LINKSYS LAPAC1750PO User Manual

L APAC1750 PRO

User Guide

Linksys

Section 1: Getting Started. . . . . . . . . . . . . . . . . . . . . . 1

Administrator’s Computer Requirements . . . . . . . . . . . . . . .1

Wireless Client Requirements. . . . . . . . . . . . . . . . . . . . . . .2

Online Help, Supported Browsers, and Limitations . . . . . . . . .2

Dynamic and Static IP Addressing on the AP . . . . . . . . . . . . .3

Installing the Access Point. . . . . . . . . . . . . . . . . . . . . . . . .3

Conﬁguring the Ethernet Settings. . . . . . . . . . . . . . . . . . . .5

Conﬁguring IEEE 802.1X Authentication . . . . . . . . . . . . . . . .6

Conﬁguring Security on the Wireless Access Point . . . . . . . . .6

Section 2: Viewing Access Point System Status . . . . . . . . 7

System Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Radio Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Workgroup Bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Associated Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

TSPEC Client Associations . . . . . . . . . . . . . . . . . . . . . . . .15

TSPEC Status and Statistics . . . . . . . . . . . . . . . . . . . . . . . 16

TSPEC AP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Email Alert Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Section 3: Conﬁguring the Access Point . . . . . . . . . . . . .19

Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

QoS and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . 66

SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Section 4: Maintenance of the Access Point . . . . . . . . . 110

Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Table of Contents

Section 1: Getting Started

Linksys

Section 1: Getting Started

The LAPAC1750PRO® Access Point provides continuous, high-speed access

between wireless devices and Ethernet devices. It is an advanced, standards-

based solution for wireless networking in businesses of any size. The access point

(AP) enables wireless local area network (WLAN) deployment while providing

state-of-the-art wireless networking features.

The access point can operate in one modes: Standalone Mode. In Standalone

Mode, the access point acts as an individual access point in the network, and you

manage it by using the Administrator Web User Interface (UI) or SNMP.

This document describes how to perform the setup, management, and

maintenance of the access point in Standalone Mode.

Before you power on a new access point, review the following sections to

check required hardware and software components, client configurations, and

compatibility issues. Make sure you have everything you need for a successful

launch and test of your new or extended wireless network.

This section contains the following topics:

• Administrator’s Computer Requirements

• Wireless Client Requirements

• Online Help, Supported Browsers, and Limitations

• Dynamic and Static IP Addressing on the AP

• Installing the Access Point

• Configuring the Ethernet Settings

• Configuring IEEE 802.1X Authentication

• Configuring Security on the Wireless Access Point

To manage the access point by using the Web interface, the AP needs an IP

address. If you use VLANs or IEEE 802.1X Authentication (port security) on your

network, you might need to configure additional settings on the AP before it can

connect to the network.

NOTE:

The access point is not designed to function as a gateway to the Internet.

To connect your WLAN to other LANs or the Internet, you need a gateway

device.

Administrator’s Computer Requirements

The following table describes the minimum requirements for the administrator’s

computer for configuration and administration of the access point through a

Web-based user interface (UI).

Table 1: Requirements for the Administrator’s Computer

Required Software or

Component

Description

Ethernet Connection to

the Access Point

The computer used to configure the first access

point must be connected to the access point by

an Ethernet cable.

Wireless Connection to

the Network

After initial configuration and launch of the first

access point on your new wireless network, you

can make subsequent configuration changes

through the Administration Web pages using a

wireless connection to the internal network. For

wireless connection to the access point, your

administration device will need Wi-Fi capability

similar to that of any wireless client: Portable or

built-in Wi-Fi client adapter that supports one

or more of the IEEE 802.11 modes in which you

plan to run the access point.

Section 1: Getting Started

Linksys

Web Browser and

Operating System

Configuration and administration of the

access point is provided through a Web-based

user interface hosted on the access point.

We recommend using one of the following

supported Web browsers to access the access

point Administration Web pages:

• Microsoft® Internet Explorer® version 9.x or

11.x (with up-to-date patch level for either major

version)

• Mozilla Firefox version 26.x

• Google Chrome version 32.x

• Safari version 5.x

The administration Web browser must have

JavaScript™ enabled to support the interactive

features of the administration interface.

Security Settings Ensure that security is disabled on the wireless

client used to initially configure the access point.

Wireless Client Requirements

The access point provides wireless access to any client with a properly configured

Wi-Fi client adapter for the 802.11 mode in which the access point is running. The

access point supports multiple client operating systems. Clients can be laptop or

desktop computers, personal digital assistants (PDAs), or any other hand-held,

portable or stationary device equipped with a Wi-Fi adapter and supporting

drivers.

In order to connect to the access point, wireless clients need the software and

hardware described in the following table.

Table 2: Requirements for Wireless Clients

Required Component Description

Wi-Fi Client Adapter Portable or built-in Wi-Fi client adapter that

supports one or more of the IEEE 802.11 modes

in which you plan to run the access point. (IEEE

802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac

modes are supported.)

Wireless Client

Software

Client software, such as Microsoft Windows

Supplicant, configured to associate with the access

point.

Client Security

Settings

Security should be disabled on the client used to

do initial configuration of the access point.

If the Security mode on the access point is set to

anything other than plain text, wireless clients

will need to set a profile to the authentication

mode used by the access point and provide a valid

username and password, certificate, or similar user

identity proof. Security modes are Static WEP, IEEE

802.1X, WPA with RADIUS server, and WPA-PSK.

For information about configuring security on the

access point, see ”Virtual Access Point (VAP)”.

Online Help, Supported Browsers, and

Limitations

Online help for the access point Administration Web pages provides information

about all fields and features available from the user interface (UI). The information

in the online help is a subset of the information available in the LAPAC1750PRO

Access Point Administrator’s Guide.

Online help information corresponds to each page on the access point

Administration UI.

For information about the settings on the current page, click the link on the

right side of a page or the More... link at the bottom of the help panel on the UI.

The following figure shows an example of the online help available from the links

on the user interface.

Section 1: Getting Started

Linksys

Figure 1: Administrator UI Online Help

Dynamic and Static IP Addressing on the AP

When you power on the access point, the built-in DHCP client searches for a

DHCP server on the network in order to obtain an IP address and other network

information. If the AP does not find a DHCP server on the network, the AP

continues to use its default Static IP Address (192.168.1.252) until you re-assign it

a new static IP address (and specify a static IP addressing policy) or until the AP

successfully receives network information from a DHCP server.

To change the connection type and assign a static IP address by using the Web

UI, see “VLAN and IPv4 Address” on page 46.

NOTE:

If you do not have a DHCP server on your internal network, and do

not plan to use one, the first thing you must do after powering on the

access point is change the connection type from DHCP to static IP. You

can either assign a new static IP address to the AP or continue using the

default address. We recommend assigning a new static IP address so that

if you bring up another WLAN AP on the same network, the IP address for

each AP will be unique.

Recovering an IP Address

If you experience trouble communicating with the access point, you can recover

a static IP address by resetting the AP configuration to the factory defaults (see

“Restoring Configuration” on page 164 and “To Restore the Factory Default

Configuration” on page 165), or you can get a dynamically assigned address by

connecting the AP to a network that has a DHCP server.

Discovering a Dynamically Assigned IP

Address

If you have access to the DHCP server on your network and know the MAC

address of your AP, you can view the new IP address associated with the MAC

address of the AP.

NOTE:

The MAC address of access point is shown on product label and brown

box label.

Installing the Access Point

To access the Administration Web UI, you enter the IP address of the AP into a

Web browser. You can use the default IP address of the AP (192.168.1.252) to log

on to the AP and assign a static IP address, or you can use a DHCP server on you

network to assign network information to the AP. The DHCP client on the AP is

enabled by default.

To install the access point, use the following steps:

1. Connect the AP to an administrative PC by using a LAN connection or a

direct-cable connection.

Section 1: Getting Started

Linksys

• To use a LAN connection, connect one end of an Ethernet cable to the

network port on the access point and the other end to the same hub where

your PC is connected, as shown in the following figure.

The hub or switch you use must permit broadcast signals from the access point

to reach all other devices on the network.

• To use a direct-cable connection, connect one end of an Ethernet straight-

through or crossover cable to the network port on the access point and

the other end of the cable to the Ethernet port on the PC, as shown in the

following figure. You can also use a serial cable to connect the serial port

on the AP to a serial port on the administrative computer.

For initial configuration with a direct Ethernet connection and no DHCP server,

be sure to set your PC to a static IP address in the same subnet as the default

IP address on the access point. (The default IP address for the access point is

192.168.1. 252.)

If you use this method, you will need to reconfigure the cabling for subsequent

startup and deployment of the access point so that the access point is no longer

connected directly to the PC but instead is connected to the LAN (either by

using a hub or directly).

NOTE:

It is possible to detect access points on the network with a wireless

connection. However, we strongly advise against using this method.

In most environments you may have no way of knowing whether you

are actually connecting to the intended AP. Also, many of the initial

configuration changes required will cause you to lose connectivity with

the AP over a wireless connection.

NOTE:

Ethernet Port 1 and Port 2 can be used together in Link Aggregation

mode when supported by the connected devices.

2. Connect the power adapter to the power port on the back of the access

point, and then plug the other end of the power cord into a power outlet.

3. Use your Web browser to log on to the access point Administration Web

pages.

• If the AP did not acquire an IP address from a DHCP server on your network,

enter 192.168.1.252 in the address field of your browser, which is the default

IP address of the AP.

• If you used a DHCP server on your network to automatically configure

network information for the AP, enter the new IP address of the AP into the

Web browser.

4. When prompted, enter admin for the user name and admin for the

password, then click Log In.

• When you first log in, the System Summary page for access point

administration is displayed, as the following figure shows.

Section 1: Getting Started

Linksys

Figure 2: System Summary Page

5. Verify the settings on the System Summary page.

• Review access point description.

For information about the fields on the System Summary page, see “System

Summary” on page 11.

6. If you do not have a DHCP server on the management network and do

not plan to use one, you must change the Connection Type from DHCP to

Static IP.

You can either assign a new Static IP address to the AP or continue using

the default address. We recommend assigning a new Static IP address

so that if you bring up another Access Point on the same network, the IP

address for each AP will be unique. To change the connection type and

assign a static IP address, see “VLAN and IPv4 Address” on page 46.

7. If your network uses VLANs, you might need to configure the

management VLAN ID or untagged VLAN ID on the access point in order

for it to work with your network.

For information about how to configure VLAN information, see “VLAN

and IPv4 Address” on page 46.

8. If your network uses IEEE 802.1X port security for network access control,

you must configure the 802.1X supplicant information on the AP.

For information about how to configure the 802.1X user name and

password, see “802.1X Supplicant” on page 94.

Configuring the Ethernet Settings

The default Ethernet settings, which include DHCP and VLAN information,

might not work for all networks.

By default, the DHCP client on the access point automatically broadcasts

requests for network information. If you want to use a static IP address, you

must disable the DHCP client and manually configure the IP address and other

network information.

The management VLAN is VLAN 1 by default. This VLAN is also the default

untagged VLAN. If you already have a management VLAN configured on

your network with a different VLAN ID, you must change the VLAN ID of the

management VLAN on the access point.

For information about using the Web interface to configure the Ethernet

settings, see “VLAN and IPv4 Address” on page 46.

Section 1: Getting Started

Linksys

Configuring IEEE 802.1X Authentication

On networks that use IEEE 802.1X, port-based network access control,

a supplicant (client) cannot gain access to the network until the 802.1X

authenticator grants access. If your network uses 802.1X, you must configure

802.1X authentication information that the AP can supply to the authenticator.

If your network uses IEEE 802.1X see “802.1X Supplicant” on page 94 for

information about how to configure 802.1X by using the Web interface.

Verifying the Installation

Make sure the access point is connected to the LAN and associate some wireless

clients with the network. Once you have tested the basics of your wireless

network, you can enable more security and fine-tune the AP by modifying

advanced configuration features.

1. Connect the access point to the LAN.

• If you configured the access point and administrator PC by connecting

both into a network hub, then your access point is already connected to

the LAN. The next step is to test some wireless clients.

• If you configured the access point by using a direct cable connection

from your computer to the access point, do the following procedures:

a. Disconnect the cable from the computer and the access point.

b. Connect an Ethernet cable from the access point to the LAN.

c. Connect your computer to the LAN by using an Ethernet cable or a

wireless card.

2. Test LAN connectivity with wireless clients.

Test the access point by trying to detect it and associate with it from

some wireless client devices. For information about requirements for

these clients, see “Wireless Client Requirements” on page 2.

3. Secure and configure the access point by using advanced features.

Once the wireless network is up and you can connect to the AP with some

wireless clients, you can add in layers of security, create multiple virtual

access points (VAPs), and configure performance settings.

NOTE:

The WLAN AP is not designed for multiple, simultaneous configuration

changes. If more than one administrator is logged onto the

Administration Web pages and making changes to the configuration,

there is no guarantee that all configuration changes specified by multiple

users will be applied.

By default, no security is in place on the access point, so any wireless client

can associate with it and access your LAN. An important next step is to

configure security, as described in “Virtual Access Point (VAP)” on page 64.

Configuring Security on the Wireless

Access Point

You configure secure wireless client access by configuring security for each

virtual access point (VAP) that you enable. You can configure up to 8 VAPs per

radio that simulate multiple APs in one physical access point. By default, only

one VAP is enabled. For each VAP, you can configure a unique security mode to

control wireless client access.

Each radio has 8 VAPs, with VAP IDs from 0-7. By default, only VAP 0 on each

radio is enabled. VAP0 has the following default settings:

• VLAN ID: 1

• Broadcast SSID: Enabled

• SSID: LinksysSMB24G for Radio 1 (2.4GHz), and LinksysSMB5G for Radio 2

(5GHz)

• Security: None

• MAC Authentication Type: None

• Redirect Mode: None

All other VAPs are disabled by default. The default SSID for VAPs 1–7 is “Virtual

Access Point x” where x is the VAP ID.

To prevent unauthorized access to the access point, we recommend that you

select and configure a security option other than None for the default VAP and

for each VAP that you enable.

For information about how to configure the security settings on each VAP, see

“Virtual Access Point (VAP)” on page 64.

Section 2: Viewing Access Point System Status

Linksys

Section 2: Viewing Access Point

System Status

This section describes the information you can view from the tabs under the

Status and Statistics heading on the Administration Web UI.

Status and Statistics

This topic contains the following subsections:

• System Summary

• Network Interfaces

• Radio Statistics

• Workgroup Bridge

• Associated Client

• TSPEC Client Associations

• TSPEC Status and Statistics

• TSPEC AP Statistics

• Email Alert Status

• System Log

System Summary

From the System Summary page, you can view various information about the

access point (AP), including IP and MAC address information. Table 3 describes

the fields and configuration options on the System Summary page.

Table 3: System Summary Page

Field Description

IPv4 Address Shows the IP address assigned to the AP. This field

is not editable on this page because the IP address

is already assigned (either by DHCP, or statically

through the Ethernet Settings page).

IPv6 Address Shows the IPv6 address assigned to the AP. This field

is not editable on this page because the IP address

is already assigned (either by DHCPv6, or statically

through the Management IPv6 page).

IPv6 Address

Status

Shows the operational status of the static IPv6

address assigned to the management interface

of the AP. The possible values are Operational and

Tentative.

Note: If an IPv6 address has not been manually

configured or leased from a DHCPv6 server, the field

is blank.

IPv6

Autoconfigured

Global Addresses

Shows each automatically configured global IPv6

address for the management interface of the AP.

IPv6 Link Local

Address

Shows the IPv6 Link Local address, which is the IPv6

address used by the local physical link. The Link Local

address is not configurable and is assigned by using

the IPv6 Neighbor Discovery process.

Device Name Generic name to identify the type of hardware.

Model Number Identifies the AP hardware model.

Serial Number Shows the AP serial number.

Section 2: Viewing Access Point System Status

Linksys

MAC Address Shows the MAC address of the AP. The address

shown here is the MAC address associated with the

management interface. This is the address by which

the AP is known externally to other networks.

Firmware Version Shows version information about the firmware

currently installed on the AP. As new versions of

the WLAN AP firmware become available, you can

upgrade the firmware on your AP.

Hardware Version Identifies the AP hardware version.

System Uptime Provides information about the system start up time.

Power Source The power source of monitor system is the power

adapter or PoE.

Connecting to the AP Web Interface

Using the IPv6 Address

To connect to the AP by using the IPv6 global address or IPv6 Link Local address,

you must enter the AP address into your browser in a special format.

NOTE:

The following instructions and examples work with Microsoft Internet

Explorer 7 (IE7) and might not work with other browsers.

To connect to an IPv6 global address, add square brackets around the IPv6 address.

For example, if the AP global IPv6 address is 2520::230:abff:fe00:2420, type the

following address into the IE7 address field: http://[2520::230:abff:fe00:2420].

To connect to the iPv6 Link Local address, replace the colons (:) with hyphens

(-), add the interface number, preceded by an “s,” then add “.ipv6-literal.net.”

For example, if the AP Link Local address is fe80::230:abff:fe00:2420, and the

Windows interface is defined as “%6,” type the following address into the IE7

address field: http://fe80--230-abff-fe00-2420s6.ipv6-literal.net.

Network Interfaces

This page displays the current settings for the wired Ethernet interface and the

wireless radio interfaces on the AP.

To monitor Ethernet LAN (wired) and wireless LAN (WLAN) settings, click the

System Status > Status and Statistics > Network Interfaces tab.

Figure 3: Viewing Network Interfaces

NOTE:

The information on this page is read-only. To change the wired or wireless

interface settings, click the Edit link associated with the appropriate

section.

Section 2: Viewing Access Point System Status

Linksys

LAN Status (Management Interface)

LAN Status shows information about the internal Ethernet interface, which is the

primary interface used to manage the AP.

Table 4: LAN Interface Settings

Field Description

MAC Address The MAC address for the LAN interface for the Ethernet

port on this AP. This is a read-only field that you cannot

change.

VLAN ID The management VLAN ID. This is the VLAN

associated with the IP address you use to access the

AP management interface. The default management

VLAN ID is 1.

IPv4 Address The IP address of the management interface.

Subnet Mask The subnet mask associated with the management IP

address.

DNS -1

DNS-2

The primary and secondary DNS servers to use for

name-to-IP address resolution.

Default Gateway The default gateway for the IPv4 network interface.

IPv6 Address The IPv6 address of the management interface.

IPv6

Autoconfigured

Global Addresses

If the AP has been assigned one or more IPv6 addresses

automatically, the addresses are listed.

IPv6 Link Local

Address

The IPv6 Link Local address, which is the IPv6 address

used by the local physical link. The Link Local address

is not configurable and is assigned by using the IPv6

Neighbor Discovery process.

IPv6-DNS-1

IPv6-DNS-2

The primary and secondary DNS servers to use for

name-to-IPv6 address resolution.

Default IPv6

Gateway

The default gateway for the IPv6 network interface.

To change the wired settings, click the Edit link. After you click Edit, you are

redirected to the VLAN and IPv4 Address page.

For information about configuring these settings, see “VLAN and IPv4 Address

Wireless Status

The wireless settings show summary information about the radio interface

configuration.

Table 5 describes the fields and configuration options available on the Wireless

Status page.

Table 5: Wireless Status

Field Description

AeroScout™

Engine

Communications

Status

The status of the AeroScout protocol on the AP. When

enabled, AeroScout devices are recognized and data

is sent to an AeroScout Engine (AE) for analysis. The AE

determines the geographical location of 802.11-capable

devices, such as STAs, APs, and AeroScout’s line

of 802.11-enabled RFID devices, or tags. The AE

communicates with APs that support the AE protocol

in order to collect information about the RF devices

detected by the APs.

Radio One and Radio Two

MAC Address The MAC addresses for the interface.

This page shows the MAC addresses for Radio Interface

One and Radio Interface Two.

A MAC address is a permanent, unique hardware address

for any device that represents an interface to the network.

The MAC address is assigned by the manufacturer. You

cannot change the MAC address. It is provided here

for informational purposes as a unique identifier for an

interface.

Section 2: Viewing Access Point System Status

Linksys

Mode The Physical Layer (PHY) standard the radio uses:

• IEEE 802.11b/g — 802.11b and 802.11g clients can

connect to the AP.

• IEEE 802.11b/g/n — 802.11b, 802.11g, and 802.11n

clients operating in the 2.4-GHz frequency can

connect to the AP.

• IEEE 802.11n — Only 802.11n clients operating in the

2.4-GHz frequency can connect to the AP.

• IEEE 802.11a — Only 802.11a clients can connect to

the AP. This mode is available only on Radio 2.

• IEEE 802.11a/n/ac — 802.11a, 802.11n, and 802.11ac

clients operating in the 5-GHz frequency can

connect to the AP. This mode is available only on

Radio 2.

• IEEE 802.11n/ac — 802.11n clients and 802.11ac clients

operating in the 5-GHz frequency can connect to

the AP. This mode is available only on Radio 2.

Channel The current operating channel. The channel defines

the portion of the radio spectrum the radio uses for

transmitting and receiving. Each mode offers a number

of channels, depending on how the spectrum is licensed

by national and transnational authorities such as the

Federal Communications Commission (FCC) or the

International Telecommunication Union (ITU-R).

Operational

Bandwidth

The size of the bandwidth, in MHz, the current channel

is using.

To change the radio mode or channel settings, click the Edit link. After you click

Edit, you are redirected to the Radio page.

For information about configuring these settings, see “Radio”.

Radio Statistics

The Radio Statistics page provides detailed information about the packets and

bytes transmitted and received on the radio (wireless) interface of this access

point.

To view Radio Statistics, click the System Status > Radio Statistics tab.

Figure 4: Radio Statistics

The following table describes details about the Radio Statistics information.

Table 6: Radio Statistics Information

Field Description

Radio Choose either radio 1 or radio 2.

WLAN Packets

Received

Total packets received by the AP on this radio interface.

WLAN Bytes

Received

Total bytes received by the AP on this radio interface.

WLAN Packets

Transmitted

Total packets transmitted by the AP on this radio interface.

Section 2: Viewing Access Point System Status

Linksys

WLAN Bytes

Transmitted

Total bytes transmitted by the AP on this radio interface.

WLAN Packets

Received

Dropped

Number of packets received by the AP on this radio

interface that were dropped.

WLAN Bytes

Received

Dropped

Number of bytes received by the AP on this radio interface

that were dropped.

WLAN Packets

Transmit

Dropped

Number of packets transmitted by the AP on this radio

interface that were dropped.

WLAN Bytes

Transmit

Dropped

Number of bytes transmitted by the AP on this radio

interface that were dropped.

Fragments

Received

Count of successfully received MPDU frames of type data

or management.

Fragments

Transmitted

Number of transmitted MPDU with an individual address

or an MPDU with a multicast address of type data or

management.

Multicast

Frames

Received

Count of MSDU frames received with the multicast bit set

in the destination MAC address.

Multicast

Frames

Transmitted

Count of successfully transmitted MSDU frames where the

multicast bit is set in the destination MAC address.

Duplicate

Frame Count

Number of times a frame is received and the Sequence

Control field indicates it is a duplicate.

Failed Transmit

Count

Number of times an MSDU is not transmitted successfully

due to transmit attempts exceeding either the short retry

limit or the long retry limit.

Transmit Retry

Count

Number of times an MSDU is successfully transmitted after

one or more retries.

Multiple Retry

Count

Number of times an MSDU is successfully transmitted after

more than one retry.

RTS Success

Count

Count of CTS frames received in response to an RTS frame.

RTS Failure

Count

Count of CTS frames not received in response to an RTS

frame.

ACK Failure

Count

Count of ACK frames not received when expected.

FCS Error Count Count of FCS errors detected in a received MPDU frame.

Transmitted

Frame Count

Count of each successfully transmitted MSDU.

WEP

Undecryptable

Count

Count of encrypted frames received where:

1. The key configuration of the transmitter indicates that

the frame should not have been encrypted.

2. The frame was discarded due to the receiving station

not implementing the privacy option.

Section 2: Viewing Access Point System Status

Linksys

Interface Statistics

The Interface Statistics page provides some basic information about the AP and

a real-time display of transmit and receive statistics for the Ethernet interface

on the AP, and for the VAPs on both radio interfaces. All transmit and receive

statistics shown are totals since the AP was last started. If you reboot the AP,

these figures indicate transmit and receive totals since the reboot.

To view transmit and receive statistics, click the System Status > Interface

Statistics tab.

Figure 5: Interface Statistics

Table 7: Interface Statistics

Field Description

Interface Status Table

Interface The name of the Ethernet or VAP interface.

Name (SSID) Wireless network name. Also known as the SSID,

this alphanumeric key uniquely identifies a

wireless local area network.

The SSID is set on the VAP tab. (See “Virtual

Access Point (VAP)” on page 64)

Status Shows whether the interface is enabled (up) or

disabled (down).

MAC Address MAC address for the specified interface.

The AP has a unique MAC address for each

interface. Each radio has a different MAC address

for each interface on each of its two radios.

VLAN ID Virtual LAN (VLAN) ID.

You can use VLANs to establish multiple internal

and guest networks on the same AP.

The VLAN ID is set on the VAP tab. (See “Virtual

Access Point (VAP)” on page 64)

Interface Statistics Table

Total Packets Indicates total packets sent or received by this

A P.

Total Bytes Indicates total bytes sent or received by this AP.

Dropped Packets Indicates total number of packets sent or

received by this AP that were dropped.

Dropped Bytes Indicates total number of bytes sent or received

by this AP that were dropped.

Errors Indicates total errors related to sending and

receiving data on this AP.

Click Refresh to refresh the information on the page.

Section 2: Viewing Access Point System Status

Linksys

Workgroup Bridge

The Workgroup Bridge page displays packet and byte counts for traffic between

stations on a workgroup bridge.

The information in the following table is available for each network interface that

is configured as a workgroup bridge interface.

Figure 6: Workgroup Bridge

Table 8: Workgroup Bridge

Field Description

Status Table

Interface Name of the Ethernet or VAP interface.

Name (SSID) Wireless network name. Also known as the SSID, this

alphanumeric key uniquely identifies a wireless local area

network. The SSID is set on the VAP tab. See Configuring

VAPs.

Status Whether the interface is disconnected or is administratively

configured as enabled (up) or disabled (down).

VLAN ID Virtual LAN (VLAN) ID. You can use VLANs to establish

multiple internal and guest networks on the same AP. The

VLAN ID is set on the VAP tab. See Configuring VAPs.

Statistics Table

Total Packets The total number of Sent/Received packets bridged

between the wired clients in the workgroup bridge and

the wireless network.

Total Bytes The total number of Sent/Received bytes bridged between

the wired clients in the workgroup bridge and the wireless

network.

Associated Client

The associated clients are displayed along with information about packet traffic

transmitted and received for each station. Click the System Status > Associations

Client tab.

Figure 7: Association Client

Table 9: Associated Clients

Field Description

Network Shows which VAP the client is associated with. For

example, an entry of wlan0vap2 means the client is

associated with Radio 1, VAP 2.

An entry of wlan0 means the client is associated with

VAP 0 on Radio 1. An entry of wlan1 means the client is

associated with VAP 0 on Radio 2.

Station Shows the MAC address of the associated wireless client.

Section 2: Viewing Access Point System Status

Linksys

Status The Authenticated and Associated Status shows the

underlying IEEE 802.11 authentication and association

status, which is present no matter which type of security

the client uses to connect to the AP. This status does not

show other (IEEE 802.1X) authentication or association

status.

Some points to keep in mind with regard to this field are:

• If the AP security mode is None or Static WEP, the

authentication and association status of clients showing

on the Client Associations tab will be in line with what

is expected; that is, if a client shows as authenticated to

the AP, it will be able to transmit and receive data. (This is

because Static WEP uses only IEEE 802.11 authentication.)

• If the AP uses IEEE 802.1X or WPA security, however,

it is possible for a client association to show on this tab as

authenticated (via the IEEE 802.11 security) but actually

not be authenticated to the AP via the second layer of

security.

From Station

These fields report information about traffic sent from a wireless client to

the AP.

Packets The number of packets received from the wireless client.

Bytes The number of bytes received from the wireless client.

Drop Packets The number of packets that were dropped after being

received.

Drop Bytes The number of bytes that were dropped after being

received.

TS Violate

Packets

The number of packets sent from a wireless client to the

AP in excess of its active TS uplink bandwidth, or for an

access category requiring admission control to which

the wireless client has not been admitted.

To Station

These fields report information about traffic sent from the AP to a wireless

client.

Packets The number of packets sent from the AP to the wireless

client.

Bytes The number of bytes sent from the AP to the wireless

client.

Drop Packets The number of packets that the AP attempted to send to

the wireless client but were dropped.

Drop Bytes The number of bytes that the AP attempted to send to

the wireless client but were dropped.

TS Violate

Packets

The number of packets sent from the AP to a wireless

client in excess of its active TS downlink bandwidth, or

for an access category requiring admission control to

which the wireless client has not been admitted.

Link Integrity Monitoring

The access point provides link integrity monitoring to continually verify its

connection to each associated client. To do this, the AP sends data packets to

clients every few seconds when no other traffic is passing. This allows the AP to

detect when a client goes out of range, even during periods when no normal

traffic is exchanged. The client connection drops off the list within 300 seconds

if these data packets are not acknowledged, even if no disassociation message

is received.

Section 2: Viewing Access Point System Status

Linksys

TSPEC Client Associations

The TSPEC Client Association Status and Statistics page provides information

about the TSPEC client data transmitted and received by this access point. Table

10 shows voice and video packets transmitted and received by the association,

along with status information.

The page shows a real-time display of transmit and receive statistics for the

TSPEC clients. All transmit and receive statistics shown are totals since the client

association started.

A TSPEC is a traffic specification that is sent from a QoS-capable wireless client

to an AP requesting a certain amount of network access for the traffic stream

(TS) it represents. A traffic stream is a collection of data packets identified by

the wireless client as belonging to a particular user priority. An example of a

voice traffic stream is a Wi-Fi-certified™ telephone handset that marks its codec-

generated data packets as voice priority traffic. An example of a video traffic

stream is a video player application on a wireless laptop that prioritizes a video

conference feed from a corporate server.

To view TSPEC Client Association statistics, click the System Status > TSPEC Client

Associations tab.

Figure 8: TSPEC Client Associations

Table 10: TSPEC Client Associations

Field Description

Status

Network Radio interface used by the client.

SSID The service set identifier associated with this TS client.

Station Client station MAC address.

TS Identifier TSPEC Traffic Session Identifier (range 0-7).

Access Category TS Access Category (voice or video).

Direction The traffic direction for this TS.

• Uplink

• Downlink

• Bidirectional

User Priority The User Priority (UP) for this TS. The UP is sent with

each packet in the UP portion of the IP header. Typical

values are:

• 6 or 7 for voice

• 4 or 5 for video

The value may differ depending on other priority

traffic sessions.

Medium Time The time that the TS traffic occupies the transmission

medium.

Excess Usage

Events

The number of times the client has exceeded the

medium time established for its TSPEC. Minor,

infrequent violations are ignored.

VAP MAC Address The VAP MAC address.

Statistics

Network Radio interface used by the client.

Station Client station MAC address.

TS Identifier TSPEC Traffic Session Identifier (range 0-7).

Access Category TS Access Category (voice or video).

Direction The traffic direction for this TS. Direction can be:

• Uplink

• Downlink

• Bidirectional

Section 2: Viewing Access Point System Status

Linksys

From Station The number of packets and bytes received from the

wireless client, and the number of packets and bytes

that were dropped after being received. Also, the

number of packets:

• in excess of an admitted TSPEC.

• for which no TSPEC has been established when

admission is required by the AP.

To Station The number of packets and bytes transmitted from

the AP to the client, and the number of packets and

bytes that were dropped upon transmission. Also, the

number of packets:

• in excess of an admitted TSPEC.

• for which no TSPEC has been established when

admission is required by the AP.

TSPEC Status and Statistics

The TSPEC Status and Statistics page provides:

• Summary information about TSPEC sessions by radio

• Summary information about TSPEC sessions by VAP

• Real-time transmit and receive statistics for the TSPEC VAPs on all radio

interfaces.

All transmit and receive statistics shown are totals since the AP was last started.

If you reboot the AP, these figures indicate transmit and receive totals since the

reboot.

To view TSPEC status and statistics, click the System Status > TSPEC Status

and Statistics tab. The following image has been edited to show some of the

transmit and receive statistics.

Figure 9: TSPEC Status and Statistics

Section 2: Viewing Access Point System Status

Linksys

Table 11: TSPEC Status and Statistics

Field Description

Interface Indicates the name of the Radio or VAP interface.

Access

TSPEC AP Statistics

The TSPEC AP Statistics page provides information on the voice and video

Traffic Streams accepted and rejected by the AP.

To view TSPEC AP statistics, click the System Status > TSPEC AP Statistics tab.

Figure 10: TSPEC AP Statistics

Table 12: TSPEC AP Statistics

Field Description

TSPEC Statistics Summary

for Voice ACM

Indicates the total number of accepted and

the total number of rejected voice Traffic

Streams.

TSPEC Statistics Summary

for Video ACM

Indicates the total number of accepted and

the total number of rejected video Traffic

Streams.

Click Refresh to refresh the page.

Section 2: Viewing Access Point System Status

Linksys

Email Alert Status

The Email Alert Status page provides information about the email alerts sent

based on the syslog messages generated in the AP.

To view the Email Alert Operational Status, click the System Status > Email Alert

Status tab.

To configure the email alerts, see “Email Alert” on page 38.

Figure 11: Email Alert Status

Table 13: Email Alert Status

Field Description

Email Alert

Status

The Email Alert operational status The status is either Up

or Down. The default is Down.

Number of

Email Sent

The total number of emails sent so far. The range is an

unsigned integer of 32 bits. The default is 0.

Number of

Email Failed

The total number of email failures so far. The range is an

unsigned integer of 32 bits. The default is 0.

Time Since

Last Email Sent

The time and date when the last email alert was sent. The

AP uses the system time to report the information. If an

email has not been sent since the device was reset, the

status is not sent.

System Log

From the System Log page, you can view the most recent system log generated

by this AP.

To view the Email Alert Operational Status, click the System Status > System Log

tab.

To configure the Log settings, see “Log Settings”.

Figure 13: System Log

Table 14: System Log

Field Description

Time Settings The system time when the event occurred.

Type Specify the type of the log messages to write to non-

volatile memory.

• emerg — emergency

• alert — alert

• crit — critical

• err — error

• warn — warning

• notice — notice

• info — info

• debug — debug

Service The software component associated with the log.

Description Log content.

Section 3: Configuring the Access Point

Linksys

Section 3: Configuring the

Access Point

• Administration

• LAN

• Wireless

• Security

• QoS and Access Control

• SNMP

• Captive Portal

• Cluster

Administration

This section describes how to set up your access point and perform diagnostics.

Use the tabs under the Configuration heading on the Administration Web UI.

• System Settings

• Time Settings

• Log Settings

• Email Alert

• Management Access

• HTTP/HTTPS Service

• Discovery - LLDP

• Discovery - Bonjour

System Settings

From the System Settings page, you can change the administrator password and

system settings e.g. device name, system contact. We strongly recommended

you choose a new password based on the standard guidelines for strong

password security instead of using default password, which is ”admin”. Figure 12

shows the System Settings page.

Figure 12: System Settings

Table 15: System Settings page

Field Description

New Password Enter a new administrator password. The characters you

enter are displayed as bullets to prevent others from

seeing your password as you type.

The password can be up to 32 characters. Do not use

special characters or spaces.

Note: As an immediate first step in securing your

wireless network, we recommend that you change the

administrator password from the default.

Confirm New

Password

Re-enter the new administrator password to confirm that

you typed it as intended.

Section 3: Configuring the Access Point

Linksys

Device Name Name your AP. This name appears only on the Basic Settings

page and is used to identify the AP to the administrator.

A valid name is 1 to 64 alphanumeric characters, and can

include letters, digits, hyphens and spaces.

System

Contact

Enter the name, e-mail address, or phone number of the

person to contact regarding issues related to the AP.

System

Location

Enter the physical location of the AP, for example

Conference Room A.

Time Settings

The Network Time Protocol (NTP) is an Internet standard protocol that

synchronizes computer clock times on your network. NTP servers transmit

Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their

client systems. NTP sends periodic time requests to servers, using the returned

time stamp to adjust its clock. The timestamp is used to indicate the date and

time of each event in log messages.

See http://www.ntp.org for more information about NTP.

To configure the address of the NTP server that the AP uses or to set the system

time manually, click the Configuration > Administration > Time Settings tab and

update the fields as described in Table 16.

NOTE:

The fields available to configure depend on whether you choose to set

the system time manually or by using an NTP server.

Figure 13 shows the Time Settings page when the manual option is selected.

Figure 13: Setting the Time Manually

Figure 14 shows the Time Settings page when the Use Network Time Protocol

(NTP) option is selected.

Figure 14: Setting the Time Using an NTP Server

Section 3: Configuring the Access Point

Linksys

Table 16: Time Settings

Field Description

System Clock

Source

Set the system time.

• To permit the AP to poll an NTP server, select Network

Time Protocol (NTP).

• To manually configure the time and date, select

Manually. When this option is selected, the AP does

not attempt to poll an NTP server.

NTP Server IPv4/

IPv6 Addr/Name

If NTP is enabled, specify the NTP server to use.

You can specify the NTP server by hostname, IPv4 address,

or IPv6 address, although using the IPv4/IPv6 address is

not recommended as these can change more readily.

If you specify a hostname, note the following requirements:

• The length must be between 1–253 characters.

• Upper and lower case characters, numbers, and

hyphens are accepted.

• The first character must be a letter (a–z or A–Z) or

number (0–9), and the last character cannot be a

hyphen.

Time Zone Select your local time zone from the menu. The default is

USA (Pacific).

Adjust Time

for Daylight

Savings

System will adjust the reported time for Daylight Savings

Time (DST), which is also known as Summer Time. When

selected, fields to configure Daylight Savings Time

settings will appear.

Daylight Savings

Start

Configure the date and time to begin Daylight Savings

Time for the System Time.

Daylight Saving

End

Configure the date and time to end Daylight Savings Time

for the System Time.

Daylight Savings

Offset

Select the number of minutes to offset DST. The default is

60 (minutes).

NOTE:

After you configure the Time settings, you must click Save to apply the

changes and save the changes to startup configuration file. Changing

some settings might cause the AP to stop and restart system processes.

If this happens, wireless clients will temporarily lose connectivity. We

recommend that you change AP settings when WLAN traffic is low.

NOTE:

Hostnames are composed of a series of labels joined with dots, as are

all domain names. Each label must be between 1 and 63 characters

long, and the entire hostname (including dots) has a maximum of 253

characters.

Log Settings

The Log Settings page shows real-time system logs on the AP such as wireless

clients associating with the AP and being authenticated.

From the Log Settings page, you can enable and configure persistent logging to

write system logs to non-volatile memory so that the events are not erased when

the system reboots. This page also gives you the option of enabling a remote log

relay host to capture all system logs and errors in a kernel log.

To view system events, click the Configuration > Administration > Log Settings tab.

Figure 15: Log Settings

Section 3: Configuring the Access Point

Linksys

Configuring Persistent Logging Options

If the system unexpectedly reboots, log messages can be useful to diagnose the

cause. However, log messages are erased when the system reboots unless you

enable persistent logging.

Caution!

Enabling persistent logging can wear out the flash (non-volatile) memory

and degrade network performance. You should only enable persistent

logging to debug a problem. Make sure you disable persistent logging

after you finish debugging the problem.

Table 17: Logging Options

Field Description

Persistence Choose Enabled to save system logs to non-volatile memory

so that the logs are not erased when the AP reboots. When

persistence is enabled, we can store up to 128 messages in

non-volatile memory. Choose Disabled to save system logs to

volatile memory. Logs in volatile memory are deleted when the

system reboots.

Severity Specify the severity level of the log messages to write to non-

volatile memory. For example, if you specify 2, critical, alert,

and emergency logs are written to non-volatile memory. Error

messages with a severity level of 3–7 are written to volatile

memory.

• 0 — emergency

• 1 — alert

• 2 — critical

• 3 — error

• 4 — warning

• 5 — notice

• 6 — info

• 7 — debug

Depth You can store up to 512 messages in non-volatile memory. Once

the number you configure in this field is reached, the oldest log

event is overwritten by the new log event.

NOTE:

To apply your changes, click Save. Changing some settings might cause

the AP to stop and restart system processes. If this happens, wireless

clients will temporarily lose connectivity. We recommend that you

change AP settings when WLAN traffic is low.

Configuring the Log Relay Host for Kernel

Messages

The Kernel Log is a comprehensive list of system events (shown in the System

Log) and kernel messages such as error conditions, like dropping frames.

You cannot view kernel log messages directly from the Administration Web UI

for an AP. You must first set up a remote server running a syslog process and

acting as a syslog log relay host on your network. Then, you can configure the

access point to send syslog messages to the remote server.

Remote log server collection for AP syslog messages provides the following

features:

• Allows aggregation of syslog messages from multiple APs

• Stores a longer history of messages than kept on a single AP

• Triggers scripted management operations and alerts

To use Kernel Log relaying, you must configure a remote server to receive the

syslog messages. The procedure to configure a remote log host depends on the

type of system you use as the remote host.

NOTE:

The syslog process will default to use port 514. We recommend keeping

this default port. However, If you choose to reconfigure the log port,

make sure that the port number you assign to syslog is not being used by

another process.

Section 3: Configuring the Access Point

Linksys

Enabling or Disabling the Log Relay Host

on the Log Settings Page

To enable and configure Log Relaying on the Log Settings page, set the Log

Relay options as described in the following table, and then click Save.

Table 18: Log Relay Host

Field Description

Relay Log Select Enabled to allow the access point to send log messages

to a remote host. Select Disabled to keep all log messages on

the local system.

Relay Host Specify the IPv4 address, IPv6 address, or DNS name of the

remote log server.

Relay Port Specify the Port number for the syslog process on the Relay

Host.

The default port is 514.

NOTE:

To apply your changes, click Save. Changing some settings might cause

the AP to stop and restart system processes. If this happens, wireless

clients will temporarily lose connectivity. We recommend that you

change AP settings when WLAN traffic is low.

NOTE:

Hostnames are composed of series of labels joined with dots, as are

all domain names. Each label must be between 1 and 63 characters

long, and the entire hostname (including dots) has a maximum of 253

characters.

If you enabled the Log Relay Host, clicking Save will activate remote logging.

The AP will send its kernel messages in real-time for display to the remote log

server monitor, a specified kernel log file, or other storage, depending on how

you configured the Log Relay Host.

If you disabled the Log Relay Host, clicking Save will disable remote logging.

Email Alert

The Email Alert feature allows the AP to automatically send email messages

when an event at or above the configured severity level occurs. Use the Email

Alert page to configure mail server settings, to set the severity level that triggers

alerts, and to add up to three email addresses where urgent and non urgent

email alerts are sent.

Figure 16: Configuring Email Alert

Table 19: Email Alert Configuration

Field Description

Global Configuration

Admin Mode Globally enable or disable the Email Alert feature on

the AP. By default, email alerts are disabled.

Section 3: Configuring the Access Point

Linksys

From Email Address Specify the email address that appears in the From

field of alert messages sent from the AP, for example

AP23@foo.com. The address can be a maximum

of 255 characters and can contain only printable

characters. By default, no address is configured.

Log Duration This duration, in minutes, determines how frequently

the non critical messages are sent to the SMTP

Server. The range is 30-1440 minutes. The default is

30 minutes.

Urgent Message

Severity

Configures the severity level for log messages

that are considered to be urgent. Messages in this

category are sent immediately. The security level you

select and all higher levels are urgent:

• Emergency indicates system is unusable. It is the

highest level of severity.

• Alert indicates action must be taken

immediately.

• Critical indicates critical conditions.

• Error indicates error conditions.

• Warning indicates warning conditions.

• Notice indicates normal but significant

conditions.

• Informational indicates informational messages.

• Debug indicates debug-level messages.

Non Urgent Severity Configures the severity level for log messages that

are considered to be non urgent. Messages in this

category are collected and sent in a digest form at

the time interval specified by the Log Duration field.

The security level you select, and all levels up to but

not including the lowest urgent level, are considered

non-urgent. Messages below the security level you

specify are not sent via email.

See the Urgent Message field description for

information about the security levels.

Mail Server Configuration

Mail Server Address Specify the IP address or hostname of the SMTP

server on the network.

Mail Server Security Specify whether to use SMTP over SSL (TLSv1) or

no security (Open) for authentication with the mail

server. The default is TLSv1.

Mail Server Port Configures the TCP port number for SMTP. The range

is a valid port number from 0 to 65535. The default is

“465”, which is the standard port for SMTP.

Username Specify the username to use when authentication

with the mail server is required. The username is a

64-byte character string with all printable characters.

The default is “admin”.

Password Specify the password associated with the username

configured in the previous field.

Message Configuration

To Address 1 Configure the first email address to which alert

messages are sent. The address must be a valid email

address. By default, no address is configured.

To Address 2 Optionally, configure the second email address to

which alert messages are sent. The address must

be a valid email address. By default, no address is

configured.

To Address 3 Optionally, configure the third email address to

which alert messages are sent. The address must

be a valid email address. By default, no address is

configured.

Email Subject Specify the text to be displayed in the subject of the

email alert message. The subject can contain up to

255 alphanumeric characters. The default is “Log

message from AP”.

Section 3: Configuring the Access Point

Linksys

NOTE:

After you configure the Email Alert settings, you must click Save to apply

the changes and save the changes to startup configuration file.

NOTE:

Hostnames are composed of a series of labels joined with dots, as are

all domain names. Each label must be between 1 and 63 characters

long, and the entire hostname (including dots) has a maximum of 253

characters.

To validate the configured email server credentials, click Test Mail. You can send

a test email once the email server details are configured.

The following text shows an example of an email alert sent from the AP to the

network administrator:

From: AP-192.168.2.10@mailserver.com

Sent: Wednesday, February 08, 2012 11:16 AM

To: administrator@mailserver.com

Subject: log message from AP

TIME Priority Process Id Message

Feb 8 03:48:25 info login[1457] root login on ‘ttyp0’

Feb 8 03:48:26 info mini_http-ssl[1175] Max concurrent connections of

20 reached

on current connections of 20 reached

Management Access

You can create an access control list (ACL) that lists up to five IPv4 hosts and

five IPv6 hosts that are authorized to access the AP management interface. If

this feature is disabled, anyone can access the management interface from any

network client by supplying the correct AP user name and password.

Figure 17: Management Access

Table 20: Management Access

Field Description

Management

ACL Mode

Enable or disable the management ACL feature. At least one

IPv4 or IPv6 address should be configured before enabling

Management ACL Mode. If enabled, only the IP addresses

you specify will have Web, Telnet, SSH, and SNMP access to

the management interface.

IP Address

(1–5)

Enter up to five IPv4 addresses that are allowed

management access to the AP. Use dotted-decimal format

(for example, 192.168.10.10).

IPv6 Address

(1–5)

Enter up to five IPv6 addresses that are allowed

management access to the AP. Use the standard IPv6

address format (for example 2001:0db8:1234::abcd).

NOTE:

After you configure the settings, click Save to apply the changes and to

save the settings.

Section 3: Configuring the Access Point

Linksys

HTTP/HTTPS Service

The AP can be managed through HTTP or secure HTTP (HTTPS) sessions. By

default both HTTP and HTTPS access are enabled. Either access type can be

disabled separately.

To configure Web server settings, click the Services > Web Server tab.

Figure 18: HTTP/HTTPS Service

Table 21: HTTP/HTTPS Service

Field Description

HTTP Server

Status

Enable or disable access through HTTP. This setting is

independent of the HTTPS server status setting.

HTTP Port Specify the port number for HTTP traffic (default is “80”).

HTTP Redirect

to HTTPS

Redirecting all traffic from HTTP to HTTPS and make

sure users always access the site securely. This field is

available only when HTTP access disabled.

HTTPS Server

Status

Enable or disable access through a Secure HTTP Server

(HTTPS).

HTTPS Port Specify the port number for HTTPS traffic (default is

“443”).

Maximum

Sessions

When a user logs in to the AP web interface, a session is

created. This session is maintained until the user logs off

or the session inactivity timer expires.

Enter the number web sessions, including both HTTP

and HTTPS, that can exist at the same time. The range is

1–10 sessions. The default is “5”. If the maximum number

of sessions is reached, the next user who attempts to log

on to the AP web interface receives an error message

about the session limit.

Session

Timeout

Enter the maximum amount of time in minutes an

inactive user remains logged on to the AP web interface.

When the configured timeout is reached, the user is

automatically logged off the AP. The range is 1–1440

minutes (1440 minutes = 1 day). The default is “60”

(minutes).

Generate SSL Certificate

Section 3: Configuring the Access Point

Linksys

Generate SSL

Certificate

Click Generate to generate a new HTTP SSL certificate

for the secure Web server. This should be done once

the access point has an IP address to ensure that the

common name for the certificate matches the IP address

of the access point. Generating a new SSL certificate will

restart the secure Web server. The secure connection

will not work until the new certificate is accepted on the

browser.

SSL Certificate File Status

Certificate File

Present

Indicates if the HTTP SSL Certificate file is present. Range

is either Yes or No.

Certificate

Expiration

Date

Indicates when the HTTP SSL Certificate file will expire.

The range is a valid date.

Certificate

Issuer

Common

Name

The Common Name attribute of the server certificate.

The range is a valid string. For example, /CN=self-

signed/OU=Broadcom Corp./L=Morrisville/ST=North

Carolina/C=US

To Get the Current HTTP SSL Certificate

Download

Method

Select either HTTP/HTTPS or TFTP option. Click

Download to save the current HTTP SSL Certificate as a

backup file to your PC.

HTTP SSL

Certificate File

This field is available when the selected download

method is TFTP. Enter the filename of the certificate. The

filename is a 256-byte alphanumeric string. The default

is “Mini_httpd.pem”.

Note: File name should not contain spaces, < , > , | , \ ,

/ , : , (, ), & , ; , # , ?, *, $, %, ‘, “, and successive ‘.’ .

Server IP The IPv4 or IPv6 address of the TFTP server where the

file will be downloaded. The default is “0.0.0.0”.

Upload SSL Certificate

Upload

Method

Select the upload method:

• HTTP/HTTPS: Upload the file by using a Web

browser

• TFTP: Upload the file from a TFTP server

HTTP SSL

Certificate File

If the selected upload method is HTTP, click the Browse

button to browse to the file to upload to the AP.

If the selected upload method is TFTP, this field displays

a text box. Enter the filename of the certificate to upload

to the AP.

Note: File name should not contain spaces, < , > , | , \ ,

/ , : , (, ), & , ; , # , ?, *, $, %, ‘, “, and successive ‘.’ .

Server IP The IPv4 or IPv6 address of the TFTP server where the

file is located. The default is “0.0.0.0.”

NOTE:

Click Save to apply the changes and save the changes to startup

configuration file. If you disable the protocol you are currently using to

access the AP management interface, the current connection will end

and you will not be able to access the AP by using that protocol until it is

enabled.

Section 3: Configuring the Access Point

Linksys

Discovery - LLDP

Link Layer Discovery Protocol (LLDP) is defined by the IEEE 802.1AB standard and

allows the access point to advertise information about itself such as the system

name, port name, system capabilities, and power requirements. This information

can help you identify system topology and detect bad configurations on the

LAN. The AP also supports the Link Layer Discovery Protocol for Media Endpoint

Devices (LLDP-MED), which standardizes additional information elements that

devices can pass to each other to improve network management.

To configure LLDP settings, click the Services > LLDP tab and update the fields

as described in Table 22.

Figure 19: Discovery-LLDP

Table 22: LLDP Settings

Field Description

LLDP Mode Enables or disables LLDP. The default is Enabled.

Advertise

Interval

Specifies the number of seconds between LLDP message

transmissions. The default transmission interval is “30”

seconds and can be set from “5” to 32768 (seconds).

PoE Priority The priority level transmitted by the AP in the Extended Power

information element. The PoE priority level helps the Power

Sourcing Equipment (PSE), such as a switch, determine which

powered devices should be given priority in power allocation

when the PSE doesn’t have enough capacity to supply power

to all connected devices. The PoE priority can be one of the

following:

• Low

• High

• Critical

• Unknown

Click Save to apply the changes and save the changes to startup configuration file.

Discovery - Bonjour

Bonjour is a software feature that allows the wireless access point and its

services to be discovered on a local network using multicast Domain Name

System (mDNS) service records. You can either enable or disable the Bonjour

component systemwide. The feature is not configurable on any specific

network interface.

To set Bonjour status, click the Configuration > Administrator > Discovery -

Bonjour tab.

Figure 20: Discovery - Bonjour

Table 23: Discovery - Bonjour

Field Description

Bonjour

Status

Enables or disables Bonjour. The default is Enabled.

The access point uses a default AP IP address assignment if a DHCP server

is absent in the network. There is no implementation of IPv4 Link-Local

Addressing or IPv6 Stateless Address Auto-configuration for the access point.

DNS-SD and mDNS are used for advertisement of services and hostname

lookup. The service types listed in the following table are defined by the DNS-

SD records and advertised via mDNS by the Bonjour component. The Bonjour

component works in both IPv4 and IPv6 networks.

Table 24: Bonjour Status Service Types

Service Type Description

brcm-sb Broadcom-specific service type. Allows clients to discover

Broadcom devices.

http AP management Web UI.

https AP switch management Web UI.

telnet AP management CLI.

ssh Secure AP management CLI.

+ 91 hidden pages