802.11g Wireless Access Point /Bridge WAP
Contents
1. Tree ES Allow access iF dial in permission is enabled Internet Authentication Service Local 3 Clients 0 Remote Access Loggng Export List Help 30 Select Day And Time Restriction and click Add to continue Select Attribute E Al xj Select the type of altibute to add and then chock the Add Button Atribubs types Lalled S tation ld Phone number dialed oy user Calling Station ld Phone number from which call originated Clent Friendly H ame Friendly name for the RADIUS client IAS ony Chent lPAyddress IF address of RADIUS client 145 only Client endar Manufacturer ol RADIUS pros or M s 18 5 onl AAA Time penod and days of week duning which use Framed Protocol The protocol to be used MAS identifier Sting identiying the MAS onginating the request MaS lP adcress IF address of the NAS onginating the request 16 MAS Por Type Type of physical port used by the MAS orginatin Service ype Type of service user has requested Tunnel Type Tunneling protocol to be used Windows Gioups Windows groups that user belongs to E Lancel 31 Unless you want to specify the active duration for 802 1X authentication click OK to accept for having 802 1x authentication enabled at all times 35 Time of day constraints x n ER a 12 2 4 5 8 10 12 2 4 6 8 10 12 ELLO r i A uu o J E a Thuedar Friday saucy ERNA2. Sunda thiough Saturday fram 1 2 to 1 2 AM Add Remote Access Policy Ferrnissions Determine whether to giani or deny remote access permision You can Lee a Remote Access Policy ether to grant certain access privileges to a group of users of to act as a ter and deny access pivileges to a group of users lf auger matches the speched comditiors f Grant emote access permission amp Deny remote access permission Back Cancel 33 Click Edit Profile 36 Add Remote Access Policy For TLS Authentication Setup Steps 34 35 34 Select Authentication Tab 35 Enable Extensible Authentication Protocol and select Smart Card or other Certificate for TLS authentication Click OK Then go to step 38 s97 z Edit Dial in Profile j th xi Dialin Constrairts IP Multilink Authentication Encryption Advanced Check the auihentcaton methods which are allowed for this connection If Extensible 4uthertication Protocol gt Select the ESP type which ts acceptable for this polcy Smart Card or other Certhicate Configure Mictosatt Encripted 4uthenlication version 2 MS CHAP 2 Microzott Encrypted Authentication MS CH4P Encrypted Authentication CHAF Unernerypted Authenticalian PAF S PAPI Unatthenticated Access C Aloy remote PPP clients to connect without negotiating any atithenicaton method Cancel Amy For MD5 Auth
3. Fie Edt Wem Favorites Toos Help ir Q bad O iz de JO seach Le Feventes PP 03 3 A de E Address 42 http 1192 166 1 10 ceresroJcert rsh asp Es Links Microsod Certiticaie Der Home Certificate Issued The certificate you requested was issued to you fer Install this certificate 5Q 8 Click Yes to store the certificate to your local computer Root Certificate Store Do you want to 40D the following certificate to the Rook Store Subject Wireless A Ty Issuer Self Issued Time Validity Monday January 06 2003 through Thursday January 06 2005 Serial Number 13271301 4F483763 41 ED4CF7 2497 D9FA Thumbprint shal 244FCBR3C 2D9F2F21 400 Z62F9 ZOOSDERA 649007 0E Thumbprink rd LEBAIECO 20364070 66512146 41366440 9 Certificate is now installed Wireless Adapter Setup 1 Go to Start gt Control Panel double click on Network Connections 2 Right click on the Wireless Network Connection which using WL 3555 3 Click Properties to open up the Properties setting window Wireless Network Connection Status El E Connection status Lonnected Duratior 01 47 43 Speed 220 Mbps Signal Strength q alil Sent zae eee Hecewed 0 335 T i Activity 4 Click on the Wireless Network tab 51 Wireless Hetvrork Connection Properties ales General f Wireless Networks Authentication Advanced Connect using E ZM WLAN PC Ad
4. Password Save this password in pour password list Cancel 4 Then you will see the WAP 4000 web configuration page 3 1 1 Wizard Setup wizard provides a simple way to configure your WAP 4000 Clicking Wizard button on top panel of WAP 4000 s web page Setup Wizard will pop up as below Y 109Mbps Access Point Microsoft Intemet Explorer en Welcome to the 108Mbps Access Point Setup Wizard The Wizard will direct you through these four quick steps Start by clicking on Next estep 1 Set your new password estep 2 Set the SSID and Channel estep 3 Set Encryption estep 4 Restart To quick configure WAP 4000 please follow the steps below to complete the configuration Click Next gt to continue Step 1 Set your new password 3 10 SMM bps Access Point Microsoft Intemet Explorer Bi Set Password You may want to change the Administrator password of this Access Point to prevent authorized modification to the configuration settings Enter your new password in the following text flelds Click Next ta continue with setup or Exit to quit setup wizard M Password rs E Verify Password ft A gt gt Ay back next exit The default password for administrator login name is admin is admin You can change the Password in this step Click Next gt Step 2 Set the SSID and Channel 10 SMbps Access Point Microsoft Internet Explorer 0 libos Wireless Lan Access Point S
5. 192 168 1 10 certsrv in the Address field which 192 168 1 10 is the IP address of our server This will directly access to Certificate Service of a Windows 2000 server A dialog box will prompt you to enter user name and password 2 Enter a valid user name and password then click OK to continue Connect to 192 1682 1 10 Connecting to 192 166 1 10 User name Password _ Remember my password 3 Select Request a certificate and click Next to continue 48 e Microsoft Certificate em Aierosoft internnet Explorer Fie Edt View Favorites Took Help y CD sar T gt x a de a Search 5 7 Favoris GP da e G gt a E Micron Certificate Services Wy Welcome You Use this web site to request 4 certificate for your web browser e mail client or other secure program Once you acquire acertiicate you will be able to securely identity yourself to other people over the web sign your email messages encrypt your e mail messages and more depending upon the type of certificate you request ADS Selecta task selja he CA caditicate or certificate revocation list Request a cetificate d VETO E rificabe 4 Select User Certificate request and click Next to continue Microsoft Certificate Services Microsoft Internet Explorer Fie Eo Yew Favorites Toos Help T Back 3 a E e Ve Search se Favores el Meda 4 43 de Address ry h
6. Internet Protocol TCP IP Install Uninstall Properties Dezcnptinn Alows pour computer to access resources on a Microsoft network fe Show icanin notification area when conected Cance 5 Click Properties of one available wireless network which you want to associate with 45 Wireless Network Connection Properties Ele General W roloss Networks Authentication Advanced Use Windows to configure my wireless network settings Available network To connect to an avalable network cick Configure Y PLANET AP Configure AP252423 cree rc Prefered necucrk e Automaticall connect to available networks in the order listed below configuralior 6 Select Data encryption WEP enabled option but leave other options unselected 7 Enter the network key in Network key text box The string must be the same as the first set of WEP key which you set to WAP 4000 Wireless Hetwork Properties Network rame S5IDE F Wireless network Ley WEP This network requres a key for he following Network key Key format Key length Key ndex advanced _ The key is provided for me sutomalically This is a computer L0 C0 moute ad hoc network wreess TE rs o ge a arm mal access points are not used UE 8 Click OK AG 9 Select Authentication tab 10 Select Enable network access control using IEEE 802 1X to
7. w Lower the broadcast rate of wired network to no more than 10 broadcast messages per second w Verify wired network topology and configuration
8. PC 4 Plug in power adapter and connect to power source After power on WAP 4000 will start to operate Note ONLY use the power adapter supplied with the WAP 4000 Otherwise the product may be damaged If you want to reset your WAP 4000 to default settings press the Reset button 5 second And then wait for 10 seconds for WAP 4000 to reboot Chapter 3 Configuring the Wireless Access Point WAP 4000 can be configured via web browser or bundled utility It is strongly recommended to configure and manage WAP 4000 using a wired LAN computer 3 1 Configure through Web Browser Web configuration provides a user friendly graphical user interface web pages to manage your WAP 4000 An AP with an assigned IP address e g http 192 168 1 1 will allow you to monitor and configure via web browser e g MS Internet Explorer or Netscape 1 Open your web browser 2 Enter the IP address of your WAP 4000 in the address field default IP address Is http 192 168 1 1 Please note that your PC s IP address should be on the same IP subnet of the WAP 4000 For example you can configure your PC s IP address to 192 168 1 2 if WAP 4000 is with IP 192 168 1 1 3 AUser Name and Password dialog box will appear Please enter your User Name and Password here Default User Name and Password are both admin Click Ok Enter Network Password E xj o Please type your user name and password Site 132 168 25 133 Realm AF046585 User Name
9. can E Help Pesionaced administrators bese User fi TsInternetUser User This user account amp used 46 Go to Account tab and enable Store password using reversible encryption 47 Click Apply to continue 41 test Properties x Member Of Diabin Environment Sesions Remote control Terminal Services Profile General Address Account Prohle Telephones Organization User logon name test FAE LOCAL E Uzer logon name pre Windowes 000 FAES tect Logon Hours Log n To Account is locked out Account options User met change password at nest logan Usercannot change password oz E oO e Store password using reversible encryotion Never Endo Friday Februsr 07 2009 48 Go to the Dial in tab and check Allow access option for Remote Access Permission and No Call back for Callback Options Then click OK test Properties A alx Remote control Terminal Services Profile General Addres Aceon Profle Telephones Organization Member Of Environment Sermone Remote Access Pemission Dial n or WPM Deny access Allow acces Conta access though Remote Access Policy F Veny Galleria Calback Options No i Set by Caller F Ating and Remote Access Service onlul Always Callback to sdana State F Addrsss pph stati
10. down list box for EAP type AA Metvrork Connection Properties P E General Wireless H Stork Advanced Select this opbonto provide authenticated network access for wired and wireless Ethemet networks Enable network access control using IEEE 302 1 Smart Lard ar other Certificate MD S Lhallenge Smart Card or other Certificate SuUthenicate as computer when computer infomation it available Authenticate as guest when user or computer formation is unavailable OF Lance 11 Click OK 12 When wireless client has associated with WAP 4000 Windows XP will prompt you to select a 53 certificate for wireless network connection If you only have one certificate in local computer system will automatically use it for authenticate If you have multiple certificates in local computer click on the network connection icon in the system tray to continue Wireless Network Connection x Chick hereto enter your user name and oassword For the retwork PLANET AP s Stall 13 Select the certificate that was issued by the server in our demonstration WirelessCA and click OK to continue Connect Wireless Hebrork Connection Friendly name laser Wireless CA Expiration date 1 6 2004 4 02 08 Pe 14 Make sure this certificate is issued by correct server and click OK to complete the authentication process Yolidate Server Certificate A The Root Certif
11. on the same network segment w lf your PC is set to Obtain an IP Address automatically DHCP client restart it w lf your PC uses a Fixed Static IP address ensure that it is using an IP Address within the range 192 168 1 2 to 192 168 1 254 and thus compatible with WAP 4000 s default IP Address of 192 168 1 1 Also the Network Mask should be set to 255 255 255 0 to match WAP 4000 In Windows you can check these settings by using Control Panel Network to check the Properties for the TCP IP protocol My wireless client cannot associate with WAP 4000 Check the following Make sure the wireless adapter is compatible with IEEE 802 11b or 802 11g Move the wireless client closer to WAP 4000 Ensure WAP 4000 and the wireless client have the same SSID w w w w Ensure WAP 4000 and the wireless client have the same WEP encryption settings if enabled w Confirm the WLAN LED of WAP 4000 is on w lf the MAC filter is enabled please make sure the wireless client is allowed to build the link w Ensure the operating mode is in AP mode The throughput rate is slow Check the following w Verify the antenna connector and cabling are well connected w Adjust the antenna and make sure the antenna is not behind metal or any obstacle If the throughput increases after you move the client closer to WAP 4000 please consider to add additional WAP 4000 and implement roaming w Verify the network traffic does not exceed 37 of bandwidth
12. wire With two WAP 4000s in this mode the two LANs in distance can communicate to each other This could be deployed if the networks are hard to make the wire in between Please be noted key in the LAN MAC address to make the WAP 4000 communicate with a specific remote Access Point you can find the MAC address either from the utility or from the label under the Access Point It is suggested to fix the transmission rate when WAP 4000s are configured in bridge mode The omni antenna is with 17dBm transmitting power if you would like to make longer distance that the default antenna cannot reach consult your local dealer for more about how to extend your distance we Swatch ww Hricige F e Pa ir it e o tu Z Sty Note Please do consult your local dealer about the external or directional antenna you would like to install and get the connection Improper outdoor antenna installation could damage the Access Point or get injured or get killed in some condition like thunders or strong winds 5 4 Multiple Bridge mode For multiple LANs the WAP 4000 also helps to make the connections With this mode three or more LANs can bridge to each other All WAP 4000s in this mode must be within the operating range of one another zal u Switch A Sheff ibi a al mi sala mhi fr Fil fa el wr al a ve i viai mie Switch le at ig py E f any Switch uy y gt 3 no e p Note The mode Multiple Bridge will turns the Access
13. 0 Configuration Utility Sy eaten e ere version 1 4 Apply Refresh Close 25 3 2 2 5 802 1x Settings PLANET WAP 4000 Configuration Utility Link Information Encryption Key Length hits AP Settings oar Lifetime 30 Minutes IP Settings RADIUS Server 1 Port 1812 security IP Address ho b 1 ft E 802 1X Settings shared Secret PO RADIUS Server 2 Optional Fort pa pases EE a EEE Shared Secret Copyright 2003 PLANET YW4P 4000 Configuration Utility version 14 Apply Refresh Close 802 1X Function Enable or disable 802 1X authentication of WAP 4000 Encryption Key Select one of the Encryption key length options Select one of the Encryption key lifetime options Once the lifetime expires RADIUS server will renew the Encryption key RADIUS Server 1 Enter the IP address communicate port number and shared secret key of your primary RADIUS server RADIUS Server 2 Enter the IP address communicate port number and shared secret key of your secondary RADIUS server Note As soon as 802 1X authentication is enabled all the wireless client stations that are connected to the AP currently will be disconnected The wireless clients must be configured manually to authenticate themselves with the RADIUS server to be reconnected 26 Chapter 4 802 1X Authentication Setup 4 1 802 1X Infrastructure An 802 1X Infrastructure is composed of three major components Authenticator Auth
14. 000 also needs to be set up as a Wireless Bridge The Remote Bridge MAC Address field must be filled with the LAN MAC address of the remote WAP 4000 Multiple Bridge This mode allows you to construct a network that has multiple WAP 4000s bridging multiple LANs wirelessly For all bridged WAP 4000s configure them in Multiple Bridge mode and all the WAP 4000s must be configured on the same channel You can have up to 14 WAP 4000 to be bridged together For performance reason it is suggested to bridge no more than 6 WAP 4000s in a WLAN 91 Repeater Mode This mode allows you to extend the range of your wireless network When the AP is configured to repeater mode it will repeat the wireless signal from wireless client to access point Thus the wireless connection distance can be extended However the performance will become half of normal performance since the WAP 4000 use the same wireless channel to receive and transmit Besides when the WAP 4000 is configured to repeater mode you can only manage the AP through LAN interface and the PC s connected to its LAN port cannot communicate with other wireless clients You need to input the remote AP s MAC address when this mode is enabled Advance setting when you press the Advance Setting button the dialog box below will appear You can set more details parameters in this screen ey Adva ced pettine Advanced Setting soll Broadcast Beacon Interval RTS Threshold Fragmentation Th
15. 9 Stoe password using reversible encryotion for al users in te EN domain Security Policy Setting W Deine this policy setting Enabled C Disabled 44 Go to Start gt Program gt Administrative Tools gt Active Directory Users and Computers 45 Go to Users Right click on the user that you are granting access and select Properties 6 fictive Directory Users and Computers Console Window Help actin w le gt Gla FEO AA GE Tree Users 21 objects Ei aive Directory Users and Computers Zal FAE LOCAL G administrator User Bulk n account For admin Buitin See Cert Publishers Security Group Enterprise certficabion sn 1 Computers a Amis Security Group Members who have admini a Coman controllers fe GHCP Users Security Group Members who have view 3 89 ForeigrSacurtyPircpak on Copy DAS Administrators Group 4 Users Dre Add members to a group HS cliente who are permi CE Dor Disable Account ER Dor Reset Password hesignated administrabo s Al workstations and serve EE Dor Moya l domain controllers in th ee Open home page Al domain guests Dor Send mall Al domain users Cent besignated administrators All Tasks k FA A E embers in this group can al Deleks ALIA account For ques GE Rene Buik im account For anars fi Iw Refresh AUIK n account For Intern y Distribution Center Se S A rvers in this group
16. E Group Police Obiect Links Dlelauk Domain Policy Nou veride Disabled Group Paley Objects higher in the list have the highes priority This list obtained kom faei FAE LOCAL Hew F Up Options Properties Down T Block Policy inheritance Cancel Apal 42 Go to Computer Configuration gt Windows Settings gt Security Settings gt Account Policies gt Password Policies Double click on Store password using reversible encryption for all users in the domain lolx af Group Policy action view o gt Ems BR Tree Computer Setting at Default Domain Policy Faecl FA AY Enforce password history 1 passwords remembered ER Computer Configuration fie Mazimumn password age de days E Software Settings ig Minimum password age D days E E windows Settings te Minimum password length O characters E m Scripts Startup Shu So cord SN A pe aes pe H A Security Settings sse5bore password using reversible encreption F e Account Policies Password Pr H A Account Loc o E Kerberos Pol F a Local Policies l gg Event Log 8 Restricted Group pai System Services lid Registry Gl File System H E Public Key Policie Es IP Security Polici E E Administrative Template User Configuration E E Sotware Sektings AQ 43 Click Define this policy setting select Enabled and click OK to continue 1203 44
17. E PLANET Hetworking Commentcation 802 11g Wireless Access Point Bridge WAP 4000 User s Manual Copyright Copyright 2004 by PLANET Technology Corp All rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form or by any means electronic mechanical magnetic optical chemical manual or otherwise without the prior written permission of PLANET PLANET makes no representations or warranties either expressed or implied with respect to the contents hereof and specifically disclaims any warranties merchantability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following their purchase the buyer and not this company its distributor or its dealer assumes the entire cost of all necessary servicing repair and any incidental or consequential damages resulting from any defect in the software Further this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes All brand and product names mentioned in this manual are trademarks and or registered trademarks of their respective holders Federal Communication Commission Interference Statement This equipment has been tested and fou
18. ItE SUPVEY set Wireless LAN Connection Enter the SSID of the wireless network and select the frequency channel that this Access Paint will operate in Click Next to continue setup or Exit to quit setup wizard B SSID default E Channel E O gt A back next exit Enter the SSID of your WLAN and select the frequency channel Click Next gt Step 3 Set Encryption Y 108Mbps Access Point Microsoft Internet Explorer lei ES 08Mbps Wireless Lan Access Pont ME SUPVEY You may enable WEF security for data encryption by selecting Enabled Select one of the VEF encryption key size and enter the value of the key in the text fields below Click Next to continue with setup or Exit to quit setup wizard E iep Enabled Disabled E ep encryption E4Bits M key 0000000000 Input 10 HEX character HEX is 0 9 A F or a f O gt 2 back next exit You can enable WEP encryption and set WEP key in this screen Click Next gt to continue Step 4 Restart e 108Mb pe Access Point Microsoft Internet Explorer AmE IM Mbos Wireless Lan Access Pont SItE SU rvey setup Completed The Access Point setup is now completed lf you want ta change any setup settings click Back ta go back to the previous pages Click Restart to reboot the Access Point for the new settings to take effect Please click the Restart button to save the settings and restart WAP 4000 In the next web page p
19. NTENTS CHAPTER TINTRODUC HON iii aaa o teo 1 Ad AG AGE CONIEN T aune a r A N a E N 1 te OY SO TEM AHEGQUIREMENTS rs e 1 SI a jan A A II 1 APEC IEIG ATION ec a o o ce eh ee 2 TON IRELESS F EREORMANCE ss i a a ina ici a ar a 3 CHAPTER 2 HARDWARE INSTALLATION 00000000nanan RN 4 CHAPTER 3 CONFIGURING THE WIRELESS ACCESS POINT 000000 0000annar nos 5 3 1 CONFIGURE THROUGH WEB BROWSER cceccecccecececcccecccececcccececececucuausecsteceeauaesersnsreeaenens 5 ie 1 N a 6 AA II O AN 6 SA e O 9 3 l3 BASIC SO UNOS A i n 10 MAMAS NN OS iaa cds 11 AD AVANCE A al a 12 no oe A o oO aan su ri nn 14 E M ey Gt OSES AS iret Sater AA OY OPE EEE ee Ree EEE Dee Cee ee Ses 15 SN 0 S a RT oer SR A DE eae CeO 17 3 2 CONFIGURE THROUGH PLANET WAP 4000 UTILITY cc cceececeececcececeeeeceeeececeseeeeeeeeneas 17 g SO atic ecto A eae ee ee 17 3 2 2 PLANET WAP 4000 Utility configuration oooncccconcccccnnocononoconocononononononnonononononos 19 CHAPTER 4 802 1X AUTHENTICATION SETUP u cece eceeeecececneeceesecececneeeesceceeeeneceneeeneeneas 27 A 1802 51 ANFRAST RUCT A e un 27 A RADIUS SERVER SETUP 2 od 28 42 1 TACO UINCOSCEVICES st A aa 28 Ae OCUP F OCC OU sc A A NR AA cenees 28 AS AUTHENTICATOR OE TU Put do ea cei ate tae ca ete o ee e o 43 AA MNIRELESS GHENT SETUP ti A a aaa a 44 4 4 1 EAP MD5 AUGA ION A a a ennenen 44 4 4 2 EAP TLS AUthe ntiCation c cccccccccccececcccccecececececeacecscec
20. P Password New ras Confirm i MAC Filter Enabled Disabled Only deny PCs with MAC listed below to access device Only allow PCs with MAC listed below to access device 1 10 Password Enter the new password in the AP Password New field and again in the next field to confirm Click on Apply to execute the password change The Password is case sensitive and can be made up of any keyboard characters The new password must be between 0 and 15 characters in length MAC Filters Filter function is for the administrator to authorize who can gain network access through the Access Point by using MAC address filtering By choosing the Allow option only MAC addresses in the Authorization table will be allowed to communicate with the Access Point By choosing the Deny option any MAC address in the table will be denied association with the Access Point You can have up to 50 MAC addresses configured on it 3 1 7 802 1x This screen enables you to configure 802 1X authentication 15 CET Status Basic Setting IP Setting Advanced Setting Security 302 1 Tools 802 14 Enabled Disabled Encryption Key Length 64bits 128 bits Lifetime 30 Minutes RADIUS Server 1 IP o p Po Po Port hsz Shared Secret I sona 1 a a a Port Shared Secret Enable Disable Enable or disable 802 1X authentication of WAP 4000 Encryption Key Select one of the Encryption key length options Select one of the En
21. Points for example the above three Access point in the figure into one network domain It is suggested to fix the transmission rate when WAP 4000s are configured in bridge mode For performance reason please connect no more than 6 WAP 4000 in Multiple Bridge mode in one WLAN 5 5 Repeater mode When WAP 4000 works in repeater mode it will repeat the wireless signal from AP to wireless client or from wireless client to AP Thus the distance between wireless client to AP can be double However the trade off is the connection speed between wireless client to AP become half since the WAP 4000 repeat the wireless signal on same channel Besides when the WAP 4000 is configured to repeater mode you can only manage the AP through LAN interface and the PC s connected to its LAN port cannot communicate with other wireless clients You need to input the remote AP s MAC address when 56 this mode is enabled N 57 Chapter 6 Troubleshooting This chapter provides solutions to problems usually encountered during the installation and operation of the WAP 4000 The WAP 4000 cannot power up Use an electrical test meter to determine the output voltage of the power supply Check if it matched the specification of WAP 4000 Cannot communicate with WAP 4000 through a wired LAN computer Check the following w WAP 4000 is properly installed LAN connections are OK and it is powered ON w Ensure that your PC and WAP 4000 are
22. Protocol EAP methods supported 1 MD5 and 2 TLS MD5 authentication is simply a validation of existing user account and password that is stored in a database of RADIUS server Therefore wireless clients will be prompted for account password validation to build the link TLS authentication is a more complicated authentication which is using certificate that is issued by RADIUS server for authentication TLS authentication is a more secure authentication since not only RADIUS server authenticates the wireless client but also the client can validate RADIUS server by the certificate that it issues The TLS authentication request from wireless clients and reply by Radius Server and WAP 4000 can be briefed as follows 1 The client sends an EAP start message to WAP 4000 2 WAP 4000 replies with an EAP Request ID message 3 The client sends its Network Access Identifier NAI its user name to WAP 4000 in an EAP Respond message 97 4 WAP 4000 forwards the NAI to the RADIUS server with a RADIUS Access Request message 5 The RADIUS server responds to the client with its digital certificate 6 The client validates the digital certificate and replies its own digital certificate to the RADIUS server 7 The RADIUS server validates client s digital certificate 8 The client and RADIUS server derive encryption keys 9 The RADIUS server sends WAP 4000 a RADIUS ACCEPT message including the client s WEP key 10 WAP 4000 sends
23. Select Authenticated Session and Smartcard Logon by holding down to the Ctrl key and click OK to continue Select Certificate Template Select a certiicate template to issue cerblicates Secure Email Cler Secure Email Cher Client Sutherticatic Client Autherticatic Teed Code Code Stoning l Trust List Signing Microsoft Trust List er Farolan Bnrant Ceutificate Renas ai Canos 11 Go to Start gt Program gt Administrative Tools gt Active Directory Users and Computers 12 Right click on domain and select Properties to continue 30 Aa tive Directory Users and Compubers 14 Conse Window Help actor view e gt Elm cm fel Ee ee Biv Se Tree FAELLOCAL 5 objects 3 Active Directory Users a LA Dr cli tin Dornan El Ex Beda Control onksiner Defauk container for ungr Find Ingenizational Defauk container for nev 3 lg Connect to nl onksiner Defauk conbainer for secu a Connect to Doman Controlar onksiner Defauk conbaner for upor J Operations Masters Per All Tasks Whe F Her Window from Here Refnesa Export List d pel ETA Properties pens pro Hay 13 Select Group Policy tab and click Properties to continue FAE LOCAL Properties y Ona xj General Managed By Current Group Policy Object Links for FAE Group Policy Obiect Links No Override Ulsabled EDetauk D
24. adio signal strength is poor But the signal reception is definitely weak in some certain areas such as location right down the antenna Moreover the original antenna of WAP 4000 can be replaced with other external antennas to extend the coverage Please check the specification of the antenna you want to use and make sure it can be used on WAP 4000 4 WLAN type If WAP 4000 is installed in an 802 11b and 802 11g mixed WLAN its performance will reduced significantly Because every 802 11g OFDM packet needs to be preceded by an RTS CTS or CTS packet exchange that can be recognized by legacy 802 11b devices This additional overhead lowers the speed If there are no 802 11b devices connected or if connections to all 802 11b devices are denied so that WAP 4000 can operate in 11g only mode then its data rate should actually 54Mbps and 108Mbps in Super G mode Chapter 2 Hardware Installation Before you proceed with the installation it is necessary that you have enough information about the WAP 4000 1 Locate an optimum location for the WAP 4000 The best place for your WAP 4000 is usually at the center of your wireless network with line of sight to all of your mobile stations 2 Assemble the antennas to WAP 4000 Try to place them to a position that can best cover your wireless network The antenna s position will enhance the receiving sensitivity 3 Connect RJ 45 cable to WAP 4000 Connect this WAP 4000 to your LAN switch hub or a single
25. ally by choosing this radio button IP Address Set an IP address for the AP Subnet mask Set the Subnet Mask for the AP Gateway The IP address of a gateway device necessary for communication with devices outside the subnet of the Access Point If your network is not divided onto different subnets this can remain blank DHCP Client If there is a DHCP Server in your LAN you can select DHCP Client to let the WAP 4000 be a client to get an IP address from your DHCP server 23 DHCP Server Enable or disable DHCP server function of WAP 4000 When DHCP server is enabled you can specify the IP range and DNS server IP fields below 3 2 2 4 Security PLANET WAP 4000 Configuration Utility Link Information M Data Encryption AP Settings Auth Mode MEA WEP Key Setting Hex O ASCII security Key Length ea bits 802 1X Settings Key 1 O Key 2 IP Settings O Key 3 O Key 4 Copyright 2003 PLANET V 4P 4000 Configuration Utility version 1 4 Apply Refresh Close Data Encryption Select this option when you want to enable security function Auth Mode Select the type from the pull down list If Open Authentication or Shared Authentication is selected the screen would appear as above WEP Key Settings You can define the WEP Wired Equivalent Privacy function by yourself There are 4 keys available please ensure you have enter correct number for the key values with different Key Length and coding Hex
26. apte Thiz connection use the following temz Eis ler fo i Microsof Met works Cal a Fie and Printer Sharing tor Microsoft Networks el 2 oS Packet Scheduler Internet Protocol TCPYIP Install Uninstall Descnption Alows pour computer to access resources on a Microsoft network fe Show icanin notification area when connected ok 5 Click Properties of one available wireless network which you want to associate with 2 Wireless Netvrork Connection Properties Ele General Wireless Networks Authentication Advanced Use Window e to contigure my wireless network settings Available networks To connect to an avalable network cick Configure Y PLANET AP Configure AP252423 Wireless Prefered necwcrk o ae connect to available networks in the order listed Learn about seting up wirelers network configuralior a Cea 6 Select The key is provided for me automatically option 52 Wireless Hetwork Properties Network name 55ID Wireless network key WEP This network requres a key for he following Network key Key format Key length Key ndex advanced _ The key is provided for me automalically qa I Le Cae 7 Click OK 8 Click Authentication tab 9 Select Enable network access control using IEEE 802 1X option to enable 802 1x authentication 10 Select Smart Card or other Certificate from the drop
27. c Rotes Define routes to enable For this Diabin static Poules connect Cancel Apply 42 4 3 Authenticator Setup 1 For EAP MD5 Authentication WEP key must be set previously Go to Basic Settings Select Shared Key enable WEP key and enter a desired key string You can skip this step if using EAP TLS Authentication Riri ES TES Basic Setting JESSE RE TERESA TE AAA AP Name Wireless Access Point SSID default Channel S Domain USA 2 Click on 802 1X for detailed configuration 43 wizard Status Basic Setting E ERE Advanced Setting Security 802 1 Tools Enabled Disabled Encryption Key Length 64 bits 128 bits Lifetime 30 Minutes RADIUS Server 1 IP fo fo fo fo Port 1812 Shared Secret od a a a Port po Shared Secret A Apply Cancel Help 3 Enable 802 1X Authentication by selecting Enable 4 lf EAP MD5 is used you can leave the settings in Encryption Key Length and Lifetime as default If you are using EAP TLS authentication set the Encryption Key Length ranging from 64 to 256 Bits and the Lifetime from 5 Minutes to 1 Day As soon as the lifetime expires RADIUS server will renew the Encryption Key 5 Enter the IP address Port number and Shared Secret Key used by the Primary Radius Server 6 Enter the IP address Port number and Shared Secret Key used by the Secondary Radius Server 7 Click Apply The 802 1x
28. cast or multicast messages for associated clients it sends the next DTIM with a DTIM Interval value AP Clients hear the beacons and awaken to receive the broadcast and multicast messages SSID Broadcast Enable or disable a Service Set Identifier broadcast When enabled the SSID of the WAP 4000 is sent to wireless enabled devices on the area Set the WAP 4000 s SSID in the Basic Setting screen Enabling this function may cause unauthorized user to connect your wireless networks TX Rates Select the desired transmission rates by clicking on the drop down list The default setting is Auto 11g Only Mode Enabling 11g only mode maximizes the performance of WAP 4000 in a pure 802 11g WLAN but 802 11b clients are not allowed to connect to it Disabling this option allows both 802 11g and 802 11b clients to connect to WAP 4000 Super G Mode There are four options selectable Disabled Super G without Turbo Super G with Dynamic Turbo and Super G with Static Turbo When you use Super G mode it is recommended to enable 11g only for best performance Antenna Transmit Power You can control the transmit power of WAP 4000 here There are five options available full half quarter eighth and min 3 1 6 Security You can change Administrator ID Password and set the MAC Filter settings in this option 14 CEET Status Basic Setting IP Setting Advanced Setting Security 802 1x Tools Password Administrator id admin A
29. cryption key lifetime options Once the lifetime expires RADIUS server will renew the Encryption key RADIUS Server 1 Enter the IP address communicate port number and shared secret key of your primary RADIUS server RADIUS Server 2 Enter the IP address communicate port number and shared secret key of your secondary RADIUS server Note As soon as 802 1X authentication is enabled all the wireless client stations that are connected to the AP currently will be disconnected The wireless clients must be configured manually to authenticate themselves with the RADIUS server to be reconnected 16 3 1 8 Tools You can backup or restore WAP 4000 settings reset WAP 4000 to factory default and upgrade firmware in this option Branns Backup Settings Backup Restore Settings BE Restore Restore to default po settings Default Firmware Upgrade FP Upgrade Help Backup Settings You can backup current settings to a file Press Backup button it will prompt you a location to save the backup file config bin Restore Settings When you try to restore the settings you have saved please press Browse to find out the backup file and then press Restore Restore to default settings It is used to reset WAP 4000 s configuration to factory default Firmware Upgrade You can upload the newest firmware of the WAP 4000 You may either enter the file name in the entry field or browse the
30. dresses The term refers to two things the conventions for naming hosts and the way the names are control across the Internet WAP 4000 has build in DHCP server By default is Off If you have a DHCP server in your network already please disable the DHCP server function When you assign an IP address to this access point please ensure this IP address is on the same IP range as DHCP Server settings Note When you select Obtain IP Automatically DHCP Sever will be disabled automatically 3 1 5 Advanced Settings You can set the WAP 4000 operation mode and relative settings After configuration please click Apply to save your seitings BE iee rei ESA PES AAA Advanced Setting Kt Ak Ara AP Mode AP Site vey AP Client Remote AP SSID Wireless Bridge Remote Bridge MAC Multiple Bridge 9 O GF g Repeat Mode Remote AP SSID Beacon Interval fioo msec range 20 1000 default 100 RTS Threshold 2432 range 256 2432 default 2432 Fragmentation Threshold DTIM Interval fi range 1 255 default 1 SSID broadcast Enable Disable TX Rates Auto Mbps 1ig Only Mode Enabled Disabled Super G Mode Disabled Antenna transmit ull a power AP Mode WAP 4000 has five operation modes By default it is set to AP mode 2348 range 1500 2346 default 2346 even number only AP This mode is set to WAP 4000 by default This connects your wireless PCs to a wired network In most cases
31. eataceusceaeneeuensneneutsnsnsnensunenes 48 CHAP IER S APPLICATION 3022 a o do e o A ee 55 51 ACCESS POINT MODE dacned hua east din a a 55 Se WRR ESS Ar CLIENT MODE e O 55 OO WIRELESS RIDGE MOD E dal io ia dida 56 5 4 MULTIPLE BRIDGE MODE 5 5 REPEATER MODE 220000000 CHAPTER 6 TROUBLESHOOTING Chapter 1 Introduction Thank you for purchasing WAP 4000 This device features the latest innovation wireless technology making the wireless networking world happened This manual guides you on how to install and properly use the WAP 4000 in order to take full advantage of its features 1 1 Package Contents Make sure that you have the following items e One WAP 4000 e One AC Power Adapter One dipole antenna One User s Manual and Utility CD O One Quick Installation Guide If any of the above items are missing contact your supplier as soon as possible 1 2 System Requirements Before installation please check the following requirements with your equipment O Pentium Based And Above IBM Compatible PC System e CD ROM drive 0 Windows 98 ME 2000 XP Operating System with TCP IP protocol 1 3 Features Wireless LAN IEEE802 11g and IEEE802 11b compliant Strong network security with 802 1X authentication and 64 128 bit WEP encryption Supports WPA Wi Fi Protected Access for both 802 1x and WPA PSK One detachable reverse polarity SMA connectors can connect to external antenna for expanding c
32. el ETSI 13 Channels Europe TELEC 14 Channels Ja Super G mode Up to 108Mbps Data Rate 802 119 Up to 54Mbps 6 9 12 18 24 36 48 54 802 11b Up to 11Mbps 1 2 5 5 11 Temperature 0 55 C Humidity 5 95 non condensing A Power steady green WLAN green for wireless connectivity activity soe Operating Environment Input Power DC 5V 2 5A ertification FCC CE 1 5 Wireless Performance The following information will help you utilizing the wireless performance and operating coverage of WAP 4000 PLAN green for link blink for activit 1 Site selection To avoid interferences please locate WAP 4000 and wireless clients away from transformers microwave ovens heavy duty motors refrigerators fluorescent lights and other industrial equipments Keep the number of walls or ceilings between AP and clients as few as possible otherwise the signal strength may be seriously reduced Place WAP 4000 in open space or add additional WAP 4000 as needed to improve the coverage 2 Environmental factors The wireless network is easily affected by many environmental factors Every environment is unique with different obstacles construction materials weather etc It is hard to determine the exact operating range of WAP 4000 in a specific location without testing 3 Antenna adjustment The bundled antenna of WAP 4000 is adjustable Firstly install the antenna pointing straight up then smoothly adjust it if the r
33. emote Authentication Dial in User Service RADIUS protocol Properties To enable the 145 server to read the remote access properties of user accounts in the Active Directory on the Action menu click Register service in Active Directory For more information about setting up IAS see Checklist Configuring LAS for dial up and VPM access and Checklist Configuring IAS to outsource dial up access in online Help For more information on 145 deployment fe ee 39 Go to Start gt Program gt Administrative Tools gt Active Directory Users and Computers 40 Right click on the domain and select Properties a Active Directory Users and Computers E ioj xj i Console Window Help lej ato vw e Gln BS waves Tree FAELOCAL ES objects Active Directory Users E EP LA Builkir builtin Comain Es Delegate Control orkainer Default container For upar En Find Prgsnizational a Default container For new ia ortainer Default container For secu C Comet to Domain Controler ortalner Default container For upar se Operations Masters New All Tasks view d New Window from Here Refresh Export List Properties Opens pro Help 41 Select Group Policy tab and click Edit to edit the Group Policy 4 39 FAE LOCAL Properties eed General Managed Ey Group Policy Current Group Policy Object Links for FS
34. enable 802 1x authentication 11 Select MD 5 Challenge from the drop down list box for EAP type A Wireless Hetvrork Connection Properties BAE General Wireless Networka Authentication Advanced Select this opbonta provide authenticated network access for wired and wireles Elhemet networks Enable nekaat access control using EEE S02 1 EAF tupe MOS Challenge Mob Ehalenge Smat Card or other Certificate utbrenticate as computer When computer infomation is available Suthenticate as quest when user or computer mhoimetion is unavailable ok tonel 12 Click OK 13 When wireless client has associated with WAP 4000 a user authentication notice appears in system tray Click on the notice to continue er a A Te Haus LL Wireless Network Connection x Chick hereto enter your user name and password For the retwork PLANET AP JER 14 Enter the user name password and the logon domain that your account belongs 15 Click OK to complete the validation process 47 Wireless Hebwork Connection User name test Password whee eke Logon daman FAE LOCAL 4 4 2 EAP TLS Authentication Get Digital Certificate from Server The following procedures are based on obtaining a certificate from Windows 2000 Server which acts as a CA server Furthermore you must have a valid account password to access the server 1 Active web browser enter http
35. entication Setup Steps 36 37 36 Select Authentication Tab 37 Enable Extensible Authentication Protocol Select MD5 Challenge and enable Encrypted Authentication CHAP for MD5 authentication Click OK Edit Dial in Profile o ixl Dial in Constrairts IP Multilink Authentication Erermption Advanced Check the authentication methods which are alowed hor this connection Extensible 4utherticetian Protocol Select the EAF type which ts acceptable for this polo MOE Challenge T_ Microsot Encrypted Authentication version E MS CHAF v2 Microsoft Encrypted Authentication MS CHAP IY Encrypted Authentication CHAF TN Unencrapted Authentication PAF SPAF Unalfhenticated Access C Alon remote PPP clients to connect without negotiating any authentication method 38 38 Select Internet Authentication Service Local click on Action from top panel Then click Register Service in Active Directory P Internet Authentication Service i ojx Action view e elm a el T Open gt Sharh SERVICE E 3 Welcome to Internet Authentication Stop Service Service Register Service in Active Directory Internet Authentication Service 145 performs centralized authentication authorization and Help accounting of users who connect to a network using virtual private network VPN and dial up technology 145 implements the IETF standard R
36. entication server and Supplicant Authentication server An entity that provides an authentication service to an authenticator This service determines from the credentials provided by the supplicant whether the supplicant is authorized to access the services provided by the authenticator Authenticator An entity at one end of a point to point LAN segment that facilitates authentication of the entity attached to the other end of that link Supplicant An entity at one end of a point to point LAN segment that is being authenticated by an authenticator attached to the other end of that link In the following sections we will guide you to build an 802 1X Infrastructure step by step The instructions are divided into three parts RADIUS Server Setup Microsoft Windows 2000 server Authenticator Setup WAP 4000 Wireless Client Setup Microsoft Windows XP WRT 410 VW 412 4000 Switch Internel RADIOS File Server Print Server Server Intranet The above graph shows the network topology of the solution we are going to introduce As illustrated a group of wireless clients is trying to build a wireless network with WAP 4000 in order to have access to both Internet and Intranet With 802 1X authentication each of these wireless clients would have to be authenticated by RADIUS server If the client is authorized WAP 4000 would be notified to open up a communication port to be used for the client There are 2 Extensive Authentication
37. es 15MB 7i Descriptions Enables authentication authorization and accounting of dal up and PA uzers 145 supports the RADIUS protocol Total dsk space required 0 4 ME Space available on disk BEY EME Setting Internet Authentication Service 24 Go to Start gt Program gt Administrative Tools gt Internet Authentication Service 25 Right click Client and select New Client 33 2 Internet Authentication Service E ES Action view e El ele Tree Friendly Name Protocol Internet Authentication Service Local Export List Help 26 Enter the IP address of WAP 4000 in the Client address text field a memorable name for WAP 4000 in the Client Vendor text field the access password used by WAP 4000 in the Shared secret text field Re type the password in the Confirmed shared secret text field 27 Click Finish Add RADIUS Client E X Cliert Information Specify information regarding the client Client addiess IP or DNS 42 166 1 1 Verh Chent Yendor RADIUS Standard T Client must always send the signature atribute in he request Shared secret i Confirm shared secret E Back Frish Cancel 28 In the Internet Authentication Service right click Remote Access Policies 34 29 Select New Remote Access Policy Internet Authentication Service Action view I e p
38. ey Disable 64bits 128bits Mode HEx 7 Caf gal Oal celo y Apply Cancel Help AP Name The host name of the WAP 4000 This can be any name for you to easily identify this access point SSID The SSID is the name shared among all points in the wireless network system must be identical for all points Channel The value of channel can be selected from channel 1 to 11 for FCC domain channels 1 to 13 for ETSI domain and 1 to 14 for Japan domain Authentication Select the type from the listed options If Open System or Shared Key is selected the screen would appear as above WEP Key Select the level of encryption you want among the options WAP 4000 supports 64 and 128 bit encryption Mode Select the key code you want to use for WEP Key HEX or ASCII When Hex is selected you may enter alphanumeric characters in the range of A F a f and 0 9 in the WEP Key entry field Alternatively you may enter digit hexadecimal values in the range of a z A Z and 0 9 Key 1 Key 4 There are 4 keys available please ensure you have enter correct number for the key values with different Key Length and coding Hex or ASCII as 64bit 10 Hex digit 5 ASCII 128bit 26 Hex digit 13 ASCII or 256bit 58 Hex digit 29 ASCII please select one of them and enter the key you want to use Click Clear to erase key values Note 128bit WEP encryption will require more system resources than 64bi
39. file by clicking the Browse button 3 2 Configure through PLANET WAP 4000 Utility The PLANET WAP 4000 Utility is provided to configure the WAP 4000 lt can be used to configure multiple WAP 4000s at the same time in an easiest way 3 2 1 Installation La Insert the User s Manual and Utility CD into the CD ROM drive 2 Run setup exe under En Utility WAP 40001 directory or click the Start button and choose Run When the dialog box appears enter E Utility WAP 4000 setup exe Assume E is your CD ROM drive You will see the dialog box as below Please click Next to continue wae I nstall held Wizard Welcome to the InstallShield Wizard for PLANET WAP 4000 Utility The Installs hieldA Wizard will install PLANET WAP 4000 Utility on your computer To continue click Mest 3 You can click Browse to specify the Destination Folder that you want to install the utility Or you can keep the default setting and click Next to continue fi nstalls hie ld wW ar d Choose Destination Location Select folder where Setup will install files stalla 4 Please click Finish to complete the software installation 18 InstallShield Wizard InstallShield Wizard Complete Setup has finished installing PLANET WAP 4000 Utility on your computer Lan Gel 3 2 2 PLANET WAP 4000 Utility configuration a Je orar After installing utility you can find the icon tay ON your desktop please double click this icon t
40. ication uthort for the servers cerb icate is Wireless a Do you want bo accept this connection 54 Chapter 5 Application This chapter describe the four operating mode of your WAP 4000 The four working modes of WAP 4000 are Access Point Access Point Client Mode Wireless Bridge mode and Multiple Bridge mode 5 1 Access Point mode With this mode your Wireless network connection could act as following Acces Poni mioche Fr a i J ann Roaming Any of your IEEE802 11b and 802 11g end nodes should found the nearest Access Point to communication with any other Wireless end nodes or the wired Ethernet network There are two things need to be check for your wireless end nodes the services set ID SSID and the Wired Equivalent Protocol WEP both parameters should the same with your Access Point 5 2 Wireless AP Client mode The WAP 4000 can also act as a client on a wireless LAN When configured as AP Client mode WAP 4000 soon makes your connected PC a wireless end node This mode can be deployed if your end nodes already installed with an Ethernet Adapter do not want to make any change but want to move it somewhere not easy to have the wire In this mode WAP 4000 will need to accompany with an existing WAP 4000 in access point mode in the wireless network 55 5 3 Wireless Bridge mode The Wireless Bridge mode help to make the two Ethernet networks connected without any
41. l interference and 2 this Device must accept any interference received including interference that may cause undesired operation Federal Communication Commission FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environment In order to avoid the possibility of exceeding the FCC radio frequency exposure limits human proximity to the antenna shall not be less than 20 cm 8 inches during normal operation R amp TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999 5 CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal Equipment and the mutual recognition of their conformity R amp TTE The R amp TTE Directive repeals and replaces in the directive 98 13 EEC Telecommunications Terminal Equipment and Satellite Earth Station Equipment As of April 8 2000 Safety This equipment is designed with the utmost care for the safety of those who install and use it However special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment Revision User s Manual for PLANET 802 11g Wireless Access Point Model WAP 4000v2 Rev 2 0 January 2004 Part No EM WAP4Kv2 TABLE OF CO
42. lates Intended Purposes Client Authentication Server Autherticatior Domain Controller Client Authentication Server Authentication Enrolment Agent Computer Certificate Request Agent IPSEC 1 9 6 1 5 5 8 2 2 Back Cancel 18 Click Finish to complete the Automatic Certificate Request Setup 19 Go to Start gt Run and type command and click Enter to open Command Prompt 20 Type secedit refreshpolicy machine policy to refresh policy 2 39 x Command Prompt C gt seceait refreshpolicy machine policy Group policy propagation from the domain has been initiated for this computer t may take a few minutes for the propagation to complete and the new policy to t jake effect Please check Application Log for errors if any IC Adding Internet Authentication Service 21 Go to Start gt Control Panel gt Add or Remove Programs 22 Select Add Remove Windows Components from the panel on the left 23 Select Internet Authentication Service and click OK to install Networking Services E Xi To add or remove a component click the check bos shaded box means hal orly part of the component will be retaled To see what s ncluded In a component click Detall gt ubcompornente of Hekaoking Serices E E COM Internet Services Proxy al pe Domain Name System IBAS vi Internet TE ihe atio ii A ES A a mo TCP IP SR 0 0 MB ei Server LS Servic
43. lease click Close to close the Setup Wizard window 3 1 2 Status You can check your WAP 4000 settings and status in this screen wiar Status LES E RE ES A ESTI AENA Ea TET Firmware Version 1 90 Date Thes 13 Jan 2004 LAN MAC 00 0D 86 95 16 6D IP Address 192 168 1 1 Subnet Mask 2595 255 255 0 Gateway 0 0 0 0 Send 164 Receive 1336 Wireless SSID default Encryption Disabled Channel 6 Send 3350 Receive O You can click the View Log button and then the screen below will appear You can view the logged message here You can also clear or refresh the log record ras Mera rre rage rage Refresh Time Message Jan 1 5 2004 10 45 00 Wireless PC connected 00 00 02 00 09 02 Jan 15 2004 10 44 52 Wireless PC connected 00 C0 02 00 09 C2 Jan 15 2004 10 43 50 Wireless PC connected 00 20 02 00 09 02 Jani 15 2004 10 42 54 Wireless PC connected 00 00 02 00 09 02 Jan 15 2004 10 41 51 System started AP 2 4GHz mode Ready Channel 6 TxRate best SSID default Jan 15 2004 10 41 51 Access point default started at channel 6 Jan 15 2004 10 41 51 3 1 3 Basic Settings You can set the AP Name SSID Channel and Authentication method to this Access Point After configuration please click Apply to save your settings RETA Basic Setting UE SA TEE A ht ES AECA AP Name Wireless Access Point SSID default Channel 6 Domain USA Authentication Open System Shared Key WPA WPA PSK WEP K
44. ls a cerbfication authority CA to ue certificates for use with public key securty appbcations Total ask space required 2 1 MB BR space available on disk 35244 MB a Back Lancel 5 Select Enterprise root CA and click Next to continue Windows Components Wizard CA Identifying Information Enter infomation to identity this LA CA name 0 Organization Organizational unit PT City Vu 2 a state or province Country region fus E mail ee CA description Po Valid for 2 veas 7 Eros 178 2005 1215 PM 6 Enter the information that you want for your Certificate Service and click Next to continue 7 Go to Start gt Program gt Administrative Tools gt Certificate Authority 8 Right click on the Policy Setting select new 9 Select Certificate to Issue 99 i Certification Authority ja Gm 08 18 mm intended Purpose Gad EFS Recovery Agent Fie Recovery Action View E 4 Wireless Basic EFS Encrypting Ale System Revoked CortFicates GA Domain Controler Client Authentication Server Aunt 29 ssued Certificates da Web Server server ALthenticacion i Pending Requests GA Computer Cienk Authentication Serv er Authenti E Faled Requests ET Encrypting Ale System Secure Email a akion Authority Code Soning Microsoft Trost List Signi fey Refresh Export List Halip 10
45. n the network s configuration In IP networking traffic takes the form of packets IP subnets advance network security and performance to some level by organizing hosts into logical groups Subnet masks contain four bytes and usually appear in the same dotted decimal data For example a very common subnet mask in its binary demonstration 11111111 11111111 11111111 00000000 will usually be shown in the corresponding more readable form as 255 255 255 0 Gateway A gateway is a piece of software or hardware that passes information between networks You ll see this term most often when you either log in to an Internet site or when you re transient email between different servers DHCP DHCP is a protocol for dynamically assigning IP addresses to networked computers With DHCP a computer can automatically be given an exclusive IP address each time it logs on to a network making IP address management an easier job for network administrators When a computer connects to the network the DHCP server selects an IP address from a master list and assigns it to the system The device must set to Obtain the IP address automatically The Wireless Access Point Gateway s DHCP server is disabled by default If you would like to enable the DHCP server click on the On button then specify the IP range and DNS server IP DNS When you send email or position a browser to an Internet domain such as xxxxx com the domain name system translates the names into IP ad
46. nce since the WAP 4000 use the same wireless channel to receive and transmit Besides when the WAP 4000 is configured to repeater mode you can only manage the AP through LAN interface and the PC s connected to its LAN port cannot communicate with other wireless clients You need to input the remote AP s MAC address or you can click Site Survey button to search and connect an available AP a when this mode is enabled Beacon Interval Specify the Beacon Interval value Enter a value between 20 and 1000 Beacons are packets sent by an Access Point to synchronize a wireless network RTS Threshold Use this field to specify a value for the RTS Threshold Enter a value between 256 and 2432 This value should remain at its default setting of 2432 Should you encounter inconsistent data flow only minor modifications are recommended Fragmentation Threshold This field is used to specify the fragmentation threshold Enter a value between 1500 and 2346 If you experience a high packet error rate try to slightly increase your Fragmentation Threshold The value should remain at its default setting of 2346 Setting the Fragmentation Threshold too low may result in poor performance DTIM Interval Specify the Beacon Rate Enter a value between 1 and 255 that specifies the Delivery Traffic Indication Message DTIM A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages When the AP has buffered broad
47. nd to comply with the limits for a Class B digital device pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio technician for help FCC Caution To assure continued compliance example use only shielded interface cables when connecting to computer or peripheral devices Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device complies with Part 15 of the FCC Rules Operation is subject to the Following two conditions 1 This device may not cause harmfu
48. no change is necessary Up to 63 wireless clients can be connected through WAP 4000 AP Client A WAP 4000 set to AP Client mode is able to connect to another WAP 4000 functioning in AP mode and wireless client within its range This mode allows your WAP 4000 client to be the wirelessly bridged to the main WAP 4000 When you select this mode please enter the LAN MAC address of the main WAP 4000 into Remote AP BSS ID field or you can click Site Survey button to search and connect an available AP Wireless Bridge This mode connects two physically separated LAN segments by using two WAP 4000s The remote WAP 4000 also needs to be set up as a Wireless Bridge The Remote Bridge MAC field must be filled with the LAN MAC address of the remote WAP 4000 Multiple Bridge This mode allows you to construct a network that has multiple WAP 4000s bridging multiple LANs wirelessly For all bridged WAP 4000s configure them in Multiple Bridge mode and all the WAP 4000s must be configured on the same channel You can have up to 14 WAP 4000 to be bridged together For performance reason it is suggested to bridge no more than 6 WAP 4000s in a WLAN Repeater Mode This mode allows you to extend the range of your wireless network When the AP is configured to repeater mode it will repeat the wireless signal from wireless client to access point Thus the wireless connection distance can be extended However the performance will become half of normal performa
49. o run the configuration utility and select each option to setup your Access Point as you need After settings in each option please press Apply to save It will show you the dialog box to enter User Name and Password By default the User Name and Password is admin E Losin Management Login saran Password m Ok Cancel 19 3 2 2 1 Link Information PLANET WAP 4000 Configuration Utility Statu Link Information AP Name AP Settings ESoll IP Settings IP Address Security Mac Address 802 1 Settings Channel WEF Security Wireless Access Point default 192 160 1 1 00 00 00 95 18 60 E Disable Mac Address 551D Wireless Access Pd 0 00 88 95 18 60 default Copyright 2003 PLANET VWAP 4000 Configuration Utility version Apply Refresh Close When the configuration utility starts it will show you the first option Link Information You can view the first Access Point s current setting Note If you have many WAP 4000 all the WAP 4000s will list in Available AP You can select the WAP 4000 that you want to check and then you can see the settings of the WAP 4000 20 3 2 2 2 AP Settings PLANET WAP 4000 Configuration Utility Link Information default AP Settings Channel E IP Settings AF Marne Wireless Access Point Security Mode Setting Access Point Access Point Client O Wireless Bridge Multiple Bridge 802 1 Set
50. omain Policy Group Policy Objects higher in the list have the highest priority This list obtained tron fael FSE LOCAL New Es Up Options Propestes Dawn T Block Policy inheritance 14 Go to Computer Configuration gt Security Settings gt Public Key Policies 15 Right click Automatic Certificate Request Setting and select New 16 Click Automatic Certificate Request Mea 6 MATE tn tw e aa ala Tree A tomate Certificate Request f Defadt Domain Policy fas01 PEE LOCAL Foley Computer Corfiguratior 4 Sofbware Settings 1 3 windows Settings Ed System Services LR Registry Be E shi ENG Public Key Polines EA Enterprise Trust 1 3 IP Securky Policies on Active Directory 3 Administrative Templates ALtomatic Certificate Hequast Refresh gfi User Configuration Export Ust 4 5 Software Settings Sait 41439 W ndows Settings Hep lnir au Tenpla e 17 The Automatic Certificate Request Setup Wizard will guide you through the Automatic Certificate Request setup simply click Next through to the last step Automatic Certificate Request Setup Wizard Certificate Template The next tine a computer logs on a certificate bated on the template pou select is provided certificale template is a set of predefined propertes for cerbficates issued to computers Select a template trom the following list Certificate temp
51. onnection distance Super G mode efficiently raises the data transfer rate up to 108Mbps Five operation modes selectable AP AP Client Wireless Bridge Multiple Bridge Repeater Auto Fall Back Data Rate for Long Distance Communication and Noisy Environments Adjustable antenna transmit power Features Roaming Best Access Point Selection Load Balancing and Network Traffic Filtering Support 63 clients to connect the network For best performance the suggested maximum clients number of one WAP 4000 in AP mode is 25 Provide Windows base configuration utility and Web Configuration Support DHCP Server and Client Support MAC Filter 1 4 Specification IEEE 802 11b IEEE 802 11g Signal Type DSSS Direct Sequence Spread Spectrum BPSK QPSK CCK OFDM Port 10 100Base TX RJ 45 1 Detachable Dipole Antenna 1 Antenna Connector Reversed Polarity SMA Male Output Power 17dBm 11 Mbps CCK 82dBm 5 5 Mbps QPSk 86dBm 802 11b 1 2 Mbps BPSK 90dBm typically PER lt 8 packet size 1024 and 25 C 5 C 72dBm 72dBm Sensitivity 76dBm 79dBm 802 119 82dBm 86dBm 9 Mbps 89dBm 6 Mbps 90dBm typically PER lt 8 packet size 1024 and 25 C 5 C Operating Mode AP AP Client Wireless Bridge Multiple Bridge Repeater 64 128 bit WEP encryption Password Protect Security WPA for 802 1x and WPA PSK MAC Filtering SSID Broadcast Disable function ome FCC 11 Channels US Canada Chann
52. or ASCII as 64bit 10 Hex digit 5 ASCII 128bit 26 Hex digit 13 ASCII or 256bit 58 Hex digit 29 ASCII please select one of them and enter the key you want to use When Hex is selected you may enter alphanumeric characters in the range of A F a f and 0 9 in the WEP Key entry field Alternatively you may enter digit hexadecimal values in the range of a z A Z and 0 9 Note If you have many WAP 4000s in LAN and you want to set them have the same WEP key You can set one of them and then select all the WAP 4000 in the Available AP and press Apply You will see a dialog box appears as below You can enter their User Name and Password in this dialog box and click OK to apply 24 Login Management 6 El X Mac Address UserName APOSDBGBS 00 30 4F 08 D6 68 00 30 4F 04 65 89 DK Cancel lf you want to use WPA for authentication please go to 802 1x Settings and complete relative RADIUS server settings first The detailed settings of 802 1x Settings are described in next section If WPA PSK Authentication is selected the screen appears as below Please enter a hard to guess passphrase between 8 and 63 characters in the field PLANET WAP 4000 Configuration Utility Link Information M Data Encryption AP Settings Auth Mode AA dat tndier lalla Passphrase IP Settings Passphrase Security Confirmed Passphrase d 802 1X Settings Copyright 2003 PLANET 444P 400
53. reshold 2346 OTIM Interval i Transmission Rates Mbps ta H 116 Only Mads Disable Ej super la DISABLED El Antenna TA power jul y LK Cancel SSID Broadcast Enable or disable a Service Set Identifier broadcast When enabled the SSID of the WAP 4000 is sent to wireless enabled devices on the area Set the WAP 4000 s SSID in the Basic Setting screen Enabling this function may cause unauthorized user to connect your wireless networks Beacon Interval Specify the Beacon Interval value Enter a value between 20 and 1000 Beacons are packets sent by an Access Point to synchronize a wireless network RTS Threshold Use this field to specify a value for the RTS Threshold Enter a value between 256 and 2432 This value should remain at its default setting of 2432 Should you encounter inconsistent data flow only minor modifications are recommended Fragmentation Threshold This field is used to specify the fragmentation threshold Enter a value between 1500 and 2346 If you experience a high packet error rate try to slightly increase your Fragmentation Threshold The value should remain at its default setting of 2346 Setting the Fragmentation Threshold too low may result in poor performance DTIM Interval Specify the Beacon Rate Enter a value between 1 and 255 that specifies the Delivery Traffic Indication Message DTIM A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast message
54. s When the AP has buffered broadcast 99 or multicast messages for associated clients it sends the next DTIM with a DTIM Interval value AP Clients hear the beacons and awaken to receive the broadcast and multicast messages Transmission Rates Select the desired transmission rates by clicking on the drop down list The default setting is Auto 11G Only Mode Enabling 11g only mode maximizes the performance of WAP 4000 in a pure 802 11g WLAN but 802 11b clients are not allowed to connect to it Disabling this option allows both 802 11g and 802 11b clients to connect to WAP 4000 Super G There are four options selectable Disabled Super G without Turbo Super G with Dynamic Turbo and Super G with Static Turbo When you use Super G mode it is recommended to enable 11g only for best performance Antenna TX Power You can control the transmit power of WAP 4000 here There are five options available full half quarter eighth and min 3 2 2 3 IP Settings PLANET WAP 4000 Configuration Utility Fixed IP Address Link Information DHCP Server DHCP Client AP Settings IP Address Setting IP Address EX l fig f i Subnet Mask 255 i 25 Gateway IP Settings Security 802 1X Settings DHCP tom E2 iB if oHcPio Sea ONS Server i i i i Copyright 2003 PLANET WYAP 4000 Configuration Utility version Apply Refresh Close Fixed IP Address You may give a fixed IP address to WAP 4000 manu
55. settings will take effect right after WAP 4000 reboots itself You can also use utility to configure 802 1X settings The procedures are similar to above described 4 4 Wireless Client Setup Windows XP is originally 802 1X support As to other operating systems windows 98SE ME 2000 an 802 1X client utility is needed The following procedures show how to configure 802 1X Authentication with WL 3555 in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again 4 4 1 EAP MD5 Authentication 1 Go to Start gt Control Panel double click on Network Connections 44 2 Right click on the Wireless Network Connection which using WL 3555 3 Click Properties to open up the Properties setting window Wireless Hetwork Connection Status El E General Support Connection status Lonnected Duratior 01 47 43 Speed 220 Mbps Signal Strength q alil Sent 4 Pecerved 70 335 0 Activity 4 Click on the Wireless Network tab Wireless Network Connection Properties 2 x General wireless Net Authentication Advanced Connect using Eg M WLAN PEI Adepte Thiz connection uzes the following temz Cal Fie end Pitter Sharing for M Microsoft Metworks el J QoS Packet Scheduler
56. t encryption Use 64 bit encryption for better performance lf you want to use WPA for authentication please go to 802 1x page and complete relative RADIUS 10 server settings first The detailed settings of 802 1x page are described in section 3 1 7 If WPA PSK is selected the screen appears as below Please enter a hard to guess passphrase between 8 and 63 characters in the field reise Basic Setting PRs Becht Beast Bee EA AAC AP Name Wireless Access Point SSID default Channel b F Domain USA 4 Passphrase Se ii Passphrase 3 1 4 IP Settings You can set the IP Gateway DHCP and DNS to this Access Point on this field After configuration please click Apply to save your settings rete ESA E ES IP Setting Beir Best aie a ee bee LAN IP Obtain IP Automatically Fixed IP Address 192 isa Subnet Mask 255 po Gateway o DHCP Server On iili Y e Off From 92 fhe i foo IP Range oi ha ibe hi 199 DNS Server 1 LAN IP You can configure this Access Point to obtain its IP address automatically or manually assign If you select Fixed IP please fill in the following fields with proper parameters Address This address is a unique numbers that identifies a computer or device on the WAN or LAN These numbers are usually shown in groups separated by periods for example 123 123 23 2 Subnet Mask Subnets allow network traffic between hosts to be separated based o
57. the client an EAP Success message along with the broadcast key and key length all encrypted with the client s WEP key 4 2 RADIUS Server Setup 4 2 1 Required Services After Windows 2000 server has been installed please install Service Pack 2 also and other latest security patch Furthermore the following service components are needed n Active Directory Please consult with your network administrator or an engineer who is familiar with Windows 2000 server to install Active Directory otherwise your system or network might be unstable n IAS Internet Authentication Service n Web Server IIS n Certificate Service 4 2 2 Setup Procedure 1 Login into Windows 2000 Server as Administrator or account that has Administrator authority 2 Go to Start gt Control Panel and double click Add or Remove Programs 3 Click on Add Remove Windows components 4 Check Certificate Services and click Next to continue 28 Windows Components Wizard Windows Components You can add or remove components of Windows 2000 Po add or remove a component click the checkbox 4 shaded box means that only par ofthe component will be installed To see what s included n a component click Details Components M 5 Accessories and Utilities iv E Certificate Services IM GEM nderna Serice 0 0 M8 RG Internet Information Services 115 21 7 A C 29 Kane and lona T aonla A oe Description instal
58. tings C Repeat Mode Advanced Setting Copyright 2003 PLANET W4P 4000 Configuration Utility version Apply Refresh Close Basic Settings ESSID ESSID is used by all wireless devices within the wireless network The ESSID value must be the same on all stations and Access points in this WLAN Channel Select the appropriate channel from the list provided to correspond with your network settings between 1 and 13 in ETSI All wireless devices with the same ESSID will automatically use this channel to communicate with this access point AP Name Change the access point name here if you want to set another name to this Access Point This will enable you to manage your access points with more ease if you have multiple access points in the network Mode Settings Access Point This mode is set to WAP 4000 by default This connects your wireless PCs to a wired network In most cases no change is necessary Up to 63 wireless clients can be connected through WAP 4000 Access Point Client A WAP 4000 set to AP Client mode is able to connect to another WAP 4000 functioning in AP mode and wireless client within its range This mode allows your WAP 4000 client to be the wirelessly bridged to the main WAP 4000 When you select this mode please enter the LAN MAC address of the main WAP 4000 into Remote AP SSID field Wireless Bridge This mode connects two physically separated LAN segments by using two WAP 4000s The remote WAP 4
59. ttp 11132 168 1 10 ceresrulcertrqus aso iyt gt E Links a e rlitic Home Choose Request Type Please salact tha type of raguest you would like to make User certificate request User Ta ificate Advanced request 5 Click Submit gt to continue 49 Microsoft Certificate Services Microsoft Internet Explorer Fie Edt Wisw Favorites Took Hep i 3 tak gt D E ee 2 Search SF Favortes e meda e B EN 53 Address 48 http 92 166 1 LO certsvicertrgbi asottype 0 hl kdo ins Microsoft Certificate Services Yy User Certificate ldentifying Information All the necessary identifying infomation has already been collected You may now submit your request 6 The Certificate Service is now processing the certificate request 3 Microsoft Certificate Seraces Microsoft Internet bop lorer Fie Edit view Favorites Toos Help e a ln pO ser SF Fevortes Uria E 3 5 Aadress E http 11192 166 1 10 ceresroJcertrabi espitype 0 Eo Links Microsoft Cerliticsta Serrices fome User Certificate Identifying Information All the necessary identifying information has already been collected You may now submit our request Watne for server response 7 The certificate is issued by the server click Install this certificate to download and store the certificate to your local computer p Microsoft Certificate sans HicrosoH Internet Explo rer
Download Pdf Manuals
Related Search