Sercomm AP51DA User Manual

Dual-Band 802.11a/b/g Wireless Access Point
User's Guide
ABLE OF CONTENTS
T
CHAPTER 1 INTRODUCTION ....................................................... ......................................1
Features of your Wireless Access Point...........................................................................1
Package Contents .............................................................................................................. 2
Physical Details............................... ..... ..... ..... .......... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ........ 3
CHAPTER 2 INSTALLATION...............................................................................................5
Requirements.....................................................................................................................5
Procedure....................................................... ............................................................ ........5
CHAPTER 3 ACCESS POINT SETUP..................................................................................7
Overview ............................................................................................................................7
Setup using the Windows Utility......................................................................................7
Setup using a Web Browser............................................................................................10
System Screen..................................................................................................................13
Access Control........................... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... .......... ..... ..... ..... . 14
2.4GHz Wireless Screens.............................. ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... .17
Basic Settings – 2.4GHz Screen......................................................................................17
2.4GHz Security Settings........................................ ..... ..... ..... ..... ..... .......... ..... ..... ..... ..... . 19
Advanced Settings - 2.4GHz.......... .................................................................................30
5GHz Wireless Screens...................................................................................................32
Basic Settings – 5GHz (802.11a) Screen........................................................................ 32
5GHz Security Settings........................................................................................ ...........34
Advanced Settings - 5GHz..............................................................................................46
CHAPTER 4 PC AND SERVER CONFIGURATION .......................................................48
Overview ..........................................................................................................................48
Using WEP.......................................................................................................................48
Using WPA-802.1x ..........................................................................................................49
802.1x Server Setup (Windows 2000 Server).......................................................... ......50
802.1x Client Setup on Windows XP . ............................................................................60
Using 802.1x Mode (without WPA) ... .......... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... .66
CHAPTER 5 OPERATION AND STATUS......................................................... ................ 67
Operation .........................................................................................................................67
Status Screen....................................................................................................................67
CHAPTER 6 OTHER SETTINGS & FEATURES .............................................................73
Overview ..........................................................................................................................73
Admin Login Screen........................................................................................................73
Config File....................................... ..... ..... ..... ..... .......... ..... ..... ..... ..... ..... ..... ..... ..... ..... ...... 75
SNMP ...............................................................................................................................76
Firmware Upgrade.......... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... ..... .......... ..... ..... ..... ..... . 77
APPENDIX A SPECIFICATIONS .......................................................................................78
Wireless Access Point......................................................................................................78
APPENDIX B TROUBLESHOOTING ........................................................... .....................82
Overview ..........................................................................................................................82
General Problems............................................................................................................82
APPENDIX C WINDOWS TCP/IP....................................................................................... 84
Overview ..........................................................................................................................84
Checking TCP/IP Settings - Windows 9x/ME:.............................................................84
Checking TCP/IP Settings - Windows NT4.0 ...............................................................86
Checking TCP/IP Settings - Windows 2000..................................................................88
Checking TCP/IP Settings - Windows XP ....................................................................90
i
APPENDIX D ABOUT WIRELESS LANS..........................................................................92
Overview ..........................................................................................................................92
Wireless LAN Terminology............................................................................................92
P/N: "9560ND0001 Copyright  2004. All Rights Reserved.
Document Version: 1.0 All trademarks and trade names are the properties of their respective owners.
ii
Chapter 1
Introduction
1
This Chapter provides an overview of the Wireless Access Point's features and capabilities.
Congratulations on the purchase of your new Wireless Access Point. The Wir eless Access Point links your 802.11g or 802.11b Wireless Stations to your wired LAN. The Wireless stations and devices on the wired LAN are then on the same network, and can communicate with each other without regard for whether they are connected to the network via a Wireless or wired connection.
Figure 1: Wireless Access Point
The auto-sensing capability of the Wireless Access Point allows packet transmission up to 54Mbps for maximum throughput, or automatic speed reduction to lower speeds when the environment does not permit maximum throughput.
Features of your Wireless Access Point
The Wireless Access Point incorporates many advanced features, carefully designed to provide sophisticated functions while being easy to use.
Standards Compliant.
specifications for Wireless LANs.
Supports both 802.11b and 802.11g Wireless Stations.
provides for backward compatibility with the 802.11b standard, so both 802.11b and
802.11g Wireless stations can be used simultaneously.
WEP support.
and 128 Bit keys are suppor ted.
Support for WEP (Wired Equivalent Privacy) is included. Both 64 Bit
The Wireless Router complies with the IEEE802.11g (DSSS)
The 802.11g standard
1
Wireless Access Point User Guide
WPA support.
should be used if possible.
802.1x Support.
strength wireless security of 802.1x authentication and authorization.
Radius Client Support.
Server (as a Radius client).
Radius MAC Authentication.
MAC addresses by using a Radius Server.
Dynamic WEP key Support
be used.
Upgradeable Firmware.
easily, using only your Web Browser.
Access Control.
clients to ensure that on ly trusted Wireless Stations can use the Wireless Access Point to gain access to your LAN.
UAM Support. The Wireless Access Point supports UAM (Universal Access Method),
making it suitable for use in Internet cafes and other sites where user access time must be accounted for.
Simple Configuration.
quickly and easily.
Support for WPA is included. WPA is more secure than WEP, and
Support for 802.1x mode is included, providing for the industrial-
The Wireless Access Point can login to your existing Radius
You can centralize the checking of Wireless Station
.
In 802.1x mode, either fixed or Dynamic WEP keys can
Firmware is stored in a flash memory and can be upgraded
The Access Control feature can check the MAC address of Wireless
If the default settings are unsuitable, they can be changed
DHCP Client Support.
address to PCs and other devices upon request. The Wireless Access Point can act as a
DHCP Client
Server.
NetBIOS & WINS Support.
dows Internet Naming Service) allows the Wireless Access Point to easily fit into your existing Windows network.
Password - protected Configuration
prevent unauthorized users from modifying the configuration data and settings.
, and obtain an IP address and related information from your existing DHPC
Dynamic Host Configuration Protocol provides a dynamic IP
Support for both NetBIOS broadcast and WINS (Win-
. Optional password protection is provided to
Package Contents
The following items should be included:
Wireless Access Point
Power Adapter
Quick Start Guide
CD-ROM containing the on-line manual and setup utility.
If any of the above items are damaged or missing, please contact your dealer immediately.
2
Physical Details
Front Panel LEDs
Introduction
Figure 2: Front Panel
Status On
Power On - Normal operation.
LAN On
5GHz/802.11a On
2.4GHz/802.11 b/g
- Error condition.
- Normal operation.
Off Blinking
Off - No power
Off Flashing
LAN (Ethernet) port.
Off Flashing
less band. Data includes "network traffic" as well as user data.
On Off Flashing Data is being transmitted or received via the 802.11g/a Wire-
less band. Data includes "network traffic" as well as user data.
- During start up, and when the Firmware is being upgraded.
- The LAN (Ethernet) port is active.
- No active connection on the LAN (Ethernet) port.
- Data is being transmitted or received via the corresponding
- 802.11a Wireless connection is available.
- No 802.11a Wireless connection available.
- Data is being transmitted or received via the 802.11a Wire-
- 802.11g and/or 802.11b Wireless connection is available.
- 802.11g and 802.11b Wireless connections are not available.
3
Wireless Access Point User Guide
Rear Panel
Figure 3 Rear Panel
Antenna
Power port Reset Button
Ethernet
One antenna (aerial) is supplied. Best results are usually obtained with the antenna in a vertical position.
Connect the supplied power adapter here. This button has two (2) functions:
Reboot
. When pressed and released, the Wireless Access Point
will reboot (restart).
Reset to Factory Defaults
. This button can also be used to clear
ALL data and restore ALL settings to the factory default values.
To Clear All Data and restore the factory default values:
1. Power Off the Access Point
2. Hold the Reset Button down while you Power On the Access Point.
3. Continue holding the Reset Button until the Status (Red) LED blinks TWICE.
4. Release the Reset Button. The factory default configuration has now been restored, and the Access Point is ready for use.
Use a standard LAN cable (RJ45 connectors) to connect this port to a 10BaseT or 100BaseT hub on your LAN.
Console port
DB9 female RS232 port.
4
Chapter 2
Installation
2
This Chapter covers the physical installation of the Wireless Access Point.
Requirements
Requirements:
TCP/IP network
Ethernet cable with RJ-45 co nnectors
Installed Wireless network adapter for each PC that will be wirelessly connected to the
network
Procedure
1. Select a suitable location for the installation of your Wireless Access Point. To maximize reliability and performance, follow these guidelines:
Use an elevated location, such as wall mounted or on the top of a cubicle.
Place the Wireless Access Point near the center of your wireless coverage area.
If possible, ensure there are no thick walls or metal shielding between the Wireless
Access Point and Wireless stations. Under ideal conditions, the Wireless Access Point has a range of around 150 meters (450 feet). The range is reduced, and transmission speed is lower, if there are any obstructions between Wireless devices.
Figure 4: Installation Diagram
2. Use a standard LAN cable to connect the “Ethernet” port on the Wireless Access Po int to a 10/100BaseT hub on your LAN.
5
Wireless Access Point User Guide
3. Connect the supplied power adapter to the Wireless Access Point and a convenient power outlet, and power up.
4. Check the LEDs:
The Status LED should flash, then turn OFF.
The Power, WLAN, and LAN LED should be ON.
For more information, refer to Front Panel LEDs in Chapter 1.
6
Chapter 3
Access Point Setup
3
This Chapter provides details of the Setup process for Basic Operation of your Wireless Access Point.
Overview
This chapter describes the setup procedure to make the Wireless Access Point a valid device on your LAN, and to function as an Access Point for your Wireless Stations.
Wireless Stations may also require configuration. For details, see Chapter 4 - Wireless Station Configuration.
The Wireless Access Point can be configured using either the supplied Windows utility or your Web Browser
Setup using the Windows Utility
A simple Windows setup utility is supplied on the CD-ROM. This utility can be used to assign a suitable IP address to the Wireless Access Point. Using this utility is recommended, because it can locate the Wireless Access Point even if it has an invalid IP address.
Installation
1. Insert the supplied CD-ROM in your drive.
2. If the utility does not start automatically, run the SETUP program in the root folder.
3. Follow the prompts to complete the installation.
Main Screen
Start the program by using the icon created by the setup program.
When run, the program searches the network for all active Wireless Access Points, then
lists them on screen, as shown by the example below.
7
Wireless Access Point User Guide
Figure 5: Management utility Screen
Wireless Access Points
The main panel displays a list of all Wireless Access Points found on the network. For each Access Point, the following data is shown:
Server Name IP address MAC Address IEEE Standard
The Server Name is shown on a sticker on the base of the device. The IP address for the Wireless Access Point. The hardware or physical address of the Wireless Access Point. The wireless standard or standards used by the Wireless Access Point
(e.g. 802.11b, 802.11g)
FW Version Description
The current Firmware version installed in the Wireless Access Point. Any extra information for the Wireless Access Point, entered by the
administrator.
Note: If the desired Wireless Access Point is not listed, check that the device is installed and ON, then update the list by clicking the Refresh button.
Buttons
Refresh
Web Management
Click this button to update the Wireless Access Point device listing after changing the name or IP Address.
Use this button to connect to the Wireless Access Point's Web­based management interface.
Set IP Address
Exit
Click this button if you want to change the IP Address of the Wireless Access Point.
Exit the Management utility program by clicking this button.
8
Setup
Setup Procedure
1. Select the desired Wireless Access Point.
2. Click the Set IP Address button.
admin
for the
3. If prompted, enter the user name and password. The default values are User Name, and
password
for the Password.
4. Ensure the IP address, Network Mask, and Gateway are correct for your LAN. Save any changes.
5. Click the Web Management button to connect to the selected Wireless Access Point using your Web Browser. If prompted, enter the User Name and Password again.
6. Configure the following screens, using the on-line help if necessary. The following section also provides more details about each of these screens.
Wireless - Basic
Wireless - Security
Management - Admin Login
(Basic Wireless settings)
(Wireless Security)
(Set login name and password)
7. Setup is now complete.
9
Wireless Access Point User Guide
Setup using a Web Browser
Your Browser must support JavaScript
following browsers:
Netscape V4.08 or later
Internet Explorer V4 or later
. The configuration program has been tested on the
Setup Procedure
Before commencing, install the Wireless Access Point in your LAN, as described previously.
1. Check the Wireless Access Point to determine its Default Name. This is shown on a label on the base or rear, and is in the following format:
SCxxxxxx Where xxxxxx is a set of 6 Hex characters ( 0 ~ 9, and A ~ F ).
2. Use a PC which is already connected to your LAN, either by a wired connection or an­other Access Point.
Until the Wireless Access Point is configured, establishing a Wireless connection to it
may be not possible. If your LAN contains a Router or Routers, ensure the PC used for configuration is on
the same LAN segment as the Wireless Access Point.
3. Start your Web browser.
4. In the Address box, enter "HTTP://" and the Default Name of the Wireless Access Point e.g.
HTTP://SC2D631A
5. You should then see a login prompt, which will ask for a User Name and Password.
admin
Enter These are the default values. The password (but not the user name) can and should be changed. Always enter the cur r ent password, as set on the Admin Lo gin screen.
for the User Name, and
password
for the Password.
Figure 6: Password Dialog
6. You will then see the Status screen, which displays the current settings and status. No data input is possible on this screen.
10
7. From the menu, check the following screens, and configure as necessary for your envi­ronment. Details of these screens and settings are described in the following sections of this chapter.
System
Access Control
2.4GHz Wireless
Basic
Security
Advanced
5GHz Wireless
Basic
Security
Advanced
Management
Admin Login (Set login name and password)
Config File
SNMP
Upgrade Firmware
8. Setup of the Wireless Access Point is now complete. Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 for details.
Setup
If you can't connect:
It is likely that your PC’s IP address is incompatible with the Wireless Access Point’s IP address. This can happen if your LAN does not have a DHCP Server. The default IP address of the Wireless Access Point is 192.168.0.228, with a Network Mask of 255.255.255.0.
If your PC’s IP address is not compatible with this, you must change your PC’s IP address to an unused value in the range 192.168.0.1 ~ 192.168.0.254, with a Network Mask of 255.255.255.0. See Appendix C - Windows TCP/IP for details for this procedure.
11
Wireless Access Point User Guide
Status Screen
When you first connect, you will see the Status screen. This displays the current settings and status of the Wireless Access Point. No data can be input on this screen.
Figure 7: Status Screen
For further details of this screen, refer to Status Screen in Chapter 5.
12
System Screen
Click System on the menu to view a screen like the following.
Setup
Data - System Screen
Identification
Access Point Name
Description Country Domain
IP Address
DHCP Client
Fixed
Enter a suitable name for this Access Point.
If desired, you can enter a description for the Access Point. Select the country or domain matching your current location.
Select this option if you have a DHCP Server on your LAN, and you wish the Access Point to obtain an IP address automatically.
If selected, the following data must be entered.
Subnet Mask
Gateway
DNS
Figure 8: System Screen
IP Address - The IP Address of this device. Enter an unused IP
address from the address range on your LAN.
- The Network Mask associated with the IP Address
above. Enter the value used by other devices on your LAN.
- The IP Address of your Gateway or Router. Enter the
value used by other devices on your LAN.
- Enter the DNS (Domain Name Server) used by PCs on
your LAN.
13
Wireless Access Point User Guide
WINS
Enable WINS
WINS Server Name/IP Ad­dress
HTTP
HTTP Port
Telnet
Enable Telnet Management
If your LAN has a WINS server, you can enable this to have this AP register with the WINS server.
Enter the name or IP address of your WINS server.
Enter the port number to be used when connecting to this interface. The default value is 80.
If desired, you can enable this option. If enabled, you will able to connect to this AP using a Telnet client. You will have to provide the same login data (user name, password) as for a HTTP (Web) connec­tion.
Access Control
This feature can be used to block access to your LAN by unknown or untrusted wireless stations.
Click Access Control on the menu to view a screen like the following.
Figure 9: Access Control Screen
Data - Access Control Screen
Enable
Trusted Stations
Use this checkbox to Enable or Disable this feature as desired.
Warning !
list before enabling this feature.. This table lists any Wireless Stations you have designated as
"Trusted". If you have not added any stations, this table will be empty. For each Wireless station, the following data is displayed:
Ensure you own PC is in the "Trusted Wireless Stations"
MAC Address - the MAC or physical address of each Wire-
less station.
Connected - this indicates whether or not the Wireless station
is currently associates with this Access Point.
14
Buttons
Setup
Modify List
Read from File
Write to File
To change the list of Trusted Stations (Add, Edit, or Delete a Wireless Station or Stations), click this button. You will then see the Trusted Wireless Stations screen, described below.
To upload a list of Trusted Stations from a file on your PC, click this button.
To download the current list of Trusted Stations from the Access Point to a file on your PC, click this button.
Trusted Wireless Stations
To change the list of trusted wireless stations, use the Modify List button on the Access Control screen. You will see a screen like the sample below.
Figure 10: Trusted Wireless Stations
Data - Trusted Wireless Stations
Trusted Wireless Stations
Other Wireless Stations
Address
Buttons
<<
This lists any Wireless Stations which you have designated as “Trusted”.
This list any Wireless Stations detected by the Access Point, which you have not designated as "Trusted".
The MAC (physical) address of the Trusted Wireless Station. Use this when adding or editing a Trusted Station.
Add a Trusted Wireless Station to the list (move from the "Other Stations" list).
Select an entry (or entries) in the "Other Stations" list, and
click the " << " button. Enter the Address (MAC or physical address) of the wireless
station, and click the "Add " button.
15
Wireless Access Point User Guide
>>
Select All Select None
Edit
Add
Clear
Delete a Trusted Wireless Station from the list (move to the "Other Stations" list).
Select an entry (or entries) in the "Trusted Stations" list.
Click the " >> " button.
Select all of the Stations listed in the "Other Stations" list. De-select any Stations currently selected in the "Other Stations"
list. To change an existing entry in the "Trusted Stations" list, select it
and click this button.
1. Select the Station in the "Trusted Station" list.
2. Click the "Edit" button. The address will be copied to the "Address" field, and the "Add" button will change to "Update".
3. Edit the address (MAC or physical address) as required.
4. Click "Update" to save your changes.
To add a Trusted Station which is not in the "Other Wireless Stations" list, enter the required data and click this button.
Clear the Address field.
16
2.4GHz Wireless Screens
There are 3 configuration screens available:
Basic Settings
Security
Advanced
Basic Settings – 2.4GHz Screen
The settings on this screen must match the settings used by Wireless Stations. Click Basic on the menu to view a screen like the following.
Setup
Figure 11: Basic Settings Screen
Data - Basic Settings Screen
Operation
Wireless Mode
Select the desired option:
Disable
transmit or receive at all.
802.11b and 802.11g
tions by both 802.11b and 802.1g wireless stations.
802.11b
802.11g wireless stations will only be able to connect if they are fully backward-compatible with the 802.11b standard.
802.11g - only 802.11g connections are allowed. If you only have
802.11g, selecting this option may provide a performance im­provement over using the default setting.
Super 802.11g (108Mbps)
support this mode.
Dynamic Super 802.11g (108Mbps)
wireless stations support this mode.
Static Super 802.11g (108Mbps)
stations support this mode.
- select this if for some reason you do not this AP to
- if selected, only 802.11b connections are allowed.
- this is the default, and will allow connec-
- select this only if all wireless stations
- select this only if all
- select this only if all wireless
17
Wireless Access Point User Guide
Operating Mode
Remote AP MAC Address
Channel No
Current Channel No.
Select the desired mode:
Wireless Access Point - operate as a normal Access Point
Client Access Point
- act as a client for another Access Point. If selected, you must provide the address (MAC address) of the other Access Point (Remote AP).
Repeater Access Point
- act as a repeater for another Access Point. If selected, you must provide the address (MAC ad dress) of the other Access Point (Remote AP).
This is not required unless the Operating Mode is "Client Access Point" or "Repeater Access Point". In either of these modes, you must provide the MAC address of the other AP in this field. You can either enter the MAC address directly, or, if the other AP is on-line, you can click the "Select AP" button and select from a list of available APs.
If "Automatic" is selected, the Wireless Access Point will self-select a Wireless Channel.
If you experience interference (shown by lost connections and/or slow data transfers) you may need to experiment with different channels to see which Channel is the best.
This displays the current channel used by the Access Point.
SSID
Broadcast SSID
Enter the desired SSID. Wireless Stations must use the same SSID. Note: The SSID is case sensitive. If Enabled, the SSID will be broadcast to all Wireless Stations. Sta-
tions which have no SSID (or a "null" value) can then adopt the correct SSID for connections to this Access Point.
18
2.4GHz Security Settings
Select the desired option, and then enter the settings for the selected method. The available options are:
None - No security is used. Anyone using the correct SSID can connect to your network.
- The 802.11b standard. Data is encrypted before transmission, but the encryption
WEP
system is not very strong.
WPA-PSK
WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes fre­quently.
WPA-802.1x - This version of WPA requires a Radius Server on your LAN to provide the
client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when re-
quired. All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
802.1x
tion. If possible, you should use WPA-802.1x instead, because WPA encryption is much stronger than WEP encryption.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when re-
quired. All data transmission is encrypted using the WEP standard. You only have to select
the WEP key size; the WEP key is automatically generated.
- Like WEP, data is encrypted before transmission. WPA is more secure than
- This uses the 802.1x standard for client authentication, and WEP for data encryp-
Setup
19
Wireless Access Point User Guide
2.4GHz Security Settings - None
Figure 12: Wireless Security - None
No security is used. Anyone using the correct SSID can connect to your network. The only settings available from this screen are Radius MAC Authentication and UAM
(Universal Access Method).
Radius-based MAC Authentication
Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server. If you don't have a Radius Server, you cannot use this feature.
This screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again.
Figure 13: Radius-based MAC Authentication Screen
Enable ... Radius Server
Address
Enable this if you wish to Radius-based MAC authentication. If this field is visible, enter the name or IP address of the Radius
Server on your network.
Radius Port
Client Login Name
Shared Key
If this field is visible, enter the port number used for connections to the Radius Server.
If this field is visible, it displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server.
If this field is visible, it is used for the Client Login on the Radius
20
Setup
Server. Enter the key value to match the value on the Radius Server.
WEP Key
WEP Key Index
If this field is visible, it is for the the WEP key used to encrupt data transmissions to the Radius Server. Enter the desired key value 9in HEX), and ensure the Radius Server has the same value.
If this field is visible, select the desired key index. Any value can be used, provided it matches the value on the Radius Server.
UAM
UAM (Universal Access Method) is intended for use in Internet cafes and other sites where user access must be accounted for. To use this feature, you also need a Radius Server. The "Radius Server Setup" must be completed before you can use UAM.
The UAM screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again.
Data – UAM Screen
Enable Internal
Web-based Authentication
External Web-based Authentication
Login URL
Login Failure URL
Enable this if you wish to use this feature. If selected, then when a user first tries to access the Internet, they will
be blocked, and re-directed to the built-in login page. The logon data is then sent to the Radius Server for authentication.
If selected, then when a user first tries to access the Internet, they will be blocked, and re-directed to the URL below. This needs to be on your own local Web Server. The page must also link back to the built­in login page on this device to complete the login procedure.
Enter the URL of the page on your local Web Server you wish users to see when they attempt to access the Internet, but are not logged in.
Enter the URL of the page on your local Web Server you wish users to see if their login fails. (This may be the same URL as the Login URL).
Figure 14: UAM Screen
21
Wireless Access Point User Guide
2.4GHz Security Settings - WEP
This is the 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.
Data - WEP Screen
WEP
Data Encryption
Authentication
Key Input
Key Value
Figure 15: WEP Wireless Security
Select the desired WEP Encryption level, and ensure Wireless stations have the same setting and key value.
Normally this can be left at the default value of "Automatic." If that fails, select the appropriate value - "Open System" or "Shared Key." Check your wireless card's documentation to see what method to use.
Select "Hex" or "ASCII" depending on your input method. (All keys are converted to Hex, ASCII input is only for conven­ience.)
Enter the key value you wish to use. Other stations must have the same key.
22
Setup
Passphrase
Radius-based MAC Authentication
UAM
Use this to generate a key or keys, instead of entering them directly. Enter a word or group of printable characters in the Passphrase box and click the "Generate Key" button to auto­matically configure the WEP Key(s). If encryption strength is set to 64 bit, then each of the four key fields will be populated with key values. If encryption strength is set to 128 bit, then only the selected WEP key field will be given a key value.
Enable this if your network is using this system. If enabled, click the "Configure" button to configure the Radius server.
Enable this if your network is using this system. If enabled, click the "Configure" button to configure the Radius server and the Login URL.
23
Wireless Access Point User Guide
2.4GHz Security Settings - WPA-PSK
Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes frequently.
Figure 16: WPA-PSK Wireless Security
Data - WPA-PSK Screen
WPA-PSK
Network Key
WPA Encryption
Enter the key value. Data is encrypted using this key. Other Wireles Stations must use the same key.
Select the desired option. Other Wireless Stations must use the same method.
This refers to the key used for point-to-point transmissions. Enable this if you want the keys to be updated regularly. TKIP - Unicast (point-to-point) transmissions and multicast (broadcast) transmissions are encrypted using TKIP.
TKIP + 64 bit WEP - Unicast (point-to-point) transmis­sions are encrypted using TKIP, and multicast (broadcast) transmissions are encrypted using 64 bit WEP.
TKIP + 128 bit WEP - Unicast (point-to-point) transmis­sions are encrypted using TKIP, and multicast (broadcast) transmissions are encrypted using 128 bit WEP.
AES - CCMP - Unicast (point-to-point) transmissions and multicast (broadcast) transmissions are encrypted using AES - CCMP.
Pairwise Key Update
This refers to the key used for point-to-point transmissions. Enable this if you want the keys to be updated regularly.
24
Setup
Key Lifetime
Group Key Update
Key Lifetime
Update Group Key when any membership terminates
This field determines how often Pairwise keys are dynamically updated. Enter the desired value.
This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the Group key will be updated whenever any mem­ber leaves the group or disassociates from the Access Point.
25
Wireless Access Point User Guide
2.4GHz Security Settings - WPA-802.1x
This version of WPA requires a Radius Server on your LAN to provide the client authentica­tion according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when required.
All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
Figure 17: WPA-802.1x Wireless Security
Data - WPA-802.1x Screen
WPA-802.1x
Radius Server Address
Radius Port
Enter the name or IP address of the Radius Server on your network.
Enter the port number used for connections to the Radius Server.
26
Setup
Client Login Name
Shared Key
WPA Encryption
Pairwise Key Up­date
This read-only field displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server.
This is used for the Client Login on the Radius Server. Enter the key value to match the Radius Server.
Select the desired option. Other Wireless Stations must use the same method.
TKIP - Unicast (point-to-point) transmissions and multicast
(broadcast) transmissions are encrypted using TKIP. TKIP + 64 bit WEP - Unicast (point-to-point) transmissions
are encrypted using TKIP, and multicast (broadcast) transmis­sions are encrypted using 64 bit WEP.
TKIP + 128 bit WEP - Unicast (point-to-point) transmissions
are encrypted using TKIP, and multicast (broadcast) transmis­sions are encrypted using 128 bit WEP.
AES - CCMP - Unicast (point-to-point) transmissions and
multicast (broadcast) transmissions are encrypted using AES ­CCMP.
This refers to the key used for point-to-point transmissions. Enable this if you want the keys to be updated regularly.
Key Lifetime
Group Key Update
Key Lifetime
Group key update when any member­ship terminated
Radius Accounting
Update Report every ...
This field determines how often Pairwise keys are dynamically updated. Enter the desired value.
This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the group key will be updated whenever any member leaves the group or disassociates from the Access Point.
Enable this if you want this Access Point to send accounting data to the Radius Server. If enabled, the port used by your Radius Server must be entered in the Radius Accounting Port" field.
If Radius accounting is enabled, you can enable this and enter the desired update interval. This Access Point will then send updates according to the specified time period.
27
Wireless Access Point User Guide
2.4GHz Security Settings - 802.1x
This uses the 802.1x standard for client authentication, and WEP for data encryption. If possi­ble, you should use WPA-802.1x instead, because WPA encryption is much stronger than WEP encryption.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when required.
All data transmission is encrypted using the WEP standard. You only have to select the
WEP key size; the WEP key is automatically generated.
Data - 802.1x Screen
802.1x
Radius Server Address
Radius Port
Client Login Name
Figure 18: 802.1x Wireless Security
Enter the name or IP address of the Radius Server on your network.
Enter the port number used for connections to the Radius Server.
This read-only field displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server.
28
Setup
Shared Key
WEP Key Size
Key Exchange
Radius Accounting
Update Report every ...
This is used for the Client Login on the Radius Server. Enter the key value to match the Radius Server.
Select the desired option.
64 Bit - data is encrypted, using the default key, before
being transmitted. You must enter at least the default key. For 64 Bit Encryption, the key size is 5 chars (ASCII) or 10 chars in HEX (0~9 and A~F).
128 Bit - data is encrypted, using the default key, before
being transmitted. You must enter at least the default key. For 128 Bit Encryption, the key size is 13 chars (ASCII) or 26 chars in HEX (0~9 and A~F).
Enable this if you wish the keys to exchanged and updated regularly. If enabled, enter the desired
Key Lifetime
.
Enable this if you want this Access Point to send accounting data to the Radius Server.
If enabled, the port used by your Radius Server must be entered in the Radius Accounting Port" field.
If Radius accounting is enabled, you can enable this and enter the desired update interval. This Access Point will then send updates according to the specified time period.
29
Wireless Access Point User Guide
Advanced Settings - 2.4GHz
Clicking the Advanced link on the menu will result in a screen like the following.
Figure 19: Advanced Settings
Data - Advanced Settings Screen
Basic Rate
Basic Rate Selection
Options
Wireless Separation
Worldwide Mode (802.11d)
The Basic Rate is used for broadcasting. It does not determine the data transmission rate, which is determined by the "Mode" setting on the Basic screen.
Select the desired option:
Auto-negotiate
the best results.
Fixed Rate
must also select the desired speeds.
If enabled, then each Wireless station using the Access Point is invisible to other Wireless stations. In most business situations, this setting should be Disabled.
Enable this setting if you wish to use this mode, and your Wireless stations support this mode.
- This is the default, and will normally give
- If you don't use to use "Auto-negotiate", you
30
Parameters
Setup
Disassociated Timeout
Fragmentation Beacon Interval RTS/CTS Threshold Preamble Type Output Power Level
Antenna Selection
802.11b
Protection Type Short Slot Time Protection Mode
This determines how quickly a Wireless Station will be consid­ered "Disassociated" with this AP, when no traffic is received. Enter the desired time period.
Enter the preferred setting between 256 and 2346. Enter the preferred setting between 0 and 3000. Enter the preferred setting between 256 and 2346. Select the desired preamble type. Select the desired power output. Higher levels will give a
greater range, but are also more likely to cause interference with other devices.
If your Access Point has only 1 antenna, there is only 1 option available. If your Access Point has 2 antennae, select the option which gives the best results in your location.
Select the desired option. Enable or disable this setting as required. Normally, this should be left at "Auto".
Protection Rate
Select the desired option.
31
Wireless Access Point User Guide
p
5GHz Wireless Screens
There are 3 configuration screens available:
Basic Settings
Security
Advanced
Basic Settings – 5GHz (802.11a) Screen
The settings on this screen must match the settings used by Wireless Stations. Click Basic on the menu to view a screen like the following.
Figure 20: Basic Settings Screen
Data - Basic Settings Screen
Operation
Wireless Mode
Operating Mode
Select the desired option:
Disable - select this if for some reason you do not this AP to
transmit or receive at all on the 5GHz band.
802.11a (54Mbps) - this is the standard 802.11a mode, and is the
most compatible of the available modes. Super 802.11a (108Mbps) - Select this only if all your Wireless
clients support this mode. Dynamic Super 802.11a (108Mbps) - Select this only if all your
Wireless clients support this mode. Static Super 802.11a (108Mbps) - Select this only if all your
Wireless clients support this mode.
Select the desired mode:
Wireless Access Point - operate as a normal Access Point
Client Access Point - act as a client for another Access Point. If
selected, you must provide the address (MAC address) of the other Access Point (Remote AP).
eater Access Point - act as a repeater for another Access Point.
Re
32
If selected, you must provide the ad dress (MAC address) of the other Access Point (Remote AP).
Setup
Remote AP MAC Address
Channel No
Current Channel No.
SSID
Broadcast SSID
This is not required unless the Operating Mode is "Client Access Point" or "Repeater Access Point". In either of these modes, you must provide the MAC address of the other AP in this field. You can either enter the MAC address directly, or, if the other AP is on-line, you can click the "Select AP" button and select from a list of available APs.
If "Automatic" is selected, the Access Point will select the best avail­able Channel.
If you experience interference (shown by lost connections and/or slow data transfers) you may need to experiment with manually setting different channels to see which is the best.
This displays the current channel used by the Access Point.
Enter the SSID (ESSID). Wireless stations on your Wireless LAN must have the same SSID.
If Enabled, the SSID will be broadcast to all Wireless Stations. Sta­tions which have no SSID (or a "null" value) can then adopt the correct SSID for connections to this Access Point.
33
Wireless Access Point User Guide
5GHz Security Settings
Select the desired option, and then enter the settings for the selected method. The available options are:
None - No security is used. Anyone using the correct SSID can connect to your network.
- The 802.11b standard. Data is encrypted before transmission, but the encryption
WEP
system is not very strong.
WPA-PSK
WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes fre­quently.
WPA-802.1x - This version of WPA requires a Radius Server on your LAN to provide the
client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when re-
quired. All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
802.1x
tion. If possible, you should use WPA-802.1x instead, because WPA encryption is much stronger than WEP encryption.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when re-
quired. All data transmission is encrypted using the WEP standard. You only have to select
the WEP key size; the WEP key is automatically generated.
- Like WEP, data is encrypted before transmission. WPA is more secure than
- This uses the 802.1x standard for client authentication, and WEP for data encryp-
34
5GHz Security Settings - None
Figure 21: Wireless Security - None
No security is used. Anyone using the correct SSID can connect to your network.
Setup
The only settings available from this screen are (Universal Access Method).
Radius MAC Authentication
and
UAM
Radius-based MAC Authentication
Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server. If you don't have a Radius Server, you cannot use this feature.
This screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again.
Figure 22: Radius-based MAC Authentication Screen
Enable ... Radius Server
Address Radius Port
Client Login Name
Shared Key
Enable this if you wish to use this system. If this field is visible, enter the name or IP address of the Radius
Server on your network. If this field is visible, enter the port number used for connections to
the Radius Server. If this field is visible, it displays the name used for the Client Login
on the Radius Server. This Login name must be created on the Radius Server.
If this field is visible, it is used for the Client Login on the Radius Server. Enter the key value to match the value on the Radius Server.
35
Wireless Access Point User Guide
WEP Key
WEP Key Index
If this field is visible, it is for the the WEP key used to encrupt data transmissions to the Radius Server. Enter the desired key value 9in HEX), and ensure the Radius Server has the same value.
If this field is visible, select the desired key index. Any value can be used, provided it matches the value on the Radius Server.
UAM
UAM (Universal Access Method) is intended for use in Internet cafes and other sites where user access must be accounted for. To use this feature, you also need a Radius Server. The "Radius Server Setup" must be completed before you can use UAM.
The UAM screen will look different depending on the current security setting. If you have already provided the address of your Radius server, you won't be prompted for it again.
Data – UAM Screen
Enable
Internal Web-based Authentication
External Web-based Authentication
Login URL
Login Failure URL
Enable this if you wish to use this feature. UAM is intended for use in Internet cafes and other sites where user access must be accounted for. To use this feature, you also need a Radius Server. The "Radius Server Setup" must be completed before you can use UAM.
If selected, then when a user first tries to access the Internet, they will be blocked, and re-directed to the built-in login page. The logon data is then sent to the Radius Server for authentication.
If selected, then when a user first tries to access the Internet, they will be blocked, and re-directed to the URL below. This needs to be on your own local Web Server. The page must also link back to the built­in login page on this device to complete the login procedure.
Enter the URL of the page on your local Web Server you wish users to see when they attempt to access the Internet, but are not logged in.
Enter the URL of the page on your local Web Server you wish users to see if their login fails. (This may be the same URL as the Login URL).
Figure 23: UAM Screen
36
Setup
37
Wireless Access Point User Guide
5GHz Security Settings - WEP
This is the 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.
Data - WEP Screen
WEP
Data Encryption
Authentication
Key Input
Key Value
Figure 24: WEP Wireless Security
Select the desired WEP Encryption level, and ensure Wireless stations have the same setting and key value.
Normally this can be left at the default value of "Automatic." If that fails, select the appropriate value - "Open System" or "Shared Key." Check your wireless card's documentation to see what method to use.
Select "Hex" or "ASCII" depending on your input method. (All keys are converted to Hex, ASCII input is only for conven­ience.)
Enter the key value you wish to use. Other stations must have the same key.
38
Setup
Passphrase
Radius-based MAC Authentication
UAM
Use this to generate a key or keys, instead of entering them directly. Enter a word or group of printable characters in the Passphrase box and click the "Generate Key" button to auto­matically configure the WEP Key(s). If encryption strength is set to 64 bit, then each of the four key fields will be populated with key values. If encryption strength is set to 128 bit, then only the selected WEP key field will be given a key value.
Enable this if your network is using this system. If enabled, click the "Configure" button to configure the Radius server.
Enable this if your network is using this system. If enabled, click the "Configure" button to configure the Radius server and the Login URL.
39
Wireless Access Point User Guide
5GHz Security Settings - WPA-PSK
Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes frequently.
Figure 25: WPA-PSK Wireless Security
Data - WPA-PSK Screen
WPA-PSK
Network Key
WPA Encryption
Enter the key value. Data is encrypted using this key. Other Wireless Stations must use the same ke y.
Select the desired option. Other Wireless Stations must use the same method.
TKIP - Unicast (point-to-point) transmissions and multicast (broadcast) transmissions are encrypted using TKIP.
TKIP + 64 bit WEP - Unicast (point-to-point) transmis­sions are encrypted using TKIP, and multicast (broadcast) transmissions are encrypted using 64 bit WEP.
TKIP + 128 bit WEP - Unicast (point-to-point) transmis­sions are encrypted using TKIP, and multicast (broadcast) transmissions are encrypted using 128 bit WEP.
AES - CCMP - Unicast (point-to-point) transmissions and multicast (broadcast) transmissions are encrypted using AES - CCMP.
Pairwise Key Update
Key Lifetime
This refers to the key used for point-to-point transmissions. Enable this if you want the keys to be updated regularly.
This field determines how often Pairwise keys are dynamically updated. Enter the desired value.
40
Setup
Group Key Update
Key Lifetime
Update Group Key when any membership terminates
This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the Group key will be updated whenever any mem­ber leaves the group or disassociates from the Access Point.
41
Wireless Access Point User Guide
5GHz Security Settings - WPA-802.1x
This version of WPA requires a Radius Server on your LAN to provide the client authentica­tion according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when required.
All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
Figure 26: WPA-802.1x Wireless Security
Data - WPA-802.1x Screen
WPA-802.1x
Radius Server Address
Radius Port
Enter the name or IP address of the Radius Server on your network.
Enter the port number used for connections to the Radius Server.
42
Setup
Client Login Name
Shared Key
WPA Encryption
Pairwise Key Up­date
This read-only field displays the name used for the Client Login on the Radius Server. This Login name must be cre­ated on the Radius Server.
This is used for the Client Login on the Radius Server. Enter the key value to match the Radius Server.
Select the desired option. Other Wireless Stations must use the same method.
TKIP - Unicast (point-to-point) transmissions and multicast
(broadcast) transmissions are encrypted using TKIP. TKIP + 64 bit WEP - Unicast (point-to-point) transmissions
are encrypted using TKIP, and multicast (broadcast) transmis­sions are encrypted using 64 bit WEP.
TKIP + 128 bit WEP - Unicast (point-to-point) transmissions
are encrypted using TKIP, and multicast (broadcast) transmis­sions are encrypted using 128 bit WEP.
AES - CCMP - Unicast (point-to-point) transmissions and
multicast (broadcast) transmissions are encrypted using AES ­CCMP.
This refers to the key used for point-to-point transmissions. Enable this if you want the keys to be updated regularly.
Key Lifetime
Group Key Update
Key Lifetime
Group key update when any member­ship terminated
Radius Accounting
Update Report every ...
This field determines how often keys are dynamically updated. Enter the desired value.
This refers to the key used for broadcast transmissions. Enable this if you want the keys to be updated regularly.
This field determines how often the Group key is dynamically updated. Enter the desired value.
If enabled, the Group key will be updated whenever any member leaves the group or disassociates from the Access Point.
Enable this if you want this Access Point to send accounting data to the Radius Server.
If enabled, the port used by your Radius Server must be entered in the Radius Accounting Port" field.
If Radius accounting is enabled, you can enable this and enter the desired update interval. This Access Point will then send updates according to the specified time period.
43
Wireless Access Point User Guide
5GHz Security Settings - 802.1x
This uses the 802.1x standard for client authentication, and WEP for data encryption. If possi­ble, you should use WPA-802.1x instead, because WPA encryption is much stronger than WEP encryption.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when required.
All data transmission is encrypted using the WEP standard. You only have to select the
WEP key size; the WEP key is automatically generated.
Data - 802.1x Screen
802.1x
Radius Server Address
Radius Port
Client Login Name
Figure 27: 802.1x Wireless Security
Enter the name or IP address of the Radius Server on your network.
Enter the port number used for connections to the Radius Server.
This read-only field displays the name used for the Client Login on the Radius Server. This Login name must be created on the Radius Server.
44
Setup
Shared Key
WEP Key Size
Key Exchange
Radius Accounting
Update Report every ...
This is used for the Client Login on the Radius Server. Enter the key value to match the Radius Server.
Select the desired option.
64 Bit - data is encrypted, using the default key, before
being transmitted. You must enter at least the default key. For 64 Bit Encryption, the key size is 5 chars (ASCII) or 10 chars in HEX (0~9 and A~F).
128 Bit - data is encrypted, using the default key, before
being transmitted. You must enter at least the default key. For 128 Bit Encryption, the key size is 13 chars (ASCII) or 26 chars in HEX (0~9 and A~F).
Enable this if you wish the keys to exchanged and updated regularly. If enabled, enter the desired
Key Lifetime
.
Enable this if you want this Access Point to send accounting data to the Radius Server.
If enabled, the port used by your Radius Server must be entered in the Radius Accounting Port" field.
If Radius accounting is enabled, you can enable this and enter the desired update interval. This Access Point will then send updates according to the specified time period.
45
Wireless Access Point User Guide
Advanced Settings - 5GHz
Clicking the Advanced link on the menu will result in a screen like the following.
Figure 28: Advanced Settings
Data - Advanced Settings Screen
Basic Rate
Basic Rate Selection
Options
Wireless Separation
Worldwide Mode (802.11d)
Parameters
The Basic Rate is used for broadcasting. It does not determine the data transmission rate, which is determined by the "Mode" setting on the Basic screen.
Select the desired option:
Auto-negotiate
the best results.
Fixed Rate
must also select the desired speeds.
If enabled, then each Wireless station using the Access Point is invisible to other Wireless stations. In most business situations, this setting should be Disabled.
Enable this setting if you wish to use this mode, and your Wireless stations support this mode.
- This is the default, and will normally give
- If you don't use to use "Auto-negotiate", you
Disassociated Timeout
Fragmentation Beacon Interval RTS/CTS Threshold Preamble Type
This determines how quickly a Wireless Station will be consid­ered "Disassociated" with this AP, when no traffic is received. Enter the desired time period.
Enter the preferred setting between 256 and 2346. Enter the preferred setting between 0 and 3000. Enter the preferred setting between 256 and 2346. Select the desired preamble type.
46
Setup
Output Power Level
Antenna Selection
Select the desired power output. Higher levels will give a greater range, but are also more likely to cause interference with other devices.
If your Access Point has only 1 antenna, there is only 1 option available. If your Access Point has 2 antennae, select the option which gives the best results in your location.
47
Chapter 4
PC and Server Configuration
4
This Chapter details the PC Configuration required for each PC on the local LAN.
Overview
All Wireless Stations need to have settings which match the Wireless Access Point. These settings depend on the mode in which the Access Point is being used.
If using WEP or WPA-PSK, it is only necessary to ensure that each Wireless station's
settings match those of the Wireless Access Point, as described below. For WPA-802.1x and 802.1x modes, configuration is much more complex. The Radius
Server must be configured correctly, and setup of each Wireless station is also more com­plex.
Using WEP
For each of the following items, each Wireless Station must have the same settings as the Wireless Access Point.
Mode SSID (ESSID)
Wireless Security
On each PC, the mode must be set to Infrastructure. This must match the value used on the Wireless Access Point. The default value is
Note! The SSID is case sensitive.
Each Wireless station must be set to use WEP data encryption.
The Key size (64 bit or 128 bit) must be set to match the Access
Point. The keys values on the PC must match the key values on the Access
Point.
Note: On some systems, the "64 bit" key is shown as "40 bit" and "128 bit" is
shown as "104 bit". This difference arises because the key input by the user is 24 bits less than the key size used for encryption.
wireless
48
PC and Server Configuration
Using WPA-802.1x
This is the most secure and most complex system.
802.1x mode provides greater security and centralized management, but it is more complex to configure.
Wireless Station Configuration
For each of the following items, each Wireless Station must have the same settings as the Wireless Access Point.
Mode SSID (ESSID)
802.1x Authentication
802.1x Encryption
On each PC, the mode must be set to Infrastructure. This must match the value used on the Wireless Access Point. The default value is
Note! The SSID is case sensitive.
Each client must obtain a Certificate which is used for authentication for the Radius Server.
Typically, EAP-TLS is used. This is a dynamic key system, so keys do NOT have to be entered on each Wireless station.
Radius Server Configuration
If using
WPA-802.1x
It must provide and accept There must be a
The Wireless Access Point will use its Default Name as its Client Login name.
The Shared Key, set on the Security Screen of the Access Point, must match the
Shared Secret value on the Radius Server.
Encryption settings must be correct.
mode, the Radius Server on your network must be configured as follow:
Certificates
Client Login
for the Wireless Access Point itself.
wireless
for user authentication.
49
Wireless Access Point User Guide
802.1x Server Setup (Windows 2000 Server)
This section desc ribes using Microsoft Internet Authentication Server as the Radius Server, since it is the most common Radius Server available that supports the EAP-TLS authentication method.
The following services on the Windows 2000 Domain Controller (PDC) are also required:
dhcpd
dns
rras
webserver (IIS)
Radius Server (Internet Authentication Service)
Certificate Authority
Windows 2000 Domain Controller Setup
1. Run dcpromo.exe from the command prompt.
2. Follow all of the default prompts, ensure that DNS is installed and enabled during installa­tion.
Services Installation
1. Select the Control Panel - Add/Remove Programs.
2. Click Add/Remove Windows Components from the left side.
3. Ensure that the following components are activated (selected):
Certificate Services. After enabling this, you will see a warning that the computer
cannot be renamed and joined after installing certificate services. Select Yes to select certificate services and continue
World Wide Web Server. Select World Wide Web Server on the Internet Information
Services (IIS) component. From the Networking Services category, select Dynamic Host Configuration Protocol
(DHCP), and Internet Authentication Service (DNS should already be selected and in­stalled).
50
Figure 29: Components Screen
4. Click Next.
5. Select the Enterprise root CA, and click Next.
PC and Server Configuration
Figure 30: Certification Screen
6. Enter the information for the Certificate Authority, and click Next.
51
Wireless Access Point User Guide
Figure 31: CA Screen
7. Click Next if you don't want to change the CA's configuration data.
8. Installation will warn you that Internet Information Services are running, and must be stopped before continuing. Click Ok, then Finish.
DHCP server configuration
1. Click on the Start - Programs - Administrative Tools - DHCP
2. Right-click on the server entry as shown, and select New Scope.
Figure 32: DHCP Screen
3. Click Next when the New Scope Wizard Begins.
4. Enter the name and description for the scope, click Next.
5. Define the IP address range. Change the subnet mask if necessary. Click Next.
52
PC and Server Configuration
Figure 33:IP Address Screen
6. Add exclusions in the address fields if required. If no exclusions are required, leave it blank. Click Next.
7. Change the Lease Duration time if preferred. Click Next.
8. Select Yes, I want to configure these options now, and click Next.
9. Enter the router address for the current subnet. The router address may be left blank if there is no router. Click Next.
10. For the Parent domain, enter the domain you specified for the domain controller setup, and enter the server's address for the IP address. Click Next.
Figure 34: DNS Screen
11. If you don't want a WINS server, just click Next.
12. Select Yes, I want to activate this scope now. Click Next, then Finish.
13. Right-click on the server, and select Authorize. It may take a few minutes to complete.
53
Wireless Access Point User Guide
Certificate Authority Setup
1. Select Start - Programs - Administrative Tools - Certification Authority.
2. Right-click Policy Settings, and select New - Certificate to Issue.
Figure 35: Certificate Authority Screen
3. Select Authenticated Session and Smartcard Logon (select more than one by holding down the Ctrl key). Click OK.
Figure 36: Template Screen
4. Select Start - Programs - Administrative Tools - Active Directory Users and Computers.
5. Right-click on your active directory domain, and select Properties.
54
PC and Server Configuration
Figure 37: Active Directory Screen
6. Select the Group Policy tab, choose Default Domain Policy then click Edit.
Figure 38: Group Policy Tab
7. Select Computer Configuration - Windows Settings - Security Settings - Public Key Policies, right-click Automatic Certificate Request Settin gs - New - Automatic Certificate Request.
55
Wireless Access Point User Guide
Figure 39: Group Policy Screen
8. When the Certificate Request Wizard appears, click Next.
9. Select Computer, then click Next.
Figure 40: Certificate Template Screen
10. Ensure that your certificate authority is checked, then click Next.
11. Review the policy change information and click Finish.
12. Click Start - Run, type cmd and press enter. Enter secedit /refreshpolicy machine_policy This command may take a few minutes to take effect.
56
PC and Server Configuration
Internet Authentication Service (Radius) Setup
1. Select Start - Programs - Administrative Tools - Internet Authentication Service
2. Right-click on Clients, and select New Client.
Figure 41: Service Screen
3. Enter a name for the access point, click Next.
4. Enter the address or name of the Wireless Access Point, and set the shared secret, as entered on the 2.4GHz Security Settings of the Wireless Access Point.
5. Click Finish.
6. Right-click on Remote Access Policies, select New Remote Access Policy.
7. Assuming you are using EAP-TLS, name the policy
eap-tls
, and click Next.
8. Click Add... If you don't want to set any restrictions and a condition is required, select Day-And-Time- Restrictions, and click Add...
Figure 42: Attribute Screen
9. Click Permitted, then OK. Select Next.
10. Select Grant remote access permission. Click Next.
57
Wireless Access Point User Guide
11. Click Edit Profile... and select the Authentication tab. Enable Extensible Authentication Protocol, and select Smart Card or other Certificate. Deselect other authentication meth­ods listed. Click OK.
Figure 43: Authentication Screen
12. Select No if you don't want to view the help for EAP. Click Finish.
58
PC and Server Configuration
Remote Access Login for Users
1. Select Start - Programs - Administrative Tools- Active Directory Users and Computers.
2. Double click on the user who you want to enable.
3. Select the Dial-in tab, and enable Allow access. Click OK.
Figure 44: Dial-in Screen
59
Wireless Access Point User Guide
802.1x Client Setup on Windows XP
Windows XP ships with a complete 802.1x client implementation. If using Windows 2000, you can install SP3 (Service Pack 3) to gain the same functionality.
If you don't have either of these systems, you must use the 802.1x client software provided with your wireless adapter. Refer to your vendor's documentation for setup instructions.
The following instructions assume that:
You are using Windows XP
You are connecting to a Windows 2000 server for authentication.
You already have a login (User name and password) on the Windows 2000 server.
Client Certificate Setup
1. Connect to a network which doesn't require port authentication. Start your Web Browser. In the Address box, enter the IP address of the Windows 2000
2.
Server, followed by /certsrv e.g
http://192.168.0.2/certsrv
3. You will be prompted for a user name and password. Enter the User name and Password assigned to you by your network administrator, and click OK.
Figure 45: Connect Screen
4. On the first screen (below), select Request a certificate, click Next.
60
Figure 46: Wireless CA Screen
PC and Server Configuration
5. Select User certificate request and select User Certificate, the click Next.
Figure 47: Request Type Screen
6. Click Submit.
61
Wireless Access Point User Guide
Figure 48: Identifying Information Screen
7. A message will be displayed, then the certificate will be returned to you. Click Install this certificate.
Figure 49:Certificate Issued Screen
8. . You will receive a confirmation message. Click Yes.
62
PC and Server Configuration
Figure 50: Root Certificate Screen
9. Certificate setup is now complete.
802.1x Authentication Setup
1. Open the properties for the wireless connection, by selecting Start - Control Panel ­Network Connections.
2. Right Click on the Wireless Network Connection, and select Properties.
3. Select the Authentication Tab, and ensure that Enable network access control using IEEE
802.1X is selected, and Smart Card or other Certificate is selected from the EAP type.
Figure 51: Authentication Tab
Encryption Settings
The Encryption settings must match the APs (Access Points) on the Wireless network you wish to join.
Windows XP will detect any available Wireless networks, and allow you to configure
each network independently.
63
Wireless Access Point User Guide
Your network administrator can advise you of the correct settings for each network.
802.1x networks typically use EAP-TLS. This is a dynamic key system, so there is no need to enter key values.
Enabling Encryption
To enable encryption for a wireless network, follow this procedure:
1. Click on the Wireless Networks tab.
Figure 52: Wireless Networks Screen
2. Select the wireless network from the Available Networks list, and click Configure.
3. Select and enter the correct values, as advised by your Network Administrator. For example, to use EAP-TLS, you would enable Data encryption, and click the checkbox for the setting The key is provided for me automatically, as shown below.
64
PC and Server Configuration
Figure 53: Properties Screen
Setup for Windows XP and 802.1x client is now complete.
65
Wireless Access Point User Guide
Using 802.1x Mode (without WPA)
This is very similar to using WPA-802.1x. The only difference is that on your client, you must NOT enable the setting The key is pro-
vided for me automatically. Instead, you must enter the WEP key manually, ensuring it matches the WEP key used on the
Access Point.
Figure 54: Properties Screen
Note:
On some systems, the "64 bit" WEP key is shown as "40 bit" and the "128 bit" WEP key is shown as "104 bit". This difference arises because the key input by the user is 24 bits less than the key size used for encryption.
66
Chapter 5
Operation and Status
5
This Chapter details the operation of the Wireless Access Point and the status screens.
Operation
Once both the Wireless Access Point and the PCs are configured, operation is automatic.
However, you may need to perform the following operations on a regular basis.
If using the Access Control feature, update the Trusted PC database as required. (See
Access Control in Chapter 3 for details.) If using 802.1x mode, update the User Login data on the Windows 2000 Server, and
configure the client PCs, as required.
Status Screen
Use the Status link on the main menu to view this screen.
Figure 55: Status Screen
67
Wireless Access Point User Guide
Data - Status Screen
Access Point
Access Point Name MAC Address Domain
Firmware Version
TCP/IP
IP Address Subnet Mask Gateway
DHCP Client
Wireless
SSID
The current name will be displayed. The MAC (physical) address of the Wireless Access Point. This is the region for which this Wireless Access Point is licensed
for use. The version of the firmware currently installed.
The IP Address of the Wireless Access Point. The Network Mask (Subnet Mask) for the IP Address above. Enter the Gateway for the LAN segment to which the Wireless
Access Point is attached (the same value as the PCs on that LAN segment).
This indicates whether the current IP address was obtained from a DHCP Server on your network.
It will display "Enabled" or "Disabled".
The current SSID.
Channel/Frequency Mode
Security
Authentication Encryption Access Control
Buttons
Log
Stations
Statistics
The Channel currently in use is displayed. The current operational mode is displayed.
This displays the current Authentication setting. This displays the current Encryption setting. This indicates whether or not the MAC-level "Access Control"
feature is enabled.
Click this to open a sub-window where you can view the activity log.
Click this to open a sub-window where you can view the list of all current Wireless Stations using the Access Point.
Click this to open a sub-window where you can view Statistics on data transmitted or received by the Access Point.
68
Activity Log
This screen is displayed when the Log button on the Status screen is clicked.
Operation and Status
Data - Activity Log
Data
Current Time Log
Buttons
Refresh Save to file Clear Log
Figure 56: Activity Log Screen
The system date and time is displayed. The Log shows details of the existing connections to the Wireless
Access Point.
Update the data on screen. Save the log to a file on your pc. This will delete all data currently in the Log. This will make it
easier to read new messages.
69
Wireless Access Point User Guide
Station List
This screen is displayed when the Stations button on the Status screen is clicked.
Figure 57 Station List Screen
Data - Station List Screen
Station List
MAC Address Mode Status Refresh Button
The MAC (physical) address of each Wireless Station is displayed. The mode of each Wireless Station. The current status of each Wireless Station is displayed. Update the data on screen.
70
Operation and Status
Statistics Screen
This screen is displayed when the 2.4GHz Statistics button on the Status screen is clicked. It shows details of the traffic flowing through the Wireless Access Point.
Data - Statistics Screen
System Up Time
System Up Time
2.4GHz Wireless
Authentication
Deauthentication
Association
Disassociation
Reassociation
This indicates how long the system has been running since the last restart or reboot.
The number of "Authentication" packets received. Authentication is the process of identification between the AP and the client.
The number of "Deauthentication" packets received. Deauthentica­tion is the process of ending an existing authentication relationship.
The number of "Association" packets received. Association creates a connection between the AP and the client. Usually, clients sssoci­ate with only one (1) AP at any time.
The number of "Disassociation" packets received. Disassociation breaks the existing connection between the AP and the client.
The number of "Reassociation" packets received. Reassociation is the service that enables an established association (between AP and client) to be transferred from one AP to another (or the same) AP.
Figure 58: Statistics Screen
Wireless
MSDU
Data
Number of valid Data packets transmitted to or received from Wireless Stations, at application level.
Number of valid Data packets transmitted to or received from Wireless Stations, at driver level.
71
Wireless Access Point User Guide
Multicast Packets
Management
Control
Number of Broadcast packets transmitted to or received from Wireless Stations, using Multicast transmission.
Number of Management packets transmitted to or received from Wireless Stations.
Number of Control packets transmitted to or received from Wireless Stations.
72
Chapter 6
Other Settings & Features
6
This Chapter explains when and how to use the Wireless Access Point's "Management" Features.
Overview
This Chapter covers the following features, available on the Wireless Access Point’s Man­agement menu.
Admin Login
Config File
SNMP
Upgrade Firmware
Admin Login Screen
The Admin Login screen allows you to assign a password to the Wireless Access Point. This password limits access to the configuration interface. The default password is password. It is recommended that this be changed, using this screen.
Figure 59: Admin Login Screen
Data - Admin Login Screen
User Name New Password Repeat New Password
You will be prompted for the password when you connect, as shown below.
Enter the user name here Enter the new password here Re-enter the new password in this field.
73
Wireless Access Point User Guide
Figure 60: Password Dialog
admin
Enter
Enter the Wireless Access Point’s password, as set on the Admin Login screen above.
for the User Name.
74
Other Settings & Features
Config File
This screen allows you to Backup (download) the configuration file, and to restore (upload) a previously-saved configuration file.
You can also set the Wireless Access Point back to its factory default settings. To reach this screen, select Config File in the
Figure 61: Config File Screen
Data - Config File Screen
Backup
Management
section of the menu.
Save a copy of cur­rent settings
Restore
Restore saved settings from a file
Defaults
Revert to factory default settings
Click the Backup button to download the current settings to a file on your PC.
If you have a previously-saved configuration file, you can use this to restore those settings by uploading the file.
1. Click the Browse button and navigate to the location of the configuration file.
2. Select the upgrade file. Its name will appear in the File field.
3. Click the Restore button to commence the upload.
4. The Wireless Access Point will need to restart, and will be unavailable during the restart. All exiting connections will be broken.
Use this to set the Wireless Access Point back to its factory default settings.
Click Set to Defaults to start the procedure.
The Wireless Access Point will need to restart, and will be
unavailable during the restart. All exiting connections will be broken.
75
Wireless Access Point User Guide
SNMP
Figure 62: SNMP Screen
Data - SNMP Screen
SNMP
Enable SNMP Community Access Rights
Managers
Traps
Use this to enable or disable SNMP as required. Enter the community string, usually either "Public" or "Private". Select the desired option:
Read-only - Data can be read, but not changed.
Read/Write - Data can be read, and setting changed.
Select the desired option:
Any station - The IP address of the manager station is not
checked. A specific station - The IP address is checked, and must
match the address you enter in the IP address field provided.
Select the desired option:
Disabled - Select this if you do not wish to use SNMP Traps.
Broadcast - Select this to have Traps broadcast on your
network. This makes them available to any PC. Send to - Select this to have Trap messages sent to the
specified PC only. If selected, you must enter the IP Address of the desired PC.
Trap Version - Select the desired option, as supported by your SNMP Management program.
76
Other Settings & Features
Firmware Upgrade
The firmware (software) in the Wireless Access Point can be upgraded using your Web Browser.
You must first download the upgrade file, and then select Upgrade Firmware in the
ment section of the menu. You will see a screen like the following.
Figure 63: Firmware Upgrade Screen
To perform the Firmware Upgrade:
1. Click the Browse button and navigate to the location of the upgrade file.
2. Select the upgrade file. Its name will appear in the Upgrade File field.
3. Click the Upgrade button to commence the firmware upgrade.
The Wireless Access Point is unavailable during the upgrade process, and must restart when the up­grade is completed. Any connections to or through the Wireless Access Point will be lost.
Manage-
77
Appendix A
Specifications
A
Wireless Access Point
Hardware Specifications
CPU AR2312 Radio-on-Chip AR2112 DRAM 8 Mbytes (Expand to 64MB) Flash ROM 2 Mbytes (Expand to 8MB) LAN port 1 x Auto-MDIX RJ 45 for 10/100Mbps Ethernet Wireless Interface
Embedded Atheros solution Network Standard IEEE 802.11b (Wi-Fi™) and IEEE
802.11g compliance OFDM; 802.11b: CCK (11 Mbps, 5.5 Mbps), DQPSK (2
Mbps), DBPSK (1 Mbps) Operating Frequencies 2.412.2.497 GHz Operating Channels 802.11g: 13 for North America, 13
for Europe (ETSI), 14 for Japan
802.11b: 11 for North America, 14 for Japan, 13 for Europe (ETSI)
Operating temperature Storage temperature Power Adapter DC 12V/1.2A
Dimensions 141mm (W) x 100mm (D) x 27mm (H)
Wireless Specifications
Receive Sensitivity at 11Mbps min. -85dBm Receive Sensitivity at 5.5Mbps min. -89dBm Receive Sensitivity at 2Mbps min. -90dBm Receive Sensitivity at 1Mbps min. -93dBm
0~55℃
℃󲕏70℃
-20
Maximum Receive Level min. -5dBm Transmit Power 18 dBm Modulation Direct Sequence Spread Spectrum BPSK / QPSK / CCK
78
Throughput Up to 19 Mbps Operating Range Indoors
30 Meters (100ft.) @ 11Mbps
50 Meters (165ft.) @ 5.5Mbps
70 Meters (230ft.) @ 2Mbps
9 1Meters (300ft.) @ 1Mbps
Outdoors
152 Meters (500ft.) @ 11Mbps
270 Meters (885ft.) @ 5.5Mbps
396 Meters (1300ft.) @ 2 Mbps
457 Meters (1500ft.) @ 1 Mbps
Software Specifications
Feature Details
Access point support
Wireless
Roaming supported
IEEE 802.11g/11b compliance
Supper G (up to 108Mbps)
Auto Sensing Open System / Share Key authentication
Wireless Channels Support
Automatic Wireless Channel Selection
Antenna selection
Tx Power Adjustment
Country Selection
Preamble Type: long or short support
RTS Threshold Adjustment
Fragmentation Threshold Adjustment
Beacon Interval Adjustment
SSID assignment
Appendix A - Specifications
Operation Mode
Security
Management
Common AP
Repeater
Client AP
Open, shared, WPA, and WPA-PSK authentication
802.1x support
EAP-TLS, EAP-TTLS, PEAP
Block inter-wireless station communication
Block SSID broadcast
Web based configuration
RADIUS Accounting
RADIUS-On feature
RADIUS Accounting update
79
Wireless Access Point User Guide
CLI
Message Log
Access Control list file support
Configuration file Backup/Restore
Statistics support
Device discovery program
Windows Utility
DHCP client
Other Features
WINS client
Firmware Upgrade HTTP, FTP network protocol download
80
Appendix A - Specifications
FCC Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
This equipment generates, uses an d can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communica­tions. However, there is n o g ua ran tee th at interfe rence will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:
Reorient or relocate the receiving antenna .
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected. Consult the dealer or an experienced radio/TV technician for help.
To assure continued compliance, any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. (Example - use only shielded interface cables when connecting to computer or peripheral devices).
FCC Radiation Exposure Statement
This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
(1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause
undesired operation. This transmitter must not be co-located or operating in conjunction with any other antenna or
transmitter.
81
Appendix B
Troubleshooting
B
Overview
This chapter covers some common problems that may be encountered while using the Wireless Access Point and some possible solutions to them. If you follow the suggested steps and the Wireless Access Point still does not function properly, contact your dealer for further advice.
General Problems
Problem 1:
Solution 1:
Can't connect to the Wireless Access Point to configure it .
Check the following:
The Wireless Access Point is pro perly installed, LAN connections are
OK, and it is powered ON. Check the LEDs for port status. Ensure that your PC and the Wireless Access Point are on the same
network segment. (If you don't have a router, this must be the case.) If your PC is set to "Obtain an IP Address automatically" (DHCP
client), restart it. You can use the following method to determine the IP address of the
Wireless Access Point, and then try to connect using the IP address, in­stead of the name.
To Find the Access Point's IP Address
1. Open a MS-DOS Prompt or Command Prompt Window.
2. Use the Ping command to “ping” the Wireless Access Point. Enter ping followed by the Default Name of the Wireless Access Point. e.g.
ping SC003318
3. Check the output of the ping command to determine the IP address of the Wireless Access Point, as shown below.
Figure 64: Ping
If your PC uses a Fixed (Static) IP address, ensure that it is using an IP Address which is compatible with the Wireless Access Point. (If no DHCP Server is found, the Wireless Access Point will default to an IP Address and Mask of 192.168.0.228 and 255.255.255.0.) On Windows PCs, you can use Control Panel-Network to check the Properties for the TCP/IP protocol.
82
Appendix B - Troubleshooting
Problem 2:
Solution 2
My PC can't connect to the LAN via the Wireless Access Point.
Check the following:
The SSID and WEP settings on the PC match the settings on the Wire-
less Access Point. On the PC, the wireless mode is set to "Infrastructure"
If using the Access Control feature, the PC's name and address is in the
Trusted Stations list. If using 802.1x mode, ensure the PC's 802.1x software is configured
correctly. See Chapter 4 for details of setup for the Windows XP 802.1x client. If using a different client, refer to the vendor's documentation.
83
Appendix C
Windows TCP/IP
C
Overview
Normally, no changes need to be made.
By default, the Wireless Access Point will act as a DHCP client, automatically obtaining a
suitable IP Address (and related information) from your DHCP Server. If using Fixed (specified) IP addresses on your LAN (instead of a DHCP Server), there is
no need to change the TCP/IP of each PC. Just configure the Wireless Access Point to match your existing LAN.
The following sections provide details about checking the TCP/IP settings for various types of Windows, should that be necessary.
Checking TCP/IP Settings - Windows 9x/ME:
1. Select Control Panel - Network. You should see a screen like the following:
Figure 65: Network Configuration
2. Select the TCP/IP protocol for your network card.
3. Click on the Properties button. You should then see a screen like the following.
84
Figure 66: IP Address (Win 95)
Ensure your TCP/IP settings are correct, as follows:
Using DHCP
Appendix B - Troubleshooting
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows settings. To work correctly, you need a DHCP server on your LAN.
Using "Specify an IP Address"
If your PC is already configured for a fixed (specified) IP address, no changes are required. (The Administrator should configure the Wireless Access Point with a fixed IP address from
the same address range used on the PCs.)
85
Wireless Access Point User Guide
Checking TCP/IP Settings - Windows NT4.0
1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below.
Figure 67: Windows NT4.0 - TCP/IP
2. Click the Properties button to see a screen like the one below.
Figure 68: Windows NT4.0 - IP Address
86
Appendix B - Troubleshooting
3. Select the network card for your LAN.
4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address, as explained below.
Obtain an IP address from a DHCP Server
This is the default Windows setting. This is the default Windows settings. To work correctly, you need a DHCP server on your LAN.
Using "Specify an IP Address"
If your PC is already configured for a fixed (specified) IP address, no changes are required. (The Administrator should configure the Wireless Access Point with a fixed IP address from
the same address range used on the PCs.)
87
Wireless Access Point User Guide
Checking TCP/IP Settings - Windows 2000
1. Select Control Panel - Network and Dial-up Connection.
2. Right click the Local Area Connection icon and select Properties. You should see a screen like the following:
Figure 69: Network Configuration (Win 2000)
3. Select the TCP/IP protocol for your network card.
4. Click on the Properties button. You should then see a screen like the following.
Figure 70: TCP/IP Properties (Win 2000)
88
Appendix B - Troubleshooting
5. Ensure your TCP/IP settings are correct:
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. This is the default Windows settings. To work correctly, you need a DHCP server on your LAN.
Using a fixed IP Address ("Use the following IP Address")
If your PC is already configured for a fixed (specified) IP address, no changes are required. (The Administrator should configure the Wireless Access Point with a fixed IP address from
the same address range used on the PCs.)
89
Wireless Access Point User Guide
Checking TCP/IP Settings - Windows XP
1. Select Control Panel - Network Connection.
2. Right click the Local Area Connection and choose Properties. You should see a screen like the following:
Figure 71: Network Configuration (Windows XP)
3. Select the TCP/IP protocol for your network card.
4. Click on the Properties button. You should then see a screen like the following.
Figure 72: TCP/IP Properties (Windows XP)
90
Appendix B - Troubleshooting
5. Ensure your TCP/IP settings are correct.
Using DHCP
To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. To work correctly, you need a DHCP server on your LAN.
Using a fixed IP Address ("Use the following IP Address")
If your PC is already configured for a fixed (specified) IP address, no changes are required. (The Administrator should configure the Wireless Access Point with a fixed IP address from
the same address range used on the PCs.)
91
Appendix D
About Wireless LANs
D
Overview
Wireless networks have their own terms and jargon. It is necessary to understand many of these terms in order to configure and operate a Wireless LAN.
Wireless LAN Terminology
Modes
Wireless LANs can work in either of two (2) modes:
Ad-hoc
Infrastructure
Ad-hoc Mode
Ad-hoc mode does not require an Access Point or a wired (Ethernet) LAN. Wireless Sta­tions (e.g. notebook PCs with wireless cards) communicate directly with each other.
Infrastructure Mode
In Infrastructure Mode, one or more Access Points are used to connect Wireless Stations (e.g. Notebook PCs with wireless cards) to a wired (Ethernet) LAN. The Wireless Stations can then access all LAN resources.
Access Points can only function in "Infrastructure" mode, and can communicate only with Wireless Stations which are set to "Infrastructure" mode.
SSID/ESSID
BSS/SSID
A group of Wireless Stations and a single Access Point, all using the same ID (SSID), form a Basic Service Set (BSS).
Using the same SSID is essential. Devices with different SSIDs are unable to communi­cate with each other. However, some Access Points allow connections from Wireless Stations which have their SSID set to “any” or whose SSID is blank ( null ).
ESS/ESSID
A group of Wireless Stations, and multiple Access Points, all using the same ID (ESSID), form an Extended Service Set (ESS).
92
Appendix C - Windows TCP/IP
Different Access Points within an ESS can use different Channels. To reduce interference, it is recommended that adjacent Access Points SHOULD use different channels.
As Wireless Stations are physically mov ed through the area covered by an ESS, they will automatically change to the Access Point which has the least interference or best perform­ance. This capability is called Roaming. (Access Points do not have or require Roaming capabilities.)
Channels
The Wireless Channel sets the radio frequency used for communication.
Access Points use a fixed Channel. You can select the Channel used. This allows you to
choose a Channel which provides the leas t in te rf erence and best performance. For 802. 11g , 13 channels are available in the USA and Canada., but 11channels are available in North America if using 802.11b.
If using multiple Access Points, it is better if adjacent Access Points use different Chan-
nels to reduce interference. The recommended Channel spacing between adjacent Access Points is 5 Channels (e.g. use Channels 1 and 6, or 6 and 11).
In "Infrastructure" mode, Wireless Stations normally scan all Channels, looking for an
Access Point. If more than one Access Point can be used, the one with the strongest signal is used. (This can only happen within an ESS.)
If using "Ad-hoc" mode (no Access Point), all Wireless stations should be set to use the
same Channel. However, most Wireless stations will still scan all Channels to see if there is an existing "Ad-hoc" group they can join.
WEP
WEP (Wired Equivalent Privacy) is a standard for encrypting data before it is transmitted. This is desirable because it is impossible to prevent snoopers from receiving any data which is transmitted by your Wireless Stations. But if the data is encrypted, then it is meaningless unless the receiver can decrypt it.
If WEP is used, the Wireless Stations and the Wireless Access Point must have the same settings.
WPA-PSK
Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes frequently.
WPA-802.1x
WPA-802.1x - This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.
If this option is used:
The Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when required.
93
Wireless Access Point User Guide
This device can work with following integral Antenna(s): Antenna Type: C147-510057-A Frequency Range: 2.4GHz~2.5GHz & 4.9GHz~5.825GHz
Antenna Gain: 2dBi@2.4GHz........................................(real)
0dBi@4.9GHz.......................................(real)
2dBi@5.15~5.35GHz........................... (real)
2dBi@5.47~5.825GHz......................... (real)
 Antenna Type: C147-510097-A Frequency Range: 2.4GHz~2.5GHz & 4.9GHz~5.825GHz
Antenna Gain: 1dBi@2.45GHz...................................(Real Test)
1dBi@5.825GHz.................................(Real Tset)
All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
802.1x
This uses the 802.1x standard for client authentication, and WEP for data encryption. If possi­ble, you should use WPA-802.1x instead, because WPA encryption is much stronger than WEP encryption.
If this option is used:
The Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when required.
All data transmission is encrypted using the WEP standard. You only have to select the
WEP key size; the WEP key is automatically generated.
94
Loading...