Linksys LAPAC1750, User Manual

Page 1: ...User Guide AC1750 Dual Band Wireless Access Point LAPAC1750 1 ...

Page 2: ...rowser 7 Setup Wizard 8 Chapter 3 Configuration 12 Administration 12 LAN 21 Wireless 27 Captive Portal 60 Cluster 72 Chapter 4 System Status 80 Status 80 Chapter 5 Maintenance 91 Maintenance 91 Diagnostics 95 Appendix A Troubleshooting 98 Overview 98 General Problems 98 Appendix B About Wireless LANs 100 Overview 100 Wireless LAN Terminology 100 2 ...

Page 3: ...nd Server Configuration 104 Overview 104 Using WEP 104 Using WPA2 PSK 105 Using WPA2 Enterprise 105 802 1x Server Setup Windows 2000 Server 106 802 1x Client Setup on Windows XP 117 Using 802 1x Mode without WPA 123 3 ...

Page 4: ...ere is one LED LED behavior LED Color Activity Status Green Blinking System is booting Solid System is normal no wireless devices connected Blue Blinking Software upgrade in process Solid System is normal at least one wireless device connected Red Solid Booting process or update failed hard reset or service required Ports and Button Power Port Connect the AC power adapter to this port Note Use onl...

Page 5: ...the device enclosure Wall Installation 1 Position drilling layout template at the desired location 2 Drill four screw holes on the mounting surface If your Ethernet cable is routed behind the wall mark Ethernet cable hole as well 3 Secure the mounting bracket on the wall with anchors and screws 4 If your Ethernet cable is routed behind the wall cut or drill the Ethernet cable hole you marked in St...

Page 6: ...er adapter to your device 7 Slide the device into the bracket Turn access point clockwise until it locks IMPORTANT Improper or insecure mounting could result in damage to the device or personal injury Linksys is not responsible for damages caused by improper mounting 6 ...

Page 7: ...inue setup If LED light is off check that AC power adapter or PoE cable is properly connected on both ends Access device s browser based setup 1 Use the included cable to connect the access point to your network via a network switch or router 2 Open a web browser on a computer connected to your network Enter the IP address of your access point By factory default the IP address will be assigned by ...

Page 8: ...5 255 0 Or if your PC s IP address is not compatible with this you must change your PC s IP address to an unused value in the range 192 168 1 1 192 168 1 254 with a network mask of 255 255 255 0 See Appendix A Windows TCP IP p 98 for details for this procedure Setup Wizard If you are setting up the access point as a standalone device run the Setup Wizard If the access point will be part of a clust...

Page 9: ... the password on the Device Password screen if desired 4 Configure the time zone date and time for the device on System Settings screen 5 On the IPv4 Address screen configure the IP address of the device Static or Automatic then click Next 9 ...

Page 10: ...ettings The access point supports up to eight SSIDs per radio 7 On the Wireless Security Screen configure the wireless security settings for the device Click Next If you are looking for security options that are not available in the wizard go to Configuration Wireless Security page The access point supports more sophisticated security options there 10 ...

Page 11: ...8 On the Summary screen check the data to make sure they are correct and then click Submit to save the changes 9 Click Finish to leave the wizard 11 ...

Page 12: ...Configuration Administration User Accounts Go to Configuration Administration and select User Accounts to manage user accounts The access point supports up to five users one administrator and four normal users 12 ...

Page 13: ...Only administrator account has Read Write permission to the access point s admin interface All other accounts have Read Only permission New Password Enter the Password to connect to the access point s admin interface Password must be between 4 and 63 characters Special characters are allowed Confirm New Password Re enter password Time Go to Configuration Administration and select Time to configure...

Page 14: ...aving Offset Select the adjusted time of daylight saving NTP NTP Server 1 Enter the primary NTP server It can be an IPv4 address or a domain name Valid characters include alphanumeric characters _ and Maximum length is 64 characters NTP Server 2 Enter the secondary NTP server It can be an IPv4 address or a domain name Valid characters include alphanumeric characters _ and Maximum length is 64 char...

Page 15: ...15 ...

Page 16: ... characters are allowed Password Enter the Password to login to your SMTP server The Password can include up to 32 characters Special characters are allowed Email Address for Logs Enter the email address the log messages are to be sent to Valid characters include alphanumeric characters _ and Maximum length is 64 characters Log Queue Length Enter the length of the queue up to 500 log messages The ...

Page 17: ...Management Access Go to Configuration Administration and select Management Access page to configure the management methods of the access point 17 ...

Page 18: ...to HTTP clients and servers Enable to allow Web access by HTTPS protocol HTTPS Port Specify the port for HTTPS It can be 443 default or from 1024 to 65535 From Wireless Enable wireless devices to connect to access point s admin page Disabled by default Access Control By default no IP addresses are prohibited from accessing the device s admin page You can enable access control and enter specified I...

Page 19: ...ttings Configure the SNMPv3 settings if you want to use SNMPv3 Username Enter the username It includes 0 to 32 characters Special characters are allowed Authentication Protocol None or HMAC MD5 Authentication Key 8 to 32 characters Special characters are allowed Privacy Protocol None or CBC DES Privacy Key 8 to 32 characters Special characters are allowed Access Control Access Control When SNMP is...

Page 20: ...SSL Certificate Go to Configuration Administration and select SSL Certificate to manage the SSL certificate used by HTTPS 20 ...

Page 21: ...erver Only support IPv4 address here Export Click to export the SSL certificate to the TFTP server Restore from TFTP Server Source File Enter the name of the source file TFTP Server Enter the IP address for the TFTP server Only support IPv4 address here Install Click to install the file to the device LAN Network Setup Go to Configuration LAN Network Setup to configure basic device settings VLAN se...

Page 22: ...22 ...

Page 23: ...the untagged traffic VLAN ID or change the VLAN ID for a SSID Untagged VLAN ID Specifies a number between 1 and 4094 for the untagged VLAN ID The default is 1 Traffic on the VLAN that you specify in this field is not be tagged with a VLAN ID when forwarded to the network Untagged VLAN ID field is active only when untagged VLAN is enabled VLAN 1 is the default for both untagged VLAN and management ...

Page 24: ...Advanced Go to Configuration LAN Advanced this screen to configure advanced network settings of the access point 24 ...

Page 25: ...d The option can be 10M 100M or 1000M default Operational Port Speed Displays the current port speed of the Ethernet port Duplex Mode Select the duplex mode of the Ethernet port Available only when Auto Negotiation is disabled The option can be Half or Full default Operational Duplex Mode Displays the current duplex mode of the Ethernet port Flow Control Enable or disable flow control of the Ether...

Page 26: ...ial characters are allowed Discovery Settings Bonjour Enable if administrator wants the access point to be discovered by Bonjour enabled devices automatically If VLAN is enabled the discovery packets will be sent out via management VLAN only The access point supports http and https services LLDP Enable if administrator wants the access point to be discovered by switch by LLDP protocol Information ...

Page 27: ...rsion 6 IPv6 suite MLD is used by IPv6 routers for discovering multicast listeners on a directly attached link much like IGMP is used in IPv4 Multicast Listener Discovery MLD Snooping provides multicast containment by forwarding traffic only to those clients that have MLD receivers for a specific multicast group destination address The access point maintains the MLD group membership information by...

Page 28: ...28 ...

Page 29: ...e desired option for radio 2 N A Mixed allow connection by 802 11A and N wireless stations only N only allow connection by 802 11N wireless stations only AC only allow connection by 802 11AC wireless stations only A N AC Mixed allow connection by 802 11A 802 11N and 802 11AC wireless stations Wireless Channel Select wireless channel of the radio If Auto is selected the access point will select the...

Page 30: ...s cannot communicate with others in the same SSID It s disabled by default VLAN ID Enter the VLAN ID of the SSID Used to tag packets which are received from the wireless clients of the SSID and sent from Ethernet or WDS interfaces Applicable only when VLAN function is enabled VLAN function can be configured in Configuration LAN Network Setup screen Max Clients Enter the number of clients that can ...

Page 31: ...and offers even greater security using the AES Advanced Encryption Standard method WPA WPA2 Personal This method sometimes called Mixed Mode allows clients to use either WPA Personal with TKIP or WPA2 Personal with AES WPA2 Enterprise Requires a RADIUS Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA2 standard I...

Page 32: ...d so no key input is required WPA WPA2 Enterprise This method sometimes called Mixed Mode allows clients to use either WPA Enterprise with TKIP or WPA2 Enterprise with AES RADIUS RADIUS mode utilizes RADIUS server for authentication and dynamic WEP key generation for data encryption WEP This is the 802 11b standard Data is encrypted before transmission but the encryption system is not very strong ...

Page 33: ...it Encryption Keys are 26 Hex characters Passphrase Generate a key or keys instead of entering them directly Enter a word or group of printable characters in the Passphrase box and click the Generate button to automatically configure the WEP key It consists of 1 to 30 characters Key Value Enter a key in hexadecimal format Note Due to hardware limitation one set of WEP key is supported per radio WP...

Page 34: ...om 600 to 36000 and default is 3600 WPA automatically changes secret keys after a certain period of time The group key interval is the period of time in between automatic changes of the group key which all devices on the network share Constantly keying the group key protects your network against intrusion as the would be intruder must cope with an ever changing secret key WPA WPA2 Personal This me...

Page 35: ...atically changes secret keys after a certain period of time The group key interval is the period of time in between automatic changes of the group key which all devices on the network share Constantly keying the group key protects your network against intrusion as the would be intruder must cope with an ever changing secret key WPA2 Enterprise This version of WPA2 Enterprise requires a RADIUS Serv...

Page 36: ...36 ...

Page 37: ...812 Backup Shared Secret Enter the key value to match the Backup RADIUS Server It consists of 1 to 64 characters WPA Algorithm The encryption method is AES Key Renewal Timeout Specify the value of Group Key Renewal It is a value from 600 to 36000 and default is 3600 WPA automatically changes secret keys after a certain period of time The group key interval is the period of time in between automati...

Page 38: ...38 ...

Page 39: ...e from 1 to 65534 and default is 1812 Backup Shared Secret Enter the key value to match the Backup RADIUS Server It consists of 1 to 64 characters WPA Algorithm The encryption method is TKIP or AES Key Renewal Timeout Specify the value of Group Key Renewal It is a value from 600 to 36000 and default is 3600 second WPA automatically changes secret keys after a certain period of time The group key i...

Page 40: ...s Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RADIUS Server It is a value from 1 to 65534 and default is 1812 Backup Shared Secret Enter the key value to match the Backup RADIUS Server It consists of 1 to 64 characters Rogue AP Detection Go to Configur...

Page 41: ...41 ...

Page 42: ...ignal level of the Rogue AP Trusted AP List Action Click Untrust to move the AP to the Rogue AP List MAC Address The MAC address of the Trusted AP SSID The SSID of the Trusted AP Channel The channel of the Trusted AP Security The security method of the Trusted AP Signal The signal level of the Trusted AP New MAC Address Add one trusted AP by MAC address Scheduler Go to Configuration Wireless Sched...

Page 43: ...43 ...

Page 44: ...d Scheduler is inactive because system time is outdated Administrative Mode is disabled Scheduler is disabled by administrator Active Scheduler is active Scheduler Profile configuration New Profile Name Enter the name for new profile Profile Name Select the desired profile from the list to configure Day of the Week Select the desired day from the list Option None means this time rule is disabled S...

Page 45: ...ociated with the SSID If the profile associated with the SSID is deleted then the association will be removed Option None means no scheduler profile is associated Interface Status The status of the SSID It can be Enabled or Disabled Scheduler only works when the SSID is enabled Connection Control Go to Configuration Wireless Connection Control to define whether listed client stations may authentic...

Page 46: ...46 ...

Page 47: ...to 20 MAC addresses of wireless stations or choose the MAC address RADIUS Primary Backup RADIUS Server Enter the IP address of the RADIUS Server Primary Backup RADIUS Server Port Enter the Port number of the RADIUS Server Primary Backup Shared Secret This is shared between the wireless access point and the RADIUS Server while authenticating the device attempting to connect Disabled Rate Limit Go t...

Page 48: ...io 1 and from 0 to 800 Mbps for Radio 2 0 means no limitation Downstream Rate Enter a maximum downstream rate for the SSID The range is from 0 to 300 Mbps for Radio 1 and from 0 to 800 Mbps for Radio 2 0 means no limitation QoS Go to Configuration Wireless QoS Quality of Service to specify priorities for different traffic coming from your wireless client Lower priority traffic will be slowed down ...

Page 49: ...49 ...

Page 50: ...r access categories voice video best effort and background For an application to receive the benefits of WMM QoS both it and the client running that application have to have WMM enabled Legacy applications that do not support WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than voice and video WMM is enabled by default WDS Go to...

Page 51: ...51 ...

Page 52: ...tatic channel is configured on both APs Do not use Auto channel option when you enable WDS as both APs in a WDS link must be on the same radio channel If Auto option is configured there is chance two access points run on different channels and WDS link cannot establish Workgroup Bridge and WDS will not work at the same time on one wireless radio When Workgroup Bridge is enabled WDS will be disable...

Page 53: ...wing settings of the device are identical to the WDS Root that will be connected Radio IEEE 802 11 Mode Channel Bandwidth Channel Note It is highly recommended that static channel is configured on both APs Do not use Auto channel option when you enable WDS as both APs in a WDS link must be on the same radio channel If Auto option is configured there is chance two access points run on different cha...

Page 54: ...00 500 600 700 800 Security Mode The type of encryption to use on the WDS link It must be unique to the access point on the other end of the WDS link The options are Disabled WPA Personal WPA2 Personal WPA Enterprise or WPA2 Enterprise Status Status of the WDS interface It can be Disabled Connected or Not Connected Workgroup Bridge Go to Configuration Wireless Workgroup Bridge to extend the access...

Page 55: ...55 ...

Page 56: ... radio channel If Auto option is configured there is chance two access points run on different channels and Worgroup Bridge link cannot establish Remote AP Settings SSID Enter the name of the SSID to which Workgroup Bridge will connect Click Site Survey button to choose from the list You must do this for Workgroup Bridge to connect to a remote access point Remote MAC Address Normally Workgroup Bri...

Page 57: ...ct the desired mode from the list Disabled WPA Personal WPA2 Personal WPA Enterprise WPA2 Enterprise Advanced Settings Go to Configuration Wireless Workgroup Bridge to configure advanced parameters of wireless radios 57 ...

Page 58: ...ess Radio Select the desired radio from the list Radio 1 is for 2 4 GHz and Radio 2 is for 5 GHz Worldwide Mode 802 11d Worldwide Mode 802 11d enables the access point to direct connected wireless devices to radio settings specific to where in the world the devices are in use Channel Bandwidth Select the designed channel bandwidth for the wireless radio 20MHz Select if you are not using any 802 11...

Page 59: ...transmissions of beacon frames The value range is between 40 and 1000 milliseconds and default is 100 milliseconds DTIM Interval Enter the Delivery Traffic Information Map DTIM period an integer from 1 to 255 beacons The default is 1 beacon The DTIM message is an element included in some beacon frames It indicates which client stations currently sleeping in low power mode have data buffered on the...

Page 60: ...ntation threshold an integer from 256 to 2346 The default is 2346 The fragmentation threshold is a way of limiting the size of packets frames transmitted over the network If a packet exceeds the fragmentation threshold you set the fragmentation function is activated and the packet is sent as multiple 802 11 frames If the packet being transmitted is equal to or less than the threshold fragmentation...

Page 61: ...ss network Users must enter authentication credentials before their wireless client devices can access the Internet Global Configuration Go to Configuration Captive Portal Global Configuration to change settings and modify captive portal authentication access port number if needed 61 ...

Page 62: ...ditional HTTP Port is enabled define an additional port for HTTP protocol The value can be 80 or 1024 to 65535 and is 80 by default The HTTP Port must be different from the HTTP port in Administration Management Access page Additional HTTPS Port HTTPS portal authentication uses the HTTPS management port by default You can configure an additional port for that process HTTPS Port Once Additional HTT...

Page 63: ...63 ...

Page 64: ...d wireless clients will be directed after logging in at Captive Portal Choose Original URL or Promotion URL Redirect to Original URL If Landing Page is enabled this setting redirects authenticated wireless clients from the Captive Portal login screen to the URL the user typed in Promotion URL Enter a URL to which authenticated clients will be redirected from the Captive Portal login page Landing P...

Page 65: ...be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RADIUS Server Backup Shared Secret Enter the key value to match the Backup RADIUS Server Password Only Authentication Password The password for the profile Wireless clients only need one password to access the wireless network Local User Go to Configuration Ca...

Page 66: ...user account The password must be between 4 and 32 characters in length Special characters except and are allowed Confirm Password Re enter the password to confirm it Local Group Go to Configuration Captive Portal Local Group to configure group settings Groups include multiple local users and are mapped to Captive Portal profiles Up to two groups are supported 66 ...

Page 67: ...onfigure its user members Members User members of the selected group You can select one user and click button to remove it Other Users Other users which don t belong to the selected group You can select one user and click button to add it into the group Web Customization Go to Configuration Captive Portal Web Customization to customize the authentication web page of Captive Portal 67 ...

Page 68: ...68 ...

Page 69: ...ustomize text to go with the login box Default text for different authentication options Local Authentication Radius Authentication You can log in using your username and password Password Only Authentication You can log in using your password Local Authentication Click Connect to log in User Label Customize the username text box Enter up to 16 characters The default is Username Password Label Cus...

Page 70: ...nticated The default is You have logged on successfully Please keep this window open when using the wireless network Failure Text Customize the text that shows when authentication fails Enter up to 128 characters The default is Bad username or password Profile Association Go to Configuration Captive Portal Profile Association to associate defined Captive Portal profiles with SSIDs 70 ...

Page 71: ...d with the SSID If the profile associated with the SSID is deleted then the association will be removed If None is selected it means no profile is associated Client Information Go to Configuration Captive Portal Client Information to view the status of wireless clients that are authenticated by Captive Portal 71 ...

Page 72: ...the value is fixed to 0 the session won t time out Measured in seconds Cluster The cluster function provides a centralized method to administer and control wireless services across multiple devices When access points are clustered you can view deploy configure and secure the wireless network as a single entity Note Firmware version 1 1 0 or above support cluster feature If your device has legacy f...

Page 73: ...s IGMP MLD Snooping Wireless Network Mode SSID Settings Wireless Security Rogue AP Detection Wireless Scheduler Wireless Scheduler Association Wireless Connection Control Rate Limit QoS Advanced Wireless Settings Captive Portal Settings Ethernet Port Settings VLAN Settings These configurations are not shared by clustered access points IP Settings WDS Output Power Hostname Workgroup Bridge Wireless...

Page 74: ...n and assign the access point to be the master Note If system detects there is one Master already existed in the same cluster the new access point that likes to become master will be assigned to slave automatically Slave Enable the cluster function and assign the access point to be the slave Note When the cluster function is enabled WDS and workgroup bridge will be disabled automatically 74 ...

Page 75: ...Master 75 ...

Page 76: ...xample lab cluster All access points with the same cluster name belong to the same cluster Length of this value is from 4 to 32 bytes and special characters are allowed This is a mandatory field if the cluster function is turned on Backup Master When an access point works as a cluster slave it can be enabled as a backup master When master gets offline it will take the role of master When the backu...

Page 77: ...s point to which the client connects User MAC MAC address of the client Online Time Displays how long this client has been online since it is authenticated Unit is second Link Rate Indicates the link rate of the client Unit is Mbps Signal The signal strength of the client is displayed Unit is dBm Rx Total The total bytes which are received from the client by the access point Unit is Byte Tx Total ...

Page 78: ...cally assigns radio channels within a cluster Auto channel assignment reduces mutual interference or interference with other access points outside of its cluster and maximizes Wi Fi bandwidth to help maintain efficient communication over the wireless network 78 ...

Page 79: ...iately Scan according to the day time specified No Clients Scan only if no clients are connected to the wireless radio If there are clients connected the access point will complete the Auto Channel operation the next scheduled time when no clients are connected Current Channels Type Member type of the access point It can be Master Slave or Backup Master Location Where the access point is physicall...

Page 80: ...Chapter 4 System Status Status System Summary Go to System Status Status System Summary for status of the access point 80 ...

Page 81: ...nt Serial Number The serial number of the device Host Name The host name assigned to the access point System Up Time How long the system has been running since the last restart or reboot System Time The current date and time Power Source The power source of the access point It can be Power over Ethernet PoE or Power Adapter When two power sources are plugged in Power Adaptor will be displayed Butt...

Page 82: ...82 ...

Page 83: ...ange the untagged traffic VLAN ID or change the VLAN ID for a SSID Untagged VLAN ID Displays the untagged VLAN ID Traffic on the VLAN that you specify in this field is not be tagged with a VLAN ID when forwarded to the network VLAN 1 is the default ID for untagged VLAN and management VLAN Management VLAN Displays the Management VLAN ID The VLAN associated with the IP address you use to connect to ...

Page 84: ...ch the wireless access point is attached the same value as the PCs on that LAN segment Primary DNS The primary DNS address provided by the DHCP server or configured manually Secondary DNS The secondary DNS address provided by the DHCP server or configured manually Wireless Status Go to System Status Status Wireless Status to see settings and status of wireless radios and SSIDs 84 ...

Page 85: ...only the 20 MHz channel is in use When set to 20 40 MHz Wireless N connections will use 40 MHz channel but Wireless B and Wireless G will still use 20 MHz channel SSID Status Interface SSID index SSID Name Name of the SSID Status Status of the SSID Enabled or Disabled MAC Address MAC Address of the SSID VLAN ID VLAN ID of the SSID Priority The 802 1p priority of the SSID Scheduler State N A No sch...

Page 86: ...s received Remote MAC MAC Address of the destination access point which is on the other end of the WDS link to which data is sent or handed off and from which data is received Connection Status Status of the WDS Station Disabled Connected or Not Connected Workgroup Bridge Status Status Status of the Workgroup Bridge Enabled or Disabled Local MAC MAC address of the Workgroup Bridge Remote SSID SSID...

Page 87: ...ch the client connects Client MAC The MAC address of the client SSID MAC MAC of the SSID to which the client connects Link Rate The link rate of the client Unit is Mbps RSSI The signal strength of the client Unit is dBm Online Time How long this client has been online Unit is seconds Statistics Go to System Status Status Statistics to see real time statistics on data transmitted and received based...

Page 88: ...88 ...

Page 89: ...ed table by the interface Total Dropped Packets The total number of dropped packets sent in Transmit table or received in Received table by the interface Total Dropped Bytes The total number of dropped bytes sent in Transmit table or received in Received table by the interface Errors The total number of errors related to sending and receiving data on this interface Log View Go to System Status Sta...

Page 90: ...Log Messages Log Messages Show the log messages Buttons Refresh Update the data on screen Save Save the log to a file on your PC Clear Delete the existing logs from device 90 ...

Page 91: ... firmware upgrade by following the steps below If an access point works as master of an AP cluster all slaves within the same cluster will be updated as well Do not power off the device or disconnect the Ethernet cable during the upgrade The access point will reboot automatically after the upgrade is complete To perform the firmware upgrade from local PC 1 Click Choose File to navigate to the loca...

Page 92: ...the OK on the popup dialogue box to start the firmware download and upgrade if a new version of firmware is available Configuration Backup Restore Go to Maintenance Maintenance Configuration Backup Restore to download the configuration file from the device You can save it to external storage e g your PC or network storage You can also upload a previously saved configuration file from external stor...

Page 93: ...and select the previously saved backup file 3 Click Restore Backup Restore to from TFTP server Backup Configuration To create a backup file of the current settings 1 Enter the destination file name you plan to save in TFTP server 2 Enter the IP address for the TFTP server Only IPv4 addresses are supported 3 Click Backup Restore Configuration To restore settings from a backup file 1 Enter the sourc...

Page 94: ...f a cluster select this option to restore all sharable parameters of current AP and its slaves to factory defaults Cluster settings and non sharable parameters will not reset Reset All Parameters to Factory Default No Don t restore to factory defaults Reboot Go to Maintenance Maintenance Reboot to power cycle the device The current configuration file will remain after reboot 94 ...

Page 95: ...eboot If you click Save when the Yes radio button is selected the device will power cycle Diagnostics Ping Test Go to Maintenance Diagnostics Ping Test to determine the accessibility of a host on the network 95 ...

Page 96: ...Size Enter the size of the packet Times to Ping Select the desired number from the drop list 5 10 15 Unlimited Packet Capture Go to Maintenance Diagnostics Packet Capture to capture and store 802 3 packets received and transmitted by the access point based on one specified network interface The network interface can be radio SSID or LAN 96 ...

Page 97: ...store the packets Stop Capture Click to stop the capture Diagnostic Log Go to Go to Maintenance Diagnostics Diagnostic Log to get system detail information such as configuration file system status and statistics data hardware information operational status The information is useful in troubleshooting and working with technical support Click Download to download the device diagnostic log into a loc...

Page 98: ...be the case You can use the following method to determine the IP address of the wireless access point and then try to connect using the IP address instead of the name To find the access point s IP address 1 Open a MS DOS Prompt or Command Prompt Window 2 Use the Ping command to ping the wireless access point Enter ping followed by the default name of the wireless access point Default name is lap f...

Page 99: ...ecurity settings on the PC match the settings on the access point On the PC the wireless mode is set to Infrastructure If using the Access Control feature the PC s name and address is in the Trusted Stations list If using 802 1x mode ensure the PC s 802 1x software is configured correctly See Appendix C p 106 for details of setup for the Windows XP 802 1x client If using a different client refer t...

Page 100: ...irectly with each other Infrastructure Mode In Infrastructure Mode one or more access points are used to connect wireless stations e g notebook PCs with wireless cards to a wired Ethernet LAN The wireless stations can then access all LAN resources Note Access points can only function in Infrastructure Mode and can communicate only with wireless stations that are set to Infrastructure Mode SSID ESS...

Page 101: ...sing multiple access points it is better if adjacent access points use different channels to reduce interference The recommended channel spacing between adjacent access points is five channels e g use Channels 1 and 6 or 6 and 11 In Infrastructure Mode wireless stations normally scan all channels looking for an access point If more than one access point can be used the one with the strongest signa...

Page 102: ...er s wireless client must support 802 1X and provide the login data when required All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required WPA2 Enterprise This version of WPA2 requires a RADIUS server on your LAN to provide the client authentication according to the 802 1X standard Data transmissions are encrypted using the WPA2 standar...

Page 103: ...r Each user must have a user login on the RADIUS server Each user s wireless client must support 802 1X and provide the login data when required All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 103 ...

Page 104: ...of each wireless station is also more complex Using WEP For each of the following items each wireless station must have the same settings as the wireless access point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the wireless access point The default value is LinksysSMB24G for radio 1 and LinksysSMB5G for radio 2 Note The SSID is case sensitive...

Page 105: ...ive Wireless Security On each client wireless security must be set to WPA2 PSK The pre shared key entered on the access point must also be entered on each wireless client The encryption method e g TKIP AES must be set to match the access point Using WPA2 Enterprise This is the most secure and most complex system WPA Enterprise mode provides greater security and centralized management but it is mor...

Page 106: ...the RADIUS server on your network must be configured as follows It must provide and accept certificates for user authentication There must be a client login for the wireless access point itself The wireless access point will use its default name as its client login name However your RADIUS server may ignore this and use the IP address instead The Shared Key set on the Security screen of the access...

Page 107: ... 3 Ensure that the following components are selected Certificate Services After enabling this you will see a warning that the computer cannot be renamed and joined after installing certificate services Select Yes to select certificate services and continue World Wide Web Server Select World Wide Web Server on the Internet Information Services IIS component From the Networking Services category sel...

Page 108: ...hange the CA s configuration data 8 Installation will warn you that Internet Information Services are running and must be stopped before continuing Click OK then Finish DHCP server configuration 1 Click on Start Programs Administrative Tools DHCP 2 Right click on the server entry and select New Scope 108 ...

Page 109: ...ary Click Next 6 Add exclusions in the address fields if required If no exclusions are required leave it blank Click Next 7 Change the Lease Duration time if preferred Click Next 8 Select Yes I want to configure these options now and click Next 9 Enter the router address for the current subnet The router address may be left blank if there is no router Click Next 109 ...

Page 110: ...ant to activate this scope now Click Next then Finish 13 Right click on the server and select Authorize It may take a few minutes to complete Certificate Authority Setup 1 Select Start Programs Administrative Tools Certification Authority 2 Right click Policy Settings and select New Certificate to Issue 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctr...

Page 111: ...t Programs Administrative Tools Active Directory Users and Computers 5 Right click on your active directory domain and select Properties 6 Select the Group Policy tab choose Default Domain Policy then click Edit 111 ...

Page 112: ...n Windows Settings Security Settings Public Key Policies right click Automatic Certificate Request Settings New Automatic Certificate Request 8 When the Certificate Request Wizard appears click Next 9 Select Computer click Next 112 ...

Page 113: ...e Authority is checked click Next 11 Review the policy change information and click Finish 12 Click Start Run type cmd and press Enter Enter secedit refreshpolicy machine_policy This command may take a few minutes to take effect 113 ...

Page 114: ... address or name of the wireless access point and set the shared secret as entered on the Security Settings of the wireless access point 5 Click Finish 6 Right click on Remote Access Policies select New Remote Access Policy 7 Assuming you are using EAP TLS name the policy eap tls and click Next 8 Click Add If you don t want to set any restrictions and a condition is required select Day And Time Re...

Page 115: ...lect Grant remote access permission Click Next 11 Click Edit Profile and select the Authentication tab Enable Extensible Authentication Protocol and select Smart Card or other Certificate Deselect other authentication methods listed Click OK 115 ...

Page 116: ...12 Select No if you don t want to view the help for EAP Click Finish 116 ...

Page 117: ... 1x client implementation If using Windows 2000 you can install SP3 Service Pack 3 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to your vendor s documentation for setup instructions The following instructions assume You are using Windows XP You are connecting to a Windows 2000 server for a...

Page 118: ...ddress box enter the IP address of the Windows 2000 Server followed by certsrv e g http 192 168 0 2 certsrv 3 You will be prompted for a user name and password Enter the User name and Password assigned to you by your network administrator and click OK 4 On the first screen below select Request a certificate click Next 118 ...

Page 119: ...5 Select User certificate request and select User Certificate click Next 6 Click Submit 119 ...

Page 120: ...7 A message will be displayed and the certificate will be returned to you Click Install this certificate 8 You will receive a confirmation message Click Yes 120 ...

Page 121: ...ontrol Panel Network Connections 2 Right click on the Wireless Network Connection and select Properties 3 Select the Authentication tab and ensure that Enable network access control using IEEE 802 1X is selected and Smart Card or other Certificate is selected from the EAP type 121 ...

Page 122: ...works typically use EAP TLS This is a dynamic key system so there is no need to enter key values Enabling Encryption To enable encryption for a wireless network 1 Click on the Wireless Networks tab 2 Select the wireless network from the Available networks list and click Configure 3 Select and enter the correct values as advised by your Network Administrator For example to use EAP TLS you would ena...

Page 123: ...without WPA This is very similar to using WPA Enterprise The only difference is that on your client you must NOT enable the setting The key is provided for me automatically Instead you must enter the WEP key manually ensuring it matches the WEP key used on the access point 123 ...

Page 124: ...some systems the 64 bit WEP key is shown as 40 bit and the 128 bit WEP key is shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 124 ...

Page 125: ...LNKPG 00113 Rev B00 125 ...