Page 1
LevelOne
WAP - 0005
108 Mbps Wireless Access Point
User’s Manual
Page 2
TABLE OF CONTENTS
CHAPTER 1 INTRODUCTION .............................................................................................1
Features of your Wireless Access Point........................................................................... 1
Package Contents ..............................................................................................................3
Physical Details.................................................................................................................. 3
CHAPTER 2 INSTALLATION............................................................................................... 5
Requirements..................................................................................................................... 5
Procedure ........................................................................................................................... 5
CHAPTER 3 ACCESS POINT SETUP .................................................................................. 7
Overview ............................................................................................................................ 7
Setup using the Windows Utility...................................................................................... 7
Setup using a Web Browser............................................................................................ 10
System Screen .................................................................................................................. 13
Access Control ................................................................................................................. 14
Wireless Screens .............................................................................................................. 17
Basic Settings Screen....................................................................................................... 17
Security Settings .............................................................................................................. 20
Advanced Settings ........................................................................................................... 33
CHAPTER 4 PC AND SERVER CONFIGURATION .......................................................35
Overview ..........................................................................................................................35
Using WEP .......................................................................................................................35
Using WPA-PSK.............................................................................................................. 36
Using WPA-802.1x ..........................................................................................................37
802.1x Server Setup (Windows 2000 Server)................................................................ 38
802.1x Client Setup on Windows XP ............................................................................. 48
Using 802.1x Mode (without WPA) ...............................................................................54
CHAPTER 5 OPERATION AND STATUS ......................................................................... 55
Operation ......................................................................................................................... 55
Status Screen.................................................................................................................... 55
CHAPTER 6 OTHER SETTINGS & FEATURES .............................................................61
Overview ..........................................................................................................................61
Admin Login Screen........................................................................................................ 61
Config File........................................................................................................................ 63
SNMP ............................................................................................................................... 64
Firmware Upgrade.......................................................................................................... 65
i
Page 3
APPENDIX A SPECIFICATIONS .......................................................................................66
Wireless Access Point...................................................................................................... 66
APPENDIX B TROUBLESHOOTING ................................................................................70
Overview ..........................................................................................................................70
General Problems............................................................................................................ 70
APPENDIX C WINDOWS TCP/IP....................................................................................... 72
Overview ..........................................................................................................................72
Checking TCP/IP Settings - Windows 9x/ME: ............................................................. 72
Checking TCP/IP Settings - Windows NT4.0 ...............................................................74
Checking TCP/IP Settings - Windows 2000.................................................................. 76
Checking TCP/IP Settings - Windows XP .................................................................... 78
APPENDIX D ABOUT WIRELESS LANS.......................................................................... 80
Overview ..........................................................................................................................80
Wireless LAN Terminology............................................................................................ 80
APPENDIX E COMMAND LINE INTERFACE ................................................................ 83
Overview ..........................................................................................................................83
Command Reference....................................................................................................... 84
P/N: 9560N900A0
Copyright 2004. All Rights Reserved.
Document Version: 1.1
All trademarks and trade names are the properties of their respective owners.
ii 1
Page 4
Chapter 1
Introduction
This Chapter provides an overview of the Wireless Access Point's features
and capabilities.
Congratulations on the purchase of your new Wireless Access Point. The Wireless Access
Point links your 802.11g or 802.11b Wireless Stations to your wired LAN. The Wireless
stations and devices on the wired LAN are then on the same network, and can communicate
with each other without regard for whether they are connected to the network via a Wireless or
wired connection.
1
Figure 1: Wireless Access Point
The auto-sensing capability of the Wireless Access Point allows packet transmission up to
54Mbps for maximum throughput, or automatic speed reduction to lower speeds when the
environment does not permit maximum throughput.
Features of your Wireless Access Point
The Wireless Access Point incorporates many advanced features, carefully designed to provide
sophisticated functions while being easy to use.
Standards Compliant. The Wireless Router complies with the IEEE802.11g (DSSS)
•
specifications for Wireless LANs.
•
Supports both 802.11b and 802.11g Wireless Stations. The 802.11g standard
provides for backward compatibility with the 802.11b standard, so both 802.11b and
802.11g Wireless stations can be used simultaneously.
• 108Mbps Wireless Connections. On both the 2.4GHz (802.11b & 802.11g) and 5GHz
(802.11a) bands, 108Mbps connections are available to compatible clients.
•
Simple Configuration. If the default settings are unsuitable, they can be changed
quickly and easily.
Page 5
Wireless Access Point User Guide
•
DHCP Client Support. Dynamic Host Configuration Protocol provides a dynamic IP
address to PCs and other devices upon request. The Wireless Access Point can act as a
DHCP Client, and obtain an IP address and related information from your existing DHPC
Server.
•
Upgradeable Firmware. Firmware is stored in a flash memory and can be upgraded
easily, using only your Web Browser.
•
PoE Support. You can user PoE (Power over Ethernet) to provide power to the Wireless
Access Point, so only a single cable connection is required.
Security Features
• WEP support. Support for WEP (Wired Equivalent Privacy) is included. Both 64 Bit
and 128 Bit keys are supported.
•
WPA support. Support for WPA is included. WPA is more secure than WEP, and
should be used if possible. Both TKIP and AES encryption methods are supported.
•
802.1x Support. Support for 802.1x mode is included, providing for the industrial-
strength wireless security of 802.1x authentication and authorization.
•
Radius Client Support. The Wireless Access Point can login to your existing Radius
Server (as a Radius client).
•
Radius MAC Authentication. You can centralize the checking of Wireless Station
MAC addresses by using a Radius Server.
Dynamic WEP key Support. In 802.1x mode, either fixed or Dynamic WEP keys can
•
be used.
•
Access Control. The Access Control feature can check the MAC address of Wireless
clients to ensure that only trusted Wireless Stations can use the Wireless Access Point to
gain access to your LAN.
• Password - protected Configuration. Optional password protection is provided to
prevent unauthorized users from modifying the configuration data and settings.
Advanced Features
• Command Line Interface. If desired, the command line interface (CLI) can be used for
configuration. This provides the possibility of creating scripts to perform common configuration changes.
• NetBIOS & WINS Support. Support for both NetBIOS broadcast and WINS (Win-
dows Internet Naming Service) allows the Wireless Access Point to easily fit into your
existing Windows network.
• Radius Accounting Support. If you have a Radius Server, you can use it to provide
accounting data on Wireless clients.
•
SNMP Support. SNMP (Simple Network Management Protocol) is supported, allowing
you to use a SNMP program to manage the Wireless Access Point.
• UAM Support. The Wireless Access Point supports UAM (Universal Access Method),
making it suitable for use in Internet cafes and other sites where user access time must be
accounted for.
• WDS Support. Support for WDS (Wireless Distribution System) allows the Wireless
Access Point to act as a Wireless Bridge. Both Point-to-Point and Multi-Point Bridge
modes are supported.
2
Page 6
Introduction
Package Contents
The following items should be included:
• Wireless Access Point
• Power Adapter
• Quick Start Guide
• CD-ROM containing the on-line manual and setup utility.
If any of the above items are damaged or missing, please contact your dealer immediately.
Physical Details
Front Panel LEDs
Figure 2: Front Panel
Status On - Error condition.
Off - Normal operation.
Blinking - During start up, and when the Firmware is being upgraded.
Power On - Normal operation.
Off - No power
LAN On - The LAN (Ethernet) port is active.
Off - No active connection on the LAN (Ethernet) port.
Flashing - Data is being transmitted or received via the corresponding
LAN (Ethernet) port.
Wireless
LAN
On -
Idle
Off - Error- Wireless connection is not available.
Flashing - Data is being transmitted or received via the Wireless access
point. Data includes "network traffic" as well as user data.
3
Page 7
Wireless Access Point User Guide
Rear Panel
Figure 3 Rear Panel
Antenna
Console port
Reset Button
Ethernet
Power port
One antenna (aerial) is supplied. Best results are usually obtained with
the antenna in a vertical position.
DB9 female RS232 port.
This button has two (2) functions:
• Reboot. When pressed and released, the Wireless Access Point
will reboot (restart).
• Reset to Factory Defaults. This button can also be used to clear
ALL data and restore ALL settings to the factory default values.
To Clear All Data and restore the factory default values:
1. Power Off the Access Point
2. Hold the Reset Button down while you Power On the Access
Point.
3. Continue holding the Reset Button until the Status (Red) LED
blinks TWICE.
4. Release the Reset Button.
The factory default configuration has now been restored, and the
Access Point is ready for use.
Use a standard LAN cable (RJ45 connectors) to connect this port to a
10BaseT or 100BaseT hub on your LAN.
Connect the supplied power adapter here.
4 5
Page 8
Chapter 2
Installation
This Chapter covers the physical installation of the Wireless Access Point.
2
Requirements
Requirements:
• TCP/IP network
• Ethernet cable with RJ-45 connectors
• Installed Wireless network adapter for each PC that will be wirelessly connected to the
network
Procedure
1. Select a suitable location for the installation of your Wireless Access Point. To maximize
reliability and performance, follow these guidelines:
• Use an elevated location, such as wall mounted or on the top of a cubicle.
• Place the Wireless Access Point near the center of your wireless coverage area.
• If possible, ensure there are no thick walls or metal shielding between the Wireless
Access Point and Wireless stations. Under ideal conditions, the Wireless Access Point
has a range of around 150 meters (450 feet). The range is reduced, and transmission
speed is lower, if there are any obstructions between Wireless devices.
Figure 4: Installation Diagram
2. Use a standard LAN cable to connect the “Ethernet” port on the Wireless Access Point to
a 10/100BaseT hub on your LAN.
Page 9
Wireless Access Point User Guide
3. Connect the supplied power adapter to the Wireless Access Point and a convenient power
outlet, and power up.
NOTE: If you wish to use PoE (Power over Ethernet), refer to the following section.
4. Check the LEDs:
• The Status LED should flash, then turn OFF.
• The Power, WLAN, and LAN LED should be ON.
For more information, refer to Front Panel LEDs in Chapter 1.
Using PoE (Power over Ethernet)
The Wireless Access Point supports PoE (Power over Ethernet). To use PoE:
1. Do not connect the supplied power adapter to the Wireless Access Point.
2. Connect one end of a standard (category 5) LAN cable to the Ethernet port on the Wireless Access Point.
3. Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE
Adapter. (24V DC, 500mA)
4. Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch.
5. Connect the power supply to the PoE adapter and power up.
6. Check the LEDs on the Wireless Access Point to see it is drawing power via the Ethernetconnection.
Figure 5: Using PoE (Power over Ethernet)
6 7
Page 10
Chapter 3
Access Point Setup
This Chapter provides details of the Setup process for Basic Operation of
your Wireless Access Point.
3
Overview
This chapter describes the setup procedure to make the Wireless Access Point a valid device
on your LAN, and to function as an Access Point for your Wireless Stations.
Wireless Stations may also require configuration. For details, see Chapter 4 - Wireless Station
Configuration.
The Wireless Access Point can be configured using either the supplied Windows utility or your
Web Browser
Setup using the Windows Utility
A simple Windows setup utility is supplied on the CD-ROM. This utility can be used to assign
a suitable IP address to the Wireless Access Point. Using this utility is recommended, because
it can locate the Wireless Access Point even if it has an invalid IP address.
Installation
1. Insert the supplied CD-ROM in your drive.
2. If the utility does not start automatically, run the SETUP program in the root folder.
3. Follow the prompts to complete the installation.
Main Screen
• Start the program by using the icon created by the setup program.
• When run, the program searches the network for all active Wireless Access Points, then
lists them on screen, as shown by the example below.
Page 11
Wireless Access Point User Guide
Figure 6: Management utility Screen
Wireless Access Points
The main panel displays a list of all Wireless Access Points found on the network. For each
Access Point, the following data is shown:
Server Name
IP address
MAC Address
IEEE Standard
The Server Name is shown on a sticker on the base of the device.
The IP address for the Wireless Access Point.
The hardware or physical address of the Wireless Access Point.
The wireless standard or standards used by the Wireless Access Point
(e.g. 802.11b, 802.11g)
FW Version
Description
The current Firmware version installed in the Wireless Access Point.
Any extra information for the Wireless Access Point, entered by the
administrator.
Note: If the desired Wireless Access Point is not listed, check that the device is installed and
ON, then update the list by clicking the Refresh button.
Buttons
Refresh
Detail Info
Web Management
Set IP Address
Click this button to update the Wireless Access Point device listing
after changing the name or IP Address.
When clicked, additional information about the selected Access
Point will be displayed.
Use this button to connect to the Wireless Access Point's Webbased management interface.
Click this button if you want to change the IP Address of the
Wireless Access Point.
Exit
Exit the Management utility program by clicking this button.
8
Page 12
Setup
Setup Procedure
1. Select the desired Wireless Access Point.
2. Click the Set IP Address button.
3. If prompted, enter the user name and password. The default values are admin for the
User Name, and password for the Password.
4. Ensure the IP address, Network Mask, and Gateway are correct for your LAN. Save any
changes.
5. Click the Web Management button to connect to the selected Wireless Access Point using
your Web Browser. If prompted, enter the User Name and Password again.
6. Configure the following screens, using the on-line help if necessary.
The following section also provides more details about each of these screens.
• Wireless - Basic (Basic Wireless settings)
• Wireless - Security (Wireless Security)
• Management - Admin Login (Set login name and password)
7. Setup is now complete.
9
Page 13
Wireless Access Point User Guide
Setup using a Web Browser
Your Browser must support JavaScript. The configuration program has been tested on the
following browsers:
• Netscape V4.08 or later
• Internet Explorer V4 or later
Setup Procedure
Before commencing, install the Wireless Access Point in your LAN, as described previously.
1. Check the Wireless Access Point to determine its Default Name. This is shown on a label
on the base or rear, and is in the following format:
SCxxxxxx
Where xxxxxx is a set of 6 Hex characters ( 0 ~ 9, and A ~ F ).
2. Use a PC which is already connected to your LAN, either by a wired connection or another Access Point.
• Until the Wireless Access Point is configured, establishing a Wireless connection to it
may be not possible.
• If your LAN contains a Router or Routers, ensure the PC used for configuration is on
the same LAN segment as the Wireless Access Point.
3. Start your Web browser.
4. In the Address box, enter "HTTP://" and the Default Name of the Wireless Access Point
e.g.
HTTP://SC2D631A
5. You should then see a login prompt, which will ask for a User Name and Password.
Enter admin for the User Name, and password for the Password.
These are the default values. The password can and should be changed. Always enter the
current user name and password, as set on the Admin Login screen.
Figure 7: Password Dialog
6. You will then see the Status screen, which displays the current settings and status. No data
input is possible on this screen.
10
Page 14
7. From the menu, check the following screens, and configure as necessary for your environment. Details of these screens and settings are described in the following sections of
this chapter.
• System
• Access Control
• Wireless
• Basic
• Security
• Advanced
• Management
• Admin Login (Set login name and password)
8. Setup of the Wireless Access Point is now complete.
Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 for
details.
If you can't connect:
It is likely that your PC’s IP address is incompatible with the Wireless Access
Point’s IP address. This can happen if your LAN does not have a DHCP Server.
The default IP address of the Wireless Access Point is 192.168.0.228, with a
Network Mask of 255.255.255.0.
Setup
If your PC’s IP address is not compatible with this, you must change your PC’s IP
address to an unused value in the range 192.168.0.1 ~ 192.168.0.254, with a
Network Mask of 255.255.255.0. See Appendix C - Windows TCP/IP for details
for this procedure.
11
Page 15
Wireless Access Point User Guide
Status Screen
When you first connect, you will see the Status screen. This displays the current settings and
status of the Wireless Access Point. No data can be input on this screen.
Figure 8: Status Screen
For further details of this screen, refer to Status Screen in Chapter 5.
12
Page 16
System Screen
Click System on the menu to view a screen like the following.
Setup
Data - System Screen
Identification
Access Point
Name
Description
Country Domain
IP Address
DHCP Client
Fixed
Enter a suitable name for this Access Point.
If desired, you can enter a description for the Access Point.
Select the country or domain matching your current location.
Select this option if you have a DHCP Server on your LAN, and you
wish the Access Point to obtain an IP address automatically.
If selected, the following data must be entered.
• IP Address - The IP Address of this device. Enter an unused IP
• Subnet Mask - The Network Mask associated with the IP Address
• Gateway - The IP Address of your Gateway or Router. Enter the
• DNS - Enter the DNS (Domain Name Server) used by PCs on
Figure 9: System Screen
address from the address range on your LAN.
above. Enter the value used by other devices on your LAN.
value used by other devices on your LAN.
your LAN.
13
Page 17
Wireless Access Point User Guide
WINS
Enable WINS
WINS Server
Name/IP Address
HTTP
HTTP Port
Telnet
Enable Telnet
Management
If your LAN has a WINS server, you can enable this to have this AP
register with the WINS server.
Enter the name or IP address of your WINS server.
Enter the port number to be used when connecting to this interface.
The default value is 80.
If desired, you can enable this option. If enabled, you will able to
connect to this AP using a Telnet client. You will have to provide the
same login data (user name, password) as for a HTTP (Web) connection.
Access Control
This feature can be used to block access to your LAN by unknown or untrusted wireless
stations.
Click Access Control on the menu to view a screen like the following.
Figure 10: Access Control Screen
Data - Access Control Screen
Enable
Trusted Stations
Use this checkbox to Enable or Disable this feature as desired.
Warning ! Ensure your own PC is in the "Trusted Wireless Stations"
list before enabling this feature.
This table lists any Wireless Stations you have designated as
"Trusted". If you have not added any stations, this table will be empty.
For each Wireless station, the following data is displayed:
• MAC Address - the MAC or physical address of each Wire-
less station.
• Connected - this indicates whether or not the Wireless station
is currently associates with this Access Point.
14
Page 18
Buttons
Setup
Modify List
Read from File
Write to File
To change the list of Trusted Stations (Add, Edit, or Delete a Wireless
Station or Stations), click this button. You will then see the Trusted
Wireless Stations screen, described below.
To upload a list of Trusted Stations from a file on your PC, click this
button.
To download the current list of Trusted Stations from the Access Point
to a file on your PC, click this button.
Trusted Wireless Stations
To change the list of trusted wireless stations, use the Modify List button on the Access Control
screen. You will see a screen like the sample below.
Figure 11: Trusted Wireless Stations
Data - Trusted Wireless Stations
Trusted Wireless
Stations
Other Wireless
Stations
Address
Buttons
<<
This lists any Wireless Stations which you have designated as
“Trusted”.
This list any Wireless Stations detected by the Access Point, which
you have not designated as "Trusted".
The MAC (physical) address of the Trusted Wireless Station. Use
this when adding or editing a Trusted Station.
Add a Trusted Wireless Station to the list (move from the "Other
Stations" list).
• Select an entry (or entries) in the "Other Stations" list, and
click the " << " button.
• Enter the Address (MAC or physical address) of the wireless
station, and click the "Add " button.
15
Page 19
Wireless Access Point User Guide
>>
Select All
Select None
Edit
Add
Clear
Delete a Trusted Wireless Station from the list (move to the "Other
Stations" list).
• Select an entry (or entries) in the "Trusted Stations" list.
• Click the " >> " button.
Select all of the Stations listed in the "Other Stations" list.
De-select any Stations currently selected in the "Other Stations"
list.
To change an existing entry in the "Trusted Stations" list, select it
and click this button.
1. Select the Station in the "Trusted Station" list.
2. Click the "Edit" button. The address will be copied to the
"Address" field, and the "Add" button will change to "Update".
3. Edit the address (MAC or physical address) as required.
4. Click "Update" to save your changes.
To add a Trusted Station which is not in the "Other Wireless
Stations" list, enter the required data and click this button.
Clear the Address field.
16
Page 20
Wireless Screens
There are 3 configuration screens available:
• Basic Settings
• Security
• Advanced
Basic Settings Screen
The settings on this screen must match the settings used by Wireless Stations.
Click Basic on the menu to view a screen like the following.
Setup
Figure 12: Basic Settings Screen
Data - Basic Settings Screen
Operation
Wireless Mode
Select the desired option:
• Disable - select this if for some reason you do not this AP to
transmit or receive at all.
• 802.11b and 802.11g - this is the default, and will allow connec-
tions by both 802.11b and 802.1g wireless stations.
• 802.11b - if selected, only 802.11b connections are allowed.
802.11g wireless stations will only be able to connect if they are
fully backward-compatible with the 802.11b standard.
• 802.11g - only 802.11g connections are allowed. If you only have
802.11g, selecting this option may provide a performance improvement over using the default setting.
• Super 802.11g (108Mbps) - This uses Packet Bursting, Fast-
Frame, and Compression techniques to increase throughput. Only
clients supporting the "Atheros Super G" mode can connect at
108Mbps. However, this option is backward-compatible with
802.11ab and (standard) 802.11g.
17
Page 21
Wireless Access Point User Guide
• Dynamic Super 802.11g (108Mbps) - This uses Packet Bursting,
FastFrame, Compression, and "Channel Bonding" (using 2 channels) to increase throughput. Only clients supporting the "Atheros
Super G" mode can connect at 108Mbps, and they will only use
this speed when necessary. Howerver, this option is backwardcompatible with 802.11b and (standard) 802.11g.
• Static Super 802.11g (108Mbps) - This uses Packet Bursting,
FastFrame, Compression, and "Channel Bonding" (using 2 channels) to increase thoughput. Because "Channel Bonding" is always
used, this method is NOT compatible with 802.11b and (standard)
802.11g. Only clients supporting the "Atheros Super G" mode can
connect at 108Mbps; they will always connect at this speed. Select
this only if all wireless stations support this "Atheros Super G"
mode.
Operating Mode
Remote AP
MAC Address
Select the desired mode:
• Wireless Access Point - operate as a normal Access Point
• Client Access Point - act as a client for another Access Point. If
selected, you must provide the address (MAC address) of the other
Access Point (Remote AP).
• Repeater Access Point - act as a repeater for another Access
Point. If selected, you must provide the address (MAC address) of
the other Access Point (Remote AP).
• Point-to-Point Bridge - In this mode, the AP will communicate
ONLY with another Bridge-mode Wireless Station. You must enter the MAC address (physical address) of the other Bridge-mode
Wireless Station in the field provided. WEP can (and should) be
used to protect this communication.
• Point-to-Multi-Point Bridge - Select this only if this AP is the
"Master" for a group of Bridge-mode Wireless Stations. The other
Bridge-mode Wireless Stations must be set to Point-to-Point
Bridge mode, using this AP's MAC address. They then send all
traffic to this "Master", rather than communicate directly with
each other. WEP can (and should) be used to protect this traffic.
This is not required unless the Operating Mode is Client Access Point,
Repeater Access Point, or Point-to-Point Bridge. In these modes,
you must provide the MAC address of the other AP in this field. You
can either enter the MAC address directly, or, if the other AP is online, you can click the "Select AP" button and select from a list of
available APs.
Channel No
Current Channel
No.
SSID
If "Automatic" is selected, the Wireless Access Point will self-select a
Wireless Channel.
If you experience interference (shown by lost connections and/or slow
data transfers) you may need to experiment with different channels to
see which Channel is the best.
This displays the current channel used by the Access Point.
Enter the desired SSID. Wireless Stations must use the same SSID.
Note: The SSID is case sensitive.
18
Page 22
Setup
Broadcast SSID
If Enabled, the SSID will be broadcast to all Wireless Stations. Stations which have no SSID (or a "null" value) can then adopt the correct
SSID for connections to this Access Point.
19
Page 23
Wireless Access Point User Guide
Security Settings
Select the desired option, and then enter the settings for the selected method.
The available options are:
• None - No security is used. Anyone using the correct SSID can connect to your network.
• WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption
system is not very strong.
• WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more secure than
WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each
Wireless station. The 256Bit encryption key is derived from the PSK, and changes frequently.
• WPA-802.1x - This version of WPA requires a Radius Server on your LAN to provide the
client authentication according to the 802.1x standard. Data transmissions are encrypted
using the WPA standard.
If this option is selected:
• This Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data when re-
quired.
• All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
• 802.1x - This uses the 802.1x standard for client authentication, and WEP for data encryp-
tion. If possible, you should use WPA-802.1x instead, because WPA encryption is much
stronger than WEP encryption.
If this option is selected:
• This Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data when re-
quired.
• All data transmission is encrypted using the WEP standard. You only have to select
the WEP key size; the WEP key is automatically generated.
20
Page 24
Security Settings - None
Figure 13: Wireless Security - None
No security is used. Anyone using the correct SSID can connect to your network.
The only settings available from this screen are Radius MAC Authentication and UAM
(Universal Access Method).
Setup
Radius MAC Authentication
Radius MAC Authentication provides for MAC address checking which is centralized on your
Radius server. If you don't have a Radius Server, you cannot use this feature.
Using MAC authentication
1. Ensure the Wireless Access Point can login to your Radius Server.
• Add a RADIUS client on the RADIUS server, using the IP address or name of the
Wireless Access Point, and the same shared key as entered on the Wireless Access
Point.
• Ensure the Wireless Access Point has the correct address, port number, and shared
key for login to your Radius Server. These parameters are entered either on the
Security page, or the Radius-based MAC authentication sub-screen, depending on
the security method used.
• On the Access Point, enable the Radius-based MAC authentication feature on the
screen below.
2. Add Users on the Radius server as required. The username must be the MAC address of
the Wireless client you wish to allow, and the password must be blank.
3. When clients try to associate with the Access Point, their MAC address is passed to the
Radius Server for authentication.
• If successful, “xx:xx:xx:xx:xx:xx MAC authentication” is entered in the log, and cli-
ent station status would show as “authenticated” on the station list table;
• If not successful, “xx:xx:xx:xx:xx:xx MAC authentication failed” is entered in the
log,, and station status is shown as “authenticating” on the station list table.
21
Page 25
Wireless Access Point User Guide
Radius-based MAC authentication Screen
This screen will look different depending on the current security setting. If you have already
provided the address of your Radius server, you won't be prompted for it again. Otherwise,
you must enter the details of your Radius Server on this screen.
Figure 14: Radius-based MAC Authentication Screen
Data - Radius-based MAC Authentication Screen
Enable ...
Radius Server
Address
Radius Port
Client Login Name
Shared Key
WEP Key
WEP Key Index
Enable this if you wish to Radius-based MAC authentication.
If this field is visible, enter the name or IP address of the Radius
Server on your network.
If this field is visible, enter the port number used for connections to
the Radius Server.
If this field is visible, it displays the name used for the Client Login
on the Radius Server. This Login name must be created on the
Radius Server.
If this field is visible, it is used for the Client Login on the Radius
Server. Enter the key value to match the value on the Radius Server.
If this field is visible, it is for the WEP key used to encrypt data
transmissions to the Radius Server. Enter the desired key value (in
HEX), and ensure the Radius Server has the same value.
If this field is visible, select the desired key index. This sets which of
the previously-entered WEP keys will be used for communication
with the Radius Server. Any value can be used, provided it matches
the value on the Radius Server.
22
Page 26
Setup
UAM
UAM (Universal Access Method) is intended for use in Internet cafes, Hot Spots, and other
sites where the Access Point is used to provide Internet Access.
If enabled, then HTTP (TCP, port 80) connections are checked. (UAM only works on HTTP
connections; all other traffic is ignored.) If the user has not been authenticated, Internet access
is blocked, and the user is re-directed to another web page. Typically, this web page is on your
Web server, and explains how to pay and obtain Internet access.
To use UAM, you need a Radius Server for Authentication. The "Radius Server Setup" must
be completed before you can use UAM. The required setup depends on whether you are using
“Internal” or “External” authentication.
• Internal authentication uses the web page built into the Wireless Access Point.
• External authentication uses a web page on your Web server. Generally, you should use
External authentication, as this allows you to provide relevant and helpful information to
users.
UAM authentication - Internal
1. Ensure the Wireless Access Point can login to your Radius Server.
• Add a RADIUS client on RADIUS server, using the IP address or name of the Wire-
less Access Point, and the same shared key as entered on the Wireless Access Point.
• Ensure the Wireless Access Point has the correct address, port number, and shared
key for login to your Radius Server. These parameters are entered either on the Security page, or the UAM sub-screen, depending on the security method used.
2. Add users on your RADIUS server as required, and allow access by these users.
3. Client PCs must have the correct Wireless settings in order to associate with the Wireles
Access Point.
4. When an associated client tries to use HTTP (TCP, port 80) connections, they will be redirected to a user login page.
5. The client (user) must then enter the user name and password, as defined on the Radius
Server. (You must provide some system to let users know the correct name and password
to use.)
6. If the user name and password is correct, Internet access is allowed.
Otherwise, the user remains on the login page.
• Clients which pass the authentication are listed as “xx:xx:xx:xx:xx:xx WEB authen-
tication” in the log table, and station status would show as “Authenticated” on the
station list table.
• If a client fails authentication, “xx:xx:xx:xx:xx:xx WEB authentication failed” shown
in the log, and station status is shown as “authenticating” on the station list table.
UAM authentication – External
1. Ensure the Wireless Access Point can login to your Radius Server.
• Add a RADIUS client on RADIUS server, using the IP address or name of the Wire-
less Access Point, and the same shared key as entered on the Wireless Access Point.
• Ensure the Wireless Access Point has the correct address, port number, and shared
key for login to your Radius Server. These parameters are entered either on the Security page, or the UAM sub-screen, depending on the security method used.
2. On your Web Server, create a suitable login page. The login page must have a link or
button to allow the user to input their user name and password on the uamlogon.htm page on the Access Point.
23
Page 27
Wireless Access Point User Guide
3. On the Access Point’s UAM screen, select External Web-based Authentication, and
enter the URL for the login page on your Web server.
4. Add users on your RADIUS server as required, and allow access by these users.
5. Client PCs must have the correct Wireless settings in order to associate with the Wireles
Access Point.
6. When an associated client tries to use HTTP (TCP, port 80) connections, they will be redirected to the login page on your Web Server. They must then click the link or button in
order to reach the Access Point’s login page.
7. The client (user) must then enter the user name and password, as defined on the Radius
Server. (You must provide some system to let users know the correct name and password
to use.)
8. If the user name and password is correct, Internet access is allowed.
Otherwise, the user remains on the login page.
• Clients which pass the authentication are listed as “xx:xx:xx:xx:xx:xx WEB authen-
tication” in the log table, and station status would show as “Authenticated” on the
station list table.
• If a client fails authentication, “xx:xx:xx:xx:xx:xx WEB authentication failed” is
shown in the log, and station status is shown as “Authenticating” on the station list
table.
UAM Screen
The UAM screen will look different depending on the current security setting. If you have
already provided the address of your Radius server, you won't be prompted for it again.
Figure 15: UAM Screen
Data – UAM Screen
Enable
Internal
Web-based
Authentication
Enable this if you wish to use this feature.
If selected, then when a user first tries to access the Internet, they will
be blocked, and re-directed to the built-in login page. The logon data is
then sent to the Radius Server for authentication.
24
Page 28
Setup
External
Web-based
Authentication
Login URL
Login Failure
URL
If selected, then when a user first tries to access the Internet, they will
be blocked, and re-directed to the URL below. This needs to be on
your own local Web Server. The page must also link back to the builtin login page on this device to complete the login procedure.
Enter the URL of the page on your local Web Server you wish users to
see when they attempt to access the Internet, but are not logged in.
Enter the URL of the page on your local Web Server you wish users to
see if their login fails. (This may be the same URL as the Login URL).
Security Settings - WEP
This is the 802.11b standard. Data is encrypted before transmission, but the encryption system
is not very strong.
Data - WEP Screen
WEP
Data
Encryption
Select the desired option, and ensure your Wireless stations have the
same setting:
• 64 Bit Encryption - Keys are 10 Hex (5 ASCII) characters.
• 128 Bit Encryption - Keys are 26 Hex (13 ASCII) characters.
Figure 16: WEP Wireless Security
25
Page 29
Wireless Access Point User Guide
Authentication
Key Input
Key Value
Passphrase
Radius MAC
Authentication
UAM
Normally, you can leave this at “Automatic”, so that Wireless Stations
can use either method ("Open System" or "Shared Key".).
If you wish to use a particular method, select the appropriate value "Open System" or "Shared Key". All Wireless stations must then be set
to use the same method.
Select "Hex" or "ASCII" depending on your input method. (All keys
are converted to Hex, ASCII input is only for convenience.)
Enter the key values you wish to use. The default key, selected by the
radio button, is required. The other keys are optional. Other stations
must have matching key values.
Use this to generate a key or keys, instead of entering them directly.
Enter a word or group of printable characters in the Passphrase box
and click the "Generate Key" button to automatically configure the
WEP Key(s). If encryption strength is set to 64 bit, then each of the
four key fields will be populated with key values. If encryption
strength is set to 128 bit, then only the selected WEP key field will be
given a key value.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
See page 21 for details on using Radius MAC authentication.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
See page 23 for details on using UAM.
26
Page 30
Setup
Security Settings - WPA-PSK
Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should
be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The
256Bit encryption key is derived from the PSK, and changes frequently.
Figure 17: WPA-PSK Wireless Security
Data - WPA-PSK Screen
WPA-PSK
Network Key
WPA Encryption
Enter the key value. Data is encrypted using a 256Bit key
derived from this key. Other Wireless Stations must use the
same key.
Select the desired option. Other Wireless Stations must use the
same method.
• TKIP - Unicast (point-to-point) transmissions are en-
• TKIP + 64 bit WEP - Unicast (point-to-point) transmis-
• TKIP + 128 bit WEP - Unicast (point-to-point) transmis-
• AES - CCMP - CCMP is the most common sub-type of
crypted using TKIP, and multicast (broadcast)
transmissions are not encrypted.
sions are encrypted using TKIP, and multicast (broadcast)
transmissions are encrypted using 64 bit WEP.
sions are encrypted using TKIP, and multicast (broadcast)
transmissions are encrypted using 128 bit WEP.
AES (Advanced Encryption System). Most systems will
simply say "AES". If selected, both Unicast (point-to-point)
and multicast (broadcast) transmissions are encrypted using
AES.
27
Page 31
Wireless Access Point User Guide
Pairwise Key Update
Key Lifetime
Group Key Update
Key Lifetime
Update Group key
when any membership
terminates
Radius MAC
Authentication
UAM
This refers to the key used for point-to-point transmissions.
Enable this if you want the keys to be updated regularly.
This field determines how often Pairwise keys are dynamically
updated. Enter the desired value.
This refers to the key used for broadcast transmissions. Enable
this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically
updated. Enter the desired value.
If enabled, the Group key will be updated whenever any member leaves the group or disassociates from the Access Point.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
See page 21 for details on using Radius MAC authentication.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
See page 23 for details on using UAM.
28
Page 32
Setup
Security Settings - WPA-802.1x
This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA
standard.
If this option is selected:
• This Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data when required.
• All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
Figure 18: WPA-802.1x Wireless Security
Data - WPA-802.1x Screen
WPA-802.1x
Radius Server
Address
Radius Port
Enter the name or IP address of the Radius Server on your network.
Enter the port number used for connections to the Radius Server.
29
Page 33
Wireless Access Point User Guide
Client Login Name
Shared Key
WPA Encryption
Pairwise Key
Update
This read-only field displays the current login name, which is the
same as the name of the Access Point. The Radius Server must be
configured to accept this login.
This is used for the Client Login on the Radius Server. Enter the
key value to match the Radius Server.
Select the desired option. Other Wireless Stations must use the
same method.
• TKIP - Unicast (point-to-point) transmissions are encrypted
using TKIP, and multicast (broadcast) transmissions are not
encrypted.
• TKIP + 64 bit WEP - Unicast (point-to-point) transmissions
are encrypted using TKIP, and multicast (broadcast) transmissions are encrypted using 64 bit WEP.
• TKIP + 128 bit WEP - Unicast (point-to-point) transmissions
are encrypted using TKIP, and multicast (broadcast) transmissions are encrypted using 128 bit WEP.
• AES - CCMP - CCMP is the most common sub-type of AES
(Advanced Encryption System). Most systems will simply say
"AES". If selected, both Unicast (point-to-point) and multicast
(broadcast) transmissions are encrypted using AES.
This refers to the key used for point-to-point transmissions. Enable
this if you want the keys to be updated regularly.
Key Lifetime
Group Key Update
Key Lifetime
Update Group key
when any membership terminates
Radius Accounting
Update Report
every ...
Radius MAC
Authentication
UAM
This field determines how often Pairwise keys are dynamically
updated. Enter the desired value.
This refers to the key used for broadcast transmissions. Enable this
if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically
updated. Enter the desired value.
If enabled, the Group key will be updated whenever any member
leaves the group or disassociates from the Access Point.
Enable this if you want this Access Point to send accounting data to
the Radius Server.
If enabled, the port used by your Radius Server must be entered in
the Radius Accounting Port" field.
If Radius accounting is enabled, you can enable this and enter the
desired update interval. This Access Point will then send updates
according to the specified time period.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
See page 21 for details on using Radius MAC authentication.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
See page 23 for details on using UAM.
30
Page 34
Setup
Security Settings - 802.1x
This uses the 802.1x standard for client authentication, and WEP for data encryption. If possible, you should use WPA-802.1x instead, because WPA encryption is much stronger than
WEP encryption.
If this option is selected:
• This Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data when required.
• All data transmission is encrypted using the WEP standard. You only have to select the
WEP key size; the WEP key is automatically generated.
Data - 802.1x Screen
802.1x
Radius Server Address
Radius Port
Client Login Name
Figure 19: 802.1x Wireless Security
Enter the name or IP address of the Radius Server on your
network.
Enter the port number used for connections to the Radius
Server.
This read-only field displays the current login name, which is
the same as the name of the Access Point. The Radius Server
must be configured to accept this login.
31
Page 35
Wireless Access Point User Guide
Shared Key
WEP Key Size
Key Exchange
Key Lifetime
Radius Accounting
Update Report every ...
Radius MAC
Authentication
This is used for the Client Login on the Radius Server. Enter the
key value to match the Radius Server.
Select the desired option:
• 64 Bit - Key size is 64Bits. The keys are automatically
generated, and do not need to be entered.
• 128 Bit - Key size is 128Bits. The keys are automatically
generated, and do not need to be entered.
Enable this if you want the keys to be updated regularly.
This field determines how often keys are dynamically
updated. Enter the desired value.
Enable this if you want this Access Point to send accounting
data to the Radius Server.
If enabled, the port used by your Radius Server must be entered
in the Radius Accounting Port" field.
If Radius accounting is enabled, you can enable this and enter
the desired update interval. This Access Point will then send
updates according to the specified time period.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
UAM
See page 21 for details on using Radius MAC authentication.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
See page 23 for details on using UAM.
32
Page 36
Advanced Settings
Clicking the Advanced link on the menu will result in a screen like the following.
Setup
Figure 20: Advanced Settings
Data - Advanced Settings Screen
Basic Rate
Basic Rate Selection
Options
Wireless Separation
Worldwide Mode
(802.11d)
The Basic Rate is used for broadcasting. It does not determine
the data transmission rate, which is determined by the "Mode"
setting on the Basic screen.
Select the desired option.
Do NOT select the "802.11g" or "OFDM" options unless ALL
of your wireless clients support this. 802.11b clients will not be
able to connect to the Access Point if either of these modes is
selected.
If enabled, then each Wireless station using the Access Point is
invisible to other Wireless stations. In most business situations,
this setting should be Disabled.
Enable this setting if you wish to use this mode, and your
Wireless stations support this mode.
33
Page 37
Wireless Access Point User Guide
Parameters
Disassociated Timeout
Fragmentation
Beacon Interval
RTS/CTS Threshold
Preamble Type
Output Power Level
Antenna Selection
802.11b (2.4GHz only)
Protection Type
Short Slot Time
Protection Mode
Protection Rate
This determines how quickly a Wireless Station will be considered "Disassociated" with this AP, when no traffic is received.
Enter the desired time period.
Enter the preferred setting between 256 and 2346.
Enter the preferred setting between 0 and 3000.
Enter the preferred setting between 256 and 2346.
Select the desired preamble type.
Select the desired power output. Higher levels will give a
greater range, but are also more likely to cause interference with
other devices.
If your Access Point has only 1 antenna, there is only 1 option
available. If your Access Point has 2 antennae, select the option
which gives the best results in your location.
Select the desired option.
Enable or disable this setting as required.
Normally, this should be left at "Auto".
Select the desired option.
34 35
Page 38
Chapter 4
PC and Server Configuration
This Chapter details the PC Configuration required for each PC on the local
LAN.
4
Overview
All Wireless Stations need to have settings which match the Wireless Access Point. These
settings depend on the mode in which the Access Point is being used.
• If using WEP or WPA-PSK, it is only necessary to ensure that each Wireless station's
settings match those of the Wireless Access Point, as described below.
• For WPA-802.1x and 802.1x modes, configuration is much more complex. The Radius
Server must be configured correctly, and setup of each Wireless station is also more complex.
Using WEP
For each of the following items, each Wireless Station must have the same settings as the
Wireless Access Point.
Mode
SSID (ESSID)
Wireless
Security
On each PC, the mode must be set to Infrastructure.
This must match the value used on the Wireless Access Point.
The default value is wireless
Note! The SSID is case sensitive.
• Each Wireless station must be set to use WEP data encryption.
• The Key size (64 bit or 128 bit) must be set to match the Access
Point.
• The keys values on the PC must match the key values on the Access
Point.
Note:
On some systems, the "64 bit" key is shown as "40 bit" and "128 bit" is
shown as "104 bit". This difference arises because the key input by the
user is 24 bits less than the key size used for encryption.
Page 39
Wireless Access Point User Guide
Using WPA-PSK
For each of the following items, each Wireless Station must have the same settings as the
Wireless Access Point.
Mode
SSID (ESSID)
Wireless
Security
On each PC, the mode must be set to Infrastructure.
This must match the value used on the Wireless Access Point.
The default value is wireless
Note! The SSID is case sensitive.
On each client, Wireless security must be set to WPA-PSK.
• The Pre-shared Key entered on the Access Point must also be
entered on each Wireless client.
• The Encryption method (e.g. TKIP, AES) must be set to match the
Access Point.
36
Page 40
PC and Server Configuration
Using WPA-802.1x
This is the most secure and most complex system.
802.1x mode provides greater security and centralized management, but it is more complex to
configure.
Wireless Station Configuration
For each of the following items, each Wireless Station must have the same settings as the
Wireless Access Point.
Mode
SSID (ESSID)
802.1x
Authentication
802.1x
Encryption
On each PC, the mode must be set to Infrastructure.
This must match the value used on the Wireless Access Point.
The default value is wireless
Note! The SSID is case sensitive.
Each client must obtain a Certificate which is used for authentication for
the Radius Server.
Typically, EAP-TLS is used. This is a dynamic key system, so keys do
NOT have to be entered on each Wireless station.
Radius Server Configuration
If using WPA-802.1x mode, the Radius Server on your network must be configured as follow:
• It must provide and accept Certificates for user authentication.
• There must be a Client Login for the Wireless Access Point itself.
• The Wireless Access Point will use its Default Name as its Client Login name.
• The Shared Key, set on the Security Screen of the Access Point, must match the
Shared Secret value on the Radius Server.
• Encryption settings must be correct.
37
Page 41
Wireless Access Point User Guide
802.1x Server Setup (Windows 2000 Server)
This section describes using Microsoft Internet Authentication Server as the Radius Server,
since it is the most common Radius Server available that supports the EAP-TLS authentication
method.
The following services on the Windows 2000 Domain Controller (PDC) are also required:
• dhcpd
• dns
• rras
• webserver (IIS)
• Radius Server (Internet Authentication Service)
• Certificate Authority
Windows 2000 Domain Controller Setup
1. Run dcpromo.exe from the command prompt.
2. Follow all of the default prompts, ensure that DNS is installed and enabled during installation.
Services Installation
1. Select the Control Panel - Add/Remove Programs.
2. Click Add/Remove Windows Components from the left side.
3. Ensure that the following components are activated (selected):
• Certificate Services. After enabling this, you will see a warning that the computer
cannot be renamed and joined after installing certificate services. Select Yes to select
certificate services and continue
• World Wide Web Server. Select World Wide Web Server on the Internet Information
Services (IIS) component.
• From the Networking Services category, select Dynamic Host Configuration Protocol
(DHCP), and Internet Authentication Service (DNS should already be selected and installed).
38
Page 42
Figure 21: Components Screen
4. Click Next.
5. Select the Enterprise root CA, and click Next.
PC and Server Configuration
Figure 22: Certification Screen
6. Enter the information for the Certificate Authority, and click Next.
39
Page 43
Wireless Access Point User Guide
Figure 23: CA Screen
7. Click Next if you don't want to change the CA's configuration data.
8. Installation will warn you that Internet Information Services are running, and must be
stopped before continuing. Click Ok, then Finish.
DHCP server configuration
1. Click on the Start - Programs - Administrative Tools - DHCP
2. Right-click on the server entry as shown, and select New Scope.
Figure 24: DHCP Screen
3. Click Next when the New Scope Wizard Begins.
4. Enter the name and description for the scope, click Next.
5. Define the IP address range. Change the subnet mask if necessary. Click Next.
40
Page 44
PC and Server Configuration
Figure 25:IP Address Screen
6. Add exclusions in the address fields if required. If no exclusions are required, leave it
blank. Click Next.
7. Change the Lease Duration time if preferred. Click Next.
8. Select Yes, I want to configure these options now, and click Next.
9. Enter the router address for the current subnet. The router address may be left blank if
there is no router. Click Next.
10. For the Parent domain, enter the domain you specified for the domain controller setup, and
enter the server's address for the IP address. Click Next.
Figure 26: DNS Screen
11. If you don't want a WINS server, just click Next.
12. Select Yes, I want to activate this scope now. Click Next, then Finish.
13. Right-click on the server, and select Authorize. It may take a few minutes to complete.
41
Page 45
Wireless Access Point User Guide
Certificate Authority Setup
1. Select Start - Programs - Administrative Tools - Certification Authority.
2. Right-click Policy Settings, and select New - Certificate to Issue.
Figure 27: Certificate Authority Screen
3. Select Authenticated Session and Smartcard Logon (select more than one by holding down
the Ctrl key). Click OK.
Figure 28: Template Screen
4. Select Start - Programs - Administrative Tools - Active Directory Users and Computers.
5. Right-click on your active directory domain, and select Properties.
42
Page 46
Figure 29: Active Directory Screen
PC and Server Configuration
6. Select the Group Policy tab, choose Default Domain Policy then click Edit.
Figure 30: Group Policy Tab
7. Select Computer Configuration - Windows Settings - Security Settings - Public Key
Policies, right-click Automatic Certificate Request Settings - New - Automatic Certificate
Request.
43
Page 47
Wireless Access Point User Guide
Figure 31: Group Policy Screen
8. When the Certificate Request Wizard appears, click Next.
9. Select Computer, then click Next.
Figure 32: Certificate Template Screen
10. Ensure that your certificate authority is checked, then click Next.
11. Review the policy change information and click Finish.
12. Click Start - Run, type cmd and press enter.
Enter secedit /refreshpolicy machine_policy
This command may take a few minutes to take effect.
44
Page 48
PC and Server Configuration
Internet Authentication Service (Radius) Setup
1. Select Start - Programs - Administrative Tools - Internet Authentication Service
2. Right-click on Clients, and select New Client.
Figure 33: Service Screen
3. Enter a name for the access point, click Next.
4. Enter the address or name of the Wireless Access Point, and set the shared secret, as
entered on the Security Settings of the Wireless Access Point.
5. Click Finish.
6. Right-click on Remote Access Policies, select New Remote Access Policy.
7. Assuming you are using EAP-TLS, name the policy eap-tls, and click Next.
8. Click Add...
If you don't want to set any restrictions and a condition is required, select Day-And-Time-
Restrictions, and click Add...
Figure 34: Attribute Screen
9. Click Permitted, then OK. Select Next.
10. Select Grant remote access permission. Click Next.
45
Page 49
Wireless Access Point User Guide
11. Click Edit Profile... and select the Authentication tab. Enable Extensible Authentication
Protocol, and select Smart Card or other Certificate. Deselect other authentication meth-
ods listed. Click OK.
Figure 35: Authentication Screen
12. Select No if you don't want to view the help for EAP. Click Finish.
46
Page 50
PC and Server Configuration
Remote Access Login for Users
1. Select Start - Programs - Administrative Tools- Active Directory Users and Computers.
2. Double click on the user who you want to enable.
3. Select the Dial-in tab, and enable Allow access. Click OK.
Figure 36: Dial-in Screen
47
Page 51
Wireless Access Point User Guide
802.1x Client Setup on Windows XP
Windows XP ships with a complete 802.1x client implementation. If using Windows 2000,
you can install SP3 (Service Pack 3) to gain the same functionality.
If you don't have either of these systems, you must use the 802.1x client software provided
with your wireless adapter. Refer to your vendor's documentation for setup instructions.
The following instructions assume that:
• You are using Windows XP
• You are connecting to a Windows 2000 server for authentication.
• You already have a login (User name and password) on the Windows 2000 server.
Client Certificate Setup
1. Connect to a network which doesn't require port authentication.
2. Start your Web Browser. In the Address box, enter the IP address of the Windows 2000
Server, followed by /certsrv
e.g
http://192.168.0.2/certsrv
3. You will be prompted for a user name and password. Enter the User name and Password
assigned to you by your network administrator, and click OK.
Figure 37: Connect Screen
4. On the first screen (below), select Request a certificate, click Next.
48
Page 52
PC and Server Configuration
Figure 38: Wireless CA Screen
5. Select User certificate request and select User Certificate, the click Next.
6. Click Submit.
Figure 39: Request Type Screen
49
Page 53
Wireless Access Point User Guide
Figure 40: Identifying Information Screen
7. A message will be displayed, then the certificate will be returned to you.
Click Install this certificate.
Figure 41:Certificate Issued Screen
8. . You will receive a confirmation message. Click Yes.
50
Page 54
PC and Server Configuration
Figure 42: Root Certificate Screen
9. Certificate setup is now complete.
802.1x Authentication Setup
1. Open the properties for the wireless connection, by selecting Start - Control Panel Network Connections.
2. Right Click on the Wireless Network Connection, and select Properties.
3. Select the Authentication Tab, and ensure that Enable network access control using IEEE
802.1X is selected, and Smart Card or other Certificate is selected from the EAP type.
Figure 43: Authentication Tab
Encryption Settings
The Encryption settings must match the APs (Access Points) on the Wireless network you
wish to join.
• Windows XP will detect any available Wireless networks, and allow you to configure
each network independently.
51
Page 55
Wireless Access Point User Guide
• Your network administrator can advise you of the correct settings for each network.
802.1x networks typically use EAP-TLS. This is a dynamic key system, so there is no
need to enter key values.
Enabling Encryption
To enable encryption for a wireless network, follow this procedure:
1. Click on the Wireless Networks tab.
Figure 44: Wireless Networks Screen
2. Select the wireless network from the Available Networks list, and click Configure.
3. Select and enter the correct values, as advised by your Network Administrator.
For example, to use EAP-TLS, you would enable Data encryption, and click the checkbox
for the setting The key is provided for me automatically, as shown below.
52
Page 56
Figure 45: Properties Screen
PC and Server Configuration
Setup for Windows XP and 802.1x client is now complete.
53
Page 57
Wireless Access Point User Guide
Using 802.1x Mode (without WPA)
This is very similar to using WPA-802.1x.
The only difference is that on your client, you must NOT enable the setting The key is pro-
vided for me automatically.
Instead, you must enter the WEP key manually, ensuring it matches the WEP key used on the
Access Point.
Figure 46: Properties Screen
Note:
On some systems, the "64 bit" WEP key is shown as "40 bit" and the "128 bit" WEP key is
shown as "104 bit". This difference arises because the key input by the user is 24 bits less than
the key size used for encryption.
54 55
Page 58
Chapter 5
Operation and Status
This Chapter details the operation of the Wireless Access Point and the status
screens.
Operation
Once both the Wireless Access Point and the PCs are configured, operation is automatic.
However, you may need to perform the following operations on a regular basis.
• If using the Access Control feature, update the Trusted PC database as required. (See
Access Control in Chapter 3 for details.)
• If using 802.1x mode, update the User Login data on the Windows 2000 Server, and
configure the client PCs, as required.
Status Screen
Use the Status link on the main menu to view this screen.
5
Figure 47: Status Screen
Page 59
Wireless Access Point User Guide
Data - Status Screen
Access Point
Access Point Name
MAC Address
Domain
Firmware Version
TCP/IP
IP Address
Subnet Mask
Gateway
DHCP Client
Wireless
SSID
Channel/Frequency
Mode
The current name will be displayed.
The MAC (physical) address of the Wireless Access Point.
The region or domain, as selected on the Basic Wireless screen.
The version of the firmware currently installed.
The IP Address of the Wireless Access Point.
The Network Mask (Subnet Mask) for the IP Address above.
Enter the Gateway for the LAN segment to which the Wireless
Access Point is attached (the same value as the PCs on that LAN
segment).
This indicates whether the current IP address was obtained from a
DHCP Server on your network.
It will display "Enabled" or "Disabled".
The current SSID.
The Channel currently in use is displayed.
The current operational mode is displayed.
Security
Authentication
Encryption
Access Control
Buttons
Log
Stations
Statistics
This displays the current Authentication setting.
This displays the current Encryption setting.
This indicates whether or not the MAC-level "Access Control"
feature is enabled.
Click this to open a sub-window where you can view the activity
log.
Click this to open a sub-window where you can view the list of
all current Wireless Stations using the Access Point.
Click this to open a sub-window where you can view Statistics on
data transmitted or received by the Access Point.
56
Page 60
Activity Log
This screen is displayed when the Log button on the Status screen is clicked.
Figure 48: Activity Log Screen
Operation and Status
Data - Activity Log
Data
Current Time
Log
Buttons
Refresh
Save to file
Clear Log
The system date and time is displayed.
The Log shows details of the existing connections to the Wireless
Access Point.
Update the data on screen.
Save the log to a file on your pc.
This will delete all data currently in the Log. This will make it
easier to read new messages.
57
Page 61
Wireless Access Point User Guide
Station List
This screen is displayed when the Stations button on the Status screen is clicked.
Figure 49 Station List Screen
Data - Station List Screen
Station List
MAC Address
Mode
Status
Refresh Button
The MAC (physical) address of each Wireless Station is displayed.
The mode of each Wireless Station.
The current status of each Wireless Station is displayed.
Update the data on screen.
58
Page 62
Operation and Status
Statistics Screen
This screen is displayed when the 2.4GHz Statistics button on the Status screen is clicked. It
shows details of the traffic flowing through the Wireless Access Point.
Figure 50: Statistics Screen
Data - Statistics Screen
System Up Time
System Up Time
2.4GHz Wireless
Authentication
Deauthentication
Association
Disassociation
Reassociation
Wireless
MSDU
This indicates how long the system has been running since the last
restart or reboot.
The number of "Authentication" packets received. Authentication
is the process of identification between the AP and the client.
The number of "Deauthentication" packets received. Deauthentication is the process of ending an existing authentication relationship.
The number of "Association" packets received. Association creates
a connection between the AP and the client. Usually, clients associate with only one (1) AP at any time.
The number of "Disassociation" packets received. Disassociation
breaks the existing connection between the AP and the client.
The number of "Reassociation" packets received. Reassociation is
the service that enables an established association (between AP and
client) to be transferred from one AP to another (or the same) AP.
Number of valid Data packets transmitted to or received from
Wireless Stations, at application level.
Data
Multicast Packets
Number of valid Data packets transmitted to or received from
Wireless Stations, at driver level.
Number of Broadcast packets transmitted to or received from
Wireless Stations, using Multicast transmission.
59
Page 63
Wireless Access Point User Guide
Management
Control
Number of Management packets transmitted to or received from
Wireless Stations.
Number of Control packets transmitted to or received from Wireless Stations.
60 61
Page 64
Chapter 6
Other Settings & Features
This Chapter explains when and how to use the Wireless Access Point's
"Management" Features.
6
Overview
This Chapter covers the following features, available on the Wireless Access Point’s Management menu.
• Admin Login
• Config File
• Upgrade Firmware
Admin Login Screen
The Admin Login screen allows you to assign a password to the Wireless Access Point. This
password limits access to the configuration interface. The default password is password. It is
recommended that this be changed, using this screen.
Figure 51: Admin Login Screen
Data - Admin Login Screen
User Name
New Password
Repeat New Password
You will be prompted for the password when you connect, as shown below.
Enter the user name here
Enter the new password here
Re-enter the new password in this field.
Page 65
Wireless Access Point User Guide
Figure 52: Password Dialog
Enter the User Name and Password, as set on the Admin Login screen above.
62
Page 66
Other Settings & Features
Config File
This screen allows you to Backup (download) the configuration file, and to restore (upload) a
previously-saved configuration file.
You can also set the Wireless Access Point back to its factory default settings.
To reach this screen, select Config File in the Management section of the menu.
Data - Config File Screen
Backup
Save a copy of current settings
Restore
Restore saved settings
from a file
Defaults
Revert to factory
default settings
Click the Backup button to download the current settings to a file
on your PC.
If you have a previously-saved configuration file, you can use
this to restore those settings by uploading the file.
1. Click the Browse button and navigate to the location of the
2. Select the upgrade file. Its name will appear in the File field.
3. Click the Restore button to commence the upload.
4. The Wireless Access Point will need to restart, and will be
Use this to set the Wireless Access Point back to its factory
default settings.
• Click Set to Defaults to start the procedure.
• The Wireless Access Point will need to restart, and will be
Figure 53: Config File Screen
configuration file.
unavailable during the restart. All exiting connections will be
broken.
unavailable during the restart. All exiting connections will be
broken.
63
Page 67
Wireless Access Point User Guide
SNMP
SNMP (Simple Network Management Protocol) is only useful if you have a SNMP program
on your PC. To reach this screen, select SNMP in the Management section of the menu.
Data - SNMP Screen
General
Enable SNMP
Community
Access Rights
Managers
Any Station
Only this station
Traps
Disable
Broadcast
Use this to enable or disable SNMP as required
Enter the community string, usually either "Public" or "Private".
Select the desired option:
• Read-only - Data can be read, but not changed.
• Read/Write - Data can be read, and setting changed.
The IP address of the manager station is not checked.
The IP address is checked, and must match the address you enter in
the IP address field provided.
If selected, you must enter the IP address of the required station.
Traps are not used.
Select this to have Traps broadcast on your network. This makes
them available to any PC.
Figure 54: SNMP Screen
Send to
Trap version
Select this to have Trap messages sent to the specified PC only. If
selected, you must enter the IP Address of the desired PC.
Select the desired option, as supported by your SNMP Management
program.
64
Page 68
Other Settings & Features
Firmware Upgrade
The firmware (software) in the Wireless Access Point can be upgraded using your Web
Browser.
You must first download the upgrade file, and then select Upgrade Firmware in the Manage-
ment section of the menu. You will see a screen like the following.
Figure 55: Firmware Upgrade Screen
To perform the Firmware Upgrade:
1. Click the Browse button and navigate to the location of the upgrade file.
2. Select the upgrade file. Its name will appear in the Upgrade File field.
3. Click the Upgrade button to commence the firmware upgrade.
The Wireless Access Point is unavailable during the
upgrade process, and must restart when the upgrade is completed. Any connections to or through
the Wireless Access Point will be lost.
65 66
Page 69
Appendix A
A
Specifications
Wireless Access Point
Hardware Specifications
CPU AR2312
Radio-on-Chip AR2112
DRAM 8 Mbytes (Expand to 64MB)
Flash ROM 2 Mbytes (Expand to 8MB)
LAN port 1 x Auto-MDIX RJ 45 for 10/100Mbps Ethernet
Wireless Interface
Embedded Atheros solution
Network Standard IEEE 802.11b (Wi-Fi™) and IEEE
802.11g compliance
OFDM; 802.11b: CCK (11 Mbps, 5.5 Mbps), DQPSK (2
Mbps), DBPSK (1 Mbps)
Operating Frequencies 2.412.2.497 GHz
Operating Channels 802.11g: 13 for North America, 13
for Europe (ETSI), 14 for Japan
802.11b: 11 for North America, 14 for Japan, 13 for
Europe (ETSI)
Operating temperature
Storage temperature
Power Adapter DC 24V/500mA
Dimensions 141mm (W) x 100mm (D) x 27mm (H)
Wireless Specifications
Receive Sensitivity at 11Mbps min. -85dBm
Receive Sensitivity at 5.5Mbps min. -89dBm
Receive Sensitivity at 2Mbps min. -90dBm
Receive Sensitivity at 1Mbps min. -93dBm
Maximum Receive Level min. -5dBm
Transmit Power 18 dBm
Modulation Direct Sequence Spread Spectrum BPSK / QPSK / CCK
Throughput Up to 19 Mbps
0~55℃
-20
℃~70℃
Page 70
Operating Range Indoors
• 30 Meters (100ft.) @ 11Mbps
• 50 Meters (165ft.) @ 5.5Mbps
• 70 Meters (230ft.) @ 2Mbps
• 9 1Meters (300ft.) @ 1Mbps
Outdoors
• 152 Meters (500ft.) @ 11Mbps
• 270 Meters (885ft.) @ 5.5Mbps
• 396 Meters (1300ft.) @ 2 Mbps
• 457 Meters (1500ft.) @ 1 Mbps
Software Specifications
Feature Details
Wireless
Operation Mode
Security
Management
• Access point support
• Roaming supported
• IEEE 802.11g/11b compliance
• Supper G (up to 108Mbps)
• Auto Sensing Open System / Share Key authentication
• Wireless Channels Support
• Automatic Wireless Channel Selection
• Antenna selection
• Tx Power Adjustment
• Country Selection
• Preamble Type: long or short support
• RTS Threshold Adjustment
• Fragmentation Threshold Adjustment
• Beacon Interval Adjustment
• SSID assignment
• Common AP
• Repeater
• Client AP
• Open, shared, WPA, and WPA-PSK authentication
• 802.1x support
• EAP-TLS, EAP-TTLS, PEAP
• Block inter-wireless station communication
• Block SSID broadcast
• Web based configuration
• RADIUS Accounting
• RADIUS-On feature
• RADIUS Accounting update
• CLI
Appendix A - Specifications
67
Page 71
Wireless Access Point User Guide
• Message Log
• Access Control list file support
• Configuration file Backup/Restore
• Statistics support
• Device discovery program
• Windows Utility
Other Features
• DHCP client
• WINS client
Firmware Upgrade HTTP, FTP network protocol download
68
Page 72
Appendix A - Specifications
FCC Statement
This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation.
This equipment generates, uses and can radiate radio frequency energy and, if not installed and
used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.
If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
• Consult the dealer or an experienced radio/TV technician for help.
To assure continued compliance, any changes or modifications not expressly approved by the
party responsible for compliance could void the user's authority to operate this equipment.
(Example - use only shielded interface cables when connecting to computer or peripheral
devices).
FCC Radiation Exposure Statement
This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled
environment. This equipment should be installed and operated with a minimum distance of 20
centimeters between the radiator and your body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two
conditions:
(1) This device may not cause harmful interference, and
(2) this device must accept any interference received, including interference that may cause
undesired operation.
This transmitter must not be co-located or operating in conjunction with any other antenna or
transmitter.
69 70
Page 73
Appendix B
Troubleshooting
B
Overview
This chapter covers some common problems that may be encountered while using the Wireless
Access Point and some possible solutions to them. If you follow the suggested steps and the
Wireless Access Point still does not function properly, contact your dealer for further advice.
General Problems
Problem 1:
Solution 1:
Can't connect to the Wireless Access Point to configure it.
Check the following:
• The Wireless Access Point is properly installed, LAN connections are
OK, and it is powered ON. Check the LEDs for port status.
• Ensure that your PC and the Wireless Access Point are on the same
network segment. (If you don't have a router, this must be the case.)
• If your PC is set to "Obtain an IP Address automatically" (DHCP
client), restart it.
• You can use the following method to determine the IP address of the
Wireless Access Point, and then try to connect using the IP address, instead of the name.
Problem 2:
To Find the Access Point's IP Address
1. Open a MS-DOS Prompt or Command Prompt Window.
2. Use the Ping command to “ping” the Wireless Access Point. Enter
ping followed by the Default Name of the Wireless Access Point.
e.g.
ping SC003318
3. Check the output of the ping command to determine the IP address of
the Wireless Access Point, as shown below.
Figure 56: Ping
If your PC uses a Fixed (Static) IP address, ensure that it is using an IP
Address which is compatible with the Wireless Access Point. (If no DHCP
Server is found, the Wireless Access Point will default to an IP Address and
Mask of 192.168.0.228 and 255.255.255.0.) On Windows PCs, you can use
Control Panel-Network to check the Properties for the TCP/IP protocol.
My PC can't connect to the LAN via the Wireless Access Point.
Page 74
Appendix B - Troubleshooting
Solution 2
Check the following:
• The SSID and WEP settings on the PC match the settings on the Wire-
less Access Point.
• On the PC, the wireless mode is set to "Infrastructure"
• If using the Access Control feature, the PC's name and address is in the
Trusted Stations list.
• If using 802.1x mode, ensure the PC's 802.1x software is configured
correctly. See Chapter 4 for details of setup for the Windows XP 802.1x
client. If using a different client, refer to the vendor's documentation.
71 72
Page 75
Appendix C
Windows TCP/IP
Overview
Normally, no changes need to be made.
• By default, the Wireless Access Point will act as a DHCP client, automatically obtaining a
suitable IP Address (and related information) from your DHCP Server.
• If using Fixed (specified) IP addresses on your LAN (instead of a DHCP Server), there is
no need to change the TCP/IP of each PC. Just configure the Wireless Access Point to
match your existing LAN.
The following sections provide details about checking the TCP/IP settings for various types of
Windows, should that be necessary.
Checking TCP/IP Settings - Windows 9x/ME:
1. Select Control Panel - Network. You should see a screen like the following:
C
Figure 57: Network Configuration
2. Select the TCP/IP protocol for your network card.
3. Click on the Properties button. You should then see a screen like the following.
Page 76
Appendix C – Windows TCP/IP
Figure 58: IP Address (Win 95)
Ensure your TCP/IP settings are correct, as follows:
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default
Windows settings. To work correctly, you need a DHCP server on your LAN.
Using "Specify an IP Address"
If your PC is already configured for a fixed (specified) IP address, no changes are required.
(The Administrator should configure the Wireless Access Point with a fixed IP address from
the same address range used on the PCs.)
73
Page 77
Wireless Access Point User Guide
Checking TCP/IP Settings - Windows NT4.0
1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as
shown below.
Figure 59: Windows NT4.0 - TCP/IP
2. Click the Properties button to see a screen like the one below.
Figure 60: Windows NT4.0 - IP Address
74
Page 78
Appendix C – Windows TCP/IP
3. Select the network card for your LAN.
4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify
an IP Address, as explained below.
Obtain an IP address from a DHCP Server
This is the default Windows setting. This is the default Windows settings. To work correctly,
you need a DHCP server on your LAN.
Using "Specify an IP Address"
If your PC is already configured for a fixed (specified) IP address, no changes are required.
(The Administrator should configure the Wireless Access Point with a fixed IP address from
the same address range used on the PCs.)
75
Page 79
Wireless Access Point User Guide
Checking TCP/IP Settings - Windows 2000
1. Select Control Panel - Network and Dial-up Connection.
2. Right click the Local Area Connection icon and select Properties. You should see a screen
like the following:
Figure 61: Network Configuration (Win 2000)
3. Select the TCP/IP protocol for your network card.
4. Click on the Properties button. You should then see a screen like the following.
Figure 62: TCP/IP Properties (Win 2000)
76
Page 80
Appendix C – Windows TCP/IP
5. Ensure your TCP/IP settings are correct:
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default
Windows setting. This is the default Windows settings. To work correctly, you need a DHCP
server on your LAN.
Using a fixed IP Address ("Use the following IP Address")
If your PC is already configured for a fixed (specified) IP address, no changes are required.
(The Administrator should configure the Wireless Access Point with a fixed IP address from
the same address range used on the PCs.)
77
Page 81
Wireless Access Point User Guide
Checking TCP/IP Settings - Windows XP
1. Select Control Panel - Network Connection.
2. Right click the Local Area Connection and choose Properties. You should see a screen
like the following:
Figure 63: Network Configuration (Windows XP)
3. Select the TCP/IP protocol for your network card.
4. Click on the Properties button. You should then see a screen like the following.
Figure 64: TCP/IP Properties (Windows XP)
78
Page 82
Appendix C – Windows TCP/IP
5. Ensure your TCP/IP settings are correct.
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default
Windows setting. To work correctly, you need a DHCP server on your LAN.
Using a fixed IP Address ("Use the following IP Address")
If your PC is already configured for a fixed (specified) IP address, no changes are required.
(The Administrator should configure the Wireless Access Point with a fixed IP address from
the same address range used on the PCs.)
79 80
Page 83
Appendix D
About Wireless LANs
D
Overview
Wireless networks have their own terms and jargon. It is necessary to understand many of
these terms in order to configure and operate a Wireless LAN.
Wireless LAN Terminology
Modes
Wireless LANs can work in either of two (2) modes:
• Ad-hoc
• Infrastructure
Ad-hoc Mode
Ad-hoc mode does not require an Access Point or a wired (Ethernet) LAN. Wireless Stations (e.g. notebook PCs with wireless cards) communicate directly with each other.
Infrastructure Mode
In Infrastructure Mode, one or more Access Points are used to connect Wireless Stations
(e.g. Notebook PCs with wireless cards) to a wired (Ethernet) LAN. The Wireless Stations
can then access all LAN resources.
Access Points can only function in "Infrastructure" mode,
and can communicate only with Wireless Stations which are
set to "Infrastructure" mode.
SSID/ESSID
BSS/SSID
A group of Wireless Stations and a single Access Point, all using the same ID (SSID),
form a Basic Service Set (BSS).
Using the same SSID is essential. Devices with different SSIDs are unable to communicate with each other. However, some Access Points allow connections from Wireless
Stations which have their SSID set to “any” or whose SSID is blank ( null ).
ESS/ESSID
A group of Wireless Stations, and multiple Access Points, all using the same ID (ESSID),
form an Extended Service Set (ESS).
Different Access Points within an ESS can use different Channels. To reduce interference,
it is recommended that adjacent Access Points SHOULD use different channels.
Page 84
Appendix D – About Wireless LANs
As Wireless Stations are physically moved through the area covered by an ESS, they will
automatically change to the Access Point which has the least interference or best performance. This capability is called Roaming. (Access Points do not have or require Roaming
capabilities.)
Channels
The Wireless Channel sets the radio frequency used for communication.
• Access Points use a fixed Channel. You can select the Channel used. This allows you to
choose a Channel which provides the least interference and best performance. For 802.11g,
13 channels are available in the USA and Canada., but 11channels are available in North
America if using 802.11b.
• If using multiple Access Points, it is better if adjacent Access Points use different Chan-
nels to reduce interference. The recommended Channel spacing between adjacent Access
Points is 5 Channels (e.g. use Channels 1 and 6, or 6 and 11).
• In "Infrastructure" mode, Wireless Stations normally scan all Channels, looking for an
Access Point. If more than one Access Point can be used, the one with the strongest signal
is used. (This can only happen within an ESS.)
• If using "Ad-hoc" mode (no Access Point), all Wireless stations should be set to use the
same Channel. However, most Wireless stations will still scan all Channels to see if there
is an existing "Ad-hoc" group they can join.
WEP
WEP (Wired Equivalent Privacy) is a standard for encrypting data before it is transmitted. This
is desirable because it is impossible to prevent snoopers from receiving any data which is
transmitted by your Wireless Stations. But if the data is encrypted, then it is meaningless
unless the receiver can decrypt it.
If WEP is used, the Wireless Stations and the Wireless Access Point must have the same
settings.
WPA-PSK
Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should
be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The
256Bit encryption key is derived from the PSK, and changes frequently.
WPA-802.1x
WPA-802.1x - This version of WPA requires a Radius Server on your LAN to provide the
client authentication according to the 802.1x standard. Data transmissions are encrypted using
the WPA standard.
If this option is used:
• The Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data when required.
• All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
81
Page 85
Wireless Access Point User Guide
802.1x
This uses the 802.1x standard for client authentication, and WEP for data encryption. If possible, you should use WPA-802.1x instead, because WPA encryption is much stronger than
WEP encryption.
If this option is used:
• The Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data when required.
• All data transmission is encrypted using the WEP standard. You only have to select the
WEP key size; the WEP key is automatically generated.
82 83
Page 86
Appendix E
Command Line Interface
E
Overview
If desired, the command line interface (CLI) can be used for configuration. This provides the
possibility of creating scripts to perform common configuration changes. The CLI requires a
physical connection from your PC to the serial port (RS232 port) on the Wireless Access Point.
Using the CLI – Telnet
1. Start your Telnet client, and establish a connection to the Access Point.
e.g.
Telnet 192.168.0.228
2. You will be prompted for the user name and password. Enter the same login name and
password as used for the HTTP (Web) interface.
The default values are admin for the User Name, and password for the Password.
3. Once connected, you can use any of the commands listed in the following Command
Reference.
Using the CLI – Serial Port
1. Use a standard serial port cable to connect your PC to the serial (RS232) port on the
Wireless Access point.
2. Start your communications program. For example, in Windows, use HyperTerminal. (This
program may not be installed. If so, you can install it using Start – Settings – Control
Panel – Add or Remove Programs. The select Windows Setup or Add/Remove Windows
Components, depending on your version of Windows.)
3. Configure the connection properties:
• Name – use a suitable name, such as “AP”
• Port (Connect Using) – Select the Serial Port that the cable is connected to. (Do not
select your modem.)
• Port Settings – Use 9600, N, 8, 1, with hardware flow control, as shown below.
Page 87
Wireless Access Point User Guide
Figure 65: CLI Port Settings
4. Use the “Connect” command to start the connection.
5. You will be prompted for a user name and password.
Enter the current user name and password for the AP you are connecting to.
6. You will then see the prompt, and can then use any of the commands listed in the following Command Reference.
Command Reference
The following commands are available.
? -- Display CLI Command List
admin-- Temporary factory admin
boot flash -- Boot from flash
boot ethernet -- Boot from network
cp -- Copy file
config wlan-- config wlanX
connect bss-- connect to bssX
del acl -- Delete Access Control List
del key -- Delete Encryption key
find bss -- Find BSS
find channel -- Find Available Channel
find all -- Find All BSS
format -- Format flash filesytem
bootrom -- Update boot rom image
84
Page 88
Appendix E – Command Line Interface
ftp -- Software update via FTP
get 11gonly-- Display 11g Only Allowed
get 11goptimize -- Display 11g Optimization Level
get 11goverlapbss-- Display Overlapping BSS Protection
get abolt --
get acl -- Display Access Control List
get aging -- Display Aging Interval
get antenna-- Display Antenna Diversity
get association -- Display Association Table
get authentication -- Display Authentication Type
get autochannelselect -- Display Auto Channel Select
get basic11b -- Display Basic 11b Rates
get basic11g -- Display Basic 11g Rates
get beaconinterval -- Display Beacon Interval
get burstSeqThreshold -- Display Max Number of frames in a Burst
get burstTime -- Display Burst Time
get calibration -- Display Noise And Offset Calibration Mode
get cckTrigHigh -- Display Higher Trigger Threshold for CCK Phy Errors for ANI Control
get cckTrigLow -- Display Lower Trigger Threshold for CCK Phy Errors for ANI Control
get cckWeakSigThr-- Display ANI Parameter for CCK Weak Signal Detection Threshold
get channel-- Display Radio Channel
get cipher -- Display Encryption cipher
get compproc -- Display Compression scheme
get compwinsize -- Display Compression Window Size
get config -- Display Current AP Configuration
get countrycode -- Display Country Code
get ctsmode-- Display CTS mode
get ctsrate-- Display CTS rate
get ctstype-- Display CTS type
get description -- Display Access Point Description
get dhcpmode -- Display dhcp mode
get domainsuffix -- Display Domain Name Server suffix
get dtim -- Display Data Beacon Rate (DTIM)
get enableANI -- Display Adaptive Noise Immunity Control On/Off
get encryption -- Display Encryption Mode
get extendedchanmode -- Display Extended Channel Mode
get firStepLvl -- Display ANI Parameter for FirStepLevel
85
Page 89
Wireless Access Point User Guide
get fragmentthreshold -- Display Fragment Threshold
get frequency -- Display Radio Frequency (MHz)
get gateway-- Display Gateway IP Address
get gbeaconrate -- Display 11g Beacon Rate
get gdraft5-- Display 11g Draft 5.0 compatibility
get groupkeyupdate -- Display Group Key Update Interval (in Seconds)
get hardware -- Display Hardware Revisions
get hostipaddr -- Display Host IP Address
get ipaddr -- Display IP Address
get ipmask -- Display IP Subnet Mask
get key -- Display Encryption Key
get keyentrymethod -- Display Encyrption Key Entry Method
get keysource -- Display Source Of Encryption Keys
get login -- Display Login User Name
get minimumrate -- Display Minimum Rate
get macAuth-- Display Mac Authentication Enable/Disable
get nameaddr -- Display IP address of name server
get nf -- Display Noise Floor
get noiseImmunityLvl -- Display ANI Parameter for Noise Immunity Level
get ofdmTrigHigh -- Display Higher Trigger Threshold for OFDM Phy Errors for ANI Control
get ofdmTrigLow -- Display Lower Trigger Threshold for OFDM Phy Errors for ANI Control
get ofdmWeakSigDet -- Display ANI Parameter for OFDM Weak Signal Detection
get overRidetxpower -- Display Tx power override
get operationMode-- Display Operation Mode
get pktLogEnable -- Display Packet Logging Mode
get power -- Display Transmit Power Setting
get quietAckCtsAllow -- Display if Ack/Cts frames are allowed during quiet period
get quietDuration-- Display Duration of quiet period
get quietOffset -- Display Offset of quiet period into the beacon period
get radiusname -- Display RADIUS server name or IP address
get radiusport -- Display RADIUS port number
get rate -- Display Data Rate
get remoteAp -- Display Remote Ap's Mac Address
get hwtxretries -- Display HW Transmit Retry Limit
get swtxretries -- Display SW Transmit Retry Limit
86
Page 90
Appendix E – Command Line Interface
get rtsthreshold -- Display RTS/CTS Threshold
get shortpreamble-- Display Short Preamble Usage
get shortslottime-- Display Short Slot Time Usage
get sntpserver -- Display SNTP/NTP Server IP Address
get softwareretry-- Display Software Retry
get spurImmunityLvl -- Display ANI Parameter for Spur Immunity Level
get ssid -- Display Service Set ID
get ssidsuppress -- Display SSID Suppress Mode
get snmpMode -- Display SNMP Mode
get snmpCommunity-- Display SNMP Community Name
get snmpAccessRight -- Display SNMP Access Right
get snmpAnyStaMode -- Display SNMP Any Station Mode
get snmpStationIPAddr -- Display SNMP Station Addr
get trapMode -- Display Trap Mode
get trapVersion -- Display Trap Version
get trapSendMode -- Display Trap Send Mode
get trapRecvIp -- Display Trap Receiver IP
get station-- Display Station Status
get SuperG -- Display SuperG Feature Status
get systemname -- Display Access Point System Name
get telnet -- Display Telnet Mode
get timeout-- Display Telnet Timeout
get tzone -- Display Time Zone Setting
get updateparam -- Display Vendor Default Firmware Update Params
get uptime -- Display UpTime
get watchdog -- Display Watchdog Mode
get wds -- Display WDS Mode
get wep -- Display Encryption Mode
get wirelessmode -- Display Wireless LAN Mode
get winsEnable -- Display WINS Server Enable/Disable
get winsserveraddr -- Display IP address of WINS server
get wSeparate -- Display wireless seprate Mode
get wlanstate -- Display wlan state
help -- Display CLI Command List
Lebradeb -- Disable reboot during radar detection
ls -- list directory
mem -- system memory statistics
87
Page 91
Wireless Access Point User Guide
mv -- Move file
np -- Network Performance
ns -- Network Performance Server
ping -- Ping
pktLog -- Packet Log
radar! -- Simulate radar detection on current channel
reboot -- Reboot Access Point
rm -- Remove file
run -- Run command file
quit -- Logoff
set 11gonly-- Set 11g Only Allowed
set 11goptimize -- Set 11g Optimization Level
set 11goverlapbss-- Set Overlapping BSS Protection
set abolt --
set acl -- Set Access Control List
set aging -- Set Aging Interval
set antenna-- Set Antenna
set authentication -- Set Authentication Type
set autochannelselect -- Set Auto Channel Selection
set basic11b -- Set Use of Basic 11b Rates
set basic11g -- Set Use of Basic 11g Rates
set beaconinterval -- Modify Beacon Interval
set burstSeqThreshold -- Set Max Number of frames in a Burst
set burstTime -- Set Burst Time
set calibration -- Set Calibration Period
set cckTrigHigh -- Set Higher Trigger Threshold for CCK Phy Errors For ANI Control
set cckTrigLow -- Set Lower Trigger Threshold for CCK Phy Errors For ANI Control
set cckWeakSigThr-- Set ANI Parameter for CCK Weak Signal Detection Threshold
set channel-- Set Radio Channel
set cipher -- Set Cipher
set compproc -- Set Compression Scheme
set compwinsize -- Set Compression Window Size
set countrycode -- Set Country Code
set ctsmode-- Set CTS Mode
set ctsrate-- Set CTS Rate
set ctstype-- Set CTS Type
set description -- Set Access Point Description
88
Page 92
Appendix E – Command Line Interface
set dhcpMode -- Set Dhcp Mode
set domainsuffix -- Set Domain Name Server Suffix
set dtim -- Set Data Beacon Rate (DTIM)
set enableANI -- Turn Adaptive Noise Immunity Control On/Off
set encryption -- Set Encryption Mode
set extendedchanmode -- Set Extended Channel Mode
set factorydefault -- Restore to Default Factory Settings
set firStepLvl -- Set ANI Parameter for FirStepLevel
set fragmentthreshold -- Set Fragment Threshold
set frequency -- Set Radio Frequency (MHz)
set gateway-- Set Gateway IP Address
set gbeaconrate -- Set 11g Beacon Rate
set groupkeyupdate -- Set Group Key Update Interval (in Seconds)
set gdraft5-- Set 11g Draft 5.0 compatibility
set hostipaddr -- Set Host IP address
set ipaddr -- Set IP Address
set ipmask -- Set IP Subnet Mask
set key -- Set Encryption Key
set keyentrymethod -- Select Encryption Key Entry Method
set keysource -- Select Source Of Encryption Keys
set login -- Modify Login User Name
set minimumrate -- Set Minimum Rate
set macAuth-- Set Mac Authentication Enable/Disable
set nameaddress -- Set Name Server IP address
set noiseImmunityLvl -- Set ANI Parameter for Noise Immunity Level
set ofdmTrigHigh -- Set Higher Trigger Threshold for OFDM Phy Errors for ANI Control
set ofdmTrigLow -- Set Lower Trigger Threshold for OFDM Phy Errors for ANI Control
set ofdmWeakSigDet -- Set ANI Parameter for OFDM Weak Signal Detection
set overRidetxpower -- Set Tx power override
set operationMode-- Set operation Mode
set password -- Modify Password
set passphrase -- Modify Passphrase
set pktLogEnable -- Enable Packet Logging
set power -- Set Transmit Power
set quietAckCtsAllow -- Allow Ack/Cts frames during quiet period
set quietDuration-- Duration of quiet period
set quietOffset -- Offset of quiet period into the beacon period
89
Page 93
Wireless Access Point User Guide
set radiusname -- Set RADIUS name or IP address
set radiusport -- Set RADIUS port number
set radiussecret -- Set RADIUS shared secret
set rate -- Set Data Rate
set rate -- Set Data Rate
set rate -- Set Data Rate
set rate -- Set Data Rate
set rate -- Set Data Rate
set regulatorydomain -- Set Regulatory Domain
set remoteAP -- Set Remote AP's Mac Address
set hwtxretries -- Set HW Transmit Retry Limit
set swtxretries -- Set SW Transmit Retry Limit
set rtsthreshold -- Set RTS/CTS Threshold
set shortpreamble-- Set Short Preamble
set shortslottime-- Set Short Slot Time
set sntpserver -- Set SNTP/NTP Server IP Address
set softwareretry-- Set Software Retry
set spurImmunityLvl -- Set ANI Parameter for Spur Immunity Level
set ssid -- Set Service Set ID
set ssidsuppress -- Set SSID Suppress Mode
set SuperG -- Super G Features
set systemname -- Set Access Point System Name
set snmpMode -- Set SNMP Mode
set snmpCommunity-- Set SNMP Community Name
set snmpAccessRight -- Set SNMP Access Right
set snmpAnyStaMode -- Set SNMP Any Station Mode
set snmpStationIPAddr -- Set SNMP Station Addr
set trapMode -- Set Trap Mode
set trapVersion -- Set Trap Version
set trapSendMode -- Set Trap Send Mode
set trapRecvIp -- Set Trap Receiver IP
set telnet -- Set Telnet Mode
set timeout-- Set Telnet Timeout
set tzone -- Set Time Zone Setting
set updateparam -- Set Vendor Default Firmware Update Params
set watchdog -- Set Watchdog Mode
set wds -- Set WDS Mode
90
Page 94
set wep -- Set Encryption Mode
set wlanstate -- Set wlan state
set wirelessmode -- Set Wireless LAN Mode
set winsEnable -- Set WINS Server Enable/Disable
set winsServerAddr -- Set WINS Server IP address
set wSeparate -- Set wireless seprate Mode
spy report -- Print spy report
spy start -- Start spy
spy stop -- Stop spy
start wlan -- Start the current wlan
stop wlan -- Stop the current wlan
timeofday -- Display Current Time of Day
version -- Software version
Appendix E – Command Line Interface
91
Loading...