How it Works
LevelOne
Loading...
WAP-0005
User Manual
94 pgs3.38 Mb0
User Manual
108 pgs4.03 Mb0
Table of contents
Loading...

LevelOne WAP-0005 User Manual

LevelOne
WAP - 0005
108 Mbps Wireless Access Point
User’s Manual
TABLE OF CONTENTS
Features of your Wireless Access Point........................................................................... 1
Package Contents ..............................................................................................................3
Physical Details.................................................................................................................. 3
Requirements..................................................................................................................... 5
Procedure ........................................................................................................................... 5
Overview ............................................................................................................................ 7
Setup using the Windows Utility...................................................................................... 7
Setup using a Web Browser............................................................................................ 10
System Screen .................................................................................................................. 13
Access Control ................................................................................................................. 14
Wireless Screens .............................................................................................................. 17
Basic Settings Screen....................................................................................................... 17
Security Settings .............................................................................................................. 20
Advanced Settings ........................................................................................................... 33
Overview ..........................................................................................................................35
Using WEP .......................................................................................................................35
Using WPA-PSK.............................................................................................................. 36
Using WPA-802.1x ..........................................................................................................37
802.1x Server Setup (Windows 2000 Server)................................................................ 38
802.1x Client Setup on Windows XP ............................................................................. 48
Using 802.1x Mode (without WPA) ...............................................................................54
Operation ......................................................................................................................... 55
Status Screen.................................................................................................................... 55
Overview ..........................................................................................................................61
Admin Login Screen........................................................................................................ 61
Config File........................................................................................................................ 63
SNMP ............................................................................................................................... 64
Firmware Upgrade.......................................................................................................... 65
i
APPENDIX A SPECIFICATIONS .......................................................................................66
Wireless Access Point...................................................................................................... 66
Overview ..........................................................................................................................70
General Problems............................................................................................................ 70
Overview ..........................................................................................................................72
Checking TCP/IP Settings - Windows 9x/ME: ............................................................. 72
Checking TCP/IP Settings - Windows NT4.0 ...............................................................74
Checking TCP/IP Settings - Windows 2000.................................................................. 76
Checking TCP/IP Settings - Windows XP .................................................................... 78
Overview ..........................................................................................................................80
Wireless LAN Terminology............................................................................................ 80
Overview ..........................................................................................................................83
Command Reference....................................................................................................... 84
P/N: 9560N900A0
Copyright 2004. All Rights Reserved.
Document Version: 1.1
All trademarks and trade names are the properties of their respective owners.
ii 1
Chapter 1
Introduction
This Chapter provides an overview of the Wireless Access Point's features and capabilities.
Congratulations on the purchase of your new Wireless Access Point. The Wireless Access Point links your 802.11g or 802.11b Wireless Stations to your wired LAN. The Wireless stations and devices on the wired LAN are then on the same network, and can communicate with each other without regard for whether they are connected to the network via a Wireless or wired connection.
1
Figure 1: Wireless Access Point
The auto-sensing capability of the Wireless Access Point allows packet transmission up to 54Mbps for maximum throughput, or automatic speed reduction to lower speeds when the environment does not permit maximum throughput.

Features of your Wireless Access Point

The Wireless Access Point incorporates many advanced features, carefully designed to provide sophisticated functions while being easy to use.
Standards Compliant. The Wireless Router complies with the IEEE802.11g (DSSS)
specifications for Wireless LANs.
Supports both 802.11b and 802.11g Wireless Stations. The 802.11g standard
provides for backward compatibility with the 802.11b standard, so both 802.11b and
802.11g Wireless stations can be used simultaneously.
108Mbps Wireless Connections. On both the 2.4GHz (802.11b & 802.11g) and 5GHz
(802.11a) bands, 108Mbps connections are available to compatible clients.
Simple Configuration. If the default settings are unsuitable, they can be changed
quickly and easily.
Wireless Access Point User Guide
DHCP Client Support. Dynamic Host Configuration Protocol provides a dynamic IP
address to PCs and other devices upon request. The Wireless Access Point can act as a DHCP Client, and obtain an IP address and related information from your existing DHPC Server.
Upgradeable Firmware. Firmware is stored in a flash memory and can be upgraded
easily, using only your Web Browser.
PoE Support. You can user PoE (Power over Ethernet) to provide power to the Wireless
Access Point, so only a single cable connection is required.
Security Features
WEP support. Support for WEP (Wired Equivalent Privacy) is included. Both 64 Bit
and 128 Bit keys are supported.
WPA support. Support for WPA is included. WPA is more secure than WEP, and
should be used if possible. Both TKIP and AES encryption methods are supported.
802.1x Support. Support for 802.1x mode is included, providing for the industrial-
strength wireless security of 802.1x authentication and authorization.
Radius Client Support. The Wireless Access Point can login to your existing Radius
Server (as a Radius client).
Radius MAC Authentication. You can centralize the checking of Wireless Station
MAC addresses by using a Radius Server.
Dynamic WEP key Support. In 802.1x mode, either fixed or Dynamic WEP keys can
be used.
Access Control. The Access Control feature can check the MAC address of Wireless
clients to ensure that only trusted Wireless Stations can use the Wireless Access Point to gain access to your LAN.
Password - protected Configuration. Optional password protection is provided to
prevent unauthorized users from modifying the configuration data and settings.
Advanced Features
Command Line Interface. If desired, the command line interface (CLI) can be used for
configuration. This provides the possibility of creating scripts to perform common con­figuration changes.
NetBIOS & WINS Support. Support for both NetBIOS broadcast and WINS (Win-
dows Internet Naming Service) allows the Wireless Access Point to easily fit into your existing Windows network.
Radius Accounting Support. If you have a Radius Server, you can use it to provide
accounting data on Wireless clients.
SNMP Support. SNMP (Simple Network Management Protocol) is supported, allowing
you to use a SNMP program to manage the Wireless Access Point.
UAM Support. The Wireless Access Point supports UAM (Universal Access Method),
making it suitable for use in Internet cafes and other sites where user access time must be accounted for.
WDS Support. Support for WDS (Wireless Distribution System) allows the Wireless
Access Point to act as a Wireless Bridge. Both Point-to-Point and Multi-Point Bridge modes are supported.
2
Introduction

Package Contents

The following items should be included:
Wireless Access Point
Power Adapter
Quick Start Guide
CD-ROM containing the on-line manual and setup utility.
If any of the above items are damaged or missing, please contact your dealer immediately.

Physical Details

Front Panel LEDs
Figure 2: Front Panel
Status On - Error condition.
Off - Normal operation.
Blinking - During start up, and when the Firmware is being upgraded.
Power On - Normal operation.
Off - No power
LAN On - The LAN (Ethernet) port is active.
Off - No active connection on the LAN (Ethernet) port.
Flashing - Data is being transmitted or received via the corresponding
LAN (Ethernet) port.
Wireless LAN
On -
Idle
Off - Error- Wireless connection is not available.
Flashing - Data is being transmitted or received via the Wireless access
point. Data includes "network traffic" as well as user data.
3
Wireless Access Point User Guide
Rear Panel
Figure 3 Rear Panel
Antenna
Console port
Reset Button
Ethernet
Power port
One antenna (aerial) is supplied. Best results are usually obtained with the antenna in a vertical position.
DB9 female RS232 port.
This button has two (2) functions:
Reboot. When pressed and released, the Wireless Access Point
will reboot (restart).
Reset to Factory Defaults. This button can also be used to clear
ALL data and restore ALL settings to the factory default values.
To Clear All Data and restore the factory default values:
1. Power Off the Access Point
2. Hold the Reset Button down while you Power On the Access Point.
3. Continue holding the Reset Button until the Status (Red) LED blinks TWICE.
4. Release the Reset Button. The factory default configuration has now been restored, and the Access Point is ready for use.
Use a standard LAN cable (RJ45 connectors) to connect this port to a 10BaseT or 100BaseT hub on your LAN.
Connect the supplied power adapter here.
4 5
Chapter 2
Installation
This Chapter covers the physical installation of the Wireless Access Point.
2

Requirements

Requirements:
TCP/IP network
Ethernet cable with RJ-45 connectors
Installed Wireless network adapter for each PC that will be wirelessly connected to the
network

Procedure

1. Select a suitable location for the installation of your Wireless Access Point. To maximize reliability and performance, follow these guidelines:
Use an elevated location, such as wall mounted or on the top of a cubicle.
Place the Wireless Access Point near the center of your wireless coverage area.
If possible, ensure there are no thick walls or metal shielding between the Wireless
Access Point and Wireless stations. Under ideal conditions, the Wireless Access Point has a range of around 150 meters (450 feet). The range is reduced, and transmission speed is lower, if there are any obstructions between Wireless devices.
Figure 4: Installation Diagram
2. Use a standard LAN cable to connect the “Ethernet” port on the Wireless Access Point to a 10/100BaseT hub on your LAN.
Wireless Access Point User Guide
3. Connect the supplied power adapter to the Wireless Access Point and a convenient power outlet, and power up. NOTE: If you wish to use PoE (Power over Ethernet), refer to the following section.
4. Check the LEDs:
The Status LED should flash, then turn OFF.
The Power, WLAN, and LAN LED should be ON.
For more information, refer to Front Panel LEDs in Chapter 1.
Using PoE (Power over Ethernet)
The Wireless Access Point supports PoE (Power over Ethernet). To use PoE:
1. Do not connect the supplied power adapter to the Wireless Access Point.
2. Connect one end of a standard (category 5) LAN cable to the Ethernet port on the Wire­less Access Point.
3. Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter. (24V DC, 500mA)
4. Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch.
5. Connect the power supply to the PoE adapter and power up.
6. Check the LEDs on the Wireless Access Point to see it is drawing power via the Ethernet­connection.
Figure 5: Using PoE (Power over Ethernet)
6 7
Chapter 3
Access Point Setup
This Chapter provides details of the Setup process for Basic Operation of your Wireless Access Point.
3

Overview

This chapter describes the setup procedure to make the Wireless Access Point a valid device on your LAN, and to function as an Access Point for your Wireless Stations.
Wireless Stations may also require configuration. For details, see Chapter 4 - Wireless Station Configuration.
The Wireless Access Point can be configured using either the supplied Windows utility or your Web Browser

Setup using the Windows Utility

A simple Windows setup utility is supplied on the CD-ROM. This utility can be used to assign a suitable IP address to the Wireless Access Point. Using this utility is recommended, because it can locate the Wireless Access Point even if it has an invalid IP address.
Installation
1. Insert the supplied CD-ROM in your drive.
2. If the utility does not start automatically, run the SETUP program in the root folder.
3. Follow the prompts to complete the installation.
Main Screen
Start the program by using the icon created by the setup program.
When run, the program searches the network for all active Wireless Access Points, then
lists them on screen, as shown by the example below.
Wireless Access Point User Guide
Figure 6: Management utility Screen
Wireless Access Points
The main panel displays a list of all Wireless Access Points found on the network. For each Access Point, the following data is shown:
Server Name
IP address
MAC Address
IEEE Standard
The Server Name is shown on a sticker on the base of the device.
The IP address for the Wireless Access Point.
The hardware or physical address of the Wireless Access Point.
The wireless standard or standards used by the Wireless Access Point (e.g. 802.11b, 802.11g)
FW Version
Description
The current Firmware version installed in the Wireless Access Point.
Any extra information for the Wireless Access Point, entered by the administrator.
Note: If the desired Wireless Access Point is not listed, check that the device is installed and ON, then update the list by clicking the Refresh button.
Buttons
Refresh
Detail Info
Web Management
Set IP Address
Click this button to update the Wireless Access Point device listing after changing the name or IP Address.
When clicked, additional information about the selected Access Point will be displayed.
Use this button to connect to the Wireless Access Point's Web­based management interface.
Click this button if you want to change the IP Address of the Wireless Access Point.
Exit
Exit the Management utility program by clicking this button.
8
Setup
Setup Procedure
1. Select the desired Wireless Access Point.
2. Click the Set IP Address button.
3. If prompted, enter the user name and password. The default values are admin for the User Name, and password for the Password.
4. Ensure the IP address, Network Mask, and Gateway are correct for your LAN. Save any changes.
5. Click the Web Management button to connect to the selected Wireless Access Point using your Web Browser. If prompted, enter the User Name and Password again.
6. Configure the following screens, using the on-line help if necessary. The following section also provides more details about each of these screens.
Wireless - Basic (Basic Wireless settings)
Wireless - Security (Wireless Security)
Management - Admin Login (Set login name and password)
7. Setup is now complete.
9
Wireless Access Point User Guide

Setup using a Web Browser

Your Browser must support JavaScript. The configuration program has been tested on the following browsers:
Netscape V4.08 or later
Internet Explorer V4 or later
Setup Procedure
Before commencing, install the Wireless Access Point in your LAN, as described previously.
1. Check the Wireless Access Point to determine its Default Name. This is shown on a label on the base or rear, and is in the following format:
SCxxxxxx Where xxxxxx is a set of 6 Hex characters ( 0 ~ 9, and A ~ F ).
2. Use a PC which is already connected to your LAN, either by a wired connection or an­other Access Point.
Until the Wireless Access Point is configured, establishing a Wireless connection to it
may be not possible.
If your LAN contains a Router or Routers, ensure the PC used for configuration is on
the same LAN segment as the Wireless Access Point.
3. Start your Web browser.
4. In the Address box, enter "HTTP://" and the Default Name of the Wireless Access Point e.g.
HTTP://SC2D631A
5. You should then see a login prompt, which will ask for a User Name and Password. Enter admin for the User Name, and password for the Password. These are the default values. The password can and should be changed. Always enter the current user name and password, as set on the Admin Login screen.
Figure 7: Password Dialog
6. You will then see the Status screen, which displays the current settings and status. No data input is possible on this screen.
10
7. From the menu, check the following screens, and configure as necessary for your envi­ronment. Details of these screens and settings are described in the following sections of this chapter.
System
Access Control
Wireless
Basic
Security
Advanced
Management
Admin Login (Set login name and password)
8. Setup of the Wireless Access Point is now complete. Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 for details.
If you can't connect:
It is likely that your PC’s IP address is incompatible with the Wireless Access Point’s IP address. This can happen if your LAN does not have a DHCP Server. The default IP address of the Wireless Access Point is 192.168.0.228, with a Network Mask of 255.255.255.0.
Setup
If your PC’s IP address is not compatible with this, you must change your PC’s IP address to an unused value in the range 192.168.0.1 ~ 192.168.0.254, with a Network Mask of 255.255.255.0. See Appendix C - Windows TCP/IP for details for this procedure.
11
Wireless Access Point User Guide
Status Screen
When you first connect, you will see the Status screen. This displays the current settings and status of the Wireless Access Point. No data can be input on this screen.
Figure 8: Status Screen
For further details of this screen, refer to Status Screen in Chapter 5.
12

System Screen

Click System on the menu to view a screen like the following.
Setup
Data - System Screen
Identification
Access Point Name
Description
Country Domain
IP Address
DHCP Client
Fixed
Enter a suitable name for this Access Point.
If desired, you can enter a description for the Access Point.
Select the country or domain matching your current location.
Select this option if you have a DHCP Server on your LAN, and you wish the Access Point to obtain an IP address automatically.
If selected, the following data must be entered.
IP Address - The IP Address of this device. Enter an unused IP
Subnet Mask - The Network Mask associated with the IP Address
Gateway - The IP Address of your Gateway or Router. Enter the
DNS - Enter the DNS (Domain Name Server) used by PCs on
Figure 9: System Screen
address from the address range on your LAN.
above. Enter the value used by other devices on your LAN.
value used by other devices on your LAN.
your LAN.
13
Wireless Access Point User Guide
WINS
Enable WINS
WINS Server Name/IP Address
HTTP
HTTP Port
Telnet
Enable Telnet Management
If your LAN has a WINS server, you can enable this to have this AP register with the WINS server.
Enter the name or IP address of your WINS server.
Enter the port number to be used when connecting to this interface. The default value is 80.
If desired, you can enable this option. If enabled, you will able to connect to this AP using a Telnet client. You will have to provide the same login data (user name, password) as for a HTTP (Web) connec­tion.

Access Control

This feature can be used to block access to your LAN by unknown or untrusted wireless stations.
Click Access Control on the menu to view a screen like the following.
Figure 10: Access Control Screen
Data - Access Control Screen
Enable
Trusted Stations
Use this checkbox to Enable or Disable this feature as desired.
Warning ! Ensure your own PC is in the "Trusted Wireless Stations" list before enabling this feature.
This table lists any Wireless Stations you have designated as "Trusted". If you have not added any stations, this table will be empty. For each Wireless station, the following data is displayed:
MAC Address - the MAC or physical address of each Wire-
less station.
Connected - this indicates whether or not the Wireless station
is currently associates with this Access Point.
14
Buttons
Setup
Modify List
Read from File
Write to File
To change the list of Trusted Stations (Add, Edit, or Delete a Wireless Station or Stations), click this button. You will then see the Trusted Wireless Stations screen, described below.
To upload a list of Trusted Stations from a file on your PC, click this button.
To download the current list of Trusted Stations from the Access Point to a file on your PC, click this button.
Trusted Wireless Stations
To change the list of trusted wireless stations, use the Modify List button on the Access Control screen. You will see a screen like the sample below.
Figure 11: Trusted Wireless Stations
Data - Trusted Wireless Stations
Trusted Wireless Stations
Other Wireless Stations
Address
Buttons
<<
This lists any Wireless Stations which you have designated as “Trusted”.
This list any Wireless Stations detected by the Access Point, which you have not designated as "Trusted".
The MAC (physical) address of the Trusted Wireless Station. Use this when adding or editing a Trusted Station.
Add a Trusted Wireless Station to the list (move from the "Other Stations" list).
Select an entry (or entries) in the "Other Stations" list, and
click the " << " button.
Enter the Address (MAC or physical address) of the wireless
station, and click the "Add " button.
15
Wireless Access Point User Guide
>>
Select All
Select None
Edit
Add
Clear
Delete a Trusted Wireless Station from the list (move to the "Other Stations" list).
Select an entry (or entries) in the "Trusted Stations" list.
Click the " >> " button.
Select all of the Stations listed in the "Other Stations" list.
De-select any Stations currently selected in the "Other Stations" list.
To change an existing entry in the "Trusted Stations" list, select it and click this button.
1. Select the Station in the "Trusted Station" list.
2. Click the "Edit" button. The address will be copied to the "Address" field, and the "Add" button will change to "Update".
3. Edit the address (MAC or physical address) as required.
4. Click "Update" to save your changes.
To add a Trusted Station which is not in the "Other Wireless Stations" list, enter the required data and click this button.
Clear the Address field.
16

Wireless Screens

There are 3 configuration screens available:
Basic Settings
Security
Advanced

Basic Settings Screen

The settings on this screen must match the settings used by Wireless Stations.
Click Basic on the menu to view a screen like the following.
Setup
Figure 12: Basic Settings Screen
Data - Basic Settings Screen
Operation
Wireless Mode
Select the desired option:
Disable - select this if for some reason you do not this AP to
transmit or receive at all.
802.11b and 802.11g - this is the default, and will allow connec-
tions by both 802.11b and 802.1g wireless stations.
802.11b - if selected, only 802.11b connections are allowed.
802.11g wireless stations will only be able to connect if they are fully backward-compatible with the 802.11b standard.
802.11g - only 802.11g connections are allowed. If you only have
802.11g, selecting this option may provide a performance im­provement over using the default setting.
Super 802.11g (108Mbps) - This uses Packet Bursting, Fast-
Frame, and Compression techniques to increase throughput. Only clients supporting the "Atheros Super G" mode can connect at 108Mbps. However, this option is backward-compatible with
802.11ab and (standard) 802.11g.
17
Wireless Access Point User Guide
Dynamic Super 802.11g (108Mbps) - This uses Packet Bursting,
FastFrame, Compression, and "Channel Bonding" (using 2 chan­nels) to increase throughput. Only clients supporting the "Atheros Super G" mode can connect at 108Mbps, and they will only use this speed when necessary. Howerver, this option is backward­compatible with 802.11b and (standard) 802.11g.
Static Super 802.11g (108Mbps) - This uses Packet Bursting,
FastFrame, Compression, and "Channel Bonding" (using 2 chan­nels) to increase thoughput. Because "Channel Bonding" is always used, this method is NOT compatible with 802.11b and (standard)
802.11g. Only clients supporting the "Atheros Super G" mode can connect at 108Mbps; they will always connect at this speed. Select this only if all wireless stations support this "Atheros Super G" mode.
Operating Mode
Remote AP MAC Address
Select the desired mode:
Wireless Access Point - operate as a normal Access Point
Client Access Point - act as a client for another Access Point. If
selected, you must provide the address (MAC address) of the other Access Point (Remote AP).
Repeater Access Point - act as a repeater for another Access
Point. If selected, you must provide the address (MAC address) of the other Access Point (Remote AP).
Point-to-Point Bridge - In this mode, the AP will communicate
ONLY with another Bridge-mode Wireless Station. You must en­ter the MAC address (physical address) of the other Bridge-mode Wireless Station in the field provided. WEP can (and should) be used to protect this communication.
Point-to-Multi-Point Bridge - Select this only if this AP is the
"Master" for a group of Bridge-mode Wireless Stations. The other Bridge-mode Wireless Stations must be set to Point-to-Point Bridge mode, using this AP's MAC address. They then send all traffic to this "Master", rather than communicate directly with each other. WEP can (and should) be used to protect this traffic.
This is not required unless the Operating Mode is Client Access Point, Repeater Access Point, or Point-to-Point Bridge. In these modes, you must provide the MAC address of the other AP in this field. You can either enter the MAC address directly, or, if the other AP is on­line, you can click the "Select AP" button and select from a list of available APs.
Channel No
Current Channel No.
SSID
If "Automatic" is selected, the Wireless Access Point will self-select a Wireless Channel.
If you experience interference (shown by lost connections and/or slow data transfers) you may need to experiment with different channels to see which Channel is the best.
This displays the current channel used by the Access Point.
Enter the desired SSID. Wireless Stations must use the same SSID.
Note: The SSID is case sensitive.
18
Setup
Broadcast SSID
If Enabled, the SSID will be broadcast to all Wireless Stations. Sta­tions which have no SSID (or a "null" value) can then adopt the correct SSID for connections to this Access Point.
19
Wireless Access Point User Guide

Security Settings

Select the desired option, and then enter the settings for the selected method.
The available options are:
None - No security is used. Anyone using the correct SSID can connect to your network.
WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption
system is not very strong.
WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more secure than
WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes fre­quently.
WPA-802.1x - This version of WPA requires a Radius Server on your LAN to provide the
client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when re-
quired.
All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
802.1x - This uses the 802.1x standard for client authentication, and WEP for data encryp-
tion. If possible, you should use WPA-802.1x instead, because WPA encryption is much stronger than WEP encryption.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when re-
quired.
All data transmission is encrypted using the WEP standard. You only have to select
the WEP key size; the WEP key is automatically generated.
20
Security Settings - None
Figure 13: Wireless Security - None
No security is used. Anyone using the correct SSID can connect to your network.
The only settings available from this screen are Radius MAC Authentication and UAM (Universal Access Method).
Setup
Radius MAC Authentication
Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server. If you don't have a Radius Server, you cannot use this feature.
Using MAC authentication
1. Ensure the Wireless Access Point can login to your Radius Server.
Add a RADIUS client on the RADIUS server, using the IP address or name of the
Wireless Access Point, and the same shared key as entered on the Wireless Access Point.
Ensure the Wireless Access Point has the correct address, port number, and shared
key for login to your Radius Server. These parameters are entered either on the Security page, or the Radius-based MAC authentication sub-screen, depending on the security method used.
On the Access Point, enable the Radius-based MAC authentication feature on the
screen below.
2. Add Users on the Radius server as required. The username must be the MAC address of the Wireless client you wish to allow, and the password must be blank.
3. When clients try to associate with the Access Point, their MAC address is passed to the Radius Server for authentication.
If successful, “xx:xx:xx:xx:xx:xx MAC authentication” is entered in the log, and cli-
ent station status would show as “authenticated” on the station list table;
If not successful, “xx:xx:xx:xx:xx:xx MAC authentication failed” is entered in the
log,, and station status is shown as “authenticating” on the station list table.
21
Wireless Access Point User Guide
Radius-based MAC authentication Screen
This screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again. Otherwise, you must enter the details of your Radius Server on this screen.
Figure 14: Radius-based MAC Authentication Screen
Data - Radius-based MAC Authentication Screen
Enable ...
Radius Server Address
Radius Port
Client Login Name
Shared Key
WEP Key
WEP Key Index
Enable this if you wish to Radius-based MAC authentication.
If this field is visible, enter the name or IP address of the Radius Server on your network.
If this field is visible, enter the port number used for connections to the Radius Server.
If this field is visible, it displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server.
If this field is visible, it is used for the Client Login on the Radius Server. Enter the key value to match the value on the Radius Server.
If this field is visible, it is for the WEP key used to encrypt data transmissions to the Radius Server. Enter the desired key value (in HEX), and ensure the Radius Server has the same value.
If this field is visible, select the desired key index. This sets which of the previously-entered WEP keys will be used for communication with the Radius Server. Any value can be used, provided it matches the value on the Radius Server.
22
Setup
UAM
UAM (Universal Access Method) is intended for use in Internet cafes, Hot Spots, and other sites where the Access Point is used to provide Internet Access.
If enabled, then HTTP (TCP, port 80) connections are checked. (UAM only works on HTTP connections; all other traffic is ignored.) If the user has not been authenticated, Internet access is blocked, and the user is re-directed to another web page. Typically, this web page is on your Web server, and explains how to pay and obtain Internet access.
To use UAM, you need a Radius Server for Authentication. The "Radius Server Setup" must be completed before you can use UAM. The required setup depends on whether you are using “Internal” or “External” authentication.
Internal authentication uses the web page built into the Wireless Access Point.
External authentication uses a web page on your Web server. Generally, you should use
External authentication, as this allows you to provide relevant and helpful information to users.
UAM authentication - Internal
1. Ensure the Wireless Access Point can login to your Radius Server.
Add a RADIUS client on RADIUS server, using the IP address or name of the Wire-
less Access Point, and the same shared key as entered on the Wireless Access Point.
Ensure the Wireless Access Point has the correct address, port number, and shared
key for login to your Radius Server. These parameters are entered either on the Secu­rity page, or the UAM sub-screen, depending on the security method used.
2. Add users on your RADIUS server as required, and allow access by these users.
3. Client PCs must have the correct Wireless settings in order to associate with the Wireles Access Point.
4. When an associated client tries to use HTTP (TCP, port 80) connections, they will be re­directed to a user login page.
5. The client (user) must then enter the user name and password, as defined on the Radius Server. (You must provide some system to let users know the correct name and password to use.)
6. If the user name and password is correct, Internet access is allowed. Otherwise, the user remains on the login page.
Clients which pass the authentication are listed as “xx:xx:xx:xx:xx:xx WEB authen-
tication” in the log table, and station status would show as “Authenticated” on the station list table.
If a client fails authentication, “xx:xx:xx:xx:xx:xx WEB authentication failed” shown
in the log, and station status is shown as “authenticating” on the station list table.
UAM authentication – External
1. Ensure the Wireless Access Point can login to your Radius Server.
Add a RADIUS client on RADIUS server, using the IP address or name of the Wire-
less Access Point, and the same shared key as entered on the Wireless Access Point.
Ensure the Wireless Access Point has the correct address, port number, and shared
key for login to your Radius Server. These parameters are entered either on the Secu­rity page, or the UAM sub-screen, depending on the security method used.
2. On your Web Server, create a suitable login page. The login page must have a link or
button to allow the user to input their user name and password on the uam­logon.htm page on the Access Point.
23
Wireless Access Point User Guide
3. On the Access Point’s UAM screen, select External Web-based Authentication, and enter the URL for the login page on your Web server.
4. Add users on your RADIUS server as required, and allow access by these users.
5. Client PCs must have the correct Wireless settings in order to associate with the Wireles Access Point.
6. When an associated client tries to use HTTP (TCP, port 80) connections, they will be re­directed to the login page on your Web Server. They must then click the link or button in order to reach the Access Point’s login page.
7. The client (user) must then enter the user name and password, as defined on the Radius Server. (You must provide some system to let users know the correct name and password to use.)
8. If the user name and password is correct, Internet access is allowed. Otherwise, the user remains on the login page.
Clients which pass the authentication are listed as “xx:xx:xx:xx:xx:xx WEB authen-
tication” in the log table, and station status would show as “Authenticated” on the station list table.
If a client fails authentication, “xx:xx:xx:xx:xx:xx WEB authentication failed” is
shown in the log, and station status is shown as “Authenticating” on the station list table.
UAM Screen
The UAM screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again.
Figure 15: UAM Screen
Data – UAM Screen
Enable
Internal Web-based Authentication
Enable this if you wish to use this feature.
If selected, then when a user first tries to access the Internet, they will be blocked, and re-directed to the built-in login page. The logon data is then sent to the Radius Server for authentication.
24
Setup
External Web-based Authentication
Login URL
Login Failure URL
If selected, then when a user first tries to access the Internet, they will be blocked, and re-directed to the URL below. This needs to be on your own local Web Server. The page must also link back to the built­in login page on this device to complete the login procedure.
Enter the URL of the page on your local Web Server you wish users to see when they attempt to access the Internet, but are not logged in.
Enter the URL of the page on your local Web Server you wish users to see if their login fails. (This may be the same URL as the Login URL).
Security Settings - WEP
This is the 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.
Data - WEP Screen
WEP
Data Encryption
Select the desired option, and ensure your Wireless stations have the same setting:
64 Bit Encryption - Keys are 10 Hex (5 ASCII) characters.
128 Bit Encryption - Keys are 26 Hex (13 ASCII) characters.
Figure 16: WEP Wireless Security
25
Wireless Access Point User Guide
Authentication
Key Input
Key Value
Passphrase
Radius MAC Authentication
UAM
Normally, you can leave this at “Automatic”, so that Wireless Stations can use either method ("Open System" or "Shared Key".).
If you wish to use a particular method, select the appropriate value ­"Open System" or "Shared Key". All Wireless stations must then be set to use the same method.
Select "Hex" or "ASCII" depending on your input method. (All keys are converted to Hex, ASCII input is only for convenience.)
Enter the key values you wish to use. The default key, selected by the radio button, is required. The other keys are optional. Other stations must have matching key values.
Use this to generate a key or keys, instead of entering them directly. Enter a word or group of printable characters in the Passphrase box and click the "Generate Key" button to automatically configure the WEP Key(s). If encryption strength is set to 64 bit, then each of the four key fields will be populated with key values. If encryption strength is set to 128 bit, then only the selected WEP key field will be given a key value.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
See page 21 for details on using Radius MAC authentication.
The current status is displayed.
Click the "Configure" button to configure this feature if required.
See page 23 for details on using UAM.
26
Loading...
+ 65 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use