advertisement
▼
Scroll to page 2
of
46
KWG-6080 802.11n Wall AP User Guide i ii Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiated radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help. FCC Caution: To assure continued compliance, (example – use only shielded interface cables when connecting to computer or peripheral devices). Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate this equipment. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator & your body. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. iii R&TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal equipment and the mutual recognition of their conformity (R&TTE). The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) as of April 8,2000. Safety This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment. EU Countries Intended for Use The ETSI version of this device is intended for home and office use in Austria, Belgium, Denmark, Finland, France (with Frequency channel restrictions), Germany, Greece, Ireland, Italy, Luxembourg, Portugal, Spain, Sweden, The Netherlands, and United Kingdom. The ETSI version of this device is also authorized for use in EFTA member states Norway and Switzerland. EU Countries Not Intended for Use None. Warning: This unit is for in house use only, not for outside building. iv Table of Contents 1. Introduction ....................................................................................................................... 1 1.1. Overview................................................................................................................. 1 1.2. Features.................................................................................................................. 1 1.3. LED Definitions ....................................................................................................... 4 2. First-Time Installation and Configuration ........................................................................... 5 2.1. Power...................................................................................................................... 5 2.2. Installing the Access Point ...................................................................................... 5 2.3. Connecting a Managing Computer.......................................................................... 7 2.4. Configuring the AP .................................................................................................. 8 2.4.1. Login............................................................................................................. 8 2.4.2. Selecting Mode ............................................................................................. 9 2.4.3. Configuring TCP/IP Settings ....................................................................... 11 2.4.4. Configure IEEE 802.11 Settings.................................................................. 12 2.4.5. Review Settings .......................................................................................... 13 2.5. Setting up Client Computers ................................................................................. 13 2.5.1. Configure IEEE 802.11 Settings.................................................................. 13 2.5.2. Configure TCP/IP-Related Settings............................................................. 14 2.6. Confirm Settings of the Access Point and Client Computers ................................. 15 2.6.1. Checking if the IEEE 802.11n-Related Settings Work ................................. 15 2.6.2. Checking if the TCP/IP-Related Settings Work............................................ 16 3. Advanced Network Management .................................................................................... 17 3.1. Overview............................................................................................................... 17 3.1.1. Menu Structure ........................................................................................... 17 3.1.2. Apply and Cancel Commands..................................................................... 18 3.2. Viewing Status ...................................................................................................... 19 3.2.1. Associated Wireless Clients ........................................................................ 19 3.2.2. System Log ................................................................................................. 19 3.2.3. Link Monitor ................................................................................................ 20 3.3. General Operations............................................................................................... 21 3.3.1. Specifying Operational Mode ...................................................................... 21 3.3.2. Changing Password .................................................................................... 23 3.3.3. Managing Firmware .................................................................................... 23 3.4. Configuring TCP/IP Related Settings .................................................................... 24 3.4.1. Addressing .................................................................................................. 24 3.4.2. DHCP Server .............................................................................................. 25 3.5. Configuring IEEE 802.11 Related Settings............................................................ 27 3.5.1. Communication ........................................................................................... 27 3.5.2. Security....................................................................................................... 32 3.5.3. Management ............................................................................................... 37 Appendix A: Default Settings............................................................................................... 38 Appendix B: Troubleshooting .............................................................................................. 39 B-1: Wireless Settings Problems.................................................................................. 39 B-2: TCP/IP Settings Problems .................................................................................... 40 v 1. Introduction 1.1. Overview The KWG-6080 Wall Access Point enables 802.11n or 802.11g client computers to access the resources on an Ethernet network wirelessly or wired. It conveniently fits into standard wall boxes and only takes a few minutes to install and configure for use. The Wall-AP has a built-in browser-based management application offering an easy to follow setup-wizard for novice wireless users as well as comprehensive settings for more advanced users and/or network administrators. 1.2. Features Access Point Firmware Features Operational Modes AP/Bridge. This mode provides both Access Point and Static LAN-to-LAN Bridging functionality. The static LAN-to-LAN bridging function is supported through Wireless Distribution System (WDS). AP Client. This mode is for Dynamic LAN-to-LAN Bridging. The AP Client automatically establishes bridge links with APs from any vendor. RF Type Selection. The RF type of the WLAN interface can be configured to work in IEEE 802.11n only, IEEE 802.11g only, IEEE 802.11g only, or mixed mode (802.11n, 802.11g and 802.11b simultaneously). 64-bit and 128-bit WEP (Wired Equivalent Privacy). For authentication and data encryption. Enabling/Disabling SSID Broadcasts. When the Access Point is in AP/Bridge mode, the administrator can enable or disable the SSID broadcasts functionality for security reasons. When the SSID broadcast functionality is disabled, a client computer cannot connect to the Access Point with “blank” network name (SSID, Service Set ID); the correct SSID has to be specified on client computers. MAC-address-based Access Control. When the Access Point is in AP/Bridge mode, it can be configured to block unauthorized wireless client computers based on MAC (Media Access Control) addresses. Additionally, an ACL (Access Control List) can be downloaded from a TFTP server. IEEE 802.1x/RADIUS. When the Access Point is in AP/Bridge mode, it can be configured to authenticate wireless users and distribute encryption keys dynamically by IEEE 802.1x Port-Based Network Access Control and RADIUS (Remote Authentication Dial-In User Service). 1 WPA (Wi-Fi Protected Access). The Access Point supports the WPA/WAP2 standard proposed by the Wi-Fi Alliance (http://www.wi-fi.org). Both WPA-PSK (Pre-Shared Key) mode and full WPA mode are supported. WPA is composed of TKIP (Temporal Key Integrity Protocol) or AES, and IEEE 802.1x and serves as a successor to WEP for better WLAN security. Repeater. When the Access Point is in AP/Bridge mode, it can communicate with other APs or wireless bridges via WDS (Wireless Distribution System). Therefore, a Access Point can wirelessly forward packets from wireless clients to another Access Point. Then the second Access Point forwards the packets to the Ethernet network. Wireless Client Isolation. When the Access Point is in AP/Bridge mode, wireless-to-wireless traffic can be blocked so that the wireless clients cannot see each other. This capability can be used in hotspots applications to prevent wireless hackers from attacking other wireless users’ computers. Transmit Power Control. Transmit power of the Access Point’s RF module can be adjusted to desired RF coverage. Link Integrity. When the Access Point is in AP/Bridge mode and its Ethernet LAN interface is detected to be disconnected from the wired network, all currently associated wireless clients are disassociated by the Access Point and no wireless client can associate with it. Associated Wireless Clients Status. When the Access Point is in AP/Bridge mode, it can show the status of all wireless clients that are currently associated or ‘connected’. Auto Channel Selection. The auto channel selection feature allows the device to automatically select the channel that will provide optimum performance on powering up the Access Point. DHCP client. The Access Point can automatically obtain an IP address from a DHCP server. DHCP server. The Access Point can automatically assign IP addresses to computers or other devices by DHCP (Dynamic Host Configuration Protocol). Static DHCP Mappings. The administrator can specify static IP address to MAC address mappings so that IP addresses are always assigned to the hosts with the specified MAC addresses. Showing Current DHCP Mappings. Displays which IP address is assigned to which host identified by an MAC address. Packet Filtering. The Access Point provides Layer 2, Layer 3, and Layer 4 filtering capabilities. 2 Firmware Management Tools Firmware Upgrade. The firmware of the Access Point can be upgraded in the following methods: HTTP-based. Upgrading firmware by HTTP (HyperText Transfer Protocol). Configuration Backup. The configuration settings of the Access Point can be backed up to a file via TFTP or HTTP for later restoring. Configuration Reset. Clears current configuration settings and restores to factory-default values. Management Browser-based Network Manager for configuring and monitoring the Access Point via a Web browser. The management protocol is HTTP (Hyper Text Transfer Protocol)-based. SNMP. SNMP (Simple Network Management Protocol) MIB I, MIB II, IEEE 802.1d, IEEE 802.1x are supported. UPnP. The Access Point responds to UPnP discovery messages so that a Windows XP user can locate the Access Point in My Network Places and use a Web browser to configure it. System Log. For system operational status monitoring. Local log. System events are logged to the on-board RAM of the Access Point and can be viewed using a Web browser. Remote log by SNMP trap. Systems events are sent in the form of SNMP traps to a remote SNMP management server. Power over Ethernet. Power is supplied to the Access Point via an Ethernet cable using an 802.3af compliant power injector. Hardware Watchdog Timer. If the firmware “hangs” in an invalid state, the hardware watchdog timer will detect this situation and restart the Access Point. This way, the Access Point can provide continuous services. 3 1.3. LED Definitions There are several LED indicators on the front of the Access Point. Please refer to the definitions below: A. WAN: Green, solid when connected, flashing when data activity B. Wireless: Green, solid when on, flashing when wireless data activity C. RJ-45 LAN port Amber, solid when LAN connection Green, solid when LAN connection, flashing when activity 4 2. First-Time Installation and Configuration 2.1. Power The Access Point is powered using PoE (Power over Ethernet). The Access Point automatically selects the suitable power supply. To power the AP by PoE: The WAN port for network and power input is at the rear of the wall-AP: 1. Plug one connector of an Ethernet cable to an available port of a PoE injector or switch. 2. Plug the other connector of the Ethernet cable to the WAN port on the rear of the Access Point. NOTE: The Access Point is 802.3af compatible. 2.2. Installing the Access Point The wall mount AP is supplied with a metal fascia affixed to a quad port euro-module faceplate. 5 This will therefore fit onto a standard double size, UK mains back box (146x86mm) – either patress/surface type or wall/plaster type. Typically you will need a box of at least 47mm internal depth. Viewed from the side shows the fixing screw used to locate the AP into the metal fascia. You can loosen the screw to allow the AP to be slid forwards and backwards in the housing. Where a shallow box is used then a 10mm spacer can be used to increase the workable depth: 6 2.3. Connecting a Managing Computer The default IP address for the wall-AP is 192.168.100.1. Since the configuration/management protocol is HTTP-based, make sure that the IP address of the managing computer and the IP address of the managed AP are in the same IP range. You can connect the managing computer via the rear WAN connection of via the front LAN connection – as shown below Fig. 1. Fig. 1. Connecting a managing computer and the Access Point via Ethernet You can use either a standard Ethernet cable (included in the package) or a switch/hub with two normal Ethernet cables. NOTE: You must always have a LAN connection with PoE connected to the wall-AP rear WAN port for the device to operate. 7 2.4. Configuring the AP After the IP addressing issue is resolved, launch a Web browser on the managing computer. Then, go to 192.168.100.1 to access the Web-based Network Manager login page. 2.4.1. Login Before the Home page is shown, you will be prompted to enter the user name and password to gain the right to access the Web-based Network Manager. For first-time configuration, use the default user name “admin” and default password “admin”, respectively. Fig. 2. The Login page NOTE: It is strongly recommended that the password be changed for security reasons. On the start page, click the General, Password link to change the value of the password (see Section 3.3.1 for more information). 8 Once you have successfully logged in, the Home page opens. Click on the main manual on left hand side for Setup. Fig. 3. The Home page 2.4.2. Selecting Mode The Access Point supports two operational modes: AP/Bridge. This mode provides both Access Point and Static LAN-to-LAN Bridging functionality. The static LAN-to-LAN bridging function is supported through Wireless Distribution System (WDS). AP Client. This mode is for Dynamic LAN-to-LAN Bridging. The AP Client automatically establishes bridge links with APs from any vendors. 9 Fig. 4. Operational mode settings 1. Click on Administration from the side menu, and then select Operational Mode. 2. Select an operational mode and click Apply to apply the setting. In either mode, the Access Point forwards packets between its Ethernet interface and wireless interface for wired hosts on the Ethernet side and wireless host(s) on the wireless side. There are two types of wireless links as specified by the IEEE 802.11 standard. STA-AP. This type of wireless link is established between an IEEE 802.11 Station (STA) and an IEEE 802.11 Access Point (AP). An STA is usually a client computer (PC or PDA) with a WLAN network interface card (NIC). The AP Client mode is actually an STA. WDS. This type of wireless link is established between two IEEE 802.11 Access Point’s. Wireless packets transmitted along the WDS link comply with the IEEE 802.11 WDS (Wireless Distribution System) format at the link layer. The relationships among the operational modes and the wireless link types are shown in the following table: AP/Bridge AP Client AP/Bridge WDS STA-AP AP Client STA-AP Table 1. Operational modes vs. wireless link types. 10 To establish a static bridge link based on WDS, the AP/bridges at both end of the WDS link must be manually configured with each other’s MAC addresses (see Section 3.5.1.3 for more information). To establish a dynamic bridge link between an Access Point and an AP Client, both devices have to be configured with the same SSID and WEP settings. The AP Client automatically scans for any Access Point that is using the matched SSID and establishes a bridge link with the scanned Access Point. NOTE: Although it’s more convenient to use dynamic bridging, it has a limitation—the AP Client only can forward TCP/IP packets between its wireless interface and Ethernet interface; other type of traffic (such as IPX and AppleTalk) is not forwarded. TIP: When the Access Point is configured to be in AP Client, it can be used as an Ethernet-to-wireless network adapter. For example, a notebook computer equipped with an Ethernet adapter can be connected to this device with a crossover Ethernet cable for wireless connectivity to another access point. 2.4.3. Configuring TCP/IP Settings The IP address can be manually set or automatically assigned by a DHCP server on the LAN. If you are manually setting the IP address, Subnet mask, and Default gateway settings, set them appropriately, so that they comply with your LAN environment. Fig. 5. TCP/IP settings. 1. Click on Internet Settings from the side menu and select LAN Connection. 2. When you have finished making changes, click Apply. 11 2.4.4. Configure IEEE 802.11 Settings The Network Manager utility allows the user to configure IEEE 802.11n-related communication settings, including Regulatory domain, Channel number, and Network name (SSID) of the Access Point. The number of available RF channels depends on local regulations; therefore you have to choose an appropriate regulatory domain to comply with local regulations. The SSID of a wireless client computer and the SSID of the Access Point must be identical for them to communicate with each other. NOTE: Put a check in the Auto Channel Selection checkbox to allow the Frequency Channel of the Access Point to be automatically set. Fig. 6. IEEE 802.11n communication settings 1. Click on Wireless Settings from the side menu, and then select Basic. 2. When you have finished, scroll to the bottom of the screen and click either Apply. 12 2.4.5. Review Settings On the Summary page, you can review all the settings you have made. Fig. 7. Access Point Status. 2.5. Setting up Client Computers The TCP/IP and IEEE 802.11n-related settings of wireless client computers must match those of the Access Point in order for a wireless link to be established. 2.5.1. Configure IEEE 802.11 Settings Before the TCP/IP networking system of a wireless client computer can communicate with other hosts, the underlying wireless link must be established between a wireless-enabled computer and the Access Point. To establish a wireless link: Launch the configuration/monitoring utility provided by the vendor of the installed wireless adapter 13 OR Use the automatic wireless network connection feature in Windows. NOTE: A wireless client computer must be in infrastructure mode, so that it can associate with an AP. NOTE: The SSID of the wireless client computer and the SSID of the Access Point must be identical. Or, in case the SSID broadcasts capability of the Access Point is enabled (by default), the SSID of the wireless client computer could be set to “any”. NOTE: Both the wireless client computer and the Access Point must have the same WEP settings for them to communicate with each other. NOTE: For better wireless security, IEEE 802.1x capability of the Access Point must be enabled so that only authenticated wireless users can access the wireless network. 2.5.2. Configure TCP/IP-Related Settings Use Windows Network Control Panel Applet to change the TCP/IP settings of the client computers, so that the IP addresses of the client computers and the IP address of the Access Point are in the same IP subnet. If a client computer is originally set a static IP address, you can either change its IP address to match the IP address of the AP, or select an automatically-obtain-an-IP-address option if there is a DHCP server on the network. NOTE: For some versions of Windows, the computer needs to be restarted for the changes of TCP/IP settings to take effect. 14 2.6. Confirm Settings of the Access Point and Client Computers After configuring the Access Point and setting up client computers, it is recommended that all settings are checked and confirmed. 2.6.1. Checking if the IEEE 802.11n-Related Settings Work To check if a wireless client computer can associate with the AP: 1. Launch the configuration/monitoring utility provided by the vendor of the installed WLAN NIC. 2. Check if the client computer is associated to an access point, and the access point is the Access Point. If the check fails, see Appendix B-1, “Wireless Settings Problems” for troubleshooting. 15 2.6.2. Checking if the TCP/IP-Related Settings Work To check if a client computer can access the Internet: 1. Open a Windows Command Prompt window on the client computer. 2. Type “ping advap”, where advap is a placeholder for the IP address of the AP. Replace it with your real IP address—for example, 192.168.100.1. Then press Enter. If the Access Point responds, go to the next step; else, see Appendix B-2, “TCP/IP Settings Problems” for troubleshooting. 3. Type “ping default_gateway”, where default_gateway is a placeholder for the IP address of the default gateway of the wireless client computer. Then press Enter. If the gateway responds, go to the next step; else, see Appendix B-2, “TCP/IP Settings Problems” for troubleshooting. 4. Type “ping 1st_dns_server”, where 1st_dns_server is a placeholder for the IP address of the primary DNS server of the wireless client computer. Then press Enter. If this DNS server responds, go to the next step; else, see Appendix B-2, “TCP/IP Settings Problems” for troubleshooting. 5. Type “ping 2nd_dns_server”, where 2nd_dns_server is a placeholder for the IP address of the secondary DNS server of the wireless client computer. Then press Enter. If this DNS server responds the client should have no problem with TCP/IP networking; else, see Appendix B-2, “TCP/IP Settings Problems” for troubleshooting. 16 3. Advanced Network Management This section covers the options and settings available in the ‘Advanced’ mode of the Web-based Network Manager utility. 3.1. Overview To enter, simply click on the “Advanced” of “Wireless Settings” option on the Home page after login. Fig. 8. The Summary page 3.1.1. Menu Structure The left side of the screen contains a menu for you to carry out commands. Here is a brief description of the menu options: Summary. Click this tab to view a screen with at-a-glance status information. 17 Status. Click this tab to access the following settings: Wireless Clients. The status of the wireless clients currently associated with the AP. DHCP Mappings. Current IP-MAC address mappings of the built-in DHCP server. System Log. System events log. Link Monitor. When the Access Point is in AP Client mode, this page shows the signal strength and link quality of the wireless link to its associated access point. Internet. Click this tab to access the following settings: Addressing. Modify IP address settings of the Access Point. DHCP Server. Modify settings for the DHCP (Dynamic Host Configuration Protocol) server. Wireless. Click this tab to access the following settings: Communication. Modify basic IEEE 802.11n/b/g settings of the Access Point to work properly with wireless clients. Security. Modify security settings for authenticating wireless users and encrypting wireless data. IEEE 802.1x/RADIUS. Modify IEEE 802.1x Port-Based Network Access Control and RADIUS (Remote Authentication Dial-In User Service) security settings. Administration. Administration related settings of the Access Point. Operational Mode. Operational mode of the Access Point —AP/Bridge or AP Client. Management. Modify the Password, change the language, and time zone setting. Upgrade Firmware. For upgrading the firmware of the Access Point, backing up and restoring configuration, and configuration reset settings of the Access Point. Setting Management. To Export or Inport Setting, and RESET to factory default or reboot the system. 3.1.2. Apply and Cancel Commands At the bottom of each page that contains settings you can configure, there are up to two buttons—Apply and Cancel. Clicking Apply stores the settings changes to the memory of the Access Point and restarts the Access Point immediately for the settings changes to take effect. Clicking Cancel discards any settings changes and brings you back to the start page. Fig. 9. Apply and Cancel. 18 3.2. Viewing Status 3.2.1. Associated Wireless Clients On this page, the status information of each associated client, including its MAC address, IP address, user name (if the client has been IEEE 802.1x authenticated), number of bytes it has sent, number of bytes it has received, and the time of its last activity, is shown. Fig. 10. Status of associated wireless clients 3.2.2. System Log System events are recorded in the memory of the Access Point. The logged information is useful for troubleshooting purposes. 19 Fig. 11. System log 3.2.3. Link Monitor When the Access Point is in AP Client mode, use the Link Monitor feature to monitor the link quality and signal strength of the connection. Larger values mean better wireless connectivity to the Access Point. Fig. 12. Link monitor NOTE: The values are updated every 20 seconds. 20 3.3. General Operations 3.3.1. Specifying Operational Mode Fig. 13. Operational mode settings The Access Point supports two operational modes: AP/Bridge. This mode provides both Access Point and Static LAN-to-LAN Bridging functionality. The static LAN-to-LAN bridging function is supported through Wireless Distribution System (WDS). AP Client. This mode is for Dynamic LAN-to-LAN Bridging. The AP Client automatically establishes bridge links with APs from any vendors. In either mode, the Access Point forwards packets between its Ethernet interface and wireless interface for wired hosts on the Ethernet side and wireless host(s) on the wireless side. There are 2 types of wireless links as specified by the IEEE 802.11 standard. STA-AP. This type of wireless link is established between an IEEE 802.11 Station (STA) and an IEEE 802.11 Access Point (AP). An STA is usually a client computer (PC or PDA) with a WLAN network interface card (NIC). The AP Client mode is actually an STA. WDS. This type of wireless link is established between two IEEE 802.11 Access Point’s. Wireless packets transmitted along the WDS link comply with the IEEE 802.11 WDS (Wireless Distribution System) format at the link layer. The relationships among the operational modes and the wireless link types are shown in the following table: AP/Bridge AP Client AP/Bridge WDS STA-AP AP Client STA-AP 21 Table 2. Operational modes vs. wireless link types To establish a static bridge link based on WDS, the AP/bridges at both end of the WDS link must be manually configured with each other’s MAC addresses (see Section 3.5.1.3 for more information). To establish a dynamic bridge link between a Access Point and an AP Client, both devices have to be configured with the same SSID and WEP settings. The AP Client automatically scans for any Access Point that is using the matched SSID and establishes a bridge link with the scanned Access Point. NOTE: Although it’s more convenient to use dynamic bridging, it has a limitation—the AP Client only can forward TCP/IP packets between its wireless interface and Ethernet interface; other type of traffic (such as IPX and AppleTalk) is not forwarded. TIP: When the Access Point is configured to be in AP Client, it can be used as an Ethernet-to-wireless network adapter. For example, a notebook computer equipped with an Ethernet adapter can be connected to this device with a crossover Ethernet cable for wireless connectivity to another access point. 22 3.3.2. Changing Password On the page “Management” of “Administration”, the user name and password may be changed after Apply. Fig. 14. Password. 3.3.3. Managing Firmware 3.3.3.1. Upgrading Firmware by HTTP Fig. 15. Firmware upgrade by HTTP To upgrade firmware of the Access Point by HTTP: 1. Click Browse and then select a correct firmware .bin file. The firmware file path will be shown in the Firmware file name text box. 2. Click Apply to begin the upgrade process. 23 3.3.3.2. Resetting Configuration to Factory Defaults On the page “Setting Management” of “Administration” , clicking the Load Default button resets the device configuration to factory defaults. Fig. 16. Configuration reset WARNING: Think twice before using the Load Default button, as all your current configuration settings will be removed. 3.4. Configuring TCP/IP Related Settings 3.4.1. Addressing The IP address of the Access Point can be manually set STATIC (fixed IP) ) or automatically assigned by a DHCP server on the LAN (Obtain from a DHCP Server). If you are manually setting the IP address, Subnet mask, and Default gateway settings, set them appropriately, so that they comply with your LAN environment. In addition, you can specify the Host name and Domain (DNS suffix) of the Access Point. Fig. 17. TCP/IP settings 24 3.4.2. DHCP Server 3.4.2.1. Basic The Access Point can automatically assign IP addresses to client computers by DHCP. From this screen, you can specify the Default gateway, Subnet mask, Primary DNS server, and Secondary DNS server settings that will be sent to a client at its request. Additionally, you can specify the first IP address that will be assigned to the clients and the number of IP addresses available for allocation. Fig. 18. Basic DHCP server settings. NOTE: There should be only one DHCP server on the LAN; otherwise, DHCP would not work properly. If there is already a DHCP server on the LAN, disable the DHCP server functionality of the Access Point. NOTE: By default the DHCP server function is disabled. 3.4.2.2. Static DHCP Mappings IP addresses of servers are often static so that clients could always locate the servers by the static IP addresses. By Static DHCP Mappings, you can ensure that a host will get the same IP address when it requests one from the DHCP server. Therefore, instead of configuring the IP address of an intranet server manually, you can configure the server to obtain an IP address by DHCP and it is always assigned the same IP address. 25 Fig. 19. Static DHCP mappings To always assign a static IP address to a specific DHCP client: 1. Specify the MAC address of the DHCP client and the IP address to be assigned to it. 2. Apply the setting of changes. 26 3.5. Configuring IEEE 802.11 Related Settings 3.5.1. Communication 3.5.1.1. Basic Basic IEEE 802.11n-related communication settings include Access Point functionality, RF type, Channel number, Multiple Network name (SSID). For specific needs such as configuring the Access Point as a wireless LAN-to-LAN bridge, the Access Point functionality can be disabled, so that no wireless client can associate with the Access Point. Fig. 20. Basic IEEE 802.11n communication settings The RF type of the WLAN interface can be configured to work in IEEE 802.11n only (n Only), IEEE 802.11g only (g Only), or mixed mode (Mixed—802.11n and 802.11g and 802.11b simultaneously). The number of available RF channels depends on local regulations; therefore you have to choose an appropriate regulatory domain to comply with local regulations. The SSID of a wireless client com- 27 puter and the SSID of the Access Point must be identical for them to communicate with each other. 3.5.1.2. Link Integrity Fig. 21. Link integrity settings When the Ethernet LAN interface is detected to be disconnected from the wired network, all currently associated wireless clients are disassociated by the Access Point and no wireless client can associate with the Access Point. The detection mechanism is based on pinging the IP address specified in Reference host. 3.5.1.3. Wireless Distribution System Traditionally, access points are connected by Ethernet. By Wireless Distribution System (WDS), APs can communicate with one another wirelessly. For example, in Fig. 22, AP 2 acts as an access point for the notebook computers and it forwards packets sent from the notebook computers to AP 1 through WDS. Then, AP 1 forwards the packets to the Ethernet LAN. Packets destined for the notebook computers follow a reverse path from the Ethernet LAN through the APs to the notebook computers. In this way, AP 2 plays a role of “AP repeater”. Fig. 22. Wireless Distribution System By WDS, two or more LAN segments can be connected wirelessly. As illustrated in Fig. 23, a pair of wireless LAN-to-LAN bridges is used to connect two LAN segments. Since the Access Point is WDS-enabled, it can be used as a wireless bridge. 28 Fig. 23. LAN-to-LAN bridging NOTE: A Access Point can have up to 6 WDS links to other APs or wireless bridges. 29 Fig. 24. Wireless Distribution System settings To enable a WDS link: 1. Specify the MAC address of the Access Point at the other end of the WDS link. 2. Select the corresponding Enabled check box. For example, assume you want two Access Point’s with MAC addresses 00-02-65-01-62-C5 and 00-02-65-01-62-C6 to establish a WDS link between them. On Access Point 00-02-65-01-62-C5, set the peer MAC address of port 1 to 00-02-65-01-62-C6 and on AP 00-02-65-01-62-C6, set the peer MAC address of port 1 to 00-02-65-01-C5. 30 TIP: Plan your wireless network and draw a diagram, so that you know how a Access Point is connected to other peer Access Point s or wireless bridges by WDS. TIP: Plan your wireless network and draw a diagram, so that you know how a bridge is connected to other peer bridges by WDS. See the following figure for an example network-planning diagram. Fig. 25. Sample wireless bridge network topology. WARNING: Don’t let your network topology consisting of wireless bridges, Ethernet switches, Ethernet links, and WDS links contain loops. If any loops exist, packets will circle around the loops and network performance will be seriously degraded. Fig. 38. Network topology containing a loop If external high-gain directional antennas are used, it’s difficult to align the antennas when the distance between the bridges is long. 31 3.5.2. Security IEEE 802.11n security settings include SSID broadcasts, Wireless client isolation, Security mode, , MAC-Address-Based Access Control. TABLE OF SECURITY SETTING DEFINITIONS SSID The network name SSID Broadcasts Enable or Disable SSID broadcast. Enabling this feature broadcasts the SSID across the network. Wireless Client Isolation When the Access Point is in AP/Bridge mode, wireless-to-wireless traffic can be blocked so that the wireless clients cannot see each other. This capability can be used in hotspots applications to prevent wireless hackers from attacking other wireless users’ computers. Security mode The Security options for the primary SSID (SSID1) are up to 9 security modes depending on AP model variations: Open System. No authentication, no data encryption. 32 3.5.2.1. Selecting Wireless Security Mode For security reasons, it’s highly recommended that the security mode be set to options other than Open System. When the security mode is set to Open System, no authentication and data encryption will be performed. Additionally, you can disable the SSID broadcasts functionality so that a wireless client computer with an “any” SSID cannot associate with the AP. Fig. 26. Basic IEEE 802.11n security settings When the Wireless client isolation setting is set to This AP Only, wireless clients of this Access Point cannot see each other, and wireless-to-wireless traffic is blocked. This feature is useful for WLANs deployed in public places. In this way, hackers have no chance to attack other wireless users in a hotspot. When the Wireless client isolation setting is set to This AP Only, wireless clients (STAs) of this Access Point cannot see each other, and wireless-to-wireless traffic between the STAs is blocked. 33 STA 1 STA 3 STA 2 AP 1 AP 2 WCI: This AP Only WCI: This AP Only Switch Wireless Link Ethernet Link Fig. 27. Behavior of the “This AP Only” wireless client isolation option As illustrated in Fig. 27 when AP 1 and AP 2 are using the “This AP Only” option, wireless traffic between STA 1 and STA 2 is blocked by AP 1, while wireless traffic between STA 2 and STA 3, which are associated with different APs, is still allowed. Choose from up to 7 security modes: Open System. No authentication, no data encryption. Static WEP. WEP (Wired Equivalent Privacy) keys must be manually configured. Static TKIP (WPA-PSK). Only TKIP (Temporal Key Integrity Protocol) mechanism of WPA (Wi-Fi Protected Access) is enabled. In this mode, you have to specify the Pre-shared key, which will be used by the TKIP engine as a master key to generate keys that actually encrypt outgoing packets and decrypt incoming packets. 34 NOTE: The Pre-Shared Key has a minimum of 8 and maximum of 63 characters. IEEE 802.1x EAP without Encryption (EAP-MD5). The IEEE 802.1x functionality is enabled and the user-name/password-based EAP-MD5 authentication is used. No data encryption. IEEE 802.1x EAP with Static WEP (EAP-MD5). The IEEE 802.1x functionality is enabled and the user-name/password-based EAP-MD5 authentication is used. Data encryption is achieved by static WEP. IEEE 802.1x EAP with Dynamic WEP (EAP-TLS, EAP-TTLS, PEAP). The IEEE 802.1x functionality is enabled and dynamic WEP key distribution authentication (EAP-TLS, EAP-TTLS, or PEAP) is used. Data encryption is achieved by dynamic WEP. IEEE 802.1x EAP with Dynamic TKIP (WPA). This is a full WPA mode, in which both the TKIP and IEEE 802.1x dynamic key exchange mechanisms are enabled. The Access Point is highly secured in this mode. In the above security modes, a back-end RADIUS (Remote Authentication Dial-In User Service) server is needed if IEEE 802.1x functionality is enabled. According to the IEEE 802.11 standard, WEP can be used for authentication and data encryption. Normally, Shared Key authentication is used if WEP data encryption is enabled. In rare cases, Open System authentication may be used when WEP data encryption is enabled. The Authentication algorithm setting is provided for better compatibility with wireless clients with various WLAN network adapters. There are three options available, including Open System, Shared Key, and Auto. When WEP is enabled by a security mode, the Key length can be specified to be 64 Bits or 128 Bits. The Selected key setting specifies the key to be used as a send-key for encrypting traffic from the Access Point side to the wireless client side. All 4 WEP keys are used as receive-keys to decrypt traffic from the wireless client side to the Access Point side. NOTE: Each field of a WEP key setting is a hex-decimal number from 00 to FF. For example, when the security mode is Static WEP and the key length is 64 Bits, you could set Key 1 to “00012E3ADF”. 3.5.2.2. MAC-Address-Based Access Control When the MAC-Address-Based Access Control feature, the wireless client computers that are permitted or not permitted to associate with the Access Point can specified. When the table type is set to inclusive, entries in the table are permitted to associate with the Access Point. When the table type is set to exclusive, entries in the table are not permitted to associate with the Access Point. 35 Fig. 28. MAC-address-based access control settings To deny wireless clients’ access to the wireless network: 1. Select Enabled from the Functionality drop-down list. 2. Set the Access control type to exclusive. 3. Specify the MAC address of a wireless client to be denied access, and then click Add. 4. Repeat Steps 3 for other wireless clients. To grant wireless clients’ access to the wireless network: 1. Select Enabled from the Functionality drop-down list. 2. Set the Access control type to inclusive. 3. Specify the MAC address of a wireless client to be denied access, and then click Add. 4. Repeat Steps 3 for other wireless clients. 36 3.5.3. Management 3.5.3.1. UPnP The UPnP (Universal Plug and Play) features enables a Windows XP user to automatically discover peripheral devices by HTTP. Fig. 29. UPnP settings When the UPnP functionality is enabled, you can see the Access Point in My Network Places of Windows XP. The Access Point can be given a friendly name that will be shown in My Network Places. Double-clicking the Access Point icon in My Network Places will launch the default Web browser for you to configure the AP. 37 Appendix A: Default Settings TIP: Press the Default (SF-Reset, or Soft-Reset) switch on the housing of a powered-on Access Point to reset the configuration settings to factory-default values. Setting Name Global User Name Password IEEE 802.11g Regulatory Domain Channel Number SSID SSID Broadcasts Transmission Rate Transmit Power MAC Address Default Value admin admin FCC (U.S.) 1 Wireless1 Enabled Auto High See the label on the accompanying PCMCIA card or the label on the housing of the AP. Disable Disabled Security Mode MAC-Address-Based Access Control Access Control Table Type Inclusive Wireless Client Isolation Disabled AP Load balancing Disabled Link Integrity Disabled LAN Interface Method of obtaining an IP Address STATIC (fixed IP) IP Address 192.168.100.1 (if can’t get IP) Subnet Mask 255.255.255.0 Default Gateway 192.168.100.1 DHCP Server Disabled Management UPnP Enabled System Log Local Log SNMP Enabled SNMP read/write community public 38 Appendix B: Troubleshooting Check the following first: Verify that Access Point is powered-on and any Ethernet cables are connected firmly to the RJ-45 jacks of the Access Point. Verify that the LED ALV of the Access Point is blinking to indicate the Access Point is working. Check that the types of Ethernet cables are correct. Recall that there are two types—normal and crossover. B-1: Wireless Settings Problems The wireless client computer cannot associate with the Access Point. Is the wireless client in infrastructure mode? Is the SSID identical to that of the Access Point? Verify that the SSID setting of the wireless adapter matches that of the Access Point. Is the WEP enabled? Check the operating mode of the wireless adapter. If necessary, ensure that the appropriate WEP settings of the client computer match the Access Point. Is the Access Point within range of wireless communication? Check the signal strength and link quality sensed by the wireless adapter. 39 B-2: TCP/IP Settings Problems Fig. 30. Communication stages for a client to reach its correspondent host For a wireless client computer to communicate with a correspondent host on the Internet by the host’s domain name (e.g. http://www.wi-fi.com), it first sends a DNS request to a DNS server on the Internet. The DNS request travels first to the AP, then the Access Point relays this request to the default gateway of the client computer. Finally, this request is forwarded by the gateway to the DNS server on the Internet. The DNS reply issued by the DNS server is transmitted back to the client computer following a reverse path. When the client computer receives the DNS reply, it knows the IP address of the correspondent host and sends further packets to this IP address. As illustrated in Fig. 30, the communication path could be broken at some of the stages. The OS-provided network diagnostic tool, ping.exe, can be employed to find out TCP/IP-related communication problems. NOTE: If two or more NICs are installed and operating on a client computer, TCP/IP may not work properly due to incorrect entries in the routing table. Use the OS-provided command-line network tool, route.exe, to add or delete entries from the routing table. Or, use Windows-provided Device Manager to disable unnecessary NICs. Solve the following problems in order: The Access Point does not respond to ping from the client computer. Are two or more NICs installed on the client computer? Use the OS-provided command-line network tool, route.exe, to modify the contents of the routing table. Use Windows-provided Device Manager to disable unnecessary NICs. 40 Is the underlying link (Ethernet or IEEE 802.11g) established? Make sure the Ethernet link is OK. Make sure the wireless settings of the wireless client computer and of the Access Point match. Are the IP address of the client computer and the IP address of the Access Point in the same IP subnet? Use WinIPCfg.exe or IPConfig.exe to see the current IP address of the client computer. Make sure the IP address of the client computer and the IP address of the Access Point are in the same IP subnet. TIP: If you forget the current IP address of the AP, use Wireless Router/AP Browser to get the information (see Appendix B-3). The default gateway of the client computer does not respond to ping from the client computer. Solve the preceding problem first. Are the IP address of the Access Point and the IP address of the client computer in the same IP subnet? If you cannot find any incorrect settings of the AP, the default gateway may be really down or there are other communication problems on the network backbone. The DNS server(s) of the client computer do not respond to ping from the client computer. Solve the preceding problems first. If you cannot find any incorrect settings of the AP, the default gateway of the Access Point may be really down or there are other communication problems on the network backbone. 41
advertisement
Related manuals
advertisement