7 Managing Security encryption provides no protection, and is only recommended when security is not of concern. WPA-AES is recommended for all installations, if possible.
Configuring Wireless Security Figure 102: Security Services - Security Mode WPA Security Select Enable WPA to activate the WPA authentication and encryption fields. The following options are available: Field Description WPA Security Mode WPA-EAP—For RADIUS-based networking keying WPA-PSK—For pre-shared keys Encryption Type AES, TKIP, AES and TKIP Click Apply to save the configuration, or Reset to return to the previously saved values.
7 Managing Security NOTE: Selecting WPA-EAP or WPA-PSK displays a link that leads to the SSID Authentication tab. Refer to “SSID Authentication” on page 140 for instructions on using this tab. WEP Security If it is necessary to configure WEP security, select Enable WEP to activate the WEP fields. Configure the following values in the WEP security area: Field Description Enable WEP Activate the WEP settings. The Airgo AP supports WEP with dynamic and manually entered keys.
Configuring Wireless Security Figure 103: Security Services - SSID Auth Assign the following values to configure SSID authentication: Feature Description SSID Name Select from the SSID pull-down list. Click SSID Details to view more SSIDrelated information, enable multiple SSIDs, or change other SSID attributes. WPA Pre-Shared Key Enter the pre-shared key for WPA, if appropriate. This field is grayed out if WPA-PSK is not the selected authentication type.
7 Managing Security If an external RADIUS server is to be used for MAC address based ACL lookups, the following apply: 1 The RADIUS server must have PAP authentication enabled for these MAC ACL users 2 The RADIUS server can expect the AP to send the following standard RADIUS attributes in the authentication request for purposes of policy configuration and interoperability.
Configuring Authentication Zones 4 The RADIUS server may optionally send back an attribute encoded with the user group. Configuring Authentication Zones RADIUS servers may be used to authenticate wireless users and administrative users, and to check MAC Access Control Lists for the SSID. Select Authentication Zones from the Security Services menu to define zones for RADIUS authentication and to add external RADIUS servers to the list of available authentication servers.
Managing Security Figure 105: Authentication Zones - Add Auth Zones To add a new authentication server, click Add Auth-Server, and enter the following values for each new RADIUS server: Field Description Auth Server IP address of the RADIUS authentication server. Shared Secret Enter and confirm the secret key. Port Number Port number for the server (default is 1812). Click Add to save the values, or click Reset to clear the fields on the panel.
Configuring Administrator Security Figure 107: Administrator Security - Admin Password Set the following values on this panel: Field Description Change Local Admin Password Enter the old password and the new password, and confirm the new password. This password is used for the local administrative login and the SNMPv3 administrative login.
7 Managing Security This attribute informs the AP that the user is not normal user, but rather an administrator who may be granted access to the privileged administrative interface. Viewing Security Statistics Choose Security Statistics item from the menu tree to open the Security Statistics panels. This panel contains the following tabs: • Auth Stats—View authentication statistics for each selected AP radio. • Suppl Stats (Supplicant Statistics)—View statistics on 802.
Viewing Security Statistics The tab contains the following information: Field Description Interface Select the radio interface of interest for viewing statistics. Last RX EAPOL Frame Source The source MAC address from the last EAPOL frame received by the AP. This identifies a station or BP that is currently authenticating or reauthenticating with the AP. Last RX EAPOL Frame Version The EAPOL version from the last EAPOL frame received by the AP.
7 Managing Security Figure 109: Security Statistics - Supplicant Stats The tab contains the following information: 148 Field Description Interface Select the radio interface of interest for viewing statistics. Last RX EAPOL Frame Source The source MAC address from the last EAPOL frame received by the BP. This identifies the upstream AP that is currently authenticating or reauthenticating with the BP. Last RX EAPOL Frame Version The EAPOL version from the last EAPOL frame received by the BP.
Viewing Security Statistics Field Description TX EAPOL The total number of EAPOL frames transmitted by this BP. TX EAPOL-Start The total number of EAPOL-Start frames transmitted by the BP. This count goes up as the BP requests the AP to start its authentication sequence. TX EAPOL-Logoff The total number of EAPOL-Logoff frames transmitted by the BP. This count will not increment as the BP does not send this 8021.x frame for security reasons.
7 Managing Security Field Description Auth Successes The total number of RADIUS authentication packets that contained an ACCESS-ACCEPT. These are sent by the RADIUS server when the authentication sequence succeeds. Auth Failures The total number of RADIUS authentication packets that contained an ACCESS-REJECT. These are sent by the RADIUS server when the authentication sequence fails.
Configuring Advanced Parameters Field Description RADIUS Retries Number of retransmit attempts, after which the RADIUS request is marked a failure. External RADIUS Group-Key Attribute (for User Group ID) RADIUS attribute used by the AP to determine the user group (see “SSID Details” on page 82). When a wireless user is authenticated by a RADIUS server, the server can optionally send the AP the ‘User Group’ for the association.
7 Managing Security 152 Installation and Configuration Guide: Airgo Access Point
8 Configuring Guest Access This chapter describes how to enable guest user access to the wireless network while protecting the network from unauthorized use. It contains the following sections: • Overview • Configuring Guest Access • Guest Access Services Panel Overview Guest access can be used to allow visitors to a facility to access the Internet through the wireless network without gaining access to the corporate network.
8 Configuring Guest Access Internal Landing Page The internal landing page is a configurable option within the Airgo AP. The guest password for the AP can be set using the Guest Access panel, or an automatically generated password can be configured through the User Management panel in NM Portal.
External Landing Page External Landing Page An external landing web page can be set up through a corporate web server. The URL for the landing page must use an IP address rather than a domain name. Regardless of the authentication process selected for the external page, it is necessary to forward authentication results to the AP upon completion of successful or unsuccessful guest authentication.1 Figure 113 shows a network configuration with an external guest landing page.
8 Configuring Guest Access Open Subnet In an optional open subnet arrangement, shown in Figure 114, unauthenticated guest users are permitted limited access to an open enterprise subnet specified in the Airgo AP. The enterprise open subnet must be part of the Guest VLAN. Extended access requires authentication through an internal or external landing page.
Configuring Guest Access Task (continued) Steps Create or confirm existence of a corporate VLAN. This can be the default untagged VLAN or a specially created VLAN. 1 Choose VLAN Configuration from the Networking Services menu to open the VLAN table (“VLAN Table” on page 106). 2 Confirm that the corporate VLAN is listed in the table, or click Add to create a new VLAN: Create the guest VLAN. 1 Choose VLAN Configuration from the Networking Services menu to open the VLAN table (“VLAN Table” on page 106).
8 Configuring Guest Access Task (continued) Steps Add guest access to the SSID and specify an internal or external landing page for guest users who attempt to access the network. 1 Choose Guest Access Configuration from the Guest Access Services menu to open the Guest table. 2 Click Add. 3 Confirm selection of the SSID and guest profile, as defined in the previous task. 4 Select whether the landing page will be internal or external.
Guest Access Services Panel Figure 115: Guest Access Configuration - Guest Table Perform the following functions from the Guest Table: Function Description Add an entry to the Guest Table One guest profile can be added for each SSID. If a profile is already assigned to an SSID and you add a new one, it replaces the previously defined profile. 1 Click Add. 2 Select the SSID. 3 Select the service profile from the Profile pull-down list.
8 Configuring Guest Access Function Description Delete an entry 6 Select the entry and click Delete. 7 Click OK to confirm. Guest Access Security The Security tab of the Guest Access Configuration panel (Figure 116) provides an interface to set the guest password for an internal landing page.
Guest Access Services Panel Auto-Generating Guest Passwords For optional generation of guest passwords automatically at set intervals, use the Guest User tab within the security area of NM Portal (Figure 117).
8 Configuring Guest Access 162 Installation and Configuration Guide: Airgo Access Point
9 Managing the Network This chapter explains how to use the NM Portal features of the Airgo Access Point to manage multiple APs across the network. It includes the following topics: • • • • • • • Introduction Using NM Portal Using the Network Topology Menu Managing Rogue Access Points Using the NM Services Menu Managing Network Faults Managing Users Introduction Network management refers to the coordinated control and supervision of multiple access points across a network.
9 Managing the Network Using NM Portal To use the Airgo AP for NM Portal services, it is necessary to initialize (bootstrap) the unit in NM Portal mode. Do so when initially configuring the AP, or by resetting the AP to factory defaults prior to booting. Chapter 3, “Installing the Access Point,” explains how to initialize an NM Portal and how to reset to factory defaults. NOTE: Before resetting the AP to factory defaults, make sure to have the original password shipped with the unit available.
Using the Network Topology Menu • Network Topology—Manage AP enrollment, wireless backhaul, IP address status, and radio neighbors. • NM Services—Set up network discovery, DHCP settings, and portal settings. • Fault Management—View alarm logs and syslog events. • Admin Tools—Upgrade AP software (see “Upgrading Software” on page 219). • Security Portal—Add network, administrative, and legacy users.
9 Managing the Network Figure 120: Network Topology - AP Enrollment - Not Enrolled Perform the following functions from this panel: 166 Function Description Enroll an AP 1 Select the desired AP, and click Enroll to open the Enroll an AP Entry panel (Figure 121). If the AP is not in the factory default state, a message is presented. Click the AP link to open the web interface for the AP and reset it to the factory default configuration.
Using the Network Topology Menu Figure 121: Network Topology - AP Enrollment - Enroll an AP Entry Panel The Enroll an AP panel contains information that uniquely identifies the AP. To verify the identity of the AP, compare the following information to the information on the paperwork shipped with the AP: Table 13: AP Enrollment Information Field Description AP Name Verify the alphanumeric name of the AP. The default is the IP address. IP Address Verify IP address of the AP.
9 Managing the Network Figure 122: Network Topology - AP Enrollment - Enrolled Perform the following functions as needed from the Enrolled APs tab: Function Description Unenroll Remove the AP from the set of enrolled APs Refresh Update the screen display to reflect the most recent enrollment changes Reboot Reboot the selected AP Click the IP address link for an AP Access the web interface for the selected AP in a new browser window NOTE: When an AP is unenrolled, the mutual trust between the NM
Using the Network Topology Menu Figure 123: Network Topology - Backhaul Topology This panel contains the following information for each backhaul link: Field Description Channel ID RF channel over which the backhaul traffic travels Source AP AP that begins the uplink backhaul trunk. The Source AP link opens the web interface for the AP in a new browser window. Source Radio MAC address of the radio used for the uplink (wlan0 or wlan1).
9 Managing the Network Figure 124: Network Topology - IP Topology The table includes the following information for each AP: 170 Field Description Name IP address assigned to the AP Device ID Unique AP identifier sent during the discovery process and required for AP enrollment. The device ID is included in the paperwork shipped with the AP. Operation State Indication of whether the AP can be reached from the NM Portal AP. The operation state is updated once every 5 minutes.
Using the Network Topology Menu Field Description Portal Services Indication of which portal services are configured on the AP (enrollment and security). Possible values: • Factory Default - AP has not yet been enrolled or bootstrapped.
9 Managing the Network Figure 125: Network Topology - Discovered Radios The Discovered Radios table contains the following information for each detected device: 172 Field Description MAC Address Address that uniquely identifies the detected device IP Address IP address of the detected device, if known Reporting AP The enrolled AP which reported the device to the NM Portal AP. If this field is blank, the AP was reported on a previous scan, but not the most recent one.
Managing Rogue Access Points Managing Rogue Access Points A rogue AP is an access point that connects to the wireless network without authorization. In some cases, the AP may be performing a legitimate function and the appropriate management action is to classify the AP as “known.” If it is not possible to identify a legitimate role for the AP, then the AP is considered to be a true rogue.
9 Managing the Network IP Rogue AP Management Select IP Rogue AP from the Rogue AP menu to open the table of IP-unclassified APs. This panel (Figure 126) lists the following information for each unclassified AP: Field Description Device ID Unique identifier for the AP Node Name Name of the AP advertised in the beacon frame Rejection Reason Failure that prevented the AP from passing authentication Time Discovered Time of the last IP scan that detected the AP.
Managing Rogue Access Points Perform the following functions from this tab: Function Steps Classify an AP as known 1 Select the AP from the list. APs are identified by Airgo device ID and IP address, if known. 2 Click Classify-Node to open the Classify the Rogue AP panel (Figure 127). 3 Select Our-Network to classify the AP as known within your wireless network. Select Neighbor-Network to classify the AP as known in a neighboring network. 4 Click Apply. The AP is now classified.
9 Managing the Network Figure 128: IP Rogue AP - Classified Wireless Rogue AP Management Wireless rogue management differs from IP rogue management in the type of discovery used to determine whether the AP is authorized to be part of the network. In wireless discovery, each AP scans the beacons sent by other APs within range and attempts to identify the APs from the information in the beacon. Select Wireless Rogue AP from the Rogue AP menu to open the table of unclassified wireless rogue APs.
Managing Rogue Access Points Field Description Reporting Time Time of the last wireless scan Figure 129: Wireless Rogue AP - Unclassified Perform the following functions from this tab: Function Steps Classify an AP as known 1 Select the AP from the list. APs are identified by MAC address. 2 Click Classify-Node to open the Classify the Rogue AP panel (Figure 130). 3 Select Our-Network to classify the AP as known within your wireless network.
9 Managing the Network Figure 130: Wireless Rogue AP - Classify Classified Tab The Classified tab (Figure 131) lists all the APs designated as known through wireless classification.
Using the NM Services Menu Using the NM Services Menu Use the NM Services menu to define and manage policies, configure parameters for network discovery, add information about DHCP servers, and add portals at remote locations. Working With Policies Policy Management provides tools to keep your network configuration synchronized to a defined set of rules. Open the Policy Management panel to manage configuration policies for distribution to the network of enrolled APs.
9 Managing the Network Figure 133: NM Services - Policy Management - Policy Table - Details (excerpt) Define Policy Define a default policy for bootstrapping other APs in the network by selecting the configuration of this AP as a model. The default policy is pushed automatically to newly enrolled APs. Use the Define Policy tab (Figure 134) to choose the default policy. NOTE: The Portal AP requires two radios in order to construct a default policy for 2radio APs.
Using the NM Services Menu Figure 134: NM Services - Policy Management - Define Policy Distribute Policy Use the Distribute Policy tab (Figure 135) to direct how policies are shared across the network. Figure 135: NM Services - Policy Management - Distribute Policy Configure the following fields on this tab: Field Description Select Policy to Distribute Select an existing policy from the pull-down list. Select All Policies to Distribute Select to distribute all the existing policies.
9 Managing the Network Field Description Target AP Name Select the APs to receive the policy or policies, or select Target AP Name to distribute to all the APs. Click Distribute Now to send the policies to the designated APs. Configuring Network Discovery Use the Network Discovery panel to set up the rules for AP discovery.The panel contains the following tabs: • Configuration—Specify discovery parameters. • Scope/Seed—Restrict discovery to specified subnetworks or IP address ranges.
Using the NM Services Menu Field Description Discovery Limit Restrict discovery to a number of APs. Once this limit is reached, the discover process stops. The range is 1-50 for (default is 50 APs). AP IP Address Specify the IP address of an AP that you want to manage but which is not part of the managed subnetwork specified in the discovery scope. AP's added to the managed network this way are termed “manually added” and can be managed by NM Portal.
9 Managing the Network Figure 137: NM Services - Discovery Configuration - Scope/Seed Configure the following fields on this tab: Field Description Discovery Scope Enter the IP address of the subnet that you want to discover. Discovery Scope Subnet Maskbits Enter the subnet prefix length for the discovery scope. Discovery Seed Specify a seed IP, which is the first address NM Portal will attempt to discover in the selected subnetwork.
Using the NM Services Menu Figure 138: NM Services - Discovery Configuration - Rogue AP Configuring Portals The Portal Configuration panel lists all the Airgo Access Point portals that your AP has discovered and permits addition of a standby security portal to ensure that the wireless user authentication service remains available even if the NM Portal AP temporarily loses its connection. The panel contains two tabs: • Portal Table—Add a redundant security portal and synchronize the portal databases.
9 Managing the Network Portal Table Use the Portal Table (Figure 139) to manage the security portals for the network. Figure 139: NM Services - Portal Configuration - Portal Table Perform the following functions on this tab: Field Description Add Redundant Security Portal Specify the IP address, and click Apply. Only an already-enrolled AP can be configured to be a redundant security portal. Portal Table View the list of currently identified NM Portal APs.
Using the NM Services Menu Field Description Sync Frequency Select to automatically synchronize the database between the portals. The sync frequency represents the duration in minutes at which NM Portal cross checks the portals in the network to make sure their databases synchronized with the NM Portal database. Click Apply to save the settings, or click Reset to return to the default values (autonomous selected, period 5 minutes).
9 Managing the Network Portal Backup Use the Portal Backup tab (Figure 141) to back up the portal databases and configuration to a TFTP server and to restore the configuration from the TFTP server. For backup and restore, enter the server IP address and specify a backup file name. For restore, enter the same TFTP server address and file name. If you want to reboot the AP once the configuration file has been copied, select Reboot.
Using the NM Services Menu DHCP Options Select the DHCP Options tab (Figure 142)to activate and configure the DHCP server. Figure 142: NM Services - DHCP Configuration - DHCP Options To activate the server, Enable DHCP Server and configure the following information: Field Description Lease Time Specify the maximum number of leases that the server should assign.
9 Managing the Network Field Description NTP Server Enter the IP address of the server or servers used to synchronize network clocks. There is no default. More than one NTP IP address may be specified (space separated). If you delete NTP servers, only those added manually are deleted. DHCPassigned NTP servers continue to be available. Click Add to save the configuration information. IP Range Select IP Range to configure address ranges for DHCP leases (Figure 143).
Using the NM Services Menu Click Apply to save the address information. Add additional interfaces if desired. The added interfaces are listed in the DHCP Address Range table at the bottom of the panel. To delete a DHCP interface, select the interface in the DHCP IP Address Range table, and click Delete. Leases The Leases tab (Figure 144) lists each network computer serviced by DHCP and its lease information.
9 Managing the Network Static IP Use the Static IP tab (Figure 145) to reserve static IP addresses for specific nodes. Figure 145: NM Services - DHCP Configuration - Static IP Enter the following information on this tab: Field Description Fully Qualified Domain Name Enter an alphanumeric name for the node, which is fully qualified by DNS. Client MAC Address Enter the MAC address that uniquely identifies the client station. Assigned IP Address/ Maskbits Assign the static IP address and maskbits.
Managing Network Faults The Alarm Summary panel contains three tabs: • Alarm Summary—View counts of system alarms in the managed network. • Alarm Table—View a detailed list of alarms. • Filter Table—Select events that should be filtered out of the reported alarm list. Alarm Summary The Alarm Summary tab (Figure 146) provides an aggregate count of alarms across the network managed by NM Portal.
9 Managing the Network Field Description Description Text description of the event Log Time Time the alarm occurred and was logged From Module The subsystem that is the source of the alarm. Modules include: • Authentication • Networking • Distribution • Configuration • Wireless • Discovery • NM Portal • SW Download NOTE: The filtering function on the Alarm Table tab only affects the information that is displayed in the Alarm Table at the bottom of the tab.
Managing Network Faults Figure 147: Fault Management - Alarm Summary - Alarm Table Configure the following fields to define a viewing filter: Field Description Alarm ID Select an alarm from the list to view only those specific alarms. Logging Module Name Select from the list to filter all the alarms from a specific system logging module. Alarms From (Host Address) Select an AP to view only the alarms generated by that AP.
9 Managing the Network Table 14: Airgo Access Point Alarms Alarm ID Description Discovered new node Generated when a new Airgo Access Point is discovered by NM Portal for the first time. Node deleted from network Generated when a previously-discovered node is deleted from the system. When the node is deleted, all information about that node is deleted from NM Portal.
Managing Network Faults Table 14: Airgo Access Point Alarms (continued) Alarm ID Description STA Association Failed Generated when a 802.11 client station fails in its attempt to associate to the AP radio.
9 Managing the Network Table 14: Airgo Access Point Alarms (continued) Alarm ID Description WDS Failed Generated when wireless backhaul formation fails. The message includes the MAC address of the end node. This alarm can help track losses in network connectivity. Reason Codes: 0 - System Failure 1 - Maximum BP count has been reached (this relevant only for AP) 2 - Join attempt to the uplink AP failed (BP side only) WDS Up Generated when a wireless backhaul formation succeeds.
Managing Network Faults Table 14: Airgo Access Point Alarms (continued) Alarm ID Description Management User login success Generated when a management user successfully logs in to the local AP. Management User login failure Generated when a management user fails to log in to the AP. STA failed EAPOL MIC check Generated when the MIC fails during EAPOL key exchange process.
9 Managing the Network Table 14: Airgo Access Point Alarms (continued) Alarm ID Description Premature EAP-Success receive Generated when an upstream AP sends an EAP success before authentication is complete. This may indicate that a rogue AP is trying to force an AP to join before authentication is complete. Profile not configured for user-group Generated when the AP determines that the station is a member of a group that does not have a service profile defined for this SSID.
Managing Network Faults Table 14: Airgo Access Point Alarms (continued) Alarm ID Description EAP response timeout Generated when a station fails to send an EAP-Response in time to complete its authentication sequence using the specified authentication type and encryption. The two authentication modes that require the station to send EAP responses are WPA EAP and legacy 8021.x for dynamic WEP. This alarm may mean that a user prompt is not attended to on the client side.
9 Managing the Network Figure 148: Fault Management - Alarm Summary - Alarm Filter Viewing the Syslog Select SYSLOG from the Fault Management menu to view syslog messages used for network troubleshooting. The most recent messages are in the default message file, Messages, with the latest messages at the top. To view older messages, select the appropriate message.x file from the list on the SYSLOG panel (Figure 149).
Managing Users Figure 149: Fault Management - SYSLOG Managing Users Choose User Management from the Security Portal menu to manage the authentication of users by way of the internal RADIUS database on the NM Portal AP. The panel contains three tabs: • • • • Wireless Users—Manage users who seek access to the wireless network. Admin Users—Manage administrators responsible for the wireless network. MAC ACLs—Identify and manage users using the MAC addresses of their computers.
9 Managing the Network Figure 150: Security Portal - User Management - Wireless Users To add a new user, click Add to open the Add Wireless User entry panel (Figure 151). Figure 151: Security Portal - User Management - Add Wireless User Enter the following information: Field Description Login Name Assign a login name for network access (required). User Group Select a user group as defined in the RADIUS server. First Name Enter the first name of the user.
Managing Users • Email. If an SMTP server is configured, then the certificate is mailed to the user. To install the emailed certificate on the PC: a Ask the administrator for the password associated with the certificate. This password is displayed in the user details page. b Double click on the certificate obtained through email. When the certificate installation wizard asks for the password, supply the previously-obtained password. • Download.
9 Managing the Network The tab opens with a list of current administrative users. To add a new user, click Add, and enter the following information in the Add Administrative User entry panel (Figure 154): Field Description Login Name Assign a login name for network access (required). Password Enter the password and enter it again in the Confirm Password field (required). User First Name Enter the first name of the user. User Last Name Enter the last name of the user.
Managing Users Figure 155: Security Portal - User Management - MAC-ACLs The tab opens with a list of current MAC-ACL users. To add a new user, click Add and enter the following information in the Add MAC Address User entry panel (Figure 156): Field Description MAC Address Enter the MAC address that uniquely identifies the device. Use the tab key to move between the successive two-character fields (required). User Group Select a group from the list or create a new group.
9 Managing the Network 208 Installation and Configuration Guide: Airgo Access Point
10 Maintaining the Access Point This chapter describes the tools available to maintain the Airgo Access Point. It contains the following sections: • • • • • Rebooting the AP Managing the System Configuration Click Apply to save the entries or Reset to return to the previously saved values. Upgrading Software Common Problems and Solutions Rebooting the AP Choose Reboot AP from the System Services menu to order a reboot of the access point. To begin the process, click Reboot (Figure 158).
10 Maintaining the Access Point IP Configuration Use the IP Configuration tab (Figure 158) to update the IP and basic system configuration for the Airgo AP. Figure 158: System Configuration - IP Configuration The tab is divided into two sections. Click Apply after configuring each section, or Reset to return to the default values. Configure the following fields: 210 Field Description DHCP Assigned IP address Enables the AP to obtain an IP address for the AP from the network DHCP server.
Managing the System Configuration Syslog Configuration Syslog tracks and records information about network activities for later viewing and analysis. CAUTION: Only an authorized administrator should change syslog levels or enable or disable syslog capabilities. Arbitrary changes to syslog can adversely affect the AP. The top area of the Syslog panel (Figure 159) provides controls to set the logging level and scope for a variety of functional areas or modules.
10 Maintaining the Access Point The tab contains the following settings: Field Description Syslog-Level Select the activity level that triggers a syslog entry. Choose from several levels (Emergency, Alert, Critical, Error, Warning, Notice, Info, or Debug). (required) Syslog-Level Module Select whether to record a specific type of activity, or include all the activities in the list. (required) Remote Syslog Logging Indicate whether to enable a remote server to monitor events across the network.
Managing the System Configuration Figure 161: System Configuration - NMS Configuration Enter the following values to set the NMS configuration: Field Description Primary Manager IP Enter the IP address of the NM Portal or NMS Pro server responsible for managing the AP. (required) Auxiliary Manager IP If applicable, enter the IP address of the NM Portal AP used to manage the AP at the branch location (in conjunction with an NMS Pro server as a primary manager.
10 Maintaining the Access Point Figure 162: System Configuration - Hardware Options Select the following parameters on this tab Field Description Enable Real Time Clock Use the real time clock (RTC). Enable Buzzer Activate the AP buzzer to locate the AP, if necessary. Click Apply to save the entries or Reset to return to the previously saved values. Managing the AP Configuration Choose Configuration Management from the System Services menu to open the Configuration Management feature panel.
Managing the AP Configuration Task Steps Restore the AP configuration 1 In the Restore Configuration area, click Browse and select the configuration file. 2 Click Apply to restore the configuration and reboot the AP. NOTE: If the AP has been unenrolled or restored to factory defaults, it is not possible to reapply the configuration using this method. The AP must be reenrolled and have a new configuration created. Generate support logs 1 Click Generate Support Logs.
10 Maintaining the Access Point Click Refresh to update the selected report Figure 164: 216 Configuration Management - Configuration Reports Installation and Configuration Guide: Airgo Access Point
Managing the AP Configuration Reset Configuration Use the Reset Configuration tab to reset the AP configuration or revert to the defaults for individual subsystems (Figure 165).
10 Maintaining the Access Point Perform the following functions on this tab: Function Description Reset to Default 1 Select Reset AP Startup Configuration Only or AP Configuration and Databases to Factory Defaults. 2 Click Apply to reboot the AP with the selected configuration. Reset Subsystems to Defaults 1 Select one or more individual subsystems to reset. 2 Click Apply to reboot the AP with the selected defaults. Click Reset to clear the selections on the tab.
Upgrading Software Figure 166: Configuration Management - TFTP Backup Upgrading Software From the NM Portal web interface, you can upgrade the software on enrolled APs throughout the network in one operation. You can also upgrade any individual, non-portal AP from the AP web interface. The same interface is used for both situations; however, access to the interface is different for an NM Portal than for a non-portal AP.
10 Maintaining the Access Point Figure 167: Software Upgrade The Software Upgrade panel offers two upgrade options. The Software Image Upgrade option uses https to download the software image to the AP. The Software Download via TFTP option uses TFTP to download the software image. Select only one of these options; it is not possible to use both methods at the same time.
Upgrading Software NOTE: It is important to perform software upgrades during a scheduled maintenance window. Upgrading takes approximately 4-5 minutes per AP, and upgrading multiple APs from an NM Portal is a serial process. To manage system resources during a software upgrade, the AP shuts down some services (such as CLI sessions) to create temporary memory and to validate the image prior to writing to AP's flash. CAUTION: Do not leave the Software Upgrade panel while download is taking place.
10 Maintaining the Access Point Figure 168: Software Upgrade - Download Status The software distribution process begins by sending the software to the first selected AP. As soon as this AP receives the software, it upgrades its image and reboots automatically. The process then moves to the next selected AP. After all the APs have been upgraded, the NM Portal AP is upgraded and rebooted. The administrator must again log in to the NM Portal web interface after an upgrade and reboot.
Upgrading Software Canceling a Distribution To cancel software distribution at any time, you must click Cancel All. This cancels distribution to APs that have not yet been upgraded, restarts services that were shut down during the upgrade, and removes the image file from the AP RAM. Cancellation is performed serially for multiple AP distributions. Canceling during distribution does not cause any damage to the APs. If the distribution on a remote AP is cancelled, the AP will be automatically rebooted.
10 Maintaining the Access Point Status Explanation Done. Rebooting... The flashing is complete and the AP is rebooting. When the distribution is complete, the message Software Distribution is Complete is displayed, regardless of whether the distribution was successful. If a portal AP is not included in the download, then all services restarted automatically after the distribution.
Common Problems and Solutions Table 15: Common Problems and Solutions Symptom Problem Solution Poor or lower than expected signal strength, as measured by wireless network adapters attempting to connect to the Access Point. Access Point may be poorly placed, or external antenna not connected properly. The Access Point and/or its external antenna should not be in an obstructed location. Metallic objects (such as equipment racks) and some construction materials can block wireless signals.
10 Maintaining the Access Point 226 Installation and Configuration Guide: Airgo Access Point
A Using the Command Line Interface This appendix explains how to access and interact with the command line interface (CLI). For detailed information on specific commands, see the CLI Reference Manual. Using the Command Line Interface To connect to the AP for command line interface access using Secure Shell (SSH), do the following: 1 Launch your SSH client application. NOTE: SSH Communications provides an SSH client, http://www.ssh.com.
A Using the Command Line Interface 4 To see the list of available commands, type a question mark (?). For a list of hot keys (short cuts for console functions, press Ctrl-H. There are two important modes in console access, one is show mode and the other is config mode. In show mode, examine the AP’s configuration settings and status. Use config mode to change values. To go into either mode from the main command> prompt, type either show or config. Toggle between show and config modes by pressing Ctrl-P.
Using the Console Port for CLI Access 9 To see the list of available commands, type a question mark (?). For a list of hot keys (short cuts for console functions, press Ctrl-H. There are two important modes in console access, one is show mode and the other is config mode. In show mode, examine the AP’s configuration settings and status. Use config mode to change values. To go into either mode from the main command> prompt, type either show or config. Toggle between show and config modes by pressing Ctrl-P.
A Using the Command Line Interface 230 Installation and Configuration Guide: Airgo Access Point
B Regulatory and License Information This appendix contains the regulatory and license information specific to the Airgo Access Point hardware and software. Table 16: Regulatory and License Compliance ID Access Point Requirement Details CERT1 Safety UL 1950 third edition TUV approval UL-2043 (Fire and Smoke) Compliance CERT2 EMC EMC Directive 89/336/EEC (CE Mark) CERT3 Radio Approvals FCC CFR47 Part 15, section 15.
B Regulatory and License Information 232 Installation and Configuration Guide: Airgo Access Point
C Alarms Alarms generated by the Airgo Access Point are stored persistently on the AP. The Airgo AP can store approximately 130 * 2 = 260 alarms in total. When the number of alarms exceeds this limit, the oldest alarm set is discarded. All alarms generated by the Airgo Access Point have the following parameters: • Event ID: The internal event number that uniquely identifies the event. • Log-level: The criticality of the event. All alarms are logged at the same criticality.
C Alarms • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 234 “Policy: Policy Download Failed” on page 238 “Software Download: Image Download Succeeded” on page 239 “Software Download: Image Download Failed” on page 239 “Software Download: Software Distribution Succeeded” on page 240 “Wireless: Radio enabled (BSS Enabled)” on page 241 “Wireless: Radio Disabled (BSS disabled)” on page 241 “Wireless: BSS Enabling Failed” on page 242 “Wireless: Frequency Changed” on page 2
Discovery: Discovered new node Discovery: Discovered new node Alarm generated when a new Airgo AP is discovered in the nework. Syntax: DeviceId %s discovered node [deviceId=%s, IP=%s, Subnet=%s]. Alarm Parameters DeviceID The Portal’s Device ID.
C Alarms Usage: Examples: sweep. Informational log. DeviceId AP_00-0A-F5-00-02-1F Node [Ip=192.168.74.210, persona=6] deleted from database. See Also: Discovery: Managed nodes limit exceeded Generated when a the number of nodes discovered exceeds the predefined limit on the NM portal. Syntax: On Device %s Node[Ip=%s] managed node limit exceeded. Current managed nodes limit is %d.
Enrollment: Node Un-enrolled NodeIp The IP address of the remote AP Persona The Persona of the remote AP 6 = Security Portal 2 = Normal AP Alarm Severity Severity Description: Usage: Examples: Critical This alarm is generated when the Airgo AP has been successfully enrolled into the network. Informational log. NMPortal with DeviceId AP_00-0A-F5-00-01-77 has successfully enrolled a remote node having DeviceIdId=AP_00-0A-F5-00-01-7A NodeIp=172.16.12.
C Alarms Policy: Policy Download Successful Alarm generated when a policy is successfully downloaded to an AP.
Software Download: Image Download Succeeded Description: Usage: Examples: This alarm is sent when a policy downloaded to an AP could not be consumed correctly either due to an error in the policy or software version mismatch or due to some other error. Informational log. For accesspoint Node AP_00-0A-F5-00-01-7D The policy [defaultpolicy.
C Alarms from The device ID of the source of the image error The failure error code time The time at which the error occurred Alarm Severity Severity Critical Description: Usage: This alarm is when an image is un-successfully downloaded and applied to an AP. Image download failures can happen due to corrupted images, invalid length images or due to connectivity failures.
Wireless: Radio enabled (BSS Enabled) Wireless: Radio enabled (BSS Enabled) Notification which indicates that AP radio has been enabled. Syntax: "Device ID %s radio %d is enabled, its operational state is %d operating on %d" Alarm Parameters DeviceId The Device ID of the Airgo AP Radio Identifies Radio by interface ID on the Access Point Operational Mode This indicates the operational mode of the radio whether it is 802.11a, 802.11b or 802.
C Alarms b. Radio reset caused due to application of wireless specific configuration c. Radio reset triggered by hardware d. Radio reset due to change in SSID Examples: Device Id AP_00-0A-F5-00-01-B6 radio 4 disabled See Also: Wireless: BSS Enabling Failed Notification which indicates that the AP radio (BSS) enabling failed.
Wireless: STA Association Failed Radio Identifies Radio by interface ID on the Access Point Channel ID This indicates the channel on which the AP is operating. Cause Code Reason why frequency changed Alarm Severity Severity Description: Critical This is a notification generated when operating frequency is changed for an AP radio due to either user triggers or events such as peridic DFS. The reason code can have an value of 0 which is unspecified reason. The new channel ID is also provided.
C Alarms 1 - Invalid parameters received from station in association request 2 - Only stations are allowed to associate with this AP based on current configuration 3 - Only backhauls can be formed with this AP based on current configuration 4 - Max backhaul limit is reached based on the 'Max Trunks' configuration for AP Admission Criteria 5 - Max station limit is reached based on the 'Max Stations' configuration for SSID 6 - SSID received in association request does not match SSID in AP configuration.
Wireless: STA Disassociated Severity Critical Description: This is a notification generated when a association and authentication from a 802.11 station succeeds with the AP radio. In addition count of current associated stations, type of association and user ID is provided. User ID is user name if RADIUS authentication is used and MAC address otherwise. Usage: Examples: Informational log.
C Alarms Wireless: WDS Failed Notification which indicates a failure in formation of Wireless Backhaul Syntax: "WDS trunk brought down for DeviceId %s radio %d remote MAC %s CauseCode %d" Alarm Parameters DeviceId The Device ID of the Airgo AP Radio Identifies Radio by interface ID on the Access Point Remote MAC Address MAC address of remote end of backhaul link Cause Code Reason Code for WDS formation failure Alarm Severity Severity Description: Critical This is a notification generated when
Wireless: WDS Down Radio Identifies Radio by interface ID on the Access Point Remote MAC Address MAC address of remote end of backhaul link Backhaul Count Number of backhauls which are formed to this AP radio Cause Code Indicates whether backhaul was a retrunk or not Alarm Severity Severity Description: Critical This is a notification generated when a wireless backhaul formation succeeds. The remote end’s MAC address is provided.
C Alarms 1 2 3 Loss of Link (applies to BP side only) Trunk brought down by uplink AP (applies to BP side only) User retrunk issued (this can occur due to new backhaul configuration being applied on BP) Trunk has reformed with another AP (AP side only) Trunk brought down by BP (applies to AP side only) 4 5 Usage: Examples: Informational log WDS trunk brought down for Device ID AP_00-0A-F5-00-01-B6 radio 4 remote MAC 00:0a:f5:00:3a:fb CauseCode 0 See Also: Security: Guest Authentication Succeeded Notif
Security: Guest Authentication Failed See Also: Security: Guest Authentication Failed Security: Guest Authentication Failed Notification which indicates that a “Guest Access” Station has failed authentication Syntax: "For device id %s, Guest authentication failed for STA %s on radio %d with SSID %s using captive portal %s and guest mode %d due to %d" Alarm Parameters DeviceId The Device ID of the Airgo AP Station MAC address of the Guest STAtion.
C Alarms Alarm Parameters DeviceId The Device ID of the Airgo AP RADIUS server The IP address of the RADIUS server. Port The port used to communicate with the RADIUS server.
Security: RADIUS Server timeout Node MAC address of the BP node Radio Identifies Radio by interface ID on the Access Point Device ID The Device ID of the BP node SSID Identifies the SSID on this AP that the STA has associated with Alarm Severity Severity Description: Usage: Examples: Critical This notification is generated when a Bridge Portal (radio) authentication fails. The context of the BP radio and the RADIUS server which rejected the BP radio are also provided.
C Alarms Radio Identifies Radio by interface ID on the Access Point User Supplicant User ID established during EAPOL Authentication exchange SSID Identifies the SSID on this AP that the STA has associated with Alarm Severity Severity Description: Usage: Examples: Critical This notification is generated when the RADIUS server fails to respond within a certain timeout period. This indicates that the AP has determined that a RADIUS server has failed to respond within the RADIUS timeout.
Security: Management User login failure succeeded. Examples: For device-id AP_00-0A-F5-00-01-89 , the management user 'admin' with privilege level 1 logged in succesfully via 1 See Also: Security: Management User login failure Notification which indicates that the AP has determined that a Management user login has failed. Syntax: "For device-id %s, the management user '%s' failed to login successfully via %d” DeviceId The Device ID of the Airgo AP Management User Username of management User.
C Alarms User Supplicant User ID established during EAPOL Authentication exchange SSID Identifies the SSID on this AP that the STA has associated with Authentication Type The valid types include: WPA PSK (3), WPA EAP (4) Key Exchange 0 for pairwise key exchange, and 1 for group key exchange. Alarm Severity Severity Description: Usage: Examples: Critical This notification is generated when the MIC fails during EAPOL key exchange process.
Security: Auth Server Improperly configured on this SSID Usage: Examples: authentication on a given SSID, but no WPA pre-shared key is setup for that SSID. This indicates that the AP has determined that a STA is attempting to perform WPA-PSK authentication – but no WPA Pre-shared Key has been configured on this AP for that SSID. Recall that WPA PSK’s are configured per SSID.
C Alarms Security: STA failed to send EAPOL-Start Notification which indicates that the STA has failed to send an EAPOL-Start even though it was expected to for EAP based authentication. Syntax: "For device-id %s, the STA %s on radio %d and SSID %s failed to send an EAPOL-Start in order to begin auth of type %d" Alarm Parameters DeviceId The Device ID of the Airgo AP Station MAC address of the Station.
Security: RADIUS timeout too short RADIUS server The IP address of the RADIUS server. Port The port used to communicate with the RADIUS server.
C Alarms Usage: Examples: RADIUS server, as opposed to not receiving any response at all. The AP may have attempted multiple retries or may even have switched to another RADIUS server by this time. This indicates that due to higher latencies in the network, it might be better to increase the timeout associated with the authentication server. This indicates that the AP has determined that a RADIUS server has sent a late response. For device-id AP_00-0A-F5-00-01-89 , the RADIUS server 192.168.75.
Security: Upstream AP is using an untrusted auth server Usage: This indicates that the AP has determined that the station authentication sequence did not complete in time.
C Alarms Security: Upstream AP is using a non-portal node as its auth server Notification which indicates that the local BP has determined that the upstream AP is using a nonportal node as an auth server. Syntax: "For device-id %s, the upstream AP %s with SSID %s authenticating via local BP radio %d is using a non portal node %s with certificate SHA-1 thumbprint %s as its auth server: YOUR ENROLLMENT DATABASE MIGHT BE OUT OF SYNC.
Security: Premature EAP-Success received local BP radio %d failed an EAPOL-MIC check with auth-type %d during key exchange %d" Alarm Parameters DeviceId The Device ID of the Airgo AP AP The MAC address of the upstream AP. SSID Identifies the SSID on this AP that the STA has associated with. Radio Identifies Radio by interface ID on the Access Point Authentication Type The valid types include: RSN PSK (3), RSN EAP (4) Key Exchange Pairwise key exchange (0), group ky exchange (1).
C Alarms Severity Description: Usage: Examples: Critical This notification is generated when an upstream AP sends an EAP success before authentication is completed. This may be a rogue AP trying to force an AP to join even before authentication is complete. This indicates that the local BP has received an EAP-Success before authentication has even been completed.
Security: STA has failed security enforcement check Security: STA has failed security enforcement check Notification which indicates that the AP has determined that a STA has failed the security enforcement checks for its service profile.
C Alarms Security: Guest Authentication Succeeded Notification which indicates that a “Guest Access” Station has been successfully authenticated Syntax: "For device-id %s , Guest authentication succeeded for STA %s on radio %d with SSID %s using captive portal %s and guest mode %d" Alarm Parameters DeviceId The Device ID of the Airgo AP Station MAC address of the Guest STAtion.
Security: AP Detected Bad TKIP MIC Station MAC address of the Guest STAtion. Radio Identifies Radio by interface ID on the Access Point SSID Identifies the SSID on this AP that the Guest has associated with. Captive Portal Identifies the “Landing Page” that has accomplished authentication of the Guest STA. This is either simply the Internal “Landing Page”, or a URL identifying the “External Landing Page” which performed the authentication. Guest Mode Currently, always set to 4.
C Alarms frame. All packets received by the AP are always encrypted with the pairwise/ unicast key. Examples: For device-id AP_00-0A-F5-00-01-89 , a bad TKIP MIC was detected on an incoming unicast packet from STA 00:0a:f5:00:05:cc on radio 0 See Also: Security: BP Detected Bad TKIP MIC on Incoming Unicast Notification which indicates that the BP has detected a BAD TKIP MIC value in an incoming frame from the AP that is encrypted with the pairwise/unicast key.
Security: STA Detected Bad TKIP MIC on Incoming Unicast DeviceId The Device ID of the Airgo AP Radio Identifies Radio by interface ID on the Access Point AP MAC address The MAC address of the source AP Alarm Severity Severity Description: Usage: Examples: Critical This notification is generated when a bad TKIP MIC is detected by a local BP radio, identified by aniApRadioIndex, on an incoming multicast or broadcast packet from the AP where the packet is encrypted with the group/multicast/ broadcas
C Alarms See Also: STA Deteted Bad TKIP MIC on Incoming Multicast/Broadcast Security: STA Detected Bad TKIP MIC on Incoming Multicast/Broadcast Notification which indicates that a STA associated with this AP has detected a BAD TKIP MIC value in a multicast/broadcast frame it received from the AP.
Security: EAP User-ID timeout Description: Usage: Examples: This notification is generated when a TKIP counter measures lockout period for 60 seconds is started. This indicates that the AP has determined that an attempt is underway to compromise the secure operation of TKIP. This happens if two MIC failures are detected within a 60 second interval. If this happens, the AP disassociates all STAs and prevents new STAs from associating for a period of 60 seconds.
C Alarms See Also: EAP Response Timeout, STA Authentication Timeout Security: EAP response timeout Notification which indicates that the STA has failed to respond, in a timely manner, with an EAP response during the authentication exchange.
Security: EAPOL Key exchange – message 2 timeout Security: EAPOL Key exchange – message 2 timeout Notification which indicates that the STA has failed to respond, in a timely manner, with EAPOL 4way handshake message number 2. Syntax: "For device-id %s, the STA %s[%d] on radio %d with user %s and SSID %s did not send the WPA EAPOL-Key Pairwise Messg #2 in time where authtype %d and enc-type %d" Alarm Parameters DeviceId The Device ID of the Airgo AP Station MAC address of the Station.
C Alarms Security: EAPOL Key exchange – message 4 timeout Notification which indicates that the STA has failed to respond, in a timely manner, with EAPOL 4way handshake message number 4. Syntax: "For device-id %s, the STA %s[%d] on radio %d with user %s and SSID %s did not send the WPA EAPOL-Key Pairwise Messg #4 in time where authtype %d and enc-type %d" Alarm Parameters DeviceId The Device ID of the Airgo AP Station MAC address of the Station.
Security: EAPOL Group 2 key exchange timeout type %d and enc-type %d" Alarm Parameters DeviceId The Device ID of the Airgo AP Station MAC address of the Station. bpIndicator Identifies if the supplicant is a BP (1), or a STA (0). Radio Identifies Radio by interface ID on the Access Point User User ID established during EAPOL Authentication exchange (if applicable) SSID Identifies the SSID on this AP that the STA has associated with.
C Alarms 274 Installation and Configuration Guide: Airgo Access Point
Glossary This glossary defines terms that apply to wireless and networking technology in general and Airgo products in particular. 802.1x Standard for port-based authentication in LANs. Identifies each users and allows connectivity based on policies in a centrally managed server. 802.11 Refers to the set of WLAN standards developed by IEEE. The three commonly in use today are 802.11a, 802.11b, and 802.11g, sometimes referred to collectively as Dot11.
Glossary Basic Service Set (BSS) The set of all wireless client stations controlled by a single access point. The BSSID, or identifier, for the basis service set can be assigned or default to the MAC address of the access point. Bridge A connection between two (or more) LANs using the same protocol. Virtual bridges are used as a means of defining layer 2 domains for broadcast messages. Each virtual bridge uniquely defines a virtual local area network (VLAN).
Glossary This establishes a secure channel over which the supplicant can be authenticated to the server. Extended Service Set (ESS) A set of multiple connected BSSs. From the perspective of network clients, the ESS functions as one wireless network, with clients able to roam between the BSSs within the ESS. ESSID Name or identifier of the ESS used in network configuration.
Glossary MAC address authentication Method of authenticating clients by using the MAC address of the client station as opposed to the user. Network Address Translation (NAT) The translation of one IP address used within a network to another address used elsewhere. One frequent use of NAT is the translation of IPs used inside a company, versus the IP addresses visible to the outside world.
Glossary measured, and improved. In a wireless network, QoS is commonly managed through the use of policies. Remote Authentication Dial-In User Service (RADIUS) A client/server protocol and software that enables remote access servers to communicate with a central server to authenticate users and authorize service or system access. RADIUS permits maintenance of user profiles in a central repository that all remote servers can share.
Glossary Static IP Address A permanent IP address assigned to a node in a TCP/IP network. Subnet Portion of a network, designated by a particular set of IP addresses. Provides a hierarchy for addressing in LANs. Also called subnetwork. Subnet Mask A TCP/IP addressing method for dividing IP-based networks into subgroups or subnets (compare with maskbits). Each triplet of digits in an IP address consists of 8 bits. To specify using a subnet mask, indicate the masked bits as an IP address.
Index Numerics 128-bit encryption 137 64-bit encryption 137 802.11 802.11a,802.11b,802.11g 7 definition 275 extensions 69 mode in 2.4 GHz band 69 policy configuration 69 802.11i 12 802.1p 7 802.1Q 7 802.
Index statistics 102 bridge and STP tab 100 bridging services 100 broadcast SSID in beacon 81 BSS type 172 BSSID 276 BSSID criteria 130 burst ack 69 buzzer 213, 214 byte statistics 88 C cabling requirements 26 campus installation 16 candidate APs 131 captive portal 153 cell size and range management 3 certificate 204 channel ID 169 set 65 channel configuration 35, 41, 64 channel list 65 channel management 3 choosing access point locations 25 class 172 class of service (COS) 6, 82, 111, 112, 276 class orde
Index filters 119 fragmentation threshold 72 FUNK-RADIUS 5 G gateway IP address 210 generating bootstrap policy 180 global radio configuration 57 graph link test 95 group key retries 150 group name 87 guest access 153 and VLANs 157 and wireless security 156 configuring 156 external landing page 53 internal landing page 51 overview 6 panel 158 security 160 shared secret 53 task overview 15 URL 53 VLAN 53 wizard 50 guest access security 135 guest password 154, 158 guest service profile 157 guest table 158 g
Index management 12, 163 radio neighbors 171 topology 165 network address translation (NAT) 278 network density 34 network interface card (NIC) 278 network management system (NMS) 278 network time protocol (NTP) 278 networking services 99 NM Explorer Home panel 164 NM Portal 4, 163 access 45 features 163 initializing 36 NM services 179 NMS configuration 212 NMS Professional 1 NMS-Professional 2, 163 interface options 8 no authentication security 137 node 278 normal AP 127 NTP server 189 O open access 140
Index data encryption 12 enforcement 82 enrollment 12 features 5 guest access 135 mode 138 overview 11 statistics 88, 146 user 135 wireless 138 security portal 4 enrolling 167 redundant 186 seed 183 selecting method 12 serial number 44 service profile 79 add or modify 85 bind to SSID 79 change binding 83 guest 157 SSID binding 83 task overview 15 service set identifier (SSID) 279 and service profiles 79 broadcast in beacon 81 details 82 information 80 max stations 80 multiple SSIDs 85 name 34 service type
Index guest access 53 ID 106, 108 interface 5 name 106 overview 5 statistics 110 table 106 tag 106 task overview 15, 20, 22 user 5, 108 VLANS multiple 5 VLAN-to-COS mapping 111 user security 45 wlan0, wlan1 99 world mode 65 country code 41, 58 multi domain support 41, 58 WPA security 139 WPA-AES 137 WPA-EAP 139 WPA-PSK 137, 139 WPA-PSK passphrase 35 WPA-TKIP 137 W walk test 97 parameters 97 web browser interface 8, 30 navigating the interface 37 web interface 8 Wi-Fi 280 wi-fi protected access (WPA) 5, 1