peplink PePLink Surf, User Manual

Page 1: ...PePLink Surf User s Manual Document Version 2 6 Firmware Version 6 0 4 Date 2006 02 10 ...

Page 2: ... 2 Settings Details 11 4 3 Advanced Settings Port Forward 13 4 4 WPA WPA2 with 802 1x Authentication 14 4 5 Test the Setup 17 4 6 Firmware Upgrade 18 4 7 Debug Page 19 4 8 Restore to Factory Defaults 20 4 9 System Settings 21 5 Appendix Demo CA and Server Certification Generation Instructions 26 5 1 Prerequisite 26 5 2 Create your own Certificate Authority CA 26 5 3 Create a server certificate req...

Page 3: ...hout the prior written permission of PePLink Ltd 2 Disclaimer PePLink does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent right nor the patent rights of others PePLink further reserves the right to make changes in any products described herein without notice This documentation is subjec...

Page 4: ...02 1x if needed on start up Upon successful association and authentication it will acquire an IP address from the service provider using DHCP A DHCP server is built in on its LAN port Network Address Translation is performed for all outbound connections Thus it supports multiple terminals to access the Internet simultaneously 3 1 Features 10 100 Ethernet interface with auto crossover detection Res...

Page 5: ...f 30 3 2 Hardware Setup 1 Attach the provided antenna to the left most antenna connector 2 Connect the LAN port to the computer s Ethernet port with an Ethernet cable 3 Connect the end of the included power adapter to the power socket labeled DC 5V on PePLink Surf 4 Power on the power adaptor ...

Page 6: ...up Upgrading firmware Green On Ethernet is connected Green Blinking Sending Receiving data LAN Off Ethernet is not connected Green On Associated with an access point Green Blinking Sending Receiving data Wi Fi Off Not associated with any access point This is the Signal Strength and Status LED state conversion table Received Signal Strength Status LED Indication on the web based power meter 70 Soli...

Page 7: ... obtain an IP address automatically If you do so you should have set it up correctly In order to do so select the Start menu Control Panel and then Network Connections Right click on the Local Area Connection icon choose Properties double click on the item Internet Protocol TCP IP from the list On the screen just set it as follows Click the OK button to confirm the change ...

Page 8: ... Mozilla Firefox etc Visit an Internet web site If you are not associated to an access point you should be redirected to a logon page Or you can go also go to this URL http 192 168 20 1 The page will look like this Once it is associated to an access point you can also access the page from this URL https wan ip addr here 8000 Login ID and password are admin and MSurf000 ...

Page 9: ...d network name According to the setting of the Access Point you are associating to you may choose different Authentication setting If Static WEP key or WPA WPA2 Personal is selected input the Encryption Key field as well Click the Save button at the bottom to complete You can now click the Connect link on the top bar and then click the Connect button to associate with the access point There are al...

Page 10: ...User s Manual v2 6 Copyright 1999 2006 PePLink Ltd All Rights Reserved Page 10 of 30 At this point you are associated with the access point You may now close the web browser and open a new one to start web browsing ...

Page 11: ...DHCP server or not If enabled the IP address range can be configured Wireless Settings SSID To configure the SSID ESSID Network Name of the wireless network to associate to Radio Mode It allows the user to choose between radio modulations support E g 802 11b g 802 11g only 802 11b etc The available settings depend on the Wi Fi module installed on the device Note Under 802 11g only mode 802 11b rat...

Page 12: ...eferred AP The MAC address of a preferred access point can be entered here When the preferred access point is found and its signal strength is higher than the Min Signal Strength it will connect to this preferred access point no matter the other access points are found even they have higher signal strength or the same SSID WAI redirection If the device is not connected to an access point and the u...

Page 13: ...s forwarding inbound TCP and UDP connections to servers on the LAN For example if your PC is hosting a web server and you want to let Internet users access it you should define a rule on a role Enter 80 and 80 for the Port Range Select TCP for the protocol Enter the PC s IP address to the IP Address field Click the Save button to save and apply the changes ...

Page 14: ... CHAP is used as the EAP authentication method You can change this setting in the System Settings page Please refer to chapter 4 9 3 4 4 1 Configure the PePLink Surf To enable the 802 1x authentication you can go to the CPE Setup page choose WPA for the Authentication setting and leave the WEP key setting empty Certificate checking By default the PePLink Surf does not verify the radius server s ce...

Page 15: ...set up It is a product of Open System Consultants Pty Ltd Radiator version 3 9 is known to be interoperable Any version above 3 9 should work too Just follow the server s installation guide to install it on a server After installed you should put the root cert file and server cert file to a directory update radiator s configuration file and the users files A demo CA cert file cacert pem a server c...

Page 16: ...or Trace 4 Client DEFAULT Secret testing123 DupInterval 0 Client Realm DEFAULT AuthBy FILE Filename etc radiator users EAPType TTLS EAPTLS_CAFile etc radiator cacert pem EAPTLS_CertificateFile etc radiator server_cert pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile etc radiator server_key pem EAPTLS_RandomFile dev urandom EAPTLS_PrivateKeyPassword demoserver EAPTLS_MaxFragmentSize 1000 AutoMP...

Page 17: ...Rights Reserved Page 17 of 30 4 5 Test the Setup To test to setup you can now go to the PePLink Surf s Main page enter the user name and password The realm the text box next to the sign value can be left empty Then click the Connect button After connected you should see ...

Page 18: ...heck whether a newer firmware the software running on the PePLink Surf is available To do so click the link Firmware Upgrade on the top bar You will see this screen Click the Check for new firmware on the screen If there is a firmware available you can simply click a Download and Upgrade button During an upgrade please do not interrupt the process ...

Page 19: ...Fi modes scanned access points information and WAN connection information For the Scanned AP section the scanned result may not be up to date You can click the Scan again button to update the scanned AP list But note that while it is connected to an AP clicking the button may drop the connection On the page bottom you are allowed to download a debug dump file and configuration file In case you nee...

Page 20: ...faults there are two methods If you are able to access the web admin interface go to the CPE Setup page and click the Restore and Reboot button Otherwise you can also power up the unit and wait for about 1 min Then press the Reset button at the rear side of the unit using a pin and then hold it for 5 secs The unit will restore the settings to factory defaults and reboot ...

Page 21: ... 30 4 9 System Settings Some system settings are hidden from the end users They are for the service provider to change some system specific settings To access the page type this URL on your browser http 192 168 20 1 ss The page s login ID and password are admin and MSurf000 The page is like this ...

Page 22: ...umber is entered here It must be between 1024 and 65535 The default port number is 8000 4 9 2 Web Administration Password This is to change the web administration interface s access password when accessing to http ip addr ss from LAN or https wan ip addr from WAN The login name is admin 4 9 3 EAP Types For the authentication methods 802 1x with dynamic WEP key and WPA WPA2 Enterprise the EAP type ...

Page 23: ...or to get some basic system information and to toggle the unit s Status LED for troubleshooting The agent can only be accessed from administration network only Please refer to chapter 4 9 5 This section is for configure the SNMP agent s access permission Toggling the LED The unit s Status LED can be toggled by using SNMP The purpose is for customer officer to remotely control a ...

Page 24: ...esses are allowed to access the ssh server and the SNMP agent 4 9 6 PePLink Management System settings The Surf units can be managed by the PePLink Management System PMS The PMS is divided into several sub systems This section is for configuring which sub system the Surf should communicate to They include Firmware server Status Server Configuration Server and Custom Message Server ...

Page 25: ...s setting is disabled If the packet that the Surf is transmitting is larger than the threshold it will initiate the CTS RTS function The up stream and down stream bandwidth are for controlling the maximum up link and down link bandwidth that the user can consume The unit is bit per second Setting them to 0 will disable the bandwidth control The default value is 0 ...

Page 26: ... touch index txt 2 Create a private key for your CA for example openssl genrsa des3 passout pass democa out private cakey pem 2048 A CA private key called cakey pem is then created in the directory private This is a 2048bit RSA private key with pass phrase democa 3 Create the server certificate for your CA for example openssl req new x509 days 8000 key private cakey pem passin pass democa out cace...

Page 27: ... hostname demoCA Email Address The CA server certificate is now generated in cacert pem 4 In some applications e g Microsoft Windows DER version of server certificate is needed openssl x509 outform DER in cacert pem out cacert der The CA server certificate in DER format is now ready in cacert der 5 3 Create a server certificate request from your servers 1 Create your working directory e g myCert m...

Page 28: ...ve some blank For some fields there will be a default value If you enter the field will be left blank Country Name 2 letter code GB US State or Province Name full name Berkshire US Locality Name eg city Newbury US Organization Name eg company My Company Ltd Organizational Unit Name eg section Common Name eg your name or your server s hostname myserver com Email Address Please enter the following e...

Page 29: ...ntryName US stateOrProvinceName US localityName US organizationName My Company Ltd commonName myserver com X509v3 extensions X509v3 Basic Constraints CA FALSE Netscape Comment OpenSSL Generated Certificate X509v3 Subject Key Identifier 0E D5 E9 F6 A5 B6 88 51 EB 22 8C ED C3 AA 17 A1 A8 FC EC 92 X509v3 Authority Key Identifier keyid 85 B5 08 F3 21 1B 99 5D E1 4B D1 57 2C EC 9C 00 A2 F4 24 9B DirNam...

Page 30: ... protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interferen...