802.11n Enterprise PoE Access Point
WNAP-3000PE
User’s Manual
Copyright
Copyright© 2009 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language or computer language, in any form or by any means, electronic, mechanical,
magnetic, optical, chemical, manual or otherwise, without the prior written permission of
PLANET.
PLANET makes no representations or warranties, either expressed or implied, with respect to
the contents hereof and specifically disclaims any warranties, merchantability or fitness for
any particular purpose. Any software described in this manual is sold or licensed "as is".
Should the programs prove defective following their purchase, the buyer (and not this company, its distributor, or its dealer) assumes the entire cost of all necessary servicing, repair,
and any incidental or consequential damages resulting from any defect in the software. Further, this company reserves the right to revise this publication and to make changes from time
to time in the contents hereof without obligation to notify any person of such revision or
changes..
All brand and product names mentioned in this manual are trademarks and/or registered
trademarks of their respective holders.
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This equipment generates,
uses, and can radiate radio frequency energy and, if not installed and used in accordance
with the instructions, may cause harmful interference to radio communications. However,
there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and receiver.
3. Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
4.
Consult the dealer or an experienced radio technician for help.
FCC Caution:
To assure continued compliance.(example-use only shielded interface cables when connecting to computer or peripheral devices). Any changes or modifications not expressly approved
by the party responsible for compliance could void the user’s authority to operate the equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the Following two
conditions: (1) This device may not cause harmful interference, and (2 ) this Device must
accept any interference received, including interference that may cause undesired operation.
Federal Communication Commission (FCC) Radiation Exposure
Statement
This equipment complies with FCC radiation exposure set forth for an uncontrolled environment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits,
human proximity to the antenna shall not be less than 20 cm(8 inches) during normal operation.
R&TTE Compliance Statement
This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE
EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and
telecommunication terminal Equipment and the mutual recognition of their conformity (R&TTE)
The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications
Terminal Equipment and Satellite Earth Station Equipment) As of April 8,2000.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it.
However, special attention must be paid to the dangers of electric shock and static electricity
when working with electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment.
Revision
User’s Manual for PLANET 802.11n Enterprise PoE Access Point
Model: WNAP-3000PE
Rev: 1.1 (June, 2009)
Part No. EM-WNAP3000PE
T
ABLE OF CONTENTS
CHAPTER 1 INTRODUCTION ..............................................................................................1
1.1 Package Contents ........................................................................................................1
1.2 Physical Details............................................................................................................1
1.3 Feature ......................................................................................................................... 3
1.4 Specification................................................................................................................. 3
CHAPTER 2 INSTALLATION................................................................................................ 5
2.1 General installation ..................................................................................................... 5
2.2 Using PoE (Power over Ethernet).............................................................................. 5
CHAPTER 3 WEB LOGIN ...................................................................................................... 6
Setup Procedure............................................................................................................ 6
CHAPTER 4 STATUS ............................................................................................................. 8
CHAPTER 5 SYSTEM........................................................................................................... 13
5.1 Basic Settings ............................................................................................................. 13
5.2 Advanced Settings ..................................................................................................... 15
CHAPTER 6 WIRELESS ...................................................................................................... 17
6.1 Basic Settings ............................................................................................................. 17
6.2 Virtual AP Settings.................................................................................................... 19
Security Settings......................................................................................................... 20
Security Settings - None ............................................................................................. 22
Security Settings - WEP ............................................................................................. 22
Security Settings - WPA-PSK .................................................................................... 24
Security Settings - WPA2-PSK .................................................................................. 25
Security Settings - WPA-PSK and WPA2-PSK......................................................... 26
Security Settings - WPA with Radius......................................................................... 27
Security Settings - WPA2 with Radius....................................................................... 28
Security Settings - WPA and WPA2 with Radius ...................................................... 29
Security Settings - 802.1x........................................................................................... 30
6.3 Radius Server Settings .............................................................................................. 31
6.4 Access Control ........................................................................................................... 32
6.5 Advanced Setting....................................................................................................... 35
6.6 Wi-Fi Protected Setup............................................................................................... 37
CHAPTER 7 MANAGEMENT .............................................................................................. 38
7.1 Basic Settings ............................................................................................................. 38
7.2 Auto Config/Update ..................................................................................................39
7.3 Config File.................................................................................................................. 41
7.4 SNMP ......................................................................................................................... 43
7.5 Log Settings................................................................................................................45
7.6 Upgrade Firmware.................................................................................................... 47
CHAPTER 8 PC AND SERVER CONFIGURATION........................................................ 48
8.1 Overview ....................................................................................................................48
8.2 Using WEP ................................................................................................................. 48
8.3 Using WPA-PSK........................................................................................................ 48
8.4 Using WPA-802.1x ....................................................................................................49
8.5 802.1x Server Setup (Windows 2000 Server).......................................................... 49
Windows 2000 Domain Controller Setup .................................................................. 50
Services Installation.................................................................................................... 50
DHCP server configuration ........................................................................................ 51
Certificate Authority Setup......................................................................................... 53
Internet Authentication Service (Radius) Setup .........................................................56
Grant Remote Access for Users.................................................................................. 58
i
8.6 802.1x Client Setup on Windows XP ....................................................................... 58
Client Certificate Setup............................................................................................... 58
802.1x Authentication Setup ......................................................................................61
8.7 Using 802.1x Mode (without WPA) .........................................................................64
APPENDIX A TROUBLESHOOTING.................................................................................65
APPENDIX B WINDOWS TCP/IP ....................................................................................... 66
Overview .......................................................................................................................... 66
Checking TCP/IP Settings - Windows 9x/ME: ............................................................. 66
Checking TCP/IP Settings - Windows NT4.0 ...............................................................68
Checking TCP/IP Settings - Windows 2000.................................................................. 70
Checking TCP/IP Settings - Windows XP .................................................................... 72
Checking TCP/IP Settings - Windows Vista ................................................................. 74
APPENDIX C ABOUT WIRELESS LANS ......................................................................... 76
Overview .......................................................................................................................... 76
Wireless LAN Terminology............................................................................................ 76
Modes ......................................................................................................................... 76
SSID/ESSID ............................................................................................................... 76
Channels ..................................................................................................................... 77
WEP............................................................................................................................ 77
WPA-PSK .................................................................................................................. 77
WPA2-PSK ................................................................................................................ 77
WPA-Enterprise ......................................................................................................... 78
802.1x ......................................................................................................................... 78
APPENDIX D COMMAND LINE INTERFACE .................................................................. 79
Overview .......................................................................................................................... 79
Using the CLI - Telnet................................................................................................ 79
Command Reference....................................................................................................... 79
Chapter 1
Introduction
PLANET WNAP-3000PE is an advanced management class, high encryption standard but costeffectively Enterprise PoE access point. Built-in IEEE802.11n 3 Tx (Transmit chains) / 3 Rx
(Receive chains) MIMO technology, the data rate could be up t to 300Mbps, as well as complaint with IEEE 802.11b/g device. Full of enterprise advanced network management features,
as well as with high data rate for suitable wide bandwidth, high standard security for wireless
LAN network management wherever in warehouse, campus or business environment.
1.1 Package Contents
Make sure that you have the following items:
WNAP-3000PE x 1
2dBi Dipole Antenna x 3
Power Adapter x 1
Quick Installation Guide x 2
CD-ROM x 1
Note:
If any of the above items are missing, contact your supplier as soon as possible.
1.2 Physical Details
Front panel
LED definition
Power
WLAN
On - Normal operation.
Off - No power
On - Idle
Off - Wireless connection is not available.
Flashing - Data is being transmitted or received via the Wireless access
point. Data includes "network traffic" as well as user data.
1
Status
LAN
Back Panel
On - Error condition.
Off - Normal operation.
Blinking - During start up, and when the Firmware is being upgraded.
On - The LAN port is active.
Off - No active connection on the LAN port.
Flashing - Data is being transmitted or received via the corresponding
LAN port.
Reset Button
LAN
Power
This button has two (2) functions:
• Reboot - When pressed and released, the Wireless Ac-
cess Point will reboot (restart).
• Reset to Factory Defaults - This button can also be used
to clear ALL data and restore ALL settings to the factory
default values.
To Clear All Data and restore the factory default values:
1. Hold the Reset Button until the Status (Red) LED blinks
TWICE, usually more than 5 seconds.
2. Release the Reset Button.
The factory default configuration has now been restored,
and the Access Point is ready for use.
Use a standard LAN cable (RJ45 connectors) to connect this
port to a 10/100/1000BaseT hub/switch on your LAN.
Connect the supplied power adapter (12V@1A) here.
2 3
1.3 Feature
IEEE802.11n draft 2.0 compliant with IEEE802.11b/g
Supports PoE port (IEEE802.3af compliant)
Strong network security with WEP, WPA(PSK), 802.1X authentication
With 3 detachable RP-SMA connectors for external antenna expanding connec-
tion distance
High data transfer rate up to 300Mbps
Five operation modes selectable: AP / AP Client / Wireless Bridge / Multiple
Bridge / Repeater
Adjustable output power level
Supports Multiple SSIDs, Multiple SSID isolation, 802.1Q VLAN, RADIUS MAC
authentication, Rogue AP detection, Access Control
Provide Windows-base utility, Web, and CLI (Command Line Interface) Configu-
ration
SNMP v1, v2, v3 supported
1.4 Specification
Standard IEEE 802.11b/g, IEEE 802.11n draft 2.0
Modulation OFDM/ CCK/ DQPSK / DBPSK
Port
Antenna Detachable 3dBi Dipole Antenna * 3
Output Power
10/100/1000Base-T (RJ-45) PoE port, IEEE802.3af compliant
Auto-negotiation, Auto-MDI
For FCC:
11b - 16 dBm@1TX,
19 dBm@2TX,
20.5dbm@3TX;
11g - 13 dBm@1TX,
16 dBm@2TX,
17.5dbm@3TX;
11n - 19 dBm@1TX@MCS0~4/8~12,
17 dBm@1TX@MCS 5/13,
13 dBm@1TX@MCS6/14,
11 dBm@1TX@MCS7/15,
22 dBm@2TX@MCS0~4/8~12,
20 dBm@2TX@MCS 5/13,
16 dBm@2TX@MCS6/14,
14 dBm@2TX@MCS7/15,
23.5 dBm@3TX@MCS0~4/8~12,
21.5 dBm@3TX@MCS 5/13,
17.5 dBm@3TX@MCS6/14,
15.5 dBm@3TX@MCS7/15
For ETSI:
11b/g/n - 13 dBm@1TX,
16 dBm@2TX,
17.5dbm@3TX
11.b: 11Mbps@ - 88dBm
Sensitivity
Operating Mode AP, AP Client, Wireless Bridge, Multiple Bridge, Repeater
Security
Management
11.g: 54Mbps@ - 73dBm
11.n: 300Mbps@ -69dBm
• WEP, WPA, and WPA-PSK authentication
• 802.1x support
• EAP-MD5, EAP-TLS, EAP-TTLS, PEAP
• RADIUS based MAC authentication
• Block inter-wireless station communication (wireless separation)
• Block SSID broadcast
• Web based configuration
• RADIUS Accounting
• RADIUS-On feature
• RADIUS Accounting update
• Telnet/CLI
• Syslog/internal Log
• Access Control list file support
• Configuration file Backup/Restore
• Statistics support
• LLTD
4 5
Chapter 2
Installation
2.1 General installation
1. Locate an optimum location for the WNAP-3000PE. The best place for your
WNAP-3000PE is usually at the center of your wireless network, with line of
sight to all of your mobile stations.
2. Assemble the antennas to WNAP-3000PE. Try to place them to a position that
can best cover your wireless network. The antenna’s position will enhance the
receiving sensitivity.
3. Connect RJ-45 cable to WNAP-3000PE. Connect the “LAN” port of WNAP3000PE to your LAN switch/hub or a single PC.
4. Plug in power adapter and connect to power source. After power on, WNAP3000PE will start to operate.
5. Check the LEDs:
z The Status LED should flash, then turn OFF.
zThe Power, Ethernet and WLAN LEDs should be ON.
For more information, please refer to LED deification.
NOTE:
ONLY use the power adapter supplied with the WNAP-3000PE. Otherwise, the product
may be damaged.
2.2 Using PoE (Power over Ethernet)
1. Do not connect the supplied power adapter to the WNAP-3000PE.
2. Connect one end of a standard (category 5) LAN cable to the Ethernet port on
the WNAP-3000PE.
3. Connect the other end of the LAN cable to the powered Ethernet port on a
suitable PoE Adapter or switch. (IEEE 802.3af compliant)
4. Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch.
5. Connect the power supply to the PoE adapter and power up.
6. Check the LEDs on the WNAP-3000PE to see it is drawing power via the
Ethernet connection.
Chapter 3
Web Login
Your Browser must support JavaScript. The configuration program has been tested on
the following browsers:
z Netscape V4.08 or later
z Internet Explorer V4 or later
Setup Procedure
Before proceeding, please install the WNAP-3000PE in your LAN, as described previously.
3. Use a PC which is already connected to your LAN, and start the Web browser.
4. In the Address box, enter the IP address of the WNAP-3000PE you want to con-
figure.
Default IP address http://19
5. You should then see a login prompt, which will ask for a User Name and Pass-
word.
Enter User Name, and Password.
User Name: admin
Password: password
6. You will then see the Status screen, which displays the current settings and status.
No data input is possible on this screen.
2.168.0.228
6
If you can't connect:
It is likely that your PC’s IP address is incompatible with the WNAP3000PE’s IP address. This can happen if your LAN does not have a DHCP
Server.
The default IP address of the Wireless Access Point is 192.168.0.228, with
a Network Mask of 255.255.255.0.
If your PC’s IP address is not compatible with this, you must change your
PC’s IP address to an unused value in the range 192.168.0.1 ~
192.168.0.254, with a Network Mask of 255.255.255.0.
7
Chapter 4
Status
This page show the relative information of WNAP-3000PE.Please see the below
tables shown.
Data - Status Screen
Access Point
Access Point Name
MAC Address
Country/Domain
Hardware Version
Firmware Version
TCP/IP
IP Address
Subnet Mask
Gateway
DHCP Client
The current name will be displayed.
The MAC (physical) address of the WNAP-3000PE.
The region or domain, as selected on the System screen.
The version of the hardware currently used.
The version of the firmware currently installed.
The IP Address of the WNAP-3000PE.
The Network Mask (Subnet Mask) for the IP Address
above.
Enter the Gateway for the LAN segment to which the
WNAP-3000PE is attached (the same value as the PCs on
that LAN segment).
This indicates whether the current IP address was obtained
from a DHCP Server on your network.
It will display "Enabled" or "Disabled".
8
DHCP Server
Ethernet
Ethernet Status
Wireless
Channel/Frequency
Wireless Mode
AP Mode
Bridge Mode
Security Profiles
Name
SSID
Status
Buttons
Virtual AP Status
"Enabled" or "Disabled" is displayed for the DHCP server
status.
The current Ethernet status is displayed.
The Channel currently in use is displayed.
The current mode (e.g. 802.11g) is displayed.
The current Access Point mode is displayed.
The current Bridge mode is displayed.
This displays the current name of each security profile.
This displays the SSID associated with the profile.
This indicates whether or not the profile is enabled.
Click this to open a sub-window displaying Virtual AP
Status about the information of Name, SSID, Broadcast
SSID, Security, Status and Clients.
Statistics
Log
Stations
Click this to open a sub-window where you can view Statistics on data transmitted or received by the WNAP-3000PE.
Click this to open a sub-window where you can view the
activity log.
Click this to open a sub-window where you can view the list
of all current Wireless Stations using the WNAP-3000PE.
Virtual AP Status
This screen is displayed when the Virtual AP Status button on the Status screen is
clicked.
9
For each profile, the following data is displayed:
Name
BSSIS
SSID
Broadcast SSID
Security
Status
Clients
The name you gave to this profile; if you didn't change the
name, the default name is used.
The MAC address of the VAP.
The SSID assigned to this profile.
Indicates whether or not the SSID is broadcast.
The security method used by this VAP.
Indicates whether or not this profile is enabled.
The number of wireless stations currently using accessing this
WNAP-3000PE using this profile.
If the profile is disabled, this will always be zero.
Statistics Screen
This screen is displayed when the Statistics button on the Status screen is clicked. It
shows details of the traffic flowing through the WNAP-3000PE.
10
Data - Statistics Screen
System Up Time
Up Time
2.4GHz Wireless
Authentication
Deauthentication
Association
Disassociation
Reassociation
Wireless
Data
This indicates the time period which the system has been
running since the last restart or reboot.
The number of "Authentication" packets received. Authentication is the process of identification between the AP and the
client.
The number of "Deauthentication" packets received. Deauthentication is the process of ending an existing
authentication relationship.
The number of "Association" packets received. Association
creates a connection between the AP and the client. Usually,
clients associate with only one AP at any time.
The number of "Disassociation" packets received. Disassociation breaks the existing connection between the AP and
the client.
The number of "Reassociation" packets received. Reassociation is the service that enables an established association
(between AP and client) to be transferred from one AP to
another (or the same) AP.
Number of valid Data packets transmitted to or received from
Wireless Stations, at driver level.
Multicast Packets
Management
Control
Number of Broadcast packets transmitted to or received from
Wireless Stations, using Multicast transmission.
Number of Management packets transmitted to or received
from Wireless Stations.
Number of Control packets transmitted to or received from
Wireless Stations.
Activity Log
This screen is displayed when the Log button on the Status screen is clicked.
Data - Activity Log
Data
Current Time
Log
The system date and time is displayed.
The Log shows details of the connections to the WNAP3000PE.
11
Buttons
Refresh
Save to file
Clear Log
Update the data on screen.
Save the log to a file on your pc.
This will delete all data currently in the Log. This will make it
easier to read new messages.
Station List
This screen is displayed when the Stations button on the Status screen is clicked.
Data - Station List Screen
Station List
MAC Address
The MAC (physical) address of each Wireless Station is displayed.
Mode
SSID
Refresh Button
The mode of each Wireless Station.
This displays the SSID used the Wireless station. Because the
WNAP-3000PE supports multiple SSIDs, different PCs could
connect using different SSIDs.
Update the data on screen.
12
Chapter 5
System
5.1 Basic Settings
Click Basic Settings on the System menu to view a screen like the following.
Figure 1: System Basic Settings Screen
Data - System Basic Settings Screen
Identification
Access Point
Name
Enter a suitable name for this Access Point.
13
Description
Country Domain
MAC Address
IP Settings
DHCP Client
Fixed IP Address
DHCP Server
If desired, you can enter a description for the Access Point.
The country or domain which is matching your current location.
The MAC address is displayed.
Select this option if you have a DHCP Server on your LAN,
and you wish the Access Point to obtain an IP address automatically.
If selected, the following data must be entered.
• IP Address - The IP Address of this device. Enter an
unused IP address from the address range on your LAN.
• Subnet Mask - The Network Mask associated with the IP
Address above. Enter the value used by other devices on
your LAN.
• Gateway - The IP Address of your Gateway or Router.
Enter the value used by other devices on your LAN.
• DNS - Enter the DNS (Domain Name Server) used by
PCs on your LAN.
• If Enabled, the Access Point will allocate IP Addresses to
PCs (DHCP clients) on your LAN when they start up. The
default (and recommended) value is Enabled.
• The Start IP Address and Finish IP Address fields set
the values used by the DHCP server when allocating IP
Addresses to DHCP clients. This range also determines
the number of DHCP clients supported.
Wins Server
Name/IP Address
TimeZone
TimeZone
NTP Server
Name/IP Address
Enter the server name or IP address of the Wins Server.
Choose the Time Zone for your location from the drop-down
list. If your location is currently using Daylight Saving, enable
the Adjust for
Daylight Saving Time checkbox.
You must UNCHECK this checkbox when Daylight Saving
Time finishes.
Enter the server name or IP address of the NTP.
14
5.2 Advanced Settings
Click Advanced Settings on the System menu to view a screen like the following.
Data - System Advanced Settings Screen
VLAN
Enable 802.1Q
VLAN
Native VLAN
AP Management VLAN
This option is only useful if the hubs/switches on your LAN
support the VLAN standard.
Enter the desired value for the Native VLAN. Default value is 1.
Define the VLAN ID used for management.
15
VLAN List
Define the unique ID value (1 - 4094) for each VAP.
Network Integrality Check
Enable Network Integrality
If enabled, the AP will disable the wireless connection if the
wired connect of AP is invalid.
Check
LLTD
Enable Link
Layer Topology
Enable this if you want to use Link Layer Topology Discovery
protocol (LLTD) feature.
Discovery
STP
Enable Span-
Enable this if you want to use this feature.
ning tree
Protocol
802.1x Supplicant
Enable 802.1x
Supplicant
Authentication
Enable this if your network requires this AP to use 802.X authentication in order to operate.
• Authentication via MAC Address
Select this if you want to Use MAC Address for Authentication.
• Authentication via Name and Password
Select this if you want to Use name and password for Authentication.
16
Chapter 6
Wireless
6.1 Basic Settings
The settings on this screen must match the settings used by Wireless Stations.
Click Basic Settings on the Wireless menu to view a screen like the following.
Data - Wireless Basic Settings Screen
Operation
Turn Radio On
Wireless Mode
Enable this to use the wireless feature.
Select the desired option:
• Disable - select this if for some reason you do not this AP to
transmit or receive at all.
• 802.11b - if selected, only 802.11b connections are allowed.
802.11g wireless stations will only be able to connect if they
are fully backward-compatible with the 802.11b standard.
• 802.11g - only 802.11g connections are allowed. If you only
have 802.11g, selecting this option may provide a performance improvement over using the default setting.
• 802.11n - only 802.11n connections are allowed. If you only
have 802.11n, selecting this option may provide a performance improvement over using the default setting.
• 802.11b and 802.11g - this will allow connections by both
802.11b and 802.11g wireless stations.
• 802.11n and 802.11g - this will allow connections by both
802.11n and 802.11g wireless stations.
• Mixed 802.11n/802.11g/802.11b - this is the default, and
will allow connections by 802.11n, 802.11b and 802.11g
wireless stations.
17
Auto Channel
Scan
Channel
/Frequency
Channel
Bandwidth
Extension
Sub-Channel
Operation
Mode
If "Enable" is selected, the Access Point will select the best
available Channel.
If you experience interference (shown by lost connections and/or
slow data transfers) you may need to experiment with manually
setting different channels to see which is the best.
Select the desired bandwidth from the list.
Select Above or Below Primary Channel from the list.
Select the desired mode:
• Access Point - operate as a normal Access Point
• Bridge (Point-to-Point) - Bridge to a single AP. You must
provide the MAC address of the other AP in the PTP Bridge
AP MAC Address field.
• Bridge (Multi-Point) - Select this only if this AP is the
"Master" for a group of Bridge-mode APs. The other Bridgemode APs must be set to Point-to-Point Bridge mode, using
this AP's MAC address. They then send all traffic to this
"Master".
• Wireless Client/Repeater - Act as a client or repeater for
another Access Point. If selected, you must provide Remote
SSID and the address (MAC address) of the other AP in the
Remote AP MAC Address field. In this mode, all traffic is
sent to the specified AP.
• Wireless Detection - This mode will turn the access point
into a wireless Monitor. A "Rouge AP" is an Access Point
which should not be in use, and so can be considered to be
providing unauthorized access to your LAN.
• No Security - If checked, then any AP operating with se-
curity disabled is considered to be a Rogue AP.
• Not in Legal AP List - If checked, then any AP not listed
in the "Legal AP List" is considered to be a Rogue AP. If
checked, you must maintain the Legal AP List.
• Define Legal AP - Click this to open a sub-screen
where you can modify the "Legal AP List". This list must
contain all known APs, so must be kept up to date.
Remote MAC
Address
Select Remote
AP
You must enter the MAC address(es) of other AP(s) in the fields.
If the other AP is on-line, you can click the "Select Remote AP"
button and select from a list of available APs.
18
6.2 Virtual AP Settings
Clicking the Virtual APs link on the Wireless menu will result in a screen like the
following.
Data - Virtual AP Settings Screen
VAPs
VAP List
Enable Button
Configure Button
Disable Button
Isolation
All available VAPs are listed. For each VAP, the following
data is displayed:
• *
If displayed before the name of the VAP, this indicates the VAP is currently enabled. If not
displayed, the VAP is currently disabled.
• VAP Name
The current VAP name is displayed.
• [SSID]
The current SSID associated with this VAP.
• Security System
The current security system (e.g. WPA-PSK ) is
displayed.
Enable the selected VAP.
Change the settings for the selected VAP.
Disable the selected VAP.
Isolate all Virtual APs
from each other
If this option is enabled, wireless clients using different
VAPs (different SSIDs) are isolated from each other, so
they will NOT be able to communicate with each other.
They will still be able to communicate with other clients
using the same profile, unless the "Wireless Separation"
setting on the "Advanced" screen has been enabled.
19
Virtual AP Settings Screen
This screen is displayed when you select a VAP on the Virtual AP Settings screen,
and click the Configure button.
Enter the desired settings for each of the following:
VAP Name
SSID
Broadcast SSID
Isolation within
VAP
Enter a suitable name for this VAP.
Enter the desired SSID. Each VAP must have a unique SSID.
If Disabled, no SSID is broadcast.
If enabled, the SSID will then be broadcast to all Wireless
Stations. Stations which have no SSID (or a "null" value) can
then adopt the correct SSID for connections to this Access
Point.
If enabled, then each Wireless station using the Access Point
is invisible to other Wireless stations. In most business
stations, this setting should be Disabled.
Security Settings
Select the desired option, and then enter the settings for the selected method.
The available options are:
• None - No security is used. Anyone using the correct SSID can connect to your
network.
• WEP - The 802.11b standard. Data is encrypted before transmission, but the
encryption system is not very strong.
• WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more
secure than WEP, and should be used if possible. The PSK (Pre-shared Key)
must be entered on each Wireless station. The 256Bit encryption key is derived
from the PSK, and changes frequently.
20
• WPA2-PSK - This is a further development of WPA-PSK, and offers even greater
security, using the AES (Advanced Encryption Standard) method of encryption.
• WPA-PSK and WPA2-PSK - This method, sometimes called "Mixed Mode",
allows clients to use EITHER WPA-PSK (with TKIP) OR WPA2-PSK (with AES).
• WPA with Radius - This version of WPA requires a Radius Server on your LAN
to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.
If this option is selected:
• This Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data
when required.
• All data transmission is encrypted using the WPA standard. Keys are auto-
matically generated, so no key input is required.
• WPA2 with Radius - This version of WPA2 requires a Radius Server on your
LAN to provide the client authentication according to the 802.1x standard. Data
transmissions are encrypted using the WPA2 standard.
If this option is selected:
• This Access Point must have a "client login" on the Radius Server.
• Each user must authenticate on the Radius Server. This is usually done using
digital certificates.
• Each user's wireless client must support 802.1x and provide the Radius au-
thentication data when required.
• All data transmission is encrypted using the WPA2 standard. Keys are auto-
matically generated, so no key input is required.
• WPA and WPA2 with Radius - EITHER WPA or WPA2 require a Radius Server
on your LAN to provide the client authentication according to the 802.1x standard.
Data transmissions are encrypted using EITHER WPA or WPA2 standard.
If this option is selected:
• This Access Point must have a "client login" on the Radius Server.
• Each user must authenticate on the Radius Server. This is usually done using
digital certificates.
• Each user's wireless client must support 802.1x and provide the Radius au-
thentication data when required.
• All data transmission is encrypted using EITHER WPA or WPA2 standard.
Keys are automatically generated, so no key input is required.
• 802.1x - This uses the 802.1x standard for client authentication, and WEP for data
encryption.
If this option is selected:
• This Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data
when required.
•
All data transmission is encrypted using the WEP standard. You only have to
select the WEP key size; the WEP key is automatically generated.
21
Security Settings - None
No security is used. Anyone using the correct SSID can connect to your network.
Security Settings - WEP
This is the 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.
22
Data - WEP Screen
WEP
Data
Encryption
Authentication
Key Input
Key Value
Passphrase
Select the desired option, and ensure your Wireless stations
have the same setting:
• 64 Bit Encryption - Keys are 10 Hex (5 ASCII) characters.
• 128 Bit Encryption - Keys are 26 Hex (13 ASCII) charac-
ters.
• 152 Bit Encryption - Keys are 32 Hex (16 ASCII) charac-
ters.
Normally, you can leave this at “Automatic”, so that Wireless
Stations can use either method ("Open System" or "Shared
Key".).
If you wish to use a particular method, select the appropriate
value - "Open System" or "Shared Key". All Wireless stations
must then be set to use the same method.
Select "Hex" or "ASCII" depending on your input method. (All
keys are converted to Hex, ASCII input is only for convenience.)
Enter the key values you wish to use. The default key, selected
by the radio button, is required. The other keys are optional.
Other stations must have matching key values.
Use this to generate a key or keys, instead of entering them
directly. Enter a word or group of printable characters in the
Passphrase box and click the "Generate Key" button to automatically configure the WEP Key(s).
23
Security Settings - WPA-PSK
Like WEP, data is encrypted before transmission. WPA is more secure than WEP,
and should be used if possible. The PSK (Pre-shared Key) must be entered on each
Wireless station. The 256Bit encryption key is derived from the PSK, and changes
frequently.
Data - WPA-PSK Screen
WPA-PSK
Network Key
WPA Encryption
Group Key Update
Key Lifetime
Update Group key
when any membership terminates
Enter the key value. Data is encrypted using a 256Bit key
derived from this key. Other Wireless Stations must use the
same key.
The encryption method is TKIP. Wireless Stations must
also use TKIP.
This refers to the key used for broadcast transmissions.
Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the Group key will be updated whenever any
member leaves the group or disassociates from the Access
Point.
24
Security Settings - WPA2-PSK
This is a further development of WPA-PSK, and offers even greater security, using the
AES (Advanced Encryption Standard) method of encryption.
Data - WPA2-PSK Screen
WPA2-PSK
Network Key
WPA Encryption
Group Key Update
Key Lifetime
Update Group key
when any membership terminates
Enter the key value. Data is encrypted using a 256Bit key
derived from this key. Other Wireless Stations must use the
same key.
The encryption method is AES. Wireless Stations must also
use AES.
This refers to the key used for broadcast transmissions.
Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the Group key will be updated whenever any
member leaves the group or disassociates from the Access
Point.
25
Security Settings - WPA-PSK and WPA2-PSK
This method, sometimes called "Mixed Mode", allows clients to use EITHER WPAPSK (with TKIP) OR WPA2-PSK (with AES).
Data - WPA-PSK and WPA2-PSK Screen
WPA-PSK and WPA2-PSK
Network Key
WPA Encryption
Group Key Update
Key Lifetime
Update Group key
when any membership terminates
Enter the key value. Data is encrypted using this key. Other
Wireless Stations must use the same key.
The encryption method is TKIP for WPA-PSK, and AES for
WPA2-PSK.
This refers to the key used for broadcast transmissions.
Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the Group key will be updated whenever any
member leaves the group or disassociates from the Access
Point.
26
Security Settings - WPA with Radius
This version of WPA requires a Radius Server on your LAN to provide the client
authentication according to the 802.1x standard. Data transmissions are encrypted
using the WPA standard.
Data - WPA with Radius Screen
WPA with Radius
WPA Encryption
Group Key Update
Key Lifetime
Update Group key
when any membership terminates
The encryption method is TKIP. Wireless Stations must
also use TKIP.
This refers to the key used for broadcast transmissions.
Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the Group key will be updated whenever any
member leaves the group or disassociates from the Access
Point.
27
Security Settings - WPA2 with Radius
This version of WPA2 requires a Radius Server on your LAN to provide the client
authentication according to the 802.1x standard. Data transmissions are encrypted
using the WPA2 standard.
Data - WPA2 with Radius Screen
WPA2 with Radius
WPA Encryption
Group Key Update
Key Lifetime
Update Group key
when any membership terminates
The encryption method is AES. Wireless Stations must also
use AES.
This refers to the key used for broadcast transmissions.
Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the Group key will be updated whenever any
member leaves the group or disassociates from the Access
Point.
28
Security Settings - WPA and WPA2 with Radius
EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client
authentication according to the 802.1x standard. Data transmissions are encrypted
using EITHER WPA or WPA2 standard.
Data - WPA and WPA2 with Radius Screen
WPA and WPA2 with Radius
WPA Encryption
Group Key Update
Key Lifetime
Update Group key
when any membership terminates
The encryption method is TKIP for WPA, and AES for
WPA2.
This refers to the key used for broadcast transmissions.
Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the Group key will be updated whenever any
member leaves the group or disassociates from the Access
Point.
29
Security Settings - 802.1x
This uses the 802.1x standard for client authentication, and WEP for data encryption.
If this option is selected:
• This Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server. Normally, a Certificate
is used to authenticate each user. See Chapter4 for details of user configuration.
• Each user's wireless client must support 802.1x.
• All data transmission is encrypted using the WEP standard. You only have to
select the WEP key size; the WEP key is automatically generated.
Data - 802.1x Screen
802.1x
WEP Key Size
Dynamic WEP Key
Select the desired option:
• 64 Bit - Keys are 10 Hex (5 ASCII) characters.
• 128 Bit - Keys are 26 Hex (13 ASCII) characters.
• 152 Bit - Keys are 32 Hex (16 ASCII) characters.
Click this if you want the WEP keys to be automatically
generated.
• The key exchange will be negotiated. The most widely
supported protocol is EAP-TLS.
• The following Key Exchange setting determines how
often the keys are changed.
• Both Dynamic and Static keys can be used simulta-
neously, allowing clients using either method to use
the Access Point.
30
Key Exchange
Static WEP Key
(EAP-MD5)
WEP Key Enter the WEP key according to the WEP Key Size
WEP Key Index
This setting if only available if using Dynamic WEP Keys.
If you want the Dynamic WEP keys to be updated regularly, enable this and enter the desired lifetime (in
minutes).
Enable this if some wireless clients use a fixed (static)
WEP key, using EAP-MD5.
Note that both Dynamic and Static keys can be used
simultaneously, allowing clients using either method to
use the Access Point.
setting above. Wireless stations must use the same key.
Select the desired index value. Wireless stations must use
the same key index.
6.3 Radius Server Settings
Clicking the Radius Server Settings link on the Wireless menu will result in a screen
like the following.
31
Data - Radius Server Settings Screen
Authentication Server
Primary Authentication Server
Port Number
Shared Secret
Secondary Authentication Server
Accounting Server
Primary Accounting
Server
Port Number
Shared Secret
Secondary Accounting Server
Enter the name or IP address of the Radius Server on
your network.
Enter the port number used for connections to the Radius
Server.
Enter the key value to match the Radius Server.
The Secondary Authentication Server will be used when
the Primary Authentication Server is not available.
Enter the IP address in the following fields if you want this
Access Point to send accounting data to the Radius
Server.
The port used by your Radius Server must be entered in
the field.
Enter the key value to match the Radius Server.
The Secondary Accounting Server will be used when the
Primary Accounting Server is not available.
6.4 Access Control
This feature can be used to block access to your LAN by unknown or entrusted wireless stations.
Click Access Control on the Wireless menu to view a screen like the following.
32
Data - Access Control Screen
Access Control
Local Trusted
Stations
Buttons
Modify List
Select the desired option, as required
• Disabled - The Access Control feature is disabled.
• Local - Select Allow only following MAC addresses or Deny
following MAC addresses.
• Radius - The Access Point will use the MAC address table
located on the external Radius server on the LAN for Access
Control.
Warning ! Ensure your own PC is in the "Trusted Wireless
Stations" list before enabling this feature.
This table lists any Wireless Stations you have designated as
"Trusted". If you have not added any stations, this table will be
empty. For each Wireless station, the following data is displayed:
• Name - the name of the Wireless station.
• MAC Address - the MAC or physical address of each
Wireless station.
• Connected - this indicates whether or not the Wireless
station is currently associates with this Access Point.
To change the list of Trusted Stations (Add, Edit, or Delete a
Wireless Station or Stations), click this button. You will then see
the Trusted Wireless Stations screen, described below.
Read from File
Write to File
To upload a list of Trusted Stations from a file on your PC, click
this button.
To download the current list of Trusted Stations from the Access
Point to a file on your PC, click this button.
Trusted Wireless Stations
To change the list of trusted wireless stations, use the Modify List button on the Access Control screen. You will see a screen like the sample below.
33
Data - Trusted Wireless Stations
Trusted Wireless
Stations
Other Wireless
Stations
Name
Address
Buttons
<<
>>
Select All
This lists any Wireless Stations which you have designated
as “Trusted”.
This list any Wireless Stations detected by the Access Point,
which you have not designated as "Trusted".
The name assigned to the Trusted Wireless Station. Use this
when adding or editing a Trusted Station.
The MAC (physical) address of the Trusted Wireless Station.
Use this when adding or editing a Trusted Station.
Add a Trusted Wireless Station to the list (move from the
"Other Stations" list).
• Select an entry (or entries) in the "Other Stations" list,
and click the " << " button.
• Enter the Address (MAC or physical address) of the
wireless station, and click the "Add " button.
Delete a Trusted Wireless Station from the list (move to the
"Other Stations" list).
• Select an entry (or entries) in the "Trusted Stations" list.
• Click the " >> " button.
Select all of the Stations listed in the "Other Stations" list.
Select None
Edit
Add
Clear
De-select any Stations currently selected in the "Other Stations" list.
To change an existing entry in the "Trusted Stations" list,
select it and click this button.
7. Select the Station in the "Trusted Station" list.
8. Click the "Edit" button. The address will be copied to the
"Address" field, and the "Add" button will change to "Update".
9. Edit the address (MAC or physical address) as required.
10. Click "Update" to save your changes.
To add a Trusted Station which is not in the "Other Wireless
Stations" list, enter the required data and click this button.
Clear the Name and Address fields.
34
6.5 Advanced Setting
Clicking the Advanced Settings link on the Wireless menu will result in a screen like
the following.
Data - Advanced Settings Screen
Options
Worldwide Mode
(802.11d)
WMM
Enable WMM Support
No Acknowledgement
Parameters
Disassociated Timeout
Fragmentation
Length
Beacon Interval
Enable this setting if you wish to use this mode, and your
Wireless stations support this mode.
Check this to enable WMM (Wi-Fi Multimedia) support in
the Access Point. If WMM is also supported by your
wireless clients, voice and multimedia traffic will be given
a higher priority than other traffic.
If enabled, then WMM acknowledgement is disabled.
Depending on the environment, disabling acknowledgement may increase throughput slightly.
This determines how quickly a Wireless Station will be
considered "Disassociated" with this AP, when no traffic is
received. Enter the desired time period.
Enter the preferred setting between 256 and 2346. Normally, this can be left at the default value.
Enter the preferred setting between 20 and 1000. Normally, this can be left at the default value.
35
RTS/CTS Threshold
Preamble Type
802.11b Protection
Mode
Enter the preferred setting between 1 and 2347. Normally,
this can be left at the default value.
Select the desired option. The default is "Long". The
"Short" setting takes less time when used in a good environment.
The Protection system is intended to prevent older
802.11b devices from interfering with 802.11g transmissions. (Older 802.11b devices may not be able to detect
that a 802.11g transmission is in progress.) Normally, this
should be left at "Auto".
36 37
6.6 Wi-Fi Protected Setup
Click WiFi Protected Setup on the Wireless menu to view a screen like the following:.
Data - WPS Screen
WPS
Use one of the
following..
Change AP
Settings
WPS Status
Network Name
Security
Passphrase
• If the first option is selected, press the WPS button on the
• If the second option is selected, enter the PIN code from the
• If the third option is selected, enter the displayed PIN code
Enter the desired pin value manually or click the Auto generate
button to have the new pin code displayed in the field.
It displays the current WPS status.
It displays the network name in use.
The current security method is displayed.
The current status of Passphrase is displayed.
client device, then click the Push button.
client device in this field and click Register button.
to the client device.
Chapter 7
Management
7.1 Basic Settings
The Admin Login screen allows you to assign a password to the WNAP-3000PE. This
password limits access to the configuration interface. The default password is pass-
word. It is recommended to change it for security consideration.
Data - Admin Login Screen
Login
User Name
Change Admin Password
New Password
Repeat New Password
Admin Connections
Allow Admin connections via wired
Ethernet only
Enter the login name for the Administrator.
If you wish to change the Admin password, check this
field and enter the new login password in the fields
below.
Enter the desired login password.
Re-enter the desired login password.
If checked, then Admin connections via the Wireless
interface will not be accepted.
38
Enable HTTP
HTTP Port Number
Enable HTTPS
HTTPS Port Number
Enable Telnet
Enable this to allow admin connections via HTTP. If
enabled, you must provide a port number in the field
below. Either HTTP or HTTPS must be enabled.
Enter the port number to be used for HTTP connections
to this device. The default value is 80.
Enable this to allow admin connections via HTTPS
(secure HTTP). If enabled, you must provide a port
number in the field below. Either HTTP or HTTPS must
be enabled.
Enter the port number to be used for HTTPS connections to this device. The default value is 443.
If desired, you can enable this option. If enabled, you will
able to connect to this AP using a Telnet client. You will
have to provide the same login data (user name, password) as for a HTTP (Web) connection.
7.2 Auto Config/Update
The Auto Config/Update screen provides two features:
• Auto Config - The Access Point will configure itself by copying data from another
(compatible) Access Point.
• Auto Update - The Access Point will update it Firmware by downloading the
Firmware file from your FTP Server.
39
Data - Auto Config/Update Screen
Admin Connections
Perform Auto Configuration on this AP next
restart
Respond to Autoconfiguration request
by other AP
Provide login name
and password
If checked, this AP will perform Auto Configuration the
next time it restarts.
• The wired LAN (NOT the Wireless LAN) will be
searched for compatible APs.
• If a compatible AP is found, its configuration is
copied. If more than one compatible AP exists,
the first one found is used.
• Some data cannot be copied:
o The IP address is not copied, and will
not change.
o The operating mode (Repeater, Bridge,
etc) is not copied, and will not change.
Note: This checkbox is automatically disabled, so the
Auto-configuration is only performed once.
If checked, this AP will respond to "Auto Configuration"
requests it receives. If not checked, "Auto Configuration"
requests will be ignored.
If enabled, the login name and password on this AP is
supplied to the AP making the Auto-configuration request. If disabled, the AP making the Auto-configuration
request will keep its existing login name and password.
Provide "Respond to
Auto-configuration"
setting
Auto Update
Check for Firmware
upgrade
If enabled, the "Respond to Auto-configuration" setting
on this AP is supplied to the AP making the Autoconfiguration request. If disabled, the AP making the
Auto-configuration request will keep its existing setting.
If enabled, this AP will check to see if a Firmware (FW)
upgrade is available on the specified FTP Server. If
enabled:
• Enter the desired time interval (in days) between
checks.
• Select the desired option for installation (see next
item).
• Provide the FTP server information.
40
Install...
FTP Server address
Firmware pathname
FTP Login Name
FTP Password
Select the desired option:
• Install FW if different version found
If selected, and the firmware file at the specified location is different to the current installed version, the
FW will be installed. This allows "Downgrades" - installing an older version of the FW to replace the
current version.
• Install later version only
If selected, the firmware file at the specified location
will only be installed if it is a later version.
Enter the address (domain name or IP address) of the
FTP Server.
Enter the full path (including the FW filename) to the FW
file on the FTP Server.
Enter the login name required to gain access to the FTP
Server.
Enter the password for the login name above.
7.3 Config File
This screen allows you to Backup (download) the configuration file, and to restore
(upload) a previously saved configuration file.
You can also set the WNAP-3000PE back to its factory default settings.
To reach this screen, select Config File in the Management section of the menu.
41
Data - Config File Screen
Backup
Save a copy of
current settings
Restore
Restore saved
settings from a file
Defaults
Revert to factory
default settings
Once you have the WNAP-3000PE working properly, you
should back up the settings to a file on your computer. You
can later restore the settings from this file, if necessary.
To create a backup file of the current settings:
• Click Back Up.
• If you don't have your browser set up to save
To restore settings from a backup file:
1. Click Browse.
2. Locate and select the previously saved backup file.
3. Click Restore
To erase the current settings and restore the original factory default settings, click Set to Defaults button.
Note:
• This will terminate the current connection. The WNAP-
• By default, the WNAP-3000PE will act as a DHCP
downloaded files automatically, locate where you want
to save the file, rename it if you like, and click Save.
3000PE will be unavailable until it has restarted.
client, and automatically obtain an IP address. You will
need to determine its new IP address in order to reconnect.
42
7.4 SNMP
SNMP (Simple Network Management Protocol) is only useful if you have a SNMP
program on your PC. To reach this screen, select SNMP in the Management section
of the menu.
Data - SNMP Screen
General
Enable SNMP
Community
Access Rights
Managers
Any Station
Only this station
Traps
Disable
Broadcast
Use this to enable or disable SNMP as required
Enter the community string, usually either "Public" or "Private".
Select the desired option:
• Read-only - Data can be read, but not changed.
• Read/Write - Data can be read, and setting changed.
The IP address of the manager station is not checked.
The IP address is checked, and must match the address you
enter in the IP address field provided.
If selected, you must enter the IP address of the required
station.
Traps are not used.
Select this to have Traps broadcast on your network. This
makes them available to any PC.
43
Send to
Trap version
Select this to have Trap messages sent to the specified PC
only. If selected, you must enter the IP Address of the desired
PC.
Select the desired option, as supported by your SNMP Management program.
44
7.5 Log Settings
If you have a Syslog Server on your LAN, this screen allows you to configure the
Access Point to send log data to your Syslog Server.
Figure 2: Syslog Settings Screen
Data - Syslog Settings Screen
Syslog Server
Server Name/IP Address
Minimum Severity
Level
Email Alerts
Email Alerts
Log Queue Length
Select the desired Option:
• Disable - Syslog server is not used.
• Broadcast - Syslog data is broadcast. Use this
option if different PCs act as the Syslog server at
different times.
• Unicast - Select this if the same PC is always used
as the Syslog server. If selected, you must enter the
server address in the field provided.
Enter the name or IP address of your Syslog Server.
Select the desired severity level. Events with a severtiy
level equal to or higher (i.e. lower number) than the
selected level will be logged.
If enabled, an e-mail will be sent. If enabled, the e-mail
address information (below) must be provided.
Enter the desired length of the log queue. The default is
20 entries.
45
Log Time Threshold
SMTP Mail Server
Email Address for
Alert Logs
E-mail Log Now
Log
Email Alerts
Enter the preferred value between 60 and 600, which
determine how often the log will be emailed to you.
Normally, this can be left at the default value. The default is 600 seconds.
Enter the domain name or IP address of the SMTP
(Simple Mail Transport Protocol) server you use for
sending e-mails.
Enter the e-mail address the log is to be sent to.
Press this button to let the log to be e-mailed immediately.
Use these checkboxes to determine which events are
included in the log. Checking all options will increase the
size of the log, so it is good practice to disable any
events which are not really required.
• Unauthorized Login Attempt - If checked, the
unauthorized users who attempted to login to the
Access Point are logged.
• Authorized Login - If checked, this will log the
authorized login TO this Access Point.
• System Error Message - If checked, the system
error message will be logged.
• Configuration Changes - If checked, the changes
of configuration will be logged.
46
7.6 Upgrade Firmware
The firmware (software) in the Wireless Access Point can be upgraded using your
Web Browser.
You must first download the upgrade file, and then select Upgrade Firmware in the
Management section of the menu. You will see a screen like the following.
To perform the Firmware Upgrade:
1. Click the Browse button and navigate to the location of the upgrade file.
2. Select the upgrade file. Its name will appear in the Upgrade File field.
3. Click the Upgrade button to commence the firmware upgrade.
Note: The WNAP-3000PE is unavailable during the upgrade process, and must
restart when the upgrade is completed. Any connections to or through the WNAP3000PE will be lost.
47
Chapter 8
PC and Server configuration
8.1 Overview
All Wireless Stations need to have settings which match the Wireless Access Point.
These settings depend on the mode in which the WNAP-3000PE is being used.
• If using WEP or WPA-PSK, it is only necessary to ensure that each Wireless
station's settings match those of the WNAP-3000PE, as described below.
• For WPA-802.1x and 802.1x modes, configuration is much more complex. The
Radius Server must be configured correctly, and setup of each Wireless station is
also more complex.
8.2 Using WEP
For each of the following items, each Wireless Station must have the same settings as
the WNAP-3000PE.
Mode On each PC, the mode must be set to Infrastructure.
SSID (ESSID)
This must match the value used on the WNAP-3000PE.
The default value is wireless
Note: The SSID is case sensitive.
Wireless
Security
• Each Wireless station must be set to use WEP data encryp-
tion.
• The Key size (64 bit, 128 bit, 152 bit) must be set to match the
WNAP-3000PE.
• The keys values on the PC must match the key values on the
WNAP-3000PE.
Note:
On some systems, the key sizes may be shown as 40bit, 104bit,
and 128bit instead of 64 bit, 128 bit and 152bit. This difference
arises because the key input by the user is 24 bits less than the
key size used for encryption.
8.3 Using WPA-PSK
For each of the following items, each Wireless Station must have the same settings as
the WNAP-3000PE.
Mode On each PC, the mode must be set to Infrastructure.
SSID (ESSID)
This must match the value used on the WNAP-3000PE.
The default value is wireless
Wireless
Note: The SSID is case sensitive.
On each client, Wireless security must be set to WPA-PSK.
48
Security
• The Pre-shared Key entered on the WNAP-3000PE must
also be entered on each Wireless client.
• The Encryption method (e.g. TKIP, AES) must be set to
match the WNAP-3000PE.
8.4 Using WPA-802.1x
This is the most secure and most complex system.
802.1x mode provides greater security and centralized management, but it is more
complex to configure.
Wireless Station Configuration
For each of the following items, each Wireless Station must have the same settings as
the WNAP-3000PE.
Mode On each PC, the mode must be set to Infrastructure.
SSID (ESSID)
802.1x
Authentication
This must match the value used on the WNAP-3000PE.
The default value is wireless
Note: The SSID is case sensitive.
Each client must obtain a Certificate which is used for authentication for the Radius Server.
802.1x
Encryption
Typically, EAP-TLS is used. This is a dynamic key system, so
keys do NOT have to be entered on each Wireless station.
However, you can also use a static WEP key (EAP-MD5); the
WNAP-3000PE supports both methods simultaneously.
Radius Server Configuration
If using WPA-802.1x mode, the Radius Server on your network must be configured as
follow:
• It must provide and accept Certificates for user authentication.
• There must be a Client Login for the WNAP-3000PE itself.
• The WNAP-3000PE will use its Default Name as its Client Login name. (However,
your Radius server may ignore this and use the IP address instead.)
• The Shared Key, set on the Security Screen of the WNAP-3000PE, must match
the Shared Secret value on the Radius Server.
• Encryption settings must be correct.
8.5 802.1x Server Setup (Windows 2000 Server)
This section describes using Microsoft Internet Authentication Server as the Radius
Server, since it is the most common Radius Server available that supports the EAPTLS authentication method.
The following services on the Windows 2000 Domain Controller (PDC) are also required:
49
• dhcpd
• dns
• rras
• webserver (IIS)
• Radius Server (Internet Authentication Service)
• Certificate Authority
Windows 2000 Domain Controller Setup
1. Run dcpromo.exe from the command prompt.
2. Follow all of the default prompts, ensure that DNS is installed and enabled during
installation.
Services Installation
1. Select the Control Panel - Add/Remove Programs.
2. Click Add/Remove Windows Components from the left side.
3. Ensure that the following components are activated (selected):
• Certificate Services. After enabling this, you will see a warning that the com-
puter cannot be renamed and joined after installing certificate services. Select
Yes to select certificate services and continue
• World Wide Web Server. Select World Wide Web Server on the Internet In-
formation Services (IIS) component.
• From the Networking Services category, select Dynamic Host Configuration
Protocol (DHCP), and Internet Authentication Service (DNS should already be
selected and installed).
4. Click Next.
5. Select the Enterprise root CA, and click Next.
50
6. Enter the information for the Certificate Authority, and click Next.
7. Click Next if you don't want to change the CA's configuration data.
8. Installation will warn you that Internet Information Services are running, and must
be stopped before continuing. Click Ok, then Finish.
DHCP server configuration
1. Click on the Start - Programs - Administrative Tools - DHCP
2. Right-click on the server entry as shown, and select New Scope.
51
3. Click Next when the New Scope Wizard Begins.
4. Enter the name and description for the scope, click Next.
5. Define the IP address range. Change the subnet mask if necessary. Click Next.
6. Add exclusions in the address fields if required. If no exclusions are required,
leave it blank. Click Next.
7. Change the Lease Duration time if preferred. Click Next.
8. Select Yes, I want to configure these options now, and click Next.
9. Enter the router address for the current subnet. The router address may be left
blank if there is no router. Click Next.
10. For the Parent domain, enter the domain you specified for the domain controller
setup, and enter the server's address for the IP address. Click Next.
52
11. If you don't want a WINS server, just click Next.
12. Select Yes, I want to activate this scope now. Click Next, then Finish.
13. Right-click on the server, and select Authorize. It may take a few minutes to
complete.
Certificate Authority Setup
1. Select Start - Programs - Administrative Tools - Certification Authority.
2. Right-click Policy Settings, and select New - Certificate to Issue.
53
3. Select Authenticated Session and Smartcard Logon (select more than one by
holding down the Ctrl key). Click OK.
4. Select Start - Programs - Administrative Tools - Active Directory Users and Com-
puters.
5. Right-click on your active directory domain, and select Properties.
54
6. Select the Group Policy tab, choose Default Domain Policy then click Edit.
7. Select Computer Configuration - Windows Settings - Security Settings - Public
Key Policies, right-click Automatic Certificate Request Settings - New - Automatic
Certificate Request.
8. When the Certificate Request Wizard appears, click Next.
55
9. Select Computer, then click Next.
10. Ensure that your certificate authority is checked, then click Next.
11. Review the policy change information and click Finish.
12. Click Start - Run, type cmd and press enter.
Enter secedit /refreshpolicy machine_policy
This command may take a few minutes to take effect.
Internet Authentication Service (Radius) Setup
1. Select Start - Programs - Administrative Tools - Internet Authentication Service
2. Right-click on Clients, and select New Client.
3. Enter a name for the access point, click Next.
4. Enter the IP address of the WNAP-3000PE, and set the shared secret, as entered
on the Security Profile screen of the WNAP-3000PE.
5. Click Finish.
6. Right-click on Remote Access Policies, select New Remote Access Policy.
7. Assuming you are using EAP-TLS, name the policy eap-tls, and click Next.
56
8. Click Add...
If you don't want to set any restrictions and a condition is required, select Day-
And-Time-Restrictions, and click Add...
9. Click Permitted, then OK. Select Next.
10. Select Grant remote access permission. Click Next.
11. Click Edit Profile... and select the Authentication tab. Enable Extensible Authenti-
cation Protocol, and select Smart Card or other Certificate. Deselect other
authentication methods listed. Click OK.
12. Select No if you don't want to view the help for EAP. Click Finish.
57
Grant Remote Access for Users
1. Select Start - Programs - Administrative Tools- Active Directory Users and Computers.
2. Double click on the user who you want to enable.
3. Select the Dial-in tab, and enable Allow access. Click OK.
8.6 802.1x Client Setup on Windows XP
Windows XP ships with a complete 802.1x client implementation. If using Windows
2000, you can install SP3 (Service Pack 3) to gain the same functionality.
If you don't have either of these systems, you must use the 802.1x client software
provided with your wireless adapter. Refer to the documentation of your wireless
adapter for setup instructions.
The following instructions assume that:
• You are using Windows XP
• You are connecting to a Windows 2000 server for authentication.
• You already have a login (User name and password) on the Windows 2000 server.
Client Certificate Setup
1. Connect to a network which doesn't require port authentication.
2. Start your Web Browser. In the Address box, enter the IP address of the Windows
2000 Server, followed by /certsrv
For example: http://192.168.0.2/certsrv
58
3. You will be prompted for a user name and password. Enter the User name and
Password assigned to you by your network administrator, and click OK.
4. On the first screen (below), select Request a certificate, click Next.
59
5. Select User certificate request and select User Certificate, the click Next.
6. Click Submit.
60
7. A message will be displayed, then the certificate will be returned to you.
Click Install this certificate.
8. . You will receive a confirmation message. Click Yes.
9. Certificate setup is now complete.
802.1x Authentication Setup
1. Open the properties for the wireless connection, by selecting Start - Control Panel
- Network Connections.
2. Right Click on the Wireless Network Connection, and select Properties.
61
3. Select the Authentication Tab, and ensure that Enable network access control
using IEEE 802.1X is selected, and Smart Card or other Certificate is selected
from the EAP type.
Encryption Settings
The Encryption settings must match the APs (WNAP-3000PE) on the Wireless network you want to join.
• Windows XP will detect any available Wireless networks, and allow you to config-
ure each network independently.
• Your network administrator can advise you of the correct settings for each net-
work. 802.1x networks typically use EAP-TLS. This is a dynamic key system, so
there is no need to enter key values.
Enabling Encryption
To enable encryption for a wireless network, follow this procedure:
62
1. Click on the Wireless Networks tab.
2. Select the wireless network from the Available Networks list, and click Configure.
3. Select and enter the correct values, as advised by your Network Administrator.
For example, to use EAP-TLS, you would enable Data encryption, and click the
checkbox for the setting: The key is provided for me automatically, as shown below.
Setup for Windows XP and 802.1x client is now complete.
63
8.7 Using 802.1x Mode (without WPA)
The procedures are similar to using WPA-802.1x.
The only difference is that on your client, you must NOT enable the setting: The key is
provided for me automatically.
Instead, you must enter the WEP key manually, ensuring it matches the WEP key
used on the Access Point.
Note:
On some systems, the "64 bit" WEP key is shown as "40 bit" and the "128 bit" WEP
key is shown as "104 bit". This difference arises because the key input by the user is
24 bits less than the key size used for encryption.
64
Appendix A
Troubleshooting
Problem 1: Can't connect to the WNAP-3000PE to configure it.
Solution 1:
Check the following:
• The WNAP-3000PE is properly installed, LAN connections are
OK, and it is powered ON. Check the LEDs for port status.
• Ensure that your PC and the WNAP-3000PE are on the same
network segment. (If you don't have a router, this must be the
case.)
• If your PC is set to "Obtain an IP Address automatically" (DHCP
client), restart it.
• You can use the following method to determine the IP address of
the WNAP-3000PE, and then try to connect using the IP address,
instead of the name.
To Find the Access Point's IP Address
4. Open a MS-DOS Prompt or Command Prompt Window.
5. Use the Ping command to “ping” the WNAP-3000PE. Enter ping
followed by the Default Name of the WNAP-3000PE.
e.g.
ping PL003318
6. Check the output of the ping command to determine the IP
address of the WNAP-3000PE.
If your PC uses a Fixed (Static) IP address, ensure that it is using an
IP Address which is compatible with the WNAP-3000PE. (If no DHCP
Server is found, the WNAP-3000PE will default to an IP Address and
Mask of 192.168.0.228 and 255.255.255.0.) On Windows PCs, you
can use Control Panel-Network to check the Properties for the
TCP/IP protocol.
Problem 2: My PC can't connect to the LAN via the WNAP-3000PE.
Solution 2
Check the following:
• The SSID and WEP settings on the PC match the settings on the
WNAP-3000PE.
• On the PC, the wireless mode is set to "Infrastructure"
• If using the Access Control feature, the PC's name and address
is in the Trusted Stations list.
• If using 802.1x mode, ensure the PC's 802.1x software is config-
ured correctly.
65
Appendix B Windows TCP/IP
Overview
Normally, no changes need to be made.
• By default, the Wireless Access Point will act as a DHCP client, automatically
obtaining a suitable IP Address (and related information) from your DHCP Server.
• If using Fixed (specified) IP addresses on your LAN (instead of a DHCP Server),
there is no need to change the TCP/IP of each PC. Just configure the Wireless
Access Point to match your existing LAN.
The following sections provide details about checking the TCP/IP settings for various
types of Windows, should that be necessary.
Checking TCP/IP Settings - Windows 9x/ME:
7. Select Control Panel - Network. You should see a screen like the following:
Figure 3: Network Configuration
8. Select the TCP/IP protocol for your network card.
66
9. Click on the Properties button. You should then see a screen like the following.
Figure 4: IP Address (Win 95)
Ensure your TCP/IP settings are correct, as follows:
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the
default Windows settings. To work correctly, you need a DHCP server on your LAN.
Using "Specify an IP Address"
If your PC is already configured for a fixed (specified) IP address, no changes are
required.
(The Administrator should configure the Wireless Access Point with a fixed IP address
from the same address range used on the PCs.)
67
Checking TCP/IP Settings - Windows NT4.0
1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP
protocol, as shown below.
Figure 5: Windows NT4.0 - TCP/IP
2. Click the Properties button to see a screen like the one below.
Figure 6: Windows NT4.0 - IP Address
3. Select the network card for your LAN.
68
4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or
Specify an IP Address, as explained below.
Obtain an IP address from a DHCP Server
This is the default Windows setting. This is the default Windows settings. To work
correctly, you need a DHCP server on your LAN.
Using "Specify an IP Address"
If your PC is already configured for a fixed (specified) IP address, no changes are
required.
(The Administrator should configure the Wireless Access Point with a fixed IP address
from the same address range used on the PCs.)
69
Checking TCP/IP Settings - Windows 2000
1. Select Control Panel - Network and Dial-up Connection.
2. Right click the Local Area Connection icon and select Properties. You should see
a screen like the following:
Figure 7: Network Configuration (Win 2000)
3. Select the TCP/IP protocol for your network card.
4. Click on the Properties button. You should then see a screen like the following.
Figure 8: TCP/IP Properties (Win 2000)
70
5. Ensure your TCP/IP settings are correct:
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the
default Windows setting. This is the default Windows settings. To work correctly, you
need a DHCP server on your LAN.
Using a fixed IP Address ("Use the following IP Address")
If your PC is already configured for a fixed (specified) IP address, no changes are
required.
(The Administrator should configure the Wireless Access Point with a fixed IP address
from the same address range used on the PCs.)
71
Checking TCP/IP Settings - Windows XP
1. Select Control Panel - Network Connection.
2. Right click the Local Area Connection and choose Properties. You should see a
screen like the following:
Figure 9: Network Configuration (Windows XP)
3. Select the TCP/IP protocol for your network card.
4. Click on the Properties button. You should then see a screen like the following.
Figure 10: TCP/IP Properties (Windows XP)
72
5. Ensure your TCP/IP settings are correct.
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the
default Windows setting. To work correctly, you need a DHCP server on your LAN.
Using a fixed IP Address ("Use the following IP Address")
If your PC is already configured for a fixed (specified) IP address, no changes are
required.
(The Administrator should configure the Wireless Access Point with a fixed IP address
from the same address range used on the PCs.)
73
Checking TCP/IP Settings - Windows Vista
1. Select Control Panel - Network Connections.
2. Right click the Local Area Connection Status and choose Properties. Click Con-
tinue to the User Account Control dialog box, then you should see a screen like
the following:
Figure 11: Network Configuration (Windows Vista)
3. Select the TCP/IP protocol for your network card.
74
4. Click on the Properties button. You should then see a screen like the following.
Figure 12: TCP/IP Properties (Windows Vista)
5. Ensure your TCP/IP settings are correct.
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the
default Windows setting. To work correctly, you need a DHCP server on your LAN.
Using a fixed IP Address ("Use the following IP Address")
If your PC is already configured for a fixed (specified) IP address, no changes are
required.
(The Administrator should configure the Wireless Access Point with a fixed IP address
from the same address range used on the PCs.)
75
Appendix C
About Wireless LANs
Overview
Wireless networks have their own terms and jargon. It is necessary to understand
many of these terms in order to configure and operate a Wireless LAN.
Wireless LAN Terminology
Modes
Wireless LANs can work in either of two (2) modes:
• Ad-hoc
• Infrastructure
Ad-hoc Mode
Ad-hoc mode does not require an Access Point or a wired (Ethernet) LAN. Wireless Stations (e.g. notebook PCs with wireless cards) communicate directly with
each other.
Infrastructure Mode
In Infrastructure Mode, one or more Access Points are used to connect Wireless
Stations (e.g. Notebook PCs with wireless cards) to a wired (Ethernet) LAN. The
Wireless Stations can then access all LAN resources.
Access Points can only function in "Infrastructure" mode,
and can communicate only with Wireless Stations which are
set to "Infrastructure" mode.
SSID/ESSID
BSS/SSID
A group of Wireless Stations and a single Access Point, all using the same ID
(SSID), form a Basic Service Set (BSS).
Using the same SSID is essential. Devices with different SSIDs are unable to
communicate with each other. However, some Access Points allow connections
from Wireless Stations which have their SSID set to “any” or whose SSID is blank
( null ).
ESS/ESSID
A group of Wireless Stations, and multiple Access Points, all using the same ID
(ESSID), form an Extended Service Set (ESS).
76
Different Access Points within an ESS can use different Channels. To reduce interference, it is recommended that adjacent Access Points SHOULD use different
channels.
As Wireless Stations are physically moved through the area covered by an ESS,
they will automatically change to the Access Point which has the least interference
or best performance. This capability is called Roaming. (Access Points do not
have or require Roaming capabilities.)
Channels
The Wireless Channel sets the radio frequency used for communication.
• Access Points use a fixed Channel. You can select the Channel used. This allows
you to choose a Channel which provides the least interference and best performance. For 802.11g, 13 channels are available in the USA and Canada., but
11channels are available in North America if using 802.11b.
• If using multiple Access Points, it is better if adjacent Access Points use different
Channels to reduce interference. The recommended Channel spacing between
adjacent Access Points is 5 Channels (e.g. use Channels 1 and 6, or 6 and 11).
• In "Infrastructure" mode, Wireless Stations normally scan all Channels, looking for
an Access Point. If more than one Access Point can be used, the one with the
strongest signal is used. (This can only happen within an ESS.)
• If using "Ad-hoc" mode (no Access Point), all Wireless stations should be set to
use the same Channel. However, most Wireless stations will still scan all Channels to see if there is an existing "Ad-hoc" group they can join.
WEP
WEP (Wired Equivalent Privacy) is a standard for encrypting data before it is transmitted. This is desirable because it is impossible to prevent snoopers from receiving any
data which is transmitted by your Wireless Stations. But if the data is encrypted, then
it is meaningless unless the receiver can decrypt it.
If WEP is used, the Wireless Stations and the Wireless Access Point must have
the same settings.
WPA-PSK
Like WEP, data is encrypted before transmission. WPA is more secure than WEP,
and should be used if possible. The PSK (Pre-shared Key) must be entered on each
Wireless station. The 256Bit encryption key is derived from the PSK, and changes
frequently.
WPA2-PSK
This is a further development of WPA-PSK, and offers even greater security, using the
AES (Advanced Encryption Standard) method of encryption.
77
WPA-Enterprise
This version of WPA requires a Radius Server on your LAN to provide the client
authentication according to the 802.1x standard. Data transmissions are encrypted
using the WPA standard.
If this option is used:
• The Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data when
required.
All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
802.1x
This uses the 802.1x standard for client authentication, and WEP for data encryption.
If possible, you should use WPA-Enterprise instead, because WPA encryption is
much stronger than WEP encryption.
If this option is used:
• The Access Point must have a "client login" on the Radius Server.
• Each user must have a "user login" on the Radius Server.
• Each user's wireless client must support 802.1x and provide the login data when
required.
• All data transmission is encrypted using the WEP standard. You only have to
select the WEP key size; the WEP key is automatically generated.
78
Appendix D
Command Line Interface
Overview
If desired, the Command Line Interface (CLI) can be used for configuration. This
creates the possibility of creating scripts to perform common configuration changes.
The CLI requires a Telnet connection to the Wireless Access Point.
Using the CLI - Telnet
1. Start your Telnet client, and establish a connection to the Access Point.
e.g.
Telnet 192.168.0.228
2. You will be prompted for the user name and password. Enter the same login
name and password as used for the HTTP (Web) interface.
The default values are admin for the User Name, and password for the Password.
3. Once connected, you can use any of the commands listed in the following Com-
mand Reference.
Command Reference
The following commands are available.
config vap Config Virtual AP X
? Display CLI Command List
help Display CLI Command List
get 11nampdu Set 11n A-MPDU Aggregation Mode
get 11namsdu Set 11n A-MSDU Aggregation Mode
get 11nguardinterval Set 11n Guard Interval Mode
get 11nsubchannel Set 11n Extension Sub-Channel
get 11nradioband Set 11n Radio Band
get 802.11d Display 802.11d Mode
get acctserver Display Accounting Server
get acctport Display Accounting Port
get acctsecret Display Accounting Secret
get acl Display Access Control Status
get active Display VAP Active (up) Mode
get aging Display Idle Timeout Interval
get authentication Display Authentication Type of WEP
79
get beaconinterval Display Beacon Interval
get channel Display Radio Channel
get country Display Country/Domain
get defaultkey Display Default Key Index
get description Display Access Point Description
get dhcp Display DHCP Mode
get dhcpserverendip Display DHCP Server End IP Address
get dhcpserverstartip Display DHCP Server start IP Address
get dnsserver Display IP Address of DNS Server
get
ate Mode Display 802.1x Dynamic Key Upd
dot1xdynkeyupdate
get dot1xdynkeylife Display 802.1x Dynamic Key Life Time (in Minutes)
get dot1xkeytype Display 802.1x Distribute Key Method
get fragthreshold Display Fragment Threshold
get gateway Display Gateway IP Address
get gtkupdate Display Group Key Update Mode
get gtkupdateinterval Display Group Key Update Interval (in Seconds)
get http Display HTTP Mode
get httpport Display HTTP Port Number
get https Display HTTPS Mode
get httpsport Display HTTPS Port Number
get ipaddr Display IP Address
get ipmask Display IP Subnet Mask
get isolation l APs State Display Isolate All Virtua
get key Display WEP Key Value
get keylength Display WEP Key Length
get lltd Display LLTD Mode
get md5supplicant Supplicant Mode Display 802.1x MD5
get md5suppname Display 802.1x Supplicant MD5 Name
get md5supppassword Display 802.1x Supplicant MD5 Password
get md5supptype Display 802.1x MD5 Supplicant Type
get nativevlanid Display Native VLAN ID
get ntp Display NTP Server IP Address
get operationmode Display Operation Mode
get password Display Login Password
80
get psk Display Pre-shared Key
get radiusserver Display RADIUS Server IP Address
get radiusport umber Display RADIUS Port N
get radiussecret Display RADIUS Shared Secret
get remoteptmp Display PTMP's Remote MAC Address List
get remoteptp Display PTP's Remote MAC Address
get roguedetect Display Rogue AP Detection Mode
get rogueinteval Display Interval of Every Rogue AP Detection
get roguelegal Display Legal AP List of Legal AP
get roguetrap Display Rogue AP Detection Send SNMP Trap Mode
get roguetype Display Rogue AP Definition
get rtsthreshold Display RTS/CTS Threshold
get security Display Wireless Security Mode
get shortpreamble Display Short Preamble Usage
get snmpreadcommu-
Display SNMP Read Community
nity
get snmpwritecomm
u- Display SNMP Write Community
nity
get snmpmode Display SNMP Mode
get snmpman-
Display SNMP Manager Mode
agemode
get snmptrapmode Display SNMP Trap Mode
get snmptrapversion Display SNMP Trap Version
get snmpv3username Display SNMP v3 User Name
get snmpv3authproto ation Protocol Display SNMP v3 Authentic
get snmpv3authkey tion Key Display SNMP v3 Authentica
get snmpv3privproto Display SNMP v3 Private Protocol
get snmpv3privkey Display SNMP v3 Private Key
get ssid Display Service Set ID
get ssidbroadcast Display SSID Broadcast Mode
get stp Display STP Mode
get strictgtkupdate Display Group Key Update Strict Status
get syslog Display Syslog Mode
get syslogport Display Syslog Port
get syslogserver Display Unicast Syslog Server Address
get syslogseverity Display Syslog Severity Level
81
get systemname int System Name Display Access Po
get telnet Display Telnet Mode
get time Display Current System Time
get timezone Display Time Zone Setting
get uptime Display Access Point Up Time
get username Display Login User Name
get vapname Display Virtual AP Name
get version Display Firmware Version
get vlan Display VLAN Operational State
get vlanid Display the VLAN ID
get wirelessmode Display Wireless LAN Mode
get wirelessseparate Display Wireless Seprate Mode
get wmm Display WMM Mode
get wmmnoack Display WMM No Acknowledgement status
set 11nampdu Set 11n A-MPDU Aggregation Mode
set 11namsdu Set 11n A-MSDU Aggregation Mode
set 11nguardinterval Set 11n Guard Interval Mode
set 11nsubchannel Set 11n Extension Sub-Channel
set 11nradioband Set 11n Radio Band
set 802.11d Set 802.11d Mode
set acctserver Set Accounting Server
set acctport Set Accounting Port
set acctsecret Set Accounting Secret
set acl Set Access Control
set active Set Active (up) Mode
set aging Set Idle Timeout Interval
set authentication Set Authentication Type of WEP
set beaconinterval Set Beacon Interval
set channel Set Radio Channel
set country Set Country/Domain
set defaultkey ex Set Default Key Ind
set description Set Access Point Description
set dhcp Set DHCP Mode
set dhcpserverendip Set DHCP Server End IP Address
set dhcpserverstartip Set DHCP Server start IP Address
82
set dnsserver Set DNS Server IP Address
set
Set 802.1x Dynamic Key Update Mode
dot1xdynkeyupdate
set dot1xdynkeylife Set 802.1x Dynamic Key Life Time (in Minutes)
set dot1xkeytype ethod Set 802.1x Distribute Key M
set fragthreshold Set Fragment Threshold
set gateway Set Gateway IP Address
set groupkeyupdate Set Group Key Update Mode
set groupkeyupdatein-
Set Group Key Update Interval (in Minutes)
terval
set http Set HTTP Mode
set httpport Set HTTP Port Number
set https Set HTTPS Enable/Disable
set httpsport Set HTTPS Port Number
set ipaddr Set IP Address
set ipmask Set IP Subnet Mask
set isolation Set Isolate All Virtual APs State
set key Set WEP Key Value
set keylength Set WEP Key Length
set lltd Set LLTD Mode
set md5supplicant Set 802.1x MD5 Supplicant Mode
set md5suppname Set 802.1x Supplicant MD5 Name
set md5supppassword Set 802.1x Supplicant MD5 Password
set md5supptype Set 802.1x MD5 Supplicant Type
set nativevlanid Set Native VLAN ID
set ntp Set NTP Server IP Address
set operationmode Set operation Mode
set password Modify Login Password
set psk Key Modify Pre-shared
set radiusserver Set RADIUS IP Address
set radiusport Set RADIUS Port Number
set radiussecret Set RADIUS Shared Secret
set remoteptmp AC Address List Set PTMP's Remote M
set remoteptp Set Remote PTP MAC Address
set roguedetect Set Rogue AP Detection Mode
set rogueinteval Set Interval of Rogue AP Detection(Range: 3 ~ 99)
83
set roguelegal Add/Delete Legal AP MAC/OUI
set roguesnmp Set Rogue AP Detection SNMP Trap Mode
set roguetype Set Rogue AP Definition
set rtsthreshold Set RTS/CTS Threshold
set security Set Wireless Security Mode
set shortpreamble Set Short Preamble
set snmpreadcommu-
Set SNMP Read Community
nity
set snmpwritecommu-
Set SNMP Write Community
nity
set snmpmode Set SNMP Mode
set snmpman-
r Mode Set SNMP Manage
agemode
set snmptrapmode Set SNMP Trap Mode
set snmptrapversion Set SNMP Trap Version
set snmpv3username Set SNMP v3 User Name
set snmpv3authproto ion Protocol Set SNMP v3 Authenticat
set snmpv3authkey Set SNMP v3 Authentication Key
set snmpv3privproto Set SNMP v3 Private Protocol
set snmpv3privkey Set SNMP v3 Private Key
set ssid Set Service Set ID
set ssidsuppress Set SSID Broadcast Mode
set stp Set STP Mode
set strictgtkupdate tus Set Group Key Update Strict Sta
set syslog Set Syslog Mode
set syslogport Set Syslog Port
set syslogserver g Server Address Set Unicast Syslo
set syslogseverity Set Syslog Severity Level
set systemname int System Name Set Access Po
set telnet Set Telnet Mode
set timezone Set Time Zone Setting
set username ser Name Modify Login U
set vlan Set VLAN Operational State
set vlanid Set the VLAN Tag
set wirelessmode Set Wireless LAN Mode
set wirelessseparate prate Mode Set Wireless Se
84
set wmm Set WMM Mode
set wmmnoack Set WMM No Acknowledge
factoryrestore Restore to Default Factory Settings
apply To make the changes take effect
exit Quit the telnet
85
Loading...