How it Works
LevelOne
Loading...
108Mbps PoE
User Manual
118 pgs1.89 Mb0

LevelOne 108Mbps PoE, WAP-0005 User Manual

i
LevelOne
108Mbps PoE Access Point
User Manual
V3.0.0-0608
TABLE OF CONTENTS
CHAPTER 1 INTRODUCTION......................................................................................................................................1
FIGURE 1: WIRELESS ACCESS POINT....................................................................................................................1
FEATURES OF YOUR WIRELESS ACCESS POINT................................................................................................................ 1
Security Features........................................................................................................................................................2
Advanced Features.....................................................................................................................................................3
PACKAGE CONTENTS.......................................................................................................................................................4
PHYSICAL DETAILS..........................................................................................................................................................4
Front Panel LEDs.......................................................................................................................................................4
Rear Panel..................................................................................................................................................................5
CHAPTER 2 INSTALLATION.......................................................................................................................................6
REQUIREMENTS............................................................................................................................................................... 6
PROCEDURE..................................................................................................................................................................... 6
Using PoE (Power over Ethernet)..............................................................................................................................7
CHAPTER 3 ACCESS POINT SETUP........................................................................................................................9
OVERVIEW.......................................................................................................................................................................9
SETUP USING THE WINDOWS UTILITY .............................................................................................................................9
Installation.................................................................................................................................................................. 9
Main Screen................................................................................................................................................................9
Setup Procedure ....................................................................................................................................................... 11
SETUP USING A WEB BROWSER .....................................................................................................................................12
Setup Procedure ....................................................................................................................................................... 12
ACCESS CONTROL .........................................................................................................................................................14
Trusted Wireless Stations ......................................................................................................................................... 15
SECURITY PROFILES ......................................................................................................................................................17
VLAN Configuration Screen.....................................................................................................................................19
SECURITY PROFILE SCREEN...........................................................................................................................................21
Profile Data.............................................................................................................................................................. 21
Security Settings ....................................................................................................................................................... 21
Security Settings - None............................................................................................................................................ 23
Radius MAC Authentication.....................................................................................................................................23
UAM ......................................................................................................................................................................... 25
Security Settings - WEP............................................................................................................................................27
Security Settings - WPA-PSK....................................................................................................................................29
Security Settings - WPA2-PSK..................................................................................................................................30
Security Settings - WPA-PSK and WPA2-PSK.........................................................................................................31
Security Settings - WPA with Radius........................................................................................................................ 33
Security Settings - WPA2 with Radius......................................................................................................................35
Security Settings - WPA and WPA2 with Radius......................................................................................................37
Security Settings - 802.1x .........................................................................................................................................39
SYSTEM SCREEN............................................................................................................................................................ 42
WIRELESS SCREENS.......................................................................................................................................................44
BASIC SETTINGS SCREEN...............................................................................................................................................44
ADVANCED SETTINGS....................................................................................................................................................48
CHAPTER 4 PC AND SERVER CONFIGURATION...............................................................................................50
OVERVIEW.....................................................................................................................................................................50
USING WEP...................................................................................................................................................................50
USING WPA-PSK .........................................................................................................................................................51
USING WPA-802.1X .....................................................................................................................................................52
802.1X SERVER SETUP (WINDOWS 2000 SERVER) ........................................................................................................ 53
Windows 2000 Domain Controller Setup.................................................................................................................53
Services Installation .................................................................................................................................................53
DHCP server configuration......................................................................................................................................54
Certificate Authority Setup .......................................................................................................................................57
Internet Authentication Service (Radius) Setup........................................................................................................ 60
Remote Access Login for Users................................................................................................................................ 62
802.1X CLIENT SETUP ON WINDOWS XP.......................................................................................................................63
Client Certificate Setup.............................................................................................................................................63
802.1x Authentication Setup.....................................................................................................................................66
USING 802.1X MODE (WITHOUT WPA)......................................................................................................................... 68
CHAPTER 5 OPERATION AND STATUS................................................................................................................69
OPERATION....................................................................................................................................................................69
STATUS SCREEN ............................................................................................................................................................69
Statistics Screen........................................................................................................................................................71
Profile Status ............................................................................................................................................................73
Activity Log............................................................................................................................................................... 74
Station List................................................................................................................................................................75
CHAPTER 6 ACCESS POINT MANAGEMENT.......................................................................................................76
OVERVIEW.....................................................................................................................................................................76
ADMIN LOGIN SCREEN ..................................................................................................................................................76
AUTO CONFIG/UPDATE ................................................................................................................................................. 78
CONFIG FILE..................................................................................................................................................................80
LOG SETTINGS (SYSLOG)...............................................................................................................................................82
ROGUE APS...................................................................................................................................................................83
SNMP...........................................................................................................................................................................84
UPGRADE FIRMWARE ....................................................................................................................................................85
APPENDIX A SPECIFICATIONS...............................................................................................................................86
WIRELESS ACCESS POINT..............................................................................................................................................86
Hardware Specifications ..........................................................................................................................................86
Wireless Specifications............................................................................................................................................. 86
Software Specifications.............................................................................................................................................87
FCC Statement..........................................................................................................................................................89
APPENDIX B TROUBLESHOOTING........................................................................................................................90
OVERVIEW.....................................................................................................................................................................90
GENERAL PROBLEMS..................................................................................................................................................... 90
APPENDIX C WINDOWS TCP/IP...............................................................................................................................92
OVERVIEW.....................................................................................................................................................................92
CHECKING TCP/IP SETTINGS - WINDOWS 9X/ME:........................................................................................................ 92
FIGURE 66: NETWORK CONFIGURATION............................................................................................................ 92
FIGURE 67: IP ADDRESS (WIN 95).........................................................................................................................92
CHECKING TCP/IP SETTINGS - WINDOWS NT4.0..........................................................................................................94
CHECKING TCP/IP SETTINGS - WINDOWS 2000............................................................................................................96
CHECKING TCP/IP SETTINGS - WINDOWS XP............................................................................................................... 98
APPENDIX D ABOUT WIRELESS LANS...............................................................................................................100
OVERVIEW...................................................................................................................................................................100
WIRELESS LAN TERMINOLOGY ..................................................................................................................................100
Modes ..................................................................................................................................................................... 100
SSID/ESSID............................................................................................................................................................100
Channels................................................................................................................................................................. 101
WEP........................................................................................................................................................................101
WPA-PSK................................................................................................................................................................101
WPA-802.1x............................................................................................................................................................101
802.1x .....................................................................................................................................................................101
APPENDIX E COMMAND LINE INTERFACE........................................................................................................103
OVERVIEW...................................................................................................................................................................103
Using the CLI - Telnet............................................................................................................................................103
iv
Using the CLI - Serial Port.....................................................................................................................................103
COMMAND REFERENCE ...............................................................................................................................................104
1
Chapter 1
Introduction
This Chapter provides an overview of the Wireless Access Point's features and ca­pabilities.
Congratulations on the purchase of your new Wireless Access Point. The Wireless Access Point links your 802.11g or 802.11b Wireless Stations to your wired LAN. The Wireless stations and devices on the wired LAN are then on the same network, and can communicate with each other without regard for whether they are connected to the network via a Wireless or wired connection.
Figure 1: Wireless Access Point
The auto-sensing capability of the Wireless Access Point allows packet transmission up to 54Mbps for maximum throughput, or automatic speed reduction to lower speeds when the environment does not permit maximum throughput.
Features of your Wireless Access Point
The Wireless Access Point incorporates many advanced features, carefully designed to provide sophisti­cated functions while being easy to use.
Standards Compliant. The Wireless Router complies with the IEEE802.11g (DSSS) specifications
for Wireless LANs.
Supports both 802.11b and 802.11g Wireless Stations. The 802.11g standard provides for
backward compatibility with the 802.11b standard, so both 802.11b and 802.11g Wireless stations can be used simultaneously.
108Mbps Wireless Connections. Under Super G mode, 108Mbps connections are available to
compatible clients.
Bridge Mode Support. The Wireless Access Point can operate in Bridge Mode, connecting to an-
other Access Point. Both PTP (Point to Point) and PTMP (Point to Multi-Point) Bridge modes are supported.
And you can even use both Bridge Mode and Access Point Mode simultaneously!
1
Wireless Access Point User Guide
2
Client/Repeater Access Point. The Wireless Access Point can operate as a Client or Repeater
Access Point, sending all traffic received to another Access Point.
Simple Configuration. If the default settings are unsuitable, they can be changed quickly and easily.
DHCP Client Support. Dynamic Host Configuration Protocol provides a dynamic IP address to PCs
and other devices upon request. The Wireless Access Point can act as a DHCP Client, and obtain an IP address and related information from your existing DHPC Server.
Upgradeable Firmware. Firmware is stored in a flash memory and can be upgraded easily, using
only your Web Browser.
Security Features
Security Profiles. For maximum flexibility, wireless security settings are stored in Security Profiles.
Up to 8 Security profiles can be defined, and up to 4 used as any time.
Multiple SSIDs. Because each Security Profile has it own SSID, and up to 4 Security Profiles can be
active simultaneously, multiple SSIDs are supported. Different clients can connect to the Wireless Ac­cess Point using different SSIDs, with different security settings.
Multiple SSID Isolation. If desired, PCs and devices connecting using different SSIDs can be
isolated from each other.
VLAN Support. The 802.1Q VLAN standard is supported, allowing traffic from different sources to be
segmented. Combined with the multiple SSID feature, this provides a powerful tool to control access to your LAN.
WEP support. Support for WEP (Wired Equivalent Privacy) is included. Both 64 Bit and 128 Bit keys
are supported.
WPA support. Support for WPA is included. WPA is more secure than WEP, and should be used if
possible.
WPA2 support. Support for WPA2 is also included. WPA2 uses the extremely secure AES encryption
method.
802.1x Support. Support for 802.1x mode is included, providing for the industrial-strength wireless
security of 802.1x authentication and authorization.
Radius Client Support. The Wireless Access Point can login to your existing Radius Server (as a
Radius client).
Radius MAC Authentication. You can centralize the checking of Wireless Station MAC addresses
by using a Radius Server.
Rogue AP Detection. The Wireless Access Point can detect unauthorized (Rouge) Access Points on
your LAN.
Access Control. The Access Control feature can check the MAC address of Wireless clients to
ensure that only trusted Wireless Stations can use the Wireless Access Point to gain access to your LAN.
Password - protected Configuration. Optional password protection is provided to prevent unau-
thorized users from modifying the configuration data and settings.
Introduction
3
Advanced Features
Auto Configuration. The Wireless Access Point can perform self-configuration by copying the con-
figuration data from another Access Point. This feature is enabled by default.
Auto Update. The Wireless Access Point can automatically update its firmware, by downloading and
installing new firmware from your FTP server.
Command Line Interface. If desired, the command line interface (CLI) can be used for configuration.
This provides the possibility of creating scripts to perform common configuration changes.
NetBIOS & WINS Support. Support for both NetBIOS broadcast and WINS (Windows Internet
Naming Service) allows the Wireless Access Point to easily fit into your existing Windows network.
Radius Accounting Support. If you have a Radius Server, you can use it to provide accounting
data on Wireless clients.
Syslog Support. If you have a Syslog Server, the Wireless Access Point can send its log data to your
Syslog Server.
SNMP Support. SNMP (Simple Network Management Protocol) is supported, allowing you to use a
SNMP program to manage the Wireless Access Point.
UAM Support. The Wireless Access Point supports UAM (Universal Access Method), making it suitable for use in Internet cafes and other sites where user access time must be accounted for.
WDS Support. Support for WDS (Wireless Distribution System) allows the Wireless Access Point to act as a Wireless Bridge. Both Point-to-Point and Multi-Point Bridge modes are supported.
Wireless Access Point User Guide
4
Package Contents
The following items should be included:
WAP-0005
Power Adapter
Quick Installation Guide
CD Manual/Utility.
If any of the above items are damaged or missing, please contact your dealer immediately.
Physical Details
Front Panel LEDs
Figure 2: Front Panel
Status On - Error condition.
Off - Normal operation. Blinking - During start up, and when the Firmware is being up-
graded.
Power On - Normal operation.
Off - No power
LAN On - The LAN (Ethernet) port is active.
Off - No active connection on the LAN (Ethernet) port. Flashing - Data is being transmitted or received via the corre-
sponding LAN (Ethernet) port.
Wireless LAN
On -
Idle
Off - Error- Wireless connection is not available. Flashing - Data is being transmitted or received via the Wireless
access point. Data includes "network traffic" as well as user data.
Introduction
5
Rear Panel
Figure 3 Rear Panel
Antenna
One antenna (aerial) is supplied. Best results are usually ob­tained with the antenna in a vertical position.
Console port
DB9 female RS232 port.
Reset Button
This button has two (2) functions:
Reboot. When pressed and released, the Wireless Access Point will reboot (restart).
Reset to Factory Defaults. This button can also be used to clear ALL data and restore ALL settings to the factory de­fault values.
To Clear All Data and restore the factory default values:
1. Power Off the Access Point
2. Hold the Reset Button down while you Power On the Access Point.
3. Continue holding the Reset Button until the Status (Red) LED blinks TWICE.
4. Release the Reset Button. The factory default configuration has now been restored, and the Access Point is ready for use.
Ethernet
Use a standard LAN cable (RJ45 connectors) to connect this port to a 10BaseT or 100BaseT hub on your LAN.
Power port
Connect the supplied power adapter here.
6
Chapter 2
Installation
This Chapter covers the physical installation of the Wireless Access Point.
Requirements
Requirements:
TCP/IP network
Ethernet cable with RJ-45 connectors
Installed Wireless network adapter for each PC that will be wirelessly connected to the network
Procedure
1. Select a suitable location for the installation of your Wireless Access Point. To maximize reliability and performance, follow these guidelines:
Use an elevated location, such as wall mounted or on the top of a cubicle.
Place the Wireless Access Point near the center of your wireless coverage area.
If possible, ensure there are no thick walls or metal shielding between the Wireless Access Point
and Wireless stations. Under ideal conditions, the Wireless Access Point has a range of around 150 meters (450 feet). The range is reduced, and transmission speed is lower, if there are any obstruc­tions between Wireless devices.
Figure 4: Installation Diagram
2. Use a standard LAN cable to connect the “Ethernet” port on the Wireless Access Point to a 10/100BaseT hub on your LAN.
3. Connect the supplied power adapter to the Wireless Access Point and a convenient power outlet, and power up. NOTE: If you wish to use PoE (Power over Ethernet), refer to the following section.
4. Check the LEDs:
2
Installation
7
The Status LED should flash, then turn OFF.
The Power, Wireless LAN, and LAN LEDs should be ON.
For more information, refer to Front Panel LEDs in Chapter 1.
Using PoE (Power over Ethernet)
The Wireless Access Point supports PoE (Power over Ethernet). To use PoE:
1. Do not connect the supplied power adapter to the Wireless Access Point.
2. Connect one end of a standard (category 5) LAN cable to the Ethernet port on the Wireless Access Point.
3. Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter. (24V DC, 500mA)
4. Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch.
5. Connect the power supply to the PoE adapter and power up.
6. Check the LEDs on the Wireless Access Point to see it is drawing power via the Ethernet connection.
Figure 5: Using PoE (Power over Ethernet)
9
Chapter 3
Access Point Setup
This Chapter provides details of the Setup process for Basic Operation of your Wireless Access Point.
Overview
This chapter describes the setup procedure to make the Wireless Access Point a valid device on your LAN, and to function as an Access Point for your Wireless Stations. Wireless Stations may also require configuration. For details, see Chapter 4 - Wireless Station Configuration. The Wireless Access Point can be configured using either the supplied Windows utility or your Web Browser
Setup using the Windows Utility
A simple Windows setup utility is supplied on the CD-ROM. This utility can be used to assign a suitable IP address to the Wireless Access Point. Using this utility is recommended, because it can locate the Wireless Access Point even if it has an invalid IP address.
Installation
1. Insert the supplied CD-ROM in your drive.
2. If the utility does not start automatically, run the SETUP program in the root folder.
3. Follow the prompts to complete the installation.
Main Screen
Start the program by using the icon created by the setup program.
When run, the program searches the network for all active Wireless Access Points, then lists them on
screen, as shown by the example below.
Figure 6: Management utility Screen
Wireless Access Points
The main panel displays a list of all Wireless Access Points found on the network. For each Access Point, the following data is shown:
Server Name
The Server Name is shown on a sticker on the base of the device.
IP address
The IP address for the Wireless Access Point.
3
Wireless Access Point User Guide
10
MAC Address
The hardware or physical address of the Wireless Access Point.
IEEE Stan­dard
The wireless standard or standards used by the Wireless Access Point (e.g. 802.11b, 802.11g)
FW Version
The current Firmware version installed in the Wireless Access Point.
Description
Any extra information for the Wireless Access Point, entered by
the administrator. Note: If the desired Wireless Access Point is not listed, check that the device is installed and ON, then update the list by clicking the Refresh button.
Buttons
Refresh
Click this button to update the Wireless Access Point device listing after changing the name or IP Address.
Detail Info
When clicked, additional information about the selected Access Point will be displayed.
Web Management
Use this button to connect to the Wireless Access Point's Web-based management interface.
Set IP Address
Click this button if you want to change the IP Address of the Wireless Access Point.
Exit
Exit the Management utility program by clicking this button.
Access Point Setup
11
Setup Procedure
1. Select the desired Wireless Access Point.
2. Click the Set IP Address button.
3. If prompted, enter the user name and password. The default values are admin for the User Name, and
password for the Password.
4. Ensure the IP address, Network Mask, and Gateway are correct for your LAN. Save any changes.
5. Click the Web Management button to connect to the selected Wireless Access Point using your Web
Browser. If prompted, enter the User Name and Password again.
6. Check the following screens, and configure as necessary for your environment. Use the on-line help if
necessary. The later sections in this Chapter also provide more details about each of these screens.
Access Control - MAC level access control.
Security Profiles - Wireless security.
System - Identification, location, and Network settings
Wireless - Basic & Advanced
7. You may also wish to set the admin password and administration connection options. These are on the
Admin Login screen accessed from the Management menu. See Chapter 6 for details of the screens and features available on the Management menu.
8. Use the Apply/Restart button on the menu to apply your changes and restart the Wireless Access Point. Setup is now complete. Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 for details.
Wireless Access Point User Guide
12
Setup using a Web Browser
Your Browser must support JavaScript. The configuration program has been tested on the following
browsers:
Netscape V4.08 or later
Internet Explorer V4 or later
Setup Procedure
Before commencing, install the Wireless Access Point in your LAN, as described previously.
1. Check the Wireless Access Point to determine its Default Name. This is shown on a label on the base or
rear, and is in the following format: SCxxxxxx Where xxxxxx is a set of 6 Hex characters ( 0 ~ 9, and A ~ F ).
2. Use a PC which is already connected to your LAN, either by a wired connection or another Access Point.
Until the Wireless Access Point is configured, establishing a Wireless connection to it may be not possible.
If your LAN contains a Router or Routers, ensure the PC used for configuration is on the same LAN segment as the Wireless Access Point.
3. Start your Web browser.
4. In the Address box, enter "HTTP://" and the Default Name of the Wireless Access Point e.g.
HTTP://SC2D631A
5. You should then see a login prompt, which will ask for a User Name and Password. Enter admin for the User Name, and password for the Password. These are the default values. The password can and should be changed. Always enter the current user name and password, as set on the Admin Login screen.
Figure 7: Password Dialog
6. You will then see the Status screen, which displays the current settings and status. No data input is possible on this screen. See Chapter 5 for details of the Status screen.
Access Point Setup
13
7. From the menu, check the following screens, and configure as necessary for your environment. Details of these screens and settings are described in the following sections of this chapter.
Access Control - MAC level access control.
Security Profiles - Wireless security.
System - Identification, location, and Network settings
Wireless - Basic & Advanced
8. You may also wish to set the admin password and administration connection options. These are on the Admin Login screen accessed from the Management menu. See Chapter 6 for details of the screens and features available on the Management menu.
9. Use the Apply/Restart button on the menu to apply your changes and restart the Wireless Access Point.
Setup is now complete. Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 for details.
If you can't connect:
It is likely that your PC’s IP address is incompatible with the Wireless Ac­cess Point’s IP address. This can happen if your LAN does not have a DHCP Server. The default IP address of the Wireless Access Point is 192.168.0.228, with a Network Mask of 255.255.255.0. If your PC’s IP address is not compatible with this, you must change your PC’s IP address to an unused value in the range 192.168.0.1 ~
192.168.0.254, with a Network Mask of 255.255.255.0. See Appendix C - Windows TCP/IP for details for this procedure.
Wireless Access Point User Guide
14
Access Control
This feature can be used to block access to your LAN by unknown or untrusted wireless stations. Click Access Control on the menu to view a screen like the following.
Figure 8: Access Control Screen
Data - Access Control Screen
Enable
Use this checkbox to Enable or Disable this feature as desired. Warning ! Ensure your own PC is in the "Trusted Wireless Stations" list before enabling this feature.
Trusted Sta­tions
This table lists any Wireless Stations you have designated as "Trusted". If you have not added any stations, this table will be empty. For each Wireless station, the following data is dis­played:
Name - the name of the Wireless station.
MAC Address - the MAC or physical address of each
Wireless station.
Connected - this indicates whether or not the Wireless station is currently associates with this Access Point.
Buttons Modify List
To change the list of Trusted Stations (Add, Edit, or Delete a Wireless Station or Stations), click this button. You will then see the Trusted Wireless Stations screen, described below.
Read from File
To upload a list of Trusted Stations from a file on your PC, click this button.
Write to File
To download the current list of Trusted Stations from the Access Point to a file on your PC, click this button.
Access Point Setup
15
Trusted Wireless Stations
To change the list of trusted wireless stations, use the Modify List button on the Access Control screen. You will see a screen like the sample below.
Figure 9: Trusted Wireless Stations
Data - Trusted Wireless Stations
Trusted Wireless Stations
This lists any Wireless Stations which you have designated as “Trusted”.
Other Wireless Stations
This list any Wireless Stations detected by the Access Point, which you have not designated as "Trusted".
Name
The name assigned to the Trusted Wireless Station. Use this when adding or editing a Trusted Station.
Address
The MAC (physical) address of the Trusted Wireless Station. Use this when adding or editing a Trusted Station.
Buttons <<
Add a Trusted Wireless Station to the list (move from the "Other Stations" list).
Select an entry (or entries) in the "Other Stations" list, and click the " << " button.
Enter the Address (MAC or physical address) of the wireless station, and click the "Add " button.
>>
Delete a Trusted Wireless Station from the list (move to the "Other Stations" list).
Select an entry (or entries) in the "Trusted Stations" list.
Click the " >> " button.
Select All
Select all of the Stations listed in the "Other Stations" list.
Select None
De-select any Stations currently selected in the "Other Sta­tions" list.
Wireless Access Point User Guide
16
Edit
To change an existing entry in the "Trusted Stations" list, select it and click this button.
1. Select the Station in the "Trusted Station" list.
2. Click the "Edit" button. The address will be copied to the "Address" field, and the "Add" button will change to "Up­date".
3. Edit the address (MAC or physical address) as required.
4. Click "Update" to save your changes.
Add
To add a Trusted Station which is not in the "Other Wireless Stations" list, enter the required data and click this button.
Clear
Clear the Name and Address fields.
Access Point Setup
17
Security Profiles
Security Profiles contain the SSID and all the security settings for Wireless connections to this Access Point.
Up to eight (8) Security Profiles can be defined.
Up to four (4) Security Profiles can be enabled at one time, allowing up to 4 different SSIDs to be used
simultaneously.
Figure 10: Security Profiles Screen
Wireless Access Point User Guide
18
Data - Security Profiles Screen
Profile Profile List
All available profiles are listed. For each profile, the following data is displayed:
* If displayed before the name of the profile, this indicates the profile is currently enabled. If not displayed, the pro­file is currently disabled.
Profile Name The current profile name is displayed.
[SSID] The current SSID associated with this profile.
Security System The current security system (e.g. WPA-PSK) is dis­played.
[Band] The Wireless Band (2.4 GHz, 5GHz) for this profile is dis­played. Profiles may be assigned to either or both Wireless Bands.
Buttons
Enable - Enable the selected profile.
Configure - Change the settings for the selected profile.
Disable - Disable the selected profile.
Primary Profile
802.11b/g AP Mode
Select the primary profile for 802.11b and 802.11g (2.4 GHz band) AP mode. Only enabled profiles are listed. The SSID associated with this profile will be broadcast if the "Broadcast SSID" setting on the Basic screen is enabled.
802.11b/g Bridge Mode
Select the primary profile for 802.11b and 802.11g (2.4 GHz band) Bridge Mode. This setting determines the SSID and security settings used for the Bridge connection to the remote AP.
Isolation No Isolation
If this option is selected, wireless clients using different profiles (different SSIDs) are not isolated from each other, so they will be able to communicate with each other.
Isolate all…
If this option is selected, wireless clients using different profiles (different SSIDs) are isolated from each other, so they will NOT be able to communicate with each other. They will still be able to communicate with other clients using the same profile, unless the "Wireless Separation" setting on the "Advanced" screen has been enabled.
Access Point Setup
19
Use VLAN
This option is only useful if the hubs/switches on your LAN support the VLAN (802.1Q) standard. When VLAN is used, you must select the desired VLAN for each security profile when configuring the profile. (If VLAN is not selected, the VLAN setting for each profile is ignored.) Click the Configure VLAN button to configure the IDs used by each VLAN. See below for further details.
VLAN Configuration Screen
This screen is accessed via the Configure VLAN button on the Security Profiles screen.
The settings on this screen will be ignored unless the Use VLAN option on the Security Profiles screen is selected.
If using the VLAN option, these setting determine which VLAN traffic is assigned to.
Figure 11: VLAN Configuration
Data - VLAN Configuation Screen
Profile
Each profile is listed by name.
VLAN ID
Enter the ID for the required VLAN. All traffic using this profile will be assigned to this VLAN.
VLAN - AP Traffic No VLAN Tag
Traffic generated by this AP will not have a VLAN tag (no VLAN ID).
Wireless Access Point User Guide
20
Replicate packets on…
If selected, each packet generated by this AP will be sent over each active VLAN, as defined in the client VLAN table above. This requires that each packet be replicated (up to 8 times). This has a detrimental effect on performance, so should only be used if necessary.
Specified VLAN ID
If selected, you can enter the desired VLAN ID. Normally, this ID should be one of the client VLAN IDs defined above.
Access Point Setup
21
Security Profile Screen
This screen is displayed when you select a Profile on the Security Profiles screen, and click the Configure button.
Figure 12: Security Profile Screen
Profile Data
Enter the desired settings for each of the following:
Profile Name
Enter a suitable name for this profile.
SSID
Enter the desired SSID. Each profile must have a unique SSID.
Wireless Band
Select the wireless band or bands for this profile. If your Wireless Access Point only has a single band, then only 1 option is available.
Security Settings
Select the desired option, and then enter the settings for the selected method. The available options are:
None - No security is used. Anyone using the correct SSID can connect to your network.
WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption system is not
very strong.
WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes frequently. (8 ~ 63 characters)
WPA2-PSK - This is a further development of WPA-PSK, and offers even greater security, using the AES (Advanced Encryption Standard) method of encryption. (8 ~ 63 characters)
WPA-PSK and WPA2-PSK - This method, sometimes called "Mixed Mode", allows clients to use EITHER WPA-PSK (with TKIP) OR WPA2-PSK (with AES). (8 ~ 63 characters)
Wireless Access Point User Guide
22
WPA with Radius - This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA stan­dard. If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when required.
All data transmission is encrypted using the WPA standard. Keys are automatically generated, so no
key input is required.
WPA2 with Radius - This version of WPA2 requires a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA2 standard. If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must authenticate on the Radius Server. This is usually done using digital certificates.
Each user's wireless client must support 802.1x and provide the Radius authentication data when
required.
All data transmission is encrypted using the WPA2 standard. Keys are automatically generated, so
no key input is required.
WPA and WPA2 with Radius - EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using EITHER WPA or WPA2 standard. If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must authenticate on the Radius Server. This is usually done using digital certificates.
Each user's wireless client must support 802.1x and provide the Radius authentication data when
required.
All data transmission is encrypted using EITHER WPA or WPA2 standard. Keys are automatically
generated, so no key input is required.
802.1x - This uses the 802.1x standard for client authentication, and WEP for data encryption. If possible, you should use WPA-802.1x instead, because WPA encryption is much stronger than WEP encryption. If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when required.
All data transmission is encrypted using the WEP standard. You only have to select the WEP key
size; the WEP key is automatically generated.
Access Point Setup
23
Security Settings - None
Figure 13: Wireless Security - None
No security is used. Anyone using the correct SSID can connect to your network. The only settings available from this screen are Radius MAC Authentication and UAM (Universal Access Method).
Radius MAC Authentication
Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server. If you don't have a Radius Server, you cannot use this feature.
Using MAC authentication
1. Ensure the Wireless Access Point can login to your Radius Server.
Add a RADIUS client on the RADIUS server, using the IP address or name of the Wireless Access
Point, and the same shared key as entered on the Wireless Access Point.
Ensure the Wireless Access Point has the correct address, port number, and shared key for login to
your Radius Server. These parameters are entered either on the Security page, or the Radius- based MAC authentication sub-screen, depending on the security method used.
On the Access Point, enable the Radius-based MAC authentication feature on the screen below.
2. Add Users on the Radius server as required. The username must be the MAC address of the Wireless client you wish to allow, and the password must be blank.
3. When clients try to associate with the Access Point, their MAC address is passed to the Radius Server for authentication.
If successful, "
xx:xx:xx:xx:xx:xx MAC authentication" is entered in the log, and client station status would
show as “authenticated” on the station list table;
If not successful, "
xx:xx:xx:xx:xx:xx MAC authentication failed" is entered in the log, and station status is
shown as "authenticating" on the station list table.
Wireless Access Point User Guide
24
Radius-based MAC authentication Screen
This screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again. Otherwise, you must enter the details of your Radius Server on this screen.
Figure 14: Radius-based MAC Authentication Screen
Data - Radius-based MAC Authentication Screen
Enable ...
Enable this if you wish to Radius-based MAC authentication.
Radius Server Address
If this field is visible, enter the name or IP address of the Radius Server on your network.
Radius Port
If this field is visible, enter the port number used for connec­tions to the Radius Server.
Client Login Name
If this field is visible, it displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server.
Shared Key
If this field is visible, it is used for the Client Login on the Ra­dius Server. Enter the key value to match the value on the Radius Server.
WEP Key
If this field is visible, it is for the WEP key used to encrypt data transmissions to the Radius Server. Enter the desired key value in HEX, and ensure the Radius Server has the same value.
WEP Key Index
If this field is visible, select the desired key index. Any value can be used, provided it matches the value on the Radius Server.
Access Point Setup
25
UAM
UAM (Universal Access Method) is intended for use in Internet cafes, Hot Spots, and other sites where the Access Point is used to provide Internet Access. If enabled, then HTTP (TCP, port 80) connections are checked. (UAM only works on HTTP connections; all other traffic is ignored.) If the user has not been authenticated, Internet access is blocked, and the user is re­directed to another web page. Typically, this web page is on your Web server, and explains how to pay for and obtain Internet access. To use UAM, you need a Radius Server for Authentication. The "Radius Server Setup" must be completed before you can use UAM. The required setup depends on whether you are using “Internal” or “External” authentication.
Internal authentication uses the web page built into the Wireless Access Point.
External authentication uses a web page on your Web server. Generally, you should use External
authentication, as this allows you to provide relevant and helpful information to users.
UAM authentication - Internal
1. Ensure the Wireless Access Point can login to your Radius Server.
Add a RADIUS client on RADIUS server, using the IP address or name of the Wireless Access Point,
and the same shared key as entered on the Wireless Access Point.
Ensure the Wireless Access Point has the correct address, port number, and shared key for login to
your Radius Server. These parameters are entered either on the Security page, or the UAM sub­screen, depending on the security method used.
2. Add users on your RADIUS server as required, and allow access by these users.
3. Client PCs must have the correct Wireless settings in order to associate with the Wireless Access Point.
4. When an associated client tries to use HTTP (TCP, port 80) connections, they will be re-directed to a user login page.
5. The client (user) must then enter the user name and password, as defined on the Radius Server. (You must provide some system to let users know the correct name and password to use.)
6. If the user name and password is correct, Internet access is allowed. Otherwise, the user remains on the login page.
Clients which pass the authentication are listed as "
xx:xx:xx:xx:xx:xx WEB authentication" in the log ta-
ble, and station status would show as "Authenticated" on the station list table.
If a client fails authentication, "
xx:xx:xx:xx:xx:xx WEB authentication failed" shown in the log, and station
status is shown as "Authenticating" on the station list table.
UAM authentication - External
1. Ensure the Wireless Access Point can login to your Radius Server.
Add a RADIUS client on RADIUS server, using the IP address or name of the Wireless Access Point,
and the same shared key as entered on the Wireless Access Point.
Ensure the Wireless Access Point has the correct address, port number, and shared key for login to
your Radius Server. These parameters are entered either on the Security page, or the UAM sub­screen, depending on the security method used.
Wireless Access Point User Guide
26
2. On your Web Server, create a suitable welcome page.
The welcome page must have a link or button to allow the user to input their user name and password on the uamlogon.htm page on the Access Point.
3. On the Access Point’s UAM screen, select External Web-based Authentication, and enter the URL for the welcome page on your Web server.
4. Add users on your RADIUS server as required, and allow access by these users.
5. Client PCs must have the correct Wireless settings in order to associate with the Wireless Access Point.
6. When an associated client tries to use HTTP (TCP, port 80) connections, they will be re-directed to the welcome page on your Web Server. They must then click the link or button in order to reach the Access Point’s login page.
7. The client (user) must then enter the user name and password, as defined on the Radius Server. (You must provide some system to let users know the correct name and password to use.)
8. If the user name and password is correct, Internet access is allowed. Otherwise, the user remains on the login page.
Clients which pass the authentication are listed as "
xx:xx:xx:xx:xx:xx WEB authentication" in the log ta-
ble, and station status would show as "Authenticated" on the station list table.
If a client fails authentication, "
xx:xx:xx:xx:xx:xx WEB authentication failed" is shown in the log, and sta-
tion status is shown as "Authenticating" on the station list table.
UAM Screen
The UAM screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again.
Figure 15: UAM Screen
Data - UAM Screen
Enable
Enable this if you wish to use this feature. See the section above for details of using UAM.
Loading...
+ 88 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use