User Manual 4ipnet EAP260
Contents
1. CHH GSiT vap stop a brO port SlathOapO entering disabled st ioetl IEEESOZ11 IOCTL SETMLME Invalid Could not connect to kernel driver ioctl IEEESOZS11 IGCTL SETALAE Invalid argument athlapl with hwaddr 00 1f d5 96 33 935 entering forwarding state evirom Network is virom Network is pages f tmp status thoOapo en Wo such file or topping OS5IF VAP Using interface and ssid bro port 3 fathOapo la packet receive r la packet receive 3 Warning Ho probe is eceilved O reply start WES tarting pic down F M fl down l rR Fi Mm H Mm n Fi m Nm Source they ll go to 3 br SSaqes EER el to D Oh Sent 5 G LES O broadcast isj 5h L ttyS0 546 shin getty wrapper SYSTEM IF ie ie Enter login actory default 13 directory EAPZOO 1 dev null 115200 vt 100 Copyright O 4IPNET INC 41pnet User s Manual EAP260 Enterprise Access Point ENGLISH 2 5 Access Web Management Interface 4ipnet EAP260 supports web based configuration When hardware installation is complete EAP260 can be configured through a PC by using a web browser The default values of the EAP260 s LAN IP Address and Subnet Mask are IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Firefox m _ Enterprise Access Point EAP260 j http 192 168 1 1 Example of entering EAP260 s default IP Address into a web browser e To access the web management interface WMI c2. gt AP Status REEN ete Profile Security Online MAC Address 00 1F D3 87 03 01 Name BSSID ESSID Type Chents IP Address 192 168 1 1 VAP 1 00 1F D3 87 03 03 EAP260 1 None 0 di Subnet Mask 255 255 255 0 Gateway 192 168 1 254 CAPWAP WiPe Status Disabled Status Disabled The Web Management Interface System Overview Page 15 Copyright O4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH e To logout simply click on the Logout button at the upper right hand corner of the interface to return to the Administrator Login Page Click OK to logout fi Home Logout Help Logout Message from webpage Eg Are vou sure to logoff Cancel Logout Prompt For security reasons it is strongly recommended to change the administrator s password upon the completion of all configuration settings 16 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH Please follow the following steps to change the administrator s password u A 5 System Wireless Firewall Utilities Status Change Password Backup amp Restore N System Upgrade Reboot Upload Certificate Home gt Utilities gt Change Password Change Password Name admin Old Password New Password up to 32 characters Re enter New Password Change Password Page gt Click on the Utilities icon on the main menu and select
3. Maximum Number of Clients Range 1 32 Access Control Type MAC ACL Allow List v No MAC Address State MAC ACL Allow List An empty Allow List means that there are no allowed MAC addresses Make sure at least the MAC of the modifying system is included e g network administrator s computer 32 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 3 MAC ACL Deny List This means that all client devices are granted with access to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAG address to connect to the system temporarily by checking Enable it VAP Overview General N WAP Config Security N Repeater N Adva need Access Control Site Survey Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients f Range 1 32 1 Access Control Type MAC ACL Deny List w No MAC Address State Disable O Enable 2 Disable OEnable MAC ACL Deny List 33 Copyright O4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH RADIUS ACL Authenticate incoming MAC addresses by an external RADIUS server When RADIUS ACL is selected all incoming MAG addresses will be authenticated by an external RADIUS server Please note that each VAP MAC ACL and its security type shown on the Security Settings page shar
4. e Advanced Settings The advanced settings hyperlink links to the Advanced Wireless Settings Page VAP Overview General VAP Config Security Repeater Advanced Access Control Home gt Wireless gt Advanced Site Survey Advanced Wireless Settings Profile Name 1 2346 256 2346 1 15 Disable Enable Disable Enable Disable Enable LAPP Disable Enable VAP Advanced Settings Page RTS Threshold Fragment Threshold DTIM period Broadcast SSID Wireless Station Isolation WMM Multicast Broadcast Rate 50 Copyright O4IPNET INC H 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 2 2 General AP s general wireless settings can be configured here VAP Overview General VAP Config Security Repeater Advanced V Access Control Y Site Survey Home gt Wireless gt General General Settings Band 802 119 802 11n Pure iin Short Preamble Disable amp Enable Short Guard Interval Disable 9 Enable Channel Width 20 MHz Channel 6 Max Transmit Rate Auto v Transmit Power Highest ACK Timeout 0 DO 255 0 Auto Unit 4 micro seconds Beacon Interval 100 100 500ms AP General Settings Page e Band Select an appropriate wireless band 802 11b 802 119 802 11b 802 119 802 119 802 11n or select Disable if the wireless function is not required gt Pure 11n En
5. 2 LI DROP STP IEEE 8023 Del Ed In Mv 3 DROP GARP IEEE 8023 Del Ed In Mv Firewall List Page From the overview table each rule is designated with the following field No The numbering will decide the priority for the system to carry out the available firewall rules in the tables e State The check marks will enable the respective rules Action DROP denotes a block rule ACCEPT denotes a pass rule Name Shows the name of the rule EtherType Denotes the type of traffics subject to this rule Remark Shows the note of this rule Setting 4 actions are available Del denotes to delete the rule Ed denotes to edit the rule In denotes to insert a rule and Mv denotes to move the rule 68 Copyright O 4IPNET INC PN ras Man EAP260 Enterprise Access Point ENGLISH gt gt To delete a specific rule Del in Setting column of firewall list will lead to the following page for removal confirmation After the SAVE button is clicked and system is rebooted the rule will be removed Firewall List NE Proe need i Home gt Firewall Firewall List Layer 2 Firewall Settings Remove rule 1 gt gt To edit a specific rule Ed in Setting column of firewall list will lead to the following page for detail configuration From this page the rule can be edited from scratch or from an existing rule for revision Firewall List Service Advanced Home gt Firewall List gt Rule Config Layer 2 Firew
6. 4ipnet our IP network EAP260 V1 20 Enterprise Access Point 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH Copyright amp Disclaimer Copyright The contents of this publication may not be reproduced in any part orasa whole stored transcnbed in an information retrieval system translated into any language ortransmitted in any fom or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written pemission of 4IPNET INC Disclaimer AIPNET INC does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights not the parent rights of others 4IPNET further reserves the night to make changes in any products described herein without notice The publication is subject to change without notice Trademarks AIPNET 4ipnet is a registered trademark of 4IPNET INC Other trademarks mentioned in this public ation are used for identification purposes only and may be properties of their respective owners Copyright O 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH Table of Contents L BONN 6 TN 6 1 2 Document 8 010 0710 A YS EY A SY MEYE 6 PRO CORRE A MA NN 7 2 System Overview and Getting Started iii 8 2 1 Introduction of 4ipnet EAP260 resavesreraveenenaveenenaveenenaveenenavesnsnaveensnavennsnavesnenanennenav
7. User s Manual EAP260 Enterprise Access Point ENGLISH Associated Clients Repeater Event Log On each configuration page you may click SAVE to save the changes of your configured settings but you must reboot the system for the changes to take effect After clicking SAVE the following message will appear Some modification has been saved and will take effect after Reboot All online users will be disconnected during reboot or restart Note 38 Copyright O 4IPNET INC 4ipnet 7 1 System User s Manual EAP260 Enterprise Access Point ENGLISH Upon clicking the System icon users can utilize this section for general configurations of the devices e g Time Setup Network Configurations and System Logs This section includes the following functions General Network Interface Management GRE Tunnel and CAPWAP 7 11 General General Network Interface Port Management CAPWAP IPv6 N Home gt System gt General Name Description Location Device Time Time Zone Time Set Date Set Time e System Information System Information Enterprise Access Point EAP260 Time 1970 01 01 08 27 10 GMT 08 00 Taipei EB D Enable NTP Manually set up aoe x Year x Month Day x Hour Le Min r sec System Information Page For maintenance purposes it is highly recommended to have the following information stated as clearly as possible gt
8. 6 SV 2A Attach the power adapter here 7 Reset button Press once to restart the system Press and hold for more than 5 seconds to reset to factory default 10 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 2 3 Hardware Installation Please follow the steps mentioned below to install the hardware of EAP260 7 Place the EAP260 at the best location The best location for EAP260 is usually at the center of your intended wireless network 2 Connect the EAP260 to your network device Connect one end of the Ethernet cable to the Uplink port of EAP260 and the other end of the cable to a switch a router or a hub EAP260 is then connected to your existing wired LAN network 3 There are two ways to supply power over to EAP260 a Connect the DC power adapter to the EAP260 power socket b EAP260 Uplink port is capable of receiving DC currents Connect an IEEE 802 3af compliant PSE device e g a PoE switch to the Uplink port of EAP260 with the Ethernet cable Now the Hardware Installation is complete Please use only the power adapter supplied with the EAP260 package Using different power adapter may damage this system To verify the wired connection between EAP260 and you switch router hub please also check the LED status indicator of the respective network devices 11 Copyright 4IPNET INC 41pnet User s Manual EAP260 Enterprise Access Point ENGLISH 2 4 Console In
9. Advanced Access Control Site Survey Home gt Wireless gt General General Settings Band 802 119 802 11n M Pure 11n Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Width 20 MHz o V Channel 1 M Max Transmit Rate Auto N vi Transmit Power Auto M Ee EE Mev see HE ACK Timeout 0 FLO 255 Auto Unit 4 micro seconds Beacon Interval 100 100 500ms Wireless General Settings Page Please make sure both APs are using the same Band and Channel in order to establish a successful WDS link Click SAVE if any changes have been made 35 Copyright O 4IPNET INC 41pnet User s Manual EAP260 Enterprise Access Point ENGLISH Step 2 Prevent Loops when Connecting Multiple APs When many APs are linked in this manner undesired loops may form to lower overall WLAN performance To prevent such occurrence please make sure Layer 2 STP is enabled To turn on this feature please click on the System icon and the Network Interface tab General Network Interface Port Management CAPWAP i IPv 1 Home gt System gt Network Interface Network Settings Mode Static DHCP Renew IP Address 192 168 1 1 di Netmask 255 255 255 0 i Default Gateway 192 168 1 254 Primary DNS Server 197 168 1 754 Alternate DNS Server Layer STP Disable Enable Network Settings Page Please select Enable in the field labeled Layer2
10. INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH Table 3 Status Page s Organizational Layout Item Description System Name The system name of the EAP260 Firmware Version The current firmware version of the EAP260 The current firmware build number of the Build Number EAP260 System The location of the EAP260 The site of the EAP260 The system time of the EAP260 The time that the system has been rebooted in System Up Time operation MAC Address The MAG address of the LAN Interface LAN Interface IP Address The IP address of the LAN Interface The Subnet Mask of the LAN Interface Gateway The Gateway of the LAN Interface MAC Address The MAC address of the RF Card Band The RF band in use Channel The channel specified Radio Status Tx Power Transmit Power level of RF card Profile Name The profile name of AP Basic Service Set ID ESD Extended Service Set ID Security Type Security type of the Virtual AP Online Clients The number of online clients The status of the used Tunnel CAPWAP Enabled Disabled 83 Copyright O 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 5 2 Associated Clients The administrator can remotely oversee the status of all associated clients on this page When a low SNR is found here the administrator can tune the corresponding parameters or investigate the settings of associated clients to improve net
11. Addresses from the connected network set Mode to DHCP otherwise set Mode to Static and fill in the required fields marked with a red asterisk IP Address Netmask Gateway and Primary DNS Server with the appropriate values for the network Click SAVE when you are finished to save changes that have been made 20 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH Step 3 Configure the AP s Wireless General Settings Click on the Wireless icon followed by the General tab On this page we need to choose the Band and Channel that we wish to use gt 4 y r System Wireless Firewall Utilities WAP Overview General VAP Config Security Repeater V Advanced N Access Control Site Survey Home gt Wireless gt General General Settings Band 802 119 802 11n Pure iin Short Preamble Disable Enable Short Guard Interval Disable Enable Channel Width 20 MHz v Channel 1 vi Max Transmit Rate Auto M Transmit Power Beacon Interval 100 F100 500ms Wireless General Settings Page amp Status On this page select the Band with which the AP is to broadcast its signal The rest of the fields are optional and can be configured at another time Click SAVE if any changes have been made 21 Copyright O4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH Step 4 Configuring
12. Copyright 4IPNET INC
13. Microwave 197 Eg Cordless Phone 16 Tone id M 10 E Other 74 Interference Type 1 The function will be automatically turned off whenever the operator leaves the page for 30 seconds 2 There can be only one person using this function at the same time Note ol Copyright O 4IPNET INC 8 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 5 Status This page is used to view the current condition and state of the system and it includes the following functions Overview Associated Clients Repeater and Event Log 7 5 1 Overview The System Overview page provides an overview of the system status for the administrator Overview Associated Clients Rep eater N Event Log 1 Home gt Status gt System Overview System Overview gP System amp Radio Status System Name Enterprise Access Poin MAC Address 00 02 6B 06 4D 2F Firmware Ve 1 00 00 Band 802 11g n Build Number 1 7 1 4754 Channel 1 Location TX Power Highest Site EN A Device Time 1970 01 01 10 32 47 System Up Ti O days 2 32 47 LAN Interface ___ gt AP Status DOEBDE AD OE Profile 3 Security Online MAC Address 00 02 68 06 4D 2F rise BSSID ESSID Type Client un IP Address 10 0 5 200 Subnet Mask 255 255 0 0 Gateway 10 0 1 1 VA 00 02 6B 06 4 EAP260 1 None Oo Ww CAPWAP _ __ kl IPv6 Status Disabled Status Disabled System Overview Page 82 Copyright 4IPNET
14. Name The system name used to identify this system gt Description Further information about the system e g device model firmware version and active date gt Location The information on geographical location of the system for the administrator to locate the system easily Time gt Device Time Display the current time of the system gt Time Zone Select an appropriate time zone from the drop down list box 39 Copyright 4IPNET INC PN smart EAP260 Enterprise Access Point ENGEISH gt Time Synchronize the system time by reachable NTP servers or manual setup 1 Enable NTP By selecting Enabled NTP EAP260 can synchronize its system time with the NTP server automatically When this method is chosen at least one NTP server s IP address or domain name must be provided Time Device Time 2000 01 03 04 32 49 Time Zone GMT 08 00 Taipei Time Enable NTP Manually set up NTP Time Configuration Fields Generally networks should have a common NTP server internal or external If there isn t locate a nearby NTP server on the web 2 Manually set up By selecting Manually set up the administrator can manually set the system date and time Time Device Time 2000 01 03 04 32 49 Time Zone Time O Enable NTP Manually set up Set Time Blou lin sec Manual Time Configuration Fields Set Date Select the appropriate Year Month and Day from the d
15. Panel 1 2 3 4 5 6 7 8 Figure 1 EAP260 Front Panel Press and hold for 5 seconds to initiate Master WES process Press and release to initiate Slave WES process Power LED On indicates power on CE Status LED On indicates the system is ready Wireless LED On indicates wireless network interface is ready for service Uplink LED On indicates the Uplink is connected ws ww LAN1 4 LED Indicates the connection status of each LAN TE USB LED Indicates the status of USB connection The USB port is reserved for future USE WES Timeout LED Green ON LED Red ON WES Success LED Red ON LED Green ON WES Fail LED Green ON LED Red ON WES LED For indicating WDS connection status do EEN ENE LED Green OFF and then LED Red OFF and DES SEN BLINKING SLOWLY then BLINKING SLOWLY WES Negotiate BLINKING NORMALLY BLINKING NORMALLY Green Red Copyright O4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH Rear Panel LAN4 USB 2 0 Console i pr SE LAIT I x L d L li Lj o LAN1 LAN2 LAN3 Uplink PoE 1 2 3 5 6 7 1 Figure 2 EAP260 Rear Panel 1 Artonna connector Reverse SMA connectors for aaching antenna as shown me 2 Offers uplink connection This port can be used to connect to a controller ed Erna LL LL 4 USB20port Reserved for future use 5 Console port Attach the serial cable here to access console interface
16. Profile Name VAP 1 z Maximum Number of Clients 32 Range 1 128 per system Access Control Type Disable Access Control P Access Control Settings Page e Maximum Number of Clients EAP260 supports various methods of authenticating clients for wireless LAN access The default policy is unlimited access without any authentication required To restrict the station number of wireless connections simply change the Maximum Number of Stations to a desired number For example when the number of stations is set to 20 only 20 stations are allowed to connect to the specified VAP 62 Copyright O 4IPNET INC 41pnet User s Manual EAP260 Enterprise Access Point ENGLISH e Access Control Type The administrator can restrict the wireless access of client devices based on their MAG addresses gt Disable Access Control When Disable is selected there is no restriction for client devices to access the system gt MAC ACL Allow List When selecting MAC ACL Allow List only the client devices identified by their MAG addresses listed in the Allow List allowed MAG addresses Jare granted with access to the system The administrator can temporarily block any allowed MAG address by checking Disable until the administrator re Enables the listed MAC VAP Overview General VAP Config Security Repeater Advanced vAccess Control Site Survey Home gt Wireless gt Access Control Access Control Settings Pr
17. STP This will prevent data from looping or creating a broadcast storm Click SAVE when completed and then Reboot to allow updated settings to take effect 36 Copyright 4IPNET INC PN ras Man EAP260 Enterprise Access Point ENGLISH 7 Web Management Interface Configuration This chapter will guide the user through the EAP260 s detailed settings The following table shows all the User Interface Ul functions of 4ipnet s EAP260 Enterprise Access Point The Web Management Interface WMI is the page where the status is displayed control is issued and parameters are configured In the Web Management Interface there are two main interface areas Main Menu and Working Area The Working Area occupies the major area of the WMI displayed in the center of the interface It is also referred to as the configuration page The Main Menu on the top of the WMI allows the administrator to traverse to various management functions of the system The management functions are grouped into branches System Wireless Firewall Utilities and Status Table 1 EAP260 s Function Organization OPTION FUNCTION General Network Interface Port Management ne pye BR VAP MEER Wireless BR Be m EE TEN Site N N List Service Advanced Change Password Backup amp Restore System Upgrade Reboot Upload Certificate WAPI Certificate Status Overview 37 Copyright A4IPNET INC 4ipnet
18. This list can be used to specify the ARP Opcode in ARP header Source MAC Address Mask indicates the source MAC IP Address Mask indicates the source IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields Destination MAC Address Mask indicates the destination MAC IP Address Mask indicates the destination IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields Action The rule can be chosen to be Block or Pass Remark The note of this rule can be specified here When the configuration for firewall rule is provided please click SAVE and Reboot system to let the firewall rule take effect gt gt To insert a specific rule In in the Setting column of firewall list will lead to the following page for detail configuration with rule ID for the current inserted rule From this page the rule can be edited form scratch or from an existing rule for revision Firewall List Service V Advanced Home gt Firewall List gt Rule Config Layer 2 Firewall Configuration Rule ID 1 EtherType Interface From To Service ALL w IP Address Mask 0 0 0 0 0 w Destination MAC Address sf Mask mae EE 3 Action Block Pass 70 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH gt gt To move a specific rule Mv in the Setting column of firewall list will lead to the following
19. WPA PSK setting for associating with the target AP Cip psk OA 1F D4 39 10 74 11 54 52 WPA PSK The following configuration box will then appear at the bottom of the screen Information provided here must be consistent with the security settings of the target AP Pre shared Cipher TKIP M Pre shared Key Type psk Hex 64 chars Passphrase 8 63 chars 67 Copyright O4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 3 Firewall The system provides an added security feature Layer2 Firewall in addition to the typical AP security Layer2 Firewall offers a firewall function that is tailored specifically for Layer2 traffics providing another choice of shield against possible security threats coming from going to WLAN AP interfaces hence besides firewall policies configured on gateways this extra security feature will assist to mitigate possible security breach This section provides information in the following functions Firewall Settings Service and Advanced Firewall Settings 7 3 1 Firewall List It provides an overview of firewall rules in the system 6 default rules with up to total 20 firewall rules are available for configuration Firewall List Service V Advanced Home gt Firewall gt Firewall List Layer 2 Firewall Settings Enable Layer 2 Firewall Disable Enable No State Action Name EtherType Remark Setting 1 DROP CDP IEEE 8023 Del Ed In My
20. Wireless Coverage VAP 1 To set up the AP s wireless access refer to the following VAP 1 configuration other VAP configuration can refer to the same setup steps as done for VAP 1 Click on the Overview tab to proceed System Wireless Firewall Utilities Status A 1 VAP Overview General Y VAP Config Security N Repeater Advanced Home gt Wireless gt VAP Overview i En VAP Overview Access Control Site Survey VAP No ESSID State Security Type MAC ACL Advanced Settings 1 EAP260 1 Enabled None Disabled Edit 2 EAP260 2 Disabled None Disabled Edit 3 EAP260 3 Disabled None Disabled Edit 4 EAP260 4 Disabled None Disabled Edit 5 EAP260 5 Disabled None Disabled Edit 6 EAP260 6 Disabled None Disabled Edit 7 EAP260 7 Disabled None Disabled Edit g EAP260 8 Disabled None Disabled Edit Virtual AP Overview Page On this page click the hyperlink in the row and column that corresponds with VAP 1 s State This will bring up the following page gt gt 8 Utilities Status 5 S Firewall Wireless System MED ET OR VAP Overview N General var Config N ERA Ne kk N Advanced N Access Control I site survey Site Survey I N Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP 1 VAP Disable Enable Profile Name VAP 1 Ni ESSID EAP260 1 7 VLAN ID Disable Enable V
21. etc of each VAP with a management gateway Click SAVE and then Reboot for the changes to take effect 25 Copyright O 4IPNET INC 4ipnet 5 Secure Your AP Different VAP may require different levels of security These instructions will guide the user through User s Manual EAP260 Enterprise Access Point ENGLISH setting up different types of security for a particular VAP Simply repeat the following steps for other VAP with security requirement Step 1 Ensure the intended VAP is Enabled gt System Wireless Firewall VAP Overview General y VAP Config Security Repeater Advanced Access Control N Site Survey Home gt Wireless gt VAP Overview VAP Overview VAP No ESSID State Security Type MAC ACL 1 EAP260 1 Enabled None Disabled 2 EAP260 2 Disabled None Disabled 3 EAP260 3 Disabled None Disabled 4 EAP260 4 Disabled None Disabled 5 EAP260 5 Disabled None Disabled 5 EAP 60 6 Disabled None Disabled 7 EAP260 7 Disabled None Disabled 8 EAP260 8 Disabled None Disabled VAP Overview Page y Utilities Status Advanced Settings Edit Edit Edit Edit Edit Edit Edit Edit On the VAP Overview page check the table to confirm the VAP State If it is Enabled skip to Step 2 If not click on to proceed with VAP Configuration for that particular VAP 26 Copyright O 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH System Wireless Firewall Utilities Status VAP Over
22. external RADIUS Please note that each VAP s MAC ACL and its security type shown on the Security Settings page share the same RADIUS configuration VAP Overview N General VAP Config Security Repeater Advanced Access Control V Site Survey Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 l Maximum Number of Clients 132 f Range 1 128 per system Access Control Type RADIUS ACL Primary RADIUS Server Note These settings will also apply to security settings which use RADIUS Server for this VAP Host Domain Name IP Address Authentication Port 1812 1 65535 Secret Key RADIUS ACL 65 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 2 8 Site Survey Site Survey is a useful tool to provide information about the surrounding wireless environment available APs are shown with their respective SSIDs MAC Addresses Channels Rate settings Signal readings and Security types The administrator can click Setup or Connect to configure the wireless connection according to the mentioned readings when the Repeater Type is set as Universal Repeater Scan Again 5 I FA Fi d Addri d han Hal O Tal Si rity be ad ip Lobe 00 1 D0 1F 04 00 2E 56 54 43 None Connect 08 1F D4 00 26 56 1 34 IG None Connect Site Survery Page lf Universal Repeater function is enabled the system can scan and
23. from 64 bit 128 bit or 152 bit WEP Key Format Select a WEP key format from ASCII or Hex WEP Key Index Select a key index from 1 4 The WEP key index is a number that specifies Y V V WV which WEP key will be used for the encryption of wireless frames during data transmission gt WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys e 802 1X When 802 1X Authentication is selected RADIUS authentication and Dynamic WEP are provided VAP Overview General VAP Config Y Security Repeater Advanced Access Control V Site Su mey Home gt AP gt Security Security Settings Profile Name VAP 1 M Security Type 802 1X h Dynamic WEP Disable Enable WEP Key Length 64 bits 128 bits Primary RADIUS Server n s Maike PAP kes Authentication Port 1812 Secret Key Accounting Service Disable Enable Accounting Port 1813 Accounting Interim Update Interval so second s Been UNG SETET fjg k Domain Name IP Address Security Settings 802 1X Authentication gt Dynamic WEP Settings o Dynamic WEP For 802 1X security type Dynamic WEP is always enabled to automatically generate WEP keys for encryption o WEP Key Length Select a key length from 64 bit or 128 bit o Re keying Period The time interval for the dynamic WEP key to be updated the time unit is in seconds gt RADIUS Server Settings Primary Secondary
24. o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server 55 Copyright 4IPNET INC 41pnet User s Manual EAP260 Enterprise Access Point ENGLISH o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period e WPA PSK WPA PSK Wi Fi Protected Access Pre shared Key is a pre shared key authentication method a special mode of WPA VAP Overview General Y VAP Config Security I Repeater Advanced Access Control Site Survey Home gt AP Security Security Settings Profile Name Security Type Cipher Suite Pre shared Key Type PSK Hex 64 chars Passphrase 8 63 chars Group Key Update Period second s Security Settings WPA PSK gt Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed gt Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase gt Pre shared Key Enter the key value for the pre shared key the format
25. requests o Static Trust List can be used to add MAC or MAC IP pairs of devices that are trusted to issue ARP request Other network nodes can still send their ARP requests however if their IP appears on the static list with different MAC their ARP requests will be dropped to prevent eavesdropping If any settings are made please click SAVE to save the configuration before leaving this page 13 Copyright 4IPNET INC e E 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 74 Copyright O4IPNET INC 41pnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 4 Utilities The administrator can maintain the system on this page Change Password Backup amp Restore System Upgrade Reboot Upload Certificate WAPI Certificate 7 4 1Change Password To protect the Web Management Interface from unauthorized access it is highly recommended to change the administrator s password to a secure password Only alpha numeric characters are allowed and it is also recommended to make use of a combination of both numeric and alphabetic characters Change Password Backup amp Restore System Upgrade Reboot Upload Certificate WAPI Certificate Home gt Utilities gt Change Password Change Password Name admin Old Password New Password up to 32 characters Re enter New Password Change Password Page The administrator can change password on this page Enter the original password admi
26. the Change Password tab gt Enter the old password and then a new password with a length of up to 32 characters and retype it in the Re enter New Password field Congratulation Now 4ipnet s EAP260 is installed and configured successfully i lt is strongly recommended to make a backup copy of your configuration settings After the EAP260 s network configuration is completed please remember to change the IP Address of your PC Connection Properties back to its original settings in order to ensure that our PC functions properly in its real network environments 17 Copyright O4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 3 Connect your AP to your Network The following instructions depict how to establish the wireless coverage of your network The AP will connect to the network through its LAN port and provide wireless access to your network After having prepared the EAP260 s hardware for configuration set the TCP IP settings of administrator s computer to have a static IP Address of 192 168 1 10 and Subnet Mask of 255 255 255 0 Step 1 Configuring the AP s System Information gt Enter the AP s default IP Address 192 168 1 1 into the URL of a web browser gt Log in using Username admin and Password admin The WMI will appear as shown below gt X A 8 System Wireless Firewall Utilities Status Overview Associated Clients Repeater Event Log Home gt Status gt Syste
27. ADIUS and provides WPA data encryption 1 VAP Overview General VAP Config Y Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name Security Type Cipher Suite Group Key Update Period 600 second s Primary RADIK Sener Host LA Domain Name IP Address Authentication Port s F Secret Key ee P Accounting Service Disable Enable Accounting Interim Update Interval so second s Security Settings WPA RADIUS gt WPA Settings o Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of login and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period When these configurations are finis
28. AP profile With this the administrator can provide different service levels to clients The security type includes None WEP 802 1X WPA PSK and WPA RADIUS e None Authentication is not required and data is not encrypted during transmission when this option is selected This is the default setting as shown in the following figure r 1 i N 4 VAP Overview General WAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type Security Settings None e WEP WEP Wired Equivalent Privacy is a data encryption mechanism based on a 64 bit 128 bit or 152 bit shared key algorithm 4 i i 1 i L i VAP Overview General VAP Config Repeater V Advanced Access Control Site Survey Security Home gt Wireless gt Security Security Settings Profile Name Security Type WEP v Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 802 11 Authentication Open System Shared Key auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format asc Hex WEP Key Index WEP Keys Security Settings WEP 54 Copyright O 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 802 11 Authentication Select from Open System Shared Key or Auto WEP Key Length Select a key length
29. DTIM Interval that is generated within the periodic beacon at a specified frequency Higher DTIM will let the wireless client save more energy but the throughput will be lowered e Broadcast SSID Disabling this function will prevent the system from broadcasting its SSID If broadcast of the SSID is disabled only devices that have the correct SSID can connect to the system e Wireless Station Isolation By enabling this function all stations associated with the system are isolated and can only communicate with the system 60 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH e WMM The default is Disable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four access categories voice video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only lt To receive the benefits of WMM QoS gt The application must support WMM WMM shall be enabled on EAP260 WMM shall be enabled in the wireless adapter on clients computer e IAPP IAPP Inter Access Point Protocol is a protocol by which access points share information about the stations c
30. IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH L Before You Start L 1 Preface This manual is intended for system integrators field engineers and network administrators to set up 4ipnet s EAP260 802 1 1n b g 2 4GHz MIMO Access Point in their network environments It contains step by step procedures and visual examples to guide MIS staff or individuals with basic network system knowledge to complete the installation L2 Document Conventions a Represents essential steps actions or messages that should not be ignored RS Contains related information that corresponds to a topic Indicates that clicking this button will save the changes you made but you must reboot the system for the changes to take effect Indicates that clicking this button will clear what you have set before the settings are applied Copyright 4IPNET INC 4ipnet 1 3 Package Content The standard package of EAP260 includes 4ipnet EAP260 Quick Installation Guide QIG CD ROM with User s Manual and QIG Console Cable Ethernet Cable Power Adapter DC 5V Detachable Antenna X X x1 x1 X1 X X2 User s Manual EAP260 Enterprise Access Point ENGLISH It is recommended to keep the original packing materials for possible future shipment when repair or maintenance IS required Any returned product should be packed in its original packaging to prevent damage during delivery Copyright 4IPNET I
31. LAN ID 1 4094 VAP Configuration Page VAP 1 shown 22 Copyright O4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH The desired VAP profile can be selected from the drop down menu of Profile Name and VAP 1 configuration will serve as an example for all other VAPs Before proceeding further please make sure that the VAP field is marked Enable afterwards enter an ESSID to represent the WLAN associated with AP s VAP 1 It is suggested that Profile Name is used to describe what this particular VAP will be used for otherwise leave it as default VLAN ID can be chosen at another time Click SAVE to save all changes up to this point and Reboot the system to apply these revised settings Congratulations After reboot the AP can start to operate with these revised settings 23 Copyright O 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 4 Adding Virtual Access Points EAP260 possesses the feature of multi ESSID namely it can behave as multiple virtual access points providing different levels of services from the same physical AP device Please click on the Wireless icon to review the VAP Overview page 9 X r G System Wireless Firewall Utilities Status y i 1 i 1 VAP Overview General VAP Config Security Repeater Advanced Access Control V Site Survey Home gt Wireless gt VAP Overview VAP Overview VAP
32. NC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 2 System Overview and Getting Started 2 1 Introduction of 4ipnet EAP260 The 4ipnet EAP260 Enterprise Access Point embedded with 802 11 n b g 2 4GHz MIMO radio in dust proof metal housing is designed for wireless connectivity in enterprise or industrial environments of all dimensions EAP260 makes the wireless communication fast secure and easy It supports business grade security such as 802 1X and Wi Fi Protected Access WPA and WPA2 By pushing a purposely built button the 4ipWES Press n Connect feature makes it easy to bridge wireless links of multiple EAP260s for forming a wider wireless network coverage EAP260 also features multiple ESSIDs with VLAN tags and multiple Virtual APs great for enterprise applications such as separating traffic from different departments using different ESSIDs The PoE LAN port is able to receive power from Power over Ethernet PoE sourcing devices Its metal case is IP50 anti dust compliant which means that EAP260 is well suited to WLAN deployment in industrial environments PoE Switch TR Internet 7 emi WDS Link i N WHG Controller I EAP260 ESSID 1 EP EG ESSID 2 IK A DS ta th Wired and Wireless Network Layout with EAP260s Copyright 4IPNET INC g pne nn EAP260 Enterprise Access Point ENGLISH 2 2 Hardware Description This section depicts the hardware information including all panel description Front
33. NET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 5 4 Event Log The Event Log provides the records of system activities The administrator can monitor the system status by checking this log Overview Associated Clients Repeater VEvent Log Home gt Status gt Event Log Event Log Jan 1 00 00 14 syslogd started BusyBox v1 12 4 Jan 1 00 00 14 syslog athOap0 IEEE 802 11 Fetching hardware channel rate support not supported Event Log Page Each line in the log represents an event record in each line there are 4 fields e Date Time The time amp date when the event happened e Hostname Indicates which host recorded this event Note that all events on this page are local events so the hostname in this field is always the same In remote SYSLOG service however this field will help the administrator identify which event is from this EAP260 e Process name Indicate the event generated by the running instance e Description Description of the event To save the file locally click SAVE LOG to clear all of the records click CLEAR 80 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 6 Online Help The Help button is at the upper right corner of the display screen Click Help for the Online Help window and then click the hyperlink of the relevant information needed fi Home Logout Help Online Help Corner P N V12020120905 87
34. No ESSID State Security Type MAC ACL Advanced Settings 1 EAP260 1 Enabled None Disabled Edit 2 EAP260 2 Disabled None Disabled Edit 3 EAP260 3 Disabled None Disabled Edit d EAP260 4 Disabled None Disabled Edit 5 EAP260 5 Disabled None Disabled Edit 6 EAP260 6 Disabled None Disabled Edit 7 EAP260 7 Disabled None Disabled Edit g EAP260 8 Disabled None Disabled Edit VAP Overview Page To proceed with specific VAP configuration click on the corresponding cell in the State column and row of the VAP the particular VAP s Configuration page will then appear for further configuration 24 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH gt 4 y A Z System Wireless Firewall Utilities Status VAP Overview General Y VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP 1 VAP Disable Enable Profile Name vAP 1 ESSID FAP260 1 VLAN ID Disable Enable VLAN ID 1 4094 VAP Configuration Page VAP 1 shown Please select the desired VAP profile from the drop down menu of Profile Name Choose Enable for the VAP field Pick a descriptive Profile Name and an appropriate ESSID for clients to associate to A VLAN ID can be provided to indicate the traffic through this particular VAP It may allow further management control e g access rights and Internet usage
35. able 802 11n network only e Short Preamble The short preamble with a 56 bit synchronization field can improve WLAN transmission efficiency Select Enable to use Short Preamble or Disable to use Long Preamble with a 128 bit synchronization field e Short Guard Interval available when Band is 802 119 802 11n The guard interval is the space between symbols characters being transmitted to eliminate inter symbol interference In order to further boost throughput with 802 11n short guard interval is half of what it used to be please select Enable to use Short Guard Interval or Disable to use normal Guard Interval e Channel Width available when Band is 802 119 802 11n Double channel bandwidth to 40 MHz is supported to enhance throughput e Channel Select the appropriate channel from the drop down menu to correspond with your network settings for example Channel 1 11 is available in North American and Channel 1 13 in Europe or choose the default 6 e Max Transmit Rate The maximum wireless transmit rate can be selected from the drop down menu The system will use the highest possible rate when Auto is selected Please note that MCSO MCS15 are transmit rates for n clients only e Transmit Power The signal strength transmitted from the system can be selected among Auto Highest High Medium Low and Lowest from the drop down menu e ACK Timeout It indicates a period of time when the system waits for an Acknowledgement frame 51 Copyri
36. all Configuration Rule ID Rule name CD EtherType IEEE802 3 M Interface VAPI DSAP SSAP ol rn a g 3 O a x Type 2000 ie IPv4 0800 Destination PER ET E MAC Addressi o1 00 0C Cc cC cc Mask Action Block Pass Remark gt Rule ID The numbering of this specific rule will decide its priority among available firewall rules in the table Rule name The rule name can be specified here EtherType The drop down list will provide the available types of traffic subjected to this rule Interface It indicates inbound outbound direction with desired interfaces vv VY y Service when EtherType is IPv4 Select the available upper layer protocols services from the drop down list gt DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for the fields in 802 2 LLC frame header 69 Copyright 4IPNET INC 4ipnet gt gt User s Manual EAP260 Enterprise Access Point ENGLISH Type when EtherType is IEEE802 3 The field can be used to indicate the type of encapsulated traffic VLAN ID when EtherType is 802 1 Q The VLAN ID is provided to associate with certain VLAN tagging traffic Priority when EtherType is 802 1 Q It denotes the priority level with associated VLAN traffic Encapsulated Type when EtherType is 802 1 Q It can be used to indicate the type of encapsulated traffic Opcode when EtherType is ARP RARP
37. am router 47 Copyright 4IPNET INC 4ipnet 7 2 Wireless User s Manual EAP260 Enterprise Access Point ENGLISH This section includes the following functions VAP Overview General VAP Configuration Security Repeater Advanced Access Control and Site Survey EAP260 supports up to eight Virtual Access Points VAPs Each VAP can have its own settings e g ESSID VLAN ID security settings etc With such VAP capabilities different levels of service can be configured to meet network requirements 7 2 1 VAP Overview An overall status is collected on this page including ESSID State Security Type MAC ACL and Advanced Settings where EAP260 features 8 VAPs with respective settings In this table please click on the hyperlink to further configure each individual VAP VAP Overview General V VAP Config V Security Repeater V Advanced Access Control Site Survey Home gt Wireless gt VAP Ou ESSID EAP260 1 EAP260 2 EAP260 3 EAP260 4 EAP260 5 EAP260 6 EAP260 7 EAP260 8 State Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled VAP Overview Security Type None None None None None None None None VAP Overview Page 48 MAC ACL Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Advanced Settings Edit Edit Edit Edit Edit Edit Edit Edit Copyright O 4IPNET INC 8 4ipnet User s Manual EAP260 Ent
38. ate Key for a means of security verification in order to ensure the authenticity of this AP to other network entities 80 Copyright 4IPNET INC H 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 4 7 Channel Analysis This utility Channel Analysis helps an administrator scan the current state of the 2 4GHz wireless environment that he she is in Before using it ensure that the browser to use has installed Java Runtime Environment When the function Is in operation the AP will fully dedicate to this scanning action That means users will not be able to associate to the AP and current online users will be logged off during the process Thus it is highly recommended that admins turn off the function immediately after the scan Change Password Backup amp Restore System Upgrade Reboot Upload Certificate WAPI Certificate Spectrum Analyzer Home Utilities gt Channel Analysis FPhannal Anmahreic Lnanne Analysis Analyzer Configuration Disable Enable Warning The scan result will be cleared when you leave this page Furthermore the analyzer will be disabled if it is left idle for more than 30 seconds ScanStop Density 0 dBm 20 40 60 80 7 gt AT A pe x i Utilization 10064 Threshold The 50H dBm 90 L 80 70 60 50 40 30 20 10 n I I Interference Occurrence min 28 26 i i Bluetooth 22 ii
39. ce Certificate Date Check To enable this item select Enable and click Manage Certificates to enter the Upload Certificate page Please refer to the section 7 4 4 Upload Certificate DNS SRV Discovery The way of using DNS SRV to discover acess controller gt Domain Name Suffix Enter the suffix of the access controller such as example com DHCP Option Discovery Using DHCP option to discover access controller Broadcast Discovery Using Broadcast to discover access controller Multicast Discovery Using muticast to discover access controller Static Discovery Using Static approach to discover access controller gt AC Address The IP address of access controller If it can not discover the first AC it will try to discover the second AC 46 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 16 IPv6 EAP260 supports IPv6 and IPv4 dual stack addressing capability IPV6 by default is disabled but it can be enabled on this tab page General Network Interface Port Management CAPWAP 1 IPv6 Home gt System gt IPv amp Configuration IPv6 Configuration Status Disable Enable Mode Static DHCP Mode There are two options for acquiring an IPv6 address for this device gt Static Configuring IPv6 address manually via this option if you have already acquired a permanent IPV6 address for operation gt DHCP Acquire IPv6 address automatically from upstre
40. different countries 52 Copyright 4IPNET INC H 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 2 3 VAP Configuration This section provides configuration of each Virtual Access Point with settings such as Profile Name ESSID and VLAN ID VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP 1 ar VAP Disable Enable Profile Name WAP 1 ESSID EAP260 1 VLAN ID Disable Enable VLAN ID r 1 4094 VAP Configuration Page To enable specific VAP select the VAP from the drop down list of Profile Name The basic settings of each VAP are collected in the profile as follows e VAP Enable or Disable this VAP e Profile Name The profile name of specific VAP for identity management purposes e ESSID ESSID Extended Service Set ID serves as an identifier for clients to associate with the specific VAP It can be coupled with different service level like a variety of wireless security types e VLAN ID EAP260 supports tagged VLANs virtual LANs To enable VLAN function each VAP shall be given a unique VLAN ID with valid values ranging from 1 to 4094 53 Copyright 4IPNET INC e H 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 2 4 Security EAP260 supports various wireless authentication and data encryption methods in each V
41. display all surrounding available access points APs The administrator can then select an AP for connection to extend Its wireless service coverage on this page SSID The SSID Service Set ID of the AP found in this system s coverage area MAC Address The MAC address of the respective AP Channel The channel number currently used by the respective AP or repeater Rate The transmitting rate of the respective AP Signal The encryption type used by the respective AP vv Y MV VV Setup Connect o Connect Click Connectto associate with the respective AP directly no further configuration is required Cip 893 00 0E 2E 7C AA 6E 1 54 4 None o Setup Click Setup to configure security settings for associating with the respective AP WEP Click Setup to configure the WEP setting for associating with the target AP Cip wep 00 11 43 08 09 56 5 54 40 WEP The following configuration box will then appear at the bottom of the screen Security settings configured here must be the same as the target AP 66 Copyright O 4IPNET INC PN rs EAP260 Enterprise Access Point ENGEISH Notelll If you set WEP security for Universal Repeater the security of AP will also change to WEP and use the same settings WEP Key Type Open Shared Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ASCII Hex WEP Key Index WEP Keys 1 3 WPA PSK Click Setup to configure the
42. e o Security Type None WEP or WPA PSK 58 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH gt WDS If WDS is selected EAP260 can support up to 4 WDS links to its peer APs Security Type None WEP or WPA PSK can be configured to decide which encryption is to be used for WDS connections respectively Please fill in remote peer s MAC address and click SAVE to proceed if setting revision is necessary CLEAR button can be used to clear the contents in the above WDS connection list Advanced Access Control Site Survey YAP Overview General WAP Config Security Repeater Home gt Wireless gt Repeater Config Repeater Settings Repeater Type MWES WDS Profile WDS MAC Address p Security type Repeater Settings WDS o WES Enable WES o MAC Address To input remote peer s MAC address o WDS Select Enable to enable the respective WDS links Select Delete to remove them o Security Type None WEP or WPA PSK 59 Copyright 4IPNET INC H 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 2 6 Advanced The advanced wireless settings for the EAP260 s VAP Virtual Access Point profiles allow customization of data transmission settings The administrator can tune the following parameters to improve network communication performance if a poor connection occurs VAP Overview General VAP Config Secunty Repeater Advanced Acc
43. e the same RADIUS configuration VAP Overview General VAP Config N Security N Repeater N Adva need N Access Control Site Survey b Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 Maximum Number of Clients Range 1 32 Access Control Type RADIUS ACL w ee AS SEFER Notelll These settings will also apply to security settings which use RADIUS Server for this VAP Host PGA Domain Name IP Address Authentication Port 1812 1 65535 Secondary RADIUS Server Host Authentication Port RADIUS ACL Click SAVE and Reboot upon completing the related configurations to take effect 34 Copyright O4IPNET INC PN ras Man EAP260 Enterprise Access Point ENGLISH 6 Create a WDS Bridge between two APs WDS link creation is convenient for extending network coverage where running wires is not an option effectively transferring the traffic to the other end of WLAN LAN through the EAP260 Since this is a peer to peer connection both EAP260s will be configured the same way Step 1 Make sure the Band and Channel are matched between the WDS peers In order to create a valid WDS link the two EAP260s must be configured to use the same channel and band for their wireless settings Click the Wireless icon and then General tab to go to the following page Y A Z System Wireless Firewall Utilities Status VAP Overview General VAP Config Security Repeater
44. em settings to a local disk such as the hard disk drive HDD of a local computer or a compact disc CD e Restore System Settings Click Browse to search for a previously saved backup file and then click Upload to restore the settings The backup file will replace the active configuration file currently running on the system After network parameters have been reset restored the network settings of the administrator PC may need to be changed to ensure that the IP address of the administrator PC is on the same subnet mask as the EAP260 76 Copyright 4IPNET INC PN ras Man EAP260 Enterprise Access Point ENGLISH 7 4 3 System Upgrade The EAP260 provides a web firmware upload upgrade feature The administrator can download the latest firmware from the website and save it on the administrator s PC To upgrade the system firmware click Browse to choose the new firmware file you downloaded onto your PC and then click Upload to execute the process There will be a prompt confirmation message to notify the administrator to restart the system after a successful firmware upgrade Please restart the system after upgrading the firmware Change Password Backup amp Restore System Upgrade Reboot V Upload Certificate Y WAPI Certificate Home gt Utilities gt System Upgrade Current Version 1 00 00 Current Build Number 1 7 1 4754 File Name System Upgrade Page e Itis recommended to check the firmware version
45. ennsnavennsnnvevnenene 8 2 2 Hardware Description A AN EE YAN Ee EE OE 9 2 9 Hardware SN PIA Sha LR oa OR EE RE N 11 AE yn Ol HEES RENE EEE lann yala ie N EGO 12 2 5 Access Web Management Interface een 14 3 Connect your AP to your NetWork iii 18 4 Adding Virtual Access POS a ne 24 UY Oa EE EE 26 6 Create a WDS Bridge between two APS ins 35 7 Web Management Interface Configuration 37 ASS EEE EE OE NE N EE N 39 ARE Ede ors NE RA SE EE N EE EE EE EN EN 39 FN 41 T Ma AON EEE EEE EE PO MA 42 TD VP 45 Te WOME VO JE EEE EE 47 TMU 48 TTV PONTA 48 NL DI Te VAR Cor NN 93 ES E E EEE EN ER 54 7 2 A E NTN 00 TDN 60 MN ON 62 TRA SU SUN CY EEE EE EEE 66 TINN 68 TAG Ve Wea NS EE EE 68 TN 72 DD PAN AICS AY NN 73 TU 75 Te A CHAINS PASS NOIR EEE A YAN KAY ASM ee 75 2 Copyright O 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH ENG ea bled AGS OK EEE 76 7 4 3 System Upgrade ses ees eene ee ko ee ee Es n n ee ee ee en eke ee ed ee Si ge de eek 77 NN 78 FPS 79 BV TN 80 TN 81 3 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 4 7 Channel Analysis Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH TESE EEE 82 EE OE SEE EE VEN 82 Aa HE SSO CO CODES Ee OE ON OE OR E EE MM eric 84 TNT PE ee Ee ee YARMA EE cance ie Ee EE AE Gie OO AS Ne TNL IOC EEE NE 80 LOONDE D EE 87 Copyright 4
46. erprise Access Point ENGLISH e State The hyperlink showing Enable or Disable links to the VAP Configuration page VAP Overview General IVAP Config Security Repeater Advanced N Access Control N Site Survey Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP 1 VAP Disable Enable Profile Name VAP 1 ESSID EAP260 1 VLAN ID Disable Enable VLAN ID 1 4094 VAP State Page e Security Type The hyperlink showing the security type links to the Security Settings Page VAP Overview General m rity N Repeater Home gt Wireless gt Security VAP Config Advanced ACCESS Control Site Survey 1 Security Settings Profile Name Security Type None VAP Security Type Page 49 Copyright 4IPNET INC a 2 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH e MAC ACL The hyperlink showing Allow or Disable links to the Access Control Settings Page RUES EE y EEE EE en I S VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 fr Maximum Number of Clients 32 Range 1 128 per system Access Control Type Disable Access Control gt VAP MAC ACL Page
47. ess Control Site Survey Home gt Wireless gt Advanced Advanced Wireless Settings Profile Name VAP 1 RTS Threshold 2346 1 2346 Fragment Threshold 2346 256 2346 DTIM period 1 1 15 Broadcast SSID Disable Enable Wireless Station Isolation amp Disable Enable WMM Disable Enable IAPP amp Disable Enable IGMP Snooping Disable Enable Multicast Broadcast Rate 11M pi Advanced Wireless Settings Page e RTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the fragment to prevent the hidden node problem The RTS mechanism will be activated if the data size exceeds the value provided A lower RTS Threshold setting can be useful in areas where many client devices are associating with EAP260 or in areas where the clients are far apart and can detect only EAP260 but not each other e Fragmentation Threshold Enter a value between 256 and 2346 The default is 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission smaller value results in smaller frames but allows a larger number of frames in transmission lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference e DTIM Period Input the
48. ght 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH sent back from a station without retransmission In other words upon timeout if the Acknowledgement frame is still not received the frames will be retransmitted This option can be used to tune network performance for extended coverage For regular indoor deployments please keep the default setting e Beacon Interval ms The entered amount of time indicates how often the beacon signal will be sent from the access point Table 2 RF Configurations under normal circumstances in certain countries es wt ES mr 802 11a 802 11b 802 119 802 11b 802 11g 802 11a 802 11n 802 11n 802 119 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 1 2 3 4 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 12 13 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 1 2 3 4 5 6 7 8 9 10 11 12 13 6M 9M 12M 18M 24M 36M 48M 54M 1M 2M 5 5M 11M 6M 9M 12M 18M 24M 36M 48M 54M Auto Lowest Low 1M 2M 5 5M 6M 9M Medium High Highest 11M 12M 18M 24M 36M 48M 54M 6M 9M 12M 18M 24M 36M 48M 54M MCS0 15 1M 2M 5 5M 11M 12M 18M 24M 36M 48M 54M MCS0 15 Please note that available values above will vary depen4ding on the regulation of
49. hed and MAC restriction is not needed click SAVE and Reboot the system Otherwise click on the Overview tab and proceed to the next step 31 Copyright 4IPNET INC PN mana EAP260 Enterprise Access Point ENGEISH Step 3 Configuring MAC ACL Access Control List Clicking on the hyperlink corresponding with intended VAP in the MAC ACL column will bring the user to the Access Control Settings page Site Survey VAP Overview General VAP Config Security Repeater Adva ii Access Control Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 M Maximum Number of Clients f Range 1 32 1 Access Control Type Disable Access Control M Access Control Settings Page Please choose among Disable Allow Deny and RADIUS ACL from the drop down menu of Access Control Type 1 Disable Access Control This means that there is no restriction for client devices to access the system 2 MAC ACL Allow List This means that only the client devices identified by their MAC addresses listed in the Allow List allowed MAG addresses are granted with access to the system The administrator can temporarily block any allowed MAC address by checking Disable until the administrator renews the listed MAC WAP Overview N General N vap Config N secu Repeater Advanced Access Control site Su vey N Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1
50. ion Fields gt Enable Disable Enable or Disable this function gt Community String The community string is required when accessing the Management Information Base MIB of the system o Read Enter the community string to access the MIB with Read privilege o Write Enter the community string to access the MIB with Write privilege gt Trap When enabled events on Cold Start Interface UP amp Down and Association amp Disassociation can be reported to an assigned server o Enable Disable Enable or Disable this function o Server IP Address Enter the IP address of the assigned server for receiving the trap report e System Log By enabling this function specify an external SYSLOG server to accept SYSLOG messages from the system remotely System Log Disable Enable SYSLOG Server IP Server Port SYSLOG Level System Log Fields Enable Disable Enable or Disable this function Server IP The IP address of the Syslog server that will receive the reported events Server Port The port number of the Syslog server Y MV V WV Syslog Level Select the desired level of received events from the drop down menu 44 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 15 CAPWAP CAPWAP is a standard interoperable protocol that enables a controller to manage a collection of wireless access points There are 5 methods of auto AP discovery namely DNS SRV DHCP option Broadcas
51. it page with Ether Type IPv4 The first 28 entries are default services and the administrator can add delete any extra desired services There are 28 firewall services available in default settings these default services cannot be deleted but can be disabled If changes are made please click SAVE to save the settings before leaving this page Firewall List Service Advanced Home gt Firewall gt Service Config No 10 Name ALL ALL TCP ALL UDP ALL ICMP FTP HTTP HTTPS POPS SMTP DHCP Firewall Service Description ALL TCP Source Port 0 65535 Destination Port 0 65535 UDP Source Port 0 65535 Destination Port 0 65535 ICMP TCP UDP Destination Port 20 21 TCP UDP Destination Port 80 TCP UDP Destination Port 443 TCP Destination Part 110 TCP Destination Port 25 UDP Destination Port 67 68 First Prev Next Last total 28 Add Firewall Service Page 72 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 3 3 Advanced Advanced firewall settings are used to supplement the firewall rules providing extra security enhancement against DHCP and ARP traffics traversing the available interfaces of the system Firewall List Service Advanced Home gt Firewall advanced Advanced Firewall Settings Trust Interface m FI m FI FI FI FI FI VAPI VAP VAP3 WAP4 MAP VAPG VAP VAPS DHCP Snooping Disable Enab
52. le ARP Inspection Disable Enable Proxy ARP Disable Enable Force DHCP Disable Enable Trust List Broadcast Disable Enable Static Trust List Disable Enable Trust Interface Each VAP interface can be checked individually to mark as trusted interfaces security enforcements on DHCP ARP like DHCP snooping and ARP inspection will be carried out on non trusted interfaces DHCP Snooping When enabled DHCP packets will be validated against possible threats like DHCP starvation attack in addition the trusted DHCP server IP MAC can be specified to prevent rouge DHCP server ARP Inspection When enabled ARP packets will be validated against ARP spoofing o Proxy ARP option when enabled AP will reply ARP requests on behalf of downlink stations The ARP table maintained by AP will be used as a look up table upon receipt of ARP request from AP uplink Adversely without Proxy ARP ARP request is broadcasted down into the AP s wireless network causing network inefficiencies o Force DHCP option when enabled the AP only learns MAC IP pair information through DHCP packets Since devices configured with static IP address does not send DHCP traffic any clients with static IP address will be blocked from internet access unless its MAC IP pair is listed and enabled on the Static Trust List o Trust List Broadcast can be enabled to let other APs with L2 firewall feature learn the trusted MAC IP pairs to issue ARP
53. m Overview System Overview g gt System Radio Status System Name Enterprise Access Point EA MAC Address 00 1F D3 87 03 03 Firmware Version 1 00 00 Band 802 iigin Build Number 1 7 1 4754 Channel i Location TX Power Highest Site EN A Device Time 1970 01 01 08 26 49 System Up Time O days 0 26 49 LAN Interface 4p AP Status Profil ee S ity Onlir MAC Address 00 1F D3 87 03 01 Krise BSSID ESSID log Tam IP Address 192 168 1 1 VAP 1 00 1F D3 87 03 03 EAP260 1 None 0 Subnet Mask 255 255 255 0 Gateway 192 168 1 254 CAPWAP id IPv6 Status Disabled Status Disabled Web Management Interface Main Page System Overview 18 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH From here click on the System icon to get to the following page On this Page you can make entries to the Name Description and Location fields as well as set the device s time e gt B SYSTEM Wireless Firewall Utilities Status General N Network Interface V Port Management CAPWAP IPVG Home gt System gt General System Information Name Enterprise Access Point EAP260 Description Location Time Device Time 1970 01 01 08 33 27 Time Zone GMT 08 00 Taipei izl Time Enable NTP Manually set up set Date r Vear e x Month Day Set Time Hour Min Sec System Information Page There are two methods of setti
54. n and new password and then re enter the new password in the Re enter New Password field Click SAVE to save the new password 15 Copyright 4IPNET INC e H 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 4 2 Backup amp Restore This function is used to backup and restore the EAP260 settings The EAP260 can also be restored to factory defaults using this function It can be used to duplicate settings to other access points backup settings of this system and then restore on another AP Change Password Y Backup amp Restore System Upgrade Reboot Upload Certificate WAPI Certificate Home gt Utililies gt Config Save amp R Configuration Backup amp Restore Reset to Default Backup System Settings Backup Restore System Settings Backup amp Restore Page e Reset to Default gt Click Reset to load the factory default settings of EAP260 A pop up Page will appear to re confirm the request to reboot the system Click OK to proceed or click Cancel to cancel the reboot request Message from webpage 2 This action will reboot the system Do you want to continue Reboot Confirmation Prompt gt A warning message as displayed below will appear during the reboot period The system power must be kept on before the completion of the reboot process gt The System Overview page will appear upon reboot completion e Backup System Settings Click Backup to save the current syst
55. nfigured in the field below Disable selected implies that traffic from this LAN port will not be tagged with a VLAN ID 42 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 14 Management The management services e g VLAN for Management SNMP and System log can be configured here General Network Interface Port Management CAPWAP IPV6 Ti Home gt System gt Management LI ervices Management Services VLAN for Management Disable Enable VLAN ID f 1 4094 SNMP Configuration Disable Enable Community String Read Write Trap Disable Enable Server IP System Log Disable Enable SYSLOG Server IP 1909 168 1 254 Server Port 514 SYSLOG Level Error Managemeni Services Page VLAN for Management When it is enabled management traffic from the system will be tagged with a VLAN ID In other words administrator who wants to access the WMI must send management traffic with the same VLAN ID such as connecting to a specific VAP with the same VLAN ID Enter a value between 1 and 4094 for the VLAN ID if the option is enabled 43 Copyright O 4IPNET INC PN ras Man EAP260 Enterprise Access Point ENGLISH e SNMP Configuration By enabling SNMP function the administrator can obtain the system information remotely SNMP Configuration Disable Enable Community String Trap Disable Enable SNMP Configurat
56. ng up the time Manual indicated by the option Set Date amp Time and NTP The default is Manual and requires individual setup every time the system starts up Simply choose a time zone and set the time accordingly When it is finished click SAVE Time Zone GMT 08 001Taipei Le Time O Enable NTP Manually set up Set Date Bear MMonth Mbay Set Time Bour Min Mer Manually Time Setup The alternative method is NTP Upon selecting NTP under the Time field the configuration changes to allow up to two NTP servers Simply enter a local NTP server s IP Address if available or search online for an NTP server nearest to you Set the time zone and click SAVE 19 Copyright O 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH Time Enable NTP Manually set up NTP Setup Step 2 Configuring the AP s Network Settings While still on this Page click on the Network Interface tab to begin configuration of the network settings General Network Interface Port N Management CAPWAP i IPVE i q Home gt System gt Network Interface Network Settings Mode Static DHCP Renew IP Address 192 168 1 1 Netmask 255 255 255 0 vi Default Gateway 192 168 1 254 j Primary DNS Server 192 168 1 254 Alternate DNS Server Layer STP Disable Enable Network Settings Page If the deployment decides that the AP will be getting dynamic IP
57. number before proceeding further Please make sure you have the correct firmware file Note e Firmware upgrade may sometimes result in the loss of data Please ensure that all necessary settings are written down before upgrading the firmware e During firmware upgrade please do not turn off the power This may permanently damage the system 77 Copyright 4IPNET INC PN san EAP260 Enterprise Access Point ENGEISH 7 4 4 Reboot This function allows the administrator to restart the EAP260 safely The process takes approximately three minutes Click Reboot to restart the system Please wait for the blinking timer to complete its countdown before accessing the systems Web Management Interface again The System Overview page will appear after a successful reboot Occasionally it is necessary to reboot the EAP260 to ensure that parameter changes are submitted Backup amp Restore System Upgrade Reboot V Upload Certificate WAPI Certificate En Change Password Home gt Utilities gt Reboot Reboot the System Reboot may take several minutes to complete The Admin Login Page will be shown after system boots up Reboot Page 78 Copyright A4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 4 5 Upload Certificate This function is used to configure a valid certificate for security validation required in CAPWAP Change Password V Backup amp Restore V System Upgrade Y Reboo
58. of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds 56 Copyright O 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH gt WPA RADIUS ff this option is selected the RADIUS authentication and data encryption will both be enabled Repeater VAP Overview General WAP Config Security Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name Security Type Cipher Suite Group Key Update Period 600 second s Primary RADIUS Server Host Domain Name IP Address Authentication Port 1812 Secret Key NN Accounting Service Disable Enable Accounting Interim Update Interval so second s Security Settings WPA RADIUS gt WPA Settings o Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt RADIUS Server Settings Primary Secondary o Host Enter the IP address or domain name of the RADIUS server o Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 o Secret Key The secret key for the system to communicate with the RADIUS server o Accounting Service Enabling this option allows accounting of l
59. ofile Name VAP 1 Maximum Number of Clients 132 Range 1 128 per system Access Control Type MAC ACL Allow List No MAC Address State i Disable Enable 2 Disable Enable MAC Allow List An empty Allow List means that there is no allowed MAC address Make sure at least the Note MAC of the management system is included e g network administrator s computer 63 Copyright O4IPNET INC 41pnet User s Manual EAP260 Enterprise Access Point ENGLISH gt MAC ACL Deny List When selecting MAC ACL Deny List all client devices are granted with access to the system except those listed in the Deny List denied MAC addresses The administrator can allow any denied MAC address to connect to the system temporarily by checking Disable VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Access Control Access Control Settings Profile Name VAP 1 as Maximum Number of Clients 32 f Range 1 128 per system Access Control Type MAC ACL Deny List No MAC Address State i Disable Enable 2 Disable Enable Deny List 64 Copyright O4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH gt RADIUS ACL Authenticate incoming MAC addresses by an external RADIUS When RADIUS ACL is selected all incoming MAC addresses will be authenticated by an
60. ogin and logouts through the RADIUS server o Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 o Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period 57 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 2 5 Repeater To extend wireless network coverage EAP260 supports 3 options of Repeater type None WDS or Universal Repeater selecting None will turn this function off gt Universal Repeater lf Universal Repeater is selected please provide the SSID of upper bound AP for uplink connection Security Type None WEP or WPA PSK can be configured for this Repeater connection Please note the security type configured here shall follow upper bound AP s security settings for intended connection VAP Overview General vap Config Security Repeater kame I Access Control Site Survey Home gt Wireless gt Repeater Config Repeater Settings Repeater Type WES The SSID of Upper Bound AF P Current wireless channel of the system is set at 1 Repeater connection may fail If the system is set to connect to upper AP with different channels Security Type Repeater Settings Universal Repeater o The SSID of Upper Bound AP Specify the SSID of the upper bound AP that the system is used to extend that AP s wireless service coverag
61. on allows accounting of login and logouts through the RADIUS server Accounting Port The port number used by the RADIUS server for accounting purposes Specify a port number or use the default 1813 Accounting Interim Update Interval The system will update accounting information to the RADIUS server every interval period 29 Copyright O 4IPNET INC 41pnet User s Manual EAP260 Enterprise Access Point ENGLISH e WPA PSK Provides shared key authentication in WPA data encryption VAP Overview General VAP Config Y Security Repeater Advanced Access Control j Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 M Security Type WPA PSK w Cipher Suite TKIP WPA Pre shared Key Type PSK Hex 64 chars Passphrase 8 63 chars Group Key Update Period 600 second s Security Settings WPA PSK gt Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed gt Pre shared Key Type Select a pre shared key type PSK Hex or Passphrase gt Pre shared Key Enter the key value for the pre shared key the format of the key value depends on the key type selected gt Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds 30 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH e WPA RADIUS Authenticates users by R
62. onnect the administrator PC to the LAN port of EAP260 via an Ethernet cable Then set a static IP Address on the same subnet mask as the EAP260 in TCP IP settings of your PC such as the following example IP Address 192 168 1 100 Subnet Mask 255 255 255 0 Please note that the IP Address used should not overlap with the IP Addresses of Note ie any other device within the same network to avoid IP conflict e Launch the web browser on your PC and enter the IP Address of the EAP260 192 168 1 1 at the address field and then press Enter The following Administrator Login Page will appear Enter admin for both the Username and Password fields and then click Login Username admin Password 1 Administrator Login Page e After a successful login into EAP260 a System Overview page of the Web Management Interface WMI will appear 14 Copyright O4IPNET INC User s Manual EAP260 Enterprise Access Point ENGL SH Y o amp Firewall Utilities i Status mir m LT gt SL EE Home gt Status gt System Overview System Overview P System Radio Status System Name Enterprise Access Point EA MAC Address 00 1F D3 87 03 03 Firmware Version 1 00 00 Band 802 119 n Build Number 1 7 1 4754 Channel 1 Location TX Power Highest Site EN A Device Time 1970 01 01 08 26 49 System Up Time 0 days 0 26 49 3 es LAN Interface
63. onnected to them By enabling this function the system will automatically broadcast information of associated wireless stations to its peer access points This will help wireless stations roam smoothly among IAPP enabled access points in the same wireless LAN e IGMP Snooping By enabling IGMP snooping IGMP packets are transferred via the EAP260 s network interface and the IP multicast host Registration information is recorded and sorted into multicast groups The internal switch can then intelligently forward traffic only to those ports that request multicast traffic Adversely without IGMP snooping multicast traffic is treated like broadcast traffic with packets forwarded to all ports causing network inefficiencies e Multicast Broadcast Rate Bandwidth configuration for multicast broadcast packets If your wireless clients require a larger or smaller bandwidth for sending multicast broadcast packets the administrator can customize the EAP260 s multicast broadcast bandwidth here 61 Copyright 4IPNET INC PN ras Man EAP260 Enterprise Access Point ENGLISH 7 2 7 Access Control On this page the network administrator can restrict the total number of clients connected to the EAP260 as well as specify particular MAC addresses that can or cannot access the device VAP Overview General VAP Config Security Repeater Advanced vAccess Control Site Survey Home gt Wireless gt Access Control Access Control Settings
64. page for reordering confirmation After the SAVE button is clicked and system is rebooted the order of rules will be updated Firewall List N Service Advanced Home gt Firewall gt Move rule Move Rule ID 1 Move to Before After ID 1 20 Please make sure all desired rules state of rule are checked and saved in the overview page the rules will be enforced upon system reboot Firewall List Service Advanced Home gt Firewall gt Firewall List Layer 2 Firewall Settings Enable Layer 2 Firewall Disable Enable No State Action Name EtherType Remark 1 DROP CDP and VTP IEEE 8023 2 O DROP STP BPDU IEEE_8023 3 O DROP GARP IEEE_8023 4 O DROP RIP IPv4 5 O DROP HSRP IPv4 6 O DROP OSPF IPv4 7 8 9 10 First Prev Next Last total 20 71 Del Del Del Del Del Del Del Del Del Del Setting Ed Ed Ed Ed Ed Ed Ed Ed Ed Ed In My My My My My My My My My My Copyright 4IPNET INC 4ipnet 7 3 2 Service User s Manual EAP260 Enterprise Access Point ENGLISH The administrator can add or delete firewall services here the services in this list will become options to choose in firewall rule when EtherType is IPv4 EAP260 provides a list of rules to block or pass traffic of layer 3 or above protocols These services are available to choose from a drop down list of layer2 firewall rule ed
65. rop down menu Set Time Select the appropriate Hour Min and Sec from the drop down menu Unless Internet connection or NTP becomes unavailable it is recommended to use NTP server for time synchronization because system time needs to be reconfigured upon reboot 40 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 12 Network Interface On this page the network settings of the device can be configured fields with a red asterisk i e IP Address Netmask Default Gateway and Primary DNS Server are mandatory General Network Interface V Part Management CAPWAP IPv6 Home gt System gt Network Interface Network Settings Mode Static DHCP Renew IP Address 192 168 1 1 Netmask 255 255 255 0 gt Default Gateway 192 168 1 254 E Primary DNS Server 192 168 1 254 Alternate DNS Server Layer STP Disable Enable Network Settings Page Mode Determine the way to obtain the IP address by DHCP or Static gt Static The administrator can manually set up the static LAN IP address All required fields are marked with a red asterisk O O O O O IP Address The IP address of the LAN port Netmask The Subnet mask of the LAN port Default Gateway The Gateway IP address of the LAN port Primary DNS Server The IP address of the primary DNS Domain Name System server Alternate DNS Server The IP address of the substitu
66. s not required and data is not encrypted during transmission when this option is selected This is the default setting as shown in the following figure VAP Overview General WAP Config Security Repeater N Advanced N Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type Security Settings None e WEP WEP Wired Equivalent Privacy is a data encryption mechanism with key length selected from 64 bit 128 bit or 152 bit VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name Security Type WEP w Note The WEP keys are global setting for all virtual APs The key value will apply to all VAPs 802 11 Authentication Open System Shared Key Auto WEP Key Length 64 bits 128 bits 152 bits WEP Key Format ASCII Hex WEP Key Index WEP Keys Security Settings WEP 802 11 Authentication Select from Open System Shared Key or Auto WEP Key Length Select from 64 bit 128 bit 152 bit key length WEP Key Format Select from ASCII or Hex format for the WEP key WEP Key Index Select a key index from 1 through 4 The WEP key index is a number that VV V WV specifies which WEP key is used for the encryption of wireless frames during data transmission gt WEP Keys Provide the pre defined WEP key value the
67. system supports up to 4 sets of WEP keys 28 Copyright A4IPNET INC PN ras Man EAP260 Enterprise Access Point ENGLISH e 802 1X When 802 1X Authentication is selected RADIUS authentication and enhanced dynamic WEP are provided VAP Overview General VAP Config 4 Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 M Security Type 802 1X w Dynamic WEP Disable Enable WEP Key Length 64 bits 128 bits Rekeying Period seconds Primary RADIUS Server Host KK Domain Name j P il ana Authentication Port 1812 SecretKey T Accounting Service Disable Enable Accounting Interim Update Interval so second s Security Settings 802 1X Authentication gt Dynamic WEP Settings O Dynamic WEP For 802 1X security type Dynamic WEP is always enabled to automatically generate WEP keys for encryption WEP Key Length Select from 64 bits or 128 bits key length Re keying Period The time interval for the dynamic WEP key to be updated the time unit is in seconds gt RADIUS Server Settings O O Host Enter the IP address or domain name of the RADIUS server Authentication Port The port number used by the RADIUS server Specify a port number or use the default 1812 Secret Key The secret key for the system to communicate with the RADIUS server Accounting Service Enabling this opti
68. t Multicast and Static EET OG SE EE MEE TE i fia ir a i General Network Interface Port Management CAPWAP IPv6 1 Home gt System gt CAPWAP CAPWAP Configuration CAPWAP Disable Enable Tunnel Interface FJLAN1 JLAN2 JLAN3 OLANA LAN5 VAPI VAR 2 VARS VAR VARS y 7 VAPS 7 WDS1 7 WDS2 7 WDS3 7 WDS4 Certificate Date Check Disable Enable Manage Certificates DNS SRV Discovery Disable Enable Domain Name Suffix DHCP Option Discovery Disable Enable Broadcast Discovery Disable Enable Multicast Discovery Disable Enable Static Discovery Disable Enable Pri AC Address Remark 1 ES K 2 EE 3 MA LE AE EE 5 EE EL 45 Copyright O4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH CAPWAP The CAPWAP feature can be turned on by selecting Enable or turned off by selecting Disable Tunnel Interface Select a LAN VAP or WDS interface to designate its traffic to pass through the CAPWAP Tunnel established between AP and controller For network interfaces that are unchecked their traffic will be forwarded locally into the internet if this AP is deployed remotely on the WAN side of a controller Please note that grey out check boxes imply that the particular VAP is not yet enabled for service For instructions on how to enable VAP items please refer to section 7 2 3 VAP Configuration for referen
69. t Upload Certificate WAPI Certificate Home gt Utilities gt Upload Certificate Upload Certificate Upload Private Key File Mame Upload Certificate File Mame Upload Trusted Certificate File Name Use Default Certificate Browse Browse Browse gt Upload Certificate It provides flexibility to support customer s own Certificate Private Key or Trusted Certificate for a means of security verification for CAPWAP or other security needs to ensure the authenticity of this AP to other network entities gt Use Default Certificate Click Use Default Certificate to use the default certificate and key 79 Copyright O 4IPNET INC PN ras Man EAP260 Enterprise Access Point ENGLISH 7 4 6 WAPI Certificate This function is used to set up a valid WAPI Certificate for identity validation with other WAPI capable network entities Change basset Backup amp huse System Upgrade N Reboot I Upload Certificate WAT Certificate Home gt Ubtlitles gt WAPI Certificate WAPI Certificate Upload ASU Certificate File Name Browse Upload AE Certificate Private Key File Name gt Upload ASU Certificate It provides flexibility to support customer s own ASU Certificate for a means of security verification in order to ensure the authenticity of this AP to other network entities gt Upload AE Certificate Private Key It provides flexibility to support customer s own AE Certificate or Priv
70. te DNS server gt DHCP This configuration type is applicable when the system is connected to a network with the presence of a DHCP server all related IP information required will be provided by the DHCP server automatically Layer 2 STP If the EAP260 is set up to bridge other network components this option can be enabled to prevent undesired loops because a broadcasting storm may occur in a multi switch environment where broadcast packets are forwarded in an endless loop between switches Moreover a broadcast storm may consume most of available system resources in addition to available bandwidth Thus enabling the Layer 2 STP can lower such undesired occurrence and derive the best available data path for network communication 41 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH 7 13 Port The physical Ethernet ports of EAP260 can be configured to append a VLAN tag for upstream delivery General N Network Interface Port see CAPWAP er Home gt System gt Port Config Port Configuration Port LAN1 VLAN ID Disable Enable VLAN ID 100 1 4094 e Port Selectable from LAN1 LAN4 For each physical LAN port administrator can choose to configure a desired VLAN ID to be bundled with traffic going upstream from this particular port gt VLAN ID Enable selected implies that network traffic sent upstream from this LAN port will be tagged with the VLAN ID co
71. terface Use this port to enter the console interface for the administrator to check the IP address of EAP260 and reset the device to default if the admin password is forgotten 1 In order to connect to the console port of EAP260 a console modem cable and a terminal simulation program such as the Hyper Terminal are needed 2 Ifa Hyper Terminal is used please set the parameters as 115200 8 None 1 None ax Pon setimi Bas pei second Daa biz E 7 Pani Hone Flow canal Hane Restore Deer The console interface looks like the screenshot below displaying the current LAN IP address and the instructions to reset device to default COMA PuTTY 255 0 0 et to the factory default login 12 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH When resetting the device to default from the console interface enter reset2def for login and password Confirm yes and EAP260 will begin the reset process COMA PuTTY SYSTEM IP 192 168 10 17 Cctory default Enter reset def twice to E login Password oy yuu clin wane to ctory default and reboot ves TE Fa When the login prompt reappears the device has completed the reset to default process and the LAN IP is reset to 192 168 1 1 Copying Feature Control Profile Check customized lr Check customized Configuration file open r trap r syslogd
72. view General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt VAP Config VAP Configuration Profile Name VAP 1 VAP Disable Enable Profile Name VAP 1 ESSID EAP260 1 VLAN ID Disable Enable VLAN ID 1 4094 VAP Configuration Page VAP 1 as shown for example Select Enable for the VAP field and click SAVE Click the Overview tab to return to the previous table to begin the next step Step 2 Configure Security Settings for your VAP The following instructions will guide the user to set up wireless security with a specific VAP If only restricted access of certain MAC addresses is desired skip to Step3 MAC restriction can be coupled with wireless security to provide extra protection First click on the corresponding cell in the column labeled Security Type This hyperlink will direct the user to the following Security Settings page VAP Overview General VAP Config Security Repeater Advanced Access Control Site Survey Home gt Wireless gt Security Security Settings Profile Name VAP 1 Security Type Security Settings Page VAP 1 as shown for example Select the desired Security Type from the drop down menu which includes None WEP 802 1X WPA PSK and WPA RADIUS 27 Copyright 4IPNET INC 4ipnet User s Manual EAP260 Enterprise Access Point ENGLISH e None Authentication i
73. work communication performance Overview Associated Clients Repeater Event Log Home gt Status gt Wireless Clients Associated Client Status Client List Associated VAP ESSID MAC Address SNR dB Idle Time secs Disconnect Associated Client Status Page e Associated VAP The name of a VAP Virtual Access Point that the client is associated with e ESSID The Extended Service Set ID which the client is associated with e MAC Address The MAG address of associated clients e SNR The Signal to Noise Ratio of respective clients association e Idle Time Time period that the associated client is inactive for the time unit is in seconds e Disconnect Upon clicking Kick the client will be disconnected from the system 84 Copyright O 4IPNET INC g pne nn EAP260 Enterprise Access Point ENGLISH 7 9 3 Repeater The administrator can review detailed information of the repeater function on this page Information of WDS repeater s status traffic statistics encryption and other details are provided Overview Associated Clients Repeater A Event Log Home gt Status gt Repeater Information Repeater Information WDS Link Status Ei TX TX TX _ Item Status MAC Address RSSI Rate Comt Eri EncryptionTun 1 Disabl N A N A N A N A N A v 2 Disabl N A N A N A N A N A g 3 Disabl N A N A N A N A N A g 4 Disabl N A N A N A N A N A g Repeater Status Page 85 Copyright O4IP
Download Pdf Manuals
Related Search