Acces Point 3com Manual

OfficeConnect
Wireless 108 Mbps 11g PoE Access Point

User Guide
3CRGPOE10075
(WL-529)
http://www.3com.com/
Part No. DUAPOE10075BAA01
Published December 2004
3Com Corporation
350 Campus Drive
Marlborough, MA USA
01752-3064
Copyright 2004, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced
in any form or by any means or used to make any derivative work (such as translation, transformation, or
adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are
provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or
as a commercial item as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Coms standard commercial license for the Software. Technical data is provided with limited rights
only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.
You agree not to remove or deface any portion of any legend provided on any licensed program or
documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not
be registered in other countries.
3Com, the 3Com logo, and OfficeConnect are registered trademarks of 3Com Corporation.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows
NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of
Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively
through X/Open Company, Ltd.
Netscape Navigator is a registered trademark of Netscape Communications.
JavaScript is a trademark of Sun Microsystems
All other company and product names may be trademarks of the respective companies with which they are
associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we
are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental
standards. Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labeled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is
fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and
the inks are vegetable-based with a low heavy-metal content.
CONTENTS
ABOUT THIS GUIDE
Conventions 1
Related Documentation 3
Documentation Comments 3
INTRODUCING THE OFFICECONNECT WIRELESS ACCESS POINT

Overview 5
Features and Capabilities 6
Wireless and Networking 6
Security 12
Configuration and Management 15
Package Contents 16
Physical Features 17
Front Panel 17
Back Panel 17
Overview of Setup and Management Tasks
18
INSTALLING AND CONNECTING THE ACCESS POINT

Before You Begin 19
Installation Requirements 19
Wireless Station Requirements 19
Security Information 20
Positioning the Access Point 20
Powering On and Connecting the Access Point
Using the Supplied Power Adapter 21
Using Power over Ethernet 21
Verifying the Installation 22
Accessing the Web Interface 22
With a DHCP Server 23
Without a DHCP Server 26
21
CONFIGURING THE ACCESS POINT

Navigating the Web Interface 27
Menu and Tabs 27
Buttons 28
Timeout Setting 28
Defining Security Profiles 28
Configuring and Enabling a Profile 29
Setting the Primary Profile 44
Isolating Wireless Clients with Different Profiles 44
Controlling Access to the Wireless Network 45
Defining the List of Trusted Stations 46
Enabling Access Control Based on MAC Address 48
Backing Up the Access Control List 49
Configuring System Settings 49
Configuring the Wireless Settings 52
Basic Wireless Settings 52
Advanced Wireless Settings 57
CONFIGURING THE WIRELESS STATIONS

Configuration Overview 59
No Security 59
Using WEP 60
Using WPA-PSK 61
Using WPA-802.1x 61
Configuring the RADIUS Server 61
Configuring the Wireless Stations 62
Using 802.1x 62
Setting Up Microsoft IAS as RADIUS Server
Setting Up Windows XP for 802.1x 72
Using 802.1x Without WPA 77
63
PERFORMING ADDITIONAL ADMINISTRATIVE TASKS

Configuring Administrator Access 79
Changing the Default Logon Account 80
Configuring Admin Connections 80
Viewing Information About the Device 81
Viewing the Device Status 81

Viewing Profiles 82
Viewing Associated Wireless Stations 83
Working with Logs 83
Viewing Device Statistics 85
Working with the Configuration File 86
Backing Up the Configuration File 87
Restoring Settings from a Backup 88
Restoring Settings to Factory Defaults 88
Sending Device Logs to a Syslog Server 88
Configuring the SNMP Agent 89
Upgrading the Firmware 91
Automating Updates and Configuration 92
Automating Configuration 92
Automating Updates 93
Detecting Rogue Access Points 94
Viewing Detected Rogue Access Points 96
TROUBLESHOOTING
Basic Connection Checks 97
Cannot Connect to the Wireless Access Point to Configure It 97
Forgotten Password and Reset to Factory Defaults 98
Wireless Station Cannot Connect to the LAN via the Access Point 98
TECHNICAL SPECIFICATIONS
Hardware Specifications 99
Wireless Specifications 100
Software Specifications 102
COMMAND LINE REFERENCE

Connecting to the CLI via Telnet 105
Connecting to the CLI via the Serial Port 106
Cable Pinouts for Serial Connectors 107
Command Reference 108
WIRELESS LAN BASICS

Wireless Modes 121
Ad Hoc Mode 121
Infrastructure Mode 121
SSID/ESSID 121
BSS/SSID 121
ESS/ESSID 122
Wireless Channels 122
Security Settings 122
WEP 122
WPA-PSK 123
WPA-802.1x 123
802.1x 123
CONFIGURING THE TCP/IP SETTINGS OF WIRELESS STATIONS

Overview of TCP/IP 125
Configuring TCP/IP on Windows XP 125
Configuring TCP/IP on Windows 2000 128
Configuring TCP/IP on Windows Me/98/95 130
Configuring TCP/IP on Windows NT 4.0 131
OBTAINING SUPPORT FOR YOUR PRODUCT

Register Your Product 135
Purchase Value-Added Services 135
Troubleshoot Online 136
Access Software Downloads 136
Telephone Technical Support and Repair
Contact Us 137
SAFETY INFORMATION
Important Safety Information 139
Wichtige Sicherheitshinweise 140
Consignes Importantes de Scurit 141
136
GLOSSARY
INDEX
REGULATORY NOTICES
ABOUT THIS GUIDE
This guide describes how to install and configure the OfficeConnect

Wireless 108 Mbps 11g PoE Access Point (3CRGPOE10075).
This guide is intended for use by those responsible for installing and
setting up network equipment. Consequently, it assumes a basic working
knowledge of LANs (local area networks).
If a release note is shipped with your product and the information there
differs from the information in this guide, follow the instructions in the
release notes.
Most user guides and release notes are available in Adobe Acrobat
Reader Portable Document Format (PDF) or HTML on the 3Com
World Wide Web site:
Conventions
Throughout this guide, the OfficeConnect Wireless 108 Mbps 11g PoE
Access Point is referred to as the Access Point.
The computer used to configure the Access Point is referred to as the
admin computer. During the initial configuration, the admin computer
must be connected to the same switch or hub as the Access Point.
Table 1 and Table 2 list conventions that are used throughout this guide.
ABOUT THIS GUIDE
Table 1 Notice Icons

Icon
Notice Type
Description
Information note
Information that describes important features or

instructions
Caution
Information that alerts you to potential loss of data or

potential damage to an application, system, or device
Warning
Information that alerts you to potential personal injury
Table 2 Text Conventions

Convention
Description
Screen displays This typeface represents information as it appears on the

screen.
Syntax
The word syntax means that you must evaluate the syntax
provided and then supply the appropriate values for the
placeholders that appear in angle brackets. Example:
To change your password, use the following syntax:
system password <password>
In this example, you must supply a password for
<password>.
Commands
The word command means that you must enter the

command exactly as shown and then press Return or Enter.
Commands appear in bold. Example:
To display port information, enter the following command:
bridge port detail
The words enter

and type
When you see the word enter in this guide, you must type
something, and then press Return or Enter. Do not press
Return or Enter when an instruction simply says type.
Keyboard key names
If you must press two or more keys simultaneously, the key

names are linked with a plus sign (+). Example:
Words in italics
Italics are used to:
Press Ctrl+Alt+Del
Emphasize a point.
Denote a new term at the place where it is defined in the

text.
Identify menu names, menu commands, and software

button names. Examples:
From the Help menu, select Contents.
Click OK.
Related Documentation
Related
Documentation
In addition to this guide, each OfficeConnect Wireless 108 Mbps 11g PoE
Access Point documentation set includes the following:
Quick Start Guide

This guide provides information to help you easily set up the Access
Point in a network environment.
Online Help
This online help system is accessible from the Web interface. It
provides information that helps you perform tasks using the Web
interface.
Release Notes
These notes provide information about the current software release,
including new features, modifications, and known problems.
Documentation
Comments
Your suggestions are very important to us. They will help make our
documentation more useful to you. Please e-mail comments about this
document to 3Com at:
pddtechpubs_comments@3com.com
Please include the following information when contacting us:
Document title
Document part number (on the title page)
Page number (if appropriate)
Example:
SuperStack II Switch 1100 User Guide
Part number: DUA1695-0AAA02
Page 25
Please note that we can only respond to comments and questions about
3Com product documentation at this e-mail address. Questions related to
technical support or sales should be directed in the first instance to your
network supplier.
ABOUT THIS GUIDE
INTRODUCING THE
OFFICECONNECT WIRELESS
ACCESS POINT
This chapter provides an overview of the features and capabilities of the
OfficeConnect Wireless 108 Mbps 11g PoE Access Point. It also
identifies the contents of the Access Point kit and helps you get to know
the physical features of the device.
Overview
3Com wireless systems let you simply and confidently extend network
information and applications to difficult-to-wire locations and to your
mobile workforce, making your business more productive, competitive
and successful. The 3Com OfficeConnect Wireless 108 Mbps 11g PoE
Access Point is the affordable choice for extending your network to
places where wires cannot go.
A single Access Point can make the Internet, e-mail, and network
resources such as printers available to dozens of wireless station users.
And because 3Com OfficeConnect Wireless 108 Mbps 11g PoE Access
Point is Wi-Fi certified, you can be sure it will work reliably with certified
equipment from other manufacturers.
CHAPTER 1: INTRODUCING THE OFFICECONNECT WIRELESS ACCESS POINT
Figure 1 Network Architecture with OfficeConnect Wireless Access Point
Wired Local
Area Network
3Com Wireless
Access Point
Stat
us
Pow
er
LA
N
Wire
less
Wireless
Stations
Features and
Capabilities
Wireless and
Networking
The Access Point integrates standards-based features that provide for

seamless integration into your existing network and simplify
configuration and management. It also includes advanced security
features that help you control access to the wireless network and protect
data that is transmitted between wireless devices.
Table 1 lists the wireless and networking features that the Access Point
provides.
Table 1 Wireless and Networking Features
Feature
Description
Standards compliance
Complies with the IEEE802.11g (DSSS) specifications for

wireless local area networks
802.11g-802.11b
backward-compatibility
11g radio supports both11g and 11b wireless stations,

preserving existing wireless investments
11g Turbo mode
Provides higher throughput capability, up to 108 Mbps

on the 2.4 GHz band, for wireless stations with
compatible network adapters
Features and Capabilities
Table 1 Wireless and Networking Features

Feature
Description
Dynamic rate shifting

and auto network
connect
Automatically moves between connection speeds in

response to physical conditions and RF interference
Power over Ethernet

(PoE)
Solves hard-to-wire location problems and reduces

cabling on the network. See PoE Support.
User support
Each Access Point can support up to 64 simultaneous

users (wireless stations), allowing plenty of room for
growth
WDS support
Supports Wireless Distribution System (WDS) for

compatible wireless devices, allowing the Access Point to
act either as a wireless bridge or client/repeater. Both
point-to-point (PTP) and point-to-multipoint (PTMP)
bridge modes are supported. See WDS Support.
Simple configuration
Provides an intuitive Web interface and default settings

that are suitable for most environments
DHCP client support
Automatically obtains an IP address on a network that

has a DHCP server, simplifying configuration and
management
Upgradeable firmware
Device firmware in a flash memory can be upgraded

easily from the Web interface
PoE Support
PoE support makes it easier to overcome installation problems with
difficult-to-wire or hard-to-reach locations. The same Category 5 cable
that connects the Access Point to the wired network also provides its
power, so AC power outlet locations and extra cabling are no longer
issues. You can source power from an 802.3af-compliant power sourcing
equipment (PSE) or use the supplied power adapter to power the Access
Point.
You can use the following 3Com PoE products to supply power to
OfficeConnect Wireless 108 Mbps 11g PoE Access Point:
Baseline Switch 2226-PWR Plus 3C16490
SuperStack3 Switch 4400 PWR 3C17205
PoE Single-Port Midspan Solution 3CNJPSE
PoE 24 Port Midspan Solution 3CNJPSE24
WDS Support
Wireless Distribution System (WDS) allows you to build a completely
wireless infrastructure using access points, instead of wires, to
interconnect multiple networks. WDS also helps you create large wireless
networks by linking several wireless access points with WDS links. WDS is
normally used in large, open areas where pulling wires is cost prohibitive,
restricted, or physically impossible.
You can use the Access Point to build a WDS on the network. It can
function either as a wireless bridge or wireless client/repeater.
For WDS to work, all participating access points in the distribution system
must support WDS. If you are using access points other than the
OfficeConnect Wireless 108 Mbps 11g PoE Access Point to build a WDS,
check the documentation for these access points and verify that they
support WDS.
Wireless Bridge
In a wireless bridge configuration, access points are configured to
interconnect or bridge two or more wired local networks at the link
layer. When wired local networks are bridged, devices on each network
can access resources on the other network.
The Access Point supports two wireless bridge modes:
Point-to-Point (PTP)
Point-to-Multipoint (PTMP)
In PTP mode, only two access points are configured to bridge two wired
networks. To configure the OfficeConnect Wireless Access Point to bridge
with a compatible access point, you need to specify the MAC address of
each device on the other to establish a PTP bridge. Figure 2 illustrates
how two access points in PTP mode connect two wired networks.
Figure 2 Point-to-Point WDS
Wired
Network B
Wired
Network A
WDS Link
atS
sut
oP
rew
NA
sse
ler
iW
Statu
s
Powe
r
LA
N
Wire
les
PTMP mode, as shown in Figure 3, interconnects three or more wired

networks using multiple access points that function as wireless bridges. In
a PTMP configuration, one access point is configured as the master AP
and set to PTMP mode. The other access points, or the slaves, are set
to PTP mode. Master and slave APs in a WDS identify each other by their
MAC addresses.
If you configure the OfficeConnect Wireless Access Point as the master
AP and define the list of access points that are allowed to bridge with the
master AP, you can the set up WDS links with up to eight slave APs. If you
do not define a list of allowed access points, up to 14 slave APs can
bridge with the master AP.
All traffic between slave APs goes through the master AP. The master AP
can bridge with all slave APs, but the slave APs cannot bridge with each
other.
10
Figure 3 Point-to-Multipoint WDS

Wired
Network B
`
`
Slave,
Set to
PTP Mode
Wired
Network A
`
Statu
s
Powe
r
LA
N
Wire
les
WDS Link
Wired
Network C
Master,
Set to
PTMP Mode
atS
sut
oP
rew
NA
sse
ler
iW
WDS Link
Statu
s
Powe
r
LA
N
Wire
les
Slave,
Set to
PTP Mode
Secure WDS Communication

The Access Point secures WDS links using either WEP or WPA-PSK
encryption. If you use WEP, all APs in the system must use the same WEP
key. If you use WPA-PSK, you must create the same security profile (with
the same SSID) on both master and slaves, and configure both master
and slaves to use WPA-PSK.
Wireless Client/Repeater
The Access Point can also function either as a client or repeater. You can
use the Access Point as a repeater to extend the range of your wireless
network. See Figure 3 for an illustration of how the Access Point works as
a repeater.
11
Figure 4 Repeater WDS

Wired
Network
`
`
atS
sut
oP
rew
NA
sse
ler
iW
WDS Link
Statu
s
Powe
r
LA
N
Wire
les
As a client, the Access Point functions like a wireless card that is

connected to a computer to provide a wireless interface. When operating
in client mode, the Access Point can only communicate with a wireless
router or an access point.
12
Figure 5 Client Mode

Wired
Network
`
`
atS
sut
oP
rew
NA
sse
ler
iW
Ethernet Cable
Statu
s
Powe
r
LA
N
Wire
les
Access Point
in Client Mode
Security
Table 2 lists the security features that the Access Point provides.
Table 2 Security Features
Feature
Description
64-/128-/152-bit
Basic and advanced encryption methods protect the privacy
WEP and WPA
of data transmitted over the wireless LAN
128-bit AES and TKIP
encryption
802.1x RADIUS
Helps ensure that only authorized users can access your
server authentication network and centralizes authentication of wireless users
across the network
Security profiles and
multiple SSIDs
Supports creation of up to eight security profiles, allowing

you to create multiple connections with different SSIDs and
wireless security settings. Up to four security profiles can be
enabled simultaneously.
Multiple SSIDs
Supports multiple SSIDs when multiple security profiles are

configured and enabled. With multiple SSIDs, different
clients can connect to the Access Point using different SSIDs
and with different security settings. See Multiple SSIDs.
Multiple SSID
isolation
Blocks communication between wireless stations that are

using different SSIDs
Access control list
Prevents unauthorized access to the wireless network by

allowing only trusted stations, based on their MAC addresses
13
Table 2 Security Features

Feature
Description
VLAN support
Supports the 802.1Q VLAN standard, allowing traffic from

different sources to be segmented. When combined with the
multiple SSID feature, serves as a powerful tool for
controlling access to the wireless network. See VLAN
Support.
RADIUS client
support
Functions as a RADIUS client that can log on to your RADIUS

server
RADIUS MAC
authentication
Uses the RADIUS server on your network to centralizes MAC

address authentication of wireless stations
Rogue AP detection
Detects rogue or unauthorized access points on the local

network
Password-protected
configuration
Requires a password to the Web interface to prevent

unauthorized users from modifying the configuration data
and settings.
Multiple SSIDs
Using multiple SSIDs provides you with more flexibility in configuring your
wireless network, including supporting multiple security schemes
simultaneously.
For example, if you have a number of wireless stations that can only
support WEP encryption while the rest can support WPA, you do not have
to lower the security level for the WPA compliant devices to
accommodate non-WPA compliant stations.
You can configure two security profiles with two different SSIDs one
using WEP and the other using WPA for encryption. And then, let the
wireless stations that can only support WEP associate with the SSID that is
using WEP for encryption. The rest of the wireless stations can associate
with the other SSID that uses WPA.
14
Figure 6 Wireless Stations Using Different Security Settings

3Com Wireless 11g
PoE Access Point
Sta
tus
Pow
er
LA
N
Wire
SSID 1
Using WPA
less
SSID 2
Using WEP
VLAN Support
A virtual LAN (VLAN) is a network of computers that behave as if they are
on the same local network, even if they are physically located on different
segments of the network.
If you have VLANs set up on the network, you can configure the Access
Point to work with a switch to segment associated wireless stations into
different VLANs. Membership of wireless stations in the VLANs can be
defined by mapping SSIDs to available VLAN IDs.
For example, you have two active SSIDs (SSID1 and SSID2) and two
existing VLANs (VLAN1 and VLAN2). To segment wireless stations
associated with SSID1 into VLAN1, you need to map SSID1 to VLAN1
using the VLAN Configuration screen of the Web interface. Do the same
with SSID2 to segment wireless stations that are associated with it into
VLAN2. Figure 7 illustrates this VLAN setup.
VLAN support requires a one-to-one mapping of SSIDs to VLAN IDs. This
means you can segment wireless stations associated with one SSID into
only a single VLAN.
When wireless stations are segmented into a VLAN using the SSID to
which they are associated, they can communicate with other members of
the VLAN.
15
Figure 7 Wireless Stations Segmented into Different VLANs Based on SSIDs

VLAN2
VLAN1
`
Single Ethernet Link

Supports VLAN1 and
VLAN2 Traffic
3Com Wireless
Access Point
Stat
us
Powe
r
LA
N
Wire
les
Wireless
Stations Connected
to SSID2
Wireless
Stations Connected
to SSID1
To enable the switch to forward packets from the wireless stations to the
correct VLAN, the Access Point inserts VLAN membership information
into the packets sent by the wireless stations before forwarding them to
the switch. The switch reads the VLAN tag in each packet, and then
forwards it to the correct VLAN destination.
Since VLAN membership of the wireless stations are configured through
the SSIDs and up to four SSIDs can be enabled at any time, you can
configure the Access Point to forward packets to up to four different
VLANs.
Configuration and
Management
Table 3 lists the configuration and management features that the Access
Point provides.
Table 3 Configuration and Management Features
Feature
Description
Web-based
administration
Works with any Web browser that supports HTML and Java
Script, allowing you to configure and manage the Access
Point from anywhere on the network
16
Table 3 Configuration and Management Features
Package Contents
Feature
Description
Auto configuration
Copies settings from other compatible access points on the

network, simplifying configuration and ensuring that
uniform settings are applied across multiple access points
Auto update
Automatically connects to a specified FTP server, and

downloads and installs any available update. Simplifies the
task of upgrading firmware on multiple Access Points on the
network.
Command Line
Interface
Supports configuration via the command line interface (CLI),

allowing advanced users to create scripts that automate
common configuration changes
NetBIOS and WINS

support
Supports NetBIOS broadcast and WINS, allowing for

seamless integration into an existing Windows network
RADIUS accounting
support
Enables billing by usage for hotspots and other commercial

deployments
Syslog support
Sends log data to a syslog server on the network to

centralize log storage and archiving
SNMP support
Enables remote, central management using popular

third-party network management programs
UAM support
Supports Universal Access Method (UAM), an client

authentication method that is suitable in environments
where user access must be accounted for, as in Internet cafes
and public hot spots
The Access Point Kit includes the following items:
One OfficeConnect Wireless 108 Mbps 11g PoE Access Point
One power adapter
OfficeConnect Wireless 108 Mbps 11g PoE Access Point Quick Start
Guide
One CD-ROM, which contains the setup files for the 3Com Access
Point Manager and a PDF version of the OfficeConnect 108 Mbps 11g
Wireless Access Point User Guide
One warranty flyer
If any of the above items are damaged or missing, please contact your
3Com network supplier immediately.
Physical Features
Physical Features
Front Panel
17
Before setting up the Access Point, 3Com recommends that you first
familiarize yourself with the physical features of the device.
The front panel of the Access Point includes LEDs that indicate the status
of the device. For information on what these LEDs indicate, refer to the
table below.
Table 4 Front Panel LEDs
LED
Description
Status
Red An error has occurred
Off Normal operation
Flashing Access Point is starting up, or firmware is being

upgraded
Green Normal operation
Off No power
Green LAN (Ethernet) port is active
Off No active connection on the LAN (Ethernet) port
Flashing Data is being transmitted or received via the

corresponding LAN (Ethernet) port
Green Idle
Off An error has occurred, or wireless connection is

unavailable
Flashing Data is being transmitted or received via the

Access Point. Data includes network traffic and user data.
Power
LAN
Wireless
Back Panel
The back panel of the Access Point is where you make the physical
connections power, Ethernet cable, and serial cable for console
connection. It also includes the antenna port and the Reset button.
Table 5 Back Panel Ports and Connections
Part
Description
Antenna
One aerial antenna is supplied. For best results, make sure

the antenna is in a vertical position.
Console port
DB9 female RS-232 port for establishing control terminal

connection
Use of the RS-232 port is only for experienced users and is
not required for normal configuration. For normal
configuration and management, use the Web interface.
18
Table 5 Back Panel Ports and Connections

Part
Description
Reset button
Use the Reset button to:
Reboot the device To restart or reboot the device, press

the Reset button for about five seconds (or until the
Status LED turns red), and then release.
Reset the device to factory defaults To clear your

settings and restore the device to its factory settings, do
the following:
1 Power off the Access Point.

2 Press the Reset button, while powering on the device.
Keep the Reset button pressed until the Status LED
flashes red twice.
3 Release the Reset button.
Overview of Setup
and Management
Tasks
Ethernet
Use a standard LAN cable (with RJ-45 connectors) to connect

this port to a 10BaseT or 100BaseT hub on your LAN
Power port
Connect the supplied power adapter to this port, and then

connect the plug to a power source
The following are tasks that you need to perform to get the Access Point
up and running, and to enable wireless stations on the network to
associate with it.
1 Install the Access Point Information on preparing for, performing, and
verifying the installation is available in Chapter 2 starting on page 19.
2 Access the Web interface and configure the Access Point
Information on connecting to the Web interface and configuring the
Access Point is available in Chapter 3 starting on page 27.
3 Configure the wireless stations Information on configuring the
clients to ensure that they can successfully connect to the Access Point is
available in Chapter 4 starting on page 59.
From time to time, you may need to perform administrative tasks such as
changing the password to the Web interface, backing up the
configuration file, and upgrading the device firmware. Step-by-step
procedures for these tasks are available in Chapter 5 starting on page 79.
Troubleshooting information is available in Chapter 6 starting on
page 97.
INSTALLING AND CONNECTING THE

ACCESS POINT
This chapter provides information on installing the Access Point and

connecting it to the local network. It also lists the system requirements
for wireless stations that will associate with the Access Point.
Before You Begin
Installation
Requirements
Before starting with the installation, make sure that you have the
required items for the installation ready. In addition, verify that the
wireless stations on the network have the required components for
wireless communication with the Access Point.
To install the Access Point, you need the following:
Access Point
Power adapter from the Access Point kit
Ethernet cable (not included in the Access Point kit)
To configure the Access Point after installation, you need a computer

with TCP/IP that is connected to the same local network as the Access
Point. This computer must also have a Web browser that supports
JavaScript, such as Netscape 4.7 or later, Internet Explorer 5.0 or later, or
Mozilla 1.2.1 or later.
If you want to use PoE to supply power to the Access Point, you also need
an 802.3af-compliant power sourcing equipment (PSE).
Wireless Station
Requirements
For the wireless stations on the network to be able to communicate with

the Access Point, they must have at least the following:
An operating system that supports TCP/IP networking protocols (for

example, Windows 95/98/NT/Me/2000/XP, UNIX, Mac OS 8.5 or
later).
An 802.11b or 802.11g wireless NIC
20
CHAPTER 2: INSTALLING AND CONNECTING THE ACCESS POINT
This Access Point does not support 802.11a wireless clients.

Security Information
WARNING: Before you start, please read the Important Safety
Information section in Appendix F.
VORSICHT: Bitte lesen Sie den Abschnitt Wichtige Sicherheitshinweise
sorgfltig durch, bevor Sie das Gert einschalten.
AVERTISSEMENT: Veuillez lire attentivement la section Consignes
Importantes de Scurit avant de mettre en route.
Positioning the
Access Point
The Access Point can be installed on a flat surface (for example, on a

desktop) or wall-mounted. When deciding where to install the Access
Point, choose a location that:
Allows easy viewing of the front panel LED indicator lights, and access
to the rear panel connectors, if necessary.
Is centrally located to the wireless computers that will connect to the

Access Point. A suitable location might be on top of a high shelf or
similar furniture to optimize wireless connections to computers in
both horizontal and vertical directions, allowing wider coverage.
When positioning your Access Point, ensure:
It is out of direct sunlight and away from sources of heat.
Cabling is away from power lines, fluorescent lighting fixtures, and

sources of electrical noise such as radios, transmitters and broadband
amplifiers.
There are no thick walls or metal shielding between the Access Point
and the wireless stations. In ideal conditions, the Access Point has a
range of around 150 meters (450 feet). The range is reduced, and
transmission speed is lower, if there are any obstructions between the
wireless devices.
Water or moisture cannot enter the case of the unit.
Air flow around the unit and through the vents in the side of the case
is not restricted. 3Com recommends you provide a minimum of 25
mm (1 in.) clearance.
Powering On and Connecting the Access Point
Powering On and
Connecting the
Access Point
21
The procedure for connecting the Ethernet cable to and powering on the
Access Point depends on whether you want to use the supplied power
adapter or PoE.
To use PoE, you must have a power sourcing equipment (PSE). You may
also need an additional Ethernet cable for connecting the PSE unit to a
hub, router, or switch.
Using the Supplied

Power Adapter
1 Connect one end of a standard Ethernet cable (either straight-through or
crossover) to the Ethernet port on the back panel of the Access Point.
2 Connect the other end of the cable to a 10/100BaseT hub, router, or
switch on the local network.
3 Connect the power adapter to the Power port on the back panel of the
Access Point, and then connect the plug to a power source.
Figure 8 Powering the Access Point Using the Supplied Power Adapter
Using Power over

Ethernet
If you have a PoE switch, such as the 3Com Baseline Switch 2226-PWR
Plus 3C16490, you can plug the Ethernet cable from the Access Point
directly to a PoE port on the switch to supply power.
22
If you have an 802.3af-compliant power sourcing equipment (PSE), do

the following:
1 Connect one end of a standard Ethernet cable to the Ethernet port on the
back panel of the Access Point. And then, connect the other end to the
P+DATA port on the PSE.
2 Connect another Ethernet cable to the DATA IN port on the PSE, and
then connect the other end to a router, switch, or a computer.
3 Power on the PSE.
Figure 9 Powering the Access Point Using PoE
Verifying the
Installation
Accessing the Web

Interface
To verify that the Access Point has been successfully installed, check the
LEDs on the front panel.
The Status LED should flash, and then go off.
The Power, Wireless, and LAN LEDs should be on.
The Access Point provides an intuitive Web browser-based interface that

you use to configure the device. You connect to this interface using the IP
address that is assigned to the device.
When connected to a network that has a DHCP server, the Access Point
functions as a DHCP client, obtaining an IP address automatically from
the DHCP server. Therefore the IP address to which you need to connect
will depend on whether or not you have a DHCP server on the network.
By default, wireless connection to the Web interface is disabled. The first
time you configure the Access Point, you need to connect to its Web
interface using the wired LAN.
Accessing the Web Interface
With a DHCP Server
23
To connect to the Web interface, you need to know the IP address that
the DHCP server has assigned to the Access Point. To do this, use the
3Com Access Point Manager that is included on the CD-ROM.
Before continuing, check the sticker on the base of the Access Point, and
take note of the Access Point name (for example, SCB8CF22). You may
need this information to select the right Access Point, if the 3Com Access
Point Manager detects other access points on the network.
If the Access Point fails to obtain an IP address from the DHCP server, it
will automatically use its default IP address, 192.168.0.228. If this
happens, follow the instructions in Without a DHCP Server on page 26
to connect to the Web interface.
1 On a computer that is connected to the same local network, insert the
CD-ROM into the CD drive.
The setup program for the 3Com Access Point Manager starts
automatically. If it does not start automatically, run setup.exe in the root
folder of the CD-ROM.
2 Follow the setup wizard instructions to install the utility.
Setup installs the utility and adds the 3Com Access Point Manager folder
to the Windows program menu.
3 Start the 3Com Access Point Manager by pointing to the 3Com Access
Point Manager folder on the program menu, and then clicking 3Com
Access Point Manager.
The 3Com Access Point Manager starts, and then searches the network
for active OfficeConnect Wireless Access Points. When the search is
complete, the utility displays all detected access points, as shown in
Figure 10.
24
Figure 10 3Com Access Point Manager
4 Click the access point name that corresponds to the name on the base of
the Access Point.
5 Click Web Management to start the Web interface.
If the Web Management button is unavailable, it means that the Access
Point and the admin computer are on different subnets. Change the
subnet mask for the Access Point so you can connect to the Web
interface. For more information, refer to If the Access Point Is on a
Different Subnet.
The interface loads in your Web browser and an authentication dialog
box appears.
6 In User name, type admin, and in Password, type password.
User name and password are case-sensitive.
7 Click OK.
If the Access Point Is on a Different Subnet
The default subnet for the Access Point is 255.255.255.0. If your local
network is using a different subnet, the Set IP Address button will be
active. You need to change the subnet mask for the Access Point so you
can connect to the Web interface.
Accessing the Web Interface
25
To change the subnet mask for the Access Point:

1 Click Set IP Address. The IP Configuration screen appears.
Figure 11 IP Configuration Screen
2 Click Fixed, and then configure the following IP settings:
IP Address
Subnet Mask This mask must be the same as the subnet mask for
the admin computer
Gateway
DNS
3 Click OK, and then click Refresh. The 3Com Access Point Manager screen
refreshes, and then the Web Management button becomes available.
4 Click Web Management to start the Web interface.
The interface loads in your Web browser and an authentication dialog
box appears.
26
6 Click OK.
Without a DHCP
Server
If you do not have a DHCP server on the network, you need to

reconfigure the TCP/IP settings of the admin computer to be able to
connect to the Access Points Web interface.
1 Open the Properties dialog box of the network interface card that the
computer is using to connect to the wired local network.
2 Click Internet Protocol, and then click Properties.
3 On the General tab, click Use the following IP address.
4 Assign an IP address and a subnet mask to the computer.
In IP address, type any IP address within the range of 192.168.0.1 to

192.168.0.255, except 192.168.0.228.
In Subnet mask, ensure that it is set to 255.255.255.0.
5 Click OK.
6 Start your Web browser.
7 In the Address or Location bar, type http://192.168.0.228. An
authentication dialog box appears.
9 Click OK.
The interface loads in your Web browser.
CONFIGURING THE ACCESS POINT
This chapter provides information on configuring the Access Point to

enable wireless stations to successfully associate with it.
Navigating the Web

Interface
The Web interface has been designed to enable you to easily perform
configuration tasks and view information about the Access Point.
Figure 12 Access Point Web Interface
Menu and Tabs
The menu is on the left side of the Web interface. When you click an item
on the menu, the related screen will appear in the main part of the
28
CHAPTER 3: CONFIGURING THE ACCESS POINT
interface. If there are more options for the menu selection, then tabs
containing these additional options appear above the main part.
Buttons
Save Click this button to save changes that you have made to the
Access Point settings. These changes will be saved to memory, but will
not be applied until you click Apply/Restart.
Apply/Restart Click this button to write changes you have made to

the flash memory. Clicking Apply/Restart restarts the device and
disconnects all existing connections, including your connection to the
Web interface.
If you are making changes to multiple settings, click Apply/Restart
after you make all the changes to restart the device and apply all your
changes only once.
Timeout Setting
Defining Security
Profiles
Cancel Click to discard any unsaved changes.
Logout Click to log off the Web interface.
Refresh Click to update the information on the screen.
Help A Help button is available on every screen for quick access to

the online help system. The help system contains additional
information about the screens and the tasks that you can perform. To
access the online help system, click Help.
The Web interface has a timeout mechanism that automatically logs you
off if it does not detect any activity within five minutes. This mechanism
helps prevent unauthorized users from accessing the Web interface and
modifying the Access Point configuration.
A security profile contains a service set identifier (SSID) and the wireless
security settings for connections to the Access Point. You can define up
to eight security profiles and enable up to four of them simultaneously.
Although you can enable four security profiles simultaneously, the Access
Point will only broadcast one SSID (based on IEEE standards). Wireless
stations will still be able to connect to the other SSIDs, but users need to
manually add these SSIDs to their list of wireless networks.
With multiple profiles, you can segregate wireless stations into groups
and assign them different security settings based on the SSIDs to which
they will be connecting.
Defining Security Profiles
Configuring and
Enabling a Profile
29
To define a security profile, you need to set the wireless security settings
and the encryption and authentication methods.
1 On the menu, click Security Profiles.
2 Under Current Profiles, select a profile, and then click Configure.
Figure 13 Security Profile Screen with Wireless Security Disabled
3 In Profile Name, type a unique name to assign to the profile.

4 In SSID, type a name that will identify the Access Point on the wireless
network.
5 In Wireless Security System, click an encryption method for securing data
that is transmitted on the wireless network. Available options include:
None Data encryption is disabled
WEP A 64 bit or 128 bit encryption method with user configurable

fixed keys
WPA-PSK A 256 bit encryption method that requires users to enter a

pre-shared key (PSK). It uses an encryption key, which changes over
time, derived from the PSK.
WPA-802.1x Similar to WPA, but requires a RADIUS server on the

network to perform client authentication based on the 802.1x
standard. If your network supports both encryption and
authentication methods, 3Com recommends using this method.
30
802.1x Uses WEP for encryption and a RADIUS server on the

network to perform client authentication
For more information on configuring each encryption method, refer to

Configuring Encryption and Authentication on page 31.
6 If you have a RADIUS server on the network and you want to centralize
client authentication on the RADIUS server, configure the settings for
RADIUS-based MAC address authentication.
RADIUS MAC authentication is not supported by WPA-PSK and
WPA-802.1x. If you set the wireless security system to either WPA-PSK or
WPA-802.1x, the Configure button for RADIUS MAC Authentication will
be unavailable.
More information about these options is available in Configuring
RADIUS MAC Authentication on page 38.
After configuring the settings for RADIUS-based MAC authentication,
click Save, and then Close. Current Status for RADIUS MAC
Authentication will change to Enabled after you save the security profile.
7 If user access to the wireless network needs to be accounted for and you
have a RADIUS server on the network, you can configure Universal Access
Method (UAM) for the security profile.
UAM authentication is not supported by WPA-PSK and WPA-802.1x. If
you set the wireless security system to either WPA-PSK or WPA-802.1x,
the Configure button for UAM will be unavailable.
More information about these options is available in Configuring UAM
on page 40.
After configuring the settings for UAM, click Save, and then Close.
Current Status for UAM will change to Enabled after you save the security
profile.
8 Click Save, and then click Back.
9 From the list of current profiles, click the profile that you have just
configured, and then click Enable.
10 Click Save, and then click Apply/Restart.
31
Configuring Encryption and Authentication

This section lists the configuration options for each available encryption
and authentication method.
WEP Options
If you selected WEP, you need to configure the settings listed in Table 6.
Figure 14 Security Options for WEP
Table 6 Options for WEP

Option
Description
Data Encryption
Select the preferred WEP encryption level, and ensure that

wireless stations have the same setting and key value
Authentication
Normally, you can simply set this to Automatic. However, if

authentication fails, select the appropriate value either
Open System or Shared Key. Check your wireless card's
documentation to determine the correct authentication
method to use.
Key input
Click either Hex (0~9 and A~F) or ASCII depending on your

input method. All keys are converted to Hex; ASCII input is
only provided for convenience.
Key values
Type the keys that you want to use. Other stations must have
the same key. Alternatively, you can automatically generate
keys by clicking Generate Key in Passphrase.
32
Table 6 Options for WEP

Option
Description
Passphrase
To generate WEP keys, type a word or group of printable

characters in this text box, and then click Generate Key. If
encryption strength is set to 64 bit, each of the four key
fields will be populated with key values. If encryption
strength is set to 128 bit, only the selected WEP key field will
be given a key value.
WPA-PSK Options
If you selected WPA-PSK, you need to configure the settings listed in
Table 7.
Figure 15 Security Options for WPA-PSK
Table 7 Options for WPA-PSK

Option
Description
Network Key
Type the key value. Data is encrypted using this key. Other
wireless stations must use the same key.
33
Table 7 Options for WPA-PSK

Option
Description
WPA Encryption
Select your preferred WPA encryption level, and ensure that

wireless stations have the same setting and key value.
TKIP Unicast (point-to-point) transmissions and

multicast (broadcast) transmissions are encrypted using
TKIP
TKIP + 64 bit WEP Unicast (point-to-point) transmissions

are encrypted using TKIP, and multicast (broadcast)
transmissions are encrypted using 64 bit WEP
TKIP + 128 bit WEP Unicast (point-to-point)

transmissions are encrypted using TKIP, and multicast
(broadcast) transmissions are encrypted using 128 bit
WEP
AES - CCMP Unicast (point-to-point) transmissions and

AES - CCMP
Group Key Update
Refers to the key used for broadcast transmissions. If you

want the keys to be updated regularly, select the Group Key
Update check box. And then, in Key Lifetime, specify the
time interval (in minutes) after which the group key will be
dynamically updated.
Update Group Key

when any
membership
terminated
If enabled, the group key will be updated whenever any

member leaves the group or disassociates from the Access
Point.
34
WPA-802.1x Options
If you selected WPA-802.1x, you need to configure the settings listed in
Table 8.
Figure 16 Security Options for WPA-802.1x
Table 8 Options for WPA-802.1x

Option
Description
RADIUS Server
Address
Type the host name or IP address of the RADIUS Server on

the network.
RADIUS Port
Type the port number used for connections to the RADIUS

Server.
Client Login Name
This read-only field displays the name used for the Client
Login on the RADIUS Server. This login name must be
created on the RADIUS Server. On some RADIUS Servers, you
can use the Access Points IP address instead of this name.
Shared Key
Key used for client logon to the RADIUS Server. Type a key
value that matches the value on the RADIUS Server.
35
Table 8 Options for WPA-802.1x

Option
Description
WPA Encryption
Select the preferred WPA encryption level, and ensure that

wireless stations have the same setting and key value.
TKIP Unicast (point-to-point) transmissions and

TKIP
TKIP + 64 bit WEP Unicast (point-to-point) transmissions

are encrypted using TKIP, and multicast (broadcast)
transmissions are encrypted using 64 bit WEP
TKIP + 128 bit WEP Unicast (point-to-point)

transmissions are encrypted using TKIP, and multicast
(broadcast) transmissions are encrypted using 128 bit
WEP
AES - CCMP Unicast (point-to-point) transmissions and

AES - CCMP
AES - CCMP + TKIP Unicast (point-to-point)

transmissions are encrypted using AES - CCMP, and
TKIP
Group Key Update
Refers to the key used for broadcast transmissions. If you

want the keys to be updated regularly, select the Group Key
Update check box. And then, in Key Lifetime, specify the
time interval (in minutes) after which the group key will be
dynamically updated.
Update Group Key

when any
membership
terminated
If enabled, the group key will be updated whenever any

member leaves the group or disassociates from the Access
Point.
RADIUS Accounting
Sends accounting data from the Access Point to the RADIUS

Server.
To enable, select the Enable RADIUS Accounting check

box, and the, in RADIUS Accounting Port, type the
corresponding port number.
Define interval at which updated data will be sent to the

RADIUS server by selecting the Update Report every [ ]
Minutes check box, and specifying a number minutes.
36
802.1x Options
If you selected 802.1x, you need to configure the settings listed in
Table 9.
Figure 17 Security Options for 802.1x
37
Table 9 Options for 802.1x

Option
Description
RADIUS Server
Address
Type the host name or IP address of the RADIUS server on

the network
RADIUS Port
Type the port number used for connections to the RADIUS

server.
Client Login Name
This read-only field displays the name used for the client
login on the RADIUS server. This logon name must be
created on the RADIUS server. On some RADIUS servers, you
can use the Access Points IP address instead of this name.
Shared Key
Key used for client logon to the RADIUS Server. Type a key
value that matches the value on the RADIUS Server.
WEP Key Size
Select the preferred WEP key size:
Dynamic WEP key

(EAP-TLS, PEAP)
64 bit Data is encrypted, using the default key, before

being transmitted. You must enter at least the default
key. For 64 bit encryption, the key size is 5 chars (ASCII)
or 10 chars in HEX (0~9 and A~F).
128 bit Data is encrypted, using the default key, before

key. For 128 bit encryption, the key size is 13 chars
(ASCII) or 26 chars in HEX (0~9 and A~F).
156 Bit Data is encrypted, using the default key, before

key. For 156 bit encryption, the key size is 16 chars
(ASCII) or 32 chars in HEX (0~9 and A~F).
If checked, the required WEP key is dynamically generated.

This may use EAP-TLS, PEAP, or another method, depending
on the methods supported by the client.
Key Exchange Enable this if you want dynamic keys to

be exchanged and updated regularly. If enabled, you
need to specify the Key Lifetime.
Static WEP key

(EAP-MD5)
If enabled, this uses EAP-MD5. You must enter the WEP key
on the WEP Key field below, and on each wireless station.
The WEP Key Index must also match the key index used on
other wireless stations.
RADIUS Accounting
Sends accounting data from the Access Point to the RADIUS

server.
To enable, select the Enable RADIUS Accounting check

box, and the, in RADIUS Accounting Port, type the
corresponding port number.
Define interval at which updated data will be sent to the

RADIUS server by selecting the Update Report every [ ]
Minutes check box, and specifying a number minutes.
38
Configuring RADIUS MAC Authentication

If you have a RADIUS server set up on the network, you can use it to
centralize the authentication of wireless stations based on their MAC
addresses. Authenticated stations will be allowed to associate with the
Access Point.
To use the RADIUS server to authenticate wireless stations based on their
MAC addresses, there are two sets of tasks that you need to perform:
Configure the RADIUS server
Configure the RADIUS-based MAC authentication options on the

Web interface
Configuring the RADIUS Server

If you enabled RADIUS MAC authentication, do the following to ensure
that client authentication using the RADIUS server works:
1 Ensure that the Access Point can log on to the RADIUS server as a RADIUS
client.
Create a RADIUS client account for the Access Point on the RADIUS
server. Use the Access Points IP address or name and specify the same
shared key as configured on the Access Point.
To ensure that the Access Point can log on to the RADIUS server, verify
that the correct RADIUS server address, port, and shared key are
configured on the Access Point. This information is entered either on
the Security screen or the RADIUS-based MAC Authentication screen,
depending on the security method used.
2 On the RADIUS server, create a RADIUS client account for each wireless
station that will authenticate with it. Use the stations MAC address for
the user name, and leave the password blank. The RADIUS server stores
these MAC addresses on a database, which it queries whenever a
wireless station needs to be authenticated.
When RADIUS MAC authentication is enabled and configured, the Access
Point will forward the MAC address of every client that tries to associate
with it to the RADIUS server. Then, the RADIUS server will check if the
stations MAC address is on its database. If it is, the wireless station will
be allowed to associate with the Access Point.
If the wireless stations MAC address is on the RADIUS database, the
entry xx:xx:xx:xx:xx:xx MAC authentication (where
39
xx:xx:xx:xx:xx:xx is the stations MAC address) is added to the Access

Point log. The wireless stations status also appears as Authenticated on
the list of associated stations.
If the wireless stations MAC address is not on the RADIUS database, the
entry xx:xx:xx:xx:xx:xx MAC authentication failed is added to the
log, and the stations status appears as Authenticating on the list of
associated stations.
Configuring the RADIUS MAC Authentication Options
The options on the RADIUS-based MAC Authentication screen appear
different, depending on the wireless security setting that you selected.
Figure 18 RADIUS-based MAC Authentication Screen
On this screen, provide the required information about your RADIUS

server. This information is required to enable the Access Point to
successfully forward MAC addresses of wireless stations to the RADIUS
server for authentication.
Table 10 lists the options that you may need to configure on the
RADIUS-based MAC Authentication screen.
Table 10 Options for RADIUS-based MAC Authentication
Option
Description
Enable RADIUS-based MAC Select this check box to enable MAC authentication
authentication
using the RADIUS server
RADIUS Server Address
If visible, type the IP address or host name of the

RADIUS server on the network
RADIUS Port
If visible, type the port number that on the RADIUS

server that is used by RADIUS clients for connection
40
Table 10 Options for RADIUS-based MAC Authentication

Option
Description
Client Login Name
Displays the name used for client Login on the RADIUS

server. This name must be created on the RADIUS
server.
Shared Key
Used for the client login on the RADIUS server. If

visible, type the same key value as the one on the
RADIUS server.
WEP Key
The WEP key used to encrypt data before it is sent to

the RADIUS server. If visible, type the desired key value
in HEX, and ensure the RADIUS server has the same
key value.
WEP Key Index
Click the preferred key index. You can use any value,
as long as it matches the value on the RADIUS server.
Configuring UAM
Universal Access Method (UAM) is a client authentication method that is
typically used in Internet cafes, hot spots, and similar sites that provide
Internet access.
Any wireless station attempting to connect to the Internet using a Web
browser is directed to a logon page. On this logon page, the user must
enter a user name and password, which are authenticated by a RADIUS
server.
If authentication is successful, the user is granted access to the Internet. If
the user is not authenticated, the Access Point blocks user access to the
Internet and displays another Web page (login failure URL) that provides
information on how to pay for and obtain Internet access. This login
failure Web page is typically on your Web server.
When UAM is enabled and configured, HTTP (TCP, port 80) connections
are checked. UAM only works on HTTP connections; other types of traffic
are ignored.
To use UAM, you need the RADIUS server for client authentication, and
configure the UAM settings. There are two types of UAM authentication
that you can use:
Internal authentication Uses the Web page that is built into the
Access Point
External authentication Uses a customized Web page on your Web

server. If you want to provide more information to the user (for
example, how to pay for and obtain Internet access), use external
41
authentication. You can customize the welcome screen, or even link it

to your organizations Web site.
Figure 19 UAM Screen
Internal UAM Authentication

To use internal UAM authentication, do following:
client.
Verify that the correct RADIUS server address, port, and shared key are
the Security screen or the UAM screen, depending on the security
settings used.
2 Create user accounts on the RADIUS server database, and then grant
them access to the Internet.
3 Verify that the wireless security settings on the wireless stations match
the security settings on the Access Point, including the key (if any).
4 Configure the internal UAM authentication settings.
a On the UAM screen, select the UAM (Universal Access Method) check
box.
b Click Internal Web-based Authentication.
42
c In RADIUS Server Address, type the IP address or host name of the

RADIUS server that will authenticate clients.
d In RADIUS Port, type the port number on the RADIUS server that is
configured for communication with RADIUS clients.
e In Shared Key, type the same key value as the one you set on the
RADIUS server.
f Click Save, and then click Close.
When internal UAM authentication is enabled and configured, any
wireless user that attempts to connect to the Internet using a Web
browser (HTTP/TCP port 80) is redirected to the logon page. After the
user enters a user name and password on the logon page, the RADIUS
server checks its database to verify that the logon credentials are valid.
If the logon credentials are valid, user will be authenticated and allowed
access to the Internet. An entry xx:xx:xx:xx:xx:xx WEB
authentication (where xx:xx:xx:xx:xx:xx is the wireless stations
MAC address) is added to the Access Point log. The wireless stations
status also appears as Authenticated on the list of associated stations.
If the logon credentials are invalid, the user will not be able to access any
other Web page, except for the logon page. An entry
xx:xx:xx:xx:xx:xx WEB authentication failed is added to the log,
and the stations status appears as Authenticating on the list of
External UAM Authentication
To use external UAM authentication, do the following:
client.
Verify that the correct RADIUS server address, port, and shared key are
the Security screen or the UAM screen, depending on the security
method used.
2 Create user accounts on the RADIUS server database, and then grant
them access to the Internet.
43
3 On your Web server, create a welcome page that has a button or link to
the uamlogon.htm page on the Access Point. Users will enter their user
name and password on the uamlogon.htm page.
4 Verify that the wireless security settings on the wireless stations match
the security settings on the Access Point, including the key (if any).
5 Configure the external UAM authentication settings.
a On the UAM screen, select the UAM (Universal Access Method) check
box.
b Click External Web-based Authentication.
c In Login URL, type the URL to the welcome page that you created in
step 3. This is the Web page that users will see when they attempt to
connect to the Internet using a Web browser.
d In Login Failure URL, type the URL to a Web page that you want users
to see if they are not successfully authenticated (for example, if they
used invalid logon credentials). This page can also provide new users
with information on how to pay for and obtain Internet access.
e In RADIUS Server Address, type the IP address or host name of the
RADIUS server that will authenticate clients.
f In RADIUS Port, type the port number on the RADIUS server that is
configured for communication with RADIUS clients.
g In Shared Key, type the same key value as the one you set on the
RADIUS server.
6 Click Save, and then click Close.
When external UAM authentication is enabled and configured, any
wireless user that attempts to connect to the Internet using a Web
browser (HTTP/TCP port 80) is redirected to the welcome page you
created. User must click a link or button to the uamlogon.htm page,
where he needs to enter his user name and password. After the user
enters a user name and password on the logon page, the RADIUS server
checks its database to verify that the logon credentials are valid.
If the logon credentials are valid, user will be allowed access to the
Internet. An entry xx:xx:xx:xx:xx:xx WEB authentication (where
xx:xx:xx:xx:xx:xx is the wireless stations MAC address) is added to
the Access Point log. The wireless stations status also appears as
Authenticated on the list of associated stations.
44
If the logon credentials are invalid, the user will not be able to access any
other Web page, except for the logon page. An entry
xx:xx:xx:xx:xx:xx WEB authentication failed is added to the log,
and the stations status appears as Authenticating on the list of
Setting the Primary
Profile
Although you can enable up to four security profiles with each profile
having a different SSID, the Access Point only broadcasts one SSID. If you
enabled the Broadcast SSID check box on the Wireless > Basic screen, the
Access Point will broadcast the SSID for the primary profile that you set.
You can set the primary profile under the Primary Profile section of the
Security Profiles screen.
1 In 802.11b/g AP Mode, select the profile that you want to set as primary
when the Access Point is in AP mode.
2 In 802.11b/g Bridge Mode, select the profile that you want to set as
primary when the Access Point is in bridge mode.
Figure 20 Primary Profile Options
Isolating Wireless
Clients with Different
Profiles
On the Security Profiles screen, under Isolation, click one of the following
options:
No isolation Click to allow wireless stations that are using different

profiles (and SSIDs) to communicate with each other
Isolate all Profiles (SSIDs) from each other Click to block

communication between wireless stations that are using different
profiles (and SSIDs). Wireless stations that are using the same profile
will still be able to communicate with each other, unless you selected
the Wireless Separation check box on the Wireless > Advanced screen.
Use VLAN (802.1Q) standard Click this option only if the hubs or
switches on your local network support the VLAN (802.1Q) standard.
On a network that supports VLAN, each network packet contains an
ID that identifies the VLAN to which it belongs.
Controlling Access to the Wireless Network
45
Devices that are on different VLANs are isolated from each other. For
VLAN to work correctly, all network devices (for example, hubs,
switches, routers, and gateways) must support the 802.1Q standard.
For an overview of the VLAN support provided by the Access Point, refer
to VLAN Support on page 14.
If you click this option, you also need to assign a VLAN ID to each
security profile. To assign a VLAN ID to each profile, click Configure
VLAN, and then provide the required information on the VLAN screen.
Figure 21 VLAN Screen
Controlling Access
to the Wireless
Network
By default, the Access Points security settings are disabled to allow you
to easily connect and configure it after the initial setup. Anyone that can
detect the SSID that is broadcast on the wireless network can therefore
connect to it.
You can configure the Access Point to prevent unauthorized or untrusted
wireless stations from accessing your wireless network. To do this, you
need to:
1 Define the list of trusted wireless stations. These are the wireless stations
that will be allowed to access the wireless network.
2 Enable access control based on MAC addresses (also known as physical
address)
Before performing these steps, you first need to get the MAC addresses
of the wireless stations that you want to add to the access control list. To
46
determine the MAC address of a wireless station on a Windows

computer:
1 On the Start menu, click Run.
2 In the Open field, type cmd or command. A command prompt appears.
3 Type ipconfig /all, and then press <Enter>.
4 Note the value for Physical Address under the wireless NIC properties. The
MAC address is also called physical address.
Defining the List of
Trusted Stations
There are two ways to define the list of trusted stations:
By manually entering the MAC addresses on the Trusted Stations tab
By importing the MAC address list of trusted stations
Manually Entering the MAC Addresses

1 On the menu, click Access Control.
2 Click the Trusted Stations tab.
3 In Name, type the name for or a description of the wireless station.
4 In Address, type the MAC address of the wireless station that you want to
add. You can type the MAC address with or without the colons that
separate each pair of alphanumeric characters.
For example, you can type either 00:13:CC:6E:DF:4A or 0013CC6EDF4A.
5 Click Add. The MAC address and name (if available) of the wireless
station that you have just added appears under Trusted Wireless Stations.
Controlling Access to the Wireless Network
47
Figure 22 Manually Adding a Trusted Station to the List
Repeat steps 3 to 5 for each wireless station that you want to add to the
access control list.
To delete a MAC address from the list, click the MAC address under
Trusted Wireless Stations, and then click the >> button.
Importing the MAC Address List of Trusted Stations
To create the text-based access control list:
1 On the computer that you are using to configure the Access Point, create
a text file using a text editor (for example, Notepad).
2 Type the MAC addresses of all the wireless stations that you want to add
to the access control list. Each line in the text file must have only one
MAC address.
3 Save the file to your computer.
To upload the access control list:
1 Start the Web interface.
2 On the menu, click Access Control.
3 On the Access Control tab, click Read from File. The Upload Access
Control screen appears.
48
4 Click Browse, and then browse to the location of the text-based access
control list.
Figure 23 Uploading the Text File That Lists the Trusted MAC Addresses
5 Click the text file, and then click OK.

6 Click Upload File.
The MAC addresses in the text file appear on the Access Control tab,
indicating that this information has been successfully saved on the Access
Point.
Enabling Access
Control Based on
MAC Address
After defining the access control list, you need to enable the access
control function of the Access Point.
Before performing this procedure, make sure that the MAC address or
addresses of the admin computer is included in the access control list.
Otherwise, you will no longer be able to access the Web interface after
you enable the access control function.
1 On the Access Control tab, select the Enable Access Control by MAC
Address check box.
2 Click Save.
Configuring System Settings
49
Figure 24 Enabling MAC Address Based Access Control
Backing Up the
Access Control List
To ensure that you can easily restore the access control list if it
accidentally erased, 3Com recommends that you back it up periodically.
To back up the access control list:
1 On the Access Control tab, click Write to File. The File Download dialog
box appears.
2 Click Save. The Save As dialog box appears.
3 Specify a location on the local disk to which to save the file and modify
the file name (if necessary). The default file name is maclist.acl.
4 Click Save.
5 Verify that the list was successfully saved by checking if the file exists in
the target location.
Configuring System
Settings
System settings include information that helps identifies the Access Point
on the network, including the Access Point name, IP address settings, and
WINS configuration.
If you only need to view the current system settings, click Status on the
menu, and then check the information on the Status tab.
50
Figure 25 System Screen
To configure the system settings:

1 On the menu, click System.
2 Configure the identity of the Access Point on the network. You can edit
the following settings:
Access Point Name This is the name that identifies the Access Point
when you are using the Access Point Management utility.
Description (optional) If there are multiple access points on the

network, type a description in this text box to help you identify the
Access Point.
Country or Domain Select your country from the drop-down list.
Use of certain wireless channels is restricted in some countries. To ensure

that you are using only the approved channels, select your country from
the list.
3 Configure the IP address settings of the Access Point.
Configuring System Settings
51
If you have a DHCP server on the network and you want the Access
Point to automatically obtain its IP address from the DHCP server, click
DHCP Client.
If you do not have a DHCP server on the network, click Fixed IP

Address. The Access Point will use its default IP address
(192.168.0.228) and subnet mask (255.255.255.0). If these IP
settings do not match your network settings, change them to ensure
that the Access Point and other devices on the network can
communicate with each other.
4 If you have a WINS server on the network, and you want to use it to
resolve names and addresses used by the Access Point, click Enable WINS,
and then type the host name or IP address in WINS Server Name/IP
Address.
5 Click Save, and then Apply/Restart.
52
Configuring the
Wireless Settings
Basic Wireless
Settings
The Access Point can function either as a standard wireless access point
or a wireless client/repeater.
Basic wireless settings include the settings for the different modes
supported by the Access Point and wireless channel selection.
Figure 26 Basic Wireless Settings Screen
To configure basic wireless settings:

1 On the menu, click Wireless. The Basic tab appears.
2 In Wireless Mode, select the appropriate mode. For information on each
available wireless mode, refer to the following table.
Table 11 Wireless Mode Options
Mode Option
Description
Disable 2.4GHz band Disables the wireless function of the Access Point
802.11b and
802.11g (default)
Allows connections from both 802.11b and 802.1g wireless

stations
Configuring the Wireless Settings
53
Table 11 Wireless Mode Options

Mode Option
Description
802.11b
Allows connections from 802.11b wireless stations only.

802.11g wireless stations may still be able to connect if they
are fully backward-compatible with the 802.11b standard.
802.11g
Allows connections from 802.11g wireless stations only. If

you only have an 802.11g network, select this option
(instead of the default) for optimal wireless performance.
Dynamic Super
802.11g (108Mbps)
Uses Packet Bursting, FastFrame, Compression, and channel

bonding (using 2 channels) to increase throughput.
Only clients that support the Atheros Super G mode can
connect at 108Mbps, and they will only use this speed when
necessary. This option is also backward-compatible with
802.11b and (standard) 802.11g.
Static Super 802.11g Uses Packet Bursting, FastFrame, Compression, and channel
(108Mbps)
bonding (using 2 channels) to increase throughput.
Because this mode always uses channel bonding, it not
compatible with 802.11b and (standard) 802.11g.
Only clients that support the Atheros Super G mode can
connect at 108Mbps; they will always connect at this speed.
Select this only if all wireless stations on the network support
the Atheros Super G mode.
3 In AP Mode, select the appropriate mode for the Access Point. Available
options include:
None Disables AP mode. If you want the Access Point to function as

a bridge only, select this option.
Access Point Sets the device as a regular access point
Client/Repeater Sets the device to function as a client or repeater for

another access point. If you select this option, you must also provide
the MAC address of the access point to which all traffic will be sent
under Repeater AP. Alternatively, if the other access point is currently
active, click Select AP, and select it from the list of detected access
points.
If you set the AP mode to Client/Repeater, you will not be able to use the
Bridge Mode.
4 To broadcast the Access Points SSID, verify that the Broadcast SSID check
box is selected.
To prevent unauthorized clients from detecting your SSID and attempting
to connect to the network, clear the Broadcast SSID check box. You can
54
do this to improve wireless security, especially if you have not defined a

list of trusted wireless stations.
5 In Bridge Mode, select the appropriate mode. The following options are
available:
None (disable) Disables bridge mode. Select this if you want the
Access Point to function as a regular access point only.
Point-to-Point Bridge (PTP) Functions as a bridge to a single access

point (see Figure 2 on page 9). If you select this option, you must also
provide the MAC address of the other access point in MAC Address
under PTP Bridge AP.
Point-to-Multi-Point Bridge (PTMP) Sets the Access Point as the

master for a group of access points in bridge mode (see Figure 27
on page 55).
For more information about setting the Access Point to PTMP bridge
mode, refer to Configuring PTMP Bridge Settings on page 55.
6 In Channel, select the wireless channel that you want the Access Point to
use. If set to Automatic, the Access Point will select the best available
channel.
Use of certain wireless channels is restricted in some countries. To ensure
that you are using only the approved channels, select your country from
the list of countries on the System screen. For information on the
channels approved by your country, refer to Channel Restrictions at
the end of this guide.
If you experience interference (some symptoms of which are unstable
connections or slow data transfers), try experimenting with other
channels that are allowed in your country and use that which has the
fastest connection speed.
55
Configuring PTMP Bridge Settings

Figure 27 PTMP Mode With the Access Point Set as Master
Wired
Network B
`
`
Slave,
Set to
PTP Mode
Wired
Network A
`
Statu
s
Powe
r
LA
N
Wire
les
WDS Link
Wired
Network C
Master,
Set to
PTMP Mode
atS
sut
oP
rew
NA
sse
ler
iW
WDS Link
Statu
s
Powe
r
LA
N
Wire
les
Slave,
Set to
PTP Mode
If you set the Access Point to PTMP bridge mode, you need to set the
other access points to PTP bridge mode, and specify the Access Points
MAC address in their PTP bridge access point settings. In this setup, all
traffic will be sent to the master access point.
56
Figure 28 PTMP AP List Screen
For increased security, you can restrict the access points that can bridge
with the OfficeConnect Wireless Access Point. To do this:
1 Under the Bridge Mode section of the Basic tab, select the In PTMP mode,
only allow specified APs check box.
2 Click Set PTMP APs. The PTMP AP List screen appears.
3 Type the MAC addresses of the access points that you want to bridge
with the OfficeConnect Wireless Access Point. You can specify up to
eight access points.
4 Click Save.
Advanced Wireless
Settings
57
Advanced wireless settings include basic rate options, wireless separation,

disassociation timeout, and beacon interval.
Figure 29 Advanced Wireless Settings Screen
Basic Rate
The basic rate is used for broadcasting. It does not determine the data
transmission rate, which is determined by the Mode setting on the
Basic screen. Available options for basic rate include:
802.11 (1, 2 Mbps)
802.11b (1, 2, 5.5, 11 Mbps)
802.11g (1, 2, 5.5, 11, 6, 12, 24 Mbps)
OFDM (6, 12, 24 Mbps)
Do not select the 802.11g or ODFM option unless all your wireless
stations support this. If either option is selected, 802.11b clients will not
be able to connect to the Access Point.
58
Options
Wireless Separation If selected, wireless stations that are associated

with the Access Point are invisible to other wireless stations. In most
business situations, this check box should be cleared.
Worldwide Mode (802.11d) Select this check box if you want to use
the 802.11d mode and your wireless stations support this mode.
Parameters
Disassociated Timeout This determines how quickly a wireless

station will be considered Disassociated with this AP, when no
traffic is received. Enter the desired time period.
Fragmentation Length Enter the preferred setting between 256 and

2346. Normally, this can be left at the default value.
Beacon Interval Enter the preferred setting between 20 and 1000.

Normally, this can be left at the default value.
RTS/CTS Threshold Enter the preferred setting between 256 and

2346. Normally, this can be left at the default value.
Preamble Type Select the desired option. The default is Long. The
Short setting takes less time when used in a good environment.
Output Power Level Select the desired power output. Higher levels
will give a greater range, but are also more likely to cause interference
with other devices.
802.11b
Protection Type Select the desired option. The default is CTS-only.
Short Slot Time Enable or disable this setting as required. The default
is Enabled.
Protection Mode The protection system is intended to prevent older

802.11b devices from interfering with 802.11g transmissions. (Older
802.11b devices may not be able to detect that an 802.11g
transmission is in progress.) Normally, this should be left at Auto.
Protection Rate Select the desired option. The default is 11 Mbps.
CONFIGURING THE WIRELESS

STATIONS
This chapter describes how to configure the wireless stations with the
appropriate security settings to ensure successful association with the
Access Point. It also provides information on how to configure other
devices, such as the RADIUS server, that may be required to support the
wireless security settings.
Configuration
Overview
For wireless stations on the network to be able to successfully associate

with the Access Point, their settings must be configured to match those
on the Access Point. The configuration of these settings depends on the
wireless security settings that have been set on the Access Point.
This chapter provides instructions for configuring wireless stations when
the Access Point is:
No Security
Set to No Security
Using WEP
Using WPA-PSK
Using WPA-802.1x
Using 802.1x
Using 802.1x Without WPA
If the Access Points wireless security settings are disabled, any wireless
station user that knows the SSID will be able to successfully associate
with it.
60
CHAPTER 4: CONFIGURING THE WIRELESS STATIONS
The only settings that must be configured on the wireless station are the
wireless mode and SSID. For more information on these settings, refer to
Table 12.
Table 12 Client Wireless Settings When Security Is Disabled
Setting
Description
Mode
Wireless station must be set to infrastructure mode (not ad

hoc mode)
SSID (ESSID)
This SSID must match an SSID that is specified on the Access

Point. The default SSID is 3Com.
NOTE: The SSID is case-sensitive.
For specific instructions on how to configure these settings, refer to the

documentation that came with the wireless network adapter that is
installed on the wireless station.
Using WEP
If you configured the Access Point to use WEP for encryption, the wireless
stations on the network must have matching settings to ensure successful
communication and association.
For information on the settings that must be configured for WEP, refer to
Table 13.
Table 13 Client Wireless Settings When Using WEP
Setting
Description
Mode
The wireless station must be set to infrastructure mode (not

ad hoc mode)
SSID (ESSID)
The SSID must match an SSID that is specified on the Access

Wireless Security
The wireless station must be set to use WEP for data

encryption.
The WEP key size (64 bit, 128 bit, 152 bit) must be set to
match the key size specified on the Access Point.
The WEP keys values on the wireless station must match

the key values on the Access Point.
NOTE: On some systems, the key sizes may be shown as 40

bit, 104 bit, and 128 bit instead of 64 bit, 128 bit and
152bit. This difference arises because the key input by the
user is 24 bits less than the key size used for encryption.
Using WPA-PSK
61

Using WPA-PSK
If you configured the Access Point to use WPA-PSK for encryption and
authentication, the wireless stations on the network must have matching
settings to ensure successful communication and association.
Table 14 lists the settings that must be configured on the wireless station
for WPA-PSK.
Table 14 Client Wireless Settings When Using WPA-PSK
Setting
Description
Mode

ad hoc mode)
SSID (ESSID)

Wireless Security
Wireless security on the station must be set to WPA-PSK.
The pre-shared key entered on the Access Point must also

be entered on each wireless station.
The encryption method (e.g. TKIP, AES) must be set to

match the Access Point

Using WPA-802.1x
Configuring the
RADIUS Server
With WPA-802.1x, wireless station users are authenticated and network

keys are managed by the RADIUS server. Therefore, after configuring the
Access Point to use WPA-802.1x, there are still two tasks that you need
to perform:
Configure the RADIUS server
Configure the wireless stations
The RADIUS server on your network must be configured as follows:
It must provide and accept certificates for user authentication.
62
A client logon account for the Access Point must be configured on the
RADIUS server.
Configuring the
Wireless Stations
The Access Point normally uses its default name as its client logon
name. However, the RADIUS server may ignore this and use the IP
address instead.
The shared secret value on the RADIUS server must match the
shared key that was configured on the Access Point.
The encryption settings on the RADIUS server must be correct.
After configuring the RADIUS server, configure the security settings on

the wireless stations so that they match the security settings specified on
the Access Point.
Table 15 lists the settings that you need to configure on the wireless
stations for WPA-802.1x
Table 15 Client Wireless Settings When Using WPA-802.1x
Setting
Description
Mode

ad hoc mode).
SSID (ESSID)

802.1x
Authentication
The wireless station must obtain a certificate, which it will to

authenticate itself with the RADIUS server.
802.1x Encryption
Normally, EAP-TLS is used for encryption. This is a dynamic

key system, so keys do not have to be entered on each
wireless station.
If preferred, you can also use a static WEP key (EAP-MD5) for
data encryption. The Access Point supports simultaneous use
of both encryption methods.

Using 802.1x
To use 802.1x for client authentication on your wireless network, you

need to:
Set up a Microsoft Internet Authentication Server as RADIUS server
Using 802.1x
Setting Up Microsoft
IAS as RADIUS Server
63
Configure the wireless stations for 802.1x
This section describes using Microsoft Internet Authentication Server as

the RADIUS Server, since it is the most common RADIUS server available
that supports the EAP-TLS authentication method.
The following services on the Windows 2000 Domain Controller (PDC)
are also required:
DHCPD
DNS
RRAS
Web server (IIS)
RADIUS server (Internet Authentication Service)
Certificate Authority
To set up a Microsoft Internet Authentication Server as the RADIUS

server, you need to perform the following tasks:
1 Set up a Windows 2000 Domain Controller
2 Install the required services
3 Configure the DHCP server
4 Set up the certificate authority server
5 Configure the Internet Authentication Service
6 Configure remote access logon for users
Setting Up a Windows 2000 Domain Controller
1 On the Windows 2000 Server, open a command prompt.
2 Run dcpromo.exe.
3 Follow all of the default prompts, and then ensure that DNS is installed
and enabled during installation.
Take note of the domain name that you specify during installation. You
will need this information in Configuring the DHCP Server.
64
Installing the Required Services

1 From the Start menu, click Control Panel.
2 Double-click Add/Remove Programs.
3 Click Add/Remove Windows Components.
4 Verify that the following components are selected:
Certificate Services After enabling this, you will see a warning that
the computer cannot be renamed and joined after installing certificate
services. Click Yes to select certificate services and continue.
World Wide Web Server Select World Wide Web Server on the
Internet Information Services (IIS) component.
From the Networking Services category, select Dynamic Host

Configuration Protocol (DHCP), and Internet Authentication Service.
DNS should already be selected and installed.
Figure 30 Windows Component Wizard
5 Click Next. The Certification Authority Type screen appears.

6 Click Enterprise root CA, and then click Next. The CA Identifying
Information screen appears.
Using 802.1x
65
7 Type the required the information for the Certificate Authority, and then
click Next.
Figure 31 CA Identifying Information Screen
8 Click Next to use the CAs default configuration. Windows setup displays
a warning message that IIS is running and must be stopped before
continuing.
9 Click OK, and then click Finish.
Configuring the DHCP Server
1 From the Start menu, point to Programs > Administrative Tools, and then
click DHCP.
2 Right-click the server name, and then click New Scope.
66
Figure 32 DHCP Dialog Box
3 When the New Scope wizard starts, click Next.

4 Type a name and description for the scope, and then click Next.
5 Define the IP address range. Change the subnet mask if necessary. Click
Next when done.
Using 802.1x
67
Figure 33 IP Address Range Screen
6 Add exclusions in the address fields if required. If no exclusions are

required, leave it blank. Click Next.
7 Change the Lease Duration time, if necessary, and then click Next.
8 Select Yes, I want to configure these options now, and click Next.
9 Type the router address for the current subnet. If there is no router on the
network, leave the router address blank. Click Next.
10 In the Parent domain, type the domain name you specified during the
domain controller setup, and then in IP address, type the server's address.
Click Next.
11 If you do not have a WINS server on the network, simply click Next.
12 Select Yes, I want to activate this scope now.
13 Click Next, and then click Finish.
14 Right-click the server name, and then click Authorize.
68
Setting Up the Certificate Authority Server

click Certification Authority.
2 On the Certification Authority screen, right-click Policy Settings, point to
New, and then click Certificate to Issue.
Figure 34 Certification Authority Screen
3 Hold down the Ctrl key, and then on the Select Certificate Template
screen, click Authenticated Session and Smartcard Logon.
4 Click OK.
click Active Directory Users and Computers. The Active Directory Users
and Computers screen appears.
6 Right-click on your active directory domain, and then click Properties.
7 Click the Group Policy tab, click Default Domain Policy, and then click
Edit.
Using 802.1x
69
Figure 35 Group Policy Tab
8 Under the Default Domain Policy tree, click Computer Configuration >
Windows Settings > Security Settings > Public Key Policies.
9 Under Public Key Policies, right-click Automatic Certificate Request
Settings, point to New, and then click Automatic Certificate Request.
The Automatic Certificate Request Setup Wizard appears.
10 Click Next.
11 Click Computer, and then click Next.
70
Figure 36 Automatic Certificate Request Setup Wizard
12 Verify that your certificate authority is selected, and then click Next.
13 Review the policy change information, and then click Finish.
14 From the Start menu, click Run, and then enter cmd. A command prompt
appears.
15 Enter secedit /refreshpolicy machine_policy
It may take a few minutes for this command to take effect.
Setting Up the Internet Authentication Service (RADIUS)
click Internet Authentication Service. The Internet Authentication Service
screen appears.
2 Right-click Clients, and then click New Client.
3 Type a name for the Access Point, and then click Next.
4 Type the address or name of the Access Point, and then set the shared
secret. This shared secret must be the same as the shared key that you
specified on the Access Point.
5 Click Finish.
Using 802.1x
71
6 Right-click Remote Access Policies, and then click New Remote Access
Policy.
7 Assuming that you are using EAP-TLS, name the policy eap-tls, and then
click Next. The Select Attribute screen appears.
8 Click Add. If you do not want to set any restrictions, click
Day-And-Time-Restrictions, and then click Add.
9 Click Permitted, click OK, and then click Next.
10 Click Grant remote access permission, and then click Next.
11 Click Edit Profile, and then click the Authentication tab. The Edit Dial-in
Profile screen appears.
12 Select the Extensible Authentication Protocol check box, and then select
Smart Card or other Certificate from the drop-down menu.
Figure 37 Edit Dial-in Profile Screen
13 Clear the check boxes for other authentication methods, and then click
OK.
72
14 To display the help file for EAP, click Yes.

15 Click Finish.
Configuring Remote Access Logon for Users
click Active Directory Users and Computers.
2 Double-click the user name that you want to grant remote access.
3 Click the Dial-in tab, and then click Allow access under Remote Access
Permission (Dial-in or VPN).
Figure 38 User Properties Dialog Box
4 Click OK.
Setting Up Windows
XP for 802.1x
Windows XP ships with a complete 802.1x client implementation. If the

wireless stations on your network are running Windows 2000, you can
Using 802.1x
73
ask users to install the Windows 2000 Service Pack 3 to gain the same
functionality.
If your wireless stations are running neither Windows XP nor Windows
2000, they need to use the 802.1x client software provided with the
wireless adapters. For information on how to set up and configure the
802.1x client software for these adapters, refer to the documentation for
the wireless adapters.
The following procedures assume that:
You are using Windows XP.
You are connecting to a Windows 2000 Server for authentication.
You already have a logon account (user name and password) on the
Windows 2000 Server.
To set up Windows XP for 802.1x authentication, you need to perform

the following tasks:
1 Generate a client certificate
2 Set up 802.1x authentication
Generating a Client Certificate
1 Connect to a network that does not require port authentication.
2 Start your Web browser.
3 In the Address or Location bar, enter the IP address of the Windows 2000
Server, followed by /certsrv. For example, if the IP address of the
Windows 2000 Server is 192.168.0.2, type
http://192.168.0.2/certsrv.
An authentication dialog box appears.
4 Type the user name and password for your client account on the
Windows 2000 Server, and then click OK.
5 On the Welcome screen of Microsoft Certificate Services, click Request a
certificate, and then click Next. The Choose Request Type screen appears.
74
Figure 39 Welcome Screen of Microsoft Certificate Services
6 Click User certificate request, select User Certificate, and then click Next.
7 Click Submit. A message appears, and then the Certificate Issued screen
appears.
8 Click Install this certificate. A confirmation message appears.
9 Click Yes.
Certificate setup is now complete.
Setting Up 802.1x Client Authentication
1 From the Start menu, point to All Programs > Connect To, and then click
Network Connections.
2 Right-click Wireless Network Connection, and then click Properties. The
Wireless Network Connection Properties screen appears.
Using 802.1x
75
Figure 40 Wireless Network Connection Properties Screen
3 Click the Authentication tab.

4 Verify that the Enable network access control using IEEE 802.1X check
box is selected.
5 In EAP type, verify that Smart Card or other Certificate is selected.
Configuring the Encryption Settings
By default, Windows XP automatically detects available wireless networks
and allows you to configure each network independently. Configure the
encryption settings on the wireless station to match those on the Access
Point.
802.1x networks normally use EAP-TLS. This is a dynamic key system, so
there is no need to enter key values.
76
Enabling Encryption
To enable encryption for a wireless network:
1 Click the Wireless Networks tab.
Figure 41 Wireless Networks Tab
2 From the list of available networks, click the SSID for the Access Point,
and then click Configure.
3 On the Wireless Network Properties screen, specify the SSID for the
Access Point, and then configure the wireless network key settings.
For example, if you need to use EAP-TLS:
Select the Data encryption (WEP enabled) check box.
Select the The key is provided for me automatically check box.
Using 802.1x Without WPA
77
Figure 42 Wireless Network Properties Screen
4 Click OK.
Windows XP configuration for 802.1x is now complete.
Using 802.1x
Without WPA
The procedure for setting up 802.1x without WPA is almost the same as
for WPA-802.1x. The only difference is that on the wireless station, the
The key is provided for me automatically check box (see Figure 42) must
not be selected. Instead, the user must manually enter a WEP key that
matches the WEP key specified on the Access Point.
To set up 802.1x, follow the procedures in Using 802.1x starting on
page 62, except for the difference mentioned above.
On some systems, the 64 bit WEP key is shown as 40 bit, and the
128 bit WEP key is shown as 104 bit. This difference arises because
the key entered by the user is 24 bits less than the key size used for
encryption.
78
PERFORMING ADDITIONAL
ADMINISTRATIVE TASKS
This chapter provides information on other tasks that you can perform
after setting up and configuring the Access Point and wireless stations.
Configuring
Administrator
Access
To prevent unauthorized users from gaining access to the Web interface,

3Com recommends that you:
Change the default logon account and change the admin password
periodically
Configure admin connections
80
CHAPTER 5: PERFORMING ADDITIONAL ADMINISTRATIVE TASKS
Figure 43 Configure Administrator Access on the Admin Login Screen
Changing the Default

Logon Account
To prevent unauthorized users from accessing the Web interface and

modifying your settings, 3Com recommends that you change the default
logon account.
1 On the menu, click Management.
2 On the Admin Login tab under Login, edit the logon settings.
To change the admin user name, type a new name in User name.
To change the admin password, select the Change Admin Password

check box, and then type a new password in New Password. Retype
that password in Repeat New Password.

Configuring Admin
Connections
Use the Admin Connections section of the Admin Login screen to restrict
access to the Web interface and to specify the protocols that can be used
to connect to it.
2 On the Admin Login tab, under Admin connections, configure the
following options:
Viewing Information About the Device
81
Allow Admin connections via wired Ethernet only Select this check
box to prevent wireless access to the Web interface.
Enable HTTP Admin connections Select this check box to allow

admin connections via HTTP. If you enable this type of admin
connection, you also need to type the port number in HTTP Port
Number.
Enable HTTPS (secure HTTP) Admin connections Select this check

box to allow admin connections via HTTPS. If you enable this type of
connection, you also need to type the port number in HTTPS Port
number.
To ensure that you can always connect to the Web interface, you must
keep at least one of these admin connection types enabled.
Enable Management via Telnet Select this check box to connect to

the Access Point using a Telnet client. When connecting to the Access
Point via Telnet, use the same logon information (user name and
password) as for an HTTP (Web) connection.
3 Click Save.
Viewing
Information About
the Device
Viewing the Device

Status
There are three types of status information that you can view on the
Access Point:
Device status
Summary of profiles
Associated wireless stations
On the menu, click Status. Information about the current device status
and components appears on the Status tab.
The following tables list the information that you can view on the Status
tab.
Table 16 Access Point Information
Field
Description
Access Point Name
Displays the current server name; default name is on the

base sticker of the device
MAC Address
Displays the MAC or physical address of the device
82
Table 16 Access Point Information

Field
Description
Domain
Displays the current country or domain. If this is not

configurable on the System screen, this means this is the only
region for which the device is licensed for use.
Firmware Version
Displays the version of the firmware that is installed
Table 17 TCP/IP Settings

Field
Description
IP Address
Displays the IP address that is currently assigned to the device
Subnet Mask
Displays the network (or subnet) mask for the assigned IP

address
Gateway
Displays the gateway IP address for the local network to

which the device is connected. For the Access Point and
wireless stations to successfully communicate, they must
have the same gateway IP address.
DHCP Client
Indicates whether the current IP address was obtained from

a DHCP server on the network. Possible values include
Enabled, Disabled, and DHCP Server unreachable,
resetting back to Default IP.
Table 18 Wireless Settings
Viewing Profiles
Field
Description
Channel/Frequency
Displays the wireless channel that is currently is use
Wireless Mode
Displays the current wireless mode (for example, 802.11g)
AP Mode
Displays the current access point mode. Possible values

include Disabled, AP, and Client/Repeater.
Bridge Mode
Displays the current bridge mode. Possible values include

Disabled, PTP, and PTMP.
To view a summary of the all current profiles (both enabled and disabled):
1 On the menu, click Status.
2 Click the Profiles tab.
Information about all current profiles, including the profile name, SSID,
security settings, status, and the number of currently associated clients,
appears on the Profiles tab.
83
Figure 44 Profiles Screen
Viewing Associated
Wireless Stations
To view the list of currently associated wireless stations:

2 Click the Stations tab.
Information about all currently associated stations, including the
computer name, SSID, MAC address, mode, SSID to which it connected,
and current status, appears on the Stations tab.
Working with Logs
The Access Point keeps a record of devices activities such as system

startup, and client association and disassociation.
The maximum log file size that the Access Point can store is 30 KB. If the
accumulated log records reach this file size, the Access Point
automatically clears all log records.
Viewing Logs
3Com recommends checking the logs periodically to determine if the
device is working properly.
84
To view the Access Point logs:

2 Click the Logs tab.
Log information appears on the Logs screen, displaying:
Client connection information, including the date and time when

clients were authenticated, associated, disassociated, and
disassociated
System information, including the date and time when the device was
started
The date and time displayed in the Access Point logs are queried from a
public Network Time Protocol (NTP) time server on the Internet. The time
zone is set when you select your country/domain on the System screen.
For the logs to show the correct date and time, select your country from
the list and make sure the Access Point is connected to a local network
that has an Internet connection.
Figure 45 Viewing Log Entries
Saving and Clearing Log Entries

If you want to keep a copy of the log entries that are recorded on the
Access Point, you can periodically save the logs to a file. You can view the
log file that you just saved using a text editor (for example, Notepad).
85
If you have a syslog server on the network, you can automate this process
by configuring the Access Point to forward its log entries to the syslog
server. For information, refer to Sending Device Logs to a Syslog Server
on page 88.
To save the logs to a file:
1 On the Log screen, click Save to File. The File Download dialog box
appears.
2 Click Save, and then choose as location on local disk.
3 Rename the file, if necessary. The default file name is ap11g.log.
4 Click Save.
To purge logs that are currently saved on the device, click Clear Log. The
screen refreshes, and then displays a blank Log screen.
Viewing Device
Statistics
Figure 46 Statistics Screen
To view statistics about the device:

2 Click the Statistics tab.
86
Information that is displayed on the Statistics screen is described in the

following tables.
Table 19 Device Statistics
Working with the

Configuration File
Field
Description
Up Time
Displays how long the Access Point has been running since
the last restart or reboot
Authentication
Displays the number of authentication packets received.

Authentication is the process of identification between the
Access Point and a wireless station.
Deauthentication
Displays the number of deauthentication packets received.

Deauthentication is the process of ending an existing
authentication relationship.
Association
Displays the number of association packets received.

Association creates a connection between the Access Point
and the wireless station. Wireless stations normally associate
with only one access point at any time.
Disassociation
Displays the number of disassociation packets received.

Disassociation breaks the existing connection between the
Access Point and the wireless station.
Reassociation
Displays the number of reassociation packets received.

Reassociation is the service that enables an established
association from one Access Point to another.
MSDU
Displays the number of valid data packets (at the application

level) that have been sent to or received from wireless
stations
Data
Displays the number of valid data packets (at the driver level)
that have been sent to or received from wireless stations
Multicast Packets
Displays the number of broadcast packets that have been

sent to or received from wireless stations, using multicast
transmission.
Management
Displays the number of management packets that have been

sent to or received from wireless stations
Control
Displays the number of control packets sent to or received

from wireless stations
Access Point settings are saved to a configuration file that is stored on the
device. To ensure that you can easily restore your settings if the
configuration file becomes corrupt for any reason, 3Com recommends
backing up the configuration file.
Working with the Configuration File
87
Use the Config File screen under Management to back up the

configuration file and to restore your settings from a configuration
backup.
Figure 47 Config File Screen
Backing Up the
Configuration File
To back up the configuration file:

2 Click the Config File tab.
3 Click Backup. The File Download dialog box appears.
4 Click Save. The Save As dialog box appears.
5 Choose a location on the local disk where to save the backup. Change
the default file name, if necessary. The default file name is ap11g.cfg.
6 Click Save.
88
Restoring Settings
from a Backup
To restore settings from a backup file:

1 On the Config File screen, click Browse under Restore. The Choose file
dialog box appears.
2 Click the backup file, and then click Open.
3 Click Restore. A warning message appears.
Restoring settings from a backup will erase all the current settings.
4 Click OK.
The Access Point reads the backup file, writes the settings to memory,
and then restarts itself.
Restoring Settings to
Factory Defaults
To erase the current settings and restore the original factory default
settings, click Set to Defaults on the Config File screen.
Restoring settings to factory defaults all the current settings.
Resetting to default requires the Access Point to restart itself. The device
will terminate your connection to the Web interface when it restarts.
By default, the Access Point acts as a DHCP client. If there is a DHCP
server on the network, the device will automatically obtain an IP address
from it. The new IP address will most likely be different from the old one.
Use the 3Com Access Point Manager to determine the new IP address.
Sending Device
Logs to a Syslog
Server
If you have a syslog server on the network, you can configure the Access
Point to send the device logs to the server.
To send the device logs to a syslog server:
2 Click the Log Settings tab.
3 Click one of the following options:
Broadcast Broadcasts the device logs. Click this option if different

computers function as the syslog server at different times.
Send to <IP address> Sends the device logs to a particular server.

Click this option if only one computer is configured as the syslog
server on the network.
Configuring the SNMP Agent
89
To disable sending of the device logs to a syslog server, click Disable.

Figure 48 Sending Device Logs to a Syslog Server
4 In Minimum Severity Level, specify the type of log information that will be
sent to the syslog server. Available options include:
1 - Alert Send only very important alert information to the syslog

server
2 - Critical
3 - Error
4 - Warning
5 - Notice
6 - Informational
5 Click Save.
Configuring the
SNMP Agent
An SNMP manager application gains access to the Access Points SNMP

agent if the management application has the Access Points IP address.
To ensure security when SNMP is used, the SNMP agent can be
configured as read-only, read-write, or disabled. The Access Point sends
specific traps for some conditions. Supported SNMP trap versions include
1 and 2c.
90
Figure 49 SNMP Screen
To configure the SNMP agent that is built into the Access Point:
2 Click the SNMP tab.
3 Select the Enable SNMP check box.
4 In Community, type the name SNMP community name (normally, either
Private or Public).
5 In Access Rights, select either:
Read-only Allows get and trap operations; data can be read, but not
changed
Read/Write Allows get, set, and trap operations; data can be read,
and setting changed
6 In Managers, specify a trap manager. You can set:
Any Station
Only this Station Send traps to a specific computer. If you select this
option, you also need to type the IP address of the computer.
7 In Traps, specify how the traps will be sent. You can select:
Upgrading the Firmware
91
Broadcast Broadcast traps to the network, making them available on

any computer on the network
Send to Send only to the specified computer. If you select this

option, you also need to type the IP address of the computer.
8 In Trap Version, select the version that is supported by your SNMP server.
9 Click Save.
Upgrading the
Firmware
The upgrade function allows you to install on the Access Point any new
firmware releases that 3Com may make available. To install the new
firmware, you first need to download the firmware from the 3Com
support Web site to the admin computer.
Although the upgrade process has been designed to preserve your
configuration settings, 3Com recommends that you make a backup of
the configuration beforehand, in case the upgrade process fails for any
reason. For example, if the connection between the computer and the
Access Point is lost while the new software is being copied to the Access
Point, your configuration settings may be erased.
After downloading the firmware upgrade to the admin computer, do the
following to upgrade the firmware on the Access Point:
1 Start the Web interface.
3 Click the Upgrade Firmware tab.
4 Click Browse, and then locate and select the firmware upgrade you
downloaded.
Figure 50 Click Browse to Select the Firmware Upgrade
5 Click OK.
The Access Point installs the firmware upgrade. When upgrade is
complete, the Access Point restarts itself.
92
The upgrade process can take up to two minutes, and is complete when
the Status LED has stopped flashing and is permanently off. Make sure
that you do not interrupt power to the Access Point during the upgrade
process; if you do, the software may be corrupted and the Access Point
may not start up properly afterwards.
Automating
Updates and
Configuration
To simplify device management, the Access Point integrates both auto

update and auto configure features. Using auto update, you can
configure the Access Point to automatically check an FTP server for
available firmware updates. Auto configuration, on the other hand, lets
the Access Point to automatically copy the configuration settings of
another compatible access point.
Figure 51 Auto Config/Update Screen
Automating
Configuration
When you set the Access Point to automatically copy the settings of a
compatible access point, it will only copy the configuration settings.
Other settings, such the IP address and operating mode (repeater or
bridge mode) will not be copied.
Automating Updates and Configuration
93
To automate configuration:
1 On the menu, click Advanced.
2 Click the Auto Config/Update tab.
3 Under Auto Config, select the Perform Auto Configuration on this AP
next restart check box.
4 To allow other access points (that are also set to auto config) to copy the
Access Points configuration, select the Respond to Auto-configuration
request by other AP check box.
To allow other access points to copy the admin logon account (name
and password), select the Provide admin login name and password
check box.
To allow other access points to copy the Access Points settings for
responding to auto config requests, select the Provide Respond to
Auto-configuration setting check box.
5 Click Save.
At the next restart, the Access Point will search the wired (not wireless)
network for compatible access points. If it finds a compatible access
point, it will copy its configuration settings. If it finds more than one
compatible access point, it will copy the configuration of the first that
was detected.
After the Access Point successfully copies another access points
configuration, it automatically clears the Perform Auto Configuration on
this AP next restart check box. This is to prevent the device from
performing auto config at every restart.
Automating Updates
If you have multiple OfficeConnect Wireless 108 Mbps 11g PoE Access
Points installed on the network and you want to automate firmware
upgrades, you can use auto update to simplify the process. When auto
update is enabled and configured, the Access Points will periodically
check the specified FTP, and download and install any available updates.
2 Click the Auto Config/Update tab.
3 Under Auto Update, select the Check for Firmware upgrade every [ ] days
check box.
4 Specify which firmware version to install. You can click:
94
Install FW if different version found Installs any firmware on the FTP

server with a different version number, regardless of whether it is
newer or older than the one installed
Install later version only Checks only for firmware versions that are
newer than the one installed
5 In FTP Server address, type the domain name or IP address of the FTP
server on which you will store firmware updates.
6 In Firmware pathname, type the full path (including the file name) to the
firmware file on the FTP server.
7 In FTP Login Name, type a logon name that is authorized to access the
FTP server.
8 In FTP Password, type the password for the logon name.
9 Click Save.
Detecting Rogue
Access Points
A rogue access point is an unauthorized access point on the network.

Having rogue access points on the network poses a security risk, since it
can be used as a backdoor to gain access to your network and,
consequently, the devices on it.
The Access Point can help you detect two types of rogue access points:
Access points that are not using any wireless security
Access points that are not in your list of authorized access points
Detected rogue access points are recorded into the log file. If you are an
SNMP server on the network, you can configure it to generate a trap
whenever a rogue access point is detected.
Detecting Rogue Access Points
95
Figure 52 Rogue AP Detection Screen
To enable detection of rogue access points:

2 Click the Rogue AP Detection tab.
3 Select the Enable Rogue AP Detection check box.
4 In Scan every..., set the interval (in minutes) at which the Access Point will
automatically search for rogue access points.
5 If you have an SNMP server on the network and you want to generate a
trap whenever a rogue access point is detected, select the Detection
generates SNMP trap check box.
6 Specify the criteria by which a detected access point will be considered
rogue. Select either or both of these check boxes:
No Security If detected access point does not have wireless security

enabled, it will be considered as rogue
No in Legal IP List If the detected access point is not in the list of

authorized access points, it will be considered as rogue.
If you select this check box, you need to manually enter the MAC
addresses of authorized access points. To do this, click Define Legal AP
List, and then enter the MAC addresses of the authorized access
points on the network.
7 Click Save.
96
Viewing Detected
Rogue Access Points
On the Advanced screen, click Rogue AP List. The screen displays

information about unauthorized access points on the network, including
why it was detected as rogue.
Table 20 Rogue Access Point List
The following information is available in the Rogue Access Point List

screen:
SSID Displays the SSID that the rogue access point is broadcasting to
the network
MAC Address Displays the MAC or physical address of the rogue

access point
Channel Displays the wireless channel that the rogue access point is
using
Cause Displays the reason why the access point was considered as
rogue. Possible reasons include:
Insecurity Access point does not have wireless security settings

enabled
Illegal Access point is not included in the list of authorized access
points
TROUBLESHOOTING
This chapter lists some issues that you may encounter while installing,
configuring, and using the Access Point, and provides information on
how to resolve them.
Basic Connection
Checks
Cannot Connect to
the Wireless Access
Point to Configure
It
Verify that the Access Point is connected to your switch or hub and
that all the equipment is powered on. Check that the LAN LED is on,
and that any corresponding LEDs are also illuminated.
Ensure that the computers have completed their startup procedure

and are ready for use. Some network interfaces may not be correctly
initialized until the startup procedure has completed.
If the LAN LED is not on, check if the cable you are using is not faulty.
Try a different cable. Check also that the Uplink/Normal switch on the
hub or switch is in the correct position.
Check the following:
The Access Point is properly installed, LAN connections are OK, and it
is powered on. Check the LEDs for port status.
Ensure that the admin computer and the Access Point are on the same
network segment.
If the admin computer is set to Obtain an IP Address automatically

(DHCP client), restart it.
98
CHAPTER 6: TROUBLESHOOTING
Forgotten
Password and Reset
to Factory Defaults
If you can browse to the Access Point configuration screen but cannot log
on because you have forgotten the password, follow the steps below to
reset the Access Point to its factory default configuration.
All your configuration changes will be lost, and you will need to run the
configuration wizard again before you can re-establish your wireless
network. All other computer users will lose their network connections
whilst this process is taking place, so choose a time when this would be
convenient.
1 Power off the Access Point.
2 Hold down the Reset button on the rear of the unit and re-apply power
to the Access Point. The Status LED will flash as the Access Point starts
up, and after approximately 30 seconds will start to flash more slowly
(typically 2 seconds on, 2 seconds off).
3 Keep Reset button held down and remove power from the Access Point.
4 Release the Reset button.
5 Re-apply power to the Access Point, and when the startup sequence has
completed, browse to the IP address of the Access Point and run the
configuration wizard. You may need to restart your computer before you
attempt this.
6 When the configuration wizard has completed, you may reconnect your
network as it was before.
Wireless Station
Cannot Connect to
the LAN via the
Access Point
Check the following:
The SSID and WEP settings on the wireless station match the settings
on the Access Point.
The wireless station is set to infrastructure mode, not ad hoc mode.
If MAC address-based access control is enabled, that wireless stations

MAC address is included in the list of trusted stations.
If using 802.1x mode, that the wireless stations 802.1x software is

configured correctly. See Using 802.1x on page 62 for information
on setting up Windows XP for 802.1x. If the wireless station is running
on a different Windows platform, refer to the documentation
provided with the 802.1x software.
TECHNICAL SPECIFICATIONS
This appendix lists the technical specifications for the OfficeConnect

Wireless 108 Mbps 11g PoE Access Point.
Hardware
Specifications
Table 21 Hardware Specifications

Component
Description
CPU
AR2312
Radio-on-chip
AR2112
DRAM
8 MB
Flash ROM
2 MB
Ethernet port
1 x Auto-MDIX RJ-45 for 10/100Mbps Ethernet
Wireless interface
Embedded Atheros solution
Network Standard IEEE 802.11b (Wi-Fi) and IEEE

802.11g compliance
OFDM; 802.11b: CCK (11 Mbps, 5.5 Mbps), DQPSK (2

Mbps), DBPSK (1 Mbps)
Operating Frequencies 2.412.2.497 GHz
Operating Channels 802.11g: 11 for North America, 13

for Europe (ETSI), 13 for Japan
802.11b: 11 for North America, 14 for Japan, 13 for
Europe (ETSI)
Operating temperature 0 C to 40 C
Storage temperature
-20 C to 70 C
Power adapter
24VDC 300ma
PD classification
characteristics
DUT observed to present a classification signature of Class

3 for both Mode A and Mode B (Mode A 4.67 W Pport
4.8 W)
Dimensions
141mm (W) x 100mm (D) x 27mm (H)
100
APPENDIX A: TECHNICAL SPECIFICATIONS
Wireless
Specifications
Table 22 Wireless Specifications

Specification
Description
Receive sensitivity at
11 Mbps
min. -85dBm
Receive sensitivity at
5.5 Mbps
min. -89dBm
Receive sensitivity at 2
Mbps
min. -90dBm
Receive sensitivity at 1
Mbps
min. -93dBm
Maximum receive level min. -5dBm

Transmit power
18 dBm
Modulation
Direct Sequence Spread Spectrum BPSK/QPSK/CCK
Wireless Specifications
Table 22 Wireless Specifications

Specification
Description
Operating range
802.11b
Indoors
30 meters (100 ft) @ 11 Mbps
50 meters (165 ft) @ 5.5 Mbps
9 1 meters (300 ft) @ 1 Mbps
Outdoors
270 meter (885 ft) @ 5.5 Mbps
802.11g
Indoors
Outdoors
101
102
Software
Specifications
Table 23 Software Specifications

Specification
Description
Wireless
Access point support
Roaming supported
IEEE 802.11g/11b compliance
Super G (up to 108Mbps)
Auto-sensing open system/shared key authentication
Wireless channels support
Automatic wireless channel selection
Antenna selection
Tx power adjustment
Country selection
Preamble type: long or short support
RTS threshold adjustment
Fragmentation threshold adjustment
Beacon interval adjustment
SSID assignment
Common AP, client/repeater AP
Peer-to-peer bridge, point-to-multipoint bridge
Operating mode
Bridge mode can be used simultaneously with common AP

mode.
Security
Open, shared, WPA, and WPA-PSK authentication
802.1x support
EAP-TLS, EAP-TTLS, PEAP
Block inter-wireless station communication
Block SSID broadcast
Software Specifications
Table 23 Software Specifications

Specification
Description
Management
Web-based configuration
RADIUS accounting
RADIUS-on feature
RADIUS accounting update
CLI
Message log
Access control list file support
Configuration file backup and restore
Statistics support
Device discovery program
Windows utility
DHCP client
WINS client
Rogue AP detection
Auto configuration
Auto firmware update
Other features
Firmware upgrade
HTTP, FTP network protocol download
103
104
COMMAND LINE REFERENCE
This appendix describes how to use Telnet and the serial port (RS232) to
access the command line interface (CLI) for configuration. It also provides
a complete list of all commands that can be executed at the CLI. You can
use the CLI to create scripts that automate basic configuration changes.
Use the CLI to configure the Access Point only if you are an advanced user
with previous experience in using the command interface. Incorrect
commands executed at the CLI may delete the settings on the Access
Point.
Connecting to the
CLI via Telnet
To use Telnet session to gain access to the CLI, the computer that you are
using must have a TCP/IP stack. This computer can be on either the wired
or wireless local network.
To connect to the CLI via Telnet:
1 From the command prompt, telnet to the Access Points IP address. For
example, if the Access Point is using its default IP address
(192.168.0.228), enter Telnet 192.168.0.228.
A prompt appears for the user name and password.
2 Enter your logon name and password. These are the same as the user
name and password that you use for the Web interface.
The default user name is admin, and the default password is password.
Once connected, you can use any of the commands listed in Command
Reference starting on page 108.
106
APPENDIX B: COMMAND LINE REFERENCE
Connecting to the
CLI via the Serial
Port
To connect to the CLI via the serial port:
1 Using a standard serial port cable, connect your computer to the serial
(RS232) port on the Access Point.
2 Start your communications program. For example, in Windows, you can
use HyperTerminal.
If HyperTerminal is not installed on your computer, open Add/Remove
Programs in Control Panel. And then, click Windows Setup or
Add/Remove Windows Components (depending on your version of
Windows). Select the check box for HyperTerminal, and then click OK to
install it.
3 Configure the connection properties:
In Name, assign a name to this connection to the Access Point.
In Port or Connect Using, select the serial port to which the cable is
connected. Do not select your modem.
In Port Settings, specify the following settings:
In Bits per second, select 9600.
In Data bits, select 8.
In Parity, select None.
In Stop bits, select 1.
In Flow control, select Hardware.
Connecting to the CLI via the Serial Port
107
Figure 53 COM Port Properties Screen
4 Click Apply, and then click OK.

5 Click Connect to start the connection. A prompt for the user name and
password appears.
6 Enter your logon name and password. These are the same as the user
name and password that you use for the Web interface. The default user
name is admin, and the default password is password.
The command prompt appears. You are now connected to the Access
Point via the serial port. Once connected, you can use any of the
commands listed in Command Reference starting on page 108.
Cable Pinouts for
Serial Connectors
Figure 54 and Figure 55 describe the connector pinout assignments for

the cables that you can use to connect via the console port.
108
Figure 54 Pinouts for 9-pin to RS-232 25-pin
Access Point
Cable Connector:
9-Pin Female
Screen
TxD
RxD
Ground
RTS
CTS
DSR
DCD
DTR
PC/Terminal
Cable Connector:
25-Pin Male/Female
Shell
3
2
5
7
8
6
1
4
1
3
2
7
4
20
5
6
8
Screen
RxD
TxD
Ground
RTS
DTR
CTS
DSR
DCD
Figure 55 Pinouts for 9-pin to 9-pin
Access Point
Cable Connector:
9-Pin Female
Screen
DTR
TxD
RxD
CTS
Ground
DSR
RTS
DCD
Command
Reference
PC-AT Serial Port

Cable Connector:
9-Pin Female
Shell
4
3
2
8
5
6
7
1
Shell
1
2
3
4
5
6
7
8
Screen
DCD
RxD
TxD
DTR
Ground
DSR
RTS
CTS
Table 24 lists all the commands that you use on the Access Point through
the CLI.
Table 24 Console Commands
Command
Description
Display CLI command list
admin
Temporary factory admin
config wlan
config wlanX
Command Reference
109

Command
Description
config profile
Configure profile
del acl
Delete access control list
del key
Delete encryption key
find bss
Find BSS
find channel
Find available channel
find all
Find all BSS
format
Format flash file system
bootrom
Update boot rom image
ftp
Software update via FTP
get 11gonly
Display 11g only allowed
get 11goptimize
Display 11g optimization level
get 11goverlapbss
Display overlapping BSS protection
get acl
Display access control list
get aging
Display aging interval
get antenna
Display antenna diversity
get association
Display association table
get authentication
Display authentication type
get autochannelselect
Display auto channel select
get basic11b
Display basic 11b rates
get basic11g
Display basic 11g rates
get beaconinterval
Display beacon interval
get burstSeqThreshold
Display max number of frames per burst
get burstTime
Display burst time
get calibration
Display noise and offset calibration mode
get cckTrigHigh
Display higher trigger threshold for CCK phy errors

for ANI control
get cckTrigLow
Display lower trigger threshold for CCK phy errors

for ANI control
get cckWeakSigThr
Display ANI parameter for CCK weak signal

detection threshold
get channel
Display radio channel
get cipher
Display encryption cipher
get compproc
Display compression scheme
get compwinsize
Display compression window size
110

Command
Description
get config
Display current AP configuration
get countrycode
Display country code
get ctsmode
Display CTS mode
get ctsrate
Display CTS rate
get ctstype
Display CTS type
get domainsuffix
Display domain name server suffix
get dtim
Display data beacon rate (DTIM)
get enableANI
Display adaptive noise immunity control on/off
get encryption
Display encryption mode
get extendedchanmode
Display extended channel mode
get firStepLvl
Display ANI parameter for FirStepLevel
get fragmentthreshold
Display fragment threshold
get frequency
Display radio frequency (MHz)
get gateway
Display gateway IP address
get gbeaconrate
Display 11g beacon rate
get gdraft5
Display 11g draft 5.0 compatibility
get groupkeyupdate
Display group key update interval (in seconds)
get hardware
Display hardware revisions
get hostipaddr
Display host IP address
get ipaddr
Display IP address
get ipmask
Display IP subnet mask
get keyentrymethod
Display encryption key entry method
get keysource
Display source of encryption keys
get login
Display logon user name
get minimumrate
Display minimum rate
get nameaddr
Display IP address of name server
get nf
Display noise floor
get noiseImmunityLvl
Display ANI parameter for noise immunity level
get ofdmTrigHigh
Display higher trigger threshold for OFDM phy

errors for ANI control
get ofdmTrigLow
Display lower trigger threshold for OFDM phy

errors for ANI control
get ofdmWeakSigDet
Display ANI parameter for OFDM weak signal

detection
Command Reference
111

Command
Description
get overRidetxpower
Display Tx power override
get operationMode
Display Operation Mode
get power
Display Transmit Power Setting
get quietAckCtsAllow
Display if Ack/Cts frames are allowed during quiet

period
get quietDuration
Display duration of quiet period
get quietOffset
Display offset of quiet period into the beacon

period
get radiusname
Display RADIUS server name or IP address
get radiusport
Display RADIUS port number
get rate
Display data rate
get remoteAp
Display remote access points MAC address
get hwtxretries
Display HW transmit retry limit
get swtxretries
Display SW transmit retry limit
get rtsthreshold
Display RTS/CTS threshold
get shortpreamble
Display short preamble usage
get shortslottime
Display short slot time usage
get sntpserver
Display SNTP/NTP server IP address
get softwareretry
Display software retry
get spurImmunityLvl
Display ANI parameter for spur immunity level
get ssid
Display service set ID
get ssidsuppress
Display SSID suppress mode
get station
Display station status
get SuperG
Display SuperG feature status
get systemname
Display Access Points system name
get telnet
Display Telnet mode
get timeout
Display Telnet timeout
get tzone
Display time zone settings
get updateparam
Display vendor default firmware update params
get uptime
Display uptime
get watchdog
Display watchdog mode
get wds
Display WDS mode
get wep
Display encryption mode
112

Command
Description
get wirelessmode
Display wireless LAN mode
get 80211d
Display 802.11d mode
get http
Display HTTP enable/disable
get HttpPort
Display HTTP port number
get https
Display HTTPS enable/disable
get HttpsPort
Display HTTPS port number
get syslog
Display syslog disable/broadcast/unicast
get syslogSeverity
Display syslog severity level
get syslogServer
Display unicast syslog server IP address/name
get manageOnlyLan
Display management only via LAN enable/disable
get roguedetect
Display rogue AP detection enable/disable
get rogueinteval
Display rogue AP detection interval (range: 3~99

minutes)
get rogueband
Display rogue AP detection band(s)
get roguetype
Display rogue AP definition
get roguesnmp
Display rogue AP detection SNMP trap

enable/disable
get roguelegal
Display legal AP list of rogue AP
get autoConfig
Display auto config enable/disable
get autoResponse
Display respond to auto config request

enable/disable
get autoChangeName
Display provide admin logon name and password

enable/disable
get autoSetResp
Display provide respond to auto config request

enable/disable
get autoUpdate
Display auto update enable/disable
get autoUpgradeOnly
Display install later version only enable/disable
get autoUpdateInterval
Display auto update interval (1~31days)
get ftpServer
Display FTP server address
get fwPathname
Display firmware pathname
get ftpLogin
Display FTP logon name
get ftpPassword
Display FTP password
get
activeCurrentProfile
Display active current profile
get profileName
Display profile name
Command Reference
113

Command
Description
get profileVlanId
Display profile VLAN ID
get APPrimaryProfile
Display AP primary profile
get WDSPrimaryProfile
Display WDS primary profile
get securityMode
Display security mode
get Accounting
Display accounting enable/disable
get Accountingport
Display accounting port number
get keyValue
Display encryption key value
get keyLength
Display encryption key length
get keyIndex
Display encryption key index
get UAM
Display UAM authentication enable/disable
get UAMMethod
Display UAM authentication method
get UAMLoginURL
Display UAM authentication logon URL
get UAMLoginFailURL
Display UAM authentication logon failure URL
get macAuth
Display MAC authentication enable/disable
get snmpMode
Display SNMP mode
get snmpCommunity
Display SNMP community name
get snmpAccessRight
Display SNMP access right
get snmpAnyStaMode
Display SNMP any station mode
get snmpStationIPAddr
Display SNMP station address
get trapMode
Display trap mode
get trapVersion
Display trap version
get trapSendMode
Display trap send mode
get trapRecvIp
Display trap receiver IP address
get wdsMacList
Display WDS MAC address list
get
enableWirelessClient
Display wireless client enable/disable
get isolationType
Display isolation type
get winsEnable
Display WINS server enable/disable
get winsserveraddr
Display IP address of WINS server
get wirelessSeparate
Display wireless separation mode
get description
Display access point description
get dhcpmode
Display DHCP mode
get wlanstate
Display WLAN state
114

Command
Description
help
Display CLI command list
Lebradeb
Disable reboot during radar detection
ls
List directory
mem
System memory statistics
np
Network performance
ns
Network performance server
ping
Ping
radar!
Simulate radar detection on current channel
reboot
Reboot Access Point
rm
Remove file
run
Run command file
quit
Log off
set 11gonly
Set 11g only allowed
set 11goptimize
Set 11g optimization level
set 11goverlapbss
Set overlapping BSS protection
set acl
Set access control list
set aging
Set aging interval
set antenna
Set antenna
set authentication
Set authentication type
set autochannelselect
Set auto channel selection
set basic11b
Set use of basic 11b rates
set basic11g
Set use of basic 11g rates
set beaconinterval
Modify beacon interval
set burstSeqThreshold
Set maximum number of frames per burst
set burstTime
Set burst time
set calibration
Set calibration period
set cckTrigHigh
Set higher trigger threshold for CCK phy errors for

ANI control
set cckTrigLow
Set lower trigger threshold for CCK phy errors for

ANI control
set cckWeakSigThr
Set ANI parameter for CCK weak signal detection

threshold
set channel
Set radio channel
set cipher
Set cipher
Command Reference
115

Command
Description
set compproc
Set compression scheme
set compwinsize
Set compression window size
set countrycode
Set country code
set ctsmode
Set CTS mode
set ctsrate
Set CTS rate
set ctstype
Set CTS type
set domainsuffix
Set domain name server suffix
set dtim
Set data beacon rate (DTIM)
set enableANI
Turn adaptive noise immunity control on/off
set encryption
Set encryption mode
set extendedchanmode
Set extended channel mode
set factorydefault
Restore to default factory settings
set firStepLvl
Set ANI parameter for FirStepLevel
set fragmentthreshold
Set fragment threshold
set frequency
Set radio frequency (MHz)
set gateway
Set gateway IP address
set gbeaconrate
Set 11g beacon rate
set groupkeyupdate
Set group key update interval (in seconds)
set gdraft5
Set 11g draft 5.0 compatibility
set hostipaddr
Set host IP address
set ipaddr
Set IP address
set ipmask
Set IP subnet mask
set keyentrymethod
Select encryption key entry method
set keysource
Select source of encryption keys
set login
Modify logon user name
set minimumrate
Set minimum rate
set nameaddress
Set IP address of name server
set noiseImmunityLvl
Set ANI parameter for noise immunity level
set ofdmTrigHigh
Set higher trigger threshold for OFDM phy errors

for ANI control
set ofdmTrigLow
Set lower trigger threshold for OFDM phy errors

for ANI control
set ofdmWeakSigDet
Set ANI parameter for OFDM weak signal

detection
116

Command
Description
set overRidetxpower
Set Tx power override
set operationMode
Set operation mode
set password
Modify password
set passphrase
Modify passphrase
set power
Set transmit power
set quietAckCtsAllow
Allow Ack/Cts frames during quiet period
set quietDuration
Duration of quiet period
set quietOffset
Offset of quiet period into the beacon period
set radiusname
Set RADIUS name or IP address
set radiusport
Set RADIUS port number
set radiussecret
Set RADIUS shared secret
set rate
Set data rate
set regulatorydomain
Set regulatory domain
set remoteAP
Set remote access points MAC address
set hwtxretries
Set HW transmit retry limit
set swtxretries
Set SW transmit retry limit
set rtsthreshold
Set RTS/CTS threshold
set shortpreamble
Set short preamble
set shortslottime
Set short slot time
set sntpserver
Set SNTP/NTP server IP address
set softwareretry
Set software retry
set spurImmunityLvl
Set ANI parameter for spur immunity level
set ssid
Set service set ID
set ssidsuppress
Set SSID suppress mode
set SuperG
SuperG features
set systemname
Set Access Points system name
set telnet
Set Telnet mode
set timeout
Set Telnet timeout
set tzone
Set time zone settings
set updateparam
Set vendor default firmware update parameters
set watchdog
Set watchdog mode
set wds
Set WDS mode
set wep
Set encryption mode
Command Reference
117

Command
Description
set wlanstate
Set WLAN state
set wirelessmode
Set wireless LAN mode
set 80211d
Set 802.11d mode
set http
Set HTTP enable/disable
set HttpPort
Set HTTP port number
set https
Set HTTPS enable/disable
set HttpsPort
Set HTTPS port number
set syslog
Set syslog disable/broadcast/unicast
set syslogSeverity
Set syslog severity level
set syslogServer
Set unicast syslog server IP address/name
set manageOnlyLan
Set management only via LAN enable/disable
set roguedetect
Set rogue AP detection enable/disable
set rogueinteval
Set rogue AP detection interval (range: 3~99

minutes)
set rogueband
Set rogue AP detection band(s)
set roguetype
Set rogue AP definition
set roguesnmp
Set rogue AP detection SNMP trap enable/disable
set roguelegal
Add/delete one AP MAC/OUI into/from rogue AP

legal List
set autoConfig
Set auto config enable/disable
set autoResponse
Set respond to auto config request enable/disable
set autoChangeName
Set provide admin logon name and password

enable/disable
set autoSetResp
Set provide respond to auto config request

enable/disable
set autoUpdate
Set auto update enable/disable
set autoUpgradeOnly
Set install later version only enable/disable
set autoUpdateInterval
Set auto update interval (1~31days)
set ftpServer
Set FTP server address
set fwPathname
Set firmware pathname
set ftpLogin
Set FTP logon name
set ftpPassword
Set FTP password
set
activeCurrentProfile
Set active current profile
118

Command
Description
set profileName
Set profile name
set profileVlanId
Set profile LAN ID
set APPrimaryProfile
Set Access Points primary profile
set WDSPrimaryProfile
Set primary profile WDS
set securityMode
Set security mode
set Accounting
Set accounting enable/disable
set Accountingport
Set accounting port number
set keyValue
Set encryption key value
set keyLength
Set encryption key length
set keyIndex
Set encryption key index
set UAM
Set UAM authentication enable/disable
set UAMMethod
Set UAM authentication method
set UAMLoginURL
Set UAM authentication logon URL
set UAMLoginFailURL
Set UAM authentication logon failure URL
set macAuth
Set MAC authentication enable/disable
set snmpMode
Set SNMP mode
set snmpCommunity
Set SNMP community name
set snmpAccessRight
Set SNMP access rights
set snmpAnyStaMode
Set SNMP any station mode
set snmpStationIPAddr
Set SNMP station address
set trapMode
Set trap mode
set trapVersion
Set trap version
set trapSendMode
Set trap send mode
set trapRecvIp
Set trap receiver IP address
set description
Set Access Point description
set dhcpMode
Set DHCP mode
set wdsMacList
Set MAC address list for WDS
set
enableWirelessClient
Set wireless client enable/disable
set isolationType
Set isolation type
set winsEnable
Set WINS server enable/disable
set winsServerAddr
Set WINS server IP address
set wirelessSeparate
Set wireless separation mode
Command Reference

Command
Description
set sdSet
Set debug level
set sdAdd
Add debug level
set sdDel
Del debug level
start wlan
Start the current WLAN
stop wlan
Stop the current WLAN
timeofday
Display current time of day
version
Software version
119
120
WIRELESS LAN BASICS
This appendix provides basic information on wireless local networks.

Other terms related to wireless networks that are not included in this
appendix can be found in the Glossary starting on page 143.
Wireless Modes
Ad Hoc Mode
Infrastructure Mode
There are two modes in which wireless local networks can operate:
Ad hoc mode
Infrastructure mode
Ad hoc mode does not require an Access Point or a wired local network.
Wireless stations (for example, notebook with wireless cards installed) can
communicate directly with each other.
In infrastructure mode, one or more Access Points are used to connect
wireless stations to a wired local network. The wireless stations that are
associated with the Access Point can access all resources on the local
network.
Access Points can only function in infrastructure mode and can
communicate only with wireless stations that are set to infrastructure
mode.
SSID/ESSID
BSS/SSID
A group of wireless stations and a single Access Point, all using the same
ID (SSID), form a Basic Service Set (BSS).
Using the same SSID is essential. Wireless devices that use different SSIDs
may not be able to communicate with each other. However, some Access
Points allow connections from wireless stations that have their SSID set to
any or whose SSID is blank (null).
122
APPENDIX C: WIRELESS LAN BASICS
ESS/ESSID
A group of wireless stations and multiple Access Points, all using the
same ID (ESSID), form an Extended Service Set (ESS).
Different Access Points within an ESS can use different channels. To
reduce interference, it is recommended that adjacent Access Points
should use different channels.
As wireless stations are physically moved through the area covered by an
ESS, they will automatically change to the Access Point which has the
least interference or best performance. This capability is called roaming.
Access Points do not have or require roaming capabilities.
Wireless Channels
The wireless channel sets the radio frequency used for communication.
Access Points use a fixed channel, which is user-configurable. This

allows you to choose a channel that provides the least interference
and best performance. For 802.11g, 13 channels are available in the
USA and Canada, but 11 channels are available in North America if
using 802.11b.
If using multiple Access Points, it is better if adjacent Access Points use

different channels to reduce interference. The recommended channel
spacing between adjacent Access Points is 5 channels (for example,
use Channels 1 and 6, or 6 and 11).
In infrastructure mode, wireless stations normally scan all channels to

search for an active Access Point. If more than one Access Point can
be used, the one with the strongest signal is used. (This can only
happen within an ESS.)
In ad hoc mode, all wireless stations should be set to use the same
channel. However, most wireless stations will still scan all channels to
see if there is an existing ad hoc group they can join.
Security Settings
WEP
Wired Equivalent Privacy (WEP) is a standard for encrypting data before it

is transmitted. This is desirable because it is impossible to prevent
snoopers from receiving any data which is transmitted by your wireless
stations. But if the data is encrypted, then it is meaningless unless the
receiver can decrypt it.
If WEP is used, the wireless stations and the Access Point must have the
same settings.
Security Settings
123
WPA-PSK
Like WEP, data is encrypted before transmission. WPA is more secure

than WEP, and should be used if possible. The PSK (pre-shared key) must
be entered on each wireless station. The 256Bit encryption key is derived
from the PSK, and changes frequently.
WPA-802.1x
This version of WPA requires a RADIUS Server on the local network to

provide the client authentication according to the 802.1x standard. Data
transmissions are encrypted using the WPA standard.
If this option is used:
802.1x
The Access Point must have a client logon account on the RADIUS
server.
Each user must have a user logon account on the RADIUS server.
Each wireless station must support 802.1x and provide the logon data
when required.
All data transmission is encrypted using the WPA standard. Keys are
automatically generated, so no key input is required.
This uses the 802.1x standard for client authentication, and WEP for data
encryption. If possible, you should use WPA-802.1x instead, because
WPA encryption is much stronger than WEP encryption.
If this option is used:
The Access Point must have a client login on the RADIUS server.
Each user must have a user logon account on the RADIUS server.
Each wireless station must support 802.1x and provide the logon data
when required.
All data transmission is encrypted using the WEP standard. You only
have to select the WEP key size; the WEP key is automatically
generated.
124
APPENDIX C: WIRELESS LAN BASICS
CONFIGURING THE TCP/IP

SETTINGS OF WIRELESS STATIONS
This appendix provides information on how to configure the TCP/IP

settings of a wireless station on different Windows platforms.
Overview of TCP/IP
Transmission Control Protocol/Internet Protocol (TCP/IP) is probably the

most widely known and is a combination of two protocols (IP and TCP)
working together. TCP/IP is an internationally adopted and supported
networking standard that provides connectivity between equipment from
many vendors over a wide variety of networking technologies.
For the wireless stations to be able to communicate with the Access
Point, they must have TCP/IP settings that match. This appendix provides
step-by-step instructions for:
Configuring TCP/IP
on Windows XP
Configuring TCP/IP on Windows XP
Configuring TCP/IP on Windows 2000
Configuring TCP/IP on Windows Me/98/95
Configuring TCP/IP on Windows NT 4.0
To configure the TCP/IP settings of a wireless station that is running

Windows XP:
1 From the Start menu, click Control Panel.
2 Double-click Network. The Network dialog box appears, as shown in
Figure 56.
126
APPENDIX D: CONFIGURING THE TCP/IP SETTINGS OF WIRELESS STATIONS
Figure 56 Local Area Connection Properties Dialog Box on Windows XP
3 Click Internet Protocol (TCP/IP), and then click Properties. The TCP/IP
Properties dialog box, as shown in Figure 61, appears.
Configuring TCP/IP on Windows XP
127
Figure 57 Internet Protocol (TCP/IP) Properties Dialog Box on Windows XP
4 Verify that the TCP/IP settings are correct.
If a DHCP server automatically assigns IP addresses on the network,

click Obtain an IP address automatically.
If static IP addresses are assigned to computers on the network, click

Specify an IP address, and then do the following:
In IP Address, type an IP address that belongs to the same range as

the IP address assigned to the Access Point. For example, if the
Access Point is using its default IP address (192.168.0.228), type
an IP address within the range 192.168.0.1 to 192.168.0.255
(except 192.168.0.228).
In Subnet Mask, type the same subnet mask that is assigned to the
Access Point. For example, if the mask that is assigned to the
Access Point is 255.255.255.0, type 255.255.255.0.
5 Click OK.
You may have to restart the wireless station for the changes to take
effect.
128
Configuring TCP/IP
on Windows 2000

Windows 2000:
1 From the Start menu, point to Settings, and then click Network and
Dial-up Connections.
2 Right-click the local area network connection that you want to configure,
and then click Properties. The Local Area Network Connection window
appears, as shown in Figure 58.
Figure 58 Local Area Connection Properties Dialog Box on Windows 2000
3 Click Internet Protocol (TCP/IP), and then click Properties. The TCP/IP
Properties dialog box, as shown in Figure 61, appears.
Configuring TCP/IP on Windows 2000
129
Figure 59 Internet Protocol (TCP/IP) Properties Dialog Box on Windows 2000



(except 192.168.0.228).
5 Click OK.
effect.
130
Configuring TCP/IP
on Windows
Me/98/95

Windows Me, 9x, or 95:
1 From the Start menu, point to Settings, and then click Control Panel.
Figure 60.
Figure 60 Network Dialog Box on Windows Me/98/95
3 Select the TCP/IP component for the wireless network card, and then click
Properties. The TCP/IP Properties dialog box, as shown in Figure 61,
appears.
Figure 61 TCP/IP Properties Dialog Box
131



(except 192.168.0.228).
5 Click OK.
effect.
Configuring TCP/IP
on Windows NT 4.0

Windows NT 4.0:
1 From the Start menu, point to Settings, and then click Control Panel.
Figure 62.
132
Figure 62 Network Dialog Box on Windows NT
3 Select the TCP/IP component for the wireless network card, and then click
Properties. The Microsoft TCP/IP Properties dialog box, as shown in
Figure 61, appears.
133
Figure 63 Microsoft TCP/IP Properties Dialog Box



(except 192.168.0.228).
5 Click OK.
effect.
134
E
Register Your
Product
OBTAINING SUPPORT FOR YOUR

PRODUCT
Warranty and other service benefits start from the date of purchase, so it
is important to register your product quickly to ensure you get full use of
the warranty and other service benefits available to you.
Warranty and other service benefits are enabled through product
registration. Register your product at http://eSupport.3com.com/.
3Com eSupport services are based on accounts that you create or have
authorization to access. First time users must apply for a user name and
password that provides access to a number of eSupport features
including Product Registration, Repair Services, and Service Request. If
you have trouble registering your product, please contact 3Com Global
Services for assistance.
Purchase
Value-Added
Services
To enhance response times or extend warranty benefits, contact 3Com or

your authorized 3Com network supplier. Value-added services like 3Com
ExpressSM and GuardianSM can include 24x7 telephone technical support,
software upgrades, onsite assistance or advance hardware replacement.
Experienced engineers are available to manage your installation with
minimal disruption to your network. Expert assessment and
implementation services are offered to fill resource gaps and ensure the
success of your networking projects. More information on 3Com
maintenance and Professional Services is available at
Contact your authorized 3Com network supplier or 3Com for a complete

list of the value-added services available in your area.
136
APPENDIX E: OBTAINING SUPPORT FOR YOUR PRODUCT
Troubleshoot
Online
You will find support tools posted on the 3Com Web site at
3Com Knowledgebase helps you troubleshoot 3Com products. This

query-based interactive tool is located at
http://knowledgebase.3com.com and contains thousands of technical
solutions written by 3Com support engineers.
Access Software
Downloads
Software Updates are the bug fix / maintenance releases for the version
of software initially purchased with the product. In order to access these
Software Updates you must first register your product on the 3Com Web
site at http://eSupport.3com.com/
First time users will need to apply for a user name and password. A link to
software downloads can be found at http://eSupport.3com.com/, or
under the Product Support heading at http://www.3com.com/
Software Upgrades are the software releases that follow the software
version included with your original product. In order to access upgrades
and related documentation you must first purchase a service contract
from 3Com or your 3Com network supplier.
Telephone
Technical Support
and Repair
To enable telephone support and other service benefits, you must first
register your product at http://eSupport.3com.com/
Warranty and other service benefits start from the date of purchase, so it
is important to register your product quickly to ensure you get full use of
the warranty and other service benefits available to you.
When you contact 3Com for assistance, please have the following
information ready:
Product model name, part number, and serial number
Proof of purchase, if you have not pre-registered your product
A list of system hardware and software, including revision level
Diagnostic error messages
Details about recent configuration changes, if applicable
Contact Us
137
To send a product directly to 3Com for repair, you must first obtain a
return authorization number (RMA). Products sent to 3Com, without
authorization numbers clearly marked on the outside of the package, will
be returned to the sender unopened, at the senders expense. If your
product is registered and under warranty, you can obtain an RMA
number online at http://eSupport.3com.com/. First time users will
need to apply for a user name and password.
Contact Us
3Com offers telephone, e-mail and internet access to technical support

and repair services. To access these services for your region, use the
appropriate telephone number, URL or e-mail address from the list
below.
Telephone numbers are correct at the time of publication. Find a current
directory of contact information posted on the 3Com Web site at
http://csoweb4.3com.com/contactus/
Country
Telephone Number
Country
Telephone Number
Asia, Pacific Rim Telephone Technical Support and Repair

Australia
Hong Kong
India
Indonesia
Japan
Malaysia
New Zealand
Pakistan
1 800 678 515

800 933 486
+61 2 9424 5179 or
000800 650 1111
001 803 61009
00531 616 439 or
03 3507 5984
1800 801 777
0800 446 398
+61 2 9937 5083
Philippines
P.R. of China
Singapore
S. Korea
Taiwan
Thailand
1235 61 266 2602 or

1800 1 888 9469
800 810 3033
800 6161 463
080 333 3308
00801 611 261
001 800 611 2000
You can also obtain support in this region using the following e-mail: apr_technical_support@3com.com
Or request a repair authorization number (RMA) by fax using this number:
Europe, Middle East, and Africa Telephone Technical Support and Repair
From anywhere in these
regions, call:
+44 (0)1442 435529
From the following countries, you may use the numbers shown:
+ 65 543 6348
138
APPENDIX E: OBTAINING SUPPORT FOR YOUR PRODUCT
Country
Telephone Number
Country
Telephone Number
Austria
Belgium
Denmark
Finland
France
Germany
Hungary
Ireland
Israel
Italy
01 7956 7124
070 700 770
7010 7289
01080 2783
0825 809 622
01805 404 747
06800 12813
1407 3387
1800 945 3794
199 161346
Luxembourg
Netherlands
Norway
Poland
Portugal
South Africa
Spain
Sweden
Switzerland
U.K.
342 0808128
0900 777 7737
815 33 047
00800 441 1357
707 200 123
0800 995 014
9 021 60455
07711 14453
08488 50112
0870 909 3266
You can also obtain support in this region using the following URL:
http://emea.3com.com/support/email.html
Latin America Telephone Technical Support and Repair
Antigua
Argentina
Aruba
Bahamas
Barbados
Belize
Bermuda
Bonaire
Brazil
Cayman
Chile
Colombia
Costa Rica
Curacao
Ecuador
Dominican Republic
1 800 988 2112

0 810 444 3COM
1 800 998 2112
1 800 998 2112
1 800 998 2112
52 5 201 0010
1 800 998 2112
1 800 998 2112
0800 13 3COM
1 800 998 2112
AT&T +800 998 2112
AT&T +800 998 2112
AT&T +800 998 2112
1 800 998 2112
AT&T +800 998 2112
AT&T +800 998 2112
Guatemala
Haiti
Honduras
Jamaica
Martinique
Mexico
Nicaragua
Panama
Paraguay
Peru
Puerto Rico
Salvador
Trinidad and Tobago
Uruguay
Venezuela
Virgin Islands
You can also obtain support in this region using the following:
Spanish speakers, enter the URL:
http://lat.3com.com/lat/support/form.html
Portuguese speakers, enter the URL:
http://lat.3com.com/br/support/form.html
English speakers in Latin America should send e-mail to:
lat_support_anc@3com.com
US and Canada Telephone Technical Support and Repair
1 800 876 3266
AT&T +800 998 2112

57 1 657 0888
AT&T +800 998 2112
1 800 998 2112
571 657 0888
01 800 849CARE
AT&T +800 998 2112
AT&T +800 998 2112
54 11 4894 1888
AT&T +800 998 2112
1 800 998 2112
AT&T +800 998 2112
1 800 998 2112
AT&T +800 998 2112
AT&T +800 998 2112
57 1 657 0888
SAFETY INFORMATION
Important Safety
Information
WARNING: Warnings contain directions that you must follow for your
personal safety. Follow all directions carefully. You must read the
following safety information carefully before you install or remove the
unit.
WARNING: The Access Point generates and uses radio frequency (rf)
energy. In some environments, the use of rf energy is not permitted. The
user should seek local advice on whether or not rf energy is permitted
within the area of intended use.
WARNING: Exceptional care must be taken during installation and
removal of the unit.
WARNING: Only stack the Access Point with other OfficeConnect units.
WARNING: To ensure compliance with international safety standards,
only use the power adapter that is supplied with the unit.
WARNING: The socket outlet must be near to the unit and easily
accessible. You can only remove power from the unit by disconnecting
the power cord from the outlet.
WARNING: This unit operates under SELV (Safety Extra Low Voltage)
conditions according to IEC 60950. The conditions are only maintained if
the equipment to which it is connected also operates under SELV
conditions.
WARNING: There are no user-replaceable fuses or user-serviceable parts
inside the Access Point. If you have a physical problem with the unit that
cannot be solved with problem solving actions in this guide, contact your
supplier.
WARNING: Disconnect the power adapter before moving the unit.
140
APPENDIX F: SAFETY INFORMATION
WARNING: RJ-45 ports. These are shielded RJ-45 data sockets. They
cannot be used as telephone sockets. Connect only RJ-45 data
connectors to these sockets.
Wichtige
Sicherheitshinweise
VORSICHT: Warnhinweise enthalten Anweisungen, die Sie zu Ihrer
eigenen Sicherheit befolgen mssen. Alle Anweisungen sind sorgfltig zu
befolgen.
Sie mssen die folgenden Sicherheitsinformationen sorgfltig durchlesen,
bevor Sie das Gerts installieren oder ausbauen.
VORSICHT: Der Access Point erzeugt und verwendet Funkfrequenz (RF).
In manchen Umgebungen ist die Verwendung von Funkfrequenz nicht
gestattet. Erkundigen Sie sich bei den zustndigen Stellen, ob die
Verwendung von Funkfrequenz in dem Bereich, in dem der Bluetooth
Access Point eingesetzt werden soll, erlaubt ist.
VORSICHT: Bei der Installation und beim Ausbau des Gerts ist mit
hchster Vorsicht vorzugehen.
VORTSICHT: Stapeln Sie das Gerts nur mit anderen OfficeConnect
Gertes zusammen.
VORSICHT: Aufgrund von internationalen Sicherheitsnormen darf das
Gert nur mit dem mitgelieferten Netzadapter verwendet werden.
VORSICHT: Die Netzsteckdose mu in der Nhe des Gerts und leicht
zugnglich sein. Die Stromversorgung des Gerts kann nur durch
Herausziehen des Gertenetzkabels aus der Netzsteckdose unterbrochen
werden.
VORSICHT: Der Betrieb dieses Gerts erfolgt unter den
SELV-Bedingungen (Sicherheitskleinstspannung) gem IEC 60950. Diese
Bedingungen sind nur gegeben, wenn auch die an das Gert
angeschlossenen Gerte unter SELV-Bedingungen betrieben werden.
VORSICHT: Es sind keine von dem Benutzer zu ersetzende oder zu
wartende Teile in dem Gert vorhanden. Wenn Sie ein Problem mit dem
Access Point haben, das nicht mittels der Fehleranalyse in dieser
Anleitung behoben werden kann, setzen Sie sich mit Ihrem Lieferanten in
Verbindung.
VORSICHT: Vor dem Ausbau des Gerts das Netzadapterkabel
herausziehen.
Consignes Importantes de Scurit
141
VORSICHT: RJ-45-Anschlsse. Dies sind abgeschirmte

RJ-45-Datenbuchsen. Sie knnen nicht als Telefonanschlubuchsen
verwendet werden. An diesen Buchsen drfen nur RJ-45-Datenstecker
angeschlossen werden.
Consignes
Importantes de
Scurit
AVERTISSEMENT: Les avertissements prsentent des consignes que vous
devez respecter pour garantir votre scurit personnelle. Vous devez
respecter attentivement toutes les consignes.
Nous vous demandons de lire attentivement les consignes suivantes de
scurit avant dinstaller ou de retirer lappareil.
AVERTISSEMENT: LAccess Point fournit et utilise de l'nergie
radiolectrique (radio frquence -rf). L'utilisation de l'nergie
radiolectrique est interdite dans certains environnements. L'utilisateur
devra se renseigner sur l'autorisation de cette nergie dans la zone
prvue.
AVERTISSEMENT: Faites trs attention lors de l'installation et de la
dpose du groupe.
AVERTISSEMENT: Seulement entasser le moyer avec les autres moyeux
OfficeConnects.
AVERTISSEMENT: Pour garantir le respect des normes internationales de
scurit, utilisez uniquement l'adaptateur lectrique remis avec cet
appareil.
AVERTISSEMENT: La prise secteur doit se trouver proximit de
lappareil et son accs doit tre facile. Vous ne pouvez mettre lappareil
hors circuit qu'en dbranchant son cordon lectrique au niveau de cette
prise.
AVERTISSEMENT: Lappareil fonctionne une tension extrmement
basse de scurit qui est conforme la norme CEI 60950. Ces conditions
ne sont maintenues que si l'quipement auquel il est raccord fonctionne
dans les mmes conditions.
AVERTISSEMENT: Il ny a pas de parties remplaceables par les
utilisateurs ou entretenues par les utilisateurs lintrieur du moyeu. Si
vous avez un problme physique avec le moyeu qui ne peut pas tre
rsolu avec les actions de la rsolution des problmes dans ce guide,
contacter votre fournisseur.
142
APPENDIX F: SAFETY INFORMATION
AVERTISSEMENT: Dbranchez l'adaptateur lectrique avant de retirer

cet appareil.
AVERTISSEMENT: Ports RJ-45. Il s'agit de prises femelles blindes de
donnes RJ-45. Vous ne pouvez pas les utiliser comme prise de
tlphone. Branchez uniquement des connecteurs de donnes RJ-45 sur
ces prises femelles.
GLOSSARY
802.11a
The IEEE specification for wireless Ethernet which allows speeds of up

to 54 Mbps in the 5GHz range. The standard provides for 6, 12, 24,
36, 48 and 54 Mbps data rates. The rates will switch automatically
depending on range and environment.
802.11b

to 11 Mbps. The standard provides for 1, 2, 5.5 and 11 Mbps data
rates. The rates will switch automatically depending on range and
environment.
802.11g

to 54 Mbps in the 2.5 GHz range. The standard provides for 6, 12, 24,
36, 48 and 54 Mbps data rates. The rates will switch automatically
depending on range and environment.
access point
A device through which wireless clients (or stations) connect to other

wireless clients and which acts as a bridge between wireless clients and
a wired network, such as Ethernet. Wireless clients can be moved
anywhere within the coverage area of the Access Point and still
connect with each other. If connected to an Ethernet network, the
Access Point monitors Ethernet traffic and forwards appropriate
Ethernet messages to the wireless network, while also monitoring
wireless client radio traffic and forwarding wireless client messages to
the Ethernet LAN.
ad hoc mode
Ad hoc mode is a configuration supported by most wireless clients. It is

used to connect a peer to peer network together without the use of an
Access Point. It offers lower performance than infrastructure mode,
used by the Access Point. See also infrastructure mode.
bandwidth
The information capacity, measured in bits per second, that a channel

can transmit. The bandwidth of Ethernet is 10 Mbps; the bandwidth of
Fast Ethernet is 100 Mbps. The bandwidth for 802.11b wireless is
11Mbps. The bandwidth for 802.11g is 54 Mbps.
144
GLOSSARY
channel
Similar to any radio device, the OfficeConnect Wireless 108 Mbps 11g
PoE Access Point allows you to choose different radio channels in the
wireless spectrum. A channel is a particular frequency within the
2.4GHz spectrum within which the gateway operates.
client
The term used to described the computer that is connected to your

network.
DHCP
Dynamic Host Configuration Protocol. This protocol automatically

assigns an IP address for every computer on your network. Windows
95, Windows 98 and Windows NT 4.0 contain software that assigns IP
addresses to workstations on a network. These assignments are made
by the DHCP server software that runs on Windows NT Server, and
Windows 95 and Windows 98 will call the server to obtain the address.
Windows 98 will allocate itself an address if no DHCP server can be
found.
DNS server address
DNS stands for Domain Name System, which allows Internet host
computers to have a domain name (such as 3com.com) and one or
more IP addresses (such as 192.34.45.8). A DNS server keeps a
database of host computers and their respective domain names and IP
addresses, so that when a domain name is requested (as in typing
3com.com into your Internet browser), the user is sent to the proper
IP address. The DNS server address used by the computers on your
home network is the location of the DNS server your ISP has assigned.
encryption
ESSID
Ethernet
Ethernet Address
hub
A method for providing a level of security to wireless data

transmissions. The OfficeConnect Wireless 108 Mbps 11g PoE Access
Point uses two types of encryption; WPA and WEP. WPA is a more
powerful level of encryption than WEP.
Extended Service Set Identifier. The ESSID is a unique identifier for your
wireless network. You must have the same ESSID entered into the
Access Point and each of its wireless clients.
A LAN specification developed jointly by Xerox, Intel and Digital
Equipment Corporation. Ethernet networks use CSMA/CD to transmit
packets at a rate of 10 Mbps over a variety of cables.
See MAC address.
A device that regenerates LAN traffic so that the transmission distance
of that signal can be extended. Hubs are similar to repeaters, in that
GLOSSARY
145
they connect LANs of the same type; however they connect more LANs
than a repeater and are generally more sophisticated.
IEEE
Institute of Electrical and Electronics Engineers. This American

organization was founded in 1963 and sets standards for computers
and communications.
IETF
Internet Engineering Task Force. An organization responsible for

providing engineering solutions for TCP/IP networks. In the network
management area, this group is responsible for the development of the
SNMP protocol.
infrastructure mode
Infrastructure mode is the 802.11g configuration supported by the

Access Point. You will need to ensure all of your clients are set up to
use infrastructure mode in order for them to communicate with the
Access Point. (see also Ad Hoc mode)
IP
Internet Protocol. IP is a layer 3 network protocol that is the standard

for sending data through a network. IP is part of the TCP/IP set of
protocols that describe the routing of packets to addressed devices. An
IP address consists of 32 bits divided into two or three fields: a network
number and a host number or a network number, a subnet number,
and a host number.
IP Address
Internet Protocol Address. A unique identifier for a device attached to a

network using TCP/IP. The address is written as four octets separated
with periods (full-stops), and is made up of a network section, an
optional subnet section and a host section.
LAN
Local Area Network. A network of end stations (such as PCs, printers,

servers) and network devices (hubs and switches) that cover a relatively
small geographic area (usually not larger than a floor or building). LANs
are characterized by high transmission speeds over short distances (up
to 1000 meters).
MAC
Media Access Control. A protocol specified by the IEEE for determining

which devices have access to a network at any one time.
MAC address
Media Access Control Address. Also called the hardware or physical

address. A layer 2 address associated with a particular network device.
Most devices that connect to a LAN have a MAC address assigned to
them as they are used to identify other devices in a network. MAC
addresses are 6 bytes long.
146
GLOSSARY
network
A network is a collection of computers and other computer equipment

that are connected for the purpose of exchanging information or
sharing resources. Networks vary in size, some are within a single
room, others span continents.
network interface
card (NIC)
A circuit board installed into a piece of computing equipment, for

example, a computer, that enables you to connect it to the network. A
NIC is also known as an adapter or adapter card.
protocol
A set of rules for communication between devices on a network. The

rules dictate format, timing, sequencing and error control.
RJ-45
A standard connector used to connect Ethernet networks. The RJ

stands for registered jack.
server
A computer in a network that is shared by multiple end stations.

Servers provide end stations with access to shared network services
such as computer files and printer queues.
SSID
subnet address
subnet mask
Service Set Identifier. Some vendors of wireless products use SSID

interchangeably with ESSID.
An extension of the IP addressing scheme that allows a site to use a
single IP network address for multiple physical networks.
A subnet mask, which may be a part of the TCP/IP information
provided by your ISP, is a set of four numbers configured like an IP
address. It is used to create IP address numbers used only within a
particular network (as opposed to valid IP address numbers recognized
by the Internet, which must assigned by InterNIC).
subnet
A network that is a component of a larger network.
switch
A device that interconnects several LANs to form a single logical LAN

that comprises of several LAN segments. Switches are similar to
bridges, in that they connect LANs of a different type; however they
connect more LANs than a bridge and are generally more sophisticated.
TCP/IP
Transmission Control Protocol/Internet Protocol. This is the name for

two of the most well-known protocols developed for the
interconnection of networks. Originally a UNIX standard, TCP/IP is now
supported on almost all platforms, and is the protocol of the Internet.
TCP relates to the content of the data traveling through a network
ensuring that the information sent arrives in one piece when it reaches
GLOSSARY
147
its destination. IP relates to the address of the end station to which

data is being sent, as well as the address of the destination network.
traffic
The movement of data packets on a network.
WEP
Wired Equivalent Privacy. A shared key encryption mechanism for

wireless networking. Encryption strength is 40/64 bit or 128 bit.
Wi-Fi
Wireless Fidelity. This is the certification granted by WECA to products

that meet their interoperability criteria. (see also 802.11b, 802.11g,
WECA)
wireless client or
wireless station
Wireless LAN Service
Area
The term used to describe a desktop or mobile PC that is wirelessly

connected to your wireless network.
Another term for ESSID (Extended Service Set Identifier)
wizard
A Windows application that automates a procedure such as installation

or configuration.
WLAN
Wireless Local Area Network. A WLAN is a group of computers and

devices connected together by wireless in a relatively small area (such
as a house or office).
WPA
Wi-Fi Protected Access. A dynamically changing encryption mechanism

for wireless networking. Encryption strength is 256 bit.
148
GLOSSARY
INDEX
notice icons, About This Guide 2

text, About This Guide 2
Numbers
3Com Access Point Manager 23, 88
802.1x client authentication 74
A
access control 45
backing up trusted list 49
deleting a MAC address 47
importing trusted list 47
MAC address-based 48
manually adding a trusted station 46
administrator access
configuring 79
connection types 80
logon account 80
antenna 17
auto configuration 92
auto update 93
available modes
bridge 8
client 11
repeater 10
B
basic rate 57
beacon interval 58
C
CLI 105
available commands 108
cable pinouts 107
connecting via serial port 106
connecting via Telnet 105
client certificate 73
command line interface. See CLI
configuration file 86
backing up 87
restoring from backup 88
console port 17
conventions
D
DHCP support 7
disassociated timeout 58
E
Ethernet port 18
F
features 6
configuration and management 15
security 12
wireless and networking 6
firmware
downloading updates 91
upgrading 91
fragmentation length 58
I
installation
on a network with DHCP 23
on a network without DHCP 26
positioning 20
requirements 19
verifying 22
L
LAN port. See Ethernet port
LEDs 17
LAN 17
Power 17
Status 17
Wireless 17
logs 83
clearing 84
saving to file 84
sending to syslog server 88
150
INDEX
viewing 83
M
maximum throughput 6
Microsoft IAS
as RADIUS server 63
CA server setup 68
DHCP server setup 65
domain controller setup 63
required services 64
setting up as RADIUS server 70
multiple SSIDs 13
benefits 13
O
output power level 58
P
package contents 16
physical features 17
back panel 17
front panel 17
PoE 7
support 7
point-to-multipoint mode. See PTMP
Power over Ethernet. See PoE
powering on 21
using PoE 21
using power adapter 21
preamble type 58
primary profile
broadcast SSID 44
setting 44
PTMP
configuring 55
master AP 9
number of bridges 9
slave AP 9
R
RADIUS MAC authentication
configuring 38
RADIUS server
configuring for MAC authentication 38
configuring for UAM authentication 40
configuring for WPA-802.1x 61
setting up Microsoft IAS 63
requirements
installation 19
wireless stations 19
Reset button 18
resetting to factory defaults 88, 98
rogue access points
detecting 94
viewing detected 96
RTS/CTS threshold 58
S
security information 139
security profile 28
configuring 29
viewing summary 82
security settings
802.1x 36
configuring 31
WEP 31
WPA-802.1x 34
WPA-PSK 32
SNMP
configuring 89
SSID
number of broadcast 28
statistics
viewing 85
status
viewing 81
system settings
configuring 49
T
tasks
configuring the Access Point 27
configuring wireless stations 59
connecting to Web interface 22
installing 19
overview 18
troubleshooting 97
technical specifications 99
hardware 99
software 102
wireless 100
troubleshooting
basic checks 97
connection issues 97, 98
forgotten password 98
trusted wireless stations
manually adding 46
INDEX
UAM
configuring 40
external authentication 42
internal authentication 41
Universal Access Method. See UAM
V
VLAN 14
VLAN support 44
W
WDS 7, 8
supported encryption 10
Web interface
buttons 28
connecting 22
menu 27
navigating 27
tabs 27
timeout setting 28
WEP
key 40
key index 40
wireless bridge 8
point-to-multipoint (PTMP) 9
point-to-point (PTP) 8
wireless clients. See wireless stations
Wireless Distribution System 7
Wireless Distribution System. See WDS
wireless security 29
802.1x 30
WEP 29
WPA-802.1x 29
WPA-PSK 29
wireless separation 58
wireless settings
802.11b 58
advanced 57
basic 52
configuring 52
wireless stations
configuring for 802.1x 72
configuring for 802.1x (without WPA) 77
configuring for WEP 60
configuring for WPA-802.1x 62
configuring for WPA-PSK 61
isolating 44
maximum number (simultaneous) 7
requirements 19
supported 6
trusted 46
viewing associated 83
worldwide mode (802.11d) 58
151
152
INDEX
REGULATORY NOTICES
CHANNEL RESTRICTIONS
Use of the OfficeConnect Wireless 108 Mbps 11g PoE Access Point is only authorized for the channels
approved by each country. For proper installation, log on to the Web interface, and then select your country
from the drop-down list.
Table 1 below details the channels permitted by the local regulatory agencies.
Table 1 Channels Approved by Country
FCC STATEMENT
Country
Channels
Australia, Austria, Bahrain, Belarus, Belgium, Chile, China, Costa Rica, Croatia,
Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hong
Kong, Hungary, Iceland, India, Indonesia, Ireland, Italy, Liechtenstein, Lithuania,
Luxembourg, Malaysia, Netherlands, New Zealand, Norway, Paraguay, Peru,
Philippines, Poland, Portugal, Russia, Saudi Arabia, Singapore, Slovenia, South
Africa, South Korea, Spain, Sweden, Switzerland, Thailand, Turkey, United
Kingdom, Uruguay, Venezuela.
113
Argentina, Brazil, Canada, Columbia, Mexico, Taiwan, United States
111
Jordan
1013
Israel
57
Japan
114
If this equipment does cause interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of
the following measures:
Reorient the receiving antenna.
Relocate the equipment with respect to the receiver.
Move the equipment away from the receiver.
Plug the equipment into a different outlet so that equipment and receiver are on different branch circuits.
If necessary, the user should consult the dealer or an experienced radio/television technician for additional
suggestions. The user may find the following booklet prepared by the Federal Communications Commission
helpful:
How to Identify and Resolve Radio-TV Interference Problems
This booklet is available from the U.S. Government Printing Office, Washington, DC 20402, Stock No.
004-000-00345-4.
In order to meet FCC emissions limits, this equipment must be used only with cables which comply with IEEE
802.3.
CSA STATEMENT
This Class B digital apparatus meets all requirements of the Canadian Interference-Causing Equipment
Regulations.
Cet appareil numrique de la classe A respecte toutes les exigences du Rglement sur le matriel brouilleur
du Canada.
CE STATEMENT (EUROPE)
VCCI STATEMENT
This product complies with the European Low Voltage Directive 73/23/EEC and EMC Directive 89/336/EEC as
amended by European Directive 93/68/EEC.
IC STATEMENT
This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set
out in the interference-causing equipment standard entitled Digital Apparatus, ICES-003 of Industry
Canada.
Cet appareil numrique respecte les limites de bruits radiolectriques applicables aux appareils numriques de
Classe B prscrites dans la norme sur le matriel brouilleur: Appareils Numriques, NMB-003 dicte par
l'Industrie Canada.

Acces Point 3com Manual

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Acces Point 3com Manual

Загружено:

Авторское право:

Доступные форматы

OfficeConnect

Wireless 108 Mbps 11g PoE Access Point

INTRODUCING THE OFFICECONNECT WIRELESS ACCESS POINT

INSTALLING AND CONNECTING THE ACCESS POINT

CONFIGURING THE ACCESS POINT

CONFIGURING THE WIRELESS STATIONS

PERFORMING ADDITIONAL ADMINISTRATIVE TASKS

Viewing the Device Status 81

COMMAND LINE REFERENCE

WIRELESS LAN BASICS

CONFIGURING THE TCP/IP SETTINGS OF WIRELESS STATIONS

OBTAINING SUPPORT FOR YOUR PRODUCT

ABOUT THIS GUIDE

This guide describes how to install and configure the OfficeConnect

ABOUT THIS GUIDE

Table 1 Notice Icons

Information that describes important features or

Information that alerts you to potential loss of data or

Information that alerts you to potential personal injury

Table 2 Text Conventions

Screen displays This typeface represents information as it appears on the

The word command means that you must enter the

The words enter

Keyboard key names

If you must press two or more keys simultaneously, the key

Italics are used to:

Denote a new term at the place where it is defined in the

Identify menu names, menu commands, and software

Quick Start Guide

Document part number (on the title page)

Page number (if appropriate)

SuperStack II Switch 1100 User Guide

Part number: DUA1695-0AAA02

ABOUT THIS GUIDE

CHAPTER 1: INTRODUCING THE OFFICECONNECT WIRELESS ACCESS POINT

Figure 1 Network Architecture with OfficeConnect Wireless Access Point

The Access Point integrates standards-based features that provide for

Complies with the IEEE802.11g (DSSS) specifications for

11g radio supports both11g and 11b wireless stations,

11g Turbo mode

Provides higher throughput capability, up to 108 Mbps

Features and Capabilities

Table 1 Wireless and Networking Features

Dynamic rate shifting

Automatically moves between connection speeds in

Power over Ethernet

Solves hard-to-wire location problems and reduces

Each Access Point can support up to 64 simultaneous

Supports Wireless Distribution System (WDS) for

Provides an intuitive Web interface and default settings

DHCP client support

Automatically obtains an IP address on a network that

Device firmware in a flash memory can be upgraded

Baseline Switch 2226-PWR Plus 3C16490

SuperStack3 Switch 4400 PWR 3C17205

PoE Single-Port Midspan Solution 3CNJPSE

PoE 24 Port Midspan Solution 3CNJPSE24

CHAPTER 1: INTRODUCING THE OFFICECONNECT WIRELESS ACCESS POINT

Features and Capabilities

Figure 2 Point-to-Point WDS

PTMP mode, as shown in Figure 3, interconnects three or more wired

CHAPTER 1: INTRODUCING THE OFFICECONNECT WIRELESS ACCESS POINT

Figure 3 Point-to-Multipoint WDS

Secure WDS Communication