LevelOne EAP-200 User Manual

LevelOne

EAP-200

Enterprise Access Point

User Manual

V1.00

Table of Contents

1. Before You Start ............................................................................................................................. 3

1.1 Preface ........................................................................................................................................................... 3

1.2 Document Conventions .............................................................................................................................. 3

1.3 Package Content .......................................................................................................................................... 4

2. System Overview and Getting Started ................................................................................... 5

2.1 Introduction of LevelOne EAP-200 .......................................................................................................... 5

2.2 Deployment Topology ................................................................................................................................ 6

2.3 Hardware Description ................................................................................................................................ 7

2.4 Hardware Installation ................................................................................................................................ 9

2.5 Console Interface ...................................................................................................................................... 10

2.6 Access Web Management Interface ....................................................................................................... 12

3. Connect your AP to your Network ........................................................................................ 16

4. Adding Virtual Access Points .................................................................................................. 22

5. Secure Your AP ............................................................................................................................. 24

6. Create a WDS Bridge between two APs .............................................................................. 33

7. Web Management Interface Configuration ...................................................................... 35

7.1 System ......................................................................................................................................................... 37

7.1.1 General ............................................................................................................................................................ 37

7.1.2 Network Interface .......................................................................................................................................... 39

7.1.3 Management................................................................................................................................................... 40

7.1.4 GRE Tunnel .................................................................................................................................................... 42

7.1.5 CAPWAP ......................................................................................................................................................... 43

7.2 Wireless ...................................................................................................................................................... 45

7.2.1 VAP Overview ................................................................................................................................................ 45

7.2.2 General ........................................................................................................................................................... 48

7.2.3 VAP Configuration ........................................................................................................................................ 50

7.2.4 Security ........................................................................................................................................................... 51

7.2.5 Repeater ......................................................................................................................................................... 55

7.2.6 Advanced ........................................................................................................................................................ 57

7.2.7 Access Control ............................................................................................................................................... 59

7.2.8 Site Survey ..................................................................................................................................................... 63

7.3 Firewall ....................................................................................................................................................... 65

7.3.1 Firewall List .................................................................................................................................................... 65

7.3.2 Service ............................................................................................................................................................ 69

7.3.3 Advanced ........................................................................................................................................................ 70

7.4 Utilities ....................................................................................................................................................... 71

7.4.1 Change Password ........................................................................................................................................... 71

7.4.2 Backup & Restore .......................................................................................................................................... 72

7.4.3 System Upgrade ............................................................................................................................................ 73

7.4.4 Reboot ............................................................................................................................................................ 74

7.4.4 Upload Certificate ......................................................................................................................................... 75

7.5 Status .......................................................................................................................................................... 76

7.5.1 Overview ......................................................................................................................................................... 76

7.5.2 Associated Clients ......................................................................................................................................... 78

7.5.3 Repeater ......................................................................................................................................................... 79

7.5.4 Event Log ....................................................................................................................................................... 80

7.6 Online Help ................................................................................................................................................ 81

About 4ipnet

The LevelOne Secure WLAN Controller series is powered by 4ipnet. LevelOne is partnered with 4ipnet to deliver most feature-rich product yet simple deployment in wireless networking infrastructure solution.

4ipnet is a leading provider of wireless networking solution for manageable, reliable, and secure wireless access. In an effort to meet changing market demands at the least possible cost, 4ipnet delivers a diverse array of turnkey, high-performance products and mission-critical applications to bring reliability and manageability to increasingly complex wireless networks.

4ipnet’s complete WLAN infrastructure solution portfolio addresses the needs of different network operation environments ranging from the ISP to the SOHO, with an emphasis on simplified network deployment, centralized network management, and enhanced network performance.

Article I. Before You Start

Section 1.01 1.1 Preface

This manual is intended for system integrators, field engineers, and network administrators to set up LevelOne’s EAP-200 802.11n/b/g 2.4GHz MIMO Access Point in their network environments. It contains step-by-step procedures and visual examples to guide MIS staff or individuals with basic network system knowledge to complete the installation.

Section 1.02 1.2 Document Conventions

 Note: Contains related information that corresponds to a topic.

Represents essential steps, actions, or messages that should not be ignored.

Indicates that clicking this button will save the changes you made, but you must reboot the system upon the completion of all configuration settings for the changes to take effect.

Indicates that clicking this button will clear what you have set before the settings are applied.

Section 1.03 1.3 Package Content

The standard package of EAP-200 includes:

• LevelOne EAP-200 x1

• Quick Installation Guide (QIG) x1

• CD-ROM (with User’s Manual and QIG) x1

• Console Cable x1

• Ethernet Cable x1

• Power Adapter (DC 12V) x1

• Antenna x2

• Screw Pack x1

• Ground Cable x1

It is recommended to keep the original packing materials for possible future shipment when repair or maintenance is required. Any returned product should be packed in its original packaging to prevent damage during delivery.

Article II. System Overview and

Getting Started

Section 2.01 2.1 Introduction of LevelOne EAP-200

The LevelOne EAP-200 Enterprise Access Point embedded with 802.11 n/b/g 2.4GHz MIMO radio in dust-proof metal housing is designed for wireless connectivity in enterprise or industrial environments of all dimensions. EAP-200 makes the wireless communication fast, secure and easy. It supports business grade security such as 802.1X, and Wi-Fi Protected Access (WPA and WPA2). By pushing a purposely built button, the WES (Press-n-Connect) feature makes it easy to bridge wireless links of multiple EAP-200s for forming wider wireless network coverage. EAP-200 also features multiple ESSIDs with VLAN tags and multiple Virtual APs, great for enterprise applications, such as separating the traffics of different departments using different ESSIDs. The PoE LAN port can receive power from Power over Ethernet (PoE) sourcing device. Its metal case is IP50 anti-dust compliant, which means that EAP-200 is well suited to WLAN deployment in industrial environments.

Wired and Wireless Network Layout with EAP-200s

Section 2.02 2.2 Deployment Topology

Common Network Layout with EAP-200s

This above deployment scenario illustrates a deployment example using three access points, AP-1, AP-2, and AP-3.

• Three EAP-200 systems construct a network comprising of wired and wireless segments

• AP-2 plays the role of a wireless bridge.

• All devices share the same DHCP server 192.168.1.1.

Section 2.03 2.3 Hardware Description

This section depicts the hardware information including all panel description.

Connector Panel

EAP-200 Connector Panel

1 USB Disabled for future usage only. 2 WES Press to start running WES process. 3 Console Attach the serial cable here. 4 LAN1 / LAN2 Attach the Ethernet cable here for connection with wired local networks. 5 Reset Hardware reset button, press once to reset to the system. 6 DC 12V Attach the power socket here. 7

12V

Attach the power adapter here.

Antenna Panel

EAP-200 Antenna Panel

Antenna Connector: Attach the antennas here. The system supports one RF interface

with two SMA connectors.

LED Panel

EAP-200 LED Panel

1 Power LED LED ON indicates power on; OFF indicates power off. 2 LAN LED LED ON indicates LAN cable connected; OFF indicates no connection; BLINKING

indicates transmitting data.

3 WLAN LED LED ON indicates wireless ready. 4 WDS LED LED ON indicates WDS ready. 5 WES LED To indicate WES status.

Master Slave

WES Start

WES Negotiate

LED (Green) OFF and then

BLINKING SLOWLY

BLINKING NORMALLY

(Green)

LED (Red) OFF and then

BLINKING SLOWLY

BLINKING NORMALLY

(Red)

WES Negotiate Timeout LED (Green) ON LED (Red) ON

WES Success LED (Red) ON LED (Green) ON

WES Fail LED (Green) ON LED (Red) ON

6 USB LED Disabled for future usage only.

2.4 Hardware Installation

•

Please follow the steps mentioned below to install the hardware of EAP-200:

1. Place the EAP-200 at the best location. The best location for EAP-200 is usually at the center of your intended wireless network.

2. Connect the EAP-200 to your network device. Connect one end of the Ethernet cable to LAN port of EAP-200 and the other end of the cable to a switch, a router, or a hub. EAP-200 is then connected to your existing wired LAN network.

3. There are two ways to supply power over to EAP-200. a) Connect the DC power adapter to the EAP-200 power socket. b) EAP-200 LAN port is capable of transmitting DC currents. Connect an IEEE 802.3af-compliant

PSE device (e.g. a PoE-switch) to the LAN port of EAP-200 with the Ethernet cable.

Now, the Hardware Installation is complete.

Please only use the power adapter supplied with the EAP-200 package. Using a different

power adapter may damage this system.

• To double verify the wired connection between EAP-200 and you switch / router / hub, please also check the LED status indicator of the respective network devices.

Section 2.04 2.5 Console Interface

Via this port to enter the console interface for the administrator to check the IP address of EAP-200 and reset the device to default if the admin password is forgotten.

1. In order to connect to the console port of EAP-200, a console, modem cable and a terminal simulation program, such as the Hyper Terminal are needed.

2. If a Hyper Terminal is used, please set the parameters as 115200, 8, None, 1, None.

The console interface looks like the screenshot below, displaying the current LAN IP address and the instructions to reset device to default.

When resetting the device to default from the console interface, key in “reset2def” for login and password. Confirm “yes” and EAP-200 will begin the reset process.

When the login prompt reappears, the device has completed the reset to default process and the LAN IP is reset to 192.168.1.1.

Section 2.05 2.6 Access Web Management Interface

LevelOne EAP-200 supports web-based configuration. Upon the completion of hardware installation, EAP-200 can be configured through a PC by using its web browser such as Mozilla Firefox 2.0 (and higher) or Internet Explorer version 6.0 (and higher). The default values of the EAP-200’s LAN IP Address and Subnet Mask are: IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

Example of entering EAP-200's default IP Address into a web browser

• To access the web management interface (WMI), connect the administrator PC to the LAN port of

EAP-200 via an Ethernet cable. Then, set a static IP Address on the same subnet mask as the EAP-200 in TCP/IP settings of your PC, such as the following example:

IP Address: 192.168.1.100 Subnet Mask: 255.255.255.0

 Note:

• Launch the web browser on your PC and enter the IP Address of the EAP-200 (192.168.1.1) at the

address field, and then press Enter. The following Administrator Login Page will then appear. Enter “admin” for both the Username and Password fields, and then click Login.

Please note that the IP Address used should not overlap with the IP Addresses of any other device within the same network.

Administrator Login Page

• After a successful login into EAP-200, a System Overview page of the Web Management Interface

(WMI) will appear.

The Web Management Interface - System Overview Page

• To logout, simply click on the Logout button at the upper right hand corner of the interface to return to the

Administrator Login Page. Click OK to logout.

Logout

Logout Prompt

For security reasons, it is strongly recommended to change the administrator’s password upon the completion of all configuration settings

Please follow the following steps to change the administrator’s password:

•

Change Password Page

 Click on the Utilities main menu button, and then select the Change Password tab.  Enter the old password and then a new password with a length of up to 32 characters, and retype it in

the Re-enter New Password field.

Congratulation!

Now, LevelOne’s EAP-200 is installed and configured successfully.

It is strongly recommended to make a backup copy of configuration settings.

• After the EAP-200’s network configuration is completed, please remember to change the IP Address of your PC Connection Properties back to its original settings in order to ensure that your PC functions properly in its real network environments.

Article III. Connect your AP to your

Network

The following instructions depict how to establish the wireless coverage of your network. The AP will connect to the network through its LAN port and provide wireless access to your network. After having prepared the EAP-200’s hardware for configuration, set the TCP/IP settings of administrator’s computer to have a static IP Address of 192.168.1.10 and Subnet Mask of 255.255.255.0.

Step 1: Configuring the AP’s System Information

 Enter the AP’s default IP Address (192.168.1.1) into the URL of a web browser.  Login via using Username: admin and Password: admin.

The WMI appears as shown below.

Web Management Interface Main Page (System Overview)

From here, click on the System icon to arrive at the following page. On this Page you can make entries to the Name, Description, and Location fields as well as set the device’s time.

System Information Page

There are two methods of setting up the time: Manual (indicated by the option Set Date & Time) and NTP. The default is Manual and requires individual setup every time the system starts up. Simply choose a time zone and set the time accordingly. When finished, click SAVE.

Manually Time Setup

The alternative is NTP. Upon selecting NTP under the Time field, the configuration changes to allow up to two NTP servers. Simply enter a local NTP server’s IP Address (if available) or search online for an NTP server nearest you. Set the time zone and click SAVE.

NTP Setup

Step 2: Configuring the AP’s Network Settings

While still on this Page, click on the Network Interface tab to begin configuration of the network settings.

Network Settings Page

If the deployment decides the AP will be getting dynamic IP Addresses from the connected network, set Mode to DHCP; otherwise, set Mode to Static and fill in the required fields marked with a red asterisk (IP Address, Netmask, Gateway, and Primary DNS Server) with the appropriate values for the network. Click SAVE when you are finished to save changes that have been made.

Step 3: Configure the AP’s Wireless General Settings

Click on the Wireless icon followed by the General tab. On this page we only need to choose the Band and Channel that we wish to use.

Wireless General Settings Page

On this page, select the Band with which the AP is to broadcast its signal. The rest of the fields are optional and can be configured at another time. Click SAVE if any changes have been made.

Step 4: Configuring Wireless Coverage (VAP-1)

To setup the AP’s wireless access, refer to the following VAP-1 configuration (other VAP configuration can refer to the same setup steps as done for VAP-1). Click on the Overview tab to proceed.

Virtual AP Overview Page

On this page click the hyperlink in the row and column that corresponds with VAP-1’s State. This will bring up the following page.

VAP Configuration Page (VAP-1 shown)

The desired VAP profile can be selected from the drop-down menu of Profile Name and VAP-1 configuration will serve as an example for all other VAPs. Before proceeding further, please make sure that the VAP field is Enable; afterwards, enter an ESSID to represent the WLAN associated with AP’s VAP-1. It is suggested that Profile Name is used to describe what this particular VAP will be used for; otherwise, leave it as default. VLAN ID can be chosen at another time. Click SAVE to save all changes up to this point and Reboot the system to apply these revised settings.

Congratulations!

After reboot, the AP can start to work with these revised settings.

Article IV. Adding Virtual Access

Points

EAP-200 possesses the feature of multi-ESSID; namely, it can behave as multiple virtual access points, providing different levels of services from the same physical AP device. Please click on the Wireless icon to review the VAP Overview page.

VAP Overview Page

To proceed with specific VAP configuration, click on the corresponding cell in the State column and the row of the VAP; the particular VAP’s Configuration page will then appear for further configuration.

VAP Configuration Page (VAP-1 shown)

Please select the desired VAP profile from the drop-down menu of Profile Name. Choose Enable for the VAP field. Pick a descriptive Profile Name and an appropriate ESSID for clients to associate to. A VLAN ID can be provided to indicate the traffics through this particular VAP. It may allow further management/control (e.g. access rights and Internet usage, etc) of each VAP with a management gateway. Click SAVE and then Reboot for the changes to take effect.

Article V. Secure Your AP

Different VAP may require different level of security. These instructions will guide the user through setting up different types of security for a particular VAP. Simply repeat the following steps for other VAP with security requirement.

Step 1: Ensure the intended VAP is Enabled

VAP Overview Page

On the VAP Overview page, check the table to confirm the VAP State. If it is Enabled, skip to Step 2. If not, click on to proceed with VAP Configuration for that particular VAP.

VAP Configuration Page (VAP-1 as shown for example)

Select Enable for the VAP field and click SAVE. Click the Overview tab to return to the previous table

to begin the next step.

Step 2: Configure Security Settings for your VAP

The following instructions will guide the user to set up wireless security with a specific VAP. If only restricted access of certain MAC addresses is desired, skip to the Step3. MAC restriction can be coupled with wireless security to provide extra protection. First, click on the corresponding cell in the column labeled Security Type. This hyperlink will direct the user to the following Security Settings page.

Security Settings Page (VAP-1 as shown for example)

Select the desired Security Type from the drop-down menu, which includes None, WEP, 802.1X, WPA-PSK, and WPA-RADIUS.

+ 56 hidden pages