Page 1
IEEE 802.11a/ac/n/b/g
Outdoor Stand-Alone
Access Point
ECWO Series
Software Release v1.0.1.1
Management Guide
www.edge-core.com
Page 2
Management Guide
ECWO Series Outdoor Stand-Alone Access Points
2.4 GHz, 5 GHz, and Dual Band Access Points
with one 1000BASE-T (RJ-45 PoE-Input) Port,
and one 100BASE-TX (RJ-45 PoE-Output) Port
ECWO3220 – 2.4 GHz AP with internal antennas IEEE 802.11b/g
ECWO3324 – 2.4 GHz AP with external antennas IEEE 802.11b/g
ECWO4320 – 5 GHz AP with internal antennas IEEE 802.11a/ac
ECWO4324 – 5 GHz AP with external antennas IEEE 802.11a/ac
ECWO5320 – Dual-band AP with 5 GHz external antennas IEEE 802.11a/ac/n
ECWO5324 – Dual-band AP with external antennas IEEE 802.11a/ac/n
FW1.0.1.1
E072014/ST-R01
Page 3
How to Use This Guide
This guide includes detailed information on the access point (AP) software,
including how to operate and use the management functions of the AP. To deploy
this AP effectively and ensure trouble-free operation, you should first read the
relevant sections in this guide so that you are familiar with all its software features.
Who Should Read
This Guide?
How This Guide
is Organized
This guide is for network administrators who are responsible for operating and
maintaining network equipment. The guide assumes a basic working knowledge of
LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network
Management Protocol (SNMP).
The organization of this guide is based on the AP’s main management interfaces.
The web management interface and command line interface (CLI) are described in
separate sections. An introduction and initial configuration information is also
provided.
The guide includes these sections:
◆ Section I “Getting Started” — Includes an introduction to AP management and
initial configuration settings.
◆ Section II “Web Configuration” — Includes all management options available
through the web interface.
◆ Section III “App end ice s” — Includes information on troubleshooting AP
management access.
Related
Documentation
This guide focuses on AP software configuration, it does not cover hardware
installation of the AP. For specific information on how to install the AP, see the
following guide:
Quick Start Guide
For all safety information and regulatory statements, see the following documents:
Quick Start Guide
Safety and Regulatory Information
– 3 –
Page 4
How to Use This Guide
Conventions The following conventions are used throughout this guide to show information:
Note:
Emphasizes important information or calls your attention to related features
or instructions.
Caution:
the system or equipment.
War ning:
Alerts you to a potential hazard that could cause loss of data, or damage
Alerts you to a potential hazard that could cause personal injury.
Revision History This section summarizes the changes in each revision of this guide.
July 2014 Revision
This is the first revision of this guide. It is valid for software release v1.0.1.1.
– 4 –
Page 5
Contents
How to Use This Guide 3
Contents 5
Figures 7
Tables 9
Section I Getting Started 11
1 Introduction 12
Configuration Options 12
Network Connections 13
Connecting to the Web Interface 13
Setup Wizard 15
Main Menu 18
Dashboard 19
Common Web Page Buttons 20
Section II Web Configuration 21
2 Status Information 22
System and Product Information 22
Internet Status 23
Local Networks 24
Wireless Status 25
Traffic Graphs 27
3 Network Settings 28
Internet Settings 28
Ethernet Settings 31
– 5 –
Page 6
Contents
LAN Settings 33
Hotspot Settings 34
4 Wireless Settings 37
Radio Settings 37
VLAN Settings 50
5 System Settings 52
System Settings 53
Maintenance 54
Displaying System Logs 54
Rebooting the Access Point 55
Resetting the Access Point 55
Backing Up Configuration Settings 55
Restoring Configuration Settings 55
Upgrading Firmware 56
User Accounts 56
Services 57
Remote Management Settings 57
SSH 57
Telnet 58
Web server 58
Network Time 59
SNMP 60
Section III Appendices 61
A Troubleshooting 62
Problems Accessing the Management Interface 62
Using System Logs 62
Index 64
– 6 –
Page 7
Figures
Figure 1: Login Page 14
Figure 2: Select Your Country 15
Figure 3: Select Setup Method 16
Figure 4: Easy Setup 16
Figure 5: Advanced Setup 17
Figure 6: Bridge to Internet 17
Figure 7: Route to Internet 18
Figure 8: The Dashboard 19
Figure 9: Set Configuration Changes 20
Figure 10: System and Product Information 22
Figure 11: Internet Status 23
Figure 12: Options 23
Figure 13: ARP Table 24
Figure 14: DHCP Leases 24
Figure 15: Local Networks 24
Figure 16: Wireless Status 25
Figure 17: Traffic Graphs 27
Figure 18: Internet Settings 28
Figure 19: IP Address Mode – Static IP 29
Figure 20: IP Address Mode – PPPoE 30
Figure 21: IP Alias 30
Figure 22: Ethernet Settings – Internet Source 31
Figure 23: Ethernet Settings – Network Behavior 32
Figure 24: Network – LAN Settings 33
Figure 25: Hotspot Settings (Network Settings) 34
Figure 26: Hotspot Settings (RADIUS Settings) 35
Figure 27: Hotspot Settings (Captive Portal Settings) 36
Figure 28: Radio Settings (Physical Radio Settings) 38
Figure 29: Radio Settings (Wireless Network Configuration) 40
– 7 –
Page 8
Figures
Figure 30: WMM Backoff Wait Times 42
Figure 31: Configuring VLANs 51
Figure 32: System Settings 53
Figure 33: Maintenance 54
Figure 34: System Log 54
Figure 35: Rebooting the Access Point 55
Figure 36: Resetting to Defaults 55
Figure 37: Restoring Configuration Settings 55
Figure 38: Upgrading Firmware 56
Figure 39: User Accounts 56
Figure 40: SSH Server Settings 57
Figure 41: Telnet Server Settings 58
Figure 42: Web Server Settings 58
Figure 43: NTP Settings 59
Figure 44: SNMP Settings 60
– 8 –
Page 9
Tables
Table 1: Radio Channels 39
Table 2: WMM Access Categories 41
Table 3: 802.11 Data Rates 46
Table 4: Tx Power 48
Table 5: Troubleshooting Chart 62
– 9 –
Page 10
Tables
– 10 –
Page 11
Section I
Getting Started
This section provides an overview of the access point, and introduces some basic
concepts about wireless networking. It also describes the basic settings required to
access the management interface.
This section includes these chapters:
◆ “Introduction” on page 12
– 11 –
Page 12
1 Introduction
The access point (AP) runs software that includes a network management agent.
The agent offers a variety of management options, including SNMP and a webbased interface. The AP can also be accessed via Telnet or SSH for configuration
using a command line interface (CLI).
Configuration Options
The access point’s web agent allows you to configure AP parameters, monitor
wireless connections, and display statistics using a standard web browser such as
Internet Explorer 9.x or later, Mozilla Firefox 5 or later, and Google Chrome 35 or
later. The AP’s web management interface can be accessed from any computer
attached to the network.
The CLI program can be accessed remotely by a Telnet or Secure Shell (SSH)
connection over the network. The CLI is used primarily for technical support.
The AP’s management agent also supports SNMP (Simple Network Management
Protocol). This SNMP agent permits the AP to be managed from any computer in
the network using network management software.
The AP’s web interface, console interface, and SNMP agent allow you to perform
management functions such as:
◆ Set management access user names and passwords
◆ Configure IP settings
◆ Configure SNMP parameters
◆ Configure 2.4 GHz and 5 GHz radio settings
◆ Control access through wireless security settings
◆ Filter packets using Access Control Lists (ACLs)
◆ Download system firmware
◆ Download or upload configuration files
◆ Display system information and statistics
– 12 –
Page 13
Network Connections
Chapter 1
Prior to accessing the AP’s management agent through a network connection, you
must first configure it with a valid IP address, subnet mask, and default gateway
using the web interface, or the DHCP protocol.
The AP has a static default management address of 192.168.2.1 and a subnet mask
of 255.255.255.0. If the AP’s default IP address is not compatible with your network
or a DHCP server is not available, the AP’s IP address must be configured manually
through the web interface.
First connect to the AP’s Ethernet 1 port and log in to the web interface, as
described in “Connecting to the Web Interface” on page 13. Follow the steps
described in “Setup Wizard” on page 15 to select your country and specify one of
the configuration methods. Then configure the AP with an IP address that is
compatible with your network as described under “LAN Settings” on page 33.
| Introduction
Network Connections
Once the AP’s IP settings are configured for your network, you can access the AP’s
management agent from anywhere within the attached network. The AP can be
managed by any computer using a web browser, or from a network computer using
SNMP network management software.
Connecting to the Web Interface
The AP offers a user-friendly web-based management interface for the
configuration of all the unit’s features. Any PC directly attached to the unit can
access the management interface using a web browser, such as Internet Explorer
9.x or later, Mozilla Firefox 5 or later, and Google Chrome 35 or later.
You may want to make initial configuration changes by connecting a PC directly to
the AP’s LAN port. The AP has a default management IP address of 192.168.2.1 and
a subnet mask of 255.255.255.0. You must set your PC IP address to be on the same
subnet as the AP (that is, the PC and AP addresses must both start with192.168.2.x).
To access the AP’s web management interface, follow these steps:
1. Use your web browser to connect to the management interface using the
default IP address of 192.168.2.1.
2. Log in to the interface by entering the default user name “root” with the
password “admin123,” then click Login.
– 13 –
Page 14
Chapter 1
Connecting to the Web Interface
| Introduction
Note:
the first time you access the web interface. For information on changing user
names and passwords, see “User Accounts” on page 56.
Figure 1: Login Page
It is strongly recommended to change the default user name and password
– 14 –
Page 15
Setup Wizard
Chapter 1
The Setup Wizard is designed to help you configure the basic settings required to
get the AP up and running.
| Introduction
Setup Wizard
Step 1 Select Your Country – Select the access point’s country of operation from the drop-
down menu. You must set the AP’s country code to be sure that the radios operate
according to permitted local regulations. That is, setting the country code restricts
operation of the AP to the radio channels and transmit power levels permitted for
wireless networks in the specified country.
Figure 2: Select Your Country
Caution:
country code ensures that the radios operate within the local regulations specified
for wireless networks.
Note:
all US models. Per FCC regulation, all Wi-Fi products marketed in the US must be
fixed to US operation channels only.
You must set the country code to the country of operation. Setting the
The country code selection is for non-US models only and is not available to
– 15 –
Page 16
Chapter 1
Setup Wizard
| Introduction
Step 2 Select Setup Method – Select Easy Setup to set basic wireless network access and
guest network access parameters, or Advanced Setup to specify networking modes
for an AP bridge, AP router, or manual configuration.
Figure 3: Select Setup Method
Step 3 Configure Settings
◆ Easy Setup — Basic wireless network and guest network access parameters.
Specify the name and password for the wireless network and guest network.
The Networking Mode is set to AP Router as described under Advanced Setup.
Figure 4: Easy Setup
■
Wireless Network Setup — Set the name and password for the primary
wireless network. A password must be specified to protect the network
from unauthorized access.
– 16 –
Page 17
Chapter 1
■
Guest Network Setup — Set the name and password for the guest wireless
| Introduction
Setup Wizard
network. This creates a second SSID for guest users, limiting their access
only to the Internet.
◆ Advanced Setup — Networking modes for AP Bridge, AP Router, or manual
configuration.
Figure 5: Advanced Setup
■
AP Bridge Mode — Configures an interface as attached to the WAN (that is,
the Internet). In the following figure, Ethernet Port 0 and Ethernet Port 1 are
both attached to the WAN. Traffic from these interfaces is directly bridged
into the Internet. (This is also called bridge to Internet.)
Figure 6: Bridge to Internet
■
AP Router Mode — Configures an interface as a member of the LAN. In the
following figure, Ethernet Port 1, Wireless LAN 0 (5 GHz Radio), and Wireless
LAN 1 (2.4 GHz Radio) are all included in the LAN. Traffic from these
interfaces is routed across the access point through Ethernet Port 0 to the
Internet. (This is also called route to Internet.)
Note:
Single-band access points only support one WLAN.
– 17 –
Page 18
Chapter 1
Main Menu
| Introduction
Figure 7: Route to Internet
■
Manual Mode — Allows all configuration parameters to be manually
configured. Any wired module or radio module may be logically placed on
the WAN and LAN side of the access point.
Main Menu
The web interface Main Menu provides access to all the configuration settings
available for the AP.
To configure settings, click the relevant Main Menu item. Each Main Menu item is
summarized below with links to the relevant section in this guide where the
configuration parameters are described in detail:
◆ Dashboard — The dashboard shows basic settings for the AP, including
Internet status, local network settings, wireless radio status, and traffic graphs.
See “Status Information” on page 22.
◆ Network — Configures Internet, Ethernet, LAN, and Hotspot settings. See
“Network Settings” on page 28.
◆ Wireless — Configures 5 GHz Radio, 2.4 GHz Radio, and VLAN settings. See
“Wireless Settings” on page 37
◆ System — Configures System (designation and location), Maintenance (such as
view log, firmware upgrade, and reset), User Accounts, and Services
(management access methods).
– 18 –
Page 19
Chapter 1
| Introduction
Main Menu
Dashboard After logging in to the web interface, the dashboard displays. The dashboard shows
basic settings for the AP, including Internet status, local network settings, wireless
radio status, and traffic graphs.
Figure 8: The Dashboard
– 19 –
Page 20
Chapter 1
Main Menu
| Introduction
Common Web Page
Buttons
The list below describes the common buttons found on most of the web
management pages:
◆ Save – Applies the new parameters and saves them to temporary RAM
memory. Also displays a message at the top of the screen to inform you that the
changes have not yet been saved to Flash memory. The running configuration
will not be saved upon a reboot unless you click the “Apply” button.
Figure 9: Set Configuration Changes
◆ Apply – Saves the current configuration so that it is retained after a restart.
◆ Revert – Cancels the newly entered settings and restores the originals.
◆ Welcome > Logout – Open the Welcome list and click Logout to end the web
management session.
◆ Welcome > View Users – Open the Welcome list and click View Users to open
the User Accounts menu.
– 20 –
Page 21
Section II
Web Configuration
This section provides details on configuring the access point using the web
browser interface.
This section includes these chapters:
◆ “Status Information” on page 22
◆ “Network Settings” on page 28
◆ “Wireless Settings” on page 37
◆ “System Settings” on page 52
– 21 –
Page 22
2 Status Information
The Dashboard displays information on the current system configuration, including
Internet status, local network settings, wireless radio status, and traffic graphs.
Status Information includes the following sections:
◆ “System and Product Information” on page 22
◆ “Internet Status” on page 23
◆ “Local Networks” on page 24
◆ “Wireless Status” on page 25
◆ “Traffic Graphs” on page 27
System and Product Information
The System + Product Info section shows descriptive information about the AP.
Figure 10: System and Product Information
The following items are displayed in this section:
◆ Model — The model number of the unit.
◆ S/N — The serial number of the physical access point.
◆ Uptime — Length of time the management agent has been up.
◆ Load Avg. — The last 1-minute, 5-minute and 15-minute CPU load average.
◆ Version — The software version number.
– 22 –
Page 23
Internet Status
Chapter 2
| Status Information
Internet Status
The Internet Status section shows information about the Internet connection.
Figure 11: Internet Status
The following items are displayed in this section:
◆ Internet Source — The Ethernet port connected to the Internet. By default,
this is Ethernet Port 0.
◆ Ports bridged to Internet — Additional interfaces attached directly to the
Internet. (See Configure Settings – “Step 3” on page 16 for a more detailed
description.)
◆ IP Address — IP address of the Internet connection.
◆ Gateway — IP address of the gateway router used to pass traffic between this
device and other network segments.
◆ DNS — The IP address of the Domain Name Server on the network. A DNS
maps numerical IP addresses to domain names and can be used to identify
network hosts by familiar names instead of the IP addresses.
◆ Hotspot Status — Shows if the hotspot is enabled or disabled, and the ports
on which this service is enabled.
◆ Options — Includes showing the ARP cache, showing DHCP leases, or
renewing DHCP leases.
Figure 12: Options
– 23 –
Page 24
Chapter 2
Local Networks
| Status Information
Figure 13: ARP Table
Figure 14: DHCP Leases
Local Networks
The Local Networks section shows information about the local network connection.
Figure 15: Local Networks
The following items are displayed in this section:
◆ Name — Shows information on the name of the local network, whether static
or dynamic configuration is used, and the network mask.
◆ DHCP Server — Shows if DHCP service is enabled on this network.
◆ Members — Shows the ports and wireless radios attached to this network.
◆ Port Status — Shows the status of the Ethernet ports, including link up state,
MAC address, speed, and duplex mode.
– 24 –
Page 25
Wireless Status
Chapter 2
| Status Information
Wireless Status
The Wireless Status section shows information about the radio settings and
associated clients.
Figure 16: Wireless Status
The following items are displayed in this section:
◆ Radio # — Indicates the 5 GHz or 2.4 GHz wireless interface.
■
Radio Status — Shows if the wireless interface is enabled or disabled.
■
Op Mode — Shows if the unit is configured to operate as an access point
(manually configured), an AP in bridge mode, or an AP in router mode.
■
Channel — The radio channel the access point uses to communicate with
wireless clients. The available channels depend on the 802.11 Mode
1
Channel Bandwidth
■
IEEE Mode — The 802.11 wireless LAN standards supported by the access
, and Country Code settings2.
point.
1. See “Radio Settings” on page 37.
2. See “Setup Wizard” on page 15.
– 25 –
1
,
Page 26
Chapter 2
| Status Information
Wireless Status
■
Tx Power — The power of the radio signals transmitted from the access
point.
■
Total Clients — The total number of clients attached to this interface.
◆ SSID # — Service set identifier. Clients that want to connect to the wireless
network through an access point must set their SSIDs to the same as that of the
access point.
■
Network Name — A unique identifier for the local wireless network.
■
Security — Shows whether or not security has been enabled.
■
Associated clients — Shows detailed information about clients.
■
Name — Client name.
■
MAC Address — The MAC address of the wireless client.
■
IP Address — The IP address assigned to the wireless client.
■
Signal — Signal strength (TX/RX) in dBm.
■
Duration — The time the wireless client has been associated.
■
Tx Rate — The data transmit rate to the wireless client.
■
Rx Rate — The data receive rate from the wireless client.
■
Tx Bytes — The number of transmitted bytes to this client.
■
Rx Bytes — The number of received bytes from this client
■
Tx Packets — The number of transmitted packets to this client.
■
Rx Packets — The number of received packets from this client.
– 26 –
Page 27
Traffic Graphs
Chapter 2
The Traffic Graphs section shows the data rate for the Ethernet ports and wireless
interfaces.
Figure 17: Traffic Graphs
| Status Information
Traffic Graphs
– 27 –
Page 28
3 Network Settings
This chapter describes basic network settings on the access point. It includes the
following sections:
◆ “Internet Settings” on page 28
◆ “Ethernet Settings” on page 31
◆ “LAN Settings” on page 33
◆ “Hotspot Settings” on page 34
Internet Settings
The Internet Settings page configures the basic Internet settings for the AP, such as
the source port, IP aliases, as well as the host name and maximum MTU size.
Figure 18: Internet Settings
The following items are displayed on this page:
◆ Internet Source — The Ethernet port used to access the Internet.
(Default: Ethernet Port 0; Options: Ethernet Port 0-1)
◆ IP Address Mode — The method used to provide an IP address for the Internet
access port. (Default: DHCP; Options: DHCP, static IP, PPPoE)
■
DHCP — Configuration options displayed for DHCP are shown in Figure 18,
“Internet Settings", on page 28.
– 28 –
Page 29
Chapter 3
■
Static IP — To configure a static IP address for the selected Ethernet
| Network Settings
interface, the following items must be specified.
Figure 19: IP Address Mode – Static IP
Internet Settings
■
IP Address — Specifies an IP address for the access point. Valid IP
addresses consist of four decimal numbers, 0 to 255, separated by
periods. (Default: 192.168.1)
■
Subnet Mask — Indicates the local subnet mask.
(Default: 255.255.255.0)
■
Default Gateway — The IP address of the default gateway, which is
used if the requested destination address is not on the local subnet.
If you have management stations, DNS, RADIUS, or other network
servers located on another subnet, type the IP address of the default
gateway router in the text field provided.
■
Addl DNS Server — The IP address of Domain Name Servers on the
network. A DNS maps numerical IP addresses to domain names and
can be used to identify network hosts by familiar names instead of the
IP addresses.
If you have a DNS servers located on the local network, type the IP
address in the text fields provided.
– 29 –
Page 30
Chapter 3
| Network Settings
Internet Settings
■
PPPoE — To obtain an IP address for the selected Ethernet interface using
PPPoE, the following items must be specified.
Figure 20: IP Address Mode – PPPoE
■
User Name — The user name specified by the service provider.
(Range: 1-32 characters)
■
Password — The password specified by the service provider.
(Range: 1-32 characters)
■
Service Name — The service name assigned for the PPPoE connection.
The service name is normally optional, but may be required by some
service providers. (Range: 1-32 alphanumeric characters)
◆ IP Aliases — Adds a static IPv4 address by which the access point can also be
managed.
Figure 21: IP Alias
◆ MTU Size — Sets the size of the maximum transmission unit (MTU) for packets
sent on this interface. (Range: 1400-1500 bytes; Default 1500 bytes)
– 30 –
Page 31
Ethernet Settings
Chapter 3
| Network Settings
Ethernet Settings
The Ethernet Settings page configures the network behavior of the Ethernet ports,
indicating that a port provides an Internet connection for wireless clients attached
to the local network (routed to the Internet), is bridged directly to the Internet,
connected to the guest network, or provides hotspot service.
The following items are common for all pages under Ethernet Settings:
◆ Status — Enables or disables this port. (Default: ON)
◆ Auto-negotiation — Enables or disables auto-negotiation for a given
interface. (Default: ON)
1000BASE-T does not support forced mode. Auto-negotiation should always be
used to establish a connection over any 1000BASE-T port.
When auto-negotiation is enabled, the access point will negotiate the best
settings for a link based on advertised capabilities.
Figure 22: Ethernet Settings – Internet Source
The following status message is displayed if an interface is connected to the
Internet:
◆ “This port is the internet source for this product. Configure Internet Settings”
If more than one interface is connected to the Internet, only the last configured
interface is used.
– 31 –
Page 32
Chapter 3
| Network Settings
Ethernet Settings
Figure 23: Ethernet Settings – Network Behavior
The following items are displayed on this page:
◆ Network Behavior — For the Ethernet port which is not providing Internet
access, one of the following connection methods must be specified.
(Default: Route to Internet)
■
Bridge to Internet — Configures an interface to be attached to the WAN.
Traffic from this interface is directly bridged into the Internet. (See Figure 6,
“Bridge to Internet", on page 17.) If an Ethernet port is bridged to the
Internet, management access cannot be made by a direct connection to
this port. However, if another Ethernet port or radio interface is within the
LAN (routed to the Internet) the access point can be managed through this
interface by a PC which is configured with IP address in the same subnet.
■
Route to Internet — Configures an interface to be a member of the LAN.
Traffic from this interface is routed across the access point and out through
an interface which is bridged to the Internet. (See Figure 7, “Route to
Internet", on page 18.) By default, Ethernet Port 1 is routed to Internet,
allowing management access via a direct connection to a PC configured
with an address in the same subnet.
■
Network Name — The network to be routed. The default is “Default
local network” as displayed under LAN Settings – Local Networks.
■
Add to Guest Network — This port can only access the guest network.
■
Hotspot Controlled — This port can only access hotspot services.
■
Configure Hotspot — Opens the Hotspot Settings page.
– 32 –
Page 33
LAN Settings
Chapter 3
| Network Settings
LAN Settings
The LAN Settings page configures the LAN settings for the local network and guest
network, including IP interface setting, DHCP server settings, STP administrative
status, and UPnP administrative status.
Figure 24: Network – LAN Settings
The following items are displayed on this page:
◆ Members — The interfaces attached to the local area network.
◆ IP Address — Specifies the IP address for the local network or guest network.
Valid IP addresses consist of four decimal numbers, 0 to 255, separated by
periods. (Default: 192.168.2.1)
◆ Subnet Mask — Indicates the local subnet mask. (Default: 255.255.255.0)
◆ MTU Size — Sets the size of the maximum transmission unit (MTU) for packets
sent on this network.
◆ DHCP Server — Enables/disables DHCP on this network. (Default: Enabled)
■
DHCP Start — First address in the address pool. (Range: 1-256;
Default: x.x.x.100)
■
DHCP Max — Maximum number of addresses in the address pool.
(Range: 1-255; Default: 150)
– 33 –
Page 34
Chapter 3
Hotspot Settings
| Network Settings
Hotspot Settings
◆ STP — Enables or disables processing of Spanning Tree Protocol messages.
(Default: Disabled)
◆ UPnP — Enables or disables Universal Plug-and-Play broadcast messages.
(Default: Disabled)
The Hotspot Settings page can configure Internet access to the general public in
places such as coffee houses, libraries and hospitals. Specific access rights may also
be defined through a RADIUS server.
Figure 25: Hotspot Settings (Network Settings)
The following items are displayed on this page:
◆ Network IP — Specifies the IP address for the hotspot. Valid IP addresses
consist of four decimal numbers, 0 to 255, separated by periods. (Default:
192.168.182.1)
◆ Network Mask — Network mask for the associated IP subnet. This mask
identifies the host address bits used for routing to specific subnets.
◆ DHCP Start — Starting number of (last numeric field) in address pool.
(Range: 1-254; Default: 10)
◆ DHCP End — Ending number of (last numeric field) in address pool.
(Range: 1-254; Default: 254)
◆ DHCP Lease Time — The duration that an IP address is assigned to a DHCP
client. (Range: 600-43200 seconds; Default: 600 seconds)
– 34 –
Page 35
Chapter 3
◆ DNS 1 — The IP address of the primary Domain Name Server on the network. A
| Network Settings
Hotspot Settings
DNS maps numerical IP addresses to domain names and can be used to identify
network hosts by familiar names instead of the IP addresses.
◆ DNS 2 — The secondary DNS server available to DHCP clients.
◆ DNS Domain Name — The domain name used to resolve incomplete host
names via the Domain Name System. (Range: 1-32 characters)
Figure 26: Hotspot Settings (RADIUS Settings)
The following items are displayed on this page:
◆ Radius Server 1 — IP address or host name of the primary RADIUS server.
◆ Radius Server 2 — IP address or host name of the secondary RADIUS server.
◆ Radius Shared Secret — A shared text string used to encrypt messages
between the access point and the RADIUS server. Be sure that the same text
string is specified on the RADIUS server. Do not use blank spaces in the string.
(Range: 1-255 characters).
◆ Radius Auth Port — RADIUS server UDP port used for authentication
messages. (Range: 1-65535, Default: 1812)
◆ Radius Acct Port — RADIUS server UDP port used for accounting messages.
(Range: 1-65535, Default: 1813)
◆ Local ID — Local RADIUS server identifier.
◆ Local Name — Local RADIUS server name
◆ Operation ID — Local RADIUS server operation identifier.
– 35 –
Page 36
Chapter 3
Hotspot Settings
| Network Settings
Figure 27: Hotspot Settings (Captive Portal Settings)
The following items are displayed on this page:
◆ Captive Portal URL — Host name of Internet service portal for the hotspot.
The captive portal forces a hotspot client to access a welcome web page
(normally used for authentication) before gaining further access to the Internet.
The welcome page may require authentication and/or payment.
◆ Captive Portal Secret — The password used for logging into the hotspot.
◆ Walled Garden — A list of web sites to which unauthenticated users are
allowed to navigate.
◆ Auth White List — A list of web sites to which authenticated users are allowed
to navigate.
– 36 –
Page 37
4 Wireless Settings
This chapter describes wireless settings on the access point. It includes the
following sections:
◆ “Radio Settings” on page 37
◆ “VLAN Settings” on page 50
Radio Settings
The IEEE 802.11 wireless interfaces include configuration options for radio signal
characteristics and wireless security features.
The access point can operate in several radio modes, 802.11a/a+n/AC (5 GHz) or
802.11b+g/b+g+n (2.4 GHz). Supported modes depend on the access point model.
Note that the dual-band access points can operate at 2.4 GHz and 5 GHz at the
same time. The web interface identifies the radio configuration pages as:
◆ Radio 0 — the 5 GHz 802.11a/n/AC radio interface
◆ Radio 1 — the 2.4 GHz 802.11b/g/n radio interface
Each radio supports 8 virtual access point (VAP) interfaces based on the SSIDs,
referred to as VAP 0 ~ VAP 7. Each VAP functions as a separate access point, and can
be configured with its own Service Set Identification (SSID) and security settings.
However, most radio signal parameters apply to all VAP interfaces. Traffic to specific
VAPs can be segregated based on user groups or application traffic. The clients
associate with each VAP in the same way as they would with separate physical
access points. The AP supports up to a total of 127 wireless clients across all VAP
interfaces per radio.
– 37 –
Page 38
Chapter 4
| Wireless Settings
Radio Settings
Figure 28: Radio Settings (Physical Radio Settings)
The following items are displayed on this page:
◆ Status — Enables or disables the wireless service on this interface.
◆ Mode — Selects the mode in which the AP will function.
■
Access Point (Auto-WDS) — The VAP operates as an access point in WDS
mode, which accepts connections from APs in Client WDS mode. (This is
the default setting.)
In this mode, the AP provides services to clients as a normal access point.
WDS is used to automatically search for and connect to other AP nodes
using the same SSID and security settings.
■
Client — The AP can provide a wireless connection to another AP. In this
mode, it can pass information from or to locally wired hosts, but does not
provide services to any wireless clients.
■
Client WDS — The AP provides services to clients as a normal access point,
and operates as a client station in WDS mode, which can connect to other
access points in Auto-WDS mode. Connection to another AP can be made
automatically by other access points operating in Auto-WDS mode.
◆ DFS — Dynamic Frequency Selection can be used to detect and avoid
interference with Radar systems operating in the 5 GHz range (UNII channels
52-64 and 100-140). If radar is detected, the AP will alter the channel it is
operating on and tell associated stations the channel to which it is moving. This
allows stations to re-associate with minimum interruption. (This parameter is
only applicable to the 5 GHz radio, and is enabled by default.)
◆ 802.11 Mode — Defines the radio operation mode.
■
Radio 0 (5 GHz Radio) — Default: 11a+n; Options: 11a, 11a+n, 11AC
■
Radio 1 (2.4 GHz Radio) — Default: 11b+g; Options: 11b+g, 11b+g+n
– 38 –
Page 39
Chapter 4
| Wireless Settings
Radio Settings
◆ Channel Bandwidth — The AP options for channel bandwidth include 5, 10,
20, 40 and 80 MHz. Using 20 MHz gives an 802.11g connection a speed of
54 Mbps and an 802.11n connection a speed of up to 108 Mbps, and ensures
backward compliance for slower 802.11b devices. Setting the channel
bandwidth to 40 MHz provides a connection speed for 802.11n of up to 300
Mbps. Using a channel bandwidth of 80MHz provides a connection speed up to
866.7 Mbps. (Default: 20 MHz; Range: 5 MHz, 10 MHz, 20 MHz, 40 MHz, 80MHz)
◆ Channel — The radio channel that the access point uses to communicate with
wireless clients. When multiple access points are deployed in the same area, set
the channel on neighboring access points at least five channels apart to avoid
interference with each other. For example, for 11g/n 20 MHz mode you can
deploy up to three access points in the same area using channels 1, 6, 11. Note
that wireless clients automatically set the channel to the same as that used by
the access point to which it is linked. (The available channels are dependent on
the 802.11 Mode, Channel Bandwidth, and Country Code settings.)
Selecting Auto enables the access point to automatically select an unoccupied
radio channel. (Default: Auto)
Table 1: Radio Channels
Radio 0 (5 GHz) Radio 1 (2.4 GHz)
*
Radio Channels
Auto Auto scan Auto Auto scan
36 5.180 1 2.412
40 5.200 2 2.417
44 5.220 3 2.422
48 5.240 4 2.427
149 5.745 5 2.432
153 5.765 6 2.437
157 5.785 7 2.422
161 5.805 8 2.447
165 5.825 9 2.452
* Supported channels depend on the 802.11 mode and channel bandwidth.
Frequency (GHz) Radio Channels Frequency (GHz)
10 2.457
11 2.462
– 39 –
Page 40
Chapter 4
Radio Settings
| Wireless Settings
Figure 29: Radio Settings (Wireless Network Configuration)
The following items are displayed on this page:
General Settings
◆ Status — Enables or disables the wireless service on this VAP.
◆ SSID — The name of the basic service set provided by a Virtual Access Point
(VAP) interface. Clients that want to connect to the network through the access
point must set their SSID to the same as that of the access point’s VAP interface.
(Default: ACN0.# (where # is 0-7) for 5 GHz, ACN1.# (where # is 0-7) for 2.4 GHz;
Range: 1-32 characters)
◆ Broadcast — The SSID can be broadcast at regular intervals so that wireless
stations searching for a network connection can discover it. This allows wireless
clients to dynamically discover and roam between WLANs. This feature also
makes it easier for hackers to break into your home network. Because SSIDs are
not encrypted, it is easy to grab one by snooping the WLAN looking for SSID
broadcast messages coming from the AP. (Default: Enabled)
◆ Client Isolation — If enabled, wireless clients can talk to the LAN, and reach
the Internet if such connection is available, but they cannot communicate with
one another. (Default Disabled)
– 40 –
Page 41
Chapter 4
◆ WMM — Sets the WMM operational mode on the access point. When enabled,
| Wireless Settings
Radio Settings
the parameters for each Access Category (AC) queue will be employed on the
access point and QoS capabilities advertised to WMM-enabled clients.
(Default: Enabled)
When enabled, WMM must be supported on any device trying to associated
with the access point. Devices that do not support this feature will not be
allowed to associate with the access point.
Wireless networks offer an equal opportunity for all devices to transmit data
from any type of application. Although this is acceptable for most applications,
multimedia applications (with audio and video data) are particularly sensitive
to the delay and throughput variations that result from this “equal opportunity”
wireless access method. For multimedia applications to run well over a wireless
network, a Quality of Service (QoS) mechanism is required to prioritize traffic
types and provide an “enhanced opportunity” wireless access method.
The access point implements QoS using the Wi-Fi Multimedia (WMM) standard.
Using WMM, the access point is able to prioritize traffic and optimize
performance when multiple applications compete for wireless network
bandwidth at the same time. WMM employs techniques that are a subset of the
IEEE 802.11e QoS standard and it enables the access point to inter-operate with
both WMM-enabled clients and other devices that may lack any WMM
functionality.
Access Categories — WMM defines four access categories (ACs): voice, video,
best effort, and background. These categories correspond to traffic priority
levels and are mapped to IEEE 802.1D priority tags (see Figure 2, “WMM Access
Categories", on page 41). The direct mapping of the four ACs to 802.1D
priorities is specifically intended to facilitate inter operability with other wired
network QoS policies. While the four ACs are specified for specific types of
traffic, WMM allows the priority levels to be configured to match any networkwide QoS policy. WMM also specifies a protocol that access points can use to
communicate the configured traffic priority levels to QoS-enabled wireless
clients.
Table 2: WMM Access Categories
Access
Category
AC_VO (AC3) Voice Highest priority, minimum delay. Time-sensitive
AC_VI (AC2) Video High priority, minimum del ay. Time -sensitive data
AC_BE (AC0) Best Effort Normal priority, medium delay and throughput.
AC_BK (AC1) Background Lowest priority. Data with no delay or throughput
WMM
Designation
Description 802.1D
Tag s
7, 6
data such as VoIP (Voice over IP) calls.
5, 4
such as streaming video.
0, 3
Data only affected by long delays. Data from
applications or devices that lack QoS capabilities.
2, 1
requirements, such as bulk data transfers.
– 41 –
Page 42
Chapter 4
AIFS Random Backoff
AIFS
Random Backoff
CWMin CWMax
CWMin CWMax
Time
High Priority
Low Priority
Minimum Wait Time Random Wait Time
Minimum Wait Time Random Wait Time
| Wireless Settings
Radio Settings
WMM Operation — WMM uses traffic priority based on the four ACs; Voice,
Video, Best Effort, and Background. The higher the AC priority, the higher the
probability that data is transmitted.
When the access point forwards traffic, WMM adds data packets to four
independent transmit queues, one for each AC, depending on the 802.1D
priority tag of the packet. Data packets without a priority tag are always added
to the Best Effort AC queue. From the four queues, an internal “virtual” collision
resolution mechanism first selects data with the highest priority to be granted a
transmit opportunity. Then the same collision resolution mechanism is used
externally to determine which device has access to the wireless medium.
For each AC queue, the collision resolution mechanism is dependent on two
timing parameters:
◆ AIFSN (Arbitration Inter-Frame Space Number), a number used to calculate
the minimum time between data frames
◆ CW (Contention Window), a number used to calculate a random backoff
time
After a collision detection, a backoff wait time is calculated. The total wait time
is the sum of a minimum wait time (Arbitration Inter-Frame Space, or AIFS)
determined from the AIFSN, and a random backoff time calculated from a value
selected from zero to the CW. The CW value varies within a configurable range.
It starts at CWMin and doubles after every collision up to a maximum value,
CWMax. After a successful transmission, the CW value is reset to its CWMin
value.
Figure 30: WMM Backoff Wait Times
For high-priority traffic, the AIFSN and CW values are smaller. The smaller values
equate to less backoff and wait time, and therefore more transmit
opportunities.
– 42 –
Page 43
Chapter 4
| Wireless Settings
Radio Settings
Security Settings
◆ Method — Sets the wireless security method for each VAP, including
association mode, encryption, and authentication. (Default: No Security)
■
No Security — The VAP broadcasts a beacon signal including the
configured SSID. Wireless clients with an SSID setting of “any” can read the
SSID from the beacon and automatically set their SSID to allow immediate
connection.
■
WEP Open System — The VAP broadcasts a beacon signal including the
configured SSID. Wireless clients with an SSID setting of “any” can read the
SSID from the beacon and automatically set their SSID to allow immediate
connection.
■
Key — WEP is used to encrypt data transmitted between wireless
clients and the VAP. WEP uses static shared keys (fixed-length
hexadecimal or alphanumeric strings) that are manually distributed to
all clients that want to use the network.
WEP is the security protocol initially specified in the IEEE 802.11
standard for wireless communications. Unfortunately, WEP has been
found to be seriously flawed and cannot be recommended for a high
level of network security. For more robust wireless security, the access
point provides Wi-Fi Protected Access (WPA) and WPA2 for improved
data encryption and user authentication.
Be sure that the WEP shared keys are the same for each client in the
wireless network. All clients share the same keys, which are used for
data encryption.
For 64-bit WEP, string length must be 5 ASCII characters (letters and
numbers) or 10 hexadecimal digits. For 128-bit WEP, string length must
be 13 ASCII characters (letters and numbers) or 26 hexadecimal digits.
■
WPA-PSK — For enterprise deployment, WPA requires a RADIUS
authentication server to be configured on the wired network. However, for
small office networks that may not have the resources to configure and
maintain a RADIUS server, WPA provides a simple operating mode that uses
just a pre-shared password for network access. The Pre-Shared Key mode
uses a common password for user authentication that is manually entered
on the access point and all wireless clients. The PSK mode uses the same
TKIP packet encryption and key management as WPA in the enterprise,
providing a robust and manageable alternative for small networks.
■
Encryption — Data encryption uses one of the following methods:
■
CCMP (AES) — AES-CCMP is used as the multicast encryption
cipher. AES-CCMP is the standard encryption cipher required for
WPA2. (This is the default setting.)
■
TKIP — TKIP is used as the multicast encryption cipher.
– 43 –
Page 44
Chapter 4
Radio Settings
| Wireless Settings
■
Auto: TKIP + CCMP (AES) — The encryption method used by the
client is discovered by the access point.
■
Key — WPA is used to encrypt data transmitted between wireless
clients and the VAP. WPA uses static shared keys (fixed-length
hexadecimal or alphanumeric strings) that are manually distributed to
all clients that want to use the network.
String length must be 8 to 63 ASCII characters (letters and numbers).
No special characters are allowed.
■
WPA2-PSK: Clients using WPA2 with a Pre-shared Key are accepted for
authentication.
WPA was introduced as an interim solution for the vulnerability of WEP
pending the ratification of the IEEE 802.11i wireless security standard. In
effect, the WPA security features are a subset of the 802.11i standard. WPA2
includes the now ratified 802.11i standard, but also offers backward
compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK
modes of operation and support for TKIP encryption.
Refer to WPA-PSK for a description of encryption methods and the key.
■
WPA-EAP — WPA employs a combination of several technologies to
provide an enhanced security solution for 802.11 wireless networks. A
RADIUS server is used for authentication, and can also be used for
accounting.
Refer to WPA-PSK for a description of encryption methods.
RADIUS Settings
A RADIUS server must be specified for the access point to implement IEEE
802.1X network access control and Wi-Fi Protected Access (WPA) wireless
security.
In addition, you can configure a RADIUS Accounting server to receive usersession accounting information from the access point. RADIUS Accounting
can be used to provide valuable information on user activity in the
network.
This guide assumes that you have already configured RADIUS server(s) to support
the access point. Configuration of RADIUS server software is beyond the scope of
this guide, refer to the documentation provided with the RADIUS server software.
■
Radius Auth Server — Specifies the IP address or host name of the
RADIUS authentication server.
■
Radius Auth Port — The UDP port number used by the RADIUS server
for authentication messages. (Range: 1024-65535; Default: 1812)
– 44 –
Page 45
Chapter 4
| Wireless Settings
Radio Settings
■
Radius Auth Secret — A shared text string used to encrypt messages
between the access point and the RADIUS server. Be sure that the same
text string is specified on the RADIUS authentication server. Do not use
blank spaces in the string. (Maximum length: 255 characters)
■
Radius Acct Server — Specifies the IP address or host name of the
RADIUS accounting server.
■
Radius Acct Port — The UDP port number used by the RADIUS server
for accounting messages. (Range: 1024-65535; Default: 1813)
■
Radius Acct Secret — A shared text string used to encrypt messages
between the access point and the RADIUS server. Be sure that the same
text string is specified on the RADIUS accounting server. Do not use
blank spaces in the string. (Maximum length: 255 characters)
■
WPA2-EAP —WPA was introduced as an interim solution for the
vulnerability of WEP pending the ratification of the IEEE 802.11i wireless
security standard. In effect, the WPA security features are a subset of the
802.11i standard. WPA2 includes the now ratified 802.11i standard, but also
offers backward compatibility with WPA. Therefore, WPA2 includes the
same 802.1X and PSK modes of operation and support for TKIP encryption.
A RADIUS server is used for authentication, and can also be used to
accounting.
Refer to WPA-PSK for a description of encryption methods.
Refer to WPA-EAP for a information on configuring the RADIUS server.
◆ Access Control List — Wireless clients can be authenticated for network access
by checking their MAC address against the local database configured on the
access point. (Default: OFF)
■
Policy — The MAC list can be configured to either allow or deny network
access to specified clients. (Default: Allow all MACs on list)
■
Filtered MACs — Enter a physical address for each client. Enter six pairs of
hexadecimal digits separated by colons, and followed by an optional
comment; for example, 00:90:D1:12:AB:89 John Smith’s PC
Network Settings
◆ Network Behavior — One of the following connection methods must be
specified. (Default: Route to Internet)
■
Bridge to Internet — Configures an interface as attached to the WAN.
Traffic from this interface is directly bridged into the Internet. (See Figure 6,
“Bridge to Internet", on page 17.)
– 45 –
Page 46
Chapter 4
| Wireless Settings
Radio Settings
■
Route to Internet — Configures an interface as a member of the LAN.
Traffic from this interface is routed across the access point and out through
an interface which is bridged to the Internet. (See Figure 7, “Route to
Internet", on page 18.)
■
Network Name — The network to be routed. The default is “Default
local network” as displayed under LAN Settings – Local Network.
■
Add to Guest Network — This interface can only support the guest
network.
■
Hotspot Controlled — This interface can only support hotspot services.
■
Configure Hotspot — Opens Hotspot Settings page.
■
VLAN Tag Traffic — Tags any packets passing from this VAP (virtual access
point) to the associated Ethernet port as configured under “VLAN Settings”
on page 50. (Range: 3-4095)
◆ Limit Upload — Enables rate limiting of traffic from the VAP interface as it is
passed to the wired network. You can set a maximum rate in Kbytes per second.
(Range: 256-10048576 Kbytes per second; Default: OFF)
◆ Limit Download — Enables rate limiting of traffic from the wired network as it
is passed to the VAP interface. You can set a maximum rate in kbytes per
second. (Range: 256-10048576 Kbytes per second; Default: OFF)
Advanced Settings
◆ 802.11 Rates — The minimum data rate at which the AP transmits packets on
the wireless interface.
Table 3: 802.11 Data Rates
Option Rate (Max) Coding Method Radio 0 (5 GHz) Radio 1 (2.4 GHz)
Auto Auto Based on signal strength √ √
1M 1 Mbps CKK √
2M 2 Mbps CKK √
5.5M 5.5 Mbps CKK √
11M 11 Mbps CKK √ √
6M 6 Mbps OFDM √ √
9M 9 Mbps OFDM √ √
12M 12 Mbps OFDM √ √
18M 18 Mbps OFDM √ √
24M 24 Mbps OFDM √ √
36M 36 Mbps OFDM √ √
– 46 –
Page 47
Chapter 4
| Wireless Settings
Radio Settings
Table 3: 802.11 Data Rates (Continued)
Option Rate (Max) Coding Method Radio 0 (5 GHz) Radio 1 (2.4 GHz)
48M 48 Mbps OFDM √ √
54M 54 Mbps OFDM √ √
MCS0 15 Mbps BPSK, single stream √ √
MCS1 30 Mbps QPSK, single stream √ √
MCS2 45 Mbps QPSK, single stream √ √
MCS3 60 Mbps 16-QAM, single stream √ √
MCS4 90 Mbps 16-QAM, single stream √ √
MCS5 120 Mbps 64-QAM, single stream √ √
MCS6 135 Mbps 64-QAM, single stream √ √
MCS7 150 Mbps 64-QAM, single stream √ √
MCS8 30 Mbps BPSK, double stream √ √
MCS9 60 Mbps QPSK, double stream √ √
MCS10 90 Mbps QPSK, double stream √ √
MCS11 120 Mbps 16-QAM, double stream √ √
MCS12 180 Mbps 16-QAM, double stream √ √
MCS13 240 Mbps 64-QAM, double stream √ √
MCS14 270 Mbps 64-QAM, double stream √ √
MCS15 300 Mbps 64-QAM, double stream √ √
NSS1-MCS0 32.5 Mbps 256-QAM, single stream √
NSS1-MCS1 65 Mbps 256-QAM, single stream √
NSS1-MCS2 97.5 Mbps 256-QAM, single stream √
NSS1-MCS3 130 Mbps 256-QAM, single stream √
NSS1-MCS4 195 Mbps 256-QAM, single stream √
NSS1-MCS5 260 Mbps 256-QAM, single stream √
NSS1-MCS6 292.5 Mbps 256-QAM, single stream √
NSS1-MCS7 325 Mbps 256-QAM, single stream √
NSS1-MCS8 390 Mbps 256-QAM, single stream √
NSS1-MCS9 433.3 Mbps 256-QAM, single stream √
NSS2-MCS0 65 Mbps 256-QAM, double stream √
NSS2-MCS1 130 Mbps 256-QAM, double stream √
NSS2-MCS2 195 Mbps 256-QAM, double stream √
NSS2-MCS3 260 Mbps 256-QAM, double stream √
NSS2-MCS4 390 Mbps 256-QAM, double stream √
NSS2-MCS5 520 Mbps 256-QAM, double stream √
– 47 –
Page 48
Chapter 4
| Wireless Settings
Radio Settings
Table 3: 802.11 Data Rates (Continued)
Option Rate (Max) Coding Method Radio 0 (5 GHz) Radio 1 (2.4 GHz)
NSS2-MCS6 585 Mbps 256-QAM, double stream √
NSS2-MCS7 650 Mbps 256-QAM, double stream √
NSS2-MCS8 780 Mbps 256-QAM, double stream √
NSS2-MCS9 866.7 Mbps 256-QAM, double stream √
◆ Tx Streams — Specifies a single stream at 20MHz or a dual stream at 20MHz
and 40MHz for signal transmission. (Options: 1, 2; Default 1)
◆ Rx Streams — Specifies a single stream at 20MHz or a dual stream at 20MHz
and 40MHz for signal reception. (Options: 1, 2; Default 1)
◆ Tx Power — Adjusts the power of the radio signals transmitted from the access
point. The higher the transmission power, the farther the transmission range.
Power selection is not just a trade off between coverage area and maximum
supported clients. You also have to ensure that high-power signals do not
interfere with the operation of other radio devices in the service area.
(Default: 17 dBm for 5 GHz radio, 27 dBm for 2.4 GHz radio)
Tab le 4: Tx Power
Power Radio 0 (5 GHz) Radio 1 (2.4 GHz)
0 dBM (1 mW) √ √
4dBM (2 mW) √ √
5 dBM (3 mW) √ √
7 dBM (5 mW) √ √
8 dBM (6 mW) √ √
9 dBM (7 mW) √ √
10 dBM (10 mW) √ √
11 dBM (12 mW) √ √
12 dBM (15 mW) √ √
13 dBM (19 mW) √ √
14 dBM (25 mW) √ √
15 dBM (31 mW) √ √
16 dBM (39 mW) √ √
17 dBM (50 mW) √ √
18 dBM (63 mW) √
19 dBM (79 mW) √
20 dBM (100 mW ) √
– 48 –
Page 49
Chapter 4
| Wireless Settings
Radio Settings
Tab le 4: Tx Power (Continued)
Power Radio 0 (5 GHz) Radio 1 (2.4 GHz)
21 dBM (125 mW ) √
22 dBM (158 mW ) √
23 dBM (199 mW ) √
24 dBM (251 mW ) √
25 dBM (316 mW ) √
26 dBM (398 mW ) √
27 dBM (501 mW ) √
◆ ACK Timeout — Sets the acknowledgement timeout, which is used primarily
for long-distance connections. This timeout is used to make an adjustment for
link distance. It is based on the amount of time, in microseconds, that it should
take to transmit a frame to the other end of the link, be processed by the
receiving device, and have the ACK frame created and returned to the sending
device. (Range: 0-255 microseconds; Default: 0 microseconds)
◆ Fragmentation Thresh. — Sets the maximum frame size above which packets
are fragmented. This reduces the time required to transmit the frame, and
therefore reduces the probability that it will be corrupted (at the cost of more
data overhead). (Range: 256-2346 bytes; Default: 2346 bytes)
◆ RTS Threshold — Sets the packet size threshold at which a Request to Send
(RTS) signal must be sent to a receiving station prior to the sending station
starting communications. The access point sends RTS frames to a receiving
station to negotiate the sending of a data frame. After receiving an RTS frame,
the station sends a CTS (clear to send) frame to notify the sending station that it
can start sending data.
If the RTS threshold is set to 1, the access point always sends RTS signals. If set
to 2346, the access point never sends RTS signals. If set to any other value, and
the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to
Send / Clear to Send) mechanism will be enabled.
The access points contending for the medium may not be aware of each other.
The RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 1-2346
bytes: Default: 2346 bytes)
◆ SGI — The 802.11n draft specifies two guard intervals: 400ns (short) and 800ns
(long). Support of the 400ns Short Guard Interval is optional for transmit and
receive. The purpose of a guard interval is to introduce immunity to
propagation delays, echoes, and reflections to which digital data is normally
very sensitive. Enabling the SGI sets it to 400ns. (Default: Disabled)
◆ STBC — Space-time Block Coding sends multiple copies of the same data over
a number of antennas, using the various received versions to improve the
reliability of data transfer. The transmitted signal may traverse a difficult
– 49 –
Page 50
Chapter 4
VLAN Settings
| Wireless Settings
VLAN Settings
environment with scattering, reflection, and refraction which may then be
further corrupted by thermal noise in the receiver, so some of the received
copies will be better than others. This redundancy results in a higher chance of
being able to use one or more of the received copies to correctly decode the
received signal. (Default: Disabled)
◆ AMPDU — Enables or disables the use of Aggregated MAC Protocol Data Units.
Physical layer (PHY) data rate improvements do not increase real throughput
beyond a point because of 802.11 protocol overheads. The main media access
control feature that provides a performance improvement is aggregation.
Aggregation of MAC protocol data units (MPDUs) is referred to as MPDU
aggregation or (A-MPDU). (Default: Enabled)
VLANs (virtual local area networks) are turned off by default. If turned on they will
automatically tag any packets passed to the LAN port from the relevant VAP (virtual
access point).
The access point can employ VLAN tagging to control access to network resources
and increase security. VLANs separate traffic passing between the access point,
associated clients, and the wired network. You can configure a VLAN for up to 13
VAP interfaces.
Note the following points about the access point’s VLAN support:
◆ If an Ethernet LAN port on the access point is assigned a VLAN ID, any traffic
entering that port must be also tagged with the same VLAN ID.
◆ A management VLAN can be used for managing the access point through
remote management tools, such as the web interface, SSH, Telnet or SNMP.
The access point can be configured to only accept management traffic that is
tagged with the specified management VLAN ID. This ID must be assigned to
the Ethernet ports or radio interfaces which are designated to handle
management traffic.
◆ Wireless clients associated to the access point can be assigned to a VLAN.
Wireless clients are assigned to the VLAN for the VAP interface with which they
are associated. The access point only allows traffic tagged with correct VLAN
IDs to be forwarded to associated clients on each VAP interface.
◆ When VLAN support is enabled on the access point, traffic passed to the wired
network is tagged with the appropriate VLAN ID. When an Ethernet port on the
access point is configured as a VLAN member, traffic received from the wired
network must also be tagged with the same VLAN ID. Received traffic that has
an unknown VLAN ID or no VLAN tag is dropped.
– 50 –
Page 51
Chapter 4
◆ When VLAN support is disabled, the access point does not tag traffic passed to
| Wireless Settings
VLAN Settings
the wired network and ignores the VLAN tags on any received frames.
Note:
Before enabling VLAN tagging on the access point, be sure to configure the
attached network switch port to support tagged VLAN frames for the VLAN IDs
configured on the access point. Otherwise, connectivity to the access point will be
lost when you enable the VLAN feature.
Figure 31: Configuring VLANs
The following items are displayed on this page:
◆ VLAN ID — A VLAN identifier to be assigned. (Range: 3-4095)
(VLAN 1 and 2 are reserved for internal use.)
◆ Ports — The Ethernet ports assigned to the specified VLAN.
◆ SSIDs — The SSID of a VAP configured to be a member of the specified VLAN.
This option is configured under Radio Settings (Network Settings – Network
Behavior).
– 51 –
Page 52
5 System Settings
This chapter describes maintenance settings on the access point. It includes the
following sections:
◆ “System Settings” on page 53
◆ “Maintenance” on page 54
◆ “User Accounts” on page 56
◆ “Services” on page 57
– 52 –
Page 53
System Settings
Chapter 5
| System Settings
System Settings
The System Settings page is used to configure general descriptive information
about the access point, such as the system identification name, its geographic
coordinates, and local time.
Figure 32: System Settings
The following items are displayed on this page:
◆ Device Name — An alias for the AP, enabling the device to be uniquely
identified on the network. (Default: none; Range: 0-50 characters)
◆ Device Latitude — The geographic latitude of the access point, given in
degrees and minutes. (Range: -90 to +90 degrees)
◆ Device Longitude — The geographic longitude of the access point, given in
degrees and minutes. (Range: -180 to +180 degrees)
◆ Enable reset button — Enables or disables the hardware reset button.
◆ Local Time — The local time, given as day of week, month, time, year.
◆ Configure Network Time — Links to the Network Time (NTP) section on the
Services page.
– 53 –
Page 54
Chapter 5
Maintenance
| System Settings
Maintenance
The Maintenance page supports general maintenance tasks including displaying
the system log, rebooting the device, restoring factory defaults, backing up or
restoring configuration settings, and upgrading firmware.
Figure 33: Maintenance
Displaying
System Logs
The access point saves event and error messages to a local system log database.
The log messages include the date and time, device name, message type, and
message details.
Figure 34: System Log
– 54 –
Page 55
Chapter 5
| System Settings
Maintenance
Rebooting the
Access Point
Resetting the
Access Point
The Reboot page allows you to reboot the access point.
Figure 35: Rebooting the Access Point
The Reset page allows you to reset the access point to the factory defaults. Note
that all user configured information will be lost. You will have to re-enter the
default user name and password to re-gain management access to this device.
Figure 36: Resetting to Defaults
Backing Up
Configuration
Settings
Restoring
Configuration
Settings
The Backup function allows you to back up the access point’s configuration to a
management workstation. In Windows, a GNU Zip (*.tar.gz) file will be stored in the
Downloads folder. This is a sample file name: backup-ACN-AP-2014-06-27.tar.gz
The Restore page allows you to upload configuration settings from a management
workstation. The specified file must be one that was previously backed up from the
access point.
Figure 37: Restoring Configuration Settings
– 55 –
Page 56
Chapter 5
User Accounts
| System Settings
Upgrading Firmware You can upgrade new access point software from a local file on the management
workstation. New software may be provided periodically from your distributor.
After upgrading new software, you must reboot the access point to implement the
new code. Until a reboot occurs, the access point will continue to run the software
it was using before the upgrade started. The access point supports dual software
images, so if newly loaded software is corrupted, the alternate image will be used
on the next reboot. Configuration settings are stored separately from the software,
so the current settings will always be used for any new software. However, note
that if the current configurtion settings are corrupted, the system defaults will be
used.
Figure 38: Upgrading Firmware
User Accounts
The User Accounts page allows you to control management access to the switch
based on manually configured user names and passwords.
Figure 39: User Accounts
The following items are displayed on this page:
◆ Username — The name of the user. (Range: 3-15 ASCII characters, no special
characters)
◆ Password — The user password. (Range: 3-15 ASCII characters, case sensitive,
no special characters)
– 56 –
Page 57
Services
Chapter 5
The Services page allows you to control remote management access to the switch
and to configure of NTP time servers.
| System Settings
Services
Remote Management
Settings
SSH The Secure Shell (SSH) can act as a secure replacement for Telnet. The SSH protocol
The SSH, Telnet, Web, and SNMP management interfaces are enabled and open to
access from the Internet. To provide more security, specific services can be disabled
and management access prevented from the Internet.
uses generated public keys to encrypt all data transfers passing between the access
point and SSH-enabled management station clients and ensures that data traveling
over the network arrives unaltered. Clients can then securely use the local user
name and password for access authentication.
Note that SSH client software needs to be installed on the management station to
access the access point for management via the SSH protocol.
Figure 40: SSH Server Settings
The following items are displayed on this page:
◆ SSH Server — Enables or disables SSH access to the access point.
(Default: Enabled)
◆ Port — Sets the TCP port number for the SSH server on the access point.
(Range: 1-65535; Default: 22)
◆ Allow SSH from WAN — Allows SSH management access from the WAN.
– 57 –
Page 58
Chapter 5
Services
| System Settings
Tel ne t Telnet is a remote management tool that can be used to configure the access point
from anywhere in the network. However, note that Telnet is not secure from hostile
attacks.
Figure 41: Telnet Server Settings
The following items are displayed on this page:
◆ Telnet S erver — Enables or disables Telnet access to the access point.
(Default: Enabled)
◆ Port — Sets the TCP port number for the Telnet server on the access point.
(Range: 1-65535; Default: 23)
◆ Allow Telnet from WAN — Allows Telnet management access from the WAN.
Web server A Web browser provides the primary method of managing the access point. Both
HTTP and HTTPS service can be accessed independently. If you enable HTTPS, you
must indicate this in the URL: https://device:port_number]
When you start HTTPS, the connection is established in this way:
◆ The client authenticates the server using the server’s digital certificate.
◆ The client and server negotiate a set of security protocols to use for the
connection.
◆ The client and server generate session keys for encrypting and decrypting data.
◆ The client and server establish a secure encrypted connection.
◆ A padlock icon should appear in the status bar for most browsers.
Figure 42: Web Server Settings
– 58 –
Page 59
Chapter 5
| System Settings
Services
The following items are displayed on this page:
◆ HTTP Port — The TCP port to be used by the HTTP Web browser interface.
(Range: 1-65535; Default: 80)
◆ Allow HTTP from WAN — Allows HTTP management access from the WAN.
◆ HTTPS Port — The TCP port to be used by the HTTPS Web browser interface.
(Range: 1-65535; Default: 443)
◆ Allow HTTPS from WAN — Allows HTTPS management access from the WAN.
Network Time Network Time Protocol (NTP) allows the access point to set its internal clock based
on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time
on the access point enables the system log to record meaningful dates and times
for event entries. If the clock is not set, the access point will only record the time
from the factory default set at the last bootup.
The access point acts as an NTP client, periodically sending time synchronization
requests to specified time servers. The access point will attempt to poll each server
in the configured sequence.
Figure 43: NTP Settings
The following items are displayed on this page:
◆ Local Time — Displays the local time as day of week, month,
hour:minute:second, year, based on Universal Time Coordinates.
◆ NTP Service — Enables or disables sending of requests for time updates.
(Default: Enabled)
◆ NTP Servers — Sets the host names for time servers. The switch attempts to
update the time from the first server, if this fails it attempts an update from the
next server in the sequence. To configure additional servers, click the “+”
button to open a new edit field.
– 59 –
Page 60
Chapter 5
Services
| System Settings
◆ Time Zone — To display a time corresponding to your local time, choose one
of the predefined time zones from the scroll-down list.
SNMP Simple Network Management Protocol (SNMP) is a communication protocol
designed specifically for managing devices on a network. It is typically used to
configure these devices for proper operation in a network environment, as well as
to monitor them to evaluate performance or detect potential problems.
Figure 44: SNMP Settings
The following items are displayed on this page:
◆ SNMP Server — Enables or disables SNMP on the access point.
(Default: Enabled)
◆ Contact — Administrator responsible for the access point.
◆ Community String — A community string that acts like a password and
permits access to the SNMP protocol. (Range: 1-32 characters, case sensitive;
Default: public)
The default string “public” provides read-only access to the access point’s
Management Information (MIB) database.
◆ Allow SNMP from WAN — Allows SNMP management access from the WAN.
– 60 –
Page 61
Section III
Appendices
This section provides additional information and includes these items:
◆ “Troubleshooting” on page 62
– 61 –
Page 62
A Troubleshooting
Problems Accessing the Management Interface
Table 5: Troubleshooting Chart
Symptom Action
Cannot connect using
Telnet, web browser, or
SNMP software
Forgot or lost the password
◆
Be sure the AP is powered up.
◆
Check network cabling between the management station and the
AP.
◆
Check that you have a valid network connection to the AP and
that intermediate switch ports have not been disabled.
◆
Be sure you have configured the AP with a valid IP address, subnet
mask and default gateway.
◆
Be sure the management station has an IP address in the same
subnet as the AP’s IP.
◆
If you are trying to connect to the AP using a tagged VLAN group,
your management station, and the ports connecting intermediate
switches in the network, must be configured with the appropriate
tag.
◆
If you cannot connect using Telnet, you may have exceeded the
maximum number of concurrent Telnet/SSH sessions permitted.
Try connecting again at a later time.
◆
Reset the AP to factory defaults using its Reset button.
Using System Logs
If a fault does occur, refer to the Quick Start Guide to ensure that the problem you
encountered is actually caused by the AP. If the problem appears to be caused by
the AP, follow these steps:
1. Enable SNMP in the System > Servcies menu.
2. Enable SNMP access from the WAN when connecting from a remote location.
3. Repeat the sequence of commands or other actions that lead up to the error.
4. Make a list of the commands or circumstances that led to the fault. Also make a
list of any error messages displayed.
5. Record all relevant system settings.
– 62 –
Page 63
Appendix A
| Troubleshooting
Using System Logs
6. Display the log file through the System > Maintenance menu, and copy the
information from the log file.
7. Contact your distributor’s service engineer, and send a detailed description of
the problem, along with all of the information mentioned in the above steps.
– 63 –
Page 64
Index
A
AMPDU 50
authentication
pre-shared key
RADIUS server
WPA
WPA2
43
43, 44
35, 43, 44
43
43
B
bootp 43
bridge mode
17, 32, 45
C
captive portal 36
channel
active
25
bandwidth
DFS avoidance
restrictions
selection
community string, SNMP
configuration settings
restoring
saving
country code
selection
CTS, clear to send
39
38
15
39
55
55
25, 39
13, 15
49
D
data rate, selecting 46
device status, displaying
DFS
38
DHCP
13, 28
hotspot settings
lease time
leases
23
server settings
server status
DNS
23
domain name
IP address
server address
downloading software
34
34
33
24
35
35
29
56
60
25
E
event logs 54
F
filter
address
between wireless clients
HTTP from WAN
HTTPS from WAN
management access
VLANs
firmware
displaying version
upgrading
45
40
59
59
57
50
22
56
G
gateway address 13, 23, 29, 62
H
hotspot, configuration 34
HTTP
58
port specification
HTTPS
58
port specification
59
59
I
IEEE 802.11a/ac/n 37
configuring interface
radio channel
IEEE 802.11b/g/n
configuring interface
radio channel
IEEE 802.1X
initial configuration
introduction
IP address
configuring
DHCP
DNS server
Ethernet interface
gateway
guest network
37
44, 45
12
13, 29, 32
13
28
23, 29, 35
23, 29
38
38
38
38
13
29
33
– 64 –
Page 65
Index
hotspot 34
Internet connection
local network
PPPoE
RADIUS server
static
28
wireless client
33
28, 30
35
26
L
log messages 54
M
MAC address
authentication
local
24
wireless client
45
26
N
NTP
enabling
servers
59
59
O
open system 43
P
password
captive portal secret
community string
default
13
guest network
PPPoE
30
pre-shared key
user account
wireless network
PPPoE, configuring
pre-shared key
17
16, 43
56
30
43
R
radio channel
active
25
configuring
RADIUS
rate limiting
reset button
43, 44
configuring for IEEE 802.1X
configuring for WPA
configuring local settings
IP address
39
35
46
53
60
16
23
36
44
44
35
router mode
RTS, threshold
17, 32, 46
49
S
SGI 49
shared key
SNMP
SNTP
software
SSID
status information
STBC
STP, spanning tree protocol
subnet mask
system log
system software, upgrading
43, 44
12
allow from WAN
community string
enabling
60
60
60
59
displaying version
upgrading
56
22
17, 26, 37, 38, 40, 43, 51
Internet
local network
wireless
23
24
25
49
13, 24, 29, 33, 34, 62
54
T
time zone 60
transmit power
configuring
15
48
U
upgrading software 56
user password
13, 56, 57
V
VLAN, configuration 50
W
WDS 38
WEP
43
WEP, shared key
WMM
41, 42
WPA
43, 44
WPA, pre-shared key
WPA2
44
43
43
34
56
– 65 –
Page 66
ECWO Series
E072014/ST-R01
Loading...