3 Chapter 3 Access Point Setup - IT
Contents
1. Update Report every Minutes dius MAC Current Status Disabled entication UAM Current Status Disabled Figure 19 802 1x Wireless Security Data 802 1x Screen 802 1x Radius Server Address Enter the name or IP address of the Radius Server on your network Radius Port Enter the port number used for connections to the Radius Server Client Login Name This read only field displays the current login name which is the same as the name of the Access Point The Radius Server must be configured to accept this login 31 Wireless Access Point User Guide Shared Key WEP Key Size Key Exchange Key Lifetime Radius Accounting Update Report every Radius MAC Authentication UAM This is used for the Client Login on the Radius Server Enter the key value to match the Radius Server Select the desired option e 64 Bit Key size is 64Bits The keys are automatically generated and do not need to be entered e 128 Bit Key size is 128Bits The keys are automatically generated and do not need to be entered Enable this if you want the keys to be updated regularly This field determines how often keys are dynamically updated Enter the desired value Enable this if you want this Access Point to send accounting data to the Radius Server If enabled the port used by your Radius Server must be entered in the Radius Accounting Port field If Radius accounting is enabled you can enable this and ent2. Update the data on screen 58 Operation and Status Statistics Screen This screen is displayed when the 2 4GHz Statistics button on the Status screen 1s clicked It shows details of the traffic flowing through the Wireless Access Point Up Time 01 44 08 2 4GHz Wireless Authentication Deauthentication Association Disassociation Reassociation 0 0 0 0 0 Received Transmitted MSDU 0 6889 Data 0 1168 Multicast 0 1179 Management 281849 7573 Control 0 0 Refresh Figure 50 Statistics Screen Data Statistics Screen System Up Time System Up Time This indicates how long the system has been running since the last restart or reboot 2 4GHz Wireless Authentication The number of Authentication packets received Authentication is the process of identification between the AP and the client Deauthentication The number of Deauthentication packets received Deauthentica tion is the process of ending an existing authentication relationship Association The number of Association packets received Association creates a connection between the AP and the client Usually clients associ ate with only one 1 AP at any time Disassociation The number of Disassociation packets received Disassociation breaks the existing connection between the AP and the client Reassociation The number of Reassociation packets received Reassociation is the service that enables an es
3. Congratulations on the purchase of your new Wireless Access Point The Wireless Access Point links your 802 11g or 802 11b Wireless Stations to your wired LAN The Wireless stations and devices on the wired LAN are then on the same network and can communicate with each other without regard for whether they are connected to the network via a Wireless or wired connection Wireless Station Wireless Access Point A Wired Lan Figure 1 Wireless Access Point The auto sensing capability of the Wireless Access Point allows packet transmission up to 54Mbps for maximum throughput or automatic speed reduction to lower speeds when the environment does not permit maximum throughput Features of your Wireless Access Point The Wireless Access Point incorporates many advanced features carefully designed to provide sophisticated functions while being easy to use e Standards Compliant The Wireless Router complies with the IEEE802 11g DSSS specifications for Wireless LANs e Supports both 802 1 1b and 802 119 Wireless Stations The 802 11g standard provides for backward compatibility with the 802 11b standard so both 802 11b and 802 11g Wireless stations can be used simultaneously e I08Mbps Wireless Connections On both the 2 4GHz 802 11b amp 802 11g and 5GHz 802 11a bands 108Mbps connections are available to compatible clients e Simple Configuration If the default settings are unsuitable they can be changed quickly and e
4. Write to File To download the current list of Trusted Stations from the Access Point to a file on your PC click this button Trusted Wireless Stations To change the list of trusted wireless stations use the Modify List button on the Access Control screen You will see a screen like the sample below Trusted Wireless Stations Trusted Wireless Other Wireless Stations Stations gt Edit Select All Select None Address Physical MAC address Add Clear Back Help Figure 11 Trusted Wireless Stations Data Trusted Wireless Stations Trusted Wireless This lists any Wireless Stations which you have designated as Stations Trusted Other Wireless This list any Wireless Stations detected by the Access Point which Stations you have not designated as Trusted Address The MAC physical address of the Trusted Wireless Station Use this when adding or editing a Trusted Station Buttons lt lt Add a Trusted Wireless Station to the list move from the Other Stations list e Select an entry or entries in the Other Stations list and click the lt lt button e Enter the Address MAC or physical address of the wireless station and click the Add button 15 Wireless Access Point User Guide gt gt Select All Select None Edit Add Clear Delete a Trusted Wireless Station from the list move to the Other Stations list e Select an entry or entries
5. 11 12 Ensure that your certificate authority is checked then click Next Review the policy change information and click Finish Click Start Run type cmd and press enter Enter secedit refreshpolicy machine policy This command may take a few minutes to take effect 44 PC and Server Configuration Internet Authentication Service Radius Setup 1 Select Start Programs Administrative Tools Internet Authentication Service 2 Right click on Clients and select New Client Internet Authentication Service action view amp gt fg I 2 1 Internet Authentication Service Local Ax LS Mew Client Mew View Export List Help Figure 33 Service Screen 3 Enter a name for the access point click Next Enter the address or name of the Wireless Access Point and set the shared secret as entered on the Security Settings of the Wireless Access Point Click Finish Right click on Remote Access Policies select New Remote Access Policy Assuming you are using EAP TLS name the policy eap t 1s and click Next Click Add If you don t want to set any restrictions and a condition is required select Day And Time Restrictions and click Add Select the type of attribute to add and then click the Add button 90 N DM Attribute types Name Description Called Station ld Phone number dialed by user Calling Statian Id Phone number from which call onginated Client Friendly M ame Friend
6. If any of the above items are damaged or missing please contact your dealer immediately Physical Details Front Panel LEDs Status Power Wireless LAN Status O Power LAN Wireless LAN Figure 2 Front Panel On Error condition Off Normal operation Blinking During start up and when the Firmware is being upgraded On Normal operation Off No power On The LAN Ethernet port is active Off No active connection on the LAN Ethernet port Flashing Data is being transmitted or received via the corresponding LAN Ethernet port On Idle Off Error Wireless connection is not available Flashing Data is being transmitted or received via the Wireless access point Data includes network traffic as well as user data Wireless Access Point User Guide Rear Panel ETHERNET CONSOLE E l POWER a RESET We Figure 3 Rear Panel Antenna One antenna aerial 1s supplied Best results are usually obtained with the antenna in a vertical position Console port DB9 female RS232 port Reset Button This button has two 2 functions e Reboot When pressed and released the Wireless Access Point will reboot restart e Reset to Factory Defaults This button can also be used to clear ALL data and restore ALL settings to the factory default values To Clear All Data and restore the factory default values l Power Off the Access Point 2 Hold the Reset Button
7. This chapter covers some common problems that may be encountered while using the Wireless Access Point and some possible solutions to them If you follow the suggested steps and the Wireless Access Point still does not function properly contact your dealer for further advice General Problems Problem 1 Solution 1 Problem 2 Can t connect to the Wireless Access Point to configure it Check the following e The Wireless Access Point is properly installed LAN connections are OK and it is powered ON Check the LEDs for port status e Ensure that your PC and the Wireless Access Point are on the same network segment If you don t have a router this must be the case e If your PC is set to Obtain an IP Address automatically DHCP client restart it e You can use the following method to determine the IP address of the Wireless Access Point and then try to connect using the IP address in stead of the name To Find the Access Point s IP Address l Opena MS DOS Prompt or Command Prompt Window 2 Use the Ping command to ping the Wireless Access Point Enter ping followed by the Default Name of the Wireless Access Point e g ping 9003319 3 Check the output of the ping command to determine the IP address of the Wireless Access Point as shown below 2 PDdosnt Microsoft Windows 2000 Uersion 5 00 2195 G gt Copyright 1985 2000 Microsoft Corp C ping schh3318 Pinging cAH3318 192 168 60 51
8. F your network does not have a DHCP server ask your network administrator for an address and then type it in the space below Adapter PC Fast Ethernet Adapter f Obtain an IP address from a DHCP server C Specify an IP address OF Cancel ply Figure 60 Windows NT4 0 IP Address 74 Appendix C Windows TCP IP 3 Select the network card for your LAN 4 Select the appropriate radio button Obtain an IP address from a DHCP Server or Specify an IP Address as explained below Obtain an IP address from a DHCP Server This 1s the default Windows setting This 1s the default Windows settings To work correctly you need a DHCP server on your LAN Using Specify an IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 75 Wireless Access Point User Guide Checking TCP IP Settings Windows 2000 1 Select Control Panel Network and Dial up Connection 2 Right click the Local Area Connection icon and select Properties You should see a screen like the following Local Area Connection Properties Ei General Connect using Be Siemens SpeedStream PEI 10 100 Components checked are used by this connection m Client For Microsoft Networks a File and Printer Sharing for Microsoft Networks Br I
9. SSID wireless Channel Frequency 1 Automatic Wireless Mode 802 11b and 802 11g Operating Mode Wireless Access Point Authentication Open System Encryption None Access Control Disable P Statistics Log f stations f Heip Figure 47 Status Screen 55 Wireless Access Point User Guide Data Status Screen Access Point Access Point Name MAC Address Domain Firmware Version TCP IP IP Address Subnet Mask Gateway DHCP Client Wireless SSID Channel Frequency Mode Security Authentication Encryption Access Control Buttons Log Stations Statistics The current name will be displayed The MAC physical address of the Wireless Access Point The region or domain as selected on the Basic Wireless screen The version of the firmware currently installed The IP Address of the Wireless Access Point The Network Mask Subnet Mask for the IP Address above Enter the Gateway for the LAN segment to which the Wireless Access Point is attached the same value as the PCs on that LAN segment This indicates whether the current IP address was obtained from a DHCP Server on your network It will display Enabled or Disabled The current SSID The Channel currently in use is displayed The current operational mode is displayed This displays the current Authentication setting This displays the current Encryption setting This indicates whether or not the MAC level Access Control feature is
10. you can enable this option If enabled you will able to Management connect to this AP using a Telnet client You will have to provide the same login data user name password as for a HTTP Web connec tion Access Control This feature can be used to block access to your LAN by unknown or untrusted wireless stations Click Access Control on the menu to view a screen like the following ccess Control Enable Access Control by MAC Address Mac Address Connected Se Cmn rev Figure 10 Access Control Screen Data Access Control Screen Enable Use this checkbox to Enable or Disable this feature as desired Warning Ensure your own PC is in the Trusted Wireless Stations list before enabling this feature Trusted Stations This table lists any Wireless Stations you have designated as Trusted If you have not added any stations this table will be empty For each Wireless station the following data is displayed e MAC Address the MAC or physical address of each Wire less station e Connected this indicates whether or not the Wireless station is currently associates with this Access Point 14 Setup Buttons Modify List To change the list of Trusted Stations Add Edit or Delete a Wireless Station or Stations click this button You will then see the Trusted Wireless Stations screen described below Read from File To upload a list of Trusted Stations from a file on your PC click this button
11. 1s allowed Otherwise the user remains on the login page e Clients which pass the authentication are listed as xx xx xx xx xx xx WEB authen tication in the log table and station status would show as Authenticated on the station list table e Ifa client fails authentication xx xx xx xx xx xx WEB authentication failed 1s shown in the log and station status is shown as Authenticating on the station list table UAM Screen The UAM screen will look different depending on the current security setting If you have already provided the address of your Radius server you won t be prompted for it again UAM Universal Access Method r UAM Universal Access Method nternal Web based Authentication External Web based Authentication Login URL Login Failure URL Radius Server Address Radius Port 1812 Client Login Name C000012 Shared Key Cancel Help Figure 15 UAM Screen Data UAM Screen Enable Enable this if you wish to use this feature Internal If selected then when a user first tries to access the Internet they will Web based be blocked and re directed to the built in login page The logon data is Authentication then sent to the Radius Server for authentication 24 External Web based Authentication Login URL Login Failure URL Setup If selected then when a user first tries to access the Internet they will be blocked and re directed to the URL bel
12. 78 Appendix C Windows TCP IP 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This 1s the default Windows setting To work correctly you need a DHCP server on your LAN Using a fixed IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 79 Appendix D About Wireless LANs Overview Wireless networks have their own terms and jargon It is necessary to understand many of these terms in order to configure and operate a Wireless LAN Wireless LAN Terminology Modes Wireless LANs can work in either of two 2 modes e Ad hoc e Infrastructure Ad hoc Mode Ad hoc mode does not require an Access Point or a wired Ethernet LAN Wireless Sta tions e g notebook PCs with wireless cards communicate directly with each other Infrastructure Mode In Infrastructure Mode one or more Access Points are used to connect Wireless Stations e g Notebook PCs with wireless cards to a wired Ethernet LAN The Wireless Stations can then access all LAN resources Access Points can only function in Infrastructure mode and can communicate only with Wireless Stations which are Motel set to Infrastructure mode SSID ESSID BSS S
13. All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required VVireless security System Wireless Security System Settings WPA 802 1x Radius Server Address EE Radius Port Client Login Name SC000012 Shared Key EE WPA Encryption Key Updates m Pairwise Key Update Key Lifetime 2 m Group Key Update Key Lifetime El Update Group Key when any membership terminates Radius Accounting m Enable Radius Accounting Radius Accounting Port 1813 Update Report every Minutes MAC Current Status Disabled tication Contigure AM Current Status Disabled Contigure Figure 18 WPA 802 1x Wireless Security Data WPA 802 1x Screen WPA 802 1x Radius Server Enter the name or IP address of the Radius Server on your network Address Radius Port Enter the port number used for connections to the Radius Server 29 Wireless Access Point User Guide Client Login Name Shared Key WPA Encryption Pairwise Key Update Key Lifetime Group Key Update Key Lifetime Update Group key when any member ship terminates Radius Accounting Update Report every Radius MAC Authentication UAM This read only field displays the current login name which is the same as the name of the Access Point The Radius Server must be configured to accept this login This is used for the Client Login on the Radius Server Enter the key value to match the
14. Client Authentication Server Authentic Lg Issued Certificates is web Server Server Authentication 1 Pending Requests ix Computer Client Authentication Server Authentic cu Failed Requests isluser Encrypting File System Secure Email E D Te fap Sore es Code Signing Microsoft Trust List Signi View gt Refresh Export List Help Creates a new object in this container Figure 27 Certificate Authority Screen 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctrl key Click OK Select Certificate Template Select a certificate template to issue certificates User Signature Only Secure Email Clier Smartcard User secure Email Clier Client amp uthenticatic s Smarkcard Logon Client amp uthenticatic Code Signing Code Signing Lid Trust List Signing Microsoft Trust List a F nrnllment amp nent Certificate Renuestoe k Authenticated Session eroe ee Figure 28 Template Screen 4 Select Start Programs Administrative Tools Active Directory Users and Computers 5 Right click on your active directory domain and select Properties 42 PC and Server Configuration 4 Active Directory Users and Computers E B x Console Window Help 281 x Action View amp g 7X amp 2B i Dmm vat 7 Active Directory Users Name Type Description El m cupa neri ov Computer E Delegate
15. Radius Server Select the desired option Other Wireless Stations must use the same method e TKIP Unicast point to point transmissions are encrypted using TKIP and multicast broadcast transmissions are not encrypted e TKIP 64 bit WEP Unicast point to point transmissions are encrypted using TKIP and multicast broadcast transmis sions are encrypted using 64 bit WEP e TKIP 128 bit WEP Unicast point to point transmissions are encrypted using TKIP and multicast broadcast transmis sions are encrypted using 128 bit WEP e AES CCMP CCMP is the most common sub type of AES Advanced Encryption System Most systems will simply say AES If selected both Unicast point to point and multicast broadcast transmissions are encrypted using AES This refers to the key used for point to point transmissions Enable this if you want the keys to be updated regularly This field determines how often Pairwise keys are dynamically updated Enter the desired value This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly This field determines how often the Group key is dynamically updated Enter the desired value If enabled the Group key will be updated whenever any member leaves the group or disassociates from the Access Point Enable this if you want this Access Point to send accounting data to the Radius Server If enabled the port used by your Ra
16. SP3 Service Pack 3 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to your vendor s documentation for setup instructions The following instructions assume that e You are using Windows XP e You are connecting to a Windows 2000 server for authentication e You already have a login User name and password on the Windows 2000 server Client Certificate Setup 1 Connect to a network which doesn t require port authentication 2 Start your Web Browser In the Address box enter the IP address of the Windows 2000 Server followed by certsrv e g httpt 192 1690 0 2 C00f09T7Vv 3 You will be prompted for a user name and password Enter the User name and Password assigned to you by your network administrator and click OK Connect to 192 168 0 7 a Connecting to 192 166 0 2 User name f Password Remember my password Figure 37 Connect Screen 4 Onthe first screen below select Request a certificate click Next 48 PC and Server Configuration amp Microsoft Certificate Services Microsoft Internet Explorer Sel File Edit View Favorites Tools Help ae pak i x a 5 P Search ST Favorites a Media f Address http 192 168 0 2 certsrv v do Links ioi Microsoft Certificate Services VvirelessCA Home Welcome You use this web site to request a cer
17. can use the Wireless Access Point to gain access to your LAN Password protected Configuration Optional password protection is provided to prevent unauthorized users from modifying the configuration data and settings Advanced Features Command Line Interface If desired the command line interface CLI can be used for configuration This provides the possibility of creating scripts to perform common con figuration changes NetBIOS amp WINS Support Support for both NetBIOS broadcast and WINS Win dows Internet Naming Service allows the Wireless Access Point to easily fit into your existing Windows network Radius Accounting Support If you have a Radius Server you can use it to provide accounting data on Wireless clients SNMP Support SNMP Simple Network Management Protocol is supported allowing you to use a SNMP program to manage the Wireless Access Point UAM Support The Wireless Access Point supports UAM Universal Access Method making it suitable for use in Internet cafes and other sites where user access time must be accounted for WDS Support Support for WDS Wireless Distribution System allows the Wireless Access Point to act as a Wireless Bridge Both Point to Point and Multi Point Bridge modes are supported Introduction Package Contents The following items should be included e Wireless Access Point e Power Adapter e Quick Start Guide e CD ROM containing the on line manual and setup utility
18. detection ls list directory mem system memory statistics 87 Wireless Access Point User Guide mv Move file np Network Performance ns Network Performance Server ping Ping pktLog Packet Log radar Simulate radar detection on current channel reboot Reboot Access Point rm Remove file run Run command file quit Logoff set 11 gonly Set 11g Only Allowed set I1goptimize Set 11g Optimization Level set 11goverlapbss Set Overlapping BSS Protection set abolt setacl Set Access Control List set aging Set Aging Interval set antenna Set Antenna set authentication Set Authentication Type set autochannelselect Set Auto Channel Selection setbasicllb Set Use of Basic 11b Rates setbasicllg Set Use of Basic 11g Rates set beaconinterval Modify Beacon Interval set burstSeqThreshold Set Max Number of frames in a Burst set burstTime Set Burst Time set calibration Set Calibration Period set cckTrigHigh Set Higher Trigger Threshold for CCK Phy Errors For ANI Control set cckTrigLow Set Lower Trigger Threshold for CCK Phy Errors For ANI Control set cckWeakSigThr Set ANI Parameter for CCK Weak Signal Detection Threshold set channel Set Radio Channel set cipher Set Cipher set compproc Set Compression Scheme set compwinsize Set Compression Window Size set countrycode Set Country Code set ctsmode Set CTS Mode set c
19. down while you Power On the Access Point 3 Continue holding the Reset Button until the Status Red LED blinks TWICE 4 Release the Reset Button The factory default configuration has now been restored and the Access Point is ready for use Ethernet Use a standard LAN cable RJ45 connectors to connect this port to a 10BaseT or 100BaseT hub on your LAN Power port Connect the supplied power adapter here Chapter 2 Installation This Chapter covers the physical installation of the Wireless Access Point Requirements Requirements e TCP IP network e Ethernet cable with RJ 45 connectors e Installed Wireless network adapter for each PC that will be wirelessly connected to the network Procedure 1 Selecta suitable location for the installation of your Wireless Access Point To maximize reliability and performance follow these guidelines e Use an elevated location such as wall mounted or on the top of a cubicle e Place the Wireless Access Point near the center of your wireless coverage area e If possible ensure there are no thick walls or metal shielding between the Wireless Access Point and Wireless stations Under ideal conditions the Wireless Access Point has a range of around 150 meters 450 feet The range is reduced and transmission speed is lower if there are any obstructions between Wireless devices Figure 4 Installation Diagram 2 Useastandard LAN cable to connect the Ethernet port
20. enabled Click this to open a sub window where you can view the activity log Click this to open a sub window where you can view the list of all current Wireless Stations using the Access Point Click this to open a sub window where you can view Statistics on data transmitted or received by the Access Point 56 Operation and Status Activity Log This screen is displayed when the Log button on the Status screen is clicked Activity Log Current time 2004 1 1 01 40 48 GMT 2004 1 1 00 00 00 GMT AP activated Save to File Clear Log Figure 48 Activity Log Screen Data Activity Log Data Current Time The system date and time is displayed Log The Log shows details of the existing connections to the Wireless Access Point Buttons Refresh Update the data on screen Save to file Clear Log Save the log to a file on your pc This will delete all data currently in the Log This will make it easier to read new messages 57 Wireless Access Point User Guide Station List This screen is displayed when the Stations button on the Status screen 1s clicked Station List MAC Address Mode Status Refresh Figure 49 Station List Screen Data Station List Screen Station List MAC Address Mode Status Refresh Button The MAC physical address of each Wireless Station is displayed The mode of each Wireless Station The current status of each Wireless Station is displayed
21. loo Subnet Mask BB BA Noo NO Gateway jo DNS o WINS m Fnable WINS WINS Server Name IP Address HTTP Port P Port uao Telnet Fes MESI EE rst sw enean res Figure 9 System Screen Data System Screen Identification Access Point Enter a suitable name for this Access Point Name Description If desired you can enter a description for the Access Point Country Domain Select the country or domain matching your current location IP Address DHCP Client Select this option if you have a DHCP Server on your LAN and you wish the Access Point to obtain an IP address automatically Fixed If selected the following data must be entered e IP Address The IP Address of this device Enter an unused IP address from the address range on your LAN e Subnet Mask The Network Mask associated with the IP Address above Enter the value used by other devices on your LAN e Gateway The IP Address of your Gateway or Router Enter the value used by other devices on your LAN e DNS Enter the DNS Domain Name Server used by PCs on your LAN 13 Wireless Access Point User Guide WINS Enable WINS If your LAN has a WINS server you can enable this to have this AP register with the WINS server WINS Server Enter the name or IP address of your WINS server Name IP Address HTTP HTTP Port Enter the port number to be used when connecting to this interface The default value is 80 Telnet Enable Telnet If desired
22. no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs TI Wireless Access Point User Guide Checking TCP IP Settings Windows XP 1 Select Control Panel Network Connection 2 Right click the Local Area Connection and choose Properties You should see a screen like the following l Local Area Connection Properties General Authentication Advanced Connect using This connection uses the following items x File and Printer Sharing for Microsoft Networks i QoS Packet Scheduler ag Internet Protocol TCP IF Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected Figure 63 Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Othenvise you need to ask your network administrator For the appropriate IP settings Obtain DNS server address automatically C Use the following DNS server addresses Saas Saad Figure 64 TCP IP Properties Windows XP
23. on the Wireless Access Point to a 10 100BaseT hub on your LAN Wireless Access Point User Guide Connect the supplied power adapter to the Wireless Access Point and a convenient power outlet and power up NOTE If you wish to use PoE Power over Ethernet refer to the following section Check the LEDs e The Status LED should flash then turn OFF e The Power WLAN and LAN LED should be ON For more information refer to Front Panel LEDs in Chapter 1 Using PoE Power over Ethernet The Wireless Access Point supports PoE Power over Ethernet To use PoE l 2 Access Point Do not connect the supplied power adapter to the Wireless Access Point Connect one end of a standard category 5 LAN cable to the Ethernet port on the Wire less Access Point Connect the other end of the LAN cable to the powered Ethernet port on a suitable PoE Adapter 24V DC 500mA Connect the unpowered Ethernet port on the PoE adapter to your Hub or switch Connect the power supply to the PoE adapter and power up Check the LEDs on the Wireless Access Point to see it is drawing power via the Ethernet connection PoE Adapter Ethernet To Hub Powered Unpowered Figure 5 Using PoE Power over Ethernet Chapter 3 Access Point Setup This Chapter provides details of the Setup process for Basic Operation of your Wireless Access Point Overview This chapter describes the setup procedure to make the Wireless A
24. using the WPA standard If this option is used e The Access Point must have a client login on the Radius Server e ach user must have a user login on the Radius Server e ach user s wireless client must support 802 1x and provide the login data when required e All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required 81 Wireless Access Point User Guide 802 1x This uses the 802 1x standard for client authentication and WEP for data encryption If possi ble you should use WPA 802 1x instead because WPA encryption is much stronger than WEP encryption If this option is used e The Access Point must have a client login on the Radius Server e ach user must have a user login on the Radius Server e ach user s wireless client must support 802 1x and provide the login data when required e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 82 Appendix E Command Line Interface Overview If desired the command line interface CLI can be used for configuration This provides the possibility of creating scripts to perform common configuration changes The CLI requires a physical connection from your PC to the serial port RS232 port on the Wireless Access Point Using the CLI Telnet 1 Start your Telnet client and establish a connection to the Acce
25. with 32 bytes of data Reply from 192 168 09 51 bytes 32 timesilms TTL 64 Reply from 172 168 8 51 bytes 32 timetifims TTL 64 Reply from 192 168 6 51 bytes 32 timetifims TTL 64 Reply from 192 168 09 51 bytes 32 time lt ims TTL 64 Figure 56 Ping If your PC uses a Fixed Static IP address ensure that it is using an IP Address which is compatible with the Wireless Access Point If no DHCP Server is found the Wireless Access Point will default to an IP Address and Mask of 192 168 0 228 and 255 255 255 0 On Windows PCs you can use Control Panel Network to check the Properties for the TCP IP protocol My PC can t connect to the LAN via the Wireless Access Point 70 Appendix B Troubleshooting Solution 2 Check the following The SSID and WEP settings on the PC match the settings on the Wire less Access Point On the PC the wireless mode is set to Infrastructure If using the Access Control feature the PC s name and address 1s in the Trusted Stations list If using 802 1x mode ensure the PC s 802 1x software is configured correctly See Chapter 4 for details of setup for the Windows XP 802 1x client If using a different client refer to the vendor s documentation 71 Appendix C Windows TCP IP Overview Normally no changes need to be made e By default the Wireless Access Point will act as a DHCP client automatically obtaining a suitable IP Address and related information from your DHCP Ser
26. AC authentication failed is entered in the log and station status 1s shown as authenticating on the station list table 21 Wireless Access Point User Guide Radius based MAC authentication Screen This screen will look different depending on the current security setting If you have already provided the address of your Radius server you won t be prompted for it again Otherwise you must enter the details of your Radius Server on this screen Radius based MAC Authentication C Enable Radius based MAC authentication Radius Server Address Radius Port 18 12 Client Login Name 20123438 shared Key cave Cancel Help Figure 14 Radius based MAC Authentication Screen Data Radius based MAC Authentication Screen Enable this if vou wishrio Radius based MAC authentication Radius Server If this field 1s visible enter the name or IP address of the Radius Address Server on your network Radius Port If this field is visible enter the port number used for connections to the Radius Server Client Login Name If this field is visible it displays the name used for the Client Login on the Radius Server This Login name must be created on the Radius Server Shared Key If this field is visible it is used for the Client Login on the Radius Server Enter the key value to match the value on the Radius Server WEP Key If this field is visible it 1s for the WEP key used to encrypt data transmissions to the Radius S
27. ANI Control set ofdmWeakSigDet Set ANI Parameter for OFDM Weak Signal Detection set overRidetxpower Set Tx power override set operationMode Set operation Mode set password Modify Password set passphrase Modify Passphrase set pktLogEnable Enable Packet Logging set power Set Transmit Power set quietAckCtsAllow Allow Ack Cts frames during quiet period set quietDuration Duration of quiet period set quietOffset Offset of quiet period into the beacon period 89 Wireless Access Point User Guide setradiusname Set RADIUS name or IP address set radiusport Set RADIUS port number set radiussecret Set RADIUS shared secret setrate Set Data Rate setrate Set Data Rate setrate Set Data Rate setrate Set Data Rate setrate Set Data Rate set regulatorydomain Set Regulatory Domain setremoteAP Set Remote AP s Mac Address set hwtxretries Set HW Transmit Retry Limit set swtxretries Set SW Transmit Retry Limit set rtsthreshold Set RTS CTS Threshold set shortpreamble Set Short Preamble set shortslottime Set Short Slot Time set sntpserver Set SNTP NTP Server IP Address set softwareretry Set Software Retry set spurImmunityLvl Set ANI Parameter for Spur Immunity Level setssid Set Service Set ID set ssidsuppress Set SSID Suppress Mode set SuperG Super G Features set systemname Set Access Point System Name setsnmpMode Set SNMP Mode set sampC
28. Command Reference Command Reference The following commands are available Display CLI Command List admin Temporary factory admin boot flash Boot from flash boot ethernet Boot from network cp Copy file config wlan config wlanX connect bss connect to bssX del acl Delete Access Control List del key Delete Encryption key find bss Find BSS find channel Find Available Channel find all Find All BSS format Format flash filesytem bootrom Update boot rom image 84 Appendix E Command Line Interface ftp Software update via FTP get 1lgonly Display 11g Only Allowed get I1goptimize Display 11g Optimization Level get 11 goverlapbss Display Overlapping BSS Protection get abolt getacl Display Access Control List get aging Display Aging Interval get antenna Display Antenna Diversity get association Display Association Table get authentication Display Authentication Type get autochannelselect Display Auto Channel Select get basicllb Display Basic 11b Rates get basicllg Display Basic 11g Rates get beaconinterval Display Beacon Interval get burstSeqThreshold Display Max Number of frames in a Burst get burstTime Display Burst Time get calibration Display Noise And Offset Calibration Mode get cckTrigHigh Display Higher Trigger Threshold for CCK Phy Errors for ANI Control get cckTrigLow Display Lower Trigger Th
29. Configure misslai 2 test i Preferred networks Automatically connect to available networks in the order listed below umd ai Move up mi zlair Learn about setting up wireless network configuration Figure 44 Wireless Networks Screen 2 Select the wireless network from the Available Networks list and click Configure 3 Select and enter the correct values as advised by your Network Administrator For example to use EAP TLS you would enable Data encryption and click the checkbox for the setting The key is provided for me automatically as shown below 52 PC and Server Configuration Wireless Network Properties Network name 551D misslaind Wireless network key WEP This network requires a key for the followin Data encryption MEP enabled Network Authentication Shared mode The key is provided for me automatically This is a computer to computer ad hoc network wireless access points are not used Figure 45 Properties Screen Setup for Windows XP and 802 1x client is now complete 53 Wireless Access Point User Guide Using 802 1x Mode without WPA This is very similar to using WPA 802 1x The only difference is that on your client you must NOT enable the setting The key is pro vided for me automatically Instead you must enter the WEP key manually ensuring it matches the WEP key used on the Access Point Wireless Netwo
30. Control E Find E Connect to Domain Connect to Domain Controller Operations Masters New All Tasks gt New Window from Here Refresh Properties Opens property sheet For the current selection start 4 e A once E contr Fyadd Acab activ activ ryre g Gam 245 pm Figure 29 Active Directory Screen 6 Select the Group Policy tab choose Default Domain Policy then click Edit wireless yourdomain tid Properties General Managed By Group Policy No Override Disabled g Default Domain Policy Group Policy Objects higher in the list have the highest priority This list abtained from rowar wireless yourdomeain td i Block Policy inheritance Cancel Apply Figure 30 Group Policy Tab 7 Select Computer Configuration Windows Settings Security Settings Public Key Policies right click Automatic Certificate Request Settings New Automatic Certificate Request 43 Wireless Access Point User Guide Group Policy Action view e Am Ege Tree E ea Computer Configuration BH Software Settings E n evi Settings Scripts Startup Shutdown Security Settings H E Account Policies H eel Local Policies H ee Event Log 49 Restricted Groups 29 System Services 9 Registry 9 File System E Public Key Policies k i ag Encrypted Data Recovery Agents Automatic Certificate Request De
31. E leve LevelOne WAP 0005 108 Mbps Wireless Access Point User s Manual TABLE OF CONTENTS CHAPTER LINTRODUC DION eieeveesezses ve ea cu ve ed eo skr ev PEDE een n i dae Eee vg alu e Pao Reines 1 Features of your Wireless Access Point ccce eere eee eee eee ee eere teet ettet eee e eese essa saos 1 Package Contents 2 onec a E TEE EAEE SENE E E AEAEE 3 Physical Det ais ee HOY 3 CHAPTER 2 INSIALLATION 3 dieieieceeer yscen nce ee ve eo eus ve aaa de Qoo b oras Eiai a de ao aeos c0 5 PRECIP OMIO INS TT C T T TT 5 Procedur rn AA E EN 5 CHAPTER 3 ACCESS POINT SETUP 21 eeecnse eese reU ensordaire aaoi osea aeaeaei 7 ligado FA P 7 Setup using the Windows Utility eee ieoiaene seven boite e ovy een eo eae aea a e vu esp eso soe r aai 7 Setup USING Web BEOWSOE iiic eire e haee nna e Eo dra dd E vue E Sdn SS era aa re vai a eoi ed eir vdd eed Rea 10 SYSE SEFCC I D 13 LYddquiaunibeee e M HA 14 Wireless SCrOCIS mee HR 17 Basic Selnes SCEPQIL eese eee cc vh sis kae nea rana aes dae EE LEENE ON aaa Le eee NEUE CHER a e XR NEAR EIN Na 17 Security SCIO NR 20 Advanced SCULIN GS ass sake cocasaceecsudesscascusaccavetasiiwsusaceceuelansiatenssasevevaasdelesanecesniaiasedssacaceuuauaiecs 33 CHAPTER 4 PC AND SERVER CONFIGURATION ccccccccccccccc
32. RADIUS client on RADIUS server using the IP address or name of the Wire less Access Point and the same shared key as entered on the Wireless Access Point e Ensure the Wireless Access Point has the correct address port number and shared key for login to your Radius Server These parameters are entered either on the Secu rity page or the UAM sub screen depending on the security method used 2 Add users on your RADIUS server as required and allow access by these users Client PCs must have the correct Wireless settings in order to associate with the Wireles Access Point 4 When an associated client tries to use HTTP TCP port 80 connections they will be re directed to a user login page 5 The client user must then enter the user name and password as defined on the Radius Server You must provide some system to let users know the correct name and password to use 6 Ifthe user name and password is correct Internet access is allowed Otherwise the user remains on the login page e Clients which pass the authentication are listed as xx xx xx xx xx xx WEB authen tication in the log table and station status would show as Authenticated on the station list table e Ifa client fails authentication xx xx xx xx xx xx WEB authentication failed shown in the log and station status is shown as authenticating on the station list table UAM authentication External 1 Ensure the Wireless Access Point can login
33. SID A group of Wireless Stations and a single Access Point all using the same ID SSID form a Basic Service Set BSS Using the same SSID is essential Devices with different SSIDs are unable to communi cate with each other However some Access Points allow connections from Wireless Stations which have their SSID set to any or whose SSID is blank null ESS ESSID A group of Wireless Stations and multiple Access Points all using the same ID ESSID form an Extended Service Set ESS Different Access Points within an ESS can use different Channels To reduce interference it is recommended that adjacent Access Points SHOULD use different channels Appendix D About Wireless LANs As Wireless Stations are physically moved through the area covered by an ESS they will automatically change to the Access Point which has the least interference or best perform ance This capability 1s called Roaming Access Points do not have or require Roaming capabilities Channels The Wireless Channel sets the radio frequency used for communication e Access Points use a fixed Channel You can select the Channel used This allows you to choose a Channel which provides the least interference and best performance For 802 11g 13 channels are available in the USA and Canada but l1 channels are available in North America if using 802 11b e Ifusing multiple Access Points it is better if adjacent Access Points use different Chan
34. User Name and password for the Password 4 Ensure the P address Network Mask and Gateway are correct for your LAN Save any changes 5 Click the Web Management button to connect to the selected Wireless Access Point using your Web Browser If prompted enter the User Name and Password again 6 Configure the following screens using the on line help if necessary The following section also provides more details about each of these screens e Wireless Basic Basic Wireless settings e Wireless Security Wireless Security e Management Admin Login Set login name and password 7 Setup is now complete Wireless Access Point User Guide Setup using a Web Browser Your Browser must support JavaScript The configuration program has been tested on the following browsers Netscape V4 08 or later Internet Explorer V4 or later Setup Procedure Before commencing install the Wireless Access Point in your LAN as described previously l 6 Check the Wireless Access Point to determine its Default Name This is shown on a label on the base or rear and is in the following format SCXXXXXX Where xxxxxx is a set of 6 Hex characters 0 9 and A F Use a PC which is already connected to your LAN either by a wired connection or an other Access Point e Until the Wireless Access Point is configured establishing a Wireless connection to it may be not possible e If your LAN contains a Router or Routers ensu
35. WPA PSK For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive Wireless On each client Wireless security must be set to WPA PSK Security e The Pre shared Key entered on the Access Point must also be entered on each Wireless client e The Encryption method e g TKIP AES must be set to match the Access Point 36 PC and Server Configuration Using WPA 802 1x This 1s the most secure and most complex system 802 1x mode provides greater security and centralized management but it is more complex to configure Wireless Station Configuration For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive 802 1x Each client must obtain a Certificate which 1s used for authentication for Authentication the Radius Server 802 1x Typically EAP TLS is used This is a dynamic key system so keys do Encryption NOT have to be entered on each Wireless station Radius Server Configuration If using WPA 802 1x mode the Radius Serve
36. asily Wireless Access Point User Guide DHCP Client Support Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request The Wireless Access Point can act as a DHCP Client and obtain an IP address and related information from your existing DHPC Server Upgradeable Firmware Firmware is stored in a flash memory and can be upgraded easily using only your Web Browser PoE Support You can user PoE Power over Ethernet to provide power to the Wireless Access Point so only a single cable connection is required Security Features WEP support Support for WEP Wired Equivalent Privacy is included Both 64 Bit and 128 Bit keys are supported WPA support Support for WPA is included WPA is more secure than WEP and should be used if possible Both TKIP and AES encryption methods are supported 02 1x Support Support for 802 1x mode is included providing for the industrial strength wireless security of 802 1x authentication and authorization Radius Client Support The Wireless Access Point can login to your existing Radius Server as a Radius client Radius MAC Authentication You can centralize the checking of Wireless Station MAC addresses by using a Radius Server Dynamic WEP key Support In 802 1x mode either fixed or Dynamic WEP keys can be used Access Control The Access Control feature can check the MAC address of Wireless clients to ensure that only trusted Wireless Stations
37. can connect to your network The only settings available from this screen are Radius MAC Authentication and UAM Universal Access Method Radius MAC Authentication Radius MAC Authentication provides for MAC address checking which is centralized on your Radius server If you don t have a Radius Server you cannot use this feature Using MAC authentication 1 Ensure the Wireless Access Point can login to your Radius Server e AddaRADIUS client on the RADIUS server using the IP address or name of the Wireless Access Point and the same shared key as entered on the Wireless Access Point e Ensure the Wireless Access Point has the correct address port number and shared key for login to your Radius Server These parameters are entered either on the Security page or the Radius based MAC authentication sub screen depending on the security method used e Onthe Access Point enable the Radius based MAC authentication feature on the screen below 2 Add Users on the Radius server as required The username must be the MAC address of the Wireless client you wish to allow and the password must be blank 3 When clients try to associate with the Access Point their MAC address is passed to the Radius Server for authentication e f successful xx xx xx xx xx xx MAC authentication is entered in the log and cli ent station status would show as authenticated on the station list table e fnotsuccessful xx xx xx xx xx xx M
38. ccccccccccccccccccccccccscecees 35 OOVOT VICW er M 35 LUST WEP mec RR 35 Usine ud av qe 36 Usmo WPA 802 DX duse a dive eee sean E cor HIE o ebore av vie dudo Eo du dL v vede v acess 37 802 1x Server Setup Windows 2000 Server euer eere eee eee eene n e eee nuu 38 802 1x Client Setup on Windows XP eene eee eee eee eene eene eee n a ettet ettet tees skissa 48 Using 802 Ix Mode without WPA siccssccssccasssssccccccrssevcssesess ccctscsescensccdssadaceessesscesssansceece 54 CHAPTER 5 OPERATION AND STATUS eeecccessssesssssscccoccccccecessssscsoccsccecessssessssssssossse 55 Operation TRU 55 EI Sereen T LI IL 55 CHAPTER 6 OTHER SETTINGS amp FEATURES eeeeeeeeccscccccsccccccccccccccccececccccccccccecseseseee 61 COVEN VIEW e B 61 Admin GS i SCHOO AT YY 61 ro pad prc 63 SNMP uii n HE o a EE RSMMI E E I M Me Pads 64 Firmware UP Or ade ioi Eten eite rr RE ones on Dp Senes csetweseceeee 65 APPENDIX A SPECIFICA TIONS i iiteteet vane ds painoonsa oeroue ouie casvacessenesecectensssecs 66 Wireless Access POM Goi uie pide b HO be e Ue LIE tee sade Nee LUE tan cc ENT OH EM PEDE epa iat EN ecu 66 APPENDIX B TROUBLESHOOTING 2 12 2 1 eee reor e cr rese e ocu eor eror e Does ee e
39. ccess Point a valid device on your LAN and to function as an Access Point for your Wireless Stations Wireless Stations may also require configuration For details see Chapter 4 Wireless Station Configuration The Wireless Access Point can be configured using either the supplied Windows utility or your Web Browser Setup using the Windows Utility A simple Windows setup utility is supplied on the CD ROM This utility can be used to assign a suitable IP address to the Wireless Access Point Using this utility is recommended because it can locate the Wireless Access Point even if it has an invalid IP address Installation 1 Insert the supplied CD ROM in your drive 2 Ifthe utility does not start automatically run the SETUP program in the root folder 3 Follow the prompts to complete the installation Main Screen e Start the program by using the icon created by the setup program e When run the program searches the network for all active Wireless Access Points then lists them on screen as shown by the example below Wireless Access Point User Guide E Access Point Management Wireless Access Point Management Utility Version 1 1 Wireless Access Points 2 31 2 58 OOCO02 7 788r 802 115 g o b Detail Info Web Management Set IP Address Exil Figure 6 Management utility Screen Wireless Access Points The main panel displays a list of all Wireless Access Points found on the network For each Acces
40. changes frequently ireless Security Wireless Security System WPA PSK Pre shared Key Network Key es WPA Eneryption Key Updates m Pairwise Key Update Key Lifetime 0 minutes Group Key Update Key Lifetime 50 minutes Update Group Key when any membership terminates Current Status Disabled Current Status Disabled see owe reo Figure 17 WPA PSK Wireless Security Data WPA PSK Screen WPA PSK Network Key WPA Encryption Enter the key value Data 1s encrypted using a 256Bit key derived from this key Other Wireless Stations must use the same key Select the desired option Other Wireless Stations must use the same method e TKIP Unicast point to point transmissions are en crypted using TKIP and multicast broadcast transmissions are not encrypted e TKIP 64 bit WEP Unicast point to point transmis sions are encrypted using TKIP and multicast broadcast transmissions are encrypted using 64 bit WEP e TKIP 128 bit WEP Unicast point to point transmis sions are encrypted using TKIP and multicast broadcast transmissions are encrypted using 128 bit WEP e AES CCMP CCMP is the most common sub type of AES Advanced Encryption System Most systems will simply say AES If selected both Unicast point to point and multicast broadcast transmissions are encrypted using AES 21 Wireless Access Point User Guide Pairwise Key Update Key Lifetime Group Key Up
41. cify an IP address Figure 58 IP Address Win 95 Ensure your TCP IP settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This 1s the default Windows settings To work correctly you need a DHCP server on your LAN Using Specify an IP Address If your PC is already configured for a fixed specified IP address no changes are required The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs 73 Wireless Access Point User Guide Checking TCP IP Settings Windows NT4 0 1 Select Control Panel Network and on the Protocols tab select the TCP IP protocol as shown below Network i E3 Identification Services Frotocols Adapters Bindings Network Protocols Y NetBEUI Protocol d MWwLink IFSP Compatible Transport d MWwLink NetBIOS ETLPZIP Protocol Add Remove Properties dria Descriptions Transport Control Protocol nternet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Cancel Figure 59 Windows NT4 0 TCP IP 2 Click the Properties button to see a screen like the one below Microsoft TCP IP Properties IP Address DNS WINS Address DHCP Relay Routing An IF address can be automatically assigned to this network card by a DHCP server
42. ct the desired option 34 Chapter 4 PC and Server Configuration This Chapter details the PC Configuration required for each PC on the local LAN Overview All Wireless Stations need to have settings which match the Wireless Access Point These settings depend on the mode in which the Access Point is being used e Ifusing WEP or WPA PSK it is only necessary to ensure that each Wireless station s settings match those of the Wireless Access Point as described below For WPA 802 1x and 802 1x modes configuration is much more complex The Radius Server must be configured correctly and setup of each Wireless station is also more com plex For each of the following items each Wireless Station must have the same settings as the Wireless Access Point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the Wireless Access Point The default value is wireless Note The SSID is case sensitive Wireless e Each Wireless station must be set to use WEP data encryption Security e The Key size 64 bit or 128 bit must be set to match the Access Point e The keys values on the PC must match the key values on the Access Point Note On some systems the 64 bit key 1s shown as 40 bit and 128 bit 1s shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption Wireless Access Point User Guide Using
43. date Key Lifetime Update Group key when any membership terminates Radius MAC Authentication UAM This refers to the key used for point to point transmissions Enable this if you want the keys to be updated regularly This field determines how often Pairwise keys are dynamically updated Enter the desired value This refers to the key used for broadcast transmissions Enable this if you want the keys to be updated regularly This field determines how often the Group key is dynamically updated Enter the desired value If enabled the Group key will be updated whenever any mem ber leaves the group or disassociates from the Access Point The current status is displayed Click the Configure button to configure this feature if re quired See page 21 for details on using Radius MAC authentication The current status is displayed Click the Configure button to configure this feature if re quired See page 23 for details on using UAM 28 Setup Security Settings WPA 802 1x This version of WPA requires a Radius Server on your LAN to provide the client authentica tion according to the 802 1x standard Data transmissions are encrypted using the WPA standard If this option is selected e This Access Point must have a client login on the Radius Server e ach user must have a user login on the Radius Server e ach user s wireless client must support 802 1x and provide the login data when required e
44. dius Server must be entered in the Radius Accounting Port field If Radius accounting is enabled you can enable this and enter the desired update interval This Access Point will then send updates according to the specified time period The current status is displayed Click the Configure button to configure this feature if required See page 21 for details on using Radius MAC authentication The current status is displayed Click the Configure button to configure this feature if required See page 23 for details on using UAM 30 Setup Security Settings 802 1x This uses the 802 1x standard for client authentication and WEP for data encryption If possi ble you should use WPA 802 1x instead because WPA encryption is much stronger than WEP encryption If this option is selected e This Access Point must have a client login on the Radius Server e ach user must have a user login on the Radius Server e ach user s wireless client must support 802 1x and provide the login data when required e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated VVireless security System Wireless Security System Settings 802 1x Radius Server Address Pp Radius Port Client Login Name SC000012 Shared Key NEED WEP Key Size m Key Exchange Key Lifetime d Radius Accounting m Enable Radius Accounting Radius Accounting Port
45. eive Sensitivity at 5 5Mbps Receive Sensitivity at 2Mbps Receive Sensitivity at IMbps Maximum Receive Level Transmit Power Modulation Throughput AR2312 AR2112 8 Mbytes Expand to 64MB 2 Mbytes Expand to 8MB x Auto MDIX RJ 45 for 10 100Mbps Ethernet Embedded Atheros solution Network Standard IEEE 802 11b Wi FiTM and IEEE 802 11g compliance OFDM 802 11b CCK 11 Mbps 5 5 Mbps DOPSK 2 Mbps DBPSK 1 Mbps Operating Frequencies 2 412 2 497 GHz Operating Channels 802 11g 13 for North America 13 for Europe ETSI 14 for Japan 802 11b 11 for North America 14 for Japan 13 for Europe ETSI 0 55 C 20 C 70 C DC 24V 500mA 141mm W x 100mm D x 27mm H min 85dBm min 89dBm min 90dBm min 93dBm min 5dBm 18 dBm Direct Sequence Spread Spectrum BPSK QPSK CCK Up to 19 Mbps 66 Operating Range Appendix A Specifications Indoors e 30 Meters 100ft 11Mbps e 50 Meters 165ft 5 5Mbps e 70 Meters 230ft 2Mbps e 9 1Meters 300ft 1Mbps Outdoors e 152 Meters 500ft 11Mbps e 270 Meters 885ft 5 5Mbps e 396 Meters 1300ft 2 Mbps e 457 Meters 1500ft 1 Mbps Software Specifications Feature Wireless Operation Mode Security Management Details Access point support Roaming supported IEEE 802 11g 11b compliance Supper G up to 108Mbps Auto Sensing Open System Share Key authentication Wireless Channels Support Automa
46. ence to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help To assure continued compliance any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment Example use only shielded interface cables when connecting to computer or peripheral devices FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter 69 Appendix B Troubleshooting Overview
47. er the desired update interval This Access Point will then send updates according to the specified time period The current status is displayed Click the Configure button to configure this feature 1f re quired See page 21 for details on using Radius MAC authentication The current status 1s displayed Click the Configure button to configure this feature 1f re quired See page 23 for details on using UAM 32 Setup Clicking the Advanced link on the menu will result in a screen like the following dvanced Settings Basic Rate Selection w Wireless Separation w Worldwide Mode 802 11d Disassociated Timeout KM Minutes 1 99 Fragmentation Length 256 2346 Default 2346 Beacon Interval noo 20 3000 Default 100 RTSICTS Threshold 256 2346 Default 2346 Preamble Type Long gt Output Power Level Antenna Selection Primary gt Protection Type CTS only RTS CTS Short Slot Time Enable Disable Protection Wty Auto gt Protection Rate 11 Mbps gt see J canoe f rer Figure 20 Advanced Settings Data Advanced Settings Screen Basic Rate Basic Rate Selection Options Wireless Separation Worldwide Mode 802 11d The Basic Rate is used for broadcasting It does not determine the data transmission rate which is determined by the Mode setting on the Basic screen Select the desired option Do NOT select the 802 11g or OFDM options unless ALL of your
48. ernet Figure 40 Identifying Information Screen 7 A message will be displayed then the certificate will be returned to you Click Install this certificate A Microsoft Certificate Services Microsoft Internet Explorer File Edit view Favorites Tools Help Qe OQ x AG Psat rre Qe O Address amp http 192 168 0 2 cerbsrvicertfnsh asp Microsoft Certificate Services VVirelessCA Certificate Issued The certificate you requested was issued to you _ Internet Figure 41 Certificate Issued Screen 8 You will receive a confirmation message Click Yes 50 PC and Server Configuration Root Certificate Store x T Do you want to ADD the Following certificate to the Root Store Subject WirelessC A Systems Wireless Widgets College Park MD US catyvourdomain tld Issuer Self Issued Time Validity Thursday October 11 2001 through Saturday October 11 2003 Serial Number 76E748D0 B6S75643 4F77EU81 55133707 Thumbprint sha1 ESEC3F5D BASBG78E 79005548 51017043 BE AUCB ThumbprinE md5 6F171E64 D438B251 44242464 CDB8E6188 Figure 42 Root Certificate Screen 9 Certificate setup is now complete 802 1x Authentication Setup 1 Open the properties for the wireless connection by selecting Start Control Panel Network Connections 2 Right Click on the Wireless Network Connection and select Properties Select the Authentication Tab and ensure that Enable network access control usi
49. erver Enter the desired key value in HEX and ensure the Radius Server has the same value WEP Key Index If this field is visible select the desired key index This sets which of the previously entered WEP keys will be used for communication with the Radius Server Any value can be used provided it matches the value on the Radius Server 22 Setup UAM UAM Universal Access Method is intended for use in Internet cafes Hot Spots and other sites where the Access Point is used to provide Internet Access If enabled then HTTP TCP port 80 connections are checked UAM only works on HTTP connections all other traffic 1s ignored If the user has not been authenticated Internet access is blocked and the user is re directed to another web page Typically this web page is on your Web server and explains how to pay and obtain Internet access To use UAM you need a Radius Server for Authentication The Radius Server Setup must be completed before you can use UAM The required setup depends on whether you are using Internal or External authentication e Internal authentication uses the web page built into the Wireless Access Point e External authentication uses a web page on your Web server Generally you should use External authentication as this allows you to provide relevant and helpful information to users UAM authentication Internal 1 Ensure the Wireless Access Point can login to your Radius Server e Adda
50. et shortslottime Display Short Slot Time Usage get sntpserver Display SNTP NTP Server IP Address get softwareretry Display Software Retry get spurImmunityLvl Display ANI Parameter for Spur Immunity Level getssid Display Service Set ID get ssidsuppress Display SSID Suppress Mode get snmpMode Display SNMP Mode get snmpCommunity Display SNMP Community Name get snmpAccessRight Display SNMP Access Right get snmpAnyStaMode Display SNMP Any Station Mode get snmpStationIPAddr Display SNMP Station Addr gettrapMode Display Trap Mode get trapVersion Display Trap Version get trapSendMode Display Trap Send Mode get trapRecvlp Display Trap Receiver IP get station Display Station Status get SuperG Display SuperG Feature Status get systemname Display Access Point System Name get telnet Display Telnet Mode get timeout Display Telnet Timeout get tzone Display Time Zone Setting get updateparam Display Vendor Default Firmware Update Params get uptime Display UpTime get watchdog Display Watchdog Mode get wds Display WDS Mode get wep Display Encryption Mode get wirelessmode Display Wireless LAN Mode get winsEnable Display WINS Server Enable Disable get winsserveraddr Display IP address of WINS server get wSeparate Display wireless seprate Mode get wlanstate Display wlan state help Display CLI Command List Lebradeb Disable reboot during radar
51. fault Domain Policy swpa dell2k swpa sercomm com tw P O AY Automatic Certificate Request Settings of Trusted Root Certification Authorities Automatic Certificate Request rg Enterprise Trust s View i B 58 IP Security Policies on Active Directory VINE Soe Sin hea ls ae FL Administrative Templates Refresh E d User Configuration Export List Software Settings H E Windows Settings Help Ex Gg Administrative Templates RUNS eee ed eate a new Automatic Certificate Request object and add it to the Security Configuration Editor start mee 3 Clipboardo3 Tr L Active Directory ffi Group Policy lefiGroup Policy PETS 2 56 PM Figure 31 Group Policy Screen 8 When the Certificate Request Wizard appears click Next 9 Select Computer then click Next Automatic Certificate Request Setup Wizard Certificate Template The nest time a computer logs an a certificate based on the template you select is provided 4 certificate template isa set of predefined properties for certificates issued to computers Select a template from the following list Certificate templates Intended Purposes Client Authentication Server Suthenticatior Computer Domain Controller Enrollment Agent Computer Client 4uthentication Server 4uthenticatior Certiticate Request Agent 1 3 6 1 5 5 8 2 2 IFSEC gt X Back Cancel Figure 32 Certificate Template Screen 10
52. he Wireless Access Point s IP address This can happen if your LAN does not have a DHCP Server The default IP address of the Wireless Access Point 1s 192 168 0 228 with a Network Mask of 255 255 255 0 If your PC s IP address is not compatible with this you must change your PC s IP address to an unused value in the range 192 168 0 1 192 168 0 254 with a Network Mask of 255 255 255 0 See Appendix C Windows TCP IP for details for this procedure 11 Wireless Access Point User Guide Status Screen When you first connect you will see the Status screen This displays the current settings and status of the Wireless Access Point No data can be input on this screen tatus Access Point SC000012 Name MAC Address 00 C0 02 00 00 12 Domain Unspecified Firmware Version Version 1 1 Release 23 IP Address 192 168 0 100 Subnet Mask 255 255 255 0 Gateway 192 168 0 1 DHCP Client ES SSID wireless Channel Frequency 1 Automatic Wireless Mode 802 11b and 802 11g Operating Mode Wireless Access Point Authentication Open System Encryption None Access Control Disable Statistics Log f Stations Help Figure 8 Status Screen For further details of this screen refer to Status Screen in Chapter 5 12 Setup System Screen Click System on the menu to view a screen like the following ystem Access Point Name E Country Domain MAC Address 00 C0 02 00 00 12 DHCP Client Fixed IP Address IP address WA o
53. his makes them available to any PC Send to Select this to have Trap messages sent to the specified PC only If Trap version selected you must enter the IP Address of the desired PC Select the desired option as supported by your SNMP Management program 64 Other Settings amp Features xiisti E el ere LECL The firmware software in the Wireless Access Point can be upgraded using your Web Browser You must first download the upgrade file and then select Upgrade Firmware in the Manage ment section of the menu You will see a screen like the following irmware Upgrade Locate and select the upgrade file from your hard disk EE ETEETINIE Figure 55 Firmware Upgrade Screen To perform the Firmware Upgrade 1 Click the Browse button and navigate to the location of the upgrade file 2 Select the upgrade file Its name will appear in the Upgrade File field 3 Click the Upgrade button to commence the firmware upgrade LES The Wireless Access Point is unavailable during the upgrade process and must restart when the up Note grade is completed Any connections to or through the Wireless Access Point will be lost 65 Appendix A Specifications Wireless Access Point Hardware Specifications CPU Radio on Chip DRAM Flash ROM LAN port Wireless Interface Operating temperature Storage temperature Power Adapter Dimensions Wireless Specifications Receive Sensitivity at 11Mbps Rec
54. ill need to restart and will be unavailable during the restart All exiting connections will be broken Use this to set the Wireless Access Point back to its factory default settings Click Set to Defaults to start the procedure The Wireless Access Point will need to restart and will be unavailable during the restart All exiting connections will be broken 63 Wireless Access Point User Guide SNMP Simple Network Management Protocol is only useful if you have a SNMP program on your PC To reach this screen select SVMP in the Management section of the menu NMP m Enable SNMP Community Access Rights Managers Any Station Only this Station lo flo flo flo Disable amp Broadcast DOTT Trap Version sw J cancel Hep Figure 54 SNMP Screen Data SNMP Screen General Enable SNMP Use this to enable or disable SNMP as required Community Enter the community string usually either Public or Private Access Rights Select the desired option e Read only Data can be read but not changed e Read Write Data can be read and setting changed Managers Any Station The IP address of the manager station is not checked Only this station The IP address is checked and must match the address you enter in the IP address field provided If selected you must enter the IP address of the required station Traps Disable Traps are not used Broadcast Select this to have Traps broadcast on your network T
55. in the Trusted Stations list e Click the gt gt button Select all of the Stations listed in the Other Stations list De select any Stations currently selected in the Other Stations list To change an existing entry in the Trusted Stations list select it and click this button 1 Select the Station in the Trusted Station list 2 Click the Edit button The address will be copied to the Address field and the Add button will change to Update 3 Edit the address MAC or physical address as required 4 Click Update to save your changes To add a Trusted Station which is not in the Other Wireless Stations list enter the required data and click this button Clear the Address field 16 Setup Wireless Screens There are 3 configuration screens available e Basic Settings e Security e Advanced Basic Settings Screen The settings on this screen must match the settings used by Wireless Stations Click Basic on the menu to view a screen like the following asic Settings Wireless Mode 802 11b and 802 11g Operating Mode Wireless Access Point Y Remote AP Select AP AP MAC Address Channel No Automatic Current Channel No 1 SSID m Broadcast SSID Save J cence Hen Figure 12 Basic Settings Screen Data Basic Settings Screen Operation Wireless Mode Select the desired option e Disable select this if for some reason you do not this AP to transmit o
56. isplay Encyrption Key Entry Method get keysource Display Source Of Encryption Keys get login Display Login User Name get minimumrate Display Minimum Rate get macAuth Display Mac Authentication Enable Disable get nameaddr Display IP address of name server getnf Display Noise Floor get noiseImmunityLvl Display ANI Parameter for Noise Immunity Level get ofdmTrigHigh Display Higher Trigger Threshold for OFDM Phy Errors for ANI Con trol get ofdmTrigLow Display Lower Trigger Threshold for OFDM Phy Errors for ANI Con trol get ofdmWeakSigDet Display ANI Parameter for OFDM Weak Signal Detection get overRidetxpower Display Tx power override get operationMode Display Operation Mode get pktLogEnable Display Packet Logging Mode get power Display Transmit Power Setting get quietAckCtsAllow Display if Ack Cts frames are allowed during quiet period get quietDuration Display Duration of quiet period get quietOffset Display Offset of quiet period into the beacon period get radiusname Display RADIUS server name or IP address get radiusport Display RADIUS port number getrate Display Data Rate getremoteAp Display Remote Ap s Mac Address get hwtxretries Display HW Transmit Retry Limit get swtxretries Display SW Transmit Retry Limit 86 Appendix E Command Line Interface get rtsthreshold Display RTS CTS Threshold get shortpreamble Display Short Preamble Usage g
57. k if there is no router Click Next 10 For the Parent domain enter the domain you specified for the domain controller setup and enter the server s address for the IP address Click Next New Scope Wizard Domain Name and DNS Servers The Domain Name System DONS maps and translates domain names used by clients on your network You can specify the parent domain pou want the client computers on your network to use for DNS name resolution Parent domain wireless pourdomain tid To configure scope clients to use ONS servers on your network enter the IP addresses for those Servers Server name IP address D les 4 Add Ese 182 168 0 250 Hemave Up Back Cancel Down Figure 26 DNS Screen 11 If you don t want a WINS server just click Next 12 Select Yes I want to activate this scope now Click Next then Finish 13 Right click on the server and select Authorize It may take a few minutes to complete 41 Wireless Access Point User Guide Certificate Authority Setup 1 Select Start Programs Administrative Tools Certification Authority 2 Right click Policy Settings and select New Certificate to Issue fes Certification Authority Action View gt alm 3 2 Tree HE Certification Authority Local GAEFS Recovery Agent File Recovery El fA WirelessCA Gal Basic EFS Encrypting File System J Revoked Certificates isl Domain Controller
58. ly name forthe RADIUS client I5 Chent IP Address IP address of RADIUS client 45 only Chent Yendar Manufacturer of RADIUS pras or NAS I D au And Time Hestrictians Time periods and days of week during wh Framed Protocol The protocol to be used MASI dentifier String identifying the HAS originating the r MAS IP Address IP address af the M amp S originating the req MAS Port Type Type of physical port used by the NAS ori Service T ype Type of service user has requested Tunnal Type Tunneling protocols to be used Wiindows Groups Windows groups that user belongs to gt Add Cancel Figure 34 Attribute Screen 9 Click Permitted then OK Select Next 10 Select Grant remote access permission Click Next 45 Wireless Access Point User Guide 11 Click Edit Profile and select the Authentication tab Enable Extensible Authentication Protocol and select Smart Card or other Certificate Deselect other authentication meth ods listed Click OK Fdit Dial in Profile EE xl Dial in Constraints IP KA ultilink Authentication Encryption Advanced Check the authentication methods which are allowed for this connection wv Extensible Authentication Protocol Select the EAP type which is acceptable for this policy Smart Card ar other Certificate Configure Microsoft Encrypted Authentication version 2 MS CHAP v2 Microsoft Encrypted Authentication MS ECHAP Encrypted Authenticati
59. must provide the MAC address of the other AP in this field You can either enter the MAC address directly or if the other AP is on line you can click the Select AP button and select from a list of available APs If Automatic is selected the Wireless Access Point will self select a Wireless Channel If you experience interference shown by lost connections and or slow data transfers you may need to experiment with different channels to see which Channel is the best This displays the current channel used by the Access Point Enter the desired SSID Wireless Stations must use the same SSID Note The SSID is case sensitive 18 Setup Broadcast SSID If Enabled the SSID will be broadcast to all Wireless Stations Sta tions which have no SSID or a null value can then adopt the correct SSID for connections to this Access Point 19 Wireless Access Point User Guide Security Settings Select the desired option and then enter the settings for the selected method The available options are None No security is used Anyone using the correct SSID can connect to your network WEP The 802 11b standard Data is encrypted before transmission but the encryption system is not very strong WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived fr
60. nels to reduce interference The recommended Channel spacing between adjacent Access Points is 5 Channels e g use Channels 1 and 6 or 6 and 11 e In Infrastructure mode Wireless Stations normally scan all Channels looking for an Access Point If more than one Access Point can be used the one with the strongest signal is used This can only happen within an ESS e Ifusing Ad hoc mode no Access Point all Wireless stations should be set to use the same Channel However most Wireless stations will still scan all Channels to see 1f there is an existing Ad hoc group they can join WEP WEP Wired Equivalent Privacy is a standard for encrypting data before it 1s transmitted This is desirable because it is impossible to prevent snoopers from receiving any data which is transmitted by your Wireless Stations But if the data is encrypted then it is meaningless unless the receiver can decrypt it If WEP is used the Wireless Stations and the Wireless Access Point must have the same settings WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and changes frequently WPA 802 1x WPA 802 1x This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted
61. ng IEEE 802 1X 1s selected and Smart Card or other Certificate 1s selected from the EAP type Wireless Network Connection Properties EIE General Wireless Networks Authentication Advanced Select this option to provide authenticated network access for wired and wireless Ethernet networks Enable network access control using IEEE 802 1 EAF type Ei Authenticate as computer when computer information is available Authenticate as guest when user or computer information is unavailable Figure 43 Authentication Tab Encryption Settings The Encryption settings must match the APs Access Points on the Wireless network you wish to join e Windows XP will detect any available Wireless networks and allow you to configure each network independently 5 Wireless Access Point User Guide e Your network administrator can advise you of the correct settings for each network 802 1x networks typically use EAP TLS This is a dynamic key system so there is no need to enter key values Enabling Encryption To enable encryption for a wireless network follow this procedure l Click on the Wireless Networks tab Wireless Network Connection Properties EJE3 General Wireless Networks Authentication Advanced Use Windows to configure my wireless network settings Available networks To connect to an available network click
62. nsures tat only thorized DHCP servers run on your All Tasks Euri Define User Classes Define vendor Classes Set Predefined Options View H oO add a new scope on the Action menu Delete kk Mew Scope Refresh TUNE o autharize this DHCP server on the IU tion menu click Authorize Help Create a new scope Figure 24 DHCP Screen 3 Click Next when the New Scope Wizard Begins 4 Enter the name and description for the scope click Next 5 Define the IP address range Change the subnet mask if necessary Click Next PC and Server Configuration New Scope Wizard IP Address Hange rou define the scope address range by identifying a set of consecutive IP addresses Enter the range af addresses that the scope distributes Start IP address 132 168 0 100 EndIP address 132 168 0 200 subnet mask defines how many bits of an IF address to use for the network subnet IDs and how many bits to use for the host ID You can specify the subnet mask by length ar as an IP address Length ed Subnet mask 255 255 255 0 lt Back Cancel Figure 25 IP Address Screen 6 Add exclusions in the address fields if required If no exclusions are required leave it blank Click Next Change the Lease Duration time if preferred Click Next Select Yes I want to configure these options now and click Next Enter the router address for the current subnet The router address may be left blan
63. nternet Protocol TCPAIF Install Uninstall Properties Description Transmission Control Pratocal Intermet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected Figure 61 Network Configuration Win 2000 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol TCP IP Properties General rou can get IP settings assigned automatically if your network supports this capability Othenvise you need to ask your network administrator For the appropriate IP settings Obtain an IP address automatically Use the following IP address IP address Subnet mask Default gateway Obtain DNS server address automatically C Use the following DNS server addresses Prefered DNS server Alternate DNS server Figure 62 TCP IP Properties Win 2000 76 Appendix C Windows TCP IP 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This 1s the default Windows setting This 1s the default Windows settings To work correctly you need a DHCP server on your LAN Using a fixed IP Address Use the following IP Address If your PC is already configured for a fixed specified IP address
64. o select certificate services and continue e World Wide Web Server Select World Wide Web Server on the Internet Information Services IIS component e From the Networking Services category select Dynamic Host Configuration Protocol DHCP and nternet Authentication Service DNS should already be selected and in stalled 38 PC and Server Configuration Windows Components Wizard Windows Components fou can add ar remove components of Windows 2000 To add or remove a component click the checkbox A shaded bos means that only part of the component will be installed To see what s included in a component click Details Components Accessories and Utilities E Certificate Services 1 4 MB O lt gt Cluster Service 2 5 MB P Indexing Service 0 0 MB wl AA Intermet Information Services SI 271 AMAR Z Description Message Queuing provides loozely caupled and reliable network communication services Total disk space required 12 7 MB DENS Space available on disk 6699 9 MB Figure 21 Components Screen 4 Click Next 5 Select the Enterprise root CA and click Next Windows Components Wizard Certification Authority Type There are four types of certification authorities Certification Authority types Description The most trusted CA in an enterprise Should be installed Enterprise subordinate CA before any other CA Requires Active Directory Enterprise
65. om the PSK and changes fre quently WPA 802 1x This version of WPA requires a Radius Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA standard If this option is selected e This Access Point must have a client login on the Radius Server e Each user must have a user login on the Radius Server e ach user s wireless client must support 802 1x and provide the login data when re quired e All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required 802 1x This uses the 802 1x standard for client authentication and WEP for data encryp tion If possible you should use WPA 802 1x instead because WPA encryption is much stronger than WEP encryption If this option is selected e This Access Point must have a client login on the Radius Server e Each user must have a user login on the Radius Server e Each user s wireless client must support 802 1x and provide the login data when re quired e All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 20 Setup Security Settings None ireless Security WCE SCM None gt Current Status Disabled Current Status Disabled see f omeo f reo Figure 13 Wireless Security None No security is used Anyone using the correct SSID
66. ommunity Set SNMP Community Name set snmpAccessRight Set SNMP Access Right setsnmpAnyStaMode Set SNMP Any Station Mode set snmpStationIPAddr Set SNMP Station Addr settrapMode Set Trap Mode set trapVersion Set Trap Version set trapSendMode Set Trap Send Mode set trapRecvIp Set Trap Receiver IP set telnet Set Telnet Mode set timeout Set Telnet Timeout set tzone Set Time Zone Setting set updateparam Set Vendor Default Firmware Update Params set watchdog Set Watchdog Mode set wds Set WDS Mode 90 Appendix E Command Line Interface set wep Set Encryption Mode set wlanstate Set wlan state set wirelessmode Set Wireless LAN Mode set winsEnable Set WINS Server Enable Disable set winsServerAddr Set WINS Server IP address set wSeparate Set wireless seprate Mode spy report Print spy report spy start Start spy spy stop Stop spy start wlan Start the current wlan stop wlan Stop the current wlan timeofday Display Current Time of Day version Software version 91
67. on CHAF nencrypted Authentication FAP SPAP Unauthenticated Access Allow remote PPP clients to connect without negotiating any authentication method Cancel Apply Figure 35 Authentication Screen 12 Select No if you don t want to view the help for EAP Click Finish 46 PC and Server Configuration Remote Access Login for Users 1 Select Start Programs Administrative Tools Active Directory Users and Computers Double click on the user who you want to enable 3 Select the Dial in tab and enable Allow access Click OK alex Properties Terminal Services Profile Exchange General E mail Addresses Exchange Features General Address Account Profile Telephones Organization Member OF Dial in Environment Sessions Remote control Remote Access Permission Dial in or WPM Allow access C Deny access C Control access through Remote Access Policy Verify Gallet Callback Options Mo Callback C Set by Caller Routing and Remote Access Service only C Always Callback to Assign a Static IF Address Apply Static Hautes Define routes to enable for this Dial in hcl E ENTER rannectian Cancel Apply Help Figure 36 Dial in Screen 47 Wireless Access Point User Guide 802 1x Client Setup on Windows XP Windows XP ships with a complete 802 1x client implementation If using Windows 2000 you can install
68. ow This needs to be on your own local Web Server The page must also link back to the built in login page on this device to complete the login procedure Enter the URL of the page on your local Web Server you wish users to see when they attempt to access the Internet but are not logged in Enter the URL of the page on your local Web Server you wish users to see if their login fails This may be the same URL as the Login URL Security Settings WEP This is the 802 11b standard Data is encrypted before transmission but the encryption system is not very strong VVireless Security System Settings Radius MAC uthentication UAM Wireless Security System WEP ECA O4 bit Authentication WEP Keys Key input 9 Hex 0 9 and A F ASCII Key 1 Key 2 Key 3 Key 4 Passphrase NN Current Status Disabled Current Status BF Ve To Figure 16 WEP Wireless Security Data WEP Screen WEP Data Encryption Select the desired option and ensure your Wireless stations have the same setting e 64 Bit Encryption Keys are 10 Hex 5 ASCII characters e 128 Bit Encryption Keys are 26 Hex 13 ASCII characters 25 Wireless Access Point User Guide Authentication Key Input Key Value Passphrase Radius MAC Authentication UAM Normally you can leave this at Automatic so that Wireless Stations can use either method Open System or Shared Key If you wish
69. r on your network must be configured as follow e It must provide and accept Certificates for user authentication e There must be a Client Login for the Wireless Access Point itself e The Wireless Access Point will use its Default Name as its Client Login name e The Shared Key set on the Security Screen of the Access Point must match the Shared Secret value on the Radius Server e Encryption settings must be correct 37 Wireless Access Point User Guide 802 1x Server Setup Windows 2000 Server This section describes using Microsoft Internet Authentication Server as the Radius Server since it is the most common Radius Server available that supports the EAP TLS authentication method The following services on the Windows 2000 Domain Controller PDC are also required e dhcpd e dns e rras e webserver IIS e Radius Server Internet Authentication Service e Certificate Authority Windows 2000 Domain Controller Setup 1 Run dcpromo exe from the command prompt 2 Follow all of the default prompts ensure that DNS is installed and enabled during installa tion Services Installation Select the Control Panel Add Remove Programs 2 Click Add Remove Windows Components from the left side Ensure that the following components are activated selected e Certificate Services After enabling this you will see a warning that the computer cannot be renamed and joined after installing certificate services Select Yes t
70. r receive at all e 802 11b and 802 11g this is the default and will allow connec tions by both 802 11b and 802 1g wireless stations e 802 11b if selected only 802 11b connections are allowed 802 11g wireless stations will only be able to connect if they are fully backward compatible with the 802 1 1b standard e 802 11g only 802 11g connections are allowed If you only have 802 11g selecting this option may provide a performance im provement over using the default setting e Super 802 11g 108Mbps This uses Packet Bursting Fast Frame and Compression techniques to increase throughput Only clients supporting the Atheros Super G mode can connect at 108Mbps However this option 1s backward compatible with 802 11ab and standard 802 11g 17 Wireless Access Point User Guide Operating Mode Remote AP MAC Address Channel No Current Channel NO SSID Dynamic Super 802 11g 108Mbps This uses Packet Bursting FastFrame Compression and Channel Bonding using 2 chan nels to increase throughput Only clients supporting the Atheros Super G mode can connect at 108Mbps and they will only use this speed when necessary Howerver this option is backward compatible with 802 11b and standard 802 11g Static Super 802 11g 108Mbps This uses Packet Bursting FastFrame Compression and Channel Bonding using 2 chan nels to increase thoughput Because Channel Bonding is always used this method i
71. re the PC used for configuration is on the same LAN segment as the Wireless Access Point Start your Web browser In the Address box enter HTTP and the Default Name of the Wireless Access Point e g HTIPSZ SCA2DOS31A You should then see a login prompt which will ask for a User Name and Password Enter admin for the User Name and password for the Password These are the default values The password can and should be changed Always enter the current user name and password as set on the Admin Login screen Enter Network Password EI 2 x Please type your user name and password Site actA 56 Realm 802 119 Access Point User Mame Password Save this password in your password list Cancel Figure 7 Password Dialog You will then see the Status screen which displays the current settings and status No data input is possible on this screen 10 Setup From the menu check the following screens and configure as necessary for your envi ronment Details of these screens and settings are described in the following sections of this chapter System Access Control Wireless e Basic e Security e Advanced Management e Admin Login Set login name and password Setup of the Wireless Access Point is now complete Wireless stations must now be set to match the Wireless Access Point See Chapter 4 for details If you can t connect It is likely that your PC s IP address is incompatible with t
72. reshold for CCK Phy Errors for ANI Control get cckWeakSigThr Display ANI Parameter for CCK Weak Signal Detection Threshold get channel Display Radio Channel get cipher Display Encryption cipher get compproc Display Compression scheme get compwinsize Display Compression Window Size get config Display Current AP Configuration get countrycode Display Country Code get ctsmode Display CTS mode get ctsrate Display CTS rate get ctstype Display CTS type get description Display Access Point Description get dhcpmode Display dhcp mode get domainsuffix Display Domain Name Server suffix get dtim Display Data Beacon Rate DTIM get enableANI Display Adaptive Noise Immunity Control On Off get encryption Display Encryption Mode get extendedchanmode Display Extended Channel Mode get firStepLvl Display ANI Parameter for FirStepLevel 85 Wireless Access Point User Guide get fragmentthreshold Display Fragment Threshold get frequency Display Radio Frequency MHz get gateway Display Gateway IP Address get gbeaconrate Display 11g Beacon Rate get gdraft5 Display 11g Draft 5 0 compatibility get groupkeyupdate Display Group Key Update Interval in Seconds get hardware Display Hardware Revisions get hostipaddr Display Host IP Address get ipaddr Display IP Address get ipmask Display IP Subnet Mask get key Display Encryption Key get keyentrymethod D
73. rk Properties Network name SSID misslaira Wireless network key WEP This network requires a key for the following v Data encryption WEP enabled Network Authentication Shared mode The key is provided for me automatically This is computer to computer ad hoc network wireless access points are not used Lo emen Figure 46 Properties Screen Note On some systems the 64 bit WEP key is shown as 40 bit and the 128 bit WEP key is shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 54 Chapter 5 Operation and Status This Chapter details the operation of the Wireless Access Point and the status screens Operation Once both the Wireless Access Point and the PCs are configured operation is automatic However you may need to perform the following operations on a regular basis e Ifusing the Access Control feature update the Trusted PC database as required See Access Control in Chapter 3 for details e fusing 802 1x mode update the User Login data on the Windows 2000 Server and configure the client PCs as required Use the Status link on the main menu to view this screen tatus Access Point SC000012 Name MAC Address 00 C0 02 00 00 12 Domain Unspecified Firmware Version Version 1 1 Release 23 IP Address 192 168 0 100 Subnet Mask 255 255 255 0 Gateway 192 168 0 1 DHCP Client ES
74. root CA C Stand alone root CA C Stand alone subordinate CA rl Advanced options lt Back Cancel Figure 22 Certification Screen 6 Enter the information for the Certificate Authority and click Next 39 Wireless Access Point User Guide Windows Components Wizard CA Identifying Information Enter information to identity this CA UE Wiles Organization Organization 000000 Organizational unit ystems City Oakland State or province ca Country region jus E mail cdiwourdomain tld Ehe seeds Wiles Valid For 2 Years Expires 21 7 2005 6 39 PM lt Back Cancel Figure 23 CA Screen 7 Click Next if you don t want to change the CA s configuration data 8 Installation will warn you that Internet Information Services are running and must be stopped before continuing Click Ok then Finish DHCP server configuration 1 Click on the Start Programs Administrative Tools DHCP 2 Right click on the server entry as shown and select New Scope Action View 4 mlm X E En DHCP isplay Statistics Configure the DHCP Server Mew Scope fore a DHCP server can issue IP dresses you must create a scope and tharize the DHCP server Mew Multicast Scope Reconcile All Scopes Autharize cope is a range of IP addresses that is signed to computers requesting a namic IP address Authorization is a curity precaution that e
75. s NOT compatible with 802 11b and standard 802 11g Only clients supporting the Atheros Super G mode can connect at 108Mbps they will always connect at this speed Select this only if all wireless stations support this Atheros Super G mode Select the desired mode Wireless Access Point operate as a normal Access Point Client Access Point act as a client for another Access Point If selected you must provide the address MAC address of the other Access Point Remote AP Repeater Access Point act as a repeater for another Access Point If selected you must provide the address MAC address of the other Access Point Remote AP Point to Point Bridge In this mode the AP will communicate ONLY with another Bridge mode Wireless Station You must en ter the MAC address physical address of the other Bridge mode Wireless Station in the field provided WEP can and should be used to protect this communication Point to Multi Point Bridge Select this only if this AP is the Master for a group of Bridge mode Wireless Stations The other Bridge mode Wireless Stations must be set to Point to Point Bridge mode using this AP s MAC address They then send all traffic to this Master rather than communicate directly with each other WEP can and should be used to protect this traffic This 1s not required unless the Operating Mode is Client Access Point Repeater Access Point or Point to Point Bridge In these modes you
76. s Point the following data 1s shown The Server Name 1s shown on a sticker on the base of the device IP address The IP address for the Wireless Access Point MAC Address The hardware or physical address of the Wireless Access Point IEEE Standard The wireless standard or standards used by the Wireless Access Point eu led mM E g 802 11b 802 11g FW Version Version The current Firmware version installed in the Wireless Access Point current Firmware version installed in the Wireless Access Point Description Any extra information for the Wireless Access Point entered by the administrator Note Ifthe desired Wireless Access Point is not listed check that the device is installed and ON then update the list by clicking the Refresh button Buttons Refresh Click this button to update the Wireless Access Point device listing after changing the name or IP Address Detail Info When clicked additional information about the selected Access Point will be displayed Web Management Use this button to connect to the Wireless Access Point s Web based management interface Set IP Address Click this button if you want to change the IP Address of the Wireless Access Point Exit Exit the Management utility program by clicking this button Setup Setup Procedure Select the desired Wireless Access Point Click the Set IP Address button If prompted enter the user name and password The default values are admin for the
77. ss Point e g Telnet 192 168 0 228 2 You will be prompted for the user name and password Enter the same login name and password as used for the HTTP Web interface The default values are admin for the User Name and password for the Password 3 Once connected you can use any of the commands listed in the following Command Reference Using the CLI Serial Port 1 Usea standard serial port cable to connect your PC to the serial RS232 port on the Wireless Access point 2 Start your communications program For example in Windows use HyperTerminal This program may not be installed If so you can install it using Start Settings Control Panel Add or Remove Programs The select Windows Setup or Add Remove Windows Components depending on your version of Windows 3 Configure the connection properties e Name use a suitable name such as AP e Port Connect Using Select the Serial Port that the cable is connected to Do not select your modem e Port Settings Use 9600 N 8 1 with hardware flow control as shown below 83 Wireless Access Point User Guide COM Properties Figure 65 CLI Port Settings Use the Connect command to start the connection 5 You will be prompted for a user name and password Enter the current user name and password for the AP you are connecting to 6 You will then see the prompt and can then use any of the commands listed in the follow ing
78. tablished association between AP and client to be transferred from one AP to another or the same AP Wireless MSDU Number of valid Data packets transmitted to or received from Wireless Stations at application level Data Number of valid Data packets transmitted to or received from Wireless Stations at driver level Multicast Packets Number of Broadcast packets transmitted to or received from Wireless Stations using Multicast transmission 59 Wireless Access Point User Guide Management Number of Management packets transmitted to or received from Wireless Stations Control Number of Control packets transmitted to or received from Wire less Stations 60 Chapter 6 Other Settings amp Features This Chapter explains when and how to use the Wireless Access Point s Management Features Overview This Chapter covers the following features available on the Wireless Access Point s Man agement menu e Admin Login e Config File e Upgrade Firmware Admin Login Screen The Admin Login screen allows you to assign a password to the Wireless Access Point This password limits access to the configuration interface The default password is password It 1s recommended that this be changed using this screen dmin Login User Name jadmin 0 uu Repeat New Passw oro See omen f Hep Figure 51 Admin Login Screen Data Admin Login Screen User Name Enter the user name here New Password Enter
79. ter Roco reene 70 OW ORV OW dr 70 General Pro Dl nis ee 70 APPENDIX C WINDOWS TCP IDP iiic iieeccs ecco aE eto Pectore 72 COVER VICW dcos iier TEAN ad cen bDb bd euius d dess ap ede e SU ood E Re ede pa UY EETA 72 Checking TCP IP Settings Windows 9x M E e eee ee eee ee eere e eene o aaus 72 Checking TCP IP Settings Windows NT4 0 eee eee eee eene eee eene e eun u uu 74 Checking TCP IP Settings Windows 2000 eese eee eee eere ee eene eene eue e auus 76 Checking TCP IP Settings Windows XP ee eee eee eee eere eee eee eee eene aeos eaa aas 78 APPENDIX D ABOUT WIRELESS LANS cc eee eese esee esee o ooo oso so sos ss osos osos o soee 80 COV OL VIOW T c m 80 Wireless LAN Terminology sce esisesee eros vus d vpi Re eoo eden uns o Aa Vere eaa oV e eh ae uda qoo Ee Ere UR 80 APPENDIX E COMMAND LINE INTERFACE eee e eene eene nenne nene hh ahhh aha aas 83 OV OEIC puces TS Mc mer SO RN 83 Command REEF CMCC isi uiia ete eee e Econ eee oae Rr E 84 P N 9560N900A0 Copyright O 2004 AII Rights Reserved Document Version 1 1 All trademarks and trade names are the properties of their respective owners Chapter Introduction This Chapter provides an overview of the Wireless Access Point s features and capabilities
80. the new password here Repeat New Password Re enter the new password in this field You will be prompted for the password when you connect as shown below 61 Wireless Access Point User Guide Enter Network Password Figure 52 Password Dialog Enter the User Name and Password as set on the Admin Login screen above 62 Other Settings amp Features Config File This screen allows you to Backup download the configuration file and to restore upload a previously saved configuration file You can also set the Wireless Access Point back to its factory default settings To reach this screen select Config File in the Management section of the menu onfig File Save a copy of current settings Restore saved settings from a file Ot Browse Revert to factory default settings Set to Defaults Figure 53 Config File Screen Data Config File Screen Backup Save a copy of cur Click the Backup button to download the current settings to a file rent settings on your PC Restore Restore saved settings from a file Defaults Revert to factory default settings If you have a previously saved configuration file you can use this to restore those settings by uploading the file Click the Browse button and navigate to the location of the configuration file Select the upgrade file Its name will appear in the File field Click the Restore button to commence the upload The Wireless Access Point w
81. tic Wireless Channel Selection Antenna selection Tx Power Adjustment Country Selection Preamble Type long or short support RTS Threshold Adjustment Fragmentation Threshold Adjustment Beacon Interval Adjustment SSID assignment Common AP Repeater Client AP Open shared WPA and WPA PSK authentication 802 1x support EAP TLS EAP TTLS PEAP Block inter wireless station communication Block SSID broadcast Web based configuration RADIUS Accounting RADIUS On feature RADIUS Accounting update CLI 67 Wireless Access Point User Guide Other Features Firmware Upgrade e Message Log e Access Control list file support e Configuration file Backup Restore e Statistics support e Device discovery program e Windows Utility e DHCP client e WINS client HTTP FTP network protocol download 68 Appendix A Specifications FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communica tions However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interfer
82. tificate for your web browser e mail client or other secure program Once you acquire a certificate you will be able to securely identify yourself to other people over the web sign your e mail messages encrypt your e mail messages and more depending upon the type of certificate you request Select a task O Retrieve the CA certificate or certificate revocation list Request a certificate Check on a pending certificate Done Internet Figure 38 Wireless CA Screen 5 Select User certificate request and select User Certificate the click Next amp Microsoft Certificate Services Microsoft Internet Explorer Sel File Edit View Favorites Tools Help Q Back ix a A J2 Search ST Favorites a Media Address amp http 192 168 0 2 certsrvicertrqus asp Microsoft Certificate Ser WirelessCA Home Choose Request Type Please select the type of request you would like to make 9 User certificate request User Certificate Advanced request Internet Figure 39 Request Type Screen 6 Click Submit 49 Wireless Access Point User Guide E Microsoft Certificate Services Microsoft Internet Explorer File Edit View Favorites Tools Help Qe T x a A x Search S T Favorites QI Media Home Microsoft Cartificate Services User Certificate Identifying Information Allthe necessary identifying information has already been collected rou may now submit your request Int
83. to use a particular method select the appropriate value Open System or Shared Key All Wireless stations must then be set to use the same method Select Hex or ASCII depending on your input method All keys are converted to Hex ASCII input is only for convenience Enter the key values you wish to use The default key selected by the radio button 1s required The other keys are optional Other stations must have matching key values Use this to generate a key or keys instead of entering them directly Enter a word or group of printable characters in the Passphrase box and click the Generate Key button to automatically configure the WEP Key s If encryption strength is set to 64 bit then each of the four key fields will be populated with key values If encryption strength is set to 128 bit then only the selected WEP key field will be given a key value The current status is displayed Click the Configure button to configure this feature if required See page 21 for details on using Radius MAC authentication The current status is displayed Click the Configure button to configure this feature if required See page 23 for details on using UAM 26 Setup Security Settings WPA PSK Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible The PSK Pre shared Key must be entered on each Wireless station The 256Bit encryption key is derived from the PSK and
84. to your Radius Server e Adda RADIUS client on RADIUS server using the IP address or name of the Wire less Access Point and the same shared key as entered on the Wireless Access Point e Ensure the Wireless Access Point has the correct address port number and shared key for login to your Radius Server These parameters are entered either on the Secu rity page or the UAM sub screen depending on the security method used 2 On your Web Server create a suitable login page The login page must have a link or button to allow the user to input their user name and password on the uam logon htm page on the Access Point 23 Wireless Access Point User Guide 3 Onthe Access Point s UAM screen select External Web based Authentication and enter the URL for the login page on your Web server 4 Add users on your RADIUS server as required and allow access by these users Client PCs must have the correct Wireless settings in order to associate with the Wireles Access Point 6 When an associated client tries to use HTTP TCP port 80 connections they will be re directed to the login page on your Web Server They must then click the link or button in order to reach the Access Point s login page 7 The client user must then enter the user name and password as defined on the Radius Server You must provide some system to let users know the correct name and password to use 8 Ifthe user name and password is correct Internet access
85. tsrate Set CTS Rate set ctstype Set CTS Type set description Set Access Point Description 88 Appendix E Command Line Interface set dhcpMode Set Dhcp Mode set domainsuffix Set Domain Name Server Suffix set dtm Set Data Beacon Rate DTIM set enableANI Turn Adaptive Noise Immunity Control On Off set encryption Set Encryption Mode set extendedchanmode Set Extended Channel Mode set factorydefault Restore to Default Factory Settings set firStepLvl Set ANI Parameter for FirStepLevel set fragmentthreshold Set Fragment Threshold set frequency Set Radio Frequency MHz set gateway Set Gateway IP Address set gbeaconrate Set 11g Beacon Rate set groupkeyupdate Set Group Key Update Interval in Seconds set gdraft5 Set 11g Draft 5 0 compatibility set hostipaddr Set Host IP address set ipaddr Set IP Address set ipmask Set IP Subnet Mask set key Set Encryption Key set keyentrymethod Select Encryption Key Entry Method set keysource Select Source Of Encryption Keys setlogin Modify Login User Name set minimumrate Set Minimum Rate set macAuth Set Mac Authentication Enable Disable set nameaddress Set Name Server IP address set noiseImmunityLvl Set ANI Parameter for Noise Immunity Level set ofdmTrigHigh Set Higher Trigger Threshold for OFDM Phy Errors for ANI Control set ofdmTrigLow Set Lower Trigger Threshold for OFDM Phy Errors for
86. ver e fusing Fixed specified IP addresses on your LAN instead of a DHCP Server there is no need to change the TCP IP of each PC Just configure the Wireless Access Point to match your existing LAN The following sections provide details about checking the TCP IP settings for various types of Windows should that be necessary Checking TCP IP Settings Windows 9x ME 1 Select Control Panel Network You should see a screen like the following Network x Configuration Identification Access Control The following network components are installed fa NetBEIJI gt PCI Fast Ethernet Adapter MetBELII Dial Up Adapter l MetBELII gt Dial Up Adapter 2 WPN Sunnartl Y TCPAP gt PCI Fast Ethernet Adapter CF IF Dial Up Adapter CF IF Dialup Adapter 2 WPN Support File and printer sharing for Netware Networks 4 Add Remove Properties Figure 57 Network Configuration Select the TCP IP protocol for your network card Click on the Properties button You should then see a screen like the following T2 Appendix C Windows TCP IP TCP IP Properties HE Bindings Advanced NeBios DNS Configuration Gateway WINS Confiquration IP Address An IF address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator far an address and then type itin the space below C Spe
87. wireless clients support this 802 11b clients will not be able to connect to the Access Point if either of these modes is selected If enabled then each Wireless station using the Access Point is invisible to other Wireless stations In most business situations this setting should be Disabled Enable this setting if you wish to use this mode and your Wireless stations support this mode 33 Wireless Access Point User Guide Parameters Disassociated Timeout Fragmentation Beacon Interval RTS CTS Threshold Preamble Type Output Power Level Antenna Selection 802 11b 2 4GHz only Protection Type Short Slot Time Protection Mode Protection Rate This determines how quickly a Wireless Station will be consid ered Disassociated with this AP when no traffic is received Enter the desired time period Enter the preferred setting between 256 and 2346 Enter the preferred setting between 0 and 3000 Enter the preferred setting between 256 and 2346 Select the desired preamble type Select the desired power output Higher levels will give a greater range but are also more likely to cause interference with other devices If your Access Point has only 1 antenna there is only 1 option available If your Access Point has 2 antennae select the option which gives the best results in your location Select the desired option Enable or disable this setting as required Normally this should be left at Auto Sele
Download Pdf Manuals
Related Search