IEEE 802.11a/ac/n/b/g Enterprise Access Points ECW5320 ECWO5320. Management Guide. www.edge-core.com. Software Release v2.0.0.1

IEEE 802.11a/ac/n/b/g Enterprise Access Points ECW5320 ECWO5320 Management Guide Software Release v2.0.0.1 www.edge-core.com

Management Guide ECW5320 Indoor Enterprise Access Point IEEE 802.11a/ac/n/b/g Dual Band Access Point with one 1000BASE-T (RJ-45 PoE-Input) Port, and two 100BASE-TX (RJ-45) Ports ECWO5320 Outdoor Enterprise Access Point IEEE 802.11a/ac/n/b/g Dual Band Access Point with one 1000BASE-T (RJ-45 PoE-Input) Port, and two 100BASE-TX (RJ-45) Ports 150200000964A E012016/ST-R01

How to Use This Guide This guide includes detailed information on the access point (AP) software, including how to operate and use the management functions of the AP. To deploy this AP effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all of its software features. Who Should Read This Guide? This guide is for network administrators who are responsible for operating and maintaining network equipment. The guide assumes a basic working knowledge of LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network Management Protocol (SNMP). How This Guide is Organized The organization of this guide is based on the AP s main management interfaces. The web management interface is described in separate sections that follow the web menu. An introduction and initial configuration information is also provided. The guide includes these sections: Section I Getting Started Includes an introduction to AP management and initial configuration settings. Section II Web Configuration Includes all management options available through the web interface. Section III Appendices Includes information on troubleshooting AP management access. Related Documentation This guide focuses on AP software configuration, it does not cover hardware installation of the AP. For specific information on how to install the AP, see the following guide: Quick Start Guide For all safety information and regulatory statements, see the following documents: Quick Start Guide Safety and Regulatory Information 3

How to Use This Guide Conventions The following conventions are used throughout this guide to show information: Note: Emphasizes important information or calls your attention to related features or instructions. Caution: Alerts you to a potential hazard that could cause loss of data, or damage the system or equipment. Warning: Alerts you to a potential hazard that could cause personal injury. Revision History This section summarizes the changes in each revision of this guide. January 2016 Revision This is the first revision of this guide. It is valid for software release v2.0.0.1-r5159. 4

Contents How to Use This Guide 3 Contents 5 Figures 9 Tables 11 Section I Getting Started 13 1 Introduction 15 Configuration Options 15 Network Connections 16 Connecting to the Web Interface 16 Setup Wizard 17 Main Menu 27 Status 28 Common Web Page Buttons 29 Section II Web Configuration 31 2 Status Information 33 System Information 33 Memory Status 34 WAN Information 34 LAN Information 35 Wireless Overview 36 Active Clients 37 Statistics 38 3 Network Settings 39 5

Contents Operation Mode 39 LAN Setting 40 DHCP Setting 41 4 Internet Settings 43 Cable/Dynamic IP (DHCP) 43 Static (Fixed IP) 44 PPPoE (ADSL) 45 PPTP 46 L2TP 47 5 Wireless Settings 49 Basic Settings 49 Advanced Settings 52 6 Static Routes 57 7 Firewall 59 Port Forwarding 59 DMZ Configuration 60 Access Control 61 Advanced Security 62 8 System Settings 63 Language Selection 64 System Log 64 NTP 65 Password 65 Maintenance 66 Rebooting the Access Point 66 Resetting the Access Point 66 Backing Up Configuration Settings 67 Restoring Configuration Settings 67 Upgrading Firmware 67 6

Contents Section III Appendices 69 A Troubleshooting 71 Problems Accessing the Management Interface 71 Using System Logs 71 Index 73 7

Contents 8

Figures Figure 1: Login Page 17 Figure 2: Select Your Country 17 Figure 3: Option Mode 18 Figure 4: Route to Internet 18 Figure 5: Bridge to Internet 19 Figure 6: Client Route 19 Figure 7: Cable / Dynamic IP (DHCP) 20 Figure 8: Static (Fixed IP) 20 Figure 9: PPPoE (ADSL) 21 Figure 10: PPTP 22 Figure 11: L2TP 22 Figure 12: Setting WIFI 2.4G 23 Figure 13: Setting WIFI 5G 26 Figure 14: Scanning WIFI 5G Networks 26 Figure 15: Status Overview 28 Figure 16: Status Clients 28 Figure 17: Status Statistics 29 Figure 18: Set Configuration Changes 29 Figure 19: System Information 33 Figure 20: Memory Status 34 Figure 21: WAN Information 34 Figure 22: LAN Information 35 Figure 23: Wireless Overview 36 Figure 24: Active Clients 37 Figure 25: Statistics 38 Figure 26: LAN Setting 40 Figure 27: DHCP Setting 41 Figure 28: DHCP Setting 41 Figure 29: Cable/Dynamic IP (DHCP) 43 9

Figures Figure 30: Static (Fixed IP) 44 Figure 31: PPPoE (ADSL) 45 Figure 32: PPTP 46 Figure 33: L2TP 47 Figure 34: Basic Radio Configuration Status 50 Figure 35: Basic Radio Configuration Dialogue Box 51 Figure 36: Advanced Radio Configuration Dialogue Box 52 Figure 37: Static Route List 57 Figure 38: Route Setting 57 Figure 39: Port Forwarding List 59 Figure 40: Port Forwarding Configuration 60 Figure 41: DMZ Configuration 61 Figure 42: Access Control List 61 Figure 43: Access Control Configuration 61 Figure 44: Access Control Time Selection 62 Figure 45: Advanced Security 62 Figure 46: Language 64 Figure 47: System Log 64 Figure 48: NTP 65 Figure 49: Password 65 Figure 50: Maintenance 66 Figure 51: Reboot your device 66 Figure 52: Resetting to Defaults 66 Figure 53: Restoring Configuration Settings 67 Figure 54: Upgrading Firmware 67 10

Tables Table 1: Radio Channels 53 Table 2: Tx Power 54 Table 3: Troubleshooting Chart 71 11

Tables 12

Section I Getting Started This section provides an overview of the access point, and introduces some basic concepts about wireless networking. It also describes the basic settings required to access the management interface. This section includes these chapters: Introduction on page 15 13

Section I Getting Started 14

1 Introduction The access point (AP) runs software that includes a network management agent. The agent offers a variety of management options, including SNMP and a webbased interface. Configuration Options The access point s web agent allows you to configure AP parameters, monitor wireless connections, and display statistics using a standard web browser such as Internet Explorer 9.x, Mozilla Firefox 35, and Google Chrome 39, or later versions. The AP s web management interface can be accessed from any computer attached to the network. The AP s management agent also supports SNMP (Simple Network Management Protocol). This SNMP agent permits the AP to be managed from any computer in the network using network management software. The AP s web interface and SNMP agent allow you to perform management functions such as: Set management access user names and passwords Configure IP settings Configure 2.4 GHz and 5 GHz radio settings Control access through wireless security settings Filter packets using Access Control Lists (ACLs) Download system firmware Download or upload configuration files Display system information and statistics 15

Chapter 1 Introduction Network Connections Network Connections Prior to accessing the AP s management agent through a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using the web interface or DHCP protocol. The AP has a static default management address of 192.168.1.1 and a subnet mask of 255.255.255.0. If the AP s default IP address is not compatible with your network or a DHCP server is not available, the AP s IP address must be configured manually through the web interface. First connect to the AP s LAN 1 or LAN 2 port and log in to the web interface, as described in Connecting to the Web Interface on page 16. Follow the steps described in the Setup Wizard on page 17 to configure the basic settings. Then configure the AP with an IP address that is compatible with your network as described under LAN Setting on page 40. Once the AP s IP settings are configured for your network, you can access the AP s management agent from anywhere within the attached network. The AP can be managed by any computer using a web browser, or from a network computer using SNMP network management software. Connecting to the Web Interface The AP offers a user-friendly web-based management interface for the configuration of all the unit s features. Any PC directly attached to the unit can access the management interface using a web browser, such as Internet Explorer 9.x, Mozilla Firefox 35 or later, and Google Chrome 39, or later versions. You may want to make initial configuration changes by connecting a PC directly to one of the AP s LAN ports. The AP has a default management IP address of 192.168.1.1 and a subnet mask of 255.255.255.0. You must set your PC IP address to be on the same subnet as the AP (that is, the PC and AP addresses must both start with192.168.1.x). To access the AP s web management interface, follow these steps: 1. Use your web browser to connect to the management interface using the default IP address of 192.168.1.1. 2. Log in to the interface by entering the default user name root with the password admin123, then click Login. 16

Chapter 1 Introduction Setup Wizard Note: It is strongly recommended to change the default password the first time you access the web interface. For information on changing the user password, see Password on page 65. Figure 1: Login Page Setup Wizard The Setup Wizard is designed to help you configure the basic settings required to get the AP up and running. Step 1 Select Your Country Select the access point s country of operation from the drop-down menu. You must set the AP s country code to be sure that the radios operate according to permitted local regulations. That is, setting the country code restricts operation of the AP to the radio channels and transmit power levels permitted for wireless networks in the specified country. Figure 2: Select Your Country Caution: You must set the country code to the country of operation. Setting the country code ensures that the radios operate within the local regulations specified for wireless networks. Note: The country code selection is for non-us models only and is not available to all US models. Per FCC regulation, all Wi-Fi products marketed in the US must be fixed to US operation channels only. 17

Chapter 1 Introduction Setup Wizard Step 2 Select Option Mode Click Next, and select an a networking mode for an AP route, AP bridge, or client route. Figure 3: Option Mode AP Route In this mode, the AP should be connected to Internet via an ADSL/ Cable Modem. Wired are wireless ports (ETH0, ETH1, WLAN0 and WLAN 1 are members of the LAN. NAT is enabled and PCs attached to the LAN ports share the same IP to ISP connection through the WAN port. In the following figure, Ethernet Port 0, Ethernet Port1, Wireless LAN 0 (5 GHz Radio), and Wireless LAN 1 (2.4 GHz Radio) are all included in the LAN. Traffic from these interfaces is routed across the access point through WAN Port 0 to the Internet. (This is also called route to Internet.) The connection type can be set up in the WAN page using PPPOE, DHCP client, PPTP client, L2TP client, or static IP. Figure 4: Route to Internet 18

Chapter 1 Introduction Setup Wizard AP Bridge Configures an interface as attached to the WAN (i.e., the Internet). In the following figure, Ethernet Port 0 and Ethernet Port 1 are both attached to the WAN. The wireless interfaces are directly bridged to the wired Ethernet. (This is also called bridge to Internet.) All WAN-related functions are disabled, NAT is disabled, the firewall is disabled, and DHCP is disabled. Figure 5: Bridge to Internet Client Route All Ethernet ports are bridged together and the AP acts as a wireless client connecting to the ISP s access point. NAT is enabled and PCs attached to the Ethernet ports share the same IP to ISP connection through the wireless LAN. Only one of the radios (2.4 GHz or 5 GHz) can connect to the ISP s access point. The connection type can be set up in the WAN page using PPPOE, DHCP client, PPTP client, L2TP client, or static IP. Figure 6: Client Route 19

Chapter 1 Introduction Setup Wizard Step 3 Select WAN Configuration Click Next, and select the method that the AP uses to connect to an ISP through the WAN port. The AP supports five Internet connection methods. Cable / Dynamic IP (DHCP) In many cases, setting the connection type to dynamic is enough to complete the connection to your ISP. Figure 7: Cable / Dynamic IP (DHCP) This page includes the following items: MTU Sets the size of the maximum transmission unit (MTU) for IP packets sent on an interface. Host Name Some dynamic connection types may require a host name. Enter the host name in the space provided if you were assigned one by your ISP. Static (Fixed IP) The Static IP address mode sets the AP to connect to the Internet with a fixed IP address. If your ISP uses static IP addressing, you need an IP address, subnet mask, and ISP gateway address. Enter your information in the provided spaces. Figure 8: Static (Fixed IP) 20

Chapter 1 Introduction Setup Wizard This page includes the following items: MTU Sets the size of the maximum transmission unit (MTU) for IP packets sent on an interface. IP Address Specifies an IP address for the AP. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Subnet Mask Indicates the local subnet mask. Default Gateway The IP address of the default gateway, which is used if the requested destination address is not on the local subnet. If you have management stations, DNS, RADIUS, or other network servers located on another subnet, type the IP address of the default gateway router in the text field provided. Primary/Secondary DNS Server The IP address of the Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of IP addresses. PPPoE (ADSL) The Point-to-Point Protocol over Ethernet (PPPoE) is a common WAN protocol that provides a secure tunnel connection between the service provider and the local network. Figure 9: PPPoE (ADSL) This page includes the following items: MTU Sets the size of the maximum transmission unit (MTU) for IP packets sent on an interface. User Name The user name specified by the service provider. (Range: 1-32 characters) Password The password specified by the service provider. (Range: 1-32 characters) Service Name The service name assigned for the PPPoE connection. The service name is normally optional, but may be required by some service providers. (Range: 1-32 alphanumeric characters) 21

Chapter 1 Introduction Setup Wizard PPTP The Point-to-Point Tunneling Protocol (PPTP) is a common WAN protocol used for Virtual Private Networks (VPNs) that provides a secure tunnel connection between the service provider and the local network. Figure 10: PPTP This page includes the following items: MTU Sets the size of the maximum transmission unit (MTU) for IP packets sent on an interface. User Name The user name specified by the service provider. (Range: 1-32 characters) Password The password specified by the service provider. (Range: 1-32 characters) VPN Server The PPTP server s IPv4 address assigned by your ISP. L2TP The Layer 2 Tunneling Protocol (L2TP) is a common WAN protocol used for Virtual Private Networks (VPNs) that provides a secure tunnel connection between the service provider and the local network. Figure 11: L2TP This page includes the following items: MTU Sets the size of the maximum transmission unit (MTU) for IP packets sent on an interface. 22

Chapter 1 Introduction Setup Wizard User Name The user name specified by the service provider. (Range: 1-32 characters) Password The password specified by the service provider. (Range: 1-32 characters) L2TP Server the L2TP server s IPv4 address assigned by your ISP. Step 4 Setting WIFI 2.4G Click Next, and set the SSID and encryption method for the wireless 2.4G channel. Figure 12: Setting WIFI 2.4G This page includes the following items: SSID Choice The name of the basic service set provided by a Virtual Access Point (VAP) interface. Clients who want to connect to the network through the access point must set their SSID to the same as that of the AP s VAP interface. Note that each radio supports 8 virtual access point (VAP) interfaces based on the SSIDs, referred to as VAP 0 ~ VAP 7, and are named Wireless2 - Wireless2.7 by default. Encryption Settings The wireless security method used for this VAP, including association mode, encryption, and authentication. (Default: No Encryption) The following security options are supported: No Encryption The VAP broadcasts a beacon signal including the configured SSID. Wireless clients with an SSID setting of any can read the SSID from the beacon and automatically set their SSID to allow immediate connection. WEP Open System The VAP broadcasts a beacon signal including the configured SSID. Wireless clients with an SSID setting of any can read the SSID from the beacon and automatically set their SSID to allow immediate connection. WEP Key WEP is used to encrypt data transmitted between wireless clients and the VAP. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network. WEP is the security protocol initially specified in the IEEE 802.11 standard for wireless communications. Unfortunately, WEP has been found to be seriously flawed and cannot be recommended for a high level of network 23

Chapter 1 Introduction Setup Wizard security. For more robust wireless security, the access point provides Wi-Fi Protected Access (WPA) and WPA2 for improved data encryption and user authentication. Be sure that the WEP shared keys are the same for each client in the wireless network. All clients share the same keys, which are used for data encryption. For 64-bit WEP, string length must be 5 ASCII characters (letters and numbers) or 10 hexadecimal digits. For 128-bit WEP, string length must be 13 ASCII characters (letters and numbers) or 26 hexadecimal digits. WEP Shared Key The VAP broadcasts a beacon signal including the configured SSID. Wireless clients with an SSID setting of any can read the SSID from the beacon and automatically set their SSID to allow immediate connection if the WEP keys set by the client matches those set on the AP. When using this encryption option, the WEP keys are used both to authenticate the client and to encrypt the data transmitted. WEP Key WEP is used to authenticate wireless clients and encrypt data transmitted between clients and the VAP. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network. Be sure that the WEP shared keys are the same for each client in the wireless network. All clients share the same keys, which are used for authentication and data encryption. For 64-bit WEP, string length must be 5 ASCII characters (letters and numbers) or 10 hexadecimal digits. For 128-bit WEP, string length must be 13 ASCII characters (letters and numbers) or 26 hexadecimal digits. WPA-PSK For enterprise deployment, WPA requires a RADIUS authentication server to be configured on the wired network. However, for small office networks that may not have the resources to configure and maintain a RADIUS server, WPA provides a simple operating mode that uses just a pre-shared password for network access. The Pre-Shared Key mode uses a common password for user authentication that is manually entered on the access point and all wireless clients. The PSK mode uses the same TKIP packet encryption and key management as WPA in the enterprise, providing a robust and manageable alternative for small networks. Cipher Data encryption uses one of the following methods: Auto The encryption method used by the client is discovered by the access point, The encryption methods that may be discovered using this option include AES/TKIP, AES, or TKP. (This is the default setting.) AES (CCMP) This method is used as the unicst encryption cipher. AES-CCMP is the standard encryption cipher required for WPA2. TKIP TKIP is used as the unicast encryption cipher. 24

Chapter 1 Introduction Setup Wizard AES/TKIP Mixed This option of WPA2 with TKIP or AES allows you to run a mixed system: Those devices that can do WPA2 with AES will use that system, less advanced devices (such as PDA's) that can only do WPA will do WPA with TKIP Key WPA is used to encrypt data transmitted between wireless clients and the VAP. WPA uses static shared keys (fixed-length hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network. String length must be 8 to 63 ASCII characters (letters and numbers). No special characters are allowed. WPA2-PSK Clients using WPA2 with a Pre-shared Key are accepted for authentication. WPA was introduced as an interim solution for the vulnerability of WEP pending the ratification of the IEEE 802.11i wireless security standard. In effect, the WPA security features are a subset of the 802.11i standard. WPA2 includes the now ratified 802.11i standard, but also offers backward compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK modes of operation and support for TKIP encryption. Refer to WPA-PSK for a description of encryption methods and the key. WPA-PSK / WPA2-PSK Mixed Mode The TKIP/AES type is the only encryption available for mixed WPA/WPA2 security. In mixed mode, the unicast encryption (TKIP or AES) is negotiated for each client as they associate with the network. WPA-EPA WPA employs a combination of several technologies to provide an enhanced security solution for 802.11 wireless networks. A RADIUS server is used for authentication, and can also be used for accounting. Refer to WPA-PSK for a description of encryption methods. RADIUS Settings A RADIUS server must be specified for the access point to implement IEEE 802.1X network access control and Wi-Fi Protected Access (WPA) wireless security. In addition, you can configure a RADIUS Accounting server to receive usersession accounting information from the access point. RADIUS Accounting can be used to provide valuable information on user activity in the network. This guide assumes that you have already configured RADIUS server(s) to support the access point. Configuration of RADIUS server software is beyond the scope of this guide, refer to the documentation provided with the RADIUS server software. Radius Authentication Server Specifies the IP address or host name of the RADIUS authentication server. 25

Chapter 1 Introduction Setup Wizard Radius Authentication Port The UDP port number used by the RADIUS server for authentication messages. (Range: 1024-65535; Default: 1812) Radius Authentication Secret A shared text string used to encrypt messages be sent tween the access point and the RADIUS server. Be sure that the same text string is specified on the RADIUS authentication server. Do not use blank spaces in the string. (Maximum length: 255 characters) WPA2-EAP WPA was introduced as an interim solution for the vulnerability of WEP pending the ratification of the IEEE 802.11i wireless security standard. In effect, the WPA security features are a subset of the 802.11i standard. WPA2 includes the now ratified 802.11i standard, but also offers backward compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK modes of operation and support for TKIP encryption. Refer to WPA-PSK for a description of encryption methods. Refer to WPA-EAP for a information on configuring the RADIUS server. Step 6 Setting WIFI 5G Click Next, and set the SSID and encryption method for the wireless 5G channel. Figure 13: Setting WIFI 5G Refer to Setting WIFI 2.4G for a description of the configuration options. In addition to the configuration options for WIFI 2.4G, the Scan button can be used to display a listing of detected 5G networks as shown in the following example. Figure 14: Scanning WIFI 5G Networks 26

Chapter 1 Introduction Main Menu Main Menu The web interface Main Menu provides access to all of the configuration settings available for the AP. To configure settings, click the relevant Main Menu item. Each Main Menu item is summarized below with links to the relevant section in this guide where the configuration parameters are described in detail: Status The status page shows basic settings for the AP, including a description of the system, memory usage, Internet status, local network settings, wireless radio settings, connected clients, and traffic graphs. See Status Information on page 33. Network Configures Internet, Ethernet, LAN, and Hotspot settings. See Network Settings on page 39. Internet Configures the protocol settings for the WAN port. See Internet Settings on page 43 WIFI Configures 5 GHz Radio, 2.4 GHz Radio, and VLAN settings. See Wireless Settings on page 49. Routes Configures static routes. See Static Routes on page 57. Firewall Configures a firewall that controls the incoming and outgoing network traffic based on an applied rule set. See Firewall on page 59. System Configures System (designation and location), Maintenance (such as view log, firmware upgrade, and reset), User Accounts, and Services (management access methods). See System Settings on page 63. 27

Chapter 1 Introduction Main Menu Status After logging in to the web interface, the status page displays. This page shows basic settings for the AP, including Internet status, local network settings, wireless radio status, client connections, and traffic graphs. Figure 15: Status Overview Figure 16: Status Clients 28

Chapter 1 Introduction Main Menu Figure 17: Status Statistics Common Web Page Buttons The list below describes common buttons found on most of the web management pages: Save Applies the new parameters and saves them to temporary RAM memory. Also displays a message at the top of the screen to inform you that the changes have not yet been saved to Flash memory. The running configuration will not be saved upon a reboot unless you click the Apply button. Figure 18: Set Configuration Changes Apply Saves the current configuration so that it is retained after a restart. Revert Cancels the newly entered settings and restores the originals. Welcome > Logout Open the Welcome list and click Logout to end the web management session. 29

Chapter 1 Introduction Main Menu 30

Section II Web Configuration This section provides details on configuring the access point using the web browser interface. This section includes these chapters: Status Information on page 33 Network Settings on page 39 Wireless Settings on page 49 System Settings on page 63 31

Chapter II Web Configuration 32

2 Status Information The Status page displays information on the current system configuration, including Internet status, local network settings, wireless radio status, and traffic graphs. Status Information includes the following sections: System Information on page 33 Memory Status on page 34 WAN Information on page 34 LAN Information on page 35 Wireless Overview on page 36 Active Clients on page 37 Statistics on page 38 System Information The System Information section shows descriptive information about the AP. Figure 19: System Information The following items are displayed in this section: Model Name The model number of the unit. Uptime Length of time the management agent has been up. S/N The serial number of the physical access point. Version The software version number. 33

Chapter 2 Status Information Memory Status Memory Status The Memory Status section shows information about memory usage. Figure 20: Memory Status The following items are displayed in this section: Total The total amount of memory space, and the percentage in use. Free The amount of free memory. Cached The amount of cached memory in use. Buffered The amount of buffered memory in use. WAN Information The WAN Information section shows information about the Internet connection. Figure 21: WAN Information The following items are displayed in this section: Connection Shows if the WAN port is connected. Protocol Shows the protocol used for IP address assignment. IP IP address of the Internet connection. 34

Chapter 2 Status Information LAN Information Mask Network mask for IP subnet. This mask identifies the host address bits used for routing to specific subnets. Gateway IP address of the gateway router used to pass traffic between this device and other network segments. MAC MAC address assigned to this AP interface. DNS The IP address of the Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses. LAN Information The LAN Information section shows information about the local network connection. Figure 22: LAN Information The following items are displayed in this section: Protocol Shows the protocol used for IP address assignment. MAC MAC address assigned to this AP interface. IP IP address of the Internet connection. Mask Network mask for IP subnet. This mask identifies the host address bits used for routing to specific subnets. 35

Chapter 2 Status Information Wireless Overview Wireless Overview The Wireless Overview section shows information about the radio settings. Figure 23: Wireless Overview The following items are displayed in this section: Radio # Indicates the 5 GHz (Radio 0) or 2.4 GHz (Radio 1) wireless interface. SSID Service set identifier. Clients who want to connect to the wireless network through an access point must set their SSIDs to the same as that of the access point. Mode Indicates Master (Access Point) or Client. Channel The radio channel the access point uses to communicate with wireless clients. The available channels depend on the 802.11 Mode 1, Channel Bandwidth, and Country Code settings 2. MAC MAC address assigned to this AP interface. Encryption The encryption method configured on this interface. 1. See Basic Settings on page 49. 2. See Setup Wizard on page 17. 36

Chapter 2 Status Information Active Clients Active Clients The Active Clients section shows information about associated clients. Figure 24: Active Clients The following items are displayed in this section: Host Name Client name. IP Address The IP address assigned to the wireless client. MAC Address The MAC address of the wireless client. Expired Time The time the wireless client has been associated. 37

Chapter 2 Status Information Statistics Statistics The Statistics section shows the data rate for the Ethernet ports and wireless interfaces. Figure 25: Statistics 38

3 Network Settings This chapter describes operation mode, the associated LAN settings, and the DHCP client list on the access point. It includes the following sections: Operation Mode on page 39 LAN Setting on page 40 DHCP Setting on page 41 DHCP Lease Time The maximum amount of time a client can use an address assigned by the DHCP server. (Range: 1-168 hours; Default: 12 hours) DHCP Client List on page 41 Operation Mode The AP operation modes include AP Route, AP Bridge, and Client Route. These options determine how the wired and wireless clients connect to the Internet, and are described in Step 2 of the Setup Wizard, along with graphic examples. The Operation Mode includes the following options: AP Route In this mode, the AP should be connected to Internet via an ADSL/ Cable Modem. Wired are wireless ports (ETH0, ETH1, WLAN0 and WLAN 1) are members of the LAN. NAT is enabled and PCs attached to the LAN ports share the same IP to ISP connection through the WAN port. The connection type can be set up in the WAN page using PPPoE, DHCP client, PPTP client, L2TP client, or static IP. AP Bridge Configures an interface as attached to the Internet. Ethernet Port 0 and Ethernet Port 1 are both attached to the WAN. The wireless interfaces are directly bridged to the wired Ethernet. All WAN-related functions are disabled, NAT is disabled, the firewall is disabled, and DHCP is disabled. Client Route All Ethernet ports (ETH0 andeth1) are bridged together and the wireless clients connect to the ISP through the access point. NAT is enabled and PCs attached to the Ethernet ports share the same IP to ISP connection through the wireless LAN. The connection type can be set up in the WAN page using PPPoE, DHCP client, PPTP client, L2TP client, or static IP. 39

Chapter 3 Network Settings LAN Setting LAN Setting The LAN Setting fields configure the basic Internet settings for the AP. Figure 26: LAN Setting The following items are displayed in this menu: IP Address Specifies an IP address for the access point. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. (Default: 192.168.1.1) Subnet Mask Indicates the local subnet mask. (Default: 255.255.255.0) Default Gateway The IP address of the default gateway, which is used if the requested destination address is not on the local subnet. If you have management stations, DNS, RADIUS, or other network servers located on another subnet, enter the IP address of the default gateway router in the text field provided. Clone MAC Address Some ISPs limit Internet connections to the MAC address of one computer. This setting allows you to manually change the MAC address of the router s WAN interface to match the computer s MAC address. 40

Chapter 3 Network Settings DHCP Setting DHCP Setting The DHCP Setting fields allow you configure DHCP service on the AP. Figure 27: DHCP Setting Configuration options include these items: Enable Enables/disables DHCP service on this network. (Default: Enabled) DHCP Client Start First address in the address pool. (Range: 1-254; Default: x.x.x.100) DHCP Client End Last address in the address pool. (Range: 1-254; Default: x.x.x.150) DHCP Lease Time The maximum amount of time a client can use an address assigned by the DHCP server. (Range: 1-168 hours; Default: 12 hours) DHCP Client List The DHCP Client List shows the host devices which have acquired an IP address from this AP s DHCP server. Figure 28: DHCP Setting 41

Chapter 3 Network Settings DHCP Setting The following items are displayed in this list: IP Address IP address assigned to host. MAC Address MAC address of host. Time Expired The amount of time (hours) this address has been assigned to a host. 42

4 Internet Settings This chapter describes the protocol settings for the WAN port. It includes the following sections: Cable/Dynamic IP (DHCP) on page 43 Static (Fixed IP) on page 44 PPPoE (ADSL) on page 45 PPTP on page 46 L2TP on page 47 Cable/Dynamic IP (DHCP) The WAN Settings page for Cable/Dynamic IP (DHCP) is shown below. Figure 29: Cable/Dynamic IP (DHCP) The following items are displayed on this page: Wide Area Network (WAN) Settings Protocol Select Cable/Dynamic IP (DHCP). MTU Sets the size of the maximum transmission unit (MTU) for packets sent on this interface. (Range: 1-1500 bytes; Default 1500 bytes) 43

Chapter 4 Internet Settings Static (Fixed IP) Clone MAC Address Some ISPs limit Internet connections to the MAC address of one computer. This setting allows you to manually change the MAC address of the router s WAN interface to match the computer s MAC address. DHCP Client Hostname The host name associated with this client. Static (Fixed IP) The Static IP address mode sets the AP to operate with a fixed IP address to connect to the Internet. The WAN Settings page for Static (Fixed IP) is shown below. Figure 30: Static (Fixed IP) The following items are displayed on this page: Wide Area Network (WAN) Settings Protocol Select Static (Fixed IP). MTU Sets the size of the maximum transmission unit (MTU) for packets sent on this interface. (Range: 1-1500 bytes; Default 1500 bytes) Clone MAC Address Some ISPs limit Internet connections to the MAC address of one computer. This setting allows you to manually change the MAC address of the router s WAN interface to match the computer s MAC address. 44

Chapter 4 Internet Settings PPPoE (ADSL) Static IP IP Address The IP address assigned to the AP s WAN port by the ISP. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. (Default: 192.168.1) Subnet Mask The local subnet mask assigned to the AP s WAN port by your ISP. You can select standard address masks for class A (255.0.0.0), class B (255.255.0.0), class C (255.255.255.0), or a custom mask. Default Gateway The IP address of the ISP s gateway. Primary DNS Server The IP addresses of the primary domain name server. Secondary DNS Server The IP addresses of the secondary domain name server. PPPoE (ADSL) The Point-to-Point Protocol over Ethernet (PPPoE) is a WAN protocol used for ADSL services. It provides a secure tunnel connection between the service provider and the local network. The WAN Settings page for PPPoE (ADSL) is shown below. Figure 31: PPPoE (ADSL) The following items are displayed on this page: Wide Area Network (WAN) Settings Protocol Select PPPoE (ADSL). 45

Chapter 4 Internet Settings PPTP MTU Sets the size of the maximum transmission unit (MTU) for packets sent on this interface. (Range: 1-1500 bytes; Default 1500 bytes) Clone MAC Address Some ISPs limit Internet connections to the MAC address of one computer. This setting allows you to manually change the MAC address of the router s WAN interface to match the computer s MAC address. PPPoE User Name The user name specified by the service provider. (Range: 1-32 characters) Password The password specified by the service provider. (Range: 1-32 characters) Service Name The service name assigned for the PPPoE connection. The service name is normally optional, but may be required by some service providers. (Range: 1-32 alphanumeric characters) PPTP The Point-to-Point Tunneling Protocol (PPTP) is a WAN protocol used for Virtual Private Networks (VPNs) that provides a secure tunnel connection between the service provider and the local network. The WAN Settings page for PPTP is shown below. Figure 32: PPTP 46

Chapter 4 Internet Settings L2TP The following items are displayed on this page: Wide Area Network (WAN) Settings Protocol Select PPTP. MTU Sets the size of the maximum transmission unit (MTU) for packets sent on this interface. (Range: 1-1500 bytes; Default 1500 bytes) Clone MAC Address Some ISPs limit Internet connections to the MAC address of one computer. This setting allows you to manually change the MAC address of the router s WAN interface to match the computer s MAC address. PPTP Settings User Name The user name assigned by your ISP. Password The password assigned by your ISP. VPN Server The PPTP server s IPv4 address assigned by your ISP. L2TP The Layer 2 Tunneling Protocol (L2TP) is a WAN protocol used for Virtual Private Networks (VPNs) that provides a secure tunnel connection between the service provider and the local network. The WAN Settings page for L2TP is shown below. Figure 33: L2TP 47

Chapter 4 Internet Settings L2TP The following items are displayed on this page: Wide Area Network (WAN) Settings Protocol Select L2TP. MTU Sets the size of the maximum transmission unit (MTU) for packets sent on this interface. (Range: 1-1500 bytes; Default 1500 bytes) Clone MAC Address Some ISPs limit Internet connections to the MAC address of one computer. This setting allows you to manually change the MAC address of the router s WAN interface to match the computer s MAC address. L2TP Settings User Name The user name assigned by your ISP. Password The password assigned by your ISP. L2TP Server The L2TP server s IPv4 address assigned by your ISP. 48

5 Wireless Settings This chapter describes wireless settings on the access point. It includes the following sections: Basic Settings on page 49 Advanced Settings on page 52 Basic Settings The IEEE 802.11 wireless interfaces include configuration options for radio signal characteristics and wireless security features. The access point can operate in several radio modes, 802.11a/a+n/AC (5 GHz) or 802.11b+g/b+g+n (2.4 GHz). Supported modes depend on the access point model. Note that the dual-band access points can operate at 2.4 GHz and 5 GHz at the same time. The web interface identifies the radio configuration pages as: Wlan0-5G the 5 GHz 802.11a/n/AC radio interface Wlan1-2.4G the 2.4 GHz 802.11b/g/n radio interface Each radio supports 8 virtual access point (VAP) interfaces based on the SSIDs, referred to as VAP 0 ~ VAP 7. Each VAP functions as a separate access point, and can be configured with its own Service Set Identification (SSID) and security settings. Traffic to specific VAPs can be segregated based on user groups or application traffic. The clients associate with each VAP in the same way as they would with separate physical access points. The AP supports up to a total of 127 wireless clients across all VAP interfaces per radio. The basic configuration settings for the radios are shown on the Basic page. To select 5G and 2.4G radios, click on the Wlan0-5G or Wlan1-2.4G tab. 49

Chapter 5 Wireless Settings Basic Settings Figure 34: Basic Radio Configuration Status The following items are displayed on this page: WLAN radio status for each VAP. Enabled Shows if the wireless service on this VAP is enabled. SSID The name of the basic service set used by a VAP interface. Encryption Shows the type of encryption used on this interface. Country The access point s country of operation. Tx Power The power of the radio signals transmitted from the access point. 50

Chapter 5 Wireless Settings Basic Settings Click on the box for any of the VAPs to open the configuration dialogue box for basic radio settings Figure 35: Basic Radio Configuration Dialogue Box The following items are displayed on this page: Enabled Enables or disables the wireless service on this interface. Mode These options determine how the wired and wireless clients connect to the Internet, and are described in Step 2 of the Setup Wizard, along with graphic examples. The AP supports the following options: AP Route In this mode, the AP should be connected to the Internet via an ADSL/Cable Modem. Wired are wireless ports (ETH0, ETH1, WLAN0 and WLAN 1 are members of the LAN. NAT is enabled and PCs attached to the LAN ports share the same IP to ISP connection through the WAN port. The connection type can be set up in the WAN page using PPPoE, DHCP client, PPTP client, L2TP client, or static IP. (This is the default setting.) AP Bridge Configures the LAN interface (ETH0 and ETH1) as attached to the WAN (i.e., the Internet). In the following figure, Ethernet Port 0 and Ethernet Port 1 are both attached to the WAN. The wireless interfaces are directly bridged to the wired Ethernet. (This is also called bridge to Internet.) All WAN-related functions are disabled, NAT is disabled, the firewall is disabled, and DHCP is disabled. Client Route All Ethernet ports are bridged together and the AP acts as a wireless client connecting to the ISP s access point. NAT is enabled and PCs attached to the Ethernet ports share the same IP to ISP connection through the wireless LAN. Only one of the radios (2.4 GHz or 5 GHz) can connect to the ISP s access point. The connection type can be set up in the WAN page using PPPoE, DHCP client, PPTP client, L2TP client, or static IP. 51

Chapter 5 Wireless Settings Advanced Settings SSID The name of the basic service set used by a VAP interface. Clients that want to connect to the network through the access point must set their SSID to the same as that of the access point s VAP interface. (Default: ACN0.# (where # is 0-7) for 5 GHz, ACN1.# (where # is 0-7) for 2.4 GHz; Range: 1-32 characters) Hide SSID Removes the SSID from beacon frames. Also known as network cloaking, this security measure is less effective than using WPA or WPA2. There are many tools that allow you to find the supposedly hidden network name. (Default: Off) Encryption Settings The encryption options are described under Step 4 in the Introduction. (Default: No Encryption) Advanced Settings This section includes configuration settings for the radio operating mode and related parameters. Figure 36: Advanced Radio Configuration Dialogue Box The following items are displayed on this page: Wireless Mode Defines the radio operation mode. Radio 0 (5 GHz Radio) Default: 802.11 AC+n; Options: 802.11 AC+n, 802.11 a+n, 802.11 a Radio 1 (2.4 GHz Radio) Default: 802.11g+n; Options: 802.11 b, 802.11 g, 802.11g+n 52

Chapter 5 Wireless Settings Advanced Settings Mode (Radio 0) The access point provides a channel bandwidth of 20 MHz by default giving an 802.11a connection speed of 54 Mbps and a 802.11n connection speed of up to 144 Mbps. Setting the HT Mode (or channel bandwidth) to 40 MHz (sometimes referred to as Turbo Mode) increases connection speed for 802.11a and 802.11n to 108 Mbps and 300 Mbps respectively. Setting the VHT Mode (or channel bandwidth) to 80 MHz (referred to as Very High Throughput Mode) increases connection speed for 802.11n+ac to 867 Mbps. (Default: VHT80; Options: HT20, HT40, VHT80) HT Mode (Radio 1) The access point provides a channel bandwidth of 20 MHz by default giving an 802.11g connection speed of 54 Mbps and a 802.11n connection speed of up to 144 Mbps, and ensures backward compliance for slower 802.11b devices. Setting the HT Mode (or channel bandwidth) to 40 MHz (sometimes referred to as Turbo Mode) increases connection speed for 802.11g and 802.11n to 108 Mbps and 300 Mbps respectively. (Default: HT40; Options: HT20, HT40) Channel The radio channel the access point uses to communicate with wireless clients. When multiple access points are deployed in the same area, set the channel on neighboring access points at least five channels apart to avoid interference with each other. For example, for 11g/n 20 MHz mode you can deploy up to three access points in the same area using channels 1, 6, 11. Note that wireless clients automatically set the channel to the same as that used by the access point to which it is linked. The available channels are dependent on the 802.11 Mode, Channel Bandwidth, and Country Code settings. (Default: Radio 0 - Channel 36, Radio 1 - Channel 11) Table 1: Radio Channels Radio 0 (5 GHz) Radio 1 (2.4 GHz) Radio Channels * Frequency (GHz) Radio Channels Frequency (GHz) 36 5.180 1 2.412 40 5.200 2 2.417 44 5.220 3 2.422 48 5.240 4 2.427 149 5.745 5 2.432 153 5.765 6 2.437 157 5.785 7 2.422 161 5.805 8 2.447 165 5.825 9 2.452 10 2.457 11 2.462 * Supported channels depend on the 802.11 mode, channel bandwidth, and country code. 53

Chapter 5 Wireless Settings Advanced Settings Tx Power Adjusts the power of the radio signals transmitted from the access point. The higher the transmission power, the farther the transmission range. Power selection is not just a trade off between coverage area and maximum supported clients. You also have to ensure that high-power signals do not interfere with the operation of other radio devices in the service area. (Default: 17 dbm for 5 GHz radio, 27 dbm for 2.4 GHz radio) Table 2: Tx Power Power Radio 0 (5 GHz) Radio 1 (2.4 GHz) 0 dbm (1 mw) 4dBM (2 mw) 5 dbm (3 mw) 7 dbm (5 mw) 8 dbm (6 mw) 9 dbm (7 mw) 10 dbm (10 mw) 11 dbm (12 mw) 12 dbm (15 mw) 13 dbm (19 mw) 14 dbm (25 mw) 15 dbm (31 mw) 16 dbm (39 mw) 17 dbm (50 mw) 18 dbm (63 mw) 19 dbm (79 mw) 20 dbm (100 mw) 21 dbm (125 mw) 22 dbm (158 mw) 23 dbm (199 mw) 24 dbm (251 mw) 25 dbm (316 mw) 26 dbm (398 mw) 27 dbm (501 mw) ACK Timeout Sets the acknowledgement timeout, which is used primarily for long-distance connections. This timeout is used to make an adjustment for link distance. It is based on the amount of time, in microseconds, that it should take to transmit a frame to the other end of the link, be processed by the 54

Chapter 5 Wireless Settings Advanced Settings receiving device, and have the ACK frame created and returned to the sending device. (Range: 0-255 microseconds; Default: 0 microseconds) Fragmentation Thresh. Sets the maximum frame size above which packets are fragmented. Using a lower threshold reduces the time required to transmit the frame, and therefore reduces the probability that it will be corrupted (at the cost of more data overhead). (Range: 256-2346 bytes; Default: 2346 bytes) RTS Threshold Sets the packet size threshold at which a Request to Send (RTS) signal must be sent to a receiving station prior to the sending station starting communications. The access point sends RTS frames to a receiving station to negotiate the sending of a data frame. After receiving an RTS frame, the station sends a CTS (clear to send) frame to notify the sending station that it can start sending data. If the RTS threshold is set to 1, the access point always sends RTS signals. If set to 2346, the access point never sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send / Clear to Send) mechanism will be enabled. The access points contending for the medium may not be aware of each other. The RTS/CTS mechanism can solve this Hidden Node Problem. (Range: 1-2346 bytes: Default: 2347 bytes) 55

Chapter 5 Wireless Settings Advanced Settings 56

6 Static Routes This chapter describes how to configure static routes. You can set up static routes to ensure that all traffic for a specific destination network is forwarded to the LAN or WAN interface, for example, through a VPN tunnel. A maximum of 32 rules can be defined. Figure 37: Static Route List To enter a static route click on Add. The following configuration menu will be displayed. Figure 38: Route Setting The following items are displayed in this menu: Interface The interface used to route data to the network specified by the network address. (Options: LAN or WAN) Target IP address of the destination network, subnetwork, or host. Subnet Mask Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. 57

Chapter 6 Static Routes Gateway IP address of the next hop router used for this route. If this AP is used to connect your network to the Internet, the gateway IP is the AP's IP address. If you have a router handling your network's Internet connection, enter the IP address of that router instead. Metric An administrative distance used to indicate the cost of a route so that the best route, among potentially multiple routes to the same destination, can be selected. MTU The size of the maximum transmission unit (MTU) for IP packets sent on an interface. 58

7 Firewall This AP provides a firewall that controls the incoming and outgoing network traffic based on an applied rule set. A firewall establishes a barrier between a trusted, secure internal network and the Internet) which is assumed not to be secure and trusted. The firewall supports the following functions: Port Forwarding on page 59 DMZ Configuration on page 60 Access Control on page 61 Advanced Security on page 62 Port Forwarding Port forwarding allows remote computers on the Internet (WAN) to connect to a service within your private local-area network (LAN). Services on the private network are connected to the AP LAN or communicate via the wireless LAN. The AP s external interface is configured with a public IP address. Computers running services behind the AP, on the other hand, are invisible to hosts on the Internet as they each communicate only with a private IP address. When configuring port forwarding, the network administrator sets aside one port number on the gateway for the exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network s internal service. Often, the port numbers of well-known Internet services, such as port number 80 for web services (HTTP), are used in port forwarding, so that common Internet services may be implemented on hosts within private networks. Figure 39: Port Forwarding List 59

Chapter 7 Firewall DMZ Configuration To enter a port forwarding rule click on Add. The following configuration menu will be displayed. Figure 40: Port Forwarding Configuration The following items are displayed in this menu: Enable Enable or disable the service configured on this page. Name Enter the name of a local network service. A list of common services and associated ports can be found on various Internet sites, including http:// en.wikipedia.org/wiki/list_of_tcp_and_udp_port_numbers. Protocol Specify whether the protocol used by this service is TCP, UDP, or either one. External Port Enter the public TCP or UDP port number of the service. LAN IP Address Enter the IP address of the local computer providing this service. Internal Port Enter the port number on the local computer to which the request will be sent. DMZ Configuration A DMZ or demilitarized zone is a local host computer (providing various services) that is directly exposed to an organization's external-facing untrusted network, usually the Internet. You can specify one local host as being within the DMZ. The DMZ adds an simple layer of security to an organization's local area network. It restricts an external attacker to direct access to equipment in the DMZ, rather than any other part of the network. 60

Chapter 7 Firewall Access Control Figure 41: DMZ Configuration The following items are displayed in this menu: Enable Enable or disable the service configured on this page. IP Address IP address of local computer which is directly exposed to the external network; such as the Internet. Access Control The Access Control list sets a time range during which specified users (that is, local hosts) can access the Internet. Figure 42: Access Control List To configure an entry in the Access Control list, click on Add. The following configuration menu will be displayed. Figure 43: Access Control Configuration 61

Chapter 7 Firewall Advanced Security The following items are displayed in this menu: IP Address IP address of host to whom access to the Internet is restricted to a specified time. Day Day of the week to which host can access the Internet. Click on one or more days during which access is to be provided. Start Time The time at which the host can start accessing the Internet. Stop Time The time at which access to the Internet is terminated. When setting the Start Time or Stop Time, use the slider button beneath Hour and Minute as shown in the following figure. Figure 44: Access Control Time Selection Advanced Security The Advanced Security page includes several options for Denial of Service (DoS) protection. Figure 45: Advanced Security The following items are displayed in this menu: Enable SYN Flood Attack Filtering A SYN flood is a denial-of-service attack in which an attacker sends a succession of SYN requests to the AP in an attempt to consume enough resources to make the system unresponsive to legitimate traffic. (Default: filtering enabled) Enable Drop Invalid Packets Drops any invalid packets, such as those not matching any active connection. (Default: Enabled) 62

8 System Settings This chapter describes maintenance settings on the access point. It includes the following sections: Language Selection on page 64 System Log on page 64 NTP on page 65 Password on page 65 Maintenance on page 66 63

Chapter 8 System Settings Language Selection Language Selection The Language page is used to select the language used for the web interface. Figure 46: Language The following items are displayed in this menu: Language Specifies English. System Log The access point saves event and error messages to a local system log database. The log messages include the date and time, message type, and message details. Figure 47: System Log 64

Chapter 8 System Settings NTP NTP The NTP page displays the host name of servers to which NTP time requests are issued. Figure 48: NTP Password The Password page sets the password for the system administrator. Figure 49: Password The following items are displayed on this page: New Password The system administrator's password. (Range: 3-15 ASCII characters, case sensitive, no special characters; Default: admin123) Confirmation Enter the password again for verification. 65

Chapter 8 System Settings Maintenance Maintenance The Maintenance page supports general maintenance tasks including rebooting the device, restoring factory defaults, backing up or restoring configuration settings, and upgrading firmware. Figure 50: Maintenance Rebooting the Access Point The Reboot your device page allows you to reboot the access point. Figure 51: Reboot your device Resetting the Access Point The Reset to factory default settings page allows you to reset the access point to the factory defaults. Note that all user configured information will be lost. You will have to re-enter the default user name and password to re-gain management access to this device. Figure 52: Resetting to Defaults 66

Chapter 8 System Settings Maintenance Backing Up Configuration Settings The Download this device s configuration settings page allows you to back up the access point s configuration to a management workstation. In Windows, a GNU Zip (*.tar.gz) file will be stored in the Downloads folder. This is a sample file name: backup-acn-ap-2014-06-27.tar.gz Restoring Configuration Settings The Restore the configuration settings of this device page allows you to upload configuration settings from a management workstation to the access point. The specified file must be one that was previously backed up from the access point. Figure 53: Restoring Configuration Settings Click the Browse button to locate the configuration file, and then click the Upload archive button to begin restoring the configuration settings. Upgrading Firmware You can upgrade new access point software from a local file on the management workstation. New software may be provided periodically from your distributor. After upgrading new software, you must reboot the access point to implement the new code. Until a reboot occurs, the access point will continue to run the software it was using before the upgrade started. The access point supports dual software images, so if newly loaded software is corrupted, the alternate image will be used on the next reboot. Configuration settings are stored separately from the software, so the current settings will always be used for any new software. However, note that if the current configuration settings are corrupted, the system defaults will be used. Figure 54: Upgrading Firmware Click the Browse button to locate the configuration file, and then click the Flash image button to begin upgrading firmware. 67

Chapter 8 System Settings Maintenance 68

Section III Appendices This section provides additional information and includes these items: Troubleshooting on page 71 69

Section III Appendices 70

A Troubleshooting Problems Accessing the Management Interface Table 3: Troubleshooting Chart Symptom Action Cannot connect using Telnet, web browser, or SNMP software Be sure the AP is powered up. Check network cabling between the management station and the AP. Check that you have a valid network connection to the AP and that intermediate switch ports have not been disabled. Be sure you have configured the AP with a valid IP address, subnet mask and default gateway. Be sure the management station has an IP address in the same subnet as the AP s IP. If you are trying to connect to the AP using a tagged VLAN group, your management station, and the ports connecting intermediate switches in the network, must be configured with the appropriate tag. If you cannot connect using Telnet/SSH, you may have exceeded the maximum number of concurrent Telnet/SSH sessions permitted. Try connecting again at a later time. Forgot or lost the password Reset the AP to factory defaults using its Reset button. Using System Logs If a fault does occur, refer to the Quick Start Guide to ensure that the problem you encountered is actually caused by the AP. If the problem appears to be caused by the AP, follow these steps: 1. Repeat the sequence of commands or other actions that lead up to the error. 2. Make a list of the commands or circumstances that led to the fault. Also make a list of any error messages displayed. 3. Record all relevant system settings. 4. Display the log file through the System > System Log menu, and copy the information from the log file. 5. Contact your distributor s service engineer, and send a detailed description of the problem, along with all of the information mentioned in the above steps. 71

Appendix A Troubleshooting Using System Logs 72

Index A ACK timeout 54 AES (CCMP) 24 AES/TKIP Mixed 25 AP bridge 39 AP route 39 AP route mode 18 authentication 24 pre-shared key 24, 25 RADIUS server 24, 25 WPA 24 WPA2 24 C channel active 36 restrictions 17 selection 53 client route 39 clone MAC address 40 configuration settings restoring 67 saving 67 country code 36, 53 selection 17 CTS, clear to send 55 D demilitarized zone 60 DHCP 16 DHCP client list 41 DHCP setting, LAN 41 DMZ, demilitarized zone 60 DNS 35 DNS server 21 DoS protection 62 downloading software 67 E encryption 23 F firewall 59 access control 61 DoS protection 62 port forwarding 59 firmware displaying version 33 upgrading 67 fragmentation threshold 55 G gateway address 16, 35, 40, 71 H host name 20 I IEEE 802.11a/ac/n 49 configuring interface 52 radio channel 52 IEEE 802.11b/g/n 49 configuring interface 52 radio channel 52 IEEE 802.1X 25, 26 initial configuration 16 introduction 15 IP address 16 configuring 16 DNS server 21, 35 gateway 21, 35, 40 Internet connection 34, 35 wireless client 37 L L2TP 22, 47 language selection, interface 64 log messages 64 M memory status 34 MTU 20 73

Index N network settings 39 NTP, network time protocol 65 O open system 23 P password default 16 PPPoE 46 pre-shared key 24 setting 65 port forwarding 59 PPPoE 21, 45 PPTP 22, 46 pre-shared key 24 R radio channel active 36 configuring 53 RADIUS 24, 25 configuring for IEEE 802.1X 25 configuring for WPA 25 rebooting 66 resetting, configuration settings 66 router mode 18 RTS request to send 55 threshold 55 T TKIP 24 transmit power 17 configuring 54 troubleshooting 71 U upgrading software 67 user password 16 W WAN configuration 20 cable / dynamic IP 20, 43 default gateway 21 DNS server 21 IP address 21 L2TP 22, 47 PPPoE 21, 45 PPTP 22, 46 static address 20, 44 subnet mask 21 WEP key 23 open system 23 shared key 23, 24 wireless settings 49 WPA2-EAP 26 WPA2-PSK 25 WPA-EPA 25 WPA-PSK 24 S shared key 23, 24, 25 SNMP 15 software displaying version 33 upgrading 67 SSID 23, 24, 36, 49 static routes 57 status information memory 34 wireless 36 wireless clients 37 status page 28 subnet mask 16, 40, 71 system log 64 system software, upgrading 67 74

ECW5320 ECWO5320 E012016/ST-R01 150200000964A