Z Com ZAC102329 IEEE 802.11 b/g/n Wireless CPE User Manual 1 Revised

Z Com Inc IEEE 802.11 b/g/n Wireless CPE 1 Revised

Contents

User Manual 1 Revised

P. 1      IEEE 802.11b/g/n Wireless CPE/ IEEE 802.11a/n Wireless CPE  User’s Manual Model name: ZAC-1023-2-9 / ZAC-1023-5-13 ZAC-501 / ZAC-502 ZWA-3070 / ZWA-3080 ZN-7200-2EI / ZN-7200-2AEI-L   V1.0   May 2014
 P.  2  Copyright Copyright © 2014 all rights reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system, translated into any language, or transmitted in any form or by any means without the written permission of the supplier. About This Manual This user manual is intended to guide professional installer to install the IEEE 802.11n ZAC Access Point series and how to build the infrastructure centered on it. It includes procedures to assist you in avoiding unforeseen problems. Conventions For your attention on important parts, special characters and patterns are used in this manual:    This indicates an important note that you must pay attention to.     This indicates a warning or caution that you have to abide.  Bold: Indicates the function, important words, and so on.Warning: Note:
 P.  3  Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.    These limits are designed to provide reasonable protection against harmful interference in a residential installation.    This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.    However, there is no guarantee that interference will not occur in a particular installation.    If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:  -  Reorient or relocate the receiving antenna. -  Increase the separation between the equipment and receiver. -  Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. -  Consult the dealer or an experienced radio/TV technician for help. -  Verify that the ambient temperature remains between 0 to 40° C, taking into account the elevated temperatures when installed in a rack or enclosed space. -  Verify the integrity of the electrical ground before installing the device.  This  device  complies  with  Part  15  of  the  FCC  Rules.  Operation  is  subject  to  the  following  two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.  FCC  Caution:  Any  changes  or  modifications  not  expressly  approved  by  the  party  responsible  for compliance could void the user's authority to operate this equipment.
 P.  4  FCC Radiation Exposure Statement: This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment.   To avoid the possibility of exceeding radio frequency exposure limits, you shall beep a distance of at least 100cm between you and the antenna of the installed equipment.    This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.  The  availability  of  some  specific  channels  and/or  operational  frequency  bands  are  country dependent and are firmware programmed at the factory to match the intended destination. The firmware setting is not accessible by the end user.  根據低功率電波輻射性電機管理辦法 (1) 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 (2) 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。  前項合法通信,指依電信法規定作業之無線電通信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
 P.  5  Warranty Hardware warranty is for one (1) year from date of shipment from Distributor warrants that hardware will conform to the current relevant published specifications and will be free from material defects in material and workmanship under normal use and service.    IN  NO  EVENT  SHALL DISTRIBUTOR  BE LIABLE TO  YOU OR  ANY OTHER  PARTY FOR  ANY DIRECT,  INDIRECT,  GENERAL,  SPECIAL,  INCIDENTAL,  CONSEQUENTIAL,  EXEMPLARY  OR OTHER DAMAGE RISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT (INCLUDING, WITHOUT  LIMITATION,  DAMAGES  FOR  LOSS  OF  BUSINESS  PROFITS,  BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION OR ANY OTHER PECUNIARY LOSS, OR FROM  ANY  BREACH  OF  WARRANTY,  EVEN IF DISTRIBUTOR  HAS  BEEN  ADVISED  OF  THE POSSIBILITY OF SUCH DAMAGES.      IN  NO CASE  SHALL EXCEED THE AMOUNT  YOU PAID FOR THE PRODUCT.  本器材須經專業工程人員安裝及設定,始得設置使用,且不得直接販售給一般消費者
 P.  6  Content Chapter 1 Introduction ........................................................................................... 10 Introduction .................................................................................................................... 10 Key Features .................................................................................................................. 10 Hardware Overview........................................................................................................ 11 Front View ............................................................................................................................... 11 Back View................................................................................................................................ 11 Inside the Bottom Cover......................................................................................................... 12 LED Indicators ...................................................................................................................... 12 Typical Management Scenario ...................................................................................... 13 Hardware Installation ..................................................................................................... 14 Preparation before Installation ..................................................................................... 14 Professional Installation Required ......................................................................................... 14 Safety Precautions ................................................................................................................. 14 Installation Precautions.......................................................................................................... 15 Product Package .................................................................................................................... 15 Hardware Installation ..................................................................................................... 17 Connect up.............................................................................................................................. 17 Using the Grounding Wire ...................................................................................................... 18 Mount the AP on a Pole .......................................................................................................... 19 Power Up ................................................................................................................................. 20 Connect to the Access Point .................................................................................................. 21 Chapter 2 Quick Setup Tutorial ............................................................................. 24 Access the Web Configurator ....................................................................................... 24 Configure the AC+Thin AP mode .................................................................................. 26 Chapter 3 Navigate the Web Configurator ........................................................... 40 Virtual AC+Thin AP Mode .............................................................................................. 40
 P.  7  Status ...................................................................................................................................... 40 View Basic Information .......................................................................................................... 40 View Managed APs ............................................................................................................... 40 View Wireless Users ............................................................................................................. 41 View DHCP Client Table ........................................................................................................ 41 Wireless Settings .................................................................................................................... 42 Wireless Networks (VAP Profiles Settings) ............................................................................ 42 Wireless Protocols ................................................................................................................ 46 Access Control ...................................................................................................................... 48 Traffic Shaping ...................................................................................................................... 49 Radius Settings ..................................................................................................................... 50 TCP/IP Settings .................................................................................................................... 51 Captive Portal ....................................................................................................................... 52 Firewall Settings .................................................................................................................... 54 Management ........................................................................................................................... 57 AP Management ................................................................................................................... 57 System Settings .................................................................................................................... 59 Time Settings ........................................................................................................................ 61 Firmware Upgrade ................................................................................................................ 61 Backup/ Retrieve Settings ..................................................................................................... 62 Restore Factory Default Settings ........................................................................................... 62 Reboot .................................................................................................................................. 63 Password Settings ................................................................................................................ 64 Syslog Setting: ...................................................................................................................... 64 System Log: .......................................................................................................................... 65 System Alert: ......................................................................................................................... 66 Tools ........................................................................................................................................ 66 Ping ...................................................................................................................................... 66 Trace Route .......................................................................................................................... 67
 P.  8  Thin AP Mode ................................................................................................................. 68 Information.............................................................................................................................. 68 Basic Settings ......................................................................................................................... 68 FAT AP Mode .................................................................................................................. 70 Status ...................................................................................................................................... 70 View Basic Information .......................................................................................................... 70 View Association List ............................................................................................................. 70 View Network Flow Statistics ................................................................................................. 71 View ARP Table ..................................................................................................................... 72 View Bridge Table ................................................................................................................. 72 View Active DHCP Client Table .............................................................................................. 72 View Network Activities ......................................................................................................... 73 System .................................................................................................................................... 74 Basic System Settings ........................................................................................................... 74 TCP/IP Settings .................................................................................................................... 75 Time Settings ........................................................................................................................ 77 RADIUS Settings .................................................................................................................. 78 Firewall Settings .................................................................................................................... 79 UDP Pass Through ............................................................................................................... 82 DMZ: ..................................................................................................................................... 82 Wireless .................................................................................................................................. 83 VAP Profile Settings .............................................................................................................. 85 VLAN .................................................................................................................................... 89 Advanced Settings ................................................................................................................ 89 Access Control ...................................................................................................................... 92 Traffic Shaping ...................................................................................................................... 93 Captive Portal ....................................................................................................................... 94 WDS Settings........................................................................................................................ 96 Management ........................................................................................................................... 97
 P.  9  Password .............................................................................................................................. 97 Upgrade Firmware ................................................................................................................ 97 Backup/ Retrieve Settings ..................................................................................................... 98 Restore Factory Default Settings ........................................................................................... 98 Reboot .................................................................................................................................. 99 Remote Management ............................................................................................................ 99 SNMP Management ............................................................................................................ 100 Certificate Settings .............................................................................................................. 102 Tools ...................................................................................................................................... 103 System Log ......................................................................................................................... 103 Ping Watch Dog .................................................................................................................. 103 Appendix A. ASCII ................................................................................................ 105
 P. 10  Chapter 1 Introduction  Introduction The ZAC Series  Access Point  is  a multi-mode  2x2  Access  Point embedded  with  a  software-based virtual  access controller  (VAC) for centrally managing  managed  APs that eliminates  the need for  a separate  hardware controller  to manage  the WLAN.    ZN-7200-2EI  operates  at  2.4GHz  band while ZN-7200-2AEI-L  operates  at  5GHz  band.  Ideally  for  SMB  or  hotspot  network,  this  breakthrough innovation  provides  superior  Wi-Fi  network  solutions  at  significantly  lower  cost  and  easier management. While operating as access point, the ZAC Access Point also provides centralized management and monitoring of all the managed APs on the network.    In addition, the easy-to-install ZAC Access Point is  also  a  high-performance  last-mile  broadband  solution  that  provides  reliable  wireless  network coverage for broadband application.     Key Features   Centralized configuration control for your network   Compliant with IEEE 802.11n standard   Support passive PoE supplied with 24V.   High reliable watertight housing endures almost any harsh environments   Three management modes including AC, AC+Thin AP, Thin AP and Fat AP.   Four  wireless  operation  modes  in  FAT  AP  mode  including  AP,  Wireless  Client,  WDS  and  AP Repeater.   Up to 8 BSSIDs available for service deployment   Support  encryption:  64/128/152-bit  WEP  and  802.1X,  WPA,  WPA2,  WPA&WPA2,WPA-PSK, WPA2-PSK, and WPA-PSK&WPA2-PSK   User-friendly Web and SNMP-based management interface
 P. 11  Hardware Overview Front View   Back View
 P. 12  Inside the Bottom Cover    LED Indicators LED  COLOR  STATUS  DESCRIPTION PWR  Green  On  The device is powered on      Off  The device is not receiving power LAN  Green  On  The device has the Ethernet connection      Off  The device has no Ethernet connection      Blinking  Transmitting/receiving Ethernet packets WLAN  Green  On  The WLAN is active   Off  The WLAN is inactive      Blinking  Transmitting/receiving wireless packets Signal*3  Green  3 LED On  The signal strength is excellent      2 LED On  The signal strength is good   1 LED On  The signal strength is weak
 P. 13  Typical Management Scenario This section describes the typical management of ZAC Access Point.    By default, it is set to thin AP mode  (managed  AP)  which  allows  it  to  be managed  by  the  ZAC  Access  Point  in  AC mode.    The following figure illustrates a ZAC wireless network.      When a thin AP mode joins a wired network, it will start to look for a ZAC Access Point in AC mode.    If the thin  AP founds  the  AP controller on  the network,  it  will  send the  registration request  to the AP controller.    Once the registration is successfully made, the AP that acts as the AP controller will add the thin AP to its management list and provides it configuration information.
 P. 14  Hardware Installation This chapter describes safety precautions and product information you have to know and check before installing the ZAC Access Point.  Preparation before Installation  Professional Installation Required Please  seek  assistance  from  a  professional  installer  who  is  well  trained  in  the  RF  installation  and knowledgeable in the local regulations.  Safety Precautions 1.  To  keep  you  safe  and  install  the  hardware  properly,  please  read  and  follow  these  safety precautions. 2.  If you are installing the  ZAC Access Point for the first  time, for your safety as well as others’, please  seek  assistance  from  a  professional  installer who  has  received  safety  training  on  the hazards involved. 3.  Keep  safety  as  well  as  performance  in  mind  when  selecting  your  installation  site,  especially where there are electric power and phone lines. 4.  When installing the ZAC Access Point, please note the following things:  Do not use a metal ladder;  Do not work on a wet or windy day;  Wear shoes with rubber soles and heels, rubber gloves, long sleeved shirt or jacket. 5.  When the system is operational, avoid standing directly in front of it. Strong RF fields are present when the transmitter is on.
 P. 15  Installation Precautions To keep the ZAC Access Point well while you are installing it, please read and follow these installation precautions.  1.  Users MUST use a proper and well-installed grounding and surge arrestor with the ZAC Access Point; otherwise, a  random lightening could easily  cause  fatal  damage to ZAC Access  Point.   EMD (Lightning) DAMAGE IS NOT COVERED UNDER WARRNTY. 2.  Users MUST use the “Power cord & PoE Injector” shipped in the box with the ZAC Access Point.   Use of other options will likely cause damage to the unit.  Product Package The product package you have received  should contain the following items. If  any of them  are not included or damaged, please contact your local vendor for support.    IEEE 802.11n ZAC Access Point               ×1   Pole Mounting Ring                                                          ×1   24VDC Power cord & PoE Injector                                     ×1   Ferrite Suppression Core                  ×  1   Grounding Wire                      ×1   Product CD                        ×  1     Product CD contains Quick Installation Guide and User Manual.  Note:
 P. 16  Pole Mounting Ring       Ferrite Suppression Core   24VDC Power Cord & PoE Injector     Users MUST use the “Power cord & PoE Injector” shipped in the box with the IEEE 802.11n Wireless Access Point. Use of other options will likely cause damage to  the IEEE 802.11n Wireless Access Point..  Warning:
 P. 17  Hardware Installation Connect up 1.  The bottom of the ZAC Access Point is a movable cover. Grab the cover and pull it back harder to take it out as the figure shown below.     2.  Plug a standard Ethernet cable into the RJ45 port.  3.  Slide the cover back and press down the lock button to seal the bottom of the ZAC Access Point.
 P. 18   Using the Grounding Wire   The ZAC Access Point is equipped with a grounding wire. It is important that the Access Point, cables, and PoE Injector must  be  properly connected  to earth  ground during normal  use against  surges or ESD.       1.  Remove the screw on the grounding point at the bottom of the ZAC Access Point.  2.  Put  the  grounding  wire  on  the  grounding  point  at  the  bottom  of  the  ZAC  Access  Point.    Then screw the grounding wire to tighten up.
 P. 19   3.  Connect the grounding wire to earth ground.   Mount the AP on a Pole   1.  Turn the ZAC Access Point over. Put the pole mounting ring through the middle hole of it. Note that you should unlock the pole mounting ring with a screw driver before putting it through the device as the following right picture shows.  2.  Mount the ZAC Access Point steadily to the pole by locking the pole mounting ring tightly.
 P. 20        Power Up   1.  Connect power cord to the PoE injector as the following right picture shows.  2.  Connect the Ethernet cable that connects the Access Point to the “POE” port of the PoE injector as figured below.
 P. 21   3.  Connect the power plug to a power socket.    The Access Point will be powered up immediately.  Connect to the Access Point To be able to configure and manage the Access Point, please do the followings: Connect to the Access Point To be able to configure and manage the Access Point, please do the followings: 1.  Open  the  ferrite  core  by  unsnapping  the  connector  latches.  The  core  will  open,  revealing  a concave surface.  2.  Lay the Ethernet cable into the core, usually within 2 to 3 inches of the connector.    You may have to  experiment  with  the  final  location  depending  on  the  effectiveness  of  the  high  frequency abatement.
 P. 22   3.  Loop the cable around and through the core.    This helps "lock" the core in place, and may be required in circumstances with severe interference.  4.  Close the core and snap the halves back together.     The ferrite is professionally installed and a shrink wrap has been put around the ferrite so the users CAN’T take the ferrite off. 5.  Connect the Ethernet cable with suppression core to the “Data In” port of the PoE injector. Note:
 P. 23   6.  Connect the other end of Ethernet cable to a PC or a switch hub.    The hardware installation is complete.
 P. 24  Chapter 2 Quick Setup Tutorial Access the Web Configurator The ZAC  Access  Point  provides  you  with  user-friendly Web-based  management interface to  easily manage the access point.   Configure the computer with a static IP address of 192.168.1.x, as the default IP address of the ZAC Access Point is 192.168.1.1. (X cannot be 0, 1, nor 255);   Open Web browser and enter the IP address (Default: 192.168.1.1) of the ZAC Access Point into the address field. You will see the login page as below.
 P. 25    Enter the username (Default: admin) and password (Default: password) respectively and click “Login” to login the main page of the ZAC Access Point.        The  username  and  password  are  case-sensitive,  and  the  password  should  be  no more than 19 characters! Note:
 Chapter 5 Management                                                                       Page 26 Configure the AC+Thin AP mode The ZAC Access Point provides 4 operation modes: “Thin AP”, “Virtual AC”, “Virtual AC+Thin AP ”, as well as “FAT AP”.    The default mode is “Thin AP”.    To allow the ZAC Access Point to manage the thin APs, you need to switch one of the ZAC Access Points to virtual controller mode first. To change the mode, please do the following. Configure the AC+Thin AP mode To operate as AC+Thin AP, go to Basic Settings.    From Device Mode drop-down list, select “Virtual AC”  mode.    If  you  would  like  the  Access  Point  to  perform  as  a  virtual  controller  and  access  point concurrently,  please  select  “Virtual  AC  +  Thin  AP”  mode.    Then  assign  an  IP  address  to  the  ZAC Access Point and specify subnet mask, gateway and DNS address respectively.    Hit Apply and wait for about 50 seconds to take effect.     AC+ Thin AP mode allows the ZAC Access Point to operate as access controller and thin AP concurrently.    To operate as standalone Access Point, wireless client or bridge, please select FAT AP from device mode. Note: Note:
 Chapter 5 Management                                                                       Page 27 For Virtual Controller + Thin AP mode, if you need to configure the wireless settings for the ZAC Access Point especially SSID and encryption method, go to Wireless Settings > Wireless Networks and click on #1 Wireless SSID for configuration.    After the configuration is made, click Save to save the settings.   A dialog message will pop up to remind you changes will also apply to other managed Thin APs.    Click Apply to apply the configuration immediately.      To make profile setting on the ZAC Access Point itself take effect, you need to reboot the AP in controller mode as well.    To reboot the ZAC Access Point, go to Management > Configuration File and click the Reboot button.    The reboot process will take about 50 seconds.
 Chapter 5 Management                                                                       Page 28  Firmware Upgrade for ZAC AP in AC mode To  upgrade  the  firmware  for  the  ZAC  Access  Point  in  controller  mode  when  necessary,  go  to Management > Firmware Upload and from Upgrade AC Firmware, browse the firmware file where it is placed.    Hit Upload to start the upgrade process.    It will take approximately 2 minutes to complete the update.  Install the Managed Thin AP Install and connect the rest of managed  Access Points to your network with Ethernet cables.    Power them up respectively.    They will automatically discover the ZAC Access Point in controller mode and register themselves. To check whether the thin APs are successfully registered or not, enter the web page of the ZAC Access Point master access controller and go to Management > AP Management.    You will see “Registered” in Status column.    Besides registration status, you are able to see other information such as Device Name, MAC address, IP address, FW version, number of clients that associate to each thin AP as well as upload/download speed.
 Chapter 5 Management                                                                       Page 29  Moving the mouse  over MAC address  of  each managed AP will also display relevant  RF information such as channel mode, current channel, antenna being used together with transmit output power.
 Chapter 5 Management                                                                       Page 30 Manage Thin APs To configure and manage the managed APs: 1.  Enter  the  web  page  of  the  ZAC  Access  Point  in  controller  mode  and  go  to  Management  >  AP Management, the following screen shows up.  The  ZAC  Access  Point  AP  in  Virtual  AC+Thin  AP  mode  on  the  list  is  highlighted  in  bold  font.    By selecting it and hitting Radio button, you may check radio setting such as channel bandwidth, channel, antenna and output power.
 Chapter 5 Management                                                                       Page 31 Besides radio setting, you may also reboot the managed AP, change its IP address and perform firmware upgrade for managed AP.  Firmware Upgrade for Managed Thin APs For  firmware  upgrade,  you  may  choose  to  upgrade  the  selected  managed  AP  by  hitting  Upgrade Selected, or do the group upgrade by hitting Upgrade All. Before upgrading the managed AP, you need to locate the new firmware in the ZAC Access Point.    Go to  Management  >  Firmware  Upload, browse the firmware file where it is located,  click  Upload and Click OK.   Then go back to Management > AP Management to do single or group update.
 Chapter 5 Management                                                                       Page 32 Monitor Managed Thin APs To view  each  managed  AP’s  status, please  go to  Status  >  Managed  APs.    Besides  viewing  device information such as device name, MAC address, IP address, and FW version, you may also monitor the wireless clients that are currently associated with the managed APs as well as packets statistics.   Configure the Fat AP mode Fat AP mode operates as standalone AP that cannot be managed by the ZAC Access Point.     To switch from Virtual AC mode to Fat AP mode, go to Management > System Settings.      From the Device Mode drop-down list, select “Fat AP” and hit YES to make the change take effect.  To  switch  from  default  mode  Thin  AP  to  Fat  AP  mode  for  the  first  time  configuration,  go  to  Basic Settings.    From the Device Mode drop-down list, select “Fat AP” and hit YES to make the change take
 Chapter 5 Management                                                                       Page 33 effect.  The  Fat  AP  covers  “AP  mode”,  “Wireless  Client  mode”,  “Bridge  mode”  as  well  as  “AP  Repeater mode”.    For details please refer to the next Chapter. AP Mode     1.  Choose Wireless > Basic Settings. The default is AP mode already. Here, you can change wireless SSID for your public end user. After the configuration is made, click Apply to save the parameters.     In the example here, we only change the “Wireless Network Name (SSID)” as “Join_me”.  Note:
 Chapter 5 Management                                                                       Page 34 2.  If security is required, open Wireless > Profile Setting and click on “Profile 1 Settings” as below.  3.  You  may  configure  the  parameters  like  “Network  Authentication”  and  “Data  Encryption”  for  more secure network communication in your application.    After the configuration is made, click Apply to save the parameters.    4.  To  decrease  the  chances  of  data  retransmission  at  long  distance,  the  ZAC  Access  Point  can automatically  adjust  proper  ACK  timeout  value  by  specifying  distance  between  the  nodes.    By specifying the distance, go to Wireless > Advanced Setting and fill in the number in the Distance field.    If the distance is below 1000 meters, remain the number unchanged.
 Chapter 5 Management                                                                       Page 35   Wireless Client Mode 1.  Go to Wireless > Basic Settings and choose “Wireless Client” from Wireless Mode. Specify the SSID that you would like connect and click Apply to save the configuration.  Besides specifying the SSID manually, you may select the preferable Access Point to connect by clicking  the  “Site  Survey”  button  beside  Wireless  Mode.    Once  the  button  is  pressed,  the wireless client will scan all the available access points within coverage.    Select the one you prefer to connect, and click Select AP to establish the connection.
 Chapter 5 Management                                                                       Page 36   3.  If the AP you connect to require authentication or encryption keys, click Profile Settings in the left column, select the corresponding authentication and encryption options, and click “ Apply” to save configuration.  4.  To check whether the association with the Access Point has been successfully made, go to Status > Connections.    If the connection is established, it will display association information of the Access Point including MAC address, wireless mode, signal strength and connection time.
 Chapter 5 Management                                                                       Page 37 Bridge Mode 1.  Go to Wireless > Basic Settings.    Choose “Bridge” from Wireless Mode, check a clean channel and click Apply to save configuration.  2.  Go to “WDS Settings” in “Wireless”, input the MAC address of the remote bridge to “Remote AP MAC Address 1” field and click “Apply”.       Bridge uses  the WDS protocol that is not  defined as the  standard thus compatibility issues  between  equipment  from  different  vendors  may  arise.    Moreover,  Tree  or  Star shape  network  topology  should  be  used  in  all WDS  use-cases  (i.e.  if  AP2  and  AP3  are specified as the WDS peers of AP1, AP2 should not be specified as the WDS peer of AP3 and AP3 should not be specified as the WDS peer  of AP2 in any case). Mesh  and  Ring network topologies are not supported by WDS and should be avoided in all the use cases.  Note:
 Chapter 5 Management                                                                       Page 38 3.  Repeat the above procedures to configure the remote ZAC bridge. 4.  Enter the actual distance in Space In Meter.    For example, if the distance between the two ZAC bridges is 3 kilometers, enter 3000 in the field.    Click Apply to save configuration.  5.  Use ping to check whether the link between the two bridges is OK. 6.  To check the wireless connectivity, go to Status > Connections.    If the connection is established, it will  display  association  information  of  the  remote  bridge  including  MAC  address,  wireless  mode, signal strength and connection time.   AP Repeater Mode 1.  Go to Wireless > Basic Settings. Choose “AP Repeater” from Wireless Mode, and click Apply to save it.
 Chapter 5 Management                                                                       Page 39  To establish point-to-point  bridge connection, please follow the procedures described in Bridge mode.   To connect the wireless client to the AP, please follow the procedures described in Wireless Client mode.
 Chapter 5 Management                                                                       Page 40 Chapter 3 Navigate the Web Configurator  Virtual AC+Thin AP Mode Status   View Basic Information Open “Information” in “Status” to check the basic information of the ZAC Access Point, which is read only.  Information  includes  system  information,  IP  settings,  and  wireless  network  setting.    Click “Refresh” at the bottom to have the real-time information.   View Managed APs Open  “Managed  APs”  in  “Status”  to  check information  of  managed  AP  such  as  device  name,  MAC address, IP address, numbers of associated clients and uploaded/downloaded packets.    All is read only.   Click “Refresh” at the bottom to update the list.
 Chapter 5 Management                                                                       Page 41   View Wireless Users Open  “Wireless  Users” in  “Status”  to  check  the  information  of  all  the  wireless  clients  such  as  MAC address, SSID of the managed APs that are associated with, signal strength, connection up time, and uploaded/downloaded packets.    All is read only.    Click “Refresh” at the bottom to update the list.   View DHCP Client Table Open “DHCP Clients” in “Status” as below to check the assigned IP address, MAC address and lease time for each DHCP client. Click “Refresh” to update the table.
 Chapter 5 Management                                                                       Page 42   Wireless Settings Wireless Setting allows you to configure wireless parameters, security method, access control and flow control  for  your  ZAC  Access  Point.    Note  that  the  configuration  will  also  apply  on  all  the  other ZAC-managed APs.  Wireless Networks (VAP Profiles Settings) The IEEE 802.11n ZAC Access Point allows up to 8 virtual SSIDs on a single BSSID and to configure different  profile  settings  such  as  security  and  VLAN  ID  to  each SSID.    To  create  a  virtual  AP,  you may check  the  Enable  box  of  the  profile  and  click  on  the  profile  (eg.  Profile  2)  to  configure  wireless  and security settings.    Hit Apply to active the profile.
 Chapter 5 Management                                                                       Page 43   Basic Setting SSID: This wireless network name is shared among all associated devices in your wireless network. Keep it identical on all those devices.    Note that the SSID is case-sensitive and cannot exceed 32 characters. Description: Name of the VAP profile Broadcast  SSID:  In  AP  mode,  hiding  network  name  is  necessary  when  you  are  in  a  wireless environment that may have potential risk. By disabling broadcast SSID, the STA cannot scan and find the  IEEE 802.11n ZAC Access Point,  so that malicious  attack by  some  illegal  STA  could  be avoided. Wireless  Separation:  Wireless  separation  is  an  ideal  way  to  enhance  the  security  of  network transmission.  By  enabling  “Wireless  Separation”  can  prevent  the  communication  among associated wireless clients. WMM Support: WMM (Wi-Fi Multimedia) is a subset of 802.11e. It allows wireless communication to define a priority limit on the basis of data type under AP mode only, thus those time-sensitive data, like video/audio data, may own a higher priority than common one.    To enable WMM, the wireless client should also support it.    By default it is enabled and cannot be disabled in b/g/n mode. Max. Station Number: By default the “Max. Station Num” the ZAC Access Point will only allow up to 32 wireless clients to associate with for better bandwidth for each client.    You may tick the box and enter the preferable limits for maximum client association number.  Security Setting: To  prevent  unauthorized  radios from  accessing  data  transmitting  over  the  connectivity,  the  IEEE
 Chapter 5 Management                                                                       Page 44 802.11a/n ZAC Access Point provides you with rock solid security settings.     Network Authentication Open System: It allows any device to join the network without performing any security check. Shared  Key:  Data  encryption  and  key  are  required for  wireless  authentication  (Not  available  in Bridge/AP Repeater mode). Legacy 802.1x: It provides the rights to access the wireless network and wired Ethernet. With User and  PC  identity,  centralized  authentication  as  well  as  dynamic  key  management,  it  controls  the security risk of wireless network to the lowest. To serve the 802.1x, at least one EAP type should be supported by the RADIUS Server, AP and wireless client.   WPA with RADIUS: Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard.    With warrant (username, password and etc.) offered by user, this kind of authentication can be realized with specific RADIUS server. This is the common way to be adopted in large enterprise network. WPA2 with  RADIUS: WPA2  (IEEE 802.11i)  is a  wireless  security  standard that  defines  stronger encryption, authentication and key management than WPA.    If it is selected, AES encryption and RADIUS server are required. WPA&WPA2 with RADIUS: It provides options of WPA (TKIP) or WPA2 (AES) for the client. If it is selected, the data encryption type must be TKIP + AES and the RADIUS server must be set.  Note:
 Chapter 5 Management                                                                       Page 45   If  Radius  relevant  authentication  type  is  selected,  please  go  to  Wireless  Radius Settings for further radius server configuration.  WPA-PSK:  It  is  a  simplified  WPA  mode  with  no  need  for  specific  authentication  server.  In  this so-called WPA Pre-Shared Key, all you have to do is just pre-enter a key in each WLAN node and this is the common way to be adopted in large and middle enterprise as well as residential network. WPA2-PSK: As a new version of WPA, only all the clients support WPA2, can it be available. If it is selected, the data encryption can only be AES and the passphrase is required. WPA-PSK&WPA2-PSK: Available in AP mode, it provides options of WPA (TKIP) or WPA2 (AES) encryption  for  the  client.  If  it  is  selected,  the  data  encryption  can  only  be  TKIP  +  AES  and  the passphrase is required.  Data Encryption If data encryption is enabled, the key is required and only sharing the same key with other wireless devices can the communication be established. None: Available only when the authentication type is open system. 64 bits WEP: It is made up of 10 hexadecimal numbers. 128 bits WEP: It is made up of 26 hexadecimal numbers. 152 bits WEP: It is made up of 32 hexadecimal numbers. TKIP:  Temporal  Key  Integrity  Protocol,  which  is  a  kind  of  dynamic  encryption,  is  co-used  with WPA-PSK, etc. AES: Advanced Encryption Standard, it is usually co-used with WPA2-PSK, WPA, WPA2, etc. TKIP + AES: It allows for backwards compatibility with devices using TKIP.    We strongly recommend you enable wireless security on your network!   Only  the  same  Authentication,  Data  Encryption  and Key  among  the  IEEE  802.11n ZAC Access Point and wireless clients can the communication be established!  Note:
 Chapter 5 Management                                                                       Page 46  Network Basic Setting:  Network Mode: Specify the network mode.    It includes Bridge and Router. When switch to Router mode, the LAN IP address for web page access will become 192.168.0.99.  Wireless Protocols Allow the user to change 802.11 mode and other advanced parameters for the ZAC Access Point. For the country region, FCC domain will support United States only.
 Chapter 5 Management                                                                       Page 47  Basic Settings Country Region: The availability of some specific channels and/or operational frequency bands is country dependent. For FCC domain, the default country is United States only. 802.11  Mode:  The  IEEE  802.11n  ZAC  Access  Point  can  communicate  with  wireless  devices  of 802.11b/g or 802.11b/g/n.   Data Rate: Usually “Auto” is preferred. Under this rate, the IEEE 802.11n ZAC Access Point will automatically select the highest available rate to transmit. In some cases, however, like where there is no great demand for speed, you can have a relatively-low transmit rate for compromise of a long distance by fixing the data rate.  Advanced Settings  A-MPDU/A-MSDU  Aggregation: The data rate of your AP except wireless client mode could be enhanced  greatly  with  this  option  enabled;  however,  if  your  wireless  clients  don’t  support A-MPDU/A-MSDU aggregation, it is not recommended to enable it. Short  GI:  Under  802.11n  mode,  enable  it  to  obtain  better  data  rate  if  there  is  no  negative compatibility issue. IGMP  Snooping: IGMP snooping is the process of listening to IGMP network traffic. By enabling IGMP  snooping,  the AP will  listen to IGMP membership reports,  queries and leave messages to identify the ports that are members of multicast groups. Multicast traffic will only be forwarded to ports identified as members of the specific multicast group.
 Chapter 5 Management                                                                       Page 48 RIFS: RIFS (Reduced Interframe Spacing) is a means of reducing overhead and thereby increasing network efficiency HT Protect: Enable HT (High Throughput) protect to ensure HT transmission with MAC mechanism. Under 802.11n mode, wireless client can be divided into HT STA and Non-HT STA, among which the one with HT protect enabled gets higher throughput. Preamble  Type:  It  defines  some  details  on  the  802.11  physical  layer.    “Long”  and  “Auto”  are available. RTS Threshold: The  IEEE  802.11n ZAC Access Point sends  RTS  (Request  to  Send) frames to certain receiving station and negotiates the sending of a data frame. After receiving an RTS, that STA responds with a CTS (Clear to Send) frame to acknowledge the right to start transmission. The setting  range  is  0  to  2346  in  byte.    Setting  it  too  low  may  result  in  poor  network  performance. Leave it at its default of 2346 is recommended. Fragmentation  Threshold:  Specify  the  maximum  size  in  byte  for  a  packet  before  data  is fragmented into multiple packets. Setting it too low may result in poor network performance. Leave it at its default of 2346 is recommended. Beacon Interval: Specify the frequency interval to broadcast packets.    Enter a value between 20 and 1024. DTIM Interval: DTIM, which stands for Delivery Traffic Indication Message, is contained in the data packets. It is for enhancing the wireless transmission efficiency. The default is set to 1. Enter a value between 1 and 255. Channel Protection Mode: This is to avoid conflict with other wireless network and boost the ability of  your  device  to  catch  all  802.11g  transmissions.  However,  it  may  decrease  wireless  network performance. Compared to CTS-Self; the transmission amount of CTS-RTS is much lower. Distance: To decrease the chances of data retransmission at long distance, the IEEE 802.11n ZAC Access Point can automatically adjust proper ACK timeout value by specifying distance of the two nodes.  Access Control The Access Control appoints the authority to wireless client on accessing IEEE 802.11n ZAC Access Point, thus a further  security mechanism is provided. This function is available only under AP/Router
 Chapter 5 Management                                                                       Page 49 mode. Open “Access Control” in “Wireless Settings” as below.   Wireless Network: Select the VAP network you would like to enable access control.  Access Control Mode If you select “Allow Listed”, only those clients whose wireless MAC addresses are in the access control list will be able to connect to your AP. While when “Deny Listed” is selected, those wireless clients on the list will not be able to connect the AP.  MAC Address Enter the MAC address of the wireless client that you would like to list into the access control list, click “Apply” then it will be added into the table at the bottom.  Delete Selected/All Check the box before one or more MAC addresses of wireless client(s) that you would like to cancel, and click “Delete Selected” or “Delete All” to cancel that access control rule.  Traffic Shaping It allows the administrator to manage the traffic flow to ensure optimal performance.
 Chapter 5 Management                                                                       Page 50   Enable Traffic Shaping Check this box to control the overall bandwidth for a specific VAP network.  Interface Selection: Select the VAP network you would like to enable traffic shaping.  Outgoing Traffic Rate: To specify maximum outgoing bandwidth to a certain rate in kbit/s. Outgoing Traffic Burst: To specify the buffer size for outgoing traffic that can be sent within a given unit of time.    The  suggested value is 20KBytes. You may just  leave the default value there, and then the connection will be bound to the traffic shaping rule at all times.    You may decrease it to smaller value if the incoming traffic limit is smaller.  Radius Settings RADIUS (Remote Authentication  Dial-In User Service)  is a  server for remote  user authentication  and accounting;  playing  a  central  role  in  the  network  in  providing  the  capabilities  of  authenticating, authorizing, accounting, auditing, alarming and etc. It allows an organization to maintain user profiles in a central database that all remote servers can share.    If 802.1X, WPA(2) is used, you need to configure radius settings. Go to “RADIUS Settings” in “Wireless Settings” to make RADIUS configuration.
 Chapter 5 Management                                                                       Page 51   Authentication RADIUS Server This is for RADIUS authentication. It can communicate with RADIUS through IP Address, Port and Shared Secret. IP Address: Enter the IP address of the Radius Server; Port: Enter the port number of the Radius Server; Shared Secret: This secret, which is composed of no more than 31 characters, is shared by the IEEE 802.11n ZAC Access Point and RADIUS during authentication.  Global-Key Update Check this option and specify the time interval between two global-key updates.    Default is 3600 seconds.  TCP/IP Settings When the Router mode is activated, the TCP/IP Settings will show up in Wireless Settings for user to configure the TCP/IP for the ZAC-managed Access Point.
 Chapter 5 Management                                                                       Page 52   LAN Settings:   IP Address: Specify the IP address for the ZAC-managed Access Point.     Subnet Mask: Specify the Subnet mask for the ZAC-managed Access Point. DHCP Server: Select to enable or disable DHCP server on the ZAC-managed Access Point. DHCP  IP  Address  Range:  When  the  DHCP  Server  is  enabled,  users  may  specify  DHCP  IP Address Range for the ZAC-managed Access Point. DHCP Subnet Mask: Specify the DHCP Subnet Mask for the ZAC-managed Access Point.     Lease Time: Specify the lease time (15-44640 minutes) for the ZAC-managed Access Point.      For  wireless  clients  who  want to access the  unit’s  web page in Router mode,  please type the IP address here in the browser’s address bar to enter the web page.  Captive Portal Captive portal is a management which allows WLAN users to easily and securely access the Internet. Under Router mode, when captive portal is enabled, the IEEE 802.11n ZAC Access Point will redirect the client to go to an authentication web page before browsing Internet web pages.    Captive portals are used on most Wi-Fi hotspots networks.    Therefore, to use captive portal, you need to find the service providers that have the additional services needed to make captive portal work. Note:
 Chapter 5 Management                                                                       Page 53  To enable Captive Portal, check “Captive Portal” and select the VAP network needed for captive portal.  Radius Settings Primary Radius Server: Enter the name or IP address of the primary radius server Secondary Radius Server: Enter the name or IP address of the primary radius server if any. Radius Auth Port: Enter the port number for authentication Radius Acct Port: Enter the port number for billing Radius Shared Secret: Enter the secret key of the radius server   Radius NAS ID: Enter the name of the radius server if any  Radius Administrative-User:   Radius Admin Username: Enter the username of the Radius Administrator Radius Admin Password: Enter the password of the Radius Administrator  Captive Portal UAM Portal URL: Enter the address of the UAM portal server UAM Secret: Enter the secret password between the redirect URL and the Hotspot.
 Chapter 5 Management                                                                       Page 54 Firewall Settings The firewall is a system or group of systems that enforce an access control policy between two networks.   It may also be defined as a mechanism used to protect a trusted network from an un-trusted network.   The  IEEE  802.11n  ZAC  Access  Point  has  capabilities  of  Source  IP  Filtering,  Destination IP  Filtering, Source Port Filtering, Destination Port Filtering, Port Forwarding as well as DMZ.    This is available only under Router Mode.  Source IP Filtering:    You may create and activate a rule that filters a packet based on the source IP address from your local network to Internet.    Check “Enable Source IP Filtering” to activate rule. Local IP Address: Enter the IP address you would like to restrict. Comment: Make comments to record your filtering rule. Click Apply and the IP  address will  be added in the list.    To delete the IP address from filtering, click  Select  checkbox  of the designated IP address and click the  Delete Selected  button.    You may delete all the IP addresses in the list by clicking Delete All.
 Chapter 5 Management                                                                       Page 55  Destination IP Filtering:  You  may  create  and  activate  a rule that filters  a  packet  based  on  the  destination  IP  address  to restrict  the  local  computers  from  accessing  certain  websites.    Check  “Enable  Destination  IP Filtering” to activate rule. Destination IP Address: Enter the IP address to be restricted. Comment: Make comments to record your filtering rule. Click Apply and the IP  address will  be added in the list.    To delete the IP address from filtering, click  Select  checkbox  of  the  designated  destination  IP  address  and  click  the  Delete  Selected button.    You may delete all the IP addresses in the list by clicking Delete All.  Source Port Filtering:    You may create and activate a rule that filters a packet  based on the source port from your local network to Internet.    Check “Enable Source Port Filtering” to activate rule. Port Range: Enter the port range you would like to restrict. Protocol: Select port protocol: Both, TCP, UDP. Comment: Make comments to record your filtering rule.
 Chapter 5 Management                                                                       Page 56 Click Apply and the IP address will be added in the list.    To delete the restricted source ports, click Select checkbox of the designated ports and click the Delete Selected button.    You may delete all the IP addresses in the list by clicking Delete All.   Destination Port Filtering:    You may create and activate a rule that filters a packet based on the destination port from your local network to Internet.    Check “Enable Destination Port Filtering” to activate rule. Port Range: Enter the port range you would like to restrict. Protocol: Select port protocol: Both, TCP, UDP. Comment: Make comments to record your filtering rule. Click Apply and the IP address will be added in the list.    To delete the restricted destination ports, click  Select  checkbox  of  the  designated  ports  and  click  the  Delete  Selected  button.    You  may delete all the IP addresses in the list by clicking Delete All.
 Chapter 5 Management                                                                       Page 57  Port Forwarding:    The  port  forwarding  allows  you  to  automatically  redirect  common  network  services  to  a  specific machine behind  the  NAT firewall. These settings ne are only necessary if you wish to host some sort of server like a web server or mail server on the private local network behind IEEE 802.11n Wireless ZAC Access Point’s NAT firewall.  Management   The IEEE 802.11n ZAC Access  Points can manage  up to  20 ZAC-managed APs.    The ZAC Access Point provides thin AP management for editing the ZAC-managed AP settings, upgrading the firmware and monitoring, etc.  AP Management AP  Management  allows  you  to  configure  and  upgrade  the  ZAC-managed  APs.    Select  the VAP-managed AP you would like to specifically configure.
 Chapter 5 Management                                                                       Page 58 Restart: Restart the selected ZAC-managed AP. Rename: Rename for the selected ZAC-managed AP. Set IP: Assign a static IP address for the selected ZAC-managed AP or obtain the IP address from ZAC Access Point in AC mode.    Default is DHCP client.  Radio: To display the current radio settings such as channel bandwidth, operating channel, antenna and output power for the selected ZAC-managed Access Point.  From  the  AP  Management  list,  move  the  mouse  cursor  to  the  MAC  address  of  the  selected ZAC-managed AP the screen will pop up radio configuration information.
 Chapter 5 Management                                                                       Page 59 Upgrade  Selected:  Upgrade  firmware  for  the  selected  ZAC-managed  AP.    Note  that  you  need  to upload the firmware file into the ZAC Access Point in AC mode prior to firmware upgrade, otherwise a window will pop up saying TAP firmware hasn’t been uploaded.  Upgrade All: Click to upgrade all the ZAC-managed APs simultaneously.   Refresh: Refresh the AP management list manually.   System Settings Allows you to configure device and IP settings for the ZAC Access Point in AC mode.   Device Settings: Device Mode: Three modes are provided: AC+Thin AP, Thin AP, FAT AP.    Select AC+Thin AP to have  the  device  act  as  virtual  access  controller  to  manage  other  ZAC-managed  APs  on  your network.    Select “Thin AP” to have the ZAC Access Point managed by the ZAC AP in AC mode.   Select FAT AP to perform as a standalone AP, neither managing nor managed by other ZAC APs. Device  Name: Specify  the device name, which is composed  of  no more than 15 characters with (0-9), (A-Z), (a-z) or (-). Ethernet Data Rate: Specify the transmission rate of data for Ethernet.    Default is Auto. Spanning Tree: Spanning Tree Protocol (STP) is a link management protocol for AP which provides path redundancy while preventing loops in a network.   STP allows only one active path at a time
 Chapter 5 Management                                                                       Page 60 between the access points but establish the redundant link as a backup if the initial link fails. STP Forward Delay: STP Forward Delay is the time spent in detecting and learning network tree topology state before entering the forward state. Default time value is 1 sec.   IP Address Assignment:  Obtain  IP  Address Automatically: If  a  DHCP  server  exists in  your  network,  you  can  check  this option, thus the IEEE 802.11n ZAC Access Pioint is able to obtain IP settings automatically from the DHCP server.   Use Fixed IP Address: Check this option. You have to specify a static IP address, subnet mask, default gateway and DNS server for the ZAC Access Point manually. Make sure the specified IP address is unique on your network in order to prevent IP conflict.  DHCP Server The  ZAC  Access  Point  in  AC  mode  can  perform  a  DHCP  server  to  assign  IP  address  to  the ZAC-managed APs.    Default is enabled.   DHCP IP Address Range: Specify the IP range. DHCP Subnet Mask: Specify the DHCP Subnet Mask. DHCP Gateway: Specify the gateway address. Lease Time: Specify the DHCP lease time.

Navigation menu