background image

 

127

 

 

Internet Authentication Service (RADIUS) Setup 

1.

 

Select 

Start > Programs > Administrative Tools > Internet Authentication Service

2.

 

Right-click on Clients and select New Client. 

 

3.

 

Enter a name for the access point, click 

Next

.  

4.

 

Enter the address or name of the wireless access point, and set the shared secret, as 
entered on the Security Settings of the wireless access point.  

5.

 

Click 

Finish

.  

6.

 

Right-click on 

Remote Access Policies

, select 

New Remote Access Policy

.  

7.

 

Assuming you are using EAP-TLS, name the policy “eap-tls”, and click 

Next

.  

8.

 

Click 

Add...

 

 

If you don't want to set any restrictions and a condition is required, select 

Day-And-Time-

Restrictions

, and click 

Add...

  

 

Summary of Contents for LAPAC1200C

Page 1: ...1 User Guide Wireless Access Point With Cloud Manager LAPAC1200C LAPAC1750C ...

Page 2: ...anagement Interface 8 Networks 8 Overview 10 Access Points 11 Wireless 16 Clients 21 Settings 23 Account settings 24 Inventory 27 Local Management Interface 28 Setup Wizard Local Administration 28 Administration 32 LAN 41 Wireless 47 Captive Portal 80 Cluster 89 System Status 96 Maintenance 106 Appendix A Troubleshooting 112 Overview 112 General Problems 112 Appendix B About Wireless LANs 114 Over...

Page 3: ...onfiguration 118 Overview 118 Using WEP 118 Using WPA2 PSK 119 Using WPA2 Enterprise 119 802 1x Server Setup Windows 2000 Server 120 802 1x Client Setup on Windows XP 129 Using 802 1x Mode without WPA 135 Regulatory Approvals 136 ...

Page 4: ...red Ports and Button Power Port Connect the AC power adapter to this port Note Use only the adapter that came with your access point Ethernet Port Connect a wired network device to this port This port supports PoE Power over Ethernet with a PoE switch or PoE injector LAPAC1200C and LAPAC1750C can be powered on from an 802 3 af at PoE compliance source Using CAT5e or better cable is high recommende...

Page 5: ...hole 5 Connect the ethernet cable and or AC power adapter to your device 6 Slide the device into the bracket Turn clockwise until it locks into place Ceiling Installation 1 Select ceiling tile for mounting and remove tile 2 Position drilling layout template at the desired location 3 Drill four screw holes and ethernet cable hole on the surface of ceiling tile 4 Place back plate on the opposite sid...

Page 6: ...fault the IP address is assigned by a DHCP server If there is no DHCP server in your network the default IP address is 192 168 1 252 255 255 255 0 Log in to the access point s browser based admin tool locally and click the Configure LAN Settings link Change the IP address or VLAN so the access point can access the internet If the indicator light is off check that the AC power adapter or PoE cable ...

Page 7: ...to your network If the indicator light is off check that the AC power adapter or PoE cable is properly connected on both ends Step 2 Enter the IP address of your access point By default the IP address will be assigned by a DHCP server usually the network router If there is no DHCP server on your network the default IP address is 192 168 1 252 255 255 255 0 Step 3 Type in default username admin and...

Page 8: ...8 Cloud Management Interface Once you are logged in to Business Linksys com you can create and manage your networks Networks Create network To create a new network go to Networks and click New Network ...

Page 9: ...9 Choose a name for your network and add any descriptive notes about the network Choose an icon to represent your network ...

Page 10: ...10 Overview Overview provides information on a network its access points and client devices Clients and usage Top clients per usage Top devices per usage Channel Devices on map ...

Page 11: ...n Access Points in the menu bar to manage access points on your network To add a new access point to the network click Add access point 1 Connect your access point to internet 2 Enter the MAC address and serial number of the access point you want to add then click Next ...

Page 12: ...ad Shows the access point s consumption of CPU load Memory Shows the access point s consumption of memory Status Shows the access point s status for the last seven days Clients and usage Shows data about clients and traffic for the last seven days Connected clients Shows the list of connected clients ...

Page 13: ...escription Wireless slot To add a new wireless name to the device click Add wireless name and select one from the list Authentication Shows whether the wireless name is open or requires a password Broadcast Shows how many access points in the network are broadcasting the wireless name Splash page Shows whether a splash page is enabled or disabled Bandwidth limit Shows the bandwidth limit set by th...

Page 14: ...eway for IP Server Subnet mask Enter the subnet mask for the IP address Primary DNS server Enter the DNS Address Secondary DNS server Optional VLAN Tagging Enter tag of your VLAN Radio Radio mode Choose a radio mode Channel width Choose 20 MHz 40 MHz or 80 MHz Channel Choose Auto or a channel from 1 5 TX Power Choose the strength of signal when access point is transmitting ...

Page 15: ... the accessibility of a host on the network Blink LED Make your device LED blink so you can identify it Rogue access point detection Detect an unexpected or unauthorized access point installed in a secure network environment More ...

Page 16: ...ther to send logs to a Syslog server and enter the server s IP address LED Light Device LED status Wireless Create view and edit names for the wireless names on your networks To create a new wireless name choose a network click Wireless and then New wireless name Wireless Settings To edit a wireless name s settings click settings to the right of a wireless name ...

Page 17: ...nect If using a password choose a security type either WEP or WPA2 Status Enable or disable the wireless name Disabled wireless names will not be broadcast Delete wireless name Remove the wireless name and all settings from the cloud Be sure to click the Save button when you are finished making changes Broadcasting Choose whether to broadcast the wireless names available on an access point ...

Page 18: ...ireless name Content Content o Welcome title Create a greeting o Login Instruction Tell users how to log in Authentication o Password label Label the password field o Success text Create a message for users who log in successfully o Failure text Create a message for users who are unsuccessful logging in ...

Page 19: ...n time out Set the amount of time in minutes that clients can remain connected to the wireless name Allowed range is 0 1440 minutes Authentication type Choose whether to require users to enter a password to move beyond the splash page Set password Choose a password for users to enter Custom landing page Promotional URL Turn on to redirect users to a specific website after authentication URL Enter ...

Page 20: ...lated to this wireless name VLAN ID Choose a VLAN ID Advanced Client isolation When turned on prevents wireless clients from connecting to each other Maximum concurrent clients When turned on limits the number of clients that can be connected at the same time ...

Page 21: ...21 Clients Click the settings icon in the far column to view information about a specific client You also can change the client s name ...

Page 22: ...he client connected Last seen Last seen client date Connection Duration How long the client has been connected Traffic The speed of the connection Signal The strength of the connection Last seen The last time the client was connected Wireless Name The Wi Fi SSID the client connected to Device IP address The client s IP address ...

Page 23: ...name and any notes You can also delete a network from cloud management Access point configuration View or edit a network s time zone local login information remote syslog status and turn the access point s light on or off Notifications Decide whether to send email notifications to network members when an access point goes offline ...

Page 24: ...s To view or edit your account settings click on your account name and choose Account settings from the drop down menu Account Time zone Set the time zone for your account Language Set the language for the user interface ...

Page 25: ...e The profile screen shows your personal data Name Last name Email Phone number Time zone Language Security Change your account password and view information about users logged in to the cloud management account ...

Page 26: ...o add a new member to your network by clicking the person icon on the far right of the menu bar Click Invite Member and enter and email address and assign permissions Manager or Viewer To transfer ownership of your account click Transfer ownership and enter the email address of the member you would like to give ownership ...

Page 27: ...not using To add a device click the Add new access point button Connect your device to the internet Enter the MAC address and serial number of the device you want to add Click the Next button Once the device has been found rename it and click the Add access point button ...

Page 28: ... as a standalone device run the Setup Wizard If the access point will be part of a cluster master or slave go to Configuration Cluster Settings Status page instead 1 Click the Quick Start tab on the main menu 2 On the first screen click Launch 3 Set the password on the Device Password screen if desired ...

Page 29: ...29 4 Configure the time zone date and time for the device on System Settings screen 5 On the IPv4 Address screen configure the IP address of the device Static or Automatic then click Next ...

Page 30: ...c Settings The access point supports up to eight SSIDs per radio 7 On the Wireless Security screen configure the wireless security settings for the device Click Next If you are looking for security options that are not available in the wizard go to Configuration Wireless Security page The access point supports more sophisticated security options there ...

Page 31: ...31 8 On the Summary screen check the data to make sure they are correct and then click Submit to save the changes 9 Click Finish to leave the wizard ...

Page 32: ... four normal users User Account Table User Name Enter the User Name to connect to the access point s admin interface User Name is effective once you save settings User Name can include up to 63 characters Special characters are allowed User Level Only administrator account has Read Write permission to the access point s admin interface All other accounts have Read Only permission ...

Page 33: ... allowed Confirm New Password Re enter password Time Go to Configuration Administration and select Time to configure system time of the device Time Current Time Display current date and time of the system Manually Set date and time manually Automatically When enabled default setting the access point will get the current time from a public time server ...

Page 34: ...ime Specify the end time of daylight saving Offset Select the adjusted time of daylight saving NTP NTP Server 1 Enter the primary NTP server It can be an IPv4 address or a domain name Valid characters include alphanumeric characters _ and Maximum length is 64 characters NTP Server 2 Enter the secondary NTP server It can be an IPv4 address or a domain name Valid characters include alphanumeric char...

Page 35: ...ct events to log Checking all options increase the size of the log so enable only events you believe are required Email Alert Email Alert Enable email alert function SMTP Server Enter the e mail server that is used to send logs It can be an IPv4 address or a domain name Valid characters include alphanumeric characters _ and Maximum length is 64 characters Data Encryption Enable if you want to use ...

Page 36: ...alphanumeric characters _ and Maximum length is 64 characters Log Queue Length Enter the length of the queue up to 500 log messages The default is 20 messages When messages reach the set length the queue will be sent to the specified email address Log Time Threshold Enter the time threshold in seconds used to check if the queue is full It s a value from 1 to 600 and default is 600 seconds Syslog S...

Page 37: ...37 Management Access Go to Configuration Administration and select Management Access page to configure the management methods of the access point ...

Page 38: ...tocol HTTPS Port Specify the port for HTTPS It can be 443 default or from 1024 to 65535 From Wireless Enable wireless devices to connect to access point s admin page Disabled by default Access Control By default no IP addresses are prohibited from accessing the device s admin page You can enable access control and enter specified IP addresses for access Four IPv4 and four IPv6 addresses can be spe...

Page 39: ...name Enter the username It includes 0 to 32 characters Special characters are allowed Authentication Protocol None or HMAC MD5 Authentication Key 8 to 32 characters Special characters are allowed Privacy Protocol None or CBC DES Privacy Key 8 to 32 characters Special characters are allowed Access Control Access Control When SNMP is enabled any IP address can connect to the access point MIB databas...

Page 40: ...rt SSL Certificate Click to export the SSL certificate Install Certificate Browse to choose the certificate file Click Install Certificate Export to TFTP Server Destination File Enter the name of the destination file TFTP Server Enter the IP address for the TFTP server Only support IPv4 address here Export Click to export the SSL certificate to the TFTP server ...

Page 41: ... file TFTP Server Enter the IP address for the TFTP server Only support IPv4 address here Install Click to install the file to the device LED Lighting Go to Configuration Administration and select LED Lighting to turn off on the LED on the front top of the access point ...

Page 42: ...ace including static or dynamic IPv4 IPv6 address assignment TCP IP Host Name Assign a host name to this access point Host name consists of 1 to 15 characters Valid characters include A Z a z 0 9 and Character cannot be first and last character of hostname and hostname cannot be composed of all digits VLAN Enables or disables VLAN function ...

Page 43: ...N ID The default is 1 Traffic on the VLAN that you specify in this field is not be tagged with a VLAN ID when forwarded to the network Untagged VLAN ID field is active only when untagged VLAN is enabled VLAN 1 is the default for both untagged VLAN and management VLAN Management VLAN The VLAN associated with the IP address you use to connect to the access point Provide a number between 1 and 4094 f...

Page 44: ...become grey and cannot be configured If disabled Port Speed and Duplex Mode can be configured Operational Auto Negotiation Current Auto Negotiation mode of the ethernet port Port Speed Select the speed of the ethernet port Available only when Auto Negotiation is disabled The option can be 10M 100M or 1000M default Operational Port Speed Displays the current port speed of the ethernet port ...

Page 45: ... use name and password for authentication Name Enter the login name The name includes 1 to 63 characters Special characters are allowed Password Enter the desired login password The password includes 4 to 63 characters Special characters are allowed Discovery Settings Bonjour Enable if administrator wants the access point to be discovered by Bonjour enabled devices automatically If VLAN is enabled...

Page 46: ...v2 and IGMPv3 in IGMP Snooping MLD Snooping MLD Multicast Listener Discovery is a component of the Internet Protocol Version 6 IPv6 suite MLD is used by IPv6 routers for discovering multicast listeners on a directly attached link much like IGMP is used in IPv4 Multicast Listener Discovery MLD Snooping provides multicast containment by forwarding traffic only to those clients that have MLD receiver...

Page 47: ...s radio and SSIDs Advanced wireless settings such as Band Steering Channel Bandwidth are on the Advanced Settings screen Basic Wireless Settings Wireless Radio Select the wireless radio from the list Radio 1 is for 2 4 GHz and Radio 2 is for 5 GHz Enable Radio Enable or disable the wireless radio ...

Page 48: ... channel of the radio If Auto is selected the access point will select the best available channel when device boots up If you experience lost connections and or slow data transfers experiment with manually setting different channels to see which is the best SSID Settings SSID Name Enter the desired SSID Name Each SSID must have a unique name The name includes 1 to 32 characters Broadcast Enable or...

Page 49: ...ct to the SSID The range is from 0 to 32 and 0 means no limit Security Go to Configuration Wireless Security to configure security settings of SSIDs to provide data protection over the wireless network Security Select SSID Select the desired SSID from the drop down list Security Mode Select the desired security method from the list Security Mode Disabled No security Anyone using the correct SSID c...

Page 50: ...s option is selected This access point must have a client login on the RADIUS Server Each user must authenticate on the RADIUS Server This is usually done using digital certificates Each user s wireless client must support 802 1x and provide the RADIUS authentication data when required All data transmission is encrypted using the WPA2 AES standard Keys are automatically generated so no key input i...

Page 51: ...an encryption option and ensure your wireless stations have the same setting 64 Bit Encryption Keys are 10 Hex characters 128 Bit Encryption Keys are 26 Hex characters Passphrase Generate a key or keys instead of entering them directly Enter a word or group of printable characters in the Passphrase box and click the Generate button It consists of 1 to 30 characters Key Value Enter a key in hexadec...

Page 52: ...r wireless stations must use the same key Key Renewal Specify the value of Group Key Renewal It s a value from 600 to 36000 and default is 3600 WPA automatically changes secret keys after a certain period of time The group key interval is the period of time in between automatic changes of the group key which all devices on the network share Constantly keying the group key protects your network aga...

Page 53: ...r wireless stations must use the same key Key Renewal Specify the value of Group Key Renewal It s a value from 600 to 36000 and default is 3600 WPA automatically changes secret keys after a certain period of time The group key interval is the period of time in between automatic changes of the group key which all devices on the network share Constantly keying the group key protects your network aga...

Page 54: ... Server Port Enter the port number used for connections to the RADIUS Server It is a value from 1 to 65534 and default is 1812 Primary Shared Secret Enter the key value to match the RADIUS Server It consists of 1 to 64 characters Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for conn...

Page 55: ... Key Renewal It is a value from 600 to 36000 and default is 3600 WPA automatically changes secret keys after a certain period of time The group key interval is the period of time in between automatic changes of the group key which all devices on the network share Constantly keying the group key protects your network against intrusion as the would be intruder must cope with an ever changing secret ...

Page 56: ...er Port Enter the port number used for connections to the RADIUS Server It is a value from 1 to 65534 and default is 1812 Primary Shared Secret Enter the key value to match the RADIUS Server It consists of 1 to 64 characters Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connectio...

Page 57: ...up Key Renewal It is a value from 600 to 36000 and default is 3600 second WPA automatically changes secret keys after a certain period of time The group key interval is the period of time between automatic changes of the group key which all devices on the network share Constantly keying the group key protects your network against intrusion as the would be intruder must cope with an ever changing s...

Page 58: ...1 to 65534 and default is 1812 Primary Shared Secret Enter the key value to match the RADIUS Server It consists of 1 to 64 characters Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RADIUS Server It is a value from 1 to 65534 and default is 1812 Backup Sha...

Page 59: ...dio from the list Radio 1 is for 2 4 GHz and Radio 2 is for 5 GHz Rogue AP Enable or disable Rogue AP Detection on the selected radio Detected Rogue AP List Action Click Trust to move the AP to the Trusted AP List MAC Address The MAC address of the Rogue AP SSID The SSID of the Rogue AP Channel The channel of the Rogue AP Security The security method of the Rogue AP Signal The signal level of the ...

Page 60: ...gue AP List MAC Address The MAC address of the Trusted AP SSID The SSID of the Trusted AP Channel The channel of the Trusted AP Security The security method of the Trusted AP Signal The signal level of the Trusted AP New MAC Address Add one trusted AP by MAC address ...

Page 61: ...Automate enabling or disabling SSIDs based on the profile definition Support up to 16 profiles and each profile can include four time rules Scheduler Wireless Scheduler Enable or disable wireless scheduler on the radio It is disabled by default If disabled even if some SSIDs are associated with profiles they will be always active ...

Page 62: ... system time is outdated Administrative Mode is disabled Scheduler is disabled by administrator Active Scheduler is active Scheduler Profile configuration New Profile Name Enter the name for new profile Profile Name Select the desired profile from the list to configure Day of the Week Select the desired day from the list Option None means this time rule is disabled Start Time Choose the start time...

Page 63: ...adio 2 is for 5 GHz Scheduler Association SSID The index of SSID SSID Name The name of the SSID Profile Name Choose the profile that is associated with the SSID If the profile associated with the SSID is deleted then the association will be removed Option None means no scheduler profile is associated Interface Status The status of the SSID It can be Enabled or Disabled Scheduler only works when th...

Page 64: ...64 Connection Control Go to Configuration Wireless Connection Control to define whether listed client stations may authenticate with the access point ...

Page 65: ...rom connection to wireless network You can enter up to 20 MAC addresses of wireless stations or choose the MAC address RADIUS Primary Backup RADIUS Server Enter the IP address of the RADIUS Server Primary Backup RADIUS Server Port Enter the Port number of the RADIUS Server Primary Backup Shared Secret This is shared between the wireless access point and the RADIUS Server while authenticating the d...

Page 66: ...is for 5 GHz Rate Limit SSID The index of SSID SSID Name The name of the SSID Upstream Rate Enter a maximum upstream rate for the SSID The range is from 0 to 200 Mbps for Radio 1 and from 0 to 600 Mbps for Radio 2 0 means no limitation Downstream Rate Enter a maximum downstream rate for the SSID The range is from 0 to 200 Mbps for Radio 1 and from 0 to 600 Mbps for Radio 2 0 means no limitation ...

Page 67: ...client Lower priority traffic will be slowed down to allow greater throughput or less delay for high priority traffic QoS Setting Wireless Radio Select the desired radio from the list Radio 1 is for 2 4 GHz and Radio 2 is for 5 GHz QoS Settings SSID The index of SSID SSID Name The name of the SSID VLAN ID The VLAN ID of the SSID ...

Page 68: ...e wireless LAN standard for QoS WMM provides prioritization of wireless data packets from different applications based on four access categories voice video best effort and background For an application to receive the benefits of WMM QoS both it and the client running that application have to have WMM enabled Legacy applications that do not support WMM and applications that do not require QoS are ...

Page 69: ...s network through multiple access points instead of linking them with a wired backbone The access point can act as WDS Root or WDS Station WDS Root Receives WDS connections from remote WDS Stations WDS Station Connects to remote WDS Root Supports up to 4 WDS Stations on each wireless radio ...

Page 70: ...t static channel is configured on both APs Do not use Auto channel option when you enable WDS as both APs in a WDS link must be on the same radio channel If Auto option is configured there is chance two access points run on different channels and WDS link cannot establish Workgroup Bridge and WDS will not work at the same time on one wireless radio When Workgroup Bridge is enabled WDS will be disa...

Page 71: ...llowing settings of the device are identical to the WDS Root that will be connected Radio IEEE 802 11 Mode Channel Bandwidth Channel Note It is highly recommended that static channel is configured on both APs Do not use Auto channel option when you enable WDS as both APs in a WDS link must be on the same radio channel If Auto option is configured there is chance two access points run on different ...

Page 72: ...d the WDS Station forwards to the remote WDS Root only packets in the VLAN list Packets not in the VLAN list cannot be forwarded to the remote WDS Root The VLAN List is only applicable when VLAN is enabled The VLAN list includes 1 to 8 VLAN IDs separated by such as 100 200 300 400 500 600 700 800 Security Mode The type of encryption to use on the WDS link It must be unique to the access point on t...

Page 73: ...tation STA on the wireless LAN It can bridge traffic between a remote wired network and a wireless LAN When Workgroup Bridge is enabled SSID configuration still works to provide wireless services to clients All access points participating in Workgroup Bridge must have the identical settings for Radio interface IEEE 802 11 mode Channel Bandwidth Channel Auto is not recommended ...

Page 74: ...ame radio channel If Auto option is configured there is chance two access points run on different channels and Worgroup Bridge link cannot establish Remote AP Settings SSID Enter the name of the SSID to which Workgroup Bridge will connect Click Site Survey button to choose from the list You must do this for Workgroup Bridge to connect to a remote access point Remote MAC Address Normally Workgroup ...

Page 75: ...75 Security Mode Select the desired mode from the list Disabled WPA Personal WPA2 Personal WPA Enterprise WPA2 Enterprise ...

Page 76: ... whether the wireless client is dual band capable If it is band steering pushes the client to connect to the less congested 5 GHz network It does this by actively blocking the client s attempts to connect with the 2 4GHz network Isolation Isolation between SSIDs Define whether to isolate traffic between SSIDs If enabled wireless clients in different SSIDs cannot communicate with each other Enabled...

Page 77: ...al Select the guard interval manually for Wireless N connections The two options are Short 400 nanoseconds and Long 800 nanoseconds The default is Auto CTS Protection Mode CTS Clear To Send Protection Mode boosts the access point s ability to catch all Wireless G transmissions but it severely decreases performance By default CTS Protection Mode is disabled but the access point will automatically e...

Page 78: ...beacon If you enter 10 clients check on every 10th beacon RTS Threshold Enter the Request to Send RTS Threshold value an integer from 1 to 2347 The default is 2347 octets The RTS threshold indicates the number of octets in a Medium Access Control Protocol Data Unit MPDU below which an RTS CTS handshake is not performed Changing the RTS threshold can help control traffic flow through the access poi...

Page 79: ...d is equal to or less than the threshold fragmentation is not used Setting the threshold to the largest value 2 346 bytes which is the default effectively disables fragmentation Fragmentation involves more overhead because of the extra work of dividing up and reassembling of frames it requires and because it increases message traffic on the network However fragmentation can help improve network pe...

Page 80: ...r if needed Captive Portal Enable or Disable Captive Portal function globally Captive Portal is disabled by default Authentication Timeout The number of seconds the access point keeps an authentication session open with a wireless client If the client fails to enter authentication credentials within the timeout period the client may need to refresh the web authentication page The range is from 60 ...

Page 81: ...s the HTTPS management port by default You can configure an additional port for that process HTTPS Port Once Additional HTTPS Port is enabled define an additional port for HTTPS protocol The value can be 443 or 1024 to 65535 and is 443 by default The additional HTTPS Port must be different from the HTTPS port in Administration Management Access page Portal Profiles Go to Configuration Captive Port...

Page 82: ...ated wireless clients will be directed after logging in at Captive Portal Choose Original URL or Promotion URL Redirect to Original URL If Landing Page is enabled this setting redirects authenticated wireless clients from the Captive Portal login screen to the URL the user typed in Promotion URL Enter a URL to which authenticated clients will be redirected from the Captive Portal login page Landin...

Page 83: ...ll be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RADIUS Server Backup Shared Secret Enter the key value to match the Backup RADIUS Server Password Only Authentication Password The password for the profile Wireless clients only need one password to access the wireless network Local User Go to Configuration...

Page 84: ...he user account The password must be between 4 and 32 characters in length Special characters except and are allowed Confirm Password Re enter the password to confirm it Local Group Go to Configuration Captive Portal Local Group to configure group settings Groups include multiple local users and are mapped to Captive Portal profiles Up to two groups are supported ...

Page 85: ...r configure its user members Members User members of the selected group You can select one user and click button to remove it Other Users Other users which don t belong to the selected group You can select one user and click button to add it into the group Web Customization Go to Configuration Captive Portal Web Customization to customize the authentication web page of Captive Portal ...

Page 86: ...n Customize text to go with the login box Default text for different authentication options Local Authentication Radius Authentication You can log in using your username and password Password Only Authentication You can log in using your password Local Authentication Click Connect to log in User Label Customize the username text box Enter up to 16 characters The default is Username Password Label ...

Page 87: ...thenticated The default is You have logged on successfully Please keep this window open when using the wireless network Failure Text Customize the text that shows when authentication fails Enter up to 128 characters The default is Bad username or password Profile Association Go to Configuration Captive Portal Profile Association to associate defined Captive Portal profiles with SSIDs ...

Page 88: ... it means no profile is associated Client Information Go to Configuration Captive Portal Client Information to view the status of wireless clients that are authenticated by Captive Portal MAC Address MAC address of the client IP Address IP address of the client User Name User name used by the client to log in SSID Name Name of the SSID to which the client is connected Online Time How long the clie...

Page 89: ...s multiple devices When access points are clustered you can view deploy configure and secure the wireless network as a single entity Note Firmware version 1 1 0 or above support cluster feature If your device has legacy firmware installed download the latest one from www linksys com support The access points within a cluster must have the same management VLAN configured A cluster can support 16 LA...

Page 90: ...eduler Wireless Scheduler Association Wireless Connection Control Rate Limit QoS Advanced Wireless Settings Captive Portal Settings Ethernet Port Settings VLAN Settings These configurations and not shared by clustered access points IP Settings WDS Output Power Hostname Workgroup Bridge Wireless Channel 802 1x Supplicant Settings Status Go to Configuration Cluster Settings Status to manage the AP c...

Page 91: ...tem detects there is one Master already existed in the same cluster the new access point that likes to become master will be assigned to slave automatically Slave Enable the cluster function and assign the access point to be the slave Note When the cluster function is enabled WDS and workgroup bridge will be disabled automatically Master ...

Page 92: ...ter Name Name of the cluster for the LAP device to join for example lab cluster All access points with the same cluster name belong to the same cluster Length of this value is from 4 to 32 bytes and special characters are allowed This is a mandatory field if the cluster function is turned on Backup Master When an access point works as a cluster slave it can be enabled as a backup master When maste...

Page 93: ...ss client of Captive Portal roams from one access point to another in the same cluster it need not re authenticate IP Address IP address of the access point to which the client connects Location Location of the access point to which the client connects SSID SSID name of the access point to which the client connects User MAC MAC address of the client Online Time Displays how long this client has be...

Page 94: ...access point Unit is Kbps Channel Management Go to Configuration Cluster Channel Management to manage the channel assignments for access points within a cluster When channel management is enabled the access point automatically assigns radio channels within a cluster Auto channel assignment reduces mutual interference or interference with other access points outside of its cluster and maximizes Wi ...

Page 95: ...mediately Scan according to the day time specified No Clients Scan only if no clients are connected to the wireless radio If there are clients connected the access point will complete the Auto Channel operation the next scheduled time when no clients are connected Current Channels Type Member type of the access point It can be Master Slave or Backup Master Location Where the access point is physic...

Page 96: ...en used to identify device model number and region Firmware Version The version of the firmware currently installed Firmware Checksum The checksum of the firmware running in the access point Hardware Version The version of the hardware Local MAC Address The MAC physical address of the wireless access point Serial Number The serial number of the device ...

Page 97: ...e The current date and time Power Source The power source of the access point It can be Power over Ethernet PoE or Power Adapter When two power sources are plugged in Power Adaptor will be displayed Cloud Status Whether cloud management is enabled or disabled LAN Status Go to System Status Status LAN Status to see settings and status of LAN interface ...

Page 98: ...network VLAN 1 is the default ID for untagged VLAN and management VLAN Management VLAN Displays the Management VLAN ID The VLAN associated with the IP address you use to connect to the access point Provide a number between 1 and 4094 for the Management VLAN ID The default is 1 This VLAN is also the default untagged VLAN If you already have a management VLAN configured on your network with a differ...

Page 99: ...t is attached the same value as the PCs on that LAN segment Primary DNS The primary DNS address provided by the DHCP server or configured manually Secondary DNS The secondary DNS address provided by the DHCP server or configured manually Wireless Status Go to System Status Status Wireless Status to see settings and status of wireless radios and SSIDs ...

Page 100: ...nections will use 40 MHz channel but Wireless B and Wireless G will still use 20 MHz channel SSID Status Interface SSID index SSID Name Name of the SSID Status Status of the SSID Enabled or Disabled MAC Address MAC Address of the SSID VLAN ID VLAN ID of the SSID Priority The 802 1p priority of the SSID Scheduler State N A No scheduler is enabled on the SSID or the SSID is disabled by administrator...

Page 101: ...rom which data is received Remote MAC MAC Address of the destination access point which is on the other end of the WDS link to which data is sent or handed off and from which data is received Connection Status Status of the WDS Station Disabled Connected or Not Connected Workgroup Bridge Status Status of the Workgroup Bridge Enabled or Disabled Local MAC MAC address of the Workgroup Bridge Remote ...

Page 102: ...om the list The interfaces include eight SSIDs per radio SSID Name Name of the SSID to which the client connects Client MAC The MAC address of the client SSID MAC MAC of the SSID to which the client connects Link Rate The link rate of the client Unit is Mbps RSSI The signal strength of the client Unit is dBm Online Time How long this client has been online Unit is seconds ...

Page 103: ...tatistics to see real time statistics on data transmitted and received based on each SSID per Radio and LAN interface Interface The name of the interface Wireless Radio Select the desired radio from the list Radio 1 is for 2 4 GHz and Radio 2 is for 5 GHz ...

Page 104: ...The total number of dropped packets sent in Transmit table or received in Received table by the interface Total Dropped Bytes The total number of dropped bytes sent in Transmit table or received in Received table by the interface Errors The total number of errors related to sending and receiving data on this interface Log View Go to System Status Status Log View to see a list of system events such...

Page 105: ...105 Log Messages Log Messages Show the log messages Buttons Refresh Update the data on screen Save Save the log to a file on your PC Clear Delete the existing logs from device ...

Page 106: ...firmware upgrade by following the steps below If an access point works as master of an AP cluster all slaves within the same cluster will be updated as well Do not power off the device or disconnect the ethernet cable during the upgrade The access point will reboot automatically after the upgrade is complete To perform the firmware upgrade from local PC 1 Click Choose File to navigate to the locat...

Page 107: ...ick the OK on the popup dialogue box to start the firmware download and upgrade if a new version of firmware is available Configuration Backup Restore Go to Maintenance Maintenance Configuration Backup Restore to download the configuration file from the device You can save it to external storage e g your PC or network storage You can also upload a previously saved configuration file from external ...

Page 108: ... like and click Save Restore Configuration To restore settings from a backup file 1 Click Choose File 2 Locate and select the previously saved backup file 3 Click Restore Backup Restore to from TFTP server Backup Configuration To create a backup file of the current settings 1 Enter the destination file name you plan to save in TFTP server 2 Enter the IP address for the TFTP server Only IPv4 addres...

Page 109: ...p Restore Factory Default To restore your access point to its factory defaults select an option and click Save Reset All Parameters to Factory Default No Don t restore to factory defaults Reboot Go to Maintenance Maintenance Reboot to power cycle the device The current configuration file will remain after reboot Device Reboot If you click Save when the Yes radio button is selected the device will ...

Page 110: ...r the IP type of destination address IP or Domain Name Enter the IP address or domain name that you want to ping Packet Size Enter the size of the packet Times to Ping Select the desired number from the drop list 5 10 15 Unlimited Ping Result Ping measures how fast you get a response after you ve sent out a request Measured in milliseconds ms ...

Page 111: ...e can be Radio SSID or Ethernet Start Capture Click to start the capture You will be asked to specify a local file to store the packets Stop Capture Click to stop the capture Diagnostic Log Go to Go to Maintenance Diagnostics Diagnostic Log to get system detail information such as configuration file system status and statistics data hardware information operational status The information is useful...

Page 112: ...st be the case You can use the following method to determine the IP address of the wireless access point and then try to connect using the IP address instead of the name To find the access point s IP address 1 Open a MS DOS Prompt or Command Prompt Window 2 Use the Ping command to ping the wireless access point Enter ping followed by the default name of the wireless access point Default name is la...

Page 113: ...nd security settings on the PC match the settings on the access point On the PC the wireless mode is set to Infrastructure If using the Access Control feature the PC s name and address is in the Trusted Stations list If using 802 1x mode ensure the PC s 802 1x software is configured correctly See Appendix C p 120 for details of setup for the Windows XP 802 1x client If using a different client ref...

Page 114: ...te directly with each other Infrastructure Mode In Infrastructure Mode one or more access points are used to connect wireless stations e g notebook PCs with wireless cards to a wired Ethernet LAN The wireless stations can then access all LAN resources Note Access points can only function in Infrastructure Mode and can communicate only with wireless stations that are set to Infrastructure Mode SSID...

Page 115: ...en using multiple access points it is better if adjacent access points use different channels to reduce interference The recommended channel spacing between adjacent access points is five channels e g use Channels 1 and 6 or 6 and 11 In Infrastructure Mode wireless stations normally scan all channels looking for an access point If more than one access point can be used the one with the strongest s...

Page 116: ...h user s wireless client must support 802 1X and provide the login data when required All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required WPA2 Enterprise This version of WPA2 requires a RADIUS server on your LAN to provide the client authentication according to the 802 1X standard Data transmissions are encrypted using the WPA2 sta...

Page 117: ...erver Each user must have a user login on the RADIUS server Each user s wireless client must support 802 1X and provide the login data when required All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated ...

Page 118: ...tup of each wireless station is also more complex Using WEP For each of the following items each wireless station must have the same settings as the wireless access point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the wireless access point The default value is LinksysSMB24G for radio 1 and LinksysSMB5G for radio 2 Note The SSID is case sensi...

Page 119: ... secure and most complex system WPA Enterprise mode provides greater security and centralized management but it is more complex to configure Wireless Station Configuration For each of the following wireless stations must have the same settings as the wireless access point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the wireless access point T...

Page 120: ...Server as the RADIUS server since it is the most common RADIUS server available that supports the EAP TLS authentication method The following services on the Windows 2000 Domain Controller PDC are also required dhcpd dns rras webserver IIS RADIUS Server Internet Authentication Service Certificate Authority Windows 2000 Domain Controller Setup 1 Run dcpromo exe from the command prompt 2 Follow all ...

Page 121: ...nternet Information Services IIS component From the Networking Services category select Dynamic Host Configuration Protocol DHCP and Internet Authentication Service DNS should already be selected and installed 4 Click Next 5 Select Enterprise root CA and click Next ...

Page 122: ...iguration data 8 Installation will warn you that Internet Information Services are running and must be stopped before continuing Click OK then Finish DHCP server configuration 1 Click on Start Programs Administrative Tools DHCP 2 Right click on the server entry and select New Scope 3 Click Next when the New Scope Wizard Begins ...

Page 123: ...xt 7 Change the Lease Duration time if preferred Click Next 8 Select Yes I want to configure these options now and click Next 9 Enter the router address for the current subnet The router address may be left blank if there is no router Click Next 10 For the parent domain enter the domain you specified for the domain controller setup and enter the server s address for the IP address Click Next 11 If...

Page 124: ...lete Certificate Authority Setup 1 Select Start Programs Administrative Tools Certification Authority 2 Right click Policy Settings and select New Certificate to Issue 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctrl key Click OK 4 Select Start Programs Administrative Tools Active Directory Users and Computers ...

Page 125: ...125 5 Right click on your active directory domain and select Properties 6 Select the Group Policy tab choose Default Domain Policy then click Edit ...

Page 126: ...tificate Request 8 When the Certificate Request Wizard appears click Next 9 Select Computer click Next 10 Ensure that your Certificate Authority is checked click Next 11 Review the policy change information and click Finish 12 Click Start Run type cmd and press Enter Enter secedit refreshpolicy machine_policy This command may take a few minutes to take effect ...

Page 127: ... the address or name of the wireless access point and set the shared secret as entered on the Security Settings of the wireless access point 5 Click Finish 6 Right click on Remote Access Policies select New Remote Access Policy 7 Assuming you are using EAP TLS name the policy eap tls and click Next 8 Click Add If you don t want to set any restrictions and a condition is required select Day And Tim...

Page 128: ...sion Click Next 11 Click Edit Profile and select the Authentication tab Enable Extensible Authentication Protocol and select Smart Card or other Certificate Deselect other authentication methods listed Click OK 12 Select No if you don t want to view the help for EAP Click Finish ...

Page 129: ... 802 1x client implementation If using Windows 2000 you can install SP3 Service Pack 3 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to your vendor s documentation for setup instructions The following instructions assume You are using Windows XP You are connecting to a Windows 2000 server f...

Page 130: ...he address box enter the IP address of the Windows 2000 Server followed by certsrv e g http 192 168 0 2 certsrv 3 You will be prompted for a user name and password Enter the User name and Password assigned to you by your network administrator and click OK 4 On the first screen below select Request a certificate click Next ...

Page 131: ...131 5 Select User certificate request and select User Certificate click Next 6 Click Submit ...

Page 132: ...132 7 A message will be displayed and the certificate will be returned to you Click Install this certificate 8 You will receive a confirmation message Click Yes 9 Certificate setup is now complete ...

Page 133: ...t Card or other Certificate is selected from the EAP type Encryption Settings The encryption settings must match the access point on the wireless network you wish to join Windows XP will detect any available wireless networks and allow you to configure each network independently Your network administrator can advise you of the correct settings for each network 802 1x networks typically use EAP TLS...

Page 134: ...134 Enabling Encryption To enable encryption for a wireless network 1 Click on the Wireless Networks tab 2 Select the wireless network from the Available networks list and click Configure ...

Page 135: ... and click the checkbox for the setting The key is provided for me automatically as shown below 4 Setup for Windows XP and 802 1x client is now complete Using 802 1x Mode without WPA This is very similar to using WPA Enterprise The only difference is that on your client you must NOT enable the setting The key is provided for me automatically ...

Page 136: ... because the key input by the user is 24 bits less than the key size used for encryption Regulatory Approvals Federal Communication Commission Interference Statement This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference th...

Page 137: ...liance could void the user s authority to operate this equipment This transmitter must not be co located or operating in conjunction with any other antenna or transmitter Operations in the 5 15 5 25GHz band are restricted to indoor usage only Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be in...

Page 138: ... utilisateurs devraient aussi être avisés que les utilisateurs de radars de haute puissance sont désignés utilisateurs principaux c à d qu ils ont la priorité pour les bandes 5250 5350 MHz et 5650 5850 MHz et que ces radars pourraient causer du brouillage et ou des dommages aux dispositifs LAN EL Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for a...

Reviews: