VX-AP310N User Manual
Contents
1. Figure 47 Authentication Tab Encryption Settings The Encryption settings must match the APs Access Points on the Wireless network you wish to join Windows XP will detect any available Wireless networks and allow you to configure each network independently 53 Wireless Access Point User Guide e Your network administrator can advise you of the correct settings for each network 802 1x networks typically use EAP TLS This is a dynamic key system so there is no need to enter key values Enabling Encryption To enable encryption for a wireless network follow this procedure 1 Click on the Wireless Networks tab 4 Wireless Network Connection Properties AR FE A ETE General Wireless Networks Authentication Advanced Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure i missle a i ttest i a Prefered networks Automatically connect to available networks in the order listed below 9 umd Move up misslair misslair Learn about setting up wireless network configuration Figure 48 Wireless Networks Screen Select the wireless network from the Available Networks list and click Configure 3 Select and enter the correct values as advised by your Network Administrator For example to use EAP TLS you would enable Data encryption and click the checkbox for the setting The key2. Max Bandwidth for this VAP Us Ds 64Kbps 0 2048 Max Bandwidth for the STA on this 0 0 64Kbps 0 1024 VAP Us Ds Security Security System WPA PSK and WPA2 PSK bd Network Key Encryption TKIP v Back Save Cancel Figure 16 WPA PSK and WPA2 PSK Wireless Security Screen Data WPA PSK and WPA2 PSK Screen WPA PSK and WPA2 PSK Network Key Enter the key value Data is encrypted using this key Other Wireless Stations must use the same key WPA Encryption The encryption method is TKIP for WPA PSK and AES for WPA2 PSK Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 25 Wireless Access Point User Guide Security Settings WPA with Radius This version of WPA requires a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using the WPA standard Wireless Access Point es e e ee eee ES Basic Settings VAP vaP Name VAPNameD radius SSID Wireless access Control Di Advanced Settings Broadcast SSID Enable O Disable
3. Wireless Access Point User Guide Virtual AP Screen This screen is displayed when you select a VAP on the Virtual AP Settings screen and click the Configure button Wireless Access Point E ee L oreore Pameran eS l easic Settings VAP ap Name VAP Name 0 Ejradius SSID Wireless access Control Ba ano as Broadcast SSID Enable Disable Isolation within Disable VAP EJneip dwidth for z Max Bandwidth for y sap 0 2040 Max Bandwidth for the STA on this 64Kbps 0 1024 VAP Us Ds Security Security System None g Back Save Cancel Figure 11 Virtual AP Screen VAP Data Enter the desired settings for each of the following VAP Name Enter a suitable name for this VAP SSID Enter the desired SSID Each VAP must have a unique SSID Broadcast SSID If Disabled no SSID is broadcast If enabled the SSID will then be broadcast to all Wireless Stations Stations which have no SSID or a null value can then adopt the correct SSID for connections to this Access Point Isolation within If enabled then each Wireless station using the Access Point is VAP invisible to other Wireless stations In most business stations this setting should be Disabled Security Settings Select the desired option and then enter the settings for the selected method The available options are e None No security is used Anyone using the correct SSID can connect to your network Access
4. The port used by your Radius Server must be entered in the field Enter the key value to match the Radius Server The Secondary Accounting Server will be used when the Primary Accounting Server is not available 31 Wireless Access Point User Guide Access Control This feature can be used to block access to your LAN by unknown or untrusted wireless stations Click Access Control on the Wireless menu to view a screen like the following Wireless Access Point COo e e Lee Lee peee E Basic Settings g Vitrual APs Radius Enable Access Control Local Data Base v O Access Control VAP and Station VAP Name O Wireless v D Advanced Settings Control Type Open Elneip Allow Following Mac Addresses to Connect to Wireless network Deny Following Mac Addresses to Connect to Wireless network Wireless Stations MAC Address BandWidth List MAC Address Available Wireless Stations Station ID MAC Address Add New Station amp MAC Address Figure 22 Access Control Screen Data Access Control Screen Access Control Select the desired option as required e Disabled The Access Control feature is disabled e Local Select Allow only following MAC addresses or Deny following MAC addresses e Radius The Access Point will use the MAC address table located on the external Radius server on the LAN for Access Control Warning Ensure your own PC is in the Trusted Wireless Stations li
5. 5 Click on the Start Programs Administrative Tools DHCP Right click on the server entry as shown and select New Scope Action view Tree a genre a D Display Statistics Configure the DHCP Server fore a DHCP server can issue IP dresses you must create a scope and orize the DHCP server New Multicast Scope Reconcile All Scopes Authorize cope is a range of IP addresses that is Define User Classes signed to computers requesting a Define vendor Classes namic IP address Authorization is a Set Predefined Options curity precaution that ensures that only thorized DHCP servers run on your All Tasks Pe work View gt o add a new scope on the Action menu Delete k New Scope Refresh ma o authorize this DHCP server on the tion menu click Authorize Help Create anew scope Figure 28 DHCP Screen Click Next when the New Scope Wizard Begins Enter the name and description for the scope click Next Define the IP address range Change the subnet mask if necessary Click Next 42 PC and Server Configuration New Scope Wizard N xj IP Address Range You define the scope address range by identifying a set of consecutive IP addresses Enter the range of addresses that the scope distributes Start IP address 192 168 0 100 End IP address 192 168 0 200 A subnet mask defines how many bits of an IP
6. IP Settings DHCP Client Fixed IP Address DHCP Server Wins Server Name IP Ad dress TimeZone TimeZone Enter a suitable name for this Access Point If desired you can enter a description for the Access Point The country or domain which is matching your current location The MAC address is displayed Select this option if you have a DHCP Server on your LAN and you wish the Access Point to obtain an IP address automatically If selected the following data must be entered e IP Address The IP Address of this device Enter an unused IP address from the address range on your LAN e Subnet Mask The Network Mask associated with the IP Address above Enter the value used by other devices on your LAN e Gateway The IP Address of your Gateway or Router Enter the value used by other devices on your LAN e DNS Enter the DNS Domain Name Server used by PCs on your LAN e If Enabled the Access Point will allocate IP Addresses to PCs DHCP clients on your LAN when they start up The default and recommended value is Enabled e The Start IP Address and Finish IP Address fields set the values used by the DHCP server when allocating IP Addresses to DHCP clients This range also determines the number of DHCP clients supported Enter the server name or IP address of the Wins Server Choose the Time Zone for your location from the drop down list If your location is currently using Daylight Saving enable the
7. User name and password on the Windows 2000 server Client Certificate Setup 1 Connect to a network which doesn t require port authentication 2 Start your Web Browser In the Address box enter the IP address of the Windows 2000 Server followed by certsrv e g http 192 168 0 2 certsrv 3 You will be prompted for a user name and password Enter the User name and Password assigned to you by your network administrator and click OK Connect to 192 168 0 2 a Connecting to 192 168 0 2 User name E Password C Remember my password Figure 41 Connect Screen 4 On the first screen below select Request a certificate click Next 50 PC and Server Configuration Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help Q ex gt a po Search Pg Favortes meda Address amp http 192 168 0 2 certsry Microsoft Certificate Se Welcome You use this web site to request a certificate for your web browser e mail client or other secure program Once you acquire a certificate you will be able to securely identify yourself to other people over the web sign your e mail messages encrypt your e mail messages and more depending upon the type of certificate you request Select a task ORetrieve the CA certificate or certificate revocation list Request a certificate OCheck on a pending certificate Figure 42 Wireless CA Screen
8. eA Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication actoss diverse interconnected networks C Show icon in notification area when connected Figure 70 Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol TCP IP Properties General Altemate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Figure 71 TCP IP Properties Windows XP 86 Appendix C Windows TCP IP 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting To work correctly you need a DHCP server on your LAN Using a fixed IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 87 Wireless Acce
9. Adjust for Daylight Saving Time checkbox You must UNCHECK this checkbox when Daylight Saving Time finishes Wireless Access Point User Guide NTP Server Enter the server name or IP address of the NTP Name IP Ad dress 12 Access Point Setup System Advanced Settings Screen Click Advanced Settings on the System menu to view a screen like the following Figure 8 System Advanced Settings Screen Data System Advanced Settings Screen VLAN Enable 802 1Q This option is only useful if the hubs switches on your LAN support the VLAN VLAN standard Native VLAN Enter the desired value for the Native VLAN Default value is 1 AP Management Define the VLAN ID used for management VLAN VLAN List Define the unique ID value 1 4094 for each VAP Network Integrality Check Enable Network If enabled the AP will disable the wireless connection if the wired Integrality Check connect of AP is invalid Enable Bonjour If checked the Bonjour will enable applications to discover the devices and the services on IP networks Now this AP only publish http and https service Enable Bonjour LLTD Enable Link Enable this if you want to use Link Layer Topology Discovery protocol Layer Topology LLTD feature Discovery STP Enable Spanning Enable this if you want to use this feature tree Protocol 802 1x Supplicant Enable 802 1x Supplicant Enable this if your network requires this AP to use 802 X auth
10. Check the following The SSID and WEP settings on the PC match the settings on the Wire less Access Point On the PC the wireless mode is set to Infrastructure If using the Access Control feature the PC s name and address is in the Trusted Stations list If using 802 1x mode ensure the PC s 802 1x software is configured correctly See Chapter 4 for details of setup for the Windows XP 802 1x client If using a different client refer to the vendor s documentation 79 Appendix C Windows TCP IP Overview Normally no changes need to be made e By default the Wireless Access Point will act as a DHCP client automatically obtaining a suitable IP Address and related information from your DHCP Server e If using Fixed specified IP addresses on your LAN instead of a DHCP Server there is no need to change the TCP IP of each PC Just configure the Wireless Access Point to match your existing LAN The following sections provide details about checking the TCP IP settings for various types of Windows should that be necessary Checking TCP IP Settings Windows 9x ME 1 Select Control Panel Network You should see a screen like the following Network 1 1x Configuration Identification Access Control The following network components are installed Py NetBEUI gt PCI Fast Ethernet Adapter X NetBEUI gt Dial Up Adapter A NetBEUI gt Dial Up Adapter 2 VPN Support Y TCP IP gt PCI Fast Ethe
11. Point Setup WEP The 802 11b standard Data is encrypted before transmission but the encryption system is not very strong WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and changes fre quently WPA2 PSK This is a further development of WPA PSK and offers even greater securi ty using the AES Advanced Encryption Standard method of encryption WPA PSK and WPA2 PSK This method sometimes called Mixed Mode allows clients to use EITHER WPA PSK with TKIP OR WPA2 PSK with AES WPA with Radius This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA standard If this option is selected e This Access Point must have a client login on the Radius Server e Each user must have a user login on the Radius Server e Fach user s wireless client must support 802 1x and provide the login data when re quired e All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required WPA2 with Radius This version of WPA2 requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA2
12. address to use for the network subnet IDs and how many bits to use for the host ID You can specify the subnet mask by length or as an IP address Length 24 Subnet mask 255 255 255 q lt Back Cancel Figure 29 IP Address Screen 6 Add exclusions in the address fields if required If no exclusions are required leave it blank Click Next Change the Lease Duration time if preferred Click Next Select Yes I want to configure these options now and click Next 9 Enter the router address for the current subnet The router address may be left blank if there is no router Click Next 10 For the Parent domain enter the domain you specified for the domain controller setup and enter the server s address for the IP address Click Next New Scope Wizard E x Domain Name and DNS Servers The Domain Name System DNS maps and translates domain names used by clients on your network You can specify the parent domain you want the client computers on your network to use for DNS name resolution Parent domain Wireless yourdomain tld To configure scope clients to use DNS servers on your network enter the IP addresses for those servers Server name IP address Add jesolye 192 168 0 250 Remove Up Down ctl lt Back Cancel Figure 30 DNS Screen 11 Ifyou don t want a WINS server just click Next 12 Select Yes I want to activate this scope now Click Next th
13. as Trusted Other Wireless This list any Wireless Stations detected by the Access Point which Stations you have not designated as Trusted Name The name assigned to the Trusted Wireless Station Use this when adding or editing a Trusted Station Address The MAC physical address of the Trusted Wireless Station Use this when adding or editing a Trusted Station 33 Wireless Access Point User Guide Buttons lt lt Add a Trusted Wireless Station to the list move from the Other Stations list e Select an entry or entries in the Other Stations list and click the lt lt button e Enter the Address MAC or physical address of the wireless station and click the Add button gt gt Delete a Trusted Wireless Station from the list move to the Other Stations list e Select an entry or entries in the Trusted Stations list e Click the gt gt button Select All Select all of the Stations listed in the Other Stations list Select None De select any Stations currently selected in the Other Stations list Edit To change an existing entry in the Trusted Stations list select it and click this button 1 Select the Station in the Trusted Station list 2 Click the Edit button The address will be copied to the Address field and the Add button will change to Update 3 Edit the address MAC or physical address as required 4 Cl
14. base or rear and is in the following format SCXXXXXX Where xxxxxx is a set of 6 Hex characters 0 9 and A F Use a PC which is already connected to your LAN either by a wired connection or anoth er Access Point e Until the Wireless Access Point is configured establishing a Wireless connection to it may be not possible e Ifyour LAN contains a Router or Routers ensure the PC used for configuration is on the same LAN segment as the Wireless Access Point Start your Web browser In the Address box enter HTTP and the IP Address of the 11N Wireless Access Point as in this example which uses the Wireless Access Point s default IP Address HTTP 192 168 0 228 You should then see a login prompt which will ask for a User Name and Password Enter admin for the User Name and password for the Password These are the default values The password can and should be changed Always enter the current user name and password as set on the Admin Login screen Username Password Log in Figure 6 Password Dialog You will then see the Status screen which displays the current settings and status No data input is possible on this screen See Chapter 5 for details of the Status screen Wireless Access Point User Guide 7 From the menu check the following screens and configure as necessary for your envi ronment Details of these screens and settings are described in the following sections of this chapter e Sys
15. category 5 LAN cable to the Ethernet port on the Wire less Access Point Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter 48V DC Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch Connect the power supply to the PoE adapter and power up Check the LEDs on the Wireless Access Point to see it is drawing power via the Ethernet connection PoE Adapter Ethernet To Hub Powered Unpowered Access Point Figure 5 Using PoE Power over Ethernet Chapter 3 Access Point Setup This Chapter provides details of the Setup process for Basic Operation of your Wireless Access Point Overview This chapter describes the setup procedure to make the Wireless Access Point a valid device on your LAN and to function as an Access Point for your Wireless Stations Wireless Stations may also require configuration For details see Chapter 4 PC and Server Configuration The Wireless Access Point can be configured using your Web Browser Access Point Setup Setup using a Web Browser Your Browser must support JavaScript The configuration program has been tested on the following browsers Netscape V4 08 or later Internet Explorer V4 or later Setup Procedure Before commencing install the Wireless Access Point in your LAN as described previously 1 6 Check the Wireless Access Point to determine its Default Name This is shown on a label on the
16. disabled this will always be zero 61 Wireless Access Point User Guide Activity Log This screen is displayed when the Log button on the Status screen is clicked Data Activity Log Data Current Time Currenttime 2008 01 01 00 07 39 Jan 1 00 00 29 kernel wireless 0 00 C0 02 FF C3 B9 Open Authentication Jan 1 00 00 29 kernel wireless 0 00 C0 02 FF C3 B9 Associated Jan 1 00 03 31 kernel wireless 0 00 C0 02 FF C3 B9 Open Authentication Jan 1 00 03 31 kernel wireless 0 00 C0 02 FF C3 B9 Associated Figure 54 Activity Log Screen The system date and time is displayed Log Buttons Refresh The Log shows details of the connections to the Wireless Access Point Update the data on screen Save to File Save the log to a file on your pc Clear Log This will delete all data currently in the Log This will make it easier to read new messages 62 Station List Operation and Status This screen is displayed when the Stations button on the Status screen is clicked Data Station MAC Address Mode SSID Figure 55 Station List Screen List Screen Station List MAC Address The MAC physical address of each Wireless Station is displayed Mode The mode of each Wireless Station SSID This displays the SSID used the Wireless station Because the Wire less Access Point supports multiple SSIDs different PCs could connect using differen
17. is derived from the PSK and changes frequently WPA2 PSK This is a further development of WPA PSK and offers even greater security using the AES Advanced Encryption Standard method of encryption WPA Enterprise This version of WPA requires a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using the WPA standard 91 Wireless Access Point User Guide If this option is used e The Access Point must have a client login on the Radius Server e Each user must have a user login on the Radius Server e Fach user s wireless client must support 802 1x and provide the login data when required All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required 802 1x This uses the 802 1x standard for client authentication and WEP for data encryption If possi ble you should use WPA Enterprise instead because WPA encryption is much stronger than WEP encryption If this option is used e The Access Point must have a client login on the Radius Server e Each user must have a user login on the Radius Server e Fach user s wireless client must support 802 1x and provide the login data when required e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 92 Appendix E Command Line Interfa
18. modifying the configuration data and settings Advanced Features Command Line Interface If desired the command line interface CLI can be used for configuration This provides the possibility of creating scripts to perform common config uration changes Auto Configuration The Wireless Access Point can perform self configuration by copying the configuration data from another Access Point This feature is enabled by de fault Auto Update The Wireless Access Point can automatically update its firmware by downloading and installing new firmware from your FTP server Radius Accounting Support If you have a Radius Server you can use it to provide accounting data on Wireless clients Introduction e Syslog Support If you have a Syslog Server the Wireless Access Point can send its log data to your Syslog Server e SNMP Support SNMP Simple Network Management Protocol is supported allowing you to use a SNMP program to manage the Wireless Access Point Package Contents The following items should be included e Wireless Access Point e 2Pcs Antenna If any of the above items are damaged or missing please contact your dealer immediately Wireless Access Point User Guide Physical Details Front Panel LEDs O O O O Status Power WLAN ETHERNET Power WLAN Status Ethernet Figure 2 Front Panel On Normal operation Off No power On Idle Off Wireless connection is not available Flashin
19. password is password Input the new password Avoid the error Re enter the new password If enabled the device will allow wireless client access the Device Web by wireless If disabled the device will only allow Ethernet client access the Device Web If enabled The device will allow user via it by HTTP method If disabled The device will refuse user via it by HTTP method Input the desired HTTP port The default port is 80 67 Wireless Access Point User Guide Enable HTTPS secure HTTP Ad min connections HTTPS Port Number Enable Management via SSH Control Turn IP Management Control On Allow Following IP Addresses to Manage the Device Deny Following IP Addresses to Manage the Device PCs List If enabled The device will allow user via it by HTTPS method If disabled The device will refuse user via it by HTTPS method Input the desired HTTPS port The default port is 443 If enabled The device will allow via it by SSH method If enabled the device will limit user access it Not all of user can manger it so improve safety If enabled The device only allow the follows PCs access it The PC not in the list will not access it If enabled The device will refuse the follows PCs access it The PC not in the list will allow access it You can define the desired network subnet You need input the subnet and subnet mask For example 192 168 0 0 255 255 255 0 It include 8 group sub
20. sesessossesoossesoosoesessossesoossesoossesossossossossesoossesossssse 50 Using 802 1x Mode without WPA ccscssscsssccsscessceccsescssscscscscssscssssssesssesssersoessoes 56 CHAPTER 5 OPERATION AND STATUS sccscssssssssssecssscescscsecsscssessecsessessscsesssessessesees 57 OPCLatiON visecsisccscsseescccccceceascvectnessceesanscceceuesecccesasevectvosasdecsssscescecdusssccesddeaicccsssassesseanseccaces 57 Stats SCROOD soci ccssecesoucccscsasctaccssnecsssesctsacarapcouceasesdscsetpsancasauceatcadecotenseussesseaeasecanedseatentecssese 57 CHAPTER 6 ACCESS POINT MANAGEMENT ccccscssssssssccessscssessecsescesssccessscssesseeses 64 OV EL VIEW O E EE E E TEE ONEA 64 AP Type Sereen csivesscccscccssesciectoeseocesanscoesevesecoccssscsoctvosnscecsenesenseedssscsceesdeassecsssadsesdensvadsees 64 Manageme Nt sic cccsscesscsasessscasecsosnscsosecnsdssaronssvssscassesscansseasesceaascesscosssecesbadsbiectoosassebssansencvess 66 AUtO CONG ccccccicssicssccistecssccssnstestscscsstessadiessetesswasvedeses ossbuasenssivestecesbycowaesbucdesessseesesastcietess 69 Config Pile si cescssscsssscscoscescesesesdcecssecscevssecccesssescsedeenscseasensesedscndcessosnscdesuaeiutecosesssssoabsvesseseense 70 Pina TOS ccc csussaiscsssiecsccsdcastecssveceecscccassascbosseascceccnasecoussseuseucscuxsovcecoaceecsessdeesscncseascesssesseusdees 72 Auto REDOOt cio cci3cccecescceccaecbcidaantbcesabschccacapteceaceccecabadstacaasizcnabaccasddeadecones sugntbeedesacsusa
21. the Administration section of the menu Wireless Access Point OOO e er L reer rees ponmeren E OLG Type Management Bato Config Click following button to back up a copy of the current settings into a file O Config File pring Test g Auto Reboot Restore a previously saved config file to current system Firmware Upgrade i Ejneip Click following button to restore settings to factory default Restore to Defaults Figure 59 Config File Screen Data Config File Screen Backup Save a copy of cur rent settings to a file Once you have the Access Point working properly you should back up the settings to a file on your computer You can later restore the Access Point s settings from this file if necessary To create a backup file of the current settings e Click Backup e Ifyou don t have your browser set up to save downloaded files automatically locate where you want to save the file rename it if you like and click Save Restore Restore saved settings from a file To restore settings from a backup file 1 Click Browse 2 Locate and select the previously saved backup file 3 Click Restore 70 Defaults Revert to factory default settings Access Point Management To erase the current settings and restore the original factory default settings click Set to Defaults button Note e This will terminate the current connection The Access Point will be unavailabl
22. 11b connections are allowed 802 11g wireless stations will only be able to connect if they are fully backward compatible with the 802 11b standard e 802 11g only 802 11g connections are allowed If you only have 802 11g selecting this option may provide a performance im provement over using the default setting e 802 11n only 802 11n connections are allowed If you only have 802 11n selecting this option may provide a performance im provement over using the default setting e 802 11b and 802 11 this will allow connections by both 802 11b and 802 11g wireless stations e 802 11n and 802 11g this will allow connections by both 802 11n and 802 11g wireless stations e Mixed 802 11n 802 11g 802 11b this is the default and will allow connections by 802 1 1n 802 11b and 802 11g wireless sta tions Auto Channel Scan If Enable is selected the Access Point will select the best available Channel Channel If you experience interference shown by lost connections and or slow Frequency data transfers you may need to experiment with manually setting different channels to see which is the best Channel Band Select the desired bandwidth from the list width Extension Select Above or Below Primary Channel from the list Sub Channel 15 Wireless Access Point User Guide Operation Mode Select the desired mode e Access Point operate as a normal Access Point e Bridge Point to Point B
23. 5 Select User certificate request and select User Certificate the click Next Microsoft Certificate Services Microsoft Internet Explorer BAR Fie Edit View Favorites Tools Help ae Q ex x Bl pe Search Sie Favorites Media i Address amp http 192 168 0 2 certsrv certrqus asp Microsoft Certificate Services Choose Request Type Please select the type of request you would like to make User certificate request Advanced request Internet Figure 43 Request Type Screen 6 Click Submit 51 Wireless Access Point User Guide A Microsoft Certificate Services Microsoft Internet Explorer DDAR Fie Edit View Favorites Tools Help Microsoft Certificat User Certificate Identifying Information All the necessary identifying information has already been collected You may now submit your request Internet Figure 44 Identifying Information Screen A message will be displayed then the certificate will be returned to you Click Install this certificate T F Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help Q ex z x El P C Search J Favorites s Address http 192 168 0 2 certsrv certfnsh asp Microsoft Certificate Certificate Issued The certificate you requested was issued to you J Install this certificate Internet Figure 45 Certificate Issued Screen 8 You will receive a con
24. Broadcast SSID Enable Disable ejadvancea Settings Isolation within VAP Disable v Wuelp Max Bandwidth for 7 z this VAP Us Ds 64Kbps 0 2048 Max Bandwidth for the STA on this 0 64Kbps 0 1024 VAP Us Ds Security Security System WPA PSK v Network Key Encryption TKIP Back Save Cancel Figure 14 WPA PSK Wireless Security Screen Data WPA PSK Screen WPA PSK Network Key Enter the key value Data is encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key WPA Encryption The encryption method is TKIP Wireless Stations must also use TKIP Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 23 Wireless Access Point User Guide Security Settings WPA2 PSK This is a further development of WPA PSK and offers even greater security using the AES Advanced Encryption Standard method of encryption Wireless Access Point es ee e fee EEE D easic Settings VAP vap name VAP NameD radius SSID Wireless access Control Di Jaavancea Settings Bro
25. D Wireless access Control Di Advanced Settings Broadcast SSID Enable O Disable Isolation within Disable VAP Enep Max Bandwidth for p si this VAP Us Ds FE 64Kbps 0 2048 Max Bandwidth for the STA on this rA 64Kbps 0 1024 VAP Us Ds Security Security System 802 1x bd Dynamic WEP Key Size me z Back Save Cancel Figure 20 802 1x Wireless Security Screen Data 802 1x Screen 802 1x WEP Key Size Select the desired option e 64Bit Keys are 10 Hex 5 ASCII characters e 128 Bit Keys are 26 Hex 13 ASCII characters e 152 Bit Keys are 32 Hex 16 ASCII characters 29 Wireless Access Point User Guide Dynamic WEP Key Key Exchange Static WEP Key EAP MD5 WEP Key WEP Key Index Click this if you want the WEP keys to be automatically gener ated e The key exchange will be negotiated The most widely supported protocol is EAP TLS e The following Key Exchange setting determines how often the keys are changed e Both Dynamic and Static keys can be used simultaneously allowing clients using either method to use the Access Point This setting if only available if using Dynamic WEP Keys If you want the Dynamic WEP keys to be updated regularly enable this and enter the desired lifetime in minutes Enable this if some wireless clients use a fixed static WEP key using EAP MDS Note that both Dynamic and Static keys can be use
26. Error Packets Received N A N A Drop Received Packets N A N A Packets Received N A Packets Sent Bytes Received Bytes Sent Error Packets Received Drop Received Packets Packets Received Packets Sent Bytes Received Bytes Sent Error Packets Received Drop Received Packets Figure 52 Statistics Screen 59 Wireless Access Point User Guide Data Statistics Screen System Up Time Up Time This indicates how long the system has been running since the last restart or reboot VAP Authentication The number of Authentication packets received Authentication is the process of identification between the AP and the client Deauthentication The number of Deauthentication packets received Deauthentication is the process of ending an existing authentication relationship Association The number of Association packets received Association creates a connection between the AP and the client Usually clients associ ate with only one 1 AP at any time Disassociation The number of Disassociation packets received Disassociation breaks the existing connection between the AP and the client Reassociation The number of Reassociation packets received Reassociation is the service that enables an established association between AP and client to be transferred from one AP to another or the same AP Wireless Data Number of val
27. Isolation within Disable VAP Enep Max Bandwidth for 7 F this VAP Us Ds if 64Kbps 0 2048 Max Bandwidth for the STA on this 0 f 64Kbps 0 1024 VAP Us Ds Security Security System WPA RADIUS id WPA Encryption TKIP v Back Jf Save Cancel Figure 17 WPA with Radius Wireless Security Screen Data WPA with Radius Screen WPA with Radius WPA Encryption The encryption method is TKIP Wireless Stations must also use TKIP Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 26 Access Point Setup Security Settings WPA2 with Radius This version of WPA2 requires a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using the WPA2 standard Wireless Access Point sees Toren veto vires peera ESSE Basic Settings O Vitrual APs VAP vAP Name VAP Name 0 radius Wireess s CS access Control Di EJadvancea Settings Broadcast SSID Enable O Disable Isolation within Disable X VAP Ejneip Max Bandwidth for this VAP U
28. Mbps DQPSK 2 Mbps DBPSK 1 Mbps Operating Frequencies 2 412 2 497 GHz LAN port Operating Channels 802 11g 11 for North America 13 for Europe ETSI 14 for Japan 802 11b 11 for North America 14 for Japan 13 for Europe ETSI TEEE802 11n draft 2 0 compliant lln Rx Sensitivity 11 n 300Mbps 69dBm 11 g 54Mbps 73dBm 1 1 b 11Mbps 88dBm Antennae 2 x 2dbi detachable antenna Operating temperature 0 C to 40 C Storage temperature 20 C to 70 C Power Adapter 12VDC 1A External Dimensions 235mm W 145mm D 40mm H 75 Wireless Access Point User Guide Software Specifications Feature Details Wireless Access point support Roaming supported IEEE 802 11n 11g 11b compliance Auto Sensing Open System Share Key authentication Wireless Channels Support Automatic Wireless Channel Selection Country Selection Preamble Type long or short support RTS Threshold Adjustment Fragmentation Threshold Adjustment Beacon Interval Adjustment 8x Multi BSSID assignment 802 111 pre authentication Short Slot time support IEEE 802 1 1d CTS only amp CTS RTS protect mechanism support WMM support WPS support Wireless isolations Operation Mode Common AP PTMP PTP Thin AP mode Wireless Router mode Rogue AP Detection Security Open shared WPA WPA PSK and WPA2 PSK authentication 64bit 128bit WEP TKIP AES CCMP support 802 1x supp
29. This indicates whether the current IP address was obtained from a DHCP Server on your network It will display Enabled or Disabled DHCP Server Enabled or Disabled is displayed for the DHCP server status Ethernet Status The current Ethernet status is displayed Wireless Channel Frequency The Channel currently in use is displayed Wireless Mode The current mode e g 802 11g is displayed AP Mode The current Access Point mode is displayed Buttons Virtual AP Status Click this to open a sub window displaying Virtual AP Status about the information of Name SSID Broadcast SSID Security Status and Clients Statistics Click this to open a sub window where you can view Statistics on data transmitted or received by the Access Point Log Click this to open a sub window where you can view the activity log Stations Click this to open a sub window where you can view the list of all current Wireless Stations using the Access Point 58 Statistics Screen This screen is displayed when the Statistics button on the Status screen is clicked It shows details of the traffic flowing through the Wireless Access Point Operation and Status Name VAPO VAP1 Packets Received 0 N A Packets Sent 0 N A Bytes Received 0 N A Bytes Sent 0 N A Error Packets Received 0 N A Drop Received Packets 0 N A Name VAP2 VAP3 Packets Received N A N A Packets Sent N A N A Bytes Received N A N A Bytes Sent N A N A
30. Us Ds Security Security System WPA RADIUS and WPA2 RADIUS WPA Encryption TKIP ia Back Save Cancel Figure 19 WPA and WPA2 with Radius Wireless Security Screen Data WPA and WPA2 with Radius Screen WPA and WPA2 with Radius WPA Encryption The encryption method is TKIP for WPA and AES for WPA2 Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 28 Access Point Setup Security Settings 802 1x This uses the 802 1x standard for client authentication and WEP for data encryption If this option is selected e This Access Point must have a client login on the Radius Server e Fach user must have a user login on the Radius Server Normally a Certificate is used to authenticate each user See Chapter4 for details of user configuration e Each user s wireless client must support 802 1x e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated Wireless Access Point Es Basic Settings py eres AP VAP yap Name VAP Name 0 radius SSI
31. VX AP310N Wireless Access Point User s Guide V1 01 TABLE OF CONTENTS CHAPTER 1 INTRODUCTION arcaici iani i 1 Features of your Wireless Access Point eeseesossesoosoesossossesoossesoossesoosoesossossesoossssoessssose 1 Package Contents isccc ccccccsccccvccssaecsesscssscoecncsccectocssseecssnasevceconsesssessdesssesosesseescsecseessescsnecteeses 3 Physical Details wicscieccccscescciccsssasataccascqnsesoceudssascascvascacetecosscccoasecssoscestsscasssnsvadsoadcessceasausscesees 4 CHAPTER 2 INSTALLATION csccssssssssssssesscsscsescessecssseesesssseesesssseesessssersessssersesssseeseseeses 6 REQUIPEMEMS sci cscdescesesccesssnicccoccesssssosdcussciseusceussesesesdcessssssansseesacescsetscascseceendcasssancusscesteseess 6 PROCOAUIE sccsccccecccissetseasdcecdeccncecsssecsecdeesdenssanetsecdeccevacesaedsqacecdcboncdevdsesdacdcdsessendsandecscdesweeadseaes 6 CHAPTER 3 ACCESS POINT SETUP u scssccsssssscsssscesseesecnsseesesessessesssseesesssseesesneseeseseeses 8 OVER VICW E IE ET EE TAE E EEE TEE tacit sessdstucesadecssncscdesteducasesasedtes 8 Setup using a Web Browse e sossesoossesossoesossoesesoossesoosossossossesoossesoosoesossossessossesoossssosssssoss 9 System Basic Settings Screen sessessescsssesessossesoossesossoesossossesoossesoossesossossessossesoossssossssse 11 System Advanced Settings Screen e ssesessossesoossesocssesossossesoossesoossesossossessossssoossesossssse 13 Wireless ScreetS
32. able with RJ 45 connectors e Installed Wireless network adapter for each PC that will be wirelessly connected to the network Procedure 1 Select a suitable location for the installation of your Wireless Access Point To maximize reliability and performance follow these guidelines e Use an elevated location such as wall mounted or on the top of a cubicle e Place the Wireless Access Point near the center of your wireless coverage area e If possible ensure there are no thick walls or metal shielding between the Wireless Access Point and Wireless stations Under ideal conditions the Wireless Access Point has a range of around 150 meters 450 feet The range is reduced and transmission speed is lower if there are any obstructions between Wireless devices Figure 4 Installation Diagram Installation Use a standard LAN cable to connect the LAN port on the Wireless Access Point to a 10 100 1000BaseT hub switch on your LAN Connect the supplied power adapter to the Wireless Access Point and a convenient power outlet and power up Check the LEDs e The Status LED should flash then turn OFF e The Power Ethernet and WLAN LEDs should be ON For more information refer to Front Panel LEDs in Chapter 1 Using PoE Power over Ethernet The Wireless Access Point supports PoE Power over Ethernet To use PoE l 2 Do not connect the supplied power adapter to the Wireless Access Point Connect one end of a standard
33. adcast SSID Enable Disable Isolation within Disable VAP Enep Max Bandwidth for g this VAP Us Ds A SaKhpe 02048 Max Bandwidth for the STA on this je 64Kbps 0 1024 VAP Us Ds Security Security System WPA2 PSK X Network Key Encryption AES l Back f Save Cancel Figure 15 WPA2 PSK Wireless Security Screen Data WPA2 PSK Screen WPA2 PSK Network Key Enter the key value Data is encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key WPA Encryption The encryption method is AES Wireless Stations must also use AES Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 24 Access Point Setup Security Settings WPA PSK and WPA2 PSK This method sometimes called Mixed Mode allows clients to use EITHER WPA PSK with TKIP OR WPA2 PSK with AES Wireless Access Point SSS Basic Settings VAP vap Name VAP Name0 radius SSID Wireless access Control Di Advanced Settings Broadcast SSID Enable Disable Isolation within Disable VAP Ejneip
34. add it to the Security Configuration Editor Astart 4 SG A cipboardoa 1r active directory Earoup Policy Aye eae 2 56 PM Figure 35 Group Policy Screen 8 When the Certificate Request Wizard appears click Next 9 Select Computer then click Next Automatic Certificate Request Setup Wizard xi Certificate Template Sy The next time a computer logs on a certificate based on the template you select is ey provided certificate template is a set of predefined properties for certificates issued to computers Select a template from the following list Certificate templates Name Intended Purposes Client Authentication Server Authenticatior Domain Controller Client Authentication Server Authenticatior Enrollment Agent Computer Certificate Request Agent IPSEC 1 3 6 1 5 5 8 2 2 Figure 36 Certificate Template Screen 10 Ensure that your certificate authority is checked then click Next 11 Review the policy change information and click Finish 12 Click Start Run type cmd and press enter Enter secedit refreshpolicy machine policy This command may take a few minutes to take effect 46 PC and Server Configuration Internet Authentication Service Radius Setup l 2 gt A ON AM 9 Select Start Programs Administrative Tools Internet Authentication Service Right click on Clients and select New Client A Internet Authentication Se
35. ame setting e 64 Bit Encryption Keys are 10 Hex 5 ASCII characters e 128 Bit Encryption Keys are 26 Hex 13 ASCII characters e 152 Bit Encryption Keys are 32 Hex 16 ASCII characters Normally you can leave this at Automatic so that Wireless Stations can use either method Open System or Shared Key If you wish to use a particular method select the appropriate value Open System or Shared Key All Wireless stations must then be set to use the same method Select Hex or ASCII depending on your input method All keys are converted to Hex ASCII input is only for convenience Enter the key values you wish to use The default key selected by the radio button is required The other keys are optional Other stations must have matching key values Use this to generate a key or keys instead of entering them directly Enter a word or group of printable characters in the Passphrase box and click the Generate Key button to automatically configure the WEP Key s 22 Access Point Setup Security Settings WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and changes frequently Wireless Access Point ees Basic Settings O Vitrual APs VAP VAP Name VAP Name 0 radius SSID Wireless access Control
36. ase e If your PC is set to Obtain an IP Address automatically DHCP client restart it e You can use the following method to determine the IP address of the Wireless Access Point and then try to connect using the IP address in stead of the name To Find the Access Point s IP Address 1 Open a MS DOS Prompt or Command Prompt Window 2 Use the Ping command to ping the Wireless Access Point Enter ping followed by the Default Name of the Wireless Access Point e g ping SC003318 3 Check the output of the ping command to determine the IP address of the Wireless Access Point as shown below 3 PDdosnt Microsoft Windows 2666 Version 5 00 2195 lt C Copyright 1985 2666 Microsoft Corp C gt ping sc883318 Pinging sc 3318 192 168 08 51 with 32 bytes of data Reply from 192 168 51 time lt i ms Reply from 192 168 51 time lt i ms Reply from 192 168 51 time lt i ms Reply from 192 168 90 51 time lt i ms Figure 63 Ping If your PC uses a Fixed Static IP address ensure that it is using an IP Address which is compatible with the Wireless Access Point If no DHCP Server is found the Wireless Access Point will default to an IP Address and Mask of 192 168 0 228 and 255 255 255 0 On Windows PCs you can use Control Panel Network to check the Properties for the TCP IP protocol 78 Appendix B Troubleshooting Problem2 My PC can t connect to the LAN via the Wireless Access Point Solution 2
37. ate get syslog get syslogport get syslogserver get syslogseverity Appendix E Command Line Interface Display PTP s Remote MAC Address Display PTMP s Remote MAC Address List Display RTS CTS Threshold Display Short Preamble Usage Display Wireless Security Mode Display SNMP Read Community Display SNMP Write Community Display SNMP Mode Display SNMP Manager Mode Display Rogue AP Definition Display SNMP v3 Private Key Display Syslog Severity Level N N N N Display SNMP Trap Mode NI N N N 95 Wireless Access Point User Guide Display Access Point System Name get telnet get time get timezone get uptime get username get vapname get version get vlan get vlanid get wirelessmode get wirelessseparate get wmm get wmmnoack set 1 lnampdu set 1 Inamsdu set 1 lnguardinterval set 1 Insubchannel set 1 lnradioband set 802 11d set acctserver set acctport set acctsecret set acl set active set aging set authentication set beaconinterval set channel set country set defaultkey set description set dhcp set dhcpserverendip set dhcpserverstartip 96 set dnsserver set dotlxdynkeyupdate set dot xdynkeylife set dotlxkeytype set fragthreshold set gateway set groupkeyupdate set groupkeyupdateinterval set http set httpport set https set httpsport set ipaddr set ipmask set isolation set key set keylength set Iltd set mdSsupplican
38. ce Overview If desired the Command Line Interface CLI can be used for configuration This creates the possibility of creating scripts to perform common configuration changes The CLI requires a Telnet connection to the Wireless Access Point Using the CLI Telnet 1 Start your Telnet client and establish a connection to the Access Point e g Telnet 192 168 0 228 2 You will be prompted for the user name and password Enter the same login name and password as used for the HTTP Web interface The default values are admin for the User Name and password for the Password U Once connected you can use any of the commands listed in the following Command Reference Command Reference The following commands are available get authentication Display Authentication Type of WEP get 802 11d Display 802 11d Mode 93 Wireless Access Point User Guide get Display 802 1x Dynamic Key Update Mode dot1xdynkeyupdate 94 get psk get radiusserver get radiusport get radiussecret get remoteptmp get remoteptp get roguedetect get rogueinteval get roguelegal get roguetrap get roguetype get rtsthreshold get security get shortpreamble get snmpreadcommunity get snmpwritecommunity get snmpmode get snmpmanagemode get snmptrapmode get snmptrapversion get snmpv3username get snmpv3authproto get snmpv3authkey get snmpv3privproto get snmpv3privkey get ssid get ssidbroadcast get stp get strictgtkupd
39. cess Point will use its Default Name as its Client Login name How ever your Radius server may ignore this and use the IP address instead e The Shared Key set on the Security Screen of the Access Point must match the Shared Secret value on the Radius Server e Encryption settings must be correct 39 Wireless Access Point User Guide 802 1x Server Setup Windows 2000 Server This section describes using Microsoft Internet Authentication Server as the Radius Server since it is the most common Radius Server available that supports the EAP TLS authentication method The following services on the Windows 2000 Domain Controller PDC are also required e dhcpd e dns e rras e webserver IIS e Radius Server Internet Authentication Service e Certificate Authority Windows 2000 Domain Controller Setup 1 Run dcpromo exe from the command prompt 2 Follow all of the default prompts ensure that DNS is installed and enabled during installa tion Services Installation Select the Control Panel Add Remove Programs 2 Click Add Remove Windows Components from the left side 3 Ensure that the following components are activated selected e Certificate Services After enabling this you will see a warning that the computer cannot be renamed and joined after installing certificate services Select Yes to select certificate services and continue e World Wide Web Server Select World Wide Web Server on the Internet In
40. crease throughput slightly No Acknowledgement Parameters Disassociated Timeout This determines how quickly a Wireless Station will be consid ered Disassociated with this AP when no traffic is received Enter the desired time period Fragmentation Length Enter the preferred setting between 256 and 2346 Normally this can be left at the default value Beacon Interval Enter the preferred setting between 20 and 1000 Normally this can be left at the default value 35 Wireless Access Point User Guide RTS CTS Threshold Preamble Type 802 11b Protection Mode Enter the preferred setting between 1 and 2347 Normally this can be left at the default value Select the desired option The default is Long The Short setting takes less time when used in a good environment The Protection system is intended to prevent older 802 11b devices from interfering with 802 1 1g transmissions Older 802 11b devices may not be able to detect that a 802 11g transmission is in progress Normally this should be left at Auto 36 Chapter 4 PC and Server Configuration This Chapter details the PC Configuration required for each PC on the local LAN Overview All Wireless Stations need to have settings which match the Wireless Access Point These settings depend on the mode in which the Access Point is being used e Ifusing WEP or WPA PSK it is only necessary to ensure that each Wireless stat
41. csecseese 73 Firmware Upgrade asic i c cesiessiosssescesesstesvesosadechssteseieseveseussadseusesecesecdeodsssiesssessscsstvessesecees 74 APPENDIX A SPECIFICATIONS csccsccssssssssssccsssessccsssesscsessessessssessccessessesessersesessersesess 75 Wireless Access Pointicsc c ccccccscsccssoscscasevacounssessccosessossseuscecceuasensoseseesascoussassvbssiseenssensenssess 75 APPENDIX B TROUBLESHOOTING ccscsscsscsssscsssscecssscescsccessscssessecsesssssccecssessessecees 78 VEL VIEW E E T TA TEE A ETE E EETA EET 78 General Problem s c cccosscosccoccsvsscovscessercsevacesccesssovsscenseesecsseessoesscesdeesevecseessscsssassbessesseece 78 APPENDIX C WINDOWS TCP IIP ccsccsssssscssscsessssscsessesscsessssssesseesesessecsssessersesessersesess 80 OV EL VIEW sho cesccadiniseitddecticudies dusts siooas esi feces Seutlacisetadecaensedpesceducscasusedelasesssuceandsddeatedecesesesncs 80 Checking TCP IP Settings Windows 9x ME essessesessossesoossesoossesossoesosoossesoossssossssse 80 Checking TCP IP Settings Windows NT4 0 ccssscscssssscscecscecscecsssscsescscsssssssseseees 82 Checking TCP IP Settings Windows 2000 scscscscssscscscesscecsceccssscsescscsesssssseseees 84 Checking TCP IP Settings Windows XP scsssssssssscscsssccsscecscecssssssescsccsscsssesseees 86 Wireless Access Point User Guide Checking TCP IP Settings Windows Vista cscccscssssscsccsscessceccsescsscscsssssssesse
42. d simultane ously allowing clients using either method to use the Access Point Enter the WEP key according to the WEP Key Size setting above Wireless stations must use the same key Select the desired index value Wireless stations must use the same key index 30 Access Point Setup Radius Server Settings Clicking the Radius Server Settings link on the Wireless menu will result in a screen like the following Wireless Access Point ae Basic Settings B vitruai APs Accounting Server access Control D Advancea Settings Enep Primary 1p Address jo fo fo fo Port Number 1812 Shared Secret Secondary jp address Port Number 1812 Shared Secret Save Cancel Figure 21 Advanced Settings Data Radius Server Settings Screen Authentication Server Primary Authentica tion Server Port Number Shared Secret Secondary Authentica tion Server Accounting Server Primary Accounting Server Port Number Shared Secret Secondary Accounting Server Enter the name or IP address of the Radius Server on your network Enter the port number used for connections to the Radius Server Enter the key value to match the Radius Server The Secondary Authentication Server will be used when the Primary Authentication Server is not available Enter the IP address in the following fields if you want this Access Point to send accounting data to the Radius Server
43. e until it has restarted e By default the Access Point will act as a DHCP client and automatically obtain an IP address You will need to deter mine its new IP address in order to re connect 71 Wireless Access Point User Guide Ping Test is one useful function for test the Ethernet integrality If the device can PING the IP address so the device will work normal If the device can t PING the IP address so the device will disable the wireless function To reach this screen select Ping Test in the Administration section of the menu Wireless Access Point xs Bye Type Management o Auto Config o Config File O Ping Test o Auto Reboot Ping Test Mode Disable v Ping IP Address 0 K g Firmware Upgrade Ea Help Save Cancel T Figure 60 SNMP Screen Data Ping Test Screen Ping Test Ping Test Mode Select enable or disable Ping IP Address If enable the function You must input one IP address and it is valid If the IP address is invalid that the device will disable wireless function 72 Access Point Management Wireless Access Point se ee Lee Lee rere E a type management Auto Reboot Mode Disable v Bjauto Config contig Fia Reboot Interval 24 Hours 1 1000 pring Test g Firmware Upgrade EjHeip l Save Cancel Figure 61 Auto Reboot Screen Data Auto Reboot Screen Auto Reboot Mode Select enable or disable Reb
44. ees 88 APPENDIX D ABOUT WIRELESS LANG cccscssssscssscesssssesssccsccscssessecsssecseccecsscssessecees 90 OVERVIEW AO EA E E E AEE S T A E O OE EAO E EE 90 Wireless LAN Terminology ssssessessesossoesessossesoosoesoosoesossossesoossesoessesossossessossesoossssossssse 90 APPENDIX E COMMAND LINE INTERFACE oessssosoesesesosossosossssesosocsoscssssesosocsosossesesosoee 93 OVERVIEW AEE T TE T A E OEE EAO E EE 93 Command Referente visi dscccisccecsssscsscessesiessececsesccssssessosessesenscdbesteceoaveowsccbecseccesssessedsecietess 93 Chapter 1 Introduction This Chapter provides an overview of the Wireless Access Point s features and capabilities Congratulations on the purchase of your new Wireless Access Point The Wireless Access Point links your Wireless Stations to your wired LAN The Wireless stations and devices on the wired LAN are then on the same network and can communicate with each other without regard for whether they are connected to the network via a Wireless or wired connection a B Wireless a Wireless H Access Point je pi i A i wf a r 1 A Wired Lan Figure 1 Wireless Access Point Features of your Wireless Access Point The Wireless Access Point incorporates many advanced features carefully designed to provide sophisticated functions while being easy to use e Standards Compliant The Wireless Access Point complies with the IEEE802 1 1g and ITEEE802 11n draft 2 0 specifications for Wirele
45. elect from a list of available APs 16 Access Point Setup Virtual AP Settings Clicking the Virtual APs link on the Wireless menu will result in a screen like the following e Bridge Mul ti Point Select this only if this AP is the Master for a group of Bridge mode APs The other Bridge mode APs must be set to Point to Point Bridge mode using this AP s MAC address They then send all traffic to this Master Figure 10 Virtual AP Settings Data Virtual AP Settings Screen VAPs VAP List Enable Button Configure Button Disable Button Isolation All available VAPs are listed For each VAP the following data is displayed e If displayed before the name of the VAP this indicates the VAP is currently enabled If not displayed the VAP is currently disabled e VAP Name The current VAP name is displayed e SSID The current SSID associated with this VAP e Security System The current security system e g WPA PSK is dis played Enable the selected VAP Change the settings for the selected VAP Disable the selected VAP Isolate all Virtual APs from each other If this option is enabled wireless clients using different VAPs different SSIDs are isolated from each other so they will NOT be able to communicate with each other They will still be able to communicate with other clients using the same profile unless the Wireless Separation setting on the Advanced screen has been enabled
46. en Finish 13 Right click on the server and select Authorize It may take a few minutes to complete 43 Wireless Access Point User Guide Certificate Authority Setup Select Start Programs Administrative Tools Certification Authority 2 Right click Policy Settings and select New Certificate to Issue Action view e am e Tree Certification Authority Local GEFs Recovery Agent File Recovery B io WirelessCA Gebpasic EFS Encrypting File System E Revoked Certificates Domain Controller Client Authentication Server Authentic E Issued Certificates Gaweb Server Server Authentication E Pending Requests EA computer Client Authentication Server Authentic 4D Failed Requests Geluser Encrypting File System Secure Email Seme FE e cen in Authority Certificate to Issue Code Signing Microsoft Trust List Signi View gt Refresh Export List Help Creates a new object in this container Figure 31 Certificate Authority Screen 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctrl key Click OK Select Certificate Template 2 xi Select a certificate template to issue certificates User Signature Only Secure Email Clier Smartcard User Secure Email Clier Client Authenticatic Client Authenticatic Code Signing Trust List Signing Microsoft Trust List Frirallmant Aqent Certificate Request gt Figure 32 Template Sc
47. entication in order to operate Authentication e Authentication via MAC Address Select this if you want to Use MAC Address for Authentication e Authentication via Name and Password Select this if you want to Use name and password for Authentica tion Wireless Access Point User Guide Wireless Screens There are 6 configuration screens available Basic Virtual APs Radius Server Settings Access Control Advanced Settings WIFI Protected Setup Basic Screen The settings on this screen must match the settings used by Wireless Stations Click Basic Settings on the Wireless menu to view a screen like the following Wireless Access Point Basic Settings W Turn Radio On ae Mode Wireless Mode Mixed 802 11n 802 11b and 802 119 2 4G a vitruat APs Auto Channel Scan Disable v radius Channel Frequency 6 v access Control Transmit Data Rate E Aavancea Settings oe Data Best Auto Power Disable v EJneip Output Power 1dBm 79 Channel Bandwidth Wide 40MHz X Extension Sub Channel Above Primary Channel v Save Cancel Figure 9 Wireless Basic Screen Data Wireless Basic Settings Screen Operation Turn Radio On Enable this to use the wireless feature Wireless Mode Select the desired option e Disable select this if for some reason you do not this AP to transmit or receive at all 14 Access Point Setup e 802 11b if selected only 802
48. figured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 83 Wireless Access Point User Guide Checking TCP IP Settings Windows 2000 1 Select Control Panel Network and Dial up Connection 2 Right click the Local Area Connection icon and select Properties You should see a screen like the following Local Area Connection Properties 2 x General Connect using E9 Siemens SpeedStream PE 10100 Configure Components checked are used by this connection a Client for Microsoft Networks v amp File and Printer Sharing for Microsoft Networks Internet Protocol TCP IP Install Uninstall Properties Description Transmission Control Protocol Intermet Protocol The default wide area network protocol that provides communication across diverse interconnected networks I Show icon in taskbar when connected OK Cancel Figure 68 Network Configuration Win 2000 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol TCP IP Properties 21x General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP setting
49. firmation message Click Yes 52 PC and Server Configuration Root Certificate Store Do you want to ADD the following certificate to the Root Store Subject WirelessCA Systems Wireless Widgets College Park MD US ca yourdomain tld Issuer Self Issued Time Validity Thursday October 11 2001 through Saturday October 11 2003 Serial Number 76E748D0 B6375643 4F77E081 551337C7 Thumbprint shal E9EC3F5D BA9B678E 79C05548 51017043 BE7AOCB Thumbprint mdS 6F171E64 D438B251 44242464 CDBE6189 Figure 46 Root Certificate Screen 9 Certificate setup is now complete 802 1x Authentication Setup 1 Open the properties for the wireless connection by selecting Start Control Panel Network Connections Right Click on the Wireless Network Connection and select Properties Select the Authentication Tab and ensure that Enable network access control using IEEE 802 1X is selected and Smart Card or other Certificate is selected from the EAP type 4 Wireless Network Connection Properties PX Authentication Advanced General Wireless Networks Select this option to provide authenticated network access for wired and wireless Ethernet networks Enable network access control using IEEE 802 1 EAP type Smart Card or other Certificate v Authenticate as computer when computer information is available C Authenticate as guest when user or computer information is unavailable
50. formation Services IIS component e From the Networking Services category select Dynamic Host Configuration Protocol DHCP and Internet Authentication Service DNS should already be selected and in stalled 40 PC and Server Configuration Windows Components Wizard Windows Components You can add or remove components of Windows 2000 US Accessories and Utilities A Certificate Services O Q Cluster Service Figure 25 Components Screen 4 Click Next 5 Select the Enterprise root CA and click Next Windows Components Wizard Certification Authority Type There are four types of certification authorities Figure 26 Certification Screen 6 Enter the information for the Certificate Authority and click Next 41 Wireless Access Point User Guide te 8 Windows Components Wizard CA Identifying Information Enter information to identify this CA CA name WitelessCA Organization Organization Organizational unit js ystems City Oakland State or province ca Country region jus E mail Jed yourdomain id CA description Wireless cal Valid for fe Years x Expires 271772005 6 39 PM Baa Figure 27 CA Screen Click Next if you don t want to change the CA s configuration data Installation will warn you that Internet Information Services are running and must be stopped before continuing Click Ok then Finish DHCP server configuration l 2 3 4
51. g Data is being transmitted or received via the Wireless access point Data includes network traffic as well as user data On Error condition Off Normal operation Blinking During start up and when the Firmware is being upgraded On The LAN Ethernet port is active Off No active connection on the LAN Ethernet port Flashing Data is being transmitted or received via the corresponding LAN Ethernet port Introduction Rear Panel O came W Antenna CONSOLE ETHERNET RESET POWER Antenna Figure 3 Rear Panel Reset Button This button has two 2 functions e Reboot When pressed and released the Wireless Access Point will reboot restart e Reset to Factory Defaults This button can also be used to clear ALL data and restore ALL settings to the factory default values To Clear All Data and restore the factory default values 1 Hold the Reset Button until the Status Red LED blinks TWICE usually more than 5 seconds 2 Release the Reset Button The factory default configuration has now been restored and the Access Point is ready for use ETHERNET Use a standard LAN cable RJ45 connectors to connect this port to a 10 100 1000BaseT hub switch on your LAN Power port Connect the supplied power adapter 12V 1A here CONSOLE DB9 female RS232 port Chapter 2 Installation This Chapter covers the physical installation of the Wireless Access Point Requirements e TCP IP network e Ethernet c
52. gs Obtain an IPv6 address automatically 5 Use the following IPv6 address Obtain DNS server address automatically Use the following DNS server addresses Preferred DNS server ernate DNS ser ED Gea Figure 73 TCP IP Properties Windows Vista 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting To work correctly you need a DHCP server on your LAN Using a fixed IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 89 Appendix D About Wireless LANs Overview Wireless networks have their own terms and jargon It is necessary to understand many of these terms in order to configure and operate a Wireless LAN Wireless LAN Terminology Modes Wireless LANs can work in either of two 2 modes e Ad hoc e Infrastructure Ad hoc Mode Ad hoc mode does not require an Access Point or a wired Ethernet LAN Wireless Sta tions e g notebook PCs with wireless cards communicate directly with each other Infrastructure Mode In Infrastructure Mode one or more Access Points are used to connect Wireless Stations e g Notebook PCs with wireless cards to a wired Ethe
53. ick Update to save your changes Add To add a Trusted Station which is not in the Other Wireless Stations list enter the required data and click this button Clear Clear the Name and Address fields 34 Access Point Setup Advanced Settings Clicking the Advanced Settings link on the Wireless menu will result in a screen like the following Wireless Access Point Caen Lere wees pansion Basic Settings vitruar Fragmentation Length 2346 256 2346 radius Beacon Interval 100 ms 20 1000 access Control DTIM interval 1 1 255 Advanced Settings 2347 802 11d RTS CTS Threshold 1 2347 e Parameters Guard Interval Short 400ns v User Control Preamble Type Short v Throughput Control 802 11B Protection Mode Disable v Auto Frequency Load Balance TX RX Chainmask Za E Enable Link Integrity juelp Save Cancel Figure 24 Advanced Settings Data Advanced Settings Screen Options Worldwide Mode Enable this setting if you wish to use this mode and your 802 11d Wireless stations support this mode WMM Enable WMM Support Check this to enable WMM Wi Fi Multimedia support in the Access Point If WMM is also supported by your wireless clients voice and multimedia traffic will be given a higher priority than other traffic If enabled then WMM acknowledgement is disabled Depend ing on the environment disabling acknowledgement may in
54. id Data packets transmitted to or received from Wireless Stations at driver level Management Number of Management packets transmitted to or received from Wireless Stations Control Number of Control packets transmitted to or received from Wire less Stations 60 Operation and Status Virtual AP Status This screen is displayed when the Virtual AP Status button on the Status screen is clicked Name VAP Name 1 VAP Name 2 VAP Name 3 VAP Name 4 VAP Name 5 VAP Name 6 VAP Name 7 BSSID ssp Proaacast security Status Clients VAP Name 0 00 C0 02 12 35 88 wireless 0 Enable None Enable 0 A wireless 1 Enable None Disable 0 NIA wireless 2 Enable None Disable 0 N A wireless 3 Enable None Disable 0 N A wireless 4 Enable None Disable 0 NIA wireless 5 Enable None Disable 0 N A wireless 6 Enable None Disable 0 NIA wireless 7 Enable None Disable 0 Figure 53 Virtual AP Status Screen For each VAP the following data is displayed Name The name you gave to this VAP if you didn t change the name the default name is used BSSIS The MAC address of the VAP SSID The SSID assigned to this VAP Broadcast SSID Indicates whether or not the SSID is broadcast Security The security method used by this VAP Status Indicates whether or not this VAP is enabled or currently used Clients The number of wireless stations currently using accessing this Access Point using this VAP If the VAP is
55. iisccssvectcsscssstcasssssietsctstcvasessosssectsoasssessesetacssuaseseeseccseasenecectvousesacsenecesecestees 14 Basic Screen sccccccscssessncsccecacescenctuedsseuscescvacsuecadecsneccnctsessseseuasdtecdeedsdecearactedcsacceacesessseatendsecs 14 Virtual AP Setting is scccccssccosscsossesscsesstsecssonsseessesesessossccesseestaasecsecocesenseonsseasctoceasscdocessenssess 17 Virtual AP SCreedisccsicsscecsstesiasstecsceatasssscescssstasseceosssctscavesteceuscesesteceseseewadsedsstoossssss cestcsscess 18 Radius Server Settings sssissicsesisssscsessrosssosisossssssosososossosssrssridsscoseeosses resosi sitoosssssstoss risres 31 ACCESS COntrOl ieccccssecsscscscececsceccsstetsreccerciccsseedseasececesecsendsassuasdscccseadscesacessoucecececosacsuceasesesios 32 Advanced Settings cscccsccsssssscssccsssssscssssscsesescsessocscecscesscsssccsssssscssssssscsscsssecssessoeseoes 35 CHAPTER 4 PC AND SERVER CONFIGURATION ssssesesossosossesesosocsosossssesosocsosoesesesosooe 37 OAE AA A E ETAS OE AT E IEE tdededansddsesatcedsacestecbasesdesusnacdccdececedseceands Using WEP Using WPA PSK WPA2 PSK sesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesesese 38 Using WPA Eniter prise lt ss c sicssiecsecccoscasesssesocesscdsssedesoosssescsasedussescesesecsassssceasocassesseusienscees 39 802 1x Server Setup Windows 2000 Server essessessesessoesesoossesoossesossossosoossesoossssossosse 40 802 1x Client Setup on Windows XP
56. ion s settings match those of the Wireless Access Point as described below e For 802 1x modes configuration is much more complex The Radius Server must be configured correctly and setup of each Wireless station is also more complex For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive Wireless e ach Wireless station must be set to use WEP data encryption Security e The Key size 64 bit 128 bit 152 bit must be set to match the Access Point e The keys values on the PC must match the key values on the Access Point Note On some systems the key sizes may be shown as 40bit 104bit and 128bit instead of 64 bit 128 bit and 152bit This difference arises be cause the key input by the user is 24 bits less than the key size used for encryption Wireless Access Point User Guide Using WPA PSK WPA2 PSK For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive Wireless On each client Wireless securi
57. is provided for me automatically as shown below 54 PC and Server Configuration Key length nder advanced Figure 49 Properties Screen Setup for Windows XP and 802 1x client is now complete 55 Wireless Access Point User Guide Using 802 1x Mode without WPA This is very similar to using WPA Enterprise The only difference is that on your client you must NOT enable the setting The key is provid ed for me automatically Instead you must enter the WEP key manually ensuring it matches the WEP key used on the Access Point Wireless Network Properties Network name 551D misslair Wireless network key WEP This network requires 4 key for the following Data encryption WEP enabled C Network Authentication Shared mode _ The key is provided for me automatically This is a computer to computer ad hoc network wireless access points are not used Figure 50 Properties Screen Note On some systems the 64 bit WEP key is shown as 40 bit and the 128 bit WEP key is shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 56 Chapter 5 Operation and Status This Chapter details the operation of the Wireless Access Point and the status screens Operation Once both the Wireless Access Point and the PCs are configured operation is automatic However you may need to perform the following operations
58. me admin E Change Admin Password Method auto Config Re enter to Confirm D config Fite o Ping Test Bauto Reboot g Firmware Upgrade Ejneip Wireless Access Point LESS OLG Type U Enable Wireless Web Access Account tMethod pao e HTTP Port Number 80 Control Bato Config E Enable HTTPS secure HTTP Admin connections l contig File HTTPS Port Number 443 Dring Test E Enable Management via SSH auto Reboot g Firmware Upgrade EJneip Save Cancel E 66 Access Point Management Wireless Access Point E Bjar Type Management Account Method g Auto Config o Config File g Ping Test g Auto Reboot o Firmware Upgrade juelp Turn IP Management Control On Allow Following IP Addresses to Manage the Device Deny Following IP Addresses to Manage the Device Subnet Subnet Mask IP subnet 1 p bp bp fp pss pss pss pss wrsubnet3f0 fo fo fo 255 pss pss pss IP subnet 6 b ie ip jp Ps5 fess 25s fess rsubnet7 0 fo fo pss 255 pss ps5 IP subnet 8 pb ip ip jp f pss ess ss pss Figure 57 Management Screen Data Management Screen Account Admin User Name Change Admin Password New Password Re enter to Confirm Method Enable Wireless Web Access Enable HTTP Admin Connections HTTP Port Number The name for login the Device Web If checked You can change the login password The default
59. nd provide the login data when re quired e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 20 Access Point Setup Security Settings None Wireless Access Ls e a oo H beasic Settings Made VAP VAP Name VAPName0 raadius 2 SSID Wiees ts sS SCS access Control Advanced Settings Broadcast SSID Enable Disable Isolation within Disable VAP EjJHeip Max Bandwidth for this VAP Us Ds p 1P 64Kbps 0 2048 Max Bandwidth for the STA on this p p 64Kbps 0 1024 VAP Us Ds Security Security System None Back save Cancel Figure 12 Wireless Security None No security is used Anyone using the correct SSID can connect to your network Security Settings WEP This is the 802 11b standard Data is encrypted before transmission but the encryption system is not very strong 21 Wireless Access Point User Guide Security Security System WEP v Data Encryption 64 bit v Authentication Open System v WEP Keys Key input Hex 0 9 and A F ASCII Key 1 Key 2 Key 3 Key 4 Passphrase Generate Key Back Save Cancel Figure 13 WEP Wireless Security Screen Data WEP Screen WEP Data Encryption Authentication Key Input Key Value Passphrase Select the desired option and ensure your Wireless stations have the s
60. net 68 Access Point Management Auto Config is only useful if you have a FTP Server on your LAN So the device will auto load the config file from the FTP Server To reach this screen select Auto Config in the Ad ministration section of the menu Wireless Access Point ee eee peee E OLG Type management Auto Config Enable Disable O Auto Config FTP Server D contig File User Name Fring Test Password Bjauto Reboot Config File g Firmware Upgrade Interval 1 Hours Help Check Now E Figure 58 SNMP Screen Data Auto Config Screen Auto Config If enable The device will auto load config file from server If disable The function is invalid FTP Server Input the FTP Server IP address User Name Input the user names for login FTP Server Password Input the password for login FTP Server Config file Input the config file path on the FTP Server Interval The device will as the interval time to check new config file on FTP Server If find new config file will auto load it The unit is hours Check now Press the button The device will check new config file on FTP Server immediately Wireless Access Point User Guide Config File This screen allows you to Backup download the configuration file and to restore upload a previously saved configuration file You can also set the Wireless Access Point back to its factory default settings To reach this screen select Config File in
61. on a regular basis e If using the Access Control feature update the Trusted PC database as required See Access Control in Chapter 3 for details e If using 802 1x mode update the User Login data on the Windows 2000 Server and configure the client PCs as required Use the Status link on the main menu to view this screen Wireless Access Point Foes Ten worn o Aa es e system Status Service Provider Network Status Hardware Version V1 0 00S wireless S Firmware Version v1 0 00 Li ol 2 Bootloader Version 1 04 statistics Serial Number 1108AB900002 AP Type FAT AP EjJHeip Device Mode Bridge SSS ag Figure 51 Status Screen 57 Wireless Access Point User Guide Data Status Screen Access Point Access Point Name The current name will be displayed MAC Address The MAC physical address of the Wireless Access Point Country Domain The region or domain as selected on the System screen Hardware Version The version of the hardware currently used Firmware Version TCP IP The version of the firmware currently installed IP Address The IP Address of the Wireless Access Point Subnet Mask The Network Mask Subnet Mask for the IP Address above Gateway Enter the Gateway for the LAN segment to which the Wireless Access Point is attached the same value as the PCs on that LAN segment DHCP Client
62. oot Interval If enable the function Please input the desired time The unit is hours The device will auto reboot as the time interval Wireless Access Point User Guide Firmware Upgrade The firmware software in the Wireless Access Point can be upgraded using your Web Browser You must first download the upgrade file and then select Upgrade Firmware in the Admin istration section of the menu You will see a screen like the following Wireless Access Point es ee Lee orreee Le Ba Type o Management Firmware File 10 Auto Config o Config File 10 Ping Test o Auto Reboot O Firmware Upgrade EJ Help Upgrade Cancel Figure 62 Firmware Upgrade Screen To perform the Firmware Upgrade 1 Click the Browse button and navigate to the location of the upgrade file 2 Select the upgrade file Its name will appear in the Upgrade File field 3 Click the Upgrade button to commence the firmware upgrade BES The Wireless Access Point is unavailable during the upgrade process and must restart when the up Note grade is completed Any connections to or through the Wireless Access Point will be lost Appendix A A Specifications Wireless Access Point Hardware Specifications 1 x Auto MDIX RJ 45 for 10 100 1000Mbps PoE port IEEE 802 3af compliance 11b Embedded Atheros solution Network Standard IEEE 802 11b Wi Fi and IEEE 802 1 1g compliance OFDM 802 11b CCK 11 Mbps 5 5
63. ort EAP MDS5 EAP TLS EAP TTLS PEAP RADIUS based MAC authentication Block inter wireless station communication wireless separation Block SSID broadcast Management Web based configuration Configurable Web port RADIUS Accounting RADIUS On feature RADIUS Accounting update Telnet CLI Syslog internal Log Access Control list Editable Configuration file backup Restore 76 Appendix A Specifications Statistics support SNMP v1 amp v2c amp v3 LLTD Only wired users to be able to control Auto configuration Other Features DHCP client WINS client Radius client Enable Disable wireless Network Integrality Check FTP client Firmware Upgrade HTTP FTP network protocol download 77 Appendix B Troubleshooting Overview This chapter covers some common problems that may be encountered while using the Wireless Access Point and some possible solutions to them If you follow the suggested steps and the Wireless Access Point still does not function properly contact your dealer for further advice General Problems Problem 1 Can t connect to the Wireless Access Point to configure it Solution 1 Check the following e The Wireless Access Point is properly installed LAN connections are OK and it is powered ON Check the LEDs for port status e Ensure that your PC and the Wireless Access Point are on the same network segment If you don t have a router this must be the c
64. protocol as shown below Network 21x Identification Services Protocols Adapters Bindings Network Protocols Y NetBEUI Protocol Y NWLink IPX SPX Compatible Transport Y NWLink NetBIOS Add Remove Properties Description Transport Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Cancel Figure 66 Windows NT4 0 TCP IP 2 Click the Properties button to see a screen like the one below Microsoft TCP IP Properties 12 xi IP Address DNS WINS Address DHCP Relay Routing An IP address can be automatically assigned to this network card by a DHCP server If your network does not have a DHCP server ask your network administrator for an address and then type it in the space below Adapter PCI Fast Ethernet Adapter Obtain an IP address from a DHCP server Specify an IP address OK Cancel Apply Figure 67 Windows NT4 0 IP Address 82 Appendix C Windows TCP IP 3 Select the network card for your LAN 4 Select the appropriate radio button Obtain an IP address from a DHCP Server or Specify an IP Address as explained below Obtain an IP address from a DHCP Server This is the default Windows setting This is the default Windows settings To work correctly you need a DHCP server on your LAN Using Specify an IP Address If your PC is already con
65. reen Select Start Programs Administrative Tools Active Directory Users and Computers 5 Right click on your active directory domain and select Properties 44 PC and Server Configuration Directory Users and Computers Figure 33 Active Directory Screen 6 Select the Group Policy tab choose Default Domain Policy then click Edit wireless yourdomain tid Properties Figure 34 Group Policy Tab 7 Select Computer Configuration Windows Settings Security Settings Public Key Policies right click Automatic Certificate Request Settings New Automatic Certificate Request 45 Wireless Access Point User Guide gf Group Policy oH action wew Gm ale Tree Default Domain Policy swpa dell2k swpa sercomm com tw P ic g Computer Configuration E E Software Settings El amp Windays Settings S Scripts Startup Shutdown Security Settings E Account Policies E e Local Policies ge Event Log Li Restricted Groups QQ System Services Ez gs Registry E File System S Public Key Policies Encrypted Data Recovery Agents 5 5 5 Trusted Root Certification Authorities ew Automatic Certificate Request E Enterprise Trust e IP Security Policies on Active Directory E Administrative Templates i Pe User Configuration E Software Settings H E Windows Settings Administrative Templates 4 H Create anew Automatic Certificate Request object and
66. ridge to a single AP You must provide the MAC address of the other AP in the PTP Bridge AP MAC Address field e Bridge Multi Point Select this only if this AP is the Master for a group of Bridge mode APs The other Bridge mode APs must be set to Point to Point Bridge mode using this AP s MAC address They then send all traffic to this Master e Wireless Client Repeater Act as a client or repeater for another Access Point If selected you must provide Remote SSID and the address MAC address of the other AP in the Remote AP MAC Address field In this mode all traffic is sent to the specified AP e Wireless Detection This mode will turn the access point into a wireless Monitor A Rouge AP is an Access Point which should not be in use and so can be considered to be providing unauthor ized access to your LAN e No Security If checked then any AP operating with security disabled is considered to be a Rogue AP e Not in Legal AP List If checked then any AP not listed in the Legal AP List is considered to be a Rogue AP If checked you must maintain the Legal AP List e Define Legal AP Click this to open a sub screen where you can modify the Legal AP List This list must contain all known APs so must be kept up to date Remote MAC Address You must enter the MAC address es of other AP s in the fields Select Remote AP If the other AP is on line you can click the Select Remote AP button and s
67. rnet LAN The Wireless Stations can then access all LAN resources Access Points can only function in Infrastructure mode and can communicate only with Wireless Stations which are Note setto Infrastructure mode SSID ESSID BSS SSID A group of Wireless Stations and a single Access Point all using the same ID SSID form a Basic Service Set BSS Using the same SSID is essential Devices with different SSIDs are unable to communi cate with each other However some Access Points allow connections from Wireless Stations which have their SSID set to any or whose SSID is blank null ESS ESSID A group of Wireless Stations and multiple Access Points all using the same ID ESSID form an Extended Service Set ESS Appendix D About Wireless LANs Different Access Points within an ESS can use different Channels To reduce interference it is recommended that adjacent Access Points SHOULD use different channels As Wireless Stations are physically moved through the area covered by an ESS they will automatically change to the Access Point which has the least interference or best perfor mance This capability is called Roaming Access Points do not have or require Roaming capabilities Channels The Wireless Channel sets the radio frequency used for communication e Access Points use a fixed Channel You can select the Channel used This allows you to choose a Channel which provides the least interference and be
68. rnet Adapter ry TCP IP gt Dial Up Adapter X TCP IP gt Dial Up Adapter 2 VPN Support File and printer sharing for Netare Networks X 4 gt Add Remove Properties Figure 64 Network Configuration 2 Select the TCP IP protocol for your network card 3 Click on the Properties button You should then see a screen like the following 80 Appendix C Windows TCP IP TCP IP Properties 21x Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration IP Address An IP address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type itin the space below Specify an IP address Figure 65 IP Address Win 95 Ensure your TCP IP settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows settings To work correctly you need a DHCP server on your LAN Using Specify an IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 81 Wireless Access Point User Guide Checking TCP IP Settings Windows NT4 0 1 Select Control Panel Network and on the Protocols tab select the TCP IP
69. rvice Action View le gt Glam 2 Tree Internet Authentication Service Local gay QQ Remot ay Remot Export List Help Figure 37 Service Screen Enter a name for the access point click Next Enter the address or name of the Wireless Access Point and set the shared secret as entered on the Security Settings of the Wireless Access Point Click Finish Right click on Remote Access Policies select New Remote Access Policy Assuming you are using EAP TLS name the policy eap t1s and click Next Click Add If you don t want to set any restrictions and a condition is required select Day And Time Restrictions and click Add iSelect attribute E Select the type of attribute to add and then click the Add button Attribute types Called Station Id Phone number dialed by user Calling Station Id Phone number from which call originated Client Friendly Name Friendly name for the RADIUS client IAS Client IP Address IP address of RADIUS client IAS only Client Vendor Manufacturer of RADIUS proxy or NAS I Day And Time Restrictions Time periods and days of week during wh Framed Protocol The protocol to be used NAS Identifier String identifying the NAS originating the r NAS IP Address IP address of the NAS originating the requ NAS Port Type Type of physical port used by the NAS ori Service Type Type of service user has requested Tunnel Tppe Tunneling protocols to be used Windows Groups Windo
70. s Obtain an IP address automatically C Use the following IP address IP address Subnet mask Default gateway Obtain DNS server address automatically C Use the following DNS server addresses Preferred DNS server r Alternate DNS server Figure 69 TCP IP Properties Win 2000 84 Appendix C Windows TCP IP 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting This is the default Windows settings To work correctly you need a DHCP server on your LAN Using a fixed IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 85 Wireless Access Point User Guide Checking TCP IP Settings Windows XP 1 Select Control Panel Network Connection 2 Right click the Local Area Connection and choose Properties You should see a screen like the following 4 Local Area Connection Properties General Authentication Advanced Connect using B Siemens SpeedStream PCI 10 100 This connection uses the following items v isl Client for Microsoft Networks v a File and Printer Sharing for Microsoft Networks 4 E QoS Packet Scheduler m mie
71. s Ds 64Kbps 0 2048 Max Bandwidth for the STA on this 0 A 64Kbps 0 1024 VAP Us Ds Security Security System WPA2 RADIUS X WPA Encryption AES v Back Save Jf Cancel Figure 18 WPA2 with Radius Wireless Security Screen Data WPA2 with Radius Screen WPA2 with Radius WPA Encryption The encryption method is AES Wireless Stations must also use AES Group Key Update This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Key Lifetime This field determines how often the Group key is dynamically updated Enter the desired value Update Group key If enabled the Group key will be updated whenever any member when any membership leaves the group or disassociates from the Access Point terminates 27 Wireless Access Point User Guide Security Settings WPA and WPA2 with Radius EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authenti cation according to the 802 1x standard Data transmissions are encrypted using EITHER WPA or WPA2 standard Wireless Access Point es Lee Lee Lee pereo N Basic Settings VAP vaP Name VAP NameD radius SSID Wireless g Access Control Advanced Settings Broadcast SSID Enable Disable Isolation within Disable S VAP Wuelp Max Bandwidth for fF this VAP Us Ds FE 64Kbps 0 2048 Max Bandwidth for the STA on this 0 0 64Kbps 0 1024 VAP
72. ss LANs e Supports lIn Wireless Stations The 802 11n Draft standard provides for backward compatibility with the 802 11b standard so 802 11n 802 11b and 802 11g Wireless sta tions can be used simultaneously e Bridge Mode Support The Wireless Access Point can operate in Bridge Mode con necting to another Access Point Both PTP Point to Point and PTMP Point to Multi Point Bridge modes are supported And you can even use both Bridge Mode and Access Point Mode simultaneously e DHCP Client Support Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request The Wireless Access Point can act as a DHCP Client and obtain an IP address and related information from your existing DHPC Server Wireless Access Point User Guide Thin AP Support thin AP function Upgradeable Firmware Firmware is stored in a flash memory and can be upgraded easily using only your Web Browser PoE Support You can use PoE Power over Ethernet to provide power to the Wireless Access Point so only a single cable connection is required Security Features Virtual APs For maximum flexibility wireless security settings are stored in Virtual AP Up to 8 Virtual APs can be defined and used as any time Multiple BSSIDs Because each Virtual AP has it own SSID and beacon and up to 4 Virtual APs can be active simultaneously multiple SSIDs are supported Different clients can connect to the Wireless Access Poin
73. ss Point User Guide Checking TCP IP Settings Windows Vista 1 Select Control Panel Network Connections 2 Right click the Local Area Connection Status and choose Properties Click Continue to the User Account Control dialog box then you should see a screen like the following g 4 Local Area Connection Properties Networking Connect using BY Intel R PRO 100 VE Network Connection This connection uses the following items v 0M Client for Microsoft Networks aos Packet Scheduler co File and Printer Sharing for Microsoft Networks Bu intemet Protocol Version 6 TCP IPv6 4 Intemet Protocol Version 4 TCP IPv4 Link Layer Topology Discovery Mapper 1 0 Driver 4 Link Layer Topology Discovery Responder Install Uninsta Properties Description TCP IP version The latest version of the intemet protocol that provides communication across diverse interconnected networks KK KKK ok _ Cancel Figure 72 Network Configuration Windows Vista 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following 88 Appendix C Windows TCP IP General You can get IPv6 settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IPv6 settin
74. st before enabling this feature Local Trusted This table lists any Wireless Stations you have designated as Trust Stations ed If you have not added any stations this table will be empty For each Wireless station the following data is displayed e Name the name of the Wireless station e MAC Address the MAC or physical address of each Wireless station e Connected this indicates whether or not the Wireless station is currently associates with this Access Point 32 Buttons Modify List Read from File Write to File Access Point Setup To change the list of Trusted Stations Add Edit or Delete a Wireless Station or Stations click this button You will then see the Trusted Wireless Stations screen described below To upload a list of Trusted Stations from a file on your PC click this button To download the current list of Trusted Stations from the Access Point to a file on your PC click this button Trusted Wireless Stations To change the list of trusted wireless stations use the Modify List button on the Access Control screen You will see a screen like the sample below Trusted Wireless Stations Other Wireless Stations e a cactagmaneecceas cecal SelectAll Select None ame Address Physical MAC address Figure 23 Trusted Wireless Stations Data Trusted Wireless Stations Trusted Wireless Stations This lists any Wireless Stations which you have designated
75. st performance For 802 11g 13 channels are available in the USA and Canada but 1 1channels are available in North America if using 802 11b e fusing multiple Access Points it is better if adjacent Access Points use different Chan nels to reduce interference The recommended Channel spacing between adjacent Access Points is 5 Channels e g use Channels and 6 or 6 and 11 e In Infrastructure mode Wireless Stations normally scan all Channels looking for an Access Point If more than one Access Point can be used the one with the strongest signal is used This can only happen within an ESS e Ifusing Ad hoc mode no Access Point all Wireless stations should be set to use the same Channel However most Wireless stations will still scan all Channels to see if there is an existing Ad hoc group they can join WEP WEP Wired Equivalent Privacy is a standard for encrypting data before it is transmitted This is desirable because it is impossible to prevent snoopers from receiving any data which is transmitted by your Wireless Stations But if the data is encrypted then it is meaningless unless the receiver can decrypt it If WEP is used the Wireless Stations and the Wireless Access Point must have the same settings WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key
76. standard If this option is selected e This Access Point must have a client login on the Radius Server e Fach user must authenticate on the Radius Server This is usually done using digital certificates e Fach user s wireless client must support 802 1x and provide the Radius authentication data when required e All data transmission is encrypted using the WPA2 standard Keys are automatically generated so no key input is required WPA and WPA2 with Radius EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using EITHER WPA or WPA2 standard If this option is selected e This Access Point must have a client login on the Radius Server e Each user must authenticate on the Radius Server This is usually done using digital certificates e Fach user s wireless client must support 802 1x and provide the Radius authentication data when required e All data transmission is encrypted using EITHER WPA or WPA2 standard Keys are automatically generated so no key input is required 802 1x This uses the 802 1x standard for client authentication and WEP for data encryp tion If this option is selected e This Access Point must have a client login on the Radius Server e Fach user must have a user login on the Radius Server 19 Wireless Access Point User Guide e Fach user s wireless client must support 802 1x a
77. t set mdSsuppname set mdSsupppassword set mdSsupptype set nativevlanid set ntp set operationmode set password set psk set radiusserver set radiusport set radiussecret set remoteptmp set remoteptp set roguedetect set rogueinteval Appendix E Command Line Interface Set Group Key Update Interval in Minutes 97 Wireless Access Point User Guide set Set SNMP Read Community snmpreadcommunity set Set SNMP Write Community snmpwritecommunity 98 Appendix E Command Line Interface Set WMM No Acknowledge factoryrestore Restore to Default Factory Settings apply To make the changes take effect 99
78. t SSIDs Refresh Button Update the data on screen 63 Chapter 6 Access Point Management This Chapter explains when and how to use the Wireless Access Point s Ad ministration Features Overview This Chapter covers the following features available on the Wireless Access Point s Man agement menu e AP Type e Management e Auto Config e Config File e Ping Test e Auto Reboot e Firmware Upgrade AP Type Screen The AP Type screen allows you to assign Fat AP mode or Fit AP mode The Wireless Access Point will work as general AP in Fat AP mode The Wireless Access Point must work with AC in Fit AP mode Wireless Access Point se ce ce PEE Management Iauto config D config File g Ping Test Auto reboot o Firmware Upgrade AP Type FITAP FAT AP Ejneip Figure 56 AP Type Screen Data AP Type Screen FAT AP FAT AP FIT AP FIT AP Access Point Management Select the mode The AP will work as general AP All of function on the AP need User to configure it everyone Select the mode The AP will work as thin AP mode The IP Address will change to DHCP Client It will ask one IP Address from DHCP Server on the LAN So User can config ure it by Web or AC 65 Wireless Access Point User Guide To reach this screen select Management in the Administrtion section of the menu Wireless Access Point a SSS jar Type M r Management Admin User Na
79. t using different SSIDs with different security settings Virtual APs Isolation If desired PCs and devices connecting to different Virtual APs can be isolated from each other VLAN Support The 802 1Q VLAN standard is supported allowing traffic from differ ent sources to be segmented Combined with the multiple SSID feature this provides a powerful tool to control access to your LAN WEP support Support for WEP Wired Equivalent Privacy is included Both 64 Bit 128 Bit and 152 Bit keys are supported WPA support Support for WPA is included WPA is more secure than WEP and should be used if possible Both TKIP and AES encryption methods are supported 802 1x Support Support for 802 1x mode is included providing for the industrial strength wireless security of 802 1x authentication and authorization Radius Client Support The Wireless Access Point can login to your existing Radius Server as a Radius client Radius MAC Authentication You can centralize the checking of Wireless Station MAC addresses by using a Radius Server Rogue AP Detection The Wireless Access Point can detect unauthorized Rouge Access Points on your LAN Access Control The Access Control feature can check the MAC address of Wireless clients to ensure that only trusted Wireless Stations can use the Wireless Access Point to gain access to your LAN Password protected Configuration Optional password protection is provided to prevent unauthorized users from
80. tem Basic and Advanced settings e Wireless Basic Advanced Access Control Radius Server Virtual APs amp WIFI Protected Setup 8 You may also wish to set the admin password and administration connection options These are on the Admin Login screen accessed from the Management menu See Chapter 6 for details of the screens and features available on the Management menu 9 Use the Apply and Reboot buttons on the menu to apply your changes and restart the Wireless Access Point Setup is now complete Wireless stations must now be set to match the Wireless Access Point See Chapter 4 for details If you can t connect It is likely that your PC s IP address is incompatible with the Wireless Access Point s IP address This can happen if your LAN does not have a DHCP Server The default IP address of the Wireless Access Point is 192 168 0 228 with a Network Mask of 255 255 255 0 If your PC s IP address is not compatible with this you must change your PC s IP address to an unused value in the range 192 168 0 1 192 168 0 254 with a Network Mask of 255 255 255 0 See Appendix C Windows TCP IP for details for this procedure Access Point Setup System Basic Settings Screen Click Basic Settings on the System menu to view a screen like the following Figure 7 System Basic Settings Screen Data System Basic Settings Screen Identification Access Point Name Description Country Domain MAC Address
81. ty must be set to WPA PSK Security e The Pre shared Key entered on the Access Point must also be entered on each Wireless client e The Encryption method e g TKIP AES must be set to match the Access Point 38 PC and Server Configuration Using WPA Enterprise This is the most secure and most complex system WPA Enterprise mode provides greater security and centralized management but it is more complex to configure Wireless Station Configuration For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive 802 1x Each client must obtain a Certificate which is used for authentication for Authentication the Radius Server 802 1x Typically EAP TLS is used This is a dynamic key system so keys do Encryption NOT have to be entered on each Wireless station However you can also use a static WEP key EAP MDS the Wireless Access Point supports both methods simultaneously Radius Server Configuration If using WPA Enterprise mode the Radius Server on your network must be configured as follow e It must provide and accept Certificates for user authentication e There must be a Client Login for the Wireless Access Point itself e The Wireless Ac
82. ws groups that user belongs to Figure 38 Attribute Screen Click Permitted then OK Select Next 10 Select Grant remote access permission Click Next 47 Wireless Access Point User Guide 11 Click Edit Profile and select the Authentication tab Enable Extensible Authentication Protocol and select Smart Card or other Certificate Deselect other authentication meth ods listed Click OK f Edit Dial in Profile M Smart Card or other Certificate Figure 39 Authentication Screen 12 Select No if you don t want to view the help for EAP Click Finish 48 PC and Server Configuration 1 Select Start Programs Administrative Tools Active Directory Users and Computers 2 Double click on the user who you want to enable 3 Select the Dial in tab and enable Allow access Click OK alex Properties Figure 40 Dial in Screen 49 Wireless Access Point User Guide 802 1x Client Setup on Windows XP Windows XP ships with a complete 802 1x client implementation If using Windows 2000 you can install SP3 Service Pack 3 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to your vendor s documentation for setup instructions The following instructions assume that e You are using Windows XP e You are connecting to a Windows 2000 server for authentication e You already have a login
Download Pdf Manuals
Related Search