SOLWIZE | User manual | User Guide KWG-6080 802.11n Wall AP

KWG-6080
802.11n Wall AP
User Guide
i
ii
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against
harmful interference in a residential installation. This equipment generates, uses and can radiated radio frequency energy and, if not installed and used in accordance with the instructions, may cause
harmful interference to radio communications. However, there is no guarantee that interference will
not occur in a particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
Consult the dealer or an experienced radio/TV technician for help.
FCC Caution: To assure continued compliance, (example – use only shielded interface cables when
connecting to computer or peripheral devices). Any changes or modifications not expressly approved
by the party responsible for compliance could void the user’s authority to operate this equipment.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator & your body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
iii
R&TTE Compliance Statement
This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN
PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication
terminal equipment and the mutual recognition of their conformity (R&TTE).
The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) as of April 8,2000.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this and of the computer manufacture must therefore
be allowed at all times to ensure the safe use of the equipment.
EU Countries Intended for Use
The ETSI version of this device is intended for home and office use in Austria, Belgium, Denmark,
Finland, France (with Frequency channel restrictions), Germany, Greece, Ireland, Italy, Luxembourg,
Portugal, Spain, Sweden, The Netherlands, and United Kingdom.
The ETSI version of this device is also authorized for use in EFTA member states Norway and Switzerland.
EU Countries Not Intended for Use
None.
Warning: This unit is for in house use only, not for outside building.
iv
Table of Contents
1. Introduction ....................................................................................................................... 1
1.1. Overview................................................................................................................. 1
1.2. Features.................................................................................................................. 1
1.3. LED Definitions ....................................................................................................... 4
2. First-Time Installation and Configuration ........................................................................... 5
2.1. Power...................................................................................................................... 5
2.2. Installing the Access Point ...................................................................................... 5
2.3. Connecting a Managing Computer.......................................................................... 7
2.4. Configuring the AP .................................................................................................. 8
2.4.1. Login............................................................................................................. 8
2.4.2. Selecting Mode ............................................................................................. 9
2.4.3. Configuring TCP/IP Settings ....................................................................... 11
2.4.4. Configure IEEE 802.11 Settings.................................................................. 12
2.4.5. Review Settings .......................................................................................... 13
2.5. Setting up Client Computers ................................................................................. 13
2.5.1. Configure IEEE 802.11 Settings.................................................................. 13
2.5.2. Configure TCP/IP-Related Settings............................................................. 14
2.6. Confirm Settings of the Access Point and Client Computers ................................. 15
2.6.1. Checking if the IEEE 802.11n-Related Settings Work ................................. 15
2.6.2. Checking if the TCP/IP-Related Settings Work............................................ 16
3. Advanced Network Management .................................................................................... 17
3.1. Overview............................................................................................................... 17
3.1.1. Menu Structure ........................................................................................... 17
3.1.2. Apply and Cancel Commands..................................................................... 18
3.2. Viewing Status ...................................................................................................... 19
3.2.1. Associated Wireless Clients ........................................................................ 19
3.2.2. System Log ................................................................................................. 19
3.2.3. Link Monitor ................................................................................................ 20
3.3. General Operations............................................................................................... 21
3.3.1. Specifying Operational Mode ...................................................................... 21
3.3.2. Changing Password .................................................................................... 23
3.3.3. Managing Firmware .................................................................................... 23
3.4. Configuring TCP/IP Related Settings .................................................................... 24
3.4.1. Addressing .................................................................................................. 24
3.4.2. DHCP Server .............................................................................................. 25
3.5. Configuring IEEE 802.11 Related Settings............................................................ 27
3.5.1. Communication ........................................................................................... 27
3.5.2. Security....................................................................................................... 32
3.5.3. Management ............................................................................................... 37
Appendix A: Default Settings............................................................................................... 38
Appendix B: Troubleshooting .............................................................................................. 39
B-1: Wireless Settings Problems.................................................................................. 39
B-2: TCP/IP Settings Problems .................................................................................... 40
v
1. Introduction
1.1. Overview
The KWG-6080 Wall Access Point enables 802.11n or 802.11g client computers to access the resources on an Ethernet network wirelessly or wired. It conveniently fits into standard wall boxes and
only takes a few minutes to install and configure for use. The Wall-AP has a built-in browser-based
management application offering an easy to follow setup-wizard for novice wireless users as well as
comprehensive settings for more advanced users and/or network administrators.
1.2. Features
Access Point Firmware Features
Operational Modes
AP/Bridge. This mode provides both Access Point and Static LAN-to-LAN Bridging functionality. The static LAN-to-LAN bridging function is supported through
Wireless Distribution System (WDS).
AP Client. This mode is for Dynamic LAN-to-LAN Bridging. The AP Client automatically establishes bridge links with APs from any vendor.
RF Type Selection. The RF type of the WLAN interface can be configured to work in
IEEE 802.11n only, IEEE 802.11g only, IEEE 802.11g only, or mixed mode (802.11n,
802.11g and 802.11b simultaneously).
64-bit and 128-bit WEP (Wired Equivalent Privacy). For authentication and data
encryption.
Enabling/Disabling SSID Broadcasts. When the Access Point is in AP/Bridge mode,
the administrator can enable or disable the SSID broadcasts functionality for security reasons. When the SSID broadcast functionality is disabled, a client computer cannot connect
to the Access Point with “blank” network name (SSID, Service Set ID); the correct SSID
has to be specified on client computers.
MAC-address-based Access Control. When the Access Point is in AP/Bridge mode,
it can be configured to block unauthorized wireless client computers based on MAC (Media Access Control) addresses. Additionally, an ACL (Access Control List) can be
downloaded from a TFTP server.
IEEE 802.1x/RADIUS. When the Access Point is in AP/Bridge mode, it can be configured to authenticate wireless users and distribute encryption keys dynamically by IEEE
802.1x Port-Based Network Access Control and RADIUS (Remote Authentication Dial-In
User Service).
1
WPA (Wi-Fi Protected Access). The Access Point supports the WPA/WAP2 standard
proposed by the Wi-Fi Alliance (http://www.wi-fi.org). Both WPA-PSK (Pre-Shared Key)
mode and full WPA mode are supported. WPA is composed of TKIP (Temporal Key Integrity Protocol) or AES, and IEEE 802.1x and serves as a successor to WEP for better
WLAN security.
Repeater. When the Access Point is in AP/Bridge mode, it can communicate with other
APs or wireless bridges via WDS (Wireless Distribution System). Therefore, a Access
Point can wirelessly forward packets from wireless clients to another Access Point. Then
the second Access Point forwards the packets to the Ethernet network.
Wireless Client Isolation. When the Access Point is in AP/Bridge mode, wireless-to-wireless traffic can be blocked so that the wireless clients cannot see each other.
This capability can be used in hotspots applications to prevent wireless hackers from attacking other wireless users’ computers.
Transmit Power Control. Transmit power of the Access Point’s RF module can be adjusted to desired RF coverage.
Link Integrity. When the Access Point is in AP/Bridge mode and its Ethernet LAN interface is detected to be disconnected from the wired network, all currently associated wireless clients are disassociated by the Access Point and no wireless client can associate with
it.
Associated Wireless Clients Status. When the Access Point is in AP/Bridge mode, it
can show the status of all wireless clients that are currently associated or ‘connected’.
Auto Channel Selection. The auto channel selection feature allows the device to automatically select the channel that will provide optimum performance on powering up the
Access Point.
DHCP client. The Access Point can automatically obtain an IP address from a DHCP server.
DHCP server. The Access Point can automatically assign IP addresses to computers or other
devices by DHCP (Dynamic Host Configuration Protocol).
Static DHCP Mappings. The administrator can specify static IP address to MAC address mappings so that IP addresses are always assigned to the hosts with the specified
MAC addresses.
Showing Current DHCP Mappings. Displays which IP address is assigned to which
host identified by an MAC address.
Packet Filtering. The Access Point provides Layer 2, Layer 3, and Layer 4 filtering capabilities.
2
Firmware Management Tools
Firmware Upgrade. The firmware of the Access Point can be upgraded in the following
methods:
HTTP-based. Upgrading firmware by HTTP (HyperText Transfer Protocol).
Configuration Backup. The configuration settings of the Access Point can be backed up
to a file via TFTP or HTTP for later restoring.
Configuration Reset. Clears current configuration settings and restores to factory-default values.
Management
Browser-based Network Manager for configuring and monitoring the Access Point
via a Web browser. The management protocol is HTTP (Hyper Text Transfer Protocol)-based.
SNMP. SNMP (Simple Network Management Protocol) MIB I, MIB II, IEEE 802.1d,
IEEE 802.1x are supported.
UPnP. The Access Point responds to UPnP discovery messages so that a Windows XP
user can locate the Access Point in My Network Places and use a Web browser to configure it.
System Log. For system operational status monitoring.
Local log. System events are logged to the on-board RAM of the Access Point and
can be viewed using a Web browser.
Remote log by SNMP trap. Systems events are sent in the form of SNMP traps to
a remote SNMP management server.
Power over Ethernet. Power is supplied to the Access Point via an Ethernet cable using an
802.3af compliant power injector.
Hardware Watchdog Timer. If the firmware “hangs” in an invalid state, the hardware
watchdog timer will detect this situation and restart the Access Point. This way, the Access Point
can provide continuous services.
3
1.3. LED Definitions
There are several LED indicators on the front of the Access Point. Please refer to the definitions below:
A. WAN: Green, solid when connected, flashing when data activity
B. Wireless: Green, solid when on, flashing when wireless data activity
C. RJ-45 LAN port
Amber, solid when LAN connection
Green, solid when LAN connection, flashing when activity
4
2. First-Time Installation and Configuration
2.1. Power
The Access Point is powered using PoE (Power over Ethernet). The Access Point automatically selects the suitable power supply.
To power the AP by PoE:
The WAN port for network and power input is at the rear of the wall-AP:
1.
Plug one connector of an Ethernet cable to an available port of a PoE injector or switch.
2.
Plug the other connector of the Ethernet cable to the WAN port on the rear of the Access Point.
NOTE: The Access Point is 802.3af compatible.
2.2. Installing the Access Point
The wall mount AP is supplied with a metal fascia affixed to a quad port euro-module faceplate.
5
This will therefore fit onto a standard double size, UK mains back box (146x86mm) – either
patress/surface type or wall/plaster type. Typically you will need a box of at least 47mm internal
depth.
Viewed from the side shows the fixing screw used to locate the AP into the metal fascia. You can
loosen the screw to allow the AP to be slid forwards and backwards in the housing.
Where a shallow box is used then a 10mm spacer can be used to increase the workable depth:
6
2.3. Connecting a Managing Computer
The default IP address for the wall-AP is 192.168.100.1. Since the configuration/management protocol is HTTP-based, make sure that the IP address of the managing computer and the IP address of
the managed AP are in the same IP range.
You can connect the managing computer via the rear WAN connection of via the front LAN connection – as shown below Fig. 1.
Fig. 1. Connecting a managing computer and the Access Point via Ethernet
You can use either a standard Ethernet cable (included in the package) or a switch/hub with two normal Ethernet cables.
NOTE: You must always have a LAN connection with PoE connected to the wall-AP rear WAN port
for the device to operate.
7
2.4. Configuring the AP
After the IP addressing issue is resolved, launch a Web browser on the managing computer. Then, go
to 192.168.100.1 to access the Web-based Network Manager login page.
2.4.1. Login
Before the Home page is shown, you will be prompted to enter the user name and password to gain
the right to access the Web-based Network Manager. For first-time configuration, use the default user
name “admin” and default password “admin”, respectively.
Fig. 2. The Login page
NOTE: It is strongly recommended that the password be changed for security reasons. On the start
page, click the General, Password link to change the value of the password (see Section 3.3.1 for
more information).
8
Once you have successfully logged in, the Home page opens. Click on the main manual on left hand
side for Setup.
Fig. 3. The Home page
2.4.2. Selecting Mode
The Access Point supports two operational modes:
AP/Bridge. This mode provides both Access Point and Static LAN-to-LAN Bridging
functionality. The static LAN-to-LAN bridging function is supported through Wireless
Distribution System (WDS).
AP Client. This mode is for Dynamic LAN-to-LAN Bridging. The AP Client automatically establishes bridge links with APs from any vendors.
9
Fig. 4. Operational mode settings
1. Click on Administration from the side menu, and then select Operational Mode.
2. Select an operational mode and click Apply to apply the setting.
In either mode, the Access Point forwards packets between its Ethernet interface and wireless interface for wired hosts on the Ethernet side and wireless host(s) on the wireless side.
There are two types of wireless links as specified by the IEEE 802.11 standard.
STA-AP. This type of wireless link is established between an IEEE 802.11 Station (STA)
and an IEEE 802.11 Access Point (AP). An STA is usually a client computer (PC or PDA)
with a WLAN network interface card (NIC). The AP Client mode is actually an STA.
WDS. This type of wireless link is established between two IEEE 802.11 Access Point’s.
Wireless packets transmitted along the WDS link comply with the IEEE 802.11 WDS
(Wireless Distribution System) format at the link layer.
The relationships among the operational modes and the wireless link types are shown in the following
table:
AP/Bridge
AP Client
AP/Bridge
WDS
STA-AP
AP Client
STA-AP
Table 1. Operational modes vs. wireless link types.
10
To establish a static bridge link based on WDS, the AP/bridges at both end of the WDS link must be
manually configured with each other’s MAC addresses (see Section 3.5.1.3 for more information). To
establish a dynamic bridge link between an Access Point and an AP Client, both devices have to be
configured with the same SSID and WEP settings. The AP Client automatically scans for any Access
Point that is using the matched SSID and establishes a bridge link with the scanned Access Point.
NOTE: Although it’s more convenient to use dynamic bridging, it has a limitation—the AP Client
only can forward TCP/IP packets between its wireless interface and Ethernet interface; other type of
traffic (such as IPX and AppleTalk) is not forwarded.
TIP: When the Access Point is configured to be in AP Client, it can be used as an
Ethernet-to-wireless network adapter. For example, a notebook computer equipped with an Ethernet
adapter can be connected to this device with a crossover Ethernet cable for wireless connectivity to
another access point.
2.4.3. Configuring TCP/IP Settings
The IP address can be manually set or automatically assigned by a DHCP server on the LAN. If you
are manually setting the IP address, Subnet mask, and Default gateway settings, set them appropriately, so that they comply with your LAN environment.
Fig. 5. TCP/IP settings.
1. Click on Internet Settings from the side menu and select LAN Connection.
2. When you have finished making changes, click Apply.
11
2.4.4. Configure IEEE 802.11 Settings
The Network Manager utility allows the user to configure IEEE 802.11n-related communication settings, including Regulatory domain, Channel number, and Network name (SSID) of the Access
Point. The number of available RF channels depends on local regulations; therefore you have to
choose an appropriate regulatory domain to comply with local regulations. The SSID of a wireless
client computer and the SSID of the Access Point must be identical for them to communicate
with each other.
NOTE: Put a check in the Auto Channel Selection checkbox to allow the Frequency Channel of
the Access Point to be automatically set.
Fig. 6. IEEE 802.11n communication settings
1. Click on Wireless Settings from the side menu, and then select Basic.
2. When you have finished, scroll to the bottom of the screen and click either Apply.
12
2.4.5. Review Settings
On the Summary page, you can review all the settings you have made.
Fig. 7. Access Point Status.
2.5. Setting up Client Computers
The TCP/IP and IEEE 802.11n-related settings of wireless client computers must match those of the
Access Point in order for a wireless link to be established.
2.5.1. Configure IEEE 802.11 Settings
Before the TCP/IP networking system of a wireless client computer can communicate with other hosts,
the underlying wireless link must be established between a wireless-enabled computer and the Access
Point.
To establish a wireless link:
Launch the configuration/monitoring utility provided by the vendor of the installed wireless adapter
13
OR
Use the automatic wireless network connection feature in Windows.
NOTE: A wireless client computer must be in infrastructure mode, so that it can associate with an
AP.
NOTE: The SSID of the wireless client computer and the SSID of the Access Point must be identical.
Or, in case the SSID broadcasts capability of the Access Point is enabled (by default), the SSID of
the wireless client computer could be set to “any”.
NOTE: Both the wireless client computer and the Access Point must have the same WEP settings for
them to communicate with each other.
NOTE: For better wireless security, IEEE 802.1x capability of the Access Point must be enabled so
that only authenticated wireless users can access the wireless network.
2.5.2. Configure TCP/IP-Related Settings
Use Windows Network Control Panel Applet to change the TCP/IP settings of the client computers,
so that the IP addresses of the client computers and the IP address of the Access Point are in the same
IP subnet.
If a client computer is originally set a static IP address, you can either change its IP address to match
the IP address of the AP, or select an automatically-obtain-an-IP-address option if there is a DHCP
server on the network.
NOTE: For some versions of Windows, the computer needs to be restarted for the changes of TCP/IP
settings to take effect.
14
2.6. Confirm Settings of the Access Point and Client
Computers
After configuring the Access Point and setting up client computers, it is recommended that all settings
are checked and confirmed.
2.6.1. Checking if the IEEE 802.11n-Related Settings Work
To check if a wireless client computer can associate with the AP:
1.
Launch the configuration/monitoring utility provided by the vendor of the installed WLAN NIC.
2.
Check if the client computer is associated to an access point, and the access point is the Access
Point.
If the check fails, see Appendix B-1, “Wireless Settings Problems” for troubleshooting.
15
2.6.2. Checking if the TCP/IP-Related Settings Work
To check if a client computer can access the Internet:
1.
Open a Windows Command Prompt window on the client computer.
2.
Type “ping advap”, where advap is a placeholder for the IP address of the AP. Replace it with
your real IP address—for example, 192.168.100.1. Then press Enter.
If the Access Point responds, go to the next step; else, see Appendix B-2, “TCP/IP Settings
Problems” for troubleshooting.
3.
Type “ping default_gateway”, where default_gateway is a placeholder for the IP address of the
default gateway of the wireless client computer. Then press Enter.
If the gateway responds, go to the next step; else, see Appendix B-2, “TCP/IP Settings Problems” for troubleshooting.
4.
Type “ping 1st_dns_server”, where 1st_dns_server is a placeholder for the IP address of the
primary DNS server of the wireless client computer. Then press Enter.
If this DNS server responds, go to the next step; else, see Appendix B-2, “TCP/IP Settings
Problems” for troubleshooting.
5.
Type “ping 2nd_dns_server”, where 2nd_dns_server is a placeholder for the IP address of the
secondary DNS server of the wireless client computer. Then press Enter.
If this DNS server responds the client should have no problem with TCP/IP networking; else,
see Appendix B-2, “TCP/IP Settings Problems” for troubleshooting.
16
3. Advanced Network Management
This section covers the options and settings available in the ‘Advanced’ mode of the Web-based
Network Manager utility.
3.1. Overview
To enter, simply click on the “Advanced” of “Wireless Settings” option on the Home page after login.
Fig. 8. The Summary page
3.1.1. Menu Structure
The left side of the screen contains a menu for you to carry out commands. Here is a brief description
of the menu options:
Summary. Click this tab to view a screen with at-a-glance status information.
17
Status. Click this tab to access the following settings:
Wireless Clients. The status of the wireless clients currently associated with the AP.
DHCP Mappings. Current IP-MAC address mappings of the built-in DHCP server.
System Log. System events log.
Link Monitor. When the Access Point is in AP Client mode, this page shows the signal
strength and link quality of the wireless link to its associated access point.
Internet. Click this tab to access the following settings:
Addressing. Modify IP address settings of the Access Point.
DHCP Server. Modify settings for the DHCP (Dynamic Host Configuration Protocol)
server.
Wireless. Click this tab to access the following settings:
Communication. Modify basic IEEE 802.11n/b/g settings of the Access Point to work
properly with wireless clients.
Security. Modify security settings for authenticating wireless users and encrypting wireless data.
IEEE 802.1x/RADIUS. Modify IEEE 802.1x Port-Based Network Access Control and
RADIUS (Remote Authentication Dial-In User Service) security settings.
Administration. Administration related settings of the Access Point.
Operational Mode. Operational mode of the Access Point —AP/Bridge or AP Client.
Management. Modify the Password, change the language, and time zone setting.
Upgrade Firmware. For upgrading the firmware of the Access Point, backing up and restoring configuration, and configuration reset settings of the Access Point.
Setting Management. To Export or Inport Setting, and RESET to factory default or reboot the system.
3.1.2. Apply and Cancel Commands
At the bottom of each page that contains settings you can configure, there are up to two buttons—Apply and Cancel. Clicking Apply stores the settings changes to the memory of the Access
Point and restarts the Access Point immediately for the settings changes to take effect. Clicking Cancel discards any settings changes and brings you back to the start page.
Fig. 9. Apply and Cancel.
18
3.2. Viewing Status
3.2.1. Associated Wireless Clients
On this page, the status information of each associated client, including its MAC address, IP address,
user name (if the client has been IEEE 802.1x authenticated), number of bytes it has sent, number of
bytes it has received, and the time of its last activity, is shown.
Fig. 10. Status of associated wireless clients
3.2.2. System Log
System events are recorded in the memory of the Access Point. The logged information is useful for
troubleshooting purposes.
19
Fig. 11. System log
3.2.3. Link Monitor
When the Access Point is in AP Client mode, use the Link Monitor feature to monitor the link quality
and signal strength of the connection. Larger values mean better wireless connectivity to the Access
Point.
Fig. 12. Link monitor
NOTE: The values are updated every 20 seconds.
20
3.3. General Operations
3.3.1. Specifying Operational Mode
Fig. 13. Operational mode settings
The Access Point supports two operational modes:
AP/Bridge. This mode provides both Access Point and Static LAN-to-LAN Bridging
functionality. The static LAN-to-LAN bridging function is supported through Wireless
Distribution System (WDS).
AP Client. This mode is for Dynamic LAN-to-LAN Bridging. The AP Client automatically establishes bridge links with APs from any vendors.
In either mode, the Access Point forwards packets between its Ethernet interface and wireless interface for wired hosts on the Ethernet side and wireless host(s) on the wireless side.
There are 2 types of wireless links as specified by the IEEE 802.11 standard.
STA-AP. This type of wireless link is established between an IEEE 802.11 Station (STA)
and an IEEE 802.11 Access Point (AP). An STA is usually a client computer (PC or PDA)
with a WLAN network interface card (NIC). The AP Client mode is actually an STA.
WDS. This type of wireless link is established between two IEEE 802.11 Access Point’s.
Wireless packets transmitted along the WDS link comply with the IEEE 802.11 WDS
(Wireless Distribution System) format at the link layer.
The relationships among the operational modes and the wireless link types are shown in the following
table:
AP/Bridge
AP Client
AP/Bridge
WDS
STA-AP
AP Client
STA-AP
21
Table 2. Operational modes vs. wireless link types
To establish a static bridge link based on WDS, the AP/bridges at both end of the WDS link must be
manually configured with each other’s MAC addresses (see Section 3.5.1.3 for more information). To
establish a dynamic bridge link between a Access Point and an AP Client, both devices have to be
configured with the same SSID and WEP settings. The AP Client automatically scans for any Access
Point that is using the matched SSID and establishes a bridge link with the scanned Access Point.
NOTE: Although it’s more convenient to use dynamic bridging, it has a limitation—the AP Client
only can forward TCP/IP packets between its wireless interface and Ethernet interface; other type of
traffic (such as IPX and AppleTalk) is not forwarded.
TIP: When the Access Point is configured to be in AP Client, it can be used as an
Ethernet-to-wireless network adapter. For example, a notebook computer equipped with an Ethernet
adapter can be connected to this device with a crossover Ethernet cable for wireless connectivity to
another access point.
22
3.3.2. Changing Password
On the page “Management” of “Administration”, the user name and password may be changed after
Apply.
Fig. 14. Password.
3.3.3. Managing Firmware
3.3.3.1. Upgrading Firmware by HTTP
Fig. 15. Firmware upgrade by HTTP
To upgrade firmware of the Access Point by HTTP:
1.
Click Browse and then select a correct firmware .bin file. The firmware file path will be shown
in the Firmware file name text box.
2.
Click Apply to begin the upgrade process.
23
3.3.3.2. Resetting Configuration to Factory Defaults
On the page “Setting Management” of “Administration” , clicking the Load Default button resets
the device configuration to factory defaults.
Fig. 16. Configuration reset
WARNING: Think twice before using the Load Default button, as all your current configuration settings will be removed.
3.4. Configuring TCP/IP Related Settings
3.4.1. Addressing
The IP address of the Access Point can be manually set STATIC (fixed IP) ) or automatically assigned by a DHCP server on the LAN (Obtain from a DHCP Server). If you are manually setting
the IP address, Subnet mask, and Default gateway settings, set them appropriately, so that they
comply with your LAN environment. In addition, you can specify the Host name and Domain (DNS
suffix) of the Access Point.
Fig. 17. TCP/IP settings
24
3.4.2. DHCP Server
3.4.2.1. Basic
The Access Point can automatically assign IP addresses to client computers by DHCP. From this
screen, you can specify the Default gateway, Subnet mask, Primary DNS server, and Secondary
DNS server settings that will be sent to a client at its request. Additionally, you can specify the first
IP address that will be assigned to the clients and the number of IP addresses available for allocation.
Fig. 18. Basic DHCP server settings.
NOTE: There should be only one DHCP server on the LAN; otherwise, DHCP would not work properly. If there is already a DHCP server on the LAN, disable the DHCP server functionality of the Access Point.
NOTE: By default the DHCP server function is disabled.
3.4.2.2. Static DHCP Mappings
IP addresses of servers are often static so that clients could always locate the servers by the static IP
addresses. By Static DHCP Mappings, you can ensure that a host will get the same IP address when
it requests one from the DHCP server. Therefore, instead of configuring the IP address of an intranet
server manually, you can configure the server to obtain an IP address by DHCP and it is always assigned the same IP address.
25
Fig. 19. Static DHCP mappings
To always assign a static IP address to a specific DHCP client:
1.
Specify the MAC address of the DHCP client and the IP address to be assigned to it.
2.
Apply the setting of changes.
26
3.5. Configuring IEEE 802.11 Related Settings
3.5.1. Communication
3.5.1.1. Basic
Basic IEEE 802.11n-related communication settings include Access Point functionality, RF type,
Channel number, Multiple Network name (SSID).
For specific needs such as configuring the Access Point as a wireless LAN-to-LAN bridge, the Access
Point functionality can be disabled, so that no wireless client can associate with the Access Point.
Fig. 20. Basic IEEE 802.11n communication settings
The RF type of the WLAN interface can be configured to work in IEEE 802.11n only (n Only), IEEE
802.11g only (g Only), or mixed mode (Mixed—802.11n and 802.11g and 802.11b simultaneously).
The number of available RF channels depends on local regulations; therefore you have to choose an
appropriate regulatory domain to comply with local regulations. The SSID of a wireless client com-
27
puter and the SSID of the Access Point must be identical for them to communicate with each other.
3.5.1.2. Link Integrity
Fig. 21. Link integrity settings
When the Ethernet LAN interface is detected to be disconnected from the wired network, all currently
associated wireless clients are disassociated by the Access Point and no wireless client can associate
with the Access Point. The detection mechanism is based on pinging the IP address specified in Reference host.
3.5.1.3. Wireless Distribution System
Traditionally, access points are connected by Ethernet. By Wireless Distribution System (WDS), APs
can communicate with one another wirelessly. For example, in Fig. 22, AP 2 acts as an access point
for the notebook computers and it forwards packets sent from the notebook computers to AP 1
through WDS. Then, AP 1 forwards the packets to the Ethernet LAN. Packets destined for the notebook computers follow a reverse path from the Ethernet LAN through the APs to the notebook computers. In this way, AP 2 plays a role of “AP repeater”.
Fig. 22. Wireless Distribution System
By WDS, two or more LAN segments can be connected wirelessly. As illustrated in Fig. 23, a pair of
wireless LAN-to-LAN bridges is used to connect two LAN segments. Since the Access Point is
WDS-enabled, it can be used as a wireless bridge.
28
Fig. 23. LAN-to-LAN bridging
NOTE: A Access Point can have up to 6 WDS links to other APs or wireless bridges.
29
Fig. 24. Wireless Distribution System settings
To enable a WDS link:
1.
Specify the MAC address of the Access Point at the other end of the WDS link.
2.
Select the corresponding Enabled check box.
For example, assume you want two Access Point’s with MAC addresses 00-02-65-01-62-C5 and
00-02-65-01-62-C6 to establish a WDS link between them. On Access Point 00-02-65-01-62-C5, set
the peer MAC address of port 1 to 00-02-65-01-62-C6 and on AP 00-02-65-01-62-C6, set the peer
MAC address of port 1 to 00-02-65-01-C5.
30
TIP: Plan your wireless network and draw a diagram, so that you know how a Access Point is connected to other peer Access Point s or wireless bridges by WDS.
TIP: Plan your wireless network and draw a diagram, so that you know how a bridge is connected to
other peer bridges by WDS. See the following figure for an example network-planning diagram.
Fig. 25. Sample wireless bridge network topology.
WARNING: Don’t let your network topology consisting of wireless bridges, Ethernet switches,
Ethernet links, and WDS links contain loops. If any loops exist, packets will circle around the loops
and network performance will be seriously degraded.
Fig. 38. Network topology containing a loop
If external high-gain directional antennas are used, it’s difficult to align the antennas when the distance between the bridges is long.
31
3.5.2. Security
IEEE 802.11n security settings include SSID broadcasts, Wireless client isolation, Security mode, ,
MAC-Address-Based Access Control.
TABLE OF SECURITY SETTING DEFINITIONS
SSID The network name
SSID Broadcasts
Enable or Disable SSID broadcast.
Enabling this feature broadcasts the SSID across the network.
Wireless Client
Isolation
When the Access Point is in AP/Bridge mode, wireless-to-wireless traffic can
be blocked so that the wireless clients cannot see each other. This capability
can be used in hotspots applications to prevent wireless hackers from attacking other wireless users’ computers.
Security mode
The Security options for the primary SSID (SSID1) are up to 9 security modes
depending on AP model variations:
Open System. No authentication, no data encryption.
32
3.5.2.1. Selecting Wireless Security Mode
For security reasons, it’s highly recommended that the security mode be set to options other than
Open System. When the security mode is set to Open System, no authentication and data encryption
will be performed. Additionally, you can disable the SSID broadcasts functionality so that a wireless
client computer with an “any” SSID cannot associate with the AP.
Fig. 26. Basic IEEE 802.11n security settings
When the Wireless client isolation setting is set to This AP Only, wireless clients of this Access
Point cannot see each other, and wireless-to-wireless traffic is blocked. This feature is useful for
WLANs deployed in public places. In this way, hackers have no chance to attack other wireless users
in a hotspot.
When the Wireless client isolation setting is set to This AP Only, wireless clients (STAs) of this
Access Point cannot see each other, and wireless-to-wireless traffic between the STAs is blocked.
33
STA 1
STA 3
STA 2
AP 1
AP 2
WCI:
This AP Only
WCI:
This AP Only
Switch
Wireless Link
Ethernet Link
Fig. 27. Behavior of the “This AP Only” wireless client isolation option
As illustrated in Fig. 27 when AP 1 and AP 2 are using the “This AP Only” option, wireless traffic
between STA 1 and STA 2 is blocked by AP 1, while wireless traffic between STA 2 and STA 3,
which are associated with different APs, is still allowed.
Choose from up to 7 security modes:
Open System. No authentication, no data encryption.
Static WEP. WEP (Wired Equivalent Privacy) keys must be manually configured.
Static TKIP (WPA-PSK). Only TKIP (Temporal Key Integrity Protocol) mechanism of WPA
(Wi-Fi Protected Access) is enabled. In this mode, you have to specify the Pre-shared key,
which will be used by the TKIP engine as a master key to generate keys that actually encrypt
outgoing packets and decrypt incoming packets.
34
NOTE: The Pre-Shared Key has a minimum of 8 and maximum of 63 characters.
IEEE 802.1x EAP without Encryption (EAP-MD5). The IEEE 802.1x functionality is enabled and the user-name/password-based EAP-MD5 authentication is used. No data encryption.
IEEE 802.1x EAP with Static WEP (EAP-MD5). The IEEE 802.1x functionality is enabled
and the user-name/password-based EAP-MD5 authentication is used. Data encryption is
achieved by static WEP.
IEEE 802.1x EAP with Dynamic WEP (EAP-TLS, EAP-TTLS, PEAP). The IEEE 802.1x
functionality is enabled and dynamic WEP key distribution authentication (EAP-TLS,
EAP-TTLS, or PEAP) is used. Data encryption is achieved by dynamic WEP.
IEEE 802.1x EAP with Dynamic TKIP (WPA). This is a full WPA mode, in which both the
TKIP and IEEE 802.1x dynamic key exchange mechanisms are enabled. The Access Point is
highly secured in this mode.
In the above security modes, a back-end RADIUS (Remote Authentication Dial-In User Service)
server is needed if IEEE 802.1x functionality is enabled.
According to the IEEE 802.11 standard, WEP can be used for authentication and data encryption.
Normally, Shared Key authentication is used if WEP data encryption is enabled. In rare cases, Open
System authentication may be used when WEP data encryption is enabled. The Authentication algorithm setting is provided for better compatibility with wireless clients with various WLAN network
adapters. There are three options available, including Open System, Shared Key, and Auto.
When WEP is enabled by a security mode, the Key length can be specified to be 64 Bits or 128 Bits.
The Selected key setting specifies the key to be used as a send-key for encrypting traffic from the
Access Point side to the wireless client side. All 4 WEP keys are used as receive-keys to decrypt traffic from the wireless client side to the Access Point side.
NOTE: Each field of a WEP key setting is a hex-decimal number from 00 to FF. For example, when
the security mode is Static WEP and the key length is 64 Bits, you could set Key 1 to
“00012E3ADF”.
3.5.2.2. MAC-Address-Based Access Control
When the MAC-Address-Based Access Control feature, the wireless client computers that are permitted or not permitted to associate with the Access Point can specified. When the table type is set to
inclusive, entries in the table are permitted to associate with the Access Point. When the table type is
set to exclusive, entries in the table are not permitted to associate with the Access Point.
35
Fig. 28. MAC-address-based access control settings
To deny wireless clients’ access to the wireless network:
1.
Select Enabled from the Functionality drop-down list.
2.
Set the Access control type to exclusive.
3.
Specify the MAC address of a wireless client to be denied access, and then click Add.
4.
Repeat Steps 3 for other wireless clients.
To grant wireless clients’ access to the wireless network:
1.
Select Enabled from the Functionality drop-down list.
2.
Set the Access control type to inclusive.
3.
Specify the MAC address of a wireless client to be denied access, and then click Add.
4.
Repeat Steps 3 for other wireless clients.
36
3.5.3. Management
3.5.3.1. UPnP
The UPnP (Universal Plug and Play) features enables a Windows XP user to automatically discover
peripheral devices by HTTP.
Fig. 29. UPnP settings
When the UPnP functionality is enabled, you can see the Access Point in My Network Places of
Windows XP. The Access Point can be given a friendly name that will be shown in My Network
Places. Double-clicking the Access Point icon in My Network Places will launch the default Web
browser for you to configure the AP.
37
Appendix A: Default Settings
TIP: Press the Default (SF-Reset, or Soft-Reset) switch on the housing of a powered-on Access
Point to reset the configuration settings to factory-default values.
Setting Name
Global
User Name
Password
IEEE 802.11g
Regulatory Domain
Channel Number
SSID
SSID Broadcasts
Transmission Rate
Transmit Power
MAC Address
Default Value
admin
admin
FCC (U.S.)
1
Wireless1
Enabled
Auto
High
See the label on the accompanying
PCMCIA card or the label on the housing
of the AP.
Disable
Disabled
Security Mode
MAC-Address-Based Access
Control
Access Control Table Type
Inclusive
Wireless Client Isolation
Disabled
AP Load balancing
Disabled
Link Integrity
Disabled
LAN Interface
Method of obtaining an IP Address STATIC (fixed IP)
IP Address
192.168.100.1 (if can’t get IP)
Subnet Mask
255.255.255.0
Default Gateway
192.168.100.1
DHCP Server
Disabled
Management
UPnP
Enabled
System Log
Local Log
SNMP
Enabled
SNMP read/write community
public
38
Appendix B: Troubleshooting
Check the following first:
Verify that Access Point is powered-on and any Ethernet cables are connected firmly to the
RJ-45 jacks of the Access Point.
Verify that the LED ALV of the Access Point is blinking to indicate the Access Point is working.
Check that the types of Ethernet cables are correct. Recall that there are two types—normal and
crossover.
B-1: Wireless Settings Problems
The wireless client computer cannot associate with the Access Point.
Is the wireless client in infrastructure mode?
Is the SSID identical to that of the Access Point?
Verify that the SSID setting of the wireless adapter matches that of the Access Point.
Is the WEP enabled?
Check the operating mode of the wireless adapter.
If necessary, ensure that the appropriate WEP settings of the client computer match
the Access Point.
Is the Access Point within range of wireless communication?
Check the signal strength and link quality sensed by the wireless adapter.
39
B-2: TCP/IP Settings Problems
Fig. 30. Communication stages for a client to reach its correspondent host
For a wireless client computer to communicate with a correspondent host on the Internet by the host’s
domain name (e.g. http://www.wi-fi.com), it first sends a DNS request to a DNS server on the Internet.
The DNS request travels first to the AP, then the Access Point relays this request to the default gateway of the client computer. Finally, this request is forwarded by the gateway to the DNS server on the
Internet. The DNS reply issued by the DNS server is transmitted back to the client computer following a reverse path. When the client computer receives the DNS reply, it knows the IP address of the
correspondent host and sends further packets to this IP address.
As illustrated in Fig. 30, the communication path could be broken at some of the stages. The
OS-provided network diagnostic tool, ping.exe, can be employed to find out TCP/IP-related communication problems.
NOTE: If two or more NICs are installed and operating on a client computer, TCP/IP may not work
properly due to incorrect entries in the routing table. Use the OS-provided command-line network
tool, route.exe, to add or delete entries from the routing table. Or, use Windows-provided Device
Manager to disable unnecessary NICs.
Solve the following problems in order:
The Access Point does not respond to ping from the client computer.
Are two or more NICs installed on the client computer?
Use the OS-provided command-line network tool, route.exe, to modify the contents
of the routing table.
Use Windows-provided Device Manager to disable unnecessary NICs.
40
Is the underlying link (Ethernet or IEEE 802.11g) established?
Make sure the Ethernet link is OK.
Make sure the wireless settings of the wireless client computer and of the Access
Point match.
Are the IP address of the client computer and the IP address of the Access Point in the
same IP subnet?
Use WinIPCfg.exe or IPConfig.exe to see the current IP address of the client computer. Make sure the IP address of the client computer and the IP address of the Access Point are in the same IP subnet.
TIP: If you forget the current IP address of the AP, use Wireless Router/AP Browser
to get the information (see Appendix B-3).
The default gateway of the client computer does not respond to ping from the
client computer.
Solve the preceding problem first.
Are the IP address of the Access Point and the IP address of the client computer in the
same IP subnet?
If you cannot find any incorrect settings of the AP, the default gateway may be really down
or there are other communication problems on the network backbone.
The DNS server(s) of the client computer do not respond to ping from the client
computer.
Solve the preceding problems first.
If you cannot find any incorrect settings of the AP, the default gateway of the Access Point
may be really down or there are other communication problems on the network backbone.
41