SMC Networks WAP5110 User Manual

IEEE 802.11a/b/g/n
Enterprise Access Point

MANAGEMENT
GUIDE

WAP5110

Enterprise Access Point
Management Guide

No. 1, Creation Road III,
Hsinchu Science Park,
30077, Taiwan, R.O.C.
TEL: +886 3 5638888
Fax: +886 3 6686111

March 2013

Pub. # 149100000223A

E032012-CS-R01

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no
responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties
which may result from its use. No license is granted by implication or otherwise under any patent or patent
rights of SMC. SMC reserves the right to change specifications at any time without notice.

Copyright © 2013 by

SMC Networks, Inc.

No. 1 Creation Road III,

Hsinchu Science Park,

30077, Taiwan, R.O.C.

All rights reserved

Trademarks:

SMC is a registered trademark; and EliteConnect, EZ Switch, TigerStack, TigerSwitch, and TigerAccess are
trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks
of their respective holders.

Warranty and Product Registration

To register SMC products and to review the detailed warranty statement, please
refer to the Support Section of the SMC Website at http://www.smc.com.

– 4 –

How to Use This Guide

This guide includes detailed information on the access point (AP) software,
including how to operate and use the management functions of the AP. To deploy
this AP effectively and ensure trouble-free operation, you should first read the
relevant sections in this guide so that you are familiar with all its software features.

Who Should Read This

Guide?

How This Guide is

Organized

This guide is for network administrators who are responsible for operating and
maintaining network equipment. The guide assumes a basic working knowledge of
LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network
Management Protocol (SNMP).

The organization of this guide is based on the AP’s main management interfaces.
The web management interface and command line interface (CLI) are described in
separate sections. An introduction and initial configuration information is also
provided.

The guide includes these sections:

◆ Section I “Getting Started” — Includes an introduction to AP management and

initial configuration settings.

◆ Section II “Web Configuration” — Includes all management options available

through the web interface.

◆ Section III “Command Line Interface” — Includes information on how to use the

CLI and details on all CLI commands.

◆ Section IV “Appendice s” — Includes information on troubleshooting AP

management access.

Related

Documentation

This guide focuses on AP software configuration, it does not cover hardware
installation of the AP. For specific information on how to install the AP, see the
following guide:

Installation Guide

For all safety information and regulatory statements, see the following documents:

Quick Start Guide
Safety and Regulatory Information

– 5 –

How to Use This Guide

Conventions The following conventions are used throughout this guide to show information:

Note:

Emphasizes important information or calls your attention to related features

or instructions.

Caution:

the system or equipment.

War ning:

Alerts you to a potential hazard that could cause loss of data, or damage

Alerts you to a potential hazard that could cause personal injury.

Revision History This section summarizes the changes in each revision of this guide.

March 2013 Revision

This is the first revision of this guide. It is valid for software release v0.3.3.8.

– 6 –

Contents

Warranty and Product Registration 4

How to Use This Guide 5

Contents 7

Figures 12

Tables 14

Section I Getting Started 17

1 Introduction 18

Configuration Options 18

Console Port Connection 19

Console Login 19

Network Connections 20

Connecting to the Web Interface 20

Home Page and Main Menu 21

Common Web Page Buttons 22

2 Initial Configuration 24

CLI Initial Configuration Steps 24

Setting an IP Address 24

Setting a Password 25

Setting the Country Code 25

Web Quick Start 26

Step 1 26

Step 2 28

Step 3 29

Step 4 31

– 7 –

Contents

Section II Web Configuration 32

3 System Settings 33

Administration Settings 34

IPv4 Address 35

IPv6 Address 36

RADIUS Settings 37

Primary and Secondary RADIUS Server Setup 37

RADIUS Accounting 38

System Time 39

SNTP Server Settings 40

Time Zone Setting 40

Daylight Saving Settings 40

VLAN Configuration 40

System Logs 42

Quick Start Wizard 43

System Resource 44

Bridge STP Configuration 45

Spanning Tree Protocol (STP) 45

Bridge Configuration 48

4 Management Settings 49

Remote Management Settings 49

Access Limitation 51

Simple Network Management Protocol 52

SNMP Basic Settings 52

SNMP Trap Settings 54

View Access Control Model 55

SNMPv3 Users 56

SNMPv3 Targets 57

SNMPv3 Notification Filters 58

5 Advanced Settings 60

Local Bridge Filter 60

– 8 –

Contents

Link Layer Discovery Protocol 61

Access Control Lists 63

Source Address Settings 63

Destination Address Settings 64

Ethernet Type 65

Link Integrity 66

6 Wireless Settings 67

Authentication 68

Local MAC Authentication 68

RADIUS MAC Authentication 69

Band Steering 70

Radio Settings 71

Virtual Access Points (VAPs) 75

VAP Basic Settings 76

WDS-STA Mode 78

Wireless Security Settings 79

Wired Equivalent Privacy (WEP) 81

VAP QoS Settings 82

VAP Bandwidth Settings 84

Rogue AP Detection 84

Wi-Fi Multimedia (WMM) 86

7 Maintenance Settings 91

Upgrading Firmware 91

Running Configuration 93

Resetting the Access Point 94

Scheduled Reboot 95

8 Status Information 97

AP Status 98

AP System Configuration 98

AP Wireless Configuration 100

Station Status 101

Station Statistics 102

Event Logs 103

– 9 –

Contents

WDS Status 104

Section III Command Line Interface 107

9 Using the Command Line Interface 109

Console Connection 109

Telnet Connection 110

Entering Commands 111

Keywords and Arguments 111

Minimum Abbreviation 111

Command Completion 111

Getting Help on Commands 111

Showing Commands 111

Negating the Effect of Commands 112

Using Command History 112

Understanding Command Modes 112

Command Line Processing 114

10 General Commands 115

11 System Management Commands 119

12 System Logging Commands 139

13 System Clock Commands 144

14 DHCP Relay Commands 149

15 SNMP Commands 151

16 Flash/File Commands 164

17 RADIUS Client Commands 167

18 802.1X Authentication Commands 173

19 MAC Address Authentication Commands 175

20 Filtering Commands 179

– 10 –

Contents

21 Spanning Tree Commands 185

22 WDS Bridge Commands 197

23 Ethernet Interface Commands 199

24 Wireless Interface Commands 206

25 Wireless Security Commands 234

26 Rogue AP Detection Commands 243

27 Link Integrity Commands 249

28 Link Layer Discovery Commands 252

29 VLAN Commands 256

30 WMM Commands 260

31 QoS Commands 265

Section IV Appendices 273

A Troubleshooting 274

Problems Accessing the Management Interface 274

Using System Logs 274

Index of CLI Commands 276

Index 278

– 11 –

Figures

Figure 1: Login Page 21

Figure 2: The Home Page 21

Figure 3: Set Configuration Changes 22

Figure 4: Help Menu 23

Figure 5: Quick Start - Step 1 27

Figure 6: Quick Start - Step 2 28

Figure 7: Quick Start - Step 3 29

Figure 8: Quick Start - Step 4 31

Figure 9: Administration 34

Figure 10: IPv4 Configuration 35

Figure 11: IPv6 Configuration 36

Figure 12: RADIUS Settings 38

Figure 13: SNTP Settings 39

Figure 14: Setting the VLAN Identity 41

Figure 15: System Log Settings 42

Figure 16: System Resource 44

Figure 17: Spanning Tree Protocol 46

Figure 18: Bridge Configuration 48

Figure 19: Remote Management 50

Figure 20: Access Limitation 51

Figure 21: SNMP Basic Settings 53

Figure 22: SNMP Trap Settings 54

Figure 23: SNMP VACM 55

Figure 24: Configuring SNMPv3 Users 56

Figure 25: SNMPv3 Targets 58

Figure 26: SNMP Notification Filter 58

Figure 27: Local Bridge Filter 60

Figure 28: LLDP Settings 61

Figure 29: Source ACLs 63

– 12 –

Figures

Figure 30: Destination ACLs 64

Figure 31: Ethernet Type Filter 65

Figure 32: Link Integrity 66

Figure 33: Local Authentication 68

Figure 34: RADIUS Authentication 69

Figure 35: Band Steering 70

Figure 36: Radio Settings 71

Figure 37: VAP Settings 76

Figure 38: VAP Basic Settings 77

Figure 39: WDS-STA Mode 78

Figure 40: Configuring VAPs - Security Settings 79

Figure 41: WEP Configuration 81

Figure 42: QoS Settings 82

Figure 43: QoS Template Setting 83

Figure 44: Bandwidth Settings 84

Figure 45: Rogue AP Detection 85

Figure 46: WMM Backoff Wait Times 88

Figure 47: QoS 88

Figure 48: Firmware 92

Figure 49: Running Configuration File 93

Figure 50: Resetting the Access Point 95

Figure 51: Reboot Schedule — Fixed Time 95

Figure 52: Reboot Schedule — Countdown Time 96

Figure 53: AP System Configuration 98

Figure 54: AP Wireless Configuration 100

Figure 55: Station Status 101

Figure 56: Station Statistics 102

Figure 57: Event Logs 103

Figure 58: WDS Status 104

– 13 –

Tables

Table 1: Logging Levels 43

Table 2: WMM Access Categories 87

Table 3: Command Modes 113

Table 4: General Commands 115

Table 5: System Management Commands 119

Table 6: Country Codes 120

Table 7: System Management Commands 139

Table 8: Logging Levels 141

Table 9: System Clock Commands 144

Table 10: DHCP Relay Commands 149

Table 11: SNMP Commands 151

Table 12: Flash/File Commands 164

Table 13: RADIUS Client Commands 167

Table 14: 802.1x Authentication 173

Table 15: MAC Address Authentication 175

Table 16: Filtering Commands 179

Table 17: Spanning Tree Commands 185

Table 18: WDS Bridge Commands 197

Table 19: Ethernet Interface Commands 199

Table 20: Wireless Interface Commands 206

Table 21: Wireless Security Commands 234

Table 22: Rogue AP Detection Commands 243

Table 23: Link Integrity Commands 249

Table 24: Link Layer Discovery Commands 252

Table 25: VLAN Commands 256

Table 26: WMM Commands 260

Table 27: AP Parameters 262

Table 28: BSS Parameters 263

Table 29: QoS Commands 265

– 14 –

Tabl es

Table 30: Troubleshooting Chart 274

– 15 –

Tabl es

– 16 –

Section I

Getting Started

This section provides an overview of the access point, and introduces some basic
concepts about wireless networking. It also describes the basic settings required to
access the management interface.

This section includes these chapters:

◆ “Introduction” on page 18

◆ “Initial Configuration” on page 24

– 17 –

1 Introduction

The access point (AP) runs software that includes a network management agent.
The agent offers a variety of management options, including SNMP and a web­based interface. A PC may also be connected directly to the AP’s console port for
configuration using a command line interface (CLI).

Configuration Options

The AP’s HTTP web agent allows you to configure AP parameters, monitor wireless
connections, and display statistics using a standard web browser such as Internet
Explorer 6.x or above, and Mozilla Firefox 3.6.2/4/5. The AP’s web management
interface can be accessed from any computer attached to the network.

The CLI program can be accessed by a direct connection to the RS-232 serial
console port on the AP, or remotely by a Telnet or Secure Shell (SSH) connection
over the network.

The AP’s management agent also supports SNMP (Simple Network Management
Protocol). This SNMP agent permits the AP to be managed from any computer in
the network using network management software.

The AP’s web interface, console interface, and SNMP agent allow you to perform
management functions such as:

◆ Set management access user names and passwords

◆ Configure IP settings

◆ Configure SNMP parameters

◆ Configure 2.4 GHz and 5 GHz radio settings

◆ Control access through wireless security settings

◆ Filter packets using Access Control Lists (ACLs)

◆ Upload and download system firmware or configuration files

◆ Display system information and statistics

– 18 –

Chapter 1

Console Port Connection

| Introduction

Console Port Connection

The AP provides an RS-232 serial console port that enables a connection to a PC or
terminal for monitoring and configuring the AP. A null-modem console cable is
provided with the AP.

Attach a VT100-compatible terminal, or a PC running a terminal emulation program
to the AP. You can use the console cable provided with this package, or use a null­modem cable that complies with the wiring assignments shown in the Installation
Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC running

terminal emulation software, and tighten the captive retaining screws on the
DB-9 connector.

2. Connect the other end of the cable to the console port on the AP.

3. Make sure the terminal emulation software is set as follows:

■

Select the appropriate serial port (COM port 1 or COM port 2).

■

Set the baud rate to 115200 bps.

■

Set the data format to 8 data bits, 1 stop bit, and no parity.

■

Set flow control to none.

■

Set the emulation mode to VT100.

■

When using HyperTerminal, select Terminal keys, not Windows keys.

Note:

Once you have set up the terminal correctly, the console login screen will be

displayed.

For a description of how to use the CLI, see “Using the Command Line Interface” on

page 109. For a list of all the CLI commands, refer to “Index of CLI Commands” on
page 276.

Console Login Access to the CLI is controlled by user names and passwords. The AP has a default

user name and password. To log into the CLI using the default user name and
password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access

Verification” procedure starts.

– 19 –

Network Connections

Chapter 1

| Introduction

Network Connections

2. At the login prompt, enter “admin.”

3. At the Password prompt, press <Enter>. There is no default password.

4. The session is opened and the CLI displays the “SMC#” prompt indicating you

have access to the CLI commands.

Example

(none) login: admin
Password:
Jan 1 11:33:13 login[1918]: root login on 'ttyS0'

SMC#

Prior to accessing the AP’s management agent through a network connection, you
must first configure it with a valid IP address, subnet mask, and default gateway
using a console connection, or the DHCP protocol.

The AP has a static default management IPv4 address of 192.168.1.10 and a subnet
mask of 255.255.255.0.

Once the AP’s IP settings are configured for the network, you can access the AP’s
management agent from anywhere within the attached network. The
management agent can be accessed using Telnet from any computer attached to
the network. The AP can also be managed by any computer using a web browser,
or from a network computer using SNMP network management software.

Connecting to the Web Interface

The AP offers a user-friendly web-based management interface for the
configuration of all the unit’s features. Any PC directly attached to the unit can
access the management interface using a web browser, such as Internet Explorer
(version 6.x or above) or Firefox (version 2.x or above).

You may want to make initial configuration changes by connecting a PC directly to
the AP’s LAN port. The AP has a default management IP address of 192.168.1.10 and
a subnet mask of 255.255.255.0. You must set your PC IP address to be on the same
subnet as the AP (that is, the PC and AP addresses must both start 192.168.1.x).

To access the AP’s web management interface, follow these steps:

1. Use your web browser to connect to the management interface using the

default IP address of 192.168.1.10.

– 20 –

Chapter 1

Connecting to the Web Interface

| Introduction

2. Log into the interface by entering the default username “admin” with no

Note:

the first time you access the web interface. For information on changing user
names and passwords, See “Administration Settings” on page 34.

Figure 1: Login Page

password, then click Login.

It is strongly recommended to change the default user name and password

Home Page and Main

Menu

After logging in to the web interface, the home page displays. The home page
shows some basic settings for the AP, including Country Code and the
management access password.

Figure 2: The Home Page

The web interface Main Menu menu provides access to all the configuration
settings available for the AP.

– 21 –

Chapter 1

Connecting to the Web Interface

| Introduction

To configure settings, click the relevant Main Menu item. Each Main Menu item is
sumarized below with links to the relevant section in this guide where
configuration parameters are described in detail:

◆ System — Configures Management IP, WAN, LAN and QoS settings. See

“System Settings” on page 33.

◆ Administration — Configures HTTP, Telnet, and SSH access settings. See

“Management Settings” on page 49.

◆ Advanced — Confiures LLDP and Access Control Lists. See “Advanced Settings”

on page 60.

◆ Wireless — Configures AP radio settings. See “Wireless Settings” on page 67.

◆ SNMP — Configures SNMP settings. See “Management Settings” on page 49.

◆ Maintentance — Enables firmware upgrades and resets the AP. See

“Maintenance Settings” on page 91.

Common Web Page

Buttons

◆ Information — Displays current system settings. See “Status Information” on

page 97.

The list below describes the common buttons found on most web management
pages:

◆ Set – Applies the new parameters and saves them to temporary RAM memory.

Also displays a screen to inform you when it has taken affect. Clicking ‘OK’
returns to the home page. The running configuration will not be saved upon a
reboot unless you use the “Save Config” button.

Figure 3: Set Configuration Changes

◆ Cancel – Cancels the newly entered settings and restores the originals.

◆ Help – Displays the help window.

– 22 –

Chapter 1

Connecting to the Web Interface

| Introduction

Figure 4: Help Menu

◆ Logout – Ends the web management session.

◆ Save Config – Saves the current configuration so that it is retained after a

restart.

– 23 –

2 Initial Configuration

The AP’s initial configuration steps can be made through the CLI or web browser
interface. If the AP is not configured with an IP address that is compatible with your
network. You can first use the command line interface (CLI) as described below to
configure a valid IP address.

CLI Initial Configuration Steps

First connect to the AP’s console port and log in to the CLI, as described in “Console

Port Connection” on page 19. Then proceed with the required configuration.

Setting an IP Address If the default IP address is not compatible with your network or a DHCP server is not

available, the AP’s IP address must be configured manually using the CLI.

Type “configure” to enter configuration mode, then type “interface ethernet” to
access the Ethernet interface-configuration mode.

SMC#configure
SMC(config)#interface ethernet
SMC(config-if)#

First type “no ip dhcp” to disable DHCP client mode. Then type “ip address ip­address netmask gateway,” where “ip-address” is the access point’s IP address,

“netmask” is the network mask for the network, and “gateway” is the default
gateway router. Check with your system administrator to obtain an IP address that
is compatible with your network.

SMC(if-ethernet)#no ip dhcp
SMC(if-ethernet)#ip address 192.168.2.2 255.255.255.0 192.168.2.254
SMC(if-ethernet)#

After configuring the access point’s IP parameters, you can access the management
interface from anywhere within the attached network. The command line interface
can also be accessed using Telnet from any computer attached to the network.

Note:

Command examples shown later in this manual abbreviate the console

prompt to “AP” for simplicity.

– 24 –

Chapter 2

CLI Initial Configuration Steps

| Initial Configuration

Setting a Password If you are logging in to the CLI for the fist time, you should define management

access passwords for an administrator and guest (used for CLI and web
management), record them, and then keep them in a safe place.

Note:

If you loose your management access passwords, you will need to use the

Reset button on the AP to set the configuration back to factory default values.

Passwords can consist of 5 to 32 alphanumeric characters and are case sensitive. To
prevent unauthorized access to the AP, set the passwords as follows:

Open the console interface to access the CLI prompt. Type “configure” and press
<Enter>. Type “password admin null password,” w he re “null” is the default old
password, and “password” is your new password. Press <Enter>.

Example

Setting the Country

Code

AP#configure
AP(config)#password admin null tpschris
AP(config)#

You must set the country code of the AP to be sure that the radios operate
according to permitted local regulations. That is, setting the country code restricts
operation of the AP to the radio channels and transmit power levels permitted for
wireless networks in the specified country.

Caution:

You must set the country code to the country of operation. Setting the
country code ensures that the radios operate within the local regulations specified
for wireless networks.

Note:

The country code selection is for non-US models only and is not available to
all US models. Per FCC regulation, all Wi-Fi products marketed in the US must be
fixed to US operation channels only.

From the CLI prompt, type “country ?” to display the list of country codes. Select the
code for your country, and enter the command again, following by your country
code (for example., “tw” for Taiwan).

Example

AP#country ?
WORD Country code:
AL-ALBANIA, DZ-ALGERIA, AR-ARGENTINA, AM-ARMENIA, AU-AUSTRALIA,
AT-AUSTRIA, AZ-AZERBAIJAN,
BH-BAHRAIN, BY-BELARUS, BE-BELGIUM, BZ-BELIZE, BO-BOLIVIA,

– 25 –

Chapter 2

| Initial Configuration

Web Quick Start

BA-BOSNIA, BR-BRAZIL, BN-BRUNEI_DARUSSALAM, BG-BULGARIA,
CA-CANADA, CL-CHILE, CN-CHINA, CO-COLOMBIA, CR-COSTA_RICA,
HR-CROATIA, CY-CYPRUS, CZ-CZECH_REPUBLIC, DK-DENMARK,
DK-DENMARK, DO-DOMINICAN_REPUBLIC,
EC-ECUADOR, EG-EGYPT, EE-ESTONIA,
FI-FINLAND, FO-FAROE_ISLANDS, FR-FRANCE, F2-FRANCE2,
GE-GEORGIA, DE-GERMANY, GR-GREECE, GT-GUATEMALA,
HK-HONG_KONG, HN-HONDURAS, HU-HUNGARY,
IS-ICELAND, IN-INDIA, ID-INDONESIA, IR-IRAN, IQ-IRAQ, IE-IRELAND,
IL-ISRAEL, IT-ITALY,
JM-JAMAICA, JP0-JAPAN0, JP3-JAPAN3(including 4.9G channels), JO-JORDAN,
KE-KENYA, KZ-KAZAKHSTAN, KP-NORTH KOREA, KR-KOREA_REPUBLIC,
K2-KOREA_REPUBLIC2(including 2.3G channels),
K3-KOREA_REPUBLIC3(more channels in 5G), KW-KUWAIT,
LV-LATVIA, LB-LEBANON, LI-LIECHTENSTEIN, LT-LITHUANIA,
LU-LUXEMBOURG, LY-LIBYA, MO-MACAU,
MO-MACAU, MK-MACEDONIA, MY-MALAYSIA, MT-MALTA, MX-MEXICO,
MC-MONACO, MA-MOROCCO,
NL-NETHERLANDS, AN-NETHERLANDS-ANTELLIS, NZ-NEW_ZEALAND,
NI-NICARGUA, NO-NORWAY,
OM-OMAN,
PK-PAKISTAN, PA-PANAMA, PY-PARAGUAY, PE-PERU, PH-PHILIPPINES,
PL-POLAND, PT-PORTUGAL, PR-PUERTO_RICO,
QA-QATAR,
RO-ROMANIA, RU-RUSSIA,
SA-SAUDI_ARABIA, RS_ME-SERBIA & MONTENEGRO, SG-SINGAPORE, SI-SLOVENIA,
SK-SLOVAK_REPUBLIC, SV-EL SALVADOR, ZA-SOUTH_AFRICA, ES-SPAIN,
LK-SRILANKA, SE-SWEDEN, CH-SWITZERLAND, SY-SYRIA,
TW-TAIWAN, TH-THAILAND, TT-TRINIDAD & TOBAGO, TN-TUNISIA, TR-TURKEY,
AE-UNITED_ARAB_EMIRATES, GB-UNITED_KINGDOM, UA-UKRAINE,
US-UNITED_STATES, PS-UNITED_STATES(PUBLIC SAFETY), UY-URUGUAY,
UZ-UZBEKISTAN,
VE-VENEZUELA, VN-VIETNAM, YE-YEMEN,
ZW-ZIMBABWE
AP# country tw
AP#

Web Quick Start

Step 1 The first page of the Quick Start configures the system identification, access

The web interface Quick Start menu is designed to help you configure the basic
settings required to get the AP up and running.

Click “System’” followed by “Quick Start’”

password, and the Country Code.

– 26 –

Chapter 2

Web Quick Start

| Initial Configuration

Figure 5: Quick Start - Step 1

The following items are displayed on the first page of the Quick Start wizard:

Identification

◆ System Name — The name assigned to the access point.

(Default: WAP5110)

Change Password

◆ Username/Guest Username — The name of the user is fixed as either “admin”

or “guest” and is not configurable.

◆ Old Password — If the unit has been configured with a password already,

enter that password, otherwise enter the default password “null.”

◆ New Password — The password for management access.

(Length: 5-32 characters, case sensitive)

◆ Confirm New Password — Enter the password again for verification.

Country Code

◆ Country Code — Configures the access point’s country code from a drop down

menu, which identifies the country of operation and sets the authorized radio
channels.

– 27 –

Chapter 2

| Initial Configuration

Web Quick Start

Caution:

You must set the country code to the country of operation. Setting the
country code restricts operation of the access point to the radio channels and
transmit power levels permitted for wireless networks in the specified country.

◆ Cancel — Cancels the newly entered settings and restores the orignals.

◆ Next — Proceeds to the next page.

Step 2 The second page of the Quick Start configures IP settings and DHCP client status.

Figure 6: Quick Start - Step 2

The following items are displayed on this page:

DHCP

◆ DHCP Status — Enables/disables DHCP on the access point. (Default: Disabled)

◆ IP Address — Specifies an IP address for the access point. Valid IP addresses

consist of four decimal numbers, 0 to 255, separated by periods. (Default:

192.168.2.10.)

◆ Subnet Mask — Indicates the local subnet mask. Select the desired mask from

the drop down menu. (Default: 255.255.255.0)

◆ Default Gateway — The default gateway is the IP address of the router for the

access point, which is used if the requested destination address is not on the
local subnet. (Default: 192.168.2.254)

If you have DNS, RADIUS, or other network servers located on another subnet,
type the IP address of the default gateway router in the text field provided.

– 28 –

Chapter 2

Web Quick Start

| Initial Configuration

◆ Primary and Secondary DNS Address — The IP address of Domain Name

Servers on the network. A DNS maps numerical IP addresses to domain names
and can be used to identify network hosts by familiar names instead of the IP
addresses. (The default Primary and Secondary DNS addresses are null values.)

◆ Management IP — The IPv4 address of the AP through which you can access

management interfaces.

■

Management IP Address — Specifies an IPv4 address for management of
the access point. (Default: 192.168.1.10.)

■

Management Subnet Mask — Indicates the local subnet mask.
(Default: 255.255.255.0)

◆ Prev — Returns to the previous screen.

◆ Cancel — Cancels the newly entered settings and restores the orignals.

◆ Next — Proceeds to the final step in the Quick Start wizard.

Step 3 The Step 3 page of the Quick Start configures basic radio and wireless security

settings.

Figure 7: Quick Start - Step 3

The following items are displayed on this page:

Basic Setting

◆ SSID — The name of the basic service set provided by the primary VAP

interface. Clients that want to connect to the network through the AP must set
their SSID to the same as that of a VAP interface.
(Default: EAP9112A_11BGN_0; Range: 1-32 characters)

– 29 –

Chapter 2

| Initial Configuration

Web Quick Start

Security

◆ Association Mode — Defines the mode with which the VAP will associate with

clients. (For more information on security modes, see “Wireless Security

Settings” on page 79.)

■

Open System: The VAP is configured by default as an “open system,” which
broadcasts a beacon signal including the configured SSID. Wireless clients
with an SSID setting of “any” can read the SSID from the beacon and
automatically set their SSID to allow immediate connection.

■

WPA: WPA employs a combination of several technologies to provide an
enhanced security solution for 802.11 wireless networks.

■

WPA-PSK: For enterprise deployment, WPA requires a RADIUS
authentication server to be configured on the wired network. However, for
small office networks that may not have the resources to configure and
maintain a RADIUS server, WPA provides a simple operating mode that uses
just a pre-shared password for network access. The Pre-Shared Key mode
uses a common password for user authentication that is manually entered
on the access point and all wireless clients. The PSK mode uses the same
TKIP packet encryption and key management as WPA in the enterprise,
providing a robust and manageable alternative for small networks.

■

WPA2: WPA was introduced as an interim solution for the vulnerability of
WEP pending the ratification of the IEEE 802.11i wireless security standard.
In effect, the WPA security features are a subset of the 802.11i standard.
WPA2 includes the now ratified 802.11i standard, but also offers backward
compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK
modes of operation and support for TKIP encryption.

■

WPA2-PSK: Clients using WPA2 with a Pre-shared Key are accepted for
authentication.

■

WPA-WPA2 Mixed: Clients using WPA or WPA2 are accepted for
authentication.

■

WPA-WPA2-PSK-mixed: Clients using WPA or WPA2 with a Pre-shared Key
are accepted for authentication.

◆ Encryption Method — Selects an encryption method for the global key used

for multicast and broadcast traffic, which is supported by all wireless clients.

■

WEP: WEP is used as the multicast encryption cipher. You should select
WEP only when both WPA and WEP clients are supported.

■

TKIP: TKIP is used as the multicast encryption cipher.

■

AES-CCMP: AES-CCMP is used as the multicast encryption cipher. AES­CCMP is the standard encryption cipher required for WPA2.

– 30 –

Chapter 2

Web Quick Start

| Initial Configuration

Authentication

◆ 802.1X — The access point supports 802.1X authentication only for clients

initiating the 802.1X authentication process (i.e., the access point does not
initiate 802.1X authentication). For clients initiating 802.1X, only those
successfully authenticated are allowed to access the network. For those clients
not initiating 802.1X, access to the network is allowed after successful wireless
association with the access point. The 802.1X mode allows access for clients not
using WPA or WPA2 security.

◆ Pre-Authentication — When using WPA2 over 802.1X, pre-authentication can

be enabled, which allows clients to roam to a new access point and be quickly
associated without performing full 802.1X authentication. (Default: Disabled)

◆ 802.1x Reauthentication Time — The time period after which a connected

client must be re-authenticated. During the re-authentication process of
verifying the client’s credentials on the RADIUS server, the client remains
connected the network. Only if re-authentication fails is network access
blocked. (Range: 0-65535 seconds; Default: 0 means disabled)

Note:

When 802.1X is enabled, be sure to configure RADIUS server details. For

more information, see “RADIUS Settings” on page 37.

Step 4 When you have clicked “Set” after Step 3, the AP saves the Quick Start configuration

settings. Click “OK” to confirm that the Quick Start is complete.

Figure 8: Quick Start - Step 4

– 31 –

Section II

Web Configuration

This section provides details on configuring the access point using the web
browser interface.

This section includes these chapters:

◆ “System Settings” on page 33

◆ “Management Settings” on page 49

◆ “Advanced Settings” on page 60

◆ “Wireless Settings” on page 67

◆ “Maintenance Settings” on page 91

◆ “Status Information” on page 97

– 32 –

3 System Settings

This chapter describes basic system settings on the access point. It includes the
following sections:

◆ “Administration Settings” on page 34

◆ “IPv4 Address” on page 35

◆ “IPv6 Address” on page 36

◆ “RADIUS Settings” on page 37

◆ “System Time” on page 39

◆ “VLAN Configuration” on page 40

◆ “System Logs” on page 42

◆ “Quick Start Wizard” on page 43

◆ “System Resource” on page 44

◆ “Bridge STP Configuration” on page 45

– 33 –

Chapter 3

Administration Settings

| System Settings

Administration Settings

The Administration Settings page configures some basic settings for the AP, such as
the system identification name, the management access passwords, and the
wireless operation Country Code.

Figure 9: Administration

The following items are displayed on this page:

◆ System Name — An alias for the AP, enabling the device to be uniquely

identified on the network. (Default: WAP5110; Range: 1-32 characters)

◆ Username/Guest Username — The name of the user is fixed as either “admin”

or “guest” and is not configurable.

◆ Old Password — Type your current password.

◆ New Password — The password for management access.

(Length: 5-32 characters, case sensitive)

◆ Confirm New Password — Enter the password again for verification.

◆ Country Code — Configures the AP’s country code, which identifies the

country of operation and sets the authorized radio channels.

– 34 –

Chapter 3

| System Settings

IPv4 Address

IPv4 Address

Caution:

You must set the country code to the country of operation. Setting the
country code restricts operation of the AP to the radio channels and transmit
power levels permitted for wireless networks in the specified country.

Configuring the AP with an IPv4 address expands your ability to manage the AP. A
number of the AP’s features depend on IPv4 addressing to operate.

You can use the web browser interface to access IPv4 addressing only if the access
point already has an IPv4 address that is reachable through your network.

By default, the AP will be not be automatically configured with IPv4 settings from a
Dynamic Host Configuration Protocol (DHCP) server. The default IPv4 address for
management access is 192.168.1.10, with a subnet mask 255.255.255.0.

Figure 10: IPv4 Configuration

The following items are displayed on this page:

◆ DHCP Status — Enables/disables DHCP on the access point.

◆ IP Address — Specifies an IP address for the access point. Valid IP addresses

consist of four decimal numbers, 0 to 255, separated by periods. (Default:

192.168.2.10.)

◆ Subnet Mask — Indicates the local subnet mask. (Default: 255.255.255.0)

◆ Default Gateway — The default gateway is the IP address of the router for the

access point, which is used if the requested destination address is not on the
local subnet.

– 35 –

Chapter 3

IPv6 Address

| System Settings

If you have management stations, DNS, RADIUS, or other network servers
located on another subnet, type the IP address of the default gateway router in
the text field provided.

◆ Primary and Secondary DNS Address — The IP address of Domain Name

Servers on the network. A DNS maps numerical IP addresses to domain names
and can be used to identify network hosts by familiar names instead of the IP
addresses.

If you have one or more DNS servers located on the local network, type the IP
addresses in the text fields provided.

◆ Management IP — The IPv4 address of the AP through which you can access

management interfaces.

■

Management IP Address — Specifies an IPv4 address for management of
the access point. (Default: 192.168.1.10.)

IPv6 Address

■

Management Subnet Mask — Indicates the local subnet mask.
(Default: 255.255.255.0)

This section describes how to configure an IPv6 interface for management access
over the network. This AP supports both IPv4 and IPv6, and can be managed
through either of these address types.

By default, the AP will be not be automatically configured with IPv6 settings from a
DHCPv6 server. The default IPv6 address is 2001:db8::1, subnet mask 64 and a
default gateway of 2001:db8::2.

Figure 11: IPv6 Configuration

– 36 –

Chapter 3

| System Settings

RADIUS Settings

The following items are displayed on this page:

◆ DHCP Status — Enables/disables DHCPv6 on the access point.

◆ IP Address — Specifies an IPv6 address for management of the access point.

(Default: 2001:db8::1)

◆ Subnet Mask — Indicates the local subnet mask. (Default: 64)

◆ Default Gateway — The default gateway is the IPv6 address of the router for

the access point, which is used if the requested destination address is not on
the local subnet.

If you have management stations, DNS, RADIUS, or other network servers
located on another subnet, type the IPv6 address of the default gateway router
in the text field provided.

◆ Primary and Secondary DNS Address — The IPv6 address of Domain Name

Servers on the network. A DNS maps numerical IPv6 addresses to domain
names and can be used to identify network hosts by familiar names instead of
the IPv6 addresses.

RADIUS Settings

Primary and

Secondary RADIUS

Server Setup

If you have one or more DNS servers located on the local network, type the IPv6
addresses in the text fields provided.

Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol
that uses software running on a central server to control access to RADIUS-aware
devices on the network. An authentication server contains a database of user
credentials for each user that requires access to the network.

A primary RADIUS server must be specified for the access point to implement IEEE

802.1X network access control and Wi-Fi Protected Access (WPA) wireless security.
A secondary RADIUS server may also be specified as a backup should the primary
server fail or become inaccessible.

In addition, you can configure a RADIUS Accounting server to receive user-session
accounting information from the access point. RADIUS Accounting can be used to
provide valuable information on user activity in the network.

This guide assumes that you have already configured RADIUS server(s) to support
the access point. Configuration of RADIUS server software is beyond the scope of
this guide, refer to the documentation provided with the RADIUS server software.

– 37 –

Chapter 3

RADIUS Settings

| System Settings

Figure 12: RADIUS Settings

The following items are displayed on the RADIUS Settings page:

◆ RADIUS Status — Enables/disables the primary RADIUS server.

◆ IP Address — Specifies the IP address or host name of the RADIUS server.

◆ Port (1024-65535) — The UDP port number used by the RADIUS server for

authentication messages. (Range: 1024-65535; Default: 1812)

◆ Key — A shared text string used to encrypt messages between the access point

and the RADIUS server. Be sure that the same text string is specified on the
RADIUS server. Do not use blank spaces in the string. (Maximum length: 255
characters)

RADIUS Accounting The following items are displayed on the RADIUS Settings page:

◆ Account Status — Enables/disables RADIUS accounting.

◆ IP Address — Specifies the IP address or host name of the RADIUS accounting

server.

– 38 –

System Time

Chapter 3

◆ Port (1024-65535) — The UDP port number used by the RADIUS accounting

| System Settings

System Time

server for authentication messages. (Range: 1024-65535; Default: 1813)

◆ Key — A shared text string used to encrypt messages between the access point

and the RADIUS accounting server. Be sure that the same text string is specified
on the RADIUS server. Do not use blank spaces in the string. (Maximum length:
255 characters)

◆ Interim Update Timeout (60-86400) — The interval between transmitting

accounting updates to the RADIUS server. (Range: 60-86400; Default: 300
seconds)

Simple Network Time Protocol (SNTP) allows the access point to set its internal
clock based on periodic updates from a time server (SNTP or NTP). Maintaining an
accurate time on the access point enables the system log to record meaningful
dates and times for event entries. If the clock is not set, the access point will only
record the time from the factory default set at the last bootup.

The access point acts as an SNTP client, periodically sending time synchronization
requests to specific time servers. You can configure up to two time server IP
addresses. The access point will attempt to poll each server in the configured
sequence.

Figure 13: SNTP Settings

– 39 –

Chapter 3

VLAN Configuration

| System Settings

SNTP Server Settings Configures the access point to operate as an SNTP client. When enabled, at least

one time server IP address must be specified.

◆ SNTP Status — Enables/disables SNTP. (Default: enabled)

◆ Primary Server — The IP address of an SNTP or NTP time server that the access

point attempts to poll for a time update.

◆ Secondary Server — The IP address of a secondary SNTP or NTP time server.

The access point first attempts to update the time from the primary server; if
this fails it attempts an update from the secondary server.

Time Zone Setting SNTP uses Greenwich Mean Time, or GMT (sometimes referred to as Coordinated

Universal Time, or UTC) based on the time at the Earth’s prime meridian, zero
degrees longitude. To display a time corresponding to your local time, you must
indicate the number of hours your time zone is located before (east) or after (west)
GMT.

Daylight Saving

Settings

VLAN Configuration

◆ Time Zone — Select from the scroll down list the locale you are situated most

close to, for example for New York, select ‘(GMT-05) Eastern Time (US & Canada)’.

The access point provides a way to automatically adjust the system clock for
Daylight Savings Time changes. To use this feature you must define the month and
date to begin and to end the change from standard time. During this period the
system clock is set back by one hour.

◆ Daylight Saving Status — Enalbes/disables daylight savings time. (Default:

disabled)

When enabled, set the month, day, and week to start and stop the daylight
savings time.

VLANs (virtual local area networks) are turned off by default when first installing the
access point. If turned on they will automatically tag any packets received by the
LAN port before sending them on to the relevant VAP (virtual access point).

The access point can employ VLAN tagging support to control access to network
resources and increase security. VLANs separate traffic passing between the access
point, associated clients, and the wired network. There can be a default VLAN for
each VAP (Virtual Access Point) interface, and a management VLAN for the access
point.

– 40 –

Chapter 3

| System Settings

VLAN Configuration

Note the following points about the access point’s VLAN support:

◆ The management VLAN is for managing the access point through remote

management tools, such as the web interface, SSH, SNMP, or Telnet. The access
point only accepts management traffic that is tagged with the specified
management VLAN ID.

◆ All wireless clients associated to the access point are assigned to a VLAN.

Wireless clients are assigned to the default VLAN for the VAP interface with
which they are associated. The access point only allows traffic tagged with
default VLAN IDs to access clients associated on each VAP interface.

◆ When VLAN support is enabled on the access point, traffic passed to the wired

network is tagged with the appropriate VLAN ID, either a VAP default VLAN ID,
or the management VLAN ID. Traffic received from the wired network must also
be tagged with one of these known VLAN IDs. Received traffic that has an
unknown VLAN ID or no VLAN tag is dropped.

◆ When VLAN support is disabled, the access point does not tag traffic passed to

the wired network and ignores the VLAN tags on any received frames.

Note:

Before enabling VLAN tagging on the access point, be sure to configure the
attached network switch port to support tagged VLAN frames from the access
point’s management VLAN ID and default VLAN IDs. Otherwise, connectivity to the
access point will be lost when you enable the VLAN feature.

Figure 14: Setting the VLAN Identity

The following items are displayed on this page:

◆ VLAN Classification — Enables VLAN packet tagging. (Default: disabled)

◆ Management VLAN ID — The VLAN ID that traffic must have to be able to

manage the access point. (Range 1-4094; Default: 4093)

◆ Native VLAN ID — The VLAN ID assigned to untagged packets received by the

LAN port. (Range: 1-4094; Default: 1)

– 41 –

Chapter 3

System Logs

| System Settings

System Logs

The access point can be configured to send event and error messages to a System
Log Server. The system clock can also be synchronized with a time server, so that all
the messages sent to the Syslog server are stamped with the correct time and date.

Figure 15: System Log Settings

The following items are displayed on this page:

◆ Syslog Status — Enables/disables the logging of error messages. (Default:

enabled)

◆ Server 1~4 — Enables the sending of log messages to a Syslog server host. Up

to four Syslog servers are supported on the access point. (Default: disabled)

◆ IP — The IP address or name of a Syslog server. (Server 1 Default: 10.7.16.98;

Server 2 Default: 10.7.13.48; Server 3 Default: 10.7.123.123; Server 4 Default:

10.7.13.77)

◆ UDP Port — The UDP port used by a Syslog server. (Range: 514 or 11024-

65535; Server 1~2 Default: 514; Server 3 Default: 6553; Server 4 Default: 5432)

◆ Logging Console — Enables the logging of error messages to the console.

(Default: disabled)

– 42 –

Chapter 3

◆ Logging Level — Sets the minimum severity level for event logging. (Default:

| System Settings

Quick Start Wizard

Debug)

The system allows you to limit the messages that are logged by specifying a
minimum severity level. The following table lists the error message levels from
the most severe (Emergency) to least severe (Debug). The message levels that
are logged include the specified minimum level up to the Emergency level.

Table 1: Logging Levels

Error Level Description

Emergency System unusable

Alerts Immediate action needed

Quick Start Wizard

Critical Critical conditions (e.g., memory allocation, or free memory error -

resource exhausted)

Error Error conditions (e.g., invalid input, default used)

Warning Warning conditions (e.g., return false, unexpected return)

Notice Normal but significant condition, such as cold start

Informational Informational messages only

Debug Debugging messages

The Quick Start menu item is described in the preceding chapter, see “Web Quick

Start” on page 26.

– 43 –

Chapter 3

System Resource

| System Settings

System Resource

The System Resource page displays information on the AP’s current CPU and
memory utilization. This page also allows you to set thresholds for the CPU and
memory usage, where an SNMP trap can be sent as an alert.

Figure 16: System Resource

The following items are displayed on this page:

◆ CPU Rising Threshold — A high CPU utilization percentage above which a

“CPU Busy” SNMP trap message is sent (only sent once). (Range: 1-100 percent,
0 is disabled; Default: 0)

◆ CPU Falling Threshold — A low CPU utilization percentage below which a

“CPU Free” SNMP trap message is sent once the Rising Threshold has been
exceeded. (Range: 0 to less than the Rising Threshold; Default: 20)

◆ Memory Rising Threshold — A high memory utilization threshold in Kbytes

above which a “Memory Overload” SNMP trap message is sent (only sent once).
(Range: 1-113076 Kbytes, 0 is disabled; Default: 0)

◆ Memory Falling Threshold — A low memory utilization threshold in Kbytes

below which a “Memory Free” SNMP trap message is sent once the Rising
Threshold has been exceeded. (Range: 0 to less than the Rising Threshold;
Default: 16000 Kbytes)

◆ Threshold Interval — The interval in seconds between each CPU utilization

check. (Range: 1 to 86400 seconds, 0 is disabled; Default: 0)

◆ CPU Status — Displays detailed information on the current CPU utilization.

– 44 –

◆ Memory Status — Displays detailed information on the current memory

utilization.

Bridge STP Configuration

The Bridge menu enables configuration of the Spanning Tree Protocol (STP) and
the address table aging time.

Chapter 3

| System Settings

Bridge STP Configuration

Spanning Tree

Protocol (STP)

The Spanning Tree Protocol (STP) can be used to detect and disable network loops,
and to provide backup links between switches, bridges or routers. This allows the
wireless bridge to interact with other bridging devices (that is, an STP-compliant
switch, bridge or router) in your network to ensure that only one route exists
between any two stations on the network, and provide backup links which
automatically take over when a primary link goes down.

STP uses a distributed algorithm to select a bridging device (STP-compliant switch,
bridge or router) that serves as the root of the spanning tree network. It selects a
root port on each bridging device (except for the root device) which incurs the
lowest path cost when forwarding a packet from that device to the root device.
Then it selects a designated bridging device from each LAN which incurs the lowest
path cost when forwarding a packet from that LAN to the root device. All ports
connected to designated bridging devices are assigned as designated ports. After
determining the lowest cost spanning tree, it enables all root ports and designated
ports, and disables all other ports. Network packets are therefore only forwarded
between root ports and designated ports, eliminating any possible network loops.

Once a stable network topology has been established, all bridges listen for Hello
BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge
does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge
assumes that the link to the root bridge is down. This bridge will then initiate
negotiations with other bridges to reconfigure the network to reestablish a valid
network topology.

– 45 –

Chapter 3

Bridge STP Configuration

| System Settings

Figure 17: Spanning Tree Protocol

Bridge

Sets STP bridge link parameters.

The following items are displayed on the STP page:

◆ Spanning Tree Protcol — Enables/disables STP on the AP.

(Default: Disabled)

◆ Priority — Used in selecting the root device, root port, and designated port.

The device with the highest priority becomes the STP root device. However, if
all devices have the same priority, the device with the lowest MAC address will
then become the root device. (Note that lower numeric values indicate higher
priority.) (Default:32768; Range: 0-65535)

◆ Max Age — The maximum time (in seconds) a device can wait without

receiving a configuration message before attempting to reconfigure. All device
ports (except for designated ports) should receive configuration messages at
regular intervals. Any port that ages out STP information (provided in the last
configuration message) becomes the designated port for the attached LAN. If it
is a root port, a new root port is selected from among the device ports attached

– 46 –

Chapter 3

| System Settings

Bridge STP Configuration

to the network.
(Default: 20 seconds; Range: 6-40 seconds)

Minimum: The higher of 6 or [2 x (Hello Time + 1)].
Maximum: The lower of 40 or [2 x (Forward Delay - 1)]

◆ Hello Time — Interval (in seconds) at which the root device transmits a

configuration message. (Default: 2 seconds; Range: 1-10 seconds)
Minimum: 1
Maximum: The lower of 10 or [(Max. Message Age / 2) -1]

◆ Forwarding Delay — The maximum time (in seconds) this device waits before

changing states (i.e., discarding to learning to forwarding). This delay is
required because every device must receive information about topology
changes before it starts to forward frames. In addition, each port needs time to
listen for conflicting information that would make it return to a discarding
state; otherwise, temporary data loops might result. (Default: 15 seconds;
Range: 1-30 seconds)
Minimum: The higher of 1 or [(Max. Message Age / 2) + 1]
Maximum: 30

Ethernet Interface

Sets STP settings for the Ethernet port.

◆ Link Path Cost — This parameter is used by the STP to determine the best path

between devices. Therefore, lower values should be assigned to ports attached
to faster media, and higher values assigned to ports with slower media. (Path
cost takes precedence over port priority.) (Default: 4; Range: 1-65535)

◆ Link Port Priority — Defines the priority used for this port in the Spanning

Tree Protocol. If the path cost for all ports on a switch are the same, the port
with the highest priority (i.e., lowest value) will be configured as an active link in
the spanning tree. This makes a port with higher priority less likely to be
blocked if the Spanning Tree Protocol is detecting network loops. Where more
than one port is assigned the highest priority, the port with lowest numeric
identifier will be enabled. (Default: 32; Range: 0-63)

Wireless Interface

Sets STP settings for the radio interface.

◆ Index — Describes the VAP in question.

◆ Link Path Cost — This parameter is used by the STP to determine the best path

between devices. Therefore, lower values should be assigned to ports attached
to faster media, and higher values assigned to ports with slower media. (Path
cost takes precedence over port priority.) (Default: 19; Range: 1-65535.)

– 47 –

Chapter 3

Bridge STP Configuration

| System Settings

◆ Link Port Priority — Defines the priority used for this port in the Spanning

Tree Protocol. If the path cost for all ports on a switch are the same, the port
with the highest priority (i.e., lowest value) will be configured as an active link in
the spanning tree. This makes a port with higher priority less likely to be
blocked if the Spanning Tree Protocol is detecting network loops. Where more
than one port is assigned the highest priority, the port with lowest numeric
identifier will be enabled. (Default: 32; Range: 0-63)

Bridge Configuration Use the Bridge Configuration page to configure the aging time for the MAC address

table.

The AP stores the MAC addresses for all known devices. All the addresses learned by
monitoring traffic are stored in a dynamic address table. This information is used to
pass traffic directly between inbound and outbound interfaces.

Figure 18: Bridge Configuration

The following items are displayed on the STP page:

◆ mac aging time — The time after which a learned MAC address is discarded.

(Range: 10-1000000 seconds; Default: 300 seconds)

– 48 –

4 Management Settings

This chapter describes management access settings on the access point. It includes
the following sections:

◆ “Remote Management Settings” on page 49

◆ “Access Limitation” on page 51

◆ “Simple Network Management Protocol” on page 52

Remote Management Settings

The Web, Telnet, and SNMP management interfaces are enabled and open to all IP
addresses by default. To provide more security for management access to the
access point, specific interfaces can be disabled and management restricted to a
single IP address or a limited range of IP addresses.

Once you specify an IP address or range of addresses, access to management
interfaces is restricted to the specified addresses. If anyone tries to access a
management interface from an unauthorized address, the access point will reject
the connection.

Telnet is a remote management tool that can be used to configure the access point
from anywhere in the network. However, Telnet is not secure from hostile attacks.
The Secure Shell (SSH) can act as a secure replacement for Telnet. The SSH protocol
uses generated public keys to encrypt all data transfers passing between the access
point and SSH-enabled management station clients and ensures that data traveling
over the network arrives unaltered. Clients can then securely use the local user
name and password for access authentication.

Note that SSH client software needs to be installed on the management station to
access the access point for management via the SSH protocol.

Both HTTP and HTTPS service can be enabled independently. If you enable HTTPS,
you must indicate this in the URL: https://device:port_number]

When you start HTTPS, the connection is established in this way:

◆ The client authenticates the server using the server’s digital certificate.

◆ The client and server negotiate a set of security protocols to use for the

connection.

– 49 –

Chapter 4

Remote Management Settings

| Management Settings

◆ The client and server generate session keys for encrypting and decrypting data.

◆ The client and server establish a secure encrypted connection.

◆ A padlock icon should appear in the status bar for Internet Explorer.

Figure 19: Remote Management

The following items are displayed on Admin Interface page:

◆ Telnet Access — Enables/disables management access from Telnet interfaces.

(Default: enabled)

◆ Telnet Access Port — Sets the specified Telnet port for communication.

(Default: 23)

◆ SSH Server — Enables/disables management access from SSH Servers.

(Default: enabled)

◆ SSH Server Port — Sets the specified SSH Server port for communication.

(Default: 22)

◆ HTTP Access — Enables/disables management access from any IP address.

(Default: enabled)

◆ HTTP Timeout — Specifies the time after which the HTTP connection will be

lost with a period of inactivity. (Default: 1800 seconds; Range: 1-1800 seconds;
0=disabled)

– 50 –

Access Limitation

Chapter 4

◆ HTTP Port — Specifies the HTTP port for IP connectivity. (Default: 80; Range

| Management Settings

Access Limitation

1024-65535)

◆ HTTPS Server — Enables/disables management access from a HTTPS server.

(Default: enabled)

◆ HTTPS Port — Specifies the HTTPS port for secure IP connectivity. (Default:

443; Range 1024-65535)

◆ SNMP Access — Enables management access through SNMP. For more

information on SNMP access, see “Simple Network Management Protocol” on

page 52. (Default: enabled)

The Access Limitation page limits management access to the access point from
specified IP addresses or wireless clients.

Figure 20: Access Limitation

The following items are displayed on the Access Limitation page:

IP Management Control

◆ Any IP — Indicates that any IP address is allowed management access.

◆ Single IP — Specifies a single IP address that is allowed management access.

◆ Multiple IP — Specifies an address range as defined by the entered IP address

and subnet mask. For example, IP address 192.168.1.6 and subnet mask

255.255.255.0, defines all IP addresses from 192.168.1.1 to 192.168.1.254.

– 51 –

Chapter 4

Simple Network Management Protocol

| Management Settings

◆ IP Address — Specifies the IP address.

◆ Subnet Mask — Specifies the subnet mask in the form 255.255.255.x

Restrict Management

◆ Enable/Disable — Enables/disables management of the device by a wireless

client. (Default: disabled)

DHCP Filter

◆ Enable/Disable — Enables/disables the AP and wireless clients from obtaining

an IP address from a DHCP server installed on wireless client. (Default: disabled)

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is a communication protocol
designed specifically for managing devices on a network. Equipment commonly
managed with SNMP includes switches, routers and host computers. SNMP is
typically used to configure these devices for proper operation in a network
environment, as well as to monitor them to evaluate performance or detect
potential problems.

Managed devices supporting SNMP contain software, which runs locally on the
device and is referred to as an agent. A defined set of variables, known as managed
objects, is maintained by the SNMP agent and used to manage the device. These
objects are defined in a Management Information Base (MIB) that provides a
standard presentation of the information controlled by the agent. SNMP defines
both the format of the MIB specifications and the protocol used to access this
information over the network.

The access point includes an onboard agent that supports SNMP versions 1, 2c, and
3 clients. This agent continuously monitors the status of the access point, as well as
the traffic passing to and from wireless clients. A network management station can
access this information using SNMP management software that is compliant with
MIB II. To implement SNMP management, the access point must first have an IP
address and subnet mask, configured either manually or dynamically. Access to the
onboard agent using SNMP v1 and v2c is controlled by community strings. To
communicate with the access point, the management station must first submit a
valid community string for authentication.

Access to the access point using SNMP v3 provides additional security features that
cover message integrity, authentication, and encryption; as well as controlling
notifications that are sent to specified user targets.

SNMP Basic Settings The access point SNMP agent must be enabled to function (for versions 1, 2c, and 3

clients). Management access using SNMP v1 and v2c also requires community

– 52 –

Chapter 4

Simple Network Management Protocol

| Management Settings

strings to be configured for authentication. Trap notifications can be enabled and
sent to up to four management stations.

Figure 21: SNMP Basic Settings

The following items are displayed on this page:

◆ SNMP — Enables or disables SNMP management access and also enables the

access point to send SNMP traps (notifications). (Default: Disable)

◆ System Location — A text string that describes the system location.

(Maximum length: 255 characters)

◆ System Contact — A text string that describes the system contact. (Maximum

length: 255 characters)

◆ Read-Only Community — Defines the SNMP community access string that

has read-only access. Authorized management stations are only able to retrieve
MIB objects. (Maximum length: 23 characters, case sensitive; Default: public)

◆ Read-Write Community — Defines the SNMP community access string that

has read/write access. Authorized management stations are able to both
retrieve and modify MIB objects. (Maximum length: 23 characters, case
sensitive; Default: private)

– 53 –

Chapter 4

Simple Network Management Protocol

| Management Settings

SNMP Trap Settings Traps indicating status changes are issued by the AP to specified trap managers.

You must specify trap managers so that key events are reported by the AP to your
management station (using network management platforms).

Figure 22: SNMP Trap Settings

The following items are displayed on this page:

◆ Trap Destination — Specifies the recipient of SNMP notifications. Enter the IP

address or the host name. (Host Name: 1 to 63 characters, case sensitive)

◆ Community — The community string sent with the notification operation.

(Maximum length: 23 characters, case sensitive; Default: public)

◆ Action — Adds a new SNMP trap destination to the list.

◆ Trap Destination List — Lists the configured SNMP trap destinations.

◆ Trap Configuration — Enables or disables trap status.

■

sysSystemUp: The access point is up and running.

■

sysSystemDown: The access point is about to shutdown and reboot.

◆ Save Trap Config — Applies the new parameters and saves them to RAM

memory. Also prompts a screen to inform you when it has taken affect. Clicking
‘OK’ returns to the home page. Changes will not be saved upon a reboot unless
the running configuration file is saved.

– 54 –

Chapter 4

Simple Network Management Protocol

| Management Settings

View Access Control

Model

To configure SNMPv3 management access to the AP, follow these steps:

1. Specify read and write access views for the AP MIB tree.

2. Configure SNMP user groups with the required security model (that is, SNMP

v1, v2c, or v3) and security level (authentication and privacy).

3. Assign SNMP users to groups, along with their specific authentication and

privacy passwords.

Figure 23: SNMP VACM

Creating Views

SNMPv3 views are used to restrict user access to specified portions of the MIB tree.
The are no predefined views by default.

The following items are displayed on the VACM page.

◆ View Name – The name of the SNMP view. (Range: 1-32 characters)

◆ Typ e – Indicates if the object identifier of a branch within the MIB tree is

included or excluded from the SNMP view.

◆ OID – Allows you to configure the object identifiers of branches within the MIB

tree. Wild cards can be used to mask a specific portion of the OID string.

◆ Mask (option) – A hexadecimal value with each bit masking the corresponding

ID in the MIB subtree. A “1” in the mask indicates an exact match and a “0”
indicates a “wild card.” For example, a mask value of 0xFFBF provides a bit mask

– 55 –

Chapter 4

Simple Network Management Protocol

| Management Settings

“1111 1111 1011 1111.” If applied to the subtree “1.3.6.1.2.1.2.2.1.1.23,” the zero
corresponds to the 10th subtree ID. When there are more subtree IDs than bits
in the mask, the mask is padded with ones.

◆ View List – Shows the currently configured object identifiers of branches

within the MIB tree that define the SNMP view.

Creating Groups

An SNMPv3 group sets the access policy for its assigned users, restricting them to
specific read, write, and notify views. You can create new groups to map a set of
SNMP users to SNMP views.

◆ Group Name – The name of the SNMP group. (Range: 1-32 characters)

◆ Security Level – The security level used for the group:

■

noAuthNoPriv – There is no authentication or encryption used in SNMP
communications.

■

AuthNoPriv – SNMP communications use authentication, but the data is
not encrypted.

■

AuthPriv – SNMP communications use both authentication and
encryption.

◆ Read View – The configured view for read access. (Range: 1-32 characters)

◆ Write View – The configured view for write access. (Range: 1-32 characters)

SNMPv3 Users The access point allows multiple SNMP v3 users to be configured. Each SNMPv3

user is defined by a unique name. Users must be configured with a specific security
level and assigned to a group. The SNMPv3 group restricts users to a specific read,
write, or notify view.

Figure 24: Configuring SNMPv3 Users

– 56 –

Chapter 4

Simple Network Management Protocol

| Management Settings

The following items are displayed on this page:

◆ User Name — The SNMPv3 user name. (32 characters maximum)

◆ Group — The SNMPv3 group name.

◆ Auth Type — The authentication type used for the SNMP user; either MD5 or

none. When MD5 is selected, enter a password in the corresponding
Passphrase field.

◆ Auth Passphrase — The authentication password or key associated with the

authentication and privacy settings. A minimum of eight plain text characters is
required.

◆ Priv Type — The data encryption type used for the SNMP user; either DES or

none. When DES is selected, enter a key in the corresponding Passphrase field.

◆ Priv Passphrase — The password or key associated with the authentication

and privacy settings. A minimum of eight plain text characters is required.

◆ Action — Click the Add button to add a new user to the list. Click the edit

button to change details of an existing user. Click the Del button to remove a
user from the list.

Note:

Users must be assigned to groups that have the same security levels. For
example, a user who has “Auth Type” and “Priv Type” configured to MD5 and DES
respectively (that it, uses both authentication and data encryption) must be
assigned to the RWPriv group. If this same user were instead assigned to the read­only (RO) group, the user would not be able to access the database.

SNMPv3 Targets An SNMP v3 notification Target ID is specified by the SNMP v3 user, IP address, and

UDP port. A user-defined filter can also be assigned to specific targets to limit the
notifications received to specific MIB objects. (Note that the filter must first be
configured. See “SNMPv3 Notification Filters” on page 58.)

To configure a new notification receiver target, define the parameters and select a
filter, if required. Note that the SNMP v3 user name must first be defined (See

“SNMPv3 Users” on page 56.)

– 57 –

Chapter 4

Simple Network Management Protocol

| Management Settings

Figure 25: SNMPv3 Targets

The following items are displayed on this page:

◆ Targ et ID — A user-defined name that identifies a receiver of notifications.

(Maximum length: 32 characters)

◆ IP Address — Specifies the IP address of the receiving management station.

SNMPv3 Notification

Filters

◆ UDP Port — The UDP port that is used on the receiving management station

for notification messages.

◆ SNMP User — The defined SNMP v3 user that is to receive notification

messages.

◆ Notification Filter — The name of a user-defined notification filter that is

applied to the target.

SNMP v3 users can be configured to receive notification messages from the access
point. An SNMP Target ID is created that specifies the SNMP v3 user, IP address, and
UDP port. A user-defined notification filter can be created so that specific
notifications can be prevented from being sent to particular targets.

Figure 26: SNMP Notification Filter

– 58 –

Chapter 4

Simple Network Management Protocol

| Management Settings

The following items are displayed on this page:

◆ Filter ID — A user-defined name that identifies the filter. (Maximum length: 32

characters)

◆ Subtree — Specifies MIB subtree to be filtered. The MIB subtree must be

defined in the form “.1.3.6.1” and always start with a “.”.

◆ Typ e — Indicates if the filter is to “include” or “exclude” the MIB subtree objects

from the filter. Note that MIB objects included in the filter are not sent to the
receiving target and objects excluded are sent. By default all traps are sent, so
you can first use an “include” filter entry for all trap objects. Then use “exclude”
entries for the required trap objects to send to the target. Note that the filter
entries are applied in the sequence that they are defined.

◆ Action — Adds the notification filter.

– 59 –

5 Advanced Settings

This chapter describes advanced settings on the access point. It includes the
following sections:

◆ “Local Bridge Filter” on page 60

◆ “Link Layer Discovery Protocol” on page 61

◆ “Access Control Lists” on page 63

◆ “Link Integrity” on page 66

Local Bridge Filter

The access point can employ network traffic frame filtering to control access to
network resources and increase security. You can prevent communications
between wireless clients and prevent access point management from wireless
clients. Also, you can block specific Ethernet traffic from being forwarded by the
access point.

The Local Bridge Filter sets the global mode for wireless-to-wireless
communications between clients associated to Virtual AP (VAP) interfaces on the
access point. (Default: Disabled)

Figure 27: Local Bridge Filter

The following items are displayed on this page:

◆ Disabled — All clients can communicate with each other through the access

point.

– 60 –

◆ Prevent Intra VAP client communication — When enabled, clients associated

with a specific VAP interface cannot establish wireless communications with
each other. Clients can communicate with clients associated to other VAP
interfaces.

◆ Prevent Inter and Intra VAP client communication — When enabled, clients

cannot establish wireless communications with any other client, either those
associated to the same VAP interface or any other VAP interface.

Link Layer Discovery Protocol

This page allows you to configure the Link Layer Discovery Protocol (LLDP). LLDP
allows devices in the local broadcast domain to share information about
themselves. LLDP-capable devices periodically transmit information in messages
called Type Length Value (TLV) fields to neighbor devices. Advertised information is
represented in Type Length Value (TLV) format according to the IEEE 802.1ab
standard, and can include details such as device identification, capabilities and
configuration settings.

Chapter 5

Link Layer Discovery Protocol

| Advanced Settings

This information can be used by SNMP applications to simplify troubleshooting,
enhance network management, and maintain an accurate network topology.

Figure 28: LLDP Settings

The following items are displayed on this page:

◆ Disable/Enable — Disables/Enables LLDP on the access point.

◆ Message Transmission Hold Time — Configures the time-to-live (TTL) value

sent in LLDP advertisements as shown in the formula below. (Range: 2-10;
Default: 4)

– 61 –

Chapter 5

Link Layer Discovery Protocol

| Advanced Settings

The time-to-live tells the receiving LLDP agent how long to retain all
information pertaining to the sending LLDP agent if it does not transmit
updates in a timely manner. TTL in seconds is based on the following rule:
(Transmission Interval * Hold time) ≤ 65536. Therefore, the default TTL is 4*30 =
120 seconds.

◆ Message Transmission Interval (seconds) — Configures the periodic transmit

interval for LLDP advertisements. (Range: 5-32768 seconds; Default: 30
seconds)

This attribute must comply with the following rule: (Transmission Interval *
Hold Time) ≤ 65536, and Transmission Interval >= (4 * Delay Interval)

◆ ReInitial Delay Time (seconds) — Configures the delay before attempting to

re-initialize after LLDP ports are disabled or the link goes down. (Range: 1-10
seconds; Default: 2 seconds)

When LLDP is re-initialized on a port, all information in the remote systems
LLDP MIB associated with this port is deleted.

◆ Transmission Delay Value (seconds) — Configures a delay between the

successive transmission of advertisements initiated by a change in local LLDP
MIB variables. (Range: 1-8192 seconds; Default: 4 seconds)

The transmit delay is used to prevent a series of successive LLDP transmissions
during a short period of rapid changes in local LLDP MIB objects, and to
increase the probability that multiple, rather than single changes, are reported
in each transmission.

This attribute must comply with the rule: (4 * Delay Interval) ≤ Transmission
Interval

– 62 –

Access Control Lists

Chapter 5

| Advanced Settings

Access Control Lists

Access Control Lists allow you to configure a list of wireless client MAC addresses
that are not authorized to access the network. A database of MAC addresses can be
configured locally on the access point.

Source Address

Settings

The ACL Source Address Settings page enables traffic filtering based on the source
MAC address in the data frame.

Figure 29: Source ACLs

The following items are displayed on this page:

◆ SA Status — Enables network traffic with specific source MAC addresses to be

filtered (dropped) from the access point.

◆ MAC Address — Specifies a source MAC address to filter, in the form

xx.xx.xx.xx.xx.xx, or xx-xx-xx-xx-xx-xx.

◆ Action — Selecting “Add” adds a new MAC address to the filter list, selecting

delete removes the specified MAC address.

◆ Number — Specifies the number associated with the MAC address.

◆ MAC Address — Displays the configured source MAC address.

– 63 –

Chapter 5

Access Control Lists

| Advanced Settings

Destination Address

Settings

The ACL Destination Address Settings page enables traffic filtering based on the
destination MAC address in the data frame.

Figure 30: Destination ACLs

The following items are displayed on this page:

◆ DA Status — Enables network traffic with specific destination MAC addresses

to be filtered (dropped) from the access point.

◆ MAC Address — Specifies a destination MAC address to filter, in the form

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.

◆ Action — Selecting “Add” adds a new MAC address to the filter list, selecting

delete deletes the specified MAC address.

◆ Number — Specifies the number of the MAC address in the filter table.

◆ MAC Address — Displays the configured destination MAC address.

– 64 –

Chapter 5

| Advanced Settings

Access Control Lists

Ethernet Type The Ethernet Type Filter controls checks on the Ethernet type of all incoming and

outgoing Ethernet packets against the protocol filtering table. (Default: Disabled)

Figure 31: Ethernet Type Filter

The following items are displayed on this page:

◆ Disabled — Access point does not filter Ethernet protocol types.

◆ Enabled — Access point filters Ethernet protocol types based on the

configuration of protocol types in the filter table. If the status of a protocol is set
to “ON,” the protocol is filtered from the access point.

◆ Local Management — Describes the Ethernet filter type.

◆ ISO Designator — Describes the ISO Designator identifier.

◆ Filter Status — Turns the filter on or off.

– 65 –

Chapter 5

Link Integrity

| Advanced Settings

Link Integrity

The AP provides a link integrity feature that can be used to ensure that wireless
clients are connected to resources on the wired network. The AP does this by
periodically sending Ping messages to a host device in the wired Ethernet network.
If the AP detects that the connection to the host has failed, it can disable the radio
interfaces, forcing clients to find and associate with another AP. When the
connection to the host is restored, the AP re-enables the radio interfaces.

Figure 32: Link Integrity

The following items are displayed on this page:

◆ Link Integrity — Enables the feature. (Default: Disabled)

◆ Destination IP — The link host IP address on the wired network to which Ping

messages are sent. (Default: 192.168.2.254)

◆ Detect Interval — The interval time between each Ping sent to the host IP

address.(Range: 10-86400 seconds; Default: 60 seconds)

◆ Response Timeout — The time to wait for a response to a Ping message.

(Range: 1-10 seconds; Default: 2 seconds)

◆ Retry Count if no response — The number of consecutive failed Ping counts

before the link is determined as lost. (Range: 1-99; Default: 5)

◆ Link Fail Action — When a link integrity test fails you can optionally disable

either radio interface. Note that the shutdown action does not apply for a VAP
interface set to WDS station mode. (Default: Disabled)

– 66 –

6 Wireless Settings

This chapter describes wireless settings on the access point. It includes the
following sections:

◆ “Authentication” on page 68

◆ “Band Steering” on page 70

◆ “Radio Settings” on page 71

◆ “Virtual Access Points (VAPs)” on page 75

◆ “Rogue AP Detection” on page 84

◆ “Wi-Fi Multimedia (WMM)” on page 86

– 67 –

Chapter 6

Authentication

| Wireless Settings

Authentication

Wireless clients can be authenticated for network access by checking their MAC
address against the local database configured on the access point, or by using a
database configured on a central RADIUS server. Alternatively, authentication can
be implemented using the IEEE 802.1X network access control protocol.

You can configure a list of the MAC addresses for wireless clients that are authorized
to access the network. This provides a basic level of authentication for wireless
clients attempting to gain access to the network. A database of authorized MAC
addresses can be stored locally on the access point or remotely on a central RADIUS
server. (Default: Local MAC)

Local MAC

Authentication

Configures the local MAC authentication database. The MAC database provides a
mechanism to take certain actions based on a wireless client’s MAC address. The
MAC list can be configured to allow or deny network access to specific clients.

Figure 33: Local Authentication

The following items are displayed on Authentication page:

MAC Authentication — Selects between, disabled, Local MAC authentication and
RADIUS authentication.

– 68 –

Chapter 6

◆ Local MAC — The MAC address of the associating station is compared against

| Wireless Settings

Authentication

the local database stored on the access point. The Local MAC Authentication
section enables the local database to be set up.

◆ System Default — Specifies a default action for all unknown MAC addresses

(that is, those not listed in the local MAC database).

■

Deny: Blocks access for all MAC addresses except those listed in the local
database as “Allow.”

■

Allow: Permits access for all MAC addresses except those listed in the local
database as “Deny.”

◆ MAC Authentication Settings — Enters specified MAC addresses and

permissions into the local MAC database.

■

MAC Address: Physical address of a client. Enter six pairs of hexadecimal
digits separated by hyphens; for example, 00-90-D1-12-AB-89.

RADIUS MAC

Authentication

■

Permission: Select Allow to permit access or Deny to block access.

■

Add/Delete: Adds or deletes the specified MAC address and permission
setting into or from the local database.

◆ MAC Authentication Table — Displays current entries in the local MAC

database.

The MAC address of the associating station is sent to a configured RADIUS server for
authentication. When using a RADIUS authentication server for MAC address
authentication, the server must first be configured on the RADIUS page.

Figure 34: RADIUS Authentication

The following items are displayed on Authentication page:

MAC Authentication — Selects between, disabled, Local MAC authentication and
RADIUS authentication.

– 69 –

Chapter 6

Band Steering

| Wireless Settings

Band Steering

◆ RADIUS MAC — The MAC address of the associating station is compared

against the RADIUS server database. The RADIUS MAC Authentication section
enables the RADIUS database to be set up.

◆ Session Timeout — The time period after which a connected client must be

re-authenticated. During the re-authentication process of verifying the client’s
credentials on the RADIUS server, the client remains connected the network.
Only if re-authentication fails is network access blocked. (Default: 0 means
disabled; Range: 30-65535 seconds)

The Band Steering feature redirects all dual-band clients to connect to the 5 GHz
radio. This feature only functions when both the 2.4 GHz and 5 GHz radio SSIDs are
identical.

Figure 35: Band Steering

The following items are displayed on this page:

◆ Band Steering Status — Enables the Band Steering feature. (Default: Disabled)

– 70 –

Radio Settings

Chapter 6

| Wireless Settings

Radio Settings

The IEEE 802.11n wireless interfaces include configuration options for radio signal
characteristics and wireless security features.

The AP can operate in several radio modes, mixed 802.11b/g/n (2.4 GHz), or mixed

802.11a/n (5 GHz). Note that the radios can operate at 2.4 GHz and 5 GHz at the
same time. The web interface identifies the radio configuration pages as:

◆ Radio 0 — the 2.4 GHz 802.11b/g/n radio interface

◆ Radio 1 — the 5 GHz 802.11a/n radio interface

Each radio supports 16 virtual access point (VAP) interfaces, referred to as VAP 0 ~
VAP 15. Each VAP functions as a separate access point, and can be configured with
its own Service Set Identification (SSID) and security settings. However, most radio
signal parameters apply to all VAP interfaces. The configuration options are nearly
identical, and are therefore both covered in this section of the manual. Traffic to
specific VAPs can be segregated based on user groups or application traffic. The
clients associate with each VAP in the same way as they would with separate
physical access points. The AP supports up to a total of 127 wireless clients across
all VAP interfaces per radio.

Figure 36: Radio Settings

– 71 –

Chapter 6

Radio Settings

| Wireless Settings

The following items are displayed on this page:

◆ High Throughput Mode — The access point provides a channel bandwidth of

20 MHz by default giving an 802.11g connection speed of 54 Mbps and a

802.11n connection speed of up to 108 Mbps, and ensures backward
compliance for slower 802.11b devices. Setting the HT Channel Bandwidth to
40 MHz increases connection speed for 802.11n up to 300 Mbps. HT40plus
indicates that the secondary channel is above the primary channel. HT40minus
indicates that the secondary channel is below the primary channel.
(Default: HT20; Range:HT20, HT40PLUS, HT40MINUS)

◆ Radio Channel — The radio channel that the access point uses to

communicate with wireless clients. When multiple access points are deployed
in the same area, set the channel on neighboring access points at least five
channels apart to avoid interference with each other. For example, for 11g/n
HT20 mode you can deploy up to three access points in the same area using
channels 1, 6, 11. Note that wireless clients automatically set the channel to the
same as that used by the access point to which it is linked. (The available
channels are dependent on the Radio Mode, High Throughput Mode, and
Country Code settings.)

◆ Auto Channel — Selecting Auto Select enables the access point to

automatically select an unoccupied radio channel.

◆ Interference Channel Recover — Rescans all channels when interference is

detected on the current channel, and then changes to a clear channel.
(Default: Disabled)

◆ Wlandev Interference Detection — Enables the detection of nearby APs that

are using the same channel. If the RSSI signal strength of a nearby AP is above
the configured threshold value, the unit switches to another channel.
(Default: Disabled)

◆ Wlandev Interference Detection RSSI —The RSSI signal strength threshold of

a nearby AP above which the unit switches to another channel. (Range: 1-100;
Default: 80)

◆ Wlandev Interference Detection Time —The time duration that a nearby AP

with an RSSI above the set threshold is continuously detected before the unit
restarts the scan process. (Range: 10-300 seconds; Default: 30 seconds)

◆ Antenna — Sets the antenna options for this AP to “system default.”

◆ Transmit Power — Adjusts the power of the radio signals transmitted from the

access point. The higher the transmission power, the farther the transmission
range. Power selection is not just a trade off between coverage area and
maximum supported clients. You also have to ensure that high-power signals
do not interfere with the operation of other radio devices in the service area.
(Range - Percentage mode: min, 12.5%, 25%, 50%, 100%; Default: 100%)
(Range - dBm mode: 3-20 dBm; Default: 18 dBm)

– 72 –

Chapter 6

◆ Maximum Association Clients — The total maximum number of clients that

| Wireless Settings

Radio Settings

may associate with the radio. (Range: 1-127; Default: 127)

◆ Radio Mode — Defines the radio operation mode.

■

Radio 0 (2.4 GHz Radio) — Default: 11n (g compatible); Options: 11n (b&g
compatible), 11n (g compatible).

■

Radio 1 (5 GHz Radio) — Default: 11n; Options: 11n (a compatible), 11n.

Note:

Enabling the AP to communicate with 802.11b/g clients in both 802.11b/g/n
Mixed and 802.11n modes also requires that HT Operation be set to HT20.

◆ Preamble Length — The radio preamble (sometimes called a header) is a

section of data at the head of a packet that contains information that the
wireless device and client devices need when sending and receiving packets.
You can set the radio preamble to long or short. A short preamble improves
throughput performance, whereas a long preamble is required when legacy
wireless devices are part of your network.

◆ Beacon Interval — The rate at which beacon signals are transmitted from the

access point. The beacon signals allow wireless clients to maintain contact with
the access point. They may also carry power-management information. (Range:
40-3500 TUs; Default: 100 TUs)

◆ Data Beacon Rate (DTIM) — The rate at which stations in sleep mode must

wake up to receive broadcast/multicast transmissions.

Known also as the Delivery Traffic Indication Map (DTIM) interval, it indicates
how often the MAC layer forwards broadcast/multicast traffic, which is
necessary to wake up stations that are using Power Save mode. The default
value of 2 indicates that the access point will save all broadcast/multicast
frames for the Basic Service Set (BSS) and forward them after every second
beacon. Using smaller DTIM intervals delivers broadcast/multicast frames in a
more timely manner, causing stations in Power Save mode to wake up more
often and drain power faster. Using higher DTIM values reduces the power used
by stations in Power Save mode, but delays the transmission of broadcast/
multicast frames. (Range: 1-255 beacons; Default: 1 beacon)

◆ RTS Threshold — Sets the packet size threshold at which a Request to Send

(RTS) signal must be sent to a receiving station prior to the sending station
starting communications. The access point sends RTS frames to a receiving
station to negotiate the sending of a data frame. After receiving an RTS frame,
the station sends a CTS (clear to send) frame to notify the sending station that it
can start sending data.

If the RTS threshold is set to 1, the access point always sends RTS signals. If set
to 2346, the access point never sends RTS signals. If set to any other value, and

– 73 –

Chapter 6

Radio Settings

| Wireless Settings

the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to
Send / Clear to Send) mechanism will be enabled.

The access points contending for the medium may not be aware of each other.
The RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 1-2346
bytes: Default: 2346 bytes)

◆ Short Guard Interval — The 802.11n draft specifies two guard intervals: 400ns

(short) and 800ns (long). Support of the 400ns GI is optional for transmit and
receive. The purpose of a guard interval is to introduce immunity to
propagation delays, echoes, and reflections to which digital data is normally
very sensitive. Enabling the Short Guard Interval sets it to 400ns. (Default:
Disabled)

◆ Aggregate MAC Protocol Data Unit (A-MPDU) — Enables / disables the

sending of this four frame packet header for statistical purposes. (Default:
Enabled)

◆ A-MPDU Length Limit (1024-65535) — Defines the A-MPDU length. (Default:

65535 bytes; Range: 1024-65535 bytes)

◆ Aggregate MAC Service Data Unit (A-MSDU) — Enables / disables the

sending of this four frame packet header for statistical purposes. (Default:
Enabled)

◆ Disable HT20/HT40 Coexistance — Prevents 802.11n 20 MHz and 40 MHz

channel bandwidths from operating together in the same network.
(Default: Disabled)

◆ Antenna Selection — Sets the radio to use one or both antennas. (Options:

Left, Right, Right+Left; Default: Right+Left)

◆ Minimum CCK Rate — (2.4 GHz radio only) The minimum CCK data rate at

which the AP transmits packets on the wireless interface. (Options: 1, 2, 5.5,
11 Mbps; Default 1 Mbps)

◆ Minimum OFDM Rate — The minimum OFDM data rate at which the AP

transmits packets on the wireless interface. (Range: 6, 9, 12, 18, 24, 36, 48,
54 Mbps; Default 6 Mbps)

◆ Minimum Single Stream Rate — The minimum 802.11n single stream data

rate at which the AP transmits packets on the wireless interface. (Range: MCS0­MCS7; Default MCS0)

◆ Minimum Double Stream Rate — The minimum 802.11n double stream data

rate at which the AP transmits packets on the wireless interface. (Range: MCS8­MCS15; Default MCS8)

– 74 –

◆ Long Distance Setting — When you have long-distance links in the wireless

network, some timing parameters require an adjustment to maintain
communications.

Enter the approximate distance (in meters) of the client from the AP. Click on
the “Show Reference Data” button to compute a set of recommended values
for SlotTime, ACKTimeOut and CTSTimeOut. You can use the recommended
values or enter your own values that work for your specific environment.

◆ Set Radio — Sets all entered parameters.

Virtual Access Points (VAPs)

The AP supports up to 16 virtual access point (VAP) interfaces per radio, numbered
0 to 15. Each VAP functions as a separate access point, and can be configured with
its own Service Set Identification (SSID) and security settings. However, most radio
signal parameters apply to all VAP interfaces.

Chapter 6

Virtual Access Points (VAPs)

| Wireless Settings

The VAPs function similar to a VLAN, with each VAP mapped to its own default
VLAN ID. Traffic to specific VAPs can be segregated based on user groups or
application traffic. All VAPs can support up to a total of 127 wireless clients,
whereby the clients associate with each VAP the same way as they would with
separate physical access points.

Note:

The radio channel settings for the access point are limited by local
regulations, which determine the number of channels that are available. See

“Operating Channels” on page 46 for additional information on the maximum

number channels available.

– 75 –

Chapter 6

Virtual Access Points (VAPs)

| Wireless Settings

Figure 37: VAP Settings

The following items are displayed on this page:

◆ VAP Number — The number associated with the VAP, 0-15.

◆ SSID — The name of the basic service set provided by a VAP interface. Clients

that want to connect to the network through the access point must set their
SSID to the same as that of an access point VAP interface. (Default:
EAP9112A_11BGN_# (0 to 15) for 2.4 GHz, EAP9112A_11NA_# (0 to 15) for
5 GHz; Range: 1-32 characters)

◆ Enable — Enables the specified VAP. (Default: Disabled)

◆ Status — Displays the mode of the VAP. The default is set to "AP," for normal

access point services.

◆ Edit Setting — Click to open the page to configure basic and security settings

for the selected VAP.

◆ QoS Setting — Click to open the page to configure QoS settings for the

selected VAP.

◆ Bandwidth Setting — Click to open the page to configure bandwidth control

for the selected VAP.

VAP Basic Settings Sets the basic operating mode and other settings for the VAP.

– 76 –

Chapter 6

Virtual Access Points (VAPs)

| Wireless Settings

Each VAP can operate in one of three modes; normal AP mode, WDS-AP bridge AP
mode, or WDS-STA bridge station mode. The default mode is AP for the VAP to
support normal access point services.

Note:

For more information and examples for setting up WDS networks, see “WDS

Setup Examples” on page 45.

Note that the Basic Settings are the same for both AP and WDS-AP modes.

Figure 38: VAP Basic Settings

The following items are displayed on this page:

◆ Closed System — When enabled, the VAP does not include its SSID in beacon

messages. Nor does it respond to probe requests from clients that do not
include a fixed SSID. (Default: Disable)

◆ Mode — Selects the mode in which the VAP will function.

■

AP Mode: The VAP provides services to clients as a normal access point.

■

WDS-AP Mode: The VAP operates as an access point in WDS mode, which
accepts connections from APs in WDS-STA mode.

■

WDS-STA Mode: The VAP operates as a client station in WDS mode, which
connects to an access point VAP in WDS-AP mode. The user needs to
specify the MAC address of the access point in WDS-AP mode to which it
intends to connect.

◆ Maximum Association Clients — The total maximum number of clients that

may associate with this VAP. The maximum is 127, which is the total associated
clients for all VAP interfaces. (Range: 1 to 127; Default 64)

◆ WLAN Client Association Preemption — When enabled, the AP applies a

priority order for associating clients when the maximum clients for the VAP has
been reached. The priority order is 11n clients, 11a/g clients, then 11b clients.

– 77 –

Chapter 6

Virtual Access Points (VAPs)

| Wireless Settings

When the association pool for the VAP is full and the AP receives an association
request from a high-priority (11n) client, the AP sends a disassociation to a
lower priority client (11a/g or 11b) in order to be able to associate the high­priority client. If there are no lower-priority clients to disassociate, the AP will
reject the association request. (Default: Disabled)

◆ Association Timeout Interval — The idle time interval (when no frames are

sent) after which a client is disassociated from the VAP interface. (Range: 5-60
minutes; Default: 30 minutes)

◆ Authentication Timeout Interval — The time within which the client should

finish authentication before authentication times out.
(Range: 5-60 minutes; Default: 60 minutes)

◆ Default VLAN ID — The VLAN ID assigned to wireless clients associated to the

VAP interface that are not assigned to a specific VLAN by RADIUS server
configuration. (Default: 1)

◆ DHCP Relay Server — The IP address of the DHCP relay server. Dynamic Host

Configuration Protocol (DHCP) can dynamically allocate an IP address and
other configuration information to network clients that broadcast a request. To
receive the broadcast request, the DHCP server would normally have to be on
the same subnet as the client. However, when the access point’s DHCP relay
agent is enabled, received client requests can be forwarded directly by the
access point to a known DHCP server on another subnet. Responses from the
DHCP server are returned to the access point, which then broadcasts them
back to clients. (Default: 0.0.0.0 (disabled))

◆ SSID — The service set identifier for the VAP.

◆ Multicast Enhancement — When a wireless client joins a multicast group, this

feature converts multicast packets to unicast packets to improve multicast
video quality.

WDS-STA Mode Describes additional basic VAP settings when functioning in WDS-STA mode.

Figure 39: WDS-STA Mode

The following items are displayed in the VAP Basic Settings when WDS-AP mode is
selected:

– 78 –

Chapter 6

Virtual Access Points (VAPs)

◆ WDS-AP (Parent) SSID — The SSID of the VAP on the connecting access point

| Wireless Settings

that is set to WDS-AP mode.

◆ WDS-AP (Parent) MAC — The MAC address of the VAP on the connecting

access point that is set to WDS-AP mode.

Wireless Security

Settings

Describes the wireless security settings for each VAP, including association mode,
encryption, and authentication.

Note:

For VAPs set to WDS-AP or WDS-STA mode, the security options are limited
to WPA-PSK and WPA2-PSK only.

Figure 40: Configuring VAPs - Security Settings

The following items are available for VAP security:

◆ Association Mode — Defines the mode with which the VAP will associate with

clients.

■

Open System: The VAP is configured by default as an “open system,” which
broadcasts a beacon signal including the configured SSID. Wireless clients
with an SSID setting of “any” can read the SSID from the beacon and
automatically set their SSID to allow immediate connection.

■

WPA: WPA employs a combination of several technologies to provide an
enhanced security solution for 802.11 wireless networks.

■

WPA-PSK: For enterprise deployment, WPA requires a RADIUS
authentication server to be configured on the wired network. However, for
small office networks that may not have the resources to configure and
maintain a RADIUS server, WPA provides a simple operating mode that uses
just a pre-shared password for network access. The Pre-Shared Key mode
uses a common password for user authentication that is manually entered

– 79 –

Chapter 6

Virtual Access Points (VAPs)

| Wireless Settings

on the access point and all wireless clients. The PSK mode uses the same
TKIP packet encryption and key management as WPA in the enterprise,
providing a robust and manageable alternative for small networks.

■

WPA2: WPA was introduced as an interim solution for the vulnerability of
WEP pending the ratification of the IEEE 802.11i wireless security standard.
In effect, the WPA security features are a subset of the 802.11i standard.
WPA2 includes the now ratified 802.11i standard, but also offers backward
compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK
modes of operation and support for TKIP encryption.

■

WPA2-PSK: Clients using WPA2 with a Pre-shared Key are accepted for
authentication.

■

WPA-WPA2 Mixed: Clients using WPA or WPA2 are accepted for
authentication.

■

WPA-WPA2-PSK-mixed: Clients using WPA or WPA2 with a Pre-shared Key
are accepted for authentication.

◆ Encryption Method — Selects an encryption method for the global key used

for multicast and broadcast traffic, which is supported by all wireless clients.

■

WEP: WEP is used as the multicast encryption cipher. You should select
WEP only when both WPA and WEP clients are supported.

■

TKIP: TKIP is used as the multicast encryption cipher.

■

AES-CCMP: AES-CCMP is used as the multicast encryption cipher. AES­CCMP is the standard encryption cipher required for WPA2.

◆ 802.1X — The access point supports 802.1X authentication only for clients

initiating the 802.1X authentication process (i.e., the access point does not
initiate 802.1X authentication). For clients initiating 802.1X, only those
successfully authenticated are allowed to access the network. For those clients
not initiating 802.1X, access to the network is allowed after successful wireless
association with the access point. The 802.1X mode allows access for clients not
using WPA or WPA2 security.

◆ Pre-Authentication — When using WPA2 over 802.1X, pre-authentication can

be enabled, which allows clients to roam to a new access point and be quickly
associated without performing full 802.1X authentication. (Default: Disabled)

◆ 802.1x Reauthentication Time — The time period after which a connected

client must be re-authenticated. During the re-authentication process of
verifying the client’s credentials on the RADIUS server, the client remains
connected the network. Only if re-authentication fails is network access
blocked. (Range: 0-65535 seconds; Default: 0 means disabled)

– 80 –

Chapter 6

Virtual Access Points (VAPs)

| Wireless Settings

Wired Equivalent

Privacy (WEP)

WEP provides a basic level of security, preventing unauthorized access to the
network, and encrypting data transmitted between wireless clients and the VAP.
WEP uses static shared keys (fixed-length hexadecimal or alphanumeric strings)
that are manually distributed to all clients that want to use the network.

WEP is the security protocol initially specified in the IEEE 802.11 standard for
wireless communications. Unfortunately, WEP has been found to be seriously
flawed and cannot be recommended for a high level of network security. For more
robust wireless security, the access point provides Wi-Fi Protected Access (WPA)
and WPA2 for improved data encryption and user authentication.

Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy
(WEP) on the access point to prevent unauthorized access to the network.

If you choose to use WEP shared keys instead of an open system, be sure to define
at least one static WEP key for user authentication and data encryption. Also, be
sure that the WEP shared keys are the same for each client in the wireless network.
All clients share the same keys, which are used for user authentication and data
encryption. Up to four keys can be specified.

Figure 41: WEP Configuration

The following items are on this page for WEP configuration:

◆ Default WEP Key Index – Selects the key number to use for encryption for the

VAP interface. If the clients have all four WEP keys configured to the same
values, you can change the encryption key to any of the settings without
having to update the client keys.
(Default: Key 1)

– 81 –

Chapter 6

Virtual Access Points (VAPs)

| Wireless Settings

◆ Key Type – Select the preferred method of entering WEP encryption keys for

the VAP, either hexadecimal digits (Hex) or alphanumeric characters (ASCII).

◆ Key Length – Select 64 Bit or 128 Bit key length. Note that the same size of

encryption key must be supported on all wireless clients. (Default: 64 bit)

◆ Key – Enter up to four WEP encryption keys for the VAP.

■

Hex: Enter keys as 10 hexadecimal digits (0-9 and A-F) for 64 bit keys, or 26
hexadecimal digits for 128 bit keys.

■

ASCII: Enter keys as 5 alphanumeric characters for 64 bit keys, or 13
alphanumeric characters for 128 bit keys.

Note:

Key index, type, and length must match that configured on the clients.

VAP QoS Settings Click the QoS Setting link from the VAP Settings page to access the QoS priority

mapping configuration for traffic on the VAP interface.

Figure 42: QoS Settings

The following items are displayed in the VAP QoS Settings page:

– 82 –

Chapter 6

Virtual Access Points (VAPs)

◆ VAP to 802.1p Setting — You can modify the VLAN priority tags of traffic on

| Wireless Settings

the VAP interface with a specified priority value. Requires the default VLAN ID
for the VAP to be any other value than 1.

Note:

The VAP-to-802.1p priority QoS feature cannot be enabled together with the

802.1d-to-802.1p or 802.1d-to-DSCP features.

◆ 802.1d to 802.1p Setting — Enables the mapping of traffic priority from

WMM 802.1d priorities to 802.1p VLAN tag priority values. The priorities are
mapped according to the user-defined QoS Template map. Requires the
default VLAN ID for the VAP to be any other value than 1.

◆ 802.1d to DSCP Setting — Enables the mapping of traffic priority from WMM

802.1d priorities to IP DSCP priority values. The priorities are mapped according
to the user-defined QoS Template map.

Both “802.1d to 802.1p” mapping and “802.1d to DSCP” mapping can be
enabled simultaneously when the default VLAN ID for the VAP is any other
value than 1. When only “802.1d to DSCP” mapping is enabled, the default
VLAN ID for the VAP must be set to 1.

◆ QoS Template — Enables up to eight user-defined priority mapping tables to

be configued. The tables are used to map the WMM 802.1d priorities to 802.1p/
DSCP priorities.

Click the “Edit” link in the list to define a template priority map.

Figure 43: QoS Template Setting

The following items are displayed in the QoS Template Setting page:

– 83 –

Chapter 6

Rogue AP Detection

| Wireless Settings

◆ QoS Template Name — A descriptive name that identifies the mappng

template. All eight templates have a default name that can be edited by the
user (maximum 32 characters).

◆ Vap/802.1d (Default User Priority) — The WMM 802.1d priority value in a

tagged packet.

◆ 802.1p/DSCP (Retagged User Priority) — The 802.1p or IP DSCP priority

value that replaces the WMM 802.1d value in tagged packets. (Range: 0-7)

VAP Bandwidth

Settings

Click the Bandwidth Setting link from the VAP Settings page to configure rate
limiting for traffic on the VAP interface.

Figure 44: Bandwidth Settings

The following items are displayed on this page:

◆ Bandwidth Control on Uplink Setting — Enables the rate limiting of traffic

from the VAP interface as it is passed to the wired network. You can set a
maximum rate in kbytes per second. (Range: 100-12000 Kbytes per second;
Default: 100 Kbytes per second)

◆ Bandwidth Control on Downlink Setting — Enables the rate limiting of traffic

from the wired network as it is passed to the VAP interface. You can set a
maximum rate in kbytes per second. (Range: 100-12000 Kbytes per second;
Default: 100 Kbytes per second)

Rogue AP Detection

A “rogue AP” is either an access point that is not authorized to participate in the
wireless network, or an access point that does not have the correct security
configuration. Rogue APs can allow unauthorized access to the network, or fool
client stations into mistakenly associating with them and thereby blocking access
to network resources.

The access point can be configured to periodically scan all radio channels and find
other access points within range. A database of nearby access points is maintained

– 84 –

Chapter 6

| Wireless Settings

Rogue AP Detection

where any rogue APs can be identified. Rogue access points can be identified by
unknown BSSID (MAC address).

Figure 45: Rogue AP Detection

The following items are displayed on this page:

◆ AP Scan Setting — Enables the periodic scanning for other nearby access

points. (Default: Disable)

◆ Scan Interval — Sets the time between each rogue AP scan. (Range: 15 -65535

seconds; Default: 7200 seconds)

◆ Scan Duration — Sets the length of time for each rogue AP scan. A long scan

duration time will detect more access points in the area, but causes more
disruption to client access. (Range: 10 -150 milliseconds; Default: 150
milliseconds)

◆ First Scan Delay — Delays the start of rogue AP scanning after enabling the

feature or booting the AP. (Range: 0 -65535 seconds; Default: 65535 seconds)

◆ Friendly AP — Allows you to enter the MAC address/Basic Service Set Identifier

(BSSID) of known APs in the network. These MAC addresses will be filtered out
of the list of detected APs during a scan.

– 85 –

Chapter 6

Wi-Fi Multimedia (WMM)

| Wireless Settings

◆ Friendly AP MAC Table — Displays the MAC addresses of known APs in the

network.

◆ Rogue AP Scan Result — Displays information of unknown APs detected

within the range of the AP running the scan.

◆ Friendly Active AP Scan Result — Displays information of known APs

detected within the range of the AP running the scan.

◆ Start Instant Scan — Starts an immediate rogue AP scan on the radio

interface. (Default: Disable)

Note:

While the access point scans a channel for rogue APs, wireless clients will not
be able to connect to the access point. Therefore, avoid frequent scanning or scans
of a long duration unless there is a reason to believe that more intensive scanning is
required to find a rogue AP.

Wi-Fi Multimedia (WMM)

Wireless networks offer an equal opportunity for all devices to transmit data from
any type of application. Although this is acceptable for most applications,
multimedia applications (with audio and video) are particularly sensitive to the
delay and throughput variations that result from this “equal opportunity” wireless
access method. For multimedia applications to run well over a wireless network, a
Quality of Service (QoS) mechanism is required to prioritize traffic types and
provide an “enhanced opportunity” wireless access method.

The access point implements QoS using the Wi-Fi Multimedia (WMM) standard.
Using WMM, the access point is able to prioritize traffic and optimize performance
when multiple applications compete for wireless network bandwidth at the same
time. WMM employs techniques that are a subset of the IEEE 802.11e QoS standard
and it enables the access point to interoperate with both WMM-enabled clients and
other devices that may lack any WMM functionality.

Access Categories — WMM defines four access categories (ACs): voice, video, best
effort, and background. These categories correspond to traffic priority levels and
are mapped to IEEE 802.1D priority tags (see “WMM Access Categories” on

page 87). The direct mapping of the four ACs to 802.1D priorities is specifically

intended to facilitate inter operability with other wired network QoS policies. While
the four ACs are specified for specific types of traffic, WMM allows the priority levels
to be configured to match any network-wide QoS policy. WMM also specifies a
protocol that access points can use to communicate the configured traffic priority
levels to QoS-enabled wireless clients.

– 86 –

Table 2: WMM Access Categories

Chapter 6

| Wireless Settings

Wi-Fi Multimedia (WMM)

Access
Category

AC_VO (AC3) Voice Highest priority, minimum delay. Time-sensitive

AC_VI (AC2) Video High priority, minimum delay. Time-sensitive data

AC_BE (AC0) Best Effort Normal priority, medium delay and throughput.

AC_BK (AC1) Background Lowest priority. Data with no delay or throughput

WMM
Designation

Description 802.1D

Tag s

7, 6

data such as VoIP ( Voice over IP) calls.

5, 4

such as streaming video.

0, 3
Data only affected by long delays. Data from
applications or devices that lack QoS capabilities.

2, 1
requirements, such as bulk data transfers.

WMM Operation — WMM uses traffic priority based on the four ACs; Voice, Video,
Best Effort, and Background. The higher the AC priority, the higher the probability
that data is transmitted.

When the access point forwards traffic, WMM adds data packets to four
independent transmit queues, one for each AC, depending on the 802.1D priority
tag of the packet. Data packets without a priority tag are always added to the Best
Effort AC queue. From the four queues, an internal “virtual” collision resolution
mechanism first selects data with the highest priority to be granted a transmit
opportunity. Then the same collision resolution mechanism is used externally to
determine which device has access to the wireless medium.

For each AC queue, the collision resolution mechanism is dependent on two timing
parameters:

◆ AIFSN (Arbitration Inter-Frame Space Number), a number used to calculate the

minimum time between data frames

◆ CW (Contention Window), a number used to calculate a random backoff time

After a collision detection, a backoff wait time is calculated. The total wait time is
the sum of a minimum wait time (Arbitration Inter-Frame Space, or AIFS)
determined from the AIFSN, and a random backoff time calculated from a value
selected from zero to the CW. The CW value varies within a configurable range. It
starts at CWMin and doubles after every collision up to a maximum value, CWMax.
After a successful transmission, the CW value is reset to its CWMin value.

– 87 –

Chapter 6

AIFS Random Backoff

AIFS

Random Backoff

CWMin CWMax

CWMin CWMax

Time

High Priority

Low Priority

Minimum Wait Time Random Wait Time

Minimum Wait Time Random Wait Time

| Wireless Settings

Wi-Fi Multimedia (WMM)

Figure 46: WMM Backoff Wait Times

For high-priority traffic, the AIFSN and CW values are smaller. The smaller values
equate to less backoff and wait time, and therefore more transmit opportunities.

Figure 47: QoS

– 88 –

Chapter 6

| Wireless Settings

Wi-Fi Multimedia (WMM)

The following items are displayed on this page:

◆ WMM — Sets the WMM operational mode on the access point. When enabled,

the parameters for each AC queue will be employed on the access point and
QoS capabilities are advertised to WMM-enabled clients. (Default: Disabled)

■

Disable: WMM is disabled.

■

Enable: WMM must be supported on any device trying to associated with
the access point. Devices that do not support this feature will not be
allowed to associate with the access point.

◆ WMM Acknowledge Policy — By default, all wireless data transmissions

require the sender to wait for an acknowledgement from the receiver. WMM
allows the acknowledgement wait time to be turned off for each Access
Category (AC) 0-3. Although this increases data throughput, it can also result in
a high number of errors when traffic levels are heavy. (Default: Acknowledge)

■

Aknowledge — Applies the WMM policy.

■

No Aknowledge — Ignores the WMM policy.

◆ WMM BSS Parameters — These parameters apply to the wireless clients.

◆ WMM AP Parameters — These parameters apply to the access point.

■

logCWMin (Minimum Contention Window): The initial upper limit of the
random backoff wait time before wireless medium access can be
attempted. The initial wait time is a random value between zero and the
CWMin value. Specify the CWMin value in the range 0-15 microseconds.
Note that the CWMin value must be equal or less than the CWMax value.

■

logCWMax (Maximum Contention Window): The maximum upper limit of
the random backoff wait time before wireless medium access can be
attempted. The contention window is doubled after each detected collision
up to the CWMax value. Specify the CWMax value in the range 0-15
microseconds. Note that the CWMax value must be greater or equal to the
CWMin value.

■

AIFSN (Arbitration Inter-Frame Space): The minimum amount of wait time
before the next data transmission attempt. Specify the AIFS value in the
range 0-15 microseconds.

■

TXOP Limit (Transmit Opportunity Limit): The maximum time an AC
transmit queue has access to the wireless medium. When an AC queue is
granted a transmit opportunity, it can transmit data for a time up to the
TxOpLimit. This data bursting greatly improves the efficiency for high data­rate traffic. Specify a value in the range 0-65535 microseconds.

– 89 –

Chapter 6

Wi-Fi Multimedia (WMM)

| Wireless Settings

■

Admission Control: The admission control mode for the access category.
When enabled, clients are blocked from using the access category. (Default:
Disabled)

◆ Set WMM — Applies the new parameters and saves them to RAM memory.

Also prompts a screen to inform you when it has taken affect. Click “OK” to
return to the home page. Changes will not be saved upon a reboot unless the
running configuration file is saved.

– 90 –

7 Maintenance Settings

Maintenance settings includes the following sections:

◆ “Upgrading Firmware” on page 91

◆ “Running Configuration” on page 93

◆ “Resetting the Access Point” on page 94

◆ “Scheduled Reboot” on page 95

Upgrading Firmware

You can upgrade new access point software from a local file on the management
workstation, or from an FTP or TFTP server. New software may be provided
periodically from your distributor.

After upgrading new software, you must reboot the access point to implement the
new code. Until a reboot occurs, the access point will continue to run the software
it was using before the upgrade started. Also note that new software that is
incompatible with the current configuration automatically restores the access
point to the factory default settings when first activated after a reboot.

– 91 –

Chapter 7

Upgrading Firmware

| Maintenance Settings

Figure 48: Firmware

The following items are displayed on this page:

◆ Firmware Version — Displays the software image version that is being used as

the runtime image. The “Active” image is the current running software, and the
“Backup” image is the second software file installed on the AP, but not running.

◆ Next Boot Image — Specifies what version of software will be used as a

runtime image upon bootup.

◆ Set Next Boot — Applies the runtime image setting.

◆ Local — Downloads an operation code image file from the web management

station to the access point using HTTP. Use the Browse button to locate the
image file locally on the management station and click Start Upgrade to
proceed.

■

New Firmware File: Specifies the name of the code file on the server. The
new firmware file name should not contain slashes (\ or /), the leading letter
of the file name should not be a period (.), and the maximum length for file
names is 32 characters for files on the access point. (Valid characters: A-Z, a­z, 0-9, “.”, “-”, “_”)

◆ Remote — Downloads an operation code image file from a specified remote

FTP or TFTP server. After filling in the following fields, click Start Upgrade to
proceed.

– 92 –

◆ Start Upgrade — Commences the upgrade process.

Running Configuration

A copy of a previous running configuration may be uploaded to the access point as
a saved file from a remote location, or the current configuration saved and stored
for restoration purposes at a later point. A configuration file may be saved or
downloaded to/from a specified remote FTP or TFTP server.

Chapter 7

| Maintenance Settings

Running Configuration

■

New Firmware File: Specifies the name of the code file on the server. The
new firmware file name should not contain slashes (\ or /), the leading letter
of the file name should not be a period (.), and the maximum length for file
names on the FTP/TFTP server is 255 characters or 32 characters for files on
the access point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

■

IP Address: IP address or host name of FTP or TFTP server.

■

Username: The user ID used for login on an FTP server.

■

Password: The password used for login on an FTP server.

Figure 49: Running Configuration File

– 93 –

Chapter 7

Resetting the Access Point

| Maintenance Settings

The following items are displayed on this page:

◆ File Backup/Restore — Downloads an operation code image file from a

specified remote FTP or TFTP server. After filling in the following fields, click
Start Export/Import to proceed.

◆ Export/Import — Select Export to upload a file to an FTP/TFTP server. Select

Import to download a file from an FTP/TFTP server.

◆ Config file — Specifies the name of the configuration file. A path on the server

can be specified using “/” in the name, providing the path already exists; for
example, “myfolder/.” Other than to indicate a path, the file name must not
contain any slashes (\ or /), the leading letter cannot be a period (.), and the
maximum length for file names on the FTP/TFTP server is 255 characters. (Valid
characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

◆ IP Address — IP address or host name of FTP or TFTP server.

◆ Username — The user ID used for login on an FTP server.

◆ Password — The password used for login on an FTP server.

◆ Start Import/Export — Initiates the selected backup or restore.

◆ Restore Factory Setting — Click the Restore button to reset the configuration

settings for the access point to the factory defaults and reboot the system. Note
that all user configured information will be lost. You will have to re-enter the
default user name and password to re-gain management access to this device.

◆ Restore Factory Setting with Keep IP — Click the Restore button to reset the

AP’s configuration settings, except for the IP, to the factory defaults and reboot
the system. Note that other than the IP settings, all user configured information
will be lost. You will have to re-enter the default user name and password to re­gain management access to this device.

◆ Running Config To Startup Config — Click “Save” to save the running

configuration to the startup file.

Resetting the Access Point

The Reset page allows you to reset the access point and save the running
configuration before the reboot.

– 94 –

Chapter 7

| Maintenance Settings

Scheduled Reboot

Figure 50: Resetting the Access Point

The following items are displayed on this page:

◆ Save Runtime config before Reboot — Checking this option saves the

current running configuration to the startup file.

◆ Reboot — Click the “Reboot” button to reset the configuration settings for the

AP and reboot the system. Note that all unsaved user configured information
will be lost.

Scheduled Reboot

Note:

If you have upgraded system software, then you must reboot the access
point to implement the new operation code. New software that is incompatible
with the current configuration automatically restores the access point to default
values when first activated after a reboot.

The Reboot Schedule page allows you to set the AP to reboot on a specified time
schedule. The time can be either by days and hours, or a simple countdown in
minutes.

Figure 51: Reboot Schedule — Fixed Time

The following items are displayed on this page:

– 95 –

Chapter 7

Scheduled Reboot

| Maintenance Settings

◆ Status — Selects a fixed time interval or a countdown time, or disables the

feature.

◆ Interval — Specifies the interval in days. (Range: 1~7 days)

◆ Schedule Time — Specifies a time in hours and minutes. (Range: 0~23 hours,

0~59 minutes)

Figure 52: Reboot Schedule — Countdown Time

The following items are displayed on this page:

◆ Status — Selects a fixed time interval or a countdown time, or disables the

feature.

◆ Countdown Time — Specifies a time in minutes. (Default: 14400 minutes;

Range: 1~14400 minutes)

– 96 –

8 Status Information

The Information menu displays information on the current system configuration,
the wireless interface, the station status and system logs.

Status Information includes the following sections:

◆ “AP Status” on page 98

◆ “Station Status” on page 101

◆ “Station Statistics” on page 102

◆ “Event Logs” on page 103

◆ “WDS Status” on page 104

– 97 –

Chapter 8

AP Status

AP Status

| Status Information

The AP Status window displays basic system configuration settings, as well as the
settings for the wireless interfaces.

AP System

Configuration

The AP System Configuration table displays the basic system configuration settings

Figure 53: AP System Configuration

The following items are displayed on this page:

◆ Serial Number — The serial number of the physical access point.

◆ System Up Time — Length of time the management agent has been up.

◆ Ethernet MAC Address — The physical layer address for the Ethernet port.

◆ Radio 0 MAC Address — The base physical layer address of the 2.4 GHz

interface.

◆ Radio 1 MAC Address — The base physical layer address for the 5 GHz

interface.

– 98 –

Chapter 8

◆ System Name — Name assigned to this system.

◆ System Contact — Administrator responsible for the system.

◆ IP Address — IP address of the management interface for this device.

◆ IP Default Gateway — IP address of the gateway router between this device

| Status Information

AP Status

and management stations that exist on other network segments.

◆ HTTP Server Status — Shows if management access via HTTP is enabled.

◆ HTTP Port — Shows the TCP port used by the HTTP interface.

◆ HTTPS Server Status — Shows if management access via HTTPS is enabled.

◆ HTTPS Port — Shows the TCP port used by the HTTPS interface.

◆ SSH Server Status — Shows if management access via SSH is enabled.

◆ SSH Port — Shows the TCP port used for SSH access.

◆ Telnet Server Status — Shows if management access via Telnet is enabled.

◆ Telne t Por t — Shows the TCP port used for Telnet access.

◆ Software Version — Shows the software version number.

◆ Boot Rom Version — Show the boot software version number.

◆ Hardware Version — Shows the unit’s hardware version number.

◆ Part Number — Shows the model number of the unit.

◆ Production Date — Shows the production date of the unit.

– 99 –

Chapter 8

AP Status

| Status Information

AP Wireless

Configuration

The AP Wireless Configuration displays the VAP interface settings for the 2.4 GHz
and 5 GHz radios.

Figure 54: AP Wireless Configuration

The following items are displayed on this page for the 2.4 GHz and 5 GHz radio
interfaces:

◆ VAP — Displays the VAP number.

◆ SSID — The service set identifier for the VAP interface.

◆ Status — Displays the interface mode setting, either “ap”, “wds-ap”, or “wds-sta”.

◆ Association Mode — Shows the basic security mode configured for the VAP.

◆ Encryption Method — Displays the encryption method used on the interface.

◆ 802.1X — Shows if IEEE 802.1X access control for wireless clients is enabled.

◆ MAC Address — Displays the MAC address of the VAP interface.

– 100 –