Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
USER MANUAL WAP-EN Series Wireless Access Points
Version 1.2,0 June 2017
FCCComplianceThisequipmenthasbeentestedandfoundtocomplywiththelimitsforaClassBDigitalDevice,pursuanttopart15oftheFCCRules.Theselimitsaredesignedtoprovidereasonableprotectionagainstharmfulinterferenceinaresidentialinstallation.Thisequipmentgenerates,usesandcanradiateradiofrequencyenergyand,ifnotinstalledandusedinaccordancewiththeinstruction,maycauseharmfulinterferencetoradiocommunication.However,thereisnoguaranteethatinterferencewillnotoccurinaparticularinstallation.Ifthisequipmentdoescauseharmfulinterferencetoradioortelevisionreception,whichcanbedeterminedbyturningtheequipmentoffandon,theuserisencouragedtotrytocorrecttheinterferencebyoneormoreofthefollowingmeasures:
• Reorientorrelocatethereceivingantenna• Increasetheseparationbetweentheequipmentandreceiver• Connecttheequipmentintoanoutletonacircuitdifferentfromthattowhichthereceiveris
connected• Consultthedealeroranexperiencedradio/TVtechnicianforhelp.
Thechangesormodificationsnotexpresslyapprovedbythepartyresponsibleforcompliancecouldvoidtheuser'sauthoritytooperatetheequipment.TocomplywiththeFCCRFexposurecompliancerequirements,thisdeviceanditsantennamustnotbeco-locatedoroperatingtoconjunctionwithanyotherantennaortransmitter.Thisequipmentshouldbeinstalledandoperatedwithminimumdistance20cmbetweentheradiator&yourbody.
Copyright
Copyright©2017ComtrendCorporation.Allrightsreserved.TheinformationcontainedhereinisproprietarytoComtrendCorporation.Nopartofthisdocumentmaybetranslated,transcribed,reproduced,inanyform,orbyanymeanswithoutthepriorwrittenconsentofComtrendCorporation.Thisprogramisfreesoftware:youcanredistributeitand/ormodifyitunderthetermsoftheGNUGeneralPublicLicenseaspublishedbytheFreeSoftwareFoundation,eitherversion3oftheLicense,or(atyouroption)anylaterversion.
Thisprogramisdistributedinthehopethatitwillbeuseful,butWITHOUTANYWARRANTY;withouteventheimpliedwarrantyofMERCHANTABILITYorFITNESSFORAPARTICULARPURPOSE.SeetheGNUGeneralPublicLicenseformoredetails.
YoushouldhavereceivedacopyoftheGNUGeneralPublicLicensealongwiththisprogram.Ifnot,seehttp://www.gnu.org/licenses/ NOTE: Thisdocumentissubjecttochangewithoutnotice.
Protect Our Environment
Thissymbolindicatesthatwhentheequipmenthasreachedtheendofitsusefullife,itmustbetakentoarecyclingcenterandprocessedseparatefromdomesticwaste.
Thecardboardbox,theplasticcontainedinthepackaging,andthepartsthatmakeupthisroutercanberecycledinaccordancewithregionallyestablishedregulations.Neverdisposeofthiselectronicequipmentalongwithyourhouseholdwaste;youmaybesubjecttopenaltiesorsanctionsunderthelaw.
TableofContents
Overview.............................................................................................................................................2
I. BrowserBasedConfigurationInterface..........................................................................................3I-1. Information........................................................................................................................................................................................5I-1-1. SystemInformation.....................................................................................................................................................................5I-1-2. WirelessClients............................................................................................................................................................................9I-1-3. WirelessMonitor.......................................................................................................................................................................11I-1-4. Log.................................................................................................................................................................................................13I-2. NetworkSettings............................................................................................................................................................................15I-2-1. LAN-SideIPAddress..................................................................................................................................................................15I-2-2. LANPort........................................................................................................................................................................................17I-2-3. STPManagement.......................................................................................................................................................................17I-2-4. VLAN...............................................................................................................................................................................................18I-3. WirelessSettings............................................................................................................................................................................18I-3-1. 2.4GHz11bgn..............................................................................................................................................................................19I-3-1-1. Basic..............................................................................................................................................................................................20I-3-1-2. Advanced.....................................................................................................................................................................................23I-3-1-3. Security......................................................................................................................................................................................25I-3-1-3-1. NoAuthentication.............................................................................................................................................................26I-3-1-3-2. WEP.........................................................................................................................................................................................27I-3-1-3-3. IEEE802.1x/EAP...................................................................................................................................................................27I-3-1-3-4. WPA-PSK...............................................................................................................................................................................27I-3-1-3-5. WPA-EAP...............................................................................................................................................................................28I-3-1-3-6. AdditionalAuthentication...............................................................................................................................................28I-3-1-4. WDS...............................................................................................................................................................................................30I-3-1-5. GuestNetwork..........................................................................................................................................................................31I-3-2. 5GHz11ac11an............................................................................................................................................................................33I-3-2-1. Basic..............................................................................................................................................................................................33I-3-2-2. Advanced.....................................................................................................................................................................................36I-3-2-3. Security........................................................................................................................................................................................38I-3-2-4. WDS...............................................................................................................................................................................................40I-3-2-5. GuestNetwork..........................................................................................................................................................................41I-3-3. WPS...................................................................................................................................................................................................43I-3-4. RADIUS.............................................................................................................................................................................................45I-3-4-1. RADIUSSettings........................................................................................................................................................................46I-3-4-2. InternalServer...........................................................................................................................................................................48I-3-4-3. RADIUSAccounts......................................................................................................................................................................49I-3-6. WMM................................................................................................................................................................................................55I-3-7. Schedule..........................................................................................................................................................................................57I-3-8. TrafficShaping...............................................................................................................................................................................57
I-4. Management...................................................................................................................................................................................59I-4-1. Admin.............................................................................................................................................................................................59I-4-2. DateandTime.............................................................................................................................................................................62I-4-3. SyslogServer................................................................................................................................................................................64I-4-4. PingTest........................................................................................................................................................................................65I-4-5. I’mHere.........................................................................................................................................................................................65I-4-6. TR-069............................................................................................................................................................................................65I-4-7. wifiXtend.......................................................................................................................................................................................66I-5-1. LEDSettings.................................................................................................................................................................................67I-5-2. UpdateFirmware.......................................................................................................................................................................68I-5-3. Save/RestoreSettings...............................................................................................................................................................69I-5-4. FactoryDefault...........................................................................................................................................................................71I-5-5. Reboot...........................................................................................................................................................................................72
II. Appendix....................................................................................................................................73II-1. ConfiguringyourIPaddress......................................................................................................................................................73II-1-1. WindowsXP................................................................................................................................................................................74II-1-2. WindowsVista...........................................................................................................................................................................76II-1-3. Windows7..................................................................................................................................................................................78II-1-4. Windows8..................................................................................................................................................................................82II-1-5. Mac................................................................................................................................................................................................86II-1-6. Glossary........................................................................................................................................................................................88II-2. ENVIRONMENT&PHYSICAL......................................................................................................................................................91
2
OverviewThedefaultmodeforyourEN-Seriesaccesspointis“APMode”.APModeisaregularaccesspointforyournetwork.SomeEN-SeriesaccesspointscanalsofunctionasanAPController,actingasadesignated“Master”foranarrayof“Slave”accesspoints.(Uptoamaximumof5remoteaccesspoints)ManagedAPModeactslikea“Slave”accesspointinanaccesspointarray.(ControlledbytheAPController“Master”orWLC-6404WirelessAccessPointController)
Theuserinterfacewillchangedependingonwhichmodeisselected.ThismanualwillcovertheAPModefunctionsonly.
{Imagewillvaryslightlyfromdevicemodelstodevicemodels}
{Availablefrequencieswillvaryfromdevicemodelstodevicemodels}
3
I. BrowserBasedConfigurationInterfaceThebrowser-basedconfigurationinterfaceenablesyoutoconfiguretheaccesspoint’sadvancedfeatures.ThedevicefeaturesarangeofadvancedfunctionssuchasMACfiltering,MACRADIUSauthentication,VLANconfigurations,upto16-32SSIDsandmanymore.Toaccessthebrowserbasedconfigurationinterface:1. ConnectacomputertoyouraccesspointusinganEthernetcable.2. Enteryouraccesspoint’sIPaddressintheURLbarofawebbrowser.Ifno
DHCPServicesisdiscovered,theaccesspoint’sdefaultIPaddressis192.168.2.2or192.168.2.1.
3. Youwillbepromptedforausernameandpassword.Thedefault
usernameis“admin”andthedefaultpasswordis“admin”or“1234”,thoughitwasrecommendedthatyouchangethepassword.
Ifyoucannotrememberyourpassword,resettheaccesspointbacktoitsfactorydefaultsettings.RefertotheQuickInstallationGuideforinstructionsonhowtofactoryresetyourdevice.
4. Youwillarriveatthe“SystemInformation”screenshownbelow.
4
5. Usethemenuacrossthetopanddowntheleftsidetonavigate.
6. Click“Apply”tosavechangesandreloadtheaccesspoint,or“Cancel”tocancelchanges.
Pleasewaitafewsecondsfortheaccesspointtoreloadafteryou“Apply”changes,asshownbelow.
7. Refertothefollowingchaptersforfulldescriptionsofthebrowserbased
configurationinterfacefeatures.
5
I-1. Information
Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfiguration.
I-1-1. SystemInformation
The“SystemInformation”pagedisplaysbasicsysteminformationabouttheaccesspoint.
6
7
SystemModel Displaysthemodelnumberoftheaccess
pointProductName Displaystheproductnameforreference,
whichconsistsof“AP”plustheMACaddressUptime Displaysthetotaltimesincethedevicewas
turnedonBootFrom DisplaysinformationforthebootedhardwareVersion DisplaysthefirmwareversionMACAddress Displaystheaccesspoint’sMACaddressManagementVLANID
DisplaysthemanagementVLANID
IPAddress DisplaystheIPaddressofthisdevice.Click“Refresh”toupdatethisvalue
Default Gateway
DisplaystheIPaddressofthedefaultgateway
DNS IPaddressofDNS(DomainNameServer)DHCPServer IPaddressofDHCPServer
WiredLANPortSettingsWiredLANPort SpecifieswhichLANportStatus DisplaysthestatusoftheLANport(connected
ordisconnected)VLANMode/ID DisplaystheVLANmode(taggedoruntagged)
andVLANIDfortheLANport.SeeI-2-3.VLAN
Wireless2.4GHz(5GHz)Status Displaysthestatusofthe2.4GHzor5GHz
wireless(enabledordisabled)MACAddress Displaystheaccesspoint’sMACaddressChannel Displaysthechannelnumberthespecified
wirelessfrequencyisusingforbroadcastTransmitPower Displaysthewirelessradiotransmitpower
levelasapercentage
Wireless2.4GHz(5GHz)/SSID
8
SSID DisplaystheSSIDname(s)forthespecifiedfrequency
AuthenticationMethod
DisplaystheauthenticationmethodforthespecifiedSSID.SeeI-3.WirelessSettings
EncryptionType DisplaystheencryptiontypeforthespecifiedSSID.SeeI-3.WirelessSettings
VLANID DisplaystheVLANIDforthespecifiedSSID.SeeI-2-3.VLAN
AdditionalAuthentication
DisplaystheadditionalauthenticationtypeforthespecifiedSSID.SeeI-3.WirelessSettings
WirelessClientIsolation
DisplayswhetherwirelessclientisolationisinuseforthespecifiedSSID.SeeI-2-3.VLAN
Wireless2.4GHz(5GHz)/WDSStatusMACAddress Displaysthepeeraccesspoint’sMACaddressEncryptionType Displaystheencryptiontypeforthespecified
WDS.SeeI-3-1-4.WDSVLANMode/ID DisplaystheVLANIDforthespecifiedWDS.
SeeI-3-1-4.WDS
Refresh Clicktorefreshallinformation
9
I-1-2. WirelessClients
The“WirelessClients”pagedisplaysinformationaboutallwirelessclients
connectedtotheaccesspointonthe2.4GHzor5GHzfrequency.
RefreshtimeAutoRefreshTime Selectatimeintervalfortheclienttablelistto
automaticallyrefreshManualRefresh Clickrefreshtomanuallyrefreshtheclient
table
2.4GHz(5GHz)WLANClientTableSSID DisplaystheSSIDthattheclientisconnected
toMACAddress DisplaystheMACaddressoftheclientTx Displaysthetotaldatapacketstransmittedby
thespecifiedclientRx Displaysthetotaldatapacketsreceivedby
thespecifiedclientSignal(%) Displaysthewirelesssignalstrengthforthe
10
specifiedclientConnectedTime Displaysthetotaltimethewirelessclienthas
beenconnectedtotheaccesspointIdleTime Clientidletimeisthetimeforwhichtheclient
hasnottransmittedanydatapacketsi.e.isidle
Vendor Thevendoroftheclient’swirelessadapterisdisplayedhere
11
I-1-3. WirelessMonitor
WirelessMonitorisatoolbuiltintotheaccesspointtoscanandmonitorthesurrounding
wirelessenvironment.Selectafrequencyandclick“Scan”todisplayalistofallSSIDswithinrangealongwithrelevantdetailsforeachSSID.
WirelessMonitorSiteSurvey Selectwhichfrequency(orboth)toscan,and
click“Scan”tobeginChannelSurveyResult
Afterascaniscomplete,click“Export”tosavetheresultstolocalstorage
SiteSurveyResultsCh Displaysthechannelnumberusedbythe
specifiedSSIDSSID DisplaystheSSIDidentifiedbythescanMACAddress DisplaystheMACaddressofthewireless
router/accesspointforthespecifiedSSIDSecurity Displaystheauthentication/encryptiontype
ofthespecifiedSSID
12
Signal(%) DisplaysthecurrentsignalstrengthoftheSSID
Type Displaysthe802.11wirelessnetworkingstandard(s)ofthespecifiedSSID
Vendor Displaysthevendorofthewirelessrouter/accesspointforthespecifiedSSID
13
I-1-4. Log
Thesystemlogdisplayssystemoperationinformationsuchasuptimeandconnectionprocesses.Thisinformationisuseful
fornetworkadministrators.
Whenthelogisfull,oldentriesareoverwritten.
Save Clicktosavethelogasafileonyourlocalcomputer
Clear ClearalllogentriesRefresh Refreshthecurrentlog
14
Thefollowinginformation/eventsarerecordedbythelog:! WirelessClient
Connected&disconnectedKeyexchangesuccess&fail
! AuthenticationAuthenticationfailorsuccessful
! Association Successorfail
! WPSM1-M8messagesWPSsuccess
! ChangeSettings! SystemBoot
Displayscurrentmodelname! NTPClient! WiredLink
LANPortlinkstatusandspeedstatus! ProxyARP
ProxyARPmodulestart&stop! Bridge
Bridgestart&stop.! SNMP
SNMPserverstart&stop! HTTP
HTTPstart&stop! HTTPS
HTTPSstart&stop.! SSH
SSH-clientserverstart&stop! Telnet
Telnet-clientserverstartorstop! WLAN(2.4G)
WLAN(2.4G]channelstatusandcountry/regionstatus! WLAN(5G)
WLAN(5G)channelstatusandcountry/regionstatus! ADT
15
I-2. NetworkSettings
Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfiguration.
I-2-1. LAN-SideIPAddress
The“LAN-sideIPaddress”pageallowsyoutoconfigureyouraccesspointonyourLocalArea
Network(LAN).YoucanenabletheaccesspointtodynamicallyreceiveanIPaddressfromyourrouter’sDHCPserveroryoucanspecifyastaticIPaddressforyouraccesspoint,aswellasconfigureDNSservers.
Theaccesspoint’sdefaultIPaddressis192.168.2.2or192.168.2.1.
LAN-sideIPAddressIPAddressAssignment
Select“DHCPClient”foryouraccesspointtobeassignedadynamicIPaddressfromyourrouter’sDHCPserver,orselect“StaticIP”tomanuallyspecifyastatic/fixedIPaddressforyouraccesspoint(below)
IPAddress SpecifytheIPaddresshere.ThisIPaddresswillbeassignedtoyouraccesspointandwill
16
replacethedefaultIPaddressSubnetMask Specifyasubnetmask.Thedefaultvalueis
255.255.255.0DefaultGateway ForDHCPusers,select“FromDHCP”toget
defaultgatewayfromyourDHCPserveror“User-Defined”toenteragatewaymanually.ForstaticIPusers,thedefaultvalueisblank
DHCPuserscanselecttogetDNSservers’IPaddressfromDHCPormanuallyenteravalue.ForstaticIPusers,thedefaultvalueisblank.
PrimaryAddress DHCPuserscanselect“FromDHCP”togetprimaryDNSserver’sIPaddressfromDHCPor“User-Defined”tomanuallyenteravalue.ForstaticIPusers,thedefaultvalueisblank
SecondaryAddress UserscanmanuallyenteravaluewhenDNSserver’sprimaryaddressissetto“User-Defined”
17
I-2-2. LANPort
The“LANPort”pageallowsyoutoconfigurethesettingsforyouraccesspoint’swiredLAN(Ethernet)port.
WiredLANPort IdentifiesLANport1Enable Enable/disableLANportSpeed&Duplex Selectaspeed&duplextypeforLANport,or
usethe“Auto”value.LANportscanoperateupto1000Mbpsandfull-duplexenablessimultaneousdatapacketstransfer/receive
FlowControl Enable/disableflowcontrol.Flowcontrolcanpausenewsessionrequestuntilcurrentdataprocessingiscomplete,inordertoavoiddeviceoverloadsunderheavytraffic
802.3az Enable/disable802.3az.802.3azisanEnergyEfficientEthernetfeaturethatdisablesunusedinterfacestoreducepowerusage
I-2-3. STPManagement
SpanningTreeProtocolisusedtopreventnetworkloops,thusallowingredundantnetworkpaths.
18
I-2-4. VLAN
The“VLAN”(VirtualLocalAreaNetwork)enablesyoutoconfigureVLANsettings.AVLANisalocalareanetworkwhichmapsworkstationsvirtuallyinsteadofphysicallyandallowsyoutogrouptogetherorisolateusersfromeachother.VLANIDs1–4094aresupported.
VLANIDsintherange1–4094aresupported.
VLANInterfaceWiredLANPort/Wireless
IdentifiesLANport1andwirelessSSIDs(2.4GHzor5GHz)
VLANMode Select“TaggedPort”or“UntaggedPort”forLANinterface
VLANID SetaVLANIDforspecifiedinterface,if“UntaggedPort”isselected
ManagementVLANVLANID SpecifytheVLANIDofthemanagementVLAN.
OnlythehostsbelongingtothesameVLANcanmanagethedevice
I-3. WirelessSettings
19
Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfiguration.
I-3-1. 2.4GHz11bgn
The“2.4GHz11bgn”menuallowsyoutoviewandconfigureinformationforyouraccesspoint’s2.4GHzwirelessnetworkacrossfourcategories:Basic,Advanced,SecurityandWDS.
20
I-3-1-1.Basic
The“Basic”screendisplaysbasicsettingsforyouraccesspoint’s2.4GHzWi-Finetwork(s).
21
Wireless Enableordisabletheaccesspoint’s2.4GHzwirelessradio.Whendisabled,no2.4GHzSSIDswillbeactive
Band Selectthewirelessstandardusedfortheaccesspoint.Combinationsof802.11b,802.11g&802.11ncanbeselected
EnableSSIDNumber SelecthowmanySSIDstoenableforthe2.4GHzfrequencyfromthedropdownmenu.Amaximumof16canbeenabled
SSID# EntertheSSIDnameforthespecifiedSSID(upto16).TheSSIDcanconsistofanycombinationofupto32alphanumericcharacters
VLANID SpecifyaVLANIDforeachSSIDAutoChannel Enable/disableautochannelselection.Auto
channelselectionwillautomaticallysetthewirelesschannelfortheaccesspoint’s2.4GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanuallyasshowninthenexttable
AutoChannelRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel
AutoChannelInterval
Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference
ChannelBandwidth Setthechannelbandwidth:20MHz(lowerperformancebutlessinterference),40MHz(higherperformancebutpotentiallyhigherinterference)orAuto(automaticallyselectbasedoninterferencelevel)
BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients
22
Whenautochannelisdisabled,selectawirelesschannelmanually:
Channel Selectawirelesschannelfrom1–11(1-13).ChannelBandwidth Setthechannelbandwidth:20MHz(lower
performancebutlessinterference),40MHz(higherperformancebutpotentiallyhigherinterference)orAuto(automaticallyselectbasedoninterferencelevel)
BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients
23
I-3-1-2.Advanced
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthevaluesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoint.
ContentionSlot Select“Short”or“Long”–thisvalueisusedfor
contentionwindowsinWMM(seeI-3-6.WMM)
PreambleType Setthewirelessradiopreambletype.Thepreambletypein802.11basedwirelesscommunicationdefinesthelengthoftheCRC(CyclicRedundancyCheck)blockforcommunicationbetweentheaccesspointandroamingwirelessadapters.Thedefaultvalueis“ShortPreamble”
GuardInterval Settheguardinterval.Ashorterintervalcanimproveperformance
24
802.11gProtection Enable/disable802.11gprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
802.11nProtection Enable/disable802.11nprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
DTIMPeriod SettheDTIM(deliverytrafficindicationmessage)periodvalueofthewirelessradio.Thedefaultvalueis1
RTSThreshold SettheRTSthresholdofthewirelessradio.Thedefaultvalueis2347
FragmentThreshold
Setthefragmentthresholdofthewirelessradio.Thedefaultvalueis2346
MulticastRate Setthetransferrateformulticastpacketsorusethe“Auto”setting
TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower.Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal
BeaconInterval Setthebeaconintervalofthewirelessradio.Thedefaultvalueis100
Stationidletimeout
Settheintervalforkeepalivemessagesfromtheaccesspointtoawirelessclienttoverifyifthestationisstillalive/active
25
I-3-1-3. Security
Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertopreventunauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsofnumbers,lettersandsymbols,andchangeyourpasswordregularly.
26
SSIDSelection SelectwhichSSIDtoconfiguresecuritysettingsfor
BroadcastSSID EnableordisableSSIDbroadcast.Whenenabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID
WirelessClientIsolation
Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords
LoadBalancing LoadbalancinglimitsthenumberofwirelessclientsconnectedtoanSSID.Setaloadbalancingvalue(maximum50)
AuthenticationMethod
Selectanauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod
AdditionalAuthentication
Selectanadditionalauthenticationmethodfromthedropdownmenuandrefertotheinformationbelow(I-3-1-3-6.)appropriateforyourmethod
I-3-1-3-1. NoAuthentication
Authenticationisdisabledandnopassword/keyisrequiredtoconnecttotheaccesspoint.
Disablingwirelessauthenticationisnotrecommended.Whendisabled,anybodywithinrangecanconnecttoyourdevice’sSSID.
27
I-3-1-3-2. WEP
WEP(WiredEquivalentPrivacy)isabasicencryptiontype.ForahigherlevelofsecurityconsiderusingWPAencryption.
KeyLength Select64-bitor128-bit.128-bitismoresecurethan64-bitandisrecommended
KeyType Choosefrom“ASCII”(anyalphanumericalcharacter0-9,a-zandA-Z)or“Hex”(anycharactersfrom0-9,a-fandA-F)
DefaultKey Selectwhichencryptionkey(1–4below)isthedefaultkey.Forsecuritypurposes,youcansetuptofourkeys(below)andchangethatisthedefaultkey
EncryptionKey1–4
Enteryourencryptionkey/passwordaccordingtotheformatyouselectedabove
I-3-1-3-3. IEEE802.1x/EAP
KeyLength Select64-bitor128-bit.128-bitismoresecurethan64-bitandisrecommended
I-3-1-3-4. WPA-PSK
WPA-PSKisasecurewirelessencryptiontypewithstrongdataprotectionanduserauthentication,utilizing128-bitencryptionkeys.
WPAType SelectfromWPA/WPA2MixedMode-PSK,WPA2orWPAonly.WPA2issaferthanWPAonly,butnotsupportedbyallwirelessclients.Pleasemakesureyourwirelessclientsupportsyourselection
Encryption Select“TKIP/AESMixedMode”or“AES”encryptiontype
KeyRenewalInterval
Specifyafrequencyforkeyrenewalinminutes
Pre-SharedKey Choosefrom“Passphrase”(8–63
28
Type alphanumericcharacters)or“Hex”(upto64charactersfrom0-9,a-fandA-F)
Pre-SharedKey Pleaseenterasecuritykey/passwordaccordingtotheformatyouselectedabove
I-3-1-3-5. WPA-EAP
WPAType SelectfromWPA/WPA2MixedMode-EAP,WPA2-EAPorWPA-EAP
Encryption Select“TKIP/AESMixedMode”or“AES”encryptiontype
KeyRenewalInterval
Specifyafrequencyforkeyrenewalinminutes
WPA-EAPmustbedisabledtouseMAC-RADIUSauthentication.
I-3-1-3-6. AdditionalAuthentication
Additionalwirelessauthenticationmethodscanalsobeused:MACAddressFilterRestrictwirelessclientsaccessbasedonMACaddressspecifiedintheMACfiltertable.
SeeI-3-5.MACFiltertoconfigureMACfiltering.MACFilter&MAC-RADIUSAuthenticationRestrictwirelessclientsaccessusingbothoftheaboveMACfiltering&RADIUSauthenticationmethods.MAC-RADIUSAuthenticationRestrictwirelessclientsaccessbasedonMACaddressviaaRADIUSserver,orpasswordauthenticationviaaRADIUSserver.
SeeI-3-4.RADIUStoconfigureRADIUSservers.
WPSmustbedisabledtouseMAC-RADIUSauthentication.SeeI-3-3.forWPSsettings.
29
MACRADIUSPassword
SelectwhethertouseMACaddressorpasswordauthenticationviaRADIUSserver.Ifyouselect“Usethefollowingpassword”,enterthepasswordinthefieldbelow.Thepasswordshouldmatchthe“SharedSecret”usedinI-3-4.RADIUS.
SmartHandoverEnableSmartHandovertoconfigureanRSSIThreshold. TheRSSIThresholdisthesignalstrengthinwhichawirelessclienthandoffwilloccur. Thehigherthenumber,thestrongerthesignal.
30
I-3-1-4.WDS
WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogetherinanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.
WhenusingWDS,configuretheIPaddressofeachaccesspointtobeinthesamesubnetandensurethereisonlyoneactiveDHCPserveramongconnectedaccesspoints,preferablyontheWANside.
WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.Allaccesspointsshouldusethesamewirelesschannelandencryptionmethod.
31
2.4GHzWDSFunctionality Select“WDSwithAP”touseWDSwithaccess
pointor“DedicatedWDS”touseWDSandalsoblockcommunicationwithregularwirelessclients.WhenWDSisused,eachaccesspointshouldbeconfiguredwithcorrespondingMACaddresses,wirelesschannelandwirelessencryptionmethod
LocalMACAddress DisplaystheMACaddressofyouraccesspoint
WDSPeerSettingsWDS# EntertheMACaddressforuptofourother
WDSdevicesyouwishtoconnect
WDSVLANVLANMode SpecifytheWDSVLANmodeto“Untagged
Port”or“TaggedPort”VLANID SpecifytheWDSVLANIDwhen“Untagged
Port”isselectedabove
WDSEncryptionmethodEncryption Selectwhethertouse“None”or“AES”
encryptionandenterapre-sharedkeyforAESconsistingof8-63alphanumericcharacters
I-3-1-5.GuestNetwork
The“GuestNetwork”pageallowsyoutoconfigureaguestnetworkthatwillhaveaLayer-3IPFilterappliedtoalltrafficpassingthroughthespecificSSID.
WhenusingaGuestNetwork,TrafficShapingandIPFiltersettingswillbeappliedtoalltrafficpassingthroughtheGuestNetworkSSID.
32
GuestNetwork2.4GHzSSID SelecttheSSIDthatyouwanttoapplythe
GuestNetworksettingstoGuestNetwork EnableorDisableGuestNetworksettingsGuestAccessPolicyTrafficShaping Select“Enable”toapplybandwidthlimitations
onthe“Downlink”and“Uplink”performanceontheGuestNetwork
FilteringSettings Select“Allow”or“Deny”toapplyIPFilteringtothetrafficontheGuestNetwork. ProvidetheIPandSubnetMaskyouwanttoapplyasafilter. Upto3IPFiltersaresupported
33
I-3-2. 5GHz11ac11an
The“5GHz11ac11an”menuallowsyoutoviewandconfigureinformationforyouraccesspoint’s5GHzwirelessnetworkacrossfourcategories:Basic,Advanced,SecurityandWDS.
I-3-2-1.Basic
The“Basic”screendisplaysbasicsettingsforyouraccesspoint’s5GHzWi-Finetwork(s).
Wireless Enableordisabletheaccesspoint’s5GHzwirelessradio.Whendisabled,no5GHzSSIDswillbeactive
Band Selectthewirelessstandardusedforthe
34
accesspoint.Combinationsof802.11a,802.11n&802.11accanbeselected
EnableSSIDNumber SelecthowmanySSIDstoenableforthe5GHzfrequencyfromthedropdownmenu.Amaximumof16canbeenabled
SSID# EntertheSSIDnameforthespecifiedSSID(upto16).TheSSIDcanconsistofanycombinationofupto32alphanumericcharacters
VLANID SpecifyaVLANIDforeachSSIDAutoChannel Enable/disableautochannelselection.Auto
channelselectionwillautomaticallysetthewirelesschannelfortheaccesspoint’s5GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanuallyasshowninthenexttable
AutoChannelRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel
AutoChannelInterval
Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference
ChannelBandwidth Setthechannelbandwidth:20MHz(lowerperformancebutlessinterference),Auto40/20MHzorAuto80/40/20MHz(automaticallyselectbasedoninterferencelevel)
BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients
Whenautochannelisdisabled,selectawirelesschannelmanually:
Channel Selectawirelesschannel.ChannelBandwidth Setthechannelbandwidth:20MHz(lower
performancebutlessinterference),Auto40/20MHzorAuto80/40/20MHz(automaticallyselectbasedoninterferencelevel)
35
BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients
36
I-3-2-2.Advanced
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthevaluesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoint.
GuardInterval Settheguardinterval.Ashorterintervalcan
improveperformance802.11nProtection Enable/disable802.11nprotection,which
increasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
DTIMPeriod SettheDTIM(deliverytrafficindicationmessage)periodvalueofthewirelessradio.Thedefaultvalueis1
RTSThreshold SettheRTSthresholdofthewirelessradio.Thedefaultvalueis2347
FragmentThreshold
Setthefragmentthresholdofthewirelessradio.Thedefaultvalueis2346
MulticastRate Setthetransferrateformulticastpacketsorusethe“Auto”setting
37
TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower.Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal
BeaconInterval Setthebeaconintervalofthewirelessradio.Thedefaultvalueis100
Stationidletimeout
Settheintervalforkeepalivemessagesfromtheaccesspointtoawirelessclienttoverifyifthestationisstillalive/active
38
I-3-2-3.Security
Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).Whendataisencrypted,informationtransmittedwirelessly
cannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertopreventunauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsofnumbers,lettersandsymbols,andchangeyourpasswordregularly.
SSIDSelection SelectwhichSSIDtoconfiguresecuritysettings
forBroadcastSSID EnableordisableSSIDbroadcast.When
enabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID
39
WirelessClientIsolation
Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords
LoadBalancing LoadbalancinglimitsthenumberofwirelessclientsconnectedtoanSSID.Setaloadbalancingvalue(maximum50)
AuthenticationMethod
Selectanauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod
AdditionalAuthentication
Selectanadditionalauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod
PleasereferbacktoI-3-1-3. Securityformoreinformationonauthenticationandadditionalauthenticationtypes.SmartHandoverEnableSmartHandovertoconfigureanRSSIThreshold. TheRSSIThresholdisthesignalstrengthinwhichawirelessclienthandoffwilloccur. Thehigherthenumber,thestrongerthesignal.
40
I-3-2-4.WDS
WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogetherinanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.
WhenusingWDS,configuretheIPaddressofeachaccesspointtobeinthesamesubnetandensurethereisonlyoneactiveDHCPserveramongconnectedaccesspoints,preferablyontheWANside.
WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.Allaccesspointsshouldusethesamewirelesschannelandencryptionmethod.
5GHzWDSMode
41
WDSFunctionality Select“WDSwithAP”touseWDSwithaccesspointor“DedicatedWDS”touseWDSandalsoblockcommunicationwithregularwirelessclients.WhenWDSisused,eachaccesspointshouldbeconfiguredwithcorrespondingMACaddresses,wirelesschannelandwirelessencryptionmethod
LocalMACAddress DisplaystheMACaddressofyouraccesspoint
WDSPeerSettingsWDS# EntertheMACaddressforuptofourother
WDAdevicesyouwishtoconnect
WDSVLANVLANMode SpecifytheWDSVLANmodeto“Untagged
Port”or“TaggedPort”VLANID SpecifytheWDSVLANIDwhen“Untagged
Port”isselectedabove
WDSEncryptionEncryption Selectwhethertouse“None”or“AES”
encryptionandenterapre-sharedkeyforAESwith8-63alphanumericcharacters
I-3-2-5.GuestNetwork
The“GuestNetwork”pageallowsyoutoconfigureaguestnetworkthatwillhaveaLayer-3IPFilterappliedtoalltrafficpassingthroughthespecificSSID.
WhenusingaGuestNetwork,TrafficShapingandIPFiltersettingswillbeappliedtoalltrafficpassingthroughtheGuestNetworkSSID.
42
GuestNetwork5GHzSSID SelecttheSSIDthatyouwanttoapplythe
GuestNetworksettingstoGuestNetwork EnableorDisableGuestNetworksettingsGuestAccessPolicyTrafficShaping Select“Enable”toapplybandwidthlimitations
onthe“Downlink”and“Uplink”performanceontheGuestNetwork
FilteringSettings Select“Allow”or“Deny”toapplyIPFilteringtothetrafficontheGuestNetwork. ProvidetheIPandSubnetMaskyouwanttoapplyasafilter. Upto3IPFiltersaresupported
43
I-3-3.WPS
Wi-FiProtectedSetupisasimplewaytoestablishconnectionsbetweenWPS
compatibledevices.WPScanbeactivatedoncompatibledevicesbypushingaWPSbuttononthedeviceorfromwithinthedevice’sfirmware/configurationinterface(knownasPBCor“PushButtonConfiguration”).WhenWPSisactivatedinthecorrectmannerandatthecorrecttimefortwocompatibledevices,theywillautomaticallyconnect.“PINcodeWPS”isavariationofPBCwhichincludestheadditionaluseofaPINcodebetweenthetwodevicesforverification.
Pleaserefertomanufacturer’sinstructionsforyourotherWPSdevice.
44
WPS Check/uncheckthisboxtoenable/disableWPSfunctionality.WPSmustbedisabledwhenusingMAC-RADIUSauthentication(seeI-3-1-3-6&I-3-4)
ProductPIN DisplaystheWPSPINcodeofthedevice,used
forPINcodeWPS.YouwillberequiredtoenterthisPINcodeintoanotherWPSdeviceforPINcodeWPS.Click“GeneratePIN”togenerateanewWPSPINcode
Push-ButtonWPS Click“Start”toactivateWPSontheaccesspointforapproximately2minutes.Thishasthesameeffectasphysicallypushingtheaccesspoint’sWPSbutton
WPSbyPIN EnterthePINcodeofanotherWPSdeviceandclick“Start”toattempttoestablishaWPSconnectionforapproximately2minutes
WPSStatus WPSsecuritystatusisdisplayedhere.Click
“Release”tocleartheexistingstatus
45
I-3-4.RADIUS
TheRADIUSsubmenuallowsyoutoconfiguretheaccesspoint’sRADIUSserversettings,categorized
intothreesubmenus:RADIUSsettings,InternalServerandRADIUSaccounts.ARADIUSserverprovidesuser-basedauthenticationtoimprovesecurityandofferwirelessclientcontrol–userscanbeauthenticatedbeforegainingaccesstoanetwork.Theaccesspointcanutilizebothaprimaryandsecondary(backup)RADIUSserverforeachofitswirelessfrequencies(2.4GHz&5GHz).ExternalRADIUSserverscanbeusedortheaccesspoint’sinternalRADIUSservercanbeused.
TouseRADIUSservers,goto“WirelessSettings”! “Security”andselectthedesiredAuthenticationMethod! “AdditionalAuthentication”andselect“MACRADIUSAuthentication”(seeI-3-1-3.&I-3-2-3).The“MACRADIUSAuthentication”featureworkswithanexternalRADIUSServerOnly.
46
I-3-4-1.RADIUSSettings
ConfiguretheRADIUSserversettingsfor2.4GHz&5GHz.Eachfrequencycanusea
primaryandsecondary(backup)RADIUSserver.
47
RADIUSType Select“Internal”tousetheaccesspoint’sbuilt-inRADIUSserveror“external”touseanexternalRADIUSserver
RADIUSServer EntertheRADIUSserverhostIPaddress
AuthenticationPort
SettheUDPportusedintheauthenticationprotocoloftheRADIUSserver.Valuemustbebetween1–65535
SharedSecret Enterasharedsecret/passwordbetween1–99charactersinlength.Thisshouldmatchthe“MAC-RADIUS”passwordusedinI-3-1-3-6orI-3-2-3
SessionTimeout Setadurationofsessiontimeoutinsecondsbetween0–86400
Accounting EnableordisableRADIUSaccounting
48
AccountingPort Whenaccountingisenabled(above),settheUDPportusedintheaccountingprotocoloftheRADIUSserver.Valuemustbebetween1–65535
I-3-4-2.InternalServer
TousetheInternalRadiusServerasanadditionalauthentication,configurethe
“AuthenticationMethod”in“WirelessSettings/Security”to“IEEE802.1x/EAP”. Leave“AdditionalAuthentication”setto“Noadditionalauthentication”.Click“Apply”tosavesettings.(Exampleimagebelow)
Next,Under“Radius/RadiusSettings”,Select“Internal”forRadiusType. Click“Apply”tosavesettings. (Exampleimagebelow)
49
Under“Radius/InternalServer”,checkthe“Enable”boxnextto“InternalServer”. Select“PEAP(MS-PEAP)”for“EAPInternalAuthentication”. Enternumbersorcharactersinthefield“SharedSecret”. Set“Termination-Action”optionto“Re-authentication(Radius-Request).” Click“Apply”tosavechanges.(Exampleimagebelow)
I-3-4-3.RADIUSAccounts
DothefollowingtoaddRadiusUserNamesandconfigurepasswords. Under“Radius/RadiusAccounts”,entera“UserName”inthewindowandclick“Add”.(Exampleimagebelow)
50
51
Selectthe“UserName”fromthe“UserRegistrationList”andselect“Edit”.(Exampleimagebelow)
Enterapasswordfortheselected“User”. Click“Apply”tosavechanges.(Exampleimagebelow)
YouraccesspointisnowsetuptoauthenticateUserswiththeInternalRadiusServer.
52
WirelessClientConfigurationforRadiusConnectiononWindows7(Example)
1. Goto“ControlPanel/NetworkandSharingCenter/ManageWirelessNetwork”.
2. Click“Add”onthe“Managewirelessnetworksthseuse(WirelessConnection)”
screen.
3. Click“Manuallycreateanetworkprofile”.
4. Enterthe“NetworkName”whichyouwanttoconnectto.TheNetworkNameis
theSSIDfortheRadiusconnection.Intheexamplesabove,thenetworknameused
is“Internal-Radius”.
5. Adjustthe“SecurityType”to“802.1x”.Click“Next”.
6. Click“ChangeConnectionSettings”.
7. Clickthe“Security”tabandthen“Settings”.
8. Uncheck“Validateservercertificate”.
9. Click“Configure”nextto“Securedpassword(EAP-MSCHAPv2)”.
10. Uncheck“AutomaticallyusemyWindowsLogonnameandpassword”.
11. Click“OK”tocloseallwindows.
12. SelecttheRadiusNetworkandClick“Connect”.
13. Youwillreceiveapopupmessagestating“Additionalinformationisneededto
conenct“.
14. Clickonthemessagetocontinue.
15. EntertheUsernameandpasswordyoucreatedinthe“WindowsSecurity”
window.
16. Click“OK”.
17. YourconnectiontotheSSIDwithRadiusAuthenticationisnow“Connected”.
53
I-3-5. MACFilterMacfilteringisasecurityfeaturethatcanhelptopreventunauthorizedusersfromconnectingtoyouraccesspoint.Thisfunctionallowsyoutodefinealistofnetworkdevicespermittedtoconnecttotheaccesspoint.DevicesareeachidentifiedbytheiruniqueMACaddress.IfadevicewhichisnotonthelistofpermittedMACaddressesattemptstoconnecttotheaccesspoint,itwillbedenied.
ToenableMACfiltering,goto“WirelessSettings”! “2.4GHz11bgn/5GHz11ac11an”!“Security”!“AdditionalAuthentication”andselect“MACFilter”(seeI-3-1-3.&I-3-2-3).
TheMACaddressfilteringtableisdisplayedbelow:
AddMACAddress EnteraMACaddressofcomputerornetwork
devicemanuallye.g.‘aa-bb-cc-dd-ee-ff’orentermultipleMACaddressesseparatedwithcommas,e.g.‘aa-bb-cc-dd-ee-ff,
54
aa-bb-cc-dd-ee-gg’ Add Click“Add”toaddtheMACaddresstothe
MACaddressfilteringtable Reset Clearallfields
MACaddressentrieswillbelistedinthe“MACAddressFilteringTable”.Selectanentryusingthe“Select”checkbox.
Select DeleteselectedorallentriesfromthetableMACAddress TheMACaddressislistedhereDeleteSelected DeletetheselectedMACaddressfromthelistDeleteAll DeleteallentriesfromtheMACaddress
filteringtableExport Click“Export”tosaveacopyoftheMAC
filteringtable.Anewwindowwillpopupforyoutoselectalocationtosavethefile
55
I-3-6. WMM
Wi-FiMultimedia(WMM)isaWi-FiAllianceinteroperabilitycertificationbasedontheIEEE802.11estandard,whichprovidesQualityofService(QoS)featurestoIEEE802.11networks.WMMprioritizestrafficaccordingtofourcategories:background,besteffort,videoandvoice.
ConfiguringWMMconsistsofadjustingparametersonqueuesfordifferentcategoriesofwirelesstraffic.Trafficissenttothefollowingqueues:Background Low
PriorityHighthroughput,nontimesensitivebulkdatae.g.FTP
BestEffort MediumPriority
TraditionalIPdata,mediumthroughputanddelay
Video HighPriority
Timesensitivevideodatawithminimumtimedelay
Voice HighPriority
TimesensitivedatasuchasVoIPandstreamingmediawithminimumtimedelay
Queuesautomaticallyprovideminimumtransmissiondelaysforvideo,voice,multimediaandcriticalapplications.Thevaluescanfurtherbeadjustedmanually:
CWMin MinimumContentionWindow(milliseconds):
56
Thisvalueisinputtotheinitialrandombackoffwaittimealgorithmforretryofadataframetransmission.Thebackoffwaittimewillbegeneratedbetween0andthisvalue.Iftheframeisnotsent,therandombackoffvalueisdoubleduntilthevaluereachesthenumberdefinedbyCWMax(below).TheCWMinvaluemustbelowerthantheCWMaxvalue.Thecontentionwindowschemehelpstoavoidframecollisionsanddeterminepriorityofframetransmission.Ashorterwindowhasahigherprobability(priority)oftransmission
CWMax MaximumContentionWindow(milliseconds):Thisvalueistheupperlimittorandombackoffvaluedoubling(seeabove)
AIFSN ArbitrationInter-FrameSpace(milliseconds):SpecifiesadditionaltimebetweenwhenachannelgoesidleandtheAP/clientsendsdataframes.TrafficwithalowerAIFSNvaluehasahigherpriority
TxOP TransmissionOpportunity(milliseconds):ThemaximumintervaloftimeanAP/clientcantransmit.Thismakeschannelaccessmoreefficientlyprioritized.Avalueof0meansonlyoneframepertransmission.Agreatervalueeffectshigherpriority
57
I-3-7. Schedule
ScheduleallowsanadministratortocreateaschedulefortheWirelessAccessPoint.Thisfeatureiscommonlyusedtodisablethewirelessduringnon-businesshoursoranyothertimesensitiveapplication.
Onceenabled,anindependentscheduleforboththe2.4GHzand5GHzbandcanbecreated.
I-3-8. TrafficShaping
TrafficShapingallowsanadministratortolimitthebandwidthavailabletoeachSSID.Providingavaluebetween0-1024Mbps.Avalueof“0”indicatesunlimitedbandwidth.
58
59
I-4. Management
Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfiguration.
I-4-1. Admin
Youcanchangethepasswordusedtologintothebrowser-basedconfigurationinterfacehere.Itisadvisedtodosoforsecuritypurposes.
Ifyouchangetheadministratorpassword,pleasemakeanoteofthenewpassword.Intheeventthatyouforgetthispasswordandareunabletologintothebrowserbasedconfigurationinterface,seeI-5.Resetforhowtoresettheaccesspoint.
60
AccounttoManageThisDeviceAdministratorName
Settheaccesspoint’sadministratorname.Thisisusedtologintothebrowserbasedconfigurationinterfaceandmustbebetween4-16alphanumericcharacters(casesensitive)
AdministratorPassword
Settheaccesspoint’sadministratorpassword.Thisisusedtologintothebrowserbasedconfigurationinterfaceandmustbebetween4-32alphanumericcharacters(casesensitive)
AdvancedSettingsProductName Edittheproductnameaccordingtoyour
preferenceconsistingof1-32alphanumericcharacters.Thisnameisusedforreferencepurposes
61
ManagementProtocol
Check/unchecktheboxestoenable/disablespecifiedmanagementinterfaces(seebelow).WhenSNMPisenabled,completetheSNMPfieldsbelow
SNMPVersion SelectSNMPversionappropriateforyourSNMPmanager
SNMPGetCommunity
EnteranSNMPGetCommunitynameforverificationwiththeSNMPmanagerforSNMP-GETrequests
SNMPSetCommunity
EnteranSNMPSetCommunitynameforverificationwiththeSNMPmanagerforSNMP-SETrequests
SNMPTrap EnableordisableSNMPTraptonotifySNMPmanagerofnetworkerrors
SNMPTrapCommunity
EnteranSNMPTrapCommunitynameforverificationwiththeSNMPmanagerforSNMP-TRAPrequests
SNMPTrapManager
SpecifytheIPaddressorsevername(2-128alphanumericcharacters)oftheSNMPmanager
HTTPInternetbrowserHTTPprotocolmanagementinterfaceHTTPSInternetbrowserHTTPSprotocolmanagementinterfaceTELNETClientterminalwithtelnetprotocolmanagementinterfaceSSHClientterminalwithSSHprotocolversion1or2managementinterfaceSNMPSimpleNetworkManagementProtocol.SNMPv1,v2&v3protocolsupported.SNMPv2canbeusedwithcommunitybasedauthentication.SNMPv3usesuser-basedsecuritymodel(USM)architecture.
62
I-4-2. DateandTime
Youcanconfigurethetimezonesettingsofyouraccesspointhere.Thedateandtimeofthedevicecanbeconfiguredmanuallyorcanbesynchronizedwithatimeserver.
DateandTimeSettingsLocalTime Settheaccesspoint’sdateandtimemanually
usingthedropdownmenusAcquireCurrentTimefromyourPC
Click“AcquireCurrentTimefromYourPC”toentertherequiredvaluesautomaticallyaccordingtoyourcomputer’scurrenttimeanddate
NTPTimeServerUseNTP TheaccesspointalsosupportsNTP(Network
TimeProtocol)forautomatictimeanddatesetup
ServerName EnterthehostnameorIPaddressofthetime
63
serverifyouwishUpdateInterval Specifyafrequency(inhours)fortheaccess
pointtoupdate/synchronizewiththeNTPserver
TimeZoneTimeZone Selectthetimezoneofyourcountry/region.If
yourcountry/regionisnotlisted,pleaseselectanothercountry/regionwhosetimezoneisthesameasyours
64
I-4-3. SyslogServer
Thesystemlogcanbesenttoaserver,storedonanattachedUSBdeviceoremailed.
TransferLogs Check/unchecktheboxtoenable/disabletheuseofasyslogserver,andenterahostname,domainorIPaddressfortheserver,consistingofupto128alphanumericcharacters
65
I-4-4. PingTest
The“PingTest”willsendacontinuousPingtotheIPAddressspecified. ResultsarepostedinthedialogboxbelowtheDestinationAddressExecutionwindow.
I-4-5. I’mHere
Theaccesspointfeaturesabuilt-inbuzzerwhichcansoundoncommandusingthe“I’mHere”page.Thisisusefulfornetworkadministratorsandengineersworkingincomplexnetworkenvironmentstolocatetheaccesspoint.
Thebuzzerisloud!
DurationofSound Setthedurationforwhichthebuzzerwillsoundwhenthe“SoundBuzzer”buttonisclicked.
SoundBuzzer Activatethebuzzersoundfortheabovespecifieddurationoftime.
I-4-6. TR-069
TR-069allowsanadministratortoconnectthewirelessaccesspointtoaremoteACSsystem.ProvidethedestinationandlogincredentialstotheACSsystem.
66
I-4-7. wifiXtend
EnableandDisableWifiXtendhere. WifiXtendisafeaturethatallowsaComtrendGatewaytosharetheprimarywirelessSSIDandPasswordwitharemotewirelessaccesspoint.
67
I-5. Advanced
Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfiguration.
I-5-1. LEDSettings
Theaccesspoint’sLEDscanbemanuallyenabledordisabledaccordingtoyour
preference.
PowerLED Selectonoroff.DiagLED Selectonoroff.
68
I-5-2. UpdateFirmware
The“Firmware”pageallowsyoutoupdatethesystemfirmwaretoamorerecentversion.Updatedfirmwareversionsoften
offerincreasedperformanceandsecurity,aswellasbugfixes.YoucandownloadthelatestfirmwarefromtheComtrendwebsite.
Donotswitchoffordisconnecttheaccesspointduringafirmwareupgrade,asthiscoulddamagethedevice.
UpdateFirmwareFrom
Select“afileonyourPC”touploadfirmwarefromyourlocalcomputer
FirmwareUpdateFile Click“Browse”toopenanewwindowtolocateandselectthefirmwarefileinyourcomputer
Update Click“Update”touploadthespecifiedfirmwarefiletoyouraccesspoint
69
I-5-3. Save/RestoreSettings
Theaccesspoint’s“Save/RestoreSettings”pageenablesyoutosave/backuptheaccesspoint’scurrentsettingsasafiletoyourlocalcomputer,andrestoretheaccesspointtopreviouslysavedsettings.
Save/RestoreSettingsUsingDevice Select“UsingyourPC”tosavetheaccess
point’ssettingstoyourlocalcomputer
SaveSettingstoPCSaveSettings Click“Save”tosavesettingsandanew
windowwillopentospecifyalocationtosavethesettingsfile.Youcanalsocheckthe“Encrypttheconfigurationfilewithapassword”boxandenterapasswordtoprotectthefileinthefieldunderneath,ifyouwish
RestoreSettingsfromPC
70
RestoreSettings Clickthebrowsebuttontofindapreviouslysavedsettingsfileonyourcomputer,thenclick“Restore”toreplaceyourcurrentsettings.Ifyoursettingsfileisencryptedwithapassword,checkthe“Openfilewithpassword”boxandenterthepasswordinthefieldunderneath
71
I-5-4. FactoryDefault
Iftheaccesspointmalfunctionsorisnotresponding,thenitisrecommendedthatyourebootthedevice(seeI-5.5)orresetthedevicebacktoitsfactorydefaultsettings.Youcanresettheaccesspointbacktoitsdefaultsettingsusingthisfeatureifthelocationoftheaccesspointisnotconvenienttoaccesstheresetbutton.
FactoryDefault Click“FactoryDefault”torestoresettingstothefactorydefault.Apop-upwindowwillappearandaskyoutoconfirm
Afterresettingtofactorydefaults,pleasewaitfortheaccesspointtoresetandrestart.
72
I-5-5. Reboot
Iftheaccesspointmalfunctionsorisnotresponding,thenitisrecommendedthatyourebootthedeviceorresettheaccesspointbacktoitsfactorydefaultsettings(seeI-5-4).Youcanreboottheaccesspointremotelyusingthisfeature.
Reboot Click“Reboot”torebootthedevice.Acountdownwillindicatetheprogressofthereboot
73
II. Appendix
II-1. ConfiguringyourIPaddressIfnoDHCPServiceisdetected,theaccesspointusesthedefaultIPaddress192.168.2.2.Inordertoaccessthebrowserbasedconfigurationinterface,youneedtomodifytheIPaddressofyourcomputertobeinthesameIPaddresssubnete.g.192.168.2.x(x=3–254).TheprocedureformodifyingyourIPaddressvariesacrossdifferentoperatingsystems;pleasefollowtheguideappropriateforyouroperatingsystem.InthefollowingexamplesweusetheIPaddress192.168.2.10thoughyoucanuseanyIPaddressintherange192.168.2.x(x=3–254).
74
II-1-1. WindowsXP1. Clickthe“Start”button(itshouldbelocatedinthelower-leftcornerof
yourcomputer),thenclick“ControlPanel”.Double-clickthe“NetworkandInternetConnections”icon,click“NetworkConnections”,andthendouble-click“LocalAreaConnection”.The“LocalAreaConnectionStatus”windowwillthenappear,click“Properties”.
2. Select“UsethefollowingIPaddress”,theninputthefollowingvalues:
IPaddress:192.168.2.10SubnetMask:255.255.255.0Click‘OK’whenfinished.
75
76
II-1-2. WindowsVista1. Clickthe“Start”button(itshouldbelocatedinthelower-leftcornerof
yourcomputer),thenclick“ControlPanel”.Click“ViewNetworkStatusandTasks”,thenclick“ManageNetworkConnections”.Right-click“LocalAreaNetwork”,thenselect“Properties”.The“LocalAreaConnectionProperties”windowwillthenappear,select“InternetProtocolVersion4(TCP/IPv4)”,andthenclick“Properties”.
2. Select“UsethefollowingIPaddress”,theninputthefollowingvalues:
IPaddress:192.168.2.10SubnetMask:255.255.255.0Click‘OK’whenfinished.
77
78
II-1-3. Windows71. Clickthe“Start”button(itshouldbelocatedinthelower-leftcornerof
yourcomputer),thenclick“ControlPanel”.
2. Under“NetworkandInternet”click“Viewnetworkstatusandtasks”.
3. Click“LocalAreaConnection”.
79
4. Click“Properties”.
80
5. Select“InternetProtocolVersion4(TCP/IPv4)andthenclick“Properties”.
6. Select“UsethefollowingIPaddress”,theninputthefollowingvalues:
IPaddress:192.168.2.10SubnetMask:255.255.255.0Click‘OK’whenfinished.
81
82
II-1-4. Windows81. FromtheWindows8Startscreen,youneedtoswitchtodesktopmode.
Moveyourcursertothebottomleftofthescreenandclick.
2. Indesktopmode,clicktheFileExplorericoninthebottomleftofthe
screen,asshownbelow.
83
3. Rightclick“Network”andthenselect“Properties”.
84
4. Inthewindowthatopens,select“Changeadaptersettings”fromtheleftside.
5. Chooseyourconnectionandrightclick,thenselect“Properties”.
85
6. Select“InternetProtocolVersion4(TCP/IPv4)andthenclick“Properties”.
7. Select“UsethefollowingIPaddress”,theninputthefollowingvalues:
IPaddress:192.168.2.10SubnetMask:255.255.255.0Click‘OK’whenfinished.
86
II-1-5. Mac1. HaveyourMacintoshcomputeroperateasusual,andclickon“System
Preferences”
2. InSystemPreferences,clickon“Network”.
3. Clickon“Ethernet”intheleftpanel.
4. Openthedrop-downmenulabeled“ConfigureIPv4”andselect
“Manually”.
87
5. EntertheIPaddress192.168.2.10andsubnetmask255.255.255.0.Click
on“Apply”tosavethechanges.
88
II-1-6. GlossaryDefaultGateway(Accesspoint):Everynon-accesspointIPdeviceneedstoconfigureadefaultgateway’sIPaddress.WhenthedevicesendsoutanIPpacket,ifthedestinationisnotonthesamenetwork,thedevicehastosendthepackettoitsdefaultgateway,whichwillthensenditouttowardsthedestination.DHCP:DynamicHostConfigurationProtocol.ThisprotocolautomaticallygiveseverycomputeronyourhomenetworkanIPaddress.DNSServerIPAddress:DNSstandsforDomainNameSystem,whichallowsInternetserverstohaveadomainname(suchaswww.Broadbandaccesspoint.com)andoneormoreIPaddresses(suchas192.34.45.8).ADNSserverkeepsadatabaseofInternetserversandtheirrespectivedomainnamesandIPaddresses,sothatwhenadomainnameisrequested(asintyping"Broadbandaccesspoint.com"intoyourInternetbrowser),theuserissenttotheproperIPaddress.TheDNSserverIPaddressusedbythecomputersonyourhomenetworkisthelocationoftheDNSserveryourISPhasassignedtoyou. DSLModem:DSLstandsforDigitalSubscriberLine.ADSLmodemusesyourexistingphonelinestotransmitdataathighspeeds. Ethernet:Astandardforcomputernetworks.Ethernetnetworksareconnectedbyspecialcablesandhubs,andmovedataaroundatupto10/100millionbitspersecond(Mbps).IPAddressandNetwork(Subnet)Mask:IPstandsforInternetProtocol.AnIPaddressconsistsofaseriesoffournumbersseparatedbyperiods,thatidentifiesasingle,uniqueInternetcomputerhostinanIPnetwork.Example:192.168.2.2.Itconsistsof2portions:theIPnetworkaddress,andthehostidentifier.TheIPaddressisa32-bitbinarypattern,whichcanberepresentedasfourcascadeddecimalnumbersseparatedby“.”:aaa.aaa.aaa.aaa,whereeach“aaa”canbeanythingfrom000to255,orasfourcascadedbinarynumbersseparatedby“.”:bbbbbbbb.bbbbbbbb.bbbbbbbb.bbbbbbbb,whereeach“b”caneitherbe0or1.
89
Anetworkmaskisalsoa32-bitbinarypattern,andconsistsofconsecutiveleading1’sfollowedbyconsecutivetrailing0’s,suchas11111111.11111111.11111111.00000000.Thereforesometimesanetworkmaskcanalsobedescribedsimplyas“x”numberofleading1’s.Whenbotharerepresentedsidebysideintheirbinaryforms,allbitsintheIPaddressthatcorrespondto1’sinthenetworkmaskbecomepartoftheIPnetworkaddress,andtheremainingbitscorrespondtothehostID. Forexample,iftheIPaddressforadeviceis,initsbinaryform,11011001.10110000.10010000.00000111,andifitsnetworkmaskis,11111111.11111111.11110000.00000000Itmeansthedevice’snetworkaddressis11011001.10110000.10010000.00000000,anditshostIDis,00000000.00000000.00000000.00000111.ThisisaconvenientandefficientmethodforaccesspointstorouteIPpacketstotheirdestination.ISPGatewayAddress:(seeISPfordefinition).TheISPGatewayAddressisanIPaddressfortheInternetaccesspointlocatedattheISP'soffice.ISP:InternetServiceProvider.AnISPisabusinessthatprovidesconnectivitytotheInternetforindividualsandotherbusinessesororganizations.LAN:LocalAreaNetwork.ALANisagroupofcomputersanddevicesconnectedtogetherinarelativelysmallarea(suchasahouseoranoffice).YourhomenetworkisconsideredaLAN.MACAddress:MACstandsforMediaAccessControl.AMACaddressisthehardwareaddressofadeviceconnectedtoanetwork.TheMACaddressisauniqueidentifierforadevicewithanEthernetinterface.Itiscomprisedoftwoparts:3bytesofdatathatcorrespondstotheManufacturerID(uniqueforeachmanufacturer),plus3bytesthatareoftenusedastheproduct’sserialnumber.NAT:NetworkAddressTranslation.ThisprocessallowsallofthecomputersonyourhomenetworktouseoneIPaddress.Usingthebroadbandaccesspoint’sNATcapability,youcanaccesstheInternetfromanycomputeronyourhomenetworkwithouthavingtopurchasemoreIPaddressesfromyourISP. Port:NetworkClients(LANPC)usesportnumberstodistinguishonenetworkapplication/protocoloveranother.Belowisalistofcommonapplicationsandprotocol/portnumbers:
90
Application ProtocolPortNumberTelnet TCP 23FTP TCP 21SMTP TCP 25POP3 TCP 110H.323 TCP 1720SNMP UCP 161SNMPTrap UDP 162HTTP TCP 80PPTP TCP 1723PCAnywhereTCP 5631PCAnywhereUDP 5632Accesspoint:AaccesspointisanintelligentnetworkdevicethatforwardspacketsbetweendifferentnetworksbasedonnetworklayeraddressinformationsuchasIPaddresses.SubnetMask:Asubnetmask,whichmaybeapartoftheTCP/IPinformationprovidedbyyourISP,isasetoffournumbers(e.g.255.255.255.0)configuredlikeanIPaddress.ItisusedtocreateIPaddressnumbersusedonlywithinaparticularnetwork(asopposedtovalidIPaddressnumbersrecognizedbytheInternet,whichmustbeassignedbyInterNIC). TCP/IP,UDP:TransmissionControlProtocol/InternetProtocol(TCP/IP)andUnreliableDatagramProtocol(UDP).TCP/IPisthestandardprotocolfordatatransmissionovertheInternet.BothTCPandUDParetransportlayerprotocol.TCPperformspropererrordetectionanderrorrecovery,andthusisreliable.UDPontheotherhandisnotreliable.TheybothrunontopoftheIP(InternetProtocol),anetworklayerprotocol.WAN:WideAreaNetwork.Anetworkthatconnectscomputerslocatedingeographicallyseparateareas(e.g.differentbuildings,cities,countries).TheInternetisawideareanetwork.Web-basedmanagementGraphicalUserInterface(GUI):Manydevicessupportagraphicaluserinterfacethatisbasedonthewebbrowser.ThismeanstheusercanusethefamiliarNetscapeorMicrosoftInternetExplorertoControl/configureormonitorthedevicebeingmanaged.
91
II-2. ENVIRONMENT&PHYSICALTemperatureRange
Operation:0to40℃(32℉to104℉)Storage:-20to60℃(-4℉to140℉)
Humidity 90%orless–Operating,90%orless-Storage
Certifications FCC,CE
Dimensions 6.9(D)x1.2(H)inches
Weight 10.8oz.
COPYRIGHTCopyright©2017bythiscompany.Allrightsreserved.Nopartofthispublicationmaybereproduced,transmitted,transcribed,storedinaretrievalsystem,ortranslatedintoanylanguageorcomputerlanguage,inanyformorbyanymeans,electronic,mechanical,magnetic,optical,chemical,manualorotherwise,withoutthepriorwrittenpermissionofthiscompany
Thiscompanymakesnorepresentationsorwarranties,eitherexpressedorimplied,withrespecttothecontentshereofandspecificallydisclaimsanywarranties,merchantabilityorfitnessforanyparticularpurpose.Anysoftwaredescribedinthismanualissoldorlicensed"asis".Shouldtheprogramsprovedefectivefollowingtheirpurchase,thebuyer(andnotthiscompany,itsdistributor,oritsdealer)assumestheentirecostofallnecessaryservicing,repair,andanyincidentalorconsequentialdamagesresultingfromanydefectinthesoftware.Further,thiscompanyreservestherighttorevisethispublicationandtomakechangesfromtimetotimeinthecontentsthereofwithoutobligationtonotifyanypersonofsuchrevisionorchanges.
1
FederalCommunicationCommissionInterferenceStatementThisequipmenthasbeentestedandfoundtocomplywiththelimitsforaClassBdigitaldevice,pursuanttoPart15ofFCCRules.Theselimitsaredesignedtoprovidereasonableprotectionagainstharmfulinterferenceinaresidentialinstallation.Thisequipmentgenerates,uses,andcanradiateradiofrequencyenergyand,ifnotinstalledandusedinaccordancewiththeinstructions,maycauseharmfulinterferencetoradiocommunications.However,thereisnoguaranteethatinterferencewillnotoccurinaparticularinstallation.Ifthisequipmentdoescauseharmfulinterferencetoradioortelevisionreception,whichcanbedeterminedbyturningtheequipmentoffandon,theuserisencouragedtotrytocorrecttheinterferencebyoneormoreofthefollowingmeasures:
1.Reorientorrelocatethereceivingantenna.2.Increasetheseparationbetweentheequipmentandreceiver.3.Connecttheequipmentintoanoutletonacircuitdifferentfromthattowhichthereceiverisconnected.4.Consultthedealeroranexperiencedradiotechnicianforhelp.
FCCCautionThisdeviceanditsantennamustnotbeco-locatedoroperatinginconjunctionwithanyotherantennaortransmitter.ThisdevicecomplieswithPart15oftheFCCRules.Operationissubjecttothefollowingtwoconditions:(1)thisdevicemaynotcauseharmfulinterference,and(2)thisdevicemustacceptanyinterferencereceived,includinginterferencethatmaycauseundesiredoperation.Anychangesormodificationsnotexpresslyapprovedbythepartyresponsibleforcompliancecouldvoidtheauthoritytooperateequipment.FCCRadiationExposureStatement:ThisequipmentcomplieswithFCCradiationexposurelimitssetforthforanuncontrolledenvironment.Thisequipmentshouldbeinstalledandoperatedwithminimumdistance20cmbetweentheradiator&yourbody.R&TTEComplianceStatementThisequipmentcomplieswithalltherequirementsofDIRECTIVE1999/5/ECOFTHEEUROPEANPARLIAMENTANDTHECOUNCILofMarch9,1999onradioequipmentandtelecommunicationterminalequipmentandthemutualrecognitionoftheirconformity(R&TTE).TheR&TTEDirectiverepealsandreplacesinthedirective98/13/EEC(TelecommunicationsTerminalEquipmentandSatelliteEarthStationEquipment)AsofApril8,2000.SafetyThisequipmentisdesignedwiththeutmostcareforthesafetyofthosewhoinstallanduseit.However,specialattentionmustbepaidtothedangersofelectricshockandstaticelectricitywhenworkingwithelectricalequipment.Allguidelinesofthisandofthecomputermanufacturemustthereforebeallowedatalltimestoensurethesafeuseoftheequipment.EUCountriesIntendedforUseTheETSIversionofthisdeviceisintendedforhomeandofficeuseinAustria,Belgium,Bulgaria,Cyprus,Czech,Denmark,Estonia,Finland,France,Germany,Greece,Hungary,Ireland,Italy,Latvia,Lithuania,Luxembourg,Malta,Netherlands,Poland,Portugal,Romania,Slovakia,Slovenia,Spain,Sweden,Turkey,andUnitedKingdom.TheETSIversionofthisdeviceisalsoauthorizedforuseinEFTAmemberstates:Iceland,Liechtenstein,Norway,andSwitzerland.EUCountriesNotIntendedforUseNone