MultiAP 700G User Manual
Contents
1. 1 Wireless Settings Wireless Settings Max Total Associated 0 Clients 0 unlimited Beacon Rate 1Mbps Beacon Interval 100ms v DTIM 1 RTS Threshold 2347 Fragmentation Length 2346 Distance Time TE os acini input distance for recommended values Slot Time 9 us ACK Timeout 48 us CTS Timeout 48 us E 7 Enable 802 11g Protection In favor of 802 11g devices in mixed mode 11g and 11b networks Preamble Type Long Auto Wireless Settings gs Comment Max Total This value defines the maximum number of clients in total can be associated Associated Clients with the device The default number 0 means unlimited This setting provides the option to send beacon in different transmit bit rate and the bit rates are 1Mbps 2Mbps 5 5Mbps 6Mbps 11Mbps This setting provides the option to set the time between each beacon send Available options are 100ms 250ms 500ms Beacon Rate Beacon Interval This setting provides the option to set the frequency for beacon to include DIM Delivery Traffic Indication Message DTIM The interval unit is in millisecond This setting provides the option to set the minimum packet size for the unit to RTS Threshold send an RTS using the RTS CTS handshake Setting zero would disable this feature E Comment STATO This settings provides the option to set the fragmentation length Comment Distance I Time This is a convertor to automaticall2. 100baseTx FD 100baseTx HD 10baseT FD 10baseT HD Ethernet Settings Speed This setting provides the option to set the speed of the Ethernet 5 3 4 Health Check Health Check Method Ping X Ping Host 7 Use default gateway as Ping Host Interval 10 seconds Retries lv Health Check Method Select Ping to enable the health check function Ping Host Enter the IP address of Ping host By default the box Use default gateway as 9 Ping Host is checked and enabled Interval This value defines the interval of health check pings Retries The number of retry when the health check is failed 5 3 5 Scheduled Tasks Scheduled Tasks Self Maintenance Status Schedule Option Start Day Start Time Enable Weekly v Defined Time Mon v 09 100 Auto Channel Selection Status Schedule Option Start Day Start Time Enable Daily v Defined Time J 09 30 v Radio Of Period Status Schedule Option Start Time End Time Enable MARAEA DefinedRange 09 00 17 00 Disable EN mon tue wes thu m Whole Day oo 00 oo 00 Schedule tasks will be started after date synchronized from NTP server d Comment new _ Comment the whole section has Scheduled Tasks been updated Self Maintenance The system would perform reboot based on the scheduled time selected Auto Channel The system would perform auto channel selection to avoid congested channel Selection when no clients curre
3. Address By clicking the New button next to SNMPv1 v2 Communities or SNMPv3 Users you can add new communities and users accordingly 5 5 1 SNMPv1 SNMPv2 Communities By adding SNMPv1 v2 Communities access rights can be controlled Community Community Name IP Address IP Mask Access Mode ReadOnly x Status O Enable Disable Save to flash and activate SNMPv1 SNMPv2 Communities Community Name The password for getting or setting SNMP values IP Address and IP Mask The allowed subnet address who can access the SNMP server Choose the access mode for this community name to either Read Only or Access Mode god Write Status Select to Enable or Disable this community 5 5 2 SNMPv3 Users SNMPv3 User Setting SNMPv3 User Name userid Authentication Protocol HMAC MD5 eeecce Authentication Password ITIII Retype Privacy Protocol CBC DES eecce Privacy Password eecce Retype Access Mode Read amp Write v Status 9 Enable Disable By adding SNMPv3 users access rights can be controlled SNMPv3 User Setting SNMPv3 User Name The user ID to be allowed to access the SNMP agent Authentication The protocol for authenticating the user Available options are HMAC MD5 Protocol and HMAC SHA Authentication Only users provided with a correct password will be granted the right to access Password the SNMP agent The encryption method to be used in SNMPv3 communication Available options are None and
4. CBC DES When CBC DES is chosen as the Privacy Protocol This is the key for decrypting the encrypted data Privacy Protocol Privacy Password Access Mode Grant Read Only or Read amp Write access to this user Status Select to Enable or Disable this user 5 6 Web Admin Settings Upon selecting Web Admin Settings from the navigation bar on the left hand side of the Main Menu the following is displayed to enable to configuration of the parameters of the management interface Web Admin Change Admin Settings Oo Change Web Access Settings Oo Change Admin Username O Change Admin Password O Disable Web Administration 5 6 1 Change Web Access Settings Change Web Access Settings Web Access Protocol HTTP 9 HTTPS Management Port 443 HTTP to HTTPS Redirection V Enable WEB Access Control 7 Enable Management IP IP Address Subnet Mask 10 0 0 0 255 0 0 0 10 9 0 0 255 255 0 0 Add Change Web Access Seitings Web Access This option specifies the protocol for web access of the device Protocol By default it is set as HTTPS pe Comment New details This option configures the TCP port number of the secure web server By default the TCP port number is 443 Management Port HTTP to HTTPS With this option being enabled user who accesses the web admin with HTTP Redirection protocol will be redirected to HTTPS automatically WEB Access Select to enable the web access control feature and the Management I
5. Configuration to Flash Download Active Configuration Upload Configuration Upgrade Firmware Changes made are not saved to the flash as a result the current configuration will be lost after reboot To make the current configuration persistent across reboots choose Save Current Configuration to Flash Select this command to download the active configuration for backup purposes Select this command to upload the configuration from a backed up configuration file The configuration changes are not immediately effected after uploading but are effected upon the selection of Activate Changes Upload Configuration Configuration File Browse Select this command to upload a firmware file for upgrading the unit s software A reboot is required after upgrading the firmware Upgrade Firmware Flash 1 Flash 2 Firmware Version 4 7 1 4 6 18 Flash Status Bootable Bootable Boot from o Firmware Upgrade o Target Next Boot Target 3 Firmware Image File This is for activating saved changes but note that the activation of changes does not save the current configuration to the flash memory Activate Ch Activate Changes ix pd co System Time Thu Mar 25 16 34 58 2010 Delay Options Activate after 0 sec 0 79800 Select this command to download debugging information from the MultiAP 700G unit Download Debug ev Rod f Information File In the event of technical issues to facilitate prompt resolution by technical support f
6. Est ra EE EE Re vea Dee re ERE Cin D 10 7 2 WIRELESS NETWORKS SETTINGS cccccessceeeseccescceceseccesseecessesecsescnsueceseeessaecenseeesaeeensneees 16 7 3 ADVANCED SETTINGS ccccscccessceceseceesssecesseceesececssesecsececssecenseeceeseecessecesesessseseeseeeeaeeeeseens 26 7 4 WDS SETTINGS iiie enc eva E cea T Pera A ea voeacesce Pn cea E ss ka rd sus da E E Een EET Td REL ERR n 30 7 5 SNMB SETTRNGS i inibi T EE SEE ERE VEVE EFE ELE Ee E Va ci ELE coins CU Seg VERA HIER VPE Qu EE CLIE satan 32 7 6 WEB ADMIN SETTINGS ccccccceesceceseceesscecesseeeseceesseecesesecsseccnsescesseceesseceseeecssesenseeesseeeesseeee 35 6 DIAGNOSTIC TOOLS trcscori prse i rie ecYr eto e ocee etas entre cent laetus vai esr E eee 37 7 eel pt 38 8 PER USER VLAN TAGGING eeeeeeeeenenennnennen nena nua muunn ss sas a a aas a aaa aa ud nnmnnn 40 APPENDIX A ir binc tereds tivi te tees Era because eoe cc reas tav eve ctus edle dE eo bv Pe ei cec vetet dde Eu 41 APPENDIX B cientes eie eb ene tn e Ea e HE ec e cun Hen ou c EHE E ED EFE E Ec ER 42 1 Introduction and Scope MultiAP 700G is a carrier grade 802 11b g Wi Fi access point with centralized management system It is a powerful solution for building wireless networks for Wireless Internet service wholesalers and enterprises Each MultiAP 700G is loaded with essential features such as Multiple SSID virtual AP with distinct ESSID and BSSID VLAN and a hig
7. country region whose regulations the MultiAP 700G unit should follow Users are required to choose their operating country based on their actual location Laws restrictions and regulations of use of electronic goods apply to different countries Available RF channels and Maximum transmission power options rely on the selected operating country By default United States is selected This option selects the 802 11 channel to be utilized Available options for 802 11b and 802 11g are from 1 to 11 and from 1 to 13 respectively depend on the operating country selected in the previous option This option selects the transmit output power of the 700G device Available options are from 26 dBm to 17 dBm and 20 dBm to 11 dBm depend on the operating country selected in the previous option By default Tx Output Power is configured to be 26 dBm For MultiAP 700G Outdoor units the hardware may be equipped with two antennas for transmit and receive diversity If the MultiAP 700G unit is equipped with two antennas users can select Main Auxiliary and Both Diversity with antenna diversity By default Main antenna is selected E 1 Comment New feature 5 2 Wireless Networks Settings Upon selecting Wireless Networks under Configure section from the navigation bar on the left the following shows the configured SSID available on the system General Wireless Networks Settings Wireless Network The SSID of the virtua
8. Addresses ee Tool User defined MACs Connected clients Delete highlighted Addtoiist Authentication Method Plain Key Authentication x lo Authentication Authentication Key Plain Key Authentication hared Key Authentication RADIUS Authentication va Captive Portal Settings This setting specifies the URL to be used to redirect the users HTTP and Redirect URE HTTPS are available for the choice of protocols This setting will only be available if you have chosen Plain Key Auth nticatio n URL Authentication or Shared Key Authentication as the authentication method P It specifies the authentication URL to be used HTTP and HTTPS are available for the choice of protocols pe 1 Comment E Comment J Access Timeout This setting specifies the allowed access time When the timeout reaches users would be redirected to the Redirect URL Inactive Timeout This option sets the value of timeout when user stays inactive Pass through IPs This setting specifies the IPs that users can go to without redirection control This setting specifies the list of MAC addresses in which the authentication GU oe use and redirection are bypassed The option is particularly useful when devices Addresses do not have browser capability such as wireless VolP phone T This setting specifies the method to do user authentication and the options are fc t ace pei No Authentication Plain Key Authenticati
9. CP Server Type if the value Server is selected DHCP Server Parameters are entered via the following screen up selection DHCP Server Parameters IP Start Range IP Stop Range Subnet Mask Broadcast Address Gateway DNS 1 DNS 2 DNS 3 Domain Lease Time seconds Ld 1 Comment DHCP Server Parameters This setting specifies the first address in the range of IP addresses to be IP Start Range assigned to DHCP clients This setting specifies the last address in the range of IP addresses to be IP Stop Range assigned to DHCP clients Subnet Mask This setting specifies the subnet mask to be used by DHCP clients Broadcast Address This setting specifies the broadcast address to be used by DHCP clients Gateway This setting specifies the default routing gateway to be used by DHCP clients DNS 1 This setting specifies the IP address of the primary DNS Server to be offered to DHCP clients DNS 2 This setting specifies the IP address of the secondary DNS Server to be offered to DHCP clients DNS 3 This setting specifies the IP address of the tertiary DNS Server to be offered to DHCP clients Domain This setting specifies the domain name of the Wi Fi segment This setting specifies the length of time throughout which an IP address of a ease Time DHCP client remains valid Upon expiration of the Lease Time the assigned IP lt address will no longer be valid and the renewal of the IP address assignment will be requir
10. P Control settings will be available 5 6 2 Change Admin Username Password The selection Change Admin Username Password configures the administrator password for entering Web Admin Interface To change to the Username enter the new username into the Username input fields To change to the password enter the same new password into the New Password and New Password Retype input fields Change Admin Username New Admin Username Change Admin Password Restore Default Password Yes 9 No New Password New Password Retype 5 6 3 Disable Web Administration The selection Disable Web Administration turns off the access to Web Administration Interface After being turned off Web Administration Interface can be re enabled using SNMP Disable Web Administration Web Admin Interface 9 Enable Disable 2 Comment 6 Diagnostic Tools This provides three useful tools for diagnosing the network The three available options are Ping Traceroute and Nslookup Diagnostic Tools Destination Nslookup Result 7 Commands Upon selecting Commands from the navigation bar on the left hand side of the Main Menu a list of commands is displayed as follows Commands Commands Save Current Configuration to Flash Download Active Configuration upload Configuration upgrade Firmware Activate Changes Download Debug Information File Restore Factory Default Reboot AP l Commands Save Current
11. a Default VLAN ID will be overridden The default value of this setting is 0 That means VLAN tagging is disabled instead of tagged with zero Default VLAN ID This setting specifies whether or not the ESSID of the virtual AP can be scanned by Wi Fi clients Broadcast SSID Note that the BSSID i e the MAC address of the virtual AP cannot be hidden from the scan To associate with the virtual AP clients must specify the correct ESSID upon association Multicast Filter Multicast Rate Data Rate Default Quality of Service DHCP Server Type Security Policy Maximum Associated Clients Access Control Broadcast SSID is enabled by default This setting enables the filtering of multicast network traffic to the wireless SSID By default it is set as enabled This setting specifies the transmit rate to used for sending multicast network traffic There are two options on data rate Fixed Auto Fixed will forced all data packets to be transmitted into the selected transmit rate Auto will automatically select the best transmit rate with a condition to use the selected transmit rate as the minimum auto transmit rate The 802 1p QoS value to be marked on all outgoing packets generated from the virtual AP i e packets that travel from the Wi Fi segment through the MultiAP 700G unit to Ethernet segment via the LAN port If per user or per domain QoS value is specified the Default Quality of Service value will be overr
12. anual WDS Settings you can configure WDS connections manually WDS Details Enable Q9 Yes No MAC Address Security Policy ic WEP None Static WEP Parameters Key Size 40bits v Key Format ASCII v Passphrase Encryption Key Manual WDS Mode Enable This option enables this entry MAC Address This setting gives the MAC address of the other AP to form a WDS link Security Policy For more detail please refer to section 5 2 3 Static WEP H Comments 1 5 5 SNMP Settings Upon selecting SNMP Server Settings from the navigation bar on the left hand side of the Main Menu the following page is displayed to enable the configuration of SNMP server settings SNMP Settings Server Name This setting specifies the name that identifies the SNMP server This setting specifies whether to enable or disable the support for Version 1 of SNMPv1 SNMP This setting specifies whether to enable or disable the support for Version 2 of SNMPv2 SNMP This setting specifies whether to enable or disable the support for Version 3 of SNMPv3 SNMP SNMP Trap is a message initiated from a client and sent to the 700G device SNMP Trap Once this option is enabled the following two options for SNMP Trap will be available for configuration SNMP Trap When SNMP Trap is enabled This setting specifies the SNMP Trap Receiver Receiver Name Name SNMP Trap IP When SNMP Trap is enabled This setting specifies the SNMP Trap IP Address
13. as NeTworil lt s MultiAP 700G User Manual Aug 12 COPYRIGHT amp TRADEMARKS Specifications are subject to change without notice Copyright 2012 ValuePoint Networks All Rights Reserved ValuePoint and the VP logo are trademarks of ValuePoint Networks Other brands or products mentioned may be trademarks or registered trademarks of their respective owners Table of Contents 1 INTRODUCTION AND SCOPE ccccccccccccecccscsseseeeseeseeseesseesuesuseuseusaueuseesenaneaneeaseens 3 PRODUCT FEATURES niei ra dre id aad rud a kr a cep ec ee rose ance a serae ve eeu ad 3 EXPE wie EETUELIEREDDDMESUTMPUESM 4 5 1 INSTALLATION PROCEDURES 5 1 2 iara aiia etra bba ka hd v rad de ph a sdb laeta Pana Ub ka ra uw La ca ia iip 4 5 2 QUICK START EEE EEE EEE E TE MELLE Ii eL Id IE LL 6 A INFORMATION is 2 3 riii pu vk dac P ku SE e Ek een SE ra ta Era uc nara carae dn ERR d ER FAR Rr ER RE 6 6 1 SYSTEMS cba EVE EU ERE MERE EE care EYE ERN FUVEHE SUPE RA Lr EEER DEP Lr re PEL VI ELIO E cv epa ELENA 6 6 2 WIRELESS icio ideae Deb reda zudd aoi oda cra redu Lee o RAT Hd E La ER CR D EE ERU Ru eo n ed ET ER pad 7 6 3 D M 8 6 4 EVENT OG icm tei Eit he or HEEEH EE FE e EX I teo re DEHE V EE Eee E cU EE VOR FEE LER RE F EY RESTE Pa 8 6 5 INEIGHBOR di I RTT 9 5 GONEIGURATION oet icadec eati vie cars extr ew reor ete reus o enema seeacii eue Eid es a EE 10 7 1 SYSTEM SETTINGS iic hii iiri e en nC
14. ateway 192 168 1 1 DNS 1 192 168 1 1 DNS2 DNS 3 Lease Time 3600 seconds 5 1 2 L2TP Tunnel Settings L2TP Tunnel Setting L2TP Tunnel Enabled L2TP Server Address 0 0 0 0 L2TP PPP Username L2TP PPP Password Tunnel IP Address Tee From DHCP Tunnel Subnet Mask Tunnel Management VLAN u L2TP Tunnel Settings Enabling L2TP option on the system would start the tunnel establishment from ESTE Tunnel the access point to the server for centralized traffic management kel ceiver This specifies the L2TP server IP address for the access point to connect to Address LZIRIPEP This specifies the L2TP PPP Username for tunnel authentication purpose Username L2TP PPP Password This specifies the L2TP PPP Password for tunnel authentication purpose This specifies the unique IP address for the MultiAP 700G unit to communicate over the tunnel Tunnel IP Address f From DHCP is set the IP address of the MultiAP 700G unit is then acquired from a DHCP server over the tunnel Tunnel IP Address and Tunnel Subnet Mask will be disabled automatically This setting specifies the subnet mask of the MultiAP 700G unit over the Tunnel Subnet Mask iure This specifies the VLAN from which management sessions are allowed over the tunnel The establishment of management sessions is restricted only to Tunnel Management the specified VLAN ID If Management VLAN ID is set to zero no VLAN VLAN restriction is applied The default value of this s
15. can be detected or not 5 Configuration 5 1 System Settings l General Access Point Settings A user specified name for the access point Ae Name This value can be retrieved via SNMP A user specified name for the location of the access point Location This value can be retrieved via SNMP This option enables the access point running as a bridge or a router When AP Mode the access point runs as a router the Management VLAN ID is ignored and the LAN settings appear for proper network setup Domain name can be set for wireless clients to have a readable name for both DomamiName web management and captive portal redirection URLs This specifies the unique IP address for the MultiAP 700G unit to communicate on the Ethernet segment This IP address is distinct from the admin IP address 192 168 0 3 on the Ethernet segment If Keep Default IP is set the default IP would be available on the system along with the Server IP setting If DHCP is set the IP address of the MultiAP 700G unit is then acquired from a DHCP server on the Ethernet segment If Static IP is set it is required to enter the information related to that static IP including Static IP address Subnet Mask Default Gateway and DNS Server If PPPoE is set it is required to enter the information related to that PPPoE connection PPPoE Username PPPoE Password PPPoE Service Name This option is only available with Router mode Server IP This specifies the VLAN
16. e wired or wireless 4 4 Event Log Upon selecting Event Log from the navigation bar on the left hand side of the Main Menu the system log is displayed The system log is intended to provide information to aid troubleshooting in the event of operational issues Event Log Jan Jan Jan 08 00 14 syslogd started xxx 08 00 14 reboot xxx 08 00 14 kernel xxx oP PPP PPP RB o o o roy n Jan 08 00 14 kernel xxx Jan kernel xxx Jan 08 00 14 kernel xxx Jan 08 00 14 kernel xxx Jan 08 00 14 kernel xxx Jan 08 00 14 kernel xxx Jan na8 n n 14 Farnell vvv Comment 4 5 Neighbor APs Neighbor APs This shows the feature Neighbor AP Discovery is enabled To disable or Neighbor AP i configure the Scanning Interval and Scanning Time options please refer to Discovery section 5 3 2 Scanning Interval This shows the scanning interval for Neighbor AP Discovery Scanning Time This shows the scanning time for Neighbor AP Discovery Manufacturer This shows the manufacturer based on the MAC prefix SSID This shows the ESSID of the scanned access point Ch This shows the channel of the scanned access point RSSI This shows the signal strength of the access point Security This shows the encryption type of the access point used BSSID This shows the wireless MAC address of the access point Last Seen This indicates the time stamp of the access point scanned Status This shows whether the access point
17. e Type Framed User Appendix A Radius Server Setup MultiAP 700G has been test to be functional with Radiator version 3 9 using the EAP TTLS protocol For MultiAP 700G configure the authentication protocol of the virtual access point to WPA AES CCMP Sample Radiator Settings AuthPort 1812 AcctPort 1813 LogDir var log radius DbDir etc radiator Trace 4 Client DEFAULT Secret testing123 DupInterval 0 Client Realm DEFAULT AuthBy FILE Filename etc radiator users EAPType TTLS EAPTLS CAFile etc 1x cert demoCA cacert pem EAPTLS CertificateFile etc 1x cert cert srv pem FAPTIS CertificateTvoe PEM Appendix B Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of t
18. ed 5 2 2 DHCP Relay For the setting DHCP Server Type if the value Relay is selected DHCP relay parameters will be available via the following screen up selection DHCP Relay Parameters DHCP Server IP DHCP Relay Parameters DHCP Server IP This setting specifies the IP address of the DHCP server 1 Comment 5 2 3 Static WEP The configuration of Static WEP parameters enables pre shared WEP key encryption Authentication is not supported by this method The security level of this method is known to be weak Static WEP parameters are entered via the following screen upon selection Static WEP Parameters Key Size 40 bits 64 bitWEP Key Format ASCII Encryption Key Shared Key Authentication E Enabled Static WEP Parameters The setting can be configured as either 40 bits 64 bit WEP 104 bits 128 bit WEP or 128 bits 152 bit WEP Key Format The setting can be configured as either ASCII or HEX Combination of words and characters used to generate an encryption key Comment Pudsihidgu 2220 ee ee SO ORO S se This setting specifies a user specified encryption key value Encryption Key For ASCII format key length is either 5 or 13 For HEX format key length is either 10 or 26 Key Size Shared Key This setting enables the use of shared key authentication Open Authentication authentication is the default authentication 5 2 4 802 1x Parameters The configuration of 802 1x paramete
19. efined in previous section Number of WLANs _ This shows number of added SSIDs Current Clients This indicates the number of associated clients Current Channel This shows which 802 11 channel the system is using Current Status This shows the current status of the device Connected Clients Manufacturer This shows the manufacturer based on the MAC prefix MAC address This shows the client MAC address WLAN SSID This shows which SSID the client is associated VID This shows the VLAN ID used on the SSID Type This shows the radio mode of the client Authentication This shows the client authentication Status This shows the association status and the associated duration Details This links to the detailed page of each client For information about the Clients Details please refer to section 5 2 Ls Comment any other than On 4 3 WDS Auto WDS Status Bssid This shows the wireless MAC address of the device Parent This shows the parent node of the device Channel This shows the channel of the existing Bssid Level This shows the hop level of the device State This shows the state of the node wired or wireless Bssid This shows the wireless MAC address of the Neighbor WDS node Parent This shows the parent node of the Neighbor WDS node Channel This shows the channel of the existing Bssid RSSI This shows the signal strength of the node Level This shows the hop level of the node State This shows the state of the nod
20. etting is zero It means no tagging is enabled instead of tagged with zero 5 1 3 Security Settings Security Setting Layer 2 Communication Enabled 802 1X Version vi O v2 Paa from Wireless Enabled SysLog to Remote Server Enabled SysLog Server Address lt lt Port 514 Security Settings Layer 2 is in reference to the second layer in the ISO Open System Interconnect model When this option is disabled clients on the same VLAN SSID or subnet are not allowed to communicate directly via the Layer 2 Protocol s Traffic is passed to upper communication layer s With this option enabled clients on the same VLAN are allowed to communicate with each other directly Windows network resources browsing will be possible By default the setting is enabled This setting selects between v1 or v2 of the 802 1x EAPOL When v1 is selected both v1 and v2 clients can associate with the access point However when v2 is selected only v2 clients can associate with the 802 1X Version access point Most modern wireless clients support v2 In the event that there are stations that do not support v2 select the option v1 By default the value of the setting is v2 Layer 2 Communication With this option enabled Web Admin is accessible from the Wi Fi segment of Management from MultiAP 700G Wireless Clients By default it is enabled Syslog to Remote With this option enabled logs are sent to an external Sysl
21. ey or Pass Phrase is used for data encryption and authentication Under this configuration the Pre Shared Key option should be enabled Key length must be between 8 and 63 characters inclusive The security level of this method is known to be high WPA Parameters Pre Shared Key v Enabled Passphrase Hide Show Passphrase 3600 s Re keying Period re key on re keying period re key if any station disassociates 5 2 6 Access Control The settings allow administrator to control the access through Mac address filtering Available options are None Deny all except listed and Accept all except listed Enter or Choose MAC address es in the box of MAC Insertion Tool on the right and then click Add to list MAC address es will be added into the filter To delete a selected MAC address in the list click and highlight a MAC address in the box on the left then click Delete highlighted Access Control Listed MAC Addresses MAC Insertion Tool User defined MACs Connected clients Delete highlighted lt lt lt Addtolist 5 2 7 User can build and develop their own Captive Portal using PHP and then redirect all clients to the assigned server for authentication Captive Portal Settings Redirect URL http v Authentication URL http v Access Timeout 0 seconds 0 Disable Inactive Timeout 300 seconds Pass through IPs rl Authorized MAC
22. from which management sessions are allowed The establishment of management sessions is restricted only to the specified VLAN ID If Management VLAN ID is set to zero no VLAN restriction is Management VLAN applied ID The default value of this setting is zero It means no tagging is enabled instead of tagged with zero This option is only available in Router mode This option specifies the time region to be used for representing the time on Timezone the system This is the Network Time Protocol NTP Server hostname to be used for NTP Server synchronizing system clock of MultiAP 700G The default value of this setting is pool ntp org Spanning Tree Protocol STP can be enabled to prevent path redundancy STP With this enabled two more options are provided Bridge Priority and Ethernet Path Cost If STP is enabled the parameter is set to give the likeliness for root switch Bridge Priority election If STP is enabled this gives the preference to provide the best path from the Ethernet Path Cost switch to the root switch 5 1 1 LAN Settings LAN Settings will only be available when the AP Mode in the previous section had been selected as Router mode You can use the 700G as a DHCP server for other devices behind LAN Settings LAN IP 192 168 1 1 LAN Subnet Mask 255 255 255 0 DHCP Server 4 Enabled IP Start Range 192 168 1 100 IP Stop Range 192 168 1 200 Subnet Mask 255 255 255 0 Broadcast Address 192 168 1 255 G
23. h gain antenna One MultiAP 700G can masquerade up to 16 different access points Each virtual access point can have its own security policy e g WPA WPA2 etc and authentication mechanism e g 802 1x open captive portal etc to facilitate building your wholesale network much faster easier and more cost effective than ever before MultiAP 700G comes with a high power Wi Fi transmitter which greatly enhances coverage and performance 2 Product Features Key features of MultiAP 700G Designed for wholesale wireless networks with multiple SSID and VLAN support Independent security policies and encryption mechanisms per virtual AP e Centralized managed via web based MultiAP Central Management System PCMS High power output enhances coverage and lowers cost of ownership e WMM Wi Fi Multimedia and QoS Quality of Service Support e WDS Wireless Distribution System Support e Captive Portal Support Mesh Connector Bridging 3 Installation MultiAP 700G acts as a bridge between the wireless and the wired Ethernet interface A typical setup is as follows Backbone Network Radius VLAN Tagged Server Data Traffic 3 1 Installation Procedures 1 Attach the antenna to the MultiAP 700G unit 2 Connect the LAN port on the unit with the backbone network using an Ethernet cable The port could auto sense the cable is straight through or cross over 3 Connect the power adapter to the power connector of the u
24. he following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment IMPORTANT NOTE FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance 20cm between the radiator amp your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter
25. idden Possible values are Gold Silver and Bronze This setting selects among the following options e None DHCP requests will be passed to the Ethernet segment and will not be processed by MultiAP 700G e Relay MultiAP 700G will forward DHCP requests to a specified DHCP Server This option prevents broadcast messages from being propagated on the Ethernet segment Upon selecting this option the DHCP Server IP address will be prompted e Server MultiAP 700G will allocate and offer IP addresses locally For further details please refer to Section e DHCP Server Please refer to the following sections 5 2 1 and 0 for details This setting configures the wireless authentication and encryption methods Available options are None Static WEP 802 1x and WPA Selecting None disables encryption For details on the other options please refer to the following sections e 5 2 3 Static WEP Parameters e 0 802 1x Parameters e 5 2 5 WPA Parameters This setting limits the number of associations allowed to the SSID The default value zero would be treated as unlimited The settings allow administrator to control the access through Mac address filtering Available options are None Deny all except listed Accept all except listed For details on the other options please refer to Section 5 2 6 Access Control Alternative Radius Server Setting Captive Portal Bandwidth Management Alternative Layer 2 Communication Sett
26. ing Wireless Network Filter WMM Mesh Connector Bridging 5 2 1 The settings provide an alternative Radius setting for the SSID With this enabled the settings would overwrite the Radius settings under system in section Configure For details on the other options please refer to Section 5 1 4 Radius Settings This setting enables the captive portal capability on the access point to do URL redirection with different authentication For details on the other options please refer to Section 5 2 7 Captive Portal Settings This option enables the settings to control upstream and downstream limits For details please refer to Section 5 2 8 Bandwidth Management With this option enabled 3 more options for Layer 2 Communication settings will be available Settings This option enables the access point to filter network traffic based on the users defined rules Users can use MAC address IP address and protocol to form the matching rules to perform either drop or accept policy For details please refer to Section 5 2 10 Wireless Network Filters This option enables the Wi Fi Multimedia WMM as known as Wireless Multimedia Extensions WME on the access point This option enables the transparent bridging functionality with MultiAP Mesh Connector to achieve true layer two transparency This option should be checked if users want to bridge traffic from a 700G to Mesh Connector DHCP Server For the setting DH
27. l Access Point AP This setting specifies the VLAN ID to be tagged on all outgoing packets generated from the virtual AP i e packets that travel from the Wi Fi segment through the MultiAP 700G unit to Ethernet segment via the LAN port If 802 1x is enabled a per user VLAN ID can be specified in the authentication reply from the Radius server If it is set the value specified via Default VLAN ID will be overridden Default VLAN ID Admin Status This option shows whether the virtual AP is enabled or disabled This option shows the configured wireless authentication and encryption Security Policies POR BSSID This field shows the detailed BSSID Wireless Networks Details Select Yes to enable the virtual AP or No to disable the virtual AP By default the virtual AP is enabled This setting specifies the SSID of the virtual AP to be scanned by Wi Fi clients Wireless Network The value is not case sensitive SSID By default the value is MultiAP_XXXX where the substring XXXX in the SSID is replaced by the last four hex digits of the LAN MAC address of the unit Enable This setting specifies the VLAN ID to be tagged on all outgoing packets generated from the virtual AP i e packets that travel from the Wi Fi segment through the MultiAP 700G unit to Ethernet segment via the LAN port If 802 1x is enabled and a per user VLAN ID is specified in the authentication reply from the Radius server then the value specified vi
28. nit and then plug in the power adapter 4 Wait for the status LED to turn green 5 Connect a PC to the backbone network and configure the IP address of the PC to be any IP address between 192 168 0 4 and 192 168 0 254 with subnet mask of 255 255 255 0 6 With Microsoft Internet Explorer 6 or above or Mozilla Firefox 2 0 or above connect to the URL https 192 168 0 3 7 When prompted enter the default admin login ID and password admin and public respectively This default username and password can be changed in the web admin Please refer to section 5 6 2 for details 8 After logging in the following Main Menu page appears to facilitate further configuration of the MultiAP 700G unit 3 2 Quick Start By default an access point is preset with SSID wireless The default access point bridges the Wi Fi interface to the Ethernet port with both encryption and VLAN tagging disabled To access the backbone network connected via the Ethernet port of the unit establish a session at the Wi Fi interface with a Wi Fi client After establishing a Wi Fi client session information about the established Wi Fi session appears at the Web Administration Interface of MultiAP 700G under the section at Information Wireless 4 Information 4 1 System System Information AP Name This field shows the name of the system entered in the configuration Location This field shows the location entered in the configuration Domain Name This show
29. ntly associated to the access point Radio On Off This option specify the time period which radio would be switched ON or OFF Period If there are no entries radio will be set as ON automatically Schedule tasks will be started after date synchronized from NTP server 5 4 WDS Settings Wireless distributed system WDS provides a way to link APs together when wired cabling is not preferable This also extends the wireless coverage of the wireless network for the wireless clients There are two options available Auto and Manual 5 4 1 Auto WDS Mode Auto WDS Mode There are three options Auto Detect Wired and Wireless e Auto Detect the unit would check the connectivity to the default gateway via wired Ethernet to determine the node type If there is connectivity to the default gateway the unit would state its node type Node Type as gateway Otherwise the unit would state its node type as node e Wired the unit is expected to be wire connected to provide public network access to other wireless nodes e Wireless the unit would search for the best gateway or node wirelessly in order to gain public network access This setting gives the encryption passphrase for AES encryption to secure the AES passphrase date between APs 700G devices will match this AES passphrase with each other and for those matched will be connected for Internet connection E 1 Comment 5 4 2 Manual WDS Mode By clicking the ADD button under M
30. og server Server By default this option is disabled When the Syslog to Remote Server is enabled this option is enabled for entering the Syslog server IP address and port number By default the port number is 514 Syslog Server Address Port 5 1 4 Radius Server Settings Radius Server Setting Primary Authentication Server Secret Authentication Port Secondary Authentication Server Secret 1812 Default AuthPort Authentication Port 1812 Default AuthPort Primary Accounting Server Secret Accounting Port 1813 DefaultAcctPort Secondary Accounting Server Secret Accounting Port Reauthentication Time 0 1813 Default AcctPort s enter 0 to disable reauthentication Maximum Retransmission 3 Radius Request Interval 3 s initial value double upon every retransmission Radius Server Settings Primary Authentication Server Secondary Authentication Server Secret Authentication Port Primary Accounting Server Secondary Accounting Server Secret Accounting Port Re authentication Time Maximum Retransmission Radius Request Interval When 802 1x authentication is configured the Radius server specified by this setting will be used for authentication This setting specifies the Radius server to be used for authentication in the event that the host specified by Primary Host is unavailable This is the secret for accessing the Radius server This specifies the UDP p
31. on Shared Key Authentication rd Commen ETE and RADIUS Authentication _________________________________ Authentication Ko This setting specifies the authentication key which is only available when Plain y Key Authentication or Shared Key Authentication has been selected 5 2 8 Bandwidth Management Bandwidth Management Per VAP Settings Upstream Limit 0 kbps 0 Unlimited Downstream Limit 0 kbps 0 Unlimited Per Client Settings Upstream Limit 0 kbps 0 Unlimited Downstream Limit 0 kbps 0 Unlimited l Bandwidth Management Per VAR Settings Upstream Limit and Downstream Limit can be set for each VAP or each Client Per Client Settings Upstream Limit This option set the upstream bandwidth limit The default value 0 means E Unlimited m This option set the downstream bandwidth limit The default value 0 means Comment Dew Downstream Limit Unlimited E 5 2 9 Alternative Layer 2 Communication Setting Alternative Layer 2 Communication Setting Separate Unicast packets V Enabled arse pecu mad V Enabled Separate between SSIDs 4 Enabled Alternative Layer 2 Communication Setting Separate Unicast Check the box to enable the separate unicast packet feature for Layer 2 packets communication Separate Broadcast Check the box to enable the separate broadcast multicast packets feature for Multicast packets Layer 2 communication Separate between Check the box to enable the separate between SSIDs feature fo
32. ort number for the Authentication port of the Radius server When 802 1x authentication is configured the Radius server specified by this setting will be used for accounting This setting specifies the Radius server to used for accounting in the event that the host specified by Primary Host is unavailable This is the secret for accessing the Radius server This specifies the UDP port number for the Accounting port of the Radius server This is the re authentication time interval Enter 0 to disable re authentication By default it is set as 0 disable This specifies the maximum number of retry for RADIUS authentication By default it is set as 3 This specifies the time interval in second between each RADISU request attempt Note that the request time interval would be doubled every retransmission By default it is set as 3s 5 1 5 802 11b g Profile 802 11b g Profile Radio Policy 802 11b g v Country United States v RF Channel 6 2 437 GHz v Tx Output Power 26 dBm 400 mW Antenna Selection Main X 802 11 b g Profile Radio Policy Country RF Channel Tx Output Power Antenna Selection Three options are available e 802 11b g Mixed Mode MultiAP 700G accepts both 802 11b and 802 11g client association requests e 802 11b Only MultiAP 700G accepts only 802 11b client association requests e 802 11g Only MultiAP 700G accepts only 802 11g client association requests This setting specifies the
33. r Layer 2 SSIDs communication F Comment new 5 2 10 Wireless Network Filters Wireless Network Filters Name Filter Source MAC Address 00 11 22 33 44 55 Destination MAC Address 00 11 22 33 44 56 Source IP Address Netmask Destination IP Address Netmask Source Port Destination Port Protocol all z Policy drop z Enable 7 Enabled Filter List Src MAC Src IP Mask Src Port T Name est MAC Dest IP Mask Dest Port Protece Policy Enable 00 11 22 33 44 55 any any ras Filter Q0 11 22 33 44 56 any any drop V Wireless Network Filters Name Source Destination MAC Address Source Destination IP Address Netmask Source Destination Port Protocol Policy Enable This setting defines the name of the filter This setting specifies the source destination MAC address es to be filtered This setting specifies the source destination IP address es and the Netmask to be filtered This setting specifies the source destination Port s to be filtered This setting specifies the Protocol to be filtered This option defines the policy of this filter Available options are accept and drop Check the box to enable or disable this filter You can delete any existing filter by clicking the Remove bottom on the right of the Filter List 5 3 Advanced Settings Advanced Settings provides more options to fine tune the parameters on the system to achieve the optimal performance 5 3
34. rom MultiAP please send along with a debug file with the support request This command to restore the device to factory default settings Users may check the box to preserver network settings including Server IP Subnet Restore Factory Mask Default Gateway DNS Server and Management VLAN ID Other Default configuration will be lost after the restoration Restore Factory Default Preserve Settings E Network settings Server IP Subnet Mask Default Gateway DNS Server Management VLAN ID This option is for rebooting the MultiAP 700G unit Reboot AP Flash 1 Flash 2 Bidder Firmware Version 4 7 1 4 6 18 Flash Status Bootable Bootable Boot from o Next Boot Target Remember to click Proceed to activate your selected commands 8 Per User VLAN tagging MultiAP 700G supports VLAN tagging on per client session basis when 802 1x authentication is configured The VLAN ID can be passed from the Radius server The VLAN ID to be set on a client session is passed from the radius server in a vendor attribute in the Access Accept response called Tunnel Private Group ID When the Tunnel Private Group ID attribute is present the default VLAN ID setting will be overwritten with the value of the attribute Sample Radiator Settings This is a sample Radiator users file for enabling the Tunnel Private Group ID attribute login id User Password abcl23 Tunnel Type 1 VLAN Tunnel Medium Type 1 Ether 802 Tunnel Private Group ID 1 2 Servic
35. rs enables Radius based 802 1x authentication with a dynamic WEP key The configuration screen is as follows 802 1X Parameters Dynamic Key Encryption 7 Enabled WEP Key Size 40 bits 64 bit WEP x Re keying Period 14400 seconds 0 Disable 802 1x Parameters Dynamic Key Check the box to enable the Dynamic Key Encryption Key Size and Re Encryption _ keying Period will be enabled automatically ___ Comment Key Size The setting can be configured as either 40 bits or 104 bits This setting specifies the length of time throughout which the broadcast key Re keying Period remains valid Upon expiration of Re keying Period the broadcast key will no longer be valid and the renewal of the broadcast key will be required Comment The default value 0 means to disable re keying 5 2 5 WPA parameters The configuration of WPA parameters enables WPA TKIP or WPA2 AES To enable WPA and WPA PSK configure WPA TKIP To enable WPA2 and WPA2 PSK configure WPA2 AES When WPA or WPA2 is configured Radius based 802 1x authentication with TKIP encryption method is enabled Under this configuration the Pre Shared Key option should be disabled The security level of this method is known to be very high WPA Parameters Pre Shared Key Enabled 3600 s Re keying Period re key on re keying period re key if any station disassociates When WPA PSK or WPA2 PSK is configured a Pre Shared K
36. s the domain name used for this system DHCP Static IP and PPPoE Router Mode only Network IP Address This shows the current IP used on the system Network IP Mode jobs This shows the current subnet mask used on the system Network Gateway This shows the detected assigned network gateway of the device 7 Network DNS This shows the detected assigned network DNS of the device i Software Versions This shows the current firmware version running on the system Serial Number This shows the serial number of the device Up Time This shows the time has been up since boots up System Time This shows the time of day in respect to the time zone selected Time Zone This shows the time zone the system is using Mac Address This shows the LAN MAC address of this system L2TP Tunnel Status This shows the status of the L2TP service Tunnel IP Address This shows the IP acquired in the established tunnel m Comment 1 Comment Lc Comment Tunnel Netmask This shows the subnet mask acquired in the established tunnel Firmware Flash Firmware Version This shows the firmware version loaded into the flash partitions Flash Status This shows the firmware status on the flash partitions Boot from This indicates which flash partition boots up the system Firmware Upgrade This shows which flash partition is used for firmware upgrade Target 4 2 Wireless Wireless Information Name This shows the system name d
37. y adjust the Slot Time ACK Timeout and Convertor CTS Timeout by entering the distance between the device and the clients Slot Time This setting provides the option to modify the unit wait time before it transmits ACK Timeout This setting provides the option to set the wait time to receive acknowledgement packet before doing retransmission s This setting provides the option to specify the timeout for the unit to wait for US CH CTS response in the RTS CTS handshake When this option is enabled 802 11g devices would be in favor in mixed mode 802 114 Protection 11g and 11b networks Preamble Type defines the length of the CRC block for communication between the AP device and adapters Available options are Long and Auto A Preamble Type long preamble type can be selected if the device is operating in a noisy m 1 Comment network environment 0 00 a By default it is set as Auto 5 3 2 Neighbor AP Discovery Neighbor AP Discovery n v Enable Scanning Interval 10 s Scanning Time 50 ms Neighbor AP Discovery bn esi AP Check the box to enable the function of scanning neighbor APs iscovery This setting determines how often the access point goes to other channels to Scanning Interval discover Neighbor AP This setting determines how long the access point stays on the other channels Scanning Time 5 discover Neighbor AP 5 3 3 Ethernet Settings Ethernet Settings Speed
Download Pdf Manuals
Related Search