Sercomm AP51DAR 802.11a+g Wireless Access Point User Manual

Sercomm Corporation 802.11a+g Wireless Access Point

Contents

Users manual 1

802.11a+g Wireless
Access Point
User's Guide
i
TABLE OF CONTENTS
CHAPTER 1 INTRODUCTION .............................................................................................1
Features of your Wireless Access Point...........................................................................1
Package Contents ..............................................................................................................3
Physical Details..................................................................................................................4
CHAPTER 2 INSTALLATION...............................................................................................6
Requirements.....................................................................................................................6
Procedure...........................................................................................................................6
CHAPTER 3 ACCESS POINT SETUP..................................................................................9
Overview ............................................................................................................................9
Setup using the Windows Utility......................................................................................9
Setup using a Web Browser............................................................................................12
Basic Screen .....................................................................................................................15
Wireless Settings 11a Screen ..........................................................................................17
Wireless Settings 11b/g Screen.......................................................................................18
Security Profile Settings 11a Screen..............................................................................19
Security Profile Settings 11b/g Screen...........................................................................20
Security Profile Configuration Screen...........................................................................21
Radius Server Settings....................................................................................................31
Access Control .................................................................................................................33
Hotspot Settings...............................................................................................................35
Advanced Wireless Settings............................................................................................36
Advanced Access Point Settings.....................................................................................37
CHAPTER 4 PC AND SERVER CONFIGURATION .......................................................39
Overview ..........................................................................................................................39
Using WEP.......................................................................................................................39
Using WPA-PSK/WPA2-PSK ........................................................................................40
Using WPA-Enterprise ...................................................................................................41
802.1x Server Setup (Windows 2000 Server)................................................................42
802.1x Client Setup on Windows XP .............................................................................52
Using 802.1x Mode (without WPA) ...............................................................................58
CHAPTER 5 OPERATION AND STATUS.........................................................................59
Operation .........................................................................................................................59
General Screen.................................................................................................................59
Activity Log......................................................................................................................62
Wireless Station List .......................................................................................................63
Statistics Screen...............................................................................................................64
CHAPTER 6 OTHER SETTINGS & FEATURES .............................................................66
Overview ..........................................................................................................................66
Change Password Screen................................................................................................66
Remote Management ......................................................................................................68
Firmware Upgrade..........................................................................................................69
Backup/Restore Settings.................................................................................................70
Reboot AP ........................................................................................................................72
APPENDIX A SPECIFICATIONS .......................................................................................73
Wireless Access Point......................................................................................................73
APPENDIX B TROUBLESHOOTING ................................................................................76
Overview ..........................................................................................................................76
General Problems............................................................................................................76
APPENDIX C WINDOWS TCP/IP.......................................................................................78
Overview ..........................................................................................................................78
ii
Checking TCP/IP Settings - Windows 9x/ME:.............................................................78
Checking TCP/IP Settings - Windows NT4.0 ...............................................................80
Checking TCP/IP Settings - Windows 2000..................................................................82
Checking TCP/IP Settings - Windows XP ....................................................................84
Checking TCP/IP Settings - Windows Vista.................................................................86
APPENDIX D ABOUT WIRELESS LANS..........................................................................88
Overview ..........................................................................................................................88
Wireless LAN Terminology............................................................................................88
P/N: 956YHJ0001
Copyright © 2007. All Rights Reserved.
Document Version: 1.00
All trademarks and trade names are the properties of their respective owners.
1
Chapter 1
Introduction
This Chapter provides an overview of the Wireless Access Point's features
and capabilities.
Congratulations on the purchase of your new Wireless Access Point. The Wireless Access
Point links your 802.11a or 802.11b/g Wireless Stations to your wired LAN. The Wireless
stations and devices on the wired LAN are then on the same network, and can communicate
with each other without regard for whether they are connected to the network via a Wireless or
wired connection.
Figure 1: Wireless Access Point
The auto-sensing capability of the Wireless Access Point allows packet transmission up to
54Mbps for maximum throughput, or automatic speed reduction to lower speeds when the
environment does not permit maximum throughput.
Features of your Wireless Access Point
The Wireless Access Point incorporates many advanced features, carefully designed to provide
sophisticated functions while being easy to use.
Standards Compliant. The Wireless Access Point complies with the IEEE802.11g
(DSSS) specifications for Wireless LANs.
Supports 802.11a, 802.11b and 802.11g Wireless Stations. The Wireless Access
Point supports both the 2.4GHz (802.11b/802.11g) and 5.0GHz (802.11a) bands. This
allows all wireless stations (802.11b, 802.11a, and 802.11g ) to use the Access Point.
108Mbps Wireless Connections. On both the 2.4GHz (802.11b & 802.11g) and 5GHz
(802.11a) bands, 108Mbps connections are available to compatible clients.
1
Wireless Access Point User Guide
2
Bridge Mode Support. The Wireless Access Point can operate in Bridge Mode,
connecting to another Access Point. Both PTP (Point to Point) and PTMP (Point to Multi-
Point) Bridge modes are supported.
And you can even use both Bridge Mode and Access Point Mode simultaneously!
DHCP Client Support. Dynamic Host Configuration Protocol provides a dynamic IP
address to PCs and other devices upon request. The Wireless Access Point can act as a
DHCP Client, and obtain an IP address and related information from your existing DHPC
Server.
Upgradeable Firmware. Firmware is stored in a flash memory and can be upgraded
easily, using only your Web Browser.
Simple Configuration. If the default settings are unsuitable, they can be changed
quickly and easily.
PoE Support. You can use PoE (Power over Ethernet) to provide power to the Wireless
Access Point, so only a single cable connection is required.
Security Features
VLAN Support. The 802.1Q VLAN standard is supported, allowing traffic from
different sources to be segmented. Combined with the multiple SSID feature, this provides
a powerful tool to control access to your LAN.
WEP support. Support for WEP (Wired Equivalent Privacy) is included. 64 Bit, 128 Bit
and 152 Bit keys are all supported.
WPA support. Support for WPA is included. WPA is more secure than WEP, and
should be used if possible.
WPA2 support. This is a further development of WPA-PSK, and offers even greater
security, using the AES (Advanced Encryption Standard) method of encryption.
802.1x Support. Support for 802.1x mode is included, providing for the industrial-
strength wireless security of 802.1x authentication and authorization.
Radius Client Support. The Wireless Access Point can login to your existing Radius
Server (as a Radius client).
Radius MAC Authentication. You can centralize the checking of Wireless Station
MAC addresses by using a Radius Server.
Access Control. The Access Control feature can check the MAC address of Wireless
clients to ensure that only trusted Wireless Stations can use the Wireless Access Point to
gain access to your LAN.
Password - protected Configuration. Optional password protection is provided to
prevent unauthorized users from modifying the configuration data and settings.
Advanced Features
Radius Accounting Support. If you have a Radius Server, you can use it to provide
accounting data on Wireless clients.
Syslog Support. If you have a Syslog Server, the Wireless Access Point can send its log
data to your Syslog Server.
SNMP Support. SNMP (Simple Network Management Protocol) is supported, allowing
you to use a SNMP program to manage the Wireless Access Point.
Introduction
3
Package Contents
The following items should be included:
Wireless Access Point
Power Adapter
Quick Start Guide
CD-ROM containing the on-line manual and setup utility.
If any of the above items are damaged or missing, please contact your dealer immediately.
Wireless Access Point User Guide
4
Physical Details
Front Panel LEDs
Figure 2: Front Panel
Power On - Normal operation.
Off - No power
Status On - Error condition.
Off - Normal operation.
Blinking - During start up, and when the Firmware is being upgraded.
LAN 100 Link/Act
On - Corresponding LAN (hub) port is using 100BaseT.
Off - No active connection on the corresponding LAN (hub) port.
Flashing - Data is being transmitted or received via the
corresponding LAN (hub) port.
10 Link/Act
Off - No active connection on the LAN (Ethernet) port
On - Corresponding LAN (hub) port is using 10BaseT.
Flashing - Data is being transmitted or received via the
corresponding LAN (hub) port.
WLAN 5G
GHZ On - 802.11a Wireless connection is available.
Off - No 802.11a Wireless connection available.
Flashing - Data is being transmitted or received via the 802.11a Wireless
band. Data includes "network traffic" as well as user data.
WLAN
2.4GHZ On - 802.11g and/or 802.11b Wireless connection is available.
Off - 802.11g and 802.11b Wireless connections are not available.
Flashing - Data is being transmitted or received via the 802.11b/g
Wireless band. Data includes "network traffic" as well as user data.
Introduction
5
Rear Panel
Figure 3 Rear Panel
Antennae Two antennae (aerial) are supplied. Best results are usually obtained
with the antenna in a vertical position.
Power port Connect the supplied power adapter here.
Reset Button This button has two (2) functions:
Reboot. When pressed and released, the Wireless Access Point
will reboot (restart).
Reset to Factory Defaults. This button can also be used to clear
ALL data and restore ALL settings to the factory default values.
To Clear All Data and restore the factory default values:
1. Power on the Access Point.
2. Hold the Reset Button down until the Status (Red) LED blinks
TWICE.
3. Release the Reset Button.
The factory default configuration has now been restored, and the
Access Point is ready for use.
Ethernet Use a standard LAN cable (RJ45 connectors) to connect this port to a
10BaseT or 100BaseT hub on your LAN.
6
Chapter 2
Installation
This Chapter covers the physical installation of the Wireless Access Point.
Requirements
Requirements:
TCP/IP network
Ethernet cable with RJ-45 connectors
Installed Wireless network adapter for each PC that will be wirelessly connected to the
network
Procedure
1. Select a suitable location for the installation of your Wireless Access Point. To maximize
reliability and performance, follow these guidelines:
Use an elevated location, such as wall mounted or on the top of a cubicle.
Place the Wireless Access Point near the center of your wireless coverage area.
If possible, ensure there are no thick walls or metal shielding between the Wireless
Access Point and Wireless stations. Under ideal conditions, the Wireless Access Point
has a range of around 150 meters (450 feet). The range is reduced, and transmission
speed is lower, if there are any obstructions between Wireless devices.
Figure 4: Installation Diagram
2
Installation
7
2. Use a standard LAN cable to connect the “Ethernet” port on the Wireless Access Point to
a 10/100BaseT hub on your LAN.
3. Connect the supplied power adapter to the Wireless Access Point and a convenient power
outlet, and power up.
4. Check the LEDs:
The Status LED should flash, then turn OFF.
The Power, WLAN, and LAN LED should be ON.
For more information, refer to Front Panel LEDs in Chapter 1.
Using PoE (Power over Ethernet)
The Wireless Access Point supports PoE (Power over Ethernet). To use PoE:
1. Do not connect the supplied power adapter to the Wireless Access Point.
2. Connect one end of a standard (category 5) LAN cable to the Ethernet port on the
Wireless Access Point.
3. Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE
Adapter. (24V DC, 500mA)
4. Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch.
5. Connect the power supply to the PoE adapter and power up.
6. Check the LEDs on the Wireless Access Point to see it is drawing power via the Ethernet
connection.
Figure 5: Using PoE (Power over Ethernet)
9
Chapter 3
Access Point Setup
This Chapter provides details of the Setup process for Basic Operation of
your Wireless Access Point.
Overview
This chapter describes the setup procedure to make the Wireless Access Point a valid device
on your LAN, and to function as an Access Point for your Wireless Stations.
Wireless Stations may also require configuration. For details, see Chapter 4 - Wireless Station
Configuration.
The Wireless Access Point can be configured using either the supplied Windows utility or your
Web Browser
Setup using the Windows Utility
A simple Windows setup utility is supplied on the CD-ROM. This utility can be used to assign
a suitable IP address to the Wireless Access Point. Using this utility is recommended, because
it can locate the Wireless Access Point even if it has an invalid IP address.
Installation
1. Insert the supplied CD-ROM in your drive.
2. If the utility does not start automatically, run the SETUP program in the root folder.
3. Follow the prompts to complete the installation.
Main Screen
Start the program by using the icon created by the setup program.
When run, the program searches the network for all active Wireless Access Points, then
lists them on screen, as shown by the example below.
3
Wireless Access Point User Guide
10
Figure 6: Management utility Screen
Wireless Access Points
The main panel displays a list of all Wireless Access Points found on the network. For each
Access Point, the following data is shown:
Name The Name is shown on a sticker on the base of the device.
IP address The IP address for the Wireless Access Point.
MAC Address The hardware or physical address of the Wireless Access Point.
IEEE Standard The wireless standard or standards used by the Wireless Access Point
(e.g. 802.11b, 802.11g)
FW Version The current Firmware version installed in the Wireless Access Point.
Description Any extra information for the Wireless Access Point, entered by the
administrator.
Note: If the desired Wireless Access Point is not listed, check that the device is installed and
ON, then update the list by clicking the Refresh button.
Buttons
Reset to Default Click this button to reset the Wireless Access Point with default
settings.
Refresh Click this button to update the Wireless Access Point device listing
after changing the name or IP Address.
Detail When clicked, additional information about the selected Access
Point will be displayed.
Web Management Use this button to connect to the Wireless Access Point's Web-
based management interface.
Set IP Address Click this button if you want to change the IP Address of the
Wireless Access Point.
Exit Exit the Management utility program by clicking this button.
Access Point Setup
11
Setup Procedure
1. Select the desired Wireless Access Point.
2. Click the Set IP Address button.
3. If prompted, enter the user name and password. The default values are admin for the
User Name, and password for the Password.
4. Ensure the IP address, Network Mask, and Gateway are correct for your LAN. Save any
changes.
5. Click the Web Management button to connect to the selected Wireless Access Point using
your Web Browser. If prompted, enter the User Name and Password again.
6. Configure the following screens, using the on-line help if necessary.
The following section also provides more details about each of these screens.
7. Setup is now complete.
Wireless Access Point User Guide
12
Setup using a Web Browser
Your Browser must support JavaScript. The configuration program has been tested on the
following browsers:
Netscape V4.08 or later
Internet Explorer V4 or later
Setup Procedure
Before commencing, install the Wireless Access Point in your LAN, as described previously.
1. Check the Wireless Access Point to determine its Default Name. This is shown on a label
on the base or rear, and is in the following format:
SCxxxxxx
Where xxxxxx is a set of 6 Hex characters ( 0 ~ 9, and A ~ F ).
2. Use a PC which is already connected to your LAN, either by a wired connection or
another Access Point.
Until the Wireless Access Point is configured, establishing a Wireless connection to it
may be not possible.
If your LAN contains a Router or Routers, ensure the PC used for configuration is on
the same LAN segment as the Wireless Access Point.
3. Start your Web browser.
4. In the Address box, enter "HTTP://" and the Default Name of the Wireless Access Point
e.g.
HTTP://SC2D631A
5. You should then see a login prompt, which will ask for a User Name and Password.
Enter admin for the User Name, and password for the Password.
These are the default values. The password can and should be changed. Always enter the
current user name and password, as set on the Change Password screen.
Figure 7: Password Dialog
6. You will then see the General screen, which displays the current settings and status. No
data input is possible on this screen.
Access Point Setup
13
7. From the menu, check the following screens, and configure as necessary for your
environment. Details of these screens and settings are described in the following sections
of this chapter.
General
Setup
Basic Settings
Wireless Settings 11a
Wireless Settings 11b/g
Security
Security Profile Settings 11a
Security Profile Settings 11b/g
Radius Server Settings
Access Control 11a
Access Control 11b/g
Management
Change Password
Remote Management
Upgrade Firmware
Backup/Restore Settings
Reboot AP
Information
Activity Log
Wireless Station List
Statistics
Advanced
Hotspot Settings
Wireless Settings 11a
Wireless Settings 11b/g
Access Point Settings 11a
Access Point Settings 11b/g
8. Setup of the Wireless Access Point is now complete.
Wireless stations must now be set to match the Wireless Access Point. See Chapter 4 for
details.
If you can't connect:
It is likely that your PC’s IP address is incompatible with the Wireless Access
Point’s IP address. This can happen if your LAN does not have a DHCP Server.
The default IP address of the Wireless Access Point is 192.168.0.228, with a
Network Mask of 255.255.255.0.
If your PC’s IP address is not compatible with this, you must change your PC’s IP
address to an unused value in the range 192.168.0.1 ~ 192.168.0.254, with a
Network Mask of 255.255.255.0. See Appendix C - Windows TCP/IP for details
for this procedure.
Wireless Access Point User Guide
14
General Screen
When you first connect, you will see the General screen. This displays the current settings and
status of the Wireless Access Point. No data can be input on this screen.
Figure 8: General Screen
For further details of this screen, refer to General Screen in Chapter 5.
Access Point Setup
15
Basic Screen
Click Basic Settings on the menu to view a screen like the following.
Figure 9: Basic Settings Screen
Data - Basic Settings Screen
Basic
Access Point
Name Enter a suitable name for this Access Point.
Wireless Access Point User Guide
16
Country/Region Select the country or domain matching your current location.
TCP/IP
DHCP Client Enable this option if you have a DHCP Server on your LAN, and you
wish the Access Point to obtain an IP address automatically.
If disable is selected, the following data must be entered.
IP Address - The IP Address of this device. Enter an unused IP
address from the address range on your LAN.
IP Subnet Mask - The Network Mask associated with the IP
Address above. Enter the value used by other devices on your
LAN.
Default Gateway - The IP Address of your Gateway or Router.
Enter the value used by other devices on your LAN.
DNS Server - Enter the DNS (Domain Name Server) used by PCs
on your LAN.
Enable 802.1Q
VLAN This option is only useful if the hubs/switches on your LAN support
the VLAN standard.
Management
VLAN ID Define the VLAN IDs used for management.
Time Zone
Time Zone Choose the Time Zone for your location from the drop-down list. If
your location is currently using Daylight Saving, enable the Adjust for
Daylight Saving Time checkbox.
You must UNCHECK this checkbox when Daylight Saving Time
finishes.
Adjust For
Daylight saving
time
If your location uses daylight saving, check this at the beginning of the
daylight saving period, and uncheck it at the end of the daylight saving
period.
Current Time It displays the current date and time.
Access Point Setup
17
Wireless Settings 11a Screen
The settings on this screen must match the settings used by Wireless Stations.
Click Wireless Settings 11a on the menu to view a screen like the following.
Figure 10: Wireless Settings 11a Screen
Data - Wireless Settings 11a Screen
Wireless LAN
Turn Radio On Use this checkbox to Enable or Disable this feature as desired.
Operating Mode Select the desired option:
802.11a Only - this is the default, and will allow connections by
802.11a wireless stations.
Channel/Freque
ncy If "Auto" is selected, the Wireless Access Point will self-select a
Wireless Channel.
If you experience interference (shown by lost connections and/or slow
data transfers) you may need to experiment with different channels to
see which Channel is the best.
Date Rate This displays the available transmit data rate of the wireless network.
Output Power Select the desired power output. Higher levels will give a greater
range, but are also more likely to cause interference with other devices.
Wireless Access Point User Guide
18
Wireless Settings 11b/g Screen
The settings on this screen must match the settings used by Wireless Stations.
Click Wireless Settings 11b/g on the menu to view a screen like the following.
Figure 11: Wireless Settings 11b/g Screen
Data - Wireless Settings 11b/g Screen
Wireless LAN
Turn Radio On Use this checkbox to Enable or Disable this feature as desired.
Operating Mode Select the desired option:
Auto (802.11g/802.11b) - this is the default, and will allow
connections by 802.11b and 802.11g wireless stations.
802.11b Only - if selected, only 802.11b connections are allowed.
802.11g wireless stations will only be able to connect if they are
fully backward-compatible with the 802.11b standard.
802.11g Only - only 802.11g connections are allowed. If you only
have 802.11g, selecting this option may provide a performance
improvement over using the default setting.
Channel/Freque
ncy If "Auto" is selected, the Wireless Access Point will self-select a
Wireless Channel.
If you experience interference (shown by lost connections and/or slow
data transfers) you may need to experiment with different channels to
see which Channel is the best.
Date Rate This displays the available transmit data rate of the wireless network.
Output Power Select the desired power output. Higher levels will give a greater
range, but are also more likely to cause interference with other devices.
Access Point Setup
19
Security Profile Settings 11a Screen
Clicking the Security Profile Settings 11a link on the menu will result in a screen like the
following.
Figure 12: Security Profile Settings 11a Screen
Data - Security Profile Settings 11a Screen
Profile Name The current Profile name is displayed.
SSID The current SSID associated with this Profile.
Security The current security system (e.g. WPA-PSK) is displayed.
Enable Enable the selected Profile.
Edit Button Change the settings for the selected Profile.
Wireless Access Point User Guide
20
Security Profile Settings 11b/g Screen
Clicking the Security Profile Settings 11b/g link on the menu will result in a screen like the
following.
Figure 13: Security Profile Settings 11b/g Screen
Data - Security Profile Settings 11b/g Screen
Profile Name The current Profile name is displayed.
SSID The current SSID associated with this Profile.
Security The current security system (e.g. WPA-PSK) is displayed.
Enable Enable the selected Profile.
Edit Button Change the settings for the selected Profile.
Access Point Setup
21
Security Profile Configuration Screen
This screen is displayed when you select a Profile on the Security Profile Settings screen, and
click the Edit button.
Figure 14: Security Profile Configuration Screen
Profile Data
Enter the desired settings for each of the following:
Security Profile
Name Enter a suitable name for this Profile.
Wireless Network
Name (SSID) Enter the desired SSID. Each Profile must have a unique SSID.
Broadcast Wireless
Network Name If Disabled, no SSID is broadcast.
If enabled, the SSID will then be broadcast to all Wireless Stations.
Stations which have no SSID (or a "null" value) can then adopt the
correct SSID for connections to this Access Point.
Network
Authentication Select the desired option from the drop-down list, and enter the
required data in the provided fields.
Wireless Access Point User Guide
22
Wireless Client
Security Separation If enabled, then each Wireless station using the Access Point is
invisible to other Wireless stations. In most business stations, this
setting should be Disabled.
Security Settings
Select the desired option, and then enter the settings for the selected method.
The available options are:
WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption
system is not very strong.
WPA-PSK - Like WEP, data is encrypted before transmission. WPA is more secure than
WEP, and should be used if possible. The PSK (Pre-shared Key) must be entered on each
Wireless station. The 256Bit encryption key is derived from the PSK, and changes
frequently.
WPA with Radius - This version of WPA requires a Radius Server on your LAN to
provide the client authentication according to the 802.1x standard. Data transmissions are
encrypted using the WPA standard.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must have a "user login" on the Radius Server.
Each user's wireless client must support 802.1x and provide the login data when
required.
All data transmission is encrypted using the WPA standard. Keys are automatically
generated, so no key input is required.
WPA2-PSK - This is a further development of WPA-PSK, and offers even greater
security, using the AES (Advanced Encryption Standard) method of encryption.
WPA-PSK and WPA2-PSK - This method, sometimes called "Mixed Mode", allows
clients to use EITHER WPA-PSK (with TKIP) OR WPA2-PSK (with AES).
WPA2 with Radius - This version of WPA2 requires a Radius Server on your LAN to
provide the client authentication according to the 802.1x standard. Data transmissions are
encrypted using the WPA2 standard.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Each user must authenticate on the Radius Server. This is usually done using digital
certificates.
Each user's wireless client must support 802.1x and provide the Radius authentication
data when required.
All data transmission is encrypted using the WPA2 standard. Keys are automatically
generated, so no key input is required.
WPA and WPA2 with Radius - EITHER WPA or WPA2 require a Radius Server on
your LAN to provide the client authentication according to the 802.1x standard. Data
transmissions are encrypted using EITHER WPA or WPA2 standard.
If this option is selected:
This Access Point must have a "client login" on the Radius Server.
Access Point Setup
23
Each user must authenticate on the Radius Server. This is usually done using digital
certificates.
Each user's wireless client must support 802.1x and provide the Radius authentication
data when required.
All data transmission is encrypted using EITHER WPA or WPA2 standard. Keys are
automatically generated, so no key input is required.
Security Settings - WEP
This is the 802.11b standard. Data is encrypted before transmission, but the encryption system
is not very strong.
Figure 15: WEP Wireless Security
Wireless Access Point User Guide
24
Data - WEP Screen
WEP
Data
Encryption Select the desired option, and ensure your Wireless stations have the
same setting:
None - No security is used. Anyone using the correct SSID can
connect to your network.
64 bits WEP - Keys are 10 Hex (5 ASCII) characters.
128 bits WEP - Keys are 26 Hex (13 ASCII) characters.
152 bits WEP - Keys are 32 Hex (16 ASCII) characters.
Passphrase Use this to generate a key or keys, instead of entering them directly.
Enter a word or group of printable characters in the Passphrase box
and click the "Generate Keys" button to automatically configure the
WEP Key(s). If encryption strength is set to 64 bit, then each of the
four key fields will be populated with key values. If encryption
strength is set to 128 bit, then only the selected WEP key field will be
given a key value.
Key Value Enter the key values you wish to use. The default key, selected by the
radio button, is required. The other keys are optional. Other stations
must have matching key values.
Access Point Setup
25
Security Settings - WPA-PSK
Like WEP, data is encrypted before transmission. WPA is more secure than WEP, and should
be used if possible. The PSK (Pre-shared Key) must be entered on each Wireless station. The
256Bit encryption key is derived from the PSK, and changes frequently.
Figure 16: WPA-PSK Wireless Security
Data - WPA-PSK Screen
WPA-PSK
Data Encryption Select the desired option. Other Wireless Stations must use the
same method.
TKIP - Unicast (point-to-point) transmissions are
encrypted using TKIP, and multicast (broadcast)
transmissions are not encrypted.
WPA Passphrase Enter the key value. Data is encrypted using a 256Bit key
derived from this key. Other Wireless Stations must use the
same key.
Wireless Access Point User Guide
26
Security Settings - WPA2-PSK
This is a further development of WPA-PSK, and offers even greater security, using the AES
(Advanced Encryption Standard) method of encryption.
Figure 17: WPA2-PSK Wireless Security Screen
Data - WPA2-PSK Screen
WPA2-PSK
Data Encryption The encryption method is AES. Wireless Stations must also use
AES.
WPA Passphrase Enter the key value. Data is encrypted using a 256Bit key derived
from this key. Other Wireless Stations must use the same key.
Access Point Setup
27
Security Settings - WPA-PSK and WPA2-PSK
This method, sometimes called "Mixed Mode", allows clients to use EITHER WPA-PSK (with
TKIP) OR WPA2-PSK (with AES).
Figure 18: WPA-PSK and WPA2-PSK Wireless Security Screen
Data - WPA-PSK and WPA2-PSK Screen
WPA-PSK and WPA2-PSK
Data Encryption The encryption method is TKIP for WPA-PSK, and AES for
WPA2-PSK.
WPA Passphrase Enter the key value. Data is encrypted using this key. Other
Wireless Stations must use the same key.
Wireless Access Point User Guide
28
Security Settings - WPA with Radius
This version of WPA requires a Radius Server on your LAN to provide the client
authentication according to the 802.1x standard. Data transmissions are encrypted using the
WPA standard.
Figure 19: WPA with Radius Wireless Security Screen
Data - WPA with Radius Screen
WPA with Radius
Data Encryption Select the desired option. Other Wireless Stations must use the
same method.
TKIP - Unicast (point-to-point) transmissions are encrypted
using TKIP, and multicast (broadcast) transmissions are not
encrypted.
Access Point Setup
29
Security Settings - WPA2 with Radius
This version of WPA2 requires a Radius Server on your LAN to provide the client
authentication according to the 802.1x standard. Data transmissions are encrypted using the
WPA2 standard.
Figure 20: WPA2 with Radius Wireless Security Screen
Data - WPA2 with Radius Screen
WPA2 with Radius
Data Encryption The encryption method is AES. Wireless Stations must also use
AES.
Wireless Access Point User Guide
30
Security Settings - WPA and WPA2 with Radius
EITHER WPA or WPA2 require a Radius Server on your LAN to provide the client
authentication according to the 802.1x standard. Data transmissions are encrypted using
EITHER WPA or WPA2 standard.
Figure 21: WPA and WPA2 with Radius Wireless Security Screen
Data - WPA and WPA2 with Radius Screen
WPA and WPA2 with Radius
Data Encryption The encryption method is TKIP for WPA, and AES for WPA2.
Access Point Setup
31
Radius Server Settings
Clicking the Radius Server Settings link on the menu will result in a screen like the following.
Figure 22: Radius Server Settings
Wireless Access Point User Guide
32
Data - Radius Server Settings Screen
Primary/Secondary Authentication Server
IP Address Enter the IP address of the Radius Server on your network.
Port Number Enter the port number used for connections to the Radius
Server.
Shared Secret Enter the key value to match the Radius Server.
Secondary
Authentication Server The Backup Authentication Server will be used when the
Primary Authentication Server is not available.
Authentication Settings
Re-authentication Time Enter the desired value in the following field.
Update Global Key
every.. This refers to the key used for broadcast transmissions. Enable
this if you want the keys to be updated regularly. Enter the
desired value to determine how often the Group key is
dynamically updated.
Update if any station
disassociates If enabled, the Group key will be updated whenever any
member leaves the group or disassociates from the Access
Point.
Primary/Secondary Accounting Server
IP Address Enter the IP address in the following fields if you want this
Access Point to send accounting data to the Radius Server.
Port Number The port used by your Radius Server must be entered in the
field.
Shared Secret Enter the key value to match the Radius Server.
Secondary Accounting
Server The Backup Accounting Server will be used when the Primary
Accounting Server is not available.
Access Point Setup
33
Access Control
This feature can be used to block access to your LAN by unknown or untrusted wireless
stations.
Click Access Control on the menu to view a screen like the following.
Figure 23: Access Control Screen
Data - Access Control Screen
Turn Access
Control On Use this checkbox to Enable or Disable this feature as desired.
Warning ! Ensure your own PC is in the "Trusted Wireless Stations"
list before enabling this feature.
Select Access
Control
Database
Select the desired option as required.
Trusted Wireless
Stations This table lists any Wireless Stations you have designated as
"Trusted". If you have not added any stations, this table will be empty.
For each Wireless station, the following data is displayed:
MAC Address - the MAC or physical address of each
Wireless station.
Available
Wireless Stations This table lists any Wireless Stations which are available on the
network. For each Wireless station, the following data is displayed:
Station ID - the name of the Wireless station.
MAC Address - the MAC or physical address of each
Wireless station.
Wireless Access Point User Guide
34
MAC Address Enter the required data and click Add button if you want to add a
Wireless Station manually.
Buttons
Delete Delete a Trusted Wireless Station from the list
Add To add a Trusted Station which is not in the "Available Trusted
Wireless Stations" list, enter the required data and click this button.
Access Point Setup
35
Hotspot Settings
Clicking the Hotspot Settings link on the Advanced menu will result in a screen like the
following.
Figure 24: Hotspot Settings
Data - Hotspot Settings Screen
Hotspot
Enable HTTP Redirect Enable this if you want HTTP requests to be "captured" and re-
directed to the URL you specify
URL Enter the URLwhich you want HTTP requests to redirect to.
Wireless Access Point User Guide
36
Advanced Wireless Settings
Clicking the Wireless Settings link on the Advanced menu will result in a screen like the
following.
Figure 25: Advanced Wireless Settings
Data - Advanced Wireless Settings Screen
Wireless LAN Parameters
Super-A Mode Check this to enable Super-A mode as required.
Enable WMM Support Check this to enable WMM (Wi-Fi Multimedia) support in the
Access Point. If WMM is also supported by your wireless
clients, voice and multimedia traffic will be given a higher
priority than other traffic.
RTS/CTS Threshold Enter the preferred setting between 0 and 2346.
Fragmentation Enter the preferred setting between 256 and 2346.
Beacon Interval Enter the preferred setting between 20 and 1000.
DTIM Interval Enter the preferred setting between 1 and 255.
Access Point Setup
37
Advanced Access Point Settings
Clicking the Access Point Settings link on the Advanced menu will result in a screen like the
following.
Figure 26: Advanced Access Point Settings
Wireless Access Point User Guide
38
Data - Advanced Access Point Settings Screen
Access Point Mode
Enable Wireless
Bridging and… Check this and select the option as required.
Wireless Point-to-Point Bridge (PTP) - Bridge to a single
AP. You must provide the MAC address of the other AP in
the Remote MAC Address field.
Wireless Point to Multi-Point Bridge (PTMP) - Select
this only if this AP is the "Master" for a group of Bridge-
mode APs. The other Bridge-mode APs must be set to
Point-to-Point Bridge mode, using this AP's MAC address.
They then send all traffic to this "Master".
Repeater with Wireless Client Association - Act as a
repeater for another Access Point. If selected, you must
provide the address (MAC address) of the other AP in the
Parent AP MAC Address field. In this mode, all traffic is
sent to the specified AP.
Wireless Point-to-Point Bridge
Enable Wireless Client
Association Check this to enable this feature as required.
Local MAC Address It displays the MAC Address of this AP.
Remote MAC Address Enter the MAC Address of the other AP.
Wireless Point to Multi-Point Bridge
Enable Wireless Client
Association Check this to enable this feature as required.
Local MAC Address It displays the MAC Address of this AP.
Remote MAC Address
(1~4) Enter the MAC Addresses of the other APs.
Repeater with Wireless Client Association
Local MAC Address It displays the MAC Address of this AP.
Parent AP MAC
Address Enter the MAC Addresses of the parent AP.
Child AP MAC
Address This is optional.
39
Chapter 4
PC and Server Configuration
This Chapter details the PC Configuration required for each PC on the local
LAN.
Overview
All Wireless Stations need to have settings which match the Wireless Access Point. These
settings depend on the mode in which the Access Point is being used.
If using WEP or WPA-PSK, it is only necessary to ensure that each Wireless station's
settings match those of the Wireless Access Point, as described below.
For 802.1x mode, configuration is much more complex. The Radius Server must be
configured correctly, and setup of each Wireless station is also more complex.
Using WEP
For each of the following items, each Wireless Station must have the same settings as the
Wireless Access Point.
SSID (ESSID) This must match the value used on the Wireless Access Point.
Note! The SSID is case sensitive.
Wireless
Security
Each Wireless station must be set to use WEP data encryption.
The Key size (64 bit, 128 bit or 152 bit) must be set to match the
Access Point.
The keys values on the PC must match the key values on the Access
Point.
Note:
On some systems, the "64 bit" key is shown as "40 bit" and "128 bit" is
shown as "104 bit". This difference arises because the key input by the
user is 24 bits less than the key size used for encryption.
4
Wireless Access Point User Guide
40
Using WPA-PSK/WPA2-PSK
For each of the following items, each Wireless Station must have the same settings as the
Wireless Access Point.
Mode On each PC, the mode must be set to Infrastructure.
SSID (ESSID) This must match the value used on the Wireless Access Point.
The default value is wireless
Note! The SSID is case sensitive.
Wireless
Security On each client, Wireless security must be set to WPA-PSK.
The Pre-shared Key entered on the Access Point must also be
entered on each Wireless client.
The Encryption method (e.g. TKIP, AES) must be set to match the
Access Point.
PC and Server Configuration
41
Using WPA-Enterprise
This is the most secure and most complex system.
WPA-Enterprise provides greater security and centralized management, but it is more complex
to configure.
Wireless Station Configuration
For each of the following items, each Wireless Station must have the same settings as the
Wireless Access Point.
SSID (ESSID) This must match the value used on the Wireless Access Point.
Note! The SSID is case sensitive.
802.1x
Authentication Each client must obtain a Certificate which is used for authentication for
the Radius Server.
802.1x
Encryption Typically, EAP-TLS is used. This is a dynamic key system, so keys do
NOT have to be entered on each Wireless station.
Radius Server Configuration
If using WPA-Enterprise mode, the Radius Server on your network must be configured as
follow:
It must provide and accept Certificates for user authentication.
There must be a Client Login for the Wireless Access Point itself.
The Wireless Access Point will use its Default Name as its Client Login name.
The Shared Key, set on the Security Profile Settings Screen of the Access Point, must
match the Shared Secret value on the Radius Server.
Encryption settings must be correct.
Wireless Access Point User Guide
42
802.1x Server Setup (Windows 2000 Server)
This section describes using Microsoft Internet Authentication Server as the Radius Server,
since it is the most common Radius Server available that supports the EAP-TLS authentication
method.
The following services on the Windows 2000 Domain Controller (PDC) are also required:
dhcpd
dns
rras
webserver (IIS)
Radius Server (Internet Authentication Service)
Certificate Authority
Windows 2000 Domain Controller Setup
1. Run dcpromo.exe from the command prompt.
2. Follow all of the default prompts, ensure that DNS is installed and enabled during
installation.
Services Installation
1. Select the Control Panel - Add/Remove Programs.
2. Click Add/Remove Windows Components from the left side.
3. Ensure that the following components are activated (selected):
Certificate Services. After enabling this, you will see a warning that the computer
cannot be renamed and joined after installing certificate services. Select Yes to select
certificate services and continue
World Wide Web Server. Select World Wide Web Server on the Internet Information
Services (IIS) component.
From the Networking Services category, select Dynamic Host Configuration Protocol
(DHCP), and Internet Authentication Service (DNS should already be selected and
installed).
PC and Server Configuration
43
Figure 27: Components Screen
4. Click Next.
5. Select the Enterprise root CA, and click Next.
Figure 28: Certification Screen
6. Enter the information for the Certificate Authority, and click Next.
Wireless Access Point User Guide
44
Figure 29: CA Screen
7. Click Next if you don't want to change the CA's configuration data.
8. Installation will warn you that Internet Information Services are running, and must be
stopped before continuing. Click Ok, then Finish.
DHCP server configuration
1. Click on the Start - Programs - Administrative Tools - DHCP
2. Right-click on the server entry as shown, and select New Scope.
Figure 30: DHCP Screen
3. Click Next when the New Scope Wizard Begins.
4. Enter the name and description for the scope, click Next.
5. Define the IP address range. Change the subnet mask if necessary. Click Next.
PC and Server Configuration
45
Figure 31:IP Address Screen
6. Add exclusions in the address fields if required. If no exclusions are required, leave it
blank. Click Next.
7. Change the Lease Duration time if preferred. Click Next.
8. Select Yes, I want to configure these options now, and click Next.
9. Enter the router address for the current subnet. The router address may be left blank if
there is no router. Click Next.
10. For the Parent domain, enter the domain you specified for the domain controller setup, and
enter the server's address for the IP address. Click Next.
Figure 32: DNS Screen
11. If you don't want a WINS server, just click Next.
12. Select Yes, I want to activate this scope now. Click Next, then Finish.
13. Right-click on the server, and select Authorize. It may take a few minutes to complete.
Wireless Access Point User Guide
46
Certificate Authority Setup
1. Select Start - Programs - Administrative Tools - Certification Authority.
2. Right-click Policy Settings, and select New - Certificate to Issue.
Figure 33: Certificate Authority Screen
3. Select Authenticated Session and Smartcard Logon (select more than one by holding down
the Ctrl key). Click OK.
Figure 34: Template Screen
4. Select Start - Programs - Administrative Tools - Active Directory Users and Computers.
5. Right-click on your active directory domain, and select Properties.

Navigation menu