EAP701 / EAP717 v1.11 Enterprise Access Point
Contents
1. WPA Personal WPA Enterprise Security Settings Page VAP 1 shown Select the desired Security Type from the drop down menu which includes Open WEP 802 1X WPA Personal and WPA Enterprise 26 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e Open Authentication is not required and data is not encrypted during transmission when this option is selected This is the default setting as shown in the following figure gt y e E System Wireless Firewall Utilities Status ap Overview General VAP Config Security Repeater Advanced Access Control Home gt Wireless gt Security Security Settings Profile Name VAP 1 DI Security Type Open Jy 802 1X WPA Personal Security Settings Open e WEP WEP Wired Equivalent Privacy is a data encryption mechanism with key length selected from 64 bit 128 bit or 152 bit VAP overview Y General VAP Config Security Repeater Advanced Y Access Control Home gt Wireless gt Security Security Settings Profile Name VAP 1 DN Security Type WEP 7 Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 802 11 Authentication Open System Shared Key Auto WEP Key Length O 64 bits O 128 bits WEP Key Format O ASCII Hex WEP Key Index i EN WEP Keys Security Settings WEP 27 Copy2. gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period 53 Copyright 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e WPA Personal WPA Personal is a pre shared key authentication method VAP Overview General VAP Config Security Repeater Y Advanced Access Control Home gt Wireless gt Security Security Settings Profile Name VAP 1 sl Security Type WPA Personal Cipher Suite WPA2 Pre shared Key Type PSK Hex 64 chars O Passphrase 8 63 chars Pre shared Key Group Key Update Period 600 second s Security Settings WPA Personal gt Cipher Suite Select an encryption method from WPA2 or WPA2 WPA Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase Vv gt Pre shared Key Enter the key
3. 65 Setting Del Ed In Del Del Del Del Del Del Del Del Del Ed Ed Ed Ed Ed Ed Ed Ed Ed In In In In In In In In In Mv Mv Mv Mv Mv Mv Mv Mv Mv Mv Copyright 4IPNET INC 4ipnet 7 3 2 Service User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH The administrator can add or delete firewall services here the services in this list will become options to choose in firewall rule when EtherType is IPv4 The Access Point provides a list of rules to block or pass traffic of layer 3 or above protocols These services are available to choose from a drop down list of layer2 firewall rule edit page with Ether Type IPv4 The first 28 entries are default services and the administrator can add delete any extra desired services There are 28 firewall services available in default settings these default services cannot be deleted but can be disabled If changes are made please click SAVE to save the settings before leaving this page Firewall List Service Y Advanced Home gt Firewall gt Service Config un wN 10 Name ALL ALL TCP ALL UDP ALL ICMP FTP HTTP HTTPS POP3 SMTP DHCP Firewall Service Description Delete ALL TCP Source Port 0 65535 Destination Port 0 65535 UDP Source Port 0 65535 Destination Port 0 65535 ICMP TCP UDP Destination Port 20 21 TCP UDP Dest
4. Interface It indicates inbound outbound direction with desired interfaces gt Service when EtherType is IPv4 Select the available upper layer protocols services from the drop down list gt DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for the fields in 802 2 LLC frame header gt Type when EtherType is IEEE802 3 The field can be used to indicate the type of encapsulated traffic gt VLAN ID when EtherType is 802 1 Q The VLAN ID is provided to associate with certain VLAN tagging traffic gt Priority when EtherType is 802 1 Q It denotes the priority level with associated VLAN traffic gt Encapsulated Type when EtherType is 802 1 Q It can be used to indicate the type of encapsulated traffic gt Opcode when EtherType is ARP RARP This list can be used to specify the ARP Opcode in ARP header gt Source MAC Address Mask indicates the source MAC IP Address Mask indicates the source IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields gt Destination MAC Address Mask indicates the destination MAC IP Address Mask indicates the destination IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields 63 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH gt Action The rule can be chosen to be Block or Pass gt Remark Any note of this rule can be specifie
5. SS Hour Mimin Sec Manual Time Configuration Fields Gei Date Select the appropriate Year Month and Day from the drop down menu Set Time Select the appropriate Hour Min and Sec from the drop down menu Unless Internet connection or NTP becomes unavailable it is recommended to use NTP server for time synchronization because system time needs to be reconfigured upon reboot 39 Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 1 2 Network Interface On this page the network settings of the device can be configured fields with a red asterisk i e IP Address Netmask Default Gateway and Primary DNS Server are mandatory General Network Interface Port Y Management CAPWAP Home gt System gt Network Interface Network Settings Mode 9 Static DHCP Renew IP Address 192 168 1 1 Hi Netmask 255 255 255 0 Default Gateway 192 168 1 254 y Primary DNS Server 192 168 1 254 Alternate DNS Server Layer2 STP O Disable Enable Network Settings Page e Mode Determine the way to obtain the IP address by DHCP or Static gt Static The administrator can manually set up the static LAN IP address All required fields are marked with a red asterisk o IP Address The IP address of the LAN port o Netmask The Subnet mask of the LAN port o Default Gateway The Gateway IP address of the LAN port o Primary DNS Server
6. Subnet Mask 255 255 255 0 Aipnet Windows Internet Explorer G Le http 1192 168 1 1 File Edit View Favorites Tools Help S di B8 gt 4ipnet X Example of entering the AP s default IP Address into a web browser To access the web management interface WMI connect the administrator PC to the LAN port of the AP via an Ethernet cable Then set a static IP Address on the same subnet mask as the AP in TCP IP settings of your PC such as the following example IP Address 192 168 1 100 Subnet Mask 255 255 255 0 Please note that the IP Address used should not overlap with the IP Addresses of Note le any other device within the same network to avoid IP conflict Launch the web browser on your PC and enter the IP Address of the AP 192 168 1 1 at the address field and then press Enter The following Administrator Login Page will appear Enter admin for both the Username and Password fields and then click Login Username admin Password eeeee Administrator Login Page After a successful login into AP a System Overview page of the Web Management Interface WMI will appear Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH Overview associated Clients WDS Link Status Event Log Home gt Status gt System Overview System Overview GP System Radio Status System Name Enterp
7. The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period When these configurations are finished and MAC restriction is not needed click SAVE and Reboot the system Otherwise click on the Overview tab and proceed to the next step Note that the number of supported RADIUS Servers is model dependent 30 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH Step 3 Configuring MAC ACL Access Control List Clicking on the hyperlink corresponding with intended VAP in the MAC ACL column will bring the user to the Access Control Settings page VAP Overview General VAP Config Security Repeater Advanced Access Control Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients 32 Range 1 128 per system Access Control Type Disable Access Control y Access Control Settings Page Please choose among Disable Allow or Deny from
8. y e System Wireless VAP Overview General VAP Config Security Home gt Wireless gt VAP Config VAP Profile Name ESSID VLAN ID CAPWAP Tunnel Interface Firewall Utilities Repeater Y Advanced Access Control VAP Configuration Profile Name VAP 1 EN Disable Enable VAP 1 4ipnetAP A1 Disable Enable VLAN ID 1 4094 7 a Status VAP Configuration Page RF Card A VAP 1 as shown for example Select Enable for the VAP field and click SAVE Click the Overview tab to return to the previous table to begin the next step Step 2 Configure Security Settings for your VAP The following instructions will guide the user to set up wireless security with a specific VAP If only restricted access of certain MAC addresses is desired skip to Step3 MAC restriction can be coupled with wireless security to provide extra protection First click on the corresponding cell in the column labeled Security Type This hyperlink will direct the user to the following Security Settings page 25 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH gt AR ech 2 System Wireless Firewall Utilities Status gt N s General y VAP Config Security Repeater Advanced V Access Control IVAP Overview Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type
9. 11a 802 11n The guard interval is the space between symbols characters being transmitted to eliminate inter symbol interference In order to further boost throughput with 802 11n short guard interval is half of what it used to be please select Enable to use Short Guard Interval or Disable to use normal Guard Interval e Channel Width available when Band is 802 11g 802 11n or 802 11a 802 11n Double channel bandwidth to 40 MHz to enhance throughput e Channel Select the appropriate channel from the drop down menu to correspond with your network settings for example Channel 1 11 is available in North American and Channel 1 13 in Europe or choose the default 6 e Max Transmit Rate The maximum wireless transmit rate can be selected from the drop down menu The system will use the highest possible rate when Auto is selected Please note that MCSO MCS15 are transmit rates only for n bands 48 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e Transmit Power The signal strength transmitted from the system can be selected among Auto Highest High Medium Low and Lowest from the drop down menu e Beacon Interval ms The entered amount of time indicates how often the beacon signal will be sent from the access point e Transmission Rate Threshold The client will be kicked when transmission rate is lower than the configured threshold This ensures high connecti
10. A2 Disabled Open Disabled Edit 3 4ipnetAP A3 Disabled Open Disabled Edit 4 4ipnetAP A4 Disabled Open Disabled Edit 5 4ipnetAP A5 Disabled Open Disabled Edit 6 4ipnetAP A6 Disabled Open Disabled Edit 7 4ipnetAP A7 Disabled Open Disabled Edit 8 4ipnetAP A8 Disabled Open Disabled Edit VAP Overview Page To proceed with specific VAP configuration click on the corresponding cell in the State column and row of the VAP the particular VAP s Configuration page will then appear for further configuration 22 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH gt y e System Wireless Firewall Utilities VAP Overview General Y VAP Config Y Security Repeater Advanced Access Control Home gt Wireless gt VAP Config VAP Configuration Profile Name vaP 1 y VAP Disable Enable Profile Name VAP 1 ESSID 4ipnetAP A1 VLAN ID O Disable Enable VLAN ID 1 4094 CAPWAP Tunnel Interface El VAP Configuration Page VAP 1 shown E Status Please select the desired VAP profile from the drop down menu of Profile Name Choose Enable for the VAP field Pick a descriptive Profile Name and an appropriate ESSID for clients to associate to A VLAN ID can be provided to indicate the traffic through this particular VAP It may allow further management control e g access rights and Internet usage etc of each VAP with a management gateway Cli
11. EAP717 ENGLISH On each configuration page you may click SAVE to save the changes of your configured settings but you must reboot the system for the changes to take effect After clicking SA VE the following message will appear Some modification has been saved and will take effect after Reboot All online users will be disconnected during reboot or restart Note 37 Copyright O 4IPNET INC o o 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 1 System Upon clicking the System icon users can utilize this section for general configurations of the devices e g Time Setup Network Configurations and System Logs This section includes the following functions General Network Interface Port Management and CAPWAP 7 1 1 General General Network Interface Port Y Management CAPWAP Home gt System gt General System Information Name Enterprise Access Point Description Location Time Device Time 1970 01 01 09 01 04 Time Zone GMT 08 00 Taipei x Time Enable NTP Manually set up Set Date w Year y Month Day Set Time Hour w min w sec System Information Page System Information For maintenance purposes it is highly recommended to have the following information stated as clearly as possible gt Name The system name used to identify
12. ENGLISH 7 Web Management Interface Configuration This chapter will guide the user through the AP s detailed settings The following table shows all the User Interface Ul functions of 4ipnet s Enterprise Access Points The Web Management Interface WMI is the page where the status is displayed control is issued and parameters are configured In the Web Management Interface there are two main interface areas Main Menu and Working Area The Working Area occupies the major area of the WMI displayed in the center of the interface It is also referred to as the configuration page The Main Menu on the top of the WMI allows the administrator to traverse to various management functions of the system The management functions are grouped into branches System Wireless Firewall Utilities and Status Table 1 4ipnet Access Points Function Organization OPTION FUNCTION General Network Interface System Port Management CAPWAP VAP Overview General VAP Config Wireless Security Repeater Advanced Access Control Firewall List Firewall Service Advanced Change Password Backup amp Restore Utilities System Upgrade Reboot Upload Certificate Overview Associated Clients WDS Link Status Status Event Log 36 Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701
13. Select a WEP key format from ASCII or Hex WEP Key Index Select a key index from 1 4 The WEP key index is a number that specifies VV V Y which WEP key will be used for the encryption of wireless frames during data transmission gt WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys 52 Copyright 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e 802 1X When 802 1X Authentication is selected RADIUS authentication and Dynamic WEP are provided VAP Overview General VAP Config Security Home gt Wireless gt Security Security Type Dynamic WEP Primary RADIUS Server Repeater Advanced Access Control Security Settings Profile Name VAP 1 w 802 1X El Disable Enable WEP Key Length 64 bits 128 bits Rekeying Period 300 second s Host Domain Name IP Address Authentication Port 1812 m Secret Key Accounting Service Disable Enable Accounting Port 1813 d Accounting Interim Update Interval 60 second s Security Settings 802 1X Authentication gt Dynamic WEP Settings o Dynamic WEP For 802 1X security type Dynamic WEP is always enabled to automatically generate WEP keys for encryption o WEP Key Length Select a key length from 64 bit or 128 bit o Re keying Period The time interval for the dynamic WEP key to be updated the time unit is in seconds
14. Status gt System Overview System Overview g gt System Radio Status System Name Enterprise Access Point MAC Address 00 1F D4 02 32 F7 Firmware Version 1 00 00 Band 802 11g n Build Number 1 5 1 6477 Channel 6 Location TX Power Highest Site EN A Device Time 1970 01 01 08 15 39 System Up Time 0 days 0 15 39 LAN Interface AP Status Profil Security Onli MAC Address 00 1F D4 02 32 F6 ic BSSID ESSID Type Clients UN IP Address 192 168 1 1 VAP 1 00 1F D4 02 32 F7 4ipnetAP Al Open 0 Y Subnet Mask 255 255 255 0 Gateway 192 168 1 254 capwaP Status Disabled Web Management Interface Main Page System Overview From here click on the System icon to get to the following page On this Page you can make entries to the Name Description and Location fields as well as set the device s time 16 Copyright 4IPNET INC e 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH General A Management N CAPWAP Home gt System gt General System Information Name Enterprise Access Point ds Description Location Time Device Time 1970 01 01 08 22 30 Time Zone GMT 08 00 Taipei D Time O Enable NTP Manually set up Set Date Year Lelong z pay Set Time Hour el z sec System Information Page There are two methods of setting up the time Manual indicated by the option Set Date amp Time and NTP The default i
15. Step 4 Configuring Wireless Coverage VAP 1 To set up the AP s wireless access refer to the following VAP 1 configuration other VAP configuration can refer to the same setup steps as done for VAP 1 Click on the Overview tab to proceed 19 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH an eem VAP Overview Home gt Wireless gt VAP Overview VAP Overview VAP No ESSID State Security Type MAC ACL Advanced Settings 1 4ipnetAP A1 Enabled Open Disabled Edit 2 4ipnetAP A2 Disabled Open Disabled Edit 3 dipnetAP A3 Disabled Open Disabled Edit 4 4ipnetAP A4 Disabled Open Disabled Edit 5 4ipnetAP A5 Disabled Open Disabled Edit 5 dipnetaP as Disabled Open Disabled me 7 4ipnetAP A7 Disabled Open Disabled Edit 8 4ipnetAP A8 Disabled Open Disabled Edit Virtual AP Overview Page On this page click the hyperlink in the row and column that corresponds with VAP 1 s State This will bring up the following page few Y General VAP Config e a a Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP 1 EN VAP Disable Enable Profile Name VAP 1 ESSID 4ipnetAP A1 VLAN ID O Disable Enable VLAN ID 1 4094 CAPWAP Tunnel Interface T VAP Configuration Page 20 Cop
16. The security type includes Open WEP 802 1X WPA Personal and WPA Enterprise e Open Authentication is not required and data is not encrypted during transmission when this option is selected This is the default setting as shown in the following figure gt H y e gt System Wireless Firewall Utilities Status VAP Overview General Y VAP Config Security Repeater Advanced Access Control Home gt Wireless gt Security Security Settings Profile Name vaP 1 Security Type WPA Personal WPA Enterprise Security Settings Open 51 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e WEP WEP Wired Equivalent Privacy is a data encryption mechanism based on a 64 bit or 128 bit shared key algorithm VAP Overview General VAP Config YSecurity Repeater Advanced Access Control Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type WEP y Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 802 11 Authentication Y Open System Shared Key Auto WEP Key Length O 64 bits 128 bits WEP Key Format Y ASCII J Hex WEP Key Index 1 i WEP Keys 1 2 Security Settings WEP 802 11 Authentication Select from Open System Shared Key or Auto WEP Key Length Select a key length from 64 bit or 128 bit WEP Key Format
17. Threshold setting can be useful in areas where many client devices are associating with the AP or in areas where the clients are far apart and can detect only the AP but not each other e Fragment Threshold 802 11a 802 11b and 802 11g Modes Enter a value between 256 and 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference e DTIM Period Input the DTIM Interval that is generated within the periodic beacon at a specified frequency Higher DTIM will allow the wireless client to save more energy but the throughput will be lowered e Broadcast SSID Disabling this function will stop the system from broadcasting its SSID If broadcast of the SSID is disabled only devices that have the correct SSID can connect to the system e Wireless Station Isolation By enabling this function all stations associated with the system are isolated and can only communicate with the system 57 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e WMM The default is Disable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four access catego
18. amp Restore System Upgrade Reboot Upload Certificate Home gt Utilities gt Change Password Change Password Name admin Old Password New Password up to 32 characters Re enter New Password Change Password Page The administrator can change password on this page Enter the original password admin and new password and then re enter the new password in the Re enter New Password field Click SAVE to save the new password 7 4 2 Backup amp Restore This function is used to backup and restore the Access Point s settings The AP can also be restored to factory default using this function It can be used to duplicate settings to other access points backup settings of this system and then restore on another AP 68 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH gt y e S System Wireless Firewall Utilities Status Change Password Backup amp Restore Y System Upgrade Reboot y Upload Certificate Home gt Utilities gt Config Save amp Restore Configuration Backup amp Restore Reset to Default Backup System Settings Restore System Settings No file selected Backup amp Restore Page e Reset to Default gt Click Reset to load the factory default settings of the Access Point A pop up Page will appear to re confirm the request to reboot the system Click OK to proceed or click Cancel to cancel the reboot request M
19. backup file will replace the active configuration file currently running on the system After network parameters have been reset restored the network settings of the administrator PC may need to be changed to ensure that the IP address of the administrator PC is on the same subnet mask as the AP 70 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 4 3 System Upgrade The Access Point provides a web firmware upload upgrade feature The administrator can download the latest firmware from the website and save it on the administrator s PC To upgrade the system firmware click Browse to choose the new firmware file you downloaded onto your PC and then click Upload to execute the process There will be a prompt confirmation message to notify the administrator to restart the system after a successful firmware upgrade Please restart the system after upgrading the firmware gt y A Y System Wireless Firewall Utilities Status Change Password Backup amp Restore System Upgrade Reboot Upload Certificate Home gt Utilities gt system Upgrade System Upgrade Current Version 1 00 00 Current Build Number 1 5 1 6477 File Name Browse No file selected Upload System Upgrade Page e It is recommended to check the firmware version number before proceeding further Please make sure you have the correct firmware file Note e Firmware upgrad
20. i Colours B Connection i Data i Proxy i Telnet Rlogin SSH i Serial C Basic options for your PuTTY session Specify the destination you want to connect to Host Name or IP address 22 Connection type O Raw Telnet Rlogin O Serial Load save or delete a stored session Saved Sessions Default Settings Load Save Close window on exit O Always Never 9 Only on clean exit Open Cancel 78 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH To reset the system to factory default through the console interface Login as reset2def and enter reset2def as your password Y COMA Pu TY ef y vant to reset to fa efault and reboot If the console connection is not readily available the IP address of the AP can be retrieved with an IP Discovery Utility provided by 4ipnet Simply connect via an Ethernet cable and run the Discovery Utility Note that the laptop PC connecting to the AP must run in Windows XP compatible mode and a static IP must be set P N V11120150311 79 Copyright 4IPNET INC
21. interface to reset the access point to its factory default settings In order to connect to the console port of a 4ipnet access point a console modem cable and a terminal simulation program such as PuTTy are needed There are 2 ways to access the console interface 1 Direct Connection EAP717 Only Notebook gt USB to RS232 with DB9 connector gt Console Cable gt Console Port The USB to RS232 cable is not supplied with standard packaging It is recommended to use only the console cable provided with the packaging USB RS232 Console Cable RJ45 The speed baud rate needs to be selected for direct connections and the baud rate is as follows Model Baud Rate bps EAP717 57600 77 Copyright 4IPNET INC 2 Remote Connection User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH Basic options for your PUTTY session Specify the destination you want to connect to COM 57600 Connection type Raw Telnet Rlogin SSH 0 Serial Load save or delete a stored session Saved Sessions Default Settings Load Save Close window on exit Always D Never 9 Only on clean exit The system supports access to the console interface via SSH Typically SSH utilizes Port 22 and would require the WAN IP address for access Terminal i Keyboard Bell i Features B Window ie Appearance Behaviour Translation Selection
22. this system gt Description Further information about the system e g device model firmware version and active date gt Location The information on geographical location of the system for the administrator to locate the system easily Time gt Device Time Display the current time of the system gt Time Zone Select an appropriate time zone from the drop down list box gt Time Synchronize the system time by reachable NTP servers or manual setup 1 Enable NTP By selecting Enabled NTP the AP can synchronize its system time with the NTP server 38 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH automatically When this method is chosen at least one NTP server s IP address or domain name must be provided Time Device Time 2000 01 03 04 32 49 Time Zone GMT 08 00 Taipei de Time OEnable NTP O Manually set up NTP Server 1 a NTP Server 2 NTP Time Configuration Fields Generally networks should have a common NTP server internal or external If there isn t locate a nearby NTP server on the web 2 Manually set up By selecting Manually set up the administrator can manually set the system date and time Time Device Time 2000 01 03 04 32 49 Time Zone GMT 08 00 Taipei de Time OEnable NTP O Manually set up Set Date Suns Sheet Month pay Set Time v
23. 094 Y VAP State Page e Security Type The hyperlink showing the security type links to the Security Settings Page eS System Wireless amp Status y e Firewall Utilities emm A VAP Overview General VAP Config security Repeater Advanced Access Control Home gt Wireless gt Security Security Type Security Settings Profile Name VAP 1 y 802 1X WPA Personal WPA Enterprise VAP Security Type Page e MAC ACL The hyperlink showing Allow or Disable links to the Access Control Settings Page 46 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH VAP Overview General VAP Config Security Repeater Advanced access Control Home gt Wireless gt Access Control Maximum Number of Clients Access Control Type Access Control Settings Profile Name VAP 1 D 32 Range 1 128 per system Disable Access Control VAP MAC ACL Page e Advanced Settings The advanced settings hyperlink links to the Advanced Wireless Settings Page Se System Wireless Home gt Wireless gt Advanced RTS Threshold DTIM period Broadcast SSID Wireless Station Isolation WMM IGMP Snooping Profile Name VAP 1 2346 1 VAP Advanced Settings Page Firewall Advanced Wireless Settings 1 23
24. 46 1 15 Disable Enable Disable Enable Disable Enable Disable Enable 47 e 6 Utilities Status PPP PP TT EEN Copyright O 4IPNET INC gipnet 7 2 2 General User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH AP s general wireless settings can be configured here H System Wireless VAP Overview General VAP Config Security Home gt Wireless gt General Band Short Preamble Short Guard Interval Channel Width Channel Max Transmit Rate Transmit Power Beacon Interval Transmission Rate Threshold Repeater E Status y e Firewall Utilities Advanced Access Control General Settings 802 11g 802 1in Y Pure Lin Disable Enable Disable Enable 20 MHz M 6 v Auto v Highest 100 100 500ms 0 kbps 0 Disable Only applicable when Max Transmit Rate is set to Auto AP General Settings Page e Band Select an appropriate wireless band 802 11a 802 11b 802 11g 802 11b 802 11g 802 11g 802 11n 802 11a 802 11n or select Disable if the wireless function is not required gt Pure 11n Enable 802 11n network only e Short Preamble The short preamble with a 56 bit synchronization field can improve WLAN transmission efficiency Select Enable to use Short Preamble or Disable to use Long Preamble with a 128 bit synchronization field e Short Guard Interval available when Band is 802 11g 802 11n or 802
25. 7 1007 SZ8 1008 LAN port traffic tunneled back to a WHG Controller without a VLAN ID will be suspended from access to any network service gt VLAN ID Enable selected implies that network traffic sent upstream from this LAN port will be tagged with the VLAN ID configured in the field below Disable selected implies that traffic from this LAN port will not be tagged with a VLAN ID gt CAPWAP Tunnel Interface Select a LAN VAP or WDS interface to designate its traffic to pass through the CAPWAP Tunnel established between the AP and the controller For network interfaces that are unchecked their traffic will be forwarded locally into the internet if this AP is deployed remotely on the WAN side of a controller gt The TIP in red at the bottom of the page explains that each service zone from default to Service Zone 8 has its fixed pre determined VLAN ID number when utilizing CAPWAP Admin needs to enter one of the numbers in order to direct traffic back to a certain Service Zone 4 Copyright O 4IPNET INC e 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 1 4 Management The management services e g VLAN for Management SNMP and System log can be configured here i General Network Interface Port Management CAPWAP Home gt System gt Management Services Management Services VLAN for Management Disable Enable VLAN ID 1 4094 SNMP Configuration D
26. 802 1in Y Pure 1in Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Width 20 MHz v Channel 6 M Max Transmit Rate Auto v Transmit Power Highest Y Beacon Interval 100 100 500ms Transmission Rate Threshold 0 kbps 0 Disable Only applicable when Max Transmit Rate is set to Auto Wireless General Settings Page Please make sure both APs are using the same Band and Channel in order to establish a successful WDS link Click SAVE if any changes have been made 33 Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH Step 2 Prevent Loops when Connecting Multiple APs When many APs are linked in this manner undesired loops may form to lower overall WLAN performance To prevent such occurrence please make sure Layer 2 STP is enabled To turn on this feature please click on the System icon and the Network Interface tab 4 y e 2 System Wireless Firewall Utilities Status General Network Interface Port Y Management CAPWAP Home gt System gt Network Interface Network Settings Mode g Static DHCP Renew IP Address 192 168 1 1 Netmask 255 255 255 0 id Default Gateway 192 168 1 254 a Primary DNS Server 192 168 1 254 Alternate DNS Server Layer2 STP O Disable Enable Network Settings Page Please select Enable in the field labeled Layer2 STP This will prevent data from loopi
27. AC Address State 1 9 Disable Enable 2 Disable Enable 3 9 Disable Enable Deny List 6 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 3 Firewall The system provides an added security feature Layer2 Firewall in addition to the typical AP security Layer2 Firewall offers a firewall function that is tailored specifically for Layer2 traffic providing another choice of shield against possible security threats coming from going to WLAN AP interfaces hence besides firewall policies configured on gateways this extra security feature will assist to mitigate possible security breach This section provides information in the following functions Firewall Lists Service and Advanced Firewall Settings 7 3 1 Firewall List It provides an overview of firewall rules in the system 6 default rules with up to a total of 20 firewall rules are available for configuration Firewall List Service Y Advanced Firewall gt Firewall List Home Layer 2 Firewall Settings Enable Layer 2 Firewall O Disable Enable No State Action Name EtherType Remark 1 O DROP CDP IEEE_8023 2 a DROP STP IEEE_8023 3 O DROP GARP IEEE_8023 Firewall List Page From the overview table each rule is designated with the following field Setting Del Ed In Mv Del Ed In Mv Del Ed In Mv No The numbering will decide the priority for the system to carry out the availabl
28. Disabled N A N A N A N A K 75 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 5 4 Event Log The Event Log provides a record of system activities The administrator can monitor the system status by checking this log Overview Home Sep Sep Sep Associated Clients WDS Link Status y Event Log gt Status gt Event Log Event Log 5 00 04 50 syslogd started BusyBox v1 12 4 5 00 04 53 logd localhost crond 1614 crond busybox 1 12 4 started log level 8 5 01 02 01 logd localhost crond 1614 USER root pid 422 cmd etc rc d rc systime sync_ntp Event Log Page Each line in the log represents an event record in each line there are 4 fields Date Time The time amp date when the event happened Hostname Indicates which host recorded this event Note that all events on this page are local events so the hostname in this field is always the same In remote SYSLOG service however this field will help the administrator identify which event is from this Access Point Process name Indicate the event generated by the running instance Description Description of the event To save the file locally click SAVE LOG to clear all of the records click CLEAR 76 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH S Console Interface Configuration Via the console port administrators are able to enter the console
29. HCP packets Since devices configured with static IP address does not send DHCP traffic any clients with static IP address will be blocked from internet access unless its MACIIP pair is listed and enabled on the Static Trust List Trust List Broadcast can be enabled to let other APs with L2 firewall feature learn the trusted MAC IP pairs to issue ARP requests Static Trust List can be used to add MAC or MAC IP pairs of devices that are trusted to issue ARP request Other network nodes can still send their ARP requests however if their IP appears on the static list with different MAC their ARP requests will be dropped to prevent eavesdropping If any settings are changed please click SAVE to save the configuration before leaving this page 67 Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 4 Utilities The following utility features on this page allow the administrator to maintain the system Change Password Backup Restore System Upgrade Reboot and Upload Certificate 7 4 1 Change Password To protect the Web Management Interface from unauthorized access it is highly recommended to change the administrator s password to a secure password Only alpha numeric characters are allowed and it is also recommended to make use of a combination of both numeric and alphabetic characters g gt 4 N e E System Wireless Firewall Utilities Status Change Password Backup
30. Key Length Select a key length from 64 bits or 128 bits o Re keying Period The time interval for the dynamic WEP key to be updated the time unit is in seconds gt RADIUS Server Settings A redundant server can also be added to the system o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 28 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period e WPA Personal Provides shared key authentication in WPA data encryption VAP Overview General VAP Config Security Repeater Advanced Access Control Home gt Wireless gt Security Security Settings Profile Name VAP 1 D Security Type WPA Personal Le Cipher Suite WPA2 Pre shared Key Type PSK Hex 64 chars O Passphrase 8 63 chars Pre shared Key Group Key Update Period 600 second s Security Sett
31. S server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period 55 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 2 5 Repeater 4ipnet Access Points are capable of utilizing WDS to extend wireless network coverage If WDS is enabled the AP can support up to 4 WDS links to its peer APs Security Type None WEP or WPA PSK can be configured to decide which encryption is to be used for WDS connections respectively Please fill in remote peer s MAC address and click SAVE to proceed if setting revision is necessary the CLEAR button can be used to clear the contents in the above WDS connection list gt 4 d e S System WiGESs Firewall Utilities Status VAP Overview General VAP Config Security Repeater Advanced Access Control Home gt Wireless gt Repeater Config Repeater Settings Repeater Type wDs y 4 WDS Profile RE Card A WDS Link 1 D WDS Disable MAC Address Security type None D CAPWAP Tunnel Interface y Repeater Settings WDS o WDS Select Enable to enable the respective WDS links Select Disable to
32. The IP address of the primary DNS Domain Name System server o Alternate DNS Server The IP address of the substitute DNS server gt DHCP This configuration type is applicable when the system is connected to a network with the presence of a DHCP server all related IP information required will be provided by the DHCP server automatically e Layer 2 STP If the AP is set up to bridge other network components this option can be enabled to prevent undesired loops because a broadcasting storm may occur in a multi switch environment where broadcast packets are forwarded in an endless loop between switches Moreover a broadcast storm may consume most of the available system resources in addition to available bandwidth Thus enabling the Layer 2 STP can lower such undesired occurrence and derive the best available data path for network communication 40 Copyright O 4IPNET INC o 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 1 3 Port The physical Ethernet ports of the AP can be configured to append a VLAN tag for upstream delivery General Network Interface Port Management Y CAPWAP Home gt System gt Port Config Port Configuration Port LAN1 D VLAN ID Disable Enable VLAN ID 1 4094 CAPWAP Tunnel Interface TIP For tunneled LAN ports Service Zones to VLAN ID Mappings are Default Zone 1000 SZ1 1001 SZ2 1002 SZ3 1003 SZ4 1004 SZ5 1005 SZ6 1006 SZ
33. ck SAVE and then Reboot for the changes to take effect 23 Copyright O 4IPNET INC gipnet 5 Securing the AP Different VAP may require different levels of security These instructions will guide the user through User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH setting up different types of security for a particular VAP Simply repeat the following steps for other VAP with security requirement Step 1 Ensure the intended VAP is Enabled gt H System Wireless VAP Overview General vap Config Security Repeater Home gt Wireless gt VAP Overview VAP No ESSID 1 4ipnetAP A1 4ipnetAP A2 4ipnetAP A3 4ipnetAP A4 4ipnetAP A5 4ipnetAP A6 4ipnetAP A7 N Ooi un A WIN 4ipnetAP A8 State Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Firewall VAP Overview Security Type Open Open Open Open Open Open Open Open VAP Overview Page PA Utilities Advanced Access Control MAC ACL Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled E Status Advanced Settings Edit Edit Edit Edit Edit Edit Edit Edit On the VAP Overview page check the table to confirm the VAP State If it is Enabled skip to Step 2 If not click on to proceed with VAP Configuration for that particular VAP 24 Copyright O 4IPNET INC gipnet gt H User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH
34. d clients on this page When a low SNR is found here the administrator can tune the corresponding parameters or investigate the settings of associated clients to improve network communication performance Overview Y Associated Clients WDS Link Status Event Log Home gt Status gt Wireless Clients Associated Client Status Client List Idle Time Disconnect secs Associated VAP ESSID MAC Address SNR dB Associated Client Status Page e Associated VAP The name of a VAP Virtual Access Point that the client is associated with e ESSID The Extended Service Set ID which the client is associated with e MAC Address The MAC address of associated clients e SNR The Signal to Noise Ratio of respective client s association e Idle Time Time period that the associated client is inactive for the time unit is in seconds e Disconnect Upon clicking Kick the client will be disconnected from the system 7 5 3 WDS Link Status The administrator can review detailed information of the repeater function at Status gt WDS Link Status Information of WDS status traffic statistics encryption and other details are provided Overview Associated Clients Y WDS Link Status Y Event Log Home gt Status gt Repeater Information Repeater Information WDS Link Status Item Status MAC Address RSSI TX Rate TX Error Encryption Tunnel 1 Disabled N A N A N A N A Y 2 Disabled N A N A N A N A Y 3 Disabled N A N A N A N A w 4
35. d here When the configuration for firewall rule is completed please click SAVE and Reboot system to let the firewall rule take effect gt gt To insert a specific rule In in the Setting column of the firewall list will lead to the following page for detail configuration with rule ID for the current inserted rule From this page a rule can be added or edited from an existing rule for revision gt gt To move a specific rule Mv in the Setting column of the firewall list will lead to the following page for reordering confirmation After the SAVE button is clicked and system is rebooted the order of rules will be updated Firewall List Service Y Advanced Home gt Firewall gt Move rule Move Rule ID 1 Moveto Before O After ID 1 20 Please make sure all desired rules state of rule are checked and saved in the overview page the rules will be enforced upon system reboot 64 Copyright 4IPNET INC gipnet Firewall use service Advanced User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 10 Home gt Firewall gt Firewall List Layer 2 Firewall Settings Enable Layer 2 Firewall O Disable O Enable State MiM MM a Action DROP DROP DROP DROP DROP DROP Name CDP and VTP STP BPDU GARP RIP HSRP OSPF EtherType Remark IEEE_8023 IEEE_8023 IEEE_8023 IPv4 IPv4 IPv4 First Prev Next Last total 20 e
36. different departments A centralized WLAN management allows enterprises and organizations to support a wide array of value added applications such as load balancing bandwidth control and access control The patent pending 4ipWES Press n Connect technology bridges multiple EAPEAP701 717s at the touch of a button which enables a quick and automatic WDS Easy Setup by pressing the WES button on Access Point Extending wireless network coverage is a breeze be it across conference rooms or along hallways EAP701 EAP717 s high throughput security and optimal invisibility make it a perfect choice of wireless connectivity for your business Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 2 2 Hardware Description This section depicts the hardware information including all panel description EAP717 Front Panel lt k e EAP717 Front Panel 1 LAN 1 2 Ports Attach Ethernet cables here to connect to the wired local network 2 Uplink PoE Port For Uplink connection This port can be used to connect to a controller gateway or directly to the internet PoE is supported 3 LED Indicators 4 LED lights Representation is listed at the top of the panel 4 Phone Jack A telephone can bypass to a connected phone line in the back of the AP when connected to the socket 5 5V 52A Attach the power adaptor here 7 Copyright O 4IPNET INC gipnet Rear Pa
37. e firewall rules in the tables State The check marks will enable the respective rules e Action DROP denotes a block rule ACCEPT denotes a pass rule e Name Shows the name of the rule EtherType Denotes the type of traffic subjected to this rule Remark Shows the note of this rule Setting 4 actions are available Del denotes to delete the rule Ed denotes to edit the rule In denotes to insert a rule and Mv denotes to move the rule 62 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH gt gt To delete a specific rule Del in the Setting column of firewall list will lead to the following page for removal confirmation After the SAVE button is clicked and system is rebooted the rule will be removed Firewall List Service Y Advanced Home gt Firewall gt Firevall List Layer 2 Firewall Settings Remove rule 1 gt gt To edit a specific rule Ed in the Setting column of the firewall list will lead to the following page for detail configuration From this page the rule can be edited from scratch or from an existing rule for revision The following fields will be displayed gt Rule ID The numbering of this specific rule will decide its priority among available firewall rules in the table gt Rule name The rule name can be specified here gt EtherType The drop down list will provide the available types of traffic subjected to this rule gt
38. e may sometimes result in the loss of data Please ensure that all necessary settings are written down before upgrading the firmware e During firmware upgrade please do not turn off the power This may permanently damage the system 7 4 4 Reboot This function allows the administrator to restart the AP safely The process takes approximately three minutes Click Reboot to restart the system Please wait for the blinking timer to complete its countdown before accessing the system s Web Management Interface again The System Overview page will appear after a successful reboot Occasionally it is necessary to reboot the AP to ensure that parameter changes are submitted 71 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH gt H y System Wireless Firewall Change Password Backup amp Restore Upload Certificate System Upgrade Reboot Home gt Utilities gt Reboot Reboot the System e E UTILITIES Status Reboot may take several minutes to complete The Admin Login Page will be shown after system boots up Reboot Page 7 4 5 Upload Certificate This function is used to configure a valid certificate for security validation required in CAPWAP Upload Certificate Upload Private Key File Name Upload Certificate File Name Upload Trusted Certificate File Name use Default Certificate Browse gt Upload Certificate It provides flexibility
39. essage from webpage 2 J This action will reboot the system Do you want to continue Reboot Confirmation Prompt gt A warning message as displayed below will appear during the reboot period The system power must be kept on before the completion of the reboot process gt The System Overview page will appear upon reboot completion The system can be reset to default from the console interface COM Port connection should the administrator forget the AP s IP address With the right baud rate and a termination simulation program such as PuTTy or Hyper Terminal a login prompt should be seen as such 69 Copyright O 4IPNET INC User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH Login as reset2def and enter reset2def as your password Type yes to reset the AP to factory default If the console connection is not readily available the IP address of the AP can be retrieved with an IP Discovery Utility provided by 4ipnet Simply connect via an Ethernet cable and run the Discovery Utility Note that the laptop PC connecting to the AP must run in Windows XP compatible mode and a static IP must be set e Backup System Settings Click Backup to save the current system settings to a local disk such as the hard disk drive HDD of a local computer or a compact disc CD e Restore System Settings Click Browse to search for a previously saved backup file and then click Upload to restore the settings The
40. f mounting For mounting installation instructions please refer to the included EAP701 Quick Installation Guide Step 2 Connect one end of the Ethernet cable to the Uplink port and the other end of the cable to a switch a router or a hub Or use the 110 punchdown block as your uplink connection The EAP701 is now connected to your existing wired LAN network Step 3 There are three ways to supply power to EAP701 a Connect the DC power adaptor to the power jack socket b The Uplink port is capable of receiving PoE Connect an IEEE 802 3af compliant PSE device e g a PoE switch to the Uplink port of EAP701 with the Ethernet cable c Use a standard 110 punchdown tool to punch copper wires onto the punchdown block pin assignment 568A Now the Hardware Installation is complete Please use only the power adapter supplied with the package Using a different power adapter may damage this system To verify the wired connection between the AP and your switch router hub please also check the LED status indicator of the respective network devices Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 2 4 Access Web Management Interface 4ipnet Access Points support web based configuration When hardware installation is complete the AP can be configured through a PC by using a web browser The default values of the AP s LAN IP Address and Subnet Mask are IP Address 192 168 1 1
41. g Security Y Repeater Y Advanced Y Access Control Home gt Wireless gt VAP Config VAP Configuration Profile Name vap 1 VAP Disable Enable Profile Name VAP 1 ESSID 4ipnetAP A1 VLAN ID Disable Enable VLAN ID 1 4094 CAPWAP Tunnel Interface e VAP Configuration Page To enable specific VAP select the VAP from the drop down list of Profile Name The basic settings of each VAP are collected in the profile as follows e VAP Enable or Disable this VAP e Profile Name The profile name of a specific RF card and its VAP for identity management purposes e ESSID ESSID Extended Service Set ID serves as an identifier for clients to associate with the specific VAP It can be coupled with different service levels like a variety of wireless security types e VLAN ID The 4ipnet Access Point supports tagged VLANs virtual LANs To enable VLAN function each VAP shall be given a unique VLAN ID with valid values ranging from 1 to 4094 e CAPWAP Tunnel Interface Select Checkbox to designate traffic for the VAP to pass through CAPWAP Tunnel established between the AP and the controller 50 Copyright O 4IPNET INC e 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 2 4 Security The Access Point supports various wireless authentication and data encryption methods in each VAP profile With this the administrator can provide different service levels to clients
42. gi ynet e for your IP network User s Manual EAP701 EAP717 v1 11 Enterprise Access Point gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH Copyright amp Disclaimer Copyright The contents of this publication may not be reproduced in any part or as a whole stored transcribed in an information retrieval system translated into any language or transmitted in any form or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written permission of 4IPNET INC Disclaimer AIPNET INC does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights not the parent rights of others 4IPNET further reserves the right to make changes in any products described herein without notice The publication is subject to change without notice Trademarks AIPNET 4ipnet is a registered trademark of 4IPNET INC Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH Table of Contents Lo e YOU a a 4 A A E ee nter serene wnnenT Err ar mtr ee 4 1 2 Document CONVE a 4 1 3 Package COMA ad 5 2 System Overview and Getting Started ii a 6 EE ee E EE 6 2 2 Hard
43. iginal packaging to prevent damage during delivery Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 2 System Overview and Getting Started 2 1 Introduction The 4ipnet EAP717 Enterprise Access Point is an on the wall as well as a ceiling mounted Wi Fi IEEE 802 11n a b g 2 x 2 MIMO access point designed to blend into a working or a living environment practically and elegantly with its simplistic yet classy design The EAP717 is ideal for appearance accentuated applications such as hotels as it has a small and inconspicuous form factor The RH11 telephone pass through socket is yet another convenient feature for hotel applications The two Ethernet LAN Ports eliminates the need for a network switch for additional IP Device connections The 4ipnet EAP701 Wall Jack Access Point is an in on the wall Wi Fi IEEE 802 1 1b g n 2 4GHz 2 X 2 MIMO access point designed specifically for hospitality The compact EAP701 in a small form factor lays snug ina standard wall outlet box Its side panel features LED status indicators and two RJ45 ports It has the interfaces to serve both wireless and wired LAN access When coupled with the 4ipnet WHG series Controller the EAP701 EAP717 supports Tunnel based AP Management and comes with all standards demanded by enterprise applications including business grade security 802 1X WPA and WPA2 and multiple ESSIDs with VLAN tags to separate the traffics of
44. ination Port 80 TCP UDP Destination Port 443 TCP Destination Port 110 TCP Destination Port 25 UDP Destination Port 67 68 First Prev Next Last total 28 Add Firewall Service Page 66 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 3 3 Advanced At Firewall gt Advanced more advanced settings on firewall rules can be configured providing extra security enhancement against DHCP and ARP traffic traversing the available interfaces of the system es Trust Interface Each VAP interface can be checked individually to mark as trusted interfaces security enforcements on DHCP ARP like DHCP snooping and ARP inspection will be carried out on non trusted interfaces DHCP Snooping When enabled DHCP packets will be validated against possible threats like DHCP starvation attack in addition the trusted DHCP server IP MAC can be specified to prevent rouge DHCP server s ARP Inspection When enabled ARP packets will be validated against ARP spoofing O Proxy ARP option when enabled AP will reply ARP requests on behalf of downlink stations The ARP table maintained by the AP will be used as a look up table upon receipt of ARP request from AP uplink Adversely without Proxy ARP ARP request is broadcasted down into the AP s wireless network causing network inefficiencies Force DHCP option when enabled the AP only learns MAC IP pair information through D
45. ings WPA Personal gt Cipher Suite Select an encryption method from WPA2 or WPA2 WPA Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase gt Pre shared Key Enter the key value for the pre shared key the format of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds Vv 29 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e WPA Enterprise Authenticates users by RADIUS and provides WPA data encryption VAP Overview General Y VAP Config Security Repeater Advanced Y Access Control Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type WPA Enterprise e Cipher Suite WPA2 x Group Key Update Period 600 second s ey AADIS SENEE Et ts Domain Name IP Address Authentication Port 1812 ie Secret Key Accounting Service Disable Enable Accounting Port 1813 is Accounting Interim Update Interval ep second s Security Settings WPA Enterprise gt WPA Settings o Cipher Suite Select an encryption method from WPA2 or WPA2 WPA o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port
46. isable gt Enable Community String Read Write Trap Disable Enable Server IP System Log O Disable Enable SYSLOG Server IP 192 168 1 254 Server Port 514 SYSLOG Level Error Management Services Page e VLAN for Management When this is enabled management traffic from the system will be tagged with a VLAN ID In other words administrator who wants to access the WMI must send management traffic with the same VLAN ID such as connecting to a specific VAP with the same VLAN ID Enter a value between 1 and 4094 for the VLAN ID if the option is enabled 42 Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e SNMP Configuration By enabling the SNMP function the administrator can obtain the system information remotely SNMP Configuration O Disable Enable Community String Read Write Trap Disable Enable Server IP SNMP Configuration Fields Enable Disable Enable or Disable this function gt Community String The community string is required when accessing the Management Information Base MIB of the system o Read Enter the community string to access the MIB with Read privilege o Write Enter the community string to access the MIB with Write privilege gt Trap When enabled events on Cold Start Interface UP amp Down and Association amp Disassociation can be reported to an assigned server o Enable Disable E
47. isable Enable Static Discovery Disable Enable Pri AC Address Remark 1 e CAPWAP The CAPWAP feature can be turned on by selecting Enable or turned off by selecting Disable e Certificate Date Check To enable this item select Enable and click Manage Certificates to enter the Upload Certificate page Please refer to the section 7 4 4 Upload Certificate e DNS SRV Discovery Using DNS SRV to discover acess controller gt Domain Name Suffix Enter the suffix of the access controller such as example com DHCP Option Discovery Using DHCP option to discover access controller Broadcast Discovery Using Broadcast to discover access controller Multicast Discovery Using muticast to discover access controller e Static Discovery Using Static approach to discover access controller gt AC Address The IP address of the access controller If it can not discover the first AC it will try to discover the second AC 44 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 5 Wireless This section includes the following functions VAP Overview General VAP Configuration Security Repeater Advanced and Access Control The 4ipnet Access Point supports up to eight Virtual Access Points VAPs per RF card Each VAP can have its own settings e g ESSID VLAN ID security settings etc With such VAP capabilities different levels of service can be configured to meet
48. ment decides that the AP will be getting dynamic IP Addresses from the connected network set Mode to DHCP otherwise set Mode to Static and fill in the required fields marked with a red asterisk IP Address Netmask Gateway and Primary DNS Server with the appropriate values for the network Click SAVE when you are finished to save changes that have been made Step 3 Configure the AP s Wireless General Settings Click on the Wireless icon followed by the General tab On this page we need to choose the Band and Channel that we wish to use Copyright O 4IPNET INC gipnet e H System Wiese User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH V A E Home gt Wireless gt General Firewall Utilities Status VAP Overview General VAP Config Security Y Repeater d Advanced f Access Control General Settings Band 802 11g 802 11n Y Pure 11n Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Width 20 MHz Y Channel 6 v Max Transmit Rate Auto M Transmit Power Highest Y Beacon Interval 100 100 500ms Transmission Rate Threshold 0 kbps 0 Disable Only applicable when Max Transmit Rate is set to Auto Wireless General Settings Page On this page select the band in which the AP is to broadcast its signal The rest of the fields are optional and can be configured at another time Click SAVE if any changes have been made
49. nable or Disable this function o Server IP Address Enter the IP address of the assigned server that will receive the trap report e System Log When this function is enabled specify an external SYSLOG server to accept SYSLOG messages from the system remotely System Log Disable O Enable SYSLOG Server IP 192 168 1 254 Server Port 514 SYSLOG Level Error v System Log Fields Enable Disable Enable or Disable this function SYSLOG Server IP The IP address of the Syslog server that will receive the reported events Server Port The port number of the Syslog server SYSLOG Level Select the desired level of received events from the drop down menu V Y Y V 43 Copyright 4IPNET INC hd E 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 1 5 CAPWAP CAPWAP is a standard interoperable protocol that enables a controller to manage a collection of wireless access points There are 5 methods of auto AP discovery namely DNS SRV DHCP option Broadcast Multicast and Static Please refer to the Web page at System gt CAPWAP General Network Interface Port Y Management Y CAPWAP Home gt System gt CAPWAP CAPWAP Configuration CAPWAP Disable Enable Certificate Date Check Disable Enable Manage Certificates DNS SRV Discovery Disable Enable Domain Name Suffix DHCP Option Discovery Disable Enable Broadcast Discovery Disable Enable Multicast Discovery D
50. nel User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH p N LA Restart Console Reset m w EAP717 Rear Panel 1 WES Button WDS Easy Setup Press the button to build up a WDS link with another peer 2 Restart Reset Button Press once to restart the system Press and hold for more than 5 seconds to reset to factory default 3 Console Port To access EAP717 via the console interface Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH EAP701 Lower Panel EAP701 Lower Panel 1 LAN 1 2 Ports Attach Ethernet cables here to connect to the wired local network 2 DC Jack 5V 722 A Attach the power adaptor here Upper Panel IMM SSS UL EAP701 Upper Panel 1 Restart Reset Button Press once to restart the system Press and hold for more than 5 seconds to reset to factory default 2 LED Indicators 4 LED lights Representation is listed at the top of the panel 3 WES Button WDS Easy Setup Press the button to build up a WDS link with another peer 9 Copyright 4IPNET INC gipnet Back Panel User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH EAP701 Lower Panel 1 110 Punchdown Block Copper wire punch down for in wall application 2 Uplink PoE Port For Uplink connection This port can be used to connect to a cont
51. network requirements 7 2 1 VAP Overview An overall status is collected on this page including ESSID State Security Type MAC ACL and Advanced Settings where the AP features 8 VAPs with respective settings In this table please click on the hyperlink to further configure each individual VAP H y e e System Wireless Firewall Utilities Status VAP Overview Y General Y VAP Config Security Repeater Y Advanced Y Access Control Home gt Wireless gt VAP Overview VAP Overview VAP No ESSID State Security Type MAC ACL Advanced Settings 1 4ipnetAP A1 Enabled Open Disabled Edit 2 4ipnetAP A2 Disabled Open Disabled Edit 3 4ipnetAP A3 Disabled Open Disabled Edit 4 4ipnetAP A4 Disabled Open Disabled Edit 5 4ipnetAP A5 Disabled Open Disabled Edit 6 4ipnetAP A6 Disabled Open Disabled Edit 7 4ipnetAP A7 Disabled Open Disabled Edit 8 4ipnetAP A8 Disabled Open Disabled Edit VAP Overview Page e State The hyperlink showing Enable or Disable links to the VAP Configuration page AN Copyright O 4IPNET INC gipnet eS System MEAS Home gt Wireless gt VAP Config VAP Profile Name ESSID VLAN ID CAPWAP Tunnel Interface User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH y e E Firewall Utilities Status o e AN VAP Configuration Profile Name VAP 1 i Disable Enable VAP 1 4ipnetaP A1 Disable Enable VLAN ID 1 4
52. ng or creating a broadcast storm Click SAVE when completed and then Reboot to allow updated settings to take effect Step 3 Building the WDS Link To extend the wireless coverage each RF card supports up to 4 WDS links for connecting wirelessly to other WDS capable APs peer APs By default all WDS profiles are disabled 34 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH gt H y e System Wireless Firewall Utilities Home gt Wireless gt Repeater Config Repeater Settings Repeater Type wos M wes WDS Profile RF Card A WDS Link 1 y WDS Disable MAC Address Security type None CAPWAP Tunnel Interface EA 1 Click on the Wireless button on the main menu 2 Select the Repeater Settings tab 3 Choose WDS as the Repeater Type 4 Choose the desired WDS profile a Enable WDS b Enter the MAC Address peer AP and then Click SAVE e Status gt Y S 3 gt gt VAP Overview y General vap Config Security Repeater Pr d Access Control A If you are using another 4ipnet APs as the peer AP simply repeat the above mentioned steps to configure another peer AP s Note Cross brand model WES WDS link performance may vary with different Access Points depending on hardware compatibility 35 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717
53. nts lt contains step by step procedures and pictures to guide users with basic network system knowledge to complete the installation Corresponding Software Versions for each Model EAP701 Up to software version 1 11 EAP717 Up to software version 1 11 1 2 Document Conventions A Represents essential steps actions or messages that should not be ignored Note Contains related information that corresponds to a topic Indicates that clicking this button will save the changes you made but you must reboot the system for the changes to take effect Indicates that clicking this button will clear what you have set before the settings are applied Copyright 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 1 3 Package Content The standard package of EAP717 includes e 4ipnet EAP717 x1 e Quick Installation Guide QIG x1 e Ethernet Cable x1 e Console Cable x1 e Power Adaptor 5V Optional x1 e Mounting Kit x1 The standard package of EAP 701 includes e 4ipnet EAP701 x1 e Quick Installation Guide QIG x1 e Ethernet Cable x1 e Power Adaptor 5V Optional x1 e Flat Surface Mounting Panel x1 e Face Plate Mounting Panel x1 e Mounting Plate Unfastening Tool x1 It is recommended to keep the original packing materials for possible future shipment when repair or maintenance is required Any returned product should be packed in its or
54. on speed for all associated clients Note that this feature is only applicable when Max Transmit Rate is set to Auto Table 2 RF Configurations under normal circumstances in certain countries 11 12 13 36M 48M 54M 802 11b 802 11g 1 2 3 4 5 6 7 8 9 10 11 12 13 1M 2M 5 5M 6M 9M 11M 12M 18M 24M 36M 48M 54M 802 11a 802 11n 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 6M 9M 12M 18M 24M 36M 48M 54M MCS0 15 802 11n 802 11g 1 2 3 4 5 6 7 8 9 10 11 12 13 1M 2M 5 5M 11M 12M 18M 24M 36M 48M 54M MCS0 15 Band Channel Rate Power Disable N A N A N A 36 40 44 48 52 56 60 6M 9M 12M 18M 24M dia 64 100 104 108 112 116 120 124 128 132 36M 48M 54M 136 140 802 11b 1 2 3 4 5 6 7 8 9 10 1M 2M 5 5M 11M 11 12 13 802 119 1 2 3 4 5 6 7 8 9 10 6M 9M 12M 18M 24M Auto Lowest Low Medium High Highest Please note that available values above will vary depending on the regulation of different countries Copyright 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 2 3 VAP Configuration This section provides configuration of each Virtual Access Point with settings such as Profile Name ESSID and VLAN ID gt y e S System WARS Firewall Utilities Status VAP Overview General VAP Confi
55. orarily by checking Enable VAP Overview Genera d VAP Config d Security Repeater d Advanced JAccess Control Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients 32 Range 1 128 per system Access Control Type MAC ACL Deny List No MAC Address State 1 9 Disable Enable 2 9 Disable Enable 3 0 Disable Enable 4 Disable Enable 5 9 Disable Enable MAC ACL Deny List Click SAVE and Reboot upon completing the related configurations to take effect 32 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 6 Creating a WDS Bridge between two APs WDS link creation is convenient for extending network coverage where running wires is not an option effectively transferring the traffic to the other end of WLAN LAN through the AP Since this is a peer to peer connection both APs will be configured the same way Step 1 Make sure the Band and Channel are matched between the WDS peers In order to create a valid WDS link the two APs must be configured to use the same channel and band for their wireless settings Click the Wireless icon and then General tab to go to the following page System Wireless Firewall Utilities Status VAP Overview General VAP Config Security Repeater Advanced Access Control Home gt Wireless gt General General Settings Band 802 11g
56. remove them o MAC Address To input remote peer s MAC address o Security Type None WEP or WPA PSK o CAPWAP Tunnel Interface Select Checkbox to designate WDS traffic to pass through CAPWAP Tunnel established between the AP and the controller 56 Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 2 6 Advanced The advanced wireless settings for the Access Point s VAP Virtual Access Point profiles allow customization of data transmission settings The administrator can tune the following parameters to improve network communication performance if a poor connection occurs gt 5 8B e S System Wireless Firewall Utilities Status VAP Overview General vap Config Security Repeater Advanced Access Control Home gt Wireless gt Advanced Advanced Wireless Settings Profile Name VAP 1 Y RTS Threshold 2346 1 2346 DTIM period 1 1 15 Broadcast SSID Disable Enable Wireless Station Isolation Disable 5 Enable WMM Disable Enable Multicast to Unicast Conversion Disable Enable Advanced Wireless Settings Page e RTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the fragment to prevent the hidden node problem The RTS mechanism will be activated if the data size exceeds the value provided A lower RTS
57. ries voice video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only lt To receive the benefits of WMM QoS gt The application must support WMM WMM shall be enabled on the Access Point WMM shall be enabled in the wireless adapter on client s computer e Multicast to Unicast Conversion When Multicast to Unicast Conversion is enabled IGMP packets are transferred via the Access Point s network interface and the IP multicast host Registration information is recorded and sorted into multicast groups The internal switch can then intelligently forward traffic only to those ports that request multicast traffic Adversely without this feature multicast traffic is treated like broadcast traffic with packets forwarded to all ports causing network inefficiencies 58 Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 5 4 Access Control On this page the network administrator can restrict the total number of clients connected to the Access Point as well as specify particular MAC addresses that can or cannot access the device g gt y e e System Wireless Firewall Utilities Sta
58. right O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 802 11 Authentication Select from Open System Shared Key or Auto WEP Key Length Select a key length from 64 bit 128 bit 152 bit WEP Key Format Select from ASCII or Hex format for the WEP key WEP Key Index Select a key index from 1 through 4 The WEP key index is a number that VV V V specifies which WEP key is used for the encryption of wireless frames during data transmission gt WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys e 802 1X When 802 1X Authentication is selected RADIUS authentication and enhanced dynamic WEP are provided VAP Overview General VAP Config Security Repeater Advanced Access Control Home gt Wireless gt Security Security Settings Profile Name VAP 1i Security Type 802 1x EN Dynamic WEP lt Disable Enable WEP Key Length 64 bits 128 bits Rekeying Period 300 second s Primary RADIUS Server gt oct Domain Name IP Address Authentication Port 1812 m Secret Key Accounting Service Disable Enable Accounting Port 1813 m Accounting Interim Update Interval 60 second s Security Settings 802 1X Authentication gt Dynamic WEP Settings o Dynamic WEP For 802 1X security type Dynamic WEP is always enabled to automatically generate WEP keys for encryption o WEP
59. rise Access Point MAC Address 00 1F D4 02 32 F7 Firmware Version 1 00 00 Band 802 11g n Build Number 1 5 1 6477 Channel 6 Location TX Power Highest Site EN A Device Time 1970 01 01 08 15 39 System Up Time 0 days 0 15 39 LAN Interface 4 AP Status MAC Address 00 1F D4 02 32 F6 ee BSSID ESSID y Ve e IP Address 192 168 1 1 VAP 1 00 1F D4 02 32 F7 4ipnetAP A1 Open 0 S Subnet Mask 255 255 255 0 Gateway 192 168 1 254 capwap Status Disabled The Web Management Interface System Overview Page To logout simply click on the Logout button at the upper right hand corner of the interface to return to the Administrator Login Page Click OK to logout Message from webpage E 2 4re you sure to logoff j Cancel Logout Prompt 14 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH For security reasons it is strongly recommended to change the administrator s password upon the completion of all configuration settings Please follow the following steps to change the administrator s password Se y e System Wireless Es Status Firewall Utilities Change Password Y Backup amp Restore d System Upgrade Reboot d Upload Certificate Home gt Utilities gt Change Password Change Password Name admin Old Password New Password up to 32 characters Re enter New Password Change Password Page gt Click on the U
60. roller gateway or directly to the internet Pot is supported 10 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 2 3 Hardware Installation Please follow the steps mentioned below to install the hardware of EAP717 Step 1 Place the EAP717 at the best location which is usually at the center of your intended wireless network If admin would like to mount the AP on the wall on a socket screw the metal panel to the wall and then turn the EAP717 clockwise to fasten to the panel For installation instructions on the Ceiling Mount Kit please refer to the Quick Installation Guide and the Mounting Guide Step 2 Connect one end of the Ethernet cable to the Uplink port and the other end of the cable to a switch a router or a hub The EAP717 is now connected to your existing wired LAN network Step 3 There are two ways to supply power to EAP717 a Connect the DC power adaptor to the power jack socket b The Uplink port is capable of receiving PoE Connect an IEEE 802 3af compliant PSE device e g a PoE switch to the Uplink port of EAP717 with the Ethernet cable Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH Please follow the steps mentioned below to install the hardware of EAP701 Step 1 Place the EAP701 at the best location which is usually at the center of your intended wireless network The EAP701 supports two types o
61. s Manual and requires individual setup every time the system starts up Simply choose a time zone and set the time accordingly When it is finished click SAVE Time Zone GMT 08 00 Taipei v Time O Enable NTP manually set up Set Date Mivear Mimonth Mibay Set Time uourl Yimin sec Manually Time Setup The alternative method is NTP Upon selecting NTP under the Time field the configuration changes to allow up to two NTP servers Simply enter a local NTP server s IP Address if available or search online for an NTP server nearest to you Set the time zone and click SA VE Time Zone GMT 08 00 Taipei de Time OEnable NTP O Manually set up NTP Server 1 NTP Server 2 NTP Setup 17 Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH Step 2 Configuring the AP s Network Settings While still on this Page click on the Network Interface tab to begin configuration of the network settings General Network Interface Port Y Management Y CAPWAP Home gt System gt Network Interface Network Settings Mode Static DHCP Renew IP Address 192 168 1 1 Netmask 255 255 255 0 Default Gateway 192 168 1 254 Primary DNS Server 192 168 1 254 Alternate DNS Server Layer2 STP O Disable Enable Network Settings Page If the deploy
62. s Organizational Layout User s Manual Hem Description System Name The system name of the Access Point Firmware Version The current firmware version of the Access Point Build Number The current firmware build number of the Access Point System Location The location of the Access Point Site The site of the Access Point Device Time The system time of the Access Point System Up Time The time that the system has been in operation MAC Address The MAC address of the LAN Interface LAN Interface IP Address The IP address of the LAN Interface Subnet Mask The Subnet Mask of the LAN Interface Gateway The Gateway of the LAN Interface MAC Address The MAC address of the RF Card Band The RF band in use Radio Status Channel The channel specified Tx Power Transmit Power level of RF card Profile Name The profile name of AP BSSID Basic Service Set ID AP Status ESSID Extended Service Set ID Security Type Security type of the Virtual AP Online Clients The number of online clients Tunnel The status of the used Tunnel CAPWAP Status Enabled Disabled Copyright 4IPNET Enterprise Access Point EAP701 EAP717 ENGLISH NC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 5 2 Associated Clients The administrator can remotely oversee the status of all associate
63. the drop down menu of Access Control Type 1 Disable Access Control This means that there is no restriction for client devices to access the system 2 MAC ACL Allow List This means that only the client devices identified by their MAC addresses listed in the Allow List allowed MAC addresses are granted with access to the system The administrator can temporarily block any allowed MAC address by checking Disable until the administrator renews the listed MAC i VAP Overview General VAP Config Security Repeater Advanced Access Control Home gt Wireless gt Access Control Access Control Settings Profile Name vAP 1 Maximum Number of Clients 32 Range 1 128 per system Access Control Type MAC ACL Allow List No MAC Address State 1 9 Disable Enable 2 9 Disable Enable 3 9 Disable Enable 9 Disable Enable 5 9 Disable Enable MAC ACL Allow List 3 Copyright 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH An empty Allow List means that there are no allowed MAC addresses Make sure at least the MAC of the modifying system is included e g network administrator s computer 3 MAC ACL Deny List This means that all client devices are granted with access to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAC address to connect to the system temp
64. the listed MAC gt gt 8 ech e System Wireless Firewall Utilities Status VAP Overview d General VAP Config Security d Repeater y Advanced Access Control Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 sl Maximum Number of Clients 32 Range 1 128 per system Access Control Type MAC ACL Allow List No MAC Address State 1 9 Disable Enable 2 9 Disable Enable 3 Disable Enable MAC Allow List An empty Allow List means that there is no allowed MAC address Make sure at least the Note MAC of the management system is included e g network administrator s computer 60 Copyright O 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH MAC ACL Deny List When selecting MAC ACL Deny List all client devices are granted access gt to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAC address to connect to the system temporarily by checking Disable gt H H e e System Wireless Firewall Utilities Status gt gt VAP Config Y Security y Repeater d Advanced Access Control e IVAP Overview Baa Home gt Wireless gt Access Control Access Control Settings Profile Name vap 1 y Maximum Number of Clients 32 Range 1 128 per system Access Control Type MAC ACL Deny List No M
65. tilities icon on the main menu and select the Change Password tab gt Enter the old password and then a new password with a length of up to 32 characters and retype it in the Re enter New Password field Congratulation Now the 4ipnet Access Point is installed and configured successfully It is strongly recommended to make a backup copy of your configuration settings After the AP s network configuration is completed please remember to change the IP Address of your PC Connection Properties back to its original settings in order to ensure that your PC functions properly in its real network environments Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 3 Connect your AP to your Network The following instructions depict how to establish the wireless coverage of your network The AP will connect to the network through its LAN port and provide wireless access to your network After having prepared the AP s hardware for configuration set the TCP IP settings of administrator s computer to have a static IP Address of 192 168 1 10 and Subnet Mask of 255 255 255 0 Step 1 Configuring the AP s System Information gt Enter the AP s default IP Address 192 168 1 1 into the URL of a web browser gt Log in using Username admin and Password admin The Web Management Interface will appear as shown below Overview Associated Clients WDS Link Status Event Log Home gt
66. to support customer s own Certificate Private Key or Trusted Certificate for a means of security verification for CAPWAP or other security needs to ensure the authenticity of this AP to other network entities gt Use Default Certificate Click Use Default Certificate to use the default certificate and key 72 Copyright 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 7 5 Status This page is used to view the current condition and state of the system and it includes the following functions Overview Associated Clients WDS Link Status and Event Log 7 5 1 Overview The System Overview page provides an overview of the system status for the administrator Overview N Associated Clients d WDS Link Status d Event Log Home gt Status gt System Overview System Overview g gt System Radio Status System Name Enterprise Access Point MAC Address 00 1F D4 02 32 F7 Firmware Version 1 00 00 Band 802 11g n Build Number 1 5 1 6477 Channel 6 Location TX Power Highest Site EN A Device Time 1970 01 01 08 15 39 System Up Time 0 days 0 15 39 eo LAN Interface 4 AP Status MAC Address 00 1F D4 02 32 F6 promie BSSID ESSID E Pd ie IP Address 192 168 1 1 VAP 1 00 1F D4 02 32 F7 4ipnetAP A1 Open 0 S Subnet Mask 255 255 255 0 Gateway 192 168 1 254 CAPWAP Status Disabled System Overview Page 73 Copyright O 4IPNET INC gipnet Table 3 Status Page
67. tus VAP Overview General VAP Config Security Y Repeater Y Advanced Y Access Control Home gt Wireless gt Access Control Access Control Settings Profile Name vAp 1 y Maximum Number of Clients 32 Range 1 128 per system Access Control Type Disable Access Control Access Control Settings Page e Maximum Number of Clients The 4ipnet Access Point supports various methods of authenticating clients for wireless LAN access The default policy is unlimited access without any authentication requirement To restrict the station number of wireless connections simply change the Maximum Number of Stations to a desired number For example when the number of stations is set to 20 only 20 stations are allowed to connect to the specified VAP 59 Copyright 4IPNET INC 4ipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e Access Control Type The administrator can restrict the wireless access of client devices based on their MAC addresses gt Disable Access Control When Disable is selected there is no restriction for client devices to access the system gt MAC ACL Allow List When selecting MAC ACL Allow List only the client devices identified by their MAC addresses listed in the Allow List allowed MAC addresses are granted access to the system The administrator can temporarily block any allowed MAC address by checking Disable until the administrator re Enables
68. value for the pre shared key the format of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds 54 Copyright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH e WPA Enterprise If this option is selected the RADIUS authentication and data encryption will both be enabled VAP Overview General Y VAP Config Security Repeater Y Advanced Y Access Control Home gt Wireless gt Security Security Settings Profile Name vap 1 Security Type WPA Enterprise y Cipher Suite WPA2 e Group Key Update Period 600 second s Primary RADIUS Server Host Domain Name IP Address Authentication Port 1812 be Secret Key Accounting Service Disable Enable Accounting Port 1813 Accounting Interim Update Interval ep second s Security Settings WPA Enterprise gt WPA Settings o Cipher Suite Select an encryption method from WPA2 or WPA2 WPA o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIU
69. ware Description EEN 7 2 3 Hardware Instala aaa 11 2 4 Access Web Management Interface ii ess 13 3 Connect your AP to OUEN E 16 4 Adding Virtual Access POIs A A 22 5e Securing the AP EG 24 6 Creating a WDS Bridge between two APG c ccssccsesssessscsssesseesseseaceneaeseessecsseeeseeseassneatseeeseeses 33 7 Web Management Interface Configuration cccccccsssscsssesseessetsseesseescensocsseersectsecsssetseeseseees 36 EE 38 WB Eeer 38 7 1 2 Network IMA N Ea E a a 40 TES EE 41 714 LAA E EE 42 75 Oe VV AAA 44 To Wireless A A 45 EE EEGEN 45 A eee aa a E AE E E E E i 48 ARS VAP Configura Oisein is ea E E E E EE 50 A 51 A O EE 56 AE AIM Aa 57 e a a son eeadeacvesaseene neuen ensue 59 E A A A 62 Ns A eeeehe 62 TAS IC ia 66 A RS oR CER CR REE TR ene Ce 67 Se Elle 68 va Change Password iS 68 74 2 Bac oly Gr OSI OL Gus aan 68 TAa System ME 71 2 Copyright 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH A A acute a a a E te nara 71 7 4 5 Upload Certificate E 72 Eeer 73 A Eege 73 APRA A 75 75 3 WDS Link Status eebe 75 TE A a 76 8 Console Interface Comite Ur ci 77 3 Copyright 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 1 Before You Start 1 1 Preface This manual is intended for using by system integrators field engineers and network administrators to help them set up Access Points in their network environme
70. yright O 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH The desired VAP profile can be selected from the drop down menu of Profile Name and VAP 1 configuration will serve as an example for all other VAPs Before proceeding further please make sure that the VAP field is marked Enable afterwards enter an ESSID to represent the WLAN associated with AP s VAP 1 It is suggested that Profile Name is used to describe what this particular VAP will be used for otherwise leave it as default VLAN ID can be chosen at another time Click SAVE to save all changes up to this point and Rebootthe system to apply these revised settings Congratulations After reboot the AP can start to operate with these revised settings 21 Copyright 4IPNET INC gipnet User s Manual Enterprise Access Point EAP701 EAP717 ENGLISH 4 Adding Virtual Access Points The AP possesses the feature of multi ESSID namely it can behave as multiple virtual access points providing different levels of services from the same physical AP device Please click on the Wireless icon to review the VAP Overview page gt H H e S System Wireless Firewall Utilities Status y VAP Overview General VAP Config Security Repeater Advanced Access Control Home gt Wireless gt VAP Overview VAP Overview VAP No ESSID State Security Type MAC ACL Advanced Settings 1 4ipnetAP A1 Enabled Open Disabled Edit 2 4ipnetAP
Download Pdf Manuals
Related Search