IEEE 802.11 b/g Integrated High Powered Access Point User Guide Version: 1.
Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiated radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
R&TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal equipment and the mutual recognition of their conformity (R&TTE). The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) as of April 8, 2000.
Table of Contents 1. Introduction ......................................................................................................................... 1 1.1. Overview................................................................................................................... 1 1.2. Features.................................................................................................................... 1 1.3. LED Definitions ......................................................................
3.5.1.5. IEEE 802.11b/g Load Balancing ........................................................ 28 3.5.1.6. Wireless Distribution System.............................................................. 28 3.5.2. Security......................................................................................................... 31 3.5.2.1. Basic................................................................................................... 33 3.5.2.2. MAC-Address-Based Access Control ...........................
1. Introduction 1.1. Overview The IEEE 802.11b/g wireless access point (AP) enables 802.11g or IEEE 802.11b client computers to access the resources on the Ethernet network. With the sleek Web-based user interface, a network administrator can efficiently manage the IEEE 802.11b/g. In Chapter 2, we describe the steps to install and configure the IEEE 802.11b/g. The detailed steps show how to setup the AP.
curity. Repeater. When the IEEE 802.11b/g is in AP/Bridge mode, it can communicate with other APs or wireless bridges via WDS (Wireless Distribution System). Therefore, a IEEE 802.11b/g can wirelessly forward packets from wireless clients to another IEEE 802.11b/g. Then the second IEEE 802.11b/g forwards the packets to the Ethernet network. Wireless client isolation. When the IEEE 802.
z Xmodem-based. Upgrading firmware over RS232. TFTP-based. Upgrading firmware by TFTP (Trivial File Transfer Protocol). HTTP-based. Upgrading firmware by HTTP (HyperText Transfer Protocol). Configuration backup. The configuration settings of the IEEE 802.11b/g can be backed up to a file via TFTP or HTTP for later restoring. Configuration reset. Resetting the configuration settings to factory-default values.
1.3. LED Definitions There are several LED indicators on the housing of the AP. They are defined as follows: z z z z z DDC: Alive. Blinks when the IEEE 802.11b/g is working normally. RF: IEEE 802.11b/g interface activity LAN0: Ethernet LAN0 port interface activity LAN1: Ethernet LAN1 interface activity PWR: Power 2. First-Time Installation and Configuration 2.1. Selecting a Power Supply Method The IEEE 802.11b/g can be powered by the supplied power adapter or optionally via PoE (Power over Ethernet).
Fig. 1: Mounting the IEEE 802.11b/g on a wall 2.3. Preparing for Configuration For you to configure a IEEE 802.11b/g, a managing computer with a Web browser is needed. For first-time configuration of an AP, an Ethernet network interface card (NIC) should have been installed in the managing computer. For maintenance-configuration of a deployed AP, either a wireless computer or a wired computer can be employed as the managing computer. NOTE: If you are using the browser, Opera, to configure a IEEE 802.
Ethernet cable Ethernet cable Ethernet cable Managing Computer Ethernet Hub/Switch Managed AP Fig. 2: Connecting a managing computer and the IEEE 802.11b/g via Ethernet You can use either a cross-over Ethernet cable (included in the package) or a switch/hub with two normal Ethernet cables. NOTE: One connector of the Ethernet cable must be plugged into the LAN0 IEEE 802.11b/g port for configuration. 2.4.
Fig. 3: Entering the user name and password NOTE: It is strongly recommended that the password be changed for security reasons. On the start page, click the General, Password link to change the value of the password (see Section 3.3.1 for more information). TIP: Since the start page shows the current settings and status of the AP, it can be saved or printed within the Web browser for future reference. Fig.
2.4.2. Step 1: Selecting an Operational Mode Fig. 5: Operational mode settings Go to the General, Operational Mode section, select an operational mode and click Save at the bottom of this page, and then you are brought back to the start page. The IEEE 802.11b/g supports two operational modes: AP/Bridge. This mode provides both Access Point and Static LAN-to-LAN Bridging functionality. The static LAN-to-LAN bridging function is supported through Wireless Distribution System (WDS). AP Client.
NOTE: Although it’s more convenient to use dynamic bridging, it has a limitation—the AP Client only can forward TCP/IP packets between its wireless interface and Ethernet interface; other type of traffic (such as IPX and AppleTalk) is not forwarded. TIP: When the IEEE 802.11b/g is configured to be in AP Client, it can be used as an Ethernet-to-wireless network adapter.
2.4.5. Step 4: Reviewing and Applying Settings Fig. 8: Settings changes are highlighted in red On the start page, you can review all the settings you have made. Changes are highlighted in red. If they are OK, click Restart to restart the IEEE 802.11b/g for the new settings to take effect. NOTE: About 7 seconds are needed for the IEEE 802.11b/g to complete its restart process. 2.5. Deploying the IEEE 802.11b/g After the settings have been configured, deploy the IEEE 802.
5. Fine-tune the alignment of the antenna until you get a best response time. 6. Increase the data rate of each bridge simultaneously until a maximal workable data rate is reached. You may not be able to use the highest data rate, 11Mbps, because of the distance and the gain of the antennas. Fig. 9 illustrates the idea. Adjust antenna alignment WDS Link Bridge 2 Bridge 1 PING (ICMP Echo Request) ICMP Echo Reply Computer 1 Computer 2 Fig.
NOTE: For better wireless security, IEEE 802.1x capability of the IEEE 802.11b/g must be enabled so that only authenticated wireless users can access the wireless network. Refer to the IEEE 802.1x-related white papers on the companion CD-ROM for more information about deploying secure WLANs with IEEE 802.1x support. 2.6.2.
4. Type “ping 1st_dns_server”, where 1st_dns_server is a placeholder for the IP address of the primary DNS server of the wireless client computer. Then press Enter. If this DNS server responds, go to the next step; else, see Appendix B-2, “TCP/IP Settings Problems” for troubleshooting. 5. Type “ping 2nd_dns_server”, where 2nd_dns_server is a placeholder for the IP address of the secondary DNS server of the wireless client computer. Then press Enter.
3. Using Web-Based Network Manager This chapter details the features of the Web management page of the Web-based Network Manager. 3.1. Overview Fig. 10: The Start page 3.1.1. Menu Structure The left side of the start page contains a menu for you to carry out commands.
z Home. For going back to the start page. z Status. Status information. z z z z Wireless Clients. The status of the wireless clients currently associated with the AP. DHCP Mappings. Current IP-MAC address mappings of the built-in DHCP server. System Log. System events log. Link Monitor. When the IEEE 802.11b/g is in AP Client mode, this page shows the signal strength and link quality of the wireless link to its associated access point. General. Global operations. Operational Mode.
the IEEE 802.11b/g and brings you back to the start page. Clicking Save & Restart stores the settings changes to the memory of the IEEE 802.11b/g and restarts the IEEE 802.11b/g immediately for the settings changes to take effect. Clicking Cancel discards any settings changes and brings you back to the start page. If you click Save, the start page will reflect the fact that the configuration settings have been changed by showing two buttons—Restart and Cancel. In addition, changes are highlighted in red.
3.2. Viewing Status 3.2.1. Associated Wireless Clients Fig. 14: Status of associated wireless clients On this page, the status information of each associated client, including its MAC address, IP address, user name (if the client has been IEEE 802.1x authenticated), number of bytes it has send, number of bytes it has received, and the time of its last activity, is shown. 3.2.2. Current DHCP Mappings Fig. 15: Current DHCP mappings On this page, all the current static or dynamic DHCP mappings are shown.
System events are recorded in the memory of the IEEE 802.11b/g. The logged information is useful for troubleshooting purposes. The system events are divided into several categories, and you can select which categories of events to log. See Section 3.6.2.2 for more information. 3.2.4. Link Monitor Fig. 17: Link monitor When the IEEE 802.11b/g is in AP Client mode, you can use the Link Monitor status page to monitor the link quality and signal strength sensed by its RF module.
WDS. This type of wireless link is established between two IEEE 802.11 IEEE 802.11b/g’s. Wireless packets transmitted along the WDS link comply with the IEEE 802.11 WDS (Wireless Distribution System) format at the link layer. The relationships among the operational modes and the wireless link types are shown in the following table: AP/Bridge AP Client AP/Bridge WDS STA-AP AP Client STA-AP Table 2: Operational modes vs.
backup, configuration restore, and configuration reset. Firmware upgrade, configuration backup, and configuration restore can be achieved via HTTP or TFTP. The HTTP method is suggested since it is more user friendly. However, due to different behavior of various Web browsers, HTTP-based firmware management operations may not work properly with some Web browsers. If you cannot successfully perform HTTP-based firmware management operations with your Web browser, try the TFTP-method. 3.3.3.1.
name is the AP’s MAC address. The firmware file path will be shown in the Firmware file name text box. 2. Click Restore to upload the configuration file to the IEEE 802.11b/g. 3.3.3.3. Upgrading Firmware by TFTP Fig. 24: TFTP server settings When use TFTP as the firmware management protocol, you can configure settings for the IEEE 802.11b/g’s TFTP client to communicate with a TFTP server.
Fig. 26: TFTP Server NOTE: After the dialog box of the TFTP server program appears, be sure to specify the working folder within which the downloaded firmware files reside. NOTE: Make sure the Accept read requests check box of TFTP Server is selected. NOTE: The LAN IP address of the IEEE 802.11b/g and the IP address of the TFTP server must be in the same IP subnet for TFTP to work.
To back up configuration of the IEEE 802.11b/g by TFTP: 1. Get a computer that will be used as a TFTP server and as a managing computer to trigger the backup process. 2. Connect the computer and one of the LAN Ethernet switch port with a normal Ethernet cable. 3. Configure the IP address of the computer so that the computer and the IEEE 802.11b/g are in the same IP subnet. 4. On the computer, run the TFTP Server utility.
TIP: If you want to remotely back up or restore configuration from the Internet, adjust the Timeout and Max no. of retries settings of TFTP Server for remote TFTP configuration backup/restore to succeed. 3.3.3.5. Resetting Configuration to Factory Defaults Fig. 28: Configuration reset Clicking the Reset button resets the device configuration to factory defaults. WARNING: Think twice before clicking the Reset button. You’ll lose all your current configuration settings. 3.4.
3.4.2. DHCP Server 3.4.2.1. Basic Fig. 30: Basic DHCP server settings The IEEE 802.11b/g can automatically assign IP addresses to client computers by DHCP. In this section of the management page, you can specify the Default gateway, Subnet mask, Primary DNS server, and Secondary DNS server settings that will be sent to a client at its request. Additionally, you can specify the first IP address that will be assigned to the clients and the number of allocable IP addresses.
signed the same IP address. To always assign a static IP address to a specific DHCP client: 1. Specify the MAC address of the DHCP client and the IP address to be assigned to it. Then, give a description for this mapping. 2. Select the corresponding Enabled check box. 3.5. Configuring IEEE 802.11g-Related Settings 3.5.1. Communication 3.5.1.1. Basic Basic IEEE 802.11g-related communication settings include IEEE 802.
3.5.1.2. Multiple SSID If you want to configure the Guest and Internal networks on Virtual LAN (VLANs), the switch and DHCP server you are using must support VLANs. As a prerequisite step, configure a port on the switch for handling VLAN tagged packets as described in the IEEE802.1Q standard. The MSSID numbers can setup for 1 to 4 sets. When you enable MSSID you can name each SSID. If you configure enable Guest access and configure Internal and Guest networks on VLANs, this field will be enabled.
3.5.1.5. IEEE 802.11b/g Load Balancing Fig. 36: IEEE 802.11b/g load balancing settings Several IEEE 802.11b/g’s can form a load-balancing group if they are set with the same Group ID. The load-balancing policy can be by Number of Users or by Traffic Load. If the by-number-of-users policy is selected, a new wireless user can only associate with an IEEE 802.11b/g that has the smallest number of associated wireless users in the group.
By WDS, two or more LAN segments can be connected wirelessly. As illustrated in Fig. 38, a pair of wireless LAN-to-LAN bridges is used to connect two LAN segments. Since the IEEE 802.11b/g is WDS-enabled, it can be used as a wireless bridge. NOTE: A IEEE 802.11b/g can have up to 6 WDS links to other APs or wireless bridges. Fig. 39: Wireless Distribution System settings To enable a WDS link: 1. Specify the MAC address of the IEEE 802.11b/g at the other end of the WDS link. 2.
Fig. 40. Sample wireless bridge network topology. WARNING: Don’t let your network topology consisting of wireless bridges, Ethernet switches, Ethernet links, and WDS links contain loops. If any loops exist, packets will circle around the loops and network performance will be seriously degraded. Fig. 41: Network topology containing a loop If external high-gain directional antennas are used, it’s difficult to align the antennas when the distance between the bridges is long.
12. Increase the data rate of each bridge simultaneously until a maximal workable data rate is reached. You may not be able to use the highest data rate, 11Mbps, because of the distance and the gain of the antennas. Fig. 42 illustrates the idea. Adjust antenna alignment WDS Link Bridge 2 Bridge 1 PING (ICMP Echo Request) ICMP Echo Reply Computer 1 Computer 2 Fig. 42: Adjusting alignments of external directional antennas 3.5.2. Security IEEE 802.
SSID 1~4 The network names that you name each SSID in the previous page SSID Broadcasts Enable or Disable SSID broadcast. Enabling this feature broadcasts the SSID across the network. Wireless client isolation When the IEEE 802.11b/g is in AP/Bridge mode, wireless-to-wireless traffic can be blocked so that the wireless clients cannot see each other. This capability can be used in hotspots applications to prevent wireless hackers from attacking other wireless users’ computers.
3.5.2.1. Basic Fig. 43: Basic IEEE 802.11g security settings For security reasons, it’s highly recommended that the security mode be set to options other than Open System. When the security mode is set to Open System, no authentication and data encryption will be performed. Additionally, you can disable the SSID broadcasts functionality so that a wireless client computer with an “any” SSID cannot associate with the AP.
STA 1 STA 3 STA 2 AP 1 AP 2 WCI: All APs in This Subnet WCI: All APs in This Subnet Switch Wireless Link Ethernet Link Fig. 45: Behavior of the “All APs on This Subnet” wireless client isolation option As illustrated in Fig. 44 when AP 1 and AP 2 are using the “This AP Only” option, wireless traffic between STA 1 and STA 2 is blocked by AP 1, while wireless traffic between STA 2 and STA 3, which are associated with different APs, is still allowed.
In the above security modes, a back-end RADIUS (Remote Authentication Dial-In User Service) server is needed if IEEE 802.1x functionality is enabled. See Section 3.5.3 for more information about IEEE 802.1x and RADIUS. According to the IEEE 802.11 standard, WEP can be used for authentication and data encryption. Normally, Shared Key authentication is used if WEP data encryption is enabled. In rare cases, Open System authentication may be used when WEP data encryption is enabled.
3. Specify the MAC address of a wireless client to be denied access, and then click Add. 4. Repeat Steps 3 for other wireless clients. To delete an entry in the access control table: z Click Delete next to the entry. NOTE: The size of the access control table is 64. Fig.
IEEE 802.1x, a user has to issue his or her user name and password or digital certificate to the backend RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS server can record accounting information such as when a user logs on to the wireless LAN and logs off from the wireless LAN for monitoring or billing purposes. The IEEE 802.1x functionality of the access point is controlled by the security mode (see Section 3.5.2.1).
Fig. 50: IEEE 802.1x/RADIUS settings TIP: Refer to the IEEE 802.1x-related white papers on the companion CD-ROM for more information about deploying secure WLANs with IEEE 802.1x support. 3.6. Configuring Advanced Settings 3.6.1. Packet Filters The IEEE 802.11b/g provides layer 2 (Ethernet Type Filters), layer 3 (IP Protocol Filters), and layer 4 (TCP/UDP Port Filters) filtering capabilities. The configuration processes for the filters are similar.
3.6.1.2. IP Protocol Filters Fig. 52: IP protocol filters settings The protocol, source address, and destination address fields of a packet incoming from the WLAN or Ethernet interface is inspected for filtering. In a rule, specify the hex-decimal protocol number, source IP address range (Source IP Address AND Source Subnet Mask), and destination IP address range (Destination IP Address AND Destination Subnet Mask).
3.6.2. Management 3.6.2.1. UPnP Fig. 54: UPnP settings UPnP (Universal Plug and Play) enables a Windows XP user to automatically discover peripheral devices by HTTP. When the UPnP functionality is enabled, you can see the IEEE 802.11b/g in My Network Places of Windows XP. The IEEE 802.11b/g can be given a friend name that will be shown in My Network Places. Double-clicking the icon in My Network Places that stands for the IEEE 802.11b/g will launch the default Web browser for you to configure the AP. 3.6.
3.6.2.3. SNMP Fig. 56: SNMP settings The SNMP (Simple Network Management Protocol) functionality can be disabled, and you can specify the name (used as a password) of the read-only and read-write community. In addition, up to 5 SNMP trap targets can be set in the SNMP Trap Table. To specify a trap target: 1. Type the IP address of the target host. 2. Type the Community for the host. 3. Select the corresponding check box next to the IP address text box.
Appendix A: Default Settings TIP: Press the Default (SF-Reset, or Soft-Reset) switch on the housing of a powered-on IEEE 802.11b/g to reset the configuration settings to factory-default values. Setting Name Global User Name Password IEEE 802.11g Regulatory Domain Channel Number SSID SSID Broadcasts Transmission Rate Transmit Power MAC Address Default Value root root FCC (U.S.) 11 wireless Enabled Auto High See the label on the accompanying PCMCIA card or the label on the housing of the AP.
Appendix B: Troubleshooting Check the following first: z Make sure that the power of the IEEE 802.11b/g is on and the Ethernet cables are connected firmly to the RJ-45 jacks of the IEEE 802.11b/g. z Make sure that the LED ALV of the IEEE 802.11b/g is blinking to indicate the IEEE 802.11b/g is working. z Make sure the types of the Ethernet cables are correct. Recall that there are two types—normal and crossover.
B-2: TCP/IP Settings Problems Correspondent Host IEEE 802.11g Internet Ethernet LAN Stage A Client Computer Stage D State B AP Default Gateway of Client Computer DNS Server of Client Computer Fig. 57: Communication stages for a client to reach its correspondent host For a wireless client computer to communicate with a correspondent host on the Internet by the host’s domain name (e.g. http://www.wi-fi.com), it first sends a DNS request to a DNS server on the Internet.
z z Make sure the wireless settings of the wireless client computer and of the IEEE 802.11b/g match. Are the IP address of the client computer and the IP address of the IEEE 802.11b/g in the same IP subnet? Use WinIPCfg.exe or IPConfig.exe to see the current IP address of the client computer. Make sure the IP address of the client computer and the IP address of the IEEE 802.11b/g are in the same IP subnet.
Fig. 58: Wireless Router/AP Browser z The IEEE 802.11b/g stops working and does not respond to Web management requests. The firmware of the IEEE 802.11b/g may be stuck in an incorrect state. Unplug the power connector from the power jack, and then re-plug the connector to restart the AP. Contact our technical support representatives to report this problem, so that the bugs can be static in future firmware versions. If the IEEE 802.