How it Works
LINKSYS
Loading...
LAPAC1200
User Manual
94 pgs2.12 Mb0

LINKSYS LAPAC1200 User Manual

LAPAC1200
AC1200 Dual Band Access Point
User's Guide
TABLE OF CONTENTS
CHAPTER 1 QUICK START GUIDE ................................................................................... 1
CHAPTER 2 ACCESS POINT SETUP .................................................................................. 4
CHAPTER 3 OPERATION AND STATUS ......................................................................... 46
CHAPTER 4 ACCESS POINT MANAGEMENT ............................................................... 55
APPENDIX A TROUBLESHOOTING ................................................................................ 64
APPENDIX B ABOUT WIRELESS LANS .......................................................................... 66
i
APPENDIX C PC AND SERVER CONFIGURATION .................................................... 69
Copyright © 2014. All Rights Reserved. Document Version: 1.0 All trademarks and trade names are the properties of their respective owners.
ii
Chapter 1
Quick Start Guide
Package Contents
Linksys Wireless Access Point
Quick Start Guide
Ethernet Cable
AC Power Adapter
CD with Documentation
Mounting Bracket
Mounting Kit
Ceiling Mount Back Plate
Drilling Layout Template
Physical Details
There is one LED for the device.
1
LED
LED Color Activity Status
Green
Blue
Red
Port and Button
Power Port - Connect the AC power adapter to this port. NOTE: Use only the adapter that came with your access point. Ethernet Port - Connect a wired network device to this port. This port supports PoE (Power
over Ethernet) with a PoE switch or PoE injector. LAPAC1750 is powered on from an 802.3at compliance source.
NOTE: When both PoE and AC power adapter are connected to access point, device will get power from PoE as higher precedence.
Blinking System is booting. Solid System is normal; no wireless device connected. Blinking Software upgrade in process. Solid System is normal; at least one wireless device connected.
Solid
Booting process or update failed; hard reset or service re­quired.
1
Using Cat5e or better cable is highly recommended. Reset Button - Press and hold this button for less than 15 seconds to power cycle device. Press
and hold for longer than 15 seconds to reset the device to factory default settings.
2
Mounting Guide
To avoid overheating, do not install your access point if ambient temperatures exceed 104°F (40°C). Install on a flat, stable surface, near the center of your wireless coverage area making sure not to block vents on the sides of the device enclosure.
Wall Installation
1. Position drilling layout template at the desired location.
2. Drill four screw holes on the mounting surface. If your Ethernet cable is routed be-
hind the wall, mark Ethernet cable hole as well.
3. Secure the mounting bracket on the wall with anchors and screws.
4. If your Ethernet cable is routed behind the wall, cut or drill the Ethern et cable hole
you marked in Step 2. Feed the Ethernet cable through the hole.
5. Connect the Ethernet cable and/or AC power adapter to your device.
6. Slide the device into the bracket. Turn clockwise until it locks into place.
Ceiling Installation
1. Select ceiling tile for mounting and remove tile.
2. Position drilling layout template at the desired location.
3. Drill four screw holes and Ethernet cable hole on the surface of ceiling tile..
4. Place back plate on the opposite side of ceiling tile. Secure mounting bracket to the
ceiling tile with flathead screw and nut. Route the Ethernet cable through the Ethernet cable hole.
5. Connect the Ethernet cable and/or AC power adapter to your device
6. Slide the device into the bracket. Turn access point clockwise until it locks.
7. Replace tile in ceiling.
IMPORTANT Improper or insecure mounting could result in damage to the device or personal injury.
Linksys is not responsible for damages caused by improper mounting.
3
Chapter 2
Access Point Setup
2
Overview
This chapter describes the setup procedure to connect the wireless access point to your LAN, and configure it as an access point for your wireless stations.
Wireless stations may also require configuration. For details, see Appendix C - Wireless Station Configuration.
The wireless access point can be configured using a Web browser.
Setup using a Web Browser
Your browser must support JavaScript. The configuration program has been tested on the following browsers:
Firefox 3.5 or later, Chrome 8 or later, Safari 5 or later
Internet Explorer 7 or later
Setup Procedure
Before starting setup, install the wireless access point on your LAN, as described earlier.
1. Locate the wireless access point’s default name on a label on the base or rear. The default
name will be lapxxxxx, where xxxxx is a set of the last 5 characters of your access point MAC address. MAC address is available on the brown box label or product label.
2. Use a PC connected to your LAN, either by a wired connection or another access point.
Until the wireless access point is configured, establishing a wireless connection to it may be not possible. If your LAN contains a router or routers, ensure the PC used for configuration is on the same LAN segment as the wireless access point.
3. Start your Web browser.
4. Enter the IP address of the wireless access point, as in this example, which uses the
wireless access point's default IP address:
http://192.168.1.252
At the login prompt, enter admin for the User name, and admin for the Password. These are the default values. You should change the password.
4
Figure 1: Password Dialog
5. From the status screen menu configure for your environment. Details of these screens and
settings are described in the following sections of this chapter.
6. You may also wish to change the admin password on the User Accounts screen, accessed
from the Configuration menu.
7. Wireless stations must now be set to match the wireless access point. See Chapter 4 for
details.
If you can't connect:
It is likely that your PC’s IP address is incompatible with the wireless access point’s IP address. This can happen if your LAN does not have a DHCP Server. The default IP address of the wireless access point is 192.168.1.252, with a network mask of 255.255.255.0.
If your PC’s IP address is not compatible with this, you must change your PC’s IP address to an unused value in the range 192.168.1.1 ~ 192.168.1.254, with a network mask of 255.255.255.0. See Appendix A - Troubleshooting for details for this procedure.
5
Setup Wizard
The first time you connect to the wireless access point, run the Setup Wizard to configure the device.
1. Click the Quick Start link on the main menu
Figure 2: Setup Wizard
2. On the first screen, click Launch.
3. Set the password on the Device Password screen, if desired.
4. Configure the time zone, date and time for the device on System Settings screen.
Figure 3: Setup Wizard - System Settings
5. On the IPv4 Address screen (Figure 6) configure the IP address of the device then click
Next. If you want to configure more than 4 SSIDs, please go to Configuration->Wireless
->Basic Settings. The access point supports up to 8 SSIDs per radio.
6
Figure 4: Setup Wizard - IPv4
6. Set the SSID information on the Wireless Network screen. Click Next.
Figure 5: Setup Wizard - Wireless Network
7. On the Wireless Security Screen (Figure 8) configure the wireless security settings for the
device. Click Next. If you are looking for security options that are not available in the wi­zard, go to Configuration Æ WirelessÆ Security page. The access point supports more sophisticated security options there.
Figure 6: Setup Wizard - Wireless Security
7
8. On the Summary screen, check the data to make sure they are correct and then click
Submit to save the changes.
Figure 7: Setup Wizard - Summary
9. Click Finish to leave the wizard.
Figure 8: Setup Wizard - Finish
8
User Accounts
Click User Accounts on the Administration menu to manage user accounts. The access point supports up to 5 users: one administrator and four normal users.
Figure 9: User Accounts
Data - User Accounts Screen
User Account Table
User Name
User Level
New Password
Confirm New Password
Enter the User Name to connect to the access point’s admin interface. User Name is effective once you save settings.
User Name can include up to 63 characters. Special characters are allowed.
Only administrator account has Read/Write permission to the access point’s admin interface. All other accounts have Read Only permis­sion.
Enter the Password to connect to the access point’s admin interface. Password must be between 4 and 63 characters. Special characters are
allowed. Re-enter password.
9
Time Screen
Click Time on the Administration menu to configure system time of the device.
Data - Time Screen
Time
Current Time Manually Automatically
Time Zone
Start Time End Time Offset
NTP
NTP Server 1
Display current date and time of the system. Set date and time manually. When enabled (default setting) the access point will get the current
time from a public time server. Choose the time zone for your location from the drop-down list. If
your location observes daylight saving time, enable “Automatically adjust clock for daylight saving changes.”
Specify the start time of daylight saving. Specify the end time of daylight saving. Select the adjusted time of daylight saving.
Enter the primary NTP server. It can be an IPv4 address or a domain name.
Figure 10: Time Screen
NTP Server 2
Valid characters include alphanumeric characters, "_", "-" and ".". Maximum length is 64 characters.
Enter the secondary NTP server. It can be an IPv4 address or a domain name.
Valid characters include alphanumeric characters, "_", "-" and ".". Maximum length is 64 characters.
10
Log Settings Screen
The logs record various types of activity on the access point. This data is useful for trouble­shooting, but enabling all logs will generate a large amount of data and adversely affect performance.
Data - Logs Screen
Log Types Log Types
Email Alert Email Alert SMTP Server
Data Encryption Port
Username
Figure 11: Log Settings Screen
Select events to log. Checking all options increase the size of the log, so enable only events you believe are required.
Enable email alert function. Enter the e-mail server that is used to send logs. It can be an IPv4
address or a domain name. Valid characters include alphanumeric characters, "_", "-" and ".".
Maximum length is 64 characters. Enable if you want to use data encryption. Enter the port for the SMTP server. The port is a value from 1 to
65535 and default is 25. Enter the Username to login to your SMTP server. The Username can include up to 32 characters. Special characters
are allowed.
Password
Enter the Password to login to your SMTP server. The Password can include up to 32 characters. Special characters
are allowed.
11
Email Address for Logs
Log Queue Length
Log Time Threshold
Syslog Syslog Notification IP Type Server IP Address
Enter the email address the log messages are to be sent to. Valid characters include alphanumeric characters, "_", "-", "." and
"@". Maximum length is 64 characters. Enter the length of the queue: up to 500 log messages. The
default is 20 messages. When messages reach the set length the queue will be sent to the specified email address.
Enter the time threshold (in seconds) used to check if the queue is full. It’s a value from 1 to 600 and default is 600 seconds.
Enable Syslog notification. Select the IP type of the syslog server: IPv4 or IPv60029. Enter the IPv4 or IPv6 address of syslog server here.
12
Management Access Screen
You can use the Management page to configure the management methods of the access point.
Figure 12: Management Access Screen
Data - Management Access Screen
Web Access HTTP
HTTP Port
HTTP to HTTPS Redirect
HTTPS
HTTPS Port
HTTP (Hyper Text Transfer Protocol) is the standard for transferring files (text, graphic images and other multimedia files) on the World Wide Web.
Enable to allow Web access by HTTP protocol. Specify the port for HTTP. It can be 80 (default) or from 1024 to
65535. Enable to redirect Web access of HTTP to HTTPS automatically. This field is available only when HTTP access is disabled. HTTPS (Hypertext Transfer Protocol Secure) can provide more
secure communication with the SSL/TLS protocol, which support data encryption to HTTP clients and servers.
Enable to allow Web access by HTTPS protocol. Specify the port for HTTPS. It can be 443 (default) or from 1024
to 65535.
From Wireless
Access Control
Enable wireless devices to connect to access point’s admin page. Disabled by default.
By default, no IP addresses are prohibited from accessing the device’s admin page. You can enable access control and enter specified IP addresses for access. Four IPv4 and four IPv6 ad­dresses can be specified.
13
SNMP Settings SNMP
Contact
Location
SNMP v1/v2 Settings Get Community
Set Community
Simple Network Management Protocol (SNMP) is a network monitoring and management protocol.
Enable or disable SNMP function here. Disabled by default. Enter contact information for the access point. The contact includes 1 to 32 characters. Special characters are
allowed. Enter the area or location where the access point resides. The location includes 1 to 32 characters. Special characters are
allowed.
Enter the name of Get Community. Get Community is used to read data from the access point and not for writing data into the access point.
Get Community includes 1 to 32 characters. Special characters are allowed.
Enter the name of Set Community. Set Community is used to write data into the access point.
The Set Community includes 1 to 32 characters. Special charac­ters are allowed.
SNMP v3 Settings SNMP v3 Settings
Access Control Access Control
SNMP Trap Trap Community
Trap Destination
Configure the SNMPv3 settings if you want to use SNMPv3.
Username: Enter the username. It includes 0 to 32 charac-
ters. Special characters are allowed.
Authentication Protocol: None or HMAC-MD5.
Authentication Key: 8 to 32 characters. Special characters
are allowed.
Privacy Protocol: None or CBC-DES.
Privacy Key: 8 to 32 characters. Special characters are
allowed.
When SNMP is enabled, any IP address can connect to the access point’s admin page through SNMP. You can enable access control to allow specified IP addresses. Two IPv4 and two IPv6 addresses can be specified.
Enter the Trap Community server. It includes 1 to 32 characters. Special characters are allowed.
Two Trap Community servers are supported: can be IPv4 or IPv6.
14
SSL Certificate Screen
This screen can be used to manage SSL certificate used by HTTPS.
Figure 13: SSL Certificate Screen
Data - SSL Certificate Screen
Export/Restore to/from Local PC Export SSL
Certificate Install Certificate
Export to TFTP Server Destination File TFTP Server
Export Restore from TFTP Server Source File TFTP Server
Install
Click to export the SSL certificate.
Browse to choose the certificate file. Click Install Certificate button.
Enter the name of the destination file. Enter the IP address for the TFTP server. Only support IPv4
address here. Click to export the SSL certificate to the TFTP server.
Enter the name of the source file. Enter the IP address for the TFTP server. Only support IPv4
address here. Click to install the file to the device.
15
Network Setup Screen
Use this screen to configure basic device settings, VLAN settings and settings for the LAN interface, including static or dynamic IPv4/IPv6 address assignment.
Figure 14: Network Setup Screen
Data - Network Setup Screen
TCP/IP
Host Name
VLAN
Untagged VLAN
Assign a host name to this access point. Host name consists of 1 to 15 characters. Valid characters include A-Z, a-z, 0-9 and -. Character cannot be first and last character of hostname and hostname cannot be composed of all digits.
Enables or disables VLAN function. Workgroup Bridge can only be enabled when VLAN function is
disabled. Enables or disables VLAN tagging. If enabled (default), traffic from
the LAN port is untagged when the following conditions are met: 1) VLAN ID is equal to Untagged VLAN ID and 2) untagged traffic can be accepted by LAN port. If disabled, traffic from the LAN port is always tagged and only tagged traffic can be accepted from LAN port.
By default all traffic on the access point uses VLAN 1, the default untagged VLAN. All traffic will be untagged until you disable the untagged VLAN, change the untagged traffic VLAN ID, or change the VLAN ID for a SSID.
16
Untagged VLAN ID
Management VLAN
IPv4/v6
IP Settings IP Address Subnet Mask Default Gateway Primary DNS Secondary DNS
Specifies a number between 1 and 4094 for the untagged VLAN ID. The default is 1. Traffic on the VLAN that you specify in this field is not be tagged with a VLAN ID when forwarded to the network.
Untagged VLAN ID field is active only when untagged VLAN is enabled.
VLAN 1 is the default for both untagged VLAN and management VLAN.
The VLAN associated with the IP address you use to connect to the access point. Provide a number between 1 and 4094 for the Manage­ment VLAN ID. The default is 1.
Select Automatic Configuration or Static IP Address. Enter an unused IP address from the address range used on your LAN. Enter the subnet mask for the IP address above. Enter the gateway for the IP address above. Enter the DNS address. Optional. If entered, this DNS will be used if the Primary DNS does
not respond.
17
Advanced Screen
Use this screen to configure advanced network settings of the access point.
Data - Advanced Screen
Port Settings
Auto Negotiation
Operational Auto Negotiation
Port Speed
Operational Port Speed
Duplex Mode
Operational Duplex Mode
Flow Control
If enabled, Port Speed and Duplex Mode will become grey and cannot be configured. If disabled, Port Speed and Duplex Mode can be configured.
Current Auto Negotiation mode of the Ethernet port.
Select the speed of the Ethernet port. Available only when Auto Negotiation is disabled. The option can be 10M, 100M or 1000M (default).
Displays the current port speed of the Ethernet port.
Select the duplex mode of the Ethernet port. Available only when Auto Negotiation is disabled. The option can be Half or Full (default).
Displays the current duplex mode of the Ethernet port.
Enable or disable flow control of the Ethernet port.
Figure 15: Advanced Screen
802.1x Supplicant
802.1x Supplicant
Enable if your network requires this access point to use 802.1X authentication in order to operate.
18
Authentication
Discovery Settings
Bonjour
LLDP
This feature supports following two kinds of authentication:
Authentication via MAC Address
Select this if you want to use MAC Address for
authentication.
The access point uses lowercase MAC address for Name and
Password, like xxxxxxxxxxxx.
Authentication via Name and Password
Select this if you want to use name and password for
authentication.
Name - Enter the login name. The name includes 1 to 63
characters. Special characters are allowed.
Password - Enter the desired login password. The password
includes 4 to 63 characters. Special characters are allowed.
Enable if administrator wants the access point to be discovered by Bonjour enabled devices automatically. If VLAN is enabled, the discovery packets will be sent out via management VLAN only. The access point supports http and https services.
Enable if administrator wants the access point to be discovered by switch by LLDP protocol. Information such as product name, device name, firmware version, IP address, MAC address and so on will be advertised.
LLDP-MED
Enable if administrator wants the access point to be discovered by switch by LLDP-MED protocol. Information such as product name, device name, firmware version, IP address, MAC address and so on will be advertised.
19
Wireless Screens
There are ten configuration screens:
Basic Settings
Security
Rogue AP Detection
Scheduler
Scheduler Association
Connection Control
Rate Limit
QoS
Workgroup Bridge
Advanced Settings
Basic Settings
Basic Settings provides the essential configuration for your wireless radio and SSIDs. You should able to set up your wireless network with these essential parameters configured. For advanced wireless settings such as Band Steering, Channel Bandwidth etc., they will be on Configuration ÆWirelessÆ Advanced Settings screen.
Click Basic Settings on the Wireless menu.
Figure 16: Basic Settings Screen
Data - Wireless Basic Settings Screen
Basic Wireless Settings
Wireless Radio
Select the wireless radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz.
20
Enable Radio Wireless Mode
Wireless Channel
Enable or disable the wireless radio. Select the desired option for radio 1:
G only - allow connection by 802.11G wireless stations only.
N only - allow connection by 802.11N wireless stations only.
B/G-Mixed - allow connection by 802.11B and G wireless
stations only.
B/G/N-Mixed (Default) - allow connections by 802.11N,
802.11B and 802.11G wireless stations.
Select the desired option for radio 2:
A only - allow connection by 802.11A wireless stations only.
N only - allow connection by 802.11N wireless stations only.
A/N/A-Mixed - allow connection by 802.11A and N wireless
stations only.
AC only - allow connection by 802.11AC wireless stations only.
A/N/AC-Mixed - allow connection by 802.11A, 802.11N and
802.11AC wireless stations.
Select wireless channel of the radio. If Auto is selected, the access point will select the best available
channel when device boots up. If you experience lost connections and/or slow data transfers,
experiment with manually setting different channels to see which is the best.
SSID Settings
SSID Name
Broadcast
Isolation
VLAN ID
Max Clients
Enter the desired SSID Name. Each SSID must have a unique name. The name includes 1 to 32 characters
Enable or disable the broadcast of the SSID. When the access point does not broadcast its SSID, the network name
is not shown in the list of available networks on a client station. In­stead, you must enter the exact network name manually into the wireless connection utility on the client so that it can connect.
Enable or disable isolation among clients of the SSID. If enabled, wireless clients cannot communicate with others in the same SSID.
It’s disabled by default. Enter the VLAN ID of the SSID. Used to tag packets which are received from the wireless clients of the
SSID and sent from Ethernet interface. Applicable only when VLAN function is enabled. VLAN function can
be configured in Configuration -> LAN -> Network Setup screen. Enter the number of clients that can connect to the SSID. The range is
from 0 to 32, and 0 means no limit.
21
Security Settings
Use this screen to configure security settings of SSIDs to provide data protection over the wireless network
Figure 17: Security Settings
Data - SSID Settings Screen
Security
Select SSID Security Mode
Select the desired SSID from the drop-down list. Select the desired security method from the list.
Security Settings
Disabled - No security. Anyone using the correct SSID can connect to your network.
WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption
system is not very strong.
WPA2-Personal - This is a further development of WPA-PSK, and offers even greater
security, using the AES (Advanced Encryption Standard) method. This method, some­times called "Mixed Mode", allows clients to use either WPA-Personal (with TKIP) or WPA2-Personal (with AES).
WPA2-Enterprise - Requires a RADIUS Server on your LAN to provide the client
authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA2 standard.
If this option is selected:
This access point must have a client login on the RADIUS Server.
Each user must authenticate on the RADIUS Server. This is usually done using digital
certificates.
22
Each user's wireless client must support 802.1x and provide the RADIUS authentica-
tion data when required.
All data transmission is encrypted using the WPA2 standard. Keys are automatically
generated, so no key input is required.
RADIUS - RADIUS mode utilizes RADIUS server for authentication and dynamic WEP
key generation for data encryption.
23
Security Settings - WEP
This is the 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.
Data - WEP Screen
WEP
Authentication
Default Transmit Key
WEP Encryption
Passphrase
Key Value
Figure 18: WEP Wireless Security Screen
Select Open System or Shared Key. All wireless stations must use the same method.
Select a transmit key.
Select an encryption option, and ensure your wireless stations have the same setting:
64-Bit Encryption - Keys are 10 Hex characters.
128-Bit Encryption - Keys are 26 Hex characters.
Generate a key or keys, instead of entering them directly. Enter a word or group of printable characters in the Passphrase box and click the Generate button to automatically configure the WEP key. It consists of 1 to 30 characters.
Enter a key in hexadecimal format.
24
Security Settings - WPA2-Personal
This is a further development of WPA-Personal, and offers even greater security.
Figure 19: WPA2-Personal Wireless Security Screen
Data - WPA2-Personal Screen
WPA2-Personal
WPA Algorithm
Pre-shared Key
Key Renewal
The encryption method is AES. Wireless stations must also use AES.
Enter the key value. It is 8 to 63 ASCII characters or 64 HEX characters. Other wireless stations must use the same key.
Specify the value of Group Key Renewal. It’s a value from 600 to 36000 and default is 3600.
WPA automatically changes secret keys after a certain period of time. The group key interval is the period of time in between automatic changes of the group key, which all devices on the network share.
Constantly keying the group key protects your network against intrusion, as the would-be intruder must cope with an ever­changing secret key.
25
Loading...
+ 65 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use