Linksys AC1200, User Manual

Page 1: ...User Guide AC1200 Dual Band Wireless Access Point LAPAC1200 1 ...

Page 2: ...d 8 Chapter 3 Configuration 13 Administration 13 LAN 23 Wireless 29 Captive Portal 61 Cluster 71 Chapter 4 System Status 79 Status 79 Chapter 5 Maintenance 89 Maintenance 89 Diagnostics 93 Appendix A Troubleshooting 96 Overview 96 General Problems 96 Appendix B About Wireless LANs 98 Overview 98 Wireless LAN Terminology 98 Appendix C PC and Server Configuration 102 2 ...

Page 3: ...Overview 102 Using WEP 102 Using WPA2 PSK 103 Using WPA2 Enterprise 103 802 1x Server Setup Windows 2000 Server 104 802 1x Client Setup on Windows XP 115 Using 802 1x Mode without WPA 121 3 ...

Page 4: ...ere is one LED LED behavior LED Color Activity Status Green Blinking System is booting Solid System is normal no wireless devices connected Blue Blinking Software upgrade in process Solid System is normal at least one wireless device connected Red Solid Booting process or update failed hard reset or service required Ports and Button Power Port Connect the AC power adapter to this port Note Use onl...

Page 5: ...the device enclosure Wall Installation 1 Position drilling layout template at the desired location 2 Drill four screw holes on the mounting surface If your Ethernet cable is routed behind the wall mark Ethernet cable hole as well 3 Secure the mounting bracket on the wall with anchors and screws 4 If your Ethernet cable is routed behind the wall cut or drill the Ethernet cable hole you marked in St...

Page 6: ...er adapter to your device 7 Slide the device into the bracket Turn access point clockwise until it locks IMPORTANT Improper or insecure mounting could result in damage to the device or personal injury Linksys is not responsible for damages caused by improper mounting 6 ...

Page 7: ...r later Setup Procedure Make sure device is powered on before you continue setup If LED light is off check that AC power adapter or PoE cable is properly connected on both ends Access device s browser based setup 1 Use the included cable to connect the access point to your network via a network switch or router 2 Open a web browser on a computer connected to your network Enter the IP address of yo...

Page 8: ...ess point will fall back to its default IP address 192 168 1 252 with a network mask of 255 255 255 0 Or if your PC s IP address is not compatible with this you must change your PC s IP address to an unused value in the range 192 168 1 1 192 168 1 254 with a network mask of 255 255 255 0 See Appendix A Windows TCP IP for details for this procedure Setup Wizard If you are setting up the access poin...

Page 9: ...e Quick Start tab on the main menu 2 On the first screen click Launch 3 Set the password on the Device Password screen if desired 4 Configure the time zone date and time for the device on System Settings screen 9 ...

Page 10: ...e device Static or Automatic then click Next 6 Set the SSID information on the Wireless Network screen Click Next If you want to configure more than four SSIDs go to Configuration Wireless Basic Settings The access point supports up to eight SSIDs per radio 10 ...

Page 11: ... If you are looking for security options that are not available in the wizard go to Configuration Wireless Security page The access point supports more sophisticated security options there 8 On the Summary screen check the data to make sure they are correct and then click Submit to save the changes 11 ...

Page 12: ...9 Click Finish to leave the wizard 12 ...

Page 13: ...Configuration Administration User Accounts Go to Configuration Administration and select User Accounts to manage user accounts The access point supports up to five users one administrator and four normal users 13 ...

Page 14: ...Only administrator account has Read Write permission to the access point s admin interface All other accounts have Read Only permission New Password Enter the Password to connect to the access point s admin interface Password must be between 4 and 63 characters Special characters are allowed Confirm New Password Re enter password Time Go to Configuration Administration and select Time to configure...

Page 15: ...ly adjust clock for daylight saving changes Start Time Specify the start time of daylight saving End Time Specify the end time of daylight saving Offset Select the adjusted time of daylight saving NTP NTP Server 1 Enter the primary NTP server It can be an IPv4 address or a domain name Valid characters include alphanumeric characters _ and Maximum length is 64 characters NTP Server 2 Enter the seco...

Page 16: ...tration and select Log Settings to configure logs Logs record various types of activity on the access point This data is useful for troubleshooting but enabling all logs will generate a large amount of data and adversely affect performance 16 ...

Page 17: ... characters are allowed Password Enter the Password to login to your SMTP server The Password can include up to 32 characters Special characters are allowed Email Address for Logs Enter the email address the log messages are to be sent to Valid characters include alphanumeric characters _ and Maximum length is 64 characters Log Queue Length Enter the length of the queue up to 500 log messages The ...

Page 18: ...Management Access Go to Configuration Administration and select Management Access page to configure the management methods of the access point 18 ...

Page 19: ...to HTTP clients and servers Enable to allow Web access by HTTPS protocol HTTPS Port Specify the port for HTTPS It can be 443 default or from 1024 to 65535 From Wireless Enable wireless devices to connect to access point s admin page Disabled by default Access Control By default no IP addresses are prohibited from accessing the device s admin page You can enable access control and enter specified I...

Page 20: ...ttings Configure the SNMPv3 settings if you want to use SNMPv3 Username Enter the username It includes 0 to 32 characters Special characters are allowed Authentication Protocol None or HMAC MD5 Authentication Key 8 to 32 characters Special characters are allowed Privacy Protocol None or CBC DES Privacy Key 8 to 32 characters Special characters are allowed Access Control Access Control When SNMP is...

Page 21: ...SSL Certificate Go to Configuration Administration and select SSL Certificate to manage the SSL certificate used by HTTPS 21 ...

Page 22: ...ination File Enter the name of the destination file TFTP Server Enter the IP address for the TFTP server Only support IPv4 address here Export Click to export the SSL certificate to the TFTP server Restore from TFTP Server Source File Enter the name of the source file TFTP Server Enter the IP address for the TFTP server Only support IPv4 address here Install Click to install the file to the device...

Page 23: ...LAN Network Setup Go to Configuration LAN Network Setup to configure basic device settings VLAN settings and settings for the LAN interface including static or dynamic IPv4 IPv6 address assignment 23 ...

Page 24: ...the untagged traffic VLAN ID or change the VLAN ID for a SSID Untagged VLAN ID Specifies a number between 1 and 4094 for the untagged VLAN ID The default is 1 Traffic on the VLAN that you specify in this field is not be tagged with a VLAN ID when forwarded to the network Untagged VLAN ID field is active only when untagged VLAN is enabled VLAN 1 is the default for both untagged VLAN and management ...

Page 25: ...Advanced Go to Configuration LAN Advanced this screen to configure advanced network settings of the access point 25 ...

Page 26: ...d The option can be 10M 100M or 1000M default Operational Port Speed Displays the current port speed of the Ethernet port Duplex Mode Select the duplex mode of the Ethernet port Available only when Auto Negotiation is disabled The option can be Half or Full default Operational Duplex Mode Displays the current duplex mode of the Ethernet port Flow Control Enable or disable flow control of the Ether...

Page 27: ...ters Special characters are allowed Discovery Settings Bonjour Enable if administrator wants the access point to be discovered by Bonjour enabled devices automatically If VLAN is enabled the discovery packets will be sent out via management VLAN only The access point supports http and https services LLDP Enable if administrator wants the access point to be discovered by switch by LLDP protocol Inf...

Page 28: ...and IGMPv3 in IGMP Snooping MLD Snooping MLD Multicast Listener Discovery is a component of the Internet Protocol Version 6 IPv6 suite MLD is used by IPv6 routers for discovering multicast listeners on a directly attached link much like IGMP is used in IPv4 Multicast Listener Discovery MLD Snooping provides multicast containment by forwarding traffic only to those clients that have MLD receivers f...

Page 29: ...s Basic Settings Go to Configuration Wireless Basic Settings to configure your wireless radio and SSIDs Advanced wireless settings such as Band Steering Channel Bandwidth are on the Advanced Settings screen 29 ...

Page 30: ...e desired option for radio 2 N A Mixed allow connection by 802 11A and N wireless stations only N only allow connection by 802 11N wireless stations only AC only allow connection by 802 11AC wireless stations only A N AC Mixed allow connection by 802 11A 802 11N and 802 11AC wireless stations Wireless Channel Select wireless channel of the radio If Auto is selected the access point will select the...

Page 31: ...disable isolation among clients of the SSID If enabled wireless clients cannot communicate with others in the same SSID It s disabled by default VLAN ID Enter the VLAN ID of the SSID Used to tag packets which are received from the wireless clients of the SSID and sent from Ethernet or WDS interfaces Applicable only when VLAN function is enabled VLAN function can be configured in Configuration LAN ...

Page 32: ... WEP The 802 11b standard Data is encrypted before transmission but the encryption system is not very strong WPA2 Personal This is a further development of WPA PSK and offers even greater security using the AES Advanced Encryption Standard method WPA WPA2 Personal This method sometimes called Mixed Mode allows clients to use either WPA Personal with TKIP or WPA2 Personal with AES WPA2 Enterprise R...

Page 33: ...ll data transmission is encrypted using the WPA2 AES standard Keys are automatically generated so no key input is required WPA WPA2 Enterprise This method sometimes called Mixed Mode allows clients to use either WPA Enterprise with TKIP or WPA2 Enterprise with AES RADIUS RADIUS mode utilizes RADIUS server for authentication and dynamic WEP key generation for data encryption WEP This is the 802 11b...

Page 34: ...it Encryption Keys are 10 Hex characters 128 Bit Encryption Keys are 26 Hex characters Passphrase Generate a key or keys instead of entering them directly Enter a word or group of printable characters in the Passphrase box and click the Generate button to automatically configure the WEP key It consists of 1 to 30 characters Key Value Enter a key in hexadecimal format Note Due to hardware limitatio...

Page 35: ...ireless stations must use the same key Key Renewal Specify the value of Group Key Renewal It s a value from 600 to 36000 and default is 3600 WPA automatically changes secret keys after a certain period of time The group key interval is the period of time in between automatic changes of the group key which all devices on the network share Constantly keying the group key protects your network agains...

Page 36: ...ireless stations must use the same key Key Renewal Specify the value of Group Key Renewal It s a value from 600 to 36000 and default is 3600 WPA automatically changes secret keys after a certain period of time The group key interval is the period of time in between automatic changes of the group key which all devices on the network share Constantly keying the group key protects your network agains...

Page 37: ...WPA2 Enterprise This version of WPA2 Enterprise requires a RADIUS Server on your LAN to provide the client authentication Data transmissions are encrypted using the WPA2 AES standard 37 ...

Page 38: ...connections to the Backup RADIUS Server It s a value from 1 to 65534 and default is 1812 Backup Shared Secret Enter the key value to match the Backup RADIUS Server It consists of 1 to 64 characters WPA Algorithm The encryption method is AES Key Renewal Timeout Specify the value of Group Key Renewal It is a value from 600 to 36000 and default is 3600 WPA automatically changes secret keys after a ce...

Page 39: ...WPA WPA2 Enterprise WPA WPA2 Enterprise requires a RADIUS Server on your LAN to provide the client authentication Data transmissions are encrypted using WPA WPA2 standard 39 ...

Page 40: ...ections to the Backup RADIUS Server It is a value from 1 to 65534 and default is 1812 Backup Shared Secret Enter the key value to match the Backup RADIUS Server It consists of 1 to 64 characters WPA Algorithm The encryption method is TKIP or AES Key Renewal Timeout Specify the value of Group Key Renewal It is a value from 600 to 36000 and default is 3600 second WPA automatically changes secret key...

Page 41: ...RADIUS Use RADIUS server for authentication and dynamic WEP key generation for data encryption 41 ...

Page 42: ...s Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RADIUS Server It is a value from 1 to 65534 and default is 1812 Backup Shared Secret Enter the key value to match the Backup RADIUS Server It consists of 1 to 64 characters Rogue AP Detection Go to Configur...

Page 43: ... Rogue AP SSID The SSID of the Rogue AP Channel The channel of the Rogue AP Security The security method of the Rogue AP Signal The signal level of the Rogue AP Trusted AP List Action Click Untrust to move the AP to the Rogue AP List MAC Address The MAC address of the Trusted AP SSID The SSID of the Trusted AP Channel The channel of the Trusted AP Security The security method of the Trusted AP Sig...

Page 44: ...less Scheduler to configure a rule with a specific time interval for SSIDs to be operational Automate enabling or disabling SSIDs based on the profile definition Support up to 16 profiles and each profile can include four time rules 44 ...

Page 45: ...us It includes the following situations System time is outdated Scheduler is inactive because system time is outdated Administrative Mode is disabled Scheduler is disabled by administrator Active Scheduler is active Scheduler Profile configuration New Profile Name Enter the name for new profile Profile Name Select the desired profile from the list to configure Day of the Week Select the desired da...

Page 46: ...o 2 is for 5 GHz Scheduler Association SSID The index of SSID SSID Name The name of the SSID Profile Name Choose the profile that is associated with the SSID If the profile associated with the SSID is deleted then the association will be removed Option None means no scheduler profile is associated Interface Status The status of the SSID It can be Enabled or Disabled Scheduler only works when the S...

Page 47: ...Connection Control Go to Configuration Wireless Connection Control to define whether listed client stations may authenticate with the access point 47 ...

Page 48: ...to 20 MAC addresses of wireless stations or choose the MAC address RADIUS Primary Backup RADIUS Server Enter the IP address of the RADIUS Server Primary Backup RADIUS Server Port Enter the Port number of the RADIUS Server Primary Backup Shared Secret This is shared between the wireless access point and the RADIUS Server while authenticating the device attempting to connect Disabled Rate Limit Go t...

Page 49: ...io 1 and from 0 to 600 Mbps for Radio 2 0 means no limitation Downstream Rate Enter a maximum downstream rate for the SSID The range is from 0 to 200 Mbps for Radio 1 and from 0 to 600 Mbps for Radio 2 0 means no limitation QoS Go to Configuration Wireless QoS Quality of Service to specify priorities for different traffic coming from your wireless client Lower priority traffic will be slowed down ...

Page 50: ...r access categories voice video best effort and background For an application to receive the benefits of WMM QoS both it and the client running that application have to have WMM enabled Legacy applications that do not support WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than voice and video WMM is enabled by default WDS Go to...

Page 51: ...51 ...

Page 52: ...tatic channel is configured on both APs Do not use Auto channel option when you enable WDS as both APs in a WDS link must be on the same radio channel If Auto option is configured there is chance two access points run on different channels and WDS link cannot establish Workgroup Bridge and WDS will not work at the same time on one wireless radio When Workgroup Bridge is enabled WDS will be disable...

Page 53: ...wing settings of the device are identical to the WDS Root that will be connected Radio IEEE 802 11 Mode Channel Bandwidth Channel Note It is highly recommended that static channel is configured on both APs Do not use Auto channel option when you enable WDS as both APs in a WDS link must be on the same radio channel If Auto option is configured there is chance two access points run on different cha...

Page 54: ...00 500 600 700 800 Security Mode The type of encryption to use on the WDS link It must be unique to the access point on the other end of the WDS link The options are Disabled WPA Personal WPA2 Personal WPA Enterprise or WPA2 Enterprise Status Status of the WDS interface It can be Disabled Connected or Not Connected Workgroup Bridge Go to Configuration Wireless Workgroup Bridge to extend the access...

Page 55: ...55 ...

Page 56: ... radio channel If Auto option is configured there is chance two access points run on different channels and Worgroup Bridge link cannot establish Remote AP Settings SSID Enter the name of the SSID to which Workgroup Bridge will connect Click Site Survey button to choose from the list You must do this for Workgroup Bridge to connect to a remote access point Remote MAC Address Normally Workgroup Bri...

Page 57: ...ct the desired mode from the list Disabled WPA Personal WPA2 Personal WPA Enterprise WPA2 Enterprise Advanced Settings Go to Configuration Wireless Workgroup Bridge to configure advanced parameters of wireless radios 57 ...

Page 58: ...ess Radio Select the desired radio from the list Radio 1 is for 2 4 GHz and Radio 2 is for 5 GHz Worldwide Mode 802 11d Worldwide Mode 802 11d enables the access point to direct connected wireless devices to radio settings specific to where in the world the devices are in use Channel Bandwidth Select the designed channel bandwidth for the wireless radio 20MHz Select if you are not using any 802 11...

Page 59: ...transmissions of beacon frames The value range is between 40 and 1000 milliseconds and default is 100 milliseconds DTIM Interval Enter the Delivery Traffic Information Map DTIM period an integer from 1 to 255 beacons The default is 1 beacon The DTIM message is an element included in some beacon frames It indicates which client stations currently sleeping in low power mode have data buffered on the...

Page 60: ...e fragmentation threshold an integer from 256 to 2346 The default is 2346 The fragmentation threshold is a way of limiting the size of packets frames transmitted over the network If a packet exceeds the fragmentation threshold you set the fragmentation function is activated and the packet is sent as multiple 802 11 frames If the packet being transmitted is equal to or less than the threshold fragm...

Page 61: ... wireless network Users must enter authentication credentials before their wireless client devices can access the Internet Global Configuration Go to Configuration Captive Portal Global Configuration to change settings and modify captive portal authentication access port number if needed 61 ...

Page 62: ...lt You can configure an additional port for that process HTTP Port Once Additional HTTP Port is enabled define an additional port for HTTP protocol The value can be 80 or 1024 to 65535 and is 80 by default The HTTP Port must be different from the HTTP port in Administration Management Access page Additional HTTPS Port HTTPS portal authentication uses the HTTPS management port by default You can co...

Page 63: ...Portal Profiles Go to Configuration Captive Portal Portal Profiles to define detailed settings for Captive Portal profile Create up to two profiles 63 ...

Page 64: ...d wireless clients will be directed after logging in at Captive Portal Choose Original URL or Promotion URL Redirect to Original URL If Landing Page is enabled this setting redirects authenticated wireless clients from the Captive Portal login screen to the URL the user typed in Promotion URL Enter a URL to which authenticated clients will be redirected from the Captive Portal login page Landing P...

Page 65: ...be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RADIUS Server Backup Shared Secret Enter the key value to match the Backup RADIUS Server Password Only Authentication Password The password for the profile Wireless clients only need one password to access the wireless network Local User Go to Configuration Ca...

Page 66: ...user account The password must be between 4 and 32 characters in length Special characters except and are allowed Confirm Password Re enter the password to confirm it Local Group Go to Configuration Captive Portal Local Group to configure group settings Groups include multiple local users and are mapped to Captive Portal profiles Up to two groups are supported 66 ...

Page 67: ...onfigure its user members Members User members of the selected group You can select one user and click button to remove it Other Users Other users which don t belong to the selected group You can select one user and click button to add it into the group Web Customization Go to Configuration Captive Portal Web Customization to customize the authentication web page of Captive Portal 67 ...

Page 68: ...ustomize text to go with the login box Default text for different authentication options Local Authentication Radius Authentication You can log in using your username and password Password Only Authentication You can log in using your password Local Authentication Click Connect to log in User Label Customize the username text box Enter up to 16 characters The default is Username Password Label Cus...

Page 69: ...nticated The default is You have logged on successfully Please keep this window open when using the wireless network Failure Text Customize the text that shows when authentication fails Enter up to 128 characters The default is Bad username or password Profile Association Go to Configuration Captive Portal Profile Association to associate defined Captive Portal profiles with SSIDs 69 ...

Page 70: ...d with the SSID If the profile associated with the SSID is deleted then the association will be removed If None is selected it means no profile is associated Client Information Go to Configuration Captive Portal Client Information to view the status of wireless clients that are authenticated by Captive Portal 70 ...

Page 71: ...the value is fixed to 0 the session won t time out Measured in seconds Cluster The cluster function provides a centralized method to administer and control wireless services across multiple devices When access points are clustered you can view deploy configure and secure the wireless network as a single entity Note Firmware version 1 1 0 or above support cluster feature If your device has legacy f...

Page 72: ...s IGMP MLD Snooping Wireless Network Mode SSID Settings Wireless Security Rogue AP Detection Wireless Scheduler Wireless Scheduler Association Wireless Connection Control Rate Limit QoS Advanced Wireless Settings Captive Portal Settings Ethernet Port Settings VLAN Settings These configurations are not shared by clustered access points IP Settings WDS Output Power Hostname Workgroup Bridge Wireless...

Page 73: ...n and assign the access point to be the master Note If system detects there is one Master already existed in the same cluster the new access point that likes to become master will be assigned to slave automatically Slave Enable the cluster function and assign the access point to be the slave Note When the cluster function is enabled WDS and workgroup bridge will be disabled automatically 73 ...

Page 74: ...Master 74 ...

Page 75: ...xample lab cluster All access points with the same cluster name belong to the same cluster Length of this value is from 4 to 32 bytes and special characters are allowed This is a mandatory field if the cluster function is turned on Backup Master When an access point works as a cluster slave it can be enabled as a backup master When master gets offline it will take the role of master When the backu...

Page 76: ...ccess point to which the client connects SSID SSID name of the access point to which the client connects User MAC MAC address of the client Online Time Displays how long this client has been online since it is authenticated Unit is second Link Rate Indicates the link rate of the client Unit is Mbps Signal The signal strength of the client is displayed Unit is dBm Rx Total The total bytes which are...

Page 77: ...cluster When channel management is enabled the access point automatically assigns radio channels within a cluster Auto channel assignment reduces mutual interference or interference with other access points outside of its cluster and maximizes Wi Fi bandwidth to help maintain efficient communication over the wireless network 77 ...

Page 78: ...iately Scan according to the day time specified No Clients Scan only if no clients are connected to the wireless radio If there are clients connected the access point will complete the Auto Channel operation the next scheduled time when no clients are connected Current Channels Type Member type of the access point It can be Master Slave or Backup Master Location Where the access point is physicall...

Page 79: ...Chapter 4 System Status Status System Summary Go to System Status Status System Summary for status of the access point 79 ...

Page 80: ...MAC physical address of the wireless access point Serial Number The serial number of the device Host Name The host name assigned to the access point System Up Time How long the system has been running since the last restart or reboot System Time The current date and time Power Source The power source of the access point It can be Power over Ethernet PoE or Power Adapter When two power sources are ...

Page 81: ...LAN Status Go to System Status Status LAN Status to see settings and status of LAN interface 81 ...

Page 82: ...N change the untagged traffic VLAN ID or change the VLAN ID for a SSID Untagged VLAN ID Displays the untagged VLAN ID Traffic on the VLAN that you specify in this field is not be tagged with a VLAN ID when forwarded to the network VLAN 1 is the default ID for untagged VLAN and management VLAN Management VLAN Displays the Management VLAN ID The VLAN associated with the IP address you use to connect...

Page 83: ... which the wireless access point is attached the same value as the PCs on that LAN segment Primary DNS The primary DNS address provided by the DHCP server or configured manually Secondary DNS The secondary DNS address provided by the DHCP server or configured manually Wireless Status Go to System Status Status Wireless Status to see settings and status of wireless radios and SSIDs 83 ...

Page 84: ...only the 20 MHz channel is in use When set to 20 40 MHz Wireless N connections will use 40 MHz channel but Wireless B and Wireless G will still use 20 MHz channel SSID Status Interface SSID index SSID Name Name of the SSID Status Status of the SSID Enabled or Disabled MAC Address MAC Address of the SSID VLAN ID VLAN ID of the SSID Priority The 802 1p priority of the SSID Scheduler State N A No sch...

Page 85: ...ch data is received Remote MAC MAC Address of the destination access point which is on the other end of the WDS link to which data is sent or handed off and from which data is received Connection Status Status of the WDS Station Disabled Connected or Not Connected Workgroup Bridge Status Status Status of the Workgroup Bridge Enabled or Disabled Local MAC MAC address of the Workgroup Bridge Remote ...

Page 86: ...the list The interfaces include eight SSIDs per radio SSID Name Name of the SSID to which the client connects Client MAC The MAC address of the client SSID MAC MAC of the SSID to which the client connects Link Rate The link rate of the client Unit is Mbps RSSI The signal strength of the client Unit is dBm Online Time How long this client has been online Unit is seconds 86 ...

Page 87: ...Statistics Go to System Status Status Statistics to see real time statistics on data transmitted and received based on each SSID per Radio and LAN interface 87 ...

Page 88: ...nt in Transmit table or received in Received table by the interface Total Dropped Bytes The total number of dropped bytes sent in Transmit table or received in Received table by the interface Errors The total number of errors related to sending and receiving data on this interface Log View Go to System Status Status Log View to see a list of system events such as login attempts and configuration c...

Page 89: ... the same cluster will be updated as well Do not power off the device or disconnect the Ethernet cable during the upgrade The access point will reboot automatically after the upgrade is complete To perform the firmware upgrade from local PC 1 Click Choose File to navigate to the location of the upgrade file 2 Select the upgrade file Its name will appear next to the Choose File button 3 Click Upgra...

Page 90: ...e Configuration Backup Restore Go to Maintenance Maintenance Configuration Backup Restore to download the configuration file from the device You can save it to external storage e g your PC or network storage You can also upload a previously saved configuration file from external storage to the device It is highly recommended you save one extra copy of the configuration file to external storage aft...

Page 91: ...e and click Save Restore Configuration To restore settings from a backup file 1 Click Choose File 2 Locate and select the previously saved backup file 3 Click Restore Backup Restore to from TFTP server Backup Configuration To create a backup file of the current settings 1 Enter the destination file name you plan to save in TFTP server 2 Enter the IP address for the TFTP server Only IPv4 addresses ...

Page 92: ...Default To restore your access point to its factory defaults select an option and click Save Reset Parameters that can share with Slaves ONLY When current AP is a master of a cluster select this option to restore all sharable parameters of current AP and its slaves to factory defaults Cluster settings and non sharable parameters will not reset Reset All Parameters to Factory Default No Don t resto...

Page 93: ...he current configuration file will remain after reboot Device Reboot If you click Save when the Yes radio button is selected the device will power cycle Diagnostics Ping Test Go to Maintenance Diagnostics Ping Test to determine the accessibility of a host on the network 93 ...

Page 94: ...aintenance Diagnostics Packet Capture to capture and store 802 3 packets received and transmitted by the access point based on one specified network interface The network interface can be radio SSID or LAN Network Interface Select the desired network interface from the drop down list The interface can be Radio SSID or Ethernet Start Capture Click to start the capture You will be asked to specify a...

Page 95: ...tem detail information such as configuration file system status and statistics data hardware information operational status The information is useful in troubleshooting and working with technical support Click Download to download the device diagnostic log into a local file 95 ...

Page 96: ...be the case You can use the following method to determine the IP address of the wireless access point and then try to connect using the IP address instead of the name To find the access point s IP address 1 Open a MS DOS Prompt or Command Prompt Window 2 Use the Ping command to ping the wireless access point Enter ping followed by the default name of the wireless access point Default name is lap f...

Page 97: ...ecurity settings on the PC match the settings on the access point On the PC the wireless mode is set to Infrastructure If using the Access Control feature the PC s name and address is in the Trusted Stations list If using 802 1x mode ensure the PC s 802 1x software is configured correctly See Appendix C p 104 for details of setup for the Windows XP 802 1x client If using a different client refer t...

Page 98: ...directly with each other Infrastructure Mode In Infrastructure Mode one or more access points are used to connect wireless stations e g notebook PCs with wireless cards to a wired Ethernet LAN The wireless stations can then access all LAN resources Note Access points can only function in Infrastructure Mode and can communicate only with wireless stations that are set to Infrastructure Mode SSID ES...

Page 99: ...using multiple access points it is better if adjacent access points use different channels to reduce interference The recommended channel spacing between adjacent access points is five channels e g use Channels 1 and 6 or 6 and 11 In Infrastructure Mode wireless stations normally scan all channels looking for an access point If more than one access point can be used the one with the strongest sign...

Page 100: ...ave a client login on the RADIUS server Each user must have a user login on the RADIUS server Each user s wireless client must support 802 1X and provide the login data when required All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required WPA2 Enterprise This version of WPA2 requires a RADIUS server on your LAN to provide the client au...

Page 101: ... WEP encryption If this option is used The access point must have a client login on the RADIUS server Each user must have a user login on the RADIUS server Each user s wireless client must support 802 1X and provide the login data when required All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 101 ...

Page 102: ...of each wireless station is also more complex Using WEP For each of the following items each wireless station must have the same settings as the wireless access point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the wireless access point The default value is LinksysSMB24G for radio 1 and LinksysSMB5G for radio 2 Note The SSID is case sensitive...

Page 103: ...ive Wireless Security On each client wireless security must be set to WPA2 PSK The pre shared key entered on the access point must also be entered on each wireless client The encryption method e g TKIP AES must be set to match the access point Using WPA2 Enterprise This is the most secure and most complex system WPA Enterprise mode provides greater security and centralized management but it is mor...

Page 104: ...the RADIUS server on your network must be configured as follows It must provide and accept certificates for user authentication There must be a client login for the wireless access point itself The wireless access point will use its default name as its client login name However your RADIUS server may ignore this and use the IP address instead The Shared Key set on the Security screen of the access...

Page 105: ... 3 Ensure that the following components are selected Certificate Services After enabling this you will see a warning that the computer cannot be renamed and joined after installing certificate services Select Yes to select certificate services and continue World Wide Web Server Select World Wide Web Server on the Internet Information Services IIS component From the Networking Services category sel...

Page 106: ...hange the CA s configuration data 8 Installation will warn you that Internet Information Services are running and must be stopped before continuing Click OK then Finish DHCP server configuration 1 Click on Start Programs Administrative Tools DHCP 2 Right click on the server entry and select New Scope 106 ...

Page 107: ...ary Click Next 6 Add exclusions in the address fields if required If no exclusions are required leave it blank Click Next 7 Change the Lease Duration time if preferred Click Next 8 Select Yes I want to configure these options now and click Next 9 Enter the router address for the current subnet The router address may be left blank if there is no router Click Next 107 ...

Page 108: ...ant to activate this scope now Click Next then Finish 13 Right click on the server and select Authorize It may take a few minutes to complete Certificate Authority Setup 1 Select Start Programs Administrative Tools Certification Authority 2 Right click Policy Settings and select New Certificate to Issue 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctr...

Page 109: ...t Programs Administrative Tools Active Directory Users and Computers 5 Right click on your active directory domain and select Properties 6 Select the Group Policy tab choose Default Domain Policy then click Edit 109 ...

Page 110: ...n Windows Settings Security Settings Public Key Policies right click Automatic Certificate Request Settings New Automatic Certificate Request 8 When the Certificate Request Wizard appears click Next 9 Select Computer click Next 110 ...

Page 111: ...e Authority is checked click Next 11 Review the policy change information and click Finish 12 Click Start Run type cmd and press Enter Enter secedit refreshpolicy machine_policy This command may take a few minutes to take effect 111 ...

Page 112: ... address or name of the wireless access point and set the shared secret as entered on the Security Settings of the wireless access point 5 Click Finish 6 Right click on Remote Access Policies select New Remote Access Policy 7 Assuming you are using EAP TLS name the policy eap tls and click Next 8 Click Add If you don t want to set any restrictions and a condition is required select Day And Time Re...

Page 113: ...lect Grant remote access permission Click Next 11 Click Edit Profile and select the Authentication tab Enable Extensible Authentication Protocol and select Smart Card or other Certificate Deselect other authentication methods listed Click OK 113 ...

Page 114: ...12 Select No if you don t want to view the help for EAP Click Finish 114 ...

Page 115: ... 1x client implementation If using Windows 2000 you can install SP3 Service Pack 3 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to your vendor s documentation for setup instructions The following instructions assume You are using Windows XP You are connecting to a Windows 2000 server for a...

Page 116: ...ddress box enter the IP address of the Windows 2000 Server followed by certsrv e g http 192 168 0 2 certsrv 3 You will be prompted for a user name and password Enter the User name and Password assigned to you by your network administrator and click OK 4 On the first screen below select Request a certificate click Next 116 ...

Page 117: ...5 Select User certificate request and select User Certificate click Next 6 Click Submit 117 ...

Page 118: ...7 A message will be displayed and the certificate will be returned to you Click Install this certificate 8 You will receive a confirmation message Click Yes 118 ...

Page 119: ...ontrol Panel Network Connections 2 Right click on the Wireless Network Connection and select Properties 3 Select the Authentication tab and ensure that Enable network access control using IEEE 802 1X is selected and Smart Card or other Certificate is selected from the EAP type 119 ...

Page 120: ...works typically use EAP TLS This is a dynamic key system so there is no need to enter key values Enabling Encryption To enable encryption for a wireless network 1 Click on the Wireless Networks tab 2 Select the wireless network from the Available networks list and click Configure 3 Select and enter the correct values as advised by your Network Administrator For example to use EAP TLS you would ena...

Page 121: ...without WPA This is very similar to using WPA Enterprise The only difference is that on your client you must NOT enable the setting The key is provided for me automatically Instead you must enter the WEP key manually ensuring it matches the WEP key used on the access point 121 ...

Page 122: ...some systems the 64 bit WEP key is shown as 40 bit and the 128 bit WEP key is shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 122 ...

Page 123: ...LNKPG 00114 Rev B00 123 ...