background image

4.

 

On the first screen (below), select 

Request a certificate, click 

Next

 

Figure 70: Wireless CA Screen 

104

 

 

Summary of Contents for LAPN300

Page 1: ...User Guide LAPN300 Wireless N300 Access Point with POE Model LAPN300 1 ...

Page 2: ...e Screen 16 Log settings 17 Log Settings Screen 18 Management access 19 Management Access Screen 19 SSL certificate 22 SSL Certificate Screen 22 Network setup 23 Network Setup Screen 23 Advanced 24 Advanced Screen 25 Wireless screens 26 Basic Settings 27 Security settings 28 Security Mode 29 Rogue AP Detection 37 Scheduler 38 Scheduler Association 40 Connection Control 41 Rate Limit 42 Quality of ...

Page 3: ... Information Screen 62 Chapter 3 System Status 63 System Summary 63 LAN Status 64 Wireless Status 66 Wireless Clients 68 Statistics 69 Log View 70 Chapter 4 Maintenance 72 Overview 72 Firmware Upgrade 73 Configuration Backup Restore 74 Factory Default 76 Reboot 77 Ping Test 78 Packet Capture 79 Diagnostic Log 80 Appendix A Troubleshooting 81 Overview 81 General Problems 81 Appendix B About Wireles...

Page 4: ...Configuration 88 RADIUS Server Configuration 88 802 1x Server Setup Windows 2000 Server 89 Windows 2000 Domain Controller Setup 89 Services Installation 89 DHCP Server Configuration 92 Certificate Authority Setup 95 Internet Authentication Service RADIUS Setup 99 Remote Access Login for Users 101 802 1x Client Setup on Windows XP 102 Client Certificate Setup 103 802 1x Authentication Setup 108 Enc...

Page 5: ... booting Solid System is normal no wireless device connected Blue Blinking Software upgrade in process Solid System is normal at least one wireless device connected Red Solid Booting process or update failed hard reset or service required Ports and Button Power Port Connect the AC power adapter to this port o NOTE Use only the adapter that came with your access point Ethernet Port Connect a wired ...

Page 6: ...nstallation 1 Position drilling layout template at the desired location 2 Drill four screw holes on the mounting surface If your Ethernet cable is routed behind the wall mark Ethernet cable hole as well 3 Secure the mounting bracket on the wall with anchors and screws 4 If your Ethernet cable is routed behind the wall cut or drill the Ethernet cable hole you marked in Step 2 Feed the Ethernet cabl...

Page 7: ...6 Slide the device into the bracket Turn access point clockwise until it locks 7 Replace tile in ceiling IMPORTANT Improper or insecure mounting could result in damage to the device or personal injury Linksys is not responsible for damages caused by improper mounting 7 ...

Page 8: ...or later Setup Procedure Make sure device is powered on before you continue setup If LED light is off check that AC power adapter or PoE cable is properly connected on both ends Access device s browser based setup 1 Use the included cable to connect the access point to your network via a network switch or router 2 Open a web browser on a computer connected to your network Enter the IP address of y...

Page 9: ... s IP address This can happen if your LAN does not have a DHCP Server If there is no DHCP server in your network the access point will fall back to its default IP address 192 168 1 252 with a network mask of 255 255 255 0 OR If your PC s IP address is not compatible with this you must change your PC s IP address to an unused value in the range 192 168 1 1 192 168 1 254 with a network mask of 255 2...

Page 10: ...t to the wireless access point run the Setup Wizard to configure the device 1 Click the Quick Start tab on the main menu Figure 2 Setup Wizard 2 On the first screen click Launch 3 Set the password on the Device Password screen if desired 10 ...

Page 11: ... zone date and time for the device on System Settings screen Figure 3 Setup Wizard System Settings 5 On the IPv4 Address screen Figure 4 configure the IP address of the device then click Next Figure 4 Setup Wizard IPv4 11 ...

Page 12: ...point supports up to 8 SSIDs Figure 5 Setup Wizard Wireless Network 7 On the Wireless Security screen Figure 6 configure the wireless security settings for the device Click Next If you are looking for security options that are not available in the wizard go to Configuration Wireless Security page The access point supports more sophisticated security options there 12 ...

Page 13: ... Setup Wizard Wireless Security 8 On the Summary screen check the data to make sure they are correct and then click Submit to save the changes Figure 7 Setup Wizard Summary 9 Click Finish to leave the wizard 13 ...

Page 14: ...Figure 8 Setup Wizard Finish 14 ...

Page 15: ...r Name is effective once you save settings User Name can include up to 63 characters Special characters are allowed User Level Only administrator account has Read Write permission to the access point s admin interface All other accounts have Read Only permission New Password Enter the Password to connect to the access point s admin interface Password must be between 4 and 63 characters Special cha...

Page 16: ...e enable Automatically adjust clock for daylight saving changes Start Time Specify the start time of daylight saving End Time Specify the end time of daylight saving Offset Select the adjusted time of daylight saving NTP NTP Server 1 Enter the primary NTP server It can be an IPv4 address or a domain name Valid characters include alphanumeric characters _ and Maximum length is 64 characters NTP Ser...

Page 17: ...ecord various types of activity on the access point This data is useful for troubleshooting but enabling all logs will generate a large amount of data and adversely affect performance Figure 11 Log Settings Screen 17 ...

Page 18: ...rs Special characters are allowed Password Enter the Password to log in to your SMTP server The Password can include up to 32 characters Special characters are allowed Email Address for Logs Enter the email address the log messages are to be sent to Valid characters include alphanumeric characters _ and Maximum length is 64 characters Log Queue Length Enter the length of the queue up to 500 log me...

Page 19: ... Web Enable to allow Web access by HTTP protocol HTTP Port Specify the port for HTTP It can be 80 default or from 1024 to 65535 HTTP to HTTPS Redirect Enable to redirect Web access of HTTP to HTTPS automatically This field is available only when HTTP access is disabled HTTPS HTTPS Hypertext Transfer Protocol Secure can provide more secure communication with the SSL TLS protocol which support data ...

Page 20: ...NMP function here Disabled by default Contact Enter contact information for the access point The contact includes 1 to 32 characters Special characters are allowed Location Enter the area or location where the access point resides The location includes 1 to 32 characters Special characters are allowed SNMPv1 v2 Settings Get Community Enter the name of Get Community Get Community is used to read da...

Page 21: ...e or CBC DES Privacy Key 8 to 32 characters Special characters are allowed Access Control Access Control When SNMP is enabled any IP address can connect to the access point s admin page through SNMP You can enable access control to allow specified IP addresses Two IPv4 and two IPv6 addresses can be specified SNMP Trap Trap Community Enter the Trap Community server It includes 1 to 32 characters Sp...

Page 22: ...choose the certificate file Click Install Certificate button Export to TFTP Server Destination File Enter the name of the destination file TFTP Server Enter the IPv4 address for the TFTP server Export Click to export the SSL certificate to the TFTP server Restore from TFTP Server Source File Enter the name of the source file TFTP Server Enter the IPv4 address for the TFTP server Install Click to i...

Page 23: ...ot be first and last character of hostname and hostname cannot be composed of all digits VLAN Enables or disables VLAN function Workgroup Bridge can only be enabled when VLAN function is disabled Untagged VLAN Enables or disables VLAN tagging If enabled default traffic is untagged when VLAN ID is equal to Untagged VLAN ID and untagged traffic can be accepted by LAN port If disabled traffic from th...

Page 24: ...ect to the access point Provide a number between 1 and 4094 for the Management VLAN ID The default is 1 IPv4 v6 IP Settings Select Automatic Configuration or Static IP Address IP Address Enter an unused IP address from the address range used on your LAN Subnet Mask Enter the subnet mask for the IP address above Default Gateway Enter the gateway for the IP address above Primary DNS Enter the DNS ad...

Page 25: ...al Duplex Mode Displays the current duplex mode of the Ethernet port Flow Control Enable or disable flow control of the Ethernet port 802 1x Supplicant 802 1x Supplicant Enable if your network requires this access point to use 802 1X authentication in order to operate Authentication This feature supports following two kinds of authentication Authentication via MAC Address Select this if you want t...

Page 26: ...ch by LLDP protocol Information such as product name device name firmware version IP address MAC address and so on will be advertised LLDP MED Enable if administrator wants the access point to be discovered by switch by LLDP MED protocol Information such as product name device name firmware version IP address MAC address and so on will be advertised Wireless screens 1 Basic Settings 2 Security 3 R...

Page 27: ...able Radio Enable or disable the wireless radio Wireless Mode G only allow connection by 802 11G wireless stations only N only allow connection by 802 11N wireless stations only B G Mixed allow connection by 802 11B and G wireless stations only B G N Mixed Default allow connections by 802 11N 802 11B and 802 11G wireless stations Wireless Channel Select wireless channel of the radio If Auto is sel...

Page 28: ...ble isolation among clients of the SSID If enabled wireless clients cannot communicate with others in the same SSID Disabled by default VLAN ID Enter the VLAN ID of the SSID Used to tag packets which are received from the wireless clients of the SSID and sent from Ethernet or WDS interfaces Applicable only when VLAN function is enabled VLAN function can be configured in Configuration LAN Network S...

Page 29: ...PA Personal with TKIP or WPA2 Personal with AES WPA2 Enterprise Requires a RADIUS Server on your LAN to provide the client authentication according to the 802 1x standard Data transmissions are encrypted using the WPA2 standard If this option is selected o This access point must have a client login on the RADIUS Server o Each user must authenticate on the RADIUS Server This is usually done using d...

Page 30: ...Key Select a transmit key WEP Encryption Select an encryption option and ensure your wireless stations have the same setting 64 Bit Encryption Keys are 10 Hex characters 128 Bit Encryption Keys are 26 Hex characters Passphrase Generate a key or keys instead of entering them directly Enter a word or group of printable characters in the Passphrase box and click the Generate button to automatically c...

Page 31: ...characters or 64 HEX characters Other wireless stations must use the same key Key Renewal Specify the value of Group Key Renewal It s a value from 600 to 36000 and default is 3600 seconds WPA automatically changes secret keys after a certain period of time The group key interval is the period of time in between automatic changes of the group key which all devices on the network share Constantly ke...

Page 32: ...SCII characters or 64 HEX characters Other wireless stations must use the same key Key Renewal Specify the value of Group Key Renewal It s a value from 600 to 36000 and default is 3600 seconds WPA automatically changes secret keys after a certain period of time The group key interval is the period of time in between automatic changes of the group key which all devices on the network share Constant...

Page 33: ...ation Server will be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RADIUS Server It s a value from 1 to 65534 and default is 1812 Backup Shared Secret Enter the key value to match the Backup RADIUS Server It consists of 1 to 64 characters WPA Algorithm The encryption method is AES Key Renewal Timeout Specify...

Page 34: ...rt number used for connections to the RADIUS Server It is a value from 1 to 65534 and default is 1812 Primary Shared Secret Enter the key value to match the RADIUS Server It consists of 1 to 64 characters Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RAD...

Page 35: ...The group key interval is the period of time between automatic changes of the group key which all devices on the network share Constantly keying the group key protects your network against intrusion as the would be intruder must cope with an ever changing secret key RADIUS Use RADIUS server for authentication and dynamic WEP key generation for data encryption Figure 23 RADIUS Settings 35 ...

Page 36: ...d Secret Enter the key value to match the RADIUS Server It consists of 1 to 64 characters Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RADIUS Server It is a value from 1 to 65534 and default is 1812 Backup Shared Secret Enter the key value to match the ...

Page 37: ...Rogue AP Screen Rogue AP Enable or disable Rogue AP Detection Detected Rogue AP List Action Click Trust to move the AP to the Trusted AP List MAC Address The MAC address of the Rogue AP SSID The SSID of the Rogue AP Channel The channel of the Rogue AP Security The security method of the Rogue AP Signal The signal level of the Rogue AP 37 ...

Page 38: ...ecurity The security method of the Trusted AP Signal The signal level of the Trusted AP New MAC Address Add one trusted AP by MAC address Scheduler Configure a rule with a specific time interval for SSIDs to be operational Automate enabling or disabling SSIDs based on the profile definition Support up to 16 profiles and each profile can include four time rules Figure 25 Scheduler Screen 38 ...

Page 39: ...tatus It includes the following situations System time is outdated Scheduler is inactive because system time is outdated Administrative Mode is disabled Scheduler is disabled by administrator Active Scheduler is active Scheduler Profile configuration New Profile Name Enter the name for new profile Profile Name Select the desired profile from the list to configure Day of the Week Select the desired...

Page 40: ... of SSID SSID Name The name of the SSID Profile Name Choose the profile that is associated with the SSID If the profile associated with the SSID is deleted then the association will be removed If None is selected it means no scheduler profile is associated Interface Status The Status of the SSID It can be Enabled or Disabled Scheduler only works when the SSID is enabled 40 ...

Page 41: ...l Type Select the option from the drop down list as desired Local Choose either Allow only following MAC addresses to connect to wireless network or Prevent following MAC addresses from connection to wireless network You can enter up to 20 MAC addresses of wireless stations or choose the MAC address RADIUS Enter IP address port number and shared secret for primary and backup RADIUS servers Disable...

Page 42: ... of the SSID Upstream Rate Enter a maximum upstream for the SSID The range is from 0 to 200 Mbps 0 means no limitation Upstream is for traffic from wireless client to access point Downstream Rate Enter a maximum downstream for the SSID The range is from 0 to 200 Mbps 0 means no limitation Downstream is for traffic from access point to wireless client 42 ...

Page 43: ... high priority traffic Figure 29 QoS Screen QoS Screen QoS Settings SSID The index of SSID SSID Name The name of the SSID VLAN ID The VLAN ID of the SSID Priority Select the priority level from the list VLAN must be enabled in order to set priority The 802 1p will be included in the VLAN header of the packets which are received from the SSID and sent from Ethernet or WDS interface 43 ...

Page 44: ... that do not support WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than voice and video WMM is enabled by default WDS With Wireless Distribution System WDS you can expand a wireless network through multiple access points instead of linking them with a wired backbone WDS only works and interacts with LAPN300 LAPN600 LAPAC1200 o...

Page 45: ...ess Advanced Settings Note It is highly recommended that static channel is configured on both APs Do not use Auto channel option when you enable WDS as both APs in a WDS link must be on the same radio channel If Auto option is configured there is chance two access points run on different channels and WDS link cannot establish Workgroup Bridge and WDS will not work at the same time When Workgroup B...

Page 46: ...ll be connected IEEE 802 11 Mode Channel Bandwidth Channel Auto is not recommended Note To change IEEE 802 11 Mode and Channel settings go to Wireless Basic Settings To change Channel Bandwidth setting go to Wireless Advanced Settings Note It is highly recommended that static channel is configured on both APs Do not use Auto channel option when you enable WDS as both APs in a WDS link must be on t...

Page 47: ...the WDS Station forwards to the remote WDS Root only packets in the VLAN list Packets not in the VLAN list cannot be forwarded to the remote WDS Root The VLAN List is only applicable when VLAN is enabled The VLAN list includes 1 to 8 VLAN IDs separated by such as 100 200 300 400 500 600 700 800 Security Mode The type of encryption to use on the WDS link It must be same as the access point on the o...

Page 48: ... traffic between a remote wired network and a wireless LAN When Workgroup Bridge is enabled SSID configuration still works to provide wireless services to clients All access points participating in Workgroup Bridge must have the identical settings for Radio interface IEEE 802 11 mode Channel Bandwidth Channel Auto is not recommended Figure 3113 Workgroup Bridge 48 ...

Page 49: ... chance two access points run on different channels and Workgroup Bridge link cannot establish Workgroup Bridge and WDS will not work at the same time When Workgroup Bridge is enabled WDS will be disabled automatically Remote AP Settings SSID Enter the name of the SSID to which Workgroup Bridge will connect Click Site Survey button to choose from the list Workgroup Bridge must connect to a remote ...

Page 50: ...rameters Figure 32 Advanced Settings Advanced Settings Screen Band Steering Band Steering Enable or disable Band Steering function Band Steering is a technology that detects whether the wireless client is dual band capable If it is band steering pushes the client to connect to the less congested 5 GHz network It does this by actively blocking the client s attempts to connect with the 2 4GHz networ...

Page 51: ...ually for Wireless N connections The two options are Short 400 nanoseconds and Long 800 nanoseconds The default is Auto CTS Protection Mode CTS Clear To Send Protection Mode boosts the access point s ability to catch all Wireless G transmissions but it severely decreases performance By default CTS Protection Mode is disabled but the access point will automatically enable this feature when Wireless...

Page 52: ...con If you enter 10 clients check on every 10th beacon RTS Threshold Enter the Request to Send RTS Threshold value an integer from 1 to 2347 The default is 2347 octets The RTS threshold indicates the number of octets in a Medium Access Control Protocol Data Unit MPDU below which an RTS CTS handshake is not performed Changing the RTS threshold can help control traffic flow through the access point ...

Page 53: ...s equal to or less than the threshold fragmentation is not used Setting the threshold to the largest value 2 346 bytes which is the default effectively disables fragmentation Fragmentation involves more overhead because of the extra work of dividing up and reassembling of frames it requires and because it increases message traffic on the network However fragmentation can help improve network perfo...

Page 54: ...ss port number if needed Figure 33 Global Configuration Global Configuration Screen Captive Portal Captive Portal is disabled by default Authentication Timeout The number of seconds the access point keeps an authentication session open with a wireless client If the client fails to enter authentication credentials within the timeout period the client may need to refresh the web authentication page ...

Page 55: ...inistration Management Access page Additional HTTPS Port HTTPS portal authentication uses the HTTPS management port by default You can configure an additional port for that process HTTPS Port Define an additional port for HTTPS protocol The value can be 443 or 1024 to 65535 and is 443 by default If Additional HTTPS Port is enabled the HTTPS Port must be different from the HTTPS port in Administrat...

Page 56: ...uthenticated wireless clients will be directed after logging in at Captive Portal Choose Original URL or Promotion URL Redirect to Original URL If Landing Page is enabled this setting redirects authenticated wireless clients from the Captive Portal login screen to the URL the user typed in Promotion URL Enter a URL to which authenticated clients will be redirected from the Captive Portal login pag...

Page 57: ...mary Authentication Server is not available Backup Server Port Enter the port number used for connections to the Backup RADIUS Server Backup Shared Secret Enter the key value to match the Backup RADIUS Server Password Only Authentication Password The password for the profile Wireless clients only need one password to access the wireless network Local User Configure user settings for Captive Portal...

Page 58: ...d are allowed Confirm New Password Re enter the new password to confirm it Local Group Configure group settings Groups are used to include multiple local users and are mapped to Captive Portal profiles Up to two groups are supported Figure 36 Local Group Local Group Screen Group Name Enter the name of the new group The group name includes 1 to 32 characters Special characters except and are allowe...

Page 59: ...zation Screen Profile Select a profile to configure New Logo Upload Logos display in the web page Select an image file from your local PC and click Upload to add to the images available to select in the next step Formats gif png and jpg are supported File size cannot exceed 5KB One profile can support one default and one new logo image If a second new logo is uploaded it will replace the first new...

Page 60: ...default is Password Button Name Customize the text that appears in the log in button Enter up to 12 characters The default is Connect Button Color The HTML code for the background color of the button in 6 digit hexadecimal format The default is 70A0D4 Terms of Use Label Customize the text to go with the checkbox Enter up to 128 characters The default is Check here to indicate that you have read an...

Page 61: ...on Profile Association Screen SSID A list of available SSIDs SSID Name The name of the SSID Profile Name Choose the profile that is associated with the SSID If the profile associated with the SSID is deleted then the association will be removed If None is selected it means no profile is associated 61 ...

Page 62: ...econds Away Timeout The time remaining before de authentication of a client that disconnects from the SSID The timer starts when the client disconnect from the SSID If the time reaches 0 the client is de authenticated If the value is fixed to 0 the client will not be de authenticated as long as the session timeout hasn t expired Measured in seconds Session Timeout The valid remaining time of the c...

Page 63: ...running in the access point Local MAC Address The MAC physical address of the wireless access point Serial Number The serial number of the device Host Name The host name assigned to the access point System Up Time How long the system has been running since the last restart or reboot System Time The current date and time Power Source The power source of the access point It can be Power over Etherne...

Page 64: ... Untagged VLAN ID and untagged traffic can be accepted by LAN port If disabled traffic from the LAN port is always tagged and only tagged traffic can be accepted from LAN port By default all traffic on the access point uses VLAN 1 the default untagged VLAN Untagged VLAN ID Displays the untagged VLAN ID Traffic on the VLAN that you specify in this field is not tagged with a VLAN ID when forwarded t...

Page 65: ...VLAN ID you must change the VLAN ID of the management VLAN on the access point IPv4 v6 IP Address The IP address of the wireless access point Subnet Mask The Network Mask Subnet Mask for the IP address above Default Gateway Enter the gateway for the LAN segment to which the wireless access point is attached the same value as the PCs on that LAN segment Primary DNS The primary DNS address provided ...

Page 66: ...bled Mode Current 802 11mode a b g n of the radio Channel The channel currently in use Channel Bandwidth Current channel bandwidth of the radio When set to 20 MHz only the 20 MHz channel is in use SSID Status Interface SSID index SSID Name Name of the SSID Status Status of the SSID enabled or disabled MAC Address MAC address of the SSID VLAN ID VLAN ID of the SSID Priority The 802 1p priority of t...

Page 67: ...the VLAN list from WDS Stations Packets not in the list will be dropped WDS Station Interface The index of WDS Station Status Status of the WDS Station Enabled or Disabled Local MAC MAC Address of the WDS Root Remote SSID SSID of the destination access point which is on the other end of the WDS link to which data is sent or handed off and from which data is received Remote MAC MAC Address of the d...

Page 68: ... data is sent and from which data is received Remote MAC MAC address of the destination access point on the other end of the Workgroup Bridge link to which data is sent and from which data is received Connection Status Status of the Workgroup Bridge disabled connected or not connected Wireless Clients Wireless Clients displays a list of connected clients based on each wireless interface Figure 43 ...

Page 69: ...ts Client MAC The MAC address of the client SSID MAC MAC of the SSID to which the client connects Link Rate The link rate of the client Measured in Mbps RSSI The signal strength of the client Measured in dBm Online Time How long this client has been online Measured in seconds Statistics Statistics provides real time statistics on transmitted and received data based on SSID and LAN interface Figure...

Page 70: ...r of dropped packets sent in Transmit table or received in Received table by the interface Total Dropped Bytes The total number of dropped bytes sent in Transmit table or received in Received table by the interface Errors The total number of errors related to sending and receiving data on this interface Log View Log View shows a list of system events that are generated by each single log entry suc...

Page 71: ...Log View Screen Log Messages Log Messages Show the log messages Buttons Refresh Update the data on screen Save Save the log to a file on your PC Clear Delete the existing logs from your device 71 ...

Page 72: ...view This chapter covers features available on the wireless access point s Maintenance menu Maintenance Firmware Upgrade Configuration Backup Restore Factory Default Reboot Diagnostics Ping Test Packet Capture Diagnostic Log 72 ...

Page 73: ...t will reboot automatically after firmware upgrade is completed Figure 46 Firmware Upgrade Screen To perform the firmware upgrade from local PC 1 Click the Browse button and navigate to the location of the upgrade file 2 Select the upgrade file Its name will appear in the Upgrade File field 3 Click the Upgrade button to commence the firmware upgrade To perform the firmware upgrade from TFTP server...

Page 74: ...rnal storage You can save to your PC or networked storage or upload a previously saved configuration file from external storage to your access point It is highly recommended you save one extra copy of the configuration file to external storage after you are done with access point setup Figure 47 Configuration Backup Restore Screen 74 ...

Page 75: ... where you want to save the file rename it if you like and click Save Restore Configuration To restore settings from a backup file 1 Click Browse 2 Locate and select the previously saved backup file 3 Click Restore Backup Restore to from TFTP server Backup Configuration To create a backup file of the current settings 1 Enter the destination file name you plan to save in TFTP server 2 Enter the IPv...

Page 76: ...nt configuration file click Maintenance Configuration Backup Restore Select Yes and click Save Figure 48 Factory Default Screen Factory Default Screen Factory Default When you restore to factory defaults your current configuration file will be deleted and the system will reboot The access point will go back to factory default mode after reboot 76 ...

Page 77: ...boot Reboot power cycles the device The current configuration file will remain after reboot Figure 49 Reboot Screen Reboot Screen Device Reboot Select Yes and click Save to power cycle the access point 77 ...

Page 78: ...est Screen Ping Test Screen General IP Type Enter the IP type of destination address IP or URL Address Enter the IP address or domain name that you want to ping Packet Size Enter the size of the packet Times to Ping Select the desired number from the drop list 5 10 15 Unlimited 78 ...

Page 79: ...an be SSID or LAN Figure 51 Packet Capture Screen Packet Capture Screen Network Interface Select the desired network interface from the drop down list The interface can be SSID or Ethernet Start Capture Click to start the capture You will be asked to specify a local file to store the packets Stop Capture Click to stop the capture 79 ...

Page 80: ...on file system status and statistics data hardware information operational status The information is useful in troubleshooting and working with technical support Figure 52 Diagnostic Screen Diagnostic Log Screen Download Click to download the device diagnostic log into a local file 80 ...

Page 81: ...em and port status Ensure that your PC and the wireless access point are on the same network segment If you don t have a router this must be the case You can use the following method to determine the IP address of the wireless access point and then try to connect using the IP address instead of the name To find the access point s IP address Open a MS DOS Prompt or Command Prompt Window Use the Pin...

Page 82: ...1 252 and 255 255 255 0 Problem 2 My PC can t connect to the LAN via the wireless access point Solution 2 Check the following The SSID and security settings on the PC match the settings on the wireless access point On the PC the wireless mode is set to Infrastructure If using the Access Control feature the PC s name and address is in the Trusted Stations list If using 802 1x mode ensure the PC s 8...

Page 83: ...one or more access points are used to connect wireless stations e g notebook PCs with wireless cards to a wired Ethernet LAN The wireless stations can then access all LAN resources Note Access points can only function in Infrastructure Mode and can communicate only with wireless stations that are set to Infrastructure Mode SSID ESSID BSS SSID A group of wireless stations and a single access point ...

Page 84: ...ultiple access points it is better if adjacent access points use different channels to reduce interference The recommended channel spacing between adjacent access points is five channels e g use Channels 1 and 6 or 6 and 11 In Infrastructure Mode wireless stations normally scan all channels looking for an access point If more than one access point can be used the one with the strongest signal is u...

Page 85: ...ave a client login on the RADIUS server Each user must have a user login on the RADIUS server Each user s wireless client must support 802 1X and provide the login data when required All data transmission is encrypted using the WPA standard Keys are automatically generated so no key input is required WPA2 Enterprise This version of WPA2 requires a RADIUS server on your LAN to provide the client au...

Page 86: ...n WEP encryption If this option is used The access point must have a client login on the RADIUS server Each user must have a user login on the RADIUS server Each user s wireless client must support 802 1X and provide the login data when required All data transmission is encrypted using the WEP standard You only have to select the WEP key size the WEP key is automatically generated 86 ...

Page 87: ...astructure SSID ESSID This must match the value used on the wireless access point The default value is LinksysSMB24G Note The SSID is case sensitive Wireless Security Each wireless station must be set to use WEP data encryption The key size 64 bit 128 bit must be set to match the access point The key values on the PC must match the key values on the access point Note On some systems the key sizes ...

Page 88: ...wireless access point Mode On each PC the mode must be set to Infrastructure SSID ESSID This must match the value used on the wireless access point The default value is LinksysSMB24G Note The SSID is case sensitive 802 1x Authentication Each client must obtain a certificate for authentication for the RADIUS server 802 1x Encryption Typically EAP TLS is used This is a dynamic key system so keys do ...

Page 89: ...rver IIS RADIUS Server Internet Authentication Service Certificate Authority Windows 2000 Domain Controller Setup Run dcpromo exe from the command prompt Follow all of the default prompts ensure that DNS is installed and enabled during installation Services Installation 1 Select the Control Panel Add Remove Programs 2 Click Add Remove Windows Components from the left side 3 Ensure that the followi...

Page 90: ...Figure 53 Components Screen 4 Click Next 5 Select the Enterprise root CA and click Next Figure 54 Certification Screen 90 ...

Page 91: ...hority and click Next Figure 55 CA Screen 7 Click Next if you don t want to change the CA s configuration data 8 Installation will warn you that Internet Information Services are running and must be stopped before continuing Click OK then Finish 91 ...

Page 92: ...ick on Start Programs Administrative Tools DHCP 2 Right click on the server entry and select New Scope Figure 56 DHCP Screen 3 Click Next when the New Scope Wizard begins 4 Enter the name and description for the scope click Next 92 ...

Page 93: ... address fields if required If no exclusions are required leave it blank Click Next 7 Change the Lease Duration time if preferred Click Next 8 Select Yes I want to configure these options now and click Next 9 Enter the router address for the current subnet The router address may be left blank if there is no router Click Next 93 ...

Page 94: ...d enter the server s address for the IP address Click Next Figure 58 DNS Screen 11 If you don t want a WINS server just click Next 12 Select Yes I want to activate this scope now Click Next then Finish 13 Right click on the server and select Authorize It may take a few minutes to complete 94 ...

Page 95: ...ols Certification Authority 2 Right click Policy Settings and select New Certificate to Issue Figure 59 Certificate Authority Screen 3 Select Authenticated Session and Smartcard Logon select more than one by holding down the Ctrl key Click OK Figure 60 Template Screen 95 ...

Page 96: ...4 Select Start Programs Administrative Tools Active Directory Users and Computers 5 Right click on your active directory domain and select Properties Figure 61 Active Directory Screen 96 ...

Page 97: ...6 Select the Group Policy tab choose Default Domain Policy then click Edit Figure 62 Group Policy Tab 97 ...

Page 98: ...uest Settings New Automatic Certificate Request Figure 63 Group Policy Screen 8 When the Certificate Request Wizard appears click Next 9 Select Computer click Next Figure 64 Certificate Template Screen 10 Ensure that your Certificate Authority is checked click Next 11 Review the policy change information and click Finish 98 ...

Page 99: ...tication Service 2 Right click on Clients and select New Client Figure 65 Service Screen 3 Enter a name for the access point click Next 4 Enter the address or name of the wireless access point and set the shared secret as entered on the Security Settings of the wireless access point 5 Click Finish 6 Right click on Remote Access Policies select New Remote Access Policy 7 Assuming you are using EAP ...

Page 100: ... want to set any restrictions and a condition is required select Day And Time Restrictions and click Add Figure 66 Attribute Screen 9 Click Permitted then OK Select Next 10 Select Grant remote access permission Click Next 100 ...

Page 101: ...ertificate Deselect other authentication methods listed Click OK Figure 67 Authentication Screen 12 Select No if you don t want to view the help for EAP Click Finish Remote Access Login for Users 1 Select Start Programs Administrative Tools Active Directory Users and Computers 2 Double click on the user who you want to enable 101 ...

Page 102: ...s XP ships with a complete 802 1x client implementation If using Windows 2000 you can install SP3 Service Pack 3 to gain the same functionality If you don t have either of these systems you must use the 802 1x client software provided with your wireless adapter Refer to your vendor s documentation for setup instructions 102 ...

Page 103: ...lient Certificate Setup 1 Connect to a network that doesn t require port authentication 2 Start your Web browser In the Address box enter the IP address of the Windows 2000 Server followed by certsrv Example http 192 168 0 2 certsrv 3 You will be prompted for a user name and password Enter the User name and Password assigned to you by your network administrator and click OK Figure 69 Connect Scree...

Page 104: ...4 On the first screen below select Request a certificate click Next Figure 70 Wireless CA Screen 104 ...

Page 105: ...5 Select User certificate request and select User Certificate click Next Figure 71 Request Type Screen 105 ...

Page 106: ...6 Click Submit Figure 72 Identifying Information Screen 106 ...

Page 107: ...d the certificate will be returned to you Click Install this certificate Figure 73 Certificate Issued Screen 8 You will receive a confirmation message Click Yes Figure 74 Root Certificate Screen 9 Certificate setup is now complete 107 ...

Page 108: ...l Panel Network Connections 2 Right click on the Wireless Network Connection and select Properties 3 Select the Authentication Tab and ensure that Enable network access control using IEEE 802 1X is selected and Smart Card or other Certificate is selected from the EAP type Figure 75 Authentication Tab 108 ...

Page 109: ...configure each network independently Your network administrator can advise you of the correct settings for each network 802 1x networks typically use EAP TLS This is a dynamic key system so there is no need to enter key values Enabling Encryption To enable encryption for a wireless network follow this procedure 1 Click on the Wireless Networks tab Figure 76 Wireless Networks Screen 109 ...

Page 110: ... the correct values as advised by your Network Administrator For example to use EAP TLS you would enable Data encryption and click the checkbox for the setting The key is provided for me automatically as shown below Figure 77 Properties Screen Setup for Windows XP and 802 1x client is now complete 110 ...

Page 111: ...d for me automatically Instead you must enter the WEP key manually ensuring it matches the WEP key used on the access point Figure 78 Properties Screen Note On some systems the 64 bit WEP key is shown as 40 bit and the 128 bit WEP key is shown as 104 bit This difference arises because the key input by the user is 24 bits less than the key size used for encryption 111 ...

Page 112: ...ames and logos are trademarks of the Belkin group of companies Third party trademarks mentioned are the property of their respective owners 2016 Belkin International Inc and or its affiliates All rights reserved PNKPG 00089 RevB00 112 ...

Reviews: