TQ1402 Series
4680
PWR
AT-TQ1402
2.4GHz 5GHz
LAN
Wireless Access Point
TQ1402
TQm1402
Management Software User’s Guide
613-002802 Rev.A
Copyright 2019 Allied Telesis, Inc.
All rights reserved.
This product includes software licensed under the BSD License. As such, the following language applies for those
portions of the software licensed under the BSD License:
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following
disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of Allied Telesis, Inc. nor the names of the respective companies above may be used to endorse or
promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright (c) [dates as appropriate to package] by The Regents of the University of California - All rights reserved.
Copyright (c) 2000-2003 by Intel Corporation - All rights reserved. Copyright (c) 1997-2003, 2004 by Thomas E. Dickey
<dickey@invisible-island.net> - All rights reserved. Copyright (c) 2001-2009 by Brandon Long (ClearSilver is now
licensed under the New BSD License.) Copyright (c) 1984-2000 by Carnegie Mellon University - All rights reserved.
Copyright (c) 2002,2003 by Matt Johnston - All rights reserved. Copyright (c) 1995 by Tatu Ylonen <ylo@cs.hut.fi> - All
rights reserved. Copyright 1997-2003 by Simon Tatham. Portions copyright by Robert de Bath, Joris van Rantwijk,
Delian Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, Justin Bradford, and CORE SDI S.A.
Copyright (c) 1989, 1991 by Free Software Foundation, Inc. (GNU General Public License, Version 2, June 1991).
Copyright (c) 2002-2005 by Jouni Malinen <jkmaline@cc.hut.fi> and contributors. Copyright (c) 1991, 1999 by Free
Software Foundation, Inc. (GNU Lesser General Public License, Version 2.1, February 1999). Copyright (c) 1998-2002
by Daniel Veillard - All rights reserved. Copyright (c) 1998-2004 by The OpenSSL Project - All rights reserved.
Copyright (c) 1995-1998 by Eric Young (eay@cryptsoft.com) - All rights reserved.
This product also includes software licensed under the GNU General Public License available from:
http://www.gnu.org/licenses/gpl2.html
Allied Telesis is committed to meeting the requirements of the open source licenses including the GNU General Public
License (GPL) and will make all required source code available.
If you would like a copy of the GPL source code contained in this product, please send us a request by registered mail
including a check for US$15 to cover production and shipping costs, and a CD with the GPL code will be mailed to you.
GPL Code Request
Allied Telesis Labs (Ltd)
PO Box 8011
Christchurch, New Zealand
No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc.
Allied Telesis™ and the Allied Telesis logo are trademarks of Allied Telesis, Incorporated.
Ethernet™ is a trademark of the Xerox Corporation.
Wi-Fi®, Wi-Fi Alliance®, WMM®, Wi-Fi Protected Access® (WPA), the Wi-Fi CERTIFIED logo, the Wi-Fi logo, the
Wi-Fi ZONE logo, and the Wi-Fi Protected Setup logo are registered trademarks of the Wi-Fi Alliance. Wi-Fi
CERTIFIED™, Wi-Fi Multimedia™, WPA2™ and the Wi-Fi Alliance logo are trademarks of the Wi-Fi Alliance.
Microsoft is a registered trademark of Microsoft Corporation.
All other product names, company names, logos or other designations mentioned herein are trademarks or registered
trademarks of their respective owners.
Allied Telesis, Inc. reserves the right to make changes in specifications and other information contained in this document
without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied
Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited
to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has
been advised of, known, or should have known, the possibility of such damages.
Contents
Preface 11
Safety Symbols Used in this Document ........................................................................................................................12
Contacting Allied Telesis ...............................................................................................................................................13
Chapter 1: Getting Started ................................................................................................................................................ 15
Features ........................................................................................................................................................................16
Management Tools........................................................................................................................................................17
Web Browser..........................................................................................................................................................17
Vista Manager EX and AWC Plug-in......................................................................................................................17
SNMPv1 and v2c ................................................................................................................................................... 17
Starting the First Management Session ........................................................................................................................19
Starting the First Management Session with a Direct Connection .........................................................................20
Starting the First Management Session without a DHCP Server...........................................................................20
Starting a Management Session ...................................................................................................................................22
Management Windows.................................................................................................................................................. 24
Main Menu ............................................................................................................................................................. 24
Navigation ..............................................................................................................................................................25
Sub-menu...............................................................................................................................................................25
Content...................................................................................................................................................................25
Saving and Applying Your Changes..............................................................................................................................26
Ending Management Sessions......................................................................................................................................27
What to Configure First ................................................................................................................................................. 28
Chapter 2: Basic Settings .................................................................................................................................................29
Assigning a Dynamic IP Address from a DHCP Server ................................................................................................30
Assigning a Static IP Address to the Access Point........................................................................................................ 33
Setting the Date and Time with the Network Time Protocol (NTP) ...............................................................................35
Manually Setting the Date and Time .............................................................................................................................38
Configuring SNMPv1 and v2c .......................................................................................................................................40
Configuring SNMP Traps ..............................................................................................................................................44
Enabling or Disabling the LEDs.....................................................................................................................................46
Enabling or Disabling the Reset Button.........................................................................................................................47
Chapter 3: Web Browser Interface ...................................................................................................................................49
Configuring the Web Browser Interface......................................................................................................................... 50
Changing the Manager’s Login Name and Password ...................................................................................................52
Setting the Language of the Web Browser Interface.....................................................................................................54
Chapter 4: 2.4GHz and 5GHz Radios ...............................................................................................................................55
Configuring the Radios.................................................................................................................................................. 56
Configuring Basic Radio Settings...........................................................................................................................56
Configuring Advanced Radio Settings ...................................................................................................................60
Displaying Radio Status ................................................................................................................................................64
Dynamic Frequency Selection.......................................................................................................................................66
Setting the Country Code Setting..................................................................................................................................67
Chapter 5: Virtual Access Points .....................................................................................................................................69
VAP Introduction ........................................................................................................................................................... 70
VAP Guidelines ......................................................................................................................................................70
Configuring Basic VAP Parameters............................................................................................................................... 71
Configuring Captive Portal ............................................................................................................................................ 75
Captive Portal Configurations ................................................................................................................................ 75
5
AT-UWC WLAN Controller Web GUI User’s Guide
Port Numbers .........................................................................................................................................................76
Requiring Wireless Clients to Click the Agree Button to Access to the Network....................................................76
Delegating a Proxy Server to Interact with Wireless Clients ..................................................................................78
Delegating RADIUS Servers and a Proxy Server...................................................................................................79
Delegating RADIUS Servers to Authenticate Wireless Clients...............................................................................81
Creating Pages in HTML for a Proxy Server ..........................................................................................................83
Requirements for the click_through_login.html and click_through_login_fail.html .................................................83
HTML Code and Display Examples of Login Page ................................................................................................83
Creating Login Pages in HTML When External RADIUS is Selected.....................................................................84
Requirements for the radius_login.html and radius_login_fail.html........................................................................84
HTML Code and Display Examples of Login Page ................................................................................................84
Configuring VAP Security ..............................................................................................................................................86
No Security.............................................................................................................................................................86
WPA Personal (Pre-Shared Key) ...........................................................................................................................87
WPA Enterprise......................................................................................................................................................89
Configuring VAP Fast Roaming.....................................................................................................................................94
Configuring Advanced VAP Settings .............................................................................................................................96
Configuring the MAC Address List.................................................................................................................................98
Displaying VAP and LAN Ports Statistics ....................................................................................................................100
Chapter 6: Quality of Service ..........................................................................................................................................103
Introduction to Quality of Service.................................................................................................................................104
Configuring QoS Basic Settings ..................................................................................................................................106
Configuring AP EDCA Parameters..............................................................................................................................107
Configuring Station EDCA Parameters........................................................................................................................110
Chapter 7: LAN Port .........................................................................................................................................................113
Configuring the Management VLAN............................................................................................................................114
Displaying the Status of LAN Port ...............................................................................................................................116
Chapter 8: Wireless Distribution System Bridges ........................................................................................................117
Introduction to Wireless Distribution System Bridges..................................................................................................118
WDS Bridge Elements.................................................................................................................................................120
Radio ....................................................................................................................................................................120
VAP0 ....................................................................................................................................................................120
Radio Channel......................................................................................................................................................120
Parent and Child...................................................................................................................................................120
Security ................................................................................................................................................................121
Dynamic Frequency Selection..............................................................................................................................121
Guidelines....................................................................................................................................................................122
Preparing Access Points for a WDS Bridge.................................................................................................................123
Chapter 9: Monitoring ......................................................................................................................................................125
Displaying Basic System Information ..........................................................................................................................126
Displaying Neighboring Access Points ........................................................................................................................129
Displaying Associated Clients......................................................................................................................................130
Chapter 10: System Log ..................................................................................................................................................131
Displaying the System Log ..........................................................................................................................................132
Sending Log Messages to a Syslog Server.................................................................................................................134
Chapter 11: Maintenance ................................................................................................................................................137
Downloading the Configuration of the Access Point to Your Computer ......................................................................138
Restoring a Configuration to the Access Point ............................................................................................................140
Restoring the Default Settings to the Access Point .....................................................................................................141
Uploading New Management Software to the Access Point .......................................................................................142
Rebooting the Access Point ........................................................................................................................................144
Collecting Technical Support Information to a File ......................................................................................................145
6
List of Figures
Figure 1: Log On Window................................................................................................................................ 22
Figure 2: Sample Management Window ......................................................................................................... 24
Figure 3: Main Menu Button ............................................................................................................................ 25
Figure 4: Network DHCP Window ................................................................................................................... 30
Figure 5: Network Static IP Address Window.................................................................................................. 33
Figure 6: Time Window - NTP Option.............................................................................................................. 35
Figure 7: Daylight Savings Time Settings........................................................................................................ 37
Figure 8: Time Window - Manually Option ...................................................................................................... 38
Figure 9: SNMP Agent Settings Window......................................................................................................... 40
Figure 10: Trap Settings Window .................................................................................................................... 44
Figure 11: LED Window................................................................................................................................... 46
Figure 12: Hardware Window .......................................................................................................................... 47
Figure 13: Web Window .................................................................................................................................. 50
Figure 14: User Window .................................................................................................................................. 52
Figure 15: Language Window.......................................................................................................................... 54
Figure 16: Basic Radio Settings Window ........................................................................................................ 56
Figure 17: Advanced Radio Settings Window ................................................................................................. 60
Figure 18: Radio Status Window ..................................................................................................................... 64
Figure 19: Virtual Access Point Tab ................................................................................................................ 71
Figure 20: Captive Portal - Click-Through ....................................................................................................... 77
Figure 21: Captive Portal - Using a Proxy Server............................................................................................ 79
Figure 22: Captive Portal - External RADIUS.................................................................................................. 80
Figure 23: Captive Portal - External RADIUS.................................................................................................. 82
Figure 24: Captive Portal - Terms of Service Page Sample............................................................................ 83
Figure 25: Captive Portal - Login Page Sample .............................................................................................. 85
Figure 26: None Selection in the VAP Security Tab........................................................................................ 86
Figure 27: WPA Personal Security Tab........................................................................................................... 87
Figure 28: WPA Enterprise Tab....................................................................................................................... 90
Figure 29: Fast Roaming Window ................................................................................................................... 94
Figure 30: Advanced VAP Settings Window ................................................................................................... 96
Figure 31: MAC Address List Window............................................................................................................. 98
Figure 32: Statistics Window ......................................................................................................................... 100
Figure 33: QoS Window ................................................................................................................................ 105
Figure 34: LAN Settings Window................................................................................................................... 114
Figure 35: LAN1 Window............................................................................................................................... 116
Figure 36: WDS Bridge.................................................................................................................................. 118
Figure 37: Example of Radio and Channel Assignments in a WDS Bridge .................................................. 119
Figure 38: System Window............................................................................................................................ 126
Figure 39: Neighbor AP Window ................................................................................................................... 129
Figure 40: Associated Client Window............................................................................................................ 130
Figure 41: Log Window for Event Messages................................................................................................. 133
Figure 42: Log Window for Syslog Client ...................................................................................................... 134
Figure 43: Configuration Window .................................................................................................................. 138
Figure 44: Upgrade Window.......................................................................................................................... 143
Figure 45: Reboot Window ............................................................................................................................ 144
7
List of Figures
Figure 46: Support Window ........................................................................................................................... 145
8
List of Tables
Table 1. Network DHCP Window ................................................................................................................... 31
Table 2. Network Static IP Selection Window ................................................................................................ 34
Table 3. Time Window - NTP Option .............................................................................................................. 36
Table 4. Time Window - Manually Option ....................................................................................................... 39
Table 5. SNMP Agent Settings Window ......................................................................................................... 41
Table 6. SNMP Trap Settings Window ........................................................................................................... 45
Table 7. Web Window .................................................................................................................................... 51
Table 8. Basic Radio Settings Window ........................................................................................................... 57
Table 9. Advanced Radio Settings Window ................................................................................................... 60
Table 10. Radio Status Window ..................................................................................................................... 64
Table 11. Virtual Access Point Tab ................................................................................................................ 72
Table 12. Captive Portal ................................................................................................................................. 77
Table 13. Captive Portal - External RADIUS .................................................................................................. 81
Table 14. WPA Personal Security Tab ........................................................................................................... 88
Table 15. WPA Enterprise Tab ....................................................................................................................... 91
Table 16. Fast Roaming Window ................................................................................................................... 95
Table 17. Advanced VAP Settings ................................................................................................................. 96
Table 18. Statistics Window ......................................................................................................................... 100
Table 19. QoS Window - Basic Settings ....................................................................................................... 106
Table 20. QoS Window - AP EDCA Parameters .......................................................................................... 107
Table 21. QoS Window - Station EDCA Parameters .................................................................................... 110
Table 22. LAN Settings Window - VLAN Configuration Section ................................................................... 115
Table 23. LAN1 or LAN2 Window ................................................................................................................. 116
Table 24. System Window ............................................................................................................................ 126
Table 25. Neighbor AP Window ................................................................................................................... 129
Table 26. Associated Client Window ............................................................................................................ 130
Table 27. Message Severity Levels .............................................................................................................. 132
Table 28. Log Window for Syslog Client ....................................................................................................... 134
9
List of Tables
10
Preface
This guide contains instructions on how to manage the features of the
TQ1402 series access points with the web browser management interface.
The access point models included in this guide are:
TQ1402
TQm1402
This preface contains the following sections:
“Safety Symbols Used in this Document” on page 12
“Contacting Allied Telesis” on page 13
11
Preface
Safety Symbols Used in this Document
This document uses the following conventions.
Note
Notes provide additional information.
Caution
Cautions inform you that performing or omitting a specific action
may result in equipment damage or loss of data.
Warning
Warnings inform you that performing or omitting a specific action
may result in bodily injury.
Warning
Laser warnings inform you that an eye or skin hazard exists due to
the presence of a Class 1 laser device.
12
Contacting Allied Telesis
If you need assistance with this product, you can contact Allied Telesis
technical support by going to the Support & Services section of the Allied
Telesis web site at www.alliedtelesis.com/support. You can find links for
the following services on the page:
24/7 Online Support - Enter our interactive support center to
search for answers to your questions in our knowledge database,
check support tickets, learn about Return Merchandise
Authorizations (RMAs), and contact Allied Telesis technical
experts.
USA and EMEA phone support - Select the phone number that
best fits your location and customer type.
Hardware warranty information - Learn about Allied Telesis
warranties and register your product online.
Replacement Services - Submit an RMA request via our interactive
support center.
TQ1402 Series Access Points User’s Guide
Documentation - View the most recent installation guides, user
guides, software release notes, white papers and data sheets for
your product.
Software Updates - Download the latest software releases for your
product.
For sales or corporate contact information, select your region and country
and then go to www.alliedtelesis.com/contact.
13
Preface
14
Chapter 1
Getting Started
Here are the sections in this chapter:
“Features” on page 16
“Management Tools” on page 17
“Starting the First Management Session” on page 19
“Starting a Management Session” on page 22
“Management Windows” on page 24
“Saving and Applying Your Changes” on page 26
“Ending Management Sessions” on page 27
“What to Configure First” on page 28
15
Chapter 1: Getting Started
Features
The TQ1402 series wireless access points have the following features:
One 2.4GHz radio
One 5GHz radio
Eight virtual access points per radio
WPA Personal and WPA Enterprise with WPA, WPA2, TKIP, and
CCMP authentication and encryption
MAC address filter for wireless clients
Multicast rate limiting
Band steering
Automatic channel selection
Adjustable transmission power
Fast roaming
Airtime fairness
Quality of Service
Wireless Distribution System (WDS) bridges
DHCP client
RADIUS accounting with external RADIUS server
Network Time Protocol client
HTTP and HTTPS web browser management
SNMPv1 and v2c management
Event log
Syslog client
LAN port: 10/100/1000Base-T Ethernet port with Power over
Ethernet (PoE), Auto-Negotiation, and auto MDI/MDIX
IEEE 802.3 (10Base-T), IEEE 802.3u (100Base-TX), and
IEEE 802.3ab (1000Base-T) compliance on LAN port
OpenFlow is not supported.
LLDP is not supported.
16
TQ1402 Series Access Points User’s Guide
Management Tools
The access points support the following management tools.
Web Browser The access point has a web browser management interface for
configuring the device from your management workstations. The web
browser interface allows you to manage one unit at a time and supports
both non-secure HTTP and secure HTTPS management sessions. The
default is HTTP.
Note
The product has been tested with Google Chrome.
Vista Manager
EX and AWC
Plug-in
The access point is supported with Vista Manager and the Autonomous
Wave Control (AWC) plug-in. Configuring and monitoring large numbers of
devices is simplified with AWC because you can add multiple devices to
management groups and manage them as one unit. The application can
also monitor the operations of the access points and automatically adjust
operating properties to optimize the performance of your wireless network.
You cannot configure the following access point settings with Vista
Manager EX and the AWC plug-in. These settings require the web
browser interface:
Hostname
DHCP client or static IP address
Domain Name Server name
Timezone
Daylight savings time
System date or time
HTTP and HTTPS modes
System name, location, and contact
LLDP PoE negotiation
Enable or disable the Reset button
Management VLAN
SNMPv1 and v2c You can use SNMPv1 or SNMPv2 to view the parameter settings of the
devices. The MIB is available from the Allied Telesis web site. For
instructions on how to configure the unit for SNMP, refer to “Configuring
SNMPv1 and v2c” on page 40 and “Configuring SNMP Traps” on page 44.
17
Chapter 1: Getting Started
Note
You cannot use SNMP to change the parameter settings on the
access points.
Note
The access points do not support SNMPv3 or the AT-UWC Wireless
LAN Controller.
18
Starting the First Management Session
After you install and power on the access point, it queries the subnet on
the LAN port for a DHCP server. If a DHCP server responds to its query,
the unit uses the IP address the server assigns to it. If there is no DHCP
server, the access point uses the default IP address.
The default IP address of the access point: 192.168.1.230
If your network has a DHCP server, use the IP address the server assigns
it to it to start the management session. For directions, see “Starting a
Management Session” on page 22.
If your network does not have a DHCP server, you can start the first
management session by establishing a direct connection between your
computer and the unit by connecting an Ethernet cable to the Ethernet port
on the computer and the LAN port on the access point. This procedure
requires changing the IP address on your computer to make it a member
of the same subnet as the default IP address on the access point.
TQ1402 Series Access Points User’s Guide
The first management session can also be performed while the device is
connected to your network. However, If your network does not have a
DHCP server, you still have to change the IP address of your computer to
match the subnet of the default address of the access point. Furthermore,
if your network is divided into virtual LANs (VLANs), you have to be sure to
connect the access point and your computer to ports on an Ethernet
switch that are members of the same VLAN.
The instructions for starting the first management session are found in the
following sections:
“Starting the First Management Session with a Direct Connection” on
page 20.
“Starting the First Management Session without a DHCP Server” on
page 20
19
Chapter 1: Getting Started
Starting the First
Management
Session with a
Direct
Connection
To start the management session with a direct Ethernet connection
between your computer and the LAN port on the access point, perform the
following procedure:
1. Connect one end of a network cable to the LAN port on the access
point and the other end to the Ethernet network port on your computer.
2. Change the IP address on your computer to 192.168.1.n, where n is a
number from 1 to 254, but not 230.
See the documentation that accompanies your computer for
instructions on how to set the IP address.
3. Set the subnet mask on your computer to 255.255.255.0.
4. Power on the access point.
5. Start the web browser on your computer.
6. Enter the IP address 192.168.1.230 in the URL field of the browser
and press the Enter key.
You should now see the login window, shown in Figure 1 on page 22.
Starting the First
Management
Session without a
DHCP Server
7. Enter the user name and password.
User name: manager
Password: friend
Note
The user name and password are case-sensitive.
8. Click the Login button.
This procedure explains how to start the first management session on the
access point when the LAN port is connected to an Ethernet switch on a
network that does not have a DHCP server. To start the management
session, perform the following procedure:
1. To use the PoE feature on the access point, be sure to connect the
LAN port to a PoE source device.
2. Connect one end of network cable to the LAN port on the access point
and the other end to a port on an Ethernet switch.
If your network has VLANs, check to be sure that your computer and
the access point are connected to ports on the Ethernet switch that are
members of the same VLAN. This might require accessing the
management software on the switch and listing the VLANS and their
port assignments.
20
TQ1402 Series Access Points User’s Guide
For example, if the access point is connected to a port that is a
member of the Sales VLAN, your computer must be connected to a
port that is also a member of that VLAN. If your network is small and
does not have VLANs or routers, you can connect your computer to
any port on the Ethernet switch.
3. Change the IP address on your computer to 192.168.1.n, where n is a
number from 1 to 254, but not 230.
See the documentation that accompanies your computer for
instructions on how to set the IP address.
4. Set the subnet mask on your computer to 255.255.255.0.
5. Power on the access point by pressing on the Power button.
6. Start the web browser on your computer.
7. Enter the IP address 192.168.1.230 in the URL field of the browser and
press the Return key.
You should now see the logon window, shown in Figure 1 on page 22.
8. Enter the user name and password.
User name: manager
Password: friend
Note
The user name and password are case-sensitive.
9. Click the Login button.
21
Chapter 1: Getting Started
Starting a Management Session
This section explains how to start a management session on the access
point from your management workstation, using a web browser. The
procedure assumes that the access point has already been assigned an
IP address, either manually or from a DHCP server.
Note
If the access point is using its default address 192.168.1.230, see
“Starting the First Management Session” on page 19 for instructions.
To start a management session on the access point, perform the following
procedure:
1. Open the web browser on your management workstation.
2. Enter the IP address of the access point in the URL field of the web
browser.
Note
Precede the IP address with HTTPS:// if the access point is already
configured for HTTPS management. The default is HTTP
management.
See the log on window shown in Figure 1 as an example.
Figure 1. Log On Window
Note
If you use HTTPS management, your web browser might display a
warning message stating that the site certificate is invalid. If this
occurs, select an appropriate option to continue to the web site. To
avoid the message in future management sessions, make the web
site a trusted site in your web browser.
22
TQ1402 Series Access Points User’s Guide
3. Enter the user name and password for the unit.
The default values are:
User name: manager
Password: friend
Note
The user name and password are case-sensitive.
4. Click the Login button.
23
Chapter 1: Getting Started
Management Windows
This section has a brief overview of the management windows and
menus. The main parts of the management windows are identified in
Figure 2.
Main
Menu
Navigator
Content
Sub-menu
24
Figure 2. Sample Management Window
Main Menu The main menu is displayed on the left side of the windows and consists of
the following selections:
Monitoring
Settings
Maintenance
Account
Clicking a main menu option expands it to display the sub-items. The
Monitoring option is expanded by default at the start of management
sessions.
TQ1402 Series Access Points User’s Guide
If the main menu is not displayed, the window might be too small to display
the menu and content together. To display the main menu, you can either
enlarge the window or click the main menu button, shown in Figure 3.
Clicking the main menu button displays the menu over the content
window. The menu is hidden again after you make a menu selection.
Main Menu Button
Figure 3. Main Menu Button
Navigation The Navigator shows the menu path of the current window.
Sub-menu Sub-menus are located across the tops of many management windows.
Content This is the main body of the windows. It displays parameters for you to
configure or status or statistics information.
25
Chapter 1: Getting Started
Saving and Applying Your Changes
You need to click the SAVE & APPLY button to save and activate your
changes when you are finished configuring the parameters in a
management window. The button is located in the bottom of the windows.
When you click the button, the access point immediately activates your
changes and saves them in its configuration file. If you change the
parameter settings in a window and navigate to a different window without
clicking the button, the access point discards your changes.
26
Ending Management Sessions
You should always log off when you are finished managing the unit. To log
off, select Account > Logout. Click OK at the confirmation prompt. For
added security, close your web browser.
TQ1402 Series Access Points User’s Guide
27
Chapter 1: Getting Started
What to Configure First
Here are suggestions on what to configure during the first management
session:
1. Set the country code. Refer to “Setting the Country Code Setting” on
page 67.
Note
The country code for units sold in North America, Japan, and
Taiwan is preset and cannot be changed.
Note
Changing the country setting disables the radios. The procedure is
disruptive to network operations if the unit is actively forwarding
client traffic.
2. Change the manager’s login name and password. Refer to “Changing
the Manager’s Login Name and Password” on page 52.
3. If you prefer to use HTTPS management sessions, perform
“Configuring the Web Browser Interface” on page 50.
4. Set the language of the management interface to English or Japanese.
The default is English. Refer to “Setting the Language of the Web
Browser Interface” on page 54.
28
Chapter 2
Basic Settings
This chapter contains the following procedures:
“Assigning a Dynamic IP Address from a DHCP Server” on page 30
“Assigning a Static IP Address to the Access Point” on page 33
“Setting the Date and Time with the Network Time Protocol (NTP)” on
page 35
“Manually Setting the Date and Time” on page 38
“Configuring SNMPv1 and v2c” on page 40
“Configuring SNMP Traps” on page 44
“Enabling or Disabling the LEDs” on page 46
“Enabling or Disabling the Reset Button” on page 47
29
Chapter 2: Basic Settings
Assigning a Dynamic IP Address from a DHCP Server
This section explains how to activate the DHCP client so that the access
point receives its IP address from a DHCP server on your network. The
unit uses the address to communicate with devices on your network, such
as management workstations, syslog servers, and RADIUS servers. The
access point can have only one IP address.
If your network does not have a DHCP server or you prefer to manually
assign it an IP address, refer to “Assigning a Static IP Address to the
Access Point” on page 33.
Note
Changing the IP address of the access point might interrupt your
management session. To resume managing the device, start
another session using the access point’s new IP address.
Note
The default setting for the DHCP client is enabled. You only need to
perform this procedure if you disabled the client and assigned the
device a static IP address, but now want to reactivate the client.
To configure the access point to receive its IP address from a DHCP
server, perform the following procedure:
1. Select Settings > System from the main menu.
2. Select Network from the sub-menu.
3. Select DHCP from the Connection Type pull-down menu. The options
in the window change. Refer to Figure 4 on page 30.
30
Figure 4. Network DHCP Window
TQ1402 Series Access Points User’s Guide
4. Configure the fields by referring to Table 1.
Table 1. Network DHCP Window
Parameter Description
Hostname Enter a hostname for the access point. Here
are the guidelines:
- The hostname can be from 1 to 63
alphanumeric characters.
- The hostname cannot contain spaces or
any special characters, except hyphens.
- The first or last character cannot be a
hyphen.
- The access point can have only one
hostname.
- The default is AT-TQ1402 or
AT-TQm1402.
- If you want the DHCP server to supply the
hostname, enable the Get Hostname from
DHCP Server option in this window.
Connection Type Select DHCP. This is the default. The Static
IP selection is explained in “Assigning a
Static IP Address to the Access Point” on
page 33.
Get hostname from
DHCP
Select one of the following options:
- Enabled: When the DHCP server assigns
an IP address to the access point, the
server assigns a host name as well.
- Disabled: The DHCP server does not
change the hostname of the access point.
This is the default setting.
DNS Nameserver Enter the IP address of the DNS server. If
this field is left blank, the access point tries to
obtain the address from the DHCP server.
The default is no name.
5. Click the SAVE & APPLY button to save and update the configuration.
31
Chapter 2: Basic Settings
Note
If the access point stops responding to the web browser
management windows, start a new management session using the
new IP address that the access point received from the DHCP
server.
32
Assigning a Static IP Address to the Access Point
This section explains how to manually assign an IP address to the access
point. The unit uses the address to communicate with devices on your
network, such as management workstations, syslog servers, and RADIUS
servers. The access point can have only one IP address.
If you prefer the access point obtain its IP configuration from a DHCP
server on your network, refer to “Assigning a Dynamic IP Address from a
DHCP Server” on page 30.
Note
Changing the IP address of the access point might interrupt your
management session. To resume managing the device, start a new
session using the access point’s new IP address.
To assign a static IP address to the device, perform the following
procedure:
TQ1402 Series Access Points User’s Guide
1. Select Settings > System from the main menu.
2. Select Network from the sub-menu.
3. Select Static IP from the Connection Type pull-down menu. The
options in the window change. Refer to Figure 5.
Figure 5. Network Static IP Address Window
33
Chapter 2: Basic Settings
4. Configure the field values by referring to Table 2.
Table 2. Network Static IP Selection Window
Item Name Description
Host Name Enter a host name for the access point. Here are
the guidelines:
- The host name can be from 1 to 63
alphanumeric characters.
- The hostname cannot contain spaces or any
special characters, except hyphens.
- The first or last character cannot be a hyphen.
- The access point can have only one
hostname.
- The default is AT-TQ1402 or AT-TQm1402.
Connection Type Select Static IP.
Static IP Address Enter the new IP address for the access point.
The device can have only one IP address. The
default is 192.168.1.230.
Subnet Mask Enter the subnet mask for the IP address. The
default is 255.255.255.0.
Default Gateway Enter the default gateway address for the unit.
The default value is 192.168.1.254.
DNS Nameserver Specify the Domain Name Service (DNS) server
address. This field is optional. The default is no
name.
5. Click the SAVE & APPLY button to save and update the configuration.
34
TQ1402 Series Access Points User’s Guide
Setting the Date and Time with the Network Time Protocol (NTP)
The access point has a Network Time Protocol (NTP) client for setting its
date and time from an SNTP server on your network or the Internet. The
access point adds the date and time to log messages and SNMP traps.
Here are the guidelines to using the client:
You need to know the domain name or IP address of an SNTP
server on your network or the Internet. You can specify only one
server.
The access point must have an IP address and subnet mask.
The access point must also have a default gateway address if the
NTP server is on a different subnet or network. The default
gateway must specify the first router hop to the subnet or network
of the SNTP server.
The client is compatible with SNTP servers. It is not compatible
with NTP servers.
To configure the NTP client, perform the following procedure:
1. Select Settings > System from the main menu.
2. Select Time from the sub-menu. Refer to Figure 8 on page 38.
3. From the Set System Time pull-down menu, select Using Network
Time Protocol (NTP). The window is updated with new options. Refer
to Figure 6.
Figure 6. Time Window - NTP Option
35
Chapter 2: Basic Settings
4. Configure the fields by referring to Table 3.
Table 3. Time Window - NTP Option
Item Name Description
Set System Time Select Network time protocol (NTP) to
synchronize the date and time of the product with
the NTP server. The factory default is Manually.
Timezone Use this pull-down menu to set the time zone of
the location of the access point.
If the SNTP server is providing Coordinated
Universal Time (UTC), the access point uses the
time zone parameter to determine its UTC offset,
which is the number of hours its location is ahead
or behind UTC. It adjusts the time accordingly.
Enable Daylight
Saving
Start
(Daylight Saving)
End
(Daylight Saving)
Offset
(Daylight Saving)
Current System
Time (24 HR)
Interval to
Synchronize
If the location of the access point observes
daylight savings time, click the check box for this
option. The window displays the fields in Figure 7
on page 37.
If the area does not observe Daylight Savings
time, leave the check box empty.
Use the pull-down menus to set the date and time
for the start of Daylight Savings Time.
Use the pull-down menus to set the date and time
for the end of Daylight Savings Time.
Use the pull-down menu to select the number of
minutes to adjust the time at the start and end
Daylight Saving Time. The default is 60 minutes.
Displays the date and time of the access point.
Enter the interval in minutes at which the access
point synchronizes its time with the SNTP server.
The range is 1 to 9999 minutes. The default is 10
minutes.
36
TQ1402 Series Access Points User’s Guide
Table 3. Time Window - NTP Option (Continued)
Item Name Description
NTP Server Specify the SNTP server using one of the
following methods:
- IP address (example, 12.34.56.78)
- Fully qualified domain name (FQDN) (example,
ntp.mydomain.com)
Here are the guidelines:
- You can specify only one server.
- The first character must be a letter or number.
It cannot be a special character.
- The last character cannot be a hyphen or
period.
- The factory default is no server.
Observe these guidelines when using an FQDN
to identify the server:
- It cannot start or end with a hyphen.
- Domain labels can have a maximum of 63
characters.
- An FQDN can have up to 253 characters.
Figure 7 contains the settings for Daylight Savings Time.
Figure 7. Daylight Savings Time Settings
5. Click the SAVE & APPLY button to save and update the configuration.
37
Chapter 2: Basic Settings
Manually Setting the Date and Time
This section explains how to manually set the date and time on the access
point.
Note
The access point does not have a real-time clock with backed up
batteries. Consequently, the date and time, when set manually, are
returned to their default values (Jan 1 00: 00: 00 2018) when the
device is reset or powered off.
Note
Allied Telesis recommends using a NTP server to set the date and
time. For instructions, refer to “Setting the Date and Time with the
Network Time Protocol (NTP)” on page 35.
To manually set the date and time, perform the following procedure:
1. Select Settings > System from the main menu.
2. Select Time from the sub-menu. Refer to Figure 8.
Figure 8. Time Window - Manually Option
38
TQ1402 Series Access Points User’s Guide
3. Configure the parameters by referring to Table 4.
Table 4. Time Window - Manually Option
Field Description
Set System Time Select Manually. This is the default.
Current System
Displays the current date and time settings.
Time (24 HR)
Click the AUTO button to set the date and
time on the access point according to your
management workstation.
Timezone Select the Time Zone of the access point
from the pull-down menu.
Enable Daylight
Savings
If the location of the access point observes
daylight savings time, click the dialog box for
the Adjust Time for Daylight Savings
parameter. The window displays the fields in
Figure 7 on page 37
If the area does not observe Daylight
Savings time, leave the check box empty.
Start
(Daylight Saving)
End
(Daylight Saving)
Offset
(Daylight Saving)
Use the pull-down menus to set the date and
time for the start of Daylight Savings Time.
Use the pull-down menus to set the date and
time for the end of Daylight Savings Time.
Use the pull-down menu to select the
number of minutes to adjust the time at the
start and end Daylight Saving Time. The
default is 60 minutes.
System Date Use the pull-down menus to set the current
month, day, and year.
System Time Use the pull-down menus to set the current
hours and minutes. The hours are in 24
hours. For example, 14 represent 2:00 p.m.
4. Click the SAVE & APPLY button to save and update the configuration.
39
Chapter 2: Basic Settings
Configuring SNMPv1 and v2c
You can use SNMPv1 and v2c to view the settings and client statistics on
the access point, and receive traps. Here are the guidelines:
You cannot use SNMP to change the settings on the access point.
The access point does not support SNMPv3.
The access point has one read-only community string.
The unit must have an IP address for SNMP management. For
instructions, refer to “Assigning a Static IP Address to the Access
Point” on page 33 or “Assigning a Dynamic IP Address from a
DHCP Server” on page 30.
To enable or disable SNMP, perform the following procedure:
1. Select Settings > System from the main menu.
2. Select SNMP from the sub-menu.
3. Click the Agent Settings tab. This is the default tab. Refer to Figure 9.
40
Figure 9. SNMP Agent Settings Window
4. Configure the fields by referring to Table 5 on page 41.
TQ1402 Series Access Points User’s Guide
Note
To configure the parameters in the window, you must first set the
Status parameter to Enabled. You cannot adjust the settings when
Status is Disabled.
Table 5. SNMP Agent Settings Window
Field Description
Status Use this option to activate or deactivate the
SNMP agent on the access point. The options are
explained here:
- Enabled: Select this option to activate the
SNMP agent and trap settings. This allows you
to use SNMP to view the parameter settings on
the access point. It also allows the access point
to send traps. You have to enable SNMP to
configure the settings in this window and the
Trap Settings window.
Read-only
Community
Name
- Disabled: Select this option to disable SNMP
and the trap settings. This is the default setting.
Use this option to specify the read-only
community string for the access point. The
community string is used to view the MIB settings
of the device. Here are the guidelines:
- The community string can be from 1 to 256
alphanumeric characters.
- The community string cannot contain any
spaces.
- The community string is case sensitive.
- You can specify only one read-only community
string.
- You can not leave the field empty.
- The default read-only community string is
“public”.
- The community string cannot contain any of the
following symbols: "" (Double quote), '' (single
quote), '¥' or '/' (Yen sign or backslash), '&', '<',
'>'.
41
Chapter 2: Basic Settings
Table 5. SNMP Agent Settings Window (Continued)
Field Description
Port Use this parameter to specify the port number for
SNMP. The range is 1 to 65535. The default is
161.
Restrict the
Source of
SNMP
Requests
Only allow
from the
designated
hosts or
subnets
Use this option to increase the security of the
access point by restricting the use of SNMP to
specific subnets or individual workstations. The
options are described here:
- Enabled: Check this option to restrict the use of
SNMP on the access point to only those
management stations specified in the next field
in the window.
- Disabled: Check this option to disable this
feature and permit any workstation to use the
community string to view the unit. This is the
default setting.
Use this field to identify the management
workstations permitted to use SNMP to view the
device. This field only applies if you select the
Enabled option in the previous field. Here are the
guidelines:
- You can specify only one value in the field.
- You can specify a specific workstation by its IP
address (for example,149.23.45.102).
42
System
Name
- You can specify a subnet by including the
subnet mask (for example, 67.101.4.0/24).
- You can specify a workstation by its FQDN.
- The default is blank.
Observe these guidelines when using an FQDN
to identify the workstation:
- It cannot start or end with a hyphen.
- Domain labels can have a maximum of 63
characters.
- An FQDN can have up to 253 characters.
Specify the SNMP system name of the access
point. The default is TQ1402 or TQm1402.
TQ1402 Series Access Points User’s Guide
Table 5. SNMP Agent Settings Window (Continued)
Field Description
System
Contact
Specify the system administrator name. The
system contact can be up to 64 alphanumeric
characters. The default is unknown.
System
Location
Enter the location of the device. It can be up to 64
alphanumeric characters. The default is
unknown.
5. Click the SAVE & APPLY button to save and update the configuration.
43
Chapter 2: Basic Settings
Configuring SNMP Traps
To configure the access point to transmit SNMP traps, perform the
following procedure:
1. Select Settings > System from the main menu.
2. Select SNMP from the sub-menu.
3. Click the Trap Settings tab. Refer to Figure 10.
44
Figure 10. Trap Settings Window
Note
The Status parameter has to be set to Enabled in the Agent Settings
tab before you can configure the parameters in this window. Refer to
“Configuring SNMPv1 and v2c” on page 40.
4. Configure the fields by referring to Table 6 on page 45.
TQ1402 Series Access Points User’s Guide
Table 6. SNMP Trap Settings Window
Parameter Description
Community
Name for
Traps
Use this field to specify the community name the
access point is to use to transmit traps. Here are
the guidelines:
- The community name can be from 1 to 256
alphanumeric characters.
- The default is blank.
- The name cannot contain any of the following
characters: "" (Double quote), '' (single quote),
'¥' or '/' (Yen sign or backslash), '&', '<', '>.'
Trap Types Select radio button for the trap type you want to
generate:
- Cold Start - This trap is sent when the SNMP
agent started.
- Link - This trap is sent when a radio enabled or
disabled.
- Authentication - This trap is sent when an
SNMP authentication fails
Trap Host IP
Address /
Hostname
Specify the SNMP hosts to receive the traps.
Here are the guidelines:
- You can specify up to three hosts.
- The hosts can be identified by IP addresses or
hostnames.
- The default is blank.
Observe these guidelines when using an FQDN
to identify a host:
- It cannot start or end with a hyphen.
- Domain labels can have a maximum of 63
characters.
- An FQDN can have up to 253 characters.
5. Click the SAVE & APPLY button to save and update the configuration.
45
Chapter 2: Basic Settings
Enabling or Disabling the LEDs
The access point has an Eco Mode. When activated, it turns off the LEDs
on the top panel. You might activate the mode when you are not using the
LEDS to monitor or troubleshoot the device. The default setting for the
LEDs is on.
To turn the LEDs on or off, perform the following procedure:
1. Select Settings > System in the main menu.
2. Select LED in the sub-menu. Refer to Figure 11.
F
46
Figure 11. LED Window
3. From the Eco Mode pull-down menu, select one of the following:
Enabled: The Eco Mode is enabled. The LEDs are off.
Disabled: The Eco Mode is disabled. The LEDs are on. This is the
default setting.
4. Click the Save & Apply button to save and update the configuration.
Enabling or Disabling the Reset Button
This section explains how to enable or disable the Reset button on the rear
panel of the access point. You use the Reset button to restore the default
settings to the device.
By default, the reset button is enabled.
If the unit is installed in a non-secure area, you might disable the button to
prevent unauthorized individuals from pressing it and disrupting the
operations of your wireless network.
Note
If you disable the Reset button, be sure not to forget the manager
account password. Otherwise, you will not be able to manage the
unit with the web browser interface.
TQ1402 Series Access Points User’s Guide
To enable or disable the Reset button, perform the following procedure:
1. Select Settings > System from the main menu.
2. Select Hardware from the sub-menu. Refer to Figure 12.
Figure 12. Hardware Window
3. Configure the fields by referring to Table 6 on page 45:
Enabled: The Reset button is enabled.
Disabled: The Reset button is disabled.
4. Click the SAVE & APPLY button to save and update the configuration.
47
Chapter 2: Basic Settings
48
Chapter 3
Web Browser Interface
This chapter contains the following procedures:
“Configuring the Web Browser Interface” on page 50
“Changing the Manager’s Login Name and Password” on page 52
“Setting the Language of the Web Browser Interface” on page 54
49
Chapter 3: Web Browser Interface
Configuring the Web Browser Interface
This section has the following management functions:
Specify the maximum number of administrators that can manage
the access point at one time with the web browser interface.
Specify the time interval after which the access point automatically
ends inactive management sessions.
Enable or disable HTTP or HTTPS web management.
Generate a self-signed HTTPS certificate.
Note
Do not disable both HTTP and HTTPS. Otherwise, you will not be
able to manage the access point with a web browser.
Note
HTTP management is non-secure, meaning the packets exchanged
between the access point and your workstation are sent in clear text,
leaving them vulnerable to snooping. For this reason, Allied Telesis
recommends using HTTPS to manage the access point.
To configure the above functions, perform the following procedure:
1. Select Settings > System from the main menu.
2. Select Web from the sub-menu. Refer to Figure 13.
50
Figure 13. Web Window
TQ1402 Series Access Points User’s Guide
3. Configure the fields by referring to Table 7.
Table 7. Web Window
Field Description
Maximum Sessions Specify the maximum number of active
management sessions the access point will
support at one time. Here are the guidelines:
- The range is 1 to 10 sessions.
- The number of sessions is the sum of
HTTP and HTTPS connections.
- The default is five sessions.
- The access point blocks new management
session after reaching the maximum
number of sessions.
Session Timeout Specify the time interval in minutes after
which the access point automatically ends
inactive sessions. The range is 1 to 1440
minutes (1440 minutes = 1 day). The default
is five minutes.
HTTP Status Enable or disable HTTP management. The
default is enabled.
HTTP Port Specify the port number of the HTTP server.
The range is 0 to 65535. The default is 80.
HTTPS Status Enable or disable HTTPS management. The
default is disabled. The HTTPS server uses
port 443. It cannot be changed.
Self Signed
Certificate
Generate a self-signed certificate for HTTPS
management. The access point comes with
a certificate, but you can generate a new one
with this option. The new certificate
automatically replaces the old certificate.
4. Click the SAVE & APPLY button to save and update the configuration.
Note
If you disabled the HTTP or HTTPS mode you are currently using to
manage the device, the access point ends your management
session. To resume managing the device, start a new session using
the other mode.
51
Chapter 3: Web Browser Interface
Changing the Manager’s Login Name and Password
This procedure explains how to change the login name and password of
the manager account on the access point. The default values are
“manager” and “friend”, respectively. The access point has only one
manager account.
Changing the name and password does not affect your current
management session.
Note
Allied Telesis strongly recommends changing the factory default
password during the first management session to protect the device
from unauthorized access.
To change the login name and password of the manager account, perform
the following procedure:
1. Select Account > User from the main menu, Refer to Figure 14.
Figure 14. User Window
2. To change the manager name, select the Administrator Name field
and enter a new name. Here are the guidelines:
The name can be up to 12 alphanumeric characters.
52
The first character must be a letter. It cannot be a number or
special character.
The name is case-sensitive.
The default name is “manager”.
TQ1402 Series Access Points User’s Guide
3. To change the password, select the Current Password field and enter
the account’s current password. The default is “friend”.
To display the password as alphanumeric characters or asterisks, click
the green, double arrow symbol.
4. Select the New Password field and enter a new password. The new
password. Here are the guidelines:
The password can be up to 32 alphanumeric characters.
It can not contain spaces or any of these special characters: “, $, :,
<, >, ’, &, *.
It is case-sensitive.
5. Select the Confirm New Password field and enter the new password
again.
6. Click the SAVE & APPLY button to save and update the configuration.
You must use the new manager name and password in all future
management sessions.
53
Chapter 3: Web Browser Interface
Setting the Language of the Web Browser Interface
The access point can display the web browser interface in either English
or Japanese. The default is English. To set the language, perform the
following procedure:
1. Select Account > Language from the main menu. Refer to Figure 15.
Figure 15. Language Window
2. From the Language pull-down menu, select one of the following:
English
Japanese
3. Click the SAVE & APPLY button to save and update the configuration.
The management interface changes to the designated language.
54
Chapter 4
2.4GHz and 5GHz Radios
This chapter has the following procedures:
“Configuring the Radios” on page 56
“Displaying Radio Status” on page 64
“Dynamic Frequency Selection” on page 66
“Setting the Country Code Setting” on page 67
55
Chapter 4: 2.4GHz and 5GHz Radios
Configuring the Radios
The radio settings are divided into two groups:
“Configuring Basic Radio Settings” next
“Configuring Advanced Radio Settings” on page 60
Configuring
Basic Radio
Settings
To configure the basic settings for Radio1 or Radio2, perform the following
procedure:
1. Select Settings > Radio.
2. Select Radio1 or Radio2 from the sub-menu. You can configure only
one radio at a time.
3. Click the Basic Settings tab shown in Figure 16. This is the default
tab.
56
Figure 16. Basic Radio Settings Window
4. Configure the settings by referring to Table 8 on page 57.
TQ1402 Series Access Points User’s Guide
Table 8. Basic Radio Settings Window
Field Description
Country Code Select the country code that applies to your
country or region. The country code ensures that
the device operates in compliance with the codes
and regulations of your region or country.
Note
You cannot change the country code on
units sold in North America, Japan,or
Taiwan.
Here are the guidelines:
- You can select only one country.
- The Country Code parameter is shown in the
Basic Settings windows of all three radios but it
can only be set from Radio1.
- The same country code applies to all three
radios.
- Changing the country code disables the radios.
- You have to reconfigure the radio settings if
you change the country code.
Status Activate or deactivate the radio. The selections in
the pull-down menu are described here:
- Enabled: Activates the radio.
- Disabled: Deactivates the radio. This is the
default setting.
Mode
(Radio1)
Select the communications protocol for Radio1
from the pull-down menu. The selections are
listed here:
- IEEE 802.11b/g: The access point accepts only
802.11b or 802.11g clients.
- IEEE 802.11b/g/n: The access point accepts
802.11b, 802.11g, or 802.11n clients operating
at 2.4GHz. This is the default for Radio1.
57
Chapter 4: 2.4GHz and 5GHz Radios
Table 8. Basic Radio Settings Window (Continued)
Field Description
Mode
(Radio2)
Select the communications protocol for Radio2
from the pull-down menu. The selections are
listed here:
- IEEE 802.11a: The access point accepts
802.11a clients.
- IEEE 802.11a/n/ac: The access point accepts
802.11a, 802.11n, and 802.11ac clients
operating. This is the default setting for Radio2.
Wi-Fi multimedia (WMM) has to be enabled
(default) to use IEEE 802.11n or IEEE 802.11ac.
Refer to “Configuring QoS Basic Settings” on
page 106.
Channel Select the channel for the radio from the
pull-down menu. Here are the guidelines:
- You can select only one channel.
- The channels vary by radio, bandwidth, and
country.
- Select "auto", the default setting, to have the
radio select the channel automatically. The
access point scans the available channels on
the radio and selects the one with the least
interference.
58
- If you select Auto, you can use the Auto
Channel Selection parameter in this window to
restrict the channels from which the access
point can choose.
- You must set the channel manually when using
the Wireless Distribution System (WDS) bridge
feature. For information, refer to “WDS Bridge
Elements” on page 120.
- To view the current active channel, refer to
“Displaying Radio Status” on page 64.
TQ1402 Series Access Points User’s Guide
Table 8. Basic Radio Settings Window (Continued)
Field Description
Bandwidth
(Radio1)
Bandwidth
(Radio2)
Select the bandwidth for Radio1 from the
pull-down menu. The selections for IEEE 802.11n
are listed here:
- 20 MHz. This is the default setting.
- 40 MHz
For IEEE 802.11n modes, channel width can be
40 MHz-wide or the legacy 20 MHz-wide. The 40
MHz-wide channel allows for higher data rates,
but reduces the number of available channels for
other wireless devices.
The only bandwidth for IEEE 802.11b/g is 20
MHz.
Select the bandwidth for Radio2 from the
pull-down menu. The available bandwidths for
IEEE 802.11n/ac are listed here:
- 20 MHz. This is the default setting.
- 40 MHz
- 80 MHz
The only bandwidth for IEEE 802.11a is 20 MHz.
Auto Channel
Selection
Select the channels that the radio can chose from
when the Channel parameter is set to Auto. Here
are the guidelines.
- A channel is enabled when its check box has a
check and disabled when the check box is
empty.
- The available channels vary by radio, mode,
bandwidth, and country.
- The default is all available channels are
enabled.
- This parameter is disabled when the channel is
selected manually.
Tx Power Select the strength of the radio transmitter. The
selections are Max (maximum), High, Middle,
Low, Min (minimum). The default is Max.
5. Click the SAVE & APPLY button to save and update the configuration.
59
Chapter 4: 2.4GHz and 5GHz Radios
Configuring
Advanced Radio
Settings
To configure the advanced parameters for Radio1 or Radio2, perform the
following procedure:
1. Select Settings > Radio from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. You can configure only
one radio at a time.
3. Click the Advanced Settings tab. See Figure 17.
60
Figure 17. Advanced Radio Settings Window
4. Configure the parameters by referring to Table 9 on page 60.
Table 9. Advanced Radio Settings Window
Field Description
Maximum
Clients
Use this option to specify the maximum number
of wireless clients that a radio will support at one
time. You might use the option to control the
distribution of clients over the radios.
A radio rejects all clients when the parameter is
set to 0.
The maximum numbers of wireless clients that a
radio supports at one time are:
- 2.4GHz Radio1 - 120 clients (default setting)
- 5GHz Radio2 - 200 clients (default setting)
TQ1402 Series Access Points User’s Guide
Table 9. Advanced Radio Settings Window (Continued)
Field Description
Client Isolation Use this option to enable or disable client
isolation. When the feature is enabled, the
access point does not allow clients in the same
VAP to communicate with each other. However,
they can communicate with the wired LAN port
and with clients in other VAPs.
The feature is typically used to enhance wireless
security. For instance, by activating this feature
on a publicly accessible access point, you enable
clients to communicate with the wired LAN port,
but not with each other.
The options are listed here:
- Enabled: Activates station isolation. The
access point does not allow wireless clients of
the same VAP to communicate with each other.
Neighbor AP
Detection
- Disabled: Deactivates client isolation. The
access point allows wireless clients to
communicate with other clients in the same
VAP or different VAPs, and with the wired LAN.
This is the default setting.
This feature does not apply to WDS. Refer to
“Introduction to Wireless Distribution System
Bridges” on page 118.
Use this option to control whether the access
point listens for neighboring access points. Here
are the options:
- Enabled: The access point listens for
neighboring access points and displays them in
the Neighbor AP window. Refer to “Displaying
Neighboring Access Points” on page 129.
- Disabled: The access point does not listen for
neighboring access points. This is the default
setting.
61
Chapter 4: 2.4GHz and 5GHz Radios
Table 9. Advanced Radio Settings Window (Continued)
Field Description
RTS Threshold Specifies the size in octets of MPDUs that initiate
a Request to Send (RTS) and Clear to Send
(CTS) handshake, in IEEE 802.11b/g. The range
is 0 to 2347 octets. The default is 2347 octets.
You can use this parameter to control the use of
RTS/CTS handshakes when the access point
transmits MPDUs. The access point uses the
handshake before transmitting MPDUs that
exceed the defined threshold. If you specify a low
value, RTS packets are sent more frequently,
which may consume more bandwidth and reduce
the throughput. But more RTS packets may help
a network recover from interference or collisions,
which might occur on a busy network.
Legacy Rates Select the supported and advertised data
transmission rates for IEEE 802.11b/g of the
radio. Here are the guidelines:
- The data rates vary by country.
- The default is all data rates are enabled.
- Radios are generally more efficient when they
advertise subsets of their supported data rates.
Multicast Tx
Rate
Select the maximum amount of multicast packets
the radio can transmit per second. The default
values are listed here:
- 2.4GHz Radio1: 11Mbps
- 5GHz Radio2: 6Mbps
Airtime Fairness Select Enabled to activate airtime fairness to
provide the same communication time (air time)
to all connected clients regardless of
communication speed. Select Disabled, the
default, to turn Airtime Fairness off.
62
TQ1402 Series Access Points User’s Guide
Table 9. Advanced Radio Settings Window (Continued)
Field Description
Band Steering Use this option to enable or disable band steering
on the radios. Band steering reduces radio
congestion by forcing wireless clients that support
both 2.4GHz and 5GHz radios to associate with
VAPs on a different radio during periods of traffic
congestion. Band steering forces clients to
associate with VAPs on a 5GHz radio when there
is traffic congestion on the 2.4GHz radio.
Conversely, clients are forced to associate with
VAPs on the 2.4GHz radio when the 5GHz radios
are congested. Here are the guidelines:
- Enabling band steering on one radio activates
it on the other radio. Conversely, disabling the
feature on one radio disables it on the other
radio.
- Ideally, the VAP settings on both radios should
be identical. This includes SSID names, VLAN
IDs, and security settings.
- The default setting is disabled.
5. Click the SAVE & APPLY button to save and update the configuration.
63
Chapter 4: 2.4GHz and 5GHz Radios
Displaying Radio Status
To display operational information about a radio, perform the following
procedure:
1. Select Monitoring > Status from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. You can view only one
radio at a time. The example in Figure 18 is for Radio1.
64
Figure 18. Radio Status Window
Note
The radio status window for Radio2 includes a DFS (Dynamic
Frequency Selection) field. For information, see “Dynamic
Frequency Selection” on page 66.
The fields are defined in Table 10.
Table 10. Radio Status Window
Field Description
MAC Address Displays the MAC address of the wireless
interface.
Status Displays the status (up, down) of the wireless
interface.
TQ1402 Series Access Points User’s Guide
Table 10. Radio Status Window (Continued)
Field Description
Mode Displays the current wireless communication
mode.
Radio1 has these modes:
- IEEE 802.11b/g
- IEEE 802.11b/g/n
Radio2 has these modes:
- IEEE 802.11a
- IEEE 802.11a/n/ac
Operational
Channel
Displays the active channel. The channel may
have been selected manually or automatically.
Bandwidth Displays the current bandwidth.
Transmission
Displays the transmission power, in dBm.
Power
DFS
(Radio2 only)
Displays the status of DFS (Dynamic Frequency
Selection). For background information, refer to
“Dynamic Frequency Selection” on page 66. The
possible states are listed here:
- IDLE: DFS is inactive because the radio is
using a W52 or W58 channel. Those channels
are not used by DFS.
- CAC: Channel Availability Check: The radio
has selected a W53 or W56 channel and is
performing the DFS radar detection period for
one minute before beginning to transmit or
receive wireless traffic. If no radar is detected,
the radio moves to the ISM status.
- ISM: In-Service Monitoring: The radio is using
a DFS target channel. If radar is detected, it
changes the channel. The DFS status changes
to IDLE if the new channel is W52 or W58, or to
CAC if the new channel is W53 or W56.
- OOC: Out Of Channels: The radio has stopped
transmitting and receiving client packets
because radar signals are detected on all
channel candidates. After 30 minutes, it
transitions to CAC.
65
Chapter 4: 2.4GHz and 5GHz Radios
Dynamic Frequency Selection
Dynamic frequency selection (DFS) is an industry standard that defines
how wireless access points are to respond to the presence of radar
signals on 5GHz channels. The standard states that a wireless access
point that detects radar signals on its current 5GHz channel has to stop
transmitting and select another channel to avoid interfering with the
signals.
The wireless access points support DFS on 5GHz channels that countries
or regions have designated as DFS channels. If an access point detects a
radar signal on its current 5GHz channel and if the channel is designated
as a DFS channel, it immediately marks the channel as unusable for a
minimum of thirty minutes and randomly selects another channel with
which to communicate with its clients.
If a wireless access point is using a DFS 5GHz channel for a WDS bridge
and it detects radar signals, it randomly selects another channel so as not
to interfere with the signals. This action, however, renders the bridge
non-functional. For background information, refer to “Introduction to
Wireless Distribution System Bridges” on page 118.
You can prevent this from occurring by selecting a non-DFS 5GHz
channel as the communication link between the wireless access points of
a WDS bridge. Here are three examples of non-DFS channels:
36 - 5180 MHz
40 - 5200 MHz
44 - 5220 MHz
Here are the guidelines for DFS on the wireless access points:
DFS channels vary by country or region.
DFS cannot be disabled on the wireless access points.
DFS does not apply to channels on the 2.4GHz radio.
Note
To determine whether Radio2 is using a DFS channel, refer to
“Displaying Radio Status” on page 64.
66
Setting the Country Code Setting
Note
You cannot change the country code on units sold in North America,
Japan, Canada, or Taiwan.
You should set the country code setting of the access point as soon as you
install the unit so that it operates in compliance with the codes and
regulations of your region or country.
Note
Changing the country setting disables the radios. The procedure is
disruptive to the operations of your network if the unit is actively
forwarding network traffic.
To set the country code setting, perform the following procedure:
TQ1402 Series Access Points User’s Guide
1. Select Settings > Radio.
2. Select Radio1 from the sub-menu. The country code must be set from
Radio1.
3. Click the Basic Settings tab. This is the default tab. Refer to Figure 16
on page 56.
4. Select the Country Code pull-down menu and choose your country or
region. Here are the guidelines:
You can select only one country.
The Country Code parameter is shown in the Basic Settings
windows of all three radios, but can only be set from Radio1.
The same country code applies to all three radios.
Changing the country code disables the radios.
You have to reconfigure the radio settings after changing this
parameter.
5. Click the SAVE & APPLY button to save and update the configuration.
67
Chapter 4: 2.4GHz and 5GHz Radios
68
Chapter 5
Virtual Access Points
This chapter contains the procedures for managing virtual access points
(VAPs). The chapter contains the following sections:
“VAP Introduction” on page 70
“Configuring Basic VAP Parameters” on page 71
“Configuring Captive Portal” on page 75
“Configuring VAP Security” on page 86
“Configuring VAP Fast Roaming” on page 94
“Configuring the MAC Address List” on page 98
“Displaying VAP and LAN Ports Statistics” on page 100
69
Chapter 5: Virtual Access Points
VAP Introduction
Virtual access points (VAPs) are independent broadcast domains that
function as the wireless equivalent of Ethernet VLANs. They are seen by
clients as independent access points, with their own VIDs, SSIDs, and
security methods.
VAP parameters are divided into these three groups:
“Configuring Basic VAP Parameters” on page 71
“Configuring VAP Security” on page 86
“Configuring VAP Fast Roaming” on page 94
VAP Guidelines Here are guidelines to configuring VAP:
Each radio can have up to eight VAPs. Allied Telesis recommends
no more than five VAPs per radio for best performance.
The VAPs are numbered from 0 to 7.
You can enable or disable the VAPs individually, except for VAP0,
which can only be disabled by disabling its radio.
The VAP securities are static WEP, Enterprise WPA, and Personal
WPA.
The VAPs of a radio can have different security methods.
VAPs can have the same or different VLAN IDs.
70
Configuring Basic VAP Parameters
To configure basic VAP settings, perform the following procedure:
1. Select Settings > VAP / Security from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1.
You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu. The default is
VAP0. You can configure only one VAP at a time.
4. Select the Virtual Access Point tab. This is the default tab. The
example in Figure 19 shows the settings for VAP0 on Radio1.
TQ1402 Series Access Points User’s Guide
Figure 19. Virtual Access Point Tab
5. Configure the parameters by referring to Table 11 on page 72.
71
Chapter 5: Virtual Access Points
Table 11. Virtual Access Point Tab
Field Description
Status Enable or disable the VAP. Here are the guidelines.
- A disabled VAP does not forward any ingress or
egress traffic.
- The default setting for VAP0 is enabled.
- The default setting for VAP1 to VAP7 is disabled.
- You cannot disable VAP0. To stop VAP0 from
forwarding traffic from wireless clients, you have
to disable its radio.
Mode Select a mode setting from the pull-down menu. This
parameter applies only to VAP0. The menu choices
are listed here:
- Access Point: Select this mode to have a VAP
function as a normal VAP, without WDS bridging.
This is the default setting.
- WDS Parent: Select this mode to have VAP0
function as the parent in a WDS bridge. A WDS
parent access point has its LAN port connected to
the wired network. For background information,
refer to “Introduction to Wireless Distribution
System Bridges” on page 118.
- WDS Child: Select this mode to have VAP0
function as a child in a WDS bridge. A child
access point communicates with the wired
network through the parent unit.
The only mode for VAP1 to VAP7 is Access Point.
72
TQ1402 Series Access Points User’s Guide
Table 11. Virtual Access Point Tab (Continued)
Field Description
SSID Enter a name for the VAP. Here are the guidelines:
A VAP must have a name.
A name can be from 1 to 32 alphanumeric
characters.
Spaces are allowed except the first and last
characters of an SSID.
You can assign the same name to more than
one VAP.
The default names for VAP0 on Radio1 and
Radio2 are allied24 and allied5, respectively.
The default names for VAP1 to VAP7 are
Virtual Access Points 1 to 7.
VLAN ID Enter a VID for the VAP. Here are the guidelines:
The range is 1 to 4094.
The default is VID 1.
A VAP can have only one VID.
You can assign the same VID to more than
one VAP.
This VID is ignored for wireless clients
receive their VIDs from a RADIUS server for
WPA Enterprise security. VIDs from a
RADIUS server override the number in this
field.
Hidden SSID Select whether the access point should advertise
the VAP SSID to clients. Here are the options:
Disabled: The access point transmits the
SSID to advertise the VAP to clients. This is
the default setting.
Enabled: The access point does not
advertise the VAP. Clients who want to
connect to an unauthorized VAP have to
know its name.
73
Chapter 5: Virtual Access Points
Table 11. Virtual Access Point Tab (Continued)
Field Description
MAC Filtering Select whether the VAP is to use the MAC filter to
control access by wireless clients. For instructions,
refer to “Configuring the MAC Address List” on
page 98. The options are listed here:
Enabled: The VAP uses the MAC filter to
control which wireless clients can connect to
it. When wireless clients connect to the VAP,
the access point compares their MAC
addresses to the addresses in the MAC filter
and either accepts or rejects the client traffic
depending on the filter settings.
Disabled: The VAP does not use the MAC
filter.
The MAC address filter requires that the Mode
setting be Access Point. You cannot use the MAC
filter on VAP0 in the WDS Parent or WDS Child
mode.
Captive Portal Configure Captive Portal. The options are:
Click-Through: See “Requiring Wireless
Clients to Click the Agree Button to Access
to the Network” on page 76 and “Delegating
a Proxy Server to Interact with Wireless
Clients” on page 78.
External RADIUS: See “Delegating RADIUS
Servers and a Proxy Server” on page 79 and
“Delegating RADIUS Servers to Authenticate
Wireless Clients” on page 81.
Disabled: See “Allowing any wireless clients
to access to your networks” on page 75. This
is the default setting.
6. Click the SAVE & APPLY button to save and update the configuration.
74
Configuring Captive Portal
A Captive Portal is a web page that wireless clients view before their
access is granted. Captive Portal pages usually identify the owners of the
wireless networks, or require them to agree to the terms of use. Captive
Portal pages can require wireless clients to login, or require information
such as their email addresses, prior to allowing access to the networks.
TQ1402 Series Access Points User’s Guide
Captive Portal
Configurations
You can use Captive Portal to interact with wireless clients before allowing
them to access your network resources: You can configure Captive Portal
in the following ways:
Allowing any wireless clients to access to your networks
When Captive Portal is disabled, any wireless clients can access to
your network without authentication or interaction. This is the
default setting.
“Requiring Wireless Clients to Click the Agree Button to Access to
the Network” on page 76
A web page including your message and the Agree button is
displayed. Your message is stored on the access point. Wireless
clients do not go through an authentication process.
“Delegating a Proxy Server to Interact with Wireless Clients” on
page 78
Interacting with wireless clients is conducted by the proxy server
that you specify. The proxy server hosts web pages so that you
can create your own web pages and applications if necessary. See
“Creating Pages in HTML for a Proxy Server” on page 83.
“Delegating RADIUS Servers and a Proxy Server” on page 79
An authentication process is conducted by a RADIUS server that
you specify. You also specify a proxy server to host web pages to
interact with wireless clients. You can create your own HTML files
on the proxy server. See “Creating Login Pages in HTML When
External RADIUS is Selected” on page 84.
“Delegating RADIUS Servers to Authenticate Wireless Clients” on
page 81
An authentication process is conducted by a RADIUS server that
you specify. The pre-fixed HTML files stored in the access point
are used to interact with wireless clients. You cannot change these
HTML files.
75
Chapter 5: Virtual Access Points
Port Numbers The following port numbers are used with the IP address of the access
point:
8080 for HTTP
http://[access point’s IP address]:8080/auth?redirect=[wireless client’s
originally requested URL]
8443 for HTTPS
https://[access point’s IPv4 address]:8443/auth?redirect=[wireless
client’s originally requested URL]
Requiring
Wireless Clients
to Click the Agree
Button to Access
to the Network
To require wireless clients to click the Agree button to access to the
networks, perform the following procedure:
1. Select Settings > VAP / Security from the main menu.
2. Select Radio1 or Radio2 from the sub-menu.
The default is Radio1. You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu.
The default is VAP0. You can configure only one VAP at a time.
4. Select the Virtual Access Point tab. See the example in Figure 19 on
page 71.
5. Select Click-Through from the Captive Portal pull-down menu. See
Figure 20 on page 77.
76
TQ1402 Series Access Points User’s Guide
c
Figure 20. Captive Portal - Click-Through
6. Select Disabled from the Authentication Page Proxy pull-down menu.
By default, the Authentication Page Proxy is disabled.
7. Configure the parameters by referring to Table 12.
Table 12. Captive Portal
Field Description
Agreement
Message
Enter Conditions of Use or other information in the
HTML code format to be displayed in the
introductory web page.
77
Chapter 5: Virtual Access Points
Table 12. Captive Portal (Continued)
Field Description
Redirect Type
(after user is
authenticated)
Fixed URL Specify the URL of a web page. Wireless clients are
8. Click the SAVE & APPLY button to save and update the configuration.
Select the following options to control a Web page
to be displayed to wireless clients after they are
allowed to access to the network.
The options are:
- Fixed URL: Allows you to specify a URL to
redirect to wireless clients. When this option is
selected, the Fixed URL field becomes available.
- Session Keep: Displays a web page that wireless
clients originally requested.
- Disabled: Redirect is disabled. The welcome.html
that you prepared is displayed. When the Capital
Portal field is Click-Through and the
Authentication Proxy Page is Disabled, the
welcome page on the access point is displayed.
This is the default setting.
redirected to the specified web page. To use this
field, the Redirect Type must be Fixed URL.
Delegating a
Proxy Server to
Interact with
Wireless Clients
You can delegate a proxy server to conduct authentication or interaction
without authentication. The proxy server that you specify hosts web pages
so that you must create web pages and applications on the proxy server.
To delegate a proxy server to interact with wireless clients, perform the
following procedure:
1. Select Settings > VAP / Security from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1.
You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu. The default is
VAP0. You can configure only one VAP at a time.
4. Select the Virtual Access Point tab. See the example in Figure 19 on
page 71.
5. Select Click-Through from the Captive Portal pull-down menu. See
Figure 21 on page 79.
6. Select Enabled from the Authentication Page Proxy pull-down menu.
See Figure 21 on page 79.
78
TQ1402 Series Access Points User’s Guide
c
Delegating
RADIUS Servers
and a Proxy
Server
Figure 21. Captive Portal - Using a Proxy Server
7. Specify a URL of your web server in the Base URL field.
8. Specify the Redirect Type field by referring to Table 12 on page 77.
9. Click the SAVE & APPLY button to save and update the configuration.
10. Go to “Creating Pages in HTML for a Proxy Server” on page 83 to
create the HTML files.
You can delegate RADIUS servers to authentication wireless clients and
delegate a proxy server to interaction with these wireless clients. The
RADIUS servers authenticate wireless clients. The proxy server hosts web
pages so that you can create your own web pages and applications on the
proxy server.
To delegate RADIUS servers and a proxy server, perform the following
procedure:
To display an authentication page hosted by a RADIUS server when
wireless clients access to network resources, perform the following
procedure:
1. Select Settings > VAP / Security from the main menu.
79
Chapter 5: Virtual Access Points
2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1.
You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu. The default is
VAP0. You can configure only one VAP at a time.
4. Select the Virtual Access Point tab. See the example in Figure 19 on
page 71.
5. Select External RADIUS from the Captive Portal pull-down menu. See
Figure 22.
6. Select Enabled from the Authentication Page Proxy pull-down menu.
See Figure 22.
80
Figure 22. Captive Portal - External RADIUS
7. Configure the parameters by referring to Table 13 on page 81.
TQ1402 Series Access Points User’s Guide
Table 13. Captive Portal - External RADIUS
Field Description
Authentication
Page Proxy
Redirect Type See Table 12 on page 77.
Primary RADIUS
Server IP
Primary RADIUS
Server Key
Secondary
RADIUS Server
IP
See Table 12 on page 77.
Enter the IPv4 address of the primary FADIUS
server. The default is 192.168.1.1
Enter the shared secret key for the primary
RADIUS server.
Here are the guidelines:
The key can be up to 128 alphanumeric
characters.
It is case-sensitive.
It must be same on the access point and
server.
The default is no key.
Enter the IPv4 address of a secondary RADIUS
server. This field is optional. The access point
sends authentication requests to this address if
the primary RADIUS server does not respond to
requests.
Delegating
RADIUS Servers
to Authenticate
Wireless Clients
Secondary
RADIUS Server
Key
RADIUS Port Enter the RADIUS port number of the RADIUS
8. Click the SAVE & APPLY button to save and update the configuration.
9. Go to “Creating Login Pages in HTML When External RADIUS is
Selected” on page 84 to create the HTML files.
You can delegate RADIUS servers to authenticate wireless clients. The
pre-fixed HTML files stored in the access point are used to interact with
wireless clients.
To delegate RADIUS servers, perform the following procedure:
Enter the shared secret key for the secondary
RADIUS server.
server. If you entered IP addresses for both
primary and secondary servers, the units must be
using the same port number. The range is 0 to
65535. The default is 1812.
81
Chapter 5: Virtual Access Points
1. Select Settings > VAP / Security from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1.
You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu. The default is
VAP0. You can configure only one VAP at a time.
4. Select the Virtual Access Point tab. See the example in Figure 19 on
page 71.
5. Select External RADIUS from the Captive Portal pull-down menu. See
Figure 23.
6. Select Disabled from the Authentication Page Proxy pull-down menu.
See Figure 23.
82
Figure 23. Captive Portal - External RADIUS
7. Configure the parameters by referring to Table 13 on page 81.
8. Click the SAVE & APPLY button to save and update the configuration.
TQ1402 Series Access Points User’s Guide
Creating Pages in
HTML for a
Proxy Server
When you are configuring Captive Portal to be hosted by a proxy server,
create the following HTML files on the proxy server:
[Base URL]/click_through_login.html
[Base URL]/click_through_login_fail.html
[Base URL]/welcome.html (Optional)
Requirements for the click_through_login.html and
click_through_login_fail.html
Here is a list of requirements:
You must include a <form> element with the method attribute
specified to “post” and no action attribute.
In the <form> element, you must include a <button> tag or an
<input> tag with the type attribute specified to “submit” for a
wireless client to submit the data to the proxy server.
No requirement for a welcome.html
HTML Code and Display Examples of Login Page
The following is an example of HTML code:
<html>
<head>
<title>Terms of Service</title>
</head>
<form method=”post”>
By using our service, you acknowledge that there
are risks <br>inherent in accessing information
through the internet.<br><br>
<input type=”submit” value=Agree></input>
</form>
</html>
Figure 24 shows its web page displayed in a web browser.
Figure 24. Captive Portal - Terms of Service Page Sample
83
Chapter 5: Virtual Access Points
Creating Login
Pages in HTML
When External
RADIUS is
Selected
When you are configuring Captive Portal to be authenticated by a RADIUS
server and hosted by a proxy server, create the following HTML files on
the proxy server:
[Base URL]/radius_login.html
[Base URL]/radius_login_fail.html
[Base URL]/welcome.html (Optional)
Requirements for the radius_login.html and radius_login_fail.html
Here is a list of requirements:
You must include a <form> element with the method attribute
specified to “post” and no action attribute.
In the <form> element, you must include an <input> tag with the
name attribute specified to “userid” for a wireless client to enter a
user ID. The <form> element ends at the </form> end tag.
In the <form> element, you must include anther <input> tag with
the name attribute specified to “password” for a wireless client to
enter a password.
In the <form> element, you must include a <button> tag or an
<input> tag with the type attribute specified to “submit” for a
wireless client to submit the data to the RADIUS server.
There is no requirements for a welcome.html
HTML Code and Display Examples of Login Page
The following is an example of HTML code:
<html>
<head>
<title>Web Authentication Page</title>
</head>
<form method=”post”>
Username: <input type=”text” name=”userid”><br>
Password: <input type=”password”
name=”password”><br>
<input type=”submit” value=”Connect”></input>
</form>
</html>
Figure 25 on page 85 shows its web page displayed in a web browser.
84
TQ1402 Series Access Points User’s Guide
Figure 25. Captive Portal - Login Page Sample
85
Chapter 5: Virtual Access Points
Configuring VAP Security
The procedures for configuring VAP security is provided in the following
sections:
“No Security” on page 86
“WPA Personal (Pre-Shared Key)” on page 87
“WPA Enterprise” on page 89
No Security VAPs not requiring any security can be set to the None security level.
Wireless clients do not use encryption or authentication to access VAPs
with no security. This is the default setting.
To configure a VAP for no security, perform the following procedure:
1. Select Settings > VAP / Security from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1.
You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu. The default is
VAP0. You can configure only one VAP at a time.
4. Select the Security tab.
5. Select None from the Mode pull-down menu. This is the default
setting. Refer to Figure 26.
Figure 26. None Selection in the VAP Security Tab
86
6. Click the SAVE & APPLY button to save and update the configuration.
TQ1402 Series Access Points User’s Guide
WPA Personal
(Pre-Shared Key)
To configure a VAP for WPA Personal security, perform the following
procedure:
1. Select Settings > VAP / Security from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1.
You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu. The default is
VAP0. You can configure only one VAP at a time.
4. Select the Security tab.
5. Select WPA Personal from the Mode pull-down menu. Refer to
Figure 27.
Figure 27. WPA Personal Security Tab
6. Configure the parameters by referring to Table 14 on page 88.
87
Chapter 5: Virtual Access Points
Table 14. WPA Personal Security Tab
Field Description
Mode Select WPA Personal.
WPA Version Select the WPA version. The options are listed here:
- WPA and WPA2: Select this option if the VAP has
both WPA and WPA2 clients.
- WPA2: Select this option if clients support WPA2
only. This is the default setting.
- WPA2 and WPA3: Select this option if the VAP
has both WPA2 and WPA3 clients.
- WPA3: Select this option if clients support WPA3
only. This is the default setting.
Cipher Suites Select the cipher suite for the VAP. The options are
listed here:
- CCMP. This is the default.
Note
When the WPS version is WPA2 and WPA3,
or WPA3, CCMP is the only option.
- TKIP and CCMP
When both TKIP and CCMP are selected, clients
who are using WPA must have one of the following:
- A valid TKIP key.
- A valid CCMP (AES) key.
Key Enter a shared secret key Here are the guidelines:
- The key can be from 8 to 63 alphanumeric
characters.
- It can include special characters.
- It is case sensitive.
- The default is no key.
88
The small double-arrow symbol next to the field
toggles the key between alphanumeric characters
and asterisks.
TQ1402 Series Access Points User’s Guide
Table 14. WPA Personal Security Tab (Continued)
Field Description
IEEE802.11w
(MFP)
Control IEEE 802.11w management frame
protection. This feature is only supported with WPA2
as the WPA Version. It is not supported with WPA
and WPA2.The options are listed here:
- Enabled: Activates management frame protection.
This is the default.
Note
When the WPS version is WPA2 and WPA3,
or WPA3, Enabled is the only option.
- Disabled: Deactivates management frame
protection.
Broadcast Key
Refresh Rate
Specify the refresh interval rate for the broadcast
(group) key. The range is 0 to 86400 seconds. The
key is not refreshed when this parameter is set to 0
seconds, which is the default.
7. Click the SAVE & APPLY button to save and update the configuration.
WPA Enterprise To configure a VAP for WPA Enterprise security, perform the following
procedure:
Note
WPA Enterprise is not available on VAP0 when it is the parent or
child of a WDS bridge.
1. Select Settings > VAP / Security from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1.
You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu. The default is
VAP0. You can configure only one VAP at a time.
4. Select the Security tab.
5. Select WPA Enterprise from the Mode pull-down menu. See Figure
28 on page 90.
89
Chapter 5: Virtual Access Points
90
Figure 28. WPA Enterprise Tab
6. Configure the parameters by referring to Table 15 on page 91.
TQ1402 Series Access Points User’s Guide
Table 15. WPA Enterprise Tab
Field Description
Mode Select WPA Enterprise.
WPA Version Select the WPA version for the VPA. The options are
listed:
- WPA and WPA2 - Select this option if the VAP has
both WPA and WPA2 clients.
- WPA2: Select this option if all the clients support
WPA2 only. This is the default setting.
- WPA3: Select this option if clients support WPA3
only.
Note
WPA3 is supported only on Radio2.
Cipher Suites Select the cipher suite for the VAP, The options are
listed here:
- CCMP. This is the default.
Note
When the WPS version is WPA3, CCMP is the
only option.
- TKIP and CCMP
When both TKIP and CCMP are selected, clients
configured to use WPA with RADIUS must have one of
the following:
- A valid TKIP RADIUS IP address and RADIUS key.
- A valid CCMP IP address and RADIUS key.
91
Chapter 5: Virtual Access Points
Table 15. WPA Enterprise Tab (Continued)
Field Description
IEEE802.11w
(MFP)
Pre-authentic
ation
Broadcast
Key Refresh
Rate
Control IEEE 802.11w management frame protection.
This feature is only supported with WPA2 as the WPA
Version. It is not supported with WPA and WPA2.The
options are listed here:
- Enabled: Activates management frame protection.
This is the default.
Note
When the WPS version is WPA3, Enabled is the
only option.
- Disabled: Deactivates management frame
protection.
- Enabled: Activates . This is the default.
- Disabled: Deactivates .
Enter the interval for updating the key of the broadcast
packet to be sent to the wireless clients connected to
the VAP. The range is 0 to 86400 seconds. The key is
not updated when this parameter is set to 0 (zero). The
default is 0.
Primary
RADIUS
Server IP
Primary
RADIUS
Server Key
Secondary
RADIUS
Server IP
Secondary
RADIUS
Server Key
Enter the IPv4 address of the primary RADIUS server.
The default is 192.168.1.1.
Enter the shared secret key for the primary RADIUS
server. Here are the guidelines:
- The key can be up to 128 alphanumeric characters.
- It is case-sensitive.
- It must be same on the access point and server.
- The default is no key.
Enter the IPv4 address of a secondary RADIUS server.
This field is optional. The access point sends
authentication requests to this address if the primary
RADIUS server does not respond to requests.
Enter the shared secret key for the secondary RADIUS
server.
92
TQ1402 Series Access Points User’s Guide
Table 15. WPA Enterprise Tab (Continued)
Field Description
RADIUS Port Enter the RADIUS port number of the RADIUS server.
If you entered IP addresses for both primary and
secondary servers, the units must be using the same
port number. The range is 0 to 65535. The default is
1812.
RADIUS
Accounting
RADUIS
Accounting
Port
Dynamic
VLAN
Control RADIUS accounting, When accounting is
enabled, the access point sends client information,
such as usage time, to the RADIUS server. The options
are listed here:
- Enabled: Activate RADIUS accounting.
- Disabled: Deactivate RADIUS accounting. This is the
default setting.
Enter the RADIUS accounting port number of the
RADIUS server. If you entered IP addresses for both
primary and secondary servers, the units must use the
same accounting port number. The range is 0 to
65535. The default is 1813.
Control whether the VAP only accepts clients that are
assigned VIDs by RADIUS servers. The options are
listed here:
- Enabled: The VAP forwards packets only from clients
that are assigned VIDs from RADIUS servers.
- Disabled: The VAP forwards packets without regard
to how clients are assigned VIDs. This is the default
setting.
7. Click the SAVE & APPLY button to save and update the configuration.
93
Chapter 5: Virtual Access Points
Configuring VAP Fast Roaming
The access point supports IEEE 802.11k/v/r for high-speed roaming by
wireless clients. Here are the guidelines:
High speed roaming applies to VAPs with WPA Personal or WPA
Enterprise security. It does not apply to no security or Static WEP.
You can view but not configure the IEEE 802.11r settings with the
web browser management interface. Configuring the settings
requires Vista Manager EX the AT-Vista Manager EX AWC
plug-in.
To configure fast roaming, perform the following procedure:
1. Select Settings > VAP / Security from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1.
You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu. The default is
VAP0. You can configure only one VAP at a time.
4. Select the Fast Roaming tab. Refer to Figure 29.
94
Figure 29. Fast Roaming Window
TQ1402 Series Access Points User’s Guide
5. Configure the fields by referring to Table 16.
Table 16. Fast Roaming Window
Field Description
IEEE802.11r
Refer to the Vista Manager EX and AT-Vista
Manager EX AWC documentation for
Fast Transition
descriptions of these parameters.
802.11k RRM Select one of the following:
- Enabled: Activates IEEE 802.11k Radio
Resource Measurement (RRM).
- Disabled: Deactivate RRM.This is the default.
802.11v WNM Select one of the following:
- Enabled: Activates IEEE 802.11v Wireless
Network Management (WNM).
- Disabled: Deactivates WNM. This is the
default.
6. Click the SAVE & APPLY button to save and update the configuration.
95
Chapter 5: Virtual Access Points
Configuring Advanced VAP Settings
To configure advanced VAP settings, perform the following procedure:
1. Select Settings > VAP / Security from the main menu.
2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1.
You can configure only one radio at a time.
3. Select a VAP to configure from the next sub-menu. The default is
VAP0. You can configure only one VAP at a time.
4. Select the Advanced tab. See Figure 29.
96
Figure 30. Advanced VAP Settings Window
5. Configure the fields by referring to Table 16.
Table 17. Advanced VAP Settings
Field Description
Duplicate AUTH
received
Controls how the access point responds when it
receives authentication requests from wireless
clients that have already been authenticated. The
options are:
- Disconnect: The access point responds to
duplicate authentication requests by sending
deauthentications and disconnecting the
clients.This is the default.
- Ignore: The access point responds to duplicate
authentication requests by authenticating the
clients again.
TQ1402 Series Access Points User’s Guide
Table 17. Advanced VAP Settings (Continued)
Field Description
Association
Advertisement
Select one of the following:
- Enabled: The access point notifies wireless
clients when they are newly associated. Withe
the association confirmation, wireless clients
remove the information from previously
associated access points.
- Disabled: Deactivate the Association
Advertisement feature. This is the default.
ProxyARP Not available. This feature is disabled.
6. Click the SAVE & APPLY button to save and update the configuration.
97
Chapter 5: Virtual Access Points
Configuring the MAC Address List
The MAC address filter is used to control which wireless clients can
access your network through the VAPs. You configure the filter by
entering the MAC addresses of wireless clients whose association
requests are to be accepted or rejected by the access point. If you specify
the MAC addresses of the permitted nodes, the access point accepts the
association requests from the specified clients and rejects requests from
all other clients. If you specify the MAC addresses of the denied clients,
the device rejects association requests from the specified clients and
accepts requests from all other clients.
Here are the guidelines to the MAC address filter:
The access point has only one MAC address filter.
You can activate or deactivate the filter on individual VAPs.
You need to know the MAC addresses of the wireless clients
whose association requests the access point is to accept or reject.
You need to know the VAPs where you want to activate the
filtering. Activating filtering on VAPs is described in “Configuring
Basic VAP Parameters” on page 71.
To configure the MAC address filter, perform the following procedure:
1. Select Settings > MAC Address List. Refer to Figure 31.
98
Figure 31. MAC Address List Window
TQ1402 Series Access Points User’s Guide
2. From the Action pull-down menu, select one of the following:
Deny: Select this option to have the access point reject association
requests from wireless clients whose MAC addresses you enter in
the filter, and to accept association requests from all other clients.
This is the default setting.
Allow: Select this option to have the access point accept
association requests from the wireless clients whose MAC
addresses you enter in the filter, and to reject association requests
from all other clients.
3. To enter the MAC address of a wireless client the access point is to
deny or accept, click the MAC Address field and enter the address, in
this format xx:xx:xx:xx:xx:xx.
4. Click the Add button. You can enter only one address at a time. You
cannot enter broadcast or multicast addresses.
5. To remove addresses, do one of the following:
To delete MAC addresses individually, click the check boxes of the
addresses in the list and click the Delete button.
To delete all the addresses, click the check box to the right of the
MAC Address List title and click the Delete button
6. Click the SAVE & APPLY button to save and update the configuration.
99
Chapter 5: Virtual Access Points
Displaying VAP and LAN Ports Statistics
To view VAP and LAN ports status and statistics, select Monitoring >
Statistics window. Refer to Figure 32.
100
Figure 32. Statistics Window
The columns are defined in Table 18.
Table 18. Statistics Window
Column Description
Interface Displays LAN1 and LAN 2 ports, and VAPs 0 to
7).
Status Displays the status (up or down) of the interface.
Packets Received Displays the total number of packets received on
the interface.
Loading...