Planet Technology WAP-4060PE User Manual

54/108Mbps Super G Wireless LAN
Managed Access Point
WAP-4060PE
Users Manual
Copyrightã 2005 by PLANET Technology Corp. All rights reserved. No part of this publica­tion may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechani­cal, magnetic, optical, chemical, manual or otherwise, without the prior written permission of PLANET.
PLANET makes no representations or warranties, either expressed or implied, with respect to the contents hereof and specifically disclaims any warranties, merchantability or fitness for any particular purpose. Any software described in this manual is sold or licensed "as is". Should the programs prove defective following their purchase, the buyer (and not this com­pany, its distributor, or its dealer) assumes the entire cost of all necessary servicing, repair, and any incidental or consequential damages resulting from any defect in the software. Fur­ther, this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes..
All brand and product names mentioned in this manual are trademarks and/or registered trademarks of their respective holders.
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital de­vice, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment gener­ates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and receiver.
3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
4. Consult the dealer or an experienced radio technician for help.
FCC Caution:
To assure continued compliance.(example-use only shielded interface cables when connect­ing to computer or peripheral devices). Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equip­ment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the Following two conditions: (1) This device may not cause harmful interference, and (2 ) this Device must accept any interference received, including interference that may cause undesired operation.
Federal Communication Commission (FCC) Radiation Exposure Statement
This equipment complies with FCC radiation exposure set forth for an uncontrolled environ­ment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less than 20 cm(8 inches) during normal opera­tion.
ii
R&TTE Compliance Statement
This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal Equipment and the mutual recognition of their conformity (R&TTE)
The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) As of April 8,2000.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this and of the computer manufac­ture must therefore be allowed at all times to ensure the safe use of the equipment.
Revision
Users Manual for PLANET 802.11g Wireless LAN Managed Access Point
Model: WAP-4060PE
Rev: 1.0 (January, 2005)
Part No. EM-WAP4060
iii
TABLE OF CONTENTS
CHAPTER 1 INTRODUCTION..........................................................................1
1.1 Package Contents...........................................................................................1
1.2 System Requirements....................................................................................1
1.3 Features...........................................................................................................1
1.4 Physical Details...............................................................................................2
1.5 Specification....................................................................................................3
1.6 Wireless Performance....................................................................................4
CHAPTER 2 INSTALLATION...........................................................................6
2.1 General Installation.........................................................................................6
2.2 Using PoE (Power over Ethernet)..................................................................6
CHAPTER 3 ACCESS POINT SETUP..............................................................7
3.1 Overview..........................................................................................................7
3.2 Setup using the Windows Utility...................................................................7
3.2.1 Main Screen.............................................................................................7
3.2.2 Setup Procedure......................................................................................8
3.3 Setup using a Web Browser..........................................................................8
3.3.1 Setup Procedure......................................................................................8
3.4 Access Control..............................................................................................10
3.4.1 Trusted Wireless Stations......................................................................10
3.5 Security Profiles............................................................................................12
3.5.1 VLAN Configuration Screen...................................................................14
3.6 Configure Security Profile............................................................................16
3.6.1 Profile Data............................................................................................16
3.6.2 Security Settings....................................................................................16
3.6.3 Security Settings - None........................................................................17
3.6.4 Radius MAC Authentication...................................................................17
3.6.5 UAM.......................................................................................................19
3.6.6 Security Settings - WEP.........................................................................21
3.6.7 Security Settings - WPA-PSK................................................................23
3.6.8 Security Settings - WPA-802.1x.............................................................24
3.6.9 Security Settings - 802.1x......................................................................27
3.7 System Screen..............................................................................................29
3.8 2.4GHz Wireless............................................................................................30
3.8.1 Basic Settings Screen............................................................................30
3.8.2 Advanced Settings.................................................................................33
CHAPTER 4 PC AND SERVER CONFIGURATION.......................................36
4.1 Overview........................................................................................................36
4.2 Using WEP.....................................................................................................36
4.3 Using WPA-PSK............................................................................................36
4.4 Using WPA-802.1x.........................................................................................37
4.5 802.1x Server Setup (Windows 2000 Server).............................................37
4.5.1 Windows 2000 Domain Controller Setup...............................................38
4.5.2 Services Installation...............................................................................38
4.5.3 DHCP server configuration....................................................................39
4.5.4 Certificate Authority Setup.....................................................................41
4.5.5 Internet Authentication Service (Radius) Setup.....................................44
4.5.6 Grant Remote Access for Users............................................................45
4.6 802.1x Client Setup on Windows XP...........................................................46
4.6.1 Client Certificate Setup..........................................................................46
i
4.6.2 802.1x Authentication Setup..................................................................49
4.7 Using 802.1x Mode (without WPA)..............................................................52
CHAPTER 5 OPERATION AND STATUS......................................................53
5.1 Operation.......................................................................................................53
5.2 Status Screen................................................................................................53
5.3.1 Statistics Screen....................................................................................55
5.3.2 Profile Status..........................................................................................56
5.3.3 Activity Log.............................................................................................57
5.3.4 Station List.............................................................................................58
CHAPTER 6 MANAGEMENT..........................................................................59
6.1 Overview........................................................................................................59
6.2 Admin Login Screen.....................................................................................59
6.3 Auto Config/Update......................................................................................60
6.4 Config File......................................................................................................62
6.5 Log Settings (Syslog)...................................................................................64
6.6 Rogue APs.....................................................................................................64
6.7 SNMP..............................................................................................................65
6.8 Upgrade Firmware.........................................................................................67
APPENDIX A SPECIFICATIONS...................................................................68
APPENDIX B TROUBLESHOOTING............................................................70
APPENDIX C COMMAND LINE INTERFACE...............................................71
C.1 Using the CLI - Telnet..................................................................................71
C.2 Using the CLI - Serial Port...........................................................................71
C.3 Command Reference....................................................................................72
ii
our supplier as soon as
1
Chapter 1
Introduction
WAP-4060PE is an IEEE 802.11g Wireless Access Point with PoE. Catering to the enterprise demands, WAP-4060PE enhances security and management features, including multiple SSIDs, VLAN support, WPA support, RADIUS MAC authentication, rogue AP detection, and so on. The LAN port of WAP-4060PE is 802.3af compliant. Therefore, it can be installed anywhere without the constraint on power socket. Provided with one reversed-polarity SMA male connec­tor, WAP-4060PE is easy to connect external antenna and booster to extend the wireless distance.

1.1 Package Contents

Make sure that you have the following items:
n WAP-4060PE
n Dipole Antenna
n Quick Installation Guide
n Users manual CD-ROM
n Power Adapter
Note:
If any of the above items are missing, contact y possible.

1.2 System Requirements

Before installation, please check the following requirements with your equipment.
n Pentium Based (And Above) IBM-Compatible PC System
n CD-ROM drive
n Windows 98/ME/2000/XP Operating System with TCP/IP protocol

1.3 Features

n Wireless LAN IEEE802.11g and IEEE802.11b compliant
n Support PoE port (IEEE802.3af compliant)
n Support IEEE802.11d standard (Worldwide mode)
n Strong network security with 802.1X authentication, and 64/128-bit WEP encryption
n Supports WPA (Wi-Fi Protected Access) for both 802.1x and WPA-PSK
n One detachable reverse-polarity SMA connectors can connect to external antenna for
expanding connection distance
n Super G mode efficiently raises the data transfer rate up to 108Mbps
n Five operation modes selectable: AP / AP Client / Wireless Bridge / Multiple Bridge / Re-
peater
n Adjustable output power level
n Support Multiple SSIDs, Multiple SSID isolation, 802.1Q VLAN, RADIUS MAC authentica-
tion, Rogue AP detection, Access Control
1
n Provide Windows-base utility, Web, and CLI (Command Line Interface) Configuration
n SNMP support

1.4 Physical Details

Front panel
STATUS On - Error condition.
Off - Normal operation.
Blinking - During start up, and when the Firmware is being upgraded.
POWER On - Normal operation.
Off - No power
LAN On - The LAN (Ethernet) port is active.
Off - No active connection on the LAN (Ethernet) port.
Flashing - Data is being transmitted or received via the correspond-
ing LAN (Ethernet) port.
WLAN On - Idle
Off - Error- Wireless connection is not available.
Flashing - Data is being transmitted or received via the Wireless
access point. Data includes "network traffic" as well as user data.
Rear panel
ANT
CONSOLE
RESET Button
One dipole antenna is supplied. Best results are usually obtained with the antenna in a vertical position.
DB9 female RS232 port.
This button has two (2) functions:
· Reboot. When pressed and released, the WAP-4060PE will
· Reset to Factory Defaults. This button can also be used to
reboot (restart).
clear ALL data and restore ALL settings to the factory default values.
To Clear All Data and restore the factory default values:
1. Power Off the WAP-4060PE.
2. Hold the Reset Button down while you Power On the device.
2
3. Continue holding the Reset Button until the Status (Red) LED blinks TWICE.
4. Release the Reset Button. The factory default configuration has now been restored, and the WAP-4060PE is ready for use.
LAN (PoE)
Use a standard LAN cable (RJ45 connectors) to connect this port to a 10BaseT or 100BaseT hub on your LAN.
Power port
Connect the supplied power adapter here.

1.5 Specification

Standard
Signal Type
Modulation
Port
Antenna Connector
Output Power
IEEE 802.11b, 802.11g
DSSS (Direct Sequence Spread Spectrum)
OFDM with BPSK, QPSK, 16QAM, 64QAM, DBPSK, DQPSK, CCK
10/100Mbps RJ-45 port * 1, 802.3af compliant
Reverse SMA male * 1
18dBm
11 Mbps (CCK): -85dBm
5.5 Mbps (QPSK): - 89dBm
802.11b
1, 2 Mbps (BPSK): - 90dBm
(typically @PER < 8% packet size 1024 and @25ºC + 5ºC)
Sensitivity
Operating Mode
Security
54 Mbps: -72dBm
48 Mbps: - 72dBm
36 Mbps: -76dBm
24 Mbps: -79dBm
802.11g
AP, AP Client, Wireless Bridge, Multiple Bridge, Repeater
Open, shared, WPA, and WPA-PSK authentication
802.1x support
EAP-TLS, EAP-TTLS, PEAP
Block inter-wireless station communication
Block SSID broadcast
18 Mbps: -82dBm
12 Mbps: -86dBm
9 Mbps: -89dBm
6 Mbps: -90dBm
(typically @PER < 8% packet size 1024 and @25ºC + 5ºC)
3
Management
Data Rate
Dimensions (L x W x H)
Weight
Environmental Specification
Web based configuration
RADIUS Accounting
RADIUS-On feature
RADIUS Accounting update
CLI
Message Log
Access Control list file support
Configuration file Backup/Restore
Statistics support
Device discovery program
Windows Utility
Super G mode Up to 108Mbps
802.11g
802.11b Up to 11Mbps (1/2/5.5/11)
150 x 102 x 30mm
210g
Operating temperature: 0 – 40 degree C
Storage temperature: -20 – 70 degree C
Relative humanity: 0% – 90% (non-condensing)
Up to 54Mbps (6/9/12/18/24/36/48/54)
Power Requirement
Electromagnetic Compatibility
24V DC, 0.5A
FCC, CE

1.6 Wireless Performance

The following information will help you utilizing the wireless performance, and operating cov­erage of WAP-4060PE.
1. Site selection
To avoid interferences, please locate WAP-4060PE and wireless clients away from trans­formers, microwave ovens, heavy-duty motors, refrigerators, fluorescent lights, and other industrial equipments. Keep the number of walls, or ceilings between AP and clients as few as possible; otherwise the signal strength may be seriously reduced. Place WAP­4060PE in open space or add additional WAP-4060PE as needed to improve the cover­age.
2. Environmental factors
The wireless network is easily affected by many environmental factors. Every environ­ment is unique with different obstacles, construction materials, weather, etc. It is hard to determine the exact operating range of WAP-4060PE in a specific location without testing.
3. Antenna adjustment
The bundled antenna of WAP-4060PE is adjustable. Firstly install the antenna pointing straight up, then smoothly adjust it if the radio signal strength is poor. But the signal re­ception is definitely weak in some certain areas, such as location right down the antenna.
4
Moreover, the original antenna of WAP-4060PE can be replaced with other external an­tennas to extend the coverage. Please check the specification of the antenna you want to use, and make sure it can be used on WAP-4060PE.
4. WLAN type
If WAP-4060PE is installed in an 802.11b and 802.11g mixed WLAN, its performance will reduced significantly. Because every 802.11g OFDM packet needs to be preceded by an RTS-CTS or CTS packet exchange that can be recognized by legacy 802.11b devices. This additional overhead lowers the speed. If there are no 802.11b devices connected, or if connections to all 802.11b devices are denied so that WAP-4060PE can operate in 11g-only mode, then its data rate should actually 54Mbps and 108Mbps in Super G mode.
5
2
Chapter 2
Installation

2.1 General Installation

Before you proceed with the installation, it is necessary that you have enough informa­tion about the WAP-4060PE.
1. Locate an optimum location for the WAP-4060PE. The best place for your WAP­4060PE is usually at the center of your wireless network, with line of sight to all of your mobile stations.
2. Assemble the antenna to WAP-4060PE. Try to place them to a position that can best cover your wireless network. The antennas position will enhance the receiving sensitivity.
3. Connect RJ-45 cable to WAP-4060PE. Connect this WAP-4060PE to your LAN switch/hub or a single PC.
4. Plug in power adapter and connect to power source. After power on, WAP-4060PE will start to operate.
Note: ONLY use the power adapter supplied with the WAP-4060PE. Otherwise, the
product may be damaged.

2.2 Using PoE (Power over Ethernet)

The LAN port of WAP-4060PE supports PoE. Before you proceed with the PoE instal­lation, please make sure the PoE adapter or switch is 802.3af compliant.
1. Do not connect the supplied power adapter to the WAP-4060PE.
2. Connect one end of a standard (category 5) LAN cable to the Ethernet port on the WAP-
4060PE.
3. Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter or switch. (IEEE 802.3af compliant)
4. Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch.
5. Connect the power supply to the PoE adapter and power up.
6. Check the LEDs on the WAP-4060PE to see it is drawing power via the Ethernet
connection.
6
3
Chapter 3
Access Point Setup

3.1 Overview

This chapter describes the setup procedure to make the WAP-4060PE a valid device on your LAN, and to function as an Access Point for your Wireless Stations.
The WAP-4060PE can be configured using either the supplied Windows utility or the Web Browser

3.2 Setup using the Windows Utility

A simple Windows setup utility is supplied on the CD-ROM. This utility can be used to assign a suitable IP address to the WAP-4060PE. Using this utility is recommended, because it can locate the WAP-4060PE even if it has an invalid IP address.
1. Insert the Users Manual and Utility CD into the CD-ROM drive.
2. Once the menu screen appears, click on the WAP-4060PE Manager hyperlink for installation. If the menu screen does not appear, you can click the Start button and choose Run. When the dialog box appears, enter E:\Utility\setup.exe (Assume E is your CD-ROM drive). Follow the prompts to complete the installation.
3. After the installation completes, you can start this utility from Start>Program Files>Planet>WAP-4060PE Manager.
3.2.1 Main Screen
When the utility is executed, it searches the network for all active WAP-4060PE, and lists them on screen, as shown by the example below.
Wireless Access Points
The main panel displays a list of all Wireless Access Points found on the network. For each Access Point, the following data is shown:
Name
The device name of the WAP-4060PE.
7
IP address
MAC Address
IEEE Standard
FW Version
Description
Note: If the desired device is not listed, check that the device is installed and powered on, then
update the list by clicking the Refresh button.
The IP address for the WAP-4060PE.
The hardware or physical address of the WAP-4060PE.
The wireless standard or standards used by the WAP-4060PE (e.g.
802.11b, 802.11g)
The current Firmware version installed in the WAP-4060PE.
Any extra information for the WAP-4060PE, entered by the administrator.
Buttons
Refresh
Detail Info
Web Management
Set IP Address
Exit
Click this button to update the Wireless Access Point device listing after changing the name or IP Address.
When clicked, additional information about the selected device will be displayed.
Use this button to connect to the WAP-4060PE s Web-based management interface.
Click this button if you want to change the IP Address of the Wire­less Access Point.
Exit the Management utility program by clicking this button.
3.2.2 Setup Procedure
1. Select the desired Wireless Access Point from the list.
2. Click the Set IP Address button.
3. If prompted, enter the user name and password. The default values are admin for the User Name, and password for the Password.
4. Ensure the IP address, Network Mask, and Gateway settings are correct for your LAN. Save any changes.
5. The initial IP address setup is now completed. You can click on the Web Manage­ment button to access the web interface of WAP-4060PE for more configurations.

3.3 Setup using a Web Browser

Your Browser must support JavaScript. The configuration program has been tested on the
following browsers:
· Netscape V4.08 or later
· Internet Explorer V4 or later
3.3.1 Setup Procedure
Before proceeding, please install the WAP-4060PE in your LAN, as described previ­ously.
1. Use a PC which is already connected to your LAN, and start the Web browser.
2. In the Address box, enter the IP address of the WAP-4060PE you want to cobnfig­ure.
3. You should then see a login prompt, which will ask for a User Name and Password. Enter admin for the User Name, and password for the Password.
8
These are the default values. The password can and should be changed. Always enter the current user name and password, as set on the Admin Login screen.
4. You will then see the Status screen, which displays the current settings and status. No data input is possible on this screen.
5. From the menu, check the following screens, and configure as necessary for your environment. Details of these screens and settings are described in the following subsections of this chapter.
· Access Control - MAC level access control.
· Security Profiles - Wireless security.
· System - Identification, location, and Network settings
· Wireless - Basic & Advanced
6. You may also need to set the admin password and administration connection options. These are on the Admin Login screen accessed from the Management menu. See Chapter 6 for details of the screens and features available on the Management menu.
7. Use the Apply/Restart button on the menu to apply your changes and restart the Wireless Access Point.
If you can't connect:
It is likely that your PCs IP address is incompatible with the WAP-4060PE’s IP address. This can happen if your LAN does not have a DHCP Server. The default IP address of the Wireless Access Point is 192.168.0.228, with a Network Mask of 255.255.255.0.
If your PCs IP address is not compatible with this, you must change your PCs IP address to an unused value in the range 192.168.0.1 ~
192.168.0.254, with a Network Mask of 255.255.255.0.
9

3.4 Access Control

This feature allows you to block certain access from unknown or distrusted wireless stations.
Click Access Control on the menu to view a screen like the following.
Data - Access Control Screen
Enable
Trusted Sta­tions
Buttons
Modify List
Read from File
Write to File
Use this checkbox to Enable or Disable this feature as desired.
Warning: Ensure your own PC is in the "Trusted Wireless Sta­tions" list before enabling this feature.
This table lists any Wireless Stations you have designated as "Trusted". If you have not added any stations, this table will be empty. For each Wireless station, the following data is displayed:
· MAC Address - the MAC or physical address of each Wire­less station.
· Connected - this indicates whether or not the Wireless sta­tion is currently associates with this Access Point.
To change the list of Trusted Stations (Add, Edit, or Delete a Wireless Station or Stations), click this button. You will then see the Trusted Wireless Stations screen, described below.
To upload a list of Trusted Stations from a file on your PC, click this button.
To download the current list of Trusted Stations from the WAP­4060PE to a file on your PC, click this button.
3.4.1 Trusted Wireless Stations
To change the list of trusted wireless stations, use the Modify List button on the Ac­cess Control screen. You will see a screen like the sample below.
10
Data - Trusted Wireless Stations
Trusted Wireless Stations
Other Wireless Stations
Name
Address
Buttons
<<
>>
Select All
Here lists ass Wireless Stations which you have designated as Trusted.
Here lists all Wireless Stations detected by the WAP-4060PE, which you have not designated as "Trusted".
The name assigned to the Trusted Wireless Station. Use this when adding or editing a Trusted Station.
The MAC (physical) address of the Trusted Wireless Station. Use this when adding or editing a Trusted Station.
Add a Trusted Wireless Station (move from the "Other Sta­tions" list).
· Select an entry (or entries) in the "Other Stations" list, and click the " << " button.
· Enter the Address (MAC or physical address) of the wireless station, and click the "Add " button.
Delete a Trusted Wireless Station from the list (move to the "Other Stations" list).
· Select an entry (or entries) in the "Trusted Stations" list.
· Click the " >> " button.
Select all of the Stations listed in the "Other Stations" list.
Select None
Edit
De-select any Stations currently selected in the "Other Sta­tions" list.
To change an existing entry in the "Trusted Stations" list, select it and click this button.
1. Select the Station in the "Trusted Station" list.
2. Click the "Edit" button. The address will be copied to the "Address" field, and the "Add" button will change to "Up­date".
3. Edit the address (MAC or physical address) as required.
4. Click "Update" to save your changes.
11
Add
Clear
To add a Trusted Station which is not in the "Other Wireless Stations" list, enter the required data and click this button.
Clear the Name and Address fields.

3.5 Security Profiles

Security Profiles contain the SSID and all the security settings of this WAP-4060PE.
· Up to eight (8) Security Profiles can be defined.
· Up to four (4) Security Profiles can be enabled at one time, allowing up to 4 differ-
ent SSIDs to be used simultaneously.
12
Data - Security Profiles Screen
Profile
Profile List
Buttons
All available profiles are listed. For each profile, the following data is displayed:
· * (star sign) If displayed before the name of the profile, this indicates the profile is currently enabled. If not displayed, the profile is currently disabled.
· Profile Name The current profile name is displayed.
· [SSID] The current SSID associated with this profile.
· Security System The current security system (e.g. WPA-PSK) is displayed.
· [Frequency Band] The Wireless Band (2.4 GHz) for this profile is displayed.
· Enable - enable the selected profile.
· Configure - change the settings for the selected profile.
· Disable - disable the selected profile.
Primary Profile
802.11b/g AP Mode
Select the primary profile for 802.11b and 802.11g AP mode. Only enabled profiles are listed. The SSID associated with this profile will be broadcast if the "Broadcast SSID" setting on the Basic screen is enabled.
13
802.11b/g Bridge Mode
Isolation
None
Isolate all
Use VLAN
Select the primary profile for 802.11b and 802.11g Bridge Mode. This setting determines the SSID and security settings used for the Bridge connection to the remote AP.
If this option is selected, wireless clients using different pro­files (different SSIDs) are not isolated, so they will be able to communicate with each other.
If this option is selected, wireless clients using different pro­files (different SSIDs) are isolated from each other, so they will NOT be able to communicate. They will still be able to communicate with other clients using the same profile, unless the "Wireless Separation" setting on the "Advanced" screen has been enabled.
This option is only useful if the hubs/switches on your LAN support the VLAN (802.1Q) standard. When VLAN is used, you must select the desired VLAN for each security profile when configuring the profile. (If VLAN is not selected, the VLAN setting for each profile is ignored.) Click the Configure VLAN button to configure the IDs used by each VLAN. See below for further details.
3.5.1 VLAN Configuration Screen
This screen is accessed via the Configure VLAN button on the Security Profiles screen.
· The settings on this screen will be ignored unless the Use VLAN option on the Security Profiles screen is selected.
· If using the VLAN option, these setting determine which VLAN traffic is assigned to.
14
Data - VLAN Configuation Screen
VLAN – Client Traffic
Profile
VLAN ID
VLAN – AP Traffic
No VLAN Tag
Replicate
Each profile is listed, whether currently enabled or not. You can assign traffic from each profile (SSID) to a different VLAN if de­sired. To assign multiple profiles to the same VLAN, just enter the same VLAN ID for each profile.
Enter the desired VLAN ID, as used on your network. IDs must be in the range 1 ~ 4095. These IDs must match the IDs used by other network devices.
Traffic generated by this AP will not have a VLAN tag (no VLAN ID).
If selected, each packet generated by this AP will be sent over each active VLAN, as defined in the client VLAN table above. This requires that each packet be replicated (up to 8 times). This has a detrimental effect on performance, so should only be used if necessary.
15
Specified VLAN ID
If selected, you can enter the desired VLAN ID. Normally, this ID should be one of the client VLAN IDs defined above.

3.6 Configure Security Profile

This screen is displayed when you select a Profile on the Security Profiles screen, and click the Configure button.
3.6.1 Profile Data
Enter the desired settings for each of the following:
Profile Name
SSID
Wireless Band
Enter a suitable name for this profile.
Enter the desired SSID. Each profile must have an unique SSID.
Displays the wireless band for this profile.
3.6.2 Security Settings
Select the desired option, and then enter the settings for the selected method.
The available options are:
· None - No security is used. Anyone using the correct SSID can connect to your network.
· WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.
· WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes periodically.
· WPA-802.1x - This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmis­sions are encrypted using the WPA standard.
16
If this option is selected:
· This WAP-4060PE must have a "client login" on the Radius Server.
· Each user must have a "user login" on the Radius Server.
· Each user's wireless client must support 802.1x and provide the login data
when required.
· All data transmission is encrypted using the WPA standard. Keys are auto­matically generated, so no key input is required.
· 802.1x - This uses the 802.1x standard for client authentication, and WEP for data encryption. If possible, you should use WPA-802.1x instead, because WPA en­cryption is much stronger than WEP encryption.
If this option is selected:
· This WAP-4060PE must have a "client login" on the Radius Server.
· Each user must have a "user login" on the Radius Server.
· Each user's wireless client must support 802.1x and provide the login data
when required.
· All data transmission is encrypted using the WEP standard. You only have to select the WEP key size; the WEP key is automatically generated.
3.6.3 Security Settings - None
No security is used. Anyone using the correct SSID can connect to your network.
The only settings available from this screen are Radius MAC Authentication and
UAM (Universal Access Method).
3.6.4 Radius MAC Authentication
Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server. If you don't have a Radius Server, you cannot use this feature.
Using MAC authentication
5. Ensure the WAP-4060PE can login to your Radius Server.
· Add a RADIUS client on the RADIUS server, using the IP address or name of the WAP-4060PE, and the same shared key as pre-configured.
· Ensure the WAP-4060PE has the correct address, port number, and shared key for login to your Radius Server. These parameters are entered either on
17
the Security page, or the Radius-based MAC authentication sub-screen, de­pending on the security method used.
· On the WAP-4060PE, enable the Radius-based MAC authentication feature on the screen below.
6. Add Users on the Radius server as required. The username must be the MAC address of the Wireless client you wish to allow, and the password must be blank.
7. When clients try to associate with the WAP-4060PE, their MAC address is passed to the Radius Server for authentication.
· If successful, xx:xx:xx:xx:xx:xx MAC authentication is entered in the log, and client station status would show as authenticated on the station list table;
· If not successful, xx:xx:xx:xx:xx:xx MAC authentication failed is entered in the log, and station status is shown as authenticating on the station list table.
Radius-based MAC authentication Screen
This screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again. Otherwise, you must enter the details of your Radius Server on this screen.
Data - Radius-based MAC Authentication Screen
Enable ...
Radius Server Address
Radius Port
Client Login Name
Shared Key
WEP Key
Enable this if you want to use Radius-based MAC authentica­tion.
If this field is visible, enter the name or IP address of the Ra­dius Server on your network.
If this field is visible, enter the port number used for connec­tions to the Radius Server.
If this field is visible, it displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server.
If this field is visible, it is used for the Client Login on the Ra­dius Server. Enter the key value to match the value on the Radius Server.
If this field is visible, it is for the WEP key used to encrypt data transmissions to the Radius Server. Enter the desired key value in HEX, and ensure the Radius Server has the same value.
18
WEP Key Index
If this field is visible, select the desired key index. Any value can be used, provided it matches the value on the Radius Server.
3.6.5 UAM
UAM (Universal Access Method) is intended for use in Internet cafes, Hot Spots, and other sites where the WAP-4060PE is used to provide Internet Access.
If enabled, then HTTP (TCP, port 80) connections are checked. (UAM only works on HTTP connections; all other traffic is ignored.) If the user has not been authenticated, Internet access is blocked, and the user is re-directed to another web page. Typically, this web page is on your Web server, and explains how to pay for and obtain Internet access.
To use UAM, you need a Radius Server for Authentication. The "Radius Server Setup" must be completed before you can use UAM. The required setup depends on whether you are using Internal or External authentication.
· Internal authentication uses the web page built in the WAP-4060PE.
· External authentication uses a web page on your Web server. Generally, you
should use External authentication, as this allows you to provide relevant and help­ful information to users.
UAM authentication - Internal
1. Ensure the WAP-4060PE can login to your Radius Server.
· Add a RADIUS client on RADIUS server, using the IP address or name of the WAP-4060PE, and the same shared key as pre-configured.
· Ensure the WAP-4060PE has the correct address, port number, and shared key for login to your Radius Server. These parameters are entered either on the Security page, or the UAM sub-screen, depending on the security method used.
2. Add users on your RADIUS server as required, and allow access by these users.
3. Client PCs must have the correct Wireless settings in order to associate with the WAP-4060PE.
4. When an associated client tries to use HTTP (TCP, port 80) connections, they will be re-directed to a user login page.
5. The client (user) must then enter the user name and password, as defined on the Radius Server. (You must provide some system to let users know the correct name and password to use.)
6. If the user name and password is correct, Internet access is allowed. Otherwise, the user remains on the login page.
· Clients which pass the authentication are listed as “xx:xx:xx:xx:xx:xx WEB au- thentication in the log table, and station status would show as Authenticated on the station list table.
· If a client fails authentication, “xx:xx:xx:xx:xx:xx WEB authentication failed shown in the log, and station status is shown as Authenticating on the sta­tion list table.
UAM authentication - External
1. Ensure the WAP-4060PE can login to your Radius Server.
· Add a RADIUS client on RADIUS server, using the IP address or name of the WAP-4060PE, and the same shared key as pre-configured.
19
· Ensure the WAP-4060PE has the correct address, port number, and shared key for login to your Radius Server. These parameters are entered either on the Security page, or the UAM sub-screen, depending on the security method used.
2. On your Web Server, create a suitable welcome page. The welcome page must have a link or button to allow the user to input their user name and password on the uamlogon.htm page on the WAP-4060PE.
3. On the WAP-4060PEs UAM screen, select External Web-based Authentication, and enter the URL for the welcome page on your Web server.
4. Add users on your RADIUS server as required, and allow access by these users.
5. Client PCs must have the correct Wireless settings in order to associate with the WAP-4060PE.
6. When an associated client tries to use HTTP (TCP, port 80) connections, they will be re-directed to the welcome page on your Web Server.
7. The client (user) must then enter the user name and password, as defined on the Radius Server. (You must provide some system to let users know the correct name and password to use.)
8. If the user name and password is correct, Internet access is allowed. Otherwise, the user remains on the login page.
· Clients which pass the authentication are listed as “xx:xx:xx:xx:xx:xx WEB au- thentication in the log table, and station status would show as Authenticated on the station list table.
· If a client fails authentication, “xx:xx:xx:xx:xx:xx WEB authentication failed is shown in the log, and station status is shown as Authenticating on the sta­tion list table.
UAM Screen
The UAM screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again.
20
Data - UAM Screen
Enable
Internal Web-based Authentication
External Web-based Authentication
Login URL
Login Failure URL
Enable this if you want to use this feature. See the section above for details of using UAM.
If selected, then when a user first tries to access the Internet, they will be blocked, and re-directed to the built-in login page. The logon data is then sent to the Radius Server for authentica­tion.
If selected, then when a user first tries to access the Internet, they will be blocked, and re-directed to the URL below. This needs to be on your own local Web Server. The page must also link back to the built-in login page on this device to complete the login procedure.
Enter the URL of the page on your local Web Server. When users attempt to access the Internet, they will see this page, but are not logged in.
Enter the URL of the page on your local Web Server you wish users to see if their login fails. (This may be the same URL as the Login URL).
3.6.6 Security Settings - WEP
This is the 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.
21
Data - WEP Screen
WEP
Data Encryption
Authentication
Key Input
Key Value
Select the desired option, and ensure your Wireless stations have the identical setting:
· 64 Bit Encryption - Keys are 10 Hex (5 ASCII) characters.
· 128 Bit Encryption - Keys are 26 Hex (13 ASCII) charac-
· 152 Bit Encryption - Keys are 32 Hex (16 ASCII) charac-
Normally, you can leave this at Automatic, so that Wireless Stations can use either method ("Open System" or "Shared Key".).
If you wish to use a particular method, select the appropriate value - "Open System" or "Shared Key". All Wireless stations must then be set to use the same method.
Select "Hex" or "ASCII" depending on your input method. (All keys are converted to Hex, ASCII input is only for convenience.)
Enter the key values you want to use. The default key, selected by the radio button, is required. The other keys are optional. Other stations must have matching key values.
ters.
ters.
22
Loading...
+ 62 hidden pages