Home

LevelOne EAP-300_UM_V1_0

Contents

1. Repeater Advanced Access Control and Site Survey EAP 300 supports up to eight Virtual Access Points VAPs Each VAP can have its own settings e g ESSID VLAN ID security settings etc Such VAP capabilities enable different levels of service to meet network requirements a 7 2 1 VAP Overview An overall status is collected on this page including ESSID State Security Type MAC ACL and Advanced Settings where EAP 300 has 8 VAPs each having its own settings In this table please click on the hyperlink to further configure each individual VAP VAP Overview General Y VAP Config Y Security Y Repeater Y Advanced Y Access Control Site Survey Home gt Wireless gt VAP Overview VAP No ESSID EAPSOO 1 EAP3O0 2 EAPSOO 3 EAP300 4 EAP300 5 EAP 300 6 EAP 300 7 EAP 300 8 State Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled VAP Overview Security Type None None None None None None None None VAP Overview Page 42 MAC ACL Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Adwanced Settings Edit Edit Edit Edit Edit Edit Edit Edit e State The hyperlink showing Enable or Disable connects to the VAP Configuration page Eh a NI Ta 3 N i VAP Overview General WYAF Config k Security Repeater Advanced Access Control Site Survey Home Wireless VAP Config VAP Configuration Profile Name VAP
2. The Web Management Interface System Overview Page 12 e To logout simply click on the Logout button at the upper right hand corner of the interface to return to the Administrator Login Page Click OK to logout fHome Logout Help Logout Message from webpage Eg P re vou sure to logoff Please follow the following steps to change the administrator s password g gt gt O A 2 System AP Firewall Utilities Status N Change Password Backup Restore System Upgrade Reboot 4 Home gt Utilities gt Change Password Change Password Name admin Old Password New Password up to 32 characters Re enter New Password Change Password Page gt Click on the Utilities button and then select the Admin Password tab gt Enter the old password and then a new password with a length of up to 32 characters and retype it in the Re enter New Password field Congratulations Now LevelOne s EAP 300 is installed and configured successfully It is strongly recommended to make a backup copy of configuration settings A e After the EAP 300 s network configuration is completed please remember to change the IP Address of your PC Connection Properties back to its original settings in order to ensure that your PC functions properly in its real network environments Article III Connect your AP to your Network The following instructions depict how to establish the wireless cov
3. Disable Enable ARP Inspection Disable Enable Force DHCP Disable Enable Trust List Broadcast Disable Enable Static Trust List Disable Enable Trust Interface Each VAP interface can be checked individually to mark as trusted interfaces security enforcements on DHCP ARP like DHCP snooping and ARP inspection will be carried out on non trusted interfaces DHCP Snooping When enabled DHCP packets will be validated against possible threats like DHCP starvation attack in addition the trusted DHCP server IP MAC can be specified to prevent rouge DHCP server ARP Inspection When enabled ARP packets will be validated against ARP spoofing o Force DHCP option when enabled the AP only learns MAC IP pair information through DHCP packets Since devices configured with static IP address does not send DHCP traffic therefore any clients with static IP address will be blocked from internet access unless its MAC IP pair is listed and enabled on the Static Trust List o Trust List Broadcast can be enabled to let other AP with L2 firewall feature learn the trusted MAC IP pairs to issue ARP requests o Static Trust List can be used to add MAC or MAC IP pairs of devices that are trusted to issue ARP request Other network nodes can still send their ARP requests however if their IP appears in the static list with different MAC their ARP requests will be dropped to prevent eavesdropping lf any settings are made please clic
4. Disable Enable VAP 1 EAP300 1 VLAN ID Disable Enable VLAN ID 1 4094 Profile Name ESSID VAP State Page eSecurity Type The hyperlink showing the security type connects to the Security Settings Page VAP Overview General VAP Config N Secu rity Repeater Advanced Access Control Home gt Wireless gt Security Site Survey Security Settings Profile Name VAP 1 Security Type VAP Security Type Page 43 e MAC ACL The hyperlink showing Allow or Disable connects to the Access Control Settings Page a a k A re VAP Overview General WAP Config Security i Advanced 4 Access Control Site Survey N L 4 Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients Range 1 32 Access Control Type Disable Access Control Access Control Settings Page e Advanced Settings The advanced settings hyperlink connects to the Advanced Wireless Settings Page VAP Overview General WAP Config Security Repeater Home Wireless gt Advanced i Adwanced Access Control Site Survey 4 Y 1 L Advanced Wireless Settings Profile Name RTS Threshold 1 2346 Fragment Threshold 256 2346 DTIM period 1 15 Broadcast SSID Disable Enable Wireless Station Isolation Disable Enable WMM Disa
5. If broadcast of the SSID is disabled only devices that have the correct SSID can connect to the system e Wireless Station Isolation By enabling this function all stations associated with the system are isolated and can only communicate with the system 54 e WMM The default is Disable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four access categories voice video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only lt To receive the benefits of WMM QoS gt The application must support WMM WMM shall be enabled on EAP 300 WMM shall be enabled in the wireless adapter on clients computer e lIAPP IAPP Inter Access Point Protocol is a protocol by which access points share information about the stations that are connected to them By enabling this function the system will automatically broadcast information of associated wireless stations to its peer access points This will help wireless stations roam smoothly among IAPP enabled access points in the same wireless LAN e Multicast Broadcast Rate Bandwidth configuration for multicast oroadcast packets If your wireles
6. Management GRE Tunnel Home gt System gt Management Services Management Services VLAN for Management Disable Enable viANID 1 4094 SNMP Configuration Disable Enable Community String Trap Disable Enable a ae Disable Enable SYSLOG Server IP 192 168 1 254 Server Port si4 SYSLOG Level Management Services Page e VLAN for Management When enabling this function management traffic from the system will be tagged with a VLAN ID In other words administrator who wants to access the WMI must send management traffic with the same VLAN ID such as connecting to the VAP with the same VLAN ID Enter a value between 1 and 4094 for the VLAN ID if the option is enabled 3 e SNMP Configuration By enabling SNMP function the administrator can obtain the system information remotely SNMP Configuration Disable Enable Community String Trap Disable Enable SNMP Configuration Fields gt Enable Disable Enable or Disable this function gt Community String The community string is required when accessing the Management Information Base MIB of the system o Read Enter the community string to access the MIB with Read privilege o Write Enter the community string to access the MIB with Write privilege gt Trap When enabled events on Cold Start Interface UP amp Down and Association amp Disassociation can be reported to an assigned server o Enable Disable Enable or
7. Profile Name VAP 1 Maximum Number of Clients Range 1 32 3 MAC ACL Deny List Access Control Type No MAC Address MAC ACL Deny List State 30 4 RADIUS ACL Authenticate incoming MAC addresses by an external RADIUS server When RADIUS ACL is selected all incoming MAC addresses will be authenticated by an external RADIUS server Please note that each VAP s MAC ACL and its security type shown on the Security Settings page share the same RADIUS configuration VAP Overview M General N YAP Config Security Repeater y Adwa nced Y Access Control Site Survey 4 Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients Range 1 3 Access Control Type RADIUS ACL w PE ES SEREF i Notell These settings will also apply to security settings which use RADIUS Server for this VAP Host fi Domain Name IP Address Authentication Port 1812 1 65535 Secondary RADIUS Server Host DOO Authentication Port RADIUS ACL Click Save and Reboot after completing your configurations to have them take effect 3 Article VI Create a WDS Bridge between two APs WDS link creation will assist to extend network coverage where running wires is not an option effectively transferring the traffics to the other end of WLAN LAN through the EAP 300 Since this is a peer to peer connection both EAP 300s will be configured by the same
8. VaP Liv Security Type B02 1X v Dynamic WEP Disable Enable WEP Key Length 64 bits 128 bits Rekeying Period 300 second s Peay MARIES SOME p ii i Domain Name IP Address Authentication Port 1812 ili Secret Key Accounting Service Disable Enable Accounting Port 1 Accounting Interim Update Interval Ee secondisi Security Settings 802 1X Authentication gt Dynamic WEP Settings o Dynamic WEP For 802 1X security type Dynamic WEP is always enabled to automatically generate WEP keys for encryption o WEP Key Length Select from 64 bit or 128 bit key length o Rekeying Period The time interval for the dynamic WEP key to be updated the time unit is in second gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period 26 e WPA PSK Provide shared key authenticaiton in WP
9. admin and new password and then re enter the new password in the Re enter New Password field Click Save to activate the new password 68 b 7 3 2 Backup amp Restore This function is used to backup and restore the EAP 300 settings The EAP 300 can also be restored to factory defaults using this function It can be used to duplicate settings to other access points backup settings of this system and then restore on another AP System Upgrade Reboot 4 I Change Password y Backup amp Restore Home Utilities gt Config Save amp Restore Configuration Backup amp Restore Reset to Default Backup System Settings Backup amp Restore Page e Reset to Default gt Click Reset to load the factory default settings of EAP 300 A pop up Page will appear to reconfirm the request to reboot the system Click OK to proceed or click Cancel to cancel the reboot request Message from webpage J This action will reboot the system Do you want to continue Reboot Confirmation Prompt gt Awarning message as displayed below will appear during the reboot period The system power must be kept turn on before the completion of the reboot process gt The System Overview page will appear upon the completion of reboot e Backup System Settings Click Backup to save the current system settings to a local disk such as the hard disk drive HDD of a local computer or a compact disc CD e Restore System
10. generate WEP keys for encryption o WEP Key Length Select from 64 bit or 128 bit key length o Re keying Period The time interval for the dynamic WEP key to be updated the time unit is in second gt RADIUS Server Settings Primary Secondary o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes 49 Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period e WPA PSK WPA PSK Wi Fi Protected Access Pre shared Key is a pre shared key authentication method a special mode of WPA VAP S T E General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name Security Type Cipher Suite Pre shared Key Type PSK Hex 64 chars Passphrase 8 63 chars Group Key Update Period 600 second s Security Settings WPA PSK gt Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP
11. o WEP Key Length Select from 64 bit or 128 bit key length o Rekeying Period The time interval for the dynamic WEP key to be updated the time unit is in second gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period 26 e WPA PSK Provide shared key authenticaiton in WPA data encryption VAP Overview General VAP Config Y Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Type Cipher Suite Pre shared Key Type Security Settings Profile Name VAP 1 WPA PSK TKIP WPA wt D PSK Hex 64 chars Passphrase 8 63 chars Pre shared Key PO Group Key Update Period 600 second s Security Settings WPA PSK gt Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed gt Pre shared Key Type S
12. 1 ESSID EAP3O0 1 VLAN ID Disable Enable VLANID 1 4094 VAP Configuration Page VAP 1 shown Select Enable for the VAP field and click Save Click the Overview tab to return to the previous table to begin the next step Step 2 Configure Security Settings for your VAP Now we will proceed to secure your AP The following instructions allow you to secure it using a wireless standard encryption If you wish to only restrict MAC addresses skip to the Step3 If you want to also include MAC restrictions include the following step First click on the corresponding cell in the column labeled Security Type This hyperlink will direct you to the following Security Settings page VAP Overview General VAP Config Security Repeater Advanced Access Control Y Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type Security Settings Page VAP 1 shown Select your desired Security Type from the drop down menu which includes None WEP 802 1X WPA PSK and WPA RADIUS 24 e None Authentication is not required and data is not encrypted during transmission when this option is selected This is the default setting as shown in the following figure VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type Security
13. EN A o Device Time 1970 01 01 08 00 30 System Up Time 0 days 0 00 30 LAN Interface ______ rs AP Status Profile Security Online MAC Address 00 1F 04 83 96 01 Hime BSSID ESSID read Clients GRE IP Address VAP 1 00 1F D4 83 96 02 EAP 1 None 0 Ge Subnet Mask 255 255 0 0 VAP 2 06 1F D4 83 96 02 FAP 2 None 0o Gateway VAP 3 QA 1F D4 83 96 02 EAP 3 None 0 GRE Tunnel Status Connected Remote IP 192 168 3 3 Key 12345 System Overview Page 72 Table 3 Status Page s Organizational Layout System Name The system name of the EAP 300 Firmware Version The present firmware version of the EAP 300 The present firmware build number of the Build Number EAP 300 System Location The location of the EAP 300 The site of the EAP 300 Device Time The system time of the EAP 300 The time that the system has been rebooted in System Up Time operation LAN Interface Radio Status GRE Tunnel 7 ey Remote IP The IP Address of AC The password for the connection 74 b 7 4 2 Associated Client The administrator can remotely oversee the status of all associated clients on this page When a low SNR is found here the administrator can tune the corresponding parameters or investigate the settings of associated clients to improve network communication performance Overview Associated Clients Repeater Y Event Log Home gt S
14. EtherType Remark Setting 1 DROP CDP and VTP IEEE_ 8023 Del Ed In Mv 2 F DROP STP BPDU IEEE_8023 Del Ed In Mv 3 P DROP GARP IEEE_8023 Del Ed In Mv 4 O DROP RIP IPv4 Del Ed In Mv 5 O DROP HSRP IPv4 Del Ed In Mv 6 O DROP OSPF IPv4 Del Ed In Mv 7 Del Ed In Mv 8 Del Ed In Mv 9 Del Ed In Mv 10 Del Ed In Mv First Prev Next Last total 20 65 b 7 3 2 Service The administrator can add or delete firewall service here the services in this list will become options to choose in firewall rule when EtherType is IPv4 EAP 300 provides a list of rules to block or pass traffics of layer 3 or above protocols These services are available to choose from drop down list of layer2 firewall rule edit page with Ether Type to be IPv4 The first 28 entries are default services and the administrator can add delete any extra desired services There are 28 firewall services available in default settings these default services cannot be deleted but can be disabled If changes are made please click SAVE to save the settings before leaving this page Firewall List Service Advanced Home Firewall Service Config No Name 1 ALL 2 ALL TCP 3 ALL UDP ALL ICMP 3 FIP 6 HTTP 7 HTTPS POPS g SMTP 10 DHCP Firewall Service Description Delete ALL TCP Source Port 0 65535 Destination Port 0 65535 UDP Source Port 0 65535 Destination Port 0 65535 ICMP TCP UDP Destination Port 20 21 TCP UDP Destination Port 80 TCP U
15. Layout System Name The system name of the EAP 300 Firmware Version The present firmware version of the EAP 300 The present firmware build number of the Build Number EAP 300 System Location The location of the EAP 300 The site of the EAP 300 Device Time The system time of the EAP 300 The time that the system has been rebooted in System Up Time operation LAN Interface Radio Status GRE Tunnel 7 ey Remote IP The IP Address of AC The password for the connection 74 b 7 4 2 Associated Client The administrator can remotely oversee the status of all associated clients on this page When a low SNR is found here the administrator can tune the corresponding parameters or investigate the settings of associated clients to improve network communication performance Overview Associated Clients Repeater Y Event Log Home gt Status gt Wireless Clients Associated Client Status Client List Associated VAP ESSID MAC Address SNR dB Idle Time secs Disconnect Associated Client Status Page e Associated VAP The name of a VAP Virtual Access Point that the client is associated with e ESSID The Extended Service Set ID which the client is associated with e MAC Address The MAC address of associated clients e SNR The Signal to Noise Ratio of respective client s association e Idle Time Time period that the associated client is inactive the time unit is in second e Disconnect Upon clicking
16. Settings Click Browse to search for a previously saved backup file and then click Upload to restore the settings The backup file will replace the active configuration file currently running on the system After network parameters have been reset restored the network settings of the administrator PC may need to be changed to ensure that the IP address of the administrator PC is on the same subnet mask as the EAP 300 69 c 7 3 3 System Upgrade The EAP 300 provides a web firmware upload upgrade feature The administrator can download the latest firmware from the website and save it on the administrator s PC To upgrade the system firmware click Browse to choose the new firmware file you downloaded onto your PC and then click Upload to execute the process There will be a prompt confirmation message appearing to notify the administrator to restart the system after a successful firmware upgrade Please restart the system after upgrading the firmware Change Password Backup amp Restore System Upgrade Reboot Home Utilities gt System Upgrade System Upgrade Current Version Current Build Number System Upgrade Page e It is recommended to check the firmware version number before proceeding further Please make sure you have the correct firmware file a Male e Firmware upgrade may sometimes result in the loss of some data Please ensure that all necessary settings are written down before upgrading the firmware
17. Settings None e WEP WEP Wired Equivalent Privacy is a data encryption mechanism with key length selected from 64 bit 128 bit or 152 bit VAP Overview General VAP Contig Y Security Repeater Advanced Access Control Site Survey 4 Home gt Wireless gt Security Security Settings Profile Name Security Type WEP w Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 802 11 Authentication Open System Shared Key Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ascu Hex WEP Key Index WEP Keys i oOo Security Settings WEP gt 802 11 Authentication Select from Open System Shared Key or Auto gt WEP Key Length Select from 64 bit 128 bit 152 bit key length gt WEP Key Format Select from ASC or Hex format for the WEP key gt WEP Key Index Select a key index from 1 through 4 The WEP key index is a number that specifies which WEP key is used for the encryption of wireless frames during data transmission gt WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys 25 e 802 1X When 802 1X Authentication is selected RADIUS authentication and enhanced dynamic WEP are provided i i VAP Overview 4 General Y VAP Config Y Security Repeater Y Advanced Y Access Control Site Survey Home gt Wireless gt Securit Security Settings Profile Name
18. and data is not encrypted during transmission when this option is selected This is the default setting as shown in the following figure VAP Overview General 1 WAP Config N Secu rity Repeater Advanced J Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type Security Settings None e WEP WEP Wired Equivalent Privacy is a data encryption mechanism based on a 64 bit 128 bit or 152 bit shared key algorithm l w 4 4 l 4 j 4 4 l 4 VAP Overview General VAP Config Security Repeater j Advanced Access Control Y Site Survey Home Wireless gt Security Security Settings Profile Name Security Type WEP Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 02 11 Authentication Open System Shared Key Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ascu Hex WEP Key Index WEP Keys Security Settings WEP 48 gt 802 11 Authentication Select from Open System Shared Key or Auto gt WEP Key Length Select from 64 bit 128 bit 152 bit key length gt WEP Key Format Select from ASCII or Hex format for the WEP key gt WEP Key Index Select a key index from 1 4 The WEP key index is a number that specifies which WEP key us used for the encryption of wireless frames during data transmission gt WEP Keys Provide the pre define
19. login prompt reappears the device has completed the reset to default process and the LAN IP is reset to 192 168 1 1 Copying Feature Control Profile Check customized objects Check customized pages objects Configuration file tmp hosta Cat can t open tmp status s start syslogd CHH 03if wap atop Stopping OSIF WAF br port 3 fathOapo entering disabled state loctl IEEESO0211 I0CTL SETMLME Invalid argument Could not connect to kernel driver toctl TEEES0e11 TOCTL SETMLME Invalid argumant Using interface athOapO with hwaddr OO 00 33 93 and ssid EAP200 1 brO port SlathOapO entering forwarding state le packet receive r pda athOapo log n No such file or directory ewErom Wetwork is down rR Tm m m a ROS m to rfrom Network is down aera messages they ll go to dev null rR la packet receive rE Warning No sourt o H ro E Fh ti Ch nent 3 prokbe s Feceived oO bebig a fC Pi m Aw far m er O broadcast z Sta art WES tLarting pid 546 try fsebin getty wrapper 3h L tryso 115200 wt100 SYSTEM IF 192 160 Enter Set t wh actory default login 10 Section 2 06 2 5 Access Web Management Interface LevelOne EAP 300 supports web based configuration Upon the completion of hardware installation EAP 300 can be configured through a PC by using its web browser such as Mozilla Firefox 2 0 and higher or Internet Explorer version 6 0 and hig
20. receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only lt To receive the benefits of WMM QoS gt The application must support WMM WMM shall be enabled on EAP 300 WMM shall be enabled in the wireless adapter on clients computer e lIAPP IAPP Inter Access Point Protocol is a protocol by which access points share information about the stations that are connected to them By enabling this function the system will automatically broadcast information of associated wireless stations to its peer access points This will help wireless stations roam smoothly among IAPP enabled access points in the same wireless LAN e Multicast Broadcast Rate Bandwidth configuration for multicast oroadcast packets If your wireless clients require larger or smaller bandwidth for sending multicast broadcast packets the administrator can customize the EAP700 s multicast broadcast bandwidth here 99 g 7 2 6 Access Control On this page the network administrator can restrict the total number of clients connected to the EAP 300 as well as specify particular MAC addresses that can or cannot access the device VAP Overview General Y VAP Config 4 Security Repeater Advanced Access Control Site Survey Home Wireless Access Control Access Control Settings Profile Name VA
21. recommended to use an NTP server for time synchronization because system time needs to be reconfigured once system reboot when choosing Manual set up 37 b 7 1 2 Network Interface On this page the devices network settings may be configured field with a red asterisk i e IP Address Netmask Default Gateway and Primary DNS Server are required General Y Network Interface Management Y GRE Tunnel Home gt System gt Network Interface Network Settings Mode Static DHCP IP Address J Default Gateway Primary DNS Server Alternate DNS Server fo Layer STP Disable Enable Network Settings Page e Mode Determine the way to obtain the IP address by DHCP or Static gt Static The administrator can manually set up the static LAN IP address All required fields are marked with a red asterisk o IP Address The IP address of the LAN port o Netmask The Subnet mask of the LAN port o Default Gateway The Gateway IP address of the LAN port o Primary DNS Server The IP address of the primary DNS Domain Name System server o Alternate DNS Server The IP address of the substitute DNS server gt DHCP This configuration type is applicable when the system is connected to a network with the presence of a DHCP server all related IP information required will be provided by the DHCP server automatically e Layer 2 STP If the EAP 300 is set up to bridge other network components this option ca
22. same DHCP server 192 168 1 1 Section 2 03 2 3 Hardware Description This section depicts the hardware information including all panel description Connector Panel l E USB J WES Restart 7 EAP 300 Connector Panel 1 Console Attach the serial cable here Press once to restart the system Press and hold for more than 5 Restart Reset Button seconds to reset to factory default Attach the power adapter here 4 WES Button WES Button Button Press to start Press to start running WES process WES process LAN Attach the Ethernet cable here biachadeitiblns Ait re connecting to the wired local network This port is POE compatible as well SBT 6 cca Antenna Panel EAP 300 Antenna Panel Antenna Connector Attach the antennas to the above 3 connectors LED Panel Drg PA opoo E EAP 300 Enterprise Access Point 5 4 3 z 4 EAP 300 LED Panel ML i LED ON indicates power on OFF indicates power off LED OFF indicates RF is not ready ON indicates RF is ready CLINKING indicates transmitting receiving data ip LED ON indicates Ethernet cable connected OFF indicates no connection i o eee future use WES Start LED Green OFF and then LED Red OFF and then BLINKING SLOWLY BLINKING SLOWLY WES Negotiate BLINKING NORMALLY BLINKING NORMALLY Green Red WES Negotiate Timeout LED Green ON LED Red ON WES Success LED Red ON LED Green ON WES Fail
23. the same physical AP device Please click on the Wireless icon to review the VAP Overview page VAP Config Security 4 Repeater h Advanced Access Control Site Survey VAP Overview General co WAD Papoose 655 gt VAP Overview Home gt Wire VAP Overview VAP No ESSID State Security Type MAC ACL Advanced Settings 1 EAP300 1 Enabled None Disabled Edit 2 EAP300 2 Disabled None Disabled Edit 3 EAP300 3 Disabled None Disabled Edit 4 EAP 300 4 Disabled None Disabled Edit 5 EAP300 5 Disabled None Disabled Edit 6 EAP300 6 Disabled None Disabled Edit 7 EAF 300 7 Disabled None Disabled Edit z EAP300 8 Disabled None Disabled Edit VAP Overview Page Click on the corresponding cell in the State column and the row of the VAP you are planning on configuring enabling This will bring you to the particular VAP s Configuration page VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP Disable Enable Profile Name VAP 1 ESSID EAP3O00 1 VLAN ID Disable Enable VLANID ss F 1 4094 VAP Configuration Page VAP 1 shown Please select the desired VAP profile from the drop down menu of Profile Name Choose Enable for the VAP field Pick a descriptive Profile Name and an appropriate ESSID for clients to associate to A VLAN ID can be provided to indicate the traffics through thi
24. 15 Broadcast SSID Disable Enable Wireless Station Isolation Disable Enable WMM Disable Enable IAPP Disable Enable Multicast Broadcast Rate Advanced Wireless Settings Page eRTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the fragment to prevent the hidden node problem The RTS mechanism will be activated if the data size exceeds the value provided A lower RTS Threshold setting can be useful in areas where many client devices are associating with EAP 300 or in areas where the clients are far apart and can detect only EAP 300 but not each other e Fragmentation Threshold Enter a value between 256 and 2346 The default is 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference e DTIM Period Input the DTIM Interval that is generated within the periodic beacon at a specified frequency Higher DTIM will let the wireless client save energy more but the throughput will be lowered e Broadcast SSID Disabling this function will prevent the system from broadcasting its SSID
25. 2 or Mixed gt Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase gt Pre shared Key Enter the key value for the pre shared key the format of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds 50 e WPA RADIUS If this option is selected the RADIUS authentication and data encryption will be both enabled VAP Overview General VAP Config Y Security Repeater Advanced Y Access Control Y Site Survey Home Wireless gt Security Security Settings Profile Name Security Type Cipher Suite Group Key Update Period 600 second s Primary RADIUS Server Hast Pe Domain Name IP Address Authentication Port jisi2 Secret Key F Accounting Service Disable Enable Accounting Port he3 F Accounting Interim Update Interval lso second s Security Settings WPA RADIUS gt WPA Settings O O Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system
26. 2 aP 3 Wireless Laptop _ i IZIM 1 pt a Werelet Laptop WDS Links A fi kU a cS le s le al ha N i n a _ w O l Loa ea mahan art 1a Wired Detstopi Wheo Deichops x AF 02 108 008 Woche lovtup Ss MPANALI prea Wired Dotkiop Common Network Layout with EAP 300s This above deployment scenario illustrates a deployment example using three access points AP 1 AP 2 and AP 3 e Three EAP 300 systems construct a network comprising of wired and wireless segments e AP 2 plays the role of a wireless bridge e All devices share the same DHCP server 192 168 1 1 Section 2 03 2 3 Hardware Description This section depicts the hardware information including all panel description Connector Panel l E USB J WES Restart 7 EAP 300 Connector Panel 1 Console Attach the serial cable here Press once to restart the system Press and hold for more than 5 Restart Reset Button seconds to reset to factory default Attach the power adapter here 4 WES Button WES Button Button Press to start Press to start running WES process WES process LAN Attach the Ethernet cable here biachadeitiblns Ait re connecting to the wired local network This port is POE compatible as well SBT 6 cca Antenna Panel EAP 300 Antenna Panel Antenna Connector Attach the antennas to the above 3 connectors LED Panel Drg PA opoo E EAP 300 Ent
27. 200 1 brO port SlathOapO entering forwarding state le packet receive r pda athOapo log n No such file or directory ewErom Wetwork is down rR Tm m m a ROS m to rfrom Network is down aera messages they ll go to dev null rR la packet receive rE Warning No sourt o H ro E Fh ti Ch nent 3 prokbe s Feceived oO bebig a fC Pi m Aw far m er O broadcast z Sta art WES tLarting pid 546 try fsebin getty wrapper 3h L tryso 115200 wt100 SYSTEM IF 192 160 Enter Set t wh actory default login 10 Section 2 06 2 5 Access Web Management Interface LevelOne EAP 300 supports web based configuration Upon the completion of hardware installation EAP 300 can be configured through a PC by using its web browser such as Mozilla Firefox 2 0 and higher or Internet Explorer version 6 0 and higher The default values of the EAP 300 s LAN IP Address and Subnet Mask are IP Address 192 168 1 1 Subnet Mask 255 255 255 0 f Enterprise Access Point Windows Internet Explore Ko Go y E httpuit92 168 1 1 File Edit View Favorites Tools Help fe Enterprise Access Point Example of entering EAP 300 s default IP Address into a web browser e To access the web management interface WMI connect the administrator PC to the LAN port of EAP 300 via an Ethernet cable Then set a static IP Address on the same subnet mask as the E
28. 4M MCS0 15 1M 2M 5 5M 11M 12M 18M 24M 36M 48M 54M MCS0 15 c 7 2 3 VAP Configuration This section provides configuration of each Virtual Access Point with settings such as Profile Name ESSID and VLAN ID VAP Overview Y General V4P Config Security Repeater Y Advanced Access Control Site Survey m m Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP Disable Enable Profile Name VAP 1 ESSID EAF300 1 VLAN ID Disable Enable VLAN ID 1 4094 VAP Configuration Page To enable each VAP the administrator must configure each VAP manually The settings of each VAP are collected as its profile e VAP Enable or Disable this VAP e Profile Name The profile name of each VAP for identity management purposes e ESSID ESSID Extended Service Set ID is the unique SSID used by a client device to associate with the specified VAP ESSID determines the service level assigned to a client e VLAN ID EAP 300 supports tagged VLANs virtual LANs To enable VLAN function each VAP must have a unique VLAN ID valid values range from 1 to 4094 47 d 7 2 4 Security EAP 300 supports various wireless authentication and data encryption methods in each VAP profile With this the administrator can provide different service levels to clients The security type includes None WEP 802 1X WPA PSK and WPA RADIUS e None Authentication is not required
29. 60 64 100 104 108 112 116 120 124 128 132 136 140 1523 Oye 0 18 Oy 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 12 13 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 1 2 3 4 5 6 7 8 9 10 11 12 13 J J J J J 46 6M 9M 12M 18M 24M 36M 48M 54M 1M 2M 5 5M 11M 6M 9M 12M 18M 24M 36M 48M 54M Auto Lowest Low Medium High Highest 1M 2M 5 5M 6M 9M 11M 12M 18M 24M 36M 48M 54M 6M 9M 12M 18M 24M 36M 48M 54M MCS0 15 1M 2M 5 5M 11M 12M 18M 24M 36M 48M 54M MCS0 15 c 7 2 3 VAP Configuration This section provides configuration of each Virtual Access Point with settings such as Profile Name ESSID and VLAN ID VAP Overview Y General V4P Config Security Repeater Y Advanced Access Control Site Survey m m Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP Disable Enable Profile Name VAP 1 ESSID EAF300 1 VLAN ID Disable Enable VLAN ID 1 4094 VAP Configuration Page To enable each VAP the administrator must configure each VAP manually The settings of each VAP are collected as its profile e VAP Enable or Disable this VAP e Profile Name The profile name of each VAP for identity management purposes e ESSID ESSID Extended Service Set ID is the unique SSID used b
30. 7 Disabled None Disabled Edit z EAP300 8 Disabled None Disabled Edit VAP Overview Page Click on the corresponding cell in the State column and the row of the VAP you are planning on configuring enabling This will bring you to the particular VAP s Configuration page VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP Disable Enable Profile Name VAP 1 ESSID EAP3O00 1 VLAN ID Disable Enable VLANID ss F 1 4094 VAP Configuration Page VAP 1 shown Please select the desired VAP profile from the drop down menu of Profile Name Choose Enable for the VAP field Pick a descriptive Profile Name and an appropriate ESSID for clients to associate to A VLAN ID can be provided to indicate the traffics through this particular VAP It may allow further management control e g access rights and Internet usage etc of each VAP with a management gateway Click SAVE and then Reboot for the changes to take effect 22 Article V Secure Your AP Different VAP may require different level of security These instructions will guide the user through setting up different types of security for a particular VAP Simply repeat the following steps for other VAP with security requirement Step 1 Ensure that your VAP is Enabled VAP Overview General VAP Config Security Repeater Adv
31. A data encryption VAP Overview General VAP Config Y Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Type Cipher Suite Pre shared Key Type Security Settings Profile Name VAP 1 WPA PSK TKIP WPA wt D PSK Hex 64 chars Passphrase 8 63 chars Pre shared Key PO Group Key Update Period 600 second s Security Settings WPA PSK gt Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed gt Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase gt Pre shared Key Enter the key value for the pre shared key the format of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds 27 e WPA RADIUS Authenticate users by RADIUS and provide WPA data encryption VAP Overview General VAP Config Y Security Repeater Y Advanced Access Control Site Survey Home Wireless gt Security Security Settings Profile Name Security Type Cipher Suite Group Key Update Period 600 second s Primary RADIUS Server Host A Domain Name IP Address Authentication Port jigiz2_ Secret Key ae F Accounting Service Disable Enable Accounting Interim Update Interval so second s Security Settings WPA RADIUS gt WPA Settin
32. AP 300 in TCP IP settings of your PC such as the following example IP Address 192 168 1 100 Subnet Mask 255 255 255 0 Please note that the IP Address used should not overlap with the IP Addresses of any Note ea other device within the same network eLaunch the web browser on your PC and enter the IP Address of the EAP 300 192 168 1 1 at the address field and then press Enter The following Administrator Login Page will then appear Enter admin for both the Username and Password fields and then click Login Username admin Password e0000 K Administrator Login Page e After a successful login into EAP 300 a System Overview page of the Web Management Interface WMI will appear gt Overview Associated Clients Wi Home gt Status gt System Overview amp System System Name Enterprise Access Point Firmware Version Build Number Location Device Time 1970 01 01 08 00 30 System Up Time 0 days 0 00 30 O LAN Interface MAC Address 00 1F D4 83 96 01 IP Address Subnet Mask 255 255 0 0 Gateway GRE Tunnel Connected Remote IP 192 168 3 3 Status ii Firewall System Overview i Radio Status MAC Address 00 1F D4 83 96 02 OA Utilities l Band 802 11g n Channel 1 TX Power 19 dBm gt AP Status Profile Name VAP 1 BSSID VAP 2 Security Online Type Clients None o None o GRE 7
33. AP aE E E EE EEE NSi 23 6 Create a WDS Bridge between two APS eesseesseesseesocesoessoessoesocesoeesoeesoesooeeoeeeoeesoeesoessoeeseeeoee 32 7 Web Management Interface Configuration e sseesseeesseessecesocesscoessoeesocessoeesooeesoessoeesocessoee 34 PE ESA 65 5 8 EE E E A E T E E EE E E E E E EE ETE ET 36 FMM CG al EE EN A EE E OA E E A A A A A E E E A E A 36 ARANON O aE a A A A AA 38 e T T S ices sesuesasacnasegi use enedseeseucanemendseesegee 39 TA RE e a A E A A 41 TONT E a E E E TE E E E ni 42 EINA P OVIN O N aar ERE E e E 42 PEPA E CIC El sasaasacnzesnoncsaseonaenceasacasdeaegnesseeessnsacaonse segacaiasaceoossazeaneensacsonse S savasessnnsaascaseucnstenes seeaueeusaseeussasoduoos necaesaaen 45 Ae CON OS ss snzcapcecteannsaneecspuacau aeons tepaupsauseasoncczed A E O EEE EE E 47 Of Bs SO CUTLY sx caaasaccesvaeacoacoasntoateos lenses steatosasagacmssnaoatesasaeonsoateeasoaqsactosaancseasnniaeanoaaseaepeanack oontateateonuieannosstospsaiacaonaak 48 Dy OC OL E E A E E sea nesestaasiopsdua E E E E nes secisenseta nemestuaasmossuanesesecisrapsevanemesteaneces 51 AEAN E 54 7 2 6 Access Control o ieee ccecccesssssccccccecssssssesceccecesesssssssecceecesssssseccececessssscecececesssasesecececeesstsssecceeeeesttsseeeeeeenens 56 27 SUM ULV GY EE E A E A E A E E AA A E 60 TPES a e E E E A E E A NE 62 Te A eo SU E E E E A EEE EAEN P EE EEE E EEN E 62 FD ERE VNC IOIEN EEPO EERO EA O EEE SEEE EA O EOE AEO EEEE 66 TF A aE
34. AT EAE AE E E E AAEE 67 7S UNES eeen EENE EEEE EEEN EE E EEN E ONR EE 68 Zor P n eaaa E A T EE E E A 68 E E E i e E A E EE E ASE A E sedi E E E E S 69 A Do 0 a E E E E A ee E E ee eee 70 Toa REDO eee E E E A EEA E 71 Fe ee U E PE E A EAA A IE E EAA A A E E A AA AE A A E A E A I2 Ta OVE ON eoe E E E E E E 12 PA a Associ ed Chen eesi ia e E eiad Ee eias E Ei 75 PAS K A T aa S S eee 76 PAATE LOE a A A e 71 TO OMe Hel Deise a scree cheesiest a sont ts ts ts an dates neko tea ae ses 78 About 4ipnet The LevelOne Secure WLAN Controller series is powered by 4ipnet LevelOne is partnered with 4ipnet to deliver most feature rich product yet simple deployment in wireless networking infrastructure solution 4ipnet is a leading provider of wireless networking solution for manageable reliable and secure wireless access In an effort to meet changing market demands at the least possible cost 4ipnet delivers a diverse array of turnkey high performance products and mission critical applications to bring reliability and manageability to increasingly complex wireless networks 4ipnet s complete WLAN infrastructure solution portfolio addresses the needs of different network operation environments ranging from the ISP to the SOHO with an emphasis on simplified network deployment centralized network management and enhanced network performance 4ipnet Article I Before You Start Section 1 01 1 1 Preface This manual is intended for sy
35. DP Destination Port 443 TCP Destination Port 110 TCP Destination Port 25 UDP Destination Port 67 68 First Prey Next Last total 28 Add Firewall Service Page 66 c 7 3 3 Advanced Advanced firewall settings are used to supplement the firewall rules providing extra security enhancement against DHCP and ARP traffics traversing the available interfaces of system Firewall List Y Service Y Advanced Home gt Firewall gt Advanced Advanced Firewall Settings Trust Interface c c c c c E c c VAP1 VAP2 VAPS VAP4 VAP5 VAP VAP VAPS DHCP Snooping Disable Enable ARP Inspection Disable Enable Force DHCP Disable Enable Trust List Broadcast Disable Enable Static Trust List Disable Enable Trust Interface Each VAP interface can be checked individually to mark as trusted interfaces security enforcements on DHCP ARP like DHCP snooping and ARP inspection will be carried out on non trusted interfaces DHCP Snooping When enabled DHCP packets will be validated against possible threats like DHCP starvation attack in addition the trusted DHCP server IP MAC can be specified to prevent rouge DHCP server ARP Inspection When enabled ARP packets will be validated against ARP spoofing o Force DHCP option when enabled the AP only learns MAC IP pair information through DHCP packets Since devices configured with static IP address does not send DHCP traffic therefore any clients with static
36. Disable this function o Server IP Address Enter the IP address of the assigned server for receiving the trap report e System Log By enabling this function specify an external SYSLOG server to accept SYSLOG messages from the system remotely Vv Vv V WV yn Log Disable Enable SYSLOG Server IP Server Port SYSLOG Level System Log Fields Enable Disable Enable or Disable this function Server IP The IP address of the Syslog server that will receive the reported events Server Port The port number of the Syslog server Syslog Level Select the desired level of received events from the drop down menu 40 d 7 1 4 GRE Tunnel When GRE tunnel is created between EAP 300 and the controller EAP 300 can be logically deployed into the Controller s managed network regardless of its physical location If the tunnel is created from WHG series controllers all of the configuration should be performed on the Controller side It is meaningless to configure GRE tunnel settings from the EAP 300 side Once the settings are applied from the Controller side the applied settings such as Key string will be passed to the corresponding EAP 300 and its WMI page will automatically open to confirm the changes Click Restart link and EAP 300 will restart to activate the tunnel A new window will automatically open and display the tunnel settings from the AP side which is passed from the Controller Click the Reboot link to apply and activate the
37. Disabled Edit 7 EAF 300 7 Disabled None Disabled Edit 8 EAP300 8 Disabled None Disabled Edit Virtual AP Overview Page On this page click the hyperlink in the row and column that corresponds with VAP 1 s State This will bring up the following page VAP Overview General WAP Config Security Repeater Advanced 1 Access Control Site Survey iy Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP Disable Enable Profile Name VAP 1 ESSID EAP300 1 VLAN ID Disable Enable VLANID t 1 4094 VAP Configuration Page VAP 1 shown 19 The desired VAP profile can be selected from the drop down menu of Profile Name and VAP 1 configuration will serve as an example for all other VAPs Before proceeding further please make sure that the VAP field is Enable afterwards enter an ESSID to represent the WLAN associated with AP s VAP 1 It is suggested that Profile Name is used to describe what this particular VAP will be used for otherwise leave it as default VLAN ID can be chosen at another time Click SAVE to save all changes up to this point and Reboot the system to apply these revised settings Congratulations After reboot the AP can start to work with these revised settings 20 Article IV Adding Virtual Access Points EAP 300 possesses the feature of multi ESSID namely it can behave as multiple virtual access points providing different levels of services from
38. E 8 2 5 Console Interface ar ecto taeda ect ctes cen nseissece oenonasste essen tea sivoaseptaste etess sebr EEEE en SPEE E EEEE SESS EE EEEE Eeee eere eeaeee eere e eene 9 2 5 Access Web Management Interface cccccsecscessscesssecssescessccessecessecesssscsseecessesessescesstsessesceseecessesens 11 3 Connect your AP to your Network e essseesscesseeesoeessocesocesscessoeesocessoeesocesooeesoeesocessoeesoeessoeesoe 15 4 Adding Virtual Access Points eeseessoessoesceesoeesoessoessoesceesoeesoeesocesoeesoessoessoeesoesoesoceeoeesoeesoessoeeo 21 Be SCL YOUF AP aE E E EE EEE NSi 23 6 Create a WDS Bridge between two APS eesseesseesseesocesoessoessoesocesoeesoeesoesooeeoeeeoeesoeesoessoeeseeeoee 32 7 Web Management Interface Configuration e sseesseeesseessecesocesscoessoeesocessoeesooeesoessoeesocessoee 34 PE ESA 65 5 8 EE E E A E T E E EE E E E E E EE ETE ET 36 FMM CG al EE EN A EE E OA E E A A A A A E E E A E A 36 ARANON O aE a A A A AA 38 e T T S ices sesuesasacnasegi use enedseeseucanemendseesegee 39 TA RE e a A E A A 41 TONT E a E E E TE E E E ni 42 EINA P OVIN O N aar ERE E e E 42 PEPA E CIC El sasaasacnzesnoncsaseonaenceasacasdeaegnesseeessnsacaonse segacaiasaceoossazeaneensacsonse S savasessnnsaascaseucnstenes seeaueeusaseeussasoduoos necaesaaen 45 Ae CON OS ss snzcapcecteannsaneecspuacau aeons tepaupsauseasoncczed A E O EEE EE E 47 Of Bs SO CUTLY sx caaasaccesvaeacoacoasntoateos lenses steatosasag
39. Enable Community String Trap Disable Enable SNMP Configuration Fields gt Enable Disable Enable or Disable this function gt Community String The community string is required when accessing the Management Information Base MIB of the system o Read Enter the community string to access the MIB with Read privilege o Write Enter the community string to access the MIB with Write privilege gt Trap When enabled events on Cold Start Interface UP amp Down and Association amp Disassociation can be reported to an assigned server o Enable Disable Enable or Disable this function o Server IP Address Enter the IP address of the assigned server for receiving the trap report e System Log By enabling this function specify an external SYSLOG server to accept SYSLOG messages from the system remotely Vv Vv V WV yn Log Disable Enable SYSLOG Server IP Server Port SYSLOG Level System Log Fields Enable Disable Enable or Disable this function Server IP The IP address of the Syslog server that will receive the reported events Server Port The port number of the Syslog server Syslog Level Select the desired level of received events from the drop down menu 40 d 7 1 4 GRE Tunnel When GRE tunnel is created between EAP 300 and the controller EAP 300 can be logically deployed into the Controller s managed network regardless of its physical location If the tunnel is created from WHG series controll
40. IP address will be blocked from internet access unless its MAC IP pair is listed and enabled on the Static Trust List o Trust List Broadcast can be enabled to let other AP with L2 firewall feature learn the trusted MAC IP pairs to issue ARP requests o Static Trust List can be used to add MAC or MAC IP pairs of devices that are trusted to issue ARP request Other network nodes can still send their ARP requests however if their IP appears in the static list with different MAC their ARP requests will be dropped to prevent eavesdropping lf any settings are made please click SAVE to save the configuration before leaving this page 6 7 Section 7 04 7 3 Utilities The administrator can maintain the system on this page Change Password Backup amp Restore System Upgrade and Reboot a 7 3 1 Change Password To protect the Web Management Interface from unauthorized access it is highly recommended to change the administrator s password to a secure password Only alpha numeric characters are allowed and it is also recommended to make use of a combination of both numeric and alphabetic characters Change Password Backup amp Restore System Upgrade Reboot Home gt Utilities gt Change Password Change Passy Change Password Name admin Old Password New Password up to 32 characters Re enter New Password Change Password Page The administrator can change password on this page Enter the original password
41. Kick the client will be disconnected with the system 75 c 7 4 3 Repeater The administrator can review detailed information of the repeater function on this page Information of repeater s status mode and encryption is provided Overview Clients Repeater Event Log Home Status gt Repeater Information Repeater Information Universal Repeater SSID Cip AP Status TX Rate SNR TX Count TX Error Encryption Enabled 48 Mbits 16 69 Bytes 0 Packets None Repeater Status Page Status The status of the WDS link either Enabled or Disabled TX Rate The transmit rate of the WDS link TX Count The accumulative number of transmission counts TX Errors The accumulative number of transmission errors 76 d 7 4 4 Event Log The Event Log provides the system activities records The administrator can monitor the system status by checking this log Overview Y Associated Clients Y Repeater Event Log Home gt Status gt Event Log Event Log Jan 1 08 00 16 syslogd started BusyBox v1 12 4 Jan 1 08 00 17 syslog athOap0O IEEE 802 11 Fetching hardware channel rate support not supported Event Log Page In the log each line represents an event record in each line there are 4 fields e Date Time The time amp date when the event happened e Hostname Indicates which host recorded this event Note that all events on this page are local events so the hostname in this field is always the sam
42. L Authenticate incoming MAC addresses by an external RADIUS When RADIUS ACL is selected all incoming MAC addresses will be authenticated by an external RADIUS Please note that each VAP s MAC ACL and its security type shown on the Security Settings page share the same RADIUS configuration VAP Overview j General VAP Config Security Repeater Advanced Access Control Site Survey b Home Wireless Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients f Range 1 32 Access Control Type RADIUS ACL w Primary RADIUS Server Note These settings will also apply to security settings which use RADIUS Server for this VAP Host Domain Name IP Address Authentication Port 1 65535 Secret Key fs RADIUS ACL 37 h 7 2 7 Site Survey Sit Survey is a useful tool to provide information about the surrounding wireless environment available APs are shown with their respective SSID MAC Address Channel Rate setting Signal reading and Security tyoe The administrator can click Setup or Connect to configure the wireless connection according to the mentioned readings when Repeater Type is Universal Repeater Scan Agan AAE MAC Address Channel Rati Ss PCT ed Security seiun Comert 00 i 00 iF pA 00 26 56 14 43 None Connect OO 5 DS TF D4 OG 2E 36 l 34 2 wore Connect lf Universal Repeater function is enabled the system can scan and dis
43. LED Green ON LED Red ON To indicate different WES status as follows Master Slave Section 2 04 2 4 Hardware Installation Please follow the steps mentioned below to install the hardware of EAP 300 1 Place the EAP 300 at the best location The best location for EAP 300 is usually at the center of your intended wireless network 2 Connect the EAP 300 to your network device Connect one end of the Ethernet cable to LAN port of EAP 300 and the other end of the cable to a switch a router or a hub EAP 300 is then connected to your existing wired LAN network 3 There are two ways to supply power over to EAP 300 a Connect the DC power adapter to the EAP 300 power socket b EAP 300 LAN port is capable of transmitting DC currents Connect an IEEE 802 3af compliant PSE device e g a PoE switch to the LAN port of EAP 300 with the Ethernet cable Now the Hardware Installation is complete e Please only use the power adapter supplied with the EAP 300 package Using a different A power adapter may damage this system e To double verify the wired connection between EAP 300 and you switch router hub please also check the LED status indicator of the respective network devices Section 2 05 2 5 Console Interface Via this port to enter the console interface for the administrator to check the IP address of EAP 300 and reset the device to default if the admin password is forgotten 1 In order to connect to the console port of EA
44. MI is the page where the status is displayed control is issued and parameters are configured In the Web Management Interface there are two main interface areas Main Menu and Working Area The Working Area occupies the largest area of the WMI displayed in the center of the interface It is also referred to as the configuration page The Main Menu on the top of the WMI allows the administrator to traverse to various management functions of this system The management functions are grouped into branches System Wireless Firewall Utilities and Status Table 1 EAP 300 s Function Organization OPTION FUNCTION General Network Interface Management GRE Tunnel VAP Overview General VAP Configuration Security Wireless Repeater Advanced Access Control Site Survey Firewall List Service Advanced Change Password Backup amp Restore System Upgrade 34 ee OPTION FUNCTION gt Note Overview Associated Clients Repeater Event Log On each and every configuration page you may Click Save to save the changes but you must reboot the system upon the completion of all configurations settings for the changes to take effect When clicking Save the following message will appear Some modification has been saved and will take effect after Reboot All online users will be disconnected during reboot or restart 35 Section 7 01 7 1 System Found after clicking on the System button this section allows for g
45. NS Server fo Layer STP Disable Enable Network Settings Page e Mode Determine the way to obtain the IP address by DHCP or Static gt Static The administrator can manually set up the static LAN IP address All required fields are marked with a red asterisk o IP Address The IP address of the LAN port o Netmask The Subnet mask of the LAN port o Default Gateway The Gateway IP address of the LAN port o Primary DNS Server The IP address of the primary DNS Domain Name System server o Alternate DNS Server The IP address of the substitute DNS server gt DHCP This configuration type is applicable when the system is connected to a network with the presence of a DHCP server all related IP information required will be provided by the DHCP server automatically e Layer 2 STP If the EAP 300 is set up to bridge other network components this option can be enabled to prevent undesired loops because broadcasting storm may occur in a multi switch environment where broadcast packets are forwarded in an endless loop between switches Moreover a broadcast storm may consume most of available system resources in addition to available bandwidth Thus enabling the Layer 2 STP can lower such undesired occurrence and derive the best available data path for network Communication c 7 1 3 Management The EAP 300 s provided services e g VLAN Management SNMP and System log can be configured here General Network Interface
46. Number Channel 1 Location TX Power 19 dBm Site EN A Device Time 1976 01 01 08 00 30 System Up Time Odays 0 00 30 LAN Interface gt AP Status Profile 2 Security Online MAC Address 00 1F D4 83 96 01 Name BSSID ESSID re Clients SRE IP Address VAP 1 O0 1F D4 83 96 02 EAP 1 None o Subnet Mask 255 255 0 0 VAP 2 06 1F D4 83 96 02 EAP 2 None 0 3 Gateway VAP 3 OA 1F 04 83 96 02 EAP 3 None 0 amp e GRE Tunnel Status Connected Remote IP 1927 166 3 3 Key 12345 Web Management Interface Main Page System Overview From here click on the System icon to arrive at the following page On this Page you can make entries to the Name Description and Location fields as well as set the device s time General Network Interface 1 Management GRE Tunnel h Home gt System gt General System Information Name Enterprise Access Point Description S O Location s O Time Device Time 1970 01 05 14 17 18 Time Zone GMT 08 00 Taipei Time O Enable NTP Manually set up Set Date Mear Month Day Set Time Hour Mimin v sec System Information Page There are two methods of setting up the time Manual indicated by the option Set Date amp Time and NTP The default is Manual and requires individual setup every time the system starts up Simply choose a time zone and set the time accordingly When finished click Save Time Zone GMT 08 00 Taipei ha Time O E
47. P 1 Maximum Number of Clients f Range 1 32 Access Control Type Disable Access Control Access Control Settings Page e Maximum Number of Clients EAP 300 supports various methods of authenticating clients for wireless LAN access The default policy is unlimited access without any authentication required To restrict the station number of wireless connections simply change the Maximum Number of Stations to a desired number For example while the number of stations is set to 20 only 20 stations are allowed to connect to the specified VAP 56 e Access Control Type The administrator can restrict the wireless access of client devices based on their MAC addresses gt Disable Access Control When Disable is selected there is no restriction for client devices to access the system gt MAC ACL Allow List When selecting MAC ACL Allow List only the client devices identified by their MAC addresses listed in the Allow List allowed MAC addresses are granted with access to the system The administrator can temporarily block any allowed MAC address by checking Disable until the administrator re Enables the listed MAC VAP Overview General VAP Config Y Security Repeater Advanced Access Control Site Survey h Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients f Range 1 32 Access Control Type MAC ACL Allow List Mo MAC Address Stat
48. P 300 a console modem cable and a terminal simulation program such as the Hyper Terminal are needed 2 Ifa Hyper Terminal is used please set the parameters as 115200 8 None 1 None ax Pon teling Bite pei second Cusa Piti ie Panty Hone So bt as Fir ite Neme Heroe Deisi OK Cancel Ano The console interface looks like the screenshot below displaying the current LAN IP address and the instructions to reset device to default COM4 PulT login When resetting the device to default from the console interface key in reset2def for login and password Confirm yes and EAP 300 will begin the reset process SYSTEM IP 192 166 10 1 25 Enter resetzedet twice to E aa wh actory default login Password Do you really want to Set actory default and reboot yes ye When the login prompt reappears the device has completed the reset to default process and the LAN IP is reset to 192 168 1 1 Copying Feature Control Profile Check customized objects Check customized pages objects Configuration file tmp hosta Cat can t open tmp status s start syslogd CHH 03if wap atop Stopping OSIF WAF br port 3 fathOapo entering disabled state loctl IEEESO0211 I0CTL SETMLME Invalid argument Could not connect to kernel driver toctl TEEES0e11 TOCTL SETMLME Invalid argumant Using interface athOapO with hwaddr OO 00 33 93 and ssid EAP
49. P 300 x1 e Quick Installation Guide x1 e CD ROM with Users Manual and QIG x1 e Power Adapter DC 12V x1 e Cat 5e Ethernet cable x1 e Antenna x3 It is recommended to keep the original packing materials for possible future shipment when repair or maintenance is required Any returned product should be packed in its original packaging to prevent damage during delivery Article II System Overview and Getting Started Section 2 01 2 1 Introduction of LevelOne EAP 300 The LevelOne EAP 300 Enterprise Access Point embedded with 802 11 n a b g dual band MIMO radio in dust proof metal housing is designed for wireless connectivity in enterprise or industrial environments of all dimensions EAP 300 makes the wireless communication fast secure and easy It Supports business grade security such as 802 1X and Wi Fi Protected Access WPA and WPA2 By pushing a purposely built button the LevelOne WES feature makes it easy to bridge wireless links of multiple EAP 300s for forming wider wireless network coverage EAP 300 also features multiple ESSIDs with VLAN tags one EAP 300 can emulate up to eight Virtual APs great for enterprise applications such as separating the traffics of different departments using different ESSIDs PoE Switch fe Co gt li NY paanan MOS Unk lle Ate WHG Controller ESSID 2 Gs Wired and Wireless Network Layout with EAP200s Section 2 02 2 2 Deployment Topology fe nario ation 199 1481 14 AP
50. P address or domain name must be provided Time Device Time 2000 01 03 04 32 49 Time Zone GMT 08 00 Taipei Time Enable NTP Manually set up NTP Time Configuration Fields Generally networks would have a common NTP server internal or external If there is use it otherwise locate a nearby NTP server on the web 2 Manually set up By selecting Manually set up the administrator can manually set the system date and time Time Device Time 2000 01 03 04 32 49 Time Zone Time O Enable NTP Manually set up Set Time Bour Mimin l Msec Manual Time Configuration Fields Set Date Select the appropriate Year Month and Day from the drop down menu Set Time Select the appropriate Hour Min and Sec from the drop down menu Unless both an Internet connection and a network NTP server are unavailable it is recommended to use an NTP server for time synchronization because system time needs to be reconfigured once system reboot when choosing Manual set up 37 b 7 1 2 Network Interface On this page the devices network settings may be configured field with a red asterisk i e IP Address Netmask Default Gateway and Primary DNS Server are required General Y Network Interface Management Y GRE Tunnel Home gt System gt Network Interface Network Settings Mode Static DHCP IP Address J Default Gateway Primary DNS Server Alternate D
51. acmssnaoatesasaeonsoateeasoaqsactosaancseasnniaeanoaaseaepeanack oontateateonuieannosstospsaiacaonaak 48 Dy OC OL E E A E E sea nesestaasiopsdua E E E E nes secisenseta nemestuaasmossuanesesecisrapsevanemesteaneces 51 AEAN E 54 7 2 6 Access Control o ieee ccecccesssssccccccecssssssesceccecesesssssssecceecesssssseccececessssscecececesssasesecececeesstsssecceeeeesttsseeeeeeenens 56 27 SUM ULV GY EE E A E A E A E E AA A E 60 TPES a e E E E A E E A NE 62 Te A eo SU E E E E A EEE EAEN P EE EEE E EEN E 62 FD ERE VNC IOIEN EEPO EERO EA O EEE SEEE EA O EOE AEO EEEE 66 TF A aE AT EAE AE E E E AAEE 67 7S UNES eeen EENE EEEE EEEN EE E EEN E ONR EE 68 Zor P n eaaa E A T EE E E A 68 E E E i e E A E EE E ASE A E sedi E E E E S 69 A Do 0 a E E E E A ee E E ee eee 70 Toa REDO eee E E E A EEA E 71 Fe ee U E PE E A EAA A IE E EAA A A E E A AA AE A A E A E A I2 Ta OVE ON eoe E E E E E E 12 PA a Associ ed Chen eesi ia e E eiad Ee eias E Ei 75 PAS K A T aa S S eee 76 PAATE LOE a A A e 71 TO OMe Hel Deise a scree cheesiest a sont ts ts ts an dates neko tea ae ses 78 About 4ipnet The LevelOne Secure WLAN Controller series is powered by 4ipnet LevelOne is partnered with 4ipnet to deliver most feature rich product yet simple deployment in wireless networking infrastructure solution 4ipnet is a leading provider of wireless networking solution for manageable reliable and secure wireless access In an effort to meet changing market demands at t
52. an be chosen to be Block or Pass Remark The note of this rule can be specified here When the configuration for firewall rule is provided please click SAVE and Reboot system to let the firewall rule take effort gt gt To insert a specific rule In in Setting column of firewall list will lead to the following page for detail configuration with rule ID for the current inserted rule From this page the rule can be edited form scratch or from an existing rule for revision Firewall List Service Advanced Home gt Firewall List gt Rule Config Layer 2 Firewall Configuration H Rule ID Interface From To WAPI Service ALL ka IF Address fo Mask 0 0 0 0 0 w P address Masks 0 0 0 0 70 3 Action Block Pass gt gt To move a specific rule Mv in Setting column of firewall list will lead to the following page for reordering confirmation After SAVE button is clicked and system reboot the order of rules will be updated 64 Firewall List Home gt Firewall gt Move rule Move Rule 1 Before After ID 1 20 Please make sure all desired rules state of rule are checked and saved in overview page the rule will be ID Move to enforced upon system reboot Firewall List Service Advanced Home gt Firewall gt Firevell List Layer 2 Firewall Settings Enable Layer 2 Firewall Disable Enable No State Action Name
53. anced Access Control Site Survey Home gt Wireless gt VAP Overview VAP Overview VAP No ESSID State Security Type MAC ACL Advanced Settings 1 EAP300 1 Enabled None Disabled Edit 2 EAP300 2 Disabled None Disabled Edit 3 EAP300 3 Disabled None Disabled Edit 4 EAP300 4 Disabled None Disabled Edit 5 EAP300 5 Disabled None Disabled Edit 6 EAP300 6 Disabled None Disabled Edit 7 EAP300 7 Disabled None Disabled Edit 5 EAP300 8 Disabled None Disabled Edit VAP Overview Page On the VAP Overview page check the table to confirm the VAP State If it is Enabled skip to Step 2 If not click on to proceed with VAP Configuration for that particular VAP VAP Overview Y General WAP Co nfig Security Repeater Y Advanced Access Control Y Site Su mey Home gt Wireless VAP Config VAP Configuration Profile Name VAP Disable Enable Profile Name VAP 1 ESSID EAP3O0 1 VLAN ID Disable Enable VLANID 1 4094 VAP Configuration Page VAP 1 shown Select Enable for the VAP field and click Save Click the Overview tab to return to the previous table to begin the next step Step 2 Configure Security Settings for your VAP Now we will proceed to secure your AP The following instructions allow you to secure it using a wireless standard encryption If you wish to only restrict MAC addresses skip to the Step3 If you want to also include MAC restrictions include the following step First click on the cor
54. ass traffics of layer 3 or above protocols These services are available to choose from drop down list of layer2 firewall rule edit page with Ether Type to be IPv4 The first 28 entries are default services and the administrator can add delete any extra desired services There are 28 firewall services available in default settings these default services cannot be deleted but can be disabled If changes are made please click SAVE to save the settings before leaving this page Firewall List Service Advanced Home Firewall Service Config No Name 1 ALL 2 ALL TCP 3 ALL UDP ALL ICMP 3 FIP 6 HTTP 7 HTTPS POPS g SMTP 10 DHCP Firewall Service Description Delete ALL TCP Source Port 0 65535 Destination Port 0 65535 UDP Source Port 0 65535 Destination Port 0 65535 ICMP TCP UDP Destination Port 20 21 TCP UDP Destination Port 80 TCP UDP Destination Port 443 TCP Destination Port 110 TCP Destination Port 25 UDP Destination Port 67 68 First Prey Next Last total 28 Add Firewall Service Page 66 c 7 3 3 Advanced Advanced firewall settings are used to supplement the firewall rules providing extra security enhancement against DHCP and ARP traffics traversing the available interfaces of system Firewall List Y Service Y Advanced Home gt Firewall gt Advanced Advanced Firewall Settings Trust Interface c c c c c E c c VAP1 VAP2 VAPS VAP4 VAP5 VAP VAP VAPS DHCP Snooping
55. ble Enable IAPP Disable Enable Multicast Broadcast Rate Advanced Wireless Settings Page 44 b 7 2 2 General AP s general wireless settings can be configured here VAP Overview General VAP Config Security Repeater Advanced Access Control Y Site Survey Home gt Wireless gt General General Settings Band 802 11g 802 11n L Pure iin Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Width Channel Max Transmit Rate Transmit Power ACK Timeout 100 0 255 O Auto Unit 4 micro seconds Beacon Interval 100 100 500ms 3 AP General Settings Page Band Select an appropriate wireless band 802 11b 802 11g 802 11b 802 11g 802 119 802 11n or select Disable if the wireless function is not required gt Pure 11n Enable 802 11n network only Short Preamble The short preamble with a 56 bit synchronization field can improve WLAN transmission efficiency Select Enable to use Short Preamble or Disable to use Long Preamble with a 128 bit synchronization field Short Guard Interval available when Band is 802 11g 802 11n The guard interval is the space between symbols characters being transmitted to eliminate inter symbol interference In order to further boost throughput with 802 11n short guard interval is half of what it used to be please select Enable to use Short Guard Interval or Disable to use normal Guard Interval Channe
56. d WEP key value the system supports up to 4 sets of WEP keys e 802 1X When 802 1X Authentication is selected RADIUS authentication and enhanced WEP are provided VAP Overview General Y VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless Security Security Settings Profile Name VAP 1 Security Type 802 1X x Dynamic WEP Bisable Enable WEP Key Length 64 bits 128 bits Rekeying Pernod 300 seconds Peery RADE Server pages f Domain Name IP Address Authentication Port 18 12 l Secret Key te Accounting Service Disable Enable Accounting Port 1813 ig Accounting Interim Update Interval second s Security Settings 802 1X Authentication gt Dynamic WEP Settings o Dynamic WEP For 802 1X security tyoe Dynamic WEP is always enabled to automatically generate WEP keys for encryption o WEP Key Length Select from 64 bit or 128 bit key length o Re keying Period The time interval for the dynamic WEP key to be updated the time unit is in second gt RADIUS Server Settings Primary Secondary o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and l
57. d retype it in the Re enter New Password field Congratulations Now LevelOne s EAP 300 is installed and configured successfully It is strongly recommended to make a backup copy of configuration settings A e After the EAP 300 s network configuration is completed please remember to change the IP Address of your PC Connection Properties back to its original settings in order to ensure that your PC functions properly in its real network environments Article III Connect your AP to your Network The following instructions depict how to establish the wireless coverage of your network The AP will connect to the network through its LAN port and provide wireless access to your network After having prepared the EAP 300 s hardware for configuration set the TCP IP settings of administrator s computer to have a static IP Address of 192 168 1 10 and Subnet Mask of 255 255 255 0 Step 1 Configuring the AP s System Information gt Enter the AP s default IP Address 192 168 1 1 into the URL of a web browser gt Login via using Username admin and Password admin The WMI appears as shown below gt mg System Wireless Firewall Utilities Status T i i Fi 3 Y i Overview Associated Cliente Repeater Event Log Home gt Status gt System Overnier System Overview g gt System Radio Status System Name Enterprise Access Point MAC Address 00 1F 24 83 96 02 Firmware Version Band 802 1ig n Build
58. d to indicate the type of encapsulated traffics 63 gt gt VLAN ID when EtherType is 802 1 Q The VLAN ID is provided to associate with certain VLAN tagging traffics Priority when EtherType is 802 1 Q It denotes the priority level with associated VLAN traffics Encapsulated Type when EtherType is 802 1 Q It can be used to indicate the type of encapsulated traffics Opcode when EtherType is ARP RARP This list can be used to specify the ARP Opcode in ARP header Source MAC Address Mask indicates the source MAC IP Address Mask indicates the source IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields Destination MAC Address Mask indicates the destination MAC IP Address Mask indicates the destination IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields Action The rule can be chosen to be Block or Pass Remark The note of this rule can be specified here When the configuration for firewall rule is provided please click SAVE and Reboot system to let the firewall rule take effort gt gt To insert a specific rule In in Setting column of firewall list will lead to the following page for detail configuration with rule ID for the current inserted rule From this page the rule can be edited form scratch or from an existing rule for revision Firewall List Service Advanced Home gt Firewall List gt Rule Config Layer 2 Fi
59. e MAC Allow List Note An empty Allow List means that there are no allowed MAC addresses Make sure at least the MAC of the modifying system is included e g network administrator s computer 5 MAC ACL Deny List When selecting MAC ACL Deny List all client devices are granted with access to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAC address to connect to the system temporarily by checking Disable VAP Overview General WAP Config Security Repeater Adva nced Y Access Control Site Survey h Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients f Range 1 32 Access Control Type MAC ACL Deny List w No MAC Address 1 fe Disable O Enable Deny List State 58 gt RADIUS ACL Authenticate incoming MAC addresses by an external RADIUS When RADIUS ACL is selected all incoming MAC addresses will be authenticated by an external RADIUS Please note that each VAP s MAC ACL and its security type shown on the Security Settings page share the same RADIUS configuration VAP Overview j General VAP Config Security Repeater Advanced Access Control Site Survey b Home Wireless Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients f Range 1 32 Access Control Type RADIUS ACL w Pr
60. e However in remote SYSLOG service this field will help the administrator identify which event is from this EAP 300 e Process name Indicate the event generated by the running instance e Description Description of the event To save the file locally click SAVE LOG to clear all of the records click CLEAR Section 7 06 7 6 Online Help The Help button is at the upper right corner of the display screen Click Help for the Online Help window and then click the hyperlink of the relevant information needed Home Logout 7 Help Online Help Corner 78 level nas a E Hn E Zea E one LevelOne EAP 300 Enterprise Access Point User Manual V1 00 Table of Contents i TROLS Yon SC ee ssc eusbeassanssaean tev satcosdetieeucedosucossseesessesens 3 MMP aioe ca cactea ase nats E A EE E A E 3 1 2 Document Conventions cccccccccccccccccccceceeceeceeeeeeeeeeeeeeeeeeeeeseseeseeeeeeeeseeeeeeeeeseeseeeeeeeseeeeeseseseseseeeeesesecs 3 OD PAG A CO e E E E E E anteloalaneGeg aise enaitaenastetoness 3 2 System Overview and Getting Started essessoesscescceesccesocesoesscesocesccescocescessoesscesscesscesseeseees 4 24 Introd c on of LevelOne EA P90 O ss sassicastarcessasanoincdcnsadesasancianisazdeasasbuctondistagerasanccosiwatacesadeeo aE EE Troiae 4 2A Deployment Topology 4 en On er ne ne on Pe eee 5 OD TAA Gy ar Doser E Oee naaa E EE 6 24 Hardware MAS Ue A OMe rte ests E E E E T E E E
61. e During firmware upgrade please do not turn off the power This may permanently damage the system 70 d 7 3 4 Reboot This function allows the administrator to restart the EAP 300 safely The process shall take about three minutes Click Reboot to restart the system Please wait for the blinking timer to complete its countdown before accessing the system s Web Management Interface again The System Overview page will appear after reboot successfully Occasionally it is necessary to reboot the EAP 300 to ensure that parameter changes are submitted Change Password j Backup amp Restore System Upgrade Reboot Home Utilities gt Reboot Reboot the System Reboot may take several minutes to complete The Admin Login Page will be shown after system boots up Reboot Page Section 7 05 7 4 Status This page is used to view the current condition and state of the system and includes the following functions Overview Associated Clients Repeater and Event Log a 7 4 1 Overview The System Overview page provides an overview of the system status for the administrator r E Associated Clients Repeater Event Log h Y Home gt Status gt System Overview System Overview amp System __________ amp Radio Status System Name Enterprise Access Point MAC Address 00 1F D4 83 96 02 Firmware Version Band 802 1i9 n Build Number Channel 1 Location TX Power 19 dBm Site
62. e Version Build Number Location Device Time 1970 01 01 08 00 30 System Up Time 0 days 0 00 30 O LAN Interface MAC Address 00 1F D4 83 96 01 IP Address Subnet Mask 255 255 0 0 Gateway GRE Tunnel Connected Remote IP 192 168 3 3 Status ii Firewall System Overview i Radio Status MAC Address 00 1F D4 83 96 02 OA Utilities l Band 802 11g n Channel 1 TX Power 19 dBm gt AP Status Profile Name VAP 1 BSSID VAP 2 Security Online Type Clients None o None o GRE 7 The Web Management Interface System Overview Page 12 e To logout simply click on the Logout button at the upper right hand corner of the interface to return to the Administrator Login Page Click OK to logout fHome Logout Help Logout Message from webpage Eg P re vou sure to logoff Please follow the following steps to change the administrator s password g gt gt O A 2 System AP Firewall Utilities Status N Change Password Backup Restore System Upgrade Reboot 4 Home gt Utilities gt Change Password Change Password Name admin Old Password New Password up to 32 characters Re enter New Password Change Password Page gt Click on the Utilities button and then select the Admin Password tab gt Enter the old password and then a new password with a length of up to 32 characters an
63. ecking this log Overview Y Associated Clients Y Repeater Event Log Home gt Status gt Event Log Event Log Jan 1 08 00 16 syslogd started BusyBox v1 12 4 Jan 1 08 00 17 syslog athOap0O IEEE 802 11 Fetching hardware channel rate support not supported Event Log Page In the log each line represents an event record in each line there are 4 fields e Date Time The time amp date when the event happened e Hostname Indicates which host recorded this event Note that all events on this page are local events so the hostname in this field is always the same However in remote SYSLOG service this field will help the administrator identify which event is from this EAP 300 e Process name Indicate the event generated by the running instance e Description Description of the event To save the file locally click SAVE LOG to clear all of the records click CLEAR Section 7 06 7 6 Online Help The Help button is at the upper right corner of the display screen Click Help for the Online Help window and then click the hyperlink of the relevant information needed Home Logout 7 Help Online Help Corner 78
64. ed among Auto Highest High Medium Low and Lowest trom the drop down menu ACK Timeout It indicates a period of time that the system waits for an Acknowledgement frame sent back from a station without retransmission In other words upon timeout if the Acknowledgement frame is still not received the frames will be retransmitted This option can be used to tune network performance for extended coverage For regular indoor deployments please keep the default setting Beacon Interval ms The entered amount of time indicates how often the beacon signal will be sent from the access point Due to RF regulation in different nations available values in the above table will differ Table 2 RF Configurations under normal circumstances in certain countries 802 11a 802 11b 802 119 802 11b 802 11g 802 11a 802 11n 802 11n 802 11g 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 1523 Oye 0 18 Oy 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 12 13 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 1 2 3 4 5 6 7 8 9 10 11 12 13 J J J J J 46 6M 9M 12M 18M 24M 36M 48M 54M 1M 2M 5 5M 11M 6M 9M 12M 18M 24M 36M 48M 54M Auto Lowest Low Medium High Highest 1M 2M 5 5M 6M 9M 11M 12M 18M 24M 36M 48M 54M 6M 9M 12M 18M 24M 36M 48M 5
65. ee OPTION FUNCTION gt Note Overview Associated Clients Repeater Event Log On each and every configuration page you may Click Save to save the changes but you must reboot the system upon the completion of all configurations settings for the changes to take effect When clicking Save the following message will appear Some modification has been saved and will take effect after Reboot All online users will be disconnected during reboot or restart 35 Section 7 01 7 1 System Found after clicking on the System button this section allows for general configurations of the devices e g Time Setup Network Configurations and System Logs This section includes the following functions General Network Interface Management and GRE Tunnel a 7 1 1 General General Home gt System General Name Description Location Device Time Time Zone Time Set Date Network Interface Management GRE Tunnel System Information Enterprise Access Point Time 1970 01 05 15 26 40 GMT 08 00 Taipel Enable NTP Manually set up Bear MMonth Day Set Time gt Hour imin Msec System Information Page System Information For maintenance purpose it is highly recommended to have the following information stated as clearly as possible gt Name The system name used to identify this system gt Description Further information ab
66. elect a pre shared key type PSK Hex or Passphrase gt Pre shared Key Enter the key value for the pre shared key the format of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds 27 e WPA RADIUS Authenticate users by RADIUS and provide WPA data encryption VAP Overview General VAP Config Y Security Repeater Y Advanced Access Control Site Survey Home Wireless gt Security Security Settings Profile Name Security Type Cipher Suite Group Key Update Period 600 second s Primary RADIUS Server Host A Domain Name IP Address Authentication Port jigiz2_ Secret Key ae F Accounting Service Disable Enable Accounting Interim Update Interval so second s Security Settings WPA RADIUS gt WPA Settings o Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and log
67. eneral configurations of the devices e g Time Setup Network Configurations and System Logs This section includes the following functions General Network Interface Management and GRE Tunnel a 7 1 1 General General Home gt System General Name Description Location Device Time Time Zone Time Set Date Network Interface Management GRE Tunnel System Information Enterprise Access Point Time 1970 01 05 15 26 40 GMT 08 00 Taipel Enable NTP Manually set up Bear MMonth Day Set Time gt Hour imin Msec System Information Page System Information For maintenance purpose it is highly recommended to have the following information stated as clearly as possible gt Name The system name used to identify this system gt Description Further information about the system e g device model firmware version and active date gt Location The information on geographical location of the system for the administrator to locate the system easily Time gt Device Time Display the current time of the system gt Time Zone Select an appropriate time zone from the drop down list box gt Time Synchronize the system time by NTP server or manual setup 36 1 Enable NTP By selecting Enabled NTP EAP 300 can synchronize its system time with the NTP server automatically While this method is chosen at least one NTP server s I
68. erage of your network The AP will connect to the network through its LAN port and provide wireless access to your network After having prepared the EAP 300 s hardware for configuration set the TCP IP settings of administrator s computer to have a static IP Address of 192 168 1 10 and Subnet Mask of 255 255 255 0 Step 1 Configuring the AP s System Information gt Enter the AP s default IP Address 192 168 1 1 into the URL of a web browser gt Login via using Username admin and Password admin The WMI appears as shown below gt mg System Wireless Firewall Utilities Status T i i Fi 3 Y i Overview Associated Cliente Repeater Event Log Home gt Status gt System Overnier System Overview g gt System Radio Status System Name Enterprise Access Point MAC Address 00 1F 24 83 96 02 Firmware Version Band 802 1ig n Build Number Channel 1 Location TX Power 19 dBm Site EN A Device Time 1976 01 01 08 00 30 System Up Time Odays 0 00 30 LAN Interface gt AP Status Profile 2 Security Online MAC Address 00 1F D4 83 96 01 Name BSSID ESSID re Clients SRE IP Address VAP 1 O0 1F D4 83 96 02 EAP 1 None o Subnet Mask 255 255 0 0 VAP 2 06 1F D4 83 96 02 EAP 2 None 0 3 Gateway VAP 3 OA 1F 04 83 96 02 EAP 3 None 0 amp e GRE Tunnel Status Connected Remote IP 1927 166 3 3 Key 12345 Web Management Interface Main Page System Overview From here click on the System icon to arr
69. erprise Access Point 5 4 3 z 4 EAP 300 LED Panel ML i LED ON indicates power on OFF indicates power off LED OFF indicates RF is not ready ON indicates RF is ready CLINKING indicates transmitting receiving data ip LED ON indicates Ethernet cable connected OFF indicates no connection i o eee future use WES Start LED Green OFF and then LED Red OFF and then BLINKING SLOWLY BLINKING SLOWLY WES Negotiate BLINKING NORMALLY BLINKING NORMALLY Green Red WES Negotiate Timeout LED Green ON LED Red ON WES Success LED Red ON LED Green ON WES Fail LED Green ON LED Red ON To indicate different WES status as follows Master Slave Section 2 04 2 4 Hardware Installation Please follow the steps mentioned below to install the hardware of EAP 300 1 Place the EAP 300 at the best location The best location for EAP 300 is usually at the center of your intended wireless network 2 Connect the EAP 300 to your network device Connect one end of the Ethernet cable to LAN port of EAP 300 and the other end of the cable to a switch a router or a hub EAP 300 is then connected to your existing wired LAN network 3 There are two ways to supply power over to EAP 300 a Connect the DC power adapter to the EAP 300 power socket b EAP 300 LAN port is capable of transmitting DC currents Connect an IEEE 802 3af compliant PSE device e g a PoE switch to the LAN port of EAP 300 with the Ethernet cable Now the Hardwa
70. ers all of the configuration should be performed on the Controller side It is meaningless to configure GRE tunnel settings from the EAP 300 side Once the settings are applied from the Controller side the applied settings such as Key string will be passed to the corresponding EAP 300 and its WMI page will automatically open to confirm the changes Click Restart link and EAP 300 will restart to activate the tunnel A new window will automatically open and display the tunnel settings from the AP side which is passed from the Controller Click the Reboot link to apply and activate the settings to AP Please refer to your WHG manual for more information regarding AP management with tunnels General Network Interface Y Management GRE Tunnel CAPWAP Home gt System gt Management Services GRE Tunnel Configuration GRE Tunnel Disable Enable key ooo Interface yapi F VAP2 F VAP3 VI VAP4 V VAP5 F VAPG F VAP7 V VAPS WDS1 v WDS2 WDSs WDS4 e GRE Tunnel To enable click Enable of GRE Tunnel gt Remote IP Enter the IP address of the Controller gt Key Set up a password for the connection e Interface Select a VAP or WDS that its traffic will pass through the GRE Tunnel between APs and controller For how to enable VAP items please refer the section 7 2 3 VAP Configuration for reference 4 Section 7 02 7 2 Wireless This section includes the following functions VAP Overview General VAP Configuration Security
71. erview General Y VAP Config Y Security Y Repeater Y Advanced Y Access Control Site Survey Home gt Wireless gt VAP Overview VAP No ESSID EAPSOO 1 EAP3O0 2 EAPSOO 3 EAP300 4 EAP300 5 EAP 300 6 EAP 300 7 EAP 300 8 State Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled VAP Overview Security Type None None None None None None None None VAP Overview Page 42 MAC ACL Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Adwanced Settings Edit Edit Edit Edit Edit Edit Edit Edit e State The hyperlink showing Enable or Disable connects to the VAP Configuration page Eh a NI Ta 3 N i VAP Overview General WYAF Config k Security Repeater Advanced Access Control Site Survey Home Wireless VAP Config VAP Configuration Profile Name VAP Disable Enable VAP 1 EAP300 1 VLAN ID Disable Enable VLAN ID 1 4094 Profile Name ESSID VAP State Page eSecurity Type The hyperlink showing the security type connects to the Security Settings Page VAP Overview General VAP Config N Secu rity Repeater Advanced Access Control Home gt Wireless gt Security Site Survey Security Settings Profile Name VAP 1 Security Type VAP Security Type Page 43 e MAC ACL The hyperlink showing Allow or Disable connects to the Access Contr
72. gs o Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period When finished with these configurations and you do not wish to add MAC restrictions click SAVE and Reboot the system Otherwise click on the Overview tab and proceed with the next step 28 Step 3 Configuring MAC ACL Access Control List Click on the hyperlink corresponding with your VAP in the MAC ACL column You will be brought to the Access Control Settings page Site Survey h VAP Overview General WAP Config J Security J Repeater l Adwanced 1 Access Control Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Nu
73. h Channel Max Transmit Rate Transmit Power ACK Timeout 100 0 255 O Auto Unit 4 micro seconds Beacon Interval 100 100 500ms Wireless General Settings Page Here simply make sure that both APs are using the same Band and Channel in order to establish a successful WDS link Click SAVE if any changes have been made Step 2 Prevent Loops if Connecting Many AP s When many APs are linked in this manner undesired loops may form to lower overall WLAN performance To prevent such occurrence please make sure Layer 2 STP is enabled To turn on this feature please click on the System and then Network Interface tab General Y Network Interface Management GRE Tunnel Home gt System gt Network Interface Network Settings Mode Static DHCP IP Address 1927 168 1 1 sa Netmask 255 255 0 0 Default Gateway a Primary DNS Server ii Alternate DNS Server OoOo Layer STP Disable Enable Network Settings Page Please select Enable in the field labeled Layer2 STP This will prevent data from looping or a broadcast storm Click SAVE when completed and then Reboot to allow updated settings to take effect 33 Article VII Web Management Interface Configuration This chapter will guide you through the EAP 300 s detailed settings The following table shows all the User Interface Ul functions of LevelOne s EAP 300 Enterprise Access Point The Web Management Interface W
74. he following page for removal confirmation After SAVE button is clicked and system reboot the rule will be removed Firewall List Service 4 Advanced 4 Home Firewall Firewall List Layer 2 Firewall Settings Remove rule 1 gt gt To edit a specific rule Ed in Setting column of firewall list will lead to the following page for detail configuration From this page the rule can be edited from scratch or an existing rule for revision Firewall List Service pr nced Home Firewall List gt Rule Config Layer 2 Firewall Configuration Rule ID 1 EtherType IEEESO2 3 Interface From To DSAP SSAP mon ie IPv4 0800 Destination me aya aa ey e MAC Address o1 00 0C cc cc cc mas Action Block Pass Remark gt Rule ID The numbering of this specific rule will decide its priority among available firewall rules in the table Rule name The rule name can be specified here EtherType The drop down list will provide the available types of traffics subject to this rule Interface It can indicate inbound outbound direction with desired interfaces Vv Vv VY MV Service when EtherType is IPv4 Select the available upper layer protocols services from the drop down list gt DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for the fields in 802 2 LLC frame header gt Type when EtherType is IEEE802 3 The field can be use
75. he least possible cost 4ipnet delivers a diverse array of turnkey high performance products and mission critical applications to bring reliability and manageability to increasingly complex wireless networks 4ipnet s complete WLAN infrastructure solution portfolio addresses the needs of different network operation environments ranging from the ISP to the SOHO with an emphasis on simplified network deployment centralized network management and enhanced network performance 4ipnet Article I Before You Start Section 1 01 1 1 Preface This manual is intended for system integrators field engineers and network administrators to set up LevelOne s EAP 300 802 11n a b g Enterprise Access Point in their network environments It contains step by step procedures and visual examples to guide MIS staff or individuals with basic network system knowledge to complete the installation Section 1 02 1 2 Document Conventions Bh Represents essential steps actions or messages that should not be ignored Contains related information that corresponds to a topic ancii Indicates that clicking this button will save the changes you made but you must reboot the system upon the completion of all configuration settings for the changes to take effect sm Indicates that clicking this button will clear what you have set before the settings are applied Section 1 03 1 3 Package Content The standard package of EAP 300 includes e EA
76. he website and save it on the administrator s PC To upgrade the system firmware click Browse to choose the new firmware file you downloaded onto your PC and then click Upload to execute the process There will be a prompt confirmation message appearing to notify the administrator to restart the system after a successful firmware upgrade Please restart the system after upgrading the firmware Change Password Backup amp Restore System Upgrade Reboot Home Utilities gt System Upgrade System Upgrade Current Version Current Build Number System Upgrade Page e It is recommended to check the firmware version number before proceeding further Please make sure you have the correct firmware file a Male e Firmware upgrade may sometimes result in the loss of some data Please ensure that all necessary settings are written down before upgrading the firmware e During firmware upgrade please do not turn off the power This may permanently damage the system 70 d 7 3 4 Reboot This function allows the administrator to restart the EAP 300 safely The process shall take about three minutes Click Reboot to restart the system Please wait for the blinking timer to complete its countdown before accessing the system s Web Management Interface again The System Overview page will appear after reboot successfully Occasionally it is necessary to reboot the EAP 300 to ensure that parameter changes are submitted Change Password
77. her The default values of the EAP 300 s LAN IP Address and Subnet Mask are IP Address 192 168 1 1 Subnet Mask 255 255 255 0 f Enterprise Access Point Windows Internet Explore Ko Go y E httpuit92 168 1 1 File Edit View Favorites Tools Help fe Enterprise Access Point Example of entering EAP 300 s default IP Address into a web browser e To access the web management interface WMI connect the administrator PC to the LAN port of EAP 300 via an Ethernet cable Then set a static IP Address on the same subnet mask as the EAP 300 in TCP IP settings of your PC such as the following example IP Address 192 168 1 100 Subnet Mask 255 255 255 0 Please note that the IP Address used should not overlap with the IP Addresses of any Note ea other device within the same network eLaunch the web browser on your PC and enter the IP Address of the EAP 300 192 168 1 1 at the address field and then press Enter The following Administrator Login Page will then appear Enter admin for both the Username and Password fields and then click Login Username admin Password e0000 K Administrator Login Page e After a successful login into EAP 300 a System Overview page of the Web Management Interface WMI will appear gt Overview Associated Clients Wi Home gt Status gt System Overview amp System System Name Enterprise Access Point Firmwar
78. ient devices identified by their MAC addresses listed in the Allow List allowed MAC addresses are granted with access to the system The administrator can temporarily block any allowed MAC address by checking Disable until the administrator re Enables the listed MAC VAP Overview General VAP Config Y Security Repeater Advanced Access Control Site Survey h Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients f Range 1 32 Access Control Type MAC ACL Allow List Mo MAC Address State MAC Allow List Note An empty Allow List means that there are no allowed MAC addresses Make sure at least the MAC of the modifying system is included e g network administrator s computer 5 MAC ACL Deny List When selecting MAC ACL Deny List all client devices are granted with access to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAC address to connect to the system temporarily by checking Disable VAP Overview General WAP Config Security Repeater Adva nced Y Access Control Site Survey h Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients f Range 1 32 Access Control Type MAC ACL Deny List w No MAC Address 1 fe Disable O Enable Deny List State 58 gt RADIUS AC
79. imary DNS Server ii Alternate DNS Server OoOo Layer STP Disable Enable Network Settings Page Please select Enable in the field labeled Layer2 STP This will prevent data from looping or a broadcast storm Click SAVE when completed and then Reboot to allow updated settings to take effect 33 Article VII Web Management Interface Configuration This chapter will guide you through the EAP 300 s detailed settings The following table shows all the User Interface Ul functions of LevelOne s EAP 300 Enterprise Access Point The Web Management Interface WMI is the page where the status is displayed control is issued and parameters are configured In the Web Management Interface there are two main interface areas Main Menu and Working Area The Working Area occupies the largest area of the WMI displayed in the center of the interface It is also referred to as the configuration page The Main Menu on the top of the WMI allows the administrator to traverse to various management functions of this system The management functions are grouped into branches System Wireless Firewall Utilities and Status Table 1 EAP 300 s Function Organization OPTION FUNCTION General Network Interface Management GRE Tunnel VAP Overview General VAP Configuration Security Wireless Repeater Advanced Access Control Site Survey Firewall List Service Advanced Change Password Backup amp Restore System Upgrade 34
80. imary RADIUS Server Note These settings will also apply to security settings which use RADIUS Server for this VAP Host Domain Name IP Address Authentication Port 1 65535 Secret Key fs RADIUS ACL 37 h 7 2 7 Site Survey Sit Survey is a useful tool to provide information about the surrounding wireless environment available APs are shown with their respective SSID MAC Address Channel Rate setting Signal reading and Security tyoe The administrator can click Setup or Connect to configure the wireless connection according to the mentioned readings when Repeater Type is Universal Repeater Scan Agan AAE MAC Address Channel Rati Ss PCT ed Security seiun Comert 00 i 00 iF pA 00 26 56 14 43 None Connect OO 5 DS TF D4 OG 2E 36 l 34 2 wore Connect lf Universal Repeater function is enabled the system can scan and display all surrounding available access points APs The administrator can then select an AP to for connection to extend its wireless service coverage on this page SSID The SSID Service Set ID of the AP found in this system s coverage area MAC Address The MAC address of the respective AP Channel The channel number currently used by the respective AP or repeater Rate The transmitting rate of the respective AP Signal The encryption type used by the respective AP Vv yY VV VV y Setup Connect o Connect Click Connect to associate with the respective AP direct
81. ing to WLAN AP interfaces hence besides firewall policies configured on gateways this extra security feature will assist to mitigate possible security breach This section provides information in the following functions Firewall Settings Service and Advanced Firewall Settings a 7 3 1 Firewall List lt provides an overview of firewall rules in the system 6 default rules with up to total 20 firewall rules are available for configuration Firewall List Service 4 Advanced Home Firewall Firewall List Layer 2 Firewall Settings No State Action Name EtherType Remark Setting 1 LJ DROP CDP and VTP TEEE 8023 Del Ed In My 2 LJ DROP STP TEEE 8023 Del Ed In My 3 d DROP GARP TEEE_ 8023 Del Ed In My Firewall List Page From the overview table each rule is designated with the following field No The numbering will decide the priority to let system carry out the available firewall rules in the tables e State The check marks will enable the respective rules Action DROP denotes a block rule ACCEPT denotes a pass rule Name It shows the name of rule EtherType It denotes the type of traffics subject to this rule Remark It shows the note of this rule Setting 4 actions are available Del denotes to delete the rule Ed denotes to edit the rule In denotes to insert a rule and Mv denotes to move the rule 62 gt gt To delete a specific rule Del in Setting column of firewall list will lead to t
82. ion gt Universal Repeater lf Universal Repeater is selected please provide the SSID of upper bound AP for uplink connection 5l Security Type None WEP or WPA PSK can be configured for this Repeater connection Please note the security type configured here shall follow upper bound AP s for intended connection VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey q Home gt Wireless gt Repeater Config Repeater Settings Repeater Type WES The SSID of Upper Bound AP OoOo P Current wireless channel of the system is set at 1 Repeater connection may fail if the system is set to connect to upper AP with different channels Security Type Repeater Settings Universal Repeater o The SSID of Upper Bound AP Specify the SSID of the upper bound AP that the system is used to extend that AP s wireless service coverage o Security Type None WEP or WPA PSK 52 gt WDS lf WDS is selected EAP 300 can support up to 4 WDS links to its peer APs Security Type None WEP or WPA PSK can be configured to decide which encryption to be used for WDS connections respectively Please fill in remote peer s MAC address and click SAVE to proceed if setting revision is necessary CLEAR button is used to clear the contents in the above WDS connection list VAP Overview General VAP Config Y Security Repeater Advanced Access Control Y Site Survey Home Wireless gt Re
83. ive at the following page On this Page you can make entries to the Name Description and Location fields as well as set the device s time General Network Interface 1 Management GRE Tunnel h Home gt System gt General System Information Name Enterprise Access Point Description S O Location s O Time Device Time 1970 01 05 14 17 18 Time Zone GMT 08 00 Taipei Time O Enable NTP Manually set up Set Date Mear Month Day Set Time Hour Mimin v sec System Information Page There are two methods of setting up the time Manual indicated by the option Set Date amp Time and NTP The default is Manual and requires individual setup every time the system starts up Simply choose a time zone and set the time accordingly When finished click Save Time Zone GMT 08 00 Taipei ha Time O Enable NTP Manually set up Set Date Dhea Month Mbay Set Time Bour in Misec Manually Time Setup The alternative is NTP Upon selecting NTP under the Time field the configuration changes to allow up to two NTP servers Simply enter a local NTP server s IP Address if available or search online for an NTP server nearest you Set the time zone and click Save Time Zone GMT 08 00 Taipei Time Enable NTP Manually set up NTP Setup 16 Step 2 Configuring the AP s Network Settings While still on this Page click on the Net
84. j Backup amp Restore System Upgrade Reboot Home Utilities gt Reboot Reboot the System Reboot may take several minutes to complete The Admin Login Page will be shown after system boots up Reboot Page Section 7 05 7 4 Status This page is used to view the current condition and state of the system and includes the following functions Overview Associated Clients Repeater and Event Log a 7 4 1 Overview The System Overview page provides an overview of the system status for the administrator r E Associated Clients Repeater Event Log h Y Home gt Status gt System Overview System Overview amp System __________ amp Radio Status System Name Enterprise Access Point MAC Address 00 1F D4 83 96 02 Firmware Version Band 802 1i9 n Build Number Channel 1 Location TX Power 19 dBm Site EN A o Device Time 1970 01 01 08 00 30 System Up Time 0 days 0 00 30 LAN Interface ______ rs AP Status Profile Security Online MAC Address 00 1F 04 83 96 01 Hime BSSID ESSID read Clients GRE IP Address VAP 1 00 1F D4 83 96 02 EAP 1 None 0 Ge Subnet Mask 255 255 0 0 VAP 2 06 1F D4 83 96 02 FAP 2 None 0o Gateway VAP 3 QA 1F D4 83 96 02 EAP 3 None 0 GRE Tunnel Status Connected Remote IP 192 168 3 3 Key 12345 System Overview Page 72 Table 3 Status Page s Organizational
85. k SAVE to save the configuration before leaving this page 6 7 Section 7 04 7 3 Utilities The administrator can maintain the system on this page Change Password Backup amp Restore System Upgrade and Reboot a 7 3 1 Change Password To protect the Web Management Interface from unauthorized access it is highly recommended to change the administrator s password to a secure password Only alpha numeric characters are allowed and it is also recommended to make use of a combination of both numeric and alphabetic characters Change Password Backup amp Restore System Upgrade Reboot Home gt Utilities gt Change Password Change Passy Change Password Name admin Old Password New Password up to 32 characters Re enter New Password Change Password Page The administrator can change password on this page Enter the original password admin and new password and then re enter the new password in the Re enter New Password field Click Save to activate the new password 68 b 7 3 2 Backup amp Restore This function is used to backup and restore the EAP 300 settings The EAP 300 can also be restored to factory defaults using this function It can be used to duplicate settings to other access points backup settings of this system and then restore on another AP System Upgrade Reboot 4 I Change Password y Backup amp Restore Home Utilities gt Config Save amp Restore Config
86. l Width available when Band is 802 11g 802 11n Double channel bandwidth to 40 MHz is supported to enhance throughput Channel Select the appropriate channel from the drop down menu to correspond with your network settings for example Channel 1 11 is available in North American and Channel 1 13 in Europe or choose the default Auto Max Transmit Rate The maximum wireless transmitting rate Select the desired rate from the drop down menu The system uses the highest possible rate when Auto is selected Transmit Power The signal strength transmitted from the system can be selected among Auto Highest High Medium Low and Lowest trom the drop down menu ACK Timeout It indicates a period of time that the system waits for an Acknowledgement frame sent back from a station without retransmission In other words upon timeout if the Acknowledgement frame is still not received the frames will be retransmitted This option can be used to tune network performance for extended coverage For regular indoor deployments please keep the default setting Beacon Interval ms The entered amount of time indicates how often the beacon signal will be sent from the access point Due to RF regulation in different nations available values in the above table will differ Table 2 RF Configurations under normal circumstances in certain countries 802 11a 802 11b 802 119 802 11b 802 11g 802 11a 802 11n 802 11n 802 11g 36 40 44 48 52 56
87. level nas a E Hn E Zea E one LevelOne EAP 300 Enterprise Access Point User Manual V1 00 Table of Contents i TROLS Yon SC ee ssc eusbeassanssaean tev satcosdetieeucedosucossseesessesens 3 MMP aioe ca cactea ase nats E A EE E A E 3 1 2 Document Conventions cccccccccccccccccccceceeceeceeeeeeeeeeeeeeeeeeeeeseseeseeeeeeeeseeeeeeeeeseeseeeeeeeseeeeeseseseseseeeeesesecs 3 OD PAG A CO e E E E E E anteloalaneGeg aise enaitaenastetoness 3 2 System Overview and Getting Started essessoesscescceesccesocesoesscesocesccescocescessoesscesscesscesseeseees 4 24 Introd c on of LevelOne EA P90 O ss sassicastarcessasanoincdcnsadesasancianisazdeasasbuctondistagerasanccosiwatacesadeeo aE EE Troiae 4 2A Deployment Topology 4 en On er ne ne on Pe eee 5 OD TAA Gy ar Doser E Oee naaa E EE 6 24 Hardware MAS Ue A OMe rte ests E E E E T E E E E 8 2 5 Console Interface ar ecto taeda ect ctes cen nseissece oenonasste essen tea sivoaseptaste etess sebr EEEE en SPEE E EEEE SESS EE EEEE Eeee eere eeaeee eere e eene 9 2 5 Access Web Management Interface cccccsecscessscesssecssescessccessecessecesssscsseecessesessescesstsessesceseecessesens 11 3 Connect your AP to your Network e essseesscesseeesoeessocesocesscessoeesocessoeesocesooeesoeesocessoeesoeessoeesoe 15 4 Adding Virtual Access Points eeseessoessoesceesoeesoessoessoesceesoeesoeesocesoeesoessoessoeesoesoesoceeoeesoeesoessoeeo 21 Be SCL YOUF
88. ly no further configuration is required Cip 893 00 0E 2E 7C AA 6E i 54 4 None o Setup Click Setup to configure security settings for associating with the respective AP WEP Click Setup to configure the WEP setting for associating with the target AP Cip wep 00 11 A3 08 09 56 6 54 40 WEP The following configuration box will then appear at the bottom of the screen Security settings configured here must be the same as the target AP 60 Notelll If you set WEP security for Universal Repeater the security of AP will also change to WEP and use the same settings WEP Key Type Open Shared Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ASCH Hex WEP Key Index WEP Keys WPA PSK Click Setup to configure the WPA PSK setting for associating with the target AP OA 1F D4 39 10 74 11 54 52 WPA PSK The following configuration box will then appear at the bottom of the screen Information provided here must be consistent with the security settings of the target AP Cip psk Pre shared Cipher TKIP ane oe PSK Hex 64 chars Passphrase 8 63 chars 6 Section 7 03 7 3 Firewall The system provides an added security feature Layer2 Firewall in addition to typical AP security Layer2 Firewall offers a firewall function that is tailored specifically for Layer2 traffics providing another choice of shield against possible security threats coming from go
89. many client devices are associating with EAP 300 or in areas where the clients are far apart and can detect only EAP 300 but not each other e Fragmentation Threshold Enter a value between 256 and 2346 The default is 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference e DTIM Period Input the DTIM Interval that is generated within the periodic beacon at a specified frequency Higher DTIM will let the wireless client save energy more but the throughput will be lowered e Broadcast SSID Disabling this function will prevent the system from broadcasting its SSID If broadcast of the SSID is disabled only devices that have the correct SSID can connect to the system e Wireless Station Isolation By enabling this function all stations associated with the system are isolated and can only communicate with the system 54 e WMM The default is Disable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four access categories voice video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which
90. mber of Clients f Range 1 32 3 Access Control Type Disable Access Control Access Control Settings Page Please choose among Disable Allow Deny and RADIUS ACL from the drop down menu of Access Control Type 1 Disable Access Control This means that there is no restriction for client devices to access the system MAC ACL Allow List This means that only the client devices identified by their MAC addresses listed in the Allow List allowed MAC addresses are granted with access to the system The administrator can temporarily block any allowed MAC address by checking Disable until the 2 administrator re Enables the listed MAC VAP Overview J General WAP Config J Security j Repeater Advanced Access Control Site Survey Home Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients 128 Range 1 32 Access Control Type MAC ACL Allow List w No MAC Address State MAC ACL Allow List 29 MAC ACL Deny List This means that all client devices are granted with access to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAC address to connect to the system temporarily by checking Enable 3 VAP Overview General VAP Config Security y Repeater y Adwa noed Access Control Site Survey i i Home gt Wireless gt Access Control Access Control Settings
91. mong available firewall rules in the table Rule name The rule name can be specified here EtherType The drop down list will provide the available types of traffics subject to this rule Interface It can indicate inbound outbound direction with desired interfaces Vv Vv VY MV Service when EtherType is IPv4 Select the available upper layer protocols services from the drop down list gt DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for the fields in 802 2 LLC frame header gt Type when EtherType is IEEE802 3 The field can be used to indicate the type of encapsulated traffics 63 gt gt VLAN ID when EtherType is 802 1 Q The VLAN ID is provided to associate with certain VLAN tagging traffics Priority when EtherType is 802 1 Q It denotes the priority level with associated VLAN traffics Encapsulated Type when EtherType is 802 1 Q It can be used to indicate the type of encapsulated traffics Opcode when EtherType is ARP RARP This list can be used to specify the ARP Opcode in ARP header Source MAC Address Mask indicates the source MAC IP Address Mask indicates the source IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields Destination MAC Address Mask indicates the destination MAC IP Address Mask indicates the destination IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields Action The rule c
92. n be enabled to prevent undesired loops because broadcasting storm may occur in a multi switch environment where broadcast packets are forwarded in an endless loop between switches Moreover a broadcast storm may consume most of available system resources in addition to available bandwidth Thus enabling the Layer 2 STP can lower such undesired occurrence and derive the best available data path for network Communication c 7 1 3 Management The EAP 300 s provided services e g VLAN Management SNMP and System log can be configured here General Network Interface Management GRE Tunnel Home gt System gt Management Services Management Services VLAN for Management Disable Enable viANID 1 4094 SNMP Configuration Disable Enable Community String Trap Disable Enable a ae Disable Enable SYSLOG Server IP 192 168 1 254 Server Port si4 SYSLOG Level Management Services Page e VLAN for Management When enabling this function management traffic from the system will be tagged with a VLAN ID In other words administrator who wants to access the WMI must send management traffic with the same VLAN ID such as connecting to the VAP with the same VLAN ID Enter a value between 1 and 4094 for the VLAN ID if the option is enabled 3 e SNMP Configuration By enabling SNMP function the administrator can obtain the system information remotely SNMP Configuration Disable
93. nable NTP Manually set up Set Date Dhea Month Mbay Set Time Bour in Misec Manually Time Setup The alternative is NTP Upon selecting NTP under the Time field the configuration changes to allow up to two NTP servers Simply enter a local NTP server s IP Address if available or search online for an NTP server nearest you Set the time zone and click Save Time Zone GMT 08 00 Taipei Time Enable NTP Manually set up NTP Setup 16 Step 2 Configuring the AP s Network Settings While still on this Page click on the Network Interface tab to begin configuration of the network settings General Wetwork Interface Management GRE Tunnel Home gt System Network Interface Network Settings Mode Static DHCP IP Address ji Netmask 255 255 0 0 7 Default Gateway r Primary DNS Server T Alternate DNS Server f Layer STP Disable Enable Network Settings Page lf the deployment decides the AP will be getting dynamic IP Addresses from the connected network set Mode to DHCP otherwise set Mode to Static and fill in the required fields marked with a red asterisk IP Address Netmask Gateway and Primary DNS Server with the appropriate values for the network Click SAVE when you are finished to save changes that have been made Step 3 Configure the AP s Wireless General Settings Click on the Wireless icon followed by the General tab On this page we only
94. need to choose the Band and Channel that we wish to use VAP Overview Y General VAP Config Security J Repeater Advanced Access Control site Survey 4 Home gt Wireless gt General General Settings Band 802 119 802 11n Pure 11n Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Width si Channel Max Transmit Rate Auto m w a z E lt Transmit Power Auto ka ACK Timeout 100 0 255 O Auto Unit 4 micro seconds Beacon Interval 100 100 500ms Wireless General Settings Page On this page select the Band with which the AP is to broadcast its signal The rest of the fields are optional and can be configured at another time Click Save if any changes have been made Step 4 Configuring Wireless Coverage VAP 1 To setup the AP s wireless access refer to the following VAP 1 configuration other VAP configuration can refer to the same setup steps as done for VAP 1 Click on the Overview tab to proceed VAP Overview General VAP Config Security Repeater Advanced j Access Control Site Survey k Home gt Wireless gt VAP Overview VAP Overview VAP No ESSID State Security Type MAC ACL Advanced Settings 1 EAP300 1 Enabled None Disabled Edit 2 EAP300 2 Disabled None Disabled Edit 3 EAP300 3 Disabled None Disabled Edit 4 EAP300 4 Disabled None Disabled Edit 5 EAP300 5 Disabled None Disabled Edit 6 EAP300 6 Disabled None
95. nit 4 micro seconds Beacon Interval 100 100 500ms 3 AP General Settings Page Band Select an appropriate wireless band 802 11b 802 11g 802 11b 802 11g 802 119 802 11n or select Disable if the wireless function is not required gt Pure 11n Enable 802 11n network only Short Preamble The short preamble with a 56 bit synchronization field can improve WLAN transmission efficiency Select Enable to use Short Preamble or Disable to use Long Preamble with a 128 bit synchronization field Short Guard Interval available when Band is 802 11g 802 11n The guard interval is the space between symbols characters being transmitted to eliminate inter symbol interference In order to further boost throughput with 802 11n short guard interval is half of what it used to be please select Enable to use Short Guard Interval or Disable to use normal Guard Interval Channel Width available when Band is 802 11g 802 11n Double channel bandwidth to 40 MHz is supported to enhance throughput Channel Select the appropriate channel from the drop down menu to correspond with your network settings for example Channel 1 11 is available in North American and Channel 1 13 in Europe or choose the default Auto Max Transmit Rate The maximum wireless transmitting rate Select the desired rate from the drop down menu The system uses the highest possible rate when Auto is selected Transmit Power The signal strength transmitted from the system can be select
96. ogouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes 49 Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period e WPA PSK WPA PSK Wi Fi Protected Access Pre shared Key is a pre shared key authentication method a special mode of WPA VAP S T E General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name Security Type Cipher Suite Pre shared Key Type PSK Hex 64 chars Passphrase 8 63 chars Group Key Update Period 600 second s Security Settings WPA PSK gt Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed gt Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase gt Pre shared Key Enter the key value for the pre shared key the format of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds 50 e WPA RADIUS If this option is selected the RADIUS authentication and data encryption will be both enabled VAP Overview General VAP Config Y Security Repeater Advanced Y Access Control Y Site Survey Home Wireless gt Secu
97. ol Site Survey 4 Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients Range 1 3 Access Control Type RADIUS ACL w PE ES SEREF i Notell These settings will also apply to security settings which use RADIUS Server for this VAP Host fi Domain Name IP Address Authentication Port 1812 1 65535 Secondary RADIUS Server Host DOO Authentication Port RADIUS ACL Click Save and Reboot after completing your configurations to have them take effect 3 Article VI Create a WDS Bridge between two APs WDS link creation will assist to extend network coverage where running wires is not an option effectively transferring the traffics to the other end of WLAN LAN through the EAP 300 Since this is a peer to peer connection both EAP 300s will be configured by the same way Step 1 Make sure the Band and Channel Match between the WDS peers In order to successfully communicate the two EAP 300s must be configured to use the same channel and band for its wireless settings Click the Wireless icon followed by the General tab to reach the following page VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey 255 gt General Home gt Wire General Settings Band 802 119 802 11n Pure 11n Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Widt
98. ol Settings Page a a k A re VAP Overview General WAP Config Security i Advanced 4 Access Control Site Survey N L 4 Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients Range 1 32 Access Control Type Disable Access Control Access Control Settings Page e Advanced Settings The advanced settings hyperlink connects to the Advanced Wireless Settings Page VAP Overview General WAP Config Security Repeater Home Wireless gt Advanced i Adwanced Access Control Site Survey 4 Y 1 L Advanced Wireless Settings Profile Name RTS Threshold 1 2346 Fragment Threshold 256 2346 DTIM period 1 15 Broadcast SSID Disable Enable Wireless Station Isolation Disable Enable WMM Disable Enable IAPP Disable Enable Multicast Broadcast Rate Advanced Wireless Settings Page 44 b 7 2 2 General AP s general wireless settings can be configured here VAP Overview General VAP Config Security Repeater Advanced Access Control Y Site Survey Home gt Wireless gt General General Settings Band 802 11g 802 11n L Pure iin Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Width Channel Max Transmit Rate Transmit Power ACK Timeout 100 0 255 O Auto U
99. ollowing configuration box will then appear at the bottom of the screen Information provided here must be consistent with the security settings of the target AP Cip psk Pre shared Cipher TKIP ane oe PSK Hex 64 chars Passphrase 8 63 chars 6 Section 7 03 7 3 Firewall The system provides an added security feature Layer2 Firewall in addition to typical AP security Layer2 Firewall offers a firewall function that is tailored specifically for Layer2 traffics providing another choice of shield against possible security threats coming from going to WLAN AP interfaces hence besides firewall policies configured on gateways this extra security feature will assist to mitigate possible security breach This section provides information in the following functions Firewall Settings Service and Advanced Firewall Settings a 7 3 1 Firewall List lt provides an overview of firewall rules in the system 6 default rules with up to total 20 firewall rules are available for configuration Firewall List Service 4 Advanced Home Firewall Firewall List Layer 2 Firewall Settings No State Action Name EtherType Remark Setting 1 LJ DROP CDP and VTP TEEE 8023 Del Ed In My 2 LJ DROP STP TEEE 8023 Del Ed In My 3 d DROP GARP TEEE_ 8023 Del Ed In My Firewall List Page From the overview table each rule is designated with the following field No The numbering will decide the priority to let system car
100. on Page VAP 1 shown 19 The desired VAP profile can be selected from the drop down menu of Profile Name and VAP 1 configuration will serve as an example for all other VAPs Before proceeding further please make sure that the VAP field is Enable afterwards enter an ESSID to represent the WLAN associated with AP s VAP 1 It is suggested that Profile Name is used to describe what this particular VAP will be used for otherwise leave it as default VLAN ID can be chosen at another time Click SAVE to save all changes up to this point and Reboot the system to apply these revised settings Congratulations After reboot the AP can start to work with these revised settings 20 Article IV Adding Virtual Access Points EAP 300 possesses the feature of multi ESSID namely it can behave as multiple virtual access points providing different levels of services from the same physical AP device Please click on the Wireless icon to review the VAP Overview page VAP Config Security 4 Repeater h Advanced Access Control Site Survey VAP Overview General co WAD Papoose 655 gt VAP Overview Home gt Wire VAP Overview VAP No ESSID State Security Type MAC ACL Advanced Settings 1 EAP300 1 Enabled None Disabled Edit 2 EAP300 2 Disabled None Disabled Edit 3 EAP300 3 Disabled None Disabled Edit 4 EAP 300 4 Disabled None Disabled Edit 5 EAP300 5 Disabled None Disabled Edit 6 EAP300 6 Disabled None Disabled Edit 7 EAF 300
101. out the system e g device model firmware version and active date gt Location The information on geographical location of the system for the administrator to locate the system easily Time gt Device Time Display the current time of the system gt Time Zone Select an appropriate time zone from the drop down list box gt Time Synchronize the system time by NTP server or manual setup 36 1 Enable NTP By selecting Enabled NTP EAP 300 can synchronize its system time with the NTP server automatically While this method is chosen at least one NTP server s IP address or domain name must be provided Time Device Time 2000 01 03 04 32 49 Time Zone GMT 08 00 Taipei Time Enable NTP Manually set up NTP Time Configuration Fields Generally networks would have a common NTP server internal or external If there is use it otherwise locate a nearby NTP server on the web 2 Manually set up By selecting Manually set up the administrator can manually set the system date and time Time Device Time 2000 01 03 04 32 49 Time Zone Time O Enable NTP Manually set up Set Time Bour Mimin l Msec Manual Time Configuration Fields Set Date Select the appropriate Year Month and Day from the drop down menu Set Time Select the appropriate Hour Min and Sec from the drop down menu Unless both an Internet connection and a network NTP server are unavailable it is
102. outs through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period When finished with these configurations and you do not wish to add MAC restrictions click SAVE and Reboot the system Otherwise click on the Overview tab and proceed with the next step 28 Step 3 Configuring MAC ACL Access Control List Click on the hyperlink corresponding with your VAP in the MAC ACL column You will be brought to the Access Control Settings page Site Survey h VAP Overview General WAP Config J Security J Repeater l Adwanced 1 Access Control Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients f Range 1 32 3 Access Control Type Disable Access Control Access Control Settings Page Please choose among Disable Allow Deny and RADIUS ACL from the drop down menu of Access Control Type 1 Disable Access Control This means that there is no restriction for client devices to access the system MAC ACL Allow List This means that only the client devices identified by their MAC addresses listed in the Allow List allowed MAC addresses are granted with access to the system The administrator can temporarily block any allowed MAC addres
103. peater Config Repeater Settings Repeater Type l WES WDS Profile wos Security type Repeater Settings WDS o WES Enable WES o MAC Address To remote peer s MAC address o WDS Click on Enable to enable the respective WDS links click on Delete to remove them o Security Type None WEP or WPA PSK 53 f 7 2 5 Advanced The advanced wireless settings for the EAP 300 s VAP Virtual Access Point profiles allow customization of data transmission settings The administrator can tune the following parameters to improve network communication performance if a poor connection occurs VAP Overview General Y VAP Config Security Repeater Advanced Access Control 4 Site Survey Home Wireless gt Advanced Advanced Wireless Settings Profile Name RTS Threshold 1 2346 Fragment Threshold 256 2346 DTIM period 1 15 Broadcast SSID Disable Enable Wireless Station Isolation Disable Enable WMM Disable Enable IAPP Disable Enable Multicast Broadcast Rate Advanced Wireless Settings Page eRTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the fragment to prevent the hidden node problem The RTS mechanism will be activated if the data size exceeds the value provided A lower RTS Threshold setting can be useful in areas where
104. play all surrounding available access points APs The administrator can then select an AP to for connection to extend its wireless service coverage on this page SSID The SSID Service Set ID of the AP found in this system s coverage area MAC Address The MAC address of the respective AP Channel The channel number currently used by the respective AP or repeater Rate The transmitting rate of the respective AP Signal The encryption type used by the respective AP Vv yY VV VV y Setup Connect o Connect Click Connect to associate with the respective AP directly no further configuration is required Cip 893 00 0E 2E 7C AA 6E i 54 4 None o Setup Click Setup to configure security settings for associating with the respective AP WEP Click Setup to configure the WEP setting for associating with the target AP Cip wep 00 11 A3 08 09 56 6 54 40 WEP The following configuration box will then appear at the bottom of the screen Security settings configured here must be the same as the target AP 60 Notelll If you set WEP security for Universal Repeater the security of AP will also change to WEP and use the same settings WEP Key Type Open Shared Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ASCH Hex WEP Key Index WEP Keys WPA PSK Click Setup to configure the WPA PSK setting for associating with the target AP OA 1F D4 39 10 74 11 54 52 WPA PSK The f
105. re Installation is complete e Please only use the power adapter supplied with the EAP 300 package Using a different A power adapter may damage this system e To double verify the wired connection between EAP 300 and you switch router hub please also check the LED status indicator of the respective network devices Section 2 05 2 5 Console Interface Via this port to enter the console interface for the administrator to check the IP address of EAP 300 and reset the device to default if the admin password is forgotten 1 In order to connect to the console port of EAP 300 a console modem cable and a terminal simulation program such as the Hyper Terminal are needed 2 Ifa Hyper Terminal is used please set the parameters as 115200 8 None 1 None ax Pon teling Bite pei second Cusa Piti ie Panty Hone So bt as Fir ite Neme Heroe Deisi OK Cancel Ano The console interface looks like the screenshot below displaying the current LAN IP address and the instructions to reset device to default COM4 PulT login When resetting the device to default from the console interface key in reset2def for login and password Confirm yes and EAP 300 will begin the reset process SYSTEM IP 192 166 10 1 25 Enter resetzedet twice to E aa wh actory default login Password Do you really want to Set actory default and reboot yes ye When the
106. responding cell in the column labeled Security Type This hyperlink will direct you to the following Security Settings page VAP Overview General VAP Config Security Repeater Advanced Access Control Y Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type Security Settings Page VAP 1 shown Select your desired Security Type from the drop down menu which includes None WEP 802 1X WPA PSK and WPA RADIUS 24 e None Authentication is not required and data is not encrypted during transmission when this option is selected This is the default setting as shown in the following figure VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type Security Settings None e WEP WEP Wired Equivalent Privacy is a data encryption mechanism with key length selected from 64 bit 128 bit or 152 bit VAP Overview General VAP Contig Y Security Repeater Advanced Access Control Site Survey 4 Home gt Wireless gt Security Security Settings Profile Name Security Type WEP w Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 802 11 Authentication Open System Shared Key Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format a
107. rewall Configuration H Rule ID Interface From To WAPI Service ALL ka IF Address fo Mask 0 0 0 0 0 w P address Masks 0 0 0 0 70 3 Action Block Pass gt gt To move a specific rule Mv in Setting column of firewall list will lead to the following page for reordering confirmation After SAVE button is clicked and system reboot the order of rules will be updated 64 Firewall List Home gt Firewall gt Move rule Move Rule 1 Before After ID 1 20 Please make sure all desired rules state of rule are checked and saved in overview page the rule will be ID Move to enforced upon system reboot Firewall List Service Advanced Home gt Firewall gt Firevell List Layer 2 Firewall Settings Enable Layer 2 Firewall Disable Enable No State Action Name EtherType Remark Setting 1 DROP CDP and VTP IEEE_ 8023 Del Ed In Mv 2 F DROP STP BPDU IEEE_8023 Del Ed In Mv 3 P DROP GARP IEEE_8023 Del Ed In Mv 4 O DROP RIP IPv4 Del Ed In Mv 5 O DROP HSRP IPv4 Del Ed In Mv 6 O DROP OSPF IPv4 Del Ed In Mv 7 Del Ed In Mv 8 Del Ed In Mv 9 Del Ed In Mv 10 Del Ed In Mv First Prev Next Last total 20 65 b 7 3 2 Service The administrator can add or delete firewall service here the services in this list will become options to choose in firewall rule when EtherType is IPv4 EAP 300 provides a list of rules to block or p
108. rity Security Settings Profile Name Security Type Cipher Suite Group Key Update Period 600 second s Primary RADIUS Server Hast Pe Domain Name IP Address Authentication Port jisi2 Secret Key F Accounting Service Disable Enable Accounting Port he3 F Accounting Interim Update Interval lso second s Security Settings WPA RADIUS gt WPA Settings O O Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period e 7 2 5 Repeater To extend wireless network coverage EAP 300 supports 3 options of Repeater type None WDS or Universal Repeater selecting None will turn off this funct
109. ry out the available firewall rules in the tables e State The check marks will enable the respective rules Action DROP denotes a block rule ACCEPT denotes a pass rule Name It shows the name of rule EtherType It denotes the type of traffics subject to this rule Remark It shows the note of this rule Setting 4 actions are available Del denotes to delete the rule Ed denotes to edit the rule In denotes to insert a rule and Mv denotes to move the rule 62 gt gt To delete a specific rule Del in Setting column of firewall list will lead to the following page for removal confirmation After SAVE button is clicked and system reboot the rule will be removed Firewall List Service 4 Advanced 4 Home Firewall Firewall List Layer 2 Firewall Settings Remove rule 1 gt gt To edit a specific rule Ed in Setting column of firewall list will lead to the following page for detail configuration From this page the rule can be edited from scratch or an existing rule for revision Firewall List Service pr nced Home Firewall List gt Rule Config Layer 2 Firewall Configuration Rule ID 1 EtherType IEEESO2 3 Interface From To DSAP SSAP mon ie IPv4 0800 Destination me aya aa ey e MAC Address o1 00 0C cc cc cc mas Action Block Pass Remark gt Rule ID The numbering of this specific rule will decide its priority a
110. s clients require larger or smaller bandwidth for sending multicast broadcast packets the administrator can customize the EAP700 s multicast broadcast bandwidth here 99 g 7 2 6 Access Control On this page the network administrator can restrict the total number of clients connected to the EAP 300 as well as specify particular MAC addresses that can or cannot access the device VAP Overview General Y VAP Config 4 Security Repeater Advanced Access Control Site Survey Home Wireless Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients f Range 1 32 Access Control Type Disable Access Control Access Control Settings Page e Maximum Number of Clients EAP 300 supports various methods of authenticating clients for wireless LAN access The default policy is unlimited access without any authentication required To restrict the station number of wireless connections simply change the Maximum Number of Stations to a desired number For example while the number of stations is set to 20 only 20 stations are allowed to connect to the specified VAP 56 e Access Control Type The administrator can restrict the wireless access of client devices based on their MAC addresses gt Disable Access Control When Disable is selected there is no restriction for client devices to access the system gt MAC ACL Allow List When selecting MAC ACL Allow List only the cl
111. s by checking Disable until the 2 administrator re Enables the listed MAC VAP Overview J General WAP Config J Security j Repeater Advanced Access Control Site Survey Home Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients 128 Range 1 32 Access Control Type MAC ACL Allow List w No MAC Address State MAC ACL Allow List 29 MAC ACL Deny List This means that all client devices are granted with access to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAC address to connect to the system temporarily by checking Enable 3 VAP Overview General VAP Config Security y Repeater y Adwa noed Access Control Site Survey i i Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients Range 1 32 3 MAC ACL Deny List Access Control Type No MAC Address MAC ACL Deny List State 30 4 RADIUS ACL Authenticate incoming MAC addresses by an external RADIUS server When RADIUS ACL is selected all incoming MAC addresses will be authenticated by an external RADIUS server Please note that each VAP s MAC ACL and its security type shown on the Security Settings page share the same RADIUS configuration VAP Overview M General N YAP Config Security Repeater y Adwa nced Y Access Contr
112. s particular VAP It may allow further management control e g access rights and Internet usage etc of each VAP with a management gateway Click SAVE and then Reboot for the changes to take effect 22 Article V Secure Your AP Different VAP may require different level of security These instructions will guide the user through setting up different types of security for a particular VAP Simply repeat the following steps for other VAP with security requirement Step 1 Ensure that your VAP is Enabled VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt VAP Overview VAP Overview VAP No ESSID State Security Type MAC ACL Advanced Settings 1 EAP300 1 Enabled None Disabled Edit 2 EAP300 2 Disabled None Disabled Edit 3 EAP300 3 Disabled None Disabled Edit 4 EAP300 4 Disabled None Disabled Edit 5 EAP300 5 Disabled None Disabled Edit 6 EAP300 6 Disabled None Disabled Edit 7 EAP300 7 Disabled None Disabled Edit 5 EAP300 8 Disabled None Disabled Edit VAP Overview Page On the VAP Overview page check the table to confirm the VAP State If it is Enabled skip to Step 2 If not click on to proceed with VAP Configuration for that particular VAP VAP Overview Y General WAP Co nfig Security Repeater Y Advanced Access Control Y Site Su mey Home gt Wireless VAP Config VAP Configuration Profile Name VAP Disable Enable Profile Name VAP
113. scu Hex WEP Key Index WEP Keys i oOo Security Settings WEP gt 802 11 Authentication Select from Open System Shared Key or Auto gt WEP Key Length Select from 64 bit 128 bit 152 bit key length gt WEP Key Format Select from ASC or Hex format for the WEP key gt WEP Key Index Select a key index from 1 through 4 The WEP key index is a number that specifies which WEP key is used for the encryption of wireless frames during data transmission gt WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys 25 e 802 1X When 802 1X Authentication is selected RADIUS authentication and enhanced dynamic WEP are provided i i VAP Overview 4 General Y VAP Config Y Security Repeater Y Advanced Y Access Control Site Survey Home gt Wireless gt Securit Security Settings Profile Name VaP Liv Security Type B02 1X v Dynamic WEP Disable Enable WEP Key Length 64 bits 128 bits Rekeying Period 300 second s Peay MARIES SOME p ii i Domain Name IP Address Authentication Port 1812 ili Secret Key Accounting Service Disable Enable Accounting Port 1 Accounting Interim Update Interval Ee secondisi Security Settings 802 1X Authentication gt Dynamic WEP Settings o Dynamic WEP For 802 1X security type Dynamic WEP is always enabled to automatically generate WEP keys for encryption
114. service coverage o Security Type None WEP or WPA PSK 52 gt WDS lf WDS is selected EAP 300 can support up to 4 WDS links to its peer APs Security Type None WEP or WPA PSK can be configured to decide which encryption to be used for WDS connections respectively Please fill in remote peer s MAC address and click SAVE to proceed if setting revision is necessary CLEAR button is used to clear the contents in the above WDS connection list VAP Overview General VAP Config Y Security Repeater Advanced Access Control Y Site Survey Home Wireless gt Repeater Config Repeater Settings Repeater Type l WES WDS Profile wos Security type Repeater Settings WDS o WES Enable WES o MAC Address To remote peer s MAC address o WDS Click on Enable to enable the respective WDS links click on Delete to remove them o Security Type None WEP or WPA PSK 53 f 7 2 5 Advanced The advanced wireless settings for the EAP 300 s VAP Virtual Access Point profiles allow customization of data transmission settings The administrator can tune the following parameters to improve network communication performance if a poor connection occurs VAP Overview General Y VAP Config Security Repeater Advanced Access Control 4 Site Survey Home Wireless gt Advanced Advanced Wireless Settings Profile Name RTS Threshold 1 2346 Fragment Threshold 256 2346 DTIM period 1
115. settings to AP Please refer to your WHG manual for more information regarding AP management with tunnels General Network Interface Y Management GRE Tunnel CAPWAP Home gt System gt Management Services GRE Tunnel Configuration GRE Tunnel Disable Enable key ooo Interface yapi F VAP2 F VAP3 VI VAP4 V VAP5 F VAPG F VAP7 V VAPS WDS1 v WDS2 WDSs WDS4 e GRE Tunnel To enable click Enable of GRE Tunnel gt Remote IP Enter the IP address of the Controller gt Key Set up a password for the connection e Interface Select a VAP or WDS that its traffic will pass through the GRE Tunnel between APs and controller For how to enable VAP items please refer the section 7 2 3 VAP Configuration for reference 4 Section 7 02 7 2 Wireless This section includes the following functions VAP Overview General VAP Configuration Security Repeater Advanced Access Control and Site Survey EAP 300 supports up to eight Virtual Access Points VAPs Each VAP can have its own settings e g ESSID VLAN ID security settings etc Such VAP capabilities enable different levels of service to meet network requirements a 7 2 1 VAP Overview An overall status is collected on this page including ESSID State Security Type MAC ACL and Advanced Settings where EAP 300 has 8 VAPs each having its own settings In this table please click on the hyperlink to further configure each individual VAP VAP Ov
116. st proof metal housing is designed for wireless connectivity in enterprise or industrial environments of all dimensions EAP 300 makes the wireless communication fast secure and easy It Supports business grade security such as 802 1X and Wi Fi Protected Access WPA and WPA2 By pushing a purposely built button the LevelOne WES feature makes it easy to bridge wireless links of multiple EAP 300s for forming wider wireless network coverage EAP 300 also features multiple ESSIDs with VLAN tags one EAP 300 can emulate up to eight Virtual APs great for enterprise applications such as separating the traffics of different departments using different ESSIDs PoE Switch fe Co gt li NY paanan MOS Unk lle Ate WHG Controller ESSID 2 Gs Wired and Wireless Network Layout with EAP200s Section 2 02 2 2 Deployment Topology fe nario ation 199 1481 14 AP 2 aP 3 Wireless Laptop _ i IZIM 1 pt a Werelet Laptop WDS Links A fi kU a cS le s le al ha N i n a _ w O l Loa ea mahan art 1a Wired Detstopi Wheo Deichops x AF 02 108 008 Woche lovtup Ss MPANALI prea Wired Dotkiop Common Network Layout with EAP 300s This above deployment scenario illustrates a deployment example using three access points AP 1 AP 2 and AP 3 e Three EAP 300 systems construct a network comprising of wired and wireless segments e AP 2 plays the role of a wireless bridge e All devices share the
117. stem integrators field engineers and network administrators to set up LevelOne s EAP 300 802 11n a b g Enterprise Access Point in their network environments It contains step by step procedures and visual examples to guide MIS staff or individuals with basic network system knowledge to complete the installation Section 1 02 1 2 Document Conventions Bh Represents essential steps actions or messages that should not be ignored Contains related information that corresponds to a topic ancii Indicates that clicking this button will save the changes you made but you must reboot the system upon the completion of all configuration settings for the changes to take effect sm Indicates that clicking this button will clear what you have set before the settings are applied Section 1 03 1 3 Package Content The standard package of EAP 300 includes e EAP 300 x1 e Quick Installation Guide x1 e CD ROM with Users Manual and QIG x1 e Power Adapter DC 12V x1 e Cat 5e Ethernet cable x1 e Antenna x3 It is recommended to keep the original packing materials for possible future shipment when repair or maintenance is required Any returned product should be packed in its original packaging to prevent damage during delivery Article II System Overview and Getting Started Section 2 01 2 1 Introduction of LevelOne EAP 300 The LevelOne EAP 300 Enterprise Access Point embedded with 802 11 n a b g dual band MIMO radio in du
118. tatus gt Wireless Clients Associated Client Status Client List Associated VAP ESSID MAC Address SNR dB Idle Time secs Disconnect Associated Client Status Page e Associated VAP The name of a VAP Virtual Access Point that the client is associated with e ESSID The Extended Service Set ID which the client is associated with e MAC Address The MAC address of associated clients e SNR The Signal to Noise Ratio of respective client s association e Idle Time Time period that the associated client is inactive the time unit is in second e Disconnect Upon clicking Kick the client will be disconnected with the system 75 c 7 4 3 Repeater The administrator can review detailed information of the repeater function on this page Information of repeater s status mode and encryption is provided Overview Clients Repeater Event Log Home Status gt Repeater Information Repeater Information Universal Repeater SSID Cip AP Status TX Rate SNR TX Count TX Error Encryption Enabled 48 Mbits 16 69 Bytes 0 Packets None Repeater Status Page Status The status of the WDS link either Enabled or Disabled TX Rate The transmit rate of the WDS link TX Count The accumulative number of transmission counts TX Errors The accumulative number of transmission errors 76 d 7 4 4 Event Log The Event Log provides the system activities records The administrator can monitor the system status by ch
119. tings Page On this page select the Band with which the AP is to broadcast its signal The rest of the fields are optional and can be configured at another time Click Save if any changes have been made Step 4 Configuring Wireless Coverage VAP 1 To setup the AP s wireless access refer to the following VAP 1 configuration other VAP configuration can refer to the same setup steps as done for VAP 1 Click on the Overview tab to proceed VAP Overview General VAP Config Security Repeater Advanced j Access Control Site Survey k Home gt Wireless gt VAP Overview VAP Overview VAP No ESSID State Security Type MAC ACL Advanced Settings 1 EAP300 1 Enabled None Disabled Edit 2 EAP300 2 Disabled None Disabled Edit 3 EAP300 3 Disabled None Disabled Edit 4 EAP300 4 Disabled None Disabled Edit 5 EAP300 5 Disabled None Disabled Edit 6 EAP300 6 Disabled None Disabled Edit 7 EAF 300 7 Disabled None Disabled Edit 8 EAP300 8 Disabled None Disabled Edit Virtual AP Overview Page On this page click the hyperlink in the row and column that corresponds with VAP 1 s State This will bring up the following page VAP Overview General WAP Config Security Repeater Advanced 1 Access Control Site Survey iy Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP Disable Enable Profile Name VAP 1 ESSID EAP300 1 VLAN ID Disable Enable VLANID t 1 4094 VAP Configurati
120. to WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ascu Hex WEP Key Index WEP Keys Security Settings WEP 48 gt 802 11 Authentication Select from Open System Shared Key or Auto gt WEP Key Length Select from 64 bit 128 bit 152 bit key length gt WEP Key Format Select from ASCII or Hex format for the WEP key gt WEP Key Index Select a key index from 1 4 The WEP key index is a number that specifies which WEP key us used for the encryption of wireless frames during data transmission gt WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys e 802 1X When 802 1X Authentication is selected RADIUS authentication and enhanced WEP are provided VAP Overview General Y VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless Security Security Settings Profile Name VAP 1 Security Type 802 1X x Dynamic WEP Bisable Enable WEP Key Length 64 bits 128 bits Rekeying Pernod 300 seconds Peery RADE Server pages f Domain Name IP Address Authentication Port 18 12 l Secret Key te Accounting Service Disable Enable Accounting Port 1813 ig Accounting Interim Update Interval second s Security Settings 802 1X Authentication gt Dynamic WEP Settings o Dynamic WEP For 802 1X security tyoe Dynamic WEP is always enabled to automatically
121. to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period e 7 2 5 Repeater To extend wireless network coverage EAP 300 supports 3 options of Repeater type None WDS or Universal Repeater selecting None will turn off this function gt Universal Repeater lf Universal Repeater is selected please provide the SSID of upper bound AP for uplink connection 5l Security Type None WEP or WPA PSK can be configured for this Repeater connection Please note the security type configured here shall follow upper bound AP s for intended connection VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey q Home gt Wireless gt Repeater Config Repeater Settings Repeater Type WES The SSID of Upper Bound AP OoOo P Current wireless channel of the system is set at 1 Repeater connection may fail if the system is set to connect to upper AP with different channels Security Type Repeater Settings Universal Repeater o The SSID of Upper Bound AP Specify the SSID of the upper bound AP that the system is used to extend that AP s wireless
122. uration Backup amp Restore Reset to Default Backup System Settings Backup amp Restore Page e Reset to Default gt Click Reset to load the factory default settings of EAP 300 A pop up Page will appear to reconfirm the request to reboot the system Click OK to proceed or click Cancel to cancel the reboot request Message from webpage J This action will reboot the system Do you want to continue Reboot Confirmation Prompt gt Awarning message as displayed below will appear during the reboot period The system power must be kept turn on before the completion of the reboot process gt The System Overview page will appear upon the completion of reboot e Backup System Settings Click Backup to save the current system settings to a local disk such as the hard disk drive HDD of a local computer or a compact disc CD e Restore System Settings Click Browse to search for a previously saved backup file and then click Upload to restore the settings The backup file will replace the active configuration file currently running on the system After network parameters have been reset restored the network settings of the administrator PC may need to be changed to ensure that the IP address of the administrator PC is on the same subnet mask as the EAP 300 69 c 7 3 3 System Upgrade The EAP 300 provides a web firmware upload upgrade feature The administrator can download the latest firmware from t
123. way Step 1 Make sure the Band and Channel Match between the WDS peers In order to successfully communicate the two EAP 300s must be configured to use the same channel and band for its wireless settings Click the Wireless icon followed by the General tab to reach the following page VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey 255 gt General Home gt Wire General Settings Band 802 119 802 11n Pure 11n Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Width Channel Max Transmit Rate Transmit Power ACK Timeout 100 0 255 O Auto Unit 4 micro seconds Beacon Interval 100 100 500ms Wireless General Settings Page Here simply make sure that both APs are using the same Band and Channel in order to establish a successful WDS link Click SAVE if any changes have been made Step 2 Prevent Loops if Connecting Many AP s When many APs are linked in this manner undesired loops may form to lower overall WLAN performance To prevent such occurrence please make sure Layer 2 STP is enabled To turn on this feature please click on the System and then Network Interface tab General Y Network Interface Management GRE Tunnel Home gt System gt Network Interface Network Settings Mode Static DHCP IP Address 1927 168 1 1 sa Netmask 255 255 0 0 Default Gateway a Pr
124. work Interface tab to begin configuration of the network settings General Wetwork Interface Management GRE Tunnel Home gt System Network Interface Network Settings Mode Static DHCP IP Address ji Netmask 255 255 0 0 7 Default Gateway r Primary DNS Server T Alternate DNS Server f Layer STP Disable Enable Network Settings Page lf the deployment decides the AP will be getting dynamic IP Addresses from the connected network set Mode to DHCP otherwise set Mode to Static and fill in the required fields marked with a red asterisk IP Address Netmask Gateway and Primary DNS Server with the appropriate values for the network Click SAVE when you are finished to save changes that have been made Step 3 Configure the AP s Wireless General Settings Click on the Wireless icon followed by the General tab On this page we only need to choose the Band and Channel that we wish to use VAP Overview Y General VAP Config Security J Repeater Advanced Access Control site Survey 4 Home gt Wireless gt General General Settings Band 802 119 802 11n Pure 11n Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Width si Channel Max Transmit Rate Auto m w a z E lt Transmit Power Auto ka ACK Timeout 100 0 255 O Auto Unit 4 micro seconds Beacon Interval 100 100 500ms Wireless General Set
125. y a client device to associate with the specified VAP ESSID determines the service level assigned to a client e VLAN ID EAP 300 supports tagged VLANs virtual LANs To enable VLAN function each VAP must have a unique VLAN ID valid values range from 1 to 4094 47 d 7 2 4 Security EAP 300 supports various wireless authentication and data encryption methods in each VAP profile With this the administrator can provide different service levels to clients The security type includes None WEP 802 1X WPA PSK and WPA RADIUS e None Authentication is not required and data is not encrypted during transmission when this option is selected This is the default setting as shown in the following figure VAP Overview General 1 WAP Config N Secu rity Repeater Advanced J Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type Security Settings None e WEP WEP Wired Equivalent Privacy is a data encryption mechanism based on a 64 bit 128 bit or 152 bit shared key algorithm l w 4 4 l 4 j 4 4 l 4 VAP Overview General VAP Config Security Repeater j Advanced Access Control Y Site Survey Home Wireless gt Security Security Settings Profile Name Security Type WEP Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 02 11 Authentication Open System Shared Key Au

Download Pdf Manuals

Related Search

Related Contents

Philips DLM4330  User Manual 15K Quad BOP Assembly    Manuale Utente  Product User Manual for the Truck Unloading & Conveying      SS-232C-BYP2 取扱説明書  Dossier Technique  

Copyright © All rights reserved. Failed to retrieve file