Planet Technology WDAP-2000PE User's Manual
Contents
1. Default Domain Policy swpa dell2k swpa sercomm com tw P E ea Computer Configuration BH Software Settings Eb a Goes Settings HH Scripts Startup Shutdown B Security Settings H E Account Policies ggj Local Policies E e Event Log 51 19 Restricted Groups 5 9 System Services e 08 Registry e 08 File System E Public Key Policies CA Di Encrypted Data Recovery Agents E EAutomatic Certificate Request lt E Trusted Root Certification Authorities EY Enterprise Trust 8 IP Security Policies on Active Directory Settings Automatic Certificate Request View D B Administrative Templates Refresh E Ee User Configuration Export List E Software Settings E Windows Settings QJ Administrative Templates Help eate a new Automatic Certificate Request object and add it to the Security Configuration Editor Start t ed 3k Clipboardos I G Active Directory 4 ffi Group Policy lefiGroup Policy 2 aig ag S 2 56PM 8 When the Certificate Request Wizard appears click Next 9 Select Computer then click Next 38 Automatic Certificate Request Setup Wizard Certificate Template The nest time a computer logs an a certificate based on the template you select is provided certificate template is a set of predefined properties for certificates issued to computers Select a template From the following list Certificate templates Intended Purposes Client Authe2. Shared secret ER RADIUS Server Retry Times E Times f APPLY 25 Check this if you want to enable RADIUS authentication using the Enable Primary Secondary primary secondary Radius Server If both are selected the pri Server Server IP Port number Shared secret Retry times 3 5 9 DoS Settings mary server will be tried first The IP address of the RADIUS server The port number that your RADIUS server uses for authentica tion The default setting is 1812 This is used by your RADIUS server in the Shared Secret field in Radius protocol messages The shared secret configured in the WDAP 2000PE and the RADIUS server must be identical The shared secret can contain up to 64 alphanumeric characters The number of times the WDAP 2000PE should attempt to contact the primary server before giving up A Denial of Service attack is one of the popular hacking methods The attacker tries to make some resource too busy to answer legitimate requests or to deny legitimate users access to your machine WDAP 2000PE can be configured to prevent such attack Dos Prevention settings Authentication fails E times Braadcast storm filtering Medium Kc O Ping flooding filtering Mediuma Bi APPLY gt Authentication Failure Clients Authentication fails Broadcast storm filtering You can set a maximum failure count When the number of times that a WLAN station fails to authenticate itself reaches t
3. Rb Networking amp Communication 54 108Mbps Super A G Wireless Access Point WDAP 2000PE User s Manual Copyright Copyright 2005 by PLANET Technology Corp All rights reserved No part of this publica tion may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form or by any means electronic mechanical magnetic optical chemical manual or otherwise without the prior written permission of PLANET PLANET makes no representations or warranties either expressed or implied with respect to the contents hereof and specifically disclaims any warranties merchantability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following their purchase the buyer and not this com pany its distributor or its dealer assumes the entire cost of all necessary servicing repair and any incidental or consequential damages resulting from any defect in the software Fur ther this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes All brand and product names mentioned in this manual are trademarks and or registered trademarks of their respective holders Federal Communication Commission Interference Statement This equipment has been teste
4. show system ip Description Display the current device IP settings of the system show telnet Description Display the current configurations of the TELNET management function show upnp Description Display the current configurations of the UPnP function show wlan management Description Display the current state of WLAN management 2 Filtering Commands add mac filter string up to 30 characters MAC address XX XX XX XX XX XX gt Description Add a MAC filter with the specified name a mnemonic name and MAC address delete mac filter string up to 30 characters Description Delete the MAC filter with the specified name set mac filter mode MAC filter mode disabled grant deny gt Description Set the MAC filter mode show mac filter lt string up to 30 characters gt Description Display the MAC filter entry with the specified name If no name is specified this command display all currently configured MAC filter entries show mac filter mode Description Display the currently configured MAC filter mode 3 SNMP Commands disable snmp Description Disable the SNMP function enable snmp Description Enable the SNMP function set community string read write string up to 15 characters Description Configure the SNMP READ WRITE community string show community string read Description Display the SNMP READ community string show snmp Description Display the current SNMP settings 50 show
5. 3 Connect RJ 45 cable to WDAP 2000PE Connect this WDAP 2000PE to your LAN switch hub or a single PC 4 Plug in power adapter and connect to power source After power on WDAP 2000PE will start to operate Note ONLY use the power adapter supplied with the WDAP 2000PE Otherwise the product may be damaged 2 2 Using PoE Power over Ethernet The LAN port of WDAP 2000PE supports PoE Before you proceed with the PoE installation please make sure the PoE adapter or switch is 802 3af compliant 1 Do not connect the supplied power adapter to the WDAP 2000PE 2 Connect one end of a standard category 5 LAN cable to the Ethernet port on the WDAP 2000PE 3 Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter or switch IEEE 802 3af compliant 4 Check the LEDs on the WDAP 2000PE to see it is drawing power via the Ethernet connection Power To Hub Ethernet Data 4 A gt WDAP 2000PE D amp ta fower POE 150 NOTE ONLY use the IEEE802 3af complied in line power equipments to the Access Point Connect with any other non standard in line power device may cause the AP malfunction Chapter 3 Setup amp Management This chapter describes the setup procedure to make the WDAP 2000PE a valid device on your LAN and to function as an Access Point for your Wireless Stations The WDAP 2000PE can be configured using either the Web Browser or the CLI Command Line In
6. Can t connect to the WDAP 2000PE to configure it Check the following e The WDAP 2000PE is properly installed LAN connections are OK and it is powered ON Check the LEDs for port status e Ensure that your PC and the WDAP 2000PE are on the same network segment If you don t have a router this must be the case e f your PC is set to Obtain an IP Address automatically DHCP client restart it If your PC uses a Fixed Static IP address ensure that it is using an IP Address which is compatible with the WDAP 2000PE If no DHCP Server is found the WDAP 2000PE will default to an IP Address and Mask of 192 168 1 1 and 255 255 255 0 On Windows PCs you can use Control Panel Network to check the Properties for the TCP IP protocol My PC equipped with wireless adapter can t connect to the LAN via the WDAP 2000PE Check the following e The SSID and WEP settings on the PC match the settings on the WDAP 2000PE e On the PC the wireless mode is set to Infrastructure e f using the Access Control feature the PC s name and address is in the Trusted Stations list e If using 802 1x or WPA mode ensure the PC s 802 1x software is configured correctly How to improve the stability of my wireless connection e Try different antenna orientations for WDAP 2000PE Keep the antenna at least 6 inches away from walls or obstacles e lf there are 2 4GHz cordless phones home security systems ceiling fans existing in the sa
7. Smartcard Logon Client amp uthenticatic tel Code Signing Code Signing Ga Trust List Signing Microsoft Trust List Lg Enrollment Anen Certificate Renuestoe Cancel 4 Select Start Programs Administrative Tools Active Directory Users and Com puters 5 Right click on your active directory domain and select Properties A Active Directory Users and Computers tend je Gee e mp l Ane amn we e geb a Tree Deer Cortrlers 1 objects Action Directory Users M HT cad Bl cuu n animis zt Computer Sec 3 a 3 ges qu uon is ecco edat inen Srel Wee nem 6 Select the Group Policy tab choose Default Domain Policy then click Edit 37 wireless yourdomain tld Properties ET DEE General Managed By Group Policy Na Ovenide Disabled A Default Domain Policy Group Policy Objects higher in the list have the highest priority This list obtained from rowan wireless pourdomain Hd Add Edit Up 7 Select Computer Configuration Windows Settings Security Settings Public Key Policies right click Automatic Certificate Request Settings New Automatic Certificate Request sf Group Policy action view amp gt EIER Ale Tree Automatic Certificate Request
8. 255 with a default value of 1 Set the number of users allowed to get associated with your User limitation WDAP 2000PE Enable Privacy Separator will make any two WLAN stations on Enable privacy seperator different networks unable to see each other This is the power degree in percentage max 100 that ra Radio 1 Radio 2 Transmit dio1 radio2 uses to transmit data Power This is the maximum or fixed data rate to transmit data supported Rate control If a station does not send anything in age out time a empty date Age out timer frame will be sent to the station If this frame is not ACKed the station will be disassociated and then deauthenticated 3 5 7 Operational Mode 3 Operational Mode Select a Radio to configure 9 Radio O Radio2 select the operational mode Access Point CQ Wireless Distribution aystemiBridge Mode APPLY Additional configurations for WDS mode Peer Name MAC Address L H L L ADD Q aaa 24 55 55 55 55 55 DELETE SELECTED Currently each radio of the WDAP 2000PE can be configured to operate in AP or WDS mode When configured as a WDS you need to further configure the name and MAC address of its peer Select a Radio to config 24 WDS devices ure This means the device is working on AP only Mode and is for Access Point wireless client users only Mu This mode can help you to group different wired networks to Wireless Distribution ge
9. PC to discover this WDAP 2000PE and automatically show an icon on the screen Then a user can double click the icon to access this device directly without having to find out its IP address 18 l You can enable disable the 802 1d STP Spanning Tree Protocol Bridge function on the bridge of WLAN and Ethernet i e the LAN inter face Enable this function can detect loops in your LAN environment and then protect the LAN from being saturated with infinite loop traffic When the WDAP 2000PE encounters an error or warning condi Syslog tion e g a log in attempt with an invalid password it will create a log in the system log table Enabling Syslog option the WDAP 2000PE will send logged events over network to the specified server for remote storage and future reviewing If you check the Enable Email Log button the WDAP 2000PE Email Log will send log information to the configured email address through the configured mail server 3 5 3 SNMP Settings SNMP Settings Enable SNMP Assign system information System Mame WDAF 200PE System Location Input System Location System Contact Input Contact Person Assign the SNMP community string Community String For Read public Community String For write private Assign a specific name and IP address for your SNMP trap manager Mame IP Address DELETE SELECTED SNMP enables network administrators to manage network per Ena
10. SELECTED button You can enable a trap manager by checking the Enable box in the corresponding entry or disable the trap manager by un checking the Enable box 3 5 4 MAC Filtering Settings The WDAP 2000PE allows you to define a list of MAC addresses that are allowed or denied to access the wireless network 20 MAC Filtering Settings This feature allows you to define a list af MAC addresses that are authorized to access ar denied from accessing the wireless network 9 Disable MAC address control list Mo MAC address filtering is performed e Enable GRAMT address control list Allow data traffic from devices listed in the table ta acces the network O Enable DENY address control list Deny discard data traffic fram devices listed in the table Mnemonic Name MAC Address CBR oo oo oo eo f DELETE SELECTED NOTE Incorrect configuration may cause undesirable behavior Please refer to the user manual far mare details Disable MAC address control list Enable GRANT address control list Enable DENY address control list When selected no MAC address filtering will be performed When selected data traffic from only the specified devices in the table will be allowed in the network When selected data traffic from the devices specified in the table will be denied discarded by the network To add a MAC address into the table enter a mnemonic name and the MAC ad
11. be installed To see what s included in a component click Details Components L Accessories and Utilities Si Certificate Services 1 4 MB O lt gt Cluster Service 2 5 MB EP Indexing Service 0 0 MB Ml BE Internet Infnrmatinn Services 1115 21 Rh MB Description Message Queuing provides loozely coupled and reliable network communication services Total disk space required 12 7 MB Space available on disk 6699 9 MB Details lt Back Cancel 4 Click Next 5 Selectthe Enterprise root CA and click Next 33 Windows Components Wizard Certification Authonty Type There are four types af certification authorities Certification Authority types Enterprise root CA Enterprise subordinate CA Stand alone root CA C Stand alone subordinate CA Advanced options Description The most trusted CA in an enterprize Should be installed before any other CA Requires Active Directory H lt Back Cancel Enter the information for the Certificate Authority and click Next Windows Components Wizard CA Identifying Information Enter information to identify this CA CA name Organization Organizational unit City State or province E mail CA description Valid For WielessC Systems 00000000000 ala a Country regian Jus wireless EA PETAEN fears Expires lt Back Cancel Click Next if you don t want to change th
12. cause harmful interference and 2 this Device must accept any interference received including interference that may cause undesired operation Federal Communication Commission FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environ ment In order to avoid the possibility of exceeding the FCC radio frequency exposure limits human proximity to the antenna shall not be less than 20 cm 8 inches during normal opera tion ii Safety This equipment is designed with the utmost care for the safety of those who install and use it However special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment All guidelines of this and of the computer manufac ture must therefore be allowed at all times to ensure the safe use of the equipment CE Mark Warning This is a Class A product In a domestic environment this product may cause radio interfer ence in which case the user may be required to take adequate measures Revision User s Manual for PLANET 54 108Mbps Super A G Wireless Access Point Model WDAP 2000PE Rev 1 0 August 2005 Part No EM WDAP2000PE iii TABLE OF CONTENTS CHAPTER 1 INTRODUCTION nnn 3 1 1 Package Contents iiie EE Eee A 3 1 2 TT 3 123 unisce ee 4 LA SPC EE iS 5 1 6 Wireless PerfOrmanGe ccc isis kac s cun s eos adssua cua d ananas sd nsn anna uas eias deoa a
13. of your Gateway or Router Enter the value used by other devices on your LAN e DNS Enter the DNS Domain Name Server used by PCs on your LAN to this device Use the DHCP protocol to Select this option if you have a DHCP Server on your LAN and you want the WDAP 2000PE to obtain an IP address automatically 3 3 3 Wireless Settings You can set the SSID Operating Standard and Channel of 5GHZ and 2 4GHz radios Common Security Policy in this page Click NEXT to proceed 11 Device Status Advanced Settings System Tools Logout 9 wireless Settings Time amp ETTINGE Device IP SETTINGS Network ID SSID ware WIRELESS SETTINGS All wireless clients must use the same Network Mame 5851D in order to Save CONFIG associate with the same wireless network DU Disable SSID Broadcasting Regulatory Domain FCC WLAN Standard for Radio 1 Mode lla Channel 36 WLAN Standard for Radio 2 W Mode 11gb Channel mi Select Common Security Policy None b v f BACK Y NEXT NOTE To access the wireless network user must have correct SSID and encryption key if enabled d Help The SSID up to 32 printable ASCII characters is the unique Network ID SSID name identified in a WLAN The ID prevents the unintentional merging of two co located WLANs Please make sure that the SSID of all stations in the same WLAN network are the same The default SS
14. on 100M speed Flashing Green Transmit or receive data OFF Link is active on 10M speed Steady Green Link is active on 802 11a mode Flashing Green Transmit or receive data OFF No connection Steady Green Link is active on 802 11b g mode Flashing Green Transmit or receive data OFF No connection Installation Rear View Connector Description dipole antennas are supplied Best result is usually obtained with the antenna in a vertical position e the supplied power adapter here In order to clear ALL settings and restore to factory Reset Button default holding the Reset Button down continuously for 5 LAN PoE seconds Use a standard LAN cable RJ 45 connectors to connect this port to a 10BaseT or 100BaseT hub on your LAN 1 4 Specification Model Standard Signal Type Modulation Port Antenna Connector Wireless Transmit Power Wireless Receive Sensitivity Operating Mode Security WDAP 2000PE IEEE 802 11b 802 11g 802 11a DSSS Direct Sequence Spread Spectrum OFDM with BPSK QPSK 16QAM 64QAM DBPSK DQPSK CCK 10 100Mbps RJ 45 port 1 802 3af compliant Reverse SMA male x 2 IEEE802 11a mode 17dBm 54Mbps 20dBm 6Mbps IEEE802 11g mode 17dBm 54Mbps 20dBm 11Mbps 20dBm 1Mbps IEEE802 11b mode 14dBm IEEE802 11a mode 85dBm 6Mbps 65dBm 54Mbps IEEE802 11g mode 91dBm 1Mbps 84dBm 11Mbps 65dBm 54Mbps AP WDS mode WEP WPA with PS
15. 1 01801 Jan 1 08 27 52 WDAP 2000PE http Logout from the system Device IP Jan 1 08 28 47 WDAP 2000PE http Login into the system 192 168 1 1 Device MAC 00 30 4F 67 25 40 Wireless MAC 1 Dn 30 4F B7 25 41 Wireless MAC2 00 30 4F 67 25 40 Uptime dd hh mm 3 4 2 Wireless Client Table The wireless client table lists the current wireless clients and its MAC address state and traffic statistics 14 e Status Advanced Settings System Tools Logout ll Device starus System Los AREL Esa UEN T TAR LE BRIDGE TABLE de DERVICE INFORMATION Firmware Version 1 01801 Device IP 192 158 1 1 Device MAC 00 30 4F 67 25 40 Wireless MAC 1 00 30 4F 67 25 41 Wireless MAC A 00 30 4F 67 25 40 Uptime dd hh mm 0 00 28 3 4 3 Bridge Table The bridge table shows all MAC entries learned from the wired LAN interface wireless clients and WDS peers if running in the WDS mode 1 FL atus Advanced Settings System Tools Logout DET Bridge Table SYSTEM LOG WIRELESS CLIENT TABLE MAC Address DO 30 4F 67 25 40 O0 30 4F 6 7 25 40 00 30 4F 67 25 41 A a Interface wlan1 bss local eth lacal HRIDGE TABLE amp DERVICE INFORMATION Firmware Version 7 01201 Device IP Help 182 168 1 1 a Device MAC O0 30 4F 67 25 40 Wireless MAC1 O0 30 4F 6 7 25 44 Wireless MAC A 00 30 4F 67 25 40 Uptime dd hh mm 0 00 24 15 3 4 4 Radio Table Radio tabl
16. 2 Services MS eo tans 33 4 5 3 DHCP server configuration esses nennen 34 4 5 4 Certificate Authority Getup 36 4 5 5 Internet Authentication Service Radius Setup 39 4 5 6 Grant Remote Access for Ueers meme 40 4 6 802 1x Client Setup on Windows XP ooocccccccconoconoccconccoonanannncnnnnnnnncnnnennnnonos 41 4 6 1 Client Certificate Getunp eene 41 4 6 2 802 1x Authentication Setup EEN 44 AT SING 8021X re cm itad 47 APPENDIX A rRousr EsHooriNG nes 48 APPENDIX B COMMAND LINE INTERFACE 49 Using the CLI Te Met caia 49 Grommel 49 Chapter 1 Introduction PLANET WDAP 2000PE is an IEEE 802 11a g dual band Wireless Ac cess Point with PoE With the latest innovative Super A G technology integrated the maximum data rate of WDAP 2000PE is 108Mbps which doubles the speed of standard 802 11a g WDAP 2000PE is also backward compatible and interoperable with IEEE 802 11b compliant wireless devices Emphasizing on the enterprise demand WDAP 2000PE enhances many security and management features including multiple SSIDs VLAN QoS DiffServ support WPA WPA2 DoS Prevention and so on The LAN port of WDAP 2000PE has PoE function conforming to IEEE 802 3af providing both data transfers and power supply through one Ethernet cable Therefore it can be installed anywhere without the constraint on power socket
17. ID is default If this option is unselected every wireless station located within Disable SSID Broadcasting the coverage of this access point can discover this access point easily Disabling Broadcast SSID can provide better security and privacy Please make sure that your regulatory domain matches your Regulatory Domain region Mode Set the mode for each radio Radio1 only operates on the WLAN standard for Radio 5 GHz frequency and radio2 only operates on the 2 4 GHz fre quency So radio1 can be configured with 11a or Super A and 1 2 radio2 can be configured with 11g b 11b only 11g only and Super G Channel Select the appropriate channel for each radio from the list provided to correspond with your network settings It is sug gested to select Auto and let the system pick up the best channel for you None No security is used Anyone using the correct SSID can Select Common Secu connect to vour network 12 connect to your network WEP WDAP 2000PE allows you to use WEP data encryption to secure your data from being eavesdropping by unauthorized users There are WEP64 WEP128 and WEP152 provided for data encryption rity Policy You can either use ASCII format or Hex format to enter a key With Hex format 2 digits represent 1 byte Once you enable the WEP function please make sure that exactly the same WEP keys are set on the Wireless AP as well as on wireless client stations Note Some Wireless Clien
18. K TKIP AES support 802 1x authentication EAP TLS EAP TTLS EAP MD5 EAP PEAP MAC filtering authorized Block SSID broadcast Management Web based configuration CLI configuration Message Log Firmware upgrade UPnP support Configuration file Backup Restore Data Rate Super A G mode Up to 108Mbps 802 119 Up to 54Mbps 6 9 12 18 24 36 48 54 802 11b Up to 11Mbps 1 2 5 5 11 SE Lx WX 90 x 145 x 28mm Weight 320g Operating temperature O 40 degree C RI ENEE Storage temperature 20 65 degree C Relative humanity 10 90 non condensing Power Requirement DV DC 2A Electromagnetic Compatibility FCC CE 1 6 Wireless Performance The following information will help you utilizing the wireless performance and operating cov erage of WDAP 2000PE 1 Site selection To avoid interferences please locate WDAP 2000PE and wireless clients away from transformers microwave ovens heavy duty motors refrigerators fluorescent lights and other industrial equipments Keep the number of walls or ceilings between AP and clients as few as possible otherwise the signal strength may be seriously reduced Place WDAP 2000PE in open space or add additional WDAP 2000PE as needed to improve the cover age 2 Environmental factors The wireless network is easily affected by many environmental factors Every environment is unique with different obstacles construction materials weather etc It is hard to deter mine th
19. NAGEMENT Change Password SNMP SETTIMGS To change your administrative password enter your current password and then the new password twice MAC FILTERING SETTINGS WIRELESS SETTIMGS RER Current Password OPERATIONAL MODE New Password Habia SETTIMOA 0 O Re enter New Password f APPLY Y 3 5 2 System Management Clicking the System Management button to configure system related parameters 17 P System Management Local Management Disable management from wireless client System Administration HTTP Part Ma 80 timeout HO minutes UPnP Enable UPnP Bridge Enable STP syslog Enable Syslog Syslog server IP address fe 0 o 0 Email Log Enable Email Log ail Server Email Address L APPLY NOTE Syslog is a standard for logging system events ETF RFE 3164 System event messages generated by the wireless access paint will be sentto a Syslog daemon running an a server identified by this IP address This option allows you to enable disable management from WLAN Local Management connection The Access Point allows you to designate special port numbers System Administration other than the standard 80 for http for remote management It also allows you to specify the duration of idle time inactivity before a web browser session times out The default time out value is 10 minutes The Universal Plug and Play UPnP feature allows a Windows UPnP XP ME
20. Provided with two reversed polarity SMA male connector WDAP 2000PE is easy to connect external antenna and booster to extend the wireless distance 1 1 Package Contents Make sure that you have the following items B WDAP 2000PE Dipole Antenna x 2 Quick Installation Guide User s manual CD ROM Power Adapter Mote If any of the above items are missing or damaged contact your supplier for support Wireless LAN IEEE802 11a g and IEEE802 11b compliant Support PoE port IEEE802 3af compliant Strong network security with 802 1x authentication and 64 128 152 bit WEP encryption WPA and WPA2 with PSK TKIP AES support Super A G mode efficiently raises the data transfer rate up to 108Mbps Two operation modes selectable for both 5GHz and 2 4GHz radios AP WDS mode Adjustable transmit power and data rate Watchdog timer NTP client and basic UPnP support Provide Web and CLI Command Line Interface Configuration SNMP management support V1 V2 Traps MIB2 IF MIB Ether like MIB 802 11 MIB Support Multiple SSIDs 802 1Q VLAN 802 1p QoS DiffServ DoS Prevention MAC filtering WPA feature will be available in the end of 2005 Q3 1 3 Physical Details Top View 5G He Link Act PLANET WLAN LAN Pa rd 1 LNK ACT PR Status Description Steady Green Power on OFF Power off Steady Green Link is active Flashing Green Transmit or receive data OFF No connection Steady Green Link is active
21. ack Cancel 11 If you don t want a WINS server just click Next 12 Select Yes I want to activate this scope now Click Next then Finish 13 Right click on the server and select Authorize lt may take a few minutes to complete 4 5 4 Certificate Authority Setup 1 Select Start Programs Administrative Tools Certification Authority 2 Right click Policy Settings and select New Certificate to Issue fs Certification Authority AS ll XI Action View les mire Tree Gelers Recovery Agent File Recovery ie Certification Authority Local E fA WirelessCA Gel Basic EFS Encrypting File System Revoked Certificates E Domain Controller Client Authentication Server Authentic Issued Certificates web Server Server Authentication Pending Requests E Computer Client Authentication Server Authentic Failed Requests ixl user Encrypting File System Secure Email m EB AE ni Authority Certificate to Issue New Code Signing Microsoft Trust List Signi View gt Refresh Export List Help Creates a new object in this container 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctrl key Click OK i Select Certificate Template Select a certificate template to issue certificates cl User Signature Only Secure Email Cler Lid Smartcard User Secure Email Uer Authenticated Session Client Authenticatic
22. ailable Encryption Settings The Encryption settings must match the APs WDAP 2000PE on the Wireless net work you want to join e Windows XP will detect any available Wireless networks and allow you to config ure each network independently e Your network administrator can advise you of the correct settings for each net work 802 1x networks typically use EAP TLS This is a dynamic key system so there is no need to enter key values Enabling Encryption To enable encryption for a wireless network follow this procedure 1 Click on the Wireless Networks tab 45 A Wireless Network Connection Properties EJE3 General Wireless Networks Authentication Advanced Use Windows to configure my wireless network settings Available networks To connect ta an available network click Configure miszlair A rest SCH i Preferred networks Automatically connect to available networks in the order listed below amp umd Va miszlair Learn about setting up wireless network configuration 2 Select the wireless network from the Available Networks list and click Configure 3 Select and enter the correct values as advised by your Network Administrator For example to use EAP TLS you would enable Data encryption and click the checkbox for the setting The key is provided for me automatically as shown be low Wire
23. ble SNMP formance find and solve network problems When SNMP feature 19 Assign System Informa tion Assign the SNMP Com munity String Assign a specific name and IP address are enabled the device can send out TRAP messages automati cally to the TRAP manager if configured System Name A name that you assign to your WDAP 2000PE It is an alphanumeric string of up to 30 characters System Location Description of where your WDAP 2000PE is physically located It is an alphanumeric string of up to 60 charac ters System Contact Contact information for the system administra tor responsible for managing your WDAP 2000PE It is an alphanumeric string of up to 60 characters Community String For Read If you intend the access point to be managed from a remote SNMP management station you need to configure a read only community string for readonly operation The community string is an alphanumeric string of up to 15 characters Community String For Write For read write operation you need to configure a write community string A trap manager is a remote SNMP management station where special SNMP trap messages are generated by the Access Point and sent to in the network You can define trap managers in the WDAP 2000PE You can add a trap manager by entering a name an IP address followed by pressing the ADD button You can delete a trap manager by selecting the corresponding entry and press the DELETE
24. button on this page for your modification to take effect This also makes your new settings saved into the permanent memory on your system 7 he I e LI Ze Beviee Status Advanced Settings System Tools Logout w Save Config Time SETTIMGS Device IP SETTINGS You have completed the setup wizard configuration Click FINISH to save these settings WIRELESS SETTINGS j Halp 13 3 4 Device Status You can monitor the system general information from the Device Information field 6 DERVICE INFORMATION Firmware Version 1 01e01 Device IP 182 158 1 1 Device MAC 00 30 4F 67 25 40 Wireless MAC1 OO 30 4F 6 7 25 41 Wireless MAC 00 30 4F 57 25 40 Uptime dd hh mm 3 4 1 System Log The system log allows you to track events that have occurred in the system Such event mes sages can sometimes be helpful in determining the cause of a problem that you may have encountered Setup Wizard De Advanced Settings System Tools Logout O DEVICE STATUS system Log I WIRELESS DCLIERNT TABLE Lag Level 3 err BRIDGE TABLE Jan 1 08 00 10 WwDAP 2000PE csp Link Up on interface lan nm DERVICE INFORMATION Jan 1 08 03 27 WDAP 2000PE http Login inta the system ET Jan 1 08 03 32 W D4P 2000PE http Logout from the system Firmware Version Jan 1 08 13 07 WDAP 2000PE http Login into the system
25. ck the RESTORE FROM FILE button to restore the system configuration from the specified file 29 3 6 3 Factory Default You can reset the configuration of your WDAP 2000PE to the factory default settings Setup Wizard Device Status Advanced Setti ag yatam To E Factory Default iia AE LIPERADE O pl AT PD ER BLAME ug Regogg Dio vou realy wank to restore the configuration bo factory default Tittar OET MEHDUOT ETETE CAUTION Fe storing factory defaut sem as will erasa all your previous settings HOTE A er you sei factory default sysiero will automatically reboot Step 1 Select Factory Default from the System Tools menu Step 2 Click YES to go ahead and restore the configuration to the factory default 3 6 4 Reboot System You can reset your WDAP 2000PE from the Browser Reboot System Boe a Ts D hk aah oe c NM Cho s menl ar fo pobo the Vip inns Access Paint maip Step 1 Select Reboot System from the System Tools menu Step 2 Click YES to reboot the WDAP 2000PE 30 Chapter 4 PC and Server Configuration All Wireless Stations need to have settings which match the Wireless Access Point These settings depend on the mode in which the WDAP 2000PE is being used e lf using WEP or WPA PSK it is only necessary to ensure that each Wireless station s settings match those of the WDAP 2000PE as described below e For WPA and 802 1x modes configuration is
26. d and found to comply with the limits for a Class B digital de vice pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equip ment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio technician for help FCC Caution To assure continued compliance example use only shielded interface cables when connect ing to computer or peripheral devices Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equip ment This device complies with Part 15 of the FCC Rules Operation is subject to the Following two conditions 1 This device may not
27. dress and click ADD The table lists all configured MAC Filter entries To delete entries check the corresponding select boxes and then press DELETE SELECTED 3 5 5 SSID Settings The WDAP 2000PE allows you to configure multiple SSID s and correspondiing QoS settings if QoS is enabled 21 WssID Settings Enable WLAN far all SSlIDis Lol Enable QoS Enable DiffServ Marking Q default APPLY oro Mo Security NEW DELETESELECTED f sETASPRIMARY gt SSID Mame New VLAN ID D B02 1p priority OrDefault wl DSCP value 444407 Binary format eg zQ0 1001 select Security Policy None E APPLY Enable VLAN for all SSIDs Enable QoS Enable DiffServ Marking NEW DELETE SELECTED SET AS PRIMARY SSID name VLAN ID 802 1p priority DSCP value Once this function is enabled you can specify an individual VLAN ID and priority tag for each SSID In this way you can separate traffic from stations using different SSIDs and so protect the wired network from being accessed by unauthorized stations using certain SSIDs If this function is enabled packets from a SSID will be forwarded to the Ethernet with the corresponding configured VLAN tag Enable QoS function allows you to assign a priority for each SSID Then the traffic to from a WLAN station will have a priority set for the SSID the station is using If the VLAN function is enabled the priority is given by the 802 1p p
28. e CA s configuration data Installation will warn you that Internet Information Services are running and must be stopped before continuing Click Ok then Finish 4 5 3 DHCP server configuration Click on the Start Programs Administrative Tools DHCP 2 Right click on the server entry as shown and select New Scope 34 Action view E gt EI eis E HIE E Tree rowan 192 168 0 21 isplay Statistics Configure the DHCP Server Mew Scope fore a DHCP server can issue IP dresses you must create a scope and thorize the DHCP server Mew Multicast Scope Reconcile All Scopes Authorize cope is a range of IP addresses that is signed to computers requesting a namic IP address Authorization is a curity precaution that ensures that only thorized DHCP servers run on your twork Define User Classes Define Vendor Classes Set Predefined Options All Tasks k View F o add a new scope on the Action menu Delete k New Scope Refresh SE To authorize this DHCP server on the DEBE tion menu click Authorize Ed Help mem Create a Mew scope AAN 3 Click Nextwhen the New Scope Wizard Begins 4 Enter the name and description for the scope click Next 5 Define the IP address range Change the subnet mask if necessary Click Next New Scope Wizard IP Address Hange ou define the scope address range by identifying a set of c
29. e exact operating range of WDAP 2000PE in a specific location without testing 3 Antenna adjustment The bundled antenna of WDAP 2000PE is adjustable Firstly install the antenna pointing straight up then smoothly adjust it if the radio signal strength is poor But the signal recep tion is definitely weak in some certain areas such as location right down the antenna Moreover the original antenna of WDAP 2000PE can be replaced with other external an tennas to extend the coverage Please check the specification of the antenna you want to use and make sure it can be used on WDAP 2000PE 4 WLAN type If WDAP 2000PE is installed in an 802 11b and 802 11g mixed WLAN its performance will reduced significantly Because every 802 11g OFDM packet needs to be preceded by an RTS CTS or CTS packet exchange that can be recognized by legacy 802 11b devices This additional overhead lowers the speed Installation Chapter 2 Installation 2 1 General Installation Before you proceed with the installation it is necessary that you have enough information about the WDAP 2000PE 1 Locate an optimum location for the WDAP 2000PE The best place for your WDAP 2000PE is usually at the center of your wireless network with line of sight to all of your mobile stations 2 Assemble the antennas to WDAP 2000PE Try to place them to a position that can best cover your wireless network The antenna s position will enhance the receiving sensitivity
30. e lists current Mode channel client associated with them and transmit packet re ceived packet data error SYSTEM Los WIRELESS CET TABLE Error BRIDGE TABLE mdol a 165 pod Wo AB ATI mdi2 bg 7 0 10 33 E44 ee 8 Dervice INFORMATION i Help Firmware Version 1 01804 Device IP 182 158 1 1 3 4 5 Site Survey Table This page shows other APs currently in the environment that the system can detect 381 201 1228 STATUS SYSTEM Loe DHCP CutmT TABLE TU Web T a SSID MAC Address Channel Signal strength GUEST WIRELESS DO O02 9 b3 H g 13 Rapp TABLE o geen e MAP 00 00 02 0 23 04 g 13 SITE SURVEY TABLE d E i wr ROO 00 0b 6b 35 39 0d g 1 59 BRIDGE TABLE DERvICE INFORMATION Firmware Version Help Device IP 182 158 1 1 16 3 5 Advanced Settings The advanced settings tab contains more configurations for experienced users However changing your login password from the default factory setting is highly recommended for secu rity purposes 3 5 1 Password Settings The default administrative password is password To change the password type the current password followed by the new password twice The entered characters will appear as asterisks Click APPLY to save the new setting system Tools Logout Password Settings y SYSTEM MA
31. entify yourself to other people over the web sign your mail messages encrypt your e mail messages and more depending upon the type of certificate you request Selecta task O Retrieve the CA Certificate or certificate revocation list Request a certificate O Check on pending certificate 5 Select User certificate request and select User Certificate the click Next 6 T A Micheal Cerlificale Services Mir rmoft internet Lagun Pis L t waew faota Took Mele O mat Ges l hito 168 0 Ziret orelrepos Sp Miecrosam Lerifica Choose Request Type Please select the type of request you would like to make User certificate request O Advanced request File Edit View Favorites Tools Help Q ter EN a L P Search S Favorites m e Address El http 1192 168 0 2 certsrw certrqbi asprtype 0 Microsoft Certificate Services W User Certificate Identifying Information Al the necessary identifying information has already been collected You may now submit your request o Internet A message will be displayed then the certificate will be returned to you Click nstall this certificate 43 9 Certificate setup is now complete 3 Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help CB tack J EN E A po Search S f Favorites QU media 2 Address Microsoft Certificate Services WirelassCA Certificate Issued The certifica
32. hentication Server as the Radius Server since it is the most common Radius Server available that supports the EAP TLS authentication method The following services on the Windows 2000 Domain Controller PDC are also re quired e dhopd e dns 32 e rras e webserver IIS e Radius Server Internet Authentication Service e Certificate Authority 4 5 1 Windows 2000 Domain Controller Setup 1 Run dcpromo exe from the command prompt 2 Follow all of the default prompts ensure that DNS is installed and enabled during installation 4 5 2 Services Installation 1 Select the Control Panel Add Remove Programs 2 Click Add Remove Windows Components from the left side 3 Ensure that the following components are activated selected e Certificate Services After enabling this you will see a warning that the com puter cannot be renamed and joined after installing certificate services Select Yes to select certificate services and continue e World Wide Web Server Select World Wide Web Server on the Internet In formation Services IS component e From the Networking Services category select Dynamic Host Configuration Protocol DHCP and nternet Authentication Service DNS should already be selected and installed Windows Components Wizard Windows Components ou can add or remove components of windows 000 To add ar remove a component click the checkbox 4 shaded box means that only part of the component wll
33. his count the station identified by its MAC address will be put into a rejectee list So the station will not be even authenticated any more Once a station is put into the rejectee list you can remove it from the table at the bottom of this page When the broadcast traffic reaches the configured degree e g High Low any more broadcast packets will be dropped Higher degree allows less broadcast traffic pass through 26 Ping flooding filtering When the ping to the AP traffic reaches the configured degree e g High Low any more such ping packets will be dropped Higher degree allows less ping traffic to the AP 27 3 6 System Tools 3 6 1 Firmware Upgrade You can upgrade the firmware of your WDAP 2000PE Normally this is done when a new version of firmware is released Setup Wizard Device Status Advanced Settings DENT Firmware Upgrade FIR MWARE UPGRADE CONFIGURATION SAVE AND RESTORE Select the firmware file by clicking Browse then click UPGRADE FacToryr DEFAULT REBOOT SYSTEM as NOTE 1 Do nat power aff the AP while Upgrading the firmware 2 Some browsers would fail ta locate the firmware file when there is any localized character in the firmware file path Upgrade procedures Step 1 Select System Tools Firmware Upgrade from the menu Step 2 To update the WDAP 2000PE firmware first download the firmware from the distribu tor
34. ick the Add button Attribute types Mame Called 5tatian ld L alling Statien ld Llient Friendly M ame Client IP 4ddress Chent Yendar Day And Time Aestrictons Framed Protocal 8 5 dentifer NAS P Address MAS Port T ype Service Type Tunnel T ype Wiindows Groups Edit Dial in Profile Dial in Constraints Authentication Description Phone number dialed by user Phone number from which call onginated Friendly name forthe RADIUS chent 14 5 IP address of RADIUS client 145 only Manufacturer of RADIUS proxy or NAS Time periods and days of week during wh The protocol ta be used String identifying the HAS arginating the r IP address of the M amp S originating the rege Type of physical part used by the HAS ari Type of service user has requested Tunneling protocols to be used Windows groups that user belongs to Add Cancel Click Permitted then OK Select Next Select Grant remote access permission Click Next Click Edit Profile and select the Authentication tab Enable Extensible Authenti cation Protocol and select Smart Card or other Certificate Deselect other authentication methods listed Click OK IP Multilink Encryption Advanced Check the authentication methods which are allowed for this connection Jh Extensible Authentication Protocol Select the EAP type which i acceptable For this policy Smart Card or other Certificate Configure M
35. ictasoft Encrypted Authentication version 2 MS CHAP v2 Microsoft Encrypted Authentication MS CHAP Encrupted Authentication CHAP Unencripted Authentication PAP SPAF Unauthenticated Access Allow remote PPP clients to connect without negotiating any authentication method Cancel Apply 12 Select No if you don t want to view the help for EAP Click Finish 4 5 6 Grant Remote Access for Users 1 2 Double click on the user who you want to enable Ai xl Select Start Programs Administrative Tools Active Directory Users and Com 40 3 Select the Dial in tab and enable Allow access Click OK alex Properties N 21 xl Terminal Services Profile Exchange General E mail Addresses Exchange Features General Address Account Profile Telephones Organization Member Ol Dial in Environment Sessions Remote contral Remote Access Permission Dial in or PA Ce Allow access C Deny access C Control access through Remote Access Policy verify Caller Bel Callback Options Mo Callback 7 Set by Caller Routing and Remote Access Service only C Always Callback to Assign a Static IP Address Apply Static Routes Define routes ta enable for this Dial in connection Cancel Apply Help 4 6 802 1x Client Setup on Windows XP Windows XP ships with a complete 802 1x client implementation If using Windows 2000
36. less Network Properties Network name 55101 misslair Wireless network key WEP This network requires a key for the following Data encryption WEP enabled Network Authentication Shared mode The kep ts provided for me automatically This is a computer ta computer ad hoc network wireless access points are not used Setup for Windows XP and 802 1x client is now complete 46 4 7 Using 802 1x Mode The procedures are similar to using 802 1x The only difference is that on your client you must NOT enable the setting The key is provided for me automatically Instead you must enter the WEP key manually ensuring it matches the WEP key used on the Access Point Wireless Network Properties Network name SSID misslair Wireless network key WEP This network requires a key for the following Data encryption WEP enabled Network Authentication Shared mode _ The key is provided for me automatically This is a computer to computer ad hoc network wireless access points are not used Note On some systems the 64 bit WEP key is shown as 40 bit and the 128 bit WEP key is shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 47 Appendix A Troubleshooting Problem 1 Solution 1 Problem 2 Solution 2 Problem 3 Solution 3 Problem 4 Solution 4
37. me environment the wireless per formance will be dramatically dropped Try to change the operating channel of WDAP 2000PE to avoid interference e Keep the wireless devices away at least 3 6 feet from electrical devices that generate RF noise such as microwave ovens elec tric motors etc What if forget the login password of WDAP 2000PE If you forgot the password the only way to recover is to clear the device configuration and return the unit to its original state as shipped from the factory You can do this by pressing the hardware RESET button on the back of the device and hold for five seconds Please note that this will also clear your current configuration and restore the configuration from the factory default 48 Appendix B Command Line Interface If desired the Command Line Interface CLI can be used for configuration This creates the possibility of creating scripts to perform common configuration changes Using the CLI Telnet 1 Start your Telnet client and establish a connection to the WDAP 2000PE e g Telnet 192 168 1 1 2 You will be prompted for the password Enter the same login password as used for the HTTP Web interface The default values are password for the Password 3 Once connected you can use any of the commands listed in the following Command Reference 4 Atany time the users can type a preceded by a space to request context sensitive help on what the user can ente
38. much more complex The Radius Server must be configured correctly and setup of each Wireless station is also more complex 4 2 Using WEP For each of the following items each Wireless Station must have the same settings as the WDAP 2000PE Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the WDAP 2000PE The default value is default Note The SSID is case sensitive Wireless e Each Wireless station must be set to use WEP data encryp Security tion e The Key size 64 bit 128 bit 152 bit must be set to match the WDAP 2000PE e The keys values on the PC must match the key values on the WDAP 2000PE Note On some systems the key sizes may be shown as 40bit 104bit and 128bit instead of 64 bit 128 bit and 152bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 4 3 Using WPA PSK For each of the following items each Wireless Station must have the same settings as the WDAP 2000PE Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the WDAP 2000PE The default value is default Note The SSID is case sensitive Wireless On each client Wireless security must be set to WPA PSK Security e The Pre shared Key entered on the WDAP 2000PE must also be entered on each Wireless client e The Encryption method e g TKIP AES must be set to match
39. ntication Server amp uthenticatior Domain Controller Client Authentication Server 4uthenticatior Enrollment Agent Computer Certificate Request Agent IPSEC 136155822 Back Caricel 10 Ensure that your certificate authority is checked then click Next 11 Review the policy change information and click Finish 12 Click Start Run type cmd and press enter Enter secedit refreshpolicy machine policy This command may take a few minutes to take effect 4 5 5 Internet Authentication Service Radius Setup 1 Select Start Programs Administrative Tools Internet Authentication Service 2 Right click on Clients and select New Client Ge EA F Internet Authentication Service Action view gt Mela e E Friendly Name Internet Authentication Service Local x at nes View Export List Help Enter a name for the access point click Next Enter the IP address of the WDAP 2000PE and set the shared secret as entered on the Security Profile screen of the WDAP 2000PE Click Finish Right click on Remote Access Policies select New Remote Access Policy Assuming you are using EAP TLS name the policy eap tls and click Next Click Add If you don t want to set any restrictions and a condition is required select Day And Time Hestrictions and click Add 39 10 11 i Select Attribute a i Select the type af attribute to add and then cl
40. onsecutive IP addresses Enter the range of addresses that the scope distributes Stat IP address 132 168 0 100 Erd Ip address 192 168 0 200 4 subnet mask defines how many bits of an IP address to use for the network subnet Dz and how many bits to use for the host ID You can specify the subnet mask by length or az an IF address Length 24 Subnet mask 255 255 255 0 lt Back Cancel 6 Add exclusions in the address fields if required If no exclusions are required leave it blank Click Next 7 Change the Lease Duration time if preferred Click Next Select Yes I want to configure these options now and click Next 9 Enter the router address for the current subnet The router address may be left blank if there is no router Click Next 10 For the Parent domain enter the domain you specified for the domain controller setup and enter the server s address for the IP address Click Next SS New 5cope Wizard Domain Name and DNS Servers The Domain Mame System DIN S maps and translates domain names used by clients on your network ou can specify the parent domain you want the client computers on your network to use for DNS name resolution Parent domain wireless yourdomain Hd To configure scope clients to use ONS servers on your network enter the IP addresses for those amp ervers Server name IP address xs Add Resolye 192 168 0 250 Remove Loue Down lt B
41. r next 5 Ifa keyword is expected when the user types all valid keywords will be displayed The command typed in so far will then be displayed again along with the cursor sitting at the end waiting for the user to continue 6 Ifthe user types in part of the keyword but does not type in the entire word the user can then enter a tab or space for the system to automatically complete the keyword if the char acters typed in so far can uniquely identify the keyword If the characters typed in so far do not uniquely identify a keyword a list of possible keywords will be displayed Command Reference The following commands are available 1 System Commands Clear config Description Reset the system configuration to the factory default Disable upnp Description Disable the UPnP function Disable wlan management Description Disable the management function from a WLAN connected user enable upnp Description Enable the UPnP function enable wlan management Description Enable the management function from a WLAN connected user help Description Show help descriptions on CLI logout Description Logout the current CLI management session ping IP address gt Description Show help descriptions on CLI reset system Description Reboot the system Any configuration not saved e g by save config will be lost save config Description Save the current configuration onto the flash so the configuration will be kep
42. range 10 255 default 25 AckTimeOut de 11g trange 10 255 default 40 AckTimeOut Turbo 22 range 10 255 default 22 Beacon interval RTS threshold The WDAP 2000PE broadcasts beacon frames regularly to announce its existence Default is 100 i e ten beacons per second Decreasing the beacon interval makes passive scanning more reliable and faster Increasing the beacon interval may improve throughput by decreasing contention for the medium RTS CTS frames are used to gain control of the medium for transmission If there are heavy traffic from many stations decrease RTS threshold will reduce collision The RTS threshold should have a value between 256 2347 bytes with a default of 2347 It is recommended that this value does not deviate from the default too much 23 When the size of a unicast frame exceeds the fragmentation Fragmentation threshold it will be fragmented before the transmission It should have a value of 256 2346 bytes with a default of 2346 If you experience a high packet error rate you should slightly decrease the Fragmentation Threshold The WDAP 2000PE buffers packets for stations that operate in DTIM interval the power saving mode The Delivery Traffic Indication Message DTIM informs such power conserving stations that there are packets waiting to be received by them The DTIM interval speci fies how often the beacon frame should contain DTIMs It should have a value between 1 to
43. riority configured Otherwise the priority is set by choosing one of the four service levels When this function is enabled you can configure a DSCP value for each SSID Then a packet from a station using this SSID to get associated will be forwarded with the DSCP value labeled These buttons allow you to CLEAR the content of the SSID configuration items currently displayed DELETE the selected SSID entry and SET the selected SSID to be the primary SSID The string of SSID The VLAN ID for this SSID This item is available only when the VLAN function is enabled The 802 1p priority for this SSID This item is available only when the VLAN function is enabled The DSCP value a 6 bit pattern for this SSID when the DiffServ Marking function is enabled 22 Configure the security policy for the SSID Select security policy 3 5 6 Wireless Settings E Wireless Settings Beacon Interval IO RTS Threshold 2347 Fragmentation 2346 DTIM Interval User Limitation 100 msec range 20 1000 default 1060 range 1 2347 default 2347 range 256 2346 default 2346 range 1 255 default 1 range 1 100 default 100 Enable privacy separator Enable Radio 1 Radio 1 Transmit Power 100 Power v Enable Radio 2 Radio 2 Transmit Power 100 Power k Rate Control Maximum m Rate at 54 v Min e Age Out Timer XX sec range 10 65535 default 30D AckTimeOut ar 11a 25
44. rver is specified this command displays the configurations of all RADIUS servers 51
45. s web site to your local disk and then from the above screen enter the path and filename of the firmware file or click Browse to locate the firmware file Next Click the Upgrade button to start The new firmware will begin being loaded to your WDAP 2000PE After a message appears telling you that the operation is completed you need to reset the system to have the new firm ware take effect 28 3 6 2 Configuration Save and Restore You can save system configuration settings to a file and later download it back to the WDAP 2000PE by following the steps below M LEE M m Setup Wizard Device Status Advanced Settings yp Al E Configuration Save and Restore CONFIGURATION Click SAVE TO FILE to save your configuration ta a management hast Save ANO RESTORE f SAVETOFILE REBOOT SYSTEM O Select the text configure file by clicking Browse then click RESTORE FROM FILE f RESTORE FROM FILE NOTE Some browsers would fail to locate the configuration file when there is any localized character in the configuration file path FacTroOmw Draut Help Step 1 Select Configuration Save and Restore from the System Tools menu Step 2 Enter the path of the configuration file to save to restore from or click the Browse button to locate the configuration file Then click the SAVE TO FILE button to save the current configuration into the specified file or cli
46. snmp statistics Description Display the current SNMP statistics show trap manager lt string up to 30 characters gt Description Display the settings of the specified SNMP trap manager If no trap manager is specified this command displays the settings of all trap managers 4 Diagnostics Commands disable log lt facility gt Description Disable the log function on the specified facility disable syslogd Description Disable the remote log function disable trace lt facility gt Description Disable the trace function on the specified facility enable log lt facility gt lt log level 1 7 gt Description Enable the log function with the specified log level on the specified facility If no log level is specified the previously configured log level is used enable syslogd Description Enable the remote log function enable trace facility log level 1 72 Description Enable the trace function with the specified log level on the specified facility If no log level is specified the previously configured log level is used set log level log level 1 7 Description Set the log level set syslogd IP address Description Configure the IP address of the remote syslog daemon This is used for the remote syslog function show log level Description Display the current log level show log table lt facility gt Description Display the current logged events of the specified facility If no facility is
47. specified this command displays all logged events show syslogd Description Display the current configuration of the remote log function 5 Security Commands add radius server primary secondary Description Configure the primary secondary RADIUS server settings This is a multi line command and you have to enter the IP address and port number of the server shared secret and enable disable change password Description Change the password for management including HTTP and TELNET disable radius mac authentication Description Disable the use of external RADIUS servers for MAC address access control disable radius server primary secondary Description Disable the use of the primary secondary RADIUS server enable radius mac authentication Description Enable the use of external RADIUS servers for MAC address access control enable radius server primary secondary Description Enable the use of the primary secondary RADIUS server set radius server reattempt reattempt interval in minutes 5 60 Description Configure the reattempt time for the system to contact the primary RADIUS server after the primary RADIUS server was down set radius server retry retry interval in times 1 5 gt Description Configure the number of retries after which the system may think the RADIUS server is down show radius server primary secondary Description Display the configuration of the specified RADIUS server If no se
48. t Card used for Hexadecimal digits only Please note that when configuring WEP encryption keys a WEP128 ASCII key looks like An ASCII key 13 characters while a WEP64 hex key looks like 441224A8B2 5 characters 802 1x Use 802 1x to do authentication and provide encryption if rekeying is enabled An external RADIUS server should be setup and you also need to complete the configurations on RADIUS Settings page under Advanced Settings tab WPA PSK Use WPA PSK to provide security you need to enter an ASCII key for this mode Different encryption types can be used TKIP CCMP or both A group key is used for multi cast broadcast data and the rekey interval is time period that the system will change the group key periodically The shorter the interval is the better the security is WPA This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802 1x stan dard You would also need to complete the configurations on RADIUS Settings page under Advanced Settings tab Data transmissions are encrypted using the WPA standard Different encryption types can be used TKIP CCMP or both A group key is used for multicast broadcast data and the rekey interval is time period that the system will change the group key periodically The shorter the interval is the better the security is 3 3 4 Save Config After stepping through the Wizard s pages you can press the FINISH
49. t after the system is rebooted set http port port number 1 65535 gt 49 Description Set the HTTP server port for device management to the one specified set http timeout lt timeout value in minutes 1 60 gt Description Set the timeout value for the HTTP management session set prompt lt string up to 15 characters gt Description Set the command line prompt set system contact lt string up to 60 characters gt Description Configure a string describing the system contact information This is the value of the SNMP system contact MIB set system ip Description Set the IP address for the device LAN interface set system location lt string up to 60 characters gt Description Configure a string describing the system location information This is the value of the SNMP system location MIB set system name lt string up to 30 characters gt Description Configuring a string for the system name This is also the value of the SNMP system name MIB set telnet port port number 1 65535 gt Description Set the TELNET server port for device management to the one specified set telnet timeout timeout value in minutes 1 60 Description Set the timeout value for a TELNET management session show arp table Description Display the ARP table of the system show http Description Display the current configurations of the HTTP management function show system Description Display the current basic system configurations
50. te you requested was issued to you Install this certificate E Intermet You will receive a confirmation message Click Yes Root Certificate Store 1 Do you want to ADD the Following certificate to the Root Store Subject WirelessCA Systems Wireless Widgets College Park MD US catryourdomain tld Issuer Self Issued Time Validity Thursday October 11 2001 through Saturday October 11 2003 Serial Number 76E7AGD U B6375643 4F77E081 55133707 Thumbprint shal ESEC3FSD BA9B675E 79C05548 51017043 BE7ADCES Thumbprint md5 6F171E64 04306251 44242464 CDB8EB189 4 6 2 802 1x Authentication Setup 1 2 Open the properties for the wireless connection by selecting Start Control Panel Network Connections Right Click on the Wireless Network Connection and select Properties Select the Authentication Tab and ensure that Enable network access control using IEEE 802 1X is selected and Smart Card or other Certificate is selected from the EAP type 44 Wireless Network Connection Properties EJE General Wireless Networks Authentication Advanced Select this option to provide authenticated network access for wired and wireless Ethernet networks Enable network access control using IEEE 602 1 EAP type Smart Card or other Certificate Authenticate as computer when computer information iz available Authenticate as guest when user or computer information is unav
51. terface Please refer to appendix B for the commands of CLI 3 2 Setup using a Web Browser Web configuration provides a user friendly graphical interface to manage your WDAP 2000PE An AP with an assigned IP address default http 192 168 1 1 will allow you to monitor and configure via web browser e g MS Internet Explorer or Netscape Before proceeding please install the WDAP 2000PE in your LAN as described in chapter 2 1 Use a PC which is already connected to your LAN and start the Web browser In the Address box enter the IP address of the WDAP 2000PE you want to configure Please also make sure your PC s IP address is in the same IP subnet with WDAP 2000PE 3 You should see a main configuration screen in the web page as the picture below m WDAP 2000I SETUP WIZARD Configure the basic settings of the wireless access point DEVICE STATUS Stew the device Information syslog table eas clic p E Wireless client table and more ADVANCED SETTINGS Change the password configure SNMP end RARIUS server settings setup operational mode and more SYSTEM TOOLS Upgrade the firmware reboot Ehe only asked questions about the wireless 4 If you attempt to access any configuration item a dialog box will pop up and ask for login password The default value is password The password can and should be changed to avoid unauthorized access Always enter the current password as set on the Advanced Set
52. the system will set its own date time to the value returned fromthe NTP Server Please choose the time zone according to your location and set the data and time Local time zone date and time 3 3 2 Device IP Settings You can manually configure the IP settings to WDAP 2000PE or use DHCP client protocol to obtain IP address automatically Click NEXT to proceed 10 Device Status Advanced Settings i System 1 Tools agent serur wizaro Device IP Settings Tine SETTINGS Device iP SETTINGS You can select one of the following two approaches to assign an IP address to this WIRELESS SETTINGS device Save CONFIG o 2 Assign static IP to this device IP Address 192 168 D l H IP Subnet Mask ass ss 255 lo Gateway IP Address 1o2 168 168 E 254 oes E18 1818 CQ Use the DHCP client protocol to automatically get the IP address for this device f BACK f NEXT gt NOTE Changes to this page will nat take effect until you click FINISH on the save config page Assign static IP If selected the following data must be entered e IP Address The IP Address of this device Enter an unused IP address from the address range on your LAN e Subnet Mask The Network Mask associated with the IP Address above Enter the value used by other devices on your LAN e Gateway The IP Address
53. the WDAP 2000PE 4 4 Using WPA This is the most secure and most complex system WPA mode provides greater security and centralized management but it is more complex to configure Wireless Station Configuration For each of the following items each Wireless Station must have the same settings as the WDAP 2000PE Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the WDAP 2000PE The default value is default Note The SSID is case sensitive 802 1x Au Each client must obtain a Certificate which is used for authentica thentication tion for the Radius Server 802 1x En Typically EAP TLS is used This is a dynamic key system so cryption keys do NOT have to be entered on each Wireless station However you can also use a static WEP key EAP MD5 the WDAP 2000PE supports both methods simultaneously Radius Server Configuration If using WPA mode the Radius Server on your network must be configured as follow e t must provide and accept Certificates for user authentication e There must be a Client Login for the WDAP 2000PE itself e The WDAP 2000PE will use its Default Name as its Client Login name e The Shared Key set on the Security Screen of the WDAP 2000PE must match the Shared Secret value on the Radius Server e Encryption settings must be correct 4 5 WPA 802 1x Server Setup Windows 2000 Server This section describes using Microsoft Internet Aut
54. ther by multiple WDAP 2000PE The single system can support up to 8 WDAP 2000PE in WDS mode System Bridge mode u If the device is working on Wireless Distribution System Bridge Additional configurations Mode you must add the MAC addresses of the grouped WDAP 2000PE to the table for WDS mode Peer name Alias to help you recognize another WDS station MAC address The MAC address of other WDS AP you want to add into this group 3 5 8 RADIUS Settings The Radius server can be used for 802 1x EAP authentication IEEE 802 1x is an IEEE stan dard that is based on a framework that involves stations to be authenticated called Supplicant an authentication server a Radius Server that provides authentication services and an authen ticator that provides necessary translation and mediating functions between the authentication server and the stations to be authenticated The WDAP 2000PE acts as an authenticator and it relays authentication messages between the RADIUS server and client devices being authenti cated IEEE 802 1x EAP authentication is enabled by selecting the Security Policy as 802 1x or WPA and this selection is in the Wireless Settings under Setup Wizard Radius settings Primary Server Enable Primary Server Server IP E Port Number 1812 Radius Type RADILIS Shared Secret Secondary Server Enable Secondary Server Server IP 0 0 0 Port Number 1812 Radius Type RADILIS
55. tings screen Please anter your password Ces Forgot your pa weed sor the Uer Guide fox Fopucgcez If you can t connect It is likely that your PC s IP address is incompatible with the WDAP 2000PE s IP address The default IP address of the Wireless Access Point is 192 168 1 1 with a Network Mask of 255 255 255 0 If your PC s IP address is not compatible with this you must change your PC s IP address to an unused value in the range 192 168 1 2 192 168 1 254 with a Network Mask of 255 255 255 0 3 3 Setup Wizard The setup wizard helps you to configure the basic settings of WDAP 2000PE in four steps 3 3 1 Time Settings The time of WDAP 2000PE is automatically synchronized to the local time of the management PC at the first time a connection is made To modify the device s time select desired setting for each field Click NEXT to proceed E evice Status Advanced Settings System Tools Logout Time Settings Device IP SETTINGS C Enable NTP WIRELESS SETTINGS local time zone Save CONFIG GMT408 00 Being Hong Kong Singapore Taipei v local date and time Jal 106 2005 musel 47 09 AM v AAA C NEXT NOTE Changes to this page will not take effect until you click FINISH on the save config page Help Enable NTP You can enable the NTP function and configure the server name IP address of the NTP server you want to use Once NTP is enabled
56. uis cis uus 6 CHAPTER 2 INSTALLATION nnn 7 Renn E UE e BE 7 2 2 Using PoE Power over Ethernet oooooocccccconnncconnnnnnnnnnnananccnccnnnnnnnnnnnnnnnnnnnas 7 CHAPTER 3 SETUP amp MANAGEMENT 9 SEO Wii H 3 2 Setup using a Web Re ET EE 9 3 3 SETUD RAA d nt 10 331 Time SO TING dados ice 10 3 3 2 Red e e ds 10 3 3 9 Wireless Le Sarasin aa r e a s fudust Cs oge ected 11 9 9 4 AVS ODIO EE 13 EE Eeer 14 A Ne LL 14 3 4 2 Wireless Client Table nnn 14 A A 15 344A Rado Table EE 16 A A blu ce isset aeui te 16 3 5 Advanced SENINGS E 17 9 91 PaSSWOrd Se ne EE 17 3 5 2 System Management c ccccoooccnnccccnncconnnconnnnnnnnnonancnnnnnnnnnnnnnnnnnncnnnnnnnanennnnss 17 9 9 9 ONMEP SOUS EE 19 3 5 4 MAG Filtering Settings uc i e o eet eo iba Geor ic ve eiae 20 32050 DOLD SEINS sates Sead i satoact T toa a E eae 21 2 9 06 Wireless e EE 23 320 0 Operational Mode EE 24 3 0 0 RADIUS EE tt ica dt teat 25 9 9 9 DOS SENI Seea dad oa 26 3 6 O SIEM TOO Srl 28 3 0 Firmware Utada a a bn 28 3 6 2 Configuration Save and Restore cooccccccccccocoooccconnccconononnncnnnncnononancnnnnnnns 29 3 63 Factory Detail at 30 30 4 REDOOl No 30 CHAPTER 4 Pc AND SERVER CONFIGURATION nnns 31 EENEG 31 4 2 USMO KE 31 4 3 UsSing KT E EE 31 AC HEEN EE 32 4 5 WPA 802 1x Server Setup Windows 2000 Server 32 4 5 1 Windows 2000 Domain Controller Setup ccccceccceeeeeeeeeeeeeeeeeeeeaes 33 4 5
57. you can install SP4 Service Pack 4 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to the documentation of your wireless adapter for setup instructions The following instructions assume that e You are using Windows XP e You are connecting to a Windows 2000 server for authentication e You already have a login User name and password on the Windows 2000 server 4 6 1 Client Certificate Setup 1 Connect to a network which doesn t require port authentication 2 Start your Web Browser In the Address box enter the IP address of the Windows 2000 Server followed by certsrv For example http 192 168 1 2 certsrv 3 You will be prompted for a user name and password Enter the User name and Password assigned to you by your network administrator and click OK 4 Connect to 197 168 0 7 Ey Gef User name Password ClRemember my password Las 4 On the first screen below select Request a certificate click Next d Mscrosolt Certilicale Services Microsoft Inlernel Explorer File Edt View Favorites Took Help Qs EN ix E Le gt seh SI Favirkes W I eda kenn A ntm 192 168 0 2 fcrtur nli rosso Home Welcome You use this web site to request a certificate for your web browser e mail chent or other secure program Once you acquire a certificate you will be able to securely id
Download Pdf Manuals
Related Search