Allied Telesis K K TQ3600 Wireless access point with PoE powered device function User Manual at001867a
Allied Telesis K.K. Wireless access point with PoE powered device function at001867a
Contents
- 1. User manual (statement)
- 2. User manual
- 3. User Manual_rev 2
User Manual_rev 2
Review Draft - May 9, 2014 AT-TQ Series Enterprise-class Wireless Access Points with IEEE802.11a/b/g/n Dual Radios Management Software User’s Guide 613-001867 Rev. B Review Draft - May 9, 2014 Copyright 2014 Allied Telesis, Inc. All rights reserved. This product includes software licensed under the BSD License. As such, the following language applies for those portions of the software licensed under the BSD License: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Allied Telesis, Inc. nor the names of the respective companies above may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright (c) [dates as appropriate to package] by The Regents of the University of California - All rights reserved. Copyright (c) 2000-2003 by Intel Corporation - All rights reserved. Copyright (c) 1997-2003, 2004 by Thomas E. Dickey- All rights reserved. Copyright (c) 2001-2009 by Brandon Long (ClearSilver is now licensed under the New BSD License.) Copyright (c) 1984-2000 by Carnegie Mellon University - All rights reserved. Copyright (c) 2002,2003 by Matt Johnston - All rights reserved. Copyright (c) 1995 by Tatu Ylonen - All rights reserved. Copyright 1997-2003 by Simon Tatham. Portions copyright by Robert de Bath, Joris van Rantwijk, Delian Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, Justin Bradford, and CORE SDI S.A. Copyright (c) 1989, 1991 by Free Software Foundation, Inc. (GNU General Public License, Version 2, June 1991). Copyright (c) 2002-2005 by Jouni Malinen and contributors. Copyright (c) 1991, 1999 by Free Software Foundation, Inc. (GNU Lesser General Public License, Version 2.1, February 1999). Copyright (c) 1998-2002 by Daniel Veillard - All rights reserved. Copyright (c) 1998-2004 by The OpenSSL Project - All rights reserved. Copyright (c) 1995-1998 by Eric Young (eay@cryptsoft.com) - All rights reserved. This product also includes software licensed under the GNU General Public License available from: http://www.gnu.org/licenses/gpl2.html Allied Telesis is committed to meeting the requirements of the open source licenses including the GNU General Public License (GPL) and will make all required source code available. If you would like a copy of the GPL source code contained in this product, please send us a request by registered mail including a check for US$15 to cover production and shipping costs, and a CD with the GPL code will be mailed to you. GPL Code Request Allied Telesis Labs (Ltd) PO Box 8011 Christchurch, New Zealand No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis™ and the Allied Telesis logo are trademarks of Allied Telesis, Incorporated. Ethernet™ is a trademark of the Xerox Corporation. Wi-Fi®, Wi-Fi Alliance®, WMM®, Wi-Fi Protected Access® (WPA), the Wi-Fi CERTIFIED logo, the Wi-Fi logo, the Wi-Fi ZONE logo, and the Wi-Fi Protected Setup logo are registered trademarks of the Wi-Fi Alliance. Wi-Fi CERTIFIED™, Wi-Fi Multimedia™, WPA2™ and the Wi-Fi Alliance logo are trademarks of the Wi-Fi Alliance. Microsoft is a registered trademark of Microsoft Corporation. Review Draft - May 9, 2014 All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesis, Inc. reserves the right to make changes in specifications and other information contained in this document without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages. Review Draft - May 9, 2014 Review Draft - May 9, 2014 Contents Preface ............................................................................................................................................................13 Safety Symbols Used in this Document ...........................................................................................................14 Contacting Allied Telesis ..................................................................................................................................15 Chapter 1: Overview ......................................................................................................................................17 AT-TQ Series of Wireless Access Points .........................................................................................................18 Features ...........................................................................................................................................................19 Management Modes and Methods ...................................................................................................................21 Starting a Management Session on the Access Point......................................................................................22 Starting the Initial Management Session on the Access Point .........................................................................23 Starting the Initial Management Session with a Direct Connection............................................................24 Starting the Initial Management Session without a DHCP Server .............................................................24 Starting the Initial Management Session with a DHCP Server ..................................................................25 Using the Management Menus and Windows ..................................................................................................26 Web Browser Menus..................................................................................................................................26 Saving Your Changes ................................................................................................................................28 Logging Off.................................................................................................................................................28 Chapter 2: Basic Settings Menu ...................................................................................................................29 Displaying Basic Information ............................................................................................................................30 Changing the Manager’s Login Name and Password ......................................................................................32 Changing the System Name, Contact, and Location........................................................................................33 Chapter 3: Manage Menu ..............................................................................................................................35 Assigning a Static IP Address to the Access Point...........................................................................................36 Assigning a Dynamic IP Address from a DHCP Server to the Access Point....................................................38 Setting VLAN IDs..............................................................................................................................................39 Management VLAN ID ...............................................................................................................................39 VLAN ID for Untagged Traffic ....................................................................................................................39 Enabling or Disabling Broadcast Ping Replies .................................................................................................40 Setting the Country Setting...............................................................................................................................41 Configuring Basic Radio Settings .....................................................................................................................43 Configuring the Radio Settings.........................................................................................................................46 Configuring Virtual Access Points ....................................................................................................................58 No Security.................................................................................................................................................61 IEEE 802.1x Security .................................................................................................................................61 Static WEP .................................................................................................................................................63 WPA Enterprise..........................................................................................................................................66 WPA Personal............................................................................................................................................69 Managing Wireless Distribution System Bridges..............................................................................................71 Configurations of WDS Bridges .................................................................................................................71 Radio..........................................................................................................................................................73 Radio Mode................................................................................................................................................73 Radio Channel ...........................................................................................................................................73 VAP0 ..........................................................................................................................................................73 Encryption ..................................................................................................................................................74 Dynamic Frequency Selection ...................................................................................................................74 Guidelines ..................................................................................................................................................75 Review Draft - May 9, 2014 Contents Preparing the Access Point for the WDS Bridge ....................................................................................... 76 Configuring the WDS Bridge ..................................................................................................................... 77 Static WEP ................................................................................................................................................ 79 WPA Personal ........................................................................................................................................... 80 Configuring the MAC Address Filter ................................................................................................................ 82 Generating Event Messages for Unknown Access Points ............................................................................... 85 Enabling Event Messages for Unknown Access Points ............................................................................ 85 Disabling Event Messages for Unknown Access Points ........................................................................... 87 Configuring the Access Point for the Optional AT-UWC Program ................................................................... 88 Enabling the Controller Client.................................................................................................................... 88 Disabling the Controller Client ................................................................................................................... 91 Chapter 4: Cluster Menu .............................................................................................................................. 93 Overview .......................................................................................................................................................... 94 Planning a Cluster.......................................................................................................................................... 101 Creating or Adding Access Points to a Cluster .............................................................................................. 102 Managing the Access Points of a Cluster ...................................................................................................... 105 Removing an Access Point from a Cluster .................................................................................................... 106 Viewing the Wireless Clients of a Cluster ...................................................................................................... 107 Using Automatic Channel Assignments ......................................................................................................... 109 Enabling Automatic Channel Assignments.............................................................................................. 109 Disabling Automatic Channel Assignments............................................................................................. 112 Viewing the Neighboring Access Points of the Cluster .................................................................................. 113 Chapter 5: Status Menu .............................................................................................................................. 117 Viewing the Associated Clients of an Access Point ....................................................................................... 118 Viewing Event Messages ............................................................................................................................... 120 Viewing System Event Messages ........................................................................................................... 121 Configuring the Event Log ....................................................................................................................... 123 Configuring the Syslog Client .................................................................................................................. 124 Disabling the Syslog Client...................................................................................................................... 125 Viewing Neighboring Access Points .............................................................................................................. 126 Displaying the IP Addresses of AT-UWC Programs ...................................................................................... 129 Displaying Statistics ....................................................................................................................................... 130 Viewing Basic IP and Radio Information ........................................................................................................ 134 Chapter 6: Services Menu .......................................................................................................................... 135 Configuring Quality of Service ....................................................................................................................... 136 Configuring SNMPv1 and v2c ........................................................................................................................ 143 Enabling or Disabling the LEDs ..................................................................................................................... 150 Configuring the HTTP Server......................................................................................................................... 151 Enabling the HTTP Server....................................................................................................................... 151 Disabling the HTTP Server...................................................................................................................... 152 Configuring the HTTPS Server ...................................................................................................................... 153 Enabling the HTTPS Server .................................................................................................................... 153 Disabling the HTTPS Server ................................................................................................................... 154 Configuring the Maximum Number of Active Management Sessions ............................................................ 155 Configuring the Management Session Timer................................................................................................. 156 Manually Setting the Date and Time .............................................................................................................. 157 Setting the Date and Time with the Network Time Protocol Client ................................................................ 159 Chapter 7: Maintenance Menu ................................................................................................................... 161 Restoring the Default Settings to the Access Point ....................................................................................... 162 Downloading the Configuration from the Access Point to Your Computer..................................................... 164 Restoring a Configuration to the Access Point .............................................................................................. 165 Rebooting the Access Point ........................................................................................................................... 166 Enabling or Disabling the Reset Button ......................................................................................................... 167 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Switching the Primary and Secondary Management Software Images..........................................................168 Uploading New Versions of the Management Software to the Access Point .................................................170 Review Draft - May 9, 2014 Contents Review Draft - May 9, 2014 Figures Figure 1: AT-TQ2450 and AT-TQ3600 Access Points .................................................................................... 18 Figure 2: Log On Window................................................................................................................................ 22 Figure 3: Horizontal Menus ............................................................................................................................. 26 Figure 4: Vertical Menus.................................................................................................................................. 27 Figure 5: Dropdown Menus ............................................................................................................................. 27 Figure 6: Provide Basic Settings Window........................................................................................................ 30 Figure 7: Modify Ethernet (Wired) Settings Window........................................................................................ 36 Figure 8: Modify Wireless Settings Window .................................................................................................... 41 Figure 9: Modify Radio Settings Window......................................................................................................... 47 Figure 10: Modify Virtual Access Point Settings Window ................................................................................ 60 Figure 11: 802.1x Authentication for VAPs...................................................................................................... 61 Figure 12: Static WEP Encryption for VAPs .................................................................................................... 63 Figure 13: WPA Enterprise for VAPs............................................................................................................... 66 Figure 14: WPA Personal for VAPs................................................................................................................. 69 Figure 15: WDS Bridge Used to Connect LAN Segments............................................................................... 71 Figure 16: WDS Bridge Used to Extend a Network......................................................................................... 71 Figure 17: Valid Configurations of WDS Bridges............................................................................................. 72 Figure 18: Invalid Loop Configuration of Access Points .................................................................................. 72 Figure 19: Invalid Loop Configuration of Access Points to a Wired Network Device ...................................... 73 Figure 20: Invalid Configuration of Four Wireless Access Points.................................................................... 73 Figure 21: Configure WDS Bridges to Other Access Points Window.............................................................. 77 Figure 22: Remote Address List ...................................................................................................................... 78 Figure 23: Static WEP on WDS Bridges.......................................................................................................... 79 Figure 24: WPA Personal on WDS Bridges .................................................................................................... 80 Figure 25: Configure MAC Filtering of Client Stations Window ....................................................................... 83 Figure 26: Event Message for Unknown Access Points.................................................................................. 85 Figure 27: Configure Pre-Configured Rogue AP Window ............................................................................... 86 Figure 28: Configure Managed Access Point Parameters Window................................................................. 88 Figure 29: Manage Access Points in the Cluster Window............................................................................. 102 Figure 30: Active Cluster in the Manage Access Points in the Cluster Window............................................ 104 Figure 31: Manage Sessions Associated with the Cluster Window............................................................... 107 Figure 32: Automatically Manage Channel Assignments Window ................................................................ 109 Figure 33: Automatically Manage Channel Assignments Window - Automatic Channel Assignment Enabled ......................................................................................................................................................... 110 Figure 34: View Neighboring Access Points Window .................................................................................... 113 Figure 35: Neighbor Details........................................................................................................................... 114 Figure 36: View List of Currently Associated Client Stations......................................................................... 118 Figure 37: View Events Generated by this Access Point Window................................................................. 122 Figure 38: View Neighboring Access Points Window .................................................................................... 126 Figure 39: Displaying View List of Managing Switch IP Addresses and Base IP Port Obtained via DHCP .. 129 Figure 40: Status Table in the View Transmit and Receive Statistics for this Access Point Window ............ 130 Figure 41: Transmit Statistics Table of the View Transmit and Receive Statistics for this Access Point Window.......................................................................................................................................................... 131 Figure 42: Receive Statistics Table of the View Transmit and Receive Statistics for this Access Point Window.......................................................................................................................................................... 132 Review Draft - May 9, 2014 List of Figures Figure 43: View Settings for Network Interfaces Window .............................................................................. Figure 44: Modify QoS Queue Parameters.................................................................................................... Figure 45: SNMP Configuration Window ....................................................................................................... Figure 46: Control LEDs Window................................................................................................................... Figure 47: Configure Web Server Settings Window....................................................................................... Figure 48: Disable HTTP Server Prompt ....................................................................................................... Figure 49: Generate SSL Certificate Prompt ................................................................................................. Figure 50: Disable HTTPS Server Prompt ..................................................................................................... Figure 51: Modify How the Access Point Discovers the Time Window - Manually Setting the Date and Time ............................................................................................................................................................... Figure 52: Daylight Savings Time Fields ....................................................................................................... Figure 53: Modify How the Access Point Discovers the Time Window - Configuring the NTP Client............ Figure 54: Manage this Access Point’s Configuration Window...................................................................... Figure 55: Manage Firmware Window ........................................................................................................... 10 134 137 144 150 151 152 153 154 157 158 159 163 168 Review Draft - May 9, 2014 Tables Table 1. Review Description of this Access Point .......................................................................................... 31 Table 2. Modify Wireless Settings Window .................................................................................................... 44 Table 3. Modify Radio Settings Window ......................................................................................................... 48 Table 4. IEEE 802.1x ...................................................................................................................................... 61 Table 5. Static WEP ....................................................................................................................................... 63 Table 6. WPA Enterprise ................................................................................................................................ 67 Table 7. WPA Personal .................................................................................................................................. 69 Table 8. Available Encryption Settings on WDS Bridges ............................................................................... 74 Table 9. Static WEP on WDS Links ................................................................................................................ 79 Table 10. WPA Personal on WDS Links ........................................................................................................ 81 Table 11. Shared and Non-shared Parameters on the Access Points in a Cluster ........................................ 94 Table 12. Manage Sessions Associated with the Cluster Window ............................................................... 107 Table 13. Current Channel Assignments ...................................................................................................... 110 Table 14. Channel Reassignment Parameters ............................................................................................. 111 Table 15. View Neighboring Access Points Window .................................................................................... 114 Table 16. Neighbor Details Window ............................................................................................................. 115 Table 17. View List of Currently Associated Client Stations Window ........................................................... 118 Table 18. Event Messages Table ................................................................................................................. 122 Table 19. Neighboring Access Point Settings Window ................................................................................. 126 Table 20. Status Table Information .............................................................................................................. 131 Table 21. Transmit Statistics Table .............................................................................................................. 132 Table 22. Receive Statistics Table ............................................................................................................... 133 Table 23. Modify QoS Queue Parameters Window ...................................................................................... 137 Table 24. SNMP ........................................................................................................................................... 145 11 Review Draft - May 9, 2014 List of Tables 12 Review Draft - May 9, 2014 Preface This guide explains how to configure the AT-TQ2450 and AT-TQ3600 Wireless Access Points with the web browser management windows. This preface contains the following sections: “Safety Symbols Used in this Document” on page 14 “Contacting Allied Telesis” on page 15 13 Review Draft - May 9, 2014 Preface Safety Symbols Used in this Document This document uses the following conventions. Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury. Warning Laser warnings inform you that an eye or skin hazard exists due to the presence of a Class 1 laser device. 14 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Contacting Allied Telesis If you need assistance with this product, you may contact Allied Telesis technical support by going to the Support & Services section of the Allied Telesis web site at www.alliedtelesis.com/support. You can find links for the following services on this page: 24/7 Online Support — Enter our interactive support center to search for answers to your product questions in our knowledge database, to check support tickets, to learn about RMAs, and to contact Allied Telesis technical experts. USA and EMEA phone support — Select the phone number that best fits your location and customer type. Hardware warranty information — Learn about Allied Telesis warranties and register your product online. Replacement Services — Submit a Return Merchandise Authorization (RMA) request via our interactive support center. Documentation — View the most recent installation and user guides, software release notes, white papers, and data sheets for your products. Software Downloads — Download the latest software releases for your managed products. For sales or corporate information, go to www.alliedtelesis.com/ purchase. 15 Review Draft - May 9, 2014 Preface 16 Review Draft - May 9, 2014 Chapter 1 Overview This chapter describes how to start the initial management session on the access point. This chapter contains the following sections: “AT-TQ Series of Wireless Access Points” on page 18 “Features” on page 19 “Management Modes and Methods” on page 21 “Starting a Management Session on the Access Point” on page 22 “Starting the Initial Management Session on the Access Point” on page 23 “Using the Management Menus and Windows” on page 26 17 Review Draft - May 9, 2014 Chapter 1: Overview AT-TQ Series of Wireless Access Points The AT-TQ Series of wireless access points consists of the AT-TQ2450 and AT-TQ3600 Access Points. Refer to Figure 1. AT-TQ2450 Access Point AT-TQ3600 Access Point Figure 1. AT-TQ2450 and AT-TQ3600 Access Points 18 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Features The access points share the following features: Independent 2.4 and 5 GHz radios IEEE 802.11a/b/g Wireless Distribution System (WDS) bridges Access point clustering Rogue access point detection Multiple SSIDs One 10/100/1000Base-T Ethernet port with Auto-Negotiation, auto MDI/MDIX, and IEEE 802.3af Power over Ethernet (PoE) MAC address filtering for wireless access security Broadcast and multicast rate limiting Virtual access points for multiple broadcast domains DHCP client RADIUS accounting with external RADIUS server Network Time Protocol (NTP) client Domain name server (DNS) client IEEE 802.1x authentication WPA-Personal and WPA-Enterprise with WPA, WPA2, TKIP, and CCMP (AES) authentication and encryption Static WEP encryption HTTP and HTTPS web browser management SNMPv1 and v2c management Quality of Service Event log Syslog client Table, wall, or ceiling installation Differences between the access points are listed here: The AT-TQ2450 Access Point has external, adjustable antennas. The AT-TQ3600 Access Point has internal antennas. The AT-TQ2450 Access Point features IEEE 802.11n 2x2 MIMO chains with antenna diversity. The AT-TQ3600 Access Point features IEEE 802.11n 3x3 MIMO chains. 19 Review Draft - May 9, 2014 Chapter 1: Overview 20 Both radios in the AT-TQ2450 Access Point have a data rate of 300 Mbps. Both radios in the AT-TQ3600 Access Point have a data rate of 450 Mbps. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Management Modes and Methods The access point has two management modes: Stand-alone mode: Access points in the stand-alone mode have to be managed individually. To configure a unit in this mode, you have to know its IP address or domain name, and the username and password of the manager account. This is the default setting for the access point. Cluster mode: The cluster management mode is intended for two or more access points that have similar configuration settings. When you change the parameter settings on an access point in a cluster, your changes are automatically communicated to the other access points. This reduces the need for having to configure the units individually. For cluster instructions, refer to Chapter 4, “Cluster Menu” on page 93. Here are the methods for managing the access point: Web browser: The management software on the access point has management windows for you to use with the web browser on your management workstations. They make it easy for you to configure all the parameter settings and features. The access point supports both non-secure HTTP and secure HTTPS management sessions. The default is HTTP. For instructions on how to enable or disable the HTTP and HTTPS servers on the access point, refer to “Configuring the HTTP Server” on page 151 and “Configuring the HTTPS Server” on page 153 AT-UWC Unified Wireless Controller program: This optional program allows you to manage the access points from a central point. For instructions on how to configure the unit for the wireless controller program, refer to “Configuring the Access Point for the Optional AT-UWC Program” on page 88. SNMPv1 and v2c: You may also use SNMP to manage some of the parameter settings of the device. The MIB is available from the Allied Telesis web site. It should be noted that you can configure only a limited number of parameters on the access point with SNMP. To manage all the parameters, you must use a web browser or the optional AT-UWC program. For instructions on how to configure the unit for SNMP, refer to “Configuring SNMPv1 and v2c” on page 143. The default setting for SNMP is disabled. The product does not support SNMPv3. 21 Review Draft - May 9, 2014 Chapter 1: Overview Starting a Management Session on the Access Point This section explains how to start a management session on the access point from your management workstation. The procedure assumes that the access point has already been assigned an IP address. The address can be a static address that was manually assigned to the unit or it can be a dynamic address from a DHCP server. Note If the access point has not been assigned an IP address and is using its default address 192.168.1.230, refer to “Starting the Initial Management Session on the Access Point” on page 23 for instructions on how to start a management session. To start a management session on the access point, perform the following procedure: 1. Open the web browser on your management workstation. 2. Enter the IP address of the access point in the URL field of the web browser. You should now see the logon window, shown in Figure 2. Figure 2. Log On Window 3. Enter the username and password for the unit. The default values are “manager” for the username and “friend” for the password. The username and password are case-sensitive. 4. Click the Logon button. 22 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Starting the Initial Management Session on the Access Point If you just installed the device and are powering it on for the first time, it queries the subnet on the LAN port for a DHCP server. If a DHCP server responds to its query, the unit uses the IP address the server assigns to it. If there is no DHCP server, the access point uses the default IP address 192.168.1.230. There are a several ways to start the initial management session on the access point. One way is to establish a direct connection between your computer and the unit by connecting an Ethernet cable to the Ethernet port on the computer and the LAN port on the access point. This procedure requires changing the IP address on your computer to make it a member of the same subnet as the default IP address on the access point. You might perform this procedure if your network does not have a DHCP server and you want to configure the access point before connecting it to your network. The initial management session may also be performed while the device is connected to your network. However, If your network does not have a DHCP server, you still have to change the IP address of your computer to match the subnet of the default address of the access point. Furthermore, if your network is divided into virtual LANs (VLANs), you have to be sure to connect the access port and your computer to ports on an Ethernet switch that are members of the same VLAN. If your network has a DHCP server, use the IP address the server assigns it to it to start the management session. The instructions for starting the initial management session are found in the following sections: “Starting the Initial Management Session with a Direct Connection” on page 24 “Starting the Initial Management Session without a DHCP Server” on page 24 “Starting the Initial Management Session with a DHCP Server” on page 25 Note The initial management session of the access point has to be conducted through the LAN port because the default setting for the radios is off. 23 Review Draft - May 9, 2014 Chapter 1: Overview Starting the Initial Management Session with a Direct Connection To start the management session with a direct Ethernet connection between your computer and the access port, perform the following procedure: Note If the access point is using PoE, you may not perform this procedure because it involves a direct connection between your computer and the LAN port on the access point. You may either temporarily attach the power supply to the unit until after you have completed the initial management session or you may instead perform one of the other procedures for starting the initial management session. 1. Connect one end of a network cable to the LAN port on the access point and the other end to the Ethernet network port on your computer. (This requires removing the LAN cable you connected earlier in the hardware installation instructions.) 2. Change the IP address on your computer to 192.168.1.n, where n is a number from 1 to 254, but not 230. Refer to the documentation that accompanies your computer for instructions on how to set the IP address. 3. Set the subnet mask on your computer to 255.255.255.0. 4. Power on the access point. 5. Start the web browser on your computer. 6. Enter the IP address 192.168.1.230 in the URL field of the browser and press the Return key. You should now see the logon window, shown in Figure 2 on page 22. 7. Enter “manager” for the username and “friend” for the password. The username and password are case-sensitive. 8. Click the Logon button. Starting the Initial Management Session without a DHCP Server 24 This procedure explains how to start the initial management session on the access port when the LAN port is connected to an Ethernet switch on a network that does not have a DHCP server. To start the management session, perform the following procedure: 1. If your network has VLANs, check to be sure that your computer and the access port are connected to ports on the Ethernet switch that are members of the same VLAN. This might require accessing the management software on the switch and listing the VLANS and their port assignments. For example, if the access port is connected to a port that is a member of the Sales VLAN, your computer must be Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide connected to a port that is also a member of that VLAN. If your network is small and does not have VLANs or routers, you may connect your computer to any port on the Ethernet switch. 2. Change the IP address on your computer to 192.168.1.n, where n is a number from 1 to 254, but not 230. Refer to the documentation that accompanies your computer for instructions on how to set the IP address. 3. Set the subnet mask on your computer to 255.255.255.0. 4. Power on the access point. 5. Start the web browser on your computer. 6. Enter the IP address 192.168.1.230 in the URL field of the browser and press the Return key. You should now see the logon window, shown in Figure 2 on page 22. 7. Enter “manager” for the username and “friend” for the password. The username and password are case-sensitive. 8. Click the Logon button. Starting the Initial Management Session with a DHCP Server This procedure explains how to start the initial management session on the access port when the LAN port is connected to a network that has a DHCP server. This procedure assumes that you have already configured the DHCP server with the appropriate information for the access point (e.g., IP address and default gateway). To start the management session, perform the following procedure: 1. Power on the access point. 2. Start the web browser on your computer. 3. Enter the IP address of the access point in the URL field of the browser and press the Return key. This is the IP address assigned to the access point by the DHCP server. If you do not know the address, refer to the DHCP server. You should now see the logon window, shown in Figure 2 on page 22. 4. Enter “manager” for the username and “friend” for the password. The username and password are case-sensitive. 5. Click the Logon button. 25 Review Draft - May 9, 2014 Chapter 1: Overview Using the Management Menus and Windows Here is general information about the management menus and windows. Web Browser Menus You may control the appearance of the menus with the Navigator pulldown menu in the upper right corner of the web browser windows. The menu options are Horizontal Tabs, Vertical Tabs, and Dropdown Menus. The Horizontal Tabs selection displays the main menu in a row near the top of the windows. Clicking a menu selection displays the menu options in a row beneath the main menu. Figure 3 shows the Manage menu. Figure 3. Horizontal Menus The Vertical Tabs selection displays the menus in a column on the left side of the management windows, as shown in Figure 4 on page 27. 26 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Figure 4. Vertical Menus The Dropdown Menu option displays the main menu in a horizontal row near the top of the window. Menu options are displayed vertically when you move the mouse over the options in the main menu. Figure 5 shows the Manage menu. Figure 5. Dropdown Menus 27 Review Draft - May 9, 2014 Chapter 1: Overview The menus contain the same selections and perform the same functions regardless of the format. You may switch between formats without interrupting your current session or having to stop and start it again. 28 Saving Your Changes You need to remember to click the Update button when you are finished configuring the parameters in a management window. The button is located in the bottom of the windows. When you click the button, the access point immediately activates your changes and saves them in the configuration file. If you navigate to a different window without clicking the Update button, your changes are lost and have to be reentered. Logging Off You should always log off when you are finished managing the unit. To log off, click the Log Off option in the upper right corners of the management windows. Review Draft - May 9, 2014 Chapter 2 Basic Settings Menu This chapter describes the management functions of the menu selections in the Basic Settings menu. The chapter contains the following sections: “Displaying Basic Information” on page 30 “Changing the Manager’s Login Name and Password” on page 32 “Changing the System Name, Contact, and Location” on page 33 29 Review Draft - May 9, 2014 Chapter 2: Basic Settings Menu Displaying Basic Information This section explains how to display the following information about the access point: IP address MAC address Firmware version number Build number Operational time To display the information, select Basic Settings from the main menus to display the “Provide basic settings” window. The information is contained in the Review Description of the Access Point section of the window. Refer to Figure 6. The fields are defined in Table 1 on page 31. Figure 6. Provide Basic Settings Window 30 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 1. Review Description of this Access Point Field Description IP Address Displays the IP address of the access point. For instructions on how to set the IP address, refer to “Assigning a Static IP Address to the Access Point” on page 36 or “Assigning a Dynamic IP Address from a DHCP Server to the Access Point” on page 38. MAC Address Displays is the MAC address of the device and radio 1. Radio 2 has a different MAC address. You may not change the MAC addresses of the device or radios. Firmware Version Displays is the version number of the management software on the access point. Build Number Displays the build number. This number and the firmware version number identify the management software. Time since system-up Displays the amount of time since the unit was reset or powered on. 31 Review Draft - May 9, 2014 Chapter 2: Basic Settings Menu Changing the Manager’s Login Name and Password This procedure explains how to change the login name and password of the manager account on the access point. The default values are “manager” and “friend”, respectively. The access point can have only one manager account. Changing the name and password does not affect your current management session of the access point. To change the login name and password for the manager account, perform the following procedure: 1. Select Basic Settings from the main menus. The access point displays the “Provide basic settings” window, shown in Figure 6 on page 30. 2. To change the manager name, select the Administrator Name field in the Provide Network Settings section of the window and enter the new name. Refer to Figure 6 on page 30. The name can be up to 12 alphanumeric characters. The first character must be a letter. It cannot be a number or special character. The name is case-sensitive. 3. To change the password, perform these steps: a. Select the Current Password field in the Provide Network Settings section of the window and enter the account’s current password. b. Select the New Password field and enter a new password of up to 32 alphanumeric characters. It may not contain spaces or any of these special characters: “, $, :, <, >, ’, &, *. The password is casesensitive. The new password is displayed as a series of asterisks on your screen. c. Select the Confirm New Password field and enter the new password again. 4. After editing the fields, click the Update button at the bottom of the window to activate your changes and save them in the configuration file on the access point. You must use the new manager name and password for all future management sessions on the unit. 32 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Changing the System Name, Contact, and Location This procedure explains how to identify the access point by defining the system name, the person responsible for managing the device, and its location. This information is optional. To change the system name, contact, and location information, perform the following procedure: 1. Select Basic Settings from the main menus. The access point displays the “Provide basic settings” window. Refer to Figure 6 on page 30. 2. To change the system name, select the System Name field in the System Settings section of the window and enter a new name. The name can be up to 64 alphanumeric characters. Spaces are allowed. The default name is “AT-TQ2450” or “AT-TQ3600.” 3. To enter the name of the person responsible for managing the unit, select the System Contact field and enter a name. You might also include the phone number and email address of the individual in this field. The name can be up to 64 alphanumeric characters. Spaces are allowed. The default name is “unknown.” 4. To specify the location of the access point, select the System Location field and enter the location. The location can be up to 64 alphanumeric characters. Spaces are allowed. The default location is “unknown.” 5. After editing the fields, click the Update button at the bottom of the window to activate your changes and save them in the configuration file on the device. 33 Review Draft - May 9, 2014 Chapter 2: Basic Settings Menu 34 Review Draft - May 9, 2014 Chapter 3 Manage Menu This chapter describes the management functions of the menu selections in the Manage menu. The chapter contains the following sections: “Assigning a Static IP Address to the Access Point” on page 36 “Assigning a Dynamic IP Address from a DHCP Server to the Access Point” on page 38 “Setting VLAN IDs” on page 39 “Enabling or Disabling Broadcast Ping Replies” on page 40 “Setting the Country Setting” on page 41 “Configuring Basic Radio Settings” on page 43 “Configuring the Radio Settings” on page 46 “Configuring Virtual Access Points” on page 58 “Managing Wireless Distribution System Bridges” on page 71 “Configuring the MAC Address Filter” on page 82 “Generating Event Messages for Unknown Access Points” on page 85 “Configuring the Access Point for the Optional AT-UWC Program” on page 88 35 Review Draft - May 9, 2014 Chapter 3: Manage Menu Assigning a Static IP Address to the Access Point This section explains how to manually assign an IP address to the access point. The unit uses the address to communicate with devices on your network, such as management workstations, syslog servers, and RADIUS servers. The access point may have only one IP address. If you have a DHCP server on your network and prefer the access point obtain its IP configuration from the server, refer to “Assigning a Dynamic IP Address from a DHCP Server to the Access Point” on page 38. Note Changing the IP address of the access point interrupts your management session. To resume managing the device, you may have to change the IP address of your management workstation. To manually assign an IP address to the unit, perform the following procedure: 1. From the Manage menu, select Ethernet Settings. The access point displays the “Modify Ethernet (Wired) Settings” window in Figure 7. Figure 7. Modify Ethernet (Wired) Settings Window 2. From the Connection Type pull-down menu, select Static IP. 36 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide The Static IP Address, Subnet Mask, and Default Gateway fields in the window are activated so that you can change their values. 3. Select the Static IP Address field and enter the new IP address for the access point. The default address is 192.168.1.230. 4. Select the Subnet Mask fields and enter the subnet mask for the IP address. The default subnet mask is 255.255.255.0. 5. Select the Default Gateway fields and enter the default gateway address for the unit. The default gateway address is 192.168.1.254. The default gateway is an IP address of an interface on a router or other Layer 3 routing device. It specifies the first hop to reaching the subnets or networks where your management devices, such as management workstations and syslog servers, reside. The access point can have only one default gateway and the network portion of the address must be the same as the IP address entered in step 3. You have to assign a default gateway to the access point. If your network does not have a default gateway or you do not want to assign one to the access point at this time, enter an unused IP address of the same network as the IP address entered in step 3. 6. If you want to specify the IP addresses of Domain Name servers, enter up to two IP addresses in the DNS Nameservers fields. If you have only one DNS IP address, you must enter it in the top field. 7. Click the Update button at the bottom of the window to activate and save your changes on the access point. Your management session is interrupted. 8. Start a new management session using the new IP address of the device. 37 Review Draft - May 9, 2014 Chapter 3: Manage Menu Assigning a Dynamic IP Address from a DHCP Server to the Access Point This section explains how to assign an IP address to the access point from a DHCP server. The unit uses the address to communicate with devices on your network, such as management workstations, syslog servers, and RADIUS servers. The access point may have only one IP address. If you network does not have a DHCP server or you prefer to manually assign it an IP address, refer to “Assigning a Static IP Address to the Access Point” on page 36. Note Changing the IP address of the access point interrupts your management session. To resume managing the device, you may have to change the IP address of your management workstation. To activate the DHCP client to have the access point obtain its IP address configuration from a DHCP server, perform the following procedure: 1. From the Manage menu, select Ethernet Settings. The access point displays the “Modify Ethernet (Wired) settings” window in Figure 7 on page 36. 2. From the Connection Type menu, select DHCP. This is the default setting. 3. If you want to manually specify the IP addresses of Domain Name servers, click Manual dialog button for DNS Nameservers and enter up to two IP addresses. If you have only one DNS IP address, you must enter it in the top address field. If you want the access point to use the DNS addresses provided by the DHCP server, click the Dynamic dialog circle. 4. Click the Update button at the bottom of the window to activate and save your changes on the access point. Your management session is interrupted. The DHCP client on the unit queries the subnet on the LAN port for a DHCP server. If it receives a response, it uses the IP configuration the server provides. If there is no response, the unit uses the default IP address 192.168.1.230. 5. To resume your management session on the device, enter the new IP address of the access point in the URL field of your web browser. 38 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Setting VLAN IDs The “Modify Ethernet (Wired) settings” window has two settings for VLAN IDs (VIDs). One setting is used to specify the management VLAN and the other is used to designate a VLAN for untagged traffic. Management VLAN ID The Management VLAN ID field in the “Modify Ethernet (Wired) settings” window is used to specify the VLAN of your management workstations. To specify the management VID, perform the following procedure: 1. From the Manage menu, select Ethernet Settings. The access point displays the “Modify Ethernet (Wired) settings” window in Figure 7 on page 36. 2. Select the Management VLAN ID field and enter a value of 1 to 4094. The number should be the VID of the VLAN where your management workstation is located. You may specify only one VID. 3. Click the Update button to activate and save your changes on the access point. VLAN ID for Untagged Traffic The Untagged VLAN and Untagged VLAN ID fields in the “Modify Ethernet (Wired) settings” window allow you to specify a VLAN for untagged traffic. To specify the VLAN, perform the following procedure: 1. From the Manage menu, select Ethernet Settings. The access point displays the “Modify Ethernet (Wired) settings” window in Figure 7 on page 36. 2. For the Untagged VLAN field, do one of the following: Click Enabled if you want to be able to designate one VLAN on the access point as an untagged VLAN. This is the default setting. Click Disabled if the access point is to handle only tagged packets. 3. If your selected Enabled, select the Untagged VLAN ID field and enter the ID number of the VLAN which is to carry untagged packets. You may enter only one VID. The default value is 1. 4. Click the Update button to activate and save your changes on the access point. 39 Review Draft - May 9, 2014 Chapter 3: Manage Menu Enabling or Disabling Broadcast Ping Replies You may configure the access point to either ignore or reply to ICMP echo requests to IP broadcast addresses, also referred to as broadcast pings. To configure broadcast ping replies, perform the following procedure: 1. From the Manage menu, select Ethernet Settings. The access point displays the “Modify Ethernet (Wired) settings” window in Figure 7 on page 36. 2. In the Directed Broadcast ICMP Reply field, do one of the following: If you want the access point to respond to broadcast pings, click the Enabled dialog circle. If you do not want the access point to respond to broadcast pings, click the Disabled dialog circle. 3. Click the Update button to activate and save your changes on the access point. 40 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Setting the Country Setting You should set the country setting of the access point as soon as you install the unit. This ensures that the device operates in compliance with the codes and regulations of your region or country. Note Changing the country setting of the access point disables both radios. Consequently, this procedure is disruptive to the operations of your network if the unit is actively forwarding network traffic. To set the country setting, perform the following procedure: 1. Select Wireless Settings from the Manage menu. The access point displays the “Modify wireless settings” window, shown in Figure 8. Figure 8. Modify Wireless Settings Window 2. Select the Country pull-down menu and select your country or region. 41 Review Draft - May 9, 2014 Chapter 3: Manage Menu Note If the Country pull-down menu is deactivated, the country parameter was set by the manufacturer and cannot be changed. Contact your Allied Telesis sales representative for assistance if the setting is not correct for your country or region. The access point displays a confirmation prompt. 3. Click OK to change the country setting or Cancel to cancel the procedure. If you click OK, the access point changes the country setting and disables both radios on the access point. For instructions on how to enable the radios and configure their settings, refer to “Configuring Basic Radio Settings” on page 43 and “Configuring the Radio Settings” on page 46. This procedure does not require clicking the Update button. You must now reboot the access point. The new country setting is not active until the unit is rebooted. To reboot the unit, either power off and on the unit or continue with these steps: 4. From the Maintenance menu, select Configuration. 5. Click the Reboot button in the To Reboot the Access Point section of the “Manage the Access Point’s Configuration” window. 6. When the access point displays a confirmation prompt, click OK to reboot the unit or Cancel to cancel the procedure. 7. To resume managing the unit, wait for it to complete initializing its management software and then start a new management session. 42 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Configuring Basic Radio Settings The management software has two windows for configuring the operational settings of the radios in the access point. The “Modify radios settings” window, described in “Configuring the Radio Settings” on page 46, is the main window for adjusting the radio parameters because it contains all the parameters, everything from operational mode to broadcast/multicast rate limiting. This is the window to use when you need to fine tune the properties of the radios. If you are only interested in configuring basic radio parameters, you may find everything you need in the “Modify wireless settings” window, which is the topic of this section. From this window you can perform these basic radio functions: Enable or disable a radio Select the operational mode Select the channel Enable or disable the station isolation mode When you change a radio parameter in the “Modify wireless settings” window, the change is reflected in the “Modify radios settings” window. So you could enable a radio here and perhaps select the channel, and then move to the “Modify radio settings” window to adjust additional parameters. The “Modify wireless settings” window does contain one parameter, however, that is not in the “Modify radio settings” window, and that is the station isolation mode parameter. The parameter determines whether the clients of a VAP can communicate with each other through the access point. That parameter can only be set from this window. To configure basic radio settings from the “Modify wireless settings” window, perform the following procedure: 1. From the Manage menu, select Wireless Settings. The access point displays the “Modify wireless settings” window. An example is shown in Figure 8 on page 41. 2. Configure the settings as needed. The parameters are described in Table 2 on page 44. 3. When you are finished configuring the parameters, click the Update button to activate and save your changes on the access point. 43 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 2. Modify Wireless Settings Window Field Radio On Off Description Enables or disables the radio. The selections are described here: - On: Enables the radio. You have to enable a radio before you can configure its parameter settings. - Off: Disables the radio. This is the default setting. MAC Address Displays the MAC address of the radio. This value cannot be changed Mode Specifies the Physical Layer (PHY) standard of the radio. The available modes depend on the radio and country. The modes are: - IEEE 802.11a: The access point accepts only 802.11a clients. - IEEE 802.11b/g: The access point accepts only 802.11b and 802.11g clients. - IEEE 802.11a/n: The access point accepts only 802.11a and 802.11n clients operating at 5 GHz. This is the default setting for the 5 GHz radio. - IEEE 802.11b/g/n: The access point accepts 802.11b, 802.11g, and 802.11n clients operating at 2.4 GHz. This is the default setting for the 2.4 GHz radio. - 2.4 GHz IEEE 802.11n: The access point accepts only 802.11n clients operating at 2.4 GHz. - 5 GHz IEEE 802.11n: The access point accepts only 802.11n clients operating at 5 GHz. 44 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 2. Modify Wireless Settings Window (Continued) Field Channel Description Specifies the channel for the radio in the access point. The number of available channels varies by radio, mode, and country. Here are the guidelines: - At the Auto setting, the access point sets the channel automatically. The access point listens on the channels and selects the one with the least traffic.This is the default setting. - You can select a channel from the pulldown menu. You may select only one channel. - The Auto selection is not available if you use the cluster feature to automatically assign the channels to the radios in the access points. For information, refer to “Using Automatic Channel Assignments” on page 109. Station Isolation Enables or disables station isolation. When station isolation is enabled, the access point does not allow the wireless clients of a VAP to communicate with each other, but does allow them to communicate with clients in other VAPs and with the wired LAN. The feature is disabled when the dialog box is empty and enabled when the dialog box has a check mark. The default setting is disabled. To activate or deactivate the feature, click the dialog box to insert or remove the check mark. 45 Review Draft - May 9, 2014 Chapter 3: Manage Menu Configuring the Radio Settings To configure the parameter settings of the 2.4 and 5 GHz radios, perform the following procedure: 1. From the Manage menu, select Radio. The management software displays the “Modify radio settings window,” shown in Figure 9 on page 47. 2. From the Radio pull-down menu, select a radio. Options 1 and 2 are the 2.4 and 5 GHz radios, respectively. The default is radio 1. You can configure only one radio at a time. 3. To activate a radio, click the On dialog circle for the Status option. You cannot configure a radio when its status is off. To deactivate a radio, click the Off dialog circle. 4. Configure the radio parameters, which are defined in Table 3 on page 48. 5. When you are finished configuring the parameters, click the Update button to activate and save your changes on the access point. 46 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Figure 9. Modify Radio Settings Window 47 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 3. Modify Radio Settings Window Parameter Mode Description Specifies the Physical Layer (PHY) standard of the radio. The available modes depend on the radio and country. The modes are: - IEEE 802.11a: The access point accepts only 802.11a clients. - IEEE 802.11b/g: The access point accepts only 802.11b and 802.11g clients. - IEEE 802.11a/n: The access point accepts only 802.11a and 802.11n clients operating at 5 GHz. This is the default setting for the 5 GHz radio. - IEEE 802.11b/g/n: The access point accepts 802.11b, 802.11g, and 802.11n clients operating at 2.4 GHz. This is the default setting for the 2.4 GHz radio. - 2.4 GHz IEEE 802.11n: The access point accepts only 802.11n clients operating at 2.4 GHz. - 5 GHz IEEE 802.11n: The access point accepts only 802.11n clients operating at 5 GHz. 48 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 3. Modify Radio Settings Window (Continued) Parameter Channel Description Specifies the radio channel. The available channels vary by radio, mode, and country. Here are the guidelines: - The Auto setting, the default setting, sets the channel automatically. The access point selects the channel with the least traffic. This is the default setting. - You can set the channel manually using the Channel pull-down menu. - The Auto selection is not available when automatic channel reassignment in the cluster feature is activated, as explained in Chapter 4, “Cluster Menu” on page 93. - If you select Auto, you may use the Eligible Channels parameter to restrict the channels from which the access point may choose. - You must set the channel manually if you are using the Wireless Distribution System (WDS) bridge feature, as explained in “Managing Wireless Distribution System Bridges” on page 71. Eligible Channels Specifies the available channels when the channel is selected automatically. This selection is unavailable when the channel is selected manually. The available channels vary by radio, mode, and country. To deselect a channel, click its dialog box to remove the check mark. The default is all available channels. 49 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 3. Modify Radio Settings Window (Continued) Parameter Periodical Channel Refresh Description Specifies whether the access point periodically reruns the channel selection process. Here are the guidelines: - This selection is only available when the Channel parameter is set to Auto. - Adding a check mark to the dialog box enables the feature. - Removing the check mark from the dialog box disables the feature. This is the default setting. - The access point runs the channel selection process every 24 hours, but only if the radio is not forwarding traffic from wireless clients. If it detects traffic, the access point delays the selection process for thirty minutes. Channel Bandwidth Specifies whether the radio should use a 40 MHz-wide channel or the legacy 20 MHz-wide channel. Here are the guidelines: - The 40 MHz-wide channel allows for higher data rates, but reduces the number of available channels for other wireless devices. - This parameter is only available with 802.11n modes. 50 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 3. Modify Radio Settings Window (Continued) Parameter Primary Channel Description Specifies the location of the Primary channel when a radio is operating at 40 MHz. A 40 MHz channel consists of two 20 MHz channels. They are contiguous in the frequency domain and referred to as the Primary and Secondary channels. The Primary channel is used by 802.11n clients that support only a 20 MHz channel bandwidth, and for legacy clients. You may use this parameter to specify the Primary channel of the 40 MHz bandwidth. The options are described here: - Upper: Designates the upper 20 MHz channel of the 40 MHz bandwidth as the Primary channel. - Lower: Designates the lower 20 MHz channel of the 40 MHz bandwidth as the Primary channel. This is the default setting. This parameter is only available with 802.11n modes. 51 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 3. Modify Radio Settings Window (Continued) Parameter Short Guard Interval Supported Description Specifies the dead time interval, in nanoseconds, between OFDM symbols. The guard interval prevents Inter-Symbol and Inter-Carrier Interference (ISI, ICI). The 802.11n mode supports a reduction in the interval from 800 nanoseconds, defined in the a and g standards, to 400 nanoseconds. This may provide up to a 10% improvement in data throughput. The selections are described here: - Yes: The access point uses a 400 ns guard interval when communicating with clients that also support the feature. This is the default setting. - No: The access point uses an 800 ns guard interval. This parameter is only available with the 802.11n modes. 52 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 3. Modify Radio Settings Window (Continued) Parameter Multidomain Regulatory Mode Description Specifies whether a radio should operate in the Multidomain Regulatory Mode (World Mode) and include the country code in its beacons and probe responses. This allows client stations to operate in any country without reconfiguration. This feature only applies to radio 1 because it operates in the g band (2.4 GHz band). This selection does not apply to radio 2 because it operates in the a band (5 GHz band) and always includes the country code in its beacons, as specified in the 802.11h standard. The settings are described here: - Enabled: Activates the Multidomain Regulatory Mode (World Mode) and includes the country code in the beacons and probe responses. - Disabled: Disables the Multidomain Regulatory Mode (World Mode) and prevents the transmission of the country code in beacons and probe responses. 53 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 3. Modify Radio Settings Window (Continued) Parameter Protection Description Enables or disables rules that guarantee that transmissions do not cause interference with legacy stations or applications. The possible settings are describe here: - Auto: This setting enables protection when legacy devices are within range of the radio. - Off: This setting disables the protections. Legacy clients and access points within range may be affected by 802.11n transmissions. Here are the guidelines: - The protection applies to 802.11n and 802.11b/g. - Activating protection does not prevent clients from associating with the access point. 54 Beacon Interval Specifies the time interval, in milliseconds, for transmissions of beacon frames. The access point transmits beacon frames to announce the existence of the wireless network. The range is 20 to 2000 milliseconds. The default setting is 100 milliseconds (10 beacon frames per second). DTIM Period Specifies the Delivery Traffic Information Map (DTIM) period. This value specifies how often clients sleeping in low power mode should check the access point for buffered traffic. The interval is defined in beacon frames. The range is 1 to 255 beacons frames. The default is 2 beacon frames. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 3. Modify Radio Settings Window (Continued) Parameter Fragmentation Threshold Description Specifies packet size for fragmentation. The fragmentation threshold lets you control the maximum size of packets the access point transmits. Packets that exceed the threshold are transmitted as multiple 802.11 packets. The range is 256 to 2346 bytes. Setting the threshold to the maximum value effectively disables fragmentation. Fragmentation involves more overhead because of the extra work in dividing up and reassembling frames, which can reduce throughput. But fragmentation can be useful in controlling interference. RTS Threshold Specifies the size in octets of MPDUs that initiate a Request to Send (RTS) and Clear to Send (CTS) handshake. The range is 0 to 2347 octets. You may use this parameter to control the use of RTS/CTS handshakes when the access point transmits MPDUs. The access point uses the handshake before transmitting MPDUs that exceed the defined threshold. If you specify a low value, RTS packets are sent more frequently. This may consume more bandwidth and reduce the throughput. But more RST packets may help a network recover from interference or collisions, which might occur on a busy network. Maximum Stations Specifies the maximum number of clients the access point supports. The value is 0 to 200. When this parameter is set to 0, the access point rejects all clients. Allied Telesis recommends setting this parameter to 30 clients. The default is 200 clients. 55 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 3. Modify Radio Settings Window (Continued) Parameter Transmit Power Description Specifies the transmission power of the access point. The power is selected from a list of percentages, in the range of 1% to 100%. The default is 100%. Here are the guidelines: - High transmission power levels are more cost-effective than low settings because the access point has a greater range. This reduces the number of access points required to cover a particular area. - Low transmission power settings can be useful in reducing overlap and interference between access points or increasing security by limiting the wireless signals to a physical location. Fixed Multicast Rate Specifies the multicast transmission rate of the access point. At the default Auto setting, the multicast transmission rate is fixed to the minimum rate in the Legacy Rate Sets setting. The value is in Mbps. Legacy Rate Sets Specifies the supported and advertised data transmission rates of the access point. Here are the guidelines: - The Supported row specifies the data rates the access point supports. The default setting is all data rates. - The Basic row specifies the data rates the access point advertises to other access points and wireless clients. - The access point is generally more efficient when it advertises a subset of its supported data rates. MCS (Data Rate) Settings 56 Specifies the Modulation and Coding Scheme (MCS) index the radio should advertise to 802.11n clients. The MCS indexes (also known as MCS data rates) are defined in the 802.11n standard. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 3. Modify Radio Settings Window (Continued) Parameter Broadcast/Multicast Rate Limiting Description Enables or disables rate limiting of broadcast and multicast packets. Here are the guidelines - To activate rate limiting, click the dialog box to add a check mark. To deactivate rate limiting, click the box to remove the check mark. The default setting is disabled. - The Rate Limit parameter defines the maximum number of broadcast and multicast packets per second of the access point. The parameter has a range of 1 to 50 packets per second. The default is 50 packets per second. - The Rate Limit Burst parameter allows intermittent bursts of traffic on the access point above the rate limit. The default is 75 packets per second. - The Rate Limit Burst parameter must be greater than the Rate Limit parameter. 57 Review Draft - May 9, 2014 Chapter 3: Manage Menu Configuring Virtual Access Points Virtual access points (VAPs) function as independent broadcast domains and are the wireless equivalent of Ethernet VLANs. They are seen by clients as independent access points, with their own VIDs, SSIDs, and security methods. Here are the guidelines to VAPs: Each radio can have up to 16 VAPs. Allied Telesis recommends no more than five VAPs per radio. The VAPs are numbered from 0 to 15. If you use the cluster feature, VAPs are shared among the access points of the cluster. For further information, refer to Chapter 4, “Cluster Menu” on page 93. You can enable and disable the VAPs individually, except for the default VAP, VAP0, which can only be disabled by disabling the radio itself. The security methods for the VAPs are 802.1x, static WEP, Enterprise WPA, and Personal WPA. The VAPs of a radio can have different security methods. VAPs can have the same or different VLAN IDs. The access point does not forward traffic on disabled VAPs. To configure VAPs, perform the following procedure: 1. From the Manage menu, select VAP. The management software displays the “Modify Virtual Access Point settings” window, shown in Figure 10 on page 60. 2. Use the Radio pull-down menu above the list of VAPs to select a radio. Menu options 1 and 2 are the 2.4 and 5 GHz radios, respectively. The default is radio 1. You can configure only one radio at a time. 3. Click the Enabled dialog box of the VAP you want to edit. You cannot edit a VAP when it is disabled. A VAP is enabled when the Enabled dialog box has a check mark and disabled when the dialog box is empty. You can configure more than one VAP at a time. Note If you remove the check mark from the Enabled dialog box, you disable the VAP. A disabled VAP does not forward network traffic. 4. Enter the VID for the VAP in the VLAN ID field. 58 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Here are the guidelines for VIDs: The range is 1 to 4094. The default is VID 1. You may assign the same VID to more than one VAP. A VAP can have only one VID. The number is ignored for wireless clients who are assigned VIDs from a RADIUS server because VIDs from a RADIUS server take precedence over the number in this field. Consequently, if you configure the security on a VAP to 802.1X or WPA Enterprise, both of which require a RADIUS server, the value in this field is ignored for clients who have VIDs in their RADIUS accounts. If you use 802.1x security for a VAP and activate Require VLAN ID in Dynamic VLAN, the VID for the dynamic VLAN must come from the client accounts on the RADIUS server. 5. Select the SSID field and enter a name for the VAP. Here are the guidelines: A VAP must have a name. A name can be from 1 to 32 characters. Spaces are allowed. You may assign the same name to more than one VAP. 6. Click the Broadcast SSID dialog box to either enable or disable the broadcast of the SSID of the VAP by the radio on the access point. When the dialog box has a check mark, the default setting, the access point transmits the SSID to advertise the VAP to the clients. When the dialog box is empty, the access point does not advertise the VAP. Clients who want to connect to a VAP that is not advertised have to know its name. 7. From the Security pull-down menu, select the security method for the VAP and configure the security settings. The security options are described in the following sections: “No Security” on page 61 “IEEE 802.1x Security” on page 61 “Static WEP” on page 63 “WPA Enterprise” on page 66 “WPA Personal” on page 69 The default security level for VAPs is None, which does not provide authentication or packet encryption for VAPs. 59 Review Draft - May 9, 2014 Chapter 3: Manage Menu 8. If you want to control access to your network through the VAP by filtering clients by their MAC addresses, select the MAC Filtering pulldown menu and select Enabled. To disable MAC address filtering, select Disabled, the default setting. For instructions on how to configure the filter, refer to “Configuring the MAC Address Filter” on page 82. 9. Click the Update button to activate and save your changes on the access point. The “+” button to the right of each VAP row displays the security settings. Figure 10. Modify Virtual Access Point Settings Window 60 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide No Security IEEE 802.1x Security The None security level is intended for VAPs with wireless clients that do not require encryption or authentication. This is the default setting. The guidelines for IEEE 802.1x security are listed here: This security method requires an external RADIUS server capable of EAP. The authentication server must have Protected EAP (PEAP) and MSCHAP V2 to support Windows clients. The clients and VAPs must use the same authentication method. The IEEE 802.1x security parameters are shown in Figure 11 and described in Table 4. Figure 11. 802.1x Authentication for VAPs Table 4. IEEE 802.1x Field Description RADIUS IP Address Enter the IPv4 address of the primary RADIUS server. Secondary RADIUS IP Address Enter the IPv4 address of the secondary RADIUS server. This field is optional. The access point sends authentication requests to this address if the primary RADIUS server does not respond to requests. 61 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 4. IEEE 802.1x (Continued) Field 62 Description RADIUS Key Enter the shared secret key for the primary RADIUS server. The key can be up to 128 characters and can consist of letters, numbers, and special characters. The key is case-sensitive. This key must be the same as the key on the server. Secondary RADIUS Key Enter the shared secret key for the secondary RADIUS server. RADIUS Port (Range: 0 65535) Enter the RADIUS port number of the RADIUS server. If you entered IP addresses for both primary and secondary servers, the units must use the same port number. The default is 1812. RADIUS Accounting Port (Range: 0 - 65535) Enter the RADIUS accounting port number of the RADIUS server. If you entered IP addresses for both primary and secondary servers, the units must use the same accounting port number. The default is 1813. Enable RADIUS Accounting Enable or disable RADIUS accounting by clicking the dialog box. The feature is enable when the dialog box has a check mark and disabled when the dialog box is empty. The default setting for accounting is disabled. Require VLAN ID in Dynamic VLAN Enable or disable whether wireless clients receive their VIDs from their accounts on the RADIUS server. When the dialog box has a check mark, the feature is enabled and the wireless clients receive their VIDs from the RADIUS server when they are authenticated. The feature is disabled when the dialog box is empty. The default setting is disabled. Broadcast Key Refresh Rate (Range: 0 - 86400) Specify the refresh rate for the broadcast (group) key for the clients of the VAP. The range is 0 to 86400 seconds. The default is 0 seconds. The value 0 disables to refresh rate so that the broadcast key is not refreshed. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 4. IEEE 802.1x (Continued) Static WEP Field Description Session Key Refresh Rate (Range: 0 - 86400) Specify the refresh rate for the session (unicast) key for the clients of the VAP. The range is 0 to 86400 seconds. The default is 0 seconds. The value 0 disables the refresh rate so that the unicast key is not refreshed. The parameter settings for static WEP security are shown in Figure 12 and defined in Table 5. Figure 12. Static WEP Encryption for VAPs Table 5. Static WEP Field Description Transfer Key Index Select the key the access point should use to encrypt network traffic. Key Length Select the key length of 64 or 128 bits. The default is 128 bits. Key Type Select whether the key is ASCII or hexadecimal. The default is hexadecimal. 63 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 5. Static WEP (Continued) Field WEP Keys Description Enter up to four WEP keys in the fields numbered 1 to 4. The key length and type settings determine the length and format of the keys. The order of the keys has be the same on the access point and clients. Here are the guidelines for ASCII keys: An ASCII key may contain upper and lower characters and the numbers 0 to 9. An ASCII key is case-sensitive. The key length of 64 bits requires five ASCII characters. The key length of 128 bits requires 13 ASCII characters. Here are the guidelines for hexadecimal keys: A hexadecimal key may contain the letters A to F and numbers 0 to 9. The key length of 64 bits requires 10 hexadecimal characters. The key length of 128 bits requires 26 hexadecimal characters. 64 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 5. Static WEP (Continued) Field Authentication Description Specify whether or not the access point authenticates VAP clients. The options are described here. Open System: The access point does not authenticate the VAP clients. All clients, even those without the correct WEP keys, are allowed to connect to the access point. This is the default setting. (Clients in an open system VAP still must have the correct WEP key to encrypt and decrypt the traffic they exchange with the access point.) Shared Key: Clients must have the correct WEP key to connect with the access point. Clients without the correct WEP key may not associate with the device. Both Open System and Shared Key: Clients configured in WEP shared key mode must have the correct WEP key to connect to the access point. Clients configured in WEP open system mode do not need the correct WEP key to connect to the access point. 65 Review Draft - May 9, 2014 Chapter 3: Manage Menu WPA Enterprise The WPA Enterprise security parameters are shown in Figure 13 and defined in Table 6 on page 67. Figure 13. WPA Enterprise for VAPs 66 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 6. WPA Enterprise Field WPA Versions Description Select the WPA version. The options are listed here: - WPA: Select this option if all the wireless clients of the VAP support WPA, but not WPA2. - WPA2: Select this option if all the clients support WPA2, but not WPA. This is the default setting. - Both WPA and WPA2 - Select both options if the VAP has both WPA and WPA2 clients. - Enable-pre-authentication: Select this option if the VAP has WPA2 clients and you want the access point to share the pre-authentication packets from the clients with other access points. This can speed up authentication for roaming clients who connect to multiple access points. This option does not apply to WPA clients. Cipher Suites Select the cipher suite for the VAP, The options are listed here: - TKIP - CCMP (AES) - Both TKIP and CCMP (AES) When both TKIP and CCMP (AES) are selected, clients configured to use WPA with RADIUS must have one of the following: - A valid TKIP RADIUS IP address and RADIUS key. - A valid CCMP (AES) IP address and RADIUS key. RADIUS IP Address Enter the IPv4 address of the primary RADIUS server. 67 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 6. WPA Enterprise (Continued) Field 68 Description Secondary RADIUS IP Address Enter the IPv4 address of a secondary RADIUS server. This field is optional. The access point sends authentication requests to this address if the primary RADIUS server does not respond to requests. RADIUS Key Enter the shared secret key for the primary RADIUS server. The key can be up to 128 characters and can consist of letters, numbers, and special characters. The key is case-sensitive. This key must be same on the access point and server. Secondary RADIUS Key Enter the shared secret key for the secondary RADIUS server. RADIUS Port (Range: 0 65535) Enter the RADIUS port number of the RADIUS server. If you entered IP addresses for both primary and secondary servers, the units must be using the same port number. The default is 1812. RADIUS Accounting Port (Range: 0 - 65535) Enter the RADIUS accounting port number of the RADIUS server. If you entered IP addresses for both primary and secondary servers, the units must use the same accounting port number. The default is 1813. Enable RADIUS Accounting Enable or disable RADIUS accounting by clicking the dialog box. The feature is enable when the dialog box has a check mark and disabled when the dialog box is empty. The default setting for accounting is disabled. Require VLAN ID in Dynamic VLAN Enable this option to require that the wireless clients of the VAP be assigned VLAN IDs from the RADIUS server. When this option is enabled, the VAP does not accept clients that are not assigned VLAN IDs by the RADIUS severs. The option is enabled when it has a check mark. The default setting is disabled. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 6. WPA Enterprise (Continued) Field WPA Personal Description Broadcast Key Refresh Rate (Range: 0 - 86400) Specify the refresh interval rate for the broadcast (group) key. The range is 0 to 86400 seconds. The value 0 prevents the key from being refreshed. Session Key Refresh Rate (Range: 0 - 86400) Specify the refresh interval rate for the session (unicast) keys. The range is 0 to 86400 seconds. The value 0 prevents the keys from being refreshed. The options for WPA Personal are shown in Figure 14 and defined in Table 7. Figure 14. WPA Personal for VAPs Table 7. WPA Personal Field WPA Versions Description Select the WPA version. The options are listed here: - WPA: Select this option if the VAP wireless clients support WPA, but not WPA2. - WPA2: Select this option if the clients support WPA2, but not WPA. This is the default setting. - Both WPA and WPA2 - Select both options if the VAP has both WPA and WPA2 clients. 69 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 7. WPA Personal (Continued) Field Cipher Suites Description Select the cipher suite for the VAP. The options are listed here: - TKIP - CCMP (AES) - Both TKIP and CCMP (AES) When both TKIP and CCMP (AES) are selected, clients who are using WPA must have one of the following: - A valid TKIP key. - A valid CCMP (AES) key. 70 Key Enter a shared secret key of 8 to 63 alphanumeric characters. The key can include special characters. Broadcast Key Refresh Rate (Range: 0 - 86400) Specify the refresh interval rate for the broadcast (group) key. The range is 0 to 86400 seconds. The value 0 prevents the key from being refreshed. The default is 0 seconds. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Managing Wireless Distribution System Bridges A wireless distribution system (WDS) bridge is a wireless link between two access points. The link allows the units to forward traffic directly to each other over a wireless connection as if they were connected with a physical Ethernet wire. You can use WDS bridges to link network segments with wireless, rather than wired, connections. This is illustrated in Figure 15 where access points A and B form a WDS bridge to connect two LAN segments together. LAN Segment 1 WDS Bridge LAN Segment 2 Figure 15. WDS Bridge Used to Connect LAN Segments You might also use the feature to extend a network into areas where Ethernet cable installation would be impractical or expensive. In Figure 16, access point B is located in an area that does not have Ethernet cabling. Consequently, its LAN port is not connected to the wired network. However, its wireless clients are able to access the network because of the WDS bridge to access point A, whose LAN port is connected to the wired network. LAN Segment WDS Bridge Figure 16. WDS Bridge Used to Extend a Network Configurations of WDS Bridges A WDS bridge can have up to four access points. Figure 17 on page 72 illustrates the supported configurations. 71 Review Draft - May 9, 2014 Chapter 3: Manage Menu One configuration for a WDS bridge of two units. One configuration for a WDS bridge of three units. One configuration for a WDS bridge of four units. Figure 17. Valid Configurations of WDS Bridges Here are the configuration restrictions of WDS bridges: The wireless connections of the access points in a WDS bridge must not form a loop. For instance, Figure 18 is an invalid loop configuration of three access points. Figure 18. Invalid Loop Configuration of Access Points 72 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Additionally, the access points may not form loops with wired devices. An example is shown in Figure 19. Figure 19. Invalid Loop Configuration of Access Points to a Wired Network Device Do not use the linear topology shown in Figure 20 to create a WDS bridge of four units because it might not be reliable. Instead, use the topology shown in Figure 17 on page 72. Figure 20. Invalid Configuration of Four Wireless Access Points Radio You may use either the 2.4 or 5 GHz radios in the units to create a WDS bridge. The access points must all use the same radio. Radio Mode The access points must use the same radio mode. You may use any available radio mode. The available modes depend on the country or area where the access point is installed. Radio Channel When access points are operating in close proximity to each other such that there is an overlap in coverage, the usual practice is to set the radios to different channels to minimize radio interference and improve performance. The radios in the access points of a WDS bridge, however, have to use the same channel. This means that you have to disable automatic channel selection, which is the default settings on the units, and manually select the channel. The common channel between the access points can be any available channel. VAP0 The access points of a WDS bridge use VAP0 as the wireless link. The VAP assignment cannot be changed. Wireless clients should not be allowed to use VAP0 when the devices are arranged in a WDS bridge because the bridge might experience a reduction in performance. Wireless clients should use other VAPs on the units to access the network. 73 Review Draft - May 9, 2014 Chapter 3: Manage Menu Encryption Here are the available encryption settings for a WDS bridge: No encryption Static WEP WPA Personal The available encryption modes for a WDS bridge vary depending on the radio mode and VAP security. The possible settings are listed in Table 8 on page 74. For example, if you want to use WPA Personal on a WDS bridge, you have to set VAP0 to either WPA Personal or WPA Enterprise. Table 8. Available Encryption Settings on WDS Bridges Radio Mode VAP0 Security Level Available WDS Bridge Encryption non-802.11n None, static WEP, or 802.1x None or Static WEP non-802.11n WPA Personal or WPA Enterprise None, Static WEP, or WPA Personal 802.11n mode None None 802.11n mode WPA Personal or WPA Enterprise None or WPA Personal Dynamic Frequency Selection Dynamic frequency selection (DFS) is an industry standard that defines how wireless access points are to respond to the presence of radar signals on 5 GHz channels. The standard states that a wireless access point that detects radar signals on its current 5 GHz channel has to stop transmission and select another channel to avoid interfering with the signals. The AT-TQ Series wireless access points support DFS on 5 GHz channels that countries or regions have designated as DFS channels. If it detects radar signals on its current 5 GHz channel and if the channel is a designated DFS channel, it immediately marks the channel as unusable for a minimum of thirty minutes and randomly selects another channel with which to communicate with its clients. If the wireless access point is using a DFS 5 GHz channel for a WDS bridge and it detects radar signals, it randomly selects another channel so as not to interfere with the signals. This action, however, renders the bridge non-functional. You can prevent this from occurring by selecting a non-DFS 5 GHz channel as the communication link between the wireless access points of a WDS bridge. Here are three examples of non-DFS channels: 74 36 - 5180 MHz Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide 40 - 5200 MHz 44 - 5220 MHz Here are the guidelines to DFS on the AT-TQ Series wireless access points: Guidelines DFS channels vary by country or region. DFS cannot be disabled on the wireless access points. DFS does not apply to channels on the 2.4 GHz radio. Here are the guidelines for WDS bridges: A WDS bridge may have from two to four wireless access points. You may use either the 2.4 or 5 GHz radios in the access points to create a WDS bridge. You may use static WEP or WPA Personal encryption to guard the data in the wireless links between the access points. A WDS bridge can have either AT-TQ2450 or AT-TQ3600 Access Points. A WDS bridge cannot have both models. The WDS bridge feature on the AT-TQ2450 and AT-TQ3600 Access Points is not compatible with the same feature on other products from Allied Telesis or other companies. The radios of the access points of a WDS bridge have to be set to the same mode and channel. If you use the 5 GHz radio to create the bridge, Allied Telesis recommends selecting the common channel for the bridge from the W52 band (channels 5180, 5200, 5220, and 5240 MHz). This is to minimize the chance that the access point, which supports dynamic frequency selection, has to change channels and break the WDS bridge due to radar signals. You may not create a loop in a WDS bridge. The MAC address of an access point can be represented only once in the MAC address tables of other devices. There can be only one WDS bridge between two access points. The access points of a WDS bridge use VAP0 as the communications link. The VAP should not be used by wireless clients. You may not combine the WDS bridge and cluster features on the same access points. 75 Review Draft - May 9, 2014 Chapter 3: Manage Menu Preparing the Access Point for the WDS Bridge This procedure explains how to prepare the access points for a WDS bridge. It assumes you have already decided on which radio to use in addition to the following common settings: Radio mode Radio channel Security level for VAP0 The settings must be the same on all the access points of a WDS bridge. To prepare an access point for a WDS bridge, perform the following procedure: 1. Start a management session on one of the access points of the bridge. 2. Set the radio mode for the WDS bridge. You may use any available radio mode for the bridge, but the radios in the access points must use the same mode. For instructions on setting the radio mode, refer to “Configuring Basic Radio Settings” on page 43 or “Configuring the Radio Settings” on page 46. 3. Manually set the radio channel to the common channel for the WDS bridge. You may use any available channel for the bridge, but the devices must use the same channel. You may not use the Auto setting, which sets the channel setting automatically. For instructions, refer to “Configuring Basic Radio Settings” on page 43 or “Configuring the Radio Settings” on page 46. 4. Configure the encryption settings for VAP0 on the radio. The radio mode for VAP0 determines the available encryption settings for the WDS bridge. Refer to Table 8 on page 74 for the various combinations of encryption settings. For instructions on how to configure the encryption on VAPs, refer to “Configuring Virtual Access Points” on page 58. 5. Activate access point detection on the radio of the WDS bridge. When you configure the WDS bridge on the access point, you identify the remote unit by its MAC address. This is accomplished by activating access point detection. You do not have to activate it on both radios, but only on the one to be used for the bridge. For example, if you are planning to use the 2.4 GHz radio for the bridge, you should activate access point detection on that radio. For instructions, refer to “Viewing Neighboring Access Points” on page 126. 76 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide After performing steps 1 to 5, do one of the following: Configuring the WDS Bridge If the radios in the other access points of the bridge are already enabled, continue with this procedure. If the radios in the other access points are disabled, the default setting, end your current management session, start a new session on another unit, and repeat this procedure. To configure the WDS bridge settings, perform the following procedure: 1. Select WDS from the Manage menu. The access point displays the “Configure WDS bridges to other access points” window, shown in Figure 21. Figure 21. Configure WDS Bridges to Other Access Points Window The window has four sections. You may use each section to create a WDS bridge to a different access point. 2. Use the Radio pull-down menu in one of the sections to select the radio for the WDS bridge between the access points. Radios 1 and 2 are the 2.4 and 5 GHZ radios, respectively, The default is radio 1. 77 Review Draft - May 9, 2014 Chapter 3: Manage Menu Note You cannot configure the fields of a WDS bridge if the corresponding radio is disabled. If the fields are deactivated, refer to “Configuring Basic Radio Settings” on page 43 or “Configuring the Radio Settings” on page 46 for instructions on how to enable the radio. The Local Address field displays the MAC address of the radio. You cannot change this field. 3. Click the dialog circle with the arrow to the right of the Remote Address field. The device displays the neighboring access points in a window. An example is shown in Figure 22. Figure 22. Remote Address List 4. Click the MAC address of the remote access point of the WDS bridge. You may select only one neighboring access point. 5. Click the Encryption pull-down menu and select the encryption method for the WDS bridge. The available selections depend on the radio mode and VAP0 security level. Refer to Table 8 on page 74 for the available security levels. If you do not want the bridge to use encryption, select None, the default setting. 6. Configure the settings of the encryption method. The encryption parameters are described in the following sections: 78 “Static WEP” on page 79 “WPA Personal” on page 80 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide 7. After configuring the encryption settings, click the Update button to activate and save your changes on the access point. 8. Log off to end your management session on the access point. 9. Start a management session on the other access point of the WDS bridge. 10. Repeat “Preparing the Access Point for the WDS Bridge” on page 76 and this procedure to configure the WDS bridge on the other access point. Be sure to assign the same values to the parameters. Static WEP The static WEP parameters are shown in Figure 23 and described in Table 9. Figure 23. Static WEP on WDS Bridges Table 9. Static WEP on WDS Links Field Description Key Length Select either 64 or 128 bits for the key length. The default is 128 bits. Key Type Select either ASCII or hexadecimal for the key type. The default is hexadecimal. 79 Review Draft - May 9, 2014 Chapter 3: Manage Menu Table 9. Static WEP on WDS Links (Continued) Field WEP Key Description Enter a WEP key in the field. You may enter only one key. The key length and type settings determine the length and format of the keys. Here are the guidelines for an ASCII key: - An ASCII key may contain upper and lower characters and the numbers 0 to 9. - An ASCII key is case-sensitive. - The key length of 64 bits requires five ASCII characters. - The key length of 128 bits requires 13 ASCII characters. Here are the guidelines for a hexadecimal key: - A hexadecimal key may contain the letters A to F and numbers 0 to 9. - The key length of 64 bits requires 10 hexadecimal characters. - The key length of 128 bits requires 26 hexadecimal characters. WPA Personal The WPA Personal parameters are shown in Figure 24 and described in Table 10 on page 81. Figure 24. WPA Personal on WDS Bridges 80 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 10. WPA Personal on WDS Links Field SSID Description Enter a name for the new WDS link. The SSID should be different from all the other SSIDs in the network. You must enter the same SSID on both access points of the bridge. The SSID can be up to 32 alphanumeric characters. Key Enter a shared key for the WDS bridge. You must enter the same key on both access points of the bridge. The key can be from 8 to 63 alphanumeric characters. The key can include special characters. 81 Review Draft - May 9, 2014 Chapter 3: Manage Menu Configuring the MAC Address Filter The MAC address filter is used to control which wireless clients can access your network through the access point. You configure the filter by entering the MAC addresses of the wireless clients whose association requests are to be accepted or rejected by the access point. If you specify the MAC addresses of the permitted nodes, the access point accepts the association requests from the specified clients and rejects requests from all other clients. If you specify the MAC addresses of the denied clients, the device rejects association requests from the specified clients and accepts requests from all other clients. Here are the guidelines to the MAC address filter: The access point has only one MAC address filter. You may activate or deactivate the filter on the individual VAPs, such that you have filtering on some VAPs and no filtering on others. You need to know the MAC addresses of the wireless clients whose association requests the access point is to accept or reject. You need to know the VAPs where you want to activate the filtering. Activating filtering on the VAPs is performed from the “Modify Virtual Access Point Settings” window, described in “Configuring Virtual Access Points” on page 58. To configure the MAC address filter, perform the following procedure: 1. Select MAC Filtering Settings from the Manage menu. The access point displays the “Configure MAC Filtering of Client Stations” window, shown in Figure 25 on page 83. 82 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Figure 25. Configure MAC Filtering of Client Stations Window 2. For the Filter parameter, select one of the following: Allow only stations in list: Select this option if you want the access point to accept association requests from the wireless clients whose MAC addresses you enter in the filter, and to reject association requests from all other clients. Block all stations in list: Select this option if you want the access point to reject association requests from the wireless clients whose MAC addresses you enter in the filter, and to accept association requests from all other clients. 3. To enter the MAC addresses of the clients, use the fields next to the Add button. After entering an address, click the Add button. You may enter only one address at a time. You may not enter broadcast or multicast addresses. 4. If you want to remove an address, click the address in the list and then the Remove button. You may remove only one address at a time. 5. After adding the MAC addresses, click the Update button to activate and save your changes on the access point. 6. From the Manage menu, select VAP. 7. In the Modify virtual access point settings window, use the MAC Filtering column to activate filtering on the individual VAPs. For further information on the window, refer to “Configuring Virtual Access Points” on page 58. 83 Review Draft - May 9, 2014 Chapter 3: Manage Menu 8. Click the Update button in the window to activate and save your changes. At this point, the access point begins to accept or reject association requests from the wireless clients, as defined by the filter. 84 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Generating Event Messages for Unknown Access Points The access point can alert you with event messages if it detects unknown access points. It stores the messages in the event log and can also send them to a syslog server on your network. Figure 26 is an example of the message. Apr 22 09:10:45 syslog: Rogue AP found: The MAC address of the Rogue AP is c0:8a:de:68:32 Figure 26. Event Message for Unknown Access Points At pre-defined time intervals, the access point compares the MAC addresses of neighboring access points against a list of approved addresses that you create, and generates event messages for access points whose MAC addresses are not in the approved list. Here are the feature guidelines: Enabling Event Messages for Unknown Access Points If you want the event messages sent to a syslog server, you must have a syslog server on your network and you need to configure the syslog client on the access point, as explained in “Configuring the Syslog Client” on page 124. You need to know the MAC addresses of known neighboring access points. You use the addresses to create a list of approved devices when you configure the feature. The access point does not send event messages for devices in the list. To view the MAC addresses of neighboring access points, refer to “Viewing Neighboring Access Points” on page 126. To configure the access point to generate event messages when it detects unknown access points, perform the following procedure: 1. Select Pre-Configured Rogue AP from the Manage menu. The access point displays the “Configure Pre-Configured Rogue AP” window shown in Figure 27 on page 86. 85 Review Draft - May 9, 2014 Chapter 3: Manage Menu Figure 27. Configure Pre-Configured Rogue AP Window 2. Click the Enabled dialog circles for the AP Detection for Radio options. Radios 1 and 2 are the 2.4 and 5 GHz radios, respectively. You may activate one or both radio detections. If you are only interested in receiving event messages of unknown access points on one radio, activate that radio detection. If you are interested in receiving event messages for both radios, enable both options. Note You cannot configure the feature parameters until you enable at least one of the access point detections. 3. Use the Rogue AP Interval pull-down menu to select the intervals at which the device tests for unknown access points. The range is 15 minutes to four weeks. The default is 15 minutes. 4. If there are neighboring access points you want to add to the approved list so that the access points does not generate event messages when it detects them, enter the address of one of them in the fields below the list and click the Add button. You may add only one MAC address at a time. 5. Repeat step 4 to add more access points to the approved list. You may add up to 200 addresses. 6. To remove a MAC address from the list, click the address and then click the Remove button. You may delete only one address at a time from the list. 86 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide 7. Click the Update button to activate and save your changes on the access point. The access point tests for unknown access points when you click the Update button and, if it finds an unknown device, enters an event message in the event log and sends the message to the syslog server. The access point repeats the test at the next time interval. Disabling Event Messages for Unknown Access Points To stop the access point from generating event messages when it detects unknown access points, perform the following procedure: 1. Select Pre-Configured Rogue AP from the Manage menu. The access point displays the “Configure Pre-Configured Rogue AP window” shown in Figure 27 on page 86. 2. Click the DIsabled dialog circles for the AP Detection for Radio options. Radios 1 and 2 are for the 2.4 and 5 GHz radios, respectively. The access point stops generating event messages for unknown access points. 87 Review Draft - May 9, 2014 Chapter 3: Manage Menu Configuring the Access Point for the Optional AT-UWC Program The AT-UWC Unified Wireless Controller is an optional management program for the AT-TQ Access Points. You may use the program to centralize the task of managing the access points in your network. To use the program, you install it on a network server and then configure the controller client on the access point by entering the IP address of the server. You cannot manage an access point with the program until you have entered the IP address of the network server in the controller client. There are two ways to configure the controller agent: Enabling the Controller Client You can use the “Configure Managed Access Port Parameters” window to enter the IP address of the management workstation with the AT-UWC programs, as explained in this section. You can use a DHCP server that supports option 43 to supply the IP address of the management workstation with the program to the access point. This manual does not explain how to configure DHCP option 43. To configure the controller client, perform the following procedure: 1. From the Manage menu, select Managed Access Point Settings. The access point displays the “Configure Managed Access Point Parameters” window in Figure 28. Figure 28. Configure Managed Access Point Parameters Window 88 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide 2. Click the Enabled dialog circle for the Managed AP Administrative Mode parameter. This is the default setting. 3. Enter the IP addresses or domain names of up to four controllers in the Controller IP Address fields. The controllers are management workstations that have the AT-UWC program. The access point queries the controllers in the order in which they are listed, starting with IP address 1. Please observe the following guidelines if you specify the controllers by their domain names: The first character must be alphanumeric. It cannot be a special character. The last character cannot be a hyphen or period. 4. Click the Base IP Port field and enter the starting TCP/UDP port number of the range of 10 port numbers that the access point uses to communicate with the controller. Here are the guidelines to setting the base IP port: The range is 1 to 65000. The default is 57775 for the range 57775 to 57784. You must assign the same value to the root and satellite access points. You must also enter the same value on the controller. 5. Click the Edit dialog box for the Pass Phrase field to remove the check mark. 6. Click the Pass Phrase field and enter the passphrase for the access point. Here are the guidelines for the passphrase: You must assign the same passphrase to the root and satellite access points of a group. The passphrase can be from 8 to 63 characters. It can consist of letters and numbers, but no spaces. It is case sensitive. You must enter the same passphrase on the controller. You may leave the passphrase blank. 7. Click the Edit dialog box again for the Pass Phrase field. 8. For the WDS Managed Mode parameter, click the Root AP dialog circle if the unit is to be the root access point and communicate with the controller through its LAN port, or the Satellite AP dialog circle if the device is to communicate with the controller through a root access point. 89 Review Draft - May 9, 2014 Chapter 3: Manage Menu 9. For the WDS Managed Ethernet Port parameter, do one of the following: If you are configuring the root access point, click the Enabled dialog circle to enable the LAN port on the device. The LAN port must be enabled on the root device. If you are configuring a satellite unit and the LAN port is connected to a network device, click the Enabled dialog circle. If you are configuring a satellite unit and the LAN port is not connected to a network device or the port is connected to a device but is not to communicate with it, click the Disabled dialog circle. This is the default setting. 10. If you are configuring a satellite unit, click the WDS Group Password field and enter a password for WPA2 Personal authentication. Here are the guidelines for the password: You must assign the same password to all satellite access points of a group. The password can be from 8 to 63 characters. It can consist of letters and numbers. It is case sensitive. The password may contain special characters, such as @ and #, and spaces. You must enter the same password on the controller. Leave this field blank if you are configuring the root access point: The root device gets the password from the controller. 11. Click the Update button to activate your changes and save them in the configuration file. When you click the Update button, the access point attempts to contact the controller if you enabled the controller agent. The mode of communication depends on whether the access point is functioning as the root device or a satellite node. A root access point communicates with the controller through its LAN port, while a satellite unit communicates with it over a wireless connection to the root access point. At this point, the access point queries your network for the controller specified in the Controller IP Address 1 field of the window. If it receives a response, it disables web browser and SNMP management so that it can only be managed from the controller. If the access point does not receive a response in five seconds, it queries the controller in the next address field, and so forth. If it does not receive a response from any of the controllers, it continues to operate as a stand-alone unit. 90 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Note If the access point is successful in contacting a controller, your web browser management session is interrupted. 12. To continue managing the device, you must use the controller. Disabling the Controller Client This procedure explains how to disable the controller client and return the device to the stand-alone mode. Note Disabling the controller client may disrupt the operations of your network because it requires interrupting the communications link between the access point and controller. To minimize the disruption to your network users, you should only perform this procedure during periods of low network activity, such as during non-business hours. Before you can disable the controller client, the communications link between the access point and the controller has to be interrupted. This is because the access point does not allow you to manage it with a web browser or SNMP while it has a link to the controller. Here are two ways to interrupt the link between the device and controller: If the access point is the root device, disconnect the Ethernet cable from the LAN port. If the access point is a satellite unit, move it onto a network that does not have a root device. After you have interrupted the link between the access point and controller, you should be able to establish a web browser management session with the device and disable the client. To disable management of the access point with the AT-UWC product, perform the following procedure: 1. From the Manage pull-down menu, select Managed Access Point Settings. This displays the window in Figure 28 on page 88. 2. Click the Disabled dialog circle for the Managed AP Administrative Mode option. 3. Click the Update button to activate and save your changes on the access point. The access unit now operates as a stand-alone unit. 91 Review Draft - May 9, 2014 Chapter 3: Manage Menu 92 Review Draft - May 9, 2014 Chapter 4 Cluster Menu This chapter describes the management functions of the Cluster menu. The chapter contains the following sections: “Overview” on page 94 “Planning a Cluster” on page 101 “Creating or Adding Access Points to a Cluster” on page 102 “Managing the Access Points of a Cluster” on page 105 “Removing an Access Point from a Cluster” on page 106 “Viewing the Wireless Clients of a Cluster” on page 107 “Using Automatic Channel Assignments” on page 109 “Viewing the Neighboring Access Points of the Cluster” on page 113 93 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Overview A cluster is a group of two or more access points that have similar configurations and are managed as a single unit. When you change a parameter on one unit of a cluster, your change is automatically communicated to the other units, which change the same parameter. This can simplify the task of managing units that have nearly identical configurations. The parameters of the access points of a cluster are divided into shared and non-shared parameters. Shared parameters have the same settings on all the access points of the cluster. Changing the setting of a shared parameter on one unit automatically changes the same parameter on the other units. For instance, the MAC filter, which is used to control access by wireless clients to the access point, is a shared parameter because your changes to the feature on one access point are automatically sent to the other access points in the same cluster. In contrast, changes to non-shared parameters are not communicated to the other members of the cluster. Consequently, the access points of the cluster can have different settings for their non-shared parameters. To configure these parameters, you have to establish individual management sessions on the units. The IP address of an access point is an example of an non-shared parameter because each unit must have a unique IP address. There are also non-shared functions, such as viewing event messages and statistics, because each unit is responsible for maintaining its own event messages log and statistics table. Table 11 lists the shared and non-shared features and functions of the access points in a cluster. Table 11. Shared and Non-shared Parameters on the Access Points in a Cluster Menu Basic Settings Menu Selection Basic Settings Shared Parameters - Administrator Name - Password Non-shared Parameters - IP Address - MAC Address - Firmware Version - Build Number - Time since system-up - System Name - System Contact - System Location 94 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 11. Shared and Non-shared Parameters on the Access Points in a Cluster (Continued) Menu Manage Menu Selection Non-shared Parameters Shared Parameters Ethernet Settings None - MAC Address - Management VLAN ID - Untagged VLAN - Untagged VLAN ID - Connection Type - Static IP Address - Subnet Mask - Default Gateway - DNS Nameservers - Directed Broadcast ICMP Reply Wireless Settings - Radio (On or Off) - Mode - Station Isolation - MAC Address - Channel Radio - Status (On or Off) - Mode - Channel Bandwidth - Primary Channel - Short Guard Interval Supported - Multidomain Regulatory Mode - Protection - Fragmentation Threshold - RTS Threshold - Fixed Multicast Rate - Rate Sets - MCS (Data Rate) Settings - Broadcast/Multicast Rate Limiting - Rate Limit Rate Limit Burst - Channel - Eligible Channels - Periodical Channel Refresh - Beacon Interval - DTIM Period - Maximum Stations - Transmit Power VAP - New and modified VAPS - VAP status New VAPs are distributed as disabled on the access points of the cluster and can be manually enabled on the individual units. MAC Filtering - Filter - Stations List None 95 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Table 11. Shared and Non-shared Parameters on the Access Points in a Cluster (Continued) Menu Menu Selection Shared Parameters Non-shared Parameters Pre-configured Rogue AP - AP Detection for Radio - Rogue AP Interval - Access Points List Managed Access Point None - Managed AP Administrative Mode - Controller IP Address - Base IP Port - Pass Phrase - WDS Managed Mode - WDS Managed Ethernet Port - WDS Group Password Cluster Status Access Points None Channel Management - Stop or start channel management - Lock channels - Advanced parameters Events - TQ2403 Compatible - Relay Log - Relay Host - Relay Port - Persistence - Severity - Depth - Event Messages are not shared among the units of the cluster and have to be viewed from individual management sessions of the units. Transmit/Receive None Statistics are not shared among the units of the cluster and have to be viewed from individual management sessions of the units. Client Associations 96 - Location - Cluster Name This menu selection only displays the clients of the current access point. To view the clients of a cluster, refer to “Viewing the Wireless Clients of a Cluster” on page 107 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 11. Shared and Non-shared Parameters on the Access Points in a Cluster (Continued) Menu Services Menu Selection Non-shared Parameters Shared Parameters Neighboring Access Points - AP Detection for Radio - AP Detection for Radio This menu selection only displays the neighboring access points of the current access point. To view the neighboring access points of the cluster, refer to “Viewing the Neighboring Access Points of the Cluster” on page 113 Managed AP DHCP None The IP addresses of devices with the ATUWC Unified Wireless Controller program are not shared by the access points. You have to configure this on the DHCP server with Option 43 for each access point. QoS - AP EDCA Parameters -Wi-Fi Multimedia (WMM) - Station EDCA Parameters - No Acknowledgement - APSD None 97 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Table 11. Shared and Non-shared Parameters on the Access Points in a Cluster (Continued) Menu 98 Menu Selection Non-shared Parameters Shared Parameters SNMP -SNMP (Enabled or Disabled) -Read-only community name - Port Number the SNMP agent will listen to - Allow SNMP set requests - Read-write community name - Restrict the source of SNMP requests to only the designated hosts or subnets - Hostname, address, or subnet of Network Management System - Community name for traps - Trap type to send - Hostname or IP address None LED None - LED (On or Off) HTTP/HTTPS None - HTTPS Server Status - HTTP Server Status - HTTP Port - Generate SSL Certificate - Maximum Sessions - Session Timeout (minutes) NTP - Set System Time - NTP Server - Interval to Synchronize - Time Zone - Adjust for Daylight Savings Time - System Date - System Time Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 11. Shared and Non-shared Parameters on the Access Points in a Cluster (Continued) Menu Maintenance Menu Selection Configuration Non-shared Parameters Shared Parameters - Disable Reset Button - To Restore the Factory Default Configuration - To Save the Current Configuration to a Backup File - To Restore the Configuration from a Previously Save File - To Reboot the Access Point The above functions have to be performed on the individual access points of the cluster. Here are the guidelines to creating a cluster of access points: You should only use this feature on access points that are to have identical shared parameters. A cluster can have up to sixteen access points. The access points of a cluster share many parameter settings, but operate as individual units. The manager login name and password are shared parameters. Consequently, all the access points of a cluster always have the same login name and password. Changing the values on one unit changes it on all of them. When you are creating a new cluster, the units use the login name and password on the first unit where you enable the cluster feature. The access points of the cluster must have different IP addresses. Clustering is not supported across broadcast boundaries or routers. The access points of a cluster must reside in the same subnet or network and the network portions of their IP addresses have to be the same. The access point searches for other access points of the cluster using the LAN port, but not the radios. Consequently, the access points of a cluster need to be able to communicate with each other through their LAN ports. When you activate clustering on an access point, the unit queries the network on its LAN port for an existing cluster with the same cluster name as its own. If there is no existing cluster, the access point becomes a cluster of one unit. If there is a cluster with the same name, the new access point changes its parameters to 99 Review Draft - May 9, 2014 Chapter 4: Cluster Menu match the settings of the units in the existing cluster and then joins the cluster. 100 The access points of a cluster must be assigned a name. The name must be the same on all the units. You may create more than one cluster in a subnet by giving the clusters different names. You may manage the access points by starting a management session on any unit in the cluster. You may not combine the cluster and WDS bridge features on the access points. The cluster feature on the AT-TQ Access Point Series is not compatible with similar features on products from Allied Telesis or other companies. The Country setting must be the same on the access points in a cluster and must be set before the devices are added to a cluster. For instructions, refer to “Setting the Country Setting” on page 41. The access points use encryption to protect the parameter settings when they transmit them to each other. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Planning a Cluster When you create a new cluster, it is important to consider the order in which you enable the feature on the access points. This is particularly true if you have already configured the settings of one of the units. If you want the other units to adopt the configuration of the pre-configured unit when they initially form the cluster, you have to activate the cluster feature on the pre-configured unit first because the initial configuration of a new cluster is always set by the access point on which the feature is activated first. When the other units join the cluster, they adopt the configuration of the units on which the feature is already enabled. Here is an example. Assume that you intend to create a cluster of three access points and you have not configured any of the units. In this case, you can activate clustering on the units in any order. The access points adopt the settings of the first unit on which you activate the cluster feature. Now assume that you already configured the parameters of one of the units (A) and you want the other two units (B and C) to have the same configuration as unit A when they join the cluster. In this situation, it is important that you start the cluster feature on unit A first, before units B and C. That way, when units B and C join the cluster, they adopt the settings of unit A. If, instead, you activate clustering on unit B or C first, unit A would lose its configuration settings when it joins the cluster and adopts the settings of unit B or C. After the access points join the cluster, all their shared parameter settings are the same. So if you need to power off or reboot the units, the order in which you do it is not important because they all have the same settings. Another important rule to remember is that you should never add a new access point to an existing cluster when the other units are turned off. Otherwise, when you power them on, they discard their current settings and adopt the settings from the new unit, which may not have the correct configuration for the units of the cluster. 101 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Creating or Adding Access Points to a Cluster To create a cluster or add access points to an existing cluster, perform the following procedure: 1. Select Access Points from the Cluster menu. The access point displays the “Manage access points in the cluster” window, shown in Figure 29. Figure 29. Manage Access Points in the Cluster Window Note When an access point is added to an existing cluster, it automatically changes its shared parameter settings to match the settings of the other units in the cluster. If it does not find any access points in its cluster, it retains its current settings. Note You cannot configure the Location and Cluster Name fields in the window while clustering is active on the access point. If the fields are deactivated, click the Stop Clustering button to stop the feature until you have configured the fields. 2. Select the Location field and enter a description for the access point, such as its location, a name, or its IP address. The more unique the name, the easier it is to identify this unit from the other units in the cluster. The description can be from 1 to 128 characters. Spaces and special characters are allowed. This location is different from the 102 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide System Location field in the “Provide basic settings” window, shown in Figure 6 on page 30. 3. Select the Cluster Name field and enter the name of the cluster. If the access point is the first member of a new cluster, enter a new name. If the access point is to be a member of an existing cluster, enter the name of the existing cluster. The name has to be the same on all the access points in the cluster and can be from 1 to 128 characters. Spaces and special characters are allowed. The cluster name is case sensitive. 4. Click the Update button to activate and save your changes on the access point. 5. Click the Start Clustering button to start the clustering feature on the access point. At this point, the access point queries the network on the LAN port for a cluster of the same name as its own, and does one of the following: If it does not find any units with the same cluster name, it operates as a cluster of one access point and retains its current parameter settings. If it finds one or more units with the same cluster name, it changes its shared parameters to match the settings on the other units in the cluster. 6. Refresh the web browser window or go to another management window and then return to the “Manage access points in the cluster” window to update the window. If the access point found other units with the same cluster name, it displays them in the window. Figure 30 on page 104 shows a cluster of two units. 103 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Figure 30. Active Cluster in the Manage Access Points in the Cluster Window 7. Any changes you now make to the shared parameter settings of the access point are transferred to the other units in the cluster. 8. To end your management session of the cluster, click Log Off in the upper right corner of the window. 9. To add another access point to the cluster, start a management session on the unit and repeat this procedure. 104 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Managing the Access Points of a Cluster To manage the access points of the cluster, perform the following procedure: 1. Start a management session on any unit in the cluster. 2. Adjust the parameters on the unit. Your changes to the shared parameters on the access point are automatically transferred to the other units in the cluster. The shared parameters are listed in Table 11 on page 94. 3. To start a management session on a different unit in the cluster, select Access Points from the Cluster menu. The access point displays the “Manage access points in the cluster” window, shown in Figure 29 on page 102. 4. From the list of access points in the window, click the IP address of the unit you want to manage. You may select only one access point. Note If you are unsure as to which access point you are currently managing, you can identify it by examining the Location field in the window or the IP address in the URL field of the web browser. 5. Log on using the common user name and password of the cluster. If you move back and forth between the same access points, you may not have to log on each time. 6. Configure the unit, as needed. 7. To end your management session of the cluster, click Log Off in the upper right corner of the window. 105 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Removing an Access Point from a Cluster To remove an access point from a cluster, perform this procedure: 1. Start a management session on the unit. 2. Select Access Points from the Cluster menu. The access point displays the “Manage access points in the cluster” window, shown in Figure 29 on page 102. 3. Click the Stop Clustering button. The access point is no longer a member of the cluster and has to be managed as an individual unit. The device retains the cluster settings, but any new changes are not transferred to other access points. 106 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Viewing the Wireless Clients of a Cluster You may view information about the wireless clients of the access points of the cluster by selecting Sessions from the Cluster menu. This displays the “Manage sessions associated with the cluster” window. An example of the window is shown in Figure 31. The table lists the access points of the cluster and their wireless clients. Access points that do not have any wireless clients are not included in the table. Figure 31. Manage Sessions Associated with the Cluster Window The columns in the table are defined in Table 12. Table 12. Manage Sessions Associated with the Cluster Window Column Description AP Location Identifies the access point by its cluster location. The location is defined in the “Manage access points in the cluster” window,” explained in “Creating or Adding Access Points to a Cluster” on page 102. User MAC Displays the MAC addresses of the wireless clients of the access point. Idle Displays the amount of time (milliseconds) a wireless client has not sent or receive packets. Rate Displays the speed (Mbps) at which the access point is transmitting packets to a client. 107 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Table 12. Manage Sessions Associated with the Cluster Window Column Description Signal Displays the strength of the signal received by the wireless client from the access point. The signal is a value from 0 to 100 and is based on Received Signal Strength Indicator (RSSI). Rx Total Displays the total number of packets received by the wireless client from the access point. Tx Total Displays the total number of packets sent by the access point to the client. Error Rate Displays the number of dropped packets as a percentage of all packets. You may sort the information by column. For instance, clicking the Signal label sorts the entries by signal strength. To display only one statistic at a time in the table, use the Display pulldown menu and selected the desired statistic. Then click Go. 108 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Using Automatic Channel Assignments The automatic channel assignment feature can improve the performance of your wireless network because it tests for interference on the radios of the access points in the cluster and automatically changes the channel assignments of the radios to reduce or eliminate the interference. The feature can test for interference between members of a cluster as well as between cluster and non-cluster members. You may specify the potential interference reductions that initiate a channel reassignment as well the timing of the tests. Note Enabling and configuring automatic channel assignments are shared procedures for the access points of a cluster. Configuring the feature on one unit configures it on all units. Enabling Automatic Channel Assignments To configure automatic channel assignments for the access points of the cluster, perform the following procedure: 1. Select Channel Management from the Cluster menu. The access point displays the “Automatically manage channel assignments” window. The example of the window in Figure 32 is of a cluster of two access points. Figure 32. Automatically Manage Channel Assignments Window This is how the window is displayed when automatic channel assignment is disabled. The Current Channel Assignments table lists the radios of the cluster and their channel assignments. The columns in the table are described in Table 13 on page 110. 109 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Table 13. Current Channel Assignments Column Description IP Address Displays the IP address of the access point. Radio Displays the MAC address of the radio. Band Displays the radio band that the access point is broadcasting on. Channel Displays the current channel of the radio. Status Displays the status of the radio. The radio has the status Up when it is enabled and Down when it is disabled. To change the status of the radio, refer to “Configuring the Radio Settings” on page 46 or “Configuring Basic Radio Settings” on page 43. 2. To start the automatic channel assignments feature, click the Start button. The window displays new options, shown in Figure 33. Figure 33. Automatically Manage Channel Assignments Window Automatic Channel Assignment Enabled 3. Configure the two parameters in the Advanced section of the window. The parameters are defined in Table 14 on page 111. 110 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 14. Channel Reassignment Parameters Parameter Description Change channels if interference is reduced by at least Specifies the potential interference reduction that initiates a channel reassignment. The value is a percentage of potential reduction. At the default of 75%, a channel reassignment would need a potential interference reduction of at least 75% before an access point would perform it. The higher the value, the less frequently the access point is likely to perform channel reassignments. Determine if there is a better set of channel settings every Specifies the time interval at which the access point tests for interference and, if necessary, performs channel reassignments. The default is once every hour. 4. After adjusting the parameters, click the Update button to activate and save your changes on the access point. 5. If you do not want an access point in the cluster to change its radio channels as part of the automatic channel assignments feature, click the corresponding Locked dialog box in the Current Channel Assignments section of the window and click the Apply button. Each access point has only one dialog box, located on the line for the 2.4 GHz radio. However, the dialog box controls both radios. When the dialog box has a check mark, the channels for both the 2.4 and 5 GHz radios in the access point are locked and cannot be changed. To unlock the channels of the radios, click the dialog box to remove the check mark. (The dialog boxes are displayed in the Current Channel Assignments table only when automatic channel assignment is enabled on the access points of the cluster.) The access points of the cluster are now running the automatic channel assignments feature. 111 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Disabling Automatic Channel Assignments To disable automatic channel assignments on the access points of a cluster, perform the following procedure: Note Disabling automatic channel assignments is shared among the access points of the cluster. Disabling it on one unit disables it on all units. 1. Select Channel Management settings from the Cluster menu. The access point displays the “Automatically manage channel assignments” window. An example of the window is shown in Figure 33 on page 110. 2. Click the Stop button. The access points of the cluster stop performing automatic channel assignments, but the radios retain their current channel assignments. 112 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Viewing the Neighboring Access Points of the Cluster To view the neighboring access points of the cluster, select Wireless Neighborhood from the Cluster menu to display the “View neighboring access points” window. An example of the window is shown in Figure 34. Figure 34. View Neighboring Access Points Window The table rows are divided into three sections: The top row contains the IP addresses, MAC addresses, and cluster locations of the radios in the access points of the cluster. A radio has to be both enabled and active to be included in the row. Radios that are disabled or enabled but not active are not included in the window. To learn the MAC addresses of the radios of an access point, refer to “Configuring Basic Radio Settings” on page 43. The second set of rows contains the SSIDs of the VAPs on the access points that are members of the cluster. The third set of rows displays the SSIDs of access points or VAPs that are not members of the cluster, but that have been detected by cluster members. The second and third sets of rows are divided by a heavy line. 113 Review Draft - May 9, 2014 Chapter 4: Cluster Menu Colors represent the signal strengths between the access points and are defined in Table 15. Table 15. View Neighboring Access Points Window Color Description Dark blue bar A dark blue bar with a high number (for example, 50) indicates a good signal strength between two access points. Light blue bar A light blue bar with a low number (for example, 20) indicates a weak or medium signal strength between two access points. White bar A white bar and the number 0 means that an access point does not detect a neighboring access point that is detected by another member of the cluster. Light gray bar A light gray bar and no signal strength means that an access point does not detect a neighboring access point that is detected by another member of the cluster. Dark gray bar A dark gray bar and no signal strength represents the access point itself. You may limit the table to cluster members or non-cluster members by clicking one of the Display Neighboring APs dialog circles above the table. Click In cluster to restrict the table to only the VAPs of the cluster members or Not in cluster to view only the connections to non-cluster members. The default displays both cluster and non-cluster members. You may display additional information about the connections by clicking the IP addresses of the access points in the top row of the table. An example is shown in Figure 35. The columns are described in Table 16 on page 115. Figure 35. Neighbor Details 114 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 16. Neighbor Details Window Column Description SSID Displays the SSID of a remote access point or VAP. MAC Address Displays the MAC address of a remote radio. Channel Displays the radio channel. Rate Displays the rate of transmission (Mbps). Signal Displays the signal strength (dB). Beacon Interval Displays the beacon transmission interval (milliseconds). Beacon Age Displays the date and time when the last beacon was received. 115 Review Draft - May 9, 2014 Chapter 4: Cluster Menu 116 Review Draft - May 9, 2014 Chapter 5 Status Menu This chapter describes the management functions of the Status menu. The chapter contains the following sections: “Viewing the Associated Clients of an Access Point” on page 118 “Viewing Event Messages” on page 120 “Viewing Neighboring Access Points” on page 126 “Displaying the IP Addresses of AT-UWC Programs” on page 129 “Displaying Statistics” on page 130 “Viewing Basic IP and Radio Information” on page 134 117 Review Draft - May 9, 2014 Chapter 5: Status Menu Viewing the Associated Clients of an Access Point To view a list of the associated clients on the access point and the amount of traffic, select Client Associations Settings from the Status menu. The menu option displays the “View list of currently associate client stations” window. An example of the window is shown in Figure 36. Figure 36. View List of Currently Associated Client Stations The columns in the window are described in Table 17. Table 17. View List of Currently Associated Client Stations Window Column Network Description Displays the radio and VAP where a client is associated. Here is an example of an entry: wlan0vap2 The “wlan” is the radio where the client is associated. The entry “wlan0” is radio 1 and “wlan1” is radio 2. The “vap” is the VAP where the client is associated. The number is the VAP number. Station 118 Displays the MAC address of the wireless client. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 17. View List of Currently Associated Client Stations Window Column Description Status Authenticated Displays whether a client has been authenticated. (This column does not display IEEE802.1x authentication status, but the underlying status, which is independent of the security level.) Associated Displays whether a client is associated with the access point. From Station Packets Displays the number of packets the access point has received from a client. Bytes Displays the number of packets bytes the access point has received from a client. Drop Packets Displays the number of packets the access point has dropped after receiving them from a client. Drop Bytes Displays the number of packet bytes the access point has received and dropped. To Station Packets Displays the number of packets the access point has transmitted to a client. Bytes Displays the number of packet bytes the access point has transmitted to a client. Drop Packets Displays the number of packets the access point has dropped before transmitting them to a wireless client. Drop Bytes Displays the number of packet bytes the access point has dropped before transmitting them to a wireless client. 119 Review Draft - May 9, 2014 Chapter 5: Status Menu Viewing Event Messages A wireless access point is a complex piece of network equipment that includes both hardware and software components. Multiple software features operate simultaneously, interoperating with each other and processing large amounts of network traffic. It is often difficult to determine exactly what is happening when an access point appears not to be operating normally, or what happened when a problem occurred. You may monitor the operations of the access point by viewing the messages in its event log. The events and the vital information about system activity that they provide can help you identify and solve system problems. The access point has two types of event messages: System messages Kernel messages System messages, which cover a variety of events, such as authentications of 802.1x wireless users and hardware or software problems, are divided by severity into the following categories: 0 - Emergency 1 - Alert 2 - Critical 3 - Error 4 - Warning 5 - Notice 6 - Informational 7 - Debug System event messages are stored in the event log on the access point and can be viewed from web browser management sessions of the device, as explained in “Viewing System Event Messages” on page 121. They can also be sent to a syslog server on your network for more permanent storage, as described in “Configuring the Syslog Client” on page 124. System event messages can be stored in either volatile or non-volatile memory. Messages stored in volatile memory, the default setting, are discarded whenever the unit is reset or powered off. When system event messages are stored in non-volatile memory, they are retained even when the unit is powered off or reset. This can be useful if you are troubleshooting a problem with the unit or network. However, 120 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide using non-volatile memory for this purpose can prematurely wear out the memory, which can lead to performance degradation of the unit. For this reason, event messages should only be stored in non-volatile memory when you are troubleshooting a network problem, and only for short periods of time. A better option for permanently storing messages is to use the syslog client on the access point to send the messages to a syslog server on your network. A syslog log server can be located on the wireless or wired part of your network because the access point transmits the messages from its radios and LAN port. Kernel event messages are generated by the main component of the management software and generally reflect error conditions, such as dropped frames. Unlike system messages, kernel messages cannot be viewed from web browser management sessions and can only be viewed on a syslog server. If you want to view these messages, you have to have a syslog server on your network to store the messages. System and kernel messages include the following information: Viewing System Event Messages The time and date of the event The severity of the event The feature or management module that generated the event An event description To view the system event messages in the event log, select Events from the Status pull-down menu. The access point displays the “View events generated by this access point” window. Refer to Figure 37 on page 122. 121 Review Draft - May 9, 2014 Chapter 5: Status Menu Figure 37. View Events Generated by this Access Point Window The system messages are displayed in a table in the Events section of the window, from newest to oldest. The columns in the table are described in Table 18. Table 18. Event Messages Table Field Description Time Date and time when a message was generated. Type The severity level of a message. Service The module in the management software that generated the message. Description Description of the message. The table has two buttons: 122 Refresh - You may use this button to update the table with the latest messages. Clear All - You may use this button to delete all the messages in the log. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Configuring the Event Log You can configure the following parameters of the event log: Whether the event messages are stored in volatile or non-volatile memory. The severity of the displayed messages. The number of displayed messages. Whether all the messages are assigned the facility level 0, kernel messages, to make them compatible with the AT-TQ2403 Access Point. To configure the event log, perform the following procedure: 1. Select Events from the Status pull-down menu. The access point displays the “View events generated by this access point” window. Refer to Figure 37 on page 122. 2. If you want the access point to store the messages in non-volatile memory, click the Enabled dialog circle for the Persistence parameter. To stop the access point from storing messages in non-volatile memory, click the Disabled dialog circle. Note Event messages should only be stored in non-volatile memory for short periods of time, such as when troubleshooting network problems. Storing messages in non-volatile memory for extended periods of time can wear out the memory, which can lead to performance degradation of the access point. 3. If you want to limit the messages by severity level, select the Severity pull-down menu and select a new value. The range is 0 to 7. The default is 7. The access point displays messages of the selected value and all numerically lower (higher severity) levels. For example, selecting severity level 3 displays the messages for levels 0 to 3. The default level 7 displays all messages. The Severity parameter applies to messages in volatile and nonvolatile memories. 4. If you want to increase or decrease the number of displayed event messages, select the Depth field and enter a new value. The range is 1 to 128 messages. The default is 128 messages. The Depth parameter applies to messages in volatile and non-volatile memories. 123 Review Draft - May 9, 2014 Chapter 5: Status Menu 5. If you want the access point to assign the facility 0, kernel message, to all messages to make them compatible with the AT-TQ2403 Access Point, click the Enabled dialog circle for the TQ2403 Compatible parameter. If you want the access point to base the facility codes of the messages on the services of the management software, click the Disabled dialog circle. This is the default setting. You cannot view the facility codes of the event messages from the event log. They can only be viewed on a syslog server. 6. Click the Update button to activate and save your changes on the access point. Configuring the Syslog Client This procedure explains how to configure the syslog client. The access point uses the client to send the system and kernel event messages to a syslog server on your network. The messages are sent from the LAN port and radios. To configure the syslog client, perform the following procedure: 1. From the Status menu, select Events. The access point displays the “View events generated by this access point” window. Refer to Figure 37 on page 122. 2. In the Options section of the window, use the Severity pull-down menu to select the severity of system messages the access point is to transmit to the syslog server. The access point transmits the system messages of the selected level and all numerically lower (higher severity) messages. For example, if you select level 3, error, the device transmits system messages from levels 0 to 3. The default is level 7, debug. This is the highest value, so all messages are sent. The severity level setting does not apply to kernel messages. 3. Use the TQ2403 Compatible parameter to control the facility levels the access point assigns to the event messages. If you select Disabled, the device assigns facility levels that are based on the services that generated the messages in the management software. This is the default setting. If you select Enabled, all messages are assigned the facility level 0, kernel message, to make them compatible with the ATTQ2403 Access Point, which does not assign facility levels to its messages. The Facility levels of the messages can only be viewed on a syslog server. They are not displayed in the event log of the access point. 124 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide 4. In the Relay Options section of the window, click the Enabled dialog circle for the Relay Log option. You have to enable the feature before you can configure its parameters. 5. In the Relay Options section of the window, select the Relay Host field and enter the IP address or DNS name of the syslog server on your network. You can specify only one server. 6. To change the syslog port number, select the Relay Port field and enter the new value. The default is port 514. 7. Click the Update button to activate and save your changes on the access point. At this point the access point begins to transmit system and kernel messages to the designated syslog server. Only new messages are sent. The device does not transmit any system messages that are already stored in the event log. Disabling the Syslog Client To disable the syslog client to stop the access point from sending the system and kernel messages to a syslog server, perform the following procedure: 1. From the Status pull-down menu, select Events. The access point displays the “View events generated by this access point” window. Refer to Figure 37 on page 122. 2. In the Relay Options section of the window, click the Disabled dialog circle for the Relay Log option. 3. Click the Update button to activate and save your changes on the access point. 125 Review Draft - May 9, 2014 Chapter 5: Status Menu Viewing Neighboring Access Points You can view basic information and statistics about other access points within range of the access point you are managing by selecting the Neighboring Access Points option from the Status menu. The window is shown in Figure 38. Figure 38. View Neighboring Access Points Window You may use the AP Detection for Radio options in the window to configure the table to display the neighboring access points discovered on one or both radios. Use the Update button to save your change. The information in the table is not retain when the access point is reset or powered off. The columns in the table are described in Table 19. Table 19. Neighboring Access Point Settings Window Column Beacon Int. 126 Description Displays the beacon interval of the neighboring access point. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 19. Neighboring Access Point Settings Window (Continued) Column Type Description Indicates the type of device: AP: Indicates that the neighboring device is an access point that supports the IEEE 802.11 Wireless Networking Framework in Infrastructure Mode. Ad hoc: Indicates that the neighboring device is operating in Ad hoc mode to directly communicate with other Ad hoc devices, without the use of traditional access points. Ad hoc mode is part of the IEEE 802.11 Wireless Networking Framework and is also referred to as peer-to-peer mode and Independent Basic Service Set (IBSS). SSID Displays the Service Set Identifier (SSID) of the neighboring access point. Privacy Displays whether the neighboring access point has security: On: The neighboring access point has security. Off: The access point does not have security. WPA Displays the status of WPA on the neighboring access point. Band Displays the IEEE 802.11 mode of the access point: 2.4: Indicates IEEE 802.11b, 802.11g, 802.11n, or a combination of the modes. 5: Indicates IEEE802.11a, 802.11n, or both modes. Channel Displays the channel on which the access point is broadcasting. Rate Displays the transmission rate in megabits per second of the access point. 127 Review Draft - May 9, 2014 Chapter 5: Status Menu Table 19. Neighboring Access Point Settings Window (Continued) Column 128 Description Signal Displays signal strength. You may view the strength in decibels (dBm) by placing the mouse pointer over the bars. Beacons Displays the total number of beacons received from the neighboring access point since it was discovered. Last Beacon Displays the date and time of the most recent beacon from the neighboring access point. Rates Displays the supported and basic (advertised) rate sets in megabits per second (Mbps) for the neighboring access point. All supported rates are listed, with basic rates shown in bold. Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Displaying the IP Addresses of AT-UWC Programs If you want to use the optional AT-UWC Unified Wireless Controller program to manage the access point, you have to configure the device with the IP addresses or domain names of the network servers that have the program. There are two ways to accomplish this. One way is to manually enter the IP addresses or domain names in the “Configure Managed Access Point Parameters” window, as explained in “Configuring the Access Point for the Optional AT-UWC Program” on page 88. The other way is to use a DHCP server that supports option 43, which allows you to enter vendor specific information that the server supplies to a network device. If you specify the IP addresses or domain names of the management program in option 43, the DHCP server supplies the information to the access point when the unit initially queries the server for its IP address when it is powered on or reset. If you choose to use DHCP option 43, the access point displays the IP addresses of the programs from the server in the “View list of managing switch IP addresses and base IP port obtained via DHCP” window. Figure 39 is an example of the window. You display the window by selecting Managed AP DHCP from the Status menu. The window lists the IP addresses or domain names that it received from the DHCP server of the network devices that have the management program The window also displays the base TCP/IP port of the ten consecutive ports that the access point and AT-UWC programs use to communicate with each other. Figure 39. Displaying View List of Managing Switch IP Addresses and Base IP Port Obtained via DHCP 129 Review Draft - May 9, 2014 Chapter 5: Status Menu Displaying Statistics You can display status information and statistics about the LAN port and radios by selecting Transmit Receive Settings from the Status menu. The selection displays the “View transmit and receive statistics for this access point” window. The window has three tables. The first table displays basic status information about the LAN port and radios. The radio information is divided by virtual access points (VAPs). The second table, labeled Transmit, displays the number of packets and bytes transmitted by the LAN port and radios. The third table, labelled Receive, displays the number of packets and bytes received by the LAN port and radios. Here are common characteristics about the tables: The first entry, LAN, in the tables is the LAN port on the rear panel of the access port. The VAPs with “wlan0” are located on radio 1. The VAPs with “wlan1” are located on radio 2. The status table in the “View transmit and receive statistics for this access window” is shown in Figure 40. Figure 40. Status Table in the View Transmit and Receive Statistics for this Access Point Window 130 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide The columns are described in Table 20. Table 20. Status Table Information Column Description Interface Displays the access point interfaces. Status Displays the status of the interfaces. The possible states are listed here: LAN: Up: The LAN port has a valid connection to a port on a network device. LAN: Down: The LAN port does not have a valid connection to a port on a network device. wlan#:vap#: Up wlan#:vap#: Down MAC Address Displays the MAC addresses of the interfaces. The LAN port and radio 1 (wlan0) share the same MAC address. VLAN ID Displays the interface VIDs. Name (SSID) Displays the network names of the interfaces. The Transmit statistics table is shown in Figure 41. Figure 41. Transmit Statistics Table of the View Transmit and Receive Statistics for this Access Point Window 131 Review Draft - May 9, 2014 Chapter 5: Status Menu The columns are described in Table 21. Table 21. Transmit Statistics Table Column Description Interface Displays the access point interfaces. Total packets Displays the total number of packets the interfaces have transmitted. Total bytes Displays the total number of bytes the interfaces have transmitted. The values do not include the amount of padding for packets below the minimum size, and for FCS. Total drop packets Displays the total number of packets the access point dropped before transmission. Total drop bytes Displays the total number of bytes the access point dropped before transmission. Errors Displays the total number of packets with errors, such as CRC errors. The Receive statistics table is shown in Figure 42. Figure 42. Receive Statistics Table of the View Transmit and Receive Statistics for this Access Point Window 132 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide The columns are described in Table 22. Table 22. Receive Statistics Table Column Description Interface Displays the access point interfaces. Total packets Displays the total number of packets the interfaces have received. Total bytes Displays the total number of bytes the interfaces have received. Total drop packets Displays the total number of packets the access point dropped after receiving them on the interfaces. Total drop bytes Displays the total number of bytes the access point dropped after receiving them on the interfaces. Errors Displays the total number of packets with errors, such as CRC errors. 133 Review Draft - May 9, 2014 Chapter 5: Status Menu Viewing Basic IP and Radio Information To view basic configuration settings about the LAN port and radios, select the Interfaces selection from the Status menu. The selection displays the “View settings for network interfaces” window, shown in Figure 43. Figure 43. View Settings for Network Interfaces Window The top section of the window displays the MAC and IP addresses of the access point, along with the subnet mask, default gateway, and domain name servers. To configure the settings, click Edit to display the “Modify Ethernet (Wired) settings” window, shown in Figure 7 on page 36, and explained in “Assigning a Static IP Address to the Access Point” on page 36 and “Assigning a Dynamic IP Address from a DHCP Server to the Access Point” on page 38. The bottom section of the window displays the basic settings of the radios and includes their MAC addresses, operational modes, and channels. To configure the settings, click Edit to display the “Modify wireless settings” window, shown in Figure 8 on page 41 and explained in “Configuring Basic Radio Settings” on page 43. To configure additional radio settings, refer to “Configuring the Radio Settings” on page 46. 134 Review Draft - May 9, 2014 Chapter 6 Services Menu This chapter describes the management functions of the Services menu. The chapter contains the following sections: “Configuring Quality of Service” on page 136 “Configuring SNMPv1 and v2c” on page 143 “Enabling or Disabling the LEDs” on page 150 “Configuring the HTTP Server” on page 151 “Configuring the HTTPS Server” on page 153 “Configuring the Maximum Number of Active Management Sessions” on page 155 “Configuring the Management Session Timer” on page 156 “Manually Setting the Date and Time” on page 157 “Setting the Date and Time with the Network Time Protocol Client” on page 159 135 Review Draft - May 9, 2014 Chapter 6: Services Menu Configuring Quality of Service The access point has four QoS egress queues and four ingress queues for each radio. You may adjust parameters that control the manner in which the device stores and handles packets in the queues. You should not change the values from their default values unless you are familiar with QoS. The parameters are divided into the following two groups: Access Point (AP) Enhanced Distributed Channel Access (EDCA) Parameters table contains parameters that control the four queues that store egress traffic the access point transmits to the wireless clients. The Station Enhanced Distributed Channel Access (EDCA) Parameters table controls the four queues that store ingress traffic the access point receives from the clients. To configure the QoS settings for the radios, perform the following procedure. 1. Select QoS for the Services menu. The management software displays the “Modify QoS Queue Parameters” window, shown in Figure 44 on page 137. 2. Use the Radio pull-down menu at the top of the window to select the radio whose queues you want to configure. Radios 1 and 2 are the 2.4 and 5 GHz radios, respectively. You can configure the queues of only one radio at a time. The default is radio 1. 3. Configure the queue parameters as needed. The parameters are defined in Table 23 on page 137. 4. After configuring the parameters, click the Update button to activate and save your changes on the access point. 136 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Figure 44. Modify QoS Queue Parameters Table 23. Modify QoS Queue Parameters Window Column Description AP EDCA Parameters Queue Specifies the four egress queues: Data 0 (Voice): High priority queue, with minimum delay. The queue is used to store time-sensitive data, such as VOIP and streaming media. Data 1 (Video): High priority queue, with minimum delay. The queue is used to store time-sensitive data, such as video traffic. 137 Review Draft - May 9, 2014 Chapter 6: Services Menu Table 23. Modify QoS Queue Parameters Window (Continued) Column Description Data 2 (best effort): Medium priority queue, with minimum throughput and delay. The queue is used to store most traditional IP data. Data 3 (Background): Lowest priority queue, with high throughput. This queue is used for bulk data that requires maximum throughput and is not timesensitive, such as FTP packets. AIFS (InterFrame Space) Specifies the Arbitration Inter-Frame Spacing (AIFS) value, which controls the wait time for data frames. The wait time is measured in slots. The range is 1 to 15 slots. cwMin (Minimum Contention Window) Specifies a value that an algorithm uses to determine the initial random backoff wait time (window) for resending packets. This value is the upper limit (in milliseconds) of a range from which the access point determines the initial random backoff wait time. The first random number the access point generates will be between 0 and this number. If the first random backoff wait time expires before the data frame is sent, a retry counter is increased and the random backoff value (window) is doubled. Doubling continues until the size of the random backoff value reaches the number defined in the maximum contention window. Valid values for this parameter are: 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1023. This parameter must be lower than the cwMax value. 138 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 23. Modify QoS Queue Parameters Window (Continued) Column cwMax (Maximum Contention Window) Description Specifies the maximum contention window, which is the upper limit (in milliseconds) for doubling the random backoff value. The doubling continues until either the data frame is sent or the maximum contention size is reached. Once the maximum contention window is reached, retries continue until a maximum number of retries is reached. Valid values for this parameter are: 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1023. This parameter must be higher than the cwMin value. Max. Burst Length Specifies the maximum burst length (in milliseconds) for packet bursts on the wireless network. A packet burst is a collection of multiple frames transmitted without header information. The decreased overhead results in higher throughput and better performance. This is an AP EDCA parameter only and as such applies only to egress traffic from the access point to the clients. The range is 0.0 to 999 milliseconds. Wi-Fi Multimedia Enables or disables QoS prioritization and coordination. When WMM is enabled, the access point uses the AP EDCA settings to control the flow of downstream traffic to the wireless clients and the station EDCA parameters to control the flow of upstream traffic from the clients. When WMM is disabled, QoS control of the upstream traffic from the clients is disabled. You can still continue to configure some of the parameters that control the downstream traffic from the access point to the clients 139 Review Draft - May 9, 2014 Chapter 6: Services Menu Table 23. Modify QoS Queue Parameters Window (Continued) Column Description WMM is enabled when the dialog box has a check mark and disabled when the dialog box is empty. The default setting is enabled. Station EDCA Parameters Queue Specifies the four ingress queues: Data 0 (Voice) - High priority queue, with minimum delay. The queue is used to store time-sensitive data, such as VOIP and streaming media. Data 1 (Video): High priority queue, with minimum delay. The queue is used to store time-sensitive data, such as video traffic. Data 2 (best effort): Medium priority queue, with minimum throughput and delay. The queue is used to store most traditional IP data. Data 3 (Background): Lowest priority queue, with high throughput. This queue is used for bulk data that requires maximum throughput and is not timesensitive, such as FTP packets. AIFS (InterFrame Space) Specifies the Arbitration Inter-Frame Spacing (AIFS) value, which controls the wait time for data frames. The wait time is measured in slots and has a range of 1 to 15 slots. cwMin (Minimum Contention Window) Specifies a value that an algorithm uses to determine the initial random backoff wait time (window) for resending packets during a period of contention for Unified Access Point resources. This value is the upper limit (in milliseconds) of a range from which the access point determines the initial random backoff wait time. 140 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 23. Modify QoS Queue Parameters Window (Continued) Column Description The first random number the access point generates will be between 0 and this number. If the first random backoff wait time expires before the data frame is sent, a retry counter is increased and the random backoff value (window) is doubled. Doubling continues until the size of the random backoff value reaches the number defined in the maximum contention window. Valid values for this parameter are: 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1023. This parameter must be lower than the cwMax value. cwMax (Maximum Contention Window) Specifies the maximum contention window, which is the upper limit (in milliseconds) for doubling the random backoff value. The doubling continues until either the data frame is sent or the maximum contention size is reached. Once the maximum contention window is reached, retries continue until a maximum number of retries is reached. Valid values for this parameter are: 1, 3, 7, 15, 31, 63, 127, 255, 511, and 1023. This parameter must be higher than the cwMin value. TXOP Limit Specifies the Transmission Opportunity (TXOP) limit. The limit defines the time interval, in 32 milliseconds periods, that a WME client has the right to initiate transmission to the access point. The TXOP Limit maximum value is 2047. 141 Review Draft - May 9, 2014 Chapter 6: Services Menu Table 23. Modify QoS Queue Parameters Window (Continued) Column Description Other QoS Settings No Acknowledgement Controls whether the access point acknowledges frames that have QosNoAck for their service class values. The possible settings are described here: On: The access point does not acknowledge frames that have QosNoAck for their service class values. Off: The access point acknowledges frames that have QosNoAck for their service class values. APSD Enables or disables Automatic Power Save Delivery (APSD) for VoIP phones that access the network through the access point. The possible settings are listed here: On: APSD is enabled on the access point. Off: APSD is disabled. 142 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Configuring SNMPv1 and v2c You may use SNMPv1 and v2c to manage the access point and receive traps from the unit. Here are the guidelines to managing the device with SNMP: You can use SNMP to manage only a subset of the features of the device. You have to use the web browser interface to manage all the features. The access point does not support SNMPv3. The access point can have only one read-only community string and one read-write string. The MIB for the product is available from the Allied Telesis web site. The unit must have an IP address for SNMP management. For instructions, refer to “Assigning a Static IP Address to the Access Point” on page 36 or “Assigning a Dynamic IP Address from a DHCP Server to the Access Point” on page 38. To enable or disable SNMP, perform the following procedure: 1. Select SNMP Settings from the Services menu. The access point displays the “SNMP Configuration” window, shown in Figure 45 on page 144. 143 Review Draft - May 9, 2014 Chapter 6: Services Menu Figure 45. SNMP Configuration Window 2. Click the Enabled dialog circle to enable SNMP or the Disabled dialog circle to disable it. You must enable SNMP before you can configure the parameter settings. 3. If you enabled SNMP, configure the parameters, as needed. The fields in the window are described in Table 24 on page 145. 4. Click the Update button to activate and save your changes on the access point. 144 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 24. SNMP Field SNMP Enabled/Disabled Description Use this option to activate or deactivate SNMP on the access point. The options are explained here: Enabled: Check this option to activate SNMP and allow managers to use it to view and configure the parameter settings on the access point. When you click the option, the options in the window are activated. Disabled: Check this option to disable SNMP to prevent managers from using it to view and configure the parameter settings on the access point. When you click the option, the options in the window are deactivated and cannot be configured. This is the default setting. Read-only community name Use this parameter to specify the readonly community string on the access point. This community string may only be used to view the MIB settings of the device. Here are the guidelines to creating the community string: The community string may be from 1 to 256 characters. The community string may contain both letters and numbers, The community string may not contain any spaces. The community string is case sensitive. You may specify only one read-only community string. You may not leave the field empty. The default read-only community string is “public”. 145 Review Draft - May 9, 2014 Chapter 6: Services Menu Table 24. SNMP (Continued) Field Description Port number the SNMP agent will listen to Use this parameter to specify the port number for SNMP. The range is 1 to 65535. The default is 161. Allow SNMP set requests Use this parameter to either permit or deny managers to use the read-write community string to change the parameter settings of the access point. The choices are described here: Enabled; Check this option to permit managers to use the read-write community string to change the parameter settings of the access point. Disabled: Check this option to prevent managers from using the read-write community string to change the parameter settings. If you click this option, the read-write community string acts as a read-only community string, giving you two read-only strings on the access point. Read-write community name (for permitted SNMP set operations) Use this parameter to specify the readwrite community string. Here are the guidelines: Managers may use this community string to both view and change the parameter settings on the access point, unless the previous option “Allow SNMP set requests” is disabled. The community string may be from 1 to 256 characters. You may specify only one read-write community string. The community string may contain both letters and numbers, The community string may not contain spaces. 146 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 24. SNMP (Continued) Field Description The community string is case sensitive. You may not leave the field empty. The default community string is “private.” Restrict the source of SNMP requests to only the designated hosts or subnets Use this option to increase the security of the access point by restricting the use of SNMP management to specific subnets or individual workstations. The options are described here: Enabled: Check this option if you want to restrict the use of SNMP on the access point to only those management stations specified in the next field in the window. Restricting SNMP applies to both readonly and read-write community strings. Disabled: Check this option to disable this feature and permit any workstation to manage the unit with SNMP. This is the default setting. Hostname, address, or subnet of Network Management System Use this field to specify the management workstations that are allowed to use SNMP to manage the device. This field only applies if you selected the Enabled option in the previous field. You may specify the management workstation by hostname, IP address, or subnet address: Here are the guidelines: You may specify only one value in the field. You may specify an authorized SNMP workstation by its DNS hostname (e.g. smith.abc.com). You may specify an authorized SNMP workstation by its IP address (e.g. 149.23.45.102.) 147 Review Draft - May 9, 2014 Chapter 6: Services Menu Table 24. SNMP (Continued) Field Description You may specify a subnet to allow all management workstations in the subnet to use SNMP to access the device. The subnet is specified in this format: address/mask You may specify the actual mask or the mask length. Here is an example of a subnet specified by the actual mask: 149.24.42.0/255.255.255.0 Here is the same subnet, specified by mask length: 149.24.42.0/24 Community name for traps Use this field to specify the community name the access point should use to transmit traps. Trap type to send Use these options to specify which traps the access point should transmit. The options are described here: Coldstart: This trap is sent when the SNMP agent is started. Link: This trap is sent when a radio is enabled or disabled. Authentication: This trap is sent when an SNMP authentication fails. Association: This trap is sent when wireless clients connect to or disconnect from the access point. Unknown AP: This trap is sent when the access point detects a rogue access point. 148 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Table 24. SNMP (Continued) Field Trap type to send (continued) Description - Filtered STA: This trap is sent when the access point blocks an unauthorized wireless client from accessing the network because the client is not authorized by the MAC address filter. - RADIUS Authentication (Success): This trap is sent when a wireless client successfully logs on the network using RADIUS. - RADIUS Authentication (Fail): This trap is sent when a wireless client fails to log on successfully using RADIUS. Hostname or IP address Specify the SNMP trap receivers to receive traps from the access point. Here are the guidelines: You may specify up to three trap receivers. You may specify only one trap receiver per field. You have to click the Enabled dialog box before you can enter or modify a trap receiver. You may specify a trap receiver by its IP address or DNS hostname. You may not specify an IP address range. 149 Review Draft - May 9, 2014 Chapter 6: Services Menu Enabling or Disabling the LEDs You may turn off the LEDs on the front panel of the access point when you are not using them to monitor or troubleshoot the device. The default setting for the LEDs is on. To turn the LEDs on or off, perform the following procedure: 1. From the Services menu, select LED. The unit displays the “Control LEDs” window, shown in Figure 46. Figure 46. Control LEDs Window 2. Click the On dialog circle to turn on the LEDs and Off to turn them off. 3. Click the Update button to activate and save your changes on the access point. 150 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Configuring the HTTP Server The following procedures explain how to enable and disable the HTTP server. You may use the server to manage the access point with your web browser on your computer. The HTTP server is a non-secure management method. The packets exchanged between your web browser and the access point are sent in clear text, leaving them vulnerable to snooping. For secure remote management, use HTTPS instead, as explained in “Configuring the HTTPS Server” on page 153. The default setting for the HTTP server is enabled. Enabling the HTTP Server To activate the HTTP server, perform the following procedure: 1. From the Services menu, select HTTP/HTTPS. The access point displays the “Configure Web Server Settings” window. Refer to Figure 47. Figure 47. Configure Web Server Settings Window 2. Click the Enabled dialog circle for the HTTP Server Status field. 3. To change the HTTP port number, select the HTTP Port field and enter the new value. The default is port 80. 4. Click the Update button to activate and save your changes on the access point. The HTTP server is now active on the access point. You may now manage the access point using your web browser and HTTP. 151 Review Draft - May 9, 2014 Chapter 6: Services Menu Disabling the HTTP Server The following procedure explains how to disable the HTTP server on the access point. Please review the following guidelines before performing the procedure: If you disable the HTTP server while managing the access point with HTTP, your management session is interrupted. To continue managing the unit, you may use either HTTPS or SNMP. If the maximum number of active sessions is set to 1, the default value. you may have to wait until the inactive session timer times out before starting an HTTPS session. The default is five minutes. The maximum number of active sessions does not apply to SNMP. If you disable HTTP without configuring HTTPS or SNMP, you cannot manage the access point. Your only alternative is to return the device to its default settings with the Reset button on the back panel. To disable the HTTP server, perform this procedure: 1. From the Services menu, select HTTP/HTTPS. The access point displays the “Configure Web Server Settings” window. Refer to Figure 47 on page 151. 2. Click the Disabled dialog circle for the HTTP Server Status field. The following prompt is displayed. Figure 48. Disable HTTP Server Prompt 3. Click OK. 4. Click the Update button to activate and save your changes on the access point. The HTTP server is now disabled. 152 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Configuring the HTTPS Server The following procedures explain how to enable and disable the HTTPS server. You may use the server to manage the access point with your web browser on your computer. Managing the device with HTTPS is more secure that HTTP because your web browser and the access point use encryption to protect the management packets. The default setting for the server is disabled. The server uses port 443. You may not change that value. Enabling the HTTPS Server To activate the HTTPS server, perform the following procedure: 1. From the Services menu, select HTTP/HTTPS. The access point displays the “Configure Web Server Settings” window. Refer to Figure 47 on page 151. 2. Click the dialog box for the Generate SSL Certificate field. The prompt in Figure 49 on page 153 is displayed. Figure 49. Generate SSL Certificate Prompt 3. Click the OK button. 4. Click the Update button. 5. Click the Enabled dialog circle for the HTTPS Server Status field. 6. Click the Update button again. You may now manage the access point using HTTPS and encryption from the web browser on your computer. To test the HTTPS server, continue with these steps. 7. Click the Log Out button to end your HTTP management session. 8. In the URL field of your web browser, enter the prefix “HTTPS//:” followed by the IP address of the access point. (You must always include the prefix HTTPS://” in the URL field to start secure web browser management sessions on the access point.) 153 Review Draft - May 9, 2014 Chapter 6: Services Menu At this point, your web browser may display a security warning message to indicate that it does not consider the access point, which created its own HTTPS certificate, as a trusted certificate authority. If you see a warning message, you should be able to close it and manage the device. To eliminate the message, add the access point as a trusted certificate authority to the web browser. Refer to the web browser documentation for instructions. 9. You should now be able to log on to the access point. Disabling the HTTPS Server The following procedure explains how to disable the HTTPS server on the access point. Please review the following guidelines before performing the procedure: Disabling the HTTPS server while managing the access point with HTTPS interrupts your management session. You may use HTTP or SNMP to continue managing the device. If the maximum number of active sessions is set to 1, the default value, you may have to wait until the inactive session timer times out before starting a new session. The default is five minutes. The maximum number of active sessions does not apply to SNMP. If you disable HTTPS without configuring HTTP or SNMP, you cannot manage the access point. Your only alternative is to return the device to its default settings with the Reset button on the back panel. To disable the HTTPS server, perform this procedure: 1. From the Services menu, select HTTP/HTTPS. The access point displays the “Configure Web Server Settings” window. Refer to Figure 47 on page 151. 2. Click the Disabled dialog circle for the HTTPS Server Status field. The following prompt is displayed. Figure 50. Disable HTTPS Server Prompt 3. Click OK. 4. Click the Update button. The HTTPS server is now disabled on the access point. 154 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Configuring the Maximum Number of Active Management Sessions This procedure explains how to configure the maximum number of active management sessions the access point supports at one time. The range is one to ten sessions. The default is one session. You might want to consider increasing the parameter if the access point will be managed by more than one person. The maximum number of active management sessions applies to HTTP and HTTPS sessions. It does not apply to SNMP. To configure the maximum number of active management sessions, perform the following procedure: 1. From the Services menu, select HTTP/HTTPS. The access point displays the “Configure Web Server Settings” window. Refer to Figure 47 on page 151. 2. Select the dialog box for Maximum sessions and enter the new value. The range is 1 to 10 management sessions. 3. Click the Update button to activate and save your change on the access point. 155 Review Draft - May 9, 2014 Chapter 6: Services Menu Configuring the Management Session Timer You should always conclude your management sessions of the access point by logging off so that if you leave your computer unattended, someone cannot use it to make unauthorized changes to the parameter settings of the device. If you forget to log off, the access point has a timer to detect and log off inactive management sessions for you, automatically. A session is considered inactive if there is no management activity for the duration of the timer. The default setting for the timer is five minutes. To configure the management session timer, perform the following procedure: 1. From the Services menu, select HTTP/HTTPS. The access point displays the “Configure Web Server Settings” window. Refer to Figure 47 on page 151. 2. Select the dialog box for Session Timeout (minutes) and enter the new value. The range is 1 to 1440 minutes. (1440 minutes is one day.) The default is 5 minutes. 3. Click the Update button to activate and save your change on the access point. 156 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Manually Setting the Date and Time If the access point does not have access to an SNTP server, you may set the date and time manually. The unit adds the date and time to log messages and SNMP traps. Note If you configure the date and time manually, you have to reconfigure them whenever the access point is reset or powered off. To manually set the date and time, perform the following procedure: 1. From the Services menu, select NTP. The access point displays the “Modify How the Access Point Discovers the Time” window. 2. Click the Manually dialog circle for the Set System Time parameter. Refer to Figure 51. This is the default setting. Figure 51. Modify How the Access Point Discovers the Time Window Manually Setting the Date and Time 3. Use the pull-down menus in System Date to set the current month, day, and year. 4. Use the pull-down menus in System Time to set the current hours and minutes. The hours are in 24 hours. For example, 14 represent 2:00 p.m. 5. Use the pull-down menu in Time Zone to set the time zone of the location of the access point. 157 Review Draft - May 9, 2014 Chapter 6: Services Menu 6. If the location of the access point observes daylight savings time, click the dialog box for the Adjust Time for Daylight Savings parameter. The window displays the fields in Figure 52. Figure 52. Daylight Savings Time Fields If the area does not observe Daylight Savings time, leave the dialog box empty and go to step 10. 7. Use the pull down menus in DST Start to set the date and time for the start of Daylight Savings time. 8. Use the pull down menus in DST End to set the date and time for the end of Daylight Savings time. 9. Select the DST Offset field and enter the number of minutes to adjust the time at the start and end of Daylight Savings time. The default is 60 minutes. 10. Click the Update button to activate and save your changes on the access point. 158 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Setting the Date and Time with the Network Time Protocol Client The access point has a Network Time Protocol (NTP) client. The unit uses the client to obtain the date and time from an SNTP server on your network or the Internet. The access point adds the date and time to log messages and SNMP traps. Here are the guidelines to using the client: You need to know the hostname or IP address of an SNTP server on your network or the Internet. You may specify only one server. The access point must have an IP address. The access point must also have a default gateway address if the SNTP server is on a different subnet or network. The default gateway must specify the first router hop to the subnet or network of the SNTP server. The client is compatible with SNTP servers. It is not compatible with NTP servers. To configure the NTP client, perform the following procedure: 1. From the Services menu, select NTP Settings. The access point displays the “Modify how the access point discovers the time” window, shown in Figure 51 on page 157. 2. Click the Using Network Time Protocol dialog circle for the Set System Time parameter. Refer to Figure 53. Figure 53. Modify How the Access Point Discovers the Time Window Configuring the NTP Client 159 Review Draft - May 9, 2014 Chapter 6: Services Menu 3. Select the NTP Server field and enter the IP address or hostname of the SNTP server. You may specify only one server. If you are specifying the server by its hostname, please observe these guidelines: The first character must be a letter or number. It cannot be a special character. The last character cannot be a hyphen or period. 4. Select the Interval to Synchronize field and specify in minutes how frequently the access point is to synchronize its time with the SNTP server. The range is 1 to 9999 minutes. The default is 10 minutes. 5. Use the pull-down menu in Time Zone to set the time zone of the location of the access point. If the SNTP server is providing Coordinated Universal Time (UTC), the access point uses the time zone parameter to determine its UTC offset, which is the number of hours its location is ahead or behind UTC. It adjusts the time accordingly. 6. If the location of the access point observes daylight savings time, click the dialog box for the Adjust Time for Daylight Savings parameter. The window displays the fields in Figure 52 on page 158. If the area does not observe Daylight Savings time, leave the dialog box empty and go to step 10. 7. Use the pull down menus in DST Start to set the date and time for the start of Daylight Savings time. 8. Use the pull down menus in DST End to set the date and time for the end of Daylight Savings time. 9. Select the DST Offset field and enter the number of minutes to adjust the time at the start and end of Daylight Savings time. The default is 60 minutes. 10. Click the Update button to activate and save your changes on the access point. 160 Review Draft - May 9, 2014 Chapter 7 Maintenance Menu This chapter describes the management functions of the menu selections in the Maintenance menu. The chapter contains the following sections: “Restoring the Default Settings to the Access Point” on page 162 “Downloading the Configuration from the Access Point to Your Computer” on page 164 “Restoring a Configuration to the Access Point” on page 165 “Rebooting the Access Point” on page 166 “Enabling or Disabling the Reset Button” on page 167 “Switching the Primary and Secondary Management Software Images” on page 168 “Uploading New Versions of the Management Software to the Access Point” on page 170 161 Review Draft - May 9, 2014 Chapter 7: Maintenance Menu Restoring the Default Settings to the Access Point This procedure explains how to restore the default settings on the access point. Please review the following information before performing the procedure: The manager name and password are reset to “manager” and “friend”, respectively. If the access point has a static IP address, the address is deleted and the DHCP client is activated. If the device does not receive a response from a DHCP server on the LAN port, it uses the default IP address 192.168.1.230. Note The access point stops forwarding network traffic when it is returned to its default settings because the default setting for the radios is off. To activate the default settings on the access point, perform the following procedure: 1. From the Maintenance menu, select Configuration. The access point displays the “Manage this Access Point’s Configuration” window shown in Figure 54 on page 163. 162 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Figure 54. Manage this Access Point’s Configuration Window 2. Click the Reset button in the To Restore the Factory Default Configuration section of the window. The device displays a confirmation prompt. 3. Click OK to restore the default settings of Cancel to cancel the procedure. 4. If you click OK, wait one minute for the device to reset and then establish a new management session. For instructions, refer to “Starting the Initial Management Session on the Access Point” on page 23. 163 Review Draft - May 9, 2014 Chapter 7: Maintenance Menu Downloading the Configuration from the Access Point to Your Computer This procedure explains how to download the configuration of the access point as a file to your computer or a network server. You might perform this procedure to maintain a history of the configurations of the unit so that you can easily return it to an earlier configuration, if needed. This procedure is also useful if there are several access points that are to have the same or nearly the same settings. You can configure one unit and then transfer its configuration to the other units. Please review the following information before performing this procedure: You may not edit a configuration file with a text editor. This procedure does not interrupt the operations of the access point. To download the configuration of the access point as a file to your management workstation or network server, perform the following procedure: 1. From the Maintenance menu, select Configuration. The access point displays the “Manage this Access Point’s Configuration” window in Figure 54 on page 163. 2. Click the Download button in the To Save the Current Configuration to a Backup File section of the window. 3. Click the Browse button and select the folder or directory in which to store the file on your management workstation or network server. 4. If desired, change the filename for the configuration file. The filename suffix must be XML. 5. Click Save. The access point downloads its configuration to your management workstation and stores it in the designated folder. 164 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Restoring a Configuration to the Access Point This procedure explains how to restore a configuration to the access point. You might perform this procedure to restore a previous configuration to the device or to configure multiple access points with the same configuration. Here are the guidelines: You may only restore configuration files that are created with “Downloading the Configuration from the Access Point to Your Computer” on page 164. A configuration file must have the XML suffix. You may restore a configuration file to multiple access points to give them the same configuration. However, if a configuration file has a static IP address, you should change the IP address of a device immediately after you restore a configuration to prevent an IP address conflict from occurring among the devices. You may not edit a configuration file with a text editor. Note The access point resets when you restore a configuration. It does not forward network traffic for one minute while it initializes its management software. This procedure assumes that the configuration file is stored on your management workstation or a network server. To restore a configuration to the access point, perform the following procedure: 1. From the Maintenance menu, select Configuration. The access point displays the “Manage this Access Point’s Configuration” window in Figure 54 on page 163. 2. Click the Browse button in the To Restore the Configuration from a Previously Saved File section, and select the configuration file to restore to the access point from your management workstation or network server. 3. Click the Open button. 4. Click the Restore button. 5. Wait one minute for the access point to complete initializing its management software. 6. To resume managing the unit, establish a new management session. 165 Review Draft - May 9, 2014 Chapter 7: Maintenance Menu Rebooting the Access Point This section explains how to reboot the access point. You might reboot the device if it is experiencing a problem. Caution The access point does not forward network traffic while it reboots. Some network traffic may be lost. To reboot the access point, perform the following procedure: 1. From the Maintenance menu, select Configuration. The access point displays the “Manage this Access Point’s Configuration” window in Figure 54 on page 163. 2. Click the Reboot button in the To Reboot the Access Point section of the window. The access point displays a confirmation prompt. 3. Click OK. Your current management session is interrupted. 4. To resume managing the unit, wait for it to complete initializing its management software and then start a new management session. 166 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide Enabling or Disabling the Reset Button This section explains how to enable or disable the Reset button on the rear panel of the access point. The Reset button is used to restore the default settings to the device. The default setting for the button is enabled. If the unit is installed in a non-secure area, you might disable the button to prevent unauthorized individuals from pressing it and disrupting the operations of your wireless network. Note If you disable the Reset button and forget the manager account password, you will not be able to manage the unit with the web browser interface. To enable or disable the Reset button, perform the following procedure: 1. From the Maintenance menu, select Configuration. The access point displays the “Manage this Access Point’s Configuration” window in Figure 54 on page 163. 2. In the To Disable RESET Button section of the window, click the Yes dialog circle to disable the button or the No dialog circle to enable it. 3. Click the Update button to activate and save your changes on the access point. 167 Review Draft - May 9, 2014 Chapter 7: Maintenance Menu Switching the Primary and Secondary Management Software Images The access point maintains primary and secondary images of the management software in flash memory. The primary image is used during normal operations. If the access point encounters a problem with the primary image when it is powered on or reset, it loads the secondary image instead and enters an event message in the log file to signal the problem with the primary image. If you reset or power cycle the access point, the device again tries to load the primary again, and switches to the secondary image again if it cannot load the primary image. If this problem keeps occurring, you can instruct the access point to switch the images, so that the secondary image becomes the primary image, and the primary image becomes the secondary image. Caution This procedure is disruptive to the wireless network because the access point does not forward traffic for approximately two minutes while it switches the images. To minimize the disruption to the wireless clients, you should perform this procedure during nonbusiness hours. To switch the primary and secondary images, perform the following procedure: 1. From the Maintenance menu, select Upgrade. The management software displays the “Manage firmware” window, shown in Figure 55. Figure 55. Manage Firmware Window 168 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide 2. Click the Switch button. The access point displays a confirmation prompt. 3. Click OK to continue with the procedure or Cancel to cancel it. If you click OK, the access point begins the process of switching the images. Caution The unit does not forward network traffic for about two minutes while it switches the primary and secondary images. Some network traffic may be lost. 169 Review Draft - May 9, 2014 Chapter 7: Maintenance Menu Uploading New Versions of the Management Software to the Access Point Allied Telesis may release new versions of the management software on the company’s web site for customers who want to upgrade the firmware on their access points. This procedure explains how to upload new firmware to the access point. Please review the following information before performing the procedure: The procedure assumes that you have already obtained the new image file from the Allied Telesis web site and stored it on your computer or network server. The configuration settings of the access point are retained when a new firmware image is uploaded to the device. During the upgrade process, the access point overwrites its secondary image with the current primary image before uploading the new image file and designating it as the new primary image file. For more information about primary and secondary images, refer to “Switching the Primary and Secondary Management Software Images” on page 168. When you update the firmware on the access point with a newer version, Allied Telesis recommends installing the firmware once, so that the primary and secondary images are different versions. That way, the access point can still use the older version if there is a problem with the new firmware. The access point does not compare the version numbers of the new and current firmware when it uploads the management software. You should compare the numbers yourself to avoid uploading an older version of the firmware to the access point. The upgrade process takes about 10 minutes. Caution The access point does not forward network traffic while it uploads the management software from your computer and writes the file to flash memory. To minimize the disruption of the upgrade procedure to network operations, you should perform it only during periods of low traffic activity, such as during non-business hours. To upload a new version of the management software to the access point, perform the following procedure: 1. From the Maintenance menu, select Upgrade. 170 Review Draft - May 9, 2014 AT-TQ Wireless Access Point Series User’s Guide The access point displays the “Manage Firmware” window shown in Figure 55 on page 168. 2. Click the Browse button next to the New Firmware Image field and locate the new image file on your computer or network server. 3. Click the Upgrade button. The access point displays a confirmation prompt. 4. Click the OK button to upload the new firmware to the access point or Cancel to cancel the procedure. The access point performs the following tasks during the upgrade procedure: Overwrites its secondary image with its current primary image. Uploads the new image from your computer or network server. Copies the file to flash memory as its new primary image. Resets to initialize the new firmware. Note The entire process may take up to 10 minutes. Do not close the web browser window or change to a different window until the entire procedure is finished. Interrupting the transfer may corrupt the file on the access point. 5. To resume managing the unit, start a new web browser management session. 171 Review Draft - May 9, 2014 Chapter 7: Maintenance Menu 172
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : Yes Page Mode : UseOutlines XMP Toolkit : Adobe XMP Core 4.0-c316 44.253921, Sun Oct 01 2006 17:14:39 Create Date : 2014:05:09 09:42:14Z Creator Tool : FrameMaker 9.0 Modify Date : 2014:05:12 14:21:15+08:00 Metadata Date : 2014:05:12 14:21:15+08:00 Producer : Acrobat Distiller 10.0.0 (Windows) Format : application/pdf Title : at001867a.book Creator : sborsuk Document ID : uuid:1e458cfe-1a95-4216-b1cc-356948fe2af7 Instance ID : uuid:7bc62045-d5cd-4d91-a634-88b35e56179b Has XFA : No Page Count : 172 Author : sborsukEXIF Metadata provided by EXIF.tools