User Manual
Insight Managed Smart Cloud
Wireless Access Point
AC3000 802.11ac Wave 2 Tri Radio
Model WAC540
NETGEAR, Inc.
350 E. Plumeria DriveMarch 2019
San Jose, CA 95134, USA202-11795-01
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Support
Thank you for purchasing this NETGEAR product. You can visit
https://www.netgear.com/support/ to register your product, get help, access the latest
downloads and user manuals, and join our community. We recommend that you use
only official NETGEAR support resources.
Compliance and Conformity
For regulatory compliance information including the EU Declaration of Conformity, visit
https://www.netgear.com/about/regulatory/.
See the regulatory compliance document before connecting the power supply.
Do not use this device outdoors. If you connect cables or devices that are outdoors to
this device, see http://kb.netgear.com/000057103 for safety and warranty information.
Trademarks
© NETGEAR, Inc., NETGEAR, and the NETGEAR Logo are trademarks of NETGEAR, Inc.
Any non-NETGEAR trademarks are used for reference purposes only.
Revision History
Number
CommentsPublish DatePublication Part
First publication.March 2019202-11795-01
2
Contents
Chapter 1 Hardware Overview
About NETGEAR Insight......................................................................8
Related documentation.......................................................................8
Unpack the access point......................................................................8
Top panel with LEDs.............................................................................9
Back panel...........................................................................................11
Product label.......................................................................................12
Safety instructions and warnings......................................................13
Chapter 2 Install the Access Point in Your Network and Access It
for Initial Configuration
Position your access point.................................................................17
Set up and connect the access point to your network...................18
Set up the access point with a PoE network connection..........18
Set up the access point with a non-PoE network connection...19
Connect to the access point for initial configuration.....................20
Connect over WiFi using the NETGEAR Insight Mobile App on
an iOS or Android mobile device................................................21
Connect over the Internet using the NETGEAR Insight Cloud
Portal................................................................................................21
Connect over WiFi using a WiFi-enabled computer or mobile
device..............................................................................................22
Connect over Ethernet using a computer connected to the same
network............................................................................................26
Connect over Ethernet using a directly connected computer..29
Log in to the access point after initial setup to view or change
settings.................................................................................................33
Chapter 3 Manage the Basic WiFi and Radio Features
Set up and manage WiFi networks..................................................36
Set up an open or secure WiFi network......................................36
View or change the settings of a WiFi network..........................42
Disable or enable a WiFi network or set up a WiFi activity
schedule..........................................................................................43
Remove a WiFi network.................................................................44
Enable or disable client isolation for a WiFi network................45
3
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Hide or broadcast the SSID for a WiFi network..........................46
Enable or disable band steering with 802.11k RRM and 802.11v
WiFi network management..........................................................47
Change the VLAN ID for a WiFi network.....................................48
Enable or disable PMF for a WiFi network..................................49
Enable or disable URL tracking for a WiFi network...................49
Select a MAC ACL for a WiFi network.........................................50
Set bandwidth rate limits for a WiFi network..............................52
Register and configure Facebook Wi-Fi for the access point...53
Set up a captive portal for a WiFi network..................................55
Unregister the access point from Facebook Wi-Fi....................58
Manage the basic radio features......................................................59
Manage the basic settings for the radios....................................59
Turn a radio on or off.....................................................................63
Change the WiFi mode for a radio..............................................63
Change the MCS index and data rate for a radio......................65
Change the channel width for a radio.........................................66
Change the output power for a radio.........................................67
Change the guard interval for a radio.........................................68
Change the channel for a radio...................................................69
Manage Quality of Service for a WiFi radio................................69
Chapter 4 Manage the Advanced WiFi and Radio Features
Manage the advanced radio features..............................................73
Manage the advanced WiFi settings for the radios...................73
Manage the maximum number of clients for a radio................76
Manage the broadcast and multicast settings for a radio........77
Manage load balancing for the radios........................................78
Manage Airtime Fairness for the radios......................................80
Set a data volume limit for the access point....................................81
Set up a WiFi bridge between access points..................................84
Chapter 5 Manage Access and Security
Block specific URLs and keywords for Internet access..................90
Manage local MAC access control lists............................................91
Manually set up a MAC access control List.................................92
Import an existing MAC access control list.................................95
Manage user accounts.......................................................................98
Add a user account........................................................................98
Change the settings for a user account......................................99
Remove a user account...............................................................100
Manage neighbor AP detection.....................................................101
Enable neighbor access point detection and move access points
to the Known AP List....................................................................101
4
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Import an existing neighbor access point list in the Known AP
List..................................................................................................104
Set up RADIUS servers.....................................................................106
Chapter 6 Manage the Local Area Network and IP Settings
Disable the DHCP client and specify a fixed IP address..............109
Enable the DHCP client...................................................................110
Set the 802.1Q VLAN and management VLAN............................111
Enable or disable Spanning Tree Protocol...................................113
Enable or disable the network integrity check function..............114
Enable or disable IGMP snooping.................................................114
Enable or disable Ethernet LLDP....................................................115
Enable or disable UPnP...................................................................116
Manage the link aggregation capability........................................117
Chapter 7 Manage and Maintain the Access Point
Change the management mode to NETGEAR Insight or
Web-browser....................................................................................120
Change the country or region of operation..................................121
Change the admin user account password..................................122
Change the system name................................................................123
Specify a custom NTP server...........................................................124
Set the time zone..............................................................................125
Manage the syslog settings.............................................................126
Manage the firmware of the access point.....................................127
Check for new firmware and upgrade the access point.........127
Manually download firmware and upgrade the access point.128
Revert to the backup firmware...................................................130
Use an SFTP server to upgrade the access point....................131
Manage the configuration file of the access point.......................132
Back up the access point configuration....................................132
Restore the access point configuration.....................................133
Reboot the access point from the local browser interface.........134
Schedule the access point to reboot.............................................135
Return the access point to its factory default settings.................135
Use the Reset button...................................................................136
Use the local browser interface..................................................137
Enable or disable Telnet..................................................................138
Enable or disable Secure Shell.......................................................139
Enable SNMP and manage the SNMP settings............................139
Manage the LEDs.............................................................................141
Chapter 8 Monitor the Access Point and the Network
View the access point Internet, IP, and system settings..............143
5
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
View the WiFi radio settings............................................................146
View unknown and known neighbor access points.....................149
View client distribution, connected clients, and client trends....150
View WiFi and Ethernet traffic, traffic statistics, and channel
utilization...........................................................................................154
View or download tracked URLs.....................................................156
View, save, download, or clear the logs........................................158
View a WiFi bridge connection.......................................................159
View the data volume consumption..............................................160
View Air Time Fairness client distribution.....................................161
View alarms and notifications.........................................................163
Chapter 9 Diagnostics and Troubleshooting
Capture WiFi and Ethernet packets...............................................165
Perform a ping test...........................................................................167
Check the Internet speed................................................................168
Quick tips for troubleshooting.......................................................169
Troubleshoot with the LEDs............................................................170
Power/Cloud LED is off...............................................................171
Power/Cloud LED remains solid amber...................................171
Power/Cloud LED is blinking amber slowly, continuously.....172
The access point functions as a PoE PD and the Power/Cloud
LED remains solid amber............................................................172
Power/Cloud LED does not light blue in the NETGEAR Insight
management mode.....................................................................173
2.4, 5H, or 5L WLAN LED Is Off..................................................173
A LAN LED is off while a switch or LAN device is connected..174
Troubleshoot the WiFi connectivity...............................................174
Troubleshoot Internet browsing.....................................................175
You cannot log in to the access point over a LAN connection....176
Changes are not saved....................................................................176
Troubleshoot your network using the ping utility........................177
Test the LAN path to your access point....................................177
Test the path from your computer to a remote device...........178
Appendix A Factory Default Settings and Technical Specifications
Factory settings.................................................................................180
Technical specifications...................................................................183
6
1
Hardware Overview
The NETGEAR Insight Managed Smart Cloud Wireless Access Point (WAC540) AC3000
802.11ac Wave 2 Tri Radio, in this manual referred to as the access point, supports three
radios with tri-band concurrent operation at 2.4 GHz, 5 GHz low band, and 5 GHz high
band.
The access point can provide a combined throughput of 3000 Mbps (400 Mbps at
2.4 GHz, 867 Mbps at 5 GHz low band, and 1733 Mbps at 5 GHz high band). The access
point can function as a Power over Ethernet plus (PoE+) powered device (PD) so that
you can connect it to a PoE+ switch in an existing network and let it operate without a
power adapter. With a power adapter, you can connect the access point to a regular
switch. A second Ethernet LAN port supports a link aggregation (LAG) connection.
This chapter contains the following sections:
• About NETGEAR Insight
• Related documentation
• Unpack the access point
• Top panel with LEDs
• Back panel
• Product label
• Safety instructions and warnings
Note: For more information about the topics that are covered in this manual, visit the
support website at netgear.com/support/.
Note: Firmware updates with new features and bug fixes are made available from time
to time at netgear.com/support/download/. You can check for and download new
firmware manually. If the features or behavior of your product does not match what is
described in this manual, you might need to update the firmware.
Note: In this user manual, WiFi network means the same as SSID (service set identifier
or WiFi network name) or VAP (virtual access point). That is, in this user manual, when
we refer to a WiFi network we mean an individual SSID or VAP.
7
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
About NETGEAR Insight
The access point supports the NETGEAR Insight mobile app, which lets you set up and
manage the access point from your iOS or Android mobile device and connects to the
Insight cloud-based management platform. For Insight Premium or Insight Pro
subscribers, the access point also supports the Insight Cloud Portal, which is the website
that provides access to the Insight cloud-based management platform. However, this
user manual describes the local browser–based management interface, in this manual
referred to as the local browser interface. For more information about NETGEAR Insight,
visit insight.netgear.com and see the NETGEAR knowledge base at
netgear.com/support/product/insight.aspx.
If you install the access point as a NETGEAR Insight managed device, the settings for
features that you can manage through the Insight mobile app and Insight Cloud Portal
are masked out in the local browser interface. However, using the local browser interface,
you can still manage the settings for certain features that are not yet supported in Insight.
For more information, visit the NETGEAR knowledge base at
netgear.com/support/product/insight.aspx and search for What is Hybrid Management
Mode.
Related documentation
The following related documentation is available at netgear.com/support/download/:
Installation guide
•
Ceiling and wall-mount guide
•
Data sheet
•
For information about the NETGEAR Insight mobile app and the Insight Cloud Portal,
visit insight.netgear.com and see the NETGEAR knowledge base at
netgear.com/support/product/insight.aspx.
Unpack the access point
The package includes the following items:
Access point model WAC540 or WAC540PA
•
Ceiling and wall-mount kit
•
Installation guide
•
User Manual8Hardware Overview
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Ceiling and wall-mount guide
•
DC power adapter (model WAC540PA only, sold separately for model WAC540)
•
Other than a power adapter, model WAC540 and model WAC540PA are identical. Each
model can function as a PoE+ PD connected to a PoE+ switch so that you can use the
access point without a power adapter.
Top panel with LEDs
The LEDs that provide the status of the access point are located on the top panel of the
access point.
Figure 1. Top panel with LEDs
Table 1. LED descriptions
DescriptionLED
Power/Cloud LED
LAN 1 LED
Off. No power is supplied to the access point.
Solid green. The access point functions either as a standalone access point or as an Insight
discovered access point that is not connected to the Insight cloud-based management platform.
Solid blue. The access point functions in Insight mode and is connected to the Insight
cloud-based management platform.
Solid amber. During startup, the Power/Cloud LED lights solid amber. If after five minutes the
amber light remains, either a boot error occurred, or, if the access point functions as a PoE+
PD device, it might not be receiving power at the required 802.3at (PoE+) level.
Blinking amber quickly, temporarily. The access point is upgrading firmware.
Blinking amber slowly, continuously. The access point did not receive an IP address from a
DHCP server.
Off. Either no powered-on Ethernet device is connected to the LAN port, or, if a powered-on
Ethernet device is connected, no Ethernet link is detected.
Solid green. A 1000 Mbps Ethernet link is detected on the LAN port.
Blinking green. 1000 Mbps traffic activity is detected on the LAN port.
Solid amber. A 10 or 100 Mbps Ethernet link is detected on the LAN port.
Blinking amber. 10 or 100 Mbps traffic activity is detected on the LAN port.
User Manual9Hardware Overview
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Table 1. LED descriptions (Continued)
DescriptionLED
LAN 2 LED
2.4G WLAN LED
5H WLAN LED
5L WLAN LED
Off. Either no powered-on Ethernet device is connected to the LAN port, or, if a powered-on
Ethernet device is connected, no Ethernet link is detected.
Solid green. A 1000 Mbps Ethernet link is detected on the LAN port.
Blinking green. 1000 Mbps traffic activity is detected on the LAN port.
Solid amber. A 10 or 100 Mbps Ethernet link is detected on the LAN port.
Blinking amber. 10 or 100 Mbps traffic activity is detected on the LAN port.
Off. The 2.4 GHz WiFi radio is off.
Solid green. The 2.4 GHz WiFi radio is on.
Solid blue. One or more WLAN clients are connected to the 2.4 GHz WiFi radio.
Blinking blue. Traffic is detected on the 2.4 GHz WiFi radio.
Off. The 5 GHz high band WiFi radio is off.
Solid green. The 5 GHz high band WiFi radio is on.
Solid blue. One or more WLAN clients are connected to the 5 GHz high band WiFi radio.
Blinking blue. Traffic is detected on the 5 GHz high band WiFi radio.
Off. The 5 GHz low band WiFi radio is off.
Solid green. The 5 GHz low band WiFi radio is on.
Solid blue. One or more WLAN clients are connected to the 5 GHz low band WiFi radio.
Blinking blue. Traffic is detected on the 5 GHz low band WiFi radio.
Note: For information about troubleshooting with the LEDs, see Troubleshoot with the
LEDs on page 170.
User Manual10Hardware Overview
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Back panel
The back panel of the access point provides a DC power connector, two LAN ports, and
a Reset button.
Figure 2. Access point back panel
Viewed from left to right, the back panel contains the following components:
1. Reset button. Press the Reset button for about 2 seconds to reboot the access point
or for more than 10 seconds to reset the access point to factory default settings. If
you added the access point to a NETGEAR Insight network location, you must first
use the Insight mobile app or Insight Cloud Portal to remove the access point from
your Insight network location before the factory default settings function of the Reset
button is available. For more information, see Use the Reset button on page 136.
2. LAN 2 port. One Gigabit Ethernet RJ-45 LAN port. Use the LAN 2 port to connect
the access point to the same switch as the LAN 1 port for a link aggregation (LAG)
connection. The switch must be capable of supporting a LAG connection, which you
must configure on the switch. By default, LAG capability is supported on the access
point. If you manually disable LAG capability, the LAN 2 port is also disabled. For
more information, see Manage the link aggregation capability on page 117.
Note: If you want to connect a switch to the LAN 2 port instead of the LAN 1 port,
use a power adapter, do not use a LAG connection, and do not manually disable
the LAG capability. However, if you connect a switch to the LAN 1 port, you can use
the LAN 2 port only for a LAG connection, not for any other type of connection.
User Manual11Hardware Overview
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
3. LAN 1 port. One Gigabit Ethernet RJ-45 LAN port that can accept PoE+ power. Use
the LAN 1 port to connect the access point to a switch or PoE+ switch that is
connected to a network router with an Internet connection. You can also use the
LAN 1 port to connect the access point to a computer for initial configuration. If you
use PoE power, the access point requires 802.3at (PoE+) input. For optimal
functioning, make sure that you use an 802.3at (PoE+) switch and not an 802.3af
(PoE) switch.
Note: The LAN 1 port is a PoE+ PD port that you can connect to a PoE+ switch or
non-PoE switch. The LAN 2 port is a non-PoE port that you can connect to a non-PoE
switch. You must connect either the LAN 1 port or, if you use a power adapter, the
LAN 2 port to a switch for a network connection.
4. DC power connector. If you do not use a PoE connection, connect a power adapter
to the DC power connector. The access point requires 12V, 2.5A input.
Model WAC540 comes without a power adapter but you can order a power adapter
as an option.
Model WAC540PA comes with a power adapter.
For more information about the LAN port connection, see Set up and connect the access
point to your network on page 18.
Product label
The product label on the bottom panel of the access point shows the serial number,
MAC address, default WiFi network name (SSID), network key (password), and default
login information of the access point.
Figure 3. Product label
User Manual12Hardware Overview
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Safety instructions and warnings
Use the following safety guidelines to ensure your own personal safety and to help
protect your system from potential damage.
To reduce the risk of bodily injury, electrical shock, fire, and damage to the equipment,
observe the following precautions:
This product is designed for indoor use only in a temperature-controlled and
•
humidity-controlled environment. For more information, see the environmental
specifications in the appendix or the data sheet.
Any device that is located outdoors and connected to this product must be properly
grounded and surge protected.
Failure to follow these guidelines can result in damage to your NETGEAR product,
which might not be covered by NETGEAR’s warranty, to the extent permissible by
applicable law.
Observe and follow service markings:
•
- Do not service any product except as explained in your system documentation.
Some devices should never be opened.
-
If applicable to your device, opening or removing covers that are marked with
the triangular symbol with a lightning bolt can expose you to electrical shock.
We recommend that only a trained technician services components inside these
compartments.
If any of the following conditions occur, unplug the product from the electrical outlet
•
and replace the part or contact your trained service provider:
- Depending on your device, the power adapter, power adapter cable, power
cable, extension cable, or plug is damaged.
-
An object fell into the product.
- The product was exposed to water.
- The product was dropped or damaged.
-
The product does not operate correctly when you follow the operating
instructions.
Keep your system away from radiators and heat sources. Also, do not block cooling
•
vents.
Do not spill food or liquids on your system components, and never operate the
•
product in a wet environment. If the system gets wet, see the appropriate section in
your troubleshooting guide, or contact your trained service provider.
User Manual13Hardware Overview
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Do not push any objects into the openings of your system. Doing so can cause fire
•
or electric shock by shorting out interior components.
Use the product only with approved equipment.
•
If applicable to your device, allow the product to cool before removing covers or
•
touching internal components.
Operate the product only from the type of external power source indicated on the
•
electrical ratings label. If you are not sure of the type of power source required,
consult your service provider or local power company.
To avoid damaging your system, if your device uses a power supply with a voltage
•
selector, be sure that the selector is set to match the power at your location:
-
115V, 60 Hz in most of North and South America and some Far Eastern countries
such as South Korea and Taiwan
- 100V, 50 Hz in eastern Japan and 100V, 60 Hz in western Japan
-
230V, 50 Hz in most of Europe, the Middle East, and the Far East
Be sure that attached devices are electrically rated to operate with the power available
•
in your location.
Depending on your device, use only a supplied power adapter or approved power
•
cable:
If your device uses a power adapter:
-
If you were not provided with a power adapter, contact your local NETGEAR
reseller.
-
The power adapter must be rated for the product and for the voltage and current
marked on the product electrical ratings label.
If your device uses a power cable:
-
If you were not provided with a power cable for your system or for any
AC-powered option intended for your system, purchase a power cable approved
for your country.
-
The power cable must be rated for the product and for the voltage and current
marked on the product electrical ratings label. The voltage and current rating of
the cable must be greater than the ratings marked on the product.
To help prevent electric shock, plug the system and peripheral power cables into
•
properly grounded electrical outlets.
If applicable to your device, the peripheral power cables are equipped with
•
three-prong plugs to help ensure proper grounding. Do not use adapter plugs or
remove the grounding prong from a cable. If you must use an extension cable, use
a three-wire cable with properly grounded plugs.
User Manual14Hardware Overview
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Observe extension cable and power strip ratings. Make sure that the total ampere
•
rating of all products plugged into the extension cable or power strip does not
exceed 80 percent of the ampere ratings limit for the extension cable or power strip.
To help protect your system from sudden, transient increases and decreases in
•
electrical power, use a surge suppressor, line conditioner, or uninterruptible power
supply (UPS).
Position system cables, power adapter cables, or power cables carefully. Route
•
cables so that they cannot be stepped on or tripped over. Be sure that nothing rests
on any cables.
Do not modify power adapters, power adapter cables, power cables or plugs. Consult
•
a licensed electrician or your power company for site modifications.
Always follow your local and national wiring rules.
•
User Manual15Hardware Overview
2
Install the Access Point in Your Network and Access It for Initial Configuration
This chapter describes how you can install and access the access point in your network.
The chapter contains the following sections:
• Position your access point
• Set up and connect the access point to your network
• Connect to the access point for initial configuration
• Log in to the access point after initial setup to view or change settings
16
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Position your access point
Before you install your access point as described in the mounting installation guide,
consider how you will position the access point.
The access point lets you access your network anywhere within the operating range of
your WiFi network. However, the operating distance or range of your WiFi connection
can vary significantly depending on the physical placement of your access point. For
example, the thickness and number of walls the WiFi signal passes through can limit
the range.
Additionally, other WiFi access points in and around your home might affect your access
point’s signal. WiFi access points can be routers, repeaters, WiFi range extenders, and
any other devices that emit WiFi signals for network access.
Position your access point according to the following guidelines:
Place your access point near the center of the area where your computers and other
•
devices operate and within line of sight to your WiFi devices.
If you use a power adapter, make sure that the access point is within reach of an AC
•
power outlet.
Place the access point in an elevated location, minimizing the number walls and
•
ceilings between the access point and your other devices.
Place the access point away from electrical devices such as these:
•
-
Ceiling fans
- Home security systems
- Microwaves
- Computers
-
Base of a cordless phone
- 2.4 GHz and 5.8 GHz cordless phones
Place the access point away from large metal surfaces, large glass surfaces, insulated
•
walls, and items such as these:
- Solid metal door
- Aluminum studs
- Fish tanks
- Mirrors
- Brick
- Concrete
Network and Access It for Initial
Configuration
User Manual17Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
If you are using adjacent access points, use different radio frequency channels to reduce
interference.
Set up and connect the access point to your network
The access point is intended to function as a WiFi access point in your existing network.
The following sections describe how you can connect the access point to your network:
Set up the access point with a PoE network connection on page 18
•
Set up the access point with a non-PoE network connection on page 19
•
To set up your access point, follow the procedure in one of these sections.
Set up the access point with a PoE network connection
You can connect the access point to a Power over Ethernet plus (PoE+) switch in your
network. The switch must be connected to a network router that is connected to the
Internet. If you use a PoE+ connection, the access point does not require a power
adapter.
WiFi clients can connect to the access point and access your network and the Internet.
Figure 4. Set up the access point with a PoE+ connection to your network
Network and Access It for Initial
Configuration
User Manual18Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
To set up the access point with a PoE connection to your network:
1. Connect an Ethernet cable to the LAN 1 port on the access point.
This is the LAN port next to the DC power connector.
2.
Connect the other end of the Ethernet cable to a PoE+ port on a PoE+ switch that
is connected to your network and to the Internet.
The access point requires 802.3at (PoE+) input. For optimal functioning, make sure
that you use an 802.3at (PoE+) switch and not an 802.3af (PoE) switch.
The Power/Cloud LED lights solid amber. After about one minute, if the access point
is connected to a DHCP server, the Power/Cloud LED turns solid green and the
access point is ready for you to perform the initial configuration.
For information about accessing the access point for initial configuration, see Connect
to the access point for initial configuration on page 20.
Set up the access point with a non-PoE network connection
You can connect the access point to a regular switch, that is, a non–Power over Ethernet
switch in your network. The switch must be connected to a network router that is
connected to the Internet. If you use a regular switch, the access point requires a power
adapter, which is an option that you can purchase for model WAC540. (Model
WAC540PA comes with a A DC power adapter.)
WiFi clients can connect to the access point and access your network and the Internet.
Figure 5. Set up the access point with a connection to your network
To set up the access point with a non-PoE connection to your network:
1. Connect an Ethernet cable to the LAN 1 port on the access point.
2.
Connect the other end of the Ethernet cable to a switch that is connected to your
network and to the Internet.
User Manual19Install the Access Point in Your
Network and Access It for Initial
Configuration
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
3. Connect the power adapter to the access point and plug it into an electrical outlet.
The Power/Cloud LED lights solid amber. After about one minute, if the access point
is connected to a DHCP server, the Power/Cloud LED turns solid green and the
access point is ready for you to perform the initial configuration.
For information about accessing the access point for initial configuration, see Connect
to the access point for initial configuration on page 20.
Connect to the access point for initial configuration
After you set up the access point, you can use several methods to connect to it for initial
configuration.
You can connect to the access point by using the NETGEAR Insight mobile app on an
iOS or Android mobile device, by accessing the Insight Cloud Portal, or by using the
local browser interface. You cannot use Insight access with the local browser interface.
These types of access are mutually exclusive.
The Insight mobile app and the Insight Cloud Portal provide ease of access and let you
configure most features that are available on the access point. The local browser interface
lets you configure all features that are available on the access point.
If you use the Insight mobile app or the Insight Cloud Portal to connect to the access
point, see one of the following sections:
Connect over WiFi using the NETGEAR Insight Mobile App on an iOS or Android
•
mobile device on page 21
Connect over the Internet using the NETGEAR Insight Cloud Portal on page 21
•
If you use the local browser interface to connect to the access point, follow the procedure
in one of these sections:
Connect over WiFi using a WiFi-enabled computer or mobile device on page 22
•
Connect over Ethernet using a computer connected to the same network on page
•
26
Connect over Ethernet using a directly connected computer on page 29
•
Note: If your network does not include a DHCP server (or a router that functions as a
DHCP server) and you do not perform the initial configuration of the access point as
described in one of these sections, you can connect only two clients to the access point
and the access point can provide an IP address to only two clients. To prevent this
situation, make sure that you perform the initial configuration of the access point.
Network and Access It for Initial
Configuration
User Manual20Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Connect over WiFi using the NETGEAR Insight Mobile App on an iOS or Android mobile device
You can install the NETGEAR Insight mobile app on an iOS or Android mobile device
and set up the access point (and perform many other tasks as well).
For more information about the Insight mobile app, visit insight.netgear.com and see
the NETGEAR knowledge base at netgear.com/support/product/insight.aspx.
To connect to the access point over WiFi using an iOS or Android mobile device:
1.
On your mobile device, go to the app store, search for NETGEAR Insight, and
download the app.
2. Open the Insight mobile app and log in to your NETGEAR account or create a new
account to log in with.
3. Follow the prompts in the Insight mobile app to discover and register the access
point on the network so that you can configure and manage the access point.
Note: If the access point is connected to the Internet, you can use the Insight mobile
app to configure the access point by connecting to its default SSID. The default SSID
is on the access point label on the bottom of the access point and is shown in the
format NETGEARxxxxxx-SETUP, where xxxxxx is the last six hexadecimal digits of the
access point’s MAC address. The default password is sharedsecret.
Connect over the Internet using the NETGEAR Insight Cloud Portal
The Insight Cloud Portal is available for Insight Premium or Insight Pro subscribers. To
use the NETGEAR Insight Cloud Portal to configure and manage the access point, the
access point must already be connected to the Internet.
For more information about the Insight Cloud Portal and the configuration and
management options that are available through the Insight Cloud Portal, visit
insight.netgear.com and see the NETGEAR knowledge base at
netgear.com/support/product/insight.aspx.
Network and Access It for Initial
Configuration
User Manual21Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
To connect to the access point over the Internet through the Insight Cloud Portal:
1. Visit insight.netgear.com.
The NETGEAR Account Login page displays.
2. Enter your Insight email address and password.
If you do not own an Insight account, you can create one.
3. Click the NETGEAR LOG IN button.
You can now add the access point to an Insight network location so that you configure
and manage the access point.
Connect over WiFi using a WiFi-enabled computer or mobile device
This section describes how to connect to the access point for the first time over WiFi
using a WiFi-enabled computer or mobile device (without using the NETGEAR Insight
mobile app).
To connect to the access point over WiFi using a WiFi-enabled computer or mobile
device:
1.
From your computer or mobile device, connect over WiFi to the access point’s default
WiFi network.
The default SSID is on the access point label on the bottom of the access point and
is shown in the format NETGEARxxxxxx-SETUP, where xxxxxx is the last six
hexadecimal digits of the access point’s MAC address. The default password is
sharedsecret.
2. On the computer or mobile device, open a web browser and, in the address bar,
enter www.routerlogin.net (or www.aplogin.net).
Note: You can use www.routerlogin.net (and www.aplogin.net) only during initial
setup of the access point.
The Day Zero Easy Setup page displays.
Network and Access It for Initial
Configuration
User Manual22Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
In the address bar, www.routerlogin.net (or www.aplogin.net) is replaced by the IP
address that is assigned to the access point by the DHCP server in your network.
3.
Write down the IP address of the access point.
4. Select the Web-browser radio button.
Note: After you save the basic settings that are shown on the page, the Day Zero
Easy Setup page no longer displays when you log in. Instead, a login window opens.
After you log in, the Dashboard page displays.
5.
Enter the settings that are described in the following table.
DescriptionSetting
Country/Region
Time Zone
From the menu, select the country and region in which the access point is operating.
Note: Make sure that the country is set to the location where the device is operating. You
are responsible for complying with the local, regional, and national regulations that are
set for channels, power levels, and frequency ranges.
Note: It might not be legal to operate the access point in a region other than the regions
listed in the menu. If your country or region is not listed, check with your local government
agency.
From the menu, select the time zone for the country and region in which the access point
is operating.
Network and Access It for Initial
Configuration
User Manual23Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
(Continued)
DescriptionSetting
DHCP Client
AP Name
AP Login New
Password
By default, the DHCP client of the access point allows the access point to receive an IP
address from a DHCP server (or router that functions as a DHCP server) in your network.
To set up the access point with a static (fixed) IP address, do the following:
a. Select the Disable radio button.
Additional fields display.
b. Specify the IP address, IP subnet mask, IP address of the default gateway, and IP address
of the DNS server.
As an option, enter a new system name for the access point. The name must contain
alphanumeric characters, must contain at least one alphabetical character, cannot be
longer than 15 characters, and can contain hyphens but cannot start or end with a hyphen.
By default, the system name is Netgearxxxxxx, in which xxxxxx represents the last six
hexadecimal digits of the access point’s MAC address.
The admin password is the password that you use to log in to the access point’s local
browser interface. (It is not the password that you use for WiFi access.) Enter a new admin
password with a minimum of 6 characters and a maximum of 32 characters.
The ideal password contains no English dictionary words and contains uppercase and
lowercase letters, numbers, and symbols. However, do not include quotation marks (") in
the password.
Write down and save the password for future use.
Enter exactly the same password that you entered in the AP Login New Password field.Confirm New
Password
SSID
You cannot use the default SSID for regular operation (the default SSID is for setup only).
Enter a new name with a maximum of 32 characters. You can use a combination of
alphanumeric and special characters, except for quotation marks (") and a backslash (\).
Network and Access It for Initial
Configuration
User Manual24Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
(Continued)
DescriptionSetting
Authentication
Type
Passphrase
From the menu, select one of the following authentication types for the WiFi network:
Open. Authentication is not required and data encryption is not supported. This setting
•
does not provide any security and is not appropriate for most situations.
WPA2 Personal. This option allows only WiFi clients that support WPA2 to connect to
•
the SSID. Select this option if all WiFi clients are capable of supporting WPA2. This
option uses AES encryption.
WPA2 Personal Mixed. This option allows both WPA and WPA2 WiFi clients to connect
•
to the SSID. This option uses TKIP and AES encryption. Broadcast packets use TKIP. For
unicast (that is, point-to-point) transmissions, WPA clients use TKIP and WPA2 clients
use AES.
After you complete the setup process, you can set up WPA2 Enterprise security with
RADIUS servers. For more information, see Set up an open or secure WiFi network on
page 36.
Unless you select Open from the Authentication Type menu, enter a new passphrase
(network key or WiFi password) for the WiFi network.
6. Click the Apply button.
Your settings are saved and you are disconnected from the access point.
If you changed the default country, the access point restarts.
7. Reconnect over WiFi to the access point’s WiFi network using the new SSID and
passphrase that you just defined on the Day Zero Easy Setup page.
8. In the web browser, enter the access point IP address that you wrote down in Step
3.
If you assigned a static IP address to the access point, enter that IP address.
A login window opens.
9. Enter the access point user name and password.
The default user name is admin. The password is the one that you just defined on
the Day Zero Easy Setup page. The user name and password are case-sensitive.
The Dashboard page displays. You can now customize the access point settings for
your network environment.
Network and Access It for Initial
Configuration
User Manual25Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Connect over Ethernet using a computer connected to the same network
The following procedure assumes that your network includes a DHCP server (or router
that functions as a DHCP server) and that the access point and the computer are on the
same network. By default, the access point functions as a DHCP client. If you want to
set up the access point with a static (fixed) IP address, see Connect over Ethernet using
a directly connected computer on page 29.
To connect to the access point using a computer that is connected to the same
network as the access point:
1. To determine the IP address that the DHCP server assigned to the access point,
access the DHCP server or use an IP network scanner.
2. On the computer, open a web browser and, in the address bar, enter the IP address
that is assigned to the access point.
The Day Zero Easy Setup page displays.
3. Select the Web-browser radio button.
Network and Access It for Initial
Configuration
User Manual26Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Note: After you save the basic settings that are shown on the page, the Day Zero
Easy Setup page no longer displays when you log in. Instead, a login window opens.
After you log in, the Dashboard page displays.
4.
Enter the settings that are described in the following table.
DescriptionSetting
Country/Region
Time Zone
DHCP Client
From the menu, select the country and region in which the access point is operating.
Note: Make sure that the country is set to the location where the device is operating. You
are responsible for complying with the local, regional, and national regulations that are
set for channels, power levels, and frequency ranges.
Note: It might not be legal to operate the access point in a region other than the regions
listed in the menu. If your country or region is not listed, check with your local government
agency.
From the menu, select the time zone for the country and region in which the access point
is operating.
By default, the DHCP client of the access point allows the access point to receive an IP
address from a DHCP server (or router that functions as a DHCP server) in your network.
To set up the access point with a static (fixed) IP address, do the following:
a. Select the Disable radio button.
Additional fields display.
b. Specify the IP address, IP subnet mask, IP address of the default gateway, and IP address
of the DNS server.
AP Name
AP Login New
Password
As an option, enter a new system name for the access point. The name must contain
alphanumeric characters, must contain at least one alphabetical character, cannot be
longer than 15 characters, and can contain hyphens but cannot start or end with a hyphen.
By default, the system name is Netgearxxxxxx, in which xxxxxx represents the last six
hexadecimal digits of the access point’s MAC address.
The admin password is the password that you use to log in to the access point’s local
browser interface. (It is not the password that you use for WiFi access.) Enter a new admin
password with a minimum of 6 characters and a maximum of 32 characters.
The ideal password contains no English dictionary words and contains uppercase and
lowercase letters, numbers, and symbols. However, do not include quotation marks (") in
the password.
Write down and save the password for future use.
Network and Access It for Initial
Configuration
User Manual27Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
(Continued)
DescriptionSetting
Enter exactly the same password that you entered in the AP Login New Password field.Confirm New
Password
SSID
Authentication
Type
Passphrase
You cannot use the default SSID for regular operation (the default SSID is for setup only).
Enter a new name with a maximum of 32 characters. You can use a combination of
alphanumeric and special characters, except for quotation marks (") and a backslash (\).
From the menu, select one of the following authentication types for the WiFi network:
Open. Authentication is not required and data encryption is not supported. This setting
•
does not provide any security and is not appropriate for most situations.
WPA2 Personal. This option allows only WiFi clients that support WPA2 to connect to
•
the SSID. Select this option if all WiFi clients are capable of supporting WPA2. This
option uses AES encryption.
WPA2 Personal Mixed. This option allows both WPA and WPA2 WiFi clients to connect
•
to the SSID. This option uses TKIP and AES encryption. Broadcast packets use TKIP. For
unicast (that is, point-to-point) transmissions, WPA clients use TKIP and WPA2 clients
use AES.
After you complete the setup process, you can set up WPA2 Enterprise security with
RADIUS servers. For more information, see Set up an open or secure WiFi network on
page 36.
Unless you select Open from the Authentication Type menu, enter a new passphrase
(network key or WiFi password) for the WiFi network.
5. Click the Apply button.
Your settings are saved.
If you changed the default country, the access point restarts.
Note: Do not close the page!
After a short period, the Dashboard page displays automatically. If the Dashboard
page does not display, for example, because you assigned a static IP address, see
the next step.
You can now customize the access point settings for your network environment.
User Manual28Install the Access Point in Your
Network and Access It for Initial
Configuration
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
6.
If the Dashboard does not display automatically, do the following:
a.
Take one of the following actions:
If you assigned a static IP address to the access point, enter that IP address
•
in the address bar of the web browser.
If you did not assign a static IP address, reenter the IP address that is displayed
•
in the address bar of the web browser. If that does not work, write down the
IP address, close the web browser, reopen the web browser, and then reenter
the IP address in the address bar of the web browser.
If you did not assign a static IP address and you closed the page so that you
•
cannot see the IP address of the access point, use an IP scanner tool, use a
network discovery tool, or access the DHCP server to discover the IP address
of the access point in your network. Then, open a browser and enter the IP
address in the address bar of the web browser.
A login window opens.
b. Enter the access point user name and password.
The default user name is admin. The password is the one that you just defined
on the Day Zero Easy Setup page. The user name and password are case-sensitive.
The Dashboard page displays. You can now customize the access point settings
for your network environment.
Connect over Ethernet using a directly connected computer
If your network does not include a DHCP server (or router that functions as a DHCP
server), you can use a computer that is connected through an Ethernet cable to the LAN
port of the access point.
To connect to the access point using a computer that is connected to the LAN port
of the access point:
1.
Record the IP address and subnet mask of your computer so that you can reinstate
these IP address settings later.
2. Temporarily change the IP address on your computer to 192.168.0.210 with
255.255.255.0 as the subnet mask.
(You can actually use any IP address in the 192.168.0.2–192.168.0.254 range, with
the exception of IP address 192.168.0.100, which is the default IP address of the
access point.)
For more information about changing the IP address on your computer, see the help
or documentation for your computer.
3. Use an Ethernet cable to connect your computer to the LAN port on the access point.
User Manual29Install the Access Point in Your
Network and Access It for Initial
Configuration
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
4. On the computer, open a web browser and enter 192.168.0.100 in the address
bar.
The Day Zero Easy Setup page displays.
5. Select the Web-browser radio button.
Note: After you save the basic settings that are shown on the page, the Day Zero
Easy Setup page no longer displays when you log in. Instead, a login window opens.
After you log in, the Dashboard page displays.
6.
Enter the settings that are described in the following table.
User Manual30Install the Access Point in Your
Network and Access It for Initial
Configuration
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
DescriptionSetting
Country/Region
Time Zone
DHCP Client
From the menu, select the country and region in which the access point is operating.
Note: Make sure that the country is set to the location where the device is operating. You
are responsible for complying with the local, regional, and national regulations that are
set for channels, power levels, and frequency ranges.
Note: It might not be legal to operate the access point in a region other than the regions
listed in the menu. If your country or region is not listed, check with your local government
agency.
From the menu, select the time zone for the country and region in which the access point
is operating.
By default, the DHCP client of the access point allows the access point to receive an IP
address from a DHCP server (or router that functions as a DHCP server) in your network.
To set up the access point with a static (fixed) IP address, do the following:
a. Select the Disable radio button.
Additional fields display.
b. Specify the IP address, IP subnet mask, IP address of the default gateway, and IP address
of the DNS server.
AP Name
AP Login New
Password
Password
SSID
As an option, enter a new system name for the access point. The name must contain
alphanumeric characters, must contain at least one alphabetical character, cannot be
longer than 15 characters, and can contain hyphens but cannot start or end with a hyphen.
By default, the system name is Netgearxxxxxx, in which xxxxxx represents the last six
hexadecimal digits of the access point’s MAC address.
The admin password is the password that you use to log in to the access point’s local
browser interface. (It is not the password that you use for WiFi access.) Enter a new admin
password with a minimum of 6 characters and a maximum of 32 characters.
The ideal password contains no English dictionary words and contains uppercase and
lowercase letters, numbers, and symbols. However, do not include quotation marks (") in
the password.
Write down and save the password for future use.
Enter exactly the same password that you entered in the AP Login New Password field.Confirm New
You cannot use the default SSID for regular operation (the default SSID is for setup only).
Enter a new name with a maximum of 32 characters. You can use a combination of
alphanumeric and special characters, except for quotation marks (") and a backslash (\).
Network and Access It for Initial
Configuration
User Manual31Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
(Continued)
DescriptionSetting
Authentication
Type
Passphrase
From the menu, select one of the following authentication types for the WiFi network:
Open. Authentication is not required and data encryption is not supported. This setting
•
does not provide any security and is not appropriate for most situations.
WPA2 Personal. This option allows only WiFi clients that support WPA2 to connect to
•
the SSID. Select this option if all WiFi clients are capable of supporting WPA2. This
option uses AES encryption.
WPA2 Personal Mixed. This option allows both WPA and WPA2 WiFi clients to connect
•
to the SSID. This option uses TKIP and AES encryption. Broadcast packets use TKIP. For
unicast (that is, point-to-point) transmissions, WPA clients use TKIP and WPA2 clients
use AES.
After you complete the setup process, you can set up WPA2 Enterprise security with
RADIUS servers. For more information, see Set up an open or secure WiFi network on
page 36.
Unless you select Open from the Authentication Type menu, enter a new passphrase
(network key or WiFi password) for the WiFi network.
7. Click the Apply button.
Your settings are saved and you are disconnected from the access point.
If you changed the default country, the access point restarts.
8.
After a few minutes, if the login window does not open automatically, enter
192.168.0.100 in the address bar of your browser.
If you changed the IP address (that is, you specified a static IP address), enter the
new IP address.
A login window opens.
9. Enter the access point user name and password.
The default user name is admin. The password is the one that you just defined on
the Day Zero Easy Setup page. The user name and password are case-sensitive.
The Dashboard page displays. You can now customize the access point settings for
your network environment.
10.
After you complete the setup process, or both the setup and customization process,
you can change the computer back to its original IP address settings.
Network and Access It for Initial
Configuration
User Manual32Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Log in to the access point after initial setup to view or change settings
After you set up the access point, you can view or change the settings for the access
point.
To log in to the access point’s local browser interface:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays. The following figure shows part of the Dashboard
page.
Network and Access It for Initial
Configuration
User Manual33Install the Access Point in Your
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
The Dashboard page displays various panes that let you see the status of your access
point at a glance. For more information about the Dashboard page and its various
panes, see Monitor the Access Point and the Network on page 142.
Network and Access It for Initial
Configuration
User Manual34Install the Access Point in Your
3
Manage the Basic WiFi and Radio Features
This chapter describes how you can manage the basic WiFi and radio settings of the
access point. For information about the advanced WiFi and radio settings, see Manage
the Advanced WiFi and Radio Features on page 72.
Tip: If you want to change the settings of the access point’s WiFi network, use a wired
connection to avoid being disconnected when the new WiFi settings take effect.
The chapter includes the following sections:
• Set up and manage WiFi networks
• Manage the basic radio features
35
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Set up and manage WiFi networks
The access point supports eight WiFi networks (four in the 2.4 GHz radio band and four
in the 5 GHz radio band), each with its own unique WiFi settings. The following sections
describe how you can set up and manage WiFi networks on the access point:
• Set up an open or secure WiFi network
• View or change the settings of a WiFi network
• Disable or enable a WiFi network or set up a WiFi activity schedule
• Remove a WiFi network
• Enable or disable client isolation for a WiFi network
• Hide or broadcast the SSID for a WiFi network
• Enable or disable band steering with 802.11k RRM and 802.11v WiFi network
management
• Change the VLAN ID for a WiFi network
• Enable or disable PMF for a WiFi network
• Enable or disable URL tracking for a WiFi network
• Select a MAC ACL for a WiFi network
• Set bandwidth rate limits for a WiFi network
• Register and configure Facebook Wi-Fi for the access point
• Set up a captive portal for a WiFi network
• Unregister the access point from Facebook Wi-Fi
Set up an open or secure WiFi network
The access point provides one default SSID that is enabled by default and that broadcasts
on the 2.4 GHz band and both 5 GHz bands. This is the SSID that you were required to
rename when you logged in to the access point for the first time. You can add more
SSIDs: The access point supports four SSIDs in the 2.4 GHz radio band and another four
SSIDs in the combined 5 GHz low and 5 GHz high radio bands for a total of eight SSIDs.
(In this configuration, both 5 GHz radio bands are treated as a single 5 GHz radio band.)
If you enable four SSIDs in the 2.4 GHz radio band and another four in the combined 5
GHz radio band, the maximum number of SSIDs is reached.
SSID stands for service set identifier, which is the WiFi network name. When you create
a new SSID, you are defining the settings for a new virtual access point (VAP). That means
that the access point supports up to eight VAPs.
The access point can simultaneously support the 2.4 GHz band for 802.11b/g/n WiFi
devices and the combined 5 GHz low and 5 GHz high bands for 802.11a/n/ac WiFi
devices.
User Manual36Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
If you plan to use WPA2 Enterprise security for your WiFi network, first set up RADIUS
servers (see Set up RADIUS servers on page 106).
To set up a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select and add an SSID.
5.
Click the + button to the left of Add SSID.
6.
Specify the WiFi network name (SSID), select whether the SSID is broadcast, and
specify the VLAN ID as described in the following table.
Radio Features
User Manual37Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
DescriptionSetting
Wireless Network
Name (SSID)
Broadcast SSID
VLAN ID
7.
Specify the WiFi security by selecting an option from the Authentication menu and,
The SSID is the WiFi network name of the VAP. Enter a name for the SSID with a maximum
of 32 characters. You can use a combination of alphanumeric and special characters,
except for quotation marks (") and a backslash (\).
For a WiFi device to be able to connect to the VAP, the SSID on the WiFi device must
match the SSID of the VAP.
By default, the VAP broadcasts its SSID so that WiFi clients can detect the SSID in their
scanned network lists. To turn off the SSID broadcast, select the No radio button.
Turning off the SSID broadcast provides additional WiFi security, but users must know the
SSID to be able to join the VAP.
You can enter the VLAN ID that must be associated with the VAP. By default, the VLAN ID
is 1.
This VLAN ID is not the same as the 802.1Q VLAN ID that is used for the wired network
(see Set the 802.1Q VLAN and management VLAN on page 111).
if applicable, by specifying a passphrase in the Passphrase field or selecting an
option from the Encryption menu, as described in the following table.
DescriptionSetting
Open
WPA2 Personal
An open WiFi network does not provide any security. Any WiFi device can join the network.
We recommend that you do not use an open WiFi network but configure WiFi security.
However, an open network might be appropriate for a WiFi hotspot.
This option, which is the same as WPA2-PSK, is the default setting and uses AES encryption.
This type of security enables only WiFi devices that support WPA2 to join the VAP. If you
did not change the passphrase, the default passphrase displays. The default passphrase
is sharedsecret.
WPA2 provides a secure connection but some legacy WiFi devices do not detect WPA2
and support only WPA. If your network includes such older devices, select the mixed mode
security, WPA2 Personal Mixed.
In the Passphrase field, enter a phrase of 8 to 63 characters. To join the VAP, a user must
enter this passphrase. To view the passphrase in clear text, click the eye icon.
Radio Features
User Manual38Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
(Continued)
DescriptionSetting
WPA2 Personal
Mixed
WPA2
Enterprise
This mixed mode security, which is the same as WPA-PSK / WPA2-PSK, enables WiFi
devices that support either WPA or WPA2 to join the VAP. This option uses TKIP and AES
encryption.
WPA-PSK (which uses TKIP) is less secure than WPA2-PSK (which uses AES) and limits the
speed of WiFi devices to 54 Mbps.
In the Passphrase field, enter a phrase of 8 to 63 characters. To join the VAP, a user must
enter this passphrase. To view the passphrase in clear text, click the eye icon.
This enterprise-level security uses RADIUS for centralized Authentication, Authorization,
and Accounting (AAA) management. For WPA2 Enterprise security to function, you must
set up RADIUS servers (see Set up RADIUS servers on page 106).
From the Data Encryption menu, select the data encryption mode:
TKIP + AES. This type of data encryption enables WiFi devices that support either WPA
•
or WPA2 to join the access point’s WiFi network. This is the default mode.
AES. This type of data encryption provides a secure connection but some older WiFi
•
devices do not detect WPA2 and support only WPA. Therefore, if your network includes
such older devices, select TKIP + AES security.
8. Optionally, disable the WiFi broadcast or set up a WiFi activity schedule by selecting
one of the following radio buttons:
Always ON. When you set up an SSID, you are creating a new virtual access point
•
(VAP). By default, the new VAP is enabled and the Always ON radio button is
selected.
Always OFF. Select this radio button to set up the SSID but temporarily disable
•
the VAP.
Custom. Select this radio button to set up a broadcast schedule. An icon displays
•
to the right of the radio button. Do the following:
a. Click the icon next to the radio button.
A pop-up window opens.
b.
Either select a predefined time from the Preset menu or select custom time
blocks by clicking the time blocks.
A blue color for a time block indicates that the VAP will be enabled (on). A
gray color for a time block indicates that the VAP will be disabled (off).
c. Click the Done button.
The pop-up window closes.
Radio Features
User Manual39Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
For each SSID and each day (from 12:00 a.m. to 11:59 p.m.), you can create three
schedules to disable the VAP.
9. Optionally, enable 802.11w Protected Management Frames (PMF), select a single
radio band only, enable band steering with 802.11k radio resource management
(RRM) and 802.11v WiFi network management, or do all of this, as described in the
following table.
DescriptionSetting
802.11w (PMF)
Band
Band Steering /
802.11 k/v
Protected Management Frames (PMF), according to the 802.11w standard, is a security
feature that protects unicast and multicast management frames from being intercepted
and changed for malicious purposes. This feature is disabled by default, but you can
enable it.
Select a radio button for a single band (2.4 GHz or 5 GHz) or keep the default selection,
which is the Both radio button, to enable the VAP to broadcast on both bands.
(In this configuration, both 5 GHz radio bands are treated as a single 5 GHz radio band.)
By default, band steering with 802.11k RRM and 802.11v WiFi network management is
disabled for the VAP.
To enable band steering with 802.11k RRM and 802.11v WiFi network management, select
the Enable radio button. Doing so allows the access point, under certain channel
conditions, to steer WiFi devices that are dual-band capable to the 2.4 GHz or 5 GHz band
of the VAP. Compared to the 2.4 GHz band, generally more channels and bandwidth are
available in the 5 GHz band, causing less interference and allowing for a better user
experience.
802.11k RRM and 802.11v WiFi network management affect the network in the following
ways:
802.11k RRM. This feature lets the access point and 802.11k-aware clients dynamically
•
measure the available radio resources. In an 802.11k-enabled network, access points
and clients can send neighbor reports, beacon reports, and link measurement reports
to each other, allowing 802.11k-aware clients to automatically select the best access
point for initial connection or for roaming.
802.11v WiFi network management. This feature lets the access point steer its WiFi
•
clients to the 2.4 GHz or 5 GHz band, based on the access point’s channel load.
The access point sets the received signal strength indicator (RSSI) threshold automatically.
(That is, you cannot configure the RSSI threshold manually.)
10.
Optionally, to configure client isolation, URL tracking, or both for the WiFi network,
click the > Advanced tab.
User Manual40Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
11.
Configure the client isolation and URL tracking settings as described in the following
table.
DescriptionSetting
Client Isolation
URL Tracking
By default, client isolation is disabled for the VAP. To block communication between
WiFi clients that are associated with the same SSID or different SSIDs on the access
point, select the Enable radio button.
By default, URL tracking is disabled, and the Disable radio button is selected. To
enable URL tracking for all URLs that are requested by WiFi clients that are connected
to the SSID, select the Enable radio button.
For information about how to view the tracked URLs per SSID or per WiFi client, see
View or download tracked URLs on page 156.
Although you could also configure a captive portal, a MAC ACL, and bandwidth rate
limits while you set up a WiFi network, these features are described separately and
in detail in the following sections:
Manage local MAC access control lists on page 91 and Select a MAC ACL for a
•
WiFi network on page 50
Set bandwidth rate limits for a WiFi network on page 52
•
Set up a captive portal for a WiFi network on page 55
•
12. Click the Apply button.
Your settings are saved.
13. Make sure that you can connect to the new WiFi network.
If you cannot connect to the new WiFi network, check the following:
Radio Features
User Manual41Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
•
If your WiFi-enabled computer or mobile device is already connected to another
WiFi network in your area, disconnect it from that WiFi network and connect it to
the WiFi network that the access point provides. Some WiFi devices automatically
connect to the first open network without WiFi security that they discover.
•
If your WiFi-enabled computer or mobile device is trying to connect to your
network with its old settings (before you changed the settings), update the WiFi
network selection in your WiFi-enabled computer or mobile device to match the
current settings for your network.
• Does your WiFi device display as a connected client? (See View client distribution,
connected clients, and client trends on page 150.) If it does, it is connected to the
network.
• Are you using the correct WiFi network name (SSID) and password?
View or change the settings of a WiFi network
You can view or change the settings of the default WiFi network (SSID or VAP) or any
custom WiFi network.
To view or change the settings of a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6.
Change the settings of the WiFi network as needed.
For detailed descriptions of the settings, see Set up an open or secure WiFi network
on page 36.
7.
If you made changes, click the Apply button.
Your settings are saved.
User Manual42Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
8.
If you made changes, make sure that you can reconnect over WiFi to the network
with its new settings.
If you cannot connect over WiFi, check the following:
•
If your WiFi-enabled computer or mobile device is already connected to another
WiFi network in your area, disconnect it from that WiFi network and connect it to
the WiFi network that the access point provides. Some WiFi devices automatically
connect to the first open network without WiFi security that they discover.
•
If your WiFi-enabled computer or mobile device is trying to connect to your
network with its old settings (before you changed the settings), update the WiFi
network selection in your WiFi-enabled computer or mobile device to match the
current settings for your network.
• Does your WiFi device display as a connected client? (See View client distribution,
connected clients, and client trends on page 150.) If it does, it is connected to the
network.
• Are you using the correct WiFi network name (SSID) and password?
Disable or enable a WiFi network or set up a WiFi activity schedule
You can temporarily disable a WiFi network (SSID or VAP), you can reenable the WiFi
network, or you can set up a schedule that specifies when the WiFi network is active.
Scheduling a WiFi network to be turned off is a green feature that allows you to turn off
the WiFi network during scheduled vacations, office shutdowns, on evenings, or on
weekends.
For each WiFi network and each day (from 12:00 a.m. to 11:59 p.m.), you can create
three schedules.
To disable or enable a WiFi network or set up a WiFi activity schedule:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
User Manual43Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6.
Under Schedule, select one of the following radio buttons:
Always ON. The WiFi network is enabled.
•
Always OFF. The WiFi network is disabled.
•
Custom. The WiFi network is enabled or disabled according to a schedule that
•
you must set up.
An icon displays to the right of the radio button.
7.
If you select Custom in the previous step, do the following:
a. Click the icon next to the radio button.
A pop-up window opens.
b.
Either select a predefined time from the Preset menu or select custom time
blocks by clicking the time blocks.
A blue color for a time block indicates that the WiFi network will be enabled (on).
A gray color for a time block indicates that the WiFi network will be disabled (off).
c. Click the Done button.
The pop-up window closes.
8. Click the Apply button.
Your settings are saved.
Remove a WiFi network
You can remove a custom WiFi network (SSID or VAP) that you no longer need. You
cannot remove the default WiFi network.
To remove a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
User Manual44Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the trash can icon to the right of the SSID.
A pop-up warning window opens.
6. Click the Delete button.
The pop-window closes and the WiFi network is removed.
Enable or disable client isolation for a WiFi network
By default, client isolation is disabled for a WiFi network (SSID or VAP), allowing
communication between WiFi clients that are associated with the same or different WiFi
networks on the access point. For additional security, you can enable client isolation so
that clients that are associated with the same or different WiFi networks cannot
communicate with each other, except for communication over the Internet, which remains
possible.
To enable or disable client isolation for a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6. Click the > Advanced tab.
The page expands.
Radio Features
User Manual45Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
7.
Under Client Isolation, select one of the following radio buttons:
Enable. Client isolation is enabled for the WiFi network.
•
Disable. Client isolation is disabled for the WiFi network.
•
8. Click the Apply button.
Your settings are saved.
Hide or broadcast the SSID for a WiFi network
By default, a WiFi network (SSID or VAP) broadcasts its network name (also referred to
as the SSID) so that WiFi clients can detect the SSID in their scanned network lists. For
additional security, you can turn off the SSID broadcast and hide the SSID so that users
must know the SSID to be able to join the WiFi network.
Note: If you set up a wireless distribution system (WDS; see Set up a WiFi bridge
between access points on page 84), you must keep the SSID broadcast enabled.
To hide or broadcast the network name for a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6.
Under Broadcast SSID, select one of the following radio buttons:
No. The SSID is hidden for the WiFi network.
•
Yes. The SSID is broadcast for the WiFi network.
•
7. Click the Apply button.
Radio Features
User Manual46Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Your settings are saved.
Enable or disable band steering with 802.11k RRM and
802.11v WiFi network management
Band steering lets the access point identify the WiFi devices that are dual-band capable
and steer those devices to the 2.4 GHz or 5 GHz band of a WiFi network (SSID or VAP).
Compared to the 2.4 GHz band, generally more channels and bandwidth are available
in the 5 GHz band, causing less interference and allowing for a better user experience.
Band steering includes 802.11k radio resource management (RRM) and 802.11v WiFi
network management. By default, band steering is disabled.
802.11k RRM and 802.11v WiFi network management affect the network in the following
ways:
802.11k RRM. This feature lets the access point and 802.11k-aware clients
•
dynamically measure the available radio resources. In an 802.11k-enabled network,
access points and clients can send neighbor reports, beacon reports, and link
measurement reports to each other, allowing 802.11k-aware clients to automatically
select the best access point for initial connection or for roaming.
802.11v WiFi network management. This feature lets the access point steer its
•
WiFi clients to the 2.4 GHz or 5 GHz band, based on the access point’s channel load.
In an environment with multiple access points, 802.11v WiFi network management
helps WiFi clients that are roaming to select the best access point.
The access point sets the received signal strength indicator (RSSI) threshold automatically.
(That is, you cannot configure the RSSI threshold manually.)
To enable or disable band steering with 802.11k RRM and 802.11v WiFi network
management for a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
Radio Features
User Manual47Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6.
Under Band Steering / 802.11 k/v, select one of the following radio buttons:
Disable. Band steering is disabled for the VAP. This is the default setting.
•
Enabled. Under certain channel conditions, the access point steers WiFi devices
•
that are dual-band capable to the 2.4 GHz or 5 GHz band of the VAP.
7. Click the Apply button.
Your settings are saved.
Change the VLAN ID for a WiFi network
This VLAN ID is not the same as the 802.1Q VLAN ID that is used for the wired network
(see Set the 802.1Q VLAN and management VLAN on page 111).
CAUTION: Before you change the VLAN ID, be sure that the VLAN is configured on
the network switch and the DHCP server and that the access point and its clients can
get IP addresses over the new VLAN.
To change the VLAN ID for a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6.
In the VLAN ID field, enter a ID (that is, a number).
By default, the VLAN ID for a WiFi network is 1.
Radio Features
User Manual48Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
7. Click the Apply button.
Your settings are saved.
Enable or disable PMF for a WiFi network
Protected Management Frames (PMF), according to the 802.11w standard, is a security
feature that protects unicast and multicast management frames from being intercepted
and changed for malicious purposes. This feature is disabled by default, but you can
enable it.
To enable or disable PMF for a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6.
Under 802.11w (PMF), select one of the following radio buttons:
Enable. PMF is enabled for the WiFi network.
•
Disable. PMF is disabled for the WiFi network.
•
7. Click the Apply button.
Your settings are saved.
Enable or disable URL tracking for a WiFi network
You can enable the access point to track all URLs that are requested by WiFi clients that
are connected to a WiFi network (SSID or VAP). This feature is disabled by default, but
you can enable it.
User Manual49Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
For information about how to view the tracked URLs per SSID or per WiFi client, see
View or download tracked URLs on page 156.
To enable or disable URL tracking for a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6. Click the > Advanced tab.
The page expands.
7.
Under URL Tracking, select one of the following radio buttons:
Enable. URL Tracking is enabled for the WiFi network.
•
Disable. URL Tracking is disabled for the WiFi network.
•
8. Click the Apply button.
Your settings are saved.
Select a MAC ACL for a WiFi network
After you set up one or more local MAC access control lists (ACLs, also referred to as
access lists; see Manage local MAC access control lists on page 91), you can select an
ACL for use with an SSID.
You can also set up a RADIUS server (see Set up RADIUS servers on page 106) and select
the RADIUS MAC ACL. You must define the ACL on the RADIUS server, using the
following format for client MAC addresses in the RADIUS server: If the client MAC
address is 00:0a:95:9d:68:16, specify it as 000a959d6816 in the RADIUS server.
User Manual50Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Note: A RADIUS MAC ACL cannot function if the WiFi security is WPA2 Enterprise. If
you want to use a RADIUS MAC ACL, select a different type of WiFi security for the WiFi
network (see Set up an open or secure WiFi network on page 36).
When selected, the MAC ACL blocks WiFi access to the SSID for WiFi devices that are
not in the selected access list. The blockage applies only to the SSID for which you
enable the MAC ACL. Only WiFi devices that are in the selected access list can connect
to the SSID.
To select a MAC ACL for a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6. Click the > Advanced tab.
The page expands.
7. Select the MAC ACL check box.
8.
Do one of the following:
Select the Local MAC ACL radio button, and from the Select Group menu, select
•
the MAC ACL that you defined earlier.
To change the MAC ACL policy, MAC addresses in the ACL, or both, click the
link next to the group. For more information, see Manage local MAC access
control lists on page 91.
Select the Radius MAC ACL radio button.
•
This option functions only if you set up a RADIUS server (see Set up RADIUS
servers on page 106).
9. Click the Apply button.
Radio Features
User Manual51Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Your settings are saved. Only WiFi devices for which the MAC address is on the MAC
ACL can connect to the access point through this SSID. (These devices might be
able to connect to the access point through another SSID if you did not set up MAC
ACL security for that SSID.)
Set bandwidth rate limits for a WiFi network
You can set rate limits for the upload and download bandwidths for devices that are
connected to a WiFi network. The minimum bandwidth rate is 64 Kbps, the maximum
bandwidth rate is 1024 Mbps. You can set one rate for the upload bandwidth and
another rate for the download bandwidth.
Note: Before you set bandwidth rate limits, check the Internet speed of the access
point (see Check the Internet speed on page 168).
To set bandwidth rate limits for devices that are connected to a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6. Click the > Advanced tab.
The page expands.
7. Select the Rate Limit check box.
8.
Specify the values:
Upload. For the upload bandwidth limitation, enter a value from 64 to 1024 and
•
select Kbps or Mbps from the menu.
Radio Features
User Manual52Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Download. For the download bandwidth limitation, enter a value from 64 to
•
1024 and select Kbps or Mbps from the menu.
9. Click the Apply button.
Your settings are saved.
Register and configure Facebook Wi-Fi for the access point
Before you can set up Facebook Wi-Fi on the access point so that you can provide
customers WiFi access by letting them check in to an existing Facebook business page
(see Set up a captive portal for a WiFi network on page 55), you must register the access
point with Facebook. By default, the capability to register is disabled.
To register and configure Facebook Wi-Fi for the access point:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > Facebook Wi-Fi.
The Facebook Wi-Fi page displays.
5. Select the Register with Facebook Wi-Fi Yes radio button.
The capability to register is enabled. By default, this capability is disabled.
6. Click the Apply button.
Your settings are saved and the Add Page button displays.
7. Click the Add Page button.
A new browser page opens and displays the Facebook Login page.
Radio Features
User Manual53Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
8. Log in to the Facebook account with which the Facebook business page is associated.
9. From the Select a Page menu, select the Facebook business page.
10.
Select one of the following bypass mode options:
To allow customers to skip check-in, select the Skip check-in link radio button.
•
If you enable this option, users can either check in to the selected Facebook
business page or skip the check-in.
To require users to enter a WiFi code before they can gain WiFi access, select
•
the Require Wi-Fi code radio button and type a WiFi code in the field that
displays.
If you enable this option, users can either check in to the selected Facebook
business page or skip the check-in by using the WiFi code.
11.
From the Session Length menu, select the period after which users are automatically
logged out.
12.
To add terms of service to the Facebook check-in page, select the Terms of Service
check box and type or copy the terms of service.
13. Click the Save Settings button.
The Facebook Wi-Fi settings are saved.
The name of the selected Facebook business page displays on the Facebook Wi-Fi
configuration page, along with the Change Page button, which lets you replace the
selected Facebook business page with another one.
14. To allow clients that are connected to the Facebook captive portal to establish a
secure HTTP (HTTPS) session before the captive portal authentication occurs, select
the Allow HTTPS Enable radio button.
User Manual54Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
By default, the Allow HTTPS Disable radio button is selected and clients that are
connected to the Facebook captive portal cannot establish an HTTPS session until
after the captive portal authentication occurs.
15. Click the Apply button.
Your settings are saved.
Set up a captive portal for a WiFi network
Use a captive portal to welcome or instruct WiFi users and limit their sessions. You can
require users to agree to an end user license agreement (EULA) and redirect them a
specific website. A captive portal is specific to an SSID.
If you want to provide customers WiFi access by letting them check in to a Facebook
business page, first register the access point with Facebook Wi-Fi (see Register and
configure Facebook Wi-Fi for the access point on page 53).
To set up a captive portal for a WiFi network:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic.
The page that displays lets you select an SSID.
5.
Click the > button to the left the SSID.
The settings for the selected SSID display.
6. Click the > Advanced tab.
The page expands.
Radio Features
User Manual55Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
7. Select the Captive Portal check box.
8.
Specify the type of captive portal by selecting one of the following radio buttons:
Click Through. You must specify the captive portal settings as described in Step
•
9.
Social Login. Customers receive WiFi access by checking in to a Facebook
•
business page. To use this option, first register the access point with Facebook
Wi-Fi (see Register and configure Facebook Wi-Fi for the access point on page
53).
If you select his option, you can skip Step 9.
9.
Specify the settings as described in the following table.
DescriptionSetting
Session Timeout (in
min)
Redirect URL
Enter the time after which a WiFi session is terminated and a user must log in again.
The period is in the range from 1 to 1440 minutes. The default is 60 minutes.
To redirect a user to a specific website after login, select the Redirect URL check box
and enter the URL to which the user must be directed. If the Redirect URL check box
is cleared, a user is directed to a default web page.
Title
Radio Features
Enter the title that is displayed on the captive portal login page. If you do not
customize the title, the default title displays on the captive portal login page.
User Manual56Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
(Continued)
DescriptionSetting
Message
JPEG/JPG Image (Max
500KB)
EULA (Max 1KB)
Enter a message to the user. This message is displayed on the captive portal login
page. If you do not customize the message, the default message displays on the
captive portal login page.
To customize the image that is displayed on the captive portal login page, click the
Browse button and navigate to and select an image. If you do not customize the
image, the default image displays on the captive portal login page.
The field includes a default end user license agreement (EULA). You can enter or
copy custom text into the field. To show the EULA on the captive portal login page,
select the EULA check box.
10. To preview the captive portal login page, click the Preview button.
The following figure shows an example (that is, the figure does not show the default
captive portal but a customized one).
11. Click the Apply button.
Your settings are saved. WiFi clients attempting to connect to the SSID are presented
with the captive portal login page.
User Manual57Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Note: When you set up a captive portal with a social login (Facebook Wi-Fi), you
can configure the option to allow clients that are connected to the Facebook captive
portal to establish a secure HTTP (HTTPS) session before the captive portal
authentication occurs (see Register and configure Facebook Wi-Fi for the access
point on page 53). This option is not available when you set up a captive portal with
a click-through login (that is, a local login), so an HTTPS session is blocked until after
the captive portal authentication occurs.
Unregister the access point from Facebook Wi-Fi
If the access point is registered with Facebook Wi-Fi but you no longer want to use that
option for a captive portal or you want to use another Facebook account, you can
unregister the access point from Facebook Wi-Fi and remove the access point’s entry.
To unregister the access point from Facebook Wi-Fi and remove the access point’s
entry:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > Facebook Wi-Fi.
The Facebook Wi-Fi page displays.
5. Select the No radio button.
The capability to register is disabled. However, the access point’s entry on the
Facebook business page is not yet removed.
6. Click the Apply button.
Your settings are saved.
7. Go to the Facebook business page and log in to your account.
8.
Select the check box for the access point’s entry.
9. Click the Delete button.
The access point’s entry is removed.
Radio Features
User Manual58Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Manage the basic radio features
You can manage the basic radio features that are described in the following sections:
• Manage the basic settings for the radios
• Turn a radio on or off
• Change the WiFi mode for a radio
• Change the MCS index and data rate for a radio
• Change the channel width for a radio
• Change the output power for a radio
• Change the guard interval for a radio
• Change the channel for a radio
• Manage Quality of Service for a WiFi radio
For information about the advanced radio features, see Manage the advanced radio
features on page 73.
Manage the basic settings for the radios
The basic WiFi settings for the radios apply to all WiFi networks (VAPs or SSIDs). You
can specify the radio settings individually for the 2.4 GHz radio, 5 GHz low band radio
(referred to as 5 GHz Low), and 5 GHz high band radio (referred to as 5GHz High). For
information about the advanced radio settings, see Manage the advanced WiFi settings
for the radios on page 73.
To manage the basic WiFi settings for the radios:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
Radio Features
User Manual59Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
4.
Select Management > Configuration > Wireless > Basic > Wireless Settings.
5.
Configure the settings as described in the following table.
The descriptions in the table apply to all radios, but you can specify the radio settings
for the 2.4 GHz, 5 GHz Low, and 5 GHz High radios individually.
User Manual60Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
DescriptionSetting
Turn Radio On
Wireless Mode
By default, the Turn Radio On check box is selected and the radio broadcasts. Turning
off a radio disables WiFi access for the band, which can be helpful during
configuration, network tuning, or troubleshooting.
Select one of the following WiFi modes for the 2.4 GHz radio:
11b. 802.11n, 802.11g, and 802.11b WiFi clients can connect to the access point.
•
However, the speed of 802.11n and 802.11g clients is limited to the maximum
speed that is supported by 802.11b (about 11 Mbps).
11bg. 802.11n, 802.11g, and 802.11b WiFi clients can connect to the access point.
•
However, the speed of 802.11n clients is limited to the maximum speed that is
supported by 802.11g (about 54 Mbps).
11ng. 802.11n, 802.11g, and 802.11b WiFi clients can connect to the access point.
•
This is the default setting.
Select one of the following WiFi modes for a 5 GHz radio (you can select a different
mode each 5 GHz radio):
11a. 802.11ac, 802.11na, and 802.11a WiFi clients can connect to the access point.
•
However, the speed of 802.11ac and 802.11na clients is limited to the maximum
speed that is supported by 802.11a (about 54 Mbps).
11na. 802.11ac, 802.11na, and 802.11a WiFi clients can connect to the access
•
point. However, the speed of 802.11ac clients is limited to the maximum speed
that is supported by 802.11n (generally, ranging from about 300 Mbps to about
450 Mbps).
MCS Index / Data Rate
Radio Features
11ac. 802.11ac, 802.11na, and 802.11a WiFi clients can connect to the access
•
point. This is the default setting.
From the menu, select the modulation and coding scheme (MCS) index and data
transmit rate for the radio. The default is Best. For most networks, the default settings
work fine. The available settings also depend on the selection from the Channel
Width menu and the selection from the Guard Interval menu.
User Manual61Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
(Continued)
DescriptionSetting
Channel Width
Output Power
Guard Interval
From the menu, select the channel width for the radio. Use the following guidelines:
A wider channel improves the performance.
•
The 802.11n specification allows a 40 MHz–wide channel in addition to the legacy
•
20 MHz channel that is available with other modes.
The 802.11ac specification allows an 80 MHz–wide channel in addition to the 20
•
MHz and 40 MHz channels that are available with other modes.
The 40 MHz and 80 MHz channels enable higher data rates but leaves fewer
•
channels available for use.
The channel width and guard interval determine the available MCS index and data
transmit rates.
From the menu, select the transmission power of the radio. You can select
100%(Max), 50%, 25%, 12.5%, or 4%(Min). The default is 100%(Max).
Note: If two or more access points are operating in the same area and on the same
channel, interference can occur. In such a situation, you might want to decrease the
output power for an access point. Make sure that you comply with the regulatory
requirements for total radio frequency (RF) output power in your country.
From the menu, select the value that protects radio transmissions from interference.
An Auto guard interval (which is the default) improves performance, but some legacy
devices can operate only with a long –800ns guard interval.
The guard interval and channel width determine the available MCS index and data
transmit rates.
Channel
From the menu, select the WiFi channel for the radio. The available WiFi channels
and frequencies depend on the country and the radio. (The channels in the 5 GHz
band are divided between the low band and high band radios.) The default is Auto,
which enables the radio to automatically select the most suitable channel.
Note: You do not need to change the WiFi channel unless you experience
interference (which is indicated by lost connections).
Note: If you use multiple WiFi access points (APs), reduce interference by selecting
different channels for adjacent APs. We recommend a channel spacing of four
channels between adjacent APs (for example, use Channels 1 and 5, or 6 and 10).
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
Radio Features
User Manual62Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Turn a radio on or off
By default, the 2.4 GHz radio and both 5 GHz radios broadcast. Turning off a radio
disables WiFi access for the associated band, which affects all VAPs (or SSIDs) in that
band. Turning off a radio can be helpful during configuration, network tuning, or
troubleshooting.
To turn a radio on or off:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > Wireless Settings.
The Wireless Settings page displays.
5.
Take one of the following actions:
Turn a radio on. Select the Turn Radio ON check box for the radio.
•
Turn a radio off. Clear the Turn Radio ON check box for the radio.
•
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Change the WiFi mode for a radio
By default, all types of WiFi clients can access a WiFi network on the access point, that
is, the WiFi modes on the access point support 802.11n, 802.11g, 802.11b, 802.11ac,
User Manual63Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
802.11na, and 802.11a clients. You can change the modes to limit access to certain
types of clients.
To change the WiFi mode for a radio:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > Wireless Settings.
The Wireless Settings page displays.
5.
Select the WiFi mode for the radio:
2.4 GHz radio. Select one of the following WiFi modes for the 2.4 GHz radio:
•
- 11b. 802.11n, 802.11g, and 802.11b WiFi clients can connect to the access
point. However, the speed of 802.11n and 802.11g clients is limited to the
maximum speed that is supported by 802.11b (about 11 Mbps).
- 11bg. 802.11n, 802.11g, and 802.11b WiFi clients can connect to the access
point. However, the speed of 802.11n clients is limited. However, the speed
of 802.11n clients is limited to the maximum speed that is supported by
802.11g (about 54 Mbps).
- 11ng. 802.11n, 802.11g, and 802.11b WiFi clients can connect to the access
point. This is the default setting.
5 GHz radio. Select one of the following WiFi modes for a 5 GHz radio (you can
•
select a different mode each 5 GHz radio):
- 11a. 802.11ac, 802.11na, and 802.11a WiFi clients can connect to the access
point. However, the speed of 802.11ac and 802.11na clients is limited to the
maximum speed that is supported by 802.11a (about 54 Mbps).
- 11na. 802.11ac, 802.11na, and 802.11a WiFi clients can connect to the access
point. However, the speed of 802.11ac clients is limited to the maximum
Radio Features
User Manual64Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
speed that is supported by 802.11n (generally, ranging from about 300 Mbps
to about 450 Mbps).
- 11ac. 802.11ac, 802.11na, and 802.11a WiFi clients can connect to the access
point. This is the default setting.
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Change the MCS index and data rate for a radio
You can change the modulation and coding scheme (MCS) index and data transmit rate
for a radio. By default, the setting is Best. The settings that are available also depend
on the selected channel width (see Change the channel width for a radio on page 66)
and selected guard interval (see Change the guard interval for a radio on page 68).
To change the MCS index and data rate for a radio:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > Wireless Settings.
The Wireless Settings page displays.
5.
From the MCS Index / Data Rate menu, select a setting.
By default, the setting is Best.
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
Radio Features
User Manual65Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Change the channel width for a radio
Use the following guidelines when you determine the channel width for a radio:
A wider channel improves the performance.
•
The 802.11n specification allows a 40 MHz–wide channel in addition to the legacy
•
20 MHz channel that is available with other modes.
The 802.11ac specification allows an 80 MHz–wide channel in addition to the 20
•
MHz and 40 MHz channels that are available with other modes.
The 40 MHz and 80 MHz channels enable higher data rates but leave fewer channels
•
available for use.
The channel width and guard interval determine the available MCS index and data
transmit rates.
To change the channel width for a radio:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > Wireless Settings.
The Wireless Settings page displays.
5.
From the Channel Width menu, select one of the following settings.
20 MHz.
•
40 MHz.
•
80 MHz. This selection is available only for the 5 GHz radios.
•
Dynamic 20 / 40 MHz. This selection is available only for the 2.4 GHz radio and
•
is the default setting for that radio.
Radio Features
User Manual66Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Dynamic 20 / 40 / 80 MHz. This selection is available only for the 5 GHz radios
•
and is the default setting for these radios.
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Change the output power for a radio
By default, the output power of the access point is set at the maximum. If two or more
access points are operating in the same area and on the same channel, interference
can occur. In such a situation, you might want to decrease the output power for an
access point. Make sure that you comply with the regulatory requirements for total radio
frequency (RF) output power in your country.
To change the output power for a radio:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > Wireless Settings.
The Wireless Settings page displays.
5. From the Output Power menu, select 100%(Max), 50%, 25%, 12.5%, or 4%(Min).
The default is 100%(Max).
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
User Manual67Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Change the guard interval for a radio
The guard interval protects radio transmissions from interference. An automatic guard
interval (which is the default) improves performance, but some legacy devices can
operate only with a long –800ns guard interval.
The guard interval and channel width determine the available MCS index and data
transmit rates.
To change the guard interval for a radio:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > Wireless Settings.
The Wireless Settings page displays.
5.
From the Guard Interval menu, select one of the following settings:
Auto. This is the default setting.
•
Long-800 ns.
•
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Radio Features
User Manual68Manage the Basic WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Change the channel for a radio
The available WiFi channels and frequencies depend on the country and the radio. The
default is Auto, which enables the radio to automatically select the most suitable channel.
Note: You do not need to change the WiFi channel unless you experience interference
(which is indicated by lost connections).
Note: If you use multiple WiFi access points (APs), reduce interference by selecting
different channels for adjacent APs. We recommend a channel spacing of four channels
between adjacent APs (for example, use Channels 1 and 5, or 6 and 10).
To change the channel for a radio:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > Wireless Settings.
The Wireless Settings page displays.
5. From the Channel menu, select a channel.
The default is Auto. When you select a particular channel, the channel selection
becomes static.
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Manage Quality of Service for a WiFi radio
You can specify the Quality of Service (QoS) setting separately for the 2.4 GHz radio
and for each 5 GHz radio. These settings are enabled by default for all radios. Disabling
User Manual69Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
QoS for a radio might impact the throughput and speed of WiFi traffic on the access
point.
To manage the QoS settings for a WiFi radio:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Basic > QoS Settings.
5.
Enable or disable the following features for a radio by selecting the applicable Enable
or Disable radio buttons:
Wi-Fi Multimedia (WMM). WiFi Multimedia (WMM) is a subset of the 802.11e
•
standard. Time-dependent information such as video or audio is given higher
priority than normal traffic. For WMM to function correctly, WiFi clients must also
support WMM. By enabling WMM, you allow WMM to control upstream traffic
flowing from WiFi devices to the access point and downstream traffic flowing
User Manual70Manage the Basic WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
from the access point to WiFi devices. WMM defines the following four queues
in decreasing order of priority:
- Voice. The highest priority queue with minimum delay, which makes it very
suitable for applications such as VoIP and streaming media.
- Video. The second highest priority queue with low delay. Video applications
are routed to this queue.
-
Best effort. The medium priority queue with medium delay. Most standard
IP applications use this queue.
- Background. The low priority queue with high throughput. Applications such
as FTP that are not time-sensitive but require high throughput can use this
queue.
WMM Powersave. Enabling the WMM Powersave feature saves power for
•
battery-powered devices and fine-tunes power consumption.
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Radio Features
User Manual71Manage the Basic WiFi and
4
Manage the Advanced WiFi and Radio Features
This chapter describes how you can manage the advanced WiFi and radio features of
the access point. For information about the basic WiFi and radio settings, see Manage
the Basic WiFi and Radio Features on page 35.
Tip: If you want to change the settings of the access point’s WiFi network, use a wired
connection to avoid being disconnected when the new WiFi settings take effect.
The chapter includes the following sections:
• Manage the advanced radio features
• Set a data volume limit for the access point
• Set up a WiFi bridge between access points
72
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Manage the advanced radio features
You can manage the advanced radio features that are described in the following sections:
• Manage the advanced WiFi settings for the radios
• Manage the maximum number of clients for a radio
• Manage the broadcast and multicast settings for a radio
• Manage load balancing for the radios
• Manage Airtime Fairness for the radios
For information about the basic radio features, see Manage the basic radio features on
page 59.
Manage the advanced WiFi settings for the radios
The advanced WiFi settings for the radios apply to all WiFi networks (VAPs or SSIDs).
You can specify the radio settings individually for the 2.4 GHz radio, 5 GHz low band
radio (referred to as 5 GHz Low), and 5 GHz high band radio (referred to as 5GHz High).
For information about the basic radio settings, see Manage the basic settings for the
radios on page 59.
A radio must be turned on for you to specify the settings. For more information about
turning a radio on, see Turn a radio on or off on page 63.
To manage the advanced WiFi settings for the radios:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
Radio Features
User Manual73Manage the Advanced WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
4.
Select Management > Configuration > Wireless > Advanced.
5.
Configure the settings as described in the following table.
The descriptions in the table apply to all radios, but you can specify the radio settings
for the 2.4 GHz, 5 GHz Low, and 5 GHz High radios individually. However, the 802.11n
256 QAM feature applies to the 2.4 GHz radio only and the MU-MIMO and 802.11h
features apply to the 5 GHz radios only.
User Manual74Manage the Advanced WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
DescriptionSetting
Max. Wireless Clients
RTS Threshold
(256-2346)
Beacon Interval
(100-300)
802.11n 256 QAM
Enter the maximum number of WiFi clients that can simultaneously associate with
the radio. The range is from 1 to 200. The default is 200 WiFi clients.
Enter the Request to Send (RTS) threshold. The range is from 256 to 2346. The default
is 2346.
If the packet size is equal to or less than the RTS threshold, the radio uses the Carrier
Sense Multiple Access with Collision Detection (CSMA/CD) mechanism and the data
frame is transmitted immediately after the silence period. If the packet size is larger
than the RTS threshold, the system uses the CSMA with Collision Avoidance
(CSMA/CA) mechanism. In this situation, the transmitting device sends the RTS packet
to the receiving device and waits for the receiving device to return a Clear to Send
(CTS) packet before sending the actual packet data.
Enter an interval between 100 ms and 300 ms for each beacon transmission, which
allows the radio to synchronize the WiFi network. The default is 100 ms.
Select the 802.11n 256 QAM check box to enable the 2.4 GHz radio to function
over 256-quadrature amplitude modulation (QAM), which can increase the 2.4 GHz
radio throughput for clients that are capable of supporting 256 QAM. By default, 256
QAM is disabled for the 2.4 GHz radio, that is, the check box is cleared.
By default, 256-QAM is enabled for the 5 GHz radios and you cannot disable it (the
page does not provide check boxes for the 5 GHz radios).
Fixed Multicast Rate
DTIM Interval (1-255)
Broadcast/Multicast
Rate Limiting
From the menu, select the multicast traffic transmission rate for the radio. The default
is Auto, which lets the access point automatically adjust the multicast traffic
transmission rate.
Move the slider to specify the delivery traffic indication message (DTIM) interval or
the data beacon rate, which indicates the beacon delivery traffic indication message
period in multiples of beacon intervals. This value must be between 1 and 255. The
default is 2.
Multicast and broadcast rate limiting is enabled by default to improve the overall
network performance by limiting the number of packets that are transmitted across
the network. By default, the setting is 50 (the maximum possible value), which specifies
a maximum rate limit of 50 packets per second. To change the setting, move the
slider. To disable multicast and broadcast rate limiting, clear the small check box.
Radio Features
User Manual75Manage the Advanced WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
(Continued)
DescriptionSetting
MU-MIMO
802.11h
By default, the MU-MIMO Enable radio button is selected and multiuser MIMO
(MU-MIMO) is enabled. To disable MU-MIMO, select the MU-MIMO Disable radio
button.
802.11ac Wave 2 supports MU-MIMO, which enables multiple users to receive data
from the access point simultaneously using the same channel. With MU-MIMO, the
access point can transmit to multiple clients simultaneously using the same channel.
MU-MIMO is used in the downstream direction and requires both the access point
and the WiFi clients to be capable of 802.11ac Wave 2.
You can enable or disable MU-MIMO for the 5 GHz radios but not for the 2.4 GHz
radio.
Select the 802.11h Enable radio button to enable 802.11h-capable WiFi clients to
automatically switch to a new channel without disconnecting from the access point
and without losing any data when the access point changes to another channel. By
default, the 802.11h Disable radio button is selected and 802.11h is disabled.
You can enable or disable 802.11h for the 5 GHz radios but not for the 2.4 GHz radio.
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Manage the maximum number of clients for a radio
The number of clients that are allowed to associate with a radio affects the reliability
and throughput of the WiFi connection. A smaller number can increase the reliability
and throughput and a large number can decrease the reliability and throughput.
By default, one radio allows up to 200 client associations. You can specify a lower number
of clients. If the number of associated clients exceeds the maximum number that you
specify, the radio rejects new client associations until the number drops below that
maximum number.
To manage the maximum number of clients for a radio:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
Radio Features
User Manual76Manage the Advanced WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Advanced.
The Wireless Settings page displays.
5.
In the Max.Wireless Clients field, enter the maximum number of WiFi clients that
can simultaneously associate with the radio.
The range is from 1 to 200 for the radio. The default is 200 WiFi clients for the radio.
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Manage the broadcast and multicast settings for a radio
Because multicast and broadcast traffic can adversely affect the throughput and latency
of a WiFi network, you can change the multicast and broadcast rate limiting settings
and the fixed multicast traffic transmission rate for a radio.
By default, multicast and broadcast rate limiting is enabled to improve the overall
network performance by limiting the number of packets that are transmitted across the
network. By default, the setting is 50 (the maximum possible value), which specifies a
maximum rate limit of 50 packets per second. You can lower this number.
The multicast traffic transmission rate for the radio is Auto, which lets the access point
automatically adjust the multicast traffic transmission rate. You can specify a fixed
transmission rate.
To manage the broadcast and multicast settings for a radio:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
Radio Features
User Manual77Manage the Advanced WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Advanced.
The Wireless Settings page displays.
5.
To change the multicast and broadcast rate limiting settings for a radio, under
Broadcast/Multicast Rate Limiting, take one of the following actions in:
To change the rate limiting setting, move the slider. By default, the setting is 50
•
(the maximum possible value), which specifies a maximum rate limit of 50 packets
per second.
To disable or enable multicast and broadcast rate limiting, clear or select the
•
small check box.
6.
To change the multicast traffic transmission rate for a radio, from the Fixed Multicast
Rate menu, select a transmission rate.
The default is Auto.
7. Click the Apply button.
A pop-up warning window opens.
8. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
Manage load balancing for the radios
You can configure the radio utilization thresholds to enable each radio to maintain the
speed and performance of the WiFi network as clients associate with and disassociate
from the WiFi network.
Client associations depend on the percentage of network bandwidth utilization that
you specify and the WLAN utilization for each radio, which you can view in the Current
Trend pane on the Dashboard page. New client associations are allowed if a radio’s
WLAN utilization is less than the percentage of network bandwidth utilization for the
radio. New client associations are not allowed if a radio’s WLAN utilization exceeds the
percentage of network bandwidth utilization for the radio.
Radio Features
User Manual78Manage the Advanced WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
To manage load balancing for the radios:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Advanced > Load Balancing.
5.
To enable load balancing for the radios, select the Load Balancing Mode Enable
radio button.
By default, load balancing is disabled.
The page provides a slider for each radio.
6.
For each radio, move the associated slider to specify the percentage of network
bandwidth utilization that is allowed on the radio before it stops accepting new client
associations.
The default is 90%, which specifies that all new associations are allowed up to 90
percent of the utilization rate of the radio.
7. Click the Apply button.
A pop-up warning window opens.
8. Click the OK button.
The pop-up window closes and your settings are saved. The radio or radios restart
and WiFi clients might need to reconnect.
User Manual79Manage the Advanced WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Manage Airtime Fairness for the radios
You can configure the Airtime Fairness to enable all radios to provide better WiFi
performance in an environment with legacy and non-legacy clients.
Airtime fairness ensures that all clients receive equal time on the network. Network
resources are divided by time, so if five clients are connected, they each get one-fifth
of the network time. The advantage of this feature is that the slowest clients do not
control network responsiveness. This feature is disabled by default, but you can enable
it.
Note: On each radio, Airtime Fairness is supported for the first 50 clients. If the radio
supports more than 50 clients, the remaining clients must share the unreserved network
time on the radio, that is, Airtime Fairness does not apply to those clients.
To manage Airtime Fairness for all radios:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Advanced > Air Time Fairness.
The Air Time Fairness page displays.
5.
To enable Airtime Fairness for all radios, select the Enable radio button.
By default, Airtime Fairness is disabled for all radios.
6. Click the Apply button.
A pop-up warning window opens.
7. Click the OK button.
The pop-up window closes and your settings are saved. The radios restart and WiFi
clients might need to reconnect.
User Manual80Manage the Advanced WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Set a data volume limit for the access point
You can set a total monthly data volume limit that applies to all WiFi networks that you
configure on the access point, that is, it applies to all SSIDs (or VAPs) collectively. A
typical use of this feature is to restrict guest user data consumption.
For each SSID, you can define a percentage of the monthly data volume limit, in which
case must allocate a data volume in MB to each WiFi client of that SSID. In relation to
settings percentages for SSIDs, note the following:
To make sure that each SSID receives its exact share of the total monthly data volume
•
limit, make sure that the percentages for all SSIDs together do not exceed 100
percent.
To set a less restrictive policy, the percentages for all SSIDs together do not need
•
to add up to 100 percent. For example, if you set 60 percent for one SSID and 60
percent for another SSIDs, you are providing an equal chance to each SSID to
consume 60 percent of the total monthly data volume limit. If one SSID actually
consumes 60 percent, only 40 percent is available for the other SSID.
If you do not set a data volume limit for any SSIDs, all SSIDs are allowed 100 percent
•
of the total monthly data volume limit, and data is consumed on a first come, first
served basis, up to the total monthly data volume limit.
You can specify when the monthly counter resets or manually reset the counter.
If the consumed data reaches a definable percentage of the profile data volume limit
for an SSID, either the data is dropped for all WiFi clients of the SSID or those WiFi clients
are disconnected.
To set a data volume limit for the access point:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless > Advanced > Data Volume
Limit.
The Data Volume Limit page displays.
Radio Features
User Manual81Manage the Advanced WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
5. Select the Data Volume Limit check box.
6.
In the Data Volume Limit Setup section, specify the following settings, which apply
to SSIDs collectively, whether or not you set a data volume limit for an SSID in Step
7:
a.
Monthly limit. Enter the total monthly data volume limit in MB for the access
point, that is, for all SSIDs collectively.
For example, if you enter 500000, a data volume limit of 500 GB applies to all
SSIDs collectively.
The default value is 1024 MB (1 GB). The maximum that you can enter is 100 TB
(100000 GB).
b.
Data limit control by. From the menu, select if the data volume limit applies to
downloaded data, to uploaded data, or to both combined.
c.
Reset data limit counters. Specify the day and time of the month when the
counter is reset and the data volume usage for all SSIDs is reset to zero.
To immediately reset the counter to zero, click the Reset Counter button and
confirm your action by clicking the OK button.
Radio Features
User Manual82Manage the Advanced WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
7.
In the SSID Profiles section, specify the following settings for any individual SSID for
which you want to set a percentage of the total monthly data volume limit:
a.
No Data Volume Limit. To specify that the data volume limit applies to the SSID,
clear the No Data Volume Limit check box for the SSID.
If you leave the check box selected, no data volume limit applies to the SSID,
which means that the SSID is assigned 100 percent. (If you do not set a data
volume limit for any SSID, each SSID is assigned 100 percent.)
b.
Profile Data Volume Limit (%). To set a percentage of the monthly data volume
limit that you specified in Step 6, move the slider to the percentage that you want
to set.
For example, if the monthly data volume limit is 500000 MB and you move the
slider to 60 percent, the volume limit for the SSID is 300000 MB (300 GB). That
means that the SSID cannot consume more data than 300 GB. However, the actual
available data volume for the SSID might be less than 300 GB if the data
consumption on other SSIDs causes the total monthly data volume limit to be
reached before the SSID consumes 300 GB.
c.
Per Client. If you set a percentage for an SSID, set a monthly data volume limit
that applies to each WiFi client of the SSID by entering the monthly data volume
limit in MB per WiFi client.
Take the total monthly data volume limit and the percentage that you set for the
SSID into account. For example, if the total monthly data volume limit is 500000
MB, the percentage for the SSID is 60 percent, and you expect about 30 clients
to connect to the SSID, you could set a data volume of 10000 MB (10 GB) per
WiFi client of the SSID.
Note: When the remaining data volume reaches 10 percent of the monthly data
volume limit for a WiFi client, the data rate for that WiFi client is restricted to
256 Kbps. However, the WiFi client can continue to consume data as long as the
volume limit for the SSID is not yet reached.
Radio Features
User Manual83Manage the Advanced WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
8.
In the Data Volume Limit Policy on SSID Profile section, specify the following settings
that apply to each individual SSID for which you set a profile data volume limit in
Step 7:
a.
Pop-up a warning message. Specify the percentage of the profile data volume
limit for an SSID that, if exceeded, causes a pop-up message to be displayed. By
default, if 10 percent of the remaining profile data volume limit for an SSID is
exceeded, a pop-up warning message is displayed on the Data Volume Limit
page.
b.
When SSID profile limit is reached. Select one of the following radio buttons
to specify the action that occurs if the profile data volume limit for an SSID is
exceeded:
Drop data for all wireless clients. The data for all WiFi clients of the SSID is
•
dropped but the WiFi clients are not disconnected from the SSID.
Disconnect all wireless clients. All WiFi clients are disconnected from the
•
SSID.
9. Click the Apply button.
Your settings are saved.
For information about monitoring the consumed data volume for each SSID for which
you enabled a data volume limit, see View the data volume consumption on page
160.
Set up a WiFi bridge between access points
You can configure a wireless distribution system (WDS) that consists of point-to-point
WiFi bridge connections between two access points. Each WiFi bridge connection
requires a WDS profile for which the settings must match on the access points that make
up the bridge.
If the access point is connected to the Internet over a wired connection, the access point
can function as the WiFi base station for up to four other access points that function as
WiFi repeaters. The access point itself can also function as a WiFi repeater if it is
connected to another access point that functions as a WiFi base station.
A WiFi base station connects to the Internet, wired and WiFi clients can connect to the
base station, and the base station sends its WiFi signal to one or more access points
that function as WiFi repeaters. Wired and WiFi clients can also connect to a WiFi
repeater, but the repeater connects to the Internet through the WiFi base station.
The following figure shows a WiFi repeating scenario with a WiFi base station on the
left side and a single WiFi repeater on the right side.
User Manual84Manage the Advanced WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Figure 6. WiFi bridge configuration between two access points
To use a WiFi bridge, you cannot use the auto channel feature for the access point and
the SSID broadcast must be enabled.
For a WiFi bridge, you must set up a WiFi base station (the master) and a WiFi repeater
(the slave):
WiFi base station. The access point functions as the master that bridges traffic to
•
and from the repeater access point (the slave). The base station also handles local
WiFi and wired traffic. To configure this mode, you must know the MAC address of
the repeater access point. The MAC address is listed on the product label or on the
WiFi bridge configuration page of the local browser interface.
WiFi repeater. The access point functions as the slave and sends all traffic from its
•
local WiFi or wired computers to the WiFi base station (the master). To configure
this mode, you must know the MAC address of the base station.
By default, the access point functions in dual-band concurrent mode. If you enable the
WiFi repeater in either radio band, the WiFi base station or WiFi repeater cannot be
enabled in the other radio band. However, if you enable the WiFi base station in either
radio band and use the other radio band for either client access or as a WiFi base station,
dual-band concurrent mode is not affected.
Before you can set up a WiFi network with WDS, your configuration must meet the
following conditions:
Both access points must use the same WiFi channel and WiFi security settings.
•
Both access points must be on the same LAN IP subnet. That is, all of the access
•
point LAN IP addresses are in the same network.
User Manual85Manage the Advanced WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
All LAN devices (wired and WiFi computers) are configured to operate in the same
•
LAN network address range as the access points.
Note: If you are using the access point as the base station with a non-NETGEAR access
point as a repeater, you might need to change more configuration settings. In particular,
you might need to disable the DHCP server function on the non-NETGEAR access point
that is the repeater.
CAUTION: Before you set up a WiFi bridge between two access points, enable STP on
the access points (see Enable or disable Spanning Tree Protocol on page 113) and on
the switches to which the access points are connected. If your switches do not support
STP, after the WiFi bridge is established, disconnect one of the access points from its
switch to prevent a network loop and connectivity problems. If you used a PoE+ switch
for that access point, you now must use a power adapter.
To set up a WiFi bridge between two access points:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Wireless Bridge.
The page that displays lets you select a WDS profile (WDS 1, WDS 2, WDS 3, or WDS
4).
5.
Click the > button to the left of a WDS profile.
The WDS profile page displays.
6. Select the Band 2.4 GHz, 5 GHz Low, or 5 GHz High radio button.
Your selection determines the radio band on which the WDS is established. For
countries that do not support dual-band operation, you cannot select the radio.
7. Select the VAP Enable radio button.
Radio Features
User Manual86Manage the Advanced WiFi and
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
By default, a WDS profile is disabled.
8.
Configure the WDS profile settings as described in the following table.
DescriptionSetting
Wireless Network
Name (SSID)
Local MAC Address
Remote MAC Address
Network
Authentication, Data
Encryption, and
Passphrase
The WiFi network name on which the WDS is established. The default name is
Netgear-WDS-x, in which x is the number of the WDS (1, 2, 3, or 4).
The MAC address of the local WDS radio interface, that is, the MAC address of the
local radio on which the WDS is established. You cannot change this MAC address
on this page. The MAC address is displayed for your information.
Enter this MAC address on the remote access point of the WDS connection.
The MAC address of the remote WDS radio interface, that is, the MAC address of
the remote radio on which the WDS is established.
By default, the selection from the menu is Open, in which case authentication and
data encryption are not applicable. To secure the WDS connection, select WPA2
Personal and specify the following settings:
Encryption. The data encryption is AES and you cannot change this setting.
•
Passphrase. The passphrase for the WDS connection. For you to enable the WDS
•
connection, the passphrase on the remote access point must match the passphrase
that you define in this field.
9. Click the Apply button.
Your settings are saved.
10.
Configure the WiFi bridge settings on the access point at the other end of the WiFi
bridge and restart that access point.
If the access point at the other end of the WiFi bridge is a model WAC505, WAC510,
or WAC540 access point, you do not need to restart it.
The WiFi bridge is established.
User Manual87Manage the Advanced WiFi and
Radio Features
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
11.
Verify connectivity across the LANs of both access points.
If the configuration is set up correctly, a computer on any WiFi or wired LAN segment
of the access point that functions as the WiFi repeater can connect to the Internet
or share files and printers with any other computer or server connected to the access
point that functions as the WiFi base station.
Radio Features
User Manual88Manage the Advanced WiFi and
5
Manage Access and Security
This chapter describes how you can manage access and security features and user
accounts.
The chapter includes the following sections:
• Block specific URLs and keywords for Internet access
• Manage local MAC access control lists
• Manage user accounts
• Manage neighbor AP detection
• Set up RADIUS servers
Note: For information about essential WiFi security (network authentication and
encryption), see Set up an open or secure WiFi network on page 36.
89
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
Block specific URLs and keywords for Internet access
You can set up a blacklist by specifying URLs (web addresses) for which Internet access
must be blocked. You can also specify keywords that cause the access point to reject
URLs that contain those keywords.
To set up a blacklist with URLs and keywords for which Internet access must be
blocked:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Security > URL Filtering.
The URL Filtering page displays.
5. Select the Enable radio button.
User Manual90Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
6.
Compose the blacklist in the following ways:
Blocked URLs. To add a URL to the blacklist, type or copy the URL in the upper
•
field (to the left of the upper Add button) and click the upper Add button. You
can also select one or more URLs from the Popular URL list by selecting the check
boxes for the URLS and clicking the << Move button.
To remove a URL from the blacklist, select the check box for the URL and click
the upper left Remove button.
When you block a URL, the domain and all URLs in the domain are blocked. For
example, if you enter and add www.google.com, all web pages in the
www.google.com domain are blocked, including, for example,
www.google.com/finance.
Blocked Keywords. To add a keyword entry to the blacklist, enter the keyword
•
in the lower field (to the left of the lower Add button) and click the lower Add
button.
To remove a keyword entry from the blacklist, select the check box for the entry
and click the lower Remove button.
All URLs that contain the keyword are blocked. For example, if you enter and add
Jobs, all URLs that contains Jobs (or jobs) are blocked.
7. Click the Apply button.
Your settings are saved.
Manage local MAC access control lists
The access point supports eight local access control lists (ACLs) that are based on MAC
addresses. Each local MAC ACL can contain a total number of 256 MAC addresses.
If you set up an ACL with a policy that allows access and you apply that ACL to a WiFi
network (that is, to an SSID), the ACL functions as follows:
A WiFi device for which you place the MAC address in the ACL is allowed access to
•
the WiFi network.
All other WiFi devices are denied access to the WiFi network.
•
If you set up an ACL with a policy that denies access and you apply that ACL to a WiFi
network (that is, to an SSID), the ACL functions as follows:
A WiFi device for which you place the MAC address in the ACL is denied access to
•
the WiFi network.
All other WiFi devices are allowed access to the WiFi network.
•
User Manual91Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
An ACL takes effect only after you apply it to a WiFi network. For information about
applying an ACL to a WiFi network, see Select a MAC ACL for a WiFi network on page
50. You can apply a MAC ACL to more than one WiFi network.
The following sections describe how you can manage MAC ACLs:
• Manually set up a MAC access control List
• Import an existing MAC access control list
Manually set up a MAC access control List
You can compose up to eight access control lists (ACLs) that are each based on up to
256 MAC addresses. The access point includes MAC ACLs with the following default
group names and settings, which you can change:
Management. If enabled, allows access to trusted stations by default.
•
Guest. If enabled, allows access to trusted stations by default.
•
Guest1. If enabled, denies access to untrusted stations by default.
•
Custom. If enabled, denies access to untrusted stations by default.
•
Custom 1. If enabled, allows access to trusted stations by default.
•
Custom 2. If enabled, allows access to trusted stations by default.
•
Custom 3. If enabled, allows access to trusted stations by default.
•
Custom 4. If enabled, allows access to trusted stations by default.
•
By default, these MAC ACLs are disabled and do not include any stations. You can
manually add devices, import devices (see Import an existing MAC access control list
on page 95), or do both.
You can use a MAC ACL to control which WiFi devices (stations) can access a WiFi
network. You can apply one MAC ACL to more than one WiFi network.
To manually set up a MAC ACL:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
User Manual92Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
4.
Select Management > Configuration > Security > MAC ACL.
5.
Click the group name for the MAC ACL that you want to set up.
The previous figure shows some examples. Devices in the Available Stations table
are automatically detected by the access point and are common to all MAC ACLs,
which allows you to add a device to more than one MAC ACL. A neighboring station
displays as Neighbor and a connected station displays as connected.
6.
To change the group name, enter a new name in the Group Name field.
The default group names for the eight MAC ACLs are Management, Guest, Guest1,
Custom, Custom 1, Custom 2, Custom 3, and Custom 4.
7. Select the ACL Policy Allow or Deny radio button.
If you select the Allow radio button, a WiFi device for which you place the MAC
address in the ACL is allowed access to the WiFi network, but all other WiFi devices
are denied access to the WiFi network.
If you select the Deny radio button, a WiFi device for which you place the MAC
address in the ACL is denied access to the WiFi network, but all other WiFi devices
are allowed access to the WiFi network.
User Manual93Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
8.
Compose the ACL in the following way:
For an ACL for which you selected the Allow radio button in Step 7, do the
•
following:
- To manually add a device to the Trusted Stations table, enter the MAC address
in the format 00-00-00-00-00-00 in the field below the Trusted Stations table,
and click the Add button.
The device is added to the Trusted Stations table.
-
To move a device from the Available Stations table to the Trusted Stations
table, select the check box for the device and click the << Move button.
You can search the Available Stations table. You can also filter devices in the
Available Stations table by clicking the filter icon.
-
To remove a device from the Trusted Stations table, select the check box for
the device and click the Remove button.
You can search the Trusted Stations table.
When you remove a device from the Trusted Stations table, after the access
point redetects the device, the device is once again placed in the Available
Stations table.
For an ACL for which you selected the Deny radio button in Step 7, do the
•
following:
- To manually add a device to the Untrusted Stations table, enter the MAC
address in the format 00-00-00-00-00-00 in the field below the Untrusted
Stations table, and click the Add button.
The device is added to the Untrusted Stations table.
-
To move a device from the Available Stations table to the Untrusted Stations
table, select the check box for the device and click the << Move button.
You can search the Available Stations table. You can also filter devices in the
Available Stations table by clicking the filter icon.
-
To remove a device from the Untrusted Stations table, select the check box
for the device and click the Remove button.
You can search the Untrusted Stations table.
When you remove a device from the Untrusted Stations table, after the access
point redetects the device, the device is once again placed in the Available
Stations table.
9. Click the Apply button.
Your settings are saved.
For more information about applying an ACL to a WiFi network, see Select a MAC
ACL for a WiFi network on page 50.
User Manual94Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
WiFi devices in the Trusted Stations table can access the WiFi network to which you
apply the ACL. WiFi devices in the Untrusted Stations table cannot access the WiFi
network to which you apply the ACL.
Import an existing MAC access control list
You can import an existing access control list (ACL) that is based on up to 256 MAC
addresses. You can import the list into any MAC ACL, but the MAC addresses on the
list are available only for the MAC ACL into which you import the list. That is, if you want
to use the same list in another MAC ACL, you must also import the list into that MAC
ACL.
The file with MAC addresses must be in the following format:
Entries in the file must be MAC addresses only in hexadecimal format with each octet
•
separated by a hyphen, for example 00-11-22-33-44-55.
You must separate entries with a comma.
•
The file must be in text format (that is, with a .txt or .cfg extension).
•
You can use a MAC ACL to control which WiFi devices can access a WiFi network. You
can apply a MAC ACL to more than one WiFi network.
To import an existing MAC ACL:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > Security > MAC ACL.
User Manual95Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
5.
Click the group name for the MAC ACL that you want to set up.
The previous figure shows some examples. Devices in the Available Stations table
are automatically detected by the access point and are common to all MAC ACLs,
which allows you to add a device to more than one MAC ACL. A neighboring station
displays as Neighbor and a connected station displays as connected.
6.
To change the group name, enter a new name in the Group Name field.
The default group names for the eight MAC ACLs are Management, Guest, Guest1,
Custom, Custom 1, Custom 2, Custom 3, and Custom 4.
7. Select the ACL Policy Allow or Deny radio button.
If you select the Allow radio button, a WiFi device for which you import the MAC
address into the ACL is allowed access to the WiFi network, but all other WiFi devices
are denied access to the WiFi network.
If you select the Deny radio button, a WiFi device for which you import the MAC
address into the ACL is denied access to the WiFi network, but all other WiFi devices
are allowed access to the WiFi network.
8.
To download a sample of a MAC ACL in the format that is required for importing,
click the Download Sample link.
User Manual96Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
9.
Import and compose the ACL in the following way:
For an ACL for which you selected the Allow radio button in Step 7, do the
•
following:
a. Replace or merge the MAC addresses in the import list with the MAC
addresses in the Trusted Stations table (if any are already in the table) by
selecting one of the following radio buttons:
- Replace. MAC addresses in the Trusted Stations table are replaced with
the ones in the import list.
- Merge. MAC addresses in the Trusted Stations table are merged with the
ones in the import list.
b.
Click the Browse button and navigate to and select the import file.
The MAC addresses on the import list are placed in the Trusted Stations table.
c.
To remove a MAC address from the Trusted Stations table, select the MAC
address and click the Remove button.
You can search the Trusted Stations table.
When you remove a device from the Trusted Stations table, after the access
point redetects the device, the device is once again placed in the Available
Stations table.
For an ACL for which you selected the Deny radio button in Step 7, do the
•
following:
a. Replace or merge the MAC addresses in the import list with the MAC
addresses in the Untrusted Stations table (if any are already in the table) by
selecting one of the following radio buttons:
- Replace. MAC addresses in the Untrusted Stations table are replaced with
the ones in the import list.
- Merge. MAC addresses in the Untrusted Stations table are merged with
the ones in the import list.
b.
Click the Browse button and navigate to and select the import file.
The MAC addresses on the import list are placed in the Untrusted Stations
table.
c.
To remove a MAC address from the Untrusted Stations table, select the MAC
address and click the Remove button.
You can search the Untrusted Stations table.
When you remove a device from the Untrusted Stations table, after the access
point redetects the device, the device is once again placed in the Available
Stations table.
User Manual97Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
10. Click the Apply button.
Your settings are saved. For information about manually adding MAC addresses to
those in the Trusted Stations table or Untrusted Stations table, see Manually set up
a MAC access control List on page 92.
For more information about applying an ACL to a WiFi network, see Select a MAC
ACL for a WiFi network on page 50.
WiFi devices in the Trusted Stations table can access the WiFi network to which you
apply the ACL. WiFi devices in the Untrusted Stations table cannot access the WiFi
network to which you apply the ACL.
Manage user accounts
User accounts provide either read/write or read-only access to the local browser interface
of the access point. You can add, change, or delete user accounts. You cannot delete
or change the default admin user account except for the password.
The following sections describe how you can manage user accounts:
• Add a user account
• Change the settings for a user account
• Remove a user account
For information about changing the password for the default admin user account, see
Change the admin user account password on page 122.
Add a user account
To add a user account:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > System > Advanced > User Accounts.
User Manual98Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
5. Click the add user account icon.
Additional fields and a menu display.
6.
Specify the settings for the new user account:
User Name. Enter a user name.
•
Password. Enter a password between 6 and 64 characters in length.
•
The ideal password contains no English dictionary words and contains uppercase
and lowercase letters, numbers, and symbols. However, do not include quotation
marks (") in the password.
Privilege. From the menu, select Read-Write or Read-Only.
•
Session Timeout. Use the Hours and Minutes fields to specify the period after
•
which a session automatically expires and the user must log in again.
By default, a session expires after 45 minutes.
7. Click the Apply button.
Your settings are saved.
Change the settings for a user account
You cannot change the access privilege for the default admin user account.
To change the user name, password, or access privilege for a user account:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
User Manual99Manage Access and Security
Insight Managed Smart Cloud Wireless Access Point AC3000 WAC540 User Manual
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > System > Advanced > User Accounts.
The existing user accounts display.
5.
To the right of the user account, change the existing settings as needed:
User Name. Enter another user name.
•
Password. Enter another password between 6 and 64 characters in length.
•
The ideal password contains no English dictionary words and contains uppercase
and lowercase letters, numbers, and symbols. However, do not include quotation
marks (") in the password.
Privilege. From the menu, select Read-Write or Read-Only.
•
Session Timeout. Use the Hours and Minutes fields to specify the period after
•
which a session automatically expires and the user must log in again.
By default, a session expires after 45 minutes.
6. Click the Apply button.
Your settings are saved.
Remove a user account
You can remove a user account that you no longer need. You cannot remove the default
admin user account.
To remove a user account:
1.
Open a web browser from a computer that is connected to the same network as the
access point or to the access point directly through an Ethernet cable or WiFi
connection.
2. Enter the IP address that is assigned to the access point.
A login window opens.
3. Enter the access point user name and password.
The default user name is admin. The password is the one that you specified the first
time that you logged in. The user name and password are case-sensitive.
The Dashboard page displays.
4.
Select Management > Configuration > System > Advanced > User Accounts.
The existing user accounts display.
User Manual100Manage Access and Security
Loading...