background image

i

C

OMPLIANCES

Federal Communication Commission Interference 
Statement

This equipment has been tested and found to comply with the limits for a Class B 
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to 
provide reasonable protection against harmful interference in a residential 
installation. This equipment generates, uses and can radiate radio frequency 
energy and, if not installed and used in accordance with the instructions, may 
cause harmful interference to radio communications. However, there is no 
guarantee that interference will not occur in a particular installation. If this 
equipment does cause harmful interference to radio or television reception, which 
can be determined by turning the equipment off and on, the user is encouraged to 
try to correct the interference by one of the following measures:

• Reorient or relocate the receiving antenna
• Increase the separation between the equipment and receiver
• Connect the equipment into an outlet on a circuit different from that to which the 

receiver is connected

• Consult the dealer or an experienced radio/TV technician for help

FCC Caution:

 Any changes or modifications not expressly approved by the party 

responsible for compliance could void the user's authority to operate this 
equipment. This device complies with Part 15 of the FCC Rules. Operation is 
subject to the following two conditions: (1) This device may not cause harmful 
interference, and (2) this device must accept any interference received, including 
interference that may cause undesired operation.

IMPORTANT NOTE:
FCC Radiation Exposure Statement

This equipment complies with FCC radiation exposure limits set forth for an 
uncontrolled environment. This equipment should be installed and operated with a 
minimum distance of 20 centimeters (8 inches) between the radiator and your 
body. This transmitter must not be co-located or operating in conjunction with any 
other antenna or transmitter.

Wireless 5 GHz Band Statements:

As the Access Point can operate in the 5150-5250 MHz frequency band it is 
limited by the FCC, Industry Canada and some other countries to indoor use only 
so as to reduce the potential for harmful interference to co-channel Mobile 
Satellite systems.

Summary of Contents for WA6102X

Page 1: ...User Guide WLAN 11a b g Access Point 2 4GHz 5GHz Wireless Access Point Model WA6102X WA6102Y Accton ...

Page 2: ...User Guide Guide 2 4GHz 5GHz Wireless Access Point IEEE 802 11g and 802 11a Dual band Access Point with 1 10 100BASE TX RJ 45 Port ...

Page 3: ...m that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not caus...

Page 4: ...lly before installing the device WARNING Installation and removal of the unit must be carried out by qualified personnel only The unit must be connected to an earthed grounded outlet to comply with international safety standards Do not connect the unit to an A C outlet power supply without an earth ground connection The appliance coupler the connector to the unit and not the wall plug must have a ...

Page 5: ...least 10 A The attachment plug must be an earth grounding type with NEMA 5 15P 15 A 125 V or NEMA 6 15P 15 A 250 V configuration Denmark The supply plug must comply with Section 107 2 D1 Standard DK2 1a or DK2 5a Switzerland The supply plug must comply with SEV ASE 1011 U K The supply plug must comply with BS1363 3 pin 13 A and be fitted with a 5 A fuse which complies with BS1362 The mains cord mu...

Page 6: ...appareil EN 60320 IEC 320 La prise secteur doit se trouver à proximité de l appareil et son accès doit être facile Vous ne pouvez mettre l appareil hors circuit qu en débranchant son cordon électrique au niveau de cette prise L appareil fonctionne à une tension extrêmement basse de sécurité qui est conforme à la norme IEC 60950 Ces conditions ne sont maintenues que si l équipement auquel il est ra...

Page 7: ...äß IEC 60950 Diese Bedingungen sind nur gegeben wenn auch die an das Gerät angeschlossenen Geräte unter SELV Bedingungen betrieben werden Cordon électrique Il doit être agréé dans le pays d utilisation Etats Unis et Canada Le cordon doit avoir reçu l homologation des UL et un certificat de la CSA Les spe cifications minimales pour un cable flexible sont AWG No 18 ouAWG No 16 pour un cable de longu...

Page 8: ...15P 15A 250V konfiguration Danemark Dieser Stromstecker muß die ebene 107 2 D1 der standard DK2 1a oder DK2 5a Bestimmungen einhalten Schweiz Dieser Stromstecker muß die SEV ASE 1011Bestimmungen einhalten Europe Das Netzkabel muß vom Typ HO3VVF3GO 75 Mindestanforderung sein und die Aufschrift HAR oder BASEC tragen Der Netzstecker muß die Norm CEE 7 7 erfüllen SCHUKO פ ሽंᘿࢤሽᖲጥ ᙄऄ รԼ二යᆖী ڤ ᎁᢞ ٽ հ פ ...

Page 9: ...enefits 1 7 Applications 1 8 System Defaults 1 10 2 Hardware Installation 2 1 3 General Specifications Network Topologies 3 2 Ad Hoc Wireless LAN no AP or Bridge 3 2 Infrastructure Wireless LAN 3 3 Infrastructure Wireless LAN for Roaming Wireless PCs 3 4 4 General Specifications 4 1 Specifications 4 1 5 System Configuration 5 1 ...

Page 10: ...e access point offers full network management capabilities through an easy to configure web interface a command line interface for initial configuration and troubleshooting and support for Simple Network Management tools such as HP s OpenView Radio Characteristics The IEEE 802 11a g standard uses a radio modulation technique known as Orthogonal Frequency Division Multiplexing OFDM and a shared col...

Page 11: ...2 4GHz 5GHz Wireless Access Point One Category 5 network cable One RS 232 console cable One AC power adapter and power cord Four rubber feet Three wall mounting screws This User Guide Inform your dealer if there are any incorrect missing or damaged parts If possible retain the carton including the original packing materials Use them again to repack the product in case there is a need to return it ...

Page 12: ...Hardware Description 1 3 Hardware Description Top Panel Rear Panel WLAN A WLAN G LED Indicators Security Slot RJ 45 Port PoE Connector Reset Button Console Port 5 VDC Power Socket Antennas ...

Page 13: ...time The antennas transmit the outgoing signal as a toroidal sphere doughnut shaped with the coverage extending most in a direction perpendicular to the antenna The antennas should be adjusted to an angle that provides the appropriate coverage for the service area For further information see Positioning the Antennas on page 2 3 LED Indicators The access point includes four status LED indicators as...

Page 14: ...te is proportional to network activity 11a On Indicates a valid 802 11a wireless link Very Slow Flashing Searching for network association Slow Flashing Associated with network but no activity Fast Flashing Indicates that the access point is transmitting or receiving data through wireless links Flashing rate is proportional to network activity 11g On Indicates a valid 802 11g or 802 11b wireless l...

Page 15: ...You can therefore use straight through twisted pair cable to connect this port to most network interconnection devices such as a switch or router that provide MDI X ports However when connecting the access point to a workstation or other device that does not have MDI X ports you must use crossover twisted pair cable The access point appears as an Ethernet node and performs a bridging function by m...

Page 16: ...s connected to a power source The access point automatically adjusts to any voltage between 100 240 volts at 50 or 60 Hz No voltage range settings are required The access point may also receive Power over Ethernet PoE from a switch or other network device that supplies power over the network cable based on the IEEE 802 3af standard Note that if the access point is connected to a PoE source device ...

Page 17: ...t based on the signal to noise ratio Allows the country of operation to be set to match regulatory requirements for countries outside of the United States Applications Wireless network products offer a high speed reliable cost effective solution for 10 100 Mbps wireless Ethernet client access to the network in applications such as Remote access to corporate network information E mail file transfer...

Page 18: ...ies that need additional workstations for a peak period Auditors who require workgroups at customer sites Access to databases for mobile workers Doctors nurses retailers or white collar workers who need access to databases while being mobile in a hospital retail store or an office campus SOHO users SOHO Small Office and Home Office users who need easy and quick installation of a small computer net...

Page 19: ...rompt Feature Parameter Default Identification System Name MEAP Administration User Name admin Password null General HTTP Server Enabled HTTP Server Port 80 TCP IP DHCP Enabled IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 Primary DNS IP 0 0 0 0 Secondary DNS IP 0 0 0 0 RADIUS Primary and Secondary IP Address 0 0 0 0 Port 1812 Key DEFAULT Timeout 5 seconds Retransmit att...

Page 20: ...led Session Key Refresh 0 minutes Disabled Reauthentication Refresh Rate 0 seconds Disabled VLAN Native VLAN ID 1 VLAN Tag Support Disabled Filter Control Local Bridge Disabled Local Management Disabled Ethernet Type Disabled SNMP Status Enabled Location null Contact Contact Community Read Only public Community Read Write private Traps Enabled Trap Destination IP Address null Trap Destination Comm...

Page 21: ...ng Facility Type 16 Ethernet Interface Speed and Duplex Auto Wireless Interface 802 11a IAPP Enabled SSID MEAP Turbo Mode Disabled Status Enabled Auto Channel Select Enabled Closed System Disabled Transmit Power Full Maximum Data Rate 108 Mbps Beacon Interval 100 TUs Data Beacon Rate DTIM Interval 2 beacons RTS Threshold 2347 bytes Feature Parameter Default ...

Page 22: ...nfiguration Mode All clients WPA Key Management WPA authentication over 802 1x Multicast Cipher WEP Wireless Interface 802 11b g IAPP Enabled SSID MEAP Status Enabled Auto Channel Select Enabled Closed System Disabled Transmit Power Full Maximum Data Rate 108 Mbps Beacon Interval 100 TUs Data Beacon Rate DTIM Interval 2 beacons RTS Threshold 2347 bytes Feature Parameter Default Turbo Mode Disabled...

Page 23: ... Type Open System WEP Encryption Disabled WEP Key Length 128 bits WEP Key Type Hexadecimal WEP Transmit Key Number 1 WEP Keys null WPA Configuration Mode All clients WPA Key Management WPA authentication over 802 1x Multicast Cipher WEP Feature Parameter Default ...

Page 24: ...gnal or null zones in parts of the coverage area Mount away from any signal absorbing or reflecting structures such as those containing metal 2 Mount the Access Point The access point can be mounted on any horizontal surface or wall Mounting on a horizontal surface To keep the access point from sliding on the surface attach the four rubber feet provided in the accessory kit to the embossed circles...

Page 25: ...n connected to a device that provides IEEE 802 3af compliant Power over Ethernet PoE Note If the access point is connected to both a PoE source device and an AC power source PoE will be disabled Warning Use ONLY the power adapter supplied with this access point Otherwise the product may be damaged 5 Observe the Self Test When you power on the access point verify that the PWR indicator stops flashi...

Page 26: ...cting supports auto MDI MDI X operation you can use either straight through or crossover cable 7 Position the Antennas Each antenna emits a radiation pattern that is a toroidal sphere doughnut shaped with the coverage extending most in the direction perpendicular to the antenna Therefore the antennas should be oriented so that the radio coverage pattern fills the intended horizontal space Also the...

Page 27: ...Hardware Installation 2 4 ...

Page 28: ...requency band which operates at 2 4 GHz can easily encounter interference from other 2 4 GHz devices such as other 802 11b or g wireless devices cordless phones and microwave ovens If you experience poor wireless LAN performance try the following measures Limit any possible sources of radio interference within the service area Increase the distance between neighboring access points Decrease the si...

Page 29: ...ireless adapter connected via radio signals as an independent wireless LAN Computers in a specific ad hoc wireless LAN must therefore be configured to the same radio channel An ad hoc wireless LAN can be used for a branch office or SOHO operation Ad Hoc Wireless LAN Notebook with Wireless USB Adapter Notebook with Wireless PC Card PC with Wireless PCI Adapter ...

Page 30: ... access other computers or network resources in the wired LAN infrastructure via the access point The infrastructure configuration not only extends the accessibility of wireless PCs to the wired LAN but also increases the effective wireless transmission range for wireless PCs by passing their signal through one or more access points A wireless infrastructure can be used for access to a central dat...

Page 31: ...frames sent between the access point and its clients to identify traffic in the service area The BSS ID is only set by the access point never by its clients The clients only need to set the Service Set Identifier SSID that identifies the service set provided by one or more access points The SSID can be manually configured by the clients can be detected in an access point s beacon or can be obtaine...

Page 32: ... a continuous coverage area is created wireless users within this ESS can roam freely All wireless network cards and adapters and wireless access points within a specific ESS must be configured with the same SSID File Server Switch Desktop PC Access Point BSS2 Notebook with Wireless PC Card Adapter Seamless Roaming ESS Switch Access Point BSS1 PC with Wireless PCI Adapter Notebook with Wireless PC...

Page 33: ...1 13 France 10 13 MKK 1 14 Taiwan 1 11 1 turbo mode Maximum Clients 64 per radio Operating Range See Maximum Distance Table on page A 4 Data Rate 802 11a Normal Mode 6 9 12 18 24 36 48 54 Mbps per channel Turbo Mode 12 18 24 36 48 54 96 108 Mbps per channel 802 11g 6 9 11 12 18 24 36 48 54 Mbps per channel Turbo Mode up to 108Mbps Modulation Type 802 11a BPSK QPSK 16 QAM 64 QAM 802 11g CCK BPSK QP...

Page 34: ... 497 GHz Japan 2 400 2 4835 GHz Taiwan AC Power Adapter Input 100 240 AC 50 60 Hz Output 5 VDC 3 A Maximum Power 13 2 W Unit Power supply DC Input 5 VDC 1 92 A maximum PoE input 48 VDC 0 2 A maximum Power consumption 9 6 W maximum Note Power can also be provided to the access point through the Ethernet port based on IEEE 802 3af Power over Ethernet PoE specifications When both PoE is provided and ...

Page 35: ...5 non condensing Compliances FCC Class B US ICES 003 Canada RTTED 1999 5 EC VCCI Japan DGT Taiwan Radio Signal Certification FCC Part 15 247 2 4GHz FCC part 15 15 407 b CISPR 22 96 RSS 210 Canada EN 300 328 EN 302 893 EN 300 826 EN 301 489 1 EN 301 489 17 ETSI 300 328 ETS 300 826 802 11b MPT RCR std 33 D66 1 13 Channel T33 Channel 14 Safety CSA NTRL CSA 22 2 No 950 UL 1950 EN60950 TÜV GS IEC60950 ...

Page 36: ... point can be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above Enter the configured IP address of the access point or use the default address http 192 168 1 1 To log into the access point enter the default user name admin leave the password blank and click LOGIN When the home page displays click on Advanced Setup The following page will ...

Page 37: ...sk gateway and domain name servers 5 6 Radius Configures the RADIUS server for wireless client authentication 5 9 PPPoE Configures PPPoE on the Ethernet interface 5 14 Authentication Configures 802 1x client authentication with an option for MAC address authentication 5 14 Filter Control Filters communications between wireless clients access to the management interface from wireless clients and tr...

Page 38: ... channel transmission rate and beacon settings 5 43 Security Configures data encryption with Wired Equivalent Protection WEP or Wi Fi Protected Access WPA 5 52 Radio Interface 2 Configures the IEEE 802 11g interface 5 42 Radio Settings Configures radio signal parameters such as radio channel transmission rate and beacon settings 5 48 Security Configures data encryption with Wired Equivalent Protec...

Page 39: ...dentify the wireless network service provided by the access point Only clients with the same SSID can associate with the access point System Name An alias for the access point enabling the device to be uniquely identified on the network Default MEAP Range 1 22 characters SSID The name of the basic service set provided by the access point Clients that want to connect to the network through the acce...

Page 40: ... 11 AP config system name R D 6 20 AP config interface wireless a 6 70 AP if wireless a ssid r d 6 90 AP if wireless a end 6 12 AP show system 6 33 System Information Serial Number A324003220 System Up time 0 days 0 hours 32 minutes 51 seconds System Name r d System Location System Contact Contact System Country Code US UNITED STATES MAC Address 00 30 F1 91 91 5B IP Address 192 168 2 51 Subnet Mas...

Page 41: ...twork By default the access point will be automatically configured with IP settings from a Dynamic Host Configuration Protocol DHCP server However if you are not using a DHCP server to configure IP addressing use the CLI to manually configure the initial IP values page 4 3 After you have network access to the access point you can use the web browser interface to modify the initial IP configuration...

Page 42: ...ts used for routing to specific subnets Default Gateway The default gateway is the IP address of the router for the access point which is used if the requested destination address is not on the local subnet If you have management stations DNS RADIUS or other network servers located on another subnet type the IP address of the default gateway router in the text field provided Otherwise leave the ad...

Page 43: ...se the show interface ethernet command from the Exec mode to display the current IP settings AP config interface ethernet 6 70 Enter Ethernet configuration commands one per line AP if ethernet no ip dhcp 6 73 AP if ethernet ip address 192 168 1 2 255 255 255 0 192 168 1 253 6 71 AP if ethernet dns primary server 192 168 1 55 6 70 AP if ethernet dns secondary server 10 1 0 55 6 70 AP config end 6 1...

Page 44: ... network A primary RADIUS server must be specified for the access point to implement IEEE 802 1x network access control and Wi Fi Protected Access WPA wireless security A secondary RADIUS server may also be specified as a backup should the primary server fail or become inaccessible Note This guide assumes that you have already configured RADIUS server s to support the access point Configuration of...

Page 45: ...rver before resending a request Range 1 60 seconds Default 5 Retransmit attempts The number of times the access point tries to resend a request to the RADIUS server before authentication fails Range 1 30 Default 3 Note For the Timeout and Retransmit attempts fields accept the default values unless you experience problems connecting to the RADIUS server over the network Secondary Radius Server Setu...

Page 46: ...e show show radius command from the Exec mode to display the current settings for the primary and secondary RADIUS servers AP config radius server address 192 168 1 25 6 46 AP config radius server port 181 6 47 AP config radius server key green 6 47 AP config radius server timeout 10 6 48 AP config radius server retransmit 5 6 48 AP config exit AP show radius 6 49 Radius Server Information IP 192 ...

Page 47: ...fic that may be initiated by the access point and carried over a PPPoE tunnel are RADIUS Syslog or DHCP traffic PPP over Ethernet Enable PPPoE on the RJ 45 Ethernet interface to pass management traffic between the access point and a remote PPPoE server Default Disabled PPPoE Username The user name assigned for the PPPoE tunnel Range 1 63 alphanumeric characters PPPoE Password The password assigned...

Page 48: ... server If automatic mode is selected DHCP is used to allocate the IP addresses for the PPPoE connection If static addresses have been assigned by the service provider you must manually enter the assigned addresses Default Automatic Automatically allocated IP addresses are dynamically assigned by the ISP during PPPoE session initialization Static assigned Fixed addresses are assigned by the ISP fo...

Page 49: ... authentication can be implemented using the IEEE 802 1x network access control protocol MAC Authentication You can configure a list of the MAC addresses for wireless clients that are authorized to access the network This provides a basic level of authentication for wireless clients attempting to gain access to the network A database of authorized MAC addresses can be stored locally on the access ...

Page 50: ...a mechanism to take certain actions based on a wireless client s MAC address The MAC list can be configured to allow or deny network access to specific clients System Default Specifies a default action for all unknown MAC addresses that is those not listed in the local MAC database Deny Blocks access for all MAC addresses except those listed in the local database as Allow Allow Permits access for ...

Page 51: ...network with a limited number of users MAC addresses can be manually configured on the access point itself without the need to set up a RADIUS server Use IEEE 802 1x authentication for networks with a larger number of users and where security is the most important issue For 802 1x authentication a RADIUS server is required in the wired network to control the user credentials of the wireless client...

Page 52: ...point supports 802 1x authentication only for clients initiating the 802 1x authentication process i e the access point does not initiate 802 1x authentication For clients initiating 802 1x only those successfully authenticated are allowed to access the network For those clients not initiating 802 1x access to the network is allowed after successful wireless association with the access point Requi...

Page 53: ...lt 0 means disabled 802 1x Re authentication Refresh Rate The time period after which a connected client must be re authenticated During the re authentication process of verifying the client s credentials on the RADIUS server the client remains connected the network Only if re authentication fails is network access blocked Range 0 65535 seconds Default 0 means disabled ...

Page 54: ...c authentication server local 6 58 AP config address filter default denied 6 55 AP config address filter entry 00 70 50 cc 99 1a denied 6 56 AP config address filter entry 00 70 50 cc 99 1b allowed AP config address filter entry 00 70 50 cc 99 1c allowed AP config address filter delete 00 70 50 cc 99 1c 6 57 AP config exit AP show authentication 6 60 Authentication Information MAC Authentication S...

Page 55: ...urrent settings use the show authentication command from the Exec mode AP config mac authentication server remote 6 58 AP config mac authentication session timeout 300 6 59 AP config exit AP show authentication 6 60 Authentication Information MAC Authentication Server REMOTE MAC Auth Session Timeout Value 300 secs 802 1x DISABLED Broadcast Key Refresh Rate 5 min Session Key Refresh Rate 5 min 802 ...

Page 56: ...P config 802 1x broadcast key refresh rate 5 6 53 AP config 802 1x session key refresh rate 5 6 54 AP config 802 1x session timeout 300 6 55 AP config exit AP show authentication 6 60 Authentication Information MAC Authentication Server REMOTE MAC Auth Session Timeout Value 300 secs 802 1x SUPPORTED Broadcast Key Refresh Rate 5 min Session Key Refresh Rate 5 min 802 1x Session Timeout Value 300 se...

Page 57: ...guration VLAN Enables or disables VLAN tagging support on the access point If enabled the access point will tag traffic passing from wireless clients to the wired network with the VLAN ID associated with each client on the RADIUS server Up to 64 VLAN IDs can be mapped to specific wireless clients allowing users to remain within the same VLAN as they move around a campus site This feature can also ...

Page 58: ...de Refer to the documentation provided with the RADIUS server software When VLAN filtering is enabled the access point must also have 802 1x authentication enabled and a RADIUS server configured Wireless clients must also support 802 1x client software to be assigned to a specific VLAN When VLAN filtering is disabled the access point ignores the VLAN tags on any received frames Local Bridge Filter...

Page 59: ... protocol filtering table Disabled Access point does not filter Ethernet protocol types Enable Access point filters Ethernet protocol types based on the configuration of protocol types in the filter table If a protocol has its status set to ON the protocol is filtered from the access point CLI Commands for VLAN Support From the global configuration mode use the native vlanid command to set the def...

Page 60: ...ours 28 minutes 9 seconds System Name MEAP System Location System Contact Contact System Country Code 99 NO_COUNTRY_SET MAC Address 00 30 F1 71 D6 40 IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 VLAN State DISABLED IAPP State ENABLED DHCP Client ENABLED HTTP Server ENABLED HTTP Server Port 80 Slot Status Dual band b g Software Version v0 0 0 2 AP ...

Page 61: ... and the filter ethernet type protocol command to define the protocols that you want to filter To remove an entry from the table use the address filter delete command To display the current settings use the show filters command from the Exec mode AP config filter local bridge 6 61 AP config filter ap manage 6 62 AP config filter ethernet type enable 6 63 AP config filter ethernet type protocol ARP...

Page 62: ... SNMP communities and trap receivers should be configured Community names are used to control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the access point To communicate with the access point a management station must first submit a valid community name for authentication You therefore need to assign community names to specified users or u...

Page 63: ...characters case sensitive Default public Community Name Read Write Defines the SNMP community access string that has read write access Authorized management stations are able to both retrieve and modify MIB objects Maximum length 23 characters case sensitive Default private Trap Destination IP Address Specifies the recipient of SNMP notifications Enter the IP address or the host name Host Name 1 t...

Page 64: ... The snmp server host command defines a trap receiver host To view the current SNMP settings use the show snmp command AP config snmp server enable server 6 37 AP config snmp server community alpha rw 6 35 AP config snmp server community beta ro AP config snmp server location WC 19 6 39 AP config snmp server contact Paul 6 36 AP config snmp server host 10 1 19 23 alpha 6 38 AP config exit AP show ...

Page 65: ...nd password are not configured then anyone having access to the access point may be able to compromise access point and network security Note Pressing the Reset button on the back of the access point for more than five seconds resets the user name and password to the factory defaults For this reason we recommend that you protect the access point from physical access by unauthorized persons Usernam...

Page 66: ...dvanced Configuration 5 31 CLI Commands for the User Name and Password Use the username and password commands from the CLI configuration mode AP config username bob 6 21 AP config password admin 6 22 AP ...

Page 67: ...oint to implement the new code Until a reboot occurs the access point will continue to run the software it was using before the upgrade started Also note that new software that is incompatible with the current configuration automatically restores the access point to the factory default settings when first activated after a reboot Before upgrading new software verify that the access point is connec...

Page 68: ... same VLAN ID If you are managing the access point from a wireless client the VLAN ID for the wireless client must be configured on a RADIUS server Current version Version number of runtime code Firmware Upgrade Local Downloads an operation code image file from the web management station to the access point using HTTP Use the Browse button to locate the image file locally on the management station...

Page 69: ...me of FTP or TFTP server Username The user ID used for login on an FTP server Password The password used for login on an FTP server Restore Factory Settings Click the Restore button to reset the configuration settings for the access point to the factory defaults and reboot the system Note that all user configured information will be lost You will have to re enter the default user name admin to re ...

Page 70: ... point file system To run the new software use the reset board command to reboot the access point AP copy config tftp 6 42 TFTP Source file name syscfg TFTP Server IP 192 168 1 19 AP AP copy tftp file 6 42 1 Application image 2 Config file 3 Boot block image Select the type of download 1 2 3 1 2 TFTP Source file name syscfg TFTP Server IP 10 1 1 9 AP dir 6 44 zz img bin 1109148 dflt img bin 110145...

Page 71: ... with the correct time and date Enabling System Logging The access point supports a logging process that can control error messages saved to memory or sent to a Syslog server The logged messages serve as a valuable tool for isolating access point and network problems System Log Setup Enables the logging of error messages Logging Host Enables the sending of log messages to a Syslog server host Serv...

Page 72: ...log can be viewed using the Event Logs window in the Status section page 5 71 The Event Logs window displays the last 128 messages logged in chronological order from the newest to the oldest Log messages saved in the access point s memory are erased when the device is rebooted Error Level Description Emergency System unusable Alert Immediate action needed Critical Critical conditions e g memory al...

Page 73: ...I also allows the logging facility type command to set the facility type number to use on the Syslog server To view the current logging settings use the show logging command AP config logging on 6 24 AP config logging level alert 6 26 AP config logging console 6 25 AP config logging host 1 10 1 0 3 514 6 24 AP config logging facility type 19 6 27 AP config exit AP show logging 6 28 Logging Informa...

Page 74: ...sequence SNTP Server Configures the access point to operate as an SNTP client When enabled at least one time server IP address must be specified Primary Server The IP address of an SNTP or NTP time server that the access point attempts to poll for a time update Secondary Server The IP address of a secondary SNTP or NTP time server The access point first attempts to update the time from the primary...

Page 75: ...ce Use the sntp server timezone command to set the time zone for your location and the sntp server daylight saving command to set daylight savings To view the current SNTP settings use the show sntp command AP config sntp server ip 10 1 0 19 6 28 AP config sntp server enable 6 29 AP config sntp server timezone 8 6 32 AP config sntp server daylight saving 6 31 Enter Daylight saving from which month...

Page 76: ... shows how to manually set the system time when SNTP server support is disabled on the access point AP config no sntp server enable 6 29 AP config sntp server date time 6 30 Enter Year 1970 2100 2003 Enter Month 1 12 10 Enter Day 1 31 10 Enter Hour 0 23 18 Enter Min 0 59 35 AP config ...

Page 77: ...his section of the manual The access point can operate in four modes IEEE 802 11a only 802 11b g 802 11g only and 802 11b only Also note that 802 11g is backward compatible with 802 11b These interfaces are configured independently under the following web pages Radio Interface 1 802 11a Radio Interface 2 802 11b g Note The radio channel settings for the access point are limited by local regulation...

Page 78: ... not regulated in IEEE 802 11a that provides a higher data rate of up to 108 Mbps Enabling Turbo Mode allows the access point to provide connections up to 108 Mbps Default Disabled Note In normal mode the access point provides a channel bandwidth of 20 MHz and supports the maximum number of channels permitted by local regulations e g 11 channels for the United States In Turbo Mode the channel band...

Page 79: ...s the access point to automatically select an unoccupied radio channel Default Enabled Transmit Power Adjusts the power of the radio signals transmitted from the access point The higher the transmission power the farther the transmission range Power selection is not just a trade off between coverage area and maximum supported clients You also have to ensure that high power signals do not interfere...

Page 80: ...elivers broadcast multicast frames in a more timely manner causing stations in Power Save mode to wake up more often and drain power faster Using higher DTIM values reduces the power used by stations in Power Save mode but delays the transmission of broadcast multicast frames Range 1 255 beacons Default 2 beacons RTS Threshold Sets the packet size threshold at which a Request to Send RTS signal mu...

Page 81: ...the turbo command to enable this feature before setting the radio channel with the channel command Set any other parameters as required To view the current 802 11a radio settings use the show interface wireless a command AP config interface wireless a 6 70 Enter Wireless configuration commands one per line AP if wireless a description RD AP 6 85 AP if wireless a ssid r d 6 90 AP if wireless a turb...

Page 82: ... 17 dBm Max Station Data Rate 9Mbps Fragmentation Threshold 512 bytes RTS Threshold 256 bytes Beacon Interval 150 TUs DTIM Interval 5 beacons Maximum Association 32 stations Security Closed System DISABLED Multicast cipher WEP Unicast cipher TKIP WPA clients SUPPORTED WPA Key Mgmt Mode DYNAMIC WPA PSK Key Type HEX Encryption DISABLED Default Transmit Key 1 Static Keys Key 1 EMPTY Key 2 EMPTY Key 3...

Page 83: ...ss point Enable Enables radio communications on the access point Default Enabled Radio Channel The radio channel that the access point uses to communicate with wireless clients When multiple access points are deployed in the same area set the channel on neighboring access points at least five channels apart to avoid interference with each other For example in the United States you can deploy up to...

Page 84: ...lect an unoccupied radio channel Default Enabled Maximum Supported Rate The maximum data rate at which a client can connect to the access point The maximum transmission distance is affected by the data rate The lower the data rate the longer the transmission distance Default 108 Mbps For a description of the remaining configuration items see Radio Settings 802 11a on page 5 43 ...

Page 85: ...nel command Set any other parameters as required To view the current 802 11g radio settings use the show interface wireless g command AP config interface wireless g 6 70 Enter Wireless configuration commands one per line AP if wireless g description RD AP 6 85 AP if wireless g ssid r d 6 90 AP if wireless g channel auto 6 88 AP if wireless a closed system 6 86 AP if wireless a transmit power full ...

Page 86: ... Station Data Rate 6Mbps Fragmentation Threshold 512 bytes RTS Threshold 256 bytes Beacon Interval 150 TUs DTIM Interval 5 beacons Maximum Association 32 stations Security Closed System DISABLED Multicast cipher WEP Unicast cipher TKIP WPA clients SUPPORTED WPA Key Mgmt Mode DYNAMIC WPA PSK Key Type HEX Encryption DISABLED Default Transmit Key 1 Static Keys Key 1 EMPTY Key 2 EMPTY Key 3 EMPTY Key ...

Page 87: ...security you have to implement two main functions Authentication It must be verified that clients attempting to connect to the network are authorized users Traffic Encryption Data passing between the access point and clients must be protected from interception and evesdropping For a more secure network the access point can implement one or a combination of the following security mechanisms Wired E...

Page 88: ...Windows XP Provides dynamic key rotation for improved WEP security Requires configured RADIUS server 802 1x EAP type may require management of digital certificates for clients and server MACAddress Filtering Uses the MAC address of client network card Provides only weak user authentication Management of authorized MAC addresses Can be combined with other methods for improved security Optionally co...

Page 89: ... that want to use the network WEP is the security protocol initially specified in the IEEE 802 11 standard for wireless communications Unfortunately WEP has been found to be seriously flawed and cannot be recommended for a high level of network security For more robust wireless security the access point provides Wi Fi Protected Access WPA for improved data encryption and user authentication Settin...

Page 90: ...Shared Key Sets the access point to use WEP shared keys If this option is selected you must configure at least one key on the access point and all clients Note To use 802 1x on wireless clients requires a network card driver and 802 1x client software that supports the EAP authentication type that you want to use Windows 2000 SP3 or later and Windows XP provide 802 1x client support Windows XP als...

Page 91: ...it keys 802 11a radio only Transmit Key Select Selects the key number to use for encryption If the clients have all four keys configured to the same values you can change the encryption key to any of the four settings without having to update the client keys Note Key index and type must match that configured on the clients The configuration settings for WEP are summarized below WEP only WEP over 8...

Page 92: ...wireless g command AP config interface wireless g 6 70 Enter Wireless configuration commands one per line AP if wireless g authentication shared 6 94 AP if wireless g encryption 128 6 95 AP if wireless g multicast cipher wep 6 101 AP if wireless g key 1 128 ascii abcdeabcdeabc 6 97 AP if wireless g transmit key 1 6 98 AP if wireless g end AP config no 802 1x 6 52 AP config end AP show interface wi...

Page 93: ... view the current 802 11g security settings use the show interface wireless g command not shown in example Security Closed System DISABLED Multicast cipher WEP Unicast cipher TKIP WPA clients SUPPORTED WPA Key Mgmt Mode PRE SHARED KEY WPA PSK Key Type HEX Encryption 128 BIT ENCRYPTION Default Transmit Key 1 Static Keys Key 1 Key 2 EMPTY Key 3 EMPTY Key 4 EMPTY Authentication Type SHARED AP AP conf...

Page 94: ...for user authentication and dynamic key management The 802 1x client and RADIUS server should use an appropriate EAP type such as EAP TLS Transport Layer Security EAP TTLS Tunneled TLS or PEAP Protected EAP for strongest authentication Working together these protocols provide mutual authentication between a client the access point and a RADIUS server that prevents users from accidentally joining a...

Page 95: ... a RADIUS authentication server to be configured on the wired network However for small office networks that may not have the resources to configure and maintain a RADIUS server WPA provides a simple operating mode that uses just a pre shared password for network access The Pre Shared Key mode uses a common password for user authentication that is manually entered on the access point and all wirel...

Page 96: ... specified AES as an eventual replacement for TKIP and WEP However because of the difference in ciphering algorithms AES requires new hardware support in client network cards that is currently not widely available The access point includes AES support as a future security enhancement The WPA configuration parameters are described below Authentication Type Setup When using WPA set the access point ...

Page 97: ...is supported by all wireless clients WEP WEP is the first generation security protocol used to encrypt data crossing the wireless medium using a fairly short key Communicating devices must use the same WEP key to encrypt and decrypt radio signals WEP has many security flaws and is not recommended for transmitting highly sensitive data TKIP TKIP provides data encryption enhancements including per p...

Page 98: ...Cipher WEP TKIP AES2 WPA PSK Type Hex 64 characters ASCII 8 63 characters Shared Key 64 128 152 802 1x Disabled3 MAC Authentication Disabled Local4 Authentication Type Open System WEP encryption Enabled1 WPA clients only Enabled WPA Mode WPA over 802 1x Multicast Cipher WEP TKIP AES2 Shared Key 64 128 152 802 1x Required3 MAC Authentication Disabled Local4 1 Although WEP keys are not needed for WP...

Page 99: ...ey and then use the wpa preshared key command to define the key Then disable 802 1x and MAC authentication To view the current 802 11g security settings use the show interface wireless a or show interface wireless g command not shown in example AP config interface wireless g 6 70 Enter Wireless configuration commands one per line AP if wireless g authentication open 6 94 AP if wireless g encryptio...

Page 100: ...st and multicast key encryption using the multicast cipher command Then set 802 1x to required and disable MAC authentication To view the current 802 11g security settings use the show interface wireless g command not shown in example AP config interface wireless g 6 70 Enter Wireless configuration commands one per line AP if wireless g authentication open 6 94 AP if wireless g encryption 128 6 95...

Page 101: ...plays basic system configuration settings as well as the settings for the wireless interface Menu Description Page AP Status Displays configuration settings for the basic system and the wireless interface 5 66 Station Status Shows the wireless clients currently associated with the access point 5 69 Event Logs Shows log messages stored in memory 5 71 ...

Page 102: ...ist on other network segments HTTP Server Shows if management access via HTTP is enabled HTTP Server Port Shows the TCP port used by the HTTP interface Firmware Version Shows the version number for the runtime code AP Wireless Configuration The AP Wireless Configuration table displays the wireless interface settings listed below Note that Radio 1 refers to the 802 11a interface and Radio 2 refers ...

Page 103: ...terface wireless g command see page 6 107 AP show system 6 33 System Information Serial Number A324003220 System Up time 0 days 4 hours 39 minutes 46 seconds System Name MEAP System Location System Contact Contact System Country Code US UNITED STATES MAC Address 00 30 F1 91 91 5B IP Address 192 168 2 51 Subnet Mask 255 255 255 0 Default Gateway 192 168 2 250 VLAN State DISABLED Native VLAN ID 1 IA...

Page 104: ...e seconds Station Address The MAC address of the wireless client Authenticated Shows if the station has been authenticated The two basic methods of authentication supported for 802 11 wireless networks are open system and shared key Open system authentication accepts any client attempting to connect to the access point without verifying its identity The shared key approach uses Wired Equivalent Pr...

Page 105: ...traffic to the access point Key Type Displays one of the following Disabled The client is not using Wired Equivalent Privacy WEP encryption keys Dynamic The client is using Wi Fi Protected Access 802 1x or pre shared key mode or using 802 1x authentication with dynamic keying Static The client is using static WEP keys for encryption CLI Commands for Displaying Station Status To view status of clie...

Page 106: ...l The logging level associated with this message For a description of the various levels see logging level on page 5 36 Event Message The content of the log message Error Messages An example of a logged error message is Station Failed to authenticate unsupported algorithm This message may be caused by any of the following conditions Access point was set to Open Authentication but a client sent an ...

Page 107: ...e not the same the frame will be decrypted incorrectly using the wrong algorithm and sequence number CLI Commands for Displaying the Event Logs From the global configuration mode use the show logging command Note Log messages are not displayed in the CLI AP show loggging 6 28 Logging Information Syslog State Enabled Logging Host State Enabled Logging Console State Enabled Server Domain name IP 192...

Reviews: