WAP User Manual V1.2.0 - Comtrend · WAP-EN Series Wireless Access Points Version 1.2,0 June 2017 . FCC Compliance This equipment has been tested and found to comply with the limits

USER MANUAL WAP-EN Series Wireless Access Points

Version 1.2,0 June 2017

FCCComplianceThisequipmenthasbeentestedandfoundtocomplywiththelimitsforaClassBDigitalDevice,pursuanttopart15oftheFCCRules.Theselimitsaredesignedtoprovidereasonableprotectionagainstharmfulinterferenceinaresidentialinstallation.Thisequipmentgenerates,usesandcanradiateradiofrequencyenergyand,ifnotinstalledandusedinaccordancewiththeinstruction,maycauseharmfulinterferencetoradiocommunication.However,thereisnoguaranteethatinterferencewillnotoccurinaparticularinstallation.Ifthisequipmentdoescauseharmfulinterferencetoradioortelevisionreception,whichcanbedeterminedbyturningtheequipmentoffandon,theuserisencouragedtotrytocorrecttheinterferencebyoneormoreofthefollowingmeasures:

• Reorientorrelocatethereceivingantenna• Increasetheseparationbetweentheequipmentandreceiver• Connecttheequipmentintoanoutletonacircuitdifferentfromthattowhichthereceiveris

connected• Consultthedealeroranexperiencedradio/TVtechnicianforhelp.

Thechangesormodificationsnotexpresslyapprovedbythepartyresponsibleforcompliancecouldvoidtheuser'sauthoritytooperatetheequipment.TocomplywiththeFCCRFexposurecompliancerequirements,thisdeviceanditsantennamustnotbeco-locatedoroperatingtoconjunctionwithanyotherantennaortransmitter.Thisequipmentshouldbeinstalledandoperatedwithminimumdistance20cmbetweentheradiator&yourbody.

Copyright

Copyright©2017ComtrendCorporation.Allrightsreserved.TheinformationcontainedhereinisproprietarytoComtrendCorporation.Nopartofthisdocumentmaybetranslated,transcribed,reproduced,inanyform,orbyanymeanswithoutthepriorwrittenconsentofComtrendCorporation.Thisprogramisfreesoftware:youcanredistributeitand/ormodifyitunderthetermsoftheGNUGeneralPublicLicenseaspublishedbytheFreeSoftwareFoundation,eitherversion3oftheLicense,or(atyouroption)anylaterversion.

Thisprogramisdistributedinthehopethatitwillbeuseful,butWITHOUTANYWARRANTY;withouteventheimpliedwarrantyofMERCHANTABILITYorFITNESSFORAPARTICULARPURPOSE.SeetheGNUGeneralPublicLicenseformoredetails.

YoushouldhavereceivedacopyoftheGNUGeneralPublicLicensealongwiththisprogram.Ifnot,seehttp://www.gnu.org/licenses/ NOTE: Thisdocumentissubjecttochangewithoutnotice.

Protect Our Environment

Thissymbolindicatesthatwhentheequipmenthasreachedtheendofitsusefullife,itmustbetakentoarecyclingcenterandprocessedseparatefromdomesticwaste.

Thecardboardbox,theplasticcontainedinthepackaging,andthepartsthatmakeupthisroutercanberecycledinaccordancewithregionallyestablishedregulations.Neverdisposeofthiselectronicequipmentalongwithyourhouseholdwaste;youmaybesubjecttopenaltiesorsanctionsunderthelaw.

TableofContents

Overview.............................................................................................................................................2

I. BrowserBasedConfigurationInterface..........................................................................................3I-1. Information........................................................................................................................................................................................5I-1-1. SystemInformation.....................................................................................................................................................................5I-1-2. WirelessClients............................................................................................................................................................................9I-1-3. WirelessMonitor.......................................................................................................................................................................11I-1-4. Log.................................................................................................................................................................................................13I-2. NetworkSettings............................................................................................................................................................................15I-2-1. LAN-SideIPAddress..................................................................................................................................................................15I-2-2. LANPort........................................................................................................................................................................................17I-2-3. STPManagement.......................................................................................................................................................................17I-2-4. VLAN...............................................................................................................................................................................................18I-3. WirelessSettings............................................................................................................................................................................18I-3-1. 2.4GHz11bgn..............................................................................................................................................................................19I-3-1-1. Basic..............................................................................................................................................................................................20I-3-1-2. Advanced.....................................................................................................................................................................................23I-3-1-3. Security......................................................................................................................................................................................25I-3-1-3-1. NoAuthentication.............................................................................................................................................................26I-3-1-3-2. WEP.........................................................................................................................................................................................27I-3-1-3-3. IEEE802.1x/EAP...................................................................................................................................................................27I-3-1-3-4. WPA-PSK...............................................................................................................................................................................27I-3-1-3-5. WPA-EAP...............................................................................................................................................................................28I-3-1-3-6. AdditionalAuthentication...............................................................................................................................................28I-3-1-4. WDS...............................................................................................................................................................................................30I-3-1-5. GuestNetwork..........................................................................................................................................................................31I-3-2. 5GHz11ac11an............................................................................................................................................................................33I-3-2-1. Basic..............................................................................................................................................................................................33I-3-2-2. Advanced.....................................................................................................................................................................................36I-3-2-3. Security........................................................................................................................................................................................38I-3-2-4. WDS...............................................................................................................................................................................................40I-3-2-5. GuestNetwork..........................................................................................................................................................................41I-3-3. WPS...................................................................................................................................................................................................43I-3-4. RADIUS.............................................................................................................................................................................................45I-3-4-1. RADIUSSettings........................................................................................................................................................................46I-3-4-2. InternalServer...........................................................................................................................................................................48I-3-4-3. RADIUSAccounts......................................................................................................................................................................49I-3-6. WMM................................................................................................................................................................................................55I-3-7. Schedule..........................................................................................................................................................................................57I-3-8. TrafficShaping...............................................................................................................................................................................57

I-4. Management...................................................................................................................................................................................59I-4-1. Admin.............................................................................................................................................................................................59I-4-2. DateandTime.............................................................................................................................................................................62I-4-3. SyslogServer................................................................................................................................................................................64I-4-4. PingTest........................................................................................................................................................................................65I-4-5. I’mHere.........................................................................................................................................................................................65I-4-6. TR-069............................................................................................................................................................................................65I-4-7. wifiXtend.......................................................................................................................................................................................66I-5-1. LEDSettings.................................................................................................................................................................................67I-5-2. UpdateFirmware.......................................................................................................................................................................68I-5-3. Save/RestoreSettings...............................................................................................................................................................69I-5-4. FactoryDefault...........................................................................................................................................................................71I-5-5. Reboot...........................................................................................................................................................................................72

II. Appendix....................................................................................................................................73II-1. ConfiguringyourIPaddress......................................................................................................................................................73II-1-1. WindowsXP................................................................................................................................................................................74II-1-2. WindowsVista...........................................................................................................................................................................76II-1-3. Windows7..................................................................................................................................................................................78II-1-4. Windows8..................................................................................................................................................................................82II-1-5. Mac................................................................................................................................................................................................86II-1-6. Glossary........................................................................................................................................................................................88II-2. ENVIRONMENT&PHYSICAL......................................................................................................................................................91

2

OverviewThedefaultmodeforyourEN-Seriesaccesspointis“APMode”.APModeisaregularaccesspointforyournetwork.SomeEN-SeriesaccesspointscanalsofunctionasanAPController,actingasadesignated“Master”foranarrayof“Slave”accesspoints.(Uptoamaximumof5remoteaccesspoints)ManagedAPModeactslikea“Slave”accesspointinanaccesspointarray.(ControlledbytheAPController“Master”orWLC-6404WirelessAccessPointController)

Theuserinterfacewillchangedependingonwhichmodeisselected.ThismanualwillcovertheAPModefunctionsonly.

{Imagewillvaryslightlyfromdevicemodelstodevicemodels}

{Availablefrequencieswillvaryfromdevicemodelstodevicemodels}

3

I. BrowserBasedConfigurationInterfaceThebrowser-basedconfigurationinterfaceenablesyoutoconfiguretheaccesspoint’sadvancedfeatures.ThedevicefeaturesarangeofadvancedfunctionssuchasMACfiltering,MACRADIUSauthentication,VLANconfigurations,upto16-32SSIDsandmanymore.Toaccessthebrowserbasedconfigurationinterface:1. ConnectacomputertoyouraccesspointusinganEthernetcable.2. Enteryouraccesspoint’sIPaddressintheURLbarofawebbrowser.Ifno

DHCPServicesisdiscovered,theaccesspoint’sdefaultIPaddressis192.168.2.2or192.168.2.1.

3. Youwillbepromptedforausernameandpassword.Thedefault

usernameis“admin”andthedefaultpasswordis“admin”or“1234”,thoughitwasrecommendedthatyouchangethepassword.

Ifyoucannotrememberyourpassword,resettheaccesspointbacktoitsfactorydefaultsettings.RefertotheQuickInstallationGuideforinstructionsonhowtofactoryresetyourdevice.

4. Youwillarriveatthe“SystemInformation”screenshownbelow.

4

5. Usethemenuacrossthetopanddowntheleftsidetonavigate.

6. Click“Apply”tosavechangesandreloadtheaccesspoint,or“Cancel”tocancelchanges.

Pleasewaitafewsecondsfortheaccesspointtoreloadafteryou“Apply”changes,asshownbelow.

7. Refertothefollowingchaptersforfulldescriptionsofthebrowserbased

configurationinterfacefeatures.

5

I-1. Information

Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfiguration.

I-1-1. SystemInformation

The“SystemInformation”pagedisplaysbasicsysteminformationabouttheaccesspoint.

6

7

SystemModel Displaysthemodelnumberoftheaccess

pointProductName Displaystheproductnameforreference,

whichconsistsof“AP”plustheMACaddressUptime Displaysthetotaltimesincethedevicewas

turnedonBootFrom DisplaysinformationforthebootedhardwareVersion DisplaysthefirmwareversionMACAddress Displaystheaccesspoint’sMACaddressManagementVLANID

DisplaysthemanagementVLANID

IPAddress DisplaystheIPaddressofthisdevice.Click“Refresh”toupdatethisvalue

Default Gateway

DisplaystheIPaddressofthedefaultgateway

DNS IPaddressofDNS(DomainNameServer)DHCPServer IPaddressofDHCPServer

WiredLANPortSettingsWiredLANPort SpecifieswhichLANportStatus DisplaysthestatusoftheLANport(connected

ordisconnected)VLANMode/ID DisplaystheVLANmode(taggedoruntagged)

andVLANIDfortheLANport.SeeI-2-3.VLAN

Wireless2.4GHz(5GHz)Status Displaysthestatusofthe2.4GHzor5GHz

wireless(enabledordisabled)MACAddress Displaystheaccesspoint’sMACaddressChannel Displaysthechannelnumberthespecified

wirelessfrequencyisusingforbroadcastTransmitPower Displaysthewirelessradiotransmitpower

levelasapercentage

Wireless2.4GHz(5GHz)/SSID

8

SSID DisplaystheSSIDname(s)forthespecifiedfrequency

AuthenticationMethod

DisplaystheauthenticationmethodforthespecifiedSSID.SeeI-3.WirelessSettings

EncryptionType DisplaystheencryptiontypeforthespecifiedSSID.SeeI-3.WirelessSettings

VLANID DisplaystheVLANIDforthespecifiedSSID.SeeI-2-3.VLAN

AdditionalAuthentication

DisplaystheadditionalauthenticationtypeforthespecifiedSSID.SeeI-3.WirelessSettings

WirelessClientIsolation

DisplayswhetherwirelessclientisolationisinuseforthespecifiedSSID.SeeI-2-3.VLAN

Wireless2.4GHz(5GHz)/WDSStatusMACAddress Displaysthepeeraccesspoint’sMACaddressEncryptionType Displaystheencryptiontypeforthespecified

WDS.SeeI-3-1-4.WDSVLANMode/ID DisplaystheVLANIDforthespecifiedWDS.

SeeI-3-1-4.WDS

Refresh Clicktorefreshallinformation

9

I-1-2. WirelessClients

The“WirelessClients”pagedisplaysinformationaboutallwirelessclients

connectedtotheaccesspointonthe2.4GHzor5GHzfrequency.

RefreshtimeAutoRefreshTime Selectatimeintervalfortheclienttablelistto

automaticallyrefreshManualRefresh Clickrefreshtomanuallyrefreshtheclient

table

2.4GHz(5GHz)WLANClientTableSSID DisplaystheSSIDthattheclientisconnected

toMACAddress DisplaystheMACaddressoftheclientTx Displaysthetotaldatapacketstransmittedby

thespecifiedclientRx Displaysthetotaldatapacketsreceivedby

thespecifiedclientSignal(%) Displaysthewirelesssignalstrengthforthe

10

specifiedclientConnectedTime Displaysthetotaltimethewirelessclienthas

beenconnectedtotheaccesspointIdleTime Clientidletimeisthetimeforwhichtheclient

hasnottransmittedanydatapacketsi.e.isidle

Vendor Thevendoroftheclient’swirelessadapterisdisplayedhere

11

I-1-3. WirelessMonitor

WirelessMonitorisatoolbuiltintotheaccesspointtoscanandmonitorthesurrounding

wirelessenvironment.Selectafrequencyandclick“Scan”todisplayalistofallSSIDswithinrangealongwithrelevantdetailsforeachSSID.

WirelessMonitorSiteSurvey Selectwhichfrequency(orboth)toscan,and

click“Scan”tobeginChannelSurveyResult

Afterascaniscomplete,click“Export”tosavetheresultstolocalstorage

SiteSurveyResultsCh Displaysthechannelnumberusedbythe

specifiedSSIDSSID DisplaystheSSIDidentifiedbythescanMACAddress DisplaystheMACaddressofthewireless

router/accesspointforthespecifiedSSIDSecurity Displaystheauthentication/encryptiontype

ofthespecifiedSSID

12

Signal(%) DisplaysthecurrentsignalstrengthoftheSSID

Type Displaysthe802.11wirelessnetworkingstandard(s)ofthespecifiedSSID

Vendor Displaysthevendorofthewirelessrouter/accesspointforthespecifiedSSID

13

I-1-4. Log

Thesystemlogdisplayssystemoperationinformationsuchasuptimeandconnectionprocesses.Thisinformationisuseful

fornetworkadministrators.

Whenthelogisfull,oldentriesareoverwritten.

Save Clicktosavethelogasafileonyourlocalcomputer

Clear ClearalllogentriesRefresh Refreshthecurrentlog

14

Thefollowinginformation/eventsarerecordedbythelog:! WirelessClient

Connected&disconnectedKeyexchangesuccess&fail

! AuthenticationAuthenticationfailorsuccessful

! Association Successorfail

! WPSM1-M8messagesWPSsuccess

! ChangeSettings! SystemBoot

Displayscurrentmodelname! NTPClient! WiredLink

LANPortlinkstatusandspeedstatus! ProxyARP

ProxyARPmodulestart&stop! Bridge

Bridgestart&stop.! SNMP

SNMPserverstart&stop! HTTP

HTTPstart&stop! HTTPS

HTTPSstart&stop.! SSH

SSH-clientserverstart&stop! Telnet

Telnet-clientserverstartorstop! WLAN(2.4G)

WLAN(2.4G]channelstatusandcountry/regionstatus! WLAN(5G)

WLAN(5G)channelstatusandcountry/regionstatus! ADT

15

I-2. NetworkSettings


I-2-1. LAN-SideIPAddress

The“LAN-sideIPaddress”pageallowsyoutoconfigureyouraccesspointonyourLocalArea

Network(LAN).YoucanenabletheaccesspointtodynamicallyreceiveanIPaddressfromyourrouter’sDHCPserveroryoucanspecifyastaticIPaddressforyouraccesspoint,aswellasconfigureDNSservers.

Theaccesspoint’sdefaultIPaddressis192.168.2.2or192.168.2.1.

LAN-sideIPAddressIPAddressAssignment

Select“DHCPClient”foryouraccesspointtobeassignedadynamicIPaddressfromyourrouter’sDHCPserver,orselect“StaticIP”tomanuallyspecifyastatic/fixedIPaddressforyouraccesspoint(below)

IPAddress SpecifytheIPaddresshere.ThisIPaddresswillbeassignedtoyouraccesspointandwill

16

replacethedefaultIPaddressSubnetMask Specifyasubnetmask.Thedefaultvalueis

255.255.255.0DefaultGateway ForDHCPusers,select“FromDHCP”toget

defaultgatewayfromyourDHCPserveror“User-Defined”toenteragatewaymanually.ForstaticIPusers,thedefaultvalueisblank

DHCPuserscanselecttogetDNSservers’IPaddressfromDHCPormanuallyenteravalue.ForstaticIPusers,thedefaultvalueisblank.

PrimaryAddress DHCPuserscanselect“FromDHCP”togetprimaryDNSserver’sIPaddressfromDHCPor“User-Defined”tomanuallyenteravalue.ForstaticIPusers,thedefaultvalueisblank

SecondaryAddress UserscanmanuallyenteravaluewhenDNSserver’sprimaryaddressissetto“User-Defined”

17

I-2-2. LANPort

The“LANPort”pageallowsyoutoconfigurethesettingsforyouraccesspoint’swiredLAN(Ethernet)port.

WiredLANPort IdentifiesLANport1Enable Enable/disableLANportSpeed&Duplex Selectaspeed&duplextypeforLANport,or

usethe“Auto”value.LANportscanoperateupto1000Mbpsandfull-duplexenablessimultaneousdatapacketstransfer/receive

FlowControl Enable/disableflowcontrol.Flowcontrolcanpausenewsessionrequestuntilcurrentdataprocessingiscomplete,inordertoavoiddeviceoverloadsunderheavytraffic

802.3az Enable/disable802.3az.802.3azisanEnergyEfficientEthernetfeaturethatdisablesunusedinterfacestoreducepowerusage

I-2-3. STPManagement

SpanningTreeProtocolisusedtopreventnetworkloops,thusallowingredundantnetworkpaths.

18

I-2-4. VLAN

The“VLAN”(VirtualLocalAreaNetwork)enablesyoutoconfigureVLANsettings.AVLANisalocalareanetworkwhichmapsworkstationsvirtuallyinsteadofphysicallyandallowsyoutogrouptogetherorisolateusersfromeachother.VLANIDs1–4094aresupported.

VLANIDsintherange1–4094aresupported.

VLANInterfaceWiredLANPort/Wireless

IdentifiesLANport1andwirelessSSIDs(2.4GHzor5GHz)

VLANMode Select“TaggedPort”or“UntaggedPort”forLANinterface

VLANID SetaVLANIDforspecifiedinterface,if“UntaggedPort”isselected

ManagementVLANVLANID SpecifytheVLANIDofthemanagementVLAN.

OnlythehostsbelongingtothesameVLANcanmanagethedevice

I-3. WirelessSettings

19


I-3-1. 2.4GHz11bgn

The“2.4GHz11bgn”menuallowsyoutoviewandconfigureinformationforyouraccesspoint’s2.4GHzwirelessnetworkacrossfourcategories:Basic,Advanced,SecurityandWDS.

20

I-3-1-1.Basic

The“Basic”screendisplaysbasicsettingsforyouraccesspoint’s2.4GHzWi-Finetwork(s).

21

Wireless Enableordisabletheaccesspoint’s2.4GHzwirelessradio.Whendisabled,no2.4GHzSSIDswillbeactive

Band Selectthewirelessstandardusedfortheaccesspoint.Combinationsof802.11b,802.11g&802.11ncanbeselected

EnableSSIDNumber SelecthowmanySSIDstoenableforthe2.4GHzfrequencyfromthedropdownmenu.Amaximumof16canbeenabled

SSID# EntertheSSIDnameforthespecifiedSSID(upto16).TheSSIDcanconsistofanycombinationofupto32alphanumericcharacters

VLANID SpecifyaVLANIDforeachSSIDAutoChannel Enable/disableautochannelselection.Auto

channelselectionwillautomaticallysetthewirelesschannelfortheaccesspoint’s2.4GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanuallyasshowninthenexttable

AutoChannelRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel

AutoChannelInterval

Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference

ChannelBandwidth Setthechannelbandwidth:20MHz(lowerperformancebutlessinterference),40MHz(higherperformancebutpotentiallyhigherinterference)orAuto(automaticallyselectbasedoninterferencelevel)

BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients

22

Whenautochannelisdisabled,selectawirelesschannelmanually:

Channel Selectawirelesschannelfrom1–11(1-13).ChannelBandwidth Setthechannelbandwidth:20MHz(lower

performancebutlessinterference),40MHz(higherperformancebutpotentiallyhigherinterference)orAuto(automaticallyselectbasedoninterferencelevel)


23

I-3-1-2.Advanced

Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthevaluesonthispageunlessyouarealreadyfamiliarwiththesefunctions.

Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoint.

ContentionSlot Select“Short”or“Long”–thisvalueisusedfor

contentionwindowsinWMM(seeI-3-6.WMM)

PreambleType Setthewirelessradiopreambletype.Thepreambletypein802.11basedwirelesscommunicationdefinesthelengthoftheCRC(CyclicRedundancyCheck)blockforcommunicationbetweentheaccesspointandroamingwirelessadapters.Thedefaultvalueis“ShortPreamble”

GuardInterval Settheguardinterval.Ashorterintervalcanimproveperformance

24

802.11gProtection Enable/disable802.11gprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)

802.11nProtection Enable/disable802.11nprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)

DTIMPeriod SettheDTIM(deliverytrafficindicationmessage)periodvalueofthewirelessradio.Thedefaultvalueis1

RTSThreshold SettheRTSthresholdofthewirelessradio.Thedefaultvalueis2347

FragmentThreshold

Setthefragmentthresholdofthewirelessradio.Thedefaultvalueis2346

MulticastRate Setthetransferrateformulticastpacketsorusethe“Auto”setting

TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower.Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal

BeaconInterval Setthebeaconintervalofthewirelessradio.Thedefaultvalueis100

Stationidletimeout

Settheintervalforkeepalivemessagesfromtheaccesspointtoawirelessclienttoverifyifthestationisstillalive/active

25

I-3-1-3. Security

Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.

It’sessentialtoconfigurewirelesssecurityinordertopreventunauthorisedaccesstoyournetwork.

Selecthard-to-guesspasswordswhichincludecombinationsofnumbers,lettersandsymbols,andchangeyourpasswordregularly.

26

SSIDSelection SelectwhichSSIDtoconfiguresecuritysettingsfor

BroadcastSSID EnableordisableSSIDbroadcast.Whenenabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID


Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords

LoadBalancing LoadbalancinglimitsthenumberofwirelessclientsconnectedtoanSSID.Setaloadbalancingvalue(maximum50)


Selectanauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod


Selectanadditionalauthenticationmethodfromthedropdownmenuandrefertotheinformationbelow(I-3-1-3-6.)appropriateforyourmethod

I-3-1-3-1. NoAuthentication

Authenticationisdisabledandnopassword/keyisrequiredtoconnecttotheaccesspoint.

Disablingwirelessauthenticationisnotrecommended.Whendisabled,anybodywithinrangecanconnecttoyourdevice’sSSID.

27

I-3-1-3-2. WEP

WEP(WiredEquivalentPrivacy)isabasicencryptiontype.ForahigherlevelofsecurityconsiderusingWPAencryption.

KeyLength Select64-bitor128-bit.128-bitismoresecurethan64-bitandisrecommended

KeyType Choosefrom“ASCII”(anyalphanumericalcharacter0-9,a-zandA-Z)or“Hex”(anycharactersfrom0-9,a-fandA-F)

DefaultKey Selectwhichencryptionkey(1–4below)isthedefaultkey.Forsecuritypurposes,youcansetuptofourkeys(below)andchangethatisthedefaultkey

EncryptionKey1–4

Enteryourencryptionkey/passwordaccordingtotheformatyouselectedabove

I-3-1-3-3. IEEE802.1x/EAP

KeyLength Select64-bitor128-bit.128-bitismoresecurethan64-bitandisrecommended

I-3-1-3-4. WPA-PSK

WPA-PSKisasecurewirelessencryptiontypewithstrongdataprotectionanduserauthentication,utilizing128-bitencryptionkeys.

WPAType SelectfromWPA/WPA2MixedMode-PSK,WPA2orWPAonly.WPA2issaferthanWPAonly,butnotsupportedbyallwirelessclients.Pleasemakesureyourwirelessclientsupportsyourselection

Encryption Select“TKIP/AESMixedMode”or“AES”encryptiontype

KeyRenewalInterval

Specifyafrequencyforkeyrenewalinminutes

Pre-SharedKey Choosefrom“Passphrase”(8–63

28

Type alphanumericcharacters)or“Hex”(upto64charactersfrom0-9,a-fandA-F)

Pre-SharedKey Pleaseenterasecuritykey/passwordaccordingtotheformatyouselectedabove

I-3-1-3-5. WPA-EAP

WPAType SelectfromWPA/WPA2MixedMode-EAP,WPA2-EAPorWPA-EAP

Encryption Select“TKIP/AESMixedMode”or“AES”encryptiontype

KeyRenewalInterval

Specifyafrequencyforkeyrenewalinminutes

WPA-EAPmustbedisabledtouseMAC-RADIUSauthentication.

I-3-1-3-6. AdditionalAuthentication

Additionalwirelessauthenticationmethodscanalsobeused:MACAddressFilterRestrictwirelessclientsaccessbasedonMACaddressspecifiedintheMACfiltertable.

SeeI-3-5.MACFiltertoconfigureMACfiltering.MACFilter&MAC-RADIUSAuthenticationRestrictwirelessclientsaccessusingbothoftheaboveMACfiltering&RADIUSauthenticationmethods.MAC-RADIUSAuthenticationRestrictwirelessclientsaccessbasedonMACaddressviaaRADIUSserver,orpasswordauthenticationviaaRADIUSserver.

SeeI-3-4.RADIUStoconfigureRADIUSservers.

WPSmustbedisabledtouseMAC-RADIUSauthentication.SeeI-3-3.forWPSsettings.

29

MACRADIUSPassword

SelectwhethertouseMACaddressorpasswordauthenticationviaRADIUSserver.Ifyouselect“Usethefollowingpassword”,enterthepasswordinthefieldbelow.Thepasswordshouldmatchthe“SharedSecret”usedinI-3-4.RADIUS.

SmartHandoverEnableSmartHandovertoconfigureanRSSIThreshold. TheRSSIThresholdisthesignalstrengthinwhichawirelessclienthandoffwilloccur. Thehigherthenumber,thestrongerthesignal.

30

I-3-1-4.WDS

WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogetherinanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.

WhenusingWDS,configuretheIPaddressofeachaccesspointtobeinthesamesubnetandensurethereisonlyoneactiveDHCPserveramongconnectedaccesspoints,preferablyontheWANside.

WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.Allaccesspointsshouldusethesamewirelesschannelandencryptionmethod.

31

2.4GHzWDSFunctionality Select“WDSwithAP”touseWDSwithaccess

pointor“DedicatedWDS”touseWDSandalsoblockcommunicationwithregularwirelessclients.WhenWDSisused,eachaccesspointshouldbeconfiguredwithcorrespondingMACaddresses,wirelesschannelandwirelessencryptionmethod

LocalMACAddress DisplaystheMACaddressofyouraccesspoint

WDSPeerSettingsWDS# EntertheMACaddressforuptofourother

WDSdevicesyouwishtoconnect

WDSVLANVLANMode SpecifytheWDSVLANmodeto“Untagged

Port”or“TaggedPort”VLANID SpecifytheWDSVLANIDwhen“Untagged

Port”isselectedabove

WDSEncryptionmethodEncryption Selectwhethertouse“None”or“AES”

encryptionandenterapre-sharedkeyforAESconsistingof8-63alphanumericcharacters

I-3-1-5.GuestNetwork

The“GuestNetwork”pageallowsyoutoconfigureaguestnetworkthatwillhaveaLayer-3IPFilterappliedtoalltrafficpassingthroughthespecificSSID.

WhenusingaGuestNetwork,TrafficShapingandIPFiltersettingswillbeappliedtoalltrafficpassingthroughtheGuestNetworkSSID.

32

GuestNetwork2.4GHzSSID SelecttheSSIDthatyouwanttoapplythe

GuestNetworksettingstoGuestNetwork EnableorDisableGuestNetworksettingsGuestAccessPolicyTrafficShaping Select“Enable”toapplybandwidthlimitations

onthe“Downlink”and“Uplink”performanceontheGuestNetwork

FilteringSettings Select“Allow”or“Deny”toapplyIPFilteringtothetrafficontheGuestNetwork. ProvidetheIPandSubnetMaskyouwanttoapplyasafilter. Upto3IPFiltersaresupported

33

I-3-2. 5GHz11ac11an

The“5GHz11ac11an”menuallowsyoutoviewandconfigureinformationforyouraccesspoint’s5GHzwirelessnetworkacrossfourcategories:Basic,Advanced,SecurityandWDS.

I-3-2-1.Basic

The“Basic”screendisplaysbasicsettingsforyouraccesspoint’s5GHzWi-Finetwork(s).

Wireless Enableordisabletheaccesspoint’s5GHzwirelessradio.Whendisabled,no5GHzSSIDswillbeactive

Band Selectthewirelessstandardusedforthe

34

accesspoint.Combinationsof802.11a,802.11n&802.11accanbeselected

EnableSSIDNumber SelecthowmanySSIDstoenableforthe5GHzfrequencyfromthedropdownmenu.Amaximumof16canbeenabled

SSID# EntertheSSIDnameforthespecifiedSSID(upto16).TheSSIDcanconsistofanycombinationofupto32alphanumericcharacters

VLANID SpecifyaVLANIDforeachSSIDAutoChannel Enable/disableautochannelselection.Auto

channelselectionwillautomaticallysetthewirelesschannelfortheaccesspoint’s5GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanuallyasshowninthenexttable

AutoChannelRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel

AutoChannelInterval

Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference

ChannelBandwidth Setthechannelbandwidth:20MHz(lowerperformancebutlessinterference),Auto40/20MHzorAuto80/40/20MHz(automaticallyselectbasedoninterferencelevel)


Whenautochannelisdisabled,selectawirelesschannelmanually:

Channel Selectawirelesschannel.ChannelBandwidth Setthechannelbandwidth:20MHz(lower

performancebutlessinterference),Auto40/20MHzorAuto80/40/20MHz(automaticallyselectbasedoninterferencelevel)

35


36

I-3-2-2.Advanced

Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthevaluesonthispageunlessyouarealreadyfamiliarwiththesefunctions.

Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoint.

GuardInterval Settheguardinterval.Ashorterintervalcan

improveperformance802.11nProtection Enable/disable802.11nprotection,which

increasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)

DTIMPeriod SettheDTIM(deliverytrafficindicationmessage)periodvalueofthewirelessradio.Thedefaultvalueis1

RTSThreshold SettheRTSthresholdofthewirelessradio.Thedefaultvalueis2347

FragmentThreshold

Setthefragmentthresholdofthewirelessradio.Thedefaultvalueis2346

MulticastRate Setthetransferrateformulticastpacketsorusethe“Auto”setting

37

TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower.Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal

BeaconInterval Setthebeaconintervalofthewirelessradio.Thedefaultvalueis100

Stationidletimeout

Settheintervalforkeepalivemessagesfromtheaccesspointtoawirelessclienttoverifyifthestationisstillalive/active

38

I-3-2-3.Security

Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).Whendataisencrypted,informationtransmittedwirelessly

cannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.

It’sessentialtoconfigurewirelesssecurityinordertopreventunauthorisedaccesstoyournetwork.

Selecthard-to-guesspasswordswhichincludecombinationsofnumbers,lettersandsymbols,andchangeyourpasswordregularly.

SSIDSelection SelectwhichSSIDtoconfiguresecuritysettings

forBroadcastSSID EnableordisableSSIDbroadcast.When

enabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID

39


Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords

LoadBalancing LoadbalancinglimitsthenumberofwirelessclientsconnectedtoanSSID.Setaloadbalancingvalue(maximum50)


Selectanauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod


Selectanadditionalauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod

PleasereferbacktoI-3-1-3. Securityformoreinformationonauthenticationandadditionalauthenticationtypes.SmartHandoverEnableSmartHandovertoconfigureanRSSIThreshold. TheRSSIThresholdisthesignalstrengthinwhichawirelessclienthandoffwilloccur. Thehigherthenumber,thestrongerthesignal.

40

I-3-2-4.WDS

WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogetherinanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.

WhenusingWDS,configuretheIPaddressofeachaccesspointtobeinthesamesubnetandensurethereisonlyoneactiveDHCPserveramongconnectedaccesspoints,preferablyontheWANside.

WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.Allaccesspointsshouldusethesamewirelesschannelandencryptionmethod.

5GHzWDSMode

41

WDSFunctionality Select“WDSwithAP”touseWDSwithaccesspointor“DedicatedWDS”touseWDSandalsoblockcommunicationwithregularwirelessclients.WhenWDSisused,eachaccesspointshouldbeconfiguredwithcorrespondingMACaddresses,wirelesschannelandwirelessencryptionmethod

LocalMACAddress DisplaystheMACaddressofyouraccesspoint

WDSPeerSettingsWDS# EntertheMACaddressforuptofourother

WDAdevicesyouwishtoconnect

WDSVLANVLANMode SpecifytheWDSVLANmodeto“Untagged

Port”or“TaggedPort”VLANID SpecifytheWDSVLANIDwhen“Untagged

Port”isselectedabove

WDSEncryptionEncryption Selectwhethertouse“None”or“AES”

encryptionandenterapre-sharedkeyforAESwith8-63alphanumericcharacters

I-3-2-5.GuestNetwork

The“GuestNetwork”pageallowsyoutoconfigureaguestnetworkthatwillhaveaLayer-3IPFilterappliedtoalltrafficpassingthroughthespecificSSID.

WhenusingaGuestNetwork,TrafficShapingandIPFiltersettingswillbeappliedtoalltrafficpassingthroughtheGuestNetworkSSID.

42

GuestNetwork5GHzSSID SelecttheSSIDthatyouwanttoapplythe

GuestNetworksettingstoGuestNetwork EnableorDisableGuestNetworksettingsGuestAccessPolicyTrafficShaping Select“Enable”toapplybandwidthlimitations

onthe“Downlink”and“Uplink”performanceontheGuestNetwork

FilteringSettings Select“Allow”or“Deny”toapplyIPFilteringtothetrafficontheGuestNetwork. ProvidetheIPandSubnetMaskyouwanttoapplyasafilter. Upto3IPFiltersaresupported

43

I-3-3.WPS

Wi-FiProtectedSetupisasimplewaytoestablishconnectionsbetweenWPS

compatibledevices.WPScanbeactivatedoncompatibledevicesbypushingaWPSbuttononthedeviceorfromwithinthedevice’sfirmware/configurationinterface(knownasPBCor“PushButtonConfiguration”).WhenWPSisactivatedinthecorrectmannerandatthecorrecttimefortwocompatibledevices,theywillautomaticallyconnect.“PINcodeWPS”isavariationofPBCwhichincludestheadditionaluseofaPINcodebetweenthetwodevicesforverification.

Pleaserefertomanufacturer’sinstructionsforyourotherWPSdevice.

44

WPS Check/uncheckthisboxtoenable/disableWPSfunctionality.WPSmustbedisabledwhenusingMAC-RADIUSauthentication(seeI-3-1-3-6&I-3-4)

ProductPIN DisplaystheWPSPINcodeofthedevice,used

forPINcodeWPS.YouwillberequiredtoenterthisPINcodeintoanotherWPSdeviceforPINcodeWPS.Click“GeneratePIN”togenerateanewWPSPINcode

Push-ButtonWPS Click“Start”toactivateWPSontheaccesspointforapproximately2minutes.Thishasthesameeffectasphysicallypushingtheaccesspoint’sWPSbutton

WPSbyPIN EnterthePINcodeofanotherWPSdeviceandclick“Start”toattempttoestablishaWPSconnectionforapproximately2minutes

WPSStatus WPSsecuritystatusisdisplayedhere.Click

“Release”tocleartheexistingstatus

45

I-3-4.RADIUS

TheRADIUSsubmenuallowsyoutoconfiguretheaccesspoint’sRADIUSserversettings,categorized

intothreesubmenus:RADIUSsettings,InternalServerandRADIUSaccounts.ARADIUSserverprovidesuser-basedauthenticationtoimprovesecurityandofferwirelessclientcontrol–userscanbeauthenticatedbeforegainingaccesstoanetwork.Theaccesspointcanutilizebothaprimaryandsecondary(backup)RADIUSserverforeachofitswirelessfrequencies(2.4GHz&5GHz).ExternalRADIUSserverscanbeusedortheaccesspoint’sinternalRADIUSservercanbeused.

TouseRADIUSservers,goto“WirelessSettings”! “Security”andselectthedesiredAuthenticationMethod! “AdditionalAuthentication”andselect“MACRADIUSAuthentication”(seeI-3-1-3.&I-3-2-3).The“MACRADIUSAuthentication”featureworkswithanexternalRADIUSServerOnly.

46

I-3-4-1.RADIUSSettings

ConfiguretheRADIUSserversettingsfor2.4GHz&5GHz.Eachfrequencycanusea

primaryandsecondary(backup)RADIUSserver.

47

RADIUSType Select“Internal”tousetheaccesspoint’sbuilt-inRADIUSserveror“external”touseanexternalRADIUSserver

RADIUSServer EntertheRADIUSserverhostIPaddress

AuthenticationPort

SettheUDPportusedintheauthenticationprotocoloftheRADIUSserver.Valuemustbebetween1–65535

SharedSecret Enterasharedsecret/passwordbetween1–99charactersinlength.Thisshouldmatchthe“MAC-RADIUS”passwordusedinI-3-1-3-6orI-3-2-3

SessionTimeout Setadurationofsessiontimeoutinsecondsbetween0–86400

Accounting EnableordisableRADIUSaccounting

48

AccountingPort Whenaccountingisenabled(above),settheUDPportusedintheaccountingprotocoloftheRADIUSserver.Valuemustbebetween1–65535

I-3-4-2.InternalServer

TousetheInternalRadiusServerasanadditionalauthentication,configurethe

“AuthenticationMethod”in“WirelessSettings/Security”to“IEEE802.1x/EAP”. Leave“AdditionalAuthentication”setto“Noadditionalauthentication”.Click“Apply”tosavesettings.(Exampleimagebelow)

Next,Under“Radius/RadiusSettings”,Select“Internal”forRadiusType. Click“Apply”tosavesettings. (Exampleimagebelow)

49

Under“Radius/InternalServer”,checkthe“Enable”boxnextto“InternalServer”. Select“PEAP(MS-PEAP)”for“EAPInternalAuthentication”. Enternumbersorcharactersinthefield“SharedSecret”. Set“Termination-Action”optionto“Re-authentication(Radius-Request).” Click“Apply”tosavechanges.(Exampleimagebelow)

I-3-4-3.RADIUSAccounts

DothefollowingtoaddRadiusUserNamesandconfigurepasswords. Under“Radius/RadiusAccounts”,entera“UserName”inthewindowandclick“Add”.(Exampleimagebelow)

50

51

Selectthe“UserName”fromthe“UserRegistrationList”andselect“Edit”.(Exampleimagebelow)

Enterapasswordfortheselected“User”. Click“Apply”tosavechanges.(Exampleimagebelow)

YouraccesspointisnowsetuptoauthenticateUserswiththeInternalRadiusServer.

52

WirelessClientConfigurationforRadiusConnectiononWindows7(Example)

1. Goto“ControlPanel/NetworkandSharingCenter/ManageWirelessNetwork”.

2. Click“Add”onthe“Managewirelessnetworksthseuse(WirelessConnection)”

screen.

3. Click“Manuallycreateanetworkprofile”.

4. Enterthe“NetworkName”whichyouwanttoconnectto.TheNetworkNameis

theSSIDfortheRadiusconnection.Intheexamplesabove,thenetworknameused

is“Internal-Radius”.

5. Adjustthe“SecurityType”to“802.1x”.Click“Next”.

6. Click“ChangeConnectionSettings”.

7. Clickthe“Security”tabandthen“Settings”.

8. Uncheck“Validateservercertificate”.

9. Click“Configure”nextto“Securedpassword(EAP-MSCHAPv2)”.

10. Uncheck“AutomaticallyusemyWindowsLogonnameandpassword”.

11. Click“OK”tocloseallwindows.

12. SelecttheRadiusNetworkandClick“Connect”.

13. Youwillreceiveapopupmessagestating“Additionalinformationisneededto

conenct“.

14. Clickonthemessagetocontinue.

15. EntertheUsernameandpasswordyoucreatedinthe“WindowsSecurity”

window.

16. Click“OK”.

17. YourconnectiontotheSSIDwithRadiusAuthenticationisnow“Connected”.

53

I-3-5. MACFilterMacfilteringisasecurityfeaturethatcanhelptopreventunauthorizedusersfromconnectingtoyouraccesspoint.Thisfunctionallowsyoutodefinealistofnetworkdevicespermittedtoconnecttotheaccesspoint.DevicesareeachidentifiedbytheiruniqueMACaddress.IfadevicewhichisnotonthelistofpermittedMACaddressesattemptstoconnecttotheaccesspoint,itwillbedenied.

ToenableMACfiltering,goto“WirelessSettings”! “2.4GHz11bgn/5GHz11ac11an”!“Security”!“AdditionalAuthentication”andselect“MACFilter”(seeI-3-1-3.&I-3-2-3).

TheMACaddressfilteringtableisdisplayedbelow:

AddMACAddress EnteraMACaddressofcomputerornetwork

devicemanuallye.g.‘aa-bb-cc-dd-ee-ff’orentermultipleMACaddressesseparatedwithcommas,e.g.‘aa-bb-cc-dd-ee-ff,

54

aa-bb-cc-dd-ee-gg’ Add Click“Add”toaddtheMACaddresstothe

MACaddressfilteringtable Reset Clearallfields

MACaddressentrieswillbelistedinthe“MACAddressFilteringTable”.Selectanentryusingthe“Select”checkbox.

Select DeleteselectedorallentriesfromthetableMACAddress TheMACaddressislistedhereDeleteSelected DeletetheselectedMACaddressfromthelistDeleteAll DeleteallentriesfromtheMACaddress

filteringtableExport Click“Export”tosaveacopyoftheMAC

filteringtable.Anewwindowwillpopupforyoutoselectalocationtosavethefile

55

I-3-6. WMM

Wi-FiMultimedia(WMM)isaWi-FiAllianceinteroperabilitycertificationbasedontheIEEE802.11estandard,whichprovidesQualityofService(QoS)featurestoIEEE802.11networks.WMMprioritizestrafficaccordingtofourcategories:background,besteffort,videoandvoice.

ConfiguringWMMconsistsofadjustingparametersonqueuesfordifferentcategoriesofwirelesstraffic.Trafficissenttothefollowingqueues:Background Low

PriorityHighthroughput,nontimesensitivebulkdatae.g.FTP

BestEffort MediumPriority

TraditionalIPdata,mediumthroughputanddelay

Video HighPriority

Timesensitivevideodatawithminimumtimedelay

Voice HighPriority

TimesensitivedatasuchasVoIPandstreamingmediawithminimumtimedelay

Queuesautomaticallyprovideminimumtransmissiondelaysforvideo,voice,multimediaandcriticalapplications.Thevaluescanfurtherbeadjustedmanually:

CWMin MinimumContentionWindow(milliseconds):

56

Thisvalueisinputtotheinitialrandombackoffwaittimealgorithmforretryofadataframetransmission.Thebackoffwaittimewillbegeneratedbetween0andthisvalue.Iftheframeisnotsent,therandombackoffvalueisdoubleduntilthevaluereachesthenumberdefinedbyCWMax(below).TheCWMinvaluemustbelowerthantheCWMaxvalue.Thecontentionwindowschemehelpstoavoidframecollisionsanddeterminepriorityofframetransmission.Ashorterwindowhasahigherprobability(priority)oftransmission

CWMax MaximumContentionWindow(milliseconds):Thisvalueistheupperlimittorandombackoffvaluedoubling(seeabove)

AIFSN ArbitrationInter-FrameSpace(milliseconds):SpecifiesadditionaltimebetweenwhenachannelgoesidleandtheAP/clientsendsdataframes.TrafficwithalowerAIFSNvaluehasahigherpriority

TxOP TransmissionOpportunity(milliseconds):ThemaximumintervaloftimeanAP/clientcantransmit.Thismakeschannelaccessmoreefficientlyprioritized.Avalueof0meansonlyoneframepertransmission.Agreatervalueeffectshigherpriority

57

I-3-7. Schedule

ScheduleallowsanadministratortocreateaschedulefortheWirelessAccessPoint.Thisfeatureiscommonlyusedtodisablethewirelessduringnon-businesshoursoranyothertimesensitiveapplication.

Onceenabled,anindependentscheduleforboththe2.4GHzand5GHzbandcanbecreated.

I-3-8. TrafficShaping

TrafficShapingallowsanadministratortolimitthebandwidthavailabletoeachSSID.Providingavaluebetween0-1024Mbps.Avalueof“0”indicatesunlimitedbandwidth.

58

59

I-4. Management


I-4-1. Admin

Youcanchangethepasswordusedtologintothebrowser-basedconfigurationinterfacehere.Itisadvisedtodosoforsecuritypurposes.

Ifyouchangetheadministratorpassword,pleasemakeanoteofthenewpassword.Intheeventthatyouforgetthispasswordandareunabletologintothebrowserbasedconfigurationinterface,seeI-5.Resetforhowtoresettheaccesspoint.

60

AccounttoManageThisDeviceAdministratorName

Settheaccesspoint’sadministratorname.Thisisusedtologintothebrowserbasedconfigurationinterfaceandmustbebetween4-16alphanumericcharacters(casesensitive)

AdministratorPassword

Settheaccesspoint’sadministratorpassword.Thisisusedtologintothebrowserbasedconfigurationinterfaceandmustbebetween4-32alphanumericcharacters(casesensitive)

AdvancedSettingsProductName Edittheproductnameaccordingtoyour

preferenceconsistingof1-32alphanumericcharacters.Thisnameisusedforreferencepurposes

61

ManagementProtocol

Check/unchecktheboxestoenable/disablespecifiedmanagementinterfaces(seebelow).WhenSNMPisenabled,completetheSNMPfieldsbelow

SNMPVersion SelectSNMPversionappropriateforyourSNMPmanager

SNMPGetCommunity

EnteranSNMPGetCommunitynameforverificationwiththeSNMPmanagerforSNMP-GETrequests

SNMPSetCommunity

EnteranSNMPSetCommunitynameforverificationwiththeSNMPmanagerforSNMP-SETrequests

SNMPTrap EnableordisableSNMPTraptonotifySNMPmanagerofnetworkerrors

SNMPTrapCommunity

EnteranSNMPTrapCommunitynameforverificationwiththeSNMPmanagerforSNMP-TRAPrequests

SNMPTrapManager

SpecifytheIPaddressorsevername(2-128alphanumericcharacters)oftheSNMPmanager

HTTPInternetbrowserHTTPprotocolmanagementinterfaceHTTPSInternetbrowserHTTPSprotocolmanagementinterfaceTELNETClientterminalwithtelnetprotocolmanagementinterfaceSSHClientterminalwithSSHprotocolversion1or2managementinterfaceSNMPSimpleNetworkManagementProtocol.SNMPv1,v2&v3protocolsupported.SNMPv2canbeusedwithcommunitybasedauthentication.SNMPv3usesuser-basedsecuritymodel(USM)architecture.

62

I-4-2. DateandTime

Youcanconfigurethetimezonesettingsofyouraccesspointhere.Thedateandtimeofthedevicecanbeconfiguredmanuallyorcanbesynchronizedwithatimeserver.

DateandTimeSettingsLocalTime Settheaccesspoint’sdateandtimemanually

usingthedropdownmenusAcquireCurrentTimefromyourPC

Click“AcquireCurrentTimefromYourPC”toentertherequiredvaluesautomaticallyaccordingtoyourcomputer’scurrenttimeanddate

NTPTimeServerUseNTP TheaccesspointalsosupportsNTP(Network

TimeProtocol)forautomatictimeanddatesetup

ServerName EnterthehostnameorIPaddressofthetime

63

serverifyouwishUpdateInterval Specifyafrequency(inhours)fortheaccess

pointtoupdate/synchronizewiththeNTPserver

TimeZoneTimeZone Selectthetimezoneofyourcountry/region.If

yourcountry/regionisnotlisted,pleaseselectanothercountry/regionwhosetimezoneisthesameasyours

64

I-4-3. SyslogServer

Thesystemlogcanbesenttoaserver,storedonanattachedUSBdeviceoremailed.

TransferLogs Check/unchecktheboxtoenable/disabletheuseofasyslogserver,andenterahostname,domainorIPaddressfortheserver,consistingofupto128alphanumericcharacters

65

I-4-4. PingTest

The“PingTest”willsendacontinuousPingtotheIPAddressspecified. ResultsarepostedinthedialogboxbelowtheDestinationAddressExecutionwindow.

I-4-5. I’mHere

Theaccesspointfeaturesabuilt-inbuzzerwhichcansoundoncommandusingthe“I’mHere”page.Thisisusefulfornetworkadministratorsandengineersworkingincomplexnetworkenvironmentstolocatetheaccesspoint.

Thebuzzerisloud!

DurationofSound Setthedurationforwhichthebuzzerwillsoundwhenthe“SoundBuzzer”buttonisclicked.

SoundBuzzer Activatethebuzzersoundfortheabovespecifieddurationoftime.

I-4-6. TR-069

TR-069allowsanadministratortoconnectthewirelessaccesspointtoaremoteACSsystem.ProvidethedestinationandlogincredentialstotheACSsystem.

66

I-4-7. wifiXtend

EnableandDisableWifiXtendhere. WifiXtendisafeaturethatallowsaComtrendGatewaytosharetheprimarywirelessSSIDandPasswordwitharemotewirelessaccesspoint.

67

I-5. Advanced


I-5-1. LEDSettings

Theaccesspoint’sLEDscanbemanuallyenabledordisabledaccordingtoyour

preference.

PowerLED Selectonoroff.DiagLED Selectonoroff.

68

I-5-2. UpdateFirmware

The“Firmware”pageallowsyoutoupdatethesystemfirmwaretoamorerecentversion.Updatedfirmwareversionsoften

offerincreasedperformanceandsecurity,aswellasbugfixes.YoucandownloadthelatestfirmwarefromtheComtrendwebsite.

Donotswitchoffordisconnecttheaccesspointduringafirmwareupgrade,asthiscoulddamagethedevice.

UpdateFirmwareFrom

Select“afileonyourPC”touploadfirmwarefromyourlocalcomputer

FirmwareUpdateFile Click“Browse”toopenanewwindowtolocateandselectthefirmwarefileinyourcomputer

Update Click“Update”touploadthespecifiedfirmwarefiletoyouraccesspoint

69

I-5-3. Save/RestoreSettings

Theaccesspoint’s“Save/RestoreSettings”pageenablesyoutosave/backuptheaccesspoint’scurrentsettingsasafiletoyourlocalcomputer,andrestoretheaccesspointtopreviouslysavedsettings.

Save/RestoreSettingsUsingDevice Select“UsingyourPC”tosavetheaccess

point’ssettingstoyourlocalcomputer

SaveSettingstoPCSaveSettings Click“Save”tosavesettingsandanew

windowwillopentospecifyalocationtosavethesettingsfile.Youcanalsocheckthe“Encrypttheconfigurationfilewithapassword”boxandenterapasswordtoprotectthefileinthefieldunderneath,ifyouwish

RestoreSettingsfromPC

70

RestoreSettings Clickthebrowsebuttontofindapreviouslysavedsettingsfileonyourcomputer,thenclick“Restore”toreplaceyourcurrentsettings.Ifyoursettingsfileisencryptedwithapassword,checkthe“Openfilewithpassword”boxandenterthepasswordinthefieldunderneath

71

I-5-4. FactoryDefault

Iftheaccesspointmalfunctionsorisnotresponding,thenitisrecommendedthatyourebootthedevice(seeI-5.5)orresetthedevicebacktoitsfactorydefaultsettings.Youcanresettheaccesspointbacktoitsdefaultsettingsusingthisfeatureifthelocationoftheaccesspointisnotconvenienttoaccesstheresetbutton.

FactoryDefault Click“FactoryDefault”torestoresettingstothefactorydefault.Apop-upwindowwillappearandaskyoutoconfirm

Afterresettingtofactorydefaults,pleasewaitfortheaccesspointtoresetandrestart.

72

I-5-5. Reboot

Iftheaccesspointmalfunctionsorisnotresponding,thenitisrecommendedthatyourebootthedeviceorresettheaccesspointbacktoitsfactorydefaultsettings(seeI-5-4).Youcanreboottheaccesspointremotelyusingthisfeature.

Reboot Click“Reboot”torebootthedevice.Acountdownwillindicatetheprogressofthereboot

73

II. Appendix

II-1. ConfiguringyourIPaddressIfnoDHCPServiceisdetected,theaccesspointusesthedefaultIPaddress192.168.2.2.Inordertoaccessthebrowserbasedconfigurationinterface,youneedtomodifytheIPaddressofyourcomputertobeinthesameIPaddresssubnete.g.192.168.2.x(x=3–254).TheprocedureformodifyingyourIPaddressvariesacrossdifferentoperatingsystems;pleasefollowtheguideappropriateforyouroperatingsystem.InthefollowingexamplesweusetheIPaddress192.168.2.10thoughyoucanuseanyIPaddressintherange192.168.2.x(x=3–254).

74

II-1-1. WindowsXP1. Clickthe“Start”button(itshouldbelocatedinthelower-leftcornerof

yourcomputer),thenclick“ControlPanel”.Double-clickthe“NetworkandInternetConnections”icon,click“NetworkConnections”,andthendouble-click“LocalAreaConnection”.The“LocalAreaConnectionStatus”windowwillthenappear,click“Properties”.

2. Select“UsethefollowingIPaddress”,theninputthefollowingvalues:

IPaddress:192.168.2.10SubnetMask:255.255.255.0Click‘OK’whenfinished.

75

76

II-1-2. WindowsVista1. Clickthe“Start”button(itshouldbelocatedinthelower-leftcornerof

yourcomputer),thenclick“ControlPanel”.Click“ViewNetworkStatusandTasks”,thenclick“ManageNetworkConnections”.Right-click“LocalAreaNetwork”,thenselect“Properties”.The“LocalAreaConnectionProperties”windowwillthenappear,select“InternetProtocolVersion4(TCP/IPv4)”,andthenclick“Properties”.



77

78

II-1-3. Windows71. Clickthe“Start”button(itshouldbelocatedinthelower-leftcornerof

yourcomputer),thenclick“ControlPanel”.

2. Under“NetworkandInternet”click“Viewnetworkstatusandtasks”.

3. Click“LocalAreaConnection”.

79

4. Click“Properties”.

80

5. Select“InternetProtocolVersion4(TCP/IPv4)andthenclick“Properties”.



81

82

II-1-4. Windows81. FromtheWindows8Startscreen,youneedtoswitchtodesktopmode.

Moveyourcursertothebottomleftofthescreenandclick.

2. Indesktopmode,clicktheFileExplorericoninthebottomleftofthe

screen,asshownbelow.

83

3. Rightclick“Network”andthenselect“Properties”.

84

4. Inthewindowthatopens,select“Changeadaptersettings”fromtheleftside.

5. Chooseyourconnectionandrightclick,thenselect“Properties”.

85

6. Select“InternetProtocolVersion4(TCP/IPv4)andthenclick“Properties”.



86

II-1-5. Mac1. HaveyourMacintoshcomputeroperateasusual,andclickon“System

Preferences”

2. InSystemPreferences,clickon“Network”.

3. Clickon“Ethernet”intheleftpanel.

4. Openthedrop-downmenulabeled“ConfigureIPv4”andselect

“Manually”.

87

5. EntertheIPaddress192.168.2.10andsubnetmask255.255.255.0.Click

on“Apply”tosavethechanges.

88

II-1-6. GlossaryDefaultGateway(Accesspoint):Everynon-accesspointIPdeviceneedstoconfigureadefaultgateway’sIPaddress.WhenthedevicesendsoutanIPpacket,ifthedestinationisnotonthesamenetwork,thedevicehastosendthepackettoitsdefaultgateway,whichwillthensenditouttowardsthedestination.DHCP:DynamicHostConfigurationProtocol.ThisprotocolautomaticallygiveseverycomputeronyourhomenetworkanIPaddress.DNSServerIPAddress:DNSstandsforDomainNameSystem,whichallowsInternetserverstohaveadomainname(suchaswww.Broadbandaccesspoint.com)andoneormoreIPaddresses(suchas192.34.45.8).ADNSserverkeepsadatabaseofInternetserversandtheirrespectivedomainnamesandIPaddresses,sothatwhenadomainnameisrequested(asintyping"Broadbandaccesspoint.com"intoyourInternetbrowser),theuserissenttotheproperIPaddress.TheDNSserverIPaddressusedbythecomputersonyourhomenetworkisthelocationoftheDNSserveryourISPhasassignedtoyou. DSLModem:DSLstandsforDigitalSubscriberLine.ADSLmodemusesyourexistingphonelinestotransmitdataathighspeeds. Ethernet:Astandardforcomputernetworks.Ethernetnetworksareconnectedbyspecialcablesandhubs,andmovedataaroundatupto10/100millionbitspersecond(Mbps).IPAddressandNetwork(Subnet)Mask:IPstandsforInternetProtocol.AnIPaddressconsistsofaseriesoffournumbersseparatedbyperiods,thatidentifiesasingle,uniqueInternetcomputerhostinanIPnetwork.Example:192.168.2.2.Itconsistsof2portions:theIPnetworkaddress,andthehostidentifier.TheIPaddressisa32-bitbinarypattern,whichcanberepresentedasfourcascadeddecimalnumbersseparatedby“.”:aaa.aaa.aaa.aaa,whereeach“aaa”canbeanythingfrom000to255,orasfourcascadedbinarynumbersseparatedby“.”:bbbbbbbb.bbbbbbbb.bbbbbbbb.bbbbbbbb,whereeach“b”caneitherbe0or1.

89

Anetworkmaskisalsoa32-bitbinarypattern,andconsistsofconsecutiveleading1’sfollowedbyconsecutivetrailing0’s,suchas11111111.11111111.11111111.00000000.Thereforesometimesanetworkmaskcanalsobedescribedsimplyas“x”numberofleading1’s.Whenbotharerepresentedsidebysideintheirbinaryforms,allbitsintheIPaddressthatcorrespondto1’sinthenetworkmaskbecomepartoftheIPnetworkaddress,andtheremainingbitscorrespondtothehostID. Forexample,iftheIPaddressforadeviceis,initsbinaryform,11011001.10110000.10010000.00000111,andifitsnetworkmaskis,11111111.11111111.11110000.00000000Itmeansthedevice’snetworkaddressis11011001.10110000.10010000.00000000,anditshostIDis,00000000.00000000.00000000.00000111.ThisisaconvenientandefficientmethodforaccesspointstorouteIPpacketstotheirdestination.ISPGatewayAddress:(seeISPfordefinition).TheISPGatewayAddressisanIPaddressfortheInternetaccesspointlocatedattheISP'soffice.ISP:InternetServiceProvider.AnISPisabusinessthatprovidesconnectivitytotheInternetforindividualsandotherbusinessesororganizations.LAN:LocalAreaNetwork.ALANisagroupofcomputersanddevicesconnectedtogetherinarelativelysmallarea(suchasahouseoranoffice).YourhomenetworkisconsideredaLAN.MACAddress:MACstandsforMediaAccessControl.AMACaddressisthehardwareaddressofadeviceconnectedtoanetwork.TheMACaddressisauniqueidentifierforadevicewithanEthernetinterface.Itiscomprisedoftwoparts:3bytesofdatathatcorrespondstotheManufacturerID(uniqueforeachmanufacturer),plus3bytesthatareoftenusedastheproduct’sserialnumber.NAT:NetworkAddressTranslation.ThisprocessallowsallofthecomputersonyourhomenetworktouseoneIPaddress.Usingthebroadbandaccesspoint’sNATcapability,youcanaccesstheInternetfromanycomputeronyourhomenetworkwithouthavingtopurchasemoreIPaddressesfromyourISP. Port:NetworkClients(LANPC)usesportnumberstodistinguishonenetworkapplication/protocoloveranother.Belowisalistofcommonapplicationsandprotocol/portnumbers:

90

Application ProtocolPortNumberTelnet TCP 23FTP TCP 21SMTP TCP 25POP3 TCP 110H.323 TCP 1720SNMP UCP 161SNMPTrap UDP 162HTTP TCP 80PPTP TCP 1723PCAnywhereTCP 5631PCAnywhereUDP 5632Accesspoint:AaccesspointisanintelligentnetworkdevicethatforwardspacketsbetweendifferentnetworksbasedonnetworklayeraddressinformationsuchasIPaddresses.SubnetMask:Asubnetmask,whichmaybeapartoftheTCP/IPinformationprovidedbyyourISP,isasetoffournumbers(e.g.255.255.255.0)configuredlikeanIPaddress.ItisusedtocreateIPaddressnumbersusedonlywithinaparticularnetwork(asopposedtovalidIPaddressnumbersrecognizedbytheInternet,whichmustbeassignedbyInterNIC). TCP/IP,UDP:TransmissionControlProtocol/InternetProtocol(TCP/IP)andUnreliableDatagramProtocol(UDP).TCP/IPisthestandardprotocolfordatatransmissionovertheInternet.BothTCPandUDParetransportlayerprotocol.TCPperformspropererrordetectionanderrorrecovery,andthusisreliable.UDPontheotherhandisnotreliable.TheybothrunontopoftheIP(InternetProtocol),anetworklayerprotocol.WAN:WideAreaNetwork.Anetworkthatconnectscomputerslocatedingeographicallyseparateareas(e.g.differentbuildings,cities,countries).TheInternetisawideareanetwork.Web-basedmanagementGraphicalUserInterface(GUI):Manydevicessupportagraphicaluserinterfacethatisbasedonthewebbrowser.ThismeanstheusercanusethefamiliarNetscapeorMicrosoftInternetExplorertoControl/configureormonitorthedevicebeingmanaged.

91

II-2. ENVIRONMENT&PHYSICALTemperatureRange

Operation:0to40℃(32℉to104℉)Storage:-20to60℃(-4℉to140℉)

Humidity 90%orless–Operating,90%orless-Storage

Certifications FCC,CE

Dimensions 6.9(D)x1.2(H)inches

Weight 10.8oz.

COPYRIGHTCopyright©2017bythiscompany.Allrightsreserved.Nopartofthispublicationmaybereproduced,transmitted,transcribed,storedinaretrievalsystem,ortranslatedintoanylanguageorcomputerlanguage,inanyformorbyanymeans,electronic,mechanical,magnetic,optical,chemical,manualorotherwise,withoutthepriorwrittenpermissionofthiscompany

Thiscompanymakesnorepresentationsorwarranties,eitherexpressedorimplied,withrespecttothecontentshereofandspecificallydisclaimsanywarranties,merchantabilityorfitnessforanyparticularpurpose.Anysoftwaredescribedinthismanualissoldorlicensed"asis".Shouldtheprogramsprovedefectivefollowingtheirpurchase,thebuyer(andnotthiscompany,itsdistributor,oritsdealer)assumestheentirecostofallnecessaryservicing,repair,andanyincidentalorconsequentialdamagesresultingfromanydefectinthesoftware.Further,thiscompanyreservestherighttorevisethispublicationandtomakechangesfromtimetotimeinthecontentsthereofwithoutobligationtonotifyanypersonofsuchrevisionorchanges.

1

FederalCommunicationCommissionInterferenceStatementThisequipmenthasbeentestedandfoundtocomplywiththelimitsforaClassBdigitaldevice,pursuanttoPart15ofFCCRules.Theselimitsaredesignedtoprovidereasonableprotectionagainstharmfulinterferenceinaresidentialinstallation.Thisequipmentgenerates,uses,andcanradiateradiofrequencyenergyand,ifnotinstalledandusedinaccordancewiththeinstructions,maycauseharmfulinterferencetoradiocommunications.However,thereisnoguaranteethatinterferencewillnotoccurinaparticularinstallation.Ifthisequipmentdoescauseharmfulinterferencetoradioortelevisionreception,whichcanbedeterminedbyturningtheequipmentoffandon,theuserisencouragedtotrytocorrecttheinterferencebyoneormoreofthefollowingmeasures:

1.Reorientorrelocatethereceivingantenna.2.Increasetheseparationbetweentheequipmentandreceiver.3.Connecttheequipmentintoanoutletonacircuitdifferentfromthattowhichthereceiverisconnected.4.Consultthedealeroranexperiencedradiotechnicianforhelp.

FCCCautionThisdeviceanditsantennamustnotbeco-locatedoroperatinginconjunctionwithanyotherantennaortransmitter.ThisdevicecomplieswithPart15oftheFCCRules.Operationissubjecttothefollowingtwoconditions:(1)thisdevicemaynotcauseharmfulinterference,and(2)thisdevicemustacceptanyinterferencereceived,includinginterferencethatmaycauseundesiredoperation.Anychangesormodificationsnotexpresslyapprovedbythepartyresponsibleforcompliancecouldvoidtheauthoritytooperateequipment.FCCRadiationExposureStatement:ThisequipmentcomplieswithFCCradiationexposurelimitssetforthforanuncontrolledenvironment.Thisequipmentshouldbeinstalledandoperatedwithminimumdistance20cmbetweentheradiator&yourbody.R&TTEComplianceStatementThisequipmentcomplieswithalltherequirementsofDIRECTIVE1999/5/ECOFTHEEUROPEANPARLIAMENTANDTHECOUNCILofMarch9,1999onradioequipmentandtelecommunicationterminalequipmentandthemutualrecognitionoftheirconformity(R&TTE).TheR&TTEDirectiverepealsandreplacesinthedirective98/13/EEC(TelecommunicationsTerminalEquipmentandSatelliteEarthStationEquipment)AsofApril8,2000.SafetyThisequipmentisdesignedwiththeutmostcareforthesafetyofthosewhoinstallanduseit.However,specialattentionmustbepaidtothedangersofelectricshockandstaticelectricitywhenworkingwithelectricalequipment.Allguidelinesofthisandofthecomputermanufacturemustthereforebeallowedatalltimestoensurethesafeuseoftheequipment.EUCountriesIntendedforUseTheETSIversionofthisdeviceisintendedforhomeandofficeuseinAustria,Belgium,Bulgaria,Cyprus,Czech,Denmark,Estonia,Finland,France,Germany,Greece,Hungary,Ireland,Italy,Latvia,Lithuania,Luxembourg,Malta,Netherlands,Poland,Portugal,Romania,Slovakia,Slovenia,Spain,Sweden,Turkey,andUnitedKingdom.TheETSIversionofthisdeviceisalsoauthorizedforuseinEFTAmemberstates:Iceland,Liechtenstein,Norway,andSwitzerland.EUCountriesNotIntendedforUseNone

Documents

WAP User Manual V1.2.0 - Comtrend · WAP-EN Series Wireless Access Points Version 1.2,0 June 2017 . FCC Compliance This equipment has been tested and found to comply with the limits