User`s Manual
Contents
1. WES WDS Profile RF Card A WDS Link 1 WDS Disable v WDS Link Address 0A 1F D4 23 14 B0 Please use it as the peer s Remote AP MAC Address Remote AP MAC Address Security Type None T CAPWAP Tunnel Interface 1 Click on the Wireless button on the main menu 2 Select the Repeater Settings tab 3 Choose WDS as the Repeater Type 4 Choose the desired WDS profile a Enable WDS b WDS Link Address on selected AP Models Use the MAG address as Peer s Remote AP MAG Address c Enter the MAC Address peer AP and then Click SAVE If you are using another 4ipnet APs as the peer AP simply repeat the above mentioned steps to configure another peer AP s To support traffic with unlimited VLAN tags via WDS EAP220 has to be set to Tag Based Mode Note On selected APs each WDS link interface has its own MAC address Use the respective MAC for each interface to create WDS links with peer APs Cross brand model WES WDS link performance may vary with different Access Points depending on hardware compatibility 9 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 Web Management Interface Configuration This chapter will guide the user through the AP s detailed settings The following table shows all the User Interface Ul functions of 4ipnet s Enterprise Access Points The Web Management Interface WMI is the page where the status is displayed contr2. Y O ae g System Wireless Firewall utilities Status T Serre Password y Backup amp Restore N System Upgrade Reboot Upload Certificate Channel Analysis Background Scan LE 1 Home gt Utilities gt Channel Analysis Channel Analysis Analyzer Configuration Disable Enable RF Card Name RF Card A RF Card B RF Band 2 4 GHz e Please be reminded that when Channel Analysis is in progress the RF card loses its capability to serve clients and kicks off current users Note e The browser used to implement Channel Analysis must have Java Runtime Environment installed or it would not display correctly e The system allows only 1 operator to use this function at one time e Channel Analysis only runs on 5GHz Band for selected AP Models only 105 Copyright 4IPNET INC 4ipnet 7 4 7 Background Scan User s Manual Enterprise Access Point ENGLISH The Access Point is capable of doing background scanning without affecting service This works in complement with Channel Analysis so administrators have a complete overview of the wireless environment gt System Wireless a Backup amp Restore Change Password Home gt Utilities gt Background Scan SSID OWL410 1 OWL400 1 OWL410 1 OWL400 1 4ipnetAP B1 OWL410 1 OWL400 1 OWL410 1 JamesIWF2220 B1 4ipnetAP B1 CAP320 B1 GONZO Al SEB B1 OWL410 1 System Upgrade Background Scan RF Ca
3. Enable VLAN ID 1 4094 CAPWAP Tunnel Interface F Lug tunneled LAN ports Service Zones to VLAN ID Mappings are 1004 25 1005 826 1006 827 1007 S28 1008 Ue ppd rotor oa gt Switch Mode Select Port Based to set VLAN IDs on physical LAN ports Select Tag Based for uplink traffic to recognize unlimited VLAN tags gt VLAN ID Enable selected implies that network traffic sent upstream from this LAN port will be tagged with the VLAN ID configured in the field below Disable selected implies that traffic from this LAN port will not be tagged with a VLAN ID gt CAPWAP Tunnel Interface Select a LAN VAP or WDS interface to designate its traffic to pass through the CAPWAP Tunnel established between the AP and the controller For network interfaces that are unchecked their traffic will be forwarded locally into the internet if this AP is deployed remotely on the WAN side of a controller gt The TIP in red at the bottom of the page explains that each service zone from default to service Zone 8 has its fixed pre determined VLAN ID number when utilizing CAPWAP Admin needs to enter one of the numbers in order to direct traffic back to a certain Service Zone Applicable to EAP220 only When Port Based is selected and VLAN IDs are set on physical ports the uplink traffic recognizes ONLY the VLANs set all other VLAN tags will be dropped such as traffic from an Access Point linked via WDS 64 Copyright 4IPNE
4. 300 10 600 seconds Roaming Check RSSI Threshold 115 15 85 Disable Enable All 2 4 GHz 5 GHz DFS 1 M2 M3 Ma Ms Ws M7 Mg Mo Mio 111 i36 Mao Mas Mas Msz Mise M o Mead Mioo 104 1108 W112 iig Mis W136 Mido i490 Miss 2157 2161 165 e RTS Threshold To control station access to the medium and to alleviate this effect of the hidden terminal problem the administrator can tune this RTS threshold value A lower RTS Threshold setting can be useful in areas where many client devices are associating with the Access Point or in areas where the clients are far apart and can detect only Access Point and not each other e Roaming When the Access Point is mobile and is operating in CPE mode Enable the Roaming feature to determine Background Scanning Period The AP scans in the background for a signal with a gt higher RSSI at each configured time interval in seconds Roaming Check RSSI Threshold When the signal falls below the configured RSSI threshold the AP begins scanning for higher RSSI signals to associate to e Choose Scan and Connect Channels This allows the administrator to manually select and filter undesired channels DFS channels are highlighted in red 127 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 2 3 Security Settings The system supports various authentication and data encryption methods when wireless settings are manually configured The
5. Display Range 1 min m 6 15k 5 46k 478k 5 y 41k 5 a 6 ja oo VA HA 2 73k 2 Y ae NY N AN Af VA Z 0 17 25 45 17 25 50 17 25 55 17 26 Traffic In bytes s Packets In packets s Traffic Out bytes s Packets Out packets s 144 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 5 3 Event Log Event log provides the records of the system activities All the system events are shown here Y A gt Z System Wireless Firewall Utilities Status System Overview Interfaces Y Event Log Monitor DHCP Lease Y UPnP Home gt Status gt Event Log Event Log Jan 1 00 00 01 syslogd started BusyBox v1 12 4 Jan 1 00 00 01 logd localhost crond 1835 crond busybox 1 12 4 started log level 8 Jan 1 00 02 01 logd localhost crond 1835 USER root pid 2241 cmd etc rc d rc systime sync ntp As the Event Log is stored in RAM it will be refreshed after the system is restarted The system gt gt Note also supports a Syslog reporting function of reporting the events to an external Syslog server e Date Time The date and time of the record when the event happened e Hostname Indicate which Host records this event Note that all events in this page are local events and this field of all events is the same However in remote syslog service this field will help the network administrator identify which event is from this
6. EAP750 EAP757 EAP760 EAP767 The 4ipnet s Enterprise Access Point EAP Series are embedded with 802 11 a b g n ac MIMO technology designed for seamless wireless connectivity in enterprise or industrial environments of all dimensions EAP220 EAP320 EAP727 EAP750 EAP757 EAP760 EAP767 feature dual radio RF cards to offer flexible implementations needed for the growing wireless networking applications The EAP Series make wireless communication fast secure and easy They support business grade security namely 802 1X and Wi Fi Protected Access WPA and WPA2 By pushing a purposely built button the 4ipWES Press n Connect feature makes it easy to bridge wireless links of multiple access points for forming a wider wireless network coverage The EAP Series also features multiple ESSIDs with VLAN tags and multiple Virtual APs great for enterprise applications such as separating traffic from different departments using different ESSIDs The PoE LAN port is able to receive power from Power over Ethernet PoE sourcing devices EAP210 EAP220 and EAP320 s metal housing is IP50 anti dust compliant which means that these Access Points are well suited to WLAN deployment in industrial environments EAP727 EAP747 EAP750 EAP757 EAP760 EAP767 are packed in wall ceiling mountable plastic enclosures and are built perfectly to blend in with your d cor Outdoor OWL530 OWL610 OWL620 OWL630 The 4ipnet OWL530 OWL610
7. Multicast Broadcast Rate 5 5M 5M Management Frame Rate 5 5M v 5 5M F Receiving RSSI Threshold 0 100 O Disable VAP Advanced Settings Page 7 2 2 General AP s general wireless settings can be configured here 72 Copyright 4IPNET INC 4ipnet system Wireless VAP Overview General VAP Config Security Repeater Advanced V Access Control y Hotspot 2 0 1 j Home gt Wireless gt General Settings Band Short Preamble Short Guard Interval Channel Width Channel Max Transmit Rate Transmit Power ACK Timeout Beacon Interval Airtime Fairness Packet Delay Threshold Idle Timeout Band Steering Interference Detection User s Manual Enterprise Access Point ENGLISH A B Utilities Status Firewall 1 T General Settings RF Card Name RF Card A 802 119 802 11n l El Pure 11n Disable Enable Disable Enable 20 MHz 6 x Auto Level 1 ml Ir 0 0 255 O Auto Unit 4 micro seconds 100 100 500ms Disable Fair Access Preferred Access 1000 millisecond s 100 5000ms 0 Disable 300 second s Larger than 15 Disable Enable Aggressive Adjacent Channel Utilization Threshold 0 0 99 O Disable Latency 10 second s Co Channel Utilization Threshold 0 0 99 O Disable Invalid Packet Rate 90 0 991 Latency 10 second s WME C
8. System VEERE Firewall Utilities Status General Advanced Security Site Survey Home gt Wireless gt General General Settings ESSID 4ipnetaP A1 Transmit Power Level 1 ACK Timeout p 0 255 D Auto Unit 4 micro seconds e ESSID The ESSID Service Set ID of the client device that the system is to be associated with e Transmit Power The signal strength transmitted from the system Select the Transmit Power Level from the drop down list box Level 7 is the actual highest power Level 2 is the highest power minus 1dBm so on and so forth e ACK Timeout When packet loss is increasing over longer distance ACK Timeout can be used to alleviate this issue 126 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 2 2 Advanced Wireless Settings The administrator can set the RTS threshold on this page In most circumstance the default settings can meet general requirements If occasionally wireless network needs to be tuned the following parameters will assist with that purpose g gt System General Advanced Home gt Wireless gt Choose Scan and Connect Channels Wireless Security Site Survey Advanced Wireless Settings A gt B Firewall Utilities Status Advanced Wireless Settings RTS Threshold Roaming Channel Selector 2 4GHz list SGHZ list 2346 1 2346 Disable Enable Background Scanning Period
9. e Max Transmit Rate The maximum wireless transmit rate can be selected from the drop down menu The system will use the highest possible rate when Auto is selected Please note that MCSO MCS23 are transmit rates only for n bands e Transmit Power The signal strength transmitted from the system can be selected by Levels Each Level signifies a decrement of 1dBm from the highest power Level 1 is the actual highest power Level 2 is the highest power minus 1dBm so on and so forth e ACK Timeout It indicates a period of time when the system waits for an Acknowledgement frame sent back from a station without retransmission In other words upon timeout if the Acknowledgement frame is still not received the frames will be retransmitted This option can be used to tune network performance for extended coverage For regular indoor deployments please keep the default setting e Beacon Interval ms The entered amount of time indicates how often the beacon signal will be sent from the access point e Airtime Fairness Networks often are backward compatible supporting 802 11b and or 802 119 devices But when these devices occupy airtime throughput for 802 11n devices is affected When enabled this feature ensures all devices with different band compatibilities have the same air time This feature is ideal for networks with devices supporting different bands When set to Preferred Access N band clients are prioritized This feature is ideal fo
10. 7 1 6 IPv6 The 4ipnet Access Point supports IPv6 and IPv4 dual stack addressing capability IPV6 by default is disabled but it can be enabled on this tab page General Network Interface Port Management CAPWAP IPv6 Home gt System gt IPv6 Configuration IPv6 Configuration Status Disable Enable Mode Static DHCP Mode There are two options for acquiring an IPv6 address for this device gt Static Configuring IPv6 address manually via this option if you have already acquired a permanent IPV6 address for operation gt DHCP Acquire IPv6 address automatically from upstream server 69 Copyright 4IPNET INC 4ipnet 7 2 Wireless User s Manual Enterprise Access Point ENGLISH This section includes the following functions VAP Overview General VAP Configuration Security Repeater Advanced Access Control and Hotspot 2 0 The 4ipnet Access Point supports up to sixteen Virtual Access Points VAPs per RF card Each VAP can have its own settings e g ESSID VLAN ID security settings etc With such VAP capabilities different levels of service can be configured to meet network requirements 7 2 1 VAP Overview An overall status is collected on this page including ESSID State Security Type MAC ACL and Advanced Settings where the AP features 16 VAPs per radio with respective settings In this table please click on the hyperlink to further configure each individual VAP
11. Edit SNMPv3 User List Trap Disable Enable Server IP SNMP Configuration Fields gt Enable Disable Enable or Disable this function gt Community String The community string is required when accessing the Management Information Base MIB of the system o Read Enter the community string to access the MIB with Read privilege o Write Enter the community string to access the MIB with Write privilege gt SNMPv3 User List The system allows 5 SNMP Users with Read or Read amp Write Access Determine the Name and Authentication Password on the SNMP Account List SNMP Account List SNMP User List O few O fem ms Jresom il mose fr on ms gt Trap When enabled events on Cold Start Interface UP amp Down and Association amp Disassociation can be reported to an assigned server o Enable Disable Enable or Disable this function o Server IP Address Enter the IP address of the assigned server that will receive the trap report 66 Copyright 4IPNET INC APR ters ara Enterprise Access Point ENGLISH e System Log When this function is enabled specify an external SYSLOG server to accept SYSLOG messages from the system remotely ae Disable Enable Server Port SYSLOG Level System Log Fields Enable Disable Enable or Disable this function SYSLOG Server IP The IP address of the Syslog server that will receive the reported events Server Port The port number of
12. Location Channel 9 Site EN A Signal Strength 94 Device Time 2013 12 02 07 48 20 Security WPA PSK System Up Time 0 days 5 32 07 CPU RAM Usage 1 92 30 70 Operating Mode CPE Q LAN Interface CEE O WAN Interface a MAC Address 00 1F D4 02 C9 F3 Mode DHCP IP Address 192 168 21 1 MAC Address 00 1F D4 02 C9 F4 Subnet Mask 255 255 255 0 IP Address 10 1 121 10 DHCP Server Enabled Subnet Mask 255 255 0 0 Gateway 10 1 3 40 Bandwidth Down Unlimited UP Unlimited 140 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH The description of the table is shown below ITEM DESCRIPTION System Name The name provided in System Information Firmware Version The present firmware version of the system System Build Number The Build Number of the firmware Location The location provided in System Information Site The firmware version for specific region Device Time The current time on the device System Up Time The system elapsing time since last reboot CPU RAM Usage The system s resource usage CPU Utilization and RAM usage Operating Mode Either CPE or AP MAC Address The MAC address of LAN Interface IP Address The IP address of the LAN Interface LAN Interface Subnet Mask The Subnet Mask of the LAN Interface DHCP Server DHCP server status Status The RF status SSID The SSID of the associated AP MAC Address The
13. VAP No e e 12 13 14 15 16 ESSID 4ipnetAP Al dipnetAP A2 4ipnetAP A3 4ipnetAP A4 4ipnetAP A5 4ipnetAP A 4ipnetAP A 4ipnetAP A 4ipnetAP Ag dipnetAP A10 4dipnetAP A11 dipnetAP A1 dipnetAP A13 ipnetAP A14 dipnetAP A15 dipnetAP Al1 State Enabled Disabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled VAP Overview RF Card A Security Type Open Open WPA Personal Open Open Open Open Open Open Open Open Open Open Open Open Open VAP Overview Page MAC ACL Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Advanced Settings Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit State The hyperlink showing Enable or Disable links to the VAP Configuration page 70 Copyright 4IPNET INC User s Manual Enterprise Access Point ENGLISH N r amp Firewall Utilities Status O e de Home gt Wireless gt VAP Configuration VAP Configuration Profile Name RF Card A VAP 1 v VAP Disable Enable Profile Name VAP 1 ESSID 4ipnetAP A1 VLAN ID Disable Enable VLAN ID 1 4094 CAPWAP Tunnel Interface a VAP State Page e Security Type The hyperlink showing
14. admin The Web Management Interface will appear as shown below 35 Copyright 4IPNET INC User s Manual Enterprise Access Point ENGLISH Y A MA Firewall Utilities Status Home gt Status gt System Overview P System System Name felix EAP220 Firmware Version 1 10 00 Build Number 1 20 1 6887 Location Site EN A Device Time 2013 11 26 09 38 54 System Up Time 6 days 20 46 08 CPU RAM Usage 3 92 45 70 9 LAN Interface MAC Address 00 1F D4 94 19 3B IP Address 10 1 121 21 Subnet Mask 255 255 0 0 Gateway 10 1 3 40 Oo CAP WAP Status Disabled System Overview i Radio Status RF Card MAC Address Band Channel ones RF Card A O0 1F D4 94 19 3C 802 11g n g 27 dBm RF Card B 00 1F D4 94 19 3D 802 11a n 36 23 dBm gt AP Status RF Card Name RF Card A Profile as Security Online kn BSSID ESSID Type Clien ts UN VAP 1 00 1F D4 94 19 3C 4dipnetAP Al Open 0 3 VAP 3 02 1F D4 94 19 3C felix220 a3 WPA P 1 3 WW IPv6 Status Disabled Web Management Interface Main Page System Overview From here click on the System icon to get to the following page On this Page you can make entries to the Name Description and Location fields as well as set the device s time 36 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH General Network Interface Port Management CAP WAP IPv6 N Home gt System gt General S
15. o We Mioo M 104 108 M112 M116 M132 M136 M 140 M149 M153 M157 M 161 1165 Scan Result Scan SSID MAC Address Channel Rate Signal Security Setup Connect Cip AP 0A 11 43 08 09 56 6 54 38 None Connect Cip Cherry 06 11 A3 08 09 56 6 54 37 WPA PSK Cip wep 00 11 43 08 09 56 6 54 37 WEP Pre shared Cipher TKIP M Pre shared Key Type PSK Hex 64 chars Passphrase 6 63 chars Connect AP Scan Result example e SSID The SSID Service Set ID of the AP found in the system s coverage area e MAC Address The MAC address of the respective AP e Channel The channel number currently used by the respective AP 130 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH e Rate The transmitting rate of the respective AP e Signal The signal strength of the respective AP e Security The encryption type used by the respective AP e Setup Connect gt Connect Click Connect to associate with the respective AP directly no further configuration is required Cip AP 0A 11 43 08 09 56 6 54 38 None gt Setup Click Setup to configure security settings for associating with the respective AP or repeater o WEP Click Setup to configure the WEP setting for associating with the target AP Cip wep D6 1F D4 39 10 74 The following configuration box will then appear at the bottom of the screen For more information on the WEP security settings please r
16. of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference e DTIM Period Input the DTIM Interval that is generated within the periodic beacon at a specified frequency Higher DTIM will allow the wireless client to save more energy but the throughput will be lowered e Consecutive Dropped Packets This is the maximum number of transmission retries the AP will attempt when packet transmission is dropped before deciding the client is out of transmission reach When transmission retries fails for the set number of times the Access Point kicks the client to optimize performance for other connected clients e Broadcast SSID Disabling this function will stop the system from broadcasting its SSID If broadcast of the SSID is disabled only devices that have the correct SSID can connect to the system 86 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH e Wireless Station Isolation By enabling this function all stations associated with the system are isolated and can only communicate with the system e APP IAPP Inter Access Point Protocol is a protocol by which access points share information about the stations connected to them When this function is enabled the system will automatically broadcast information of associated wireless stations to its peer access points This will help wireless stati
17. there is a user account capable of accessing the web management interface with configuration limitations The user account will not be able to reboot AP or change wireless settings This account is typically issued by IT staff for employees to monitor AP statuses 135 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 4 2 Backup amp Restore This function is used to backup or restore the current settings The system can be restored to the default setting by clicking on Reset The setting of the device can be backup to a file It can be used to duplicate setting to the other OWL530 devices system Wireless Firewall Utilities Status System Upgrade Reboot Upload Certificate Change Password i Backup amp Restore Home gt Utilities gt Config Save amp Restore Configuration Backup amp Restore Reset to Default Backup System Settings Restore System Settings e Reset to Default gt Click Reset to load the factory default settings of OWL530 A pop up will appear to re confirm the request to restart the system Click OK to proceed or click Cancel to cancel the restart request Microsoft Internet Explorer J This action will reboot system Do you want continue Cancel gt warning message as displayed below will appear during the reboot period The system power must be turned on before the completion of the reboot process gt The System O
18. Dy MAMMA OTIC EEE seats pesswarsseteeateaecentsnoetyes 124 NS see ene eee mec E 126 DL UNN PP Te ET 126 ENN 127 NNN 128 SEN sear RP O tx etatuaeaoutsioae vedamuces EE S 130 ee GE RT EEE sete tess ceded wes ore ENE edocs ew seem ve ienanereie 133 8 3 1 PPs 133 Ea DANN 134 S VG 135 8 4 1 CAES PASS OF EEE 135 S42 ps ROSCOE earriero inre E E EN EE EERST ane soso 136 ro NUTA EE EE E 137 R 138 S45 VNR 139 S A EEEE Renee eae ee neva ner E Rte 140 8 5 1 S AS GO CE VC We EE peetyecteensnvarseourss 140 CCS EE EN 142 8 5 3 OR EE EE 145 8 5 4 Mo 146 3 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 5 5 MP 147 8 5 6 CPS 148 9 Console Interface Configuration 149 Copyright AIPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 1 Before You Start 1 1 Preface This manual is intended for using by system integrators field engineers and network administrators to help them set up Access Points in their network environments lt contains step by step procedures and pictures to guide users with basic network system knowledge to complete the installation Corresponding Software Versions for each Model 1 2 Document Conventions ES Represents essential steps actions or messages that should not be ignored Note Contains related information that corresponds to a topic _ Indicates that clicking this button will save the changes you made but you must reboot th
19. Enterprise Access Point ENGLISH Remote Syslog By enabling this function specify a remote Syslog server to accept system log messages from the system remotely Enable Disable Select Enable to activate this function or Disable to inactivate it Server IP The IP address of the Syslog server for receiving the reported events Server Port The port number of the Syslog server Syslog Level Select the desired level of received events from the drop down list box Management IP List In the page of Management IP Address List the administrator can grant the access of the web management interface by specifying a list specific IP addresses or ranges of IP addresses no matter the access is from WAN or LAN UPnP Configuration This option can be enabled if UPnP service is required by LAN device Enable Disable Select Enable to activate this function or Disable to inactivate it 125 Copyright 4IPNET INC RPNE nn Enterprise Access Point ENGLISH 8 2 Wireless This section is for configuring wireless settings for this system to associate with its uplink access point 8 2 1 General Settings This section is for manual configuration of the system RF settings Manually enter the uplink ESSID to associate with on this page Security can be set on the Security tab to be discussed in section 8 2 3 For automatic configuration use the Site Survey tab discussed in section 8 2 4 to search for the desired SSID A B
20. INC 4ipnet User s Manual Enterprise Access Point ENGLISH 1 Enable NTP By selecting Enabled NTP the AP can synchronize its system time with the NTP server automatically When this method is chosen at least one NTP server s IP address or domain name must be provided Time Device Time 2000 01 03 04 32 49 Time Zone GMT 08 00 Taipei Time Enable NTP Manually set up NTP Time Configuration Fields Generally networks should have a common NTP server internal or external If there isn t locate a nearby NTP server on the web 2 Manually set up By selecting Manually set up the administrator can manually set the system date and time Time Device Time 2000 01 03 04 32 49 Time Zone GMT 08 00 Taipei Time O Enable NTP Manually set up Manual Time Configuration Fields Set Date Select the appropriate Year Month and Day from the drop down menu Set Time Select the appropriate Hour Min and Sec from the drop down menu Unless Internet connection or NTP becomes unavailable it is recommended to use NTP server for time synchronization because system time needs to be reconfigured upon reboot l Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 1 2 Network Interface On this page the network settings of the device can be configured fields with a red asterisk i e IP Address Netmask Default Gateway and Primary DNS Server
21. MAC address of the associated AP Radio Status Channel The operating channel Signal Strength The signal strength reading of the wireless connection Security The security type used for wireless connection Mode The method to obtain IP for the WAN interface MAC Address The MAC address of the WAN RF Interface IP Address The IP address of the WAN interface WAN Status Subnet Mask The Subnet Mask of the WAN interface Gateway The gateway IP address Bandwidth The bandwidth setting of the WAN interface The system supports graph displays of CPU RAM usage and Signal Strength RSSI on the status page The Time Axis is configurable with the following options 1 minute 2 minutes 5 minutes or 10 minutes Left click on the mouse to zoom in on desired regions Double click to return the plot to its original scale 14 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH CPU Memory Usage MI CPU Usage MI Memory Usage Display Range 1 min vi 60 50 40 o gt or a 30 w D 20 10 0 17 08 30 17 08 35 17 08 40 17 08 45 17 08 50 CPU Usage CPU Usage Current 23 53 Memory Usage Maximum 58 82 Mem Usage Current 44 55 Maximum 44 9 8 5 2 Interfaces Traffic information is available per interface Recorded data includes Packets In Packets Out Traffic In kb and Traffic Out kb The Time Axis
22. OWL620 OWL630 Outdoor Access Point is embedded with dual OWL620 and OWL630 single OWL610 and OWL530 radio RF cards 802 11 a b g n ac MIMO in weatherproof housing designed for building municipal or campus wide wireless networks in harsh outdoor environments The OWL Series rust free die cast Aluminum housing is IP68 compliant and high wind load resilient All the components are designed to operate in a wide range of temperature The OWL Series Outdoor Access Point makes wireless communication fast secure and easy It supports business grade security namely 802 1X and Wi Fi Protected Access WPA and WPA2 Combined with a variety of directional antennas chosen by professionals one OWL620 OWL630 with dual radios is easy to serve clients located in different directions as well as to cover longer range With all modules supporting a b g n bands more channels are available for better channel planning For example to reduce radio interferences network planners may select channels in 5 GHz for backhaul or bridges while allocating non overlapping channels in 2 4 GHz for serving clients A e Please note that screenshots are taken from APs which feature dual RF cards Single RF Card APs can be configured in the same manner from the User Interface Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 2 2 Hardware Description This section depicts the hardware information including all panel descrip
23. RF Card Band The RF band in use Radio Status ae The channel specified En TxPower Transmit Power level of RF card ete Name The profile name of AP So Basic Service Set ID Extended Service Set ID Security Type Security type of the Virtual AP Online Clients The number of online clients The status of the used Tunnel Mn CAPWAP Status Enabled Disabled 108 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH The system is able to plot a dynamic graph for CPU RAM usage with the time Axis CPU Memory Usage MICPU Usage W Memory Usage Display Range 1 min oa Start 40 e a D 3 30 n D 20 17 08 30 17 08 35 17 08 40 17 08 45 17 08 50 CPU Usage CPU Usage Current 23 53 Memory Usage Maximum 58 82 Mem Usage Current 44 55 Maximum 44 9 The Time Axis is configurable with the following options 1 minute 2 minutes 5 minutes or 10 minutes Left click on the mouse to zoom in on desired regions Double click to return the plot to its original scale 7 5 2 Interfaces Traffic information is available per interface Recorded data includes Packets In Packets Out Traffic In kb and Traffic Out kb 109 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 4 gt System Wireless Firewall Utilities Status Interfaces V Associated Clients Event L
24. Re enter New Password Name user New Password up to 32 characters Re enter New Password Change Password Page gt Click on the Utilities icon on the main menu and select the Change Password tab gt Enter the old password and then a new password with a length of up to 32 characters and retype it in the Re enter New Password field Congratulation Now the 4ipnet Access Point is installed and configured successfully lt is strongly recommended to make a backup copy of your configuration settings After the AP s network configuration is completed please remember to change the IP Address of your PC Connection Properties back to its original settings in order to ensure that your PC functions properly in its real network environments 34 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 3 Connect your AP to your Network The following instructions depict how to establish the wireless coverage of your network The AP will connect to the network through its LAN port and provide wireless access to your network After having prepared the AP s hardware for configuration set the TCP IP settings of administrator s computer to have a static IP Address of 192 168 1 10 and Subnet Mask of 255 255 255 0 Step 1 Configuring the AP s System Information gt Enter the AP s default IP Address 192 168 1 1 into the URL of a web browser gt Log in using Username admin and Password
25. are mandatory General Y Network Interface V Port Management I CAPWAP Y IPv Home gt System gt Network Interface Network Settings Mode Static DHCP Renew IP Address 192 168 1 1 Netmask 255 255 255 0 Default Gateway 192 168 1 254 Primary DNS Server 192 168 1 254 Alternate DNS Server Ethernet IGMP Snooping Disable 9 Enable Layer2 STP Disable B Network Settings Page Mode Determine the way to obtain the IP address by DHCP or Static gt Static The administrator can manually set up the static LAN IP address All required fields are marked with a red asterisk O O O O O IP Address The IP address of the LAN port Netmask The Subnet mask of the LAN port Default Gateway The Gateway IP address of the LAN port Primary DNS Server The IP address of the primary DNS Domain Name System server Alternate DNS Server The IP address of the substitute DNS server gt DHCP This configuration type is applicable when the system is connected to a network with the presence of a DHCP server all related IP information required will be provided by the DHCP server automatically Ethernet IGMP Snooping When Enabled the switch forwards traffic IGMP packets are transferred via the Access Point s network interface and the IP multicast host Registration information is recorded and sorted into multicast groups The internal switch forwards traffic only to those ports that
26. is available to show the uplink status Copyright 4IPNET INC RPNE ers ar Enterprise Access Point ENGLISH Back View 7 EAP760 Back View un uplink connection This port can be used to connect to a controller gateway or directly to the Internet 802 3at PoE is also supported LAN1Port The ports for connections with LAN side devices USB interface reserved for future use For IT administrators to easily setup WDS links with RF Card A and RF Card B respectively Restart Reset Press once to restart the system to reset the system to factory default settings hold for more than 5 seconds Console Port To access EAP760 via the console interface Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH EAP767 i LM D h 4 i k h L 2 fs E 3 A f EAP767 s Front Panel EAP767 s Rear Panel LED Indicators An LED indicator is available to show the uplink status a 12V 77 2 5A Attach power adaptor here Offers uplink connection This port can be used to connect to a controller gateway or directly to the Internet 802 3at PoE is also supported Uplink PoE Port 20 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH OWL530 Lennun ra aee Scere mr mn Ventilation Valve Due to extreme weather conditions water vapor in the OWL530 may condense The
27. is configurable with the following options 1 minute 2 minutes 5 minutes or 10 minutes Left click on the mouse to zoom in on desired regions Double click to return the plot to its original scale 142 Copyright 4IPNET INC User s Manual Access Point ENGLISH 4ipnet gt ME ee a as Interfaces Home gt Status gt Interface Interface Traffic Interface List Interface Traffic Out KB Packets Out Traffic In KB Packets In WAN 6827 17515 7127 47853 LAN 17 39 46 293 WAN Status Total RSSI M Ant1 RSSI M Ant2 RSSI M Receiving Rate Y Receiving Speed Y Transmission Rate M Transmission Speed Voice Hint for Display Range 150 409 15 140 399 32 130 Ef 309 48 o O Q lt a n 120 259 64 a 110 209 81 3 av D 100 159 97 5 n h 110 14 8 n P TM A AVA A ALL ss g a RSSI Receiving Rate Transmission Rate FAVV VIT UN VM oa vr 59 17 59 10 17 59 20 17 59 30 2013 11 18 17 59 06 Total RSSI 87 Total RSSI Current 87 Ant1 RSSI 87 Maximum 87 Ant2 RSSI 76 Ant1 RSSI Current 87 Receiving Rate Mbps 131 Maximum 87 Receiving Speed bytes s 0 Ant2 RSSI Current Li Transmission Rate Mbps 130 Maximum Transmission Speed bytes s 40 143 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH LAN Traffic Traffic In Packets In Traffic Out Packets Out
28. on the Overview tab and proceed to the next step Step 3 Configuring MAC ACL Access Control List Clicking on the hyperlink corresponding with intended VAP in the MAC ACL column will bring the user to the Access Control Settings page VAP Overview General VAP Config Security Repeater Advanced Access Control V Hotspot 2 0 Home gt Wireless gt Access Control Settings Access Control Settings Profile Name RF Card A VAP 1 Maximum Number of Clients 32 Range 1 256 per RF card Access Control Type Disable Access Control Access Control Settings Page Please choose among Disable Allow Deny and RADIUS ACL from the drop down menu of Access Control Type 1 Disable Access Control This means that there is no restriction for client devices to access the system 2 MAC ACL Allow List This means that only the client devices identified by their MAC addresses listed in the Allow List allowed MAC addresses are granted with access to the system The administrator can temporarily block any allowed MAC address by checking Disable until the administrator renews the listed MAG 5 Copyright 4IPNET INC o 41pnet User s Manual Enterprise Access Point ENGLISH Access Control Settings Profile Name RF Card A VAP 1 Maximum Number of Clients 132 Range 1 256 per system Access Control Type MAC ACL Allow List No MAC Address State 1 Disable Enable 2 Dis
29. one end of the Ethernet cable to the Uplink port of EAP210 EAP220 EAP320 EAP760 and the other end of the cable to a switch a router or a hub EAP210 EAP220 EAP320 EAP760 is then connected to your existing wired LAN network Step 3 There are two ways to supply power to EAP210 EAP220 EAP320 EAP760 a Connect the DC power adaptor to the EAP210 EAP220 EAP320 EAP760 power jack socket b The EAP210 EAP220 EAP320 EAP760 Uplink port is capable of receiving DC currents Connect a IEEE 802 3at compliant for EAP220 EAP760 and 802 3af at compliant for EAP210 EAP320 PSE device e g a PoE switch to the Uplink port of EAP210 EAP220 EAP320 EAP760 with the Ethernet cable Please follow the steps mentioned below to install the hardware of EAP727 Step 1 Place the EAP727 at the best location The best location is usually at the center of your intended wireless network Wall Ceiling Mounting Place the mounting bracket on a wall or ceiling qt t am LMI il a N i Mark the points where you will insert the screws Drill holes in the marked points and insert the plastic anchors 26 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Use the supplied screws to attach the mounting bracket to the wall ceiling Attach the Access Point to the mounting bracket After Steps 2 and 3 Step 2 Connect the EAP727 to your network device Connect one end of the Eth
30. pop up Page will appear to re confirm the request to reboot the system Click OK to proceed or click Cancel to cancel the reboot request Message from webpage p This action will reboot the system Do you want to continue x eer Reboot Confirmation Prompt gt Awarning message as displayed below will appear during the reboot period The system power must be kept on before the completion of the reboot process gt The System Overview page will appear upon reboot completion Additionally there are two ways to reset the system to factory default settings from the console interface 1 COM Port connection Should the administrator forget the AP s IP address with the right baud rate and a termination simulation program such as PuTTy or Hyper Terminal a login prompt should be seen as such 101 Copyright AIPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH COMA PuTTY Seles login reset lt def Password Do you really want to reset to factory default and reboot yes no yes Login as reset2def and enter reset2def as your password Type yes to reset the AP to factory default 2 Console connection via SSH the IP address of the AP can be retrieved with an IP Discovery Utility provided by 4ipnet Simply connect via an Ethernet cable and run the Discovery Utility Note that the laptop PC connecting to the AP must run in Windows XP compatible mode and a s
31. security type includes None WEP and WPA PSK General Advanced Y Security Site Survey Home gt Wireless gt Security Security Settings Security Type Open e Open No authentication is required e WEP WEP Wired Equivalent Privacy supports key length of 64 128 152 bits General Advanced Security Site Survey Home gt Wireless gt Security Security Settings Security Type 802 11 Authentication Open System Shared Key Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ASCII Hex WEP Key Index WEP Keys 111111 5 3 IE 4 802 11 Authentication Select from Open System Shared Key or Auto WEP Key Length Select from 64 bit 128 bit or 152 bit key length WEP Key Format Select from ASCII or Hex format for the WEP key WEP Key Index Select a key index from 1 through 4 The WEP key index is a number that VV v WV specifies which WEP key to use for the encryption of wireless frames during data transmission gt WEP Keys Provide WEP key value the system supports up to 4 sets of WEP keys 28 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH e WPA Personal WPA Personal supports pre shared key authentication and WPA2 data encryption General Advanced Security Site Survey Home gt Wireless gt Security Security Settings Security Type WPA Personal Cipher
32. system For more information please refer to Section 8 1 4 Management Services e Process name with square brackets Indicate which process with the specific event is associated e Description Description of the event 145 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 5 4 Monitor For a quick overview on the AP s performance the Monitor feature displays an RRD graph recording CPU utilization memory usage associated station numbers TX rate distribution airtime utilization and short retries System Overview Interfaces Event Log Monitor DHCP Lease UPnP Home gt Status gt Monitor Monitor Category CPU and Memory 7 CPU and Memo Transmission Rate Distribution Lx Hour 14 Minute 00 short Retry Hour 14 Minute 00 From To lv CPU Usage Free Memory l Cached Memory System Information EE EE NE EE EP 25 Percentage OE EE ETAT ha odd LU ALLA LIG TT 5 16 00 18 00 20 00 22 00 18Nov 02 00 04 00 06 00 08 00 10 00 12 00 14 00 2013 11 18 01 25 CPU Usage 15 46 Free Memory 36 Cached Memory 16 31 The begin and end time for the RRD graph can be selected for filtering data Left click on the mouse to zoom in on desired regions Double click to return the plot to its original scale 146 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 5 5 DHCP Leases The
33. table provides information about the leased LAN IP address with binding MAC address and expiration time k b gt a Z System Wireless Firewall Utilities Status System Overview Interfaces Event Log Monito DHCP Lease UPnP Home gt Status gt DHCP Leases DHCP Leases DHCP Leases No IP MAC Address Expires in e No The item number of the LAN IP leased e IP The IP address assigned by DHCP server to a specific LAN device e MAC Address The MAC address of the LAN device e Expires in The expiration time of the leased IP address 147 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 5 6 UPnP Status The table provides information about the UPnP overview such as Protocol Internal Port External Port and IP Address Se Y A amp System Wireless Firewall Utilities EWE System Overview Interfaces Event Log Monitor DHCP Lease UPnP Home gt Status gt UPnP Status UPnP Status IGD Portmap No Protocol Internal Port External Port IP Address e IGD Portmap gt No The item number of an UPnP device Protocol The Protocol used by the UPnP device Internal Port The internal port number of the UPnP device External Port The mapped external port number of the system IP Address The IP address of the UPnP device Y v V WV 148 Copyright 4IPNET INC 4ipnet Q User s Manual Enterprise Access Point ENGLISH Console Interface C
34. 0 1 6887 RFCardB 00 1F 04 94 19 30D 802 11a n 36 23 dBm Location Site EN A Device Time 2013 11 25 18 04 13 System Up Time 6 days 5 11 27 CPU RAM Usage 7 69 45 42 LAN Interface gt AP Status MAC Address 00 1F D4 94 19 3B RF Card Name RF Card A vr IP Address 10 1 121 21 Subnet Mask 255 255 0 0 Profile Security Online Hame BSSID ESSID Type Clients Un Gateway 10 1 3 40 a r3 i VAP 1 00 1F D4 94 19 37 4ipnetAP Al Open g 3 VAP 3 02 1F D4 94 19 3C felix220 a3 WPA P 1 3 Status Disabled Fa IPv6 Status Disabled The Web Management Interface System Overview Page To logout simply click on the Logout button at the upper right hand corner of the interface to return to the Administrator Login Page Click OK to logout Message from webpage Eg Ne Are you sure to logoff Cancel Logout Prompt For security reasons it is strongly recommended to change the administrator s password upon the completion of all configuration settings 33 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Please follow the following steps to change the administrator s password N 2 System Wireless Firewall Utilities Status Change Password Backup amp Restore System Upgrade Reboot Upload Certificate Channel Analysis Background Scan Home gt Utilities gt Change Password Change Password Name admin New Password up to 32 characters
35. 13 59 20 13 59 30 13 59 40 2013 11 18 13 59 16 RSSI 51 RSSI Current 49 Uplink Rate Mbps 90 Maximum 55 Uplink Speed bytes s 1M Downlink Rate Mbps 21 Downlink Speed bytes s 26 72k The Time Axis is configurable with the following options 1 minute 2 minutes 5 minutes or 10 minutes Left click on the mouse to zoom in on desired regions Double click to return the plot to its original scale e Disconnect Upon clicking Kick the client will be disconnected from the system 7 5 4 WDS Link Status The administrator can review detailed information of the repeater function at Status gt WDS Link Status Information of WDS status traffic statistics encryption and other details are provided 112 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 2 System Wireless Firewall Utilities Status Associated Clients Y WDS Link Status Event Log I Monitor Home gt Status gt Repeater Status Repeater Status WDS Link List RF Card A Item Status MAC Address RSSI TX Rate TX Count TX Error Encryption Tunnel erian 1 Disabled N A N A N A N A N A 3 2 Disabled N A N A N A N A N A 3 Disabled N A N A N A N A N A 4 Disabled N A N A N A N A N A 5 Disabled N A N A N A N A N A 3 6 Disabled N A N A N A N A N A 7 Disabled N A N A N A N A N A 3 8 Disabled N A N A N A N A N A 3 RF Card B Item Status MAC Address RSSI TX Rate TX Count TX Error Encry
36. 161 165 Please note that available values above will vary depending on the regulation of different countries 76 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 2 3 VAP Configuration This section provides configuration of each Virtual Access Point with settings such as Profile Name ESSID and VLAN ID Se A gt B System Nireless Firewall Utilities Status VAP Overview General VAP Config Security Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt VAP Configuratior VAP Configuration Profile Name RF Card A VAP 1 VAP Disable Enable Profile Name VAP 1 ESSID 4ipnetAP A1 VLAN ID Disable Enable VLAN ID 1 4094 CAPWAP Tunnel Interface VAP Configuration Page To enable specific VAP select the VAP from the drop down list of Profile Name The basic settings of each VAP are collected in the profile as follows e VAP Enable or Disable this VAP e Profile Name The profile name of a specific RF card and its VAP for identity management purposes e ESSID ESSID Extended Service Set ID serves as an identifier for clients to associate with the specific VAP It can be coupled with different service levels like a variety of wireless security types e VLAN ID The 4ipnet Access Point supports tagged VLANs virtual LANs To enable VLAN function each VAP shall be given a unique VLAN ID with valid values rang
37. 4ipnet our IP network Enterprise Access Point Indoor EAP Series Outdoor OWL Series 4ipnet User s Manual Enterprise Access Point ENGLISH Copyright amp Disclaimer Copyright The contents of this publication may not be reproduced in any part or as a whole stored transcribed in an information retrieval system translated into any language or transmitted in any form or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written permission of 4IPNET INC Disclaimer AIPNET INC does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights not the parent rights of others 4IPNET further reserves the right to make changes in any products described herein without notice The publication is subject to change without notice Trademarks AIPNET 4ipnet is a registered trademark of 4IPNET INC Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective OWNETS Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Table of Contents p BNI 5 EIDO C EEE ENER 5 DONN eden 5 BT 6 2 System Overview and Getting Started rnnrrnnnnrennnnrrnnnnsrnnnnernvnnernrnnennrnnennrnsennrnsennrnsennnnsennenssnneneen 9 2 1 Introduction of 4ipnet Access Points s
38. 67 includes e 4ipnet EAP767 e Quick Installation Guide QIG e Power Adaptor 12V Optional e Wall Mount Kit e Ceiling Mount Kit x1 x1 x1 x1 X1 X1 X1 x1 x1 x4 x1 x1 x1 x1 x3 x1 x1 x1 x1 x1 User s Manual Enterprise Access Point ENGLISH Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH The standard package of OWL530 includes e 4ipnet OWL530 x1 e Quick Installation Guide QIG x1 e Power Sourcing Equipment Optional x1 e Ground Wire x1 e Mounting Kit x1 The standard package of OWL620 OWL610 includes e 4ipnet OWL620 OWL610 x1 e Quick Installation Guide QIG x1 e Power Sourcing Equipment Optional x1 e Mounting Kit x1 e Waterproof RJ45 Connector Pack x2 The standard package of OWL630 includes e 4ipnet OWL630 x1 e Quick Installation Guide QIG x1 e Power Sourcing Equipment Optional x1 e Mounting Kit x1 e Ground Wire x1 e Waterproof RJ45 Connector Pack x2 e Waterproof M12 Connector Pack x1 It is recommended to keep the original packing materials for possible future shipment when repair or maintenance is required Any returned product should be packed in its original packaging to prevent damage during delivery Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 2 System Overview and Getting Started 2 1 Introduction of 4ipnet Access Points Indoor EAP210 EAP220 EAP320 EAP727 EAP747
39. 8 bit 152 bit 47 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH gt WEP Key Format Select from ASCII or Hex format for the WEP key gt WEP Key Index Select a key index from 1 through 4 The WEP key index is a number that specifies which WEP key is used for the encryption of wireless frames during data transmission gt WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys e 802 1X When 802 1X Authentication is selected RADIUS authentication and enhanced dynamic WEP are provided VAP cecal General VAP Config Security Repeater Advanced Access Control Y Hotspot 2 0 Home gt Wireless gt Security Settings Security Settings Profile Name RF Card A VAP 1 Security Type 802 1X T 802 11r roaming Dynamic WEP Disable Enable WEP Key Length 64 bits 128 bits Rekeying Period 300 second s Primary RADIUS Server Host Domain Name IP Address Authentication Port 1812 Secret Key Accounting Service Disable Enable Accounting Port 1813 i Accounting Interim Update Interval 160 second s Secondary RADIUS Server Domain Name IP Adiess Authentication Port Secret Key Accounting Service Disable Enable Accounting Port Accounting Interim Update Interval second s Security Settings 802 1X Authentication gt Dynamic WEP Settings o Dynamic WEP For 802 1X secu
40. Channel es Firmware Version 1 10 00 RF Card A O0 1F D4 94 19 3C 802 11g n 9 27 dBm Build Number 1 20 1 6887 RF CardB 00 1F D4 94 19 3D 802 11a n 36 23 dBm Location Site EN A Device Time 2013 11 29 17 01 59 System Up Time 1 days 2 46 29 CPU RAM Usage 100 00 45 10 O LAN Interface ab AP Status MAC Address 00 1F D4 94 19 3B RF Card Name RF Card A IP Address 10 1 121 21 Subnet Mask 255 255 0 0 Profile a Security Online Name En Type Clients Un Gateway 10 1 3 40 3 VAP 3 QO 1F D4 94 19 30 felix22 0 a3 WPA P 0 3 Status Disabled Status Disabled CAPWAP ee E IPv6 System Overview Page 107 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Table 3 Status Page s Organizational Layout Description System Name The system name of the Access Point The current firmware version of the Access Firmware Version Point The current firmware build number of the Build Number Access Point System The location of the Access Point Site The site of the Access Point The system time of the Access Point The time that the system has been in System Up Time operation CPU RAM Usage Displays the current CPU RAM utilization MAC Address The MAG address of the LAN Interface LAN Interface IP Address The IP address of the LAN Interface SubnetMask The Subnet Mask of the LAN Interface Gateway The Gateway of the LAN Interface DE Address The MAC address of the
41. Disable Hotspot 2 0 e Internet Access Enable if this network provides access to the internet e Access Network Type gt Private Home and Enterprise Networks Private and Guest Access Enterprises offering guest connectivity Chargeable Public Network Available to all but requires a fee Free Public Network Available to all without fees Personal Device Network For peripherals in an ad hoc mode Y Y v ON WV Emergency Services gt Test Experimental Wild Card e Venue Information The Group Type of the venue is selected here This identifies the general class of the venue and the specific type of venue within each Group e Venue Name List The Name of the Venue for the network which may be useful to end users for network selection for eg 4ipnet e Network Authentication Type The additional steps to acquire access for an unsecure network gt Acceptance of terms and conditions gt Online enrollment supported may require user accounting gt HTTP HTTPS redirection the URL to which the browser is redirected is indicated gt DNS redirection Note that the Hotspot 2 0 specification forbids network operators from supporting protocols that are not interoperable with DNSSEC DNS redirection for captive portals violates this requirement e Roaming Consortium Organizational Identifier A roaming consortium is a group of service providers SP with which a user s credentials can be used for authentication Roaming consortiums are iden
42. F Cards A and B e For EAP760 EAP767 the RF Card A supports only 2 4GHz bands b g n and RF Card B supports only 5GHz bands a n ac Note 37 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Step 4 Configuring Wireless Coverage VAP 1 To set up the AP s wireless access refer to the following VAP 1 configuration other VAP configuration can refer to the same setup steps as done for VAP 1 Click on the Overview tab to proceed VAP Overview RF Card A VAP No ESSID State Security Type MAC ACL Advanced Settings 1 4ipnetAP Al Enabled Open Disabled Edit 2 4ipnetAP A Disabled Open Disabled Edit 3 4ipnetAP A3 Enabled WPA Personal Disabled Edit 4 4ipnetAP A4 Disabled Open Disabled Edit 5 4ipnetAP A5 Disabled Open Disabled Edit 6 dipnetAP A5 Disabled Open Disabled Edit 7 4ipnetAP A Disabled Open Disabled Edit a 4ipnetAP A8 Disabled Open Disabled Edit 9 4ipnetAP Ag Disabled Open Disabled Edit 10 dipnetAP A10 Disabled Open Disabled Edit 11 4ipnetAP All Disabled Open Disabled Edit 12 dipnetAP A1 Disabled Open Disabled Edit 13 dipnetAP A13 Disabled Open Disabled Edit 14 ipnetAP A14 Disabled Open Disabled Edit 15 dipnetAP A15 Disabled Open Disabled Edit 16 dipnetAP A16 Disabled Open Disabled Edit Virtual AP Overview Page On this page click the hyperlink in the row and column that corresponds with VAP 1 s State This will bring up the following page 40 Copyright 4IPNET I
43. GLISH gt A B System Wireless Firewall Utilities Status Change Password Ni Backup amp Restore System Upgra de Reboot Upload Certificate Channel Analysis Background Scan Home gt Utilities gt Reboot Reboot the System Reboot may take several minutes to complete The Admin Login Page will be shown after system boots up Reboot Page 7 4 5 Upload Certificate This function is used to configure a valid certificate for security validation required in CAPWAP Home gt Utilities U Upload Certificate Upload Private Key File Name Upload Certificate File Name Browse Upload Trusted Certificate File Name Browse Use Default Certificate gt Upload Certificate It provides flexibility to support customer s own Certificate Private Key or Trusted Certificate for a means of security verification for CAPWAP or other security needs to ensure the authenticity of this AP to other network entities gt Use Default Certificate Click Use Default Certificate to use the default certificate and key 104 Copyright 4IPNET INC RPNE nn Enterprise Access Point ENGLISH 7 4 6 Channel Analysis The Channel Analysis is an excellent tool for IT staff to quickly grasp an idea of what the channel dynamics are Included for channel analysis is a spectrogram density graph and other charts to detect interference from Bluetooth devices Microwave devices Cordless phones and etc gt
44. INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 1 System Upon clicking the System icon users can utilize this section for general configurations of the devices e g Time Setup Network Configurations and System Logs This section includes the following functions General Network Interface Port Management CAPWAP and IPv6 7 1 1 General General Network Interface Port Management CAPWAP IPv6 Home gt System gt Genera System Information Name OWL620 r Description Location Time Device Time 2012 05 08 17 11 45 Time Zone GMT 08 00 Taipei M Time Enable NTP Manually set up Set Date ly Year on Month Day Set Time v Hour I gt min v Sec System Information Page e System Information For maintenance purposes it is highly recommended to have the following information stated as clearly as possible gt Name The system name used to identify this system gt Description Further information about the system e g device model firmware version and active date gt Location The information on geographical location of the system for the administrator to locate the system easily Time gt Device Time Display the current time of the system gt Time Zone Select an appropriate time zone from the drop down list box gt Time Synchronize the system time by reachable NTP servers or manual setup 60 Copyright 4IPNET
45. Interface Network Settings Mode Static DHCP Renew IP Address 197 168 1 1 S Netmask 255 255 255 0 Default Gateway 1197 168 1 254 ke Primary DNS Server 197 168 1 254 Alternate DNS Server Ethernet IGMP Snooping Disable Enable Layer STP Disable Network Settings Page If the deployment decides that the AP will be getting dynamic IP Addresses from the connected network set Mode to DHCP otherwise set Mode to Static and fill in the required fields marked with a red asterisk IP Address Netmask Gateway and Primary DNS Server with the appropriate values for the network Click SAVE when you are finished to save changes that have been made Step 3 Configure the AP s Wireless General Settings Click on the Wireless icon followed by the General tab On this page we need to choose the Band and Channel that we wish to use 38 Copyright 4IPNET INC RPNE ers mana Enterprise Access Point ENGLISH VAP Overview General VAP Config Security Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt General Settings General Settings RF Card Name RF Card A Band 802 11a 802 11n v pure 11n Short Guard Interval Disable Enable Chann
46. Min Contention Window Minimum CW Max Contention Window Maximum AIFS Arbitration Inter Frame Spacing TXOP Limit Transmission Opportunity Limit e Transmission Rate Threshold The client will be kicked when transmission rate is lower than the configured threshold This ensures high connection speed for all associated clients Features such as Short Preamble Fragment Threshold ACK Timeout and Interference NOE Detection may be limited on RF Card B for selected AP models ge Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Table 2 RF Configurations under normal circumstances in certain countries 36 40 44 48 52 56 60 6M 9M 12M 18M 24M See 64 100 104 108 112 116 132 136 140 149 36M 48M 54M 153 157 161 165 802 11b 1 2 3 4 5 6 7 8 9 10 1M 2M 5 5M 11M 11 12 13 Auto Pee 1 2 3 45 6 7 8 9 10 6M 9M 12M 18M 24M 11 12 13 36M 48M 54M 0348678910 1M 2M 5 5M 6M 9M 802 11b 802 11g TT 44M 12M 18M 24M 36M 11 12 13 48M 54M 36 40 44 48 52 56 60 64 100 104 108 112 6M 9M 12M 18M 24M 116 132 136 140 149 36M 48M 54M MCS0 23 153 157 161 165 802 11a 802 11n 1M 2M 5 5M 11M 12M 802 11n 802 119 1 2 3 4 5 6 7 8 9 10 evel 1 Level 25 11 12 13 D model dependent MCS0 23 36 40 44 48 52 56 60 64 100 104 108 112 116 132 136 140 149 802 11ac 153 157
47. NC 4ipnet User s Manual Enterprise Access Point ENGLISH 2 2 System Wireless Firewall Utilities Status y VAP Overview General VAP Config Security Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt VAP Configuration VAP Configuration Profile Name RF Card A VAP 1 VAP Disable Enable Profile Name VAP 1 ESSID 4ipnetAP A1 VLAN ID Disable Enable VLAN ID 1 4094 CAPWAP Tunnel Interface VAP Configuration Page RF Card A VAP 1 shown The desired VAP profile can be selected from the drop down menu of Profile Name and VAP 1 configuration will serve as an example for all other VAPs Before proceeding further please make sure that the VAP field is marked Enable afterwards enter an ESSID to represent the WLAN associated with AP s VAP 1 It is suggested that Profile Name is used to describe what this particular VAP will be used for otherwise leave it as default VLAN ID can be chosen at another time Click SAVE to save all changes up to this point and Reboot the system to apply these revised settings Congratulations After reboot the AP can start to operate with these revised settings 41 Copyright AIPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 4 Adding Virtual Access Points The AP possesses the feature of multi ESSID namely it can behave as multiple virtual access points providing d
48. PA Personal is a pre shared key authentication method o 802 11r Roaming Roaming is possible for clients within the same Mobility Domain on different APs with the same Encryption Key Security Settings Profile Name RF Card A VAP 1 Security Type WPA Personal M 802 11r roaming Cipher Suite WPA2 T Roaming Target AP List Configure Pre shared Key Type PSK Hex 64 chars Passphrase 8 63 chars Pre shared Key Group Key Update Period 86400 second s Security Settings WPA Personal gt Cipher Suite Select an encryption method from WPA2 or WPA2 WPA gt Roaming Target AP List when 802 11r is enabled 802 11r Roaming Settings Profile Name RF Card A VAP 1 Mobility Domain VAP MAC Address 00 1F D4 AC 5E 9C Encryption Key Transition Over the DS Disable Enable No Target VAP MAC Address Encryption Key 8 Copyright 4IPNET INC 4ipnet on the key type selected seconds Group Key Update Period User s Manual Enterprise Access Point ENGLISH Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase Pre shared Key Enter the key value for the pre shared key the format of the key value depends The time interval for the Group Key to be renewed the time unit is in e WPA Enterprise If this option is selected the RADIUS authentication and data encryption will both be enabled Profile Name Security Type Cipher Suite Roaming Targ
49. Suite WPA2 Pre shared Key Type PSK Hex 64 chars Passphrase 8 63 chars Pre shared Key Group Key Update Period 600 second s gt Cipher Suite The standard encryption method for WPA Personal is WPA2 Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase V gt Pre shared Key Enter the key value for the pre shared key the format of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed Enter the time length required the time unit is in second 129 Copyright AIPNET INC 4ipnet 8 2 4 Site Survey User s Manual Enterprise Access Point ENGLISH The system is able to scan and display all Surrounding available access points APs The administrator can then select an AP to be associated with the system on this page Site Survey is a useful tool to provide information on the surrounding wireless environment available APs are shown with their respective SSID MAC Address Channel Rate setting Signal reading and Security type The administrator can click Setup or Connect to configure the wireless connection according to the mentioned readings General Advanced Security 4 Site Survey Home gt Wireless gt Site Survey Channel Selector 2 4GHz list 5GHr list Scan Setting All 02 4 GHz B 5 GHz Goes Hi M2 M3 M4 M5 Me M7 Me Wg Wio 11 436 Mao M44 Mags M52 M56 M
50. T INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 1 4 Management The management services e g VLAN for Management SNMP and System log can be configured here General Network Interface port Management GAPWAP IPv6 Home gt System gt Management Services Management Services VLAN for Management Disable Enable VLAN ID 1 4094 SNMP Configuration Disable Enable Community String Read Write Edit SNMPv3 User List Trap Disable Enable Server IP Disable Enable SYSLOG Server IP 192 168 1 254 Server Port 514 SYSLOG Level Debug Management IP List Edit Management IP List Management Services Page e VLAN for Management When this is enabled management traffic from the system will be tagged with a VLAN ID In other words administrator who wants to access the WMI must send management traffic with the same VLAN ID such as connecting to a specific VAP with the same VLAN ID Enter a value between 1 and 4094 for the VLAN ID if the option is enabled gt Note Management is done without the utilization of VLAN IDs on selected AP models 65 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH e SNMP Configuration By enabling the SNMP function the administrator can obtain the system information remotely SNMP Configuration Disable Enable Community String Read Write
51. VAP 1 Maximum Number of Clients 37 Range 1 256 per system Access Control Type MAC ACL Allow List A No MAC Address State 1 Disable Enable 2 Disable Enable 3 Disable Enable MAC Allow List An empty Allow List means that there is no allowed MAC address Make sure at least the Note MAC of the management system is included e g network administrator s computer 89 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH gt MAC ACL Deny List When selecting MAC ACL Deny List all client devices are granted access to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAC address to connect to the system temporarily by checking Disable Access Control Settings Profile Name RF Card A VAP 1 Maximum Number of Clients 132 Range 1 256 per system Access Control Type MAC ACL Deny List No MAC Address State 1 Disable Enable 2 Disable Enable 3 Disable Enable Deny List Copyright 4IPNET INC 4ipnet gt User s Manual Enterprise Access Point ENGLISH RADIUS ACL Authenticate incoming MAG addresses by an external RADIUS When RADIUS ACL is selected all incoming MAC addresses will be authenticated by an external RADIUS Please note that each VAP s MAC ACL and its security type shown on the Security Settings page share the same RADIUS conf
52. able Enable 3 Disable Enable Disable Enable 5 Disable Enable 6 Disable Enable 7 Disable Enable z Disable Enable g Disable Enable 10 Disable Enable First Prev Next Last total 100 MAC ACL Allow List An empty Allow List means that there are no allowed MAC addresses Make sure at least the MAC of the modifying system is included e g network administrators computer 3 MAC ACL Deny List This means that all client devices are granted with access to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAC address to connect to the system temporarily by checking Enable 52 Copyright 4IPNET INC o 41pnet User s Manual Enterprise Access Point ENGLISH Access Control Settings Profile Name RF Card A VAP 1 Maximum Number of Clients 32 Range 1 256 per system Access Control Type MAC ACL Deny List No MAC Address State 1 Disable Enable 2 Disable Enable 3 Disable Enable 4 Disable Enable 5 Disable Enable 6 Disable Enable 7 Disable Enable B Disable Enable 9 Disable Enable 10 Disable Enable First Prev Next Last total 100 MAC ACL Deny List RADIUS ACL Authenticate incoming MAC addresses by an external RADIUS server When RADIUS ACL is selected all incoming MAC addresses will be authenticated by an external RADIUS
53. abled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled VAP Overview RF Card A Security Type Open Open WPA Personal Open Open Open Open Open Open Open Open Open Open Open Open Open VAP Overview Page MAC ACL Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Advanced Settings Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit On the VAP Overview page check the table to confirm the VAP State If it is Enabled skip to Step 2 If not click on to proceed with VAP Configuration for that particular VAP 44 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH g gt N CR System TAXE Firewall Utilities Status VAP Overview General VAP Config Security Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt VAP Configuration VAP Configuration Profile Name RF Card A VAP 1 VAP Disable Enable Profile Name VAP 1 ESSID 4ipnetAP A1 VLAN ID Disable Enable VLAN ID 1 4094 CAPWAP Tunnel Interface VAP Configuration Page RF Card A VAP 1 as shown for example Select Enable for the VAP field and click SAVE Click the Overview tab to return to the previous table to begin the next step Step 2 Conf
54. abled for convenience during antenna adjustment 7 5 5 Event Log The Event Log provides a record of system activities The administrator can monitor the system status by checking this log Overview Interfaces Associated Clients WDS Link Status Event Log Monitor b Home gt Status gt Event Log Nov 29 13 18 16 logd localhost hostapd athOap STA 00 18 de c9 18 e1 IEEE 802 11 Event Log deauthenticated due to local deauth request Nov 29 13 18 16 logd localhost hostapd athOap STA 00 18 de c9 18 e1 IEEE 802 11 disassociated Event Log Page nm Each line in the log represents an event record in each line there are 4 fields 114 Copyright 4IPNET INC 4ipnet e Date Time The time amp date when the event happened User s Manual Enterprise Access Point ENGLISH e Hostname Indicates which host recorded this event Note that all events on this page are local events so the hostname in this field is always the same In remote SYSLOG service however this field will help the administrator identify which event is from this Access Point e Process name Indicate the event generated by the running instance e Description Description of the event To save the file locally click SAVE LOG to clear all of the records click CLEAR 7 5 6 Monitor For a quick overview on the AP s performance the Monitor feature displays an RRD graph recording CPU utilization memory usa
55. available interfaces of the system Trust Interface Each VAP interface can be checked individually to mark as trusted interfaces security enforcements on DHCP ARP like DHCP snooping and ARP inspection will be carried out on non trusted interfaces DHCP Snooping When enabled DHCP packets will be validated against possible threats like DHCP starvation attack in addition the trusted DHCP server IP MAC can be specified to prevent rouge DHCP server ARP Inspection When enabled ARP packets will be validated against ARP spoofing O Proxy ARP option when enabled AP will reply ARP requests on behalf of downlink stations The ARP table maintained by the AP will be used as a look up table upon receipt of ARP request from AP uplink Adversely without Proxy ARP ARP request is broadcasted down into the AP s wireless network causing network inefficiencies Force DHCP option when enabled the AP only learns MAC IP pair information through DHCP packets Since devices configured with static IP address does not send DHCP traffic any clients with static IP address will be blocked from internet access unless its MAC IP pair is listed and enabled on the Static Trust List Trust List Broadcast can be enabled to let other APs with L2 firewall feature learn the trusted MAC IP pairs to issue ARP requests Static Trust List can be used to add MAC or MAC IP pairs of devices that are trusted to issue ARP request Other network nodes can
56. ck Apply Please restart the system after upgrading the firmware gt y System Wireless Firewall amp Status i Itilities Change Password Backup amp Restore System Upgrade Reboot Upload Certificate Channel Analysis Background Scan Home gt Utilities gt system U System Upgrade Current Version 1 10 00 Current Build Number 1 20 1 6887 File Name Browse No file selected Upload Upgrade by TFTP IP Address Port File Name Apply System Upgrade Page e Itis recommended to check the firmware version number before proceeding further Please make sure you have the correct firmware file Firmware upgrade may sometimes result in the loss of data Please ensure that all necessary settings are written down before upgrading the firmware e During firmware upgrade please do not turn off the power This may permanently damage the system Note o 7 4 4 Reboot This function allows the administrator to restart the AP safely The process takes approximately three minutes Click Reboot to restart the system Please wait for the blinking timer to complete its countdown before accessing the system s Web Management Interface again The System Overview page will appear after a successful reboot Occasionally it is necessary to reboot the AP to ensure that parameter changes are submitted 103 Copyright 4IPNET INC RPNE ters ar Enterprise Access Point EN
57. curity Type WEP T 802 11r roaming Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 802 11 Authentication Open System Shared Key Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ASCII Hex WEP Key Index 1 T WEP Keys Security Settings WEP 79 Copyright 4IPNET INC 4ipnet VV v WV User s Manual Enterprise Access Point ENGLISH 802 11 Authentication Select from Open System Shared Key or Auto WEP Key Length Select a key length from 64 bit 128 bit or 152 bit WEP Key Format Select a WEP key format from ASCII or Hex WEP Key Index Select a key index from 1 4 The WEP key index is a number that specifies which WEP key will be used for the encryption of wireless frames during data transmission WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys 802 1X When 802 1X Authentication is selected RADIUS authentication and Dynamic WEP are provided gt O Security Type Dynamic WEP Primary RADIUS Server Secondary RADIUS Server Security Settings Profile Name RF Card A VAP 1 7 802 1X T 802 11ir roaming Disable Enable WEP Key Length 64 bits 128 bits Rekeying Period 300 second s Host i Domain Name IP Address Authentication Port 1812 ia Secret Key Accounting Service Disable Enable Accounting Port 1813 x Accounting I
58. dicate the type of encapsulated traffic VLAN ID when EtherType is 802 1 Q The VLAN ID is provided to associate with certain VLAN tagging traffic Priority when EtherType is 802 1 Q It denotes the priority level with associated VLAN traffic Encapsulated Type when EtherType is 802 1 Q It can be used to indicate the type of encapsulated traffic Opcode when EtherType is ARP RARP This list can be used to specify the ARP Opcode in ARP header Source MAC Address Mask indicates the source MAC IP Address Mask indicates the source IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields Destination MAC Address Mask indicates the destination MAC IP Address Mask indicates the destination IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields 95 Copyright 4IPNET INC RPPNEE nn Enterprise Access Point ENGLISH gt Action The rule can be chosen to be Block or Pass gt Remark Any note of this rule can be specified here When the configuration for firewall rule is completed please click SAVE and Reboot system to let the firewall rule take effect gt gt To insert a specific rule In in the Setting column of the firewall list will lead to the following page for detail configuration with rule ID for the current inserted rule From this page a rule can be added or edited from an existing rule for revision gt gt To move a specific rule Mv in t
59. e 5 Window C Raw Telnet Rlogin C Serial Appearance i Load save or delete a stored session Behaviour Translation Saved Sessions Selection ix Colours Default Settings Connection i a Data Save Close window on exit Always Never Only on clean ext y er 150 Copyright 4IPNET INC RPPN nn Enterprise Access Point ENGLISH To reset the system to factory default through the console interface Login as reset2def and enter reset2def as your password COMA PulT TY Seles SYSTEM IP 192 168 10 1 255 255 0 0 Enter reset2def twice to reset to the factory default login resetedet Password Do you really want to reset to factory default and reboot yes no yes If the console connection is not readily available the IP address of the AP can be retrieved with an IP Discovery Utility provided by 4ipnet Simply connect via an Ethernet cable and run the Discovery Utility Note that the laptop PC connecting to the AP must run in Windows XP compatible mode and a static IP must be set P N V11020141207 151 Copyright AIPNET INC
60. e Event Log FUNCTION Security Settings a me DHCP Lease Upload Certificate Table of CPE Mode Functions 116 Copyright AIPNET INC 4ipnet User s Manual 7 Enterprise Access Point ENGLISH es gs A amp stem ME reall UUes ER Home gt Status gt System Overview System Overview P System ___________ amp Radio Status System Name Enterprise Access Point OWLS Status Connected Firmware Version 1 10 00 SSID felx220 33 Build Number 1 13 1 6891 MAC Address 00 1F D4 94 19 3C Location Channel 9 Site EN A Signal Strength 94 Device Time 2013 12 02 07 48 20 Security WPA PSK System Up Time 0 days 5 32 07 CPU RAM Usage 1 92 30 70 Operating Mode CPE OQ LAN Interface O WAN Interface MAC Address 00 1F D4 02 C9 F3 Mode DHCP IP Address 192 168 21 1 MAC Address 00 1F D4 02 C9 F4 Subnet Mask 255 255 255 0 IP Address 10 1 121 10 DHCP Server Enabled Subnet Mask 255 255 0 0 Gateway 10 1 3 40 Bandwidth Down Unlimited UP Unlimited CPE Mode Main Page 117 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 1 System This section provides information in configuring the following functions System Information Operating Mode Network and Management A system restart is required when a reminding message appears after clicking the SAVE gt gt Note button all settings entered and saved wil
61. e current time of the system gt Time Zone Select an appropriate time zone from the drop down list box gt Synchronization Synchronize the system time either by NTP server or manual setup 1 Enabled NTP By selecting Enabled NTP the Access Point synchronizes its system time with the NTP server automatically While this method is chosen at least one NTP server s IP address or domain name must be provided If FQDN Full Qualified Domain Name is used as the IP address of NTP server the DNS server must also be activated please refer to 8 1 3 Network Settings Time Device Time 1999 12 31 16 05 36 Time Zone GMT 08 00 Pacific Time US amp Canada Tijuana Time Enable NTP Manually set up NTP Server 1 tock stdtime gov tw NTP Server2 0 2 Manually set up By selecting Manually set up the administrator can manually set the system date and time Time Device Time 1999 12 31 16 02 29 Time Zone GMT 08 00 Pacific Time US amp Canada Tijuana s Time O Enable NTP Manually set up Set Date Mvear Month M Day Set Time Hour Min Wlsec Set Date Select the appropriate Year Month and Day from the drop down list box Set Time Select the appropriate Hour Min and Sec from the drop down list box 119 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 1 2 Operating Mode OWL530 EAP210 supports two operation modes CPE
62. e system for the changes to take effect sms Indicates that clicking this button will clear what you have set before the settings are applied Copyright AIPNET INC 4ipnet 1 3 Package Content The standard package of EAP210 includes e 4ipnet EAP210 e Quick Installation Guide QIG e Console Cable e Power Adaptor 12V e Detachable Antenna The standard package of EAP220 includes e 4ipnet EAP220 e Quick Installation Guide QIG e Console Cable e Ethernet Cable e Power Adaptor 12V e Detachable Antenna The standard package of EAP320 includes e 4ipnet EAP320 e Quick Installation Guide QIG e Console Cable e Ethernet Cable e Power Adaptor 12V e Detachable Antenna X1 X1 X1 X1 X2 X1 X1 X1 X1 X1 x4 X1 X1 X1 X1 X1 X4 User s Manual Enterprise Access Point ENGLISH Copyright 4IPNET INC 4ipnet The standard package of EAP727 includes e 4ipnet EAP727 e Quick Installation Guide QIG e Mounting Kit e Power Adaptor 12V Optional The standard package of EAP747 EAP750 EAP757 includes e 4ipnet EAP747 EAP750 EAP757 e Quick Installation Guide QIG e Ethernet Cable e Power Adaptor 12V Optional e Mounting Kit e Detachable Antenna EAP750 The standard package of EAP 760 includes e 4ipnet EAP760 e Quick Installation Guide QIG e Power Adaptor 12V Optional e Mounting Kit e Detachable Antenna The standard package of EAP 7
63. e system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period 83 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 2 5 Repeater 4ipnet Access Points are capable of utilizing WDS or Universal Repeater EAP210 and OWL530 only to extend wireless network coverage lf WDS is enabled the AP can support up to 8 WDS links to its peer APs per radio Security Type None WEP or WPA PSK can be configured to decide which encryption is to be used for WDS connections respectively Please fill in remote peer s MAC address and click SAVE to proceed if setting revision is necessary the CLEAR button can be used to clear the contents in the above WDS connection list System ita Eee Firewall Utilities status VAP Overview General VAP Config Security Y Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt Repeater Settings Repeater Settings Repeater Type WDS WES WDS Profile RF Card A WDS Link 1 WES Disable WDS Link Address 0A 1F D4 23 14 B0 Please use it as the peer s Remote AP MAC Addre
64. ector Ant1 for RF Card A A 2 Secondary antenna connector Ant2 for RF Card A B 1 Primary antenna connector Ant1 for RF Card B B 2 Secondary antenna connector Ant2 for RF Card B Copyright 4IPNET INC PPNEE nn Enterprise Access Point ENGLISH Rear Panel EAP320 Back Panel 1 12vI2A Power Jack Socket 2 Restart Reset Press once to restart the system to reset the system to factory default settings hold for more than 5 seconds 3 WES Button A B WDS Easy Setup Press the button to build up a WDS link with another peer 4 WDS links can be set up per RF card 4 LED Indicators 6 indicators that displays the states of 6 various functions or progresses The numbers are explained on the leftmost side of the rear panel 5 Uplink Port PoE The port for uplink connection to another gateway or device PoE is supported 6 LAN Ports 1 2 The ports for connections with LAN side devices 7 Console Port To access EAP320 via the console interface Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH EAP727 EAP727 s Front Panel EAP727 s Rear Panel 12V 1 0 A Attach power adaptor here LE LED Indicators An LED indicator is available to show the uplink status Uplink PoE Port Offers uplink connection This port can be used to connect to a controller gateway or directly to the Internet 802 3af PoE is also supported R
65. efer to Section 8 2 3 Security Settings WEP Key Type Open Shared Auto WEP Key Length amp 64 bits 128 bits 152 bits WEP Key Format ASCII Hex WEP Key Index WEP Keys o WPA PSK Click Setup to configure the WPA PSK setting for associating with the target AP Cip Cherry 06 11 43 08 09 56 6 54 37 WPA PSK The following configuration box will then appear at the bottom of the screen For more information on the WPA PSK security settings please refer to Section 8 2 3 Security Settings 131 Copyright AIPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Pre shared Cipher TKIP v Pre shared Key Type psk Hex 64 chars Passphrase 8 63 chars 132 Copyright 4IPNET INC RPNE nn Enterprise Access Point ENGLISH 8 3 Firewall The system supports the following firewall functions IP Port forwarding and DMZ Demilitarized Zone The administrator can allow a certain part of the network to be exposed to the Internet in limited and controlled ways for special purposes such as game and voice applications 8 3 1 IP Port Forwarding A certain part of the network can be exposed to the Internet in a limited and controlled way for special purpose Internet services such as on line game or video conferencing on this page Please ensure that the internal port to be used is not occupied by other applications Q B System Wireless ETEN Ut
66. el Width 40 MHz 7 Channel Width Extension Below Channel 1161 v Max Transmit Rate Auto T Transmit Power Level 16 Distance 10 a meter s ACK Timeout 0 microsecond s Beacon Interval 1oo millisecond s 100 500 Airtime Fairness 1000 millisecond s 100 5000 0 Disable Disable Fair Access V Preferred Access Packet Delay Threshold Idle Timeout 300 second s 15 999 Band Steering Disable Enable Aggressive Interference Detection Adjacent Channel Utilization Threshold 0 ba 160 99 0 Disable Latency 10 second s 10 999 Co Channel Utilization Threshold 0 Bo 60 99 0 Disable Invalid Packet Rate 30 60 99 Latency ho second s 10 999 WME Configuration Configure Transmission Rate Threshold lo kbps O Disable Wireless General Settings Page On this page choose the RF card you would like to set up and select the band in which the AP is to broadcast its signal The rest of the fields are optional and can be configured at another time Click SAVE if any changes have been made e For EAP220 the RF Card A supports only 2 4GHz bands b g n and RF Card B supports only 5GHz bands a n e EAP320 EAP750 EAP757 OWL620 supports both 2 4GHz and 5GHz bands on both R
67. elp we 98 4ipnet Example of entering the AP s default IP Address into a web browser To access the web management interface WMI connect the administrator PC to the LAN port of the AP via an Ethernet cable Then set a static IP Address on the same subnet mask as the AP in TCP IP settings of your PC such as the following example IP Address 192 168 1 100 Subnet Mask 255 255 255 0 Please note that the IP Address used should not overlap with the IP Addresses of Note sd any other device within the same network to avoid IP conflict Launch the web browser on your PC and enter the IP Address of the AP 192 168 1 1 at the address field and then press Enter The following Administrator Login Page will appear Enter admin for both the Username and Password fields and then click Login Username admin Password eeeee ON Administrator Login Page After a successful login into AP a System Overview page of the Web Management Interface WMI will appear 32 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Home gt Status gt System Overview System Overview P System Radio Status System Name felix EAP220 RF Card MAC Address Band Channel oe Firmware Version 1 10 00 RF Card A 00 1F D4 94 19 3C 802 119 n g 27 dBm Build Number 1 2
68. ent Home gt System gt Management Services Management Services SNMP Configuration Disable ble Community String Read Write Edit SNMPv3 User List Trap Disable Enable Server IP System Log Disable Enable SYSLOG Server IP 192 168 1 254 Server Port 514 SYSLOG Level Error Management IP List Edit Management IP List UPnP Configuration Disable Enable e SNMP Configuration By enabling SNMP function the administrator can obtain the system information remotely gt Enable Disable Select Enable to activate this function or Disable to inactivate it gt Community String The community string is required when accessing the Management Information Base MIB of the system o Read Enter the community string for accessing the MIB with Read privilege o Write Enter the community string for accessing the MIB with Write privilege gt SNMPv3 User List The system allows 5 SNMP Users with Read or Read amp Write Access Determine the Name and Authentication Password on the SNMP Account List gt Trap When enabled events on Cold Start Interface UP amp Down and Association amp Disassociation can be reported to an assigned server o Enable Disable Select Enable to activate this function or Disable to inactivate it o Server IP Address Enter the IP address of the assigned server for receiving the trap report 124 Copyright 4IPNET INC 4ipnet Y Y V WV User s Manual
69. eo and Voice e CAPWAP Tunnel Interface Select Checkbox to designate traffic for the VAP to pass through CAPWAP Tunnel established between the AP and the controller 802 1P is supported when the Airtime Fairness function is Disabled Note Downlink 802 1P AC Mapping may be limited on RF Card B for selected models 78 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 2 4 Security The Access Point supports various wireless authentication and data encryption methods in each VAP profile With this the administrator can provide different service levels to clients The security type includes Open WEP 802 1X WPA Personal and WPA Enterprise e Open Authentication is not required and data is not encrypted during transmission when this option is selected This is the default setting as shown in the following figure Pa System Wireless Firewall Utilities Status VAP Overview J General VAP Config Security V Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt Security Settings Security Settings Profile Name RF Card A VAP 1 Security Type Open v 802 11r roaming pi WEP 802 1X WPA Personal WPA Enterprise Security Settings Open e WEP WEP Wired Equivalent Privacy is a data encryption mechanism based on a 64 bit 128 bit or 152 bit shared key algorithm Security Settings Profile Name RF Card A VAP 1 Y Se
70. ernet cable to the Uplink port of EAP727 and the other end of the cable to a switch a router or a hub EAP727 is then connected to your existing wired LAN network Step 3 There are two ways to supply power to EAP727 a Connect the DC power adaptor to the EAP727 power jack socket b The EAP727 Uplink port is capable of receiving DC currents Connect a IEEE 802 3af compliant PSE device e g a PoE switch to the Uplink port of EAP727 with the Ethernet cable 2 Copyright 4IPNET INC 41pnet User s Manual Enterprise Access Point ENGLISH Please follow the steps mentioned below to install the hardware of EAP747 EAP750 EAP757 Step 1 Place the EAP747 EAP750 EAP757 at the best location The best location is usually at the center of your intended wireless network If admin would like to mount the AP on the wall on a socket the figure below indicates how the mounting kit can be used on the back of the device Screw the metal panel to the wall and then turn the EAP747 EAP750 EAP757 clockwise to fasten to the panel For installation instructions on the Ceiling Mount Kit please refer to the included Installation Guide Step 2 Connect one end of the Ethernet cable to the Uplink port and the other end of the cable to a switch a router or a hub The EAP747 EAP750 EAP757 is now connected to your existing wired LAN network Step 3 There are two ways to supply power to EAP747 EAP750 EAP757 a Connect the DC p
71. estart Reset Press once to restart the system to reset the system to factory default settings hold for more than 5 seconds 16 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH EAP747 EAP750 EAP757 Rear Panel 1 12v 24A 2 Restart Reset Button 3 WES Button 4 LED Indicators 5 Uplink PoE Port LAN 1 2 Ports 7 Phone Jack EAP747 Reset Restart 39 4 e 0e Hi Li WES A Uplink LAN1 Phone PoE EAP747 EAP750 EAP757 Back Panel Attach the power adaptor here Press once to restart the system Press and hold for more than 5 seconds to reset to factory default WDS Easy Setup Press the button to build up a WDS link with another peer 4 LED lights Representation is listed at the bottom of the panel Top 2 reserved for RF Card B if applicable For Uplink connection This port can be used to connect to a controller gateway or directly to the internet PoE is supported Attach Ethernet cables here to connect to the wired local network A telephone can bypass to a connected phone line in the back of the AP when connected to the socket Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH EAP760 Front View la Ib Ic EAP760 Front View External Antenna External antennas via SMA connectors 1a 1b and 1c corresponds to Ant1 Ant2 and Ant3 of the system LED Indicator An LED indicator
72. et AP List Group Key Update Period Primary RADIUS Server Secondary RADIUS Server Security Settings RF Card A VAP 1 F WPA Enterprise M 802 11r roaming WPAZ T Configure 86400 second s Host Domain Name IP Address Authentication Port 1812 ij Secret Key Accounting Service Disable Enable Accounting Port 1813 Accounting Interim Update Interval 60 second s Host Domain Name IP Address Authentication Port Secret Key Accounting Service Disable Enable Accounting Port Accounting Interim Update Interval second s Security Settings WPA Enterprise gt WPA Settings o Cipher Suite Select an encryption method from WPA2 or WPA2 WPA o Roaming Target AP List when 802 11r is enabled 82 Copyright 4IPNET INC RPPNEE nn Enterprise Access Point ENGLISH 802 11r Roaming Settings Profile Name RF Card A VAP 1 Mobility Domain VAP MAC Address 00 1F D4 AC 5E 9C Encryption Key Transition Over the DS Disable Enable No Target VAP MAC Address Encryption Key o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings Primary Secondary o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for th
73. following page VAP Overview General VAP Config N Security N Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt General Settings General Settings RF Card Name RF Card A T Band Short Guard Interval 802 11a 802 11n T Pure 11n Disable Enable Channel Width 40 MHz 7 Channel Width Extension Below Channel 161 T Max Transmit Rate Auto T Transmit Power Level 16 Distance 0 meter s ACK Timeout 0 microsecond s Beacon Interval 100 millisecond s 100 500 Airtime Fairness Disable Fair Access Preferred Access Packet Delay Threshold 1000 millisecond s 100 5000 0 Disable Idle Timeout 300 second s 15 999 Band Steering Disable Enable Aggressive Interference Detection Adjacent Channel Utilization Threshold 0 Latency 10 second s 10 999 Co Channel Utilization Threshold 0 Invalid Packet Rate 90 60 99 Latency 10 second s 10 999 WME Configuration Configure Transmission Rate Threshold 0 kbps 0 Disable 99 60 99 0 Disable 60 99 0 Disable Copyright AIPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Wireless General Settings Page Please make sure both APs are using the same Band and Channel in order to establish a successful WDS link Click SAVE if any changes have been made Step 2 Prevent Loops when Con
74. ge associated station numbers TX rate distribution airtime utilization and short retries Overview Interfaces Associated Clients WDS Link Status Event Log Monitor Home gt Status gt Monitor Monitor Category Station Number From ITransmission Rate Distribution Minute 16 Y Airtime Utilization To Minute 16 vw Short Retr MICPU Usage MFree Memory M Cached Memory System Information 35 ae 30 vw gt 25 Cc D Y or a 20 rd aa A Ep TA Tgi 15 16 00 18 00 20 00 2013 11 18 01 25 22 00 18Nov 02 00 04 00 06 00 CPU Usage 15 46 Free Memory 36 Cached Memory 16 31 08 00 10 00 The begin and end time for the RRD graph can be selected for filtering data Left click on the mouse to zoom in on desired regions Double click to return the plot to its original scale 115 Copyright 4IPNET INC APM sera Enterprise Access Point ENGLISH 8 CPE Mode Configuration OWL530 EAP210 The OWL530 and EAP210 support CPE mode which acts as a gateway where it connects to the WAN wirelessly and provides Ethernet connection to users via wired LAN This chapter will guide you through setting up the CPE mode with graphical illustrations The following table shows all the functions of the Access Point in CPE mode ES IP Port Change System F H General Setting Forwarding Overview Advanced Operating Mode Wireless Settings Demilitarized Backup amp Zone Restor
75. he DMZ host without authentication IF Port Forwa ding DMZ Home gt Firewall gt Demilitarized Zone Demilitarized Zone State Disable 10 Enable Internal IP Address 192 168 10 0 e Enable Select Enable to activate this function or Disable to deactivate it e Internal IP Address Fill in the internal IP address to allow system forwarding traffic other than those specifically listed in IP Port Forwarding 134 Copyright 4IPNET INC RPNE nn Enterprise Access Point ENGLISH 8 4 Utilities The system provides Change Password Backup amp Restore System Upgrade Reboot and Upload Certificate functions for system maintenance 8 4 1 Change Password The administrator can update or change password a LAD ese System Wireless Firewall Jrilities Status g gt Change Password Backup amp Restore System Upgrade Reboot Upload Certificate Home gt Utilities gt Change Password Change Password Name admin New Password up to 32 characters Re enter New Password Name User New Password up to 32 characters Re enter New Password gt admin account Enter a new password and then re enter it in the Re enter New Password field Click SAVE to activate the new password gt user account Enter a new password and then re enter it in the Re enter New Password field Click SAVE to activate the new password In addition to the admin account
76. he Setting column of the firewall list will lead to the following page for reordering confirmation After the SAVE button is clicked and system is rebooted the order of rules will be updated Firewall List Service I Advanced Home gt Firewall gt Move rule Move Rule ID 1 Move to Before After ID 1 20 Please make sure all desired rules state of rule are checked and saved in the overview page the rules will be enforced upon system reboot 96 Copyright AIPNET INC 4ipnet Home gt Firewall gt Firev ll List No 10 User s Manual Enterprise Access Point ENGLISH Layer 2 Firewall Settings Enable Layer 2 Firewall O Disable Enable State GG 0 a Action DROP DROP DROP DROP DROP DROP Name CDP and VTP STP BPDU GARP RIP HSRP OSPF EtherType Remark IEEE_8023 IEEE_8023 IEEE_8023 IPv4 IPv4 IPv4 First Prev Next Last total 20 97 Setting Del Ed In Mv Del Del Del Del Del Del Del Del Del Ed Ed Ed Ed Ed Ed Ed Ed Ed In In In In In In In In In Mv Mv Mv Mv Mv Mv Mv Mv Mv Copyright 4IPNET INC 4ipnet 7 3 2 Service User s Manual Enterprise Access Point ENGLISH The administrator can add or delete firewall services here the services in this list will become options to choose in firewall rule whe
77. ifferent levels of services from the same physical AP device Please click on the Wireless icon to review the VAP Overview page VAP No 1 11 12 13 14 15 16 ESSID 4ipnetAP Al 4ipnetAP A 4ipnetAP A3 4ipnetAP Ad4 4ipnetAP AS 4ipnetAP A6 dipnetAP A7 4ipnetAP As 4ipnetAP Ag dipnetAP A10 dipnetAP A11 AipnetAP Al1 dipnetAP A13 ipnetAP A14 ipnetAP A15 4dipnetAP 4A16 State Enabled Disabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled VAP Overview RF Card A Security Type Open Open WPA Personal Open Open Open Open Open Open Open Open Open Open Open Open Open VAP Overview Page MAC ACL Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Advanced Settings Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit To proceed with specific VAP configuration click on the corresponding cell in the State column and row of the VAP the particular VAP s Configuration page will then appear for further configuration 42 Copyright 4IPNET INC PPNEE sera Enterprise Access Point ENGLISH u 2 B System Wireless Firewall Utilities Status VAP Overview General VAP Config V Security V Repeater Advanced Access Control Hotspot 2 0 Home gt Wire
78. iguration Access Control Settings Profile Name RF Card A VAP 1 Maximum Number of Clients 32 Range 1 256 per system Access Control Type RADIUS ACL i dt LE EEE Notelll These settings will also apply to security settings which use RADIUS Server for this VAP Host f Domain Name IP Address 3 Authentication Port 1812 1 65535 3 Secret Key i Secondary RADIUS Server Host Authentication Port Secret Key RADIUS ACL 91 Copyright AIPNET INC APM ers ar Enterprise Access Point ENGLISH 7 2 8 Hotspot 2 0 Hotspot 2 0 is also known as WiFi Certified Passpoint initiated by the WiFi Alliance to provide better bandwidth and services for public WiFi subscribers Hotspot 2 0 Profile Name RF Card A VAP 1 Ff Status Disable Enable Internet Access Disable Enable Access Network Type Private network Venue Information Group Unspecified Type Unspecified Venue Name List 1 English 2 English 3 English 4 English 5 English Network Auth Type Not configured Roaming Consortium Organizational f Identifier 2 3 a 1 sf IP Address Type py4 address Not Available Y IPv6 Address Not Available NAI Realm List Domain Name List Cellular Network Information List PLMN Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH e Status Enable or
79. igure Security Settings for your VAP The following instructions will guide the user to set up wireless security with a specific VAP If only restricted access of certain MAC addresses is desired skip to Step3 MAC restriction can be coupled with wireless security to provide extra protection First click on the corresponding cell in the column labeled Security Type This hyperlink will direct the user to the following Security Settings page 45 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Y a 7 System Wireless Firewall Utilities Status VAP Overview General WAP Config Security Repeater Advanced Access Control y Hotspot 2 0 Home gt Wireless gt Security Settings Security Settings Profile Name RF Card A VAP 1 7 Security Type 802 11r roaming WPA Personal WPA Enterprise Security Settings Page RF Card A VAP 1 shown Select the desired Security Type from the drop down menu which includes Open WEP 802 1X WPA Personal and WPA Enterprise A e 802 11n band does not support WEP nor WPA PSK running TKIP When the Security Type is set as such the wireless link is only able to run at maximum 54Mbps e 802 1X option is not available on RF Card B of EAP760 and EAP767 46 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH e Open Authentication is not required and data is not encrypted during tran
80. ilities Status IP Port Forwarding VDMZ h Home gt Firewall gt IP Port Forvarding IP Port Forwarding Service Name External Port Range Internal IP Address Protocol TCP UDP Add IP Port Forwarding Service External Port Item Internal IP Address Protocol State Delete Edit Name Range e Service Name The administrator can provide an easy remembered alias for the specific forwarding e External Port Range The range of external port for forwarding traffic can be defined manually by the administrator e Internal IP Address Enter the LAN IP address to receive the forwarding traffic e Protocol Forwarding traffic protocol can be selected from drop down list to be TCP UCP TCP or UDP e Add Click Add to activate the new service e IP Port Forwarding Details of current services available Click Delete to remove the specified service Click Edit to configure the current setting 133 Copyright 4IPNET INC RPPNEE nn Enterprise Access Point ENGLISH IP Port Forwarding Service External Port CHE Item Name Range Internal IP Address Protocol State Delete Edit 1 GAME 6112 10 30 5 112 TCP UDP Disable Enable 2 Phone 6670 10 30 5 250 TCP UDP ObDisable Enable 8 3 2 Demilitarized Zone The DMZ Demilitarized Zone allows one local computer or server used as a DMZ host to be exposed to the Internet for special purpose Internet services such as functioning as a web server External users can access t
81. ing Cipher Suite WPA2 Y Pre shared Key Type PSK Hex 64 chars Passphrase 8 63 chars Pre shared Key Group Key Update Period 600 second s Security Settings WPA Personal gt Cipher Suite Select an encryption method from WPA2 or WPA2 WPA gt Roaming Target AP List When 802 11r roaming is enabled the target roaming VAP MAC addresses can be configured here gt Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase gt Pre shared Key Enter the key value for the pre shared key the format of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds 49 Copyright 4IPNET INC RPPNEE nn Enterprise Access Point ENGLISH e WPA Enterprise Authenticates users by RADIUS and provides WPA data encryption o B System Wireless Firewall Utilities Status VAP Overview General VAP Config i Security Repeater i Advanced Access Control Hotspot 2 0 1 Home gt Wireless gt Security Settings Security Settings Profile Name RF Card A VAP 1 TY Security Type WPA Enterprise Y 802 11r roaming Cipher Suite WPA2 Group Key Update Period 600 second s Primary RADIUS Server Host Domain Name IP Address Authentication Port 1812 i Secret Key s Accounting Service te Disable Enable Accounting Port 1813 i Accounting I
82. ing from 1 to 4094 Once VLAN is Enabled QoS is supported on the VAP 77 Copyright AIPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH VAP Configuration Profile Name RF Card A VAP 1 VAP Disable Enable Profile Name VAP 1 ESSID 4ipnetAP A1 Uplink Bandwidth 0 Kbits s Downlink Bandwidth g Kbits s VLAN ID Disable Enable VLAN ID 1 4094 1 Uplink 802 1p Best Effort BE Downlink 802 1p AC Mappping Background BK Best Effort Best Effort BE Best Effort e Excellent Effort EE Best Effort Critical Applications CA Best Effort Video VI Best Effort x Voice VO Best Effort Internetwork Control IC Best Effort Network Control NC Best Effort CAPWAP Tunnel Interface FI gt Uplink Downlink Bandwidth Bandwidth control is configurable on the VAP in Kbits per second Set 0 for unlimited bandwidth control and the maximum allowed value for this field is 999999999 gt Uplink 802 1P per VAP Priority levels for uplink traffic can be selected here The options available are Background Best Effort Excellent Effort Critical Applications Video Voice Internetwork Control Network Control For more information please refer to IEEE Standards 802 1P gt Downlink 802 1P AC Mapping Re mapping options are available on 802 1P downlink traffic The options available are Background Best Effort Vid
83. ion of data transmission settings The administrator can tune the following parameters to improve network communication performance if a poor connection occurs Advanced Wireless Settings Profile Name RF Card A VAP 1 RTS Threshold 2346 1 2346 DTIM period 1 1 15 Consecutive Dropped Packets 5 2 50 O Disable Broadcast SSID Disable Enable Wireless Station Isolation Disable Enable IAPF Disable Enable Multicast to Unicast Conversion Disable Enable Multicast Broadcast Rate 54M Management Frame Rate 54M Receiving RSSI Threshold 0 0 100 O Disable Advanced Wireless Settings Page e RTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the fragment to prevent the hidden node problem The RTS mechanism will be activated if the data size exceeds the value provided A lower RTS Threshold setting can be useful in areas where many client devices are associating with the AP or in areas where the clients are far apart and can detect only the AP but not each other e Fragmentation Threshold 802 11a 802 11b and 802 11g Modes Enter a value between 256 and 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number
84. isi 9 29 5 AO EN DS eo EEE TEA 10 2 3 Hardware Installation oovovonnrosoornnnnnnrnnnnnssnvnnnnnnnrnnnnnssssnnnnnnnrsnnnnssssennnnnnrssnnnsssseennnnevseeeeeesseennenn 26 2 4 Access Web Management Interface sisi 32 3 Connect your AP to your NetWork iii 35 4 Adding Virtual Access Points iii 42 Er SANNE 44 6 Creating a WDS Bridge between two APS iii 55 7 Web Management Interface Configuration 58 GS E EEE 60 TONN 60 71 92 Network Interlace orisirisii ar an E R EEA Raai 62 VPN 64 sj PET ae 5105 0 EE SEE ETE 65 TTV 68 FAO 1 EEE EEE 69 NN escent os se eee eee neat 70 TV TON ED NE De 70 TD GL 72 VTM 77 DN ee 79 TA RODE EE REE EE NS NE 84 TAR SO VEN EEE ccussaas 86 7 2 7 Access Control RE de en ce te 88 Tao OE 00 O a ee ee Re ce es 92 FS 94 Pre 94 DOS 98 FAE GN AIC CG AP E E 99 7 4 OG aa GS 100 OE SO Cs D ee Gao a ae ou 100 2 Copyright AIPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH gel UG ov u 101 22 NN 103 TARN 103 TAS lO a OG EE ee ouai 104 ANN ATOS do A E 0 tact aesetaacensuctusinecdedentieul lt ieisteonserseeiee ins 105 BS NN 106 TF assesses cera E ae cere E eee see cera eset ae occ esses 107 OE EEE EEE 107 TT 109 NNN 111 FA V DENS 112 TA OS EEE EEE EEE EEE 114 TA 0 AL 1 0 0000 EEE SE ES SE 115 8 CPE Mode Configuration OWL530 EAP210 iii 116 OL E D AEA NA A A AT 118 Sigh S NN 118 8 1 2 Op ra MO NS EEE ES E EENE itanietonteliinne 120 NNN 121 8 1 4
85. k the following link Enterprise Access Point The System Overview page will appear upon the completion of reboot 138 Copyright 4IPNET INC 41pnet User s Manual Enterprise Access Point ENGLISH 8 4 5 Upload Certificate In CPE mode a certificate can be uploaded for HTTPS protected login Click Browse to select the desired certificate and the matching Private Key Uploading a certificate allows encrypted content transfer System Wireless Firewall Jrilities Status Change Password Backup amp Restore System Upgrade Reboot Upload Certificate Home gt Utilities gt Upload Certificate Upload Certificate Upload Private Key Upload Certificate Use Default Certificate 139 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 5 Status This section displays the status of System Overview Interfaces Event Log Monitor DHCP Lease and UPnP 8 5 1 System Overview The System Overview page provides an overview of the system status for the administrator gt y r System Wireless Firewall Utilities Status amp System Overview Interfaces Event Log Monitor DHCP Lease UPnP 4 Home gt Status gt System Overview System Overview p System Radio Status System Name Enterprise Access Point OWLS Status Connected Firmware Version 1 10 00 SSID felix220 a3 Build Number 1 13 1 6891 MAC Address 00 1F D4 94 19 3C
86. l Hotspot 2 0 Home gt Wireless gt Access Control Settings Access Control Settings Profile Name RF Card 4 VAP 1 TY Maximum Number of Clients 128 Range 1 256 per RF card Access Control Type Disable Access Control Access Control Settings Page e Maximum Number of Clients The 4ipnet Access Point supports various methods of authenticating clients for wireless LAN access The default policy is unlimited access without any authentication requirement To restrict the station number of wireless connections simply change the Maximum Number of Stations to a desired number For example when the number of stations is set to 20 only 20 stations are allowed to connect to the specified VAP 88 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH e Access Control Type The administrator can restrict the wireless access of client devices based on their MAC addresses gt Disable Access Control When Disable is selected there is no restriction for client devices to access the system gt MAC ACL Allow List When selecting MAC ACL Allow List only the client devices identified by their MAC addresses listed in the Allow List allowed MAC addresses are granted access to the system The administrator can temporarily block any allowed MAC address by checking Disable until the administrator re Enables the listed MAC Access Control Settings Profile Name RF Card A
87. l take effect only after a system restart 8 1 1 System Information For maintenance purpose it is required to specify the system name its location and corresponding basic parameters Fields such as Name Description and Location are used for mnemonic purpose It is recommended to have different values in each AP oe 9 Y a S A Wireless Firewall Utilities Status Operating Mode Y Network Management System Information Home gt System gt General System Information Name Enterprise Access Point g Description Location Time Device Time 1970 01 01 09 13 02 Time Zone GMT 08 00 Taipei v Time Enable NTP Manually set up Set Date Year Month Day Set Time Hour Min Sec e System Information For maintenance purpose it is recommended to have the following information stated as clearly as possible Fields Name Description and Location are used for mnemonic purpose It is recommended to have different values in each wireless device gt Name The system name used to identify this system 118 Copyright 4IPNET INC APM ser an Enterprise Access Point ENGLISH gt Description Further information of the system gt Location Information about the geographical location of the system which can help the administrator locate it easily Time Time settings allow the system time synchronized with NTP server or manually set gt Device Time Display th
88. less gt VAP Configuration VAP Configuration Profile Name RF Card A VAP 1 VAP Disable Enable Profile Name VAP 1 ESSID 4ipnetAP A1 VLAN ID Disable Enable VLAN ID 1 4094 CAPWAP Tunnel Interface VAP Configuration Page VAP 1 shown Please select the desired RF card and VAP profile from the drop down menu of Profile Name Choose Enable for the VAP field Pick a descriptive Profile Name and an appropriate ESSID for clients to associate to A VLAN ID can be provided to indicate the traffic through this particular VAP It may allow further management control e g access rights and Internet usage etc of each VAP with a management gateway Click SAVE and then Reboot for the changes to take effect 43 Copyright 4IPNET INC 4ipnet 5 Securing the AP Different VAP may require different levels of security These instructions will guide the user through User s Manual Enterprise Access Point ENGLISH setting up different types of security for a particular VAP Simply repeat the following steps for other VAP with security requirement Step 1 Ensure the intended VAP is Enabled VAP No 1 11 12 13 14 15 16 ESSID 4ipnetAP Al 4ipnetAP A 4ipnetAP A3 ipnetAP Ad 4ipnetAP AS 4ipnetAP A6 dipnetAP A7 4ipnetAP As 4ipnetAP Ag ipnetAP A10 dipnetAP A11 AipnetAP Al1 dipnetAP A13 dipnetAP Al4 dipnetAP A15 dipnetAP A16 State Enabled Disabled Enabled Disabled Dis
89. lete the rule Ed denotes to edit the rule In denotes to insert a rule and Mv denotes to move the rule 94 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH gt gt To delete a specific rule Del in the Setting column of firewall list will lead to the following page for removal confirmation After the SAVE button is clicked and system is rebooted the rule will be removed Firewall List Service 4 Advanced Home gt Firewall gt Firewall List Layer 2 Firewall Settings Remove rule 1 gt gt To edit a specific rule Ed in the Setting column of the firewall list will lead to the following page for detail configuration From this page the rule can be edited from scratch or from an existing rule for revision The following fields will be displayed vv VY y Rule ID The numbering of this specific rule will decide its priority among available firewall rules in the table Rule name The rule name can be specified here EtherType The drop down list will provide the available types of traffic subjected to this rule Interface It indicates inbound outbound direction with desired interfaces Service when EtherType is IPv4 Select the available upper layer protocols services from the drop down list DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for the fields in 802 2 LLC frame header Type when EtherType is IEEE802 3 The field can be used to in
90. me or e mail registered with the DDNS provider gt Password Key The password of the account registered with the DDNS provider e LAN Configuration Configure LAN and DHCP seitings on this page IP Address and Netmask are required fields to set up LAN interface gt IP Address The IP address of the LAN port gt Netmask The Subnet mask of the LAN port gt DHCP Server If enabled devices connected to this system can obtain an IP address automatically o Enable Disable Select Enable to activate this function or Disable to inactivate it o Start IP End IP Specify the range of IP addresses to be distributed by the DHCP server to clients o Preferred DNS Server Enter the IP address of a preferred DNS server this field is required o Alternate DNS Server Enter the IP address of a secondary DNS server this is optional o WINS Server IP Enter the IP address of a WINS Windows Internet Name Service server this is optional o Domain Name Enter the domain name for this network 122 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH o Lease Time It can be chosen from the drop down list to renew Leased LAN IP 123 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 1 4 Management The system supports SNMP Syslog and UPnP functions for easy management These functions can be configured on this page General Operating Mode Network Interface Managem
91. mode and AP mode The administrator can set the desired mode on this page and then configure the system according to deployment needs System information Operating Mode Network 1 Management Home gt System gt Operating Mode Operating Mode Operating Mode CPE Mode AP Mode e Operating Mode Select CPE Mode and then click SAVE to save the setting 120 Copyright 4IPNET INC 4ipnet 8 1 3 Network Settings User s Manual Enterprise Access Point ENGLISH WAN and LAN settings can be configured on this page Home gt System gt Network Interface Mode Bandwidth Limit DONS Provider Host Name User Name E mail Password Key IP Address Netmask DHCP Server Start IP End IP Preferred DNS Server Alternated DNS Server WINS Server IP Domain Name Lease Time WAN Configuration Static DHCP Renew IP Address 192 168 10 1 Netmask 255 255 255 0 T Default Gateway 192 168 10 254 Primary DNS Server 192 168 10 254 gt Alternate DNS Server Download 0 Mbps Upload 0 Mbps 0 999 for Kbps 0 300 for Mbps O unlimited Dynamic DNS DDNS Disable Enable EE Cs LAN Configuration 192 168 1 1 255 255 255 0 Disable Enable 192 168 1 2 a 192 168 1 254 ss 168 95 1 1 s i Day 121 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH e WAN Configuration Dete
92. n EtherType is IPv4 The Access Point provides a list of rules to block or pass traffic of layer 3 or above protocols These services are available to choose from a drop down list of layer2 firewall rule edit page with Ether Type IPv4 The first 28 entries are default services and the administrator can add delete any extra desired services There are 28 firewall services available in default settings these default services cannot be deleted but can be disabled If changes are made please click SAVE to save the settings before leaving this page Firewall List Service Home gt Firewall gt Ul il Le I m a a a No hj La 10 Advanced in Name ALL ALL TCP ALL UDP ALL ICMP FTP HTTP HTTPS POP3 SMTP DHCP Firewall Service Description ALL TCP Source Port 0 65535 Destination Port 0 65535 UDP Source Port 0 65535 Destination Port 0 65535 ICMP TCP UDP Destination Port 20 21 TCP UDP Destination Port 80 TCP UDP Destination Port 443 TCP Destination Part 110 TCP Destination Port 25 UDP Destination Port 67 68 First Prev Next Last total 28 Add Firewall Service Page 98 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 3 3 Advanced At Firewall gt Advanced more advanced settings on firewall rules can be configured providing extra security enhancement against DHCP and ARP traffic traversing the
93. necting Multiple APs When many APs are linked in this manner undesired loops may form to lower overall WLAN performance To prevent such occurrence please make sure Layer 2 STP is enabled To turn on this feature please click on the System icon and the Network Interface tab General Network Interface Port Management CAPWAP IPV6 Home gt System gt Network Interface Network Settings Mode Static DHCP Renew IP Address 192 168 1 1 Netmask 255 255 255 0 Default Gateway 192 168 1 254 Primary DNS Server 192 168 1 254 E Alternate DNS Server Ethernet IGMP Snooping Disable Enable Layer STP Disable pr Network Settings Page Please select Enable in the field labeled Layer2 STP This will prevent data from looping or creating a broadcast storm Click SAVE when completed and then Reboot to allow updated settings to take effect Step 3 Building the WDS Link To extend the wireless coverage each RF card supports up to 8 WDS links for connecting wirelessly to other WDS capable APs peer APs By default all WDS profiles are disabled 56 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH gt PA System Wireless Firewall Utilities Status VAP Overview General y VAP Config Security Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt Repeater Settings Repeater Settings Repeater Type WDS v
94. ntenna RF Card A x 3 RF Card B x 3 Connector marked 1 is for the primary antenna when the AP is not in 802 11n or 802 11ac mode Utilize all connectors for optimized MIMO performance Back NE 7 e eS Urn I ES a Fee a Ground Connector For connecting the ground wire 24 Copyright 4IPNET INC PRE ers mana Enterprise Access Point ENGEISH For gj we NL SEE ier T ou RME P a M12 DC Connector DC input 12V is supported on OWL630 Ventilation Valve Due to extreme weather conditions water vapor in the OWL630 may condense The valve allows ventilation to prevent moisture buildup within the OWL630 3 Uplink PoE Connector For connecting to the Power Sourcing Equipment PSE ka Ethernet LAN Attach Ethernet cables here for connecting to the wired local network Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s Hyper Terminal for troubleshooting purposes 25 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 2 3 Hardware Installation Please follow the steps mentioned below to install the hardware of EAP210 EAP220 EAP320 EAP760 Step 1 Place the EAP210 EAP220 EAP320 EAP760 at the best location The best location is usually at the center of your intended wireless network Step 2 Connect the EAP210 EAP220 EAP 320 EAP760 to your network device Connect
95. nterim Update Interval 60 second s Host Domain Name IP Address Authentication Port Secret key Accounting Service Disable Enable Accounting Port Accounting Interim Update Interval second s Security Settings 802 1X Authentication Dynamic WEP Settings Dynamic WEP For 802 1X security tyoe Dynamic WEP is always enabled to automatically generate WEP keys for encryption WEP Key Length Select a key length from 64 bit or 128 bit Re keying Period The time interval for the dynamic WEP key to be updated the time unit is in seconds RADIUS Server Settings Primary Secondary Host Enter the IP address or domain name of the RADIUS server 80 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period Note 802 1X wireless encryption may be limited on RF Card B for selected AP models e WPA Personal W
96. nterim Update Interval 60 second s Secondary RADIUS Server Host Domain Name IP Address Authentication Port Secret Key Accounting Service Disable Enable Accounting Port Accounting Interim Update Interval second s Security Settings WPA Enterprise gt WPA Settings o Cipher Suite Select an encryption method from WPA2 or WPA2 WPA o Roaming Target AP List When 802 11r roaming is enabled the target roaming VAP MAC addresses can be configured here o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes 50 Copyright 4IPNET INC RPPNEE nn Enterprise Access Point ENGLISH Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period When these configurations are finished and MAC restriction is not needed click SAVE and Reboot the system Otherwise click
97. offers a firewall function that is tailored specifically for Layer2 traffic providing another choice of shield against possible security threats coming from going to WLAN AP interfaces hence besides firewall policies configured on gateways this extra security feature will assist to mitigate possible security breach This section provides information in the following functions Firewall Lists Service and Advanced Firewall Settings 7 3 1 Firewall List It provides an overview of firewall rules in the system 6 default rules with up to a total of 20 firewall rules are available for configuration Firewall List Service Advanced Home gt Firewall gt Firewall List Layer 2 Firewall Settings Enable Layer 2 Firewall Disable Enable No State Action Name EtherType Remark Setting 1 F DROP CDP IEEE 8023 Del Ed In Mv 2 DROP STP IEEE 8023 Del Ed In My a F DROP GARP IEEE 8023 Del Ed In My Firewall List Page From the overview table each rule is designated with the following field No The numbering will decide the priority for the system to carry out the available firewall rules in the tables e State The check marks will enable the respective rules Action DROP denotes a block rule ACCEPT denotes a pass rule Name Shows the name of the rule EtherType Denotes the type of traffic subjected to this rule Remark Shows the note of this rule Setting 4 actions are available Del denotes to de
98. og Monitor Home gt Status gt Interface Interface Traffic Interface List Interface Traffic Out KB Packets Out Traffic In KB Packets In Real Time Uplink 354627 5267468 294976 1474959 Plot RF Card A VAP3 57180 186780 4121 32498 RF Card B VAP3 4268 16794 9 221 A real time plot is also available for each interface as such Uplink Traffic W Traffic In W Packets In MI Traffic Out V Packets Out Display Range 1 min v Stop 45 6 15k Packets In Packets Out INO JIYE Uj DEI 17 25 45 17 25 50 17 25 55 17 26 Traffic In bytes s Packets In packets s Traffic Out bytes s Packets Out packets s The Time Axis is configurable with the following options 1 minute 2 minutes 5 minutes or 10 minutes Left click on the mouse to zoom in on desired regions Double click to return the plot to its original scale 110 Copyright 4IPNET INC APM ters ars Enterprise Access Point ENGLISH 7 5 3 Associated Clients The administrator can remotely oversee the status of all associated clients on this page When a low SNR is found here the administrator can tune the corresponding parameters or investigate the settings of associated clients to improve network communication performance Overview Interfaces Associated Clients V WDS Link Status Event Log Monitor Home gt Status gt Wireless Clients Associated Client Status Client List Packet Error Idle Up Real n As
99. ol is issued and parameters are configured In the Web Management Interface there are two main interface areas Main Menu and Working Area The Working Area occupies the major area of the WMI displayed in the center of the interface It is also referred to as the configuration page The Main Menu on the top of the WMI allows the administrator to traverse to various management functions of the system The management functions are grouped into branches System Wireless Firewall Utilities and Status Table 1 4ipnet Access Points Function Organization OPTION FUNCTION General Port Management CAPWAP IPv6 VAP Overview General VAP Config Wireless ecu Repeater Advanced Access Control Hotspot 2 0 Firewall List Service Advanced Change Password Backup amp Restore System Upgrade Reboot Upload Certificate Channel Analysis 58 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Background Scan Overview Interfaces Associated Clients WDS Link Status Event Log Status On each configuration page you may click SAVE to save the changes of your configured settings but you must reboot the system for the changes to take effect After clicking SAVE the following message will appear Some modification has been saved and will take effect after Reboot All online users will be disconnected during reboot or restart Note 59 Copyright 4IPNET
100. onfiguration Transmission Rate Threshold 10 kbps 0 Disable AP General Settings Page e RF Card Name Select one RF card for further configuration e Band Select an appropriate wireless band 802 11a 802 11b 802 119 802 11b 802 119 802 119 802 11n 802 11a 802 11n 802 11ac or select Disable if the wireless function is not required gt Pure 11n Enable 802 11n network only e Short Preamble The short preamble with a 56 bit synchronization field can improve WLAN transmission efficiency Select Enable to use Short Preamble or Disable to use Long Preamble with a 73 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 128 bit synchronization field e Short Guard Interval available when Band is 802 119 802 11n or 802 11a 802 11n The guard interval is the space between symbols characters being transmitted to eliminate inter symbol interference In order to further boost throughput with 802 11n short guard interval is half of what it used to be please select Enable to use Short Guard Interval or Disable to use normal Guard Interval e Channel Width available when Band is 802 119 802 11n or 802 11a 802 11n Double channel bandwidth to 40 MHz or 80 MHz to enhance throughput e Channel Select the appropriate channel from the drop down menu to correspond with your network settings for example Channel 1 11 is available in North American and Channel 1 13 in Europe or choose the default 6
101. onfiguration Via the console port administrators are able to enter the console interface to reset the access point to its factory default settings In order to connect to the console port of a 4ipnet access point a console modem cable and a terminal simulation program such as PuTTy are needed There are 2 ways to access the console interface 1 Direct Connection Notebook gt USB to RS232 with DB9 connector gt Console Cable gt Console Port The USB to RS232 cable is not supplied with standard packaging It is recommended to use only the console cable provided with the packaging USB RS232 Console Cable RS232 Console Cable RJ45 The speed baud rate needs to be selected for direct connections and the baud rate is summarized as follows Ome O ae 149 Copyright 4IPNET INC User s Manual Enterprise Access Point ENGLISH Basic options for your PUTTY session Specify the destination you want to connect to Raw Telnet Rogn Load save or delete a stored session Saved Sessions Default Settings H SSH Serial 2 Remote Connection The system supports access to the console interface via SSH Typically SSH utilizes Port 22 and would require the WAN IP address for access __ Basic options for your PuTTY session _ Specify the destination you want to connect to Host Name or IP address 22 Connection typ
102. ons roam smoothly among IAPP enabled access points in the same wireless LAN e Multicast to Unicast Conversion When Multicast to Unicast Conversion is enabled the Access Point intelligently forwards traffic only to those ports that request multicast traffic Adversely when disabled multicast traffic is treated like broadcast traffic with packets forwarded to all ports causing network inefficiencies e Multicast Broadcast Rate Bandwidth configuration for multicast broadcast packets If your wireless clients require a larger or smaller bandwidth for sending multicast broadcast packets the administrator can customize the Access Point s multicast broadcast bandwidth here e Management Frame Rate This feature controls the bandwidth for Management Frames The higher the rate it the shorter range the transmission covers e Receiving RSSI Threshold To ensure connected stations have quality connection speeds a station will not be able to associate to the network unless its receiving sensitivity meets the configured threshold 87 Copyright 4IPNET INC RPPNEE nn Enterprise Access Point ENGLISH 7 2 7 Access Control On this page the network administrator can restrict the total number of clients connected to the Access Point as well as specify particular MAC addresses that can or cannot access the device System Nireless Firewall Utilities Status VAP Overview General VAP Fo Security N Repeater hj Advanced Access Contro
103. ower adaptor to the power jack socket b The Uplink port is capable of receiving PoE Connect an IEEE 802 3af at compliant PSE device e g a PoE switch to the Uplink port of EAP747 EAP750 EAP757 with the Ethernet cable Please follow the steps mentioned below to install the hardware of EAP767 Step 1 Place the EAP767 at the best location The best location is usually at the center of your intended wireless network 28 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Wall Mounting Secure wall mount bracket on wall Attach the Access Point to the dedicated slots on the mounting bracket Turn the Access Point clockwise as illustrated to fasten AP Ceiling Mount Secure ceiling mount bracket on ceiling 29 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Attach the Access Point to the dedicated slots on the mounting bracket Turn the Access Point clockwise as illustrated to fasten AP 30 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Step 2 Connect one end of the Ethernet cable to the Uplink port and the other end of the cable to a switch a router or a hub The EAP767 is now connected to your existing wired LAN network Step 3 There are two ways to supply power to EAP767 a Connect the DC power adaptor to the power jack socket b The Uplink port is capable of recei
104. ption Tunnel ots 1 Disabled N A N A N A N A N A 2 Disabled N A N A N A N A N A 3 Disabled N A N A N A N A N A 3 4 Disabled N A N A N A N A N A 5 Disabled N A N A N A N A N A 6 Disabled N A N A N A N A N A 3 7 Disabled N A N A N A N A N A 8 Disabled N A N A N A N A N A wy Plot By clicking plot a dynamic graph for WDS link status is displayed Information on the plot includes Total RSSI Anti RSSI Ant2 RSSI Transmission Rate Receiving Rate Transmission Speed and Receiving Speed 113 Copyright 4IPNET INC 4ipnet RSSI Receiving Rate Transmission Rate 2013 11 18 17 59 06 RF Card B WDS Link 1 Status Total RSSI Y Ant1 RSSI M Ant2 RSSI User s Manual Enterprise Access Point ENGLISH Receiving Rate Y Receiving Speed Y Transmission Rate Y Transmission Speed V Display Range Voice Hint for None p d uolssiwsuel peeds BulAiesey 17 59 17 59 10 17 59 20 17 59 30 Total RSSI 87 Total RSSI Current 87 Ant1 RSSI 87 Maximum 87 Ant2 RSSI 76 Ant1 RSSI Current 87 Receiving Rate Mbps 131 ii me sts se Current Receiving Speed bytes s 0 aasnunt 7 Transmission Rate Mbps 130 Transmission Speed bytes s 40 The Time Axis is configurable with the following options 1 minute 2 minutes 5 minutes or 10 minutes Left click on the mouse to zoom in on desired regions Double click to return the plot to its original scale Voice hint may also be en
105. r networks with devices supporting different bands e Packet Delay Threshold ms An Access Point may be occupied trying to transmit a packet to a busy client or a client out of range hence delaying transmission to other connected clients When Enabled this Tx queue flushing mechanism drops packets and immediately begins to process others if the queue has been processed for more than x milliseconds where Default 0 disabled This feature improves the performance of complex wireless networks but may require some packets to be resent e Idle Timeout s Client disconnects when inactivity reaches the configured amount of time in seconds where default 300s e Band Steering When enabled clients with 5GHz connectivity will be steered towards the 5GHz band to reduce congestion in the 2 4GHz band This is applicable only when the AP is set to 2 4GHz and 74 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 5GHz on the 2 RF Cards When Aggressive is checked clients with 5GHz connectivity are forced to connect to the 5GHz band Note that this is a general setting for the Access Point and is not set per RF Card e Interference Detection When Utilization Latency and Invalid Packet Rate of the current channel or adjacent channel reaches the configured threshold in the AP switches to a different Channel e WME Configuration Access priority can be configured using with different parameters CW
106. rd Change Password Page The administrator can change password on this page Enter the original password admin and new password and then re enter the new password in the Re enter New Password field Click SAVE to save the new password In addition to the admin account there is a user account capable of accessing the web management interface with configuration limitations The user account will not be able to reboot AP change wireless settings or enable the Channel Analysis function This account is typically issued by IT staff for employees to monitor AP statuses 100 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 4 2 Backup amp Restore This function is used to backup and restore the Access Point s settings The AP can also be restored to factory default using this function It can be used to duplicate settings to other access points backup settings of this system and then restore on another AP a B System Wireless Firewall Utilities Status Change Password Backup amp Restore System Upgrade Reboot eee e Background Scan Home gt Utilities gt Config Save amp Restore Configuration Backup amp Restore Reset to Default Backup System Settings Backup Restore System Settings No file selected Backup amp Restore Page e Reset to Default gt Click Reset to load the factory default settings of the Access Point A
107. rd Name RF Card B 00 O0 OG 00 OG 00 OG 00 OG gg OG OG OG OG Eu R eboot Firewall A MAC 1F D4 02 87 58 1F D4 02 87 58 1F D4 02 87 E0 1F D4 02 87 E0 CO CA S5F 8B 35 1F D4 02 87 78 1F D4 02 87 78 1F D4 02 86 A0 1F D4 02 B4 88 1F D4 02 BE F4 CO CA 5F 89 BO CO CA 5F 8B 49 COCA 5F 89 9E 1F D4 02 86 C0 Scan whole channel A Utilities Upload Certificate Channel Analysis Signal Strength status Background Scan Channel 36 36 36 36 36 36 36 36 36 36 36 36 36 36 The Scan Whole Channel button triggers the AP to scan all channels in the configured band Note that the Radio is only capable of scanning in its configured band 106 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 5 Status This page is used to view the current condition and state of the system and it includes the following functions Overview Interfaces Associated Clients WDS Link Status Event Log and Monitor 7 5 1 Overview The System Overview page provides an overview of the system status for the administrator A se System Wireless Firewall Utilities Status Overview Interfaces Associated Clients WDS Link Status Event Log Monitor Home gt Status gt System Overview System Overview P System Radio Status System Name Enterprise Access Point EA RF Card MAC Address Band
108. request multicast traffic Adversely without IGMP snooping multicast traffic is treated like broadcast traffic with packets forwarded to all ports causing network inefficiencies Layer 2 STP If the AP is set up to bridge other network components this option can be enabled to 62 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH prevent undesired loops because a broadcasting storm may occur in a multi switch environment where broadcast packets are forwarded in an endless loop between switches Moreover a broadcast storm may consume most of the available system resources in addition to available bandwidth Thus enabling the Layer 2 STP can lower such undesired occurrence and derive the best available data path for network communication The AP also supports RSTP Operation Configurable parameters include Bridge Priority Hello Time Max Age and Forward Delay Please refer to IEEE standards for recommended parameter values 63 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 1 3 Port The physical Ethernet ports of the AP can be configured to append a VLAN tag for upstream delivery g gt A B System Wireless Firewall Utilities Status General Network Interface Port Management CAPWAP 1PV6 Home gt System gt Port Config Port Configuration Switch Mode Port Based Tag Based Port LAN1 VLAN ID Disable
109. rity type Dynamic WEP is always enabled to automatically generate WEP keys for encryption o WEP Key Length Select a key length from 64 bits or 128 bits o Re keying Period The time interval for the dynamic WEP key to be updated the time unit is in seconds gt RADIUS Server Settings A redundant server can also be added to the system o Host Enter the IP address or domain name of the RADIUS server 48 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period e WPA Personal Provides shared key authentication in WPA data encryption g gt 9 N o B System Wireless Firewall Utilities Status VAP Overview General VAP Config Security Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt Security Settings Security Settings Profile Name RF Card A VAP 1 Y Security Type WPA Personal Y 802 11r roam
110. rmine the way to obtain the IP address by static or DHCP gt Mode Determine the way to obtain the IP address by DHCP or Static o Static The administrator can manually set up the static WAN IP address IP Address The IP address of the WAN port Netmask The subnet mask of the WAN port Gateway The gateway IP address of the WAN port Primary DNS Server The IP address of the primary DNS Domain Name System server Secondary DNS Server The IP address of the substitute DNS server o DHCP This connection type is applicable when the system is connected to a network with the presence of a DHCP server all related IP information required will be provided by the DHCP server automatically gt Bandwidth Limit o Download The maximum download bandwidth of WAN interface to be shared by clients o Upload The maximum upload bandwidth of the WAN interface to be shared by clients e Dynamic DNS The option can be enabled to bind FQDN compliant Host Name with this device If enabled the service Provider must be chosen from the drop down list with provided Host Name User Name User Email and Password gt DDNS Select Enable to activate this function or Disable to inactivate it gt Provider The name of the DDNS provider that the system is registered with Select a DDNS provider from the drop down list box gt Host Name The FQDN registered with the selected DDNS provider gt User name E mail The account ID user na
111. server Please note that each VAP MAC ACL and its security type shown on the Security Settings page share the same RADIUS configuration 53 Copyright 4IPNET INC APM ers a Enterprise Access Point ENGLISH Home gt Wireless gt Access Control Settings Access Control Settings Profile Name RF Card A VAP 1 Maximum Number of Clients f Range 1 256 per RF card Access Control Type RADIUS ACL 7 Primary RADIUS Server Note These settings will also apply to security settings which use RADIUS Server for this VAP Host Domain Name IP Address Authentication Port 1 65535 Secret Key id Secondary RADIUS Server Host Authentication Port RADIUS ACL Click SAVE and Reboot upon completing the related configurations to take effect 54 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 6 Creating a WDS Bridge between two APs WDS link creation is convenient for extending network coverage where running wires is not an option effectively transferring the traffic to the other end of WLAN LAN through the AP Since this is a peer to peer connection both APs will be configured the same way Step 1 Make sure the Band and Channel are matched between the WDS peers In order to create a valid WDS link the two APs must be configured to use the same channel and band for their wireless settings Click the Wireless icon and then General tab to go to the
112. smission when this option is selected This is the default setting as shown in the following figure gt Y r Z System Wireless Firewall Utilities Status VAP Overview J General VAP Config Security Repeater Advanced Access Control Hotspot 2 0 Home gt Wireless gt Security Settings Security Settings Profile Name RF Card A VAP 1 7 Security Type 802 11r roaming WPA Personal WPA Enterprise Security Settings None e WEP WEP Wired Equivalent Privacy is a data encryption mechanism with key length selected from 64 bit 128 bit or 152 bit VAP Overview General VAP Config Secu rity Repeater Advanced Access Control Hotspot 2 0 N Home gt Wireless gt Security Settings Security Settings Profile Name RF Card A VAP 1 Security Type WEP T 802 1ir roaming Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 802 11 Authentication Open System Shared Key Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ASCII Hex ER WEP Key Index 1 WEP Keys 4 Security Settings WEP gt 802 11 Authentication Select from Open System Shared Key or Auto gt WEP Key Length Select a key length from 64 bit 12
113. sociated VAP ESSID MAC Address RSSI Ratio Time Time Time Disconnect oh secs secs RF Card A VAP 3 felix220 a3 Oc 74 c2 3d 23 c7 24 16 30 780 Plot Kick RF Card A VAP 3 felix220 a3 00 1f d4 02 c9 f4 71 0 0 1073 Plot Associated Client Status Page e Associated VAP The name of a VAP Virtual Access Point that the client is associated with e ESSID The Extended Service Set ID which the client is associated with e MAC Address The MAC address of associated clients e RSSI The Received Signal Sensitivity Index of respective clients association e Packet Error Ratio Indication of the associated client s service quality to see if packets are not received e Idle Time Time period that the associated client is inactive for the time unit is in seconds e Uptime Time period that the client is associated for the time unit is in seconds e Real Time A real time plot of each associated client s traffic information including Packets In Out Traffic In Out in Ko RSSI Uplink Downlink Rates and etc 111 Copyright AIPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Client 0c 74 c2 3d 23 c7 Status RSSI M Uplink Rate M Uplink Speed Y Downlink Rate Y Downlink Speed Display Range 140 3 22M 2 76M 2 oO amp 5 gt 23M gt 184M o e w 5 138M x wi 5 VL gt i 942 11k V 8 Ww D n 2 X 471 06k 0 13 58 50 13 59 13 59 10
114. ss Remote AP MAC Address Security Type None T CAPWAP Tunnel Interface Repeater Settings WDS o WDS Select Enable to enable the respective WDS links Select Disable to remove them o WDS Link Address Selected AP Models The MAC address for this interface o Remote AP MAC Address To input remote peer s MAC address o Security Type None WEP or WPA PSK o CAPWAP Tunnel Interface Select Checkbox to designate WDS traffic to pass through CAPWAP Tunnel established between the AP and the controller 84 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH e When the Repeater Type is set to Universal Repeater EAP210 and OWL530 only enter the SSID of upper bound AP for uplink connection Security Type None WEP or WPA PSK can be configured for this Repeater connection but note that the security type configured here needs to be the same as upper bound AP Repeater Settings Repeater Type Universal Repeater The SSID of Upper Bound AP ia Current wireless channel of the system is set at 6 Repeater connection may fail if the system is set to connect to upper AP with different channels Security Type None B WEP WPA PSK Repeater Settings Universal Repeater 85 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 2 6 Advanced The advanced wireless settings for the Access Point s VAP Virtual Access Point profiles allow customizat
115. stem i e power on off during the upgrade or restart process as this may damage the system 137 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 4 4 Reboot The administrator can reboot the device remotely Click Reboot to restart the system immediately g gt System Wireless Firewall Utilities Status D B a h V F n System Upg rade Reboot Upload Certificate L 1 Change Password Backup amp Restore Home gt Utilities gt Reboot Reboot the System Reboot may take several minutes to complete The Admin Login Page will be shown after system boots up A pop up will appear to confirm the request to restart the system Click OK to proceed or click Cancel to cancel the restart request Windows Internet Explorer Eg Do vou want to reboot the system A warning message as displayed below will appear during the reboot period The system power must be turned on before the completion of the reboot process Fom kr 1 ER i 1 cha nge Password Backup amp Restore System Upgrade Reboot Upload Certificate k Home gt Utilities gt Reboot Now rebooting the System Reboot may take several minutes to complete The home page will be shown after system boots up If the web page does not go back for a long time please clic
116. still send their ARP requests however if their IP appears on the static list with different MAC their ARP requests will be dropped to prevent eavesdropping RF Isolation between RFs Clients are isolated between RF Card A and RF Card B VAP Isolation within RF Clients on different VAPs on the same RF Card are isolated If any settings are changed please click SAVE to save the configuration before leaving this page 99 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 4 Utilities The following utility features on this page allow the administrator to maintain the system Change Password Backup amp Restore System Upgrade Reboot Upload Certificate Channel Analysis Background Scan 7 4 1 Change Password To protect the Web Management Interface from unauthorized access it is highly recommended to change the administrator s password to a secure password Only alpha numeric characters are allowed and it is also recommended to make use of a combination of both numeric and alphabetic characters g gt Po 5 System Wireless Firewall it Status Change Password Backup amp Restore System Upgrade Reboot Upload Certificate Channel Analysis Background Scan Home gt Utilities gt Change Password Change Password Name admin New Password up to 32 characters Re enter New Password Name User New Password up to 32 characters Re enter New Passwo
117. tatic IP must be set Login as reset2def and enter reset2def as your password Type yes to reset the AP to factory default e Backup System Settings Click Backup to save the current system settings to a local disk such as the hard disk drive HDD of a local computer or a compact disc CD e Restore System Settings Click Browse to search for a previously saved backup file and then click Upload to restore the settings The backup file will replace the active configuration file currently running on the system After network parameters have been reset restored the network settings of the administrator PC may need to be changed to ensure that the IP address of the administrator PC is on the same subnet mask as the AP 102 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 4 3 System Upgrade The EAP Access Point supports two methods of firmware upgrade from the web management interface or through TFTP The administrator can download the latest firmware from the 4ipnet Support Team and save it on the administrator s PC To upgrade the system firmware click Browse to choose the new firmware file you downloaded onto your PC and then click Upload to execute the process There will be a prompt confirmation message to notify the administrator to restart the system after a successful firmware upgrade To upgrade by TFIP enter the designated IP address Port and File Name then cli
118. tem Is ready For indicating WDS connection status Master Press for more than Slave Press once and 3 seconds then release right away BLINKING SLOWLY BLINKING RAPIDLY Green Green WES Success LED Green ON LED Green ON WES Fail Timeout LED Green OFF LED Green OFF WES Negotiate Wireless LED On indicates wireless network interface is ready for service 2 415 GHz Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH A 2 A 1 B 2 B 1 Primary antenna connector Ant1 for RF Card A Secondary antenna connector Ant2 for RF Card A Primary antenna connector Ant1 for RF Card B Secondary antenna connector Ant2 for RF Card B Rear Panel Restart Reset Console Uplink 12Vv 2A POE WES Button RF B WDS Easy Setup Press the button to build up a WDS link with another peer 4 WDS links can be set up per RF card Note that the WES Button only runs on the 5 GHz RF Card B Fam Port To access EAP220 via the console interface us 1 4 var The a anew for connections with LAN side devices aa Port PoE eee ee sce bre port for uplink connection to another gateway or device PoE 802 3at is Supported ail kis I 2A Power Socket for the power adaptor Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH EAP320 Front Panel 4ipnet FAP 420 EE EAP320 Front Panel B 1 B 2 4ipnet A 1 Primary antenna conn
119. the Syslog server SYSLOG Level Select the desired level of received events from the drop down menu Y v V WV 67 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 1 5 CAPWAP CAPWAP is a standard interoperable protocol that enables a controller to manage a collection of wireless access points There are 5 methods of auto AP discovery namely DNS SRV DHCP option Broadcast Multicast and Static Please refer to the Web page at System gt CAPWAP e CAPWAP The CAPWAP feature can be turned on by selecting Enable or turned off by selecting Disable e Certificate Date Check To enable this item select Enable and click Manage Certificates to enter the Upload Certificate page Please refer to the section 7 4 4 Upload Certificate e DNS SRV Discovery Using DNS SRV to discover acess controller gt Domain Name Suffix Enter the suffix of the access controller such as example com DHCP Option Discovery Using DHCP option to discover access controller Broadcast Discovery Using Broadcast to discover access controller e Multicast Discovery Using muticast to discover access controller e Static Discovery Using Static approach to discover access controller gt AC Address The IP address of the access controller If it can not discover the first AG it will try to discover the second AC 68 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH
120. the security type links to the Security Settings Page Se N r g System Wireless Firewall Utilities Status Home gt Wireless gt Security Settings Security Settings Profile Name RF Card A VAP 1 v Security Type Open jl H a WEP 802 1X 802 11r roaming WPA Personal WPA Enterprise VAP Security Type Page e MAC ACL The hyperlink showing Allow or Disable links to the Access Control Settings Page 71 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH B System Wireless Firewall Utilities Status Home gt Wireless gt Access Control Settings Access Control Settings Profile Name RF Card A VAP 1 Maximum Number of Clients 128 Range 1 256 per RF card Access Control Type Disable Access Control VAP MAC ACL Page e Advanced Settings The advanced settings hyperlink links to the Advanced Wireless Settings gt N amp System gt WARS Firewall gt Utilities i Status Home gt Wireless gt Advanced Wireless Settings Advanced Wireless Settings Profile Name RF Card A VAP 1 RTS Threshold 2346 1 2346 DTIM period 1 15 Consecutive Dropped Packets 2 50 0 Disable Broadcast SSID Disable Enable Wireless Station Isolation Disable Enable IAPP Disable Enable Multicast to Unicast Conversion Disable Enable
121. tified by an organization identifier Ol that is assigned by the IEEE similar to the first half of a MAC address An Ol is often 24 bits in length but can also be 36 bits i e OUI 36 e IP Address Type IPv4 or IPv6 e NAI Realm List An NAI Realm identifies the proper authentication server or domain for the user s authentication exchange By discovering which authentication realms are supported by a network a mobile device can selectively authenticate to its preferred networks gt EAP Type The NAI Realm list can also optionally indicate the Extensible Authentication Protocol EAP types supported by each realm as well as the authentication parameters for that EAP type e Domain Name List Lists one or more domain names for the entity operating the AP This is a critical for Hotspot 2 0 network selection policy as it identifies the operator of the network It indicates to the mobile device whether they are at a home or visited Hotspot e Cellular Network Information List PLMN Identifies the 3GPP cellular networks available through the AP Specifically this field identifies the Public Land Mobile Network PLMN ID comprised of the Mobile Country Code MCC and Mobile Network Code MNC of the mobile operator 93 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 7 3 Firewall The system provides an added security feature Layer2 Firewall in addition to the typical AP security Layer2 Firewall
122. tion EAP210 Front Panel 4ipnet Ear210 EAP210 Front Panel Rear Panel Power Status Uplink WES Restart PoE 1 1 2 3 45 6 7 1 2 EAP210 Rear Panel Antenna Reverse SMA connectors for attaching antennas Connector 1 1 is the primary antenna connector and 1 2 is the secondary 2 axma axa 2A Power Socket for the power aai The port for RE E connection to another gateway or device PoE 802 3af at is supported 4 WES Button WDS Easy Setup Press the button to build up a WDS link with another peer 4 WDS Copyright 4IPNET INC o 4ipnet User s Manual Enterprise Access Point ENGLISH links can be set up 5 Restart Button Press to restart the system 6 LED Indicators On indicates power on Status On indicates the system is ready WLAN On indicates wireless network interface is ready for service WES For indicating WDS connection status Slave Press once and Master Press for more than 3 seconds ag gel LED Green OFF and LED Green BLINKS WES Start then BLINKING SLOWLY SLOWLY WES Negotiate BLINKING SLOWLY BLINKING RAPIDLY Green Green WES Success LED Green ON LED LED Green ON ON WES Fail Timeout LED Green OFF LED bes re OFF Console Port To access EAP210 via the console interface Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH EAP220 Front Panel EAP220 Front Panel On indicates the sys
123. valve allows ventilation to prevent moisture buildup within the OWL530 PoE Connector For connecting to the Power Sourcing Equipment PSE N type Connector x 2 For connecting to an antenna 4 1 is the primary antenna connector and 4 2 is the secondary Utilize both connectors for 802 11n MIMO optimized performance 2 Ground Connector For connecting the ground wire 21 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH OWL620 OWL610 PSE PoE Adaptor Data Link OWL620 OWL610 22 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH B1 Bl A1 A2 Sja i Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s Hyper Terminal for troubleshooting purposes 2 Ethernet LAN Attach Ethernet cables here for connecting to the wired local network 3 PoE Connector For connecting to the Power Sourcing Equipment PSE i p N type Connector x 2 For connecting to an antenna OWL610 N type Connector x 4 For connecting to an antenna OWL620 RF Card A x 2 RF Card B x 2 A1 B1 is the primary antenna connector and A2 B2 is the secondary Utilize both connectors for 802 11n MIMO optimized performance 23 Copyright 4IPNET INC APM ers ar Enterprise Access Point ENGLISH OWL630 Top N type Connector x 6 For connecting to an a
124. verview page will appear upon the completion of reboot e Backup Settings Click Save to save the current system settings to a local disk such as the hard disk drive HDD of a local computer or a compact disc CD e Restore Settings Click Browse to search for a previously saved backup file and then click Upload to restore the settings The backup file will replace the active configuration file currently running on the sysiem 136 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH 8 4 3 System Upgrade To upgrade the system firmware click Browse to search for the new firmware file and then click Upload to execute the upgrade process The first step is to acquire the correct firmware file and supply it in the Ul field During firmware update please don t turn off the power to prevent from damaging the device permanently PAN e System Wireless Firewall Utilities Status Change Password Backup amp Restore System Upgrade Reboot Upload Certificate Home gt Utilities gt System Upgrade System Upgrade Current Version 1 10 00 Current Build Number 1 13 1 6891 File Name No file selected Upload Upgrade by TFTF IP Address Port File Name Apply e To prevent data loss during firmware upgrade please back up the current settings before gt gt Note proceeding further e Please restart the system after the upgrade Do not interrupt the sy
125. ving PoE Connect an IEEE 802 3at compliant PSE device e g a PoE switch to the Uplink port of EAP767 with the Ethernet cable Please follow the steps mentioned below to install the hardware of OWL530 OWL610 OWL620 OWL630 Step 1 Connect an antenna to the Access Point s antenna connector Step 2 Connect the Ethernet Port of OWL530 OWL610 OWL620 OWL630 to the POWER amp DATA OUT Port of a 802 3af at PSE device Step 3 Connect one end of an Ethernet cable to the Data In Port of PSE and the other end to the computer Step 4 Power on the PSE in order to supply adequate power to the OWL530 OWL610 OWL620 OWL630 Now the Hardware Installation is complete Please use only the power adapter supplied with the package Using a different power adapter may damage this system To verify the wired connection between the AP and your switch router hub please also check the LED status indicator of the respective network devices 31 Copyright AIPNET INC RPPNEE nn Enterprise Access Point ENGLISH 2 4 Access Web Management Interface 4ipnet Access Points support web based configuration When hardware installation is complete the AP can be configured through a PC by using a web browser The default values of the AP s LAN IP Address and Subnet Mask are IP Address 192 168 1 1 Subnet Mask 255 255 255 0 4ipnet Windows Internet Explorer Ge E http 192 1681 1 File Edit View Favorites Tools H
126. ystem Information Name 4ipnet EAP220 i Description Location Time Device Time 2013 11 26 10 12 19 Time Zone GMT 08 00 Taipei Time Enable NTP Manually set up NTP Server 1 time nist gov NTP Server 2 pool ntp org System Information Page There are two methods of setting up the time Manual indicated by the option Set Date amp Time and NTP The default is Manual and requires individual setup every time the system starts up Simply choose a time zone and set the time accordingly When it is finished click SAVE Time Zone GMT 08 00 Taipei ke Time O Enable NTP Manually set up Set Date her MMonth by Set Time Maur Bn sec Manually Time Setup The alternative method is NTP Upon selecting NTP under the Time field the configuration changes to allow up to two NTP servers Simply enter a local NTP server s IP Address if available or search online for an NTP server nearest to you Set the time zone and click SAVE Time Zone GMT 08 001 Taipei w Time Enable NTP O Manually set up NTP Setup 37 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point ENGLISH Step 2 Configuring the AP s Network Settings While still on this Page click on the Network Interface tab to begin configuration of the network settings General b Network Interface Port I Management CAPWAP IPV6 Home gt System gt Network
Download Pdf Manuals
Related Search