LINKSYS LAPAC1750PO User Manual
User Guide
L APAC1750 PRO
Linksys
Table of Contents
Table of Contents
Section 1: Getting Started. . . . . . . . . . . . . . . . . . . . . . 1
Administrator’s Computer Requirements . . . . . . . . . . . . . . .1
Wireless Client Requirements. . . . . . . . . . . . . . . . . . . . . . .2
Online Help, Supported Browsers, and Limitations . . . . . . . . .2
Dynamic and Static IP Addressing on the AP . . . . . . . . . . . . .3
Installing the Access Point. . . . . . . . . . . . . . . . . . . . . . . . .3
Configuring the Ethernet Settings. . . . . . . . . . . . . . . . . . . .5
Configuring IEEE 802.1X Authentication . . . . . . . . . . . . . . . .6
Configuring Security on the Wireless Access Point . . . . . . . . .6
Section 2: Viewing Access Point System Status . . . . . . . . 7
System Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Radio Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Workgroup Bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Associated Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
TSPEC Client Associations . . . . . . . . . . . . . . . . . . . . . . . .15
TSPEC Status and Statistics . . . . . . . . . . . . . . . . . . . . . . . 16
Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
QoS and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . 66
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Captive Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Section 4: Maintenance of the Access Point . . . . . . . . . 110
Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
TSPEC AP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Email Alert Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Section 3: Configuring the Access Point . . . . . . . . . . . . .19
Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
ii
ii
Linksys
Section 1: Getting Started
Section 1: Getting Started
The LAPAC1750PRO® Access Point provides continuous, high-speed access
between wireless devices and Ethernet devices. It is an advanced, standardsbased solution for wireless networking in businesses of any size. The access point
(AP) enables wireless local area network (WLAN) deployment while providing
state-of-the-art wireless networking features.
The access point can operate in one modes: Standalone Mode. In Standalone
Mode, the access point acts as an individual access point in the network, and you
manage it by using the Administrator Web User Interface (UI) or SNMP.
This document describes how to perform the setup, management, and
maintenance of the access point in Standalone Mode.
Before you power on a new access point, review the following sections to
check required hardware and software components, client configurations, and
compatibility issues. Make sure you have everything you need for a successful
launch and test of your new or extended wireless network.
This section contains the following topics:
• Administrator’s Computer Requirements
• Wireless Client Requirements
• Online Help, Supported Browsers, and Limitations
• Dynamic and Static IP Addressing on the AP
• Installing the Access Point
• Configuring the Ethernet Settings
• Configuring IEEE 802.1X Authentication
NOTE:
The access point is not designed to function as a gateway to the Internet.
To connect your WLAN to other LANs or the Internet, you need a gateway
device.
Administrator’s Computer Requirements
The following table describes the minimum requirements for the administrator’s
computer for configuration and administration of the access point through a
Web-based user interface (UI).
Table 1: Requirements for the Administrator’s Computer
Required Software or
Component
Ethernet Connection to
the Access Point
Wireless Connection to
the Network
Description
The computer used to configure the first access
point must be connected to the access point by
an Ethernet cable.
After initial configuration and launch of the first
access point on your new wireless network, you
can make subsequent configuration changes
through the Administration Web pages using a
wireless connection to the internal network. For
wireless connection to the access point, your
administration device will need Wi-Fi capability
similar to that of any wireless client: Portable or
built-in Wi-Fi client adapter that supports one
or more of the IEEE 802.11 modes in which you
plan to run the access point.
• Configuring Security on the Wireless Access Point
To manage the access point by using the Web interface, the AP needs an IP
address. If you use VLANs or IEEE 802.1X Authentication (port security) on your
network, you might need to configure additional settings on the AP before it can
connect to the network.
1
1
Linksys
Section 1: Getting Started
Web Browser and
Operating System
Security Settings Ensure that security is disabled on the wireless
Configuration and administration of the
access point is provided through a Web-based
user interface hosted on the access point.
We recommend using one of the following
supported Web browsers to access the access
point Administration Web pages:
• Microsoft® Internet Explorer® version 9.x or
11.x (with up-to-date patch level for either major
version)
• Mozilla Firefox version 26.x
• Google Chrome version 32.x
• Safari version 5.x
The administration Web browser must have
JavaScript™ enabled to support the interactive
features of the administration interface.
client used to initially configure the access point.
Wireless Client Requirements
The access point provides wireless access to any client with a properly configured
Wi-Fi client adapter for the 802.11 mode in which the access point is running. The
access point supports multiple client operating systems. Clients can be laptop or
desktop computers, personal digital assistants (PDAs), or any other hand-held,
portable or stationary device equipped with a Wi-Fi adapter and supporting
drivers.
In order to connect to the access point, wireless clients need the software and
hardware described in the following table.
Table 2: Requirements for Wireless Clients
Required Component Description
Wi-Fi Client Adapter Portable or built-in Wi-Fi client adapter that
supports one or more of the IEEE 802.11 modes
in which you plan to run the access point. (IEEE
802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac
modes are supported.)
Wireless Client
Software
Client Security
Settings
Client software, such as Microsoft Windows
Supplicant, configured to associate with the access
point.
Security should be disabled on the client used to
do initial configuration of the access point.
If the Security mode on the access point is set to
anything other than plain text, wireless clients
will need to set a profile to the authentication
mode used by the access point and provide a valid
username and password, certificate, or similar user
identity proof. Security modes are Static WEP, IEEE
802.1X, WPA with RADIUS server, and WPA-PSK.
For information about configuring security on the
access point, see ”Virtual Access Point (VAP)”.
Online Help, Supported Browsers, and Limitations
Online help for the access point Administration Web pages provides information
about all fields and features available from the user interface (UI). The information
in the online help is a subset of the information available in the LAPAC1750PRO
Access Point Administrator’s Guide.
Online help information corresponds to each page on the access point
Administration UI.
For information about the settings on the current page, click the link on the
right side of a page or the More... link at the bottom of the help panel on the UI.
The following figure shows an example of the online help available from the links
on the user interface.
2
Linksys
Section 1: Getting Started
Figure 1: Administrator UI Online Help
NOTE:
If you do not have a DHCP server on your internal network, and do
not plan to use one, the first thing you must do after powering on the
access point is change the connection type from DHCP to static IP. You
can either assign a new static IP address to the AP or continue using the
default address. We recommend assigning a new static IP address so that
if you bring up another WLAN AP on the same network, the IP address for
each AP will be unique.
Recovering an IP Address
If you experience trouble communicating with the access point, you can recover
a static IP address by resetting the AP configuration to the factory defaults (see
“Restoring Configuration” on page 164 and “To Restore the Factory Default
Configuration” on page 165), or you can get a dynamically assigned address by
connecting the AP to a network that has a DHCP server.
Discovering a Dynamically Assigned IP
Address
If you have access to the DHCP server on your network and know the MAC
address of your AP, you can view the new IP address associated with the MAC
address of the AP.
Dynamic and Static IP Addressing on the AP
When you power on the access point, the built-in DHCP client searches for a
DHCP server on the network in order to obtain an IP address and other network
information. If the AP does not find a DHCP server on the network, the AP
continues to use its default Static IP Address (192.168.1.252) until you re-assign it
a new static IP address (and specify a static IP addressing policy) or until the AP
successfully receives network information from a DHCP server.
To change the connection type and assign a static IP address by using the Web
UI, see “VLAN and IPv4 Address” on page 46.
NOTE:
The MAC address of access point is shown on product label and brown
box label.
Installing the Access Point
To access the Administration Web UI, you enter the IP address of the AP into a
Web browser. You can use the default IP address of the AP (192.168.1.252) to log
on to the AP and assign a static IP address, or you can use a DHCP server on you
network to assign network information to the AP. The DHCP client on the AP is
enabled by default.
To install the access point, use the following steps:
1. Connect the AP to an administrative PC by using a LAN connection or a
direct-cable connection.
3
Linksys
Section 1: Getting Started
• To use a LAN connection, connect one end of an Ethernet cable to the
network port on the access point and the other end to the same hub where
your PC is connected, as shown in the following figure.
The hub or switch you use must permit broadcast signals from the access point
to reach all other devices on the network.
• To use a direct-cable connection, connect one end of an Ethernet straight-
through or crossover cable to the network port on the access point and
the other end of the cable to the Ethernet port on the PC, as shown in the
following figure. You can also use a serial cable to connect the serial port
on the AP to a serial port on the administrative computer.
NOTE:
Ethernet Port 1 and Port 2 can be used together in Link Aggregation
mode when supported by the connected devices.
2. Connect the power adapter to the power port on the back of the access
point, and then plug the other end of the power cord into a power outlet.
3. Use your Web browser to log on to the access point Administration Web
pages.
• If the AP did not acquire an IP address from a DHCP server on your network,
enter 192.168.1.252 in the address field of your browser, which is the default
IP address of the AP.
• If you used a DHCP server on your network to automatically configure
network information for the AP, enter the new IP address of the AP into the
Web browser.
4. When prompted, enter admin for the user name and admin for the
password, then click Log In.
For initial configuration with a direct Ethernet connection and no DHCP server,
be sure to set your PC to a static IP address in the same subnet as the default
IP address on the access point. (The default IP address for the access point is
192.168.1. 252.)
If you use this method, you will need to reconfigure the cabling for subsequent
startup and deployment of the access point so that the access point is no longer
connected directly to the PC but instead is connected to the LAN (either by
using a hub or directly).
NOTE:
It is possible to detect access points on the network with a wireless
connection. However, we strongly advise against using this method.
In most environments you may have no way of knowing whether you
are actually connecting to the intended AP. Also, many of the initial
configuration changes required will cause you to lose connectivity with
the AP over a wireless connection.
• When you first log in, the System Summary page for access point
administration is displayed, as the following figure shows.
4
Linksys
Section 1: Getting Started
Figure 2: System Summary Page
5. Verify the settings on the System Summary page.
• Review access point description.
For information about the fields on the System Summary page, see “System
Summary” on page 11.
For information about how to configure the 802.1X user name and
password, see “802.1X Supplicant” on page 94.
Configuring the Ethernet Settings
The default Ethernet settings, which include DHCP and VLAN information,
might not work for all networks.
By default, the DHCP client on the access point automatically broadcasts
requests for network information. If you want to use a static IP address, you
must disable the DHCP client and manually configure the IP address and other
network information.
The management VLAN is VLAN 1 by default. This VLAN is also the default
untagged VLAN. If you already have a management VLAN configured on
your network with a different VLAN ID, you must change the VLAN ID of the
management VLAN on the access point.
For information about using the Web interface to configure the Ethernet
settings, see “VLAN and IPv4 Address” on page 46.
6. If you do not have a DHCP server on the management network and do
not plan to use one, you must change the Connection Type from DHCP to
Static IP.
You can either assign a new Static IP address to the AP or continue using
the default address. We recommend assigning a new Static IP address
so that if you bring up another Access Point on the same network, the IP
address for each AP will be unique. To change the connection type and
assign a static IP address, see “VLAN and IPv4 Address” on page 46.
7. If your network uses VLANs, you might need to configure the
management VLAN ID or untagged VLAN ID on the access point in order
for it to work with your network.
For information about how to configure VLAN information, see “VLAN
and IPv4 Address” on page 46.
8. If your network uses IEEE 802.1X port security for network access control,
you must configure the 802.1X supplicant information on the AP.
5
Linksys
Section 1: Getting Started
Configuring IEEE 802.1X Authentication
On networks that use IEEE 802.1X, port-based network access control,
a supplicant (client) cannot gain access to the network until the 802.1X
authenticator grants access. If your network uses 802.1X, you must configure
802.1X authentication information that the AP can supply to the authenticator.
If your network uses IEEE 802.1X see “802.1X Supplicant” on page 94 for
information about how to configure 802.1X by using the Web interface.
Verifying the Installation
Make sure the access point is connected to the LAN and associate some wireless
clients with the network. Once you have tested the basics of your wireless
network, you can enable more security and fine-tune the AP by modifying
advanced configuration features.
1. Connect the access point to the LAN.
• If you configured the access point and administrator PC by connecting
both into a network hub, then your access point is already connected to
the LAN. The next step is to test some wireless clients.
• If you configured the access point by using a direct cable connection
from your computer to the access point, do the following procedures:
a. Disconnect the cable from the computer and the access point.
b. Connect an Ethernet cable from the access point to the LAN.
c. Connect your computer to the LAN by using an Ethernet cable or a
wireless card.
2. Test LAN connectivity with wireless clients.
Test the access point by trying to detect it and associate with it from
some wireless client devices. For information about requirements for
these clients, see “Wireless Client Requirements” on page 2.
3. Secure and configure the access point by using advanced features.
Once the wireless network is up and you can connect to the AP with some
wireless clients, you can add in layers of security, create multiple virtual
access points (VAPs), and configure performance settings.
NOTE:
The WLAN AP is not designed for multiple, simultaneous configuration
changes. If more than one administrator is logged onto the
Administration Web pages and making changes to the configuration,
there is no guarantee that all configuration changes specified by multiple
users will be applied.
By default, no security is in place on the access point, so any wireless client
can associate with it and access your LAN. An important next step is to
configure security, as described in “Virtual Access Point (VAP)” on page 64.
Configuring Security on the Wireless
Access Point
You configure secure wireless client access by configuring security for each
virtual access point (VAP) that you enable. You can configure up to 8 VAPs per
radio that simulate multiple APs in one physical access point. By default, only
one VAP is enabled. For each VAP, you can configure a unique security mode to
control wireless client access.
Each radio has 8 VAPs, with VAP IDs from 0-7. By default, only VAP 0 on each
radio is enabled. VAP0 has the following default settings:
• VLAN ID: 1
• Broadcast SSID: Enabled
• SSID: LinksysSMB24G for Radio 1 (2.4GHz), and LinksysSMB5G for Radio 2
(5GHz)
• Security: None
• MAC Authentication Type: None
• Redirect Mode: None
All other VAPs are disabled by default. The default SSID for VAPs 1–7 is “Virtual
Access Point x” where x is the VAP ID.
To prevent unauthorized access to the access point, we recommend that you
select and configure a security option other than None for the default VAP and
for each VAP that you enable.
For information about how to configure the security settings on each VAP, see
“Virtual Access Point (VAP)” on page 64.
6
Linksys
Section 2: Viewing Access Point System Status
Section 2: Viewing Access Point
System Status
This section describes the information you can view from the tabs under the
Status and Statistics heading on the Administration Web UI.
Status and Statistics
This topic contains the following subsections:
• System Summary
• Network Interfaces
• Radio Statistics
• Workgroup Bridge
• Associated Client
• TSPEC Client Associations
• TSPEC Status and Statistics
• TSPEC AP Statistics
• Email Alert Status
• System Log
System Summary
From the System Summary page, you can view various information about the
access point (AP), including IP and MAC address information. Table 3 describes
the fields and configuration options on the System Summary page.
Table 3: System Summary Page
Field Description
IPv4 Address Shows the IP address assigned to the AP. This field
is not editable on this page because the IP address
is already assigned (either by DHCP, or statically
through the Ethernet Settings page).
IPv6 Address Shows the IPv6 address assigned to the AP. This field
is not editable on this page because the IP address
is already assigned (either by DHCPv6, or statically
through the Management IPv6 page).
IPv6 Address
Status
IPv6
Autoconfigured
Global Addresses
IPv6 Link Local
Address
Shows the operational status of the static IPv6
address assigned to the management interface
of the AP. The possible values are Operational and
Tentative.
Note: If an IPv6 address has not been manually
configured or leased from a DHCPv6 server, the field
is blank.
Shows each automatically configured global IPv6
address for the management interface of the AP.
Shows the IPv6 Link Local address, which is the IPv6
address used by the local physical link. The Link Local
address is not configurable and is assigned by using
the IPv6 Neighbor Discovery process.
Device Name Generic name to identify the type of hardware.
Model Number Identifies the AP hardware model.
Serial Number Shows the AP serial number.
7
Linksys
Section 2: Viewing Access Point System Status
MAC Address Shows the MAC address of the AP. The address
shown here is the MAC address associated with the
management interface. This is the address by which
the AP is known externally to other networks.
Firmware Version Shows version information about the firmware
currently installed on the AP. As new versions of
the WLAN AP firmware become available, you can
upgrade the firmware on your AP.
Hardware Version Identifies the AP hardware version.
System Uptime Provides information about the system start up time.
Power Source The power source of monitor system is the power
adapter or PoE.
Connecting to the AP Web Interface
Using the IPv6 Address
To connect to the AP by using the IPv6 global address or IPv6 Link Local address,
you must enter the AP address into your browser in a special format.
Network Interfaces
This page displays the current settings for the wired Ethernet interface and the
wireless radio interfaces on the AP.
To monitor Ethernet LAN (wired) and wireless LAN (WLAN) settings, click the
System Status > Status and Statistics > Network Interfaces tab.
Figure 3: Viewing Network Interfaces
NOTE:
The following instructions and examples work with Microsoft Internet
Explorer 7 (IE7) and might not work with other browsers.
To connect to an IPv6 global address, add square brackets around the IPv6 address.
For example, if the AP global IPv6 address is 2520::230:abff:fe00:2420, type the
following address into the IE7 address field: http://[2520::230:abff:fe00:2420].
To connect to the iPv6 Link Local address, replace the colons (:) with hyphens
(-), add the interface number, preceded by an “s,” then add “.ipv6-literal.net.”
For example, if the AP Link Local address is fe80::230:abff:fe00:2420, and the
Windows interface is defined as “%6,” type the following address into the IE7
address field: http://fe80--230-abff-fe00-2420s6.ipv6-literal.net.
NOTE:
The information on this page is read-only. To change the wired or wireless
interface settings, click the Edit link associated with the appropriate
section.
8
Linksys
Section 2: Viewing Access Point System Status
LAN Status (Management Interface)
LAN Status shows information about the internal Ethernet interface, which is the
primary interface used to manage the AP.
Table 4: LAN Interface Settings
Field Description
MAC Address The MAC address for the LAN interface for the Ethernet
port on this AP. This is a read-only field that you cannot
change.
VLAN ID The management VLAN ID. This is the VLAN
associated with the IP address you use to access the
AP management interface. The default management
VLAN ID is 1.
IPv4 Address The IP address of the management interface.
Subnet Mask The subnet mask associated with the management IP
address.
DNS -1
DNS-2
Default Gateway The default gateway for the IPv4 network interface.
IPv6 Address The IPv6 address of the management interface.
IPv6
Autoconfigured
Global Addresses
IPv6 Link Local
Address
IPv6-DNS-1
IPv6-DNS-2
The primary and secondary DNS servers to use for
name-to-IP address resolution.
If the AP has been assigned one or more IPv6 addresses
automatically, the addresses are listed.
The IPv6 Link Local address, which is the IPv6 address
used by the local physical link. The Link Local address
is not configurable and is assigned by using the IPv6
Neighbor Discovery process.
The primary and secondary DNS servers to use for
name-to-IPv6 address resolution.
To change the wired settings, click the Edit link. After you click Edit, you are
redirected to the VLAN and IPv4 Address page.
For information about configuring these settings, see “VLAN and IPv4 Address
Wireless Status
The wireless settings show summary information about the radio interface
configuration.
Table 5 describes the fields and configuration options available on the Wireless
Status page.
Table 5: Wireless Status
Field Description
AeroScout™
Engine
Communications
Status
Radio One and Radio Two
MAC Address The MAC addresses for the interface.
The status of the AeroScout protocol on the AP. When
enabled, AeroScout devices are recognized and data
is sent to an AeroScout Engine (AE) for analysis. The AE
determines the geographical location of 802.11-capable
devices, such as STAs, APs, and AeroScout’s line
of 802.11-enabled RFID devices, or tags. The AE
communicates with APs that support the AE protocol
in order to collect information about the RF devices
detected by the APs.
This page shows the MAC addresses for Radio Interface
One and Radio Interface Two.
A MAC address is a permanent, unique hardware address
for any device that represents an interface to the network.
The MAC address is assigned by the manufacturer. You
cannot change the MAC address. It is provided here
for informational purposes as a unique identifier for an
interface.
Default IPv6
Gateway
The default gateway for the IPv6 network interface.
9
Linksys
Section 2: Viewing Access Point System Status
Mode The Physical Layer (PHY) standard the radio uses:
• IEEE 802.11b/g — 802.11b and 802.11g clients can
connect to the AP.
• IEEE 802.11b/g/n — 802.11b, 802.11g, and 802.11n
clients operating in the 2.4-GHz frequency can
connect to the AP.
• IEEE 802.11n — Only 802.11n clients operating in the
2.4-GHz frequency can connect to the AP.
• IEEE 802.11a — Only 802.11a clients can connect to
the AP. This mode is available only on Radio 2.
• IEEE 802.11a/n/ac — 802.11a, 802.11n, and 802.11ac
clients operating in the 5-GHz frequency can
connect to the AP. This mode is available only on
Radio 2.
• IEEE 802.11n/ac — 802.11n clients and 802.11ac clients
operating in the 5-GHz frequency can connect to
the AP. This mode is available only on Radio 2.
Channel The current operating channel. The channel defines
the portion of the radio spectrum the radio uses for
transmitting and receiving. Each mode offers a number
of channels, depending on how the spectrum is licensed
by national and transnational authorities such as the
Federal Communications Commission (FCC) or the
International Telecommunication Union (ITU-R).
Operational
Bandwidth
To change the radio mode or channel settings, click the Edit link. After you click
Edit, you are redirected to the Radio page.
For information about configuring these settings, see “Radio”.
The size of the bandwidth, in MHz, the current channel
is using.
Radio Statistics
The Radio Statistics page provides detailed information about the packets and
bytes transmitted and received on the radio (wireless) interface of this access
point.
To view Radio Statistics, click the System Status > Radio Statistics tab.
Figure 4: Radio Statistics
The following table describes details about the Radio Statistics information.
Table 6: Radio Statistics Information
Field Description
Radio Choose either radio 1 or radio 2.
WLAN Packets
Received
Total packets received by the AP on this radio interface.
WLAN Bytes
Received
WLAN Packets
Transmitted
Total bytes received by the AP on this radio interface.
Total packets transmitted by the AP on this radio interface.
10
Linksys
Section 2: Viewing Access Point System Status
WLAN Bytes
Transmitted
WLAN Packets
Received
Dropped
WLAN Bytes
Received
Dropped
WLAN Packets
Transmit
Dropped
WLAN Bytes
Transmit
Dropped
Fragments
Received
Fragments
Transmitted
Total bytes transmitted by the AP on this radio interface.
Number of packets received by the AP on this radio
interface that were dropped.
Number of bytes received by the AP on this radio interface
that were dropped.
Number of packets transmitted by the AP on this radio
interface that were dropped.
Number of bytes transmitted by the AP on this radio
interface that were dropped.
Count of successfully received MPDU frames of type data
or management.
Number of transmitted MPDU with an individual address
or an MPDU with a multicast address of type data or
management.
Multiple Retry
Count
RTS Success
Count
RTS Failure
Count
ACK Failure
Count
FCS Error Count Count of FCS errors detected in a received MPDU frame.
Transmitted
Frame Count
WEP
Undecryptable
Count
Number of times an MSDU is successfully transmitted after
more than one retry.
Count of CTS frames received in response to an RTS frame.
Count of CTS frames not received in response to an RTS
frame.
Count of ACK frames not received when expected.
Count of each successfully transmitted MSDU.
Count of encrypted frames received where:
1. The key configuration of the transmitter indicates that
the frame should not have been encrypted.
2. The frame was discarded due to the receiving station
not implementing the privacy option.
Multicast
Frames
Received
Multicast
Frames
Transmitted
Duplicate
Frame Count
Failed Transmit
Count
Transmit Retry
Count
Count of MSDU frames received with the multicast bit set
in the destination MAC address.
Count of successfully transmitted MSDU frames where the
multicast bit is set in the destination MAC address.
Number of times a frame is received and the Sequence
Control field indicates it is a duplicate.
Number of times an MSDU is not transmitted successfully
due to transmit attempts exceeding either the short retry
limit or the long retry limit.
Number of times an MSDU is successfully transmitted after
one or more retries.
11
Linksys
Section 2: Viewing Access Point System Status
Interface Statistics
The Interface Statistics page provides some basic information about the AP and
a real-time display of transmit and receive statistics for the Ethernet interface
on the AP, and for the VAPs on both radio interfaces. All transmit and receive
statistics shown are totals since the AP was last started. If you reboot the AP,
these figures indicate transmit and receive totals since the reboot.
To view transmit and receive statistics, click the System Status > Interface
Statistics tab.
Figure 5: Interface Statistics
Table 7: Interface Statistics
Field Description
Interface Status Table
Interface The name of the Ethernet or VAP interface.
Name (SSID) Wireless network name. Also known as the SSID,
this alphanumeric key uniquely identifies a
wireless local area network.
The SSID is set on the VAP tab. (See “Virtual
Access Point (VAP)” on page 64)
Status Shows whether the interface is enabled (up) or
disabled (down).
MAC Address MAC address for the specified interface.
The AP has a unique MAC address for each
interface. Each radio has a different MAC address
for each interface on each of its two radios.
VLAN ID Virtual LAN (VLAN) ID.
You can use VLANs to establish multiple internal
and guest networks on the same AP.
The VLAN ID is set on the VAP tab. (See “Virtual
Access Point (VAP)” on page 64)
Interface Statistics Table
Total Packets Indicates total packets sent or received by this
A P.
Total Bytes Indicates total bytes sent or received by this AP.
Dropped Packets Indicates total number of packets sent or
received by this AP that were dropped.
Dropped Bytes Indicates total number of bytes sent or received
by this AP that were dropped.
Errors Indicates total errors related to sending and
receiving data on this AP.
Click Refresh to refresh the information on the page.
12
Linksys
Section 2: Viewing Access Point System Status
Workgroup Bridge
The Workgroup Bridge page displays packet and byte counts for traffic between
stations on a workgroup bridge.
The information in the following table is available for each network interface that
is configured as a workgroup bridge interface.
Figure 6: Workgroup Bridge
Table 8: Workgroup Bridge
Field Description
Status Table
Interface Name of the Ethernet or VAP interface.
Name (SSID) Wireless network name. Also known as the SSID, this
alphanumeric key uniquely identifies a wireless local area
network. The SSID is set on the VAP tab. See Configuring
VAPs.
Status Whether the interface is disconnected or is administratively
configured as enabled (up) or disabled (down).
VLAN ID Virtual LAN (VLAN) ID. You can use VLANs to establish
multiple internal and guest networks on the same AP. The
VLAN ID is set on the VAP tab. See Configuring VAPs.
Statistics Table
Total Packets The total number of Sent/Received packets bridged
between the wired clients in the workgroup bridge and
the wireless network.
Total Bytes The total number of Sent/Received bytes bridged between
the wired clients in the workgroup bridge and the wireless
network.
Associated Client
The associated clients are displayed along with information about packet traffic
transmitted and received for each station. Click the System Status > Associations
Client tab.
Figure 7: Association Client
Table 9: Associated Clients
Field Description
Network Shows which VAP the client is associated with. For
example, an entry of wlan0vap2 means the client is
associated with Radio 1, VAP 2.
An entry of wlan0 means the client is associated with
VAP 0 on Radio 1. An entry of wlan1 means the client is
associated with VAP 0 on Radio 2.
Station Shows the MAC address of the associated wireless client.
13
Linksys
Section 2: Viewing Access Point System Status
Status The Authenticated and Associated Status shows the
underlying IEEE 802.11 authentication and association
status, which is present no matter which type of security
the client uses to connect to the AP. This status does not
show other (IEEE 802.1X) authentication or association
status.
Some points to keep in mind with regard to this field are:
• If the AP security mode is None or Static WEP, the
authentication and association status of clients showing
on the Client Associations tab will be in line with what
is expected; that is, if a client shows as authenticated to
the AP, it will be able to transmit and receive data. (This is
because Static WEP uses only IEEE 802.11 authentication.)
• If the AP uses IEEE 802.1X or WPA security, however,
it is possible for a client association to show on this tab as
authenticated (via the IEEE 802.11 security) but actually
not be authenticated to the AP via the second layer of
security.
From Station
These fields report information about traffic sent from a wireless client to
the AP.
Packets The number of packets received from the wireless client.
Bytes The number of bytes received from the wireless client.
Drop Packets The number of packets that were dropped after being
received.
Drop Bytes The number of bytes that were dropped after being
received.
To Station
These fields report information about traffic sent from the AP to a wireless
client.
Packets The number of packets sent from the AP to the wireless
client.
Bytes The number of bytes sent from the AP to the wireless
client.
Drop Packets The number of packets that the AP attempted to send to
the wireless client but were dropped.
Drop Bytes The number of bytes that the AP attempted to send to
the wireless client but were dropped.
TS Violate
Packets
The number of packets sent from the AP to a wireless
client in excess of its active TS downlink bandwidth, or
for an access category requiring admission control to
which the wireless client has not been admitted.
Link Integrity Monitoring
The access point provides link integrity monitoring to continually verify its
connection to each associated client. To do this, the AP sends data packets to
clients every few seconds when no other traffic is passing. This allows the AP to
detect when a client goes out of range, even during periods when no normal
traffic is exchanged. The client connection drops off the list within 300 seconds
if these data packets are not acknowledged, even if no disassociation message
is received.
TS Violate
Packets
The number of packets sent from a wireless client to the
AP in excess of its active TS uplink bandwidth, or for an
access category requiring admission control to which
the wireless client has not been admitted.
14
Linksys
Section 2: Viewing Access Point System Status
TSPEC Client Associations
The TSPEC Client Association Status and Statistics page provides information
about the TSPEC client data transmitted and received by this access point. Table
10 shows voice and video packets transmitted and received by the association,
along with status information.
The page shows a real-time display of transmit and receive statistics for the
TSPEC clients. All transmit and receive statistics shown are totals since the client
association started.
A TSPEC is a traffic specification that is sent from a QoS-capable wireless client
to an AP requesting a certain amount of network access for the traffic stream
(TS) it represents. A traffic stream is a collection of data packets identified by
the wireless client as belonging to a particular user priority. An example of a
voice traffic stream is a Wi-Fi-certified™ telephone handset that marks its codecgenerated data packets as voice priority traffic. An example of a video traffic
stream is a video player application on a wireless laptop that prioritizes a video
conference feed from a corporate server.
To view TSPEC Client Association statistics, click the System Status > TSPEC Client
Associations tab.
Figure 8: TSPEC Client Associations
TS Identifier TSPEC Traffic Session Identifier (range 0-7).
Access Category TS Access Category (voice or video).
Direction The traffic direction for this TS.
• Uplink
• Downlink
• Bidirectional
User Priority The User Priority (UP) for this TS. The UP is sent with
each packet in the UP portion of the IP header. Typical
values are:
• 6 or 7 for voice
• 4 or 5 for video
The value may differ depending on other priority
traffic sessions.
Medium Time The time that the TS traffic occupies the transmission
medium.
Excess Usage
Events
The number of times the client has exceeded the
medium time established for its TSPEC. Minor,
infrequent violations are ignored.
Table 10: TSPEC Client Associations
Field Description
Status
Network Radio interface used by the client.
SSID The service set identifier associated with this TS client.
Station Client station MAC address.
VAP MAC Address The VAP MAC address.
Statistics
Network Radio interface used by the client.
Station Client station MAC address.
TS Identifier TSPEC Traffic Session Identifier (range 0-7).
Access Category TS Access Category (voice or video).
Direction The traffic direction for this TS. Direction can be:
• Uplink
• Downlink
• Bidirectional
15
Linksys
Section 2: Viewing Access Point System Status
From Station The number of packets and bytes received from the
wireless client, and the number of packets and bytes
that were dropped after being received. Also, the
number of packets:
• in excess of an admitted TSPEC.
• for which no TSPEC has been established when
admission is required by the AP.
To Station The number of packets and bytes transmitted from
the AP to the client, and the number of packets and
bytes that were dropped upon transmission. Also, the
number of packets:
• in excess of an admitted TSPEC.
• for which no TSPEC has been established when
admission is required by the AP.
TSPEC Status and Statistics
The TSPEC Status and Statistics page provides:
• Summary information about TSPEC sessions by radio
• Summary information about TSPEC sessions by VAP
Figure 9: TSPEC Status and Statistics
• Real-time transmit and receive statistics for the TSPEC VAPs on all radio
interfaces.
All transmit and receive statistics shown are totals since the AP was last started.
If you reboot the AP, these figures indicate transmit and receive totals since the
reboot.
To view TSPEC status and statistics, click the System Status > TSPEC Status
and Statistics tab. The following image has been edited to show some of the
transmit and receive statistics.
16
Linksys
Section 2: Viewing Access Point System Status
Table 11: TSPEC Status and Statistics
Field Description
Interface Indicates the name of the Radio or VAP interface.
Access
Category
Status Indicates whether the TSPEC session is enabled (up) or
Active TS Indicates the number of currently active TSPEC Traffic
TS Clients Indicates the number of Traffic Stream clients associated
Med. Time
Admitted
Med. Time
Unallocated
Indicates Current Access Category associated with this Traffic
Stream (voice or video).
disabled (down) for the corresponding Access Category.
Note: This is a configuration status (does not necessarily
represent the current session activity).
Streams for this radio and Access Category.
with this radio and Access Category.
Time allocated for this Access Category over the transmission
medium to carry data. This value should be less than or equal
to the maximum bandwidth allowed over the medium for
this TS.
Time of unused bandwidth for this Access Category.
Total Video
Packets
Total Video
Bytes
Click Refresh to refresh the page.
Indicates the total number of TS video packets sent (in
Transmit table) or received (in Received table) by this AP for
this VAP.
Indicates the total TS video bytes sent (in Transmit table) or
received (in Received table) by this AP for this VAP.
TSPEC AP Statistics
The TSPEC AP Statistics page provides information on the voice and video
Traffic Streams accepted and rejected by the AP.
To view TSPEC AP statistics, click the System Status > TSPEC AP Statistics tab.
Figure 10: TSPEC AP Statistics
Total Bytes Indicates the total number of TS bytes sent (in Transmit table)
or received (in Received table) by this Radio for the specified
Access Category.
Total
Packets
Total Voice
Packets
Total Voice
Bytes
Indicates the total number of TS packets sent (in Transmit
table) or received (in Received table) by this Radio for the
specified Access Category.
Indicates the total number of TS voice packets sent (in
Transmit table) or received (in Received table) by this AP for
this VAP.
Indicates the total TS voice bytes sent (in Transmit table) or
received (in Received table) by this AP for this VAP.
Table 12: TSPEC AP Statistics
Field Description
TSPEC Statistics Summary
for Voice ACM
TSPEC Statistics Summary
for Video ACM
Click Refresh to refresh the page.
Indicates the total number of accepted and
the total number of rejected voice Traffic
Streams.
Indicates the total number of accepted and
the total number of rejected video Traffic
Streams.
17
Linksys
Section 2: Viewing Access Point System Status
Email Alert Status
The Email Alert Status page provides information about the email alerts sent
based on the syslog messages generated in the AP.
To view the Email Alert Operational Status, click the System Status > Email Alert
Status tab.
To configure the email alerts, see “Email Alert” on page 38.
Figure 11: Email Alert Status
Table 13: Email Alert Status
Field Description
Email Alert
Status
Number of
Email Sent
Number of
Email Failed
Time Since
Last Email Sent
The Email Alert operational status The status is either Up
or Down. The default is Down.
The total number of emails sent so far. The range is an
unsigned integer of 32 bits. The default is 0.
The total number of email failures so far. The range is an
unsigned integer of 32 bits. The default is 0.
The time and date when the last email alert was sent. The
AP uses the system time to report the information. If an
email has not been sent since the device was reset, the
status is not sent.
System Log
From the System Log page, you can view the most recent system log generated
by this AP.
To view the Email Alert Operational Status, click the System Status > System Log
tab.
To configure the Log settings, see “Log Settings”.
Figure 13: System Log
Table 14: System Log
Field Description
Time Settings The system time when the event occurred.
Type Specify the type of the log messages to write to non-
volatile memory.
• emerg — emergency
• alert — alert
• crit — critical
• err — error
• warn — warning
• notice — notice
• info — info
• debug — debug
Service The software component associated with the log.
Description Log content.
18
Linksys
Section 3: Configuring the Access Point
Section 3: Configuring the
Access Point
• Administration
• LAN
• Wireless
• Security
• QoS and Access Control
• SNMP
• Captive Portal
• Cluster
Administration
This section describes how to set up your access point and perform diagnostics.
Use the tabs under the Configuration heading on the Administration Web UI.
• System Settings
• Time Settings
• Log Settings
• Email Alert
• Management Access
• HTTP/HTTPS Service
• Discovery - LLDP
• Discovery - Bonjour
System Settings
From the System Settings page, you can change the administrator password and
system settings e.g. device name, system contact. We strongly recommended
you choose a new password based on the standard guidelines for strong
password security instead of using default password, which is ”admin”. Figure 12
shows the System Settings page.
Figure 12: System Settings
Table 15: System Settings page
Field Description
New Password Enter a new administrator password. The characters you
enter are displayed as bullets to prevent others from
seeing your password as you type.
The password can be up to 32 characters. Do not use
special characters or spaces.
Note: As an immediate first step in securing your
wireless network, we recommend that you change the
administrator password from the default.
Confirm New
Password
Re-enter the new administrator password to confirm that
you typed it as intended.
19
Linksys
Section 3: Configuring the Access Point
Device Name Name your AP. This name appears only on the Basic Settings
page and is used to identify the AP to the administrator.
A valid name is 1 to 64 alphanumeric characters, and can
include letters, digits, hyphens and spaces.
System
Contact
System
Location
Enter the name, e-mail address, or phone number of the
person to contact regarding issues related to the AP.
Enter the physical location of the AP, for example
Conference Room A.
Time Settings
The Network Time Protocol (NTP) is an Internet standard protocol that
synchronizes computer clock times on your network. NTP servers transmit
Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their
client systems. NTP sends periodic time requests to servers, using the returned
time stamp to adjust its clock. The timestamp is used to indicate the date and
time of each event in log messages.
See http://www.ntp.org for more information about NTP.
To configure the address of the NTP server that the AP uses or to set the system
time manually, click the Configuration > Administration > Time Settings tab and
update the fields as described in Table 16.
Figure 13 shows the Time Settings page when the manual option is selected.
Figure 13: Setting the Time Manually
Figure 14 shows the Time Settings page when the Use Network Time Protocol
(NTP) option is selected.
Figure 14: Setting the Time Using an NTP Server
NOTE:
The fields available to configure depend on whether you choose to set
the system time manually or by using an NTP server.
20
Linksys
Section 3: Configuring the Access Point
Table 16: Time Settings
Field Description
System Clock
Source
NTP Server IPv4/
IPv6 Addr/Name
Time Zone Select your local time zone from the menu. The default is
Set the system time.
• To permit the AP to poll an NTP server, select Network
Time Protocol (NTP).
• To manually configure the time and date, select
Manually. When this option is selected, the AP does
not attempt to poll an NTP server.
If NTP is enabled, specify the NTP server to use.
You can specify the NTP server by hostname, IPv4 address,
or IPv6 address, although using the IPv4/IPv6 address is
not recommended as these can change more readily.
If you specify a hostname, note the following requirements:
• The length must be between 1–253 characters.
• Upper and lower case characters, numbers, and
hyphens are accepted.
• The first character must be a letter (a–z or A–Z) or
number (0–9), and the last character cannot be a
hyphen.
USA (Pacific).
NOTE:
After you configure the Time settings, you must click Save to apply the
changes and save the changes to startup configuration file. Changing
some settings might cause the AP to stop and restart system processes.
If this happens, wireless clients will temporarily lose connectivity. We
recommend that you change AP settings when WLAN traffic is low.
NOTE:
Hostnames are composed of a series of labels joined with dots, as are
all domain names. Each label must be between 1 and 63 characters
long, and the entire hostname (including dots) has a maximum of 253
characters.
Log Settings
The Log Settings page shows real-time system logs on the AP such as wireless
clients associating with the AP and being authenticated.
From the Log Settings page, you can enable and configure persistent logging to
write system logs to non-volatile memory so that the events are not erased when
the system reboots. This page also gives you the option of enabling a remote log
relay host to capture all system logs and errors in a kernel log.
To view system events, click the Configuration > Administration > Log Settings tab.
Figure 15: Log Settings
Adjust Time
for Daylight
Savings
Daylight Savings
Start
Daylight Saving
End
Daylight Savings
Offset
System will adjust the reported time for Daylight Savings
Time (DST), which is also known as Summer Time. When
selected, fields to configure Daylight Savings Time
settings will appear.
Configure the date and time to begin Daylight Savings
Time for the System Time.
Configure the date and time to end Daylight Savings Time
for the System Time.
Select the number of minutes to offset DST. The default is
60 (minutes).
21
Linksys
Section 3: Configuring the Access Point
Configuring Persistent Logging Options
If the system unexpectedly reboots, log messages can be useful to diagnose the
cause. However, log messages are erased when the system reboots unless you
enable persistent logging.
Caution!
Enabling persistent logging can wear out the flash (non-volatile) memory
and degrade network performance. You should only enable persistent
logging to debug a problem. Make sure you disable persistent logging
after you finish debugging the problem.
Table 17: Logging Options
Field Description
Persistence Choose Enabled to save system logs to non-volatile memory
so that the logs are not erased when the AP reboots. When
persistence is enabled, we can store up to 128 messages in
non-volatile memory. Choose Disabled to save system logs to
volatile memory. Logs in volatile memory are deleted when the
system reboots.
Severity Specify the severity level of the log messages to write to non-
volatile memory. For example, if you specify 2, critical, alert,
and emergency logs are written to non-volatile memory. Error
messages with a severity level of 3–7 are written to volatile
memory.
• 0 — emergency
• 1 — alert
• 2 — critical
• 3 — error
• 4 — warning
• 5 — notice
NOTE:
To apply your changes, click Save. Changing some settings might cause
the AP to stop and restart system processes. If this happens, wireless
clients will temporarily lose connectivity. We recommend that you
change AP settings when WLAN traffic is low.
Configuring the Log Relay Host for Kernel
Messages
The Kernel Log is a comprehensive list of system events (shown in the System
Log) and kernel messages such as error conditions, like dropping frames.
You cannot view kernel log messages directly from the Administration Web UI
for an AP. You must first set up a remote server running a syslog process and
acting as a syslog log relay host on your network. Then, you can configure the
access point to send syslog messages to the remote server.
Remote log server collection for AP syslog messages provides the following
features:
• Allows aggregation of syslog messages from multiple APs
• Stores a longer history of messages than kept on a single AP
• Triggers scripted management operations and alerts
To use Kernel Log relaying, you must configure a remote server to receive the
syslog messages. The procedure to configure a remote log host depends on the
type of system you use as the remote host.
NOTE:
The syslog process will default to use port 514. We recommend keeping
this default port. However, If you choose to reconfigure the log port,
make sure that the port number you assign to syslog is not being used by
another process.
• 6 — info
• 7 — debug
Depth You can store up to 512 messages in non-volatile memory. Once
the number you configure in this field is reached, the oldest log
event is overwritten by the new log event.
22
Linksys
Section 3: Configuring the Access Point
Enabling or Disabling the Log Relay Host
on the Log Settings Page
To enable and configure Log Relaying on the Log Settings page, set the Log
Relay options as described in the following table, and then click Save.
Table 18: Log Relay Host
Field Description
Relay Log Select Enabled to allow the access point to send log messages
to a remote host. Select Disabled to keep all log messages on
the local system.
Relay Host Specify the IPv4 address, IPv6 address, or DNS name of the
remote log server.
Relay Port Specify the Port number for the syslog process on the Relay
Host.
The default port is 514.
NOTE:
To apply your changes, click Save. Changing some settings might cause
the AP to stop and restart system processes. If this happens, wireless
clients will temporarily lose connectivity. We recommend that you
change AP settings when WLAN traffic is low.
Email Alert
The Email Alert feature allows the AP to automatically send email messages
when an event at or above the configured severity level occurs. Use the Email
Alert page to configure mail server settings, to set the severity level that triggers
alerts, and to add up to three email addresses where urgent and non urgent
email alerts are sent.
Figure 16: Configuring Email Alert
NOTE:
Hostnames are composed of series of labels joined with dots, as are
all domain names. Each label must be between 1 and 63 characters
long, and the entire hostname (including dots) has a maximum of 253
characters.
If you enabled the Log Relay Host, clicking Save will activate remote logging.
The AP will send its kernel messages in real-time for display to the remote log
server monitor, a specified kernel log file, or other storage, depending on how
you configured the Log Relay Host.
If you disabled the Log Relay Host, clicking Save will disable remote logging.
Table 19: Email Alert Configuration
Field Description
Global Configuration
Admin Mode Globally enable or disable the Email Alert feature on
the AP. By default, email alerts are disabled.
23
Linksys
Section 3: Configuring the Access Point
From Email Address Specify the email address that appears in the From
field of alert messages sent from the AP, for example
AP23@foo.com. The address can be a maximum
of 255 characters and can contain only printable
characters. By default, no address is configured.
Log Duration This duration, in minutes, determines how frequently
the non critical messages are sent to the SMTP
Server. The range is 30-1440 minutes. The default is
30 minutes.
Urgent Message
Severity
Configures the severity level for log messages
that are considered to be urgent. Messages in this
category are sent immediately. The security level you
select and all higher levels are urgent:
• Emergency indicates system is unusable. It is the
highest level of severity.
• Alert indicates action must be taken
immediately.
• Critical indicates critical conditions.
• Error indicates error conditions.
• Warning indicates warning conditions.
• Notice indicates normal but significant
conditions.
• Informational indicates informational messages.
• Debug indicates debug-level messages.
Mail Server Configuration
Mail Server Address Specify the IP address or hostname of the SMTP
server on the network.
Mail Server Security Specify whether to use SMTP over SSL (TLSv1) or
no security (Open) for authentication with the mail
server. The default is TLSv1.
Mail Server Port Configures the TCP port number for SMTP. The range
is a valid port number from 0 to 65535. The default is
“465”, which is the standard port for SMTP.
Username Specify the username to use when authentication
with the mail server is required. The username is a
64-byte character string with all printable characters.
The default is “admin”.
Password Specify the password associated with the username
configured in the previous field.
Message Configuration
To Address 1 Configure the first email address to which alert
messages are sent. The address must be a valid email
address. By default, no address is configured.
To Address 2 Optionally, configure the second email address to
which alert messages are sent. The address must
be a valid email address. By default, no address is
configured.
Non Urgent Severity Configures the severity level for log messages that
are considered to be non urgent. Messages in this
category are collected and sent in a digest form at
the time interval specified by the Log Duration field.
The security level you select, and all levels up to but
not including the lowest urgent level, are considered
non-urgent. Messages below the security level you
specify are not sent via email.
See the Urgent Message field description for
information about the security levels.
To Address 3 Optionally, configure the third email address to
which alert messages are sent. The address must
be a valid email address. By default, no address is
configured.
Email Subject Specify the text to be displayed in the subject of the
email alert message. The subject can contain up to
255 alphanumeric characters. The default is “Log
message from AP”.
24
Linksys
Section 3: Configuring the Access Point
NOTE:
After you configure the Email Alert settings, you must click Save to apply
the changes and save the changes to startup configuration file.
NOTE:
Hostnames are composed of a series of labels joined with dots, as are
all domain names. Each label must be between 1 and 63 characters
long, and the entire hostname (including dots) has a maximum of 253
characters.
To validate the configured email server credentials, click Test Mail. You can send
a test email once the email server details are configured.
The following text shows an example of an email alert sent from the AP to the
network administrator:
From: AP-192.168.2.10@mailserver.com
Sent: Wednesday, February 08, 2012 11:16 AM
To: administrator@mailserver.com
Subject: log message from AP
TIME Priority Process Id Message
Feb 8 03:48:25 info login[1457] root login on ‘ttyp0’
Feb 8 03:48:26 info mini_http-ssl[1175] Max concurrent connections of
20 reached
on current connections of 20 reached
Management Access
You can create an access control list (ACL) that lists up to five IPv4 hosts and
five IPv6 hosts that are authorized to access the AP management interface. If
this feature is disabled, anyone can access the management interface from any
network client by supplying the correct AP user name and password.
Figure 17: Management Access
Table 20: Management Access
Field Description
Management
ACL Mode
IP Address
(1–5)
Enable or disable the management ACL feature. At least one
IPv4 or IPv6 address should be configured before enabling
Management ACL Mode. If enabled, only the IP addresses
you specify will have Web, Telnet, SSH, and SNMP access to
the management interface.
Enter up to five IPv4 addresses that are allowed
management access to the AP. Use dotted-decimal format
(for example, 192.168.10.10).
IPv6 Address
(1–5)
NOTE:
After you configure the settings, click Save to apply the changes and to
save the settings.
Enter up to five IPv6 addresses that are allowed
management access to the AP. Use the standard IPv6
address format (for example 2001:0db8:1234::abcd).
25
Linksys
Section 3: Configuring the Access Point
HTTP/HTTPS Service
The AP can be managed through HTTP or secure HTTP (HTTPS) sessions. By
default both HTTP and HTTPS access are enabled. Either access type can be
disabled separately.
To configure Web server settings, click the Services > Web Server tab.
Figure 18: HTTP/HTTPS Service
Table 21: HTTP/HTTPS Service
Field Description
HTTP Server
Status
HTTP Port Specify the port number for HTTP traffic (default is “80”).
HTTP Redirect
to HTTPS
HTTPS Server
Status
HTTPS Port Specify the port number for HTTPS traffic (default is
Maximum
Sessions
Enable or disable access through HTTP. This setting is
independent of the HTTPS server status setting.
Redirecting all traffic from HTTP to HTTPS and make
sure users always access the site securely. This field is
available only when HTTP access disabled.
Enable or disable access through a Secure HTTP Server
(HTTPS).
“443”).
When a user logs in to the AP web interface, a session is
created. This session is maintained until the user logs off
or the session inactivity timer expires.
Enter the number web sessions, including both HTTP
and HTTPS, that can exist at the same time. The range is
1–10 sessions. The default is “5”. If the maximum number
of sessions is reached, the next user who attempts to log
on to the AP web interface receives an error message
about the session limit.
Session
Timeout
Generate SSL Certificate
Enter the maximum amount of time in minutes an
inactive user remains logged on to the AP web interface.
When the configured timeout is reached, the user is
automatically logged off the AP. The range is 1–1440
minutes (1440 minutes = 1 day). The default is “60”
(minutes).
26
Linksys
Section 3: Configuring the Access Point
Generate SSL
Certificate
SSL Certificate File Status
Certificate File
Present
Certificate
Expiration
Date
Certificate
Issuer
Common
Name
To Get the Current HTTP SSL Certificate
Download
Method
Click Generate to generate a new HTTP SSL certificate
for the secure Web server. This should be done once
the access point has an IP address to ensure that the
common name for the certificate matches the IP address
of the access point. Generating a new SSL certificate will
restart the secure Web server. The secure connection
will not work until the new certificate is accepted on the
browser.
Indicates if the HTTP SSL Certificate file is present. Range
is either Yes or No.
Indicates when the HTTP SSL Certificate file will expire.
The range is a valid date.
The Common Name attribute of the server certificate.
The range is a valid string. For example, /CN=selfsigned/OU=Broadcom Corp./L=Morrisville/ST=North
Carolina/C=US
Select either HTTP/HTTPS or TFTP option. Click
Download to save the current HTTP SSL Certificate as a
backup file to your PC.
Upload
Method
HTTP SSL
Certificate File
Server IP The IPv4 or IPv6 address of the TFTP server where the
NOTE:
Click Save to apply the changes and save the changes to startup
configuration file. If you disable the protocol you are currently using to
access the AP management interface, the current connection will end
and you will not be able to access the AP by using that protocol until it is
enabled.
Select the upload method:
• HTTP/HTTPS: Upload the file by using a Web
browser
• TFTP: Upload the file from a TFTP server
If the selected upload method is HTTP, click the Browse
button to browse to the file to upload to the AP.
If the selected upload method is TFTP, this field displays
a text box. Enter the filename of the certificate to upload
to the AP.
Note: File name should not contain spaces, < , > , | , \ ,
/ , : , (, ), & , ; , # , ?, *, $, %, ‘, “, and successive ‘.’ .
file is located. The default is “0.0.0.0.”
HTTP SSL
Certificate File
Server IP The IPv4 or IPv6 address of the TFTP server where the
Upload SSL Certificate
This field is available when the selected download
method is TFTP. Enter the filename of the certificate. The
filename is a 256-byte alphanumeric string. The default
is “Mini_httpd.pem”.
Note: File name should not contain spaces, < , > , | , \ ,
/ , : , (, ), & , ; , # , ?, *, $, %, ‘, “, and successive ‘.’ .
file will be downloaded. The default is “0.0.0.0”.
27
Linksys
Section 3: Configuring the Access Point
Discovery - LLDP
Link Layer Discovery Protocol (LLDP) is defined by the IEEE 802.1AB standard and
allows the access point to advertise information about itself such as the system
name, port name, system capabilities, and power requirements. This information
can help you identify system topology and detect bad configurations on the
LAN. The AP also supports the Link Layer Discovery Protocol for Media Endpoint
Devices (LLDP-MED), which standardizes additional information elements that
devices can pass to each other to improve network management.
To configure LLDP settings, click the Services > LLDP tab and update the fields
as described in Table 22.
Figure 19: Discovery-LLDP
Table 22: LLDP Settings
Field Description
LLDP Mode Enables or disables LLDP. The default is Enabled.
Advertise
Interval
PoE Priority The priority level transmitted by the AP in the Extended Power
Click Save to apply the changes and save the changes to startup configuration file.
Specifies the number of seconds between LLDP message
transmissions. The default transmission interval is “30”
seconds and can be set from “5” to 32768 (seconds).
information element. The PoE priority level helps the Power
Sourcing Equipment (PSE), such as a switch, determine which
powered devices should be given priority in power allocation
when the PSE doesn’t have enough capacity to supply power
to all connected devices. The PoE priority can be one of the
following:
• Low
• High
• Critical
• Unknown
Discovery - Bonjour
Bonjour is a software feature that allows the wireless access point and its
services to be discovered on a local network using multicast Domain Name
System (mDNS) service records. You can either enable or disable the Bonjour
component systemwide. The feature is not configurable on any specific
network interface.
To set Bonjour status, click the Configuration > Administrator > Discovery -
Bonjour tab.
Figure 20: Discovery - Bonjour
Table 23: Discovery - Bonjour
Field Description
Bonjour
Status
The access point uses a default AP IP address assignment if a DHCP server
is absent in the network. There is no implementation of IPv4 Link-Local
Addressing or IPv6 Stateless Address Auto-configuration for the access point.
DNS-SD and mDNS are used for advertisement of services and hostname
lookup. The service types listed in the following table are defined by the DNSSD records and advertised via mDNS by the Bonjour component. The Bonjour
component works in both IPv4 and IPv6 networks.
Service Type Description
brcm-sb Broadcom-specific service type. Allows clients to discover
http AP management Web UI.
https AP switch management Web UI.
telnet AP management CLI.
ssh Secure AP management CLI.
Enables or disables Bonjour. The default is Enabled.
Table 24: Bonjour Status Service Types
Broadcom devices.
28
Loading...