VX-AP1WPro User Manual
Contents
1. Trouble shooting This chapter covers some common problems that may be encountered while using the Wireless Access Point and some possible solutions to them If you follow the suggested steps and the Wireless Access Point still does not function properly contact your dealer for further advice Problem 1 Can t connect to the Wireless Access Point to configure it Solution 1 Check the following e The Wireless Access Point is properly installed LAN connections are OK and it is powered ON Check the LEDs for port status e Ensure that your PC and the Wireless Access Point are on the same network segment If you don t have a router this must be the case e If your PC is set to Obtain an IP Address automatically DHCP client restart it e You can use the following method to determine the IP address of the Wireless Access Point and then try to connect using the IP address in stead of the name To Find the Access Point s IP Address 1 Open a MS DOS Prompt or Command Prompt Window 2 Use the Ping command to ping the Wireless Access Point Enter ping followed by the Default Name of the Wireless Access Point e g ping SC003318 3 Check the output of the ping command to determine the IP address of the Wireless Access Point as shown below S PDdosnt Microsoft Windows 2666 Version 5 08 2195 lt C gt Copyright 1985 2000 Microsoft Corp C gt ping sc883318 Pinging sc 3318 192 168 51 with 32 byte2. Name The name you gave to this profile if you didn t change the name the default name is used SSID This displays the SSID associated with the profile Broadcast SSID This displays whether or not the SSID is broadcast VLAN ID This displays the VLAN ID of each security profile Security This displays the encryption method of each security profile Default value is None Status This displays whether or not this profile is enabled or currently used Clients This displays the number of wireless stations currently using in each security profile If the profile is disabled this will always be zero Setup 2 4 GHz Statistics Screen This screen is displayed when the 2 4GHz Statistics button on the Status screen is clicked It shows details of the traffic flowing through the Wireless Access Point Up Time Profile 0 Authentication 0 MSDU Data Multicast Management Control Profile 1 Authentication 0 MSDU Data Multicast Management Control 00 10 23 Deauthentication Association Disassociation Reassociation 0 0 0 0 Received Transmitted 0 1897 0 1853 0 1897 952 44 0 0 Deauthentication Association Disassociation Reassociation 0 0 0 0 Received Transmitted 0 0 0 0 0 0 o 9 9 9 Figure 10 Statistics Screen Data Statistics Screen System Up Time System Up Time Profiles Authentication This indicates how long the system has been running since the last restart or re
3. 802 1x Screen 802 1x Primary Radius Enter the name or IP address of the Primary Radius Server on Server Address your network Radius Port Enter the port number used for connections to the Radius Server Shared Key This is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server 53 Wireless Access Point User Guide Secondary Radius Server Address Radius Port Shared Key WEP Key Size Enter the name or IP address of the Secondary Radius Server on your network Enter the port number used for connections to the Radius Server This is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server Select the desired option e 64 Bit data is encrypted using the default key before being transmitted You must enter at least the default key For 64 Bit Encryption the key size is 5 chars ASCII or 10 chars in HEX 0 9 and A F e 128 Bit data is encrypted using the default key before being transmitted You must enter at least the default key For 128 Bit Encryption the key size is 13 chars ASCII or 26 chars in HEX 0 9 and A F e 156 Bit data is encrypted using the default key before being transmitted You must enter at least the default key For 156 Bit Encryption the key size is 16 chars ASCII or 32 chars in HEX 0 9 and A F Dynamic WEP key If checked the required WEP key is dyna
4. Both Bridge mode and AP mode can be used simultaneously unless AP mode is Client Repeater Select the desired Bridge mode None disable Disable Bridge mode Use this if you want to act a AP only WDS Point to Point Bridge PTP Bridge to a single AP You must provide the MAC address of the other AP in the PTP Bridge AP MAC Address field WDS Point to Multi Point Bridge PTMP Select this only if this AP is the Master for a group of Bridge mode APs The other Bridge mode APs must be set to Point to Point Bridge mode us ing this AP s MAC address They then send all traffic to this Master If required you can specify the MAC addresses of the APs which are allowed to connect to this AP in PTMP mode To specify the allowed APs Enable the checkbox In PTMP mode only allow specified APs Click the button Set PTMP APs On the resulting sub screen enter the MAC addresses of the allowed APs 29 Wireless Access Point User Guide PTP Bridge AP This is not required unless the Bridge Mode is Point to Point Bridge MAC Address PTP In this case You can either enter the MAC address directly or if the partner AP is on line and broadcasting its SSID you can click the Select AP button and select it from a list of available AP In PTMP mode This is only functional if using Point to Multi Point Bridge PTMP only allow mode If enabled you can specify the MAC addresses of the APs specified APs whi
5. Obtain an IP address from a DHCP server C Specify an IP address OK Cancel Ail Figure 70 Windows NT4 0 IP Address 98 Appendix B Troubleshooting 3 Select the network card for your LAN 4 Select the appropriate radio button Obtain an IP address from a DHCP Server or Specify an IP Address as explained below Obtain an IP address from a DHCP Server This is the default Windows setting This is the default Windows settings To work correctly you need a DHCP server on your LAN Using Specify an IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 99 Wireless Access Point User Guide 1 Select Control Panel Network and Dial up Connection 2 Right click the Local Area Connection icon and select Properties You should see a screen like the following Local Area Connection Properties 2 x General Connect using 8 Siemens Speedsveam PO 10 100 Configure Components checked are used by this connection Client for Microsoft Networks v 8 File and Printer Sharing for Microsoft Networks Internet Protocol TCP IP Install Uninstall Properties Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides comm
6. Operating Channels 802 11g 13 for North America 13 for Europe ETSI 14 for Japan 802 11b 11 for North America 14 for Japan 13 for Europe ETSI Operating temperature 0 55 C Storage temperature 20 C 70 C Power Adapter 24VDC 500ma Dimensions 141mm W x 100mm D x 27mm H Wireless Specifications Receive Sensitivity at 11Mbps min 85dBm Receive Sensitivity at 5 5Mbps min 89dBm Receive Sensitivity at 2Mbps min 90dBm Receive Sensitivity at 1Mbps min 93dBm Maximum Receive Level min 5dBm Transmit Power 18 dBm Modulation Direct Sequence Spread Spectrum BPSK QPSK CCK Throughput Up to 19 Mbps 90 Appendix A Specifications Operating Range Indoors e 30 Meters 100ft 11Mbps e 50 Meters 165ft 5 5Mbps e 70 Meters 230ft 2Mbps e 9 1Meters 300ft 1Mbps Outdoors e 152 Meters 500ft 11Mbps e 270 Meters 885ft 5 5Mbps e 396 Meters 1300ft 2 Mbps e 457 Meters 1500ft 1 Mbps Software Specifications Feature Details Wireless e Access point support e Roaming supported e JEEE 802 11g 11b compliance e Supper G up to 108Mbps e Auto Sensing Open System Share Key authentication e Wireless Channels Support e Automatic Wireless Channel Selection e Tx Power Adjustment e Country Selection e Preamble Type long or short support e RTS Threshold Adjustment e Fragmentation Thresho
7. Output Power Level Full x GUPAK Protection Type CTS only ORTS CTS Short Slot Time Enable Disable Protection Mode Auto Figure 18 Advanced Settings Data Advanced Settings Screen Basic Rate Basic Rate Selection Data Rate Options Worldwide Mode 802 11d XR eXtended Range Network Integrality Check The Basic Rate is used for broadcasting It does not determine the data transmission rate which is determined by the Mode setting on the Basic screen Select the desired option Do NOT select the 802 11g or ODFM options unless ALL of your wireless clients support this 802 11b clients will not be able to connect to the Access Point if either of these modes is selected Select the desired option always select best Enable this setting if you wish to use this mode and your Wireless stations support this mode Enable this setting if you wish to use this mode and your Wireless stations support this mode Network Integrality Check is one function that if the wired connect of AP is invalidate the AP will disable the wireless connection 31 Wireless Access Point User Guide WMM Wi Fi Multimedia Enable WMM Support No Acknowledgement Parameters Disassociated Timeout Fragmentation Beacon Interval RTS CTS Threshold Preamble Type Output Power Level 802 11b Protection Type Short Slot Time Protection Mode Protection Rate
8. every minutes 3 99 F Detection generates SNMP Trap Detect Now M No Security peo Notin Legal AP List Define Legal AP List Cancel Help Figure 63 Rogue AP Detection Screen Data Rogue AP Screen Enable Detection Enable Detection To use this feature enable the Enable Rogue AP Detection checkbox and select the desired wireless band and time interval Scan Select the desired Wireless band to scan to Rogue APs and enter the desired time interval between each scan Detection generates If using SNMP checking this option will cause a SNMP trap SNMP Trap to be generated whenever a Rogue AP is detected If not using SNMP do not enable this option Rogue Detection No Security If checked then any AP operating with security disabled is considered to be a Rogue AP Not in Legal AP List If checked then any AP not listed in the Legal AP List is considered to be a Rogue AP If checked you must maintain the Legal AP List Define Legal AP List Click this button to open a sub screen where you can modify the Legal AP List This list must contain all known APs so must be kept up to date 82 Other Settings amp Features SNMP Simple Network Management Protocol is only useful if you have a SNMP program on your PC To reach this screen select SVMP in the Management section of the menu General O Enable SNMP Managers Biel SNMP Version Read Only Community ReadiWrit
9. Setup Remote APs status The Remote AP Status screen is displayed when the Remote APs Status button on the Status screen is clicked When WDS function is used this screen can be displayed Local Mode Repeater Local Status connected Remote Device s MAC Address 00 C0 02 C0 F3 C4 Signal Strength 38 Link Status connected TX Rate 11 RX Rate 54 TX Packets 21 RX Packets 66 TX Bytes 1 RX Bytes 4 TX Retries 0 Rx duplicates 2 TX Error 8 RX Error o Figure 11 Remote AP Status Screen Data Remote AP Status Screen Local Mode This displays the current mode of local AP Local Status This displays the current status of local AP active connected Remote Device s e MAC Address This indicates the MAC address of remote AP e Signal strength This indicates the signal strength of remote AP e Link status This indicates the status of WDS link e Others Other items display the details of traffic 19 Wireless Access Point User Guide Log This screen is displayed when the Log button on the Status screen is clicked Currenttime 2004 Jan 1 01 46 49 GMT 2004 Jan 1 00 00 05 GMT AP activated Data Activity Log Data Current Time Figure 12 Activity Log Screen The system date and time is displayed Log Buttons Refresh The Log shows details of the connections to the Wireless Access Point Update the data on s
10. UAM Screen Enable Enable this if you wish to use this feature See the section above for details of using UAM Internal If selected then when a user first tries to access the Internet they will Web based be blocked and re directed to the built in login page The logon data is Authentication then sent to the Radius Server for authentication 41 Wireless Access Point User Guide External If selected then when a user first tries to access the Internet they will Web based be blocked and re directed to the URL below This needs to be on Authentication your own local Web Server The page must also link back to the built in login page on this device to complete the login procedure Login URL Enter the URL of the page on your local Web Server you wish users to see when they attempt to access the Internet but are not logged in Login Failure Enter the URL of the page on your local Web Server you wish users to URL see if their login fails This may be the same URL as the Login URL Security Settings WEP This is the 802 11b standard Data is encrypted before transmission but the encryption system is not very strong MOLLE Profile Name Profile00 SSID wireless 0 2 4G Broadcast SSID Disable Enable Wireless Separation Disable O Enable VLAN ID 1 SLAA Security System WEP v Data Encryption 64 bit Authentication Open System WEP Keys
11. Display Rogue AP Detection band s Display Rogue AP definition Display Rogue AP Detection SNMP Trap Enable Disable Display Legal AP List of Rogue AP Display Auto Config Enable Disable Display Respond to Auto Config request Enable Disable Display Provide admin login name and password Enable Disable Display Provide respond to Auto Config request Enable Disable Display Auto Update Enable Disable Display Install later version only Enable Disable Display Auto Update Interval 1 31days Display FTP Server address Display Firmware Pathname Display FTP Login Name Display FTP Password Display active Current Profile Display Profile Name Display Profile VLAN ID Display AP Primary Profile Display WDS Primary Profile Display Security Mode Display Accounting Enable Disable Display Accounting port number Display Encryption Key Value Display Encryption Key Length Display Encryption Key Index Display UAM Authentication Enable Disable Display UAM Authentication Method 112 get UAMLoginURL get UAMLoginFailURL get macAuth get snmpMode get snmpCommunity get snmpAccessRight get snmpAnyStaMode get snmpStationIPAddr get trapMode get trapVersion get trapSendMode get trapRecvip get wdsMacList get enableWirelessClient get isolationType get winsEnable get winsserveraddr get wirelessSeparate get description get dhcpmode get wlanstate help Lebradeb Is mem np ns ping radar reboot rm run Ap
12. Set Data Rate Set Data Rate Set Regulatory Domain Set Remote AP s Mac Address Set HW Transmit Retry Limit Set SW Transmit Retry Limit Set RTS CTS Threshold Set Short Preamble Set Short Slot Time Set SNTP NTP Server IP Address Set Software Retry Set ANI Parameter for Spur Immunity Level Set Service Set ID Set SSID Suppress Mode Super G Features Set Access Point System Name Set Telnet Mode Set Telnet Timeout Set Time Zone Setting Set Vendor Default Firmware Update Parameters Set Watchdog Mode Set WDS Mode Set Encryption Mode Set wlan state Set Wireless LAN Mode Set 802 11d mode Set http Enable Disable Set http port number Set https Enable Disable 116 set HttpsPort set syslog set syslogSeverity set syslogServer set manageOnlyLan set roguedetect set rogueinteval set rogueband set roguetype set roguesnmp set roguelegal set autoConfig set autoResponse set autoChangeName set autoSetResp set autoUpdate set autoUpgradeOnly set autoUpdatelnterval set ftpServer set fwPathname set ftpLogin set ftpPassword set activeCurrentProfile set profileName set profileVlanld set APPrimaryProfile set WDSPrimaryProfile set securityMode set Accounting set Accountingport set keyValue set keyLength Appendix C Windows TCP IP Set https port number Set syslog Disable Broadcast Unicast Set syslog Severity level Set unicast syslog server IP name Set Management only via LAN Enable Dis
13. and the Default Name of the Wireless Access Point e g HTTP SC2D631A 5 You should then see a login prompt which will ask for a User Name and Password Enter admin for the User Name and password for the Password These are the default values The password can and should be changed Always enter the current user name and password as set on the Admin Login screen Enter Network Password E 2 x D gt Please type your user name and password Site scff9496 Realm 802 119 Access Point User Name i Password I Save this password in your password list Cancel Figure 7 Password Dialog 6 You will then see the Status screen which displays the current settings and status No data input is possible on this screen See Chapter 5 for details of the Status screen 12 Setup 7 From the menu check the following screens and configure as necessary for your envi ronment Details of these screens and settings are described in the following sections of this chapter e Access Control MAC level access control e Security Profiles Wireless security e System Identification location and Network settings e Wireless Basic amp Advanced 8 You may also wish to set the admin password and administration connection options These are on the Admin Login screen accessed from the Management menu See Chapter 6 for details of the screens and features available on the Management menu 9 Use the Apply Restart button on th
14. Access Point User Guide 1 Select Control Panel Network Connection 2 Right click the Local Area Connection and choose Properties You should see a screen like the following 4 Local Area Connection Properties General Authentication Advanced Connect using E9 Siemens SpeedStream PCI 10 100 This connection uses the following items E Client for Microsoft Networks W r File and Printer Sharing for Microsoft Networks 2 QoS Packet Scheduler v Internet Protocol TCP IP Description Transmission Control Protocol Intermet Protocol The default wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected Figure 73 Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol TCP IP Properties General Altemate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Figure 74 TCP IP Properties Windows XP 102 Appendix B Troubleshooting 5
15. Check this to enable WMM Wi Fi Multimedia support in the Access Point If WMM is also supported by your wireless clients voice and multimedia traffic will be given a higher priority than other traffic If enabled then WMM acknowledgement is disabled Depend ing on the environment disabling acknowledgement may increase throughput slightly This determines how quickly a Wireless Station will be consid ered Disassociated with this AP when no traffic is received Enter the desired time period Enter the preferred setting between 256 and 2346 Normally this can be left at the default value Enter the preferred setting between 20 and 1000 Normally this can be left at the default value Enter the preferred setting between 256 and 2346 Normally this can be left at the default value Select the desired option The default is Long The Short setting takes less time when used in a good environment Select the desired power output Higher levels will give a greater range but are also more likely to cause interference with other devices Select the desired option The default is CTS only Enable or disable this setting as required The Protection system is intended to prevent older 802 11b devices from interfering with 802 11g transmissions Older 802 11b devices may not be able to detect that a 802 11g transmission is in progress Normally this should be left at Auto Select the desired option The default is 11 Mb
16. Data WPA2 PSK Screen WPA2 PSK Network Key Enter the key value Data is encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key WPA Encryption The encryption method is AES Wireless Stations must also use AES Key Updates These settings determine how often keys are changed e Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly and enter the desired time period Key Lifetime between key updates e Group Key Update when any membership terminates If enabled the Group Key will be updated whenever any member leaves the group or disassociates from the Access Point 45 Wireless Access Point User Guide Security Settings WPA PSK and WPA2 PSK This method sometimes called Mixed Mode allows clients to use EITHER WPA PSK with TKIP OR WPA2 PSK with AES COUR Profile Name ProfileOO SSID wireless 0 2 4G Broadcast SSID Disable Enable Wireless Separation Disable Enable VLAN ID 1 SHA Security System WPA PSK and WPA2 PSK v Network Key WPA Encryption TKIP AES Key Updates O Group Key Update Key Lifetime 50 minutes oO Update Group Key when any membership terminates Radius MAC Authentication UAM Current Status Disabled Configure Current Status Disabled Configure Figure 28 W
17. FirStepLevel Set Fragment Threshold Set Radio Frequency MHz Set Gateway IP Address Set 11g Beacon Rate Set Group Key Update Interval in Seconds Set 11g Draft 5 0 compatibility Set Host IP address Set IP Address Set IP Subnet Mask Select Encryption Key Entry Method Select Source Of Encryption Keys Modify Login User Name Set Minimum Rate Set Name Server IP address Set ANI Parameter for Noise Immunity Level Set Higher Trigger Threshold for OFDM Phy Errors for ANI Control Set Lower Trigger Threshold for OFDM Phy Errors for ANI Control Set ANI Parameter for OFDM Weak Signal Detection Set Tx power override Set operation Mode Modify Password Modify Passphrase Set Transmit Power Allow Ack Cts frames during quiet period Duration of quiet period Offset of quiet period into the beacon period Set RADIUS name or IP address Set RADIUS port number Set RADIUS shared secret 115 Wireless Access Point User Guide set rate set rate set rate set rate set rate set regulatorydomain set remoteAP set hwixretries set swtxretries set rtsthreshold set shortpreamble set shortslottime set sntpserver set softwareretry set spurlmmunityLvl set ssid set ssidsuppress set SuperG set systemname set telnet set timeout set tzone set updateparam set watchdog set wds set wep set wlanstate set wirelessmode set 80211d set http set HttpPort set https Set Data Rate Set Data Rate Set Data Rate
18. MAC i Configure Mutenteeton Current Status Disabled jur UAM Current Status Disabled Configure Figure 31 WPA and WPA2 with Radius Wireless Security Data WPA and WPA2 with Radius Screen WPA and WPA2 with Radius Primary Radius Enter the name or IP address of the Primary Radius Server on Server Address your network Radius Port Enter the port number used for connections to the Radius Server Shared Key This is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server Secondary Radius Enter the name or IP address of the Secondary Radius Server on Server Address your network Radius Port Enter the port number used for connections to the Radius Server 51 Wireless Access Point User Guide Shared Key This is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server WPA Encryption The encryption method is TKIP for WPA and AES for WPA2 Key Updates These settings determine how often keys are changed e Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly and enter the desired time period Key Lifetime be tween key updates e Group Key Update when any membership terminates If enabled the Group Key will be updated whenever any member leaves the group or disassociates from the Ac cess Point RADIUS Accounting Enable this if you wa
19. SCreen TOSSO EAE E EE 14 System SCHEEN scssicsncissovssencsesoesassvcssvecseassvnsdessesvedasonsecdeseasensnenssendeseaseesbsonseesosssbonseusasoeseuses 22 ACCESS COMEEOL sii ssiezsciseseassesseseseusseassiassessevesesssaunsnesonesonsavssonsesteesnsseessedadensseadeusscesoesddesesnane 25 W iTreless SCreens s csssescsdceaccessatasecssswasseesensssedocnsoussousssedsdansedeanesonsdoaassososontonsdea seuss onsscasoanese 28 Basic Settings Screen cscsssosssssssssssscssscsesssesssesseessoessosssonsseasonsssnssssssessvessnessscssesees 28 Advanced Settings e sesseseosseseosoesessessescosseseosoesessoseesossesoossesoessesoesossessossessossesosssesessossee 31 QOS Management ccsccssccsccssssscssscsscssscssscsssssesssecsecesecsseesscssscssscssssssesessessssseeseeees 33 SOCULILY Profiles cscsicsccsscuscecssesssestscvacecsssssdeesdevcsecbonsdoessusnsasstedssodesvetseasdonsseossasessocssossdossee 33 Security Profile Screen scssccssssssssssssscsscsescsecssssecssocssosssosssonscnssonsssssonssonssenssessvesees 35 CHAPTER 5 PC AND SERVER CONFIGURATION cssscssssssesssccscssccscssecssesessscseeees 55 OVEDVIOW S EIE A E E OEE ESE EE A 55 USING WEP E E EEE AN TAIRE EAT 55 Using WRA PSK a scaseassesssesvcassisssessesestsaassoaveosssasvenssassvesseseesedenscoveadesesbas Eea E e Vanir 56 Using WPA with Radius ccscscssssssscssscssscssscscecsssscesecsscessessecsscsscssscsssssessssssesesens 57 802 1x Server Setup Window
20. Screen 6 Add exclusions in the address fields if required If no exclusions are required leave it blank Click Next Change the Lease Duration time if preferred Click Next 8 Select Yes I want to configure these options now and click Next Enter the router address for the current subnet The router address may be left blank if there is no router Click Next 10 For the Parent domain enter the domain you specified for the domain controller setup and enter the server s address for the IP address Click Next New Scope Wizard E x Domain Name and DNS Servers The Domain Name System DNS maps and translates domain names used by clients on your network You can specify the parent domain you want the client computers on your network to use for DNS name resolution Parent domain Wireless yourdomain tld To configure scope clients to use DNS servers on your network enter the IP addresses for those servers Server name IP address R Add jesolye 192 168 0 250 Jemove ECEN Figure 38 DNS Screen 11 Ifyou don t want a WINS server just click Next 12 Select Yes I want to activate this scope now Click Next then Finish 13 Right click on the server and select Authorize It may take a few minutes to complete 61 Wireless Access Point User Guide Certificate Authority Setup 1 Select Start Programs Administrative Tools Certification Authority 2 Right click Policy Settings a
21. Security Profiles from each other Figure 20 Security Profiles Screen Data Security Profiles Screen Profile Profile List All available profiles are listed For each profile the following data is displayed If displayed before the name of the profile this indicates the profile is currently enabled If not displayed the profile is cur rently disabled e Profile Name The current profile name is displayed e SSID The current SSID associated with this profile e Security System The current security system e g WPA PSK is displayed e Band The Wireless Band 2 4 GHz 5GHz for this profile is dis played Profiles may be assigned to either or both Wireless Bands Buttons e Enable Enable the selected profile e Configure Change the settings for the selected profile e Disable Disable the selected profile Isolation Isolate all If this option is selected wireless clients using different profiles able to communicate with each other They will still be able to communicate with other clients using the same profile unless the Wireless Separation setting on the Advanced screen has been enabled different SSIDs are isolated from each other so they will NOT be Setup This screen is displayed when you select a Profile on the Security Profiles screen and click the Configure button MOU Profile Name Profile00 SSID wireless 0 2 4G Broadcast SSID Disable Enable Wireless Separa
22. a DHCP server can issue IP dresses you must create a scope and Reconcile All Scopes orize the DHCP server Authorize New Multicast Scope cope is a range of IP addresses that is Define User Classes signed to computers requesting a Define Vendor Classes namic IP address Authorization is a Set Predefined Options fcurity precaution that ensures that only thorized DHCP servers run on your All Tasks twork View o add a new scope on the Action menu Delete k New Scope Refresh o authorize this DHCP server on the Properhes tion menu click Authorize Help Create anew scope Figure 36 DHCP Screen 3 Click Next when the New Scope Wizard Begins 4 Enter the name and description for the scope click Next 5 Define the IP address range Change the subnet mask if necessary Click Next 60 Other Settings amp Features New Scope Wizard ki x IP Address Range You define the scope address range by identifying a set of consecutive IP addresses Enter the range of addresses that the scope distributes Start IP address 192 168 0 100 End IP address 192 168 0 200 subnet mask defines how many bits of an IP address to use for the network subnet IDs and how many bits to use for the host ID You can specify the subnet mask by length or as an IP address Lenath 24 Subnet mask 255 255 255 q lt Back Cancel Figure 37 IP Address
23. and then select Upgrade Firmware in the Manage ment section of the menu You will see a screen like the following JIC IEE Locate and select the upgrade file from your hard disk __ Upgrade cancel Help Figure 65 Firmware Upgrade Screen To perform the Firmware Upgrade 1 Click the Browse button and navigate to the location of the upgrade file 2 Select the upgrade file Its name will appear in the Upgrade File field 3 Click the Upgrade button to commence the firmware upgrade The Wireless Access Point is unavailable during the SES upgrade process and must restart when the up Notel grade is completed Any connections to or through the Wireless Access Point will be lost 85 Wireless Access Point User Guide There are two operation modes Access Point mode and Home Gateway mode You can select Yes or No to change it Current operate mode is Access Point Yes E Do you want to change to Home Gateway mode Please finish the following basic wireless setting for you can connect the device after device change to home gateway mode SSID wireless 0 2 46 Security System None v apply Restart Figure 66 Operation Mode Screen If you want to change Access Point mode to Home Gateway mode you should set SSID and Security System When the device worked as Home Gateway that it only provide wireless connect for LAN client And the Ethernet port will be
24. installed and ON then update the list by clicking the Refresh button Buttons Refresh Click this button to update the Wireless Access Point device listing after changing the name or IP Address Detail Info When clicked additional information about the selected Access Point will be displayed Web Management Use this button to connect to the Wireless Access Point s Web based management interface Set IP Address Click this button if you want to change the IP Address of the Wireless Access Point Exit Exit the Management utility program by clicking this button 10 Setup Setup Procedure Select the desired Wireless Access Point 2 Click the Set IP Address button 3 Ifprompted enter the user name and password The default values are admin for the User Name and password for the Password 4 Ensure the IP address Network Mask and Gateway are correct for your LAN Save any changes 5 Click the Web Management button to connect to the selected Wireless Access Point using your Web Browser If prompted enter the User Name and Password again 6 Check the following screens and configure as necessary for your environment Use the on line help if necessary The later sections in this Chapter also provide more details about each of these screens e Access Control MAC level access control e Security Profiles Wireless security e System Identification location and Network settings e Wirele
25. is correct Internet access is allowed Otherwise the user remains on the login page e Clients which pass the authentication are listed as xx xx xx xx xx xx WEB au thentication in the log table and station status would show as Authenticated on the station list table e Ifa client fails authentication xx xx xx xx xx xx WEB authentication failed shown in the log and station status is shown as Authenticating on the sta tion list table UAM authentication External 1 Ensure the Wireless Access Point can login to your Radius Server e Adda RADIUS client on RADIUS server using the IP address or name of the Wire less Access Point and the same shared key as entered on the Wireless Access Point e Ensure the Wireless Access Point has the correct address port number and shared key for login to your Radius Server These parameters are entered either on the Secu rity page or the UAM sub screen depending on the security method used 2 On your Web Server create a suitable welcome page The welcome page must have a link or button to allow the user to input their user name and password on the uamlogon htm page on the Access Point 40 Setup 3 On the Access Point s UAM screen select External Web based Authentication and enter the URL for the welcome page on your Web server Add users on your RADIUS server as required and allow access by these users 5 Client PCs must have the correct Wireless set
26. network adapter for each PC that will be wirelessly connected to the network 1 Select a suitable location for the installation of your Wireless Access Point To maximize reliability and performance follow these guidelines e Use an elevated location such as wall mounted or on the top of a cubicle e Place the Wireless Access Point near the center of your wireless coverage area e If possible ensure there are no thick walls or metal shielding between the Wireless Access Point and Wireless stations Under ideal conditions the Wireless Access Point has a range of around 150 meters 450 feet The range is reduced and transmission speed is lower if there are any obstructions between Wireless devices ET RESE HERNE POWER p d ji Figure 4 Installation Diagram Installation Use a standard LAN cable to connect the Ethernet port on the Wireless Access Point to a 10 100BaseT hub on your LAN Connect the supplied power adapter to the Wireless Access Point and a convenient power outlet and power up NOTE If you wish to use PoE Power over Ethernet refer to the following section Check the LEDs e The Status LED should flash and then turn OFF e The Power Wireless LAN and LAN LEDs should be ON For more information refer to Front Panel LEDs in Chapter 1 Using PoE Power over Ethernet The Wireless Access Point supports PoE Power over Ethernet To use PoE l 2 Do not connect the s
27. on Save e Name Enter the login name e Password Enter the desired login password e Repeat Password Re enter the desired login password Enable it can provide path redundancy while preventing undesirable loops in the network This option is only useful if the hubs switches on your LAN support the VLAN standard Define the VLAN IDs used for management Enter the name or IP address of your SNTP server This option decides whether the Daylight Saving Time is used Default it is disable Display the current time according to the selected time zone 24 Setup This feature can be used to block access to your LAN by unknown or untrusted wireless stations Click Access Control on the menu to view a screen like the following rite M Enable Access Control by MAC Address Trusted Stations Mac Address Connected Modify List Read from File Write to File Save Cancel Help Figure 15 Access Control Screen Data Access Control Screen Enable Use this checkbox to Enable or Disable this feature as desired Warning Ensure your own PC is in the Trusted Wireless Stations list before enabling this feature Trusted Stations This table lists any Wireless Stations you have designated as Trusted If you have not added any stations this table will be empty For each Wireless station the following data is displayed e MAC Address the MAC or physical address of each Wire less station e Connected
28. password Enter the User name and Password assigned to you by your network administrator and click OK Connect to 192 168 0 2 A Connecting to 192 168 0 2 User name E Password C Remember my password Figure 49 Connect Screen 4 On the first screen below select Request a certificate click Next 68 Other Settings amp Features F Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help Q ex i 2 EA Xe Search Si Favorites media Address http 192 168 0 2 certsrv Microsoft Certificate Welcome You use this web site to request a certificate for your web browser e mail client or other secure program Once you acquire a certificate you will be able to securely identify yourself to other people over the web sign your e mail messages encrypt your e mail messages and more depending upon the type of certificate you request Select a task ORetrieve the CA certificate or certificate revocation list Request a certificate O Check on a pending certificate Internet Figure 50 Wireless CA Screen 5 Select User certificate request and select User Certificate the click Next Microsoft Certificate Services Microsoft Internet Explorer BAR File Edit View Favorites Tools Help Q mx gt x E H JO search g Favorites Media Address g http 192 168 0 2 certsrv certrqus asp Microsoft Certificate Services Choose R
29. prompted for the user name and password Enter the same login name and password as used for the HTTP Web interface The default values are admin for the User Name and password for the Password Once connected you can use any of the commands listed in the following Command Reference Using the CLI Serial Port 1 Use a standard serial port cable to connect your PC to the serial RS232 port on the Wireless Access point Start your communications program For example in Windows use HyperTerminal This program may not be installed If so you can install it using Start Settings Control Panel Add or Remove Programs Then select Windows Setup or Add Remove Windows Com ponents depending on your version of Windows Configure the connection properties e Name use a suitable name such as AP e Port or Connect Using Select the Serial Port that the cable is connected to Do not select your modem e Port Settings Use 9600 N 8 1 with hardware flow control as shown below 107 Wireless Access Point User Guide COM2 Properties as None n MA Hardware Figure 75 CLI Port Settings Use the Connect command to start the connection 5 You will be prompted for a user name and password Enter the current user name and password for the AP you are connecting to The default values are admin for the User Name and password for the Password 6 You will then see the
30. shared secret as entered on the Security Settings of the Wireless Access Point Click Finish Right click on Remote Access Policies select New Remote Access Policy Assuming you are using EAP TLS name the policy eap t 1s and click Next Click Add If you don t want to set any restrictions and a condition is required select Day And Time Restrictions and click Add Select Attribute Select the type of attribute to add and then click the Add button Attribute types Called Station Id Phone number dialed by user Calling Station Id Phone number from which call originated Client Friendly Name Friendly name for the RADIUS client IAS Client IP Address IP address of RADIUS client IAS only Client Vendor Manufacturer of RADIUS proxy or NAS I Day And Time Restrictions Time periods and days of week during wh Framed Protocol The protocol to be used NAS Identifier String identifying the NAS originating the r NAS IP Address IP address of the NAS originating the requ NAS Port Type Type of physical port used by the NAS ori Service Type Type of service user has requested Tunnel Type Tunneling protocols to be used Windows Groups Windows groups that user belongs to Figure 46 Attribute Screen Click Permitted then OK Select Next 10 Select Grant remote access permission Click Next 65 Wireless Access Point User Guide 11 Click Edit Profile and select the Authentication tab Enable Extensible Authentication Proto
31. the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive Wireless On each client Wireless security must be set to WPA PSK Security e The Pre shared Key entered on the Access Point must also be entered on each Wireless client e The Encryption method e g TKIP AES must be set to match the Access Point 56 Other Settings amp Features This is the most secure and most complex system Wireless Station Configuration For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive Authentication Each client must obtain a Certificate which is used for authentication for the Radius Server Encryption All data transmission is encrypted using the WPA2 standard Keys are automatically generated so no key input is required Radius Server Configuration If using WPA with Radius mode the Radius Server on your network must be configured as follow e It must provide and accept Certificates for user authentication e There must be a Client Login for the Wireless Access Point itself e The Wireless Access Point will use its Defa
32. this indicates whether or not the Wireless station is currently associates with this Access Point Buttons Modify List To change the list of Trusted Stations Add Edit or Delete a Wireless Station or Stations click this button You will then see the Trusted Wireless Stations screen described below Read from File To upload a list of Trusted Stations from a file on your PC click this button Write to File To download the current list of Trusted Stations from the Access Point to a file on your PC click this button 25 Wireless Access Point User Guide Trusted Wireless Stations To change the list of trusted wireless stations use the Modify List button on the Access Control screen You will see a screen like the sample below Trusted Wireless Stations Other Wireless Stations 00 04 23 73 19 61 unknown Edit Select All Select None Name re Address Physical MAC address Add Clear Figure 16 Trusted Wireless Stations Data Trusted Wireless Stations Trusted Wireless This lists any Wireless Stations which you have designated as Stations Trusted Other Wireless This list any Wireless Stations detected by the Access Point which Stations you have not designated as Trusted Name The name assigned to the Trusted Wireless Station Use this when adding or editing a Trusted Station Address The MAC physical address of the Trusted Wireless Station Use this when adding or
33. updates e Group Key Update when any membership terminates if enabled the Group Key will be updated whenever any member leaves the group or disassociates from the Ac cess Point RADIUS Accounting Enable this if you want this Access Point to send accounting data to the Radius Server If enabled the port used by your Radius Server must be entered in the Radius Accounting Port field Update Report If Radius accounting is enabled you can enable this and enter the every desired update interval This Access Point will then send updates according to the specified time period 48 Setup Security Settings WPA2 with Radius This version of WPA2 requires a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using the WPA2 standard MEUM Profile Name Profile SSID wireless O 2 4G Broadcast SSID Disable Enable Wireless Separation Disable Enable VLAN ID 1 Sia Security System WPA2 with Radius Primary Radius Server Address Radius Port 1812 Shared Key Secondary Radius Server Address Radius Port 1812 Shared Key WPA Encryption AES Key Updates O Group Key Update Key Lifetime 60 minutes O Update Group Key when any membership terminates Radius Accounting O Enable Radius Accounting Radius Acco
34. used to connect Internet Security System WEP Current operate mode is Access Point Ves Do you want to change to Home Gateway mode Please finish the following basic wireless setting for you can connect the device after device change to home gateway mode SSID wireless 0 2 4G Security System WEP v Data Encryption 64 bit v Authentication Open System v WEP Keys Key input Hex 0 9 and A F ASCII Key 1 Key 2 O Key 3 O Key 4 O Figure 67 Operation Mode WEP Screen 86 Other Settings amp Features Data Security System WEP Screen WEP Data Encryption Authentication Key Input Key Value same setting Select the desired option and ensure your Wireless stations have the e 64 Bit Encryption Keys are 10 Hex 5 ASCII characters e 128 Bit Encryption Keys are 26 Hex 13 ASCII characters e 152 Bit Encryption Keys are 32 Hex 16 ASCII characters Normally you can leave this at Automatic so that Wireless Stations can use either method Open System or Shared Key If you wish to use a particular method select the appropriate value Open System or Shared Key All Wireless stations must then be set to use the same method Select Hex or ASCII depending on your input method All keys are converted to Hex ASCII input is only for convenience Enter the key values you wis
35. using Fixed specified IP addresses on your LAN instead of a DHCP Server there is no need to change the TCP IP of each PC Just configure the Wireless Access Point to match your existing LAN The following sections provide details about checking the TCP IP settings for various types of Windows should that be necessary 1 Select Control Panel Network You should see a screen like the following Network 1 1x Configuration Identification Access Control The following network components are installed NetBEUI gt PCI Fast Ethernet Adapter NetBEUI gt Dial Up Adapter s NetBEU gt Dial Up Adapter 2 VPN Support TCP IP gt Dial Up Adapter TCP IP gt Dial Up Adapter 2 VPN Support S File and printer sharing for NetWare Networks X 4 Add Remove Properties Figure 67 Network Configuration Select the TCP IP protocol for your network card 3 Click on the Properties button You should then see a screen like the following 96 Appendix B Troubleshooting TCP IP Properties 21x Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration IP Address An IP address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type itin the space below Specify an IP address Figure 68 IP Address Win 95 Ensure your TCP IP
36. 1x modes configuration is much more complex The Radius Server must be configured correctly and setup of each Wireless station is also more complex e The setting of using WPA2 PSK or WPA PSK and WPA2 PSK is similar to the setting of using WPA PSK so only describes the setting method of WPA PSK below e The setting of usingWPA2 with radius WPA and WPA2 with radius is similar to the setting of using WPA with radius so only describes the setting method of WPA with ra dius below For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive Wireless e Each Wireless station must be set to use WEP data encryption Security e The Key size 64 bit 128 bit 152 bit must be set to match the Access Point e The keys values on the PC must match the key values on the Access Point Note On some systems the key sizes may be shown as 40bit 104bit and 128bit instead of 64 bit 128 bit and 152bit This difference arises be cause the key input by the user is 24 bits less than the key size used for encryption Wireless Access Point User Guide For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC
37. 21 125 5 DNS 172 126 1 DHCP Server Start IP Address 2 End IP Address DHCP Relay mn a MN rar DHCP Server address LILES O Enable WINS WINS Server Name IP Address Supplicant Authentication via MAC Address ABE O Enable 802 1 Supplicant on Ethernet Network Authentication via Name and Password Set Change Name and Password Name SCOCBG6E Password Repeat Password STP Enable Spanning Tree Protocol 802 1d RE O Enable VLAN pt Management VLAN ID SAUGA SNTP Server Address UZLE GMT UK GreenWich Casablanca Monrovia O Adjust for Daylight Saving Time Current Time 2008 Aug 27 03 17 07 GMT Figure 14 System Screen 22 Setup Data System Screen Identification Access Point Name Description Country Domain IP Address DHCP Client Fixed IP Address DHCP Server DHCP Relay WINS Enable WINS Enter a suitable name for this Access Point If desired you can enter a description for the Access Point Select the country or domain matching your current location Select this option if you have a DHCP Server on your LAN and you wish the Access Point to obtain an IP address automatically If selected the following data must be entered e IP Address The IP Address of this device Enter an unused IP ad
38. 802 11g 802 11b WPA Wireless Access Point User Guide TABLE OF CONTENTS CHAPTER 1 INTRODUCTION vistvccssccccesccsestescacccesbicioevescsdessoncesstvescosecscncesceveteacseveocedessssvesest 1 Features of your Wireless Access POint cscscssscssscssccscscscssscssccssecssssscssssssssesseeees 1 PACKAGE Contents sscascsrsdssserscecscessassoosecseseseaesdacsoosoasseusosssossoonscessaassanssenessvaesoassnasoonscesscasous 4 Physical Details i cccsccccdssesccecsosssecsscescsecsonsecsds cwassoosensscssdasesonsensdecseanseasosvscusscnastecsoviecssdewas oes 4 CHAPTER 2 INSTALLATION secssescsvesssscssescestsvessssssectostesctsecsoncescevesdesesdensesdeversecscseostscessssasens 6 REQUIFEMENES inosensia seee ns aE o ar n ESE TESEO koo s e S 6 Procedure CHAPTER 3 ACCESS POINT SETUP sissiescssssvessssnsssccsescesestoncesssvescoseoscsescevescococveossucssessasees 9 OVEDVIOW OIE EE NEIE EA E T EEA E 9 Setup using the Windows Utility eseesseseosossesoesseseosesoossescosoeseosossesoessesoesoeseosossessossesossse 9 Setup using a Web BrOWSer sessessesseseosoesesoossesoesoescosoesessossesoessesoesoesessescesossessossessossesose 12 CHAPTER frennen ran aN NANN NNNNA 14 OPERATION AND STATUS esesessssesosocsosossescsococsosossesosocoosososeesosocsososssscsosocsosossesesosossosossese 14 OperatioM sincssssczsdcssissacsscenscessesssesesontesessossoosdsenssessoussonscestacstnadsuncoesssbasdonsdaoscssesascas ssnseuases 14 Status
39. Access Point can detect unauthorized Rouge Access Points on your LAN Access Control The Access Control feature can check the MAC address of Wireless clients to ensure that only trusted Wireless Stations can use the Wireless Access Point to gain access to your LAN Password protected Configuration Optional password protection is provided to prevent unauthorized users from modifying the configuration data and settings Introduction Advanced Features Auto Configuration The Wireless Access Point can perform self configuration by copying the configuration data from another Access Point This feature is enabled by de fault Auto Update The Wireless Access Point can automatically update its firmware by downloading and installing new firmware from your FTP server Command Line Interface If desired the command line interface CLI can be used for configuration This provides the possibility of creating scripts to perform common con figuration changes NetBIOS amp WINS Support Support for both NetBIOS broadcast and WINS Win dows Internet Naming Service allows the Wireless Access Point to easily fit into your existing Windows network Radius Accounting Support If you have a Radius Server you can use it to provide accounting data on Wireless clients Syslog Support If you have a Syslog Server the Wireless Access Point can send its log data to your Syslog Server SNMP Support SNMP Simple Network Management Protocol is su
40. C The current status is displayed mudentcatlon Click the Configure button to configure this feature if required UAM The current status is displayed Click the Configure button to configure this feature if required 43 Wireless Access Point User Guide Security Settings WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and changes frequently Profile Security Radius MAC Authentication UAM Profile Name Profile00 SSID wireless 0 2 4G Broadcast SSID Disable Enable Wireless Separation Disable Enable VLAN ID 1 Security System WPA PSK zj Network Key sry WPA Encryption TKIP Key Updates O Group Key Update Key Lifetime minutes O Update Group Key when any membership terminates Disabled Configure Current Status Disabled Configure Current Status Figure 26 WPA PSK Wireless Security Data WPA PSK Screen WPA PSK Network Key Enter the key value Data is encrypted using a 256Bit key derived WPA Encryption Group Key Update Key Lifetime Update Group key when any membership terminates from this key Other Wireless Stations must use the same key The encryption method is TKIP Wireless Stations must also use TKIP This re
41. Each user must authenticate on the Radius Server This is usually done using digi tal certificates Each user s wireless client must support 802 1x and provide the Radius authentica tion data when required All data transmission is encrypted using the WPA2 standard Keys are automati cally generated so no key input is required WPA and WPA2 with Radius EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using EITHER WPA or WPA2 standard If this option is selected This Access Point must have a client login on the Radius Server Each user must authenticate on the Radius Server This is usually done using digi tal certificates Each user s wireless client must support 802 1x and provide the Radius authentica tion data when required All data transmission is encrypted using EITHER WPA or WPA2 standard Keys are automatically generated so no key input is required 802 1x This uses the 802 1x standard for client authentication and WEP for data encryp tion If possible you should use WPA 802 1x instead because WPA encryption is much stronger than WEP encryption If this option is selected 36 Setup This Access Point must have a client login on the Radius Server Each user must have a user login on the Radius Server Each user s wireless client must support 802 1x and provide the login data when
42. Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting To work correctly you need a DHCP server on your LAN Using a fixed IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 103 Appendix D About Wireless LANs Wireless networks have their own terms and jargon It is necessary to understand many of these terms in order to configure and operate a Wireless LAN Modes Wireless LANs can work in either of two 2 modes e Ad hoc e Infrastructure Ad hoc Mode Ad hoc mode does not require an Access Point or a wired Ethernet LAN Wireless Sta tions e g notebook PCs with wireless cards communicate directly with each other Infrastructure Mode In Infrastructure Mode one or more Access Points are used to connect Wireless Stations e g Notebook PCs with wireless cards to a wired Ethernet LAN The Wireless Stations can then access all LAN resources Access Points can only function in Infrastructure mode and can communicate only with Wireless Stations which are Note setto Infrastructure mode SSID ESSID BSS SSID A group of Wireless Stations and a single Access Point all using the sam
43. Keyinput Hex 0 9 and A F ASCII Key 1 0 Key 2 0 Key 3 0 Key 4 0 Passphrase Radius MAC f Confi Authentication Sarna Disabled seal Current Status Disabled Figure 25 WEP Wireless Security 42 Setup Data WEP Screen WEP Data Select the desired option and ensure your Wireless stations have the Encryption same setting e 64 Bit Encryption Keys are 10 Hex 5 ASCII characters e 128 Bit Encryption Keys are 26 Hex 13 ASCII characters e 152 Bit Encryption Keys are 32 Hex 16 ASCII characters Authentication Normally you can leave this at Automatic so that Wireless Stations can use either method Open System or Shared Key If you wish to use a particular method select the appropriate value Open System or Shared Key All Wireless stations must then be set to use the same method Key Input Select Hex or ASCII depending on your input method All keys are converted to Hex ASCII input is only for convenience Key Value Enter the key values you wish to use The default key selected by the radio button is required The other keys are optional Other stations must have matching key values Passphrase Use this to generate a key or keys instead of entering them directly Enter a word or group of printable characters in the Passphrase box and click the Generate Key button to automatically configure the WEP Key s Radius MA
44. LVICW EE A EE ET 104 Wireless LAN Terminology esssssseresecsesosoeseseccceosoeoesececceroroeoesececoesoroesesecoceesoroesececoeeesoe 104 APPENDIX E COMMAND LINE INTERFACE esesesoseresesosororororororororororororosererororesereesese 107 DAT E A TA ERT A E P T 107 Command Reference scsscccccscoscscesssscsssscssssscescsssnessssnessesssssessssssessssnessessessossossoes 108 Chapter 1 Introduction This Chapter provides an overview of the Wireless Access Point s features and capabilities Congratulations on the purchase of your new Wireless Access Point The Wireless Access Point links your 802 11g or 802 11b Wireless Stations to your wired LAN The Wireless stations and devices on the wired LAN are then on the same network and can communicate with each other without regard for whether they are connected to the network via a Wireless or wired connection Wireless Stations Wireless Access Point A Wired Lan Figure 1 Wireless Access Point The auto sensing capability of the Wireless Access Point allows packet transmission up to 54Mbps for maximum throughput or automatic speed reduction to lower speeds when the environment does not permit maximum throughput The Wireless Access Point incorporates many advanced features carefully designed to provide sophisticated functions while being easy to use e Standards Compliant The Wireless Router complies with the IEEE802 11g DSSS specifications for Wireless LANs e
45. PA PSK and WPA2 PSK Wireless Security Data WPA PSK and WPA2 PSK Screen WPA PSK and WPA2 PSK Network Key Enter the key value Data is encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key WPA Encryption The encryption method is TKIP for WPA PSK and AES for WPA2 PSK Key Updates These settings determine how often keys are changed e Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly and enter the desired time period Key Lifetime between key updates e Group Key Update when any membership terminates If enabled the Group Key will be updated whenever any member leaves the group or disassociates from the Access Point 46 Setup Security Settings WPA with Radius This version of WPA requires a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using the WPA standard AGILE Profile Name Profile SSID wireless 0 2 4G Broadcast SSID Disable Enable Wireless Separation Disable Enable VLAN ID 1 Security Security System WPA with Radius he Primary Radius Server Address Radius Port 1812 Shared Key Secondary Radius Server Address Radius Port 1812 Shared Key WPA Encryption TKIP Key U
46. Screen 6 Select the Group Policy tab choose Default Domain Policy then click Edit Up Bown f Figure 42 Group Policy Tab 7 Select Computer Configuration Windows Settings Security Settings Public Key Policies right click Automatic Certificate Request Settings New Automatic Certificate Request 63 Wireless Access Point User Guide gf Group Policy action view e gt im e Tree Default Domain Policy swpa dell2k swpa sercomm com tw P ic B Computer Configuration m Software Settings Windows Settings 5 Scripts Startup Shutdown Sp Security Settings amp Account Policies gj Local Policies 99 Event Log Restricted Groups m 9 system Services amp a Registry GG File System Public Key Policies w Encrypted Data Recovery Agents ma pAutomatic Certificat a5 E Trusted Root Certification Authorities ew Automatic Certificate Request Enterprise Trust 3 IP Security Policies on Active Directory m Administrative Templates a 2 User Configuration w Software Settings H Windows Settings E E Administrative Templates 4 Create anew Automatic Certificate Request object and add it to the Security Configuration Editor Pstart 2 A A cipboardoa 1r active directory EPGroup Policy B EKA ma 2 56PM Figure 43 Group Policy Screen 8 When the Certificate Request Wizard appears click Next 9 Select Computer and t
47. Supports both 802 11b and 802 11g Wireless Stations The 802 11g standard provides for backward compatibility with the 802 11b standard so both 802 11b and 802 11g Wireless stations can be used simultaneously e 108Mbps Wireless Connections On both the 2 4GHz 802 11b amp 802 11g and 5GHz 802 11a bands 108Mbps connections are available to compatible clients Wireless Access Point User Guide Bridge Mode Support The Wireless Access Point can operate in Bridge Mode con necting to another Access Point Both PTP Point to Point and PTMP Point to Multi Point Bridge modes are supported And you can even use both Bridge Mode and Access Point Mode simultaneously Client Repeater Access Point The Wireless Access Point can operate as a Client or Repeater Access Point sending all traffic received to another Access Point Simple Configuration If the default settings are unsuitable they can be changed quickly and easily DHCP Client Support Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request The Wireless Access Point can act as a DHCP Client and obtain an IP address and related information from your existing DHCP Server Upgradeable Firmware Firmware is stored in a flash memory and can be upgraded easily using only your Web Browser Security Features Security Profiles For maximum flexibility wireless security settings are stored in Security Profiles Up to 8 Security profi
48. able Set Rogue AP Detection Enable Disable Set Minutes of every Rogue AP Detection Range 3 99 Set Rogue AP Detection band s Set Rogue AP definition Set Rogue AP Detection SNMP Trap Enable Disable Add Delete one AP MAC OUI into from Rogue AP Legal List Set Auto Config Enable Disable Set Respond to Auto Config request Enable Disable Set provide admin login name and password Enable Disable Set Provide respond to Auto Config request Enable Disable Set Auto Update Enable Disable Set Install later version only Enable Disable Set Auto Update Interval 1 31days Set FTP Server address Set Firmware Pathname Set FTP Login Name Set FTP Password Set active Current Profile Set Profile Name Set Profile Vlan Id Set AP s Primary Profile Set WDS s Primary Profile Set Security Mode Set Accounting Enable Disable Set Accounting port number Set Encryption Key Value Set Encryption Key Length 117 Wireless Access Point User Guide set keylndex set UAM set UAMMethod set UAMLoginURL set UAMLoginFailURL set macAuth set snmpMode set snmpCommunity set snmpAccessRight set snmpAnyStaMode set snmpStationIPAddr set trapMode set trapVersion set trapSendMode set trapRecvip set description set dhcpMode set wdsMacList set enableWirelessClient set isolationType set winsEnable set winsServerAddr set wirelessSeparate set sdSet set sdAdd set sdDel start wlan stop wlan timeofday version Set Encryption K
49. admin connections via HTTPS secure HTTP If enabled you must provide a port number in the field below Either HTTP or HTTPS must be enabled HTTPS Port Number Enter the port number to be used for HTTPS connections to this device The default value is 443 Enable Telnet Auto Reboot Reboot Interval If desired you can enable this option If enabled you will able to connect to this AP using a Telnet client You will have to provide the same login data user name password as for a HTTP Web connection Enter the interval time by which the AP will auto Reboot zero means auto Reboot has disabled The default value is 0 76 Other Settings amp Features The Auto Config Update screen provides two 2 features e Auto Config The Access Point will configure itself by copying data from another compatible Access Point e Auto Update The Access Point will update it Firmware by downloading the Firmware file from your FTP Server ieee I Perform Auto Configuration on this AP next restart F Respond to Auto configuration request by other AP Provide admin login name and password F Provide Respond to Auto configuration setting l Check for Firmware upgrade every 1 days Install FV if different version found Install later version only FTP Server address OO N Firmware pathname E FTP Login Name E FTP Password e Cancel Help Figure 60 Auto Config Update Screen Data Auto Config U
50. assword to the Wireless Access Point This password limits access to the configuration interface The default password is password It is recommended that this be changed using this screen User Name admin O Change Admin Password New Password Repeat New Password SUUE Allow Admin connections via wired Ethernet only ae M Enable HTTP Admin connections HTTP Port Number 80 O Enable HTTPS secure HTTP Admin connnections HTTPS Port Number M Enable Management via Telnet BUSES Reboot Interval 0 999 hours 0 Save Cancel Help Figure 59 Admin Login Screen 75 Wireless Access Point User Guide Data Admin Login Screen Login User Name Enter the login name for the Administrator Change Admin Password If you wish to change the Admin password check this field and enter the new login password in the fields below New Password Enter the desired login password Repeat New Password Admin Connections Allow Admin connections via wired Ethernet only Re enter the desired login password If checked then Admin connections via the Wireless interface will not be accepted Enable HTTP Enable this to allow admin connections via HTTP If enabled you must provide a port number in the field below Either HTTP or HTTPS must be enabled HTTP Port Number Enter the port number to be used for HTTP connections to this device The default value is 80 Enable HTTPS Enable this to allow
51. aves the group or disassociates from the Ac cess Point RADIUS Accounting Enable this if you want this Access Point to send accounting data to the Radius Server If enabled the port used by your Radius Server must be entered in the Radius Accounting Port field Update Report every If Radius accounting is enabled you can enable this and enter the desired update interval This Access Point will then send updates according to the specified time period 50 Setup Security Settings WPA and WPA2 with Radius EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authenti cation according to the 802 1x standard Data transmissions are encrypted using EITHER WPA or WPA2 standard Profile Name Profile0O SSID wireless 0 2 4G Broadcast SSID Disable Enable Wireless Separation Disable Enable VLAN ID 1 Security Security System WPA and WPA2 with Radius Primary Radius Server Address Radius Port 1812 Shared Key Secondary Radius Server Address Radius Port 1812 Shared Key VPA Encryption TKIP AES Key Updates O Group Key Update Key Lifetime 50 minutes O Update Group Key when any membership terminates Radius Accounting O Enable Radius Accounting Radius Accounting Port 1813 Update Report every 5 Minutes Radius
52. boot The number of Authentication packets received Authentication is the process of identification between the AP and the client De authentication The number of De authentication packets received De authentication is the process of ending an existing authentication relationship Association The number of Association packets received Association creates a connection between the AP and the client Usually clients associ ate with only one 1 AP at any time Disassociation The number of Disassociation packets received Disassociation breaks the existing connection between the AP and the client 17 Wireless Access Point User Guide Re association The number of Re association packets received Re association is the service that enables an established association between AP and client to be transferred from one AP to another or the same AP Wireless MSDU Number of valid Data packets transmitted to or received from Wireless Stations at application level Data Number of valid Data packets transmitted to or received from Wireless Stations at driver level Multicast Packets Number of Broadcast packets transmitted to or received from Wireless Stations using Multicast transmission Management Number of Management packets transmitted to or received from Wireless Stations Control Number of Control packets transmitted to or received from Wire less Stations 18
53. cess Points is 5 Channels e g use Channels and 6 or 6 and 11 e In Infrastructure mode Wireless Stations normally scan all Channels looking for an Access Point If more than one Access Point can be used the one with the strongest signal is used This can only happen within an ESS e Ifusing Ad hoc mode no Access Point all Wireless stations should be set to use the same Channel However most Wireless stations will still scan all Channels to see if there is an existing Ad hoc group they can join WEP WEP Wired Equivalent Privacy is a standard for encrypting data before it is transmitted This is desirable because it is impossible to prevent snoopers from receiving any data which is transmitted by your Wireless Stations But if the data is encrypted then it is meaningless unless the receiver can decrypt it If WEP is used the Wireless Stations and the Wireless Access Point must have the same settings WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and changes frequently WPA 802 1x WPA 802 1x This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA standard If this option is used e The Access Point must ha
54. ch are allowed to connect to this AP To specify the allowed APs e Enable this checkbox e Click the button Set PTMP APs e On the resulting sub screen enter the MAC addresses of the allowed APs Set PTMP APs Use this to open a sub window where you can specify the MAC addresses of the APs which are allowed to connect to this AP This is only functional if using Point to Multi Point Bridge PTMP mode and you has enabled the checkbox In PTMP mode only allow specified APs Parameters Channel No e If Automatic is selected the Access Point will select the best available Channel e Ifyou experience interference shown by lost connections and or slow data transfers you may need to experiment with manually setting different channels to see which is the best Current Channel No This displays the current channel used by the Access Point 30 Setup Clicking the Advanced link on the menu will result in a screen like the following EEOC Basic Rate Selection 802 11b 1 2 5 5 11 Mbps x Options Data Rate Best v O Worldwide Mode 802 11d O XR eXtended Range O Network Integrality Check O Enable WMM Wi Fi Multimedia Support No Acknowledgement EEUGGEI Disassociated Timeout 5 Minutes 1 99 Fragmentation Length 2346 256 2346 Default 2346 Beacon Interval 100 20 1000 Default 100 RTS CTS Threshold 2346 _s 256 2346 Default 2346 Preamble Type Short
55. cified Firmware Version Version 1 0 Release 05 mteidiia IP Address 172 25 5 170 Subnet Mask 255 255 254 0 Gateway 172 25 5 248 DHCP Client Enabled EBSA BSSID MAC Address 00 C0 02 0C B6 6E Channel Frequency 6 Automatic Wireless Mode 802 11b and 802 119 AP Mode Access Point Bridge Mode None disable Figure 8 Status Screen 14 Data Status Screen Access Point Access Point Name Setup The current name will be displayed MAC Address The MAC physical address of the Wireless Access Point Domain The region or domain as selected on the Basic Wireless screen Firmware Version The version of the firmware currently installed TCP IP IP Address The IP Address of the Wireless Access Point Subnet Mask The Network Mask Subnet Mask for the IP Address above Gateway Enter the Gateway for the LAN segment to which the Wireless Access Point is attached the same value as the PCs on that LAN segment DHCP Client This indicates whether the current IP address was obtained from a DHCP Server on your network It will display Enabled or Disabled 2 4 GHz Wireless BSSID The name of BSS is displayed usually the value of BSSID is equal to the MAC address of wireless for AP Channel Frequency The Channel currently in use is displayed Wireless Mode The current mode e g 802 11g is displayed AP Mode The current Access Point mode is displayed Bridge Mode The curr
56. col and select Smart Card or other Certificate Deselect other authentication meth ods listed Click OK Smart Card or other Certificate Figure 47 Authentication Screen 12 Select No if you don t want to view the help for EAP Click Finish 66 Other Settings amp Features 1 Select Start Programs Administrative Tools Active Directory Users and Computers 2 Double click on the user who you want to enable 3 Select the Dial in tab and enable Allow access Click OK alex Properties J Verify CallertD Figure 48 Dial in Screen 67 Wireless Access Point User Guide Windows XP ships with a complete 802 1x client implementation If using Windows 2000 you can install SP3 Service Pack 3 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to your vendor s documentation for setup instructions The following instructions assume that e You are using Windows XP e You are connecting to a Windows 2000 server for authentication e You already have a login User name and password on the Windows 2000 server Client Certificate Setup 1 Connect to a network which doesn t require port authentication 2 Start your Web Browser In the Address box enter the IP address of the Windows 2000 Server followed by certsrv e g http 192 168 0 2 certsrv 3 You will be prompted for a user name and
57. copy of current settings AGGI Restore saved settings from a file File Ca BOELES Revert to factory default settings Figure 61 Config File Screen Data Config File Screen Backup Save a copy of cur rent settings Restore Restore saved settings from a file Once you have the Access Point working properly you should back up the settings to a file on your computer You can later restore the Access Point s settings from this file if necessary To create a backup file of the current settings e Click Back Up e Ifyou don t have your browser set up to save downloaded files automatically locate where you want to save the file rename it if you like and click Save To restore settings from a backup file 1 Click Browse 2 Locate and select the previously saved backup file 3 Click Restore 79 Wireless Access Point User Guide Defaults Revert to factory default settings To erase the current settings and restore the original factory default settings click Set to Defaults button Note e This will terminate the current connection The Access Point will be unavailable until it has restarted e By default the Access Point will act as a DHCP client and automatically obtain an IP address You will need to deter mine its new IP address in order to re connect 80 Other Settings amp Features If you have a Syslog Server on your LAN this screen allows you to configure the Acce
58. creen Save to file Save the log to a file on your pc Clear Log This will delete all data currently in the Log This will make it easier to read new messages Close Close this screen 20 Stations Setup This screen is displayed when the Stations button on the Status screen is clicked Name MAC Address Mode Signal SSID Status Figure 13 Station List Screen Data Station List Screen Station List Name The name of each Wireless Station is displayed If the name is not know unknown is displayed for the name MAC Address The MAC physical address of each Wireless Station is displayed Mode The mode of each Wireless Station Signal This indicates the signal strength of each Wireless Station SSID This displays the SSID used the Wireless station Because the Wire less Access Point supports multiple SSIDs different PCs could connect using different SSIDs Status This indicates the current status of each Wireless Station Refresh Button Update the data on screen 21 Wireless Access Point User Guide Click System on the menu to view a screen like the following RULE Access Point Name SCOCB66E Description Country or Domain Select One v MAC Address 00 C0 02 0C B6 6E ELICEI DHCP Client Fixed IP Address IP address 172 25 5 Subnet Mask 255 255 254 0 Gateway 17
59. ddress of the Radius Address Server on your network Radius Port If this field is visible enter the port number used for connections to the Radius Server Client Login Name If this field is visible it displays the name used for the Client Login on the Radius Server This Login name must be created on the Radius Server Shared Key If this field is visible it is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server WEP Key If this field is visible it is for the WEP key used to encrypt data transmissions to the Radius Server Enter the desired key value in HEX and ensure the Radius Server has the same value WEP Key Index If this field is visible select the desired key index Any value can be used provided it matches the value on the Radius Server 39 Wireless Access Point User Guide UAM UAM Universal Access Method is intended for use in Internet cafes Hot Spots and other sites where the Access Point is used to provide Internet Access If enabled then HTTP TCP port 80 connections are checked UAM only works on HTTP connections all other traffic is ignored If the user has not been authenticated Internet access is blocked and the user is re directed to another web page Typically this web page is on your Web server and explains how to pay for and obtain Internet access To use UAM you need a Radius Server for Authentication The Ra
60. dius Server Setup must be completed before you can use UAM The required setup depends on whether you are using Internal or External authentication e Internal authentication uses the web page built into the Wireless Access Point e External authentication uses a web page on your Web server Generally you should use External authentication as this allows you to provide relevant and helpful information to users UAM authentication Internal 1 Ensure the Wireless Access Point can login to your Radius Server e Adda RADIUS client on RADIUS server using the IP address or name of the Wire less Access Point and the same shared key as entered on the Wireless Access Point e Ensure the Wireless Access Point has the correct address port number and shared key for login to your Radius Server These parameters are entered either on the Secu rity page or the UAM sub screen depending on the security method used 2 Add users on your RADIUS server as required and allow access by these users 3 Client PCs must have the correct Wireless settings in order to associate with the Wireles Access Point 4 When an associated client tries to use HTTP TCP port 80 connections they will be re directed to a user login page 5 The client user must then enter the user name and password as defined on the Radius Server You must provide some system to let users know the correct name and password to use 6 Ifthe user name and password
61. dress from the address range on your LAN e Subnet Mask The Network Mask associated with the IP Address above Enter the value used by other devices on your LAN e Gateway The IP Address of your Gateway or Router Enter the value used by other devices on your LAN e DNS Enter the DNS Domain Name Server used by PCs on your LAN The Wireless Access Point can act as a DHCP Server and provide a dynamic IP address to PCs and other devices upon request If there is no DHCP Server in your LAN you can enable this AP register with another DHCP Server which is in other LAN If your LAN has a WINS server you can enable this to have this AP register with the WINS server 23 Wireless Access Point User Guide WINS Server Name IP Address 802 1X Supplicant Enable 802 1X Supplicant Authentication Set Change Name and Password STP VLAN Enable VLAN Management VLAN ID SNTP SNTP Server Address Time zone Adjust for Day light Saving Time Current Time Enter the name or IP address of your WINS server Enable it if your network requires this AP to use 802 X authentica tion e Authentication via MAC Address Select this if you want to Use MAC Address for Authentication e Authentication via Name and Password Select this if you want to Use name and password for Authentication Enable this if you want to change the name and password If this is not checked the name and password fields are ignored
62. e Community Managers Any Station Only this Station 2 Disable Broadcast Send to Trap Version Save Cancel Help Figure 64 SNMP Screen Data SNMP Screen General Enable SNMP Use this to enable or disable SNMP as required SNMP Version Select the SNMP Version Read Only Com Enter the string for read only community in which the data can be munity read only but cannot be changed usually we use either Public or Read Write Com munity Private Enter the string for read write community in which the data can be read or set changed usually we use either Public or Private Managers Any Station The IP address of the manager station is not checked Only this station The IP address is checked and must match the address you enter in the IP address field provided If selected you must enter the IP address of the required station Traps Disable Traps are not used Broadcast Select this to have Traps broadcast on your network This makes them available to any PC Send to Select this to have Trap messages sent to the specified PC only If selected you must enter the IP Address of the desired PC 83 Wireless Access Point User Guide Trap version Select the desired option as supported by your SNMP Management program 84 Other Settings amp Features The firmware software in the Wireless Access Point can be upgraded using your Web Browser You must first download the upgrade file
63. e ID SSID form a Basic Service Set BSS Using the same SSID is essential Devices with different SSIDs are unable to communi cate with each other However some Access Points allow connections from Wireless Stations which have their SSID set to any or whose SSID is blank null ESS ESSID A group of Wireless Stations and multiple Access Points all using the same ID ESSID form an Extended Service Set ESS 104 Appendix B Troubleshooting Different Access Points within an ESS can use different Channels To reduce interference it is recommended that adjacent Access Points SHOULD use different channels As Wireless Stations are physically moved through the area covered by an ESS they will automatically change to the Access Point which has the least interference or best perform ance This capability is called Roaming Access Points do not have or require Roaming capabilities Channels The Wireless Channel sets the radio frequency used for communication e Access Points use a fixed Channel You can select the Channel used This allows you to choose a Channel which provides the least interference and best performance For 802 11g 13 channels are available in the USA and Canada but 1 1channels are available in North America if using 802 11b e Ifusing multiple Access Points it is better if adjacent Access Points use different Chan nels to reduce interference The recommended Channel spacing between adjacent Ac
64. e menu to apply your changes and restart the Wireless Access Point Setup is now complete Wireless stations must now be set to match the Wireless Access Point See Chapter 4 for details If you can t connect It is likely that your PC s IP address is incompatible with the Wireless Access Point s IP address This can happen if your LAN does not have a DHCP Server The default IP address of the Wireless Access Point is 192 168 0 228 with a Network Mask of 255 255 255 0 If your PC s IP address is not compatible with this you must change your PC s IP address to an unused value in the range 192 168 0 1 192 168 0 254 with a Network Mask of 255 255 255 0 See Appendix C Windows TCP IP for details for this procedure 13 Chapter 4 Operation and Status This Chapter details the operation of the Wireless Access Point and the status screens Once both the Wireless Access Point and the PCs are configured operation is automatic However you may need to perform the following operations on a regular basis e If using the Access Control feature update the Trusted PC database as required See Access Control in Chapter 3 for details e If using 802 1x mode update the User Login data on the Windows 2000 Server and configure the client PCs as required Use the Status link on the main menu to view this screen attains Access Point Name SCOCB66E MAC Address 00 C0 02 0C B6 6E Domain Unspe
65. ected you must provide the address MAC ad dress of the other AP in the Repeater AP MAC Address field In this mode all traffic is sent to the specified AP Universal Client act as a universal client for another Access Point It different from general WDS Client Universal Client function has more flexible compatibility when it work with others Brand wireless device If selected you must provide the address MAC address of the other AP in the Remote AP MAC Address field In this mode all traffic is sent to the specified AP Universal Repeater act as a universal repeater for another Access Point It different from general WDS Repeater Universal Repeater function has more flexible compatibility when it work with others Brand wireless device If selected you must provide the address MAC address of the other AP in the Remote AP MAC Address field In this mode all traffic is sent to the speci fied AP Note If using Client Repeater mode Universal Client mode or Uni versal Repeater mode you cannot use Bridge Mode Remote AP MAC Address This is not required unless the AP Mode is Client Repeater Univer sal Client or Universal Repeater In this mode you must provide the MAC address of the partner AP in this field You can either enter the MAC address directly or if the partner AP is on line and broadcasting its SSID you can click the Select AP button and select it from a list of available AP Bridge Mode
66. ecurity method used On the Access Point enable the Radius based MAC authentication feature on the screen below 2 Add Users on the Radius server as required The username must be the MAC address of the Wireless client you wish to allow and the password must be blank 3 When clients try to associate with the Access Point their MAC address is passed to the Radius Server for authentication If successful xx xx xx xx xx xx MAC authentication is entered in the log and client station status would show as authenticated on the station list table If not successful xx xx xx xx xx xx MAC authentication failed is en tered in the log and station status is shown as authenticating on the station list table 38 Setup Radius based MAC authentication Screen This screen will look different depending on the current security setting If you have already provided the address of your Radius server you won t be prompted for it again Otherwise you must enter the details of your Radius Server on this screen O Enable Radius based MAC authentication Radius Server Address Radius Port 1812 Client Login Name SCOA5F10 Shared Key p i Cancel Help Close Figure 23 Radius based MAC Authentication Screen Data Radius based MAC Authentication Screen Enable Enable this if you wish to Radius based MAC authentication Radius Server If this field is visible enter the name or IP a
67. editing a Trusted Station Buttons lt lt Add a Trusted Wireless Station to the list move from the Other Stations list e Select an entry or entries in the Other Stations list and click the lt lt button e Enter the Address MAC or physical address of the wireless station and click the Add button gt gt Delete a Trusted Wireless Station from the list move to the Other Stations list e Select an entry or entries in the Trusted Stations list e Click the gt gt button Select All Select all of the Stations listed in the Other Stations list Select None De select any Stations currently selected in the Other Stations list 26 Setup To change an existing entry in the Trusted Stations list select it Edit and click this button 1 Select the Station in the Trusted Station list 2 Click the Edit button The address will be copied to the Address field and the Add button will change to Update 3 Edit the address MAC or physical address as required 4 Click Update to save your changes Add To add a Trusted Station which is not in the Other Wireless Stations list enter the required data and click this button Clear Clear the Name and Address fields 27 Wireless Access Point User Guide There are four 4 configuration screens available e Basic Settings e Advanced e QOS e Security Profiles The settings on this screen must match the sett
68. ent Bridge mode is displayed Buttons Profile Status Click this to open a sub window which displays further details about each security profile 2 4 GHz Statistics Click this to open a sub window where you can view Statistics on data transmitted or received by the Access Point Remote AP Status Click this to open a sub window where you can view further information about each Remote AP It only can be used when the device work in WDS mode Log Click this to open a sub window where you can view the log re start the log or save the current log to a file Stations Click this to open a sub window where you can view the list of all current Wireless Stations using the Access Point 15 Wireless Access Point User Guide Profile Status The Security Profile Status screen is displayed when the Profile Status button on the Status screen is clicked Name SSID Broadcast VLAN ID Security Status Clients Profile00 wireless 0 24G Enabled 1 None Enabled 0 ProfileO1 wireless 1 24G Enabled 2 None Disabled 0 Profile02 wireless 2 24G Enabled 3 None Disabled 0 Profile03 wireless 3 24G Enabled 4 None Disabled 0 Profile04 wireless 4 24G Enabled 5 None Disabled 0 Profile0S wireless 5 24G Enabled 6 None Disabled 0 Profile06 wireless 6 24G Enabled 7 None Disabled 0 ProfileO wireless 7 24G Enabled 8 None Disabled 0 Figure 9 Security Profile Screen For each profile the following data is displayed
69. equest Type Please select the type of request you would like to make User certificate request Advanced request Internet Figure 51 Request Type Screen 6 Click Submit 69 Wireless Access Point User Guide 4 Microsoft Certificate Services Microsoft Internet Explorer DAR File Edit View Favorites Tools Help kid Q x b x a H Search Py Favorites Media Address http 192 168 0 2 certsrv certrqbi asp type 0 Links gt Microsoft Certificate Services VWirelessCA User Certificate Identifying Information All the necessary identifying information has already been collected You may now submit your request Internet Figure 52 Identifying Information Screen 7 A message will be displayed and then the certificate will be returned to you Click Install this certificate Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help Q ex x x a EA P Search y Favorites media K Address http 192 168 0 2 certsrv certfnsh asp Microsoft Certifica Certificate Issued The certificate you requested was issued to you Install this certificate Internet Figure 53 Certificate Issued Screen 8 You will receive a confirmation message Click Yes 70 Root Certificate Store nN Do you want to ADD the following certificate to the Root Store Other Settings amp Features Subject WirelessCA Syste
70. ey Index Set UAM Authentication Enable Disable Set UAM Authentication Method Set UAM Authentication Login URL Set UAM Authentication Login Fail URL Set Mac Authentication Enable Disable Set SNMP Mode Set SNMP Community Name Set SNMP Access Right Set SNMP Any Station Mode Set SNMP Station Address Set Trap Mode Set Trap Version Set Trap Send Mode Set Trap Receiver IP Set Access Point Description Set Dhcp Mode Set WDS Mac Address List Set Wireless Client Enable Disable Set Isolation Type Set WINS Server Enable Disable Set WINS Server IP address Set wireless separate Mode Set debug level Add debug level Del debug level Start the current wlan Stop the current wlan Display Current Time of Day Software version 118
71. fers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly This field determines how often the Group key is dynamically updated Enter the desired value If enabled the Group key will be updated whenever any member leaves the group or disassociates from the Access Point Radius MAC The current status is displayed This will always be Disabled Authentication because Radius MAC Authentication is not available with WPA PSK The Configure button for this feature will also be disabled UAM The current status is displayed This will always be Disabled because UAM is not available with WPA PSK The Configure button for this feature will also be disabled 44 Setup Security Settings WPA2 PSK This is a further development of WPA PSK and offers even greater security using the AES Advanced Encryption Standard method of encryption MEU Profile Name Profile00 SSID wireless 0 2 4G Broadcast SSID Disable Enable Wireless Separation Disable O Enable VLAN ID 1 SAWA Security System WPA2 PSK x Network Key WPA Encryption AES Key Updates O Group Key Update Key Lifetime 5 minutes O Update Group Key when any membership terminates Radius MAC Authentication UAM Current Status Disabled Configure Current Status Disabled Configure Figure 27 WPA2 PSK Wireless Security
72. gger Threshold for CCK Phy Errors for ANI Control Display Lower Trigger Threshold for CCK Phy Errors for ANI Control Display ANI Parameter for CCK Weak Signal Detection Threshold Display Radio Channel Display Encryption cipher Display Compression scheme Display Compression Window Size Display Current AP Configuration Display Country Code Display CTS mode Display CTS rate Display CTS type Display Domain Name Server suffix Display Data Beacon Rate DTIM Display Adaptive Noise Immunity Control On Off 109 Wireless Access Point User Guide get encryption get extendedchanmode get firStepLvl get fragmentthreshold get frequency get gateway get gbeaconrate get gdraft5 get groupkeyupdate get hardware get hostipaddr get ipaddr get ipmask get keyentrymethod get keysource get login get minimumrate get nameaddr get nf get noiselmmunityLvl get ofdmTrigHigh get ofdmTrigLow get ofdmWeakSigDet get overRidetxpower get operationMode get power get quietAckCtsAllow get quietDuration get quietOffset get radiusname get radiusport Display Encryption Mode Display Extended Channel Mode Display ANI Parameter for FirStepLevel Display Fragment Threshold Display Radio Frequency MHz Display Gateway IP Address Display 11g Beacon Rate Display 11g Draft 5 0 compatibility Display Group Key Update Interval in Seconds Display Hardware Revisions Display Host IP Address Display IP Address Di
73. h Key index advanced Figure 57 Properties Screen Setup for Windows XP and 802 1x client is now complete 73 Wireless Access Point User Guide The only difference is that on your client you must NOT enable the setting The key is pro vided for me automatically Instead you must enter the WEP key manually ensuring it matches the WEP key used on the Access Point Wireless Network Properties Network name SSID misslair Wireless network key WEP This network requires 4 key for the following Data encryption WEP enabled C Network Authentication Shared mode _ The key is provided for me automatically This is a computer to computer ad hoc network wireless access points are not used Figure 58 Properties Screen Note On some systems the 64 bit WEP key is shown as 40 bit and the 128 bit WEP key is shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 74 Other Settings amp Features Chapter 6 Access Point Management This Chapter explains when and how to use the Wireless Access Point s Manage ment Features This Chapter covers the following features available on the Wireless Access Point s Man agement menu e Admin Login e Auto Config Update e Config File e Log Settings e Rogue APs e SNMP e Upgrade Firmware e Operation Mode The Admin Login screen allows you to assign a p
74. h to use The default key selected by the radio button is required The other keys are optional Other stations must have matching key values Security System WPA PSK Current operate mode is Access Point Do you want to change to Home Gateway mode Please finish the following basic wireless setting for you can connect the device after device change to home gateway mode SSID Security System Network Key WPA Encryption TKIP v wireless 0 2 46 WPA PSK v apply Restart Figure 68 Operation Mode WPA PSK Screen Data Security System WPA PSK Screen WPA PSK Network Key WPA Encryption Enter the key value Data is encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key The encryption method is TKIP Wireless Stations must also use TKIP 87 Wireless Access Point User Guide Security System WPA2 PSK Current operate mode is Access Point Do you want to change to Home Gateway mode Yes Please finish the following basic wireless setting for you can connect the device after device change to home gateway mode SSID wireless 0 2 4G Security System WPA2 PSK v Network Key WPA Encryption AES Figure 69 Operation Mode WPA2 PSK Screen Data Security System WPA2 PSK Screen WPA2 PSK Network Key Enter the key value Data is encry
75. hen click Next Automatic Certificate Request Setup Wizard Certificate Template Se The next time a computer logs on a certificate based on the template you select is provided certificate template is a set of predefined properties for certificates issued to computers Select a template from the following list Certificate templates Intended Purposes Client Authentication Server Authenticatior Domain Controller Client Authentication Server Authenticatior Enrollment Agent Computer Certificate Request Agent IPSEC 1 3 6 1 55 8 22 Figure 44 Certificate Template Screen 10 Ensure that your certificate authority is checked and then click Next 11 Review the policy change information and click Finish 12 Click Start Run type cmd and press enter Enter secedit refreshpolicy machine_policy This command may take a few minutes to take effect 64 Other Settings amp Features Internet Authentication Service Radius Setup l 2 gt eI DAM 9 Select Start Programs Administrative Tools Internet Authentication Service Right click on Clients and select New Client Internet Authentication Service Action View e gt Gla elg Tree Internet Authentication Service Local a E Remot ay Remot Figure 45 Service Screen Enter a name for the access point click Next Enter the address or name of the Wireless Access Point and set the
76. ings used by Wireless Stations Click Basic on the menu to view a screen like the following SCULE Wireless Mode 802 11b and 802 119 AP Mode Access Point v Remote AP MAC Address Bridge Mode None disable v PTP Bridge AP MAC Address In PTMP mode only allow specified APs WUE Channel No Automatic Current Channel No 6 Save J Cancel T Help Figure 17 Basic Settings Screen Data Basic Settings Screen Operation Wireless Mode Select the desired option e Disable 2 4GHz band select this if for some reason you do not this AP to transmit or receive at all e 802 11b and 802 11g this is the default and will allow connec tions by both 802 11b and 802 1g wireless stations e 802 11b if selected only 802 11b connections are allowed 802 11g wireless stations will only be able to connect if they are fully backward compatible with the 802 11b standard e 802 11g only 802 11g connections are allowed If you only have 802 11g selecting this option may provide a performance im provement over using the default setting 28 Setup AP Mode Both Bridge mode and AP mode can be used simultaneously unless AP mode is Client Repeater Select the desired AP mode None disable Disable AP mode Use this if you want to act a Bridge only Access Point operate as a normal Access Point WDS Client Repeater act as a client or repeater for another Access Point If sel
77. ipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help To assure continued compliance any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment Example use only shielded interface cables when connecting to computer or peripheral devices FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter 93 Appendix B
78. lay SNTP NTP Server IP Address Display Software Retry Display ANI Parameter for Spur Immunity Level Display Service Set ID Display SSID Suppress Mode Display Station Status Display SuperG Feature Status Display Access Point System Name Display Telnet Mode Display Telnet Timeout Display Time Zone Setting Display Vendor Default Firmware Update Params Display UpTime Display Watchdog Mode Display WDS Mode Display Encryption Mode Display Wireless LAN Mode Display 802 11d mode Display http Enable Disable Display http port number Display https Enable Disable Display https port number Display syslog Disable Broadcast Unicast Display syslog Severity level Display unicast syslog server IP name 111 Wireless Access Point User Guide get manageOnlyLan get roguedetect get rogueinteval get rogueband get roguetype get roguesnmp get roguelegal get autoConfig get autoResponse get autoChangeName get autoSetResp get autoUpdate get autoUpgradeOnly get autoUpdatelnterval get fipServer get fwPathname get ftpLogin get ftpPassword get activeCurrentProfile get profileName get profileVianld get APPrimaryProfile get WDSPrimaryProfile get securityMode get Accounting get Accountingport get keyValue get keyLength get keylndex get UAM get UAMMethod Display Management only via LAN Enable Disable Display Rogue AP Detection Enable Disable Display Minutes of every Rogue AP Detection Range 3 99
79. ld Adjustment e Beacon Interval Adjustment e SSID assignment Operation Mode e Common AP Client Repeater AP e Peer to Peer Bridge Point to Multi Point Bridge Bridge mode can be used simultaneously with Common AP mode Security e Open shared WPA and WPA PSK authentication e 802 1x support e EAP TLS EAP TTLS PEAP e Block inter wireless station communication e Block SSID broadcast Management e Web based configuration e RADIUS Accounting e RADIUS On feature e RADIUS Accounting update e CLI e Message Log 91 Wireless Access Point User Guide e Access Control list file support e Configuration file Backup Restore e Statistics support e Device discovery program e Windows Utility Other Features e DHCP client e WINS client e DHCP Server e DHCP Relay Firmware Upgrade HTTP FTP network protocol download 92 Appendix A Specifications FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communica tions However there is no guarantee that interference will not occur in a particular installation If this equ
80. les can be defined and up to 8 used as any time Multiple SSIDs Because each Security Profile has it own SSID up to 8 Security Profiles can be active simultaneously Multiple SSIDs are supported Different clients can connect to the Wireless Access Point using different SSIDs with different security set tings Multiple SSID Isolation If desired PCs and devices connecting using different SSIDs can be isolated from each other VLAN Support The 802 1Q VLAN standard is supported allowing traffic from differ ent sources to be segmented Combined with the multiple SSID feature this provides a powerful tool to control access to your LAN STP Support The 802 1d STP standard is supported providing path redundancy while preventing undesirable loops in the network WEP support Support for WEP Wired Equivalent Privacy is included Both 64 Bit and 128 Bit keys are supported WPA support Support for WPA is included WPA is more secure than WEP and should be used if possible Both TKIP and AES encryption methods are supported 802 1x Support Support for 802 1x mode is included providing for the industrial strength wireless security of 802 1x authentication and authorization Radius Client Support The Wireless Access Point can login to your existing Radius Server as a Radius client Radius MAC Authentication You can centralize the checking of Wireless Station MAC addresses by using a Radius Server Rogue AP Detection The Wireless
81. lowed Set 11g Optimization Level Set Overlapping BSS Protection Set Access Control List Set Aging Interval Set Antenna Set Authentication Type Set Auto Channel Selection Set Use of Basic 11b Rates Set Use of Basic 11g Rates Modify Beacon Interval Set Max Number of frames in a Burst Set Burst Time Set Calibration Period Set Higher Trigger Threshold for CCK Phy Errors For ANI Control Set Lower Trigger Threshold for CCK Phy Errors For ANI Control Set ANI Parameter for CCK Weak Signal Detection Threshold Set Radio Channel Set Cipher Set Compression Scheme Set Compression Window Size Set Country Code Set CTS Mode Set CTS Rate Set CTS Type Set Domain Name Server Suffix Set Data Beacon Rate DTIM Turn Adaptive Noise Immunity Control On Off Set Encryption Mode Set Extended Channel Mode 114 set factorydefault set firStepLv set fragmentthreshold set frequency set gateway set gbeaconrate set groupkeyupdate set gdraft5 set hostipaddr set ipaddr set ipmask set keyentrymethod set keysource set login set minimumrate set nameaddress set noiselmmunityLvl set ofdmTrigHigh set ofdmTrigLow set ofdmWeakSigDet set overRidetxpower set operationMode set password set passphrase set power set quietAckCtsAllow set quietDuration set quietOffset set radiusname set radiusport set radiussecret Appendix C Windows TCP IP Restore to Default Factory Settings Set ANI Parameter for
82. mically generated This may use EAP TLS PEAP or another method depending on the methods supported by the client Key Exchange Enable this if you wish the Dynamic keys to be exchanged and updated regularly If enabled enter the desired Key Lifetime Static WEP key If enabled this uses EAP MDS You must enter the WEP key on the WEP Key field below and on each Wireless station The WEP Key Index must also match the key index used on other Wireless stations RADIUS Accounting Enable this if you want this Access Point to send accounting data to the Radius Server If enabled the port used by your Radius Server must be entered in the Radius Accounting Port field Update Report every If Radius accounting is enabled you can enable this and enter the desired update interval This Access Point will then send updates according to the specified time period 54 Chapter 5 PC and Server Configuration This Chapter details the PC Configuration required for each PC on the local LAN All Wireless Stations need to have settings which match the Wireless Access Point These settings depend on the mode in which the Access Point is being used e Ifusing WEP WPA PSK WPA2 PSK or WPA PSK and WPA2 PSK it is only necessary to ensure that each Wireless station s settings match those of the Wireless Ac cess Point as described below e For WPA with radius WPA2 with radius WPA and WPA2 with radius or802
83. ms Wireless Widgets College Park MD US ca yourdomain tld Issuer Self Issued Time Validity Thursday October 11 2001 through Saturday October 11 2003 Serial Number 76E748D0 86375643 4F77E081 551337C7 Thumbprint shal E9EC3FSD BA9B678E 79CO55A8 51017043 BE7A0CB7 Thumbprint mdS 6F171E64 D438B251 44242464 CD8E6189 Figure 54 Root Certificate Screen 9 Certificate setup is now complete 802 1x Authentication Setup 1 Open the properties for the wireless connection by selecting Start Control Panel Network Connections Right Click on the Wireless Network Connection and select Properties 3 Select the Authentication Tab and ensure that Enable network access control using IEEE 802 1X is selected and Smart Card or other Certificate is selected from the EAP type Wireless Network Connection Properties General Wireless Networks Authentication Advanced Select this option to provide authenticated network access for wired and wireless Ethernet networks Enable network access control using IEEE 802 1 EAP type Smart Card or other Certificate v Authenticate as computer when computer information is available C Authenticate as quest when user or computer information is unavailable PR Figure 55 Authentication Tab Encryption Settings The Encryption settings must match the APs Access Points on the Wireless network you wish to join e Windows XP will de
84. nd select New Certificate to Issue f Certification Authority Action vew e gt AR Tree Certification Authority Local Gers Recovery Agent File Recovery A io WirelessCA Galpasic EFS Encrypting File System E Revoked Certificates ADomain Controller Client Authentication Server Authentic E Issued Certificates Gaweb Server Server Authentication Pending Requests EA computer Client Authentication Server Authentic Failed Requests Fuser Encrypting File System Secure Email ee aeaea Authority Certificate to Issue Code Signing Microsoft Trust List Signi View gt Refresh Export List Help Creates a new object in this container Figure 39 Certificate Authority Screen 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctrl key Click OK Select Certificate Template F 2 xl Select a certificate template to issue certificates User Signature Only Secure Email Clier Smartcard User Secure Email Clier Client Authenticatic Client Authenticatic Code Signing Code Signing a Trust List Signing Microsoft Trust List Frirollment Aqent Certificate Request gt Figure 40 Template Screen 4 Select Start Programs Administrative Tools Active Directory Users and Computers 5 Right click on your active directory domain and select Properties 62 Other Settings amp Features Figure 41 Active Directory
85. nt this Access Point to send accounting data to the Radius Server If enabled the port used by your Radius Server must be entered in the Radius Accounting Port field Update Report If Radius accounting is enabled you can enable this and enter the every desired update interval This Access Point will then send updates according to the specified time period 52 Setup Security Settings 802 1x This uses the 802 1x standard for client authentication and WEP for data encryption If possi ble you should use WPA 802 1x instead because WPA encryption is much stronger than WEP encryption MC Profile Name ProfileO0 SSID wireless 0 2 46 Broadcast SSID Disable Enable Wireless Separation Disable Enable VLAN ID 1 STM Security System 802 1x v PrimaryRadius Server Address Radius Port 1812 Shared Key Seconary Radius Server Address Radius Port 1812 Shared Key WEP Key Size 64bit v oO Dynamic WEP key EAP TLS PEAP etc Key Exchange with lifetime of 20 minutes oO Static WEP Key EAP MD5 WEP Key hex WEP Key Index Radius Accounting O Enable Radius Accounting Radius Accounting Port 1813 Update Report every 5 Minutes Aaaa Current Status Disabled Authentication atii Current Status Disabled Figure 32 802 1x Wireless Security Data
86. pdate Screen Admin Connections Perform Auto Configu If checked this AP will perform Auto Configuration the next ration on this AP next time it restarts restart e The wired LAN NOT the Wireless LAN will be searched for compatible APs e Ifacompatible AP is found its configuration is cop ied If more than one compatible AP exists the first one found is used e Some data cannot be copied o The IP address is not copied and will not change o The operating mode Repeater Bridge etc is not copied and will not change Note This checkbox is automatically disabled so the Auto configuration is only performed once 77 Wireless Access Point User Guide Respond to Auto configuration request by other AP If checked this AP will respond to Auto Configuration requests it receives If not checked Auto Configuration requests will be ignored Provide login name and password If enabled the login name and password on this AP is sup plied the AP making the Auto configuration request If disabled the AP making the Auto configuration request will keep its existing login name and password Provide Respond to Auto configuration setting If enabled the Respond to Auto configuration setting on this AP is supplied the AP making the Auto configuration request If disabled the AP making the Auto configuration request will keep its existing setting Auto Update Check for Firm
87. pdates O Group Key Update Key Lifetime 50 minutes O Update Group Key when any membership terminates Radius Accounting O Enable Radius Accounting Radius Accounting Port 1813 Update Report every 5 Minutes Radius MAC i Configure a db eriention Current Status Disabled vonfigur UAM Current Status Disabled Configure Figure 29 WPA with Radius Security Data WPA with Radius Screen WPA with Radius Primary Radius Enter the name or IP address of the Primary Radius Server on Server Address your network Radius Port Enter the port number used for connections to the Radius Server Shared Key This is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server Secondary Radius Enter the name or IP address of the Secondary Radius Server on Server Address your network Radius Port Enter the port number used for connections to the Radius Server 47 Wireless Access Point User Guide Shared Key This is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server WPA Encryption The encryption method is TKIP Wireless Stations must also use TKIP Key Updates These settings determine how often keys are changed e Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly and enter the desired time period Key Lifetime be tween key
88. pendix C Windows TCP IP Display UAM Authentication Login URL Display UAM Authentication Login Fail URL Display Mac Authentication Enable Disable Display SNMP Mode Display SNMP Community Name Display SNMP Access Right Display SNMP Any Station Mode Display SNMP Station Addr Display Trap Mode Display Trap Version Display Trap Send Mode Display Trap Receiver IP Display WDS Mac Address List Display Wireless Client Enable Disable Display Isolation Type Display WINS Server Enable Disable Display IP address of WINS server Display wireless seprate Mode Display Access Point Description Display dhcp mode Display wlan state Display CLI Command List Disable reboot during radar detection list directory system memory statistics Network Performance Network Performance Server Ping Simulate radar detection on current channel Reboot Access Point Remove file Run command file 113 Wireless Access Point User Guide quit set 11gonly set 11goptimize set 11goverlapbss set acl set aging set antenna set authentication set autochannelselect set basic11b set basic11g set beaconinterval set burstSeqThreshold set burstTime set calibration set cckTrigHigh set cckTrigLow set cckWeakSigThr set channel set cipher set compproc set compwinsize set countrycode set ctsmode set ctsrate set ctstype set domainsuffix set dtim set enableANI set encryption set extendedchanmode Logoff Set 11g Only Al
89. pported allowing you to use a SNMP program to manage the Wireless Access Point UAM Support The Wireless Access Point supports VAM Universal Access Method making it suitable for use in Internet cafes and other sites where user access time must be accounted for WDS Support Support for WDS Wireless Distribution System allows the Wireless Access Point to act as a Wireless Bridge Both Point to Point and Multi Point Bridge modes are supported QOS Support With this feature you can balance the load of AP which use the same SSID in a certain area and set the traffic threshold of each profile Wireless Access Point User Guide The following items should be included e Wireless Access Point e Antenna If any of the above items are damaged or missing please contact your dealer immediately Front Panel LEDs Status Power Wireless LAN Signal O Status O Signal O Power O LAN Wireless LAN Signal Figure 2 Front Panel On Error condition Off Normal operation Blinking During start up and when the Firmware is being upgraded On Normal operation Off No power On The LAN Ethernet port is active Off No active connection on the LAN Ethernet port Flashing Data is being transmitted or received via the corresponding LAN Ethernet port On Idle Off Error Wireless connection is not available Flashing Data is being transmitted or received via the Wireless access poin
90. prompt and can then use any of the commands listed in the follow ing Command Reference The following commands are available Display CLI Command List admin Temporary factory admin config wlan config wlanX config profile config profile del acl Delete Access Control List del key Delete Encryption key find bss Find BSS find channel Find Available Channel find all Find All BSS format Format flash filesytem bootrom Update boot rom image ftp Software update via FTP 108 get 11gonly get 11goptimize get 11goverlapbss get acl get aging get antenna get association get authentication get autochannelselect get basic11b get basic11g get beaconinterval get burstSeqThreshold get burstTime get calibration get cckTrigHigh get cckTrigLow get cckWeakSigThr get channel get cipher get compproc get compwinsize get config get countrycode get ctsmode get ctsrate get ctstype get domainsuffix get dtim get enableANI Appendix C Windows TCP IP Display 11g Only Allowed Display 11g Optimization Level Display Overlapping BSS Protection Display Access Control List Display Aging Interval Display Antenna Diversity Display Association Table Display Authentication Type Display Auto Channel Select Display Basic 11b Rates Display Basic 11g Rates Display Beacon Interval Display Max Number of frames in a Burst Display Burst Time Display Noise And Offset Calibration Mode Display Higher Tri
91. ps 32 Setup Clicking the QoS link on the menu will result in a screen like the following Load Balance O Enable wireless load balance ELET Traffic Management Disabled v Figure 19 QOS Management Data QOS Management Screen Load Balance The Load Balance is used for balancing the load of APs which use the same SSID in a certain area QOS e Ifyou select Disabled that means QOS function is not be used e Ifyou select By SSID the threshold set by you will limit the traffic of each SSID and stations in each SSID e Ifyou select By Station the max value is fit for every station Security Profiles contain the SSID and all the security settings for Wireless connections to this Access Point e Up to eight 8 Security Profiles can be defined e Allowing eight 8 Security Profiles to be enabled at one time and 8 different SSIDs to be used simultaneously 33 Wireless Access Point User Guide Profile Name SSID Security Profile00 wireless 0 2 4G None Profile01 wireless 1 2 4G None Profile02 wireless 2 2 4G None Profile03 wireless 3 2 4G None Profile04 wireless 4 2 4G None ProfileO5 wireless 5 2 4G None Profile06 wireless 6 2 4G None ProfileO wireless 7 2 4G None Isolation Indicates Security Profile is currently enabled Non AP mode always use the first Profile for connection oO Isolate all
92. pted using a 256Bit key derived from this key Other Wireless Stations must use the same key WPA Encryption The encryption method is AES Wireless Stations must also use AES Security System WPA PSK and WPA2 PSK Current operate mode is Access Point Do you want to change to Home Gateway mode 166 m Please finish the following basic wireless setting for you can connect the device after device change to home gateway mode SSID wireless 0 2 4G Security System WPA PSK and WPA2 PSK Network Key WPA Encryption TKIP AES apply Restart Figure 70 Operation Mode WPA PSK and WPS PSK Screen Data Security System WPA PSK and WPA2 PSK Screen 88 Other Settings amp Features WPA PSK and WPA2 PSK Network Key Enter the key value Data is encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key WPA Encryption The encryption method is TKIP for WPA PSK and AES for WPA2 PSK 89 Appendix A Specifications Hardware Specifications CPU AR2316 DRAM 16 Mbytes Flash ROM 4Mbytes LAN port 1 x Auto MDIX RJ 45 for 10 100Mbps Ethernet Wireless Interface Embedded Atheros solution Network Standard IEEE 802 11b Wi Fi and IEEE 802 11g compliance OFDM 802 11b CCK 11 Mbps 5 5 Mbps DQPSK 2 Mbps DBPSK 1 Mbps Operating Frequencies 2 412 2 497 GHz
93. required All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 37 Wireless Access Point User Guide Security Settings None MULE Profile Name ProfileQO SSID wireless 0 2 4G Broadcast SSID O Disable Enable Wireless Separation Disable Enable VLAN ID 1 Sia Security System None x Adasia Current Status Disabled Authentication aus Current Status Disabled Figure 22 Wireless Security None No security is used Anyone using the correct SSID can connect to your network The only settings available from this screen are Radius MAC Authentication and UAM Universal Access Method Radius MAC Authentication Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server If you don t have a Radius Server you cannot use this feature Using MAC authentication 1 Ensure the Wireless Access Point can login to your Radius Server Add a RADIUS client on the RADIUS server using the IP address or name of the Wireless Access Point and the same shared key as entered on the Wireless Access Point Ensure the Wireless Access Point has the correct address port number and shared key for login to your Radius Server These parameters are entered either on the Security page or the Radius based MAC authentication sub screen depending on the s
94. rypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and changes fre quently WPA2 PSK This is a further development of WPA PSK and offers even greater security using the AES Advanced Encryption Standard method of encryption WPA PSK and WPA2 PSK This method sometimes called Mixed Mode allows clients to use EITHER WPA PSK with TKIP OR WPA2 PSK with AES WPA with Radius This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA standard If this option is selected This Access Point must have a client login on the Radius Server Each user must authenticate on the Radius Server This is usually done using digi tal certificates Each user s wireless client must support 802 1x and provide the Radius authentica tion data when required All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required WPA2 with Radius This version of WPA2 requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA2 standard If this option is selected This Access Point must have a client login on the Radius Server
95. s 2000 Server ssesessesseseosoesessossesoessesoosossessossessossesose 58 802 1x Client Setup on Windows XP sssseseseresoesosoesesesccossosoesesecccoesoroesesecoesosoroesececoesesee 68 Using 802 1 Mod sesseccsvessscesssssensssessnsssvececsesvasvesssnesvestessdusscvsesvessesesvasctseousssaseasesus sooveseess 74 CHAPTER EEEE E E A ET E E EE E EERE 75 ACCESS POINT MANAGEMENT essessesesescccssossssescsocecsosoesescsosoesesesocscsossesesecossososseeseoesssoss 75 OVERVICW AEAEE EE AEE AET E OE O E E A 75 Admin Login Screen sscscsscssscssssessscsscsscessssssscssssesessnesccsssssscsssessessnesssssessessessosenses 75 Auto Config Update seeseosoesesoossescossesessossesoessesoessesessossesoossesoessesoessesessossessossesoessesessosses 77 Config Pile oi ssscSeececcs oss ncscdteadieds ates cadedcuecsgstunssddacsanbacdescsssuaesassustecdedcecsaesenccdscesese senses cssssines 79 Log Settings Syslog sscssccsscssscssssscsscsscesssessseseessesseesseesssssscssscsssssesscsssesssssessseeseeees 81 ROGUE APS cc iaciscsstiesssecdsesascesossnseasecensuasveoedestecsscensseseeassessousasessebediesiasossenseaesoadsossconssasensess 82 SNMP i ccictenseussdesedcaccoscvsssossescasvassansedssed cocvaseansacsesieceaveenaeesetecsdeveuossesecsccstevearastsastasacavestous 83 Upgrade Firmware cccscccsssscscssscscsssssscssscssccssccncsnccsscssocssessscssscsssssssscsssescsssecsseeseeees 85 Operation Md er ssccssasccssscsscacsssercssasecdos
96. s of data 2 time lt i ms TTL 64 Reply from 192 168 51 bytes 32 time lt i ms TTL 64 by i Reply from 192 168 090 Reply from 192 168 51 by 2 time lt i ms TTL 64 Reply from 192 168 bytes 32 time lt i ms TTL 64 Figure 66 Ping If your PC uses a Fixed Static IP address ensure that it is using an IP Address which is compatible with the Wireless Access Point If no DHCP Server is found the Wireless Access Point will default to an IP Address and Mask of 192 168 0 228 and 255 255 255 0 On Windows PCs you can use Control Panel Network to check the Properties for the TCP IP protocol 94 Appendix B Troubleshooting Problem 2 My PC can t connect to the LAN via the Wireless Access Point Solution 2 Check the following The SSID and WEP settings on the PC match the settings on the Wire less Access Point On the PC the wireless mode is set to Infrastructure If using the Access Control feature the PC s name and address is in the Trusted Stations list If using 802 1x mode ensure the PC s 802 1x software is configured correctly See Chapter 4 for details of setup for the Windows XP 802 1x client If using a different client refer to the vendor s documentation 95 Appendix C Windows TCP IP Normally no changes need to be made e By default the Wireless Access Point will act as a DHCP client automatically obtaining a suitable IP Address and related information from your DHCP Server e If
97. satek com images DataSheets Manuals WirelessAPSetupTool zip 2 Unzip it in the local folder Main Screen e Start the program by clicking WirelessAPSetupTool exe in the local folder e When run the program searches the network for all active Wireless Access Points and then lists them on screen as shown by the example below O Wireless Access Point User Guide BE Access Point Management x Wireless Access Point Management Utility Version 1 1 Wireless Access Points ee Lt IP Address MAC Address IEEE Standard Description 172 31 2 58 Oocoog27 78877 802 11 big one Detail Info Web Management Set IP Address Exit Figure 6 Management utility Screen Wireless Access Points The main panel displays a list of all Wireless Access Points found on the network For each Access Point the following data is shown Server Name The Server Name is shown on a sticker on the base of the device IP address The IP address for the Wireless Access Point MAC Address The hardware or physical address of the Wireless Access Point IEEE Standard The wireless standard or standards used by the Wireless Access Point e g 802 11b 802 11g FW Version The current Firmware version installed in the Wireless Access Point Description Any extra information for the Wireless Access Point entered by the administrator Note Ifthe desired Wireless Access Point is not listed check that the device is
98. settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows settings To work correctly you need a DHCP server on your LAN Using Specify an IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 97 Wireless Access Point User Guide 1 Select Control Panel Network and on the Protocols tab select the TCP IP protocol as shown below Network 21x Identification Services Protocols Adapters Bindings Network Protocols Y NetBEUI Protocol Y NwLink IPX SPX Compatible Transport Y NWLink NetBIOS Add Remove Properties Ipdate Description Transport Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Figure 69 Windows NT4 0 TCP IP 2 Click the Properties button to see a screen like the one below Microsoft TCP IP Properties 21 x IP Address DNS WINS Address DHCP Relay Routing An IP address can be automatically assigned to this network card by a DHCP server If your network does not have a DHCP server ask your network administrator for an address and then type it in the space below Adapter PCI Fast Ethernet Adapter
99. splay IP Subnet Mask Display Encryption Key Entry Method Display Source Of Encryption Keys Display Login User Name Display Minimum Rate Display IP address of name server Display Noise Floor Display ANI Parameter for Noise Immunity Level Display Higher Trigger Threshold for OFDM Phy Errors for ANI Control Display Lower Trigger Threshold for OFDM Phy Errors for ANI Control Display ANI Parameter for OFDM Weak Signal Detection Display Tx power override Display Operation Mode Display Transmit Power Setting Display if Ack Cts frames are allowed during quiet period Display Duration of quiet period Display Offset of quiet period into the beacon period Display RADIUS server name or IP address Display RADIUS port number 110 get rate get remoteAp get hwtxretries get swixretries get rtsthreshold get shortpreamble get shortslottime get sntpserver get softwareretry get spurlmmunityLvl get ssid get ssidsuppress get station get SuperG get systemname get telnet get timeout get tzone get updateparam get uptime get watchdog get wds get wep get wirelessmode get 80211d get http get HttpPort get https get HttpsPort get syslog get syslogSeverity get syslogServer Appendix C Windows TCP IP Display Data Rate Display Remote Ap s Mac Address Display HW Transmit Retry Limit Display SW Transmit Retry Limit Display RTS CTS Threshold Display Short Preamble Usage Display Short Slot Time Usage Disp
100. ss Basic amp Advanced 7 You may also wish to set the admin password and administration connection options These are on the Admin Login screen accessed from the Management menu See Chapter 6 for details of the screens and features available on the Management menu 8 Use the Apply Restart button on the menu to apply your changes and restart the Wireless Access Point Setup is now complete Wireless stations must now be set to match the Wireless Access Point See Chapter 5 for details 11 Wireless Access Point User Guide Your Browser must support JavaScript The configuration program has been tested on the following browsers e Netscape V4 08 or later e Internet Explorer V4 or later Setup Procedure Before commencing install the Wireless Access Point in your LAN as described previously 1 Check the Wireless Access Point to determine its Default Name This is shown on a label on the base or rear and is in the following format SCxxxxxx Where xxxxxx is a set of 6 Hex characters 0 9 and A F 2 Use aPC which is already connected to your LAN either by a wired connection or an other Access Point e Until the Wireless Access Point is configured establishing a Wireless connection to it may be not possible e If your LAN contains a Router or Routers ensure the PC used for configuration is on the same LAN segment as the Wireless Access Point 3 Start your Web browser 4 Inthe Address box enter HTTP
101. ss Point to send log data to your Syslog Server Disable Broadcast Send to specified Syslog Server Syslog Server Address Name lP Minimum Severity Level 3 Error M Cancel Help Figure 62 Log Settings Syslog Screen Data Log Settings Screen Syslog Server Select the desired Option e Disable Syslog server is not used e Broadcast Syslog data is broadcast Use this option if different PCs act as the Syslog server at different times e Send to specified Syslog Server Select this if the same PC is always used as the Syslog server If selected you must enter the server address in the field provided Syslog Server Address Enter the name or IP address of your Syslog Server Minimum Severity Level Select the desired severity level Events with a severtiy level equal to or higher i e lower number than the selected level will be logged 81 Wireless Access Point User Guide A Rouge AP is an Access Point which should not be in use and so can be considered to be providing unauthorized access to your LAN This Access Point can assist to locate 2 types of Rogue APs e APs which have Wireless security disabled e APs which are not in the list of valid APs which you have provided When a Rogue AP is located it is recorded in the log If using SNMP you can also choose to have detection of a Rogue AP generate an SNMP trap EOGI I Enable Rogue AP Detection Detection 2 4 GHz band
102. ssossoosesessensoasovessessesescescsvessesessas sess ossbeassusoossoensonsess 86 APPENDIX A SPECIFICATIONS cscssscosssssossessscsesssccncssccscssecsscsessscssessscsessessscsessscsoes 90 Wireless ACCESS POU sis scscccssessssccteesessasessoscdseasseadoassonsovessussteodsvactvassesesoesscdensssosoesssessounsts 90 APPENDIX B TROUBLE SHOOTING sccscsssscsssssescsccsessccsssecsscsesssscsessscsessessessesssssoes 94 Overview siseitienscccccuciseiens sdesTeseessdsedecdenseasosndsadecsdesssousosvosensendasussebeshasiasosbaesenessadsosocenesasonseds 94 General ProbleMS s sscccsicessesssecassensenssesscesossesevessesssonssvassonscaseoaconseeaseapsonsssesoussatsssbecevesevaseen 94 APPENDIX C WINDOWS TCP iisscsccvaccssesiocsccecoecctsasccastesseotetseatecsesestascisuorecsvac easstsesteseeee 96 OVERVIEW siscssteniesiscsossssesessvcdevecdsnsntesderseasoondsadecsosedeonsocvadensendsanesepesiosiasesbadsetesbadsosocenssadenseds 96 Checking TCP IP Settings Windows 9x ME ssscssssssesscssssscescesseessssnessessessesenses 96 Checking TCP IP Settings Windows NT4 0 scsscscssssssssssscsssescsssnessesscscessessesees 98 Checking TCP IP Settings Windows 2000 scsssscsssssssscsscssesessssnesssscssesssssees 100 Checking TCP IP Settings Windows XP sssccsssscsssssssscsscsssescsssnessesecssseeseees 102 APPENDIX D ABOUT WIRELESS LANSG cccscssssssscssssscecssssssecsessesessssesecseseseenessesees 104 QV E
103. t Data includes network traffic as well as user data Show the Output Power level When the signal strength of the strong the two light all When the signal strength of the weak just a bright light A Introduction Rear Panel ETHERNET CONSOLE POWER RESET POE Figure 3 Rear Panel Antenna One antenna aerial is supplied Best results are usually obtained with the antenna in a vertical position Console port DB9 female RS232 port Reset Button This button has two 2 functions e Reboot When pressed and released the Wireless Access Point will reboot restart e Reset to Factory Defaults This button can also be used to clear ALL data and restore ALL settings to the factory default values To Clear All Data and restore the factory default values 1 Power Off the Access Point 2 Hold the Reset Button down while you Power On the Access Point 3 Continue holding the Reset Button until the Status Red LED blinks TWICE 4 Release the Reset Button The factory default configuration has now been restored and the Access Point is ready for use Ethernet Use a standard LAN cable RJ45 connectors to connect this port to a 10BaseT or 100BaseT hub on your LAN Power port Connect the supplied power adapter here Chapter 2 Installation This Chapter covers the physical installation of the Wireless Access Point Requirements TCP IP network Ethernet cable with RJ 45 connectors Installed Wireless
104. talled 58 Other Settings amp Features Windows Components Wizard Windows Components You can add or remove components of Windows 2000 Us Accessories and Utilities A Certificate Services O Q Cluster Service M BP Indexing Service Figure 33 Components Screen 4 Click Next 5 Select the Enterprise root CA and click Next Windows Components Wizard Certification Authority Type There are four types of certification authorities Figure 34 Certification Screen 6 Enter the information for the Certificate Authority and click Next 59 Wireless Access Point User Guide Windows Components Wizard CA Identifying Information Enter information to identify this CA CA name WitelessCA Organization Organization Organizational unit js ystems City Oakland State or province ca Country region jus E mail Jed yourdomain tid CA description Wireless cal Valid for 2 Years x Expires zi 7 2005 6 39 PM Baal Figure 35 CA Screen 7 Click Next if you don t want to change the CA s configuration data 8 Installation will warn you that Internet Information Services are running and must be stopped before continuing Click Ok then Finish DHCP server configuration 1 Click on the Start Programs Administrative Tools DHCP 2 Right click on the server entry as shown and select New Scope ERO oa Display Statistics Configure the DHCP Server fore
105. tect any available Wireless networks and allow you to configure each network independently 71 Wireless Access Point User Guide e Your network administrator can advise you of the correct settings for each network 802 1x networks typically use EAP TLS This is a dynamic key system so there is no need to enter key values Enabling Encryption To enable encryption for a wireless network follow this procedure 1 Click on the Wireless Networks tab 4 Wireless Network Connection Properties mR e General Wireless Networks Authentication Advanced Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure i misslaicA rtest a Cae Preferred networks Automatically connect to available networks in the order listed below umd Move up misslair misslair Learn about setting up wireless network configuration Figure 56 Wireless Networks Screen Select the wireless network from the Available Networks list and click Configure 3 Select and enter the correct values as advised by your Network Administrator For example to use EAP TLS you would enable Data encryption and click the checkbox for the setting The key is provided for me automatically as shown below 72 Other Settings amp Features Wireless Network Properties P a weds LI Ne DAD Network KEY Key format Key lengt
106. tings in order to associate with the Wireless Access Point 6 When an associated client tries to use HTTP TCP port 80 connections they will be re directed to the welcome page on your Web Server They must then click the link or button in order to reach the Access Point s login page 7 The client user must then enter the user name and password as defined on the Radius Server You must provide some system to let users know the correct name and password to use 8 Ifthe user name and password is correct Internet access is allowed Otherwise the user remains on the login page e Clients which pass the authentication are listed as xx xx xx xx xx xx WEB au thentication in the log table and station status would show as Authenticated on the station list table e Ifa client fails authentication xx xx xx xx xx xx WEB authentication failed is shown in the log and station status is shown as Authenticating on the station list table UAM Screen The UAM screen will look different depending on the current security setting If you have already provided the address of your Radius server you won t be prompted for it again O UAM Universal Access Method Internal Web based Authentication External Web based Authentication Login URL Login Failure URL Radius Server Address Radius Port 1812 Client Login Name SC0A5F10 Shared Key Figure 24 UAM Screen Data
107. tion Disable Enable VLAN ID 1 Siva Security System None x Adaa Current Status Disabled Authentication mae Current Status Disabled Back Save Cancel Help Figure 21 Security Profile Screen Profile Data Enter the desired settings for each of the following Profile Name Enter a suitable name for this profile SSID Enter the desired SSID Each profile must have a unique SSID Broadcast SSID If Disabled no SSID is broadcast If Enabled the SSID will then be broadcast to all Wireless Stations Stations which have no SSID or a null value can then adopt the correct SSID for connections to this Access Point Wireless Separation If Disabled the default setting wireless clients using the same profile can communicate with each other If Enabled wireless clients using the same profile are isolated from each other VLAN ID Enter the desired VLAN ID as used on your network IDs must be in the range 1 4095 These IDs must match the IDs used by other network devices Security Settings Select the desired option and then enter the settings for the selected method 35 Wireless Access Point User Guide The available options are None No security is used Anyone using the correct SSID can connect to your network WEP The 802 11b standard Data is encrypted before transmission but the encryption system is not very strong WPA PSK Like WEP data is enc
108. ult Name as its Client Login name How ever your Radius server may ignore this and use the IP address instead e Encryption settings must be correct 57 Wireless Access Point User Guide This section describes using Microsoft Internet Authentication Server as the Radius Server since it is the most common Radius Server available that supports the EAP TLS authentication method The following services on the Windows 2000 Domain Controller PDC are also required e dhcp e dns e rras e webserver IIS e Radius Server Internet Authentication Service e Certificate Authority Windows 2000 Domain Controller Setup 1 Run dcpromo exe from the command prompt 2 Follow all of the default prompts ensure that DNS is installed and enabled during installa tion Services Installation Select the Control Panel Add Remove Programs Click Add Remove Windows Components from the left side 3 Ensure that the following components are activated selected e Certificate Services After enabling this you will see a warning that the computer cannot be renamed and joined after installing certificate services Select Yes to select certificate services and continue e World Wide Web Server Select World Wide Web Server on the Internet Information Services IIS component e From the Networking Services category select Dynamic Host Configuration Protocol DHCP and Internet Authentication Service DNS should already be selected and in s
109. unication across diverse interconnected networks J Show icon in taskbar when connected OK Cancel Figure 71 Network Configuration Win 2000 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol TCP IP Properties BE General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically C Use the following IP address IP address Subnet mask Default gateway Obtain DNS server address automatically C Use the following DNS server addresses Preferred DNS server Altemate DNS server Figure 72 TCP IP Properties Win 2000 100 Appendix B Troubleshooting 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting This is the default Windows settings To work correctly you need a DHCP server on your LAN Using a fixed IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 101 Wireless
110. unting Port Update Report every 5 Minutes Radius MAC j onfigure EPES Current Status Disabled Config adii Current Status Disabled Configure Back Save Cancel Help Figure 30 WPA2 with Radius Wireless Security Data WPA2 with Radius Screen WPA2 with Radius Primary Radius Enter the name or IP address of the Primary Radius Server on Server Address your network Radius Port Enter the port number used for connections to the Radius Server Shared Key This is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server Secondary Radius Enter the name or IP address of the Secondary Radius Server on Server Address your network Radius Port Enter the port number used for connections to the Radius Server Shared Key This is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server 49 Wireless Access Point User Guide WPA Encryption The encryption method is AES Wireless Stations must also use AES Key Updates These settings determine how often keys are changed e Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly and enter the desired time period Key Lifetime be tween key updates e Group Key Update when any membership terminates If enabled the Group Key will be updated whenever any member le
111. upplied power adapter to the Wireless Access Point Connect one end of a standard category 5 LAN cable to the Ethernet port on the Wire less Access Point Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter 24V DC 500mA Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch Connect the power supply to the PoE adapter and power up Check the LEDs on the Wireless Access Point to see it is drawing power via the Ethernet connection PoE Adapter Ethernet To Hub Powered Unpowered Access Point Figure 5 Using PoE Power over Ethernet Chapter 3 Access Point Setup This Chapter provides details of the Setup process for Basic Operation of your Wireless Access Point This chapter describes the setup procedure to make the Wireless Access Point a valid device on your LAN and to function as an Access Point for your Wireless Stations Wireless Stations may also require configuration For details see Chapter 5 Wireless Station Configuration The Wireless Access Point can be configured using either the supplied Windows utility or your Web Browser A simple Windows setup utility is supplied on the CD ROM This utility can be used to assign a suitable IP address to the Wireless Access Point Using this utility is recommended because it can locate the Wireless Access Point even if it has an invalid IP address Installation 1 Download at http ver
112. ve a client login on the Radius Server e Fach user must have a user login on the Radius Server e Fach user s wireless client must support 802 1x and provide the login data when required 105 Wireless Access Point User Guide e All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required 802 1x This uses the 802 1x standard for client authentication and WEP for data encryption If possi ble you should use WPA 802 1x instead because WPA encryption is much stronger than WEP encryption If this option is used e The Access Point must have a client login on the Radius Server e Fach user must have a user login on the Radius Server e Fach user s wireless client must support 802 1x and provide the login data when required e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 106 Appendix E Command Line Interface If desired the command line interface CLI can be used for configuration This provides the possibility of creating scripts to perform common configuration changes The CLI can use a remote connection via Telnet or a physical connection from your PC to the serial port RS232 port on the Wireless Access Point Using the CLI Telnet l Start your Telnet client and establish a connection to the Access Point e g Telnet 192 168 0 228 You will be
113. ware If enabled this AP will check to see if a Firmware FW upgrade upgrade is available on the specified FTP Server If enabled e Enter the desired time interval in days between checks e Select the desired option for installation see next item e Provide the FTP server information Install Select the desired option e Install FW if different version found If selected then if the firmware file at the specified loca tion is different to the current installed version the FW will be installed This allows Downgrades installing an older version of the FW to replace the current version e Install later version only If selected then the firmware file at the specified location will only be installed if it is a later version FTP Server address Enter the address domain name or IP address of the FTP Server Firmware pathname Enter the full path including the FW filename to the the FW file on the FTP Server FTP Login Name Enter the login name required to gain access to the FTP Server FTP Password Enter the password for the login name above 78 Other Settings amp Features This screen allows you to Backup download the configuration file and to restore upload a previously saved configuration file You can also set the Wireless Access Point back to its factory default settings To reach this screen select Config File in the Management section of the menu EELT Save a
Download Pdf Manuals
Related Search