is a registered trademark legally held by Shenzhen Tenda Technology Co., Ltd. Other
brand and product names mentioned herein are trademarks or registered trademarks of their
respective holders. Copyright of the whole product as integration, including its accessories and
software, belongs to Shenzhen Tenda Technology Co., Ltd. No part of this publication can be
reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language
in any form or by any means without the prior written permission of Shenzhen Tenda Technology
Co., Ltd.
Disclaimer
Pictures, images and product specifications herein are for references only. To improve internal
design, operational function, and/or reliability, Tenda reserves the right to make changes to the
products without obligation to notify any person or organization of such revisions or changes.
Tenda does not assume any liability that may occur due to the use or application of the product
described herein. Every effort has been made in the preparation of this document to ensure
accuracy of the contents, but all statements, information and recommendations in this document
do not constitute a warranty of any kind, express or implied.
i
Item
Presentation
Example
Cascading menus
>
Internet Settings > LAN Setup
Parameter and value
Bold
Set SSID to Tom.
Variable
Italic
Format: XX:XX:XX:XX:XX:XX
UI control
Bold
On the Quick Setup page, click the Save button.
Symbol
Meaning
This format is used to highlight information of importance or special interest.
Ignoring this type of note may result in ineffective configurations, loss of data or
damage to device.
This format is used to highlight a procedure that will save time or resources.
Acronym or
Abbreviation
Full Spelling
AC
Access Controller (Network Equipment)
AC
Access Category (WMM settings)
ACK
Acknowledge
AES
Advanced Encryption Standard
AIFSN
Arbitration Inter Frame Spacing Number
AP
Access Point
APSD
Automatic Power Save Delivery
ARP
Address Resolution Protocol
BE
Best Effort
BK
Background
Preface
Thank you for choosing Tenda! Please read this user guide before you start.
Conventions
The typographical elements that may be found in this document are defined as follows.
The symbols that may be found in this document are defined as follows.
Acronyms and Abbreviations
ii
Acronym or
Abbreviation
Full Spelling
CAT5e
Category 5 Ethernet
CSMA/CA
Carrier Sense Multiple Access with Collision Avoidance
CTS
Clear To Send
Cwmax
Contention Window Maximum
Cwmin
Contention Window Minimum
DHCP
Dynamic Host Configuration Protocol
DIFS
Distributed Inter-Frame Spacing
DNS
Domain Name Server
DTIM
Delivery Traffic Indication Message
EDCA
Enhanced Distributed Channel Access
GI
Guard Interval
IP
Internet Protocol
ISP
Internet Service Provider
LAN
Local Area Network
MAC
Medium Access Control
MIB
Management Information Base
MU-MIMO
Multi-User Multiple-Input Multiple-Output
NMS
Network Management System
NTS
Network Time Server
OID
Object Identifier
PoE
Power-over-Ethernet
PPP
Point to Point Protocol
PVID
Port-based VLAN ID
QVLAN
IEEE 802.11q VLAN
RADIUS
Remote Authentication Dial-In User Service
RF
Radio Frequency
RSSI
Received Signal Strength Indicator
iii
Acronym or
Abbreviation
Full Spelling
RTS
Request To Send
SNMP
Simple Network Management Protocol
SSID
Service Set Identifier
STA
Station
SYS
System
TCP/IP
Transmission Control Protocol/Internet Protocol
TKIP
Temporal Key Integrity Protocol
TXOP
Transmission Opportunity
UI
User Interface
UTF-8
8-bit Unicode Transformation Format
VI
Video Stream
VID
Virtual ID
VLAN
Virtual Local Area Network
VO
Voice Stream
WAN
Wide Area Network
WEP
Wired Equivalent Privacy
WMF
Wireless Multicast Forwarding
WMM
Wi-Fi Multimedia
WPA
Wi-Fi Protected Access
WPA-PSK
Wi-Fi Protected Access-Pre-shared Key
iv
Hotline
Global: (86) 755-27657180
(China Time Zone)
Email
support@tenda.com.cn
United States: 1-800-570-5892
(Toll Free: Daily-9am to 6pm PST)
Canada: 1-888-998-8966
(Toll Free: Mon - Fri 9 am - 6 pm PST)
Hong Kong: 00852-81931998
Website
http://www.tendacn.com
Technical Support
If you need more help, contact us by any of the following means. We will be glad to assist you as
soon as possible.
The AP is properly connected to a computer with an Ethernet cable.
The IP address of the management computer is in the same network segment of the AP. For
example, if the IP address of the AP is 192.168.0.254, the management computer should be
configured with an IP address of 192.168.0.X (X: 2~253). For how to configure the computer
with a specified IP address, see A.1 in Appendix.
Procedure
Step 1 Start a web browser on the computer, enter the IP address of the AP (default:
192.168.0.254) in the address bar, and press Enter (Windows) or Return (Mac) on the
keyboard.
How to obtain the login IP address:
The default login IP address is 192.168.0.254, which could be found on the rear panel of the AP.
You are recommended to note it down and keep it safely for later use.
If the AP is managed by an Tenda AC (access controller) or an Tenda router with AP functionality,
the IP address of the AP is assigned by the management Tenda AC or router. To obtain it, go to the
web UI of the AC or the router to view the new IP address of the AP.
Step 2 Enter the login user name and password (default: admin/admin), and click Login.
1
If the login page does not appear, refer to Q1 in A.2 FAQ.
To modify the login user name and password, see Account.
---- End
1.2 Logging out
The system logs you out when you:
Close the web browser.
Log in to the web UI of the AP but perform no operation within the Login Timeout Interval
(default: 5 minutes).
Login Time Interval allows you to set how long you can stay on the web UI, which could be modified by
navigating to Tools > Date & Time > Login Timeout Interval.
2
No.
Name
Description
1
Level-1 navigation bar
Used to display the function menu of the AP. Users can select
functions in the navigation bars and the configuration appears in the
configuration area.
2
Level-2 navigation bar
3
Tab page area
4
Configuration area
Used to modify or view your configuration.
1
2
3
4
1.3 Web UI layout
The web UI of the AP consists of four sections, including the level-1, and level-2 navigation bars, tab
page area, and the configuration area. See the following figure.
The functions and parameters dimmed on the web UI indicate that they cannot be changed in the
current configuration or they are not supported by the AP. To configure such functions or parameters,
configure their related functions or parameters first.
3
Button
Description
Used to save the configuration on the current page and enable the configuration to
take effect.
Used to modify the current configuration on the current page back to the original
configuration.
Used to get the online help.
1.4 Frequently-used buttons
The following table describes the frequently-used buttons available on the web UI of the AP.
4
Parameter
Description
Device Name
It specifies the name of the AP.
You can modify it on Internet Settings > LAN Setup page.
Uptime
It specifies the time that has elapsed since the AP starts up last time.
System Time
It specifies the current system time of the AP.
To make time-related configurations work properly, ensure that the system time is
correct. You can modify it on Tools > Date & Time page.
Firmware Version
It specifies the current firmware version number of the AP.
Hardware Version
It specifies the current hardware version number of the AP.
2 Status
This module presents you with an overall running status of the AP, including system status, LAN port
status, wireless status (2.4 GHz and 5 GHz), traffic statistics, and information of wireless clients
connected to the AP. You are allowed to view rather than modifying here.
2.1 System status
This page displays the System Status and LAN Port Status of the AP.
To access the page, choose Status > System Status.
System Status
Parameter description
5
Parameter
Description
Number of Wireless
Client
It specifies the quantity of wireless devices currently connected to the AP.
Parameter
Description
MAC Address
It specifies the physical address of the AP’s LAN port.
If you connect the AP to other devices using Ethernet cables, the AP uses this MAC
address to communicate with those devices.
IP Address
It specifies the IP address of the AP’s LAN port, which can be used to log in to the
web UI.
You can modify it on Internet Settings > LAN Setup page.
Subnet Mask
It specifies the subnet mask of the AP.
Primary DNS Server
It specifies the primary DNS server of the AP.
Secondary DNS Server
It specifies the secondary DNS server of the AP.
LAN Port Status
Parameter description
6
Parameter
Description
RF
It specifies whether the WiFi network at the corresponding band is enabled.
Enabled: WiFi network at the corresponding band is enabled.
Disabled: WiFi network at the corresponding band is disabled.
Network Mode
It specifies the network mode currently enabled by the AP on each radio band.
Channel
It specifies the current channel the AP operates on either2.4 GHz or 5 GHz band.
2.2 Wireless status
This page displays radio information and SSID information of the AP. You can get a glance of
whether or not the radio frequency (RF) function is enabled, the network mode it currently uses,
and the channel it operates, as well as all the SSIDs-related information. This page includes RF status
and SSID status.
To access the page, choose Status > Wireless Status.
RF status
Parameter description
7
Parameter
Description
SSID
Wireless network name of the AP. The AP supports up to 8 SSIDs on 2.4 GHz and 4 SSIDs
on 5 GHz.
The 1st SSID on the list indicates the primary SSID. By default, only the primary SSID on
each radio band is enabled.
MAC Address
It specifies the physical address of the corresponding wireless network.
Status
It specifies whether or not the corresponding WiFi network is enabled.
Security Mode
It specifies the security mode adopted by the corresponding WiFi network.
SSID status
Parameter description
8
2.3 Traffic statistics
This page allows you to view statistical information about traffic based on SSIDs.
To access the page, choose Status > Traffic Statistics.
9
Parameter
Description
SSID
Select the SSID from the drop-down list menu to view client information connected
to it.
MAC Address
It specifies the physical address of the client.
IP Address
It specifies the IP address of the client.
Client Type
It specifies the operating system of the client.
The AP identities the client type on two conditions:
The Identity Client Type function is enabled (To enable it, navigate to
Wireless > Advanced Settings).
The client connected to the AP has accessed an http:// website.
Otherwise, -- is displayed.
Connection Duration
It specifies the online time of the client.
Transmit Rate
It specifies the real time traffic the client has transmitted.
Receive Rate
It specifies the real time traffic the client has received.
2.4 Client list
This page allows you to view wireless clients connected to each SSID of the AP and their basic
information, and to block unknown wireless clients. Here, “client” refers to the devices connected to the AP’s wireless networks.
To access the page, choose Status > Client List.
Parameter description
10
Parameter
Description
Block
Click to block the client from accessing the AP’s wireless network.
To unblock a client, navigate to Wireless > Access Control.
11
Internet
Router
PoE Switch
AP (in AP mode)
3 Working mode
The AP supports AP mode (default mode) and Client+AP mode. This chapter introduces how to set
the working mode of the AP.
3.1 AP mode (default mode)
3.1.1 Typical network topology
In this mode, the AP connects to the internet in a wired manner, and converts wired network into
wireless network. See the following typical network topology.
12
Parameter
Description
Radio Band
It is used to select the radio band for configurations.
Working Mode
It specifies the working modes supported by the device.
AP mode (default mode): This mode is used to deploy wireless networks by
connecting the AP to the internet in a wired manner.
Client+AP mode: This mode is used to extend the existing wireless network by
bridging the upstream wireless signals.
SSID
Primary Wireless network name of the AP.
The 1st SSID on each radio band indicates the primary SSID.
Security Mode
It specifies the security mode you set for your AP’s WiFi network, including None, WEP,
WPA-PSK, WPA2-PSK, Mixed WPA/WPA2-PSK, WPA and WPA2.
See Security Modefor details.
3.1.2 Getting familiar with AP mode configuration page
To access the configuration page, choose Quick Setup.
Parameter description
3.1.3 Configuring AP mode
Log in to the web UI of the AP, and choose Quick Setup to enter the configuration page first.
13
By default, the device works in AP mode.
The following introduces how to set the device into AP mode on 2.4 GHz band. Configuration on 5
GHz is identical.
The device supports up to 8 SSIDs on 2.4 GHz band and 4 SSIDs on 5 GHz band. The SSID-related
parameters on this page refer to the first (primary) SSID of the AP.
Before you start
Ensure that the upstream router has connected to the internet successfully.
Procedure
Step 1 Select 2.4 GHz from the Radio Band drop-down list menu.
Step 2 Set Working Mode to AP.
Step 3 Customize an SSID (wireless network name) in the SSID box, which is Tenda_WiFi in this
example. This SSID is also your primary SSID on 2.4 GHz band.
Step 4 Select the security mode from the Security Mode drop-down list menu, which is
WPA2-PSK in this example.
Step 5 Select the Encryption Algorithm, which is AES in this example.
Step 6 Set a WiFi password in the Key box.
Step 7 Click Save to apply your settings.
---- End
After configuration, you can connect wireless devices to the WiFi network of your AP using the SSID
and WiFi password you set.
14
Internet
Router
PoE Switch
This AP
(in Client+AP mode)
Upstream AP
(in AP mode)
3.2 Client+AP mode
3.2.1 Typical network topology
In this mode, the AP extends the existing wireless network by bridging the upstream wireless signals.
See the following typical network topology.
15
Parameter
Description
Radio Band
It is used to select the radio band for configurations.
Working Mode
It specifies the working modes supported by the device.
AP mode (default mode): This mode is used to deploy wireless networks by
connecting the AP to the internet in a wired manner.
Client+AP mode: This mode is used to extend the existing wireless network by
bridging the upstream wireless signals.
SSID
It specifies the wireless network name of the upstream wireless network you selected.
Security Mode
It specifies the security mode adopted by the upstream wireless network you selected.
See Security Mode for details.
Key
It specifies the WiFi password for the upstream wireless network you selected.
Refresh
Used to refresh the scan results.
Scan/Disable
Scan: Used to scan nearby available wireless networks. The scan results are
displayed on the lower page.
Disable: The button only appears after you clicked Scan. It is used to end the scan
operation and collapse the scan result.
3.2.2 Getting familiar with Client+AP mode configuration page
To enter theconfiguration page, set Working Mode to Client+AP. See the following figure.
Parameter description
16
3.2.3 Configuring Client+AP mode
Log in to the web UI of the AP, and choose Quick Setup to enter the configuration page first.
By default, the device works in AP mode.
The following introduces how to set the device into Client+AP mode on 2.4 GHz band.
Configuration on 5 GHz is identical.
This device does not support dual-band bridging in Client+AP mode. Enabling Client+AP mode on
2.4 GHz band clears Client+AP configuration (if any) on 5 GHz band. And vice versa.
Procedure
Step 1 Select 2.4 GHz from the Radio Band drop-down list menu.
Step 2 Set Working Mode to Client+AP.
Step 3 Click Scan. The nearby available radio signals appear on the lower page.
If the SSID for bridging is not displayed, check if your upstream wireless network is enabled. If not,
enable it. Then refresh the scan result.
Step 4 Select the WiFi network to bridge, which is Tenda_Router in this example.
The device detects and auto-fills SSID, Security Mode, Encryption, and Algorithm of the
upstream wireless network for you, except the Key, which requires you to enter manually.
Step 5 Click Save to apply your settings.
17
Scan result
Click to refresh
scan result.
Click to collapse scan result
---- End
After the configuration, devices connected to the AP can access the upstream wireless network.
18
4 Internet settings
4.1 LAN setup
4.1.1 Overview
This section introduces how to:
Modify the IP address obtaining method of the AP.
Modify device name.
Modify negotiation mode.
To access the configuration page, choose InternetSettings > LAN Setup.
19
Parameter
Description
MAC Address
It specifies the MAC address of the AP’s LAN port.
IP Address Type
It specifies IP address obtaining method of the AP.
Static IP (default): You are required to set related parameters manually.
DHCP (Dynamic IP Address): The AP automatically obtains related parameters from
a DHCP server on your LAN network.
IP Address
It specifies the LAN IP address (also the login IP address) of the AP. Default:
192.168.0.254.
Subnet Mask
It specifies the subnet mask of the AP. Default: 255.255.255.0.
Default Gateway
It specifies the gateway IP address of the AP.
Generally, enter the LAN IP address of the router which has internet accessibility into
this box.
Primary DNS
It specifies the IP address of the primary DNS server of the AP.
If DNS proxy function is supported on your router connected to the internet, you can
set the IP address of the primary DNS server to the LAN IP address of your router.
Otherwise, enter a correct DNS server IP address.
Secondary DNS
It specifies the IP address of the secondary DNS server of the AP. This parameter is
optional.
Device Name
It specifies the name of the AP.
For later convenient management, you are recommended to modify each AP’s name.
Optimize Ethernet
for
Faster Speed (Auto Negotiation): This option features a high data rate but short
transmission distance. Generally, we recommend you select this option.
Longer Distance (10 Mbps Half Duplex): This option features long transmission
distance but low data rate. Generally, the negotiated speed is 10 Mbps.
If the Ethernet cable connecting the Ethernet port of the AP to the peer device is longer
than 100 meters, the Longer Distance mode is recommended. In this case, ensure that
the peer device adopts auto negotiation option.
Parameter description
20
*
4.1.2 Configuring the AP to obtain IP address automatically (for
multiple APs)
To access the configuration page, choose Internet Settings > LAN Setup first.
Procedure
Step 1 Select DHCP (Dynamic IP Address) from the IP Address Type drop-down list menu.
The IP address-related parameters dimmed and cannot be configured.
Step 2 Click Save to apply your settings.
---- End
To view the new IP address assigned to the AP, go to the upstream DHCP client list.
21
* * * * *
4.1.3 Configuring the AP to use static IP address (for few APs)
To access the configuration page, choose Internet Settings > LAN Setup first.
Procedure
Step 1 Select Static IP from the IP Address Type drop-down list menu.
The IP address-related parameters become configurable.
Step 2 Customize required parameters.
Step 3 Click Save to apply your settings.
---- End
After the configuration, if the new IP address of the AP belongs to the same network segment as
the IP address of your management computer, you can log in to the web UI of the AP directly using
the new IP address. Otherwise, before logging in to the AP’s web UI using the new IP address, assign
your computer an IP address that belongs to the same network segment as the new IP address.
22
Parameter
Description
DHCP Server
It specifies whether or not to enable the DHCP server function of the AP.
Start IP Address
It specifies the start IP address of the DHCP server’s IP address pool. The default value
is 192.168.0.100.
End IP Address
It specifies the end IP address of the DHCP server’s IP address pool. The default value is
192.168.0.200.
The End IP address must be greater than the Start IP address.
4.2 DHCP server
4.2.1 Overview
The AP supports the DHCP server function to assign IP addresses to devices connected to it. By
default, this function is disabled. After this function enabled, the following page appears.
If another DHCP server is available in your LAN, ensure that the IP address pool of the AP does not
overlap the IP address pool of that DHCP server. Otherwise, IP address conflicts may occur.
Parameter description
23
Parameter
Description
Subnet Mask
It specifies the subnet mask assigned by the DHCP server to devices. The default value
is 255.255.255.0.
Gateway Address
It specifies the gateway IP address assigned by the DHCP server to devices. Generally, it
is the LAN IP address of the router connected to the internet. The default value is
192.168.0.1.
Only through a gateway can a LAN device access a server or host which is not in the
local network segment. You are recommended to enter a gateway IP address which can
access the internet. Otherwise, the device in the LAN network cannot access the
internet.
Primary DNS
It specifies the DNS server address provided by your ISP. If you do not know it, please
consult your ISP.
To enable devices to access the internet, set this parameter to a correct DNS server IP
address or DNS proxy IP address.
Secondary DNS
It specifies the second DNS server address (if any) provided by your ISP. This parameter
is optional, which indicates you can leave it blank if your ISP does not provide this
parameter.
Lease Time
It specifies the validity period of an IP address assigned by the DHCP server to a device.
By default, it is 1 day.
When half of the lease time has elapsed, the device sends a DHCP request to the DHCP
server to renew the lease time. If the request succeeds, the lease time is extended
based on the request. Otherwise, the device sends a request again when 7/8 of the
lease time has elapsed. If the request succeeds, the lease time is extended based on
the request. Otherwise, the device must request a new IP address from the DHCP
server after the lease time expires.
You are recommended to retain the default value.
4.2.2 Configuring DHCP server of the AP
To access the configuration page, choose Internet Settings > DHCP Server.
The End IP Address must be greater than the Start IP Address.
The Start IP Address, End IP Address, and Gateway Address must belong to the same network
segment as that of the LAN IP of the device.
Step 3 Click Save to apply your settings.
---- End
4.2.3 Viewing DHCP clients
To view DHCP clients and their connection information, choose Internet Settings > DHCP Server,
and click the DHCP Clients tab. See the following figure.
25
5 Wireless
5.1 SSID
5.1.1 Overview
This module enables you to set SSID-related parameters of the AP.
To access the configuration page, choose Wireless > SSID.
26
Parameter
Description
SSID
Select one SSID from the drop-down list menu.
The AP allows you to enable 8 SSIDs on 2.4 GHz band, and 4 SSIDs on 5 GHz band.
Enable
Used to enable or disable the wireless network you selected.
Broadcast SSID
Enable: Nearby wireless clients can detect the SSID.
Disable: Nearby wireless clients cannot detect the SSID, and you need to enter
the SSID manually on the wireless client to access the wireless network.
Isolate Client
This parameter implements a function similar to the VLAN function for wired networks.
It isolates the wireless devices connected to the same WiFi network, so that the
wireless devices can access only the wired network connected to the AP. You can apply
this function to hotspot setup in public spaces, such as hotels and airports to improve
network security.
WMF
The number of wireless devices keeps increasing currently, but wired and wireless
bandwidth resources are limited. Therefore, the multicast technology, which enables
single-point data transmission and multi-point data reception, has been widely used in
networks in order to reduce bandwidth requirements and prevent network congestion.
Nevertheless, if a large number of devices are connected to a wireless interface of a
WiFi network and multicast data is intended for only one of the devices, the data is still
sent to all the devices, which increases unnecessary wireless resource usage and may
lead to wireless channel congestion. In addition, multicast stream forwarding over an
802.11 network is not secure, either.
The WMF function of the AP converts multicast traffic into unicast traffic and forwards
the traffic to the multicast traffic destination in the WiFi network, helping save wireless
resources, ensuring reliable transmission, and reducing delays.
Suppress Broadcast
Probe Response
If enabled, this device does not respond to the requests without an SSID, saving
wireless resources.
Max. Number of
Clients
This parameter specifies the maximum number of devices that can connect to the WiFi
network corresponding to an SSID. If the number is reached, the WiFi network rejects
new connection requests from devices. This limit helps balance load among SSIDs.
The AP supports 128 clients at most. That is to say, clients connected to all the enabled
wireless networks of the AP cannot exceed 128. If you enable multiple SSIDs, plan your
maximum number of clients to each SSID first.
Chinese SSID
Encoding
It specifies the character encoding format.
Available options include GB2312 and UTF-8.
A proper encoding format lets the SSID containing Chinese characters be displayed
Parameter description
27
Parameter
Description
normally across devices.
Security Mode
It specifies the security modes supported by the AP, including:
None: This wireless network is open. The security level is the lowest.
WEP: Wired Equivalent Privacy. The security level is very low.
WPA-PSK, WPA2-PSK, and Mixed WPA/WPA2-PSK: Applicable to most scenarios.
WPA and WPA2: This mode provides highest security level. It use 802.1 x RADUIS
to encrypt and is applicable to enterprises.
See Security Modefor details.
Security Mode
A WiFi network uses radio open to the public as its data transmission medium. If the WiFi network
is not protected by necessary measures, any device can connect to the network to access
unprotected data over the network or the resources of the network. To ensure communication
security, transmission links of WiFi network must be encrypted.
The AP supports various security modes for network encryption, including None, WEP, WPA-PSK,
WPA2-PSK, Mixed WPA/WPA2-PSK, and WPA/WPA2.
None
It indicates that any wireless device can connect to the WiFi network. This option is not
recommended because it leads to network insecurity.
WEP
It uses a static key to encrypt all exchanged data, and ensures that a WLAN has the same level of
security as a wired LAN. However, data encrypted based on WEP can be easily cracked. In addition,
WEP supports a maximum WiFi network throughput of only 54 Mbps. Therefore, this security mode
is not recommended.
Select WEP from the Security Mode drop-down list menu, the following parameters appear. See the
following figure.
28
Parameter
Description
Authentication Type
WEP consists of two authentication types.
Open: In this authentication, the wireless client does not need to provide the
credentials to the access point while authenticating. Generally, this authentication
is recommended when privacy is the main concern.
Shared: This authentication requires four step challenge-response handshake to
accomplish authentication. It is less secure than WEP Open since during
authentication process, WEP key is exposed.
Default Key
It indicates the designated key used for wireless clients to connect to the access point.
Key1/2/3/4
Enter one to four WEP keys, each of which consists of 5 or 13 ASCII printable
characters or 10 or 26 hexadecimal characters. Only the key that is designated as the
Default Key is effective.
Parameter description
WPA-PSK, WPA2-PSK, and Mixed WPA/WPA2-PSK
They belong to pre-shared key or personal key modes, where Mixed WPA/WPA2-PSK supports both
WPA-PSK and WPA2-PSK.
WPA-PSK, WPA2-PSK, and Mixed WPA/WPA2-PSK adopt a pre-shared key for authentication, while
the AP generates another key for data encryption. This prevents the vulnerability caused by static
WEP keys, and makes the three security modes suitable for ensuring security of home WiFi
networks. Nevertheless, because the initial pre-shared key for authentication is manually set and all
devices use the same key to connect to the same AP, the key may be disclosed unexpectedly. This
makes the security modes not suitable for scenarios where high security is required.
29
Parameter
Description
Encryption Algorithm
The AP supports the following three encryption algorithms:
AES: Advanced Encryption Standard. This is newer Wi-Fi encryption solution used
by the new-and-secure WPA2 standard. It is more secure than TKIP.
TKIP: Temporal Key Integrity Protocol. This is an older encryption protocol
introduced with WPA. This option is recommended only when you have older
devices that can’t connect to a WPA2-PSK (AES) network.
AES&TKIP: It indicates that both AES and TKIP are supported.
Key
It indicates the key used for wireless clients to connect to the access point.
Key Update Interval
It indicates the interval at which a WPA key is updated. A shorter interval leads to
higher security.
Select WPA-PSK (or WPA2-PSK, or Mixed WPA/WPA2-PSK) from the Security Mode drop-down list
menu, the following parameters appear. See the following figure.
Parameter description
WPA and WPA2
To address the key management weakness of WPA-PSK and WPA2-PSK, the WiFi Alliance puts
forward WPA and WPA2, which use 802.1x to authenticate devices and generate data encryption–
oriented root keys. WPA and WPA2 use the root keys to replace the pre-shared keys that set
manually, but adopt the same encryption process as WPA-PSK and WPA2-PSK.
WPA and WPA2 uses 802.1x to authenticate devices and the login information of a device is
managed by the device. This effectively reduces the probability of information leakage. In addition,
each time a device connects to an AP that adopts the WPA or WPA2 security mode, the RADIUS
server generates a data encryption key and assigns it to the device, which makes it difficult for
attackers to obtain the key. These features of WPA and WPA2 security modes help increase network
security significantly, making WPA and WPA2 the preferred security modes of WiFi networks that
require high security.
Select WPA (or WAP2) from the Security Mode drop-down list menu, the following parameters
30
Parameter
Description
RADIUS Server
Enter the IP address of RADIUS server.
RADIUS Port
Enter the authentication port number of the RADIUS sever.
RADIUS Key
Enter the password used for RADIUS authentication.
appear. See the following figure.
Parameter description
5.1.2 Modifying SSID-related parameters
To enter the configuration page, choose Wireless > SSID first.
Procedure
The following takes configuration on 2.4 GHz band for example. Configuration on 5 GHz is identical.
The following introduces how to modify parameters on this page. Modify them based on your
actual requirements.
Step 1 Select the SSID from the SSID drop-down list menu.
Step 2 Set Status to Enable.
Step 3 (Optional) Enable Broadcast SSID, Isolate Client, Isolate SSID, WMF, and modify the
number of client that can connect to this specific SSID in the Max. Number of Clients box.
31
The AP supports 128 clients at most. That is to say, clients connected to all the enabled wireless
networks of the AP cannot exceed 128. If you enable multiple SSIDs, plan your maximum number
of clients to each SSID first.
The AP allows you to enable 8 SSIDs on 2.4 GHz band, and 4 SSIDs on 5 GHz.
Step 4 (Optional) Customize SSID and security-related parameters as required.
SSID: Modify the default one if necessary.
Chinese SSID Encoding: A proper encoding format lets the SSID containing Chinese
characters be displayed normally across devices.
Security Mode: Choose a security mode and configure related parameters.
Step 5 Click Save to apply your settings.
---- End
32
Step
Task
Description
1
Configure the AP.
Select the SSID you want to implement the RADIUS authentication, and
enable it. Modify the SSID as required. Then set the security mode to
WPA2 and enter the RADISU server-related parameters.
2
Create RADIUS client.
Create a RADIUS client first, and then create a remote access policy.
3
Configure wireless network
information on the wireless
client.
Add the wireless network enabled with WPA or WPA2 of the AP
manually, and configure its security settings.
Internet
Router
PoE switch
AP
IP: 192.168.0.254
SSID: hot_spot
RADIUS server
IP: 192.168.0.200
5.1.3 Example of configuring a WiFi network encrypted by WPA
or WPA2
Network topology
Configuration description
Configuring a WiFi network encrypted by WPA or WPA2 involves operations across various devices.
This guide will walk you through the configuration step by step.
The following table summarizes the overall steps. Get yourself familiar with the whole process
before you start.
33
Procedure
Step 1 Configure the AP.
In this case, we assume that you have installed and configured a RADIUS server in your company, and
have obtained the following information:
RADIUS Server: IP address or domain name of the RADIUS server, which is 192.168.0.200 in this
example.
RADIUS Port: Port number used for authentication, which is 1812 in this example
RADIUS Password: Password used for authentication which is 12345678 in this example.
Select an SSID from the SSID drop-down list menu, and set the Status to Enable. 1.Modify the SSID to hot_spot. 2.Select WPA2 from the Security Mode drop-down list menu. The RADIUS-related 3.
parameters appear.
Enter your RADIUS Server, RADIUS Port, and RADIUS Password. Parameters on the 4.
following figure are only for examples.
Set Encryption Algorithm to AES. 5.Click Save to apply your settings. 6.
34
*
* * * * *
Step 2 Configure RADIUS client (Example: Windows 2003)
1. Configure a RADIUS client.
(1) In the Computer Management dialog box, double-click Internet Authentication
Service, right-click RADIUS Clients, and choose New RADIUS Client.
35
IP address of the AP
(2) Enter a RADIUS client name (device name of the AP is recommended) and the IP
address of the AP, and click Next.
36
Shared secret should be the same as that
specified by RADIUS Password on the AP.
(3) Enter 12345678 in the Shared secret and Confirm shared secret text boxes, and click
Finish.
Configure a remote access policy. 2.
(1) Right-click Remote Access Policies and choose New Remote Access Policy.
(2) In the New Remote Access Policy Wizard dialog box that appears, click Next.
37
(3) Enter a policy name and click Next.
(4) Select Ethernet and click Next.
38
(5) Select Group and click Add.
(6) Enter 802.1x in the Enter the object names to select text box, click Check Names, and
click OK.
39
(7) Select Protected EAP (PEAP) and click Next.
(8) Click Finish. The remote access policy is created.
40
(9) Right-click root and choose Properties. Select Grant remote access permission, select
NAS-Port-Type matches "Ethernet" AND, and click Edit.
(10) Select Wireless – Other, click Add, and click OK.
41
(11) Click Edit Dial-in Profile, click the Authentication tab, configure settings as shown in
the following figure, and click OK.
(12) When a message appears, click No.
Configure user information. 3.
Create a user and add the user to group 802.1x.
Step 3 Configure wireless settings on the wireless client (Example: Windows 7)
(1)Choose Start > Control Panel, click Network and Internet, click Network and Sharing
Center, and click Manage wireless networks.
42
(2) Click Add.
(3) Click Manually create a network profile.
43
Same as the security
mode of the SSID of the
AP
(4) Enter WiFi network information, select Connect even if the network is not
broadcasting, and click Next.
(5) Click Change connection settings.
44
(6) Click the Security tab, select Microsoft: Protected EAP (PEAP), and click Settings.
45
(7) Deselect Validate server certificate and click Configure.
(8) Deselect Automatically use my Windows logon name and password (and domain if
any) and click OK.
(9) Click Advanced settings.
46
(10) Select User or computer authentication and click OK.
(11) Click Close.
47
---- End
Verification
Step 1 Click the network icon in the lower-right corner of the desktop and choose the WiFi
network of the AP, which is hot_spot in this example.
Step 2 In the Windows Security dialog box that appears, enter the user name and password set
on the RADIUS server and click OK.
48
---- End
49
Parameter
Description
Wireless Network
It specifies whether to enable the radio function of the AP.
Country/Region
It specifies the country or region where the AP is used.
It is the installer’s responsibility to comply with channel regulations of the country or
5.2 RF settings
5.2.1 Overview
RF (Radio Frequency) settings allow you to configure advanced settings about the AP, such as
channel, power, short GI etc.
To enter the configuration page, choose Wireless > RF Settings.
Parameter description
50
Parameter
Description
region.
Network Mode
It specifies the wireless network mode (also called 802.11 mode, radio mode, or
wireless mode) of the AP. A proper network mode enables the clients to get the
maximum transfer rate and compatibility.
Available options for 2.4 GHz band: 11b, 11g, 11b/g, and 11b/g/n (default).
Available options for 5 GHz band: 11a, 11ac (default), and 11a/n mixed.
You are recommended to keep the default settings.
Channel
It specifies the operating channel of the AP. To configure this parameter, deselect Lock
Channel.
Auto indicates that this device automatically changes to a channel rarely used in the
ambient environment to prevent interference.
Channel Bandwidth
It specifies the wireless channel bandwidth of the AP.
Available options for 2.4 GHz band: 20MHz (default), 40MHz, and 20/40MHz.
Available options for 5 GHz band: 20MHz, 40MHz, and 80 MHz (default).
Extension Channel
It specifies the wireless extension channel of the AP.
Available only when Channel Bandwidth is set to 40MHz, and 20/40MHz on 2.4 GHz
band.
Lock Channel
If selected, Country/Region, Network Mode, and channel-related parameters
(including Channel Bandwidth and Extension Channel) become dim and cannot be
modified. By default, it is selected.
Transmit Power
Transmit power of this device.
A higher value leads to wider WiFi coverage. However, decreasing the value properly
increases performance and security of the wireless network.
To adjust it, deselect Lock Power first.
Lock Power
If selected, the Transmit Power cannot be adjusted. By default, it is selected.
Preamble
It specifies a group of bits located at the beginning of a packet, according to which the
receiver of the packet can perform synchronization and prepare for receiving data.
By default, the Long Preamble option is selected for compatibility with old network
adopters installed on wireless devices.
Short GI
Short guard interval for preventing data block interference.
Propagation delays may occur on the receiver side due to factors such as multipath
wireless signal transmission. If a data block is transmitted at an overly high speed, it
may interfere with the previous data block. The short GI helps prevent such
interference. Enabling the short GI can yield a 10% improvement in wireless data
throughput.
Suppress Broadcast
Probe Response
Whether or not to suppress the broadcast probe response.
If enabled, this device does not respond to the requests without an SSID, saving
51
Parameter
Description
wireless resources.
5.2.2 Configuring RF settings
To enter the configuration page, choose Wireless > RF Settings first.
By default, dimmed parameters, including channel-related parameters and transmit power cannot
be modified or adjusted. To modify or adjust these parameters, you need to deselect Lock Channel
and/or Lock Power first.
Modify or adjust these parameters according to your actual requirement.
52
Parameter
Description
Beacon Interval
It specifies the interval for transmitting the Beacon frame.
The Beacon frame is transmitted at the specified interval to announce the presence of
a wireless network. Generally, a smaller interval enables wireless devices to connect to
the AP more quickly, while a larger interval ensures higher data transmission speed for
the AP.
5.3 RF optimization
5.3.1 Overview
The AP allows you to configure advanced settings about radio frequency to optimize the AP
performance. Please modify these parameters under the professional guidance.
To enter the configuration page, choose Wireless > RF Optimization.
Parameter description
53
Parameter
Description
Fragment Threshold
It specifies the threshold of a fragment. Unit: byte.
Fragmenting is a process that divides a frame into several fragments, which are
transmitted and acknowledged separately. If the size of a frame exceeds this threshold,
the frame is fragmented.
In an environment of high error rate, you can reduce the threshold to enable the AP to
resend only the fragments that have not been sent successfully, so as to increase the
frame throughput.
In an environment without interference, you can increase the threshold to reduce the
number of acknowledgement times, so as to increase the frame throughput.
RTS Threshold
It specifies the frame length threshold for triggering the RTS/CTS mechanism. Unit:
byte.
If a frame exceeds this threshold, the RTS/CTS mechanism is triggered to reduce
conflicts.
Set the RTS threshold based on the actual situation. An excessively small value
increases the RTS frame transmission frequency and bandwidth requirement. A higher
RTS frame transmission frequency enables a WiFi network to recover from conflicts
quicker. For a WiFi network with high user density, you can reduce this threshold for
reducing conflicts. The RTS mechanism requires some network bandwidth. Therefore, it
is triggered only when frames exceed this threshold.
Signal Transmission
Coverage-oriented: This mode broadens WiFi coverage of APs, and is usually used
in scenarios deployed with fewer APs, such as offices, warehouses, and hospitals.
Capacity-oriented: This mode effectively decreases mutual interference among
APs, and is usually used in scenarios deployed with massive APs, such as
conferences, exhibition halls, banquet halls, stadiums, classrooms of
higher-education institutes, airports and so on.
DTIM Interval
It specifies the interval for transmitting the Delivery Traffic Indication Message (DTIM)
frame. Unit: Beacon.
A countdown starts from this value. The AP transmits broadcast and multicast frames
in its cache only when the countdown reaches zero.
For example, if DTIM Interval is set to 1, the AP transmits all cached frames after each
beacon frame is transmitted.
RSSI Threshold
Set a minimum strength of received signals acceptable to the AP. If the strength of the
signals transmitted by a wireless device is weaker than this threshold, the wireless
device cannot connect to the AP.
If there are multiple APs, an appropriate RSSI Threshold ensures that wireless devices
can connect to the AP’ WiFi networks with strong signals.
Prioritize 5 GHz
If enabled, devices that support 5 GHz band choose to connect the AP’s 5 GHz WiFi
network first. Otherwise, they randomly connect to 2.4GHz or 5 GHz WiFi network. This
option is available on the 5 GHz configuration page.
The default RSSI threshold to enable this function is -80 dBm. You can adjust the
54
Parameter
Description
threshold by customizing the Prioritize 5 GHz Threshold parameter.
Prioritize 5 GHz
Threshold
It specifies the RSSI threshold value to trigger the Prioritize 5 GHz function. The default
value is -80 dBm.
You are recommended to keep the default settings.
Air Interface
Scheduling
It specifies whether to enable the air interface scheduling function.
This function allows all clients to transmit data for the same duration. If a client
transmits data at a low speed and does not finish data transmission within the
duration, it can continue transmitting data only in its next data transmission duration.
This prevents some slow clients from occupying excessive airtime resources, so as to
improve the overall AP efficiency and effectively ensure AP connections for a larger
number of clients and greater throughputs.
Anti-interference
Mode
Select an interference mitigation mode for your AP.
moderate interference), and 3 (Suppress critical interference).
APSD
Automatic Power Save Delivery.
APSD is a WMM power saving protocol created by Wi-Fi Alliance. Enabling APSD helps
reduce power consumption. By default, this mode is disabled.
MU-MIMO
Multi-User Multiple-Input Multiple-Output.
If enabled, AP can communicate with multiple users concurrently, avoiding WiFi
network congestion and improving communication. This option is available on the 5 GHz configuration page.
Client Timeout
Interval
It specifies the maximum period before a WiFi client is disconnected from the AP if the
client exchanges no data with the AP. When data is exchanged within the period,
countdown stops.
Mandatory Rate
It specifies that any connected wireless clients that support the data rate options ticked
here may communicate with the router using that rate.
You are recommended to keep the default settings. If you need to modify them, please
do under professional guidance.
Optional Rate
55
5.3.2 Modifying radio optimization settings
You are strongly recommended to modify the settings only with professional guidance to prevent
degrading wireless performance.
To enter the configuration page, choose Wireless > RF Optimization first.
The following takes configuration on 2.4 GHz band for example. Configuration on 5 GHz is identical.
Procedure
Step 1 Locate and modify the parameters as required.
Step 2 Click Save to apply your settings.
---- End
56
5.4 Frequency analysis
This section introduces how to evaluate signal interference in ambient environment. You can use
the analysis result to help you configure the AP for best performance.
This module consists of Frequency Analysis and Channel Scan. Choose Wireless > Frequency
Analysis, and click the corresponding tab to enter the page.
5.4.1 Viewing frequency analysis
From the intuitive result, you can read how many wireless networks (total SSID) use the same
channel. See the following figure.
Color-code explanation:
Red: High channel usage. The channel is not recommended to use.
Yellow: Moderate channel usage.
Green: Low channel usage. The channel is recommended to use.
5.4.2 Excuting channel scan
The scan result list presents you with information about nearby wireless network, including SSID,
MAC address, channel, channel bandwidth, security mode, and signal strength. See the following
figure.
57
58
5.5 WMM
5.5.1 Overview
WMM is a wireless QoS protocol used to ensure that packets with high priorities are transmitted
first. This ensures better experience of voice and video service over WiFi networks.
WMM involves the following terms:
Enhanced Distributed Channel Access (EDCA): It is a channel competition mechanism to ensure
that packets with higher priorities are assigned more bandwidth and transmitted earlier.
Access Category (AC): The WMM mechanism divides WLAN traffic by priority in descending
order into the AC-VO (voice stream), AC-VI (video stream), AC-BE (best effort), and AC-BK
(background) access categories. The access categories use queues with different priorities to
send packets. The WMM mechanism ensures that packets in queues with higher priorities have
more opportunities to access channels.
According to the 802.11 protocol family, all devices listen on a channel before using the channel to
send data. If the channel stays idle for or longer than a specified period, the devices wait a random
backoff period within the contention window. The device whose backoff period expires first can use
the channel. The 802.11 protocol family applies the same backoff period and contention window to
all devices across a network to ensure that the devices have the same channel contention
opportunity.
ACK Policies
WMM specifies the Normal ACK and No ACK policies.
According to the No ACK policy, no ACK packet is used during wireless packet transmission to
acknowledge packet reception. This policy is applicable to scenarios where interference is mild
and can effectively improve transmission efficiency. In case of strong interference, lost packets
are not sent again if this policy is adopted. This leads a higher packet loss rate and reduces the
overall performance.
According to the Normal ACK policy, each time a receiver receives a packet, it sends back an
ACK packet to acknowledge packet reception.
EDCA Parameters
802.11 networks offer wireless access services based on the Carrier Sense Multiple Access with
Collision Avoidance (CSMA/CA) channel competition mechanism, which allows all wireless devices
to fairly compete for channels. All the services implemented over WiFi networks share the same
channel competition parameters. Nevertheless, different services usually have different
requirements for bandwidth, delay, and jitter. This requires wireless networks to offer accessibility
based on the services implemented over the networks.
WMM changes the contention mechanism of 802.11 networks by dividing packets into four ACs,
among which the ACs with higher priorities have more opportunities to access channels. The ACs
help achieve different service levels.
59
WMM assigns each AC a set of EDCA parameters for channel contention, including:
Arbitration Inter Frame Spacing Number (AIFSN): Different from the fixed distributed
inter-frame spacing (DIFS) specified in the 802.11 protocol family, AIFSN varies across ACs. A
greater AIFSN indicates a longer backoff period. See AIFS in the following figure.
Contention window minimum (CWmin) and contention window maximum (CWmax) specify the
average backoff period. The period increases along with these two values. See the backoff slots
in the following figure.
Transmission Opportunity (TXOP): It specifies the maximum channel use duration after
successful channel contention. The duration increases along with this value. The value 0
indicates that a device can send only one packet through a channel after winning contention for
the channel.
The AP offers 3 options for WMM optimization. You can choose the scenario-based (1 – 10 users, or
over 10 users) option and let the AP helps you optimize WMM automatically. Or you can choose
Custom to configure the parameters yourself to meet your very specific requirement.
5.5.2 Configuring scenario-based WMM settings
Select either of the two and let the AP helps you optimize WMM automatically.
To enter the configuration page, choose Wireless > WMM.
60
Parameter
Description
No ACK
See ACK Policies.
EDCA AP Parameter
See EDCA Parameters.
According to your actual situations, select Optimized for scenario with 1 - 10 users or Optimized
for scenario with more than 10 users, and click Save to apply your settings.
5.5.3 Configuring WMM settings manually
Configure the parameters yourself to meet your very specific requirement.
Tick Custom, the following page appears. Customize the related parameters and click Save to apply
your settings.
Parameter description
61
Parameter
Description
EDCA STA Parameter
SeeEDCA Parameters.
62
Parameter
Description
SSID
It specifies the SSID on which the MAC address access control is implemented.
Access Control
It specifies whether or not to enable this function.
Mode
Blacklist: Clients with MAC addresses on the access control list cannot access the
wireless network of AP.
Whitelist: Client with MAC addresses on the access control list can access the
wireless network of AP.
5.6 Access control
This module allows you to configure MAC address-based wireless access control rules.
5.6.1 Overview
To enter the configuration page, choose Wireless > Access Control. By default, this function is
disabled.
Parameter description
63
Tick to select all
Tick to select
5.6.2 Configuring access control
To enter the configuration page, choose Wireless > Access Control first.
Before configuration, obtain and note down the MAC address(es) of the target device(s).
The following introduces how to configure on 2.4 GHz band. Configuration on 5 GHz is identical.
Procedure
Step 1 Select the SSID to which the access control is applied from the SSID drop-down list menu.
Step 2 Enable Access Control.
Step 3 Select the control Mode as required.
Step 4 Add the MAC address of the client.
Select one or multiple devices by ticking the checkbox(es) next to ID column. 2.Click Add.
3.
Step 5 Click Save to apply your settings.
64
Click to delete the rule.
Toggle the button to enable or disable the rule.
---- End
65
*
5.7 Advanced settings
This module enables you to make AP’s WiFi network and wireless transmission more efficiently
through enabling identifying client type and filtering broadcast packet. By default, these two
functions are disabled.
To enter the configuration page, choose Wireless > Advanced Settings.
5.7.1 Identify client type
Enabling this function may impact on the wireless performance of the AP. Therefore, enable this
function only when necessary.
With this function enabled, the AP can identify the operating system of the client connected to it. To
enable this function, tick Enable next to the Identify Client Type, and click Save.
You can view the client type information by navigating to Status > Client List.
66
*
*
The AP identities the client type on two conditions:
The Identity Client Type function is enabled.
The client connected to the AP has accessed an http:// website.
Otherwise, -- is displayed.
5.7.2 Broadcast packet filter
You are strongly recommended to configure this function only under the professional guidance to
prevent degrading the WiFi performance of the AP.
By default, the AP will forward lots of invalid broadcast packets, which may affect normal packets
transmission. However, this function can filter broadcast packets and reduce airtime consumption,
ensuring bandwidth of normal packets transmission.
The AP supports to filter broadcast packets and allows you to keep DHCP and ARP packets, or ARP
packets only.
To enter the configuration page, choose Wireless > Advanced Settings first.
Procedure
Step 1 Tick Enable next to the Broadcast Packet Filter.
Step 2 Select the broadcast packets you do not want to filter from the drop-down list menu of
Filters.
Step 3 Click Save to apply your settings.
---- End
67
Parameter
Description
QVLAN
It specifies whether to enable the QVLAN function of the AP. By default, it is disabled.
PVID
Port-based VLAN ID.
It specifies the ID of the default native VLAN of the trunk port of the AP. The default
value is 1.
Management VLAN
It specifies the ID of the AP management VLAN. The default value is 1.
After changing the management VLAN, you can manage the AP only after connecting
your computer or AP controller to the new management VLAN.
2.4 GHz SSID
It specifies the currently enabled SSID(s) over the 2.4 GHz band of the AP.
5 GHz SSID
It specifies the currently enabled SSID(s) over the 5 GHz band of the AP.
5.8 QVLAN settings
This AP supports the IEEE 802.1q VLAN function and can work with switches supporting that
function to establish multiple VLANs. Devices connecting to VLANs with different VLAN IDs cannot
communicate with each other. By default, the AP’s QVLAN function is disabled.
5.8.1 Overview
To enter the configuration page, choose Wireless > QVLAN Settings.
Parameter description
68
Parameter
Description
VLAN ID
It specifies the VLAN IDs corresponding to SSIDs. By default, this value is 1000.
After the QVLAN function is enabled, the wireless ports corresponding to SSIDs
functions as access ports. The PVID of an access port is the same as its VLAN ID.
Port
Method to process received data
Method to process transmitted data
Tagged data
Untagged data
Access
Forward the data to
other ports of the VLAN
corresponding to the
VID in the data.
Forward the data to the
other ports of the VLAN
corresponding to the PVID
of the port that receives
the data.
Transmit data after removing tags from
the data.
Trunk
If the VID and PVID of a port are the
same, transmit data after removing tags
from the data.
If the VID and PVID of a port are
different, transmit data without
removing tags from the data.
If the QVLAN function is enabled, tagged data received by a port of the AP is forwarded to the other
ports of the VLAN corresponding to the VID in the data, whereas untagged data received by a port
of the AP is forwarded to the other ports of the VLAN corresponding to the PVID of the port that
receives the data.
The following table describes how ports of different link types process transmitted and received
data.
5.8.2 Example of configuring QVLAN
Networking requirement
A hotel has the following WiFi network coverage requirements:
Guests are allowed to connect to VLAN2 and only able to access the internet.
Hotel staffs are allowed to connect to VLAN3 and only able to access the intranet.
Hotel administrators are allowed to connect to VLAN4, able to access both the intranet and the
internet.
Assume that the SSID for guests is internet, the SSID for staffs is oa and the SSID for administrators
is VIP. The SSIDs are enabled and configured successfully on the AP.
69
Step
Task
Description
1
Configure the AP.
Enable QVLAN on the AP, and set required parameters.
2
Configure the switch.
Create IEEE 802.1q VLANs on the switch as required.
3
Configure the router
and the internal server.
Enable QVLAN function on your router and internal server, and configure
parameters as required.
Internet
Router
PoE switch
AP
Guest SSID: internet (VLAN2)
Staff SSID: oa (VLAN3)
Administrator SSID: VIP (VLAN4)
Internal
server
Network topology
Configuration description
Configuring QVLAN function involves operations across various devices. This guide will walk you
through the configuration step by step.
The following table summarizes the overall steps. Get yourself familiar with the whole process
before you start.
Procedure
Step 1 Configure the AP.
Log in to the web UI of the AP and choose Wireless > QVLAN Settings. 1.Enable QVLAN. 2.Modify the VLAN IDs as shows in the following figure. 3.
70
Port Connected To
Accessible VLAN ID
Port Type
PVID
AP
1, 2, 3, 4
Trunk
1
Internal server
3, 4
Trunk
1
Router
2, 4
Trunk
1
*
*
*
*
*
Click Save to apply your settings. 4.Click OK. And wait for the AP completes rebooting. 5.
Step 2 Configure the switch.
Create IEEE 802.1q VLANs described in the following table on the switch. Retain the default settings
of other ports. For details, refer to the user guide of the switch.
Step 3 Configure the router and the internal server.
To ensure your wireless devices connected to the AP can access the internet, you should configure
QVLAN function on your router and internal server which support QVLAN function. Detailed VLAN
parameters are listed as follows:
VLAN parameters configured on your router:
71
Port Connected To
Accessible VLAN ID
Port Type
PVID
Switch
2, 4
Trunk
1
Port Connected To
Accessible VLAN ID
Port Type
PVID
Switch
3, 4
Trunk
1
VLAN parameters configured on your internal server:
For configuration details, refer to the user guides of your router and internal server.
---- End
Verification
Wireless devices connected to the SSID internet can access only the internet. Wireless devices
connected to the SSID oa can access only the intranet. Wireless devices connected to the SSID VIP
can access both the internet and the intranet.
72
Internet
Router
Core switch
PoE switch
AC
AP1
AP2
AP n-1
APn
Management PC
6 Advanced
6.1 Deployment mode
If a large number of APs are deployed, you are recommended to adopt an Tenda AC (Access
Controller) to manage the APs in a centralized manner. The AP supports Local Deployment (default)
and Cloud Deployment.
6.1.1 Applicable scenarios
Deploy your network according to the following introduction to meet your very specific
requirement.
Local deployment
If you need to deploy many APs in a small area, you are recommended to set the AP in the local
deployment mode, which uses a local AC (in Sub AC mode) to manage the APs in a centralized
manner. The following figure shows the topology for the local deployment mode.
73
Router
Core switch
Router
AP1
AP2
APn
Internet
AC
PoE switch
Management
PC
Cloud deployment
If you need to deploy many APs distributed across a large area, you are recommended to select the
cloud deployment mode, which uses an AC (in Cloud AC mode) over the internet to manage the APs
in a centralized manner. The following figure shows the topology for the cloud deployment mode.
6.1.2 Introduction to deployment mode of the AP
To enter the configuration page, choose Advanced > Deployment Mode.
74
Parameter
Description
Deployment Mode
It specifies the deployment mode supported by the AP.
Local (default): It indicates that the AP can be managed only through the AC
connected to the same local network.
Cloud: In this mode, the AP can be managed only by a cloud AC or a cloud server.
Device Name
It specifies the device name of the AP.
You can customize the device name here, or on Internet Settings > LAN Setup page.
Modification of the device name is globally applied.
For later convenient management, you are recommended to customize the device
name.
Cloud AC Address
It specifies the WAN IP address of the router to which the cloud AC connects, or the
domain name to which the router’s WAN IP address is bound.
Cloud AC
Management Port
It specifies port of the egress router to which the cloud AC connects for managing this
device.
Cloud AC Upgrade
Port
It specifies port of the egress router to which the cloud AC connects for upgrading this
device.
Parameter description
6.1.3 Configuring the cloud deployment mode
Procedure
Step 1 Click Deployment, and select Cloud.
Step 2 Set related parameters.
Step 3 Click Save to apply your settings.
---- End
75
6.2 SNMP
6.2.1 Overview
The Simple Network Management Protocol (SNMP) is the most widely used network management
protocol in TCP/IP networks. SNMP enables you to remotely manage all your network devices
compliant with this protocol, such as monitoring the network status, changing network device
settings, and receiving network event alarms.
SNMP supports managing devices bought from various vendors automatically, regardless of physical
differences among the devices.
SNMP management framework
The SNMP management framework consists of SNMP manager, SNMP agent, and Management
Information Base (MIB).
SNMP manager: It is a system that controls and monitors network nodes using the SNMP
protocol. Network Management System (NMS) is the most widely used SNMP manager in
network environments. An NMS can be a dedicated network management server, or an
application that implements management functions in a network device.
SNMP agent: It is a software module in a managed device. This module is used to manage data
about the device and report the management data to an SNMP manager.
MIB: It is a collection of managed objects, defining a series of attributes of managed objects,
including names, access permissions, and data types of objects. Each SNMP agent has its own
MIB. An SNMP manager can read and/or write objects in the MIB based on the permissions
assigned to the SNMP manager.
An SNMP manager manages SNMP agents in an SNMP network. The SNMP manager exchanges
management information with the SNMP agents using the SNMP protocol.
Basic SNMP operations
The AP supports the following basic SNMP operations:
Get: An SNMP manager performs this operation to query the SNMP agent of the AP for values
of one or more objects.
Set: An SNMP manager performs this operation to set values of one or more objects in the MIB
of the SNMP agent of the AP.
SNMP protocol version
The AP is compatible with SNMP V1 and SNMP V2C and adopts the community authentication
mechanism. Community name is used to define the relationship between an SNMP agent and an
SNMP manager. If the community name contained in an SNMP packet is rejected by a device, the
packet is discarded. A community name functions as a password to control SNMP agent access
76
attempts of SNMP managers.
SNMP V2C is compatible with SNMP V1 and provides more functions than SNMP V1. Compared
with SNMP V1, SNMP V2C supports more operations (GetBulk and InformRequest) and data types
(such as Counter64), and provides more error codes for better distinguishing errors.
MIB introduction
An MIB adopts a tree structure. The nodes of the tree indicate managed objects. A path consisting
of digits and starting from the root can be used to uniquely identify a node. This path is calling an
object identifier (OID). The following figure shows the structure of an MIB. In the figure, the OID of
A is 1.3.6.1.2.1.1, whereas the OID of B is 1.3.6.1.2.1.2.
77
Parameter
Description
SNMP Agent
It specifies whether to enable the SNMP agent function of the AP. By default, it is
disabled.
An SNMP manager and the SNMP agent can communicate with each other only when
their SNMP versions are the same. Currently, the SNMP agent function of the AP
supports SNMP V1 and SNMP V2C.
Administrator
It specifies the administrator’s name of the AP. The default name is Administrator. You
can modify the administrator’s name if required.
Device Name
It specifies the device name of the AP. By default, the device name is Access Point. You
can modify it if required.
You are recommended to modify the AP name so that you can identify your AP easily
when managing the AP using SNMP.
Location
It specifies the location where the AP is used. You can modify the location according to
6.2.2 Configuring the SNMP function
To enter the configuration page, choose Advanced > SNMP first.
Procedure
Step 1 Enable SNMP Agent.
Step 2 Set related parameters.
Step 3 Click Save to apply your settings.
---- End
Parameter description
78
Parameter
Description
your actual situation.
Read Community
It specifies the read password shared between SNMP managers and the SNMP agent.
The default password is public.
The SNMP agent function of the AP allows an SNMP manager to use the password to
read variables in the MIB of the AP.
Read/Write
Community
It specifies the read/write password shared between SNMP managers and the SNMP
agent. The default password is private.
The SNMP agent function of the AP allows an SNMP manager to use the password to
read/write variables in the MIB of the AP.
Internet
Router
PoE switch
AP
192.168.0.254/24
NMS
192.168.0.212/24
6.2.3 Example of configuring SNMP settings
Networking requirement
The AP connects to an NMS over an LAN network. This IP address of the AP is 192.168.0.254/24
and the IP address of the NMS is 192.168.0.212/24.
The NMS uses SNMP V1 or SNMP V2C to monitor and manage the AP.
79
Procedure
Step 1 Configure the AP.
Assume that the administrator name is Tom, read community is Tom, and read/write
community is Tom123.
Log in to the web UI of the AP and choose SNMP. 1.Set SNMP Agent to Enable. 2.Set the SNMP parameters. 3.Click Save to apply your settings. 4.
Step 2 Configure the NMS.
On an NMS that uses SNMP V1 or SNMP V2C, set the read community to Tom and
read/write community to Tom123. For details about how to configure the NMS, refer to the
user guide of the NMS.
---- End
Verification
After the configuration, the NMS can connect to the SNMP agent of the AP and can query and set
some parameters on the SNMP agent through the MIB.
80
7 Tools
7.1 Date & time
This section introduces how to set the system time and login timeout interval of your AP.
7.1.1 Overview
This function is used to set the system time. To make the time-related functions effective, ensure
that the system time of the AP is set correctly.
The section introduces how to:
Sync with internet time.
Set system time manually (default).
To access the configuration page, choose Tools > Date & Time. See the following figure.
81
7.1.2 Configuring system time
Configuring AP to synchronizing with internet time
With this method, the AP automatically synchronizes its system time with the network time server
(NTS). As long as the AP is connecting to the internet, the system time is correct.
Procedure
Step 1 Choose Tools > Date & Time.
Step 2 Tick the Sync with Internet Time box.
Step 3 Select a value from the Sync Interval drop-down list menu as required, which is 30 min in
this example.
Step 4 Choose the Time Zone where the AP locates.
Step 5 Click Save to apply your settings.
---- End
The AP synchronizes with the internet time every 30 minutes.
82
Configuring date and time manually
With this method, you need to manually reconfigure the system time each time the AP reboots.
Procedure
Step 1 Choose Tools > Date & Time.
Step 2 For manual setup, you can:
Option one: Enter a correct date and time manually.
Option two: Click Sync with PC Time, the AP auto-fills the system time of your
management computer in the Date & Time fields.
Make sure that the system time of your management computer is correct.
Step 3 Click Save to apply your settings.
---- End
7.1.3 Configuring login timeout interval
If you log in to the web UI of the AP and perform no operation within the login timeout interval, the
AP logs you out automatically.
Procedure
Step 1 Choose Tools > Date & Time, and click the Login Timeout Interval tab.
Step 2 Set the login timeout interval as required.
Step 3 Click Save to apply your settings.
83
---- End
The AP logs you out automatically if you perform no operation within the interval you set here.
84
7.2 Maintenance
This section introduces how to:
Reboot the AP manually, or as scheduled.
Reset the AP either using web UI, or the RESET button.
Upgrade the AP.
Back up the AP’s configuration to your local computer.
Restore your previous configurations.
Control the LED indicator of the AP.
7.2.1 Reboot
If a parameter does not take effect or the AP does not work properly, you can try rebooting the AP
to resolve the problem.
The AP supports two rebooting methods:
Manual reboot: Reboot the AP by clicking the Reboot button.
Reboot schedule: Let the AP reboot at the specified time or interval you set.
Rebooting the AP disconnects all connections. You are recommended to reboot the AP in spare time.
Manual reboot
Procedure
Step 1 Choose Tools > Maintenance.
Step 2 Click Reboot.
Step 3 Click OK on the pop-up window.
---- End
Wait for the AP completes rebooting.
85
Reboot schedule
You can let the AP reboot:
At interval:The AP reboots at the interval you set.
At specified time: The AP reboots regularly at the time you set.
Configuring the AP to reboot at an interval
Step 1 Click Tools > Maintenance, and click the Reboot Schedule tab.
Step 2 Enable Reboot Schedule.
Step 3 Select Reboot Interval from the Type drop-down list menu.
Step 4 Set Interval as required, which is 1440 minutes in this example.
Step 5 Click Save to apply your settings.
---- End
The AP reboots every 1440 minutes.
Configuring the AP to reboot at specified time
Step 1 Click Tools > Maintenance, and click the Reboot Schedule tab.
Step 2 Enable Reboot Schedule.
Step 3 Select Reboot Schedule from the Type drop-down list menu.
Step 4 Reboot On: Select the required day(s) when the AP reboots, which is Monday in this
example.
Step 5 Reboot At: Set the time when the AP reboots, which is 3:00 in this example.
Step 6 Click Save to apply your settings.
86
---- End
The AP reboots at 3:00 every Monday.
7.2.2 Reset
If the internet is inaccessible for unknown reasons, or you forget the login password, you can reset
the AP to resolve the problems.
The AP supports two resetting methods:
Resetting the AP using web UI.
Resetting the AP using the Reset button.
Resetting the AP deletes all your current configurations, and you need to reconfigure the AP again.
Therefore, resetting the AP only when necessary.
If it is necessary to reset the AP, backing up your current configuration first.
When resetting, do not power off the AP.
Resetting the AP using web UI
Step 1 Click Tools > Maintenance.
Step 2 Click the Reset button.
Step 3 Click OK on the pop-up window.
87
---- End
Resetting the AP using the Reset button
This method enables you to reset the AP without logging in to its web UI.
With the SYS LED indicator blinking, hold down the RESET button using a paper clip for about 8
seconds, and release the button when the SYS LED indicator lights up. When the SYS LED indicator
blinks, the AP completes resetting.
---- End
7.2.3 Upgrade firmware
This function enables you to upgrade the AP’s firmware to get more functions and higher stability.
To enable your AP to work properly after an upgrade, ensure that the firmware used to upgrade
complies with your product model.
When upgrading, do not power off the AP.
Procedure
Step 1 Download the latest firmware version for the AP from http://www.tendacn.com to your
local computer.
Step 2 Log in to the web UI of the AP, navigate to Tools > Maintenance, and locate the Upgrade
Firmware configuration area.
Step 3 Click Upgrade, select and upload the firmware that has been downloaded to your
computer.
Step 4 Click Upgrade. Wait until the progress bar completes.
88
If you upgrade low transmit power version to/from high transmit power version, reset the AP after
upgrading completes to apply your settings.
---- End
Wait until the progress bar completes. Then log in to the web UI of the AP again. Click Status >
System Status and check whether the upgrade is successful according to the Firmware Version
parameter.
7.2.4 Backup and restoring configurations
The backup function is used to export the current configuration of the AP to your computer. The
restore function is used to import a configuration file to the AP.
You are recommended to back up the configuration after it is significantly changed. When the
performance of your AP decreases because of an improper configuration, or after you restore the
AP to factory settings, you can use this function to restore a configuration that has been backed up.
If you need to apply same or similar configuration to many APs, you can configure one of the APs, back
up its configuration, and use the backup configuration file to restore the configuration of other APs.
A configuration file indicated with APCfm.cfg will be downloaded.
89
If the following warning message appears, click Keep.
Restoring previous configuration
Step 1 Click Tools > Maintenance.
Step 2 Click Backup/Restore.
Step 3 Click Restore on the pop-up window.
Step 4 Choose the file you would like to restore.
---- End
Wait until the progress bar completes.
7.2.5 LED indicator control
This function enables you to turn on/off the LED indicator of the AP. By default, the LED indicator is
turned on. To turn off the LED indicator, click Turn off all LED indicators.
90
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.