Dwnet Technology AP52GA User Manual

802.11g / 802.11b / WPA

Wireless Access Point

AP52GA

User's Guide

TABLE OF CONTENTS

CHAPTER 1 INTRODUCTION ............................................................................................. 1

Features of your Wireless Access Point ........................................................................... 1

Package Contents .............................................................................................................. 4

Physical Details .................................................................................................................. 4

CHAPTER 2 INSTALLATION ............................................................................................... 6

Requirements ..................................................................................................................... 6

Procedure ........................................................................................................................... 6

CHAPTER 3 ACCESS POINT SETUP .................................................................................. 9

Overview ............................................................................................................................ 9

Setup using the Windows Utility ...................................................................................... 9

Setup using a Web Browser ............................................................................................ 12

Access Control ................................................................................................................. 14

Security Profiles ............................................................................................................... 16

Security Profile Screen .................................................................................................... 18

System Screen .................................................................................................................. 34

Wireless Screens .............................................................................................................. 36

Basic Settings Screen ....................................................................................................... 36

Advanced Settings ........................................................................................................... 39

CHAPTER 4 PC AND SERVER CONFIGURATION ....................................................... 41

Overview .......................................................................................................................... 41

Using WEP ....................................................................................................................... 41

Using WPA-PSK .............................................................................................................. 42

Using WPA-802.1x .......................................................................................................... 43

802.1x Server Setup (Windows 2000 Server) ................................................................ 44

802.1x Client Setup on Windows XP ............................................................................. 54

Using 802.1x Mode (without WPA) ............................................................................... 60

CHAPTER 5 OPERATION AND STATUS ......................................................................... 61

Operation ......................................................................................................................... 61

Status Screen .................................................................................................................... 61

CHAPTER 6 ACCESS POINT MANAGEMENT ............................................................... 69

Overview .......................................................................................................................... 69

Admin Login Screen ........................................................................................................ 69

Auto Config/Update ........................................................................................................ 71

Config File ........................................................................................................................ 73

Log Settings (Syslog) ....................................................................................................... 75

Rogue APs ........................................................................................................................ 76

SNMP ............................................................................................................................... 77

Upgrade Firmware .......................................................................................................... 78

APPENDIX A SPECIFICATIONS ....................................................................................... 79

Wireless Access Point ...................................................................................................... 79

APPENDIX B TROUBLESHOOTING ................................................................................ 83

Overview .......................................................................................................................... 83

General Problems ............................................................................................................ 83

APPENDIX C WINDOWS TCP/IP ....................................................................................... 85

Overview .......................................................................................................................... 85

Checking TCP/IP Settings - Windows 9x/ME: ............................................................. 85

Checking TCP/IP Settings - Windows NT4.0 ............................................................... 87

Checking TCP/IP Settings - Windows 2000 .................................................................. 89

Checking TCP/IP Settings - Windows XP .................................................................... 91

APPENDIX D ABOUT WIRELESS LANS .......................................................................... 93

Overview .......................................................................................................................... 93

Wireless LAN Terminology ............................................................................................ 93

APPENDIX E COMMAND LINE INTERFACE ................................................................ 96

Overview .......................................................................................................................... 96

Command Reference ....................................................................................................... 97

Chapter 1

Introduction

This Chapter provides an overview of the Wireless Access Point's features and capabilities.

Congratulations on the purchase of your new Wireless Access Point. The Wireless Access Point links your 802.11g or 802.11b Wireless Stations to your wired LAN. The Wireless stations and devices on the wired LAN are then on the same network, and can communicate with each other without regard for whether they are connected to the network via a Wireless or wired connection.

Figure 1: Wireless Access Point

The auto-sensing capability of the Wireless Access Point allows packet transmission up to 54Mbps for maximum throughput, or automatic speed reduction to lower speeds when the environment does not permit maximum throughput.

Features of your Wireless Access Point

The Wireless Access Point incorporates many advanced features, carefully designed to provide sophisticated functions while being easy to use.

Standards Compliant. The Wireless Router complies with the IEEE802.11g (DSSS)

•

specifications for Wireless LANs.

•

Supports both 802.11b and 802.11g Wireless Stations. The 802.11g standard

provides for backward compatibility with the 802.11b standard, so both 802.11b and

802.11g Wireless stations can be used simultaneously.

108Mbps Wireless Connections. On both the 2.4GHz (802.11b & 802.11g) and 5GHz

•

(802.11a) bands, 108Mbps connections are available to compatible clients.

Wireless Access Point User Guide

Bridge Mode Support. The Wireless Access Point can operate in Bridge Mode, con-

•

necting to another Access Point. Both PTP (Point to Point) and PTMP (Point to Mu ltiPoint) Bridge modes are supported. And you can even use both Bridge Mode and Access Point Mode simultaneously!

•

Client/Repeater Access Point. The Wireless Access Point can operate as a Client or

Repeater Access Point, sending all traffic received to another Access Point.

•

Simple Configuration. If the default settings are unsuitable, they can be changed

quickly and easily.

•

DHCP Client Support. Dynamic Host Configuration Protocol provides a dynamic IP

address to PCs and other devices upon request. The Wireless Access Point can act as a DHCP Client, and obtain an IP address and related information from your existing DHPC Server.

•

Upgradeable Firmware. Firmware is stored in a flash memory and can be upgraded

easily, using only your Web Browser.

Security Features

• Security Profiles. For maximum flexibility, wireless security settings are stored in

Security Profiles. Up to 8 Security profiles can be defined, and up to 4 used as any time.

• Multiple SSIDs. Because each Security Profile has it own SSID, and up to 4 Security

Profiles can be active simultaneously, multiple SSIDs are supported. Different clients can connect to the Wireless Access Point using different SSIDs, with different security settings.

•

Multiple SSID Isolation. If desired, PCs and devices connecting using different SSIDs

can be isolated from each other.

•

VLAN Support. The 802.1Q VLAN standard is supported, allowing traffic from differ-

ent sources to be segmented. Combined with the multiple SSID feature, this provides a powerful tool to control access to your LAN.

WEP support. Support for WEP (Wired Equivalent Privacy) is included. Both 64 Bit

•

and 128 Bit keys are supported.

•

WPA support. Support for WPA is included. WPA is more secure than WEP, and

should be used if possible. Both TKIP and AES encryption methods are supported.

•

802.1x Support. Support for 802.1x mode is included, providing for the industrial-

strength wireless security of 802.1x authentication and authorization.

•

Radius Client Support. The Wireless Access Point can login to your existing Radius

Server (as a Radius client).

•

Radius MAC Authentication. You can centralize the checking of Wireless Station

MAC addresses by using a Radius Server.

Rogue AP Detection. The Wireless Access Point can detect unauthorized (Rouge)

•

Access Points on your LAN.

•

Access Control. The Access Control feature can check the MAC address of Wireless

clients to ensure that only trusted Wireless Stations can use the W ireless Access Po int to gain access to your LAN.

Password - protected Configuration. Optional password protection is provided to

•

prevent unauthorized users from modifying the configuration data and settings.

Introduction

Advanced Features

• Auto Configuration. The Wireless Access Point can perform self-configuration by

copying the configuration data from another Access Point. This feature is enabled by default.

Auto Update. The Wireless Access Point can automatically update its firmware, by

•

downloading and installing new firmware from your FTP server.

•

Command Line Interface. If desired, the command line interface (CLI) can be used for

configuration. This provides the possibility of creating scripts to perform common configuration changes.

NetBIOS & WINS Support. Support for both NetBIOS broadcast and WINS (Win-

•

dows Internet Naming Service) allows the Wireless Access Point to easily fit into your existing Windows network.

Radius Accounting Support. If you have a Radius Server, you can use it to provide

•

accounting data on Wireless clients.

•

Syslog Support. If you have a Syslog Server, the Wireless Access Point can send its log

data to your Syslog Server.

•

SNMP Support. SNMP (Simple Network Management Protocol) is supported, allowing

you to use a SNMP program to manage the Wireless Access Point.

• UAM Support. The Wireless Access Point supports UAM (Universal Access Method),

making it suitable for use in Internet cafes and other sites where user access time must be accounted for.

• WDS Support. Support for WDS (Wireless Distribution System) allows the Wireless

Access Point to act as a Wireless Bridge. Both Point-to-Point and Multi-Poin t Bridge modes are supported.

Wireless Access Point User Guide

Package Contents

The following items should be included:

• Wireless Access Point

• Power Adapter

• Quick Start Guide

• CD-ROM containing the on-line manual and setup utility.

If any of the above items are damaged or missing, please contact your dealer immediately.

Physical Details

Front Panel LEDs

Figure 2: Front Panel

Status On - Error condition.

Off - Normal operation. Blinking - During start up, and when the Firmware is being upgraded.

Power On - Normal operation.

Off - No power

LAN On - The LAN (Ethernet) port is active.

Off - No active connection on the LAN (Ethernet) port. Flashing - Data is being transmitted or received via the corresponding

LAN (Ethernet) port.

Wireless LAN

On -

Idle

Off - Error- Wireless connection is not available. Flashing - Data is being transmitted or received via the Wireless access

point. Data includes "network traffic" as well as user data.

Rear Panel

Introduction

Figure 3 Rear Panel

Antenna

Console port Reset Button

Ethernet

Power port

One antenna (aerial) is supplied. Best results are usually obtained with the antenna in a vertical position.

DB9 female RS232 port. This button has two (2) functions:

• Reboot. When pressed and released, the Wireless Access Point

will reboot (restart).

• Reset to Factory Defaults. This button can also be used to clear

ALL data and restore ALL settings to the factory default values.

To Clear All Data and restore the factory default values:

1. Power Off the Access Point

2. Hold the Reset Button down while you Power On the Access

Point.

3. Continue holding the Reset Button until the Statu s (Red) LED

blinks TWICE.

4. Release the Reset Button.

The factory default configuration has now been restored, and the Access Point is ready for use.

Use a standard LAN cable (RJ45 connectors) to connect this port to a 10BaseT or 100BaseT hub on your LAN.

Connect the supplied power adapter here.

Chapter 2

Installation

This Chapter covers the physical installation of the Wireless Access Point.

Requirements

Requirements:

• TCP/IP network

• Ethernet cable with RJ-45 connectors

• Installed Wireless network adapter for each PC that will be wirelessly connected to the

network

Procedure

1. Select a suitable location for the installation of your Wireless Access Point. To maximize

reliability and performance, follow these guidelines:

• Use an elevated location, such as wall mounted or on the top of a cubicle.

• Place the Wireless Access Point near the center of your wireless coverage area.

• If possible, ensure there are no thick walls or metal shielding between the Wireless

Access Point and Wireless stations. Under ideal conditions, the Wireless Access Point has a range of around 150 meters (450 feet). The range is reduced, and transmission speed is lower, if there are any obstructions between Wireless devices.

Installation

Figure 4: Installation Diagram

2. Use a standard LAN cable to connect the “Ethernet” port on the Wireless Access Point to

a 10/100BaseT hub on your LAN.

3. Connect the supplied power adapter to the Wireless Access Point and a convenient power

outlet, and power up.

4. Check the LEDs:

• The Status LED should flash, then turn OFF.

• The Power, Wireless LAN, and LAN LEDs should be ON.

For more information, refer to Front Panel LEDs in Chapter 1.

Chapter 3

Access Point Setup

This Chapter provides details of the Setup process for Basic Operation of your Wireless Access Point.

Overview

This chapter describes the setup procedure to make the Wireless Access Point a valid device on your LAN, and to function as an Access Point for your Wireless Stations.

Wireless Stations may also require configuration. For details, see Chapter 4 - Wireless Station Configuration.

The Wireless Access Point can be configured using either the supplied Windows utility or your Web Browser

Setup using the Windows Utility

A simple Windows setup utility is supplied on the CD-ROM. This utility can be used to assign a suitable IP address to the Wireless Access Point. Using this utility is recommended, because it can locate the Wireless Access Point even if it has an invalid IP address.

Installation

1. Insert the supplied CD-ROM in your drive.

2. If the utility does not start automatically, run the SETUP program in the root folder.

3. Follow the prompts to complete the installation.

Main Screen

• Start the program by using the icon created by the setup program.

• When run, the program searches the network for all active Wireless Access Points, then

lists them on screen, as shown by the example below.

Wireless Access Point User Guide

Figure 5: Management utility Screen

Wireless Access Points

The main panel displays a list of all Wireless Access Points found on the network. For each Access Point, the following data is shown:

Server Name IP address MAC Address IEEE Standard

The Server Name is shown on a sticker on the base of the device. The IP address for the Wireless Access Point. The hardware or physical address of the Wireless Access Point. The wireless standard or standards used by the Wireless Access Point

(e.g. 802.11b, 802.11g)

FW Version Description

The current Firmware version installed in the Wireless Access Point. Any extra information for the Wireless Access Point, entered by the

administrator.

Note: If the desired Wireless Access Point is not listed, check that the device is installed and ON, then update the list by clicking the Refresh button.

Buttons

Refresh

Detail Info

Web Management

Set IP Address

Click this button to update the Wireless Access Point device listing after changing the name or IP Address.

When clicked, additional information about the selected Access Point will be displayed.

Use this button to connect to the Wireless Access Point's Webbased management interface.

Click this button if you want to change the IP Address of the Wireless Access Point.

Exit

Exit the Management utility program by clicking this button.

Setup

Setup Procedure

1. Select the desired Wireless Access Point.

2. Click the Set IP Address button.

3. If prompted, enter the user name and password. The default values are admin for the

User Name, and password for the Password.

4. Ensure the IP address, Network Mask, and Gateway are correct for your LAN. Save any

changes.

5. Click the Web Management button to connect to the selected Wireless Access Point using

your Web Browser. If prompted, enter the User Name and Password again.

6. Check the following screens, and configure as necessary for your environment. Use the

on-line help if necessary. The later sections in this Chapter also provides more details about each of these screens.

• Access Control - MAC level access control.

• Security Profiles - Wireless security.

• System - Identification, location, and Network settings

• Wireless - Basic & Advanced

7. You may also wish to set the admin password and administration connection options.

These are on the Admin Login screen accessed from the Management menu. See Chapter 6 for details of the screens and features available on the Management menu.

8. Use the Apply/Restart button on the menu to apply your changes and restart the Wireless

Access Point.

Setup is now complete. Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 for

details.

Wireless Access Point User Guide

Setup using a Web Browser

Your Browser must support JavaScript. The configuration program has been tested on the following browsers:

• Netscape V4.08 or later

• Internet Explorer V4 or later

Setup Procedure

Before commencing, install the Wireless Access Point in your LAN, as described previously.

1. Check the Wireless Access Point to determine its Default Name. This is shown on a label

on the base or rear, and is in the following format: SCxxxxxx Where xxxxxx is a set of 6 Hex characters ( 0 ~ 9, and A ~ F ).

2. Use a PC which is already connected to your LAN, either by a wired connection or anoth-

er Access Point.

• Until the Wireless Access Point is configured, establishing a Wireless connection to it

may be not possible.

• If your LAN contains a Router or Routers, ensure the PC used for configuration is on

the same LAN segment as the Wireless Access Point.

3. Start your Web browser.

4. In the Address box, enter "HTTP://" and the Default Name of the Wireless Access Point

e.g.

HTTP://SC2D631A

5. You should then see a login prompt, which will ask for a User Name and Password.

Enter admin for the User Name, and password for the Password.

These are the default values. The password can and should be changed. Always enter the

current user name and password, as set on the Admin Login screen.

Figure 6: Password Dialog

6. You will then see the Status screen, which displays the current settings and status. No data

input is possible on this screen. See Chapter 5 for details of the Status screen.

Setup

7. From the menu, check the following screens, and configure as necessary for your envi-

ronment. Details of these screens and settings are described in the following sections of

this chapter.

• Access Control - MAC level access control.

• Security Profiles - Wireless security.

• System - Identification, location, and Network settings

• Wireless - Basic & Advanced

8. You may also wish to set the admin password and administration connection options.

These are on the Admin Login screen accessed from the Management menu. See Chapter

6 for details of the screens and features available on the Management menu.

9. Use the Apply/Restart button on the menu to apply your changes and restart the Wireless

Access Point.

Setup is now complete. Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 for

details.

If you can't connect:

It is likely that your PC’s IP address is incompatible with the Wireless Access Point’s IP address. This can happen if your LAN does not have a DHCP Server. The default IP address of the Wireless Access Point is 192.168.0.228, with a Network Mask of 255.255.255.0.

If your PC’s IP address is not compatible with this, you must change your PC’s IP address to an unused value in the range 192.168.0.1 ~ 192.168.0.254, with a Network Mask of 255.255.255.0. See Appendix C - Windows TCP/IP for details for this procedure.

Wireless Access Point User Guide

Access Control

This feature can be used to block access to your LAN by unknown or untrusted wireless stations.

Click Access Control on the menu to view a screen like the following.

Figure 7: Access Control Screen

Data - Access Control Screen

Enable

Trusted Stations

Buttons

Modify List

Read from File

Write to File

Use this checkbox to Enable or Disable this feature as desired. Warning ! Ensure your own PC is in the "Trusted Wireless Stations"

list before enabling this feature. This table lists any Wireless Stations you have designated as

"Trusted". If you have not added any stations, this table will be empty. For each Wireless station, the following data is displayed:

• MAC Address - the MAC or physical address of each Wire-

less station.

• Connected - this indicates whether or not the Wireless station

is currently associates with this Access Point.

To change the list of Trusted Stations (Add, Edit, or Delete a Wireless Station or Stations), click this button. You will then see the Trusted Wireless Stations screen, described below.

To upload a list of Trusted Stations from a file on your PC, click this button.

To download the current list of Trusted Stations from the Access Point to a file on your PC, click this button.

Setup

Trusted Wireless Stations

To change the list of trusted wireless stations, use the Modify List button on the Access Control screen. You will see a screen like the sample below.

Figure 8: Trusted Wireless Stations

Data - Trusted Wireless Stations

Trusted Wireless Stations

Other Wireless Stations

Name

Address

Buttons

This lists any Wireless Stations which you have designated as “Trusted”.

This list any Wireless Stations detected by the Access Point, which you have not designated as "Trusted".

The name assigned to the Trusted Wireless Station. Use this when adding or editing a Trusted Station.

The MAC (physical) address of the Trusted Wireless Station. Use this when adding or editing a Trusted Station.

Add a Trusted Wireless Station to the list (move from the "Other Stations" list).

• Select an entry (or entries) in the "Other Stations" list, and

click the " << " button.

• Enter the Address (MAC or physical address) of the wireless

station, and click the "Add " button.

Delete a Trusted Wireless Station from the list (move to the "Other Stations" list).

• Select an entry (or entries) in the "Trusted Stations" list.

• Click the " >> " button.

Select All Select None

Select all of the Stations listed in the "Other Stations" list. De-select any Stations currently selected in the "Other Stations"

list.

Wireless Access Point User Guide

Edit

Add

Clear

To change an existing entry in the "Trusted Stations" list, select it and click this button.

1. Select the Station in the "Trusted Station" list.

2. Click the "Edit" button. The address will be copied to the

"Address" field, and the "Add" button will change to "Upd ate".

3. Edit the address (MAC or physical address) as required.

4. Click "Update" to save your changes. To add a Trusted Station which is not in the "Other Wireless

Stations" list, enter the required data and click this button. Clear the Name and Address fields.

Security Profiles

Security Profiles contain the SSID and all the security settings for Wireless connections to this Access Point.

• Up to eight (8) Security Profiles can be defined.

• Up to four (4) Security Profiles can be enabled at one time, allowing up to 4 different

SSIDs to be used simultaneously.

Figure 9: Security Profiles Screen

Data - Security Profiles Screen

Profile

Setup

Profile List

Buttons

Primary Profile

All available profiles are listed. For each profile, the following data is displayed:

• *

If displayed before the name of the profile, this indicates the profile is currently enabled. If not displayed, the profile is currently disabled.

• Profile Name

The current profile name is displayed.

• [SSID]

The current SSID associated with this profile.

• Security System

The current security system (e.g. WPA-PSK ) is displayed.

• [Band]

The Wireless Band (2.4 GHz, 5GHz) for this profile is displayed. Profiles may be assigned to either or both Wireless Bands.

• Enable - Enable the selected profile.

• Configure - Change the settings for the selected profile.

• Disable - Disable the selected profile.

802.11b/g AP Mode

802.11b/g Bridge Mode

Isolation

None

Isolate all

Use VLAN

Select the primary profile for 802.11b and 802.11g (2.4 GHz band) AP mode. Only enabled profiles are listed. The SSID associated with this profile will be broadcast if the "Broadcast SSID" setting on the Basic screen is enabled.

Select the primary profile for 802.11b and 802.11g (2.4 GHz band) Bridge Mode. This setting determines the SSID and security settings used for the Bridge connection to the remote AP.

If this option is selected, wireless clients using different profiles (different SSIDs) are not isolated from each other, so they will be able to communicate with each other.

If this option is selected, wireless clients using different profiles (different SSIDs) are isolated from each other, so they will NOT be able to communicate with each other. They will still be able to communicate with other clients using the same profile, unless the "Wireless Separation" setting on the "Advanced" screen has been enabled.

This option is only useful if the hubs/switches on your LAN support the VLAN (802.1Q) standard. When VLAN is used, you must select the desired VLAN for each security profile when configuring the profile. (If VLAN is not selected, the VLAN setting for each profile is ignored.) Click the "Configure VLAN" button to configure the IDs used by each VLAN.

Wireless Access Point User Guide

Security Profile Screen

This screen is displayed when you select a Profile on the Security Profiles screen, and click the Configure button.

Figure 10: Security Profile Screen

Profile Data

Enter the desired settings for each of the following:

Profile Name SSID Wireless Band

Enter a suitable name for this profile. Enter the desired SSID. Each profile must have a unique SSID. Select the wireless band or bands for this profile. If your Wireless

Access Point only has a single band, then only 1 option is available.

Security Settings

Select the desired option, and then enter the settings for the selected method. The available options are:

• None - No security is used. Anyone using the correct SSID can connect to your network.

• WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption

system is not very strong.

• WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more secure than

WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each

Wireless station. The 256Bit encryption key is derived from the PSK, and changes fre-

quently.

Setup

• WPA-802.1x - This version of WPA requires a Radius Server on your LAN to provide the

client authentication according to the 802.1x standard. Data transmissions are encrypted

using the WPA standard.

If this option is selected:

• This Access Point must have a "client login" on the Radius Server.

• Each user must have a "user login" on the Radius Server.

• Each user's wireless client must support 802.1x and provide the login data when re-

quired.

• All data transmission is encrypted using the WPA standard. Keys are au tomatically

generated, so no key input is required.

• 802.1x - This uses the 802.1x standard for client authentication, and WEP for data encryp-

tion. If possible, you should use WPA-802.1x instead, because WPA encryption is much

stronger than WEP encryption.

If this option is selected:

• This Access Point must have a "client login" on the Radius Server.

• Each user must have a "user login" on the Radius Server.

• Each user's wireless client must support 802.1x and provide the login data when re-

quired.

• All data transmission is encrypted using the WEP standard. You only have to select

the WEP key size; the WEP key is automatically generated.

Wireless Access Point User Guide

Security Settings - None

Figure 11: Wireless Security - None

No security is used. Anyone using the correct SSID can connect to your network. The only settings available from this screen are Radius MAC Authentication and UAM

(Universal Access Method).

Radius MAC Authentication

Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server. If you don't have a Radius Server, you cannot use this feature.

Using MAC authentication

1. Ensure the Wireless Access Point can login to your Radius Server.

• Add a RADIUS client on the RADIUS server, using the IP address or name of the

Wireless Access Point, and the same shared key as entered on the Wireless Access Point.

• Ensure the Wireless Access Point has the correct address, port number, and shared

key for login to your Radius Server. These parameters are entered either on the Security page, or the Radius-based MAC authentication sub-screen, depending on the security method used.

• On the Access Point, enable the Radius-based MAC authentication feature on the

screen below.

2. Add Users on the Radius server as required. The username must be the MAC address of

the Wireless client you wish to allow, and the password must be blank.

3. When clients try to associate with the Access Point, their MAC address is passed to the

Radius Server for authentication.

• If successful, “

and client station status would show as “authenticated” on the station list table;

• If not successful, “

tered in the log,, and station status is shown as “authenticating” on the station list table.

xx:xx:xx:xx:xx:xx MAC authentication” is entered in the log,

xx:xx:xx:xx:xx:xx MAC authentication failed” is en-

Setup

Radius-based MAC authentication Screen

This screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again. Otherwise, you must enter the details of your Radius Server on this screen.

Figure 12: Radius-based MAC Authentication Screen

Data - Radius-based MAC Authentication Screen

Enable ... Radius Server

Address Radius Port

Client Login Name

Shared Key

WEP Key

WEP Key Index

Enable this if you wish to Radius-based MAC authentication. If this field is visible, enter the name or IP address of the Radius

Server on your network. If this field is visible, enter the port number used for connections to

the Radius Server. If this field is visible, it displays the name used for the Client Login

on the Radius Server. This Login name must be created on the Radius Server.

If this field is visible, it is used for the Client Login on the Radius Server. Enter the key value to match the value on the Radius Server.

If this field is visible, it is for the WEP key used to encrypt data transmissions to the Radius Server. Enter the desired key value in HEX, and ensure the Radius Server has the same value.

If this field is visible, select the desired key index. Any value can be used, provided it matches the value on the Radius Server.

Wireless Access Point User Guide

UAM

UAM (Universal Access Method) is intended for use in Internet cafes, Hot Spots, and other sites where the Access Point is used to provide Internet Access.

If enabled, then HTTP (TCP, port 80) connections are checked. (UAM only works on HTTP connections; all other traffic is ignored.) If the user has not been authenticated, Internet access is blocked, and the user is re-directed to another web page. Typically, this web page is on your Web server, and explains how to pay for and obtain Internet access.

To use UAM, you need a Radius Server for Authentication. The "Radius Server Setup" must be completed before you can use UAM. The required setup depends on whether you are using “Internal” or “External” authentication.

• Internal authentication uses the web page built into the Wireless Access Point.

• External authentication uses a web page on your Web server. Generally, you should use

External authentication, as this allows you to provide relevant and helpful information to

users.

UAM authentication - Internal

1. Ensure the Wireless Access Point can login to your Radius Server.

• Add a RADIUS client on RADIUS server, using the IP address or name of the Wire-

less Access Point, and the same shared key as entered on the Wireless Access Point.

• Ensure the Wireless Access Point has the correct address, port number, and shared

key for login to your Radius Server. These parameters are entered either on the Security page, or the UAM sub-screen, depending on the security method used.

2. Add users on your RADIUS server as required, and allow access by these users.

3. Client PCs must have the correct Wireless settings in order to associate with the Wireles

Access Point.

4. When an associated client tries to use HTTP (TCP, port 80) connectio ns, they will be re-

directed to a user login page.

5. The client (user) must then enter the user name and password, as defined on the Radius

Server. (You must provide some system to let users know the correct name and password

to use.)

6. If the user name and password is correct, Internet access is allowed.

Otherwise, the user remains on the login page.

• Clients which pass the authentication are listed as “

thentication” in the log table, and station status would show as “Authenticated”

on the station list table.

• If a client fails authentication, “

failed” shown in the log, and station status is shown as “Authenticating” on the sta-

xx:xx:xx:xx:xx:xx WEB authentication

tion list table.

xx:xx:xx:xx:xx:xx WEB au-

UAM authentication - External

1. Ensure the Wireless Access Point can login to your Radius Server.

• Add a RADIUS client on RADIUS server, using the IP address or name of the Wire-

less Access Point, and the same shared key as entered on the Wireless Access Point.

• Ensure the Wireless Access Point has the correct address, port number, and shared

key for login to your Radius Server. These parameters are entered either on the Security page, or the UAM sub-screen, depending on the security method used.

2. On your Web Server, create a suitable welcome page.

The welcome page must have a link or button to allow the user to input their user

name and password on the uamlogon.htm page on the Access Point.

Setup

3. On the Access Point’s UAM screen, select External Web-based Authentication, and

enter the URL for the welcome page on your Web server.

4. Add users on your RADIUS server as required, and allow access by these users.

5. Client PCs must have the correct Wireless settings in order to associate with the Wireless

Access Point.

6. When an associated client tries to use HTTP (TCP, port 80) connectio ns, they will be re-

directed to the welcome page on your Web Server. They must then click the link or button

in order to reach the Access Point’s login page.

7. The client (user) must then enter the user name and password, as defined on the Radius

Server. (You must provide some system to let users know the correct name and password

to use.)

8. If the user name and password is correct, Internet access is allowed.

Otherwise, the user remains on the login page.

• Clients which pass the authentication are listed as “

thentication” in the log table, and station status would show as “Authenticated”

xx:xx:xx:xx:xx:xx WEB au-

on the station list table.

• If a client fails authentication, “

failed” is shown in the log, and station status is shown as “Authenticating” on the

xx:xx:xx:xx:xx:xx WEB authentication

station list table.

UAM Screen

The UAM screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again.

Figure 13: UAM Screen

Data - UAM Screen

Enable

Enable this if you wish to use this feature. See the section above for details of using UAM.

Internal Web-based Authentication

If selected, then when a user first tries to access the Internet, they will be blocked, and re-directed to the built-in login page. The logon data is then sent to the Radius Server for authentication.

Wireless Access Point User Guide

External Web-based Authentication

If selected, then when a user first tries to access the Internet, they will be blocked, and re-directed to the URL below. This needs to be on your own local Web Server. The page must also link back to the builtin login page on this device to complete the login procedure.

Enter the URL of the page on your local Web Server you wish users to see when they attempt to access the Internet, but are not logged in.

Enter the URL of the page on your local Web Server you wish users to see if their login fails. (This may be the same URL as the Login URL).

Security Settings - WEP

This is the 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.

Figure 14: WEP Wireless Security

Data - WEP Screen

WEP

Setup

Data Encryption

Authentication

Key Input

Key Value

Passphrase

Radius MAC Authentication

Select the desired option, and ensure your Wireless stations have the same setting:

• 64 Bit Encryption - Keys are 10 Hex (5 ASCII) characters.

• 128 Bit Encryption - Keys are 26 Hex (13 ASCII) characters.

• 152 Bit Encryption - Keys are 32 Hex (16 ASCII) characters.

Normally, you can leave this at “Automatic”, so that Wireless Stations can use either method ("Open System" or "Shared Key".).

If you wish to use a particular method, select the appropriate value "Open System" or "Shared Key". All Wireless stations must then be set to use the same method.

Select "Hex" or "ASCII" depending on your input method. (All keys are converted to Hex, ASCII input is only for convenience.)

Enter the key values you wish to use. The default key, selected by the radio button, is required. The other keys are optional. Other stations must have matching key values.

Use this to generate a key or keys, instead of entering them directly. Enter a word or group of printable characters in the Passphrase box and click the "Generate Key" button to automatically configure the WEP Key(s).

The current status is displayed. Click the "Configure" button to configure this feature if required.

UAM

The current status is displayed. Click the "Configure" button to configure this feature if required.

Wireless Access Point User Guide

Security Settings - WPA-PSK

Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes frequently.

Figure 15: WPA-PSK Wireless Security

Data - WPA-PSK Screen

WPA-PSK

Network Key

WPA Encryption

Enter the key value. Data is encrypted using a 256Bit key derived from this key. Other Wireless Stations must use the same key.

Select the desired option. Other Wireless Stations must use the same method.

• TKIP - Unicast (point-to-point) transmissions are encrypted

• TKIP + 64 bit WEP - Unicast (point-to-point) transmissions

• TKIP + 128 bit WEP - Unicast (point-to-point) transmis-

• AES - CCMP - CCMP is the most common sub-type of

using TKIP, and multicast (broadcast) transmissions are not encrypted.

are encrypted using TKIP, and multicast (broadcast) transmissions are encrypted using 64 bit WEP.

sions are encrypted using TKIP, and multicast (broadcast) transmissions are encrypted using 128 bit WEP.

AES (Advanced Encryption System). Most systems will

simply say "AES". If selected, both Unicast (point-to-point) and multicast (broadcast) transmissions are encrypted using AES.

• AES - TKIP - If selected, Unicast (point-to-point) uses

AES-CCMP and multicast (broadcast) transmissions are encrypted using TKIP.

Setup

Pairwise Key Update

Key Lifetime

Group Key Update

Key Lifetime

Update Group key when any membership terminates

Radius MAC Authentication

UAM

This refers to the key used for point-to-point transmissions. Enable this if you want the keys to be updated regularly.

This field determines how often Pairwise keys are dynamically updated. Enter the desired value.

This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly.

This field determines how often the Group key is dynamically updated. Enter the desired value.

If enabled, the Group key will be updated whenever any member leaves the group or disassociates from the Access Point.

The current status is displayed. This will always be "Disabled", because Radius MAC Authentication is not available with WPAPSK. The Configure button for this feature will also be disabled.

The current status is displayed. This will always be "Disabled", because UAM is not available with WPA-PSK. The Configure button for this feature will also be disabled.

+ 80 hidden pages