Professional Access Point Administrator Guide R46.1161.00 rev 1.
Professional Access Point Administrator Guide Professional Access Point Administrator Guide U.S. Robotics Corporation 935 National Parkway Schaumburg, Illinois 60173-5157 USA No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as a translation, transformation, or adaptation) without written permission from U.S. Robotics Corporation. U.S.
Professional Access Point Administrator Guide iv
Professional Access Point Administrator Guide Contents About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .ix Getting Started Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Professional Access Point Administrator Guide Events . . . . . . . . . . . . . . . Transmit/Receive Statistics Client Associations . . . . . . Neighboring Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Professional Access Point Administrator Guide CE Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 U.S. Robotics Corporation Two (2) Year Limited Warranty . 283 1.0 2.0 3.0 4.0 5.0 6.0 7.0 GENERAL TERMS: . . . . . . . . . . . . CUSTOMER OBLIGATIONS: . . . . . . OBTAINING WARRANTY SERVICE: . WARRANTY REPLACEMENT: . . . . . LIMITATIONS:. . . . . . . . . . . . . . . DISCLAIMER: . . . . . . . . . . . . . . . GOVERNING LAW: . . . . .
Professional Access Point Administrator Guide viii
Professional Access Point Administrator Guide About This Document This guide describes setup, configuration, administration and maintenance of one or more Professional Access Points on a wireless network. Administrator Audience This information is intended for the person responsible for installing, configuring, monitoring, and maintaining the Professional Access Point as part of a small-to-medium business information technology infrastructure.
Professional Access Point Administrator Guide Recommended Settings, Notes and Cautions An arrow next to field description information indicates a recommended or suggested configuration setting for an option on the Access Point. A Note provides more information about a feature or technology and cross-references to related topics.
Professional Access Point Administrator Guide Getting Started This part of the Professional Access Point Administrator Guide provides the information that you need to establish a network by performing basic installation for one or more Professional Access Points: • Overview • Pre-Launch Checklist: Default Settings and Supported Administrator/Client Platforms • Setting Up and Launching Your Wireless Network Overview The Professional Access Point provides continuous, high-speed access between your wir
Professional Access Point Administrator Guide • • Maintainability What’s Next? Features and Benefits IEEE Standards Support and Wi-Fi Compliance • Support for IEEE 802.11b and IEEE 802.11g wireless networking standards • Provides bandwidth of up to 11 Mbps for IEEE 802.11b and 54 Mbps for IEEE 802.
Professional Access Point Administrator Guide • Wi-Fi Protected Access 2 (WPA2/802.
Professional Access Point Administrator Guide information to systems on the LAN/WLAN. • Virtual Local Area Network (VLAN) support SNMP Support The Professional Access Point includes the following standard Simple Network Protocol (SNMP) Management Information Bases (MIB): • SNMP v1 and v2 MIBs • IEEE802.11 MIB • Four USRobotics proprietary MIBs support product, system, channel, and wireless system statistics.
Professional Access Point Administrator Guide Pre-Launch Checklist: Default Settings and Supported Administrator/Client Platforms Before you plug in and boot a new Access Point, review the following sections for hardware, software, and client configuration requirements and for compatibility issues. Make sure that you have everything you need for a successful launch and test of your new or extended wireless network.
Professional Access Point Administrator Guide Default Settings for the Professional Access Point Option Default Settings Related Information System Name USR5453-AP “Setting the DNS Name” on page 81 in “Ethernet (Wired) Settings” on page 79 User Name admin The user name is read-only. It cannot be modified.
Professional Access Point Administrator Guide Option Default Settings Related Information Radio On “Radio” on page 119 IEEE 802.11 Mode 802.11g “Radio” on page 119 802.
Professional Access Point Administrator Guide Wireless LAN (WLAN) to other LANs or the Internet, you need a gateway device. Administrator’s Computer Configuration and administration of the Professional Access Point is accomplished with the Professional Access Point Detection Utility, which you run from the CD, and through a Web-based user interface. The following table describes the minimum requirements for the administrator’s computer.
Professional Access Point Administrator Guide Required Software or Component Description CD-ROM Drive The administrator’s computer must have a CD-ROM drive to run the Installation CD-ROM. Security Settings Ensure that security is disabled on the wireless client used to initially configure the access point. Wireless Client Computers The Professional Access Point provides wireless access to any client with a properly configured Wi-Fi client adapter for the 802.
Professional Access Point Administrator Guide Understanding Dynamic and Static IP Addressing on the Professional Access Point Professional Access Points are designed to auto-configure, with very little setup required for the first access point and miminal configuration required for additional access points subsequently joining a preconfigured cluster.
Professional Access Point Administrator Guide Interface Ethernet Settings” on page 83.) Caution If you do not have a DHCP server on the Internal network and do not plan to use one, the first thing you must do after bringing up the access point is change the Connection Type from DHCP to Static IP. You can either assign a new Static IP address to the access point or continue using the default address.
Professional Access Point Administrator Guide Pre-Launch Checklist: Default Settings and Supported Administrator/Client Platforms - 12
Professional Access Point Administrator Guide Setting Up and Launching Your Wireless Network Setting up and deploying one or more Professional Access Points is in effect creating and launching a wireless network. The Detection Utility wizard and corresponding Basic Settings Administration Web page simplify this process. Here is a step-by-step guide to setting up your Professional Access Points and the resulting wireless network.
Professional Access Point Administrator Guide As new features and enhancements become available, you can upgrade the firmware to add new functionality and performance improvements to the access points that make up your wireless network. (See “Upgrade” on page 160.) Step 2. Connect the access point to network and power The next step is to set up the network and power connections. 1.
Professional Access Point Administrator Guide Figure 1. Ethernet Connections When Using DHCP for Initial Configuration. Administrator Computer Switch Professional Access Point Figure 2. Ethernet Connections When Using Static IP Address for Initial Configuration. Administrator Computer (This computer must have an IP address on the same subnet as the access point.) Professional Access Point 2.
Professional Access Point Administrator Guide • Connect the LAN port on the access point to a VLAN-capable switch. • Define VLANs on that switch. Once you have the required physical connections set up, the rest of the configuration process is accomplished through the Web User Interface. For information on configuring Guest interface settings in the Web User Interface, see “Guest Login” on page 111. Step 3.
Professional Access Point Administrator Guide 2. Click Next to search for access points. Wait for the search to complete, or until the Detection Utility has found your new access points.
Professional Access Point Administrator Guide Note If no access points are found, the Detection Utility indicates this and presents troubleshooting information about your LAN and power connections. Once you have checked hardware power and Ethernet connections, you can click the Detection Utility Back button to search again for access points. 3. Review the list of access points found. The Detection Utility will detect the IP addresses of Professional Access Points.
Professional Access Point Administrator Guide Note The Detection Utility provides a link to the Web User Interface via the IP address of the first Professional Access Point.The Web User Interface is a management tool that you can access via the IP address for any access point in a cluster. (For more information about clustering see “Understanding Clustering” on page 34.) Step 4.
Professional Access Point Administrator Guide The defaults for user name and password are as follows. Field Default Setting Username admin Password admin Enter the user name and password and click OK. Viewing Basic Settings for Access Points When you first log in, the Basic Settings page for Professional Access Point administration is displayed.
Professional Access Point Administrator Guide Step 5. Configure Basic Settings and start the wireless network Provide a minimal set of configuration information by defining the basic settings for your wireless network. These settings are all available on the Basic Settings page of the Web User Interface, and are categorized into steps 1-4 on the Web page. For a detailed description of these Basic Settings and how to properly configure them, please see “Basic Settings” on page 25.
Professional Access Point Administrator Guide Provide a new administrator password for clustered access points. For more information, see “Provide Administrator Password and Wireless Network Name” on page 28. 3. Set Configuration Policy for New Access Points. Choose to configure new access points automatically (as new members of the cluster) or ignore new access points.
Professional Access Point Administrator Guide Wall Mounting the Access Point The access point has keyhole openings for easy wall mounting. To expose the openings, remove the pads from the rear feet. You can then mount the access point to the wall with two anchored screws, as shown in the following illustration: What’s Next? Next, make sure the access point is connected to the LAN, bring up your wireless clients, and connect the clients to the network.
Professional Access Point Administrator Guide Test LAN Connectivity with Wireless Clients Test the Professional Access Point by trying to detect it and associate with it from a wireless client device. (See “Wireless Client Computers” on page 9 in the Pre-Launch Checklist: Default Settings and Supported Administrator/Client Platforms for information on requirements for these clients.
Professional Access Point Administrator Guide Web User Interface This part of the Professional Access Point Administrator Guide covers usage of the Web User Interface with each section corresponding to a menu section: • “Basic Settings” on page 25 • “Cluster” on page 33 • “Status” on page 67 • “Advanced” on page 79 Basic Settings The basic configuration tasks are described in the following sections: • Navigating to Basic Settings • Review / Describe the Access Point • Provide Administrator Pa
Professional Access Point Administrator Guide Navigating to Basic Settings To configure initial settings, click Basic Settings. If you use the Detection Utility to link to the Web User Interface, the Basic Settings page is displayed by default. Fill in the fields on the Basic Settings page as described below.
Professional Access Point Administrator Guide Review / Describe the Access Point Field Description IP Address The IP address assigned to this access point. This field is not editable because the IP address is already assigned (either via DHCP, or statically through the Ethernet (wired) settings as described in “Configuring Guest Interface Ethernet (Wired) Settings” on page 85). MAC Address The MAC address of the access point.
Professional Access Point Administrator Guide Provide Administrator Password and Wireless Network Name Field Description Administrator Password Enter a new administrator password. The characters you enter will be displayed as "•" characters to prevent others from seeing your password as you type. The Administrator password must be an alphanumeric string of up to 8 characters. Do not use special characters or spaces.
Professional Access Point Administrator Guide Set Configuration Policy for New Access Points Field Description New Access Points Choose the policy that you want to put in effect for adding New Access Points to the network. • If you choose are configured automatically, then when a new access point is added to the network it automatically joins the existing cluster. The cluster configuration is copied to the new access point, and no manual configuration is required to deploy it.
Professional Access Point Administrator Guide Update Basic Settings When you have reviewed the new configuration, click Update to apply the settings and deploy the access points as a wireless network. Summary of Settings When you update the Basic Settings, a summary of the new settings is shown along with information about next steps. At initial startup, no security is in place on the access point. An important next step is to configure security, as described in “Security” on page 91.
Professional Access Point Administrator Guide At this point if you click Basic Settings again, the summary of settings page is replaced by the standard Basic Settings configuration options. Basic Settings for a Standalone Access Point The Basic Settings page for a standalone access point indicates only that the current mode is standalone and provides a button for adding the access point to a cluster (group).
Professional Access Point Administrator Guide Basic Settings - 32
Professional Access Point Administrator Guide Cluster This section covers the Web User Interface Cluster items: • “Access Points” on page 33 • “User Management” on page 43 • “Sessions” on page 49 • “Channel Management” on page 53 • “Wireless Neighborhood” on page 61 Access Points The Professional Access Point shows current basic configuration settings for clustered access points (location, IP address, MAC address, status, and availability) and provides a way of navigating to the full configuratio
Professional Access Point Administrator Guide • Cluster Size and Membership • Intra-Cluster Security • Auto-Synchronization of Cluster Configuration • Understanding Access Point Settings • Modifying the Location Description • Removing an Access Point from the Cluster • Adding an Access Point to a Cluster • Navigating to the Web User Interface for a Specific Access Point Navigating to Access Points Management To view or edit information on access points in a cluster, click the Cluster menu’s
Professional Access Point Administrator Guide participate in a self-organizing cluster which makes it easier for you to deploy, administer, and secure your wireless network. The cluster provides a single point of administration and lets you view the deployment of access points as a single wireless network rather than a series of separate wireless devices. What is a Cluster? A cluster is a group of access points which are coordinated as a single group via Professional Access Point administration.
Professional Access Point Administrator Guide • Radio settings The following radio settings are synchronized across clusters: • Mode • Channel Note When Channel Planning is enabled, the radio Channel is not synchronized across the cluster. See “Stopping/Starting Automatic Channel Assignment” on page 56.
Professional Access Point Administrator Guide point. To access the Web User Interface for an access point that is a member of the current cluster, click the Cluster menu’s Access Points tab in the Web User Interface of the current access point, then click the member access point’s IP Address link. Cluster Mode When an access point is a cluster member, it is considered to be in cluster mode.
Professional Access Point Administrator Guide Cluster Size and Membership The upper limit of a cluster is eight access points. The Cluster Web User Interface pages provide a visual indicator of the number of access points in the current cluster and warn when the cluster has reached capacity.
Professional Access Point Administrator Guide The following table describes the access point settings and information display in detail. Field Description Location Description of the access point’s physical location. MAC Address Media Access Control (MAC) address of the access point. A MAC address is a permanent, unique hardware address for any device that represents an interface to the network. The MAC address is assigned by the manufacturer. You cannot change the MAC address.
Professional Access Point Administrator Guide Adding an Access Point to a Cluster To add an access point that is currently in standalone mode back into a cluster, do the following. 1. Go to the Web User Interface for the standalone access point. (See “Navigating to an Access Point by Using its IP Address in a URL” on page 40.) The Web User Interface pages for the standalone access point are displayed. 2. Click the Basic Settings tab in the Administration pages for the standalone access point.
Professional Access Point Administrator Guide findings with access points listed on the Cluster menu’s Access Points page. The APs that the Detection Utility finds that are not shown on the Access Points page are probably standalone APs. (For more information on using the Detection Utility, see “Step 3. Run the Detection Utility to find access points on the network” on page 16.
Professional Access Point Administrator Guide Access Points - 42
Professional Access Point Administrator Guide User Management The Professional Access Point includes user management capabilities for controlling access to your access points. User management and authentication must always be used in conjunction with the following two security modes, which require use of a RADIUS server for user authentication and management. • IEEE 802.1x mode (see “IEEE 802.
Professional Access Point Administrator Guide Navigating to User Management for Clustered Access Points To set up or modify user accounts, click the Cluster Menu’s User Management tab. Viewing User Accounts User accounts are shown at the top of the screen under User Accounts. User name, real name, and status (enabled or disabled) are shown. Adding a User To create a new user, do the following: 1. Under Add a User, provide information in the following fields.
Professional Access Point Administrator Guide Field Description Real Name For information purposes, provide the user’s full name. Real name is a maximum of 256 characters long. Password Specify a password for this user. The password is an alphanumeric string of up to 256 characters. Do not use special characters or spaces. 2. When you have filled in the fields, click Add Account to add the account. The new user is then displayed under User Accounts.
Professional Access Point Administrator Guide A user with an account that is enabled can log on to the wireless access points in your network. Disabling a User Account To disable a user account, select the check box next to the user name and click Disable. A user with an account that is disabled cannot log on to the wireless access points in your network. However, the user account remains in the database and can be enabled later as needed.
Professional Access Point Administrator Guide 3. Click the Restore button. When the backup restore process is complete, a message indicates that the user database has been successfully restored. (This process is not time-consuming; the restore should complete almost immediately.) Click the Cluster menu’s User Management tab to see the restored user accounts.
Professional Access Point Administrator Guide User Management - 48
Professional Access Point Administrator Guide Sessions The Professional Access Point provides real-time session monitoring information including which users and clients are associated with a particular access point, data rates, transmit/receive statistics, signal strength, and idle time.
Professional Access Point Administrator Guide Understanding Session Monitoring Information The Sessions page shows information about users and client devices associated with access points in the cluster. Each session is identified by user name and client MAC address, along with the access point (location) to which the client is connected. To view a particular statistic for a session, select the item from the Display list and click Go.
Professional Access Point Administrator Guide Field Description Signal Indicates the strength of the radio frequency (RF) signal the client receives from the access point. The measure used for this is an IEEE 802.1x value known as Received Signal Strength Indication (RSSI), and is a value between 0 and 100. RSSI is determined by a an IEEE 802.1x mechanism implemented on the network interface card (NIC) of the client. Utilization Utilization rate for this station.
Professional Access Point Administrator Guide Sessions - 52
Professional Access Point Administrator Guide Channel Management The following Channel Management topics are covered here: • Navigating to Channel Management • Understanding Channel Management • • How it Works: Overview • Overlapping Channels: Background Information • Example: A Network before and after Channel Management Configuring and Viewing Channel Management Settings • Stopping/Starting Automatic Channel Assignment • Viewing Current Channel Assignments and Setting Locks • Viewing Last
Professional Access Point Administrator Guide Navigating to Channel Management To view session monitoring information, click the Cluster menu’s Channel Management tab. Understanding Channel Management When Channel Management is enabled, the Professional Access Point automatically assigns radio channels used by clustered access points to reduce interference with access points both within and outside of its cluster.
Professional Access Point Administrator Guide Interference can occur when multiple access points within range of each other are broadcasting on the same or overlapping channels. The impact of this interference on network performance can intensify during busy times when large amounts of data and media traffic compete for bandwidth. Channel management uses a predetermined set of channels that minimizes interference. For the b/g radio band, the classic set of non-interfering channels is 1, 6, 11.
Professional Access Point Administrator Guide access points. By default, automatic channel assignment is disabled. You can start channel management to optimise channel usage across the cluster on a scheduled interval. From this page, you can view channel assignments for all APs in the cluster, stop and start automatic channel management, and manually update the current channel map (APs to channels).
Professional Access Point Administrator Guide Viewing Current Channel Assignments and Setting Locks The Current Channel Assignments show a list of all access points in the cluster by IP Address. The display shows the band on which each access point is broadcasting, the channel currently used by each access point, and an option to lock an access point on its current radio channel so that it cannot be reassigned to another. Details about Current Channel Assignments are provided below.
Professional Access Point Administrator Guide to implement channel management. You can use Advanced settings to modify the interference reduction potential that triggers channel reassignment, change the schedule for automatic updates, and reconfigure the channel set used for assignments Field Description Advanced Click Advanced to show or hide display settings that modify timing and details of the channel planning algorithm. By default, advanced settings are hidden.
Professional Access Point Administrator Guide Field Description Apply channel modifications even when the network is busy Click to enable or disable this setting. If you enable this setting, channel modifications will be applied even when the network is busy. If you disable this setting, channel modifications will not be applied on a busy network.
Professional Access Point Administrator Guide Channel Management - 60
Professional Access Point Administrator Guide Wireless Neighborhood The Wireless Neighborhood view shows those access points within range of any access point in the cluster. This page provides a detailed view of neighbouring access points including identifying information such as SSIDs and MAC addresses for each, cluster status, and statistical information such as the broadcast channel and signal strength of each AP.
Professional Access Point Administrator Guide Navigating to Wireless Neighborhood To view the Wireless Neighborhood, click the Cluster menu’s Wireless Neighborhood tab. Figure 5. Neighbour APs Both in Cluster and Not in Cluster. Understanding Wireless Neighbourhood Information The Wireless Neighborhood view shows all access points within range of every member of the cluster, shows which access points are within range of which cluster members, and distinguishes between cluster members and non-members.
Professional Access Point Administrator Guide • Detect faults. Unexpected changes in the coverage pattern are evident at a glance in the colour coded table. Viewing Wireless Neighborhood Details about Wireless Neighborhood information shown is described below.
Professional Access Point Administrator Guide Field Description Neighbors Access points that are neighbours of one or more of the clustered APs are listed in the left column by SSID (Network Name). An access point which is detected as a neighbour of a cluster member can also be a cluster member itself. Neighbours who are also cluster members are always shown at the top of the list with a heavy bar above the name and include a location indicator.
Professional Access Point Administrator Guide Viewing Details for a Cluster Member To view details on a cluster member AP, click the IP address of a cluster member at the top of the table. Figure 6. Details for a Cluster Member AP.
Professional Access Point Administrator Guide The following table explains the details shown about the selected AP. Field Description SSID Shows the Service Set Identifier (SSID) for the access point. The SSID is an alphanumeric string of up to 32 characters that uniquely identifies a wireless local area network. It is also referred to as the Network Name. The SSID is set in Basic Settings. (See “Basic Settings” on page 25) or on Advanced menu’s Wireless Settings page (see “Wireless Settings” on page 87.
Professional Access Point Administrator Guide Status You can view information about an individual access point from the Status menu. Because the Status pages display settings for a specific access point—not for a cluster configuration that is automatically shared by multiple access points—it is important to ensure that you are accessing the Web User Interface for the access point that you want to monitor (see “Navigating to the Web User Interface for a Specific Access Point” on page 40.
Professional Access Point Administrator Guide This page displays the current Ethernet (Wired) Settings and Wireless Settings. Ethernet (Wired) Settings The Internal interface includes the Ethernet MAC Address, VLAN ID, IP Address, and Subnet Mask. The Guest interface includes the MAC Address, VLAN ID, and Subnet. If you want to change any of these settings, click the Configure link. Wireless Settings The Radio Interface settings include radio Mode and Channel.
Professional Access Point Administrator Guide Events To view system events and kernel log for a particular access point, navigate to the Status menu’s Events tab on the Web User Interface for the access point that you want to monitor . This page lists the most recent events generated by this access point (see “Events Log” on page 72). This page also gives you the option of enabling a remote log relay host to capture all system events and errors in a Kernel Log.
Professional Access Point Administrator Guide • Enabling and Disabling the Log Relay Host on the Status Menu’s Events Page Understanding Remote Logging The kernel log is a comprehensive list of system events (shown in the System Log) and kernel messages, such as an error message for dropping frames. You cannot view kernel log messages directly from the Web User Interface for an access point.
Professional Access Point Administrator Guide 4. Restart the syslog server by typing the following at the command line prompt: /etc/init.d/sysklogd restart Note The syslog process will default to use port 514. USRobotics recommends using this default port. However, if you choose to reconfigure the log port, make sure that the port number that you assign to syslog is not being used by another process.
Professional Access Point Administrator Guide Events Log The Events Log shows system events on the access point such as stations associating or being authenticated. The real-time Events Log is always shown on the Status menu’s Events page for the access point you are monitoring. Transmit/Receive Statistics To view transmit/receive statistics for a particular access point, navigate to the Status menu’s Transmit/ Receive Statistics on the Web User Interface for the access point that you want to monitor.
Professional Access Point Administrator Guide This page provides basic information about the current access point and a real-time display of the transmit and receive statistics for this access point as described in the table below. All transmit and receive statistics shown are totals accumulated since the access point was last started. If the access point is rebooted, these figures indicate transmit/receive totals since the reboot. Field Description IP Address IP Address for the access point.
Professional Access Point Administrator Guide The associated stations are displayed along with information about packet traffic transmitted and received for each station. Link Integrity Monitoring The Professional Access Point provides link integrity monitoring to continually verify the access point’s connection to each associated client, even when no data exchange is occurring. To perform this verification, the access point sends data packets to clients every few seconds when no other traffic is passing.
Professional Access Point Administrator Guide Neighboring Access Points The status page for neighbouring access points provides real-time statistics for all access points within range of the access point on which you are viewing the Web User Interface. To view information about other access points on the wireless network, 1. Navigate to the Status menu’s Neighboring Access Points tab. . 2. Select AP Detection Enabled. 3. Click Update.
Professional Access Point Administrator Guide Information provided for neighbouring access points is described in the following table: Field Description MAC Address Shows the MAC address of the neighbouring access point. A MAC address is a hardware address that uniquely identifies each node of a network. Beacon Int. Shows the Beacon interval being used by this access point. Beacon frames are transmitted by an access point at regular intervals to announce the existence of the wireless network.
Professional Access Point Administrator Guide Field Description Channel Shows the channel on which the access point is currently broadcasting. The Channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving. The channel is set on the Advanced menu’s Radio Settings page. (See “Radio” on page 119.) Rate Shows the rate (in megabits per second) at which this access point is currently transmitting.
Professional Access Point Administrator Guide Neighboring Access Points - 78
Professional Access Point Administrator Guide Advanced Advanced Settings include the following: • “Ethernet (Wired) Settings” on page 79 • “Wireless Settings” on page 87 • “Security” on page 91 • “Guest Login” on page 111 • “Virtual Wireless Networks” on page 115 • “Radio” on page 119 • “MAC Filtering” on page 125 • “Load Balancing” on page 129 • “Quality of Service” on page 133 • “Wireless Distribution System” on page 143 • “Time Protocol” on page 151 • “SNMP” on page 155 • “Reboo
Professional Access Point Administrator Guide • Navigating to Ethernet (Wired) Settings • Setting the DNS Name • Managing Guest Access • Configuring an Internal LAN and a Guest Network • Enabling and Disabling Guest Access • Specifying a Virtual Guest Network • Enabling and Disabling Virtual Wireless Networks on the Access Point • Configuring Internal Interface Ethernet Settings • Configuring Guest Interface Ethernet (Wired) Settings • Updating Settings Navigating to Ethernet (Wired) Sett
Professional Access Point Administrator Guide Setting the DNS Name Field Description DNS Name Enter the DNS name for the access point in the text box. This is the host name. It may be provided by your ISP or network administrator, or you can provide your own. The rules for system names are: • This name can be up to 20 characters long. • Only letters, numbers, and dashes are allowed. • The name must start with a letter and end with either a letter or a number.
Professional Access Point Administrator Guide provide guest access on your access point, enable Guest Access on the Ethernet (Wired) Settings tab. Field Description Guest Access By default, the Professional Access Point ships with Guest Access disabled. • To enable Guest Access, click Enabled. • To disable Guest Access, click Disabled.
Professional Access Point Administrator Guide page 115. Field Description Virtual Wireless Networks (Using VLANs on Ethernet Port) • Select Enabled to enable VLANs for the Internal network and for additional networks. If you choose this option, you can run the Internal network on a VLAN whether or not you have Guest Access configured and you can set up additional networks on VLANs using the Advanced menu’s Virtual Wireless Networks page as described in “Virtual Wireless Networks” on page 115.
Professional Access Point Administrator Guide Field Description Connection Type You can select DHCP or Static IP. The Dynamic Host Configuration Protocol (DHCP) is a protocol that specifies how a centralized server can provide network configuration information to devices on the network. A DHCP server offers a lease to the client. The information supplied includes the IP addresses and netmask plus the address of its DNS servers and gateway.
Professional Access Point Administrator Guide Configuring Guest Interface Ethernet (Wired) Settings To configure Ethernet (Wired) Settings for the Guest interface, fill in the fields as described below. Field Description MAC Address Shows the MAC address for the Guest interface for the LAN port on this access point. This is a read-only field. VLAN ID If you choose to configure Internal and Guest networks by VLANs, this field will be enabled. Provide a number between 1 and 4094 for the Guest VLAN.
Professional Access Point Administrator Guide Ethernet (Wired) Settings - 86
Professional Access Point Administrator Guide Wireless Settings Wireless settings describe aspects of the local area network (LAN) related specifically to the radio device in the access point (802.11 Mode and Channel) and to the network interface to the access point (MAC address for access point and wireless network name, also known as SSID).
Professional Access Point Administrator Guide Configuring 802.11d Regulatory Domain Support You can enable or disable IEEE 802.11d Regulatory Domain Support to broadcast the access point country code information as described below. Field Description 802.11d Regulatory Domain Support Enabling support for IEEE 802.11d on the access point causes the access point to broadcast which country it is operating in as a part of its beacons: • To enable 802.11d regulatory domain support click Enabled.
Professional Access Point Administrator Guide Configuring the Radio Interface The radio interface allows you to set the radio Channel and 802.11 mode as described below. Field Description Mode The Mode defines the Physical Layer (PHY) standard being used by the radio. Select one of these modes: • IEEE 802.11b • IEEE 802.11g Channel Select the Channel. The range of channels is 1 through 11. The Channel defines the portion of the radio spectrum the radio uses for transmitting and receiving.
Professional Access Point Administrator Guide Configuring Guest Network Wireless Settings The Guest Settings describe the MAC Address (read-only) and wireless network name (SSID) for the Guest Network as described below. Configuring an access point with two different network names (SSIDs) allows you to implement the Guest interface feature on the Professional Access Point. For more information, see “Guest Login” on page 111.
Professional Access Point Administrator Guide Security The following sections describe how to configure security settings on the Professional Access Point: • Understanding Security Issues on Wireless Networks • How Do I Know Which Security Mode to Use? • Comparison of Security Modes for Key Management, Authentication and Encryption Algorithms • Does Prohibiting the Broadcast of SSID Enhance Security? • How Does Station Isolation Protect the Network? • Navigating to Security Settings • Configuri
Professional Access Point Administrator Guide Wi-Fi Protected Access (WPA) with Remote Authentication Dial-In User Service (RADIUS) using the CCMP (AES) encryption algorithm provides the best data protection available and is clearly the best choice if all client devices are equipped with WPA supplicants.
Professional Access Point Administrator Guide always virtually separated from any sensitive information on the Internal LAN. Therefore, use None on the Guest network, and on the Internal network for initial setup, testing, or problem solving only. SEE ALSO For information on how to configure this mode, see “None” on page 98 under “Configuring Security Settings”. When to Use Static WEP Static Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks.
Professional Access Point Administrator Guide Key Management Encryption Algorithm User Authentication IEEE 802.1x provides dynamicallygenerated keys that are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame. IEEE 802.1x mode supports a variety of authentication methods, like certificates, Kerberos, and public key authentication with a RADIUS server. There are different Unicast keys for each station.
Professional Access Point Administrator Guide RECOMMENDATIONS WPA/WPA2 Personal (PSK) is not recommended for use with the Professional Access Point when WPA/ WPA2 Enterprise (RADIUS) is an option. USRobotics recommends that you use WPA/WPA2 Enterprise (RADIUS) mode instead, unless you have interoperability issues that prevent you from using this mode. For example, some devices on your network may not support WPA or WPA2 with EAP talking to a RADIUS server.
Professional Access Point Administrator Guide 1. The best security you can have to-date on a wireless network is WPA/WPA2 Enterprise (RADIUS) mode using CCMP (AES) encryption algorithm. AES is a symmetric 128-bit block data encryption technique that works on multiple layers of the network. It is the most effective encryption system currently available for wireless networks. If all clients or other APs on the network are WPA/CCMP compatible, use this encryption algorithm.
Professional Access Point Administrator Guide Navigating to Security Settings To set the security mode, click the Advanced menu’s Security tab, and update the fields as described below. Configuring Security Settings The following configuration information explains how to configure security modes on the access point.
Professional Access Point Administrator Guide Isolation as extra precautions as mentioned below. Field Description Broadcast SSID Select the Broadcast SSID setting by clicking Allow or Prohibit. By default, the access point broadcasts the Service Set Identifier (SSID) in its beacon frames. You can prohibit this broadcast to discourage stations from automatically discovering your access point.
Professional Access Point Administrator Guide insecure LAN always virtually separated from any sensitive information on the Internal LAN. For example, the guest network might simply provide internet and printer access for day visitors. The absence of security on the Guest network is designed to make it as easy as possible for guests to get a connection without having to program any security settings in their clients.
Professional Access Point Administrator Guide . Field Description Transfer Key Index Select a key index. Key indexes 1 through 4 are available. The default is 1. The transfer key index indicates which WEP key the access point will use to encrypt the data it transmits. Key Length Specify one of the following lengths for the key: • 64 bits • 128 bits Key Type Select one of the following key types: • ASCII • Hex Characters Required Indicates the number of characters required in the WEP key.
Professional Access Point Administrator Guide Field Description Authentication Algorithm The authentication algorithm defines the method used to determine whether a client is allowed to associate with an access point when static WEP is the security mode. Specify the authentication algorithm you want to use by choosing one of the following: • Open System • Shared Key • Both Open System authentication allows any client to associate with the access point whether that client has the correct WEP key or not.
Professional Access Point Administrator Guide Example of Using Static WEP For a simple example, suppose that you configure three WEP keys on the access point. In this example, the Transfer Key Index for the access point is set to 3. This means that the WEP key in slot 3 is the key that the access point will use to encrypt the data it sends. Figure 7. Setting the Access Point Transfer Key on the Access Point.
Professional Access Point Administrator Guide Figure 8. Providing a Wireless Client with a WEP Key If you have a second client, that client also needs to have one of the WEP keys defined on the access point. You could give it the same WEP key that you gave to the first station. Or, for a more secure solution, you could give the second station a different WEP key (key 2, for example) so that the two stations cannot decrypt each other’s transmissions.
Professional Access Point Administrator Guide Figure 9. Example of Using Multiple WEP Keys and Transfer Key Index on Client Devices can decrypt WEP key 3 transmits in WEP key 1 key 1 WEP ke WEP Client Station 1 y3 WEP key 3 can decrypt WEP key 3 transmits in WEP key 2 WEP key 2 Access Point transmits to both stations with WEP key 3 Client Station 2 IEEE 802.1x IEEE 802.1x is the standard that defines port-based authentication and provides a framework for implementing key management.
Professional Access Point Administrator Guide Field Description Authentication Server Select one of the following: • Built-in—To use the authentication server provided with the Professional Access Point. If you choose this option, you do not have to provide the Radius IP and Radius Key; they are automatically provided. • External—To use an external authentication server. If you choose this option you must supply the Radius IP and Radius Key of the server you want to use.
Professional Access Point Administrator Guide Field Description WPA Versions Select the types of clients you want to support: • WPA—If all clients on the network support the original WPA, but none support the newer WPA2, then select WPA • WPA2—If all clients on the network support WPA2, USRobotics suggests using WPA2, which provides the best security per the IEEE 802.11i standard. • Both—If you have a mix of clients, some of which support WPA2 and others which support only the original WPA, select Both.
Professional Access Point Administrator Guide Field Description Key The Pre-shared Key is the shared secret key for WPA-PSK. Enter a string of at least 8 characters to a maximum of 63 characters. WPA/WPA2 Enterprise (RADIUS) Wi-Fi Protected Access 2 (WPA2) with Remote Authentication Dial-In User Service (RADIUS) is an implementation of the Wi-Fi Alliance IEEE 802.
Professional Access Point Administrator Guide Field Description Enable pre-authentication If for WPA Versions you select WPA2 or Both, you can enable pre-authentication for WPA2 clients. Click Enable pre-authentication if you want WPA2 wireless clients to send pre-authentication packet. The pre-authentication information will be relayed from the access point the client is currently using to the target access point.
Professional Access Point Administrator Guide Field Description Radius IP Enter the Radius IP. The Radius IP is the IP address of the RADIUS server. (The Professional Access Point internal authentication server is 127.0.0.1.) For information on setting up user accounts, see “User Management” on page 43. Radius Key Enter the Radius Key. The Radius Key is the shared secret key for the RADIUS server.
Professional Access Point Administrator Guide Security - 110
Professional Access Point Administrator Guide Guest Login The Professional Access Point’s Guest Interface features allow you to configure the access point for controlled guest access to an isolated network. You can configure the same access point to broadcast and function as two different wireless networks: a secure Internal LAN and a public Guest network. Guest clients can access the guest network without a user name or password.
Professional Access Point Administrator Guide the Welcome Screen (Captive Portal)” on page 113. Note Guest Interface settings are not shared among access points across the cluster. These settings must be configured individually on the Web User Interface pages for each access point. To get to the Web User Interface for an access point that is a member of the current cluster, click on its IP Address link on the Cluster menu’s Access Points page of the current access point.
Professional Access Point Administrator Guide Configuring the Welcome Screen (Captive Portal) You can set up or modify the Welcome screen that guest clients see when they open a Web browser or try to browse the Web. To set up the captive portal, do the following. 1. Click the Advanced menu’s Guest Login tab. 2. Choose Enabled to activate the Welcome screen. 3. In the Welcome Screen Text field, type the text message that you would like guest clients to see on the captive portal. 4.
Professional Access Point Administrator Guide 4. The guest starts a Web browser and receives a Guest Welcome screen. 5. The Guest Welcome Screen provides a button for the guest to click to continue. 6. The guest client is now enabled to use the guest network. Deployment Example In the figure below, the dotted red lines indicate dedicated guest connections. All access points and all connections, including guests, are administered from the same Professional Access Point Web User Interface.
Professional Access Point Administrator Guide Virtual Wireless Networks The following sections describe how to configure multiple wireless networks on Virtual LANs (VLANs): • Navigating to Virtual Wireless Network Settings • Configuring VLANs • Updating Settings Navigating to Virtual Wireless Network Settings To set up multiple networks on VLANs, click the Advanced menu’s Virtual Wireless Networks tab, and update the fields as described below.
Professional Access Point Administrator Guide Configuring VLANs Notes / Cautions • To configure additional networks on VLANs, you must first enable Virtual Wireless Networks on the Ethernet (Wired) interface. See “Enabling and Disabling Virtual Wireless Networks on the Access Point” on page 82. • If you configure VLANs, you may lose connectivity to the access point. First, be sure to verify that the switch and DHCP server you are using can support VLANs per the IEEE 802.1Q standard.
Professional Access Point Administrator Guide Field Description Broadcast SSID Select the Broadcast SSID setting by clicking the "Allow" or "Prohibit" radio button. By default, the access point broadcasts (allows) the Service Set Identifier (SSID) in its beacon frames. You can suppress (prohibit) this broadcast to discourage stations from automatically discovering your access point.
Professional Access Point Administrator Guide Virtual Wireless Networks - 118
Professional Access Point Administrator Guide Radio The following sections describe how to configure Radio Settings on the Professional Access Point: • Understanding Radio Settings • Navigating to Radio Settings • Configuring Radio Settings • Updating Settings Understanding Radio Settings Radio settings directly control the behaviour of the radio device in the access point and its interaction with the physical medium, that is, how and what type of electromagnetic waves the access point emits.
Professional Access Point Administrator Guide Navigating to Radio Settings To specify radio settings, click the Advanced menu’s Radio tab, and update the fields as described below. Configuring Radio Settings Field Description Status (On/Off) Specify whether you want the radio on or off by clicking On or Off.
Professional Access Point Administrator Guide Field Description Mode The Mode defines the Physical Layer (PHY) standard being used by the radio. Select one of these modes: • IEEE 802.11b • IEEE 802.11g (the default). This mode allows both 802.11b and 802.11g clients to connect to the access point. To enable 802.11g clients only and deny acces to 802.11b clients, select a Basic rate that is not supported by 802.11b, such as 6Mbps. Basic rate options appear at the bottom of the Radio tab.
Professional Access Point Administrator Guide Field Description Fragmentation Threshold Specify a number within the range 256–2,346 to set the frame size threshold in bytes. The fragmentation threshold is a way of limiting the size of packets (frames) transmitted over the network. If a packet exceeds the fragmentation threshold set here, the fragmentation function will be activated and the packet will be sent as multiple 802.11 frames.
Professional Access Point Administrator Guide Field Description Transmit Power Provide a percentage value to set the transmit power for this access point. The default is to have the access point transmit using 100 percent of its power. Recommendations: • For most cases, USRobotics recommends using the default and having the transmit power set to 100 percent. This is more cost-efficient because it gives the access point a maximum broadcast range and reduces the number of APs needed.
Professional Access Point Administrator Guide Radio - 124
Professional Access Point Administrator Guide MAC Filtering A Media Access Control (MAC) address is a hardware address that uniquely identifies each node of a network. All IEEE 802 network devices share a common 48-bit MAC address format, usually displayed as a string of 12 hexadecimal digits separated by colons, for example FE:DC:BA:09:87:65. Each wireless network interface card (NIC) used by a wireless client has a unique MAC address.
Professional Access Point Administrator Guide Using MAC Filtering This page allows you to control access to Professional Access Point based on Media Access Control (MAC) addresses. You can choose to allow access by listed MAC addresses or prevent access by listed MAC addresses. For the Guest interface, MAC Filtering settings apply to both BSSes.
Professional Access Point Administrator Guide Field Description Stations List To add a MAC Address to the Stations List, type the 48-bit MAC address into the lower text boxes, then click Add. The MAC Address is added to the Stations List. To remove a MAC Address from the Stations List, select its 48-bit MAC address, then click Remove. The stations in the list will be either allowed to access or prevented from accessing the access point depending on the value that you chose for Filter.
Professional Access Point Administrator Guide MAC Filtering - 128
Professional Access Point Administrator Guide Load Balancing The Professional Access Point allows you to balance the distribution of wireless client connections across multiple access points. Using load balancing, you can prevent the performance degradation that results when a single access point handles a disproportionate share of the wireless traffic.
Professional Access Point Administrator Guide Load Balancing and QoS Load balancing contributes to Quality of Service (QoS) for Voice Over IP (VoIP) and other such timesensitive applications competing for bandwidth and timely access to the air waves on a wireless network. For more information about configuring your network for QoS, see “Quality of Service” on page 133.
Professional Access Point Administrator Guide specified utilization rate of the access point. Note • To view the current Utilization Rates for access points, click the Cluster menu’s Sessions tab. (See “Sessions” on page 49.) • When clients are disassociated from an access point, the network will provide continuous service if another access point is within range of the client.
Professional Access Point Administrator Guide Updating Settings To apply your changes, click Update Settings.
Professional Access Point Administrator Guide Quality of Service Quality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice-over-IP (VoIP); other types of audio, video, and streaming media; and traditional IP data. The following sections describe how to configure Quality of Service queues on the Professional Access Point: • Understanding QoS • QoS and Load Balancing • 802.
Professional Access Point Administrator Guide IEEE 802.11e task group is in the process of defining a QoS standard for transmission quality and availability of service on wireless networks. QoS is designed to provide better network service by minimizing network congestion; limiting Jitter, Latency, and Packet Loss; supporting dedicated bandwidth for time-sensitive or mission critical applications; and prioritising wireless traffic for channel access. As with all IEEE 802.
Professional Access Point Administrator Guide is automatically sent to this queue. • Data 1 (Video). High priority queue, minimum delay. Time-sensitive data such as Video and other streaming media are automatically sent to this queue. • Data 2 (Best Effort). Medium priority queue, medium throughput and delay. Most traditional IP data is sent to this queue. • Data 3 (Background). Lowest priority queue, high throughput.
Professional Access Point Administrator Guide 802.11e uses interframe spaces to regulate which frames get access to available channels and to coordinate wait times for transmission of different types of data. Management and control frames wait a minimum amount of time for transmission: they wait a short interframe space (SIF). These wait times are built into 802.11 as infrastructure support and are not configurable.
Professional Access Point Administrator Guide Packet Bursting for Better Performance The Professional Access Point includes 802.11e based packet bursting technology that increases data throughput and speed of transmission over the wireless network. Packet bursting enables the transmission of multiple packets without the extra overhead of header information. The effect of this is to increase network speed and data throughput.
Professional Access Point Administrator Guide transmission behaviour on the access point only, not to that of the client stations. Notes • For the Guest interface, QoS queue settings apply to the access point load as a whole (both BSSes together). • Internal and Guest network traffic is always queued together.
Professional Access Point Administrator Guide Field Description cwMin (Minimum Contention Window) This parameter is input to the algorithm that determines the initial random backoff wait time for retry of a transmission. Select a value from the list. The value selected for cwMin is the upper limit, in milliseconds, of a range from which the initial random backoff wait time is determined. The first random number generated will be a number between 0 and the number specified in cwMin.
Professional Access Point Administrator Guide point to the client station (access point EDCA parameters). • To disable WMM extensions, click Disabled. • To enable WMM extensions, click Enabled. Configuring Station EDCA Parameters Station Enhanced Distributed Channel Access (EDCA) Parameters affect traffic flowing from the client station to the access point.
Professional Access Point Administrator Guide Field Description cwMin (Minimum Contention Window) This parameter is input to the algorithm that determines the initial random backoff wait time (window) for retry of a transmission. The value specified here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from which the initial random backoff wait time is determined. The first random number generated will be a number between 0 and the number specified here.
Professional Access Point Administrator Guide Quality of Service - 142
Professional Access Point Administrator Guide Wireless Distribution System The Professional Access Point lets you connect multiple access points using a Wireless Distribution System (WDS). WDS allows access points to communicate with one another wirelessly in a standardized way. This capability is critical to providing a seamless experience for roaming clients and for managing multiple wireless networks. It can also simplify the network infrastructure by reducing the amount of cabling required.
Professional Access Point Administrator Guide and West Wing access points with a WDS link to create a single network for clients in both areas.
Professional Access Point Administrator Guide a primary path via Ethernet and a secondary (backup) wireless path via a WDS link. If the Ethernet connection goes down, STP would reconfigure its map of the network and effectively fix the down network segment by activating the backup wireless path. The Professional Access Point does not provide STP. Without STP, it is possible that both connections, or paths, may be active at the same time, resulting in an endless loop of traffic on the LAN.
Professional Access Point Administrator Guide Configuring WDS Settings The following notes summarize critical guidelines regarding WDS configuration.
Professional Access Point Administrator Guide before proceeding with WDS configuration. Notes • The only security mode available on the WDS link is Static WEP, which is not particularly secure. Therefore, USRobotics recommends using WDS to bridge the Guest network only. Do not use WDS to bridge access points on the Internal network unless you are not concerned about the security risk for data traffic on that network.
Professional Access Point Administrator Guide Field Description WEP Specify whether you want Wired Equivalent Privacy (WEP) encryption enabled for the WDS link. • Enabled • Disabled Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. Both access points on the WDS link must be configured with the same security settings.
Professional Access Point Administrator Guide The MAC address for MyAP1 (the access point you are currently viewing) will appear as the Local Address at the top of the page. 3. Configure a WDS interface for data exchange with MyAP2. Start by entering the MAC address for MyAP2 as the Remote Address, and fill in the rest of the fields to specify the network (guest or internal), security, and so on. Save the settings by clicking Update. 4.
Professional Access Point Administrator Guide Wireless Distribution System - 150
Professional Access Point Administrator Guide Time Protocol The Network Time Protocol (NTP) is an Internet standard protocol that synchronizes computer clock times on your network. NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems. NTP sends periodic time requests to servers, using the returned time stamp to adjust its clock. The timestamp is used to indicate the date and time of each event in log messages. See http://www.ntp.
Professional Access Point Administrator Guide Enabling and Disabling a Network Time Protocol (NTP) Server To configure your access point to use a network time protocol (NTP) server, first enable the use of NTP, and then select the NTP server you want to use. (To shut down NTP service on the network, disable NTP on the access point.
Professional Access Point Administrator Guide ) Field Description Network Time Protocol (NTP) NTP provides a way for the access point to obtain and maintain its time from a server on the network. Using an NTP server gives your access point the ability to provide the correct time of day in log messages and session information. (See http://www.ntp.org for more general information on NTP.
Professional Access Point Administrator Guide Time Protocol - 154
