Compex WP18 3C, WP18 1A, WP18 2A, WP18 3B, WP18 3D User Manual

...

Page 1

Page 2

All Rights Reserved This document contains information that is protected by copyright. Reproduction, adaptation, or translation without prior permission is prohibited, except as allowed under copyright laws.

Trademark Information

Compex®, ReadyLINK® and MicroHub® are registered trademarks of Compex, Inc. Microsoft Windows and the Windows logo are trademarks of Mi crosoft Corp. NetWare is the registered trademark of Novell Inc. All other brand and product names are trademarks or registered trademarks of their respective owners. Notice: Copyrights © 2006 by Compex, Inc. All rights reserved. Reproduction, adaptation, or translation without prior permission of Compex, Inc. is prohibited, except as allowed under copyright laws. Manual Revision by Daniel Manual Number: U-0508-V1.3C Version 1.3, November 2006

Disclaimer

Compex, Inc. provides this manual without warranty of any kind, expressed or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. Compex, Inc. may make improvements and/or changes to the product and/or specific ations of the product described in this manual without prior notice. Compex, Inc. will not be liable for any technical inaccuracies or typographical errors found in this guide. Changes are periodically made to the information co n tained herein and will be incorpora ted in later versions of the manual. The information contained i s subject to change without prior notice.

Your Feedback

We value your feedback. If you find any erro rs in this user’s manual, or if you hav e suggestions on improving, we would like to hear from you. Please cont act us at: Fax: (65) 62809947 Email: feedback@compex.com.sg

FCC NOTICE

This device has been tested and found to compl y with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this device does cause harmful interference to radio or television reception, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Connect the computer into an outlet on a circuit different from that to which the

receiver is connected

• Increase the separation between the computer and receiver.

• Consult the dealer or an experienced radio/TV t echnician for help.

Caution: Any changes or modifications not expr essly approved by the grantee of this device could void the user's authority to operate the equipment.

Page 3

FCC Compliance Statement

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:

1. This device may not cause harmful int er fer ence, and

2. This device must accept any interfer ence recei v ed, includi ng int erference that may cause undesired operation.

Declaration of Conformity

Compex, Inc. declares the following:

Product Name: Wireless 54Mbps A+G DualBand Access Point with Integrated PoE Model No: NetPassage WP18 conforms to the following Product Standards :

The device complies with the Electromagnetic Compatibility Directive (89/336/EEC), Low Voltage Directive (73/23/EEC) and the Amendment Directive (93/68/EEC) issued by the Commission of the European Community. Compli ance with these directives impli es conformity to the following European Norms (in brackets are t he equivalent international s tandards).

EN 55022 (CISPR 22) – Electromagnetic Interference (Conduction and Radiation) EN 55024 (IEC61000-4- 2,3,4,5,6,8,11) – Electromagnetic Immunity EN 61000-3-2 (IEC610000-3-2) – Power Line Harmonics EN 61000-3-3 (IEC610000-3-3) – Product Safety

Therefore, this product is in conformity with the following regional standards:

FCC Class B ⎯ following the provisions of FCC Part 15 directives CE Mark ⎯ following the provisions of the EC directive.

This Class B digital apparatus complies with Canadian ICES-003.

Page 4

Technical Support Information

The warranty information and registration form are found in the Quick Install Guide. For technical support, you may contact Compex or its subsidiaries. For your convenience,

you may also seek technical assistance from the local distributor or from the authorized dealer/reseller that you have purchased this product from. For technical support by email, write to

support@compex.com.sg.

Refer to the table below for the nearest Technical Support Centre.

Technical Support Centres

Contact the technic al support centre that services your location.

U.S.A., Canada, Latin America and South America

 Write

Compex, Inc. 840 Columbia Street, Suite A Brea, CA 92821, USA

 Call

Fax

Tel: Tel: Fax:

+1 (714) 482-0333 (8 a.m.-5 p.m. Pacific time) +1 (800) 279-8891 (Ext.122 Technical Support) +1 (714) 482-0332

Asia, Australia, New Zealand, Middle East and the rest of the World

 Write

Compex Systems Pte Ltd

135, Joo Seng Road #08-01, PM Industrial Building Singapore 368363

 Call

Tel: Tel: Fax:

(65) 6286-1805 (8 a.m.-5 p.m. local time) (65) 6286-2086 (Ext.199 Technical Support) (65) 6283-8337

Internet access/

E-mail: FTPsite:

support@compex.com.sg ftp.compex.com.sg

Website:

http://www.cpx.com or http://www.compex.com.sg

Fax

Page 5

About This Document

This document may be superseded, in which case you may find its latest version at:

http://www.compex.com.sg

The product described in this document, Wireless 54Mbps A+G Dualband Access Point with Integrated PoE, NetPassage WP18 is a licensed product of Compex Systems Pte Ltd. This document contains instructions for installing, configuring and using Compex NetPassage WP18. It also gives an overview of the key applications and the networking concepts with respect to the product.

This documentation is for both network administrators and end users who possess some basic knowledge of networking structures and protocols.

It makes the assumption that the host computer has already been installed with TCP/IP and is ready to access Internet. Procedures for Microsoft Windows 98SE/ME/2000/XP operating systems are included in this document. However, for other operating systems, you may need to refer to your operating system’s documentation for networking instructions.

Firmware

Please take note that this User’s Manual is written based on NetPassage WP18 Firmware Version 2.04.

Conventions

The class inclusive of all model versions in this series is often denoted as either NetPassage WP18 or WP18 or access point.

Page 6

TABLE OF CONTENTS

TRADEMARK INFORMATION ..........................................................................I

DISCLAIMER ......................................................................................................... I

YOUR FEEDBACK.................................................................................................I

FCC NOTICE .......................................................................................................... I

FCC COMPLIANCE STATEMENT....................................................................II

DECLARATION OF CONFORMIT Y.................................................................II

TECHNICAL SUPPORT INFORMATION.......................................................III

TECHNICAL SUPPORT CENTRES..................................................................III

ABOUT THIS DOCUMENT............................................................................... IV

FIRMWARE......................................................................................................... IV

CONVENTIONS................................................................................................... IV

Chapter 1: Introduction ................................................................................. 5

INTRODUCING THE ACCESS POINT..................................................................5

Chapter 2: Getting to know the Access Point............................................... 6

KEY FEATURES......................................................................................................6

SECURITY FEATURES...........................................................................................8

ADDITIONAL FEATURES......................................................................................8

ADDITIONAL FEATURES......................................................................................9

PANEL VIEWS.......................................................................................................10

PANEL DESCRIPTION..........................................................................................12

Chapter 3: Hardware Setup......................................................................... 15

OPTION 1: USING POWER ADAPTER TO SUPPLY POWER..........................15

OPTION 2: USING POE TO SUPPLY POWER....................................................17

Chapter 4: Accessing the Web Interface..................................................... 20

OVERVIEW OF ALTERNATIVES.......................................................................20

HOW TO UCONFIG TO THE WEB INTERFACE...............................................20

HOW TO BROWSE TO THE WEB INTERFACE................................................22

Chapter 5: Setting up a WLAN................................................................... 23

OPERATION MODES............................................................................................24

Access Point Mode...............................................................................................24

Client Mode..........................................................................................................25

Wireless Routing Client Mode .............................................................................26

Transparent Client Mode.....................................................................................27

TO SET UP A WIRELESS LAN............................................................................29

POINT-TO-POINT & POINT-TO-MULTIPOINT SETUP....................................32

CHANNEL SURVEY .............................................................................................36

HOW TO MAKE YOUR WLAN MORE SECURE...............................................38

How to Setup WEP...............................................................................................41

How to Setup 802.1x............................................................................................44

Page 7

How to Setup WPA Enterprise Modes .................................................................45

How to Setup WPA Personal ...............................................................................46

ADVANCED WLAN SETTINGS..........................................................................47

LONG DISTANCE PARAMETERS ......................................................................49

WMM ......................................................................................................................51

STATISTICS...........................................................................................................54

VIRTUAL AP (MULTIPLE SSID).........................................................................55

PREFERRED APS ..................................................................................................57

ANTENNA ALIGNMENT......................................................................................58

Chapter 6: Configuration............................................................................. 59

SETTING UP THE ACCESS POINT IN YOUR LAN...........................................59

Setting Up Your LAN ...........................................................................................61

To View the Active DHCP Leases........................................................................62

To Reserve Specific IP Addresses for Predetermined DHCP Clients..................63

SPANNING TREE PROTOCOL............................................................................65

MAC FILTERING...................................................................................................67

Add a MAC address to the MAC Address List.....................................................68

Delete a MAC address from all access points......................................................71

Delete a MAC address from individual access point...........................................73

Edit MAC address from the MAC Address List....................................................75

Chapter 7: Security Configuration.............................................................. 77

Security Level.......................................................................................................77

Log Information...................................................................................................77

FIREWALL CONFIGURATION............................................................................78

FIREWALL LOGS..................................................................................................84

PACKET FILTERING............................................................................................85

URL FILTERING....................................................................................................89

MULTICAST FILTERING.....................................................................................91

Chapter 8: Enabling and Disabling Router................................................ 92

SETTING UP AS ROUTER....................................................................................92

SETTING UP AS ACCESS POINT........................................................................ 93

Chapter 9: Router Setup .............................................................................. 94

BROADBAND INTERNET....................................................................................94

WAN Setup.............................................................................................................95

Static IP............................................................................................................96

Dynamic IP......................................................................................................97

PPPoE ..............................................................................................................98

PPTP ..............................................................................................................100

L2TP ..............................................................................................................101

MAC Address Cloning...........................................................................................104

Link Speed & Duplex.............................................................................................105

USING NAT..........................................................................................................106

Enabling/Disabling NAT....................................................................................106

Page 8

iii

To Setup a De-Militarised Zone Host ................................................................107

To Setup Port Forwarding.................................................................................109

IP Forwarding ...................................................................................................114

ROUTING .............................................................................................................116

Static Routing.....................................................................................................117

BANDWIDTH CONTROL FOR WAN................................................................119

BANDWIDTH CONTROL FOR LAN.................................................................120

REMOTE MANAGEMENT.................................................................................122

UNIVERSAL PLUG AND PLAY (UPNP)...........................................................123

PARALLEL BROADBAND.................................................................................125

Load Balancing..................................................................................................125

Fail-Over Redundancy.......................................................................................125

To Enable Parallel Broadband..........................................................................126

DNS REDIRECTION............................................................................................127

DYNAMIC DNS SETUP......................................................................................128

SNMP SETUP .......................................................................................................133

SNMP TRAP .........................................................................................................134

TELNET/SSH SETUP...........................................................................................135

USER MANAGEMENT .......................................................................................137

TELNET CLI.........................................................................................................138

SSH CLI (Secure Shell Host Command Line Interface).....................................139

WEB MANAGEMENT SETUP............................................................................141

Chapter 10: Web Interface Utilities.......................................................... 143

USING THE SYSTEM TOOLS MENU...............................................................143

Ping Utility.........................................................................................................143

Syslog.................................................................................................................145

To Identify Your System .....................................................................................148

Setting the Time of Your System.........................................................................148

To Upgrade the Firmware Version....................................................................149

Settings Profile...................................................................................................150

To Reboot...........................................................................................................152

Change Your Login Password...........................................................................153

To Logout...........................................................................................................154

USING THE HELP MENU...................................................................................155

To Get Technical Support..................................................................................155

About Your System.............................................................................................156

Appendix A: Configuring Your PC for Network Access......................... 157

ADDING TCP/IP PROTOCOL.............................................................................157

CONFIGURING DYNAMIC IP ADDRESS ALLOCATION..............................159

CONFIGURING STATIC IP ADDRESS ALLOCATION...................................161

CONFIGURING WIRELESS NETWORK SETTINGS FOR WINDOWS XP....163

Appendix B: Dual Card Application Example........................................ 164

SETUP...................................................................................................................164

Page 9

HOW IT WORKS..................................................................................................165

Appendix C: Troubleshooting................................................................... 166

SOLUTIONS TO COMMON PROBLEMS..........................................................166

Appendix D Command Line Interface Commands ................................. 170

Appendix E Glossary of Terms.................................................................. 175

LIST OF COMMONLY USED TERMS...............................................................175

Appendix F Technical Specifications ........................................................ 180

Page 10

Chapter 1: Introduction

Introducing the access point

His access point is a Wireless 54Mbps A+G Dualband Access Point. It doesn’t just operate in wired network environments, it also upholds simultaneous IEEE802.11a and IEEE802.11b/g connections, as is often required in hotspots and other public

Internet access deployment.

The access point is designed to support stateof-the-art security standards such as the Wi-Fi Protected Access (WPA) protocol, the 802.1x authentication standard, 64/128-bits Wired Equivalent Privacy (WEP) encryption, and Transparent Client mode, which is specifically developed to be paired with root access point for Point-to-Point and Point-to-MultiPoint connection.

This highperformance access point also bears the

exclusive uConfig utility and broadband Internet sharing support is an additional function that can be enabled.

When the user chooses to enable routing, additional enhanced functions to the wireless access point operation are available, such as Load Balancing; Fail-Over Redundancy; Parallel Broadband; built-in DHCP server; Virtual Servers based on IP and Port Forwarding; De-Militarised Zone hosts; Packet Filtering; and much more!

Advanced Features



 New 54Mbps 802.11a

& 802.11g 5X faster

than 802.11b!

 Secure your wireless

data transmissions

with WPA protocol,

IEEE 802.1x

authentication and

64/128-bits WEP

Encryption!

Read on and find out more

about these features!

 Quickly access your

network device’s web

administration setup with

uConfig!

 Have you heard of

Parallel Broadband

Continue reading to

discover how the ultimate

Internet solution is

delivered!

Page 11

Chapter 2: Getting to know the Access Point

The following will help you get more acquainted with the rich suite of features offered by the access point so that you are better able to exploit your access point’s full potential.

Key features

Slot support dependent on order configuration.

Supports 2 Slots for 802.11a/b/g and 802.11b/g Wireless Cards*

Supporting Super-G and Super-AG performance as well as the standard 54mbps speed,

the access point provides you the fastest wireless access within your office or home

network. As it is fully backward compatible with 802.11b, you can safeguard your existing

network investments. With 2-slot support, the device can run both 802.11aand 802.11b/g

connections for clien ts and access point simultaneously.

Point-to-Point & Point-to-MultiPoint Support

Point-to-Point and Point-to-MultiPoint communication between different buildings enables

you to bridge wireless clients that are kilometres apart w hile unifying the networks.

Virtual AP (Multiple SSID)

Virtual AP implements mSSID (Multi-SSID)

This allows a single wireless card to be set up with up to 16 virtual AP connections with

different SSIDs or BSSID (Basic Service Set Identifier) and security modes.

WMM

WMM (Wireless Multimedia) improves the user experience for audio, video, and voice

applications by prioritizing data traffic.

Antenna Alignment

Antenna Alignment function finds the best alignment for the unit antenna by measuring the

quality of the signal.

Page 12

Easy Management & Configuration

You can browse or uConfig to the web interface of the access point for effortless

configu ration. Additionally, you can make use of these features:

• The access point supports HTTPS (SSL) in addition to the standard HTTP. HTTP (SSL) features additional authentication and encryption for secure

communication.

• Telnet allows a computer to remotely connect to the access point CLI (Command Line Interface) for control and monitoring.

• SSH (Secure Shell Host) establishes a secure host connection to the access point CLI for control and monitoring.

SSH is designed and created to

provide the best security when accessing another computer remotely. Not

only does it encrypt the session, it also provides better authentication

facilities and features tha t increase the secu rity of o ther protoco ls. It can

use different forms of encryption and ciphers.

• SNMP feature for managing the network performance.

Page 13

Security Features

Security elements have been put in place to better protect your data and privacy.

64-bit / 128-bit WEP Encryption

The access point supports 64-bit and 128-bit WEP (Wired Equivalent Privacy) protocol to

protect data communication in your wireless network.

WPA (Wi-Fi Protected Access) Standard & 802.1x Authentication

The access point supports the WPA standard for enhanced security in your wireless

network. The WPA protocol combines two mechanisms: Dynamic Key Encryption and

Mutual Authentication for en hanced security in t he wireless LAN. This combination

ensures that all users are authenticated through a central authority before being

allowed network access.

WPA Modes:

• WPA Personal

• WPA Enterprise

• WPA2 Personal

• WPA2 Enterprise

• WPA Auto Personal

• WPA Auto Enterprise

Detaile d information on the WPA Modes can be found in Chapter 5: Settin

Up A WL AN

–

Page 14

Additional Features

These features reveal the comprehensive range of advanced routing functionalities.

Static IP, Dynamic IP, PPPoE, PPTP, and L2TP WAN types

Whether you have subscribed to fixed IP, dynamic IP, PPPoE, PPTP, or L2TP, you can use the

access

oint for broadband cable /ADSL Internet connection sharing.

Built-in NAT Firewall & Packet filtering

Since it handles the incoming and outgoing data packet transactions between your LAN

and the external network, the access point can validate individual packet information

before passing it on to a LAN client. To comple ment NAT, you can use the packet f iltering

features to regulate Internet access and control the transmission of TCP, UDP, ICMP or IGMP

packets to and from your LAN clients.

Parallel Broadband

The unique Parallel Broadband technology f eatur es impro ved load balancing and fail-over

Internet connectivity.

Virtual Servers Based on Port-Forwarding, IP-Forwarding and DMZ’s

The access point lets you set up Internet application servers such as FTP file servers and HTTP

web servers based on Port-forwar ding, IP-forwarding a nd Demilitarised Zone hosts .

Page 15

Panel Views

The access point can either be placed standing upright on the 2 rest feet included or mounted onto a wall.

LED indicators denoting network status and activity are situated on the front ed ge of the access point for easy visibility.

Notice: Actual product appearance may slightly differ depending on

the hardware version.

Top View

Rest feet attached to the botto m of the access point

Page 16

Front View

Page 17

Panel Description

Name Description

Steady Green

The device is powered up.

1 Power (LED)

Off No power is supplied to the

device.

Steady Green

The WAN connection is ON.

2 WAN (Link/Activity LED)

Flashing Green

Data transmission at WAN connection.

Steady Green

Wireless interface up and running. Ready for operation.

3 WLAN (1), (2)

(Link/Activity LED)

Flashing Green

Activi ty i s detected i n the wireless network.

These LEDs reflect the status of the integrated Fast Ethernet Switch.

They will light up when connected with an Ethernet cable.

Steady Green

There is a connectivity link of 100Mbps.

Flashing Green

100Mbps data transmission is detected at the port concerned.

Steady Amber

There is a connectivity link of 10Mbps.

4 1, 2, 3, 4

(Link/Activity/Speed LEDs)

Flashing Amber

10Mbps data transmission is detected at the port concerned.

5 DIAG (LED) This LED is reserved for diagnostic purposes.

Page 18

6 Rest Feet These rest feet hold the access point in the

standing position.

7 External Antennas SMA antennas

8 R232 (Integrated Serial

Interface)

Not in use. Reserved for future update.

9 WAN (Ethernet Port)

10/100Base-T Port connects to Cable/ADSL modem.

10 1, 2, 3, 4 (Ethernet Ports) Integrated 3-port 10/100Mbps Switching.

Ports 1, 2, 3, and 4 all function as normal Ethernet ports except that Port 4 supports PoE connection.

Connect Port 4 to PoE Injector if you wish to use it to supply power to the unit.

11 DC Jack Direct Current jack.

If using power adapter to supply power to the unit, attach the power adapter to the main electrical supply and connect the power plug into the DC Jack of the access point.

12 Reset (Push Button)

The table below ill ustrates the use of the Reset button.

Reset

Push

Button

Diagnostic

LED

Access Point

Behavior

Less than

3 sec

On Reboots.

5 sec Fast Blinking Restores the

default login

password,

which is

‘password’.

Between

8 sec and

10 sec

Slow Blinking Restores all the

default factory

settings

including

password.

than 10

sec

Off Reset

cancelled.

Page 19

NOTE:

Although the Ethernet ports are numbered 1 to 4, they DO NOT have to be connected sequentially.

For example: in a network of two computers, you can choose to connect one computer to Port 2 and another to Port 4.

Page 20

Chapter 3: Hardware Setup

The access point can be powered using either the power adapter, or PoE

or IEEE 802.3af PoE.

The installation process for the three options is described below.

Option 1: Using Power Adapter to Supply Power

Before attaching a pair of external antennas to the access point, take note of the ‘A’ marking on one of the two antennas.

The antenna with the ‘A’ marking is the Dualband AG Antenna.

The antenna without the marking is the single-band G Antenna.

• PoE is available in several models and power out puts.

Please contact your supplier for the correct model and power requirements.

Connect the singleband G antenna to Ant-2 on the RIGHT.

Connect the Dualband AG antenna to Ant-1 on the LEFT.

‘A’ marking

Important: To ensure proper functionality of the access

point, these two antennas MUST NOT be swapped.

Page 21

Insert one end of the RJ45 Ethernet cable to any of the LAN ports (1, 2, 3, or 4) on the access point and the other end to your PC’s Ethernet network adapter.

Attach the power adapter to the main electrical supply and connect the power plug into the socket of the access point.

Power on your PC. Notice that the Power and the corresponding port LEDs have lighted up. This indicates that connection has been established successfully between the access point and your PC.

Page 22

Option 2: Using PoE to Supply Power

PoE (Power-Over-Ethernet) can be used to power the access point. This accessory supplies operational power to the wireless access point through the Ethernet cable connection and is available separately.

If you wish to use PoE to supply power to the access point, follow the steps below:

Follow the steps described in Option One.

Connect one end of an RJ45 Ethernet cable t o LAN OUT port of the PoE Injector and the other end to Port 4 of the access point.

For PoE, the recommended length of the RJ45 Category 5 cable is up to 50 metre s.

Page 23

Connect the RJ45 Ethernet cable attached to the PoE Injector t o your PC’s Ethernet network adapter.

Once you have finished configuring the access point, you can connect the PoE Injector’s RJ45 Ethernet cable to your network device, such as a switch or a hub.

Connect the power adapter supplied in the PoE kit to the main electrical supply and the power plug into the socket of the injector.

Note:

DO NOT interchange the access point and PoE power adapters. The voltage and current supply is incompatible.

Page 24

Turn on your power supply. Notice that the Power LEDs have lighted up. This indicates that t he access point is receiv ing power t hrough t he PoE Injector. Notice also that the Port 4 LEDs have lighted up. This indicates that connection between the access point and your PC has been established.

Page 25

Chapter 4: Accessing the Web Interface

This chapter consi sts of the following:

 Overview of alternatives to access the web interface  How to uConfig to the web interface  How to b rowse to the web interface

Overview of alternatives

The access point can be configured with the web interface. After connecting the access point to your PC, there are two methods

of accessing its web interface:

 Installing and running the uConfig utility.  Changing your web browser settings.

How to uConfig to the Web Interface

The uConfig utility has been developed to allow access to the web interface of your product without having to change the TCP/IP settings of your PC.

Installing uConfig

exclusive!

Insert the Product CD into the CDROM drive. It will automatically run and display the web page.

1. Click on Utilities.

2. Select to install the uConfig utility on your hard disk.

3. After installation, double-click on the uConfig icon to run the program.

Page 26

After installation, your PC will automatically detect connected products. Double-click on the uConfig utility icon to run the program.

Running uConfig

At the authentication page, click on the LOGIN! button to enter the main configuration page.

Note: The default password is “password”

1. Ensure that the access point is selected under the Products List.

2. Click on Open Web. This opens the access point login

screen.

This screen prompts you not to exit uConfig while accessing the web interface

or else connection to the device will fail. Click on the

OK button to proceed.

Page 27

How to Browse to the Web Interface

Browsing to the web interface

You will then r e ach the home page of the access point web inter face.

1. Launch your web browser.

2. Under the Tools tab, select Internet Options.

3. Open the Connections tab.

4. In the LAN Settings section, di sable all the option boxes.

1. At the address bar, type:

http://192.168.168.1

2. At the login page, press the

configuration pages. Note: The default password is

“password”

Open your Command prompt window and type in: ping

192.168.168.1 to verify that your PC

can communicate with the access point.

If your TCP/IP settings are correct, you will

et replies to

this ping command.

Page 28

Chapter 5: Setting up a WLAN

This chapter applies exclusively to Wireless Setup (a/b/g) and Wireless Setup (b/g).

Wireless Setup (a/b/g) supports IEEE 802.11a, IEEE 802.11b only, IEEE

802.11b/g mixed, and IEE 802.11g only wireless LAN connections.

Wireless Setup (b/g) supports IEEE 802.11b only, IEEE 802.11b/g mixed,

and IEE 802.11g only wireless LAN connections. WLAN implementations are suitable for home or larger networks, it

allows roaming users the convenience of accessing network resources anywhere and at all times. It also provides cost savings, as deploying WLANs is cheaper than setting up wired networks.

The next sections involve the following:

 WLAN Setup  Wireless Security Settings  Advanced Settings

The steps featured are common to both Wireless Setup (a/b/g) and Wireless Setup (b/g), unless otherwise stated.

Page 29

Operation Modes

Access Point Mode This is the default mode of your access point. The Access Point mode

enables you to bridge wireless clients to access the wired network infrastructure and to communic ate with each other.

In the example above, the wireless users will be able to access the file server connected to the switch through the access point in Access Point mode.

Page 30

Client Mode

In Client mode, the device acts as a wireless Client. When connected to an access point, it will create a network link between the Ethernet network connected at this Client device, and the wireless and Ethernet network connected at the access point.

In this mode it can only connect with an access point. Other wireless clients cannot connect with it directly unless connected to the same access point - allowing them to communicate with all devices connected at the Ethernet port of the access point.

In the example above, the workgroup PCs will be able to access the printer connected to the access point in Access Point Client mode.

Optional additi onal feature:

Point-to-Point connection in this operation mode is also supported if you specifically wish to connect with an AP only. Please refer to Point-toPoint setup section.

Page 31

Wireless Routing Client Mode An application of this mode would be for the Ethernet port of the

Wireless Routing Client to be used for connection with other devices on the network while access to the Internet would be achieved through wireless communication with wireless ISP.

The above illustration describes how this mode operates.

Optional additi onal feature: Point-to-Point connection in this operation mode is also supported if you specifically wish to connect with an A P only. Please refer to Poi nt-to-Point setup section.

Page 32

Transparent Client Mode

In Transparent Client Mode, th e access point provides connection with an AP

acting as Root AP. This operation mode is designed for

implementation of Poin t-to-Point and P oint-to-MultiPoint connections.

Point-to-Point

Point-to-MultiPoint

An access point acts as Root AP and 1 other access point acts as

Transparent Client.

An access point acts as Root AP

and several other access point acts

as Transparent Clients.

This mode is generally used for outdoor connections over long distances, or for indoor connections between local networks.

Page 33

Difference Between other client modes and Transparent Client Mode

Other client modes

Transparent Client Mode

Connectivity with any standard

APs.

Connectivity with RootAP-supported

APs.

All devices connected to the

Ethernet ports use a common

MAC address for

communications with the AP.

Devices connected to the Ethernet

ports flow through freely and

transparently with out the MAC

address restriction.

Transparent Client Mode is more transparent, making it more suitable for linking two networks as point-to-p oint, or point-to-multi-point n etwork connection.

Page 34

To Set Up a Wireless LAN

Follow these steps to setup your wireless LAN.

WLAN Setup (a/b/g)

Click on WLAN Setup(a/b/g) from the CONFIGURATION menu.

Select Basic to make changes. If you disable the card, you will not be able to use the features of this wireless card. If you wish to disable

the card, click on the Click to Disable This Wireless Card button. Click Reboot in Reboot System page.

Rebooting

page displays and machine

reboots.

The Wireless Card Disabled screen indicates that the wireless card has been disabled.

Page 35

Operation Mode : These operation modes are supported:

• Access Point

• Client Mode

• Wireless Routing Client

• Transparent Client Mode

WLAN name (ESSID) : Enter a preferred name for the wireless network.

Your wireless clients must be configured with the same ESSID (sometimes referred to as SSID).

To change the wireless mode, make a selection from the dropdown box.

The access point supports wireless LAN connectivity that is fully compliant with the IEEE 802.11g, IEEE 802.11a, and IEEE 802.11b standards. It also employs different security modes to secure the data transmission of the wireless clients within your network.

The Current Mode

is defaulted to Access Point. To change the mode, click on the

Page 36

Wireless mode

Select from the list of wireless modes available:

802.11a (not supported by WLAN Setup for b/g)

This mode supports wireless A clients with data rates of up to 54Mbps in the frequency range of 5GHz.

802.11b only

This mode supports wireless B clients with data rates of up to 11Mbps in the frequency range of 2.4Hz.

802.11g only

This mode supports wireless G clients with data rates of up to 54Mbps in the frequency range of 2.4Hz.

802.11b/g mixed

This mode supports both wireless B and G clients. The basic rates are: 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48, and 54Mbps.

Country : Choose the Country where you are located. Channel : This option allows you to select a frequency channel for

wireless communication. Select SmartSelect to automatically scan and recommend the best channel that can be utilised.

Tx Rate : Allow you to choose the rate of data transmission from

1Mbps to Fully Auto.

Maximum Associations : Allow y ou to l imi t the numb er of WLAN a ssoc iation s that ca n

be made from 1 to 128. Default: 32

Closed system

The access point will suppress and not broadcast its WLAN

name (SSID) when Closed system is enabled. Closed system is disabled by default.

Act as RootAP

The access point will connect with one or multiple Transparent Clients to create a point-to-point and point-to multi-point connections network with 2 or more APs. This connection method is fully compliant with 802.1h standards.

VLANID

Select and specify the VLANID. This is a number to identify the different virtual network segments to which the network d evices are grouped. This can be any number from 1 to 4094.

Page 37

Point-to-Point & Point-to-MultiPoint Setup

You can implement Point-to-Point connection by simply setting one access point as RootAP in Access Point mode and setting the other access points to Transparent Client mode.

You can set a root access point and a transparent client to allow pointto-point communication between different buildings and enable you to bridge wireless clients that are kilometres apart while unifying the networks. Or you can set a root access point and multiple transparent clients to allow point-to-multiple-po int communicatio n between the access point located at a facility and several other access points installed in any direction from that facility.

Follow these steps to setup RootAP

RRoooottAAPP SStteepp 11::

Click on WWLLAANN SSeettuupp from the CCOONNFFIIGGUURRAATTIIOONN menu. You will see the sub-menus expanded under WWLLAANN SSeettuupp. Click on BBaassiicc.

Ensure that TThhee CCuurrrr

eenntt MMooddee

is set to AAcccceessss PPooiinntt.

To change TThhee CCuurrrreenntt MMooddee, please refer to: Common Configuration – WLAN Setup - To Configure the Basic Setup of the Wireless Mode.

Page 38

RRoooottAAPP SStteepp 22::

Select AAcctt aass RRoooottAAPP, click on the AAppppllyy button and reboot your device to let your ch anges tak e effect.

Page 39

Follow these steps to setup Transparent Client/s.

TTrraannssppaarreenntt CClliieenntt SStteepp 11::

Click on WWLLAANN SSeettuupp from the CCOONNFFIIGGUURRAATTIIOONN menu. You will see the sub-menus expanded under WWLLAANN SSeettuupp. Click on BBaassiicc.

Ensure that TThhee CCuurr

reenntt MMooddee is set to TTrraannssppaarreenntt CClliieenntt.

To change TThhee CCuurrrreenntt MMooddee, please refer to: Common Configuration – WLAN Setup - To Configure the Basic Setup of the Wireless Mode.

Page 40

TTrraannssppaarreenntt CClliieenntt SStteepp 22::

Select the RReemmoottee AAPP MMAACC checkbox. Enter the RReemmoottee AAPP MMAACC.

Note: When using RReemmoottee AAPP MMAACC, the EESSSSIIDD name must also match the AP’s ESSID name, especially when Closed System is enabled on the AP.

Repeat Transparent Client step to add more points to the Point-toMultiPoint connection.

Page 41

Channel Survey

Follow these steps to perform a channel survey to get the recommended channel for the access point.

Channel Survey

Click on WLAN Setup(a/b/g) from the

CONFIGURATION menu.

Click Channel Survey to perform a channel survey.

The Channel Survey Status page displays with the recommended channel. In this page you may:

• Select channel to apply.

• Click Apply to apply

selected channel.

• Click Refresh to perform another channel survey.

• Click Back if you do not wish to make any changes.

Page 42

Channel Survey

This table describes the read-only parameters of all channels that can be viewed from the Channel Survey page.

Parameters

Description

Freq : Refers to the frequency of the channel at which

your access point is operating.

Channel : Refers to the channel of the access point being

used for transmission depending on its origin of country.

MyQuality

Indicates the interference level of the respecti ve channel w ith this AP. The lower the value, the less interference.

APCount : Refers to the total number of access points

operating at the current channel.

NeighQuality : Indicates the interference level with those

discovered APs at those respective channels. The lower the value, the less interference.

Recommendation

Indicates the best channel for the AP device to use in its current environment.

Page 43

How to Make Your WLAN More Secure

All your network clients MUST share the same wireless settings as the access point to be able to communicate.

The access point offers 8 types of security modes:

 WEP

Short for Wired Equivalent Privacy, WEP is a security protocol basing on a secret key to encrypt data packets before they are transmitted. You MUST

remember to apply the same WEP settings and key to the

access point as well as to all your wireless clients.

 802.1x

This mode conforms to the IEEE 802.1x authentication standard that ensures that a client is not given access t o network resources unless it has been successfully authenticated. There MUST

be a RADIUS server on your LAN for this security mode to

function.

 WPA Personal

WPA, or Wi-Fi Protected Access, is a protocol for authorising and authenticating users onto the wireless network and implements the majority of the IEEE 802.11i standard. WPA Personal mode implements a shared network password for clients and access points. The only interaction is between the access point and the client, therefore, a RADIUS server is NOT

required.

 WPA Enterprise

WPA Enterprise mode implements the 802.1X authentication. There MUST

be a RADIUS server on your LAN for this security mode to

function.

 WPA2 Personal

WPA2 Personal mode implements the full IEEE 802.11i standard with a shared network password for clients and access points. The only interaction is between the access point and the client, therefore, a RADIUS server is NOT

required.

Page 44

 WPA2 Enterprise

WPA2 Enterprise mode implements the full IEEE 802.11i standard and

802.1X authentication. There MUST

be a RADIUS server on your LAN for this security mode to

function.

 WPA Auto Personal

WPA Auto Personal mode implements a shared network password for clients and access points and if there are no WPA enabled access points available with the given SSID in WPA Personal mode, the unit will attempt to associate with a non-WPA point with the given SSID, if available. The only interaction is between the access point and the client, therefore, a RADIUS server is NOT

required.

 WPA Auto Enterprise

WPA Auto Enterprise implements 802.1X authentication and if there are no WPA enabled access points available with the given SSID in WPA Enterprise mode, the unit will attempt to associate with a non-WPA point with the given SSID, if available. There MUST

be a RADIUS server on your LAN for this security mode to

function.

Page 45

The subsequent sections illustrate how to configure each security mode.

Begin with following the two common preliminary steps shown below to select the most appropriate security mode to protect your wireless communications.

Selecting a security mode

Click on WLAN Setup(a/b/g) from the CONFIGURATION menu. Select Security.

1. Make a selection from the

Security Mode drop down menu.

The Security Mode is disabled by default.

2. Click on Apply.

Page 46

How to Setup WEP

WEP

You can define up to 4 WEP keys.

For each key, you can specify:

 The Key Entry Method, by

selecting either:

- Hexadecimal

- ASCII text

 The encryption level, from

the dropdown list:

- 64-bit

- 128-bit

Click Edit to set the keys, and then click Apply.

Page 47

For hexadecimal key entry:

1. Select the Hex radio button.

2. Select the radio button of the key to be entered.

3. Select the key encryption mode from the drop down menu.

4. Fill in the key value.

A hexadecimal value is made of digits 0-9 and letters A-F,

and is NO

case-sensitive. For 64-bit encryption:

Your WEP key has to be 10

hex

digits long.

For 128-bit encryption:

Your WEP key has to be 26

hex

digits long.

5. Click on Apply.

6. I f the key format is valid, the page will refresh and the key will appear in encrypted form.

Page 48

For ASCII key entry:

1. Select the ASCII radio button.

2. Select the radio button of the key to be entered.

3. Select the key encryption mode from the drop down menu.

4. Fill in the key value.

An ASCII value can take in any alphanumeric character and is NOT case-sensitive.

For 64-bit encryption:

Your WEP key has to be 5 characters long.

For 128-bit encryption:

Your WEP key has to be 13 characters long.

5. Click on Save.

6. If the key format is valid, the page will refresh and the key will appea

in encrypted form.

To add more hexadecimal WEP keys, repeat step 2. To add more ASCII WEP keys, repeat step 2.

You can set a maximum of 4 WEP keys using different key entry methods and encryption levels.

To specify which key to use:

1. Select the radio button of the key to be used.

2. Click on Apply, then on

Reboot

to apply the

changes.

Page 49

How to Setup 802.1x

802.1x

1. Key in the IP address of the

Primary RADIUS Server in you

WLAN. Optional: You may also key in a Secondary RADIUS Server, if any.

Note: The RADIUS server MUST

be in the same subnet as the access point.

2. The Authentication Port is pres et

as 1812, but another port number can be used.

Note: The Authentication Port MUST

match the corresponding

port of the RADIUS server.

3. Enter the Shared Secret Key,

known only to you and the RADIUS server.

4. The Accounting Port is pres et as

1813, but another port numbe

can be used.

5. You can opt for a Key Length

of either 64 bits (10 hex / 5 ASCII values) or 128 bits

(26 hex / 13

ASCII values).

6. Click on Apply.

7. Click on Reboot to restart the system, after which the settings will be effective.

Page 50

How to Setup WPA Enterprise Modes Follow these steps to setup the access point to use WPA Enterprise,

WPA2 Enterprise, and WPA Auto Enterprise.

WPA Enterprise

1. Select the Cipher Type to

implement:

• TKIP

• AES

• AUTO

The Cipher Type is set to AUTO by default

so that the access point can automatically detect which cipher type can be supported by the client.

2. Key in the IP address of the

RADIUS Server in your WLAN.

Note: The RADIUS server MUST

be in the same subnet as the access point.

3. The Authentication Port is

preset as 1812, but anothe

port number can be used.

Note: The Authentication Port MUST

match the corresponding

port of the RADIUS server.

4. Enter the Shared Secret Key,

known only to you and the RADIUS server.

5. The Accounting Port is preset

as 1813, but another port number can be used.

6. Click Apply.

7. Click on Reboot to restart the system, after which you

settings will become effective.

Page 51

How to Setup WPA Personal Follow these steps to setup the access point for using WPA Personal,

WPA2 Personal, and WPA Auto Personal.

WPA Personal

1. Fill in the Passphrase or pre- shared network key.

2. Select the Cipher Type to implement:

• TKIP

• AES

• AUTO.

The Cipher Type is set to AUTO by default

so that the access point can automatically detect which cipher type can be supported by the client.

1. Click Apply.

2. Click Reboot to restart the system, after which your settings will become effective.

Page 52

Advanced WLAN Settings

Follow these steps to change the radio settings of the acces s point.

Editing Advanced Settings

1. Click on WLAN Setup

(a/b/g) from the

CONFIGURATION menu.

2. Select Advanced.

1. Set the Beacon Interval (the time lapse between every beacon sent) to any value between 200 and 1000. It is preset as 200 seconds.

2. Set the Data Beacon Rate

from 1 to

16384. This determines how often the beacon should contain a Delivery Traffic

Indication Message (DTIM) that tells

power-save clients that a packet is waiting for them.

3. Set the RTS/CTS Threshold from 256 to

2346. It is preset to 2346.

4. Set the Frag Threshold from 256 to 2346. It is preset to 2346.

5. Transmission Power Control (TPC) offers the flexibility to set the Transmit Power. (802.11h compliant) It is set to Maximum by default, but should be reduced if there is more than one of the access points using the same channel frequency. It can be set from Minimum to Maximum, 1dBm to 20dBm, in increments or 1dBm per step.

Page 53

6. Select whether to enable Station

Isolation.

This security feature implements isolation, in order to prevent networ

clients from attacking other networ

clients.

7. The Antenna Control

function allows

you to control whether to use the:

• MAIN antenna (Default)

• AUX (Auxiliary) antenna

• Diversity, to monitor the signal from each antenna and automatically switch to the one with the better signal.

8. Dynamic Frequency Selection (DFS) support provides flexible selection of the best frequency channel for the wireless communication to allo

mobility among networks. It reduces interference by detecting and avoiding other frequencies in use. (DFS is a component of, and compliant with 802.11h specifications.)

DFS is enabled by default.

1. Click Apply. Changes will be enabled afte

reboot.

Page 54

Long Distance Parameters

It is necessary to adjust the long distance parameters, only if the distance is 100 meters and beyond. Follow these steps to change the long distance parameters of the access point.

Editing Long Distance Parameters

1. Click Long Distance Parameters.

1. Click on WLAN Setup

(a/b/g) from the

CONFIGURATION menu.

2. Select Advanced.

Page 55

1. Select whether to Enable or Disable Outdoor operation.

2. Enter Distance of the unit in meters.

3. Enter the SlotTi me.

4. Enter the acknowledgement timeout.

5. Enter the CTS timeout.

6. Click Apply.

To view recommended long distance parameters: Click Show Reference Data button.

This dialog box displays if the Distance entered is less than 100 meters.

Page 56

WMM

Wireless Multimedia (WMM) is a QoS (Quality of Service) standard in IEEE802.11E that we have adopted to improve and support the user experience for multimedia, video, and voice applicat ions by prioritizing data traffic. QoS can be realized throu gh 4 different Access Cate gories (AC). Each AC type consists of an independent transmit queue, and a channel access function with its own parameters.

Page 57

Follow these steps to change the setup Wireless Multimedia on your access point.

Setting WMM

Click WMM Settings.

1. Select to Enable Wireless

Multimedia (WMM)

2. Enter the desired WMM parameters. Using the default parameters is recommended.

3. Click Apply to apply the WMM settings, click Default to reset all parameters to defaul t, or cl ick Back to discard any changes and return to WLAN Basic Setup page.

1. Click on WLAN Setup

(a/b/g) from the

CONFIGURATION menu.

2. Select Advanced.

Page 58

WMM Parameters (for advanced users)

AIFs (Arbitrary Inter-

Frame Space)

Arbitrary Inter-Frame Space is the minimum wait time interval between the wireless medium becoming idle and the start of

transmission of a frame over the network.

Cwmin (Contention

Window Minimum)

Contention Window Minimum is the minimum random wait time

drawn from this interval or window for the backoff mechanism on

the network.

CwMax (Contention

Window Maximum)

Contention Window Maximum is the maximum random wait time

drawn from this interval or window for the backoff mechanism on

the network.

TxOp limit (Transmit

Opportunity Limit)

Transmit Opportunity limit specifies the minimum duration that an

end-user device can transmit data traffic after obtaining a

transmit opportunity. TxOp limit can be used to give data traffic

longer and shorter access.

NoAck (No

Acknowledgement)

No Acknowledgement provides control of the reliability of traffic

flow. Usually an acknowledge packet is returned for every

packet received, increasing traffic load and decreasing

performance.

Enabling No Acknowledgement cancels the acknowledgement.

This is useful for data traffic where speed of transmission is

important.

ACM (Admission

Control Mandatory)

Admission Control Mandatory enables WMM on the radio interface. When ACM is enabled, associated clients must

complete the WMM admission control procedure before access.

BE (Best Effort)

Parameters for Data0 Best Effort.

Best Effort data traffic has no prioritization and applications

equally share availabl e bandwidth.

BK (Background)

Parameters for Data1 Background.

Background data traffic is de-prioritized and is mostly for backup

applications, or background transfers like backup applications or

background transfers like bulk copies that do not impact

ongoing traffic like Internet downloads.

VI (Video)

Parameters for video data traffic.

VO (Voice) Parameters for voice data traffic.

Page 59

Statistics

Follow these steps to view the WLAN detailed connections statistics per WLAN station.

Statistics

1. Click on WLAN Setup (a/b/g) from the CONFIGURATION menu.

2. Select Statistics.

1. Select the WLAN connection to view statistics of.

• Click Refresh to refresh the WLAN Connection List.

• Click Back to return to the WLAN Basic Setup page.

The WLAN connection’s statistics displays.

Click Back to return to WLAN Basic Setup page.

Page 60

Virtual AP (Multiple SSID)

Virtual AP implements mSSID (Multi-SSID) whereby a single wireless card can be setup with up to 16 v irt ual AP connect ions wit h diffe rent SSIDs or BSSID (Basic Service Set Identifier) and security modes.

Virtual AP delivers multiple services by VLAN segmentation: making the network think there are many SSIDs available and channeling each connection through different VLANs to the respective virtual network segments on the Ethernet network.

How it Works

When WLAN PC 1 connects to VAP 1 its packets are channeled to VLAN 10 group where only services connected to Port 2 and Port 3 are available to this wireless connection.

It is similar for WLAN PC 2 and WLAN PC 3. Although they connect to the same radio card as WLAN PC 1, WLAN PC 2 can only access the services available at Port 6 and Port 7 and WLAN PC 3 can only access the services available at Port 10 and Port 11.Follow these steps to setup Virtual AP.

Page 61

Virtual AP

1. Click on WLAN Setup (a/b/g) from the

CONFIGURATION menu.

2. Select Virtual AP.

Virtual AP List page displays.

• Click Apply to register changes.

• Click Clear to clear Virtual AP List.

• Click Back to return to WLAN Basic

Setup page.

• Select the Delete option beside any Virtual APs you wish to delete.

Click Add to goto add Virtual AP page.

1. Enter ESSID name.

2. Settings:

• VLAN ID

• Closed System

• RootAP

3. Select Security Mode

4. Click Apply to make

changes or click Back to return to Virtual AP List page.

Page 62

Preferred APs

(Only available in Client Mode) When there is more than one AP with the same SSID, the Preferred APs

function allows you define the MAC address of the APs in order of preference. The MAC address at the top of the Preferred APs list has the highest connection preference, and the MAC address at the bottom has the lowest connection preference.

Follow these steps to specify your preferred APs.

Preferred APs

1. Click on WLAN Setup (a/b/g) from the

CONFIGURATION menu.

2. Select Preferred APs.

1. Enter the MAC addresses of the

preferred APs.

2. Click Apply to effect the

settings.

Page 63

Antenna Alignment

The Antenna Alignment function helps you find the be st alignment for the access point antenna by measuring the quality of the signal. For best results during the antenna alignment, turn off all wireless networking devices within range of the access point except the device with which you are trying to align the antenna.

Follow these steps to setup your wireless LAN.

Antenna Alignment

1. Click on WLAN Setup (a/b/g) from the CONFIGURATION menu.

2. Select Antenna Alignment.

1. Enter the Remote AP MAC Address you wish to align with.

2. Click Sta rt to perform antenna alignment.

NOTE: To ensure proper functionality of the device, select to Stop after performing antenna alignment. Alternatively, you may also reboot the device.

Page 64

Chapter 6: Configuration

This chapter describes the different features of the access point and explains how to customise them to meet your network requirements.

 Setting up the access poi nt in your LAN  SNMP (Simple Network Management Protocol) Setup

Setting Up the Access Point in Your LAN

The following table lists out the parameters relevant to your LAN setup. You can replace the default settings with appropriate values to suit the needs of your LAN.

LAN Parameters Description

IP Address

The IP address of the access point is 192.168.168.1 by default. When the DHCP server of the access point is enabled, this LAN <IP address> would be allocated as the Default Gateway of the DHCP client unless you set a different <DHCP Gateway IP address>

Network Mask

The Network Mask identifies the subnet in which the access point resides. The default network mask is 255.255.255.0.

The next two fields (DHCP Start IP Address and DHCP End IP Address) allow you to define the range of IP addresses from which the DHCP Serv er can assign an IP address to the LAN.

DHCP Start IP Address

This is the fi rst IP address that the DHCP server will assign. The value you enter should belong to the same subnet as the access point.

For example if the IP address and network mask of your access point are 192.168.168.1 and 255.255.255.0 respectively, the DHCP Start IP Address should be

192.168.168.X where X is any value from 2 to 254. It is preset to 192.168.168.100.

DHCP End IP Address

This is the last I P address that the DHCP server can assign. The value you enter should also belong to the same subnet as the access point.

For example if the IP address and network mask of the access

oint are 192.168.168.1 and 255.255.255.0

Page 65

respectively, the DHCP End IP Address should be

192.168.168.X where X is any value from 2 to 254. It is preset as 192.168.168.254.

DHCP Gateway IP Address

Enter the IP address of the gateway to Internet or of the access point if it is the one connecting to the Internet.

If your network uses multiple gateways / access points, you may set the access point as DHCP server to a LAN segment while another access point connects to the Internet or to another LAN.

Though the DHCP server usually acts as the Default Gateway of the DHCP client, you can define a different Gateway IP address, which will be allocated as the Default Gateway IP of the DHCP client. The DHCP client will thus receive its dynamic IP address from the access point but will access the Internet or the other LAN through the Default Gateway defined by the <DHCP Gateway IP address>.

Always use these DNS servers

Enable this option i f you want the access point to use onl y the DNS server you have specified.

Primary DNS IP Address

Your ISP usually provides the IP address of the DNS server.

Secondary DNS IP Address

This optional fiel d is for the IP address of a secondary DNS server.

DHCP Server

If DHCP server is disabled you will need to manually configure the TCP/IP parameters of each computer in your LAN.

Page 66

Setting Up Your LAN Follow these steps to change the values and customise them for your

LAN settings.

LAN Setup

Click LAN Setup from the

CONFIGURATION menu.

1. Amend the relevant fields in the

LAN Setup page.

2. Click Apply, to apply the changes.

Page 67

To View the Active DHCP Leases Follow these steps to display the active IP address leases allocated by

the built-in DHCP server.

To view the active DHCP leases

The DHCP Active Leases table displays:

 The IP Address that has been

allocated to the DHCP clien t.

 The Host Name of the DHCP

client.

 The Hardware Address (MAC) of

the DHCP clie nt.

 The date and time when the IP

address leased expires.

1. Click LAN Setup from the

CONFIGURATION menu.

2. In LAN Setup page, go to

Advanced DHCP Serve

Options.

3. Click Show Active DHCP

leases.

NOTE: Invalid date and time displayed in the Expires column indicates that the clock of the access point has not been set. Please refer to Chapter 10: Web-Interface Utilities –

Using the

System Tools Menu – Setting the Time of Your System

for steps to

set the access point’s clock.

Page 68

To Reserve Specific IP Addresses for Predetermined DHCP Clients You can reserve a fixed IP address for a predetermined client

(identified by its MAC address) to exclude it from the pool of free IP addresses the DHCP server draws on for its dynamic address allocation.

For example: If you set up a publicly accessible FTP/HTTP server within your private LAN, that server would require a fixed IP address, whereas you would still want the DHCP server to dynamically allocate IP addresses to the rest of the PCs on the LAN.

Follow these steps to modify the settings of the built-in DHCP server.

Advanced DHCP Options

1. Click LAN Setup from the

CONFIGURATION menu.

2. In LAN Setup page, go to

Advanced DHCP Serve

Options.

3. Click DHCP Serve

Reservations.

1. Enter:

 The host portion of the IP

Address to reserve.

 The Hardware Address, in 6

pairs of two hex values

2. Click Add effect the changes.

3. The DHCP Reservations table will refresh to display the currently reserved IP addresses.

Page 69

If you do not need the DHCP server to reserve an IP address anymore, you can delete the DHCP Server Reservation:

1. Select the reserved IP address to delete.

2. Click Delete.

3. The DHCP Reservations table will refresh to reflect the changes.

Page 70

Spanning Tree Protocol

Spanning Tree Protocol is a link management protocol that provides path redundancy while preventing undesirabl e loops in the network. For an Ethernet network to function properly, only one active path can exist between two stations.

Multiple active paths between stations cause loops in the network. If a loop exists in the network topology, the potential exists for duplication of messages. When loops occur, some switches see stations appear on both sides of the switch. This condition confuses the forwarding algorithm and resul ts in dupli cate frames being forwarded.

Enabling Spanning Tree Protocol

Click Spanning Tree Protocol from the CONFIGURATION menu.

Select Enable, and click Apply to allow spanning tree protocol to be activated on the router.

Page 71

STP Status: Spanning Tree Protocol (STP) function makes your network more resilient to link failure and avoids loop formation.

Priority:

Specify the pr iority given to the AP. This value determines which access point acts as the central reference point, or Root

AP, for the STP sy stem — the l ower the priority v alue, the m ore likel y the access poin t is to become the Root AP. If the priority v alues are all the same, then the system will search for the access point with the smallest MAC address and set it as the Root AP.

Hello Time:

Specify the time in seconds that elapses between the generation of configuration messages (also known as Hello BPDUs) by an AP that assumes itself that it’s the Root AP.

Forwarding Delay:

Specify the time in seconds an AP spends in the listening and learning states (l istening for configuration messages.)

Max Aging Time: Specify the maximum age in seconds of stored configuration message information, after which it is judged as too old and are discarded.

Note: If an AP does not receive another configuration message after the Max Aging Time, the system assumes that the link between itself and the Root AP has gone down and reconfigures the network accordingly.

After specifying the values, click Apply to apply changes.

Page 72

MAC Filtering

MAC Filtering acts as a security measure by controlling the users accessing to the network through their MAC address. Each WLAN or radio card supports up to 16 virt ual access points and has its own MAC address listing. The client MAC addresses entries can be set apply t o all, or to only selected virtual access points.

NOTE: Only the MAC addresses of wireless clients

associated with the AP are filtered. MAC addresses of PCs connected to the Ethernet port of an AP Cli ent or Transparent Client device are not filtered.

Page 73

Add a MAC address to the MAC Address List.

SStteepp 11::

Select MMAACC FFiilltteerriinngg from WWLLAANN SSeettuupp((aa//bb//gg)). MAC Address Filtering page displays.

In this page you may also set the MAC Filtering Status to EEnnaabbllee or

DDiissaabbllee

for access points and set the Policy to either AA

cccceepptt

or DDeennyy

MAC addresses.

MAC Filtering set to EEnnaabbllee with Policy to

AAcccceeppt

t only the MAC addresses in the MAC

Filter Address List and deny all other MAC addresses.

MAC Filtering set to EEnnaabbllee with Policy to DDeennyy all the MAC addresses in the MAC Filter Address List and accept all other MAC addresses.

MAC Filtering set to DDiissaabbllee. Whether Policy is set to EEnnaabbllee or DDeennyy does not matter.

Click EEddiitt. (This displays the MAC Address List of individual virtual access points.)

Page 74

SStteepp 22::

MAC Filter Address List page displays. Click the AAdddd button.

SStteepp 33::

Add MAC Address page displays.

Page 75

SStteepp 44::

Enter the MAC Address of the client in the format xx-xx-xx-xx-xx-xx, where x can take any value in the range 0-9 or a-f.

Enter the Comment. This describes the MAC Address you have entered. To apply to all virtual access points: Check AAppppllyy ttoo AAllll.

To apply to specific virtual access point: Select the checkbox of the corresponding AP.

Click the AAppppllyy button.

SStteepp 55::

MAC Filter Address List page displays with updated MAC Address List.

NOTE

Please reboot to effect all changes and new MAC address entries.

Page 76

Delete a MAC address from all access points.

SStteepp 11::

Select MMAACC FFiilltteerriinngg from WWLLAANN SSeettuupp((aa//bb//gg)). MAC Address Filtering page displays.

Click VViieeww CCoommpplleettee MMAACC

LLiisstt..

(This displays the MAC Address List of the radio card.)

SStteepp 22::

MAC Filter Address List page displays. Select the checkbox of the MAC address you wish to delete.

Click the DDeelleettee button.

Page 77

SStteepp 33::

MAC Filter Address List page displays with updated MAC Address List.

Page 78

Delete a MAC address from individual access point.

SStteepp 11::

Select MMAACC FFiilltteerriinngg from WWLLAANN SSeettuupp((aa//bb//gg)). MAC Address Filtering page displays.

Click EEddiitt for the corresponding access point.

SStteepp 22::

MAC Filter Address List page displays. Select the checkbox of the MAC address you wish to delete.

Click the DDeelleettee button.

Page 79

SStteepp 33::

MAC Filter Address List page displays with updated MAC Address List.

Page 80

Edit MAC address from the MAC Address List.

SStteepp 11::

Select MMAACC FFiilltteerriinngg from WWLLAANN SSeettuupp((aa//bb//gg)). MAC Address Filtering page displays.

Click EEddiitt.

SStteepp 22::

MAC Filter Address List page displays. Select the MAC address to edit.

Page 81

SStteepp 33::

The Edit MAC Address page displays. Edit the MAC address settings accordingly.

Click SSaavvee.

SStteepp 44::

MAC Filter Address List page displays with updated MAC Address List.

Page 82

Chapter 7: Security Configuration

The Security Configuration chapter covers:

 Firewall Configuration  Firewall Logs  Packet Filtering  URL Filtering  Multicast Filtering

The access point makes use of Packet Filtering and Stateful Packet Inspection (SPI) to examine each message entering or leaving your LAN and block those that do not satisfy your specified security criteria. Packet Filtering allows you to define security filter rules such that packets that make it through the filter rules are processed as per normal, while those that do not are discarded.

SPI compares the packet content to a database of trusted information instead of only checking the packet header, before letting it through.

Security Level Depending on the amount of protection you require, you can

determine the level of security to implement: Low, Medium, and High. Log Information

The access point allows you to keep a record of data packets that have been allowed and/or that have been refused through the firewall.

By customising the dat a traffic to record and reviewing the log fil es at regular intervals, you can monitor the system’s performance and identify irregularities.

The following lists the usual types of data packets encountered.

 TCP (Transmission Control Protocol) packets are exchanged

between hosts to establish a connection and exchange data.

 UDP (User Datagram Protocol) packets are primarily used for

broadcasting messages and in streaming audio/video information.

 ICMP (Internet Control Message Protocol) packets pertaining to

error or control information are exchanged between access points.

 IGMP (Internet Group Management Protocol) packets are sent to

establish host memberships such as multicast groups on the LAN.

Page 83

Firewall Configuration

Follow these steps to configure the firewall.

Firewall Configuration

1. Enable the firewall. You can choose the Default Low, Default Medium, or Default High security options for convenient setup.

2. Choose the type of network activity

information to log for reference. Data activity arising from different types of protocol can be recorded.

3. The packet types selected in the

Accepted section will display in the firewall log if they are detected by the firewall. This also applies to the Denied section.

Click Firewall Configuration from the Security Configuration menu.

Page 84

5. More firewall rules can be added for specific security purposes.

Rule Name : Enter a unique name to identify this firewall rule. Disposition

Policy

: This parameter determines whether the packets obeying the rule

should be accepted or denied by the firewall. Choose between Accept, or Deny.

Protocols : Users ar e a l l owed to s el ec t the ty pe o f d ata pa cket f ro m: TC P, UDP ,

ICMP, IGMP, or ALL. Note: If users select either I CMP or I GMP, they are req uired to make

further selection on ICMP Types or IGMP Types respectively.

ICMP Types

: This IP protocol is used to report errors in IP packet routing.

ICMP serves as a form of flow control, although the receiving and transmitting of ICMP messages is not guaranteed.

ICMP Packet Type Description

Echo request Determines whether an IP node (a host or

a router) is available on the network. Echo reply Replies to an ICMP echo request. Destination unreachable

Informs the host that a datagram cannot

be delivered. Source quench Informs th e host to lower the rate at which

Page 85

it sends datagrams because of

congestion. Redirect Informs the host of a preferred route. Time exceeded Indicates that the Time-to-Live (TTL) of an

IP datagram has expired. Parameter Problem

Informs that host that there is a problem in

one the ICMP parameter. Timestamp Request

Information that is from the ICMP data

packet. Information Request

Information that is from the ICMP da ta

packet. Information Reply Information that is from the ICMP data

packet.

IGMP Types

: This IP protocol is used to establish host memberships in particular

multicast groups on a single network. The mechanisms of the protocol allow a host to inform its local router, using Host Membership Reports.

Host Membership Report

Information that is from the IGMP data

packet. Host Membership Query

Information that is from the IGMP data

packet. Leave Host Message

Information that is from the ICMP data

packet.

Source IP : This parameter allows you to specify workstation(s) generating the

data packets. Users can either set a single IP address or set a range of IP addresses.

Destination IP : This parameter lets you specify the set of workstations that receive

the data packets. Users can either set a single IP address or set a range of IP addresses.

Source Port : You can control requests for using a specific application by

entering its port number here. Users can either set a single port number or a range of port numbers.

Destination Port : This parameter determines the application from the specified

destination port. Users can either set a single port number or a range of port numbers.

Page 86

Check Options : This parameter refers to the options in the packet header. The

available selection options are abbreviated as follows:

SEC – Security LSRR – Loose Source Routing Timestamp – Timestamp RR – Record Route SID – Stream Identifier SSRR – Strict Source Routing RA – Router Alert

Check TTL : This parameter would let you screen packets according to their

Time-To-Live (TTL) value available options are:

1. Equal

2. Less than

3. Greater than

4. Not equal

Page 87

1. Rule Number ranges from 1 to

40. Precedence is determined in ascending order such that rule 1 takes precedence over rule 2.

2. Select whether to Deny or to

Accept packets for the

Disposition Policy.

3. Pick the relevant Protocol.

4. For ICMP Types, select the checkboxes according to the ICMP information for the gateway to discard /collect.

5. Similarly, the IGMP Types section lets you choose which IGMP packets to discard/ record.

6. From Source IP Address dropdown list, select whether to apply the r ule to:

 A Range of IP addresses.

Define (From) which IP address

(To) which IP address, the rule

applies.

 A Single IP address.

You need only specify the source IP address in (From).

 Any IP address

Both (From) and (To) may be left blank.

7. Similarly, determine the

Destination IP Address.

8. At the Source Port dropdown list, select either:

 A Range of TCP ports

Define (From) which port (To) which port, the rule applies.

 A Single TCP port

You need only specify the source port in the (From).

 Any IP port

Both (From) and (To) may be left blank.

Page 88

9. Similarly, determine the

Destination Port.

10. Select from Check Options.

11. Select whether to log packets of TTL Values Equal,

Less, Greater, or Not Equal to

the defined TTL value.

12. Enter TTL value.

13. Click Apply to apply settings.

NOTE: Up to 40 firewall rules can be defined, with precedence determined by the rule number.

For example: If Rule 5 blocks all ICMP packets in your LAN, but Rule 6 authorises ICMP-Redirect packets in the LAN, the ICMP Redirect packets will still be blocked.

Page 89

Firewall Logs

As described previously, from the Firewall Configuration page the data traffic to be logged by the access point can be defined.

The Firewall Log also records any UDP flooding or SYN flooding attacks on your network.

Firewall Logs

Click Firewall Logs from the Securit

Configuration menu.

1. A firewall log entry consists of:

 Time at which the packet

was detected by the firewall.

 Action, which states

whether the packet was accepted or denied.

 Protocol type of the

packet.

 Source Address from which

the packet originated

 Destination Address to

which the packet was intended.

 Source Port from which the

packet was initiated.

 Destination Port to which

the packet was meant for.

 Any Information.

2. Click Refresh, to refresh the log records.

Page 90

Packet Filtering

With Packet Filtering enabled, the access point examines all outgoing packets before deciding - according to predefined rules - whether to block them or to let them pass. The setting of rules to control the network user access should be done by the system administrators.

This is equivalent to Time-based Access Management and Internet Application Filtering features as packet-filtering rules based on these 3 factors can be defined:

 Source IP Address

Restrict Internet activity originating from a specific PC or group of PCs.

 TCP Port

Prevent certain applications; such as FTP, from passing through your access point.

 Time Frame

Restrict Internet access to certain times. For example: You can restrict Internet access from your children’s PC to certain time frames, such as between 19H30 and 21H45.

The access point thus provides a wide range of options in monitoring the traffic in your LAN.

As example, for the rule TCP Port 23 from any IP on any day at any time (Port 23 is usually used by TELNET): If sent is selected, all outgoing packets will be sent, except those belonging to TELNET sessions. If discarded is selected, all outgoi ng packets will be blocked, except for those belonging to TELNET sessions.

Page 91

Follow these steps to setup packet filtering.

Packet Filtering

Clicking Change select Packet Filter Type.

Select from three choices: Disabled, Sent, Discarded, then click Apply. The default is Disabled, allowing all packets to be sent.

Click Add.

The following steps guide you through the packet filter rules that can be defined on this page.

4a). Enter Rule Name of the new packet

filtering rule. For example: BlockCS

Click Packet Filtering from the

Security Configuration menu.

Page 92

4b). From the IP Address dropdown list,

select whether to apply the rule to:

 A Range of IP addresses.

Define (From) which IP address (To) which IP address, the rule applies.

 A Single IP address.

You need only specify the source IP address in (From).

 Any IP address

Both (From) and (To) may be left blank.

4c). From the Destination Port dropdown

list, select whether to apply the rules to:

 A Range of IP addresses.

Define (From) which IP address (To) which IP address, the rule applies.

 A Single IP address.

You need only specify the source IP address in (From).

 Any IP address

Both (From) and (To) may be left blank.

4d). From Day of the Week dropdown list,

select whether the rule should apply to:

 A Range of days

Define (From) which day (To) which day, the rule applies.

 Any day

Both (From) and (To) may be left blank.

4e). From Time of the Day dropdown list,

select whether to apply the rule to:

 A Range of time

Define (From) what time (To) what time; the rule applies.

Page 93

The format is HH:MM - where HH can take any value from 00 to 23, and

MM can take any value from 00 to

59.

 Any time

Both (From) and (To) may be left blank.

Click Apply, to apply the new rule. The Filtering Configuration table updates.

In this example, the rule BlockCS blocks any

IP address (any PCs within the network) from an application using port 27015 from Monday to Fri day, 7am to 6p m.

Page 94

URL Filtering

The URL Filtering feature of the access point makes it easy to block certain websites from LAN users.

URL Filtering

Selecting Block

The URL Filter Type can be defined by clicking Change.

Select Block or Allow, then click Apply. The default is Disabled, allowing all websites to be accessed.

Click Add.

Click URL Filtering from the Securit

Configuration menu.

Page 95

Selecting Allow

In Host Name, enter the web site address to be blocked.

For example: www.objectionablewebsites.com

Click Add to complete setup.

Page 96

Multicast Filtering

This feature lets you all ow or disallow streaming over the Internet, if you have registered to ISP services providing videos and TV channel streaming.

Multicast Filtering

Click Multicast from the Securit

Configuration menu.

Enabling the filter disallows video streaming over the Internet whereas

disabling the filter would allow it. Click Apply to compl ete setup.

Note: This feature is enabled by default. If such services have been subscribed to, set this feature to Disable.

Page 97

Chapter 8: Enabling and Disabling Router

The unit can operate either as:

 Access Point  Access Point and Router (when routing is enabled)

Setting Up as Router

The unit operates as a router by default. Follow these steps to enable router operation support.

Enable Router

Click Enable Routing from the

CONFIGURATION menu.

Enable Routing Capabilit

displays. Click Enable Routing Capability.

Page 98

Setting Up as Access Point

Follow these steps to disable the unit as a router and switch back as an access point.

Disable Router

For more details on setting up WAN, refer to Chapter 8 Router Setup – WAN Setup.

Click WAN Setup from the

CONFIGURATION menu.

Click Disable Router.

The Disable Router Function appears. Click Disable Router again.

Page 99

Chapter 9: Router Setup

This chapter describes the different features when it is set t o operate as a router.

 Broadband Internet  Using NAT  Routing  Remote Management  Parallel Broadband  DDNS (Dynamic Domain Name System) Setup

Features unsuitable for office network:

 Universal Plug and Play  DNS (Domain Name System) Redirection

Broadband Internet

Setting up the access point in your network enables you to share a si ngle cable or ADSL Internet account among mul tiple LAN clients.

As the access point supports several types of broadband I nternet connections and WAN protocols, you should verify your broadband Internet subscription type to set up the access point correctly.

NOTE: Universal Plug and Play and DNS Redirection features are not designed for operation in an office network.

To ensure proper functionality of the access point, these features should not be activated when connected to an office network.

Page 100

WAN Setup The configuration for each type of broadband Internet connection is shown in

the following indiv idual sections. The system has to be restarted to effect changes in settings.

Start with these common steps to set the broadband connection type.

Changing the WAN Type

Click WAN Setup from the

CONFIGURATION menu.

The setup page of the WAN type last implemented will be displayed.

As the access point operates in Dynamic (DHCP) Address Allocation mode by default, initially the WAN Dynamic Setup page will appear.

Clicking Change (which appears on the setup pages of all the WAN Types), displays the Select WAN Type page.

From Select WAN Type page, select the WAN type to apply and click Apply.

The setup page of the selected WAN type displays.

Compex WP18 3C, WP18 1A, WP18 2A, WP18 3B, WP18 3D User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual