background image

41 

 

WPA2-compliant hardware. 

Auto 

— Uses either TKIP or AES keys for encryption. WPA and 

WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common 
SSID. In mixed mode, the unicast encryption type (TKIP or AES) is negotiated for 
each client. 

Key Renewal Interval 

— Sets the time period for automatically changing data 

encryption keys and redistributing them to all connected clients.   

RADIUS Server 

— Configures RADIUS server settings. 

IP Address 

— Specifies the IP address of the RADIUS server. 

Port 

— The User Datagram Protocol (UDP) port number used by the 

RADIUS server for authentication messages. (Range: 1024-65535; 
Default: 1812) 

Shared Secret 

— A shared text string used to encrypt messages between the 

access point and the RADIUS server. Be sure that the same text string is specified 
on the RADIUS server. Do not use blank spaces in the string. (Maximum length: 20 
characters) 

 

WPA-PSK & WPA2-PSK 

Wi-Fi Protected Access (WPA)

 was introduced as an interim solution for the 

vulnerability of WEP pending the adoption of a more robust wireless security 
standard. WPA2 includes the complete wireless security standard, but also offers 
backward compatibility with WPA. For small home or office networks, WPA and 
WPA2 provide a simple “personal” operating mode that uses just a pre-shared key 
for network access. The 

WPA Pre-Shared Key (WPA-PSK)

 mode uses a common 

password phrase for user authentication that is manually entered on the access 
point and all wireless clients. Data encryption keys are automatically generated by 
the access point and distributed to all clients connected to the network. 

 

WPA-PSK 

— Clients using WPA with a Pre-shared Key are accepted for 

authentication.   

WPA2-PSK 

— Clients using WPA2 with a Pre-shared Key are accepted for 

authentication.   

WPA- Auto-PSK 

— Clients using WPA or WPA2 with a Preshared 

Summary of Contents for WL-STATION-N5

Page 1: ...1 5GHz 802 11a n Outdoor AP CPE User Guide ...

Page 2: ...2TP 11 SETTINGS IPSEC 13 OPERATION MODE AP BRIDGE 15 OPERATION MODE CLIENT ROUTER 15 OPERATION MODE CLIENT BRIDGE 17 ADVANCED SETUP 20 MANAGEMENT 21 ADVANCED SETTINGS 23 OPERATION MODE 25 FIREWALL CONFIGURATION 25 MAC IP PORT FILTERING 25 VIRTUAL SERVER SETTINGS 27 DMZ 28 FIREWALL 28 QoS 29 CONTENT FILTERING 30 NETWORK SETTINGS 31 WAN 31 LAN 35 VLAN 35 DHCP STATIC LEASE LIST 36 ADVANCED ROUTING 36...

Page 3: ...right position OUTDOOR AP CPE available with integrated 14dBi patch antenna or two RSMA connectors for external antenna Also uses passive PoE for simplify installation HARDWARE DESCRIPTION Below are OUTDOOR AP CPE hardware descriptions PoE LAN PoE WAN in Rouer mode PoE LAN in Bridge Mode Reset L Mount Option Pole Mount Holders Wall Mount Hole Wall Mount Hole LED Indicator ...

Page 4: ...o open Slide the weatherproof sliding door downwards by griping onto the indented surface of the weatherproof sliding door and the rear Align the base with the weatherproof sliding door Slide the weatherproof sliding door upwards until it clicks into place How to close the sliding door How to tie the strap on the pole ...

Page 5: ...5 Mounting and Radio forward Diagram Standard Pole Mount Option Adjust Antenna L Mount Option Wall Mount ...

Page 6: ... has a default IP address of 192 168 2 1 and a subnet mask of 255 255 255 0 You must set your PC IP address to be on the same subnet as the OUTDOOR AP CPE that is the PC and OUTDOOR AP CPE addresses must both start 192 168 2 x To access the OUTDOOR AP CPE s management GUI interface follow these steps 1 Use your web browser to connect to the management interface using the default IP address of 192 ...

Page 7: ...t the connection Click on Easy Setup to bring up the wizard OPERATION MODE AP ROUTER In AP Router mode your OUTDOOR AP CPE unit is turned to a wireless router and wireless interface will become the LAN side if your PC is connected to the PoE port the management IP will change to the LAN IP 192 168 2 1 The remote management will be automatically turned on to allow you managing the device from the P...

Page 8: ...using Point to Point Protocol over Ethernet PPPoE 2 User Name Sets the PPPoE user name for the WAN port Password Sets a PPPoE password for the WAN port Verify Password Prompts you to re enter your chosen password Operation Mode Enables and configures the keep alive time and configures the on demand idle time 3 Security Setup ...

Page 9: ...c IP address is a number in the form of a dotted quad 2 IP Address Sets the static IP address Subnet Mask Sets the static IP subnet mask Default 255 255 255 0 Default Gateway The IP address of a router that is used when the requested destination IP address is not on the local subnet Primary DNS Server The IP address of the Primary Domain Name Server A DNS maps numerical IP addresses to domain name...

Page 10: ...y method and then configure the required parameters Options Disabled WEP AUTO WPA PSK WPA2 PSK WPA Auto PSK WPA WPA2 WPA Auto 802 1X Default Disabled SETTINGS CABLE DYNAMIC IP DHCP 1 Select Cable Dynamic IP DHCP if your Internet service provider ISP use a DHCP service to assign your Router an IP address when connecting to the Internet 2 The host name that you selected from the DHCP service provide...

Page 11: ...PA Auto PSK WPA WPA2 WPA Auto 802 1X Default Disabled SETTINGS PPTP L2TP 1 Select PPTP if you are using PPTP service to gain connection to the Internet 2 Server IP Sets the PPTP server IP Address Default pptp_server User Name Sets the PPTP user name for the WAN port Password Sets a PPTP password for the WAN port Address Mode Sets a PPTP network mode Default Dynamic IP Operation Mode Enables and co...

Page 12: ...IP address of the Secondary Domain Name Server 3 Network Name SSID SSID Service Set Identification must be assigned to all wireless devices in your network Considering your wireless network security Security Mode Select the security method and then configure the required parameters Options Disabled WEP AUTO WPA PSK WPA2 PSK WPA Auto PSK WPA WPA2 WPA Auto 802 1X Default Disabled SETTINGS L2TP 1 Sel...

Page 13: ...r names instead of the IP addresses To specify a DNS server type the IP addresses in the text field provided Otherwise leave the text field blank Secondary DNS Server The IP address of the Secondary Domain Name Server 3 Network Name SSID SSID Service Set Identification must be assigned to all wireless devices in your network Considering your wireless network security Security Mode Select the secur...

Page 14: ...IP address Subnet Gateway Local end point IP address Subnet and Gateway IP address IPSec Operation Mode Use drop down menu to select from Add Route Start Manual or Ignore IKE Key Retry Specify maximum retry limits for negotiate key to Internet Key Exchange Peer IP address Subnet Gateway Remote end point IP address Subnet and Gateway IP address 3 Network Name SSID SSID Service Set Identification mu...

Page 15: ...ed Open Shared WEP AUTO WPA PSK WPA2 PSK WPA PSK_WPA2 PSK WPA WPA2 WPA1_WPA2 802 1X Default Disabled OPERATION MODE CLIENT ROUTER In the Client Router mode is also known as WISP The OUTDOOR AP CPE wireless side is connected to the remote AP Base Station as in Client Infrastructure mode Between the wireless and LAN is the IP sharing router function This is used to share Client Router connection The...

Page 16: ...16 connect in this example Press Next button when finished 3 Now it shows the Profile Name SSID BSSID and encryption type received from your target network and press Next button to continue ...

Page 17: ...press Next button to finish the wizard OPERATION MODE CLIENT BRIDGE In the Client Bridge mode your OUTDOOR AP CPE will behave just the same as Wireless adapter With Client Bridges the WLAN and the LAN are on the same subnet Consequently NAT is no longer used and services that are running on the original network ...

Page 18: ...ss Site Survey button and look for available wireless network then click on the SSID that you attempt to connect to it 5G is the SSID that we are going to connect in this example Press Next button when finished ...

Page 19: ...19 3 Now it shows the Profile Name SSID BSSID and encryption type received from your target network and press Next button to finish the wizard ...

Page 20: ... In the Advanced Manual Bar it includes all the settings such as firmware upgrade LAN WAN and wireless settings that change the RF behaviors It is important to read through this section before attempting to make changes ...

Page 21: ...th and file name of the update file into the File field Or click the Browse button to locate the update file 3 Click the Upgrade button Note 1 New firmware versions are posted at our website and can be downloaded for free There is no need to upgrade the firmware unless the new firmware has a new feature you want to use However when experiencing problems caused by the Router rather than the configu...

Page 22: ... that is currently saved on your PC Click Import to overwrite all current configurations with the one in the configuration file Load Factory Defaults If you have problems with OUTDOOR AP CPE which might be a result from changing some settings but you are unsure what settings exactly you can restore the factory defaults by click the Load Default Button Reboot System If you want to reboot the OUTDOO...

Page 23: ... synchronization minutes Specify the interval between SNTP server updates DDNS Settings DDNS lets you assign a fixed host and domain name to dynamic Internet IP address It is useful when you are hosting your own website FTP server or other server behind the OUTDOOR AP CPE Before using this feature you need to sign up for DDNS service at www dyndns org a DDNS service provider User Name Sets the DDN...

Page 24: ...on and entrainment SNMP Settings Managing devices on IP networks Telnet Settings Enable your OUTDOOR AP CPE unit to be accessed via telnet utility SSH Settings Secure Shell Enable your OUTDOOR AP CPE unit to be accessed via secure shell SSH based network device Telnet SSH Password Settings Assign a password for telnet or secure shell SSH access to your CPE unit ...

Page 25: ...N side and the Ethernet LAN side Therefore the Client Router subscriber can share the Client Router connection without the extra router Client Bridge The OUTDOOR AP CPE will behave just the same as Wireless adapter With Client Bridges the WLAN and the LAN are on the same subnet Consequently NAT is no longer used and services that are running on the original network FIREWALL CONFIGURATION MAC IP PO...

Page 26: ...t Range Specifies the range of destination port to block traffic from the specified LAN IP address from reaching Source Port Range Specifies the range of source port to block traffic from the specified LAN IP address from reaching Action Specifies if traffic should be accepted or dropped Default Accept Comment Enter a useful comment to help identify the filtering rules Current Filtering rules The ...

Page 27: ...rivate Port The protocol port number on the local server Public Port The protocol port number on the router s WAN interface Protocol Specifies the protocol to forward either TCP UDP or TCP UDP Comment Enter a useful comment to help identify the port forwarding service on the network Current Virtual Servers in System The Current Port Forwarding Table displays the entries that are allowed to forward...

Page 28: ...osed to the Internet allowing open two way communication The host PC should be assigned a static IP address which is mapped to its MAC address and this must be configured as the DMZ IP address DMZ Settings Sets the DMZ status Default Disable DMZ IP Address Specifies an IP address on the local network allowed unblocked access to the WAN FIREWALL Firewall functions which will help to protect your ne...

Page 29: ...ackets received on the WAN port SPI Firewall SIP firewall help to keep track of the state of network connections such as TCP streams UDP communication traveling across it It is programmed to distinguish legitimate packets for different types of connections Only packets matching a known active connection will be allowed by the firewall others will be rejected Network Address Translation NAT is the ...

Page 30: ... the rule list would automatically have lower priority CONTENT FILTERING The OUTDOOR AP CPE provides a variety of options for blocking Internet access based on content URL and host name Web URL Filter Settings By filtering inbound Uniform Resource Locators URLs the risk of compromising the network can be reduced URLs are commonly used to point to websites By specifying a URL or a keyword contained...

Page 31: ... the address www HOST com the domain name is HOST com Enter the Keyword then click Add Current Host Filters Displays current Host filter Add a Host Filter Enters the keyword for a host filtering Delete a Host Filter Deletes a Host filter entry from the list NETWORK SETTINGS WAN In this section there are several connection types to choose from Static IP DHCP PPPoE PPTP L2TP and IPSec If you are uns...

Page 32: ... chosen password Operation Mode Enables and configures the keep alive time and configures the on demand idle time STATIC IP FIXED IP IP Address Sets the static IP address Subnet Mask Sets the static IP subnet mask Default 255 255 255 0 Default Gateway The IP address of a router that is used when the requested destination IP address is not on the local subnet Primary DNS Server The IP address of th...

Page 33: ...ep alive time Primary DNS Server The IP address of the Primary Domain Name Server A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses To specify a DNS server type the IP addresses in the text field provided Otherwise leave the text field blank Secondary DNS Server The IP address of the Secondary Domain Name Serve...

Page 34: ...gotiate key to Internet Key Exchange Peer IP address Subnet Gateway Remote end point IP address Subnet and Gateway IP address L2TP Server IP Sets the L2TP server IP Address Default l2tp_server User Name Sets the L2TP user name for the WAN port Password Sets a L2TP password for the WAN port Address Mode Sets a L2TP network mode Default Dynamic IP Operation Mode Enables and configures the keep alive...

Page 35: ...et Mask The subnet mask of OUTDOOR AP CPE on the local area network DHCP Server The DHCP Server is to assign private IP address to the OUTDOOR AP CPE in your local area network LAN The default LAN IP address is 192 168 2 1 changing IP address will also change the DHCP server s IP subnet VLAN If you want to configure the Guest and Internal networks on VLAN the switch you are using must support VLAN...

Page 36: ...on the Switch DHCP STATIC LEASE LIST Choose menu Advanced DHCP Static Leases List you can view and add a reserved address for clients via the next screen When you specify a reserved IP address for a PC on the LAN that PC will always receive the same IP address each time when it accesses the DHCP server Reserved IP addresses should be assigned to the servers that require permanent IP settings ADVAN...

Page 37: ...rtion of Network Netmask Displays the subnetwork associated with the destination Gateway Defines the packets destination next hop Interface Select interface to which a static routing subnet is to be applied Comment Help identify the routing RIP Enable or disable the RIP Routing Information Protocol for the WAN or LAN interface ...

Page 38: ... then only have one set of encryption for the entire channel Network Name SSID The name of the wireless network service provided by the OUTDOOR AP CPE Clients that want to connect to the network must set their SSID to the same as that of OUTDOOR AP CPE Multiple SSID One additional VAP interface supported on the device Frequency Channel The radio channel that the OUTDOOR AP CPE uses to communicate ...

Page 39: ...ne static WEP key for user authentication or data encryption Also be sure that the WEP shared keys are the same for each client in the wireless network WEP AUTO Allows wireless clients to connect to the network using Open WEP uses WEP for encryption only or Shared WEP uses WEP for authentication and encryption Encrypt Type Selects WEP for data encryption OPEN mode only Security Key Index Selects t...

Page 40: ...s backward compatibility with WPA WPA Clients using WPA for authentication WPA2 Clients using WPA2 for authentication WPA Auto Clients using WPA or WPA2 for authentication WPA Algorithms Selects the data encryption type to use Default is determined by the Security Mode selected TKIP Uses Temporal Key Integrity Protocol TKIP keys for encryption WPA specifies TKIP as the data encryption method to re...

Page 41: ...server Do not use blank spaces in the string Maximum length 20 characters WPA PSK WPA2 PSK Wi Fi Protected Access WPA was introduced as an interim solution for the vulnerability of WEP pending the adoption of a more robust wireless security standard WPA2 includes the complete wireless security standard but also offers backward compatibility with WPA For small home or office networks WPA and WPA2 p...

Page 42: ...t as an ASCII string an easy to remember form of letters and numbers that can include spaces or Hexadecimal format Range 8 63 ASCII characters or exactly 64 Hexadecimal digits Key Renewal Interval Sets the time period for automatically changing data encryption keys and redistributing them to all connected clients IEEE 802 1X AND RADIUS IEEE 802 1X is a standard framework for network access control...

Page 43: ... characters WI FI PROTECTED SETUP WPS Wi Fi Protected Setup WPS is designed to ease installation and activation of security features in wireless networks WPS has two basic modes of operation Push button Configuration PBC and Personal Identification Number PIN The WPS PIN setup is optional to the PBC setup and provides more security The WPS button on the Wireless Router can be pressed at any time t...

Page 44: ...mely robust data confidentiality using a 128 bit key Use of AES CCMP encryption is specified as a standard requirement for WPA2 Before implementing WPA2 in the network be sure client devices are upgraded to WPA2 compliant hardware Auto Uses either TKIP or AES keys for encryption WPA and WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common SSID In mixed mode the unicast encrypt...

Page 45: ...transmissions Known also as the Delivery Traffic Indication Map DTIM interval it indicates how often the MAC layer forwards broadcast multicast traffic which is necessary to wake up stations that are using Power Save mode The default value of one beacon indicates that the access point will save all broadcast multicast frames for the Basic Service Set BSS and forward them after every beacon Using s...

Page 46: ...ntation of the PDUs Package Data Unit can increase the reliability of transmissions because it increases the probability of a successful transmission due to smaller frame size If there is significant interference present or collisions due to high network utilization try setting the fragment size to send smaller fragments This will speed up the retransmission of smaller frames However it is more ef...

Reviews: