Planet Technology WAP-4060PE User's Manual
Contents
1. Authorize cope is a range of IP addresses that is Define User Classes signed to computers requesting a Define Vendor Classes namic IP address Authorization is a Set Predefined Options fcurity precaution that ensures that only or ed DHCP servers run on your BI Yaak Jack View gt 0 add a new scope on the Action menu Delete k New Scope Refresh SE o authorize this DHCP server on the tion menu click Authorize Help Create a new scope l 3 Click Next when the New Scope Wizard Begins 4 Enter the name and description for the scope click Next 5 Define the IP address range Change the subnet mask if necessary Click Next New Scope Wizard IP Address Range You define the scope address range by identifying a set of consecutive IP addresses Enter the range of addresses that the scope distributes Start IP address 192 168 0 100 End IP address 192 168 0 200 A subnet mask defines how many bits of an IP address to use for the network subnet IDs and how many bits to use for the host ID You can specify the subnet mask by length or as an IP address Length 24 Si Subnet mask 255 25 255 lt Back Cancel 6 Add exclusions in the address fields if required If no exclusions are required leave it blank Click Next 7 Change the Lease Duration time if preferred Click Next Select Yes I want to configure these options now and click Next 9 Enter the ro2. LH Enable HTTP Admin connections HTTP Port Number Jan m Enable HTTPS secure HTTP Admin connections HTTPS Port Number 443 F Enable Management via Telnet Data Admin Login Screen Login User Name Enter the login name for the Administrator 59 Change Admin Pass word If you wish to change the Admin password check this field and enter the new login password in the fields below New Password Enter the desired login password Repeat New Password Admin Connections Allow Admin connec tions via wired Ethernet only Re enter the desired login password If checked then Admin connections via the Wireless interface will not be accepted Enable HTTP Enable this to allow admin connections via HTTP If enabled you must provide a port number in the field below Either HTTP or HTTPS must be enabled HTTP Port Number Enter the port number to be used for HTTP connections to this device The default value is 80 Enable HTTPS Enable this to allow admin connections via HTTPS secure HTTP If enabled you must provide a port number in the field below Either HTTP or HTTPS must be enabled HTTPS Port Number Enter the port number to be used for HTTPS connec tions to this device The default value is 443 Enable Telnet If desired you can enable this option If enabled you will able to connect to this AP using a Telnet client You will have to provide the same logi
3. Enterprise root CA Enterprise subordinate CA Stand alone root CA C Stand alone subordinate CA J Advanced options Description The most trusted CA in an enterprise Should be installed before any other CA Requires Active Directory 8 lt Back Cancel 6 Enter the information for the Certificate Authority and click Next Windows Components Wizard CA Identifying Information Enter information to identify this CA CA name Organization Organizational unit City State or province E mail CA description Valid for WielessCA Organization Systems Oakland A Country region us Jed youdomaintid Wireless Ca 2 Years sl Expires 271772005 6 39 PM et 7 Click Next if you don t want to change the CA s configuration data 8 Installation will warn you that Internet Information Services are running and must be stopped before continuing Click Ok then Finish 4 5 3 DHCP server configuration 1 Click on the Start Programs Administrative Tools DHCP 2 Right click on the server entry as shown and select New Scope 39 DS JOS Action view e m x eanne Tree e DT peint isplay Statistics Configure the DHCP Server fore a DHCP server can issue IP dresses you must create a scope and orize the DHCP server New Multicast Scope Reconcile All Scopes
4. WPA Encryption Select the desired option Other Wireless Stations must use the same method 23 e TKIP Unicast point to point transmissions are en crypted using TKIP and multicast broadcast transmissions are not encrypted e TKIP 64 bit WEP Unicast point to point transmis sions are encrypted using TKIP and multicast broadcast transmissions are encrypted using 64 bit WEP e TKIP 128 bit WEP Unicast point to point trans missions are encrypted using TKIP and multicast broadcast transmissions are encrypted using 128 bit WEP e AES CCMP CCMP is the most common sub type of AES Advanced Encryption System Most systems will simply say AES If selected both Unicast point to point and multicast broadcast transmissions are en crypted using AES e AES CCMP TKIP If selected Unicast point to point uses AES CCMP and multicast broadcast transmissions are encrypted using TKIP This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly Group Key Update This field determines how often the Group key is dynami cally updated Enter the desired value Key Lifetime Update Group key If enabled the Group key will be updated whenever any when any member member leaves the group or disassociates from the WAP ship terminates 4060PE Radius MAC The current status is displayed This will always be Dis Authenticati
5. The current Bridge mode is displayed Name This displays the current name of each security profile SSID This displays the SSID associated with the profile Status This indicates whether or not the profile is enabled Buttons Statistics Click this to open a sub window where you can view Statis tics on data transmitted or received by the WAP 4060PE Profile Status Click this to open a sub window which displays further details about each security profile Log Click this to open a sub window where you can view the activity log Stations Click this to open a sub window where you can view the list of all current Wireless Stations using the WAP 4060PE 54 5 3 1 Statistics Screen This screen is displayed when the 2 4GHz Statistics button on the Status screen is clicked It shows details of the traffic flowing through the WAP 4060PE Up Time 00 07 39 2 4GHz Wireless Authe ntication Deauthentication Association Disassociation Reassociation fo Received Transmitted Me o0 o O B Data 0 13050 Multicast 0 13061 Management 46154 1485 Control 0 10 Refresh Data Statistics Screen System Up Time System Up Time This indicates the time period which the system has been running since the last restart or reboot 2 4GHz Wireless Authentication The number of Authentication packets received Authentica tion is the process o
6. If this option is selected e This WAP 4060PE must have a client login on the Radius Server e Each user must have a user login on the Radius Server Normally a Certifi cate is used to authenticate each user e Each wireless client must support 802 1x e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated Profile Name wireless SSID wi reless Wireless Band 2 4 GHz D Wireless Security System 802 1 D D 802 1x Radius Server Address Radius Port 18 12 Client Login Name PLEOO46A Shared Key WEP Key Size 64 bit D I Dynamic WEP key EAP TLS PEAP etc E Key Exchange with lifetime ar 0 minutes I Static WEP Key EAP MD5 WEP Key hex WEP Key Index 1 7 Data 802 1x Screen 802 1x Radius Server Ad dress Radius Port Enter the name or IP address of the Radius Server on your network Enter the port number used for connections to the Radius Server This read only field displays the current login name which is the same as the name of the WAP 4060PE The Radius Server must be configured to accept this login Client Login Name Shared Key This is used for the Client Login on the Radius Server Enter the key value to match the Radius Server 27 WEP Key Size Dynamic WEP Key Key Exchange Static WEP Key EAP MD5 WEP Key WEP Key Index Radius Accounting Select the
7. RS232 port on the WAP 4060PE C 1 Using the CLI Telnet 1 Start your Telnet client and establish a connection to the WAP 4060PE e g Telnet 192 168 0 228 2 You will be prompted for the user name and password Enter the same login name and password as used for the HTTP Web interface The default values are admin for the User Name and password for the Password 3 Once connected you can use any of the commands listed in the following Com mand Reference C 2 Using the CLI Serial Port 1 Use a standard serial port cable to connect your PC to the serial RS232 port on the WAP 4060PE 2 Start your communications program For example in Windows use Hyper Terminal This program may not be installed If so you can install it using Start Settings Control Panel Add or Remove Programs Then select Windows Setup or Add Remove Windows Components depending on your version of Windows 3 Configure the connection properties e Name use a suitable name such as AP e Port or Connect Using Select the Serial Port that the cable is con nected to Do not select your modem e Port Settings Use 9600 N 8 1 with hardware flow control as shown below COM2 Properties gt Use the Connect command to start the connection You will be prompted for a user name and password Enter the current user name and password for the AP you are connecting to The defau
8. This will make it easier to read new messages 57 5 3 4 Station List This screen is displayed when the Stations button on the Status screen is clicked Name MAC Address Mode SSID Status Refresh Data Station List Screen Station List Name The name of each Wireless Station is displayed If the name is not known unknown is displayed for the name MAC Address The MAC physical address of each Wireless Station is displayed Mode The mode of each Wireless Station SSID This displays the SSID used the Wireless station Because the WAP 4060PE supports multiple SSIDs different PCs could connect using different SSIDs Status This indicates the current status of each Wireless Station Refresh Button Update the data on screen 58 Chapter 6 Management 6 1 Overview This Chapter covers the following features available on the WAP 4060PE s Manage ment menu e Admin Login e Auto Config Update e Config File Log Settings Rogue APs SNMP Upgrade Firmware 6 2 Admin Login Screen The Admin Login screen allows you to assign a password to the WAP 4060PE This password limits access to the configuration interface The default password is pass word It is recommended to change it for security consideration EO User Name admin T Change Admin Password New Password Repeat New Password Se WW Di T Allow Admin connections via wired Ethernet only
9. 3 You should then see a login prompt which will ask for a User Name and Password Enter admin for the User Name and password for the Password 4 These are the default values The password can and should be changed Always enter the current user name and password as set on the Admin Login screen You will then see the Status screen which displays the current settings and status No data input is possible on this screen Access Point Name PLEOO46A MAC Address Domain Firmware Version 00 30 4F E0 04 64 Unspecified Version 2 0 Release 34 IP Address 192 168 99 26 Basic Subnet Mask 255 255 255 0 Advanced Gateway 192 168 99 253 DHCP Client Disabled Admin Login Channel Frequency 1 Automatic Auto Config Update Wireless Mode 802 11b and 802 119 Config File AP Mode Access Point Log Settings Bridge Mode None disable es SS 24 GHz Statistics Upgrade Firmware NAME SSID Status wireless wireless Enabled Profile02 wireless Disabled From the menu check the following screens and configure as necessary for your environment Details of these screens and settings are described in the following subsections of this chapter Access Control MAC level access control Security Profiles Wireless security System Identification location and Network settings Wireless Basic amp Advanced You may also need to set the admin password and administration connection options These are on the Admin Login
10. 8 times This has a detrimental effect on performance so should only be used if necessary 15 Specified If selected you can enter the desired VLAN ID Normally this ID VLAN ID should be one of the client VLAN IDs defined above 3 6 Configure Security Profile This screen is displayed when you select a Profile on the Security Profiles screen and click the Configure button Profile Name wireless SSID wireless Wireless Band 2 4 GHz Wireless Security System None D Current Status Disabled Configure Current Status Disabled Configure Back Cancel Help 3 6 1 Profile Data Enter the desired settings for each of the following Profile Name Enter a suitable name for this profile SSID Enter the desired SSID Each profile must have an unique SSID Wireless Band Displays the wireless band for this profile 3 6 2 Security Settings Select the desired option and then enter the settings for the selected method The available options are e None No security is used Anyone using the correct SSID can connect to your network e WEP The 802 11b standard Data is encrypted before transmission but the encryption system is not very strong e WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and
11. AES CCMP and multicast broadcast transmissions are encrypted using TKIP This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly This field determines how often the Group key is dynamically updated Enter the desired value If enabled the Group key will be updated whenever any member leaves the group or disassociates from the WAP 4060PE Enable this if you want this WAP 4060PE to send accounting data to the Radius Server If enabled the port used by your Radius Server must be entered in the Radius Accounting Port field Update Report every If Radius accounting is enabled you can enable this and enter the desired update interval This WAP 4060PE will then send updates according to the specified time period Radius MAC Authentication The current status is displayed This will always be Dis abled because Radius MAC Authentication is not available with WPA 802 1x The Configure button for this feature will also be disabled UAM The current status is displayed This will always be Dis abled because UAM is not available with WPA 802 1x The Configure button for this feature will also be disabled 26 3 6 9 Security Settings 802 1x This uses the 802 1x standard for client authentication and WEP for data encryption If possible you should use WPA 802 1x instead because WPA encryption is much stronger than WEP encryption
12. Addresses Exchange Features General Address Account Profile Telephones Organization Member Of Diakin Environment Sessions Remote control Remote Access Permission Dial in or YPN Allow access Deny access Control access through Remote Access Policy TE Verify Calleri D r Callback Options e No Callback C Set by Caller Routing and Remote Access Service only Always Callback to J Assign a Static IP Address Apply Static Routes Define routes to enable for this Dial in connection Cancel Apply Help 4 6 802 1x Client Setup on Windows XP Windows XP ships with a complete 802 1x client implementation If using Windows 2000 you can install SP3 Service Pack 3 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to the documentation of your wireless adapter for setup instructions The following instructions assume that e You are using Windows XP e You are connecting to a Windows 2000 server for authentication e You already have a login User name and password on the Windows 2000 server 4 6 1 Client Certificate Setup 1 Connect to a network which doesn t require port authentication 2 Start your Web Browser In the Address box enter the IP address of the Windows 2000 Server followed by certsrv For example http 192 168 0 2 certsr
13. Bridge mode using this AP s MAC address They then send all traf fic to this Master If required you can specify the MAC addresses of the APs which are allowed to connect to this AP in PTMP mode To specify the allowed APs 1 Enable the checkbox In PTMP mode only allow specified APs 2 Click the button Set PTMP APs 3 On the resulting sub screen enter the MAC addresses of the allowed APs PTP Bridge AP MAC Address This is not required unless the Bridge Mode is Point to Point Bridge PTP In this case you must enter the MAC address of the other AP in this field 32 In PTMP mode only allow specified APs This is only functional if using Point to Multi Point Bridge PTMP mode If enabled you can specify the MAC addresses of the APs which are allowed to connect to this AP To specify the allowed APs 1 Enable this checkbox 2 Click the button Set PTMP APs 3 On the resulting sub screen enter the MAC addresses of the allowed APs Set PTMP APs Parameters Channel No Use this to open a sub window where you can specify the MAC addresses of the APs which are allowed to connect to this AP This is only functional if using Point to Multi Point Bridge PTMP mode and you has enabled the checkbox In PTMP mode only allow specified APs e f Automatic is selected the WAP 4060PE will select the best available Channel e f you experience interference shown by lost connections and
14. EE 56 DOS ACHVILY LOGS EE 57 DO E e D E EE 58 CHAPTER 6 MANAGEMENT nie 59 6 1 OVervieW 55 sr rim20uafennetuseculane te ouangnecu i unacan ade tesivacecus tenant e E 59 6 2 Admin Login Screen ss ssssnsnnnennennnnennnse 59 6 3 Auto Config Update ss ssssssssneesnnenennennes 60 6 4 e BI 62 6 5 Log Settings Syslog ss 64 G UE 64 ed 65 6 8 Upgrade Firmware 67 APPENDIX A SPECIFICATIONS enninnse 68 APPENDIX B TROUBLESHOOTING nn 70 APPENDIX C COMMAND LINE INTERFACE se 71 C 1 Using the CLI Telnet EE 71 C 2 Using the CLI Serial Port sise 71 C 3 Command Reference iicisiicicccsvsccccisscecasdecie ces saceussivedasacnds EEN ria anaana naan SENEE 72 Chapter 1 Introduction WAP 4060PE is an IEEE 802 11g Wireless Access Point with PoE Catering to the enterprise demands WAP 4060PE enhances security and management features including multiple SSIDs VLAN support WPA support RADIUS MAC authentication rogue AP detection and so on The LAN port of WAP 4060PE is 802 3af compliant Therefore it can be installed anywhere without the constraint on power socket Provided with one reversed polarity SMA male connec tor WAP 4060PE is easy to connect external antenna and booster to extend the wireless distance 1 1 Package Contents Make sure that you have the following items m WAP 4060PE Dipole Antenna Quick Installation Guide User s manual CD ROM Power Adapter If any of the above items are missing conta
15. MAC physical address of the Trusted Wireless Station Use this when adding or editing a Trusted Station Buttons lt lt Add a Trusted Wireless Station move from the Other Sta tions list e Select an entry or entries in the Other Stations list and click the lt lt button e Enter the Address MAC or physical address of the wireless station and click the Add button gt gt Delete a Trusted Wireless Station from the list move to the Other Stations list e Select an entry or entries in the Trusted Stations list e Click the gt gt button Select All Select all of the Stations listed in the Other Stations list Select None De select any Stations currently selected in the Other Sta tions list Edit To change an existing entry in the Trusted Stations list select it and click this button 1 Select the Station in the Trusted Station list 2 Click the Edit button The address will be copied to the Address field and the Add button will change to Up date 3 Edit the address MAC or physical address as required 4 Click Update to save your changes Add To add a Trusted Station which is not in the Other Wireless Stations list enter the required data and click this button Clear Clear the Name and Address fields 3 5 Security Profiles Security Profiles contain the SSID and all the security settings of this WAP 4060PE e Up to eight 8 Security Profiles
16. Point device listing after changing the name or IP Address Detail Info When clicked additional information about the selected device will be displayed Web Management Use this button to connect to the WAP 4060PE s Web based management interface Set IP Address Click this button if you want to change the IP Address of the Wire less Access Point Exit Exit the Management utility program by clicking this button 3 2 2 Setup Procedure 1 Select the desired Wireless Access Point from the list 2 Click the Set IP Address button If prompted enter the user name and password The default values are admin for the User Name and password for the Password 4 Ensure the IP address Network Mask and Gateway settings are correct for your LAN Save any changes 5 The initial IP address setup is now completed You can click on the Web Manage ment button to access the web interface of WAP 4060PE for more configurations 3 3 Setup using a Web Browser Your Browser must support JavaScript The configuration program has been tested on the following browsers e Netscape V4 08 or later e Internet Explorer V4 or later 3 3 1 Setup Procedure Before proceeding please install the WAP 4060PE in your LAN as described previ ously 1 Use a PC which is already connected to your LAN and start the Web browser 2 Inthe Address box enter the IP address of the WAP 4060PE you want to cobnfig ure
17. Type of service user has requested Tunnel Type Tunneling protocols to be used Windows Groups Windows groups that user belongs to 9 Click Permitted then OK Select Next 10 Select Grant remote access permission Click Next 11 Click Edit Profile and select the Authentication tab Enable Extensible Authenti cation Protocol and select Smart Card or other Certificate Deselect other authentication methods listed Click OK LI zx Dial in Constraints IP Multilink Authentication Encryption Advanced Check the authentication methods which are allowed for this connection wv Extensible Authentication Protocol Select the EAP type which is acceptable for this policy Smart Card or other Certificate zj Configure Microsoft Encrypted Authentication version 2 MS CHAP v2 Microsoft Encrypted Authentication MS CHAP Tl Encrypted Authentication CHAP F Unenctypted Authentication PAP SPAP Unauthenticated Access Allow remote PPP clients to connect without negotiating any authentication method 12 Select No if you don t want to view the help for EAP Click Finish 4 5 6 Grant Remote Access for Users 1 Select Start Programs Administrative Tools Active Directory Users and Com puters 2 Double click on the user who you want to enable 45 3 Select the Dial in tab and enable Allow access Click OK alex Properties ais Terminal Services Profile Exchange General E mail
18. WAP 4060PE will then send updates according to the specified time period The current status is displayed Click the Configure button to configure this feature if required The current status is displayed Click the Configure button to configure this feature if required 28 3 7 System Screen Click System on the menu to view a screen like the following System Access Point Name PLEO046A Description Country or Domain United States D MAC Address 00 30 4F E0 04 64 DHCP Client Fixed IP Address IP address 21 CH na na Ha in on na na Subnet Mask 25 in N on on N in in N N BH Gateway 210 66 155 pa DNS 168 95 fi bh fT Enable WINS WINS Server Name siP Address Cancel Help Data System Screen Identification Access Point Enter a suitable name for this WAP 4060PE Name Description If desired you can enter a description for the WAP 4060PE Country Do Select the country or domain matching your current location main IP Address DHCP Client Select this option if you have a DHCP Server on your LAN and you want the WAP 4060PE to obtain an IP address automati cally Fixed If selected the following data must be entered e IP Address The IP Address of this device Enter an unused IP address from the address range on your LAN e Subnet Mask The Network Mask associated with the IP Address above Enter the value used by other devices on you
19. WDS Mac Address List get enableWireless Display Wireless Client Enable Disable Client get wirelessSeparate Display wireless seprate Mode 78 set authentication Set Authentication Type set autochannelse Set Auto Channel Selection lect set basic11b Set Use of Basic 11b Rates set basic11g Set Use of Basic 11g Rates set beaconinterval Modify Beacon Interval set burstSeqThresh Set Max Number of frames in a Burst old set burstTime Set Burst Time set calibration Set Calibration Period set cckTrigHigh Set Higher Trigger Threshold for CCK Phy Errors For ANI Control set cckTrigLow Set Lower Trigger Threshold for CCK Phy Errors For ANI Control set cckWeakSigThr et ANI Parameter for CCK Weak Signal Detection Threshold set extendedchan Set Extended Channel Mode mode set factorydefault Restore to Default Factory Settings set firStepLvl Set ANI Parameter for FirStepLevel 79 set fragmentthresh Set Fragment Threshold old set hostipaddr Set Host IP address set ofdmTrigHigh Set Higher Trigger Threshold for OFDM Phy Errors for ANI Control set ofdmTrigLow Set Lower Trigger Threshold for OFDM Phy Errors for ANI Control 80 set rate Set Data Rate 81 set HttpPort Set http port number set roguelegal Add Delete one AP MAC OUI into from Rogue AP Legal List set autoConfig Set Auto Config Enable Disable set autoResponse Set Respond to Auto Config request Enable Disable geName Enable Disab
20. button and choose Run When the dialog box appears enter E Utility setup exe Assume E is your CD ROM drive Follow the prompts to complete the installation 3 After the installation completes you can start this utility from Start gt Program Files gt Planet gt WAP 4060PE Manager 3 2 1 Main Screen When the utility is executed it searches the network for all active WAP 4060PE and lists them on screen as shown by the example below W AP 4060PE Fe Utility Version 1 11 Wireless Access Points ae LC RES IEEE Stand Description Detail Info Web Hememen Set IP Address Exit Wireless Access Points The main panel displays a list of all Wireless Access Points found on the network For each Access Point the following data is shown Name The device name of the WAP 4060PE IP address The IP address for the WAP 4060PE MAC Address The hardware or physical address of the WAP 4060PE IEEE Standard The wireless standard or standards used by the WAP 4060PE e g 802 11b 802 11g FW Version The current Firmware version installed in the WAP 4060PE Description Any extra information for the WAP 4060PE entered by the administrator Note If the desired device is not listed check that the device is installed and powered on then update the list by clicking the Refresh button Buttons Refresh Click this button to update the Wireless Access
21. desired option e 64Bit Keys are 10 Hex 5 ASCII characters e 128 Bit Keys are 26 Hex 13 ASCII characters e 152 Bit Keys are 32 Hex 16 ASCII characters Click this if you want the WEP keys to be automatically generated e The key exchange will be negotiated The most widely supported protocol is EAP TLS e The following Key Exchange setting determines how often the keys are changed e Both Dynamic and Static keys can be used simultane ously allowing clients using either method to use the WAP 4060PE This setting if only available if using Dynamic WEP Keys If you want the Dynamic WEP keys to be updated regularly enable this and enter the desired lifetime in minutes Enable this if some wireless clients use a fixed static WEP key using EAP MD5 Note both Dynamic and Static keys can be used simulta neously allowing clients using either method to use the WAP 4060PE Enter the WEP key according to the WEP Key Size set ting above Wireless stations must use the same key Select the desired index value Wireless stations must use the same key index Enable this if you want this WAP 4060PE to send account ing data to the Radius Server If enabled the port used by your Radius Server must be entered in the Radius Accounting Port field Update Report every Radius MAC Authentication UAM If Radius accounting is enabled you can enable this and enter the desired update interval This
22. key for login to your Radius Server These parameters are entered either on the Security page or the UAM sub screen depending on the security method used 2 Add users on your RADIUS server as required and allow access by these users 3 Client PCs must have the correct Wireless settings in order to associate with the WAP 4060PE 4 When an associated client tries to use HTTP TCP port 80 connections they will be re directed to a user login page 5 The client user must then enter the user name and password as defined on the Radius Server You must provide some system to let users know the correct name and password to use 6 Ifthe user name and password is correct Internet access is allowed Otherwise the user remains on the login page e Clients which pass the authentication are listed as xx xx xx xx xx xx WEB au thentication in the log table and station status would show as Authenticated on the station list table e f a client fails authentication xx xx xx xx xx xx WEB authentication failed shown in the log and station status is shown as Authenticating on the sta tion list table UAM authentication External 1 Ensure the WAP 4060PE can login to your Radius Server e Add a RADIUS client on RADIUS server using the IP address or name of the WAP 4060PE and the same shared key as pre configured 19 e Ensure the WAP 4060PE has the correct address port number and shared key for login to
23. or slow data transfers you may need to experiment with manually setting different channels to see which is the best Current Chan nel No This displays the current channel used by the WAP 4060PE 3 8 2 Advanced Settings Clicking the Advanced link on the menu will result in a screen like the following 33 Advanced Settings 2 4 GHz Basic Rate Selection 802 11b 1 2 5 5 11 Mbps D I Wireless Separation T Worldwide Mode 802 114 Disassociated Timeout B Minutes 1 99 Fragmentation Length 12346 256 2346 Default 2346 Beacon Interval 100 20 1000 Default 100 RTSICTS Threshold 2346 Short D Full D Primary D RTS CTS Disable 256 2346 Default 2346 Preamble Type Output Power Level Antenna Selection Protection Type GG CTS only Short Slot Time Enable Protection Mode auto D Protection Rate 11 Mbps Cancel Help Data Advanced Settings Screen Basic Rate Basic Rate Options Wireless Separation Worldwide Mode 802 11d Parameters Disassociated Time out Fragmentation Beacon Interval The Basic Rate is used for broadcasting It does not determine the data transmission rate which is determined by the Mode setting on the Basic screen Select the desired option Do NOT select the 802 11g or ODFM options unless ALL of your wireless clients support this 802 11b clients will not be able to connect to the WAP 4060PE if
24. sta tion list table UAM Screen The UAM screen will look different depending on the current security setting If you have already provided the address of your Radius server you won t be prompted for it again 20 dek UAM Universal Access Method Internal Web based Authentication External Web based Authentication Login URL Login Failure URL Radius Server Address Radius Port 18 12 Client Login Name PLEOO46A Shared Key Cancel Help Close Data UAM Screen Enable Internal Web based Authentication External Web based Authentication Login URL Login Failure URL Enable this if you want to use this feature See the section above for details of using UAM If selected then when a user first tries to access the Internet they will be blocked and re directed to the built in login page The logon data is then sent to the Radius Server for authentica tion If selected then when a user first tries to access the Internet they will be blocked and re directed to the URL below This needs to be on your own local Web Server The page must also link back to the built in login page on this device to complete the login procedure Enter the URL of the page on your local Web Server When users attempt to access the Internet they will see this page but are not logged in Enter the URL of the page on your local Web Server you wish users to see if their login fails This may be the
25. version only If selected the firmware file at the specified location will only be installed if it is a later version FTP Server address Enter the address domain name or IP address of the FTP Server Firmware pathname Enter the full path including the FW filename to the FW file on the FTP Server FTP Login Name Enter the login name required to gain access to the FTP Server FTP Password Enter the password for the login name above 6 4 Config File This screen allows you to Backup download the configuration file and to restore upload a previously saved configuration file You can also set the WAP 4060PE back to its factory default settings To reach this screen select Config File in the Management section of the menu 62 Config File Save copy of current settings Backup Restore saved settings from a file Revert to factory default settings Set to Defaults Help Data Config File Screen Backup Save a copy of current settings Restore Restore saved settings from a file Defaults Revert to factory default settings Once you have the WAP 4060PE working properly you should back up the settings to a file on your computer You can later restore the settings from this file if necessary To create a backup file of the current settings e Click Back Up e f you don t have your browser set up to save downloaded files automatically locate where
26. you want to save the file rename it if you like and click Save To restore settings from a backup file 1 Click Browse 2 Locate and select the previously saved backup file 3 Click Restore To erase the current settings and restore the original factory default settings click Set to Defaults button Note e This will terminate the current connection The WAP 4060PE will be unavailable until it has restarted e By default the WAP 4060PE will act as a DHCP client and automatically obtain an IP address You will need to determine its new IP address in order to re connect 63 6 5 Log Settings Syslog If you have a log server on your LAN this screen allows you to configure the WAP 4060PE to send log data to your log server Syslog Disable C Broadcast Send to specified Syslog Server Syslog Server Address NamedP address Minimum Severity Level ER Error D Cancel Help Data Log Settings Screen Syslog Server Select the desired Option e Disable Syslog server is not used e Broadcast Syslog data is broadcast Use this option if different PCs act as the Syslog server at dif ferent times e Send to specified Syslog Server Select this if the same PC is always used as the Syslog server If se lected you must enter the server address in the field provided Syslog Server Address Enter the name or IP address of your Syslog Server Minimum Severity Select the desired seve
27. your Radius Server These parameters are entered either on the Security page or the UAM sub screen depending on the security method used 2 On your Web Server create a suitable welcome page The welcome page must have a link or button to allow the user to input their user name and password on the uamlogon htm page on the WAP 4060PE 3 On the WAP 4060PE s UAM screen select External Web based Authentication and enter the URL for the welcome page on your Web server 4 Add users on your RADIUS server as required and allow access by these users 5 Client PCs must have the correct Wireless settings in order to associate with the WAP 4060PE 6 When an associated client tries to use HTTP TCP port 80 connections they will be re directed to the welcome page on your Web Server 7 The client user must then enter the user name and password as defined on the Radius Server You must provide some system to let users know the correct name and password to use 8 Ifthe user name and password is correct Internet access is allowed Otherwise the user remains on the login page e Clients which pass the authentication are listed as xx xx xx xx xXx xx WEB au thentication in the log table and station status would show as Authenticated on the station list table e f a client fails authentication xx xx xx xx xx xx WEB authentication failed is shown in the log and station status is shown as Authenticating on the
28. 1 4 7 Using 802 1x Mode without WPA The procedures are similar to using WPA 802 1x The only difference is that on your client you must NOT enable the setting The key is provided for me automatically Instead you must enter the WEP key manually ensuring it matches the WEP key used on the Access Point Wireless Network Properties Network name SS1D misstair e Wireless network key WEP This network requires a key for the following Data encryption WEP enabled C Network Authentication Shared mode _ The key is provided for me automatically This is a computer to computer ad hoc network wireless access points are not used Note On some systems the 64 bit WEP key is shown as 40 bit and the 128 bit WEP key is shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 52 Chapter 5 Operation and Status 5 1 Operation Once both the WAP 4060PE and the PCs are configured operation is automatic However you may need to perform the following operations on a regular basis e f using the Access Control feature update the Trusted PC database as required See Access Control in Chapter 3 for details e If using 802 1x mode update the User Login data on the Windows 2000 Server and configure the client PCs as required 5 2 Status Screen Use the Status link on the main menu to view this screen Lin TINTI
29. 2 1x Radius Server Address Radius Port Client Login Name Shared Key Enter the name or IP address of the Radius Server on your network Enter the port number used for connections to the Radius Server This read only field displays the current login name which is the same as the name of the WAP 4060PE The Radius Server must be configured to accept this login This is used for the Client Login on the Radius Server Enter the key value to match the Radius Server 25 WPA Encryption Group Key Update Key Lifetime Update Group key when any mem bership terminates Radius Account ing Select the desired option Other Wireless Stations must use the same method e TKIP Unicast point to point transmissions are en crypted using TKIP and multicast broadcast transmissions are not encrypted e TKIP 64 bit WEP Unicast point to point transmis sions are encrypted using TKIP and multicast broadcast transmissions are encrypted using 64 bit WEP e TKIP 128 bit WEP Unicast point to point transmis sions are encrypted using TKIP and multicast broadcast transmissions are encrypted using 128 bit WEP e AES CCMP CCMP is the most common sub type of AES Advanced Encryption System Most systems will simply say AES If selected both Unicast point to point and multicast broadcast transmissions are encrypted using AES e AES TKIP If selected Unicast point to point uses
30. 2 GMT 00 C0 02 03 05 66 associated 2004 Jan 1 00 38 35 GMT 00 04 23 73 19 61 disconnected Idle Timeout 2004 Jan 1 00 38 35 GMT 00 04 23 73 19 61 disassociated 2004 Jan 1 00 38 36 GMT 00 04 23 73 19 61 authenticated 2004 Jan 1 00 38 36 GMT 00 04 23 73 19 61 associated 2004 Jan 1 04 07 30 GMT 00 04 23 73 19 61 disassociated 2004 Jan 1 04 07 49 GMT 00 04 23 73 19 61 authenticated 2004 Jan 1 04 07 49 GMT 00 04 23 73 19 61 associated 2004 Jan 1 04 28 22 GMT 00 0C 43 71 01 12 authenticated 2004 Jan 1 04 26 22 GMT 00 0C 43 71 01 12 associated 2004 Jan 1 04 28 45 GMT 00 0C 43 71 01 12 disassociated 2004 Jan 1 04 31 23 GMT O00 0E 35 09 4D 65 authenticated 2004 Jan 1 04 31 23 GMT 00 0 35 09 4D 65 associated 2004 Jan 1 04 36 34 GMT 00 0E 35 09 4D 65 disconnected Idle Timeout 2004 Jan 1 04 36 34 GMT O00 0E 35 09 4D 65 disassociated 2004 Jan 1 04 47 26 GMT 00 04 23 73 19 61 disconnected ldle Timeout 2004 Jan 1 04 47 26 GMT 00 04 23 73 19 61 disassociated 2004 Jan 1 04 47 26 GMT 00 04 23 73 19 61 authenticated 2004 Jan 1 04 47 26 GMT 00 04 23 73 19 61 associated Refresh Save to File Clear Log Data Activity Log Data Current Time The system date and time is displayed Log Buttons Refresh The Log shows details of the connections to the WAP 4060PE Update the data on screen Save to file Save the log to a file on your pc Clear Log This will delete all data currently in the Log
31. 54 108Mbps Super G Wireless LAN Managed Access Point WAP 4060PE User s Manual Copyright Copyright 2005 by PLANET Technology Corp All rights reserved No part of this publica tion may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form or by any means electronic mechani cal magnetic optical chemical manual or otherwise without the prior written permission of PLANET PLANET makes no representations or warranties either expressed or implied with respect to the contents hereof and specifically disclaims any warranties merchantability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following their purchase the buyer and not this com pany its distributor or its dealer assumes the entire cost of all necessary servicing repair and any incidental or consequential damages resulting from any defect in the software Fur ther this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes All brand and product names mentioned in this manual are trademarks and or registered trademarks of their respective holders Federal Communication Commission Interference Statement This equipment has been tested and found to comply with
32. 8 WEP Key Index If this field is visible select the desired key index Any value can be used provided it matches the value on the Radius Server 3 6 5 UAM UAM Universal Access Method is intended for use in Internet cafes Hot Spots and other sites where the WAP 4060PE is used to provide Internet Access If enabled then HTTP TCP port 80 connections are checked UAM only works on HTTP connections all other traffic is ignored If the user has not been authenticated Internet access is blocked and the user is re directed to another web page Typically this web page is on your Web server and explains how to pay for and obtain Internet access To use UAM you need a Radius Server for Authentication The Radius Server Setup must be completed before you can use UAM The required setup depends on whether you are using Internal or External authentication e Internal authentication uses the web page built in the WAP 4060PE e External authentication uses a web page on your Web server Generally you should use External authentication as this allows you to provide relevant and help ful information to users UAM authentication Internal 1 Ensure the WAP 4060PE can login to your Radius Server e Add a RADIUS client on RADIUS server using the IP address or name of the WAP 4060PE and the same shared key as pre configured e Ensure the WAP 4060PE has the correct address port number and shared
33. 802 11g transmis sions Older 802 11b devices may not be able to detect that an 802 11g transmission is in progress Normally this should be left at Auto Select the desired option The default is 11 Mbps 35 Chapter 4 PC and Server Configuration 4 1 Overview All Wireless Stations need to have settings which match the Wireless Access Point These settings depend on the mode in which the WAP 4060PE is being used e f using WEP or WPA PSK it is only necessary to ensure that each Wireless station s settings match those of the WAP 4060PE as described below For WPA 802 1x and 802 1x modes configuration is much more complex The Radius Server must be configured correctly and setup of each Wireless station is also more complex For each of the following items each Wireless Station must have the same settings as the WAP 4060PE Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the WAP 4060PE The default value is wireless Note The SSID is case sensitive Wireless e Each Wireless station must be set to use WEP data encryp Security tion e The Key size 64 bit 128 bit 152 bit must be set to match the WAP 4060PE e The keys values on the PC must match the key values on the WAP 4060PE Note On some systems the key sizes may be shown as 40bit 104bit and 128bit instead of 64 bit 128 bit and 152bit This difference arises because the key i
34. Bm 36 Mbps 76dBm 24 Mbps 79dBm 18 Mbps 82dBm 12 Mbps 86dBm 9 Mbps 89dBm 6 Mbps 90dBm typically PER lt 8 packet size 1024 and 25 C 5 C Operating Mode AP AP Client Wireless Bridge Multiple Bridge Repeater Open shared WPA and WPA PSK authentication 802 1x support EAP TLS EAP TTLS PEAP Block inter wireless station communication Block SSID broadcast 68 eb based configuration RADIUS Accounting RADIUS On feature RADIUS Accounting update CLI Message Log Access Control list file support Configuration file Backup Restore Statistics support Device discovery program aa LXWX 50 x 102 x 30mm Weight 210g Operating temperature 0 40 degree C Environmental Specifi sation Storage temperature 20 70 degree C Relative humanity 0 90 non condensing Power Requirement 24V DC 0 5A Electromagnetic Compatibility Gee 69 Appendix B Troubleshooting Problem 1 Solution 1 Problem 2 Solution 2 Can t connect to the WAP 4060PE to configure it Check the following e The WAP 4060PE is properly installed LAN connections are OK and it is powered ON Check the LEDs for port status e Ensure that your PC and the WAP 4060PE are on the same network segment If you don t have a router this must be the case e f your PC is set to Obtain an IP Address automatically DHCP client restart it e You can use the following method to determine t
35. E OF CONTENTS CHAPTER 1 INTRODUCTION 1 1 1 Package TL LCE 1 1 2 System Requirements ss ssssnsssenenennennnennnnnnenns 1 1 23 E TEE 1 1 4 Physical Details i cic cccsttecevccecs ccvesteeccatencenecuaseneeneveecdeeedetecnsesuseceecesteecenertaeeter 2 1 5 Specificatio Meias ee eege Ee ege SEN SEELEN Edel Ee gees A 1 6 Wireless Performance ie 4 CHAPTER 2 INSTALLATION cssssssssssssssssssssssesessssssssnsnsssnssnsnsnsnsnsnsananssasasee 6 2 1 Generatlnstallatieon gege tie ten nn dee 6 2 2 Using PoE Power over Ethernet 6 CHAPTER 3 ACCESS POINT SETUP 7 Kabel EE 7 3 2 Setup using the Windows Utility ss 7 RE e EE 7 3 2 2 Setup Procedure sise 8 3 3 Setup USING a Web Browser sise 8 3 3 1 Setup Procedure cccccceceeeceeccceceeeeeeeeceeeaeaeceeeeeeeeseseenaeeeeaeeeeeeeeeeeeenaees 8 3 4 ACCESS en LEE 10 3 4 1 Trusted Wireless Stations 10 3 5 Security UE 12 3 5 1 VLAN Configuration Gcreen rini aek a a aiT 14 3 6 Configure Security Profile ns 16 3 6 1 Profile Data EEN deed ENEE DESEN aaa 16 3 6 2 Security Settings seine nine denr es 16 3 6 3 Security Settings None 4 17 3 6 4 Radius MAC Authentication 0 ccccccceeeeeeeeceeeeeeeeeeteceneaeeeeeeeeeeeeeeeees 17 3 6 5 UAM oes Eegen dE EE 19 3 6 6 Security Settings WER 21 3 6 7 Security Settings WPA PSK ceecceeceeeceeeeeeeeeeeeeseeeeeeeesenaeeeteeenaees 23 3 6 8 Security Settings WPA O
36. E081 551337C7 Thumbprint shal ESEC3F5D BA9B678E 79C05548 51017043 BE7AOCB Thumbprint md5 6F171E64 D438B251 44242464 CD8E6189 Certificate setup is now complete 4 6 2 802 1x Authentication Setup 1 2 Open the properties for the wireless connection by selecting Start Control Panel Network Connections Right Click on the Wireless Network Connection and select Properties Select the Authentication Tab and ensure that Enable network access control using IEEE 802 1X is selected and Smart Card or other Certificate is selected from the EAP type 49 Wireless Network Connection Properties PIR General Wireless Networks Authentication Advanced _ Select this option to provide authenticated network access for wired and wireless Ethernet networks Enable network access control using IEEE 802 1 EAP type Smart Card or other Certificate Authenticate as computer when computer information is available C Authenticate as guest when user or computer information is unavailable Encryption Settings The Encryption settings must match the APs WAP 4060PE on the Wireless network you want to join e Windows XP will detect any available Wireless networks and allow you to config ure each network independently e Your network administrator can advise you of the correct settings for each network 802 1x networks typically use EAP TLS This is a dynamic key system so there is no need to e
37. N Access Point Name PLEOO46A MAC Address 00 C0 02 E0 04 64 Domain United States Firmware Version Version 2 0 Release 35 IP Address 210 66 155 66 Subnet Mask 255 255 255 224 Gateway 210 66 155 94 DHCP Client Disabled ChanneliFrequency 10 Automatic Wireless Mode 802 11b and 802 119 AP Mode Access Point Bridge Mode None disable e TI Ss weess age ep Profits Jugen ess Prone ges eae Prones gen ess zeegt Jugen ess zong ges eme Prones Jugen eae Security Profiles 53 Data Status Screen Access Point Access Point Name The current name will be displayed MAC Address The MAC physical address of the WAP 4060PE Domain Firmware Version TCP IP IP Address The region or domain as selected on the System screen The version of the firmware currently installed The IP Address of the WAP 4060PE Subnet Mask The Network Mask Subnet Mask for the IP Address above Gateway Enter the Gateway for the LAN segment to which the WAP 4060PE is attached the same value as the PCs on that LAN segment DHCP Client This indicates whether the current IP address was obtained from a DHCP Server on your network It will display Enabled or Disabled Wireless Channel Frequency The Channel currently in use is displayed Wireless Mode The current mode e g 802 119 is displayed AP Mode The current Access Point mode is displayed Bridge Mode Security Profiles
38. O 1x 24 3 6 9 Security Settings 802 1x nussi 27 Oe RE 29 3 8 E EA UE 30 3 8 1 Basic Settings Screen sien 30 3 8 2 Advanced Settings 33 CHAPTER 4 pc AND SERVER CONFIGURATION 36 AV OV ON VNC W aie diss nsc cases entire tentenren nan errant anne Go titane T 36 4 2 USING WEP EE 36 43 USING WPA PSK ge ege Ee EE EE Eege 36 ERR KEE EE 37 4 5 802 1x Server Setup Windows 2000 Server 37 4 5 1 Windows 2000 Domain Controller Setup 38 4 5 2 Services Installation ccccccceeceececeeceeeeeeeeseeeecaeaeeeeeeeseseessicaeeeeeeeeess 38 4 5 3 DHCP server configuration cceceeeeeceeeeeeenneeeeeeeeeeeeeenaeeeeeenaeeeeeeeaaes 39 4 5 4 Certificate Authority Setup 2 2 eee cece cece tent eter eteeeeeetaeeeeeeenaeeeereaea 41 4 5 5 Internet Authentication Service Radius Setup 44 4 5 6 Grant Remote Access for Users 45 4 6 802 1x Client Setup on Windows XP 46 4 6 1 Client Certificate Setup nanan nenene 46 4 6 2 802 1x Authentication Setup sssssssssernnsesestnnttnnenssrrettrnrrnnserererene nnn 49 4 7 Using 802 1x Mode without WPA ceseeseeseseeeeeeeeeeeeeeeseeneeseeesseeesneseenens 52 CHAPTER 5 OPERATION AND STATUS creme 53 5 TO Per ation ive sieve tevez scesct onneuseceeseseadnsssceetesesevaoangooectstensrehsunaacetevaecsessusenacesectenceis 53 5 2 Status SCCM EE 53 5 3 1 Statistics SCr en ee A ote ot ae na ee eet 55 5 3 2 Profile
39. Please select the type of request you would like to make User certificate request Advanced request Internet v 6 Click Submit 2 Microsoft Certificate Services Microsoft Internet Explorer ES File Edit View Favorites Tools Help zech sl a E P search De Favorites QP ress e Address Si http 192 168 0 2 certsrv certrqbi asp type 0 Microsoft Certificate Services User Certificate Identifying Information All the necessary identifying information has already been collected You may now submit your request More Options gt gt 7 Amessage will be displayed then the certificate will be returned to you Click nstall this certificate 48 8 9 2 Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help G Q EN a JO Search Se Favortes media Address ei http 192 168 0 2 certsryfcertfnsh asp EN Go Microsoft Certificate Services WirelessCA Certificate Issued The certificate you requested was issued to you Install this certificate D Internet You will receive a confirmation message Click Yes Root Certificate Store A Do you want to ADD the following certificate to the Root Store Subject WirelessCA Systems Wireless Widgets College Park MD US ca yourdomain tld Issuer Self Issued Time Validity Thursday October 11 2001 through Saturday October 11 2003 Serial Number 76E748D0 86375643 4F77
40. an also use a static WEP key EAP MD5 the WAP 4060PE supports both methods simultaneously Radius Server Configuration If using WPA 802 1x mode the Radius Server on your network must be configured as follow e t must provide and accept Certificates for user authentication e There must be a Client Login for the WAP 4060PE itself e The WAP 4060PE will use its Default Name as its Client Login name However your Radius server may ignore this and use the IP address instead e The Shared Key set on the Security Screen of the WAP 4060PE must match the Shared Secret value on the Radius Server e Encryption settings must be correct 4 5 802 1x Server Setup Windows 2000 Server This section describes using Microsoft Internet Authentication Server as the Radius Server since it is the most common Radius Server available that supports the EAP TLS authentication method The following services on the Windows 2000 Domain Controller PDC are also re quired 37 e dhcpd e dns e rras e webserver IIS e Radius Server Internet Authentication Service e Certificate Authority 4 5 1 Windows 2000 Domain Controller Setup 1 Run dcpromo exe from the command prompt 2 Follow all of the default prompts ensure that DNS is installed and enabled during installation 4 5 2 Services Installation 1 Select the Control Panel Add Remove Programs 2 Click Add Remove Windows Components from the left side 3 Ensure that
41. ance will reduced significantly Because every 802 11g OFDM packet needs to be preceded by an RTS CTS or CTS packet exchange that can be recognized by legacy 802 11b devices This additional overhead lowers the speed If there are no 802 11b devices connected or if connections to all 802 11b devices are denied so that WAP 4060PE can operate in 11g only mode then its data rate should actually 54Mbps and 108Mbps in Super G mode Chapter 2 Installation 2 1 General Installation Before you proceed with the installation it is necessary that you have enough informa tion about the WAP 4060PE 1 Locate an optimum location for the WAP 4060PE The best place for your WAP 4060PE is usually at the center of your wireless network with line of sight to all of your mobile stations 2 Assemble the antenna to WAP 4060PE Try to place them to a position that can best cover your wireless network The antenna s position will enhance the receiving sensitivity 3 Connect RJ 45 cable to WAP 4060PE Connect this WAP 4060PE to your LAN switch hub or a single PC 4 Plug in power adapter and connect to power source After power on WAP 4060PE will start to operate Note ONLY use the power adapter supplied with the WAP 4060PE Otherwise the product may be damaged 2 2 Using PoE Power over Ethernet The LAN port of WAP 4060PE supports PoE Before you proceed with the PoE instal lation please make sure the PoE adapter or switch is 802 3af c
42. can be defined e Up to four 4 Security Profiles can be enabled at one time allowing up to 4 differ ent SSIDs to be used simultaneously 12 Profile02 wireless None 2 4 GHz Profile03 wireless None 2 4 GHz ProfileO4 wireless None 2 4 GHz Profile05 wireless None 2 4 GHz ProfileO6 wireless None 2 4 GHz zi Enable Configure Disable Indicates profile is currently enabled 802 11b g AP Mode wireless wireless D 802 11b g Bridge Mode wireless wireless D These settings have no effect unless the appropriate mode is enabled lf enabled the selected Profile SSID is used for the beacon Profile SSID Isolation amp No isolation Isolate all Profiles SSIDs from each other Use VLAN 802 10 standard Configure VLAN Save Cancel Help Data Security Profiles Screen Profile Profile List All available profiles are listed For each profile the following data is displayed e star sign If displayed before the name of the profile this indicates the profile is currently enabled If not displayed the profile is currently disabled e Profile Name The current profile name is displayed e SSID The current SSID associated with this profile e Security System The current security system e g WPA PSK is displayed e Frequency Band The Wireless Band 2 4 GHz for this profile is displayed Buttons e Enable enable the selected profile e Configure change th
43. ce and 2 this Device must accept any interference received including interference that may cause undesired operation Federal Communication Commission FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environ ment In order to avoid the possibility of exceeding the FCC radio frequency exposure limits human proximity to the antenna shall not be less than 20 cm 8 inches during normal opera tion ii R amp TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999 5 CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal Equipment and the mutual recognition of their conformity R amp TTE The R amp TTE Directive repeals and replaces in the directive 98 13 EEC Telecommunications Terminal Equipment and Satellite Earth Station Equipment As of April 8 2000 Safety This equipment is designed with the utmost care for the safety of those who install and use it However special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment All guidelines of this and of the computer manufac ture must therefore be allowed at all times to ensure the safe use of the equipment Revision User s Manual for PLANET 802 11g Wireless LAN Managed Access Point Model WAP 4060PE Rev 1 0 January 2005 Part No EM WAP4060 iii TABL
44. changes periodically e WPA 802 1x This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmis sions are encrypted using the WPA standard 16 If this option is selected This WAP 4060PE must have a client login on the Radius Server Each user must have a user login on the Radius Server Each user s wireless client must support 802 1x and provide the login data when required All data transmission is encrypted using the WPA standard Keys are auto matically generated so no key input is required 802 1x This uses the 802 1x standard for client authentication and WEP for data encryption If possible you should use WPA 802 1x instead because WPA en cryption is much stronger than WEP encryption If this option is selected This WAP 4060PE must have a client login on the Radius Server Each user must have a user login on the Radius Server Each user s wireless client must support 802 1x and provide the login data when required All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 3 6 3 Security Settings None Profile Name wireless SSID wireless Wireless Band 2 4 GHz Wireless Security System None D Current Status Disabled Configure Current Status Disabled Configure Back Cancel Help No security is used Anyo
45. ct your supplier as soon as possible 1 2 System Requirements Before installation please check the following requirements with your equipment m Pentium Based And Above IBM Compatible PC System m CD ROM drive m Windows 98 ME 2000 XP Operating System with TCP IP protocol 1 3 Features Wireless LAN IEEE802 11g and IEEE802 11b compliant Support PoE port IEEE802 3af compliant Support IEEE802 11d standard Worldwide mode Strong network security with 802 1X authentication and 64 128 bit WEP encryption Supports WPA Wi Fi Protected Access for both 802 1x and WPA PSK One detachable reverse polarity SMA connectors can connect to external antenna for expanding connection distance Super G mode efficiently raises the data transfer rate up to 108Mbps Five operation modes selectable AP AP Client Wireless Bridge Multiple Bridge Re peater Adjustable output power level Support Multiple SSIDs Multiple SSID isolation 802 1Q VLAN RADIUS MAC authentica tion Rogue AP detection Access Control ee m Provide Windows base utility Web and CLI Command Line Interface Configuration m SNMP support 1 4 Physical Details Front panel WAP 4060PE STATUS POWER LAN WLAN Rear panel O STATUS O POWER 802 11g Wireless PoE AP On Error condition Off Normal operation Blinking During start up and when the Firmware is being upgraded On Normal operation Off No power On The LAN Et
46. dress of the other AP in the Repeater AP MAC Address field In this mode all traffic is sent to the specified AP Note If using Client Repeater mode you cannot use Bridge Mode Repeater AP MAC Address This is not required unless the AP Mode is Client Repeater In this mode you must provide the MAC address of the other AP in this field You can either enter the MAC address directly or if the other AP is on line and broadcasting its SSID you can click the Select AP button and select from a list of available APs Broadcast SSID If Disabled no SSID is broadcast If enabled you must select the security profile whose SSID is to be broadcast This can be done in the Security Profiles screen The SSID will then be broadcast to all Wireless Stations Sta tions which have no SSID or a null value can then adopt the correct SSID for connections to this Access Point Bridge Mode Both Bridge mode and AP mode can be used simultaneously unless AP mode is Client Repeater Select the desired Bridge mode e None disable Disable Bridge mode Use this if you want this WAP 4060PE to act as an AP only e Point to Point Bridge PTP Bridge to a single AP You must provide the MAC address of the other AP in the PTP Bridge AP MAC Address field e Point to Multi Point Bridge PTMP Select this only if this AP is the Master for a group of Bridge mode APs The other Bridge mode APs must be set to Point to Point
47. e settings for the selected profile e Disable disable the selected profile Primary Profile Select the primary profile for 802 11b and 802 11g AP mode 802 11b g AP Mode Only enabled profiles are listed The SSID associated with this profile will be broadcast if the Broadcast SSID setting on the Basic screen is enabled 13 802 11b g Bridge Mode Isolation None Select the primary profile for 802 11b and 802 11g Bridge Mode This setting determines the SSID and security settings used for the Bridge connection to the remote AP If this option is selected wireless clients using different pro files different SSIDs are not isolated so they will be able to communicate with each other Isolate all If this option is selected wireless clients using different pro files different SSIDs are isolated from each other so they will NOT be able to communicate They will still be able to communicate with other clients using the same profile unless the Wireless Separation setting on the Advanced screen has been enabled Use VLAN This option is only useful if the hubs switches on your LAN support the VLAN 802 1Q standard When VLAN is used you must select the desired VLAN for each security profile when configuring the profile If VLAN is not selected the VLAN setting for each profile is ignored Click the Configure VLAN button to configure the IDs used by each VLAN See below for further de
48. either of these modes is selected If enabled each Wireless station using the WAP 4060PE is invisible to other Wireless stations In most business situations this setting should be Disabled Enable this setting if you want to use this mode and your Wireless stations also support this mode This determines how quickly a Wireless Station will be considered Disassociated with this AP when no traffic is received Enter the desired time period Enter the preferred setting between 256 and 2346 Nor mally this can be left at the default value Enter the preferred setting between 20 and 1000 Nor mally this can be left at the default value 34 RTS CTS Threshold Preamble Type Output Power Level Antenna Selection 802 11b Protection Type Short Slot Time Protection Mode Protection Rate Enter the preferred setting between 256 and 2346 Nor mally this can be left at the default value Select the desired option The default is Long The Short setting takes less time when used in a good envi ronment Select the desired power output Higher levels will give a greater range but are also more likely to cause interfer ence with other devices WAP 4060PE has only 1 antenna there is only 1 option available Select the desired option The default is CTS only Enable or disable this setting as required The Protection system is intended to prevent older 802 11b devices from interfering with
49. elected by the radio button is required The other keys are optional Other stations must have matching key values 22 Passphrase Use this to generate a key or keys instead of entering them directly Enter a word or group of printable characters in the Passphrase box and click the Generate Key button to auto matically configure the WEP Key s Radius MAC Authentication The current status is displayed Click the Configure button to configure this feature if required UAM The current status is displayed Click the Configure button to configure this feature if required 3 6 7 Security Settings WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wire less station The 256Bit encryption key is derived from the PSK and changes frequently Profile Name wireless SSID wireless Wireless Band 2 4 GHz D Wireless Security System WPA PSK Di WPA PSK Pre shared Key Network Key WPA Encryption TKIP D Key Updates I Group Key Update Key Lifetime E minutes I Update Group Key when any membership terminates Current Status Disabled Current Status Disabled Back I sae Cancel Help Data WPA PSK Screen WPA PSK Network Key Enter the key value Data is encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key
50. em available to any PC Select this to have Trap messages sent to the specified PC only If selected you must enter the IP Address of the desired PC Select the desired option as supported by your SNMP Man agement program 66 6 8 Upgrade Firmware The firmware software in the Wireless Access Point can be upgraded using your Web Browser You must first download the upgrade file and then select Upgrade Firmware in the Manage ment section of the menu You will see a screen like the following Locate and select the upgrade file from your hard disk OO Browse el ze To perform the Firmware Upgrade 1 Click the Browse button and navigate to the location of the upgrade file 2 Select the upgrade file Its name will appear in the Upgrade File field 3 Click the Upgrade button to commence the firmware upgrade Note The WAP 4060PE is unavailable during the upgrade process and must restart when the upgrade is completed Any connections to or through the WAP 4060PE will be lost 67 Appendix A Specifications WAP 4060PE IEEE 802 11b 802 11g DSSS Direct Sequence Spread Spectrum OFDM with BPSK QPSK 16QAM 64QAM DBPSK DQPSK f Pot 10 00Mbps RJ 45 port 1 802 3af compliant Output Power 18dBm 802 11b 802 11g 11 Mbps CCK 85dBm 5 5 Mbps QPSK 89dBm 1 2 Mbps BPSk 90dBm typically PER lt 8 packet size 1024 and 25 C 5 C 54 Mbps 72dBm 48 Mbps 72d
51. er Client Authentication Server Authentic Ca Issued Certificates GAweb Server Server Authentication A Pending Requests GA Computer Client Authentication Server Authentic Failed Requests deer Encrypting File System Secure Email ate an Authority Certificate to Issue View Code Signing Microsoft Trust List Signi Refresh Export List Help Creates a new object in this container 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctrl key Click OK Select Certificate Template 21xl Select a certificate template to issue certificates User Signature Only Smartcard User Authenticated Session teard Logon ES Code Signing Trust List Signing Fnrallment Anent Secure Email Clier Secure Email Clier Client Authenticatic Client Authenticatic Code Signing Microsoft Trust List Certificate ReauestZ L Geet 4 Select Start Programs Administrative Tools Active Directory Users and Com puters 5 Right click on your active directory domain and select Properties Lei Console Window Help action ven em ER e ePRnvT Se Tree Domain Controllers 1 objects Active Directory Users Name Type Descriptio A E ml cwen neii a Computer Delegate Control Find Connect to Domain Connect to Domain Controller Operations Masters New gt All Tasks gt New Window
52. f identification between the AP and the client Deauthentication The number of Deauthentication packets received Deauthentication is the process of ending an existing authentication relationship Association The number of Association packets received Association creates a connection between the AP and the client Usually clients associate with only one AP at any time Disassociation The number of Disassociation packets received Disasso ciation breaks the existing connection between the AP and the client Reassociation The number of Reassociation packets received Reassocia tion is the service that enables an established association between AP and client to be transferred from one AP to another or the same AP Wireless MSDU Number of valid Data packets transmitted to or received from Wireless Stations at application level Data Number of valid Data packets transmitted to or received from Wireless Stations at driver level 55 Multicast Packets Number of Broadcast packets transmitted to or received from Wireless Stations using Multicast transmission Management Number of Management packets transmitted to or received from Wireless Stations Control Number of Control packets transmitted to or received from Wireless Stations 5 3 2 Profile Status The Profile Status screen is displayed when the Profile Status button on the Status screen is clicked Broadcast SSID wireless wire
53. from Here E Opens property sheet for the current selection Astr A amp Doce Gaconr Fadar Acab activ activ ch BE Sas 2 45PM 6 Select the Group Policy tab choose Default Domain Policy then click Edit 42 wireless yourdomain tid Properties E 21 General Managed By Group Policy Current Group Policy Object Links for wireless Group Policy Object Links No Override 4 Default Domain Policy Group Policy Objects higher in the list have the highest priority This list obtained from rowan wireless pourdomain tid Edit Up ns Delete Properties Bown F Block Policy inheritance 7 Select Computer Configuration Windows Settings Security Settings Public Key Policies right click Automatic Certificate Request Settings New Automatic Cer tificate Request gf Group Policy SEES action ven e gt am o Automatic Certificate Request Tree Default Domain Policy swpa dell2k swpa sercomm com tw P E Ki Computer Configuration QQ Software Settings 2 C3 Windows Settings Gl Scripts Startup Shutdown Security Settings Account Policies gj Local Policies Event Log Restricted Groups g System Services CS Registry m 9 File System GC Public Key Policies Eet Data Recovery Agents mm qi r Automatic C3 Trusted Root cert ication Authorities New gt Automatic Certificate Request E Enterprise Trust E ES m IP Securi
54. g information will help you utilizing the wireless performance and operating cov erage of WAP 4060PE 1 Site selection To avoid interferences please locate WAP 4060PE and wireless clients away from trans formers microwave ovens heavy duty motors refrigerators fluorescent lights and other industrial equipments Keep the number of walls or ceilings between AP and clients as few as possible otherwise the signal strength may be seriously reduced Place WAP 4060PE in open space or add additional WAP 4060PE as needed to improve the cover age Environmental factors The wireless network is easily affected by many environmental factors Every environ ment is unique with different obstacles construction materials weather etc It is hard to determine the exact operating range of WAP 4060PE in a specific location without testing 3 Antenna adjustment The bundled antenna of WAP 4060PE is adjustable Firstly install the antenna pointing straight up then smoothly adjust it if the radio signal strength is poor But the signal re ception is definitely weak in some certain areas such as location right down the antenna Moreover the original antenna of WAP 4060PE can be replaced with other external an tennas to extend the coverage Please check the specification of the antenna you want to use and make sure it can be used on WAP 4060PE 4 WLAN type If WAP 4060PE is installed in an 802 11b and 802 11g mixed WLAN its perform
55. he IP address of the WAP 4060PE and then try to connect using the IP address instead of the name To Find the Access Point s IP Address 1 Open a MS DOS Prompt or Command Prompt Window 2 Use the Ping command to ping the WAP 4060PE Enter ping followed by the Default Name of the WAP 4060PE e g ping PLO03318 3 Check the output of the ping command to determine the IP ad dress of the WAP 4060PE If your PC uses a Fixed Static IP address ensure that it is using an IP Address which is compatible with the WAP 4060PE If no DHCP Server is found the WAP 4060PE will default to an IP Address and Mask of 192 168 0 228 and 255 255 255 0 On Windows PCs you can use Control Panel Network to check the Properties for the TCP IP protocol My PC can t connect to the LAN via the WAP 4060PE Check the following e The SSID and WEP settings on the PC match the settings on the WAP 4060PE e Onthe PC the wireless mode is set to Infrastructure e f using the Access Control feature the PC s name and address is in the Trusted Stations list e f using 802 1x mode ensure the PC s 802 1x software is config ured correctly 70 Appendix C Command Line Interface If desired the Command Line Interface CLI can be used for configuration This creates the possibility of creating scripts to perform common configuration changes The CLI requires either a Telnet connection or a physical connection from your PC to the serial port
56. hernet port is active Off No active connection on the LAN Ethernet port Flashing Data is being transmitted or received via the correspond ing LAN Ethernet port On Idle Off Error Wireless connection is not available Flashing Data is being transmitted or received via the Wireless access point Data includes network traffic as well as user data CONSOLE ANT CONSOLE One dipole antenna is supplied Best results are usually obtained with the antenna in a vertical position DB9 female RS232 port RESET Button This button has two 2 functions e Reboot When pressed and released the WAP 4060PE will reboot restart e Reset to Factory Defaults This button can also be used to clear ALL data and restore ALL settings to the factory default values To Clear All Data and restore the factory default values 1 Power Off the WAP 4060PE 2 Hold the Reset Button down while you Power On the device 3 Continue holding the Reset Button until the Status Red LED blinks TWICE 4 Release the Reset Button The factory default configuration has now been restored and the WAP 4060PE is ready for use LAN PoE Use a standard LAN cable RJ45 connectors to connect this port to a 10BaseT or 100BaseT hub on your LAN Power port Connect the supplied power adapter here 1 5 Specification Standard Signal Type Modulation Port Antenna Connector Output Power Sensitivity Operating Mode Securi
57. iled is entered in the log and station status is shown as authenticating on the station list table Radius based MAC authentication Screen This screen will look different depending on the current security setting If you have already provided the address of your Radius server you won t be prompted for it again Otherwise you must enter the details of your Radius Server on this screen I Enable Radius based MAC authentication Radius Server Address Radius Port 18 12 Client Login Name PLEOO46A Shared Key Save Cancel Help Data Radius based MAC Authentication Screen Enable Enable this if you want to use Radius based MAC authentica tion Radius Server If this field is visible enter the name or IP address of the Ra Address dius Server on your network Radius Port If this field is visible enter the port number used for connec tions to the Radius Server Client Login If this field is visible it displays the name used for the Client Name Login on the Radius Server This Login name must be created on the Radius Server Shared Key If this field is visible it is used for the Client Login on the Ra dius Server Enter the key value to match the value on the Radius Server WEP Key If this field is visible it is for the WEP key used to encrypt data transmissions to the Radius Server Enter the desired key value in HEX and ensure the Radius Server has the same value 1
58. ive Tools Internet Authentication Service 2 Right click on Clients and select New Client Pw ON oD gata I Action View e sm ele Tree Internet Authentication Service Local RER E Remot ay Remot New b View Export List Help Enter a name for the access point click Next Enter the IP address of the WAP 4060PE and set the shared secret as entered on the Security Profile screen of the WAP 4060PE Click Finish Right click on Remote Access Policies select New Remote Access Policy Assuming you are using EAP TLS name the policy eap tls and click Next Click Add If you don t want to set any restrictions and a condition is required select Day And Time Restrictions and click Add WEE As Select the type of attribute to add and then click the Add button Attribute types Called Station d Phone number dialed by user Calling Station Id Phone number from which call originated Client Friendly Name Friendly name for the RADIUS client IAS Client IP Address IP address of RADIUS client IAS only Client Vendor Manufacturer of RADIUS proxy or NAS Day And Time Restrictions Time periods and days of week during wh Framed Protocol The protocol ta be used NAS Identifier String identifying the NAS originating the r NAS IP Address IP address of the NAS originating the requ NAS Port Type Type of physical port used by the NAS ori Service Type
59. l get ofdmWeakSigDet Display ANI Parameter for OFDM Weak Signal Detection 74 get quietAckCtsAllow Display if Ack Cts frames are allowed during quiet period 75 get 80211d Display 802 11d mode get rogueinteval Display Minutes of every Rogue AP Detection Range 3 99 get autoChan Display Provide admin login name and password geName Enable Disable get autoSetResp Display Provide respond to Auto Config request Enable Disable get autoUpdate Display Auto Update Enable Disable get autoUpgradeOnly Display Install later version only Enable Disable get autoUpdatelnter Display Auto Update Interval 1 31days val get ftpServer Display FTP Server address get fwPathname Display Firmware Pathname 76 get ftpLogin Display FTP Login Name get ftpPassword Display FTP Password get activeCurrentPro Display active Current Profile file get profileName Display Profile Name get profile Vlanld Display Profile VLAN ID get APPrimaryProfile Display AP Primary Profile get WDSPrimaryPro Display WDS Primary Profile file get securityMode Display Security Mode FailURL get snmpAccess Display SNMP Access Right Right get snmpAnySta Display SNMP Any Station Mode Mode get snmpStationl Display SNMP Station Addr PAddr get trapMode Display Trap Mode get trapVersion Display Trap Version get trapSendMode Display Trap Send Mode 77 get trapRecvip Display Trap Receiver IP get wdsMacList Display
60. le set autoUpdatelnter Set Auto Update Interval 1 31days val 82 set activeCurrentPro Set active Current Profile file set profileName Set Profile Name set profileVlanid Set Profile Vlan Id set APPrimaryProfile Set AP s Primary Profile set WDSPrimaryPro Set WDS s Primary Profile file set Accountingport Set Accounting port number FailURL set snmpAccess Set SNMP Access Right Right set snmpAnySta Set SNMP Any Station Mode Mode set snmpStationl Set SNMP Station Address PAddr 83 set dhcpMode Set Dhcp Mode set wdsMacList Set WDS Mac Address List set enableWireless Set Wireless Client Enable Disable Client set isolationType Set Isolation Type set winsEnable Set WINS Server Enable Disable set winsServerAddr Set WINS Server IP address set wirelessSeparate Set wireless separate Mode 84
61. less Enable None 2 4 GHz Enabled Profile02 wireless Disable None 2 4 GHz Disabled Profile03 wireless Disable None 2 4 GHz Disabled Profile04 wireless Disable None 24 GHz Disabled Profile05 wireless Disable None 2 4 GHz Disabled e e e Name SSID Security Band Status Clients Profile06 wireless Disable None 2 4 GHz Disabled Profi 07 wireless Disable None J 24 GHz Disabled Profile08 wireless Disable None 2 4 GHz Disabled Refresh Close ojeje jejejejej gt For each profile the following data is displayed Name The name you gave to this profile if you didn t change the name the default name is used SSID The SSID assigned to this profile Broadcast SSID Indicates whether or not the SSID is broadcast Band The Wireless band used by this profile Status Indicates whether or not this profile is enabled Clients The number of wireless stations currently using accessing this WAP 4060PE using this profile If the profile is disabled this will always be zero 56 5 3 3 Activity Log This screen is displayed when the Log button on the Status screen is clicked Currenttime 2004 Jan 1 04 54 36 GMT 2004 Jan 1 00 00 00 GMT AP activated 2004 Jan 1 00 21 01 GMT 00 04 23 73 19 61 authenticated 2004 Jan 1 00 21 01 GMT 00 04 23 73 19 61 associated 2004 Jan 1 00 27 32 GMT 00 C0 02 03 05 66 authenticated 2004 Jan 1 00 27 3
62. lt values are admin for the User Name and password for the Password 6 You will then see the prompt and can use any of the commands listed in the following Command Reference gi C 3 Command Reference The following commands are available find bss Find BSS 72 Display Access Control List get autochannelse Display Auto Channel Select lect get basic11b Display Basic 11b Rates get basic11g Display Basic 11g Rates get beaconinterval Display Beacon Interval get burstSeqThresh Display Max Number of frames in a Burst old get burstTime Display Burst Time get calibration Display Noise And Offset Calibration Mode get cckTrigHigh Display Higher Trigger Threshold for CCK Phy Errors for ANI Control get cckTrigLow Display Lower Trigger Threshold for CCK Phy Errors for ANI Control get cckWeakSigThr Display ANI Parameter for CCK Weak Signal Detection Threshold 73 get ctstype Display CTS type get domainsuffix Display Domain Name Server suffix get dtim Display Data Beacon Rate DTIM get enableANI Display Adaptive Noise Immunity Control On Off get encryption Display Encryption Mode get extendedchan Display Extended Channel Mode mode get firStepLvl Display ANI Parameter for FirStepLevel get fragmentthresh Display Fragment Threshold old get ofdmTrigHigh Display Higher Trigger Threshold for OFDM Phy Errors for ANI Control get ofdmTrigLow Display Lower Trigger Threshold for OFDM Phy Errors for ANI Contro
63. n data user name pass word as for a HTTP Web connection 6 3 Auto Config Update The Auto Config Update screen provides two features Auto Config The Access Point will configure itself by copying data from another compatible Access Point Auto Update The Access Point will update it Firmware by downloading the Firmware file from your FTP Server 60 Auto Config Auto Update TC Perform Auto Configuration on this AP next restart IT Respond to Auto configuration request by other AP E Provide admin login name and password T Provide Respond to Auto configuration setting IT Check for Firmware upgrade every 1 days Install FW if different version found Install later version only FTP Server address i O S Firmware pathname TF FTP Login Name i Yd FTP Password Ir Data Auto Config Update Screen Admin Connections Perform Auto Configuration on this AP next restart If checked this AP will perform Auto Configuration the next time it restarts e The wired LAN NOT the Wireless LAN will be searched for compatible APs e If a compatible AP is found its configuration is copied If more than one compatible AP exists the first one found is used e Some data cannot be copied o The IP address is not copied and will not change o The operating mode Repeater Bridge etc is not copied and will not change Note This checkbox is automatically disabled
64. ne using the correct SSID can connect to your network The only settings available from this screen are Radius MAC Authentication and UAM Universal Access Method 3 6 4 Radius MAC Authentication Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server If you don t have a Radius Server you cannot use this feature Using MAC authentication 5 Ensure the WAP 4060PE can login to your Radius Server e Add a RADIUS client on the RADIUS server using the IP address or name of the WAP 4060PE and the same shared key as pre configured e Ensure the WAP 4060PE has the correct address port number and shared key for login to your Radius Server These parameters are entered either on the Security page or the Radius based MAC authentication sub screen de pending on the security method used e On the WAP 4060PE enable the Radius based MAC authentication feature on the screen below 6 Add Users on the Radius server as required The username must be the MAC address of the Wireless client you wish to allow and the password must be blank 7 When clients try to associate with the WAP 4060PE their MAC address is passed to the Radius Server for authentication e If successful xx xx xx xx xx xx MAC authentication is entered in the log and client station status would show as authenticated on the station list table e f not successful xx xx xx xx xx xx MAC authentication fa
65. nput by the user is 24 bits less than the key size used for encryption 4 3 Using WPA PSK For each of the following items each Wireless Station must have the same settings as the WAP 4060PE Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the WAP 4060PE The default value is wireless Note The SSID is case sensitive Wireless On each client Wireless security must be set to WPA PSK Security e The Pre shared Key entered on the WAP 4060PE must also be entered on each Wireless client e The Encryption method e g TKIP AES must be set to match the WAP 4060PE 4 4 Using WPA 802 1x This is the most secure and most complex system 802 1x mode provides greater security and centralized management but it is more complex to configure Wireless Station Configuration For each of the following items each Wireless Station must have the same settings as the WAP 4060PE Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the WAP 4060PE The default value is wireless Note The SSID is case sensitive 802 1x Each client must obtain a Certificate which is used for authentica Authentica tion for the Radius Server tion 802 1x Typically EAP TLS is used This is a dynamic key system so keys Encryption do NOT have to be entered on each Wireless station However you c
66. nter key values Enabling Encryption To enable encryption for a wireless network follow this procedure 1 Click on the Wireless Networks tab 50 4 Wireless Network Connection Properties KU General Wireless Networks Authentication Advanced Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure miss test al Preferred networks Automatically connect to available networks in the order listed below D umd Move up deit misslair Learn about setting up wireless network confiquration 2 Select the wireless network from the Available Networks list and click Configure 3 Select and enter the correct values as advised by your Network Administrator For example to use EAP TLS you would enable Data encryption and click the checkbox for the setting The key is provided for me automatically as shown be low Wireless Network Properties Network name SSID misslair Wireless network key WEP This network requires a key for the following Data encryption WEP enabled C Network Authentication Shared mode Network key ASCII characters Key index advance V The key is provided for me automatically C This is a computer to computer ad hoc network wireless access points are not used Setup for Windows XP and 802 1x client is now complete 5
67. ompliant 1 Do not connect the supplied power adapter to the WAP 4060PE 2 Connect one end of a standard category 5 LAN cable to the Ethernet port on the WAP 4060PE 3 Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter or switch IEEE 802 3af compliant 4 Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch 5 Connect the power supply to the PoE adapter and power up 6 Check the LEDs on the WAP 4060PE to see it is drawing power via the Ethernet connection Donwer Ethemet WW H Lee Ta Hut POE 150 De la Poser WAP ACSOFE Chapter 3 Access Point Setup 3 1 Overview This chapter describes the setup procedure to make the WAP 4060PE a valid device on your LAN and to function as an Access Point for your Wireless Stations The WAP 4060PE can be configured using either the supplied Windows utility or the Web Browser 3 2 Setup using the Windows Utility A simple Windows setup utility is supplied on the CD ROM This utility can be used to assign a suitable IP address to the WAP 4060PE Using this utility is recommended because it can locate the WAP 4060PE even if it has an invalid IP address 1 Insert the User s Manual and Utility CD into the CD ROM drive 2 Once the menu screen appears click on the WAP 4060PE Manager hyperlink for installation If the menu screen does not appear you can click the Start
68. on abled because Radius MAC Authentication is not available with WPA PSK UAM The current status is displayed This will always be Dis abled because UAM is not available with WPA PSK The Configure button for this feature will also be disabled 3 6 8 Security Settings WPA 802 1x This version of WPA requires a Radius Server on your LAN to provide the client au thentication according to the 802 1x standard Data transmissions are encrypted using the WPA standard If this option is selected e This WAP 4060PE must have a client login on the Radius Server e Each user must have a user login on the Radius Server Normally a Certifi cate is used to authenticate each user e Each user s wireless client must support 802 1x e All data transmission is encrypted using the WPA standard Keys are auto matically generated so no key input is required 24 Security Profile Profile Name wireless SSID wi reless Wireless Band 24 GHz D Wireless Security Systern WPA 802 1 WPA 802 1x Radius Server Address Radius Port 1812 Client Login Name PLEOO46A Shared Key WPA Encryption TKIP D Key Updates T Group Key Update Key Lifetime E minutes I Update Group Key when any membership terminates Radius Accounting IT Enable Radius Accounting Radius Accounting Port 1813 I Update Report every 5 Minutes Current Status Disabled Santigure Data WPA 802 1x Screen WPA 80
69. r LAN e Gateway The IP Address of your Gateway or Router Enter the value used by other devices on your LAN e DNS Enter the DNS Domain Name Server used by PCs on your LAN 29 WINS Enable WINS If your LAN has a WINS server you can enable this to have this AP register with the WINS server WINS Server Name IP Ad dress Enter the name or IP address of your WINS server 3 8 2 4GHz Wireless There are two configuration screens available e Basic Settings e Advanced 3 8 1 Basic Settings Screen The settings on this screen must match the settings used by Wireless Stations Click Basic on the menu to view a screen like the following 30 Basic Settings 2 4 GHz Wireless Mode 1802 11b and 802 11g z AP Mode Access Point D Repeater AP MAC Address M Broadcast SSID Bridge Mode None disable M PTF Bridge AP MAC Address I in PTMP mode only allow specified APs APMP APE Channel No Automatic D Current Channel No 10 Cancel Help Data Basic Settings Screen Operation Wireless Mode Select the desired option e Disable select this if for some reason you do not want this AP to transmit or receive at all e 802 11b and 802 11g this is the default setting and will allow connections by both 802 11b and 802 1g wireless sta tions e 802 11b if selected only 802 11b clients are allowed 802 11g wireless stations will only be able to connect if the
70. rity level Events with a severity Level level equal to or higher i e ower number than the selected level will be logged 6 6 Rogue APs A Rouge AP is an Access Point which should not be in use and so can be consid ered to be providing unauthorized access to your LAN This WAP 4060PE can assist to locate 2 types of Rogue APs e APs which have Wireless security disabled e APs which are not in the list of valid APs which you have entered When a Rogue AP is located it is recorded in the log If using SNMP you can also choose to have detection of a Rogue AP generate an SNMP trap 64 Rogue AP Detection Enable Rogue AP Detection owent minutes 3 99 F Detection generates SNMP Trap M No Security PF Notin Legal AP List Data Rogue AP Screen Enable Detection Enable Detection Define Legal AP List Cancel Help To use this feature enable the Enable Rogue AP De tection checkbox and select the desired wireless band and time interval Scan Select the desired Wireless band to scan to Rogue APs and enter the desired time interval between each scan Detection generates SNMP Trap Rogue Detection No Security If using SNMP checking this option will generate a SNMP trap whenever a Rogue AP is detected If not using SNMP do not enable this option If checked any AP operating with security disabled is considered to be a Rogue AP Not in Legal AP List If checked an
71. same URL as the Login URL 3 6 6 Security Settings WEP This is the 802 11b standard Data is encrypted before transmission but the encryption system is not very strong 21 Security Profile Profile Name wireless SSID wireless Wireless Band 2 4 GHz Wireless Security System WEP D WEP Data Encryption 64 bit D Authentication Open System D WEP Keys Keyinput Hex 0 9 and A F ASCII Key 1 Key 2 IN Key 3 sd Key 4 OU Passphrase D Generate Key Current Status Disabled Configure Current Status Disabled Configure Data WEP Screen WEP Data Encryption Authentication Key Input Key Value Select the desired option and ensure your Wireless stations have the identical setting e 64 Bit Encryption Keys are 10 Hex 5 ASCII characters e 128 Bit Encryption Keys are 26 Hex 13 ASCII charac ters e 152 Bit Encryption Keys are 32 Hex 16 ASCII charac ters Normally you can leave this at Automatic so that Wireless Stations can use either method Open System or Shared Key If you wish to use a particular method select the appropriate value Open System or Shared Key All Wireless stations must then be set to use the same method Select Hex or ASCII depending on your input method All keys are converted to Hex ASCII input is only for convenience Enter the key values you want to use The default key s
72. screen accessed from the Management menu See Chapter 6 for details of the screens and features available on the Management menu Use the Apply Restart button on the menu to apply your changes and restart the Wireless Access Point If you can t connect It is likely that your PC s IP address is incompatible with the WAP 4060PE s IP address This can happen if your LAN does not have a DHCP Server The default IP address of the Wireless Access Point is 192 168 0 228 with a Network Mask of 255 255 255 0 If your PC s IP address is not compatible with this you must change your PC s IP address to an unused value in the range 192 168 0 1 192 168 0 254 with a Network Mask of 255 255 255 0 3 4 Access Control This feature allows you to block certain access from unknown or distrusted wireless stations Click Access Control on the menu to view a screen like the following Access Control C Enable Access Control by MAC Address Name Mac Address Connected Modify List Read from File Write to File Save Cancel Help Data Access Control Screen Enable Use this checkbox to Enable or Disable this feature as desired Warning Ensure your own PC is in the Trusted Wireless Sta tions list before enabling this feature Trusted Sta tions This table lists any Wireless Stations you have designated as Trusted If you have not added any stations this table will be empty For each Wireless
73. so the Auto configuration is only performed once Respond to Auto configuration request by other AP If checked this AP will respond to Auto Configuration requests it receives If not checked Auto Configuration requests will be ignored Provide login name and password If enabled the login name and password on this AP is supplied to the AP making the Auto configuration re quest If disabled the AP making the Auto configuration request will keep its existing login name and password 61 Provide Respond to Auto configuration setting Auto Update Check for Firmware upgrade If enabled the Respond to Auto configuration setting on this AP is supplied to the AP making the Auto configuration request If disabled the AP making the Auto configuration request will keep its existing setting If enabled this AP will check to see if a Firmware FW upgrade is available on the specified FTP Server If enabled e Enter the desired time interval in days between checks e Select the desired option for installation see next item e Provide the FTP server information Install Select the desired option e Install FW if different version found If selected and the firmware file at the specified lo cation is different to the current installed version the FW will be installed This allows Downgrades installing an older version of the FW to replace the current version e Install later
74. station the following data is displayed e MAC Address the MAC or physical address of each Wire less station e Connected this indicates whether or not the Wireless sta tion is currently associates with this Access Point Buttons Modify List To change the list of Trusted Stations Add Edit or Delete a Wireless Station or Stations click this button You will then see the Trusted Wireless Stations screen described below Read from File To upload a list of Trusted Stations from a file on your PC click this button Write to File To download the current list of Trusted Stations from the WAP 4060PE to a file on your PC click this button 3 4 1 Trusted Wireless Stations To change the list of trusted wireless stations use the Modify List button on the Ac cess Control screen You will see a screen like the sample below 10 Trusted Wireless Stations Trusted Wireless Stations Other Wireless Stations Edit Select All Select None Name Address Physical MAC address Add Clear Back Help Data Trusted Wireless Stations Trusted Wireless Here lists ass Wireless Stations which you have designated Stations as Trusted Other Wireless Here lists all Wireless Stations detected by the WAP 4060PE Stations which you have not designated as Trusted Name The name assigned to the Trusted Wireless Station Use this when adding or editing a Trusted Station Address The
75. tails 3 5 1 VLAN Configuration Screen This screen is accessed via the Configure VLAN button on the Security Profiles screen e The settings on this screen will be ignored unless the Use VLAN option on the Security Profiles screen is selected e H using the VLAN option these setting determine which VLAN traffic is assigned to 14 VLAN Client Traffic Profile VLAN ID Profile VLAN ID wireless Profile0 Profleo2 ponepel Profile03 ponepl pronen TI ponepgl IDs must be inthe range 1 4095 VLAN AP Traffic VLAN Tag for Traffic generated by this AP No VLAN Tag Replicate packets on all VLANs above Specified VLAN H Save Cancel Help Close Data VLAN Configuation Screen VLAN Client Traffic Profile Each profile is listed whether currently enabled or not You can assign traffic from each profile SSID to a different VLAN if de sired To assign multiple profiles to the same VLAN just enter the same VLAN ID for each profile VLAN ID Enter the desired VLAN ID as used on your network IDs must be in the range 1 4095 These IDs must match the IDs used by other network devices VLAN AP Traffic No VLAN Tag Traffic generated by this AP will not have a VLAN tag no VLAN ID Replicate If selected each packet generated by this AP will be sent over each active VLAN as defined in the client VLAN table above This requires that each packet be replicated up to
76. the following components are activated selected e Certificate Services After enabling this you will see a warning that the com puter cannot be renamed and joined after installing certificate services Select Yes to select certificate services and continue e World Wide Web Server Select World Wide Web Server on the Internet In formation Services IIS component e From the Networking Services category select Dynamic Host Configuration Protocol DHCP and Internet Authentication Service DNS should already be selected and installed Windows Components Wizard xj Windows Components You can add or remove components of Windows 2000 To add or remove a component click the checkbox A shaded box means that only part of the component will be installed To see what s included in a component click Details Components M Accessories and Utilities M W Certificate Services 1 4MB CT lt Cluster Service 2 5 MB wi BP Indexing Service 0 0 MB wi RB Intenet Information Services IIS 1 AMR H Description Message Queuing provides loosely coupled and reliable network communication services Total disk space required 12 7 MB Details Space available on disk 6699 9 MB m lt Back Cancel 4 Click Next 5 Select the Enterprise root CA and click Next 38 Windows Components Wizard Certification Authority Type There are four types of certification authorities Certification Authority types
77. the limits for a Class B digital de vice pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment gener ates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio technician for help FCC Caution To assure continued compliance example use only shielded interface cables when connect ing to computer or peripheral devices Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equip ment This device complies with Part 15 of the FCC Rules Operation is subject to the Following two conditions 1 This device may not cause harmful interferen
78. ty IEEE 802 11b 802 11g DSSS Direct Sequence Spread Spectrum OFDM with BPSK QPSK 16QAM 64QAM DBPSK DQPSK CCK 10 100Mbps RJ 45 port 1 802 3af compliant Reverse SMA male 1 18dBm 11 Mbps CCk 85dBm 5 5 Mbps QPSK 89dBm 802 11b 1 2 Mbps BPSK 90dBm typically PER lt 8 packet size 1024 and 25 C 5 C 54 Mbps 72dBm 48 Mbps 72dBm 36 Mbps 76dBm 24 Mbps 79dBm 18 Mbps 82dBm 12 Mbps 86dBm 9 Mbps 89dBm 6 Mbps 90dBm typically PER lt 8 packet size 1024 and 25 C 5 C 802 11g AP AP Client Wireless Bridge Multiple Bridge Repeater Open shared WPA and WPA PSK authentication 802 1x support EAP TLS EAP TTLS PEAP Block inter wireless station communication Block SSID broadcast Web based configuration RADIUS Accounting RADIUS On feature RADIUS Accounting update CLI Message Log Access Control list file support Configuration file Backup Restore Statistics support Device discovery program Windows Utility Super G mode Up to 108Mbps Data Rate 802 11g Up to 54Mbps 6 9 12 18 24 36 48 54 Management 802 11b Up to 11Mbps 1 2 5 5 11 eee Lx WX ven 102 x 30mm Weight 210g Operating temperature 0 40 degree C Environmental Specification Storage temperature 20 70 degree C Relative humanity 0 90 non condensing Power Requirement 24V DC 0 5A Electromagnetic Compatibility FCC CE 1 6 Wireless Performance The followin
79. ty Policies on Active Directory E Administrative Templates Refresh E User Configuration Export List D Software Settings er E E Windows Settings Help E A Administrative Templates i 8 Create a new Automatic Certificate Request object and add it to the Security Configuration Editor PAstart 4 amp Aecipbosrdas 1 active drectory EPcroup Policy mE ERE a an 2 56 PM 8 When the Certificate Request Wizard appears click Next 9 Select Computer then click Next 43 Automatic Certificate Request Setup Wizard Certificate Template Ges The next time a computer logs on a certificate based on the template you select is oN provided certificate template is a set of predefined properties for certificates issued ta computers Select a template from the following list Certificate templates Name Intended Purposes C Client Authentication Server Authenticatior Domain Controller Client Authentication Server Authenticatior Enrollment Agent Computer Certificate Request Agent IPSEC 1 3 6 1 5 5 8 2 2 DI lt Back Cancel 10 Ensure that your certificate authority is checked then click Next 11 Review the policy change information and click Finish 12 Click Start Run type cmd and press enter Enter secedit refreshpolicy machine_policy This command may take a few minutes to take effect 4 5 5 Internet Authentication Service Radius Setup 1 Select Start Programs Administrat
80. uter address for the current subnet The router address may be left blank if there is no router Click Next 10 For the Parent domain enter the domain you specified for the domain controller setup and enter the server s address for the IP address Click Next New Scope Wizard Domain Name and DNS Servers The Domain Name System DNS maps and translates domain names used by clients on your network You can specify the parent domain you want the client computers on your network to use for DNS name resolution Parent domain Wiireless yourdomain tld To configure scope clients to use DNS servers on your network enter the IP addresses for those servers Server name IP address GE 192 168 0 250 Remove Up Down tL lt Back Cancel 11 If you don t want a WINS server just click Next 12 Select Yes I want to activate this scope now Click Next then Finish 13 Right click on the server and select Authorize It may take a few minutes to com plete 4 5 4 Certificate Authority Setup 1 Select Start Programs Administrative Tools Certification Authority 2 Right click Policy Settings and select New Certificate to Issue f Certification Authority Action View les lam Are Tree Certification Authority Local Gers Recovery Agent File Recovery E WirelessCA GABasic EFS Encrypting File System Revoked Certificates E Domain Controll
81. v 3 You will be prompted for a user name and password Enter the User name and Password assigned to you by your network administrator and click OK 46 Connect to 192 168 0 2 Connecting to 192 168 0 2 User name Le Password C Remember my password 4 On the first screen below select Request a certificate click Next Microsoft Certificate Services Microsoft Internet Explorer DAR Fie Edit View Favorites Tools Help Q Asen Se Favorites S Media Address Si http 192 168 0 2 certsrv Microsoft Certificate Services Welcome You use this web site to request a certificate for your web browser e mail client or other secure program Once you acquire a certificate you will be able to securely identify yourself to other people over the web sign your e mail messages encrypt your e mail messages and more depending upon the type of certificate you request Select a task ORetrieve the CA certificate or certificate revocation list Request a certificate C Check on a pending certificate v Done gt Internet 5 Select User certificate request and select User Certificate the click Next 47 Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help Osch x a Le JO search Se Favorites S Media e Address L http 192 168 0 2jcertsrv certrqus asp Microsoft Certificate Services Choose Request Type
82. y are fully backward compatible with the 802 11b standard e 802 11g only 802 11g clients are allowed If you only have 802 11g selecting this option may provide a performance improvement over using the default setting e Dynamic Super 802 11g 108Mbps This uses Packet Bursting FastFrame Compression and Channel Bonding using 2 channels to increase throughput Only clients sup porting the Atheros Super G mode can connect at 108Mbps and they will only use this speed when necessary However this option is backward compatible with 802 11b and standard 802 11g e Static Super 802 11g 108Mbps This uses Packet Burst ing FastFrame Compression and Channel Bonding using 2 channels to increase throughput Because Channel Bonding is always used this method is NOT compatible with 802 11b and standard 802 11g Only clients supporting the Atheros Super G mode can connect at 108Mbps they will always connect at this speed Select this option only if all wireless stations support this Atheros Super G mode 31 AP Mode Both Bridge mode and AP mode can be used simultaneously unless AP mode is Client Repeater Select the desired AP mode e None disable Disable AP mode Use this if you want this WAP 4060PE to act as Bridge only e Access Point operate as a normal Access Point e Client Repeater act as a client or repeater for another Access Point If selected you must provide the address MAC ad
83. y AP not listed in the Legal AP List is considered to be a Rogue AP If checked you must maintain the Legal AP List Define Legal AP List Click this button to open a sub screen where you can modify the Legal AP List This list must contain all known APs so must be kept up to date 6 7 SNMP SNMP Simple Network Management Protocol is only useful if you have a SNMP program on your PC To reach this screen select SNMP in the Management section of the menu 65 M Enable SNMP Community public Access Rights Read Write Di Managers Any Station e only this Station 255 255 255 255 Disable Broadcast Send to i Ip Ip Jo Trap Version Version 1 D Cancel Help Data SNMP Screen General Enable SNMP Community Access Rights Managers Any Station Only this station Traps Disable Broadcast Send to Trap version Use this to enable or disable SNMP as required Enter the community string usually either Public or Private Select the desired option e Read only Data can be read but not changed e Read Write Data can be read and setting changed The IP address of the manager station is not checked The IP address is checked and must match the address you enter in the IP address field provided If selected you must enter the IP address of the required station Traps are not used Select this to have Traps broadcast on your network This makes th
Download Pdf Manuals
Related Search