Link1000ACS Wireless Web Interface User`s Guide
Contents
1. Wireless Web Interface User s Manual 54 Chapter 12 Captive portal Click WLAN Configuration gt Captive Portal to open the Captive Portal Configuration page The parameters of portal access authentication can be configured _ icXchange admin Save Configuration Logout Dashboard WLAN Configuration Monitor Management Wired Configuration Captive Portal Global Configuration Enable ud Operational Status Disabled Disable Reason Administrator Disabled Authentication Type External Portal Internal Portal Peer Switch Statistics Reporting Interval secs 120 15 3600 0 Disable Captive Portal Portal Server Configuration OD Server Name IP Address Server Name IP Address Port 0 65535 Server Key Free Resource Configuration i Free Resource ID Source IP Mask Length ma pelete Destination IP Mask Length Operation Free Resource ID 1 32 Source IP Mask Length Example 192 168 1 1 24 Destination IP Mask Length Example 192 168 1 1 24 Add Delete 12 1 Global configuration Select the Enable check box to enable the captive portal function globally Clear the check box to disable this function This function includes the captive portal function on the Link1000ACS and AP Enable Operational Status Wireless Web Interface User s Manual 55 o MA MOI 12 2 Captive po2. 0 536870911 0 Unlimited 0 536870911 0 Unlimited 0 4294967295 0 Unlimited 0 4294967295 0 Unlimited 0 4294967295 0 Unlimited 1 65535 e Radius Auth Server Group Name appoints the Radius authentication server to be used SS 818 38 SD 8 e Radius Accounting Server Group Name appoints the Radius accounting server to be used gt A e Radius Accounting Update Interval secs configures the updating interval of the Radius accounting Pv4 Portal Server appoints the IPv4 portal server to be used E IPV6 Portal Server appoints the IPv6 portal server to be used a e Free Resource binds the free resource rule for the CP Se EE ER Idle Timeout secs the idle timeout of CP 0 is the default value which V custom Encoding ene Custom Langage Ei means that there is no time limit Custom Encoding Custom Language e Session Timeout secs the session timeout of CP 86400 24 hours is the default value and 0 means that there is no session limitation Wireless Web Interface User s Manual 59 e Max Up Bandwidth bytes sec configures the user s max up bandwidth The default value is 0 which means that there is no bandwidth limit e Max Down Bandwidth bytes sec configures the user s max down bandwidth The default value is 0 which mean
3. Click Add to complete it Weekday EveryDay Example Configure network 2 to access the network from 9 00 on May 13 2013 18 00 on May 18 2013 as shown in the following figure UTC Policy Start Time 2013 5 139 00 End Time 2013 5 18 18 00 Network Status Add Wireless Web Interface User s Manual 72 Click Add to complete the configuration O Start Time End Time O 2013 05 13 09 00 2013 05 18 18 00 Select the configured policy and then click Delete to delete the policy 17 2 Radio time limit configuration Select the AP Group ID from the drop down list to configure the policy under this AP group Select Radio ID from the drop down list to choose the radio to be configured The cyclical policy configuration disables this radio and limits the network access in this time When configuring the UTC policy the user can select Up or Down for the radio status allowing the radio to be enabled or disabled Example Configure radio 21 under profile 1 to disable the VAPS in that group on the cyclical policy from 8 00 to 12 00 every Monday AP Group ID 21 Default Radio ID fi 802 11b z n O Start Time End Time Weekday Radio Status Cyclical Policy Start Time 08 00 End Time 12 00 Weekday onday y Add Click Add to complete the configuration O Start Time End Time Weekday Radio Status O 08 00 12 00 Monday Down Wireless Web Interface User s Manual 73 Example Configure the R
4. 75 2114 Basic COMMOUIANON varaner 105 18 1 Add OU L rumrrnnnnnrnnnnnnrvrrnnnnrnnrnnnnvennnnnnnnnnnnnnrennnnnnnsennnnnnsnnnnnnnsnnnnnnnnene 75 a a TUNE aM atascaeere acca tecreaeirieaeae me WD Dee OU EE 75 ee aaas ad 21 2 1 SNMP Authentication orci iscvcuiccuscnerreitaucnaiiiniugverivsaucsauers 107 Chapter 19 Trap and SYSlog evrvrvrrrrvrrrvvrrvvvrvrvvrrvvnrvvnnnenn 76 NPE 111 19 1 SNMP traps cccceccccccccscsecssssscseescesscseeneecesscsesscesesstenensesstenenensateeen 76 21 2 3 Community managers munne 112 19 1 1 Wireless global traps c cccccccesescesescssscesesseseresseeeneateeeneaees 76 21 2 4 Configure SNMP manager security IP ese 114 VANN 77 21 2 5 SNMP Statistics 0 0 ee tenes eee teeeeneeseeteeeneees 114 19 2 1 Wireless syslog configuration wwrwrrrrrrrrnnrrrnnrnvrrnnrrrnrrenn 77 21 3 SSH management cisvcniseecsccctssancecinarescnieriiaroeiesasteitaciannniaadisn nis 115 19 2 2 Captive portal syslog configuration cccccccccececeeeeeeeeees 77 STAS dead 115 21 3 2 SSH management rrnnnnnnnnnvnnnnnvnnnnnrnnnnnnvnnnnnrnnnnnsennnnnennnn 116 Gp 0 MON O EN 78 21 4 Firmware update mmmmeevvvvrrrrvrrrrrrrrvrrrrrrvevennrrvrnersrrsrrrerevenneenesenn 117 201 PAG so seneacastetasancienanierapienedienennimencdgeduecpictueiwsneseh iusessesdedoeaciesueeessameysduess 78 21 4 1 TFTP client service coco 118 TNT 79 21 4 2 TFTP server service uunmunnnummmmm 119 2012 Each AC status statistics Lan sascatea
5. Copyright C 2014 International Communications Corporation Inc http www intcomcorp com support html 1 2 2 Web interface introduction Upon logging in the dashboard will appear showing the basic information of the current Link1000ACS and the managed AP status Chapter 2 provides a detailed introduction to the dashboard Wireless Web Interface User s Manual 5 ZN wy om my At the top of the screen are tabs for each functional module Click the corresponding tab to configure the wireless or wired functions admin Save Configuration Logout icXchange DERG WLAN Configuration Monitor Management Wired Configuration g en Info Ga W Managed AP Link1000ACS MAC Address Software Configuration Name IP Address 192 168 1 1 Peer Managed ae eee ee Version ARE Status Age MAC Address f8 f7 d3 2c fe 24 f8 f7 d3 00 03 80 192 168 1 3 3 Default 2 0 10 23 managed success 0d 00 00 00 System Uptime 0 weeks 0 days 7 hours 28 minutes f8 f7 d3 00 03 e0 192 168 1 2 2 Default 2 0 10 23 managed success 0d 00 00 00 Maximum Managed APs 16 S N WL006510D709000028 yen Version 7 0 3 5 R0132 0019 Company International Communications Corporation Mie Info Ga Hotline 951 934 0351 Managed APs 2 WWW www intcomcorp com Authenticated Clients 0 1 2 3 Menu introduction On the top right of the main Graphical User Interface GUI screen there are three fields user account name Save Configuration and Logout e user accou
6. 27 ZN wy om my Example 1 Type the AP MAC address in the AP MAC box as f8 f7 d3 00 03 f0 Select the Channel as auto Type the Power as 0 0 power indicates automatic power adjustment Click Add AP Configuration Radiol Channel auto Power 0 0 100 0 Auto AP MAC f8 f7 d3 00 03 f0 Radio2 Channel auto Power 0 0 100 0 Auto AP MAC Radio1 Channel Power Radio2 Channel Power Operation f8 f7 d3 00 03 60 Auto Auto Auto Auto Modify Delete 2 Click Modify to the right of the AP to modify it The AP MAC address cannot be modified but the channels and power can be Select the Channel to be 6 and the Power to be 0 Click Submit AP Configuration 0 100 0 Auto AP MAC f8 f7 d3 00 03 60 j Submit 0 100 0 Auto 3 Click Delete to the right of the AP that needs to be deleted When deleting an AP from a group you must reset the AP Click the Monitor tab click AP click View Detail and then pull down the radio mac address to reset in Managed AP Status Scroll down the page to click the Reset button The AP will reset in about 2 minutes Wireless Web Interface User s Manual 28 6 1 3 Radio The Radio section configures the radio of the AP group The Radio VAP QoS and TSPEC are all configured in one radio Select the hardware type button on an AP that has dual radios The radio which needs to be configured can be selected here Switching the radio will cause any unsaved changes to be lost Submit chan
7. Age the interval from the last scanning and reporting to current Wireless Web Interface User s Manual 99 ZN wy om my e Ad hoc Network reports if the network is ad hoc e Discovered Age the interval from the first scanning to current e OUI Description the name of the AP s manufacturer 20 4 2 2 AP triangulation status AP Triangulation Status shows the neighbor AP information for the AP location The location information includes three radios that are not in sentry mode and three radios that are in sentry mode The AP triangulation status is as follows 20 4 2 3 WIDS AP rogue classification The scanned AP can determine if the AP is rogue AP through WIDS The Rogue Classification is as follows WIDS AP Rogue Classification Reporting Time Since Time Since MAC Address First Report Last Report Administrator configured rogue AP 00 00 00 00 00 00 0d 00 00 00 0d 00 00 00 Managed SSID from an unknown AP 00 00 00 00 00 00 0d 00 00 00 0d 00 00 00 Managed SSID from a fake managed AP 00 00 00 00 00 00 0d 00 00 00 0d 00 00 00 AP without an SSID 00 00 00 00 00 00 0d 00 00 00 0d 00 00 00 Fake managed AP on an invalid channel 00 00 00 00 00 00 0d 00 00 00 0d 00 00 00 123 If the scanned AP confirms any of the items it will determine that it is a rogue AP a AEE iists Wireless Web Interface User s Manual 100 SIMPLE COMMUNICATION DS mm OI 20 4 3 Client dynamic blacklist The wireless RF
8. Example Click New to create the AP group Type the ID as 5 and then click Copy to the right of AP group 1 AP group 5 will be created and its configuration will be the same as AP group 1 AP MAC addresses will not be copied during this process ID Group Name Hardware Type Operation 1 Default 0 Any Modify Copy Apply 2 Default 22 ARC2000MAP Indoor Dual Band Radio 802 11N Modify Copy Apply Normal Attribute ID Group Name Hardware Type Load Balance Template AD mn am fists Wireless Web Interface User s Manual 32 SIMPLE COMMUNICATION GI O 1 Click Modify to the right of AP group 5 to modify it Click Copy to the right of AP group 2 AP group 5 will be modified and its configuration will be the same as AP group 2 ID Group Name Hardware Type Operation 1 Default Q Any Modify Copy Apply 2 Default 22 ARC2000MAP Indoor Dual Band Radio 802 11N Modify Copy Apply 5 Default 0 Any Modify Copy Apply Hardware Type 6 3 Apply AP group Click Apply to the right of the AP group to send the configuration to the APs After configuring the AP group click OK Configurations will be pushed to that group within about 90 seconds Example Click Apply to the right of AP group 5 and then click OK to send the configuration to all the APs in AP group 5 The page at 192 168 1 1 says al admin Save Configuration Logout icXchange z E 4 All configurations will be sent to the APs associate
9. Link1000ACS Wireless Web Interface User s Guide icXchange www intcomcorp com This is the Link1000ACS Wireless Web Interface User s Manual It contains instructions to configure the wireless components of the Link1000ACS Access Control Switch and any of its associated access points AP Intended audience This manual is designed to be used by network managers administrators and technicians who are responsible for installing networking equipment in enterprise and service provider environments Knowledge of telecommunication and Internet protocol IP technologies and advanced knowledge of LAN WLAN networking is assumed Documentation icXchange product and support documentation consists of a variety of manuals installation guides videos knowledge articles sample designs and troubleshooting and FAQ guides to assist you with the deployment of your new and innovative solution These and other documents are available for download at http intcomcorp com education support html To view PDF files use Adobe Acrobat Reader 5 0 or newer Download Acrobat Reader for free from the Adobe website www adobe com products Contact information Phone 888 OPT LINK E mail support intcomcorp com sales intcomcorp com Icons Table of Contents Contact Previous Page Next Page Wireless Web Interface User s Manual EE LL Safety precautions For safe and efficient use read the following information Text co
10. SNMP management Open Close Close Close 19 1 1 Wireless global traps On the SNMP Trap Configuration page select Enable for Wireless Global Traps After enabling the wireless global traps enable or disable each trap option Wireless SNMP Trap Configuration Attention config related service in Management SNMP configuration Wireless Global Traps Enable v Wireless Status Traps Disable Wireless Attack Traps AP Failure Traps AP State Change Traps Client Failure Traps i Client State Change Traps Peer Switch Traps i RF Scan Traps Rogue AP Traps i TSPEC Traps WIDS Status Traps Wireless Web Interface User s Manual 76 Click Submit to save the configuration Each wireless trap will be effective only after the Wireless Global Traps On Off is enabled Users can view the configuration on the Network Management page 19 2 Syslog configuration View the syslog information on the syslog server through the Syslog Configuration 19 2 1 Wireless syslog configuration On the Wireless Syslog Configuration page select the available options from the drop down menu to enable disable the wireless syslog Wireless Syslog Configuration AP Failure Syslogs Disable AP State Change Syslogs Disable Client Failure Syslogs Disable Client State Change Syslogs Disable Peer Switch Syslogs Disable Rogue AP Syslogs Disable TSPEC Syslogs i WIDS Status Syslogs Disable Wireless Status Sys
11. TOLT RAT DON naked 45 10 1 2 Access point NAT configuration rrrrnnrrnnnnrrrrnnrrvrnnrrennnnrr 45 R SIMPLE COMMUNICATION O ita b Wireless Web Interface User s Manual iv 10 2 Link1000ACS access controller NAT configuration 000008 46 Ue WIND PON oeie r eE A Ea EEEE EEEE EEE EAEE EEE EE E EE 46 10 2 2 Link1000ACS NAT configuration ccccceeseeeeeeeeeeeneees 46 Chapter 11 WIDS security 2 mssesuinsemimmmsmensvienmnt 48 11 1 WIDS SPM nkne 49 11 2 WIDS client configuration uantamassnsakebeleipiminrdenen 51 11 3 Known client EEE 53 11 3 1 MAC authentication mode arrrnnnnrrnnnnnornnnnvrnnnnrnnnnnnennnnne 53 11 3 2 Black white list configuration rrrrrrrrnrrerrnnrrrnnnnrernnrrennnnn 54 Chapter 12 Captive PA Luaaaosssgeneeseanmneen 55 12 1 Global COM ORANG EE NN 55 12 2 Captive portal authentication type arrrranrrrnnrrnnnrnnnnnernnnrnnnnennnnenn 56 12 3 Portal server CONNOQUIAUION sicesissaneierdnttaaverntenddcsiertimaiwnernsaionmananadanen 56 12 4 Free resource CONFIQUIATION cccceseccceeseecseseeceeeeecseeeeessaeeeees 57 12 5 MAC portal configuration rrrrnnrrnrnnnrrnnnnrnvnnnrenrnnrennnenennnnnrnnnnnsen 58 12 6 Portal instance configuration s wiceinvisanswisnwnsncedsenstandustavasandwidviescaansen 59 Chapter 13 NN 61 13 1 Connguraton PUSI sceictsteccceetsetecdectacstousececesincuoncesunescedestenetsieeteeee eerie 61 13 2 Configur
12. radius 1192 168 1 100 192 168 1 100 test Wireless Web Interface User s Manual 15 hs OI Chapter 4 System configuration Click WLAN Configuration gt System Configuration to open the System Configuration page From this page the corresponding parameters under WLAN global mode can be configured The figure is as follows admin Save Configuration Logout s icXchange Dashboard AWE Keene eu Monitor Management Wired Configuration System Configuration WLAN Enable Auto IP Assign Mode Z IPv4 Address IPv6 Address None System Configuration AP Authentication Mode None Radius Authentication Server Default RADIUS Server Radius Accounting Mode e Client QoS Global Mode T Country Code US United States Peer Group ID 1 1 255 Cluster Priority 1 0 255 4 1 WLAN enable Select WLAN Enable to enable the WLAN function The Link1000ACS WLAN service can only be used after selecting this option If it is not selected all WLAN functions on the Link1000ACS will be disabled and WLAN service will be stopped Note Default setting is WLAN disable Fast Configuration will automatically update to WLAN enabled System Configuration WLAN Enable Wireless Web Interface User s Manual 16 IN E wy om my mn OI 4 2 Auto IP assign mode Select Auto IP Assign Mode allowing the WLAN function to choose the IP address
13. Add Click Apply 7 Wireless Web Interface User s Manual 110 21 2 1 4 SNMP engineid configuration Click Management gt SNMP Configuration gt SNMP authentication gt SNMP engineid configuration to configure the engine id e Engineid the engine id the range is from 1 to 32 hex characters e Operation Configuration or Default Example Type the Engineid as 18c30125fa and select the Operation as Configuration Click Apply to complete the engine ID of 31386333303132356661 as follows SNMP 7 eee configuration Configuration r 3138633330313235 6661 21 2 2 SNMP management Click Management gt SNMP Configuration gt SNMP management to configure the SNMP Agent state RMON state Trap state and Security IP state Example Select the SNMP Agent state as Open the RMON state as Open the Trap state as Open and the Security IP state as Close Click Apply SNMP management SNMP agent state open RMON state Trap state aT Security IP state Wireless Web Interface User s Manual 111 e SNMP Agent state open or close the SNMP agent function of the switch e RMON state open or close the RMON function of the switch e Trap State open or close the function that the device receives the Trap information e SecuritylIP State open or close the security IP address checking function of the NMS management station 21 2 3 Community managers Click Management gt SNMP Configuration gt C
14. Channel Load History Entries 0 WLAN Bytes Transmitted 620135 WLAN Bytes Received 17201 WLAN Bytes Transmit Dropped 455448838 WLAN Bytes Receive Dropped 0 Distributed Tunnel Packets Transmitted 0 Distributed Tunnel Clients 0 192 168 1 51 Cluster Controller IP Address 192 168 1 51 Total Clients Authenticated Clients Maximum Associated Clients Rogue AP Mitigation Count Rogue AP Mitigation Limit Detected Clients Maximum Detected Clients WLAN Utilization Total Pre authentication History Entries 0 Total Roam History Entries 0 Maximum AP Provisioning Entries 4000 Maximum Channel Load History Entries 100 WLAN Packets Transmitted 4797 WLAN Packets Received 338 WLAN Packets Transmit Dropped 316227 WLAN Packets Receive Dropped 0 Distributed Tunnel Roamed Clients 0 Distributed Tunnel Client Denials 0 Wireless Web Interface User s Manual 78 20 1 1 Cluster Click Monitor gt Link1000ACS to open the Link1000ACS Monitor page to view the cluster information including the Link1000ACS Operational Status Cluster Controller Basic Information Global Statistics Distributed Tunnel Statistics TSPEC Status and TSPEC Statistics Wireless Global Status Statistics AC Operational Status Enable Peer Switch Number 0 Cluster Controller Yes Total AP Managed AP Discovered AP Connection Failed AP Maximum Managed AP in Peer Group Rogue AP Standalone AP Unknown AP Maximum Pre authentication History Entries 500 M
15. Configuration Rogue client detection configuration Authentication with Unknown AP Test Disable Not Present in OUI Database Test Disable OUI Database Mode Both Not Present in Disable Known Client Database Pr Known Client Database Known Client Database Test Lookup Method L Radius Server Name Threshold Interval 1 3600 seconds Threshold Interval 1 3600 seconds pen OENE Configured Probe Requests Rate Test Enable Threshold Value 1 99999 120 Configured Association Rate Test Enable v Threshold Value 1 99999 10 re Threshold Interval Configured DisAssociation Rate Test Enable Threshold Value 1 99999 10 1 3600 seconds Threshold Interval 1 3600 seconds Configured De Authentication Requests FS Threshold Interval Rate Test 1 3600 seconds Maximum Authentication Failures Test Enable Threshold Value 1 99999 5 Rogue Detected Trap Interval Configured Authentication Rate Test Enable Threshold Value 1 99999 10 If there are rogue clients in the network the AC sends a trap periodically Rogue Detected Trap Interval 60 3600 seconds 0 Disable 300 Dynamic BlackList Mode Once Dynamic Blacklist is enabled rogue clients will be added to the dynamic blacklist table and the access controller will refuse the rogue client s MAC authentication Dynamic BlackList Mode Disable Dynamic BlackList Life Time 60 3600 seconds 300 Client
16. Default 21 ARC1000MAP Indoor Single Band Radio 802 11N Modify Copy Apply 2 Default 22 ARC2000MAP Indoor Dual Band Radio 802 11N Modify Copy Apply New Delete EA a D TE Wireless Web Interface User s Manual 26 _ OO CLL lhl 6 1 1 Normal attribute Click New or Modify to open the AP group s Normal Attribute page The user can enter the basic configuration information of the AP group from this page Example Type the ID as 2 and the Group Name as Group2 Select the Hardware Type as 22 and the Load Balance Template as 7 Traffic Click OK 2 Group Name Group2 Hardware Type 22 ARC2000MAP Indoor Dual Band Radio 802 11N v Load Balance Template 7 Traffic a The configured hardware type should be the same as the actual AP Hardware types include Dual Radio type 22 and Single Radio type 21 The hardware type of 0 is the default value which means that there is no corresponding AP Details of load balance template creation can be found in Chapter 14 In this example the load balance template is bound to Group2 6 1 2 AP configuration From the AP Configuration page the user can add modify or delete the AP in the AP group and configure the channel and power The AP can only be configured when the AP group is modified This action takes effect immediately and is submitted to the Link1000ACS without clicking OK at the bottom right of the page Wireless Web Interface User s Manual
17. ICC products deployed and other factors These results may not be typical your results may vary G te Link1000AGS User s Manual 131 fr ey s y A
18. Management page The user can configure each of the AP group items and submit them to the Link1000ACS admin Save Configuration Logout icXchange Dashboard PAE Ree AP Groups This table lists basic information for all AP groups Click New to create more AP groups or click Modify to change settings for existing AP groups Click Copy to copy the configuration to a new AP group Click Apply to apply the information to all APs in the AP group ID Group Name Hardware Type AP Group Management 1 Default 21 ARC1000MAP Indoor Single Radio b g n 2 Default 22 ARC2000MAP Indoor Dual Radio a n b g n 3 Default 17 ICX250 DAP Indoor Dual Band Radio a n b g n Operation Modify Copy Apply Modify Copy Apply Modify Copy Apply O O New Delete 6 1 Add modify delete AP group The New and Modify links and the Delete button can configure the AP groups Example 1 Click New and type the ID as 2 Click OK 2 Click Modify to the right of AP group 2 to modify 3 Select AP group 2 and click Delete to delete this AP group AP group 1 cannot be deleted it is used to record failed and rogue APs AP Groups This table lists basic information for all AP groups Click New to create more AP groups or click Modify to change settings for existing AP groups Click Copy to copy the configuration to a new AP group Click Apply to apply the information to all APs in the AP group ID Group Name Hardware Type Operation 1
19. Server IP Accounting Server Port 00 optional Primary Accounting Server The default Accounting Server Port is 1813 If deleting the accounting server select it and then click Delete Prior to deleting the last accounting server the Radius Accounting Server must be disabled Click Submit to save the configuration 7 1 4 Radius group manage Radius Group Manage corresponds to the aaa group server radius command It can configure multiple Radius groups Example Configure two Radius groups of wlan1 and wlan2 Type the group names in the Radius Group Name text box and then click Add 7 1 5 Radius configuration Radius Configuration will bind the Radius server address to the Radius group Multiple Radius addresses can be bound to each group name but each Radius address can only be bound to one Radius group Example Bind the 192 168 1 15 server to wlan1 and bind the 192 168 1 32 server to wlan2 Choose the configured Radius group in the Radius Group Names and select the server address in the Radius Server IP drop down list Click Add Radius Server IP 192 168 1 15 192 168 1 32 Wireless Web Interface User s Manual 36 ZN wy om my 7 2 LDAP configuration LDAP Configuration corresponds to the Idap server subsequent configuration command and is mainly used by the portal authentication server and user management server The main configuration items include the following e Server IP Address the LDAP server IP addre
20. Threat Mitigation Once Client Threat Mitigation is enabled the access controller will counter the threat from the rogue clients Client Threat Mitigation Disable e Authentication with Unknown AP Test enables or disables the detection of lawful client associating with an unknown AP e Not Present in OUI Database Test enables or disables the OUI detection e OUI Database Mode Identifies OUI database mode e Not Present in Known Client Database Test enables or disables the detection of a known client e Known Client Database Lookup Method configures the method of the known client database lookup it includes two methods local and radius e Known Client Database Radius Server name configures the method of the known client database server name e Configured Probe Requests Rate Test enables or disables the probe requests frame flood attacks detection e Configured Association Rate Test enables or disables the association requests frame flood attacks detection e Configured Disassociation Rate Test enables or disables the disassociation requests frame flood attacks detection JD mm mm D EE Wireless Web Interface User s Manual 51 ZN wy om my e Configured Authentication Rate Test enables or disables authentication requests frame flood attacks detection e Configured De Authentication Requests Rate Test enables or disables the de authentication requests frame flood attacks detection
21. Total KB 112672 TSPEC Status Type Number of Active Traffic Streams Number of Traffic Stream Clients Number of Traffic Stream Roaming Clients To reboot the AP make the selection from the AP MAC Address list select the corresponding MAC address and click Reset The Message from webpage dialog box will appear Click OK to complete the configuration reset Message from webpage ita b Wireless Web Interface User s Manual 87 SIMPLE COMMUNICATION A DS i ww MM EE 20 2 2 2 Radio detail Radio Detail includes Supported Channels Channel Authenticated Clients Channel Bandwidth Fixed Channel Indicator Fixed Power Indicator Manual Channel Adjustment Status Manual Power Adjustment Status WLAN Utilization Total Neighbors TSPEC Status etc Select either 1 off for Radio 1 or 2 802 11a n for Radio 2 to monitor their status as shown in the following figure Radio 1 detailed 1 802 11b g n 2 802 11a n Authenticated Clients 0 20 MHz Transmit Power 0 Fixed Channel Indicator no Fixed Power Indicator no Manual Channel Adjustment Status Not Started Manual Power Adjustment Status Not Started WLAN Utilization 0 Total Neighbors 0 Radio Resource Measurement Enable TSPEC Status Access Category Operational Status Number of Active Traffic Streams 0 Number of Traffic Stream Clients 0 Number of Traffic Stream Roaming Clients 0 Medium Time Admitted Medium Time Unallocated Medium Time Roaming Unalloca
22. Transmission type ascii uses ASCII to transmit the file binary uses binary to transmit the file Click Apply Note The firmware upgrade process may take up to 15 minutes after loading the files onto the controller After copying over the firmware image files to the controller users should allow up to 15 minutes for the controller to complete the upgrade process prior to performing a reboot of the controller Wireless Web Interface User s Manual 118 21 4 2 TF ITP server service Click Manage gt Firmware update gt TFTP service gt TFTP server service to open the configuration page TET Timeout 200 TFTP server state the server state includes Open and Close TFTP timeout the timeout TFTP retransmit times the times of retransmission e Operation Configuration or Default 21 4 3 FTP client service Click Manage gt firmware update gt FTP service gt FTP client service to open the configuration page FIP chent service Server IP address 192 168 1 100 User name Password Local file name 105 img Operation type Download pel binary Wireless Web Interface User s Manual 119 e Server IP address the IP address of the FTPserver e User name the user name range is from 1 to 100 characters e Password the appointed password ranges from 1 to 100 characters e Local file name destination file name range is from 1 to 100 characters e Server file na
23. automatically When enabled APs can have automatic IP address assignment from the Link1000ACS Wireless IP subnet If the user has configured multiple Layer 3 interfaces or loopback interfaces on the controller select the WLAN IP address to be the lowest IP address among the Layer 3 interface subnets or the lowest loopback interface Auto IP Assian Mode IPv4 Address 192 168 1 1 Clear the Auto IP Assign Mode check box to disable the auto IP assign mode and then type a static IP address manually When configuring the static IP the address of the existing loopback or L3 interfaces should be chosen otherwise it will not be effective and the WLAN function will not function properly Auto IP Assign Mode AC Static IPv4 Address 192 168 1 1 AC Static IPv6 Address 2001 da6 1 1 1 4 3 AP authentication mode There are three modes of AP authentication MAC is the default mode AP Authentication Mode mac x AP Validation Method None sets the automatic registration authentication mode The AP database does not need to be added manually on the Link1000ACS It can join the cluster when the Link1000ACS or the AP automatically connects MAC sets the MAC address authentication mode The AP database needs to be set manually and then the AP can join the Link1000ACS Password sets the password authentication mode After the TLS connection is created between the AP and the Link1000ACS they can join the cluster through password authentic
24. can report the client as the dynamic blacklist through the Client Dynamic Blacklist conditions The scanned dynamic blacklist is as follows Client Dynamie Blacklist O 00 27 19 03 75 x Od 00 00 Od Chart menge condigured rate for probe mig Click Delete to delete the selected client Click Delete All to delete the entire Client Dynamic Blacklist Wireless Web Interface User s Manual 101 ss S Chapter 21 Management 21 1 Basic configuration Click Management gt Switch Basic Configuration to configure Login user configuration Login user authentication method configuration Login user security IP management and Basic Configuration Users can also Save the current running configuration set the AC to factory default and warm reboot the AC with or without saving the current configuration Switch basic configuration 21 1 1 Login user configuration Click Management gt Switch basic configuration gt Login user configuration to add or delete the user information Example Configure a user with a Name and Password both as admin and with Priority of 15 Login username and password configuration lUser admin KE Passwo rd TTT Encrypted text Priority 15 Operation Add v Click Apply and the added user information will be displayed as follows Login username and password configuration lUser admin Passwo rd PAPP Encrypted text Prio rity 15 Operation Remove v Wireless W
25. enable command Select the Radius Accounting Status check box to enable the Radius accounting function This corresponds to the aaa accounting enable command In the Radius Key text box type test or the secret key programmed in the radius server This corresponds to the radius server key command The key must be the same as the Radius server for authentication Type the address as 192 168 1 250 for both the Radius NAS IPV4 and Radius Source IPV4 boxes The configuration of NAS IP corresponds to the radius nas ipv4 command The Radius Source IPV4 corresponds to the radius source ipv4 command Radius Configuration Radius Authentication Status Radius Accounting Status Radius Key test Radius NAS IPv4 192 168 1 250 Radius Source IPv4 192 168 1 250 After all fields are entered click Submit PEN br Wireless Web Interface User s Manual 34 SIMPLE COMMUNI CATION 7 1 2 Radius authentication server configuration Radius Authentication Configuration corresponds to the radius server authentication host command and can configure the address of the authentication server Example Configure the Server IP Address as 192 168 1 15 Select the Primary Authentication Server check box as shown in the following figure Radius Authentication Server Configuration Radius Authentication Server Configuration Authentication Server Port optional Primary Authentication Server Server IP Address 192 168 1 15 Authentication Server Port opti
26. from a fake managed AP Disable AP without an SSID Fake managed AP on an invalid channel Disable Disable Disable Managed SSID detected with incorrect security Disable AP is operating on an illegal channel Disable Unexpected WDS device detected on network Disable Administrator configured rogue SSID Disable invalid 551D from a managed AP Disable WIDS Security Unmanaged AP detected on wired network Disable 1 3600 seconds 0 Disable Rogue Detected Trap Interval If there are rogue APs in the network the AC sends a trap periodically len Rogue Detected Trap Interval 60 3600 seconds 0 Disable 100 AP De Authentication Attack Onoe AP De Authentioation Attack is enabled the rogue APs wil be added to AP De Authentication List and countered by managed AP AP De Authentication Attack Disable 7 Submit AAs f I J SIMPLE COMMUNICATION Wireless Web Interface User S Manual 48 O hmm hl LL 11 1 WIDS AP configuration Click WLAN Configuration gt WIDS Security gt WIDS AP Configuration to select Enable or Disable for each item option as shown in the following figure WIDS AP Configuration Rogue AP detection configuration Administrator configured rogue AP Managed SSID from an unknown AP Managed SSID from a fake managed AP i v AP without an SSID Fake managed AP on an invalid channel i F Managed SSID detected with incorrect security Invalid SSID from a managed AP
27. in the cluster Every Link1000ACS in the cluster needs to obtain the certificate of that AC Any Link1000ACS in the cluster can achieve the certificate transit among the Link1000ACSs Example 1 Select AC Provisioning and click Submit to enable this function Provisioning can add a new AC or AP into an existing duster AP Provisioning entries can be viewed only on the Cluster Controller AP Provisioning Only unmanaged APs can be deleted Unmanaged AP Reprovisioning Mode w E MAC Address Managed IP Address Primary IP Address Backup IP Address New Primary IP Address New Backup IP Address Status Aj gt C f8 f7 d3 00 03 80 192 168 1 130 192 168 1 1 192 168 1 1 Success 0d 00 00 04 Modify f8 f7 d3 00 03 80 192 168 1 130 192 168 1 1 192 168 1 1 z none x AC Provisioning AC Provisioning 2 Type 192 168 100 1 the IP address of the Link1000ACS to be added to the cluster in the AC IP Address text box and click Start The certificate request will begin Click Refresh to view the status AC Certificate Request AC IP Address 192 168 100 1 AC Certificate Request Status Requested 3 Type 192 168 100 1 the IP address of the Link1000ACS to be added to the cluster in the AC IP Address text box and click Start The provisioning will begin Click Refresh to view the status AC Provisioning AC IP Address 192 168 100 1 AC Provisioning Status Certificate Request Wireless Web Interface U
28. list 21 2 1 2 Groups Click Management gt SNMP Configuration gt SNMP Authentication gt Groups to add or delete SNMPv3 groups SNMP group the user group name of SNMP range is from 1 to 32 characters Security level the security level of the group noAuthNoPriv is no authentication and no privacy AuthNoPriv is authentication but no privacy AuthPriv is authentication and privacy Read SNMP view configures the SNMP view community name with read permission Write SNMP view configures the SNMP view community name with write permission Notify SNMP view configures the SNMP view community name with notify permission Operation includes Add or Delete Wireless Web Interface User s Manual 109 Example Type the SNMP group as UserGroup Select the Security level as authPriv Select max for the Read SNMP view Read SNMP view and NotifySNMP view options Select the operation as Add Click Apply operation 21 2 1 3 Views Click Management gt SNMP Configuration gt SNMP Authentication gt Views to add or delete SNMPv3 views e SNMP view configures the view community name range is from 1 to 32 characters e OID the OID or the corresponding node name range is from 1 to 255 characters e Type configures the Include Exclude e Operation includes Add or Delete Example Type the SNMP view as max and the OID as 1 3 6 1 4 1 41721 2 2 1 Select the type as Include and the Operation as
29. on the restriction of certain hazardous substances in electrical and electronic equipment ROHS 1 CAUTION Exposure to radio frequency radiation Wireless Web Interface User s Manual 127 USA Federal Communications Commission FCC EMC compliance This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help The user may find the following booklet prepared by the Federal Communications Commission helpful The Interference Handbook This b
30. specifications set forth in the icXchange user guide accompanying the Product In the case of a defect which is reproducible by ICC the Software will be either repaired or replaced at ICC s option All products that are returned to ICC become the property of ICC Repaired or replacement products may be refurbished or contain refurbished materials Any replaced or repaired product carries the remainder of the initial warranty ICC is not responsible for any Customer or custom software or firmware configuration information or Customer memory data contained in stored on or integrated with any products returned to ICC pursuant to any warranty Customer must back up or otherwise retain any such information or data prior to shipping product to ICC Products returned to ICC should have any customer installed accessory or add on components such as expansion modules removed prior to returning the product for replacement ICC is not responsible for these items if they are returned to ICC with the product Prior to returning any defective product Customers must contact ICC for a Return Material Authorization number RMA Proof of the original purchase may be required Any product returned to ICC without a valid RMA number clearly marked on the outside of the package will be returned to the customer at customer s expense For warranty claims within the US and Canada please call our toll free customer support number at 1 855 692 7211 Customers are respon
31. status AP RF Scan Status shows all the APs scanned information AP RF Scan Status MAC Address SSID Physical Mode Status Age f8 f7 d3 00 03 60 Guest Network 802 11b g n Managed 0d 00 51 46 f8 f7 d3 00 03 b0 VAP_5G 802 11a Unknown 0d 00 00 21 f8 f7 d3 00 03 c0 Guest Network 802 11b g n Managed 04 00 50 38 fc 75 16 a3 38 f0 dlink 802 11b g Unknown 0d 00 46 18 1 Delete Al Manage Refresh The AP RF scan status list describes all the APs statuses scanned in the wireless network The AP monitors the RF environment including client and AP information It will send the monitored information periodically to the associated AC e MAC Address the MAC address of the scanned AP e SSID the network SSID sent by the scanned AP e Physical Mode the detected radio mode of the scanned AP e Channel the detecte channel of the scanned AP e Status the status of the scanned AP including Unknown Managed and Rogue e Age the interval from the last scanning to current Click View Detail to view the RF scan status of one AP Click Delete All to delete all the scanned APs Click Manage to add the selected AP into the AP database Click Refresh to refresh the scan information 20 4 2 AP RF scan detail Click View Detail in the AP RF scan status to open the detail information Wireless Web Interface User s Manual 98 ZN wy om my 20 4 2 1 AP RF scan status Select the AP in the AP RF Scan Detail drop down list to v
32. the WLAN Mutual authentication offer security Mutual Authentication Mode B Mutual Authentication Status Not Started Refresh Regenerate X 509 Certificate Regenerate X 509 Certificate Status Not in progress 9 1 AP provisioning AP Provisioning configures the AP for provisioning through the Link1000ACS Access Control Switch It will provision an AP that was added into the cluster and also provision an AP that is not added to the cluster AP reprovisioning Configure the Link1000ACS Access Control Switch to provision the AP The certificate needed to authenticate will be transmitted in the cluster automatically which will allow provisioning to begin Example Click Modify and type the new Primary IP Address and the new Backup IP Address of the controller to which the AP will be provisioned Click Submit Select the AP that needs provisioning and then click Deploy to provision successfully Note The AP needs to be rebooted for a successful provision Power down the AP manually or if the AP has been previously managed click the Monitor tab click AP click View Detail and then pull down the radio mac address to reset in Managed AP Status Scroll down the page to click the Reset button The AP will reset in about 2 minutes Wireless Web Interface User s Manual 41 IN E wy om my mm OKK 9 2 AC provisioning AC Provisioning adds the Link1000ACS into the cluster This Link1000ACS needs to obtain the certificates of all ACs
33. used to access the free resource in the Captive Portal module Configuring this rule allows a specific client to access the specific network resource without portal authentication Free Resource ID free resource rule number ranges from 1 to 32 e Source IP Mask Length source IP address field in the rule and the length of its mask e Destination IP Mask Length destination IP address field in the rule and the length of its mask Example 1 Type the Free Resource ID as 1 the Source IP Mask Length as 192 168 1 100 24 and the Destination IP Mask Length as 10 1 1 1 32 Click Add to complete the configuration 2 Select the free resource rule to be deleted and click Delete Free Resource ID 1 4 32 Source P Mask Length 192 168 1 100 24 Example 192 168 1 1 24 Destination IP Mask Length 10 1 1 1 32 Example 192 168 1 1 24 Wireless Web Interface User s Manual 57 3 Click Modify to the right of the Free Resource ID to modify the source IP Mask Length and the Destination IP Mask Length Note The Free Resource ID cannot be modified Free Resource ID Source IP Mask Length Destination IP Mask Length 1 192 168 1 100 24 10 1 1 1 32 Free Resource ID h 1 32 Source IP Mask Length 192 168 1 100 24 Example 192 168 1 1 24 Destination IP Mask Length 10 1 1 1 32 Example 192 168 1 1 24 12 5 MAG portal configuration The MAC Portal function is used for special users in the network The administrator can configure
34. 1 The Link1000ACS operational status Wireless Global Status Statistics in the cluster includes the Link1000ACS Operational Status IP Address and Peer Switch Number The IP address is the wireless IP address as shown in the following figure Wireless Global Status Statistics AC Operational Status Enable 192 168 1 1 Peer Switch Number 0 20 1 1 2 Cluster controller e Cluster Controller displays Yes or No Yes indicates that the local Link1000AGS is the cluster controller No indicates that it is not the cluster controller Cluster Controller IP Address the wireless address of the cluster controller Cluster Controller Yes Cluster Controller IP Address 192 168 1 1 20 1 1 3 Local Link1000ACS information The Link1000ACS Information includes Total AP Managed AP Discovered AP Connection Failed AP Maximum Managed AP in Peer Group etc It also includes Total Clients Authenticated Clients Detected Clients WLAN Utilization etc The figure is as follows Wireless Web Interface User s Manual 80 Total AP Total Clients Managed AP Authenticated Clients Discovered AP Maximum Associated Clients Connection Failed AP Rogue AP Mitigation Count Maximum Managed AP in Peer Group Rogue AP Mitigation Limit Rogue AP 0 Detected Clients Standalone AP 0 Maximum Detected Clients Unknown AP 5 WLAN Utilization 0 Maximum Pre authentication History Entries 500 Total Pre authentication History Entries 0 Maximum Roam History Ent
35. 2 Detected 00 00 0d 05 26 39 Detected 00 32 0d 05 27 12 Detected 00 46 0d 02 13 39 SEO OE aao 123456 7 8 View Detail Delete Delete All Acknowledge Acknowledge All Rogues Refresh 20 3 1 Associated client list The associated client list displays the information of the associated clients including e MAC Address the clients MAC address the MAC address with asterisk is the address of the associated client on the peer switch e Detected IP Address the IP address of the client e NETBIOS Name the name of the client under the NETBIOS protocol e SSID the network name e BSSID the MAC address of the associated VAP e AC IP Address the IP address of the managed AC JD mn mm ita b Wireless Web Interface User s Manual 92 SIMPLE COMMUNICATION GI DS Channel the channel that the client uses to communicate with the AP State the current authentication state of the client e Network Time the interval from the client connecting to the network to current Click View Detail to view the associated clients details which are shown in the following section Click Disassociate to disassociate the current selected client Click Disassociate All to disassociate all clients Click Refresh to refresh the list Example Select the client to be disassociated click Disassociate and then click Refresh This client will be disassociated Note The disassociated client may be
36. Det OE dd Chapter 16 Data transfer Click WLAN Configuration gt Advanced Configuration gt Data Transfer to configure the Centralized L2 Tunnel Configuration 16 1 Centralized L2 tunnel configuration 16 1 1 VLAN config Add the data VLAN into the centralized tunnel through VLAN Config to achieve the centralized transfer Example Type 10 into the VLAN text box and then click Add Centralized L2 Tunnel Configuration VLAN Configuration Centralized L2 Tunnel Configuration VLAN Configuration VLAN Select 10 VLAN0010 and then click Delete to delete it Wireless Web Interface User s Manual 70 16 1 2 Station isolation VLAN The users under the Station Isolation VLAN will be isolated from each other The station isolation VLAN must first exist in the centralized VLAN and then it can be created and added From the Station Isolation VLAN drop down list select Add Remove or Delete All Station Isolation Vlan Station Isolation Vlan List Station Isolation Vlan Add the VLAN must have been in the centralized tunnel e Remove delete one configured station isolation VLAN e Delete all delete all isolation VLANs Example Select 10 VLAN0010 and then click Add Click Submit to confirm changes Centralized L2 Tunnel Configuration VLAN Contig VLAN 10 VLANOOTO Wireless Web Interface User s Manual 71 OSSOS h tee teE rm Chapter 17 Time limit policy The Time Limit Polic
37. E gt E Warranty International Communications Corporation Inc ICC warrants its products to be free from defects in workmanship and materials under normal use and service starting from the date the original purchaser purchased the product based on the invoice date on the authorized Partner s invoice from ICC or its Authorized reseller or distributor All icXchange hardware excluding fans and internal power supplies is under warranty for the life of the product and 2 years after the product is End of Life Fans and internal power supplies are not included in the lifetime warranty and are covered by a warranty period of five 5 years Should any icXchange product fail to function as warranted ICC may at its own discretion either repair or replace the defective product with a similar or functionally equivalent product during the applicable warranty period ICC will endeavor to repair or replace any product returned under warranty within thirty 30 days of its receipt of the returned product End of Life of a product is defined as the date that ICC no longer makes the product readily available for sale in its authorized channels Support for icXchange hardware can be extended via an icXchange Service Contract ICC warrants that for a period of two 2 years from the invoice date on the authorized ICC distributor s invoice that the Software supplied by ICC will perform substantially in accordance with the
38. ER o o E E E E E T 30 6 1 0 ES md OD 31 SEE AF OUD EE N E E E 32 EAN PO NN 33 Chapter 7 Security authentication ccccesecesseeeseeeees 34 7 1 Radius COME IO eee eden kneet apen 34 7 1 1 Global configuration EE EG 34 7 1 2 Radius authentication server configuration cccseeeeeeees 35 7 1 3 Radius accounting server COnfiguratiONn cccseceeeeeeeeeeees 35 7 1 4 Radius group manage vane dimusscaadnmnnivanadeanceanss 36 7 1 5 Radius NNN 36 DPI 37 Chapter 8 Discovery EE EEE 39 8 1 IP discovery cccccccescecseseeeceuseeccuseeeceseeecauseecsuseeeceueeeseuseessageessagees 39 8 1 1 Enable and disable IP discovery rrrrrrnnnrvvvrnnrrrvrrnnnrrennnnner 39 8 1 2 Add IP of L3 IP GIS COVEN siscencincsnarceamesdoiacnsaeotamevactssvannmtamstaes 39 8 1 3 Delete IP address from L3 IP discovery list rrrrnrrrrnnnnnrnnn 39 9 2 LA VLAN dISCOVOTY ne 40 8 2 1 Enable L2 VLAN discovery m nmsasuansnumimnidmlslviskvsvtes 40 8 2 2 Add VLAN of L2 VLAN ISCOVETLY ccccseeeeeseeeeeseeeeeneeees 40 8 2 3 Delete VLAN from L2 VLAN discovery list rrrnnrrrnnnnrnnnnre 40 Chapter 9 PNG 41 STAF PPO VISIONING EE NOE 41 9 2 AC PIOVISIOMIN es sxisieccreivnssintreiiavciuiatinn vodinanamcnieinesins tavicndiadintaindieindavdtulnndad 42 9 3 Mutual authentication EN NM 43 Chapter 10 Provisioning over NAT cccsccesseeeeeeeseeees 44 10 1 NAT provisioning configuration usunsvsmmtnmemieeikdnd j ndin n 45
39. Mode Station EDCA Parameters Queue AIFS 1 to 15 WwMi x msecs TXOP Limit 32 microsecs 0 to 65535 0 Voice 1 Video 2 Best Effort 3 3 Background 7 e Template The user can select Custom Factory Default or Voice EDCA parameters can only be configured when Custom is selected e AP EDCA Parameters The user can type values or select from the drop down lists to configure AP EDCA parameters e WMM Mode The user can select or clear the check box to enable or disable the WMM QoS function e Station EDCA Parameters The user can type values or select from the drop down lists to configure EDCA parameters 6 1 6 TSPEC Traffic Specifications TSPEC parameters can be configured here for the AP group or groups Generally the configured default values are appropriate for most users Only advanced users should configure these parameters Example Select Enable for the TSPEC Mode Select Enable for the Voice ACM Mode and Video ACM Mode Type the limit and timeout as the default values and click OK Wireless Web Interface User s Manual 31 ZN wy om my Voice ACM Limit 0 to 70 Video ACM Limit 0 to 70 Roam Reserve Limit 0 to 70 AP Inactivity Timeout secs 0 to 120 0 Disable STA Inactivity Timeout secs 0 to 120 0 Disable Legacy WMM Queue Map Mode Disable a 6 2 Copy AP group Copying allows users to quickly create or modify new AP groups
40. Network page and when the user inputs any VLAN ID here it automatically binds to the network currently being modified Binding in this instance means tying a VLAN ID to a particular IP network This VLAN ID is the data VLAN that the client uses 5 4 MAC authentication Click MAC Authentication Mode to enable MAC authentication MAC authentication controls the client s access to the network by configuring the black and white list detailed in Chapter 10 WIDS security Select the Config Black and White List check box 5 5 Portal instance Pull down the desired Portal Instance to enable it Wireless Web Interface User s Manual 24 i ws MM CO cq 5 6 Client QoS The Client QoS controls the client s rate and access through the network configuration There are three forms 1 Client QoS bandwidth limit up and down 2 Client QoS access control up and down 3 Client QoS DiffServ policy up and down Select the Client Qos Mode check box Client QoS Mode Bandwidth Limit Up 0 4194303 Kbps 0 Disable Bandwidth Limit Down 0 4194303 Kbps 0 Disable Client QoS ACL Up Client QoS ACL Down Client QoS DiffServ Policy Up Client QoS DiffServ Policy Down Wireless Web Interface User s Manual 25 Chapter 6 AP group management AP Group MangementMRes is used to manage multiple APs Multiple APs can be added and managed in one AP group Click WLAN Configuration gt AP Group Management to open into the AP Group
41. P Management Community Managers Configure SNMP Manager Security IP SNMP Statistics SSH Management Firmware Update TFTP Service Max Numbers of Telnet Access Connection Maintenance and Debugging Command Debug Command Show Clock Show CPU Usage Show Memory Usage Show Flash Show Running config Show Switchport Interface ShowTCP Show UDP Show Telnet Login Show Version SNMP Configuration R a G Ir br Wireless Web Interface User s Manual 8 1 2 4 Exiting the Web interface of the Link1000ACS Click Logout to exit and return to the Login page The chapters that follow describe how to enable and configure various features offered by the icXchange solution To properly access the advanced configuration options for a particular feature the feature must first be enabled by following the configuration steps for that feature as described in this user manual If the feature is not enabled users may not be able to perform advanced configuration for that feature Warning messages may be displayed identifying that the feature must first be enabled before the configuration can be completed Wireless Web Interface User s Manual 9 A 0 ph Chapter 2 Dashboard The dashboard includes four parts System Info Managed AP Device Info and Support 2 1 System info System Info for the Link1000ACS is as follows Link1000AC5 192 168 1 1 MAC Address f8 f7 d3 2c fe 24 System Uptime 0 weeks 0 days 7 hours 28 minut
42. PEC Packets Transmitted Total TSPEC Bytes Received Total TSPEC Bytes Transmitted Total TSPECs Accepted Total TSPECs Rejected Total Roaming TSPECs Accepted Total Traffic Stream Roaming Chents gt amp 5 O O O O gt gt o o O O O O 20 2 AP Click Monitor gt AP to open the AP Monitor page to monitor the basic AP information AP detail and the failure AP list The user can delete the failed managed AP admin Save Configuration Logout _ icXchange Dashboard WLAN Configuration Memel Management Wired Configuration AP Search Fields MAC Address G r r P Ma j Location IP Address AP Group Software Version Status Configuration Status Age f8 f7 d3 00 03 80 192 168 1 172 2 Default 2 0 10 23 Managed Success 0d 00 00 04 f8 f7 d3 00 03 e0 192 168 1 42 1 Default 2 0 10 23 Managed Success 0d 00 00 05 View Detail Delete Delete All Refresh Failure AP List z MAC Address B Peer Ma Last Failure Type Age Delete All Manage Refresh ED mm am Crit Wireless Web Interface User s Manual 85 SIMPLE COMMUNICATION O 20 2 1 Basic AP information Basic AP Information includes MAC Address Peer Managed Location IP Address AP Group Software Version Status Configuration Status and Age AP MAC Address Peer Manag Location IP Address AP Group Software Version Status Configuration Status Age f8 f7 d3 00 03 60 192 168 1 111 Default 2 0 4 10 Ma
43. R PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF PROFIT LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS PRODUCTS EVEN IF ICC OR ITS AUTHORIZED DISTRIBUTOR OR RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES THE MAXIMUM LIABILITY OF ICC UNDER THIS WARRANTY IS LIMITED TO THE PURCHASE PRICE OF THE PRODUCT COVERED BY THIS WARRANTY THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS WHICH MAY VARY FROM STATE TO STATE NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS JD mm mm D EE Wireless Web Interface User s Manual 130 ZN wy om my ists SIMPLE COMMUNICATION http www intcomcorp com 2014 International Communications Corporation Inc All Rights Reserved Printed in U S A Issue 1 0 9 15 14 icXchange is the registered trademark of International Communications Corporation Inc Acrobat Reader is a registered trademark of Adobe Systems Inc Mac OS is a registered trademark of Apple Inc Windows Windows Server 2003 Windows Vista and Microsoft Internet Explorer are registered trademarks of Microsoft Cisco is a registered trademark of Cisco Inc IBM is a registered trademark of International Business Machines Corporation All other trademarks are property of their respective owners Test results and examples are subject to unique business conditions client IT environment
44. ZN wy om my Ww E a 2 o gt a 1 Network E tad MI cr tal ha i i to far a Gi Cu Tann Eam fa E ge cL cL on on 6 I I MT rt E f i i 3 i ua Ts Fl Li wa 2 f 5 Managed SSID 5 6 Managed SSID 6 E i mw co LT sam La i on a E E a Managed SSID 8 E 9 Managed SSID 9 E 10 Managed SSID 10 E 11 Managed SSID 11 12 Managed SSID 12 E 13 Managed SSID 13 E 14 Managed SSID 14 E 15 Managed SSID 15 E EG 16 Managed SSID 16 VAP Abbreviation for Virtual Access Point VAPs segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of Ethernet VLANs VAPs simulate multiple APs in one physical AP You can configure up to 16 VAPs for each radio and they correspond to networks 1 16 6 1 5 QoS Custom QoS policies and rules can be created in the QoS section of the WebGUI For optimal user experience all key fields are configured by default Example Select the Template as Custom Select the WMM Mode check box Each of the EDCA parameters are configured as the default value Click OK Wireless Web Interface User s Manual 30 IN E wy om my Qos Template cum iE AP EDCA Parameters Queue AIFS 1 to 15 cwMin msecs cwMax msecs MaxBurst microsecs 0 to 999900 1 Video v 15 3000 2 Best Effort 3 3 Background 7 WMM
45. ace User s Manual v SIMPLE COMMUNICATION O OI II Chapter 1 Introduction to Web page configuration This chapter details the Web configuration page 1 1 Configuration preparation Manage the Link1000ACS by connecting to the Web via an Ethernet interface 1 1 1 Computer requirements Compatible operating systems Win XP Win 7 Win 8 Mac OS 10 6 7 Web browser IE 8 9 10 11 Google Chrome Firefox Safari 1 1 2 The Link1000ACS management through Web To configure the Link1000ACS locally the PC s and the Link1000ACS s IP addresses should be configured in the same subnet The Link1000ACS default IP address is 192 168 1 1 and the subnet mask is 255 255 255 0 The following are steps to create a network connection Step 1 Set up the environment Ethernet cable Figure 1 1 Web management configuration environment Connect the PC Ethernet port to the Link1000ACS Ethernet port with an Ethernet cable Step 2 Set up the network connection as shown with Windows 79 Wireless Web Interface User s Manual 1 Click Start Select Control Panel Click View network status and tasks and then click Local Area Connection The Local Area Connection Status dialog box will appear as shown in Figure 1 2 Figure 1 2 Local area connection status Q Local Area Connection Status Internet No Internet access Click Properties to open the Local Area Connection Properties dialog bo
46. ad balance Mode Disable Session Traffic Session Window 1 256 Session Threshold 4 1 8 Traffic Window Mbps 60 1 100 Traffic Threshold Mbps 20 1 00 Load balance Denial Threshold 3 lm OK Cancel The load balance includes Session and Traffic These two modes correspond respectively to the two parameters threads as shown in the previous figure Session mode displays the allowed client association based on the number of associated users Traffic mode displays the allowed client association based on the maximum bandwidth utilization of the configured radio interface Load balance Denial Threshold is the amount of times that the AP can refuse the client before receiving its association request The Link1000ACS will decide client association based on the number of clients in the current WLAN system At the same time it will monitor the radio interface load on the local AP When the load exceeds the maximum value it will send a trap to network management It can also force clients to be released when it discovers these clients exceed the maximum value Wireless Web Interface User s Manual 68 ZN wy om my 15 2 AP profile associated load balance template After creating the Load Balance Template the template must be added to the AP profile in AP Group Management and the configuration must be pushed to AP group by clicking the Apply link After this procedure is complete the template will be effective Click WLAN Conf
47. addresses Preferred DNS server Alternate DNS server Validate settings upon exit Figure 1 4 Internet protocol TCP IP properties Step 3 Use PING command to ensure the connection status between the PC and the Link1000ACS Click Start and then type CMD in the text box Press ENTER to generate the Command Prompt window Type ping 192 168 1 1 the Link1000ACS s default IP address and then press ENTER If the network is connected the window will include the following text Figure 1 5 If this text is not shown confirm the network connection is plugged in properly the Ethernet cable is functioning properly and that the PC has the correct IP address as configured previously Wireless Web Interface User s Manual 3 ZN wy om my Gea F Windows system32 cmd exe F NUsersyvWin 7 32Bit gt ping 192 168 1 1 Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time ims TTL 64 Reply from 192 168 1 1 bytes 32 time ims TTL 64 Reply from 192 168 1 1 bytes 32 time lt ims TTL 64 Ping statistics for 192 168 1 1 Packets Sent 3 Received 3 Lost z loss Approximate round trip times in milli seconds Minimum ms Maximum ims Average ns Control C F NUsersyWWin 32Bit gt Figure 1 5 Dialog box for command lines Step 4 Cancel proxy server If the current PC uses the proxy server to access the Internet the proxy server must be disabled Complete the following st
48. adio Status as Up from 8 00 on May 13 2013 to 8 00 on May 14 2013 UTC Policy Start Time 2013 5 13 8 00 End Time 2013 5 14 8 00 _ Radio Status Add Click Add to complete the configuration Start Time End Time 2013 05 13 08 00 2013 05 14 08 00 To delete the policy select the configured policy and then click Delete Wireless Web Interface User s Manual 74 Chapter 18 Organization unique identifier OUI 18 1 Add OUI Click WLAN Configuration gt WLAN Advanced Configuration gt OUI to type the OUI Value its format is xx xx xx Type the OUI Description and then click Add OUI OUI Value OUI Value OUI Description 18 2 Delete OUI Click WLAN Configuration gt WLAN Advanced Configuration gt OUI Select the OUI to be deleted and click Delete OUuI OUI Value OUI Description 00 00 01 active500EM 00 01 10 wlan OUI Value OUI Description Wireless Web Interface User s Manual 75 Chapter 19 Trap and syslog Click WLAN Configuration gt Advanced Configuration gt Trap and Syslog to open the Trap and Syslog Configuration page for the SNMP trap and syslog configuration 19 1 SNMP traps Prior to enabling SNMP trap configure the items in the SNMP management dialog box On the Management gt SNMP Configuration gt SNMP Management page select Open for the SNMP Agent state and then click Apply to enable the SNMP management on off
49. ation Wireless Web Interface User s Manual 17 ZN wy om my gt bm LLL 4 4 AP validation method lf MAC is selected for the AP authentication mode the AP validation method can be configured This option allows either local authentication or RADIUS server authentication for AP authentication Local authentication is default The authentication method can be changed to be RADIUS server authentication by selecting Radius from the AP Validation Method drop down list AP Authentication Mode If Radius is selected the user must choose a server name from the Radius server group list it should be configured first as shown in Chapter 7 Security authentication The authentication request will be sent to the selected Radius server AP Authentication Mode we L AP Validation Method Radius x Config 4 5 Radius authentication server Configure the Radius authentication server by typing radius 4 6 Radius accounting mode Select the Radius Accounting Mode check box to enable the Radius accounting function Wireless Web Interface User s Manual 18 4 Radius accounting server Configure the Radius Accounting Server by typing RADIUS Server 4 8 Client QoS global mode Select the Client QoS Global Mode check box to enable the global client QoS function of the Link1000ACS Client QoS Global Mode is divided into global on off and current network on off Both should be enabled so that clients associated with this ne
50. ation Configuration Click Apply to complete the configuration Max numbers of telnet access connection elnet access connection number Operation 21 6 Maintenance and debugging command Click Management gt Maintenance and debugging command to open the configuration page Switch basic configuration Debug command SNMP configuration show clock SSH management show cpu usage Firmware update show memory usage Telnet server configuration show flash Maintenance and debugging command show running config show switchport interface show tcp show udp show telnet login show version The content includes e Debug command the connection status of the tested switch e show clock the current time e show CPU usage the CPU usage information under the current running status e show memory usage the memory usage information under the current running status PEN SEEL Wireless Web Interface User s Manual 123 SIMPLE COMMUNICATION e show flash the flash file information e show running configuration the current parameters configuration e show switchport interface the property of the VLAN interface e show tcp the TCP that is currently connected to the switch e show udp the UDP that is currently connected to the switch e show telnet login the client information that is connected to the switch e show version the system version information of the s
51. ation push OPtiON cccccceececsececceeeeceeeeseeeeseeeeeeeeeseeeees 61 Chapter 14 AP image upgrade ccccccssecsseeceeeseeeseees 63 14 1 AP manual upgrade configuration rrrnnnnrnrnnnrvrrnnrennnnnenrnnnrennnnnen 63 Chapter 15 Load balance noannnnennnnennnoennnnennnnnnnnnnnnnne 68 15 1 Create template EN 68 15 2 AP profile associated load balance template ccccscceseeeees 69 15 3 Delete load balance template cccccccsecceseceeeeseeeseeseeeeeeeess 69 Chapter 16 Data transfer rrnnrrrnnrornnronnnrvvnnrrnnnennnnennnre 70 16 1 Centralized L2 tunnel configuration cccccsseeeceeeeeeseeeeesaeeeeens 70 BTA CONI Jerene nioa vee eased os ayer asec O EE EEE EA 70 16 1 2 Station isolation VEN oceans faire Gres ee cee 71 Chapter 21 Manageme nt ccceccsecsseceetseeeeeeeeeeeeees 102 21 1 Basic CO IM Oc EE snasantancepaniiecianasaatste snes 102 Chapter 17 Time limit Policy 1 essen 12 21 1 1 Login user configuration aiciwesiis catcncinetaarvesveireevenudansesais 102 17 1 Network time limit configuration rxrrnnnnrrnnnnnrrnnnnrvrnnnrrnnnnnnnnnnnen 12 21 1 2 Login user authentication method configuration 103 17 2 Radio time limit configuration rrrnnnnenrnnnrnnnnnnvrnnnnenrnnnrnnnnnnennnnsen 73 21 1 3 Login user security IP management u i 104 Chapter 18 Organization unique identifier OUI
52. aximum Roam History Entries 500 192 168 1 1 Cluster Controller IP Address 192 168 1 1 Total Clients Authenticated Clients Maximum Associated Clients Rogue AP Mitigation Count Rogue AP Mitigation Limit 16 Detected Clients 0 Maximum Detected Clients 15360 WLAN Utilization 0 Total Pre authentication History Entries 0 Total Roam History Entries 0 AP Provisioning Count 1 RRM Channel Load History Entries 0 Maximum AP Provisioning Entries 512 Maximum Channel Load History Entries 100 WLAN Packets Transmitted 0 WLAN Packets Received 0 WLAN Packets Transmit Dropped 0 WLAN Packets Receive Dropped 0 WLAN Bytes Transmitted 0 WLAN Bytes Received 0 WLAN Bytes Transmit Dropped 0 WLAN Bytes Receive Dropped 0 Distributed Tunnel Roamed Clients 0 Distributed Tunnel Client Denials 0 Distributed Tunnel Packets Transmitted 0 Distributed Tunnel Clients 0 TSPEC Status Total Voice Traffic Streams 0 Total Video Traffic Streams 0 Total Traffic Stream Clients 0 Total Traffic Stream Roaming Clients 0 TSPEC Statistics Access Category Voice Total TSPEC Packets Received 0 Total TSPEC Packets Transmitted 0 Total TSPEC Bytes Received 0 Total TSPEC Bytes Transmitted 0 Total TSPECs Accepted 0 0 0 0 F Total TSPECs Rejected Total Roaming TSPECs Accepted Total Traffic Stream Roaming Clients 9 9 9 9 9 9 oS ED mn a GIN Ib b Wireless Web Interface User s Manual 79 SIMPLE COMMUNICATION I 20 1 1
53. can discover an access point AP or another access controller AC by broadcasting a discovery message to the specified VLAN Enable 8 2 2 Add VLAN of L2 VLAN discovery Type the VLAN in the VLAN text box and then click Add to add it into the discovery list 8 2 3 Delete VLAN from L2 VLAN discovery list Select the VLAN that needs to be deleted and then click Delete The VLAN will be deleted VLAN 10 VLAN0010 20 30 un ad ee EEG Wireless Web Interface User s Manual 40 Chapter 9 Provisioning Click WLAN Configuration gt Provisioning to open the Provisioning page which will configure the AP and the Link1000ACS Provisioning can add a new AC or AP into an existing duster AP Provisioning entries can be viewed only on the Cluster Controller AP Provisioning Only unmanaged APs can be deleted Unmanaged AP Reprovisioning Mode Submit L MAC Address Managed IP Address Primary IP Address Backup IP Address New Primary IP Address New Backup IP Address Status Age C 8 f7 d3 00 03 80 192 168 1 172 192 168 1 253 Success 0d 00 00 03 Modify f8 f7 d3 00 03 e0 192 168 1 42 192 168 1 253 Success 0d 02 09 06 Modify Delete Deploy Deploy All Refresh AC Provisioning bmi AC Certificate Request Status Not Started Refresh AC Provisioning AC IP Address AC Provisioning Status Not Started Refresh Mutual Authentication When an AC or an AP has been added to
54. ces on the local and remote networks Please refer to the NAT device firewall manufacturer s user documentation for proper configuration 10 1 2 Access point NAT configuration Configure the icXchange Access Point in Fit mode by selecting Advanced Configuration gt AP Mode and choosing Mode Fit Under Configure Managed AP Administrative Mode enter the global public IP address of the NAT supporting firewall gateway and or router which is front of the Link1000ACS Access Controller e g 174 210 254 69 in the Switch IP Address 1 field Click Update If the Link1000ACS Access Controller is not set up behind a NAT supporting gateway and is placed directly on a public IP address then that public IP address would be entered in the Switch IP Address 1 field Up to three additional Link1000ACS Access Controller IP addresses can be entered in the fields Switch IP Address 2 Switch IP Address 3 and Switch IP Address 4 as backups activeARC Wireless Access Point Configure Managed AP Administrative Mode Q AER TG HI gt TEGE SEG anag AP ion is used configuration er A IS t Managed AP Administrative Mode Mode Fit Mode Fat configure the managed AP mode Vdvance nfiguratior thernet Settings fos fe administrative Switch IP Address 1 174 210 254 69 Upto four switch IP addresses Switch IP Address 2 can be configured on the AP so u Switch IP Address 3 Switch IP Address 4 pass phras
55. come associated again automatically Associated Client List MAC Address Detected val NetBIOS Name SSID BSSID AC IP Address Channel Stat Network Time Peer Associated IP Address coin sins sd de 00 22 75 bf 6f 51 192 168 1 16 ARAIB PC Guest Network f f7 d03 00 03 60 192 168 1 1 6 Authenticated 0d 00 03 51 20 3 2 Associated client detail Click View Detail to view the associated clients details Select the client in the drop down list and then click View Detail Click Cancel to close the detail Wireless Web Interface User s Manual 93 20 3 2 1 Associated client status Click the MAC Address drop down list and select a client to view Associated Client Detail Associated Client Detail Associated Client Status MAC Address 00 22 75 bf 6f 51 SSID Guest Network Associating AC Local Switch BSSID f8 f7 d3 00 03 60 AC MAC Address f8 f7 d3 00 03 f0 AP Mac Address f8 f7 d3 00 03 60 AC IP Address 192 168 1 1 State Authenticated Location Channel 6 Radio 1 802 11b g n User Name WLAN 1 Inactive Period 0d 00 00 00 Transmit Data Rate 144 Mbps Time Since Entry Last Updated 0d 00 00 05 Network Time 0d 00 05 42 Dot11n Capable Yes STBC Capable No NetBIOS Name ARAIB PC sr 192 168 1 16 IP Address Tunnel IP Address Click Disassociate to disassociate the client 20 3 2 2 Associated client s QoS status If the client is associated with the configured QoS network the clients QoS status can be viewed as follows Assoc
56. ct the FTP server state as Open and type the FTP Timeout as 600 seconds Click Apply to complete the configuration FIP server service FIP server state FTP Timeout Operation Configuration Wireless Web Interface User s Manual 121 Example 2 Type the User name as admin and the Password as switch Select the State as Plain text and Operation type as Add Click Apply to complete the configuration The configuration of the new user will be effective FIP user name and password setting password aamin Operation type Add 7 21 5 Telnet server configuration Click Management gt Telnet server configuration to configure Telnet server state and Max number of telnet access connections Switch basic configuration SNMP configuration 55H management Firmware update Telnet server state Telnet server configuration Max numbers of telnet access connection Maintenance and debugging command 21 5 1 Telnet server state Click Management gt Telnet server configuration gt Telnet server state to configure Example Select the Telnet server state as Open and then click Apply to start the Telnet server Telnet server state Telnet server state Wireless Web Interface User s Manual 122 21 5 2 Max numbers of telnet access connection Click Management gt Telnet server configuration gt Max Numbers of Telnet access connection to configure Example Type the Telnet access connection number as 10 and select Oper
57. d to this Dashboard WLAN Configuration group Associated clients on these APs will be disconnected Click OK to Continue or Cancel to cancel the configuration AP Groups It may take up to 90 seconds for the implementation and the This table lists basic informat ee roups or click Modify to change settings for existing AP groups Click Copy to copy the confi information to all APs in the AP group ID Group Name Har er a Operation AP Group Management 1 Default N O 5 Default 22 ARC2000MAP Indoor Dual Radio a n b g n 21 Default 21 ARC1000MAP Indoor Single Radio b g n Modify Copy Apply Modify Copy Apply Modify Copy Apply New Delete AAs oS Ge Wireless Web Interface User s Manual 33 En DS EE CLL Chapter 7 Security authentication The Security Authentication module includes Radius and LDAP configuration Radius configuration includes Global Configuration Radius Authentication Server Configuration Radius Accounting Server Configuration Radius Group Manage and Radius Configuration 7 1 Radius configuration 7 1 1 Global configuration Prior to enabling the Radius authentication and accounting service configure an accounting server and an authentication server The server configuration is covered in Section 7 1 2 After configuring the accounting and authentication servers select the Radius Authentication Status check box to enable the Radius function This corresponds to the aaa
58. dress from the drop down box to view the corresponding AC status statistics as shown in the following figure icc SIMPLE COMMUNICATION DS From Each AC Status Statistics Wireless Web Interface User s Manual 83 20 1 2 2 Basic AC information Basic AC information includes Total AP Count Managed AP Discovered AP Connection Failed AP Maximum Managed AP Total Clients Cluster Priority AP Image Download Mode WLAN Utilization etc as shown in the following figure Total AP Count Total Clients 0 Managed AP Authenticated Clients 0 Discovered AP IP Address 192 168 1 1 Connection Failed AP Cluster Priority 0 Maximum Managed AP Distributed Tunnel Clients 0 WLAN Utilization AP Image Download Mode Integrated Independent 20 1 2 3 AC statistics AC Statistics are shown as follows WLAN Bytes Transmitted 0 WLAN Packets Transmitted 0 WLAN Bytes Received 77672 WLAN Packets Received 200 WLAN Bytes Transmit Dropped 4971156 WLAN Packets Transmit Dropped WLAN Bytes Receive Dropped 0 WLAN Packets Receive Dropped 0 20 1 2 4 TSPEC Status The TSPEC Status is shown as follows TSPEC Status Total Voice Traffic Streams 0 Total Traffic Stream Clients 0 Total Video Traffic Streams 0 Total Traffic Stream Roaming Clients 0 Wireless Web Interface User s Manual 84 20 1 2 5 TSPEC Statistics The TSPEC Statistics is shown as follows TSPEC Statistics Access Category Total TSPEC Packets Received Total TS
59. e Manual Upgrade AP Manual Upgrade Configuration AP Image Type Group Size 1 to 48 Image Downinad Type Managed AP 1 Click The Table for AP Hardware Type Supported by Image Type link to determine the hardware type Click Hide The Table for AP Hardware Type Supported by Image Type to hide this information on the screen Hide The Table for AP Hardware Type Su Supported AP Hardware Type N A Supported AP Hardware Type 5 7 21 22 23 Supported AP Hardware Type N A Supported AP Hardware Type N A Supported AP Hardware Type 26 Wireless Web Interface User s Manual 63 2 Click Add to start the AP image URL Configuration The Table for AP Hardware Type Supported by Image Type AP Image Manual Upgrade AP Manual Upgrade Configuration LI AP Image Type Add The following page will generate AP Image Type Server Type FTP username FTP password Server Address File Path File Name Select an image type from the AP Image Type drop down list From the Server Type drop down list select FTP or TFTP The following figure shows the FTP configuration AP Image Type Server Type FTP username FTP password Server Address File Path File Name Lia mm fists Wireless Web Interface User s Manual 64 SIMPLE COMMUNICATION GI O The FTP username and password should be consistent If the file is in the server root directory it cannot be typed If it is not in the root directory the File Name
60. e Maximum Authentication Failures Test enables or disables detection of the maximum failed authentications Rogue Detected Trap Interval identifies the periodic rate that the AC sends a trap to detect rogue clients in the network e Dynamic Blacklist Mode enables or disables the dynamic blacklist function e Dynamic Blacklist Life time identifies the length of time for the dynamic blacklist e Client Threat Mitigation enables or disables the known client protection function Wireless Web Interface User s Manual 52 11 3 Known client Open the Known Client configuration page to configure the MAC authentication mode and add delete or modify the black and white list Known Client MAC Authentication Mode White list w E MAC Authentication Action f8 f7 d3 00 03 90 Global Action MAC Description Authentication Action Global Action Add Delete 11 3 1 MAC authentication mode Enter into the Known Client gt MAC Authentication Mode to choose the white or black list as the MAC authentication mode of known client Known Client MAC Authentication Mode White list E MAC Description Authentication Action MAC 00 00 00 00 00 01 Description abcd Authentication Action Global Action x Add Delete Select the MAG Authentication Mode as Black list and then click Submit MAC Authentication Mode Black ist Select the MAC Authentication Mode as White list a
61. e is used for authentication of the AP with Switch IPv6 Address 1 the switch Switch IPv6 Address 2 More Switch IPv6 Address 3 Switch IPv6 Address 4 Pass Phrase Click Update to save the new settings Update Wireless Web Interface User s Manual 45 10 2 Link100QAGS access controller NAT configuration 10 2 1 NAT ports The Link1000ACS and associated access points use TCP ports 57776 57779 to communicate over NAT Seta policy on your NAT firewalls gateways and or routers to open TCP ports 57776 57779 to all associated icXchange devices on the local and remote networks Configuration for opening these ports would depend upon the type and the brand of the NAT device used and how that NAT device allows certain ports to be opened Please refer to the NAT firewall gateway and or Virtual Server manufacturer s user documentation for proper configuration If a public IP address is used for the Link1000ACS s default controller IP address it is not necessary to perform the port opening configuration There is no NAT firewall gateway and or Virtual Server present between the Link1000ACS and the Internet if a public IP address is set as the default 10 2 2 Link1OOOACS NAT configuration Click WLAN Configuration gt Fast Configuration Enter the default VLAN IP address for the actve500EM in the field Wireless IP Address The default IP address for the Link1000ACS is 192 168 1 1 if it has n
62. eb Interface User s Manual 102 e User the appointed username e Password configures the appointed password e Encrypted text selects if the input password is shown in plain text or encrypted e Priority only the user whose priority is 15 can log in to the WEB Management page e Operation includes Add and Remove 21 1 2 Login user authentication method configuration Click Management gt Switch Basic Configuration gt Login user authentication method configuration to configure the VTY the login methods of Telnet and SSH Web Console methods and the login user authentication method and priority The Login methods include Console VTY including Telnet and SSH and Web The Authentication method must be Local Radius or Tacacs Local is to use the local database for authentication Radius is to use the Radius remote authentication server for authentication tacacs is to use the Tacacs remote authentication server for authentication There is no need to authenticate in console method as default the Authentication methods of VTY and Web are Local authentication by default Login user authentication method configuration Login method Console e Authentication methodi y Authentication method Web Authentication method3 None Authentication methodd4 Wireless Web Interface User s Manual 103 Example Configure a user who uses the Radius remote authentication server for authentication wit
63. ecurity 3 1 IP configuration Guest Network amp None WEP WPA WPA2 IP Configuration is used to configure the wireless IP address Type the wireless IP address The IP address entered will be configured as the wireless IP address IP Configuration Wireless IP Address 192 168 1 1 Wireless Web Interface User s Manual Loopback 1 IP Address 12 hem Mr 3 2 AP group configuration AP Group Configuration adds and updates the ID and hardware type of the AP group Example Type 2 in the Group ID box Select 22 ARC2000MAP Indoor Dual Band Radio 802 11N as the corresponding AP Hardware Type and then click Add to add them to the page Note You must click Submit after entering all information on the Fast Configuration page to save the configuration to the Link1000ACS or the modification will be lost AP Group Configuration Group ID 2 1 to 1024 AP Hardware Type 22 ARC2000MAP Indoor Dual Band Radio 802 11N Group ID AP Hardware Type 1 0 Any 2 22 ARC2000MAP Indoor Dual Band Radio 802 11N 3 3 Network configuration Network Configuration configures the network used by AP The network configuration can configure SSID and security settings for Network1 which are applied to the VAP for all AP groups 3 3 1 SSID SSID is the service set mark of the WLAN in this example it is the name of the WLAN SSID can divide one WLAN into subnets that need different ID authentication Only t
64. entication AP of non local APs Failure AP List MAC Address e3 Peer Managed IP Address Last Failure Type Age f8 f7 d3 00 03 60 192 168 1 11 No Database Entry 0d 00 00 05 Click Delete All to delete the Failure AP List Select the Failure AP List and then click Managed The message box will appear Click OK and this AP will be configured as the effective managed AP with the default profile It will be managed when discovered in future deployments Wireless Web Interface User s Manual 91 gt bm CLL CC 20 3 Wireless client Click Monitor gt Wireless Client to configure the associated and detected clients information admin Save Configuration Logout _ icXchange Dashboard WLAN Configuration Monitor Management Wired Configuration Associated Client List Search Fields _ MAC Address Detected Wireless Client Peer Associated IP Address NetBIOS Name SSID BSSID AC IP Address Channel State Network Time Disassociate Disassociate All Refresh Detected Client List MAC Address Client Status Time Since Entry Last Updated Create Time 00 08 22 5a 20 3f 00 1c df a6 41 b2 00 1d e0 af 2a 01 00 1e 4c c0 b1 31 00 21 00 38 18 f8 Detected Detected Detected Detected Detected 0d 00 01 42 0d 00 02 15 0d 01 29 29 0d 00 00 04 0d 00 02 15 0d 05 27 12 0d 05 27 12 0d 01 38 13 0d 03 40 53 0d 05 27 12 00 21 6a 79 a1 b4 Detected 03 21 0d 04 04 53 Detected 00 03 0d 03 50 4
65. ents in the cluster Device Info Managed APs 2 Authenticated Clients 1 2 4 Support Support provides the company s email address hotline phone number and the website address Support 4 Company International Communications Corporation Hotline 844 242 9246 WWW http vwwwvr intcomcorp com support htmi Wireless Web Interface User s Manual 11 hest I Chapter 3 Fast configuration Click WLAN Configuration gt Fast Configuration to configure the WLAN functions including the WLAN managed IP address AP groups and the basic network configuration This configuration is submitted to the Link 1000ACS Note Fast Configuration is a simple way to perform initial configurations on the Link1000ACS However using the Fast Configuration option will overwrite all previous configurations that were previously configured on the Link1000ACS icXchange Dashboard ALEN Ken eat Fast Configuration Fast Configuration IP Configuration Wireless IP Address admin Save Configuration Logout im Monitor Management Wired Configuration Loopback 1 IP Address AP Group Configuration Group ID 3 1 to 1024 AP Hardware Type 17 1ICX250 DAP Indoor Dual Band Radio a n b g n Group ID 1 2 3 AP Hardware Type 21 ARC1000MAP Indoor Single Radio b g n 22 ARC2000MAP Indoor Dual Radio a n b g n 17 ICX250 DAP Indoor Dual Band Radio a n b g n Network Configuration SSID S
66. eps to disable the proxy server 1 In Internet Explorer select Tools and then select Internet Options to open the Internet Options window 2 Select Connections in the Internet Options window and then click LAN Settings to open the Local Area Network LAN Settings dialog box as shown in Figure 1 6 Local Area Network LAN Settings Automatic configuration Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration W Automatically detect settings I Use automatic configuration script Proxy server A Use proxy server for your LAN These settings will not apply to dial up or VPN connections Bypass proxy server for local addresses OK I lane Figure 1 6 Local area network LAN settings 3 Ensure that Use a proxy server for vour LAN is not selected Otherwise clear the selection and then click OK VL am Vo O Isle Wireless Web Interface User s Manual 4 ZN es 1 2 Web interface introduction 1 2 1 Log in to the Link1000ACS Open the Web browser type the IP address 192 168 1 1 in the address bar and press ENTER to open the login page for the Link1000ACS Type the username and password the default username is admin and the password is admin click Login or press ENTER to open the Web Configuration page The figure is shown as follows icXchange Link1000ACS User name Password Login
67. erface User s Manual 116 21 4 Firmware update Click Manage gt Firmware update to upgrade the switch by using TFTP or FTP service as shown in the following Switch basic configuration SNMP configuration SSH management ice TFTP service TFTP client service Firmware update FTP service TFTP server service Telnet server confisuration Maintenance and debugging command 1 TFTP service includes e TFTP client service configures the TFTP client e TFTP server service configures the TFTP server Switch basic configuration SNMP configuration 55H management TFTP service Firmware update FTP service FTP client service Telnet server configuration FTP server service Maintenance and debugging command 2 FTP service includes FTP client service configures the FTP client e FTP server service configures the FTP server FA GN GS ibob Wireless Web Interface User s Manual 117 SIMPLE COMMUNICATION dd ra cq 21 4 1 TFTP client service Click Manage gt Firmware update gt TFTP service gt TFTP client service to open the configuration page IFTP chent service erver IP address 192 168 1 10 me nosimi e Server IP address the IP address of the TFTP server e Local file name destination file name the range is from 1 to 100 characters e Server file name source file name the range is from 1 to 100 characters e Operation type includes Upload and Download e
68. es Maximum Managed APs 16 S N WL006510D 709000028 Version 7 0 3 5 R0132 0019 The information in the figure is as follows e Name the name of the Link1000AGS is Link1000ACS e IP Address the wireless address of the Link1000ACS is 192 168 1 1 e MAC Address the MAC address of the Link1000ACS is f8 f7 d3 2c fe 24 e System Uptime the normal running time 1 day 4 hours and 2 minutes e Maximum Managed APs 16 e S N WLD006510D709000028 e Version 7 0 3 0 R0041 0019 e click to refresh the information Wireless Web Interface User s Manual 10 2 2 Managed access point Managed AP shows the MAC Address Location IP Address Profile Software Version Status Configuration Status and Age Poor Managed Location IP Address Profile Software Version Status Configuration Status Age f8 f7 d3 00 03 60 192 168 1 11 1 Default 2 0 4 10 managed success 0d 00 00 03 f8 f7 d3 00 03 c0 192 168 1 13 1 Default 2 0 10 1 managed success 0d 00 00 03 e MAC Address AP s MAC address e Location location of AP e IP Address IP address of AP e Profile profile that the AP belongs to e Software Version version of AP e Status AP s current management status e Configuration Status AP s current configuration status e Age AP keep alive age will only increment on AP failure Click the AP s MAG address to access the Detailed AP List page 2 3 Device info Device Info displays the total number of managed APs and authenticated cli
69. ess Operation 21 1 4 Basic configuration Click Management gt Switch Basic Configuration gt Basic Configuration to configure the clock switch name and exec timeout auto timeout for management 1 Basic clock configuration configures the system date and time Example Type the HH MM SS as 10 00 00 and configure the YYYY MM DD as 2013 05 25 Click Apply to complete the configuration 2 Configure exec timeout Example Type the Timeout Minute as 6 and the Timeout Second as 6 and then click Apply to configure a six minute and six second timeout for exec commands Configure exec timeout Wireless Web Interface User s Manual 105 3 Switch name configuration Example Type the Switch Name as Switch and click Apply to configure a switch name Switch name configuration Operation Configuration or Default 21 1 5 Save current running configuration Click Management gt Switch Basic Configuration gt Save current running configuration to save the current configuration 1 Save current running configuration click Apply to save the current configuration The Save current running configuration message will display as follows Save current running configuration successful 2 Save current configuration before reboot select Yes or No Click Apply Save current configuration before reboot Yes Yes Appr Wireless Web Interface User s Manual 106 3 Reboot w
70. etwork to configure or create a new network Click WLAN Configuration gt Networks and choose a network For example modify the SSID of network 8 as wlan Bo 5 2 Configure authentication mode The network includes multiple authentication modes Authentication Mode VLAN Static WEP 14094 WEP 802 1x MAC Authentication Mode WPA Personal WPA Enterprise 5 2 1 Open authentication mode None sets the authentication mode as open The corresponding command is security mode none meaning the username and password are not needed to associate with the network and the authentication will be successful 5 2 2 Static WEP authentication mode Static WEP sets the authentication mode as security mode static wep The WEP key is needed when connecting to the network The WEP authentication mode includes open system and shared key The WEP key type includes ASCII and HEX The length includes 64 bit and 128 bit security JD mm mm D Ilol Wireless Web Interface User s Manual 21 ZN wy om my Example Select the Authentication as Open System the WEP Key Type as ASCII and the Length as 64 Type the WEP Key as 12345 The figure is as follows Authentication Mode Static WEP x Authentication Open System Shared Key WEP Key Type S ASCII HEX WEP Key Length bits 64 1278 WEP Keys Characters required 5 1 112345 5 2 3 WEP 802 1x WEP 802 1x sets the configuration as security mode wep dot1x This authentica
71. fic to flow correctly across the NAT setup Click Wired Configuration gt Route Configuration gt Static route configuration Example In this example the next hop IP address 192 168 1 2 is used based on the controller IP address of 192 168 1 1 Type 0 0 0 0 in the Destination IP address field 0 0 0 0 in the Network mask or prefix length field and 192 168 1 2 in the Nexthop or Interface null0 field Select Operation type Add and click Apply tatc IP route configuration Destination IP address 0 0 0 0 Network mask or prefix length 0 0 0 0 Nexthop or Interface nullo 192 168 1 2 Preference optional The AP will provision within 90 seconds The status of the AP can be viewed in the Dashboard or on the Provisioning page Click Save Configuration on the top of the page to save your configurations on the Link1000ACS JD mm mm Fy Asle Wireless Web Interface User s Manual 47 ZN wy om my Chapter 11 WIDS security Click WLAN Configuration gt WIDS Security to open the WIDS Security page which includes three modules WIDS AP Configuration WIDS Client Configuration and Known Client Every module occupies one rectangular box and they can be used to configure the WIDS AP configuration WIDS client configuration and black and white list admin Save Configuration Dashboard BUENE re M WIDS AP Configuration Rogue AP detection configuration Administrator configured rogue AP Enable Managed S510 from an unknown AP Managed SSID
72. ges before switching the radio Example Select the Enable check box and then select the Radio Mode as IEEE 802 11b g n Select the RF Scan Mode as Active the Radio Channel Bandwidth as 20 MHz the supported radio rates and select the check box for the eligible radio channels Click OK to generate the created or modified AP group amp 1 802 11b g n 2 802 11a n ieee eozttoign fr Active Sentry Radio Channel Bandwidth 20mkz e Supported Channels 1 2 13 14 15 16 7 18 9 140 11 12 13 Auto Eligible Jens Mm MM M mM A 6 12 18 24 36 48 54 Apaapa 8 ESS AA Radio Mode the user can select IEEE 802 11b g n IEEE 802 11b g 2 4GHz IEEE 802 11n IEEE802 11b or IEEE 802 11g in radio 1 The user can select IEEE 802 11a n IEEE 802 11a or 5GHz IEEE 802 11n in radio 2 RF Scan Mode includes Active and Sentry modes Radio Channel Bandwidth includes three modes 20MHz 40MHz and 20 40MHz can be selected Auto Eligible shows the channels that the AP can choose when implementing auto channel adjustment Rate Sets Mbps the user can select the basic and supported rates through the check boxes 6 1 4 VAP VAP configures the networks used by all APs in the AP group Select the Status check box next to the VAP that needs to be enabled and then select the network name Click Edit to configure the network detailed in Chapter 5 Networks Click OK Wireless Web Interface User s Manual 29
73. h Telnet and SSH Note The corresponding user authentication method can be configured for Console VTY and Web respectively The authentication method can be selected as any combination of Local Radius and Tacacs When adopting the combination authentication methods the priority of authentication method 1 is highest and then falls in descending order If the authentication method with higher priority is successful the user will be allowed to log in with those credentials and the subsequent authentication methods will be ignored Login user authentication method configuration kognmetnet fv Authentication method1 p Authentication method Local e Authentication methods Tacacs e Authentication method4 Ldap 21 1 3 Login user security IP management Click Management gt Switch Basic Configuration gt Login User Security IP Management to configure the security IP address used by Telnet and HTTP methods Prior to configuring the security IP address the IP addresses for logging into the switch is not limited After configuring only a user originating from a security IP address can log in to the switch for configuration Up to 32 security IP addresses can be configured Login User Security IP Set Security IP address 1 Wireless Web Interface User s Manual 104 Example Type 192 168 1 21 as the Security IP address and click Apply to complete the configuration Login User Securty IP Set ecurity IP addr
74. has the authentication history it displays the information as follows Detected Client s Pre Authentication History MAC Address AP Mac Address VAP MAC Address SSID Time Since Event User Name Pre Authentication Status Clean History 20 3 4 4 Detected client s triangulation The client s approximate location can be detected by the access point AP by relative signal strength The table of the AP s signal strength is reported as follows Detected Client s Triangulation AP Mode AP Mac Address Radio RSSI Signal Strength dBm Noise Level dBm Time Since Entry Last Updated 65 95 No Sentry 00 03 0f 20 da e0 1 30 0d 00 00 14 No Sentry 00 03 0f 20 de a0 1 29 66 95 0d 00 00 24 20 3 4 5 Detected client s roam history The Detected Client s Roam History can display the roam history of the client that is being associated or that had been associated but is not associated now The following figure shows the roam history of the client whose MAC is 00 1f 3c 18 f9 c8 Detected Client s Roam History MAC Address AP Mac Address VAP MAC Address SSID Age O0 1f 3c 16 f9 c f8 f7 d3 00 03 c0 1 f8 f7 d3 00 03 c0 Network1 Roaming 0d 00 01 14 The AP MAC is one of the current APs that the client has roamed to Wireless Web Interface User s Manual 97 ZN wy om my gt DO CLL CC 20 4 RF scan Click Monitor gt RF Scan to open the RF Scan page It includes AP RF scan status and client dynamic blacklist 20 4 1 AP RF scan
75. he user who passes the ID authentication can access the corresponding subnet It can prevent users without appropriate permissions from accessing this network Example Type the name of the network in the SSID box such as Network1 Select None for Security Click Submit Network Confisuration SSID Network1 Security None WEP D WPA WPA2 Wireless Web Interface User s Manual 13 hm JJ 3 3 2 Security Security can configure the access control of the security authentication The methods of authentication include Static WEP WEP IEEE802 1x WPA WPA2 Personal and WPA WPA2 Enterprise 3 3 2 1 WEP mode Select WEP to access the quick WEP authentication configuration Under WEP there are two types of modes Static WEP and WEP IEEE802 1x Static WEP has the same configuration as WLAN Configuration gt Network Config detailed in Chapter 5 Networks Select WEP IEEE802 1x to configure it Example Type the Radius Group Name as radius Type the Authentication Host Address and Accounting Host Address as 192 168 1 100 Enter the Radius Server Key that corresponds to the Key set on the configured radius server and then click Submit Note Only the RADIUS authentication and accounting server without configuration can be configured in Fast Configuration If they were already configured they cannot be deleted or modified in the configuration detailed in Chapter 7 Security authentication Network Configuration SSID Netw
76. heir own certificates thereby reducing the risk of unauthorized system access For any configurations discussed in the following subsections SSH must be started as described in this section If SSH is not started the user may receive the message to Start SSH first before continuing the requested configuration Click Management gt SSH management to configure the SSH function Note Enable the SSH prior to configuring Select Switch on off SSH as Open and then click Apply Switch basic configuration SNMP configuration Switch on off SSH fn l gt 55H management SSH management Firmware update Telnet server configuration Maintenance and debugging command 21 3 1 Switch on off SSH Click Management gt SSH management gt Switch on off SSH to open or close the SSH function Switch on off SSH witch on off SSH Wireless Web Interface User s Manual 115 ete 21 3 2 SSH management Click Management gt SSH management gt SSH management to configure SSH timeout management and SSH reauthentication management and to create SSH RSA key SSH timeout mana T E SSH timeout Operation Configuration r SSH timeout management configures SSH timeout management the range is from 10 to 600 seconds and the default value is 180 seconds SSH reauthentication management 3 SSH RSA key the algorithm for the host key the range is from 768 to 2048 and the default value is 1024 Wireless Web Int
77. i v AP is operating on an illegal channel Standalone AP with unexpected configuration Di v Unexpected WDS device detected on network Di Unmanaged AP detected on wired network i v Administrator configured rogue SSID Wired Network Detection Interval 1 3600 seconds 0 Disable Rogue Detected Trap Interval If there are rogue APs in the network the AC sends a trap periodically Rogue Detected Trap Interval 60 3600 seconds 0 Disable 300 AP De Authentication Attack Once AP De Authentication Attack is enabled the rogue APs will be added to AP De Authentication List and countered by managed AP AP De Authentication Attack Disable v AP De Authentication Attack Lifetime 60 3600 seconds 600 sate e Administrator configured rogue AP enables the rogue AP detection configured by the administrator e Managed SSID from a fake managed AP enables or disables the illegal vendor file detection in Beacon frame e Fake managed AP on an invalid channel enables or disables detection of the managed AP s Beacon frame received from the invalid channel e Invalid SSID from a managed AP enables or disables detection of managed APs sending an invalid SSID e Stand alone AP with unexpected configuration enables or disables the detection of stand alone AP with unexpected configuration e Unmanaged AP detected on wired network enables or disables detection of unmanaged AP accessing the wired ne
78. iated Client s QoS Status GS Actual ORADIUS Cached Client QoS Operational Status enable Bandwidth Limit Down 0 Bandwidth Limit Up 0 Access Control Down 0 Access Control Up 1 Diffserv Policy Down Diffserv Policy Up ive Wireless Web Interface User s Manual 94 SIMPLE COMMUNICATION 20 3 2 3 Associated client s neighbor AP status The Associated Client s Neighbor AP is the neighbor AP that the client scanned including the associated AP This client only scanned the AP associated with itself but did not scan the other AP Associated Client s Neighbor AP Status AP Mac Address Location Radio Discovery Reason f8 f7 d3 00 03 60 1 802 11b g n Assoc this AP RF f8 f7 d3 00 03 60 2 802 11a n Assoc this AP RF 20 3 3 Detected client list The Detected Client List includes the client associated with AP and the scanned client The detected client list is as follows Detected Client List MAC Address Client Status Time Since Entry Last Updated Create Time 00 12 f0 2f ce c2 Detected 0d 00 00 19 0d 00 26 52 00 1c df a6 41 b2 Detected 0d 00 00 19 0d 00 24 42 00 1c df a6 88 1b Detected 0d 00 23 37 0d 00 24 42 00 1 f 3c 04 8c 91 Detected 0d 00 03 12 0d 00 19 36 00 1f 3c 18 f9 c8 Authenticated 0d 00 00 01 0d 00 26 52 Adknowledge Acknowledge Al Rogues Select one client and then click View Detail to view the client detail status Select one client and then click Delete to delete this client Click Delete All to dele
79. ient is rogue click Acknowledge to clear this client 20 3 4 2 WIDS client s rogue classification For the selected clients WIDS Client s Rogue Classification can display the rogue classification status of this client as shown in the following figure Condition Reporting Radio t Test Time Since Time Since Detected MAC Address Config Result First Report Last Report Client notin Known Client Database false 00 00 00 00 00 000 Disable 0d 02 15 19 0d 02 15 19 Client exceeds configured rate for auth msgs false f f7 d3 00 03 60 1 Enable 0d 02 15 19 0d 01 35 29 Client exceeds configured rate for probe msgs false f8 f7 d3 00 03 60 1 Enable 0d 02 15 19 0d 01 35 29 Client exceeds configured rate for de auth msgs false f8 f7 d3 00 03 60 1 Enable 0d 02 15 19 0d 01 35 29 Client exceeds max failing authentications false f f7 d3 00 03 60 1 Enable 0d 02 15 19 0d 01 35 29 12 AD am mm ZC rita Wireless Web Interface User s Manual 96 SIMPLE COMMUNICATION DS e Test Description detail WIDS client s rogue classification e Condition Detected false indicates that this item does not meet the rogue detection condition true indicates that this rogue detection is founded and it is the rogue client e Reporting MAC Address indicates the AP that reports the information If the MAC address is all Os no AP reports the client s test item 20 3 4 3 Detected client s pre authentication history If the detected client
80. iew detailed information AP RF Scan Detail 1e47 09 00 0060 f8 f7 d3 00 03 60 BSSID f8 f7 d3 00 03 60 Guest Network Physical Mode 802 11b g n 6 Security Mode Managed 802 11n Mode Initial Status Unknown Beacon Interval msecs Transmit Rate 1 Mbps Highest Supported Rate WIDS Rogue AP Mitigation Not Required Peer Managed AP Locally managed Age 0d 00 55 17 Ad hoc Network Not Ad Hoc Discovered Age 0d 02 23 36 OU Description International Communications Corporation e MAC Address the MAC address of the scanned AP e BSSID the MAC address of the associated VAP e SSID name of the network in use by the AP e Physical Mode the 802 11 mode in use by the AP e Channel the transmission channel in use by the AP e Security Mode the security scheme used by the AP Includes Open WEP and WPA authentication e Status if the AP is managed or failed on the Link1000ACS e 802 11n Mode the current transmission mode of the AP Initial Status the status when the access point was initially detected e Beacon Interval the current beacon interval assigned in the AP configuration e Transmit Rate the current transmission rate of the AP Highest Supported Rate the highest supported transmission rate as assigned in the AP configuration e WIDS Rogue AP Mitigation shows if the mitigation for the rogue AP is enabled disabled e Peer Managed AP the peer managed AP as assigned in the AP configuration e
81. iguration gt AP Group Management to find the group ID AP profile to be bound to the load balance and then click Modify admin Save Configuration icXchange Dashboard BANEN Kea nesler i Management Wired Configuration AP Groups This table lists basic information for all AP groups Click New to create more AP groups or click Modify to change settings for existing AP Click Copy to copy the configuration to a new AP group Click Apply to apply the information to all APs in the AP group i ID Group Name Hardware Type Operation AP Group Management es 1 Default 21 ARC1000MAP Indoor Single haana b g n sedi Copy Apply O 2 Default 22 ARC2000MAP Indoor Dual Radio a n b g n Modify Copy Apply O 3 Default 17 ICX250 DAP Indoor Dual Band Radio a n b g n Modify Copy Apply NOW Delete Scroll down to Load Balance Template and select the template ID created previously from the drop down list Click Save to save the modification After modifying click Apply to the right of that group ID to issue the parameters to one or more APs in this group 15 3 Delete load balance template Select one or more templates from the list in the Load Balance page and then click Delete The template that is bound by the AP group cannot be deleted Release the association with the AP on the AP Group Management page and then click Delete Note Template 1 cannot be deleted Wireless Web Interface User s Manual 69 IN E wy om my i
82. igure each of the options to be pushed and configure to push 13 1 Configuration push Configuration Push displays the IP address of the Link1000AGSs in the cluster One Link1000ACS can be selected to run the Configuration Push clicking All Push can update all ACs in the current cluster Configuration Push pAddr 22 2 2 2 IP Address is for the peer switch the configuration can be pushed to these two switches If there is no other switch in the cluster the IP Address bar is empty In this scenario Configuration Push cannot be run Configuration Push IP Address 13 2 Configuration push option Configuration Push Option is used to configure the configuration transferred by Configuration Push Every option is hidden as default Click Configuration Push Option to open it and click Hide Push Option to hide the status Wireless Web Interface User s Manual 61 ZN wy om my After opening the Configuration Push Option select Enable or Disable for each option Configuration Push Option LE Enable z Enable Enable Enable Click Submit and the configuration will be saved Wireless Web Interface User s Manual 62 OI MI yyy Chapter 14 AP image upgrade 14 1 AP manual upgrade configuration In AP Manual Upgrade Configuration the controller loads an AP firmware version file directly to single or multiple APs to perform firmware updates The Table for AP Hardware Type Supports AP Imag
83. ireless Web Interface User s Manual 89 20 2 2 5 VAP VAP details include VAP ID VAP Mode BSSID SSID and Client Authentications as shown in the following figure BS5ID 551D Client Authentications f8 f7 d3 00 03 60 Guest Network f8 f7 d3 00 03 61 Managed SSID 2 f8 f7 d3 00 03 62 Managed 55ID 3 f8 f7 d3 00 03 63 Managed 5510 4 f8 f7 d3 00 03 64 Managed SSID 5 1234 20 2 2 6 VAP TSPEC Select the VAP ID list to view the corresponding TSPEC status of VAP as shown in the following figure Number of Traffic Stream Clients Number of Traffic Stream Roaming Clients 0 Medium Time Admitted Medium Time Unallocated Medium Time Roaming Unallocated 20 2 2 7 Distributed tunneling status Distributed Tunneling Status includes Clients using AP as home Multicast Replications Clients using AP as Associate VLAN with Max Multicast Replications and Distributed Tunnels including Home AP terminal and Association AP terminal Distributed Tunneling Status Clients using AP as Home Multicast Replications 0 Clients using AP as Associate VLAN with Max Multicast Replications 0 Distributed Tunnels Wireless Web Interface User s Manual 90 20 2 3 Failure AP list The Failure AP List shows the failed authentication AP details If the Link1000ACS is the cluster controller the failed authentication AP information of the other Link1000AGS in the cluster will also be shown To distinguish there is an asterisk before the failed auth
84. is from 1 to 32 characters SNMP group the group name that the user belongs to range is from 1 to 32 characters Security level the encryption level of the current user noAuthNoPriv for no authentication and no privacy AuthNoPriv for authentication but no privacy AuthPriv for authentication and privacy Authentication protocol configures the used algorithm MD5 or SHA Authentication password the authentication password of the current user range is from 8 to 32 characters Privacy protocol uses the DES for packet privacy This can only be configured when the security level is selected as AuthPriv Privacy Password password as configured on SNMP authorization server IPv4 access control list control list defined in Wired Configuration gt ACL Configuration gt Name ACL IPV6 access control list control list defined in Wired Configuration gt IPv6 ACL Configuration gt IPv6 name access list configuration Operation includes Add or Delete Wireless Web Interface User s Manual 108 Example Type the SNMP username as tester and the SNMP group as UserGroup Select the Security level as authPriv and the Authentication protocol as MD5 Type the Authentication password as hellohello Select the Privacy protocol as DES and select the operation as Add Click Apply oe Authentication protocol Authentication password fhellohello ma z Privacy password T IPv4 access control list ecl ipve IPv6 access control
85. ith the default configuration click Apply to clear all the current configurations in the switch and restart the switch to factory default Reboot with the default co nfig L ratio n 21 2 SNMP configuration Click Management gt SNMP Configuration to configure the SNMP function Note Prior to configuration SNMP must be enabled Configure the SNMP management as Open and then click Apply pe Car i i T 1 1 i gt Switch basic configuration CHNP authentication SNMP configuration SNMP management rc x SSH management Community managers Firmware update Configure snmp manager security IP Telnet server configuration SNMP statistics 21 2 1 SNMP Authentication Click Management gt SNMP Configuration gt SNMP Authentication to configure the SNMPv3 including Users Groups Views and SNMP engineid configuration The figure is as follows Switch basic configuration SNMP authentication Users VAA z SNMP configuration SNMP management Groups SSH management i gt sem Community managers Vie WS Firmware update Configure snmp manager security IP en er SNMP engineid configuration Telnet server configuration SNMP statistics Maintenance and debugging command A GN GO ibob Wireless Web Interface User s Manual 107 SIMPLE COMMUNICATION 21 2 1 1 Users Click Management gt SNMP Configuration gt SNMP Authentication gt Users to add or delete SNMPv3 users SNMP username the username range
86. k1000ACS show memory usage he memory total 1024 MB free 866361344 bytes usage is 19 31 4 Show the flash file as follows Information feedback window 46 default license lic 245 dh1024 pem dh512 pem 14 6M nos img 24 portal locale cfg 3 0K Startup cig 2 45 test 0 wlan pem 245 wsdhl024 pem 156 wsdh512 pem 926 w33sl2 cert pem 512 w33l2 key pem Drive flash Size 26 5M Used 14 7M Available 11 8M Use 55 AN Abs i Wireless Web Interface User s Manual 126 Regulatory and compliance The icXchange Link1000ACS must be installed and used in strict accordance with the manufacturer s instructions as described in the user documentation that comes with the product This product contains encryption It is unlawful to export out of the United States without obtaining a U S Export License This product does not contain any user serviceable components Any unauthorized product changes or modifications will invalidate ICC s warranty and all applicable regulatory certifications and approvals Only antennas specified for your region by ICC can be used with this product The use of external amplifiers or non ICC antennas may invalidate regulatory certifications and approvals Declaration of ROHS compliance International Communications Corporation hereby declares that the product icXchange Link1000ACS access controller has been designed and manufactured in accordance with Directive 2002 95 EC of the European Commission
87. logs Di Wireless Attack Syslogs Disable After configuring click Submit to save the configuration Users can view the configured wireless syslog on the syslog server 19 2 2 Captive portal syslog configuration On the Captive Portal Syslog Configuration page select to enable or disable each option of the captive portal syslog Captive Portal Syslog Configuration Client Authentication Failure Syslogs Disable Client Connection Syslogs Client Database Full Syslogs Disable Client Disconnection Syslogs After configuring click Submit to save the configuration Users can view the enabled captive portal syslog on the syslog server Wireless Web Interface User s Manual 77 ZN wy om my i ws MR Chapter 20 Monitor Click Monitor to view and monitor the AC AP Wireless Client and RF Scan admin Save Configuration _ icXchange Dashboard WLAN Configuration EO 20 1 AC Click Monitor gt Link1000ACS to open the Link1000ACS Monitor page to monitor the cluster and status statistics icc SIMPLE COMMUNICATION DS Wireless Global Status Statistics AC Operational Status Enable Peer Switch Number 1 Cluster Controller Yes Total AP Managed AP Discovered AP Connection Failed AP Maximum Managed AP in Peer Group Rogue AP 0 Standalone AP 0 Unknown AP 11 Maximum Pre authentication History Entries 500 Maximum Roam History Entries 500 AP Provisioning Count 2 RRM
88. me source file name range is from 1 to 100 characters e Operation type includes Upload and Download e Transmission type ascii uses ASCII to transmit the file binary uses binary to transmit the file Example Retrieve the system file whose local file name is nos img and server file name is nos img from the IP address of 192 168 1 100 from the FTP server The FTP user name and password are admin Click Apply The configuration is as follows FIP client service Server IP address 1192 158 1 100 EG Ap pT Wireless Web Interface User s Manual 120 21 4 4 FTP server service Click Manage gt Firmware update gt FTP service gt FTP server service to open the configuration page It includes the FTP server service and FTP user name as well as password setting The glossary in FTP server service is below e FTP server state the server state which includes Open and Close e FTP Timeout range is from 5 to 3600 seconds e Operation includes Configuration and Default The glossary in FTP user name and password setting is as follows e User name the user name range is from 1 to 32 characters e Password the appointed password range is from 1 to 16 characters e State the password showing includes plain text and encrypted text The plain text means that the content will be shown the encrypted text means that the content will not be shown directly e Operation includes Add and Delete Example 1 Sele
89. n remote office environments for enterprise deployments and in multi client environments for managed service provider deployments For example the Link1000ACS can be located in the one central location or Network Operations Center and communicate with icXchange access points in remote locations The icXchange solution essentially virtualizes the Internet cloud as a direct link to devices The Link1000ACS can support up to 132 icXchange access points over NAT configurations and each icXchange access point has the capability to configure up to three Link1000ACS controllers as backups for redundancy in case the master controller is inaccessible for any reason The NAT AP Provisioning diagram below displays a typical network topological layout of an access point provisioning over a NAT based environment Here both the icXchange access points and the Link1000ACS controller are both behind NAT based firewalls utilizing private IP addresses NAT AP Provisioning gt Router with DHCP activeSOOEM Wireless Web Interface User s Manual 44 10 1 NAT provisioning configuration Both the icXchange APs and the Link1000ACS access controller must be configured to complete the NAT configuration 10 1 1 NAT ports The Link1000ACS and associated access points use TCP ports 57776 57779 to communicate over NAT Set a policy on your NAT firewalls gateways and or routers to open TCP ports 57776 57779 to all associated icXchange devi
90. naged Success 0d 00 00 02 f8 f7 d3 00 03 c0 192 168 1 131 Default 2 0 10 1 Managed Success 0d 00 00 01 Example 1 Select the Failed Managed AP and then click Delete to delete it 2 Select MAC Address Peer Managed and then click Delete to delete all failed managed APs 20 2 2 AP detail Click View Detail on the Monitor gt AP page to view the AP detail that includes Managed AP Status Radio Detail Neighbor APs Neighbor Clients VAP VAP TSPEC and Distributed Tunneling Status Click View Detail again or click Cancel to exit the AP Detail page Wireless Web Interface User s Manual 86 20 2 2 1 Managed AP status From the Managed AP MAC Address list select the MAC address and view the corresponding AP status detail The Managed AP Status includes IP Address Managing AC Status Configuration Status Authenticated Clients CPU Usage TSPEC Status etc Managed AP Status Managed AP Status 18 17 62 00 02 60 IP Address 192 168 1 11 Managing AC IP Subnet Mask 255 255 255 0 AC MAC Address Status Managed AC IP Address Software Version 2 0 4 10 AP Group Code Download Status Not Started Discovery Reason Configuration Status Success Protocol Version Vendor ID International Communications Corporation Authenticated Clients Hardware Type 22 ARCZ000MAF Indoor Dual Band Radio 802 11N System Up Time Serial Number 13150505 ge CPU Type AR9344 533 CPU Usage 55 CPU Usage 305 8 CPU Usage 5min Memory Size
91. nd then click Submit MAC Authentication Mode White lst Wireless Web Interface User s Manual 53 11 3 2 Black white list configuration Go to the black white list configuration section under the Known Client module to type the client MAC Description and Authentication Action and then click Add 00 00 00 00 00 01 MAC client MAC Description client description information e Authentication action includes Global Action Grant Action and Deny Action When the authentication action is configured as Grant Action or Deny Action the client will be granted or denied authentication regardless of black list or white list mode Only when the action is configured as Global Action will the MAC authentication mode be effective It will be denied in the black list but granted in the white list Example 1 Type the client MAC as 00 00 00 00 00 01 and type the Description as abcd Select the Authentication Action as Grant Access and then click Add 2 Select the added black or white list and then click Delete Select the MAC check box and then click Delete 3 Click Modify to update the client Description and Authentication Action Click Submit Note The MAC address cannot be modified Known Client MAC Authentication Mode Black list MAC i Authentication Action E 00 00 00 00 00 01 Global Action MAC 00 00 00 00 00 01 Description abcd Authentication Action Global Action Submit Delete
92. nt name The name of the user s login account Admin will be displayed if the user is logged in under an admin account user can create multiple login accounts with various privilege levels as discussed in Chapter 21 e Save Configuration Click Save Configuration to retain the running configuration This saved configuration will be used by the Link1000AGS after a reboot e Logout Click Logout to exit the current configuration session Users can check the connected configuration interface function with each menu option as noted in the following table AD mn am D Abs i Wireless Web Interface User s Manual 6 ZN wy om my Menu Page Ypagerunoton Dashboard A WLAN configuration FastConfiguraton O O OOOO System Configuration MM News MM AP Group Management 0 Security Authentication MM Discovery S Provisioning WIDS Security Captive Portal Advanced Configuration Configuration Push AP Image Upgrade Load Balance Data Transfer Time Limit Policy Organization Unique Identifier OUI Trap and Syslog Monitor AG KE Wireless Client Resa OOOO C C Wireless Web Interface User s Manual 7 Menu Page CC Page Function Management Switch Basic Configuration Login User Configuration Login User Authentication Method Configuration Login User Security IP Management Basic Configuration Save Current Running Configuration SNMP Authentication SNM
93. nventions Table 0 1 Text conventions Description S O Emphasizes information to improve product use IMPORTANT Indicates important information or instructions that must be followed A CAUTION Indicates how to avoid equipment damage or faulty application Issues warnings to avoid personal injury Below is a listing of safety precautions and definitions Table 0 2 Safety precautions Description Before working on this equipment be aware of good safety practices and the hazards involved with electrical circuits To reduce risk of fire hazard and electric shock do not install the unit near a damp location To reduce the risk of fire use only number 26 AWG or larger UL Listed or CSA Certified telecommunication line cord for all network and telecommunication connections e Keep the product in a clean and dust free location Use only a soft damp cloth to clean the product e DO NOT expose the product to liquid or moisture e DO NOT expose the product to extreme temperatures JAA an am my DQ EE Wireless Web Interface User s Manual ii ZN w om gt PO LLL Table of contents Intended audience rrrarnnrnnnnnvnnnvnnvnnnnnnannnnnevnnnnnnnnnnnnnennnusnnsnnevuennnnnenenunenenn i Chapter 4 System configuration L 16 Documentation REN i 4 1 WLAN enable Lun 16 COM CLIN ONN NON eann eneen EENEN E E i 4 2 Auto IP assign MOE eceeceeeceseeeseessceseeaseesesereeeseesseeresaeseseentesaeees 17 CO REE EEE NE i 4 3 AP authen
94. ommunity Managers to configure the community string and Trap manager 1 Community managers configure the community string and access priority e Community string 1 to 255 characters configures the community string e Access priority includes Read only and Read and Write Example Type the Community string as public and select the Access priority as Read only Click Apply to complete the configuration as follows Community managers Access priority Read only 7 Operation Add Wireless Web Interface User s Manual 112 2 Trap manager configuration Click Management gt SNMP Configuration gt community managers to configure the community string and the IP address that receives the SNMP trap message e Trap receiver the IP address that receives the trap message e Community string 1 to 255 characters used to receive the trap message Version 1 2 or 3 e Security level If version is equal to 3 noAuthNoPriv authNoPriv or authPriv e Operation Add or Remove Example Type the Trap receiver as 192 168 1 100 Community string as trap Click Apply to complete the configuration as follows Trap recever 1921081100 Z l Security level C noAuthNoPriv n _ _ Wireless Web Interface User s Manual 113 h mmm hl 21 2 4 Configure SNMP manager security IP Click Management gt SNMP Configuration gt configure snmp manager security IP to configure the security IP that allows access to
95. onal Primary Authentication Server Click Add Radius Authentication Server Configuration rl Radius Authentication Server Configuration Authentication Server Port optional Primary Authentication Server 192 168 1 15 1812 yes server IP Address Authentication Server Port optional Primary Authentication Server The default Authentication Server Port is 1812 To delete the server select it and then click Delete Prior to deleting the last authentication server the Radius Authentication Server must be disabled Click Submit to save the configuration 7 1 3 Radius accounting server configuration Radius Accounting Configuration corresponds to the radius server accounting host command and can configure the accounting server s address Example Configure the Accounting Server IP as 192 168 1 32 If the Authentication Server Port field is empty the value is set to the default value Select the Primary Accounting Server check box as shown in the following figure Radius Accounting Server Configuration E Radius Accounting Server Configuration Accounting Server Port optional Primary Accounting Server Accounting Server IP 192 168 1 32 Accounting Server Port optional Primary Accounting Server Wireless Web Interface User s Manual 35 Click Add Radius Accounting Server Configuration Radius Accounting Server Configuration Accounting Server Port optional Primary Accounting Server 192 168 1 32 1813 yes Accounting
96. ooklet is available from the US Government Printing Office Washington DC 20402 Stock No 004 000 0034504 ICC is not responsible for any radio or television interference caused by unauthorized modification of the devices included with this ICC Wireless 11b g PoE Access Point Model icXchange or the substitution or attachment of connecting cables and equipment other than specified by ICC The correction of interference caused by such unauthorized modification substitution or attachment will be the responsibility of the user Changes or modifications not expressly approved by ICC could void the user s authority to operate this equipment Manufacturers FCC declaration of conformity Model Number Link1000ACS International Communications Corporation Equipment Type Ethernet Switch Complies with Part 15 of the FCC rules Operation is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation Wireless Web Interface User s Manual 128 ZN wy om my Safety compliance notice This device has been tested and certified according to the following safety standards and is intended for use only in information technology equipment which has been tested to these or other equivalent standards e EN60950 1 e IEC 60950 1 e UL 60950 1 Wireless Web Interface User s Manual 129 he
97. ork1 Security None WEP WPA WPA2 Static WEP WEP IEEE802 1x Radius Configuration Radius Group Name radius Radius Authentication Host Address 192 168 1 1 00 Radius Accounting Host Address 192 168 1 100 Radius Server Key test Wireless Web Interface User s Manual 14 3 3 2 2 WPA WPA2 Select WPA WPA2 to configure the WPA WPA2 authentication There are two modes WPA Personal and WPA Enterprise Configuration for WPA personal is the same as WLAN Configuration gt Networks gt WPA Personal detailed in Chapter 5 Networks WPA Enterprise has the same configuration as WEP 802 1x Choose the WPA Enterprise button to enter into the configuration Example Type the Radius as radius Type the Authentication Host Address and Accounting Host Address as 192 168 1 100 Enter the Radius Server Key that corresponds to the Key set on the configured radius server and then click Submit Note Only the Radius authentication and billing server without configuration can be configured in Fast Configuration If they were already configured they cannot be deleted or modified in Fast Configuration detailed in Chapter 7 Security authentication Network Configuration SSID Security Radius Configuration Radius Group Name Radius Authentication Host Address Radius Accounting Host Address Radius Server Key Networki 3 None WEP WPA Personal amp WPA WPA2 amp WPA Enterprise
98. ot been updated in prior configurations 1 Type 1 in the Group ID field and from the AP Hardware Type dropdown select 22 for the ARC2000MAP and ARC3000MAP Dual Band Access Points or 21 for the ARC1000MAP Single Band Access Point Click Add to add the AP Group configuration Click Submit to save the configuration admin Save Configuration Logout icXchange rd EK Monitor Management Wired Configuration Fast Configuration Fast Configuration IP Configuration Wireless IP Address 192 168 1 1 Loopback 1 IP Address AP Group Configuration Group r lu to 1024 AP Hardware Type 22 ARC2000MAP Indoor Dual Radio a n b g n Group ID AP Hardware Type 1 0 Any Network Configuration SSID Guest Network Security None OWEP WPA WPA2 Wireless Web Interface User s Manual 46 2 Select WLAN configuration gt AP Group Management Click Modify on the group created in the previous step 3 Enter the AP s MAC address for example f8 f7 d3 00 03 60 and click Add Click OK AP Configuration Radiol Channel Power o 0 100 0 Auto AP MAC f8 f7 d3 00 03 60 Password Add Radio2 Channel Power o 0 100 0 Auto AP MAC Password Radiol Channel Power Radio2Z Channel Power Operation f8 f7 d3 00 03 60 Auto Auto Auto Auto Modify Delete 4 Select Provisioning from the left navigation bar to check the AP Provisioning status A static route may need to be created for the traf
99. reless Web Interface User s Manual 82 SIMPLE COMMUNICATION 20 1 2 Each AC status statistics Click Monitor gt AC to open the Link1000ACS Monitor page Scroll down to view Each AC Status Statistics Use the drop down box to access clustered ACs Infomation includes basic AC information AC statistics TSPEC status and TSPEC statistics It can monitor the Link1O000ACS status 20 1 2 1 AC selection list Each AC Status Statistics 192 168 1 1 7 Total AP Count Managed AP Discovered AP Connection Failed AP Maximum Managed AP WLAN Utilization WLAN Bytes Transmitted WLAN Bytes Received WLAN Bytes Transmit Dropped WLAN Bytes Receive Dropped TSPEC Status Total Voice Traffic Streams Total Video Traffic Streams TSPEC Statistics Access Category Total TSPEC Packets Received Total TSPEC Packets Transmitted Total TSPEC Bytes Received Total TSPEC Bytes Transmitted Total TSPECs Accepted Total TSPECs Rejected Total Roaming TSPECs Accepted Total Roaming TSPECs Rejected o 0905 0 0o0o0o Total Clients Authenticated Clients IP Address Cluster Priority Distributed Tunnel Clients AP Image Download Mode WLAN Packets Transmitted WLAN Packets Received WLAN Packets Transmit Dropped WLAN Packets Receive Dropped Total Traffic Stream Clients 0 0 192 168 1 1 1 0 Integrated Independent 0 0 0 0 0 Total Traffic Stream Roaming Clients 0 In the AC IP Address Selection list select the IP ad
100. ries Total Roam History Entries 0 AP Provisioning Count Maximum AP Provisioning Entries 512 RRM Channel Load History Entries Maximum Channel Load History Entries 100 20 1 1 4 Global Statistics The Global Statistics of the local Link1000ACS is shown as follows WLAN Bytes Transmitted 0 WLAN Packets Transmitted 0 WLAN Bytes Received 77672 WLAN Packets Received 200 WLAN Bytes Transmit Dropped 4971156 WLAN Packets Transmit Dropped 3888 WLAN Bytes Receive Dropped 0 WLAN Packets Receive Dropped 0 20 1 1 5 Distributed tunnel statistics The Distributed Tunnel Statistics of the local Link1000ACS is shown as follows Distributed Tunnel Packets Transmitted 0 Distributed Tunnel Roamed Clients 0 Distributed Tunnel Clients 0 Distributed Tunnel Client Denials 0 gt Abs i Wireless Web Interface User s Manual 81 A 20 1 1 6 TSPEC status The TSPEC Status of the Link1000ACS is shown as follows TSPEC Status Total Voice Traffic Streams 0 Total Traffic Stream Clients 0 Total Video Traffic Streams 0 Total Traffic Stream Roaming Clients 0 20 1 1 7 TSPEC Statistics The TSPEC Statistics of the Link1000ACS is shown as follows TSPEC Statistics Access Category Total TSPEC Packets Received Total TSPEC Packets Transmitted Total TSPEC Bytes Received Total TSPEC Bytes Transmitted Total TSPECs Accepted Total TSPECs Rejected Total Roaming TSPECs Accepted Total Traffic Stream Roaming Clients _ a gt ita b Wi
101. rtal authentication type Captive Portal Authentication Type includes an external and internal portal Select Internal Portal or External Portal to choose the captive portal authentication type Authentication Type External Portal Internal Portal 12 3 Portal server configuration Portal Server Configuration will add or delete the portal Server Name IP Address Port and Server Key e Server Name the name of the appointed portal server IP Address the portal server s IP address e Port the port that is monitored when the portal server receives the packet must be configured according to the actual monitored port monitored port of DCSM is 50100 and is 2000 for CITY HOT e Server Key configures the portal server authentication key Example 1 Type the portal Server Name as wlan_portal the IP Address as 192 168 1 2 the Port as 7749 and the Server Key as test Click Add to complete the configuration 2 Select the portal server to be deleted and then click Delete 192 168 1 2 0 65535 Wireless Web Interface User s Manual 56 3 Click Modify to the right of the portal server of wlan portalto modify the IP Address Port and Server Key Note The Server Name cannot be modified Server Name IP Address Port Server Key wlan portal 192 168 1 2 7749 test wlan portal 192 168 1 2 7749 0 65535 et 12 4 Free resource configuration The Free Resource Configuration is a walled garden function
102. s that there is no bandwidth limit e Max Transmit Bytes configures the max bytes that the user allows to be sent The default value is 0 which means that there is no byte limit e Max Receive Bytes configures the max bytes that the user allows to be received The default value is 0 which means that there is no byte limit e Max Total Bytes configures the max bytes that the user allows to be sent and received The default value is 0 which means that there is no byte limit e Listen Packet Port configures the port that is listened to when portal server receives the packet Example 1 Click Add and type the Instance ID and Instance Name Enable the captive portal configuration and then select the Auth Mode and other parameters as needed Click OK to complete the captive portal configuration 2 Click Modify to modify the wlan_CP configuration Portal Server Configuration Server Name IP Address wlan CP 192 168 1 150 Server Name wlan CP IP Address 192 168 1 150 7749 0 65535 test 3 Select the added CP and click Delete to delete it Wireless Web Interface User s Manual 60 hett OI Chapter 13 Configuration push Click WLAN Configuration gt WLAN Advanced Configuration gt Configuration Push to open the Configuration Push page which includes two modules Configuration Push and Configuration Push Option The user can select the other Link1000ACSs in the cluster conf
103. security mode wpa enterprise It authenticates and accounts through the Radius server The cipher and WPA version in WPA enterprise are the same as in the cipher and WPA version in WPA personal However WPA enterprise requires Radius server authentication Prior to Radius server authentication users can pre authenticate Click Config Radius Server to enable it When the client associates in WPA Enterprise mode valid username and password are required through the Radius server Example Select the WPA Versions as WPA WPA2 and the WPA Ciphers as CCMP Type the Radius Authentication Server as wlan1 and type the Radius Accounting Server as wlan2 the detailed configuration is viewed in the security configuration The Bcast Key Refresh Rate and the Session Key Refresh Rate are the WPA enterprise authentication mode defaults Click OK Authentication Mode WPA Enterprise Config Radius Server WPA Versions WPAIWPA2 z WPA Ciphers ccme e Radius Authentication Server wlan1 Radius Accounting Mode Radius Accounting Server wlan2 Accounting Update Interval 300 60 3600 Pre Authentication Mode Pre Authentication Limit 0 0 192 Beast Key Refresh Rate 300 0 86400 Session Key Refresh Rate 0 30 86400 0 Disable Wireless Web Interface User s Manual 23 hm hl 5 3 Configure VLAN Type the VLAN ID in the VLAN box and then bind it to the network The VLAN ID field belongs to the
104. ser s Manual 42 9 3 Mutual authentication Mutual Authentication can be enabled to avoid the risk of an unknown device joining the cluster This function allows only devices with a certificate to pass authentication and join the cluster by issuing the X 509 certificate Example 1 Select the Mutual Authentication Mode check box and then click Submit to enable this mode Click Refresh to view the status of the last network mutual authentication Mutual Authentication When an AC or an AP has been added to the WLAN Mutual authentication offer security Mutual Authentication Mode Mutual Authentication Status Not Started Regenerate X 509 Certificate Regenerate X 509 Certificate Status Not in progress 2 Click Start to regenerate the X 509 certificate Click Refresh to view the process of the Link1000ACS authentication regeneration Note The certificate is only produced once the status will revert to Not Started after being produced Regenerate X 509 Certificate Regenerate X 509 Certificate Status Start Wireless Web Interface User s Manual 43 O G heel Chapter 10 Provisioning over NAT The icXchange solution can be deployed over a NAT environment NAT Network Address Translation or Network Address Translator is the translation of an Internet Protocol address used within one network to a different IP address known within another network This allows users to utilize the icXchange access point products i
105. should be entered Click OK to complete this configuration AP Image Type AP Image URL LJ 2 ftp admin password 19 168 1 10 upgrade_ _0_10_14 tar Add The following figure shows the TFTP configuration AP Image Type server Type IFIP Server Address 192 168 1 10 File Path nm File Name grade 2 0 10 14 tar Configure the Server Address and File Name If the file is in the server root directory it cannot be typed If it is not in the root directory the File Name should be entered Click OK to complete this configuration Operation tftp 192 168 1 10 upgrade 2 0 10 14 tar Modify To delete or modify a configured AP image URL select it and then click Delete or Modify Wireless Web Interface User s Manual 65 3 After configuring the AP Image URL configure the Group Size and Image Download Type Group Size 1 to 48 2 it Image Download Type Managed AP f8 f7 d3 00 15 a0 f8 f7 d3 00 1a 50 Group Size the number of simultaneous FTP or TFTP threads to update in the batch Image Download Type click the proper Image Download Type to upgrade the AP with the specific image type The Image Download Type drop down list includes none 1 5 and all images Image type will default to all images by clicking the Submit button e none will upgrade only one AP e all images will upgrade all types of images e other options will upgrade a specific type of image Click Submit to se
106. sible for all shipping charges and risk of loss from their location to ICC ICC is responsible for return shipping charges and risk of loss from ICC to customer s location WARRANTIES EXCLUSIVE IF AN ICC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE CUSTOMER S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION AT ICC S OPTION THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS EXPRESS OR IMPLIED EITHER IN FACT OR BY OPERATION OF LAW STATUTORY OR OTHERWISE INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE PRODUCTS ARE NOT WARRANTED TO OPERATE UNINTERRUPTED OR ERROR FREE ICC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE OR USE OF ITS PRODUCTS ICC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR IF IN ITS SOLE JUDGMENT THE ALLEGED DEFECT WAS CAUSED BY CUSTOMER S OR ANY THIRD PERSON S MISUSE NEGLECT IMPROPER INSTALLATION OR TESTING UNAUTHORIZED ATTEMPTS TO REPAIR OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE OR BY ACCIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY TO THE FULLEST EXTENT ALLOWED BY LAW WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE ICC SHALL NOT BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL O
107. sniru 21 1 2 3 Menu introduction rrrrnenrrnnrrrrrrnnnnvrnnnnnnonrnnnnnvnnnnnnsrennansnennnnnn 6 EE 1 2 4 Exiting the Web interface of the Link1000ACS minien 9 5 2 2 Static WEP authentication mode ccccsscceeeeeeseeeeeseees 21 VENN 22 Chapter 2 Dasibdarduunnnsamnnesenemsingdsene inindig 10 9 24 WPA Personal EE ENN 23 2 14 System WANG EEE 10 2220 WPA EMENI SE re 23 2 2 Managed access POINt cecccseseesecessececsesersecersecerserersatersarervaveneaten 11 M 24 29 Device WN cers artes rete gees ee cep EE 11 9 4 MAC authentication smsvsvsvrerevevervrrvrrrerererrnarrveverrrsasrvererensnnenennn 24 De UIE EN EE EEE 11 9 5 Portal INStance mnmmmmmneerrvrererrerereresersarenesererrenenesssrnresesesenvesenene 24 MO a a ene en I A E A nee 25 Chapter 3 Fast configuration Lappe eee 12 3 1 IP er a1 0 0 Log ae ee 12 Chapter GAP group NARgeNEavvvssoemenn 26 3 2 AP group configuration csvcsvrvvnvrnvrrvenvervenrrnrrvervenvenreneenervenverrervennn 13 6 1 Add modify delete AP group caryney aa Sai 26 3 3 Network configuration icssrsrvrrvrrvrrven ver venrrnenverven ven veneenerververrersennn 13 6 1 1 Normal attribute mnnnvrennerenerenverenvrrenvenenvesensesensesenresenenne 27 EE E E 13 6 1 2 AP configuration mmmsnsrnvnvererrrrrerrrrrrrnanenavareverarerererennnnn 27 eieo iaiT 14 OT RAO EE EE E 29 ita b Wireless Web Interface User s Manual iii SIMPLE COMMUNICATION SJENERT EN AN 29 SES
108. some users to let them connect to the network without portal authentiction Only the MAG authentication is needed to access all resources Click Captive Portal gt MAC Portal Configuration to add or delete the MAC address of the MAG portal user Example 1 Type the MAC Portal User MAC as 20 7c 8f 7c 8f 64 and then click Add 2 Select the MAC portal user MAC to be deleted and then click Delete MAC Portal User Mac 20 c 8f c 8f 64 MAC Portal User Mac Wireless Web Interface User s Manual 58 12 6 Portal instance configuration Portal Instance Configuration e Instance ID configures the Captive Portal ID ranges from 1 to 10 The a system supports 10 CP configurations at most 1 e Instance Name appoint a CP name e Protocol Mode the protocol mode that the CP supports It includes gror HTTP and HTTPS icati Hr sn e Authentication Method includes authentication based on MAC and Es DR GE ve authentication based on MAG and IP Radius Auth Server Group Name Radius Accounting Enable e Additional HTTP port configures the additional HTTP port It does not ee include 80 and 443 0 is the default value which means that there is no EAEE IPv4 Portal Server Name additional HTTP port and it adopts the default 80 port IPv6 Portal Server Name e Auth Mode configures the authentication mode that the CP supports i 0 200 and includes RADIUS LDAP and NONE oe JE
109. ss e Server Port LDAP server port default port is 389 e Basic DN base DN that the user wants to find for the LDAP server e User Attribute user attribute on the LDAP server e User Object Type type of the LDAP server e Authentication Mode simple and anonymous authentication simple authentication requires user name and password e User Name the appointed username e Password the appointed password e Filter Condition additional condition for configuring required by the user Wireless Web Interface User s Manual 37 Example Configure the LDAP server 1 Type the Server IP Address as 192 168 1 10 the Server Port as 389 Basic DN as abcd the User Attribute as cn and the User Object Type as abcd Select the Authentication Mode as Authentication the User Name as wlan the Password as 123456 and the Filter Condition as inetUserStatus Active Click OK LDAP Configuration 1 Server ID Server IP Address Server Port Basic DN User Attribute User Object Type Authentication Mode Filter Condition Operation Server ID 1 1 8 Server IP Address 192 168 1 10 Server Port 389 1 65535 Basic DN User Attribute cn User Object Type Authentication Mode Authentication User Name wlan 1 64 Password 123456 1 32 Filter Condition inetUserStatus Active 1 64 LDAP Configuration Server IDServer IP Address Server Port Basic DN User Attribute User Object Type Authentication Mode Fil
110. t the batch job 4 Click Start Manual Upgrade to begin the AP upgrade Click Abort Manual Upgrade to cancel it 5 After beginning the upgrade the Status is shown as in the following figure Global Status Download Count 2 Success Count 0 Failure Count 0 Abort Count 0 Code Transfer In Progress Managed AP i Status Software Version Waiting For APs To Finish Download 2 0 10 14 Code Transfer In Progress 2 0 10 14 f8 f7 d3 00 15 a0 f8 f7 d3 00 1a 50 Wireless Web Interface User s Manual 66 When the upgrade is complete the following window will appear The Table for AP Hardware T Supported by Image T AP Image Manual Upgrade AP Manual Upgrade Configuration O AP Image Type AP Image URL t tp 192 168 1 193 upgrade 2 0 10 14 tar Group Size 1 to 48 Image Download Type fa images E Managed AP f8 f7 d3 00 15 a0 Oo f3 17 d3 00 1a 50 Global Status Download Count Success Count Failure Count Abort Count Managed AP ita b Wireless Web Interface User s Manual 67 SIMPLE COMMUNICATION GI O EE CL Chapter 15 Load balance Click WLAN Configuration gt Advanced Configuration gt Load Balance to open up the Load Balance Configuration page to configure parameters 15 1 Create template The Load Balance Template 1 is disabled by default and it cannot be deleted Click New to configure the new Load Balance Template The new ID cannot be the same as the existing ID D re Lo
111. te all detected clients Note The associated clients will not be deleted Select the rogue client and click Acknowledge to clear this rogue client click Acknowledge All Rogues to clear all rogue clients Wireless Web Interface User s Manual 95 ZN wy om my 20 3 4 Detected client detail Click View Detail to view the detected client detail 20 3 4 1 Detected client status Select the client in the MAC Address drop down list to view Detected Client Status MAC Address 00 12 f0 21 ce c2 Detected Client Status MAC Address 00 12 f0 2f ce c2 Auth Msgs Recorded 0 Client Status Detected Auth Collection Interval 0d 00 00 01 Authentication Status Not Authenticated Highest Auth Msgs 0 Threat Detection Not Detected De Auth Msgs Recorded 0 Threat Mitigation Status Not Done De Auth Collection Interval 0d 00 00 01 Time Since Entry Last Updated 0d 00 00 02 Highest De Auth Msgs 0 Time Since Entry Create 0d 00 32 59 Authentication Failures Probes Detected 31 Broadcast BSSID Probes 64 Broadcast SSID Probes 95 Specific BSSID Probes Probe Req Recorded 9 Specific SSID Probes Probe Collection Interval 0d 00 00 01 Last Non Broadcast BSSID 0 00 00 00 00 00 Highest Probes Detected 15 Last Non Broadcast SSID Channel 6 Threat Mitigation Sent 0d 00 00 00 Assoc Collection Interval 0d 00 00 01 DisAssoc Collection Interval 0d 00 00 01 Assoc Msgs Recorded 0 DisAssoc Msgs Recorded 0 OUI Description Intel Corporate Acknowledge If this cl
112. ted 1 802 11b g n amp 2 802 11a n Authenticated Clients 0 Transmit Power 0 Fixed Power Indicator no Manual Channel Adjustment Status Not Started Manual Power Adjustment Status Not Started WLAN Utilization 0 Total Neighbors 0 Radio Resource Measurement Enable TSPEC Status Number of Active Traffic Streams 0 Number of Traffic Stream Clients 0 Number of Traffic Stream Roaming Clients 0 Medium Time Admitted 0 Medium Time Unallocated 0 Medium Time Roaming Unallocated 0 Lia CZ rita Wireless Web Interface User s Manual 88 SIMPLE COMMUNICATION i i TT Gh 20 2 2 3 Neighbor APs APs can detect the surrounding RF in real time including neighbor APs and neighbor clients The neighbor APs information is shown as follows 551D Age Tenda_ BD080 i 0d 00 00 24 Tenda 04 00 00 24 Guest Network 0d 00 00 24 dlink Od 00 14 37 e Neighbor AP MAC detected AP MAC e SSID SSID of AP network e RSSI received signal strength indication of AP e Status includes Managed Standalone fat AP Unknown and Rogue e Age how long in terms of days hours minutes and seconds that the AP has been detected 20 2 2 4 Neighbor clients The Neighbor Clients information is as follows Neighbor Clients Neighbor Client MAC 00 12 f0 2f ce c2 0d 00 00 02 00 1f 3c 18 f9 c8 0d 00 00 02 00 22 75 bf 6f 0e 0d 00 02 45 00 24 d7 77 6c 9c 0d 00 00 02 00 24 d7 7b 69 8c 0d 00 00 02 W
113. ter Condition Operation 1 192 168 1 10 389 abcd cn abc Authentication inetUserStatus Active Modify After configuring select Modify to modify the configured LDAP server The user can also delete the configured LDAP server by clicking Delete ED mn a GIN Ib b Wireless Web Interface User s Manual 38 SIMPLE COMMUNICATION DS Chapter 8 Discovery 8 1 IP discovery 8 1 1 Enable and disable IP discovery Click WLAN Configuration gt Discovery gt L3 IP Discovery select Enable and then click Submit This enables the L3 discovery If the check box is not selected the L3 discovery will be disabled IP Discovery The Link1000ACS can discover an access point AP or another access controller AC by sending discovery message to the IP address of that AP or AC Enable Submit 8 1 2 Add IP of L3 IP discovery Type the IP address in the Destination IP Address box and then click Add to add it into the discovery list 8 1 3 Delete IP address from L3 IP discovery list Select the IP address that needs to be deleted and then click Delete The selected IP address will be deleted Destination IP Address 197 168 171 270 192 168 1 30 Destination IP Address Wireless Web Interface User s Manual 39 8 2 L2 VLAN discovery 8 2 1 Enable L2 VLAN discovery Click WLAN Configuration gt Discovery gt L2 VLAN Discovery and then select Enable Click Submit to enable L2 discovery L2 VLAN Discovery The Link1000ACS
114. tgensaneatandarnennearssentts 83 21 4 3 FTP client Service rrrrrrnnrrnnnnnnnnnnnvrrrnernternnrnrrneresssnnnnnnnne 119 20 2 AP cccsanitciasixinsdiauiexnenpdunssacndivbensnegdiuxtededaglaanausspevdeeassadsceseeeidedeesnschedasts 85 21 4 4 FTP server ServiCce nmmmmmmmmmmmmmmmmmmmmmmen 121 22 TR TAN 86 21 5 Telnet server configuration wrrvrrrnvrvrrvrerrrenrnvenrsvenrrvversvrenervesnn 122 02 FP 86 21 5 1 Telnet server State cccccccccccceececccceceececeuttecsecuteeeeesateeees 122 20 2 3 Failure AP list rrrrrrnnnrronrnnnrrrrnrnnrrernnnnrnrrnnnnsnennrnnnnennnnnsner 91 21 5 2 Max numbers of telnet access connection ccccccceeeeee 123 20 3 Wireless client geen ee nee ee ee en 92 21 6 Maintenance and debugging command usrvrrrvvrnnnvvnnrsvrrersvrvenn 493 20 3 1 Associated CHENIN Sl una asken sdee mein 92 21 6 1 Debug command ersvvvnrnvrernvvrnnvverrnvennsverrsvverssvensvvenssreeenen 124 20 3 2 Associated client detail eee eee eee eters 93 TN 125 20 3 3 Detected ETE d 95 20 3 4 Detected client detail ccccccceescsesssesssessseeessessseesnseeeaee 96 Regulatory and COMpIHANCE settee 127 20 4 RF SCan ernarannnrnonnnnonnnrennnnnnnnsennnnennnsrsnnnsennnnennnsevnnsnnnnnennnnennneennnnee 98 90 4 1 AP RE scan Status og LG EEE 130 ADA AAP RF SCAN dE A gee EEEn p SEEE nis ESEESE 98 20 4 3 Client dynamic blacklist rrrrnnrrrrnnrrrrrnrrrrrnrrrrnnrrerranrrnnnn 101 Lia AAN Ib b Wireless Web Interf
115. the switch e Security IP address the security IP address of NMS e Operation Add or Remove Example Type the Security IP address as 192 168 1 10 and then click Apply to complete the configuration as follows Configure snmp manager security IP Security IP address 192 168 1 10 21 2 5 SNMP Statistics Click Management gt SNMP Configuration gt SNMP Statistics to display the SNMP statistics SNMP statistics Information feedback window Link1lO000ACS show snmp 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 Too big errors Max packet size 1500 0 No such name errors 0 Bad values errors 0 General errors 0 Get response PDUs 0 SNMP trap PDUs Wireless Web Interface User s Manual 114 hm dd rn 21 3 SSH management Secure Shell SSH connections use a trusted SSL certificate for user logon to the web GUI interfaces Browsers such as Internet Explorer Firefox Safari and Chrome come preinstalled with a predetermined set of root certificates These certificates serve as trusted third parties and work instantly to provide seamless usability The icXchange solution accepts root SSL certificates from all browsers for a secure and encrypted https login Users are not allowed to introduce t
116. tication MOdeC ccccccccccccsecccuccceccccuccesccuteceeuutecessueeeeesens 17 4 4 AP validation method 4vamunrsussmmapumsu jp vmajejvvaje viv 18 Safety precauti0ns usrvsvesvevsersverservverseersersensserseenserseensensn i 4 5 Radius authentication server ccecccceeeeceeeeceeeeceeeeeeeeeseeeeseeeeeseeeess 18 Text conventiOnS rrrrnnrrnnnnrnnnnrnnnnrennnrennnnnnnnnennnnrnnnnsennnrennnrnnnnennnnnennnsennn ii 4 6 Radius ACCOUNTING MOde o r r areenaa neninn 18 Table of contents m m 4 7 Radius accounting Server uusmemlddksrekjemenuensjemesbnndnduij 19 4 8 Client QoS global mode rrrrnnnennnnnvvnnnnrrnnnnnennnnnrnnnnnrennnenennnnnsnnnnnnen 19 Chapter 1 Introduction to Web page configuration EE 1 TT NE 19 1 1 Configuration preparation ccccccceccesscsecsessserseseesesseseecersaserserserersanees 1 4 10 Peergroup ID 19 1 1 1 Computer requirements cccccccecscceseesesceceseecescecereeserersnenees 1 4 11 Cluster priority rnnrrnnnnnrrrnnnrrrnnnrvrnnnrennnnnennnnnennnnnennnnnsennnenennnnnennnn 20 1 1 2 The Link1000ACS management through Web 0068 1 1 2 Web interface introduction rvrrrrrrrrrnnnnnrvvrrrnererrrrrrrnnnnnnnrvnnnneesernsnnn 5 se 1 2 1 Log in to the Link1000ACS uuunnmsmmmmmmm 5 5 1 Configure network Di rcccissnenesusinscseterte lt nacevcsansncennteaansatianeaainciGaracnccnees 21 122 Web interface introduction mm 5 5 2 Configure authentication Mode L urmrusennsuusanmiansdjm
117. tion mode needs the radius server s WEP authentication To configure WEP 802 1x please refer to Chapter 7 Security authentication Radius authentication server configuration Example Type the Radius Authentication Server as wlan1 and type the Radius Accounting Server as wlan2 The Accounting Update Interval Bcast Key Refresh Rate and Session Key Refresh Rate adopt the default WEP 802 1x authentication Click OK The figure is as follows Authentication Mode WEP 802 1 Radius Authentication Server Radius Accounting Mode Radius Accounting Server Accounting Update Interval 60 3600 Beast Key Refresh Rate 300 0 86400 Session Key Refresh Rate 30 86400 0 Disable Wireless Web Interface User s Manual 22 5 2 4 WPA personal WPA Personal sets the configuration as security mode wpa personal It requires the WPA password for the association when connecting to the network There are three modes WPA WPA2 and WPA WPA2 There are two WPA ciphers TKIP and CCMP Example Select WPA Personal from the Authentication Mode drop down list select WPA WPA2 from the WPA Versions drop down list select CCMP from the WPA Ciphers drop down list type 12345678 in the WPA Key field and type 300 in the Bcast Key Refresh Rate field Click OK Authentication Mode WPA Personal WPA Versions WPAIWPA WPA Ciphers uP e WPA Key 12345678 Beast Key Refresh Rate 0 86400 5 2 5 WPA enterprise WPA Enterprise sets the configuration as
118. twork e Wired Network Detection interval seconds configures the shortest waiting interval of every detection default value is 60s e Managed SSID from an unknown AP enables or disables detection of illegal AP imitating lawful SSID AP without an SSID enables or disables detection that no SSID field in Beacon frame Wireless Web Interface User s Manual 49 ZN wy om my e Managed SSID detected with incorrect security enables or disables detection of AP using the incorrect security authentication mode e AP is operating on an illegal channel enables or disables the detection of the managed AP Beacon from receiving on the illegal channel e Unexpected WDS device detected on network enables or disables detection of unexpected WDS device based on OUI database e Administrator configured rogue SSID enables the rogue SSID detection configured by the administrator e Rogue Detected Trap Interval seconds default value is 300s e AP De Authentication Attack enables or disables the rogue AP mitigation function e AP De Authentication Attack Lifetime seconds configures the AP de authentication attack lifetime default value is 600s Wireless Web Interface User s Manual 50 a ee I 11 2 WIDS client configuration Click WLAN Configuration gt WIDS Security gt WIDS Client Configuration to configure This enables the WIDS client detection and configures the items parameters WIDS Client
119. twork and the configured ACL DiffServ and rate limit of down up can be used Chent Q05 Global Mode 4 9 Country code The Country Code drop down list is used to configure the country code of the Link1000ACS and AP US United States is the default The configured country code must conform to the country of the device s location due to the necessary lawful channels of different countries US United States 4 10 Peer group ID The cluster mark can be configured through this Peer Group ID text box The Link1000ACSs with the same group ID can create a WLAN cluster and transmit information to each other The Link1000ACSs with different group IDs cannot communicate with each other The default peer group ID is 1 and the range is from 1 to 255 Wireless Web Interface User s Manual 19 ZN wy om my hmm hl 4 11 Cluster priority The Cluster Priority text box appoints the priority of selecting the Link1000ACS Access Control Switch for the Link1000ACS The higher the value the higher the priority This Link1000ACS can easily be selected as the access control switch When changing the priority of one Link1000ACS in a cluster the new selection of the Link1000ACS Access Control Switch will be triggered The default cluster priority is 1 and the range is from 0 to 255 Wireless Web Interface User s Manual 20 Chapter 5 Networks 5 1 Configure network ID The default network ID is network1 Either select the existing n
120. witch 21 6 1 Debug command Click Management gt Maintenance And Debugging Command gt Debug Command to open the Configuration page and configure basic host configuration PING and traceroute 1 Basic configuration configures the mapping between the switch and the IP address Example Type the Host name as AC and the IP address as 192 168 1 1 Select Operation Add and then click Apply Basic host configuration 2 PING The entries are as as follows Host name name of the host IP address the destination IP address a AEE iists Wireless Web Interface User s Manual 124 SIMPLE COMMUNICATION Example Type the IP address as 192 168 1 80 and then click Apply 3 Traceroute The entries are as follows e IP address the destination IP address e Host name name of the host e Hops maximum number of hops e Timeout packet timeout Traceroute 21 6 2 Others The other configurations in the Maintenance and Debugging Command are simpler Users can click the configuration tab to retrieve the corresponding information they will not be listed one by one Example Wireless Web Interface User s Manual 125 ZN wy om my 1 Display the clock as follows ast 5 second CPU IDLE 96 Ast 30 second CPU IDLE 95 ast 5 minute CPU IDLE 95 From running CPU IDLE 95 3 Display the memory usage information under the current status as follows Information feedback window Lin
121. x as shown in Figure 1 3 Figure 1 3 Local area connection properties AP Intel R 82566MM Gigabit Network Connection Configure This connection uses the following items Client for Microsoft Networks 2 Microsoft Network Monitor 3 Driver JZ QoS Packet Scheduler g File and Printer Sharing for Microsoft Networks Intemet Protocol Version 6 TCP IPv6 Intemet Protocol Version 4 TCP IPv4 M Link Layer Topology Discovery Mapper 1 0 Driver Link Layer Topology Discovery Responder _ Properties Description Allows your computer to access resources on a Microsoft network Lia ita b Wireless Web Interface User s Manual 2 SIMPLE COMMUNICATION GI O Select Internet Protocol Version 4 TCP IPv4 and then click Properties to open the Internet Protocol TCP IP Properties dialog box Select Use the following IP address type the IP address between 192 168 1 2 and 192 168 1 254 and the subnet mask 255 255 255 0 then click OK Internet Protocol Version 4 TCP IPv4 Properties You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address IP address 199 168 2 Subnet mask 255 255 255 0 Default gateway Obtain DNS server address automatically Use the following DNS server
122. y configures the user on line time including Network Time Limit Configuration and Radio Time Limit Configuration The network time limit configuration is based on the network and it limits clients access to the network by disabling VAP The radio time limit configuration is under the radio and it limits clients access to the network by disabling the radio These two policies include the Cyclical Policy and UTC Policy The cyclical policy is used to configure the time of one day or week for example stop the network access from hh mm to hh mm The UTC policy is used to configure the detailed date for example allow or stop the network access from hh mm on YYYY MM DD to hh mm on YYYY MM DD 17 1 Network time limit configuration Select the Network ID from the drop down list to configure the time limit policy under the network to be accessed and configure the Start Time and End Time of the cyclical policy In the Weekday column the user can choose EveryDay or a weekday After configuration the network cannot be accessed on the specified day s during the configured times In the UTC policy the Start Time and End Time should be configured as the detailed time The Network Status includes Up and Down which enables or disables the VAP that the network corresponds to in this time Example Configure network 1 to prevent network access from 8 00 18 00 every day as shown in the following figure Cyclical Policy Start Time 08 00 End Time 18 00
Download Pdf Manuals
Related Search