Sercomm AP101NA 802.11n Wireless Access Point User Manual 802 11b 802 11 g 802 1x Wireless Access Point

Sercomm Corporation 802.11n Wireless Access Point 802 11b 802 11 g 802 1x Wireless Access Point

UserManual.wiki >

AP101NA User Manual

user manual

802.11n WirelessAccess PointAP101nA,WNAP-3000PEUser's Guide

TABLE OF CONTENTS፧CHAPTER 1 INTRODUCTION ............................................................................................. 1Features of your Wireless Access Point........................................................................... 1Package Contents .............................................................................................................. 3Physical Details.................................................................................................................. 4CHAPTER 2 INSTALLATION............................................................................................... 6Requirements..................................................................................................................... 6Procedure ........................................................................................................................... 6CHAPTER 3 ACCESS POINT SETUP .................................................................................. 8Overview ............................................................................................................................ 8Setup using the Windows Utility...................................................................................... 8Setup using a Web Browser............................................................................................ 11System Basic Settings Screen.......................................................................................... 13System Advanced Settings Screen.................................................................................. 15Wireless Screens .............................................................................................................. 17Basic Screen .....................................................................................................................17Virtual AP Settings.......................................................................................................... 20Virtual AP Screen............................................................................................................ 21Radius Server Settings .................................................................................................... 33Access Control ................................................................................................................. 34Advanced Settings ........................................................................................................... 37Wi-Fi Protected Setup..................................................................................................... 39CHAPTER 4 PC AND SERVER CONFIGURATION ....................................................... 40Overview .......................................................................................................................... 40Using WEP .......................................................................................................................40Using WPA-PSK/WPA2-PSK ........................................................................................ 41Using WPA-Enterprise ................................................................................................... 42802.1x Server Setup (Windows 2000 Server)................................................................ 43802.1x Client Setup on Windows XP ............................................................................. 53Using 802.1x Mode (without WPA) ............................................................................... 59CHAPTER 5 OPERATION AND STATUS ......................................................................... 60Operation ......................................................................................................................... 60Status Screen.................................................................................................................... 60CHAPTER 6 ACCESS POINT MANAGEMENT............................................................... 67Overview .......................................................................................................................... 67Admin Login Screen........................................................................................................ 67Auto Config/Update ........................................................................................................ 69Config File........................................................................................................................ 70SNMP ............................................................................................................................... 72Log Settings...................................................................................................................... 74Firmware Upgrade.......................................................................................................... 76APPENDIX A SPECIFICATIONS ....................................................................................... 77Wireless Access Point...................................................................................................... 77APPENDIX B TROUBLESHOOTING ................................................................................ 81Overview .......................................................................................................................... 81General Problems............................................................................................................ 81APPENDIX C WINDOWS TCP/IP....................................................................................... 83Overview .......................................................................................................................... 83Checking TCP/IP Settings - Windows 9x/ME: ............................................................. 83Checking TCP/IP Settings - Windows NT4.0 ............................................................... 85Checking TCP/IP Settings - Windows 2000.................................................................. 87i

Wireless Access Point User GuideChecking TCP/IP Settings - Windows XP .................................................................... 89Checking TCP/IP Settings - Windows Vista ................................................................. 91APPENDIX D ABOUT WIRELESS LANS.......................................................................... 93Overview .......................................................................................................................... 93Wireless LAN Terminology............................................................................................ 93APPENDIX E COMMAND LINE INTERFACE ................................................................ 96Overview .......................................................................................................................... 96Command Reference....................................................................................................... 96P/N: 956YHZ0001 Copyright  2008. All Rights Reserved.Document Version: 1.0 All trademarks and trade names are the properties of their respective owners. ii

1 Chapter 1 Introduction This Chapter provides an overview of the Wireless Access Point's features and capabilities. Congratulations on the purchase of your new Wireless Access Point. The Wireless Access Point links your Wireless Stations to your wired LAN. The Wireless stations and devices on the wired LAN are then on the same network, and can communicate with each other without regard for whether they are connected to the network via a Wireless or wired connection.Figure 1: Wireless Access Point Features of your Wireless Access Point The Wireless Access Point incorporates many advanced features, carefully designed to providesophisticated functions while being easy to use. x Standards Compliant. The Wireless Access Point complies with the IEEE802.11g and IEEE802.11n draft 2.0 specifications for Wireless LANs. x Supports 11n Wireless Stations. The 802.11n Draft standard provides for backward compatibility with the 802.11b standard, so 802.11n, 802.11b and 802.11g Wireless sta-tions can be used simultaneously.x Bridge Mode Support. The Wireless Access Point can operate in Bridge Mode, con-necting to another Access Point. Both PTP (Point to Point) and PTMP (Point to Multi-Point) Bridge modes are supported.And you can even use both Bridge Mode and Access Point Mode simultaneously!1

Wireless Access Point User Guidex WPS Support. WPS (Wi-Fi Protected Setup) can simplify the process of connecting anydevice to the wireless network by using the push button configuration (PBC) on the Wire-less Access Point, or entering a 8-digit PIN code if there's no button.x DHCP Client Support. Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request. The Wireless Access Point can act as a DHCP Client, and obtain an IP address and related information from your existing DHPCServer.x Upgradeable Firmware. Firmware is stored in a flash memory and can be upgraded easily, using only your Web Browser.x PoE Support. You can use PoE (Power over Ethernet) to provide power to the WirelessAccess Point, so only a single cable connection is required.Security Features x Virtual APs. For maximum flexibility, wireless security settings are stored in Virtual AP.Up to 4 Virtual APs can be defined and used as any time.x Multiple BSSIDs.Because each Virtual AP has it own SSID and beacon, and up to 4 Virtual APs can be active simultaneously, multiple SSIDs are supported. Different clients can connect to the Wireless Access Point using different SSIDs, with different securitysettings.x Virtual APs Isolation. If desired, PCs and devices connecting to different Virtual APscan be isolated from each other. x VLAN Support. The 802.1Q VLAN standard is supported, allowing traffic from differ-ent sources to be segmented. Combined with the multiple SSID feature, this provides a powerful tool to control access to your LAN. x WEP support. Support for WEP (Wired Equivalent Privacy) is included. Both 64 Bit128 Bit, and 152 Bit keys are supported.x WPA support. Support for WPA is included. WPA is more secure than WEP, and should be used if possible. Both TKIP and AES encryption methods are supported.x 802.1x Support. Support for 802.1x mode is included, providing for the industrial-strength wireless security of 802.1x authentication and authorization.x Radius Client Support. The Wireless Access Point can login to your existing RadiusServer (as a Radius client).x Radius MAC Authentication. You can centralize the checking of Wireless Station MAC addresses by using a Radius Server. x Rogue AP Detection. The Wireless Access Point can detect unauthorized (Rouge)Access Points on your LAN. x Access Control. The Access Control feature can check the MAC address of Wirelessclients to ensure that only trusted Wireless Stations can use the Wireless Access Point togain access to your LAN. x Password - protected Configuration. Optional password protection is provided toprevent unauthorized users from modifying the configuration data and settings.Advanced Features x Command Line Interface. If desired, the command line interface (CLI) can be used for configuration. This provides the possibility of creating scripts to perform common con-figuration changes. 2

Introductionx Auto Configuration. The Wireless Access Point can perform self-configuration bycopying the configuration data from another Access Point. This feature is enabled by de-fault.x Auto Update. The Wireless Access Point can automatically update its firmware, bydownloading and installing new firmware from your FTP server. x Radius Accounting Support. If you have a Radius Server, you can use it to provideaccounting data on Wireless clients.x Syslog Support. If you have a Syslog Server, the Wireless Access Point can send its logdata to your Syslog Server. x SNMP Support. SNMP (Simple Network Management Protocol) is supported, allowingyou to use a SNMP program to manage the Wireless Access Point.Package Contents The following items should be included:x Wireless Access Point x Power Adapter x Quick Start Guidex CD-ROM containing the on-line manual and setup utility.If any of the above items are damaged or missing, please contact your dealer immediately.3

Wireless Access Point User GuidePhysical Details Front Panel LEDs Figure 2: Front PanelPower On - Normal operation. Off - No power WLAN On - IdleOff - Wireless connection is not available.Flashing - Data is being transmitted or received via the Wireless access point. Data includes "network traffic" as well as user data. Status On - Error condition. Off - Normal operation. Blinking - During start up, and when the Firmware is being upgraded. Ethernet On - The LAN (Ethernet) port is active.Off - No active connection on the LAN (Ethernet) port.Flashing - Data is being transmitted or received via the corresponding LAN (Ethernet) port.4

IntroductionRear Panel Figure 3: Rear PanelReset Button This button has two (2) functions:x Reboot. When pressed and released, the Wireless Access Point will reboot (restart). x Reset to Factory Defaults. This button can also be used to clear ALL data and restore ALL settings to the factory default values.To Clear All Data and restore the factory default values:1. Hold the Reset Button until the Status (Red) LED blinks TWICE,usually more than 5 seconds. 2. Release the Reset Button.The factory default configuration has now been restored, and theAccess Point is ready for use. LAN Use a standard LAN cable (RJ45 connectors) to connect this port to a 10/100/1000BaseT hub/switch on your LAN. Power port Connect the supplied power adapter (12V@1A) here. 5

Chapter 2 Installation This Chapter covers the physical installation of the Wireless Access Point. RequirementsRequirements:x TCP/IP networkx Ethernet cable with RJ-45 connectorsx Installed Wireless network adapter for each PC that will be wirelessly connected to the networkProcedure1. Select a suitable location for the installation of your Wireless Access Point. To maximizereliability and performance, follow these guidelines:x Use an elevated location, such as wall mounted or on the top of a cubicle.x Place the Wireless Access Point near the center of your wireless coverage area. x If possible, ensure there are no thick walls or metal shielding between the WirelessAccess Point and Wireless stations. Under ideal conditions, the Wireless Access Pointhas a range of around 150 meters (450 feet). The range is reduced, and transmissionspeed is lower, if there are any obstructions between Wireless devices.Figure 4: Installation Diagram6

Installation2. Use a standard LAN cable to connect the "LAN" port on the Wireless Access Point to a 10/100/1000BaseT hub/switch on your LAN. 3. Connect the supplied power adapter to the Wireless Access Point and a convenient power outlet, and power up.4. Check the LEDs: x The Status LED should flash, then turn OFF. x The Power, Ethernet and WLAN LEDs should be ON. For more information, refer to Front Panel LEDs in Chapter 1.Using PoE (Power over Ethernet) The Wireless Access Point supports PoE (Power over Ethernet). To use PoE:1. Do not connect the supplied power adapter to the Wireless Access Point.2. Connect one end of a standard (category 5) LAN cable to the Ethernet port on the Wire-less Access Point. 3. Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter. (12V DC, 1A) 4. Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch.5. Connect the power supply to the PoE adapter and power up. 6. Check the LEDs on the Wireless Access Point to see it is drawing power via the Ethernet connection.Figure 5: Using PoE (Power over Ethernet) 7

Chapter 3 Access Point Setup This Chapter provides details of the Setup process for Basic Operation ofyour Wireless Access Point. OverviewThis chapter describes the setup procedure to make the Wireless Access Point a valid deviceon your LAN, and to function as an Access Point for your Wireless Stations.Wireless Stations may also require configuration. For details, see Chapter 4 - PC and Server Configuration.The Wireless Access Point can be configured using either the supplied Windows utility or your Web BrowserSetup using the Windows UtilityA simple Windows setup utility is supplied on the CD-ROM. This utility can be used to assign a suitable IP address to the Wireless Access Point. Using this utility is recommended, because it can locate the Wireless Access Point even if it has an invalid IP address.Installation1. Insert the supplied CD-ROM in your drive.2. If the utility does not start automatically, run the SETUP program in the root folder.3. Follow the prompts to complete the installation.Main Screen x Start the program by using the icon created by the setup program.x When run, the program searches the network for all active Wireless Access Points, thenlists them on screen, as shown by the example below. 8

Access Point Setup Figure 6: Management utility Screen Wireless Access Points The main panel displays a list of all Wireless Access Points found on the network. For each Access Point, the following data is shown:Name The Name is shown on a sticker on the base of the device.IP address The IP address for the Wireless Access Point. MAC Address The hardware or physical address of the Wireless Access Point.IEEE Standard The wireless standard or standards used by the Wireless Access Point(e.g. 802.11b, 802.11g) FW Version The current Firmware version installed in the Wireless Access Point.Description Any extra information for the Wireless Access Point, entered by theadministrator.Note: If the desired Wireless Access Point is not listed, check that the device is installed andON, then update the list by clicking the Refresh button.ButtonsRefresh Click this button to update the Wireless Access Point device listing after changing the name or IP Address. Detail Info When clicked, additional information about the selected Access Point will be displayed.Web Management Use this button to connect to the Wireless Access Point's Web-based management interface. Set IP Address Click this button if you want to change the IP Address of theWireless Access Point. Exit Exit the Management utility program by clicking this button.9

Wireless Access Point User GuideSetup Procedure 1. Select the desired Wireless Access Point.2. Click the Set IP Address button.3. If prompted, enter the user name and password. The default values are admin for the User Name, and password for the Password.4. Ensure the IP address,Network Mask, and Gateway are correct for your LAN. Save any changes.5. Click the Web Management button to connect to the selected Wireless Access Point usingyour Web Browser. If prompted, enter the User Name and Password again. 6. Check the following screens, and configure as necessary for your environment. Use theon-line help if necessary.The later sections in this Chapter also provides more details about each of these screens. 7. You may also wish to set the admin password and administration connection options.These are on the Admin Login screen accessed from the Management menu. See Chapter 6 for details of the screens and features available on the Management menu.8. Use the Apply and Reboot buttons on the menu to apply your changes and restart theWireless Access Point. Setup is now complete.Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 fordetails.10REMARK˜˘˘˘ʳˋ˃˅ˁ˄˄˵ʳ̂̅ʳˋ˃˅ˁ˄˄˺ʳ̂̃˸̅˴̇˼̂́ʳ̂˹ʳ̇˻˼̆ʳ̃̅̂˷̈˶̇ʳ˼́ʳ̇˻˸ʳ˨ˁ˦ˁ˔ˁʳ˼̆ʳ˹˼̅̀̊˴̅˸ˀ˿˼̀˼̇˸˷ʳ̇̂ʳ˶˻˴́́˸˿̆ʳ˄ʳ̇˻̅̂̈˺˻ʳ˄˄ˁ

Access Point Setup Setup using a Web Browser Your Browser must support JavaScript. The configuration program has been tested on thefollowing browsers:x Netscape V4.08 or later x Internet Explorer V4 or laterSetup Procedure Before commencing, install the Wireless Access Point in your LAN, as described previously.1. Check the Wireless Access Point to determine its Default Name. This is shown on a labelon the base or rear, and is in the following format:SCxxxxxxWhere xxxxxx is a set of 6 Hex characters (0 ~ 9, and A ~ F). 2. Use a PC which is already connected to your LAN, either by a wired connection or an-other Access Point.x Until the Wireless Access Point is configured, establishing a Wireless connection to it may be not possible.x If your LAN contains a Router or Routers, ensure the PC used for configuration is on the same LAN segment as the Wireless Access Point.3. Start your Web browser. 4. In the Address box, enter "HTTP://" and the IP Address of the 11N Wireless Access Point, as in this example, which uses the Wireless Access Point's default IP Address:HTTP://192.168.0.2285. You should then see a login prompt, which will ask for a User Name and Password.Enter admin for the User Name, and password for the Password.These are the default values. The password can and should be changed. Always enter thecurrent user name and password, as set on the Admin Login screen.Figure 7: Password Dialog6. You will then see the Status screen, which displays the current settings and status. No datainput is possible on this screen. See Chapter 5 for details of the Status screen. 11

Wireless Access Point User Guide7. From the menu, check the following screens, and configure as necessary for your envi-ronment. Details of these screens and settings are described in the following sections of this chapter.x System - Basic and Advanced settingsx Wireless - Basic, Advanced, Access Control, Radius Server, Virtual APs & WIFIProtected Setup. 8. You may also wish to set the admin password and administration connection options.These are on the Admin Login screen accessed from the Management menu. See Chapter 6 for details of the screens and features available on the Management menu.9. Use the Apply and Reboot buttons on the menu to apply your changes and restart theWireless Access Point. Setup is now complete.Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 fordetails.If you can't connect: It is likely that your PC’s IP address is incompatible with the Wireless Access Point’s IP address. This can happen if your LAN does not have a DHCP Server. The default IP address of the Wireless Access Point is 192.168.0.228, with a Network Mask of 255.255.255.0. If your PC’s IP address is not compatible with this, you must change your PC’s IP address to an unused value in the range 192.168.0.1 ~ 192.168.0.254, with a Network Mask of 255.255.255.0. See Appendix C - Windows TCP/IP for detailsfor this procedure. 12

Access Point Setup System Basic Settings Screen Click Basic Settings on the System menu to view a screen like the following. Figure 8: System Basic Settings Screen Data - System Basic Settings Screen IdentificationAccess Point NameEnter a suitable name for this Access Point.Description If desired, you can enter a description for the Access Point.Country Domain The country or domain which is matching your current location.MAC Address The MAC address is displayed.IP Settings DHCP Client Select this option if you have a DHCP Server on your LAN, and youwish the Access Point to obtain an IP address automatically.13

Wireless Access Point User GuideFixed IP Address If selected, the following data must be entered.x IP Address - The IP Address of this device. Enter an unused IP address from the address range on your LAN.x Subnet Mask - The Network Mask associated with the IP Address above. Enter the value used by other devices on your LAN.x Gateway - The IP Address of your Gateway or Router. Enter thevalue used by other devices on your LAN.x DNS - Enter the DNS (Domain Name Server) used by PCs on your LAN. DHCP Server x If Enabled, the Access Point will allocate IP Addresses to PCs (DHCP clients) on your LAN when they start up. The default (and recommended) value is Enabled.x The Start IP Address and Finish IP Address fields set the valuesused by the DHCP server when allocating IP Addresses to DHCP clients. This range also determines the number of DHCP clientssupported.Wins Server Name/IP Ad-dressEnter the server name or IP address of the Wins Server. TimeZoneTimeZone Choose the Time Zone for your location from the drop-down list. If your location is currently using Daylight Saving, enable the Adjust forDaylight Saving Time checkbox. You must UNCHECK this checkbox when Daylight Saving Time finishes.NTP Server Name/IP Ad-dressEnter the server name or IP address of the NTP. 14

Access Point Setup System Advanced Settings Screen Click Advanced Settings on the System menu to view a screen like the following. Figure 9: System Advanced Settings Screen Data - System Advanced Settings Screen VLANEnable 802.1Q VLANThis option is only useful if the hubs/switches on your LAN supportthe VLAN standard. 15

Wireless Access Point User GuideNative VLAN Enter the desired value for the Native VLAN. Default value is 1.AP Management VLANDefine the VLAN ID used for management.VLAN List Define the unique ID value (1 - 4094) for each VAP. Network Integrality Check Enable NetworkIntegralityCheckIf enabled, the AP will disable the wireless connection if the wired connect of AP is invalid.LLTDEnable Link Layer TopologyDiscoveryEnable this if you want to use Link Layer Topology Discovery proto-col (LLTD) feature. STPEnable Spanning tree Protocol Enable this if you want to use this feature.802.1x Supplicant Enable 802.1x SupplicantEnable this if your network requires this AP to use 802.X authentica-tion in order to operate.Authentication x Authentication via MAC AddressSelect this if you want to Use MAC Address for Authentication.x Authentication via Name and PasswordSelect this if you want to Use name and password for Authentica-tion.16

Access Point Setup Wireless Screens There are 6 configuration screens available: x Basicx Virtual APs x Radius Server Settingsx Access Control x Advanced Settingsx WIFI Protected Setup Basic Screen The settings on this screen must match the settings used by Wireless Stations.Click Basic Settings on the Wireless menu to view a screen like the following.Figure 10:Wireless Basic Screen Data - Wireless Basic Settings Screen OperationTurn Radio On Enable this to use the wireless feature.Wireless Mode Select the desired option:x Disable - select this if for some reason you do not this AP totransmit or receive at all.x 802.11b - if selected, only 802.11b connections are allowed.802.11g wireless stations will only be able to connect if they are fully backward-compatible with the 802.11b standard.x 802.11g - only 802.11g connections are allowed. If you only have 17

Wireless Access Point User Guide802.11g, selecting this option may provide a performance im-provement over using the default setting.x 802.11n - only 802.11n connections are allowed. If you only have 802.11n, selecting this option may provide a performance im-provement over using the default setting.x 802.11b and 802.11g - this will allow connections by both 802.11b and 802.11g wireless stations.x 802.11n and 802.11g - this will allow connections by both 802.11n and 802.11g wireless stations.x Mixed 802.11n/802.11g/802.11b - this is the default, and will allow connections by 802.11n, 802.11b and 802.11g wireless sta-tions.Auto Channel ScanIf "Enable" is selected, the Access Point will select the best availableChannel.Channel/FrequencyIf you experience interference (shown by lost connections and/or slowdata transfers) you may need to experiment with manually settingdifferent channels to see which is the best.Channel Band-widthSelect the desired bandwidth from the list. ExtensionSub-ChannelSelect Above or Below Primary Channel from the list.Operation Mode Select the desired mode:x Access Point - operate as a normal Access Pointx Bridge (Point-to-Point) - Bridge to a single AP. You mustprovide the MAC address of the other AP in the PTP Bridge AP MAC Address field.x Bridge (Multi-Point) - Select this only if this AP is the "Master" for a group of Bridge-mode APs. The other Bridge-mode APs must be set to Point-to-Point Bridge mode, using this AP's MACaddress. They then send all traffic to this "Master". x Wireless Client/Repeater - Act as a client or repeater for another Access Point. If selected, you must provide Remote SSID and theaddress (MAC address) of the other AP in the Remote AP MAC Address field. In this mode, all traffic is sent to the specified AP. x Wireless Detection - This mode will turn the access point into a wireless Monitor. A "Rouge AP" is an Access Point which should not be in use, and so can be considered to be providing unauthor-ized access to your LAN. x No Security - If checked, then any AP operating with securitydisabled is considered to be a Rogue AP. x Not in Legal AP List - If checked, then any AP not listed inthe "Legal AP List" is considered to be a Rogue AP. If checked, you must maintain the Legal AP List. x Define Legal AP - Click this to open a sub-screen where youcan modify the "Legal AP List". This list must contain all known APs, so must be kept up to date.Remote MAC AddressYou must enter the MAC address(es) of other AP(s) in the fields.18

Access Point Setup Select Remote APIf the other AP is on-line, you can click the "Select Remote AP" buttonand select from a list of available APs. 19

Access Point Setup Virtual AP Screen This screen is displayed when you select a VAP on the Virtual AP Settings screen, and clickthe Configure button.Figure 12: Virtual AP Screen VAP Data Enter the desired settings for each of the following: VAP Name Enter a suitable name for this VAP. SSID Enter the desired SSID. Each VAP must have a unique SSID. Broadcast SSID If Disabled, no SSID is broadcast.If enabled, the SSID will then be broadcast to all Wireless Stations.Stations which have no SSID (or a "null" value) can then adopt thecorrect SSID for connections to this Access Point.Isolation withinVAPIf enabled, then each Wireless station using the Access Point is invisible to other Wireless stations. In most business stations, thissetting should be Disabled.Security Settings Select the desired option, and then enter the settings for the selected method.The available options are: x None - No security is used. Anyone using the correct SSID can connect to your network.x WEP - The 802.11b standard. Data is encrypted before transmission, but the encryptionsystem is not very strong.x WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more secure thanWEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes fre-quently.21

Wireless Access Point User Guidex WPA2-PSK - This is a further development of WPA-PSK, and offers even greater secu-rity, using the AES (Advanced Encryption Standard) method of encryption.x WPA-PSK and WPA2-PSK - This method, sometimes called "Mixed Mode", allowsclients to use EITHER WPA-PSK (with TKIP) OR WPA2-PSK (with AES). x WPA with Radius - This version of WPA requires a Radius Server on your LAN toprovide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA standard.If this option is selected:x This Access Point must have a "client login" on the Radius Server.x Each user must have a "user login" on the Radius Server.x Each user's wireless client must support 802.1x and provide the login data when re-quired.x All data transmission is encrypted using the WPA standard. Keys are automaticallygenerated, so no key input is required.x WPA2 with Radius - This version of WPA2 requires a Radius Server on your LAN toprovide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA2 standard.If this option is selected:x This Access Point must have a "client login" on the Radius Server.x Each user must authenticate on the Radius Server. This is usually done using digitalcertificates.x Each user's wireless client must support 802.1x and provide the Radius authenticationdata when required.x All data transmission is encrypted using the WPA2 standard. Keys are automaticallygenerated, so no key input is required.x WPA and WPA2 with Radius - EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using EITHER WPA or WPA2 standard.If this option is selected:x This Access Point must have a "client login" on the Radius Server.x Each user must authenticate on the Radius Server. This is usually done using digitalcertificates.x Each user's wireless client must support 802.1x and provide the Radius authenticationdata when required.x All data transmission is encrypted using EITHER WPA or WPA2 standard. Keys are automatically generated, so no key input is required.x 802.1x - This uses the 802.1x standard for client authentication, and WEP for data encryp-tion.If this option is selected:x This Access Point must have a "client login" on the Radius Server.x Each user must have a "user login" on the Radius Server.x Each user's wireless client must support 802.1x and provide the login data when re-quired.x All data transmission is encrypted using the WEP standard. You only have to selectthe WEP key size; the WEP key is automatically generated.22

Access Point Setup Security Settings - None Figure 13: Wireless Security - None No security is used. Anyone using the correct SSID can connect to your network.Security Settings - WEP This is the 802.11b standard. Data is encrypted before transmission, but the encryption systemis not very strong.Figure 14: WEP Wireless Security Screen 23

Wireless Access Point User GuideData - WEP ScreenWEPDataEncryptionSelect the desired option, and ensure your Wireless stations have thesame setting: x 64 Bit Encryption - Keys are 10 Hex (5 ASCII) characters. x 128 Bit Encryption - Keys are 26 Hex (13 ASCII) characters. x 152 Bit Encryption - Keys are 32 Hex (16 ASCII) characters. Authentication Normally, you can leave this at “Automatic”, so that Wireless Stationscan use either method ("Open System" or "Shared Key".).If you wish to use a particular method, select the appropriate value - "Open System" or "Shared Key". All Wireless stations must then be setto use the same method.Key Input Select "Hex" or "ASCII" depending on your input method. (All keysare converted to Hex, ASCII input is only for convenience.)Key Value Enter the key values you wish to use. The default key, selected by theradio button, is required. The other keys are optional. Other stationsmust have matching key values.Passphrase Use this to generate a key or keys, instead of entering them directly.Enter a word or group of printable characters in the Passphrase box and click the "Generate Key" button to automatically configure theWEP Key(s).24

Access Point Setup Security Settings - WPA-PSK Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and shouldbe used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes frequently.Figure 15: WPA-PSK Wireless Security Screen Data - WPA-PSK ScreenWPA-PSKNetwork Key Enter the key value. Data is encrypted using a 256Bit key derivedfrom this key. Other Wireless Stations must use the same key.WPA Encryption The encryption method is TKIP. Wireless Stations must also use TKIP.Group Key Update This refers to the key used for broadcast transmissions. Enablethis if you want the keys to be updated regularly.Key Lifetime This field determines how often the Group key is dynamicallyupdated. Enter the desired value.Update Group key when any membership terminatesIf enabled, the Group key will be updated whenever any memberleaves the group or disassociates from the Access Point. 25

Wireless Access Point User GuideSecurity Settings - WPA2-PSK This is a further development of WPA-PSK, and offers even greater security, using the AES (Advanced Encryption Standard) method of encryption.Figure 16: WPA2-PSK Wireless Security Screen Data - WPA2-PSK ScreenWPA2-PSKNetwork Key Enter the key value. Data is encrypted using a 256Bit key derivedfrom this key. Other Wireless Stations must use the same key.WPA Encryption The encryption method is AES. Wireless Stations must also use AES.Group Key Update This refers to the key used for broadcast transmissions. Enablethis if you want the keys to be updated regularly.Key Lifetime This field determines how often the Group key is dynamicallyupdated. Enter the desired value.Update Group key when any membership terminatesIf enabled, the Group key will be updated whenever any memberleaves the group or disassociates from the Access Point. 26

Access Point Setup Security Settings - WPA-PSK and WPA2-PSK This method, sometimes called "Mixed Mode", allows clients to use EITHER WPA-PSK (withTKIP) OR WPA2-PSK (with AES). Figure 17: WPA-PSK and WPA2-PSK Wireless Security Screen Data - WPA-PSK and WPA2-PSK ScreenWPA-PSK and WPA2-PSK Network Key Enter the key value. Data is encrypted using this key. OtherWireless Stations must use the same key. WPA Encryption The encryption method is TKIP for WPA-PSK, and AES for WPA2-PSK.Group Key Update This refers to the key used for broadcast transmissions. Enablethis if you want the keys to be updated regularly.Key Lifetime This field determines how often the Group key is dynamicallyupdated. Enter the desired value.Update Group key when any membership terminatesIf enabled, the Group key will be updated whenever any memberleaves the group or disassociates from the Access Point. 27

Wireless Access Point User GuideSecurity Settings - WPA with Radius This version of WPA requires a Radius Server on your LAN to provide the client authentica-tion according to the 802.1x standard. Data transmissions are encrypted using the WPAstandard.Figure 18: WPA with Radius Wireless Security Screen Data - WPA with Radius ScreenWPA with Radius WPA Encryption The encryption method is TKIP. Wireless Stations must also use TKIP.Group Key Update This refers to the key used for broadcast transmissions. Enablethis if you want the keys to be updated regularly.Key Lifetime This field determines how often the Group key is dynamicallyupdated. Enter the desired value.Update Group key when any membership terminatesIf enabled, the Group key will be updated whenever any memberleaves the group or disassociates from the Access Point. 28

Access Point Setup Security Settings - WPA2 with Radius This version of WPA2 requires a Radius Server on your LAN to provide the client authentica-tion according to the 802.1x standard. Data transmissions are encrypted using the WPA2standard.Figure 19: WPA2 with Radius Wireless Security Screen Data - WPA2 with Radius ScreenWPA2 with Radius WPA Encryption The encryption method is AES. Wireless Stations must also use AES.Group Key Update This refers to the key used for broadcast transmissions. Enablethis if you want the keys to be updated regularly.Key Lifetime This field determines how often the Group key is dynamicallyupdated. Enter the desired value.Update Group key when any membership terminatesIf enabled, the Group key will be updated whenever any memberleaves the group or disassociates from the Access Point. 29

Wireless Access Point User GuideSecurity Settings - WPA and WPA2 with Radius EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client authenti-cation according to the 802.1x standard. Data transmissions are encrypted using EITHER WPA or WPA2 standard.Figure 20: WPA and WPA2 with Radius Wireless Security Screen Data - WPA and WPA2 with Radius ScreenWPA and WPA2 with Radius WPA Encryption The encryption method is TKIP for WPA, and AES for WPA2.Group Key Update This refers to the key used for broadcast transmissions. Enablethis if you want the keys to be updated regularly.Key Lifetime This field determines how often the Group key is dynamicallyupdated. Enter the desired value.Update Group key when any membership terminatesIf enabled, the Group key will be updated whenever any memberleaves the group or disassociates from the Access Point. 30

Access Point Setup Security Settings - 802.1x This uses the 802.1x standard for client authentication, and WEP for data encryption. If thisoption is selected:x This Access Point must have a "client login" on the Radius Server.x Each user must have a "user login" on the Radius Server. Normally, a Certificate is used to authenticate each user. See Chapter4 for details of user configuration. x Each user's wireless client must support 802.1x. x All data transmission is encrypted using the WEP standard. You only have to select theWEP key size; the WEP key is automatically generated.Figure 21: 802.1x Wireless Security Screen Data - 802.1x Screen802.1xWEP Key Size Select the desired option:x 64 Bit - Keys are 10 Hex (5 ASCII) characters. x 128 Bit - Keys are 26 Hex (13 ASCII) characters. x 152 Bit - Keys are 32 Hex (16 ASCII) characters. 31

Wireless Access Point User GuideDynamic WEP Key Click this if you want the WEP keys to be automatically gener-ated.x The key exchange will be negotiated. The most widelysupported protocol is EAP-TLS.x The following Key Exchange setting determines how oftenthe keys are changed. x Both Dynamic and Static keys can be used simultaneously,allowing clients using either method to use the Access Point.Key Exchange This setting if only available if using Dynamic WEP Keys. If you want the Dynamic WEP keys to be updated regularly,enable this and enter the desired lifetime (in minutes).Static WEP Key (EAP-MD5)Enable this if some wireless clients use a fixed (static) WEPkey, using EAP-MD5.Note that both Dynamic and Static keys can be used simultane-ously, allowing clients using either method to use the Access Point.WEP Key Enter the WEP key according to the WEP Key Size settingabove. Wireless stations must use the same key.WEP Key Index Select the desired index value. Wireless stations must use thesame key index.32

Access Point Setup Radius Server Settings Clicking the Radius Server Settings link on the Wireless menu will result in a screen like thefollowing.Figure 22: Advanced SettingsData - Radius Server Settings ScreenAuthentication ServerPrimary Authentica-tion Server Enter the name or IP address of the Radius Server on yournetwork.Port Number Enter the port number used for connections to the RadiusServer.Shared Secret Enter the key value to match the Radius Server.Secondary Authentica-tion Server The Secondary Authentication Server will be used when the Primary Authentication Server is not available.Accounting ServerPrimary AccountingServerEnter the IP address in the following fields if you want thisAccess Point to send accounting data to the Radius Server.Port Number The port used by your Radius Server must be entered in thefield.Shared Secret Enter the key value to match the Radius Server.Secondary Accounting ServerThe Secondary Accounting Server will be used when the Primary Accounting Server is not available.33

Wireless Access Point User GuideAccess Control This feature can be used to block access to your LAN by unknown or untrusted wireless stations.Click Access Control on the Wireless menu to view a screen like the following.Figure 23: Access Control Screen Data - Access Control Screen Access Control Select the desired option, as requiredx Disabled - The Access Control feature is disabled.x Local - Select Allow only following MAC addresses or Denyfollowing MAC addresses.x Radius - The Access Point will use the MAC address table locatedon the external Radius server on the LAN for Access Control.Warning! Ensure your own PC is in the "Trusted Wireless Stations"list before enabling this feature.Local Trusted StationsThis table lists any Wireless Stations you have designated as "Trusted". If you have not added any stations, this table will be empty.For each Wireless station, the following data is displayed: x Name - the name of the Wireless station.x MAC Address - the MAC or physical address of each Wirelessstation.x Connected - this indicates whether or not the Wireless station iscurrently associates with this Access Point.ButtonsModify List To change the list of Trusted Stations (Add, Edit, or Delete a WirelessStation or Stations), click this button. You will then see the TrustedWireless Stations screen, described below.34

Access Point Setup Read from File To upload a list of Trusted Stations from a file on your PC, click thisbutton.Write to File To download the current list of Trusted Stations from the Access Pointto a file on your PC, click this button.Trusted Wireless Stations To change the list of trusted wireless stations, use the Modify List button on the Access Controlscreen. You will see a screen like the sample below.Figure 24: Trusted Wireless Stations Data - Trusted Wireless Stations Trusted Wireless StationsThis lists any Wireless Stations which you have designated as “Trusted”.Other Wireless StationsThis list any Wireless Stations detected by the Access Point, whichyou have not designated as "Trusted".Name The name assigned to the Trusted Wireless Station. Use this when adding or editing a Trusted Station.Address The MAC (physical) address of the Trusted Wireless Station. Use this when adding or editing a Trusted Station.Buttons<< Add a Trusted Wireless Station to the list (move from the "OtherStations" list). x Select an entry (or entries) in the "Other Stations" list, andclick the " << " button.x Enter the Address (MAC or physical address) of the wirelessstation, and click the "Add " button.35

Wireless Access Point User Guide>> Delete a Trusted Wireless Station from the list (move to the "OtherStations" list). x Select an entry (or entries) in the "Trusted Stations" list.x Click the " >> " button.Select All Select all of the Stations listed in the "Other Stations" list. Select None De-select any Stations currently selected in the "Other Stations" list.Edit To change an existing entry in the "Trusted Stations" list, select it and click this button.1. Select the Station in the "Trusted Station" list.2. Click the "Edit" button. The address will be copied to the"Address" field, and the "Add" button will change to "Update".3. Edit the address (MAC or physical address) as required.4. Click "Update" to save your changes. Add To add a Trusted Station which is not in the "Other WirelessStations" list, enter the required data and click this button.Clear Clear the Name and Address fields. 36

Access Point Setup Advanced Settings Clicking the Advanced Settings link on the Wireless menu will result in a screen like thefollowing.Figure 25: Advanced SettingsData - Advanced Settings ScreenOptionsWorldwide Mode (802.11d)Enable this setting if you wish to use this mode, and yourWireless stations support this mode.WMMEnable WMM Support Check this to enable WMM (Wi-Fi Multimedia) support in the Access Point. If WMM is also supported by your wirelessclients, voice and multimedia traffic will be given a higherpriority than other traffic. No Acknowledgement If enabled, then WMM acknowledgement is disabled. Depend-ing on the environment, disabling acknowledgement mayincrease throughput slightly.ParametersDisassociated Timeout This determines how quickly a Wireless Station will be consid-ered "Disassociated" with this AP, when no traffic is received. Enter the desired time period.Fragmentation Length Enter the preferred setting between 256 and 2346. Normally,this can be left at the default value.Beacon Interval Enter the preferred setting between 20 and 1000. Normally, thiscan be left at the default value.37

Wireless Access Point User GuideRTS/CTS Threshold Enter the preferred setting between 1 and 2347. Normally, thiscan be left at the default value.Preamble Type Select the desired option. The default is "Long". The "Short"setting takes less time when used in a good environment.802.11b ProtectionModeThe Protection system is intended to prevent older 802.11b devices from interfering with 802.11g transmissions. (Older802.11b devices may not be able to detect that a 802.11g transmission is in progress.) Normally, this should be left at"Auto".38

Access Point Setup Wi-Fi Protected Setup Click WiFi Protected Setup on the Wireless menu to view a screen like the following:.Figure 26: WPS Screen Data - WPS Screen WPSUse one of the following..x If the first option is selected, press the WPS button on the clientdevice, then click the Push button.x If the second option is selected, enter the PIN code from the clientdevice in this field and click Register button.x If the third option is selected, enter the displayed PIN code to theclient device.Change AP SettingsEnter the desired pin value manually or click the Auto generate buttonto have the new pin code displayed in the field.WPS Status It displays the current WPS status. Network Name It displays the network name in use. Security The current security method is displayed.Passphrase The current status of Passphrase is displayed.39

4 Chapter 4 PC and Server Configura-tion This Chapter details the PC Configuration required for each PC on the localLAN.OverviewAll Wireless Stations need to have settings which match the Wireless Access Point. Thesesettings depend on the mode in which the Access Point is being used. x If using WEP or WPA-PSK, it is only necessary to ensure that each Wireless station'ssettings match those of the Wireless Access Point, as described below.x For 802.1x modes, configuration is much more complex. The Radius Server must be configured correctly, and setup of each Wireless station is also more complex.Using WEP For each of the following items, each Wireless Station must have the same settings as the Wireless Access Point.Mode On each PC, the mode must be set to Infrastructure.SSID (ESSID) This must match the value used on the Wireless Access Point.The default value is wirelessNote! The SSID is case sensitive.WirelessSecurityx Each Wireless station must be set to use WEP data encryption.x The Key size (64 bit, 128 bit, 152 bit) must be set to match theAccess Point.x The keys values on the PC must match the key values on the Access Point.Note:On some systems, the key sizes may be shown as 40bit, 104bit, and 128bit instead of 64 bit, 128 bit and 152bit. This difference arises be-cause the key input by the user is 24 bits less than the key size used for encryption.40

PC and Server Configuration Using WPA-PSK/WPA2-PSK For each of the following items, each Wireless Station must have the same settings as the Wireless Access Point.Mode On each PC, the mode must be set to Infrastructure.SSID (ESSID) This must match the value used on the Wireless Access Point.The default value is wirelessNote! The SSID is case sensitive.WirelessSecurityOn each client, Wireless security must be set to WPA-PSK.x The Pre-shared Key entered on the Access Point must also be entered on each Wireless client. x The Encryption method (e.g. TKIP, AES) must be set to match theAccess Point.41

Wireless Access Point User GuideUsing WPA-Enterprise This is the most secure and most complex system.WPA-Enterprise mode provides greater security and centralized management, but it is morecomplex to configure.Wireless Station Configuration For each of the following items, each Wireless Station must have the same settings as the Wireless Access Point.Mode On each PC, the mode must be set to Infrastructure.SSID (ESSID) This must match the value used on the Wireless Access Point.The default value is wirelessNote! The SSID is case sensitive.802.1xAuthenticationEach client must obtain a Certificate which is used for authentication forthe Radius Server. 802.1xEncryptionTypically, EAP-TLS is used. This is a dynamic key system, so keys do NOT have to be entered on each Wireless station. However, you can also use a static WEP key (EAP-MD5); the WirelessAccess Point supports both methods simultaneously.Radius Server Configuration If using WPA-Enterprise mode, the Radius Server on your network must be configured as follow:x It must provide and accept Certificates for user authentication. x There must be a Client Login for the Wireless Access Point itself. x The Wireless Access Point will use its Default Name as its Client Login name. (How-ever, your Radius server may ignore this and use the IP address instead.)x The Shared Key, set on the Security Screen of the Access Point, must match theShared Secret value on the Radius Server. x Encryption settings must be correct.42

PC and Server Configuration 802.1x Server Setup (Windows 2000 Server) This section describes using Microsoft Internet Authentication Server as the Radius Server, since it is the most common Radius Server available that supports the EAP-TLS authenticationmethod.The following services on the Windows 2000 Domain Controller (PDC) are also required:x dhcpdx dnsx rrasx webserver (IIS)x Radius Server (Internet Authentication Service)x Certificate AuthorityWindows 2000 Domain Controller Setup 1. Run dcpromo.exe from the command prompt.2. Follow all of the default prompts, ensure that DNS is installed and enabled during installa-tion.Services Installation 1. Select the Control Panel -Add/Remove Programs.2. Click Add/Remove Windows Components from the left side.3. Ensure that the following components are activated (selected):x Certificate Services. After enabling this, you will see a warning that the computercannot be renamed and joined after installing certificate services. Select Yes to select certificate services and continue x World Wide Web Server. Select World Wide Web Server on the Internet InformationServices (IIS) component.x From the Networking Services category, select Dynamic Host Configuration Protocol(DHCP), and Internet Authentication Service (DNS should already be selected and in-stalled).43

Wireless Access Point User GuideFigure 27: Components Screen 4. Click Next.5. Select the Enterprise root CA, and click Next.Figure 28: Certification Screen 6. Enter the information for the Certificate Authority, and click Next.44

PC and Server Configuration Figure 29: CA Screen 7. Click Next if you don't want to change the CA's configuration data.8. Installation will warn you that Internet Information Services are running, and must be stopped before continuing. Click Ok, then Finish.DHCP server configuration 1. Click on the Start -Programs - Administrative Tools - DHCP2. Right-click on the server entry as shown, and select New Scope.Figure 30: DHCP Screen 3. Click Next when the New Scope Wizard Begins.4. Enter the name and description for the scope, click Next.5. Define the IP address range. Change the subnet mask if necessary. Click Next.45

Wireless Access Point User GuideFigure 31:IP Address Screen 6. Add exclusions in the address fields if required. If no exclusions are required, leave itblank. Click Next.7. Change the Lease Duration time if preferred. Click Next.8. Select Yes, I want to configure these options now, and click Next.9. Enter the router address for the current subnet. The router address may be left blank ifthere is no router. Click Next.10. For the Parent domain, enter the domain you specified for the domain controller setup, and enter the server's address for the IP address. Click Next.Figure 32: DNS Screen 11. If you don't want a WINS server, just click Next.12. Select Yes, I want to activate this scope now. Click Next, then Finish.13. Right-click on the server, and select Authorize. It may take a few minutes to complete.46

PC and Server Configuration Certificate Authority Setup 1. Select Start -Programs - Administrative Tools - Certification Authority.2. Right-click Policy Settings, and select New - Certificate to Issue.Figure 33: Certificate Authority Screen 3. Select Authenticated Session and Smartcard Logon (select more than one by holding down the Ctrl key). Click OK.Figure 34: Template Screen 4. Select Start -Programs - Administrative Tools - Active Directory Users and Computers.5. Right-click on your active directory domain, and select Properties.47

Wireless Access Point User GuideFigure 35: Active Directory Screen 6. Select the Group Policy tab, choose Default Domain Policy then click Edit.Figure 36: Group Policy Tab7. Select Computer Configuration - Windows Settings - Security Settings - Public Key Policies, right-click Automatic Certificate Request Settings - New - Automatic CertificateRequest.48

PC and Server Configuration Figure 37: Group Policy Screen 8. When the Certificate Request Wizard appears, click Next.9. Select Computer, then click Next.Figure 38: Certificate Template Screen 10. Ensure that your certificate authority is checked, then click Next.11. Review the policy change information and click Finish.12. Click Start - Run, type cmd and press enter.Enter secedit /refreshpolicy machine_policyThis command may take a few minutes to take effect.49

Wireless Access Point User GuideInternet Authentication Service (Radius) Setup 1. Select Start - Programs - Administrative Tools - Internet Authentication Service2. Right-click on Clients, and select New Client.Figure 39: Service Screen 3. Enter a name for the access point, click Next.4. Enter the address or name of the Wireless Access Point, and set the shared secret, as entered on the Security Settings of the Wireless Access Point.5. Click Finish.6. Right-click on Remote Access Policies, select New Remote Access Policy.7. Assuming you are using EAP-TLS, name the policy eap-tls, and click Next.8. Click Add...If you don't want to set any restrictions and a condition is required, select Day-And-Time-Restrictions, and click Add...Figure 40: Attribute Screen 9. Click Permitted, then OK. Select Next.10. Select Grant remote access permission. Click Next.50

Wireless Access Point User GuideRemote Access Login for Users 1. Select Start - Programs - Administrative Tools-Active Directory Users and Computers.2. Double click on the user who you want to enable.3. Select the Dial-in tab, and enable Allow access. Click OK.Figure 42: Dial-in Screen 52

PC and Server Configuration 802.1x Client Setup on Windows XPWindows XP ships with a complete 802.1x client implementation. If using Windows 2000, you can install SP3 (Service Pack 3) to gain the same functionality.If you don't have either of these systems, you must use the 802.1x client software providedwith your wireless adapter. Refer to your vendor's documentation for setup instructions.The following instructions assume that:x You are using Windows XP x You are connecting to a Windows 2000 server for authentication.x You already have a login (User name and password) on the Windows 2000 server. Client Certificate Setup 1. Connect to a network which doesn't require port authentication.2. Start your Web Browser. In the Address box, enter the IP address of the Windows 2000 Server, followed by /certsrve.g http://192.168.0.2/certsrv 3. You will be prompted for a user name and password. Enter the User name and Passwordassigned to you by your network administrator, and click OK.Figure 43: Connect Screen 4. On the first screen (below), select Request a certificate, click Next.53

Wireless Access Point User GuideFigure 44: Wireless CA Screen 5. Select User certificate request and select User Certificate, the click Next.Figure 45: Request Type Screen 6. Click Submit.54

PC and Server Configuration Figure 46: Identifying Information Screen 7. A message will be displayed, then the certificate will be returned to you.Click Install this certificate.Figure 47:Certificate Issued Screen 8. . You will receive a confirmation message. Click Yes.55

Wireless Access Point User GuideFigure 48: Root Certificate Screen 9. Certificate setup is now complete.802.1x Authentication Setup 1. Open the properties for the wireless connection, by selecting Start - Control Panel - Network Connections.2. Right Click on the Wireless Network Connection, and select Properties.3. Select the Authentication Tab, and ensure that Enable network access control using IEEE 802.1X is selected, and Smart Card or other Certificate is selected from the EAP type.Figure 49: Authentication Tab Encryption Settings The Encryption settings must match the APs (Access Points) on the Wireless network youwish to join.x Windows XP will detect any available Wireless networks, and allow you to configure each network independently. 56

PC and Server Configuration x Your network administrator can advise you of the correct settings for each network. 802.1x networks typically use EAP-TLS. This is a dynamic key system, so there is no need to enter key values. Enabling EncryptionTo enable encryption for a wireless network, follow this procedure:1. Click on the Wireless Networks tab.Figure 50: Wireless Networks Screen 2. Select the wireless network from the Available Networks list, and click Configure.3. Select and enter the correct values, as advised by your Network Administrator.For example, to use EAP-TLS, you would enable Data encryption, and click the checkbox for the setting The key is provided for me automatically, as shown below.57

Wireless Access Point User GuideFigure 51: Properties Screen Setup for Windows XP and 802.1x client is now complete.58

PC and Server Configuration Using 802.1x Mode (without WPA) This is very similar to using WPA-Enterprise.The only difference is that on your client, you must NOT enable the setting The key is pro-vided for me automatically.Instead, you must enter the WEP key manually, ensuring it matches the WEP key used on theAccess Point.Figure 52: Properties Screen Note:On some systems, the "64 bit" WEP key is shown as "40 bit" and the "128 bit" WEP key isshown as "104 bit". This difference arises because the key input by the user is 24 bits less than the key size used for encryption. 59

5 Chapter 5 Operation and Status This Chapter details the operation of the Wireless Access Point and the status screens.OperationOnce both the Wireless Access Point and the PCs are configured, operation is automatic. However, you may need to perform the following operations on a regular basis.x If using the Access Control feature, update the Trusted PC database as required. (See Access Control in Chapter 3 for details.)x If using 802.1x mode, update the User Login data on the Windows 2000 Server, and configure the client PCs, as required.Status Screen Use the Status link on the main menu to view this screen.Figure 53: Status Screen 60

Operation and Status Data - Status Screen Access PointAccess Point Name The current name will be displayed.MAC Address The MAC (physical) address of the Wireless Access Point.Country/Domain The region or domain, as selected on the System screen.Hardware Version The version of the hardware currently used. Firmware Version The version of the firmware currently installed. TCP/IPIP Address The IP Address of the Wireless Access Point. Subnet Mask The Network Mask (Subnet Mask) for the IP Address above. Gateway Enter the Gateway for the LAN segment to which the WirelessAccess Point is attached (the same value as the PCs on that LAN segment).DHCP Client This indicates whether the current IP address was obtained from a DHCP Server on your network.It will display "Enabled" or "Disabled".DHCP Server "Enabled" or "Disabled" is displayed for the DHCP server status.Ethernet Status The current Ethernet status is displayed.WirelessChannel/Frequency The Channel currently in use is displayed.Wireless Mode The current mode (e.g. 802.11g) is displayed.AP Mode The current Access Point mode is displayed.ButtonsVirtual AP Status Click this to open a sub-window displaying Virtual AP Statusabout the information of Name, SSID, Broadcast SSID, Security,Status and Clients.Statistics Click this to open a sub-window where you can view Statistics on data transmitted or received by the Access Point. Log Click this to open a sub-window where you can view the activitylog.Stations Click this to open a sub-window where you can view the list of all current Wireless Stations using the Access Point.61

Wireless Access Point User GuideStatistics Screen This screen is displayed when the Statistics button on the Status screen is clicked. It shows details of the traffic flowing through the Wireless Access Point. Figure 54: Statistics Screen 62

Operation and Status Data - Statistics Screen System Up Time Up Time This indicates how long the system has been running since the lastrestart or reboot.VAPAuthentication The number of "Authentication" packets received. Authentication is the process of identification between the AP and the client.Deauthentication The number of "Deauthentication" packets received. Deauthentica-tion is the process of ending an existing authentication relationship.Association The number of "Association" packets received. Association creates a connection between the AP and the client. Usually, clients associ-ate with only one (1) AP at any time.Disassociation The number of "Disassociation" packets received. Disassociation breaks the existing connection between the AP and the client. Reassociation The number of "Reassociation" packets received. Reassociation is the service that enables an established association (between AP and client) to be transferred from one AP to another (or the same) AP. WirelessData Number of valid Data packets transmitted to or received fromWireless Stations, at driver level.Management Number of Management packets transmitted to or received fromWireless Stations.Control Number of Control packets transmitted to or received from Wire-less Stations.63

Wireless Access Point User GuideVirtual AP Status This screen is displayed when the Virtual AP Status button on the Status screen is clicked.Figure 55: Virtual AP Status Screen For each VAP, the following data is displayed: Name The name you gave to this VAP; if you didn't change the name, thedefault name is used. BSSIS The MAC address of the VAP. SSID The SSID assigned to this VAP. Broadcast SSID Indicates whether or not the SSID is broadcast.Security The security method used by this VAP. Status Indicates whether or not this VAP is enabled or currently used. Clients The number of wireless stations currently using accessing this Access Point using this VAP. If the VAP is disabled, this will always be zero.64

Operation and Status Activity Log This screen is displayed when the Log button on the Status screen is clicked.Figure 56: Activity Log Screen Data - Activity Log DataCurrent Time The system date and time is displayed.Log The Log shows details of the connections to the Wireless Access Point.ButtonsRefresh Update the data on screen. Save to File Save the log to a file on your pc. Clear Log This will delete all data currently in the Log. This will make it easier to read new messages.65

Wireless Access Point User GuideStation List This screen is displayed when the Stations button on the Status screen is clicked.Figure 57 Station List Screen Data - Station List Screen Station List MAC Address The MAC (physical) address of each Wireless Station is displayed. Mode The mode of each Wireless Station. SSID This displays the SSID used the Wireless station. Because the Wire-less Access Point supports multiple SSIDs, different PCs could connect using different SSIDs. Refresh Button Update the data on screen. 66

6 Chapter 6 Access Point Management This Chapter explains when and how to use the Wireless Access Point's"Management" Features.OverviewThis Chapter covers the following features, available on the Wireless Access Point’s Man-agement menu.x Admin Loginx Auto Config/Updatex Config File x SNMP Settings x Log Settingsx Upgrade FirmwareAdmin Login Screen The Admin Login screen allows you to assign a password to the Wireless Access Point. Thispassword limits access to the configuration interface. The default password is password. It is recommended that this be changed, using this screen. Figure 58: Admin Login Screen 67

Wireless Access Point User GuideData - Admin Login Screen LoginAdmin User Name Enter the login name for the Administrator.Change Admin Password If you wish to change the Admin password, check this fieldand enter the new login password in the fields below.New Password Enter the desired login password. Repeat New Password Re-enter the desired login password. Admin Connections Enable Wireless Web AccessEnable this to allow wireless client access the device. Enable HTTP Enable this to allow admin connections via HTTP. If enabled,you must provide a port number in the field below. EitherHTTP or HTTPS must be enabled.HTTP Port Number Enter the port number to be used for HTTP connections to thisdevice. The default value is 80. Enable HTTPS Enable this to allow admin connections via HTTPS (secureHTTP). If enabled, you must provide a port number in thefield below. Either HTTP or HTTPS must be enabled.HTTPS Port Number Enter the port number to be used for HTTPS connections tothis device. The default value is 443. Enable Management via TelnetIf desired, you can enable this option. If enabled, you will ableto connect to this AP using a Telnet client. You will have toprovide the same login data (user name, password) as for a HTTP (Web) connection.68

Access Point Management Auto Config/UpdateTo reach this screen, select Auto Config/Update in the Management section of the menu.Figure 59: Auto Config/Auto Update Screen Data - Auto Config/Auto Update Screen Auto Config Perform Auto Con-figuration on this AP If checked, this AP will perform Auto Configuration.Respond to Auto-configuration request by other AP If checked, this AP will respond to other AP’s "Auto Configura-tion" requests. Otherwise, "Auto Configuration" requests fromother AP will be ignored. Provide admin loginname and password If enabled, the login name and password need to be provided.Provide Respond to Auto-ConfigurationsettingIf enabled, the "Respond to Auto-configuration" setting needs to be provided.Auto Update Check for Firmware Upgrade..If enabled, the device will check the firmware upgrade in the timeinterval. Enter the desired day value in the following field.FTP Server address Enter the address for the FTP server. FTP File pathname Enter the full path of the firmware in the FTP server.FTP Login Name Enter the login name for the FTP server. FTP Password Enter the login password for the FTP server. 69

Wireless Access Point User GuideConfig FileThis screen allows you to Backup (download) the configuration file, and to restore (upload) a previously-saved configuration file.You can also set the Wireless Access Point back to its factory default settings.To reach this screen, select Config File in the Management section of the menu.Figure 60: Config File Screen Data - Config File Screen BackupSave a copy of cur-rent settings to a file Once you have the Access Point working properly, you shouldback up the settings to a file on your computer. You can laterrestore the Access Point's settings from this file, if necessary.To create a backup file of the current settings:x Click Backup.x If you don't have your browser set up to save downloadedfiles automatically, locate where you want to save the file, rename it if you like, and click Save.RestoreRestore saved settings from a fileTo restore settings from a backup file:1. Click Browse.2. Locate and select the previously saved backup file.3. Click Restore70

Access Point Management DefaultsRevert to factory default settings To erase the current settings and restore the original factory default settings, click Set to Defaults button.Note!x This will terminate the current connection. The Access Point will be unavailable until it has restarted.x By default, the Access Point will act as a DHCP client, andautomatically obtain an IP address. You will need to deter-mine its new IP address in order to re-connect.71

Wireless Access Point User GuideSNMPSNMP (Simple Network Management Protocol) is only useful if you have a SNMP programon your PC. To reach this screen, select SNMP in the Management section of the menu.Figure 61: SNMP Screen Data - SNMP Screen GeneralSNMP Use this to enable or disable SNMP as requiredRead Only com-munityData can be read, but not changed. Read/Write Com-munityData can be read, and setting changed. SNMPv3User Name Enter the user name for SNMPv3.AuthenticationProtocolSelect the authentication protocol used by SNMPv3.AuthenticationKeyEnter the authentication key required by SNMPv3.72

Access Point Management Private Protocol Select the private protocol as required.Private Key Enter the private key here.ManagersAny Station The IP address of the manager station is not checked. Only this station The IP address is checked, and must match the address you enter in the IP address field provided.If selected, you must enter the IP address of the required station.TrapsVersion Select the desired option, as supported by your SNMP Managementprogram.Receiver Select this to have Trap messages sent to the specified PC only. You must enter the IP Address of the desired PC.73

Wireless Access Point User GuideLog SettingsIf you have a Syslog Server on your LAN, this screen allows you to configure the Access Pointto send log data to your Syslog Server. Figure 62: Syslog Settings Screen Data - Syslog Settings Screen Syslog Server Select the desired Option:x Disable - Syslog server is not used.x Broadcast - Syslog data is broadcast. Use this option ifdifferent PCs act as the Syslog server at different times.x Unicast - Select this if the same PC is always used as theSyslog server. If selected, you must enter the server ad-dress in the field provided.Server Name/IP Address Enter the name or IP address of your Syslog Server. Minimum Severity Level Select the desired severity level. Events with a severtiy levelequal to or higher (i.e. lower number) than the selected levelwill be logged. Email Alerts Email Alerts If enabled, an E-mail will be sent. If enabled, the e-mailaddress information (below) must be provided.74

Access Point Management Log Queue Length Enter the desired length of the log queue. The default is 20 entries.Log Time Threshold Enter the preferred value between 60 and 600, which deter-mine how often the log will be emailed to you. Normally, thiscan be left at the default value. The default is 600 seconds. SMTP Mail Server Enter the domain name or IP address of the SMTP (SimpleMail Transport Protocol) server you use for sending e-mails.Email Address for Alert LogsEnter the e-mail address the log is to be sent to.E-mail Log Now Press this button to let the log to be e-mailed immediately.LogEmail Alerts Use these checkboxes to determine which events are includedin the log. Checking all options will increase the size of thelog, so it is good practice to disable any events which are notreally required.x Unauthorized Login Attempt - If checked, the unau-thorized users who attempted to login to the Access Pointare logged.x Authorized Login - If checked, this will log the author-ized login TO this Access Point.x System Error Message - If checked, the system error message will be logged.x Configuration Changes - If checked, the changes of configuration will be logged. 75

Wireless Access Point User GuideFirmware Upgrade The firmware (software) in the Wireless Access Point can be upgraded using your WebBrowser.You must first download the upgrade file, and then select Upgrade Firmware in the Manage-ment section of the menu. You will see a screen like the following.Figure 63: Firmware Upgrade Screen To perform the Firmware Upgrade: 1. Click the Browse button and navigate to the location of the upgrade file.2. Select the upgrade file. Its name will appear in the Upgrade File field. 3. Click the Upgrade button to commence the firmware upgrade. The Wireless Access Point is unavailable during the upgrade process, and must restart when the up-grade is completed. Any connections to or through the Wireless Access Point will be lost. 76

A AAppendix A Specifications Wireless Access Point Hardware Specifications CPU AtherosRadio-on-Chip AtherosDRAM 32 MbytesFlash ROM 8 MbytesLAN port 1 x Auto-MDIX RJ 45 for 10/100/1000Mbps PoE portIEEE 802.3af complianceEmbedded Atheros solutionNetwork Standard IEEE 802.11b (Wi-Fi™) and IEEE 802.11g complianceOFDM; 802.11b: CCK (11 Mbps, 5.5 Mbps), DQPSK (2 Mbps), DBPSK (1 Mbps)Operating Frequencies 2.412.2.497 GHz 11bOperating Channels 802.11g: 11 for North America, 13 for Europe (ETSI), 14 for Japan 802.11b: 11 for North America, 14 for Japan, 13 for Europe (ETSI) 11nIEEE802.11n draft 2.0 compliantRx Sensitivity: 11.n: 300Mbps@ -69dBm, 11.g: 54Mbps@ -73dBm, 11.b: 11Mbps@ -88dBmAntennae 3 x 2dbi detachable antennaOperating temperature 0q C to 40q C Storage temperature -20q C to 70q C Power Adapter 12VDC 1A ExternalDimensions 165mm(W) * 153mm(D) * 33mm(H)77

Wireless Access Point User GuideSoftware Specifications Feature DetailsWireless x Access point supportx Roaming supportedx IEEE 802.11n/11g/11b compliancex Auto Sensing Open System / Share Key authentication x Wireless Channels Supportx Automatic Wireless Channel Selectionx Country Selectionx Preamble Type: long or short supportx RTS Threshold Adjustmentx Fragmentation Threshold Adjustmentx Beacon Interval Adjustmentx 8x Multi-BSSID assignmentx 802.11i pre-authenticationx Short Slot time supportx IEEE 802.11d x CTS-only & CTS/RTS protect mechanism supportx WMM supportx WPS supportx Wireless isolationsOperation Mode x Common AP+PTMP/PTP x Universal Repeater x Universal Clientx Rogue AP DetectionSecurity x Open, shared, WPA, WPA-PSK, and WPA2-PSK authentication x 64bit/128bit WEP, TKIP, AES-CCMP supportx 802.1x supportx EAP-MD5, EAP-TLS, EAP-TTLS, PEAP x RADIUS based MAC authenticationx Block inter-wireless station communication (wireless separation)x Block SSID broadcastManagement x Web based configurationx Configurable Web portx RADIUS Accounting x RADIUS-On feature x RADIUS Accounting updatex Telnet/CLIx Syslog/internal Logx Access Control listx Editable Configuration file backup/Restore78

Appendix A - Specifications x Statistics supportx SNMP v1 & v2c & v3 x LLTDx Only wired users to be able to controlx Auto configurationOther Features x DHCP client x WINS clientx Radius clientx Enable/Disable wireless x Network Integrality Checkx FTP client Firmware Upgrade x HTTP/FTP network protocol download79

Wireless Access Point User GuideFCC Statement This equipment has been tested and found to comply with the limits for a Class B digitaldevice, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonableprotection against harmful interference in a residential installation.This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communica-tions. However, there is no guarantee that interference will not occur in a particular installation.If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct theinterference by one of the following measures:x Reorient or relocate the receiving antenna. x Increase the separation between the equipment and receiver. x Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. x Consult the dealer or an experienced radio/TV technician for help.To assure continued compliance, any changes or modifications not expressly approved by theparty responsible for compliance could void the user's authority to operate this equipment.(Example - use only shielded interface cables when connecting to computer or peripheral devices).FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolledenvironment. This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body.This device complies with Part 15 of the FCC Rules. Operation is subject to the following twoconditions:(1) This device may not cause harmful interference, and(2) this device must accept any interference received, including interference that may cause undesired operation.This transmitter must not be co-located or operating in conjunction with any other antenna ortransmitter.80You are cautioned that changes or modifications not expressly approved by the party responsible for compliance could void your authority to operate the equipment.

B Appendix B Troubleshooting OverviewThis chapter covers some common problems that may be encountered while using the WirelessAccess Point and some possible solutions to them. If you follow the suggested steps and theWireless Access Point still does not function properly, contact your dealer for further advice.General Problems Problem 1: Can't connect to the Wireless Access Point to configure it. Solution 1: Check the following: x The Wireless Access Point is properly installed, LAN connections are OK, and it is powered ON. Check the LEDs for port status. x Ensure that your PC and the Wireless Access Point are on the samenetwork segment. (If you don't have a router, this must be the case.)x If your PC is set to "Obtain an IP Address automatically" (DHCP client), restart it. x You can use the following method to determine the IP address of theWireless Access Point, and then try to connect using the IP address, in-stead of the name.To Find the Access Point's IP Address 1. Open a MS-DOS Prompt or Command Prompt Window.2. Use the Ping command to “ping” the Wireless Access Point. Enterping followed by the Default Name of the Wireless Access Point.e.g. ping SC003318 3. Check the output of the ping command to determine the IP address of the Wireless Access Point, as shown below.Figure 64: PingIf your PC uses a Fixed (Static) IP address, ensure that it is using an IP Address which is compatible with the Wireless Access Point. (If no DHCP Server is found, the Wireless Access Point will default to an IP Address and Mask of 192.168.0.228 and 255.255.255.0.) On Windows PCs, you can use Control Panel-Network to check the Properties for the TCP/IP protocol.81

Wireless Access Point User GuideProblem 2: My PC can't connect to the LAN via the Wireless Access Point. Solution 2 Check the following: x The SSID and WEP settings on the PC match the settings on the Wire-less Access Point. x On the PC, the wireless mode is set to "Infrastructure"x If using the Access Control feature, the PC's name and address is in the Trusted Stations list. x If using 802.1x mode, ensure the PC's 802.1x software is configuredcorrectly. See Chapter 4 for details of setup for the Windows XP 802.1x client. If using a different client, refer to the vendor's documentation.82

C Appendix C Windows TCP/IP OverviewNormally, no changes need to be made. x By default, the Wireless Access Point will act as a DHCP client, automatically obtaining a suitable IP Address (and related information) from your DHCP Server. x If using Fixed (specified) IP addresses on your LAN (instead of a DHCP Server), there isno need to change the TCP/IP of each PC. Just configure the Wireless Access Point to match your existing LAN. The following sections provide details about checking the TCP/IP settings for various types of Windows, should that be necessary. Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Network. You should see a screen like the following:Figure 65: Network Configuration2. Select the TCP/IP protocol for your network card. 3. Click on the Properties button. You should then see a screen like the following.83

Wireless Access Point User GuideFigure 66: IP Address (Win 95) Ensure your TCP/IP settings are correct, as follows: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the defaultWindows settings. To work correctly, you need a DHCP server on your LAN. Using "Specify an IP Address" If your PC is already configured for a fixed (specified) IP address, no changes are required.(The Administrator should configure the Wireless Access Point with a fixed IP address fromthe same address range used on the PCs.)84

Appendix C - Windows TCP/IP Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below.Figure 67: Windows NT4.0 - TCP/IP2. Click the Properties button to see a screen like the one below. Figure 68: Windows NT4.0 - IP Address 85

Wireless Access Point User Guide3. Select the network card for your LAN. 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specifyan IP Address, as explained below.Obtain an IP address from a DHCP Server This is the default Windows setting. This is the default Windows settings. To work correctly, you need a DHCP server on your LAN. Using "Specify an IP Address" If your PC is already configured for a fixed (specified) IP address, no changes are required.(The Administrator should configure the Wireless Access Point with a fixed IP address fromthe same address range used on the PCs.)86

Appendix C - Windows TCP/IP Checking TCP/IP Settings - Windows 2000 1. Select Control Panel - Network and Dial-up Connection.2. Right click the Local Area Connection icon and select Properties. You should see a screen like the following:Figure 69: Network Configuration (Win 2000) 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button. You should then see a screen like the following.Figure 70: TCP/IP Properties (Win 2000) 87

Wireless Access Point User Guide5. Ensure your TCP/IP settings are correct:Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the defaultWindows setting. This is the default Windows settings. To work correctly, you need a DHCP server on your LAN. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured for a fixed (specified) IP address, no changes are required.(The Administrator should configure the Wireless Access Point with a fixed IP address fromthe same address range used on the PCs.)88

Appendix C - Windows TCP/IP Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Network Connection.2. Right click the Local Area Connection and choose Properties. You should see a screen like the following:Figure 71: Network Configuration (Windows XP)3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button. You should then see a screen like the following.Figure 72: TCP/IP Properties (Windows XP)89

Wireless Access Point User Guide5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the defaultWindows setting. To work correctly, you need a DHCP server on your LAN. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured for a fixed (specified) IP address, no changes are required.(The Administrator should configure the Wireless Access Point with a fixed IP address fromthe same address range used on the PCs.)90

Appendix C - Windows TCP/IP Checking TCP/IP Settings - Windows Vista 1. Select Control Panel - Network Connections.2. Right click the Local Area Connection Status and choose Properties. Click Continue tothe User Account Control dialog box, then you should see a screen like the following:Figure 73: Network Configuration (Windows Vista) 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button. You should then see a screen like the following.91

Wireless Access Point User GuideFigure 74: TCP/IP Properties (Windows Vista)5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the defaultWindows setting. To work correctly, you need a DHCP server on your LAN. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured for a fixed (specified) IP address, no changes are required.(The Administrator should configure the Wireless Access Point with a fixed IP address fromthe same address range used on the PCs.)92

D Appendix D About Wireless LANs OverviewWireless networks have their own terms and jargon. It is necessary to understand many of these terms in order to configure and operate a Wireless LAN. Wireless LAN TerminologyModesWireless LANs can work in either of two (2) modes:x Ad-hocx InfrastructureAd-hoc Mode Ad-hoc mode does not require an Access Point or a wired (Ethernet) LAN. Wireless Sta-tions (e.g. notebook PCs with wireless cards) communicate directly with each other. Infrastructure Mode In Infrastructure Mode, one or more Access Points are used to connect Wireless Stations (e.g. Notebook PCs with wireless cards) to a wired (Ethernet) LAN. The Wireless Stationscan then access all LAN resources. Access Points can only function in "Infrastructure" mode, and can communicate only with Wireless Stations which are set to "Infrastructure" mode. SSID/ESSIDBSS/SSIDA group of Wireless Stations and a single Access Point, all using the same ID (SSID), form a Basic Service Set (BSS). Using the same SSID is essential. Devices with different SSIDs are unable to communi-cate with each other. However, some Access Points allow connections from WirelessStations which have their SSID set to “any” or whose SSID is blank (null).ESS/ESSIDA group of Wireless Stations, and multiple Access Points, all using the same ID (ESSID), form an Extended Service Set (ESS). 93

Wireless Access Point User GuideDifferent Access Points within an ESS can use different Channels. To reduce interference, it is recommended that adjacent Access Points SHOULD use different channels.As Wireless Stations are physically moved through the area covered by an ESS, they will automatically change to the Access Point which has the least interference or best perform-ance. This capability is called Roaming. (Access Points do not have or require Roamingcapabilities.)ChannelsThe Wireless Channel sets the radio frequency used for communication.x Access Points use a fixed Channel. You can select the Channel used. This allows you tochoose a Channel which provides the least interference and best performance. For 802.11g, 13 channels are available in the USA and Canada, but 11channels are available in NorthAmerica if using 802.11b. x If using multiple Access Points, it is better if adjacent Access Points use different Chan-nels to reduce interference. The recommended Channel spacing between adjacent Access Points is 5 Channels (e.g. use Channels 1 and 6, or 6 and 11). x In "Infrastructure" mode, Wireless Stations normally scan all Channels, looking for an Access Point. If more than one Access Point can be used, the one with the strongest signalis used. (This can only happen within an ESS.) x If using "Ad-hoc" mode (no Access Point), all Wireless stations should be set to use thesame Channel. However, most Wireless stations will still scan all Channels to see if thereis an existing "Ad-hoc" group they can join.WEPWEP (Wired Equivalent Privacy) is a standard for encrypting data before it is transmitted. Thisis desirable because it is impossible to prevent snoopers from receiving any data which is transmitted by your Wireless Stations. But if the data is encrypted, then it is meaninglessunless the receiver can decrypt it. If WEP is used, the Wireless Stations and the Wireless Access Point must have the same settings.WPA-PSKLike WEP, data is encrypted before transmission. WPA is more secure than WEP, and shouldbe used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The 256Bit encryption key is derived from the PSK, and changes frequently.WPA2-PSKThis is a further development of WPA-PSK, and offers even greater security, using the AES (Advanced Encryption Standard) method of encryption.WPA-EnterpriseThis version of WPA requires a Radius Server on your LAN to provide the client authentica-tion according to the 802.1x standard. Data transmissions are encrypted using the WPAstandard.94

Appendix D - About Wireless LANs If this option is used:x The Access Point must have a "client login" on the Radius Server.x Each user must have a "user login" on the Radius Server.x Each user's wireless client must support 802.1x and provide the login data when required.All data transmission is encrypted using the WPA standard. Keys are automatically generated,so no key input is required.802.1xThis uses the 802.1x standard for client authentication, and WEP for data encryption. If possi-ble, you should use WPA-Enterprise instead, because WPA encryption is much stronger than WEP encryption.If this option is used:x The Access Point must have a "client login" on the Radius Server.x Each user must have a "user login" on the Radius Server.x Each user's wireless client must support 802.1x and provide the login data when required.x All data transmission is encrypted using the WEP standard. You only have to select theWEP key size; the WEP key is automatically generated.95

Appendix E Command Line Interface OverviewIf desired, the Command Line Interface (CLI) can be used for configuration. This creates the possibility of creating scripts to perform common configuration changes. The CLI requires a Telnet connection to the Wireless Access Point.Using the CLI - Telnet 1. Start your Telnet client, and establish a connection to the Access Point.e.g.Telnet 192.168.0.228 2. You will be prompted for the user name and password. Enter the same login name andpassword as used for the HTTP (Web) interface. The default values are admin for the User Name, and password for the Password. 3. Once connected, you can use any of the commands listed in the following CommandReference.Command Reference The following commands are available. config vap Config Virtual AP X ? Display CLI Command List help Display CLI Command List get 11nampdu Set 11n A-MPDU Aggregation Mode get 11namsdu Set 11n A-MSDU Aggregation Mode get 11nguardinterval Set 11n Guard Interval Mode get 11nsubchannel Set 11n Extension Sub-Channel get 11nradioband Set 11n Radio Band get 802.11d Display 802.11d Mode get acctserver Display Accounting Server get acctport Display Accounting Port get acctsecret Display Accounting Secret get acl Display Access Control Status get active Display VAP Active (up) Mode get aging Display Idle Timeout Interval get authentication Display Authentication Type of WEPE 96

Appendix E - Command Line Interface get beaconinterval Display Beacon Interval get channel Display Radio Channel get country Display Country/Domain get defaultkey Display Default Key Index get description Display Access Point Description get dhcp Display DHCP Mode get dhcpserverendip Display DHCP Server End IP Address get dhcpserverstartip Display DHCP Server start IP Address get dnsserver Display IP Address of DNS Server getdot1xdynkeyupdateDisplay 802.1x Dynamic Key Update Mode get dot1xdynkeylife Display 802.1x Dynamic Key Life Time (in Minutes) get dot1xkeytype Display 802.1x Distribute Key Method get fragthreshold Display Fragment Threshold get gateway Display Gateway IP Address get gtkupdate Display Group Key Update Mode get gtkupdateinterval Display Group Key Update Interval (in Seconds) get http Display HTTP Mode get httpport Display HTTP Port Number get https Display HTTPS Mode get httpsport Display HTTPS Port Number get ipaddr Display IP Address get ipmask Display IP Subnet Mask get isolation Display Isolate All Virtual APs State get key Display WEP Key Value get keylength Display WEP Key Length get lltd Display LLTD Mode get md5supplicant Display 802.1x MD5 Supplicant Mode get md5suppname Display 802.1x Supplicant MD5 Name get md5supppassword Display 802.1x Supplicant MD5 Password get md5supptype Display 802.1x MD5 Supplicant Type get nativevlanid Display Native VLAN ID get ntp Display NTP Server IP Address get operationmode Display Operation Mode get password Display Login Password 97

Wireless Access Point User Guide get psk Display Pre-shared Key get radiusserver Display RADIUS Server IP Address get radiusport Display RADIUS Port Number get radiussecret Display RADIUS Shared Secret get remoteptmp Display PTMP's Remote MAC Address List get remoteptp Display PTP's Remote MAC Address get roguedetect Display Rogue AP Detection Mode get rogueinteval Display Interval of Every Rogue AP Detection get roguelegal Display Legal AP List of Legal AP get roguetrap Display Rogue AP Detection Send SNMP Trap Mode get roguetype Display Rogue AP Definition get rtsthreshold Display RTS/CTS Threshold get security Display Wireless Security Mode get shortpreamble Display Short Preamble Usage get snmpreadcommu-nityDisplay SNMP Read Community get snmpwritecommu-nityDisplay SNMP Write Community get snmpmode Display SNMP Mode get snmpmanagemode Display SNMP Manager Mode get snmptrapmode Display SNMP Trap Mode get snmptrapversion Display SNMP Trap Version get snmpv3username Display SNMP v3 User Name get snmpv3authproto Display SNMP v3 Authentication Protocol get snmpv3authkey Display SNMP v3 Authentication Key get snmpv3privproto Display SNMP v3 Private Protocol get snmpv3privkey Display SNMP v3 Private Key get ssid Display Service Set ID get ssidbroadcast Display SSID Broadcast Mode get stp Display STP Mode get strictgtkupdate Display Group Key Update Strict Status get syslog Display Syslog Mode get syslogport Display Syslog Port get syslogserver Display Unicast Syslog Server Address get syslogseverity Display Syslog Severity Level98

Appendix E - Command Line Interface get systemname Display Access Point System Name get telnet Display Telnet Mode get time Display Current System Time get timezone Display Time Zone Setting get uptime Display Access Point Up Time get username Display Login User Name get vapname Display Virtual AP Name get version Display Firmware Version get vlan Display VLAN Operational State get vlanid Display the VLAN ID get wirelessmode Display Wireless LAN Mode get wirelessseparate Display Wireless Seprate Mode get wmm Display WMM Mode get wmmnoack Display WMM No Acknowledgement status set 11nampdu Set 11n A-MPDU Aggregation Mode set 11namsdu Set 11n A-MSDU Aggregation Mode set 11nguardinterval Set 11n Guard Interval Mode set 11nsubchannel Set 11n Extension Sub-Channel set 11nradioband Set 11n Radio Band set 802.11d Set 802.11d Mode set acctserver Set Accounting Server set acctport Set Accounting Port set acctsecret Set Accounting Secret set acl Set Access Control set active Set Active (up) Mode set aging Set Idle Timeout Interval set authentication Set Authentication Type of WEP set beaconinterval Set Beacon Interval set channel Set Radio Channel set country Set Country/Domain set defaultkey Set Default Key Index set description Set Access Point Description set dhcp Set DHCP Mode set dhcpserverendip Set DHCP Server End IP Address set dhcpserverstartip Set DHCP Server start IP Address99

Wireless Access Point User Guide set dnsserver Set DNS Server IP Address set dot1xdynkeyupdate Set 802.1x Dynamic Key Update Mode set dot1xdynkeylife Set 802.1x Dynamic Key Life Time (in Minutes) set dot1xkeytype Set 802.1x Distribute Key Method set fragthreshold Set Fragment Threshold set gateway Set Gateway IP Address set groupkeyupdate Set Group Key Update Mode set groupkeyupdatein-tervalSet Group Key Update Interval (in Minutes) set http Set HTTP Mode set httpport Set HTTP Port Number set https Set HTTPS Enable/Disable set httpsport Set HTTPS Port Number set ipaddr Set IP Address set ipmask Set IP Subnet Mask set isolation Set Isolate All Virtual APs State set key Set WEP Key Value set keylength Set WEP Key Length set lltd Set LLTD Mode set md5supplicant Set 802.1x MD5 Supplicant Mode set md5suppname Set 802.1x Supplicant MD5 Name set md5supppassword Set 802.1x Supplicant MD5 Password set md5supptype Set 802.1x MD5 Supplicant Type set nativevlanid Set Native VLAN ID set ntp Set NTP Server IP Address set operationmode Set operation Mode set password Modify Login Password set psk Modify Pre-shared Key set radiusserver Set RADIUS IP Address set radiusport Set RADIUS Port Number set radiussecret Set RADIUS Shared Secret set remoteptmp Set PTMP's Remote MAC Address List set remoteptp Set Remote PTP MAC Address set roguedetect Set Rogue AP Detection Mode set rogueinteval Set Interval of Rogue AP Detection(Range: 3 ~ 99) 100

Appendix E - Command Line Interface set roguelegal Add/Delete Legal AP MAC/OUI set roguesnmp Set Rogue AP Detection SNMP Trap Mode set roguetype Set Rogue AP Definition set rtsthreshold Set RTS/CTS Threshold set security Set Wireless Security Mode set shortpreamble Set Short Preamble set snmpreadcommu-nitySet SNMP Read Community set snmpwritecommu-nitySet SNMP Write Community set snmpmode Set SNMP Mode set snmpmanagemode Set SNMP Manager Mode set snmptrapmode Set SNMP Trap Mode set snmptrapversion Set SNMP Trap Version set snmpv3username Set SNMP v3 User Name set snmpv3authproto Set SNMP v3 Authentication Protocol set snmpv3authkey Set SNMP v3 Authentication Key set snmpv3privproto Set SNMP v3 Private Protocol set snmpv3privkey Set SNMP v3 Private Key set ssid Set Service Set ID set ssidsuppress Set SSID Broadcast Mode set stp Set STP Mode set strictgtkupdate Set Group Key Update Strict Status set syslog Set Syslog Mode set syslogport Set Syslog Port set syslogserver Set Unicast Syslog Server Address set syslogseverity Set Syslog Severity Level set systemname Set Access Point System Name set telnet Set Telnet Mode set timezone Set Time Zone Setting set username Modify Login User Name set vlan Set VLAN Operational State set vlanid Set the VLAN Tag set wirelessmode Set Wireless LAN Mode set wirelessseparate Set Wireless Seprate Mode 101

Wireless Access Point User Guide set wmm Set WMM Mode set wmmnoack Set WMM No Acknowledge factoryrestore Restore to Default Factory Settings apply To make the changes take effect exit Quit the telnet102