Browan BW1253S, User Manual

Page 1: ...Single Radio 802 11a b g n Indoor Access Point BW1253s User s Guide v1 0 ...

Page 2: ...able only to the degree specified in the terms of sale and delivery The reproduction and distribution of the documentation and software supplied with this product and the use of its contents is subject to written authorization from BROWAN Trademarks The product described in this book is a licensed product of BROWAN Microsoft Windows 95 Windows 98 Windows Millennium Windows NT Windows 2000 Windows ...

Page 3: ... which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radi...

Page 4: ...twork 11 Access to your access point 12 Configuration 12 CHAPTER 3 REFERENCE MANUAL AP MODE 14 Web Interface 14 Status 15 Status Device Status 15 Status Wireless Status 17 Status Interface Statistics 17 Network 19 Network Interface 19 Network Bridge 20 Network Attack Countermeasure 21 Network RADIUS Server 22 Network RADIUS Properties 26 Network DHCP 27 Network DHCP Lease 31 Network Link Integrity...

Page 5: ...ork PPPoE 82 Network L2TP 83 Network RADIUS Server 85 Network RADIUS Properties 89 Network DNS 91 Network DHCP 92 Network DHCP Lease 95 Network Static Route 95 Network Attack Countermeasure 96 Network Link Integrity 96 Network Tr069 Settings 98 Wireless 101 Wireless Basic 101 Wireless Advanced 107 Wireless WEP 114 Wireless MAC ACL 116 User 119 User Users 119 User Station Supervision 121 User User ...

Page 6: ... Pages Overview 151 Welcome Page 151 Login Page 151 Logout Page 152 Help Page 153 Unauthorized Page 154 Example for External Pages 154 Example for Internal Pages 157 Extended UAM 160 Parameters Sent to WAS 162 CHAPTER 6 CUSTOMIZED USER PAGE HTML 166 Set up your customized user page 166 FAQ 171 APPENDIX 172 A Specification 172 B Factory Defaults for the BW1253s 173 Network Interface Configuration S...

Page 7: ... solid understanding of software installation procedures for network operating systems under Microsoft Windows 95 98 Millennium 2000 NT and Windows XP and general networking operations and troubleshooting knowledge Conventions Used in this Document The following typographic conventions and symbols are used throughout this document Very important information Failure to observe this may result in da...

Page 8: ... point to multi point bridge Secure and reliable wireless networking BW1253s supports and meets industry security requirement of wide area networking professionals for secured wireless network z Supports VLAN up to 16 VLAN ID z IEEE 802 1x EAP with password certificates and SIM card z 64bits 128bits static and dynamic WEP encryption z Supports Wi Fi Protected Access WPA WPA2 with AES and TKIP supp...

Page 9: ...i Fi standard Superior Wireless Bridging Capability PtP PtMP Support up to 16 BSSID Virtual AP Wi Fi Protected Access WPA and WPA2 with TKIP or AES Wired Equivalent Privacy WEP using static or dynamic key of 64 or 128 bits Anti Interference with Dynamic Channel Allocation DCA Hidden SSID for blocking illegal users accessing Supports 802 1x authentication using EAP TLS EAP TTLS PEAP and SIM MAC Acc...

Page 10: ...omes with the following Indoor Access Point model BW1253s Mount kit Screw Bag Antenna Dual band Dipole Antennas with RP SMA connector 2 units Ethernet patch cable Cat5 UTP 1 5m length 1 unit External power supply Input 100 240VAC 50 60Hz Output 12VDC 1 5A 1 unit Hardware Introduction General Overview Figure 1 BW1253s General View The front panel of BW1253s contains There are several indicator ligh...

Page 11: ... of 10 100Mbps Off Ethernet link is unavailable WiFi 1 Amber the radio is operating Off radio disable STATUS WiFi2 N A table 1 BW1253s led definition The rear panel of BW1253s ANT2 USB Console ETH PoE DC 12V ANT1 Figure 3 rear panel I O port Descriptions of the connectors are given in the following table table 2 BW1253s connectors Item Connector Description 1 ANT1 ANT2 RP SMA Antenna connector 2 D...

Page 12: ...53s Connect to the Power Source and Local Network There are two power supply methods can be used by BW1253s Power over Ethernet equipment 12VDC Power adapter Case 1 Use the BROWAN BE3013 PoE injector DC 48V power adapter BE3013 PoE injector is optional which is non compliant to 802 3af BW1253s is compliant to 802 3af PoE standard Step 1 Place the Access Point on a flat work surface or hang on the ...

Page 13: ...ep 3 Connect the power supply to the Access Point Access to your access point Configuration Now it is ready to access and configure your access point Open web browser and enter ip address The default ip address for your new access point is IP 192 168 2 2 subnet 255 255 255 0 Step 1 Configure your PC with a static IP address on the 192 168 2 x subnet with mask 255 255 255 0 Connect the BW1253s in t...

Page 14: ... of 180 Figure 6 Security alert Figure 7 login page Step 3 After successful administrator log on you will see the main page of the BW1253s Web interface Figure 8 Web interface Management Menu Now you are enabled to perform your configuration ...

Page 15: ...browser window Web Interface The main web management menu is displayed at the top of the page after successfully logging into the system see the figure below From this menu all essential configuration pages are accessed Figure 9 Main Configuration Management Menu The web management menu has the following structure Status Device Status show the status related with the whole device Wireless Status s...

Page 16: ...ttings of BW1253s Watchdog Enable the S W or H W watchdog of BW1253s System Administrator set access permission to your BW1253s System Log check the system log locally or specify address where to send system log file System Mode specify whether the BW1253s works in AP mode or in AP router mode System Info specify some device related information for BW1253s Configuration system configuration utilit...

Page 17: ...ast rebooted System Time show the current time of the BW1253s Wlan1 MAC show the MAC addresses of the wireless interfaces of the BW1253s Free System Memory indicate the memory currently available in the BW1253s Total System Memory indicate the total memory in the BW1253s LAN Mode indicate static IP or DHCP client is used for BW1253s LAN IP address LAN MAC display the Ethernet MAC address LAN IP sh...

Page 18: ...icate the status of MAC ACL feature on BW1253s SSID Number indicate current number of enabled SSID on BW1253s Status Interface Statistics The Interface Statistics shows each network interface status including Input Output bytes packets or error Figure 12 Interface Statistics Interface Name show the name of each network interface where ixp0 is related to LAN interface wlan1_x is related to wireless...

Page 19: ...0 Output Packets show the packets number transmitted out of the network interface Output Errors show the packets number which contain errors preventing them from being transmitted out correctly Refresh get the updated network interface information ...

Page 20: ...e gateway For Bridge type interfaces the gateway is always the gateway router Protocol specify static for setting IP address manually and dhcp for getting IP address dynamically acting as DHCP client VLAN Enable or disable VLAN on LAN bridge interface VLAN ID When enabled VLAN specify the VLAN ID of it Save save the entered values Cancel restore all previous values Change status or leave in the de...

Page 21: ...nce click Reboot button and then it is necessary to wait a moment And the message of reboot appears just like bellows Figure 17 Reboot Information Network Bridge The Spanning Tree Protocol is a network protocol that ensures a loop free topology for any bridged Ethernet local area network The basic function of STP is to prevent bridge loops and the broadcast radiation the results from them Specify ...

Page 22: ...e attack anti attack polices can be set here based on network needs Figure 21 Attack Countermeasure settings Anti DOS Status Enable or disable anti dos policy for BW1253s This policy is for TCP DOS attack Max Load The attack threshold BW1253s think there is TCP DOS attack and do the countermeasure if one client s TCP links exceed this threshold Expire seconds If one client is considered as DOS att...

Page 23: ...ure Delete delete the selected RADIUS Server entry The last entry can not be deleted Add add new RADIUS server Click Details a similar page will be appeared as below Figure 23 Detail for Radius Server profile Name the new RADIUS server name which is used for selecting RADIUS server If a default appears on the right side of the Name entry it means this RADIUS server profile is the default profile A...

Page 24: ... Port show the network port used to communicate with the Accounting RADIUS server Accounting Secret show the shared secret string that is used to make sure the integrity of data frames used for the Accounting RADIUS server User Password Md5sum Secret show whether user input password is calculated md5 sum before pass to RADIUS server or not Back back to the RADIUS Server main page Edit edit the sel...

Page 25: ...e IP address of Accounting RADIUS server dots and digits Accounting Port specify the network port used to communicate with the Accounting RADIUS server 1 65535 Accounting Secret shared secret string that is used to make sure the integrity of data frames used for the Accounting RADIUS server The default port value for authentication is 1812 The default port value for accounting is 1813 The port spe...

Page 26: ...server Apply Changes to save all changes at once Discard Changes restore all previous values Click Apply Changes to apply all the changes Then the follow similar page will appear Figure 27 Reboot Server Reboot restart the access point to make applied changes work If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to...

Page 27: ... from the user side no network carrier before closing the connect 1 999999999 User Accounting Update Interval Seconds period after which server should update accounting information 60 999999999 User Accounting Update Retry seconds retry time period in which server should try to update accounting information before giving up 60 999999999 User Idle Timeout seconds amount of user inactivity time befo...

Page 28: ...anges click if RADIUS Properties configuration is finished Discard Changes restore all previous values Network DHCP In AP mode BW1253s can act as DHCP server The DHCP Dynamic Host Configuration Protocol service is supported on layer 2 interfaces DHCP server and DHCP relay are disabled by default Figure 30 DHCP Settings Edit edit the DHCP settings To enable DHCP server click the Edit button Figure ...

Page 29: ... from IP Address to specify the IP address range to be dynamically allocated by the DHCP server Netmask enter the netmask for IP pool range Gateway enter the gateway IP for wireless clients WINS Address Windows Internet Naming Service specify server IP address if it is available on the network dots and digits Lease Time specify the IP address lease interval in seconds 1 1000000 Domain specify the ...

Page 30: ...r settings will be automatically adjusted to match the network interface settings The Gateway of DHCP server settings must be same with the Gateway of BW1253s For each change of settings the BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appears ...

Page 31: ...button for applying all modifications And if there are still other setting modifications needed go ahead to finish all changes and then click Reboot button to restart and apply all settings together When BW1253s network Interface uses DHCP to get IP address dynamically DHCP server service cannot be enabled When BW1253s uses DHCP to get IP address the similar WEB UI will be appeared Figure 35 Warni...

Page 32: ...s connections and kick out all the wireless clients when it detects that its Ethernet network cannot be accessed to the internet Figure 37 Link Integrity settings Click Edit button to set the Link Integrity settings the similar UI will be appeared as below Figure 38 Edit Link Integrity settings Status Enable or disable the feature of Link Integrity Target IP1 to Target IP5 IP addresses for BW1253s...

Page 33: ...arget IP can be siecified The BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appears Figure 40 Reboot Server Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuo...

Page 34: ...re the remote management through TR069 ACS server eg BROWAN DMS server Figure 41 TR 069 settings Click Edit button and the similar page will be appeared Figure 42 edit TR 069 settings Status enable or disable TR 069 setting enable disable ACS URL enter the ACS server URL ACS UserName the user name for AP register to ACS server ACS UserPassword the password for AP register to ACS server Enable Peri...

Page 35: ...erver After enter all field click save and apply changes button to take effect Figure 43 save TR 069 settings Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button ...

Page 36: ...less Basic menu to configure wireless settings such as regulatory domain channel band and power layer 2 isolation Click the edit button on the setting you need to change The country code selection is for non US models only Figure 44 Basic Wireless Settings with static channel selection ...

Page 37: ... The default value is 2347 recommend Fragment Threshold It specifies the maximum size for a packet before data is fragmented into multiple packets If you experience a high packet error rate you may slightly increase the fragmentation threshold Setting the fragmentation threshold too low may result in poor network performance Only minor modifications of this value are recommended The default value ...

Page 38: ...supporting short preamble connected otherwise using short preamble The default is Auto recommend Short always using short preamble Long always using long preamble Slot Time show the slot time policy when working in 2 4GHz band Auto using long slot time when there are clients not supporting short slot time connected in otherwise using short slot time The Switching between long and short slot time i...

Page 39: ... transmission output power in dBm RTS Threshold the AP sends Request to Send RTS frames to a particular receiving station and negotiates the sending of a data frame After receiving an RTS the wireless station responds with a Clear to Send CTS frame to acknowledge the right to begin transmission The default value is 2347 recommend Fragment Threshold It specifies the maximum size for a packet before...

Page 40: ... users will be kicked off when DCA is processing new operational frequency channel takes effect DCA optional channel specify the channels only in which auto channel selection DCA will choose for reducing interference reference Only when DCA is enabled DCA threshold and DCA optional channel will be shown Preamble if your wireless device supports the short preamble and you are having trouble getting...

Page 41: ...etail with DynamicBridge setting please refer to Wireless Advanced page in DynamicBridge mode Change status or leave in the default state if no editing is necessary and click the Save button Figure 49 Apply or Discard dynamicbridge setting For such change of settings the BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appears ...

Page 42: ...erent security policy different VLAN ID different authentication etc All the BSSIDs are active at the same time that means client devices can associate to the access point for specific service Use the Wireless Advanced menu to configure properties related to Multiple BSSID including configure SSID Hidden SSID VLAN and Security for each SSID You can define different MBSSID if you configure AP mode ...

Page 43: ...SSID feature disable enable Security show which security policy is used for this MBSSID entry Current Connect show the number of current wireless clients associate to this MBSSID New create a new MBSSID entry Detail show the detail information of this MBSSID entry Edit edit the selected MBSSID entry you want to configure Delete delete the selected MBSSID entry When in AP mode you can not delete th...

Page 44: ... Intra BSS Layer 2 Isolation when enabled the clients that connect in this same BSS can t visit each other By default the intra BSS layer 2 isolation is disabled Intra BSS layer2 isolation which enable or disable client isolation under same SSID Inter BSS layer2 isolation which enable or disable client isolation between different SSID Please go to Wireless Layer 2 Isolation Inter BSS menu to confi...

Page 45: ... downlink from AP to wireless client 8 levels priorities are supplied 1 2 0 3 4 5 6 7 is from lowest priority to highest priority And if no special QoS is needed leave priority to default 0 0 means Best Effort priority WMM BW1253s support WMM wireless clients and implement WMM QoS with the WMM clients enable ESS in Tunnel Settings for ESS in tunnel When enabled BW1253s setup tunnel with remote AC ...

Page 46: ...nu to configure your RADIUS server profile or add a new profile and please refer to Network RADIUS Server for its configuration Dynamic WEP Encryption select whether using the dynamic 64 bits encryption 128 bits encryption or without encryption Pass Through when enabled client can access network whether it passed 802 1x authentication or not Only when 802 1x enabled and dynamic key disabled this o...

Page 47: ...s and less than 64 characters for WPA with pre shared key encryption Algorithm choose WPA algorithm TKIP AES Group Key Rekey Interval specify amount of minutes and WPA automatically will generate a new Group Key MAC Auth when selected the MAC address of wireless client will be passed to RADIUS server for PAP authentication when it connects with BW1253s The MAC address of wireless client acts as us...

Page 48: ... no editing is necessary and click the Save button Figure 57 Apply or Discard the advanced Settings in AP mode For each change of settings the BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appears Figure 58 Reboot information Reboot click the button to restart the server and apply the changes If there is no other settings needed t...

Page 49: ...y is used Edit edit the selected Bridge link entry you want to configure Clicking Edit to configure the bridge parameters Figure 60 Bridge Link Setting NodeType determine the AP as Root or Normal client rule As a root AP the nearby bridge client will automatically associate to the root AP based on the signal quality In case a bridge link is broken the client AP will automatically seek the nearby r...

Page 50: ...re 62 Reboot information Reboot click the button to restart the server and apply the changes If there is no other setting needed to be modified click the Reboot button for applying all modifications And if there are still other setting modifications needed go ahead to finish all changes and then click Reboot button to restart and apply all settings together Wireless WEP Use the Wireless WEP menu t...

Page 51: ... Edit to edit the existing wepkey1 to wepkey4 By default four WEP keys are all set to aaaaa ascii characters or 6161616161 hexadecimal characters They can be modified according to requirement Figure 64 Edit WEP Key Change status or leave in the default state if no editing is necessary and click the Save button ...

Page 52: ... Changes Request for reboot server appears Figure 66 Reboot information Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and take effect for all set...

Page 53: ... clients connecting to the BW1253s are allowed no ACL rules are applied to the wireless clients Select Allow means only the wireless clients whose MAC are listed in the MAC List would be permitted to access this AP Other wireless client cannot access this AP Select Deny means only the wireless clients whose MAC are listed in the MAC List would be prevented from accessing Other wireless clients can...

Page 54: ...example 00 90 4B 00 11 22 Save click the button to save the new MAC entry Figure 70 Apply or Discard MAC ACL Configuration Changes Apply Changes to save all changes made in the interface table at once Discard Changes restore all previous values For such change of settings the BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appears F...

Page 55: ...reless Advanced page to configure intra BSS communication of users in the same BSS Full layer 2 isolation need to set both intra BSS and inter BSS layer 2 isolation The Wireless layer 2 isolation setting page is only exist in AP mode as it is only for inter BSS layer 2 isolation There is no Wireless layer 2 isolation setting page in AP Router mode Figure 72 layer 2 Isolation Service Edit edit the ...

Page 56: ...ice MAC address The format is a list of colon separated hexadecimal numbers for example 00 90 4B 00 11 22 Save click the button to save the new Allowed MAC List entry Cancel discard change and restore all previous values For such change of settings the BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appears Figure 76 Save Allowed MA...

Page 57: ...tart the server and apply the changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings ...

Page 58: ...BSS the client connected to User IP IP address from which the user s connection is established digits and dots Authed indicate this client is authenticated or not Wireless Auth show the authentication method which user used to connect Time Length session duration since the user login hh mm ss Idle Time amount of user inactivity time hh mm ss Action view the statistics or kickoff the user Detail cl...

Page 59: ... Time Length remaining user s session time hh mm ss Session time for user is defined in the RADIUS Server Idle time specify current idle time Idle Timeout specify the time of user idle timout hh mm ss When reach the time the user will be logged out automatically Input Bytes amount of data in bytes which the user network device has received Bytes Output Bytes amount of data in bytes transmitted by ...

Page 60: ...on availability This monitoring is performed with ping If the specified number of ping failures is reached failure count the user is logged out from the BW1253s Figure 80 Station Supervision To adjust the ping interval failure count click the Edit button Figure 81 Edit Station Supervision Interval define interval of sending ping to host in seconds Failure Count failure count value after which the ...

Page 61: ...ply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings Services Services Telnet Use Services Telnet menu to manage the telnet SSH service of your BW1253s Figure 84 System Configuration settings Telnet Service Enable or disable telnet service of BW1253s SSH Service Enabl...

Page 62: ...ge values 1 32 all ASCII printable characters no spaces Default Trap community the default SNMP community name used for traps without specified communities The default community by most systems is public The community string must match the community string used by the SNMP network management system NMS 1 32 all ASCII printable characters no spaces HeartBeat Trap Interval defined the AP sending the...

Page 63: ...me Settings menu Figure 87 Time Settings Click Edit to change current system time Figure 88 Edit Date and Time Settings Date yy mm dd Time hour minute Change the Date and Time or leave in the default value if no editing is necessary and click the Apply button Thus the modified time will be taken effect at once No reboot is needed If NTP is enabled the local time cannot be modified Since BW1253s ha...

Page 64: ...d a new NTP server setting for synchronizing time Clicking Add button to add a new NTP server Figure 90 Add new NTP server setting Two NTP servers can be configured under Services NTP menu And only IP address is accepted for NTP server Adding at least one NTP server before enable NTP service The Name of NTP server should be unique Change status or leave in the default state if no editing is necess...

Page 65: ...ge of settings the BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appears Figure 94 Reboot information Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously t...

Page 66: ...r Disable software watchdog Check Interval the periodical time that software watchdog checks the whole file system of BW1253s The hardware watchdog function will protect device even the operation system crash Figure 97 edit hardware watchdog settings Status Enable or Disable hardware watchdog The default value is enabled for both Software Watchdog and Hardware Watchdog It is strongly recommended t...

Page 67: ...er authentication in the system 4 8 characters spaces not allowed Confirm Password re enter the new password to verify its accuracy Save click to save new administrator settings Default administrator logon settings are User Name admin Password admin01 Password length is from 4 to 8 characters After filling in the right Old password and the New Password clicking the Save button for taking effect im...

Page 68: ...log function enabled disabled Host IP specify the host IP address where to send the System Log messages dots and digits Log Level specify the remote log message level you want to trace critical error warning info and debug Do not output debug log unless there are important issue needs to be clarified Debug log will output all of the information so that it will severely drop down the network perfor...

Page 69: ... values View view the log messages locally Click View button a similar screen will appear as below Figure 103 View Local Log Messages Clear clear current log message Refresh get the updated log messages Return back to System Log page System System Mode In this page you can select the system mode of your BW1253s Figure 104 System Mode Settings Mode select whether the system mode of BW1253s is AP mo...

Page 70: ...pply and Reboot click the button to restart the device and apply all setting changes The BW1253s Web Interface in AP mode is different from that in AP Router mode For the detailed configuration of BW1253s working in AP Router mode please refer to the next chapter Chapter 4 Reference Manual AP Router Mode System System Info Administrator can self define the device information including the system n...

Page 71: ...d upload system configuration for restore Figure 109 System Configuration settings Click the Preparation button to start saving the configuration file Click the Download button to download current working configuration locally Figure 110 Backup settings By default the device configuration name is cfgbackup cfg A configuration file name will be required when you download save the configuration file...

Page 72: ...he specified configuration and then the similar UI appears Figure 112 Configuration Upload Restore 2 Click OK button to restore and AP will reboot immediately to take effect Figure 113 Configuration Upload Restore 3 System Reset and Reboot Use this function to reboot device or restore to factory default Figure 114 System Reset setting Reboot reboot the device Reset reset System to Factory Defaults...

Page 73: ...strator settings will be set back to the factory default when Reset is implement System Local Upgrade Upload Update your device firmware locally Figure 117 Firmware Upgrade Click the Upload and then click the browse button to specify the full path of the new firmware image and click the Upload button Figure 118 Firmware Upgrade Click the Upgrade button to flash and upgrade the firmware Please make...

Page 74: ...rade via TFTP server Figure 120 TFTP Firmware Upgrade Current firmware version Show the current firmware version TFTP server IP address Specify the IP address of TFTP server which firmware located TFTP Time Out Secs Specify the TFTP server communication time out in second Firmware Filename Specify the upgrade firmware name to be download Figure 121 TFTP Firmware Upgrade setting Click Edit button t...

Page 75: ...ce could be damaged It recommend to use the Ethernet connection not wireless for the firmware update process System Location Settings You can define the longitude and latitude for the device information or for the NMS to locate the device location Figure 122 location setting Click edit to enter the Longitude and Latitude in digit and dot format Figure 123 edit location longitude latitude Click sav...

Page 76: ...your web browser window Web Interface The main web management menu is displayed at the top of the page after successfully logging into the system see the figure below From this menu all essential configuration pages are accessed Figure 124 Main Configuration Management Menu The web management menu has the following structure Status Device Status show the status related with the whole device Wirele...

Page 77: ... page based by HTML page Pages configure and upload user pages Upload upload new internal user pages HTTP Headers define http headers encoding and language Remote Authentication define external Web Application Server WAS to intercept take part in the user authentication process Services Telnet Telnet SSH service SNMP SNMP service NTP NTP settings of BW1253s Time manually set time Watchdog Enable t...

Page 78: ...ware upgrading Config version display current configure version Up Time indicate the time expressed in days hours and minutes since the system was last rebooted System Time show the current time of the BW1253s WLAN1 MAC show the MAC addresses of the wireless interfaces of the BW1253s Free System Memory indicate the memory currently available in the BW1253s Total System Memory indicate the total me...

Page 79: ... Tx Power indicate radio transmit power of the BW1253s MAC ACL indicate the status of MAC ACL feature on BW1253s SSID Number indicate current number of enabled SSID on BW1253s Status Interface Statistics The Interface Statistics shows each network interface status including Input Output bytes packets or error Figure 127 Interface Statistics Interface Name show the name of each network interface wh...

Page 80: ...ut of the network interface The bytes number is displayed in KB Output Packets show the packets number transmitted out of the network interface Output Errors show the packets number which contain errors preventing them from being transmitted out correctly Refresh get the updated network interface information ...

Page 81: ...ure 129 Edit Network Interfaces Settings 1 Interface standard interface name This name cannot be edited Status select the status of interface enabled disabled Do not disable the interface through which you are connected to the AP Router Disabling such interface will lose your connection to the device The interface eth1 can not be disabled Type network type cannot be changed There are two possible ...

Page 82: ...ers are a binary mask of the IP address which defines IP address order and the number of IP addresses in the subnet Gateway interface gateway For LAN type interfaces the gateway is WAN interface The gateway of the WAN interface is usually the gateway router of the ISP or other WAN network Default gateway is marked with Save save the entered values Cancel restore all previous values Figure 131 Appl...

Page 83: ...all settings Network PPPoE The Point to Point Protocol over Ethernet PPPoE is a network protocol for encapsulating PPP frames inside Ethernet frames It is use mainly for DSL service Click Edit button to enable or disable the service Figure 133 PPPoE service Name service name Status change status for this service disable enable Figure 134 change PPPoE service Enable the PPPoE service Username enter...

Page 84: ... and take effect all changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings Network L2TP Layer 2 Tunneling Protocol L2TP is a tunneling protocol used to support virtual private netw...

Page 85: ...ess in digits and dots notation e g 192 168 2 2 Username enter the user name Password password for the authorized user Timeout in case of connection fail the interval to re connect to the server Figure 139 edit L2TP services Click Save button and Apply Changes button to save the change or discard changes button to discard the change Figure 140 save the changes Reboot click the button to restart th...

Page 86: ...tart and take effect for all settings Network RADIUS Server Up to 32 different RADIUS servers can be configured in the RADIUS servers menu By default one RADIUS server is specified for the system Figure 142 RADIUS Servers Settings Details show the detail information of this RADIUS Server profile Edit edit the selected RADIUS Server entry you want to configure Delete delete the selected RADIUS Serv...

Page 87: ...grity of data frames used for the Authentication RADIUS server Accounting IP show the IP address of Accounting RADIUS server If the Accounting IP address is 0 0 0 0 it means that the Accounting service is disabled Accounting Port show the network port used to communicate with the Accounting RADIUS server Accounting Secret show the shared secret string that is used to make sure the integrity of dat...

Page 88: ...t When selected the profile will be used as default Authentication IP specify the IP address of Authentication RADIUS server dots and digits Authentication Port specify the network port used to communicate with the Authentication RADIUS server 1 65535 Authentication Secret shared secret string that is used to make sure the integrity of data frames used for the Authentication RADIUS server Accounti...

Page 89: ...ore pass to RADIUS server for more security enabled disabled This setting needs RADIUS server do relevant configurations Save save the entered values Cancel restore all previous values After adding a new RADIUS server or editing an existing one a page appears similar to the following Figure 146 Apply or Discard RADIUS Server Changes Details show the detail information of this RADIUS Server profile...

Page 90: ...hanged continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings Network RADIUS Properties General RADIUS settings are configured using the RADIUS Properties menu under the network Figure 148 RADIUS Properties settings RADIUS Retries retry count of sending RADIUS packets before giving up 0 99 RADIUS Timeout seconds maximum amount of time ...

Page 91: ...le Timeout seconds amount of user inactivity time before automatically disconnecting user from the network 1 999999999 Bandwidth Up maximum bandwidth up at which corresponding user is allowed to transmit bps Bandwidth Down maximum bandwidth down at which corresponding user is allowed to receive bps Each setting in this table can be edited Select RADIUS setting you need to update click the edit nex...

Page 92: ...ice service allows BW1253s subscribers to enter URLs instead of IP addresses into their browser to reach the desired web site You can enter the DNS server settings under the Network DNS menu The DNS server setting s table is displayed Figure 151 DNS Settings You can enter the primary and secondary DNS servers settings by click the edit button in the action column and type in the DNS server s IP ad...

Page 93: ...k the button to restart the server and apply the changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings Network DHCP In AP Router mode the BW1253s can act as a DHCP Server The DHCP ...

Page 94: ... the DHCP service mandatory fields Netmask show the subnet mask of current interface Gateway show the interface gateway WINS Windows Internet Naming Service Address specify service IP address if it is available on the network dots and digits Lease Time specify the IP address renewal in seconds 1 1000000 Domain specify DHCP domain name optional 1 128 sting DNS Address specify the DNS server s IP ad...

Page 95: ... correct click Apply Changes request for reboot server appears Figure 159 Reboot information Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and ta...

Page 96: ...ived on an interface with specific destination addresses By default no static routes are defined on the system Figure 161 Static Route Page A routing rule is defined by the target subnet target IP address and subnet mask interface and or gateway where to route the target traffic A data packet that is directed to the target network is routed to the specified AC interface or to another gateway route...

Page 97: ...is considered as DOS attacker BW1253s kicks it out and doesn t let it connect again during the time that Expire set Flow Control Status Enable or disable traffic flow control policy for BW1253s Max Load The attack throughput threshold Duration seconds if traffic exceeds the value of Max Load during the whole time that Duration set BW1253s think there is traffic flow attack and do the countermeasur...

Page 98: ... all IP address specified it will consider Ethernet link fail and all associated wireless client will be logged out The AP will continue to ping from first IP address If ping success the wireless will be enable again and client can access the AP Save save the entered values Cancel restore all previous values Click Save the similar apply changes UI will be appeared Figure 167 Apply or Discard Link ...

Page 99: ...tocol for remote management of end user devices As a bidirectional SOAP HTTP based protocol it provides the communication between customer premises equipment CPE and Auto Configuration Servers ACS server It includes both a safe auto configuration and the control of other CPE management functions within an integrated framework The protocol addressed the growing number of different internet access d...

Page 100: ...form Interval the inform interval in seconds the value is 720 4294967295 Connection Request UserName when the ACS pulling a task to AP CPE such as firmware upgrade downgrade AP need the user name to verify the task sending from ACS server Connection Request Password when the ACS pulling a task to AP CPE such as firmware upgrade downgrade AP need the password to verify the task sending from ACS ser...

Page 101: ...y the changes Figure 172 reboot device If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings ...

Page 102: ...less Basic menu to configure wireless settings such as regulatory domain channel band and power layer 2 isolation Click the edit button on the setting you need to change The country code selection is for non US models only Figure 173 Basic Wireless Settings with static channel selection ...

Page 103: ...n The default value is 2347 recommend Fragment Threshold It specifies the maximum size for a packet before data is fragmented into multiple packets If you experience a high packet error rate you may slightly increase the fragmentation threshold Setting the fragmentation threshold too low may result in poor network performance Only minor modifications of this value are recommended The default value...

Page 104: ...supporting short preamble connected otherwise using short preamble The default is Auto recommend Short always using short preamble Long always using long preamble Slot Time show the slot time policy when working in 2 4GHz band Auto using long slot time when there are clients not supporting short slot time connected in otherwise using short slot time The Switching between long and short slot time i...

Page 105: ...11na HT40minus TxPower the BW1253s transmission output power in dBm RTS Threshold the AP sends Request to Send RTS frames to a particular receiving station and negotiates the sending of a data frame After receiving an RTS the wireless station responds with a Clear to Send CTS frame to acknowledge the right to begin transmission The default value is 2347 recommend Fragment Threshold It specifies th...

Page 106: ...on wireless environment Wireless users will be kicked off when DCA is processing new operational frequency channel takes effect DCA optional channel specify the channels only in which auto channel selection DCA will choose for reducing interference reference Only when DCA is enabled DCA threshold and DCA optional channel will be shown Preamble if your wireless device supports the short preamble an...

Page 107: ... Basic Wireless Settings with Static Channel selection Figure 178 Apply or Discard Basic Wireless Settings with DCA enabled For such change of settings the BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appears ...

Page 108: ...ssign different configuration settings to each BSSID For wireless users they can think BW1253s as single AP with multi service supporting including different security policy different VLAN ID different authentication etc All the BSSIDs are active at the same time that means client devices can associate to the access point for specific service Use the Wireless Advanced menu to configure properties ...

Page 109: ...D name for wireless client searching and associating Hidden show the status of Hidden SSID feature disable enable Security show which security policy is used for this MBSSID entry Current Connect show the number of current wireless clients associate to this MBSSID New create a new MBSSID entry Detail show the detail information of this MBSSID entry Edit edit the selected MBSSID entry you want to c...

Page 110: ...enable the function Only 11n only 802 11n client can connected to the SSID Max Station Number define maximum number of associated wireless client to this SSID Leave space means unlimited or fill in the value 1 127 client Layer 2 Isolation Specify the layer 2 isolation policy Enable Intra BSS Layer 2 Isolation when enabled the clients that connect in this same BSS can t visit each other By default ...

Page 111: ...priority for this SSID interface which is implemented according to 802 11e EDCA and makes sure the wireless downlink QoS This priority is based on SSID which means different BSSID can have different traffic priority and the traffic of the same SSID has the same priority This traffic priority only makes sure the priority of downlink from AP to wireless client 8 levels priorities are supplied 1 2 0 ...

Page 112: ...ion will fail The key value is set in Wireless WEP web page 802 1x when selected the MSSID entry will be configured as an 802 1x authenticator It supports multiple authentication types based on EAP Extensible Authentication Protocol like EAP TLS EAP TTLS EAP PEAP EAP SIM The privacy will be configured as dynamic WEP RADIUS Server Profile select your RADIUS server profile Please go to Network RADIU...

Page 113: ...re 184 Multiple BSSID Setting 4 WPA PSK when selected the encrypt method will be WPA without RADIUS server WPA2 PSK when selected the security policy will be WPA2 PSK without RADIUS server In this mode only WPA2 PSK client can connect with AP and WPA PSK client is not permitted to connect WPA2 PSK MIXED when selected WPA2 PSK and WPA PSK clients are all permitted to connect with AP Use Pre Shared ...

Page 114: ...I without RADIUS server Encode Pre shared key encode HEX ASCII Use Pre Shared key specify more than 8 characters and less than 64 characters for WPA with pre shared key encryption Disabled when selected you don t select any security policy Change status or leave in the default state if no editing is necessary and click the Save button Figure 186 Apply or Discard the advanced Settings in AP mode Fo...

Page 115: ...utton to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings Wireless WEP Use the Wireless WEP menu to configure static WEP settings This menu only set static WEP key value related with 4 key indexes Enable or Disable static WEP is in the Wireless Advance menu Figu...

Page 116: ... 6161616161 hexadecimal characters They can be modified according to requirement Figure 189 Edit WEP Key Change status or leave in the default state if no editing is necessary and click the Save button Figure 190 Apply or Discard WEP Configuration For each change of settings the BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appear...

Page 117: ...all settings Wireless MAC ACL Use the MAC ACL service to control the default access to the wireless interface of the BW1253s or define special access rules for mobile clients Configure the ACL using the Wireless MAC ACL menu Figure 192 MAC ACL Service Radio show the wireless interface The wireless interface which is Bridge mode hasn t MAC ACL settings Policy click the edit button to choose Allow D...

Page 118: ...u must create MAC List to work with Policy setting The access control list is based on the network device s MAC address In the MAC ACL Configuration table you only need to specify the MAC address of wireless client Click the Add button to create a new MAC entry Figure 194 Add MAC entry MAC Address enter the physical address of the network device you need to MAC address The format is a list of colo...

Page 119: ...ly Changes Request for reboot server appears Figure 196 Reboot Server Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and take effect for all setti...

Page 120: ...SS the client connected to User IP IP address from which the user s connection is established digits and dots Authed indicate this client is authenticated or not WEB Auth L2 Auth show the authentication method which user uses to connect Time Length session duration since the user login hh mm ss Idle Time amount of user inactivity time hh mm ss Action view the statistics or kickoff the user Detail ...

Page 121: ...nd layer2 authentication status layer2 authentication include all supported EAP type of 802 1x auth and MAC auth WISP WISP domain name where the user belongs Session ID the unique user s session ID number This can be used for troubleshooting purposes Remaining Time Length remaining user s session time hh mm ss Session time for user is defined in the RADIUS Server Idle time specify current idle tim...

Page 122: ...to connect client s statistics list Kickoff click this button to disconnect the user from access point Refresh click the button to refresh users statistics User Station Supervision The Station Supervision function is used to monitor the connected host station availability This monitoring is performed with ping If the specified number of ping failures is reached failure count the user is logged out...

Page 123: ... the button to restart the server and apply the changes If there is no other settings needed to be modified click the Reboot button to apply all changes If there are any other settings need to be changed continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings User User ACL User ACL provide high flexibility for administrator to define th...

Page 124: ...Figure 206 Create a new rule third step Third step choose the type of source port and destination port any port special port Figure 207 Create a new rule fourth step Fourth step fill out the source IP address and destination IP address including IP address and net mask if you choose any IP in second step you need not fill out the IP address fill out the source port and destination port if you sele...

Page 125: ...ironment that controls the user s access to Web content and services It is to define a free restricted service set for a user do not logged into the system Use the User walled garden menu to view or change the free URLs or hosts Figure 211 Walled Garden New URL click the new URL button and enter the new URL and its description Save entered information by clicking the update button Figure 212 Add N...

Page 126: ...erver address IP address or host name Netmask enter the network mask to specify the host servers network Port network port which is used to reach the host 1 65535 For standard protocols use the default ports Protocol Port HTTP 80 HTTPS 443 FTP 21 User WISP Different WISPs Wireless Internet Service Providers can be associated with appropriate RADIUS servers and device interfaces using the User WISP...

Page 127: ...of prefix length is from 2 to 6 Figure 216 Domain Policy Add WISP click to define WISP for RADIUS server Figure 217 Define New WISP Name new WISP domain name string up to 256 symbols no space dot or dash allowed RADIUS Name select RADIUS for new WISP from list box non editable Save click the button to save the new WISP Cancel restore all previous values Figure 218 Apply or Discard Changes of WISP ...

Page 128: ...ge The start page is the default web page where users will be redirected after log on This value will be overwritten by the WISP RADIUS attribute no 4 Redirection URL if provided in the authentication response message Use the User Start Page menu to view or change the start page URL Figure 220 Start Page The administrator can change the start page by clicking the Edit button The value entry field ...

Page 129: ...en click Reboot button to restart and take effect for all settings User Customized UAM Customized UAM let owner upload their own login and logout page to BW1253s to apply with enterprise style or do advertisements User customized page is based on HTML BW1253s support internal and external customized UAM Internal means user can upload their html login and logout page to BW1253s External means BW125...

Page 130: ...ll pop out a logout page for user In default this setting is enabled if customized page is enabled Logout Page s Dimension for the difference of logout page s dimension which make by customer BW1253s will use this data to pop out user s customized logout page Use External Page if this item is enabled BW1253s will fetch login and logout page from an external web server Second is update html files f...

Page 131: ...icture file format is JPG GIF PNG and CSS After select the file you want press upload button and the files will upload to BW1253s after successful upload files you can see the page below Picture and CSS files name need be consistent with your login or logout html pages The login and logout html file can be what ever you want Don t forget fill out the Logout page s dimension or logon user maybe can...

Page 132: ...7 Flash upload files OK After successful flash the files uploaded files will appear in uploaded file list Next is an example for customized login and logout page Figure 228 Example login and logout page For external page enabled the Use External Page as below ...

Page 133: ...he welcome login logout help pages can be easily changed to user defined pages by choosing the edit menu The pages configuration menu is displayed by default In External page mode BW1253s will only fetch the login and logout html page to local the picture or the CSS file which link on the customized login logout page will not be fetch So the link to the picture and CSS file on user customized html...

Page 134: ...edirect choose this option when using the Extended UAM function see Chapter 5 User Pages Status choose enable disable welcome page status Note that redirect option with status disabled would work Location enter location for external templates or redirect e g WAS IP address Figure 231 Redirect User Pages Welcome page with redirect option selected redirects the user authentication process to the spe...

Page 135: ...W1253s web management interface and new uploaded user pages Select User HTTP Headers menu Figure 234 HTTP Headers Settings BW1253s device supports some http META tags Syntax of such META tags META HTTP EQUIV name CONTENT content Currently BW1253s supports Content Type and Content Language tags Content Type is used to define document char set used when text has non Latin letters like language lette...

Page 136: ...n the user authentication process and to log on and log off users externally It provides a means to query user session information as well By default such remote authentication is disabled Figure 236 Remote Authentication Click the edit button next to appropriate settings to specify remote authentication parameters Figure 237 Enable Remote Authentication Remote Authentication select status enabled...

Page 137: ...ers on both ends manager and agent Use the Services SNMP menu to change current SNMP configuration Figure 239 SNMP settings Readonly community community name is used in SNMP version 1 and version 2c Read only public community allows reading values but denies any attempt to change values 1 32 all ASCII printable characters no spaces Readwrite community community name is used in SNMP version 1 and v...

Page 138: ...manager IP address dots and digits Host Port enter the port number the trap messages should be send through number Trap Type select trap message type v1 v2 inform Community specify the community name at a SNMP trap message This community will be used in trap messages to authenticate the SNMP manager If not defined the default trap community name will be used specified in the SNMP table 1 32 all AS...

Page 139: ...dd button to add a new NTP server Figure 243 Add new NTP server setting Two NTP servers can be configured under Services NTP menu And only IP address is accepted for NTP server Please enter at least one NTP server when enable NTP service The Name of NTP server should be unique Change status or leave in the default state if no editing is necessary and click the Save button Figure 244 Save the NTP s...

Page 140: ...tus Click Save button to save new Time Zone setting Figure 246 Apply or Discard Time Zone NTP status Changes For each change of settings the BW1253s needs to be restarted to apply all settings changes when clicking Apply Changes Request for reboot server appears Figure 247 Reboot information ...

Page 141: ...anually under Services Time menu Figure 248 Time Settings Click Edit to change current system time Figure 249 Edit Date and Time Settings Change the Date and Time or leave in the default value if no editing is necessary and click the Apply button Thus the modified time will be taken effect at once No reboot is needed If NTP is enabled the local time cannot be modified Since BW1253s hasn t RTC real...

Page 142: ... watchdog checks the whole file system of BW1253s The hardware watchdog function will protect device even the operation system crash Figure 252 edit hardware watchdog settings Status Enable or Disable hardware watchdog The default value is enabled for both Software Watchdog and Hardware Watchdog It is strongly recommended to enable the watchdog function Click Save and follow the UI instruction to ...

Page 143: ... user authentication in the system 4 8 characters spaces not allowed Confirm Password re enter the new password to verify its accuracy Save click to save new administrator settings Default administrator logon settings are User Name admin Password admin01 Password length is from 4 to 8 characters After filling in the right Old password and the New Password clicking the Save button for taking effect...

Page 144: ...mote log enabled disabled Host IP specify the host IP address where to send the System Log messages dots and digits Log Level specify the remote log message level you want to trace critical error warning info and debug Do not output debug log unless there are important issue needs to be clarified Debug log will output all of the information so that it will severely drop down the network performanc...

Page 145: ...u want to trace critical error warning info and debug Save save changes Cancel restore the previous values View view the log messages locally Click View button a similar screen will appear as below Figure 258 View Local Log Messages Clear clear current log message Refresh get the updated log messages Return back to System Log page System System Mode In this page you can select the system mode of y...

Page 146: ...pply all setting changes The Web Interface in AP Router mode is different from that in AP mode For the detailed configuration of BW1253s working in AP mode please refer to Chapter 3 Reference Manual AP Mode System System Info Administrator can self define the device information including the system name system location and system contact information of his BW1253s Figure 260 System info Settings S...

Page 147: ...n Upload upload system configuration for restore Figure 264 System Configuration settings Click the Preparation button to start saving the configuration file Click the Download button to download current working configuration locally Figure 265 Backup settings By default the device configuration name is cfgbackup cfg A configuration file name will be required when you download save the configurati...

Page 148: ...the specified configuration and then the similar UI appears Figure 267 Configuration Upload Restore 2 Click OK button to restore and AP will reboot immediately to take effect Figure 268 Configuration Upload Restore 3 System Reset and Reboot Use this function to reboot device or restore to factory default Figure 269 System Reset setting Reboot reboot the device Reset reset System to Factory Default...

Page 149: ...istrator settings will be set back to the factory default when Reset is implement System Local Upgrade Upload Update your device firmware locally Figure 272 Firmware Upgrade Click the Upload and then click the browse button to specify the full path of the new firmware image and click the Upload button Figure 273 Firmware Upgrade Click the Upgrade button to flash and upgrade the firmware Please mak...

Page 150: ...grade via TFTP server Figure 275 TFTP Firmware Upgrade Current firmware version Show the current firmware version TFTP server IP address Specify the IP address of TFTP server which firmware located TFTP Time Out Secs Specify the TFTP server communication time out in second Firmware Filename Specify the upgrade firmware name to be download Figure 276 TFTP Firmware Upgrade setting Click Edit button ...

Page 151: ...ce could be damaged It recommend to use the Ethernet connection not wireless for the firmware update process System Location Settings You can define the longitude and latitude for the device information or for the NMS to locate the device location Figure 277 location setting Click edit to enter the Longitude and Latitude in digit and dot format Figure 278 edit location longitude latitude Click sav...

Page 152: ...bled on the BW1253s for subscribers The following mentioned user pages are factory default The operator owner can upload new templates for all user pages based on their designed Contact with BROWAN if you need the User Pages templates samples User Pages Overview Welcome Page Welcome page is the first page a subscriber receives when he starts his web browser and enters any URL By default it s a ver...

Page 153: ...rs In addition a smaller logout window page pops up The operator owner can change the login page according to its needs See more details in section Changing User Pages Logout Page Make sure the JavaScript is enabled on your Web browser otherwise you will not receive the logout page The Logout page contains the detailed subscriber s session information and provides function for logging out of the n...

Page 154: ...nd unlimited Total bytes left session total download and upload bytes left for subscriber limited form RADIUS in B KB MB GB and unlimited time length left time length left in format hours minutes seconds Bandwidth downstream upstream available upstream and downstream bandwidth for subscriber limited from RADIUS in bps Refresh button click the button to refresh the subscriber session information Th...

Page 155: ...two ways to change and store new user page templates External linking new user page templates from an external server Internal upload new templates to local memory Supported user pages template formats XSL Extensible Style sheet Language for welcome login logout one click pages HTML Hypertext Markup Language for help unauthorized pages The welcome Login and logout pages must be in XSL format The f...

Page 156: ...under the use column Figure 286 configure external pages Step 4 Specify the new user page location in the location field http servername filelocation Figure 287 configure external pages Do not to upload different type of formats It will not be displayed properly Step 5 Save entered changes with the apply changes button ...

Page 157: ... 156 of 180 Figure 288 configure external pages Step 6 Check for new uploaded user page e g login Figure 289 login page If at anytime you wish to restore factory default user pages click the reset button under the system reset reboot menu ...

Page 158: ...l option is defined for all pages Figure 290 internal pages Step 2 Under the user upload menu click the upload button to upload new prepared user pages Figure 291 upload page The memory space in the AP for internal user pages is limited to 1 MB Step 3 Specify the location of new user page templates by clicking the browse button or enter the location manually Specify the location for the additional...

Page 159: ...t the upload process a number of times until all necessary images are uploaded Step 5 Check for the newly uploaded user pages and images to ensure that everything is uploaded and displayed correctly Go to the link https device IP address to get to the new user welcome page Figure 293 customize welcome page Click the here link or enter the link directly https device IP address login user to get to ...

Page 160: ...W1253s User Guide v1 0 Nov 2013 Page 159 of 180 Figure 294 customize login page If at anytime you wish to restore the factory default user pages click the reset button under the system reset reboot menu ...

Page 161: ...uthentication process AC intercepts any access to the Internet via HTTP and redirects the client to the welcome or login URL on AC In order to render the custom login screen HTML page the AC must be configured to 2 fetch XSL script from a remote server which in this case is a Web Application Server WAS or have custom XSL uploaded on the AC There is the ability to enable caching of XSL scripts see ...

Page 162: ... is re directed to the external server WAS Client AC WAS RADIUS Server 1 Initial Request 2 Replay with HTTP redirect 3 Direct client communication with WAS 4 Client sends his her login and password 8 WAS reports client status authenticated or not 5 WAS tries to authenticate client 6 AC sends request to RADIUS 7 RADIUS replay authenticated or not Figure 296 Client Remote Authentication Scheme 2 The...

Page 163: ...ional Lanip The IP address of the LAN interface the user is connected to Can be changed or specified under the Network Interface menu In order to logon log off or get user status WAS submits POST request to the following URLs 1 Remote user logon Script name pplogon user Parameters secret shared secret to protect page from accidental use ip IP address of user to be logged on Username Username of th...

Page 164: ...from accidental use ip IP address of user to be logged off username Username of the user to be logged off mac AC address of the user to be logged off All parameters are required except the IP and MAC At least one of IP and MAC addresses should be supplied If supplied only IP user is checked and logged off by username and IP If IP and MAC addresses are supplied then user is checked and logged off b...

Page 165: ...sharedSecret username UserName ip user_I P_address Script produces XML output XML output when some error occurs ppstatus status No user by IP status error 122 error description User with supplied IP address not found description ppstatus Response statuses and error codes status error description OK 0 User status is ok Not checked 100 Status information not checked No IP 101 No user IP address supp...

Page 166: ...try id 11 unlimited entry entry id 12 unlimited entry entry id 13 32 Mbps entry entry id 14 32 Mbps entry entry id 15 04 59 55 entry entry id 16 EAP entry ppstatus Status detailed information by ID id description 1 User name 2 User IP address 3 User MAC address 4 Session time 5 Session ID 6 User idle time 7 Output bytes 8 Input bytes 9 User WISP name 10 Remaining bytes 11 Remaining output bytes 12...

Page 167: ...super administrator and go to User Customized UAM In order to configure BW1253s using the customized login logout page Customize Page status must be set to enable To enable Customized Page edit the Customize page status User Customized UAM and set to Enabled See the diagram below Figure 297 enable customize page status Figure 298 customize page status is enabled To start to upload the customized t...

Page 168: ...ter the physical path and filename of the coffee template files or click the browse button to search the coffee template files are located The first two items are for login html and logout html files only Additional files are for CSS and image files such as jpg gif png and etc ...

Page 169: ... ten Additional files can be uploaded at one time To upload more additional file repeat the same upload process in step 2 4 but please be aware of the first two items are only for login html and logout html files Image files can only be uploaded to Additional file fields Figure 301 upload other files Once all files are uploaded successfully a list of Uploaded File List will show ...

Page 170: ...size setting of logout page and press the Save button E g the coffee bar template the suggested size of logout page is 760 x 601 Figure 303 set the pixels of logout window Step3 Everything is ready Now any users that access the internet via the BW1253s will see the new personalized login and logout pages Let s look at the new appearance of login and logout page based on the coffee bar template Mak...

Page 171: ...BW1253s User Guide v1 0 Nov 2013 Page 170 of 180 Figure 304 example of coffee bar login page Figure 305 example of coffee bar logout page ...

Page 172: ...tus width 250 height 240 marginwidth 0 marginheight 0 scrolling yes frameborder 0 iframe td These set of code uses an embedded window to show the session data in logout window Comment them with HTML comments language and will hide the session data in logout window 3 Question If I don t want the logout window to pop up to users how could I do Answer Please login BW1253s and go to User Customized UA...

Page 173: ... 64bits and 128bits WEP DynamicBridge Up to 31 bridge links Interface LAN 10 100 100Mb Ethernet auto sensing RJ 45 Console 1 for RJ 45 interface Management Interfaces HTTPs Secure Telnet SSHv2 SNMP Software Update Remote software update via HTTPs Reset H W and S W restore factory default Physical Specification Dimension 175 mm x 135 mm x 27 mm Weight 520g Environment Specification Temperature Humi...

Page 174: ...Default Interface Br0 Type LAN IP Address 192 168 2 2 Netmask 255 255 255 0 Gateway 0 0 0 0 AP Router Mode Interface eth1 Type WAN IP Address 192 168 2 2 Netmask 255 255 255 0 Gateway 192 168 2 1 Interface Wlan1 Type LAN IP Address 192 168 3 1 Netmask 255 255 255 0 Gateway eth1 Network RADIUS Properties RADIUS Retries 5 RADIUS Timeout 2 NAS Server ID User Session Timeout 72000 User Accounting Upda...

Page 175: ...0 0 Lease Time seconds 86400 DNS address 0 0 0 0 DNS Secondary address 0 0 0 0 Network DNS only for AP router mode Type Primary IP Address 0 0 0 0 Type Secondary IP Address 0 0 0 0 Network Static Route only for AP router mode No routes are defined on system WISP No WISP defined on system Wireless Basic Regulatory Domain FCC Channels 11 static Wireless Band 2 4GHz Mixed 11g Total Output Power EIRP ...

Page 176: ...Username domain No WISP defined on system System Settings System Administrator Super administrator Username admin case sensitive Password admin01 case sensitive System SNMP SNMP Service Enabled Readonly Community public Readwrite Community private Default Trap Community public There are no SNMP traps on system System Telnet Telnet Service Enabled SSH Service Enabled System NTP NTP Service Disabled...

Page 177: ...Liechtenstein AL Albania LT Lithuania DZ Algeria LU Luxembourg AS American Samoa MO Macao AD Andorra MK Macedonia the former Yugoslav republic of AO Angola MG Madagascar AI Anguilla MW Malawi AQ Antarctica MY Malaysia AG Antigua and Barbuda MV Maldives AR Argentina ML Mali AM Armenia MT Malta AW Aruba MH Marshall islands AU Australia MQ Martinique AT Austria MR Mauritania AZ Azerbaijan MU Mauritiu...

Page 178: ...CL Chile PS Palestinian territory occupied CN China PA Panama CX Christmas island PG Papua new guinea CC Cocos keeling islands PY Paraguay CO Colombia PE Peru KM Comoros PH Philippines CG Congo PN Pitcairn CD Congo the democratic republic of the PL Poland CK Cook islands PT Portugal CR Costa Rica PR Puerto Rico CI Côte d ivoire QA Qatar HR Croatia RE Réunion CU Cuba RO Romania CY Cyprus RU Russian...

Page 179: ... Sweden GL Greenland CH Switzerland GD Grenada SY Syrian Arab republic GP Guadeloupe TW Taiwan province of china GU Guam TJ Tajikistan GT Guatemala TZ Tanzania united republic of GN Guinea TH Thailand GW Guinea Bissau TL Timor leste GY Guyana TG Togo HT Haiti TK Tokelau HM Heard island and McDonald islands TO Tonga VA Holy see Vatican city state TT Trinidad and Tobago HN Honduras TN Tunisia HK Hon...

Page 180: ...Korea democratic people s republic of VG Virgin islands British KR Korea republic of VI Virgin islands u s KW Kuwait WF Wallis and Futuna KG Kyrgyzstan EH Western Sahara LA Lao people s democratic republic YE Yemen LV Latvia YU Yugoslavia LB Lebanon Zaire see Congo the democratic republic of the LS Lesotho ZM Zambia LR Liberia ZW Zimbabwe LY Libyan Arab Jamahiriya ...