NMS USER MANUAL
WAP-EN Series
Wireless Access Points
Version 1.2, June 2017
Copyright
Copyright©2017ComtrendCorporation.Allrightsreserved.Theinformationcontainedhereinis
proprietarytoComtrendCorporation.Nopartofthisdocumentmaybetranslated,transcribed,
reproduced,inanyform,orbyanymeanswithoutthepriorwrittenconsentofComtrendCorporation.
Thisprogramisfreesoftware:youcanredistributeitand/ormodifyitunderthetermsoftheGNU
GeneralPublicLicenseaspublishedbytheFreeSoftwareFoundation,eitherversion3oftheLicense,or
(atyouroption)anylaterversion.
Thisprogramisdistributedinthehopethatitwillbeuseful,butWITHOUTANYWARRANTY;without
eventheimpliedwarrantyofMERCHANTABILITYorFITNESSFORAPARTICULARPURPOSE.SeetheGNU
GeneralPublicLicenseformoredetails.
YoushouldhavereceivedacopyoftheGNUGeneralPublicLicensealongwiththisprogram.Ifnot,see
http://www.gnu.org/licenses/
NOTE:
Thisdocumentissubjecttochangewithoutnotice.
2
I.ProductInformation
TheNetworkManagementSuite(NMS)supportsthecentralmanagementofa
groupofaccesspoints,otherwiseknownasanAPArray.NMScanbeinstalled
ononeaccesspointandsupportupto5accesspointsoronaWirelessLAN
Controller(WLC)andsupportupto50accesspoints.
Accesspointscanbedeployedandconfiguredaccordingtoyourrequirements. Thisflexibilitycreatesapowerfulnetworkarchitecturewhichcanbeeasily
managedandexpandedinthefuture.Theeasytouseinterfaceandafull
rangeoffunctionalitymaketheNMSsystemidealforsmallandmid-sized
officeenvironments. 3
Table of Contents
I.ProductInformation............................................................................................................................................3
II.QuickSetup..............................................................................................................................................................7
III.SoftwareLayout..............................................................................................................................................10
IV.Features...........................................................................................................................................................15
IV-1. LOGIN,LOGOUT&RESTART..........................................................................................................................15
IV-2. DASHBOARD..................................................................................................................................................17
IV-2-1. SystemInformation....................................................................................................................................18
IV-2-2. DevicesInformation...................................................................................................................................18
IV-2-3. ManagedAP...............................................................................................................................................19
IV-2-4. ManagedAPGroup....................................................................................................................................20
IV-2-5. ActiveClients..............................................................................................................................................21
IV-2-6. ActiveUsers...............................................................................................................................................21
IV-3. ZONEPLAN....................................................................................................................................................22
IV-4. NMSMONITOR..............................................................................................................................................24
IV-4-1. AccessPoint...............................................................................................................................................24
IV-4-1-1. ManagedAP............................................................................................................................................24
IV-4-1-2. ManagedAPGroup.................................................................................................................................26
IV-4-2. WLAN.........................................................................................................................................................28
IV-4-2-1. ActiveWLAN...........................................................................................................................................28
IV-4-2-2. ActiveWLANGroup................................................................................................................................29
IV-4-3. Clients.........................................................................................................................................................29
IV-4-3-1. ActiveClients...........................................................................................................................................29
IV-4-4. Users.........................................................................................................................................................30
IV-4-4-1. ActiveUsers.........................................................................................................................................30
IV-4-4-2. UsersLog................................................................................................................................................30
IV-4-5. RogueDevices..........................................................................................................................................31
IV-4-6. Information..............................................................................................................................................32
IV-4-6-1. AllEvents/Activities................................................................................................................................32
IV-4-6-2. APMonitoring........................................................................................................................................32
IV-4-6-3.SSIDOverview............................................................................................................................................33
.................................................................................................................................................................................34
IV-5. NMSSettings.................................................................................................................................................35
IV-5-1. AccessPoint...............................................................................................................................................35
IV-5-2. WLAN.........................................................................................................................................................46
IV-5-3. RADIUS.......................................................................................................................................................50
IV-5-4. AccessControl............................................................................................................................................56
IV-5-5. GuestNetwork...........................................................................................................................................59
4
IV-5-6.
Users..........................................................................................................................................................62
IV-5-7-1. Add/EditGuestPortal..............................................................................................................................66
IV-5-7-1-1.FrontDeskURL........................................................................................................................................67
IV-5-7-1-2. FrontDeskPrintout..............................................................................................................................69
IV-5-7-1-3.GuestPortalType....................................................................................................................................70
IV-5-7-1-4.GuestPortalCustomization.....................................................................................................................71
IV-5-9.
Schedule....................................................................................................................................................74
IV-5-10.
SmartRoaming........................................................................................................................................76
IV-5-11.
DeviceMonitoring...................................................................................................................................78
IV-5-12. FirmwareUpgrade...................................................................................................................................79
IV-5-13. Advanced..................................................................................................................................................80
IV-5-13-1.
SystemSecurity....................................................................................................................................80
V-5-13-2.
Date&Time..........................................................................................................................................80
V-5-13-3.
SystemAccounts...................................................................................................................................81
IV-6. LocalNetwork................................................................................................................................................83
IV-6-1. NetworkSettings........................................................................................................................................83
IV-6-1-1. LAN-SideIPAddress................................................................................................................................83
IV-6-1-2. LANPortSettings....................................................................................................................................86
IV-6-1-3. VLAN........................................................................................................................................................87
IV-6-2. 2.4GHz11bgn(NotavailableontheWLC-6404)........................................................................................88
IV-6-2-1. Basic........................................................................................................................................................88
IV-6-2-2. Advanced................................................................................................................................................89
IV-6-2-3. Security...................................................................................................................................................91
IV-6-2-3-1. NoAuthentication..............................................................................................................................92
IV-6-2-3-2. WEP....................................................................................................................................................92
IV-6-2-3-3. IEEE802.1x/EAP..................................................................................................................................93
IV-6-2-3-4. WPA-PSK............................................................................................................................................93
IV-6-2-3-5. WPA-EAP............................................................................................................................................93
IV-6-2-3-6. AdditionalAuthentication..................................................................................................................94
IV-6-2-4. WDS.........................................................................................................................................................95
IV-6-3. 5GHz11ac11an(NotavailableontheWLC-6404)..................................................................................97
IV-6-3-1. Basic........................................................................................................................................................97
IV-6-3-2. Advanced................................................................................................................................................99
IV-6-3-3. Security.................................................................................................................................................100
IV-6-3-4. WDS.......................................................................................................................................................102
IV-6-4. WPS(NotavailableontheWLC-6404).....................................................................................................103
IV-6-5. RADIUS(NotavailableontheWLC-6404)................................................................................................104
IV-6-5-1. RADIUSSettings....................................................................................................................................106
IV-6-5-2. InternalServer......................................................................................................................................107
IV-6-5-3. RADIUSAccounts..................................................................................................................................109
IV-6-6. MACFilter(NotavailableontheWLC-6404)...........................................................................................111
5
IV-6-7. WMM(NotavailableontheWLC-6404)..................................................................................................113
IV-6-8. InternalServer..........................................................................................................................................114
IV-6-8-1. InternalRADIUSServer.........................................................................................................................114
IV-6-8-2. RADIUSAccounts..................................................................................................................................116
IV-6-9. Schedule...................................................................................................................................................117
IV-7. LocalSettings...............................................................................................................................................118
IV-7-1. OperationMode(NotavailableontheWLC-6404)..................................................................................118
IV-7-2. SystemSettings........................................................................................................................................118
IV-7-2-1. SystemInformation...............................................................................................................................118
IV-7-2-2. WirelessClients(NotavailableontheWLC-6404)................................................................................121
IV-7-2-3. WirelessMonitor(NotavailableontheWLC-6404).............................................................................122
IV-7-2-4. Log.........................................................................................................................................................123
IV-7-3. Management............................................................................................................................................125
IV-7-3-1. Admin..................................................................................................................................................125
IV-7-3-2. DateandTime.....................................................................................................................................127
IV-7-3-3. SyslogServer.......................................................................................................................................128
IV-7-3-4. I’mHere..............................................................................................................................................129
IV-7-4. Advanced..................................................................................................................................................130
IV-7-4-1. LEDSettings...........................................................................................................................................130
IV-7-4-2. UpdateFirmware................................................................................................................................130
IV-7-4-3. Save/RestoreSettings.........................................................................................................................132
IV-7-4-4. FactoryDefault....................................................................................................................................133
IV-7-4-5. Reboot.................................................................................................................................................133
IV-8. Toolbox........................................................................................................................................................134
IV-8-1. NetworkConnectivity.............................................................................................................................134
IV-8-1-1. Ping.....................................................................................................................................................134
IV-8-1-2. TraceRoute.........................................................................................................................................134
V.BestPractice...................................................................................................................................................135
HowtoCreateandLinkWLAN&AccessPointGroups...........................................................................................135
6
II.QuickSetup
OnedeviceisdesignatedastheAPController(master)andotherconnected
APsaredesignatedasManagedAPs(slaves).UsingtheNMSyoucanmonitor,
configureandmanageallManagedAPs.Upto5APscanbemanagedfroman
EN-SeriesWirelessAccessPointinAPControllerModeor50APscanbe
managedfromadedicatedWLC-6404WirelessAccessPointController.
Followthestepsbelow:
1. ConnectallAPstoanEthernetorPoEswitchwhichisconnectedtoa
gateway/router.
YoucanuseyourrouterasaDHCPserveroryoucanlater
configureyourAPControllerasaDHCPserver.
2. EnsureallAPsarepoweredonandchecktheLEDstatus.
7
3. ConnecttheAPController,whichwillmanageallotherconnectedAPs,to
4.
powerandturnthedeviceon.
ConnectacomputertotheAPControllerusinganEthernetcable. 5. OpenawebbrowserandentertheAPController’sIPaddressinthe
addressfield.ThedefaultIPaddressislistedintheUserManualforyour
controller. Typicallyitiseither192.168.2.1or192.168.2.2.
DHCPisenabledontheaccesspointbydefault.ConsulttheDHCP
TableofyournetworkfortheController’sIPAddress.IfnoDHCP
Serviceisfound,theaccesspointwilldefaulttothedefaultIP
addresslistedintheUserManual.TypicaldefaultIPaddresses
areeither192.168.2.1or192.168.2.2.
Yourcomputer’sIPaddressmustbeinthesamesubnetastheAP
Controller. 192.168.2.10isbeingusedinthisexample.
6. Entertheusername&passwordtologin.Thedefaultusername&
passwordareadmin&1234respectively.
8
7. IfusinganEN-SeriesAPasacontroller,youwillarriveattheAccessPoint
Informationscreen. Goto!“OperationMode”andselect“AP
ControllerMode”fromthedropdownmenutoinitiateControllerMode.
8. Click“Apply”tosavethesettings. 9. YourControllerAP&ManagedAPsshouldbefullyfunctional.Usethetop
menutonavigatearoundtheNMS.
UseLocalNetwork&LocalSettingstoconfigureyourControllerAP.
UseDashboard,ZonePlan,NMSMonitor&NMSSettingstoconfigure
ManagedAPs.
UseToolboxtodiagnoseconnectionissues.
9
III.SoftwareLayout
Thetopmenufeatures7panels:Dashboard,ZonePlan,NMSMonitor,NMS
Settings,LocalNetwork,LocalSettings&Toolbox.
Screenshotsdisplayedareexamples.Theinformationshownon
yourscreenwillvarydependingonyourconfigurationanddevice
beingusedasacontroller.
Dashboard
TheDashboardpaneldisplaysanoverviewofyournetworkandkeysystem
information,withquicklinkstoaccessconfigurationoptionsforManagedAPs
andManagedAPgroups.Eachpanelcanberefreshed,collapsedormoved
accordingtoyourpreference. (Availablesettingswillvarydependingonthe
devicebeingusedasanAPController.)
10
ZonePlan
ZonePlandisplaysacustomizablelivemapofManagedAPsforavisual
representationofyournetworkcoverage.EachAPiconcanbemovedaround
themap,andabackgroundimagecanbeuploadedforuser-definedlocation
profilesusingNMSSettings!ZoneEdit.Optionscanbeconfiguredusingthe
menuontherightsideandsignalstrengthisdisplayedforeachAP. (AvailablesettingswillvarydependingonthedevicebeingusedasanAP
Controller.)
NMSMonitor
TheNMSMonitorpanelprovidesmoredetailedmonitoringinformation
abouttheAPArraythanfoundontheDashboard,groupedaccordingto
categoriesinthemenudowntheleftside. (Availablesettingswillvary
dependingonthedevicebeingusedasanAPController.)
11
NMSSettings
NMSSettingsprovidesextensiveconfigurationoptionsfortheAPArray.You
canmanageeachaccesspoint,assignaccesspointsintogroups,manage
WLAN,RADIUSaswellasupgradefirmwareacrossmultipleaccesspoints.The
ZonePlancanalsobeconfiguredusing“ZoneEdit”. (Availablesettingswill
varydependingonthedevicebeingusedasanAPController.)
LocalNetwork
LocalNetworksettingsareforyourAPController.YoucanconfiguretheIP
addressandDHCPserveroftheAPControllerinadditionto2.4GHz&5Ghz
Wi-Fiandsecurity,withWPS,RADIUSserver,MACfilteringandWMMsettings
12
alsoavailable. (Availablesettingswillvarydependingonthedevicebeing
usedasanAPController.)
LocalSettings
LocalSettingsareforyourAPController.Youcansettheoperationmodeand
viewnetworksettings(clientsandlogs)specificallyfortheAPController,as
wellasothermanagementsettingssuchasdate/time,adminaccounts,
firmwareandreset. (Availablesettingswillvarydependingonthedevice
beingusedasanAPController.)
13
Toolbox
TheToolboxpanelprovidesanetworkdiagnostictools:pingandtraceroute.
14
IV.Features
DescriptionsofthefunctionsofeachmainpanelDashboard,ZonePlan,NMS
Monitor,NMSSettings,LocalNetwork,LocalSettings&Toolboxcanbefound
below. (Availablesettingswillvarydependingonthedevicebeingusedas
anAPController.) WhenusingtheNMS,click“Apply”tosavechanges:
Screenshotsdisplayedareexamples.Theinformationshownon
yourscreenwillvarydependingonyourconfiguration.
IV-1. LOGIN,LOGOUT&RESTART
ItisrecommendedthatyoulogintotheAPControllertomake
configurationchangestoManagedAPs. LOGIN
1. ConnectacomputertothedesignatedAPControllerusinganEthernet
cable:
2. OpenawebbrowserandentertheAPController’sIPaddressinthe
addressfield.ThedefaultIPaddressislistedintheUserManualforyour
controller. Typicallyitiseither192.168.2.1or192.168.2.2.
Yourcomputer’sIPaddressmustbeinthesamesubnetastheAP
Controller.RefertoV-1.ConfiguringyourIPAddressformorehelp.
DHCPisenabledontheaccesspointbydefault. Consultthe
DHCPTableofyournetworkfortheController’sIPAddress. If
noDHCPServiceisfound,theaccesspointwilldefaulttothe
defaultIPaddresslistedintheUserManual. TypicaldefaultIP
addressesareeither192.168.2.1or192.168.2.2.
15
IfusingaDHCPserveronthenetwork,itisadvisedtouseyour
DHCPserver’ssettingstoassigntheAPControllerastaticIP
address.
3. Entertheusername&passwordtologin.Thedefaultusername&
passwordareadmin&1234.
RESTART
YoucanrestartyourAPControlleroranyManagedAPusingtheNMS.To
restartyourAPControllergotoLocalSettings!Advanced!Rebootand
click“Reboot”.
TorestartManagedAPsclicktheRestarticonforthespecifiedAPonthe
Dashboard:
16
IV-2. DASHBOARD
ThedashboarddisplaysanoverviewofyourAParray:
Usetheblueiconsabovetorefreshorcollapseeachpanelinthedashboard.
Clickanddragtomoveapaneltosuityourpreference.Youcansetthe
dashboardtoauto-refreshevery1minute,30secondsordisableauto-refresh:
17
IV-2-1.SystemInformation
SystemInformationdisplaysinformationabouttheAPController:Product
Name(model),HostName,MACAddress,IPAddress,FirmwareVersion,
SystemTime,Uptime,CPUUsageandMemoryUsage.
IV-2-2.DevicesInformation
DevicesInformationisasummaryofthenumberofalldevicesinthelocal
network:AccessPoints,ClientsConnected,andRogue(unidentified)Devices.
18
IV-2-3.ManagedAP
ManagedAPdisplaysinformationabouteachManagedAPinthelocal
network:Index(referencenumber),MACAddress,DeviceName,Model,IP
Address,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnected
toeachaccesspoint,andStatus(connected,connectingordisconnected).
ThesearchfunctioncanbeusedtolocateaspecificManagedAP.Typeinthe
searchboxandthelistwillupdate:
TheStatusicondisplaysgrey(disconnected),yellow(connecting)orgreen
(connected)foreachManagedAP.
EachManagedAPhas“Action”iconswiththefollowingfunctions: 1. Disallow
RemovetheManagedAPfromtheAParrayanddisableconnectivity.
2. Edit
EditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint).
3. BlinkLED
TheManagedAP’sLEDwillflashtemporarilytohelpidentify&locate
accesspoints.
4. Buzzer
TheManagedAP’sbuzzerwillsoundtemporarilytohelpidentify&locate
accesspoints.
5. NetworkConnectivity
Gotothe“NetworkConnectivity”paneltoperformapingortraceroute.
6. Restart
RestartstheManagedAP.
19
IV-2-4.ManagedAPGroup
ManagedAPscanbegroupedaccordingtoyourrequirements.ManagedAP
GroupdisplaysinformationabouteachManagedAPgroupinthelocal
network:GroupName,MACAddress,DeviceName,Model,IPAddress,No.of
Clientsconnectedtoeachaccesspoint,andStatus(connectedor
disconnected).
ToeditManagedAPGroupsgotoNMSSettings!AccessPoint(referto
IV-5-1.AccessPoint).
ThesearchfunctioncanbeusedtolocateaspecificManagedAPGroup.Type
inthesearchboxandthelistwillupdate:
TheStatusicondisplaysgrey(disconnected),yellow(connecting)orgreen
(connected)foreachindividualManagedAP.
EachManagedAPhas“Action”iconswiththefollowingfunctions: 1. Disallow
RemovetheManagedAPfromtheAParrayanddisableconnectivity.
2. Edit
EditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint)
3. BlinkLED
TheManagedAP’sLEDwillflashtemporarilytohelpidentify&locate
accesspoints.
4. Buzzer
TheManagedAP’sbuzzerwillsoundtemporarilytohelpidentify&locate
accesspoints.
5. NetworkConnectivity
Gotothe“NetworkConnectivity”paneltoperformapingortraceroute.
20
6. Restart
RestartstheManagedAP.
IV-2-5.ActiveClients
ActiveClientsdisplaysinformationabouteachclientinthelocalnetwork:
Index(referencenumber),ClientMACAddress,DeviceName,Model,IP
Address,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnected
toeachaccesspoint,andStatus(onoroff).
Thesearchfunctioncanbeusedtolocateaspecificclient.Typeinthesearch
boxandthelistwillupdate:
IV-2-6.ActiveUsers
ActiveUsersdisplaysinformationabouteachuserinthelocalnetwork:Index
(referencenumber),UserName,MACAddress,IPAddress,SSID,Creator,
CreationTime,ExpireTime,UsagePercentage,Vendor,PlatformandAction.
Thesearchfunctioncanbeusedtolocateaspecificuser.Typeinthesearch
boxandthelistwillupdate:
21
IV-3. ZONEPLAN
TheZonePlancanbefullycustomizedtomatchyournetworkenvironment.
YoucanmovetheAPiconsandselectdifferentlocationimages(upload
locationimagesinNMSSettings!ZoneEdit)tocreateavisualmapofyour
AParray.
Usethemenuonthesidetomakeadjustmentsandmouse-overanAPiconin
thezonemaptoseemoreinformation.ClickanAPiconinthezonemapto
selectitanddisplayactionicons.
ClickanddraganAPicontomovetheiconaroundthezonemap.Thesignal
strengthforeachAPisdisplayedaccordingtothe“Signal”keyinthemenuon
therightside:
Location
Selectapre-definedlocationfromthedrop
downmenu.Whenyouuploadalocation
imageinNMSSettings!ZoneEdit,itwillbe
availableforselectionhere.
22
APGroup
Search
Radio
Signal
Zoom
Transparency
Scale
Device/Number
YoucanselectanAPGrouptodisplayinthe
zonemap.EditAPGroupsinNMSSettings!
AccessPoint.
UsethesearchboxtoquicklylocateanAP.
UsethecheckboxestodisplayAPsaccording
to2.4GHzor5GHzwirelessradiofrequency. Signalstrengthkeyforthesignalstrength
displayaroundeachAPinthezonemap.
Usetheslidertoadjustthezoomlevelofthe
map.
Usetheslidertoadjustthetransparencyof
locationimages.
Zonemapscale.
Displaysnumberandtypeofdevicesinthe
zonemap.
23
IV-4. NMSMONITOR
IV-4-1.AccessPoint
IV-4-1-1. ManagedAP
DisplaysinformationabouteachManagedAPinthelocalnetwork:Index
(referencenumber),MACAddress,DeviceName,Model,IPAddress,2.4GHz&
5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccesspoint,
andStatus(connected,connectingordisconnected).
ThesearchfunctioncanbeusedtolocateaspecificManagedAP.Typeinthe
searchboxandthelistwillupdate:
TheStatusicondisplaysthestatusofeachManagedAP.
StatusIcons
Icon
Color
Status
Definition
ManagedAPisdisconnected. Checkthe
networkconnectionandensurethe
Grey Disconnected
ManagedAPisinthesameIPsubnetas
theAPController.
Systemsecuritymustbethesameforall
accesspointsintheAParray.Please
Authentication
checksecuritysettings(refertoIV-5-12-1.
Failed
SystemSecurity).
Red Or
Accesspointsmustusethesameversion
ofNMSastheController. UsetheAP
Incompatible
Controller’sfirmwareupgradefunction
NMSVersion
(refertoIV-5-11.FirmwareUpgrade)to
synchronizetheNMSversion.
24
Orange
Configuringor ManagedAPismakingconfiguration
Upgrading
changesorupgradingthefirmware.
Yellow Connecting
ManagedAPisconnecting.
Green Connected
ManagedAPisconnected.
Blue
Waitingfor
Approval
ManagedAPiswaitingforapproval.
EachManagedAPhas“Action”iconswiththefollowingfunctions: 1. Disallow
RemovetheManagedAPfromtheAParrayanddisableconnectivity.
1. Edit
EditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint).
2. BlinkLED
TheManagedAP’sLEDwillflashtemporarilytohelpidentify&locate
accesspoints.
3. Buzzer
TheManagedAP’sbuzzerwillsoundtemporarilytohelpidentify&locate
accesspoints.
4. NetworkConnectivity
Gotothe“NetworkConnectivity”paneltoperformapingortraceroute.
5. Restart
RestartstheManagedAP.
25
IV-4-1-2. ManagedAPGroup
ManagedAPscanbegroupedaccordingtoyourrequirements.ManagedAP
GroupdisplaysinformationabouteachManagedAPgroupinthelocal
network:GroupName,MACAddress,DeviceName,Model,IPAddress,2.4GHz
&5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccess
point,andStatus(connectedordisconnected).
ToeditManagedAPGroupsgotoNMSSettings!AccessPoint(referto
IV-5-1.AccessPoint).
ThesearchfunctioncanbeusedtolocateaspecificManagedAPGroup.Type
inthesearchboxandthelistwillupdate:
TheStatusicondisplaysgrey(disconnected),red(authentication
failed/incompatibleNMSversion),orange(upgradingfirmware),yellow
(connecting),green(connected)orblue(waitingforapproval)foreach
individualManagedAP.RefertoIV-4-1-1.ManagedAP:StatusIconsforfull
descriptions.
EachManagedAPhas“Action”iconswiththefollowingfunctions: 2. Disallow
RemovetheManagedAPfromtheAParrayanddisableconnectivity.
26
3. Edit
EditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint).
4. BlinkLED
TheManagedAP’sLEDwillflashtemporarilytohelpidentify&locate
accesspoints.
5. Buzzer
TheManagedAP’sbuzzerwillsoundtemporarilytohelpidentify&locate
accesspoints.
6. NetworkConnectivity
Gotothe“NetworkConnectivity”paneltoperformapingortraceroute.
7. Restart
RestartstheManagedAP.
27
IV-4-2.WLAN
IV-4-2-1. ActiveWLAN
DisplaysinformationabouteachSSIDintheAPArray:Index(reference
number),Name/SSID,VLANID,Authentication,Encryption,IPAddressand
AdditionalAuthentication.
ToconfigureencryptionandVLANsforManagedAPsgotoNMSSettings!
WLAN.
ThesearchfunctioncanbeusedtolocateaspecificSSID.Typeinthesearch
boxandthelistwillupdate:
28
IV-4-2-2. ActiveWLANGroup
WLANgroupscanbecreatedaccordingtoyourpreference.ActiveWLAN
GroupdisplaysinformationaboutWLANgroup:GroupName,Name/SSID,
VLANID,Authentication,Encryption,IPAddressandAdditional
Authentication.
ThesearchfunctioncanbeusedtolocateaspecificActiveWLANGroup.Type
inthesearchboxandthelistwillupdate:
IV-4-3.Clients
IV-4-3-1. ActiveClients
DisplaysinformationaboutclientscurrentlyconnectedtotheAPArray:
Index(referencenumber),ClientMACAddress,APMACAddress,WLAN(SSID),
UserName,Radio(2.4GHzor5GHz),SignalStrengthreceivedbyClient,
ConnectedTime,IdleTime,Tx&Rx(DatatransmittedandreceivedbyClientin
KB),andtheVendoroftheclientdevice.
Youcansetordisabletheauto-refreshtimefortheclientlistorclick
“Refresh”tomanuallyrefresh.
Thesearchfunctioncanbeusedtolocateaspecificclient.Typeinthesearch
boxandthelistwillupdate:
29
IV-4-4.
Users
IV-4-4-1.
ActiveUsers
Displaysinformationabouteachuserinthelocalnetworkviaguestportals:
Index(referencenumber),UserName,MACAddress,IPAddress,SSID,Creator,
CreateTime,ExpireTime,UsagePercentage,TrafficProgress,Vendorand Platformoftheuserdevice.
Thesearchfunctioncanbeusedtolocateaspecificclient.Typeinthesearch
boxandthelistwillupdate:
IV-4-4-2.
UsersLog
Displaysadetailedinformationlogofusersandactivityonthenetworkvia
guestportals:ID,DateandTimeofentry,Categoryofentry,Severity,Users,
Event/Activitiesdetails.
Thesearchfunctioncanbeusedtolocateaspecificclient.Typeinthesearch
boxandthelistwillupdate:
30
IV-4-5. RogueDevices
Rogueaccesspointdetectioncanidentifyanyunauthorizedaccesspoints
whichmayhavebeeninstalledinthenetwork.
Click“Start”toscanforroguedevices:
UnknownRogueDevicesdisplaysinformationaboutroguedevicesdiscovered
duringthescan:Index(referencenumber),Channel,SSID,MACAddress,
Security,SignalStrength,Type,VendorandAction.
Thesearchfunctioncanbeusedtolocateaknownroguedevice.Typeinthe
searchboxandthelistwillupdate:
31
IV-4-6.
Information
IV-4-6-1. AllEvents/Activities
Displaysalogoftime-stampedeventsforeachaccesspointintheArray–use
thedropdownmenutoselectanaccesspointandviewthelog.
IV-4-6-2. APMonitoring
DisplaysgraphicalmonitoringinformationaboutaccesspointsintheArrayfor
2.4GHz&5GHz:TrafficTx(datatransmittedinMB),TrafficRx(datareceived
inMB),No.ofClients,WirelessChannel,TxPower(wirelessradiopower),CPU
UsageandMemoryUsage.
Usethedropdownmenustoselectanaccesspointanddate.
Youcansetordisabletheauto-refreshtimeforthedata:
32
IV-4-6-3.SSIDOverview
DisplaysgraphicalmonitoringinformationaboutdifferentSSIDsfor2.4GHz&
5GHz,includingTrafficTx(datatransmittedinKbps),TrafficRx(datareceived
inKbps),andalsotheClientNumberforeachSSID. YoucanuseRefreshtorunthemanualrefresh:
2.4GHz&5GHzTrafficshowscurrentlyhowmuchTx/Rxtraffic(inKBps)
utilizedineachSSID.Thebluediagramrepresentsthe2.4GHzradioband,and
thegreendiagramrepresentsthe5GHzradioband.
33
ClientNumbershowscurrentlyhowmanycurrentusersoneachSSID.The
bluediagramrepresentsthe2.4GHzradioband,andthegreendiagram
representsthe5GHzradioband.
34
IV-5. NMSSettings
IV-5-1.AccessPoint
Displaysinformationabouteachaccesspointandaccesspointgroupinthe
localnetworkandallowsyoutoeditaccesspointsandeditoraddaccess
pointgroups.
Thesearchfunctioncanbeusedtolocateanaccesspointoraccesspoint
group.Typeinthesearchboxandthelistwillupdate:
TheStatusicondisplaysgrey(disconnected),red(authentication
failed/incompatibleNMSversion),orange(upgradingfirmware),yellow
(connecting),green(connected)orblue(waitingforapproval)foreach
individualManagedAP.RefertoIV-4-1-1.ManagedAP:StatusIconsforfull
descriptions.
The“Action”iconsenableyoutoallowordisallowanaccess
point:
Selectanaccesspointoraccesspointgroupusingthe
check-boxesandclick“Edit”tomakeconfigurations,orclick
“Add”toaddanewaccesspointgroup:
35
TheAccessPointSettingspanelcanenableordisableAutoApproveforall
ManagedAPs.Whenenabled,ManagedAPswillautomaticallyjointheAP
ArraywiththeControllerAP.Whendisabled,ManagedAPsmustbemanually
approvedtojointheAPArraywiththeControllerAP.
AccessPointSettings
AutoApprove
EnableordisableAutoApproveforall
ManagedAPs.
TomanuallyapproveaManagedAP,use“theallowAction”iconforthe
specifiedaccesspoint:
EditAccessPoint
ConfigureyourselectedaccesspointonyourLAN.Youcansettheaccess
pointasaDHCPclientorspecifyastaticIPaddressforyouraccesspoint,and
assigntheaccesspointtoanAPgroup,aswellasedit2.4GHz&5GHzwireless
radiosettings.Aneventslogisdisplayedatthebottomofthepage.
YoucanalsouseProfileSettingstoassigntheaccesspointtoWLAN,RADIUS
andAccessControlgroupsindependentlyfromAccessPointGroupsettings.
Checkthe“OverrideGroupSettings”boxtousedifferentindividualsettings
foraccesspointsassignedtoAPGroups:
36
BasicSettings
Name
Description
MACAddress
APGroup
IPAddress
Assignment
IPAddress
SubnetMask
Edittheaccesspointname.Thedefaultname
isAP+MACaddress.
Enteradescriptionoftheaccesspointfor
referencee.g.2ndFloorOffice.
DisplaysMACaddress.
UsethedropdownmenutoassigntheAPto
anAPGroup.YoucaneditAPGroupsfrom
theNMSSettings!AccessPointpage. Select“DHCPClient”foryouraccesspointto
beassignedadynamicIPaddressfromyour
router’sDHCPserver,orselect“StaticIP”to
manuallyspecifyastatic/fixedIPaddressfor
youraccesspoint(below).Checkthebox
“OverrideGroupSetting”iftheAPisa
memberofanAPGroupandyouwishtouse
adifferentsettingthantheAPGroupsetting.
SpecifytheIPaddresshere.ThisIPaddress
willbeassignedtoyouraccesspointandwill
replacethedefaultIPaddress.
Specifyasubnetmask.Thedefaultvalueis
37
DefaultGateway
PrimaryDNS
SecondaryDNS
255.255.255.0
ForDHCPusers,select“FromDHCP”toget
defaultgatewayfromyourDHCPserveror
“User-Defined”toenteragatewaymanually.
ForstaticIPusers,thedefaultvalueisblank.
DHCPuserscanselect“FromDHCP”toget
primaryDNSserver’sIPaddressfromDHCPor
“User-Defined”tomanuallyenteravalue.For
staticIPusers,thedefaultvalueisblank.
DHCPuserscanselect“FromDHCP”toget
secondaryDNSserver’sIPaddressfromDHCP
or“User-Defined”tomanuallyenteravalue.
ForstaticIPusers,thedefaultvalueisblank.
RadioSettings
Wireless
Band
Enableordisabletheaccesspoint’s2.4GHzor
5GHzwirelessradio.Whendisabled,noSSIDs
onthatfrequencywillbeactive.
Selectthewirelessstandardusedforthe
accesspoint.Combinationsof802.11b,
38
802.11g,802.11n&802.11accanbeselected.
AutoPilot
Enable/disableautochannelselection.Auto
channelselectionwillautomaticallysetthe
wirelesschannelfortheaccesspoint’s2.4GHz
or5GHzfrequencybasedonavailabilityand
potentialinterference.Whendisabled,select
achannelmanually.
AutoPilotRange
Selectarangefromwhichtheautochannel
setting(above)willchooseachannel. AutoPilotInterval Specifyafrequencyforhowoftentheauto
channelsettingwillcheck/reassignthe
wirelesschannel.Check/uncheckthe“Change
channelevenifclientsareconnected”box
accordingtoyourpreference.
ChannelBandwidth SetthechannelbandwidthoruseAuto
(automaticallyselectbasedoninterference
level).
BSSBasicRateSet
SetaBasicServiceSet(BSS)rate:thisisa
seriesofratestocontrolcommunication
framesforwirelessclients.
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthe
valuesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceof
youraccesspoint.
AdvancedSettings
ContentionSlot
PreambleType
GuardInterval
Select“Short”or“Long”–thisvalueisusedfor
contentionwindowsinWMM(seeIV-6-7.
WMM).
Setthewirelessradiopreambletype.The
preambletypein802.11basedwireless
communicationdefinesthelengthoftheCRC
(CyclicRedundancyCheck)blockfor
communicationbetweentheaccesspointand
roamingwirelessadapters.Thedefaultvalueis
“ShortPreamble”.
Settheguardinterval. Ashorterintervalcan
improveperformance.
39
802.11gProtection Enable/disable802.11gprotection,which
increasesreliabilitybutreducesbandwidth
(clientswillsendRequesttoSend(RTS)to
accesspoint,andaccesspointwillbroadcast
CleartoSend(CTS),beforeapacketissent
fromclient.)
802.11nProtection Enable/disable802.11nprotection,which
increasesreliabilitybutreducesbandwidth
(clientswillsendRequesttoSend(RTS)to
accesspoint,andaccesspointwillbroadcast
CleartoSend(CTS),beforeapacketissent
fromclient.)
DTIMPeriod
SettheDTIM(deliverytrafficindication
message)periodvalueofthewirelessradio.
Thedefaultvalueis1.
RTSThreshold
SettheRTSthresholdofthewirelessradio.The
defaultvalueis2347.
Fragment
Setthefragmentthresholdofthewireless
Threshold
radio.Thedefaultvalueis2346.
MulticastRate
Setthetransferrateformulticastpacketsor
usethe“Auto”setting.
TxPower
Setthepoweroutputofthewirelessradio.You
maynotrequire100%outputpower. Setting
alowerpoweroutputcanenhancesecurity
sincepotentiallymalicious/unknownusersin
distantareaswillnotbeabletoaccessyour
signal.
BeaconInterval
Setthebeaconintervalofthewirelessradio.
Thedefaultvalueis100.
Stationidle
Settheintervalforkeepalivemessagesfrom
timeout
theaccesspointtoawirelessclienttoverifyif
thestationisstillalive/active.
40
ProfileSettings
WLANGroup
RADIUSGroup
AccessControl
Group
Assigntheaccesspoint’s2.4GHzor5GHz
SSID(s)toaWLANGroup.YoucaneditWLAN
groupsinNMSSettings!WLAN.
Assigntheaccesspoint’s2.4GHzSSID(s)toa
RADIUSgroup.YoucaneditRADIUSgroupsin
NMSSettings!RADIUS.
Assigntheaccesspoint’s2.4GHzSSID(s)toa
RADIUSgroup.YoucaneditRADIUSgroupsin
NMSSettings!AccessControl
Add/EditAccessPointGroup
Configureyourselectedaccesspointgroup.Accesspointgroupsettingsapply
toallaccesspointsinthegroup,unlessindividuallysettooverridegroup
settings.
YoucanuseProfileGroupSettingstoassigntheaccesspointgrouptoWLAN,
RADIUSandAccessControlgroups.
TheGroupSettingspanelcanbeusedtoquicklymoveaccesspointsbetween
existinggroups:selectanaccesspointandusethedropdownmenuorsearch
toselectaccesspointgroupsanduse<<and>>arrowstomoveAPsbetween
groups.
BasicGroupSettings
Name
Edittheaccesspointgroupname.
Description
Enteradescriptionoftheaccesspointgroup
forreferencee.g.2ndFloorOfficeGroup.
41
RadioGroupSettings
Wireless
Enableordisabletheaccesspointgroup’s
2.4GHzor5GHzwirelessradio.When
disabled,noSSIDsonthatfrequencywillbe
active.
Band
Selectthewirelessstandardusedforthe
accesspointgroup.Combinationsof802.11b,
802.11g,802.11n&802.11accanbeselected.
AutoPilot
Enable/disableautochannelselection.Auto
channelselectionwillautomaticallysetthe
wirelesschannelfortheaccesspointgroup’s
2.4GHzor5GHzfrequencybasedon
availabilityandpotentialinterference.When
disabled,selectachannelmanually.
AutoPilotRange
Selectarangefromwhichtheautochannel
setting(above)willchooseachannel. AutoPilotInterval Specifyafrequencyforhowoftentheauto
channelsettingwillcheck/reassignthe
wirelesschannel.Check/uncheckthe“Change
channelevenifclientsareconnected”box
accordingtoyourpreference.
ChannelBandwidth SetthechannelbandwidthoruseAuto
42
BSSBasicRateSet
(automaticallyselectbasedoninterference
level).
SetaBasicServiceSet(BSS)rate:thisisa
seriesofratestocontrolcommunication
framesforwirelessclients.
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthe
valuesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceof
youraccesspoints.
AdvancedSettings
ContentionSlot
Select“Short”or“Long”–thisvalueisusedfor
contentionwindowsinWMM(seeIV-6-7.
WMM).
PreambleType
Setthewirelessradiopreambletype.The
preambletypein802.11basedwireless
communicationdefinesthelengthoftheCRC
(CyclicRedundancyCheck)blockfor
communicationbetweentheaccesspointand
roamingwirelessadapters.Thedefaultvalueis
“ShortPreamble”.
GuardInterval
Settheguardinterval. Ashorterintervalcan
improveperformance.
802.11gProtection Enable/disable802.11gprotection,which
increasesreliabilitybutreducesbandwidth
(clientswillsendRequesttoSend(RTS)to
accesspoint,andaccesspointwillbroadcast
CleartoSend(CTS),beforeapacketissent
fromclient.)
802.11nProtection Enable/disable802.11nprotection,which
increasesreliabilitybutreducesbandwidth
(clientswillsendRequesttoSend(RTS)to
accesspoint,andaccesspointwillbroadcast
CleartoSend(CTS),beforeapacketissent
fromclient.)
DTIMPeriod
SettheDTIM(deliverytrafficindication
message)periodvalueofthewirelessradio.
Thedefaultvalueis1.
43
RTSThreshold
Fragment
Threshold
MulticastRate
TxPower
BeaconInterval
Stationidle
timeout
SettheRTSthresholdofthewirelessradio.The
defaultvalueis2347.
Setthefragmentthresholdofthewireless
radio.Thedefaultvalueis2346.
Setthetransferrateformulticastpacketsor
usethe“Auto”setting.
Setthepoweroutputofthewirelessradio.You
maynotrequire100%outputpower. Setting
alowerpoweroutputcanenhancesecurity
sincepotentiallymalicious/unknownusersin
distantareaswillnotbeabletoaccessyour
signal.
Setthebeaconintervalofthewirelessradio.
Thedefaultvalueis100.
Settheintervalforkeepalivemessagesfrom
theaccesspointtoawirelessclienttoverifyif
thestationisstillalive/active.
ProfileGroupSettings
WLANGroup
Assigntheaccesspointgroup’s2.4GHzor
44
RADIUSGroup
AccessControl
Group
5GHzSSIDstoaWLANGroup.Youcanedit
WLANgroupsinNMSSettings!WLAN.
Assigntheaccesspointgroup’s2.4GHzSSIDs
toaRADIUSgroup.YoucaneditRADIUS
groupsinNMSSettings!RADIUS.
Assigntheaccesspoint’s2.4GHzSSIDstoa
RADIUSgroup.YoucaneditRADIUSgroupsin
NMSSettings!AccessControl.
45
IV-5-2.WLAN
DisplaysinformationabouteachWLANandWLANgroupinthelocalnetwork
andallowsyoutoaddoreditWLANs&WLANGroups.WhenyouaddaWLAN
Group,itwillbeavailableforselectioninNMSSettings!AccessPointaccess
pointProfileSettings&accesspointgroupProfileGroupSettings.
ThesearchfunctioncanbeusedtolocateaWLANorWLANGroup.Typein
thesearchboxandthelistwillupdate:
SelectaWLANorWLANGroupusingthecheck-boxesand
click“Edit”orclick“Add”toaddanewWLANorWLAN
Group:
46
Add/EditWLAN
WLANSettings
Name/ESSID
Description
SSID
VLANID
BroadcastSSID
WirelessClient
Isolation
EdittheWLANname(SSID).
EnteradescriptionoftheSSIDforreference
e.g.2ndFloorOfficeHR.
SelectwhichSSIDtoconfiguresecurity
settingsfor.
SpecifytheVLANID.
EnableordisableSSIDbroadcast.When
enabled,theSSIDwillbevisibletoclientsas
anavailableWi-Finetwork.Whendisabled,
theSSIDwillnotbevisibleasanavailable
Wi-Finetworktoclients–clientsmust
manuallyentertheSSIDinordertoconnect.
Ahidden(disabled)SSIDistypicallymore
securethanavisible(enabled)SSID.
Enableordisablewirelessclientisolation.
Wirelessclientisolationpreventsclients
connectedtotheaccesspointfrom
communicatingwitheachotherandimproves
security.Typically,thisfunctionisusefulfor
corporateenvironmentsorpublichotspots
47
LoadBalancing
Authentication
Method
Additional
Authentication
andcanpreventbruteforceattackson
clients’usernamesandpasswords.
Loadbalancinglimitsthenumberofwireless
clientsconnectedtoanSSID.Setaload
balancingvalue(maximum50).
Selectanauthenticationmethodfromthe
dropdownmenu.
Selectanadditionalauthenticationmethod
fromthedropdownmenu.
Varioussecurityoptions(wirelessdataencryption)areavailable.Whendatais
encrypted,informationtransmittedwirelesslycannotbereadbyanyonewho
doesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertoprevent
unauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsof
numbers,lettersandsymbols,andchangeyourpassword
regularly.
PleaserefertoIV-6-2-3.Securityformoreinformationonauthenticationand
additionalauthenticationtypes.
WLANAdvancedSettings
RSSIThreshold
SetaRSSIThresholdlevel.
48
Add/EditWLANGroup
WhenyouaddaWLANGroup,itwillbeavailableforselectioninNMS
Settings!AccessPointaccesspointProfileSettings&accesspointgroup
ProfileGroupSettings.
WLANGroupSettings
Name
EdittheWLANGroupname.
Description
EnteradescriptionoftheWLANGroupfor
referencee.g.2ndFloorOfficeHRGroup.
Members
SelectSSIDstoincludeinthegroupusingthe
checkboxesandassignVLANIDs.
49
IV-5-3.RADIUS
DisplaysinformationaboutExternal&InternalRADIUSServers,Accountsand
GroupsandallowsyoutoaddoreditRADIUSServers,Accounts&Groups.
WhenyouaddaRADIUSGroup,itwillbeavailableforselectioninNMS
Settings!AccessPointaccesspointProfileSettings&accesspointgroup
ProfileGroupSettings.
ThesearchfunctioncanbeusedtolocateaRADIUSServer,AccountorGroup.
Typeinthesearchboxandthelistwillupdate:
Makeaselectionusingthecheck-boxesandclick“Edit”or
click“Add”toaddanewWLANorWLANGroup:
50
Add/EditExternalRADIUSServer
Name
Description
RADIUSServer
Authentication
Port
SharedSecret
SessionTimeout
Accounting
AccountingPort
EnteranamefortheRADIUSServer.
EnteradescriptionoftheRADIUSServerfor
reference.
EntertheRADIUSserverhostIPaddress.
SettheUDPportusedintheauthentication
protocoloftheRADIUSserver.Valuemustbe
between1–65535.
Enterasharedsecret/passwordbetween1–
99charactersinlength.Thisshouldmatchthe
“MAC-RADIUS”password.
Setadurationofsessiontimeoutinseconds
between0–86400.
EnableordisableRADIUSaccounting.
Whenaccountingisenabled(above),setthe
UDPportusedintheaccountingprotocolof
theRADIUSserver.Valuemustbebetween1–
65535.
51
Add/EditInternalRADIUSServer
UploadEAPCertificateFile
EAPCertificateFile DisplaystheEAPcertificatefileformat:
Format
PCK#12(*.pfx/*.p12)
EAPCertificateFile Click“Upload”toopenanewwindowand
selectthelocationofanEAPcertificatefileto
use.Ifnocertificatefileisuploaded,the
internalRADIUSserverwilluseaself-made
certificate.
InternalRADIUSServer
Name
EnteranamefortheInternalRADIUSServer.
Description
EnteradescriptionoftheInternalRADIUS
Serverforreference.
EAPCertificateFile DisplaystheEAPcertificatefileformat:
Format
PCK#12(*.pfx/*.p12)
EAPCertificateFile Click“Upload”toopenanewwindowand
selectthelocationofanEAPcertificatefileto
use.Ifnocertificatefileisuploaded,the
internalRADIUSserverwilluseaself-made
certificate.
52
EAPInternal
Authentication
SharedSecret
SelectEAPinternalauthenticationtypefrom
thedropdownmenu.
Enterasharedsecret/passwordforuse
betweentheinternalRADIUSserverand
RADIUSclient.Thesharedsecretshouldbe1–
99charactersinlength.
SessionTimeout
Setadurationofsessiontimeoutinseconds
between0–86400.
TerminationAction Selectatermination-actionattribute:
“Reauthentication”sendsaRADIUSrequestto
theaccesspoint,“Not-Reathentication”sends
adefaulttermination-actionattributetothe
accesspoint,“Not-Send”no
termination-actionattributeissenttothe
accesspoint.
Add/EditRADIUSAccounts
TheinternalRADIUSservercanauthenticateupto256useraccounts.The
“RADIUSAccounts”pageallowsyoutoconfigureandmanageusers.
53
RADIUSAccounts
UserName
Add
Reset
UserRegistrationList
Select
Checktheboxtoselectauser.
UserName
Displaystheusername.
Password
Displaysifspecifiedusernamehasapassword
(configured)ornot(notconfigured).
Customize
Click“Edit”toopenanewfieldtoset/edita
passwordforthespecifiedusername(below).
DeleteSelected
DeleteAll
Entertheusernameshere,separatedby
commas.
Click“Add”toaddtheusertotheuser
registrationlist.
Cleartextfromtheusernamebox.
Deleteselecteduserfromtheuserregistration
list.
Deleteallusersfromtheuserregistrationlist.
EditUserRegistrationList
UserName
Existingusernameisdisplayedhereandcan
beeditedaccordingtoyourpreference.
Password
Enteroreditapasswordforthespecifieduser.
54
Add/EditRADIUSGroup
WhenyouaddaRADIUSGroup,itwillbeavailableforselectioninNMS
Settings!AccessPointaccesspointProfileSettings&accesspointgroup
ProfileGroupSettings.
RADIUSGroupSettings
GroupName
EdittheRADIUSGroupname.
Description
EnteradescriptionoftheRADIUSGroupfor
reference.
2.4GHzRADIUS
Enable/Disableprimary&secondaryRADIUS
serversfor2.4GHz.
5GHzRADIUS
Enable/Disableprimary&secondaryRADIUS
serversfor5GHz.
Members
AddRADIUSuseraccountstotheRADIUS
group(Maximum5).
55
IV-5-4.AccessControl
MACAccessControlisasecurityfeaturethatcanhelptoprevent
unauthorizedusersfromconnectingtoyouraccesspoint.
Thisfunctionallowsyoutodefinealistofnetworkdevicespermittedto
connecttotheaccesspoint.DevicesareeachidentifiedbytheiruniqueMAC
address.IfadevicewhichisnotonthelistofpermittedMACaddresses
attemptstoconnecttotheaccesspoint,itwillbedenied.
TheAccessControlpaneldisplaysinformationaboutMACAccessControl&
MACAccessControlGroupsandGroupsandallowsyoutoaddoreditMAC
AccessControl&MACAccessControlGroupsettings.Whenyouaddan
AccessControlGroup,itwillbeavailableforselectioninNMSSettings!
AccessPointaccesspointProfileSettings&accesspointgroupProfileGroup
Settings.
ThesearchfunctioncanbeusedtolocateaMACaddressorMACAccess
ControlGroup.Typeinthesearchboxandthelistwillupdate:
Makeaselectionusingthecheck-boxesandclick“Edit”or
click“Add”toaddanewMACAddressorMACAccessControl
Group:
56
Add/EditMACAccessControl
AddMACAddress
Add
Reset
EnteraMACaddressofcomputerornetwork
devicemanuallye.g.‘aa-bb-cc-dd-ee-ff’or
entermultipleMACaddressesseparatedwith
commas,e.g.
‘aa-bb-cc-dd-ee-ff,aa-bb-cc-dd-ee-gg’
Click“Add”toaddtheMACaddresstothe
MACaddressfilteringtable. Clearallfields.
MACaddressentrieswillbelistedinthe“MACAddressFilteringTable”.Select
anentryusingthe“Select”checkbox.
Select
Deleteselectedorallentriesfromthetable.
MACAddress
TheMACaddressislistedhere.
DeleteSelected
DeletetheselectedMACaddressfromthe
list.
DeleteAll
DeleteallentriesfromtheMACaddress
filteringtable.
Export
Click“Export”tosaveacopyoftheMAC
filteringtable.Anewwindowwillpopupfor
youtoselectalocationtosavethefile.
57
Add/EditMACAccessControlGroup
WhenyouaddanAccessControlGroup,itwillbeavailableforselectionin
NMSSettings!AccessPointaccesspointProfileSettings&accesspoint
groupProfileGroupSettings.
MACFilterGroupSettings
GroupName
EdittheMACAccessControlGroupname.
Description
EnteradescriptionoftheMACAccessControl
Groupforreference.
Action
Select“Blacklist”todenyaccesstospecified
MACaddressesinthegroup,andselect
“Whitelist”topermitaccesstospecifiedMAC
addressinthegroup.
Members
AddMACaddressestothegroup.
58
IV-5-5.GuestNetwork
Youcansetupanadditional“Guest”Wi-Finetworksoguestuserscanenjoy
Wi-Ficonnectivitywithoutaccessingyourprimarynetworks.The“Guest”
screendisplayssettingsforyourguestWi-Finetwork.
TheGuestNetworkpaneldisplaysinformationaboutGuestNetworksand
GuestNetworkGroupsandallowsyoutoaddoreditGuestNetworkand
GuestNetworkGroupsettings.WhenyouaddaGuestNetworkGroup,itwill
beavailableforselectioninNMSSettings!AccessPointaccesspointProfile
Settings&accesspointgroupProfileGroupSettings.
ThesearchfunctioncanbeusedtolocateaGuestNetworkorGuestNetwork
Group.Typeinthesearchboxandthelistwillupdate:
Makeaselectionusingthecheck-boxesandclick“Edit”or
click“Add”toaddanewGuestNetworkorGuestNetwork
Group.
59
Add/EditGuestNetwork
GuestNetworkSettings
Name/ESSID
EdittheGuestNetworkname(SSID).
Description
EnteradescriptionoftheGuestNetworkfor
referencee.g.2ndFloorOfficeHR.
VLANID
SpecifytheVLANID.
BroadcastSSID
EnableordisableSSIDbroadcast.When
enabled,theSSIDwillbevisibletoclientsas
anavailableWi-Finetwork.Whendisabled,
theSSIDwillnotbevisibleasanavailable
Wi-Finetworktoclients–clientsmust
manuallyentertheSSIDinordertoconnect.
Ahidden(disabled)SSIDistypicallymore
securethanavisible(enabled)SSID.
WirelessClient
Enableordisablewirelessclientisolation.
60
Isolation
LoadBalancing
Authentication
Method
Additional
Authentication
Wirelessclientisolationpreventsclients
connectedtotheaccesspointfrom
communicatingwitheachotherandimproves
security.Typically,thisfunctionisusefulfor
corporateenvironmentsorpublichotspots
andcanpreventbruteforceattackson
clients’usernamesandpasswords.
Loadbalancinglimitsthenumberofwireless
clientsconnectedtoanSSID.Setaload
balancingvalue(maximum50).
Selectanauthenticationmethodfromthe
dropdownmenu.
Selectanadditionalauthenticationmethod
fromthedropdownmenu.
Varioussecurityoptions(wirelessdataencryption)areavailable.Whendatais
encrypted,informationtransmittedwirelesslycannotbereadbyanyonewho
doesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertoprevent
unauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsof
numbers,lettersandsymbols,andchangeyourpassword
regularly.
GuestAccessPolicy
GuestPortal
Selectaguestportaltouseforthisguest
SSID.GuestportalscanbeconfiguredinNMS
Settings!GuestPortal.
TrafficShaping
Enableordisabletrafficshapingfortheguest
network.
Downlink
EnteradownlinklimitinMB.
Uplink
EnteranuplinklimitinMB.
IPFiltering
Select“Deny”or“Allow”todenyorallow
specifiedIPaddressestoaccesstheguest
network.Select“Disable”todisableIP
filtering.
Rules
EnterIPaddressestobefilteredaccordingto
61
theDenyorAllowrulespecifiedaboveand
checktheboxforeachIPaddresstobe
filtered.
GuestNetworkAdvancedSettings
ScheduleGroup
AssignguestSSIDtoaspecifiedschedule
(schedulemustbepre-configuredinNMS
Settings!Schedule.)
Add/EditGuestNetworkGroup
WhenyouaddaGuestNetworkGroup,itwillbeavailableforselectionin
NMSSettings!AccessPointaccesspointProfileSettings&accesspoint
groupProfileGroupSettings.
GuestNetworkGroupSettings
GroupName
EdittheGuestNetworkGroupname.
Description
EnteradescriptionoftheGuestNetworkfor
reference.
Members
AddSSIDstotheGuestNetworkgroup.You
canoverrideindividualVLANID&schedule
settingsandassignadifferentVLANIDor
schedule.
IV-5-6.Users
Useraccountscanbecreated,monitoredandmanagedforusewiththe
controller’sguestportalfunction.GuestportalsettingscanbefoundatIV-5-7.
GuestPortal(NMSSettings!GuestPortal).
62
Whenaguestportalisenabled,userswhoconnecttotheGuestSSIDwill
automaticallyarriveatthecustomizableguestportalpage.Fromthereauser
accountloginisrequiredtoaccessthenetwork.Theseuseraccountsare
createdandgroupedhere,andthenselectedastheAuthenticationUser
GroupatNMSSettings!GuestPortal.
TheguestportalalsogeneratesaFrontDeskURLwhichallowsstaff/adminsto
loginandquicklycreate/manageuseraccountsandexpirytimes,and
generate&printticketswithlogincredentialstogivetoguestusers.These
staff/adminaccountsarecreatedandgroupedhere,andselectedastheFront
DeskUserGroupatNMSSettings!GuestPortal.
InformationontheUserspageisdisplayedabouteachuseraccountanduser
accountgroup. Thesearchfunctioncanbeusedtolocateauserorusergroup.Typeinthe
searchboxandthelistwillupdate:
TheStatusicondisplaysgrey(loggedout),yellow(expired),red(locked)or
green(active)foreachuser.
TheActioniconscanlock/unlockorrevive(anexpired)
useraccount. Selectauserorusergroupusingthecheck-boxesandclick
“Edit”tomakeconfigurations,orclick“Add”toaddnew
usersandgroups:
63
Add/EditUser
UserSettings
Name
Description
Password
ConfirmPassword
UserGroup
Edittheuseraccountname.
Enteradescriptionoftheuseraccountname
e.g.GuestPortal1
Specifyapasswordfortheaccount.
Confirmthepasswordfortheaccount. Assigntheuseraccounttoausergroupsoit
canbeutilizedbytheguestportal.
Add/EditUserGroup
UserGroupSettings
Name
Edittheusergroupname.
Description
Enteradescriptionoftheusergroupname
e.g.FrontDeskorGuestUsers.
RoleType
SelectwhetherthegroupisforGuestPortal
usersorFrontDeskmanagers.
Members
Selectwhichuseraccountstoincludeinthe
group.
64
IV-5-7.GuestPortal
Displaysinformationaboutguestportalsandallowsyoutoeditguestportal
settings.GuestportalsrequireuserstobecreatedatNMSSettings!Users.
Whenaguestportalisenabled,userswhoconnecttotheGuestSSIDwill
automaticallyarriveatthecustomizableguestportalpage.Fromthereauser
accountloginisrequiredtoaccessthenetwork.Theseuseraccountsare
createdandgroupedatNMSSettings!Users,andthenselectedasthe
AuthenticationUserGrouphere.
TheguestportalalsogeneratesaFrontDeskURLwhichallowsstaff/adminsto
loginandquicklycreate/manageuseraccountsandexpirytimes,and
generate&printticketswithlogincredentialstogivetoguestusers.These
staff/adminaccountsarecreatedandgroupedatNMSSettings!Usersand
thenselectedastheFrontDeskUserGrouphere.
GuestPortalSettings
IdleTimeout
Specifyadurationofidletimeafterwhichthe
guestportalwilltimeout.
LoginPassword
Specifynumberofincorrectloginattempts
RetryLockout
beforetheuseraccountislocked.
65
IV-5-7-1. Add/EditGuestPortal
Addaguestportaloreditanexistingguestportalforusewiththeguest
network.
GuestPortalSettings
Name
Editthenameoftheguestportalfor
reference.
Description
Enteradescriptionoftheguestportalfor
reference.
GuestPortalType Selectaguestportaltype.Referbelowfor
moreinformationaboutavailabletypes.
Authentication
Selectanauthenticationserver:Local
Server
Databaseisthedefaultsetting.
FrontDeskUser
Selectausergroupforfrontdeskaccess.
Group
FrontDesk
DisplaystheURLofyourFrontDeskpage.See
GenerationURL
belowformoreinformation.
FrontDeskPrintout EditthecontentofFrontDeskprintoutticket.
Message
Referbelowformoreinformation.
Authentication
Selectausergroupforlogintotheguest
UserGroup
network.
LandingPage
Specifyalandingpageforusersafter
successfullogin.
66
IV-5-7-1-1.FrontDeskURL
GotothisURLinawebbrowserandmembersoftheFrontDeskUserGroup
canlogintocreateguestaccounts,setexpirylimitsandprintouttickets.
GuestPortalTypeDynamicmustbeselectedtouseFrontDesk. 1. LoginwithanaccountfromtheFrontDeskUserGroup(NMSSettings
!Users).
2. TheGuestAccountWizardallowsyoutosetupanewuseraccountand
configurethevalidperiod&SSID,oruploadabulkguestlistin.csv
format.ClickNexttocontinue.
67
3. Asummaryofthenewaccount(s)isdisplayedwithquicklinkstoprint
ticketsforindividualorallnewaccounts. 4. TheGuestAccountMonitordisplaysallguestaccountsalongwithstatus
andquickactioniconstoprint,reviveexpiredaccountsorlock/unlock
(disable/enable)accounts.
Yellow: Expired
Red: Locked
Grey: Loggedout
Green: Active
Mouseoverastatusoractioniconforadescription,andusethe
arrowstoreorderthelistaccordingtoS/NorStatus.
Anytimeyouchoosetoprintaccount(s)yourbrowserwillopenaprint
dialogboxwhereyoucanselectyourprintdestinationandconfigure
printsettingsasusual:
68
IV-5-7-1-2. FrontDeskPrintout
EditandpreviewthecontentoftheFrontDeskprintoutinthetextboxusing
thevariableslistedintheDefinitionTable.E.g.(USERNAME)willdisplayon
theprintoutasthespecifiedusername.
GuestPortalTypeDynamicmustbeselectedtouseFrontDesk. 69
IV-5-7-1-3.GuestPortalType
Fourtypesofguestportalareavailablefromthedropdownmenu:
Free ServiceLevelAgreement StaticUsers DynamicUsers Redirectsuserstothespecifiedlandingpage,
withnouserloginrequired.
Requiresuserstoaccepttermsandconditions,
withnouserloginrequired.
Requiresuserloginandaccepttermsand
conditions.UsersmustbecreatedinNMSat
NMSSettings!Users.FrontDeskisnotused.
Requiresuserloginandaccepttermsand
conditions.AllowsFrontDesktocreateuser
accountsinadditiontoNMS.
70
IV-5-7-1-4.GuestPortalCustomization
Guestportalcustomizationvariesaccordingtoguestportaltype.ClickEditto
makechanges.
LoginPortalSettings
HeaderImage
LogoImage
TitleMessage
BackgroundColor
TermsofUse
Selectan800x200headerimage.
Selecta200x50logoimage.
Enteratitlemessagefortheguestportal
page.
SpecifyabackgroundcolorasaHEXvalue. Enteryourtermsofuse.
71
IV-5-8.ZoneEdit
ZoneEditdisplaysinformationaboutzonesforusewiththeZonePlanfeature
andallowsyoutoaddoreditzones.
Thesearchfunctioncanbeusedtofindexistingzones.Typeinthesearchbox
andthelistwillupdate:
Makeaselectionusingthecheck-boxesandclick“Edit”or
click“Add”toaddanewzone.
72
Add/EditZone
UploadZoneImage
ChooseFile
Clicktolocateanimagefiletobedisplayedas
amapintheZonePlanfeature.Typicallya
floorplanimageisuseful.
ZoneSetting
Name/Location
Enteranameofthezone/location.
Description
Enteradescriptionofthezone/locationfor
reference.
Members
Assignaccesspointstothespecified
zone/locationforusewiththeZonePlan
feature.
73
IV-5-9.Schedule
Youcandefineschedulesaccordingtoday,starttimeandendtime-and
groupmultipleschedulestogetherintoschedulegroups.
SchedulegroupscanbeassignedtoWLANs,WLANGroups&GuestNetwork
atNMSSettings!WLANandNMSSettings!GuestNetwork.
Add/EditSchedule
Usethecheckboxesanddrop-downmenustosetupyourschedule.
74
Add/EditScheduleGroup
WLANGroupSettings
Name
Edittheschedulegroupname.
Description
Enteradescriptionoftheschedulegroupfor
reference.
Members
Selectindividualschedulestoincludeinthe
schedulegroupusingthecheckboxes.
75
IV-5-10.
SmartRoaming
SmartRoamingenablesyoutosetuptheRoaminggroupsandtheUsedWLAN
SSID,WANGroupandAPNumber.
Beforesetuptheroaminggroup,theWLANSettingsneedtobeconfigured
first.Forexample,pleaseclickNMSSettings>>WLAN,check2.4GHzSSID,and
thenclickEdit. Configure802.11kasEnable.Pleasenote,don'tconfiguretheAuthentication
asOPEN.ThenclickSaveandApply.Pleasewaitabout3minutes.
76
RoamingGroupSettingProcedure:
(1) EnterNameofthissetting.
(2) Enter4characteristicsonMobilityDomain. (3) Enter32characteristicsonEncryptionKey. (4) SelectWLANGroup,andselectWLAN. (5) ItwilldisplayAPsusingthisWLANSetting. (6) ClickEditiconon1stAP. (7) Enter2ndAPMACAddress,clickSaveandClose.
(8) ClickEditiconon2ndAP. (9) Enter1stAPMACAddress,clickSaveandClose. 77
Then,clickSaveandApply,andwaitabout3minutes.Congratulations,you
haveconfigured802.11rand802.11ksuccessfully.
IV-5-11.
DeviceMonitoring
DevicemonitoringenablesyoutospecifyandmonitorthestatusanyIP
devicesonthenetworksuchasIPcameras.Thedescriptionandstatusofeach
deviceisdisplayedinthetable.
AddorEditIPdevicesbyenteringtheIPaddress.
78
IV-5-12. FirmwareUpgrade
FirmwareUpgradeallowsyoutoupgradefirmwaretoAccessPointGroups.
First,uploadthefirmwarefilefromalocaldiskorexternalFTPserver:locate
thefileandclick“Upload”or“Check”.Thetablebelowwilldisplaythe
FirmwareName,FirmwareVersion,NMSVersion,ModelandSize.
Thenclick“UpgradeAll”toupgradeallaccesspointsintheArrayorselect
AccessPointgroupsfromthelistusingcheck-boxesandclick“Upgrade
Selected”toupgradeonlyselectedaccesspoints.
79
IV-5-13.
Advanced
IV-5-13-1. SystemSecurity
ConfiguretheNMSsystemnameandsecuritykeyforcommunication
betweenAPControllerandManagedAPs.
V-5-13-2. Date&Time
Configurethedate&timesettingsoftheAPArray.Thedateandtimeofthe
accesspointscanbeconfiguredmanuallyorcanbesynchronizedwithatime
server.
DateandTimeSettings
LocalTime
Settheaccesspoint’sdateandtimemanually
usingthedropdownmenus.
AcquireCurrent
Click“AcquireCurrentTimefromYourPC”to
TimefromyourPC entertherequiredvaluesautomatically
accordingtoyourcomputer’scurrenttimeand
date.
80
NTPTimeServer
UseNTP
ServerName
UpdateInterval
TimeZone
TimeZone
TheaccesspointalsosupportsNTP(Network
TimeProtocol)forautomatictimeanddate
setup.
EnterthehostnameorIPaddressofthetime
serverifyouwish.
Specifyafrequency(inhours)fortheaccess
pointtoupdate/synchronizewiththeNTP
server.
Selectthetimezoneofyourcountry/region.If
yourcountry/regionisnotlisted,pleaseselect
anothercountry/regionwhosetimezoneisthe
sameasyours.
V-5-13-3. SystemAccounts
ImporttheAPIKeywhichwasreceivedGoogleDevelopers.Thisisforthe
OnlineMapfeatureinZonePlanpage.GraphicalzoneplanswithGoogleMaps
integrationandsetupwizardsareavailableforexpandingandmanaginglarge
networkswithmultipleaccesspoints
Note: Pleasegoto
https://console.developers.google.com/flows/enableapi?apiid=maps_backen
d&keyType=CLIENT_SIDE&reusekey=truetoapplyforanAPIkeyfirsttoutilize
thisfeatureset.
81
82
IV-6. LocalNetwork
IV-6-1.NetworkSettings
IV-6-1-1. LAN-SideIPAddress
The“LAN-sideIPaddress”pageallowsyoutoconfigureyourAPControlleron
yourLocalAreaNetwork(LAN).Youcanenabletheaccesspointto
dynamicallyreceiveanIPaddressfromyourrouter’sDHCPserveroryoucan
specifyastaticIPaddressforyouraccesspoint,aswellasconfigureDNS
servers.YoucanalsosetyourAPControllerasaDHCPservertoassignIP
addressestootherdevicesonyourLAN.
LAN-sideIPAddress
IPAddress
Select“StaticIP”tomanuallyspecifya
Assignment
static/fixedIPaddressforyouraccesspoint.
Select“DHCPClient”foryouraccesspointto
beassignedadynamicIPaddressfromyour
router’sDHCPserver,orselect“DHCPServer”
foryouraccesspointtoactasaDHCPserver
andassignIPaddressesonyourLAN.
StaticIPAddress
IPAddress
SubnetMask
DefaultGateway
SpecifytheIPaddresshere.ThisIPaddress
willbeassignedtoyouraccesspointandwill
replacethedefaultIPaddress.
Specifyasubnetmask.Thedefaultvalueis
255.255.255.0
ForDHCPusers,select“FromDHCP”toget
defaultgatewayfromyourDHCPserveror
83
PrimaryDNS
Address
SecondaryDNS
Address
“User-Defined”toenteragatewaymanually.
ForstaticIPusers,thedefaultvalueisblank.
ForstaticIPusers,thedefaultvalueisblank.
ForstaticIPusers,thedefaultvalueisblank.
DHCPClient
IPAddress
SubnetMask
DefaultGateway
PrimaryDNS
Address
SecondaryDNS
Address
When“DHCPClient”isselectedthisvalue
cannotbemodified.
When“DHCPClient”isselectedthisvalue
cannotbemodified.
Select“FromDHCP”orselect“User-Defined”
andenteradefaultgateway.
Select“FromDHCP”orselect“User-Defined”
andenteraprimaryDNSaddress.
Select“FromDHCP”orselect“User-Defined”
andenterasecondaryDNSaddress.
84
DHCPServer
IPAddress
SubnetMask
IPAddressRange
DomainName
LeaseTime
DefaultGateway
PrimaryDNS
Address
SecondaryDNS
Address
SpecifytheIPaddresshere.ThisIPaddress
willbeassignedtoyouraccesspointandwill
replacethedefaultIPaddress.
Specifyasubnetmask.Thedefaultvalueis
255.255.255.0
EnterthestartandendIPaddressoftheIP
addressrangewhichyouraccesspoint’sDHCP
serverwillassigntodevicesonthenetwork.
Enteradomainname.
Selectaleasetimefromthedropdown
menu.IPaddresseswillbeassignedforthis
periodoftime.
Enteradefaultgateway.
EnteraprimaryDNSaddress.
EnterasecondaryDNSaddress.
Youraccesspoint’sDHCPservercanbeconfiguredtoassignstatic(fixed)IP
addressestospecifiednetworkdevices,identifiedbytheiruniqueMACaddress:
DHCPServerStaticIPAddress
MACAddress
EntertheMACaddressofthenetworkdevice
85
IPAddress
Add
tobeassignedastaticIPaddress.
SpecifytheIPaddresstoassignthedevice.
ClicktoassigntheIPaddresstothedevice.
IV-6-1-2. LANPortSettings
The“LANPort”pageallowsyoutoconfigurethesettingsforyourAP
ControllerswiredLAN(Ethernet)ports.
WiredLANPort
Enable
Speed&Duplex
FlowControl
802.3az
IdentifiesLANport1or2.
Enable/disablespecifiedLANport.
Selectaspeed&duplextypeforspecifiedLAN
port,orusethe“Auto”value.LANportscan
operateupto1000Mbpsandfull-duplex
enablessimultaneousdatapackets
transfer/receive.
Enable/disableflowcontrol.Flowcontrolcan
pausenewsessionrequestuntilcurrentdata
processingiscomplete,inordertoavoid
deviceoverloadsunderheavytraffic.
Enable/disable802.3az.802.3azisanEnergy
EfficientEthernetfeaturewhichdisables
unusedinterfacestoreducepowerusage.
86
IV-6-1-3. VLAN
The“VLAN”(VirtualLocalAreaNetwork)pageenablesyoutoconfigureVLAN
settings.AVLANisalocalareanetworkwhichmapsworkstationsvirtually
insteadofphysicallyandallowsyoutogrouptogetherorisolateusersfrom
eachother.VLANIDs1–4094aresupported.
VLANIDsintherange1–4094aresupported.
VLANInterface
WiredLAN
Port/Wireless
VLANMode
VLANID
IdentifiesLANport1or2andwirelessSSIDs
(2.4GHzor5GHz).
Select“TaggedPort”or“UntaggedPort”for
specifiedLANinterface.
SetaVLANIDforspecifiedinterface,if
“UntaggedPort”isselected.
ManagementVLAN
VLANID
SpecifytheVLANIDofthemanagementVLAN.
OnlythehostsbelongingtothesameVLANcan
managethedevice.
87
IV-6-2.2.4GHz11bgn(NotavailableontheWLC-6404)
The“2.4GHz11bgn”menuallowsyoutoviewandconfigureinformationfor
youraccesspoint’s2.4GHzwirelessnetworkacrossfourcategories:Basic,
Advanced,SecurityandWDS.
IV-6-2-1. Basic
The“Basic”screendisplaysbasicsettingsforyouraccesspoint’s2.4GHzWi-Fi
network(s).
Whenautochannelisdisabled,selectawirelesschannelmanually:
Channel Selectawirelesschannelfrom1–11.
ChannelBandwidth Setthechannelbandwidth:20MHz(lower
performancebutlessinterference),40MHz
(higherperformancebutpotentiallyhigher
interference)orAuto(automaticallyselect
basedoninterferencelevel). BSSBasicRateSet
SetaBasicServiceSet(BSS)rate:thisisa
seriesofratestocontrolcommunication
framesforwirelessclients.
88
IV-6-2-2. Advanced
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthe
valuesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceof
youraccesspoint.
ContentionSlot
Select“Short”or“Long”–thisvalueisusedfor
contentionwindowsinWMM(seeIV-6-7.
WMM).
PreambleType
Setthewirelessradiopreambletype.The
preambletypein802.11basedwireless
communicationdefinesthelengthoftheCRC
(CyclicRedundancyCheck)blockfor
communicationbetweentheaccesspointand
roamingwirelessadapters.Thedefaultvalueis
“ShortPreamble”.
GuardInterval
Settheguardinterval. Ashorterintervalcan
improveperformance.
802.11gProtection Enable/disable802.11gprotection,which
increasesreliabilitybutreducesbandwidth
(clientswillsendRequesttoSend(RTS)to
accesspoint,andaccesspointwillbroadcast
CleartoSend(CTS),beforeapacketissent
fromclient.)
89
802.11nProtection Enable/disable802.11nprotection,which
increasesreliabilitybutreducesbandwidth
(clientswillsendRequesttoSend(RTS)to
accesspoint,andaccesspointwillbroadcast
CleartoSend(CTS),beforeapacketissent
fromclient.)
DTIMPeriod
SettheDTIM(deliverytrafficindication
message)periodvalueofthewirelessradio.
Thedefaultvalueis1.
RTSThreshold
SettheRTSthresholdofthewirelessradio.The
defaultvalueis2347.
Fragment
Setthefragmentthresholdofthewireless
Threshold
radio.Thedefaultvalueis2346.
MulticastRate
Setthetransferrateformulticastpacketsor
usethe“Auto”setting.
TxPower
Setthepoweroutputofthewirelessradio.You
maynotrequire100%outputpower. Setting
alowerpoweroutputcanenhancesecurity
sincepotentiallymalicious/unknownusersin
distantareaswillnotbeabletoaccessyour
signal.
BeaconInterval
Setthebeaconintervalofthewirelessradio.
Thedefaultvalueis100.
Stationidle
Settheintervalforkeepalivemessagesfrom
timeout
theaccesspointtoawirelessclienttoverifyif
thestationisstillalive/active.
90
IV-6-2-3. Security
Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).
Whendataisencrypted,informationtransmittedwirelesslycannotbereadby
anyonewhodoesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertoprevent
unauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsof
numbers,lettersandsymbols,andchangeyourpassword
regularly.
SSID
BroadcastSSID
WirelessClient
Isolation
SelectwhichSSIDtoconfiguresecuritysettings
for.
EnableordisableSSIDbroadcast.When
enabled,theSSIDwillbevisibletoclientsasan
availableWi-Finetwork.Whendisabled,the
SSIDwillnotbevisibleasanavailableWi-Fi
networktoclients–clientsmustmanually
entertheSSIDinordertoconnect.Ahidden
(disabled)SSIDistypicallymoresecurethana
visible(enabled)SSID.
Enableordisablewirelessclientisolation.
Wirelessclientisolationpreventsclients
connectedtotheaccesspointfrom
communicatingwitheachotherandimproves
security.Typically,thisfunctionisusefulfor
corporateenvironmentsorpublichotspots
andcanpreventbruteforceattacksonclients’
usernamesandpasswords.
91
LoadBalancing
Authentication
Method
Additional
Authentication
Loadbalancinglimitsthenumberofwireless
clientsconnectedtoanSSID.Setaload
balancingvalue(maximum50).
Selectanauthenticationmethodfromthedrop
downmenuandrefertotheinformation
belowappropriateforyourmethod.
Selectanadditionalauthenticationmethod
fromthedropdownmenuandrefertothe
informationbelow(IV-6-2-3-6.)appropriatefor
yourmethod.
IV-6-2-3-1. NoAuthentication
Authenticationisdisabledandnopassword/keyisrequiredtoconnecttothe
accesspoint.
Disablingwirelessauthenticationisnotrecommended.When
disabled,anybodywithinrangecanconnecttoyourdevice’sSSID.
IV-6-2-3-2. WEP
WEP(WiredEquivalentPrivacy)isabasicencryptiontype.Forahigher
levelofsecurityconsiderusingWPAencryption.
KeyLength
Select64-bitor128-bit.128-bitismoresecure
than64-bitandisrecommended.
KeyType
Choosefrom“ASCII”
(anyalphanumericalcharacter0-9,a-zandA-Z)
or“Hex”(anycharactersfrom0-9,a-fand
A-F).
DefaultKey
Selectwhichencryptionkey(1–4below)isthe
defaultkey.Forsecuritypurposes,youcanset
uptofourkeys(below)andchangewhichis
thedefaultkey.
EncryptionKey1– Enteryourencryptionkey/passwordaccording
4
totheformatyouselectedabove.
92
IV-6-2-3-3. IEEE802.1x/EAP
KeyLength
Select64-bitor128-bit.128-bitismoresecure
than64-bitandisrecommended.
IV-6-2-3-4. WPA-PSK
WPA-PSKisasecurewirelessencryptiontypewithstrongdata
protectionanduserauthentication,utilizing128-bitencryptionkeys.
WPAType
Encryption
KeyRenewal
Interval
Pre-SharedKey
Type
Pre-SharedKey
SelectfromWPA/WPA2MixedMode-PSK,
WPA2orWPAonly.WPA2issaferthanWPA
only,butnotsupportedbyallwirelessclients.
Pleasemakesureyourwirelessclientsupports
yourselection.
Select“TKIP/AESMixedMode”or“AES”
encryptiontype.
Specifyafrequencyforkeyrenewalin
minutes.
Choosefrom“Passphrase”(8–63
alphanumericcharacters)or“Hex”(upto64
charactersfrom0-9,a-fandA-F). Pleaseenterasecuritykey/passwordaccording
totheformatyouselectedabove.
IV-6-2-3-5. WPA-EAP
WPAType
Encryption
KeyRenewal
Interval
SelectfromWPA/WPA2MixedMode-EAP,
WPA2-EAPorWPA-EAP.
Select“TKIP/AESMixedMode”or“AES”
encryptiontype.
Specifyafrequencyforkeyrenewalin
minutes.
WPA-EAPmustbedisabledtouseMAC-RADIUSauthentication.
93
IV-6-2-3-6. AdditionalAuthentication
Additionalwirelessauthenticationmethodscanalsobeused:
MACAddressFilter
RestrictwirelessclientsaccessbasedonMACaddressspecifiedintheMAC
filtertable.
SeeIV-6-6.MACFiltertoconfigureMACfiltering.
MACFilter&MAC-RADIUSAuthentication
RestrictwirelessclientsaccessusingbothoftheaboveMACfiltering&
RADIUSauthenticationmethods.
MAC-RADIUSAuthentication
RestrictwirelessclientsaccessbasedonMACaddressviaaRADIUSserver,or
passwordauthenticationviaaRADIUSserver.
SeeIV-6-5.RADIUStoconfigureRADIUSservers.
WPSmustbedisabledtouseMAC-RADIUSauthentication.See
IV-6-4.forWPSsettings.
MACRADIUS
Password
SelectwhethertouseMACaddressor
passwordauthenticationviaRADIUSserver.If
youselect“Usethefollowingpassword”,enter
thepasswordinthefieldbelow.Thepassword
shouldmatchthe“SharedSecret”usedin
IV-6-5.RADIUS.
94
IV-6-2-4. WDS
WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogether
inanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.
WhenusingWDS,configuretheIPaddressofeachaccesspointto
beinthesamesubnetandensurethereisonlyoneactiveDHCP
serveramongconnectedaccesspoints,preferablyontheWAN
side.
WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.
Allaccesspointsshouldusethesamewirelesschannelandencryption
method.
95
2.4GHz
WDSFunctionality Select“WDSwithAP”touseWDSwithaccess
pointor“WDSDedicatedMode”touseWDS
andalsoblockcommunicationwithregular
wirelessclients.WhenWDSisused,each
accesspointshouldbeconfiguredwith
correspondingMACaddresses,wireless
channelandwirelessencryptionmethod.
LocalMACAddress DisplaystheMACaddressofyouraccesspoint.
WDSPeerSettings
WDS#
WDSVLAN
VLANMode
VLANID
EntertheMACaddressforuptofourother
WDSdevicesyouwishtoconnect.
SpecifytheWDSVLANmodeto“Untagged
Port”or“TaggedPort”.
SpecifytheWDSVLANIDwhen“Untagged
Port”isselectedabove.
WDSEncryptionmethod
Encryption
Selectwhethertouse“None”or“AES”
encryptionandenterapre-sharedkeyforAES
consistingof8-63alphanumericcharacters.
96
IV-6-3.
5GHz11ac11an(NotavailableontheWLC-6404)
The“5GHz11ac11an”menuallowsyoutoviewandconfigureinformationfor
youraccesspoint’s5GHzwirelessnetworkacrossfourcategories:Basic,
Advanced,SecurityandWDS.
IV-6-3-1. Basic
The“Basic”screendisplaysbasicsettingsforyouraccesspoint’s5GHzWi-Fi
network(s).
Wireless
Band
Enableordisabletheaccesspoint’s5GHz
wirelessradio.Whendisabled,no5GHzSSIDs
willbeactive.
Selectthewirelessstandardusedforthe
97
accesspoint.Combinationsof802.11a,
802.11n&802.11accanbeselected.
EnableSSIDNumber SelecthowmanySSIDstoenableforthe5GHz
frequencyfromthedropdownmenu.A
maximumof16canbeenabled.
SSID#
EntertheSSIDnameforthespecifiedSSID(up
to16).TheSSIDcanconsistofany
combinationofupto32alphanumeric
characters.
VLANID
SpecifyaVLANIDforeachSSID.
AutoChannel
Enable/disableautochannelselection.Auto
channelselectionwillautomaticallysetthe
wirelesschannelfortheaccesspoint’s5GHz
frequencybasedonavailabilityandpotential
interference.Whendisabled,selectachannel
manuallyasshowninthenexttable.
AutoChannelRange Selectarangefromwhichtheautochannel
setting(above)willchooseachannel.
AutoChannel
Specifyafrequencyforhowoftentheauto
Interval
channelsettingwillcheck/reassignthe
wirelesschannel.Check/uncheckthe“Change
channelevenifclientsareconnected”box
accordingtoyourpreference.
ChannelBandwidth Setthechannelbandwidth:20MHz(lower
performancebutlessinterference),Auto
40/20MHzorAuto80/40/20MHz
(automaticallyselectbasedoninterference
level).
BSSBasicRateSet
SetaBasicServiceSet(BSS)rate:thisisa
seriesofratestocontrolcommunication
framesforwirelessclients.
Whenautochannelisdisabled,selectawirelesschannelmanually:
Channel Selectawirelesschannel.
ChannelBandwidth Setthechannelbandwidth:20MHz(lower
performancebutlessinterference),Auto
40/20MHzorAuto80/40/20MHz
(automaticallyselectbasedoninterference
level).
98
BSSBasicRateSet
SetaBasicServiceSet(BSS)rate:thisisa
seriesofratestocontrolcommunication
framesforwirelessclients.
IV-6-3-2. Advanced
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthe
valuesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceof
youraccesspoint.
GuardInterval
Settheguardinterval.Ashorterintervalcan
improveperformance.
802.11nProtection Enable/disable802.11nprotection,which
increasesreliabilitybutreducesbandwidth
(clientswillsendRequesttoSend(RTS)to
accesspoint,andaccesspointwillbroadcast
CleartoSend(CTS),beforeapacketissent
fromclient.)
DTIMPeriod
SettheDTIM(deliverytrafficindication
message)periodvalueofthewirelessradio.
Thedefaultvalueis1.
RTSThreshold
SettheRTSthresholdofthewirelessradio.The
defaultvalueis2347.
Fragment
Setthefragmentthresholdofthewireless
Threshold
radio.Thedefaultvalueis2346.
MulticastRate
Setthetransferrateformulticastpacketsor
usethe“Auto”setting.
99
TxPower
BeaconInterval
Stationidle
timeout
Setthepoweroutputofthewirelessradio.You
maynotrequire100%outputpower.Settinga
lowerpoweroutputcanenhancesecuritysince
potentiallymalicious/unknownusersindistant
areaswillnotbeabletoaccessyoursignal.
Setthebeaconintervalofthewirelessradio.
Thedefaultvalueis100.
Settheintervalforkeepalivemessagesfrom
theaccesspointtoawirelessclienttoverifyif
thestationisstillalive/active.
IV-6-3-3. Security
Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).
Whendataisencrypted,informationtransmittedwirelesslycannotbereadby
anyonewhodoesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertoprevent
unauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsof
numbers,lettersandsymbols,andchangeyourpassword
regularly.
SSID
SelectwhichSSIDtoconfiguresecuritysettings
for.
100
BroadcastSSID
WirelessClient
Isolation
LoadBalancing
Authentication
Method
Additional
Authentication
EnableordisableSSIDbroadcast.When
enabled,theSSIDwillbevisibletoclientsasan
availableWi-Finetwork.Whendisabled,the
SSIDwillnotbevisibleasanavailableWi-Fi
networktoclients–clientsmustmanually
entertheSSIDinordertoconnect.Ahidden
(disabled)SSIDistypicallymoresecurethana
visible(enabled)SSID.
Enableordisablewirelessclientisolation.
Wirelessclientisolationpreventsclients
connectedtotheaccesspointfrom
communicatingwitheachotherandimproves
security.Typically,thisfunctionisusefulfor
corporateenvironmentsorpublichotspots
andcanpreventbruteforceattacksonclients’
usernamesandpasswords.
Loadbalancinglimitsthenumberofwireless
clientsconnectedtoanSSID.Setaload
balancingvalue(maximum50).
Selectanauthenticationmethodfromthedrop
downmenuandrefertotheinformation
belowappropriateforyourmethod.
Selectanadditionalauthenticationmethod
fromthedropdownmenuandrefertothe
informationbelowappropriateforyour
method.
PleasereferbacktoIV-6-2-3.Securityformoreinformationonauthentication
andadditionalauthenticationtypes.
101
IV-6-3-4. WDS
WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogether
inanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.
WhenusingWDS,configuretheIPaddressofeachaccesspointto
beinthesamesubnetandensurethereisonlyoneactiveDHCP
serveramongconnectedaccesspoints,preferablyontheWAN
side.
WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.
Allaccesspointsshouldusethesamewirelesschannelandencryption
method.
5GHzWDSMode
WDSFunctionality Select“WDSwithAP”touseWDSwithaccess
pointor“WDSDedicatedMode”touseWDS
andalsoblockcommunicationwithregular
wirelessclients.WhenWDSisused,each
accesspointshouldbeconfiguredwith
correspondingMACaddresses,wireless
channelandwirelessencryptionmethod.
LocalMACAddress DisplaystheMACaddressofyouraccesspoint.
102
WDSPeerSettings
WDS#
WDSVLAN
VLANMode
VLANID
WDSEncryption
Encryption
EntertheMACaddressforuptofourother
WDAdevicesyouwishtoconnect.
SpecifytheWDSVLANmodeto“Untagged
Port”or“TaggedPort”.
SpecifytheWDSVLANIDwhen“Untagged
Port”isselectedabove.
Selectwhethertouse“None”or“AES”
encryptionandenterapre-sharedkeyforAES
with8-63alphanumericcharacters.
IV-6-4.WPS(NotavailableontheWLC-6404)
Wi-FiProtectedSetupisasimplewaytoestablishconnectionsbetweenWPS
compatibledevices.WPScanbeactivatedoncompatibledevicesbypushinga
WPSbuttononthedeviceorfromwithinthedevice’sfirmware/configuration
interface(knownasPBCor“PushButtonConfiguration”).WhenWPSis
activatedinthecorrectmannerandatthecorrecttimefortwocompatible
devices,theywillautomaticallyconnect.“PINcodeWPS”isavariationofPBC
whichincludestheadditionaluseofaPINcodebetweenthetwodevicesfor
verification.
Pleaserefertomanufacturer’sinstructionsforyourotherWPS
device.
103
WPS
Check/uncheckthisboxtoenable/disableWPS
functionality.WPSmustbedisabledwhen
usingMAC-RADIUSauthentication(see
IV-6-2-3-6.&IV-6-5).
ProductPIN
DisplaystheWPSPINcodeofthedevice,used
forPINcodeWPS.Youwillberequiredtoenter
thisPINcodeintoanotherWPSdeviceforPIN
codeWPS.Click“GeneratePIN”togeneratea
newWPSPINcode.
Click“Start”toactivateWPSontheaccess
pointforapproximately2minutes.Thishasthe
sameeffectasphysicallypushingtheaccess
point’sWPSbutton.
EnterthePINcodeofanotherWPSdeviceand
click“Start”toattempttoestablishaWPS
connectionforapproximately2minutes.
Push-ButtonWPS
WPSbyPIN
WPSStatus
WPSsecuritystatusisdisplayedhere.Click
“Release”tocleartheexistingstatus.
IV-6-5.RADIUS(NotavailableontheWLC-6404)
TheRADIUSsubmenuallowsyoutoconfiguretheaccesspoint’sRADIUS
serversettings,categorizedintothreesubmenus:RADIUSsettings,Internal
ServerandRADIUSaccounts.
ARADIUSserverprovidesuser-basedauthenticationtoimprovesecurityand
offerwirelessclientcontrol–userscanbeauthenticatedbeforegaining
accesstoanetwork.
104
Theaccesspointcanutilizebothaprimaryandsecondary(backup)RADIUS
serverforeachofitswirelessfrequencies(2.4GHz&5GHz).ExternalRADIUS
serverscanbeusedortheaccesspoint’sinternalRADIUSservercanbeused.
TouseRADIUSservers,goto“Local
Network”! “Security”! “AdditionalAuthentication”andselect
“MACRADIUSAuthentication”(seeIV-6-2-3.&IV-6-3-3).
105
IV-6-5-1. RADIUSSettings
ConfiguretheRADIUSserversettingsfor2.4GHz&5GHz.Eachfrequencycan
useaninternalorexternalRADIUSserver.
106
RADIUSType
Select“Internal”tousetheaccesspoint’s
built-inRADIUSserveror“external”tousean
externalRADIUSserver.
RADIUSServer
EntertheRADIUSserverhostIPaddress.
Authentication
Port
SettheUDPportusedintheauthentication
protocoloftheRADIUSserver.Valuemustbe
between1–65535.
Enterasharedsecret/passwordbetween1–
99charactersinlength.Thisshouldmatchthe
“MAC-RADIUS”passwordusedinIV-3-1-3-6or
IV-3-2-3.
Setadurationofsessiontimeoutinseconds
between0–86400.
EnableordisableRADIUSaccounting.
SharedSecret
SessionTimeout
Accounting
AccountingPort
Whenaccountingisenabled(above),setthe
UDPportusedintheaccountingprotocolof
theRADIUSserver.Valuemustbebetween1–
65535.
IV-6-5-2. InternalServer
Theaccesspointfeaturesabuilt-inRADIUSserverwhichcanbeconfiguredas
shownbelowusedwhen“Internal”isselectedfor“RADIUSType”inthe“Local
Network”!“RADIUSSettings”menu.
TouseRADIUSservers,goto“Wireless
Settings”! “Security”“AdditionalAuthentication”andselect“MAC
RADIUSAuthentication”(seeIV-6-2-3.&IV-6-3-3).
107
InternalServer
Check/unchecktoenable/disabletheaccess
point’sinternalRADIUSserver.
EAPInternal
SelectEAPinternalauthenticationtypefrom
Authentication
thedropdownmenu.
EAPCertificateFile DisplaystheEAPcertificatefileformat:
Format
PCK#12(*.pfx/*.p12)
EAPCertificateFile Click“Upload”toopenanewwindowand
selectthelocationofanEAPcertificatefileto
use.Ifnocertificatefileisuploaded,the
internalRADIUSserverwilluseaself-made
certificate.
SharedSecret
Enterasharedsecret/passwordforuse
betweentheinternalRADIUSserverand
RADIUSclient.Thesharedsecretshouldbe1–
99charactersinlength.Thisshouldmatchthe
“MAC-RADIUS”passwordusedinIV-6-2-3-6or
IV-6-3-3.
SessionTimeout
Setadurationofsessiontimeoutinseconds
between0–86400.
TerminationAction Selectatermination-actionattribute:
“Reauthentication”sendsaRADIUSrequestto
theaccesspoint,“Not-Reathentication”sends
adefaulttermination-actionattributetothe
accesspoint,“Not-Send”no
termination-actionattributeissenttothe
accesspoint.
108
IV-6-5-3. RADIUSAccounts
TheinternalRADIUSservercanauthenticateupto256useraccounts.The
“RADIUSAccounts”pageallowsyoutoconfigureandmanageusers.
UserName
Add
Reset
Select
UserName
Password
Customize
Entertheusernameshere,separatedby
commas.
Click“Add”toaddtheusertotheuser
registrationlist.
Cleartextfromtheusernamebox.
Checktheboxtoselectauser.
Displaystheusername.
Displaysifspecifiedusernamehasapassword
(configured)ornot(notconfigured).
Click“Edit”toopenanewfieldtoset/edita
109
passwordforthespecifiedusername(below).
DeleteSelected
DeleteAll
Deleteselecteduserfromtheuserregistration
list.
Deleteallusersfromtheuserregistrationlist.
EditUserRegistrationList
UserName
Password
Existingusernameisdisplayedhereandcan
beeditedaccordingtoyourpreference.
Enteroreditapasswordforthespecifieduser.
110
IV-6-6.MACFilter(NotavailableontheWLC-6404)
Macfilteringisasecurityfeaturethatcanhelptopreventunauthorizedusers
fromconnectingtoyouraccesspoint.
Thisfunctionallowsyoutodefinealistofnetworkdevicespermittedto
connecttotheaccesspoint.DevicesareeachidentifiedbytheiruniqueMAC
address.IfadevicewhichisnotonthelistofpermittedMACaddresses
attemptstoconnecttotheaccesspoint,itwillbedenied.
ToenableMACfiltering,goto“LocalSettings”! “Security”!
“AdditionalAuthentication”andselect“MACFilter”(see
IV-6-2-3.&IV-6-3-3).
TheMACaddressfilteringtableisdisplayedbelow:
111
AddMACAddress
Add
Reset
EnteraMACaddressofcomputerornetwork
devicemanuallye.g.‘aa-bb-cc-dd-ee-ff’or
entermultipleMACaddressesseparatedwith
commas,e.g.
‘aa-bb-cc-dd-ee-ff,aa-bb-cc-dd-ee-gg’
Click“Add”toaddtheMACaddresstothe
MACaddressfilteringtable. Clearallfields.
MACaddressentrieswillbelistedinthe“MACAddressFilteringTable”.Select
anentryusingthe“Select”checkbox.
Select
Deleteselectedorallentriesfromthetable.
MACAddress
TheMACaddressislistedhere.
DeleteSelected
DeletetheselectedMACaddressfromthe
list.
DeleteAll
DeleteallentriesfromtheMACaddress
filteringtable.
Export
Click“Export”tosaveacopyoftheMAC
filteringtable.Anewwindowwillpopupfor
youtoselectalocationtosavethefile.
112
IV-6-7.WMM(NotavailableontheWLC-6404)
Wi-FiMultimedia(WMM)isaWi-FiAllianceinteroperabilitycertification
basedontheIEEE802.11estandard,whichprovidesQualityofService(QoS)
featurestoIEE802.11networks.WMMprioritizestrafficaccordingtofour
categories:background,besteffort,videoandvoice.
ConfiguringWMMconsistsofadjustingparametersonqueuesfordifferent
categoriesofwirelesstraffic.Trafficissenttothefollowingqueues:
Background Low
Highthroughput,nontimesensitivebulk
Priority
datae.g.FTP
BestEffort Medium
TraditionalIPdata,mediumthroughputand
Priority
delay.
Video
High
Timesensitivevideodatawithminimum
Priority
timedelay.
Voice
High
TimesensitivedatasuchasVoIPand
Priority
streamingmediawithminimumtimedelay.
Queuesautomaticallyprovideminimumtransmissiondelaysforvideo,voice,
multimediaandcriticalapplications.Thevaluescanfurtherbeadjusted
manually:
113
CWMin
CWMax
AIFSN
TxOP
MinimumContentionWindow(milliseconds):
Thisvalueisinputtotheinitialrandom
backoffwaittimealgorithmforretryofadata
frametransmission.Thebackoffwaittimewill
begeneratedbetween0andthisvalue.Ifthe
frameisnotsent,therandombackoffvalueis
doubleduntilthevaluereachesthenumber
definedbyCWMax(below).TheCWMinvalue
mustbelowerthantheCWMaxvalue.The
contentionwindowschemehelpstoavoid
framecollisionsanddeterminepriorityof
frametransmission.Ashorterwindowhasa
higherprobability(priority)oftransmission.
MaximumContentionWindow(milliseconds):
Thisvalueistheupperlimittorandom
backoffvaluedoubling(seeabove). ArbitrationInter-FrameSpace(milliseconds):
Specifiesadditionaltimebetweenwhena
channelgoesidleandtheAP/clientsends
dataframes.TrafficwithalowerAIFSNvalue
hasahigherpriority.
TransmissionOpportunity(milliseconds):The
maximumintervaloftimeanAP/clientcan
transmit.Thismakeschannelaccessmore
efficientlyprioritized.Avalueof0meansonly
oneframepertransmission.Agreatervalue
effectshigherpriority.
IV-6-8.InternalServer
IV-6-8-1. InternalRADIUSServer
Thecontrollerfeaturesabuilt-inRADIUSserverwhichcanbeconfiguredas
shownbelowusedwhen“Internal”isselectedfor“RADIUSType”inthe“Local
Network”!“RADIUSSettings”menu.
TouseRADIUSservers,goto“Wireless
Settings”! “Security”“AdditionalAuthentication”andselect“MAC
RADIUSAuthentication”(seeIV-6-2-3.&IV-6-3-3).
114
InternalServer
Check/unchecktoenable/disabletheaccess
point’sinternalRADIUSserver.
EAPInternal
SelectEAPinternalauthenticationtypefrom
Authentication
thedropdownmenu.
EAPCertificateFile DisplaystheEAPcertificatefileformat:
Format
PCK#12(*.pfx/*.p12)
EAPCertificateFile Click“Upload”toopenanewwindowand
selectthelocationofanEAPcertificatefileto
use.Ifnocertificatefileisuploaded,the
internalRADIUSserverwilluseaself-made
certificate.
SharedSecret
Enterasharedsecret/passwordforuse
betweentheinternalRADIUSserverand
RADIUSclient.Thesharedsecretshouldbe1–
99charactersinlength.Thisshouldmatchthe
“MAC-RADIUS”passwordusedinIV-6-2-3-6or
IV-6-3-3.
SessionTimeout
Setadurationofsessiontimeoutinseconds
between0–86400.
TerminationAction Selectatermination-actionattribute:
“Reauthentication”sendsaRADIUSrequestto
theaccesspoint,“Not-Reathentication”sends
adefaulttermination-actionattributetothe
accesspoint,“Not-Send”no
termination-actionattributeissenttothe
accesspoint.
115
IV-6-8-2. RADIUSAccounts
TheinternalRADIUSservercanauthenticateupto256useraccounts.The
“RADIUSAccounts”pageallowsyoutoconfigureandmanageusers.
UserName
Add
Reset
Select
UserName
Password
Customize
Entertheusernameshere,separatedby
commas.
Click“Add”toaddtheusertotheuser
registrationlist.
Cleartextfromtheusernamebox.
Checktheboxtoselectauser.
Displaystheusername.
Displaysifspecifiedusernamehasapassword
(configured)ornot(notconfigured).
Click“Edit”toopenanewfieldtoset/edita
passwordforthespecifiedusername(below).
116
DeleteSelected
DeleteAll
Deleteselecteduserfromtheuserregistration
list.
Deleteallusersfromtheuserregistrationlist.
EditUserRegistrationList
UserName
Password
Existingusernameisdisplayedhereandcan
beeditedaccordingtoyourpreference.
Enteroreditapasswordforthespecifieduser.
IV-6-9.Schedule
Scheduleallowstheusertoconfigurespecifictimesanddateswhentheradio
ofthewirelessaccountwillbedisabled. Thisisdesignedtoprevent
unwantedaccessduringnon-applicationhours.
117
IV-7. LocalSettings
IV-7-1.OperationMode(NotavailableontheWLC-6404)
Settheoperationmodeoftheaccesspoint.APmodeisastandaloneaccess
point,APcontrollermodeactsasthedesignatedmasteroftheAParray,and
ManagedAPmodeactsasaslaveAPwithintheAParray.
IV-7-2.SystemSettings
IV-7-2-1. SystemInformation
The“SystemInformation”pagedisplaysbasicsysteminformationaboutthe
accesspoint.
118
System
Model
Displaysthemodelnumberoftheaccess
point.
ProductName
Displaystheproductnameforreference,
whichconsistsof“AP”plustheMACaddress.
Uptime
Displaysthetotaltimesincethedevicewas
turnedon.
BootFrom
Displaysinformationforthebooted
hardware,bootedfromeitherUSBorinternal
memory.
Version
Displaysthefirmwareversion.
MACAddress
Displaystheaccesspoint’sMACaddress.
ManagementVLAN DisplaysthemanagementVLANID.
ID
IPAddress
DisplaystheIPaddressofthisdevice.Click
“Refresh”toupdatethisvalue.
Default Gateway DisplaystheIPaddressofthedefault
gateway.
DNS
IPaddressofDNS(DomainNameServer)
DHCPServer
IPaddressofDHCPServer.
WiredLANPortSettings
WiredLANPort
SpecifieswhichLANport(1or2).
Status
DisplaysthestatusofthespecifiedLANport
119
VLANMode/ID
(connectedordisconnected).
DisplaystheVLANmode(taggedoruntagged)
andVLANIDforthespecifiedLANport.See
IV-6-1-3.VLAN
Wireless2.4GHz(5GHz)
Status
Displaysthestatusofthe2.4GHzor5GHz
wireless(enabledordisabled).
MACAddress
Displaystheaccesspoint’sMACaddress.
Channel
Displaysthechannelnumberthespecified
wirelessfrequencyisusingforbroadcast.
TransmitPower
Displaysthewirelessradiotransmitpower
levelasapercentage.
Wireless2.4GHZ(5GHz)/SSID
SSID
DisplaystheSSIDname(s)forthespecified
frequency.
Authentication
Displaystheauthenticationmethodforthe
Method
specifiedSSID.SeeIV-6.WirelessSettings
EncryptionType
Displaystheencryptiontypeforthespecified
SSID.SeeIV-6.WirelessSettings
VLANID
DisplaystheVLANIDforthespecifiedSSID.
SeeIV-6-1-3.VLAN
Additional
Displaystheadditionalauthenticationtypefor
Authentication
thespecifiedSSID.SeeIV-6.WirelessSettings
WirelessClient
Displayswhetherwirelessclientisolationisin
Isolation
useforthespecifiedSSID.SeeIV-6-1-3.VLAN
Wireless2.4GHZ(5GHz)/WDSStatus
MACAddress
Displaysthepeeraccesspoint’sMACaddress.
EncryptionType
Displaystheencryptiontypeforthespecified
WDS.SeeIV-6-2-4.WDS
VLANMode/ID
DisplaystheVLANIDforthespecifiedWDS.
SeeIV-6-2-4.WDS
Refresh
Clicktorefreshallinformation.
120
IV-7-2-2. WirelessClients(NotavailableontheWLC-6404)
The“WirelessClients”pagedisplaysinformationaboutallwirelessclients
connectedtotheaccesspointonthe2.4GHzor5GHzfrequency.
Refreshtime
AutoRefreshTime
ManualRefresh
Selectatimeintervalfortheclienttablelistto
automaticallyrefresh.
Clickrefreshtomanuallyrefreshtheclient
table.
2.4GHz(5GHz)WLANClientTable
SSID
DisplaystheSSIDwhichtheclientis
connectedto.
MACAddress
DisplaystheMACaddressoftheclient.
Tx
Displaysthetotaldatapacketstransmittedby
thespecifiedclient.
Rx
Displaysthetotaldatapacketsreceivedby
thespecifiedclient.
Signal(%)
Displaysthewirelesssignalstrengthforthe
specifiedclient.
ConnectedTime
Displaysthetotaltimethewirelessclienthas
beenconnectedtotheaccesspoint.
IdleTime
Clientidletimeisthetimeforwhichtheclient
hasnottransmittedanydatapacketsi.e.is
idle.
Vendor
Thevendoroftheclient’swirelessadapteris
displayedhere.
121
IV-7-2-3. WirelessMonitor(NotavailableontheWLC-6404)
WirelessMonitorisatoolbuiltintotheaccesspointtoscanandmonitorthe
surroundingwirelessenvironment.Selectafrequencyandclick“Scan”to
displayalistofallSSIDswithinrangealongwithrelevantdetailsforeachSSID.
WirelessMonitor
SiteSurvey
ChannelSurvey
Result
SiteSurveyResults
Ch
SSID
MACAddress
Security
Signal(%)
Type
Vendor
Selectwhichfrequency(orboth)toscan,and
click“Scan”tobegin.
Afterascaniscomplete,click“Export”tosave
theresultstolocalstorage.
Displaysthechannelnumberusedbythe
specifiedSSID.
DisplaystheSSIDidentifiedbythescan.
DisplaystheMACaddressofthewireless
router/accesspointforthespecifiedSSID.
Displaystheauthentication/encryptiontype
ofthespecifiedSSID.
Displaysthecurrentsignalstrengthofthe
SSID.
Displaysthe802.11wirelessnetworking
standard(s)ofthespecifiedSSID.
Displaysthevendorofthewireless
router/accesspointforthespecifiedSSID.
122
IV-7-2-4. Log
Thesystemlogdisplayssystemoperationinformationsuchasuptimeand
connectionprocesses.Thisinformationisusefulfornetworkadministrators.
Whenthelogisfull,oldentriesareoverwritten.
Save
Clear
Refresh
Clicktosavethelogasafileonyourlocal
computer.
Clearalllogentries.
Refreshthecurrentlog.
123
Thefollowinginformation/eventsarerecordedbythelog:
" USB
Mount&unmount
" WirelessClient
Connected&disconnected
Keyexchangesuccess&fail
" Authentication
Authenticationfailorsuccessful.
" Association Successorfail
" WPS
M1-M8messages
WPSsuccess
" ChangeSettings
" SystemBoot
Displayscurrentmodelname
" NTPClient
" WiredLink
LANPortlinkstatusandspeedstatus
" ProxyARP
ProxyARPmodulestart&stop
" Bridge
Bridgestart&stop.
" SNMP
SNMPserverstart&stop.
" HTTP
HTTPstart&stop.
" HTTPS
HTTPSstart&stop.
" SSH
SSH-clientserverstart&stop.
" Telnet
Telnet-clientserverstartorstop.
" WLAN(2.4G)
WLAN(2.4G]channelstatusandcountry/regionstatus
" WLAN(5G)
WLAN(5G)channelstatusandcountry/regionstatus
" ADT
124
IV-7-3.Management
IV-7-3-1. Admin
Youcanchangethepasswordusedtologintothebrowser-based
configurationinterfacehere.Itisadvisedtodosoforsecuritypurposes.
Ifyouchangetheadministratorpassword,pleasemakeanote
ofthenewpassword.Intheeventthatyouforgetthis
passwordandareunabletologintothebrowserbased
configurationinterface,seeIV-7-4-4.FactoryDefaultforhowto
resettheaccesspoint.
AccounttoManageThisDevice
Administrator
Settheaccesspoint’sadministratorname.
Name
Thisisusedtologintothebrowserbased
configurationinterfaceandmustbebetween
4-16alphanumericcharacters(casesensitive).
Administrator
Settheaccesspoint’sadministratorpassword.
Password
Thisisusedtologintothebrowserbased
configurationinterfaceandmustbebetween
125
4-32alphanumericcharacters(casesensitive).
AdvancedSettings
ProductName
Management
Protocol
SNMPVersion
SNMPGet
Community
SNMPSet
Community
SNMPTrap
SNMPTrap
Community
SNMPTrap
Manager
Edittheproductnameaccordingtoyour
preferenceconsistingof1-32alphanumeric
characters.Thisnameisusedforreference
purposes.
Check/unchecktheboxestoenable/disable
specifiedmanagementinterfaces(seebelow).
WhenSNMPisenabled,completetheSNMP
fieldsbelow.
SelectSNMPversionappropriateforyour
SNMPmanager.
EnteranSNMPGetCommunitynamefor
verificationwiththeSNMPmanagerfor
SNMP-GETrequests.
EnteranSNMPSetCommunitynamefor
verificationwiththeSNMPmanagerfor
SNMP-SETrequests.
EnableordisableSNMPTraptonotifySNMP
managerofnetworkerrors.
EnteranSNMPTrapCommunitynamefor
verificationwiththeSNMPmanagerfor
SNMP-TRAPrequests.
SpecifytheIPaddressorsevername(2-128
alphanumericcharacters)oftheSNMP
manager.
HTTP
InternetbrowserHTTPprotocolmanagementinterface
HTTPS
InternetbrowserHTTPSprotocolmanagementinterface
TELNET
Clientterminalwithtelnetprotocolmanagementinterface
SSH
ClientterminalwithSSHprotocolversion1or2managementinterface
SNMP
SimpleNetworkManagementProtocol.SNMPv1,v2&v3protocolsupported.
SNMPv2canbeusedwithcommunitybasedauthentication.SNMPv3uses
user-basedsecuritymodel(USM)architecture.
126
IV-7-3-2. DateandTime
Youcanconfigurethetimezonesettingsofyouraccesspointhere.Thedate
andtimeofthedevicecanbeconfiguredmanuallyorcanbesynchronized
withatimeserver.
DateandTimeSettings
LocalTime
Settheaccesspoint’sdateandtimemanually
usingthedropdownmenus.
AcquireCurrent
Click“AcquireCurrentTimefromYourPC”to
TimefromyourPC entertherequiredvaluesautomatically
accordingtoyourcomputer’scurrenttimeand
date.
NTPTimeServer
UseNTP
ServerName
UpdateInterval
TimeZone
TimeZone
TheaccesspointalsosupportsNTP(Network
TimeProtocol)forautomatictimeanddate
setup.
EnterthehostnameorIPaddressofthetime
serverifyouwish.
Specifyafrequency(inhours)fortheaccess
pointtoupdate/synchronizewiththeNTP
server.
Selectthetimezoneofyourcountry/region.If
127
yourcountry/regionisnotlisted,pleaseselect
anothercountry/regionwhosetimezoneisthe
sameasyours.
IV-7-3-3. SyslogServer
Thesystemlogcanbesenttoaserver,attachedtoUSBstorageorsentvia
email.
SyslogServerSettings
TransferLogs
Check/unchecktheboxtoenable/disablethe
useofasyslogserver,andenterahost
name,domainorIPaddressfortheserver,
consistingofupto128alphanumeric
characters.
CopyLogsto
Check/unchecktheboxtoenable/disable
AttachedUSBDevice copyinglogstoattachedUSBstorage.
SyslogEmailSettings
EmailLogs
Check/unchecktheboxtoenable/disableemail
logs.Whenenabled,thelogwillbeemailed
accordingtothesettingsbelow.
EmailSubject
Enterthesubjectlineoftheemailwhichwillbe
sentcontainingthelog.
SMTPServer
SpecifytheSMTPserveraddressforthesender
Address
emailaccount.
SMTPServerPort SpecifytheSMTPserverportforthesender
emailaccount.
128
SenderEmail
ReceiverEmail
Authentication
Enterthesender’semailaddress.
Specifytheemailrecipientofthelog.
Select“Disable”,“SSL”or“TLS”accordingto
youremailauthentication.
Whenauthenticationisusedabove,enterthe
accountname.
Whenauthenticationisusedabove,enterthe
password.
Account
Password
IV-7-3-4. I’mHere
Theaccesspointfeaturesabuilt-inbuzzerwhichcansoundoncommand
usingthe“I’mHere”page.Thisisusefulfornetworkadministratorsand
engineersworkingincomplexnetworkenvironmentstolocatetheaccess
point.
Thebuzzerisloud!
DurationofSound
SoundBuzzer
Setthedurationforwhichthebuzzerwill
soundwhenthe“SoundBuzzer”buttonis
clicked.
Activatethebuzzersoundfortheabove
specifieddurationoftime.
129
IV-7-4.Advanced
Wi-FiMultimedia(WMM)isaWi-FiAllianceinteroperabilitycertification
basedontheIEEE802.11estandard,whichprovidesQualityofService(QoS)
featurestoIEE802.11networks.WMMprioritizestrafficaccordingtofour
categories:background,besteffort,videoandvoice.
IV-7-4-1. LEDSettings
Theaccesspoint’sLEDscanbemanuallyenabledordisabledaccordingto
yourpreference.
PowerLED
DiagLED
IV-7-4-2. Selectonoroff.
Selectonoroff.
UpdateFirmware
The“Firmware”pageallowsyoutoupdatethesystemfirmwaretoamore
recentversion.Updatedfirmwareversionsoftenofferincreasedperformance
andsecurity,aswellasbugfixes. Thisfirmwareupdateisforanindividualaccesspoint.To
updatefirmwareformultipleaccesspointsintheAParray,go
toNMSSettings! FirmwareUpgrade.
Donotswitchoffordisconnecttheaccesspointduringafirmware
upgrade,asthiscoulddamagethedevice.
130
UpdateFirmware
From
Select“afileonyourPC”touploadfirmware
fromyourlocalcomputerorfroman
attachedUSBdevice.
FirmwareUpdateFile Click“Browse”toopenanewwindowto
locateandselectthefirmwarefileinyour
computer.
Update
Click“Update”touploadthespecified
firmwarefiletoyouraccesspoint.
131
IV-7-4-3. Save/RestoreSettings
Theaccesspoint’s“Save/RestoreSettings”pageenablesyoutosave/backup
theaccesspoint’scurrentsettingsasafiletoyourlocalcomputeroraUSB
deviceattachedtotheaccesspoint,andrestoretheaccesspointtopreviously
savedsettings.
Save/RestoreSettings
UsingDevice
Select“UsingyourPC”tosavetheaccess
point’ssettingstoyourlocalcomputerorto
anattachedUSBdevice.
SaveSettingstoPC
SaveSettings
Click“Save”tosavesettingsandanew
windowwillopentospecifyalocationto
savethesettingsfile.Youcanalsocheckthe
“Encrypttheconfigurationfilewitha
password”boxandenterapasswordto
protectthefileinthefieldunderneath,ifyou
wish.
RestoreSettingsfromPC
RestoreSettings
Clickthebrowsebuttontofindapreviously
savedsettingsfileonyourcomputer,then
click“Restore”toreplaceyourcurrent
settings.Ifyoursettingsfileisencryptedwith
apassword,checkthe“Openfilewith
password”boxandenterthepasswordin
thefieldunderneath.
132
IV-7-4-4. FactoryDefault
Iftheaccesspointmalfunctionsorisnotresponding,thenitisrecommended
thatyourebootthedevice(seeIV-7-4-5.)orresetthedevicebacktoits
factorydefaultsettings.Youcanresettheaccesspointbacktoitsdefault
settingsusingthisfeatureifthelocationoftheaccesspointisnotconvenient
toaccesstheresetbutton.
FactoryDefault
Click“FactoryDefault”torestoresettingsto
thefactorydefault.Apop-upwindowwill
appearandaskyoutoconfirm.
Afterresettingtofactorydefaults,pleasewaitfortheaccess
pointtoresetandrestart.
IV-7-4-5. Reboot
Iftheaccesspointmalfunctionsorisnotresponding,thenitisrecommended
thatyourebootthedeviceorresettheaccesspointbacktoitsfactorydefault
settings(seeIV-7-4-4).Youcanreboottheaccesspointremotelyusingthis
feature.
Reboot
Click“Reboot”torebootthedevice.A
countdownwillindicatetheprogressofthe
reboot.
133
IV-8. Toolbox
IV-8-1.
NetworkConnectivity
IV-8-1-1. Ping
Pingisacomputernetworkadministrationutilityusedtotestwhethera
particularhostisreachableacrossanIPnetworkandtomeasure
theround-triptimeforsentmessages.
DestinationAddress
Execute
IV-8-1-2. Entertheaddressofthehost. Clickexecutetopingthehost.
TraceRoute
Tracerouteisadiagnostictoolfordisplayingtheroute(path)andmeasuring
transitdelaysofpacketsacrossanIPnetwork.
DestinationAddress
Execute
Entertheaddressofthehost. Clickexecutetoexecutethetraceroute
command.
134
V.BestPractice
HowtoCreateandLinkWLAN&AccessPointGroups
YoucanuseNMStocreateindividualSSIDsandgroupmultipleSSIDstogether
intoWLANgroups.Youcanthenassignindividualaccesspointstousethose
WLANgroupsettingsand/orgroupmultipleaccesspointstogetherintoaccess
pointgroups,whichyoucanalsoassigntouseWLANgroupsettings.
Followtheexamplebelowto:
A.CreateaWLANgroup.
B.Createanaccesspointgroup.
C.AssigntheaccesspointgrouptousetheSSIDgroupsettings.
A.
1. GotoNMSSettings!WLANandclick“Add”intheWLANpanel:
2. EnteranSSIDnameandsetauthentication/encryptionandclick
“Apply”:
3. ThenewSSIDwillbedisplayedintheWLANpanel.Repeattoadd
additionalSSIDsaccordingtoyourpreference,andthenclick“Add”in
theWLANGrouppanel:
4. EnteranamefortheSSIDgroupandchecktheboxestoselectwhich
SSIDstoincludewithinthegroup.Click“Apply”whendone.
135
B.
5. ThenewWLANgroupwillbedisplayedintheWLANGrouppanel.
RepeattoaddadditionalWLANgroupsaccordingtoyourpreference:
1. GotoNMSSettings!AccessPointandclick“Add”intheAccessPoint
GroupPanel:
2. EnteraNameandthenscrolldowntotheGroupSettingspanelanduse
the<<buttontoaddselectedaccesspointsintoyourgroupfromthe
boxontherightside.Click“Apply”whendone.
136
C.
3. ThenewaccesspointgroupwillbedisplayedintheAccessPointGroup
panel.Repeattoaddadditionalaccesspointgroupsaccordingtoyour
preference:
1. GotoNMSSettings!AccessPointandselectanaccesspointgroup
usingthecheckboxesintheAccessPointGrouppanel.Click“Edit”:
2. ScrolldowntotheProfileGroupSettingspanelandcheckthe“Override
GroupSettings”boxforWLANGroup(2.4GHzand/or5GHz).Select
yourWLANgroupfromthedrop-downmenuandclick“Apply”:
3. Repeatforotheraccesspointgroupsaccordingtoyourpreference.
COPYRIGHT
Copyright©2017bythiscompany.Allrightsreserved.Nopartofthispublicationmaybe
reproduced,transmitted,transcribed,storedinaretrievalsystem,ortranslatedintoany
languageorcomputerlanguage,inanyformorbyanymeans,electronic,mechanical,
magnetic,optical,chemical,manualorotherwise,withoutthepriorwrittenpermissionof
thiscompany
Thiscompanymakesnorepresentationsorwarranties,eitherexpressedorimplied,with
respecttothecontentshereofandspecificallydisclaimsanywarranties,merchantability
orfitnessforanyparticularpurpose.Anysoftwaredescribedinthismanualissoldor
licensed"asis".Shouldtheprogramsprovedefectivefollowingtheirpurchase,thebuyer
(andnotthiscompany,itsdistributor,oritsdealer)assumestheentirecostofall
necessaryservicing,repair,andanyincidentalorconsequentialdamagesresultingfrom
anydefectinthesoftware.Further,thiscompanyreservestherighttorevisethis
publicationandtomakechangesfromtimetotimeinthecontentsthereofwithout
obligationtonotifyanypersonofsuchrevisionorchanges.
137