Copyrightã 2005 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of
PLANET.
PLANET makes no representations or warranties, either expressed or implied, with respect
to the contents hereof and specifically disclaims any warranties, merchantability or fitness for
any particular purpose. Any software described in this manual is sold or licensed "as is".
Should the programs prove defective following their purchase, the buyer (and not this company, its distributor, or its dealer) assumes the entire cost of all necessary servicing, repair,
and any incidental or consequential damages resulting from any defect in the software. Further, this company reserves the right to revise this publication and to make changes from
time to time in the contents hereof without obligation to notify any person of such revision or
changes..
All brand and product names mentioned in this manual are trademarks and/or registered
trademarks of their respective holders.
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular installation. If
this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and receiver.
3. Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
4. Consult the dealer or an experienced radio technician for help.
FCC Caution:
To assure continued compliance.(example-use only shielded interface cables when connecting to computer or peripheral devices). Any changes or modifications not expressly approved
by the party responsible for compliance could void the user ’s authority to operate the equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the Following
two conditions: (1) This device may not cause harmful interference, and (2 ) this Device must
accept any interference received, including interference that may cause undesired operation.
Federal Communication Commission (FCC) Radiation Exposure
Statement
This equipment complies with FCC radiation exposure set forth for an uncontrolled environment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits,
human proximity to the antenna shall not be less than 20 cm(8 inches) during normal operation.
ii
R&TTE Compliance Statement
This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE
EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and
telecommunication terminal Equipment and the mutual recognition of their conformity
(R&TTE)
The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications
Terminal Equipment and Satellite Earth Station Equipment) As of April 8,2000.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it.
However, special attention must be paid to the dangers of electric shock and static electricity
when working with electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment.
Revision
User’s Manual for PLANET 802.11g Wireless LAN Managed Access Point
WAP-4060PE is an IEEE 802.11g Wireless Access Point with PoE. Catering to the enterprise
demands, WAP-4060PE enhances security and management features, including multiple
SSIDs, VLAN support, WPA support, RADIUS MAC authentication, rogue AP detection, and so
on. The LAN port of WAP-4060PE is 802.3af compliant. Therefore, it can be installed anywhere
without the constraint on power socket. Provided with one reversed-polarity SMA male connector, WAP-4060PE is easy to connect external antenna and booster to extend the wireless
distance.
1.1 Package Contents
Make sure that you have the following items:
n WAP-4060PE
n Dipole Antenna
n Quick Installation Guide
n User’s manual CD-ROM
n Power Adapter
Note:
If any of the above items are missing, contact y
possible.
1.2 System Requirements
Before installation, please check the following requirements with your equipment.
n Pentium Based (And Above) IBM-Compatible PC System
n CD-ROM drive
n Windows 98/ME/2000/XP Operating System with TCP/IP protocol
1.3 Features
n Wireless LAN IEEE802.11g and IEEE802.11b compliant
n Support PoE port (IEEE802.3af compliant)
n Support IEEE802.11d standard (Worldwide mode)
n Strong network security with 802.1X authentication, and 64/128-bit WEP encryption
n Supports WPA (Wi-Fi Protected Access) for both 802.1x and WPA-PSK
n One detachable reverse-polarity SMA connectors can connect to external antenna for
expanding connection distance
n Super G mode efficiently raises the data transfer rate up to 108Mbps
n Five operation modes selectable: AP / AP Client / Wireless Bridge / Multiple Bridge / Re-
peater
n Adjustable output power level
n Support Multiple SSIDs, Multiple SSID isolation, 802.1Q VLAN, RADIUS MAC authentica-
tion, Rogue AP detection, Access Control
1
n Provide Windows-base utility, Web, and CLI (Command Line Interface) Configuration
n SNMP support
1.4 Physical Details
Front panel
STATUS On - Error condition.
Off - Normal operation.
Blinking - During start up, and when the Firmware is being upgraded.
POWER On - Normal operation.
Off - No power
LAN On - The LAN (Ethernet) port is active.
Off - No active connection on the LAN (Ethernet) port.
Flashing - Data is being transmitted or received via the correspond-
ing LAN (Ethernet) port.
WLAN On - Idle
Off - Error- Wireless connection is not available.
Flashing - Data is being transmitted or received via the Wireless
access point. Data includes "network traffic" as well as user data.
Rear panel
ANT
CONSOLE
RESET Button
One dipole antenna is supplied. Best results are usually obtained
with the antenna in a vertical position.
DB9 female RS232 port.
This button has two (2) functions:
· Reboot. When pressed and released, the WAP-4060PE will
· Reset to Factory Defaults. This button can also be used to
reboot (restart).
clear ALL data and restore ALL settings to the factory default
values.
To Clear All Data and restore the factory default values:
1. Power Off the WAP-4060PE.
2. Hold the Reset Button down while you Power On the device.
2
3. Continue holding the Reset Button until the Status (Red) LED
blinks TWICE.
4. Release the Reset Button.
The factory default configuration has now been restored, and
the WAP-4060PE is ready for use.
LAN (PoE)
Use a standard LAN cable (RJ45 connectors) to connect this port
to a 10BaseT or 100BaseT hub on your LAN.
Power port
Connect the supplied power adapter here.
1.5 Specification
Standard
Signal Type
Modulation
Port
Antenna Connector
Output Power
IEEE 802.11b, 802.11g
DSSS (Direct Sequence Spread Spectrum)
OFDM with BPSK, QPSK, 16QAM, 64QAM, DBPSK, DQPSK,
CCK
The following information will help you utilizing the wireless performance, and operating coverage of WAP-4060PE.
1. Site selection
To avoid interferences, please locate WAP-4060PE and wireless clients away from transformers, microwave ovens, heavy-duty motors, refrigerators, fluorescent lights, and other
industrial equipments. Keep the number of walls, or ceilings between AP and clients as
few as possible; otherwise the signal strength may be seriously reduced. Place WAP4060PE in open space or add additional WAP-4060PE as needed to improve the coverage.
2. Environmental factors
The wireless network is easily affected by many environmental factors. Every environment is unique with different obstacles, construction materials, weather, etc. It is hard to
determine the exact operating range of WAP-4060PE in a specific location without testing.
3. Antenna adjustment
The bundled antenna of WAP-4060PE is adjustable. Firstly install the antenna pointing
straight up, then smoothly adjust it if the radio signal strength is poor. But the signal reception is definitely weak in some certain areas, such as location right down the antenna.
4
Moreover, the original antenna of WAP-4060PE can be replaced with other external antennas to extend the coverage. Please check the specification of the antenna you want to
use, and make sure it can be used on WAP-4060PE.
4. WLAN type
If WAP-4060PE is installed in an 802.11b and 802.11g mixed WLAN, its performance will
reduced significantly. Because every 802.11g OFDM packet needs to be preceded by an
RTS-CTS or CTS packet exchange that can be recognized by legacy 802.11b devices.
This additional overhead lowers the speed. If there are no 802.11b devices connected, or
if connections to all 802.11b devices are denied so that WAP-4060PE can operate in
11g-only mode, then its data rate should actually 54Mbps and 108Mbps in Super G mode.
5
2
Chapter 2
Installation
2.1 General Installation
Before you proceed with the installation, it is necessary that you have enough information about the WAP-4060PE.
1. Locate an optimum location for the WAP-4060PE. The best place for your WAP4060PE is usually at the center of your wireless network, with line of sight to all of your
mobile stations.
2. Assemble the antenna to WAP-4060PE. Try to place them to a position that can best
cover your wireless network. The antenna’s position will enhance the receiving sensitivity.
3. Connect RJ-45 cable to WAP-4060PE. Connect this WAP-4060PE to your LAN
switch/hub or a single PC.
4. Plug in power adapter and connect to power source. After power on, WAP-4060PE
will start to operate.
Note: ONLY use the power adapter supplied with the WAP-4060PE. Otherwise, the
product may be damaged.
2.2 Using PoE (Power over Ethernet)
The LAN port of WAP-4060PE supports PoE. Before you proceed with the PoE installation, please make sure the PoE adapter or switch is 802.3af compliant.
1. Do not connect the supplied power adapter to the WAP-4060PE.
2. Connect one end of a standard (category 5) LAN cable to the Ethernet port on the WAP-
4060PE.
3. Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE
Adapter or switch. (IEEE 802.3af compliant)
4. Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch.
5. Connect the power supply to the PoE adapter and power up.
6. Check the LEDs on the WAP-4060PE to see it is drawing power via the Ethernet
connection.
6
3
Chapter 3
Access Point Setup
3.1 Overview
This chapter describes the setup procedure to make the WAP-4060PE a valid device
on your LAN, and to function as an Access Point for your Wireless Stations.
The WAP-4060PE can be configured using either the supplied Windows utility or the
Web Browser
3.2 Setup using the Windows Utility
A simple Windows setup utility is supplied on the CD-ROM. This utility can be used to assign a
suitable IP address to the WAP-4060PE. Using this utility is recommended, because it can
locate the WAP-4060PE even if it has an invalid IP address.
1. Insert the User’s Manual and Utility CD into the CD-ROM drive.
2. Once the menu screen appears, click on the “WAP-4060PE Manager” hyperlink for
installation. If the menu screen does not appear, you can click the Start button and
choose Run. When the dialog box appears, enter E:\Utility\setup.exe (Assume “E” is
your CD-ROM drive). Follow the prompts to complete the installation.
3. After the installation completes, you can start this utility from “Start”>”Program
Files”>”Planet”>”WAP-4060PE Manager”.
3.2.1 Main Screen
When the utility is executed, it searches the network for all active WAP-4060PE, and lists them
on screen, as shown by the example below.
Wireless Access Points
The main panel displays a list of all Wireless Access Points found on the network. For each
Access Point, the following data is shown:
Name
The device name of the WAP-4060PE.
7
IP address
MAC Address
IEEE Standard
FW Version
Description
Note: If the desired device is not listed, check that the device is installed and powered on, then
update the list by clicking the Refresh button.
The IP address for the WAP-4060PE.
The hardware or physical address of the WAP-4060PE.
The wireless standard or standards used by the WAP-4060PE (e.g.
802.11b, 802.11g)
The current Firmware version installed in the WAP-4060PE.
Any extra information for the WAP-4060PE, entered by the administrator.
Buttons
Refresh
Detail Info
Web Management
Set IP Address
Exit
Click this button to update the Wireless Access Point device listing
after changing the name or IP Address.
When clicked, additional information about the selected device will
be displayed.
Use this button to connect to the WAP-4060PE ’s Web-based
management interface.
Click this button if you want to change the IP Address of the Wireless Access Point.
Exit the Management utility program by clicking this button.
3.2.2 Setup Procedure
1. Select the desired Wireless Access Point from the list.
2. Click the Set IP Address button.
3. If prompted, enter the user name and password. The default values are “admin” for the
User Name, and “password” for the Password.
4. Ensure the IP address, Network Mask, and Gateway settings are correct for your LAN.
Save any changes.
5. The initial IP address setup is now completed. You can click on the “Web Management” button to access the web interface of WAP-4060PE for more configurations.
3.3 Setup using a Web Browser
Your Browser must support JavaScript. The configuration program has been tested on the
following browsers:
· Netscape V4.08 or later
· Internet Explorer V4 or later
3.3.1 Setup Procedure
Before proceeding, please install the WAP-4060PE in your LAN, as described previously.
1. Use a PC which is already connected to your LAN, and start the Web browser.
2. In the Address box, enter the IP address of the WAP-4060PE you want to cobnfigure.
3. You should then see a login prompt, which will ask for a User Name and Password.
Enter admin for the User Name, and password for the Password.
8
These are the default values. The password can and should be changed. Always
enter the current user name and password, as set on the Admin Login screen.
4. You will then see the Status screen, which displays the current settings and status.
No data input is possible on this screen.
5. From the menu, check the following screens, and configure as necessary for your
environment. Details of these screens and settings are described in the following
subsections of this chapter.
· Access Control - MAC level access control.
· Security Profiles - Wireless security.
· System - Identification, location, and Network settings
· Wireless - Basic & Advanced
6. You may also need to set the admin password and administration connection
options. These are on the Admin Login screen accessed from the Management
menu. See Chapter 6 for details of the screens and features available on the
Management menu.
7. Use the Apply/Restart button on the menu to apply your changes and restart the
Wireless Access Point.
If you can't connect:
It is likely that your PC’s IP address is incompatible with the WAP-4060PE’s
IP address. This can happen if your LAN does not have a DHCP Server.
The default IP address of the Wireless Access Point is 192.168.0.228, with
a Network Mask of 255.255.255.0.
If your PC’s IP address is not compatible with this, you must change your
PC’s IP address to an unused value in the range 192.168.0.1 ~
192.168.0.254, with a Network Mask of 255.255.255.0.
9
3.4 Access Control
This feature allows you to block certain access from unknown or distrusted wireless
stations.
Click Access Control on the menu to view a screen like the following.
Data - Access Control Screen
Enable
Trusted Stations
Buttons
Modify List
Read from File
Write to File
Use this checkbox to Enable or Disable this feature as desired.
Warning: Ensure your own PC is in the "Trusted Wireless Stations" list before enabling this feature.
This table lists any Wireless Stations you have designated as
"Trusted". If you have not added any stations, this table will be
empty. For each Wireless station, the following data is displayed:
· MAC Address - the MAC or physical address of each Wireless station.
· Connected - this indicates whether or not the Wireless station is currently associates with this Access Point.
To change the list of Trusted Stations (Add, Edit, or Delete a
Wireless Station or Stations), click this button. You will then see
the Trusted Wireless Stations screen, described below.
To upload a list of Trusted Stations from a file on your PC, click
this button.
To download the current list of Trusted Stations from the WAP4060PE to a file on your PC, click this button.
3.4.1 Trusted Wireless Stations
To change the list of trusted wireless stations, use the Modify List button on the Access Control screen. You will see a screen like the sample below.
10
Data - Trusted Wireless Stations
Trusted Wireless
Stations
Other Wireless
Stations
Name
Address
Buttons
<<
>>
Select All
Here lists ass Wireless Stations which you have designated
as “Trusted”.
Here lists all Wireless Stations detected by the WAP-4060PE,
which you have not designated as "Trusted".
The name assigned to the Trusted Wireless Station. Use this
when adding or editing a Trusted Station.
The MAC (physical) address of the Trusted Wireless Station.
Use this when adding or editing a Trusted Station.
Add a Trusted Wireless Station (move from the "Other Stations" list).
· Select an entry (or entries) in the "Other Stations" list, and
click the " << " button.
· Enter the Address (MAC or physical address) of the
wireless station, and click the "Add " button.
Delete a Trusted Wireless Station from the list (move to the
"Other Stations" list).
· Select an entry (or entries) in the "Trusted Stations" list.
· Click the " >> " button.
Select all of the Stations listed in the "Other Stations" list.
Select None
Edit
De-select any Stations currently selected in the "Other Stations" list.
To change an existing entry in the "Trusted Stations" list,
select it and click this button.
1. Select the Station in the "Trusted Station" list.
2. Click the "Edit" button. The address will be copied to the
"Address" field, and the "Add" button will change to "Update".
3. Edit the address (MAC or physical address) as required.
4. Click "Update" to save your changes.
11
Add
Clear
To add a Trusted Station which is not in the "Other Wireless
Stations" list, enter the required data and click this button.
Clear the Name and Address fields.
3.5 Security Profiles
Security Profiles contain the SSID and all the security settings of this WAP-4060PE.
· Up to eight (8) Security Profiles can be defined.
· Up to four (4) Security Profiles can be enabled at one time, allowing up to 4 differ-
ent SSIDs to be used simultaneously.
12
Data - Security Profiles Screen
Profile
Profile List
Buttons
All available profiles are listed. For each profile, the following
data is displayed:
· * (star sign)
If displayed before the name of the profile, this indicates
the profile is currently enabled. If not displayed, the profile
is currently disabled.
· Profile Name
The current profile name is displayed.
· [SSID]
The current SSID associated with this profile.
· Security System
The current security system (e.g. WPA-PSK) is displayed.
· [Frequency Band]
The Wireless Band (2.4 GHz) for this profile is displayed.
· Enable - enable the selected profile.
· Configure - change the settings for the selected profile.
· Disable - disable the selected profile.
Primary Profile
802.11b/g AP
Mode
Select the primary profile for 802.11b and 802.11g AP mode.
Only enabled profiles are listed. The SSID associated with
this profile will be broadcast if the "Broadcast SSID" setting on
the Basic screen is enabled.
13
802.11b/g Bridge
Mode
Isolation
None
Isolate all
Use VLAN
Select the primary profile for 802.11b and 802.11g Bridge
Mode. This setting determines the SSID and security settings
used for the Bridge connection to the remote AP.
If this option is selected, wireless clients using different profiles (different SSIDs) are not isolated, so they will be able to
communicate with each other.
If this option is selected, wireless clients using different profiles (different SSIDs) are isolated from each other, so they
will NOT be able to communicate. They will still be able to
communicate with other clients using the same profile, unless
the "Wireless Separation" setting on the "Advanced" screen
has been enabled.
This option is only useful if the hubs/switches on your LAN
support the VLAN (802.1Q) standard.
When VLAN is used, you must select the desired VLAN for
each security profile when configuring the profile. (If VLAN is
not selected, the VLAN setting for each profile is ignored.)
Click the Configure VLAN button to configure the IDs used by
each VLAN. See below for further details.
3.5.1 VLAN Configuration Screen
This screen is accessed via the Configure VLAN button on the Security Profiles screen.
· The settings on this screen will be ignored unless the Use VLAN option on the
Security Profiles screen is selected.
· If using the VLAN option, these setting determine which VLAN traffic is assigned to.
14
Data - VLAN Configuation Screen
VLAN – Client Traffic
Profile
VLAN ID
VLAN – AP Traffic
No VLAN Tag
Replicate…
Each profile is listed, whether currently enabled or not. You can
assign traffic from each profile (SSID) to a different VLAN if desired. To assign multiple profiles to the same VLAN, just enter the
same VLAN ID for each profile.
Enter the desired VLAN ID, as used on your network. IDs must be
in the range 1 ~ 4095. These IDs must match the IDs used by
other network devices.
Traffic generated by this AP will not have a VLAN tag (no VLAN
ID).
If selected, each packet generated by this AP will be sent over
each active VLAN, as defined in the client VLAN table above. This
requires that each packet be replicated (up to 8 times). This has a
detrimental effect on performance, so should only be used if
necessary.
15
Specified
VLAN ID
If selected, you can enter the desired VLAN ID. Normally, this ID
should be one of the client VLAN IDs defined above.
3.6 Configure Security Profile
This screen is displayed when you select a Profile on the Security Profiles screen, and
click the Configure button.
3.6.1 Profile Data
Enter the desired settings for each of the following:
Profile Name
SSID
Wireless Band
Enter a suitable name for this profile.
Enter the desired SSID. Each profile must have an unique
SSID.
Displays the wireless band for this profile.
3.6.2 Security Settings
Select the desired option, and then enter the settings for the selected method.
The available options are:
· None - No security is used. Anyone using the correct SSID can connect to your
network.
· WEP - The 802.11b standard. Data is encrypted before transmission, but the
encryption system is not very strong.
· WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more
secure than WEP, and should be used if possible. The PSK (Pre-shared Key)
must be entered on each Wireless station. The 256Bit encryption key is derived
from the PSK, and changes periodically.
· WPA-802.1x - This version of WPA requires a Radius Server on your LAN to
provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.
16
If this option is selected:
· This WAP-4060PE must have a "client login" on the Radius Server.
· Each user must have a "user login" on the Radius Server.
· Each user's wireless client must support 802.1x and provide the login data
when required.
· All data transmission is encrypted using the WPA standard. Keys are automatically generated, so no key input is required.
· 802.1x - This uses the 802.1x standard for client authentication, and WEP for data
encryption. If possible, you should use WPA-802.1x instead, because WPA encryption is much stronger than WEP encryption.
If this option is selected:
· This WAP-4060PE must have a "client login" on the Radius Server.
· Each user must have a "user login" on the Radius Server.
· Each user's wireless client must support 802.1x and provide the login data
when required.
· All data transmission is encrypted using the WEP standard. You only have to
select the WEP key size; the WEP key is automatically generated.
3.6.3 Security Settings - None
No security is used. Anyone using the correct SSID can connect to your network.
The only settings available from this screen are Radius MAC Authentication and
UAM (Universal Access Method).
3.6.4 Radius MAC Authentication
Radius MAC Authentication provides for MAC address checking which is centralized
on your Radius server. If you don't have a Radius Server, you cannot use this feature.
Using MAC authentication
5. Ensure the WAP-4060PE can login to your Radius Server.
· Add a RADIUS client on the RADIUS server, using the IP address or name of
the WAP-4060PE, and the same shared key as pre-configured.
· Ensure the WAP-4060PE has the correct address, port number, and shared
key for login to your Radius Server. These parameters are entered either on
17
the Security page, or the Radius-based MAC authentication sub-screen, depending on the security method used.
· On the WAP-4060PE, enable the Radius-based MAC authentication feature
on the screen below.
6. Add Users on the Radius server as required. The username must be the MAC
address of the Wireless client you wish to allow, and the password must be blank.
7. When clients try to associate with the WAP-4060PE, their MAC address is passed
to the Radius Server for authentication.
· If successful, “xx:xx:xx:xx:xx:xx MAC authentication” is entered in the log, and
client station status would show as “authenticated” on the station list table;
· If not successful, “xx:xx:xx:xx:xx:xx MAC authentication failed” is entered in
the log, and station status is shown as “authenticating” on the station list table.
Radius-based MAC authentication Screen
This screen will look different depending on the current security setting. If you have
already provided the address of your Radius server, you won't be prompted for it again.
Otherwise, you must enter the details of your Radius Server on this screen.
Data - Radius-based MAC Authentication Screen
Enable ...
Radius Server
Address
Radius Port
Client Login
Name
Shared Key
WEP Key
Enable this if you want to use Radius-based MAC authentication.
If this field is visible, enter the name or IP address of the Radius Server on your network.
If this field is visible, enter the port number used for connections to the Radius Server.
If this field is visible, it displays the name used for the Client
Login on the Radius Server. This Login name must be created
on the Radius Server.
If this field is visible, it is used for the Client Login on the Radius Server. Enter the key value to match the value on the
Radius Server.
If this field is visible, it is for the WEP key used to encrypt data
transmissions to the Radius Server. Enter the desired key
value in HEX, and ensure the Radius Server has the same
value.
18
WEP Key Index
If this field is visible, select the desired key index. Any value
can be used, provided it matches the value on the Radius
Server.
3.6.5 UAM
UAM (Universal Access Method) is intended for use in Internet cafes, Hot Spots, and
other sites where the WAP-4060PE is used to provide Internet Access.
If enabled, then HTTP (TCP, port 80) connections are checked. (UAM only works on
HTTP connections; all other traffic is ignored.) If the user has not been authenticated,
Internet access is blocked, and the user is re-directed to another web page. Typically,
this web page is on your Web server, and explains how to pay for and obtain Internet
access.
To use UAM, you need a Radius Server for Authentication. The "Radius Server Setup"
must be completed before you can use UAM. The required setup depends on whether
you are using “Internal” or “External” authentication.
· Internal authentication uses the web page built in the WAP-4060PE.
· External authentication uses a web page on your Web server. Generally, you
should use External authentication, as this allows you to provide relevant and helpful information to users.
UAM authentication - Internal
1. Ensure the WAP-4060PE can login to your Radius Server.
· Add a RADIUS client on RADIUS server, using the IP address or name of the
WAP-4060PE, and the same shared key as pre-configured.
· Ensure the WAP-4060PE has the correct address, port number, and shared
key for login to your Radius Server. These parameters are entered either on
the Security page, or the UAM sub-screen, depending on the security method
used.
2. Add users on your RADIUS server as required, and allow access by these users.
3. Client PCs must have the correct Wireless settings in order to associate with the
WAP-4060PE.
4. When an associated client tries to use HTTP (TCP, port 80) connections, they will
be re-directed to a user login page.
5. The client (user) must then enter the user name and password, as defined on the
Radius Server. (You must provide some system to let users know the correct
name and password to use.)
6. If the user name and password is correct, Internet access is allowed. Otherwise,
the user remains on the login page.
· Clients which pass the authentication are listed as “xx:xx:xx:xx:xx:xx WEB au-
thentication” in the log table, and station status would show as “Authenticated”
on the station list table.
· If a client fails authentication, “xx:xx:xx:xx:xx:xx WEB authentication failed”
shown in the log, and station status is shown as “Authenticating” on the station list table.
UAM authentication - External
1. Ensure the WAP-4060PE can login to your Radius Server.
· Add a RADIUS client on RADIUS server, using the IP address or name of the
WAP-4060PE, and the same shared key as pre-configured.
19
· Ensure the WAP-4060PE has the correct address, port number, and shared
key for login to your Radius Server. These parameters are entered either on
the Security page, or the UAM sub-screen, depending on the security method
used.
2. On your Web Server, create a suitable welcome page. The welcome page must
have a link or button to allow the user to input their user name and password on
the uamlogon.htm page on the WAP-4060PE.
3. On the WAP-4060PE’s UAM screen, select External Web-based Authentication,
and enter the URL for the welcome page on your Web server.
4. Add users on your RADIUS server as required, and allow access by these users.
5. Client PCs must have the correct Wireless settings in order to associate with the
WAP-4060PE.
6. When an associated client tries to use HTTP (TCP, port 80) connections, they will
be re-directed to the welcome page on your Web Server.
7. The client (user) must then enter the user name and password, as defined on the
Radius Server. (You must provide some system to let users know the correct
name and password to use.)
8. If the user name and password is correct, Internet access is allowed.
Otherwise, the user remains on the login page.
· Clients which pass the authentication are listed as “xx:xx:xx:xx:xx:xx WEB au-
thentication” in the log table, and station status would show as “Authenticated”
on the station list table.
· If a client fails authentication, “xx:xx:xx:xx:xx:xx WEB authentication failed” is
shown in the log, and station status is shown as “Authenticating” on the station list table.
UAM Screen
The UAM screen will look different depending on the current security setting. If you
have already provided the address of your Radius server, you won't be prompted for it
again.
20
Data - UAM Screen
Enable
Internal
Web-based
Authentication
External
Web-based
Authentication
Login URL
Login Failure
URL
Enable this if you want to use this feature. See the section above
for details of using UAM.
If selected, then when a user first tries to access the Internet,
they will be blocked, and re-directed to the built-in login page.
The logon data is then sent to the Radius Server for authentication.
If selected, then when a user first tries to access the Internet,
they will be blocked, and re-directed to the URL below. This
needs to be on your own local Web Server. The page must also
link back to the built-in login page on this device to complete the
login procedure.
Enter the URL of the page on your local Web Server. When
users attempt to access the Internet, they will see this page, but
are not logged in.
Enter the URL of the page on your local Web Server you wish
users to see if their login fails. (This may be the same URL as
the Login URL).
3.6.6 Security Settings - WEP
This is the 802.11b standard. Data is encrypted before transmission, but the encryption
system is not very strong.
21
Data - WEP Screen
WEP
Data
Encryption
Authentication
Key Input
Key Value
Select the desired option, and ensure your Wireless stations
have the identical setting:
· 64 Bit Encryption - Keys are 10 Hex (5 ASCII) characters.
· 128 Bit Encryption - Keys are 26 Hex (13 ASCII) charac-
· 152 Bit Encryption - Keys are 32 Hex (16 ASCII) charac-
Normally, you can leave this at “Automatic”, so that Wireless
Stations can use either method ("Open System" or "Shared
Key".).
If you wish to use a particular method, select the appropriate
value - "Open System" or "Shared Key". All Wireless stations
must then be set to use the same method.
Select "Hex" or "ASCII" depending on your input method. (All
keys are converted to Hex, ASCII input is only for convenience.)
Enter the key values you want to use. The default key, selected
by the radio button, is required. The other keys are optional.
Other stations must have matching key values.
ters.
ters.
22
Loading...
+ 62 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.