VX-AP1NPro User Manual
Contents
1. SSID wireless 0 Broadcast SSID Disable Enable Isolation within VAP Disable Enable Security Security System WPA with Radius WPA Encryption TKIP Key Updates O Group Key Update Key Lifetime 60 minutes C Update Group Key when any membership terminates Figure 18 WPA with Radius Wireless Security Screen Data WPA with Radius Screen WPA with Radius WPA Encryption The encryption method is TKIP Wireless Stations must also use TKIP Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 28 Access Point Setup Security Settings WPA2 with Radius This version of WPA2 requires a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using the WPA2 standard Wag VAP Name VAP Name 0 SSID wireless 0 Broadcast SSID Disable Enable Isolation within VAP Disable Enable Security Security System WPA2 with Radius WPA Encryption AES Key Updates O Group Key Update Key Li2. Help Create anew scope Figure 30 DHCP Screen 3 Click Next when the New Scope Wizard Begins 4 Enter the name and description for the scope click Next 5 Define the IP address range Change the subnet mask if necessary Click Next 45 Wireless Access Point User Guide New Scope Wizard i xj IP Address Range You define the scope address range by identifying a set of consecutive IP addresses Enter the range of addresses that the scope distributes Start IP address 132 168 0 100 End IP address 132 168 0 200 subnet mask defines how many bits of an IP address to use for the network subnet IDs and how many bits to use for the host ID Y ou can specify the subnet mask by length or as an IP address Length 24 Subnet mask 255 255 255 d lt Back Cancel Figure 31 IP Address Screen 6 Add exclusions in the address fields if required If no exclusions are required leave it blank Click Next Change the Lease Duration time if preferred Click Next Select Yes I want to configure these options now and click Next Enter the router address for the current subnet The router address may be left blank if there is no router Click Next 10 For the Parent domain enter the domain you specified for the domain controller setup and enter the server s address for the IP address Click Next New Scope Wizard i xj Domain Name and DNS Servers The Domain Name System
3. Data Encryption 64 bit w Authentication Open System WEP Keys Key input Hex 0 9 and A F ASCII Key 1 Key 2 O Key 3 0 Key 4 O Passphrase Figure 14 WEP Wireless Security Screen 23 Wireless Access Point User Guide Data WEP Screen WEP Data Encryption Authentication Key Input Key Value Passphrase Select the desired option and ensure your Wireless stations have the same setting e 64 Bit Encryption Keys are 10 Hex 5 ASCII characters e 128 Bit Encryption Keys are 26 Hex 13 ASCII characters e 152 Bit Encryption Keys are 32 Hex 16 ASCII characters Normally you can leave this at Automatic so that Wireless Stations can use either method Open System or Shared Key If you wish to use a particular method select the appropriate value Open System or Shared Key All Wireless stations must then be set to use the same method Select Hex or ASCII depending on your input method All keys are converted to Hex ASCII input is only for convenience Enter the key values you wish to use The default key selected by the radio button is required The other keys are optional Other stations must have matching key values Use this to generate a key or keys instead of entering them directly Enter a word or group of printable characters in the Passphrase box and click the Generate Key button
4. i rtest z Preferred networks Automatically connect to available networks in the order listed below umd Move up misslair amp misslair Learn about setting up wireless network confiquration Figure 50 Wireless Networks Screen 2 Select the wireless network from the Available Networks list and click Configure 3 Select and enter the correct values as advised by your Network Administrator For example to use EAP TLS you would enable Data encryption and click the checkbox for the setting The key is provided for me automatically as shown below 57 Wireless Access Point User Guide Wireless Network Properties Netwo Ney format Key length ey Indes advanced Figure 51 Properties Screen Setup for Windows XP and 802 1x client is now complete 58 PC and Server Configuration Using 802 1x Mode without WPA This is very similar to using WPA Enterprise The only difference is that on your client you must NOT enable the setting The key is provided for me automatically Instead you must enter the WEP key manually ensuring it matches the WEP key used on the Access Point Wireless Network Properties Network name SSID misslair Wireless network key WEP This network requires 4 key for the following Data encryption WEP enabled Network Authentication Shared mode The key is provided for me automatically This is a computer to
5. Using PoE Power over Ethernet The Wireless Access Point supports PoE Power over Ethernet To use PoE l 2 Do not connect the supplied power adapter to the Wireless Access Point Connect one end of a standard category 5 LAN cable to the Ethernet port on the Wireless Access Point Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter 12V DC 1A Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch Connect the power supply to the PoE adapter and power up Check the LEDs on the Wireless Access Point to see it is drawing power via the Ethernet connection PoE Adapter Ethernet To Hub i Powered Unpowered Access Point P Figure 5 Using PoE Power over Ethernet Chapter 3 Access Point Setup This Chapter provides details of the Setup process for Basic Operation of your Wireless Access Point Overview This chapter describes the setup procedure to make the Wireless Access Point a valid device on your LAN and to function as an Access Point for your Wireless Stations Wireless Stations may also require configuration For details see Chapter 4 PC and Server Configuration The Wireless Access Point can be configured using either the supplied Windows utility or your Web Browser Setup using the Windows Utility A simple Windows setup utility is supplied on the CD ROM This utility can be used to assign a suitable IP address to the Wireless
6. C to 40 C Storage temperature 20 C to 70 C Power Adapter 12VDC 1A External Dimensions 175mm W 135mm D 33mm H 77 Wireless Access Point User Guide Software Specifications Feature Details Wireless Access point support Roaming supported IEEE 802 11n 11g 11b compliance Auto Sensing Open System Share Key authentication Wireless Channels Support Automatic Wireless Channel Selection Country Selection Preamble Type long or short support RTS Threshold Adjustment Fragmentation Threshold Adjustment Beacon Interval Adjustment 8x Multi BSSID assignment 802 111 pre authentication Short Slot time support IEEE 802 11d CTS only amp CTS RTS protect mechanism support WMM support WPS support Wireless isolations Operation Mode Common AP PTMP PTP Universal Repeater Universal Client Rogue AP Detection Security Open shared WPA WPA PSK and WPA2 PSK authentication 64bit 128bit WEP TKIP AES CCMP support 802 1x support EAP MDS EAP TLS EAP TTLS PEAP RADIUS based MAC authentication Block inter wireless station communication wireless separation Block SSID broadcast Management Web based configuration Configurable Web port RADIUS Accounting RADIUS On feature RADIUS Accounting update Telnet CLI Syslog internal Log Access Control list Editable Configuration file backup Restore 78 Appendix A Specifications Statistic
7. Clicking the Radius Server Settings link on the Wireless menu will result in a screen like the following Primary Authentication Server Secondary Authentication Server Primary Accounting Server Secondary Accounting Server IP Address fos o o o Port Number 1812 Shared Secret IP Address p ucc a Port Number 1812 Shared Secret IP Address orm o o o Port Number 1813 Shared Secret IP Address 0 c uc f Port Number 1813 Shared Secret Save _ Cancel J nee Figure 22 Advanced Settings Data Radius Server Settings Screen Authentication Server Primary Authentication Server Port Number Shared Secret Secondary Authentica tion Server Accounting Server Primary Accounting Server Port Number Shared Secret Secondary Accounting Server Enter the name or IP address of the Radius Server on your network Enter the port number used for connections to the Radius Serv er Enter the key value to match the Radius Server The Secondary Authentication Server will be used when the Primary Authentication Server is not available Enter the IP address in the following fields 1f you want this Access Point to send accounting data to the Radius Server The port used by your Radius Server must be entered in the field Enter the key value to match the Radius Server The Secondary Accounting Server will
8. Email Address for Alert Logs E mail Log Now Log Email Alerts Access Point Management Enter the desired length of the log queue The default is 20 entries Enter the preferred value between 60 and 600 which deter mine how often the log will be emailed to you Normally this can be left at the default value The default is 600 seconds Enter the domain name or IP address of the SMTP Simple Mail Transport Protocol server you use for sending e mails Enter the e mail address the log is to be sent to Press this button to let the log to be e mailed immediately Use these checkboxes to determine which events are included in the log Checking all options will increase the size of the log so it is good practice to disable any events which are not really required e Unauthorized Login Attempt If checked the unauthor ized users who attempted to login to the Access Point are logged e Authorized Login If checked this will log the author ized login TO this Access Point e System Error Message If checked the system error message will be logged e Configuration Changes If checked the changes of configuration will be logged 75 Wireless Access Point User Guide Firmware Upgrade The firmware software in the Wireless Access Point can be upgraded using your Web Brows er You must first download the upgrade file and then select Upgrade Firmware in the Manage ment section of the menu You will see a s
9. If you have a Syslog Server on your LAN this screen allows you to configure the Access Point to send log data to your Syslog Server Syslog Email Alerts Syslog Mode Server Name IP Address Minimum Severity Level Disabled Email Alerts Disable Log Queue Length entries 1 500 Log Time Threshold seconds 60 600 SMTP Mail Server Email Address for Alert Logs Unauthorized Login Attempt v Authorized Login System Error Messages Configuration Changes Figure 62 Syslog Settings Screen Data Syslog Settings Screen Syslog Server Select the desired Option e Disable Syslog server is not used e Broadcast Syslog data is broadcast Use this option if different PCs act as the Syslog server at different times e Unicast Select this if the same PC is always used as the Syslog server If selected you must enter the server ad dress in the field provided Server Name IP Address Enter the name or IP address of your Syslog Server Minimum Severity Level Email Alerts Email Alerts will be logged Select the desired severity level Events with a severtiy level equal to or higher i e lower number than the selected level If enabled an E mail will be sent If enabled the e mail address information below must be provided 74 Log Queue Length Log Time Threshold SMTP Mail Server
10. and so can be considered to be providing unauthor ized access to your LAN e No Security If checked then any AP operating with security disabled is considered to be a Rogue AP e Not in Legal AP List If checked then any AP not listed in the Legal AP List is considered to be a Rogue AP If checked you must maintain the Legal AP List e Define Legal AP Click this to open a sub screen where you can modify the Legal AP List This list must contain all known APs so must be kept up to date Remote MAC Address You must enter the MAC address es of other AP s in the fields 18 Access Point Setup Select Remote If the other AP is on line you can click the Select Remote AP button AP and select from a list of available APs 19 Wireless Access Point User Guide Virtual AP Settings Clicking the Virtual APs link on the Wireless menu will result in a screen like the following VAP Name SSID Security VAP Name 0 wireless 0 None VAP Name 1 wireless 1 None VAP Name 2 wireless 2 None VAP Name 3 wireless 3 None VAP Name 4 wireless 4 None VAP Name 5 wireless 5 None VAP Name 6 wireless 6 None VAP Name 7 wireless 7 None Indicates virtual AP is currently enabled TELM CO Isolate all Virtual APs from each other Figure 11 Virtual AP Settings Data Virtual AP Settings Screen VAPs VAP List All available VAPs are listed For each VAP the following data is
11. in the Other Stations list and click the lt lt button e Enter the Address MAC or physical address of the wireless station and click the Add button 35 Wireless Access Point User Guide gt gt Delete a Trusted Wireless Station from the list move to the Other Stations list e Select an entry or entries in the Trusted Stations list e Click the gt gt button Select All Select all of the Stations listed in the Other Stations list Select None De select any Stations currently selected in the Other Stations list Edit To change an existing entry in the Trusted Stations list select it and click this button 1 Select the Station in the Trusted Station list 2 Click the Edit button The address will be copied to the Address field and the Add button will change to Update 3 Edit the address MAC or physical address as required 4 Click Update to save your changes Add To add a Trusted Station which is not in the Other Wireless Sta tions list enter the required data and click this button Clear Clear the Name and Address fields 36 Access Point Set up Advanced Settings Clicking the Advanced Settings link on the Wireless menu will result in a screen like the fol lowing ER C Worldwide Mode 802 11d WMM Enable WMM Wi Fi Multimedia Support No Acknowledgement HEUGET Disassociated Timeout 0 99 o Minutes Fragmenta
12. 11g 802 11b this is the default and will allow connections by 802 11n 802 11b and 802 11g wireless sta tions Auto Channel Scan If Enable is selected the Access Point will select the best available Channel Channel If you experience interference shown by lost connections and or slow Frequency data transfers you may need to experiment with manually setting different channels to see which is the best Channel Band Select the desired bandwidth from the list width Extension Select Above or Below Primary Channel from the list Sub Channel Operation Mode Select the desired mode Access Point operate as a normal Access Point Bridge Point to Point Bridge to a single AP You must pro vide the MAC address of the other AP in the PTP Bridge AP MAC Address field Bridge Multi Point Select this only if this AP is the Master for a group of Bridge mode APs The other Bridge mode APs must be set to Point to Point Bridge mode using this AP s MAC ad dress They then send all traffic to this Master Wireless Client Repeater Act as a client or repeater for another Access Point If selected you must provide Remote SSID and the address MAC address of the other AP in the Remote AP MAC Address field In this mode all traffic is sent to the specified AP Wireless Detection This mode will turn the access point into a wireless Monitor A Rouge AP is an Access Point which should not be in use
13. 4 Select the appropriate radio button Obtain an IP address from a DHCP Server or Specify an IP Address as explained below Obtain an IP address from a DHCP Server This is the default Windows setting This is the default Windows settings To work correctly you need a DHCP server on your LAN Using Specify an IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 85 Wireless Access Point User Guide Checking TCP IP Settings Windows 2000 1 Select Control Panel Network and Dial up Connection 2 Right click the Local Area Connection icon and select Properties You should see a screen like the following Local Area Connection Properties ivi E Client for Microsoft Networks ivi a File and Printer Sharing for Microsoft Networks Figure 69 Network Configuration Win 2000 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol TCP IP Properties Figure 70 TCP IP Properties Win 2000 86 Appendix C Windows TCP IP 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This 1s the default Windows setting This 1s the default Windows settings To
14. Access Point Modify List To change the list of Trusted Stations Add Edit or Delete a Wireless Station or Stations click this button You will then see the Trusted Wireless Stations screen described below 34 Access Point Setup Read from File To upload a list of Trusted Stations from a file on your PC click this button Write to File To download the current list of Trusted Stations from the Access Point to a file on your PC click this button Trusted Wireless Stations To change the list of trusted wireless stations use the Modify List button on the Access Control screen You will see a screen like the sample below Trusted Wireless Stations Other Wireless Stations ee Name Address Physical MAC address Figure 24 Trusted Wireless Stations Data Trusted Wireless Stations Trusted Wireless This lists any Wireless Stations which you have designated as Stations Trusted Other Wireless This list any Wireless Stations detected by the Access Point which Stations you have not designated as Trusted Name The name assigned to the Trusted Wireless Station Use this when adding or editing a Trusted Station Address The MAC physical address of the Trusted Wireless Station Use this when adding or editing a Trusted Station Buttons lt lt Add a Trusted Wireless Station to the list move from the Other Stations list e Select an entry or entries
15. DNS maps and translates domain names used by clients on your network You can specify the parent domain you want the client computers on your network to use for DNS name resolution Parent domain Wireless yourdomain tld To configure scope clients to use DNS servers on your network enter the IP addresses for those servers Server name IP address En 792 168 0 250 Up Down Ec Figure 32 DNS Screen 11 If you don t want a WINS server just click Next 12 Select Yes I want to activate this scope now Click Next then Finish 13 Right click on the server and select Authorize It may take a few minutes to complete 46 PC and Server Configuration Certificate Authority Setup 1 Select Start Programs Administrative Tools Certification Authority 2 Right click Policy Settings and select New Certificate to Issue Es Certification Authority Action View ll e am ABe Tree Certification Authority Local Gers Recovery Agent File Recovery B amp a WirelessCA asic EFS Encrypting File System Z3 Revoked Certificates Gelpomain Controller Client Authentication Server Authentic CO Issued Certificates Ga web Server Server Authentication CJ Pending Requests ixl Computer Client Authentication Server Authentic CO Failed Requests Ge User Encrypting File System Secure Email me in a i eae A Certificate to Issue nahoty Code Signing
16. LAN support the VLAN VLAN standard Native VLAN Enter the desired value for the Native VLAN Default value is 1 AP Management Define the VLAN ID used for management VLAN VLAN List Define the unique ID value 1 4094 for each VAP Network Integrality Check Enable Network Integrality Check If enabled the AP will disable the wireless connection if the wired connect of AP is invalid Enable Bonjour Enable Bonjour If checked the Bonjour will enable applications to discover the devices and the services on IP networks Now this AP only publish http and https service LLTD Enable Link Enable this if you want to use Link Layer Topology Discovery protocol Layer Topology LLTD feature Discovery STP Enable Spanning Enable this if you want to use this feature tree Protocol 802 1x Supplicant Enable 802 1x Supplicant Enable this if your network requires this AP to use 802 X authentication in order to operate Authentication e Authentication via MAC Address Select this if you want to Use MAC Address for Authentication e Authentication via Name and Password Select this if you want to Use name and password for Authentication 16 Access Point Setup Wireless Screens There are 6 configuration screens available e Basic e Virtual APs e Radius Server Settings e Access Control e Advanced Settings e WIFI Protected Setup Basic Screen The settings on this screen must match the sett
17. Microsoft Trust List Signi View Refresh Export List Help Creates a new object in this container Figure 33 Certificate Authority Screen 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctrl key Click OK Select Certificate Template E 2 xl Select a certificate template to issue certificates User Signature Only Secure Email Clier Smartcard User Secure Email Clier enticated Session Client Authenticatic itcard Logon Client Authenticatic Code Signing Code Signing enticat Trust List Signing Microsoft Trust List Fnrnllment Anent Certificate Renuest Ld Figure 34 Template Screen 4 Select Start Programs Administrative Tools Active Directory Users and Computers 5 Right click on your active directory domain and select Properties 47 Wireless Access Point User Guide Active Directory Users and Computers Figure 35 Active Directory Screen 6 Select the Group Policy tab choose Default Domain Policy then click Edit Up Dawn Figure 36 Group Policy Tab 7 Select Computer Configuration Windows Settings Security Settings Public Key Poli cies right click Automatic Certificate Request Settings New Automatic Certificate Request 48 PC and Server Configuration gf Group Policy aton view amp tm 3 2 Tree Default Domain Policy swpa dell2k swpa se
18. Wireless Access Point User Guide e _ Each user must have a user login on the Radius Server e _ Each user s wireless client must support 802 1x and provide the login data when required All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required 802 1x This uses the 802 1x standard for client authentication and WEP for data encryption If possi ble you should use WPA Enterprise instead because WPA encryption is much stronger than WEP encryption If this option is used e The Access Point must have a client login on the Radius Server e _ Each user must have a user login on the Radius Server e _ Each user s wireless client must support 802 1x and provide the login data when required e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 94 Appendix E Command Line Interface Overview If desired the Command Line Interface CLI can be used for configuration This creates the possibility of creating scripts to perform common configuration changes The CLI requires a Telnet connection to the Wireless Access Point Using the CLI Telnet 1 Start your Telnet client and establish a connection to the Access Point e g Telnet 192 168 0 228 2 You will be prompted for the user name and password Enter the same login name and password as used for the HTTP Web inter
19. and the IP Address of the 11N Wireless Access Point as in this example which uses the Wireless Access Point s default IP Address HTTP 192 168 0 228 5 You should then see a login prompt which will ask for a User Name and Password Enter admin for the User Name and password for the Password These are the default values The password can and should be changed Always enter the current user name and password as set on the Admin Login screen Connect to 192 168 0 228 A Warning This server is requesting that your username and password be sent in an insecure manner basic authentication without a secure connection User name I Password C Remember my password eee Figure 7 Password Dialog 6 You will then see the Status screen which displays the current settings and status No data input is possible on this screen See Chapter 5 for details of the Status screen Wireless Access Point User Guide 7 From the menu check the following screens and configure as necessary for your environ ment Details of these screens and settings are described in the following sections of this chapter e System Basic and Advanced settings e Wireless Basic Advanced Access Control Radius Server Virtual APs amp WIFI Pro tected Setup 8 You may also wish to set the admin password and administration connection options These are on the Admin Login screen accessed from the Management menu See Chapter 6 for details
20. can be used the one with the strongest signal is used This can only happen within an ESS e Ifusing Ad hoc mode no Access Point all Wireless stations should be set to use the same Channel However most Wireless stations will still scan all Channels to see if there is an existing Ad hoc group they can join WEP WEP Wired Equivalent Privacy 1s a standard for encrypting data before it is transmitted This is desirable because it is impossible to prevent snoopers from receiving any data which is transmitted by your Wireless Stations But if the data is encrypted then it is meaningless unless the receiver can decrypt it If WEP is used the Wireless Stations and the Wireless Access Point must have the same settings WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and changes frequently WPA2 PSK This is a further development of WPA PSK and offers even greater security using the AES Advanced Encryption Standard method of encryption WPA Enterprise This version of WPA requires a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using the WPA standard If this option is used e The Access Point must have a client login on the Radius Server 93
21. configuration request by other AP Provide admin login name and password Provide Respond to Auto Configuration setting Auto Update Check for Firmware Upgrade FTP Server address FTP File pathname FTP Login Name FTP Password If checked this AP will perform Auto Configuration If checked this AP will respond to other AP s Auto Configura tion requests Otherwise Auto Configuration requests from other AP will be ignored If enabled the login name and password need to be provided If enabled the Respond to Auto configuration setting needs to be provided If enabled the device will check the firmware upgrade in the time interval Enter the desired day value in the following field Enter the address for the FTP server Enter the full path of the firmware in the FTP server Enter the login name for the FTP server Enter the login password for the FTP server 69 Wireless Access Point User Guide Config File This screen allows you to Backup download the configuration file and to restore upload a previously saved configuration file You can also set the Wireless Access Point back to its factory default settings To reach this screen select Config File in the Management section of the menu Back up a copy of the current settings to a file Restore saved settings from a file Revert to factory default settings Set to Defaults Figure 60 Config File Screen Data Co
22. for the Wireless Access Point entered by the administrator Note Ifthe desired Wireless Access Point is not listed check that the device is installed and ON then update the list by clicking the Refresh button Buttons Refresh Click this button to update the Wireless Access Point device listing after changing the name or IP Address Detail Info When clicked additional information about the selected Access Point will be displayed Web Management Use this button to connect to the Wireless Access Point s Web based management interface Set IP Address Click this button if you want to change the IP Address of the Wire less Access Point Exit Exit the Management utility program by clicking this button Wireless Access Point User Guide Setup Procedure Ls 2 3 Select the desired Wireless Access Point Click the Set IP Address button If prompted enter the user name and password The default values are admin for the User Name and password for the Password Ensure the P address Network Mask and Gateway are correct for your LAN Save any changes Click the Web Management button to connect to the selected Wireless Access Point using your Web Browser If prompted enter the User Name and Password again Check the following screens and configure as necessary for your environment Use the on line help if necessary The later sections in this Chapter also provides more details about each
23. of these screens You may also wish to set the admin password and administration connection options These are on the Admin Login screen accessed from the Management menu See Chapter 6 for details of the screens and features available on the Management menu Use the Apply and Reboot buttons on the menu to apply your changes and restart the Wireless Access Point Setup is now complete Wireless stations must now be set to match the Wireless Access Point See Chapter 4 for details 10 Access Point Setup Setup using a Web Browser Your Browser must support JavaScript The configuration program has been tested on the following browsers e Netscape V4 08 or later e Internet Explorer V4 or later Setup Procedure Before commencing install the Wireless Access Point in your LAN as described previously 1 Check the Wireless Access Point to determine its Default Name This is shown on a label on the base or rear and is in the following format SCxxxxxx Where xxxxxx is a set of 6 Hex characters 0 9 and A F 2 UseaPC that is already connected to your LAN either by a wired connection or another Access Point e Until the Wireless Access Point is configured establishing a Wireless connection to it may be not possible e If your LAN contains a Router or Routers ensure the PC used for configuration is on the same LAN segment as the Wireless Access Point 3 Start your Web browser 4 Inthe Address box enter HTTP
24. shown as 40bit 104bit and 128bit instead of 64 bit 128 bit and 152bit This difference arises be cause the key input by the user is 24 bits less than the key size used for encryption PC and Server Configuration Using WPA PSK WPA2 PSK For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive Wireless On each client Wireless security must be set to WPA PSK Security e The Pre shared Key entered on the Access Point must also be entered on each Wireless client e The Encryption method e g TKIP AES must be set to match the Access Point 41 Wireless Access Point User Guide Using WPA Enterprise This is the most secure and most complex system WPA Enterprise mode provides greater security and centralized management but it is more complex to configure Wireless Station Configuration For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive 802 1x Each client must obtain a Certificate which i
25. standard Data transmissions are encrypted using the WPA standard If this option is selected e This Access Point must have a client login on the Radius Server e Fach user must have a user login on the Radius Server e Fach user s wireless client must support 802 1x and provide the login data when re quired e All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required e WPA2 with Radius This version of WPA2 requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA2 standard If this option is selected e This Access Point must have a client login on the Radius Server e Fach user must authenticate on the Radius Server This is usually done using digital certificates e Each user s wireless client must support 802 1x and provide the Radius authentication data when required e All data transmission is encrypted using the WPA2 standard Keys are automatically generated so no key input 1s required e WPA and WPA2 with Radius EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using EITHER WPA or WPA2 standard If this option 1s selected e This Access Point must have a client login on the Radius Server e Fach user must authenticate on the Radius Server
26. trusted Wireless Stations can use the Wireless Access Point to gain access to your LAN Password protected Configuration Optional password protection is provided to prevent unauthorized users from modifying the configuration data and settings Advanced Features Command Line Interface If desired the command line interface CLI can be used for configuration This provides the possibility of creating scripts to perform common configu ration changes Auto Configuration The Wireless Access Point can perform self configuration by copying the configuration data from another Access Point This feature is enabled by de fault Auto Update The Wireless Access Point can automatically update its firmware by downloading and installing new firmware from your FTP server Introduction e Radius Accounting Support If you have a Radius Server you can use it to provide accounting data on Wireless clients e Syslog Support If you have a Syslog Server the Wireless Access Point can send its log data to your Syslog Server e SNMP Support SNMP Simple Network Management Protocol is supported allowing you to use a SNMP program to manage the Wireless Access Point Package Contents The following items should be included e Wireless Access Point e Power Adapter e 3Pcs Antenna If any of the above items are damaged or missing please contact your dealer immediately Wireless Access Point User Guide Physical Details Front Panel LE
27. work correctly you need a DHCP server on your LAN Using a fixed IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 87 Wireless Access Point User Guide Checking TCP IP Settings Windows XP 1 Select Control Panel Network Connection 2 Right click the Local Area Connection and choose Properties You should see a screen like the following 4 Local Area Connection Properties General Authentication Advanced Connect using Hg Siemens SpeedStream PCI 10 100 This connection uses the following items sl Client for Microsoft Networks File and Printer Sharing for Microsoft Networks vl Jill QoS Packet Scheduler Internet Protocol TCP IP Urinstl Description Transmission Control Protocol Intemet Protocol The default wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected Figure 71 Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings
28. 11 Review the policy change information and click Finish 12 Click Start Run type cmd and press enter Enter secedit refreshpolicy machine policy This command may take a few minutes to take effect 49 Wireless Access Point User Guide Internet Authentication Service Radius Setup l 2 gt 9o rE CON A 9 Select Start Programs Administrative Tools Internet Authentication Service Right click on Clients and select New Client Internet Authentication Service Action View e gt f m me Tree Internet Authentication Service Local GENS C Remot ay Remot Figure 39 Service Screen Enter a name for the access point click Next Enter the address or name of the Wireless Access Point and set the shared secret as entered on the Security Settings of the Wireless Access Point Click Finish Right click on Remote Access Policies select New Remote Access Policy Assuming you are using EAP TLS name the policy eap t1s and click Next Click Add If you don t want to set any restrictions and a condition is required select Day And Time Restrictions and click Add Select the type of attribute to add and then click the Add button Attribute types Called Station Id Phone number dialed by user Calling Station ld Phone number fram which call originated Client Friendly Name Friendly name for the RADIUS client IAS Client IP Address IP address of RADIUS client IAS only C
29. 11n Wireless Access Point User s Guide TABLE OF CONTENTS CHAPTER 1 INTRODUCTION csssssssssssssesseccsscesescssssseecessssnessesesessssssesssessnsssessessesesees 1 Features of your Wireless Access Point nsv env one oonconc eee eere eene ene ons onsenoncensen onvennen see 1 Package Contents vens senso ons oon venooonc onse voncenserenveneveonvenveenseonveonvenseensensversoersennseensennseenee 3 Physical Details sesvensvonvoono ens oono conc ennevenvenevconveneeennvenveonsenneenseensenseenseenseensennseenvennse 4 CHAPTER 2 INSTALLATION denuezensensineseeveos otras cepe vh ets eooo ete doede nease si ee Eees 6 Requirements vens soonvensvonvoonsenseesoeonsenserennensenenvennen 6 Procedure DEDI x C 6 CHAPTER 3 ACCESS POINT SETUP eese esses vene oons onse vonvenneoenveneveonvenveesseoneere 8 OVERVIEW mM M 8 Setup using the Windows Utility aas seeonvecenr eee e esee ee e eene eene Sooo sotoa ponies eo Voose 8 Setup using a Web Browser eveenveveonseenssenenseeene venne sense totos toas aetas sens setas sense stans 11 System Basic Settings Screen seenvennvonsoonsvonvens vens enso venvensevenvenevoonvenevennvenveonseeneere 13 System Advanced Settings Screen eese e oons onse vonvensevenvenneeonvenceenvenveenseoneene 15 Wireless SCFEGGDS i cvcesissscscecessssovcsesecsssoucstessodeatetiessdctesedsuaseosesess
30. 5 Wireless Access Point User Guide Security Settings WPA2 PSK This is a further development of WPA PSK and offers even greater security using the AES Advanced Encryption Standard method of encryption Wg VAP Name VAP Name 0 SSID wireless O Broadcast SSID Disable Enable Isolation within VAP Disable Enable Satu Security System WPA2 PSK Network Key WPA Encryption AES Key Updates O Group Key Update Key Lifetime 60 minutes C Update Group Key when any membership terminates Figure 16 WPA2 PSK Wireless Security Screen Data WPA2 PSK Screen WPA2 PSK Network Key WPA Encryption Group Key Update Key Lifetime Update Group key when any membership terminates Enter the key value Data is encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key The encryption method is AES Wireless Stations must also use This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly This field determines how often the Group key is dynamically updated Enter the desired value If enabled the Group key will be updated whenever any member leaves the group or disassociates from the Access Point 26 Access Point Setup Security Settings WPA PSK and WPA2 PSK This method sometimes called Mixed Mode allows clients to use EITHER WPA
31. Access Point Using this utility is recommended because it can locate the Wireless Access Point even if it has an invalid IP address Installation 1 Insert the supplied CD ROM in your drive 2 Ifthe utility does not start automatically run the SETUP program in the root folder 3 Follow the prompts to complete the installation Main Screen e Start the program by using the icon created by the setup program e When run the program searches the network for all active Wireless Access Points then lists them on screen as shown by the example below oo Access Point Setup FE Access Point Management Wireless Access Point Management Utility Version 2 0 Wireless Access Points Name lt IP Address IEEE Standard Fw Version Description E2 Reset to Default Exit Figure 6 Management utility Screen Wireless Access Points The main panel displays a list of all Wireless Access Points found on the network For each Access Point the following data is shown Name The Name is shown on a sticker on the base of the device IP address The IP address for the Wireless Access Point MAC Address The hardware or physical address of the Wireless Access Point IEEE Standard The wireless standard or standards used by the Wireless Access Point e g 802 11b 802 11g FW Version The current Firmware version installed in the Wireless Access Point Description Any extra information
32. Because each Virtual AP has it own SSID and beacon and up to 4 Virtual APs can be active simultaneously multiple SSIDs are supported Different clients can connect to the Wireless Access Point using different SSIDs with different security set tings Virtual APs Isolation If desired PCs and devices connecting to different Virtual APs can be isolated from each other VLAN Support The 802 1Q VLAN standard is supported allowing traffic from differ ent sources to be segmented Combined with the multiple SSID feature this provides a powerful tool to control access to your LAN WEP support Support for WEP Wired Equivalent Privacy is included Both 64 Bit 128 Bit and 152 Bit keys are supported WPA support Support for WPA is included WPA is more secure than WEP and should be used if possible Both TKIP and AES encryption methods are supported 802 1x Support Support for 802 1x mode is included providing for the industrial strength wireless security of 802 1x authentication and authorization Radius Client Support The Wireless Access Point can login to your existing Radius Server as a Radius client Radius MAC Authentication You can centralize the checking of Wireless Station MAC addresses by using a Radius Server Rogue AP Detection The Wireless Access Point can detect unauthorized Rouge Access Points on your LAN Access Control The Access Control feature can check the MAC address of Wireless clients to ensure that only
33. Connect the supplied power adapter 12V 1A here DB9 female RS232 port Chapter 2 Installation This Chapter covers the physical installation of the Wireless Access Point Requirements e TCP IP network e Ethernet cable with RJ 45 connectors e Installed Wireless network adapter for each PC that will be wirelessly connected to the network Procedure 1 Select a suitable location for the installation of your Wireless Access Point To maximize reliability and performance follow these guidelines e Use an elevated location such as wall mounted or on the top of a cubicle e Place the Wireless Access Point near the center of your wireless coverage area e _ If possible ensure there are no thick walls or metal shielding between the Wireless Access Point and Wireless stations Under ideal conditions the Wireless Access Point has a range of around 150 meters 450 feet The range is reduced and transmission speed is lower if there are any obstructions between Wireless devices Figure 4 Installation Diagram Installation Use a standard LAN cable to connect the LAN port on the Wireless Access Point to a 10 100 1000BaseT hub switch on your LAN Connect the supplied power adapter to the Wireless Access Point and a convenient power outlet and power up Check the LEDs e The Status LED should flash then turn OFF e The Power Ethernet and WLAN LEDs should be ON For more information refer to Front Panel LEDs in Chapter 1
34. Ds O O O O Status Power WLAN ETHERNET Power WLAN Status Ethernet Figure 2 Front Panel On Normal operation Off No power On Idle Off Wireless connection is not available Flashing Data is being transmitted or received via the Wireless access point Data includes network traffic as well as user data On Error condition Off Normal operation Blinking During start up and when the Firmware is being upgraded On The LAN Ethernet port is active Off No active connection on the LAN Ethernet port Flashing Data is being transmitted or received via the corresponding LAN Ethernet port Rear Panel Introduction ege i RESET Reset Button ETHERNET Power port CONSOLE CONSOLE ETHERNET POWER Figure 3 Rear Panel This button has two 2 functions e Reboot When pressed and released the Wireless Access Point will reboot restart e Reset to Factory Defaults This button can also be used to clear ALL data and restore ALL settings to the factory default values To Clear All Data and restore the factory default values 1 Hold the Reset Button until the Status Red LED blinks TWICE usually more than 5 seconds 2 Release the Reset Button The factory default configuration has now been restored and the Access Point is ready for use Use a standard LAN cable RJ45 connectors to connect this port to a 10 100 1000BaseT hub switch on your LAN
35. EP Key WEP Key Index 1 hex Figure 21 802 1x Wireless Security Screen Data 802 1x Screen 802 1x WEP Key Size Select the desired option e 64 Bit Keys are 10 Hex 5 ASCII characters e 128 Bit Keys are 26 Hex 13 ASCII characters e 152 Bit Keys are 32 Hex 16 ASCII characters 31 Wireless Access Point User Guide Dynamic WEP Key Key Exchange Static WEP Key EAP MD5 WEP Key WEP Key Index Click this if you want the WEP keys to be automatically gener ated e Thekey exchange will be negotiated The most widely supported protocol is EAP TLS e The following Key Exchange setting determines how often the keys are changed e Both Dynamic and Static keys can be used simultaneously allowing clients using either method to use the Access Point This setting if only available if using Dynamic WEP Keys If you want the Dynamic WEP keys to be updated regularly enable this and enter the desired lifetime in minutes Enable this 1f some wireless clients use a fixed static WEP key using EAP MDS Note that both Dynamic and Static keys can be used simultane ously allowing clients using either method to use the Access Point Enter the WEP key according to the WEP Key Size setting above Wireless stations must use the same key Select the desired index value Wireless stations must use the same key index 32 Access Point Setup Radius Server Settings
36. Log Stations Help Figure 53 Status Screen 60 Data Status Screen Access Point Access Point Name Operation and Status The current name will be displayed MAC Address The MAC physical address of the Wireless Access Point Country Domain The region or domain as selected on the System screen Hardware Version The version of the hardware currently used Firmware Version The version of the firmware currently installed TCP IP IP Address The IP Address of the Wireless Access Point Subnet Mask The Network Mask Subnet Mask for the IP Address above Gateway Enter the Gateway for the LAN segment to which the Wireless Access Point is attached the same value as the PCs on that LAN segment DHCP Client This indicates whether the current IP address was obtained from a DHCP Server on your network It will display Enabled or Disabled DHCP Server Enabled or Disabled is displayed for the DHCP server status Ethernet Status The current Ethernet status is displayed Wireless Channel Frequency The Channel currently in use is displayed Wireless Mode The current mode e g 802 11 is displayed AP Mode The current Access Point mode is displayed Buttons Virtual AP Status Click this to open a sub window displaying Virtual AP Status about the information of Name SSID Broadcast SSID Security Status and Clients Statistics Click this to open a
37. OS DNS Configuration Gateway WINS Configuration IP Address An IP address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type itin the space below C Specify an IP address a ne es Eas ws OT TT Figure 66 IP Address Win 95 Ensure your TCP IP settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows settings To work correctly you need a DHCP server on your LAN Using Specify an IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 83 Wireless Access Point User Guide Checking TCP IP Settings Windows NT4 0 1 Select Control Panel Network and on the Protocols tab select the TCP IP protocol as shown below YT NetBEUI Protocol BT NwLink IPX SPX Compatible Transport Y NwLink NetBIOS TCPAP Protocol Figure 67 Windows NT4 0 TCP IP 2 Click the Properties button to see a screen like the one below Microsoft TCP IP Properties PCI Fast Ethernet Adapter ha Figure 68 Windows NT4 0 IP Address 84 Appendix C Windows TCP IP 3 Select the network card for your LAN
38. P Enable this to allow admin connections via HTTP If enabled you must provide a port number in the field below Either HTTP or HTTPS must be enabled HTTP Port Number Enter the port number to be used for HTTP connections to this device The default value is 80 Enable HTTPS Enable this to allow admin connections via HTTPS secure HTTP If enabled you must provide a port number in the field below Either HTTP or HTTPS must be enabled HTTPS Port Number Enter the port number to be used for HTTPS connections to this device The default value is 443 Enable Management via Telnet If desired you can enable this option If enabled you will able to connect to this AP using a Telnet client You will have to provide the same login data user name password as for a HTTP Web connection 68 Access Point Management Auto Config Update To reach this screen select Auto Config Update in the Management section of the menu Auto Config Perform Auto Configuration on this AP O Respond to Auto configuration request by other AP Provide admin login name and password Provide Respond to Auto configuration setting aid O Check for Firmware upgrade every days Update FTP Server address FTP File pathname FTP Login Name FTP Password Figure 59 Auto Config Auto Update Screen Data Auto Config Auto Update Screen Auto Config Perform Auto Con figuration on this AP Respond to Auto
39. PSK with TKIP OR WPA2 PSK with AES LAM VAP Name VAP Name 0 SSID wireless 0 Broadcast SSID Disable Enable Isolation within VAP Disable Enable Security System WPA PSK and WPA2 PSK v Network Key WPA Encryption TKIP AES v Key Updates O Group Key Update Key Lifetime 60 minutes O Update Group Key when any membership terminates Figure 17 WPA PSK and WPA2 PSK Wireless Security Screen Data WPA PSK and WPA2 PSK Screen WPA PSK and WPA2 PSK Network Key Enter the key value Data is encrypted using this key Other Wireless Stations must use the same key WPA Encryption The encryption method is TKIP for WPA PSK and AES for WPA2 PSK Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 27 Wireless Access Point User Guide Security Settings WPA with Radius This version of WPA requires a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using the WPA standard Wu VAP Name VAP Name 0
40. This is usually done using digital certificates e Each user s wireless client must support 802 1x and provide the Radius authentication data when required e All data transmission is encrypted using EITHER WPA or WPA2 standard Keys are automatically generated so no key input is required e 802 Ix This uses the 802 1x standard for client authentication and WEP for data encryp tion If this option is selected e This Access Point must have a client login on the Radius Server e Each user must have a user login on the Radius Server e Fach user s wireless client must support 802 1x and provide the login data when re quired e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 22 Access Point Setup Security Settings None Mai VAP Name SSID wireless 0 Broadcast SSID Disable Enable Isolation within VAP Disable Enable Security Security System None Figure 13 Wireless Security None No security is used Anyone using the correct SSID can connect to your network Security Settings WEP This is the 802 1 1b standard Data is encrypted before transmission but the encryption system is not very strong VAP Name VAP Name 0 SSID wireless 0 Broadcast SSID Disable Enable Isolation within VAP Disable Enable STs Security System WEP
41. adius WPA Encryption The encryption method is TKIP for WPA and AES for WPA2 Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 30 Security Settings 802 1x Access Point Setup This uses the 802 1x standard for client authentication and WEP for data encryption If this option is selected e This Access Point must have a client login on the Radius Server e Each user must have a user login on the Radius Server Normally a Certificate is used to authenticate each user See Chapter4 for details of user configuration e Each user s wireless client must support 802 1x e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated Wig VAP Name VAP Name 0 SSID wireless 0 Broadcast SSID Disable Enable Isolation within VAP Disable Enable idd Security System 802 1x WEP Key Size 64 bit v Dynamic WEP key EAP TLS PEAP etc O Key Exchange with lifetime of 6 O Static WEP Key EAP MD5 minutes W
42. anagement packets transmitted to or received from Wireless Stations Control Number of Control packets transmitted to or received from Wireless Stations 63 Wireless Access Point User Guide Virtual AP Status This screen is displayed when the Virtual AP Status button on the Status screen is clicked Name VAP Name 1 VAP Name 2 VAP Name 3 VAP Name 4 VAP Name 5 VAP Name 6 VAP Name 7 BSSID ssp Proaccast security Status Clients VAP Name 0 00 C0 02 12 35 88 wireless 0 Enable None Enable 0 N A wireless 1 Enable None Disable 0 NIA wireless 2 Enable None Disable 0 N A wireless 3 Enable None Disable 0 N A wireless 4 Enable None Disable 0 N A wireless 5 Enable None Disable 0 N A wireless 6 Enable None Disable 0 NIA wireless 7 Enable None Disable 0 Figure 55 Virtual AP Status Screen For each VAP the following data is displayed Name The name you gave to this VAP if you didn t change the name the default name is used BSSIS The MAC address of the VAP SSID The SSID assigned to this VAP Broadcast SSID Indicates whether or not the SSID is broadcast Security The security method used by this VAP Status Indicates whether or not this VAP is enabled or currently used Clients The number of wireless stations currently using accessing this Access Point using this VAP If the VAP is disabled this will always be zero 64 Activity Log Operation and Status This screen is d
43. assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Figure 72 TCP IP Properties Windows XP 88 Appendix C Windows TCP IP 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This 1s the default Windows setting To work correctly you need a DHCP server on your LAN Using a fixed IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 89 Wireless Access Point User Guide Checking TCP IP Settings Windows Vista 1 Select Control Panel Network Connections 2 Right click the Local Area Connection Status and choose Properties Click Continue to the User Account Control dialog box then you should see a screen like the following la U Local Area Connection Properties Networking Connect using amp Intel R PRO 100 VE Network Connection This connection uses the following items 0M Client for Microsoft Networks Soas Packet Scheduler rie and Printer Sharing for Micro
44. ast If enabled the SSID will then be broadcast to all Wireless Stations Stations which have no SSID or a null value can then adopt the correct SSID for connections to this Access Point Isolation within If enabled then each Wireless station using the Access Point is VAP invisible to other Wireless stations In most business stations this setting should be Disabled Security Settings Select the desired option and then enter the settings for the selected method The available options are e None No security is used Anyone using the correct SSID can connect to your network e WEP The 802 11b standard Data is encrypted before transmission but the encryption system is not very strong e WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and changes fre quently 21 Wireless Access Point User Guide e WPA2 PSK This is a further development of WPA PSK and offers even greater security using the AES Advanced Encryption Standard method of encryption e WPA PSK and WPA2 PSK This method sometimes called Mixed Mode allows clients to use EITHER WPA PSK with TKIP OR WPA2 PSK with AES e WPA with Radius This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802 1x
45. ation Association Disassociation Reassociation 0 0 0 0 0 Received Transmitted Data 0 0 Management 0 0 Control 0 0 VAP7 Authentication Deauthentication Association Disassociation Reassociation 0 0 0 0 0 Received Transmitted Data 0 0 Management 0 0 Control 0 0 Figure 54 Statistics Screen Operation and Status Data Statistics Screen System Up Time Up Time This indicates how long the system has been running since the last restart or reboot VAP Authentication The number of Authentication packets received Authentication is the process of identification between the AP and the client Deauthentication The number of Deauthentication packets received Deauthentica tion is the process of ending an existing authentication relationship Association The number of Association packets received Association creates a connection between the AP and the client Usually clients associ ate with only one 1 AP at any time Disassociation The number of Disassociation packets received Disassociation breaks the existing connection between the AP and the client Reassociation The number of Reassociation packets received Reassociation is the service that enables an established association between AP and client to be transferred from one AP to another or the same AP Wireless Data Number of valid Data packets transmitted to or received from Wireless Stations at driver level Management Number of M
46. be used when the Pri mary Accounting Server is not available 33 Wireless Access Point User Guide Access Control This feature can be used to block access to your LAN by unknown or untrusted wireless sta tions Click Access Control on the Wireless menu to view a screen like the following Access Control Disabled Local RADIUS Allow only following MAC addresses Deny following MAC addresses Local Wireless Stations Database Name MacAddress _ Connected ed Figure 23 Access Control Screen Data Access Control Screen Access Control Local Trusted Stations Buttons Select the desired option as required e Disabled The Access Control feature is disabled e Local Select Allow only following MAC addresses or Deny following MAC addresses e Radius The Access Point will use the MAC address table located on the external Radius server on the LAN for Access Control Warning Ensure your own PC is in the Trusted Wireless Stations list before enabling this feature This table lists any Wireless Stations you have designated as Trusted If you have not added any stations this table will be empty For each Wireless station the following data is displayed e Name the name of the Wireless station e MAC Address the MAC or physical address of each Wireless station e Connected this indicates whether or not the Wireless station is currently associates with this
47. computer ad hoc network wireless access points are not used Figure 52 Properties Screen Note On some systems the 64 bit WEP key is shown as 40 bit and the 128 bit WEP key is shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 59 Chapter 5 Operation and Status This Chapter details the operation of the Wireless Access Point and the status screens Operation Once both the Wireless Access Point and the PCs are configured operation is automatic However you may need to perform the following operations on a regular basis e If using the Access Control feature update the Trusted PC database as required See Access Control in Chapter 3 for details e If using 802 1x mode update the User Login data on the Windows 2000 Server and configure the client PCs as required Use the Status link on the main menu to view this screen pte Baten Access Point Name MAC Address Country Domain Hardware Version Firmware Version C123588 00 C0 02 12 35 88 United States Rev 00 Version 1 0 Release 02 Leti IP Address 192 168 77 17 Subnet Mask 255 255 255 0 Gateway 192 168 77 1 DHCP Client Enabled DHCP Server Disabled iiu nid Ethernet Status Connected Wireless Wireless Mode AP Mode Channel Frequency 6 Mixed 802 11n 802 11b and 802 119 2 4G Access Point Virtual AP Status Statistics
48. creen like the following Locate and select the upgrade file Browse Figure 63 Firmware Upgrade Screen To perform the Firmware Upgrade 1 Click the Browse button and navigate to the location of the upgrade file 2 Select the upgrade file Its name will appear in the Upgrade File field 3 Click the Upgrade button to commence the firmware upgrade The Wireless Access Point is unavailable during the AS upgrade process and must restart when the upgrade Mote is completed Any connections to or through the Wireless Access Point will be lost 76 Appendix A Specifications Wireless Access Point Hardware Specifications CPU Atheros AR9132 Radio on Chip Atheros AR9103 DRAM 32 Mbytes Flash ROM 8 Mbytes LAN port 1 x Auto MDIX RJ 45 for 10 100 1000Mbps PoE port IEEE 802 3af compliance 11b Embedded Atheros solution Network Standard IEEE 802 11b Wi Fi and IEEE 802 1 1g compliance OFDM 802 11b CCK 11 Mbps 5 5 Mbps DQPSK 2 Mbps DBPSK 1 Mbps Operating Frequencies 2 412 2 497 GHz Operating Channels 802 11g 11 for North America 13 for Europe ETSI 14 for Japan 802 11b 11 for North America 14 for Japan 13 for Europe ETSI lin IEEE802 11n draft 2 0 compliant Rx Sensitivity 11 n 300Mbps 69dBm 11 g 54Mbps 73dBm 11 b 11Mbps 88dBm Antennae 3 x 2dbi detachable antenna Operating temperature 0
49. d IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 91 Appendix D About Wireless LANs Overview Wireless networks have their own terms and jargon It is necessary to understand many of these terms in order to configure and operate a Wireless LAN Wireless LAN Terminology Modes Wireless LANs can work in either of two 2 modes e Ad hoc e Infrastructure Ad hoc Mode Ad hoc mode does not require an Access Point or a wired Ethernet LAN Wireless Sta tions e g notebook PCs with wireless cards communicate directly with each other Infrastructure Mode In Infrastructure Mode one or more Access Points are used to connect Wireless Stations e g Notebook PCs with wireless cards to a wired Ethernet LAN The Wireless Stations can then access all LAN resources Access Points can only function in Infrastructure mode and can communicate only with Wireless Stations which are Motel setto Infrastructure mode SSID ESSID BSS SSID A group of Wireless Stations and a single Access Point all using the same ID SSID form a Basic Service Set BSS Using the same SSID is essential Devices with different SSIDs are unable to communi cate with each other However some Access Points allow connec
50. displayed e If displayed before the name of the VAP this indicates the VAP is currently enabled If not displayed the VAP is currently disabled e VAP Name The current VAP name is displayed e SSID The current SSID associated with this VAP e Security System The current security system e g WPA PSK is dis played Enable Button Enable the selected VAP Configure Button Change the settings for the selected VAP Disable Button Disable the selected VAP Isolation Isolate all Virtual APs If this option is enabled wireless clients using different VAPs from each other different SSIDs are isolated from each other so they will NOT be able to communicate with each other They will still be able to communicate with other clients using the same profile unless the Wireless Separation setting on the Advanced screen has been enabled 20 Access Point Setup Virtual AP Screen This screen is displayed when you select a VAP on the Virtual AP Settings screen and click the Configure button LAE VAP Name VAP Name 0 SSID wireless 0 Broadcast SSID Disable Enable Isolation within VAP Disable Enable Sala Security System Figure 12 Virtual AP Screen VAP Data Enter the desired settings for each of the following VAP Name Enter a suitable name for this VAP SSID Enter the desired SSID Each VAP must have a unique SSID Broadcast SSID If Disabled no SSID is broadc
51. f using Windows 2000 you can install SP3 Service Pack 3 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to your vendor s documentation for setup instructions The following instructions assume that e You are using Windows XP e You are connecting to a Windows 2000 server for authentication e You already have a login User name and password on the Windows 2000 server Client Certificate Setup 1 Connect to a network which doesn t require port authentication 2 Start your Web Browser In the Address box enter the IP address of the Windows 2000 Server followed by certsrv e http 192 168 0 2 certsrv 3 You will be prompted for a user name and password Enter the User name and Password assigned to you by your network administrator and click OK Connect to 192 168 0 2 Connecting to 192 168 0 2 User name Password Remember my password Figure 43 Connect Screen 4 On the first screen below select Request a certificate click Next 53 Wireless Access Point User Guide Zi Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help Q O x A f P search Sie Favorites Media e Address amp http 192 168 0 2 certsrv Microsoft Certificate Sen Welcome You use this web site to request a certificate for your web browser e mail client or o
52. face The default values are admin for the User Name and password for the Password 3 Once connected you can use any of the commands listed in the following Command Reference Command Reference The following commands are available get authentication Display Authentication Type of WEP get beaconinterval Display Beacon Interval 95 get channel get country get defaultkey get description get dhcp get dhcpserverendip get dhcpserverstartip get dnsserver get dotl xdynkeyupdate get dot 1 xdynkeylife get dotlxkeytype get fragthreshold get gateway get gtkupdate get gtkupdateinterval get http get httpport get https get httpsport get ipaddr get ipmask get isolation get key get keylength get Iltd get md5supplicant get md5suppname get md5supppassword get md5supptype get nativevlanid get ntp get operationmode get password get psk get radiusserver Wireless Access Point User Guide 96 get radiusport get radiussecret get remoteptmp get remoteptp get roguedetect get rogueinteval get roguelegal get roguetrap get roguetype get rtsthreshold get security get shortpreamble get snmpreadcommu nity get snmpwritecommu nity get snmpmode get snmpmanagemode get snmptrapmode get snmptrapversion get snmpv3username get snmpv3authproto get snmpv3authkey get snmpv3privproto get snmpv3privkey get ssid get ssidbroadcast get stp get strictgtkupdate get syslo
53. fetime 60 minutes O Update Group Key when any membership terminates Figure 19 WPA2 with Radius Wireless Security Screen Data WPA2 with Radius Screen WPA2 with Radius WPA Encryption The encryption method is AES Wireless Stations must also use Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 29 Wireless Access Point User Guide Security Settings WPA and WPA2 with Radius EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using EITHER WPA or WPA2 standard Wg VAP Name VAP Name 0 SSID wireless 0 Broadcast SSID Disable Enable Isolation within VAP Disable Enable idd Security System WPA and WPA2 with Radius WPA Encryption TKIP AES v Key Updates O Group Key Update Key Lifetime minutes O Update Group Key when any membership terminates Figure 20 WPA and WPA2 with Radius Wireless Security Screen Data WPA and WPA2 with Radius Screen WPA and WPA2 with R
54. fic Time US amp Canada Tijuana O Adjust for Daylight Saving Time NTP Server Name IP Address Current Time 2008 01 01 00 08 48 Figure 8 System Basic Settings Screen Data System Basic Settings Screen Identification Access Point Enter a suitable name for this Access Point Name Description If desired you can enter a description for the Access Point Country Domain The country or domain which is matching your current location MAC Address The MAC address is displayed IP Settings DHCP Client Select this option if you have a DHCP Server on your LAN and you wish the Access Point to obtain an IP address automatically 13 Wireless Access Point User Guide Fixed IP Address DHCP Server Wins Server Name IP Address TimeZone TimeZone NTP Server Name IP Address If selected the following data must be entered IP Address The IP Address of this device Enter an unused IP address from the address range on your LAN Subnet Mask The Network Mask associated with the IP Address above Enter the value used by other devices on your LAN Gateway The IP Address of your Gateway or Router Enter the value used by other devices on your LAN DNS Enter the DNS Domain Name Server used by PCs on your LAN If Enabled the Access Point will allocate IP Addresses to PCs DHCP clients on your LAN when they start up The default and recommended value is Enabled The Start IP Addres
55. g get syslogport get syslogserver get syslogseverity get systemname get telnet Appendix E Command Line Interface Display SNMP Read Community Display SNMP Write Community 97 Wireless Access Point User Guide 98 Appendix E Command Line Interface set dotI xdynkeylife Set 802 1x Dynamic Key Life Time in Minutes set dotlxkeytype Set 802 1x Distribute Key Method set fragthreshold set gateway set groupkeyupdate set groupkeyupdatein terval set http set httpport set https set httpsport set ipaddr set ipmask set isolation set key set keylength set Iltd set mdSsupplicant set mdSsuppname set mdSsupppassword set mdSsupptype set nativevlanid set ntp set operationmode set password set psk set radiusserver set radiusport set radiussecret set remoteptmp set remoteptp set roguedetect set rogueinteval set roguelegal set roguesnmp Set Fragment Threshold Set Gateway IP Address Set Group Key Update Mode Set Group Key Update Interval in Minutes 99 Wireless Access Point User Guide set snmpreadcommu Set SNMP Read Community nity set snmpwritecommu Set SNMP Write Community nity set snmpmode Set SNMP Mode set snmpmanagemode Set SNMP Manager Mode set snmptrapmode Set SNMP Trap Mode set snmptrapversion Set SNMP Trap Version set snmpv3username Set SNMP v3 User Name set snmpv3authproto Set SNMP v3 Authentication Protocol set snmpv3privprot
56. he command prompt 2 Follow all of the default prompts ensure that DNS is installed and enabled during installa tion Services Installation 1 Select the Control Panel Add Remove Programs 2 Click Add Remove Windows Components from the left side 3 Ensure that the following components are activated selected e Certificate Services After enabling this you will see a warning that the computer cannot be renamed and joined after installing certificate services Select Yes to select certificate services and continue e World Wide Web Server Select World Wide Web Server on the Internet Information Services IIS component e From the Networking Services category select Dynamic Host Configuration Protocol DHCP and nternet Authentication Service DNS should already be selected and in stalled 43 Wireless Access Point User Guide Windows Components Wizard Windows Components You can add or remove components of Windows 2000 I Accessories and Utilities A Certificate Services O Q Cluster Service PP Indexing Service Vl BEY Internet Information Services US Figure 27 Components Screen 4 Click Next 5 Select the Enterprise root CA and click Next Windows Components Wizard Certification Authority Type There are four types of certification authorities Figure 28 Certification Screen 6 Enter the information for the Certificate Authority and click Next PC and Server Configuratio
57. ings used by Wireless Stations Click Basic Settings on the Wireless menu to view a screen like the following Wireless Lan Turn Radio On Wireless Mode Mixed 802 11n 802 11b and 802 119 Auto Channel Scan Disable vl Channel Frequency 6 v Channel Bandwidth Standard 20MHz Extension Sub Channel Operation feng Operation Mode Access Point Figure 10 Wireless Basic Screen Data Wireless Basic Settings Screen Operation Turn Radio On Enable this to use the wireless feature Wireless Mode Select the desired option e Disable select this if for some reason you do not this AP to transmit or receive at all e 802 11b if selected only 802 11b connections are allowed 802 11g wireless stations will only be able to connect if they are fully backward compatible with the 802 11b standard e 802 11g only 802 11g connections are allowed If you only have 17 Wireless Access Point User Guide 802 1 1g selecting this option may provide a performance im provement over using the default setting 802 11n only 802 11n connections are allowed If you only have 802 1 In selecting this option may provide a performance im provement over using the default setting 802 11b and 802 11g this will allow connections by both 802 1 1b and 802 11g wireless stations 802 11n and 802 11g this will allow connections by both 802 1 In and 802 11g wireless stations Mixed 802 11n 802
58. isplayed when the Log button on the Status screen is clicked Data Activity Log Data Current Time Currenttime 2008 01 01 00 07 39 Jan 1 00 00 29 kernel wireless 0 00 C0 02 FF C3 B9 Open Authentication Jan 1 00 00 29 kernel wireless 0 00 C0 02 FF C3 B9 Associated Jan 1 00 03 31 kernel wireless 0 00 C0 02 FF C3 B9 Open Authentication Jan 1 00 03 31 kernel wireless 0 00 C0 02 FF C3 B9 Associated Figure 56 Activity Log Screen The system date and time is displayed Log Buttons Refresh The Log shows details of the connections to the Wireless Access Point Update the data on screen Save to File Save the log to a file on your pc Clear Log This will delete all data currently in the Log This will make it easier to read new messages 65 Wireless Access Point User Guide Station List This screen is displayed when the Stations button on the Status screen is clicked Data Station MAC Address Mode SSID Figure 57 Station List Screen List Screen Station List MAC Address The MAC physical address of each Wireless Station is displayed Mode The mode of each Wireless Station SSID This displays the SSID used the Wireless station Because the Wire less Access Point supports multiple SSIDs different PCs could connect using different SSIDs Refresh Button Update the data on screen 66 Chapter 6 Access Point Managemen
59. ite Community private LEE Username Authentication Protocol Authentication Key Privacy Protocol Privacy Key LLELEPLIER Any Station O Only this Station Version Version 1 Receiver 255 255 255 Figure 61 SNMP Screen Data SNMP Screen General SNMP Use this to enable or disable SNMP as required Read Only com Data can be read but not changed munity Read Write Com Data can be read and setting changed munity SNMPv3 User Name Enter the user name for SNMPv3 Authentication Select the authentication protocol used by SNMPv3 Protocol Authentication Enter the authentication key required by SNMPv3 Key 72 Private Protocol Private Key Managers Any Station Only this station Traps Version Receiver Access Point Management Select the private protocol as required Enter the private key here The IP address of the manager station is not checked The IP address is checked and must match the address you enter in the IP address field provided If selected you must enter the IP address of the required station Select the desired option as supported by your SNMP Management program Select this to have Trap messages sent to the specified PC only You must enter the IP Address of the desired PC 73 Wireless Access Point User Guide Log Settings
60. lient Vendor Manufacturer of RADIUS proxy or NAS I Day And Time Restrictions Time periods and days of week during wh Framed Protocol The protocol to be used NAS Identifier String identifying the NAS originating the r NAS IP Address IP address of the NAS originating the requ NAS Port Type Type of physical port used by the NAS ori Service Type Type of service user has requested Tunnel Type Tunneling protocols to be used Windows Groups Windows groups that user belongs to Figure 40 Attribute Screen Click Permitted then OK Select Next 10 Select Grant remote access permission Click Next 50 PC and Server Configuration 11 Click Edit Profile and select the Authentication tab Enable Extensible Authentication Protocol and select Smart Card or other Certificate Deselect other authentication meth ods listed Click OK mm Dial in Profile Smart Card or other Certificate Figure 41 Authentication Screen 12 Select No if you don t want to view the help for EAP Click Finish 51 Wireless Access Point User Guide 1 Select Start Programs Administrative Tools Active Directory Users and Computers 2 Double click on the user who you want to enable 3 Select the Dial in tab and enable Allow access Click OK alex Properties Figure 42 Dial in Screen 52 PC and Server Configuration 802 1x Client Setup on Windows XP Windows XP ships with a complete 802 1x client implementation I
61. mentation 81 Appendix C Windows TCP IP Overview Normally no changes need to be made By default the Wireless Access Point will act as a DHCP client automatically obtaining a suitable IP Address and related information from your DHCP Server If using Fixed specified IP addresses on your LAN instead of a DHCP Server there is no need to change the TCP IP of each PC Just configure the Wireless Access Point to match your existing LAN The following sections provide details about checking the TCP IP settings for various types of Windows should that be necessary C l 2 9 hecking TCP IP Settings Windows 9x ME Select Control Panel Network You should see a screen like the following Network L2 x Configuration Identification Access Control The following network components are installed 5 NetBEUI gt PCI Fast Ethernet Adapter RS NetBEUI gt Dial Up Adapter Hf NetBEUI gt Dial Up Adapter 2 VPN Supporti Y TCP IP gt PCI Fast Ethernet Adapter s TCP IP gt Dial Up Adapter rs TCP IP gt Dial Up Adapter 2 VPN Support File and printer sharing for NetWare Networks X 4 gt Add Remove Properties Figure 65 Network Configuration Select the TCP IP protocol for your network card Click on the Properties button You should then see a screen like the following 82 Appendix C Windows TCP IP TCP IP Properties ME Bindings Advanced NetBI
62. n Windows Components Wizard CA Identifying Information Enter information to identify this CA CA name WielessCA 70000 Organization Organization Organizational unit Systems 70000 City Oakland 7 State or province ca Country region us Emek Jed yourdomsintid 0 CA description Wireless 7 Valid for p hes rz Expires 2717 2005 6 39 PM coen Figure 29 CA Screen 7 Click Next if you don t want to change the CA s configuration data 8 Installation will warn you that Internet Information Services are running and must be stopped before continuing Click Ok then Finish DHCP server configuration 1 Click on the Start Programs Administrative Tools DHCP 2 Right click on the server entry as shown and select New Scope DHCP Boros Display Statistics Configure the DHCP Server fore a DHCP server can issue IP dresses you must create a scope and Reconcile All Scopes orize the DHCP server Authorize New Multicast Scope cope is a range of IP addresses that is Define User Classes signed to computers requesting a Define Vendor Classes namic IP address Authorization is a Set Predefined Options curity precaution that ensures that only thorized DHCP servers run on your Al Tasks twork View o add a new scope on the Action menu Delete k New Scope Refresh o authorize this DHCP server on the Propter tion menu click Authorize
63. nfig File Screen Backup Save a copy of cur rent settings to a file Once you have the Access Point working properly you should back up the settings to a file on your computer You can later restore the Access Point s settings from this file if necessary To create a backup file of the current settings e Click Backup e If you don t have your browser set up to save downloaded files automatically locate where you want to save the file re name it if you like and click Save Restore To restore settings from a backup file 1 Click Browse 2 Locate and select the previously saved backup file 3 Click Restore Restore saved settings from a file 70 Defaults Revert to factory default settings Access Point Management To erase the current settings and restore the original factory default settings click Set to Defaults button Note e This will terminate the current connection The Access Point will be unavailable until it has restarted e By default the Access Point will act as a DHCP client and automatically obtain an IP address You will need to deter mine its new IP address in order to re connect 71 Wireless Access Point User Guide SNMP Simple Network Management Protocol is only useful if you have a SNMP program on your PC To reach this screen select SVMP in the Management section of the menu General SNMP Disable v Read Only Community _ public Read Wr
64. nsensen onsensen ennt nen on vensenseeoneens 90 APPENDIX D ABOUT WIRELESS LANS nons vossen oosseso oons ooso vonc onse voncenseoonvenceeonvenveen 92 Overview P 92 Wireless LAN Terminology esse vennonnevenvennveonvenseenseonsenseenserssensennssensenenvennennseonsenneene 92 APPENDIX E COMMAND LINE INTERFACE eese eee onsensen onsennen oncensens 95 Overview ses venvenso ons vonsense A TA T 95 Command Reference 95 Chapter 1 Introduction This Chapter provides an overview of the Wireless Access Point s features and capabilities Congratulations on the purchase of your new Wireless Access Point The Wireless Access Point links your Wireless Stations to your wired LAN The Wireless stations and devices on the wired LAN are then on the same network and can communicate with each other without regard for whether they are connected to the network via a Wireless or wired connection ae B BN Wireless Stations Wireless Access Point i aum Wired Lan Figure 1 Wireless Access Point Features of your Wireless Access Point The Wireless Access Point incorporates many advanced features carefully designed to provide sophisticated functions while being easy to use e Standards Compliant The Wireless Access Point complies with the IEEE802 11g and IEEE802 1 In draft 2 0 specifications for Wireless LANs e Suppo
65. o Set SNMP v3 Private Protocol lt 100 Appendix E Command Line Interface factoryrestore Restore to Default Factory Settings apply To make the changes take effect 101
66. of the screens and features available on the Management menu 9 Usethe Apply and Reboot buttons on the menu to apply your changes and restart the Wireless Access Point Setup is now complete Wireless stations must now be set to match the Wireless Access Point See Chapter 4 for details If you can t connect It is likely that your PC s IP address is incompatible with the Wireless Access Point s IP address This can happen if your LAN does not have a DHCP Server The default IP address of the Wireless Access Point is 192 168 0 228 witha Network Mask of 255 255 255 0 If your PC s IP address is not compatible with this you must change your PC s IP address to an unused value in the range 192 168 0 1 192 168 0 254 with a Net work Mask of 255 255 255 0 See Appendix C Windows TCP IP for details for this procedure 12 Access Point Setup System Basic Settings Screen Click Basic Settings on the System menu to view a screen like the following Access Point Name c123588 Description Country Domain United States v Ue DHCP Client Fixed IP Address IP address 192 168 0 228 Subnet Mask 255 255 255 0 Gateway 192 168 0 1 DNS D D 0 10 O DHCP Server Start IP Address p 2 End IP Address 7 p E 25 Wins Server Name IP Address LLULLA GMT 08 00 Paci
67. ollowed by the Default Name of the Wireless Access Point e g ping SC003318 3 Check the output of the ping command to determine the IP address of the Wireless Access Point as shown below 5PDdosnt Microsoft Windows 2666 Version 5 66 2195 lt C Copyright 1985 2666 Microsoft Corp C gt ping sc483318 Pinging sc 3318 192 168 08 51 with 32 bytes of data 168 51 bytes 32 time lt i ms 168 6 51 byte time lt i ms 168 51 byte time lt 1 ms 168 08 51 bytes 32 time lt i ms Figure 64 Ping If your PC uses a Fixed Static IP address ensure that it is using an IP Address which is compatible with the Wireless Access Point If no DHCP Server is found the Wireless Access Point will default to an IP Address and Mask of 192 168 0 228 and 255 255 255 0 On Windows PCs you can use Control Panel Network to check the Properties for the TCP IP protocol My PC can t connect to the LAN via the Wireless Access Point 80 Appendix B Troubleshooting Solution 2 Check the following The SSID and WEP settings on the PC match the settings on the Wire less Access Point On the PC the wireless mode is set to Infrastructure If using the Access Control feature the PC s name and address is in the Trusted Stations list If using 802 1x mode ensure the PC s 802 1x software is configured correctly See Chapter 4 for details of setup for the Windows XP 802 1x client If using a different client refer to the vendor s docu
68. ootuasensssosvadendnsseosievedsesesesente 17 Basic SCFEEN iere eee oessen ee etes Vu De V eee PY es edo everest e Tae vr eee seu aive ee ve eee venu 17 Virtual AP Settings R 20 Virtual uidelicet 21 Radius Server Settings eerie onse vonvenneeonvenseonsenneensennsennsensennnsenseneneensennseonvenneere 33 EXITTEOnu mE Advanced Settings Wi Fi Protected Setup CHAPTER 4 PC AND SERVER CONFIGURATION eere ono onse vonconseeenvenseesseense 40 OVEN VIEW pee 40 USING VEU uie 40 Using WPA PSK WPA2 PSK ene enneoenvensoesseonseosvessoorsenseenssensennsvennennnoensennseenvens 41 USin dW PA Enterprise iicscscsssscsasens svessestnassevasesonossessessanssuesecnassdecceeaasposesseunss YER e ea E Peu se ERR 42 802 1x Server Setup Windows 2000 Server cese eerte eensve enne een eerte 43 802 1x Client Setup on Windows XP eee eee eee eee eee ons onsen oncensen onvennen instat enean 53 Using 802 1x Mode without WPA ven sensen onsonsen onvensen teste ntn tnt ta ven senso eon sense ene sennene 59 CHAPTER 5 OPERATION AND STATUS as vaas eee ooo eene seen ene sense tns ons oesoe ons enseee 60 Operation sen M 60 Status Screen P 60 CHAPTER 6 ACCESS POINT MANAGEMENT eere vonsensen tente ntn so oon von natn oon
69. rate button to have the new pin code displayed in the field It displays the current WPS status It displays the network name in use The current security method is displayed The current status of Passphrase 1s displayed 39 Chapter 4 PC and Server Configuration This Chapter details the PC Configuration required for each PC on the local LAN Overview All Wireless Stations need to have settings which match the Wireless Access Point These settings depend on the mode in which the Access Point is being used e fusing WEP or WPA PSK it is only necessary to ensure that each Wireless station s settings match those of the Wireless Access Point as described below e For 802 1x modes configuration is much more complex The Radius Server must be configured correctly and setup of each Wireless station is also more complex For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive Wireless e Each Wireless station must be set to use WEP data encryption Security e The Key size 64 bit 128 bit 152 bit must be set to match the Access Point e The keys values on the PC must match the key values on the Access Point Note On some systems the key sizes may be
70. rcomm com tw P E A Computer Configuration m Software Settings tm Windows Settings i Scripts Startup Shutdown EN Security Settings Account Policies g Local Policies E dej Event Log 1 C Restricted Groups ca System Services CI Registry G File System Eg Public Key Policies CJ Encrypted Data Recovery Agents g Trusted Root Certification Authorities CJ Enterprise Trust a IP Security Policies on Active Directory B Administrative Templates B5 rd User Configuration B Software Settings m Windows Settings E G Administrative Templates Se ee eed Astart S A e Clpbosrdos 1r Active directory GPcroup Policy E Group potic SE 2 56PM Figure 37 Group Policy Screen 8 When the Certificate Request Wizard appears click Next 9 Select Computer then click Next Automatic Certificate Request Setup Wizard x Certificate Template S The nest time a computer logs on a certificate based on the template you select is ANS provided E certificate template is a set of predefined properties for certificates issued to Select a template from the following list Intended Purposes Client Authentication Server Authenticatior Domain Controller Client Authentication Server Authenticatior Enrollment Agent Computer Certificate Request Agent IPSEC 1 3 6 1 5 5 8 2 2 Figure 38 Certificate Template Screen 10 Ensure that your certificate authority is checked then click Next
71. rts lIn Wireless Stations The 802 11n Draft standard provides for backward compatibility with the 802 11b standard so 802 1 In 802 11b and 802 11g Wireless sta tions can be used simultaneously e Bridge Mode Support The Wireless Access Point can operate in Bridge Mode con necting to another Access Point Both PTP Point to Point and PTMP Point to Multi Point Bridge modes are supported And you can even use both Bridge Mode and Access Point Mode simultaneously e WPS Support WPS Wi Fi Protected Setup can simplify the process of connecting any device to the wireless network by using the push button configuration PBC on the Wire less Access Point or entering a 8 digit PIN code if there s no button Wireless Access Point User Guide DHCP Client Support Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request The Wireless Access Point can act as a DHCP Client and obtain an IP address and related information from your existing DHPC Server Upgradeable Firmware Firmware is stored in a flash memory and can be upgraded easily using only your Web Browser PoE Support You can use PoE Power over Ethernet to provide power to the Wireless Access Point so only a single cable connection is required Security Features Virtual APs For maximum flexibility wireless security settings are stored in Virtual AP Up to 4 Virtual APs can be defined and used as any time Multiple BSSIDs
72. s and Finish IP Address fields set the values used by the DHCP server when allocating IP Addresses to DHCP clients This range also determines the number of DHCP clients supported Enter the server name or IP address of the Wins Server Choose the Time Zone for your location from the drop down list If your location is currently using Daylight Saving enable the Adjust for Daylight Saving Time checkbox You must UNCHECK this checkbox when Daylight Saving Time finishes Enter the server name or IP address of the NTP 14 Access Point Setup System Advanced Settings Screen Click Advanced Settings on the System menu to view a screen like the following Enable 802 1Q VLAN Native Vian nh AP Management Vlan VAP Name VLAN ID VAP Name 0 VAP Name 1 VAP Name 2 VAP Name 3 VAP Name 4 VAP Name 5 VAP Name 6 VAP Name 7 ook oh h JU Network Integrality Check Enable Bonjour Enable Link Layer Topology Discovery LLTD Enable Spanning Tree Protocol 802 1d s Enable 802 1X Supplicant on Ethernet Network Rd Authentication via MAC Address Authentication via Name and Password Name Password Figure 9 System Advanced Settings Screen 15 Wireless Access Point User Guide Data System Advanced Settings Screen VLAN Enable 802 1Q This option is only useful if the hubs switches on your
73. s support SNMP vl amp v2c amp v3 LLTD Only wired users to be able to control Auto configuration Other Features DHCP client WINS client Radius client Enable Disable wireless Network Integrality Check FTP client Firmware Upgrade HTTP FTP network protocol download 79 Appendix B Troubleshooting Overview This chapter covers some common problems that may be encountered while using the Wireless Access Point and some possible solutions to them If you follow the suggested steps and the Wireless Access Point still does not function properly contact your dealer for further advice General Problems Problem 1 Solution 1 Problem 2 Can t connect to the Wireless Access Point to configure it Check the following e The Wireless Access Point is properly installed LAN connections are OK and it is powered ON Check the LEDs for port status e Ensure that your PC and the Wireless Access Point are on the same network segment If you don t have a router this must be the case e If your PC is set to Obtain an IP Address automatically DHCP client restart it e You can use the following method to determine the IP address of the Wireless Access Point and then try to connect using the IP address in stead of the name To Find the Access Point s IP Address 1 Open a MS DOS Prompt or Command Prompt Window 2 Use the Ping command to ping the Wireless Access Point Enter ping f
74. s used for authentication for Authentication the Radius Server 802 1x Typically EAP TLS is used This is a dynamic key system so keys do Encryption NOT have to be entered on each Wireless station However you can also use a static WEP key EAP MD5 the Wireless Access Point supports both methods simultaneously Radius Server Configuration If using WPA Enterprise mode the Radius Server on your network must be configured as follow e It must provide and accept Certificates for user authentication e There must be a Client Login for the Wireless Access Point itself e The Wireless Access Point will use its Default Name as its Client Login name How ever your Radius server may ignore this and use the IP address instead e The Shared Key set on the Security Screen of the Access Point must match the Shared Secret value on the Radius Server e Encryption settings must be correct 42 PC and Server Configuration 802 1x Server Setup Windows 2000 Server This section describes using Microsoft Internet Authentication Server as the Radius Server since it is the most common Radius Server available that supports the EAP TLS authentication method The following services on the Windows 2000 Domain Controller PDC are also required e dhcpd e dns e rras e webserver IIS e Radius Server Internet Authentication Service e Certificate Authority Windows 2000 Domain Controller Setup 1 Run depromo exe from t
75. senseen 67 OVERVIEW D 67 Admin Login Screen 67 Auto Config Update 69 Config 70 SIDA E AE ER 72 Log Settings P 74 Firmware Upgrade EKSE 76 APPENDIX A SPECIFICATIONS sscsscsssssscssssesosssessssssssersceseesesesessssesesesssssessesssssosseses 77 Wireless Access Point 77 APPENDIX B TROUBLESHOOTING sove on von ooo seseosen totns ene ooo eosensensven envensen seonenvee 80 OVETVIEW EN 80 General Problems easensevenvennvoonvennoensvenseonseonsenseenseonsenseenseensenssrennennsoensennseensenneere 80 APPENDIX C WINDOWS TCP IP en sennv oon versen so oon von theta ven tatus ons sensa ens enne tns sense tne oneens 82 OVERVIEW E 82 Checking TCP IP Settings Windows 9x ME eese eee eee on vensen tn ens ven sees 82 Checking TCP IP Settings Windows NTA4 0Q eese eee ee esent tn nete natn eere 84 Checking TCP IP Settings Windows 2000 eere onsen sensoess vonsenseenssensennee 86 Wireless Access Point User Guide Checking TCP IP Settings Windows XP es easooso vonsenser onsensen onsennen onvensen tasto sensn 88 Checking TCP IP Settings Windows Vista eere vo
76. sing IEEE 602 1X is selected and Smart Card or other Certificate is selected from the EAP type de Wireless Network Connection Properties PR Authentication Advanced General Wireless Networks Select this option to provide authenticated network access for wired and wireless Ethernet networks Enable network access control using IEEE 802 1X EAP type Smart Card or other Certificate v Authenticate as computer when computer information is available C Authenticate as quest when user or computer information is unavailable Figure 49 Authentication Tab Encryption Settings The Encryption settings must match the APs Access Points on the Wireless network you wish to join e Windows XP will detect any available Wireless networks and allow you to configure each network independently 56 PC and Server Configuration e Your network administrator can advise you of the correct settings for each network 802 1x networks typically use EAP TLS This is a dynamic key system so there is no need to en ter key values Enabling Encryption To enable encryption for a wireless network follow this procedure 1 Click on the Wireless Networks tab d Wireless Network Connection Properties PIR ns General Wireless Networks Authentication Advanced v Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure d misslai
77. soft Networks B Intemet Protocol Version 6 TCP IPv6 Intemet Protocol Version 4 TCP IPv4 Link Layer Topology Discovery Mapper 1 0 Driver Link Layer Topology Discovery Responder Description TCP IP version 6 The latest version of the intemet protocol that provides communication across diverse interconnected networks 9 K K S amp NK OK Cancel Figure 73 Network Configuration Windows Vista 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following 90 Appendix C Windows TCP IP General You can get IPv6 settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IPv6 settings Obtain an IPv6 address automatically 7 Use the following IPv6 address IPv6 address Subnet prefix lengtt Default gateway Obtain DNS server address automatically Use the following DNS server addresses Preferred DNS se ver Alternate DNS server Ca Ces Figure 74 TCP IP Properties Windows Vista 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting To work correctly you need a DHCP server on your LAN Using a fixe
78. sub window where you can view Statistics on data transmitted or received by the Access Point Log Click this to open a sub window where you can view the activity log Stations Click this to open a sub window where you can view the list of all current Wireless Stations using the Access Point 61 Wireless Access Point User Guide Statistics Screen This screen is displayed when the Statistics button on the Status screen is clicked It shows details of the traffic flowing through the Wireless Access Point Up Time 3 11 12 VAPO Authentication Deauthentication Association Disassociation Reassociation 0 0 0 0 0 Received Transmitted Data 0 0 Management 0 0 Control 0 0 VAP1 Authentication Deauthentication Association Disassociation Reassociation 0 0 0 0 0 Received Transmitted Data 0 0 Management 0 0 Control 0 0 VAP2 Authentication Deauthentication Association Disassociation Reassociation 0 0 0 0 0 Received Transmitted Data 0 0 Management 0 0 Control 0 0 VAP3 Authentication Deauthentication Association Disassociation Reassociation 0 0 0 0 0 Received Transmitted Data 0 0 Management 0 0 Control 0 0 VAP4 Authentication Deauthentication Association Disassociation Reassociation 0 0 0 0 0 Received Transmitted Data 0 0 Management 0 0 Control 0 0 VAP5 Authentication Deauthentication Association Disassociation Reassociation 0 0 0 0 0 Received Transmitted Data 0 0 Management 0 0 Control 0 0 VAP6 Authentication Deauthentic
79. t This Chapter explains when and how to use the Wireless Access Point s Management Features Overview This Chapter covers the following features available on the Wireless Access Point s Manage ment menu Admin Login Auto Config Update Config File SNMP Settings Log Settings Upgrade Firmware Admin Login Screen The Admin Login screen allows you to assign a password to the Wireless Access Point This password limits access to the configuration interface The default password is password It is recommended that this be changed using this screen Admin User Name O Change Admin Passwo New Password Repeat New Password Admin Enable Wireless Web Access Connections Enable HTTP Admin connections HTTP Port Number 80 Enable HTTPS secure HTTP Admin connections HTTPS Port Number 143 O Enable Management via Telnet Figure 58 Admin Login Screen 67 Wireless Access Point User Guide Data Admin Login Screen Login Admin User Name Enter the login name for the Administrator Change Admin Password If you wish to change the Admin password check this field and enter the new login password in the fields below New Password Enter the desired login password Repeat New Password Admin Connections Re enter the desired login password Enable Wireless Web Enable this to allow wireless client access the device Access Enable HTT
80. t the desired option The default is Long The Short setting takes less time when used in a good environment The Protection system is intended to prevent older 802 11b devices from interfering with 802 1 1g transmissions Older 802 11b devices may not be able to detect that a 802 11g trans mission is in progress Normally this should be left at Auto 38 Access Point Setup Wi Fi Protected Setup Click WiFi Protected Setup on the Wireless menu to view a screen like the following Use one of the following for each WPS supported device Press the device s button then click Push Button Enter the device s PIN number then click Register Enter AP s PIN number 09013667 into your device You can change the Access Point s PIN number Enter the new PIN number 0901565 Aut WPS Status Unconfigured Network Name SSID wireless 0 Security None Passphrase no Figure 26 WPS Screen Data WPS Screen WPS Use one of the following Change AP Settings WPS Status Network Name Security Passphrase e If the first option is selected press the WPS button on the client device then click the Push button e Ifthe second option is selected enter the PIN code from the client device in this field and click Register button e fthe third option is selected enter the displayed PIN code to the client device Enter the desired pin value manually or click the Auto gene
81. ther secure program Once you acquire a certificate you will be able to securely identify yourself to other people over the web sign your e mail messages encrypt your e mail messages and more depending upon the type of certificate you request Select a task ORetrieve the CA certificate or certificate revocation list Request a certificate O Check on a pending certificate 8B internet v Figure 44 Wireless CA Screen 5 Select User certificate request and select User Certificate the click Next Microsoft Certificate Services Microsoft Internet Explorer DAR File Edit View Favorites Tools Help Qe b o x E JO search lg Favorites media e Address amp http 192 168 0 2 certsrv certrqus asp Microsoft Certificate Services Choose Request Type Please select the type of request you would like to make User certificate request O Advanced request Figure 45 Request Type Screen 6 Click Submit 54 PC and Server Configuration A Microsoft Certificate Services Microsoft Internet Explorer DAR Help Q eek ix a po Search Sr Favorites Meda Address http 192 168 0 2 certsrv certrabi asp type 0 File Edit View Favorites Tools Microsoft Certificat User Certificate Identifying Information All the necessary identifying information has already been collected You may now submit your request More Options gt gt AD Internet Figure 46 Iden
82. tifying Information Screen A message will be displayed then the certificate will be returned to you Click Install this certificate Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help Qs o x a Js Search Sf Favorites dif e Address amp http 192 168 0 2 certsrv certfnsh asp Microsoft Certificate Certificate Issued The certificate you requested was issued to you en Install this certificate B internet Figure 47 Certificate Issued Screen 8 You will receive a confirmation message Click Yes 55 Wireless Access Point User Guide Root Certificate Store AN Do you want to ADD the Following certificate to the Root Store Subject WirelessCA Systems Wireless Widgets College Park MD US ca yourdomain tld Issuer Self Issued Time Validity Thursday October 11 2001 through Saturday October 11 2003 Serial Number 76E748D0 66375643 4F77E081 551337C7 Thumbprint shal ESEC3FSD BA9B678E 79C055A8 51017043 BE7A0CB7 Thumbprint md5 6F171E64 D438B251 44242464 CD8E6189 Figure 48 Root Certificate Screen 9 Certificate setup is now complete 802 1x Authentication Setup 1 Open the properties for the wireless connection by selecting Start Control Panel Network Connections 2 Right Click on the Wireless Network Connection and select Properties 3 Select the Authentication Tab and ensure that Enable network access control u
83. tion Length 256 2346 2346 Beacon Interval 20 1000 100 RTS CTS Threshold 1 2347 2347 Preamble Type Short 802 11B Protection Mode Disabled Figure 25 Advanced Settings Data Advanced Settings Screen Options Worldwide Mode 802 11d WMM Enable WMM Support No Acknowledgement Parameters Disassociated Timeout Fragmentation Length Beacon Interval Enable this setting if you wish to use this mode and your Wire less stations support this mode Check this to enable WMM Wi Fi Multimedia support in the Access Point If WMM is also supported by your wireless clients voice and multimedia traffic will be given a higher priority than other traffic If enabled then WMM acknowledgement is disabled Depend ing on the environment disabling acknowledgement may increase throughput slightly This determines how quickly a Wireless Station will be consid ered Disassociated with this AP when no traffic is received Enter the desired time period Enter the preferred setting between 256 and 2346 Normally this can be left at the default value Enter the preferred setting between 20 and 1000 Normally this can be left at the default value 37 Wireless Access Point User Guide RTS CTS Threshold Preamble Type 802 11b Protection Mode Enter the preferred setting between 1 and 2347 Normally this can be left at the default value Selec
84. tions from Wireless Stations which have their SSID set to any or whose SSID is blank null ESS ESSID A group of Wireless Stations and multiple Access Points all using the same ID ESSID form an Extended Service Set ESS Different Access Points within an ESS can use different Channels To reduce interference it is recommended that adjacent Access Points SHOULD use different channels Appendix D About Wireless LANs As Wireless Stations are physically moved through the area covered by an ESS they will automatically change to the Access Point which has the least interference or best perform ance This capability is called Roaming Access Points do not have or require Roaming capabilities Channels The Wireless Channel sets the radio frequency used for communication e Access Points use a fixed Channel You can select the Channel used This allows you to choose a Channel which provides the least interference and best performance For 802 11g 13 channels are available in the USA and Canada but 1 Ichannels are available in North America if using 802 11b e fusing multiple Access Points it is better if adjacent Access Points use different Channels to reduce interference The recommended Channel spacing between adjacent Access Points is 5 Channels e g use Channels 1 and 6 or 6 and 11 e In Infrastructure mode Wireless Stations normally scan all Channels looking for an Access Point If more than one Access Point
85. to automatically configure the WEP Key s 24 Access Point Setup Security Settings WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and changes frequently Wg VAP Name VAP Name 0 SSID wireless O Broadcast SSID Disable Enable Isolation within VAP Disable Enable Security System WPA PSK Network Key WPA Encryption TKIP Key Updates C Group Key Update Key Lifetime 60 minutes C Update Group Key when any membership terminates Figure 15 WPA PSK Wireless Security Screen Data WPA PSK Screen WPA PSK Network Key WPA Encryption Group Key Update Key Lifetime Update Group key when any membership terminates Enter the key value Data is encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key The encryption method is TKIP Wireless Stations must also use TKIP This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly This field determines how often the Group key is dynamically updated Enter the desired value If enabled the Group key will be updated whenever any member leaves the group or disassociates from the Access Point 2
Download Pdf Manuals
Related Search