Edimax Technology AC-M1000, AC-M3000 User Manual

AC-M3000 / AC-M1000

Network Access Controller

User’s Manual

Version 1.00

The product you have purchased and the setup screen may appear slightly different from those shown in this QIG. For more detailed information about this product, please refer to the User's Manual on the CD-ROM.

Software and specifications subject to change without notice. Please visit our web site for the

update.

holders

Edimax AC-M3000/AC-M1000

User’s Manual

Table of Contents

1. Before You S t art............................................................................................................................3

1.1 Preface ....................................................................................................................................................3

1.2 Document Convention............................................................................................................................3

2. System Overview ...........................................................................................................................4

2.1 Introduction of Edimax AC-M3000........................................................................................................4

2.2 System Concept ......................................................................................................................................4

2.3 Specification ...........................................................................................................................................5

2.3.1 Hardware Specification.................................................................................................................................5

2.3.2 Technical Specification.................................................................................................................................5

2.3.3 Comparison of AC-M3000 and AC-M1000..................................................................................................7

3. Base Installation...........................................................................................................................8

3.1 Hardware Installation..............................................................................................................................8

3.1.1 System Requirements....................................................................................................................................8

3.1.2 Package Contents..........................................................................................................................................8

3.1.3 Panel Function Descriptions .........................................................................................................................9

3.1.4 Installation Steps.........................................................................................................................................10

3.2 Software Configuration.........................................................................................................................11

3.2.1 Quick Configuration ...................................................................................................................................11

3.2.2 User Login Portal Page...............................................................................................................................19

4. Web Interface Configuration......................................................................................................21

4.1 System Configuration ...........................................................................................................................22

4.1.1 Configuration Wizard..................................................................................................................................22

4.1.2 System Information.....................................................................................................................................23

4.1.3 WAN1 Configuration..................................................................................................................................25

4.1.4 WAN2 & Failover.......................................................................................................................................28

4.1.5 LAN Port Roles...........................................................................................................................................30

4.1.6 Controlled Configuration............................................................................................................................31

4.1.7 Uncontrolled Configuration........................................................................................................................33

4.2 User Authentication ..............................................................................................................................36

4.2.1 Authentication Configuration .....................................................................................................................36

4.2.2 Black List Configuration.............................................................................................................................54

4.2.3 Policy Configuration...................................................................................................................................56

4.2.4 Additional Configuration............................................................................................................................61

4.3 AP Management....................................................................................................................................80

4.3.1 AP List........................................................................................................................................................ 80

4.3.2 AP Discovery..............................................................................................................................................91

4.3.3 Manual Configuration.................................................................................................................................94

Edimax AC-M3000/AC-M1000

Template Settings........................................................................................................................................95

4.3.4

4.3.5 Firmware Management...............................................................................................................................97

4.3.6 AP Upgrade.................................................................................................................................................98

User’s Manual

4.4 Network Configuration.........................................................................................................................99

4.4.1 Network Address Translation......................................................................................................................99

4.4.2 Privilege List.............................................................................................................................................102

4.4.3 Monitor IP List..........................................................................................................................................103

4.4.4 Walled Garden List ...................................................................................................................................104

4.4.5 Proxy Server Properties ............................................................................................................................105

4.4.6 Dynamic DNS...........................................................................................................................................107

4.4.7 IP Mobility................................................................................................................................................107

4.4.8 VPN T erm ination......................................................................................................................................107

4.5 Utilities................................................................................................................................................109

4.5.1 Change Password......................................................................................................................................109

4.5.2 Backup/Restore Settings...........................................................................................................................110

4.5.3 Firmware Upgrade....................................................................................................................................111

4.5.4 Restart.......................................................................................................................................................112

4.6 Status...................................................................................................................................................113

4.6.1 System Status............................................................................................................................................113

4.6.2 Interface Status.......................................................................................................................................... 115

4.6.3 Current Users............................................................................................................................................117

4.6.4 Traffic History...........................................................................................................................................118

4.6.5 Notification Configuration........................................................................................................................119

4.7 Help.....................................................................................................................................................121

5. Appendix A – Console Interface...............................................................................................122

6. Appendix B – Network Configuration on PC..........................................................................125

7. Appendix C – IPSec VPN.........................................................................................................130

8. Appendix D –Proxy Setting for Hotspot...................................................................................135

9. Appendix E –Proxy Setting for Enterprise ..............................................................................140

10. Appendix F –Disclaimer for On-Demand Users .....................................................................146

11. Appendix G—DHCP Relay......................................................................................................155

Edimax AC-M3000/AC-M1000

User’s Manual

1. Before You Start

1.1 Preface

This manual is for Hotspot owners, SMBs, or administrators in enterprises to set up network environment using Edimax AC-M3000/AC-M1000. It contains step by step procedures and graphic examples to guide MIS staff or individuals with slight network system knowledge to complete the installation.

Note: this manual is applicable to both AC-M3000 and AC-M1000. For a reference of differences between AC-M3000 and AC-M1000, please see 2.3.3 – Comparison between AC-M3000 and AC-M1000.

1.2 Document Convention

y For any caution or warning that requires special attention of readers, a highlight box with the eye-catchi ng ital ic

font is used as below:

Warning: For security purposes, you should immediately change the Administrator’s password.

Indicates that clicking this button will return to the homepage of this section.

Indicates that clicking this button will return to the previous page.

Indicates that clicking this button will apply all of your settings. Indicates that clicking this button will clear all inputs before clicking Apply button.

Edimax AC-M3000/AC-M1000

User’s Manual

2. System Overview

2.1 Introduction of Edimax AC-M3000

Edimax AC-M3000 i s a Network Access Controller, specially designed for the small scaled wireless and wired network management and access control. The major functional areas include user management, access control, AP management, and security management.

2.2 System Concept

Edimax AC-M3000 dedicates to user authentication, authorization and management. The user account information is stored in the local database or specified external databases server. User authentication is processed via the SSL encrypted web interface. This interface is compatible to most desktop devices and palm computers. The following figure is an example of Edimax AC-M3000 set to control a part of the company’s intranet. The whole managed network includes the users in LAN and WLAN..

2.3 Specification

2.3.1 Hardware Specification

y General

Form Factor: Mini-desktop Dimensions (W x D x H): 243 mm x 150 mm x 45.5 mm Weight: 1.4 Kg Operating Temperature: 0 ~ 45 ℃ Storage Temperature: 0 ~ 65 ℃ Power: 110~220 VAC, 50/60 Hz Ethernet Interfaces: 10 x Fast Ethernet (10/100 Mbps)

y Connectors & Display

WAN Ports: 2 x 10BASE-T/100BASE-TX RJ-45 LAN Ports: 8 x 10BASE-T/100BASE-TX RJ-45

Edimax AC-M3000/AC-M1000

User’s Manual

Console Port: 1 x RJ-11 LED Indicators: 1 x Power, 1 x Status, 2 x WAN, 8 x LAN

2.3.2 Technical Specification

y Networking

Supports Router, NAT mode Supports Static IP, DHCP, PPPoE on WAN interface Configurable LAN ports authentication Supports IP Plug and Play (IP PnP) Built-in DHCP server and supports DHCP relay Supports NAT:

1. IP/Port Destination Redirection

2. DMZ Server Mapping

3. Virtual Server Mapping Supports static route Supports SMTP redirection Supports Wal l ed Garden (free surfing zone) Supports MAC Address Pass-Through

Supports HTTP Proxy y Security Supports data encryption: WEP (64/1 28 -bit), WPA, WPA2

Supports authentication: WPA-PSK, WPA2-PSK, IEEE 802.1x (EAP-MD5, EAP-TLS, CHAP, PEAP)

Supports VPN Pass-through (IPSec and PPTP)

Edimax AC-M3000/AC-M1000

Supports DoS attack protection

Supports user Black List

Allows user identity plus MAC address authentication for local accounts y User Management

Supports up to 120 concurrent users for AC-M3000 (50 concurrent users for AC-M1000)

Provides 500 local accounts for AC-M3000 (250 local accounts for AC-M1000)

Provides 2000 on-demand accounts

Simultaneous support for multiple authentication methods (Local and On-dem and accounts, POP3(S),

LDAP, RADIUS, NT Domain)

Role-based and policy-based access control (per-role assignments based on Firewall policies, Routing,

Customizable login and logout portal page

User Session Management:

1. SSL protected login portal page

2. Supports multiple logins with one single account

User’s Manual

3. Session idle timer

4. Session/account expiration control

5. Friendly notification email to provide a hyperlink to login portal page

6. Windows domain transparent login

7. Configurable login time frame

y AP Management

Supports up to 12 (4 for AC-M1000) IEEE 802.11b/g APs (EW-7206APg)

Centralized remote management via HTTP/SNMP interface

Automatic discovery of managed APs and list of managed APs

Allows administrators to add and delete APs from the AP list

Allows administrators to enable or disable managed APs

Provides MAC Access Control List of client stations for each managed AP

Locally maintained configuration profiles of managed APs

Single UI for upgrading and restoring managed APs’ firmware

System status monitoring of managed APs and associated client stations

Automatic recovery of APs in case of system failure

System alarms and status reports on managed APs y Monitoring and Reporting

Status monitoring of on-line users

IP-based monitoring of network devices

WAN connection failure alert

Syslog support for diagnosing and troubleshooting

User traffic history logging y Accounting and Billing

Support for RADIUS accounting, RADIUS VSA (Vendor Spe cific Attributes)

Edimax AC-M3000/AC-M1000

Built-in billing profiles for on-demand accounts

Enables session expiration control for on-demand accounts by time (hour) and data volume (MB)

Provides billing report on screen for on-demand accounts

Detailed per-user traffic history based o n time and data volume for both local and on-demand accounts

Traffic history report in an automatic email to administrator y System Administration

Multi-lingual, web-based management UI

SSH remote management

Remote firmware upgrade

NTP time synchronization

Backup and restore of system configuration

2.3.3 Comparison of AC-M3000 and AC-M1000

User’s Manual

Capacity and Performance AC-M3000 AC-M1000

Concurrent Users 120 50 Local Accounts 500 250 On-demand user Accounts 2,000 2,000 Managed Access Points (EW-7206APg) Monitored 3rd-Party Access Points 40 40 VPN Termination Tunnels 120 50 VPN 3DES/DES Throughput 30 Mbps 20 Mbps

12 4

3. Base Installation

3.1 Hardware Installation

3.1.1 System Requirements

y Standa rd 10/100BaseT network cables with RJ-45 connectors y All PCs need to install the TCP/IP network protocol

3.1.2 Package Contents

The standard package of Edimax AC-M3000 includes: y Edimax AC-M3000 x 1

Edimax AC-M3000/AC-M1000

User’s Manual

y CD-ROM x 1 y Quick Installation Guide x 1 y Power Adapter (DC 12V) x 1 y Cross Over Ethernet Cable x 1 y Console Cable x 1

Warning: It is highly recommended to use all the supplies in the p ackage inste ad of sub stituting any com ponents by other suppliers to guarantee best performance.

Edimax AC-M3000/AC-M1000

User’s Manual

3.1.3 Panel Function Descriptions

Front Panel

y LED: There are four kinds of LED, Power, Status, WAN and LAN, to indicate different status of the system. y WAN1/WAN2: The two WAN ports are connected to a network which is not managed by the Edimax AC-M 3000

system, and this port can be used to connect the ATU-Router of the ADSL, the port of a cable modem, or a

switch or a hub on the LAN of a company. y LAN1~LAN8: Clients’ machines connect to Edimax AC-M3000 via LAN ports. Each LAN po rt can be configured

to one of the two roles, controlled or uncontrolled. The differences of these two roles for a client connected to

are:

¾ Clients connected to the controlled port need to be authenticated to access network.

¾ Clients connected to uncontrolled port don’t need to be authenticated to access network and can access the

web management interface.

Rear Panel

y Reset: Press this button to restart the system. y Console: The system can be configured via a serial console port. The administrator can use a terminal

emulation program such as Microsoft’s HyperTerminal to login to the configuration console interface to change

admin password or monitor system status, etc. y DC+12V: The power adapter attaches here.

Edimax AC-M3000/AC-M1000

User’s Manual

3.1.4 Installation Steps

Please follow the following steps to install Edimax AC-M3000:

1. Connect the 12V power adapter to the power socket on the rear panel. The Po wer LED should be on to i ndicate

a proper connection.

2. Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the Ethernet cable to

a ADSL m odem, a cable m odem or a switch/hub of the network. Th e LED of WAN1 port should be on to indicate

a proper connection.

3. Connect an Ethernet cable to one of the LAN5~LAN8 Ports on the front panel. Conne ct the other end of the

Ethernet cable to an administrator’s PC. The LED of the connected port should be on to indicate a proper

connection. (Note: The default role of these four ports is Uncontrolled Port.)

4. Connect an Ethernet cable to one of the LAN1~LAN4 Ports on the front panel. Conne ct the other end of the

Ethernet cable to a client PC, AP or switch in manag e d network. The LED of the connected port should be o n to

indicate a proper connection. (Note: The default role of these four ports is Controlled Port.)

Attention:

1. Edimax AC-M3000 supports Auto Sensing MDI/MDIX. You may use either straight through or cross over cable

to connect the Ethernet Port.

2. Usually a straight cable could be applied when Edimax AC-M3000 connects to an Access Point which supports

automatic crossover. If af ter the AP hardware resets, the Edimax AC-M3000 could not be able to connect to the

AP while connecting with a straight cable, the user have to pull out and plug-in the straight cable again. This

scenario does NOT occur while using a crossover cable.

After the hardware of Edimax AC-M3000 is inst alled completely, the system is ready to be configured in the following sections.

Edimax AC-M3000/AC-M1000

User’s Manual

3.2 Software Configuration

3.2.1 Quick Configuration

There are two ways to configure the system: using Configuration Wizard or changing the setting by demands manually. The Configuration Wizard has 6 steps providing a simple and easy way to guide you through the setup of Edimax AC-M3000. Follow the procedures and instructions given by the Wizard to enter the required information step by step. After saving and restarting Edimax AC-M3000, it is ready to use. There will be 6 steps as listed below:

1. Change Admin’s Password

2. Choose System’s Time Zone

3. Set System Information

4. Select the Connection Type for WAN Port

5. Set Authentication Methods

6. Save and Restart Edimax AC-M3000

Please follow the following steps to complete the quick configuration.

1. Use the network cable of the 10/100BaseT to connect a PC to the uncontrolled port, and then open a browser

(such as Microsoft IE 6.0 or Firefox). Next, enter the gateway IP address as the web management interface’s URL, the default gateway IP address is https://192.168.2.254 page. Enter “admin”, the default username and “1234”, the default password, in the User Name and Password field. Click Enter to log in.

. In the opened webpage, you will see the login

Caution: If you can’t get the login screen, the reasons may be: 1. The PC is set incorrectly so that the PC can’t obtain the IP address automatically from the LAN port; 2. The IP address and the default gateway are not under the same network segment. Please use default IP address such as 192.168.2.xx in your network and then try it again. For the PC configuration on PC, please refer to 6. Appendix B – Network Configuration on PC.

Edimax AC-M3000/AC-M1000

User’s Manual

Edimax AC-M3000 supports three kinds of account interface. You can log in as admin, manager or operator. The default username and password as follows. Admin: The administrator can access all area of the Edimax AC-M3000.

User Name: admin

Password: 1234 Manager: The manager can access the area under User Authentication to manage the user account, but no permission to change the settings of the profiles of Firewall, Specific Route and Schedule.

User Name: manager

Password: manager Operator: The operator can only access the area of Create On-demand User to create and print out the new on-demand user accounts.

User Name: operator Password: operator

2. After successfully logging into Edimax AC-M3000, enter the web management interface and see the welcome

page. There is a Logout button on the upper right corner to log out the system when finished.

3. Then, run the configuration wizard to complete the configuration. Click System Configuration, the System

Configuration page will appear.

Edimax AC-M3000/AC-M1000

User’s Manual

4. Then, click on Configuration Wizard and click the Run Wizard to start the wizard.

5. Configuration Wizard

A welcome page that briefly introduces the 6 steps

will appear. Click Next to begin.

Edimax AC-M3000/AC-M1000

User’s Manual

y Step 1. Change Admin’s Password

Enter a new password for the admin account and retype it in the Verify Password field (twenty-character is the maximum and spaces are not allowed). Click Next to continue.

y Step 2. Choose System’s Time Zone

Select a proper time zone via the drop-down menu. Click Next to continue.

y Step 3. Set System Information

Home Page: Enter the URL to where the

users should be directed when they are successfully authenticated. NTP Server: Enter the IP address or the domain name of an external time server for Edimax AC-M3000 to do ti me synchronization or use the default. DNS Server: Enter a DNS Server provided by the ISP (Internet Service Provider). Contact the ISP if the DNS IP Address is unknown. Click Next to continue.

y Step 4. Select the Connection Type for WAN

Edimax AC-M3000/AC-M1000

User’s Manual

Port

There are three connection types of WAN1 po rt supported in the wizard: Static IP Address, Dynamic IP Address and PPPoE Client. Select a proper Internet connection type and click Next to continue.

¾ Static IP Address: Set WAN Port’s Static

IP Address

Enter the “IP Address”, “Subnet Mask” and “Default Gateway” provided by your ISP or network administrator. Click Next to continue.

¾ Dynamic IP Address

If this option is selected, Edimax AC-M3000 will get an IP address for WAN1 from an external DHCP server automatically. Click Next to continue.

¾ PPPoE Client: Set PPPoE Client’s Information

Enter the “Username” and “Password” provided by the ISP. Click Next to continue.

y Step 5. Set Authentication Methods

Enter an identified name as the postfix name in the Postfix field (e.g. Local), select a policy to assign to,

Edimax AC-M3000/AC-M1000

User’s Manual

and choose an authentication method. Click Next to continue. Different information needs be provided for each kind of authentication method respectively:

¾ Local User: Add User

A new user can be added to the local user data base. To add a user here, enter the Username (e.g. test), Password (e.g. test), MAC (optional, to specify a valid MAC address for this user) and assign a policy (or use the default). Click the ADD button to add this user ..

Attention: The policy selected in this step is applied to this user only. Per-user policy setting takes over the group policy setting at precious step unless you select None here. Click Next to continue.

Edimax AC-M3000/AC-M1000

User’s Manual

¾ POP3 User: POP3

Enter Domain Name/IP, Server Port of the POP3 server provided by the ISP, and then choose to enable SSL or not. Click Next to continue.

¾ RADIUS User: RADIUS

Enter the Domain Name/IP of the RADIUS

server, Authentication Port, Accounting Port and Secret Key. Then choose to enable

the Accounting Service or not, and choose the desired Authentication Method. Click Next to continue.

¾ LDAP User: LDAP

Enter the LDAP Server, Server Port, Base DN, and Account Attribute of the LDAP server. Click Next to continue.

¾ NT Domain User: NT Domain

When NT Domain authentication method is selected, enter the Server IP Address, and choose to enable/disable Transparent Login. If “Transparent Login” is selected, users will be logged in Edimax AC-M3000’s NT Domain active directory and authenticated automatically when they log into their Windows OS domain. Click Next to continue.

y Step 6. Save and Restart Edimax

AC-M3000

Edimax AC-M3000/AC-M1000

User’s Manual

Click Restart to save the current setting and restart Edimax AC-M3000. The Setup Wizard is completed now.

y Setup Wi zard. During Edimax AC-M3000 restart,

a “Restarting now. Please wait for a moment…” message will appear on the screen. Please do not interrupt Edimax AC-M3000 until the message has disappeared. This indicates that a completed and successful restart process is finished.

Edimax AC-M3000/AC-M1000

Caution: During each step of the wizard, if you want to go back to modify the setting, please click the Back button to go back to the previous step.

User’s Manual

3.2.2 User Login Portal Page

To login from the login portal page via the controlled port, the user has to be authenticated by the username and password. The administrator also can verify if the configuration of Edimax AC-M3000 has been done properly.

1. First, connect a client’s device (for example, a PC)

to the controlled port of Edimax AC-M 3000, and set the device to obtain an IP address automatically. After the client obtains the IP address, open an Internet browser. Try to launch any website and then the default User Login

Page will appear. Enter a valid User Name and Password (e.g. test@local for the username and

test for the password). Click Submit button.

2. Login succeed page will appear if Edimax AC-M3000 has

been installed and configured successfully. Now, clients can access the network or surf on the Internet.

3. When an on-demand user logs in successfully, the following

showing “Remaining usage” and a “Redeem” button on the button.

y Remaining usage: Show the remaining time or data volume

that the on-demand user can use to surf Internet.

Edimax AC-M3000/AC-M1000

User’s Manual

y Redeem: When the remaining time

or data size is insufficient, the client has to pay for adding credit to the counter, and then, the clie nt will get a new username and password. After clicking the Redeem button, a Redeem Page will appear. Please enter the new username and password obtained and click Enter button. The total available time or data size will be shown up after adding credit.

Edimax AC-M3000/AC-M1000

User’s Manual

4. Web Interface Configuration

This chapter will guide you through further detailed settings. The following table is the UI and functions of Edimax AC-M3000.

OPTION

FUNCTION

System

Configuration

Wizard

System

Information

WAN1

Configuration

WAN2 &

Failover

LAN Port Roles

Controlled

Configuration

Uncontrolled

Configuration

User

Authentication

Configuration

Black List

Configuration

Policy

Configuration

Additional

Configuration

Management

AP List

AP Discovery Privilege List

Manual

Configuration

Template

Settings

Firmware

Management

AP Upgrade Dynamic DNS

IP Mobility

Network

Configuration

Network Address

Translation

Monitor IP List

Walled Garden

List

Proxy Server

Properties

Utilities Status

Change

System Status

Password

Backup/Restore

Interface Status

Settings

Firmware

Current Users

Upgrade

Restart Traffic History

Notification

Configuration

VPN

Termination

Caution: After finishing the configuration of the settings, please click Apply and pay attention to see if a restart message appears on the screen. If such message appears, system must be restarted to allow the settings to take effect. All on-line users will be disconnected during restart.

Edimax AC-M3000/AC-M1000

User’s Manual

4.1 System Configuration

This section includes the following functions: Configuration Wizard, System Information, WAN1 Configuration, WAN2 & Failover, LAN Port Role s, Controlled Configuration and Uncontrolled Configuration.

4.1.1 Configuration Wizard

There are two ways to configure the system: using Configuration Wizard or changing the setting by demands manually. The Configuration Wizard has 6 steps providing a simple and easy way to go through the basic setup of Edimax AC-M3000 and is served as Quick Configuration. Please refer to 3.2.1 Quick Configuration for the introduction and description of Configuration Wizard.

Edimax AC-M3000/AC-M1000

User’s Manual

4.1.2 System Information

Most of the major system information about Edimax AC-M3000 can be set here. Please refer to the following description for each field:

Edimax AC-M3000/AC-M1000

User’s Manual

y System Name: Set the name of the system or use the default. y Device Name: FQDN (Fully-Qualified Domain Name). This is used as the domain name used in login p age. For

example, if Device Name=ashop.com, the URL of login page will be https://ashop.com/loginpages/login.shtml

y Home Page: Enter the website of a Web Server to be the homepage. When users log in successfully, they will

be directed to the homepage set. Usually, the homepage is the company’s we bsite, such as http://www.yahoo.com. Regardl ess of the original webpage set in the clients’ computers, they will be redirect to this page after login.

y Access History IP: Specify an IP address of the administrator’s computer or to get history information of

Edimax AC-M3000 with fix format URLs. Traffic Hist o ry ：https://10.2.3.213/status/history/2005-02-17

On-demand History：https://10.2.3.213/status/ondemand_history/2005-02-17

y Remote Management IP: Set the IP addresses within a range which are able to connect to the web

management interface via WAN and/or controlled port. For example, 10.2.3.0/24 means that as long as you are within the IP address range of 10.2.3.0/24, you can reach the administration page of Edimax AC-M3 000. If the IP range bit number is omitted, 32 is used to specify a single IP address.

y SNMP: Edimax AC-M3000 supports SNMPv2. If the function is enabled, it is able to assign the Manager IP

address and the SNMP community name used to access the management information base (MIB) of the system.

y User Logon SSL: Enable this function to activate https (encryption) or disable this function to activate http (non

encryption) user login page.

y Time: Edimax AC-M3000 supports NTP communication protocol to synchronize the system time with remote

time servers. Please specify the time zone and IP address of at least one NTP server in the system configuration interface for adjusting the system time automatically. (Universal Time is Greenwich Mean Time, GMT). Time can also be set manually when selecting “Set Device Date and Time”. Please enter the date and

time into these fields.

Edimax AC-M3000/AC-M1000

User’s Manual

4.1.3 WAN1 Configuration

There are 4 connection types for the WAN1 Port: Static IP Address, Dynamic IP Address, PPPoE Client and PPTP Client.

Edimax AC-M3000/AC-M1000

User’s Manual

y Static IP Address: Manually specifying the IP address of the WAN1 Port is applicable for the network

environment where the DHCP service is unavailable. The fields with red asterisks are required to be filled in.

IP Address: the IP address of the WAN1 port. Subnet Mask: the subnet mask of the WAN1 port. Default Gateway: the gateway of the W A N1 port. Preferred DNS Server: The primary DNS Server of the WAN1 port. Alternate DNS Server: The substitute DNS Server of the WAN1 port. This is not required.

y Dynamic IP address: It is only applicable for the network environment where the DHCP Server is available in

the network. Click the Renew button to get an IP address.

y PPPoE Client: This is the common connection type for ADSL. When selecting PPPoE to connect to the network,

please enter the Username, Password, MTU and CLAMPMSS. There is a Dial on Demand function under PPPoE. If this function is enabled, a Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself

Edimax AC-M3000/AC-M1000

User’s Manual

y PPTP Client: Point to Point T unnelin g Protocol is a service th at applies to bro adband co nnect ion u sed mai nly in

Europe and Israel. Select Static to specify the IP address of the PPTP Client manually or sele ct DHCP to get the IP address automatically. The fields with red asterisks are required to be filled in. There is a Dial on Demand function under PPTP. If this function is enabled, a Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself

Edimax AC-M3000/AC-M1000

User’s Manual

4.1.4 WAN2 & Failover

Except selecting None to disable WAN2 port, there are 2 connection types for the WAN2 port: Static IP Address and Dynamic IP Address. The probe target supports up to three URLs. Check “Warning of Internet Disconnection” to work with the WAN Failover function. When Warning of Internet Disconnection is enabled, the system will check the three URLs to detect the WAN ports connection status.

y None: The WAN2 Port is disabled. The probe target of up to three URLs can still be entered. Check “Warning

of Internet Disconnection” to detect the WAN1 port connection status.

Edimax AC-M3000/AC-M1000

User’s Manual

y Static IP Address: Specify the IP Address, Subnet Mask and Default Gateway of WAN2 Port, which should

be applicable for the network environment. The probe target support s up to three URLs. Che ck the “W arnin g of Internet Disconnection” box to work with the WAN Failover function.

If WAN Failover function is enabled, when WAN1 connection fails, the traffic will be routed to WAN2 automatically. If “Fallback to WAN1 when possible” function is enabled, the routed traffic will be back to WAN1 when WAN1 connection is recovered.

y Dynamic IP Address: Select this item whe n WAN2 Port can obtain an IP address automati cally. For example, a

DHCP Server is available for WAN2 Port. The probe target supports up to three URLs. Check “Warning of Internet Disconnection” box to work with the WAN Failover function.

Edimax AC-M3000/AC-M1000

User’s Manual

For Dynamic IP Address, WAN Failover and Fallback to WAN1 when possible functions also can be enabled like as the functions for St atic IP Address. If Warning of Internet Disconnec tion is enabled, a warning message can be entered to indicate what the system should display when Internet connection is down.

4.1.5 LAN Port Roles

Clients’ devices usually connect to Edimax AC-M3000 via LAN ports. Each LAN port can be configured as one of two roles, controlled or uncontrolled. The diff erences of these two roles for a client connected to are: Clients connecting to the Controlled Port need authentication to access the network; Clients connecting to Uncontrolled Port don’t need authentication to access the network and can also access the web management interface.

Edimax AC-M3000/AC-M1000

User’s Manual

4.1.6 Controlled Configuration

The clients of Controlled Port need authentication before they can access the network. In this section, you can set the related configuration of Controlled Port.

y Controlled

Operation Mode: Choose one of the two modes, NAT mode and Router mode, according to requirements. IP Address: Enter the desired IP address for the interface of the controlled port. Subnet Mask: Enter the desired subnet mask for the controlled port.

y DHCP Server Configuration

There are three types of DHCP server methods: Disable DHCP Server, Enable DHCP Server and Enable DHCP Relay.

1. Disable DHCP Server: Disable DHCP Server function of Edimax AC-M3000.

2. Enable DHCP Server: Choose Enable DHCP Sever function and set the appropriate configuration for the built-in DHCP server of Edimax AC-M3000. The fields with red asterisks are required. Please fill in these fields.

Edimax AC-M3000/AC-M1000

User’s Manual

DHCP Scope: Enter the “Start IP Address” and the “End IP Address”. Start IP Address means the fist IP address of the DHCP scope. End IP Address means the last IP address of the DHCP scope. These two settings define the IP address range that will be assigned to the clients’ of Controlled Port.

Preferred DNS Server: This means the primary DNS server for the DHCP of Controlled Port. Alternate DNS Server: This means the substitute DNS server for the DHCP of Controlled Port. Domain Name: This means the domain name of Controlled Port. WINS Server IP: This means the IP address of the WINS server if used. Lease Time: This means the time period that IP addresses got from the DHCP server are valid and

available. Reserved IP Address List: For the detail setting of Reserved IP Address List, please click the hyperlink of Reserved IP Address. After clicking, the Reserved IP Address List as shown in the following figure will appear. Enter the related Reserved IP Address, MAC, and Description (not compulsory). When finished, click Apply to complete the setting.

Edimax AC-M3000/AC-M1000

User’s Manual

Enable DHCP Relay: The DHCP Server IP addre ss must be entered when this function is enabled. For more details about DHCP Relay, please see Appendix G—DHCP Relay.

4.1.7 Uncontrolled Configuration

The clients of Uncontrolled Port don’t need authentication before they can access the network. In this section, you can set the related configuration of Uncontrolled Port.

y Uncontrolled

Edimax AC-M3000/AC-M1000

y DHCP Server Configuration

There are three types of DHCP server methods: Disable DHCP Server, Enable DHCP Server and Enable DHCP Relay.

1. Disable DHCP Server: Disable DHCP Server function of Edimax AC-M3000.

User’s Manual

Edimax AC-M3000/AC-M1000

User’s Manual

Preferred DNS Server: This means the primary DNS server for the DHCP of Uncontrolled Port. Alternate DNS Server: This means the substitute DNS server for the DHCP of Uncontrolled Port. Domain Name: This means the domain name of Uncontrolled Port. WINS Server IP: This means the IP address of the WINS server if used. Lease Time: This means the time period that IP addresses got from the DHCP server are valid and

Enable DHCP Relay: The DHCP Server IP addre ss must be entered when this function is enabled. For more details about DHCP Relay, please see Appendix G—DHCP Relay.

Edimax AC-M3000/AC-M1000

User’s Manual

4.2 User Authentication

This section includes the following functions: Authentication Configuration, Black List Configuration, Policy Configuration, and Additional Configuration.

4.2.1 Authentication Configuration

This function is used to configure the settings of authentication servers. Edimax AC-M3000 supports five types of authentication methods: Local User, POP3, Radius, LDAP, and NTDomain and provides up to three authentication servers and one on-demand user authentication server. Click the server name to set the related configurations for that particular authentication server. Without typing the postfix is allowed to fasten the login process when clients log into the default authentication server

Edimax AC-M3000/AC-M1000

User’s Manual

y Server 1~3: There are 5 kinds of authentication methods that Edimax AC-M3000 supports: Local User, POP3,

RADIUS, LDAP and NTDomain. Click the server na me to enter the Authentication Server page.

Server Name: Set a name for the server using numbers (0 to 9), alphabets (a to z or A to Z), dash (-), underline (_) and dot (.) with a maximum of 40 characters, all other letters are not allowed.

Sever Status: The status shows that the server is enabled or disabled. Postfix: Set a postfix that is easy to identify (e.g. Local) for the server by using numbers (0 to 9), alphabets (a

to z or A to Z), dash (-), underline (_) and dot (.) with a maximum of 40 characters, all other letters are not allowed.

Black List: There are 5 sets of black lists. Select one of them or choose “None”. Please refer to 4.2.2 Black List Configuration for more information. Authentication Method: There are 5 authentication methods that Edimax AC-M3000 supports: Local, POP3, Radius, LDAP and NTDomain. Select the desired authentication method and then click the link next to the drop-down menu for more advanced configuration. For more detail s, plea se refer to 4.2.1.1~5 Authentication Configuration.

Notice: Enabling two or more servers of the same authentication method is not allowed.

Policy: There are 8 policies that can be chosen from to apply to this particular server.

Edimax AC-M3000/AC-M1000

User’s Manual

y On-demand User: When the customers need to use wireless Internet service in store s, they have to get p rinted

receipts with usernames and password s from the store to log in the system for wireless access. There are 2000 On-demand User accounts available.

Server Status: The status shows that the server is enabled or disabled. Postfix: Set a postfix that is easy to identify (e.g. Local) for the server by using numbers (0 to 9), alphabets (a

to z or A to Z), dash (-), underline (_) and dot (.) with a maximum of 40 characters, all other letters are not allowed. Receipt Header: There are two fields, Receipt Header 1 and Receipt Header 2, for the receipt’s header. Enter receipt header message or use the default.

Receipt Footer: Enter receipt footer message here or use the default. Monetary Unit: Select or enter the desired monet ary unit. Policy Name: Select a policy for the on-demand user. WLAN ESSID: Enter the ESSID of APs. Wireless Key: Enter the Wireless key of APs. Remark: Enter any additional information that will appear at the bottom of the receipt. Billing Notice Interval: While an on-demand user is still logged in, the system will update the billing notice of

the login successful page by the time interval defined here.

Edimax AC-M3000/AC-M1000

User’s Manual

Users List: Click to enter the On-demand Users List page. In the On-demand Users List, detailed information will be shown here.

¾ Search: Enter a keyword of a username to be searched in the text field and click this button to perform the

search. All usernames matching the keyword will be listed.

¾ Username: The login name of the on-demand user. ¾ Password: The login password of the on-demand user. ¾ Remain Time/Volume: The total time/Volume that the user still can use currently. ¾ Status: The status of the on-demand account. Normal indicates that the account is not in-use and not

overdue. Online indicates that the account is in-use and not overdue. Expire indicates that the account is overdue and cannot be used.

¾ Expire Time: The expiration time of the account. ¾ Delete All: This will delete all users at once. ¾ Delete: This will delete a specific user individually.

Billing Configuration: Click this to enter the Billing Configuration page. In the Billing Configuration page, the administrator may configure up to 10 billing plans.

Edimax AC-M3000/AC-M1000

User’s Manual

¾ Status: Select to enable or disable this billing plan. ¾ Type: Set the billing plan by “Volume” (the maximum volume allowed is 9999999 Mbytes) or “Time” (the

maximum time allowed is 999 hours and 59 minutes).

¾ Expired info: This is the duration of time that the user needs to activate the account af ter the generation of

the account. If the account is not activated during this duration, the account will self-expire.

¾ Valid Duration: This is the duration of time that the user can use the account after the activation of the

account. After this duration, the account will self-expire.

¾ Price: The price charged for this billing plan.

Create On-demand User: Click this to enter the Create On-demand User page.

Edimax AC-M3000/AC-M1000

User’s Manual

Pressing the Create button for the desired plan, an on-demand user will be created, then click Printout to print a receipt which will contain this on-demand user’s information. There are 2000 on-demand user accounts available.

Billing Report: Click this to enter the On-demand users Summary report page. In On-demand users

Edimax AC-M3000/AC-M1000

User’s Manual

Summary report page, the administrator can get a complete report or a report within a particular period.

¾ Report All: Click this to get a complete

report including all the on-demand records. This report shows the total expenses and individual accounting of each plan for all plans available.

¾ Search: Select a time period to get a

periodical report. The report tells the total expenses and individual accounting of each plan for all plans available for that period of time.

Edimax AC-M3000/AC-M1000

User’s Manual

4.2.1.1 Authentication Method – Local User Setting

Choose Local User in the Authentication Method field, the hyperlink besides the drop-down menu will become to Local User Setting.

Click the hyperlink of Local User Setting for further configuration.

y Edit Local User List: Click the hyperlink of Edit User Setting to enter the Local User List page.

y Add User: Click this to enter the Add User interface. Fill in the necessary information such as “Username”,

“Password”, “MAC” (optional) and “Remark” (optional). Select a desired Policy, check whether to ena ble

VPN Termination.

Edimax AC-M3000/AC-M1000

User’s Manual

Click Apply to save all the settings after finishing to add users.

Upload User: Click this to enter the Upload User interface. Click the Browse button to select the text file for uploading the user accounts. Then click Submit to co mplete the upload process.

Edimax AC-M3000/AC-M1000

User’s Manual

The uploading file should be a text file and the format of each line is "ID, Password, MAC, Policy, Remark, IPSec" without the quotes. There must be no spaces between the fields and commas. The MAC field could be omitted but the trailing comma must be retained. The Group field indicate s policy number to use. When adding user accounts by uploading a file, the existing accounts in the embedd ed database will not be replaced by new ones. If you want user Enable VPN Termination, please set IPSec field to 1 to enable VPN, or 0 to disable VPN.

Download User: Click this to enter the Users List page and the system will directly show a list of all created user accounts. Click Download to create a .txt file and then save it on the disk.

Edimax AC-M3000/AC-M1000

User’s Manual

Refresh: Click this to renew the Users List page.

Search: Enter a keyword of a username that you want to search and click this button to perform the search. All

usernames matching the keyword will be listed.

Edimax AC-M3000/AC-M1000

User’s Manual

Del All: This will delete all users at once. Delete: This will delete a specific user individually. Edit User: If you want to edit the content of an individual user account, click the username of the desired user

account to enter the User Profile page of the particular user , and then modify or add any desired information such as Username, Password, MAC (optional), Policy and Remark (optional). Then check VPN Termination to enable this function or not. Click Apply to complete the modification.

y Radius Roaming Out / 802.1x Authentication: Ra dius Roaming Out / 802.1x Authentication: These 2

functions can be enabled or disabled by checking the radio buttons. Che cking either of them makes the hyperlink of Radius Client List appear.

Edimax AC-M3000/AC-M1000

User’s Manual

Click the hyperlink of Radius Client List to enter the Radius Client Configuration page. Choose the desired type, Disable, Roaming Out or 802.1x and key in the related data and then click Apply to complete the configurations.

Radius Roaming Out: When Radius Roaming Out is enabled, local users can login from other domains by using their original local user accounts.

802.1x Authentication: 802.1x is a security standard for wired and wireless LANs. It encapsulates EAP

(Extensible Authentication Protocol) processes into Ethernet packets instead of using the protocol's native PPP (Point-to-Point Protocol) environment, thus reducing some network overhead. It also puts the bulk of the processing burden upon the client (called a supplicant in 802.1x parlance) and the authentication server (such as a RADIUS), letting the "authenticator" middleman simply pass the packets back and forth.

4.2.1.2 Authentication Method – POP3

Choose POP3 in the Authentication Method field, the hyperlink next to the drop-down menu will become POP3 Setting.

Edimax AC-M3000/AC-M1000

User’s Manual

When POP3, Radius, LDAP or NTDomain is selected from the drop-down memu, the function of Enable VPN

Termination will show up. Check Enable VPN Termination to enable this function. Click the hyperlink of POP3 Setting for further configuration. Enter the related information of the primary server and/or the secondary server (the

secondary server is not required). The blanks with red asterisks are necessary information. These settings will become effective immediately after clicking the Apply button.

y Server IP: Enter the IP address/domain name given by the ISP. y Port: Enter the Port given by the ISP. The default value is 110. y Enable SSL Connection: If this function is enabled, the POP3s protocol will be used to encrypt the

authentication.

4.2.1.3 Authentication Method – Radius

Choose Radius in the Authentication Method field, the hyperlink next to the drop-down menu will become to Radius Setting.

Edimax AC-M3000/AC-M1000

User’s Manual

When POP3, Radius, LDAP or NTDomain is selected from the drop-down memu, the function of Enable VPN

Termination will show up. Check Enable VPN Termination to enable this function. Click the hyperlink of Radius Setting for further configuration. Enter the related information of the primary server and/or the secondary server (the

secondary server is not required). The blanks with red asterisks are necessary information. These settings will become effective immediately after clicking the Apply button.

Edimax AC-M3000/AC-M1000

User’s Manual

y 802.1X Authentication: When enabling this function, the hyperlink of Radius Client List will appear. Click the

hyperlink to get into the Radius Client Configuration page for further configuration. In the Radius Client Configuration page, the clients, which are using 802.1X as the authentication method, shall be put into this table. Edimax AC-M3000 will forward the authentication request from these clients to the configured Radius Server.

y Trans Full Name: When enabled, both the ID and postfix will be transferred to the RADIUS server for

authentication. When disabled, only the ID will be transferred to RADIUS server for authentication.

y NASID: Enter the NASID of the Edimax AC-M3000 for the RADIUS server. y Server IP: Enter the IP address/domain name of the RADIUS server. y Authentication Port: Enter the authentication port of the RADIUS server and the default valu e is 1812. y Accounting Port: Enter the accounting port of the RADIUS server and the default value is 1813. y Secret Key: Enter the key for encryption and decryption. y Accounting Service: Choose to enable or disable the accounting service for accounting capabilities. y Authentication Protocol: There are two methods, CHAP and PAP, for selection. y Edit Policy Mapping: Click the hyperlink of Edit Policy Mapping to enter the Policy Mapping page. Choose to

enable or disable policy mapping by RADIUS class attributes.

y Class Attribute: Class attribute sent from the RADIUS server.

Edimax AC-M3000/AC-M1000

User’s Manual

y Policy: Select the mapping policy of this class attribute. y Remark: Add some description if needed.

4.2.1.4 Authentication Method – LDAP

Choose LDAP in the Authentication Method field, the hyperlink next to the drop-down menu will become to LDAP Setting.

When POP3, Radius, LDAP or NTDomain is selected from the drop-down memu, the function of Enable VPN Termination will show up. Check Enable VPN Termination to enable this function. Click the hyperlink of LDAP Setting for further configuration. Enter the related information of the primary server and/or the secondary server (the

secondary server is not required). The blanks with red asterisks are necessary information. These settings will become effective immediately after clicking the Apply button.

y Server IP: Enter the IP address/domain name of the LDAP server. y Port: Enter the Port of the LDAP server, and the default value is 389.

Edimax AC-M3000/AC-M1000

User’s Manual

y Base DN: Enter the base DN defined of the LDAP server. y Account Attribute: Enter the account attribute of the LDAP server.

4.2.1.5 Authentication Method – NTDomain

Choose NTDomain in the Authentication Method field, the hyperlink next to the drop-down menu will become to NTDomain Setting.

When POP3, Radius, LDAP or NTDomain is selected from the drop-down memu, the function of Enable VPN Termination will show up. Check Enable VPN Termination to enable this function. Click the hyperlink of NT Domain Setting for further configuration. Enter the related information of the primary server and/or the secondary

server (the secondary server is not required). The blanks with red asterisks are necessary information. These settings will become effective immediately after clicking the Apply button.

Edimax AC-M3000/AC-M1000

y Server IP address: Enter the server IP address of the domain controller. y Transparent Login: If the function is enabled, users will log into Edimax AC-M3 000 automati cally when they log

into the Windows domain and the IP of NT Domain Server should be added into walled garden.

User’s Manual

4.2.2 Black List Configuration

The administrator can add, delete, or edit the black list for user access control. Each black list can include 40 users at most. If a user in the black list wants to log into the system, the user’s access will be denied. The administrator can use the pull-down menu to select the desired black list to edit adding users into the black list.

y Select Black List: There are 5 lists that Edimax AC-M3000 supports to select from. y Name: Set the name of the black list and it will show in the pull-down menu above. y Add User to List: Click the hyperlink of Add User to List, the Add Users to Blacklist page will appear for

adding users to the selected black list.

Edimax AC-M3000/AC-M1000

User’s Manual

After entering the usernames in the Username field and the related information in the Remark field (not required).

Click Apply to save the settings.

Edimax AC-M3000/AC-M1000

User’s Manual

If the administrator wants to remove a user from the black list, just select the user’s “Delete” check box and then click the Delete button to remove that user from the black list.

4.2.3 Policy Configuration

Each policy has three profiles, Firewall Profile, Specific Route Profile, and Schedule Profile as well as Bandwidth settings such as Total Bandwidth, Individual Maximum Bandwidth, and Individual Request Bandwidth for that policy.

Edimax AC-M3000/AC-M1000

User’s Manual

y Firewall Profile

Click the hyperlink of Setting for Firewall Profile, the Firewall Profile page will appear. Click the numbers of Filter Rule Item to edit individual rules and click Apply to save the settings. The rule status will show o n the list. Check Active to enable that rule.

Attention: Filter Rule Item 1 is the highest priority, Filter Rule Item 2 is the second priority, and so on.

Edimax AC-M3000/AC-M1000

User’s Manual

Rule Item: This is the rule selected. Rule Name: The rule name can be changed here. The rule name can be set to easily identify, for example:

“from file server”, “HTTP reques t” or “to web”, etc.

Enable this Rule: After checking this function, the rule will be enabled. Action: There are two options, Block and Pass. Block is to p revent p ack ets f rom p assi ng an d Pass is to permit

packets passi ng.

Protocol: There are three protocols to select, TCP, UDP and ICMP, or choose ALL to use all three protocols. Source MAC Address: Th e MAC address of the source IP address. This is for specific MAC address filter. Source/Destination Interface: There are four interfaces to choose, ALL, WAN1, WAN2, Controlled Port and Uncontrolled Port. Source/Destination IP: Enter the source and destination IP addresses. Source/Destination Subnet Mask: Enter the source and destination subnet masks. Source/Destination Start/End Port: En ter the range of source and destination ports.

y Specific Route Profile

Click the hyperlink of Setting for Specific Route Profile, the Specific Default Route and Specific Route Profile page will appear.

Edimax AC-M3000/AC-M1000

User’s Manual

Specific Default Route Enable: Click to enable the setting of specific default route. Default Gateway: There are 3 methods of the default gateway that Specific Default Route supports. Select WAN1 Default Gateway to set WAN1 as the default gateway. Select WAN2 Default Gateway to set WAN2 as the default gateway. Select IP Address and enter the IP address of the specific router. Specific Route Profile Profile Name: The profile name can be changed here. Destination IP Address: The destination IP address of the host or the network. Destination Subnet Netmask: Select a destination subnet netmask of the host or the network. Gateway IP Address: The IP address of the gateway or the router to the destination.

y Schedule Profile

Click the hyperlink of Setting for Schedule Profile to enter the Schedule Profile list. Select Enable to show the list. This function is used to restrict the time for users to log in. Please enable/disable the desired time slot and click Apply to save the settings. These settings will become effective immediately after clicking the Apply button.

Edimax AC-M3000/AC-M1000

User’s Manual

y Total Bandwidth

Select the bandwidth from the drop-down menu. It’s the total bandwidth the users under this particular policy need to share.

y Individual Maximum Bandwidth

Select the bandwidth from the drop-down menu. It’s t he mo st ban dwid th an indiv idual u ser ca n obt ain und er this

Edimax AC-M3000/AC-M1000

User’s Manual

particular policy, which cannot exceed the value for Total Bandwidth.

y Individual Request Bandwidth

Select the bandwidth from the drop-down menu. It’s the requested bandwidth for a user under this particular policy, which cannot exceed the value for Individual Maximum Bandwidth.

4.2.4 Additional Configuration

y User Control: Functions under this section applies for all general users.

Idle Timer: If a user has been idled with no network activities, the system will automatically kick out the user.

The logout timer can be set in the range of 1~1440 minutes, and the default logout time is 10 minutes. Multiple Login: When enabled, the same account can be logged in by different clients at the same time. (This function doesn’t support On-demand users and RADIUS server) Friendly Logout: When a user logs into the network, a small window will appear to show the user’s information and there is a logout button for the logout. If enabled. When the users try to close the small window , there will be a new popup window to confirm the logout in case the users click the logout button by accident.

y Roaming Out Timer

Session Timeout: The time that the user can access the network while roamin g. When the time is up, the user

will be kicked out automatically. Idle Timeout: If a user has been idled with no network activities, the system will automatically kick out the user.

Edimax AC-M3000/AC-M1000

User’s Manual

Interim Update: The system will update the users’ current status and usage according to this time periodically.

y Upload File

1. Certificate: The administrator can upload new private key and customer certification. Click the Browse button to select the file for the certificate upload. Then click Submit to complete the upload process.

Click Use Default Certificate to use the default certificate and key.

2. Login Page: The administrator can use the default login page or get the custo mized login page by setting the template page, uploading the page or downloading from the specific website. After finishing the setting, you can click Preview to see the login page. a. Choose Default Page to use the default login page.

b. Choose Template Page to make a customized login page here. Click Select to pick up a color and then

fill in all of the blanks. Click Preview to see the result first.

Edimax AC-M3000/AC-M1000

User’s Manual

c. Choose Uploaded Page and upload a login page. Click the Browse button to select the file to upload.

Then click Submit to complete the upload process.

Edimax AC-M3000/AC-M1000

User’s Manual

After the upload process is completed, the new login page ca n be previewed by clicking Preview button at the bottom.

The user-defined login page must include the following HTML codes to provide the necessary fields for username and password.

Edimax AC-M3000/AC-M1000

User’s Manual

If the user-defined login page includes an image file, the image file path in the HTML code must be the

image file you will upload.

Then, enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K. If the administrator wishes to restore the factory default of the login page, click the Use Default Page button to restore it to default.

After the image file is uploaded, the file name will show on the “Existing Image Files” field. Check the file and click Delete to delete the file.

In Edimax AC-M3000, the end user first gets a login page when she/he opens its web browser right after associating with an access point. However, in some situations, the hotspot owners or MIS staff may want to display “terms of use” or announcement information before the login page. Hotspot own ers or MIS staff can design a new disclaimer/announcement page and save the page in their local server. After the agreement shown on the page is read, users are asked whether they agree or disa gree with the disclaimer. By clicking I agree, users are able to log in. If users choose to decline, they will get a popup window saying they are unable to log in. The basic design is to have the disclaimer and login function in the same page but wi th the login function hidden until users agree with the disclaimer.

For more details about th e codes of the disclaimer, please refer to Appendix F.

If the page is successfully loaded, an upload success page will show up.

“Preview” can be clicked to see the uploaded page.

Edimax AC-M3000/AC-M1000

User’s Manual

If a user checks “I agree” and clicks Next, then he/she is prompted to fill in the login name and password.

If a user checks “I disagree” and clicks Next, a window will pop up to tell user that he/she cannot log in

Edimax AC-M3000/AC-M1000

User’s Manual

d. Choose the External Page selection and get the login page from the specific website. Enter the website

address in the “External Page Setting” field and then click Apply.

After applying the setting, the new login page can be previewed by clicking Preview button at the bottom of this page.

Edimax AC-M3000/AC-M1000

User’s Manual

3. Logout Page: The administrator can apply customized logout page here. The p rocess is similar to that of Login Page.

The different part is the HTML code of the user-defined logout interface must include the following HTML

code that the user can enter the username and password. After the upload is completed, the user-defined login user interface can be previewed by clicking Preview at the bottom of this page. If want to restore the factory default setting of the logout interface, click the “Use Default Page” button.

Edimax AC-M3000/AC-M1000

User’s Manual

4. Login Success Page: The administrator can use the default login success page or get the customized login success page by setting the template page, uploading the page or using the external website. After finishing the setting, you can click Preview to see the login success page. a. Choose Default Page to use the default login success page.

b. Choose Template Page to make a customized login success page here. Click Select to pick up a color

and then fill in all of the blanks. You can click Preview to see the result first.

Edimax AC-M3000/AC-M1000

User’s Manual

c. Choose Uploaded Page and you can get the login success page by uploading. Click the Browse button

to select the file for the login success page upload. Then cli ck Submit to comple te the upload process.

Edimax AC-M3000/AC-M1000

User’s Manual

After the upload process is completed, the new login success p age can be previewed by clicking Preview button at the bottom.

If the user-defined login success page includes an image file, the image file path in the HTML code must be

the image file you will upload.

Then, enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K. If the administrator wishes to restore the factory default of the login success page, click the Use Default Page button to restore it to default.

After the image file is uploaded, the file name will show on the “Existing Image Files” field. Check the file

Edimax AC-M3000/AC-M1000

User’s Manual

and click Delete to delete the file.

d. Choose the External Page selection and you can get the login success p age e from the spe cific website.

Enter the website address in the External Page Setting field and then click Apply. After applying the setting, the new login success page can be previewed by clicking Preview button at the bottom of this page.

5. Login Success Page for On-Demand: The administrator can u se the default login success page for On-Demand or get the customized login success page for On-Demand by settin g the template page, uploading the page or using the external website. After finishing the setting, you can click Preview to see the login success page for On-Demand. a. Choose Default Page to use the default login success page for On-Demand.

b. Choose Template Page to make a customized login success page for On-Demand here. Click Select to

pick up a color and then fill in all of the blanks. You can click Preview to see the result first.

Edimax AC-M3000/AC-M1000

User’s Manual

c. Choose Uploaded Page and you can get the Login Success Page Section for On-Demand Users.

Click the Browse button to select the file for the login success pag e for On-Demand. Then click Submit to complete the upload process.

Edimax AC-M3000/AC-M1000

User’s Manual

After the upload process is completed, the new login success p age for On-Demand can be previewed by clicking Preview button at the bottom.

If the user-defined login success page for On-Deman d inclu des an image file, the image file path in the

HTML code must be the image file you will upload.

Then, enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K. If the administrator wishes to restore the factory default of the login success p a ge for On-Demand, click the Use Default Page button to restore it to default.

After the image file is uploaded, the file name will show on the “Existing Image Files” field. Check the file

Edimax AC-M3000/AC-M1000

User’s Manual

and click Delete to delete the file.

d. Choose the External Page selection and you can get the login success page for On-Demand from the

specific website. Enter the website address in the “External Page Setting” field and then click Apply. After applying the setting, the new login success page for On-Demand can be previewed by clicking Preview button at the bottom of this page.

6. Logout Success Page: The administrator can use the default logout succes s page or get the customized logout success page by setting the template page, uploading the page or using the external website. After finishing the setting, you can click Preview to see the logout success page.

a. Choose Default Page to use the default logout success page.

b. Choose Template Page to make a customized logout success page here. Click Select to pick up a color

and then fill in all of the blanks. You can click Preview to see the result first.

Edimax AC-M3000/AC-M1000

User’s Manual

c. Choose Uploaded Page and you can get the logout success page by uploading. Click the Browse

button to select the file for the logout success page upload. Then click Submit to complete the upload process.

Edimax AC-M3000/AC-M1000

User’s Manual

After the upload process is completed, the new logout success page can be previewed by clicking Preview button at the bottom.

If the user-defined logout success page includes an image file, the image file path in the HTML code must

be the image file you will upload.

Then, enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K. If the administrator wishes to restore the factory default of the login success page, click the Use Default Page button to restore it to default.

Edimax AC-M3000/AC-M1000

User’s Manual

After the image file is uploaded, the file name will show on the “Existing Image Files” field. Check the file and click Delete to delete the file.

d. Choose the External Page selection and you can get the logout su ccess p age from the specifi c website.

Enter the website address in the “External Page Setting” field and then click Apply. After applying the setting, the new logout success page can be previewed by clicking Preview button at the bottom of this page.

y Credit Reminder: The administrator can enable this function to remind the on-demand users before their credit

run out. There are two kinds of reminder, Volume and Time. The default reminding trigger level for Volume is 1Mbyte and the level for Time is 5 minutes.

y POP3 Message: If a user tries to retrieve mail from POP3 mail server before login, the users will receive a

welcome mail from Edimax AC-M3000. The administrator can edit the content of this welcome mail.

Edimax AC-M3000/AC-M1000

User’s Manual

y Enhance User Authentication: With this function enabled, only the users with their MAC addresses in this list

can log into Edimax AC-M3000. There will only be 40 users allowed in this MAC address list. User authentication is still required for these users. Please click the Permit MAC Address List to fill in these MAC addresses, select Enable, and then click Apply.

Caution: The format of the MAC address is: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.

Edimax AC-M3000/AC-M1000

User’s Manual

4.3 AP Management

This section includes the following functions: AP List, AP Discovery, Manual Configuration, Template Settings, Firmware Management and AP Upgrade.

4.3.1 AP List

All of the supported APs u nder the management of Edimax AC-M3000 will be shown in the list. At first the list is empty; administrators can add APs from AP Discovery page (see 4.3.2. AP Discovery for details) or Manual Configuration page (see 4.3.3. Manual Configuration for details)

After adding an AP:

Edimax AC-M3000/AC-M1000

User’s Manual

Check any AP and click the button below to Reboot, Enable, Disable and Delete the checked AP.

Click Apply Template to select one template to apply to the AP.

Edimax AC-M3000/AC-M1000

User’s Manual

y AP Name

Click AP Name and enter the interface about related settings. There four kinds of settings, General Settings, LAN Interface Setting, Wireless Interface Setting and Access Control Setting. Click the hyperlink of each individual setting to have further configurations.

¾ General Setting: Click Setting to enter the General Setting interface. Revise the AP Name, Admin

Edimax AC-M3000/AC-M1000

Password and Remark here if desired. Firmware information can also be viewed here.

User’s Manual

¾ LAN Setting: Click LAN to enter the LAN Setting interface. Input the data of LAN including IP address,

Subnet Mask and Default Gateway of AP.

¾ Wireless LAN: Click Wireless LAN to enter the Wireless interface. The data of Properties and Security

need to be filled.

Edimax AC-M3000/AC-M1000

User’s Manual

Properties

y SSID: The SSID is the unique name shared among all devices in a wireless network. The SSID must be

the same for all devices in the wireless network. It is case sensitive and has a maximum length of 32 bytes.

y SSID Broadcast: Select this option to enable the SSID to broadcast in your network. When configuring

the network, it is suggested to enable this function but disable it when the configuration is complete. With this enabled, someone could easily obtain the SSID information with the site survey software and get unauthorized access to a private network. With this disabled, network security is enhanced and can prevent the SSID from being seen on networked.

y Channel: Select the appropriate channel from the list to correspond with the network settings; for

example, 1 to 11 channels are suitable for the North America area.

y Transmission Mode: There are 3 modes to select, 802.11b (2.4G, 1~11Mbps), 802.11g (2.4G, 54Mbps)

and Mix mode (b and g).

y Transmission Rate: The default is Auto. Available range is from 1 to 54Mbps. The rate of data

transmission should be set depending on the speed of the wireless network. Select from a range of transmission speed or keep the default setting, Auto, to make the Access Point automatically use the fastest rate possible.

Edimax AC-M3000/AC-M1000

User’s Manual

y CTS Protection: The default value is Disable. When select “Enable”, a protection mechanism will

decrease collision probability when many 802.11g devices exist simultaneously. However, performance of the 802.11g devices may decrease.

y Fragment Th reshold: Breaking a packet into smaller units when transmitting over a network medium

that cannot support the original size of the packet.

y RTS Thresh old: Reque st To Send. A packet sent wh en a compute r has data to tran smit. The comp uter

will wait for a CTS (Clear To Send) message before sending data.

y Beac on Interv al (ms): Enter a valu e between 20 a nd 1000 msec. T he default value is 100 millise conds.

The entered time means how often the beacon signal transmission between the access point and the wireless network.

y Preamble Type: The length of the CRC (Cyclic Redundancy Check) block for communication between

the Access Point and ro aming wireless adapters. Select either Short Preamble or Long Preamble.

y IAPP: Inter Access-Point Protocol is designed for the enforcement of unique association throughout a

ESS (Extended Service Set) and for secure exchange of station’s security context between current access point (AP) and new AP during handoff period.

y Block Relay: Select whether to enable this function.

y Tx Power Level: Choose which Tx power level desired from the drop-down menu.

Security:

y Security Type: Choose one security type from the drop-down menu. y WEP: Choose WEP authentication type here.

y WEP: WEP uses an encryption key that automatically encrypts outgoing wireless data. On the receiving

side, the same encryption key enables the computer to automatically decrypt the information so it can be read. Select Authentication Type (Open System, Shared Key or Both), Key Length (64 bits or 128 bits), Key Index (Key1~Key4) and then input the Key. Check 802.1x Authentication to enable this function and enter the related data, if necessary.

Edimax AC-M3000/AC-M1000

User’s Manual

y WPA: WPA is Wi-Fi’s encryption method that protects unauthorized network access by verifying network

users through a server. Select 802.1x or WPA-PSK security type and enter the related information below.

y WPA2: Wi-Fi Protected Access version 2. The follow on security method to WPA for Wi-Fi networks that

provides stronger data protection and network access control. Select 802.1x or WPA-PSK security type and enter the related information below. WPA2 only can use AES encryption type.

Edimax AC-M3000/AC-M1000

User’s Manual

y WPA Mixed: If using TKIP and AES encryption type at the same time is desired, choose this security

type. Select 802.1x or WPA-PSK security type and enter the related information below.

¾ Access Control: In this function, when the status is Enabled, only these clients which MAC addresses are

listed in the list can be allowed to connect Edimax AC-M3000. When Disabled is selected, all clients can connect Edimax AC-M3000. The default is Disabled.

Edimax AC-M3000/AC-M1000

User’s Manual

y Status

After clicking the hyperlink of Status, the basic information of the AP including AP Name, AP Type, LAN MAC, LAN MAC, Wireless LAN MAC, Up Time, Report Time, SSID, Number of Associated Clients and Remark will be shown. In the below of the AP Status Detail, there are the related detailed information, System Status, LAN Status, Wirele ss LAN Status, Access Control Status and Associated Client Status.

Edimax AC-M3000/AC-M1000

User’s Manual

¾ System Status: The table shows the information about AP Name, AP Status and Last Reporting Ti me.

¾ LAN Status: The table shows the info rmation about IP Address, Subnet Mask and Gateway.

¾ Wireless LAN Status: The table shows all of the related wireless information.

Edimax AC-M3000/AC-M1000

User’s Manual

¾ Access Control Status: The table shows the status of MAC of clients under the control of the AP.

¾ Associated Client Status: The table shows the clients connecting to the AP and the related information of

the client.

4.3.2 AP Discovery

Use this function to detect and manage all the supported APs in the network segments.

Edimax AC-M3000/AC-M1000

User’s Manual

y To discover AP manually, please fill in the require d data.

¾ Interface: Check Uncontrolled or/and Controlled and enter the Base IP and Pool Size (the discovered

APs will be given an IP address among the pool).

¾ AP Access: Input the IP Address Range of the AP to be discovered, (the default is

192.168.2.1/192.168.2.1), ID (the default is admin) and Password (the default is 1234) of the AP. Then click the Discover button and the APs that match the given settings will show in the Discovered AP List below. If any IP addres s among the IP range assi gned for a spe cific AP is used, there will be a warning message showing up. Please change the Base IP or Pool Size of the desired Interface to provide available IP addresses

Edimax AC-M3000/AC-M1000

User’s Manual

for APs and then click Discover again. For the desired AP, input the desired name and password, select one template to apply, select the check box, and click Add to add the AP to the AP List. (About the template, please see 4.3.4 T e mplate Settings).

When the matched AP is di scovered, it will be shown in the AP List below and be given a new IP address as set previously (ex: 192.168.2.2). Check the Add box to add the AP, and it will be listed in the AP List.

Edimax AC-M3000/AC-M1000

User’s Manual

Click Configuring to go to the related configuration. For the details, please refer to 4.3.1 AP List.

y Auto-Discovery: Click Configure to enter the Auto-Discovery interface and have further configuration.

Edimax AC-M3000/AC-M1000

User’s Manual

The Interface and AP Access configuration is the same as the settings mentioned above. Click “Configure” button for more Auto-Disco very functions. A selection known as “Interval” can be selected from the drop-down box, and the system will scan periodically according to the its setting (the default value is 10 minutes). If Auto-Add AP is enabled, a new detected AP will be assign ed an available IP address from the IP address range set in Interface and applied with the selected template.

4.3.3 Manual Configuration

The supported APs can also be added manually. Enter the related information of the AP and select a Template. Click ADD and then the AP will be added to the AP List.

4.3.4 Template Settings

Edimax AC-M3000/AC-M1000

User’s Manual

Template is a model that can be copied to every AP without having to configure the each AP individually. There are three templates provided. Click Edit to go to configuration.

Except configuring all the template setting, copy the configuration of an AP to the template by selecting a Source AP and revise some settings is also acceptable. Please select None if configuring the whole template from the draft is desired. Enter the Template Name and Template Remark (optional) and click the hyperli nk of Template ID to have further configuration.

Edimax AC-M3000/AC-M1000

User’s Manual

After click the hyperlink of Template ID to enter the Template Edit page, revise the configuration for demand such as SSID or Channel. About other functions of Wireless section, please refer to 4.3.1 AP List.

Access Control function provides to control the clients’ devices that are allowed to associate with the APs applied with the desired template setting. Choose Disabled or Enabled this function and enter the desired clients’ MAC addresses in the MAC Address List. There are up to 20 MAC addresses available. When this function is enabled, please make sure the MAC Address List is not empty.

Edimax AC-M3000/AC-M1000

User’s Manual

4.3.5 Firmware Management

In this function, AP’s firmware can be uploaded. The current firmware can also be downloaded to the local storage.

4.3.6 AP Upgrade

Edimax AC-M3000/AC-M1000

User’s Manual

Check the APs which need to be upgraded and select the upgrade version of firmware, and click Apply to upgrade firmware.

Edimax Technology AC-M1000, AC-M3000 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual