Content panel Wait 60 seconds for 3WXM to retrieve updates from the server then check the color of the objects for 3Com equipment displayed in the Explore window a If the status color is blue then 3WXM is not receiving status data from the server yet a f the status color is green yellow orange or red then 3WXM is receiving status data from the server Changing Service Settings 497 Changing Service Settings gt The service settings control the connection parameters key store information and access control to 3WXM Services The port numbers used by 3WXM Services must not be used by other a
17. 0 DEMO P LINE E WALL GRID SHELL INT CURB RM NAME EX WALL RF WALLS RF SHELL DEMTNNAWS Cancel 3 In the Remove Lines and Remove Objects group boxes click next to any items you do not want 3WXM to remove from the drawing during cleanup 3WXM removes all these items by default 4 To change the short line length type the new length in the Short Line Length box 3WXM removes all lines that are this length or shorter 5 To change the parallel shape separation distance type the new length in the Parallel Shape Separation box 3WXM removes parallel shapes that are this distance or shorter from the shape they parallel For example if a wall is drawn as parallel lines 3WXM can remove one of the lines to make the wall a single line Importing or Drawing Floor Details 91 6 To change the maximum size of objects to be removed type the new horizontal and vertical dimensions in the X axis and Y axis boxes 3WXM removes all objects that fit within both the specified axes 7 In the Layer List group box select the layers you want to clean up You can select individual layers or all layers 3WXM removes the specified objects only from the layers you select By default no layers are selected 8 Click Next The Before Cleanup tab appears The progress of the cleanup is listed in the message area below the floor plan When cleanup is finished the After Cleanup tab appears The example below shows a cleanu
18. 2 Click the WXs Connection Settings tab 3 To change the number of seconds 3WXM Services waits for a TCP connection with a WX switch to reach the Connect stage type or select the value in the Connect Timeout box You can specify from 1 to 30 seconds The default is 15 seconds To change the number of times 3WXM Services will reattempt to query a WX switch if 3WXM Services does not receive a reply to the first query attempt within the connect timeout type or select the value in the Retry Count box You can specify from O to 5 retries The default is 5 retries To prevent 3WXM Services from accepting all types of certificates from the WX switches it monitors click Accept all certificates to disable the option Changing WX Connection Settings 499 By default 3WXM Services accepts certificates from WX switches regardless of whether they are generated by a certificate authority CA or they are self signed certificates When you disable this option the Accept self signed certificates option remains enabled To prevent 3WXM Services from accepting self signed certificates from the WX switches it monitors click Accept self signed certificates to disable the option When both the Accept all certificates and Accept self signed certificates options are disabled 3WXM Services accepts only CA generated certificates To specify a key store filename and a password to protect access to that file a Enter the filename in the File box b T
19. 7 Press the Exit button to close the wizard or navigate to the other items on the CD See Getting Started on page 47 for more information on getting started with 3WXM 26 CHAPTER 1 INSTALLING 3WXM Installation Log File During installation an installation log file 3WXML_InstallLog log is created and placed in the 3WXM installation folder Double click the log file s icon to read the log file Have this log file available if you need to contact 3Com Technical Support about an installation problem Upgrading 3WXM AN You can upgrade 3WXM by installing a newer version of 3WXM over a previous version You do not need to uninstall the previous version before installing a newer version Before you upgrade 3Com recommends that you make a backup of the config db directory in the 3WXM installation directory As a best practice back up the config db directory on a regular basis to ensure that you have copies of your network plans CAUTION If you uninstall a previous version of 3WXM before upgrading make sure you note the serial number and license key from the License Information dialog box which you access by selecting Help gt Licensing from the main 3WXM window You can also save a copy of the license information by starting 3WXM and clicking Save in the License Information dialog box Uninstalling 3WXM You uninstall 3WXM by using its Uninstall wizard Access the Uninstall wizard from the 3Com program list in
20. Changing Tools Options 484 Changing Certificate Management Options 484 Changing Options for RF Planning 485 Configuring the Typical Client s Transmit Power 485 Changing Colors 485 Changing 3WXM Logging Options 488 CHANGING 3WXM SERVICES PREFERENCES Overview 491 Starting or Stopping the 3WXM Services 493 Connecting to 3WXM Services 494 Certificate Check 495 Verifying that the 3WXM Client is Receiving Service Data 496 Changing Service Settings 497 Changing WX Connection Settings 498 Changing Monitoring Settings 500 To change monitoring settings 501 Accessing the 3WXM Services Log 502 Managing Network Plans 503 Backing Up a Plan 503 Changing Backup Settings 504 Restoring a Plan from a Backup 504 Copying a Plan Backup from One Server to Another 504 Deleting a Plan Backup 505 OBTAINING SUPPORT FOR YOUR PRODUCT Register Your Product 507 Purchase Value Added Services 507 Troubleshoot Online 508 Access Software Downloads 508 Telephone Technical Support and Repair 508 Contact Us 509 INDEX ABOUT THIS GUIDE This manual shows you how to plan configure deploy and manage a Mobility System wireless LAN WLAN using the 3Com Wireless LAN Switch Manager 3WXM Read this manual if you are a network administrator or a person responsible for managing a WLAN If release notes are shipped with your product and the information there differs from the information in this guide follow the instructions in the release notes
21. If you selected Static WEP specify WEP keys a For each key up to four type the key value in the corresponding key box a By default data in unicast and multicast packets are encrypted using WEP key 1 To use another key for either type of packet select the key number in the WEP Unicast Key Index or WEP Multicast Key Index box 8 Click Next 10 If the access type is Web Portal or Open Access select the VLAN into which you want the switch to place users of the SSID If you want to specify the VLAN later when configuring the access rules you can leave the VLAN Name box blank Click Next If the access type is Web Portal the ACEs ACL rules that 3WXM will configure for the Web Portal service are listed The ACEs are required to allow DHCP traffic while blocking all other traffic while a user is being authenticated These ACEs are used only during authentication After the user is authenticated the ACEs are not used If you need to add ACEs continue with this step Otherwise click Next and go to Modifying Access Rules on page 262 or click Finish to save the changes and close the wizard a To add an ACE click Add Rule 3WXM adds an ACE to the end of the list The ACE matches on all source and destination IP addresses and denies them a To modify an ACE select the part of the ACE you want to modify and edit or select the new value For information about ACE settings see Viewing and Configuring ACLs on
22. If you selected two radio technologies when defining the coverage area a shared area is automatically created In the Wiring Closet list select the wiring closet that contains the WX switch or switches to be connected to the shared MAPs In the Redundant Wiring Closet list select the wiring closet that will provide redundant connection to the MAPs This is required for directly connected MAPs if you require the MAPs to have redundant connections Otherwise this is not required In the Available Access Points box select an available MAP if one is configured to use in the coverage area then click Add to move the MAP to the Current Access Points box This assumes that the network plan already has a MAP and that the MAP is physically located within the area you are configuring If you are planning a new installation you do not need to specify a MAP to use Defining Wireless Coverage Areas 129 8 Under the Constraints tab you can do the following To change the ceiling height specify the new height in the Height of the Ceiling box To change the height where MAPs are mounted specify the new mounting height in the AP Placement Height box To change the WX switch model select the model from the WX Model list To change the default MAP model select the model from the Default AP Model list To change the MAP connection type select the type from the AP Connection Type list a Direct MAPs are directly attached to dedi
23. Mapping an ACL on page 228 idle timeout This option is not implemented in the current MSS version mobility profile network access mode only Mobility Profile attribute for the user For more information see Viewing and Changing Mobility Profiles on page 328 Mobility Profile is a 3Com vendor specific attribute VSA The vendor ID is 43 and the vendor type is 2 Name of an existing Mobility Profile which can be up to 32 alphanumeric characters with no tabs or spaces If the Mobility Profile feature is enabled and a user is assigned the name of a Mobility Profile that does not exist on the WX switch the user is denied access Creating and Managing Users in the Local User Database 295 Table 22 Authentication Attributes for Local Users continued Attribute Description Valid Value s service type Type of access the user is requesting Access type which can be one of the following a 2 Framed for network user access a 6 Adnministrative for administrative access with authorization to access the enabled configuration mode The user must enter the enable command and the correct enable password to access the enabled mode 7 NAS Prompt for administrative access to the nonenabled mode only In this mode the user can still enter the enable command and the correct enable password to access the enabled mode For administrative sessions the WX sw
24. Measurement Mode RF Point X Feet 231 8 Y Feet RSSI Options 802 114 AP AP Distance Channel Show Unreachable APs V Show Disabled APs Show APs on Other Floors Indicated by AP L1 Cov 82 7 RSSI dBm Status 75 4 OK 802 1 1big AP AP Distance Channel RSSI dBm Status 6 86 3 AP L1 Cov 82 7 OK Table 15 shows the information available in the RF measurement table Table 15 RF Measurement Information Item Value X Distance in the X direction from the 0 0 coordinate the upper left corner of the panel Y Distance in the Y direction from the 0 0 coordinate the upper left corner of the panel Show Unreachable APs Show MAPs that are too far away to accurately measure signal strength Show Disabled APs Show all disabled MAPs Show APs on Other Show the MAPs located on other floors that can be Floors detected from this RF measurement point MAP AP MAP or third party access points detected Distance Distance between MAP and RF measurement point Channel Channel of the MAP or third party access point RSSI dBm Signal strength from the MAP at the RF measurement point Status Whether the MAP is active OK or disabled Generating RF Network Design Information 155 Generating RF Network Design Information After 3WXM has calculated the number of MAPs required to provide wireless coverage yo
25. Viewing IP Services Setting kh WN You can configure the following IP services Static routes a P aliases a Domain Name System DNS service a Network Time Protocol NTP service a Address Resolution Protocol ARP entries To view IP services setting Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select IP Services The IP services settings appear in the Content panel 202 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Creating a Static Route The IP routing table contains routes that MSS uses for determining the interfaces for a WX switch s external communications When you add an IP interface to a VLAN that is up MSS automatically adds corresponding entries to the IP routing table For destination routes that are not directly attached you can add static routes A static route specifies the destination and the gateway router through which to forward traffic You can add the following types of static routes a Explicit route Forwarding path for traffic to a specific destination a Default route Forwarding path for traffic to a destination without an explicit route If the IP routing table contains an explicit route for a given destination MSS uses the route Otherwise MSS uses a default route For more information about static routes see the Configuring and Managing IP Routes section in the
26. a Check for externally referenced files 3WXM requires the drawing file to be monolithic If a floor plan uses externally referenced files significant portions of the floor plan might be missing even with all layers unfrozen and visible 80 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM In AutoCAD when you load the drawing file you might see messages about the files not being found To check for external references you can select Insert gt Xref Manager If you look at the layers externally referenced layers have a common prefix label with the delimiter between the label and the description for example SCO3 a WALL FULL If you can see the layer itself the layer either will be blank or will be a single read only object To include the information in externally referenced files place the files in the same directory as the master file In AutoCAD you also can bind the information to the master file by selecting Insert gt Xref Manager selecting the file then clicking Bind Adding information from referenced files can increase the file size If the information you will need to convert into RF obstacles is in the referenced file but not the master file try just importing the referenced file into 3WXM For information on the location of referenced files in AutoCAD see the AutoCAD documentation a Audit the drawing An audit finds problems between objects in the file and fixes them automatically To perform an audit in AutoCAD
27. v N Extended 2 Scroll down and select 3WXM Services 3 Select the Start or Stop option 4 Close the Services window 5 Within 3WXM enable it to access the service 494 CHAPTER B CHANGING 3WXM SERVICES PREFERENCES Connecting to 3WXM Services gt If a firewall is enabled on the host where you install 3WXM Services 3WXM Services will not be able to communicate with 3WXM client or with WX switches unless the firewall is configured to allow through traffic for the SSL and SNMP ports 443 and 162 by default To connect to 3WXM Services Start 3WXM client Select Start gt Programs gt 3Com gt 3WXM gt 3WXM The 3WXM Services Connection dialog appears Enter the IP address or fully qualified hostname of the machine on which the service is installed If the service is installed on the same machine as the one you are using to run 3WXM enter 127 0 0 1 as the IP address This is a standard IP loopback address Specify the service port if different from the port number in the Service Port listbox The port number used by 3WXM Services must not be used by another application on the machine where 3WXM Services is installed If the port number is used by another application change the port number on 3WXM Services See Changing Service Settings on page 497 Enter a username and password if required for access to the service Usernames and passwords for accessing 3WXM Services are configured
28. 00 00 00 00 00 00 lt Previous Next gt j Finish Cancel In the Channel Number listbox specify the channel number on which the AP radio will be operating In the Transmit Power listbox specify the transmit power of the AP s radio In the MAC Address box type the MAC address you want to use for this position of the AP To ensure valid site survey results you must use a unique MAC address for each LOS point If the AP model you selected has more than one radio configure the other radio Click Finish to save the changes and close the wizard An LOS point icon appears on the floor plan where you clicked to open the Create AP Placement Point wizard 106 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM To move an LOS point To move an LOS icon click and drag to select the icon and move it to its new location To temporarily remove an LOS point onto the Objects to Place tab To temporarily remove an LOS point from the floor without deleting it click and drag the LOS icon to the Objects To Place area of the Organizer panel To move the LOS back onto the floor 1 Click on the LOS in the Objects To Place area of the Organizer panel 2 Move the cursor to the floor location where you want to place the LOS 3 Click to place the LOS You cannot delete an LOS point directly from the Objects To Place tab To delete an LOS point place the LOS point somewhere on the floor space then delete it See To delete an LOS
29. 2 BuildingS753 o E m sn oa pajejel Floor1 Level 1 DAP SQALab A G EBC FishBowl352 MAP Cafe Ext MAP Empty MAP RestRoom MAP SalesMarketin Sales amp Maketing_A ra TTTTTTITIIIT ihe ELLE EE T ATi i a i l i MikesOffice OutsideHotHouse d a h Alerts a BES E Using the Explore Window 411 The jagged appearance of the coverage area is normal and is caused by the RF obstacles around the radio The RF obstacle information in the floor plan enables 3WXM to more accurately portray RF information for the network including a radio s coverage If the coverage area for a radio is displayed as a sphere then the floor plan does not have any RF obstacles around the radio To add RF obstacles to a floor plan see Specifying the RF Characteristics of a Floor on page 94 You can control how the coverage is shown by selecting an option from the Show RF Coverage Using box in the window s toolbar Table 35 lists the options Table 35 Coverage Display Options in Explore Window Display Option Description Baseline association Coverage is shown based on the MAP radio s baseline rate association rate The baseline association rate is the typical data rate the radio is expected to support for client associations The baseline association rate is specified during planning on a coverage area basis Data rate Coverage is shown in
30. 58 Summary Top Bandwidth LowSNR Low RSSI Scope Sessions SNR average RSSI average dBm Ob Alphaws1 wx4400 3 25 64 Np Alphawx2 wx1200 4 31 58 Sh alphawx3 wx1200 1 Nh Alphawx5 wxR100 1 48 51 428 CHAPTER 16 MONITORING THE NETWORK Table 48 lists the data displayed on the Client Sessions tab when the scope is a Mobility Domain Table 48 Client Sessions Columns When a Mobility Domain is Selected Column Description Scope of the data displayed in the row The scope for each row in the Client Activity tab is always a WX switch Scope The down arrow in front of the WX switch name indicates that you can double click on the arrow to change the scope in the Status Summary and Explore windows to display information specifically for this switch in those windows Sessions Number of active sessions on the switch Average SNR of data transmissions from clients to the radios managed by the switch SNR average Average RSSI of data transmissions from clients to the radios managed by the switch RSSI average dBm Data Displayed When a WX Switch MAP or Radio is Selected When a WX switch MAP or individual radio is selected in the Organizer panel the Client Monitor view s Client Sessions tab displays a row of information for each client session B Client Monitor amp Q m ES a a B Y5 AlphaNeT4_1_0 i Glient Activity Client Sessions Client Watch List Equipment Total
31. 81 Unknown Radio 00 0b 0e 01 7b 81 36 85 Unknown Radio 00 0b 0e 17 c7 41 40 89 DAP SQALab A G Radio2 00 0b 0e 00 d2 c1 40 92 DAP SQALab A G Radio2 00 0b 0e 00 d2 c3 40 91 DAP 5QALab A G Radio2 00 0b 0e 00 d2 c7 40 90w Table 53 lists the information displayed in the top section of the RF Monitor view Table 53 RF Monitor Columns Column Description Radio WX switch name MAP name and radio number Type Radio type 802 11a 802 11b or 802 11g Channel Channel number on which the radio is operating Tx Power Power level at which the radio is transmitting MAC Base MAC address of the radio Displaying RF Using the RF Monitor View 443 In the RF Monitor view select the RF Neighborhood tab at the bottom of Neighborhood the window Information B fi RFMonitor p 3S AlphaneT4_1_0 io Type Channel Tx Power dBm M E Equipment 4 E 3Coma ir A Alphawx1 Wx4400 DAP16 Radiot 802 11g 1 9 00 0b 0e 30 91 c0 E Alphaws1 wx4400 35 YAP 1 Fisl 52 DAP12 MikesOffice DAP13 MAP Empty DAP14 MAP 5 Empty DAP15 MAP Cafe Ext DAP16 DAP16 Alphawx2 wx1200 Alphawx3 wx1200 Alphaws5 WXR100 Alphawx4 wx1200 Sites Alerts RF Neighborhood SSID BSSID Mapping Activity RF Environment Show RF Neighbors Transmitters heard by this Radio C Listeners who heard this Radio Neighbor BSSID a Channel RSSI z Unknown Radio 00 0b 0e 14 d5 c1 36
32. Click Next 4 To change the model select the model from the AP Model pull down list 5 To change the radio type select it from the AP Radio Type drop down list 11a 802 11a 11b 802 11b only 11g 802 11b g The radio type is configurable on single radio MAP models For dual radio models the radio type is configurable on the 802 11b g radio Configure a Port for Wired Authentication gt Viewing and Changing Port Settings 179 Click Next The non editable number 1 or 2 indicates the radio number on the MAP To enable the radio select Enabled In the Channel Number list select the channel number for the radio If RF Auto Tuning for channel configuration is enabled setting this value has no effect The channel number is controlled by RF Auto Tuning In the Transmit Power box specify the transmit power for the radio If RF Auto Tuning for power configuration is enabled setting this value has no effect The power level is controlled by RF Auto Tuning Click Finish A wired authentication port is an Ethernet port that has 802 1X authentication enabled for access control Like wireless users users that are connected to the WX switch over Ethernet can be authenticated before they can be authorized to use the network However data for wired users is not encrypted after they are authenticated For 802 1X clients wired authentication works only if the clients are directly attached to the wired authenticat
33. Client VLAN Name vlan pm Auth Server 1P 192 168 3 4 Auth Protocol Type Pass Through SSID 3ComaAirwlan Client Location AlphaNET4_1_0 AlphaWw x 1 W X4400 DAP1 FishBowl352 Radio X Refreshed at Fri Dec 02 19 24 01 PST 2005 420 CHAPTER 16 MONITORING THE NETWORK Table 39 lists the data displayed on the Client Activity tab when a WX switch MAP or individual radio is selected Table 39 Client Activity Columns When a WX Switch MAP or Radio is Selected Option Description Event Type Type of SNMP trap Association Failure ClientAssociationFailure trap Authentication Failure ClientAuthenticationFailure trap Authorization Failure ClientAuthorizationFailure trap Authorization Successful ClientAuthorizationSuccess trap Clear ClientCleared trap Disassociation ClientDeAssociation trap Dot1x Failure ClientDot1xFailure trap Roam ClientRoaming trap Time System date and time on the WX switch when the 3WXM Services received the trap Client MAC MAC address of the client Client Name Username of the client Client IP Address IP address of the client SSID SSID the client was most recently associated with when the trap was generated The Activity Details section at the bottom of the view displays details for the selected row of information The details differ depending on the trap type The following tables list the data displayed in the Activity Details section for each trap type
34. DAP S 149 9 40 EBC 33 0 36 FishBo 135 9 60 Mikes 124 0 56 MAP C 103 2 64 MAP E 98 7 153 802 1 1big AP Dist Cha DAP S 149 9 6 EBC 33 0 1 FishBo 135 9 1 Mikes 124 0 11 MAP C 103 2 11 MAP E 98 7 6 RSSI measurements V Show Disabled APs RSS _ Sta 78 5 OK A 644 o El 73 7 OK 62 4 OK 74 3 OK 66 9 OK RS5 Sta 66 9 OK 52 8 OK 71 1 OK 58 3 OK 63 7 OK 59 8 OK RF measurement point Table 36 lists the RF measurement information that is displayed for the measurement point Table 36 RF Measurement Information Item Value X Feet Distance in the X direction from the 0 0 coordinate the upper left corner of the panel Y Feet Distance in the Y direction from the 0 0 coordinate the Show Unreachable MAPs Show Disabled MAPs MAP AP Distance Feet Channel RSSI dBm Status upper left corner of the panel Show MAP access points that are too far away to accurately measure signal strength Show all disabled MAP access points MAP or third party access points detected Distance between MAP and RF measurement point Channel of the MAP or third party access point Signal strength from the MAP at the RF measurement point Whether the MAP or third party is active OK or disabled 414 CHAPTER 16 MONITORING THE NETWORK You can change the RSSI options even after measurement
35. DETECTING AND COMBATTING ROGUE DEVICES Rogue Detection Lists Rogue detection lists specify the third party devices and SSIDs that MSS allows on the network and the devices MSS classifies as rogues You can configure the following rogue detection lists a Permitted SSID list A list of SSIDs allowed in the Mobility Domain MSS generates a message if an SSID that is not on the list is detected a Permitted vendor list A list of the wireless networking equipment vendors whose equipment is allowed on the network The vendor of a piece of equipment is identified by the Organizationally Unique Identifier OUI which is the first three bytes of the equipment s MAC address MSS generates a message if an AP or wireless client with an OUI that is not on the list is detected a Client black list A list of MAC addresses of wireless clients who are not allowed on the network MSS prevents clients on the list from accessing the network through a WX switch If the client is placed on the black list dynamically by MSS due to an association reassociation or disassociation flood MSS generates a log message a Ignore list A list of third party devices that you want to exempt from rogue detection MSS does not count devices on the ignore list as rogues or interfering devices and does not issue countermeasures against them An empty permitted SSID list or permitted vendor list implicitly allows all SSIDs or vendors However when you add an
36. Equipment 3ComAir fee Alphaiw x1 wx4400 DAP 1 FishBowl352 DAP12 MikesOffice DAP13 MAP Empty DAP 14 MAP S Empty DAP1S MAP Cafe Ext DAP16 DAP16 Alphas 2 wWx1200 Alphawx3 wx1200 AlphawxS WXR100 Alphawsx4 wx1200 Sites Alerts Radio Type Channel Tx Power dBm MAC j X4400 DAP16 Radioz 802 0 00 00 00 0 a A Alphawst Wx4400 DAP16 Radiol 802 119 0 0 00 00 00 00 00 00 A Alphaw 1 wW4400 DAP15 Radio2 802 11a 64 11 00 0b 0e 08 e2 41 A Alphawsxt wx4400 DAP15 Radiol 802 110 11 14 00 0b 0e 08 e2 40 A AlphawXi wx4400 DAP14 Radiol 802 119 0 0 00 00 00 00 00 00 A AlphaWwXi wx4400 DAP13 Radio2 802 11a 153 14 00 0b 0e 0f 7a 01 M A Alphawst wx4400 DAP13 Radiot 802 119 6 14 00 0b 0e 0f 7a 00 Alphawxi wx4400 DAP12 Radio2 802 11a 56 11 00 0b 0e 03 34 81 bi RF Neighborhood 5SID B5SID Mapping Activity RF Environment Time Event Type Description Table 55 lists the information displayed on the tab Table 55 RF Monitor Activity Log Columns Column Description Time System date and time on the WX switch when the switch generated the SNMP trap for the event message Event Type Type of event that caused the message a Counter Measure Start The radio began countermeasures against a rogue transmitter Event information comes from the CounterMeasureStart trap Tx Power Change The RF Au
37. For example if the scope is Building select the building Select the time period for the report a 1 Hour a 24 Hours a 7 Days a 30 Days To select or change the output directory for the report click Choose navigate to the new directory and click Select 394 CHAPTER 15 GENERATING REPORTS 8 10 To prevent 3WXM from replacing an existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option Click Generate When the report is generated click the report link to view it The network usage report contains the following sections a Cumulative statistics for the scope of the report a Usage statistics on individual WX switches Generating an RF Summary Report A W N 6 The RF summary report lists summary RF statistics The data for this report comes from 3WXM Services The Enable RF trending option located in the RF Monitor group box of the Monitoring Settings tab must be enabled See Changing Monitoring Settings on page 500 Select the Reports tool bar option In the Report Category list select RF Reports In the Reports list select RF Summary Select the scope type of the report from the Report Scope Type drop down list a Mobility Domain a Wireless Switch a Site a Building a Floor a Coverage Area Select the instance for which you want the report For example if the scope is Building select the building Select the time per
38. Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format PDF or HTML on the 3Com World Wide Web site http www 3com com Conventions Table 1 and Table 2 list conventions that are used throughout this guide Table 1 Notice Icons Icon Notice Type Description Information note Information that describes important features or instructions Caution Information that alerts you to potential loss of data or potential damage to an application system or device 18 ABOUT THIS GUIDE This manual uses the following text and syntax conventions Table 2 Text Conventions Convention Menu Name gt Command Monospace text Description Indicates a menu item that you select For example File gt New indicates that you select New from the File menu Sets off command syntax or sample commands and system responses Bold text Highlights commands that you enter or items you select Italic text Designates command variables that you replace with appropriate values or highlights publication titles or words requiring special emphasis square brackets curly brackets Enclose optional parameters in command syntax Enclose mandatory parameters in command syntax vertical bar Keyboard key names Separates mutually exclusive options in command syntax If you must press two or more keys simultaneously the key names are linked with a plus sign
39. SSID box contains any and you do not change the SSID name the authentication rule allows clients who match the userglob to access any SSID Type the userglob that is allowed to use Web AAA to access the SSID or wired authentication port A user glob is a string containing wildcards that matches on one or more user names Type a full or partial username to be matched during authentication 1 to 80 alphanumeric characters with no spaces or tabs The format of a user glob depends on the client type and EAP method For Windows domain clients using Protected EAP PEAP the user glob is in the format Windows_domain_name username The Windows domain name is the NetBIOS domain name and must be specified in capital letters For example EXAMPLE sydney or EXAMPLE which specifies all usernames whose usernames contain periods Viewing and Configuring WebAAA Network Access Rules 315 For EAP with Transport Layer Security EAP TLS clients the format is username domain_name For example sydney example com specifies the user sydney in the domain name example com The marketing example com glob specifies all users in the marketing department at example com The user glob sydney engineering example com specifies the user sydney in the engineering department at example com 4 Click Next 5 If the authentication rule is disabled select Enabled When a rule is disabled 3WXM does not add it to the switch s configuration 6 Select the au
40. These numbered configurations do not however reference any physical port For more information including network requirements for Distributed MAPs see the Configuring MAP Access Points chapter of the Wireless LAN Switch and Controller Configuration Guide Viewing the Configured MAPs Creating a Distributed MAP A W N Viewing and Configuring MAPs 273 To view the configured MAPs Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to Wireless Select Access Points The MAPs that are configured on the WX switch appear in the Content panel The radio settings appear in the Content panel Each row in the table shows settings for an individual MAP To display all settings for a MAP select the MAP and click Properties A MAP can connect to the wired network through a direct 10 100 Ethernet connection to a WX or indirectly through other Layer 2 or Layer 3 wired networking devices Configure a Distributed MAP for each indirectly connected MAP Table 20 lists how many MAPs you can configure on a WX switch and how many MAPs a switch can boot The numbers are for directly connected and Distributed MAPs combined Table 20 Maximum MAPs Supported Per Switch WX Switch Model Maximum Configured Maximum Booted WxX4400 300 40 80 or 120 depending on the license WX1200 30 12 WXR100 8 3 For a MAP that is directly connected
41. This section contains procedures for configuring RF detection on an individual switch For an overview of RF detection and for specific information about the configuration options see Configuring Wireless Parameters on page 235 The tasks available here allow you to configure entries for permit lists the ignore list and the black list However you must enter the SSID Organizationally Unique Identifier OUI or MAC address you are adding to a list To add a value to a list by selecting it use the RF Detection window instead See Detecting and Combatting Rogue Devices on page 457 To convert a rogue into a third party AP see Converting a Rogue into a Third Party AP on page 471 To view RF detection settings Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to Wireless Select RF Detection The RF detection settings appear in the Content panel To add an entry to the permitted vendor OUI list Access the RF detection settings a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select RF Detection 2 In the Task List panel select Vendor OUIs 3 Select the device type s a Client a AP gt 6 Edit the OUI in the Vendor OUI box 7 Select the device type from the Type drop down list Client AP or All 1
42. Viewing and Changing Location Policy Rules 325 Viewing and Changing Location Policy Rules Viewing Location Policy Rules A W N During the login process the AAA authorization process is started immediately after clients are authenticated to use the WX switch During authorization MSS assigns the user to a VLAN and applies optional user attributes such as a session timeout value and one or more security ACL filters A location policy is a set of rules that enables you to locally set or change authorization attributes for a user after the user is authorized by AAA without making changes to the AAA server For example you might want to enforce VLAN membership and security ACL policies on a particular WX based on a client s organization or physical location or assign a VLAN to users who have no AAA assignment For these situations you can configure the location policy on the switch You can use a location policy to locally set or change the Filter ld and VLAN Name authorization attributes obtained from AAA Conditions within a rule are ANDed All conditions in the rule must match in order for MSS to take the specified action If the location policy contains multiple rules MSS compares the user information to the rules one at a time in the order the rules appear in the switch s configuration file beginning with the rule at the top of the list MSS continues comparing until a user matches all conditions in a rule or until there
43. a ZANEN e Ga Alp h at 5 XR 100 Alph aW X1 Cu X4400 AlphaNET4_1_C Alerts Alpha n 200 3 Select an object in the Organizer panel Monitored data for the selected object is displayed Using the Explore The Explore view shows the status of 3Com equipment within the scope Window of the object selected in the Equipment or Sites section of the Organizer panel a f you select a Mobility Domain or WX switch 3WXM presents a link based view of the equipment You can hide or redisplay the MAP access point connections on a WX switch by clicking on the minus sign or plus sign in the right corner of the object Likewise you can hide or redisplay the WX switches in a Mobility Domain 404 CHAPTER 16 MONITORING THE NETWORK HZ Explore GXQA H8 BL 8 Bla Era 10 Equipment 2 o scone DAP 13 MAP Empty z 00 2 Clients DAP12 MikesOffice DAP13 MAP Empty g 3 DAP14 MAP 5 Empty DAP1S MAP Cafe Ext DAP16 DAP16 DR AlphawxX2 wx1200 Alphawx3 wx1200 Bs AlphawxS WXR100 Pea Clients Alphawx4 Wwx1200 Sites g 9 DAP 14 MAP S Empty DAP 1 FishBowl352 O Clients o DAP 15 MAP C afe Ext O Clients T l R f you select a MAP access point radio wiring closet or coverage area in the Sites section of th
44. a f you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server no authentication and authorization are attempted with the other methods specified in the list a f you specify LOCAL as the first method and a user is not in the local user database on the WX authentication and authorization are attempted with a RADIUS server group if one is defined in the method list The methods you select for authentication are also used for authorization You also can configure accounting for Start Stop or Stop Only messages The authentication method s for accounting can be but are not required to be the same as the method s for authentication and authorization If you plan to specify a RADIUS server group configure the group first before using the wizard To be available for selection in the wizard the RADIUS server group must already be configured before you open the wizard See Viewing and Configuring RADIUS Settings on page 298 To view wireless services Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to Wireless Select Wireless Services The service profiles appear in the Content panel Each row in the table shows settings for an individual service profile To display all settings for a service profile select the service profile and click Properties 242 CHAPTER 7 CONFIGURING WIRELESS PARAM
45. cost TOS defined are filtered 2 maximum reliability Packets with maximum reliability TOS defined are filtered 4 maximum throughput Packets with maximum throughput TOS defined are filtered 8 minimum delay Packets with minimum delay TOS defined are filtered By default the TOS value is 1 any In addition to these specific values you can specify a number from 1 to 15 that is the sum of TOS option values For example to select minimum delay and maximum throughput as the TOS options type 12 which is the sum of the two values d Click OK Select the action from the Action drop down list a Permit allows access if the conditions in the ACE are matched a Deny refuses access if the conditions in the ACE are matched To mark the packet with a CoS value select the value in the CoS box Packet Priority MAP Forwarding Desired CoS Value Queue Assignment Background 1or2 4 Best effort Oor3 3 Video 4or5 2 Voice 6or7 1 By default the CoS value is 1 any Repeat step 3 to step 11 for each ACE To reorder the ACEs select an ACE and click the up or down arrow to move it 14 Click OK to save the ACL The ACL appears in the ACL table 226 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Configuring Advanced ACL Settings gt After you configure an ACL you can configure the following advanced settings Hit counter enable or disable a Hit sample rate applies if the hit counter is enab
46. encrypted This security level is the same as the authPriv level described in SNMPv3 RFCs 168 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS AuthRequest UnsecuredNotify SNMP message exchanges are authenticated but are not encrypted and notifications are neither authenticated nor encrypted The only security level supported for SNMPv1 and SNMPv2c is Unsecured To use a higher security level you must use USM SNMPv3 b Select the version s of SNMP you want the switch to run V1 V2c USM SNMPv3 c Click Next d In the Security Model drop down list select the security model to use specifically for SNMP communications between the switch and 3WXM USM SNMPv3 V1 e If you selected USM then select the minimum level of security for SNMP communication between the switch and 3WXM Services Unsecured SNMP message exchanges are not secure This is the default and is the only value supported for SNMPv1 and SNMPv2c This security level is the same as the noAuthNoPriv level described in SNMPv3 RFCs a Authenticated SNMP message exchanges are authenticated but are not encrypted This security level is the same as the authNoPriv level described in SNMPv3 RFCs Encrypted SNIMP message exchanges are authenticated and encrypted This security level is the same as the authPriv level described in SNMPv3 RFCs f Click Next g Type the USM name or community string name in the corresponding box h
47. from the VLAN IP drop down list To modify the enable password edit the string in the Enable Password box Use this option when you are creating a new switch in 3WXM This option modifies the password in the network plan However if the switch is already deployed in the network 3WXM cannot apply configuration changes to the switch unless the enable password in 3WXM matches the enable password already configured on the switch Click WX Associations To change the switch s Mobility Domain membership select the Mobility Domain from the Mobility Domain drop down list To leave the switch out of all Mobility Domains select Not Assigned To change the switch s wiring closet membership select the closet from the Wiring Closet drop down list To leave the switch out of all wiring closets select Not Assigned Click OK to save the changes and close the wizard Edit other parameters as required See the rest of this chapter and the following two chapters If you have already deployed a WX switch in the network and you want to add the switch to the network plan you can upload the switch s configuration into 3WXM edit the switch then redeploy the switch with the new parameters See Uploading a WX Switch into the Network Plan on page 66 You can add a switch to the network plan by importing a switch configuration file The configuration is imported in XML format Use the procedure in Importing and Exporting Switch
48. information about a rogue select the rogue Detailed information appears in the rogue details section of the screen The rogue details section contains the following tabs a Current Current Hour Current Day and History List rogues detected during the most recent polling interval the most recent hour the most recent day or detected farther back in the past Toolbar Options Using the Rogue Detection Screen 463 a Activity Log Lists activity appearance or disappearance of the rogue selected in the rogue list The entries in the Activity Log tab come from either of the following sources Notification data received from a switch 3WXM Services if they detect the appearance or disappearance of the rogue when compared to the previous set of rogue data 3WXM Services keeps events in a circular log Once the log becomes full 3WXM Services purges old entries to make room for new ones However 3WXM Services never purges the entries for the first appearance and first disappearance of a rogue The Rogue Detection tab has a toolbar Table 59 lists the options on the toolbar Table 59 Toolbar Options on Rogue Detection Screen Icon Description Edit 3WXM preferences ie Configure 3WXM Services Launch Help Refresh the information Filters Opens the Rogue List Filter Options dialog box which enables you to filter the rogue list Displays the rogue s location on the floor plan See
49. on the Service Settings tab See Changing Service Settings on page 497 To configure 3WXM client to remember the username and password for 3WXM Services access select Remember user name and password To automatically reopen the network plan that you worked with most recently leave Open Network Plan selected If the Open Network Plan option is selected and this is the first time you are accessing the server from this client 3WXM Services opens a new blank network plan Click Next Certificate Check Connecting to 3WXM Services 495 If the Certificate Check dialog is displayed click Accept For more certificate options see the next section Certificate Check If the Finish button does not become available read the last message in the message area of the page to determine why the service could not be reached Here are common error messages and suggestions for troubleshooting them m Unable to connect to address ip addr tcp port number Verify that the service is running on the server m Connection error for address ip addr tcp port number Verify that the service has been started If the service is running verify that the certificate on the server is still valid for example is not out of date m HTTP 403 Forbidden This message can indicate that the username and password are invalid Ask the administrator for a username and password When the 3WXM client connects to 3WXM Services the client checks
50. ry Display the view in reverse video Threshold Flags A red flag next to an object in the link view of the Explore view indicates that a threshold for the object has been exceeded The thresholds are defined by the 3WXM Services See Changing 3WXM Services Preferences on page 491 For example a red flag next to a MAP might indicate that the threshold for the number of active clients on a MAP has been crossed B ff e Explore RASH EBVERDS SE alphaNeT4_1_0 d Equipment S E 3Com ir H Alphawx1 wx4400 Alphawx2 wx1200 Alphawx 3 wx 1200 Sg Alphawx5 WXR100 DAP 1 DAP SUALab A G 3 Clients PO2 OutsideHotHouse DAP1 DAP SQALab A Alphawx4 wWx1200 Sites a Ema Alph aW X5 WXR 100 6 Clients 6 PO2 OutsideHotHousel 3 Clients Alerts 408 CHAPTER 16 MONITORING THE NETWORK 1 4 Sites B ze Explore p a a amp amp fl g HDE BE AlphaNET4 10 4 z Equipment 3Comair Alphawx1 Wx4400 Alphawx2 wWx1200 Alphawx3 wWx1200 x R100 P02 OutsideHotHouse You can click on the object that has the red flag for more information An asterisk indicates the statistic whose threshold was crossed In the example below the WX switch has a higher signal to noise ratio SNR than specified for the threshold
51. select Overwrite Existing Files If you do not select this option you cannot export a configuration file with the same name as an existing file in the output directory You can rename the existing file or move the file to another directory 5 To have 3WXM create a backup copy of a previous configuration file select Copy Files Before Overwriting 6 To include the default configuration commands in the exported file select Export Defaults 7 For each WX whose configuration you want to export make sure the Export checkbox is selected 8 Click Export to begin the exporting process Messages appear in the Status column in the WX List box and the Results box The configuration is saved in the directory that you specified 9 To close the Export Configurations dialog box click Close Modifying Configuration Change Polling Options 361 Modifying Configuration Change Polling Options By default 3WXM client polls WX switches in the network every 15 minutes for network changes and displays a popup message if changes are detected The popup message is in addition to notification in the Alerts panel To modify configuration polling options Select the Devices tool bar option Click Options on the Devices tab s toolbar The Managed Device Options dialog box appears To enable the detection of configuration changes in the network make sure Enabled is selected next to Poll for configuration changes To specify how often netw
52. select Display RF Coverage and the radio type from the drop down list To adjust the coverage select the MAP right click and select Edit Properties from the drop down list to display the Modify MAP or Modify DAP wizard In the wizard click the tab for the radio to display its configuration page edit the value in the Antenna Direction box and click OK 3WXM assumes that the external antenna will be installed so that the front faces in the direction of coverage not up or down and so that the antenna cable connector faces down or up 3WXM also assumes that the antenna does not provide any coverage behind itself The Antenna Type and Directionality of antenna boxes appear only if the MAP model supports an external antenna d In the Radio Profile list select the profile to which the radio belongs For more information see Viewing and Configuring Radio Profiles on page 263 e In the Channel Number list select the channel number for the radio If RF Auto Tuning for channel configuration is enabled setting this value has no effect The channel number is controlled by RF Auto Tuning f In the Transmit Power box specify the transmit power for the radio If RF Auto Tuning for power configuration is enabled setting this value has no effect The power level is controlled by RF Auto Tuning 280 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS a To change the maximum power level RF Auto Tuning can assign to the radio select
53. select the Watch option Using the Find Client dialog box to find a user You can use 3WXM to find users network clients on the network You can search for individual users based on specific criteria or you can find all users in a Mobility Domain Using the Client Monitor View 435 1 In the Client Monitor window click tal on the window s toolbar The Find Clients dialog box appears Find Clients Find Clients Please select search criteria and scope to proceed Search Criteria Find a specific user Find all users Username mike IP Address 0 0 0 0 MAC Address 00 00 00 00 00 00 VLAN Name Search Scope Mobility Domain 33 3ComAir gt Mobility Exchange fan X 2 Select one of the following a Find a specific user to find a user using specific search attributes Go to step 3 a Find all users to find all users Go to step 4 3 Use any or all of the following search criteria a In the Username box specify the username of the user you want to find a In the IP Address box specify the IP address of the user a In the MAC Address box specify the MAC address of the user a In the VLAN Name box specify the VLAN whose users you want to find 436 CHAPTER 16 MONITORING THE NETWORK When specifying search criteria you must provide an exact match For a username you can also specify the prefix of the username For example to find natasha
54. watch list adding users to 437 Web AAA Web Portal enabling 186 Web Portal enabling 186 wired authentication ports 179 wireless services 235 wiring closets creating 111 work orders generating 155 WX monitoring performance 198 WX software images 355 WX switches managing configuration files 345 managing system images 345 rebooting 356 X X 509 certificate types 369 INDEX 515 516 INDEX
55. 00 d9 03 802 114 ARAL Ae adnan 44 8 Building the AP Placement Points Done Place the AP Placement Points on the floor layout Click Finish to accept the changes lt Previous Finish Cancel Click next to the MAC address of each LOS point you want to import The MAC addresses are associated with specific radio types Select the MAC addresses for the radio types you want to use in the network Click Finish Place the LOS points on the floor plan Click Objects to Place in the Organizer panel to display the LOS points for each MAC address you selected Click on an LOS point to select it then move the cursor to the floor location and click again to place the LOS point LOS points in Organizer Panel Specifying the RF Characteristics of a Floor 103 LOS point placed in floor location e LJ Eile Tools He oo e 2 ads P4 lai Q 6 18 Back Foward Policies RF Planning Configuration Devices Monitor Verification Events BRAK AIEA BRBICHHEE WERT Obieastoflacec V ron corran ee Al 3 Ay AP Placement Point 00 0b 0e 00 d1 42 Ay AP Placement Point 00 0b 0e 00 d4 02 I t Floor L AP Placement Point 00 0b 0e 00 d4 03 7 ionis A AP Placement Point 00 0b 0e 00 d9 83 D gt Clean Layout H D Create RF Obstacles T gt Compute and Place rr gt Assign Channels t r P Compute Optimal Power n P Work Order Report HERI Site
56. 1 Average SNR 10 Average RSSI 77 E 3Comair E Alphawx1 wx4400 jast resort public 172 16 2 82 0 DAP 1 FishBowl352 DAP12 MikesOffice JAP 13 MAP Empty DAP14 MAP 5 Empty DAP15 MAP Cafe Ext DAP16 DAP16 Alphawx2 wx1200 Alphawx3 Wx1200 Alphawx5 WXR100 Alphas wx1200 Sites Alerts Access Type RSSI dBm 10 77 last AlphaNET4_1_0 Session Details Fri Dec 02 19 59 20 PST 2005 Session Properties Session Statistics j Location History Username last resort public IP Address MAC Address 00 09 5b e8 0F d3 VLAN Name vlan quest Start Time Fri Dec 02 16 00 28 PST 2005 Authentication Server 192 168 15 5 SSID public Access Type LAST RESORT EAP Type NONE Session State Active Refreshed at Fri Dec 02 20 00 51 PST 2005 Table 49 lists the data displayed on the Client Sessions tab when the scope is a WX switch MAP or individual radio Using the Client Monitor View 429 Table 49 Client Sessions Columns When Scope Is a WX Switch MAP or Radio Column Description Username Username the client used to log on to the network The username is shown in one of the following formats a Named user a Windows domain users using PEAP a MAC address for devices that are authenticated by MAC authentication IP Address IP address of the client MAC Address MAC address of the client SSID SSID with which the client is associated Acc
57. 3WXM installation directory on the 3WXM Services host Each time you save a configuration change 3WXM saves the changes to the network plan You do not need to explicitly save the network plan itself However if the network plan has unsaved changes when you select to exit 3WXM or close a network plan 3WXM displays a prompt to ask whether you want to save or discard the changes or cancel the request See Saving or Discarding Configuration Changes on page 34 56 CHAPTER 4 WORKING WITH NETWORK PLANS Opening a Network Plan 3Com recommends that you regularly back up the config db directory so that you have additional copies of your network plans In addition to this section see Managing Network Plans on page 503 If the plan has unsaved changes and 3WXM Services becomes unavailable before the changes are saved 3WXM client buffers the changes until 3WXM Services becomes available again However for the changes to be buffered you must leave your 3WXM client session open and leave the network plan open Saving a Network Plan with a New Name You can save a network plan with a new name by using the Save As feature To save a network plan with a new name In the main 3WXM window select File gt Save As The Save As Network Plan wizard appears In Specify Plan Name type a new network plan name Optionally you can select an existing network plan name to replace it Click Next You see the status of the save proces
58. 470 coverage areas defining 113 drawing 114 shared 113 specifying properties 117 118 specifying wireless technology for 116 unsupported polygon shape 114 D Daylight Savings Time configuring 172 deleting objects 42 diagnostics 198 Distributed MAP Auto AP profile 269 Distributed MAPs mapping ACLs to 228 distributing system images 354 512 INDEX distributing WX software images 355 DNS Domain Name System configuring 203 drawing cropping paper space 84 E error resolving 364 Event Viewer deleting filters 382 exporting filtered data 382 filtering by content 379 by facility 381 by severity 381 filters deleting 382 predefined 378 saving 382 predefined filters 378 reviewing event details 378 saving filters 382 events reviewing details 378 exporting configurations 359 performance data 455 image files distributing 354 image repository adding image 354 deleting image 354 using 354 importing configurations 359 installation software requirements 23 task overview 24 troubleshooting 26 installing 3WXM 24 P services ARP 205 configuring 201 DNS 203 IP aliases 203 NTP 204 static routes 202 F fast convergence features backbone fast convergence 213 port fast convergence 212 uplink fast convergence 213 Filter Id attribute reassigning with the location policy 325 L ayer O 87 ine of sight LOS points 99 ink notification 177 ink redundancy 184 oad balancing RADIUS server group 300 oa
59. 5 PLANNING THE 3COM MOBILITY SYSTEM Computing MAP Placement Computing and Placing MAP Access Points for a Coverage Area After you provide information about floor plans RF obstacles and wireless coverage requirements 3WXM can design your 3Com wireless network for this floor using the following process Compute and place MAPs See Computing and Placing MAP Access Points for a Coverage Area on page 136 a Assign channels to MAPs See Assigning MAP Channels on page 144 Compute optimal power See Computing Optimal Power on page 147 3WXM determines the number of MAPs that need to be installed in the area and the number of WX switches needed in the wiring closet if the floor has them and then places them on the floor plan You can move the MAPs on the floor plan to more convenient locations to simplify installation 3WXM also determines the WX to which a MAP should connect 3WXM assigns transmit power levels and channels for each MAP The power levels and association rates are set to optimize cell sizes for the coverage area 3WXM shows the expected simulated coverage of the completed design and allows you to see how the coverage changes when you make adjustments to MAP location or power levels When you perform Compute and Place for one or more coverage areas 3WXM automatically calculates the number of MAPs you require based on coverage area information and also places them in appropriate
60. 6 vertices 3 At the last vertex before completing the shape Right click to complete the polygon Click at the start of the line Drag the cursor to the end of the line Click to finish E line Click to exit Insert Area mode cursor 116 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM The Create Coverage Area wizard appears v Create Coverage Area Coverage Area Type Select the technology for this Coverage Area If the choice is For both 802 114 and 802 11b 11g two areas are created on the floor layout You can also change the dimensions for this Coverage Area Technology s02 11a and 802 119 x X Length Feet 35 775 gt Length Feet 24 975 gt Select the technology For this coverage area Next gt Go to Specifying the Wireless Technology for a Coverage Area Specifying the Wireless Technology for a Coverage Area To draw a coverage area see Drawing a Coverage Area on page 114 To specify wireless technology for a coverage area 1 In the Technology list select one of the following 802 11a 802 11b 802 11g 802 11a and 802 11b 802 11a and 802 11g Select 802 11a and 802 11b if the area requires 802 11a and 802 11b coverage Select 802 11a and 802 11g if the area requires 802 11a and 802 119 coverage When you specify a coverage area requiring different technologies 3WXM creates two areas that completely overlap each
61. 7 success change accepted Enable the DHCP client on VLAN 1 WX1200 set interface 1 ip dhcp client enable success change accepted Example 2 Deployment Site Has No DHCP and No DNS Staging a WX Switch for Configuration by 3WXM 337 Enable the auto config option WX1200 set auto config enable success change accepted Save the configuration changes WX1200 save config success configuration saved Power off or restart the switch The deployment site in this example does not have a DHCP server or a local DNS server Therefore IP and DNS information must be statically configured Because no DNS server is available an IP alias is configured to map the IP address of the host where 3WXM Services are installed to the well known hostname wlan config srv Configure a VLAN WX1200 set vlan 1 port 7 success change accepted Configure an IP interface on the VLAN WX1200 set interface 1 ip 192 168 1 252 255 255 255 0 success change accepted Configure a default route through the local gateway WX1200 set ip route default 192 168 1 1 1 success change accepted Configure the default DNS domain name WX1200 set ip dns domain example com Domain name changed Configure an IP alias to map the 3WXM server IP address to the well known name wlan config srv WX1200 set ip alias wlan config srv 172 16 22 84 Enable the auto config option WX1200 set auto config enable success change accepted Save the c
62. 802 1X Network Access Rules on page 306 MAC Access Access rules for MAC clients Rues See Viewing and Configuring MAC Network Access Rules on page 310 WebAAA Access rules for WebAAA Web Portal clients Access Rules See Viewing and Configuring WebAAA Network Access Rules on page 313 Last Resort Access Rules Access rules for last resort access See Viewing and Configuring Last Resort Network Access Rules on page 316 Admin Access Rules Access rules for administrative access to the WX switch See Viewing and Configuring WX Administrator Access Rules on page 318 Third Party APs Configuration settings for third party APs See Viewing and Configuring AAA Support for Third Party AP Users on page 322 Adding a WX Switch to the Network Plan 161 Table 16 WX Switch Object Types continued Category Object Type Description AAA cont Location Policy Policies to locally override VLAN or security ACLs assigned to a user by a RADIUS server See Viewing and Changing Location Policy Rules on page 325 Mobility Rules to allow or deny a specific user or group Profiles of users network access through specific MAPs or wired authentication ports See Viewing and Changing Mobility Profiles on page 328 Adding a WX Switch to the Network Plan Creating a WX Switch as Part of RF Planning Creating a WX Switch Using the Create Wire
63. ACL Access the ACL table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select ACLs 2 Select any ACE in the ACL you want to delete 3 In the Task List panel select Delete ACL 1 u A W N To delete an individual ACE from an ACL Access the ACL table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select ACLs Select any ACE in the ACL In the Task List panel select ACL Rules Select the ACE and click Delete Click OK You cannot delete the ACE at the bottom of the list This ACE is added to the ACL automatically and cannot be deleted The ACE at the bottom denies all traffic that does not match other ACEs in the ACL Viewing and Changing CoS Mappings 231 Viewing and Changing CoS Mappings Viewing CoS Mappings MSS supports Layer 2 and Layer 3 classification and marking of traffic to help provide end to end QoS throughout the network QoS support includes support of Wi Fi Multimedia WMM which provides wireless QoS for time sensitive applications such as voice and video QoS support is automatically enabled WX switches and MAPs each provide QoS a WX switches classify and mark traffic based on 802 1p tag value for tagged traffic or Differentiated Services Code Point DSCP value a M
64. An SNMP management application using the string can get object values on the switch but cannot set them The switch can use the string to send notifications notify only The switch can use the string to send notifications read write An SNMP management application using the string can get and set object values on the switch notify read write An SNMP management application using the string can get and set object values on the switch The switch can use the string to send notifications 4 Click OK Viewing and Changing Management Settings 189 Configuring a USM SNMP V3 User Access the Create USM User wizard ao 0 oO e Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select Management Services In the Task List panel select USM User In the Username box type the name of the SNMPv3 user The name can be 1 to 32 alphanumeric characters with no spaces or tabs Select the access type read only An SNMP management application using the string can get read object values on the switch but cannot set write them This is the default read notify An SNMP management application using the string can get object values on the switch but cannot set them The switch can use the string to send notifications notify only The switch can use the string to send notifications read write An SNMP management application us
65. But adding major obstacles before you import the survey results helps 3WXM provide a more complete set of RF obstacles In 3WXM indicate the positions where you will place the portable AP These positions are line of sight LOS points You can create the LOS points in 3WXM or import them from a comma separated values CSV file In either case you must assign a unique MAC address to each LOS Even though each LOS will use the same portable AP each position where you use the AP must have a unique MAC address See Adding LOS Points on page 100 You can place the LOS points at the places where you are thinking of installing the permanent MAPs but this is not a requirement In 3WXM generate a site survey order The site survey order includes the locations and MAC addresses of the LOS points and also provides a GIF image of the floor See Generating a Site Survey Order on page 106 In the site survey tool import the GIF of the floor plan and use the map name specified in the site survey work order Place the portable AP at the first LOS position and assign it the MAC address specified in the work order Start the site survey tool on the laptop PC and take the measurements See the Ekahau site survey documentation for specific instructions In 3WXM import the RF measurements from the site survey file See Importing RF Measurements on page 108 In 3WXM build the attenuation library This task updates the attenu
66. Channels 144 Computing Optimal Power 147 Verifying the Wireless Network 150 Showing RF Coverage 150 Placing RF Measurement Points 151 Using RF Interactive Measurement Mode 153 Reading the RF Measurement Table 153 Generating RF Network Design Information 155 CONFIGURING WX SYSTEM PARAMETERS WX Switch Configuration Objects 157 Adding a WX Switch to the Network Plan 161 Creating a WX Switch as Part of RF Planning 161 Creating a WX Switch Using the Create Wireless Switch Wizard 161 Creating a New WX Switch Based on a Configured Switch in the Network Plan 162 Adding a Switch by Uploading its Configuration from the Network 163 Adding a Switch by Importing a Configuration File 163 Configuring Basic and Advanced Settings 164 Reviewing and Deploying Changes 164 Reviewing Changes 164 Deploying Changes 165 Using the Create Wireless Switch Wizard 165 Setting Up a Switch 167 Modifying Basic Switch Parameters 170 Changing the WX Software Version 172 Changing the WX Model 172 Changing Timezone Properties 172 Changing System Information 173 Converting Auto DAPs into Statically Configured DAPs 174 Deleting Auto DAPs 175 Launching a Telnet Management Session with the Switch 175 Launching a Web Management Session with the Switch 176 Viewing and Changing Port Settings 176 Viewing Port Settings 176 Changing Port Settings 176 Configuring a Port for a Directly Connected AP 178 Configure a Port for Wired Authentication 179 Viewing and Changing Port Gr
67. Click the plus sign next to System ao a oO Select IP Services e In the Task List panel select IP Alias In the Host Name box type the name of the IP alias 1 to 32 characters with no spaces or tabs You cannot use the word all as the name of an IP alias In the Host IP Address box type the IP address that the IP alias is mapped to 4 Click Finish You can configure the WX switch to resolve hostnames to their IP addresses by querying a Domain Name Service DNS server By enabling DNS you can specify a hostname rather than an IP address For example rather than typing telnet 10 1 2 3 you could type telnet monterey example com By default DNS is not enabled You can specify one primary DNS server and up to five secondary DNS servers You configure DNS by performing the following tasks a Enable the DNS client and configure a default domain name for DNS queries a Specify the IP addresses of the DNS servers To enable DNS and create a DNS server Under DNS in the Content panel select Enabled In the Default DNS Domain box type the default domain suffix that is appended to a hostname if the hostname cannot be resolved as entered The suffix can be up to 64 characters long with no spaces or tabs 3 Access the Create DNS Server wizard a Select the Configuration tool bar option 204 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Configuring NTP b In the Organizer panel click the plus sign next to the WX swit
68. Client Monitor view s toolbar The Clear User dialog box appears 3 Doone of the following a Click Yes to terminate the session then click Close a Click No to cancel the termination request 442 CHAPTER 16 MONITORING THE NETWORK Using the RF Monitor View i f amp AE alphaneT4_ Equipment The RF Monitor view shows detailed RF information for each radio Radio information is displayed in the following tabs RF Monitor 10 3ComAir E Alphawx1 wx4400 DAP 1 FishBowl352 DAP 12 MikesOffice DAP13 MAP Empty DAP14 MAP 5 Empty DAP15 MAP Cafe Ext DAP16 DAP16 Alphawx2 wx1200 E Alphawx3 wx1200 Alphawx5 WXR100 Alphawx4 wx1200 Sites Alerts RF Neighborhood lists the other transmitting devices that the radio can hear SSID BSSID Mapping lists the MAC address associated with each SSID the radio can hear Activity lists log messages for the radio RF Environment lists 802 11 statistics for the radio Radio Type Channel Tx Power dBm MAC A Alphawx1 Wx4400 DAP16 Radio2 802 11a 60 00 B3 A Alphawxi wx4400 DAP16 Radio1 802 119 1 9 00 0b 0e 30 91 c0 RF Neighborhood SSID B5SID Mapping Activity RF Environment Show RF Neighbors Transmitters heard by this Radio O Listeners who heard this Radio Neighbor BSSID Channel RSSI Unknown Radio 00 0b 0e 14 d5 c1 36 74 a Unknown Radio 00 0b 0e 30 30 01 36
69. Configuration Files on page 359 to import the switch s configuration file In the Organizer panel click the plus sign next to the new WX switch to expand the configuration options Select a configuration option then use the instructions in this chapter or one of the following chapters to modify the configuration information a Chapter 7 Configuring Wireless Parameters on page 235 a Chapter 8 Configuring Authentication Authorization and Accounting Parameters on page 287 164 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Configuring Basic and Advanced Settings Clicking on an option in the Task List panel opens a configuration wizard Configuration wizards enable you to configure basic settings for an object For most types of WX switch objects after you configure the settings and close the wizard the new object is added to a table in the Content panel Some objects have advanced infrequently modified settings that are not configurable using the wizard To configure advanced settings for an object listed in a table in the Content panel select the object then click Properties The Properties button opens a configuration dialog containing all configurable settings for the object including the advanced settings For simple changes you can select multiple objects and click Properties to make the change for all the selected objects For example to disable or reenable multiple ports you can select all the por
70. Current Members list 244 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS gt 15 Configuring a Voice over Wireless Service If you have not planned RF coverage or configured any MAPS in the network plan yet no radios are listed You can add the radios later Select the radio profile click Properties then select Radio Selection See Configuring Advanced Radio Profile Settings on page 265 d Go to step 15 Click Finish The service profile appears in the service profile table If the VoIP devices use Wi Fi Multimedia you do not need to configure a service profile WMM is supported automatically A voice service profile is required only for non WMM devices Access the Voice Service Profile wizard a Inthe Organizer panel click on the plus sign next to the WX switch on which you want to configure the service profile b Click on the plus sign next to Wireless c Select Wireless Services d In the Task List panel select Voice Service Profile 2 Read the description of the wizard on the first page then click Next 3 Edit the service name in the Name box Editing the name is optional if this is the first service of this type you are configuring on the switch Type the SSID name in the SSID box 5 Select the SSID type from the SSID Type box a Encrypted Traffic on the SSID is encrypted a Clear traffic on the SSID is unencrypted Select the VoIP vendor from the Vendor drop down list a SpectraLink Non
71. DAP either is converted into a configured MAP or reboots and then connects to a different WX However if an Auto DAP leaves the network without being converted into a statically configured MAP or connecting to a different WX 3WXM continues to list the DAP as a device being managed by the WX In this case you can manually delete the MAP from the WX switch s Auto DAP list This procedure does not delete an active Auto DAP To remove an Auto DAP that is still attached to the network remove it from the network Unplug it or power it down Then use this procedure to remove it from the Auto DAP list To delete an Auto DAP Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select Delete Auto APs The Delete Auto APs wizard appears The MAPs that were configured using a Distributed MAP template are listed Select the Auto DAP that is no longer on the network 5 Click Next 6 Click Finish This option is available only if the switch is running and can be reached through the network by 3WXM Services This option also requires the Managed option for the switch to be enabled See step 6 in Modifying Basic Switch Parameters on page 170 Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select Launch Telnet 176 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Launching a Web Management Session
72. Devices box then click the Add button to move it to the Current Devices box To remove a WX switch from the wiring closet click the WX switch in the Current Devices box then click the Remove button to move it to the Available Devices box If there are two or more WX switches in the wiring closet you can change the order in which 3WXM checks switches for free ports If there are no free ports on the switches listed 3WXM creates and inserts a new switch in the wiring closet Select a WX switch and click the Up or Down buttons to change the order of the switches 8 Click Finish to save the changes Defining a Coverage Area ao uh WN N Defining Wireless Coverage Areas 113 Using the coverage area drawing tool you can specify the coverage area graphically on your floor plan You perform the following tasks to define a coverage area Drawing a Coverage Area on page 114 Specifying the Wireless Technology for a Coverage Area on page 116 Specifying Coverage Area Properties on page 117 Specifying Floor Properties for the Coverage Area on page 118 Specifying Default Device Settings for the Coverage Area on page 119 Specifying Redundancy Computation for MAPs in the Coverage Area on page 120 Configuring Capacity Calculation for Data on page 122 Configuring Capacity Calculation for Voice on page 123 Specifying Mobility Domain Radio Profile and Wiring Closet Associations on page 125 Share
73. Example Press Ctrl Alt Del Words in italics Italics are used to a Emphasize a point Denote a new term at the place where it is defined in the text a Highlight an example string such as a username or SSID Documentation The 3WXM documentation set includes the following documents a Wireless LAN Switch Manager 3WXM Release Notes These notes provide information about the system software release including new features and bug fixes a Wireless LAN Switch and Controller Release Notes These notes provide information about the system software release including new features and bug fixes a Wireless LAN Switch and Controller Quick Start Guide This guide provides instructions for performing basic setup of secure 802 1X and guest WebAAA access for configuring a Mobility Domain for roaming and for accessing a sample network plan in 3WXM for advanced configuration and management Documentation Comments 19 Wireless LAN Switch Manager Reference Manual This manual shows you how to plan configure deploy and manage a Mobility System wireless LAN WLAN using the 3Com Wireless LAN Switch Manager 3WXM Wireless LAN Switch Manager User s Guide This guide shows you how to plan configure deploy and manage a Mobility System wireless LAN WLAN using the 3Com Wireless LAN Switch Manager 3WXM It contains information about recommended system requirements you should meet for optimum 3WXM performance ins
74. Noise Noise threshold on the active channel RF Auto Tuning higher noise levels prefers channels with low noise levels over channels with CRC Errors Number of frames received by the radio on that active channel that had CRC errors A high CRC error count can indicate a hidden node or co channel interference PHY Errors Number of packets that could not be decoded by the MAP This condition can have any of the following causes a Collision of an 802 11 packet a Packet whose source is too far away thus rendering the packet unintelligible by the time it reaches the MAP Interference caused by an 802 11b g phone or other source It is normal for this counter to be about 10 percent of the total RxByte count It is also normal for higher data rates to have higher Phy error counts than lower data rates Using the RF Trends View 447 Table 56 RF Monitor Environment Columns continued Column Description Pkt Re transmissions Number of retransmitted packets sent from the client to the radio on the active channel Retransmissions can indicate that the client is not receiving ACKs from the MAP radio Utilization Number of multicast packets per second that a radio can send on a channel while continuously sending fixed size frames over a period of time The number of packets that are successfully transmitted indicates how busy the channel is Using the RF Trends View Bk a RF Trends 5 AlphaNET4_1_0 Eq
75. P Country Code Other gt Work Order Report 1 In the Site Name box type a name for the site 1 to 80 alphanumeric characters with no spaces or tabs To change the Country Code select Setup Country Code in the Task List panel then in the Change Country Code dialog select the country where the network is to be deployed In the Channel Set 802 1 1b g list select the set of operating channels for any 802 11b g MAP radios you plan to use if different from the default From the Content panel you can also change the properties of existing buildings at the site See Creating or Modifying Buildings in a Site next for more information 74 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Creating or To create or modify a building in a site Modifying Buildings in a Site 1 Select the RF Planning tool bar option 2 In the Organizer panel click the site name 3 Do one of the following If you are creating a new building click on the site name in the Organizer panel and select Create Building in the Task List panel A series of dialog boxes prompts you for information about the new building f you are modifying an existing building select the building name in the Content panel for the site then click Properties A dialog box allows you to edit the building s properties a Inthe Organizer panel click on the plus sign next to the site name to expand it then click on the name of the building you
76. RF Auto Tuning e If the MAP has two radios click Next and repeat this step for the other radio Otherwise go to step 11 Click Finish To change the MAP WX security mode for all Distributed MAPs select the value from the Security Mode drop down list a None Management traffic between Distributed MAPs and the WX is not encrypted even for MAPs that support encryption a Optional Distributed MAPs can be managed by the switch even if they do not have encryption keys or their keys have not been verified by an administrator Encryption is used for MAPs that support it a Require Distributed MAPs can be managed by the switch only if they have encryption keys and their keys have been verified by an administrator If a MAP does not have an encryption key or the key has not been verified the WX does not establish a management session with the MAP The setting applies to all Distributed MAPs booted and managed by the switch A change to this setting affects only new management sessions established after you deploy the change to the switch The change does not affect existing sessions After you configure a MAP you can select the MAP and click Properties to display a configuration wizard that contains all the configurable parameters for the MAP You also can edit values listed in the table by editing them in the table itself Access the MAP table a Select the Configuration tool bar option b In the Organizer panel click the
77. The system IP address is listed even if the switch was using a RADIUS server to authenticate the client SSID SSID the client was requesting Failure Cause Cause of the failure Description Table 42 Activity Details for Authorization Failure Column Description User Name Username of the client MAC Address MAC address of the client Auth Protocol Type 802 1X protocol used to authenticate the client a EAP TLS a MD5 a NONE a PASS THROUGH a PEAP a N A Location Policy Index Rule number of a location policy rule used to change authorization attributes for the client Using the Client Monitor View 423 Table 42 Activity Details for Authorization Failure continued Column Description Authorization Failure Cause Client Location Session ID Auth Server IP SSID User Parameters Failure Cause Description Reason the authorization failure trap was generated a acl mismatch crypto type mismatch end_date_mismatch a location policy mobility profile mismatch a other a ssid mismatch a Start_date_mismatch timeofday mismatch user param vlan tunnel failure Mobility Domain WX switch MAP and radio that were dealing with the client ID used by 3Com equipment to track the session within the Mobility Domain System IP address of the WX switch that was attempting to authenticate the client Note The system IP address is listed even if the switch was using a RADIUS server to a
78. To configure a Web Portal WebAAA service Access the Web Portal Service Profile wizard a In the Organizer panel click on the plus sign next to the WX switch on which you want to configure the service profile b Click on the plus sign next to Wireless c Select Wireless Services d In the Task List panel select Web Portal Service Profile 2 Read the description of the wizard on the first page then click Next 3 Edit the service name in the Name box Editing the name is optional if this is the first service of this type you are configuring on the switch Type the SSID name in the SSID box Select the SSID type a Encrypted traffic on the SSID is encrypted a Clear Traffic on the SSID is unencrypted Click Next a f you selected Encrypted in step 5 configure the encryption settings Go to step 7 248 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS a If you selected Clear in step 5 go to step 15 Select the security modes you want the SSID to support You can select one or more of the following RSN WPA2 WPA Static WEP 8 Click Next 10 11 12 13 14 15 If you selected RSN or WPA in step 7 you can select whether to use dynamically generated keys or static keys based on a passphrase a To use dynamically generated keys leave the Pre shared Key box blank and go to step 10 a To use static keys type a string from 8 to 63 characters long in the Pre shared Key box and click Generate Cli
79. To display the configuration settings in a policy click on the policy The settings appear in the Content panel To create a new policy click Policy in the Task List panel See Configuring and Applying Policies on page 373 40 CHAPTER 2 WORKING WITH THE 3WXM USER INTERFACE Table 9 3WXM Tool Bar Options continued Option Description RF Planning Display the tree of configured sites in the Organizer panel To display information about a site or an object in that site click on it The information appears in the Content panel To perform site related tasks click task links in the Task List panel See Planning the 3Com Mobility System on page 69 Configuration Display the tree of configured devices in the Organizer panel To display information about a device or a configuration area within that device click on it The information appears in the Content panel To perform device related tasks click task links in the Task List panel See Configuring WX System Parameters on page 157 Devices Display a list of the WX switches in the network plan a To upload restart or change the management status of switches view scheduled tasks or distribute certificates use the Device tab To review and either allow or disallow local and network changes or to schedule configuration deployment use the Changes tab TO manage and distribute MSS software images
80. Tools Option Description ipm Edit 3WXM preferences f Th Configure 3WXM Services i E Launch Help RF Planning Overview 71 Table 12 Toolbar icons available in RF Planning Tools continued Option Description Adjust the paper space crop the drawing Define the drawing scale Sa 8 Change the grid size Zoom in Zoom out Fit view in window Print the view displayed in the floor display area Toggle AP label Copy selected objects Paste selected objects Undo last change Redo last change Group selected objects Jo aT oe 0 pep 4 Ungroup selected objects T zli Pal 5 Select all visible objects E Assign layers to selected objects ge i Create RF obstacle Edit properties Remove RF obstacle information B53 Delete selected components 72 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Table 12 Toolbar icons available in RF Planning Tools continued Option Description iy View or change dimensions Place an RF measurement point alll a Show 802 11a RF coverage in the floor display area lA T Show 802 11b RF coverage in the floor display area Bi cc Show 802 11g RF coverage in the floor display area Wai z Hide display of 802 11 RF coverage in the floor display area Creating or A site is a folder that contains the buildings in
81. Using the Client Monitor View 421 Table 40 Activity Details for Association Failure Column Description MAC Address Failure Cause Client Location SSID Failure Cause Description MAC address of the client Cause of the association failure already exist a cipher mismatch a cipher rejected a load balance a other switching ssid wep not configured Mobility Domain WX switch MAP access point and radio that were dealing with the client SSID the client was requesting Cause of the failure Table 41 Activity Details for Authentication Failure Column Description User Name MAC Address Auth Protocol Type Authentication Failure Cause Username of the client MAC address of the client 802 1X protocol used to authenticate the client a EAP TLS a MD5 a NONE a PASS THROUGH a PEAP Reason the authentication failure trap was generated a invalid password a other a server timeout signature failed a user does not exist a user glob mismatch 422 CHAPTER 16 MONITORING THE NETWORK Table 41 Activity Details for Authentication Failure continued Column Description Client Location Mobility Domain WX switch MAP access point and radio that were dealing with the client Session ID ID used by 3Com equipment to track the session within the Mobility Domain Auth Server IP System IP address of the WX switch that was attempting to authenticate the client Note
82. WMM SVP devices Vocera Non WMM Vocera devices a Avaya Non WMM Avaya devices Other Non WMM devices that are not SVP or Avaya phones Click Next 10 11 12 13 14 15 16 Viewing and Configuring Wireless Services 245 The next step depends on the encryption type you selected in step 5 a f you selected Encrypted go to step 8 a f you selected Clear go to step 18 Select the access type a 802 1X Access Device is allowed onto the SSID only after successful authentication using 802 1X a MAC Access Device is allowed onto the SSID only if its MAC address matches an entry on a RADIUS server or the switch s local database a Open Access All devices are allowed onto the SSID Click Next Select the security modes you want the SSID to support You can select one or more of the following a RSN WPA2 a WPA a Static WEP Click Next If you selected RSN or WPA in step 10 select the encryption algorithms to use Otherwise go to step 16 a AES CCMP Usually used with RSN WPA2 a TKIP Usually used with WPA a WEP 104 Used with dynamic WEP a WEP 40 Used with dynamic WEP Click Next If you selected RSN or WPA in step 10 you can select whether to use dynamically generated keys or static keys based on a passphrase a To use dynamically generated keys leave the Pre shared Key box blank and go to step 15 a To use static keys type a string from 8 to 63 characters long in the Pre
83. WX SYSTEM PARAMETERS gt um F amp F WU N You cannot add MAP ports or wired authentication ports as static multicast ports However MSS can dynamically add these port types to the list of multicast ports based on multicast traffic To add or remove static multicast router and receiver ports Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs In the Content panel select the VLAN Click Properties Click the VLAN Member Details tab To add a static multicast receiver port select the Forward Multicast IP Out checkbox for each port you want to add By default ports are not selected To remove a static multicast receiver port clear the checkbox To add a multicast router port select the Multicast Router Present checkbox for each port you want to add By default ports are not selected To remove a static multicast receiver port clear the checkbox Click OK Restricting Layer 2 Traffic Among Clients in a VLAN OU AUN N Viewing and Configuring VLANs 217 By default clients within a VLAN are able to communicate with one another directly at Layer 2 You can enhance network security by restricting Layer 2 forwarding among clients in the same VLAN When you restrict Layer 2 forwarding in a VLAN MSS allows Layer 2 forwarding only between a client and a set of MAC addresses ge
84. a f you do not want to replace the objects in the open plan with their like named objects in the other plan click Close 3WXM does not import any objects from the plan a f you do want to replace the objects click Import Plan 3WXM imports the objects into the open plan Click Close You can close a network plan at any time If you have unsaved changes you are asked whether you want to save the changes To close a network plan In the main 3WXM window select File gt Close or File gt Exit If the network plan has no unsaved changes the network plan is closed Otherwise go to the next step If there are unsaved changes 3WXM displays a dialog asking whether you want to save the changes discard them or cancel the request to close the plan or exit the application Do one of the following Select Apply to save the changes and close the plan a Select Discard to close the plan without saving the changes Select Cancel to cancel the request to close the plan or exit the application and continue working with the plan You can delete a network plan at any time CAUTION The Delete Network Plan wizard has a Cancel button but this button does not cancel deletion of a network plan 3WXM deletes the plan as soon as you click Next You cannot delete the currently active plan To delete the active plan first use the File gt Switch Network Plan option to select another plan to be active then delete the plan Sharing a Ne
85. a directly connected MAP in a port converts the port to a MAP access port If the port is a statically configured member of a VLAN the port is removed from the VLAN Click Next 5 Select the MAP model from the MAP Model list 10 To select the radio type for a single radio model click the MAP Radio Type box and select the radio type from the list a 11a 802 11a a 11b 802 11b only 11g 802 11b g Click Next The non editable number 1 or 2 indicates the radio number on the MAP To select the radio type for a single radio model click the MAP Radio Type box and select the radio type from the list a 11a 802 11a a 11b 802 11b only 11g 802 11b g Click Next Configure the radios a To enable the radio select Enabled b In the Radio Profile list select the profile to which the radio belongs For more information see Viewing and Configuring Radio Profiles on page 263 gt gt 11 Changing the MAP WX Security Mode Configuring Advanced MAP Settings Viewing and Configuring MAPs 277 c Inthe Channel Number list select the channel number for the radio If RF Auto Tuning for channel configuration is enabled setting this value has no effect The channel number is controlled by RF Auto Tuning d In the Transmit Power box specify the transmit power for the radio If RF Auto Tuning for power configuration is enabled setting this value has no effect The power level is controlled by
86. a name for the backup and click OK The status is displayed in the Status window When the backup is complete it appears in the list of backups If you do not see the backup scroll to the bottom of the list 4 Click Close to close the dialog 504 CHAPTER B CHANGING 3WXM SERVICES PREFERENCES Changing Backup Settings Restoring a Plan from a Backup Copying a Plan Backup from One Server to Another To change settings for automatic backups 1 Access the Backup Restore dialog To change how often 3WXM automatically backs up network plans select Hourly or Daily from the Backup interval drop down list If you select Daily specify the time to create the backup To change the maximum number of backup copies 3WXM will keep for a plan change the number in the Number of backup copies box Click Save 5 Click Close to close the dialog 1 2 3 4 A W N To restore a plan from a backup Access the Backup Restore dialog Click on the backup you want to restore Click Restore Click Close to close the dialog You can copy a plan to another server by copying that plan s backup file to the other server then restoring the plan on the other server from the backup To copy a network plan backup from one server to another Access the Backup Restore dialog Click on the backup you want to transfer Click Transfer The Transfer Backup dialog appears Select the destination a Server Activates the boxes in the S
87. accepting 351 checking for 482 reviewing 350 352 synchronizing 350 verifying troubleshooting 363 network configuration changes undoing 351 network plans closing 58 creating 54 deleting 58 managing 55 opening 56 saving 55 P paper space cropping 84 pasting objects 42 performance data exporting 455 sorting 452 viewing 451 viewing details 452 policies 373 port link notification 177 port fast convergence 212 port groups definition 184 link redundancy 184 ports mapping ACLs to 228 network 176 wired authentication 179 power optimal 147 preferences certificate management 484 logging 488 network synchronization 482 resetting all preferences 481 resetting tab values 481 RF planning colors 485 tools 484 user interface 482 profile Auto AP 269 514 INDEX R radio profiles configuring 263 defined 263 radios configuring 281 RADIUS Remote Authentication Dial In User Services server groups connecting to 298 defining 300 RADIUS Remote Authentication Dial In User Services servers connecting to 298 defining default values 301 rebooting MAPs 356 WX switches 356 reports work orders 155 RF detection configuring 282 RF measurement point 151 RF obstacles considerations 94 creating 94 RFC 3164 syslog servers 198 roaming behavior 60 rogue detection configuring 282 rules disabling or reenabling 367 S saving network plans 55 with new name 56 sites defined 72 SNMP Simple Network Management Proto
88. addresses of the traffic The WX assigns a traffic flow to an individual port in the group and uses the same port for all subsequent traffic for that flow A port group ensures link stability by providing redundant connections for the same link If an individual port in a group fails the WX reassigns traffic to the remaining ports When the failed port starts operating again the WX begins using it for new traffic flows Traffic that belonged to the port before it failed continues to be assigned to other ports Layer 2 configuration changes apply collectively to a port group as a whole but not to individual ports within the group For example Spanning Tree Protocol STP changes affect the entire port group rather than individual ports When you make Layer 2 configuration changes you can use a port group name in place of the port list Ethernet port statistics continue to apply to individual ports and not to port groups To view port groups Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select Port Groups The configured port groups and their member ports appear in the Content panel Creating a Port Group 1 Viewing and Changing Port Groups 185 To create a port group In the Task List panel select Port Group The Create Port Group wizard appears In the Port Group Name box type the name of the port group 1 to 16 alphanumeric ch
89. b Click next to the instances you want to disable then go to step 10 10 Click Close 12 MANAGING CERTIFICATES A digital certificate is a form of electronic identification for computers This chapter describes processing and managing certificates and distributing PKS 12 files Overview A digital certificate is a form of electronic identification for computers The 3Com Mobility System supports the following types of X 509 digital certificates a Administrative certificate for the monitoring service or a WX switch a 802 1X EAP certificate for a WX switch a WebAAA certificate for a WX switch a Certificate authority certificate to validate the administrator s certificate a Certificate authority certificate to validate user and the EAP server certificates When 3WXM connects to 3WXM Services or a WX switch the administrative certificate is used to authenticate the service or WX switch and establish a secure connection If a WX switch does not already have certificates MSS automatically generates them the first time you boot using MSS Version 4 2 or later You do not need to install certificates unless you want to replace the ones automatically generated by MSS For more information see the Certificates Automatically Generated by MSS section in the Managing Keys and Certificates chapter of the Wireless LAN Switch and Controller Configuration Guide Before installing a new certificate verify that the WX switch
90. can specify a sum of them for a combination of allowed encryption types For example to specify WEP_104 and WEP_4O use 24 end date Date and time after which the user is no longer allowed to be on the network Date and time in the following format YY MM DD HH MM You can use end date alone or with start date You also can use start date end date or both in conjunction with time of day 294 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Table 22 Authentication Attributes for Local Users continued Attribute Description Valid Value s filter id network access mode only Inbound or outbound ACL to apply to the user If configured in the WX switch s local database this attribute can be an access control list ACL to filter outbound or inbound traffic Use the following format inboundacl in or outboundacl out If you are configuring the attribute on a RADIUS server the value field of filter id can specify up to two ACLs Any of the following are valid filter id Profile acl1 filter id OutboundACL acl2 filter id Profile acl1 OutboundACL acl2 Each example goes on a single line on the server The format in which to specify the values depends on the RADIUS server Regardless of whether the attributes are defined locally or on a RADIUS server the ACLs must already be configured on the WX switch For more information see
91. client during this session Unicast Packets In Number of unicast packets received by the radio from the client during this session Multicast Bytes In Number of multicast bytes received by the radio from the client during this session Multicast Packets In Bad Crypt Bytes In Bad Crypt Packets In Number of multicast packets received by the radio from the client during this session errors Number of bytes received by the radio that had encryption Number of packets received by the radio that had encryption errors Displaying Session Location History On the Client Sessions tab select the Location History tab at the bottom of the window 2 Client Monitor NET4_1_0 ment AP13 MAP Empty DAP14 MAP 5 Empty DAP15 MAP Cafe Ext DAP16 DAP16 Alphawx2 Wx1200 Alphawx 3 wx1200 AlphawxS WXR100 Alphawx4 wx1200 Sites Alerts 4 gt pe ams fA Client Activity Client Sessions Client Watch List 100 09 5b e8 0F public Total 1 Average SNR 10 Average RSSI 77 IP Address E 16 2 82 AlphaNET4_1_0 Session Details Fri Dec 02 20 09 20 PST 2005 Session Properties i Session Statistics Location History Start Time Location Fri Dec 02 18 12 42 PST 2005 Fri Dec 02 18 12 37 PST 2005 Fri Dec 02 16 00 28 PST 2005 AlphaNET4_1_0 Alphawx1 Wx4400 DAP13 MAP Empty Radiot AlphaNET4_1_0 Alphawx2 W 1200 DAP23 MAP TechPub Radiol AlphaNE
92. colored bands that represent each of the data transmit rates supported by the radio These rates are standard for each radio type RSSI Coverage is shown based on the received signal strength indication RSSI of the radio s signal heard by other radios SNR by data rate Average signal to noise ratio SNR for clients in each data rate Load by data rate Average number of clients at each data rate SNR by RSSI bands Average SNR for clients in each RSSI band Load by RSSI bands Average number of clients in each RSSI band For all display options except the baseline association rate a legend is displayed at the bottom of the window to indicate the values represented by each color 412 CHAPTER 16 MONITORING THE NETWORK Taking RF In the floor plan display you can take an RF measurement at any point on Measurements the floor plan An RF measurement point indicates the RSSI value for each 3Com radio on the floor To take an RF measurement 1 In the floor plan display of the Explore view click alll on the window s toolbar RF measurement options appear on the left B fi C Explore 2 9 amp amp lt P ShowRF Coverage Using Baseline Association Rate lt gt RRR jail BA SE alphaNeT4_1_0 J RF Point iii inca Se x Feet Y Feet C Sites 3Com Corp RSSI Options Lara SalesAndMatketing_G T a BuildingS753 Show Unreachable APs V Show Disabled APs DAP SQ
93. displayed Specifying the RF Characteristics of a Floor 109 t Import RF Measurements Floor1 RF Neighborhood Source Please select the source for the RF Neighborhood data Network Yes File v File Format Ekahau M File Name C demoexport csv fe Choose Map Name Graph_Demo_1_2_3 Cancel Click Yes next to File 5 In the format listbox select Ekahau 6 Click Choose to navigate to the csv file that contains the RF measurement data In the Map Name field specify the map name The map name must match the name specified in the site survey work order and must be the same map name used in the site survey tool Click Next The import progress is displayed When the import is done check the Total valid RF measurements found line in the progress messages f the number is greater than 0 3WXM successfully imported measurements a lf the number is 0 no measurements were imported Try the import again and verify that the map name is correct 110 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Applying the RF Measurements to the Floor Plan 1 Under Site Survey in the Task List panel click Optimize A wizard appears listing the progress of the request The Total number of RF measurements that did not intersect any object line lists the number of measurements that did not experience attenuation due to an RF obstacle in the path between them If the measurements
94. entry to the SSID or vendor list all SSIDs or vendors that are not in the list are implicitly disallowed An empty client black list implicitly allows all clients and an empty ignore list implicitly considers all third party wireless devices to be potential rogues All the lists except the black list require manual configuration You can configure entries in the black list and MSS also can place a client in the black list due to an association reassociation or disassociation flood from the client The rogue classification algorithm examines each of these lists when determining whether a device is a rogue The following figure shows how the rogue detection algorithm uses the lists Rogue Detection Lists 461 MAP radio detects wireless es cies ae Source MAC in Ignore List SSID in Permitted SSID List OUI in Permitted Vendor List No Generate an alarm Yes Classify device as a rogue Issue countermeasures if enabled Source MAC in Attack List Rogue classification algorithm deems the device to be a rogue Device is not a threat a 462 CHAPTER 17 DETECTING AND COMBATTING ROGUE DEVICES Using the Rogue To display rogue information select the Rogue Detection option in the Detection Screen main 3WXM tool bar v 3Com Wireless LAN Switch Manager 4 1 0 Plan AlphaNET4_1_0 Eile Tools Help e OF L QPfe s i Policies RF Planning Configur
95. even after this wizard is closed See Creating and Managing Users in the Local User Database on page 287 Select or create the radio profile to map to this service profile By default the default radio profile is selected a To map the service profile to the default radio profile leave default selected and go to step 21 a To map the service profile to a different radio profile select the radio profile and go to step 21 To create a new radio profile a Select Create new Radio Profile and click Next b Type the radio profile name in the Name box and click Next c Select the radios you want to manage with the radio profile and click Move to move them to the Current Members list If you have not planned RF coverage or configured any MAPS in the network plan yet no radios are listed You can add the radios later Select the radio profile click Properties then select Radio Selection See Configuring Advanced Radio Profile Settings on page 265 d Go to step 21 Click Finish To configure an Open Access service Access the Open Access Service Profile wizard a Inthe Organizer panel click on the plus sign next to the WX switch on which you want to configure the service profile b Click on the plus sign next to Wireless c Select Wireless Services d In the Task List panel select Open Access Service Profile 2 Read the description of the wizard on the first page then click Next 3 Edit the service name in
96. explicitly disassociate from the MAP and the 802 1X reauthentication interval has not lapsed 62 CHAPTER 4 WORKING WITH NETWORK PLANS Traffic Ports Used by a Mobility Domain Creating a Mobility Domain When deploying a Mobility Domain you might attach the WX switches to subnets that have firewalls or access controls between them Within a Mobility Domain the WX switches exchange information and other types of traffic depending on your configuration of AAA and various management services Table 10 provides a summary of the traffic ports typically used by a Mobility Domain and its associated AAA and management functions Table 10 Traffic Ports Used for AAA Servers and Management Servers Protocol Port Function IP UDP 17 1812 RADIUS authentication default setting IP UDP 17 1813 RADIUS accounting default setting IP TCP 6 443 Secure Sockets Layer protocol SSL management using Web Management IP TCP 6 8889 SSL management using 3WXM IP TCP 6 23 Telnet management IP UDP 17 161 SNMP get and set operations IP UDP 17 162 SNMP traps IP ICMP 1 N A Several types for example ping IP UDP 17 123 Network Time Protocol NTP IP UDP 17 53 Domain Name Service DNS The traffic typically sent between WX switches within a Mobility Domain uses IP UDP protocol 17 traffic on port 8817 for both source and destination Roaming traffic uses IP protocol 4 The Create Mobility Domain wizard requires
97. flashes for 3 seconds instead The new switch requests a configuration from 3WXM using the process described in Drop Ship WXR100 Only on page 332 or Staged WX on page 334 The process depends on whether the switch is a WXR100 or is any model that has been prestaged 3WXM finds a switch configuration that matches the model and MSS version and has a management interface in the same subnet as the new switch 3WXM also notices that the serial number of the new switch does not match the serial number in the switch configuration in 3WXM However because the Auto Config IP Subnet Matching option is enabled 3WXM does not reject the configuration request This configuration task is performed by the network administrator using 3WXM To enable replacement of remote switches Open the network plan that contains the remote switches you want to allow to be replaced Select Tools gt 3WXM Services Setup from the toolbar in the main 3WXM window On the Service Settings tab select Auto Config IP Subnet Matching 4 Click Save 344 CHAPTER 9 CONFIGURING WX SWITCHES REMOTELY Replacing a Switch This task is performed by someone at the remote office and does not require a network administrator 3Com recommends that you read through the entire procedure before beginning To replace a switch Remove the power cord from the old switch Unplug the network cables from the old switch If the cables are not already labeled
98. floor plan in the Content panel 3 In the Task List panel click RF Planning 4 Under Site Survey click Import Measurement The Import RF Measurements wizard is displayed 476 CHAPTER 18 OPTIMIZING A NETWORK PLAN Import RF Measurements Floor1 RF Neighborhood Source Please select the source for the RF Neighborhood data Network File File Format File Name C demoexport csv lia Choose Map Name Graph_Demo_1_2_3 Cancel 5 You can choose to import measurements from the network a site survey file or both a If you want to use RF neighborhood information imported from a MAP in the network click Yes next to Network b If you want to import measurements from a site survey file click Yes next to File and in the File Format listbox select Ekahau Then click Choose to navigate to the csv file that contains the RF measurement data 6 In the Map Name field specify the map name The map name must match the name specified in the site survey work order and must be the same map name used in the site survey tool 7 Click Next The import progress is displayed When the import is done check the Total valid RF measurements found line in the progress messages a f the number is greater than 0 3WXM successfully imported measurements a If the number is 0 no measurements were imported Try the import again and verify that the map name is correct Applying the RF Measurements
99. following time of day wk0900 1700 sa2200 0200 You can use time of day in conjunction with start date end date or both 298 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Table 22 Authentication Attributes for Local Users continued Attribute Description Valid Value s url URL to which the user is Web URL in standard format For redirected after example network access successful WebAAA mode only http Awww example com You must include the Attp portion vian name Virtual LAN VLAN Name of a VLAN that you want the assignment user to use The VLAN must be configured on a WX switch within the Mobility Domain to which this WX switch belongs network access mode only VLAN Name is a 3Com vendor specific attribute VSA The vendor ID is 43 and the vendor type is 1 On some RADIUS servers you might need to use the standard RADIUS attribute Tunnel Pvt Group ID instead of VLAN Name Viewing and Configuring RADIUS Settings Remote Authentication Dial In User Service RADIUS is a client server security protocol that provides authentication authorization and accounting for network users and devices A RADIUS server stores user profiles which include usernames passwords and other user attributes After you have defined RADIUS servers you define RADIUS server groups named sets of RADIUS servers You must create at least one server group RADIUS server
100. groups can authenticate administrators and network users You can specify up to four RADIUS server groups for AAA services in a 3Com Mobility System Although you can use the local database on the WX switch to authenticate users 3Com recommends using RADIUS to accommodate the large number of users in an enterprise network For information about the RADIUS attributes supported by MSS see the Wireless LAN Switch and Controller Configuration Guide Viewing RADIUS Settings Servers and Server Groups A W N Creating a RADIUS Server 1 Viewing and Configuring RADIUS Settings 299 To view RADIUS settings servers and server groups Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select RADIUS The RADIUS servers server groups and default settings appear To create a RADIUS server Access the Create RADIUS Server wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select RADIUS e In the Task List panel select RADIUS Server In the Name box type the name of an existing RADIUS server 1 to 64 alphanumeric characters with no spaces or tabs Do not use the same name for a RADIUS server and a RADIUS server group In the IP Address box type the IP address for the RADIUS server in dotted decimal notation ao ao oO 3WXM
101. if RSSI Projections is selected a Show Unreachable MAPs only available if RSSI Projections is selected a Show MAPs on Other Floors only available if RSSI Projections is selected In the Language list select English or German The language you select is the language used when you next access this page To select the directory to which the inventory report is saved click Choose The Select dialog box appears Navigate to the directory you want and click Select 3WXM uses this directory when generating subsequent reports Click Generate Work Order The work order is saved in the directory you specified in the format WO_scope_name_date If you generate another order for the same scope on the same day the old work order is overwritten When the work order has been generated the View button becomes available Click View A browser window opens to display the work order in HTML format A browser must be specified in the Tools tab in the Preferences dialog box Tools gt Preferences Select a floor from the Select Floor list and click View Work Order The work order is displayed starting at the floor you specified You can scroll to view additional information Click Close to close the dialog CONFIGURING WX SYSTEM PARAMETERS This chapter and the following two chapters describe how to view and configure WX switches using 3WXM If you want to use 3WXM planning to configure switches for you as part of coverage pla
102. in the Floor Name box 1 to 60 alphanumeric characters with no tabs Each floor name in a building must be unique 5 To change the default attenuation for radios type the number of dB in the 802 1 1a dB box or 802 1 1b g dB box 78 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 6 gt 7 In the Height of the Ceiling box tyoe the number of feet or meters from the floor to the ceiling 1 to 1000 feet or meters The ceiling height is based on the surface of the ceiling where the access points will be mounted not on the center of the plenum space between floors Click OK After creating a floor you can import or draw details about the floor See Importing or Drawing Floor Details next for more information Importing or Drawing Floor Details Importing a Drawing of a Floor You can add information for a floor by importing a drawing of the floor or by using 3WXM s graphics tools to draw the floor After you import or draw the floor you need to specify the RF characteristics of the floor by specifying the attenuation of obstacles such as walls doors windows and so on The attenuation of an object indicates how much the object affects an 802 11 radio signal 3WXM uses the attenuation information when calculating how many MAPs you need and where to place them in order to provide the desired wireless coverage The following sections describe how to import or draw a floor For information about specifying th
103. in the domain name example com The marketing example com glob specifies all users in the marketing department at example com The user glob sydney engineering example com specifies the user sydney in the engineering department at example com 3 Optionally edit the name in the SSID box CAUTION The default SSID name any matches on all SSID names If the SSID box contains any and you do not change the SSID name the rule allows clients who match the userglob to access any SSID 4 Select the authentication method s in the Available RADIUS Server Groups list and click Add An authentication method specifies where the switch will look for user information to authenticate users You can select a RADIUS server group LOCAL the switch s local user database or both MSS tries the methods in the order they appear in the Current RADIUS Server Groups list To reorder the methods select a method and click Up or Down a f you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server no authentication and authorization are attempted with the other methods specified in the list a f you specify LOCAL as the first method and a user is not in the local user database on the WX authentication and authorization are attempted with a RADIUS server group if one is defined in the method list The authentication methods you select are also used for authorization 5 Click Finish 324 CHAPTER 8 CONFIG
104. is allowed to use 802 1X to access the SSID or wired authentication port A user glob is a string containing wildcards that matches on one or more user names Type a full or partial username to be matched during authentication 1 to 80 alphanumeric characters with no spaces or tabs The format of a user glob depends on the client type and EAP method For Windows domain clients using Protected EAP PEAP the user glob is in the format Windows_domain_name username The Windows domain name is the NetBIOS domain name and must be specified in capital letters For example EXAMPLE sydney or EXAMPLE which specifies all usernames whose usernames contain periods For EAP with Transport Layer Security EAP TLS clients the format is username domain_name For example sydney example com specifies the user sydney in the domain name example com The marketing example com glob specifies all users in the marketing department at example com The user glob sydney engineering example com specifies the user sydney in the engineering department at example com 4 Click Next 5 Select the EAP type from the EAP Type drop down list a EAP MD5 Extensible Authentication Protocol EAP with message digest algorithm 5 Select this protocol for wired authentication clients Uses challenge response to compare hashes Provides no encryption or integrity checking for the connection 308 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCO
105. is enabled the switch sends a DNS query for the IP address of well known hostname wlan config srv DNS replies with the IP address of the host where 3WXM Services are installed The switch sends a request to 3WXM Services in the corporate network for a configuration If the auto config option is not enabled the switch boots using its configuration file You can use the CLI 3WXM or Web Management to complete its configuration 3WXM Requirements 335 8 3WXM receives the configuration request and looks in the currently open network plan for a switch configuration with the same model and serial number as the one in the configuration request If the network plan contains a configuration with a matching model and serial number 3WXM sends the configuration to the switch See Precontiguring a Switch in 3WXM If the network plan does not have a configuration with a matching serial number one of the following occurs If the Auto Config IP Subnet Matching is enabled and other requirements are met 3WXM can give the configuration to another switch with a different serial number if the switch is the same model and is in the same IP subnet See Replacing a Switch and Reusing its Configuration on page 342 for more information If the serial number does not match and the Auto Config IP Subnet Matching option is disabled 3WXM cannot give the switch a configuration 3WXM generates a verification warning on the Network Verifica
106. locations on the floor 3WXM assumes that MAPs are mounted on the ceiling and takes the ceiling height into account when placing MAPs 3WXM assumes that coverage is required down to 3 feet above the floor the average height of a user s desk By default 3WXM assumes that you want to directly connect the MAP access points to WX1200 switches and that you do not want redundant MAP connections for backup You can change these design constraints By default especially when you are performing Compute and Place for a coverage area for the first time the results do not account for existing MAP access points Manual overrides of the MAP results are not taken into account if you perform Compute and Place again Computing MAP Placement 137 If you are modifying an existing coverage area with deployed MAPs or if you need to preserve manual changes made to the current configuration you can lock the MAPs Locked MAPs cannot be moved or deleted during the Compute and Place process You perform the following tasks to compute and place MAPs 1 Specify design constraints See To specify design constraints 2 Compute and place MAPs See To compute and place MAPs on page 140 3 Review coverage area computation progress See To review coverage area computation on page 141 To specify design constraints Display the floor plan in the Content panel 2 Inthe Task List panel click Floor 3 Under Edit Floor click Constraints
107. occurs roaming can be disqualified or delayed a The client uses the same authorization parameters for the new session as for the old session For example changing the Encryption Type or VLAN Name parameter might cause a new session to be recorded rather than a roam within the same session A disassociated session has a grace period of 5 seconds in which the session history can be retrieved and forwarded After 5 seconds the session is cleared and its accounting is stopped You cannot configure the grace period If the client MAC address in a Mobility Domain is not found in 5 seconds the session is considered new The 802 1X reauthentication timeout has little impact on roaming If the timeout lapses 802 1X processing is performed on the existing association Accounting and roaming history are not affected if the reauthentication is successful because the client is still associated with the same MAP If reauthentication fails the session is cleared and it is not eligible for roaming If the client associates to the same MAP that is recorded as a new session Roaming creates the following effects a Remote Authentication Dial In User Service RADIUS accounting is treated as a continuation of an existing session rather than a new one a For tracked users you can view roaming history in the Monitor tab See Using the Client Monitor View on page 415 a The old session is cleared from the WX even if the client did not
108. on capacity for data traffic using the data capacity parameters 3WXM compares the results of the calculations and selects the calculation that results in more MAPs To calculate MAP placement and configuration based on both coverage and on capacity enable Use Capacity Calculation for Data Otherwise click Next By default 3WXM performs only the coverage calculation If you enable the Use Capacity Calculation for Data option 3WXM performs both calculations In the Per Station Throughput list specify the throughput combined transmit and receive in kilobits per second Kbps for a station The throughput value cannot exceed the value you selected for the baseline association rate 3Com recommends that perstation throughput values do not exceed 1 Mbps for 802 11b technology and 5 Mbps for 802 1 1a g technology In the Expected Station Count list specify the number of clients you expect to be in the coverage area In the Station Oversubscription Ratio list select the ratio for the average transmit behavior of the stations The station oversubscription ratio is the ratio of active clients compared to total clients For example the ratio 5 1 indicates that statistically 20 percent of the clients are active at any given time Click Next The Capacity Planning for Voice page appears Defining Wireless Coverage Areas 123 t Create Coverage Area Optional Capacity Planning for Voice Select if you would like to use Capa
109. one of the following 11a 11b 11g The choices available depend on the selection you made in step 12 14 Click Next The following dialog appears 134 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM t Create Third Party AP 802 11g Radio Configure the 802 119 radio Number 1 Channel Number Transmit Power dBm Enabled v SSID MAC Address 00 00 00 00 00 00 Antenna Gain dBi oe lt Previous Next gt J Finish Cancel 15 Verify the radio slot number and radio type For a dual radio access point 802 11b g radios have a slot number of 1 802 11a radios have a slot number of 2 16 In the Channel Number list select the channel number for the radio 17 In the Transmit Power box specify the transmit power for the radio 18 To enable the radio select Enabled The access point s radio must be enabled in order to be considered in channel allocation 19 In the SSID box type the service set identifier SSID for the radio 20 In the MAC Address box type the MAC address of the radio 21 In the Antenna Gain list select the antenna gain for the radio 22 If the access point has only one radio click Finish Otherwise go to the next step 23 Click Next The Radio A page appears 24 Repeat step 15 through step 21 for the 802 114 radio 25 Click Finish to save the changes Placing Installed and Auto Configured MAPs 135 Placing Installed and A
110. or 802 11b g dB box From the building s Content panel you can edit the properties of existing floors in the building See Creating or Modifying Floors next for more information Creating or Modifying Floors 77 Creating or Modifying Floors To create or modify a floor in a building 1 Select the RF Planning tool bar option 2 In the Organizer panel click the building name 3 Doone of the following f you are creating a new floor click on the building name in the Organizer panel and select Create Floor in the Task List panel A series of dialog boxes prompts you for information about the new floor f you are modifying an existing floor select the floor name in the Content panel for the building then click Properties A dialog box allows you to edit the floor s properties Click on the floor name in the Organizer panel click on Floor in the Task List panel and then select Floor properties under Edit Floor The following figure illustrates the information displayed in the Floor Properties dialog box for a floor Note that this information is the same as the information for which you are prompted when you create a floor Floor Properties Floor Name Figori Floor Level 1 Original Image File Ceiling Attenuation Factor For 802 113 dB Ceiling Attenuation Factor For 802 11b g dB Height of the Ceiling Feet 4 To change the floor name type the new name
111. other service profile types a Static CoS Value CoS value assigned by the MAP to all traffic on the service profile s SSID when static CoS is enabled This value is used only when static CoS is enabled The default is O if you enable static CoS manually However if static CoS is enabled automatically as part of a Vocera service profile the default is 7 highest priority a CAC Mode Call Admission Control CAC policy for allowing new sessions on the radios serving an SSID a None CAC is disabled This is the setting automatically selected for all service profile types except Vocera voice service profiles Sessions CAC is session based A MAP radio cannot have more than the specified number of active sessions for the SSID This is the setting automatically selected for Vocera voice service profiles a Max Sessions When the CAC mode is Sessions specifies the maximum number of active sessions radios can have for the SSID The default is 12 a Short Retry Count Number of times 1 to 15 the MAP transmits an unacknowledged unicast frame that is shorter than the fragment threshold before discarding the frame The default is 5 256 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Long Retry Count Number of times 1 to 15 the MAP transmits an unacknowledged unicast frame that is equal to or longer than the fragment threshold before discarding the frame The default is 5 Client Timeout Tab The Client Timeout tab lists
112. parameters except system IP address are defined with default values which you can change a Timeout generally set for only troubleshooting purposes a Retry count generally set for only troubleshooting purposes a Dead time a Key 302 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS a Authorization password a Use of the WX switch s system IP address as the source address for RADIUS packets from the switch When you create a new RADIUS server the default settings apply to the new server To change default values for RADIUS parameters 1 Access the RADIUS defaults a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to AAA d Select RADIUS 2 In the Timeout box specify how long WX switch must wait 1 to 65 535 seconds for a RADIUS server to respond before retransmitting The default is 5 seconds 3 In the Retry Count box specify the number of transmission attempts 1 to 100 for a RADIUS request The default is 3 4 In the Dead Time box specify the amount of time 0 to 1440 minutes that must elapse before the WX switch attempts to reach an unresponsive RADIUS server The default is O minutes When the dead time is set to 0 and there are two or more RADIUS servers in a RADIUS server group authentication starts with the first server in the group unless there are two or more RADIUS servers and load s
113. plan must have at least one wiring closet if the floor will use MAPs that are directly connected to their WX switches However a floor is not required to have a wiring closet if MAPs will be indirectly attached through the network In this case if you do not create a wiring closet 3WXM assumes the switch that will manage the Distributed MAPs will be located in a wiring closet on another floor in the building To create a wiring closet Display the floor plan in the Content panel 2 In the Task List panel click Tools 3 In the Wiring Closer Misc area under Coverage Area click the Jal Insert Wiring Closet icon Click in the floor display where you want to place the wiring closet The Create Wiring Closet wizard appears 112 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Create Wiring Closet Wiring Closet Properties Enter the Wiring Closet properties Name we floort Available Devices Current Devices WXR100 Updated Name value we_floor1 Finish Cancel 5 In the Name box type the name of the wiring closet 1 to 60 characters with no tabs 6 If you have not defined a WX switch in 3WXM click Finish to save the changes Otherwise go to step 7 3WXM determines how many WX switches are needed when it computes how many MAP access points are required and automatically creates them 7 To add a WX switch you previously created to the wiring closet click the WX switch in the Available
114. radio baseline association rate The baseline association rate is the typical data rate the radio is expected to support for client associations The baseline association rate is specified during planning on a coverage area basis a Data Rate Coverage is shown in colored bands that represent each of the data transmit rates supported by the radio These rates are standard for each radio type a RSSI Coverage is shown based on the received signal strength indication RSSI of the radio s signal heard by other radios In the Coverage Areas section of the Organizer panel select the scope for which you want to display coverage You can display coverage for an individual radio a specific coverage area or all coverage areas on the floor a To select multiple contiguous objects click Shift while selecting a To select multiple noncontiguous objects click Ctrl while selecting Locating and Fixing Coverage Holes 479 6 On the toolbar click the radio type for which you want to display coverage Displays 802 11a coverage for the selected scope s Displays 802 11b coverage for the selected scope s Displays 802 11g coverage for the selected scope s You also can show coverage by right clicking on the scope in the Coverage Areas section then selecting Show RF Coverage Coverage for the selected scope s is displayed This example shows 802 11a coverage by transmit data rate for the coverage area CoverA e 23 am
115. radios in the network you can update the radios in the network plan with the channel and power settings currently in effect on the same radios in the network You also can lock down the channel and power settings in the plan and in the network by disabling RF Auto Tuning on the radios RF Auto Tuning settings are applied only to configured MAPS not to Auto DAPs Distributed MAPs configured using a Distributed MAP profile This option also disables RF Auto Tuning on the radios When RF Auto Tuning is disabled the channel and power settings on the radios are static Select the Configuration tool bar option 2 In the Organizer panel select the network plan name 3 In the Task List panel select Auto Tune Settings The Apply Auto Tune Settings wizard appears Select the RF Auto Tuning settings you want to apply Both channel and power settings are selected by default 66 CHAPTER 4 WORKING WITH NETWORK PLANS Select the scope a Mobility Domain a WX switch Radio profile Individual MAP radio To select a radio profile display it first by clicking on the plus sign next to the WX switch To select an individual radio display it first by displaying its radio profile then clicking on the plus sign next to the radio profile If you accessed the wizard from the toolbar select the scope You can select a Mobility Domain WX switch MAP or radio profile 7 Click Next The progress is displayed 8 Click Finish Uplo
116. rate at which the radio sends beacon SSID advertisement frames and probe response frames The valid rates depend on the radio type and are the same as the mandatory rates However you cannot set the beacon rate to a disabled rate The default depends on the radio type 802 11a 6 0 802 11b 2 0 802 11g 2 0 Viewing and Configuring Wireless Services 257 a Multicast rate Data rate at which the radio sends multicast frames The valid rates depend on the radio type and are the same as the mandatory rates The default is Automatic which sets the multicast rate to the highest rate that can reach all clients connected to the radio a Mandatory rates Set of data transmission rates that clients are required to support in order to associate with an SSID on a MAP radio A client must support at least one of the mandatory rates These rates are advertised in the basic rate set of 802 11 beacons probe responses and reassociation response frames sent by MAP radios Management frames sent by MAP radios use one of the specified mandatory rates The valid rates depend on the radio type 802 11a 6 0 9 0 12 0 18 0 24 0 36 0 48 0 54 0 802 11b 1 0 2 0 5 5 11 0 802 11g 1 0 2 0 5 5 6 0 9 0 11 0 12 0 18 0 24 0 36 0 48 0 54 0 The default depends on the radio type 802 11a 6 0 12 0 and 24 0 802 11b 1 0 and 2 0 802 11g 1 0 2 0 5 5 and 11 0 a Supported rates Rates that are not man
117. received by the listener from the rogue SSID SSID of the rogue Clients Tab The Clients tab lists details about the clients of rogue devices To display client information for a rogue select the rogue in the Filtered List Table 62 lists the information displayed on the Clients tab Table 62 Client Columns Column Client Vendor Channel SSID Description MAC address of the client Manufacturer of the client Channel the client is on SSID the client is associated with 468 CHAPTER 17 DETECTING AND COMBATTING ROGUE DEVICES Displaying a Rogue s Geographical Location b gt If building and floor information for the site is modeled in the network plan you can display the likely physical location of a rogue 3WXM displays the floor plan for the floor where the rogue is believed to be located and displays the areas where the rogue is probably located This option displays the likely location of the rogue when the data was collected by the monitoring service from the Mobility Domain s seed WX switch If the rogue has moved since then the location information will not be current To display the location of a rogue within a site Select the rogue in the rogue list Click on the toolbar The Location tab appears next to the details tab The likely location of the rogue is indicated by color The legend beneath the floor view indicates the likelihood represented by each color The number in red on the legend
118. require different bandwidth For example an engineering department might have its own coverage area to accommodate a need for higher bandwidth but the rest of the floor might be planned for general use with lower bandwidth requirements Creating a Wiring Closet Defining Wireless Coverage Areas 111 You must also identify the wireless technology required 802 11a or 802 11b g for coverage areas For areas requiring multiple wireless technologies two completely overlapping coverage areas are created one for 802 11a and one for 802 11b g You define coverage by creating the following items a Wiring closets at least one is required if you plan to install directly connected MAPs See Creating a Wiring Closet on page 111 a Coverage areas required See Defining a Coverage Area on page 113 a RF measurement points optional See Showing RF Coverage on page 150 a Third party access points optional A wiring closet is a room that contains networking devices such as switches If you have an existing wiring closet you can draw it on the floor layout If you have previously installed WX switches and defined them in 3WXM you can place them in the wiring closet and specify them as switches to be used when 3WXM calculates how many MAP access points are required If you do not have any WX switches placed in the wiring closet 3WXM automatically creates and configures the switches that are needed Each floor
119. see the highest or lowest values at a glance To sort data click the title of the column whose data you want to sort Click the column title again to toggle between ascending and descending order To see details for performance data You can see performance data for the objects in the scope you selected For example if you selected a Mobility Domain as the scope you can see performance data for the Mobility Domain WX switches in the Mobility Domain or WX ports To see the objects available in the scope click the button next to Select Detail the button text depends on what scope you selected and select the object whose performance data you want to see You can also select the category for the data you want to see by clicking the tab for the category a Octets In Out a Packets In Out a Errors In Out Accessing Realtime Performance Statistics 453 To reset counters in the current view For absolute values you can reset the counters in the current view by clicking Reset Counters In View Resetting counters applies to the current view only The performance data continues to be collected The view shows when you reset the counters To show the original counter values For absolute values you can see the original counter values by clicking Show Original Counters If you click Show Original Counters the performance data values that were displayed since view reset are replaced with the current original counters Viewing Historical Dat
120. select File gt Drawing Utilities gt Audit a Check for grouped objects especially groups that span multiple layers or include the entire drawing If a grouped object contains objects that you will to assign differing RF values to or if some objects will not become RF obstacles ungroup the objects and delete the unneeded objects If all the RF objects in the grouped object will have the same RF value you might want to leave the object grouped A grouped object can contain multiple layers and can contain visible and invisible objects When you select an object that spans multiple layers the object is not selected normally when you click on it Instead a selection square appears offset to the side of the object If you decide to delete a grouped object ensure that the object does not contain objects to which you will need to assign RF values a Turn visible unlock and unfreeze all layers Then delete unnecessary layers Locking a layer keeps the layer visible but also prevents changes to the layer Freezing a layer locks the layer and makes it invisible In many cases the information in invisible or frozen layers is not related to objects that will be RF obstacles and so is unnecessary in the floor plan The information you need to keep is the structural information to which you will assign RF values in 3WXM Importing or Drawing Floor Details 81 To check the contents of the invisible layers to make sure the information ca
121. select the ending port number of the range in the Range End box The number must be higher than the port number in the Port Number box e Click OK 8 Specify the TCP or UDP destination source port The options are the same as those for the source port 9 To match based on DSCP value or IP TOS and IP precedence values a Click on the down arrow in the DSCP column b Select Type Of Service or Diff Serv Code Point c If you selected Type Of Service select the IP precedence value from the Precedence drop down list Any 1 All packets are subject to the ACL regardless of whether precedence is set Routine 0 Packets with routine precedence are filtered Priority 1 Packets with priority precedence are filtered Immediate 2 Packets with immediate precedence are filtered Flash 3 Packets with flash precedence are filtered Flash Override 4 Packets with flash override precedence are filtered CRITIC ECP 5 Packets with critical precedence are filtered Internetwork Control 6 Packets with internetwork control precedence are filtered Network Control 7 Packets with network control precedence are filtered Select the ToS value in the TOS box 1 any All packets are subject to the ACE regardless of whether TOS is set 10 11 12 13 Viewing and Configuring ACLs 225 0O normal Packets with normal TOS defined are filtered 1 minimum monetary cost Packets with minimum monetary
122. select the VLAN 3 In the Task List panel select Configure IGMP To enable IGMP snooping select Enable To disable IGMP snooping clear Enable By default IGMP snooping is enabled 5 In the Version list select Version 1 or Version 2 of IGMP If IGMP queriers are not on the subnet for example multicast routers select Querier Enabled 3Com recommends that you use the pseudo querier only when the VLAN contains local multicast traffic that is not routed In the Query Interval box specify the interval 1 to 65 535 seconds at which the WX switch sends general IGMP queries on behalf of multicast routers to advertise multicast groups The default interval is 125 seconds 10 11 12 13 14 15 Viewing and Configuring VLANs 215 In the Other Querier Present Interval box specify how long 1 to 65 535 seconds the WX switch waits for a general query to arrive before making itself the querier The default interval is 255 seconds In the Query Response Interval box specify how long 1 to 65 535 tenths of a second a device can take to respond to an IGMP query The default interval is 100 tenths of a second 10 seconds In the Last Member Query Interval box specify how long 1 to 65 535 tenths of a second the WX switch waits for a response to a group query after receiving a leave message for that group before removing the group The default value is 10 tenths of a second 1 second In the Robustness Value box specif
123. send and receive packets within an intranet but restrict incoming packets to the server that stores confidential salary information An ACL is an ordered list of access control entries ACEs rules that specify how to handle packets The rule consists of a filter and an action When a packet matches the filter the action is applied to the packet If there are no ACE matches in the ACL an ACL contains an implicit rule that denies all access If there is not at least one ACE that permits access in an ACL no traffic will be allowed The implicit deny all rule is always the last ACE of an ACL Viewing ACLs Creating an ACL A W N Viewing and Configuring ACLs 221 You can choose to count the number of times an ACE is matched This hit count is useful for troubleshooting complex ACL configurations and for monitoring traffic load for specific network applications or protocols The hit count can only be seen from the CLI To start updating hit counter statistics in the CLI you must first set the hits sampling rate to a nonzero value such as 15 seconds For more information about security ACLs see the Wireless LAN Switch and Controller Configuration Guide You cannot perform ACL functions that include permitting denying or marking with a Class of Service CoS level on packets with a multicast or broadcast destination address To view ACLs Select the Configuration tool bar option In the Organizer panel click the plus si
124. status command to display the fingerprint The fingerprint is used for secure communication between the WX switch and the MAP and applies only to Distributed MAPs 6 Click Next 7 Select the MAP model from the MAP Model list 10 To select the radio type for a single radio model click the MAP Radio Type box and select the radio type from the list a 11a 802 11a a 11b 802 11b only 11g 802 11b g Click Next Configure the radios a To enable the radio select Enabled gt gt 11 Configuring a Directly Connected MAP v Viewing and Configuring MAPs 275 b In the Radio Profile list select the profile to which the radio belongs For more information see Viewing and Configuring Radio Profiles on page 263 c Inthe Channel Number list select the channel number for the radio If RF Auto Tuning for channel configuration is enabled setting this value has no effect The channel number is controlled by RF Auto Tuning d In the Transmit Power box specify the transmit power for the radio If RF Auto Tuning for power configuration is enabled setting this value has no effect The power level is controlled by RF Auto Tuning e If the MAP has two radios click Next and repeat this step for the other radio Otherwise go to step 11 Click Finish MAPs contain radios that provide networking between your wired network and IEEE 802 11 wireless users A MAP can connect to the wired network through a d
125. suggests the name of a server group to place the server in The server group is required because AAA rules refer to server groups not to individual servers Click Next If you need to change port numbers or timers go to step 6 Otherwise go to step 11 In the Authentication Port box specify the UDP destination port to which the WX switch listens for authentication and authorization The default port is 1812 In the Accounting Port box specify the UDP destination port to which the WX switch listens for accounting The default port is 1813 300 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS 8 10 11 12 gt 13 Creating a RADIUS Server Group 1 In the Timeout box specify how long 1 to 65 535 seconds the WX switch must wait for a RADIUS server to respond before retransmitting The default is 5 seconds In the Retry Count box specify how many retransmissions 1 to 100 are sent for a RADIUS request The default is 2 In the Dead Time box specify how long 0 to 1440 minutes the WX switch waits before attempting to reach an unresponsive RADIUS server The default is O minutes In the Key box type the password also known as a shared secret key used to authenticate to the RADIUS server 1 to 32 characters long with no spaces or tabs You must provide the same password that is defined on the RADIUS server In the Authorization Password box type the password used for
126. switch Configuring the MSS DHCP Server u FF W N Viewing and Configuring VLANs 219 c Click the plus sign next to System d Select VLANs In the Tunnel Affinity box specify the numeric value 1 to 10 that the WX will advertise to other WX switches in the Mobility Domain for the VLAN The default is 5 A higher tunnel affinity indicates a greater preference Click Save MSS has a DHCP server that the switch uses to allocate IP addresses to the following DHCP service for these items is enabled by default a Directly connected MAPs a Host connected to a new unconfigured WXR100 or WX1200 to configure the switch using the Web Quick Start Optionally you can configure the DHCP server to also provide IP addresses to Distributed MAPs and to clients Use of the MSS DHCP server to allocate client addresses is intended for temporary demonstration deployments and not for production networks 3Com recommends that you do not use the MSS DHCP server to allocate client addresses in a production network To enable the MSS DHCP server on a VLAN Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs In the Content panel select the VLAN Click Properties Select DHCP Server to enable it on the VLAN To change the range of addresses available to the DHCP server edit the addresses in the Star
127. switch c Click the plus sign next to System d Select VLANs In the Content panel select the VLAN In the Task List panel select Restrict L3 Traffic Type the IP address of the VLAN s gateway Click Next The ACL 3WXM will configure to block the traffic is displayed Read the information on the wizard page about the ACL If you need to modify the ACL see Viewing and Configuring ACLs on page 220 Click Finish WX switches configured to comprise a Mobility Domain allow users to roam seamlessly across MAP access points and across WX switches Although a WX that is not a member of a user s VLAN cannot directly forward traffic for the user the WX can tunnel the traffic through another WX that is a member of the user s VLAN If a WX that is not in the user s VLAN has a choice of more than one other WX through which to tunnel the user s traffic the WX selects the path based on the tunnel affinity value This is a numeric value that each WX within the Mobility Domain advertises for each of its local VLANs to all other WX switches in the Mobility Domain The WX the user is roaming from selects the WX with the highest affinity value for the user s VLAN as the path for the user s data If two or more WX switches have the same tunnel affinity value the WX the user is roaming from randomly selects a WX Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX
128. the certificate presented by 3WXM Services to ensure that the certificate is valid The certificate is in a key store file on the server The default key store file is services_keystore This file contains a self signed certificate for 3WXM Services You can use this certificate if desired or you can configure the service to use a different key store file containing a different certificate See Changing Service Settings on page 497 By default the 3WXM client does not accept self signed certificates even from 3WXM Services Instead when 3WXM Services or another device presents a self signed certificate to the 3WXM client the Certificate Check dialog box appears on the client This dialog box displays the certificate information The options you select in this dialog box apply to all HTTPS connections with the 3WXM client For example the 3WXM client also checks the validity of certificates presented by WX switches and the settings you select in this dialog affect those connections too 496 CHAPTER B CHANGING 3WXM SERVICES PREFERENCES gt To complete the connection Select one or both of the following options within 60 seconds after the Certificate Check dialog is displayed a Always accept self signed certificates Use this option to configure the 3WXM client to always accept a self signed certificate from the 3WXM monitoring service and from WX switches a Install this certificate to validate future connections
129. the switch to try to contact 3WXM Services for configuration The auto config option is automatically enabled on an unconfigured WXR100 when the Fn switch is pressed during power on However auto config is disabled by default on other models If you want another WX switch model to be able to access 3WXM Services for a configuration you must preconfigure the WX with the following information a P address a Gateway address Domain name and DNS server address You can enable the switch to use the MSS DHCP client to obtain this information from a DHCP server in the local network where the switch will be deployed Alternatively you can statically configure the information The IP address and DNS information are configured independently You can configure the combination of settings that work with the network resources available at the deployment site The following examples show some of the combinations you can configure If DNS is available an entry must be added to the DNS server that maps the IP address of the host where 3WXM Services are installed to the well known hostname wlan config srv Otherwise an IP alias can be configured on the switch itself to map the address to the hostname The deployment site in this example has a DHCP server The switch is configured to use the MSS DHCP client to obtain an IP address default gateway address DNS domain name and DNS server IP addresses Configure a VLAN WX1200 set vlan 1 port
130. the Name box Editing the name is optional if this is the first service of this type you are configuring on the switch Type the SSID name in the SSID box Viewing and Configuring Wireless Services 251 Select the SSID type from the SSID Type drop down list a Encrypted Traffic on the SSID is encrypted a Clear Traffic on the SSID is unencrypted Click Next a f you selected Encrypted in step 5 configure the encryption settings Go to step 7 a f you selected Clear in step 5 go to step 15 Select the security modes you want the SSID to support You can select one or more of the following a RSN WPA2 a WPA a Static WEP 8 Click Next 10 11 12 13 If you selected RSN or WPA in step 7 you can select whether to use dynamically generated keys or static keys based on a passphrase a To use dynamically generated keys leave the Pre shared Key box blank and go to step 10 a To use static keys type a string from 8 to 63 characters long in the Pre shared Key box and click Generate Click Next Select the encryption algorithms to use a AES CCMP Usually used with RSN WPA2 a TKIP Usually used with WPA a WEP 104 Used with dynamic WEP a WEP 40 Used with dynamic WEP Click Next If you selected Static WEP in step 7 specify WEP keys Otherwise go to step 14 a For each key up to four type the key value in the corresponding key box a By default data in unicast and multicast packets a
131. the Task List panel 802 1X Access a MAC Access a Web Portal Access a Open Access To display the service profile s access rules only select Access Rules To display an SSID s encryption settings and access rules in an Access Rule table 1 In the Organizer panel click on the plus sign next to the WX switch on which the service profile is configured 2 Click on the plus sign next to AAA 3 Select the type of access rule assigned to the service profile a 802 1X Access Rules for 802 1 service profiles a MAC Access Rules for Voice service profiles a Web Access Rules for Web Portal WebAAA service profiles a Last Resort Access Rules for Open service profiles For a custom service profile the option to select depends on the access rule type selected when the service profile was created After you select the access rule type a table listing all the access rules of that type configured on the WX switch is displayed 4 Look in the SSID column for the SSID name configured in the service profile and select the table row 5 Click Properties A Network Access Properties wizard containing the configuration settings for the access rule appears 260 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Modifying SSID Encryption Settings and Access Rules 1 You can create access rules for a service profile from within a service profile wizard You also can create or modify a service profile s access rules after creating the
132. the client is in communication with a 3WXM client messages generated by the instance of the 3WXM client you are using Displaying the Event Log Toolbar Options To display the event log select the Events toolbar option in the main 3WXM window Event messages are displayed on top The bottom section allows you to filter the display By default only the messages generated by the 3WXM client are displayed Messages are displayed for all severities and for all log facilities Table 29 lists the options on the Event tab s toolbar These options are in addition to the standard toolbar options See Tool Bar Options on page 39 Table 29 Toolbar Options for Events Tab Option Description Export Displays the Export Data dialog box which enables you to save log data into a file Refresh Refreshes event data Display Event Details Displays details for the currently selected message Display Filters Toggles display of the filter tabs 378 CHAPTER 14 USING THE EVENT LOG Refreshing Event Data By default the event data is refreshed whenever the 3WXM client generates a new message for itself or receives a new message from the 3WXM Services To disable automatic refreshing of events clear the Auto update checkbox and click Apply The checkbox is located on the Filters tab To manually refresh events at any time click Gh on the Event tab s toolbar Reviewing Event Details To see
133. the network plan A site Modifying a Site usually represents a campus of geographically colocated buildings If your network plan encompasses multiple campuses create a site for each campus To create or modify a site 1 Select the RF Planning tool bar option 2 In the Organizer panel click the name of the network plan 3 Do one of the following a If you are creating a new site click on the network plan name in the Organizer panel and select Create Site in the Task List panel A series of dialog boxes prompts you for information about the new site f you are modifying an existing site click on the plus sign next to the network plan to expand it then click on the name of the site you want to modify Information about the site appears in the Content panel The following figure illustrates the information displayed in the Content panel for a site Note that this information is the same as the information for which you are prompted when you create a site Creating or Modifying a Site 73 3Com Wireless LAN Switch Manager 4 1 0 Plan RTFM File Tools Help 2 ab y Q Policies RF Planning Configuration Devices Monitor Site Site Name sitet Country Code United States of America US Channel Set 802 11b 9 1 6 11 v Building Name Number of Floors _ Starting Floor Level Buildingt IS 1 Eal D Rogue Detection Verification Create P Building Setup
134. the notification profile The name can be 1 to 32 alphanumeric characters with no spaces or tabs Click the checkbox next to each notification type you want to enable To enable all notification types click the Enable checkbox at the top of the list Click Finish Configuring a Notification Target A notification target is a remote device to which MSS sends SNMP notifications You can configure the MSS SNMP engine to send confirmed notifications informs or unconfirmed notifications traps The available options differ depending on the SNMP version and the type of notification you specify To monitor a switch using 3WXM Services you must configure 3WXM Services to be one of the switch s notification targets 3WXM Services does not start listening for SNMP notifications from the WX switches in the network plan until you save the network plan Access the Create Notification Target wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select Management Services e In the Task List panel select Notification Target 192 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS 2 Specify the target ID 3 Type the IP address of the target 4 Specify the protocol port on which the target listens for SNMP notifications The default is 162 5 Click Next 6 Select the notification profile that will use this target To view the profi
135. the power level from the Max Transmit Power pull down list The default power level is default which means RF Auto Tuning can assign up to the maximum power level allowed for the radio You can specify from 1 to 20 To change the minimum rate at which a radio is allowed to transmit traffic to clients select the rate from the Client Data Rate pull down list The radio automatically increases its transmit power when necessary to maintain at least the minimum rate with an associated client The valid values depend on the radio type All values are in Mbps For 802 119 radios 54 48 36 24 18 12 11 9 6 5 5 2 or 1 For 802 11b radios 11 5 5 2 or 1 For 802 11a radios 54 48 36 24 18 12 9 or 6 The default minimum data transmit rate depends on the radio type The default minimum data rate for 802 11b g and 802 11b radios is 5 5 Mbps The default minimum data rate for 802 11a radios is 24 Mbps c To change the maximum percentage of client retransmissions a radio can experience before RF Auto Tuning considers changing the channel on the radio select the percentage from the Data Retransmissions pull down list A high percentage of retransmissions is a symptom of interference on the channel You can specify from 1 to 100 The default is 10 9 Click OK Viewing and Changing Radio Settings 281 Viewing and Changing Radio Settings Viewing Radio Settings Changing Radio Settings
136. to indicate the switch port numbers to which they are connected you might want to label them before unplugging them Plug the network cables into the new switch 4 Plug the power cord into the new switch 5 Perform this step only if the switch is a WXR100 and was not prestaged by your network administrator While the switch is powering on insert a paperclip or similar object into the WXR100 s Fn hole to press the Fn switch Normally the Fn LED the right LED above port 1 remains solidly lit for 3 seconds after power on However when the Fn switch is pressed the LED flashes for 3 seconds instead 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS This chapter describes the management of WX system files It includes information about uploading a WX switch configuration into 3WXM verifying configuration information synchronizing local and network changes deploying WX switches from a network plan to the network distributing image and configuration files importing and exporting WX switch configuration files working with domain policies and rebooting WX switches or MAP access points WX File Management Options 3WXM provides many options for managing WX system image files and configuration files Table 23 lists the options and the places in this document where the options are described Table 23 WX File Management Options in 3WXM Option Description Upload Creates a new WX switch in a network plan by copying th
137. to the Floor Plan 1 Importing RF Measurements 477 To apply the RF measurements to the floor plan Under Site Survey in the Task List panel click Optimize A wizard appears listing the progress of the request The Total number of RF measurements that did not intersect any object line lists the number of measurements that did not experience attenuation due to an RF obstacle in the path between them If the measurements came from a site survey file they are measurements between the portable AP LOS point and the PC running the site survey tool If the measurements came from MAP radios in the network they are measurements between MAP radios The Total number of objects that will be corrected line indicates the number of measurements that did experience attenuation For existing RF objects 3WXM corrects the attenuation to match the results For RF obstacles created by 3WXM the description is auto generated and the obstacle type is Other You can edit these values by selecting the obstacle clicking the Edit properties icon to open the Modify RF Obstacle wizard and modifying the values Click OK to close the wizard and save the changes See To use the Create RF Obstacle Dialog box on page 96 The wizard is the same whether it is labeled Create or Modify Click Finish If the imported RSSI values do not match the values predicated by 3WXM 3WXM looks for an RF obstacle in the plan that might be causing attenuation an
138. to the WX configure a MAP port instead For information see Configuring a Directly Connected MAP on page 275 To create a distributed MAP Access the Create Distributed AP wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless 274 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS 2 3 4 5 d Select Access Points e In the Task List panel select Distributed AP In the Name box type a name 1 to 16 alphanumeric characters with no spaces or tabs In the DAP Number box specify the connection number for the WX switch s connection to this Distributed MAP The range of valid connection numbers depends on the WX switch model a For aWxX4400 you can specify a number from 1 to 300 a For a WX1200 you can specify a number from 1 to 30 a For a WXR100 you can specify a number from 1 to 8 In the Serial Number box type the serial number of the MAP In the Fingerprint box type the 16 digit hexadecimal number of the MAP s encryption fingerprint Use either of the following formats a 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff 00 a 1122 3344 5566 7788 99aa bbcc ddee ff00 A MAP s fingerprint is the hash value of the MAP s public encryption key The fingerprint is displayed on a label on the back of the MAP and is labeled RSA key If the MAP is already installed and operating use the CLI command display dap
139. to the live network a Verify on upload 3WXM performs verification when you select the option to upload a switch s configuration from the network into 3WXM a Allow errors to be deployed and exported 3WXM allows you to deploy or export a switch s configuration even if it contains errors gt Disabling and Reenabling Rules 3 Resolving an Error or Warning 367 3Com recommends that you do not deploy a network plan that contains configuration errors Allowing configuration errors to be deployed to the network can affect network stability Click Close to place the changes into effect and close the dialog box If you disable a rule you can use the Verification Options dialog box to reenable the rule You also can disable rules for the entire network plan or for specific instances To disable or reenable a rule On the toolbar of the Verification tab click Options The Verification Options dialog box appears 2 Click Rules Control The list of 3WXM verification rules appears 3 Locate the rule you want to disable You can click on the Class or Rule headers to sort alphabetically by rule class or by rule name You also can filter the display to show only the rules in a specific class To filter the rule list based on class a Click Filter By Class The rule list changes to list the rules in the selected class b Select a rule class from the listbox The list of rules changes to list the rules in the selected clas
140. vertex before completing the shape Right click to complete the polygon 94 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM L Click at the start of the line Drag the cursor to the end of the line line Click to finish oO 5 w N Click to exit free draw mode by cursor under lect Specifying the RF Characteristics of a Floor gt Recommendations 3WXM uses RF attenuation information in the floor plan when calculating how many MAPs you need and where to place them to provide the wireless coverage required for the floor The RF attenuation information comes from the attenuation values associated with objects on the floor plan that have been converted into RF obstacles An RF obstacle is an object that has an attenuation value associated with it You can add RF obstacles to a floor plan in the following ways Select the objects that will be RF obstacles and assign attenuation values to them This method is available for floor plans that are imported from CAD drawings See Converting Objects into RF Obstacles on page 95 Use the graphics tools in 3WXM to draw the RF obstacles and assign attenuation values to them This method is available for any floor plan See Drawing RF Obstacles on page 97 Import RF measurements from a site survey This method requires the Ekahau Site Survey tool to create the site survey You can use this method alone or in combination wi
141. want to modify Information about the building appears in the Content panel You can edit the building information in the Content panel The following figure illustrates the information displayed in the Content panel for a building Note that this information is the same as the information that appears when you click the Properties button for the building Creating or Modifying Buildings ina Site 75 x 3Com Wireless LAN Switch Manager 4 1 0 Plan RTFM File Tools Help 2 i y Q 6 Policies RF Planning Configuration Devices Monitor Rogue Detection Verification Create General D Floor fexmuilding Building Name Building1 Number of Floors 2 Other Starting Floor Level 1 eis D Edit Building loor Levels D gt Work Order Report Floor Defaults Unit of Measurement Height of the Ceiling Feet Ceiling Type Ceiling Attenuation Factor For 802 114 dB Ceiling Attenuation Factor For 802 11b g dB Floors Floor Name Floor Level Floor2 Floort 1 In the Building Name box type the name of the building 1 to 30 alphanumeric characters with no spaces or tabs 2 In the Task List Panel under Other click Edit Building The Edit Building dialog box is displayed v Edit Building1 Floors You can select the number of floors in this Building Number of Floors Starting Floor Le
142. while compute and place is in progress Click Finish to see the design on the layout AP Count 1 Coverage AP Count 1 Coverage lt Previous Finish cance 10 Go to To review coverage area computation To review coverage area computation 1 Review the number of MAPs required for each coverage area and the overriding criterion used coverage or capacity 2 Click Finish to apply the changes Icons for the suggested MAP locations appear on the floor plan O ele anager 4 1 0 Pla R O Eile Tools Help 2 ay y E Q es Back Forward Policies RF Planning Configuration Devices Monitor Rogue Detection Verification Bgg AIEBAT Fe RMI lA Rz showRF Coverage using Baseline Association Rate Coverages X 5 E Floort Level 1 overa covera gt Import Floor Layout D gt Clean Layout D Create RF Obstacles gt Compute and Place Assign Channels gt Compute Optimal Power D gt Work Order Report Site Survey amp j D gt Import Points gt Import Measurement D Optimize D gt Report m Sites RF Planning E Objects to Place 2 Broor E Coverage Areas le EE rE tools o 142 o ele File Tools Help CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM To see the RF coverage area for an area right click on the area either in the organizer panel or on the floor and select Display RF Coverage If the
143. with the Switch This option is available only if the switch is running and can be reached through the network by 3WXM Services This option also requires the Managed option for the switch to be enabled See step 6 in Modifying Basic Switch Parameters on page 170 1 Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select Launch Browser Viewing and Changing Port Settings Viewing Port Settings Changing Port Settings A WU N 1 You can configure and display information for the following port parameters a Name a State a Type network MAP or wired authentication Speed and autonegotiation a Power over Ethernet PoE state a Media type gigabit Ethernet ports only a Load sharing see Viewing and Changing Port Groups on page 184 Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select Ports The ports and their configuration settings appear in the Content panel The 10 100 Ethernet ports and the gigabit Ethernet ports if the switch has them are listed separately To change settings for a port edit the row of information for the port In the Name box type a name for the port 1 to 16 alphanumeric characters with no spaces or tabs To enable the port select Enabled To disable the port clear Enabled By default the po
144. you convert a rogue into a third party AP the rogue disappears from the rogue list Converting a rogue into a third party AP applies only to the network plan in 3WXM 3WXM does not send this information in any form to the WX switches in the network To prevent MSS from issuing countermeasures against a third party AP you must also add the AP to the ignore list 3WXM does send the ignore list to the WX switches in the network To convert a rogue into a third party AP use the following procedure 1 Select the rogue in the rogue list Click b on the toolbar The Third Party AP Properties dialog is displayed 472 CHAPTER 17 DETECTING AND COMBATTING ROGUE DEVICES Third Party AP Properties Access Point 802 11b Radio 802 11aRadio Access Point Radio Type ib Name Manufacturer ID Product ID TP Address 0 0 0 0 Telnet Port Number 23 X HTTP Port Number 80 X Floor Site Building Floor ot Assigned Cancel 3 Enter the information for the AP and place the icon for the AP in its floor location if applicable See Placing Third Party Access Points on page 130 When you have finished the AP appears under Objects to Place in RF Planning To display the list Select the Configuration option in the main 3WXM tool bar and click on Third Party APs in the Organizer panel The third party APs are listed in the Cont
145. you selected will not be able to save their changes when you delete their lock Click Yes to confirm that you want to do this If you override the lock 3WXM unlocks the part of the plan that was locked and notifies the other 3WXM users about the lock change From this point on the former lock holder cannot save changes to the previously locked portion of the plan By default 3WXM sends a message to all users who have the plan open with monitor access to inform them when changes are saved to the plan In addition 3WXM sends a message to each monitor user so that one of them can then edit the plan 60 CHAPTER 4 WORKING WITH NETWORK PLANS A W N To disable notification In the main 3WXM window select Tools gt Preferences Click the Persistence tab To disable change notification clear Plan Change Notification Click Close Defining a Mobility Domain Roaming Behavior A Mobility Domain is a collection of WX switches that work together to support roaming users One of the WX switches is defined as a seed device which distributes information to the other WX switches defined in the Mobility Domain A Mobility Domain allows users to roam geographically from one WX switch to another without losing network connectivity Users connect as a member of a VLAN through their authorized identities If the native VLAN for a user is not present on the WX to which the user connects the WX creates a tunnel to that VLAN A netwo
146. you to select the switches to place in the Mobility Domain and to select the seed switch Add the switches to the network plan before you configure the Mobility Domain Select the Configuration tool bar option 2 Select the network plan in the Organizer panel 3 Select the Mobility Domain task in the Task List panel The Create Mobility Domain wizard appears In the Name box type the name for the Mobility Domain 1 to 16 characters with no spaces or tabs Click Next Creating a WX Switch Creating a WX Switch 63 In the Available Devices list select the WX switches you want to add to the Mobility Domain 7 Click Next 8 Select the switch to act as the seed switch for the Mobility Domain 9 Click Finish A W N Select the Configuration tool bar option In the Organizer panel select the network plan name In the Task List panel select Wireless Switch Go to Using the Create Wireless Switch Wizard on page 165 Creating a Third Party AP You can add a third party AP to the network plan s equipment list When you use RF Planning you can place the AP on its location on a floor plan In this case 3WXM take the AP s channel number into account when assigning channels to MAPS Select the Configuration tool bar option 2 Select the network plan in the Organizer panel 3 Select the Third Party AP task in the Task List panel The Create Third Party AP wizard appears In the Name box type a name for t
147. 0b 0e 0 Yes Alphawx2 wx1200 DAP23 R SEM 502 113 nA NjA 00 0b 0e 0 No Alphawx2 wx1200 DAP23 R SENN S02 119 N A NjA 00 0b 0e 0 Yes Alphawx2 wx1200 DAP22 R SEMIN S02 118 N A NjA 00 0b 0e 0 No Alphawx2 wx1200 DAP22 R SEM 502 119 N A NjA 00 0b 0e 0 Yes A Alphawx 1 wx4400 DAP15 OR 502 11a 64 11 00 0b 0e 0 No Alphawx1 Wx4400 DAP15 Dp 502 119 11 14 00 0b 0e 0 Yes Alphawx1 Wx4400 DAP13 OB 502 11a 153 14 00 0b 0e 0 No Alphawx1 Wx4400 DAP13 GB 502 119 6 14 00 0b 0e 0 Yes A Alphawx1 Wx4400 DAP12 BM 502 11a 56 11 00 0b 0e 0 No A Alphawx 1 wx4400 DAP12 Dp 502 119 11 11 00 0b 0e 0 Yes D Using the Client Monitor View 415 Using the Client Monitor View Toolbar Options The Client Monitor view shows detailed information about client activity on the network Client information is displayed in the following tabs a Client Activity displays association and 802 1X information for the clients a Client Sessions lists bandwidth signal to noise ratio SNR and received signal strength indicator RSSI information for client sessions a Client Watch List lists the clients 3WXM is tracking You can set up a watch list of clients you want 3WXM to track 3WXM collects session and roaming information for the clients The Client Monitor view begins accumulating data as soon as 3WXM begins mon
148. 1 450 CHAPTER 16 MONITORING THE NETWORK t Performance Monitoring Monitoring Options Ethernet Statistics 7 Poll Interval 10 seconds Statistics gathered for option Octets In Unicast In Discards In Errors In Unknown Protocols In Multicast In Broadcast In NUnicast In Total In Pause In Octets Out Unicast Out Discards Out Errors Out Multicast Out Broadcast Out NUnicast Out Select scope to monitor Select object within the scope amp Mobility Domains Wireless Switch Sites Alphat 4400 AR Buildings amp Alphawx2 wx1200 PD alphawx3 wx1200 Dalphawx4 wx1200 PDalphawys WXR100 l ira Start Monitoring Close 2 Select the scope to monitor from the list on the left side of the dialog box 3 Select the specific object s to monitor from the list on the right side of the dialog box a To select multiple contiguous objects click Shift while selecting a To select multiple noncontiguous objects click Ctrl while selecting 4 Select the statistic type from the Monitoring Options box a Ethernet Statistics a Ethernet Errors a EtherStats packets per second by different packet lengths a Radio Statistics 5 Select the polling interval from the Poll Interval box The intervals available depend on the scope and statistic type you selected 6 Click Start Monitoring The Statistics dialog for your scope selection appears Accessing Realtime Performance Statistics 4
149. 1 FishBowl352 DAP12 MikesOffice DAP13 MA4P Empty DAP14 MAP S Empty DAP15 MAP Cafe Ext DAP16 DAP16 Bead Alphaw 2 Wwx1200 Alphawx 3 wx1200 Alphawx5 WXR100 Alphawx4 Wx1200 Sites Alerts CietMontor Q ESSER i Client Activity Client Sessions Client Watch List Total 639 Ev Client Name Client IP Address Dis jation 3Com ir pngo 192 15 117 3c0 Disassociation i 00 0e 35 ca ec 6c 3Com ir pngo 15 117 EA Client Cleared Fri Dec 02 18 36 25 P 00 0e 35 ca ec 6c 3Comair pngo 192 168 15 117 3comwlan Authorization Succes Fri Dec 02 18 36 26 P 00 0e 35 ca ec 6c 3ComAir pngo 0 0 0 0 Scomwlan Disassociation Fri Dec 02 18 36 28 P 00 0e 35 ca ec 6c 3Comair pngo 192 168 15 117 3comwlan Disassociation Fri Dec 02 18 36 31 P O0 0e 35 carec 6c 3Com ir pngo 192 168 15 117 3comwlan Client Cleared Fri Dec 02 18 36 31 P 00 0e 35 ca ec 6c 3Com ir pngo 192 168 15 117 3comwlan Authorization Succes Fri Dec 02 18 36 32 P 00 0e 35 carec 6c 3Comair pngo 0 0 0 0 3comwlan Disassociation Fri Dec 02 18 36 33 P 00 0e 35 ca ec 6c 3Comair pngo 192 168 15 117 3comwlan Authorization Succes Fri Dec 02 18 36 35 P 00 0e 35 ca ec 6c____3ComAir pngo 192 168 15 117 3comwlan hd Activity Details User Name 3ComAirpngo Session ID SESS 4688 08d243 577330 FfFF MAC Address 00 0e 35 ca ec 6c Client IP Address 192 168 15 117
150. 2 11b clients to any radio in this coverage area select Exclude 802 11b clients To allow 802 11b clients to associate to radios in the coverage area clear Exclude 802 11b clients Even when association of 802 116 clients is disabled if an 802 11b g radio detects a beacon from an 802 11b network the radio enters protection mode to protect against interference 118 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 4 Click Next The Floor Properties page appears t Create Coverage Area Optional Floor Properties Enter the Floor properties for the Coverage Area s Height of the Ceiling Feet x AP Placement Height Feet 10 x Enter the height at which the AP will be placed This needs to be entered only if it is different from the ceiling height lt Previous Next gt il Finish Cancel Specifying Floor Properties for the Coverage Area You can optionally specify floor properties for the coverage area if they are different from the defaults for the floor 1 To change the ceiling height specify the new height in the Height of the Ceiling box 2 To change the height where MAPs are mounted specify the new mounting height in the MAP Placement Height box 3 Click Next The Default Device Settings page appears Defining Wireless Coverage Areas 119 t Create Coverage Area Optional Default Device Settings Select the default WX and AP models for the Coverage Ar
151. 5 16 17 v Manage Constraints for Floor1 Coverage Area Selection Select the Coverage Area s to apply the constraints Update All Constraints Yes Coverage Area Selections Coverage Area Cover Click Next to apply constraints to selected coverage area s lt Previous l Cancel To update all the constraints for the selected coverage areas select Update All Constraints By default 3WXM applies only changed constraint values to the selected areas This default behavior preserves any constraint changes you make to individual areas when you configure them Select the coverage areas for which you want to apply constraints To select a coverage area click the box in the select column Click Next The Manage Constraints Progress page is active When the Completed Applying Constraints message is displayed in the Manage Constraints Progress page click Finish to save the changes 140 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM To compute and place MAPs Display the floor plan in the Content panel 2 In the Task List panel click RF Planning 3 Under RF Planning click Compute and Place The Compute and Place t Compute and Place for Floor1 Coverage Area Selection wizard appears Select the Coverage Areas for which you would like to compute and place the APs You can select one or more Coverage Areas You can also select the Wiring Closet and the default AP Com
152. 5 Click OK Configuring ARP Viewing and Configuring IP Services Settings 205 The Address Resolution Protocol ARP table maps IP addresses to MAC addresses ARP is enabled by default on the WX and cannot be disabled An ARP entry is added to the table in one of the following ways a Automatically by the WX The WX adds a local entry for its own MAC address and adds dynamic entries for addresses learned from traffic received by the WX When the WX receives an IP packet the WX adds the packet s source MAC address and source IP address to the ARP table a By the system administrator Using 3WXM you can add permanent entries to the ARP table Permanent entries do not age out and remain in the table even after the WX is rebooted In addition to adding permanent ARP entries you can set the amount of time unused dynamic entries remain in the table before they are removed In the Aging Time box specify the amount of time a dynamic entry can remain unused before the entry is removed from the ARP table The value range for the aging timeout is O to 1 000 000 seconds The default value is 1200 seconds To disable aging specify 0 as the aging timeout The local entry for the WX static entries and permanent entries in the ARP table are not affected by the aging timeout Access the Create ARP Entry wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plu
153. 51 t Performance Ethernet Port Statistics AlphaWX1 WxX4400 Show values as C Absolute Deltas G Export Absolute Current History Percent Select Detail Wireless Switch gt Octets In Out Octets Sec Packets In Out Packets 5ec Errors In Out Packets Sec Object Octets In Octets Out Alphawx1 Wx4400 6 208 Received data at Mon Dec 05 19 08 56 PST 2005 Generally the scope is an aggregate object which means that it is made up of sub objects The exception is when a scope is a set of ports When you see performance data for the aggregate object you are seeing the sum of the data of the sub objects For example a WX consists of ports Performance data for a WX is the sum of per port performance data values 7 To change the level of detail click the button next to Select Detail the button text depends on what scope you selected and select a level of detail from the list For more information see To see details for performance data on page 452 If you make changes in the network plan that affect the object D membership list for example you add a WX to a Mobility Domain and deploy it the current monitoring session does not update this change Stop the session and restart performance monitoring for the scope For more information about viewing performance data see Viewing Performance Data on page 451 For more information about exportin
154. 74 a Unknown Radio 00 0b 0e 30 30 01 36 81 z Unknown Radio 00 0b 0e 01 7b 81 36 85 Unknown Radio 00 0b 0e 17 c7 41 40 89 DAP S5QALab A G Radio2 00 0b 0e 00 d2 c1 40 92 DAP SQALab 4 G Radio2 00 0b 0e 00 d2 c3 40 91 DAP SQALab 4 G Radio2 00 0b 0e 00 d2 c7 40 90 v The RF Neighborhood tab lists the transmitters that can hear or are heard by the radio selected in the top section of the window You can select the viewpoint of the list To list the other transmitters that the selected radio can hear select Transmitters To list the other transmitters that can hear the selected radio select Listeners Information is displayed for a radio if the radio sends beacon frames or responds to probe requests Even if a radio s SSIDs are unadvertised 3Com radios detect the empty beacon frames beacon frames without SSIDs sent by the radio and include the radio in the neighbor list Table 54 lists the information displayed on the tab Table 54 RF Monitor RF Neighborhood Columns Column Description Neighbor MAP name and radio number Note This information comes from the site plan and is displayed only if the MAP is in the plan 444 CHAPTER 16 MONITORING THE NETWORK Table 54 RF Monitor RF Neighborhood Columns continued Column Description BSSID Channel RSSI BSSID detected by the radio Note This column displays a single entry for each 3Com radio even if the radio is supporting m
155. 894 1888 AT amp T 800 998 2 800 998 2112 AT amp T 800 998 2 800 998 2112 AT amp T 800 998 2 AT amp T 800 998 2 57 1 657 0888 o 12 12 12 12 US and Canada Telephone Technical Support and Repair 1 800 876 3266 INDEX Numbers 3WXM restricting access to 50 software requirements 23 3WXM client installing 24 3WXM service installing 24 802 1Q tagging 209 802 1X configuring 303 802 1X authentication standard 303 A access control entries See ACEs access control entries access control lists See ACLs access control lists ACL mapping 228 ACLs access control lists creating 221 definition 220 mapping 228 naming guidelines 222 administrative access 318 administrative users 318 ARP Address Resolution Protocol configuring 205 assigning MAP channels 144 attributes reassigning with the location policy 325 authorization attributes 293 local database assignment 243 293 Auto AP profile 269 backbone fast convergence 213 C certificates deleting 371 distributing 372 managing 371 processing 370 reviewing details 371 types 369 channel assignments 144 closing network plans 58 configuration verifying 363 configuration changes reviewing 350 352 synchronizing 350 configurations exporting 359 importing 359 console access 318 conventions notice icons About This Guide 17 text About This Guide 18 copying objects 42 countermeasures enabling 284 ignoring friendly devices 283
156. 9 for information on creating a profile 120 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM gt gt 4 1 gt If the MAPs are directly connected to the WX ensure that UTP Cat 5 cabling distances between the MAP and the WX in the wiring closet do not exceed 100 meters 330 feet An indirectly attached MAP requires Power over Ethernet PoE from a source other than a WX switch such as a power injector Click Next If you selected Direct or Distributed in the AP Connection Type list the Redundant Connections page appears Go to Specifying Redundancy Computation for MAPs in the Coverage Area on page 120 If you selected Distributed Auto in the AP Connection Type list the Capacity Planning for Data page appears Go to Configuring Capacity Calculation for Data on page 122 Create Coverage Area Optional Redundant Connections Would you like to compute redundant connections for the APs in the Coverage Area s Compute Redundancy lt Previous Next gt Finish Cancel Specifying Redundancy Computation for MAPs in the Coverage Area You can optionally configure 3WXM to compute redundant connections for the APs in the coverage area To plan for redundant MAP connections to WX switches select Compute Redundancy Only AP models that have two Ethernet ports can support redundant direct connections However models with one Ethernet port can support redundant distributed connectio
157. 945 3794 Switzerland Italy 199 161346 U K You can also obtain support in this region using the following URL http emea 3com com support email html Telephone Number 342 0808128 0900 777 7737 815 33 047 00800 441 1357 707 200 123 0800 995 014 9 021 60455 07711 14453 08488 50112 0870 909 3266 Latin America Telephone Technical Support and Repair Antigua Argentina Aruba Bahamas Barbados Belize Bermuda Bonaire Brazil Cayman Chile Colombia Costa Rica Curacao Ecuador Dominican Republic 1 800 988 2112 0 810 444 3COM 1 800 998 2112 1 800 998 2112 1 800 998 2112 52 5 201 0010 1 800 998 2112 1 800 998 2112 0800 13 3COM 1 800 998 2112 AT amp T 800 998 2112 AT amp T 800 998 2112 AT amp T 800 998 2112 1 800 998 2112 AT amp T 800 998 2112 AT amp T 800 998 2112 Guatemala Haiti Honduras Jamaica Martinique Mexico Nicaragua Panama Paraguay Peru Puerto Rico Salvador Trinidad and Tobago Uruguay Venezuela Virgin Islands You can also obtain support in this region using the following Spanish speakers enter the URL http lat 3com com lat support form html Portuguese speakers enter the URL http lat 3com com br support form html English speakers in Latin America should send e mail to lat_support_anc 3com com AT amp T 800 998 2112 57 1 657 0888 AT amp T 800 998 2112 ao 800 998 2112 571 657 0888 01 800 849CARE AT amp T 800 998 2 AT amp T 800 998 2 54 11 4
158. A W N 1 You can configure MAP radio settings when you configure the MAPs You also can view or change radio settings after the MAPs are configured To view radio settings Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to Wireless Select Radios The radio settings appear in the Content panel Each row in the table shows settings for an individual radio To display all settings for a radio select the radio and click Properties To change radio settings Access the radio table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select Radios To change basic radio settings select the new values in the table To change more advanced features select the radio and click Properties For information about the radio parameters in the table see step 10 on page 276 For information about the radio parameters in the Radio Properties wizard see step 8 on page 279 If you edit settings in the table click Save If you configure settings in the Radio Properties wizard clicking OK to close the wizard also saves the changes 282 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Viewing and Changing RF Detection Settings gt gt Viewing RF Detection Settings Adding an Entry to the Permitted Vendor OUI List A W N 1
159. A rules configured on the WX switch Mobility Profile Mobility profiles configured on the WX switch Location Policy Location policies configured on the WX switch Local User DB Users configured in the local database Generating a Client Summary Report gt A W N The client summary report lists current client sessions The data for this report comes from the 3WXM Services The Enable client session collection option located in the Client Monitor group box of the Monitoring Settings tab must be enabled See Changing Monitoring Settings on page 500 Select the Reports tool bar option In the Report Category list select Client Monitoring Reports In the Reports list select Client Summary Select the scope type of the report from the Report Scope Type drop down list a Mobility Domain a Wireless Switch a Site a Building a Floor a Coverage Area Generating a Client Details Report 389 Select the instance for which you want the report For example if the scope is Building select the building To select or change the output directory for the report click Choose navigate to the new directory and click Select To prevent 3WXM from replacing an existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option 8 Click Generate 9 When the report is generated click the report link to view it The client summary report contains the following sectio
160. ALab A G 802 11a EBC AP f Dist Cha RSSr Status FishBowl352 MAP Cafe Ext MAP Empty MAP RestRoom MAP SalesMarketin MAP TechPub WX3 P1 802 11big WX3 P2 WX3 P3 MikesOffice OutsideHotHouse AP f gt Dist Cha RSSI Status Alerts a 2 In the RSSI Options box select display options for the dialog box a To list access points that cannot be detected from this RF measurement point select Show Unreachable MAPs a To list disabled access points select Show Disabled MAPs 3 Click on a spot on the floor plan RF measurements for that spot appear A triangle is also displayed where you clicked B tt Explore Using the Explore Window 413 p a amp amp B Pl ShowRF coverage Using Baseline Association Rate 7 RRR all A SE AlphaNET4_1_0 Equipment Sites 3Com Corp E Building5753 Floor1 Level 1 DAP SQALab A G EBC FishBowl352 MAP Cafe Ext MAP Empty MAP RestRoom MAP SalesMarketin MAP TechPub WX3 P1 W3 P2 WR3 P3 MikesOffice OutsideHotHouse Alerts RF Point X Feet 335 4 Y Feet 232 6 RSSI Options Show Unreachable APs 802 114 AP Dist Cha PTTTTPrrr rte 1 Upsets Receiver Threshold 2 Rx Frames 3754764 l Tx Unicast Frames 3740048 sal Tx Multicast Frames 184874107
161. AN numbers can vary uniquely for each WX and are not related to 802 1Q tag values even when used In the VLAN ID box specify a VLAN number 2 to 4093 The VLAN number must be unique on a particular WX Click Next From the list of available members select a port or port group if you previously created port groups If a port or port group is currently a member of a VLAN the VLAN name is listed in the VLAN s column To make multiple selections press Shift for contiguous items or Control for noncontiguous items while clicking items Do one of the following a To add a port or port group to the VLAN and remove previous VLAN membership click Move Moving a port or port group could potentially affect multiple VLANs To add a port or port group to the VLAN and retain previous VLAN membership click Add Click Next 8 To add an IP interface to the VLAN do one of the following 10 a Statically configure an address by editing the IP address and subnet mask for example 10 10 10 10 16 a Select DHCP Client to use a DHCP server to dynamically obtain an IP address for the VLAN Generally VLANs are equivalent to IP subnets If a WX is connected to the network by only one IP subnet the WX must have at least one VLAN configured Optionally each VLAN can have its own IP address However no two IP addresses on the switch can belong to the same IP subnet MSS does not support assigning a switch s system IP address
162. APs classify ingress traffic from wireless clients based on the service type value in the 802 11 header and mark the DSCP value in the IP tunnel on which the MAP forwards the user traffic to the WX MAPs place traffic from a WX to a wireless client in a forwarding queue based on the DSCP value in the tunnel carrying the traffic then forward the traffic based on the queue s priority MSS performs classification on ingress to determine a packet s CoS value This CoS value is used to mark the packet at the egress interface The classification and marking performed by the switch depend on whether the ingress interface has an 802 1p or DSCP value other than 0 and whether the egress interface is tagged or is an IP tunnel The mappings between DSCP and CoS values are configurable For more information about how MSS QoS works see the Configuring Quality of Service chapter in the Wireless LAN Switch and Controller Configuration Guide To view CoS mappings 1 Select the Configuration tool bar option 2 In the Organizer panel click the plus sign next to the WX switch 3 Click the plus sign next to System 4 Select QoS 232 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Changing a DSCP to CoS Mapping Changing a CoS to DSCP Mapping 1 1 The QoS mappings appear in the Content panel The DSCP to CoS table lists the internal CoS values to which MSS maps DSCP values during classification of ingress traffic The CoS to DSCP
163. Adding an Entry to the Permitted SSID List Adding an Entry to the Ignore List Viewing and Changing RF Detection Settings 283 Select the vendor from the Vendor drop down list Select the specific OUls you want to allow for the selected vendor Go to step 9 If the vendor or OUI is not listed click Cancel then select Permitted OUI Entry in the Task List panel Go to step 6 both client and AP 8 Click OK 9 0 1 Click Add to move the OUls to the Permitted OUI List Click OK To add an entry to the permitted SSID list Access the RF detection settings a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select RF Detection 2 Type the SSID name in the SSID box 3 Click OK 1 To add an entry to the Ignore list Access the RF detection settings a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select RF Detection 2 Edit the MAC address in the MAC Address box 3 Click OK 284 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Adding an Entry to the Rogue List Adding an Entry to the Client Black List Enabling Countermeasures 1 To add an entry to the Rogue list Access the RF detection settings a Select the Configuration tool bar option b In the Organizer panel click the plus sig
164. Click Select to specify a Mobility Domain to import configuration information to Then select the Mobility Domain from the list To replace existing WX switch information in 3WXM with information from the configuration file select Update existing WXs Click Select Files The Select Files To Import dialog box appears Select one or more configuration files to be imported To make multiple selections press Shift for contiguous items or Control for noncontiguous items while clicking items Click Select Files To Import The file or files you selected appear in the File Import Results list To remove all the files you previously selected click Clear Files 360 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS 7 Click Import The status of the import process appears in the Status column 8 Click Close to save the changes 9 Enable 3WXM to manage the switch See Modifying Basic Switch Parameters on page 170 To export a configuration 1 Select File gt Export The Export Configurations dialog box appears 2 In the Export From list select the Mobility Domain whose configuration you want to export 3 If you want to export the configuration file to a different directory click the Choose button which is labeled with the current output directory The Select dialog box appears Navigate to the directory you want to use as the output directory and click Select 4 To overwrite previously exported configuration files
165. Configuring and Managing IP Interfaces and Services chapter of the Wireless LAN Switch and Controller Configuration Guide To create a static route Access the Create Route wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select IP Services e In the Task List panel select Route To configure a default route select Default Route and go to step 3 Otherwise in the Destination IP Address box type the destination IP address and subnet mask in classless interdomain routing CIDR notation for example 10 10 0 0 16 In the Gateway box type the IP address of the gateway that the route uses In the Metric box specify the cost for using the route 0 to 2 147 483 647 Lower cost routes are preferred The default is 1 Click Finish Create an IP Alias Configuring DNS Viewing and Configuring IP Services Settings 203 You can map an IP address to a name by creating an IP alias For example if you create an IP alias carmel for IP address 10 20 30 40 you could type telnet carmel rather than telnet 10 20 30 40 You can use IP aliases in conjunction with DNS If you use IP aliases and DNS is enabled the WX looks up IP aliases before checking for entries on a DNS server Access the Create IP Alias wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch
166. Controls local offsets to Universal Mean Time UMT See Viewing and Changing Management Settings on page 186 Log Controls log and trace settings See Viewing and Setting Log and Trace Settings on page 198 IP Services Settings for IP parameters P routes to the default gateway a P aliases a Domain Name Service DNS settings a Network Time Protocol NTP settings a Address Resolution Protocol ARP settings See Viewing and Configuring IP Services Settings on page 201 WX Switch Configuration Objects 159 Table 16 WX Switch Object Types continued Category Object Type Description System cont VLANs Groups of physical ports configured as a distinct Layer 2 broadcast domain Each VLAN has its own Spanning Tree Protocol STP and Internet Group Management Protocol IGMP settings Optionally a VLAN can be associated with an IP interface See Viewing and Configuring VLANs on page 206 ACLs Access Control Lists ACLs to filter traffic See Viewing and Configuring ACLs on page 220 Qos Mappings between Differentiated Services Code Point DSCP values and internal Class of Service CoS values See Viewing and Changing CoS Mappings on page 231 Wireless Wireless Services Settings for SSIDs to provide network services Wizards are provided for configuring the following types of services 802 1X voice Web Po
167. Displaying a Rogue s Geographical Location on page 468 Displays the location on the floor plan of clients associated with the rogue Adds the selected MAC address to the ignore list and removes it from the rogue list Adds the selected MAC address to the attack list If countermeasures are enabled MAP radios start using them against the device Changes the selected MAC address from a rogue into a third party AP 464 CHAPTER 17 DETECTING AND COMBATTING ROGUE DEVICES Table 59 Toolbar Options on Rogue Detection Screen continued Icon Description Adds the clients of the selected MAC address to the client black list MSS prevents clients on the list from accessing the network through a WX switch E Opens the Rogue Details Report dialog box which allows you to generate a report on the selected rogue Filtering the Rogue By default the rogue list contains all rogues detected during the List most recent polling interval in all Mobility Domains in the network plan You can change the filter criteria for which rogues are listed To filter the rogue list 1 Click the Fj Filters icon on the Rogue Detection screen s toolbar The Rogue List Filter Options dialog box appears t List Filter Options APs Options V Show Rogue APs V Show Interfering APs v Show Ad hoc Clients Time Constraints Time Current nov 24 2o05 Dec 9 2005 E Apply Cancel Help
168. ERS Viewing Users and Groups in the Local Database A W N You can create two types of users in the local database a Named users These users are authenticated by username and password and are assigned to specific VLANs Users include administrators and network users You can group these users by creating user groups in order to simplify configuration MAC address users These users are authenticated by a MAC address For example devices such as PDAs or cellular phones that do not support 802 1X authentication are identified when the WX switch discovers the MAC addresses of these devices from received frames The MAC address is the username and is authenticated by the local database You can group these users by creating user groups MAC address users and user groups cannot be assigned administrative access to the WX switch In addition to username and password you can configure authorization attributes for users Authorization attributes specify the network resources the user can access The most commonly used attribute is VLAN Name which specifies the VLAN to place the user in after they are authorized You can configure authorization attributes for individual users and for user groups When you configure attributes for a user group the attribute settings apply to all users in the group However if attributes are also configured for an individual user in the group the values for the attributes configured for the ind
169. ETERS Configuring an 802 1X Wireless Service The 802 1X Service Profile wizard requires you to select one or more RADIUS server groups and does not allow you to complete the configuration without selecting one To be available for selection in the wizard a RADIUS server group must already be configured before you open the wizard See Viewing and Configuring RADIUS Settings on page 298 Access the 802 1X Service Profile wizard a In the Organizer panel click on the plus sign next to the WX switch on which you want to configure the service profile b Click on the plus sign next to Wireless c Select Wireless Services d In the Task List panel select 802 1X Service Profile 2 Read the description of the wizard on the first page then click Next 3 Edit the service name in the Name box Editing the name is optional if this is the first service of this type you are configuring on the switch Type the SSID name in the SSID box 5 Click Next Select the security modes you want the SSID to support You can select one or more of the following a RSN WPA2 a WPA a Dynamic WEP 7 Click Next If you selected RSN or WPA in step 6 select the encryption algorithms to use Otherwise go to step 11 a AES CCMP Usually used with RSN WPAZ2 a TKIP Usually used with WPA a WEP 104 Used with dynamic WEP a WEP 40 Used with dynamic WEP Click Next 10 11 12 13 14 Viewing and Configuring Wireless Se
170. Entire Floor only available if RSSI Projections is selected a Show Unreachable MAPs only available if RSSI Projections is selected a Show MAPs on Other Floors only available if RSSI Projections is selected Select the language a English German 400 CHAPTER 15 GENERATING REPORTS To change the output directory for the report click on the button next to output directory navigate to the new directory and click Select 8 Click Generate 10 11 gt When the report is generated click View A browser window containing the report opens Optionally select the floor Click View Work Order The origin reference point used in work orders to indicate MAP placement is the upper left corner of the coverage area Typically this origin point will not match the origin point used on the floor plan itself 16 MONITORING THE NETWORK This chapter describes how to use the 3WXM monitoring service It includes information about monitoring service requirements accessing monitored data using the Explore Status Summary Client Monitor RF Monitor and RF Trends windows and accessing realtime performance statistics and the event log Overview The 3WXM Services regularly checks the status of the network and reports that status to each 3WXM client that is connected to the service Optionally the service also receives SNMP traps generated by the WX switches and shows information based on those traps The Monit
171. For example if the drawing includes parking lot information you can easily remove the parking lot by cropping CAUTION All objects that are outside the area you select to keep are permanently removed To crop the paper space Display the floor plan in the Content panel Click ae on the toolbar Click and diagonally drag the cursor over the area you want to keep Release the mouse button A warning is displayed Read the warning To complete the crop click Yes To cancel the crop request click No Eile Tools Help Importing or Drawing Floor Details 85 If you click Yes all objects and paper space outside the area you selected are removed and the image is resized to fill the removed space Figure 1 on page 84 shows the same floor plan as Figure 2 below after cropping the paper space Figure 2 Floor Plan After Cropping 4 amp Back BRAXE AIEA BRIERE BRE Forwar gt 2 ii y L Q 6 1 d Policies RF Planning Configuration Devices Monitor Rogue Detection verification Events pan Cose J mea 14 er taming a Building1 gt Import Floor Layout TTT TTTTTT TTT TAIT TTT TT TTT TTT TT TTT TTT gt Clean Layout D gt Create RF Obstacles b gt Compute and Place p As D Comput P gt Work Order Report Site Survey Zz gt Import Points gt Import Measurement D gt Optimize gt Report Sites OOOO Sites RF Planning B objectstoPlace S rtoor Hras N M EF Tools
172. ID Username of the client MAC address of the client VLAN to which the client was assigned 802 1X protocol used to authenticate the client a EAP TLS a MD5 a NONE a PASS THROUGH a PEAP a N A Mobility Domain WX switch MAP and radio that were dealing with the client ID used by 3Com equipment to track the session within the Mobility Domain 426 CHAPTER 16 MONITORING THE NETWORK Table 45 Activity Details for Disassociation continued Column Description Client IP Address IP address of the client Auth Server IP System IP address of the WX switch that was attempting to authenticate the client Note The system IP address is listed even if the switch was using a RADIUS server to authenticate the client SSID SSID the client was associated with Table 46 Activity Details for Dot1x Failure Column Description User Name Username of the client Auth Protocol Type 802 1X protocol used to authenticate the client a EAP TLS a MD5 a NONE a PASS THROUGH a PEAP Client Location Mobility Domain WX switch MAP and radio that were dealing with the client Failure Cause Cause of the failure MAC Address MAC address of the client SSID SSID the client was requesting Dot1x State 802 1X state of the client a administrative kill a bad rsnie bonded auth failure fourway hs failure max sessions exceeded a other quiet period timeout user glob mismatch Failure Description Descr
173. ING WX SYSTEM PARAMETERS If STP is enabled on the VLAN spanning tree packets are dropped at the port If STP is disabled on the VLAN spanning tree packets are forwarded transparently through the VLAN to and from that port 6 In the Port Priority box specify a priority value 0 to 255 The default is 128 7 In the Path Cost box specify a value 0 to 65 535 for the cost The default depends on the port speed and link type 1000 Mbps full duplex aggregate link port group 3 1000 Mbps full duplex 4 100 Mbps full duplex aggregate link port group 15 100 Mbps full duplex 18 100 Mbps half duplex 19 10 Mbps full duplex aggregate link port group 90 10 Mbps full duplex 95 10 Mbps half duplex 100 Specify 0 to use the default cost for the port based on link speed 8 To enable port fast convergence select the PortFast checkbox Port fast convergence bypasses both the listening and learning stages and immediately places a port in the forwarding state Use port fast convergence on network ports that are directly connected to servers hosts or other MAC stations Do not use port fast convergence on ports connected to other bridges 9 Click OK Viewing and Configuring VLANs 213 Enabling STP Fast Convergence Features The standard STP timers delay traffic forwarding briefly after a topology change The time a port takes to change from the listening state to the learning state or from the learning state
174. Listeners Selection dialog box appears displaying a list of the MAPs that have detected the client If the Listeners Selection dialog box appears select the MAPs for 3WXM to use when calculating the client s location 440 CHAPTER 16 MONITORING THE NETWORK t Listeners Selection Select Listeners Please select the listeners to use For best results choose listeners that reported information around the same time Listeners Select Listener RSSI Collected At Channel AlphawWx1 WX4400 FishBowl352 86 00 02 05 secs ago v AlphaWx1 WX4400 MaP Empty 56 00 01 03 secs ago v Alphawx2 WX1200 MAP SalesMarketin 56 00 01 03 secs ago Alphawx2 Wx1200 P01 EBC l 75 00 01 02 secs ago AlphawX5 WXR100 DAP SQALab A G 89 00 02 05 secs ago C To improve the accuracy of the client location display you can select up to six MAPs from the list 3WXM uses the selected MAPs to calculate the location of the client For best results you should select the MAPs that have detected the client most recently When selecting multiple MAPs you should select those that have collected data at approximately the same time In the example above three MAPs are selected all of which collected data about the client approximately 1 second before which is the most recent data collected After selecting the MAPs from the Listeners list click OK to display the approximate location of t
175. MAP ports or Distributed MAPs You can specify that all or no ports are included or you can specify a list of ports to be included After creating a Mobility Profile you can assign it to users created in the local WX user database or users who are authenticated and authorized by a RADIUS server You assign the name of the Mobility Profile by using the Mobility Profile RADIUS attribute which is a 3Com vendor specific attribute VSA To view mobility profiles Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Mobility Profiles The configured Mobility Profiles appear To create a mobility profile Access the Create Mobility Profile wizard Select the Configuration tool bar option Click the plus sign next to AAA Select Mobility Profiles e In the Task List panel select Mobility Profile a b In the Organizer panel click the plus sign next to the WX switch c d In the Profile Name box type the name of the Mobility Profile The name can be up to 16 alphanumeric characters and it cannot contain tabs Click Next Viewing and Changing Mobility Profiles 329 4 In the Ports drop down list select the ports to include in the Mobility Profile a All tnclude all MAP or wired authentication ports a Selected lInclude a selected list of ports a None tinclude no ports If you select Selected select the individual
176. MAP port or a wired authentication port b In the Direction list select In to filter incoming packets or Out to filter outgoing packets c Click Finish 6 To map an ACL to a virtual port a Inthe Tag Value box specify the 802 1Q tag value that identifies a virtual port in a VLAN The tag value can be anumber from 1 to 4093 The default value is 1 Make sure that you do not specify duplicate mappings that specify the same port and tag value b In the port list select the port to which you want to map the ACL You cannot map an ACL to a MAP port or a wired authentication port c Inthe Direction list select In to filter incoming packets or Out to filter outgoing packets 7 To map an ACL to a VLAN a In the Type list select ID to identify the VLAN by number or Name to identify it by name If you selected Name select or type the VLAN name from the Name drop down list If you selected ID select or type the VLAN number in the ID box b In the Direction list select In to filter incoming packets or Out to filter outgoing packets 8 To map an ACL to a Distributed MAP a Inthe DAP ID list select the Distributed MAP from the list 230 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Deleting an ACL Deleting an Individual ACE from an ACL 1 b In the Direction list select In to filter incoming packets or Out to filter outgoing packets Click Finish The mapping appears in the ACL Mappings table To delete an
177. Mobility Domain fiz a Client Monitor SE AlphaNET4_1_0 Equipment 5 HAlphawxi wx4400 Alphaw x 2 wWx1200 Alphawx3 wx1200 AlphawxS WXR100 Alphaw4 wWx1200 Sites Alerts Using the Client Monitor View 417 te QBSSEeAR i Client Activity Client Sessions Client Watch List Total 2425 Scope Authentic Authoriza Associati Dotix Fai Associati De Assoc Roams Clears Alphawx 0 3 2 1033 135 88 22 73 Jh alphawx 0 0 o 213 15 7 8 12 Jb Aalphawx 0 1 0 15 44 27 22 33 Jh alphamx 0 11 0 210 229 61 58 103 Refreshed at Thu Dec 01 21 05 48 PST 2005 The same counters ap Table 38 lists the data Mobility Domain is sel 3WXM Services receiv pear when you select a Site building or floor displayed on the Client Activity tab when a ected The counters are incremented each time the es a client activity trap generated by a WX switch The counters represent activity for all clients within the selected scope Table 38 Client Activity Columns When a Mobility Domain is Selected Option Description Scope Scope of the data displayed in the row For a Mobility Domain the scope for each row in the Client Activity tab is always a WX switch The down arrow in front of the WX switch name indicates that you can double click on the arrow to change the scope in the Status Summary and Ex
178. N switches click Finish and go to step 13 If you plan to manage more than 10 wireless LAN switches click Next and go to step 9 If you are activating an evaluation copy you can manage up to 10 wireless LAN switches Type the upgrade license key in the License Key box and click Next Click the Get Activation Key to access the product activation key for your upgrade license Register your upgrade license in order to obtain its activation key Copy the activation key for the upgrade license from the web page and paste it into the Activation Key box of the Activation Key page Click Finish To connect to the server select File gt Connect from the menu bar The 3WXM Services Connection dialog box appears In the 3WXM Services Connection dialog box enter the IP address of a host running 3WXM Services leave this as 127 0 0 1 if the services are being run on this host and then click Next After a connection is established to the specified 3WXM Services host do one of the following a Edit the currently loaded network plan The first time you start 3WXM a network plan called Default is opened a Create a new network plan If you select this option wizard pages guide you in setting up a network plan For more information see Creating a Network Plan on page 54 a Switch to an existing network plan You can open the sample plan included with 3WXM or a plan that you or another 3WXM user has saved on the 3WXM Servic
179. Non 802 11 PHY Errors Re transmits Receiver Threshold Noise Floor dBm second Number of authorized clients associated with the radio Combined number of the following types of errors 802 1X failures association failures authentication failures authorization failures Number of frames received by the MAP radio that had physical layer errors on the active channel These errors can indicate interference from a non 802 11 device Number of times the radio detected energy on the active channel that either was not recognizable as an 802 11 frame or was above the power level of background noise Number of retransmitted packets sent from the client to the radio on the active channel Retransmissions can indicate that the client is not receiving ACKs from the MAP radio Radio s hearing sensitivity in decibels dB Received signal strength at which the MAP can no longer distinguish 802 11 packets from ambient RF noise A value around 90 or higher is good for an 802 11b g radio A value around 80 or higher is good for an 802 11a radio Values near O can indicate RF interference If the SNR Associated Clients or Receiver Threshold column is red this indicates that the threshold configured for this parameter has been exceeded See Changing Monitoring Settings on page 500 When looking at graphed data you can see the data in absolute or delta values Delta rate of change values are calculat
180. Otherwise go to step 9 To match on all protocols leave the value any The following table lists commonly used IP protocol numbers IP Protocol Number Protocol 1 Internet Control Message Protocol ICMP 2 Internet Group Management Protocol IGMP 6 Transmission Control Protocol TCP 9 Any private interior gateway used by Cisco for Internet Gateway Routing Protocol 17 User Datagram Protocol UDP 41 IPv6 46 Reservation Protocol RSVP 47 Generic Routing Encapsulation GRE 50 Encapsulation Security Payload for IPSec IPSec ESP 51 Authentication Header for IPSec IPSec AH 55 IP Mobility Mobile IP 88 Enhanced Interior Gateway Routing Protocol EIGRP 89 Open Shortest Path First OSPF protocol 103 Protocol Independent Multicast PIM 112 Virtual Router Redundancy Protocol VRRP 115 Layer Two Tunneling Protocol L2TP 7 To specify the TCP or UDP source port a Click on the down arrow in the Source Port column b Select the comparison operator from the Operator drop down list a Less Than Greater Than n Equal 224 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Not Equal Range None no comparison is required c Select the well known port name from the Port Name drop down list If the name is not in the list select Other and type or select the port number in the Port Number box d If you selected Range as the comparison operator type or
181. PTER 6 CONFIGURING WX SYSTEM PARAMETERS AN To use an existing rule leave the rule in the list c Click Next d Select the authentication and accounting method RADUS server group or local database For information see AAA Methods RADIUS Server Groups and the Local User Database on page 240 e Click Next f To configure accounting select Enabled select the record type Start Stop or Stop Only then select LOCAL or a RADIUS server group for the accounting and click Add g Click Finish a If you selected None in step 2 you are finished with this procedure If you selected Web Portal in step 2 go to step 7 If you selected Open Access in step 2 go to step 11 If you selected Web Portal in step 2 select the VLAN to which you want the switch to assign Web Portal users Otherwise go to step 11 Click Next The ACEs ACL rules that 3WXM will configure for the Web Portal service are listed The ACEs are required to allow DHCP traffic while blocking all other traffic while a user is being authenticated These ACEs are used only during authentication After the user is authenticated the ACEs are not used If you need to add ACEs continue with this step Otherwise go to step 9 a To add an ACE click Add Rule 3WXM adds an ACE to the end of the list The ACE matches on all source and destination IP addresses and denies them To modify an ACE select the part of the ACE you want to modify and e
182. R RSSI dBm 3Com ir mike 192 168 12 196 00 0b 7d 25 fb 53 AlphaNET4_1_0 Alph 18 73 DAP12 MikesOffice DAP13 MAP Empty DAP14 MAP S Empty DAP15 MAP Cafe Ext DAP16 DAP16 Alphawx2 wWx1200 Alphawx3 wx1200 AlphaWx5 WXR100 Alphawx4 wx1200 Sites Alerts a To display details for a client on the watch list select the client Details for the client appear in the window cientmontor Je Qilx ERB E AlphanET4_1_0 K Client Activity Client Sessions Client watch List Equipment Total 1 Eb 3ComAir Username IP Address MAC Address Location RSSI dBm 3ComAir mike 196 53 AlphaNET4_1_0 Alph 39 2 DAP12 MikesOffice DAP13 MAP Empty DAP14 MAP S Empty DAP1S MAP Cafe Ext DAP16 DAP16 Client Details TRAPEZE mike Alphawx2 Wx1200 Alphawx3 Wx1200 Session Trend Session Stats Trend LifeTime AP Stats Activity Log Alpha WX5 WXR100 Session Properties Session Statistics I Location History Session History Alphaw x4 wxX1200 Username Bcomairimike O O IP Address 192 168 12 196 current O Sites MAC Address ooob 7d 2sb s3 VLAN Name Start Time Mon Dec 05 09 29 03 PST 2005 Authentication Server 192 168 3 4 so emanen Access Type EAP Type Pass Through Session State 438 CHAPTER 16 MONITORING THE NETWORK Details are displayed on the following tabs Session displays the Session Properties Session Statistics and Lo
183. Requirements This method of switch replacement works only under the following conditions a The new switch must be the same model as the one being replaced a The new switch must run the same major MSS version for example 4 1 x as the one being replaced a For models other than the WXR100 the new switch must be pre staged by a network administrator See Staging a WX Switch for Configuration by 3WXM on page 336 a The new switch must send its configuration request to 3WXM from the same IP subnet as the management address of the switch being replaced 3WXM will give the new switch the same IP address as the old switch a The new switch must be the only WX switch on the subnet How Switch Replacement Works Enabling Replacement of Remote Switches Replacing a Switch and Reusing its Configuration 343 A network administrator enables the Auto Config IP Subnet Matching option in 3WXM This option is on the 3WXM Services Setup dialog Someone at the remote office physically unplugs the failed switch and plugs in a new unconfigured switch or a pre staged switch The person at the remote office powers on the new switch If the switch is a WXR100 the person at the remote office also inserts a paperclip or similar object into the WXR100 s Fn hole to press the Fn switch Normally the Fn LED the right LED above port 1 remains solidly lit for 3 seconds after power on However when the Fn switch is pressed the LED
184. Rogue Detection tool bar options the access points are listed in RF Planning on the Objects to Place tab from which you can move them to their locations on the floor plans See Moving a Third Party AP Icon to its Floor Location You also can add third party access points in RF Planning See Creating and Placing an Icon for a Third Party Access Point Moving a Third Party AP Icon to its Floor Location 1 2 3 gt Creating and Placing an Icon fora Third Party Access Point Placing Third Party Access Points 131 If you added a third party access point while using the Configuration or Rogue Detection tool bar options the access point is on the Objects to Place tab In RF Planning navigate to the floor plan In the Organizer panel click Objects to Place Select the icon or description of the AP On the floor plan click on the location where you want to place the AP You must click in a coverage area 3WXM removes the AP from the Objects to Place list and places an icon for it on the floor plan In RF Planning navigate to the floor plan 2 In the Task List panel click Tools 3 In the Coverage Area task group under Wiring Closet Misc click the ay Insert Third Party AP icon On the floor plan click where you want the third party access point to be placed The Create Third Party AP wizard appears 132 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 10 11 Create Third Party AP AP Ident
185. S DOS Windows Windows XP and Windows NT are registered trademarks of Microsoft Corporation All other company and product names may be trademarks of the respective companies with which they are associated ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally friendly in all operations To uphold our policy we are committed to Establishing environmental performance standards that comply with national legislation and regulations Conserving energy materials and natural resources in all operations Reducing the waste generated by all operations Ensuring that all waste conforms to recognized environmental standards Maximizing the recyclable and reusable content of all products Ensuring that all products can be recycled reused and disposed of safely Ensuring that all products are labelled according to recognized environmental standards Improving our environmental record on a continual basis End of Life Statement 3Com processes allow for the recovery reclamation and safe disposal of all end of life electronic components Regulated Materials Statement 3Com products do not contain any hazardous or ozone depleting material Environmental Statement about the Documentation The documentation for this product is printed on paper that comes from sustainable managed forests it is fully biodegradable and recyclable and is completely chlorine free The varnish is environmentally friendly and the inks are
186. Select the access type from the Access Type drop down list read notify An SNMP management application using the string can get object values on the switch but cannot set them The switch can use the string to send notifications Setting Up a Switch 169 notify only The switch can use the string to send notifications read write notify An SNMP management application using the string can get and set object values on the switch The switch can use the string to send notifications i Click Next 6 Configure VLANs VLANs that already exist such as the default VLAN are listed You can modify existing VLANs and create new ones To create a VLAN a Click Create The Create VLAN wizard appears b See Viewing and Configuring VLANs on page 206 c When you are finished configuring VLANs click Next and go to step 7 7 Configure RADIUS servers and server groups RADIUS servers that are already configured are listed You can modify existing servers and groups and create new ones To create a RADIUS server and place it in a group a Click Create The Create RADIUS Server wizard appears b See Viewing and Configuring RADIUS Settings on page 298 c When you are finished configuring RADIUS settings click Next and go to step 8 8 Configure wireless services Wireless services that are already configured are listed You can modify existing services and create new ones To create a wireless service a Click Cr
187. Session statistics have been collected and will be transmitted to the new location a Web_authing User is being authenticated by WebAAA a Wired User is being authenticated using an 802 11 protocol on a wired authentication port a Clearing User session is being terminated a Invalid Usually indicates the session is being terminated and session information is no longer available System IP address of the WX switch that was attempting to authenticate the client Note The system IP address is listed even if the switch was using a RADIUS server to authenticate the client SSID the client was requesting Using the Client Monitor View 425 Table 43 Activity Details for Authorization Successful continued Column Description User Access Type Authentication type that granted access DOT1X MAC LAST RESORT WEB Table 44 Activity Details for Client Cleared Column Description User Name Username of the client MAC Address MAC address of the client SSID SSID the client was associated with Session ID ID used by 3Com equipment to track the session within Client IP Address Client Location Table 45 Activity Detai Column he Mobility Domain IP address of the client Mobility Domain WX switch MAP and radio that were dealing with the client s for Disassociation Description User Name MAC Address Client VLAN Name Auth Protocol Type Client Location Session
188. Survey a 7 D gt Import Points gt Import Measurement D Optimize gt Report sites RF Planning miesie Gro Braves A A W N v E Toos OO OOOO E When you place an LOS point onto the floor plan the icon disappears from the Organizer Panel To create LOS points in 3WXM Display the floor plan in the Content panel In the Task List panel click Tools Under Site Survey click the 4 icon On the floor plan click on the location for the LOS The Create AP Placement Point wizard appears 104 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Create AP Placement Point AP Identifier Enter a unique name For the AP Losi Updated Name value L051 Next gt Finish Cancel l 5 In the Name box type a name for the LOS point and click Next 6 In the AP Model listbox select the type or model of AP you plan to use for the portable AP If the model is not listed select AP Dual Radio for a dual radio AP or AP Single Radio for a single radio AP 7 In the Radio Type listbox select the 802 11 radio type The radio types that are available depend on the AP model or type you selected 8 Click Next The radio configuration page appears 10 11 12 13 Specifying the RF Characteristics of a Floor 105 Create AP Placement Point 802 11g Radio Configure the 802 119 radio Number 1 Channel Number Transmit Power dBm Bs MAC Address
189. T4_1_0 Alphawx1 wx4400 DAP13 MAP Empty Radiol Refreshed at Fri Dec 02 20 10 51 PST 2005 Each row represents a session with a 3Com radio When a client roams from one radio to another the session on the radio the client is leaving is closed and a new session is opened on the radio to which the client is roaming 434 CHAPTER 16 MONITORING THE NETWORK Managing the Client Watch List Sessions in the location history are sorted from newest to oldest with the oldest session at the bottom of the list and the newest session at the top Table 52 lists the information displayed on the tab Table 52 Location History Columns Column Description Start Time Date and time when the session with this radio began The date and time are based on the system date and time of the WX switch that is managing the radio with which the client is associated Location Name of the radio with which the client associated at the start time listed in the Start Time column You can add clients to a watch list The watch list allows you to monitor client roaming history and network performance 3WXM monitors the clients on the watch list by MAC address Adding a Client to the Watch List You can add a client to the watch list using either of the following methods a On the Client Session tab select the client then click fa on the Client Monitor window s toolbar a Use the Find Client dialog box to find the client s information then
190. TION AND ACCOUNTING PARAMETERS Viewing and Configuring MAC Network Access Rules Viewing MAC Network Access Rules Creating a MAC Network Access Rule A W N 1 MAC network access rules allow users onto the network by authenticating their MAC addresses instead of their user names During log on if the username does not match an 802 1X authentication rule but the MAC address of the user s NIC or Voice over IP VoIP phone and the SSID if wireless do match a MAC authentication rule MSS checks the RADIUS server group or local database for matching user information If the MAC address and password if on a RADIUS server matches MSS grants access Otherwise MSS attempts the fallthru authentication type which can be Web Open Access last resort or none This section assumes that you are familiar with the AAA options in MSS For detailed information see the Configuring AAA for Network Users chapter of the Wireless LAN Switch and Controller Configuration Guide To view MAC network access rules Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select MAC Access Rules The configured MAC network access rules appear To create a MAC network access rule Access the Create MAC Network Access wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click th
191. The Manage Constraints dialog is displayed t Manage Constraints for Floor1 Manage Constraints Edit the constraints General Height of the Ceiling Feet AP Placement Height Feet 19 WX Model wx 20 x AP Connection Type Distributed Reserved Tx Power Margin dBm Allow Deletion of Locked APs Redundancy Compute Redundancy AP Connection Type Distributed w Redundancy Level 1 2 Updated Compute Redundancy Value Yes 4 To change the ceiling height specify the new height in the Height of the Ceiling box 138 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 5 10 gt 11 gt To change the height where MAPs are mounted specify the new mounting height in the AP Placement Height box To change the WX switch model select the model from the WX Model list To change the MAP connection type select the type from the AP Connection Type list a Direct MAPs are directly attached to dedicated WX switch ports a Distributed MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices a Distributed Auto MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices They receive their configuration automatically using a profile that assigns a Distributed MAP number and name to the MAP from among the unused valid MAP numbers available on the switch To change the amount of power to res
192. Tools gt 3WXM Services Setup from the toolbar in the main 3WXM window See the following figure on the next page This chapter describes how to change monitoring service preferences To change 3WXM client preferences see Changing 3WXM Preferences on page 481 To configure access contro for the 3WXM client see Restricting Access to 3WXM on page 50 492 CHAPTER B CHANGING 3WXM SERVICES PREFERENCES v 3Com Wireless LAN Switch Manager Services Setup Service Settings WX Connection Settings Monitoring Settings HTTPS Server Port 443 8 SNMP Trap Receiver Port SNMP v 1 Traps v SNMPY3 Traps Auto Config IP Subnet Matching Key Store File services_keystore Type IKS h Password eeeceeeceeccccece Access Control Allow All Users v Authorized Users Status Retrieving service contiguration OK Retrieving network plan list OK Help The 3WXM Services Setup window contains a configuration area and a message area at the bottom When you click Save to implement changes you make on one of the window s tabs the monitoring service verifies the changes If the changes are valid the service implements the changes Otherwise the service displays error messages and does not implement the changes Starting or Stopping the 3WXM Services 493 Starting or Stopping the 3WXM Services 3WXM Services is
193. Tools gt Certificate Management Select a certificate from the list Click Delete When prompted click Yes to confirm the certificate deletion or click No to cancel the deletion If you clicked Yes the certificate is deleted In the Certificate Management dialog box click Close 372 CHAPTER 12 MANAGING CERTIFICATES Distributing Certificates to WX Switches gt You can use 3WXM to distribute certificates from PKCS 12 files to one or more WX switches Although you can distribute one PKCS 12 file to many WX switches as a best practice you should install a unique certificate and key pair per WX Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Managed Devices list select the WX switches to which you want to nN OU A distribute the certificate To select more than one WX click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items In the Task List panel select Distribute Certificates Click Select PKCS12 File Navigate to the PKCS 12 file and click Select PKCS12 File In the PKCS12 Password box type the one time password used to authenticate the PKCS12 file The following characters cannot be used as part of the one time password of a PKCS 12 file quotation marks question mark ampersand amp This password must match the password used when the file was generated
194. Trace Settings AN Viewing Log Settings Changing Log Settings A WU N 1 System logs provide information about system events that you can use to monitor and troubleshoot MSS Event messages for the WX switch and its attached MAPs can be stored or sent to the following destinations a Stored in a local buffer on the WX a Displayed on the WX console port a Displayed in an active Telnet session a Sent to one or more syslog servers as specified in RFC 3164 The system log is a file in which the newest record replaces the oldest These entries are preserved in nonvolatile memory through system reboots Traces enable you to perform diagnostic routines You can set a trace with a keyword such as authentication or sm to trace activity for a particular feature such as authentication or the session manager CAUTION Setting traces can have adverse effects on system performance 3Com recommends that you use the lowest levels possible for initial trace commands and slowly increase the levels to get the data you need To view log settings Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select Log The log and trace settings appear in the Content panel To change log settings To enable logging to the local buffer on the WX select Enabled To disable the option clear Enabled In the Severity Filter list select the lowes
195. UNTING PARAMETERS gt The EAP MD5 option does not work with Microsoft wired authentication clients a PEAP Protected EAP with Microsoft Challenge Handshake Authentication Protocol Version 2 MS CHAP V2 Select this protocol for wireless clients a Uses TLS for encryption and data integrity checking a Provides MS CHAP V2 mutual authentication a Only the server side of the connection needs a certificate a Local EAP TLS EAP with TLS Provides mutual authentication integrity protected negotiation and key exchange Requires X 509 public key certificates on both sides of the connection Provides encryption and integrity checking for the connection Cannot be used with RADIUS server authentication requires user information to be in the switch s local database a Pass Through No protocol is used by the WX 3Com Mobility System Software MSS sends the EAP processing to a RADIUS server If you select PEAP the EAP Sub Protocol is MS CHAPV2 For other protocols there is no the EAP Sub Protocol to select 6 Click Next 7 Ifthe authentication rule is disabled select Enabled When a rule is disabled 3WXM does not add it to the switch s configuration Select the authentication method s in the Available RADIUS Server Groups list and click Add An authentication method specifies where the switch will look for user information to authenticate users You can select a RADIUS server group LOCAL the sw
196. URING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Configuring a RADIUS Proxy for a Client Specifying the WX Port Connected to the Third Party AP 1 To configure a RADIUS proxy for a client Access the Create RADIUS Proxy Client wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Select Third Party APs a b c Click the plus sign next to AAA d e In the Task List panel select RADIUS Proxy Client 2 Type the IP address of the third party AP 3 To change the UDP port number on which the WX switch will listen for 1 RADIUS access requests from the AP edit the number in the Authentication Port box To change the UDP port number on which the WX switch will listen for RADIUS stop accounting records from the AP edit the number in the Accounting Port box Type the key which is the shared secret configured on the RADIUS servers MSS uses the shared secret to authenticate and encrypt RADIUS communication Click Finish To specify the WX port connected to the third party AP Access the Create RADIUS Proxy Client wizard Select the Configuration tool bar option Click the plus sign next to AAA Select Third Party APs e In the Task List panel select 802 1Q Mapping Select the WX ports that are connected to the third party AP and click Add Click Finish a b In the Organizer panel click the plus sign next to the WX switch c d
197. User Group To set authorization attributes for users in the group click Next and go to step 3 Otherwise if you plan to set authorization attributes in another way such as configuring default AAA attribute values for the SSID the user will access click Finish In the VLAN Name box select or type the VLAN that the user group belongs to 1 to 16 alphanumeric characters with no spaces or tabs The WX switch will authorize the users in this group for that VLAN For more information on VLANs see Viewing and Configuring VLANs on page 206 In the attribute row you want to configure click the Attribute Value column See Table 22 on page 293 for a description of user attributes and their values Type the new attribute value in lowercase characters ACL names are case sensitive Repeat step 4 through step 5 for each attribute value you want to change 7 To add users to the group click Next 8 Select users in the Available Users list 9 Click Add to move them to the Current Users list 10 Click Finish Creating a MAC User 1 Creating and Managing Users in the Local User Database 291 To create a MAC user When creating MAC address users you configure authentication Access the Create MAC User wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to AAA d Select Local User Database e In the Task List panel
198. WX Model Filter drop down list To configure the policy to support an older version of 3WXM than is currently running select the version from the WX Version Filter drop down list 5 Click Next Select the feature areas you want to set in the policy When you apply the policy to a switch all parameter settings from all the feature areas you select are applied to the switch This includes any settings you leave at their default settings in the policy 7 Click Next In Available Devices list select the switches to which you want to apply the policy then click Add to move the switches to the Current Devices list Moving a switch to the Current Devices list does not automatically apply the policy to the switch To apply policy settings see Applying Policy Changes to Switches on page 375 Click Finish and go to Configuring Feature Settings in a Policy Configuring Feature Settings ina Policy 375 Configuring Feature Settings in a Policy To configure feature settings in a policy If you have not already done so use the procedure in Creating a Policy on page 374 to configure a policy and select the switches to which you want to apply the policy 2 In the Organizer panel select a feature area 3 Use the Content panel or wizards accessed from the Task List panel to configure settings for the feature category To find information about a feature category see Table 28 on page 376 Click Save to save the c
199. WXM 3WXM sends the configuration for that serial number If you do not know the switch s serial number you can upload the partially configured switch into 3WX M finish its configuration then deploy the completed configuration back to the switch 332 CHAPTER 9 CONFIGURING WX SWITCHES REMOTELY How Remote WX Configuration Works Drop Ship WXR100 Only The WXR100 is shipped directly to the remote office where it will be deployed The network administrator at the corporate office preconfigures the switch in a 3WXM network plan The switch configuration must have a name for the switch the model must be WXR100 and the serial number must match the switch s serial number The configuration should also include all other settings required for the deployment including MAP configuration SSIDs AAA settings and so on If enabled to do so 3WXM can give a switch another switch s configuration even though the serial number does not match However this capability is used only for replacing a failed switch with another switch of the same model in a network containing only one WX switch See Replacing a Switch and Reusing its Configuration on page 342 Someone at the remote office where the switch is delivered physically installs the switch by connecting port 1 to the network If the switch will manage a directly connected MAP the MAP needs to be physically installed and connected by an Ethernet cable to port 2 If Distribut
200. a To see historical performance data in a graph click the History tab Graphing starts when you click the tab and is based on the polling interval you selected To see details for historical data You can see historical data for the objects in the scope you selected For example if you selected a Mobility Domain as the scope you can see historical data for the Mobility Domain WX switches in the Mobility Domain or WX ports To see the objects available in the scope click the button next to Select Detail the button text depends on what scope you selected and select the object whose historical data you want to see To hide the list of objects that you can graph click Hide Object Selector This allows you to see the graph in the full width of the Statistics tab in the View panel The following figure shows the historical data in delta values for the 10 minutes between 19 10 06 and 19 20 06 If the polling interval is 60 seconds the graph is refreshed every 60 seconds but the Time axis always spans 30 minutes 454 CHAPTER 16 MONITORING THE NETWORK t Performance Ethernet Port Statistics AlphaWX1 WX4400 Show values as C Absolute Deltas G Export Absolute Current History Percent Select Detail Wireless Switch gt Hide Object Selector Graph Selected Objects Octets In Out Packets In Out Errors In Out Wireless Switch D alphawxt wx4400 19 10 06 19 12 06 19 14 06 Time Receive
201. a one minute interval You can specify from O to 60000 one minute The default is 60000 254 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Static WEP Tab All of the settings on the Static WEP tab are explained in the sections on the service profile wizards Authorization Attributes Tab The Authorization Attributes tab lists the default authorization attributes for the SSID When a user is authorized for the SSID the switch applies the default attributes to the user unless those attributes are otherwise specified For example if a default session timeout is set for the SSID and the session timeout attribute is not defined as part of the individual user or the user s group the switch assigns the SSID s default session timeout to the user Where applicable the service profile wizards allow you to specify the SSID s default VLAN but do not allow configuration of the other default attributes To change the default VLAN select it from the VLAN Name box To set other default attributes click in the value column and type the values For more information about attributes and how they are selected see the Assigning Authorization Attributes section in the Configuring AAA for Network Users chapter of the Wireless LAN Switch and Controller Configuration Guide Broadcast Settings Tab The Broadcast Settings tab lists the settings for the following broadcast control features These features help enhance throughput for clie
202. ackup Restore Configure settings for backing up the database used by 3WXM Services as well as restore a previously backed up version of the database 3WXM Services Lock Management Display information about the lock placed on the network plan and or delete the lock Tool Bar Options Tool Bar Options 39 Table 8 3WXM Menu Options continued Menu Option Description Help Help Open the online help HTML version of the 3Com WXM Reference Manual You also can access the help by pressing the F1 key Licensing Open the License Information dialog box Report Problem Report a problem to 3Com Technical Support About 3WXM About 3WXM 3WXM version information Memory usage a Java garbage collection Force GC Table 9 lists the options available from the tool bar of the main 3WXM window Click on an option to open the data or tabs for that option Some tool bar options fill the Content panel Others fill the entire window area under the tool bar The larger icons provide access to 3WXM features The smaller icons underneath the Back and Forward icons apply to the 3WXM application itself Table 9 3WXM Tool Bar Options Option Description Back Page back through the previously selected tool bar options or Organizer panel tree selections Forward Page forward through previously selected tool bar options Policies Display the tree of configured policies in the Organizer panel
203. acle Dialog box on page 96 To create RF obstacles for an area in a drawing Diagonally drag the cursor over the area where you want to create RF obstacles Right click and select Create RF Obstacle The Create RF Obstacle dialog box appears Go to To use the Create RF Obstacle Dialog box on page 96 To create RF obstacles for multiple selected objects in a drawing Click an object on the floor 2 Press Shift while clicking on additional objects 3 Right click and select Create RF Obstacle The Create RF Obstacle dialog box appears Go to To use the Create RF Obstacle Dialog box on page 96 96 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM To create RF obstacles by grouping objects You can group several objects in a drawing to specify them as one RF obstacle For example if a wall consists of several lines the lines can be grouped If you subsequently ungroup the objects the RF obstacle information is removed Select an object on the floor 2 Press Shift while clicking additional objects 3 Click the Tak group objects icon on the toolbar The grouped objects now appear as one object group Right click and select Create RF Obstacle The Create RF Obstacle dialog box appears See To use the Create RF Obstacle Dialog box To use the Create RF Obstacle Dialog box The Create RF Obstacle dialog box is shown in Figure 4 Figure 4 Create RF Obstacle Dialog Box t Create RF Obstacle RF Obstacl
204. ad of the Move button to place the ports in the VLAN For a port to be a member of more than one VLAN the port must be tagged By default ports are untagged When you enable tagging the default tag value is the same as the VLAN ID Click Next Edit the IP address to match the address of the gateway router for the default VLAN s IP interface Click Next To place the switch in a Mobility Domain select the Mobility Domain from the Mobility Domain drop down list The Mobility Domain must already be created See Defining a Mobility Domain on page 60 If you still need to create the Mobility Domain finish creating the switch then create the Mobility Domain Select the switch in the Organizer panel to display its basic settings in the Content panel and select the Mobility Domain from the Mobility Domain drop down list To place the switch in a wiring closet select the closet from the Wiring Closet drop down list The wiring closet must already be created on a floor plan If you still need to create the wiring closet finish creating the switch then create the wiring closet The Create Wiring Closet wizard in RF Planning enables you to create a wiring closet and add the switch to it See Creating a Wiring Closet on page 111 If you do not select the switch when you configure the wiring closet select the switch in the Organizer panel to display its basic settings in the Content panel and select the wiring closet
205. ading a WX Switch into the Network Plan 1 Select the Configuration tool bar option 2 In the Task List panel select Upload Wireless Switch 3 In the IP Address box type the IP address for the WX switch 4 In the Enable Password box type the enable password for the WX switch This password must match the enable password that was defined using the CLI command set enablepass For more information see the Wireless LAN Switch and Controller Configuration Guide 5 Click Next The uploading progress is shown 6 After the Successfully uploaded device message is displayed click Next 3WXM uses its verification rules to check the switch s configuration If an item in the configuration generates an error or warning 3WXM displays the error or warning message Review the verification messages to determine whether you will need to make changes to the switch s configuration after uploading it into 3WXM 8 Click Next 10 Click Finish If 3WXM displayed error or warning messages select the Verification tool bar option and go to Verifying Configuration Changes on page 363 Converting Auto DAPs into Statically Configured APs 67 Converting Auto DAPs into Statically Configured APs Distributed MAPs that are not configured on any WX switches in the Mobility Domain can nonetheless be booted and managed by a switch if the switch has a profile for Distributed MAPs and has capacity to manage the MAP A MAP that is booted and mana
206. adio select Enabled The access point s radio must be enabled in order to be considered in channel allocation In the SSID box type the service set identifier SSID for the radio In the MAC Address box type the MAC address of the radio In the Antenna Gain list select the antenna gain for the radio If the access point has only one radio click Finish Otherwise go to step 22 Click Next The Radio A page appears Repeat step 14 through step 20 for the 802 11a radio Click Finish to save the changes To place the AP on a floor plan see Moving a Third Party AP Icon to its Floor Location on page 131 Changing the Country Code 65 Changing the Country Code The country code determines the valid radio types as well as channel numbers and power settings for MAP radios The country code is one of the parameters you set when you create a network plan If you need to change a plan s country code use the following procedure Select the Configuration tool bar option 2 In the Organizer panel select the network plan name 3 In the Task List panel select Country Code The Change Country Code wizard appears Select the country code from the drop down list Click Next 3WXM changes the country code on all the WX switches in the network plan and lists its progress as it does so Click Finish Applying the Network s RF Auto Tuning Settings to the Network Plan y y If RF Auto Tuning is running on MAP
207. adio without triggering a TCA You can specify from O to 60 decibels dB The default is 20 dB a Max clients per AP specifies the maximum number of clients that can be associated with a MAP without triggering a TCA You can specify from 5 to 50 clients The default is 30 clients a Max Receiver Adjustment specifies the maximum amount a radio s hearing sensitivity can increase without triggering a TCA You can specify from O to 20 decibels dB The default is 6 dB When a TCA is triggered the alert is displayed as a red flag in the link view of the Explore window of the Monitor tab You can click on the object for more information In addition the corresponding data column in the RF Trends window of the Monitor tab turns red 7 To enable 3WXM Services to track rogue detection and countermeasures information select Enable Rogue Detection This option is enabled by default Click Save to save the changes or Cancel to cancel the changes 9 Click another tab to configure more settings or click Close to close the 3WXM Services Setup dialog box Accessing the 3WXM Services Log You can access the 3WXM Services log through a web browser To access the 3WXM Services log type the following in the Address or Location field of your browser https ip addr The ip addr is the IP address of the machine on which the service is installed The default TCP port number is 443 To access the service from the same machine on which it is
208. age from the repository See Using the Image Repository on page 354 Distribute Applies software images to WX switches and optionally reboots the System Images switches to place the new images into effect See Distributing System Images on page 354 Export Saves the configuration of a WX switch in the network plan into a configuration file You can save the configuration in XML format See Importing and Exporting Switch Configuration Files on page 359 Import Creates a new WX switch in a network plan by copying a switch configuration configuration file stored on a server See Importing and Exporting Switch Configuration Files on page 359 Devices Tab The Devices tab allows you to manage configuration changes for WX switches in the network plan To access the Devices tab do one of the following a Select the Devices tool bar option a In the Alerts panel click on Local Changes or Network Changes The managed switches and unmanaged switches are listed separately Managed switches can be deployed to the network and can be monitored by 3WXM Services Unmanaged switches can be configured in 3WXM but cannot be deployed to the network or monitored by 3WXM Services See Enabling or Disabling Management of a Switch by 3WXM on page 357 Task List Options Devices Tab 347 The Task List panel in the Devices tab has the following pages a Change Management a Device Operations
209. aging Users in the Local User Database 293 Authorization attributes can be assigned to users in the local database or on remote servers The attributes which include access control list ACL filters VLAN membership encryption type session time out period and other session characteristics let you control how and when users access the network When a user or group is authenticated the local database or RADIUS server passes the authorization attributes to MSS to characterize the user s session Table 22 lists the user attributes and their value ranges You can specify these attributes in lowercase when using the CLI Table 22 Authentication Attributes for Local Users Attribute Description Valid Value s encryption type Type of encryption required for access by the client Clients who attempt to use an unauthorized encryption method are rejected Encryption Type is a 3Com vendor specific attribute VSA The vendor ID is 43 and the vendor type is 3 One of the following numbers that identifies an encryption algorithm 1 AES_CCM Advanced Encryption Standard using Counter with CBC MAC 2 Reserved 4 TKIP Temporal Key Integrity Protocol a 8 WEP_104 the default Wired Equivalent Privacy protocol using 104 bits of key strength a 16 WEP_4O Wired Equivalent Privacy protocol using 40 bits of key strength 32 NONE no encryption a 64 Static WEP In addition to these values you
210. an one name or partial name For example type 3wxm If you want to see only 3wxm events If you have a WX named wx7 type wx1 to see only events related to wx1 To see events related to all WX switches whose names start with wx type Wx To set the search criteria select one of the following a contains the string The filter looks for messages that contain the entire string you entered a contains all of the strings the filter looks for messages that contain all the strings you entered Select this option if you enter more than one string and want to see messages that contain all the strings a contains at least one of the strings the filter looks for messages that contain one or more of the strings you entered Select this option if you enter more than one string and want to see messages that contain any of the strings In the Message box type a word or exact phrase used in a message For example if you type vlan you see all events that contain vlan in the message Set the search criteria by selecting contains the string contains all of the strings or contains at least one of the strings In the IP Address box type an IP address or a partial IP address For example if you type 10 20 you see all events that pertain to IP addresses containing the string 10 20 Set the search criteria by selecting contains the string contains all of the strings or contains at least one of the strings 4 In the Date list select o
211. ank password is accepted 3WXM then sends the configuration to the switch including the configured non blank enable password 14 Uploading a Partially Configured Switch and Completing its Configuration with 3WXM Preconfiguring a Switch in 3WXM 341 Click Finish to save the switch configuration and close the wizard Leave 3WXM Services running with the network plan open When the switch is powered on at the remote site and the Fn switch is pressed if a WXR100 the switch contacts 3WXM Services to request a configuration Even if you do not know the serial number of a WX switch you still can configure the switch in 3WXM When the switch contacts 3WXM for a configuration 3WXM generates a warning message such as the following No Matching configuration found for serial number serial number IP ip addr You can upload the switch into 3WXM complete its configuration then deploy the complete configuration back to the switch Select the Verification option on the 3WXM tool bar 2 Click on the warning message 3 In the Resolutions section click on Upload WX to display the Upload WX wizard The IP address is already filled in Type the Enable password if one is configured on the switch If an Enable password has not been configured yet leave the Enable Password box blank Click Finish 3WXM uploads the configuration file from the switch into the network plan The switch appears in the Equipment section of the O
212. aracters with no spaces or tabs Click Next The Port Group Selection page appears 4 To add a port to the port group select the Member checkbox for the Changing a Port Group port To remove a port from a port group clear the Member checkbox for the port To change the membership of a port that is in another port group select the Member checkbox for the port The Port Group Member Remove dialog box appears Click Yes to change the port s membership Click No to leave the membership unchanged Click Finish To change a port group 1 In the Content panel select the row for the port group Click Properties The Port Group Properties wizard appears To add a port to the port group select the Member checkbox for the port The port group name appears in the Port Group column for the port To remove a port from a port group clear the Member checkbox for the port To change the membership of a port that is in another port group select the Member checkbox for the port The Port Group Member Remove dialog box appears Click Yes to change the port s membership Click No to leave the membership unchanged Click Finish 186 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Viewing and Changing Management Settings Viewing Management Service Settings Changing Management Service Settings A W N 1 By default HTTPS is enabled on the WX allowing you to use Web Management on port 443 for a secure sessi
213. are no more rules Any authorization attributes not changed by the location policy remain active Each WX switch can have one location policy The location policy consists of a set of rules Each rule contains conditions and an action to perform if all conditions in the rule match The location policy can contain up to 150 rules To view location policy rules Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Location Policy The configured location policy rules appear 326 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Creating a Location Policy Rule 1 To create a location policy rule Access the Create Location Rule wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to AAA d Select Location Policy e In the Task List panel select Location Rule Policy 2 To match on SSID select Equal and type the SSID name in the box 3 Click Next 4 To match on user glob select one of the following a Equal Apply the location policy to all usernames matching a specified user glob In the User Glob box type the user glob for the users to which the location policy applies a Not Equal Apply the location policy to all usernames not matching a specified user glob In the User Glob box type the use
214. are essential or that are commonly customized Resizing a Display Panel Display Panels 37 Properties Dialogs To open a version of the configuration wizard that contains all the configurable settings for the object even ones that rarely need to be changed select the object in the table then click Properties You can resize a panel by clicking and dragging the panel s border or by clicking the resize icons where applicable The resize icons listed in Table 7 are supported for panels displayed by the RF Planning Configuration and Monitor tool bar options Table 7 Resize Icons Option Description Minimize the panel When the panel is minimized the panel title is displayed as a tab Place the cursor over the tab to temporarily maximize the panel The panel is maximized only until you move the cursor away from the panel To make the panel stay maximized click on the maximize icon This option is supported on the Organizer and Task List panels Maximize the panel This option makes the panel remain maximized even when you move the cursor away This option is supported on the Organizer and Task List panels Maximize the Content panel The panel fills the entire display area and minimizes the Organizer and Task List panels This option applies only to the Content panel Restore the Content panel The Organizer and Task List panels are maximized and the Content panel is restored to its former size betwee
215. are not on the floor itself you can extend the drawing beyond the exterior walls by moving the origin farther up and left To adjust the origin point Access the floor plan in the Edit Content page Drag and drop the crosshairs icon to the new location The following example shows a floor plan with an origin point in the upper left corner of the drawing Origin point Tapen ARB mm JC tent Importing or Drawing Floor Details 87 In this example the origin point has been moved to an interior shaft New location of origin point O ele g 4 0 Pla LJ File Tools Help e 2 ak Q 6 11 Back Forward Policies RF Planning Configuration Devices Monitor Rogue Detection verification Events BRAX AQABA MEA CERNE WRAL ger SS e Building1 gt Floor P Jor Level 1 EA ie ses tam MANOT pice gt Clear Content am ae lel Lig tt me 2 gt Coverage Areas ata E J J i J z 2 ee A k5 ij Sites RF Planning O E Objects to Place Floor Hives R A Eros o E Working with Layers Most drawings contain multiple layers of information 3WXM allows you to hide add and delete individual layers You also can add and remove objects and move objects from one layer to another For RF planni
216. area supports more than one radio technology you also need to select the technology The choices available depend on the wireless technology you chose for the coverage area This example shows the 802 11b coverage for an area e 2 amp Y E Q 8 Back Forward Policies RF Planning Configuration Devices Monitor Rogue Detection Verification BEQ 2S BL Fe AMI al BB Bz showRF coverage using Baseline Association Rate v Coverage Areas x RF Planning R Floort Level 1 OQrcover D gt Import Floor Layout OBZa gt Clean Layout D Create RF Obstacles gt Compute and Place gt Assign Channels gt Compute Optimal Power a a D gt Work Order Report CoverG CoverA Site Survey amp D gt Import Points gt Import Measurement D Optimize P Report sites O RF Planning Broor E Objects to place i Coverage Areas le EE p E toos o l 3 To see the RF coverage area for a specific MAP or radio right click the MAP or radio and select one of the following a Display RF Coverage gt 802 11a a Display RF Coverage gt 802 11b a Display RF Coverage gt 802 11g The choices available depend on the wireless technology you chose for the coverage area The following example shows RF coverage provided by a specific MAP s 802 11a radio Computing MAP Placement 143 u 3Com Wireless LAN Switch Manager 4 1 0 Plan RTFM eR File Tools Help Qo A e
217. asis a Data Rate Coverage is shown in colored bands that represent each of the data transmit rates supported by the radio These rates are standard for each radio type a RSSI Coverage is shown based on the received signal strength indication RSSI of the radio s signal heard by other radios If you need to make adjustments do the following Move the MAPs or increase the transmit power levels to provide better coverage 2 Create more MAPs and place them on the floor 3 Modify the coverage area so that the capacity requirements are higher gt gt Placing RF Measurement Points If you manually add MAPS to a coverage area they might be moved or removed when you next perform Compute and Place If you have already installed a MAP in the network and you want to add it to the coverage area see Adding New MAPs that Are Already Installed to the Network Plan on page 480 An RF measurement point on the floor plan simulates the measurement of signal strength from all MAPs at a specific position on the floor Placing RF measurement points is optional RF measurement points are helpful for verifying the wireless network You can place as many RF measurement points as you want You can place them anywhere and move them later Information from RF measurement points is included in a floor s work order To place an RF measurement point Display the floor plan in the Content panel 2 In the Task List panel click Tools
218. at MSS has detected a wireless packet with the source MAC address of a 3Com MAP but without the spoofed MAP s signature fingerprint RFDetectSpoofedSSIDAP Indicates that MSS has detected beacon frames for a valid SSID but sent by a rogue AP RFDetectDoS Indicates that MSS has detected a DoS attack other than an associate request flood reassociate request flood or disassociate request flood RFDetectDoSPort Indicates that MSS has detected an associate request flood reassociate request flood or disassociate request flood RFDetectClientVARogueWiredAP Indicates that MSS has detected on the wired part of the network the MAC address of a wireless client associated with a third party AP To use countermeasures they must be enabled You can enable them on an individual radio profile basis See Viewing and Configuring Radio Profiles on page 263 RF Detection requires the Mobility Domain to be completely up If a Mobility Domain is not fully operational not all members are up no new RF Detection data is processed Existing RF Detection information ages out normally Processing of RF Detection data is resumed only when all members of the Mobility Domain are up If a seed switch in the Mobility Domain cannot resume full operation you can restore the Mobility Domain to full operation and therefore resume RF Detection data processing by removing the inoperative switch from the member list on the seed 460 CHAPTER 17
219. ata 378 Reviewing Event Details 378 Filtering Event Messages 378 Using Predefined Event Filters 378 Filtering Events by Content 379 Filtering Events by Severity 381 Filtering Events by Facility 381 Creating and Saving Filters 382 Deleting Filters 382 Exporting Filtered Data 382 GENERATING REPORTS Overview 384 Generating an Inventory Report 385 Generating a Mobility Domain Configuration Report 386 Generating a WX Configuration Report 387 Generating a Client Summary Report 388 Generating a Client Details Report 389 Generating a Client Errors Report 391 Generating a Watch List Client Report 392 Generating a Network Usage Report 393 Generating an RF Summary Report 394 Generating a Radio Details Report 395 Generating a Rogue Details Report 396 Generating a Rogue Summary Report 397 16 17 Generating a Site Survey Order 398 Generating a Work Order 399 MONITORING THE NETWORK Overview 401 Requirements for Monitoring 402 Accessing Monitored Data 402 Using the Explore Window 403 Toolbar Options 405 Threshold Flags 407 Displaying Object Details 410 Displaying 802 11 Coverage 410 Taking RF Measurements 412 Using the Status Summary View 414 Using the Client Monitor View 415 Toolbar Options 415 Refreshing Client Data 416 Displaying Client Activity Information 416 Displaying Client Session Information 427 Managing the Client Watch List 434 Displaying a Client s Geographical Location 439 Terminating a Client s Session 441 U
220. ation of RF obstacles that are already in the plan In addition this step adds any new obstacles detected during the survey See Applying the RF Measurements to the Floor Plan on page 110 In 3WXM define wireless coverage areas See Defining Wireless Coverage Areas on page 110 100 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Site Survey Recommendations This manual does not describe how to use the site survey application For this information consult the Ekahau site survey documentation When conducting the survey use the following best practices for optimal results a Verify that the scale of the floor plan is correct before generating a work order If you use a drawing of the floor that is from another source make sure the scale of the drawing is correct a Use an AP with an omnidirectional antenna instead of a directional antenna a Run the AP at full power in each location a Make sure you use a unique MAC address at each of the portable AP s locations If you accidentally use the same MAC address for multiple locations the RF measurement data will be inaccurate a While conducting the survey a Walk slowly and evenly and click at each turn a Walk completely around the area you are surveying completing a 360 degree scan of the area Avoid placing your body between the AP and the laptop PC Your body adds attenuation Adding LOS Points Line of sight LOS points are the locations for th
221. ation see the Configuring Network Domains chapter of the Wireless LAN Switch and Controller Configuration Guide 68 CHAPTER 4 WORKING WITH NETWORK PLANS A W N ul To simplify configuration 3WXM assumes that the extent of the Network Domain is the same as extent of the entire network plan 3WXM also automatically sets the seed affinities on each switch as described in Table 11 Table 11 Affinities for Network Domain Seeds Affinity Value Assigned To 10 The switch itself if it is a Network Domain seed 8 Another switch in the same Mobility Domain if that switch is both a Network Domain seed and the seed switch for the Mobility Domain the two switches are in 5 All switches that do not fit either of the descriptions above 3Com recommends that you allow 3WXM to automatically assign affinity values instead of using the CLI to manually set them Even if you do use the CLI to set them 3WXM does not replace the affinity values it automatically sets with values set on individual switches Thus if you accept network changes that include Network Domain affinity changes 3WXM ignores the affinity changes and overrides them with auto computed values As a result 3WXM might generate local changes Select the Configuration tool bar option In the Organizer panel select the network plan name In the Task List panel select Network Domain In the Network Domain Name box type the name for the Network Domain 1 t
222. ation Devices Rogue Detection Verification Events Back BRAS Pres p gt eea RNB Filtered List 194 Current Details Interfering 00 0b 0e 00 c 1 41 MAC SSID 00 0b 0e 00 a 00 0b 0e 03 6 ES it Status Listeners 00 0b 0e 02 c pa si 6 00 0b 0e 10 c n lA Not Detected First rack50 11b 00 0b 0e 00 c sat Thu Dec 01 11 22 45 PST 2005 Not Detected rack50 eap tls 11b 00 0b 0e 0f 82 zF Thu Dec 01 11 22 45 PST 2005 Detected 00 0b 0e 00 a ea 126 Not Detected rack50 eap tls 11b 00 0b 0e 08 dF w 1271 Detected rack50 static40 11b Current Current Hour Current Day History Activity Log 00 0b 0e 30 7 aad 5i Not Detected rack50 mx2 11b 00 0b 0e 0a 2 a Thu Dec 01 11 51 34 PST 2005 Detected 00 0b 0e 14 F7 ca 00 0b 0e 0a 3 a Listeners 00 0F cb c2 01 vee AP Floor poste Des Octet V map TechPub 3comCorp Buildin EREE Q MikesOffice 3ComCorp Buildin 0 000 19 8 DAP SQALab A G f 3ComCorp Buildin E 3ComCorp Buildin E 3ComCorp Buildin 3ComCorp Buildin 00 0b 0e 08 df 00 0b 0e 0f 6c 00 0b 0e 10 a 00 0b 0e 30 8 00 0b 0e 02 c The Rogue Detection screen lists information about the rogue devices detected in the network The rogue list section lists all rogues detected within the time period specified in the filter section To display
223. ble a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs 2 In the Content panel select the VLAN 3 In the Task List panel select Configure VLAN Members 4 To add a port or port group to the VLAN and remove previous VLAN membership select the port or port group and click Move To make multiple selections press Shift for contiguous items or Control for noncontiguous items while clicking items Only ports configured as network ports are listed You cannot add MAPs Distributed MAPs or wired authentication ports to a VLAN To add a port or port group to the VLAN and retain previous VLAN membership select the port or port group and click Add CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS 6 To tag a port or port group select the Tag checkbox gt Changing VLAN Spanning Tree Settings VW If you specify a tag value 3Com recommends that you use the same value as the VLAN number 3Com switches do not require the VLAN number and tag value to be the same but some other vendors devices do To change a tag value change the number in the Tag Value field By default a port or port group s tag value is the same as the VLAN ID Click OK The purpose of the Spanning Tree Protocol STP is to maintain a loop free network A loop free path is accomplished when a device recognizes a loop in the topology and blo
224. bytes at which the long retry count is applicable instead of the short retry count The default is 2 346 bytes a Max Tx MSDU Lifetime Maximum amount of time from 500 ms to 250 000 ms 250 seconds the MAP can hold an outbound frame in buffer storage The default value is 2 000 ms 2 seconds a Max Rx MSDU Lifetime Maximum amount of time from 500 ms to 250 000 ms 250 seconds the MAP can hold an inbound frame in buffer storage The default is 2000 ms 2 seconds a RTS Threshold Minimum length 256 to 3000 bytes a frame can be for the MAP to use the Request To Send Clear To Send RTS CTS method to send the frame Frames smaller than the RTS threshold are not sent using the RTS CTS method The default is 2346 bytes a Enable Long Preambles Enables advertisement of long preambles for 802 11b g radios This option is enabled by default This option applies only to 802 11b g radios Viewing and Configuring Radio Profiles 267 Auto Tune Tab The Auto Tune tab lists settings for RF Auto Tuning a Tune Channel Automatically configures and tunes the channel This feature is enabled by default RF Auto Tuning of channels on 802 1 1a radios uses only the bottom eight channels in the band 36 40 44 48 52 56 60 and 64 To use a higher channel number you must disable RF Auto Tuning of channels on the radio profile the radio is in and statically configure the channel Tune Transmit Power Automatically configures an
225. came from a site survey file they are measurements between the portable AP LOS point and the PC running the site survey tool If the measurements came from MAP radios in the network they are measurements between MAP radios The Total number of objects that will be corrected line indicates the number of measurements that did experience attenuation For existing RF objects 3WXM corrects the attenuation to match the results If the floor plan does not have an RF obstacle where the attenuation library indicates one exists 3WXM creates an RF obstacle For RF obstacles created by 3WXM the description is auto generated and the obstacle type is Other You can edit these values by selecting the obstacle clicking the Edit properties icon to open the Modify RF Obstacle wizard and modifying the values Click OK to close the wizard and save the changes See To use the Create RF Obstacle Dialog box on page 96 The wizard is the same whether it is labeled Create or Modify 2 Click Finish Defining Wireless Coverage Areas You must define which areas of your enterprise require wireless network coverage In 3WXM you plan for both coverage and capacity requirements in a particular area on the floor Capacity requirements are determined by the number of users in the area and the amount of wireless network bandwidth desired for every user The floor of a building can contain multiple coverage areas if several groups of users on the floor
226. cated WX switch ports a Distributed MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices Distributed Auto MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices They receive their configuration automatically using a profile that assigns a Distributed MAP number and name to the MAP from among the unused valid MAP numbers available on the switch The profile also configures the MAP with the MAP and radio parameter settings in the profile To allow locked MAP access points to be deleted when the Compute and Place function determines that they are no longer required select Allow Deletion of Locked MAPs A locked MAP is a MAP that is already associated with the coverage area For example if you computed and placed MAPs in this coverage area on a previous occasion and you are now optimizing the plan the MAPs are still associated with the coverage area To change the amount of power to reserve when calculating optimal power type or select the number of dBm in the Reserved Tx Power Margin listbox This is the number of dBm below the maximum power setting that you want 3WXM to reserve in case the power needs to be increased later Under the Redundancy tab you can do the following To plan for redundant MAP connections to WX switches select Compute Redundancy 130 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM To use the same WX switch for redundant connections select Use t
227. cation History tabs These are the same tabs displayed at the bottom of the Client Sessions tab For descriptions of the data they display see Displaying Client Session Information on page 427 Trend Session Stats Displays operational rate SNR and RSSI trend data You can display trend data for periods covering the most recent one hour 24 hours 7 days or 30 days The data is also shown in a graph Trend Lifetime AP Stats Shows byte and packet statistics for the client s roaming history If the client has roamed statistics for each session are combined For column descriptions see Table 57 on page 448 Activity Log Shows the activity messages accumulated for the client For descriptions of the message data see Displaying Client Activity Information on page 416 Here is an example of session trend data shown for a client i E Client Monitor AE AlphaNET4_1_0 Equipment E 3ComAir E Alphawx1 wx4400 DAP 12 MikesOffice DAP13 MAP Empty DAP 14 MAP S Empty DAP1S MAP Cafe Ext DAP16 DAP16 E Alphawx2 wx1200 Alphawx 3 wx 1200 AlphawxS WXR100 Alphawx4 wx1200 Sites Alerts e Qils gt ERE Client Activity Client Sessions f Client Watch List Total 1 Username IP Address MAC Address Location SNR RSSI dBm 3ComAir mike 192 168 12 196 00 0b 7d 25 fb 53 AlphaNET4_1_0 Alph Client Details 3ComAirimike Session Trend Sess
228. cess 319 Creating an Access Rule for Telnet or SSH Access 320 10 Viewing and Configuring AAA Support for Third Party AP Users 322 Viewing Settings for Third Party AP AAA Support 322 Creating a Proxy Access Rule 322 Configuring a RADIUS Proxy fora Client 324 Specifying the WX Port Connected to the Third Party AP 324 Viewing and Changing Location Policy Rules 325 Viewing Location Policy Rules 325 Creating a Location Policy Rule 326 Viewing and Changing Mobility Profiles 328 Viewing Mobility Profiles 328 Creating a Mobility Profile 328 CONFIGURING WX SWITCHES REMOTELY How Remote WX Configuration Works 332 Drop Ship WXR100 Only 332 Staged WX 334 3WXM Requirements 335 Staging a WX Switch for Configuration by 3WXM 336 Example 1 Deployment Site Has DHCP and Local DNS 336 Example 2 Deployment Site Has No DHCP and No DNS 337 Example 3 Deployment Site Has DNS But No DHCP 338 Example 4 Deployment Site Has DHCP But Local DNS Domain Differs From Corporate DNS Domain 339 Preconfiguring a Switch in 3WXM 340 Uploading a Partially Configured Switch and Completing its Configuration with 3WXM 341 Replacing a Switch and Reusing its Configuration 342 Requirements 342 How Switch Replacement Works 343 Enabling Replacement of Remote Switches 343 Replacing a Switch 344 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS WX File Management Options 345 Devices Tab 346 Task List Options 347 Toolbar Options 350 11 12 Synchronizi
229. ch c Click the plus sign next to System d Select IP Services e In the Task List panel select DNS Server Type the server address in the IP Address box 5 Select whether the server is primary or secondary You can designate only one DNS server as the primary DNS server All other DNS servers are secondary servers Click OK You can configure a WX switch to use the Network Time Protocol NTP to automatically set the system date and time NTP polls network time servers at regular intervals and synchronizes the system date and time with the servers By default NTP is not enabled You can specify up to three NTP servers If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes convergence of the WX time can take many NTP update intervals 3Com recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence 1 Under NTP in the Content panel select Enabled To change the interval at which an NTP server is polled specify its value in seconds 16 to 1024 in the Update Interval box The default is 64 seconds Access the Create NTP Server wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select IP Services e In the Task List panel select NTP Server Type the server address in the IP Address box
230. ch s notification target see Configuring a Notification Target on page 191 To enable 3WXM to reuse a switch configuration to replace an old switch with a new one select Auto Config IP Subnet Matching 498 CHAPTER B CHANGING 3WXM SERVICES PREFERENCES 10 11 For more information about this option see Replacing a Switch and Reusing its Configuration on page 342 To change the name of the key store file that contains the encryption keys the 3WXM Services uses for authentication with 3WXM edit the name in the File box The default name is services_keystore To change the password that protects access to the key store file edit the value in the Password box To specify the file type for the key store file select one of the following a PKCS12 Public Key Cryptography Standard number 12 the standard format used by Unix machines a JKS Java Key Store a format used by Java platforms and applications To restrict access to 3WXM Services to specific users Restricting Access to 3WXM on page 50 Click another tab to configure more settings or click Close to close the 3WXM Services Setup dialog box Changing WX Connection Settings The WX connection settings control the timeout and retries for connections with monitored WX switches and the types of certificates the service will accept from the WX switches Select Tools gt 3WXM Services Setup The 3WXM Services Setup dialog box appears
231. cies RF Planning Configuration Devices Monitor Rogue Detection Verification Events BEQ AEEA BR ICHHES WAR Layers v 0 CURB DEMO E WALL EX WALL GRID INT P LINE RF EXT_DOORS RF INTERIOR_GLASS RF SHELL RF SHIPPINGDOORS RF WALLS RF WINDOWS RM NAME SHELL SJK s s Estes Show Coverage Areas Save Discard RF Planning a gt Import Floor Layout D gt Clean Layout D gt Create RF Obstacles gt Compute and Place gt Work Order Report Site Survey a Import Points gt Import Measurement D Optimize D Report A RF Planning Bobjectstorlace Bers IE Cleaning Up a Drawing Importing or Drawing Floor Details 89 Adding or removing a layer To add a new layer to a drawing do the following Right click the list of layers in the Organizer panel Select Add Layer from the menu that is displayed 3WXM adds the new layer to the list and highlights its name so you can edit it Edit the name Moving an object from one layer to another To move an object from one drawing layer to another In the drawing select the object s Click a on the toolbar The Layer Assignment dialog box appears v Layer Assignment Move objects to the selected layer RF WALLS Cl
232. cility select Facility Mapping Some syslog servers require the facility to be set to a standard local facility name In the Map to Local Facility List select the local facility Local O to Local 7 that all the facilities are mapped to The default value is Local O Click Finish Creating a Trace Area Access the Create Trace Area wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select Log e In the Task List panel select Trace Area In the Area box type the name of the trace type you want to activate For a list of valid trace types access the CLI and enter the following command trace Viewing and Configuring IP Services Settings 201 Optionally in the Level box specify the amount of information included in the trace output 0 to 10 O provides the minimum amount of information and 10 proves the maximum amount of information The default is 5 Optionally in the User Name box type the username to trace Specify a username no longer than 60 alphanumeric characters that contains no spaces or tab characters Optionally in the MAC Address box type the MAC address to trace Specify a MAC address using colons to separate the octets for example 00 11 22 aa bb cc 6 Optionally in the Port Name box type the port number to trace Click Finish Viewing and Configuring IP Services Settings
233. city planning for voice CoverA Plan for Voice over IP Select the oversubscription ratio that best describes the average transmit behavior of the handsets in your network CoverG Plan for Voice over IP V Active Call Bandwidth Kb s Active Handsets per AP Expected Handset Count 50 Handset Oversubscription Ratio 4 1 w Select the oversubscription ratio that best describes the average transmit behavior of the handsets in your network Updated Plan For Voice over IP Value Yes lt Previous Next gt j Finish Cancel Configuring Capacity Calculation for Voice 3WXM can perform multiple calculations for MAP placement One is based on coverage only Another is based on capacity for voice over IP service using the capacity for voice parameters 3WXM compares the results of the calculations and selects the calculation that results in more MAPS To calculate MAP placement and configuration based on both coverage and on capacity for voice over IP enable Use Capacity Calculation for Voice Otherwise click Next By default 3WXM performs only the coverage calculation If you enable the Use Capacity Calculation for Voice option 3WXM performs both calculations In the Active Call Bandwidth list specify the amount of bandwidth in kilobits per second Kbps that you expect for each call 124 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 3 4 In th
234. ck Next Select the encryption algorithms to use a AES CCMP Usually used with RSN WPAZ2 a TKIP Usually used with WPA a WEP 104 Used with dynamic WEP a WEP 40 Used with dynamic WEP Click Next If you selected Static WEP in step 7 specify WEP keys Otherwise click Next and go to step 15 a For each key up to four type the key value in the corresponding key box a By default data in unicast and multicast packets are encrypted using WEP key 1 To use another key for either type of packet select the key number in the WEP Unicast Key Index or WEP Multicast Key Index box Click Next Select or type the name of the VLAN to place clients in Clients are placed in this VLAN regardless of any other VLAN assignment For example if the VLAN Name attribute assigns the user to another VLAN the switch nonetheless places the user in the VLAN you specify here 16 17 18 19 Viewing and Configuring Wireless Services 249 Click Next The ACEs ACL rules that 3WXM will configure for the Web Portal service are listed The ACEs are required to allow DHCP traffic while blocking all other traffic while a user is being authenticated These ACEs are used only during authentication After the user is authenticated the ACEs are not used If you need to add ACEs use the following procedure Otherwise go to step 17 a Click Next b To add an ACE click Add Rule 3WXM adds an ACE to the end of the list The ACE matche
235. cks one or more redundant paths Mobility System Software MSS supports 802 1D and Per VLAN Spanning Tree protocol PVST a MSS uses 802 1D bridge protocol data units BPDUs on VLAN ports that are untagged However each VLAN still runs its own instance of STP even if two or more VLANs contain untagged ports To run a single instance of STP in 802 1D mode on the entire switch configure all network ports as untagged members of the same VLAN a MSS uses PVST BPDUs on VLAN ports that are tagged PVST BPDUs include tag information in the 802 1Q field of the BPDUs MSS runs a separate instance of PVST on each tagged VLAN When you create a VLAN STP is disabled on the new VLAN by default regardless of the STP state of other VLANs on the WX switch The IEEE 802 1D spanning tree specifications refer to networking devices that forward Layer 2 traffic as bridges In this context a WX switch is a bridge Where this manual or the product interface uses the term bridge you can assume the term is applicable to the WX switch To change a VLAN s STP settings Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs Viewing and Configuring VLANs 211 2 In the Content panel select the VLAN u A WwW N In the Task List panel select Configure Spanning Tree This wizard configures STP features for a
236. col configuring 187 software requirements for installation 23 Spanning Tree Protocol See STP Spanning Tree Protocol SSH enabling 186 starting monitoring service 493 static multicast ports configuring 215 static routes configuring 202 STP Spanning Tree Protocol backbone fast convergence 213 configuring 210 port fast convergence 212 uplink fast convergence 213 summertime configuring 172 syslog server setting up 198 200 system image files adding 354 deleting 354 image repository 354 managing 345 system images distributing 354 system information configuring 173 system logs managing 198 T tag type 209 Telnet configuring 186 time zone configuring 172 traces caution about levels 198 running 198 tracing configuring 198 200 traffic ports used by Mobility Domains 62 troubleshooting MSS debugging via trace 198 MSS logging 198 tunnel affinity 218 U uplink fast convergence 213 user attributes 293 user groups creating 290 292 users adding to watch list 437 creating 289 finding 434 V verification channel assignments 144 virtual ports mapping an ACL to 228 VLAN Name attribute reassigning with the location policy 325 VLANs virtual LANs adding ports to 209 configuring DHCP server 219 IGMP 214 static multicast ports 215 STP fast convergence 213 creating 207 definition 206 mapping ACLs to 228 roaming 207 tagging 209 tunnel affinity 218 users 206 W warning resolving 364
237. copying its configuration from a live switch in the network See Adding a Switch by Uploading its Configuration from the Network on page 163 View Lists the tasks performed using the Devices Operation tab Log See Viewing the Operation Log on page 358 Cancel Cancels a scheduled task such as an image Scheduled deployment Operation See Canceling a Scheduled Operation on page 358 Device Images Image Install the selected MSS image onto WX Operations Install switches See Distributing System Images on page 354 Schedule Schedule installation of the selected MSS Install image onto WX switches in the future See Distributing System Images on page 355 Image Opens the Image Repository dialog box Repository which allows you to add or remove MSS images in the repository See Using the Image Repository on page 354 Table 24 Devices Tasks continued Task Option Group Device Operations cont Devices Tab 349 Task Task Description Actions Reboot Reboot a WX switch and the MAPs it is WX and managing APS See Rebooting WX Switches or MAP Access Points on page 356 Reboot Reboot MAPs APS See Rebooting WX Switches or MAP Access Points on page 356 Manage Enable 3WXM management of WX switches Denice See Enabling or Disabling Management of a Switch by 3WXM on page 357 Unmanage Disable 3WXM management of WX switches DEVICE See Enab
238. ct the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Admin Access Rules The configured administrative access rules appear Creating an Access Rule for Console Access 1 Viewing and Configuring WX Administrator Access Rules 319 To create an access rule for console access Access the Create Console Admin User wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch a b c Click the plus sign next to AAA d Select Admin Access Rules e In the Task List panel select Console Access 2 Type the userglob that is allowed to access the switch through the console port Click Next 4 lf the authentication rule is disabled select Enabled When a rule is disabled 3WXM does not add it to the switch s configuration Select the authentication method s in the Available RADIUS Server Groups list and click Add An authentication method specifies where the switch will look for user information to authenticate users You can select a RADIUS server group LOCAL the switch s local user database or both MSS tries the methods in the order they appear in the Current RADIUS Server Groups list To reorder the methods select a method and click Up or Down a f you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server no authenticat
239. ction over other WX connections to a single MAP for booting configuration and data transfer You can set a Distributed MAP s bias to be low or high A configuration with a high bias has priority over a configuration for the same MAP with low bias The default is High If the bias for all connections is the same the MAP selects the switch that has the greatest capacity to add more active MAPs For example if a MAP is dual homed to two WX4400 switches and one of the switches has 50 active MAPs while the other switch has 60 active MAPs the new MAP selects the switch that has only 50 active MAPs Bias applies only to WX switches that are indirectly attached to the MAP through an intermediate Layer 2 or Layer 3 network A MAP always attempts to boot on MAP port 1 first and if the MAP is directly attached to a WX switch on MAP port 1 it boots from that switch regardless of the bias settings 5 To add the MAP to a MAP group for session load balancing type the group name in the Load Balance Group box Viewing and Changing the Auto DAP Profile 271 6 In the Enable Firmware Update list select Yes to automatically upgrade MAP boot firmware The upgrade version of the firmware is loaded from a WX when the MAP is booting Select No to disable automatic firmware upgrading Automatic firmware upgrading is enabled by default 7 To enable an individual radio select Enabled 8 To configure RF Auto Tuning on a radio a To change the maximu
240. d If you enable them SNMP link traps are sent when the port state changes and 3WXM also polls and monitors the port s status To generate the LinkDown and LinkUp SNMP traps you must enable this option You also must globally enable SNMP traps See Configuring a Notification Target on page 197 1 Access the port table a Select the Configuration tool bar option 178 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS u A W N Configuring a Port for a Directly Connected AP gt b Inthe Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select Ports Select the port Click Properties Select SNMP Link Traps Click OK A MAP access port directly connects the WX switch to a MAP The port also can provide power to the MAP A Distributed MAP which is connected to WX switches through intermediate Layer 2 or Layer 3 networks does not use a MAP access port To configure for a Distributed MAP see Viewing and Configuring MAPs on page 272 Access the Create AP wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select Ports Select PoE Enabled if you have not already done so 0 Qa A FVW In the Task List panel select AP To change the name edit the string in the Name field The name can contain up to 16 alphanumeric characters with no spaces or tabs
241. d Coverage Areas 3WXM supports the sharing of coverage areas if one area is completely within a larger area For example you might want to provide 802 11a and 802 11b coverage in a conference room that is part of a larger coverage area only providing 802 1 1a coverage Coverage areas that partially overlap are not supported MAP access points are shared only in the overlapped area Figure 5 shows an example of shared coverage areas Figure 5 Supported Shared Coverage Areas Example Area 1 840 9502 0035 Area 2 114 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM The coverage areas shown in Figure 6 cannot share coverage and are not supported by 3WXM However separate nonshared coverage areas can overlap Figure 6 Unsupported Shared Coverage Area Example Area 1 840 9502 0035 Area 2 Keep the following in mind when planning shared coverage areas a Two coverage areas using the same wireless technology cannot be shared a A coverage area using 802 11b and a coverage area using 802 11g cannot be shared a MAP access points placed in shared areas must be configured as dual radio models Drawing a Coverage Area 3WXM supports concave polygons which have an internal angle greater than 180 degrees When drawing a polygon make sure that two sides of the polygon do not intersect each other as shown in Figure 7 Also make sure start and end points and the vertices are not
242. d adjusts its attenuation value in the plan so that the predicted RSSI matches the measured RSSI However the following should be noted The Optimize feature adjusts attenuation values only if the network plan has an RF obstacle in the line of sight between measurement points for example between MAPs that made the measurements 3WXM does not create an obstacle to account for the RSSI if one does not already exist Only one obstacle between any two measurement points is adjusted even if there are multiple obstacles between the measurement points 478 CHAPTER 18 OPTIMIZING A NETWORK PLAN The measurements reflect how well the measuring MAPs can hear one another and do not directly measure how well clients can hear the MAPs For example if the MAPs are mounted on the ceiling attenuation of their signals to one another might be less than the attenuation of the same signals when received by clients on desktops in cubicles and offices Locating and Fixing Coverage Holes Locating a Coverage Hole A W N After you import RF measurements and optimize you can look for coverage holes by displaying coverage To locate a coverage hole Select the RF Planning option in the main 3WXM tool bar Display the floor plan in the Content panel In the Task List panel click RF Planning In the Show RF coverage using listbox select how you want to display the coverage a Baseline Association Rate Coverage is shown based on the MAP
243. d data at Mon Dec 05 19 20 06 PST 2005 Viewing Data in Percentages To see a set of objects in a particular category of data as percentages in a pie chart click the Percent tab Data for the pie chart is captured when you click the tab and is based on the polling interval you selected To see details for percentage based performance data You can see percentage data for the objects in the selected scope For example if you selected a Mobility Domain as the scope you can see percentage data for the Mobility Domain WX switches in the Mobility Domain or WX ports To see the objects available in the scope click the button next to Select Detail the button text depends on what scope you selected and select the object whose percentage data you want to see To hide the list of objects that you can graph click Hide Object Selector Doing this allows you to see the graph in the full width of the Statistics tab The following figure shows the delta values for Octets In and Octets Out for the entire Mobility Domain as percentages in a pie chart Accessing Realtime Performance Statistics 455 t Performance Ethernet Port Statistics AlphaWX1 WX4400 DER Show values as O Absolute Deltas G Export Absolute Current History Percent Select Detail Wireless Switch Hide Object Selector Graph Selected Objects Octets In Out Packets In Out Errors In Out Wireless Switch CD alphawxt
244. d do one of the following a Inthe H box specify a value between 0 and 360 degrees a Use the slider to specify the hue value The color appears in the Preview box You can also see the RGB equivalent in the R G and B boxes next to the slider To change the saturation value select the S option and do one of the following a Inthe S box specify a value between 0 and 100 percent a Use the slider to specify the saturation value To change the brightness value select the B option and do one of the following a Inthe B box specify a value between O and 100 percent a Use the slider to specify the brightness value 488 CHAPTER A CHANGING 3WXM PREFERENCES Click OK to accept the color The RF Planning Options tab in the Preferences dialog box is active Do one of the following a Change another color a Click another Preferences tab a Click Close to close the Preferences dialog box Defining a Color by Changing RGB Properties You can define a color by changing red blue and green RGB color properties To specify a color by changing RGB click RGB in the Choose Color dialog box Use the Red Green and Blue sliders to define a color You can see a preview of the color in the Preview box Click OK to accept the color The RF Planning Options tab in the Preferences dialog box is active Do one of the following a Change another color a Click another Preferences tab a Click Close to close the Preferences
245. d sharing configuring 184 G generating work orders 155 H hardware requirements for installation 21 22 HTTPS enabling 186 l IGMP Internet Group Management Protocol configuring 214 definition 214 ocal changes deploying 352 reviewing 350 352 scheduling deployment 353 synchronizing 350 verifying 363 ocal configuration changes deploying 352 undoing 351 ocal user database 287 ocation policies configuring 325 ocation policy defined 325 ocation policy rules defined 325 og files installation 26 ogging configuring 198 setting up a syslog server 198 200 setting up system logging 198 M MAC address users creating 291 MAC user groups creating 292 management services configuring 186 MAP Auto AP profile 269 MAP signatures enabling 285 mapping an ACL 228 MAPs configuring 272 configuring directly connected 178 275 configuring radio profiles 263 configuring radios 281 rebooting 356 Mobility Domains creating 62 definition 60 roaming behavior 60 traffic ports used by 62 Mobility Profiles definition 328 monitoring service starting 493 monitors WX switch performance 198 INDEX 513 sharing 59 network ports configuring 176 notification link state 177 NTP Network Time Protocol configuring 204 O objects copying and pasting 42 deleting 42 optimal power 147 origin point adjusting 86 N named user groups creating 290 named users creating 289 network changes
246. d tunes the power This feature is disabled by default a Channel Tuning Interval Interval at which RF Auto Tuning decides whether to change the channels on radios in a radio profile At the end of each interval MSS processes the results of the RF scans performed during the previous interval and changes radio channels if needed You can specify from 0 to 65535 seconds The default channel interval is 3600 seconds 3Com recommends that you use an interval of at least 300 seconds 5 minutes If you set the interval to O RF Auto Tuning does not reevaluate the channel at regular intervals However RF Auto Tuning can still change the channel in response to RF anomalies a Tx Power Tuning Interval Interval at which RF Auto Tuning decides whether to change the power level on radios You can specify from 1 to 65535 seconds The default is 300 seconds a Channel Tuning Holddown Minimum number of seconds a radio in a radio profile must remain at its current channel assignment before RF Auto Tuning can change the channel The channel holddown provides additional stability to the network by preventing the radio from changing channels too rapidly in response to spurious RF anomalies such as short duration channel interference You can specify from 0 to 65535 seconds The default channel interval is 900 seconds a Tx Power Backoff Timer interval at which radios reduce power after temporarily increasing the power to maintain the minim
247. data is displayed The data is immediately updated To take a new measurement click on the new measurement point The measurement data is immediately updated for the new measurement point Using the Status Summary View The Status Summary view shows the operational status of 3Com equipment WX switches their MAPs and MAP radios The Status column shows the equipment status using the same colors as the Explore view Additional information is displayed for each equipment type fiz Status Summary lt gt amp SE alphaNeT4_1_0 Equipment Sites Alerts i Mobility Exchanges Q Access Points Radios Radio Status Type Tuned C Tuned P MAC b g prot Alphawxs wxR100 PO2 R 802 119 1 13 00 12 a9 5 Yes A Alphawx5 WXRI00 DAPI R 802 114 40 11 00 0b 0e 0 No A Alphawx5 WXR100 DAPL R 802 119 6 15 00 0b 0e 0 Yes A Alphawx3 wWx1200 POS R 802 114 36 4 00 12 a9 5 No A Alphawx3 wx1200 PO2 R 802 118 48 11 00 0b 0e 0 No A Alphawx3 WX1200 P02 R Operationa 802 119 6 15 00 0b 0e 0 No A Alphawx3 Wx1200 POL R 802 118 44 10 00 0b 0e 1 No A Alphawx3 WX1200 POL R 802 119 6 13 00 0b 0e 1 Yes Alphawx2 Wx1200 POL R 802 118 36 11 00 0b 0e 2 No A AlphawxX2 WX1200 POL R 802 119 1 15 00 0b 0e 2 Yes Alphawx2 wx1200 DAP24 R 802 119 N A N A 00
248. datory but that the radio can nonetheless use to send data By default all valid rates that are not mandatory are still supported a Disabled rates Data transmission rates that MAP radios will not use to transmit data This setting applies only to data sent by the MAP radios The radios will still accept frames from clients at disabled data rates By default none of the data rates are disabled All rate settings apply specifically to data rates used by radios for transmission Radios can accept frames from a wireless client at any valid rate 258 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Viewing SSID Encryption Settings and Access Rules SODA Tab The SODA tab has settings for the Sygate On Demand SODA feature SODA is an endpoint security solution that allows enterprises to enforce security policies on client devices without having to install any special software on the client machines WX switches can be configured to run SODA security checks on users machines as a requirement for gaining access to the network Sygate on Demand Enables or disables SODA on the service profile s SSID When SODA functionality is enabled for a service profile a SODA agent is downloaded to clients attempting to connect to a MAP managed by the service profile The SODA agent performs a series of security related checks on the client a Enforce checks Enables or disables the enforcement of the SODA security checks so that the client is a
249. dialog box Changing 3WXM Logging Options gt You can change the severity and type of 3WXM events that are logged By default the event logging level is set to Critical and all events are logged These log settings apply to log messages generated by 3WXM They do not apply to log messages generated by WX switches To change 3WXM logging options Select Tools gt Preferences The Preferences dialog box appears Click the Logging tab Changing 3WXM Logging Options 489 3 In the Log Event Level list select one of the following event levels a Critical A critical condition has occurred that requires immediate resolution a Warning An event that might require attention has occurred a Info Informational messages only No action is required a Debug All events are shown including debug messages Select the Debug option only if 3Com Technical Support has advised you i gt to do so Debug level logging significantly impacts network performance and should only be enabled temporarily to troubleshoot problems as directed by Technical Support 4 Select one or more of the available event types for 3WXM to log 5 Click Close to close the Preferences dialog box or click another tab to continue making changes 490 CHAPTER A CHANGING 3WXM PREFERENCES CHANGING 3WXM SERVICES PREFERENCES This chapter discusses how to change 3WXM Services preferences Overview To set 3WXM Services preferences select
250. dit or select the new value For information about ACE settings see Viewing and Configuring ACLs on page 220 CAUTION Do not change the deny rule at the bottom of the ACL This rule must be present and the capture option must be used with the rule If the rule does not have the capture option the Web Portal user never receives a login page 9 Click Next Viewing and Changing Port Settings 183 10 Create a Web Portal authentication rule to control access to the port or 11 12 use one that has already been created To create a new rule a Click Create b Specify the user glob in the Matching User Glob box To match on all usernames leave the wildcards in the box For syntax information see Access Rules on page 238 To use an existing rule leave the rule in the list c Click Next d Select the authentication and accounting method RADUS server group or local database For information see AAA Methods RADIUS Server Groups and the Local User Database on page 240 e Click Next f To configure accounting select Enabled select the record type Start Stop or Stop Only then select LOCAL or a RADIUS server group for the accounting and click Add g Click Finish If you selected Local as an authentication method the users in the local database are listed Go to step 12 f you did not select LOCAL click Finish to close the wizard and save the changes You are finished with this
251. e bi cursor Using an object other than a line to represent an RF obstacle s dimensions does not materially affect the calculation of RF attenuation When 3WXM calculates attenuation along any vector passing through the obstacle it counts the obstacle s RF attenuation only once regardless of the floor space it occupies The Create RF Obstacle dialog box appears Go to To use the Create RF Obstacle Dialog box on page 96 You can import RF measurements from a site survey file generated by the Ekahau Site Survey Tool 3WXM uses the site survey data to assign attenuation values to objects in the floor plan This method of adding RF obstacle data requires the following tools a 3WXM 4 1 a Ekahau Site Survey Tool www ekahau com and a laptop PC on which to run the tool when you take measurements a An AP on wheels a portable AP that you can move to different locations on the floor as you take RF measurements with the site survey tool Specifying the RF Characteristics of a Floor 99 To use this method perform the following tasks In 3WXM identify the major RF obstacles and assign an attenuation value to them You can select any attenuation value 3WXM will use the RF measurement data from the site survey to correct the attenuation values See Converting Objects into RF Obstacles on page 95 and Drawing RF Obstacles on page 97 3WXM also can create new obstacles based on the RF measurement data
252. e configuration configuration file from the live switch in the network See Adding a Switch by Uploading its Configuration from the Network on page 163 Configure and Applies configuration settings from policies to a single switch or apply policies multiple switches See Configuring and Applying Policies on page 373 Deploy Sends WX switch configurations from the network plan into the live network to implement the network plan on the live switches See Deploying Switch Configuration Changes on page 352 Verify Checks switch configuration changes against a set of configuration configuration rules alerts you to configuration items that do not fit the rules and changes enables you to either edit these configuration items or ignore the rules See Verifying Configuration Changes on page 363 346 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Table 23 WX File Management Options in 3WXM continued Option Description Synchronize Compares switch configurations in the network with their local and counterparts in the network plan and enables you to review the network differences and either deploy the new changes to synchronize the changes configurations or undo the changes See Synchronizing Local and Network Changes on page 350 Save image in Adds a WX system image to a repository When you distribute repository images and configuration files you can select an im
253. e Active Handsets per AP list specify the number of voice over IP phones that you want each MAP to handle In the Expected Handset Count list specify the number of voice over IP phones you expect to be in the coverage area In the Handset Oversubscription Ratio list select the ratio for the average transmit behavior of the voice over IP phones The handset oversubscription ratio is the ratio of active handsets compared to total handsets For example the ratio 4 1 indicates that Statistically 25 percent of the voice over IP phones are active at any given time Click Next The Mobility Domain Radio Profile Wiring Closet s page appears v Create Coverage Area Optional Mobility Domain Radio Profile Wiring Closet s Select the Mobility Domain Radio Profile Wiring Closet s for the Coverage Area s Mobility Domain Mobility Domain Not Assigned v Select the mobility domain that will contain the APs in the coverage area Radio Profile Radio Profile default v Select or Enter the Radio Profile Name This Radio Profile will be used to configure the radios in the coverage area If this Radio Profile does not exist on the WX it will be created Wiring Closet s Wiring Closet Not Assigned Select the wiring closet that will support the wired connection to the APs Redundant Wiring Closet Not Assigned Select the wiring closet that will support the redundant wired connection to the APs
254. e Available Members list is empty no MAPs have been configured for the switch yet To configure MAPs see Configuring a Directly Connected MAP on page 275 and Creating a Distributed MAP on page 273 After you configure the MAPS return to this wizard page to apply the radio profile to radios b gt Viewing and Changing the Auto DAP Profile 269 Voice Configuration Tab The Voice Configuration tab lists settings for VoIP services a QoS Mode Classification and marking of high priority traffic on the WX and MAP WMM Classifies marks and forwards traffic for Wi Fi Multimedia WMM devices based on 802 1p and DSCP values a SVP Optimizes forwarding of SpectraLink Voice Priority SVP traffic by setting the random wait time a MAP radio waits before transmitting the traffic to O microseconds The SVP QoS mode also requires an ACL to mark CoS in the SVP traffic The ACL is automatically configured by 3WXM when you use the Voice Service Profile wizard with the SVP vendor option Viewing and Changing the Auto DAP Profile Viewing Auto DAP Profile Settings kh WN You can use an Auto DAP profile to deploy unconfigured Distributed MAPs A Distributed MAP that does not have a configuration on a WX switch can receive its configuration from the Auto DAP profile instead The Auto DAP profile assigns a Distributed MAP number and name to the MAP from among the unused valid MAP numbers available on the switch The A
255. e Managed Devices table indicates that the operation has been canceled Importing and Exporting Switch Configuration Files 359 Importing and Exporting Switch Configuration Files You can import or export switch configuration files in Extensible Markup Language XML format The import option enables you to create a WX switch in the network plan by importing configuration files in Extensible Markup Language XML format You also can update the configuration of a switch that is already in the plan a The export option enables you to save a switch s configuration to an XML file After exporting a WX configuration to an XML file you can import it to another instance of 3WXM or use it as a backup copy If you import a configuration containing information that an older version of 3WXM or MSS does not support the information is ignored when the configuration is imported If you import a switch configuration you must enable 3WXM management of the switch before you can deploy the switch to the network To enable 3WXM management of a switch see Modifying Basic Switch Parameters on page 170 To import a configuration In the main 3WXM window select File gt Import The Import Configurations dialog box appears In the Import Into Mobility Domain group box select one of the following options a Click Use File Info to import the configuration information using the Mobility Domain specified in the configuration file a
256. e Organizer panel the floor plan is displayed Beg Explore pa a amp H l show RF Coverage Using Baseline Association Rate S ARBRE WS SE alphaNET4_1_0 E Equipment 3ComA ir patai SalesAndMatketing_G DAP 12 2iMkesoffice DAP13 MAP Empty DAP14 MAP 5 Empty DAP15 MAP Cafe Ext DAP16 DAP16 Alphawx2 wx1200 Alphawx3 Wx1200 H Alphawx5 WXR100 Alphawx4 wx1200 Sites PT e MT Alerts aR The floor plan is displayed only if you add the floor to the site information in the network plan Toolbar Options Using the Explore Window 405 In either the link display or the floor display the operational status of 3Com equipment is indicated by the following colors Green Up Yellow Up but with minor service degradation Orange Up but with major service degradation Red Down Blue Unknown The Explore view has a toolbar in the link display and the floor display Table 33 lists the options on the toolbar in the link display Table 33 Toolbar Options in Link Display of Explore View Icon Description ipm Edit 3WXM preferences f Configure 3WXM Services Launch Help Zoom in Zoom out Refresh the information Fit the view in the window P Me S Print the view displayed in the window Display link labels
257. e Properties Enter the RF Obstacle properties Description RF ExtWalls Obstacle Type Exterior Concrete Wall 27 Attenuation Factor for 802 11a dB 45 Attenuation Factor for 802 11bjg dB 53 4 Updated Obstacle Type Value Exterior Concrete Wall 27 Finish Cancel In the Description box type a description for the RF obstacle 1 to 60 characters with no tabs In the Obstacle Type list select the material of which the RF obstacle is made Select Other if the material is not listed This allows you to create your own obstacle type Drawing RF Obstacles Specifying the RF Characteristics of a Floor 97 In the Attenuation Factor boxes specify the attenuation factor for 802 11a and 802 11b g technology 0 to 100 dB The default is the typical attenuation factor for the material chosen Click Finish to save the changes and close the dialog box If you created RF obstacles for all objects in a layer all objects in the layer are converted into separate RF obstacles a f you created RF obstacles for an area all objects in the area are converted into separate RF obstacles If you created RF obstacles for multiple selected objects all objects you selected are converted into separate RF obstacles If you created RF obstacles for grouped objects each grouped object is converted into a single RF obstacle Display the floor plan in the Content panel 2 In the Task Li
258. e RF characteristics of the floor see Specifying the RF Characteristics of a Floor on page 94 You can import a drawing of your floor plan into 3WXM 3WXM supports the following file types a AutoCAD drawing DWG a native binary format used by AutoCAD You can import the following versions R13 R14 R2000 Use R2000 if available a Drawing Interchange Format DXF an ASCll based interchange format used for multi vendor interoperability You can import the following versions R12 R13 R14 R2000 Use R2000 if available a Graphics Interchange Format GIF gif a Joint Photographic Experts Group JPEG jpeg jpg 3WXM cannot import files in Visio format However you can export a Visio file to a DXF or JPG file then import that file into 3WXM You can also draw a floor plan in 3WXM if you do not have a drawing of your floor in one of the supported file formats File Recommendations Preparing a Drawing Before Importing It Importing or Drawing Floor Details 79 For optimal results use a DWG or DXF drawing These types of drawings are made of vector graphics line objects lines which you can easily convert into RF obstacles after importing the drawing into 3WXM In addition the drawing objects are usually grouped together and organized by layers enabling the display and manipulation of similar objects such as walls doors and windows Drawings in DXF format sometimes import more easily into 3WXM However 3Co
259. e a wizard to configure basic switch parameters See Using the Create Wireless Switch Wizard on page 165 a Third Party AP Add a third party AP for use in network planning See Creating a Third Party AP on page 63 Country Code Change the regulatory domain for the MAPs in the network plan See Changing the Country Code on page 65 Auto Tune Settings Update the channel and power information in the network plan to match the channel and power settings assigned to MAPs in the network by the RF Auto Tune feature See Applying the Network s RF Auto Tuning Settings to the Network Plan on page 65 Upload Wireless Switch Add a WX switch that is already deployed in the live network to the network plan See Uploading a WX Switch into the Network Plan on page 66 Convert Auto APs Convert MAPs that were configured by an Auto AP profile into statically configured MAPs See Converting Auto DAPs into Statically Configured APs on page 67 a Network Domain Configure a group of Mobility Domains into a single Network Domain See Creating a WX Switch on page 63 Managing Network Plans Saving a Network Plan After creating a network plan you can save close open or delete it You can also share a network plan with others When you create a network plan and save changes a directory with the same name as the network plan is created in the config db directory of the
260. e asked whether you want to delete the existing layout or add the objects to the existing layout If you are reimporting the original file 3WXM adds only incremental changes to the existing layout Read the message about verifying the drawing scale then click OK Adjusting the Scale of a Drawing on page 85 describes how to adjust the scale The imported drawing is displayed in the Content panel 84 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Figure 1 Floor Plan After Importing 3Com Wireless LAN Switch Manager 4 1 0 Plan RTFM File Tools Help gt 2 ih y Q Forward RF Planning Configuration Devices Monitor Rogue Detection Verification BEARS AEAT MECHAS WERI SE RTFM Site1 Buildingt Cropping the Paper Space AN u PWN Show Coverage Areas RF Planning gt Import Floor Layout orm TTT me 7 Ganla gt Create RF Obstacles s loori Level 1 f D con imal Power gt Work Order Report Site Survey Import Points gt Import Measurement D Optimize gt Report y e E 3 E ad lt LE SN rP E RF Planning At this point you can edit the floor contents Go to Cropping the Paper Space next to begin You can crop the paper space of a drawing to remove unneeded space and objects around the floor
261. e authenticated and encrypted This security level is the same as the authPriv level described in SNMPv3 RFCs a AuthRequest UnsecuredNotify SNMP message exchanges are authenticated but are not encrypted and notifications are neither authenticated nor encrypted The only security level supported for SNMPv1 and SNMPv2c is Unsecured 188 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS 3 Select the version s of SNMP you want the switch to run V1 V2c USM SNMPv3 4 See the following sections for more configuration options Configuring an SNMP V1 or V2c Community String 1 Access the Create Community wizard a b c d e oe a Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select Management Services In the Task List panel select Community In the Community String box type the name of the community The name can be 1 to 32 alphanumeric characters with no spaces or tabs Community string names are transmitted in clear text If you enable SNMP service on the WX 3Com recommends that you do not use the well known strings public for READ or private for WRITE These strings are commonly used and can easily be guessed Select the access type read only An SNMP management application using the string can get read object values on the switch but cannot set write them This is the default read notify
262. e before continuing The country code you select here is the default for all MAPs in the network plan However you can override the country code in individual sites within the network plan In the Channel Set list select the set of operating channels for any 802 11b g MAP radios you plan to use The choices in the list are dependent on the country code you chose in step 3 The channel numbers you select are used later in the planning process when you assign channels to 802 11b g radios You might be able to select a set of overlapping channels However in some network layouts using overlapping channels reduces network performance Channel numbers used for 802 11a radios do not overlap and are not listed at this stage of the planning process You can modify channel selections for 802 11a and 802 11b g radios later in the planning process or allow WX switches to set the channels automatically The 802 11b g channel set you select here is the default for all MAPs in the network plan However you can override the channel set in individual sites within the network plan Click Next to save the network plan on the server and open it in 3WXM The network plan settings appear in the Content panel and the following links appear in the Task List panel a Mobility Domain Configure a named set of WX switches that support user roaming See Creating a Mobility Domain on page 62 Managing Network Plans 55 a Wireless Switch Us
263. e color schemes for showing the following types of RF information a 802 11a channels a 802 11b and 802 11g channels a RF obstacles a Radio transmit data rates a Receive signal strength RSSI a Signal to noise ratio SNR a Client load number of clients associated with a radio a Probability of a rogue device or client being in a specific location For each scheme you can change a color using any of the following methods a Select a color from a predefined palette a Change the hue saturation and brightness HSB properties of a color a Change the red blue and green RGB properties of a color 486 CHAPTER A CHANGING 3WXM PREFERENCES To Change a Color Select Tools gt Preferences The Preferences dialog box appears 2 Click the RF tab 3 Select one of the following tabs a 802 11a Channel Colors a 802 11b g Channel Colors a RF Obstacle Colors a Data Rate Colors a RSSI Band Colors a SNR Band Colors a Load Band Colors a Probability Colors Click on the color column for the color you want to change The Choose Color dialog box appears See one of the following sections a For more information about using the color palette see Defining a Color from the Palette on page 486 a For more information about using HSB see Defining a Color by Changing HSB Properties on page 487 a For more information about using RGB see Defining a Color by Changing RGB Properties on page 488 Defini
264. e dialog box Deleting 3WXM User Accounts A W N Disabling Access Control A W N To delete a 3WXM user account Access the 3WXM Services Setup dialog box Select a user account from the Authorized Users list Click Remove an Account The account is deleted In the 3WXM Services Setup dialog box click Save to save the changes Click Close to close the dialog box If you have enabled access control for 3WXM you can disable access control This allows all users who have successfully authenticated to the system on which 3WXM is installed to run 3WXM If you disable access control the permissions and account types are deleted from 3WXM However these deletions have no effect on the Windows user accounts themselves To disable access control Access the 3WXM Services Setup dialog box Click Allow all users All 3WXM accounts that were created are deleted In the 3WXM Services Setup dialog box click Save to save the changes Click Close to close the dialog box WORKING WITH NETWORK PLANS A network plan is the workspace in 3WXM you use to design a 3Com network In a network plan you define components of the network WX switches MAP access points and optional third party access points Regardless of whether you intend to use physical planning features you must create a network plan before you can configure or manage WX switches or monitor network data A network plan allows modular management of large networks ba
265. e notify read notify or notify only is already configured you can select it Otherwise you must create a new one You also can create a new USM user even if one is already configured To create anew USM user a lf a list of USM users is displayed select Create new USM User and click Next 194 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS 13 14 15 b In the Username box type the name of the SNMPv3 user The name can be 1 to 32 alphanumeric characters with no spaces or tabs c Select the access type read notify An SNMP management application using the string can get object values on the switch but cannot set them The switch can use the string to send notifications notify only The switch can use the string to send notifications notify read write An SNMP management application using the string can get and set object values on the switch The switch can use the string to send notifications d Select the Engine ID format Hex ID is a hexadecimal string a IP ID is based on the IP address of the station running the management application Enter the IP address of the station MSS calculates the engine ID based on the address LocallD Uses the value computed from the switch s system IP address To send informs you must specify the engine ID of the inform receiver To send traps and to allow get and set operations and so on specify local as the engine ID If you select Hex or IP type the he
266. e number URL or e mail address from the list below Telephone numbers are correct at the time of publication Find a current directory of contact information posted on the 3Com web site at http csoweb4 3com com contactus Telephone Number Country Telephone Number Asia Pacific Rim Telephone Technical Support and Repair Australia Hong Kong India Indonesia Japan Malaysia New Zealand Pakistan 1 800 678 515 Philippines 1235 61 266 2602 or 800 933 486 1800 1 888 9469 61 2 9424 5179 or P R of China 800 810 3033 000800 650 1111 Singapore 800 6161 463 001 803 61009 S Korea 080 333 3308 00531 616 439 or Taiwan 00801 611 261 03 3507 5984 Thailand 001 800 611 2000 1800 801 777 0800 446 398 61 2 9937 5083 You can also obtain support in this region using the following e mail apr_technical_support 3com com Or request a repair authorization number RMA by fax using this number 65 543 6348 Europe Middle East and Africa Telephone Technical Support and Repair From anywhere in these regions call 44 0 1442 435529 510 CHAPTER C OBTAINING SUPPORT FOR YOUR PRODUCT Country Telephone Number Country From the following countries you may use the numbers shown Austria 01 7956 7124 Luxembourg Belgium 070 700 770 Netherlands Denmark 7010 7289 Norway Finland 01080 2783 Poland France 0825 809 622 Portugal Germany 01805 404 747 South Africa Hungary 06800 12813 Spain Ireland 1407 3387 Sweden Israel 1800
267. e plus sign next to AAA Select MAC Access Rules In the Task List panel select MAC Network Access Dan ao o Viewing and Configuring MAC Network Access Rules 311 2 Specify whether the rule is for wireless access to an SSID or access through a wired authentication port a f the rule is for access to an SSID do one of the following To match on any SSID name leave the value any in the SSID box To match only on a specific SSID name select or type the name in the SSID box a f the rule is for access through a wired authentication port select Wired CAUTION The default SSID name any matches on all SSID names If the SSID box contains any and you do not change the SSID name the authentication rule allows clients who match the MAC address glob to access any SSID 3 In the User Glob box type a full or partial username to be matched during authentication MAC addresses must be specified with colons as the delimiters for example 00 11 22 33 44 55 You can use wildcards by specifying an asterisk in MAC addresses The following lists examples of using wildcards in MAC addresses a all MAC addresses a 00 a 00 01 a 00 01 02 a 00 01 02 03 a 00 01 02 03 04 a 00 01 02 03 04 0 4 Click Next 5 If the authentication rule is disabled select Enabled When a rule is disabled 3WXM does not add it to the switch s configuration 6 Select the authentication method s in the Available RADIUS Server Grou
268. e portable AP You must add the LOS points to the floor plan before you generate a site survey order You can add LOS points by importing them from a file or by creating them in 3WXM To import LOS points from a file Use the site survey tool or some other means to prepare a csv file containing the MAC addresses of each LOS point 2 Display the floor plan in the Content panel 3 In the Task List panel click RF Planning Under Site Survey click Import Points The Import AP Placement Points dialog is displayed Specifying the RF Characteristics of a Floor 101 Import AP Placement Points Floor1 AP Placement Points Source Please select the source for the AP Placement Points 5 Click Yes next to File 6 In the File Format listbox select Ekahau 7 Click Choose to navigate to the csv file that contains the LOS points 8 Click Next The MAC addresses of the LOS points appear 102 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 10 11 t Import AP Placement Points Floor1 Data Import Progress Please wait while data import is in progress Select the AP Placement Points 00 0b 0e 00 d1 42 802 11b 00 0b 0e 00 d4 03 802 11a 00 0b 0e 00 d4 02 802 119 00 0b 0e 00 d9 83 802 114 00 0b 0e 00 d1 02 802 119 00 0b 0e 00 d2 42 802 119 00 0b 0e 00 d2 c3 802 11a 00 0b 0e 00 d9 43 802 114 00 0b 0e 00 d9 82 802 11g 00 0b 0e 00 d5 83 802 114 00 0b 0e 00 d9 42 802 11g 00 0b 0e 00 08 03 802 114 00 0b 0e
269. e system IP address and VLAN select them from the System VLAN IP drop down list The system IP address determines the interface or source IP address MSS uses for system tasks including the following a Mobility Domain operations Topology reporting for dual homed MAP access points Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP notifications Click Management Interface 8 To enable the switch to be managed by 3WXM select Managed Until ay this option is selected you cannot deploy the switch configuration you create in 3WXM to the actual switch in the network This option also enables the Launch Telnet and Launch Browser options in the Task List panel CAUTION After you select Managed to enable management of the switch by 3WXM do not change this option unless advised to do so by 3Com Technical Support If you change a WX switch to an unmanaged state in a network plan all network operations polling stop for that WX switch If you change back to a managed state the entire configuration of the switch is replaced with the settings from the network plan which can result in loss of connectivity to the switch 10 11 12 13 14 15 Adding a Switch by Uploading its Configuration from the Network Adding a Switch by Importing a Configuration File Adding a WX Switch to the Network Plan 163 To modify the management interface select the IP interface and VLAN
270. e to manage your installation with minimal disruption to your network Expert assessment and implementation services are offered to fill resource gaps and ensure the success of your networking projects More information on 3Com maintenance and Professional Services is available at http www 3com com Contact your authorized 3Com reseller or 3Com for a complete list of the value added services available in your area 508 CHAPTER C OBTAINING SUPPORT FOR YOUR PRODUCT Troubleshoot Online You will find support tools posted on the 3Com web site at http www 3com com 3Com Knowledgebase helps you troubleshoot 3Com products This query based interactive tool is located at http knowledgebase 3com com and contains thousands of technical solutions written by 3Com support engineers Access Software Downloads Software Updates are the bug fix maintenance releases for the version of software initially purchased with the product In order to access these Software Updates you must first register your product on the 3Com web site at http eSupport 3com com First time users will need to apply for a user name and password A link to software downloads can be found at http eSupport 3com com Or under the Product Support heading at http www 3com com Software Upgrades are the software releases that follow the software version included with your original product In order to access upgrades and related documentation you mus
271. e type with this new report click next to Overwrite Existing Files to deselect this option 8 Click Generate 9 When the report is generated click the report link to view it Table 30 lists the sections in the report Table 30 Inventory Report Sections Section Description Summary Lists the equipment models and how many of each model are in the network plan in this Mobility Domain Wireless Switch Lists information for each WX switch in the selected Inventory Mobility Domain Managed Access Point Lists information for each MAP in the selected Mobility Inventory Domain 386 CHAPTER 15 GENERATING REPORTS Generating a Mobility Domain Configuration Report A W N The Mobility Domain configuration report lists information for all the WX switches in a Mobility Domain including the VLANs radio and service profiles and RADIUS server groups and servers configured on the WX switch es Select the Reports tool bar option In the Report Category list select Configuration Reports In the Reports list select Mobility Domain Configuration In the Report Scope Instance drop down list select the Mobility Domain for which you want the report The scope is always Mobility Domain and cannot be changed To select or change the output directory for the report click Choose navigate to the new directory and click Select To prevent 3WXM from replacing an existing report of the same type with this new report click nex
272. ea s The default Wx and AP models will only be used when RF Planning creates the devices You can also select the connection type WX Model Default AP Model MaP 372 a AP Connection Type Distributed lt Previous Next gt J Finish Cancel Specifying Default Device Settings for the Coverage Area You can optionally specify the WX switch or MAP models that 3WXM uses when calculating the devices to include in the coverage area To change the WX switch model select the model from the WX Model list To change the default MAP model select the model from the Default AP Model list If this is a shared area more than one radio technology only dual radio models are listed If the area is not shared all models are listed To change the MAP connection type select the type from the AP Connection Type list a Direct MAPs are directly attached to dedicated WX switch ports a Distributed MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices Distributed Auto MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices They receive their configuration automatically using a profile that assigns a Distributed MAP number and name to the MAP from among the unused valid MAP numbers available on the switch The profile also configures the MAP with the MAP and radio parameter settings in the profile See Viewing and Changing the Auto DAP Profile on page 26
273. ears asking whether you want to close the wizard Changes are lost if you close the wizard If you click Cancel to close a wizard you do not get a confirmation prompt If you make changes in a wizard and click Cancel all changes are lost To save changes in a wizard click Finish Within Window Style select one of the following a Single Show the view in one window when you explore the topology in the main 3WXM window This is the default setting a Multiple Show the topology in multiple windows Within Icon Size select one of the following a 16x16 Change all icons to 16x16 pixels This is the default setting a 20x20 Change all icons to 20x20 pixels a 24x24 Change all icons to 24x24 pixels Within Show Wizard Index select one of the following On Top See the wizard index at the top of wizard dialog boxes This is the default setting a On Left See the wizard index on the left of wizard dialog boxes Click Close to close the Preferences dialog box or click another tab to continue making changes Changing Persistence Options 3WXM can send messages to users who have a network plan open with monitor access when a user with administrator access saves a change to the plan or releases the lock by closing the plan By default these messages are enabled with a notification interval of one minute To change the plan change notification options Select Tools gt Preferences The Preference
274. eate and select the type of service you want to create a 802 1X Service Profile Provides wireless access to 802 1X clients Voice Service Profile Provides wireless access to Voice over IP VoIP devices a Web Portal Service Profile Provides wireless access to clients who log in using a web page Open Access Service Profile Provides wireless access to clients without requiring them to log in 170 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS 10 Custom Service Profile Provides wireless access based on the combination of options you choose Use this option only if none of the other options applies to the type of service you want to offer b See Viewing and Configuring Wireless Services on page 235 for information about wireless service parameters c When you are finished configuring wireless services click Next and go to step 8 Configure basic Auto DAP profile settings a To enable the Auto DAP profile select Enabled b To change the radio type the profile assumes for 802 11b g radios in dual radio MAP models select the radio type from the AP Radio Type drop down list 11b n 11g Click Finish Modifying Basic Switch Parameters Basic switch parameters are displayed in the Content panel when you select a switch in the Organizer panel Select the Configuration tool bar option In the Organizer panel select the WX switch Basic parameters for the switch appear in the Content panel To
275. ect Enable AP Signature 3 Click Save 286 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS This chapter describes how to view and configure the following Authentication Authorization and Accounting AAA parameters for WX switches a Local database entries for AAA processing of administrator and network client access a RADIUS servers for backend AAA processing of WX administrator access and network client access a Global 802 1X Settings a Network client access rules a WX administrator access rules a RADIUS proxy entries and 802 1Q mapping to provide AAA for clients of third party APs a Location policies for overriding authorization parameters assigned by AAA to network clients a Mobility profiles for controlling network client access to specific MAP ports Distributed MAPs or wired authentication ports Creating and Managing Users in the Local User Database The WX switch contains a local database that can store user information for a 3Com Mobility System You can use the local database to create users and authenticate them or you can use the local database in conjunction with a RADIUS server For example although you might use a RADIUS server to manage most users you could define IT staff as users in the local database in the event that the RADIUS server is unavailable 288 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMET
276. ect the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Local User Database ao a oO e In the Task List panel select MAC User Group In the User Group Name box type a name for the MAC address user group 1 to 60 alohanumeric characters with no spaces or tabs To set authorization attributes for MAC addresses in the group click Next and go to step 5 Otherwise if you plan to set authorization attributes in another way such as configuring default AAA attribute values for the SSID the user will access click Finish In the VLAN Name box select or type the VLAN that the group belongs to 1 to 16 alohanumeric characters with no spaces or tabs The WX switch will authorize the MAC users in this group for that VLAN For more information on VLANs see Viewing and Configuring VLANs on page 206 In the attribute row you want to configure click the Attribute Value column See Table 22 on page 293 for a description of user attributes and their values Type the new attribute value in lowercase characters ACL names are case sensitive Repeat step 5 through step 7 for each attribute value you want to change To add MAC addresses to the group click Next Select users in the Available MAC Address Users list Click Add to move them to the Current MAC Address Users list Click Finish Authorization Attributes Creating and Man
277. ect this alert to open the Rogue Detection tab in the Content panel You can use this tab to list information about non 3Com wireless devices detected in the network See Detecting and Combatting Rogue Devices on page 457 Local Changes Lists the number of WX switch configuration changes that have occurred in 3WXM in the network plan since the last time the switches in the network were synchronized with their counterparts in 3WXM Select this alert to open the Managed Devices tab in the Content panel You can use this tab to review the local changes and deploy them to the network See Synchronizing Local and Network Changes on page 350 Network Changes Lists the number of WX switch configuration changes that have occurred in the live network since the last time the switches in the network were synchronized with their counterparts in 3WXM Select this alert to open the Managed Devices tab in the Content panel You can use this tab to review the network changes and upload them to 3WXM See Synchronizing Local and Network Changes on page 350 The Content panel displays information or configuration settings based on the selected tool bar option The Content panel is located to the right of the Organizer panel See the figure on page 29 The Policies RF Planning and Configuration tool bar options display configuration fields After selecting one of these tool bar options you can click on a p
278. ed Viewing and Configuring Global 802 1X Settings 305 9 To enable reauthentication of 802 1X clients select Reauthentication To disable reauthentication clear Reauthentication By default reauthentication is enabled 10 To specify the number of reauthentication requests the WX switch attempts before a client becomes unauthorized specify the value 1 to 10 in the Reauthentication Attempts box The default is 2 attempts If the number of reauthentications for a wired authentication client is D gt greater than the maximum number of reauthentications allowed MSS sends an EAP failure packet to the client and removes the client from the network However MSS does not remove a wireless client from the network under these circumstances 11 To specify the number of seconds before reauthentication is attempted specify the timeout value from 60 to 1 641 600 seconds 19 days in the Reauthentication Period box The default is 3600 seconds one hour MSS reauthenticates dynamic WEP clients based on the reauthentication timer MSS also reauthenticates WPA clients if the clients use the WEP 40 or WEP 104 cipher For each dynamic WEP client or WPA client using a WEP cipher the reauthentication timer is set to the lesser of the global setting or the value returned by the AAA server with the rest of the authorization attributes for that client 12 To enable WEP key rolling rotation of the broadcast and multicast WEP keys select WEP Key R
279. ed MAPs will be managed these also must be physically installed connected to the network by Ethernet cables and connected to Power over Ethernet PoE sources Drop ship configuration requires a DHCP server at the remote office The WXR100 uses the DHCP server to obtain an IP configuration in order to communicate with 3WXM Services in the corporate network The drop ship option also requires an entry in the local DNS server that maps the hostname wlan config srv to the IP address of the host where 3WXM Services are installed The person at the remote office powers on the WXR100 and inserts a paperclip or similar object into the WXR100 s Fn hole to press the Fn switch Normally the Fn LED the right LED above port 1 remains solidly lit for 3 seconds after power on However when the Fn switch is pressed the LED flashes for 3 seconds instead How Remote WX Configuration Works 333 Figure 9 shows the location of the Fn switch and the LED Figure 9 Fn Switch on WXR100 Link LEDs Fn MAP LED LED Fn switch T d i O H Serial 10 100 Ethernet 10 100 and MAP Power Power console port uplink port Ethernet port supply input supply LED 5 Because the Fn switch was pressed while the switch was starting the WXR100 configures the following items to enable itself to contact 3WXM Services a Ports 1 and 2 in the default VLAN VLAN 1 a DHCP client on VLAN 1 enabled 6 The WXR100 uses the DHCP client to obtain an IP configu
280. ed to the current floor from access points on the floor above or below do the following In the Coverage Areas section of the Organizer panel navigate to the floor Expand the floor to display its coverage areas 5 Right click on a coverage area and select Show RF Coverage If the coverage area provided by an access point on the floor above or below is one meter or less 3WXM displays a message This coverage area is not displayed on the current floor plan Resolving coverage gaps You might see small holes when looking at the coverage areas at the baseline association rate These small holes are most likely areas where users still have wireless access but not at the baseline association rate In most situations increasing transmit power levels to close the holes will generate more co channel interference 3Com recommends that you allow these small holes during the planning process If you need to resolve the gaps in coverage try the following 1 Select the coverage area 2 Right click and select Show RF Coverage Verifying the Wireless Network 151 In the Show RF coverage using listbox select how you want to display the coverage a Baseline Association Rate Coverage is shown based on the MAP radio baseline association rate The baseline association rate is the typical data rate the radio is expected to support for client associations The baseline association rate is specified during planning on a coverage area b
281. ed with the following equation value at end of polling interval value at beginning of polling interval time differenc in seconds Refreshing RF Trend Data Accessing Realtime Performance Statistics 449 To change how you view data values select Absolute to see absolute values or Deltas to see rate of change values The data displayed in the RF Trends view is refreshed at regular intervals every 5 minutes by default The data is refreshed based on the specified polling interval See Changing Monitoring Settings on page 500 You can also refresh the data on demand To refresh the data on demand click the Sy refresh icon on the RF Trends view toolbar Accessing Realtime Performance Statistics In addition to information supplied by 3WXM s monitoring features you can access performance statistics directly from the network To access performance statistics from the network 1 Do one of the following a Select Tools gt Performance Monitor from the toolbar in the main 3WXM window The Performance Monitoring dialog box appears Go to step 4 a Select an object in the Organizer panel then right click and select Performance Statistics and the type of statistics to monitor from the menu The Performance Monitoring dialog box appears with the scope and statistic type selected Go to step 5 a In the Client Monitor window click lal on the window s toolbar Go to Viewing Performance Data on page 45
282. elect the accounting method s in the Available RADIUS Server Groups list and click Add The options and processing are the same as those for authentication methods See step 6 11 Click Finish Viewing and Last resort access allows users to access the network without entering a Configuring username or password Last Resort Network Access This section assumes that you are familiar with the AAA options in MSS Rules For detailed information see the Configuring AAA for Network Users chapter of the Wireless LAN Switch and Controller Configuration Guide Viewing Last Resort To view last resort network access rules Network Access Rules Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Last Resort Access Rules A W N The configured last resort network access rules appear Creating a Last Resort To create a last resort network access rule Network Access Rule 1 Access the Create Last Resort Network Access wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Last Resort Access Rules anA gg In the Task List panel select Last Resort Network Access Viewing and Configuring Last Resort Network Access Rules 317 2 Specify whether the rule is for wireless access to an SSID or access through a wired authentication p
283. elect the network plan name c In the Task List panel select the Wireless Switch task In the WX Name box type the name of the WX switch 1 to 256 alphanumeric characters with no spaces or tabs Within a network plan and all Mobility Domains each WX must have a unique name In the WX Model list select the WX switch model 4 In the Software Version list select the version of Mobility System Software MSS you expect to run on the WX switch In the Enable Password box type the enable password for the WX This password must match the enable password that was defined on the switch using the CLI command set enablepass For more information see the Wireless LAN Switch and Controller Configuration Guide The password is encrypted when you type it 6 Click Next 7 Edit the IP address and network mask in the IP Address field 3WXM will assign this IP address to the default VLAN VLAN 1 8 Click Next 9 In the Available Members list select the ports to add to the default VLAN and click Add or Move The Add button adds the ports to the new VLAN without removing them from any other VLANs 166 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS 10 11 12 13 14 15 16 a The Move button removes the ports from all other VLANs and places them in the new VLAN The ports appear in the Current Members list To tag ports in the VLAN select Tag and edit the tag value Use this option if you used the Add button inste
284. ent panel To remove a third party AP 1 Select the Configuration option in the main 3WXM tool bar and click on Third Party APs in the Organizer panel The third party APs are listed in the Content panel 2 Select on the third party AP you want to remove and click the Delete button The address is removed from the third party AP list If the device is detected by rogue detection the device appears in the rogue list Set the display filter of the Rogue Detection screen to Current and click the Refresh option on the toolbar Adding a Rogue s Clients to the Black List 473 Adding a Rogue s Clients to the Black List Configuring RF Detection Options from the Organizer Panel The client black list is a switch s list of MAC addresses of wireless clients who are not allowed on the network MSS prevents clients on the list from accessing the network through a WX switch In the Filtered List of rogues on the Rogue Detection tab select the rogues whose clients you want to place on the black list 2 Click on the toolbar The Select Devices dialog is displayed 3 Select the clients you want to add to the black list If the switch es on which you want to enforce the black list are in a Mobility Domain select the Mobility Domain Otherwise select None Click next to Select to select all the switches that are listed or click next to individual switches to select them Click OK The selected clients are added to the attack
285. eploy and undo local changes and accept or undo network changes are not available The options on the right click menu in the Organizer panel are greyed out a Configuration items that are related specifically to monitoring logs managed devices site surveys and work orders can be configured However new network plans cannot be configured The 3WXM user accounts you create must also exist in the Windows domain or local operating system Otherwise those users cannot start 3WXM Creating an Administrator Account Restricting Access to 3WXM 51 Before you can restrict user access to 3WXM you must create an administrator account After creating an administrator account you can create provision or monitor accounts To create an administrator account Select Tools gt 3WXM Services Setup The 3WXM Services Setup dialog box appears 3Com Wireless LAN Switch Manager Services Setup Service Settings WX Connection Settings Monitoring Settings HTTPS Server Port 443 SNMP Trap Receiver Port SNMP 1 Traps v SNMPY3 Traps Auto Config IP Subnet Matching C Key Store File services _keystore a E Type KS Password eeeeeeseeeeeeeoo Access Control Allow All Users v Authorized Users H Status Retrieving service contiguration OK Retrieving network plan list OK In the Access Control sectio
286. erve when calculating optimal power type or select the number of dBm in the Reserved Tx Power Margin listbox This is the number of dBm below the maximum power setting that you want 3WXM to reserve in case the power needs to be increased later To allow locked MAP access points to be deleted when Compute and Place determines that they are no longer required select Allow Deletion of Locked MAPs A locked MAP is a MAP that is already associated with the coverage area For example if you computed and placed MAPs in this coverage area on a previous occasion and you are now optimizing the plan the MAPs are still associated with the coverage area See Locking and Unlocking MAPs on page 143 To plan for redundant MAP connections to WX switches select Compute Redundancy Only AP models that have two Ethernet ports can support redundant direct connections However models with one Ethernet port can support redundant distributed connections To change the MAP connection type for the redundant connection select Direct Distributed or Distributed auto from the AP Connection Type list WX4400 switches support indirect MAP connections only Computing MAP Placement 139 12 To change the number of redundant connections for the distributed connection type type the number in the Redundant Level box For direct connections the redundancy level is always 1 13 Click Next The Coverage Area Selection dialog is displayed 14 1
287. erver area of the dialog This option allows you to copy the backup to another host Go to step 5 a File Activates the box in the File area of the dialog This option allows you to save a copy of the backup in another folder For example if 3Com Technical Support requests a copy of the backup for troubleshooting this option enables you to save the backup to a location from which your FTP application can access the file Go to step 13 10 11 12 13 14 15 Deleting a Plan Backup A W N Managing Network Plans 505 Type the IP address of the host where the other instance of 3WXM Services is installed 3WXM Services must be running on the host to which you want to transfer the backup If the port on which the other instance of 3WXM Services listens for traffic from 3WXM is different from the default edit the number in the Service Port box to match Type the username and password required by the other instance of 3WXM Services Click Next The status is displayed in the Status window Click Close to close the dialog On the other server the one to which you copied the backup access the Backup Restore dialog Select the backup and click Restore Click Close to close the dialog Select File gt Save from the menu bar in the main 3WXM window to save the plan This completes the procedure To change the destination path click on the path The Select dialog appears Navigate to the new destination then c
288. es host 50 CHAPTER 3 GETTING STARTED Restricting Access to 3WXM By default all users who have been successfully authenticated to a system with 3WXM installed on it can run 3WXM You can restrict the users allowed to access 3WXM on a system and define their access privileges by creating three types of 3WXM user accounts a Administrator This account can monitor the network configure the network and administer 3WXM When creating an administrator account you must assign an administrator password which you are required to provide the next time you configure access privileges This account also can remove locks a Provision This account can configure and monitor the network However On the File menu the New Switch Network Plan and Delete Network Plan options are greyed out All configuration options in the 3WXM Services Setup dialog box are greyed out a Monitor This account can only monitor the network When users with a monitor account open a network plan they can see configuration changes that have been deployed to the network Any configuration changes that have not been deployed are not visible On the File menu all options except Open Close and Exit are greyed out On the Tools menu the Certificate Management option is greyed out a All tasks for creating configuration items are greyed out All configuration options in the 3WXM Services Setup dialog box are greyed out Options to d
289. ess Type Authentication type that granted access a DOT1X a MAC a LAST RESORT a WEB Location Mobility Domain WX switch MAP access point and radio that were dealing with the client SNR SNR of data transmissions from the client to the radio RSSI dBm RSSI of data transmissions from the client to the radio Displaying Session Details To display details for a user session select the session in the Client Sessions list Details for the session appear in the following tabs at the bottom of the window a Session Properties a Session Statistics a Location History Displaying Session Properties On the Client Sessions tab select the Session Properties tab at the bottom of the window Table 50 lists the information displayed on the tab 430 CHAPTER 16 MONITORING THE NETWORK Table 50 Session Properties Columns Column Description Username MAC Address Start Time SSID EAP Type IP Address VLAN Name Authentication Server Access Type Username the client used to log on to the network MAC address of the client Date and time when the session began The date and time are based on the system date and time of the WX switch with which the client is associated SSID with which the client is associated Extensible Authentication Protocol EAP used for authentication a PEAP Protected Extensible Authentication Protocol a MD5 Message digest algorithm 5 a TLS Transport Layer Security protocol a Pas
290. esting a different SSID than the one for which they have been authenticated and are authorized a The client is already associated with the radio Number of times a client experienced 802 1X failures Common causes of 802 1X failures include the following a A radio has already failed the client and the 802 1X quiet period was in effect a The authentication request sent to a RADIUS server on behalf of the client timed out a Bonded authentication is enabled and there was no machine authentication session for client s machine The username does not match an authentication rule s userglob for the requested SSID 3 tat Using the Client Monitor View 419 Table 38 Client Activity Columns When a Mobility Domain is Selected Option Description Associations Number of times a client associated with a radio on this WX switch De Associations Number of times a client de associated from a radio on this WX switch Roams Number of times a client roamed to a new MAP access point either on the same WX switch or another WX switch Clears Number of times a client session was cleared Data Displayed When a Switch MAP or Radio is Selected When a WX switch MAP or individual radio is selected in the Organizer panel the Client Monitor view s Client Activity tab displays a row of information for each client activity trap generated by the selected device SE AlphaNET4_1_0 Equipment E 3Com ir 00 DAP
291. ev 3COM Wireless LAN Mobility System Wireless LAN Switch Manager Reference Manual WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A http www 3com com Part No 10015082 Published June 2006 3Com Corporation 350 Campus Drive Marlborough MA USA 01752 3064 Copyright 2006 3Com Corporation All rights reserved No part of this documentation may be reproduced in any form or by any means or used to make any derivative work such as translation transformation or adaptation without written permission from 3Com Corporation 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change 3Com Corporation provides this documentation without warranty term or condition of any kind either implied or expressed including but not limited to the implied warranties terms or conditions of merchantability satisfactory quality and fitness for a particular purpose 3Com may make improvements or changes in the product s and or the program s described in this documentation at any time If there is any software on removable media described in this documentation it is furnished under a license agreement included with the product as a separate document in the hard copy documentation or on the removable media in a directory file named LICENSE TXT or LICENSE TXT If you are
292. evices to create Ignore List Entries Mobility Domain None Select Alphawx4 Wwx1200 OK Cancel If the switch es on which you are configuring the ignore list are in a Mobility Domain select the Mobility Domain Otherwise select None Click Next to select to select all the switches that are listed or click Next to individual switches to select them Click OK The devices are added to the ignore list and disappear from the Filtered List of rogues Adding a Device to the Attack List 471 Adding a Device to the Attack List An attack list is a switch s list of AP MAC addresses to attack whenever they are present on the network In the Filtered List of rogues on the Rogue Detection screen select the devices you want to attack 2 Click my on the toolbar The Select Devices dialog is displayed 3 If the switch es on which you are configuring the attack list are in a Converting a Rogue into a Third Party gt To convert a rogue into a third party AP Mobility Domain select the Mobility Domain Otherwise select None Click Next to select all the switches that are listed or click Next to individual switches to select them Click OK The devices are added to the attack list If countermeasures are enabled MSS uses them to attack the devices on the list If a device in the rogue list belongs to a third party AP in your network you can convert the rogue into a third party AP When
293. ew filter name in the Name box 2 Type aname for the filter 1 to 80 alphanumeric characters with no tabs 3 Click Save The filter is saved and appears in the Stored Filters list You can delete any filter that you create but you cannot delete predefined filters To delete a filter In the Stored Filters group box select the filter to be deleted Click Delete The filter is deleted You can export the filtered data shown in Event Viewer to a comma delimited text csv file To export filtered data In the Event tab s toolbar click E The Export Data dialog appears 2 To specify a directory and name for the file click Choose 3 To overwrite existing files select Overwrite Existing Files By default this option is selected To copy files before overwriting them select Copy Files Before Overwriting By default this option is selected The existing file is copied to a file with a bak extension Click Export You can see the status of the export process in the Results box Click Close 15 GENERATING REPORTS This chapter describes the reports you can generate with 3WXM a Inventory a Mobility Domain Configuration a WX Configuration a Client Summary a Client Details a Client Errors a Watch List Client a Network Usage a RF Summary a Radio Details Rogue Summary a Site Survey a Work Order 384 CHAPTER 15 GENERATING REPORTS Overview The Reports option of the 3WXM toolbar enables yo
294. example com you could specify the following Nnatasha example com nat Wildcards are not supported in search criteria For example the user natasha cannot be found if you specify nat in the Username box 4 In the Mobility Domain list select the Mobility Domain that you want to search 5 In the Wireless Switch list select a specific WX switch or select All If you select All you must have a seed device defined for the Mobility Domain in order for the search to be successful 6 Click Next The search results appear r Find Clients Find Clients Progress Find Clients Progress Search For within Results Username IP Address MAC Address Location Add Watch 3ComAir mike 192 168 12 196 00 0b 7d 25 Fb 53 AlphaNET4_1_0 AlphawWX3 WX1200 POL WX3 P1 Radiol Status User found 1 FindClient completed lt Previous Finish l Cancel Using the Client Monitor View 437 7 To add a user to the watch list in the User Management tab select the Add Watch checkbox in the user row Repeat for all users that you want to add to the watch list 8 Click Finish Displaying the Client Watch List To display the watch list select the Client Watch List tab in the Client Monitor window e cientMontr p QHs G RAD 25 AlphaNET4_1_0 Ai Cent Activity Client Sessions Clent Watch List Equipment Total 1 FE 3ComAir Username IP Address MAC Address Location SN
295. ext to Overwrite Existing Files to deselect this option Click Generate When the report is generated click the report link to view it Generating a Rogue Summary Report 397 Generating a Rogue Summary Report kh W N The rogue summary report lists information about rogues The data for this report comes from 3WXM Services The Enable Rogue Detection option located in the Rogue Detection group box of the Monitoring Settings tab must be enabled See Changing Monitoring Settings on page 500 Select the Reports tool bar option In the Report Category list select Rogue Reports In the Reports list select Rogue Summary Select the scope type of the report from the Report Scope Type drop down list a Mobility Domain a Site a Building a Floor Select the instance for which you want the report For example if the scope is Building select the building Select the time period for the report 1 Hour 24 Hours a 7 Days a 30 Days To specify the rogue type click on the Value field in the Report Filter area of the dialog and select one of the following from the drop down list a Rogue a Interfering a Ad hoc a All This option displays all three types rogue interfering and ad hoc The default is Rogue To select or change the output directory for the report click on the button next to output directory navigate to the new directory and click Select 398 CHAPTER 15 GENERATING REPORTS
296. f the floors and radio coverage You can use the planning tool to define the network site and add the equipment based on coverage and capacity needs Alternatively you can add new or existing switches and access points individually Planning and equipment configuration and network management are described in detail in other chapters of this manual This chapter describes the 3WXM user interface Display Panels Organizer Panel The main 3WXM window contains the following display panels Their locations are shown in the previous figure on page 34 a Organizer panel a Alerts panel a Content panel a Task List panel The main 3WXM window also contains a tool bar to navigate to major features The Organizer panel provides a tree like view of the 3Com equipment and site data managed by 3WXM Display Panels 31 RE AlphaNET4_1_0 k Equipment amp 3Com Corp AlphaWx 1 WWX4400 2 Alphawx2 Wx 1200 POL EBC EBC Radio1 EBC Radio2 DAP 1 FishBowl352 DAP22 MAP SalesMarket DAP23 MAP TechPub DAP24 MAP RestRoom AlphaWx3 WVX 1200 Alphawx5 WXR 100 Alphawx4 wWvX 1200 E Sites E3Com Corp Buildings753 amp Floor 1 Level 1 DAP SQALab A G EBC FishBowl352 MAP Cafe Ext MAP Empty MAP RestRoom MAP SalesMarketin MAP TechPub WX3 P1 WX3 P2 WX3 P3 MikesOffice OutsideHotHouse The Organizer panel can contain the following object trees depending on the option selected on the
297. f the same type of object You also can copy and paste objects listed in tables in the Content panel using the copy and paste icons See Copy and Paste in the Content Panel on page 43 To delete an object in a table select the object then click Delete To create a new object in the Organizer panel Select the object you want to copy in the Organizer panel Right click on the object and select Copy Select the parent object where you want the copy to go Right click on the parent object and select Paste A configuration wizard appears where you can modify the name of the object and other parameters as applicable When you are finished the new copy of the object appears under the parent object Copy and Paste Replace in the Organizer Panel Copy and Paste in the Content Panel A W N Copying Pasting and Deleting Objects 43 To replace an object with the Copy and Paste Replace options Select the object you want to copy in the Organizer panel Right click on the object and select Copy Select the object you want to replace Right click on the parent object and select Paste Replace A configuration wizard appears where you can modify the name of the object and other parameters if needed When you are finished the replaced object is removed and the copied object appears under the parent object Select the objects rows a To select a single object click on the row for the object a To select multiple co
298. ferences values and change options for network synchronization user interface persistence tools certificate management RF planning and 3WXM logging Overview You can set 3WXM preferences for a user session on the system on which 3WXM is installed The preferences you set are valid only for that user on that system This chapter describes how to change 3WXM client preferences To change monitoring service preferences see Changing 3WXM Services Preferences on page 491 To change 3WXM preferences in the main 3WXM window select Tools gt Preferences Resetting Preferences Values You can reset the preferences values to their default values by doing one of the following a To reset the values for a tab click the tab to display it and click Reset Each tab has a Reset button a To reset all preferences for all tabs click Reset All 482 CHAPTER A CHANGING 3WXM PREFERENCES Changing Network Synchronization Options By default 3WXM checks for configuration changes events and status changes on WX switches You can configure checking also called polling for configuration changes in the network made with the CLI Web Manager or another instance of 3WXM If you do not enable this option you still can manually synchronize 3WXM with WX switches using the Devices tab Select the Devices option from the toolbar in the main 3WXM window See Synchronizing Local and Network Changes on page 350 T
299. figuring AAA for Network Users chapter of the Wireless LAN Switch and Controller Configuration Guide To view settings for third party AP AAA support Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Third Party APs The configured settings appear To create a proxy access rule Access the Create Proxy User wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Third Party APs In the Task List panel select Proxy Access o QQ a on o Type the userglob that is expected access the SSID Viewing and Configuring AAA Support for Third Party AP Users 323 For the userglob type a full or partial username to be matched during authentication 1 to 80 alohanumeric characters with no spaces or tabs The format of a user glob depends on the client type and EAP method a For Windows domain clients using Protected EAP PEAP the user glob is in the format Windows_domain_name username The Windows domain name is the NetBIOS domain name and must be specified in capital letters For example EXAMPLE sydney or EXAMPLE which specifies all usernames whose usernames contain periods a For EAP with Transport Layer Security EAP TLS clients the format is username domain_name For example sydney example com specifies the user sydney
300. for WX switches ports buildings floors arl Show wired authentication ports A wired authentication port wh uses 802 1X authentication for wired Ethernet clients attached to the port Show network ports A network port provides a physical link to EEE Ethernet devices Show MAPs e Display the view in reverse video 406 CHAPTER 16 MONITORING THE NETWORK Table 34 lists the options on the toolbar in the floor display Table 34 Toolbar Options in Floor Display of Explore View Icon Description Edit 3WXM preferences Configure 3WXM Services Launch Help Zoom in Zoom out Refresh the information Fit the view in the window Print the view displayed in the window Display link labels for MAPs Show RF Coverage Using Modifies display of wireless coverage based on one of the following a Baseline association rate a Data rate a RSSI a SNR by data rate a Load by data rate a SNR by RSSI bands a Load by RSSI bands To display coverage click on the icon for the technology 802 11a 802 11b or 802 119 Change the grid size Define the drawing scale Show 802 11a coverage Using the Explore Window 407 Table 34 Toolbar Options in Floor Display of Explore View continued Icon Description om Show 802 116 coverage IB i om Show 802 11g coverage Wai a Hide the 802 11 coverage A Take an RF measurement alll
301. for all radio types on the MAPs placed in the building To prevent 3WXM from taking the channel assignments for the floor above into account when calculating the channel assignments for a floor clear Use Cross Floor Channel Information 7 Click Next The Channel Assignment Progress page appears 8 Review the results The 802 11a channel assignments are listed on the 802 11a Radio s tab The 802 11b g channel assignments are listed on the 802 11b g Radio s tab 146 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 9 10 Channel Assignment Building1 Channel Assignment Progress Please wait while channel assignment is in progress 802 114 Radio s 802 11b g Radios Floor Coverage Area Access Point Assigned Channel Floor1 Level 1 CoverA AP L1 Cover4 5 40 Floor1 Level 1 AP L1 Cover4 4 36 Status Processing Floor Floor1 Level 1 Done Click Finish to accept channel assignment lt Previous Finish Cancel Click Finish to accept the channel assignments The new channel assignments are reflected in the Coverage Areas panel Do one of the following a To verify the RF network see Verifying the Wireless Network on page 150 a Click Finish to save the changes and close the wizard For MAPs that are in the network plan but are not yet deployed and managed by 3WXM the channel number is changed to match the results of channel assignmen
302. for the user gt Opens the Watch List Client Report dialog box which enables you to generate a report for specific clients on the watch list Se Generating a Watch List Client Report on page 392 The data displayed in the Client Monitor view is refreshed at regular intervals every 5 minutes by default The data is refreshed based on the client monitor polling interval specified See Changing Monitoring Settings on page 500 You can also refresh the data on demand To refresh the data on demand click the Sy refresh icon on the Client Monitor view s toolbar The Client Activity tab displays current statistics for client activity on the network The data fields in the display depend on the scope a If a Mobility Domain is selected a row of data is displayed for each WX switch in the Mobility Domain a If asite is selected a row of data is displayed for each building in the Site a If a building within a Site is selected a row of data is displayed for each floor in the building a Ifa floor is selected a row of data is displayed for each coverage area within the floor a If a WX switch MAP or radio is selected SNMP traps reported to the 3WXM Services for that device are displayed Data Displayed When a Mobility Domain or Site is Selected When a Mobility Domain is selected in the Organizer panel the Client Monitor view s Client Activity tab displays a row of information for each WX switch in the
303. from the Wiring Closet drop down list Click Finish Setting Up a Switch 167 Setting Up a Switch After you create a switch you can use the System Setup Wizard to configure the following essential operation and management parameters a SNMP settings for monitoring of the switch by 3WXM a VLANs a RADIUS servers and server groups a Wireless services a Auto DAP profile settings The SNMP security level and enabled version configured with this wizard apply to all SNMP notification targets However the security model community string and access type apply only to the notification target 3WXM Services To set up a switch Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select System Setup The System Setup wizard appears Read the first page then click Next Configure SNMP settings a Select the minimum level of security to allow for any SNMP communication with the switch from the Security Level drop down list Unsecured SNMP message exchanges are not secure This is the default and is the only value supported for SNMPv1 and SNMPv2c This security level is the same as the noAuthNoPriv level described in SNMPv3 RFCs Authenticated SNMP message exchanges are authenticated but are not encrypted This security level is the same as the authNoPriv level described in SNMPv3 RFCs Encrypted SNIMP message exchanges are authenticated and
304. g data see Exporting Performance Data on page 455 Viewing Performance When looking at performance data in the Statistics tab you can see the Data data in absolute or delta values Delta rate of change values are calculated with the following equation value at end of polling interval value at beginning of polling interval time difference in seconds 452 CHAPTER 16 MONITORING THE NETWORK For example if the number of octets in is 11 101 288 at the beginning of the polling period the number of octets in is 11 146 904 at the end of the polling period and the time difference is 60 seconds the delta value is 760 267 To change how you view data values select Absolute to see absolute values or Deltas to see rate of change values Using the Statistics tab you can see performance data in different formats a Current data When the Statistics tab appears in the main 3WXM window you see the current data in the Current tab For more information see Viewing Current Data on page 452 a Historical data You can see historical data in a line graph For more information see Viewing Historical Data on page 453 a Percentages You can see the data in percentages in a pie chart For more information see Viewing Data in Percentages on page 454 Viewing Current Data To see the current performance data click the Current tab To sort data You can sort data in ascending or descending order to
305. g Tab The Activity Log tab lists the appearance and disappearance of the selected rogue the rogue s SSID and the number of MAP radios that detected the rogue or its disappearance Table 60 lists the information displayed in the Activity Log tab Table 60 Activity Log Columns Column Description Time Time when 3WXM client received updated information from the monitoring service Status Status change of the rogue a Detected The rogue appeared a Not Detected The rogue disappeared SSID SSID of the rogue Listeners Number of MAP radios that detected the rogue or noted its absence Listeners Tab The Listeners tab lists listener details for each appearance or disappearance of the selected rogue To display listener information for a rogue select the rogue in the Filtered List Table 61 lists the information displayed in the Listeners tab Using the Rogue Detection Screen 467 Table 61 Listeners Columns Column Description MAP MAP whose radio detected the rogue or noted its absence This column has data only if the radio that detected the rogue or its disappearance is modeled in a floor plan Floor Floor on which the rogue was detected or disappeared if the network plan contains floor information Note This column has data only if the radio that detected the rogue or its disappearance is modeled in a floor plan Channel Channel on which the rogue was detected or disappeared RSSI Strength of the signal
306. g method to smooth edges of screen fonts Cluse large icons Show shadows under menus Show window contents while dragging Hide underlined letters for keyboard navigation until I press the Alt key 4 Clear the box labeled Hide underlined letters for keyboard navigation until press the Alt key Clearing this option allows programs to show the underlined character for mnemonics in 3WXM 5 Click OK 6 In the Display Properties dialog box click OK 46 CHAPTER 2 WORKING WITH THE 3WXM USER INTERFACE Starting 3WXM gt GETTING STARTED This chapter contains information about starting 3Com Wireless LAN Switch Manager 3WXM restricting access to 3WXM creating and managing network plans and defining a Mobility Domain The following steps describe how to start 3WXM You must install a license key and activation key for the server before you can connect to the server and work with network plans To license a server you must start the 3WXM client on the same machine where the server is installed 1 Select Start gt Programs gt 3Com gt 3WXM gt 3WXM or double click the 3WXM icon on the desktop The 3WXM Service Connection dialog appears r 3WXM Services Connection Address 127 0 0 1 300 Port 443 Wireless pale Passwort Sw l tc h Remember user name and password M an ag er Open Network Plan 2 Click Next If a Certificate Check dialog appears clic
307. ged using a Distributed MAP profile is here called an Auto DAP You can convert the temporary connection of an Auto DAP to a WX switch into a permanent statically configured connection on the switch Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select Convert Auto APs The Convert Auto APs wizard appears The MAPs that were configured using a Distribute MAP template are listed Select the MAPs you want to convert into statically configured MAPs 5 Click Next 6 Select the temporary connections you want to convert into static connections Click Finish Creating a Network Domain MSS Version 4 1 allows functionality found in Mobility Domains to be extended over a multiple site installation in a Network Domain A Network Domain is a group of geographically dispersed Mobility Domains that share information over a WAN link This shared information allows a user configured in one Mobility Domain to establish connectivity on a WX switch in a remote Mobility Domain The WX switch forwards the user traffic by creating a VLAN tunnel to a WX switch in the remote Mobility Domain In a Network Domain one or more WX switches acts as a seed device A Network Domain seed stores information about all of the VLANs on the Network Domain members The Network Domain seeds share this information among themselves so that every seed has an identical database For more inform
308. gineering example com specifies the user sydney in the engineering department at example com For a MAC address glob type a full or partial username to be matched during authentication MAC addresses must be specified with colons as the delimiters for example 00 11 22 33 44 55 You can use wildcards by specifying an asterisk in MAC addresses The following lists examples of using wildcards in MAC addresses a all MAC addresses a 00 a 00 01 a 00 01 02 a 00 01 02 03 a 00 01 02 03 04 a 00 01 02 03 04 0 To view a service profile s access rules see Viewing SSID Encryption Settings and Access Rules on page 258 To edit or create access rules for a service profile see Modifying SSID Encryption Settings and Access Rules on page 260 EAP Type 802 1X Only 802 1X access rules include information about the Extensible Authentication Protocol EAP type to use for AAA communication between the client and the AAA server The EAP type can be one of the following a EAP MD5 Offload Extensible Authentication Protocol EAP with message digest algorithm 5 Select this protocol for wired authentication clients 240 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS gt Uses challenge response to compare hashes Provides no encryption or integrity checking for the connection The EAP MD5 option does not work with Microsoft wired authentication clients PEAP Offload Protected EAP with Microsoft Challe
309. gn next to the WX switch Click the plus sign next to System Select ACLs The configured ACLs and their mappings appear in the Content panel The Create ACL wizard enables you to configure ACEs with the following parameters a Match criteria Source IP address Destination IP address Protocol Source protocol port a Destination protocol port a Differentiated Services Code Point DSCP value or Type Of Service TOS and IP precedence values a Action deny or permit a Marking Class of Service CoS value These parameters are sufficient for most ACEs To configure additional parameters use the wizard to configure the basic parameters then select the ACE and click Properties See Configuring Advanced ACL Settings on page 226 222 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS To configure an ACL Access the Create ACL wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select ACLs e In the Task List panel select ACL a ao gogog In the ACL Name box type the name for the ACL 1 to 32 alphanumeric characters with no spaces or tabs The name can include hyphens underscores _ or periods ACL names are case sensitive and must begin with a letter Do not include any of the following terms in the name all default action map help editbuffer Click Add Rule A new ACE ACL rule appears ab
310. go to step 10 a If you selected USM in step 7 go to step 12 For SNMPv1 or SNMPv2c select or create the SNMP community string If a community string with access type read write notify read notify or notify only is already configured you can select it Otherwise you must create a new one You also can create a new community string even if one is already configured To create a new SNMP community string a Ifa list of community string is displayed select Create new Community and click Next b In the Community String box type the name of the community The name can be 1 to 32 alphanumeric characters with no spaces or tabs Community string names are transmitted in clear text If you enable SNMP service on the WX 3Com recommends that you do not use the well known strings public for READ or private for WRITE These strings are commonly used and can easily be guessed c Select the access type read notify An SNMP management application using the string can get object values on the switch but cannot set them The switch can use the string to send notifications notify only The switch can use the string to send notifications a notify read write An SNMP management application using the string can get and set object values on the switch The switch can use the string to send notifications Click Next and go to step 14 For USM SNMPv3 select or create the USM user If a USM user with access type read writ
311. gue ic6 3Com tkip Rogue 00 0b 0e 09 e 40 3Comrm wlan Interfering 00 0b 0e 09 ec 41 3Com rm wlan Interfering l d2 c5 3Com ccmp Rogue Displaying a Rogue s Geographical Location 469 2 Select the client under the Clients tab 3 Click on the toolbar The Device Location screen appears indicating the approximate location of the client t Device Location Floor1 00 0b 0e 03 34 88 Legend Oto20 The client is most likely in the vicinity of the area indicated by the red squares in the floor plan The number in red on the legend 0 90 in this example is the probability 90 that the client is where the display indicates 470 CHAPTER 17 DETECTING AND COMBATTING ROGUE DEVICES Ignoring Friendly Third Party Devices By default when countermeasures are enabled MSS considers any third party transmitter to be a rogue device and can send countermeasures to prevent clients from using that device To prevent MSS from sending countermeasures against a friendly device add the device to the ignore list Each WX switch has its own ignore list You can add an address to the ignore list of one or multiple switches To add a device to the ignore list In the Filtered List of rogues on the Rogue Detection tab select the devices you want to add to the ignore list Click ep on the toolbar The Select Devices to Create Ignore List dialog is displayed t Select D
312. guration Changes Whenever configuration changes occur to a switch 3WXM alerts you that changes have occurred If a configuration change occurs on a switch in the network or in the network plan so that the network and network plan are out of sync 3WXM displays a message in a popup window to alert you that a change has occurred The Devices tab enables you to review changes and synchronize the switches in the network with their counterparts in 3WXM by either copying the changes to the other switch or removing the changes from the switch that was changed A row of information is displayed for each switch The Local Status and Network Status columns indicate where changes have occurred To review switch configuration changes Select the Devices tool bar option 2 At the bottom of the Task List panel select Change Management 3 Select one or more WX switches To select multiple switches press Shift for contiguous switches or Control for noncontiguous switches while clicking In the Local Changes or Network Changes group in the Task List panel select Review Accepting Network Changes Undoing Local or Network Changes Synchronizing Local and Network Changes 351 a Selecting Review in Local Changes displays changes made in 3WXM a Selecting Review in Network Changes displays changes that have occurred in the network 5 To print the changes click Print 6 Click Close to return to the Managed Devices tab To accept
313. hange starts First Second Third Fourth or Last In the Start Day list select the day of the week when the time change Starts In the Start Hour box specify the hour between O and 23 to start the time change In the Start Minute box specify the minute between 0 and 59 when the time change starts In the End Month list select the month of the year when the time change ends In the End Week list select the week of the month when the time change ends First Second Third Fourth or Last In the End Day list select the day of the week when the time change ends In the End Hour box specify the hour between 0 and 23 when the time change ends In the End Minute box specify the minute between 0 and 59 when the time change ends Click OK To change system information Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select System Information The System Information wizard appears In the Contact box type the contact name for the WX In the Location box type the location of the WX 174 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Converting Auto DAPs into Statically Configured DAPs gt In the Prompt box type the CLI prompt for the WX If you do not specify a prompt the CLI uses the following default prompts a WX1200 gt for restricted access a WX1200 for enabled access In the Message of the Day box type the message tha
314. hanges to the policy In the Task List panel select View to display the switches to which the policy change will apply 6 Only the settings you change from their default values are listed 7 After you review the changes click Close 8 Correct any changes if needed then go to Applying Policy Changes to Switches Applying Policy Changes to Switches To apply policy changes to WX switches Select Apply in the Task List panel to apply the changes to WX switches that are already associated with the policy Review the list of switches then click Apply to apply the changes to the switches The changes are automatically applied to switches you associate with the policy after making the changes After the done message appears in the Apply Policy wizard click Close 4 Repeat step 2 through step 3 for each feature category Table 28 on page 376 lists the section where you can find configuration information for a feature category 376 CHAPTER 13 CONFIGURING AND APPLYING POLICIES Table 28 Feature Categories For This Feature Area See System Features IP Services Viewing and Configuring IP Services Settings on page 201 VLANs Spanning Trees and Port Groups Viewing and Configuring VLANs on page 206 Changing STP Port Settings in a VLAN on page 211 Viewing and Changing Port Groups on page 184 ACLs Viewing and Configuring ACLs on page 220 Qos V
315. haring is configured in which case authentication starts by trying a server in round robin style 5 In the Key box type the password also known as a shared secret key used to authenticate to the RADIUS server You must provide the same password that is defined on the RADIUS server The password can be 1 to 64 characters long with no spaces or tabs 6 Inthe Authorization Password box type the password used for outbound authentication and authorization to a RADIUS server The authorization password can be 1 to 32 alphanumeric characters long with no spaces or tabs gt 7 Viewing and Configuring Global 802 1X Settings 303 Providing an authorization password is required only for users whose devices are authenticated by their MAC addresses or for last resort users neither of which have a regular username or password The default authorization password is 3Com Changing the password applies both to MAC users and to last resort users All MAC address authenticated users or last resort users must share the same authorization password on the RADIUS server To make RADIUS packets from the WX switch use the system IP address as the source IP address select Use System IP Address Click Save Viewing and Configuring Global 802 1X Settings AN Viewing Global 802 1X Settings Changing Global 802 1X Settings A W N 1 The IEEE 802 1X standard provides an authentication framework that supports a variety of meth
316. have redundant connections Otherwise this is not required Only AP models that have two Ethernet ports can support redundant direct connections However models with one Ethernet port can support redundant distributed connections Click Finish to complete the wizard and create the coverage area To edit existing coverage areas Display the floor plan in the Content panel 2 In the Task List panel click Floor 3 Under Edit Floor click Coverage Areas The Coverage Areas List dialog is displayed 126 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM v Edit Coverage Area Coverage Area List Please select a Coverage Area to edit CoverG Property Cover4 4 Select the coverage area you want to edit and click Properties The Coverage Area Properties dialog for the selected coverage area appears You can also display this dialog by displaying the floor plan selecting Coverage Areas in the Organizer panel then right clicking on the coverage area and selecting Edit Properties from the menu t Coverage Area Properties General Capacity Associations Constraints Redundancy Preferred Devices General Name Covera Technology g02 11a Rate Mb s Defining Wireless Coverage Areas 127 5 Under the General tab you can do the following In the Name box edit the name of the coverage area 1 to 60 characters long with no tabs In the Technology list se
317. he Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select ACLs 2 Select any ACE in the ACL to which you want to add the new ACE 3 In the Task List panel select Add Rules 4 Goto step 3 An ACL does not take effect until you map it to a user or an interface You can map ACLs to ports or port groups VLANs or virtual ports You cannot map an ACL to a MAP port or a wired authentication port You also can map ACLs to user by configuring the filter in and filter out user attributes User based ACLs are more specific than ACLs applied to interfaces and are therefore processed first See Authorization Attributes on page 293 Access the ACL table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select ACLs 2 Select any ACE in the ACL you want to map 3 In the Task List panel select ACL Mappings Viewing and Configuring ACLs 229 4 Select the mapping type a To map to a physical port select port and go to step 5 a To map to a virtual port select vport and go to step 6 To map toa VLAN select vlan and go to step 7 To map to a Distributed MAP select dap and go to step 8 5 To map an ACL to a port a Inthe Port list select the port or port group to which you want to map the ACL You cannot map an ACL to a
318. he Same WX for Redundancy This option places both of a MAP s wired connections on the same WX switch For optimal resiliency 3Com recommends the use of different WX switches for redundancy To change the MAP connection type for the redundant connection select Direct or Distributed from the AP Connection Type list To change the number of redundant connections for the distributed connection type type the number in the Redundancy Level box For direct connections the redundancy level is always 1 10 Under the Preferred Devices tab you can do the following In the Available Devices box select an available WX switch if one is configured to use in the coverage area then click Add to move the WX switch to the Current Devices box This assumes that the network plan already has a WX switch defined If you are planning a new installation you do not need to specify a WX switch to use 11 When you have finished editing the properties of the coverage area click OK to exit the Coverage Area Properties dialog and OK again to exit the Coverage Area Selection dialog Placing Third Party Access Points If you have third party access points in your network you can place icons for them on your floor layout You also can configure their radio attributes using 3WXM The radio attributes are taken into consideration when 3WXM assigns channels to MAP access points If you add third party access points while using the Configuration or
319. he access point You can use 1 to 32 characters with no punctuation except the following period hyphen or underscore _ Optionally in the Manufacturer ID box type the manufacturer identification for the access point 1 to 30 characters with no spaces In the Product ID box type the product identification for the access point 1 to 30 characters with no spaces In the IP Address box type the IP address for the access point If you specify an IP address you can use Telnet and a Web browser with this access point In the Telnet Port Number box specify the port number for Telnet service 64 CHAPTER 4 WORKING WITH NETWORK PLANS 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 In the HTTP Port Number box specify the port number for HTTP service Click Next In the AP Model drop down list select one of the following AP Dual Radio 802 11a and 802 11b or 802 11b g AP Single Radio 802 11a 802 11b or 802 119 In the Radio Type drop down list select one of the following 11a 11b 11g The choices available depend on the selection you made in step 11 Click Next Verify the radio slot number and radio type For a dual radio access point 802 11b g radios have a slot number of 1 802 11a radios have a slot number of 2 In the Channel Number list select the channel number for the radio In the Transmit Power box specify the transmit power for the radio To enable the r
320. he client Using the Client Monitor View 441 v Client Location Floo1 3ComAir matta 192 168 12 160 00 11 95 4a 7c ec Locate Refresh Listeners Select Listener Collected At W Alphawx2 wx1200 P01 EBC 00 00 15 secs ago Alphawxi wx4400 MAP Empty 00 00 30 secs ago p ic AlphaWX2 WX1200 MAP SalesMarketin 00 10 39 secs ago nat SESA sees Sales amp Mai i i es egy TTT TTT od lt i I gt all I Legend Oto20 21 to 40 41 to 60 61 to 80 81 to 100 Close 5 The client is most likely in the vicinity of the area indicated by the red squares in the floor plan The number in red on the legend 0 44 in this example is the probability 44 that the client is where the display indicates 6 The list of MAPs that detected the client is shown to the right of the floor display To refresh the list of MAPs click the Refresh Listeners button 7 To change the MAPs used for calculating the client s location select or deselect MAPs from the list and click the Locate button Terminating a Client s To terminate a client s session Session 1 Select the client 2 Click on the
321. he new directory and click Select To prevent 3WXM from replacing an existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option Click Generate When the report is generated click the report link to view it The client details report contains the following sections a Session Properties a Location History a Session Statistics a Current AP Statistics a Lifetime AP Statistics See Using the Client Monitor View on page 415 for information about the data columns in each section of the report Generating a Client Errors Report 391 Generating a Client Errors Report A W N 10 The client errors report lists error statistics for current client sessions The data for this report comes from 3WXM Services The Enable RF trending option located in the RF Monitor group box must be enabled See Changing Monitoring Settings on page 500 Select the Reports tool bar option In the Report Category list select Client Monitoring Reports In the Reports list select Client Errors Select the scope type of the report from the Report Scope Type list a Mobility Domain a Wireless Switch a Site a Building a Floor a Coverage Area Select the instance for which you want the report For example if the scope is Building select the building Select the time period for the report a 1 Hour a 24 Hours a 7 Days a 30 Days To select or change the
322. he same name for a RADIUS server and a server group Click Next 4 To enable load balancing in the server group select Load Balance 7 gt Changing Default RADIUS Settings If you enable load balancing a round robin approach is used to balance the load among servers Authentication and accounting requests for a given user are always sent to the same server Each new authentication event uses the next server in the list If load balancing is not enabled the first server in the list is contacted first If the first server does not respond the second server in the list is contacted To add RADIUS servers to the server group select the servers in the Available RADIUS Servers list and click Add To reorder the servers select a server and click Up or Down If load balancing is enabled the first AAA request goes to the first RADIUS server in the list The second AAA request goes to the second RADIUS server in the list and so on until the end of the list is reached after which the first server in the list is used again Any server that does not respond is skipped If none of the servers responds the WX goes to the next method in the method list Click Next When you add a RADIUS server to a RADIUS server group all RADIUS timers for the server group are restarted You can set default values for certain RADIUS parameters that apply to RADIUS servers and server groups you create for an individual WX The following RADIUS
323. herwise you must create a new one You also can create a new community string even if one is already configured To create a new SNMP community string a Ifa list of community string is displayed select Create new Community and click Next b In the Community String box type the name of the community The name can be 1 to 32 alphanumeric characters with no spaces or tabs Community string names are transmitted in clear text If you enable SNMP service on the WX 3Com recommends that you do not use the well known strings public for READ or private for WRITE These strings are commonly used and can easily be guessed c Select the access type read notify An SNMP management application using the string can get object values on the switch but cannot set them The switch can use the string to send notifications notify only The switch can use the string to send notifications notify read write An SNMP management application using the string can get and set object values on the switch The switch can use the string to send notifications 6 Click Next and go to step 14 7 For USM SNMPv3 select or create the USM user Viewing and Changing Management Settings 197 If a USM user with access type read write notify read notify or notify only is already configured you can select it Otherwise you must create a new one You also can create a new USM user even if one is already configured To create a new USM use
324. htm Microsoft Int DEK File Edit View Favorites Tools Help ae Q Bac gt x E JO search she Favorites amp B A w LJ rel xs Address G C Documents and Settings mattb My Documents SSO_Site1_Building1_Floor1_11_21_05 frames htm xj Go Links 3Com Wireless LAN Switch Manager Site Survey Order Generated Mon Nov 21 19 31 01 PST 2005 Generated Mon Nov 21 19 31 01 PST 2005 Network Plan Floor1 Wireless LAN Switch Manager Site Survey Order Site Site1 Site Survey orders have been Building Building1 generated for the chosen location Floor Floor1 A site survey order contains 1 Detailed Line Of Sight Source Point information Floor Plan Select a floor to view its site survey order Select Floor Site Building Floor 9 Select a floor to display LOS point information for that floor Scroll down to view the MAC address assignments for the LOS points Use the instructions in the Ekahau Site Survey Initial Setup section of the work order to set up the survey When you import the floor map into the site survey tool make sure you use the map name specified in the work order The site survey data will not appear when you import RF measurements into 3WXM unless the map name is correct Importing RF Measurements 1 Display the floor plan in the Content panel 2 In the Task List panel click RF Planning 3 Under Site Survey click Import Measurement The Import RF Measurements wizard is
325. ic on the network until you configure VLANs and add network ports to those VLANs Users and VLANs When a user successfully authenticates to the network the user is assigned to a specific VLAN A user remains associated with the same VLAN throughout the user s session on the network even when roaming from one WX switch to another within the Mobility Domain You assign a user to a VLAN by setting one of the following attributes on the RADIUS servers or in the local WX user database Tunnel Private Group ID This attribute is described in RFC 2868 RADIUS Attributes for Tunnel Protocol Support a VLAN Name This attribute is a 3Com vendor specific attribute VSA You cannot configure the Tunnel Private Group D attribute in the local user database Specify the VLAN name not the number If both attributes are used the WX uses the VLAN name in the VLAN Name attribute gt Viewing VLANs Creating a VLAN A W N 1 Viewing and Configuring VLANs 207 Roaming and VLANs WX switches in a Mobility Domain contain a user s traffic within the VLAN the user is assigned to For example if you assign a user to VLAN red the WX switches in the Mobility Domain contain the user s traffic within VLAN red configured on the switches The WX switch through which a user is authenticated must be a member of the Mobility Domain the user is assigned to However you are not required to configure the VLAN on all WX switches in the Mobi
326. ically converted to a Web Portal WebAAA configuration This section assumes that you are familiar with the AAA options in MSS For detailed information see the Configuring AAA for Network Users chapter of the Wireless LAN Switch and Controller Configuration Guide To view Web AAA network access rules Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select MAC Access Rules The configured MAC network access rules appear 314 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Creating a Web AAA Network Access Rule 1 To create a Web AAA network access rule Access the Create MAC Network Access wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select MAC Access Rules e In the Task List panel select MAC Network Access a ao gogog Specify whether the rule is for wireless access to an SSID or access through a wired authentication port a f the rule is for access to an SSID do one of the following To match on any SSID name leave the value any in the SSID box a To match only on a specific SSID name select or type the name in the SSID box a f the rule is for access through a wired authentication port select Wired CAUTION The default SSID name any matches on all SSID names If the
327. ick the down arrow to display the list of layers in the drawing and select the layer to which you want to move the object s Click OK 3WXM can simplify an imported CAD drawing by removing unnecessary objects from each layer Drawing cleanup eliminates unneeded objects lines and text Note the following when cleaning up a drawing a Drawing cleanup does not apply to GIF or JPEG drawings a Drawing cleanup does not change objects that are grouped a f two objects that would normally be cleaned such as two parallel lines close together exist on different layers then neither object is removed You cannot remove a layer from a drawing using the procedure in this section See Adding or removing a layer on page 89 90 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 1 Display the floor plan in the Content panel To clean up a drawing 2 In the Task List panel under RF Planning click Clean Layout The Floor Plan Clean Up wizard appears t Floor Plan Clean Up Floor1 Floor Plan Cleanup Select layers and constrainst to cleanup Remove Lines Short Lines Short Line Length Feet Parallel Shapes v Parallel Shape Separation Feet Overlapping Lines Remove Objects Small Objects Axis Size Feet Y Axis Size Feet Labels and Text x Layer List 0O al Click Next to cleanup selected layers Layer Name
328. iewing and Changing CoS Mappings on page 231 Wireless Features Auto DAP Viewing and Changing the Auto DAP Profile on page 269 Service Profiles and Radio Profiles Viewing and Changing RF Detection Settings on page 282 Viewing and Configuring Radio Profiles on page 263 RF Detection Detecting and Combatting Rogue Devices on page 457 AAA Features RADIUS Viewing and Configuring RADIUS Settings on page 298 Local User Database Creating and Managing Users in the Local User Database on page 287 Admin and Network Access Rules Viewing and Configuring WX Administrator Access Rules on page 318 Viewing and Configuring 802 1X Network Access Rules on page 306 Viewing and Configuring MAC Network Access Rules on page 310 Viewing and Configuring WebAAA Network Access Rules on page 313 Viewing and Configuring Last Resort Network Access Rules on page 316 Location Policy Viewing and Changing Location Policy Rules on page 325 Mobility Profiles Viewing and Changing Mobility Profiles on page 328 14 USING THE EVENT LOG 3WXM maintains a log of system events The log contains messages generated by the following a WX switches in the network plan messages generated by the WX switches in the network plan that are being monitored by the 3WXM service a 3WXM Services messages generated by the 3WXM server
329. ifier Enter a unique name for the AP Name Manufacturer ID Product ID Enter the serial number of the AP IP Address 0 0 0 0 Telnet Port Number 23 HTTP Port Number 80 Next gt J Finish Cancel In the Name box type a name for the access point You can use 1 to 32 characters with no punctuation except the following period hyphen or underscore _ Optionally in the Manufacturer ID box type the manufacturer identification for the access point 1 to 30 characters with no spaces In the Product ID box type the product identification for the access point 1 to 30 characters with no spaces In the IP Address box type the IP address for the access point If you specify an IP address you can use Telnet and a Web browser with this access point In the Telnet Port Number box specify the port number for Telnet service In the HTTP Port Number box specify the port number for HTTP service Click Next The following dialog appears Placing Third Party Access Points 133 v Create Third Party AP AP Type Select the AP type AP Model AP Dual Radio Radio Type 11g X lt Previous Next gt Finish Cancel 12 In the AP Model drop down list select one of the following AP Dual Radio 802 11a and 802 11b or 802 1 1b g AP Single Radio 802 11a 802 11b or 802 119 13 In the Radio Type drop down list select
330. iguration Select one of the following record options Select Start Stop to specify that records are sent at the start of a session and the end of a session Select Stop Only to specify that records are sent only at the end of a session Select the accounting method s in the Available RADIUS Server Groups list and click Add The options and processing are the same as those for authentication methods See step 5 Click Finish 322 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Viewing and Configuring AAA Support for Third Party AP Users gt Viewing Settings for Third Party AP AAA Support Creating a Proxy Access Rule A W N 1 A WX switch can provide network access for users associated with a third party AP that has authenticated the users with RADIUS You can connect a third party AP to a WX switch and configure the WX to provide authorization for clients who authenticate and access the network through the AP a Configure a proxy access rule for the AP s users a Adda RADIUS proxy entry for the AP The proxy entry specifies the IP address of the AP and the UDP ports on which the WX switch listens for RADIUS access requests and stop accounting records from the AP Specify the WX port connected to the third party AP For information about configuration requirements on the third party AP see the Configuring AAA for Users of Third Party APs section in the Con
331. iguring Wireless Services 235 Wireless Service Parameters 236 Viewing Wireless Services 241 Configuring an 802 1X Wireless Service 242 Configuring a Voice over Wireless Service 244 Configuring a Web Portal WebAAA Service 247 Configuring an Open Access Service 250 Configuring a Custom Service 252 Modifying Service Profile Settings 253 Viewing SSID Encryption Settings and Access Rules 258 Modifying SSID Encryption Settings and Access Rules 260 Viewing and Configuring Radio Profiles 263 Viewing Radio Profile Settings 263 Creating a Radio Profile 264 Moving Radios Back to the Default Radio Profile 264 Configuring Advanced Radio Profile Settings 265 Viewing and Changing the Auto DAP Profile 269 Viewing Auto DAP Profile Settings 269 Changing Auto DAP Profile Settings 270 Converting Auto DAPs into Statically Configured DAPs 272 Deleting Auto DAPs 272 Viewing and Configuring MAPs 272 Viewing the Configured MAPs 273 Creating a Distributed MAP 273 Configuring a Directly Connected MAP 275 Changing the MAP WX Security Mode 277 Configuring Advanced MAP Settings 277 Viewing and Changing Radio Settings 281 Viewing Radio Settings 281 Changing Radio Settings 281 Viewing and Changing RF Detection Settings 282 Viewing RF Detection Settings 282 Adding an Entry to the Permitted Vendor OUI List 282 Adding an Entry to the Permitted SSID List 283 Adding an Entry to the Ignore List 283 Adding an Entry to the Rogue List 284 Adding an Entry to the Client Black Li
332. ile wizard to configure the service The screens and options that are displayed depend on the access types and other elections you make as you use the wizard All pages and options occur in at least one of the other service profile wizards For information see the procedures for the other wizards Modifying Service Profile Settings Viewing and Configuring Wireless Services 253 You can modify the following service profile settings in the Wireless Service Profiles table itself a SSID name a SSID type encrypted or clear a Beacon state advertisement of the SSID a Radio profile maps MAP radios to the service profile To view or change other settings select the service profile in the Wireless Service Profiles table and click Properties A dialog with the following tabs is displayed a Service Profile a WPA RSN a Static WEP a Authorization Attributes a Broadcast Settings a Radio Profile Selection a Voice Configuration a Client Timeout a Rate Configuration a SODA Service Profile Tab All the settings on the Service Profiles tab are explained in the sections on the service profile wizards For descriptions see Table 18 on page 236 WPA RSN Tab Most of the settings on the WPA RSN tab are explained in the sections on the service profile wizards The TKIP Countermeasures Time specifies how many ms the switch will hold down traffic on the SSID if more than one Message Integrity Check MIC error occurs within
333. ing and Changing Port Settings 181 Specify the user glob in the Matching User Glob box To match on all usernames leave the wildcards in the box For syntax information see Access Rules on page 238 To use an existing rule leave the rule in the list Click Next Select the EAP type EAP MD5 Offload PEAP Offload Local EAP TLS External RADIUS Server If you select PEAP the EAP Sub Protocol is MS CHAPV2 For other protocols the EAP Sub Protocol is None For information see EAP Type 802 1X Only on page 239 Click Next Select the authentication and accounting method For information see AAA Methods RADIUS Server Groups and the Local User Database on page 240 Click Next To configure accounting select Enabled select the record type Start Stop or Stop Only then select a RADIUS server group or LOCAL for the accounting and click Add Click Finish Click Next To use MAC authentication to control access to the port create or select a MAC authentication rule Otherwise go to step 7 If a MAC access rule for this port has already been configured the rule appears in the list on this page You can select the rule or create a new one To create a new rule a b Click Create Specify the MAC address glob in the Matching MAC Glob box To match on all MAC addresses leave the wildcard in the box For syntax information see Access Rules on page 238 182 CHA
334. ing between your wired network and IEEE 802 11 wireless users A MAP connects to the wired network through a 10 100 Ethernet link and connects to wireless users through radio signals To configure the WX switch to support a MAP you must first determine how the MAP will connect to the switch There are two types of MAP to WX connection direct and distributed In direct connection a MAP connects to one or two 10 100 ports on a WX The WX port is then configured specifically for a direct attachment to a MAP There is no intermediate networking equipment between the WX and MAP and only one MAP is connected to the WX port The WX 10 100 port provides PoE to the MAP The WX also forwards data only to and from the configured MAP on that port The port numbers on the WX configured for directly attached MAPs reference a particular MAP A MAP that is not directly connected to a WX is considered a Distributed MAP There may be intermediate Layer 2 switches or Layer 3 IP routers between the WX and MAP The WX may communicate to the Distributed MAP through any network port A network port is any port connecting the switch to other networking devices such as switches and routers and it can also be configured for 802 1Q VLAN tagging The WX contains a configuration for a Distributed MAP based on the MAP s serial number Similar to ports configured for directly connected MAPs Distributed MAP configurations are numbered and can reference a particular MAP
335. ing the string can get and set object values on the switch notify read write An SNMP management application using the string can get and set object values on the switch The switch can use the string to send notifications Specify the Engine ID which is the unique identifier for this instance of the SNMP engine a Select the format Hex ID is a hexadecimal string IP ID is based on the IP address of the station running the management application Enter the IP address of the station MSS calculates the engine ID based on the address a LocallD Uses the value computed from the switch s system IP address To send informs you must specify the engine ID of the inform receiver To send traps and to allow get and set operations and so on specify local as the engine ID 190 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS b If you select Hex or IP type the hexadecimal string or IP address in the Value box and click Next and go to step 5 Otherwise click Finish 5 Select the authentication type used to authenticate communications with the remote SNMP engine a None No authentication is used This is the default a MD5 Message digest algorithm 5 is used a SHA Secure Hashing Algorithm SHA is used 6 If you select MD5 or SHA you can specify a passphrase or a hexadecimal key a Select the format from the Format pull down list b Type the value in the Password box a If you selected Key as the format ty
336. ing with any network entity listed in the forwarding database FDB of any WX switch in the Mobility Domain Although the interfering device is not connected to your network the device might be causing RF interference with MAP radios a Rogue Radios use countermeasures against devices classified by MSS as rogues but do not use countermeasures against devices classified by MSS as interfering devices Countermeasures affect wireless service on a radio When a MAP radio is sending countermeasures the radio Is disabled for use by network traffic until the radio finishes sending the countermeasures a Configured Configures radios to attack only devices specified in the attack list on the switch on demand countermeasures When this option is used devices found to be rogues by other means such as policy violations or by determining that the device is providing connectivity to the wired network are not attacked Click Save To view or change other radio profile options select the radio profile and click Properties A MAP signature is a set of bits in a management frame sent by a MAP that identifies that MAP to MSS If someone attempts to spoof management packets from a 3Com MAP MSS can detect the spoof attempt Access the RF detection settings a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select RF Detection 2 Sel
337. installed use IP address 127 0 0 1 the loopback address Managing Network Plans 503 Managing Network Plans Backing Up a Plan 3WXM Services regularly backs up network plans at configurable intervals In addition to these regular backups you can create a backup at any time You can create a backup from within 3WXM or at a command line From within 3WXM you also can change the settings for automatic backups To manage backups use the Backup Restore dialog To access this dialog select Tools gt 3WXM Backup Restore from the menu bar in the main 3WXM window The backups that already exist for the network plan are listed Backups that are automatically created by 3WXM do not have names and their type is Automatic Backups that you create do have names and their type is Manual Only the backups for the currently open plan are listed By default backups created automatically by 3WXM are stored in the following location 3WXM backup auto plan_name Backups created by you are stored in the following location by default 3WXM backup manual plan_name 3WXM zips the backup files and assigns them unique names You can assign a name to a backup that you create However this name does not appear in the backup directory To select a plan based on the name you assign use the Backup Restore dialog To immediately create a backup 1 Access the Backup Restore dialog 2 Click Create Backup The Backup Name dialog appears 3 Type
338. integrate it into your network plan The procedure for computing and placing new MAPs is the same as the procedure you use for initial planning Make sure you lock the existing MAPs in place before you compute and place the new MAPs See Computing MAP Placement on page 136 If you installed a new MAP in the network and you want to add it to the network plan do the following Select the Verification option in the main 3WXM tool bar click the Network Verification tab and upload the MAP configuration into 3WXM See Verifying Configuration Changes on page 363 Select the RF Planning option in the main 3WXM tool bar and display the floor plan in the Content panel In the Coverage Areas section right click on the coverage area for which the MAP is providing coverage and select Edit Properties The Coverage Area Properties dialog appears Click the Associations tab 5 Select the MAP in the Available Access Points group box and click the Add button to move the MAP to the Current Access Points group box 6 Click OK to save the changes and close the dialog box 7 Click on Objects to Place in the Organizer panel 8 Click on the MAP icon then click on the location where you installed the MAP The MAP icon moves from the Objects To Place tab to its location on the floor CHANGING 3WXM PREFERENCES This chapter discusses how to set 3Com Wireless LAN Switch Manager 3WXM client preferences It describes how to reset pre
339. iod for the report a 1 Hour a 24 Hours a 7 Days a 30 Days 10 Generating a Radio Details Report 395 To select or change the output directory for the report click Choose navigate to the new directory and click Select To prevent 3WXM from replacing an existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option Click Generate When the report is generated click the report link to view it The RF summary report contains the following sections a Cumulative data for the scope of the report a Detailed data for each WX switch within the scope of the report Generating a Radio Details Report A W N The radio details report lists details about an individual radio The data for this report comes from 3WXM Services The Enable RF trending option located in the RF Monitor group box of the Monitoring Settings tab must be enabled See Changing Monitoring Settings on page 500 Select the Reports tool bar option In the Report Category list select RF Reports In the Reports list select Radio Details Select the radio for which you want the report The scope is always MAP Radio and cannot be changed Select the time period for the report a 1 Hour a 24 Hours a 7 Days a 30 Days To select or change the output directory for the report click Choose navigate to the new directory and click Select To prevent 3WXM from replacing an existing repo
340. ion Stats Trend LifeTime AP Stats Activity Log Current 1 Hour 24Hours 7 Days 30 Days Show Values As G Absolute O Deltas Operational Rate SNR RSSI Trend Operational Rate SNR RSSI 14 14 19 14 19 19 Refreshed at Mon Dec 05 14 35 11 PST 2005 Using the Client Monitor View 439 When looking at graphed data you can see the data in absolute or delta values Delta rate of change values are calculated with the following equation value at end of polling interval value at beginning of polling interval Displaying a Client s Geographical Location time differenc in seconds To change how you view data values select Absolute to see absolute values or Deltas to see rate of change values Removing a Client from the Watch List To remove a client from the watch list select the client then click Fst on the Client Monitor view s toolbar You can show the approximate location of a client within a site The floor the client is currently on is displayed as well as the client s likely location on the floor To display a client s session Select the client Click aH on the Client Monitor view s toolbar 3WXM checks whether three or more MAPs have detected the selected client within 15 seconds of each other If so the Client Location screen is displayed go to step 5 If three or more MAPs have not detected the client within 15 seconds of each other the
341. ion Target wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System ao a gog Select Management Services e In the Task List panel select 3WXM Notification Target In the Security Model drop down list select the security model to use specifically for SNMP communications between the switch and 3WXM a USM SNMPv3 V1 If you selected USM then select the minimum level of security for SNMP communication between the switch and 3WXM Services a Unsecured SNMP message exchanges are not secure This is the default and is the only value supported for SNMPv1 and SNMPv2c This security level is the same as the noAuthNoPriv level described in SNMPv3 RFCs 196 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS a Authenticated SNMP message exchanges are authenticated but are not encrypted This security level is the same as the authNoPriv level described in SNMPv3 RFCs a Encrypted SNMP message exchanges are authenticated and encrypted This security level is the same as the authPriv level described in SNMPv3 RFCs 4 Click Next a f you selected V1 or V2C in step 2 go to step 5 a f you selected USM in step 2 go to step 7 5 For SNMPv1 or SNMPv2c select or create the SNMP community string ve If a community string with access type read write notify read notify or notify only is already configured you can select it Ot
342. ion and authorization are attempted with the other methods specified in the list a f you specify LOCAL as the first method and a user is not in the local user database on the WX authentication and authorization are attempted with a RADIUS server group if one is defined in the method list The authentication methods you select are also used for authorization 6 Click Next 320 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS 10 Creating an Access Rule for Telnet or SSH Access 7 To enable this accounting rule for the SSID select Enabled 1 By default accounting rules you configure in 3WXM are disabled which means 3WXM does not add the rules to the switch s configuration Select one of the following record options a Select Start Stop to specify that records are sent at the start of a session and the end of a session a Select Stop Only to specify that records are sent only at the end of a session Select the accounting method s in the Available RADIUS Server Groups list and click Add The options and processing are the same as those for authentication methods See step 5 Click Finish To create an access rule for Telnet or SSH access Access the Create Admin User wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to AAA d Select Admin Access Rules e In the Task List
343. ion and correct the warning or error click on the arrow to expand the panel then click on the statistic to open the corresponding tab in the Content panel Table 6 lists the types of alerts displayed in the Alerts panel Table 6 Alerts Alert Category Description Configuration Lists the number of configuration errors and warnings encountered when 3WXM verifies WX switch configurations in the network plan 3WXM compares a switch s configuration to a set of configuration rules and flags the items that must error or should warning be corrected before deploying the switch configuration from the network plan to the live network Select this alert to open the Config Verification tab in the Content panel You can use this tab to correct configuration errors or disable rules See Verifying Configuration Changes on page 363 Content Panel Display Panels 33 Table 6 Alerts continued Alert Category Description Network Lists the number of configuration differences between all WX switches in the network and their counterparts in the network plan Select this alert to open the Network Verification tab in the Content panel You can use this tab to edit configuration items or disable rules See Verifying Configuration Changes on page 363 Rogue Detection Lists the total number of rogues detected by 3Com radios and still operating in the Mobility Domain s defined in the network plan Sel
344. ion in the Preferences dialog box For more information about certificate handling see Managing Certificates on page 369 and Certificate Check on page 495 To change certificate management options Select Tools gt Preferences The Preferences dialog box appears 2 Click the Certificate Handling tab 3 To automatically accept self signed certificates select Always accept self signed certificates To clear this option clear Always accept self signed certificates By default this option is disabled The 3WXM client accepts a certificate only if the certificate is signed by a certificate authority CA Click Close to close the Preferences dialog box or click another tab to continue making changes Changing Options for RF Planning 485 Changing Options for RF Planning Configuring the Typical Client s Transmit Power Changing Colors You can change the following RF planning options a Typical transmit power for clients in the 3Com network a Color schemes for showing RF information To change the typical client s transmit power Select Tools gt Preferences The Preferences dialog box appears 2 Click the RF tab 3 In the Typical Client Tx Power box specify the typical transmit power 1 to 20 dBm for clients in the network The default is 13 dBm which is a common client transmit power If you want to choose the color for an RF technology or obstacle see Changing Colors You can change th
345. ion port or are attached through a hub that does not block forwarding of packets from the client to the PAE group address 01 80 c2 00 00 03 Wired authentication works in accordance with the 802 1X specification which prohibits a client from sending traffic directly to an authenticator s MAC address until the client is authenticated Instead of sending traffic to the authenticator s MAC address the client sends packets to the PAE group address The 802 1X specification prohibits networking devices from forwarding PAE group address packets because this would make it possible for multiple authenticators to acquire the same client For non 802 1X clients who use MAC authentication WebAAA or last resort authentication wired authentication works if the clients are directly attached or indirectly attached If you plan to specify a RADIUS server group configure the group first before using the wizard The wizard does not provide a way to configure RADIUS servers or groups See Viewing and Configuring RADIUS Settings on page 298 180 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS 1 Access the Configure Wired Auth wizard a Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select Ports anA g Select the row for the port f Inthe Task List panel select Wired Auth 2 Select the fallthru authentication method from the Fall Through A
346. ion to calculate the power settings for the MAPs Transmit power levels must be high enough to adequately cover an area but also low enough to minimize co channel interference 3WXM factors in these considerations when calculating optimal power 3Com recommends that you assign channels before you compute optimal power to ensure successful power computation If the MAP is using an external antenna specify the antenna model and the direction of the antenna s coverage before you compute power See step 8 in Configuring Advanced MAP Settings on page 277 To compute optimal power In the Task List panel click RF Planning Under RF Planning click Compute Optimal Power The Compute Power For wizard appears showing a list of the areas you defined and the corresponding technology 148 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Compute Power For Floor1 Coverage Area Selection Select the Coverage Areas for which you would like to compute the optimal power You can select one or more Coverage Areas Optimize AP Count Yes Compute Power Technology m Cover 802 11a T CoverG 802 119 Click Next to begin computation 3 To optimize the AP count select Optimize AP Count This option checks for coverage overlaps and removes a MAP if neighboring MAPs provide enough coverage to make the MAP unnecessary This option applies only to coverage areas that are configured for coverage
347. iption of the 802 1X failure Using the Client Monitor View 427 Table 47 Activity Details for Roam Column Description User Name MAC Address SSID Roamed from Client Location Session ID Client IP Address Client Location Username of the client MAC address of the client SSID the client was associated with WX switch MAP access point and radio from which the client roamed ID used by 3Com equipment to track the session within the Mobility Domain IP address of the client Mobility Domain WX switch MAP access point and radio to which the client roamed Displaying Client The Client Session tab displays session statistics The data fields in the Session Information display depend on the scope If a Mobility Domain is selected a row of data is displayed for each WX switch in the Mobility Domain If a WX switch MAP or radio is selected client sessions for that device are displayed Data Displayed When a Mobility Domain is Selected When a Mobility Domain is selected in the Organizer panel the Client Monitor view s Client Sessions tab displays a row of information for each WX switch in the Mobility Domain B m g Client Monitor SE alphaNET4_1_0 G Equipment a H Alphawx1 wx4400 Alphawx2 wx1200 Alphawx3 Wx1200 i AlphawxS WXR100 Alphawx4 wx1200 Sites te QHSS RS i Client Activity Client Sessions Client Watch List Total 9 Average SNR 37 Average RSSI
348. irect 10 100 Ethernet connection to a WX or indirectly through other Layer 2 or Layer 3 wired networking devices Configure a MAP port for each directly connected MAP Table 21 lists how many MAPs you can configure on a WX switch and how many MAPs a switch can boot The numbers are for directly connected and Distributed MAPs combined Table 21 Maximum MAPs Supported Per Switch WX Switch Model Maximum Configured Maximum Booted WxX4400 300 40 80 or 120 depending on the license WX1200 30 12 WXR100 8 3 For a MAP that is indirectly connected to the WX through an intermediate Layer 2 or Layer 3 network configure a Distributed MAP instead See Creating a Distributed MAP on page 273 You cannot configure any gigabit Ethernet port or port 7 or 8 ona WX1200 switch or port 1 on a WXR100 switch as a MAP port To manage a MAP on a WX4400 switch configure a Distributed MAP connection on the switch See Creating a Distributed MAP on page 273 276 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS To configure a directly connected MAP Access the Create Direct Connect AP wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select Access Points 2 In the Task List panel select Direct Connect AP 3 Select the WX port the MAP will be connected to from the Available Ports drop down list Configuring
349. is set to the correct date time and time zone Otherwise certificates might not be installed correctly For more information about certificates on the WX see the Wireless LAN Switch and Controller Configuration Guide 370 CHAPTER 12 MANAGING CERTIFICATES Processing Certificates When 3WXM client connects to 3WXM Services or to a WX switch that presents a certificate that is unknown to 3WXM client the Certificate Check dialog box appears The dialog shows information about the certificate and allows you to accept or reject the certificate and therefore accept or reject the connection Before 3WXM can communicate with the WX switch or 3WXM Services over a secure HTTPS connection you must specify how to deal with the certificate required for secure communication The options you select in this dialog box apply to all HTTPS connections with the 3WXM client For example the 3WXM client also checks the validity of certificates presented by 3WXM Services and the settings you select in this dialog affect those connections too To process a certificate If you do not want to see the Certificate Check dialog box each time 3WXM connects to a WX switch select one of the following options a Always accept self signed certificates Use this option to configure the 3WXM client to always accept a self signed certificate from the 3WXM monitoring service and from WX switches a Install this certificate to validate future connections
350. is the probability that the rogue is where the display indicates To display the location of a client associated with the rogue Select the rogue in the rogue list A list of the clients associated with the rogue appears under the Clients tab 3Com Wireless LAN Switch Manager 4 2 0 0 Plan AlphaNET4_1_0 File Tools Help eme 2 ak y 6 1 Back Policies RF Planning Configuration Devices Monitor Rogue Detection Verification Events BAe Prite gt ROARED Filtered List 241 Current Details Rogue 00 0b 0e 03 34 88 MAC SSID Type 00 14 7c 64 77 00 wifi Interfering a 00 0b 0e Fd Fdicc weird public Interfering ice weird Interfering c3 voicez Interfering 00 0b 0e 0f 7c c4 voicebound Interfering 00 0b 0e 0f 7c c5_ voicebound Interfering 00 0b 0e 0a 33 c4_vineet web Interfering ic2 vineet mac Interfering cO vineet dotl Interfering ica 3Com webaaa Rogue icb 3Com webaaa Rogue Listeners 1 Clients 8a 3Com webaaa Rogue aa 3Com webaaa Rogue Client vendor Channel SSID Current Current Hour Current Day History Activity Log Polled Results SsID Listeners Thu Mar 09 12 00 29 PST 2006 3WXM voip Rogue 00 0b 0e 00 d2 c8 3Com voip Rogue 00 0b 0e 00 d2 c9 p Rogue 00 0b 0e 03 34 86 3Com tkip Rogue 00 90 7a 01 37 be Spectralink 1 7 3Com tkip Rogue 86 3Com tkip Rogue 86 3Com tkp Ro
351. itch s local user database or both MSS tries the methods in the order they appear in the Current RADIUS Server Groups list To reorder the methods select a method and click Up or Down 10 11 12 13 Viewing and Configuring 802 1X Network Access Rules 309 a f you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server no authentication and authorization are attempted with the other methods specified in the list a f you specify LOCAL as the first method and a user is not in the local user database on the WX authentication and authorization are attempted with a RADIUS server group if one is defined in the method list The authentication methods you select are also used for authorization Click Next To enable an accounting rule for the SSID select Enabled By default accounting rules you configure in 3WXM are disabled which means 3WXM does not add the rules to the switch s configuration Select one of the following record options a Select Start Stop to specify that records are sent at the start of a session and the end of a session a Select Stop Only to specify that records are sent only at the end of a session Select the accounting method s in the Available RADIUS Server Groups list and click Add The options and processing are the same as those for authentication methods See step 8 Click Finish 310 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZA
352. itch always sends 6 Administrative The RADIUS server can reply with one of the values listed above If the service type is not set on the RADIUS server administrative users receive NAS Prompt access and network users receive Framed access Note MSS will quietly accept Callback Framed but you cannot select this access type in MSS session timeout network access mode only Maximum number of seconds for the user s session Number between 0 and 4 294 967 296 seconds approximately 136 2 years ssid network access mode only SSID the user is allowed to access after authentication Name of the SSID you want the user to use The SSID must be configured in a service profile and the service profile must be used by a radio profile assigned to 3Com radios in the Mobility Domain 296 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Table 22 Authentication Attributes for Local Users continued Attribute Description Valid Value s start date Date and time at which the user becomes eligible to access the network MSS does not authenticate the user unless the attempt to access the network occurs at or after the specified date and time but before the end date if specified Date and time in the following format YY MM DD HH MM You can use start date alone or with end date You also can use start date end date or both in conjunction with
353. itoring client activity traps from WX switches Data is accumulated from up to 1000 traps at which point the oldest traps are discarded to make way for new traps Table 37 lists the options on the toolbar in the Client Monitor view Table 37 Toolbar Options in Client Monitor View Option Description Edit 3WXM preferences E i Thy Configure 3WXM Services i j Launch Help Refreshes the data by immediately polling 3WXM Services when you click the icon Displays the Find Clients dialog box which lets you find user session data and add users to the watch list See Managing the Client Watch List on page 434 Displays the Statistics dialog box which contains detailed performance data for a user See Accessing Realtime Performance Statistics on page 449 Ends a user s session The user is disassociated from the radio Se See Terminating a Client s Session on page 441 Displays the user s location on the floor plan See Displaying a Client s Geographical Location on page 439 416 CHAPTER 16 MONITORING THE NETWORK Refreshing Client Data Displaying Client Activity Information Table 37 Toolbar Options in Client Monitor View continued Option Description Adds the user to the tracking list 3WXM starts collecting session Fs and roaming data for the user Fs Removes the user from the tracking list so that 3WXM stops collecting session and roaming data
354. ity of the event or condition to be logged see the list in step 2 The default severity level is Info 5 Configure trace logging a To enable trace logging select Enabled Clear Enabled to disable trace logging b In the Severity Filter list select the lowest level of severity of the event or condition to be logged see the list in step 2 The default severity level is Debug c In the Maximum Size box specify the maximum size for the trace log 1 to 50 MB The default is 1 MB 6 To create an external log server go to Creating an External Log Server Otherwise click Save 200 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Creating an External Log Server You can specify a syslog server Syslog facilities are identifiers that allow a syslog server to handle different syslog messages from different sources You can use a facility in the range of Local O through Local 7 Access the Create Syslog Server wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select Log e In the Task List panel select Syslog Server 2 Inthe IP Address box type the IP address of the syslog server 3 In the Severity Filter list select the lowest level of severity of the event or condition to be logged see the list in step 2 on page 198 The default severity level is Error To map all the facilities to a standard local fa
355. ividual user override the attribute values configured for the group You can configure groups for named users and groups for MAC users A group cannot contain both named users and MAC users To view users and groups in the local database Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Local User Database The users and user groups configured in the local user database appear Creating a Named User 1 Creating and Managing Users in the Local User Database 289 To create a named user Access the Create Named User wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select Local User Database oa oO e In the Task List panel select Named User In the Name box type the name of the user 1 to 60 alphanumeric characters with no spaces or tabs In the Password box type the password for the user 1 to 80 alphanumeric characters with no spaces or tabs You must specify a password if you want the password to be encrypted in the configuration file In the User Group list select a user group to assign the user to if the group is already configured You do not need to assign a user to a user group If you do select a user group you only need to specify a password for the user All other attributes are obtained from the u
356. k Accept 48 CHAPTER 3 GETTING STARTED If this is the first time you are starting 3WXM or you have not yet activated your license the client will not establish a connection to the server when you click Next Instead the client will briefly contact the server then display the following message Error Missing license a f you need to install license information click Cancel to close the dialog and go to step 3 a f you have already installed license information go to step 15 Select Help gt Licensing from the tool bar The License Wizard is displayed License Wizard Please Choose one of the installation options then click Next com in uted austen Wi r el ess Standard Base Product Switch Manager If you are installing a licensed copy select Standard Base Product and click Next Go to step 5 If you are installing an evaluation copy a Select Time Limited Evaluation and click Next b Click Finish and go to step 13 Type the license key that was supplied with the 3WXM CD and click Next Click Get Activation Key A 3Com web page appears Enter your registration information and the license key if you are licensing a purchased copy in order to obtain an activation key Copy the activation key from the web page and paste it onto the Activation Key box of the Activation Key page 8 gt 9 10 11 12 13 14 15 Starting 3WXM 49 If you plan to manage 10 or fewer wireless LA
357. k Close Synchronizing When the Network and 3WXM Have Nonmatching Changes Synchronizing Local and Network Changes 353 You can click Close at any time after clicking Deploy The operation continues in the background To review the status of the operation use the operation log See Viewing the Operation Log on page 358 To schedule deployment of local changes Select the Devices tool bar option 2 At the bottom of the Task List panel select Change Management 3 Select one or more WX switches To select multiple switches press Shift for contiguous switches or Control for noncontiguous switches while clicking In the Task List panel in the Local Changes group click Schedule Deploy The Schedule Deploy dialog box appears Edit the start date and time The date and time are based on the date and time on the machine where 3WXM Services is installed Click OK If a WX switch in the network has configuration changes and the switch s counterpart in the network plan also has changes but the changes are different you still can synchronize the changes The Devices tab indicates that both the network and the network plan have nonmatching changes in the following ways a When you select the WX switch the links in both the Local Changes and Network Changes groups of the Task List panel become active a When you click Deploy the deployment is not performed and the following message is displayed instead wx is no
358. l the changes Drawing Floor Objects Manually gt Importing or Drawing Floor Details 93 You can use the Free Draw palette to add objects to your floor drawing that are not related to RF obstacles for example a conference room table The tools for drawing non RF objects work the same as the tools for drawing RF objects but the tools are different To draw a non RF object use the tools in the Free Draw group box To draw RF objects use the tools in the RF Obstacle group box See Drawing RF Obstacles on page 97 To draw an object Display the floor plan in the Content panel 2 In the Task List panel click Tools 3 In the Free Draw area under Layout click one of the icons and draw the object as described in the following table Object Action Diagonally drag the cursor over the area where you i want the circle to appear circle Diagonally drag the cursor over the area where you want the square to appear square 1 Click at a vertex and drag the cursor to the next E vertex parallelogram 2 Click again and drag the cursor until the parallelogram takes the shape you want 3 Click to finish Click at a vertex then move the cursor to the next 1 E vertex polygon 2 Repeat until the polygon takes the shape you want For a polygon with n sides click n 1 additional times at the vertices For example to draw a 7 sided polygon click at 6 vertices 3 At the last
359. lar instance of the message again 366 CHAPTER 11 VERIFYING CONFIGURATION CHANGES Changing Verification Options To globally disable a warning or error Select an instance of the warning or error message In the Resolutions section click disable this rule for all instances As soon as you click on this option all instances of the message disappear from the list 3WXM will not display the message again By default 3WXM verifies configuration information in the following cases a When the switch s configuration is changed in 3WXM a When you deploy or export a switch from 3WXM to the network a When you upload a switch from the network into 3WXM 3WXM verifies the switch s entire configuration by default each time a change occurs In addition 3WXM allows you to deploy or export configuration changes that cause error messages by default To change verification options On the toolbar of the Verification tab click Options The Verification Options dialog box appears Select the cases in which you want 3WXM to perform verification a Verify changes only 3WxXM performs verification only on configuration items that change instead of verifying the entire configuration when any change in that configuration occurs a Verify on edits 3WxXM performs verification whenever you edit a switch s configuration a Verify on deploy and export 3WXM performs verification when you select the option to deploy switches from 3WXM
360. le s notification types or to enable or disable notification types a Click Properties b Click the checkbox next to each notification type you want to enable disable To enable or disable all notification types click the Enable checkbox at the top of the list To create a new profile a Select Create new Notification Profile and click Next b In the Profile Name box type the name of the notification profile The name can be 1 to 32 alphanumeric characters with no spaces or tabs Click Next Click the checkbox next to each notification type you want to enable To enable all notification types click the Enable checkbox at the top of the list e Click Next 7 From the Security Model drop down list select the SNMP version 8 For USM SNMPv3 select the security type a Unsecured SNIMP message exchanges are not secure This is the default and is the only value supported for SNMPv1 and SNMPv2c This security level is the same as the noAuthNoPriv level described in SNMPv3 RFCs a Authenticated SNMP message exchanges are authenticated but are not encrypted This security level is the same as the authNoPriv level described in SNMPv3 RFCs a Encrypted SNMP message exchanges are authenticated and encrypted This security level is the same as the authPriv level described in SNMPv3 RFCs an 9 10 WA 11 12 Viewing and Changing Management Settings 193 Click Next a f you selected V1 or V2C in step 7
361. lect one of the following 802 11a 802 11b 802 119 802 11a and 802 11b 802 11a and 802 11g Select 802 11a and 802 11b if the area requires 802 11a and 802 11b coverage Select 802 11a and 802 11g if the area requires 802 11a and 802 11g coverage For 802 119 to prevent the association of 802 11b clients to any radio in this coverage area select Exclude 802 11b clients To allow 802 11b clients to associate to radios in the coverage area clear Exclude 802 11b clients In the Rate Mb s list select the average desired association rate for typical clients in this coverage area 6 Under the Capacity tab you can do the following To calculate MAP placement and configuration based on coverage and on capacity for data enable Use Capacity Calculation for Data In the Per Station Throughput list specify the throughput combined transmit and receive in kilobits per second Kbps for a station In the Expected Station Count list specify the number of clients you expect to be in the coverage area In the Station Oversubscription Ratio list select the ratio for the average transmit behavior of the stations The station oversubscription ratio is the ratio of active clients compared to total clients For example the ratio 5 1 indicates that Statistically 20 percent of the clients are active at any given time To calculate MAP placement and configuration based on coverage and on capacity for voice over IP enable U
362. led a Established option to apply a new TCP ACE only to established existing TCP sessions By default TCP ACEs apply to new sessions as well as existing ones a ICMP properties to specify the type and code values for ICMP ports applies only to ACEs that have ICMP as the protocol a Capture option to redirect matching packets to the CPU applies to ACEs used for Web Portal access To change the hit sample rate The hit sample rate specifies the time interval in seconds at which the packet counter is sampled for each security ACE on which the hit counter is enabled By default the hit sample rate is 0 even when the hit counter is enabled To use the hit counter you must enable it and set the hit sample rate The hit sample rate applies globally to all ACEs on which the hit counter is enabled In the Task List panel select Edit ACL hit sample rate Select or type the number of seconds between updates in the Hit Sample Rate box Click OK To enable the hit counter for an ACE You can enable the hit counter on an individual ACE basis Select the ACE in the ACL table In the Task List panel select Enable Hits for this rule You also must set the hit sample rate to a value greater than 0 which is the default See To change the hit sample rate uu A WN Viewing and Configuring ACLs 227 To enable the established option for TCP ACEs By default a new TCP ACE applies to new sessions as well as established e
363. less Switch Wizard A W N You can use any of the following methods to add a WX switch to a network plan a Allow 3WXM to create the switch as part of RF planning a Use the Create Wireless Switch wizard a Copy and paste a switch that is already in the network plan a Upload the switch from the network a Import the switch s XML configuration file Select the Planning tool bar option and use the instructions in Planning the 3Com Mobility System on page 69 Select the Configuration tool bar option In the Organizer panel select the network plan name In the Task List panel select Create Wireless Switch Go to Using the Create Wireless Switch Wizard on page 165 162 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Creating a New WX Switch Based on a Configured Switch in the Network Plan You can copy and modify a switch that is already in the network plan by copying and pasting the switch in the Organizer panel 1 Select the Configuration tool bar option In the Organizer panel select the switch you want to copy then right click on the switch and select Copy Right click and select Paste The Wireless Switch Properties wizard appears In the WX Name box type the name of the WX switch 1 to 256 alphanumeric characters with no spaces or tabs Within a network plan and all Mobility Domains each WX must have a unique name Type the switch s serial number in the Serial Number box To modify th
364. lick Next 3WXM establishes a new connection to the host running 3WXM Services and loads the specified network plan You can import objects from another network plan into the currently open plan When you import objects from another plan objects are added to the currently open plan as follows a If an object object name exists in the plan you are importing but not in the open plan the object is added to the open plan a If an object object name exists in both plans the copy of the object in the imported plan replaces the object in the open plan If both plans have the same floor name the floor in the plan you are importing completely replaces the floor of the same name in the other plan 3Com recommends that you save a backup copy of the plan before importing objects from another plan To save a backup copy you can use the File gt Save As option To import a plan In the main 3WXM window select File gt Import Network Plan Select the network plan you want to import from the Select Plan drop down list 58 CHAPTER 4 WORKING WITH NETWORK PLANS Closing a Network Plan Deleting a Network Plan A i gt 3WXM compares the object names in the plan to be imported with the object names in the open plan If both plans have objects of the same name and type the objects are listed and Conflict appears in the Status column Do one of the following depending on whether you want to import all objects from the plan
365. lick Select Click Next The status is displayed in the Status window Click Close to close the dialog This completes the procedure To delete a plan backup Access the Backup Restore dialog Click on the backup you want to delete Click Delete Click Close to close the dialog 506 CHAPTER B CHANGING 3WXM SERVICES PREFERENCES OBTAINING SUPPORT FOR YOUR PRODUCT Register Your Product Warranty and other service benefits start from the date of purchase so it is important to register your product quickly to ensure you get full use of the warranty and other service benefits available to you Warranty and other service benefits are enabled through product registration Register your product at http eSupport 3com com 3Com eSupport services are based on accounts that you create or have authorization to access First time users must apply for a user name and password that provides access to a number of eSupport features including Product Registration Repair Services and Service Request If you have trouble registering your product please contact 3Com Global Services for assistance Purchase Value Added Services To enhance response times or extend warranty benefits contact 3Com or your authorized 3Com reseller Value added services like 3Com ExpresssM and Guardians can include 24x7 telephone Technical Support software upgrades onsite assistance or advance hardware replacement Experienced engineers are availabl
366. licy to the switches associated with that policy you must explicitly reapply the policy to the switches When you open a 3 x network plan in 3WXM 4 1 3WXM automatically creates a policy for each Mobility Domain in the plan The policy contains all the parameter settings that were in the Domain Policies for the Mobility Domain in 3 x To avoid unintended configuration changes 3WXM does not automatically apply the Mobility Domain policy to new switches or to switches that already exist in the plan However you can use the Policy Manager to apply the parameter settings in the Mobility Domain policy to switches 374 CHAPTER 13 CONFIGURING AND APPLYING POLICIES Viewing Policies To view policies Select the Policies tool bar option To view the feature areas in the policy click on the plus sign next to the policy name Only the areas that are configured in the policy are listed Click on the plus sign next to individual feature areas To view the parameter settings in a feature area select the feature area The settings appear in the Content panel Creating a Policy To create a policy Access the Create Policy wizard a Select the Policies tool bar option b In the Task List panel select Policy In the Policy Name box type a name for the policy This name will appear in the Organizer panel when the Policies tool bar option is selected To configure a policy for a specific switch model select the model from the
367. ling or Disabling Management of a Switch by 3WXM on page 357 Distribute Install a certificate from a PKCS 12 file onto Certificates WX switches See Distributing Certificates to WX Switches on page 372 Other Upload Add a WX switch to the network plan by WX copying its configuration from a live switch in the network See Adding a Switch by Uploading its Configuration from the Network on page 163 View Lists the tasks performed using the Devices Operation tab cog See Viewing the Operation Log on page 358 Cancel Cancels a scheduled task such as an image Scheduled deployment Operation See Canceling a Scheduled Operation on page 358 350 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Toolbar Options Table 25 lists the options on the Devices tab s toolbar Table 25 Toolbar Options on Devices Tab Option Description Upload WX Opens the Upload Wireless Switch dialog box which lets you add a new switch to the network plan by copying the configuration from a switch already running in the network See Adding a Switch by Uploading its Configuration from the Network on page 163 Options Opens the Managed Devices Options dialog box which lets you modify parameters used to poll switches for configuration changes See Modifying Configuration Change Polling Options on page 361 Synchronizing Local and Network Changes Reviewing Switch Confi
368. list MSS drops all packets from these clients Although the Rogue Detection toolbar options provide the simplest way to configure rogue detection features you also can configure them on an individual switch basis To configure rogue detection settings for a switch see Viewing and Changing RF Detection Settings on page 282 474 CHAPTER 17 DETECTING AND COMBATTING ROGUE DEVICES 18 OPTIMIZING A NETWORK PLAN After you deploy a network plan to the 3Com equipment in your live network you can optimize the plan based on RF information from the network The RF information can be from a site survey or from MAP radios a Site survey RF measurements come from a site survey file generated by the Ekahau Site Survey tool Save the file in comma separated values csv format and import the file into 3WXM a MAP radios RF measurements come from the MAPs in the network Optimizing your network plan improves the accuracy of the model and provides more precise results when you visualize wireless coverage locate users and rogue devices and so on You also can use optimization to find and fill coverage holes Importing RF Measurements Importing the Measurements To import RF measurements you need to import the measurements from MAP radio in the network from a site survey file or both Then update the RF obstacle data To import the measurements 1 Select the RF Planning option in the main 3WXM tool bar 2 Display the
369. lity Domain When a user roams to a switch that is not a member of the VLAN the user is assigned to the switch can tunnel traffic for the user through another switch that is a member of the VLAN For more information about Mobility Domains see Defining a Mobility Domain on page 60 Because the default VLAN might not be in the same subnet on each switch 3Com recommends that you do not rename the default VLAN or use it for user traffic Instead configure other VLANs for user traffic To view VLANs Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select VLANs The VLAN settings appear in the Content panel To create a VLAN Access the Create VLAN wizard Select the Configuration tool bar option Click the plus sign next to System Select VLANs e In the Task List panel select VLAN In the VLAN Name box type the name of the VLAN 1 to 16 alphabetic characters long with no spaces or tabs You cannot use a number as the first character in a VLAN name a b In the Organizer panel click the plus sign next to the WX switch c d 208 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS VLAN names must be globally unique across a Mobility Domain to ensure the intended user connectivity as determined through authentication and authorization Every VLAN on a WX has a VLAN name used for authorization purposes and a VLAN number VL
370. llowed access to the network immediately after the SODA agent is downloaded rather than waiting for the security checks to be run a Remediation ACL ACL to be applied to a client if it fails the checks performed by the SODA agent a Failure Page Name of the web page served to the user s browser if the user s computer fails one of the SODA agent checks Success Page Name of the web page served to the user s browser when the user s computer successfully completes all the SODA agent checks a Logout Page Name of the web page served to the user s browser when the user logs out of the SODA protected network a Agent Directory Name of the directory in the WX switch s nonvolatile storage that contains the SODA agent files A service profile s encryption settings and access rules are not displayed in the service profile table or in the wizard opened by the Properties button To display an SSID s encryption settings and access rules from the Service Profile table 1 Display the Wireless Service Profiles table a Inthe Organizer panel click on the plus sign next to the WX switch on which the service profile is configured Viewing and Configuring Wireless Services 259 b Click on the plus sign next to Wireless c Select Wireless Services 2 Select the service profile in the table A set of tasks appears under Setup in the Task List panel 3 To display encryption settings and access rules select one of the following
371. lly put into effect A reboot is not required The following procedures provide steps for deploying configuration changes from the Devices tab You also can immediately deploy changes from the Configuration tab by clicking Deploy To immediately deploy local changes 1 Select the Devices tool bar option 2 At the bottom of the Task List panel select Change Management 3 Select one or more WX switches To select multiple switches press Shift for contiguous switches or Control for noncontiguous switches while clicking In the Local Changes group in the Task List panel click Deploy The Deploy Configurations dialog box appears The dialog lists the switches that have configuration changes Select the switches to which you want to deploy the changes To select more than one WX click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items Click Deploy The deployment status for each affected WX is shown in the History window at the bottom left of the dialog box 3WXM performs verification of the changes If errors occur they are listed in the Selected Errors at the bottom right of the dialog box If there are errors fix them and verify the changes before trying to deploy again You can use the Verification tab to fix the errors See on page 363 If the deploy is successful 3WXM also instructs the WX switch to save the changes in its configuration file 7 Clic
372. load the switch into the network plan configure switch parameters and deploy the configuration to the switch See Uploading a Partially Configured Switch and Completing its Configuration with 3WXM on page 341 1 The switch is shipped to a network administrator who configures IP address and DNS information on the switch and enables the auto config option to configure the switch to contact 3WXM Services in the corporate network The network administrator can configure the switch to use a DCHP client to obtain IP information or can statically configure the information The IP address and default gateway are required DNS information is optional but is recommended if DNS is available If DNS is available an entry must be added to the DNS server that maps the IP address of the host where 3WXM Service are installed to the well known hostname wlan config srv Otherwise an IP alias can be configured on the switch itself to map the address to the hostname The preconfigured switch is shipped to the remote office where it will be deployed Someone at the remote office physically installs the switch and MAPs 4 The person at the remote office powers the switch on The switch boots using the configuration created during staging The switch either uses its DHCP client to obtain an IP address from a local DHCP server or uses a statically configured address This depends on the switch s preconfiguration If the auto config option
373. m default power level that RF Auto Tuning can assign to the radio select the power level from the drop down list in the Max Tuned Power column The Default power level is the same as the maximum power level allowed for the country of operation b To change the minimum transmit data rate for 802 11b g clients or 802 11a clients associated with the radio select the rate from the drop down list in the Client Data Rate column By default a radio does not lower the transmit data rate for any client below the following values a 5 5 Mbps for 802 11b g clients 24 Mbps for 802 112 clients c To change the maximum percentage of client retransmissions a radio can experience before RF Auto Tuning considers changing the channel on the radio select the percentage from the drop down list in the Max Retransmissions column By default the maximum percentage of client retransmissions a radio can experience before RF Auto Tuning considers changing the channel on the radio is 10 percent 9 To change the radio profile used to manage the radios select the profile from the drop down list in the Radio Profile column 10 Click Save 272 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Converting Auto DAPs into Statically Configured DAPs Deleting Auto DAPs See Converting Auto DAPs into Statically Configured APs on page 67 See Deleting Auto DAPs on page 175 Viewing and Configuring MAPs MAPs contain radios that provide network
374. m recommends that you obtain copies of the drawing in both DWG and DXF formats if possible so that you can try the other format if the first format you try does not import easily A GIF or JPG file is a raster graphics file a screenshot or background image which is not made of lines To add RF obstacle information you must manually draw the obstacles on top of the image For optimal performance use files that are around 1 MB in size or less A DXF file is generally about 3 times the size of a DWG file for the same drawing You can reduce the file size for a drawing by pruning unneeded information from the drawing as described below 3WXM has a file cleanup feature that can help remove unwanted information from an imported drawing However the more cleanup work you do before importing a file the better the results will be In addition cleaning up a file before importing it helps reduce the file size which in turn enhances performance when handling the file in 3WXM To prepare a drawing before importing it into 3WXM a Make sure the scale of the paper space is 1 1 full size Also ensure that the scale type is the same as that of the model space a Verify that the origin point 0 0 aligns correctly for all floors a Delete all workspaces or paper layouts that are not required If the drawing contains multiple paper layouts delete all but the last one which cannot be deleted and delete the contents of that layout
375. measurements from the live network In addition when you add the geographical information about your network to 3WXM you can use 3WXM to visually find network clients or rogue devices 70 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Accessing the RF To access the RF planning tools select the RF Planning tool bar option and Planning Tools do one of the following a f you are creating a new building click on the site name in the Organizer panel and select Create Building in the Task List panel a f you are modifying an existing building click on the plus sign next to the site name to expand it then click on the name of the building you want to modify 3Com Wireless LAN Switch Manager 4 1 0 Plan RTFM 2 ak Pi Policies RF Planning Configuration Devices Monitor Rogue Detection Verification File Tools Help Create General gt Floor amp Building Name Building Number of Floors 2 Other Starting Floor Level gt Edit Building gt Work Order Report Skip Floor Levels Floor Defaults Unit of Measurement Height of the Ceiling Feet Ceiling Type Ceiling Attenuation Factor For 802 112 dB 20 120 Ceiling Attenuation Factor For 802 11b g dB 20 Floors Floor Name Floor Level Floor2 Floort Table 12 lists the toolbar icons at the top of the floor display area Table 12 Toolbar icons available in RF Planning
376. modify the name edit the string in the WX Name box 4 To modify the serial number edit the string in the Serial Number box Modification of the serial number applies only when you are prestaging a specific switch This option does not change the serial number of an installed switch To modify the system IP address and VLAN select them from the System VLAN IP drop down list The system IP address determines the interface or source IP address MSS uses for system tasks including the following a Mobility Domain operations a Topology reporting for dual homed MAP access points Modifying Basic Switch Parameters 171 a Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP notifications 6 To enable the switch to be managed by 3WXM select Managed Until this option is selected you cannot deploy the switch configuration you create in 3WXM to the actual switch in the network This option also enables the Launch Telnet and Launch Browser options in D the Task List panel After you select Managed to enable management of the switch by i gt 3WXM do not change this option unless advised to do so by 3Com Technical Support If you change a WX switch to an unmanaged state in a network plan all network operations polling stop for that WX switch If you change back to a managed state the entire configuration of the switch is replaced with the settings from the network plan which can result in los
377. n be discarded reverse the frozen unfrozen status of all layers to that only the layers that normally are frozen are visible In TurboCAD delete the unneeded layers In AutoCAD click drag around all the visible objects to select them and delete the objects CAUTION Do not use Ctri A Select All in AutoCAD to select the objects to delete This option selects all objects in the model space regardless of layer status invisible locked or frozen All invisible objects are unprotected and will be deleted Instead always use click drag to select multiple objects or lock the layers you want to keep first a Remove all blocks line types and layers that are unused a In TurboCAD To delete a block select it on the Blocks palette and click Delete A line type is an object To delete an object select the object and select Edit gt Clear gt Selection In AutoCAD Click drag to select unwanted objects and delete them When all unwanted objects are deleted purge the drawing of all unwanted layers blocks and fonts by selecting File gt Drawing Utilities gt Purge Make sure purge nested items is selected Click Purge until the option is greyed out CAUTION In AutoCAD you cannot delete a layer if the layer is not empty However in TurboCAD Options gt Layers allows you to delete a layer even if there are objects in it a Create RF specific layers and move walls windows doors and other objects that affect RF propagatio
378. n existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option Click Generate 8 When the report is generated click the report link to view it Table 32 lists the sections in the report Table 32 WX Configuration Report Sections Section Description System Info Name system IP address software states of the management services and states of active RF scanning and countermeasures Mobility Domain System IP address of the seed for the Mobility Domain the WX switch is in 10 100 Ports 10 100 Ethernet port settings configured on the WX switch Gig Ports Gigabit port settings if applicable configured on the WX switch VLANs VLANs configured on the WX switch Spanning Tree STP settings configured on the WX switch IP Properties IP settings including routes and DNS parameters configured on the WX switch 388 CHAPTER 15 GENERATING REPORTS Table 32 WX Configuration Report Sections continued Section Description ACLs Access Control Lists ACLs configured on the WX switch APs Directly connected MAPs configured on the WX switch Distributed APs Distributed MAPs configured on the WX switch Radio Profiles Radio profiles configured on the WX switch Service Profiles Service profiles configured on the WX switch 802 1X 802 1X parameters configured on the WX switch RADIUS RADIUS server groups and servers configured on the WX switch Access Rules AA
379. n from other layers into the new layers For example create a new layer called RF ExtWalls for external walls and move all external wall objects into that layer In 3WXM you can easily select all objects in the layer and assign the same RF attenuation value to them Create RF IntWalls for interior walls and RF Windows for windows If walls or windows are shown with multiple parallel lines delete all but one of the lines 3WXM can remove unneeded parallel lines during cleanup too depending on how close together the lines are To create a new layer in TurboCAD 9 select Options gt Layers In AutoCAD select Format gt Layer 82 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM To move objects to the new RF layers click drag to select objects select Modify gt Properties and change the objects layer a Save the drawing on DWG and DXF formats in case one format does not import well To save the file into a specific format select File gt Save As and select the format Use version R2000 of the format you save as if available Useful AutoCAD Operations and Naming Conventions Table 13 and Table 14 provide AutoCAD operating tips and naming conventions that can be helpful as you prepare your floor plans for 3WXM Table 13 Operating Tips Operation Path Hotkey Zoom Extension Ctrl Backspace Arranges all items in the drawing view Explode Format gt Explode Alt Shift E Ungroups all items Group Use Crea
380. n individual VLAN but does not configure fast convergence features which are global See Enabling STP Fast Convergence Features on page 213 To enable STP click Enabled In the Bridge Priority box specify this STP bridge s priority 0 to 65 535 The default is 32 768 The bridge with the lowest priority value becomes the root bridge for the spanning tree In the Max Age box specify the maximum age value 6 to 40 seconds which controls how long information from other bridges is kept The default is 20 seconds In the Hello Time box specify the interval 1 to 10 seconds between each configuration message from the root bridge The default is 2 seconds In the Forward Delay box specify the amount of time 4 to 30 seconds a bridge waits after a topology change to begin forwarding data packets The default is 15 seconds Click OK Changing STP Port Settings in a VLAN Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs In the Content panel select the VLAN Click Properties Click the Spanning Tree Ports tab To enable spanning tree packet processing Tx Rx on that port make sure Enabled is selected This is the default To disable this feature clear Enabled If you disable spanning tree packet processing on the port the following might happen 212 CHAPTER 6 CONFIGUR
381. n next to the WX switch c Click the plus sign next to Wireless d Select RF Detection 2 Edit the MAC address in the MAC Address box 3 Click OK 1 1 To add an entry to the client black list Access the RF detection settings a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select RF Detection 2 Edit the MAC address in the Client MAC Address box 3 Click OK To enable countermeasures Access the RF detection settings a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select RF Detection To enable countermeasures against rogues detected by radios managed by this profile select one of the following from the Countermeasures Type pull down list for the radio profile a None Radios do not use countermeasures This is the default a All Radios use countermeasures against devices classified by MSS as rogues and against devices classified by MSS as interfering devices Enabling MAP Signatures Viewing and Changing RF Detection Settings 285 A rogue is a device that is in the 3Com network but does not belong there An interfering device is not part of the 3Com network but also is not a rogue MSS classifies a device as an interfering device if no client connected to the device has been detected communicat
382. n of the dialog box de select Allow All Users Type a new password for the administrator 1 to 80 alohanumeric characters with no spaces or tabs The password is case sensitive 4 Type the administrator password again for verification Click OK In the 3WXM Services Setup dialog box click Save to save the changes If this is the first user account 3WXM Services inserts the username you used to log onto the machine that is running 3WXM Services in the Account Name box However you are not required to use this name In fact you are not required to use a name that matches a user account on the machine 3WXM Services automatically makes the first user account you add an Admin account 52 CHAPTER 3 GETTING STARTED Creating Provision or Monitor Accounts After creating an administrator account you can create provision or monitor accounts To create a provision or monitor account 1 Access the 3WXM Services Setup dialog box To add a provision user account click Add Provision Account To add a monitor account click Add Monitor Account The Add Account dialog box appears Type the name of a user account that has access to the system 4 Type a new password for the user 1 to 80 alphanumeric characters with no spaces or tabs The password is case sensitive 5 Type the password again for verification and then click OK 6 In the 3WXM Services Setup dialog box click Save to save the changes 7 Click Close to close th
383. n page 187 Table 58 SNMP Notifications for RF Detection Notification Type Description Rogue detection notifications RogueDetect ndicates that MSS has detected a rogue AP RFDetectRougeDisappear ndicates that MSS is no longer detecting a previously detected rogue AP RFDetectinterferingRogueAP oe that MSS has detected an interfering evice RFDetectInterferingRogueDisappear Indicates that MSS is no longer detecting a previously detected interfering device RFDetectAdHocUser ndicates that MSS has detected an ad hoc user RFDetectUnAuthorizedSSID ndicates that MSS has detected an SSID that is not on the permitted SSID list RFDetectUnAuthorizedOUl ndicates that MSS has detected a wireless device that is not on the list of permitted vendors RFDetectUnAuthorizedAP ndicates that MSS has detected the MAC address of an AP that is on the attack list IDS DoS notifications For more information about IDS DoS see the IDS and DoS Alerts section in the Rogue Detection and Countermeasures chapter of the Wireless LAN Switch and Controller Configuration Guide CounterMeasureStart Indicates that MSS has begun countermeasures against a rogue AP Mobility Domain Requirement Rogue Detection Requirements 459 Table 58 SNMP Notifications for RF Detection Notification Type Description CounterMeasureStop Indicates that MSS has stopped countermeasures against a rogue access point RFDetetSpoofedMacAP Indicates th
384. n the Coverage Areas section of the Organizer panel select the scope for which you want to display coverage You can display coverage for an individual radio a specific coverage area or all coverage areas on the floor a To select multiple contiguous objects click Shift while selecting a To select multiple noncontiguous objects click Ctrl while selecting If you need to make adjustments do the following a Manually move the MAPs or increase the transmit power levels b Manually create more MAPs and place them on the floor c Modify the coverage area so that the capacity requirements are higher If you manually add MAPs to a coverage area they might be moved or removed the next time you perform Compute and Place 150 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Verifying the Wireless Network Showing RF Coverage You can use the following tools to help verify the wireless network Show RF coverage a Place RF measurement points a Use RF interactive measurement mode Looking at the RF coverage allows you to see if the entire area is adequately covered by the MAPs You can move the MAPs and see how the coverage changes You can see the RF coverage for an area by doing the following In the Coverage Areas section of the Organizer panel select the coverage area Right click and select Show RF Coverage This procedure displays coverage provided by the access points on a single floor To also view coverage provid
385. n the other two panels This option applies only to the Content panel Panel sizes and window arrangements are associated with 3WXM usernames When you close 3WXM 3WXM remembers the panel sizes and window arrangements you assigned and restores them the next time you run 3WXM 38 CHAPTER 2 WORKING WITH THE 3WXM USER INTERFACE Menu Bar Options Table 8 lists the options available from the menu at the top of the main 3WXM window Click on a menu category to display the options for that category Table 8 3WXM Menu Options Menu Option Description File Connect Log on to 3WXM Services Close Close the currently open network plan New Network Plan Create a new network plan Switch Network Plan Close the currently open network plan and open another network plan Delete Network Plan Delete a network plan Import Network Plan Import objects from another network plan into the currently open plan Save As Save a copy of the currently open network plan under a new name Import Import a WX configuration file into the currently open network plan Export Export a WX configuration file from the currently open network plan Exit Close 3WXM Tools Preferences Change 3WXM user preferences Performance Display Ethernet or radio statistics Certificate Management Manage certificates 3WXM Services Setup Configure preferences for 3WXM Services 3WXM Services B
386. ne of the following to filter events by time a Any No events are filtered based on time criteria a Before Only events that occurred before a specified time 380 CHAPTER 14 USING THE EVENT LOG a In the Start box click the arrow to use the calendar to specify the day month and year a Specify the end time a After Only events that occurred after a specified time a In the Start box click the arrow to use the calendar to specify the day month and year Specify the starting time a Between Only events that occurred between specified times a Inthe Start box click the arrow to use the calendar to specify the day month and year Specify the starting time Inthe End box click the arrow to use the calendar to specify the day month and year a Specify the end time In the Show list select one of the following a All To see all log entries a Last To see a specified number of entries at the bottom of the log a First To see a specified number of entries at the top of the log If you selected All go to step 7 Otherwise go to the next step In the Matching Entries box type the number of log entries you want to see The maximum number of entries you can specify depends on the number of entries in the log 7 Click Apply to filter out the unwanted entries from the display Filtering Events by Severity Filtering Events by Facility Filtering Event Messages 381 You can limit the events yo
387. ne or more of the above None No access rule is depending on the type s created automatically You selected during must configure the rules configuration of the service profile The and values are wildcards The wildcard matches on all usernames To match on all MAC addresses MAC access rules only use only a single You can restrict access by specifying part of the username or MAC address along with a wildcard In this case only the usernames or MAC addresses that match the partial username or address are allowed access User Globs and MAC Address Globs For a user glob type a full or partial username to be matched during authentication 1 to 80 alphanumeric characters with no spaces or tabs The format of a user glob depends on the client type and EAP method Viewing and Configuring Wireless Services 239 a For Windows domain clients using Protected EAP PEAP the user glob is in the format Windows_domain_name username The Windows domain name is the NetBIOS domain name and must be specified in capital letters For example EXAMPLE sydney or EXAMPLE which specifies all usernames whose usernames contain periods a For EAP with Transport Layer Security EAP TLS clients the format is username domain_name For example sydney example com specifies the user sydney in the domain name example com The marketing example com glob specifies all users in the marketing department at example com The user glob sydney en
388. nels across the floor minimizes co channel interference Figure 8 shows how to minimize co channel interference for an 802 11b environment when using the nonoverlapping channels 1 6 and 11 Figure 8 Channel Assignment to Minimize Co Channel Interference LO X To assign channels 840 9502 0074 1 Display the floor plan in the Content panel 2 In the Task List panel click RF Planning Under RF Planning click Assign Channels The Channel Assignment wizard appears showing the current channel assignment constraints Computing MAP Placement 145 Channel Assignment Building1 Floor Selection Select the floors for which you would like to perform channel assignment You can also select the technology type Direction of channel assignment will be From Top Floor to Bottom Floor Begin On Floor Floor Level 1 x End On Floor Floor1 Level 1 x Technology All X Use Cross Floor Channel Information v Yes Next gt Finish Cancel To change the starting floor for channel assignment select the floor from the Begin On Floor List By default 3WXM starts at the top floor and works down To change the ending floor for channel assignment select the floor from the End On Floor List The ending floor number must be lower than or equal to the starting floor number To change the radio type for which to assign channels select the radio type from the Technology list By default 3W XM assigns channels
389. nerally the VLAN s gateway routers Clients within the VLAN are not permitted to communicate among themselves directly To communicate with another client the client must use one of the specified gateway routers You can specify up to four gateway MAC addresses The addresses must be unicast not multicast or broadcast For networks with IP only clients you can restrict client to client forwarding using ACLs Use the Restrict L3 Traffic option See Restricting Layer 3 Traffic Among Clients in a VLAN Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs In the Content panel select the VLAN In the Task List panel select Restrict L2 Traffic Select Restrict L2 Traffic to enable the feature for the VLAN Click Create In a Permitted MAC Address box edit the address to be the MAC address of the VLAN s gateway Click Finish 8 Click OK 218 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Restricting Layer 3 Traffic Among Clients in a VLAN Changing a VLAN s Tunnel Affinity 1 u A WwW N 1 To restrict Layer 3 traffic among clients in the same VLAN use an ACL You can configure the ACL yourself or use the Restrict L3 Traffic option in 3WXM Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX
390. network changes Select the Devices tool bar option 2 At the bottom of the Task List panel select Change Management 3 Select one or more WX switches To select multiple switches press Shift for contiguous switches or Control for noncontiguous switches while clicking In the Task List panel in the Network Changes group click Accept The status is shown in the Network Status and Local Status columns To undo local or network changes Select the Devices tool bar option 2 At the bottom of the Task List panel select Change Management 3 Select one or more WX switches To select multiple switches press Shift for contiguous switches or Control for noncontiguous switches while clicking In the Local Changes or Network Changes group in the Task List panel select Undo a Selecting Undo in Local Changes reverses changes made in 3WXM a Selecting Undo in Network Changes reverses changes that have occurred in the network The status is shown in the Network Status and Local Status columns 352 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Deploying Switch Configuration Changes You can deploy changes immediately or schedule them to be deployed later When you deploy changes to a WX all of the changes are sent as a single transaction If any parameter is unsuccessfully changed the entire transaction is rolled back If the transaction is successful the configuration changes are immediately and dynamica
391. ng you can convert existing objects into RF obstacles and add new RF obstacles Generally only some of a drawing s layers contain details relevant to RF planning You can hide layers to simplify a drawing 3WXM performs RF calculations only with information in visible layers Each drawing that you import into 3WXM has a layer 0 which contains information that 3WXM creates You can hide layer O but you cannot delete it and 3WXM requires layer O to be visible when calculating RF coverage or performing rogue detection If you start one of these operations with layer O hidden 3WXM displays a message offering to make layer O visible again 88 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM For best performance and simpler planning 3Com recommends that you hide or remove unnecessary layers and remove unnecessary objects The Clean Layout option automatically deletes all objects that meet the cleanup criteria which you can modify See Cleaning Up a Drawing on page 89 You also can select and delete individual objects Hiding Layers With the drawing displayed in the Content panel click Layers in the Organizer panel to bring up a list of the layers in the drawing Click the checkbox next to the layer name to show or hide the layer Figure 3 shows the same floor plan as Figure 2 after hiding unnecessary layers Figure 3 Floor Plan After Layers Hidden o 0 P R Oo File Tools Help 2 ib B Q to 1 Back Forward Poli
392. ng Local and Network Changes 350 Reviewing Switch Configuration Changes 350 Accepting Network Changes 351 Undoing Local or Network Changes 351 Deploying Switch Configuration Changes 352 Synchronizing When the Network and 3WXM Have Nonmatching Changes 353 Distributing System Images 354 Using the Image Repository 354 Distributing System Images 355 Rebooting WX Switches or MAP Access Points 356 Enabling or Disabling Management of a Switch by 3WXM 357 Viewing the Operation Log 358 Canceling a Scheduled Operation 358 Importing and Exporting Switch Configuration Files 359 Modifying Configuration Change Polling Options 361 VERIFYING CONFIGURATION CHANGES Verification Tabs 363 Toolbar Options 364 Filtering the Message List 364 Resolving an Error or Warning 364 Disabling a Rule from the Message List 365 Changing Verification Options 366 Disabling and Reenabling Rules 367 MANAGING CERTIFICATES Overview 369 Processing Certificates 370 Managing Certificates 371 Reviewing Certificate Details 371 Deleting Certificates 371 Distributing Certificates to WX Switches 372 13 14 15 CONFIGURING AND APPLYING POLICIES How Changes Are Managed 373 Policies Created When You Migrate a 3 x Network Plan to 4 1 373 Viewing Policies 374 Creating a Policy 374 Configuring Feature Settings in a Policy 375 Applying Policy Changes to Switches 375 USING THE EVENT LOG Displaying the Event Log 377 Toolbar Options 377 Refreshing Event D
393. ng a Color from the Palette To specify a color using the color palette click Swatches in the Choose Color dialog box From the color palette click the color you want to see Repeat until you find the color you want In the Preview box you can see the swatches and text in the color you chose The Recent box shows the colors you have chosen so far Click Reset to choose the original predefined color and clear the Recent box Click OK to accept the color you last chose The RF tab in the Preferences dialog box is active Changing Options for RF Planning 487 Do one of the following a Change another color a Click another Preferences tab a Click Close to close the Preferences dialog box Defining a Color by Changing HSB Properties You can define colors by changing the hue saturation and brightness HSB a Hue is the color itself for example blue orange or purple Hue is measured in degrees 0 to 360 degrees a Saturation is the strength of the color Saturation values are measured in percentages with O percent indicating no color saturation gray and 100 percent indicating full saturation a Brightness is the amount of light in the color Brightness is also measured in percentages with O percent indicating black and 100 percent indicating white To define a color by changing HSB To specify a color by changing HSB click HSB in the Choose Color dialog box To change the hue value select the H option an
394. nge Handshake Authentication Protocol Version 2 MS CHAP V2 Select this protocol for wireless clients a Uses TLS for encryption and data integrity checking a Provides MS CHAP V2 mutual authentication Only the server side of the connection needs a certificate Local EAP TLS EAP with TLS a Provides mutual authentication integrity protected negotiation and key exchange Requires X 509 public key certificates on both sides of the connection Provides encryption and integrity checking for the connection Cannot be used with RADIUS server authentication requires user information to be in the switch s local database a External RADIUS Server No protocol is used by the WX The switch sends the authentication traffic to a RADIUS server for EAP processing If you select PEAP the EAP Sub Protocol is MS CHAPV2 For other protocols the EAP Sub Protocol is None Other access types do not use EAP AAA Methods RADIUS Server Groups and the Local User Database n addition to user globs or MAC address globs access rules specify AAA methods which can be one or both of the following RADIUS server group Named set of RADIUS servers LOCAL Switch s local user database You can select both a server group and LOCAL The switch tries the methods in the order they appear in the list starting with the one at the top gt Viewing Wireless Services A W N Viewing and Configuring Wireless Services 241
395. nning see Planning the 3Com Mobility System on page 69 If you are planning to use 3WXM to configure switches in a remote office see Configuring WX Switches Remotely on page 331 WX Switch Configuration Objects Configuration objects for WX switches are organized into the following categories a System a Wireless a AAA You can access configuration wizards for these object types by clicking on tasks in the Task List panel or by selecting the object type under a WX switch in the Organizer panel Table 16 lists the WX switch object types 158 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Table 16 WX Switch Object Types Category Object Type Description System Ports Settings for individual ports See Viewing and Changing Port Settings on page 176 Port Groups Settings for port groups See Viewing and Changing Port Groups on page 184 Management Services Settings for the following management services System Information including contact and location information CLI prompt and message of the day HTTPS Controls Web Management access to the WX switches a Telnet Controls Telnet management access to the WX switches a SSH Controls Secure Shell SSH management access to the WX switches Web Portal Controls web based login of network users clients SNMP Configures traps communities and trap receivers Timezone
396. not capacity Unless you disabled the option to place MAPs based on capacity do not select the Optimize AP Count option 4 Select Compute Power for the areas for which you want to compute power 5 Click Next The Compute Power For Progress page appears a f the power computation succeeds click Finish to see the results a f the power computation fails click OK in the Optimal Power Computation box and click Finish See To resolve optimal power computation problems on page 149 gt Computing MAP Placement 149 To resolve optimal power computation problems If power levels for one or more coverage areas could not be optimized show the RF coverage at baseline association and minimum transmit rates for the coverage areas by doing the following In the Show RF coverage using listbox select how you want to display the coverage a Baseline Association Rate Coverage is shown based on the MAP radio baseline association rate The baseline association rate is the typical data rate the radio is expected to support for client associations The baseline association rate is specified during planning on a coverage area basis a Data Rate Coverage is shown in colored bands that represent each of the data transmit rates supported by the radio These rates are standard for each radio type a RSSIl Coverage is shown based on the received signal strength indication RSSI of the radio s signal heard by other radios I
397. ns Defining Wireless Coverage Areas 121 To change the MAP connection type for the redundant connection select Direct or Distributed from the MAP Connection Type list WX4400 switches support indirect MAP connections only To change the number of redundant connections for the distributed connection type type the number in the Redundancy Level box For direct connections the redundancy level is always 1 Click Next The Capacity Planning for Data page appears v Create Coverage Area Optional Capacity Planning for Data Select if you would like to use Capacity planning for data If this is not selected RF Planning will only be based on Coverage criteria CoverA Use Capacity Calculation for Data Select the oversubscription ratio that best describes the average transmit behavior of the stations in your network CoverG Use Capacity Calculation for Data Per Station Throughput Kb s Expected Station Count 50 Station Oversubscription Ratio Select the oversubscription ratio that best describes the average transmit behavior of the stations in your network Updated Use Capacity Calculation for Data Value Yes lt Previous Next gt j Finish Cancel 122 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Configuring Capacity Calculation for Data 3WXM can perform multiple calculations for MAP placement One is based on coverage only Another is based
398. ns Session Summary a Total Num Sessions a Average SNR a Average RSSI a SSID Summary a Access Type Summary a Top Bandwidth Sessions a Low RSSI Sessions a Low SNR Sessions See Using the Client Monitor View on page 415 for information about the data columns in each section of the report Generating a Client Details Report The client details report lists details about current client sessions The data for this report comes from 3WXM Services The Enable client session collection option located in the Client Monitor group box of the Monitoring Settings tab must be enabled See Changing Monitoring Settings on page 500 1 Select the Reports tool bar option 2 In the Report Category list select Client Monitoring Reports 3 In the Reports list select Client Details 390 CHAPTER 15 GENERATING REPORTS Click Add to add a report filter The filter configuration fields are activated Click on the Select field and select one of the following from the drop down list a User Name a P Address a MAC Address Click on the Value field Erase the text in the field and type the username IP address or MAC address of the user depending on the selection criterion you specified in step 5 7 Press Enter to complete the filter 10 11 12 Repeat step 4 through step 7 for each user you want to display details for To select or change the output directory for the report click Choose navigate to t
399. nt data by reducing the amount of bandwidth used by broadcast traffic a Proxy ARP WX responds on behalf of wireless clients to ARP requests for their IP addresses a DHCP Restrict WX captures and does not forward any traffic except DHCP traffic for a wireless client who is still being authenticated and authorized a No Broadcast Sends unicasts to clients for ARP requests and DHCP Offers and Acks instead of forwarding them as multicasts All these broadcast control options are disabled by default Viewing and Configuring Wireless Services 255 Radio Profile Selection Tab The Radio Profile Selection tab list the radio profiles mapped to the service profiles Service profile wizards map the service profiles to the default radio profile by default To map another radio profile to the service profile select the radio profile in the Available Radio Profiles list then click Add To unmap a radio profile from the service profile select the radio profile in the Current Radio Profiles list then click Remove Voice Configuration Tab The Voice Configuration tab lists settings used for VoIP service profiles For some options the settings selected by 3WXM differ depending on the vendor you select when you create the service profile a Static CoS When enabled marks all traffic on the SSID with the same CoS value the Static CoS Value This option is automatically enabled for Vocera voice service profiles but is disabled for all
400. nt panel Each row in the table shows settings for an individual radio profile To display all settings for a radio profile select the radio profile and click Properties 264 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Creating a Radio Profile Moving Radios Back to the Default Radio Profile 1 To create a radio profile Access the Create Radio Profile wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to Wireless ao 0 oO Select Radio Profiles e In the Task List panel select Radio Profile In the Name box type the name of the radio profile 1 to 16 characters with no spaces or tabs Click Next 4 To add radios to the profile a Select the radios in the Available Members list b Click Move The radios are removed from the radio profile they are currently in and added to the new profile 5 Click Next 1 To map the radio profile to a service profile select the service profile in the Available Service Profiles list and click Add Click Finish To move radios back to the default radio profile Access the Radio Profiles table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless In the Radio Profiles table select the radio profile to which the radios are currently mapped Click Properties 4 In the C
401. ntiguous objects click Shift while selecting them a To select multiple noncontiguous objects click Ctrl while selecting them 2 Click the copy icon Cm 3 Click the paste icon Pp A configuration wizard appears Edit settings to make the new object unique from the object you copied then click OK or Finish to save the changes and close the configuration wizard 44 CHAPTER 2 WORKING WITH THE 3WXM USER INTERFACE Enabling Keyboard Keyboard shortcut mnemonics also called action mnemonics in 3WXM Shortcut underline shortcut characters in action names in toolbars and menus Mnemonics When a character is underlined you can press the corresponding letter Windows XP Only key on the keyboard to display the toolbar menu or perform the menu action Depending on your Windows XP desktop setup 3WXM might not show action mnemonics To enable action mnemonics 1 Right click on the desktop and select Properties 2 Click the Appearance tab The Display Properties dialog box appears Display Properties Themes Desktop Screen Saver Appearance Settings x Inactive Window Active Window Message Box X Windows and buttons windows XP style v Color scheme Default blue Font size Normal E 3 Click Effects Enabling Keyboard Shortcut Mnemonics Windows XP Only 45 Effects Use the Following transition effect For menus and tooltips Fade effect v Cluse the Followin
402. nts To specify the WX switches to monitor you upload their configuration into 3WXM or add them to the network plan In addition SNMP traps must be enabled on the WX switches By default the 3WXM Services supplies data to all of the windows within the Monitoring tab This data is refreshed at regular intervals according to the polling interval configured for the 3WXM Services The default polling interval is 5 minutes You can optionally disable the 3WXM Services from supplying data to specified windows To configure the 3WXM Services for monitoring see Changing Monitoring Settings on page 500 To enable SNMP traps on WX switches see Configuring SNMP on page 187 Accessing Monitored Data Data provided by 3WXM Services is displayed in the Monitor tab in the Content panel To access the data 3WXM client must have a connection with the host running the 3WXM Services To access monitored data Enable the 3WXM client to access the 3WXM Services if you have not already done so Select the Monitor option in the main 3WXM tool bar By default the Explore view of the Network Plan is displayed Using the Explore Window 403 t 3Com Wireless LAN Switch Manager 4 1 0 Plan RTFM Eile Tools Help e 23 amp R Q Back p Policies RF Planning Configuration Monitor Rogue Detection Verification BRA moe CXASHSISRO Aiphaw3 cwx 1200 Alphawwi2 CwxR 100 Nee
403. o 60 characters with no spaces or tabs Click Next In the Available Devices list select the WX switches you want to use as the Network Domain seeds 7 Click Next 8 In the Available Devices list select the WX switches you want to use as Network Domain members Make sure to select the seed switch as a member For the Network Domain to work properly the seed must also be configured as a member Click Finish The Network Domain configuration is included in the summary information for the network plan To display summary information for a plan select the Configuration tool bar option then select the network plan name in the Organizer panel The summary information appears in the Content panel PLANNING THE 3COM MOBILITY SYSTEM The 3Com Wireless LAN Switch Manager 3WXM planning tools help you plan your mobility system This chapter discusses the Building wizard and describes how to create a site create or modify buildings import or draw floor details specify the RF characteristics of a floor define a wireless coverage area compute MAP placement and generate RF network design information RF Planning Overview The 3WXM planning tools calculate the 3Com equipment you need how to configure it and where to install it all based on the information you provide about your wireless coverage needs You can display projected coverage and even experiment with network changes You can also optimize the plan based on RF
404. o change network options Select Tools gt Preferences The Preferences dialog box appears 2 Click the Network tab 3 To set the amount of time that 3WXM waits for a connection to be established to a WX before trying to connect again specify the timeout 1 to 30 seconds in the Connect Timeout box The default is 5 seconds To set the number of times 0 to 5 3WXM tries to reconnect to the WX after the original attempt specify the value in the Retry Count box The default is 3 times For example if the retry count is 3 3WXM attempts to establish a connection to a WX four times If you specify 0 3WXM does not attempt to establish a connection if the first attempt is unsuccessful Click Close to close the Preferences dialog box or click another tab to continue making changes Changing User Interface Options You can change the following user interface options Confirmation prompt when closing wizard pages a Window style for exploring the topological view in the main 3WXM window a Size of icons in 3WXM a Placement of the wizard index in wizard dialog boxes To change 3WXM user interface options Select Tools gt Preferences The Preferences dialog box appears Click the UI tab gt 4 Changing Persistence Options 483 To enable a confirmation prompt after you close a wizard select the Warn checkbox To disable the confirmation prompt clear the Warn checkbox By default if you close a wizard a pop up box app
405. o change the file type for the key store file select one of the following a PKCS12 Public Key Cryptography Standard number 12 the standard format used by Unix machines JKS Java Key Store a format used by Java platforms and applications c Enter the password in the Password box When both the Accept all certificates and Accept self signed certificates options are disabled and you specify a key store file the 3WXM Services accepts a certificate from a WX switch only if the public key information for that certificate is in the key store file 8 Click Save to save the changes or Cancel to cancel the changes 9 Click another tab to configure more settings or click Close to close the 3WXM Services Setup dialog box 500 CHAPTER B CHANGING 3WXM SERVICES PREFERENCES Changing Monitoring Settings By default status monitoring and monitoring of WX notifications is enabled Status monitoring supplies data for the Explore and Status Summary windows of the Monitor tab SNMP notifications traps generated by WX switches supply data for the Client Monitor RF Monitor and RF Trends windows Table 63 lists the source of the data for each window in the Monitor tab and for the Performance Statistics window Table 63 Sources of Monitor Data 3WXM Client Display Data Source Default Event tab 3WXM client for 3WXM client messages Enabled 3WXM Services for monitoring service Enabled messages Enable log monitoring
406. ods for authenticating and authorizing network access for wired or wireless users You can configure 802 1X authentication parameters for an individual WX or for a domain policy CAUTION 802 1X parameter settings are global for all SSIDs configured on the switch To view global 802 1X settings Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select 802 1X The global 802 1X settings appear To change global 802 1x settings Access the 802 1X settings a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to AAA d Select 802 1X 304 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS 2 To enable 802 1X authentication for all wired authentication ports on the WX switch select System Authentication Control To disable 802 1X authentication for all wired authentication ports clear System Authentication Control By default 802 1X authentication is enabled To specify the number of seconds the WX switch waits before attempting reauthentication specify the timeout value 0 to 65 535 seconds in the Quiet Period Timeout box The default is 60 seconds To specify the number of seconds the WX switch waits before retransmitting an Extensible Authentication Protocol over LAN EAPOL packet specify the timeout value 1
407. olicy WX switch or site object in the Organizer panel to display and configure settings for that object For more information about the tool bar options see Tool Bar Options on page 39 34 CHAPTER 2 WORKING WITH THE 3WXM USER INTERFACE Saving or Discarding Configuration Changes When you select the Policies RF Planning or Configuration tool bar option the Content panel contains a Save button and a Discard button a Save Click Save to send unsaved configuration changes to 3WXM Services to save in the network plan The 3WXM client buffers configuration changes you make to a policy WX switch or site until you click Save or save the network plan When you click Save the client sends all buffered configuration changes a Discard Click Discard to undo all buffered changes The Save and Discard buttons are greyed out unless there are unsaved changes Configuration wizards have a Finish or OK button which saves the configuration items you type or select in the wizard When you save changes in a wizard by clicking Finish or OK the Save and Discard buttons in the Content panel remain greyed out because there are no unsaved changes to save or discard When you click a link to open a configuration wizard if there are unsaved changes 3WXM prompts you to apply or cancel the changes Click Apply to save the buffered changes and open the wizard The Save Apply Finish and OK buttons do not send configuration changes
408. olling 13 To specify the time to wait before rotating the WEP key specify the value from 30 to 1 641 600 seconds 19 days in the WEP Key Rolling Period box The default is 3600 seconds one hour 14 To specify the number of seconds MSS retains session information for Bonded Auth bonded authentication purposes for an authenticated machine while waiting for the 802 1X client on the machine to start re authentication for the user specify the value from 1 to 300 seconds in the Bonded Period box The default is O seconds 15 Click Save 306 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Viewing and Configuring 802 1X Network Access Rules Viewing 802 1X Network Access Rules Creating an 802 1X Network Access Rule A W N 1 This section describes how to view and configure 802 1X rules for user network access To configure other types of network access rules see the following a Viewing and Configuring MAC Network Access Rules on page 310 a Viewing and Configuring WebAAA Network Access Rules on page 313 a Viewing and Configuring Last Resort Network Access Rules on page 316 To configure access rules for administrative access to the WX itself see Viewing and Configuring WX Administrator Access Rules on page 318 This section assumes that you are familiar with the AAA options in MSS For detailed information see the Configuring AAA for Network Use
409. on If you disable HTTPS you cannot use Web Management 3WXM communications also use HTTPS but 3WXM is not affected by the HTTPS configuration on the WX For 3WXM HTTPS is always enabled and listens on port 8889 To view management service settings Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to System Select Management Services The management services and their settings appear in the Content panel To change management service settings To enable or disable a management service select or deselect it by clicking the checkbox next to the service name For example to enable Telnet click the checkbox to place a checkmark in the box You can individually enable or disable the following management services a HTTPS a Telnet a SSH a Web Portal a SNMP To change the Telnet service port select or type the new port number in the Port box next to Telnet The default TCP port is 23 To change the idle timeout for CLI management sessions edit the value in the Idle Timeout checkbox Configuring SNMP Viewing and Changing Management Settings 187 You can specify from 0 to 86400 seconds one day The default is 3600 one hour If you specify O the idle timeout is disabled The timeout interval is in 30 second increments For example the interval can be 0 or 30 seconds or 60 seconds or 90 seconds and so on If you enter an inte
410. onfiguration changes WX1200 save config success configuration saved Power off or restart the switch 338 CHAPTER 9 CONFIGURING WX SWITCHES REMOTELY Example 3 Deployment Site Has DNS But No DHCP 1 The deployment site in this example does not have a DHCP server but does have a local DNS server The configuration is similar to Example 1 but includes DNS configuration information instead of an IP alias Configure a VLAN WX1200 set vlan 1 port 7 success change accepted Configure an IP interface on the VLAN WX1200 set interface 1 ip 192 168 1 252 255 255 255 0 success change accepted Configure a default route through the local gateway WX1200 set ip route default 192 168 1 1 0 success change accepted Configure the default DNS domain name WX1200 set ip dns domain example com Domain name changed Configure DNS server information WX1200 set ip dns server 192 168 11 2 Enable the MSS DNS client WX1200 set ip dns server enable success change accepted Enable the auto config option WX1200 set auto config enable success change accepted Save the configuration changes WX1200 save config success configuration saved Power off or restart the switch Example 4 Deployment Site Has DHCP But Local DNS Domain Differs From Corporate DNS Domain Staging a WX Switch for Configuration by 3WXM 339 The deployment site in this example has a DHCP server so the switch s DHCP client i
411. option for WX switch Enabled messages Monitor tab Explore Status monitoring of WX switches 3WXM Enabled window Services Monitor tab Status Status monitoring of WX switches by 3WXM Enabled Summary window Services Monitor tab Client Enable client session collection option Disabled Monitor window Monitor tab Status monitoring of WX switches by 3WXM Enabled RF Monitor window Services Does not apply to the Activity tab at the bottom of the window Monitor tab Collect radio activity traps Disabled RF Trends window Enable RF trending option Enabled Rogue Detection tab Enable Rogue Detection option which Enabled activates polling and uses SNMP traps received by 3WXM Services from monitored WX switches Performance Statistics data received by 3WXM client directly Enabled Monitoring window from managed WX switches 3WXM Services does not provide this data D The monitoring options require SNMP traps to be enabled on the monitored WX switches and also require 3WXM Services to be configured as a notification target trap receiver for each of the switches gt To change monitoring settings 1 Changing Monitoring Settings 501 The data for some reports also requires monitoring options to be enabled For information see the descriptions for each report in Generating Reports on page 383 To change monitoring settings use the following procedure Select Tools gt 3WXM Services Setup The 3WXM Services Setu
412. or tab displays information retrieved from the 3WXM Services Information is presented in the following windows within the Monitor tab a Explore Shows the operational status of 3Com equipment WX switches MAP access points and radios a Status Summary Shows tables of basic information for the 3Com equipment a Client Monitor Shows activity errors and session information for network clients Additionally you can configure a watch list of clients and track their activity and session histories over time up to 30 days a RF Monitor Shows RF information for radios including power and channel information a RF Trends Shows current and past statistics for radios You can view Statistics up to 30 days old and display graphs of data trends 402 CHAPTER 16 MONITORING THE NETWORK The 3WXM Services is configured to provide data for the Explore and Status Summary windows by default To provide data to the client and RF windows you must enable the service to poll WX switches for client and RF data You also can enable the service to receive SNMP traps generated by the WX switches See Changing Monitoring Settings on page 500 Requirements for Monitoring To enable the 3WXm service to monitor network data you or the 3WXM Services administrator must specify the WX switches to monitor The 3WXM Services collects data from the switches and updates the information in the windows of the Monitor tab on 3WXM clie
413. ork checks occur specify the interval between checks from 1 to 1440 minutes 24 hours in the Interval box The default is 15 minutes To be notified of network changes by a popup message select Prompt when network changes are detected To disable the popup message deselect the option Disabling the popup message does not affect the Network Changes information in the Alerts panel The Alerts panel still notifies you of network changes To instruct WX switches to save deployed configuration changes in their configuration files select Save WX Configuration on Deploy Click Close 362 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS 11 VERIFYING CONFIGURATION CHANGES 3WXM uses a set of rules to verify WX switch configurations Changes to a switch s configuration in 3WXM or in the live network are automatically evaluated by comparing the changes to the rules If the evaluation detects any error or warning conditions the information in the Alerts panel is updated a Errors or warnings in a switch s configuration in 3WXM affect the Configuration counts a Errors or warnings in the network affect the Network counts Verification Tabs Click on Configuration or Network in the Alerts panel to display the Verification tabs in the Content panel The Verification tab contains a Config Verification tab and a Network Verification tab a The Config Verification tab shows errors and warnings for switch configura
414. ort a f the rule is for access to an SSID do one of the following To match on any SSID name leave the value any in the SSID box To match only on a specific SSID name select or type the name in the SSID box a f the rule is for access through a wired authentication port select Wired CAUTION The default SSID name any matches on all SSID names If the SSID box contains any and you do not change the SSID name the authentication rule allows clients who match the userglob to access any SSID 3 Click Next 4 lf the authentication rule is disabled select Enabled When a rule is disabled 3WXM does not add it to the switch s configuration 5 Select the authentication method s in the Available RADIUS Server Groups list and click Add An authentication method specifies where the switch will look for user information to authenticate users You can select a RADIUS server group LOCAL the switch s local user database or both MSS tries the methods in the order they appear in the Current RADIUS Server Groups list To reorder the methods select a method and click Up or Down a f you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server no authentication and authorization are attempted with the other methods specified in the list a f you specify LOCAL as the first method and a user is not in the local user database on the WX authentication and authorization are attem
415. other one area for 802 11a and another for 802 11b g An area requiring 802 11a and 802 11b uses a dual radio MAP model for calculation even if you specify a single radio MAP Defining Wireless Coverage Areas 117 2 To refine the dimensions of the coverage area specify the appropriate dimension in the X Length and Y Length boxes 3 Click Next The wizard presents properties and association pages for the technology you chose in step 1 The following example shows the wizard for 802 11a and 802 11g technologies Create Coverage Area Coverage Area Name s Enter the name for the Coverage Area s You can also enter the data rate for the Coverage Area s 802 11a Coverage Area Name CoverA Rate Mb s 36 Select the desired baseline association rate For this Coverage Area 802 11g Coverage Area Name CoverG Exclude 802 11b Clients Rate Mb s 11 x Select the desired baseline association rate for this Coverage Area Updated Name value CoverG lt Previous Next gt ii Finish J Cancel Specifying Coverage Area Properties To specify coverage area properties 1 In the Name box for each technology type a name for the coverage area 1 to 60 characters long with no tabs 2 In the Rate Mb s list for each technology select the average desired association rate for typical clients in this coverage area 3 For 802 11g to prevent the association of 80
416. ountermeasures against devices classified by MSS as rogues but do not use countermeasures against devices classified by MSS as interfering devices 266 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS AN CAUTION Countermeasures affect wireless service on a radio When a MAP radio is sending countermeasures the radio is disabled for use by network traffic until the radio finishes sending the countermeasures a Configured Causes radios to attack only devices specified in the attack list on the WX switch on demand countermeasures When this option is used devices found to be rogues by other means such as policy violations or by determining that the device is providing connectivity to the wired network are not attacked a Enable Active Scan Sends probe any requests probe requests with a null SSID name to solicit probe responses from other access points Radios also passively scan by listening for beacons and probe responses When active scan is disabled radios perform passive scanning only 802 11 Attributes Tab The 802 11 Attributes tab lists the settings of the following options a Beacon Interval interval at which the MAP advertises its SSIDs You can specify from 25 to 8191 milliseconds ms The default is 100 ms DTIM Period Number of beacons 1 to 31 the MAP transmits before transmitting the multicast and broadcast frames stored in its buffers The default is 1 a Fragment Threshold Frame length 256 to 2346
417. oups 184 Viewing Port Groups 184 Creating a Port Group 185 Changing a Port Group 185 Viewing and Changing Management Settings 186 Viewing Management Service Settings 186 Changing Management Service Settings 186 Configuring SNMP 187 Viewing and Setting Log and Trace Settings 198 Viewing Log Settings 198 Changing Log Settings 198 Viewing and Configuring IP Services Settings 201 Viewing IP Services Setting 201 Creating a Static Route 202 Create an IP Alias 203 Configuring DNS 203 Configuring NTP 204 Configuring ARP 205 Viewing and Configuring VLANs 206 Viewing VLANs 207 Creating a VLAN 207 Changing VLAN Membership 209 Changing VLAN Spanning Tree Settings 210 Changing VLAN IGMP Settings 214 Restricting Layer 2 Traffic Among Clients in a VLAN 217 Restricting Layer 3 Traffic Among Clients in a VLAN 218 Changing a VLAN s Tunnel Affinity 218 Configuring the MSS DHCP Server 219 Changing the Aging Time for FDB Entries 220 Viewing and Configuring ACLs 220 Viewing ACLs 221 Creating an ACL 221 Configuring Advanced ACL Settings 226 Adding a New ACE to a Configured ACL 228 Mapping an ACL 228 Deleting an ACL 230 Deleting an Individual ACE from an ACL 230 Viewing and Changing CoS Mappings 231 Viewing CoS Mappings 231 Changing a DSCP to CoS Mapping 232 Changing a CoS to DSCP Mapping 232 Setting a Range of DSCP Values to a Single CoS Value 233 Resetting CoS Mapping to their Default Values 233 7 CONFIGURING WIRELESS PARAMETERS Viewing and Conf
418. outbound authentication and authorization to a RADIUS server 1 to 32 alphanumeric characters with no spaces or tabs Providing an authorization password is required only for users whose devices are authenticated by their MAC addresses or for last resort users neither of which have a regular username or password The default authorization password is 3Com Changing the password applies both to MAC users and to last resort users All MAC address authenticated users or last resort users must share the same authorization password on the RADIUS server Click Next A server group is a group of one to four RADIUS servers Server groups enable RADIUS server redundancy by allowing another server to be used if the first server is unavailable You must create at least one server group even if you are using only one RADIUS server You can specify the order in which servers are used for authentication You can also specify load balancing which uses all servers in a group using a round robin algorithm Access the Create RADIUS Server Group wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to AAA 2 Viewing and Configuring RADIUS Settings 301 d Select RADIUS e In the Task List panel select RADIUS Server Group In the Name box type the name of the RADIUS server group 1 to 32 alphanumeric characters with no spaces or tabs Do not use t
419. output directory for the report click Choose navigate to the new directory and click Select To prevent 3WXM from replacing an existing report of the same type with this new repor click next to Overwrite Existing Files to deselect this option Click Generate When the report is generated click the report link to view it The client errors report contains the following sections a Cumulative errors for the scope of the report a Client errors on individual WX switches See Using the Client Monitor View on page 415 for information about the data columns in each section of the report 392 CHAPTER 15 GENERATING REPORTS Generating a Watch List Client Report gt kh WN The watch list client report lists session information and roaming history for clients on the watch list The client must be on the client watch list See Managing the Client Watch List on page 434 Select the Reports tool bar option In the Report Category list select Client Monitoring Reports In the Reports list select Watch List Client Select the time period for the report 1 Hour a 24 Hours a 7 Days a 30 Days Click Add to add a report filter The filter configuration fields are activated Click on the Select field and select MAC Address 3WXM monitors the clients on the watch list by MAC address Click on the Value field Erase the text in the field and type the MAC address of a client Press Enter to comple
420. ove the implicit deny all rule that is at the end of every ACL Each ACL has a rule at the end that denies all source and destination IP addresses This rule provides security be ensuring that the only traffic permitted by an ACL is the traffic you want to permit This rule is automatically added to the end of each ACL and cannot be edited or removed After you add an ACE to the table each subsequent ACE appears above the implicit deny all ACE at the bottom of the list but beneath all the other ACEs you have configured The switch uses the ACEs in the order they appear in the list beginning at the top Because the action in the first ACE that matches a packet is used the order the ACEs appear in is important You can reorder them See step 13 Specify the source IP address by clicking in the Source IP column and editing the value To match on all source IP addresses leave the value 0 0 0 0 0 Specify the destination IP address by clicking in the Source IP column and editing the value To match on all destination IP addresses leave the value 0 0 0 0 0 6 To specify the protocol a Click on the down arrow in the Protocol column Viewing and Configuring ACLs 223 b Select the well known name of the protocol from the Protocol Name drop down list If the protocol s name is not listed select Other to activate the Protocol Number box then type or select the number c Click OK d If you selected tcp or udp go to step 7
421. p E gq M Back Forward Policies RF Planning Configuration Devices Monitor Rogue Detection Verification Events BROS AASRSL Fe AML al BWM yg showrrcoverageusing Datarate File Tools Help Coverage Areas Floor 2 Level 2 Floort Level 1 RF Planning sai omer RF Planning R gt Import Floor Layout gt Clean Layout D Create RF Obstacles D gt Compute and Place gt Assign Channels gt Compute Optimal Power gt Work Order Report OQcovers Site Survey R gt Import Points gt Import Measurement D Optimize D Report i Coverage Areas To hide coverage again right click on the scope in the Coverage Areas section and select Hide RF Coverage 480 CHAPTER 18 OPTIMIZING A NETWORK PLAN Fixing a Coverage Hole Computing and Placing New MAPs Adding New MAPs that Are Already Installed to the Network Plan After you import RF measurements optimize and display coverage you can observe any wireless coverage holes in the network To fix a coverage hole use any of the following methods a Lock the MAPs in place and use the Compute and Place task to recompute the number of MAPs needed and their recommended placement If this results in new MAPs being added install the new MAPS a Install new MAPs and add them to the network plan Using this method you install the new MAP first then
422. p 8 select or create the MAC address globs you want to allow to access the voice VLAN Otherwise go to step 23 To create a new rule a Click Create b Specify the MAC address glob in the Matching MAC Glob box To match on all MAC addresses leave the wildcard in the box For syntax information see Access Rules on page 238 To use an existing rule leave the rule in the list Select or create the radio profile to map to this service profile By default the default radio profile is selected a To map the service profile to the default radio profile leave default selected and go to step 23 a To map the service profile to a different radio profile select the radio profile and go to step 23 23 Configuring a Web Portal WebAAA Service 1 Viewing and Configuring Wireless Services 247 To create a new radio profile a Select Create new Radio Profile and click Next b Type the radio profile name in the Name box and click Next c Select the radios you want to manage with the radio profile and click Move to move them to the Current Members list If you have not planned RF coverage or configured any MAPS in the network plan yet no radios are listed You can add the radios later Select the radio profile click Properties then select Radio Selection See Configuring Advanced Radio Profile Settings on page 265 d Go to step 23 Click Finish The service profile appears in the service profile table
423. p dialog box appears 2 Click the Monitoring Settings tab 3 To change the number of minutes between status queries from 3WXM Services to the WX switches it monitors change the value in the Polling interval box You can specify from 1 to 60 minutes The default is 5 minutes To change settings for monitoring of the log buffers on WX switches a Select Enable log monitoring This option is enabled by default b To change the number of minutes between queries of the WX switches log buffers change the value in the Polling interval box You can specify from 1 to 60 minutes The default is 5 minutes c To change the maximum number of log entries 3WXM Services stores for an individual WX switch change the value in the entries per WX box You can specify from 1000 to 5000 entries in increments of 100 The default is 1000 entries To enable data collection for client sessions select Enable client session collection This option is disabled by default The Polling Interval is 5 minutes and cannot be changed To enable RF data collection select Enable RF trending This option is enabled by default The Polling Interval is 5 minutes and cannot be changed d To change the threshold for a threshold crossing alert TCA change the value in the Low SNR Max clients per AP or Max Receiver Adjustment listbox 502 CHAPTER B CHANGING 3WXM SERVICES PREFERENCES Low SNR specifies how low the signal to noise ratio SNR can be for a r
424. p in progress t Floor Plan Clean Up Floor Cleanup Progress Cleanup is in progress Please wait Before Cleanup After Cleanup KI Status Processing layer RF VWWALLS Total Objects in the layer 884 Total Objects Identified for cleanup 720 Completed processing layer RF VWALLS Processing layer SHELL Total Objects in the layer 956 Total Objects Identified for cleanup 631 Oamniatad nenananina lovee CLIC Finish Cancel 9 Click the After Cleanup tab The cleaned up drawing appears 92 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM t Floor Plan Clean Up Floor1 Cleanup Progress Cleanup is in progress Please wait Before Cleanup After Cleanup 4 Status Processing layer RF WALLS Total Objects in the layer 884 Total Objects Identified for cleanup 720 Completed processing layer RF WALLS Processing layer SHELL Total Objects in the layer 956 Total Objects Identified for cleanup 631 Aamnintad menanmninn iann MIMI I Click Finish l lt Previous 10 Do one of the following a Click Finish to accept the changes a Click Previous to change the cleanup constraints Go back to step 2 on page 75 a Click Cancel to cance
425. page 220 262 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS gt 11 Do not change the deny rule at the bottom of the ACL This rule must be present and the capture option must be used with the rule If the rule does not have the capture option the Web Portal user never receives a login page To modify access rules click Next and go to Modifying Access Rules Otherwise click Finish Modifying Access Rules If you have not already done so access the Access Rules Configuration page for the service profile a Select the service profile in the Wireless Service Profiles table b Select one of the following in the Task List panel 802 1X Access MAC Access used for voice a Web Portal Access Open Access Access Rules c If you selected Access Rules go to step 2 Otherwise click Next to advance through the wizard until you reach the Access Rules Configuration page To create a new rule click Create a Specify the user glob or MAC address glob For syntax information see Access Rules on page 238 a To modify an existing rule select the rule and click Properties For information see the procedure for configuring the type of service profile you are modifying For example if you selected an 802 1X profile see Configuring an 802 1X Wireless Service on page 242 When you finish making changes click Finish to save them and close the wizard Viewing and Configuring Radio Profiles 263
426. panel select Admin Access Type the userglob that is allowed to access the switch through Telnet or SSH Click Next 4 lf the authentication rule is disabled select Enabled When a rule is disabled 3WXM does not add it to the switch s configuration Select the authentication method s in the Available RADIUS Server Groups list and click Add An authentication method specifies where the switch will look for user information to authenticate users You can select a RADIUS server group LOCAL the switch s local user database or both 10 Viewing and Configuring WX Administrator Access Rules 321 MSS tries the methods in the order they appear in the Current RADIUS Server Groups list To reorder the methods select a method and click Up or Down If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server no authentication and authorization are attempted with the other methods specified in the list If you specify LOCAL as the first method and a user is not in the local user database on the WX authentication and authorization are attempted with a RADIUS server group if one is defined in the method list The authentication methods you select are also used for authorization 6 Click Next 7 To enable this accounting rule for the SSID select Enabled By default accounting rules you configure in 3WXM are disabled which means 3WXM does not add the rules to the switch s conf
427. pe a 16 byte hexadecimal string for MD5 or a 20 byte hexadecimal string for SHA a If you selected Pass Phrase as the format type a string at least 8 characters long 7 Select the encryption type used for SNMP traffic a None No encryption is used This is the default a DES Data Encryption Standard DES encryption is used a 3DES Triple DES encryption is used a AES Advanced Encryption Standard AES encryption is used 8 If you select DES 3DES or AES you can specify a passphrase or a hexadecimal key a Select the format from the Format pull down list b Type the value in the Password box a If you selected Key as the format type a 16 byte hexadecimal string If you selected PassPhrase as the format type a string at least 8 characters long for DES or 3DES or at least 12 characters long for AES 9 Click Finish a Viewing and Changing Management Settings 191 Configuring a Notification Profile A notification profile is a named list of all the notification types that can be generated by a switch and for each notification type the action to take drop or send when an event occurs Access the Create Notification Profile wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select Management Services e In the Task List panel select Notification Profile In the Profile Name box type the name of
428. plore windows to display information specifically for this switch in those windows For a Site the scope for each row is a building For a building the scope for each row is a floor For a floor the scope for each row is a coverage area 418 CHAPTER 16 MONITORING THE NETWORK Table 38 Client Activity Columns When a Mobility Domain is Selected Option Description Authentication Failures Authorization Failures Association Failures Dot1x Failures Number of times authentication for a client failed Common causes of authentication failures include the following a User glob or MAC address glob mismatch or Unknown user a Invalid password a RADIUS server timeout Number of times authorization for a client who has been authenticated failed Common causes of authorization failures include the following Time of day start date or end date attributes do not allow access on the date and time the client is requesting it a The VLAN the client is assigned to cannot be found Number of times a 3Com radio refused a client s association request Common causes of association failures include the following a The encryption cipher requested by the client is not enabled or not supported on the radio a A static WEP key is required but the client did not present the correct key a Session load balancing is enabled on the MAP and the MAP s maximum session count has already been reached The client is requ
429. plus sign next to the WX switch 278 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS c Click the plus sign next to Wireless d Select Access Points 2 Select the MAP you want to modify and click Properties 3 To select the radio type for a single radio model click the MAP Radio Type box and select the radio type from the list a 11a 802 11a a 11b 802 11b only 11g 802 11b g 4 To change the Name edit the string in the Name box 5 If you are configuring dual homing support in the Bias list select High or Low Bias is the priority of one WX connection over other WX connections to a single MAP for booting configuration and data transfer You can set a Distributed MAP s bias to be low or high A configuration with a high bias has priority over a configuration for the same MAP with low bias The default is High If the bias for all connections is the same the MAP selects the switch that has the greatest capacity to add more active MAPs For example if a MAP is dual homed to two WX4400 switches and one of the switches has 50 active MAPs while the other switch has 60 active MAPs the new MAP selects the switch that has only 50 active MAPs Bias applies only to WX switches that are indirectly attached to the MAP through an intermediate Layer 2 or Layer 3 network A MAP always attempts to boot on MAP port 1 first and if the MAP is directly attached to a WX switch on MAP port 1 it boots from that switch regardless of the bia
430. point To delete an LOS point To permanently remove an LOS icon from the floor 1 Right click on the LOS icon 2 Select Delete The Delete Objects wizard appears 3 Click Finish to confirm the deletion Generating a Site Survey Order 1 Display the floor plan in the Content panel 2 In the Task List panel click RF Planning 3 Under Site Survey click Report The Site Survey Order Generation dialog is displayed Specifying the RF Characteristics of a Floor 107 t Site Survey Order Generation Scope a Floor1 Level 1 Language English v Output Directory Results Click Generate to generate the site survey order FE Generate Close Select the scope for which you want generate a site survey order You can specify the Network Plan an individual site an individual building or an individual floor Select the language for the site survey order a English German To specify the output directory for the site survey order click the button below Output Directory and navigate to the directory where you want 3WXM to place the site survey order Click Generate 3WXM generates the site survey order When the order is complete the View button becomes available To view the site survey order click View A browser window opens 108 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM F C Documents and Settings mattb My Documents SSO_Site1_Building1_Floor1_11_21_05 frames
431. ports in the Available Physical Ports list and click Add 5 Click Next 6 In the Distributed MAPs drop down list select the Distributed MAPs to include in the Mobility Profile a All tinclude all Distributed MAPs Selected tinclude a selected list of Distributed MAPs a None tinclude no Distributed MAPS If you select Selected select the individual MAPs in the Available Distributed APs list and click Add 7 Click Finish 330 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS CONFIGURING WX SWITCHES REMOTELY You can use 3WXM Services running in your corporate network to configure WX switches in remote offices The following remote configuration scenarios are supported a Drop ship 3WXM Services running in the corporate network can configure a WXR100 switch shipped directly to a remote office This option does not require any preconfiguration of the switch a Staged You can stage any model of switch by preconfiguring IP connectivity and enabling auto config then sending the switch to the remote office The switch contacts 3WXM Services in the corporate network to complete its configuration The drop ship option is supported only for the WXR100 The staged option is supported for all switch models Both options require 3WXM Services If you know a switch s serial number you can create a complete configuration for the switch in 3WXM When the switch requests its configuration from 3
432. pplications on the machine where the 3WXM Services is installed If port 443 or 162 is used by another application change the port number for the monitoring service or for the other application To change service settings Select Tools gt 3WXM Services Setup The 3WXM Services Setup dialog box appears 2 Click the Service Settings tab if not already selected 3 To change the TCP port on which the 3WXM Services listens for requests from 3WX M type or select the port number in the HTTPS Server Port box The default is 443 CAUTION When you click Save all instances of the 3WXM client lose connection with the service and will need to reconnect on the new port number The HTTPS port number is automatically updated for the 3WXM client you are using and your connection is automatically restored Other clients will need to use the Monitor Service Select wizard to change the service port and reconnect The change the UDP port on which 3WXM Services listens for SNMP traps type or select the port number in the HTTPS Server Port box The default is 162 To enable 3WXM Services to receive traps select one or both of the following trap types a SNMP V1 Traps a SNMP V3 Traps You also must add 3WXM Services as a notification target on each WX switch 3WXM Services does not start listening for SNMP notifications from a WX switch until you add 3WXM Services as an SNMP notification target to the switch To configure 3WXM Services as a swit
433. procedure If you selected Open Access in step 2 select the VLAN to which you want the switch to assign users Otherwise go to step 12 Click Finish to close the wizard and save the changes You are finished with this procedure Click Next If you selected LOCAL as an authentication method the users in the switch s local database are listed For convenience you can add modify or delete users on this page To add a user click Create and see Creating a Named User on page 289 To modify a user select the user and click Properties To delete a user select the user and click Delete 184 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS gt 13 If you select Web Portal in step 2 3WXM automatically creates a user named web portal wired Similarly if you select Open Access 3WXM creates a user called last resort wired Do not delete or modify these users You can add modify or delete users at any time even after this wizard is closed See Creating and Managing Users in the Local User Database on page 287 Click Finish Viewing and Changing Port Groups Viewing Port Groups A W N A port group is a set of physical ports that function together as a single link and provide load sharing and link redundancy Only network ports can participate in a port group The WX balances port group traffic among the group s physical ports by assigning traffic flows to ports based on the source and destination MAC
434. ps list and click Add An authentication method specifies where the switch will look for user information to authenticate users You can select a RADIUS server group LOCAL the switch s local user database or both 312 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS 10 11 MSS tries the methods in the order they appear in the Current RADIUS Server Groups list To reorder the methods select a method and click Up or Down If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server no authentication and authorization are attempted with the other methods specified in the list If you specify LOCAL as the first method and a user is not in the local user database on the WX authentication and authorization are attempted with a RADIUS server group if one is defined in the method list The authentication methods you select are also used for authorization Click Next 8 To enable this accounting rule for the SSID select Enabled By default accounting rules you configure in 3WXM are disabled which means 3WXM does not add the rules to the switch s configuration Select one of the following record options Select Start Stop to specify that records are sent at the start of a session and the end of a session Select Stop Only to specify that records are sent only at the end of a session Select the accounting method s in the Available RADIUS Ser
435. pted with a RADIUS server group if one is defined in the method list The authentication methods you select are also used for authorization 6 Click Next 318 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS 1 Viewing and Configuring WX Administrator Access Rules Viewing WX Administrator Access Rules 7 0 A WN To enable this accounting rule for the SSID select Enabled By default accounting rules you configure in 3WXM are disabled which means 3WXM does not add the rules to the switch s configuration Select one of the following record options a Select Start Stop to specify that records are sent at the start of a session and the end of a session a Select Stop Only to specify that records are sent only at the end of a session Select the accounting method s in the Available RADIUS Server Groups list and click Add The options and processing are the same as those for authentication methods See step 5 Click Finish MSS supports administrative access to a WX switch through the serial console port or through the network Connections through the network use Telnet or SSH This section assumes that you are familiar with the AAA options for administrative access For detailed information see the Configuring AAA for Administrative and Local Access chapter of the Wireless LAN Switch and Controller Configuration Guide To view WX administrator access rules Sele
436. pute Layout Name Technology Wiring Closet Redundant Wiring Closet Shared Area Default AP Choice Cover v CoverG Click Next to begin computation 802 11a 802 119 Not Assigned Not Assigned Ocovers MAP 372 Not Assigned Not Assigned OcoverA MAP 372 Cancel To remove a coverage area from MAP placement and computation clear the area s Compute Layout box To specify the primary wiring closet for a coverage area click in the Wiring Closet column to display the wiring closet list and select a wiring closet from the list You must specify the primary wiring closet for directly attached MAP access points Specifying the primary wiring closet for distributed MAPs is optional To specify the redundant wiring closet for a coverage area click in the Redundant Wiring Closet column to display the wiring closet list and select a wiring closet from the list This step is optional To specify the shared area for a coverage area click in the Shared Area column to display the shared area list and select a coverage area from the list This step is optional To specify the default AP to be used in a coverage area click in the Default AP Choice column to display a list of APs and select an AP from the list This step is optional Click Next The Coverage Area Progress page appears v Compute and Place for Floor1 Compute And Place Progress Computing MAP Placement 141 Please wait
437. r a Ifa list of USM users is displayed select Create new USM User and click Next b In the Username box type the name of the SNMPv3 user The name can be 1 to 32 alphanumeric characters with no spaces or tabs c Select the access type read notify An SNMP management application using the string can get object values on the switch but cannot set them The switch can use the string to send notifications notify only The switch can use the string to send notifications notify read write An SNMP management application using the string can get and set object values on the switch The switch can use the string to send notifications d Select the Engine ID format a Hex ID is a hexadecimal string IP ID is based on the IP address of the station running the management application Enter the IP address of the station MSS calculates the engine ID based on the address LocallD Uses the value computed from the switch s system IP address To send informs you must specify the engine ID of the inform receiver To send traps and to allow get and set operations and so on specify local as the engine ID If you select Hex or IP type the hexadecimal string or IP address in the Value box To configure authentication and encryption settings finish this procedure then select the USM user and click Properties 8 Click Finish 198 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Viewing and Setting Log and
438. r glob for the users to which the location policy does not apply Type the user glob in the box When specifying a user glob enter a username a double asterisk wildcard character to specify all usernames or a single asterisk wildcard character to specify a set of usernames up to or following the first delimiter character either an at sign or a period To match on VLAN select one of the following a Equal Apply the location policy to all users with a specified VLAN In the VLAN box type the name of the VLAN a Not Equal Apply the location policy to all users whose assigned VLAN does not match a specified VLAN In the VLANs box type the name of the VLAN Type the VLAN name in the box To match on multiple VLAN names use the single asterisk wildcard character in the string To match on all VLAN names use the double asterisk and no other characters 6 Click Next 7 Select the ports for which the location policy is applied and click Add 8 Click Next 9 10 11 12 13 14 15 Viewing and Changing Location Policy Rules 327 Select the Distributed MAPs for which the location policy is applied and click Add Click Next In the Action list select one of the following a Permit Allows access if the conditions in the location policy rule are matched If you select Permit you must specify at least one of following a In ACLName ACL applies to packets sent to the WX See step 12
439. range In the Last DSCP list select the upper DSCP value in the range In the CoS value list select the internal CoS value to which you want MSS to map all DSCP values within the selected range Click Finish To reset CoS mapping to their default values Access the QoS tables a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select QoS 2 In the Task List panel select Reset to defaults 3 Click Save 234 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS CONFIGURING WIRELESS PARAMETERS This chapter describes how to view and configure the following wireless parameters for WX switches a Service Set Identifiers SSIDs which are managed by service profiles a Radio profiles which assign IEEE 802 11 settings and a service profile to radios a Auto DAP profile a MAPs a MAP radios a RF detection Viewing and Configuring Wireless Services 3WXM provides wizards to configure the following types of wireless services 802 1X Service Profile Provides wireless access to 802 1X clients a Voice Service Profile Provides wireless access to Voice over IP VoIP devices a Web Portal Service Profile Provides wireless access to clients who log in using a web page a Open Access Service Profile Provides wireless access to clients without requiring them to log in a Custom Service Profile Provides wireles
440. ration from a local DHCP server After obtaining an IP configuration the switch sends a DNS query for the IP address of well known hostname wlan config srv 7 DNS replies with the IP address of the host where 3WXM Services are installed The WXR100 sends a configuration request to 3WXM Services 8 3WXM receives the configuration request and looks in the currently selected network plan for a WXR100 configuration with the same serial number as the one in the configuration request a f the network plan contains a configuration with a matching serial number 3WXM deploys the configuration to the switch See Preconfiguring a Switch in 3WXM a f the network plan does not have a configuration with a matching serial number one of the following occurs f the Auto Config IP Subnet Matching is enabled and other requirements are met 3WXM can give the configuration to another switch with a different serial number if the switch is the same model and is in the same IP subnet See Replacing a Switch and Reusing its Configuration on page 342 for more information 334 CHAPTER 9 CONFIGURING WX SWITCHES REMOTELY Staged WX a If the serial number does not match and the Auto Config IP Subnet Matching option is disabled 3WXM cannot give the switch a configuration 3WXM generates a verification warning on the Network Verification tab The warning lists the switch s serial number and IP address The network administrator can up
441. re not in the core themselves Do not enable the feature on WX switches that are in the network core To enable fast convergence features Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs 214 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Changing VLAN IGMP Settings To switch to an alternate port if the root port fails select Enable Uplink Fast To enable the backbone fast convergence feature select Enable Backbone Fast Click Save Internet Group Management Protocol IGMP snooping controls multicast traffic on a WX by forwarding packets for a multicast group only on the ports that are connected to members of the group IGMP is especially useful for WLANs because bandwidth is relatively constrained The WX listens for multicast packets and maintains a table of multicast groups as well as their sources and receivers based on the traffic IGMP snooping is enabled by default You can configure IGMP snooping parameters and enable or disable the feature on an individual VLAN basis The current software version supports IGMP versions 1 and 2 To configure IGMP snooping Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs 2 In the Content panel
442. re encrypted using WEP key 1 To use another key for either type of packet select the key number in the WEP Unicast Key Index or WEP Multicast Key Index box 252 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS 14 Click Next 15 16 gt 17 Configuring a Custom Service Select the VLAN into which you want the switch to place users of the SSID If you want to specify the VLAN later when configuring the access rules you can leave the VLAN Name box blank Select or create the radio profile to map to this service profile By default the default radio profile is selected a To map the service profile to the default radio profile leave default selected and go to step 17 a To map the service profile to a different radio profile select the radio profile and go to step 17 To create a new radio profile a Select Create new Radio Profile and click Next b Type the radio profile name in the Name box and click Next c Select the radios you want to manage with the radio profile and click Move to move them to the Current Members list If you have not planned RF coverage or configured any MAPS in the network plan yet no radios are listed You can add the radios later Select the radio profile click Properties then select Radio Selection See Configuring Advanced Radio Profile Settings on page 265 d Go to step 17 Click Finish If none of the other service types is appropriate you can use the Custom Service Prof
443. rement Table on page 153 for information about the fields in the display Using RF Interactive Measurement Mode Reading the RF Measurement Table Verifying the Wireless Network 153 7 Click OK to save the changes and close the box 8 Do one of the following a To use the RF interactive measurement mode see Using RF Interactive Measurement Mode To generate network design information see Generating RF Network Design Information on page 155 a Click Finish to save the changes and close the wizard RF interactive measurement mode is useful when you are troubleshooting or surveying the coverage areas on the floor You can quickly measure signal strengths for any location on the floor To use the RF interactive measurement mode Click the sill icon in the toolbar Click any location on the floor Received signal strength indication RSSI measurements for the selected location appear next to the Floor View See Reading the RF Measurement Table for information about the fields in the display The projected signal strengths for the planned equipment from that measurement point are shown in the RF measurement table X Y coordinates for the measurement point and display options are also available to customize the RSSI table Using this interactive mode can be valuable when verifying deployment coverage with a portable WLAN measurement tool on the floor 154 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM
444. rganizer panel 7 Select the Configuration tab on the 3WXM tool bar 8 Select the WX switch 10 11 12 Create or modify parameter settings for the switch After you complete all the changes make sure you save the changes by clicking Save Select the Verification option on the 3WXM tool bar Review any error or warning messages for the switch Click on an error or warning message to display more information and a list of resolutions for the error or warning condition 342 CHAPTER 9 CONFIGURING WX SWITCHES REMOTELY 13 14 15 16 Click on a resolution to correct the error or warning condition Select the Devices option on the 3WXM tool bar Select the switch In the Task List panel select Deploy Replacing a Switch and Reusing its Configuration gt Requirements If a remote switch that is configured by 3WXM fails you can install a new switch in its place and use 3WXM to configure the switch with the replaced switch s configuration This method of switch replacement requires preconfiguration of an auto config setting by the network administrator but does not require any configuration by the person who actually performs the replacement at the remote office Remote switch replacement is disabled by default but can be enabled on a global basis in the network plan This feature applies only when the wireless switch being replaced is the only wireless switch in the network Also see the next section
445. rk plan can contain more than one Mobility Domain Standalone WX switches and third party APs do not need to be configured within a Mobility Domain You use 3WXM to create a Mobility Domain and define its seed device and the other WX switches in the Mobility Domain If you already have WX switches installed and configured you can upload the configurations of the switches to 3WXM to have them included in a Mobility Domain For a client session to be considered a roaming session and not a new session the following criteria must be met a The client associates or reassociates with a MAP in the Mobility Domain and the client already has a session on a different MAP in the Mobility Domain The existing session can be in one of two states a Active The normal state for a client that has left radio range without sending a request to disassociate a Diassociated The state of a client that has sent an 802 11 disassociate frame but has not roamed or aged out yet Defining a Mobility Domain 61 a Mobility Domain communications are stable Generally the communications required for roaming are the same as those required for VLAN tunneling Roaming between ports on a WX is possible even if the Mobility Domain is down a Authentication authorization and accounting AAA on the MAP to which the client roams is successful on the first attempt An authentication or authorization failure clears the client session Depending on when the failure
446. ror or warning If an Edit option is listed in the Resolution section click on the option to display the configuration wizard for the item Edit the configuration item or resolve the network issue and save the change 5 In the Verification tab click Refresh on the tab s toolbar 6 Check the messages to see whether the error or warning is gone All 3WXM rules are enabled by default If you want 3WXM to stop alerting you about a specific error or warning you can disable the rule for that error or warning You can disable rules on a per instance basis or globally for all instances a f you disable a rule for a specific instance 3WXM stops alerting you about that particular instance but still uses the rule when evaluating other configuration items a f you disable a rule for all instances 3WXM stops using that rule altogether when verifying a configuration Rules that are disabled for all instances are disabled on a per user basis not a per plan basis When you disable all instances of a rule the rule is disabled for any network plan that you open while you are logged on with the 3WXM client user name you were logged on with when you disabled the rule To disable a specific instance of a warning or error Select the warning or error message In the Resolutions section click disable this rule for this instance only As soon as you click on this option the message disappears from the list 3WXM will not display this particu
447. rs chapter of the Wireless LAN Switch and Controller Configuration Guide To view 802 1X network access rules Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to AAA Select 802 1X Access Rules The configured 802 1X network access rules appear If the network user name matches the userglob in an 802 1X access rule the WX switch attempts to authenticate the client using 802 1X Access the Create 802 1X Network Access wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to AAA d Select 802 1X Access Rules e In the Task List panel select 802 1X Network Access Viewing and Configuring 802 1X Network Access Rules 307 2 Specify whether the rule is for wireless access to an SSID or access through a wired authentication port a f the rule is for access to an SSID do one of the following To match on any SSID name leave the value any in the SSID box To match only on a specific SSID name select or type the name in the SSID box a f the rule is for access through a wired authentication port select Wired CAUTION The default SSID name any matches on all SSID names If the SSID box contains any and you do not change the SSID name the authentication rule allows clients who match the userglob to access any SSID Type the userglob that
448. rs Click Yes to delete the system image To close the Image Repository dialog box click Close Distributing System Images gt gt Distributing System Images 355 You can distribute a system image to one or more WX switches in a network plan To use a new system image you must reboot the WX For more information see Rebooting WX Switches or MAP Access Points on page 356 3Com recommends that you use the Verification tab to resolve any configuration errors or warnings before you distribute system images Before you can distribute an image you must add it to the image repository See Using the Image Repository on page 354 To immediately install an image on WX switches Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Managed Devices list select the WX switches onto which you want to install the image To select more than one Wx click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items In the Task List panel select Image Install 5 Click on Select an Image to display the list of images in the repository 6 Select the image and click Install To schedule installation of an image on WX switches Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Managed Devices list select the WX switches onto which you want
449. rt is enabled Viewing and Changing Port Settings 177 3 To specify the speed of a 10 100 Ethernet port select one of the gt following a Auto Sets the port to automatically detect the traffic speed and set the speed accordingly This is the default value a 10 Sets the speed to 10 Mbps a 100 Sets the speed to 100 Mbps The port speed for gigabit Ethernet ports is predefined as 1000 Mbps and cannot be configured To specify the operating mode of a 10 100 Ethernet port select Half for half duplex or Full for full duplex mode To enable PoE on a 10 100 Ethernet port select PoE Enabled CAUTION If you enable PoE on a port connected to a device other than a MAP access point hardware damage can result By default PoE is disabled To disable PoE clear PoE Enabled For a gigabit Ethernet port if supported by the switch to disable auto negotiation clear Auto Negotiation This option is enabled by default For a gigabit Ethernet port if supported by the switch select the interface you want to enable a GBIC Enables the fiber interface and disables the copper interface a RJ45 Enables the copper interface and disables the fiber interface The port supports only the physical interface you select The other interface is disabled The port cannot dynamically switch between one interface and the other Click Save Enabling Link Notifications By default notifications for link state changes are disable
450. rt of the same type with this new report click next to Overwrite Existing Files to deselect this option 396 CHAPTER 15 GENERATING REPORTS 8 Click Generate 9 When the report is generated click the report link to view it See Using the RF Monitor View on page 442 and Using the RF Trends View on page 447 for information about the data in each section of the report Generating a Rogue Details Report A W N ul The rogue details report lists detailed information about rogue devices The data for this report comes from the 3WXM client The Enable Rogue Detection option located in the Rogue Detection group box of the Monitoring Settings tab must be enabled See Changing Monitoring Settings on page 500 Select the Reports tool bar option In the Report Category list select Rogue Reports In the Reports list select Rogue Details Click Add to add a report filter The filter configuration fields are activated Click on the Select field and select MAC Address Click on the Value field Erase the text in the field and type the BSSID of the rogue 7 Press Enter to complete the filter 10 11 12 Repeat step 4 through step 7 for each user you want to display details for To select or change the output directory for the report click Choose navigate to the new directory and click Select To prevent 3WXM from replacing an existing report of the same type with this new report click n
451. rtal open access and custom See Viewing and Configuring Wireless Services on page 235 Radio Profiles Sets of radio parameters that can be applied to multiple radios including the beacon interval RF Auto Tuning settings and service profiles See Viewing and Configuring Radio Profiles on page 263 Auto DAP Settings for the Auto DAP profile See Viewing and Changing the Auto DAP Profile on page 269 Access Points Settings for MAPs See Viewing and Configuring MAPs on page 272 Radios Settings for individual MAP radios See Viewing and Changing Radio Settings on page 281 160 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Table 16 WX Switch Object Types continued Category Object Type Description Wireless cont RF Detection Configuration parameters for rogue detection and countermeasures See Viewing and Changing RF Detection Settings on page 282 AAA Local User Users configured on the WX switch instead of Database on the RADIUS server See Creating and Managing Users in the Local User Database on page 287 RADIUS RADIUS servers and server groups See Viewing and Configuring RADIUS Settings on page 298 802 1X Global 802 1X settings See Viewing and Configuring Global 802 1X Settings on page 303 802 1X Access Rules Access rules for 802 1X clients See Viewing and Configuring
452. rval that is not divisible by 30 the switch rounds up to the next 30 second increment For example if you enter 31 the switch rounds up to 60 This option applies to all types of CLI management sessions console Telnet and SSH The timeout change applies to new sessions only not to existing sessions To configure SNMP settings go to Configuring SNMP Otherwise click Save On each switch in the network plan you must enable notifications and configure 3WXM Services as a notification target trap receiver 3WXM Services does not start listening for SNMP notifications from a WX switch until you add 3WXM Services as an SNMP notification target to the switch For simple configuration of 3WXM Services as an SNMP notification target see Setting Up a Switch on page 167 Click the checkbox next to SNMP to enable it if you have not already done so By default SNMP is disabled To change the minimum level of security MSS requires for SNMP select one of the following from the Security Level drop down list a Unsecured SNIMP message exchanges are not secure This is the default and is the only value supported for SNMPv1 and SNMPv2c This security level is the same as the noAuthNoPriv level described in SNMPv3 RFCs a Authenticated SNMP message exchanges are authenticated but are not encrypted This security level is the same as the authNoPriv level described in SNMPv3 RFCs a Encrypted SNMP message exchanges ar
453. rvey Order The site survey order appears LOS point information for the selected floor is displayed gt Generating a Work Order 399 Scroll down to view the MAC address assignments for the LOS points Use the instructions in the Ekahau Site Survey Initial Setup section of the work order to set up the survey When you import the floor map into the site survey tool make sure you use the map name specified in the work order The site survey data will not appear when you import RF measurements into 3WXM unless the map name is correct Generating a Work Order gt A W N 6 A work order provides all of the necessary information for the physical installation of the 3Com Mobility System A work order shows where the MAP access points should be installed WX initial setup configuration information and projected RSSI information that is useful when verifying the installation The work order has meaning only after you add planning information See Planning the 3Com Mobility System on page 69 Select the Reports tool bar option In the Report Category list select RF Plan Reports In the Reports list select Work Order Select the scope for the work order You can select the network plan a site a building or an individual floor Select the options you want to use for the report a RF Coverage a RSSI Projections a Show Disabled MAPs only available if RSSI Projections is selected a Show RF Coverage On
454. rvices 243 Select the EAP type EAP MD5 Offload PEAP Offload a Local EAP TLS a External RADIUS Server If you select PEAP the EAP Sub Protocol is MS CHAPV2 For other protocols the EAP Sub Protocol is None For information see EAP Type 802 1X Only on page 239 Specify the authentication method RADIUS server group or local database For information see AAA Methods RADIUS Server Groups and the Local User Database on page 240 Click Next To assign a default VLAN to the SSID select the VLAN from the VLAN Name drop down list The VLAN and other authorization attributes can be assigned to users in the local database on remote servers or in the service profile of the SSID the user logs into The VLAN you select here is used only if a VLAN attribute is not configured for the user on the RADIUS server or in the switch s local database Select or create the radio profile to map to this service profile By default the default radio profile is selected a To map the service profile to the default radio profile leave default selected and go to step 15 To map the service profile to a different radio profile select the radio profile and go to step 15 a To create anew radio profile a Select Create new Radio Profile and click Next b Type the radio profile name in the Name box and click Next c Select the radios you want to manage with the radio profile and click Move to move them to the
455. s 4 Click Finish Network plans reside on a host running 3WXM Services You can open an existing network plan by connecting to the 3WXM Services host where the plan resides selecting File gt Switch Network Plan then specifying the plan s name in the dialog The network plan is then opened in the 3WXM main window You can open a network plan created in a previous version of 3WXM with a later version of 3WXM For example if you created a network plan in 3WXM Version 4 0 you can open the plan in 3WXM Version 4 1 However because a network plan created in 3WXM Version 4 0 manages WX switches running MSS Version 4 0 you cannot use new features available in MSS Version 4 1 unless you upgrade the WX switches to MSS Version 4 1 To upgrade WX switches see Distributing System Images on page 354 Importing a Network Plan Managing Network Plans 57 To open a network plan Establish a connection to the 3WXM Services host on which the network plan is saved You can do this by restarting 3WXM or selecting File gt Open and then entering the IP address of the 3WXM Services host in the 3WXM Services Connection dialog box After the connection is established with the 3WXM Services host select File gt Switch Network Plan If any changes were made to the currently loaded network plan you are prompted to save them and close the file The Switch Network Plan dialog box appears Select the network plan you want to open and c
456. s In this example the selected rule class is 802 1X Network Access In the Enabled column click on the checkbox next to the rule a f you are reenabling a rule go to step 5 a f you are disabling a rule go to step 8 In the Rule column click on the rule name The disable settings are displayed and become editable a lf the rule is disabled for all instances the Disable All Instances option is selected a f individual instances of the rule are disabled the Disable Selected Instances option is selected and the instances are listed Instances that are disabled have checkmarks in the checkboxes next to them 368 CHAPTER 11 VERIFYING CONFIGURATION CHANGES 6 Reenable the rule or instances a To reenable a rule all of whose instances are disabled click on the checkbox in the Enabled column The Disable All Instances option is deselected a To reenable an individual instance of a rule click on the checkbox next to the instance Repeat for each instance you want to reenable Alternatively if you want to reenable all the disabled instances you can click on the checkbox in the Enabled column 7 Go to step 10 8 Click on the checkbox in the Enabled column The disable options become editable By default the Disable All Instances option is selected 9 To leave all instances disabled go to step 10 To disable only specific instances a Select Disable Selected Instances The individual instances of the rule are listed
457. s below The 3WXM install program installs either just the 3WXM client or both the 3WXM client and Services There is no option to install the 3WXM Services only Insert the 3WXM CD in the CD ROM drive If Autorun is enabled wait briefly for the install program to start If Autorun is disabled follow these steps a In Windows Explorer navigate to your CD ROM drive b In the Software 3WXM directory double click install exe The Introduction page of the 3Com Wireless Switch Manager installation wizard appears and then the Contents screen appears as shown below 3Com Wireless Switch Manager CD ROM loj x File Edit View Aton Options Help CONTENTS C 3Com Wireless Switch Management fa Wireless LAN Mobility System Documentation Software Utilities E 3Com Network Director Visit www 3com com Installing 3WXM 25 2 Open the 3Com Wireless Switch Management folder 3 Select 3Com Wireless Switch Manager File Edit View Aton Options Help 20 CONTENTS 3com Visit www 3com com 4 Click the View button The 3Com Wireless LAN Switch Manager 3WX M information screen appears 5 Click the Install button The installation begins During the installation the 3Com Wireless Switch Manager installation wizard minimizes 6 When the installation is complete maximize the 3Com Wireless Switch Manager installation wizard screen and then press the Contents button
458. s Through The switch established an EAP session directly between the client and the RADIUS server All authentication information and certificate exchanges between the client and RADIUS server passed through the switch None EAP was not used to authenticate this client None is the EAP type when MAC authentication last resort authentication or WebAAA is used to authenticate the client IP address of the client VLAN onto which the WX switch placed the user This is the VLAN for which the user was authorized by the RADIUS server or the WX switch System IP address of the WX switch that was attempting to authenticate the client Note The system IP address is listed even if the switch was using a RADIUS server to authenticate the client Authentication type that granted access a DOT1X a MAC a LAST RESORT a WEB Using the Client Monitor View 431 Table 50 Session Properties Columns continued Column Description Session State State of the user session Associated User is authenticated using an 802 11 protocol and associated with a MAP Authorizing User is authenticated and is starting the AAA authorization process Authorized User is authorized Active User s session is fully active Deassociated User is disassociated from the MAP Roaming_away User is roaming a connection in the new location is established Updated_to_roam User is roaming Session sta
459. s access based on the combination of options you choose Use this option only if none of the other options applies to the type of service you want to offer 236 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Wireless Service Parameters A wireless service consists of the following parameters Service profile a Access rules Service Profiles A service profile configures an SSID Table 18 lists the parameters For parameters that are assigned default values by the wizards the table also lists the default values Table 18 Service Profile Parameters Service Profile Default Value Assigned by Parameter Description Service Profile Wizard Service profile Name of the service profile Based on service profile type name Secure 802 1x a Voice a Web Portal a Open Custom service profiles do not have a default name SSID name SSID name with wireless Blank no default value clients will associate SSID type Encryption setting for data Based on service profile type a Encrypted a 802 1X Encrypted clear is a Clear unencrypted not applicable a Voice Encrypted a Web Portal Clear Open Clear a Custom Encrypted Beaconing state Advertisement of the SSID Enabled using beacons Fallthu access Access type attempted if Based on service profile type type neither 802 1X nor MAC 802 1X None access are applicable to the client Voice None Web Portal Web Portal Open tast Resort a Cu
460. s dialog box appears Click the Persistence tab To disable change notification clear the Plan Change Notification checkbox Click Close to close the Preferences dialog box or click another tab to continue making changes 484 CHAPTER A CHANGING 3WXM PREFERENCES Changing Tools Options You can change the Telnet and Web browser applications that start from the 3WXM Tools menu The default Telnet application is Microsoft Telnet Client The default Web browser is Microsoft Internet Explorer To change tools options Select Tools gt Preferences The Preferences dialog box appears 2 Click the Tools tab 3 To change the Telnet executable file or location used by 3WXM type the path of the executable file in the Telnet Executable box The default Telnet executable file is CAWINDOWS system32 telnet exe You can also click Browse to navigate the computer filesystem To change the Web browser executable file or location used by 3WXM type the path of the executable file in the Browser Executable box The default Web browser executable file is C Program Files Internet Explorer iexplore exe You can also click Browse to navigate the computer filesystem Click Close to close the Preferences dialog box or click another tab to continue making changes Changing Certificate Management Options By default 3WXM does not accept self signed certificates from WX switches or from the monitoring service You can change this opt
461. s enabled Static IP address and default gateway information are not required The site also has a local DNS server However the local DNS domain name is different from the corporate DNS domain name where 3WXM Services are located The static DNS configuration on the switch overrides the DNS configuration from the DHCP server Configure a VLAN WX4400 set vlan 1 port 7 success change accepted Enable the DHCP client on VLAN 1 WX4400 set interface 1 ip dhcp client enable success change accepted Configure the default DNS domain name WX4400 set ip dns domain examplecorp com Domain name changed Configure DNS server information WX4400 set ip dns server 192 168 11 2 Enable the MSS DNS client WxX4400 set ip dns server enable success change accepted Enable the auto config option WX4400 set auto config enable success change accepted Create a self signed administrative certificate to enable 3WXM or Web Management to communicate with the WX WX4400 crypto generate key admin 1024 key pair generated WX4400 crypto generate self signed admin Country Name State Name Locality Name Organizational Name Organizational Unit Common Name remoteswitch1 example com Email Address Unstructured Name success self signed cert for admin generated 340 CHAPTER 9 CONFIGURING WX SWITCHES REMOTELY Save the configuration changes WX4400 save config success configuration saved Power off or restar
462. s of connectivity to the switch 7 To modify the management interface select the IP interface and VLAN from the VLAN IP drop down list 8 To modify the enable password edit the string in the Enable Password box Use this option when you are creating a new switch in 3WXM This option modifies the password in the network plan However if the switch is already deployed in the network 3WXM cannot apply configuration changes to the switch unless the enable password in 3WXM matches the enable password already configured on the switch 9 To change the switch s Mobility Domain membership select the Mobility Domain from the Mobility Domain drop down list To leave the switch out of all Mobility Domains select Not Assigned 10 To change the switch s wiring closet membership select the closet from the Wiring Closet drop down list To leave the switch out of all wiring closets select Not Assigned 11 Click Save 172 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Changing the WX Software Version Changing the WX Model Changing Timezone Properties To change the WX software version Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select Change Software Version The Change Software Version wizard appears Select the software version from the drop down list 5 Click OK To change the WX model Select the Configuration tool bar option 2 In the Organi
463. s on all source and destination IP addresses and denies them To modify an ACE select the part of the ACE you want to modify and edit or select the new value For information about ACE settings see Viewing and Configuring ACLs on page 220 CAUTION Do not change the deny rule at the bottom of the ACL This rule must be present and the capture option must be used with the rule If the rule does not have the capture option the Web Portal user never receives a login page Click Next Specify the authentication method RADIUS server group or local database For information see AAA Methods RADIUS Server Groups and the Local User Database on page 240 If you selected LOCAL as an authentication method go to step 19 Otherwise go to step 21 Click Next The users in the switch s local database are listed For convenience you can add modify or delete users on this page To add a user click Create and see Creating a Named User on page 289 To modify a user select the user and click Properties To delete a user select the user and click Delete 3WXM automatically creates a user named web portal ssid where ssid is the SSID name This username is used temporarily for users while they are being authenticated Do not delete or modify this user 250 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS 20 gt 21 Configuring an Open Access Service 1 You can add modify or delete users at any time
464. s settings In the Enable Blink list select Yes to enable LED blink mode or No to disable it When blink mode is enabled the health and radio LEDs alternately blink green and amber allowing you to visually identify a MAP By default blink mode is disabled In the Enable Firmware Update list select Yes to automatically upgrade MAP boot firmware The upgrade version of the firmware is loaded from a WX when the MAP is booting Select No to disable automatic firmware upgrading Automatic firmware upgrading is enabled by default Viewing and Configuring MAPs 279 8 To configure settings for a radio click 802 11g Radio or 802 11a Radio a To enable the radio select Enabled b If the MAP model supports external antennas select the external antenna model from the Antenna Type box c To indicate the direction of the antenna s coverage change the value in the Directionality of antenna box The default value of O degrees directs the antenna s coverage to the right on the floor plan For example to move the coverage 90 degrees so that the antenna s area of coverage faces downward as you view the floor plan type 90 in the box You can verify and change the antenna s coverage direction after you finish using this wizard To verify the antenna s coverage display the floor plan where the MAP is located The antenna direction is indicated by an arrow To show the antenna s RF coverage select the MAP right click and
465. s sign next to System d Select IP Services e In the Task List panel select ARP Entry In the MAC Address box type the MAC address that the IP address is to be mapped to In the IP Address box type the IP address for the ARP entry Click Finish 206 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Viewing and Configuring VLANs A virtual LAN VLAN is a Layer 2 broadcast domain that can span multiple wired or wireless LAN segments Each VLAN is a separate logical network and if you configure IP interfaces on the VLANs MSS treats each VLAN as a separate IP subnet You configure VLANs on a WX switch s network ports by configuring them on the switch itself You configure a VLAN by assigning a name and network ports to the VLAN Optionally you can assign VLAN tag values on individual network ports You can configure multiple VLANs on a WX switch s network port Optionally each VLAN can have an IP address You do not need to configure VLANs on MAP access ports or wired authentication ports because the VLAN membership of these types of ports is determined dynamically through the authentication and authorization process Users who require authentication connect through WX ports that are configured for MAPs or wired authentication access Users are assigned to VLANs automatically through authentication and authorization mechanisms such as 802 1X By default none of a WX switch s ports are in VLANs A switch cannot forward traff
466. s tab See Using the Event Log on page 377 Reports Display links for configuring and generating reports See Generating Reports on page 383 The following icons are smaller and are located underneath the Back and Forward icons Exit the application Close 3WXM Edit application preferences Open a dialog to configure 3WXM client preferences See Changing 3WXM Preferences on page 481 Configure 3WXM Services Open a dialog to configure 3WXM Services See Changing 3WXM Services Preferences on page 491 Launch 3WXM HTML Help Open the online help HTML version of this document 42 CHAPTER 2 WORKING WITH THE 3WXM USER INTERFACE Copying Pasting and Deleting Objects Copy and Paste in the Organizer Panel A W N You can copy paste and delete objects in the Organizer panel or in the Content panel In the Organizer panel right click on an object to display a menu with the following options a Copy Copy the selected object and its child objects to the clipboard a Paste Add the object s in the clipboard to the selected object a Paste Replace Replace the like named object s in the selected object with the object s in the clipboard a Delete Remove the selected object from the network plan Use the Copy and Paste options to create a new object Use the Copy and Paste Replace options to replace an object with a copy of another instance o
467. se Capacity Calculation for Voice In the Active Call Bandwidth list specify the amount of bandwidth in kilobits per second Kbps that you expect for each call 128 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM In the Active Handsets per AP list specify the number of voice over IP phones that you want each MAP to handle In the Expected Handset Count list specify the number of voice over IP phones you expect to be in the coverage area In the Handset Oversubscription Ratio list select the ratio for the average transmit behavior of the voice over IP phones The handset oversubscription ratio is the ratio of active handsets compared to total handsets For example the ratio 4 1 indicates that Statistically 25 percent of the voice over IP phones are active at any given time 7 Under the Associations tab you can do the following In the Mobility Domain list select the Mobility Domain that contains the MAPs used for this coverage area In the Radio Profile list select the radio profile to be used for this coverage area All radio profile policies configured in the network plan are listed In addition a default policy is listed If you select default the default radio profile settings are applied to the coverage area For information about policies see Configuring and Applying Policies on page 373 In the Shared Area list select a coverage area that will share MAP access points with the one you are configuring
468. sed on organizational or geographical boundaries For example a network plan can represent a campuswide network You also can define a physical representation of the network sites buildings and floors In this case you can import drawings of your floor plans into the network plan or draw plan details manually You can then identify the RF characteristics by importing data from a site survey or by manually identifying RF objects 3Com recommends that you limit a network plan to a single campus or Mobility Domain 3Com network domain Different countries have different regulatory limits for 802 11 radios Setting the country code in the network plan automatically enforces the appropriate regulatory limits for all configured radios The greatest geographical scope for a network plan is a country because a network plan is based on one specific country code 54 CHAPTER 4 WORKING WITH NETWORK PLANS Creating a Network Plan To create a network plan From the main 3WXM window select File gt New The Create Network Plan wizard appears In the Network Plan Name box type a name for the network plan You can use 1 to 60 alphanumeric characters with no spaces tabs or any of the following slash backslash quotation marks asterisk question mark angle brackets lt gt or vertical bar In the Country Code list select the country where the network is to be deployed You must select a country cod
469. select MAC Address User In the User MAC Address box type the MAC address for the user device using colons as delimiters You must specify all 6 bytes of the MAC address In the MAC User Group list select the MAC user group that the user device belongs to if the group is already configured To set authorization attributes for the user click Next and go to step 5 Otherwise if you plan to set authorization attributes in another way such as adding the user to a group or configuring default AAA attribute values for the SSID the user will access click Finish In the VLAN Name box select or type the name of the VLAN that the user device belongs to 1 to 16 alphanumeric characters with no spaces or tabs The WX switch will authorize the user for that VLAN For more information on VLANs see Viewing and Configuring VLANs on page 206 In the attribute row you want to configure click the Attribute Value column See Table 22 on page 293 for a description of user attributes and their values Type the new attribute value in lowercase characters ACL names are case sensitive Repeat step 5 through step 7 for each attribute value you want to change Click Finish 292 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Creating a MAC User Group and Assigning Users To It 1 10 11 12 To create a MAC user group and assign users to it Access the Create MAC User Group wizard Sel
470. selected All others blank you must select the method Default authorization attributes Attributes assigned to the service profile An attribute value is used only if the attribute is not otherwise set for example on a user group or individual user Blank not set Radio profile Set of 802 11 radios and 802 11 settings for them Radio profile named default 238 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS You don t need to select the values for all these parameters when you configure a service The Service Profile wizards help you configure the essential parameters and assign appropriate values to the rest Some of the parameters that 3WXM automatically sets are not configurable using the Service Profile wizards To view all settings except access rules or change settings select the service profile and click Properties Access Rules The service profile wizards automatically create network access rules to control access to the SSIDs configured by the wizards The access rules match on all usernames or MAC addresses for voice service profiles Table 19 lists the access rules automatically created by the service profile wizards Table 19 Access Rules Automatically Created by Service Profile Wizards Service Profile Type Access Rule Type Default Access Glob 802 1X 802 1X al Voice MAC Web Portal WebAAA Web aed Open no user login Last resort last resort ssid name required Custom O
471. ser group 5 To set authorization attributes for the user click Next and go to step 6 6 Inthe VLAN Name box select or type the name of the VLAN that the user belongs to 1 to 16 alohanumeric characters with no spaces or tabs The WX switch will authorize the user for that VLAN For more information on VLANs see Viewing and Configuring VLANs on page 206 If the user requires administrative access only you do not need to specify a VLAN Otherwise if you plan to set authorization attributes in another way such as adding the user to a group or configuring default AAA attribute values for the SSID the user will access click Finish In the attribute row you want to configure click the Attribute Value column See Table 22 on page 293 for a description of user attributes and their values 8 Type the new attribute value in lowercase characters ACL names are case sensitive 290 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS 10 Creating a User Group and Assigning Users To It 1 Repeat step 5 through step 7 for each attribute value you want to change Click Finish To create a user group and assign users to it Access the Create Named User Group wizard Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch a b c Click the plus sign next to AAA d Select Local User Database e In the Task List panel select Named
472. service is lost including historical trend data 28 CHAPTER 1 INSTALLING 3WXM To prevent an item from being uninstalled click on the checkbox next to the item to remove the checkmark 4 Click Continue The uninstall program reports its progress When the uninstall process is complete the uninstall program reports that the items were successfully deleted 5 Click Done WORKING WITH THE 3WXM USER INTERFACE This chapter describes how to use the 3Com Wireless LAN Switch Manager 3WXM interface Overview Organizer panel When you start 3WXM client and log into 3WXM Services the network plan is displayed by the 3WXM client Content panel Toolbar is y ga Q P 6 il ey polas RF Panning Configurator Devoe Morttor Create gt Mobaty Doman gt Wires Switch a gt Thea Party ae c OID Le Charred Set 802 1169 1 6 1 Setup Motors oman gt Country Code Network Doman Na gt Cable Auto Tune Newark Doman See Other a Network Doman Members gt Upload Wx gt Convert Auto OMAPs gt Delete Auto DMAPs gt Network Doman Alerts panel Lock icon 30 CHAPTER 2 WORKING WITH THE 3VVXM USER INTERFACE The network plan is the workspace in 3WXM you use to design and manage a 3Com network The network plan defines the following a Network equipment WX switches MAPs and third party access points a Network site including floor plans RF characteristics o
473. service profile Display the Wireless Service Profiles table a Inthe Organizer panel click on the plus sign next to the WX switch on which the service profile is configured Click on the plus sign next to Wireless 1 Select Wireless Services Select the service profile in the table A set of tasks appears under Setup in the Task List panel To configure encryption settings and access rules select one of the following in the Task List panel and go to Modifying Encryption Settings a 802 1X Access a MAC Access used for voice a Web Portal Access a Open Access To configure access rules only select Access Rules and go to Modifying Access Rules on page 262 Modifying Encryption Settings Select the security modes you want the SSID to support You can select one or more of the following RSN WPA2 a WPA a Static WEP 2 Click Next 3 If you selected RSN or WPA you can select whether to use dynamically generated keys or static keys based on a passphrase a To use dynamically generated keys leave the Pre shared Key box blank a To use static keys type a string from 8 to 63 characters long in the Pre shared Key box and click Generate Click Next Viewing and Configuring Wireless Services 261 Select the encryption algorithms to use a AES CCMP Usually used with RSN WPAZ2 a TKIP Usually used with WPA a WEP 104 Used with dynamic WEP a WEP 40 Used with dynamic WEP 6 Click Next
474. settings for client session timers User idle timeout Number of seconds a client can remain idle before the client s session is changed to the Disassociated state A client is considered to be idle until it either sends data or responds to an idle client probe You can specify from 20 to 86400 seconds The default is 180 seconds 3 minutes To disable the timer specify O Idle client probing When enabled sends a keepalive probe a null data frame to each wireless client The frame is sent as a unicast The WX expects a reply in the form of an Ack Idle client probing is enabled by default Web portal session timeout Specifies how many seconds MSS waits after a Web Portal client enters the Disassociated state before terminating the client s session This can be useful if you want to allow a client connecting through Web Portal WebAAA to enter standby or hibernation mode then be able to resume its session after waking up without having to log in again You can specify from 5 seconds up to 2800 seconds a little over 46 minutes The default is 5 seconds The timeout change applies globally for all Web Portal sessions on the service profile s SSID This option applies only to Web Portal service profiles Rate Configuration Tab The Rate Configuration tab lists the data rates supported and used by MAP radios For each radio type 802 11a 802 11b and 802 11g the following rates are individually configurable Beacon rate Data
475. shared Key box and click Generate Click Next If you selected Static WEP in step 12 specify WEP keys Otherwise go to step 17 a For each key up to four type the key value in the corresponding key box 246 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS 17 18 19 gt 20 21 22 a By default data in unicast and multicast packets are encrypted using WEP key 1 To use another key for either type of packet select the key number in the WEP Unicast Key Index or WEP Multicast Key Index box Click Next Select or type the name of the VLAN into which you want the switch to place voice clients Click Next This step and the following step do not apply if the vendor selected in step 6 is Vocera If applicable the ACEs ACL rules that 3WXM will configure for the voice service are listed For non WMM clients ACEs are required in order to provide priority treatment of voice traffic The ACEs differ depending on the vendor you selected in step 6 The wizard describes the ACEs If you need to modify the ACEs go to step 20 Otherwise go to step 21 To add an ACE click Add Rule 3WXM adds an ACE to the end of the list The ACE matches on all source and destination IP addresses and denies them To modify an ACE select the part of the ACE you want to modify and edit or select the new value For information about ACE settings see Viewing and Configuring ACLs on page 220 If you selected MAC Access in ste
476. sing the RF Monitor View 442 Displaying RF Neighborhood Information 443 Displaying the SSID to BSSID Mapping 444 Displaying the Activity Log 445 Displaying RF Environment Statistics 446 Using the RF Trends View 447 Refreshing RF Trend Data 449 Accessing Realtime Performance Statistics 449 Viewing Performance Data 451 DETECTING AND COMBATTING ROGUE DEVICES Overview 457 Rogue Detection Requirements 458 Mobility Domain Requirement 459 Rogue Detection Lists 460 18 Using the Rogue Detection Screen 462 Toolbar Options 463 Filtering the Rogue List 464 Displaying Rogue Details 465 Displaying a Rogue s Geographical Location 468 Ignoring Friendly Third Party Devices 470 Adding a Device to the Attack List 471 Converting a Rogue into a Third Party AP 471 To convert a rogue into a third party AP 471 Adding a Rogue s Clients to the Black List 473 Configuring RF Detection Options from the Organizer Panel 473 OPTIMIZING A NETWORK PLAN Importing RF Measurements 475 Importing the Measurements 475 Applying the RF Measurements to the Floor Plan 477 Locating and Fixing Coverage Holes 478 Locating a Coverage Hole 478 Fixing a Coverage Hole 480 Computing and Placing New MAPs 480 Adding New MAPs that Are Already Installed to the Network Plan 480 CHANGING 3WXM PREFERENCES Overview 481 Resetting Preferences Values 481 Changing Network Synchronization Options 482 Changing User Interface Options 482 Changing Persistence Options 483
477. st 284 Enabling Countermeasures 284 Enabling MAP Signatures 285 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS Creating and Managing Users in the Local User Database 287 Viewing Users and Groups in the Local Database 288 Creating a Named User 289 Creating a User Group and Assigning Users To It 290 Creating a MAC User 291 Creating a MAC User Group and Assigning Users To It 292 Authorization Attributes 293 Viewing and Configuring RADIUS Settings 298 Viewing RADIUS Settings Servers and Server Groups 299 Creating a RADIUS Server 299 Creating a RADIUS Server Group 300 Changing Default RADIUS Settings 301 Viewing and Configuring Global 802 1X Settings 303 Viewing Global 802 1X Settings 303 Changing Global 802 1X Settings 303 Viewing and Configuring 802 1X Network Access Rules 306 Viewing 802 1X Network Access Rules 306 Creating an 802 1X Network Access Rule 306 Viewing and Configuring MAC Network Access Rules 310 Viewing MAC Network Access Rules 310 Creating a MAC Network Access Rule 310 Viewing and Configuring WebAAA Network Access Rules 313 Viewing Web AAA Network Access Rules 313 Creating a Web AAA Network Access Rule 314 Viewing and Configuring Last Resort Network Access Rules 316 Viewing Last Resort Network Access Rules 316 Creating a Last Resort Network Access Rule 316 Viewing and Configuring WX Administrator Access Rules 318 Viewing WX Administrator Access Rules 318 Creating an Access Rule for Console Ac
478. st panel click Tools 3 In the RF Obstacle area under Layout click one of the icons and draw the object as described in the following table Object Action Diagonally drag the cursor over the area where you io want the circle to appear circle Diagonally drag the cursor over the area where you want the square to appear square 3WXM treats squares as one solid object when calculating RF attenuation To draw a square outline draw four lines in a square shape which are treated as four separate RF obstacles 1 Click at a vertex and drag the cursor to the next if connected vertex parallelogram 2 Click again and drag the cursor until the parallelogram takes the shape you want 3 Click to finish 98 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM Importing RF Obstacle Data from a Site Survey 1 Click at a vertex then move the cursor to the next iz vertex polygon 2 Repeat until the polygon takes the shape you want For a polygon with n sides click n 7 additional times at the vertices For example to draw a 7 sided polygon click at 6 vertices 3 At the last vertex before completing the shape Right click to complete the polygon 3WXM supports concave polygons A concave polygon contains an internal angle greater than 180 degrees Click at the start of the line Drag the cursor to the end of the line Click to finish E line w N Click to exit RF obstacle mod
479. started automatically when you complete installation and starts automatically whenever you restart your system 3Com recommends that all clients that are using 3WXM Services be closed before you stop the services If a 3WXM client is using a network plan on 3WXM Services when you stop the services you cannot select objects or options in the client In this case to close the client click the X in the upper right corner of the window or use Task Manager to end the client session You can start 3WXM Services from within 3WXM or from Windows Services 1 Display the Services window Here is an example of the Services window in Windows XP The window might look differently on your system 5n Services File Action View Help gt E gt Services Local S Services Local 3WXM Services Name Description Status 3WXM Services 3WXM Ser Start the service Sy Alerter Notifies sel Sy Application Layer G Provides s Started Description Sy Application Manage Provides s 3WXM Services Sy Automatic Updates Enables th Started SB Background Intellig Transfers f Bs ClipBook Enables Cli amp Bacom Event System Supports 5 Started B_com System Appli Manages t Sy Computer Browser Maintains a Started Sy Cryptographic Servi Provides th Started SRy DCOM Server Proce Provides la Started Sy Defwatch Sy DHCP Client Manages n Started GB neck ee diol Ton Aon ba tom Ht Chanta ad lt gt
480. stom Depends on access type s selected for service profile Viewing and Configuring Wireless Services 237 Table 18 Service Profile Parameters continued Service Profile Parameter Description Default Value Assigned by Service Profile Wizard Custom Web Portal login page Subdirectory path and filename of an HTML page customized for login to the SSID Blank default page with 3Com logo is used Security modes For encrypted SSIDs only the types of encryption supported a Robust Security Network RSN also called WPA2 a Wi Fi Protected Access WPA a Dynamic Wired Equivalent Privacy WEP Based on service profile type 802 1X Dynamic WEP Voice Static WEP Web Portal No default Open Not applicable Custom Dynamic WEP for 802 1X access no default for other access types Encryption algorithms For encrypted SSIDs only the algorithms used to encrypt data when the WPA or RSN security mode is used a Advanced Encryption Standard AES with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol CCMP a Temporal Key Integrity Protocol TKIP a WEP with 104 bit keys WEP with 40 bit keys TKIP Authentication method Location of user information the switch checks when authenticating and authorizing users Can be one or more RADIUS server groups the switch s local database or both Voice LOCAL a RADIUS server group cannot be
481. t Setup gt System Setup gt Software Version gt Model gt Timezone gt System Information Other gt Convert Auto DAPs gt Delete Auto DAPs gt Launch Telnet gt Launch Browser Configuration Wizards When you click on a task in the Task List panel 3WXM opens a configuration wizard For example click on System Setup to open the System Setup wizard for configuring basic switch parameters 36 CHAPTER 2 WORKING WITH THE 3WXM USER INTERFACE PA System Setup Wizard System Setup Wizard This wizard will help you configure the areas of the system that are necessary for operation amp management This includes SNMP VLANs AAA Wireless Services and Access Points To continue click Next Some wizards contain multiple pages Click the Next and Previous buttons at the bottom of a wizard to navigate among the wizard s pages The Finish button saves the changes If applicable saving the changes also results in the newly configured object appearing in a table in the Content panel The following example shows the Wireless Service Profiles table which lists the SSID configurations on a switch Wireless Service Profiles Name SSID SSID Type l V Beacon Radio Profile s Secure 802 1x employees Encrvoted x MI default Voice phones Encrypted J MI default The wizards displayed by selecting tasks in the Task List panel allow configuration of settings that
482. t However the channel is not changed for MAPs that are running in the live network and are being managed by 3WXM For these MAPs 3WXM displays the channels that are in use on the live MAPS To make the MAPs in the live network use the channels assigned by RF Planning deploy the configuration to the network After you deploy the configuration with the new channel settings the channel information on the floor plan should match the channels assigned by RF Planning The MAPs on a floor plan in RF Planning are color coded to indicate their monitored status a Green Up Computing Optimal Power VW Computing MAP Placement 147 a Yellow Up but with minor service degradation a Orange Up but with major service degradation a Red Down Blue Unknown A MAP with a blue background is not in the live network even though it is on the floor plan The channel number for this MAP will match the channel number assigned by RF Planning However a MAP with a green background is running in the live network and this MAP s channel number will indicate the channel on which the MAP is operating which is not necessarily the channel assigned by RF Planning If RF Auto Tuning of channels is enabled the channels can change on live MPs even if you do not change them If you do not plan to use the RF Auto Tuning feature to automatically set the power levels on the MAPs after deployment and installation use the Compute Optimal Power opt
483. t IP Addresses and Stop IP Addresses boxes 220 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Changing the Aging Time for FDB Entries 1 By default all addresses except the host address of the VLAN the network broadcast address and the subnet broadcast address are included in the range If you specify the range the start address must be lower than the stop address and all addresses must be in the same subnet The IP interface of the VLAN must be within the same subnet but is not required to be within the range Click OK The aging timeout period specifies how long a dynamic entry can remain unused before the software removes the entry from the database Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs 2 In the Content panel select the VLAN 3 Click Properties 4 In the Aging Time box specify the aging timeout period O to 1 000 000 seconds for dynamic entries in the forwarding database The default is 300 seconds 5 minutes If you specify 0 aging is disabled Click OK Viewing and Configuring ACLs An access control list ACL filters packets to restrict or permit network usage by certain users network devices or traffic types You can also assign a class of service CoS level which allows priority handling to packets For example you can use ACLs to enable users to
484. t appears before the beginning of each login prompt of each CLI session Do not use the number sign single quotation mark double quotation marks or ampersand amp Click OK Distributed MAPs that are not configured on any WX switches in the Mobility Domain can nonetheless be booted and managed by a switch if the switch has a profile for Distributed MAPs and has capacity to manage the MAP A MAP that is booted and managed using a Distributed MAP profile is here called an Auto DAP You can convert the temporary connection of an Auto DAP to a WX switch into a permanent statically configured connection on the switch This procedure converts Auto DAPS into configured Distributed MAPs only on the switch you are managing To convert Auto DAPs on a Mobility Domain basis see Converting Auto DAPs into Statically Configured APs on page 67 To convert an Auto DAP Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select Convert Auto APs The Convert Auto APs wizard appears The MAPs that were configured using a Distributed MAP template are listed Select the MAPs you want to convert into statically configured MAPs 5 Click Next Click Finish Deleting Auto DAPs Launching a Telnet Management Session with the Switch Modifying Basic Switch Parameters 175 3WXM automatically updates an Auto DAP s information in the network plan when the
485. t first purchase a service contract from 3Com or your reseller Telephone Technical Support and Repair To enable telephone support and other service benefits you must first register your product at http eSupport 3com com Warranty and other service benefits start from the date of purchase so it is important to register your product quickly to ensure you get full use of the warranty and other service benefits available to you When you contact 3Com for assistance please have the following information ready a Product model name part number and serial number a Proof of purchase if you have not pre registered your product a A list of system hardware and software including revision level a Diagnostic error messages a Details about recent configuration changes if applicable Contact Us 509 To send a product directly to 3Com for repair you must first obtain a return authorization number RMA Products sent to 3Com without authorization numbers clearly marked on the outside of the package will be returned to the sender unopened at the sender s expense If your product is registered and under warranty you can obtain an RMA number online at http eSupport 3com com First time users will need to apply for a user name and password Contact Us Country 3Com offers telephone e mail and internet access to Technical Support and repair services To access these services for your region use the appropriate telephon
486. t level of severity to be logged a Emergency tThe WX is unusable a Alert Action must be taken immediately Viewing and Setting Log and Trace Settings 199 a Critical You must resolve the critical condition If you do not resolve the condition the WX can reboot or shut down a Error The WX is missing data or unable to form a connection a Warning A possible problem exists a Notice Events that can cause system problems have occurred These are logged for diagnostic purposes a Info Informational messages only No problems exist a Debug Output from debugging The default severity level is Error The debug level produces a lot of messages many of which can appear to be somewhat cryptic Debug messages are used primarily by 3Com for troubleshooting and are not intended for administrator use 3 Configure logging to the console a To specify that logging messages be sent to the console select Enabled Clear Enabled to disable the logging of messages to the console b In the Severity Filter list select the lowest level of severity of the event or condition to be logged see the list in step 2 The default severity level is Error 4 Configure logging to the current login session a To specify that logging messages be sent to the current login session select Enabled Clear Enabled to disable the logging of messages sent to the current login session b In the Severity Filter list select the lowest level of sever
487. t synchronized To synchronize the changes do one of the following a Review and either deploy local changes or accept network changes then review and either deploy or accept the other set of changes a Reject one set of changes local or network and accept or deploy the other set of changes a Reject both sets of changes 354 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Distributing System Images Using the Image Repository N OAU PWN A W N You can use 3WXM to upgrade or downgrade the system image MSS software on WX switches System images include switch software and MAP software Use the image repository to add or delete WX system images The image file is checked and its version is verified when added to the image repository Images are stored in the 3Com_installation_director images dp directory To add a system image Select the Devices tool bar option At the bottom of the Task List panel select Device Operations In the Task List panel select Image Repository Click Add Image The Add to Repository dialog box appears Navigate to the directory containing the system image Select the system image Click Add to Repository The image is added to the image repository and appears in the Image List To close the Image Repository dialog box click Close To delete a system image In the Image Repository dialog box select the image you want to delete Click Remove Image A prompt appea
488. t the switch Preconfiguring a Switch in 3WXM If you know the switch s serial number use the following procedure to set up the switch s configuration in 3WXM Start 3WXM Services 2 Start a 3WXM client and connect to 3WXM Services 3 Select Tools gt 3WXM Services Setup from the menu bar in the main on oO VU 10 11 12 13 3WXM window The 3WXM Services Setup wizard appears On the Service Settings tab of the wizard displayed by default select Allow remote access in the Access Control area Select the WX Connection Settings tab Select Accept self signed certificates in the Connection Security area Click Save then click Close Open the network plan for the site or select File gt New to create a new network plan Access the Create Wireless Switch wizard a Select the Configuration tool bar option b In the Organizer panel select the network plan name c Inthe Task List panel select Create Wireless Switch Enter a name for the switch in the WX Name box Select the switch model Enter the serial number in the Serial Number box Configure other parameters as required for the switch s deployment You can configure an enable password for the switch even if it does not already have one When sending the configuration 3WXM tries the configured password first then tries a blank password if the enable password does not match the one on the switch If the switch does not have an enable password the bl
489. t to Overwrite Existing Files to deselect this option 7 Click Generate When the report is generated click the report link to view it Table 31 lists the sections in the report Table 31 Mobility Domain Configuration Report Sections Section Description Wireless Switches Name model and system IP address of each WX switch in the Mobility Domain The number of directly attached and Distributed MAPs configured on each WX switch are also listed VLANs VLANs configured on the WX switches Radio Profiles Radio profiles configured on the WX switches Service Profiles Service profiles configured on the WX switches RADIUS Server Groups RADIUS server groups configured on the WX switches RADIUS Servers RADIUS servers configured on the WX switches MAPs Lists information for each MAP in the selected Mobility Domain Generating a WX Configuration Report 387 Generating a WX Configuration Report A W N The WX configuration report lists configuration details for a WX switch Select the Reports toolbar option In the Report Category list select Configuration Reports In the Reports list select WX Configuration In the Report Scope Instance drop down list select the switch for which you want the report The scope is always Wireless Switch and cannot be changed To select or change the output directory for the report click Choose navigate to the new directory and click Select To prevent 3WXM from replacing a
490. table lists the DSCP values to which MSS maps internal CoS values during marking of egress traffic To change the mapping between a DSCP value in an ingress packet and its internal CoS value Access the QoS tables a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select QoS In the CoS column of the DSCP to CoS table use the arrows to select the new value or type the new value Click Save To change the mapping between an internal CoS value and the DSCP value that is marked in egress traffic Access the QoS tables a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select QoS In the DSCP column of the CoS to DSCP table use the arrows to select the new value or type the new value Click Save Setting a Range of DSCP Values to a Single CoS Value Resetting CoS Mapping to their Default Values 1 u A WwW N 1 Viewing and Changing CoS Mappings 233 To set a range of DSCP values to a single CoS value Access the QoS tables a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select QoS In the Task List panel select Set DSCP to CoS Range In the First DSCP list select the lower DSCP value in the
491. talling 3WXM client and 3WXM Services software and an introduction to using the 3WXM interface Wireless LAN Switch and Controller Hardware Installation Guide This guide provides instructions and specifications for installing a WX wireless switch in a Mobility System WLAN Wireless LAN Switch and Controller Configuration Guide This guide provides instructions for configuring and managing the system through the Mobility System Software MSS CLI Wireless LAN Switch and Controller Command Reference This reference provides syntax information for all MSS commands supported on WX switches Documentation Comments Your suggestions are very important to us They will help make our documentation more useful to you Please e mail comments about this document to 3Com at pddtechpubs_comments 3com com Please include the following information when contacting us Document title Document part number and revision on the title page Page number if appropriate 20 ABOUT THIS GUIDE Example a Wireless LAN Switch and Controller Configuration Guide a Part number 730 9502 0071 Revision B a Page25 i gt Please note that we can only respond to comments and questions about 3Com product documentation at this e mail address Questions related to Technical Support or sales should be directed in the first instance to your network supplier INSTALLING 3WXM This chapter describes how to install 3Com Wireless LAN Switch Manager 3WXM
492. tart and end dates for the History interval edit the values in the boxes or click on the down arrows next to From and To to display calendars and select the dates Click Apply 3WXM replaces the rogue list with the set of rogues detected during the period you selected To display details for a rogue select the rogue in the rogue list Details are displayed in the tabs in the right portion of the Rogue Detection tab Current Current Hour Current Day and History Tabs The Current Current Hour Current Day and History tabs show rogues detected in the past a Current Lists the rogues observed during the most recent polling intervals a Current Hour Lists the rogues observed during the most recent hour a Current Day Lists the rogues observed during the most recent day a History Lists the rogues observed during the most recent 30 day period 466 CHAPTER 17 DETECTING AND COMBATTING ROGUE DEVICES Each rogue is listed only once even if multiple entries for the rogue appear in the Activity Log tab For example if a rogue is detected during three polling intervals separate entries for each polling interval appear in the Activity Log However at the end of the hour when the activity data is consolidated and moved to the Current Hour tab only one entry appears on that tab for the rogue On each tab the Polled Results column lists the time when the data was received from the monitoring service Activity Lo
493. te Group tool or Format gt Create Group Group items Select all items except Ctrl A locked and frozen items in AutoCAD The commands are mentioned in 3WXM documentation as a guide for finding the appropriate commands or options in your CAD application However the best source of information about how to use your CAD application is the user documentation for that application i gt The operating tips in the previous table refer to specific command names Table 14 Common AutoCAD Layer Names AutoCAD Layer Name Commonly Represents glaz windows scol steel columns p fixt bathroom p part bathroom stall partitions ext exterior int interior Importing or Drawing Floor Details 83 Importing the Drawing To import a floor drawing Select the RF Planning tool bar option In the Organizer panel click on the plus sign next to the building to expand it then click on the name of the floor for which you are importing the drawing An empty floor layout appears in the Content panel In the Task List panel under RF Planning select Import Floor Layout 4 After navigating to the directory containing the drawing select it and click Open The drawing appears After you import a drawing 3WXM remembers the directory you chose a If you originally imported a DXF or DWG file you can import a DXF DWG GIF or JPEG file and layer it over the original file When you import another file you ar
494. te the filter 9 Repeat step 5 through step 8 for each user you want to display details 10 11 12 13 for To select or change the output directory for the report click Choose navigate to the new directory and click Select To prevent 3WXM from replacing an existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option Click Generate When the report is generated click the report link to view it The watch list client report contains the following sections a Session Properties a Location History Generating a Network Usage Report 393 a Session Statistics AP Statistics See Using the Client Monitor View on page 415 for information about the data columns in each section of the report Generating a Network Usage Report A W N The network usage report lists network usage statistics The data for this report comes from 3WXM Services The Enable RF trending option located in the RF Monitor group box of the Monitoring Settings tab must be enabled See Changing Monitoring Settings on page 500 Select the Reports tool bar option In the Report Category list select RF Reports In the Reports list select Network Usage Select the scope type of the report from the Report Scope Type drop down list a Mobility Domain a Wireless Switch a Site a Building a Floor a Coverage Area Select the instance for which you want the report
495. th the methods above See Importing RF Obstacle Data from a Site Survey on page 98 You also can use site survey data to optimize a network plan after you install 3Com equipment See Optimizing a Network Plan on page 475 Consider the following when creating RF obstacles Be aware if a CAD drawing contains overlapping objects If you create RF obstacles on objects that are on top of each other the attenuation is increased at that point 3WXM sums the attenuation factors in dB Grouping objects is useful if you want one attenuation factor for an area on the floor Converting Objects into RF Obstacles Specifying the RF Characteristics of a Floor 95 You have several options when creating RF obstacles Convert all objects in a layer of a CAD drawing into RF obstacles a Convert all objects in an area of the drawing into RF obstacles a Convert multiple objects in the drawing into RF obstacles a Convert grouped objects in the drawing into RF obstacles To create RF obstacles for all objects in a layer 3WXM preserves the layers defined in a CAD drawing You can convert all of the objects in the layer into a specific type of RF obstacle Click Layers in the Organizer panel to bring up a list of the layers in the drawing 2 Right click the list of layers in the Organizer panel 3 Select Create RF Obstacles from the menu that is displayed The Create RF Obstacle dialog box appears Go to To use the Create RF Obst
496. the Windows Start menu or the Control Panel To uninstall 3WXM on Windows systems 1 Access the Windows Control Panel and select Add or Remove Programs 2 Select 3WXM and click Change Remove Uninstalling 3WXM 27 2 Uninstall 3WXM h Uninstall 3WXM 3com About to uninstall IWXM Wireless B This will remove features installed by InstallAnywhere It will not Sw l tc h remove files and folders created after the installation Manager InstallAnywhere by Zero G 3 Click Uninstall The 3WXM Uninstall Options dialog appears By default the following are removed when you uninstall the client application a Network plans a Access control If the monitoring service was also installed the monitoring service s database directory is also uninstalled by default The database directory contains the data collected by the monitoring service CAUTION Do not delete the serial number unless specifically asked to do so by 3Com Technical Support Your license s to use this software are registered against this serial number If you delete the serial number the software will generate a new serial number if it is ever reinstalled You will then require new licenses to register against the new serial number If you delete the serial number the license information will also be deleted CAUTION If you delete an item the item is permanently lost For example if you delete the database directory all data collected by the monitoring
497. the details for a specific event select the event Event details appear in the Details tab Filtering Event Messages Using Predefined Event Filters You can limit the events you see in the Event tab by using predefined filters in 3WXM or by specifying filter criteria based on content facility or severity You can save specified filter criteria as a stored filter To use predefined filters select one of the following from the Name list in the Stored Filters group box a All Entries Shows all entries in the log 3WXM Shows only 3WXM client events Server Shows only 3WXM Services events a Today Shows only events that occurred today a Last 24 Hours Shows only events that occurred in the last 24 hours a Last 500 Entries Shows only the last 500 entries in the log a Filters specific to the WX switches For example if you have a WX switch named wx7 you see a filter named WX wx7 in the list You now see the log entries in Event tab that match the criteria of the filter that you chose Filtering Events by Content Filtering Event Messages 379 When using the predefined filters you can limit the events you see in Event tab by specifying criteria such as IP address date or text in the log message You can use advanced filters to further limit the events you see To filter messages by content In the Event Source box type an event source name or part of an event source name You can type more th
498. thentication method s in the Available RADIUS Server Groups list and click Add An authentication method specifies where the switch will look for user information to authenticate users You can select a RADIUS server group LOCAL the switch s local user database or both MSS tries the methods in the order they appear in the Current RADIUS Server Groups list To reorder the methods select a method and click Up or Down a f you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server no authentication and authorization are attempted with the other methods specified in the list a f you specify LOCAL as the first method and a user is not in the local user database on the WX authentication and authorization are attempted with a RADIUS server group if one is defined in the method list The authentication methods you select are also used for authorization 7 Click Next 8 To enable this accounting rule for the SSID select Enabled By default accounting rules you configure in 3WXM are disabled which means 3WXM does not add the rules to the switch s configuration 9 Select one of the following record options a Select Start Stop to specify that records are sent at the start of a session and the end of a session a Select Stop Only to specify that records are sent only at the end of a session 316 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS 10 S
499. this option is selected a Show Warnings Warning messages are listed only when this option is selected a Show Disabled Disabled rules are listed only when this option is selected See Disabling a Rule from the Message List on page 365 Resolving an Error or Warning For most errors and warnings 3WXM provides a link to edit the configuration information that caused the error or warning The link appears in the Resolutions section of the tab under the Messages column When you click the edit link 3WXM opens the configuration wizard for the configuration item For example if you create a new WX switch called dang wxr700 but you do not specify the system IP address of the switch the error message System IP address is not assigned or is invalid appears in the Message area To correct the error click on Edit dang wxr100 in the Resolutions section The Modify WX switch wizard appears Use the wizard to edit the System IP address After you save the configuration change 3WXM reevaluates the switch s configuration If the system IP address is specified the error no longer appears in the Verification tab Disabling a Rule from the Message List Resolving an Error or Warning 365 To resolve an error or warning Select the error or warning message in the Message column Read the information in the Error Warning Details section For some errors and warnings this section contains information about how to resolve the er
500. time of day Creating and Managing Users in the Local User Database 297 Table 22 Authentication Attributes for Local Users continued Attribute Description Valid Value s time of day network access mode only Day s and time s during which the user is permitted to log into the network After authorization the user s session can last until either the Time Of Day range or the Session Timeout duration if set expires whichever is shorter Time Of Day is a 3Com vendor specific attribute VSA The vendor ID is 43 and the vendor type is 4 One of the following never Access is always denied any Access is always allowed a al Access is always allowed One or more ranges of values that consist of one of the following day designations required and a time range in hhmm hhmm 4 digit 24 hour format optional mo Monday tu Tuesday we Wednesday th Thursday fr Friday sa Saturday su Sunday wk Any day between Monday and Friday Separate values or a series of ranges except time ranges with commas or a vertical bar Do not use spaces The maximum number of characters is 253 For example to allow access only on Tuesdays and Thursdays between 10 a m and 4 p m specify the following time of day tu1000 1600 th1000 1 600 To allow access only on weekdays between 9 a m and 5 p m and on Saturdays from 10 p m until 2 a m specify the
501. tion Number of Radios 1 25 WX Switches 25 50 WX Switches 50 WX Switches 1 1000 2 4 MHz P4 2 8 MHz P4 3 2 MHz Xeon 500 MB RAM 500 MB RAM 1 GB RAM 1 GB HD 1 GB HD 1 GB HD 1 2000 2 4 MHz P4 3 0 GHz P4 3 6 GHz Xeon 1 GB RAM 1 GB RAM 2 GB RAM 2 GB HD 2 GB HD 2 GB HD Software Requirements 23 Software Requirements 3WXM client and 3WXM monitoring services are each supported on the following operating systems a Microsoft Windows Server 2003 a Microsoft Windows XP with Service Pack 1 SP1 or later a Microsoft Windows 2000 with Service Pack 4 You must use the English version of the operating system you select Operating system versions in other languages are not supported with 3WXM The following additional software is required for certain 3WXM features a Adobe Acrobat Reader 5 x or later or plug in For reading the Wireless LAN Switch Manager Reference Manual and release notes a Web browser for example Microsoft Internet Explorer 5 x or 6 x or Netscape Navigator 6 x or 7 x For displaying 3WXM work orders and inventory reports Preparing for Installation gt User Privileges A licensed copy of 3WXM comes with a base license key Before you install 3WXM make sure you have the appropriate administrative privileges on the system After you have installed 3WXM you will need to register your license and the serial number with 3Com in order to obtain an activation key The base key along with its ac
502. tion information in 3WXM a The Network Verification tab shows errors and warnings for configuration information in the network The errors and warnings can be for switch configuration items and for the monitoring service On each tab the Message column lists error descriptions in red and lists warning descriptions in orange a Errors are serious problems that must be addressed before deployment By default you cannot deploy a network plan with errors in it After fixing errors verify the network plan again to ensure that the errors have been resolved a Warnings are noncritical issues that do not stop deployment Review any warnings and consider resolving the issues before deployment 364 CHAPTER 11 VERIFYING CONFIGURATION CHANGES Toolbar Options Filtering the Message List Details about the selected error or warning appear in the lower left section of the tab The Resolution section of the tab lists options for resolving the warning or error Table 27 lists the options on the Event tab s toolbar Table 27 Toolbar Options on Verification Tab Option Description Options Displays the Verification Options dialog box which enables you to change verification options and disable or reenable rules See Changing Verification Options on page 366 By default all warning and error messages are listed You can use the following options to filter the message list a Show Errors Error messages are listed only when
503. tion tab The warning lists the switch s serial number and IP address The network administrator can upload the switch into the network plan configure switch parameters and deploy the configuration to the switch See Uploading a Partially Configured Switch and Completing its Configuration with 3WXM on page 341 3WXM Requirements 3WXM must be installed and 3WXM Services must be running The 3WXM Services option to always accept self signed certificates must be enabled This is required if you are using the drop ship option with a WXR100 or you have staged any model switch with a self signed certificate This option is disabled by default The network plan containing the WX switches must be open Preconfiguring the switch in the network plan is optional If you know the switch s serial number you can preconfigure the switch in the network plan and let 3WXM Services deploy the configuration to the switch If you do not know the switch s serial number you still can use 3WXM to configure the switch However you will need to wait for the switch to contact 3WXM so you can upload the switch s configuration modify the configuration then deploy the modified configuration back to the switch 336 CHAPTER 9 CONFIGURING WX SWITCHES REMOTELY Staging a WX Switch for Configuration by 3WXM Example 1 Deployment Site Has DHCP and Local DNS 1 The auto config option must be enabled on a WX switch in order for
504. tistics have been collected and will be transmitted to the new location Web_authing User is being authenticated by WebAAA Wired User is being authenticated using an 802 11 protocol on a wired authentication port Clearing User session is being terminated Invalid Usually indicates the session is being terminated and session information is no longer available 432 CHAPTER 16 MONITORING THE NETWORK Displaying Session Statistics On the Client Sessions tab select the Session Statistics tab at the bottom of the view Be Ea Client Monitor amp Q w w ES A B SE alphaNET4_1_0 Equipment 3ComAir E Alphawx1 wx4400 DAP1 FishBowl352 DAP16 DAP16 Alphawx 2 wx1200 f Alphawx3 wx1200 AlphawxS WXR100 Alphawx4 wx1200 Sites Alerts DAP14 MAP S Empty DAP15 MAP Cafe t i Client Activity j Client Sessions I Client Watch List Total 1 Average SNR 10 Average RSSI 77 SSID EE SES RSSI dBm last resort public 2 yublic SOR AlphaNET4_1_0 Ext Session Details Fri Dec 02 20 09 20 PST 2005 Session Properties Session Statistics Location History Operational Rate SNR RSSI Bandwidth Bytes sec Current AP I Lifetime Unicast Bytes Out 43651 Unicast Packets Out 294 Transmit Timeouts 2 Unicast Bytes In 24542 Unicast Packets In 134 Multicast Bytes In 0 Multicast Packets In 0 Bad Crypt Bytes In 0 Bad Crypt Packets In 2
505. tivation key enables you to manage up to 10 wireless LAN switches To manage more than 10 wireless LAN switches you also need an upgrade key and an additional activation key which you obtain from 3Com See Serial Number and License Key on page 24 for more information Before you install 3WXM make sure that you are logged in as a user who has permission to install software or as an administrator After you install 3WXM you can configure 3WXM access privileges for the user accounts on the machine Likewise you can configure access privileges for the monitoring service if installed Access privileges for the 3WXM client are completely independent of access privileges for the monitoring service and are configured separately 24 CHAPTER 1 INSTALLING 3WXM Serial Number and 3WXM comes with a base license key which is provided on the CD cover License Key To use 3WXM Services you need to enter the base key and an activation key which you obtain from 3Com The base key and activation key enable you to manage up to 10 wireless LAN switches To manage more than 10 wireless LAN switches you also need an upgrade key and additional activation key which you obtain from 3Com Each time you connect the 3WXM client to the 3WXM services it checks the license information If the product is not licensed the License wizard is displayed Installing 3WXM gt To install the 3Com Wireless Switch Manager follow the instruction
506. to 65 535 seconds in the Retransmit Timeout box The default is 5 seconds To specify the number of seconds before the WX switch times out an authentication session with an 802 1X client supplicant specify the timeout value 1 to 65 535 seconds in the Supplicant Timeout box The default is 30 seconds To specify the number of seconds before the WX switch times out a request to an authentication server specify the timeout value 1 to 65 535 seconds in the Authentication Server Timeout box The default is 30 seconds To set the maximum number of times the WX switch retransmits an EAP request to the client before timing out the authentication session specify the value 0 to 10 in the Maximum Requests box The default is 2 attempts To support SSIDs that have both 802 1X and static WEP clients MSS sends a maximum of two ID requests even if this parameter is set to a higher value Setting the parameter to a higher value does affect all other types of EAP messages To enable encryption key information to be sent to the client after authentication in EAPoL Key PDUs select Key Transmit The WX switch sends EAPoL key messages after successfully authenticating the client and receiving authorization attributes for the client If the client is using dynamic Wired Equivalent Privacy protocol WEP the EAPoL key messages are sent immediately after authorization To disable this option clear Key Transmit By default this option is enabl
507. to Tuning feature changed the transmit power level of the radio Event information comes from the AutoTuneRadioPowerChange trap Channel Change The RF Auto Tuning feature changed the transmit channel of the radio Event information comes from the AutoTuneRadioChannelChange trap Description For countermeasure events this column lists the target MAC address of the rogue device For RF Auto Tuning messages this column lists the reason for the power or channel change 446 CHAPTER 16 MONITORING THE NETWORK Displaying RF To display RF environment statistics in the RF Monitor window select the Environment RF Environment tab at the bottom of the window Statistics m C RF Monitor p AE AlphaNET4_1_0 E Equipment NAS E 3Coma ir A Alphawxt Wx4400 DAP16 Radiot 802 11g Alphawx1 w x4400 DAP1 FishBowl352 DAP 12 MikesOffice AP13 MAP Empty DAP14 MAP S Empty DAP15 MAP Cafe Ext 14 00 BEJI 14 00 0b 0e 0f 7a 00 DAP16 DAP16 RF Neighborhood SSID BSSID Mapping Activity RF Environment A Alphawx 2 wx1200 Channel I Noise CRC Errors PHY Errors Pkt Re transmissions Utilization Alphawx 3 wx1200 153 100 218625 0 414766 Alphawx5 WXR100 Alphawx4 wx1200 Sites Alerts Table 56 lists the information displayed on the tab Table 56 RF Monitor Environment Columns Column Description Channel Radio channel to which the other columns apply
508. to an address received through the DHCP client 3Com recommends that you use the DHCP client only on WXR100 switches that you plan to configure using the drop ship method Select Interface Enabled to enable the IP interface Click Finish Changing VLAN Membership Viewing and Configuring VLANs 209 A port or port group can be in one or more VLANs To be in multiple VLANs the port or group must have an 802 1Q VLAN tag A tag is a numeric value that identifies a virtual port within the VLAN The same VLAN can have different tag values on different ports However a port can have only one tag value in a given VLAN A VLAN can also have untagged ports An untagged port can be a member of only one VLAN MSS supports the IEEE 802 1Q tag type described in the IEEE 802 1Q specification The tagging capabilities of the WX are flexible You can assign 802 1Q tag values on a per VLAN per port basis The same VLAN can have different tag values on different ports In addition the same tag value can be used by different VLANs but on different network ports If you use a tag value 3Com recommends that you use the same value as the VLAN number MSS does not require the VLAN number and tag value to be the same but some other vendors devices do Do not assign the same VLAN multiple times using different tag values to the same network port Although MSS does not prohibit you from doing so the configuration is not supported Access the VLAN ta
509. to install the image To select more than one Wx click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items In the Task List panel select Schedule Install 5 Click on Select an Image to display the list of images in the repository 6 Click Next 356 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Edit the start date and time The date and time are based on the date and time on the machine where 3WXM Services is installed Click Finish Rebooting WX Switches or MAP Access Points You can use 3WXM to reboot WX switches and MAPS To reboot WX switches and the MAPs they are managing Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Managed Devices list select the WX switches you want to reboot or that are managing MAPs you want to reboot To select more than one Wx click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items In the Task List panel select Reboot WX and APs Information about the rebooting process is shown in the Status column Click Close To reboot MAPs without rebooting the switch Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Managed Devices list select the WX switches that are managing the MAPs you want to reboot To select more than one W
510. to select noncontiguous items In the Task List panel select Unmanage Device 358 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Viewing the Operation Log The operation log displays information about the operations you perform using the Devices options To display the operation log Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Task List panel select View Operation Log Table 26 lists the columns in the operation log Table 26 Devices Operation Log Column Description Task The operation that was requested The operations are tasks available on the Devices tab Status Status of the operation Scheduled Completed a Cancelled a Failed User 3WXM user name Start Time Date and time when the task was started or is scheduled to start End Time Date and time when the task ended Details Description of the success or failure of the task Canceling a Scheduled Operation To cancel a scheduled operation Select the Devices tool bar option At the bottom of the Task List panel select Device Operations In the Managed Devices list select the WX switches with scheduled tasks you want to cancel To select more than one WX click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items In the Task List panel select Cancel Scheduled Operation The Deploy Status column in th
511. to the WX switches in the network To send changes made in the network plan to switches in the network deploy the changes See Reviewing and Deploying Switch Configuration Changes Reviewing and Deploying Switch Configuration Changes 3WXM does not automatically deploy switch configuration changes from the network plan to the actual switches in the network The following options in the Task List panel allow you to review and deploy changes a Review Displays a categorized list of the undeployed changes a Deploy Sends the changes to the network When you click Deploy 3WXM verifies the configuration changes and displays warnings or errors if applicable If any errors are listed 3WXM does not deploy the changes Task List Panel Display Panels 35 To resolve errors and deploy the changes use the Verification option The Verification option provides detailed information for errors and warnings and enables you to resolve them Generally you can resolve an error or warning by ignoring it or by clicking a link to open a configuration wizard For more information see on page 363 The Task List panel displays lists of tasks related to the object selected in the Organizer panel Click a task to open the configuration wizard required to perform that task The Task List panel is located to the right of the Content panel Here is an example of the task list for an individual WX switch AlphaWX1 WX4400 C 4 gt g
512. to the forwarding state is called the forwarding delay In some configurations this delay is unnecessary The WX switch provides the following fast convergence features to bypass the forwarding delay a Backbone fast convergence Backbone fast convergence accelerates a port s recovery following the failure of an indirect link Normally when a forwarding link fails a bridge that is not directly connected to the link does not detect the link change until the maximum age timer expires Backbone fast convergence enables the WX switch to listen for bridge protocol data units BPDUs sent by a designated bridge when the designated bridge s link to the root bridge fails and immediately verifies whether BPDU information stored on a port is still valid If the BPDU information on the port is no longer valid the bridge immediately starts the listening stage on the port If you plan to use the backbone fast convergence feature you must enable it on all the bridges in the spanning tree a Uplink fast convergence Uplink fast convergence enables a WX switch that has redundant links to the network core to immediately change the state of a backup link to forwarding if the primary link to the root fails Uplink fast convergence bypasses the listening and learning states to immediately enter the forwarding state The uplink fast convergence feature is applicable to bridges that are acting as access switches to the network core distribution layer but a
513. too close Figure 7 Unsupported Polygon Shape 840 9502 0036 Defining Wireless Coverage Areas 115 If you are using a complex concave polygon as a coverage area computation of MAP access points might take longer than the computation for an area with a less complicated shape When drawing a coverage area make sure it extends just short of external walls If the coverage area includes external walls 3WXM accounts for the external walls when computing how many MAP access points are required for the coverage area This might lead to an inaccurate MAP count Display the floor plan in the Content panel In the Task List panel click Tools In the Create area under Coverage Area click one of the icons and draw the object as described in the following table Object Action Diagonally drag the cursor over the area where you i want the circle to appear circle Diagonally drag the cursor over the area where you want the square to appear square 1 Click at a vertex and drag the cursor to the next i vertex parallelogram 2 Click again and drag the cursor until the parallelogram takes the shape you want 3 Click to finish 1 Click at a vertex then move the cursor to the next E vertex polygon 2 Repeat until the polygon takes the shape you want For a polygon with n sides click n 7 additional times at the vertices For example to draw a 7 sided polygon click at
514. tool bar a Policies displayed by the Policies tool bar option The set of device configuration policies included in your network plan a Equipment displayed by the Configuration tool bar option The set of devices in your network plan This includes Mobility Domains 3Com switches and MAPs as well as third party access points that 3WXM needs to be aware of while planning or monitoring the network a Sites displayed by the RF Planning tool bar option Named sets of buildings and floors where 3Com equipment is deployed The tree that is displayed depends on the active tool bar option See Tool Bar Options on page 39 32 CHAPTER 2 WORKING WITH THE 3WXM USER INTERFACE Alerts Panel To expand the view of an object in the tree click on the plus sign next to the object For example to display the buildings in a site click on the plus sign next to the site name To display the floors in the building click next to the building name and so on The Alerts panel displays summary statistics for configuration changes or errors and for rogue devices Click on a statistic to open the related tab in the Content panel The Alerts panel is located on the left side of the main window below the Content panel Alerts gt Config O Errors 26 Warnings gt Network 2 Errors 0 Warnings gt Rogue Detection 7 Rogues gt Local Changes None gt Network Changes None To navigate to more informat
515. ts click Properties change the port state in the dialog then close the dialog The changes take effect on all the ports you selected Reviewing and Deploying Changes Reviewing Changes 3WXM does not automatically deploy switch configuration changes from the network plan to the actual switches in the network The following options in the Task List panel allow you to review and deploy changes a Review Displays a categorized list of the undeployed changes a Deploy Sends the changes to the network Click Review to review undeployed configuration changes Changes are listed by feature category To hide or redisplay a category click on the double arrow next to the category name A plus sign next to a configuration item indicates there are multiple changes for that item Click the plus sign to display the individual changes To print the list of changes click Print Deploying Changes Using the Create Wireless Switch Wizard 165 To deploy all the changes click Deploy 3WXM compares the changes to the verification rules and lists any warnings or error messages If there are any errors 3WXM will not deploy the changes To deploy the changes you must first resolve the errors To resolve configuration errors use the Verification option See on page 363 Using the Create Wireless Switch Wizard Access the Create Wireless Switch wizard a Select the Configuration tool bar option b In the Organizer panel s
516. twork Plan Managing Network Plans 59 To delete a network plan In the main 3WXM window select File gt Delete Network Plan The Delete Network Plan wizard appears 2 Select the network plan you want to delete from the list 3 Click Next The network plan is deleted 4 Click Finish Since the 3WXM plan repository resides on a networked server the host running 3WXM Services you can easily share access to network plans among hosts running the 3WXM client When you make changes to a network plan 3WXM locks the part of the plan you are modifying Other 3WXM clients can still open the network plan but the lock prevents the other clients from modifying the part of the plan you are already modifying The lock remains in effect until your modification is saved 3WXM then removes the lock When a user with an administrator or provision account tries to access a part of a plan that is already locked by another user 3WXM displays the Lock Info page The Lock Info page indicates who has locked the network plan You can optionally override the user s lock Note that only a user with Administrator privileges can override another user s lock To override another user s lock Select Tools gt 3WXM Services Lock Management The 3WXM Services Lock Management dialog box appears Select the lock you want to delete and click on Delete Lock Only an Administrator can delete a lock A message is displayed indicating that the user whose lock
517. u can generate a work order report The work order report provides all of the necessary information for the physical installation of the 3Com Mobility System A work order shows where the MAPs should be installed WX initial setup configuration information and projected RSSI information that is useful when verifying the installation After deployment you can generate a work order with the optional RSSI projection tables and MAP MAC addresses and use it for post deployment verification To generate a work order report Display the floor plan in the Content panel 2 In the Task List panel click RF Planning 3 Under RF Planning click Work Order Report The Work Order Generation dialog is displayed t Work Order Generation Scope SE RTFM X v RF Coverage Show RF Coverage On Entire Floor Options v RSSI Projections Show Unreachable APs C Show Disabled APs Show APs on Other Floors Language English v Output Directory C Documents and Settings mattb My Documents Results Select the scope for work order generation ZP Generate Bl Close 156 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 4 gt 10 11 Specify whether to include the following information in the work order a RF Coverage a RSSI Projections a Show Disabled MAPs only available if RSSI Projections is selected a Show RF Coverage On Entire Floor only available
518. u see in Event tab based on event severity 1 Click on the Severity tab Select or clear the severity levels to display the following descriptions are WX based a Emergency tThe WX is unusable a Alert Action must be taken immediately a Critical You must resolve the critical condition If you do not resolve the condition the WX might reboot or shut down a Error The WX is missing data or unable to form a connection a Warning A possible problem exists a Notice Events that potentially can cause system problems have occurred These are logged for diagnostic purposes a Info Informational messages only No problems exist a Debug Output from debugging By default all severity levels are selected Toggle the All checkbox to select or clear all severity levels After selecting the severity levels to log click Apply to filter out the unwanted severity levels from the list You can limit the events you see in Event Viewer by network facility or 3WXM facility Click on the Facility tab 2 Select or deselect individual facilities 3 After selecting the facilities to log click Apply to filter out the unwanted facilities from the list 382 CHAPTER 14 USING THE EVENT LOG Creating and Saving Filters Deleting Filters Exporting Filtered Data If you have specified additional criteria to filter the events you can save the criteria as a stored custom filter In the Stored Filters group box type a n
519. u to generate reports for network clients RF usage rogue devices and 3Com equipment a Configuration reports a Inventory a Mobility Domain Configuration a WX Configuration a Client monitoring reports a Client Summary a Client Details a Client Errors a Watch List Client a RF reports Network Usage a RF Summary Radio Details a Rogue reports Rogue Details Rogue Summary a RF Planning reports a Site Survey a Work Order When you generate a report you can specify the scope of the report and the location where 3WXM saves the report Some reports also have additional options 3WXM saves the reports in HTML format Generating an Inventory Report 385 Generating an Inventory Report A W N The inventory report lists the WX switches and MAP access points in a specific Mobility Domain or that do not belong to a Mobility Domain To generate an inventory report Select the Reports tool bar option In the Report Category list select Configuration Reports In the Reports list select Inventory Select the scope type of the report from the Report Scope Type drop down list a Network Plan a Mobility Domain Select the instance for which you want the report For example if the scope is Mobility Domain select the Mobility Domain To select or change the output directory for the report click Choose navigate to the new directory and click Select To prevent 3WXM from replacing an existing report of the sam
520. uipment 3ComAir Alphawx1 w 4400 DAP1 FishBowl352 DAP12 MikesOffice DAP14 MAP S Empty DAP15 MAP Cafe Ext DAP16 DAP16 4 Alphawx2 wx1200 Alphawx 3 wx1200 Alphawx5 WXR100 Alphawx4 Wx1200 Sites Alerts The RF Trends view shows current and past 802 11 statistics for radios You can view statistics up to 30 days old and display graphs of data trends v B 4 N Current 1Hour 24Hours 7Days 30Days Show Values As G Absolute C Deltas SNR Through Authoriz Client Fai 802 11P Non 802 Re trans Receiver Noise Flo Cumulative Data SNR Throughput Authorized Cl Client Failures 802 11 Packe Non 802 11 P Re transmits Receiver Thr Noise Floor l 6 25646 4 417 1252474 0 4780841 2 93 Trend Radio1 802 11 Packet Errors Non 802 11 PHY Errors Re transmits Receiver Threshold Noise Floor dBm SNR Throughput bytes sec Authorized Clients Client Failures Table 57 lists the information displayed in the top section of the RF Trends view 448 CHAPTER 16 MONITORING THE NETWORK gt Table 57 RF Trends Columns Column Description Radio MAP name and radio number SNR Signal to noise ratio of the last data packet received by the radio Throughput Rate at which data is transmitted by the radio in bits per Authorized Clients Client Failures 802 11 Packet Errors
521. ultiple BSSIDs However BSSIDs for third party 802 11 radios are listed separately even if a radio is supporting more than one BSSID Channel on which the BSSID is detected Received signal strength indication RSSI in decibels referred to 1 milliwatt dBm A higher value indicates a stronger signal Displaying the To display the SSIDs configured on a radio and their BSSIDs in the RF SSID to BSSID Monitor window select the SSID BSSID Mapping tab at the bottom of Mapping the window 3 i e RF Monitor gb AlphaNET4_1_0 Type Channel Tx Power dBm MAC Equipment i c E 3Com ir A Alphawx1 Wx4400 DAP16 Radiot 802 11g 1 9 00 0b 91 c0 E Alphawx1 wx4400 DAP 1 FishBowl352 DAP 12 MikesOffice DAP13 MAP Empty DAP14 MAP 5S Empty DAP15 MAP Cafe Ext DAP16 DAP16 RF Neighborhood SSID BSSID Mapping Activity RF Environment Alpha wx2 Wx1200 551D I BSSID Alphawx3 wWX1200 3ComAirwlan 00 0b 0e 30 91 c3 Alphawxs WXR100 3com voip 00 0b 0e 30 91 c9 H Alphawx4 wx1200 Scom webaas 00 0b 0e 30 91 cb L public 00 0b 0e 30 91 c1 H Stes 3com tkip 00 0b 0e 30 91 c7 3com ccmp 00 0b 0e 30 91 c5 Alerts a Using the RF Monitor View 445 Displaying the The activity log displays RF Auto Tuning and countermeasures activity for Activity Log the radio To display the activity log in the RF Monitor view select the Activity tab at the bottom of the window B fz RFMonitor AE alphaNeT _1_0 E
522. um data rate for an associated client 268 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS At the end of each power backoff interval radios that temporarily increased their power reduce it by 1 dBm The power backoff continues in 1 dBm increments after each interval until the power returns to expected setting You can specify from 0 to 65535 seconds The default is 10 seconds Service Profile Selection Tab The Profile Selection tab lists the service profiles to which the radio profile is mapped The radios managed by the radio profile provide wireless service for the service profiles SSIDs To map the radio profile to a service profile select the service profile in the Available Service Profiles list Click Add to move the profile name to the Current Service Profiles list To remove the mapping between the radio profile and a service profile select the service profile in the Current Service Profiles list Click Remove to move the profile name to the Available Service Profiles list Radio Selection Tab The Radio Selection Tab lists the radios managed by the radio profile A radio can be managed by only one radio profile To add a radio to the radio profile select the radio in the Available Members list Click Add to move the radio to the Current Members list To remove a radio from the radio profile select the radio in the Current Members list Click Reset to Default to return the radio to the default radio profile If th
523. unable to locate a copy please contact 3Com and a copy will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then this documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are provided in 3Com s standard commercial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com is a registered trademark of 3Com Corporation The 3Com logo is a trademark of 3Com Corporation Mobility Domain Mobility Point Mobility Profile Mobility System Mobility System Software MP MSS and SentrySweep are trademarks of Trapeze Networks Inc Intel and Pentium are registered trademarks of Intel Corporation Microsoft M
524. urrent Members list select the radios you want to return to the default radio profile Configuring Advanced Radio Profile Settings Viewing and Configuring Radio Profiles 265 5 Click Reset To Default 6 Click OK After you configure a radio profile you can select the radio profile and click Properties to display a configuration wizard that contains all the configurable parameters for the radio profile A dialog with the following tabs is displayed a Radio Profile a 802 11 Attributes a Auto Tune a Service Profile Selection a Radio Selection a Voice Configuration Radio Profile Tab The Radio Profile tab lists settings for the following options a Name Radio profile name Countermeasures Mode None Radios do not use countermeasures This is the default All Radios use countermeasures against devices classified by MSS as rogues and against devices classified by MSS as interfering devices A rogue is a device that is in the 3Com network but does not belong there An interfering device is not part of the 3Com network but also is not a rogue MSS classifies a device as an interfering device if no client connected to the device has been detected communicating with any network entity listed in the forwarding database FDB of any WX switch in the Mobility Domain Although the interfering device is not connected to your network the device might be causing RF interference with MAP radios Rogue Radios use c
525. use the Image tab See Managing WX System Images and Configurations on page 345 Monitor Display status information and statistics for equipment or site objects selected in the Organizer panel See Monitoring the Network on page 401 Rogue Detection Display information about rogue or interfering devices detected by MAP radios This option also provides tools for tuning rogue detection settings and for issuing countermeasures against rogues See Detecting and Combatting Rogue Devices on page 457 Tool Bar Options 41 Table 9 3WXM Tool Bar Options continued Option Description Verification Display the Config Verification and Network Verification tabs The Verification tabs enable you to troubleshoot configuration issues on WX switches in the network plan or in the live network a To display more information about an error or warning message click on the row containing the message To resolve the situation causing the message or to ignore the message select options in the Resolutions area of the tab See Verifying Configuration Changes on page 363 Events Display the events log The log includes events generated by 3WXM Services and events generated by the managed WX switches in the network plan To filter the message list use the Filters tab a To display more information about a message click on the row containing the message then use the Detail
526. uthenticate the client SSID the client was requesting User attributes if set to values other than null Cause of the failure Table 43 Activity Details for Authorization Successful Column Description User Name MAC Address Client VLAN Name Session Start Time Username of the client MAC address of the client VLAN to which the client was assigned System date and time on the WX switch when the client s session began 424 CHAPTER 16 MONITORING THE NETWORK Table 43 Activity Details for Authorization Successful continued Column Description Auth Protocol Type Client Location Session ID Client IP Address Session State Auth Server IP SSID 802 1X protocol used to authenticate the client a EAP TLS a MD5 a NONE a PASS THROUGH a PEAP Mobility Domain WX switch MAP and radio that were dealing with the client ID used by 3Com equipment to track the session within the Mobility Domain IP address of the client State of the user session a Associated User is authenticated using an 802 11 protocol and associated with a MAP a Authorizing User is authenticated and is starting the AAA authorization process a Authorized User is authorized a Active User s session is fully active a Deassociated User is disassociated from the MAP s Roaming_away User is roaming a connection in the new location is established Updated_to_roam User is roaming
527. uthentication list box The WX switch uses the fallthru method to try to authenticate a client if the client name or MAC address does not match the userglob or MAC address glob in an 802 1X or MAC authentication rule for the SSID You can select one of the following a Open Access Automatically authenticates the client and allows access to the SSID requested by the client without requiring a username and password from the client a Web Portal Serves the client a web page from the WX switch s nonvolatile storage for login to the SSID a None Denies authentication and prohibits the client from accessing the SSID This is the default The fallthru authentication method is attempted only if the switch does D gt not have an 802 1X or MAC authentication rule for wired access that matches the client s username or MAC address and the client is not denied by either method enabled The Web Portal server is enabled by default See Viewing and Changing Management Settings on page 186 D gt Web Portal requires the Web Portal server on the WX switch to be 3 In the Maximum Sessions column type the maximum number of sessions allowed on the port 1 up to as many as you need The default is 1 4 Click Next 5 To use 802 1X authentication to control access to the port create an 802 1X authentication rule or use one already configured for wired access Otherwise go to step 6 To create a new rule a Click Create j View
528. uto Configured MAPs You can place MAPs that are already installed on the floor into the network plan To do this you upload the MAP configuration into 3WXM associate the MAP with a coverage area then place them on the floor plan In addition MAPs that receive their configuration using a profile are automatically added to the network plan They appear under Objects to Place in the Organizer panel From the Objects to Place panel you can place these MAPs onto the floor plan To place installed MAPs on the floor plan Select the Verification option in the main 3WXM tool bar click the Network Verification tab and upload the MAP configuration into 3WXM See Verifying Configuration Changes on page 363 Select the RF Planning option in the main 3WXM tool bar and display the floor plan in the Content panel In the Coverage Areas section right click on the coverage area for which the MAP is providing coverage and select Edit Properties The Coverage Area Properties dialog appears Click the Associations tab Select the MAP in the Available Access Points group box and click the Add button to move the MAP to the Current Access Points group box 6 Click OK to save the changes and close the dialog box 7 Click on Objects to Place in the Organizer panel 8 Click on the MAP icon then click on the location where you installed the MAP The MAP icon moves from the Objects To Place panel to its location on the floor 136 CHAPTER
529. uto DAP profile also configures the MAP with the MAP and radio parameter settings in the profile The MAP and radio parameter settings in the Auto DAP profile are configurable The Auto DAP profile does not control SSIDs encryption parameters or any other parameters managed by service profiles You still need to configure a service profile separately for each SSID A WX switch can have one Auto DAP profile To view Auto DAP profile settings Select the Configuration tool bar option In the Organizer panel click the plus sign next to the WX switch Click the plus sign next to Wireless Select Auto DAP The Auto DAP profile settings appear in the Content panel 270 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS Changing Auto DAP Profile Settings To change settings for a switch s Auto DAP profile 1 To enable the Auto DAP profile select Enabled gt To select the radio type click the MAP Radio Type box and select the radio type from the list 11a 802 11a 11b 802 11b only 11g 802 11b g In the Enable Blink list select Yes to enable LED blink mode or No to disable it When blink mode is enabled the health and radio LEDs on models alternately blink green and amber allowing you to visually identify a MAP On an AP2750 the 11a LED blinks on and off By default blink mode is disabled If you are configuring dual homing support in the Bias list select High or Low Bias is the priority of one WX conne
530. vegetable based with a low heavy metal content CONTENTS ABOUT THIS GUIDE Conventions 17 Documentation 18 Documentation Comments 19 INSTALLING 3WXM Hardware Requirements 21 Hardware Requirements for 3WXM Client 21 Hardware Requirements for 3WXM Monitoring Service 22 Software Requirements 23 Preparing for Installation 23 User Privileges 23 Serial Number and License Key 24 Installing 3WXM 24 Installation Log File 26 Upgrading 3WXM 26 Uninstalling 3WXM 26 WORKING WITH THE 3WXM USER INTERFACE Overview 29 Display Panels 30 Organizer Panel 30 Alerts Panel 32 Content Panel 33 Task List Panel 35 Resizing a Display Panel 37 Menu Bar Options 38 Tool Bar Options 39 Copying Pasting and Deleting Objects 42 Copy and Paste in the Organizer Panel 42 Copy and Paste Replace in the Organizer Panel 43 Copy and Paste in the Content Panel 43 Enabling Keyboard Shortcut Mnemonics Windows XP Only 44 GETTING STARTED Starting 3WXM 47 Restricting Access to 3WXM 50 Creating an Administrator Account 51 Creating Provision or Monitor Accounts 52 Deleting 3WXM User Accounts 52 Disabling Access Control 52 WORKING WITH NETWORK PLANS Creating a Network Plan 54 Managing Network Plans 55 Saving a Network Plan 55 Opening a Network Plan 56 Importing a Network Plan 57 Closing a Network Plan 58 Deleting a Network Plan 58 Sharing a Network Plan 59 Defining a Mobility Domain 60 Roaming Behavior 60 Traffic Ports Used by a Mobilit
531. vel Skip Floor Levels 3 In the Number Of Floors box specify how many floors the building has 76 CHAPTER 5 PLANNING THE 3COM MOBILITY SYSTEM 4 In the Starting Floor Level box specify the floor number of the first floor in the building To start with a subterranean floor you can specify O or a negative floor number In the Skip Floor Levels box specify floor numbers you want to skip Skipping floors is useful when you want to model only certain floors in a building To enter a list of floors use commas to separate the floor numbers example 1 3 7 To enter a range use a hyphen example 8 12 6 Click OK to close the dialog box 7 From the Content panel you can also change default values for floors in gt 10 the building In the Unit of Measurement list select Feet or Metric If you are importing a drawing of a floor plan choose the measurement system the drawing uses In the Height of the Ceiling box type the number of feet or meters from the floor to the ceiling 1 to 1000 feet or meters The ceiling height is based on the surface of the ceiling where the access points will be mounted not on the center of the plenum space between floors In the Ceiling Type box select the type of ceiling used most commonly in the building 3WXM adjusts the default attenuations based on your selection To change the default attenuation for radios type the number of dB in the 802 11a dB box
532. ver Groups list and click Add The options and processing are the same as those for authentication methods See step 6 Click Finish Viewing and Configuring WebAAA Network Access Rules 313 Viewing and Configuring WebAAA Network Access Rules Viewing Web AAA Network Access Rules kh WN Web AAA allows network users to access the network by logging on a web page When a user attempts to access a web page over the network the WX switch intercepts the HTTP or HTTPS request and serves a login Web page to the user The user enters the username and password and MSS checks the RADIUS server group or local database for matching user information If the username and password match MSS redirects the user to the web page she requested Otherwise MSS denies access to the user The fallthru access type for the SSID or wired authentication port must be set to Web Otherwise the web access rule will not take effect A web access rule is not used if the username matches on the user glob or MAC address glob in an 802 1X or MAC access rule and the rule also matches on the SSID or wired authentication port through which the user is trying to access the network In this case the 802 1X or MAC rule is used instead Web Portal WebAAA replaces the WebAAA implementation in MSS Version 3 x The previous implementation is deprecated beginning in MSS Version 4 0 During upgrade from MSS Version 3 x your 3 x WebAAA configuration is automat
533. w x 3 WX1200 48361 0 47 875164 0 715177 2 95 AlphaWX5 WXR100 7 35 48888 2 223 269790 O 679093 2 93 Alphawx4 w x1200 Alphawx1 ME 22339 5 3234 379726 O 2123500 2 91 Sites Cumulative Data Noise Floor No Graph Available For Display Alerts a 410 CHAPTER 16 MONITORING THE NETWORK Displaying Object To drill down for more detailed information for an object in the Explore Details view double click on the object All Monitor views including the Explore view itself are updated to display information specifically about the selected object For example if the Explore window is showing link status for a Mobility Domain and you want to display information for a specific WX switch double click on the switch Displaying 802 11 When a floor view is displayed in the Explore view you can display Coverage 802 11 coverage for the floor To display coverage select MAPs then click on one or more of the following icons on the Explore view s toolbar am Displays 802 11a coverage lA a Displays 802 11b coverage LB i a Displays 802 11g coverage Wai Here is an example of the 802 119 coverage of a MAP radio displayed according to the baseline association rate of 36 Mbps QA BB El SowRF coverage tang sre soaminiate RRB a all P fz 2 Explore SE alphaNeT4_1_0 Equipment Ek ates Engr_B SalesAndMarketing_G 3Com Corp
534. wx4400 AlphaWX1 WX4400 Received data at Mon Dec 05 19 27 46 PST 2005 Exporting Performance Data You can export performance data absolute values only to a file in comma delimited text csv format To export data to a file 1 In the Statistics tab click Export Absolute The Export Data dialog box appears v Export Data Export to file _ Choose V Overwrite Existing Files V Copy Files Before Overwriting Results 456 CHAPTER 16 MONITORING THE NETWORK 2 To specify a directory and name for the file click Choose 3 To overwrite existing files select Overwrite Existing Files By default this option is selected 4 To make a copy of files before overwriting them select Copy Files Before Overwriting By default this option is selected The existing file is copied to a file with a bak extension 5 Click Export You can see the progress in the Results box The data is written to a comma delimited file in the directory you specified 6 To close the Export Data dialog box click Close 17 DETECTING AND COMBATTING ROGUE DEVICES This chapter discusses how to manage rogue devices that try to use your wireless network Information includes an overview of detection features enabling countermeasures using the Rogue Detection tab displaying a rogue s geographical location ignoring friendly third party devices and converting a rogue into a third party AP
535. x click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items In the Task List panel select Reboot APs 5 Select the MAPs you want to reboot Click Reboot Information about the rebooting process is shown in the Status column Click Close Enabling or Disabling Management of a Switch by 3WXM 357 Enabling or Disabling Management of a Switch by 3WXM The Devices tab lists managed switches and unmanaged switches separately Managed switches can be deployed to the network and can be monitored by 3WXM Services Unmanaged switches can be configured in 3WXM but cannot be deployed to the network or monitored by 3WXM Services To enable switches to be managed by 3WXM Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Managed Devices list select the WX switches you want to manage To select more than one WX click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items In the Task List panel select Manage Device To disable management of switches by 3WXM Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Managed Devices list select the WX switches you want to stop managing with 3WXM To select more than one Wx click Shift while clicking to select contiguous items or click Ctrl while clicking
536. xadecimal string or IP address in the Value box To configure authentication and encryption settings finish this procedure then select the USM user and click Properties Click Next For SNMPv2c or SNMPv3 select the notification type a Inform The switch expects to receive acknowledgements from the notification target a Trap tThe switch does not expect to receive acknowledgements from the notification target To change the acknowledgement settings for informs specify the following a In the Timeout box specify the number of seconds you want the switch to wait for acknowledgement of a notification You can specify from 1 to 5 seconds The default is 2 16 A W N Viewing and Changing Management Settings 195 b In the Retry Count box specify the number of times the MSS SNMP engine will resend a notification that has not been acknowledged by the target You can specify from O to 3 retries The default is O Click Finish Modifying a USM User Notification Profile or Notification Target Select the object you want to modify Click Properties Make the changes Click OK For information about the settings you can modify see the descriptions in the following sections a Configuring a USM SNMP V3 User on page 189 a Configuring a Notification Profile on page 191 a Configuring a Notification Target on page 191 Configuring 3WXM Services as a Notification Target Access the Setup 3WXM Notificat
537. xisting sessions To apply the ACE only to established sessions enable the established option Select the TCP ACE in the ACL table In the Task List panel select Enable Established Connections To specify the type and code for ICMP ACEs Select the ICMP ACE in the ACL table In the Task List panel select ICMP Properties Select or type the ICMP message type in the Type box See Table 17 Select or type the ICMP message code in the Code box See Table 17 Click OK Table 17 ICMP Messages and Codes ICMP Message Type Number Code Number Echo Reply 0 None Destination Unreachable 3 a Network Unreachable 0 a Host Unreachable 1 Protocol Unreachable 2 a Port Unreachable 3 a Fragmentation Needed 4 Source Route Failed 5 Source Quench 4 None Redirect 5 a Network Redirect 0 a Host Redirect 1 a TOS and Network Redirect 2 a TOS and Host Redirect 3 Echo 8 None Time Exceeded 11 TTL Exceeded 0 a Fragment Reassembly Time Exceeded 1 Parameter Problem 12 None 228 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS Adding a New ACE to a Configured ACL Mapping an ACL 1 Table 17 ICMP Messages and Codes continued ICMP Message Type Number Code Number Timestamp 13 None Timestamp Reply 14 None Information Request 15 None Information Reply 16 None To add a new ACE to a configured ACL Access the ACL table a Select t
538. y Domain 62 Creating a Mobility Domain 62 Creating a WX Switch 63 Creating a Third Party AP 63 Changing the Country Code 65 Applying the Network s RF Auto Tuning Settings to the Network Plan 65 Uploading a WX Switch into the Network Plan 66 Converting Auto DAPs into Statically Configured APs 67 Creating a Network Domain 67 PLANNING THE 3COM MOBILITY SYSTEM RF Planning Overview 69 Accessing the RF Planning Tools 70 Creating or Modifying a Site 72 Creating or Modifying Buildings in a Site 74 Creating or Modifying Floors 77 Importing or Drawing Floor Details 78 Importing a Drawing of a Floor 78 File Recommendations 79 Preparing a Drawing Before Importing It 79 Cropping the Paper Space 84 Adjusting the Scale of a Drawing 85 Adjusting the Origin Point 86 Working with Layers 87 Cleaning Up a Drawing 89 Drawing Floor Objects Manually 93 Specifying the RF Characteristics of aFloor 94 Recommendations 94 Converting Objects into RF Obstacles 95 Drawing RF Obstacles 97 Importing RF Obstacle Data from a Site Survey 98 Defining Wireless Coverage Areas 110 Creating a Wiring Closet 111 Defining a Coverage Area 113 Editing Coverage Areas 125 Placing Third Party Access Points 130 Moving a Third Party AP Icon to its Floor Location 131 Creating and Placing an Icon for a Third Party Access Point 131 Placing Installed and Auto Configured MAPs 135 Computing MAP Placement 136 Computing and Placing MAP Access Points for a Coverage Area 136 Assigning MAP
539. y the robustness value 2 to 255 which sets IGMP timers to adjust to the amount of traffic loss on the network Set the robustness value higher to adjust for more traffic loss The default is 2 To enable proxy reporting which summarizes collected station IGMP reports select Proxy Report To enable multicast router solicitation which allows the WX to discover multicast routers on the subnet select Multicast Router Solicitation In the Solicitation Interval box specify the interval 1 to 65 535 seconds between multicast router solicitations by a WX The default interval is 30 seconds Click OK Configuring Static Multicast Ports A WX learns about multicast routers and receivers from multicast traffic received from those devices When the WX receives traffic from a multicast router or receiver the WX adds the port that received the traffic as a multicast router or receiver port The WX forwards traffic to multicast routers only on the multicast router ports and forwards traffic to multicast receivers only on the multicast receiver ports The router and receiver ports that the WX learns based on multicast traffic age out if they are unused If necessary you can statically configure multicast router ports or multicast receiver ports on the WX You can only add network ports as static multicast router ports or multicast receiver ports Ports you add are immediately added to the list and do not age out 216 CHAPTER 6 CONFIGURING
540. zer panel select the WX switch 3 In the Task List panel select Change Model The Change Model wizard appears Select the model from the drop down list 5 Click OK You can specify the number of hours and optionally the minutes that the WX switch s real time clock is offset from Coordinated Universal Time UTC also known as Greenwich Mean Time GMT The time zone information is used by Network Time Protocol NTP if you enabled it You can also specify whether the WX modifies the clock during daylight savings time or similar summertime period 1 Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select Timezone The Timezone Properties wizard appears In the Name box type the name for the time zone 1 to 16 alphanumeric characters with no spaces or tabs In the Offset Hours box select the number of hours between 23 and 23 to subtract from or add to UTC 10 11 12 13 14 15 16 17 18 Changing System Information Modifying Basic Switch Parameters 173 Optionally in the Offset Minutes box select the number of minutes between 59 to 59 to subtract from or add to UTC In the DST Name box type the name for the summertime offset 1 to 16 alphanumeric characters with no spaces or tabs In the Start Month list select the month of the year when the time change starts In the Start Week list select the week of the month when the time c
Download Pdf Manuals
Related Search