NETSCOUT Systems AM5010-001 802.11a+802.11g Dual Band Wireless Access Point User Manual

Fluke Networks/AirMagnet 802.11a+802.11g Dual Band Wireless Access Point

UserManual.wiki >

NETSCOUT Systems >

AM5010 001 User Manual

user manual

0802.11a+802.11g Dual BandWireless Access PointUser’s Manual

1Chapter 1 Introduction1.1 Featurel Fully interoperable with IEEE 802.11b compliant products.l High-Speed data transfer rate up to 11Mbps.l 64-bit and 128-bit WEP Encryption.l MAC Address filtering.l Web-Based Network Manager/Telnet for Configuring and Managing Your access points.l SNMP MIB I and MIB II supported.l Capable of acting as a DHCP Server.l Remote Management supported.l Firmware Upgrade via WEB/TFTPl IEEE802.1x/RADIUS Client (EAP-MD5/TLS/TTLS) Support1.2 Package Contentsl One CD-ROM with User Guide includedl One Power Adapterl One CAT 5 UTP Cablel One Fast Start Guide and One Registration CardChapter 2 Hardware Configuration2.1 Hardware Configuration1. RJ-45 Ethernet connector Provides 10/100 Mbps connectivity to a wired Ethernet LAN.2. Reset ButtonBy pressing this button for over 3 seconds, the AP will be reset with factory defaultconfiguration.3. Power Supply connectorIt is for connecting to the power adapter.2.2 Hardware Installation1. Configure your notebook or PC with Wireless LAN card.2. For Wired LAN, connect your PCs’ Ethernet port to any AP’s LAN port by an Ethernet cable.3. For WLAN, locate the AP to a proper position.4. Plug the power cord into a power outlet.

2Chapter 3 Configuring your PC1. Change the TCP/IP setting of your managing computer. Select the TCP/IP line that has beenassociated to your network card. Click the Properties button.2. Make sure the IP address of your computer and the AP are in the same subnet. The default IPaddress of the access point is 192.168.1.1 and the default subnet mask is 255.255.255.0.

33. For WLAN, open the WLAN client utility. Click Configuration tab. Type default SSID (defaultSSID: wireless) in the Network Name field. Choose “Access Point” for Network Type, thenclick OK button.Note: the default channel is 6.Configuring the Router through Web BrowserChapter 4 Initial Software Installation and ConfigurationThe access point can be configured through your web browser with the Web-Based Utility.Open your web browser and type the default IP address of the AP in the address field (default IP:192.168.1.1) and press Enter. Make sure the IP address of AP and your computer are in the samesubnet.After the connection is established, you will see the User Login page as shown below. Leavethe password field blank when the first time you open the Web-Based utility. You can change thepassword on the “Administrator settings” page.The system will be time out after idling about 1 minute. You have to login again to re-enter themain setting page. You can change the idle time out period on the “Administrator settings” page.On any page, you can click HELP to obtain more descriptions and explanations. To clear anyvalues you’ve entered on any page, click CANCEL and re-enter information.

4There are three tabs on the upper right-corner of each page. To go back to the main setting page,press HOME tab. To log out of the web management, press EXIT tab. To complete any change youhave made, press RESET tab after clicking APPLY button.

5Chapter 5 Configuring the Access Point through web browser5.1.1 Administrator SettingsSet a password to restrict management access to the access point. If you want to manage the accesspoint from a remote location (outside of the local network), you must also specify the IP address ofthe remote PC.Password Settings:To change your password, enter your current password in the “Current Password” box. Enternew password in the “Password” box. Enter it again in the “Re-type password” box to confirm it.Click APPLY to complete your change.The “idle Time Out” is the amount of time of inactivity before the access point willautomatically close the Administrator session. Set this to zero to disable it.Remote Management: By default, management access is only available to users on your local network. However, youcan also manage the access point from a remote host. Just check the Enable check box and enter theIP address of an administrator to this screen.

65.1.2 Firmware UpgradeThe firmware information is displayed on this page. You can find firmware version and firmwaredate here. There are two ways to upgrade the firmware: “Using TFTP” and “Using WEB”. Click“NEXT” button to choose the one you want.l Using TFTPOn the managed computer, run the TFTP Server utility. And specify the folder in which thefirmware file resides. After running the TFTP server, enter the TFTP server IP and the filename onthe following page. Click on APPLY to complete your change.

7l Using WEBType the correct firmware file path and file name on the File field. You can click Browse toselect the file location. Click on APPLY to complete your change.5.1.3 Configuration ToolsThis tool can backup or restore the AP’s configuration. It can also restore the original factorydefault settings.l Restore Factory default configuration:(1) Chick the “Restore Factory Default Configuration” button and then click NEXT.

8 (2) Click Restore button to force the access point to perform reset and restore the originalfactory settings.l Backup Setting/Restore Settings:(1) Check the “Backup Settings/Restore Settings” radio button and click NEXT.(2) To save the access point's current configuration to a file named "config.bin" on your PC, clickBackup Settings button.(3) To restore configuration, you can use the "Restore Settings" tool to restore the savedconfiguration of the access point.(4) Enter the path and file name then click Restore Settings button. You can also click Browse tolocate and select the previously saved backup file.

95.1.4 StatusThe Status window displays current information and settings for your AP. It has five mainparts – LAN, Wireless 11a, Wireless 11g, System Information.

10For LAN, it displays AP’s IP address, MAC address, and Subnet Mask. It also displays the IPaddress of the DNS and the number of clients connected by DHCP server.For Wireless 11a, it displays SSID, Channel, WEP security status, and wireless MAC addressof the 11a adapter.For Wireless 11g, it displays SSID, Channel, WEP security status, and wireless MAC addressof the 11g adapter.For System Information, it displays system time, firmware version, firmware date, hardwareversion, and serial number.You can obtain the most up-to-date information by pressing the “Refresh” button.5.1.5 ResetIn the event that the access point stops responding correctly or in some way stops functioning,you can perform a reset. Your settings will not be changed. To perform the reset, click on the Resetbutton below. You will be asked to confirm your decision. The reset will take about 18 seconds.

11 5.2 LAN Setting5.2.1 LAN SettingsYou can change the basic settings of AP here, including IP address, Subnet mask, IP PoolAddress, Lease Time, and Local Domain Name. Click APPLY to complete your change.

12(1) IP Address: The IP address of the AP. You should have a unique IP address to your network.The default value is 192.168.1.1.(2) Subnet Mask: The Subnet Mask of your access point. The default value is 255.255.255.0.(3) DHCP Server: By default, the AP can function as a DHCP server. The AP can automaticallyassign an IP address to a client. To enable this function, clear the “Enable” check box.(4) IP Pool Starting Address & IP Pool Ending Address: The first and the last address in the IPaddress pool.(5) Lease Time: The period client can have the IP address assigned by DHCP server.(6) Local Domain Name: It’s optional.5.2.2 DNS SettingsDomain Name Servers are used to map an IP address to the equivalent domain name. Your ISPshould provide the IP address for one or more domain name servers. The access point can be a DNSrelay to send clients’ request to the Domain Name Server. You can do a DNS lookup to find the IPaddress of some specific servers. Click APPLY to complete your change.

135.2.3 MAC ControlYou can block certain clients PCs accessing the internet based on MAC address.When you enable “MAC Address Control” without allowing unspecified MAC addressconnect to internet, you will block all client PCs accessing the internet. The clients whose MACaddresses listed in the “MAC Address Control List” can access the internet only if the “AllowConnect to Internet is checked.5.2.4 MAC address filteringThe maximum number of items is 64. Check the select check box to include or excludecorresponding items. The wireless clients whose MAC addresses listed in the “MAC address table”cannot get associations to the AP while the “Filtering type” is chosen to “Include”. On the otherhand, only those wireless clients’ with MAC addresses listed in the “Exclude” filtering list canassociate to the AP. The MAC address filtering function can be disabled by choosing the “Filteringtype” to “Disable”. Click APPLY to complete your change.

145.3 Wireless SettingGeneralSelect the country regulatory domain which you belong to.n 11aIn this window you can make changes to the default wireless settings. For communicating, allcomputers on the network must be within the same IP Address range, and have the same settings forthe Radio channel and SSID. If you don’t want to utilize WEP Encryption, select “None” to disable

15this function.1. SSID: The SSID is a unique name shared among all points in your wireless network. TheSSID must be identical for all points in the network. It is case sensitive and must not exceed32 characters. The default SSID for 11a Interface is wireless_11a.2. Channel: The channel shared by all wireless devices. The range of channel is 1~14.3. WEP: Short for Wired Equivalent Privacy, a security protocol for wireless local areanetworks (WLANs) defined in the 802.11a standard. WEP is designed to provide the samelevel of security as that of a wired LAN. Select None to disable this function.There are two WEP Encryption key length: 64-bit(10 hex digits) 128 bit(26 hex digits) and152 bit(32 hex digits).n Data Rate: Specify the transmit and receive data rate. Select the desired rate from thedrop-down menu.n Transmit Power: Specify the level of the transmit power. Use the drop-down menu tospecify the value of the transmit power.n Beacon Interval (20~1000): Beacon transmissions announce the existence of 802.11network at regular intervals. Enter a value between 20 and 1000 to specify the BeaconInterval.n Data Beacon Rate (1~16384): Specify the Data Beacon Rate. Enter a value between 1and 16384 that specify the Delivery Traffic Indication Message (DTIM).n Fragment Length (256~2346): Enter a value between 256 and 3346 to specify theFragment Length.n RTS/CTS Threshold (256~2346): Packets large than the value are preceded by anRTS/CTS handshake. Enter a value between 256 and 2346 to specify the value of the RTS/CTS Threshold.

164. 802.1X: The 802.1X standard is designed to enhance the security of wireless local area networksthat follow the IEEE 802.11 standard. 802.1X uses an existing protocol, the ExtensibleAuthentication Protocol (EAP) for message exchange during the authentication process. In a wireless LAN with 802.1X, a user requests access to an access point (known as theauthenticator). The access point forces the user into an unauthorized state that allows the client tosend only an EAP-start message. The AP replies with an EAP-request identify message to obtainthe clients identity. The clients EAP-response packet containing the clients identity is forwarded tothe authentication server. The authentication server is configured to authenticate clients with aspecific authentication algorithm. The result is an accept or reject packet from authentication serverto AP. Once authenticated, the AP opens the client’s port and traffic will be forwarded.Authentication type: There are three EAP (Extensible Authentication Protocol) types supported.You can choose between EAP-TLS1, EAP-MD52, and EAP -TTLS3. You can choose NONE todisable the 802.1X. 1 TLS- Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the

17Re-authentication time: The time period that AP informs clients to re-authenticate.Radius Server:1. Primary Radius Server: The IP address and port number of Primary Radius Server. Youneed to know the shared secret between AP and Radius Server. The default port number is 1812.2. Backup Radius Server: The IP address, shared secret, and port number of backup RadiusServer. It is optional.n 11gIn this window you can make changes to the default wireless settings. For communicating, allcomputers on the network must be within the same IP Address range, and have the same settings forthe Radio channel and SSID. If you don’t want to utilize WEP Encryption, select “None” to disablethis function.1. SSID: The SSID is a unique name shared among all points in your wireless network. TheSSID must be identical for all points in the network. It is case sensitive and must notexceed 32 characters. The default SSID for 11g Interface is wireless_11g.2. Channel: The channel shared by all wireless devices. The range of channel is 1~14.3. WEP: Short for Wired Equivalent Privacy, a security protocol for wireless local areanetworks (WLANs) defined in the 802.11a standard. WEP is designed to provide the samelevel of security as that of a wired LAN. Select None to disable this function.There are two WEP Encryption key length: 64-bit(10 hex digits) 128 bit(26 hex digits) and152 bit(32 hex digits).n Data Rate: Specify the transmit and receive data rate. Select the desired rate from thedrop-down menu.n Transmit Power: Specify the level of the transmit power. Use the drop-down menu tospecify the value of the transmit power.n Beacon Interval (20~1000): Beacon transmissions announce the existence of 802.11network at regular intervals. Enter a value between 20 and 1000 to specify the BeaconInterval.n Data Beacon Rate (1~16384): Specify the Data Beacon Rate. Enter a value between 1and 16384 that specify the Delivery Traffic Indication Message (DTIM).n Fragment Length (256~2346): Enter a value between 256 and 3346 to specify theFragment Length. Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is thesuccessor to the Secure Sockets Layer.2 MD5- provides basic security and is analogous to the challenge handshake authentication protocol (CHAP). MD5 is intended for usewith signal signature applications, which require that large files must be compressed by a secure method before being encrypted with asecret key, under a public key cryptosystem.3 TTLS- provides mutual authentication, supports legacy password protocols and does not require clients to have certificates. As a result,enterprises can reduce the costs associated with operating a certificate authority to distribute and revoke user certificates.

18n RTS/CTS Threshold (256~2346): Packets large than the value are preceded by anRTS/CTS handshake. Enter a value between 256 and 2346 to specify the value of the RTS/CTS Threshold.4. 802.1X: The 802.1X standard is designed to enhance the security of wireless local areanetworks that follow the IEEE 802.11 standard. 802.1X uses an existing protocol, theExtensible Authentication Protocol (EAP) for message exchange during the authenticationprocess. In a wireless LAN with 802.1X, a user requests access to an access point (known as theauthenticator). The access point forces the user into an unauthorized state that allows theclient to send only an EAP-start message. The AP replies with an EAP-request identifymessage to obtain the clients identity. The clients EAP-response packet containing theclients identity is forwarded to the authentication server. The authentication server isconfigured to authenticate clients with a specific authentication algorithm. The result is anaccept or reject packet from authentication server to AP. Once authenticated, the AP opensthe client’s port and traffic will be forwarded.

19Authentication type: There are three EAP (Extensible Authentication Protocol) typessupported. You can choose between EAP-TLS4, EAP-MD55, and EAP -TTLS6. You canchoose NONE to disable the 802.1X.Re-authentication time: The time period that AP informs clients to re-authenticate.Radius Server:1. Primary Radius Server: The IP address and port number of Primary Radius Server.You need to know the shared secret between AP and Radius Server. The default port numberis 1812.2. Backup Radius Server: The IP address, shared secret, and port number of backupRadius Server. It is optional. 4 TLS- Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on theInternet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is thesuccessor to the Secure Sockets Layer.5 MD5- provides basic security and is analogous to the challenge handshake authentication protocol (CHAP). MD5 is intended for usewith signal signature applications, which require that large files must be compressed by a secure method before being encrypted with asecret key, under a public key cryptosystem.6 TTLS- provides mutual authentication, supports legacy password protocols and does not require clients to have certificates. As a result,enterprises can reduce the costs associated with operating a certificate authority to distribute and revoke user certificates.

20n 802.1x StatusIn this window, it shows the 802.1x status information of the supplicants, including theport number, MAC address, Authentication PAE state, Backend state, Rx bytes, TxFrames, Tx bytes, Session time, and Last Session time.5.4 SNMPShort for Simple Network Management Protocol, a set of protocols for managing complexnetworks. SNMP works by sending messages, called protocol data units (PDUs), to different partsof a network. SNMP-compliant devices, called agents, store data about themselves in ManagementInformation Bases (MIBs) and return this data to the SNMP requesters.5.4.1 SNMP CommunitySNMP Community provides a simple kind of password protection. Access to the SNMPdevice is controlled through community names. The community name can be thought of as apassword. If you don’t have the correct community name you can’t retrieve any data (get) or makeany changes (sets). Multiple SNMP managers may be organized in a specified community. You canchange your SNMP community settings on this screen. Check the “Enable” check box to enable theSNMP function. Click APPLY to complete your change.Validity: You can enable or disable the SNMP function of the corresponding community item.

21Access Right: Select a access right for the corresponding SNMP community(Deny7/Read8/Write9). Community: Specify the name of community for the SNMP manager( Private/Public). Byconvention, “Public” community is with a read-only access right.5.4.2 SNMP TrapTraps can be used by network entities to signal abnormal conditions to management stations.SNMP TRAP message can be sent to a host. Click APPLY to complete your settings.Version: Select the SNMP Version. Select “Disable” to disable the snmp trap function of the corresponding item. Version1: SNMP Version1 Version2: SNMP Version2IP Address: Specify the IP Address of the SNMP Manager for SNMP Trap Report.Community: Specify the name of community ( public/Private) for SNMP manager.Following are the traps supported in the access point:Cold-start trap:This trap indicates that the specified node’s power has just come on. The cold-start trap isgenerated every time the access point is power-cycled. Cold-start traps are not generateduntil three seconds after the access point is power-cycled. This allows time for the hardwareproviding the low-level IP network interface to start up and stabilize before attempting tosend a packet. 7 Deny community will not allow a remote device to read information from a device or to modify settings on thatdevice.8 Read-only community enables a remote device to retrieve "read-only" information from a device.9 Read-Write community allows a remote device to read information from a device and to modify settings on thatdevice.

22 Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class Bdigital device, pursuant to Part 15 of the FCC Rules. These limits are designed toprovide reasonable protection against harmful interference in a residentialinstallation. This equipment generates, uses and can radiate radio frequencyenergy and, if not installed and used in accordance with the instructions, may causeharmful interference to radio communications. However, there is no guarantee thatinterference will not occur in a particular installation. If this equipment does causeharmful interference to radio or television reception, which can be determined byturning the equipment off and on, the user is encouraged to try to correct theinterference by one of the following measures: -Reorient or relocate the receiving antenna. -Increase the separation between the equipment and receiver. -Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. -Consult the dealer or an experienced radio/TV technician for help. This device complies with Part 15 of the FCC Rules. Operation is subject to thefollowing two conditions: (1) This device may not cause harmful interference, and (2)this device must accept any interference received, including interference that maycause undesired operation. FCC Caution: Any changes or modifications not expressly approved by the partyresponsible for compliance could void the user's authority to operate this equipment. IMPORTANT NOTE: FCC Radiation Exposure Statement: This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated withminimum distance 20cm between the radiator & your body. If this device is going to be operated in 5.15 ~ 5.25GHz frequency range, then it isrestricted in indoor environment only. This transmitter must not be co-located or operating in conjunction with any otherantenna or transmitter.