Moxa WAPN008 TAP-213 series Rail Onboard IP68 802.11n AP/Client User Manual TAP 213 UM e1
Moxa Inc. TAP-213 series Rail Onboard IP68 802.11n AP/Client TAP 213 UM e1
Moxa >
Contents
- 1. Users Manual
- 2. (AWK-4131A-XXXXX) UserMan
- 3. (AWK-11xyz-p-t) UserMan
- 4. (AWK-3131A) UserMan
- 5. (TAP-213-XX-CT-T) UserMan 12-29
- 6. TAP-213_UM_e1
- 7. WAPN008- UserMan_0816
- 8. WAPN008- UserMan_AWK-3131A-M12-RCC_20180820
- 9. WAPN008- UserMan_AWK-3131A-M12-RTG_20180820
- 10. WAPN008- UserMan_AWK-3131A-SSC-RTG_20180820
- 11. WAPN008- UserMan_20180911
TAP-213_UM_e1
Moxa Tough AP TAP-213 User’s Manual
Edition 1.0, February 2017
www.moxa.com/product
© 2017 Moxa Inc. All rights reserved.
Moxa Tough AP TAP-213 User’s Manual
The software described in this manual is furnished under a license agreement and may be used only in accordance with
the terms of that agreement.
Copyright Notice
© 2017 Moxa Inc. All rights reserved.
Trademarks
The MOXA logo is a registered trademark of Moxa Inc.
All other trademarks or registered marks in this manual belong to their respective manufacturers.
Disclaimer
Information in this document is subject to change without notice and does not represent a commitment on the part of
Moxa.
Moxa provides this document as is, without warranty of any kind, either expressed or implied, including, but not limited
to, its particular purpose. Moxa reserves the right to make improvements and/or changes to this manual, or to the
products and/or the programs described in this manual, at any time.
Information provided in this manual is intended to be accurate and reliable. However, Moxa assumes no responsibility for
its use, or for any infringements on the rights of third parties that may result from its use.
This product might include unintentional technical or typographical errors. Changes are periodically made to the
information herein to correct such errors, and these changes are incorporated into new editions of the publication.
Technical Support Contact Information
www.moxa.com/support
Moxa Americas
Toll-free:
1-888-669-2872
Tel:
+1-714-528-6777
Fax:
+1-714-528-6778
Moxa China (Shanghai office)
Toll-free:
800-820-5036
Tel:
+86-21-5258-9955
Fax:
+86-21-5258-5505
Moxa Europe
Tel:
+49-89-3 70 03 99-0
Fax:
+49-89-3 70 03 99-99
Moxa Asia-Pacific
Tel:
+886-2-8919-1230
Fax:
+886-2-8919-1231
Moxa India
Tel:
+91-80-4172-9088
Fax:
+91-80-4132-1045
Table of Contents
1.
Introduction .................................................................................................................................... 1-1
Overview ........................................................................................................................................... 1-2
Package Checklist ............................................................................................................................... 1-2
Product Features ................................................................................................................................. 1-2
Product Specifications .......................................................................................................................... 1-3
Functional Design ............................................................................................................................... 1-7
LAN Port..................................................................................................................................... 1-7
LED Indicators............................................................................................................................. 1-7
Beeper ....................................................................................................................................... 1-9
Reset Button ............................................................................................................................... 1-9
2.
Getting Started ................................................................................................................................ 2-1
First-Time Installation and Configuration ................................................................................................ 2-2
Communication Testing ....................................................................................................................... 2-3
Function Map...................................................................................................................................... 2-5
3.
Web Console Configuration.............................................................................................................. 3-1
Web Browser Configuration .................................................................................................................. 3-2
Overview ........................................................................................................................................... 3-3
Basic Settings..................................................................................................................................... 3-4
System Info Settings ................................................................................................................... 3-4
Network Settings ......................................................................................................................... 3-5
Port Settings ............................................................................................................................... 3-7
Time Settings .............................................................................................................................. 3-8
Wireless Settings ................................................................................................................................ 3-9
Operation Mode .................................................................................................................................. 3-9
Basic Wireless Settings (Multiple SSID) ................................................................................................ 3-10
WLAN Security Settings .............................................................................................................. 3-13
Advanced Wireless Settings ........................................................................................................ 3-20
WLAN Certification Settings (for EAP-TLS in Client mode only) ......................................................... 3-26
WAC Settings (AP mode only) ..................................................................................................... 3-27
Advanced Settings ............................................................................................................................ 3-27
Using Virtual LAN ...................................................................................................................... 3-27
Configuring Virtual LAN .............................................................................................................. 3-29
DHCP Server ............................................................................................................................. 3-30
Packet Filters ............................................................................................................................ 3-31
Static Route (For Client-Router mode only) ................................................................................... 3-33
NAT Settings/Port Forwarding (For Client-Router mode only) ........................................................... 3-34
SNMP Agent .............................................................................................................................. 3-35
Mobile IP Settings ...................................................................................................................... 3-37
Link Fault Pass-Through (for Client mode only) .............................................................................. 3-39
Auto Warning Settings ....................................................................................................................... 3-39
System Log .............................................................................................................................. 3-39
Syslog...................................................................................................................................... 3-40
E-mail ...................................................................................................................................... 3-41
Traps ....................................................................................................................................... 3-42
Status ............................................................................................................................................. 3-44
Wireless Status ......................................................................................................................... 3-44
Associated Client List (for AP mode only) ...................................................................................... 3-44
DHCP Client List ........................................................................................................................ 3-45
System Log .............................................................................................................................. 3-45
Power Status ............................................................................................................................ 3-46
AeroLink Protection Status (For Client Mode Only).......................................................................... 3-46
Routing Table............................................................................................................................ 3-46
LAN Status ............................................................................................................................... 3-47
Maintenance ..................................................................................................................................... 3-47
Console Settings........................................................................................................................ 3-47
Ping ......................................................................................................................................... 3-47
Firmware Upgrade ..................................................................................................................... 3-48
Config Import/Export ................................................................................................................. 3-48
Load Factory Default .................................................................................................................. 3-50
Username/Password .................................................................................................................. 3-50
Locate Device ........................................................................................................................... 3-50
Misc. Settings ........................................................................................................................... 3-51
Save Configuration ............................................................................................................................ 3-51
Restart ............................................................................................................................................ 3-52
Logout............................................................................................................................................. 3-52
4.
Software Installation and Configuration .......................................................................................... 4-1
Overview ........................................................................................................................................... 4-2
Wireless Search Utility ......................................................................................................................... 4-2
Installing Wireless Search Utility .................................................................................................... 4-2
Configuring Wireless Search Utility ................................................................................................. 4-5
5.
Using Other Consoles ........................................................................................................................ 5-1
USB Console Configuration (115200, None, 8, 1, VT100) ......................................................................... 5-2
Configuration via Telnet and SSH Consoles ............................................................................................. 5-4
Configuration by Web Browser with HTTPS/SSL ...................................................................................... 5-5
Disabling Telnet and Browser Access ..................................................................................................... 5-6
A. References ........................................................................................................................................ A-1
Beacon ..............................................................................................................................................A-2
DTIM.................................................................................................................................................A-2
Fragment...........................................................................................................................................A-2
RTS Threshold ....................................................................................................................................A-2
STP and RSTP ....................................................................................................................................A-2
The STP/RSTP Concept ................................................................................................................A-2
Differences between RSTP and STP................................................................................................A-3
B.
Supporting Information .................................................................................................................... B-1
Firmware Recovery .............................................................................................................................B-2
DoC (Declaration of Conformity) ...........................................................................................................B-3
Federal Communication Commission Interference Statement ............................................................B-3
Antenna Gain and RF Radiated Power ............................................................................................B-4
R&TTE Compliance Statement .......................................................................................................B-6
1
Introduction
The TAP-213 outdoor wireless AP/client is the ideal ruggedized wireless solution for railway onboard
train-to-ground applications such as CCTV and CBTC communications. It can provide speeds of up to 300 Mbps
with IEEE 802.11n technology. The TAP-213’s dust-tight/weatherproof design is IP68-rated, and it can operate
at temperatures ranging from -40 to 75°C, allowing you to extend wireless networks to outdoor locations and
critical environments.
The following topics are covered in this chapter:
Overview
Package Checklist
Product Features
Product Specifications
Functional Design
LAN Port
LED Indicators
Beeper
Reset Button
Tough
AP
TAP
-
213
Introduction
1
-
2
Overview
The TAP-213 is 802.11n compliant to deliver speed, range, and reliability to support even the most
bandwidth-intensive applications. The 802.11n standard incorporates multiple technologies, including MIMO
(Multi-In, Multi-Out) Spatial Multiplexing, multiple channels (5, 10, 20 and 40 MHz), and dual bands (2.4 GHz
and 5 GHz) to achieve high speeds, while still being able to communicate with legacy 802.11a/b/g devices.
The TAP-213 is compliant with the EN 50155 standard that covers operating temperature range, power input
voltage, surge, ESD, and vibration. The TAP can be easily mounted on to a wall, DIN rail or in distribution boxes.
Its wide operating temperature range, IP68-rated housing with LED indicators, and the DIN-rail mounting
capability make the TAP-213 a convenient yet reliable solution for all types of industrial wireless applications.
Package Checklist
Moxa’s TAP-213 is shipped with the following items. If any of these items is missing or damaged, please contact
your customer service representative for assistance.
• 1 TAP-213
•
1 wall-mounting kit, which includes 2 plates
•
1 plastic protective cap for LAN-1 X-coded port
•
3 metal protective caps for LAN-2 fiber port, USB console port and ABC-02 USB storage port
•
1 metal M12 male 4-pin A-coded screw-type crimp circular connector for power
•
2 antennas which support both 2.4 GHz /5 GHz
•
Quick Installation Guide (printed)
•
Product warranty statement
NOTE
We support WiFi client mode, one-to-many Access Point mode, and one-to-one Wireless Bridge mode.
For devices, depending on the type of antenna used (point-to-point or point-to-multipoint), the target power
is fixed by the manufacturer prior to shipment, the antenna is delivered with the device and is configured
by a professional installer, so that the radio does not exceed the EIRP allowed per regulatory domain.
Antenna Gain
The following sections contain the FCC rules to adapt the product transmit power to the antenna used.
Point-to-Multipoint
No.
Manufacturer Part No. Antenna Type MAX Gain
1 KINSUN ANT-WDB-O-2 BK Dipole 2.9dBi for 2.4 GHz
2.34dBi for 5GHz
2 KINSUN ANT-WDB-ANM-0502 Dipole 4.62dBi for 2.4 GHz
1.41dBi for 5GHz
Point-to-Point:
No.
Manufacturer Part No. Antenna Type MAX Gain
1 MOXA ANT-WDB-PNF-1518 Directional panel 15dBi for 2.4 GHz
18dBi for 5GHz
Tough
AP
TAP
-
213
Introduction
1
-
3
Product Features
•
Designed specifically for the wireless communication requirements in train-to-ground communication (E.g.,
CBTC, CCTV) and rail onboard communication systems.
•
Compliant with EN 50155
•
IEEE802.11a/b/g/n compliant
•
Three-in-one design (AP/Bridge/Client)
•
Advanced wireless security
64-bit and 128-bit WEP/WPA/WPA2
SSID Hiding/IEEE 802.1X/RADIUS
Packet access control & filtering
•
STP/RSTP support for network system redundancy
•
Long-distance transmission support
•
Turbo Roaming enables rapid handover (Client mode)
•
ABC-02 for configuration import/export
•
USB console management
•
Wide -40 to 75°C operating temperature range
•
24 to 110 VDC, redundant dual DC power inputs or 48 VDC Power-over-Ethernet (IEEE 802.3af compliant)
•
Wall mounting or DIN-rail mounting
•
IP68-rated high-strength metal housing
Tough
AP
TAP
-
213
Introduction
1
-
4
Product Specifications
WLAN Interface
Standards:
IEEE 802.11a/b/g/n for Wireless LAN
IEEE 802.11i for Wireless Security
IEEE 802.3 for 10BaseT
IEEE 802.3u for 100BaseT(X)
IEEE 802.3ab for 1000BaseT
IEEE 802.3af for Power-over-Ethernet
IEEE 802.1D for Spanning Tree Protocol
IEEE 802.1w for Rapid STP
IEEE 802.1p for Class of Service
IEEE 802.1Q for VLAN
Spread Spectrum and Modulation (typical):
•
DSSS with DBPSK, DQPSK, CCK
•
OFDM with BPSK, QPSK, 16QAM, 64QAM
•
802.11b: CCK @ 11/5.5 Mbps, DQPSK @ 2 Mbps, DBPSK @ 1 Mbps
• 802.11a/g: 64QAM @ 54/48 Mbps, 16QAM @ 36/24 Mbps, QPSK @ 18/12 Mbps, BPSK @ 9/6 Mbps
•
802.11n: 64QAM @ 300 Mbps to BPSK @ 6.5 Mbps (multiple rates supported)
Operating Channels (central frequency):
•
US:
2.412 to 2.462 GHz (11 channels)
5.180 to 5.240 GHz (4 channels)
5.260 to 5.320 GHz (4 channels)*
5.500 to 5.700 GHz (8 channels; excludes 5.600 to 5.640 GHz)*
5.745 to 5.825 GHz (5 channels)
•
EU:
2.412 to 2.472 GHz (13 channels)
5.180 to 5.240 GHz (4 channels)
5.260 to 5.320 GHz (4 channels)*
5.500 to 5.700 GHz (11 channels)*
•
JP:
2.412 to 2.484 GHz (14 channels, DSSS)
5.180 to 5.240 GHz (4 channels)
5.260 to 5.320 GHz (4 channels)*
5.500 to 5.700 GHz (11 channels)*
*Special frequency bands (up to 6.0 GHz) are available for customization.
Security:
•
SSID broadcast enable/disable
•
Firewall for MAC/IP/Protocol/Port-based filtering
•
64-bit and 128-bit WEP encryption, WPA /WPA2 Personal and Enterprise (IEEE 802.1X/RADIUS, TKIP and
AES)
Transmission Rates:
• 802.11b: 1, 2, 5.5, 11 Mbps
• 802.11a/g: 6, 9, 12, 18, 24, 36, 48, 54 Mbps
•
802.11n: 6.5 to 300 Mbps (multiple rates supported)
Tough
AP
TAP
-
213
Introduction
1
-
5
Transmitter Power:
802.11b:
Typ. 26±1.5 dBm @ 1 Mbps
Typ. 26±1.5 dBm @ 2 Mbps
Typ. 26±1.5 dBm @ 5.5 Mbps
Typ. 25±1.5 dBm @ 11 Mbps
802.11g:
Typ. 23±1.5 dBm @ 6 to 24 Mbps
Typ. 22±1.5 dBm @ 36 Mbps
Typ. 20±1.5 dBm @ 48 Mbps
Typ. 19±1.5 dBm @ 54 Mbps
802.11n (2.4 GHz):
Typ. 23±1.5 dBm @ MCS0/8 20 MHz
Typ. 18±1.5 dBm @ MCS7/15 20 MHz
Typ. 23±1.5 dBm @ MCS0/8 40 MHz
Typ. 17±1.5 dBm @ MCS7/15 40 MHz
802.11a:
Typ. 23±1.5 dBm @ 6 to 24 Mbps
Typ. 21±1.5 dBm @ 36 Mbps
Typ. 20±1.5 dBm @ 48 Mbps
Typ. 18±1.5 dBm @ 54 Mbps
802.11n (5 GHz):
Typ. 23±1.5 dBm @ MCS0/8 20 MHz
Typ. 18±1.5 dBm @ MCS7/15 20 MHz
Typ. 23±1.5 dBm @ MCS0/8 40 MHz
Typ. 18±1.5 dBm @ MCS7/15 40 MHz
Tough
AP
TAP
-
213
Introduction
1
-
6
Receiver Sensitivity:
802.11b:
-93 dBm @ 1 Mbps
-93 dBm @ 2 Mbps
-93 dBm @ 5.5 Mbps
-88 dBm @ 11 Mbps
802.11g:
-88 dBm @ 6 Mbps
-86 dBm @ 9 Mbps
-85 dBm @ 12 Mbps
-85 dBm @ 18 Mbps
-85 dBm @ 24 Mbps
-82 dBm @ 36 Mbps
-78 dBm @ 48 Mbps
-74 dBm @ 54 Mbps
802.11n (2.4 GHz):
-70 dBm @ MCS7 20 MHz
-69 dBm @ MCS15 20 MHz
-67 dBm @ MCS7 40 MHz
-67 dBm @ MCS15 40 MHz
802.11a:
-90 dBm @ 6 Mbps
-88 dBm @ 9 Mbps
-88 dBm @ 12 Mbps
-85 dBm @ 18 Mbps
-81 dBm @ 24 Mbps
-78 dBm @ 36 Mbps
-74 dBm @ 48 Mbps
-72 dBm @ 54 Mbps
802.11n (5 GHz):
-69 dBm @ MCS7 20 MHz
-71 dBm @ MCS15 20 MHz
-63 dBm @ MCS7 40 MHz
-68 dBm @ MCS15 40 MHz
Protocol Support
General Protocols: Proxy ARP, DNS, HTTP, HTTPS, IP, ICMP, SNTP, TCP, UDP, RADIUS, SNMP, PPPoE, DHCP
AP-only Protocols: ARP, BOOTP, DHCP, STP/RSTP (IEEE 802.1D/w)
Interface
Connector for External Antennas: N-type (female)
LAN Ports: 1, M12 X-coded 8-pin female connector, 10/100/1000BaseT(X) auto negotiation speed, F/H
duplex mode, and auto MDI/MDI-X connection
Fiber Port: 100/1000Base SFP slot
Console Port: M12 B-coded 5-pin female connector for the USB console
USB Port: M12 A-coded 5-pin female connector for ABC-02 USB storage
Reset: Present
LED Indicators: PWR, FAULT, STATE, WLAN, LAN 1, LAN 2
Physical Characteristics
Housing: Metal, IP68 protection
Weight: 1.5 kg
Dimensions: 220 x 150 x 50.5 mm (8.66 x 5.90 x 1.99 in)
Installation: Wall mounting (standard), DIN-rail mounting (optional), pole mounting (optional)
Environmental Limits
Operating Temperature: -40 to 75°C (-40 to 167°F)
Storage Temperature: -40 to 85°C (-40 to 185°F)
Tough
AP
TAP
-
213
Introduction
1
-
7
ATTENTION
•
The TAP-213 is NOT a portable mobile device and should be located at least 20 cm away from the human
body.
•
The TAP-213 is NOT designed for the general public. A well-trained technician should be enlisted to ensure
safe deployment of TAP-213 units, and to establish a wireless network.
Ambient Relative Humidity: 5% to 95% (non-condensing)
Power Requirements
Input Voltage: 24 to 110 VDC, redundant dual DC power inputs or 48 VDC Power-over-Ethernet (IEEE
802.3af compliant)
Input Current: 0.65 A @ 24 VDC, 0.16 A @ 110 VDC
Power Consumption: 17.6 W (max.)
Connector: M12 A-coded 4-pin male connector
Reverse Polarity Protection: Present
Standards and Certifications
Safety: UL 60950-1, IEC 60950-1(CB), LVD EN 60950-1
EMC: EN 61000-6-2/6-4
EMI: CISPR 22, FCC Part 15B Class A
EMS:
IEC 61000-4-2 ESD: Contact: 6 kV; Air: 8 kV
IEC 61000-4-3 RS: 80 MHz to 1 GHz: 20 V/m
IEC 61000-4-4 EFT: Power: 2 kV; Signal: 2 kV
IEC 61000-4-5 Surge: Power: 2 kV; Signal: 2 kV
IEC 61000-4-6 CS: 10 V
IEC 61000-4-8
Radio: EN 301 489-1/17, EN 300 328, EN 301 893, DFS, TELEC
Rail Traffic: EN 50155 (essential compliance*), EN 50121-4
*Moxa defines “essential compliance” to include those EN 50155 requirements that make products more
suitable for rolling stock railway applications.
Note: Please check Moxa’s website for the most up-to-date certification status.
Fire and Smoke: EN 45545-2
MTBF (mean time between failures)
Time: 758,369 hrs
Standard: Telcordia SR332
Warranty
Warranty Period: 5 years
Details: See www.moxa.com/warranty
Tough
AP
TAP
-
213
Introduction
1
-
8
ATTENTION
Do not use a PoE (Power over Ethernet) Injector for the PoE device(s). Instead, use an IEEE 802.3af or IEEE
802.3at compliant PSE (Power Sourcing Equipment).
Functional Design
LAN Port
The standard model of the TAP-213 is provided with one M12 X code Gigabit port. The LAN LED will light up
when you insert the cable in the LAN1 port and a connection is established.
LED Indicators
The LEDs on the front panel provide a quick and easy means of determining the current operational status and
wireless settings of the TAP-213.
The FAULT LED indicates system failures. If the TAP-213 cannot retrieve the IP address from a DHCP server,
the FAULT LED will blink at one-second intervals.
Tough
AP
TAP
-
213
Introduction
1
-
9
ATTENTION
When the system fails to boot, the LEDs for STATE (Green), FAULT, and WLAN will all light up
simultaneously and blink at one-second intervals. This may be due to improper operation or issues such as an
unexpected shutdown while updating the firmware. To recover the firmware, refer to the “Firmware
Recovery” section in Chapter 6.
The following table summarizes how to read the device’s wireless settings based on the LED displays. More
information is available in Chapter 3 in the “Basic Wireless Settings” section.
LED Color State Description
PWR
Green On Power is on
Off Power is not being supplied.
FAULT
Red
On System is booting up
Blinking
(slow at
1-second
intervals)
Cannot get an IP address from the DHCP server
Blinking
(fast at
0.5-second
intervals)
IP address conflict
Off No error condition exist
STATE
Green
On System startup is complete and the system is in operation.
Blinking
(fast at
0.5-second
intervals)
AeroLink Protection is enabled and is currently in “Backup” state.
Blinking
(slow at
1-second
intervals)
Device has been located by the Wireless Utility
Red On System is booting up.
WLAN
Green
On WLAN is functioning in client/ client-router mode.
Blinking WLAN is transmitting data in client/ client-router mode.
Off WLAN is not in client/ client-router mode or has not established
a link with an AP.
Amber
On WLAN is in AP mode.
Blinking WLAN is transmitting data in AP mode.
Off WLAN is not in use or is not working properly.
LAN1
(10/100/10
00 Ethernet
port)
Green
On LAN port’s 1000 Mbps link is active.
Blinking Data is being transmitted at 1000 Mbps.
Off LAN port’s 1000 Mbps link is inactive.
Amber
On LAN port’s 10/100 Mbps link is active.
Blinking Data is being transmitted at 10/100 Mbps.
Off LAN port’s 10/100 Mbps link is inactive.
LAN2
(100/1000
fiber
optical
port)
Green On LAN port’s 1000 Mbps link is active.
Blinking Data is being transmitted at 1000 Mbps.
Off LAN port’s 1000 Mbps link is inactive.
Amber On LAN port’s 100 Mbps link is active.
Blinking Data is being transmitted at 100 Mbps.
Off LAN port’s 100 Mbps link is inactive.
Tough
AP
TAP
-
213
Introduction
1
-
10
Beeper
The beeper emits two short beeps when the system is ready.
Reset Button
The Reset button is located on the bottom panel of the TAP-213. You can reboot the TAP-213 or reset it to
factory default settings by pressing the Reset button with a pointed object such as an unfolded paper clip.
•
System reboot: Hold the Reset button down for under 5 seconds and then release.
•
Reset to factory default: Hold the Reset button down for over 5 seconds until the STATE LED starts
blinking green light. Release the button to reset the TAP-213.
2
Getting Started
This chapter explains how to install Moxa’s AirWorks TAP-213 for the first time to quickly set up your wireless
network and how to test whether the connection is working well. The function map provided in Chapter 3 is a
convenient reference to the various functions available on the TAP-213 and to determine the functions that you
need to use.
The following topics are covered in this chapter:
First-Time Installation and Configuration
Communication Testing
Function Map
Tough
AP
TAP
-
213
Getting
Started
2
-
2
First-Time Installation and Configuration
Before installing the TAP-213, make sure that all items mentioned in the package checklist are in the box. You
will also need access to a notebook computer or PC equipped with an Ethernet port. The TAP-213 has a default
IP address that you must use when connecting to the device for the first time.
•
Step 1: Select the power source.
The TAP-213 can be powered by a DC power input or PoE (Power over Ethernet).
•
Step 2: Connect the TAP-213 to a notebook or PC.
Since the TAP-213 is provided with the MDI/MDI-X auto-sensing capability, you can use either a
straight-through cable or crossover cable to connect it to a computer. When the connection between the
TAP-213 and the computer is established, the LED indicator on the TAP-213’s LAN port lights up.
•
Step 3: Set up the computer’s IP address.
Set an IP address for the computer so that it is on the same subnet as that of the TAP-213. Since the
TAP-213’s default IP address is 192.168.127.253, and the subnet mask is 255.255.255.0, set the IP
address of the computer in the 192.168.127.xxx IP range and subnet mask to 255.255.255.0.
•
Step 4: Use the web-based manager to configure the TAP-213
Open your computer’s web browser and type http://192.168.127.253 in the address field to access the
homepage of the web-based Network Manager. Before the homepage opens, you will need to enter the user
name and password as shown in the following figure. For first-time configuration, enter the following
default user name and password and click on the Login button:
User Name: admin
Password:
moxa
NOTE
After you click Submit to apply changes, the web page is refreshed and an (Updated) indicator is displayed
next to the page heading along with a blinking reminder to restart the device.
To activate the changes, click Restart and then click Save and Restart after you change the settings. The
TAP-213 will take about 30 seconds to complete the reboot process.
NOTE
For security reasons, we strongly recommend changing the default password. To change the password, select
Maintenance Password and follow the instructions on the screen.
Tough
AP
TAP
-
213
Getting
Started
3
-
2
•
Step 5: Select the operation mode for the TAP-213.
By default, the operation mode of the TAP-213 is set to AP. You can change this setting to Client mode at
Wireless Settings WLAN Basic Wireless Settings. Detailed information about configuring the
TAP-213 is available in Chapter 3.
•
Step 6: Test the network connection.
In the following sections we describe two methods that you can use to test that a network connection has
been established.
Communication Testing
After installing the TAP-213 you can run a sample test to make sure the wireless connection on the TAP-213 is
functioning normally. Two testing methods are described below. Use the first method if you are using only one
TAP-213 device and the second method if you are using two or more TAP-213 units.
How to Test One TAP-213
If you are only using one TAP-213, you will need one additional notebook computer equipped with a WLAN card.
Configure the WLAN card to connect to the TAP-213 (NOTE: the default SSID is MOXA), and change the IP
address of the second notebook (Notebook B) so that it is on the same subnet as the first notebook (Notebook
A), which is connected to the TAP-213.
After configuring the WLAN card, establish a wireless connection with the TAP-213 and open a DOS window on
Notebook B. At the prompt, type the following:
ping <IP address of notebook A>
and then press Enter (see the figure below). A “Reply from IP address …” response means the communication
was successful. A “Request timed out.” response means the communication failed. In this case, recheck the
configuration to make sure the connections are correct.
Tough
AP
TAP
-
213
Getting
Started
4
-
2
How to Test Two or More TAP-213 Units
If you have two or more TAP-213 units, you will need a second notebook computer (Notebook B) equipped with
an Ethernet port. Use the default settings for the first TAP-213 connected to notebook A and change the second
or third TAP-213 connected to notebook B to Client mode, and then configure the notebooks and TAP-213 units
properly.
After setting up the testing environment, open a DOS window on notebook B. At the prompt type:
ping <IP address of notebook A>
and then press Enter. A “Reply from IP address …” response means the communication was successful. A
“Request timed out” response means the communication failed. In the latter case, recheck the configuration to
make sure the settings are correct.
Tough
AP
TAP
-
213
Getting
Started
5
-
2
Function Map
Quick overview of the TAP-213’s status
Essential settings related to establishing a wireless
network
Advanced features to support additional network
management and secure wired and wireless
communication
Note: These advanced functions are all optional
Application-oriented device management functions
to set up events, traps, and reactions via
e-
mail and SNMP notifications
Note: These functions are all optional
Current status information for monitoring
wired/wireless network performance, advanced
services, and device management functions
On-demand functions to support the web-based
console management operation
Functions for maintaining the TAP-213, and for
diagnosing the network
Basic settings for administering the TAP-213
3
Web Console Configuration
In this chapter, we explain all aspects of web-based console configuration. Moxa’s easy-to-use management
functions help you set up your TAP-213 and make it easy to establish and maintain your wireless network.
The following topics are covered in this chapter:
Web Browser Configuration
Overview
Basic Settings
System Info Settings
Network Settings
Port Settings
Time Settings
Wireless Settings
Operation Mode
Basic Wireless Settings (Multiple SSID)
WLAN Security Settings
Advanced Wireless Settings
WLAN Certification Settings (for EAP-TLS in
Client mode only)
WAC Settings (AP mode only)
Advanced Settings
Using Virtual LAN
Configuring Virtual LAN
DHCP Server
Packet Filters
NAT Settings/Port Forwarding (For
Client-Router mode only)
SNMP Agent
Mobile IP Settings
Link Fault Pass-Through (for Client mode only)
Auto Warning Settings
System Log
Syslog
E-mail
Traps
Status
Wireless Status
Associated Client List (for AP mode only)
DHCP Client List
System Log
Power Status
AeroLink Protection Status (For Client Mode
Only)
Routing Table
LAN Status
Maintenance
Console Settings
Ping
Firmware Upgrade
Config Import/Export
Load Factory Default
Username/Password
Locate Device
Misc. Settings
Save Configuration
Restart
Logout
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
2
Web Browser Configuration
The web interface provides a convenient way to modify the configuration of the TAP-213 and access its built-in
monitoring and network administration functions. The recommended web browser is Microsoft® Internet
Explorer 7.0 or 8.0 with JVM (Java Virtual Machine) installed.
To access the web interface of the TAP-213, do the following:
1.
Open a web browser (e.g., Internet Explorer), type in the default IP address of the TAP-213 in the address
field, and press Enter.
2.
In the login page that is displayed, enter the Username and Password (default Username = admin;
default Password = moxa) and click Login to continue.
You may need to wait a few moments for the main page to download to your computer. Note that the model
name and IP address of the TAP-213 are both shown in the title bar of the web page. You can identify the
web interfaces of multiple TAP-213 units using this information.
NOTE
To use the management and monitoring functions of the TAP-213 from a PC host connected to the same LAN
as the TAP-213, you must make sure that the PC host and the TAP-213 are on the same logical subnet.
Similarly, if the TAP-213 is configured on a different VLAN than the PC, you must make sure your PC host is
on the management VLAN so that it can access the TAP-213.
The default IP address of the TAP is 192.168.127.253.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
3
3.
Use the menu tree on the left side of the window to open the configuration pages for the TAP-213’s
functions.
In the following paragraphs, we describe each TAP-213 management function in detail. An overview of all the
functions is available in the “Function Map” section of this manual.
Overview
The Overview page summarizes the TAP-213’s current status. The information is categorized into the
following groups: System Info, Device Info, and 802.11 Info.
NOTE
The model name of the TAP-213 is shown as TAP-213-XX, where XX indicates the country code. The model
name indicates the TAP-213 version and the bandwidth it uses. We use TAP-213-US as an example in the
following figures. (The country code and model name that appears on your computer screen may be
different.)
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
4
Click on the SSID (MOXA, in this case) to display detailed information on 802.11as shown below:
Basic Settings
The Basic Settings group includes the most commonly used settings required by administrators to maintain
and control the TAP-213.
System Info Settings
The System Info related settings that you configure here, especially the Device name and Device
description, are displayed on the Overview page. They are also included in the SNMP information and email
alerts. Configuring the System Info settings for each TAP-213 makes it easier to identify the different TAP-213
units connected to your network.
Device name
Format Description Factory Default
Maximum of 31
characters
Specifies the role or application of this TAP-213 unit. TAP-213_<Serial No. of
this TAP-213>
Device location
Format Description Factory Default
Maximum. of 31
characters
Specifies the location of this TAP-213 unit. None
NOTE
The 802.11 Info that is displayed may differ based on the operation mode selected. For example, Current
BSSID is not available in Client mode, and Signal strength/Noise Floor is not available in AP mode.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
5
Device description
Format Description Factory Default
Maximum of 31
characters
You can use this space to record a more detailed
description of this TAP-213
None
Device contact information
Format Description Factory Default
Maximum of 31
characters
You can use this space to record the contact information of the
person responsible for maintaining this TAP-213.
None
Network Settings
The Network Settings configuration panel allows you to modify the usual TCP/IP network parameters.
However, due to the addition of the client-router operation mode, this panel provides two different sets of
network parameters. Explanations for both types of configuration are given below.
Network Settings for AP/Client Operation Mode
IP address assignment
Setting Description Factory Default
DHCP The TAP-213’s IP address will be assigned automatically by the
network’s DHCP server
Static
Static Set up the TAP-213’s IP address manually.
IP address
Setting Description Factory Default
TAP-213’s IP address Identifies the TAP-213 on a TCP/IP network. 192.168.127.253
Subnet mask
Setting Description Factory Default
TAP-213’s subnet mask
Identifies the type of network to which the TAP-213 is
connected (e.g., 255.255.0.0 for a Class B network, or
255.255.255.0 for a Class C network).
255.255.255.0
Gateway
Setting Description Factory Default
TAP-213’s default
gateway
The IP address of the router that connects the LAN to an outside
network.
None
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
6
Primary/ Secondary DNS server
Setting Description Factory Default
IP address of the
Primary/Secondary
DNS server
The IP address of the DNS Server used by your network. After
entering the DNS Server’s IP address, you can input the
TAP-213’s URL (e.g., http://ap11.abc.com) in your browser’s
address field instead of entering the IP address. The Secondary
DNS server will be used if the Primary DNS server fails to
connect.
None
Network Settings for Client-Router Operation Mode
WLAN IP address assignment
Setting Description Factory Default
DHCP The TAP-213 WLAN interface’s IP address will be assigned
automatically by the network’s DHCP server
Static
Static Set up the TAP-213 WLAN interface’s IP address manually.
WLAN IP address
Setting Description Factory Default
TAP-213 WLAN
interface’s IP address
Identifies the TAP-213 WLAN interface’s IP address on a
TCP/IP network.
192.168.128.253
WLAN subnet mask
Setting Description Factory Default
TAP-213 WLAN
interface’s subnet mask
Identifies the type of network to which the TAP-213’s WLAN
interface is connected (e.g., 255.255.0.0 for a Class B network,
or 255.255.255.0 for a Class C network).
255.255.255.0
WLAN gateway
Setting Description Factory Default
TAP-213 WLAN
interface’s default
gateway
The IP address of the router that connects the WLAN to an
outside network.
None
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
7
Primary/Secondary DNS server
Setting Description Factory Default
IP address of the
Primary/Secondary
DNS server
The IP address of the DNS Server used by your network. After
entering the DNS Server’s IP address, you can input the
TAP-213’s URL (e.g., http://ap11.abc.com) in your browser’s
address field instead of entering the IP address. The Secondary
DNS server will be used if the Primary DNS server fails to
connect.
None
LAN IP address
Setting Description Factory Default
TAP-213 LAN
interface’s IP address
Identifies the TAP-213 LAN interface’s IP address on a TCP/IP
network.
192.168.127.253
LAN subnet mask
Setting Description Factory Default
TAP-213 LAN
interface’s subnet mask
Identifies the type of network to which the TAP-213’s LAN
interface is connected (e.g., 255.255.0.0 for a Class B network,
or 255.255.255.0 for a Class C network).
255.255.255.0
Port Settings
Port settings give users control over port access.
Setting Description Factory Default
Enable/Disable Allows/blocks data transmission through the port. Enable
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
8
ATTENTION
Changing the time zone will automatically adjust the Current local time. You should configure the Time
zone before setting the Current local time.
Time Settings
The TAP-213 has a time calibration function that can update the date and time information based on an NTP
server or the date and time information specified by the user.
The Current local time shows the TAP-213’s system time when you open this web page. After you update the
date and time setting, click on the Set Time button to activate the new date and time. An “(Updated)” string
is displayed next to the date and time fields to indicate that the change is complete. Any change in the date and
time setting is effective immediately and does not need a system restart.
Current local time
Setting Description Factory Default
User-specified date and
time
The date and time parameters allow configuration of the local
time with immediate activation.
Use 24-hour format: yyyy/mm/dd hh:mm:ss
None
Time zone
Setting Description Factory Default
User-specified time
zone
The time zone setting allows the conversion from GMT
(Greenwich Mean Time) to the local time.
GMT
Daylight saving time
Setting Description Factory Default
Enable/ Disable Daylight saving time (also known as DST or summer time)
involves advancing clocks (usually 1 hour) during the summer
time to provide an extra hour of daylight in the afternoon.
Disable
When Daylight saving time is enabled, the following parameters will be shown:
•
Starts at: The date that daylight saving time begins.
•
Stops at: The date that daylight saving time ends.
•
Time offset: Indicates the number of hours the clock should be advanced.
NOTE The TAP-213 has a built-in real time clock (RTC). The RTC is a computer clock (most often in the form of an
integrated circuit) that keeps track of the current time. We strongly recommend that users update the Time
Settings of the TAP-213 after the initial setup is complete or when the TAP is switched on after a long-term
shutdown, especially if the network does not have an Internet connection for accessing a NTP server or there
is no NTP server on the LAN.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
9
Time server 1/2
Setting Description Factory Default
IP address of the name of
the Time Server 1/2
IP address or domain name of the NTP time server. The
second NTP server will be used if the first NTP server fails to
connect.
time.nist.gov
Query period
Setting Description Factory Default
The query period to sync
with the time server
(1 to 9999 seconds)
This parameter determines how often the time is updated
from the NTP server.
600 (seconds)
Wireless Settings
The essential settings for wireless networks are presented in the wireless settings function group. You must
configure these settings correctly before you establish your wireless network. Familiarize yourself with the
following terms before starting the configuration process:
AP: In a wireless local area network (WLAN), an access point is a station that transmits and receives data.
Client: When the TAP-213 is configured for Client mode, it can be used as an Ethernet-to-wireless (or
LAN-to-WLAN) network adapter. For example, a notebook computer equipped with an Ethernet adaptor but no
wireless card can be connected to this device with an Ethernet cable to provide wireless connectivity to another
AP.
Operation Mode
The TAP-213 supports five main operation modes—AP, Client, and Client-Router, each of which plays a
distinct role on the wireless network.
Wireless Enable
Setting Description Factory Default
Enable/Disable Use this function to turn the RF (Radio Frequency) module on or
off manually.
NOTE: This function is available in AP operation mode only.
Enable
Operation Mode
Setting Description Factory Default
AP The most common mode used by a TAP-213 wherein it plays
the role of a wireless AP
AP
Client In this mode, the TAP-213 can connect to wireless AP devices
Client-Router The TAP-213 plays the role of a wireless client and a router.
Sniffer Turns the device into a remote Wireshark interface to capture
802.11 packets for analysis.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
10
Sniffer Mode Instructions:
1.
Set operation mode to Sniffer mode on the TAP-213 and then save/reboot the device.
2.
Connect the TAP-213 to a laptop with Wireshark installed (v1.12.0 or later release) via Ethernet.
3.
Add a remote interface by entering the IP address of the TAP-213.
Detailed Wireshark instructions can be found at:
https://www.wireshark.org/docs/wsug_html_chunked/ChCapInterfaceRemoteSection.html
4.
Start capturing 802.11 wireless packets with Wireshark.
Basic Wireless Settings (Multiple SSID)
You can add new SSIDs or edit existing ones in the WLAN Basic Setting Selection panel. You can configure
up to 9 SSIDs for a TAP and configure each SSID differently.
An SSID is a unique identifier that wireless networking devices use to establish and maintain wireless
connectivity. Multiple access points on a network or sub-network can use the same SSIDs. All of the SSIDs that
you configure for an AP are active at the same time. That is, client devices can use any of the SSIDs to associate
with the AP.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
11
To create an SSID for your TAP, click on Add SSID. To edit an existing SSID and assign different configuration
settings to it, click on the Edit button corresponding to the SSID. A configuration panel is displayed as follows:
NOTEWhen you switch to Client mode, a Site Survey button will be available on the Basic Wireless Settings panel. Use
the Site Survey function to view information about available APs, as shown in the following figures. You can also click
on an SSID listed on the Site Survey page to bring the details of the SSID onto the Basic Wireless Settings page. To
update the site survey table, click the Refresh button.
If this client is connecting to an AP, a brief disconnection will occur when you click on Site Survey.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
12
RF type
Setting Description Factory Default
2.4 GHz
B Only supports the IEEE 802.11b standard B/G/N Mixed
G Only supports the IEEE 802.11g standard
B/G Mixed Supports IEEE 802.11b/g standards, but 802.11g might
operate at a slower speed when 802.11b clients are on the
network
G/N Mixed Supports IEEE 802.11g/n standards, but 802.11n might
operate at a slower speed if 802.11g clients are on the network
B/G/N Mixed Supports IEEE 802.11b/g/n standards, but 802.11g/n might
operate at a slower speed if 802.11b clients are on the network
N Only (2.4GHz) Only supports the 2.4 GHz IEEE 802.11n standard
5 GHz
A Only supports the IEEE 802.11a standard
A/N Mixed Supports IEEE 802.11a/n standards, but 802.11n may operate
at a slower speed if 802.11a clients are on the network
N Only (5GHz) Only supports the 5 GHz IEEE 802.11n standard
Channel (for AP mode only)
Setting Description Factory Default
The available channels
vary with the RF type
setting
The channel on which the TAP should operate. The TAP-213
plays the role of a wireless AP here.
6 (in B/G/N Mixed
mode)
Channel Width (for any 11N RF type only)
Setting Description Factory Default
20 MHz Select the channel width.
If you are not sure, use the 20/40 MHz (Auto) option
20 MHz
20/40 MHz
Channel bonding
If you have selected 20/40 MHz only in the Channel Width setting, this setting will automatically set the
channel based on the Channel setting.
SSID
Setting Description Factory Default
Maximum of 31
characters
The SSID of a client and the SSID of the AP must be identical for
the client and AP to be able to communicate with each other.
MOXA
SSID broadcast (for AP mode only)
Setting Description Factory Default
Enable/Disable Use this setting to specify if the SSID can be broadcast or not
Enable
Management frame encryption
Setting Description Factory Default
Enable/Disable Enables management frame encryption to protect your wireless
network from DoS attacks. This function only works with
Moxa's TAP series.
Disable
50ms Turbo Roaming (controller-based)
Setting Description Factory Default
Enable/Disable Determines whether or not the TAP-213 supports 50 ms
roaming. This function only works with the WAC-1001,
WAC-2004, and TAP series.
Disable
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
13
WLAN Security Settings
The TAP-213 provides four standardized wireless security modes: Open, WEP (Wired Equivalent Privacy),
WPA (Wi-Fi Protected Access), and WPA2. Several security modes are available in the TAP-213 by selecting
Security mode and WPA type:
•
Open: No authentication, no data encryption.
•
WEP: Static WEP (Wired Equivalent Privacy) keys must be configured manually.
•
WPA/WPA2-Personal: Also known as WPA/WPA2-PSK. You will need to specify the Pre-Shared Key in
the Passphrase field, which will be used by the TKIP or AES engine as a master key to generate keys
that actually encrypt outgoing packets and decrypt incoming packets.
•
WPA/WPA2-Enterprise: Also called WPA/WPA2-EAP (Extensible Authentication Protocol). In addition
to device-based authentication, WPA/WPA2-Enterprise enables user-based authentication via IEEE
802.1X. The TAP-213 can support three EAP methods: EAP-TLS, EAP-TTLS, and EAP-PEAP.
Security mode
Setting Description Factory Default
Open No authentication Open
WEP Static WEP is used
WPA WPA is used
WPA2 Fully supports IEEE 802.11i with “TKIP/AES + 802.1X”
Open
For security reasons, you should NOT set security mode to Open System, since authentication and data
encryption are NOT performed in Open System mode.
WEP (only for legacy mode)
According to the IEEE 802.11
standard, WEP can be used for
authentication and data encryption
to maintain confidentiality. Shared
(or Shared Key) authentication type
is used if WEP authentication and
data encryption are both needed.
Normally, Open (or Open System)
authentication type is used when
WEP data encryption is run with
authentication.
When WEP is enabled as a security
mode, the length of a key (so-called
WEP seed) can be specified as
64/128 bits, which is actually a 40/104-bit secret key with a 24-bit initialization vector. The TAP-213
provides 4 entities of WEP key settings that can be selected to use with Key index.
NOTE
Moxa includes WEP security mode only for legacy purposes. WEP is highly insecure and is considered fully
deprecated by the Wi-Fi alliance. We do not recommend the use of WEP security under any circumstances.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
14
The selected key setting specifies the key to be used as a send-key for encrypting traffic from the AP side to
the wireless client side. All 4 WEP keys are used as receive-keys to decrypt traffic from the wireless client
side to the AP side.
The WEP key can be presented in two Key types, HEX and ASCII. Each ASCII character has 8 bits, so a
40-bit (or 64-bit) WEP key contains 5 characters, and a 104-bit (or 128-bit) key has 13 characters. In hex,
each character uses 4 bits, so a 40-bit key has 10 hex characters, and a 128-bit key has 26 characters.
Authentication type
Setting Description Factory Default
Open Data encryption is enabled, but without authentication Open
Shared Data encryption and authentication are both enabled.
Key type
Setting Description Factory Default
HEX Specifies WEP keys in hex-decimal number form HEX
ASCII Specifies WEP keys in ASCII form
Key length
Setting Description Factory Default
64 bits Uses 40-bit secret keys with 24-bit initialization vector 64 bits
128 bits Uses 104-bit secret key with 24-bit initialization vector
Key index
Setting Description Factory Default
1-4 Specifies which WEP key is used Open
WEP key 1-4
Setting Description Factory Default
ASCII type:
64 bits: 5 chars
128 bits: 13chars
HEX type:
64 bits: 10 hex chars
128 bits: 26 hex chars
A string that can be used as a WEP seed for the RC4 encryption
engine.
None
WPA/WPA2-Personal
WPA (Wi-Fi Protected Access) and WPA2 represent significant improvements over the WEP encryption
method. WPA is a security standard based on 802.11i draft 3, while WPA2 is based on the fully ratified
version of 802.11i. The initial vector is transmitted, encrypted, and enhanced with its 48 bits, twice as long
as WEP. The key is regularly changed so that true session is secured.
Even though AES encryption is only included in the WPA2 standard, it is widely available in the WPA security
mode of some wireless APs and clients as well. The TAP-213 also supports AES algorithms in WPA and WPA2
for better compatibility.
Personal versions of WPA/WPA2, also known as WPA/WPA-PSK (Pre-Shared Key), provide a simple way of
encrypting a wireless connection for high confidentiality. A Passphrase is used as a basis for encryption
methods (or cipher types) in a WLAN connection. The passphrases should be complicated and as long as
possible. There must be at least 8 ASCII characters in the Passphrase, and it could go up to 63. For security
reasons, this passphrase should only be disclosed to users who need it, and it should be changed regularly.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
15
NOTE
The key renewal value dictates how often the wireless AP encryption keys should be changed. The security
level is generally higher if you set the key renewal value to a shorter number, which forces the encryption keys
to be changed more frequently. The default value is 3600 seconds (6 minutes). Longer time periods can be
considered if the line is not very busy.
WPA type
Setting Description Factory Default
Personal Provides Pre-Shared Key-enabled WPA and WPA2 Personal
Enterprise Provides enterprise-level security for WPA and WPA2
Encryption method
Setting Description Factory Default
TKIP** Temporal Key Integrity Protocol is enabled AES
AES Advance Encryption System is enabled
Mixed* Provides TKIP broadcast key and TKIP+AES unicast key for
some legacy AP clients. This option is rarely used.
** This option is only available with 802.11a/b/g standard
* This option is only available for legacy mode in APs and does not support AES-enabled clients.
Passphrase
Setting Description Factory Default
8 to 63 characters Master key to generate keys for encryption and decryption None
Key renewal (for AP mode only)
Setting Description Factory Default
60 to 86400 seconds
(1 minute to 1 day)
Specifies the time period of group key renewal 3600 (seconds)
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
16
WPA/WPA2-Enterprise (for AP mode)
By setting WPA type to Enterprise, you can use EAP (Extensible Authentication Protocol), a framework
authentication protocol used by 802.1X to provide network authentication. In these Enterprise-level security
modes, a back-end RADIUS (Remote Authentication Dial-In User Service) server is needed if IEEE 802.1X
functionality is enabled in WPA /WPA2. The IEEE 802.1X protocol also offers the possibility of carrying out an
efficient connection authentication on a large-scale network. It is not necessary to exchange keys or
passphrases.
WPA type
Setting Description Factory Default
Personal Provides Pre-Shared Key-enabled WPA and WPA2 Personal
Enterprise Provides enterprise-level security for WPA and WPA2
Encryption method
Setting Description Factory Default
TKIP** Temporal Key Integrity Protocol is enabled AES
AES Advance Encryption System is enabled
Mixed* Provides TKIP broadcast key and TKIP+AES unicast key for
some legacy AP clients. This option is rarely used.
** This option is only available with 802.11a/b/g standard
* This option is available only for legacy mode in APs and does not support AES-enabled clients.
Primary/Secondary RADIUS server IP
Setting Description Factory Default
The IP address of
RADIUS server
Specifies the delegated RADIUS server for EAP None
Primary/Secondary RADIUS port
Setting Description Factory Default
Port number Specifies the port number of the delegated RADIUS server 1812
Primary/ Secondary RADIUS shared key
Setting Description Factory Default
Max. of 31 characters The secret key shared between AP and RADIUS server None
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
17
Key renewal
Setting Description Factory Default
60 to 86400 seconds
(1 minute to 1 day)
Specifies the time period of group key renewal 3600 (seconds)
WPA/WPA2-Enterprise (for Client/Client-Router mode)
When used as a client, the TAP-213 can support three EAP methods (or EAP protocols): EAP-TLS,
EAP-TTLS, and EAP-PEAP, corresponding to WPA/WPA-Enterprise settings on the AP side.
Encryption method
Setting Description Factory Default
TKIP** Temporal Key Integrity Protocol is enabled TKIP
AES Advance Encryption System is enabled
**This option is only available with 802.11a/b/g standard.
EAP protocol
Setting Description Factory Default
TLS Specifies Transport Layer Security protocol TLS
TTLS Specifies Tunneled Transport Layer Security
PEAP Specifies Protected Extensible Authentication Protocol, or
Protected EAP
Before choosing the EAP protocol for your WPA/WPA2-Enterpise settings on the client end, please contact
the network administrator to make sure the system supports the protocol on the AP end. Detailed
information on these three popular EAP protocols is presented in the following sections.
EAP-TLS
TLS is the standards-based successor to Secure Socket Layer (SSL). It can establish a trusted
communication channel over a distrusted network. TLS provides mutual authentication through certificate
exchange. EAP-TLS is also secure to use. You are required to submit a digital certificate to the authentication
server for validation, but the authentication server must also supply a certificate.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
18
You can use Basic WLAN Setup WLAN Certificate Settings to import your WLAN certificate and enable
EAP-TLS on the client end.
You can check the current certificate status in Current Status if it is available.
•
Certificate issued to: Shows the certificate user
•
Certificate issued by: Shows the certificate issuer
•
Certificate expiration date: Indicates when the certificate has expired
EAP-TTLS
It is usually much easier to re-use existing authentication systems, such as a Windows domain or Active
Directory, LDAP directory, or Kerberos realm, rather than creating a parallel authentication system. As a
result, TTLS (Tunneled TLS) and PEAP (Protected EAP) are used to support the use of so-called “legacy
authentication methods.”
TTLS and PEAP work in a similar way. First, they establish a TLS tunnel (EAP-TLS for example), and validate
whether the network is trustworthy with digital certificates on the authentication server. This step
establishes a tunnel that protects the next step (or “inner” authentication), and consequently is sometimes
referred to as “outer” authentication. The TLS tunnel is then used to encrypt an older authentication protocol
that authenticates the user for the network.
As you can see, digital certificates are still needed for outer authentication in a simplified form. Only a small
number of certificates are required, which can be generated by a small certificate authority. Certificate
reduction makes TTLS and PEAP much more popular than EAP-TLS.
The TAP-213 provides some non-cryptographic EAP methods, including PAP, CHAP, MS-CHAP, and
MS-CHAP-V2. These EAP methods are not recommended for direct use on wireless networks. However,
they may be useful as inner authentication methods with TTLS and PEAP.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
19
Because the inner and outer
authentications can use
distinct user names in TTLS
and PEAP, you can use an
anonymous user name for the
outer authentication, with the
true user name only shown
through the encrypted
channel. Keep in mind that not
all client software supports
anonymous alteration.
Confirm this with the network
administrator before you
enable identity hiding in TTLS
and PEAP.
TTL inner authentication
Setting Description Factory Default
PAP Password Authentication Protocol is used MS-CHAP-V2
CHAP Challenge Handshake Authentication Protocol is used
MS-CHAP Microsoft CHAP is used
MS-CHAP-V2 Microsoft CHAP version 2 is used
Anonymous
Setting Description Factory Default
Max. of 31 characters A distinct name used for outer authentication None
User name & Password
Setting Description Factory Default
User name and password used in inner authentication None
PEAP
There are a few differences in
the TTLS and PEAP inner
authentication procedures.
TTLS uses the encrypted
channel to exchange
attribute-value pairs (AVPs),
while PEAP uses the encrypted
channel to start a second EAP
exchange inside of the tunnel.
The TAP-213 provides
MS-CHAP-V2 merely as an
EAP method for inner
authentication.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
20
Inner EAP protocol
Setting Description Factory Default
MS-CHAP-V2 Microsoft CHAP version 2 is used MS-CHAP-V2
Anonymous
Setting Description Factory Default
Max. of 31 characters A distinct name used for outer authentication None
User name & Password
Setting Description Factory Default
User name and password used in inner authentication None
Advanced Wireless Settings
Additional wireless-related parameters are presented in this section to help you set up your wireless network
in detail.
Transmission Rate (for A, B, G, B/G mixed, and N modes only)
Setting Description Factory Default
Auto The TAP-213 senses and adjusts the data rate automatically Auto
Available rates Users can manually select a target transmission data rate
Multicast Rate (for AP mode only)
Setting Description Factory Default
Multicast rate
(6M ~ 54M)
You can set a fixed multicast rate for the transmission of
broadcast and multicast packets on a per-radio basis. This
parameter can be useful in an environment where multicast
video streaming is occurring in the wireless medium, provided
that the wireless clients are capable of handling the configured
rate.
6M
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
21
NOTE
Most countries define a limit for the Equivalent Isotropically Radiated Power (EIRP) for an RF transmitting
system. The EIRP should not exceed the allowed value. EIRP = transmission power + antenna gain (dBi).
Guard Interval
Setting Description Factory Default
Guard Interval Guard interval is used to ensure that distinct transmissions do
not interfere with one another. You can select the guard
interval manually for Wireless-N connections. The two options
are Short (400 ns) and Long (800 ns).
NOTE: This function can be modified in N mode only.
800 ns.
Maximum transmission power
Setting Description Factory Default
Available Power Users can manually select a target power to mask max output
power. Because different transmission rates might have their
own max output power, please reference product datasheet.
The available setting is from 3 to 26.
dBm/MHz: The density of transmission power in channel width.
12 dBm
(-1 dBm/MHz)
Beacon Interval (for AP mode only)
Setting Description Factory Default
Beacon Interval
(40 to 1000 ms)
Indicates the frequency interval of the beacon 100 (ms)
DTIM Interval (for AP mode only)
Setting Description Factory Default
Data Beacon Rate
(1 to 15)
Indicates how often the TAP-213 sends out a Delivery Traffic
Indication Message
1
Fragmentation threshold
Setting Description Factory Default
Fragment Length
(256 to 2346)
Specifies the maximum size a data packet before splitting and
creating another new packet
2346
RTS threshold
Setting Description Factory Default
RTS/CTS Threshold
(256 to 2346)
Determines how large a packet can be before the Access Point
coordinates transmission and reception to ensure efficient
communication
2346
NOTE Transmission power indicates the maximum value of transmission power which the user plans. However, the
real transmitted power depends on the radio module and some facts, such as country, regulatory limitations
and data rate. Please check the Transmission power in Status > Wireless Status for a real and updated value
of transmission power, which the TAP is currently using.
You can refer to the related glossaries in the reference section for detailed information about the
above-mentioned settings. By setting these parameters properly, you can better tune the performance of your
wireless network.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
22
READ THIS BEFORE CHANGING THE DFS SETTING
DFS (Dynamic Frequency Selection) is a mechanism to allow unlicensed wireless devices to share spectrum
with existing radar systems by detecting radar systems and avoid causing interference with them.
Antenna
Setting Description Factory Default
A/B/Both Specifies the output antenna port. Setting “Antenna” to Auto
allows 2x2 MIMO communication under 802.11n and 2T2R*
communication in legacy 802.11a/b/g modes.
Both
*Note: Different from 802.11n’s multiple spatial data stream (2x2 MIMO), which doubles the throughput, 2T2R
is transmits/receives the same piece of data on both antenna ports.
WMM
Setting Description Factory Default
Enable/Disable WMM is a QoS standard for WLAN traffic. Voice and video data
will be given priority bandwidth when enabled with WMM
supported wireless clients.
NOTE: This setting can be enabled/disabled only in A, B, and
B/G Mixed modes. For N, G/N Mixed, B/G/N Mixed, and A/N
Mixed modes, this setting is enabled by default.
Disable
Roaming Priority (Only for AP mode)
Setting Description Factory Default
Priority 1/2 The roaming priority should be set based on how the radios are
deployed along the trackside.
Priority 1: radios along the trackside are deployed with open air
radiating antennas.
Priority 2: radios along the trackside are deployed with leaky
feeder like coverage patterns.
Due to the differences in coverage patterns between different
deployment scenarios, the roaming priority you select will
impact roaming performance.
Priority 2
RF Index
Setting Description Factory Default
RF Index1/ RF Index 2
In an L3 roaming scenario, trackside APs can be arranged in
different VLAN gateways within different subnets. The RF index
setting identifies the AP within a particular VLAN gateway.
RF Index 1
AeroLink Protection (Only for Client mode)
Setting Description Factory Default
Disable/L2/L3
•
Enable AeroLink Protection to allow wireless clients on the
same LAN network to automatically negotiate with each
other and form a redundant wireless communication. For
more details, see Status AeroLink Protection Status.
•
Select L2 for roaming on an L2 trackside network.
•
Select L3 for roaming on an L3 trackside network.
Disabled
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
23
When L3 is selected, Virtual LAN IP and Virtual WLAN IP are shown as additional setting parameters.
Virtual LAN IP: This IP should be defined as the gateway IP for onboard devices so that all incoming and
outgoing traffic can be routed properly via this common IP in case of any role changes of the onboard clients.
All AeroLink protected clients within the same subnet need to be configured with the same virtual LAN IP.
Virtual WLAN IP: This IP should be defined as the virtual gateway IP for the wayside router, which can route
traffic to any onboard client regardless of the client’s home WAC. This IP only needs to be configured when
different clients have to backup each other while the clients are registered to different WAC units. For the router
to work properly, all clients and the wayside router will need to be configured to have this routing rule (i.e., to
use this virtual WLAN IP).
How AeroLink Protection Works
In vehicle-to-ground applications, it is essential to minimize system downtime and maximize system
availability of the train to ground link to ensure proper communication. Moxa’s AeroLink Protection provides a
reliable wireless network-level redundancy protocol to ensure that there will always be a live
onboard-to-ground link, even when failures occur:
1.
Communication Failover: AeroLink Protection members can negotiate with each other to automatically elect
an Active node for data communication. If the Active node is no long capable of sending data across to its
access point, it will inform other Backup nodes to resume the communication via another path.
2.
Frequency-Interference Failover: This concept is similar to “Communication Failover.” If the
communication frequency is interfered with and data can no longer transmit over the Active frequency, it
will also resume the connection via another Backup frequency.
3.
Device Failover: After handling communication and frequency failures, in order to provide a wireless
network free of single points of failure, AeroLink Protection also checks the device status. If the Active node
has a power failure, the Backup nodes will automatically resume the wireless communication.
4.
Scalable: AeroLink Protection is designed to allow multiple backup paths, making it possible for users to
realize a complete redundant wireless network free from all the above failure types.
5.
Fast Recovery: In addition to maintaining a redundant wireless network, equally important is providing
uninterrupted communication even when a failure occurs. AeroLink Protection is designed to recover any
failure in under 300 ms.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
24
Turbo Roaming
Setting Description Factory Default
Enable/ Disable Moxa’s Turbo Roaming can enable rapid handover when the
TAP-213, as a client or client-router, roams among a group of
APs.
Disable
When Turbo Roaming is enabled, Turbo Roaming type, RF type, Dual link option, and Scan channels will
be shown as follows. There are two options available for Turbo Roaming type; 50ms (controller-based)
that only works with the RTG version of the access point and the WAC-1001 and WAC-2004, and 150ms
(client-based) that supports all brands of AP. Dual link reduces the packet-loss rate when roaming between
difference APs; this function only works with a single channel roaming structure. The RF type shows the current
RF type that this client is using. There are three Scan channels available. Note that the Scan channels may
need to be modified when the RF type is changed. (For example, channel 36 is not available in B, G, or B/G
Mix mode.)
If you set Turbo Roaming type to 150ms (client-based), three additional roaming parameters, 802.11b/g
(or b/a) roaming threshold, 802.11b/g (or b/a) roaming offset, and 802.11b/g (or b/a) roaming alive are
shown as follows:
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
25
Roaming Parameters
Setting Description Factory Default
802.11b/g (or a)
roaming threshold
(RSSI)
When the current RSSI value is lower than the “roaming
threshold,” the client will start the roaming process.
-75
802.11b/g (or a)
roaming difference
(RSSI)
When the RSSI of a candidate AP is greater than “the current
RSSI value plus the roaming difference,” the client will roam to
this new candidate AP.
7
802.11b/g (or a) AP
alive check threshold
(RSSI)
When “AP alive check” is enabled, the client will actively send
alive check packets over the wireless network; APs who receive
the packets will respond to indicate that they are currently
available. By doing this, the client can maintain a ready list of
available APs, and then quickly hand over to a new AP once it
loses contact with the AP it is currently connected to.
-82
Roaming Threshold Concept
T1 = Probing for new AP candidate to connect (background scan)
T2 = At this point is when the roaming difference conditions are met and
the client will initiate the roaming
T3 = At this point the client has successfully roamed over to the new AP2
NOTE
When 50 ms Turbo Roaming is enabled without using the WAC-1001 or WAC-2004, the connection between the
AP and client will not work.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
26
WLAN Certification Settings (for EAP-TLS in Client mode only)
When EAP-TLS is used, a WLAN Certificate will be required at the client end to support WPA/WPA2-Enterprise.
The TAP-213 can support the PKCS #12, also known as Personal Information Exchange Syntax Standard,
certificate formats that define file formats commonly used to store private keys with accompanying public key
certificates, protected with a password-based symmetric key.
Current Status displays information for the current WLAN certificate, which has been imported into the
TAP-213. Nothing will be shown if a certificate is not available.
Certificate issued to: Shows the certificate user
Certificate issued by: Shows the certificate issuer
Certificate expiration date: Indicates when the certificate has expired
You can import a new WLAN certificate in Import WLAN Certificate by following these steps, in order:
1.
Input the corresponding password (or key) in the Certificate private password field and then click
Submit to set the password.
2.
The password will be displayed in the Certificate private password field. Click on the Browse button in
Select certificate/key file and select the certificate file.
3.
Click Upload Certificate File to import the certificate file. If the import succeeds, you can see the
information uploaded in Current Certificate. If it fails, you may need to return to step 1 to set the
password correctly and then import the certificate file again.
NOTE
The WLAN certificate will remain after the TAP-213 reboots. Even though it has expired, it can still be seen on
the Current Certificate.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
27
WAC Settings (AP mode only)
Controller-based Turbo Roaming function is automatically enabled when you enable the 50ms Turbo Roaming
(controller-based) option on the Wireless Settings > WLAN > Basic Wireless Settings > Edit page. The Primary
WAC IP address, Backup WAC IP address, and Roaming domain fields are displayed.
Primary WAC IP address
Setting Description Factory Default
IP address Enter the IP address of the primary WAC-1001 or WAC-2004 None
Backup WAC IP address
Setting Description Factory Default
IP address Enter the IP address of the backup WAC-1001 or WAC-2004 None
Primary WAC IP address
Setting Description Factory Default
6 Hex characters Specifies the area served by the WAC-1001 or WAC-2004. All
related controllers, APs, and clients use this IP address as
identification to work and communicate with each other.
None
Advanced Settings
Several advanced functions are available to increase the functionality of your TAP-213 and wireless network
system. A VLAN is a collection of clients and hosts grouped together as if they were connected to the broadcast
domains in a layer-2 network. The DHCP server helps you deploy wireless clients efficiently. Packet filters
provide security mechanisms, such as firewalls, in different network layers. Moreover, the TAP-213 can support
STP/RSTP protocol to increase reliability across the entire network, and SNMP support can make network
management easier.
Using Virtual LAN
Setting up Virtual LANs (VLANs) on your TAP series increases the efficiency of your network by dividing the LAN
into logical segments, as opposed to physical segments. In general, VLANs are easier to manage.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
28
The Virtual LAN (VLAN) Concept
What is a VLAN?
A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of requirements that
communicate as if they were attached to the same broadcast domain, regardless of their physical location. A
VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if
they are not located on the same network switch. Network reconfiguration can be done through software
instead of physically relocating devices.
VLANs now extend as far as the reach of the access point signal. Clients can be segmented into wireless
sub-networks via SSID and VLAN assignment. A Client can access the network by connecting to an AP
configured to support its assigned SSID/VLAN.
Benefits of VLANs
VLANs are used to conveniently, efficiently, and easily manage your network in the following ways:
•
Manage adds, moves, and changes from a single point of contact
•
Define and monitor groups
•
Reduce broadcast and multicast traffic to unnecessary destinations
•
Improve network performance and reduce latency
•
Increase security
•
Secure network restricts members to resources on their own VLAN
•
Clients roam without compromising security
VLAN Workgroups and Traffic Management
The AP assigns clients to a VLAN based on a Network Name (SSID). The AP can support up to 9 SSIDs per radio
interface, with a unique VLAN configurable per SSID.
The AP matches packets transmitted or received to a network name with the associated VLAN. Traffic received
by a VLAN is only sent on the wireless interface associated with that same VLAN. This eliminates unnecessary
traffic on the wireless LAN, conserving bandwidth and maximizing throughput.
In addition to enhancing wireless traffic management, the VLAN-capable AP supports easy assignment of
wireless users to workgroups. In a typical scenario, each user VLAN represents a department workgroup; for
example, one VLAN could be used for a marketing department and the other for a human resource department.
In this scenario, the AP would assign every packet it accepted to a VLAN. Each packet would then be identified
as marketing or human resource, depending on which wireless client received it. The AP would insert VLAN
headers or “tags” with identifiers into the packets transmitted on the wired backbone to a network switch.
Finally, the switch would be configured
to route packets from the marketing
department to the appropriate
corporate resources such as printers
and servers. Packets from the human
resource department could be
restricted to a gateway that allowed
access to only the Internet. A member
of the human resource department
could send and receive e-mail and
access the Internet, but would be
prevented from accessing servers or
hosts on the local corporate network.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
29
NOTE
The VLAN feature can allow wireless clients to manage the AP. If the VLAN Management ID matches a VLAN
ID, then those wireless clients who are members of that VLAN will have AP management access.
CAUTION: Once a VLAN Management ID is configured and is equivalent to one of the VLAN IDs on the AP, all
members of that User VLAN will have management access to the AP. Be careful to restrict VLAN membership
to those with legitimate access to the AP.
Configuring Virtual LAN
VLAN Settings
To configure the TAP’s VLAN, use the VLAN Setting page to configure the ports.
Management VLAN ID
Setting Description Factory Default
VLAN ID
ranges from
1 to 4094
Set the management VLAN of this TAP. 1
Port
Type Description Trunk Port
LAN This port is the LAN port on the TAP. Yes
WLAN This is a wireless port for the specific SSID. This field will refer
to the SSID that you have created. If more SSIDs have been
created, new rows will be added.
Port PVID
Setting Description Factory Default
VLAN ID ranging from 1
to 4094
Set the port’s VLAN ID for devices that connect to the port. The
port can be a LAN port or WLAN ports.
1
VLAN Tagged
Setting Description Factory Default
A comma-separated list
of VLAN IDs. Each of
the VLAN IDs range
from 1 to 4094. For
example: 1,2,3,4.
Specify which VLANs can communicate with this specific VLAN.
(Empty)
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
30
DHCP Server
DHCP (Dynamic Host Configuration Protocol) is a networking protocol that allows administrators to assign
temporary IP addresses to network computers by “leasing” an IP address to a user for a limited amount of time,
instead of assigning permanent IP addresses.
The TAP-213 can act as a simplified DHCP server and easily assign IP addresses to your DHCP clients by
responding to the DHCP requests from the client ends. The IP-related parameters you set on this page will also
be sent to the client.
You can also assign a static IP address to a specific client by entering its MAC address. The TAP-213 provides
a Static DHCP mapping list with up to 16 entities. Be reminded to check the Active check box for each entity
to activate the setting.
You can check the IP assignment status under Status DHCP Client List.
DHCP server
Setting Description Factory Default
Enable Enables TAP-213 as a DHCP server Disable
Disable Disable DHCP server function
Default gateway
Setting Description Factory Default
IP address of a default
gateway
The IP address of the router that connects to an outside
network
None
Subnet mask
Setting Description Factory Default
subnet mask Identifies the type of sub-network (e.g., 255.255.0.0 for a
Class B network, or 255.255.255.0 for a Class C network)
None
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
31
ATTENTION
Be careful when you enable the filter function:
Drop + “no entity on list is activated” = all packets are allowed
Accept + “no entity on list is activated” = all packets are denied
Primary/ Secondary DNS server
Setting Description Factory Default
IP address of Primary/
Secondary DNS server
The IP address of the DNS Server used by your network. After
entering the DNS Server’s IP address, you can use URL as well.
The Secondary DNS server will be used if the Primary DNS
server fails to connect.
None
Start IP address
Setting Description Factory Default
IP address Indicates the IP address which TAP-213 can start assigning None
Maximum number of users
Setting Description Factory Default
1–128 users Specifies how many IP address can be assigned continuously None
Client lease time
Setting Description Factory Default
5-1440 minutes The lease time for which an IP address is assigned. The IP
address may go expired after the lease time is reached.
5 (minutes)
Packet Filters
The TAP-213 includes various filters for IP-based packets going through LAN and WLAN interfaces. You can set
these filters as a firewall to help enhance network security.
MAC Filter
The TAP-213’s MAC filter is a policy-based filter that can allow or filter out IP-based packets with specified MAC
addresses. The TAP-213 provides 8 entities for setting MAC addresses in your filtering policy. Remember to
check the Active check box for each entity to activate the setting.
Enable
Setting Description Factory Default
Enable Enables MAC filter Disable
Disable Disables MAC filter
Policy
Setting Description Factory Default
Accept Only the packets fitting the entities on list can be allowed. Drop
Drop Any packet fitting the entities on list will be denied.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
32
ATTENTION
Be careful when you enable the filter function:
Drop + “no entity on list is activated” = all packets are allowed.
Accept + “no entity on list is activated” = all packets are denied.
IP Protocol Filter
The TAP-213’s IP protocol filter is a policy-based filter that can allow or filter out IP-based packets with
specified IP protocol and source/destination IP addresses.
The TAP-213 provides 8 entities for setting IP protocol and source/destination IP addresses in your filtering
policy. Four IP protocols are available: All, ICMP, TCP, and UDP. You must specify either the Source IP or the
Destination IP. By combining IP addresses and netmasks, you can specify a single IP address or a range of IP
addresses to accept or drop. For example, “IP address 192.168.1.1 and netmask 255.255.255.255” refers to
the sole IP address 192.168.1.1. “IP address 192.168.1.1 and netmask 255.255.255.0” refers to the range of
IP addresses from 192.168.1.1 to 192.168.1.255. Remember to check the Active check box for each entity to
activate the setting.
Enable
Setting Description Factory Default
Enable Enables IP protocol filter Disable
Disable Disables IP protocol filter
Policy
Setting Description Factory Default
Accept Only the packets fitting the entities on the list can be allowed Drop
Drop Any packet fitting the entities on the list will be denied
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
33
TCP/UDP Port Filter
The TAP-213’s TCP/UDP port filter is a policy-based filter that can allow or filter out TCP/UDP-based packets
with a specified source or destination port.
The TAP-213 provides 8 entities for setting the range of source/destination ports of a specific protocol. In
addition to selecting TCP or UDP protocol, you can set either the source port, destination port, or both. The end
port can be left empty if only a single port is specified. Of course, the end port cannot be larger than the start
port.
The Application name is a text string that describes the corresponding entity with up to 31 characters.
Remember to check the Active check box for each entity to activate the setting.
Enable
Setting Description Factory Default
Enable Enables TCP/UDP port filter Disable
Disable Disables TCP/UDP port filter
Policy
Setting
Description Factory Default
Accept
Only the packets fitting the entities on list can be allowed. Drop
Drop
Any packet fitting the entities on list will be denied.
ATTENTION
Be careful when you enable the filter function:
Drop + “no entity on list is activated” = all packets are allowed
Accept + “no entity on list is activated” = all packets are denied
Static Route (For Client-Router mode only)
The Static Routing page is used to configure TAP-213’s static routing table.
Active
Click the checkbox to enable Static Routing.
Destination
You can specify the destination IP address.
Netmask
This option is used to specify the subnet mask for this IP address.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
34
Gateway
The IP address of the router that connects the LAN to an external network.
Metric
Use this option to specify a “cost” for accessing the neighboring network.
Interface
You can select which interface does your routing rules would be set.
NAT Settings/Port Forwarding (For Client-Router mode only)
Network Address Translation (NAT)—or more specifically, one-to-many NAT, NAPT, or PAT—is supported to
facilitate the Client-Router operation mode. This feature translates the out-going communication from multiple
private IPs to a single external IP (WLAN IP) with randomly assigned port for return traffic.
Port Forwarding is needed to allow external devices to initiate communication. Port Forwarding specifies a
static map between external ports (WAN Port) and internal IP/port combos (LAN IP/LAN Port)
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
35
Enabling NAT and Port Forwarding provides the following benefits:
•
Uses the NAT function to hide the Internal IP address of a critical network or device to increase the level of
security of industrial network applications.
•
Uses the same private IP address for different, but identical, groups of Ethernet devices. For example,
1-to-1 NAT makes it easy to duplicate or extend identical production lines
NAT
Setting Description Factory Default
Enable/Disable Enables or disables the NAT translation Disable
Port Forwarding
Active: Click the checkbox to enable Port Forwarding rule(s).
Protocol: Specifies the communication protocol.
WAN Port: Specifies the external port to be forwarded to.
LAN IP: Specifies the “forward to” LAN IP.
LAN Port: Specifies the “forward to” LAN Port.
SNMP Agent
The TAP-213 supports SNMP V1/V2c/V3. SNMP V1 and SNMP V2c use a community string match for
authentication, which means that SNMP servers access all objects with read-only or read/write permissions
using the community string public/private (default value). SNMP V3, which requires you to select an
authentication level of MD5 or SHA, is the most secure protocol. You can also enable data encryption to
enhance data security.
The TAP-213’s MIB can be found in the software CD and supports reading the attributes via SNMP. (Only get
method is supported.)
SNMP security modes and security levels supported by the TAP-213 are shown in the following table. Select the
security mode and level that will be used to communicate between the SNMP agent and manager.
Protocol
Version
Setting on
UI web page
Authentication
Type
Data
Encryption
Method
SNMP
V1, V2c
V1, V2c
Read
Community
Community string
No Use a community string match for
authentication
V1, V2c
Write/Read
Community
Community string
No Use a community string match for
authentication
SNMP V3
No-Auth No No Use account with admin or user to access
objects
MD5 or SHA Authentication
based on MD5 or
SHA
No Provides authentication based on HMAC-MD5,
or HMAC-SHA algorithms. 8-character
passwords are the minimum requirement for
authentication.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
36
Protocol
Version
Setting on
UI web page
Authentication
Type
Data
Encryption
Method
MD5 or SHA Authentication
based on MD5 or
SHA
Data
encryption
key
Provides authentication based on HMAC-MD5
or HMAC-SHA algorithms, and data encryption
key. 8-character passwords and a data
encryption key are the minimum requirements
for authentication and encryption.
The following parameters can be configured on the SNMP Agent page. A more detailed explanation of each
parameter is given below:
Enable
Setting Description Factory Default
Enable Enables SNMP Agent Disable
Disable Disables SNMP Agent
Remote Management
Setting Description Factory Default
Enable Allow remote management via SNMP agent Disable
Disable Disallow remote management via SNMP agent
Read community (for V1, V2c)
Setting Description Factory Default
V1, V2c Read
Community
Use a community string match with a maximum of 31
characters for authentication. This means that the SNMP agent
can access all objects with read-only permissions using this
community string.
public
Write community (for V1, V2c)
Setting Description Factory Default
V1, V2c Read /Write
Community
Use a community string match with a maximum of 31
characters for authentication. This means that the SNMP agent
can accesses all objects with read/write permissions using this
community string.
private
SNMP agent version
Setting Description Factory Default
V1, V2c, V3, or
V1, V2c, or V3 only
Select the SNMP protocol version used to manage the switch. V1, V2c
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
37
Admin auth type (for V1, V2c, V3, and V3 only)
Setting Description Factory Default
No Auth Use admin account to access objects. No authentication No Auth
MD5 Provide authentication based on the HMAC-MD5 algorithms.
8-character passwords are the minimum requirement for
authentication.
SHA Provides authentication based on
HMAC-SHA algorithms. 8-character passwords are the
minimum requirement for authentication.
Admin private key (for V1, V2c, V3, and V3 only)
Setting Description Factory Default
Disable No data encryption Disable
DES DES-based data encryption
AES AES-based data encryption
Private key
A data encryption key is the minimum requirement for data encryption (maximum of 63 characters)
Private MIB Information Device Object ID
Also known as the OID, this is the TAP-213’s enterprise value and is a fixed value.
Mobile IP Settings
The mobile IP technology enables the TAP-213 to roam between Layer 3 networks with a roaming break time
less than 50 ms. When the TAP-213 is in client/client router mode, it is a mobile node (MN) that is able to roam
across different subnets without changing its IP address.
Mobile IP Topology Example:
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
38
Terminology Description
Mobile Node (MN) A host or router that changes its location from one network to another.
Home network The network within which the MN receives its identifying IP address (home
address)
Home address The IP address assigned to the MN within its home network
Foreign network The network in which an MN is operating when away from its home network
Home agent (HA) A router on the home network that provides services to the MN. The home agent
intercepts packets sent to the MN within the home network, encapsulates them,
and then tunnels them to the MN.
Correspondent Node (CN) A peer with which a mobile node is communicating
Co-located Care-of Address
(CCoA)
The new IP address of the MN when operating on a foreign network.
Binding The association of the home address with a CCoA
Setting Description Factory Default
Mobile IP Enable/disable mobile IP capability of the client (mobile node)
for L3 controller based roaming
Disable
Subnet Binding Define a subnet of devices connected behind the client (MN) so
that data will be forwarded to the corresponding device
subnets. Proper IP planning is required to avoid configuring the
subnet binding IP to limit access to the TAP.
Disable
Note that when the Mobile IP is enabled, the corresponding AP and WAC (HA) controller will also need to be
configured properly (with 50 ms roaming enabled) to ensure correct operation of the L3 roaming network.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
39
Link Fault Pass-Through (for Client mode only)
This function means if Ethernet port is link down, wireless connection will be forced to disconnect. Once
Ethernet link is recovered, TAP will try to connect to AP.
If wireless is disconnected, TAP restarts auto-negotiation on Ethernet port but always stays in the link failure
state. Once the wireless connection is recovered, TAP will try to recover the Ethernet link.
System log will indicate the link fault pass-through events in addition to the original link up/down events.
Link Fault Pass-Through
Setting Description Factory Default
Enable Enables the Link Fault Pass-Through function Disable
Disable Disables the Link Fault Pass-Through function
Auto Warning Settings
Since industrial-grade devices are often located at the endpoints of a system, these devices will not always
know what is happening elsewhere on the network. This means that these devices, including wireless APs or
clients, must provide system maintainers with real-time alarm messages. Even when system administrators
are out of the control room for an extended period, they can still be informed of the status of devices almost
instantaneously when exceptions occur.
In addition to logging these events, the TAP-213 supports different approaches to warn engineers
automatically, such as SNMP trap and e-mail. It also supports two digital inputs to integrate sensors into your
system to automate alarms by email.
System Log
System Log Event Types
Detail information for grouped events is shown in the following table. You can check the box for Enable log to
enable the grouped events. All default values are enabled (checked). The log for system events can be seen in
Status System Log.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
40
System-related events Event is triggered when…
System restart (warm start) The TAP-213 is rebooted, such as when its settings are changed
(IP address, subnet mask, etc.).
Network-related events Event is triggered when…
LAN link on The LAN port is connected to a device or network.
LAN link off The port is disconnected (e.g., the cable is pulled out, or the
opposing device shuts down).
Client joined/ left
(for AP mode)
A wireless client is associated or disassociated.
WLAN connected to AP
(for Client mode)
The TAP-213 is associated with an AP.
WLAN disconnected
(for Client mode)
The TAP-213 is disassociated from an AP.
Config-related events Event is triggered when…
Configuration Changed A configuration item has been changed.
Configuration file import via Web Console
The configuration file is imported to the TAP-213.
Console authentication failure An incorrect password is entered.
Firmware upgraded The TAP-213’s firmware is updated.
Power events Event is triggered when…
Power 1/2 transition (On -> Off) The TAP-213 is powered down in PWR1/2.
PoE transition (On -> Off) The TAP-213 is powered down in PoE.
Power 1/2 transition (Off -> On) The TAP-213 is powered via PWR1/2.
PoE transition (Off -> On) The TAP-213 is powered via PoE.
Syslog
This function provides the event logs for the Syslog server. The function supports up to three configurable
Syslog servers and Syslog server UDP port numbers. When an event occurs, the event will be sent as a Syslog
UDP packet to the specified Syslog servers.
Syslog Event Types
Detail information for the grouped events is shown in the following table. You can check the box for Enable log
to enable the grouped events. All default values are enabled (checked). Details for each event group can be
found on the “System log Event Types” table on page 3-31.
NOTE
The RSSI report events option is only supported in client mode.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
41
Syslog Server Settings
You can configure the parameters for your Syslog servers in this page.
Syslog server 1/ 2/ 3
Setting Description Factory Default
IP address Enter the IP address of the 1st/ 2nd/ 3rd Syslog Server None
Syslog port
Setting Description Factory Default
Port destination
(1 to 65535)
Enter the UDP port of the corresponding Syslog server 514
E-mail
E-mail Event Types
Check the box for Active to enable the event items. All default values are deactivated (unchecked). Details for
each event item can be found on the “System log Event Types” table on page 3-31.
E-mail Server Settings
You can set up to 4 e-mail addresses to receive alarm emails from the TAP-213. The following parameters can
be configured on the E-mail Server Settings page. In addition, a Send Test Mail button can be used to test
whether the Mail server and e-mail addresses work well. More detailed explanations about these parameters
are given after the following figure.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
42
Mail server (SMTP)
Setting Description Factory Default
IP address The IP Address of your email server. None
User name & Password
Setting Description Factory Default
User name and password used in the SMTP server None
From e-mail address
Setting Description Factory Default
Max. 63 characters Enter the administrator’s e-mail address which will be shown in
the “From” field of a warning e-mail.
None
To E-mail address 1/ 2/ 3/ 4
Setting Description Factory Default
Max. 63 characters Enter the receivers’ e-mail addresses. None
Traps
Traps can be used to signal abnormal conditions (notifications) to a management station. This trap-driven
notification can make your network more efficient.
Because a management station usually takes care of a large number of devices that have a large number of
objects, it will be overloading for the management station to poll or send requests to query every object on
every device. It would be better if the managed device agent could notify the management station by sending
a message known as a trap for the event.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
43
Trap Event Types
SNMP Trap Receiver Settings
SNMP traps are defined in SMIv1 MIBs (SNMPv1) and SMIv2 MIBs (SNMPv2c). The two styles are basically
equivalent, and it is possible to convert between the two. You can set the parameters for SNMP trap receivers
through the web page.
1st / 2nd Trap version
Setting Description Factory Default
V1 SNMP trap defined in SNMPv1 V1
V2 SNMP trap defined in SNMPv2
1st / 2nd Trap server IP/name
Setting Description Factory Default
IP address or host
name
Enter the IP address or name of the trap server used by your
network.
None
1st / 2nd Trap community
Setting Description Factory Default
Max. of 31 characters Use a community string match with a maximum of 31
characters for authentication.
alert
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
44
Status
Wireless Status
The status for 802.11 info parameters, such as Operation mode and Channel, are shown on the Wireless
Status page. The status will refresh every 5 seconds if the Auto refresh box is checked.
Depending on the operation mode, certain 802.11 info values may not be displayed. For example, the
Current BSSID and Signal strength parameters are not available in the AP mode.
It is helpful to use the continuously updated information on this page, such as Signal strength, to monitor the
signal strength of the TAP-213 in Client mode.
The transmission power indicated is the current transmission power being updated periodically.
Associated Client List (for AP mode only)
Associated Client List shows all the clients that are currently associated to a particular TAP-213. You can click
Select all to select all the content in the list for further editing. You can click Refresh to refresh the list.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
45
DHCP Client List
The DHCP Client List shows all the clients that require and have successfully received IP assignments. You can
click the Refresh button to refresh the list.
You can press Select all button to select all content in the list for further editing.
System Log
Triggered events are recorded in System Log. You can export the log contents to an available viewer by clicking
Export Log. You can use the Clear Log button to clear the log contents and the Refresh button to refresh the
log.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
46
Power Status
The TAP-213 series supports two power supplies—power input 1 and power input 2. The M12 4-pin male
connector on the bottom panel of the TAP-213 is used for the dual power inputs. The status of the power inputs
is shown on the Power Status page. If you check the Auto refresh option, the status of the power supply
inputs are refreshed every 5 seconds.
AeroLink Protection Status (For Client Mode Only)
After enabling AeroLink Protection from the Advanced WLAN Setup panel, the following table shows the current
state of the AeroLink Protection for easier diagnosis.
An AeroLink Protection member could be in 1 or 7 different states:
Initiation State (Init): Initiates the AeroLink Protection Protocol.
Discovering State (Discover): Discovers other AeroLink Protection members for further negotiation.
Idle State (Idle): Internal protocol checkpoint.
Negotiation State (Nego): Negotiates with other AeroLink Protection members and selects Active node.
Backup State (Backup): After negotiation, this node is assigned as the Backup node. All traffic will pass
through the Active node. NOTE: When a node is acting as a Backup node, the STATE LED for the node will blink
to advertise this fact to nearby support engineers.
Active State (Active): After negotiation, this node is assigned Active node status, which means that all traffic
will pass through that node.
Role Change State (Change): If the Active node is no longer capable of data transmission via the WLAN, the
device will enter “change state,” which will result in the device going back to Nego state (likely becoming the
Backup device since the active link is down).
Routing Table
The Routing Table page shows all routing entries.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
47
LAN Status
The LAN Status page shows the LAN information, which includes speed, duplex, link status, and packet status.
Maintenance
Maintenance functions provide the administrator with tools to manage the TAP-213 and wired/wireless
networks.
Console Settings
You can enable or disable access permission for the following consoles: HTTP, HTTPS, Telnet, and SSH
connections. For more security, we recommend you only allow access to the two secured consoles, HTTPS and
SSH.
Ping
Ping helps to diagnose the integrity of wired or wireless networks. By inputting a node’s IP address in the
Destination field, you can use the ping command to make sure it exists and whether or not the access path
is available.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
48
ATTENTION
Please make sure the power source is stable when you upgrade your firmware. An unexpected power breakup
may damage your TAP-213.
If the node and access path are available, you will see that all packets were successfully transmitted with no
loss. Otherwise, some, or even all, packets may get lost, as shown in the following figure.
Firmware Upgrade
The TAP-213 can be enhanced with more value-added functions by installing firmware upgrades. The latest
firmware is available at Moxa’s download center.
Before running a firmware upgrade, make sure the TAP-213 is off-line. Click the Browse button to specify the
firmware image file and click Firmware Upgrade and Restart to start the firmware upgrade. After the
progress bar reaches 100%, the TAP-213 will reboot itself.
When upgrading your firmware, the TAP-213’s other functions are forbidden.
Config Import/Export
You can back up and restore the TAP-213’s configuration with Config Import and Config Export functions.
In the Config Import section, click Browse to specify the configuration file and click on the Config Import
button to begin importing the configuration.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
49
Downloading the Configuration from a TFTP Server
You can download a configuration file from a TFTP server on to your TAP-213 as follows:
1.
Start your TFTP server.
2.
Copy the TAP-213 configuration file to a folder on the TFTP server.
3.
On the TAP-213 Config Import page, input your TFTP server IP and Configuration path.
4.
Input your configuration File name with the filename extension or click on the Config Import button to
browse to the file.
Once the configuration downloads successful, you will see "TFTP import success" information on the web
page.
5.
Click Save and then Restart on the top-right side.
You can also back up or restore the ABC-02 configuration with Config Import Export.
To download the configuration to the TAP:
1.
Turn off the TAP.
2.
Plug in the ABC-02 to the TAP’s USB port.
3.
Turn on TAP.
4.
TAP will detect ABC-02 during the boot up process, and download the configuration from the ABC-02 to the
TAP automatically. Once the configuration downloads and if configuration format is correct, the TAP will
emit three short beeps, and then continue the boot up.
5.
Once the TAP has booted up successfully, it will emit the normal two beeps, and the ready LED will turn to
solid green.
NOTE
The configuration path is the path of the configuration file, which is a relative path. If your configuration file is
already available in a folder on the TFTP server, you can leave this field blank.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
50
SNMP MIB file for TAP-213 is embedded in the device. To export the MIB file, simply click on the “MIB Export”
button and save it to your local drive.
Load Factory Default
Use this function to reset the TAP-213 and roll all settings back to the factory or customized (using imported
configuration file in the Default Config Import screen) default values. You can also reset the hardware by
pressing the reset button on the bottom panel of the TAP-213.
Username/Password
You can change the administration username and password for each of the TAP-213’s console managers by
using the Username/Password function. Before you set up a new password, you must input the current
password and reenter the new password for confirmation. For your security, do not use the default password
moxa, and remember to change the administration password regularly.
Locate Device
The AP can be identified by a beeping sound and flashing LED when clicking on the “start to locate” button. To
stop the beeping, click on the “stop locating” button.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
51
Misc. Settings
Additional settings to help you manage your TAP-213 are available on this page.
Reset button
Setting Description Factory Default
Always enable The TAP-213’s reset button works normally. Always enable
Always disable The TAP-213’s reset button will not work.
Disable ‘restore to default
function’ after 60 sec
The TAP-213’s reset to default function will be inactive 60
seconds after the TAP-213 finishes booting up.
Save Configuration
The following figure shows how the TAP-213 stores the setting changes into volatile and non-volatile memory.
All data stored in volatile memory will disappear when the TAP-213 is shutdown or rebooted unless they are y.
Because the TAP-213 starts up and initializes with the settings stored in flash memory, all new changes must
be saved to flash memory before restarting the TAP-213.
This also means the new changes will not work unless you run either the Save Configuration function or the
Restart function.
After you click on Save Configuration in the left menu box, the following screen will appear. Click Save if you
wish to update the configuration settings in the flash memory at this time. Alternatively, you may choose to run
other functions and put off saving the configuration until later. However, the new setting changes will remain
in the non-volatile memory until you save the configurations.
Tough
AP
TAP
-
213
Web
Console
Configuration
3
-
52
Restart
If you submitted configuration changes, you will find a blinking string in the upper right corner of the screen.
After making all your changes, click the Restart function in the left menu box. One of two different screens will
appear.
If you made changes recently but did not save, you will be given two options. Clicking the Restart button here
will reboot the TAP-213 directly, and all setting changes will be ignored. Clicking the Save and Restart button
will apply all setting changes and then reboot the TAP-213.
If you run the Restart function without changing any configurations or saving all your changes, you will see
just one Restart button on your screen.
You will not be able to run any of the TAP-213’s functions while the system is rebooting.
Logout
Logout helps users disconnect the current HTTP or HTTPS session and go to the Login page. For security
reasons, we recommend you logout before quitting the console manager.
4
Software Installation and Configuration
The following topics are covered in this chapter:
Overview
Wireless Search Utility
Installing Wireless Search Utility
Configuring Wireless Search Utility
Tough
AP
TAP
-
213
Software
Inst
allation
and
Configuration
4
-
2
Overview
The Wireless Search Utility can be downloaded from the Moxa website at www.moxa.com.
Wireless Search Utility
Installing Wireless Search Utility
Once the Wireless Search Utility is downloaded, run the setup executable to start the installation.
1.
Click Next in the Welcome screen to proceed with the installation.
Tough
AP
TAP
-
213
Software
Inst
allation
and
Configuration
4
-
3
2.
Click Next to install program files to the default directory, or click Browse to select an alternate location.
3.
Click Next to create the program’s shortcut files to the default directory, or click Browse to select an
alternate location.
Tough
AP
TAP
-
213
Software
Inst
allation
and
Configuration
4
-
4
4.
Click Next to select additional tasks.
5.
Click Next to proceed with the installation. The installer then displays a summary of the installation options.
6.
Click Install to begin the installation. The setup window will report the progress of the installation. To
change the installation settings, click Back and navigate to the previous screen.
Tough
AP
TAP
-
213
Software
Inst
allation
and
Configuration
4
-
5
7.
Click Finish to complete the installation of Wireless Search Utility.
Configuring Wireless Search Utility
The Broadcast Search function is used to locate all TAP-213 APs that are connected to the same LAN as your
computer. After locating a TAP-213, you will be able to change its IP address. Since the Broadcast Search
function searches by UDP packets and not IP address, it doesn’t matter if the TAP-213 is configured as an AP
or Client. In either case, APs and Clients connected to the LAN will be located, regardless of whether or not they
are part of the same subnet as the host.
1.
Start the Wireless Search Utility program. When the Login page appears, select the “Device Search only”
option to search for TAPs and to view each TAP’s configuration. Select the “Device management” option to
assign IPs, upgrade firmware, and locate devices.
Tough
AP
TAP
-
213
Software
Inst
allation
and
Configuration
4
-
6
2.
Open the Wireless Search Utility and then click the Search icon.
3.
The “Searching” window indicates the progress of the search. When the search is complete, all TAPs that
were located will be displayed in the Wireless Search Utility window.
Tough
AP
TAP
-
213
Software
Inst
allation
and
Configuration
4
-
7
4.
Click Locate to cause the selected device to beep.
5.
Make sure your TAP is unlocked before using the search utility’s icons setting. The TAP will unlock
automatically if the password is set to the default. Otherwise you must enter the new password manually.
6.
Go to Tools Login Options to manage and unlock additional TAPs.
Tough
AP
TAP
-
213
Software
Inst
allation
and
Configuration
4
-
8
ATTENTION
For security purposes, we suggest you can change the wireless search utility login password instead of using
the default.
7.
Use the scroll down list to select the MAC addresses of those TAPs you would like to manage, and then click
Add. Key in the password for the TAP device and then click OK to save. If you return to the search page and
search for the TAP again, you will find that the TAP will unlock automatically.
To modify the configuration of the highlighted TAP, click on the Web icon to open the web console. This will take
you to the web console, where you can make all configuration changes. Refer to Chapter 3, “Using the Web
Console,” for information on how to use the web console.
Click on Telnet if you would like to use telnet to configure your TAPs.
Tough
AP
TAP
-
213
Software
Inst
allation
and
Configuration
4
-
9
Click Assign IP to change the IP setting.
The three advanced options—Search, Connection, and Miscellaneous—are explained below:
Search
•
Retry count (default=5): Indicates how many times the search will be retried automatically.
•
Retry interval (ms): The time elapsed between retries.
Tough
AP
TAP
-
213
Software
Inst
allation
and
Configuration
4
-
10
Connection
•
Connection timeout (secs): Use this option to set the waiting time for the Default Login, Locate,
Assign IP, Upload Firmware, and Unlock to complete.
•
Upgrade timeout (secs): Use this option to set the waiting time for the connection to disconnect while the
firmware is upgrading. Use this option to set the waiting time for the Firmware to write to flash.
Misc.
Search on start: Checkmark this box if you would like the search function to start searching for devices after
you log in to the Wireless Search Utility.
5
Using Other Consoles
This chapter explains how to access the TAP-213 for the first time. In addition to HTTP access, there are four
ways to access TAP-213: USB console, Telnet console, SSH console, and HTTPS console. The USB console
connection method, which requires using a short USB cable to connect the TAP-213 to a PC’s COM port, can be
used if you do not know the TAP-213’s IP address. The other consoles can be used to access the TAP-213 over
an Ethernet LAN, or over the Internet.
The following topics are covered in this chapter:
USB Console Configuration (115200, None, 8, 1, VT100)
Configuration via Telnet and SSH Consoles
Configuration by Web Browser with HTTPS/SSL
Disabling Telnet and Browser Access
Tough
AP
TAP
-
213
Using
Other
Console
5
-
2
USB Console Configuration (115200, None, 8, 1,
VT100)
The USB console connection method, which requires using a short USB cable to connect the TAP-213 to a PC’s
COM port, can be used if you do not know the TAP-213’s IP address. It is also convenient to use USB console
configurations when you cannot access the TAP-213 over Ethernet LAN, such as in the case of LAN cable
disconnections or broadcast storming over the LAN.
Before running PComm Terminal Emulator, use an M12 5-pin B-coded to USB type A cable to connect the
TAP-213’s USB console port to your PC’s COM port (generally COM1 or COM2, depending on how your system
is set up). After installing PComm Terminal Emulator, take the following steps to access the USB console utility.
1.
From the Windows desktop, open the Start menu and run the PComm Terminal Emulator from the
PComm (Lite) group.
2.
In the Port Manager menu, select Open to open a new connection.
3.
The Communication Parameter page of the Property window opens. Select the appropriate COM port for
Console Connection, 115200 for Baud Rate, 8 for Data Bits, None for Parity, and 1 for Stop Bits. Click on
the Terminal tab, and select VT100 (or ANSI) for Terminal Type. Click on OK to continue.
NOTE
-The USB driver is available for download at: http://www.moxa.com/product/UPort_2210.htm
-You will see two COM ports. Select the first port (COM1) to connect to the TAP-213 USB console. The COM2
port is reserved for future use.
NOTE
We recommend using the Moxa PComm (Lite) Terminal Emulator, which is available for download at:
http://www.moxa.com/product/download_pcommlite_info.htm.
Tough
AP
TAP
-
213
Using
Other
Console
5
-
3
ATTENTION
If you unplug the USB cable or trigger DTR, a disconnection event will be evoked to enforce logout for network
security. You will need to log in again to resume operation.
4.
The Console login screen will appear. Log into the USB console with the login name (default: admin) and
password (default: moxa, if no new password is set).
5.
The TAP-213’s device information and Main Menu will be displayed. Please follow the description on screen
and select the administration option you wish to perform.
NOTE
To modify the appearance of the PComm Terminal Emulator window, select Edit Font and then choose the
desired formatting options.
Tough
AP
TAP
-
213
Using
Other
Console
5
-
4
Configuration via Telnet and SSH Consoles
You may use Telnet or SSH client to access the TAP-213 and manage the console over a network. To access the
TAP-213’s functions over the network from a PC host that is connected to the same LAN as the TAP-213, you
need to make sure that the PC host and the TAP-213 are on the same logical subnet. To do this, check your PC
host’s IP address and subnet mask.
Follow the steps below to access the console utility via Telnet or SSH client.
1.
From Windows Desktop, go to Start Run, and then use Telnet to access the TAP-213’s IP address from
the Windows Run window (you may also issue the telnet command from the MS-DOS prompt).
2.
When using SSH client (ex. PuTTY), please run the client program (ex. putty.exe) and then input the
TAP-213’s IP address, specifying 22 for the SSH connection port.
The console login screen is displayed. Refer to the USB Console Configuration section for login and
administration information.
3.
Log in into the command page (default username/password is admin/moxa, if no new password is set).
TAP-213 supports the CLI mode. You can use the TAB key to check a related CLI command.
NOTE The TAP-213’s default IP address is 192.168.127.253 and the default subnet mask is 255.255.255.0 (for
a Class C network). If you do not set these values properly, please check the network settings of your PC host
and then change the IP address to 192.168.127.xxx and subnet mask to 255.255.255.0.
Tough
AP
TAP
-
213
Using
Other
Console
5
-
5
Configuration by Web Browser with HTTPS/SSL
To secure your HTTP access, the TAP-213 supports HTTPS/SSL encryption for all HTTP traffic. Perform the
following steps to access the TAP-213’s web browser interface via HTTPS/SSL.
1.
Open your web browser and type https://<TAP-213’s IP address> in the address field. Press Enter to
establish the connection.
2.
Click on continue to this website.
The protocol in the URL changes to HTTPS. You can now enter your username and password to login into the
function page.
Tough
AP
TAP
-
213
Using
Other
Console
5
-
6
Disabling Telnet and Browser Access
If you are connecting the TAP-213 to a public network but do not intend to use its management functions over
the network, then we suggest disabling both Telnet Console and Web Configuration. Please run Maintenance
Console Settings to disable them, as shown in the following figure.
A
References
This chapter provides more detailed information about wireless-related technologies. The information in this
chapter can help you manage your TAP-213s and plan your industrial wireless network better.
The following topics are covered in this appendix:
Beacon
DTIM
Fragment
RTS Threshold
STP and RSTP
The STP/RSTP Concept
Differences between RSTP and STP
Tough
AP
TAP
-
213
References
A
-
2
Beacon
A beacon is a packet broadcast by the AP to keep the network synchronized. A beacon includes the wireless LAN
service area, the AP address, the Broadcast destination address, a time stamp, Delivery Traffic Indicator Maps
(DTIM), and the Traffic Indicator Message (TIM). Beacon Interval indicates the frequency interval of AP.
DTIM
Delivery Traffic Indication Map (DTIM) is contained in beacon frames. It is used to indicate that broadcast and
multicast frames buffered by the AP will be delivered shortly. Lower settings result in more efficient networking,
while preventing your PC from dropping into power-saving sleep mode. Higher settings allow your PC to enter
sleep mode, thus saving power.
Fragment
A lower setting means smaller packets, which will create more packets for each transmission. If you have
decreased this value and experience high packet error rates, you can increase it again, but it will likely decrease
overall network performance. Only minor modifications of this value are recommended.
RTS Threshold
RTS Threshold (256-2346) – This setting determines how large a packet can be before the Access Point
coordinates transmission and reception to ensure efficient communication. This value should remain at its
default setting of 2,346. When you encounter inconsistent data flow, only minor modifications are
recommended.
STP and RSTP
The STP/RSTP Concept
Spanning Tree Protocol (STP) was designed to help reduce link failures in a network, and provide protection
from loops. Networks that have a complicated architecture are prone to broadcast storms caused by
unintended loops in the network. The STP protocol is part of the IEEE802.1D standard, 1998 Edition bridge
specification.
Rapid Spanning Tree Protocol (RSTP) implements the Spanning Tree Algorithm and Protocol defined by
IEEE802.1w-2001 standard. RSTP provides the following benefits:
•
The topology of a bridged network will be determined much more quickly compared to STP.
•
RSTP is backward compatible with STP, making it relatively easy to deploy. For example:
Defaults to sending 802.1D-style BPDUs if packets with this format are received.
STP (802.1D) and RSTP (802.1w) can operate on the LAN ports and WLAN ports of the same TAP-213.
This feature is particularly helpful when the TAP-213 connects to older equipment, such as legacy switches.
Tough
AP
TAP
-
213
References
A
-
3
Differences between RSTP and STP
RSTP is similar to STP, but includes additional information in the BPDUs that allow each bridge to confirm that
it has taken action to prevent loops from forming when it decides to enable a link to a neighboring bridge.
Adjacent bridges connected via point-to-point links will be able to enable a link without waiting to ensure that
all other bridges in the network have had time to react to the change. The main benefit of RSTP is that the
configuration decision is made locally rather than network-wide, allowing RSTP to carry out automatic
configuration and restore a link faster than STP.
B
Supporting Information
This chapter presents additional information about this product. You can also learn how to contact Moxa for
technical support.
The following topics are covered in this appendix:
Firmware Recovery
DoC (Declaration of Conformity)
Federal Communication Commission Interference Statement
Antenna Gain and RF Radiated Power
R&TTE Compliance Statement
Tough
AP
TAP
-
213
Supporting
Information
B
-
2
Firmware Recovery
When the LEDs of FAULT, Signal Strength, CLIENT, BRIDGE and WLAN all light up simultaneously and
blink at one-second interval, it means the system booting has failed. It may result from some wrong operation
or uncontrollable issues, such as an unexpected shutdown during firmware update. The TAP-213 is designed to
help administrators recover such damage and resume system operation rapidly. You can refer to the following
instructions to recover the firmware:
Connect to the TAP-213’s ES-232 console with 115200bps and N-8-1. You will see the following message
shown on the terminal emulator every one second.
Press Ctrl - C and the following message will appear.
Enter 2 to change the network setting. Specify the location of the TAP-213’s firmware file on the TFTP server
and press y to write the settings into flash memory.
TAP-213 restarts, and the “Press Ctrl-C to enter Firmware Recovery Process…” message will reappear. Press
Ctrl-C to enter the menu and select 1 to start the firmware upgrade process.
Tough
AP
TAP
-
213
Supporting
Information
B
-
3
Select 0 in the sub-menu to load the firmware image via LAN, and then enter the file name of the firmware to
start the firmware recovery.
DoC (Declaration of Conformity)
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part
15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in
a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with the instructions, may cause harmful interference to radio
communications. However, there is no guarantee that interference will not occur in a particular installation. If
this equipment does cause harmful interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one of the
following measures:
•
Reorient or relocate the receiving antenna.
•
Increase the separation between the equipment and receiver.
•
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
•
Consult the dealer or an experienced radio/TV technician for help.
FCC Caution: To assure continued compliance, (example – use only shielded interface cables when connecting
to computer or peripheral devices). Any changes or modifications not expressly approved by the party
responsible for compliance could void the user’s authority to operate this equipment. This transmitter must not
be co-located or operated in conjunction with any other antenna or transmitter.
FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with a minimum distance of 20 cm between the radiator & your
body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This
device may not cause harmful interference, and (2) this device must accept any interference received,
including interference that may cause undesired operation.
FCC 15.407(e): Within the 5.15-5.25 GHz band, U-NII devices will be restricted to indoor operations to reduce
any potential for harmful interference to co-channel MSS operations.
Tough
AP
TAP
-
213
Supporting
Information
B
-
4
R&TTE Compliance Statement
Moxa declares that the apparatus TAP-213 complies with the essential requirements and other relevant
provisions of Directive 1999/5/EC.
This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT
AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal equipment and the
mutual recognition of their conformity (R&TTE).
The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal
Equipment and Satellite Earth Station Equipment) as of April 8, 2000.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However, special
attention must be paid to the dangers of electric shock and static electricity when working with electrical
equipment. All guidelines of this and of the computer manufacturer must therefore be allowed at all times to
ensure the safe use of the equipment.
EU Countries Intended for Use
The ETSI version of this device is intended for home and office use in Austria, Belgium, Denmark, Finland,
France (with Frequency channel restrictions), Germany, Greece, Ireland, Italy, Luxembourg, Portugal, Spain,
Sweden, The Netherlands, and United Kingdom.
The ETSI version of this device is also authorized for use in EFTA member states Norway and Switzerland.
EU Countries Not Intended for Use
None.
Potential Restrictive Use
France: only channels 10, 11, 12, and 13.