Industrial WiFi CPE/AP CPE-2458-AC-S-I Configuration Manual Beijing Nodes Network Limited 2019
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Table of contents 1.澳 Introduction ................................................................................... 7澳 2.澳 Web Administration Interface (Web UI) ......................................... 8澳 3.澳 2.1.澳 Status...................................................................................... 8澳 2.2.澳 Configuration........................................................................... 9澳 2.3.澳 Administration .............................
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 5.澳 Advanced Radio Settings .......................................................... 114澳 5.1.澳 Short Guard Interval ............................................................ 114澳 5.2.澳 Data Rate Setting................................................................ 115澳 5.2.1 Configure Data Rate ..................................................... 115澳 5.2.2澳 Configure Multicast Rate ............................................... 115澳 5.3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 12.澳 Thin AP...................................................................................... 137澳 13.澳 Web UI Administration ............................................................... 138澳 13.1.澳 Auto Refreshment ............................................................... 138澳 13.2.澳 Web UI Port Configuration .................................................. 138澳 13.3.澳 HTTPS Certification ............................................................
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 17.3.澳 Ethernet Status ................................................................... 158澳 18.澳 Tools for Deployment / Operation / Troubleshooting ................. 159澳 18.1.澳 System Logs ....................................................................... 159澳 Download system logs ............................................................. 159澳 18.2.澳 Historical Statistic................................................................
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 ALL RIGHTS RESERVED. Beijing Nodes Network Limited Telephone: 010-5165 2232 Fax: 010-5165 4922 Web: www.nodes.com.cn Radio Frequency Interference Requirements This device complies with Part 15 of FCC Rules. Operation is subject to the following conditions: 1. This device may not cause harmful interference. 2. This device must accept any interference received, including interference that may cause undesired operation. 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 1. Introduction This guide covers the initial configuration of CPE 2458-AC-S-I via Web Administration Interface (Web UI). Web Administration Interface is the built-in and userfriendly graphic interface on all CPE products. It allows you to configure, monitor, and manage the devices using web browser. Mozilla Firefox, Google Chrome, and Internet Explorer 8+ are recommended. This guide is applicable with firmware version 2.2.1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 2. Web Administration Interface (Web UI) Figure 1 - AP Status Overview Web Administration Interface (Web UI) consists of: Primary Tabs: Configuration Administration Tools About Links: 䬢Ṕᴮ㒈/English – swap Web UI language between simplified Chinese and English. Reboot AP – reboot AP. Logout – log out from Web UI. Change: 0 – list out all unsaved configuration changes. Download Logs – download the system log from AP. 2.1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 transmission and reception statistics, and connection information. Radio1 (5G) – display 5G radio’s information including radio settings, radio transmission and reception statistics, and connection information. Ethernet - shows the current status of Ethernet interfaces. The information includes Port, MAC Address, Auto-negotiation, Speed, Duplex, Link Detected, instant throughput of uplink and downlink and traffic of of uplink and downlink.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 desire configuration to the device Customization – upload customized configuration as factory default settings for the device 2.4. Tools Figure 5 – Secondary tabs under Tools tab Administration tab collects various tools for deployment and troubleshooting. The following tabs can be found under Tools tab: Channel Scan - collect the information of all WiFi channel on 2.4GHz frequency and 5GHz frequency in the surrounding area.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 > Network and Sharing Center > Change adapter settings. 2. Right-click the icon for Local Area Connection, and then click Properties. 3. When the Local Area Connection Properties dialog box appears, select Internet Protocol (TCP/IP) (or Internet Protocol Version 4 (TCP/IPv4)) from the scrolling list, and then click Properties. The Internet Protocol (TCP/IP) Properties dialog box appears. 4. Write down all of the currently active network settings.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure8 – Connect to AP 3.3. Login the AP (via Ethernet) 1. 2. 3. 4. 5. 6. Open a Web browser from the computer. Type http://192.168.1.222 in the address bar or location bar (see Figure 7). Type admin (default username) in Username Type admin (default password) in Password Click Login Figure 7 – CPE Series Product’s Login Page Secondary IP Address of CPE Series Products The default IP address of CPE is 192.168.1.222/24.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 the reserved IP addresses, the supported device shall follow the MAC to IP address mapping shown in Table 3: Table 3 - CPE Series Product Secondary IP Address Ethernet MAC address Reserved Purpose Replaced MAC byte SecondaryIP address XX:XX:XX:XX:XX:00 Invalid IP A0 192.168.99.160 XX:XX:XX:XX:XX:01 For gateway A1 192.168.99.161 XX:XX:XX:XX:XX:02 For operator A2 192.168.99.162 CPE 192.168.99.163 A4 192.168.99.164 AF 192.168.99.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Note: - In 802.3af power safe mode, CPE will operate in 2x3 MIMO with maximum transmission power 24 dBm. 3.5. Assign an IP Address to CPE Device 3.5.1Assign Static IPv4 IP Address Figure 9 – IPv4 WAN Setting (Static IP Address) 1. Go to Configuration > Network > General > WAN Settings (IPv4) 2. Select Static on Internet Connection Type 3. Enter valid IP Address on IPv4 Address; 192.168.1.222 is the default setting 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 3.5.2Assign IPv4 IP Address from DHCP server Figure 10 – IPv4 WAN Setting (DHCP Client) 1. Go to Configuration > Network > General > WAN Settings (IPv4) 2. Select DHCP on Internet Connection Type 3. Click Enable DHCP Option 60 checkbox to specify vendor class identifier. This entry is optional. 4. Enter a string between 1 and 32 characters long on DHCP Option 60. This entry is optional. 5. Click Submit 3.5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 8. Enter valid IP address of DNS server on IPv6 DNS Server Address Note: - Click Server; - Click Server entry for adding more IPv6 Address and IPv6 DNS to remove existing IPv6 Address and IPv6 DNS 9. Click Submit 3.5.4Assign IPv6 IP Address from DHCP server Figure 13 – Enable IPv6 option 1. Go to Configuration > Network > General > Network Setting 2. Click Enable IPv6 checkbox Figure 14 – IPv6 WAN Setting 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4. Radios Settings CPE products have both a high capacity 2.4 GHzradio and a 5 GHz radio. It can play as different role in your network. This chapter shows the typical deployment scenarios and configuration procedures. 4.1. Access Point Mode Access Point (AP) allows wireless devices to connect to a wired network using 802.11 a/b/g/n/ac standards. Wireless clients connect the AP to join the network, such as laptops, smart phones etc. 4.1.1Radio0 – 2.4G 4.1.1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 2.4G 11Mbps (802.11 b) 2.4G 54Mbps (802.11 bg) 2.4G 54Mbps (802.11 g-only) 2.4G 216.7Mbps (802.11 ng HT20); Default Setting 2.4G 216.7Mbps (802.11 n-only HT20) 2.4G 450Mbps (802.11 ng HT40+) 2.4G 450Mbps (802.11 n-only HT40+) 2.4G 450Mbps (802.11 ng HT40-) 2.4G 450Mbps (802.11 n-only HT40-) 6. Select suitable option on Legacy 11b Data Rate Support for legacy client compatibility. In order to enhance the spectrum efficiency, low data rates (1/2/5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 9. Enter the maximum associated client between 1 and 256 on Maximum Client that the radio interface serves. 256 is the default setting. This entry is optional. 10. Select Disable HT20/HT40 Auto Switch checkbox that CPE device will NOT switch the channel width between 20 MHz and 40 MHz automatically. This entry is optional and only available for the following wireless modes: 2.4G 450Mbps (802.11 ng HT40+) 2.4G 450Mbps (802.11 n-only HT40+) 2.4G 450Mbps (802.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 1. Go to Configuration > Wireless > Radio0 (2.4G) > WLAN # > More… 2. Select Enable WLAN checkbox to enable WLAN 3. Select Hide SSID checkbox to hide SSID name from its beacon frame. This entry is optional. 4. Enter a unique name for the particular WLAN on SSID. Note: If you want to configure the same SSID on two different WLANs; their security setting MUST be different from each other. 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Disassociate Station if SNR drops more than Y dB for consecutive Z packets Y denotes the SNR tolerance; Z denotes the number of consecutive packets their SNR are below the difference of X - Y.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select Open on Authentication Mode 3. Select Disabled on Cipher Mode 4. Click Submit 4.1.1.4 Configure WLAN as Open network with WEP encryption This setting provides minimal security as it allows all requesting devices to join a given network. Figure 18 – 2.4G WLAN # Security Setting: Open Network with WEP 1. Go to Configuration > Wireless > Radio0(2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.1.4.1 Configure WLAN as Open network with Shared Key Authentication Shared Key authentication is one of the authentication methods with WEP encryption. It verifies that station has knowledge of a shared secret. Figure 19 – 2.4G WLAN # Security Setting: Shared Key Authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.1.4.2 Configure WLAN with WPA / WPA2 / WPA-auto Authentication WPA (Wi-Fi Protected Access) or WPA2 provides enhanced security over WEP, and allows client authentication based on an external authentication server such as a RADIUS server, for corporate networks. WPA-auto is a mixed security mode which supports multiple implementations of the WPA standard, such as WPA and WPA2. Figure 20 - 2.4G WLAN # Security Setting: WPA / WPA2 / WPA-auto Authentication 1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA2: AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA-auto: TKIP + AES This algorithm automatically selects TKIP or AES based on the client’s capabilities Note: - TKIP is not supported by 802.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 13. Enter suitable secrets in Secret of RADIUS Accounting Server. It is used along with the MD5 hashing algorithm to obfuscate passwords. This secret MUST be as the same as that in RADIUS server. This entry is optional. 14. Repeat step 11-13 if the backup RADIUS Accounting server is available. It is optional. 15. Click Submit 4.1.1.4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA2: AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA-auto: TKIP + This algorithm automatically selects TKIP or AES based on AES the client’s capabilities Note: - TKIP is not supported by 802.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 22 - 2.4G WLAN # Security Setting: WAPI Authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select WAPI on Authentication Mode 3. Select SMS4 in Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 23 - Two-Cert Mode Certification Installation Figure 24 - Three-Cert Mode Certification Installation 6. Click Browse to select suitable certifications 7. Click Upload to upload the selected certifications to CPE 8. Click Install to install certifications 9. Enter IP address of AS server on AS IP Address 10. Enter service port of AS server in AS Port 11. Enter interval time between 60 and 2147483647s in Unicast Key Update Interval; 86400 is default setting.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.1.4.5 Configure WLAN with WAPI-PSK Authentication Figure 25 - 2.4G WLAN # Security Setting: WAPI-PSK Authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select WAPI on Authentication Mode 3. Select SMS4 in Cipher Mode 4. Enter in an ASCII string between 8 and 63 characters or a HEX string with 64 characters long in Pass Phrase that users will use to connect to the wireless network. 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.1.5 Step 4: Configure ACL Setting Figure 26 – 2.4G WLAN # ACL Setting 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > ACL Setting 2. Select appropriate option on Access Control List; options include Disable Enabled ACL is disabled – Default Allow ACL is enabled. The MAC addresses which are specified in the ACL will consider as Deny.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.1.7 Step 6: Configure WLAN # Bandwidth Control Figure 27 – 2.4G WLAN # Bandwidth Control 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > Bandwidth Control 2. Specify the uplink and downlink limitation under Based on WLAN for the particular WLAN Or specify the uplink and downlink limitation under Based on Station for each associated station. 0 is default value and denotes as disable 3. Click Submit 4.1.1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.2Radio1 – 5G 4.1.2.1 Step 1: Configure General Wireless Setting Figure 28 - Radio1 (5G) General Setting 1. Go to Configuration > Wireless > Radio1(5G) > General 2. Select Enable Radio checkbox to enable radio interface 3. Select AP in Radio Mode 4. Select the correct country code on Country Code; this option ensures that the CPE device uses only the radio channels allowed in your country or region 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 5G 600Mbps (802.11 ac HT40+) 5G 600Mbps (802.11 ac HT40-) 5G 1.3Gbps (802.11 ac HT80); Default Setting 6. Select Dynamic Radio Frequency Selection (DFS) checkbox to enable automatic channel selection that selects the least congested channel where radar is not detected during booting up. Note: - Radio Frequency is set as auto automatically if DFS is enabled 7.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 11. Select Enable Inter-WLAN User Isolation checkbox that CPE device block the users’ communication across different SSID in the AP directly. This entry is optional. 12. Select Periodic Auto Channel Section checkbox to enable scheduled channel selection task on the radio interface. This entry is optional and only available if auto is selected on Radio Frequency.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 6. Deselect the DHCP Trust Port checkbox to prevent illegal DHCP servers offering IP address to DHCP clients via this WLAN. This entry is optional. 7.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 AP accepts the clients to associate if the SNR of packets from the clients is high than (>) 30dB; AP kicks out the associated client if the SNR of 10 consecutive packets is below (<) 10 dB (30 dB – 20 dB) 10. Click Submit 4.1.2.3 Step 3: Configure WLAN # Security Setting 4.1.2.3.1 Configure WLAN as Open Network This setting is typically only used in a guest network. No security measure is enforced. Figure 30 – 5G WLAN # Security Setting: Open Network 1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.2.3.2 Configure WLAN as Open network with WEP encryption This setting provides minimal security as it allows all requesting devices to join a given network. Figure 31 – 5G WLAN # Security Setting: Open Network with WEP 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.2.3.3 Configure WLAN as Open network with Shared Key Authentication Shared Key authentication is one of the authentication methods with WEP encryption. It verifies that station has knowledge of a shared secret. Figure 32 – 5G WLAN # Security Setting: Shared Key Authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select Shared on Authentication Mode 3. Select WEP on Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.2.3.4 Configure WLAN with WPA / WPA2 / WPA-auto Authentication WPA (Wi-Fi Protected Access) or WPA2 provides enhanced security over WEP, and allows client authentication based on an external authentication server such as a RADIUS server, for corporate networks. WPA-auto is a mixed security mode which supports multiple implementations of the WPA standard, such as WPA and WPA2. Figure 33 - 5G WLAN # Security Setting: WPA / WPA2 / WPA-auto Authentication 1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 devices, but is not supported by the 802.11n standard. AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA2: AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 14. Enter suitable secrets in Secret of RADIUS Accounting Server. It is used along with the MD5 hashing algorithm to obfuscate passwords. This secret MUST be as the same as that in RADIUS server. This entry is optional. 15. Repeat step 11-13 if the backup RADIUS Accounting server is available. It is optional. 16.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA2: AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA-auto: TKIP + AES This algorithm automatically selects TKIP or AES based on the client’s capabilities Note: - TKIP is not supported by 802.11n standard. If selected TKIP, the 802.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 35 - 5G WLAN # Security Setting: WAPI Authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select WAPI on Authentication Mode 3. Select SMS4 in Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 6. Figure 36 and Figure 37.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 36 - Two-Cert Mode Certification Installation Figure 37 - Three-Cert Mode Certification Installation 7. Click Browse to select suitable certifications 8. Click Upload to upload the selected certifications to CPE 9. Click Install to install certifications 10. Enter IP address of AS server on AS IP Address 11. Enter service port of AS server in AS Port 12. Enter interval time between 60 and 2147483647s in Unicast Key Update Interval; 86400 is default setting.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN with WAPI-PSK Authentication Figure 38 - 5G WLAN # Security Setting: WAPI-PSK Authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select WAPI on Authentication Mode 3. Select SMS4 in Cipher Mode 4. Enter in an ASCII string between 8 and 63 characters or a HEX string with 64 characters long in Pass Phrase that users will use to connect to the wireless network. 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Enabled – Default Allow ACL is enabled. The MAC addresses which are specified in the ACL will consider as Deny. Every wireless client can associate to the AP unless its MAC address is on the list Enabled – Default Deny ACL is enabled. The MAC addresses which are specified in the ACL will consider as Allow. Every wireless client CANNOT associate to the AP unless its MAC address is on the list 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.1.2.6 Step 6: Configure WLAN # Bandwidth Control Figure 40 – 5G WLAN # Bandwidth Control 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > Bandwidth Control 2. Specify the uplink and downlink limitation under Based on WLAN for the particular WLAN Or specify the uplink and downlink limitation under Based on Station for each associated station. 0 is default value and denotes as disable 3. Click Submit 4.1.2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.2. Station / CPE Mode Station / CPE acts as a terminal and associated equipment located at a subscriber's premises and connected with a carrier's telecommunication channel at the demarcation point. 4.2.1Radio0 – 2.4G 4.2.1.1 Step 1: Configure General Wireless Setting Figure 41 – 2.4G General Setting 1. 2. 3. 4. 5. Go to Configuration > Wireless > Radio0(2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.2.1.2 Step 2: Configure WLAN 0 General Setting Figure 42 – 2.4G WLAN 0 General Setting 1. Go to Configuration > Wireless > Radio0(2.4G) > Station > WLAN0 > More… 2. Select Lock AP Mac checkbox to force station that associate the AP with MAC address in Remote AP MAC only. This entry is optional. 3. Enter the desired SSID on Remote SSID that station is going to associate or click [Scan] to look for the surrounding SSID. Figure 43 – 2.4G WLAN 0 AP scan result 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 5. Enter up to three preferred AP MAC addresses on Preferred AP0 / AP1 / AP2 Mac that station associates them preferentially. Preferred AP0 is the highest priority. These entries are optional. 6. Select Enable Roaming checkbox to enable roaming on station. This entry is optional. 7.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.2.1.3 Step 3: Configure WLAN 0 Security Setting Figure 44 – WLAN0 Security Setting Figure 45 – WLAN 0 Security Setting – Associating Open Network 1. Go to Configuration > Wireless > Radio0(2.4G) > Station > WLAN0 > WLAN Security 2. Select Open in Authentication Mode 3. Select Disabled in Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate Open WLAN with WEP encryption Figure 46 – 2.4G WLAN 0 Security Setting: Open Network with WEP 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN0 > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate WLAN with Shared Key authentication Figure 47 – WLAN 0 Security Setting – Associating WLAN with Shared Key authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN0 > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate WLAN with WPA / WPA2 authentication Figure 48 - WLAN 0 Security Setting – Associating WLAN with WPA / WPA2 authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > Station > WLAN0 > WLAN Security 2. Select WPA / WPA2 in Authentication Mode 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 TKIP + AES This algorithm automatically selects TKIP or AES based on the client’s capabilities 4. Select suitable EAP method mode in EAP Method; the options include: PEAP-MSCHAPV2 TTLS-MSCHAPV2 TTPS-PAP TTLS-CHAP 5. Enter correct username in Username for authentication. 6. Enter correct password in Password for authentication. 7.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 + AES TKIP the client’s capabilities This algorithm provides greater compatibility with older client devices, but is not supported by the 802.11n standard. AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA2: AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.2.1.4 Step 4: Configure WLAN 0 QoS Figure 50 – 2.4G WLAN 0 QoS 1. Go to Configuration > Wireless > Radio0(2.4G) > Station > WLAN0 > QoS 2. Select Enable DSCP-to-WMM Mapping checkbox that CPE provides different QoS to the incoming packet with the corresponding DSCP value 3. Enter DSCP value on Best Effort (BE), Background (BK), Video (VI), and Voice (VO); these entry is optional 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.2.2Radio1 – 5G 4.2.2.1 Configure General Wireless Setting Figure 51 - 5G General Setting 1. Go to Configuration > Wireless > Radio1(5G) > General 2. Select Enable Radio checkbox to enable radio interface 3. Select Station in Radio Mode 4. Select Dynamic Radio Frequency Selection (DFS) checkbox to enable automatic channel selection that selects the least congested channel where radar is not detected during booting up. 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.2.2.2 Configure WLAN 0 General Setting Figure 52 - WLAN 0 General Setting 1. Go to Configuration > Wireless > Radio1(5G) > WLAN0 > More… 2. Select Lock AP Mac checkbox to force station that associate the AP with MAC address in Remote AP MAC only. This entry is optional. 3. Enter the desired SSID on Remote SSID that station is going to associate or click [Scan] to look for the surrounding SSID. 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 5. Enter up to three preferred AP MAC addresses on Preferred AP0 / AP1 / AP2 Mac that station associates them preferentially. Preferred AP0 is the highest priority. These entries are optional. 6. Select Enable Roaming checkbox to enable roaming on station. This entry is optional. 7.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.2.2.3 Configure WLAN 0 Security Setting Figure 54 - WLAN0 Security Setting Configure to associate Open WLAN Figure 55 - WLAN 0 Security Setting – Associating Open Network 1. Go to Configuration > Wireless > Radio1(5G) > WLAN0 > WLAN Security 2. Select Open in Authentication Mode 3. Select Disabled in Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate Open WLAN with WEP encryption Figure 56 – WLAN0 Security Setting – Associating Open Network with WEP encryption 1. Go to Configuration > Wireless > Radio1(5G) > WLAN0 > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate WLAN with Shared Key authentication Figure 57 - WLAN 0 Security Setting – Associating WLAN with Shared Key authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN0 > WLAN Security 2. Select Shared in Authentication Mode 3. Select WEP in Cipher Mode 4. Select key number 1 – 4 in Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 1. Go to Configuration > Wireless > Radio1(5G) > WLAN0 > WLAN Security 2. Select WPA / WPA2 in Authentication Mode 3. Select suitable encryption mode in Cipher Mode as the followings: 4. If Authentication Mode is WPA: TKIP + AES This algorithm automatically selects TKIP or AES based on the client’s capabilities TKIP This algorithm provides greater compatibility with older client devices, but is not supported by the 802.11n standard.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate WLAN with WPA-PSK / WPA2-PSK authentication Figure 59 - WLAN 0 Security Setting – Associating WLAN with WPA-PSK / WPA2-PSK authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN0 > WLAN Security 2. Select WPA-PSK / WPA2-PSK in Authentication Mode 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4. Enter an ASCII string between 8 and 63 characters long or a HEX string with 64 characters long on Pass Phrase that matches with remote AP 5. Click Submit 4.2.2.4 Configure WLAN 0 QoS Figure 60 – 5G WLAN 0 QoS 1. Go to Configuration > Wireless > Radio1(5G) > WLAN0 > QoS 2. Select Enable DSCP-to-WMM Mapping checkbox that CPE provides different QoS to the incoming packet with the corresponding DSCP value 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.1.1 Configure General Wireless Setting Figure 61 - 2.4G General Setting 1. Go to Configuration > Wireless > Radio0(2.4G) > General 2. Select Enable Radio checkbox to enable radio interface 3. Select Repeater in Radio Mode 4. Select the correct country code on Country Code; this option ensures that the CPE device uses only the radio channels allowed in your country or region 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.1.2 Configure WLAN 15 General Setting (Station / CPE) Figure 62 – 2.4G WLAN15 General Setting 1. Go to Configuration > Wireless > Radio0 (2.4G) > Station Configuration > WLAN 15 > More… 2. Select Lock AP Mac checkbox to force station that associate the AP with MAC address in Remote AP MAC only. This entry is optional. 3. Enter the desired SSID on Remote SSID that station is going to associate or click [Scan] to look for the surrounding SSID. Figure 63 - 2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4. Select any one SSID checkbox shown on AP Scan Result, and then click Select. 5. Enter up to three preferred AP MAC addresses on Preferred AP0 / AP1 / AP2 Mac that station associates them preferentially. Preferred AP0 is the highest priority. These entries are optional. 6. Select Enable Roaming checkbox to enable roaming on station. This entry is optional. 7.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 14. Click Submit 4.3.1.3 Configure WLAN15 Security Setting Figure 64 – WLAN15 Security Setting Configure to associate Open WLAN Figure 65 - WLAN15 Security Setting – Associating Open Network 1. Go to Configuration > Wireless > Radio0(2.4G) > Station Configuration > WLAN15 > WLAN Security 2. Select Open in Authentication Mode 3. Select Disabled in Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate Open WLAN with WEP encryption Figure 66 - 2.4G WLAN15 Security Setting: Open Network with WEP 1. Go to Configuration > Wireless > Radio0(2.4G) > Station Configuration > WLAN15 > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate WLAN with Shared Key authentication Figure 67 – WLAN15 Security Setting – Associating WLAN with Shared Key authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > Station Configuration > WLAN15 > WLAN Security 2. Select Shared on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate WLAN with WPA / WPA2 authentication Figure 68 – WLAN15 Security Setting – Associating WLAN with WPA / WPA2 authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > Station Configuration > WLAN15 > WLAN Security 2. Select WPA / WPA2 in Authentication Mode 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4. Select suitable EAP method mode in EAP Method; the options include: PEAP-MSCHAPV2 TTLS-MSCHAPV2 TTPS-PAP TTLS-CHAP 5. Enter correct username in Username for authentication. 6. Enter correct password in Password for authentication. 7. Click Submit Configure to associate network with WPA-PSK / WPA2-PSK authentication Figure 69 – WLAN15 Security Setting – Associating WLAN with WPA-PSK / WPA2-PSK authentication 1. Go to Configuration > Wireless > Radio0(2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 devices, but is not supported by the 802.11n standard. AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA2: AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.1.4 Configure WLAN15 QoS Figure 70 – 2.4G WLAN15 QoS 1. Go to Configuration > Wireless > Radio0(2.4G) > Station > WLAN15 > QoS 2. Select Enable DSCP-to-WMM Mapping checkbox that CPE provides different QoS to the incoming packet with the corresponding DSCP value 3. Enter DSCP value on Best Effort (BE), Background (BK), Video (VI), and Voice (VO); these entry is optional 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.1.5 Configure WLAN # General Setting Figure 71 - WLAN # General Setting 1. Go to Configuration > Wireless > Radio0 (2.4G) > WLAN Configuration > WLAN # > More… 2. Select Enable WLAN checkbox to enable WLAN 3. Select Hide SSID checkbox to hide SSID name from its beacon frame. This entry is optional. 4. Enter a unique name for the particular WLAN on SSID.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 8. Specify the maximum associated clients between 1 and 256 on Max Clients for this WLAN. 256 is the default setting. Note: - Max Clients in WLAN 0 – 15 MUST be smaller than or equal to () the Max Clients setting on Radio General Setting 9. Specify an additional requirement on Signal Strength to Noise Ratio (SNR) for associated clients under Station Association Requirement. This requirement is optional.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.1.6 Configure WLAN # Security Setting Configure WLAN as Open Network Figure 72 - WLAN # General Setting 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select Open on Authentication Mode 3. Select Disabled on Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN as Open network with WEP encryption Figure 73 – WLAN # Security Setting: Open Network with WEP 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN as Open network with Shared Key Authentication Figure 74 – WLAN # Security Setting: Shared Key Authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN with WPA / WPA2 / WPA-auto Authentication Figure 75 - WLAN # Security Setting: WPA / WPA2 / WPA-auto Authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select WPA / WPA2 / WPA-auto on Authentication Mode 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 devices, but is not supported by the 802.11n standard. AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA2: AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 13. Enter suitable secrets in Secret of RADIUS Accounting Server. It is used along with the MD5 hashing algorithm to obfuscate passwords. This secret MUST be as the same as that in RADIUS server. This entry is optional. 14. Repeat step 11-13 if the backup RADIUS Accounting server is available. It is optional. 15.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA-auto: TKIP + AES This algorithm automatically selects TKIP or AES based on the client’s capabilities Note: - TKIP is not supported by 802.11n standard. If selected TKIP, the 802.11n’s devices will be limited to 802.11g transfer rate, i.e. up to 54 Mbps 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN with WAPI Authentication Figure 77 - WLAN # Security Setting: WAPI Authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select WAPI on Authentication Mode 3. Select SMS4 in Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 78 - Two-Cert Mode Certification Installation Figure 79 - Three-Cert Mode Certification Installation 6. Click Browse to select suitable certifications 7. Click Upload to upload the selected certifications to CPE 8. Click Install to install certifications 9. Enter IP address of AS server on AS IP Address 10. Enter service port of AS server in AS Port 11. Enter interval time between 60 and 2147483647s in Unicast Key Update Interval; 86400 is default setting.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN with WAPI-PSK Authentication Figure 80 - WLAN # Security Setting: WAPI-PSK Authentication 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > WLAN Security 2. Select WAPI on Authentication Mode 3. Select SMS4 in Cipher Mode 4. Enter in a string between 8 and 64 characters long in Pass Phrase that users will use to connect to the wireless network. 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.1.7 Configure ACL Setting Figure 81 – 5G WLAN #ACL Setting 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > ACL Setting 2. Select appropriate option on Access Control List; options include Disable ACL is disabled Enabled – Default ACL is enabled. The MAC addresses Allow which are specified in the ACL will consider as Deny.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.1.8 Configure WLAN # QoS Please refer to Quality of Service (QoS) on page 129 4.3.1.9 Configure WLAN # Bandwidth Control Figure 82 – 2.4G WLAN # Bandwidth Control 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > Bandwidth Control 2. Specify the uplink and downlink limitation under Based on WLAN for the particular WLAN Or specify the uplink and downlink limitation under Based on Station for each associated station.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.2Radio1 – 5G 4.3.2.1 Configure General Wireless Setting Figure 83 – 5G General Setting 1. Go to Configuration > Wireless > Radio1(5G) > General 2. Select Enable Radio checkbox to enable radio interface 3. Select Repeater in Radio Mode 4. Select the correct country code on Country Code; this option ensures that the CPE device uses only the radio channels allowed in your country or region 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.2.2 Configure WLAN 15 General Setting (Station / CPE) 1. Go to Configuration > Wireless > Radio1 (5G) > WLAN 15 > More… 2. Select Lock AP Mac checkbox to force station that associate the AP with MAC address in Remote AP MAC only. This entry is optional. 3. Enter the desired SSID on Remote SSID that station is going to associate or click [Scan] to look for the surrounding SSID. Figure 84 – 5G AP scan result 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 9. Specify the duration from 1s to 3600s on Max Scan Interval for channel scanning; 60s is default setting. CPE device conducts at least one scanning within this interval. 10. Specify the duration from 1s to 60s on Min Scan Interval for channel scanning; 10s is default setting. No more than one scanning will be conducted within this interval. This parameter is to prevent too often channel scanning from affecting the data transmission.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure to associate Open WLAN Figure 86 - WLAN15 Security Setting – Associating Open Network 1. Go to Configuration > Wireless > Radio1(5G) > Repeater > WLAN15 > WLAN Security 2. Select Open in Authentication Mode 3. Select Disabled in Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 1. Go to Configuration > Wireless > Radio1(5G) > WLAN0 > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5. Select suitable key type in Key Entry Mode; the options include: Ascii Text key is encoded as ASCII characters (0–9, a–z, A–Z) Hexadeci key is encoded as Hexadecimal characters mal (0–9, A–F) 6. Enter up to four keys in WEP Key 1, WEP Key 2, WEP Key 3 and WEP Key 4 respectively.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 6. Enter up to four keys in WEP Key 1, WEP Key 2, WEP Key 3 and WEP Key 4 respectively. You can type either up to 5 Ascii characters or up to 10 Hexadecimal characters as WEP Key. 7. Click Submit Configure to associate WLAN with WPA / WPA2 authentication Figure 89 - WLAN15 Security Setting – Associating WLAN with WPA / WPA2 authentication 1. Go to Configuration > Wireless > Radio1(5G) > Station > WLAN0 > WLAN Security 2. Select WPA / WPA2 in Authentication Mode 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 If Authentication Mode is WPA-auto: TKIP + AES This algorithm automatically selects TKIP or AES based on the client’s capabilities 4. Select suitable EAP method mode in EAP Method; the options include: PEAP-MSCHAPV2 TTLS-MSCHAPV2 TTPS-PAP TTLS-CHAP 5. Enter correct username in Username for authentication. 6. Enter correct password in Password for authentication. 7.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 TKIP This algorithm provides greater compatibility with older client devices, but is not supported by the 802.11n standard. AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA2: AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 2. Select Enable DSCP-to-WMM Mapping checkbox that CPE provides different QoS to the incoming packet with the corresponding DSCP value 3. Enter DSCP value on Best Effort (BE), Background (BK), Video (VI), and Voice (VO); these entry is optional 4. Click Submit Note: - CPE classify the packet without DSCP marking as Best Effort (BE) traffic 4.3.2.5 Configure WLAN # General Setting Figure 92 - 5G WLAN # General Setting 1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 6. Deselect the DHCP Trust Port checkbox to prevent illegal DHCP servers offering IP address to DHCP clients via this WLAN. This entry is optional. 7.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 clients is high than (>) 30dB; AP kicks out the associated client if the SNR of 10 consecutive packets is below (<) 10 dB (30 dB – 20 dB) 10. Click Submit 4.3.2.6 Configure WLAN # Security Setting Configure WLAN as Open Network Figure 93 - 5G WLAN # Security Setting: Open Network 5. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 6. Select Open on Authentication Mode 7. Select Disabled on Cipher Mode 8.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN as Open network with WEP encryption Figure 94 - WLAN # Security Setting: Open Network with WEP 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select Open on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN as Open network with Shared Key Authentication Figure 95 - 5G WLAN # Security Setting: Shared Key Authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select Shared on Authentication Mode 3. Select WEP on Cipher Mode 4. Select key number 1 – 4 on Default WEP Key 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN with WPA / WPA2 / WPA-auto Authentication Figure 96 - 5G WLAN # Security Setting: WPA / WPA2 / WPA-auto Authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select WPA / WPA2 / WPA-auto on Authentication Mode 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA2: AES This algorithm provides enhanced security over TKIP, and is the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA-auto: TKIP + AES This algorithm automatically selects TKIP or AES based on the client’s capabilities Note: - TKIP is not supported by 802.11n standard. If selected TKIP, the 802.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 14. Repeat step 11-13 if the backup RADIUS Accounting server is available. It is optional. 15. Click Submit Configure WLAN with WPA-PSK / WPA2-PSK / WPA-auto-PSK Authentication Figure 97 - 5G WLAN # Security Setting: WPA-PSK / WPA2-PSK / WPA-auto-PSK Authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select WPA-PSK / WPA2-PSK / WPA-auto-PSK on Authentication Mode 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 the only encryption algorithm supported by the 802.11i standard. If Authentication Mode is WPA-auto: TKIP + AES This algorithm automatically selects TKIP or AES based on the client’s capabilities Note: - TKIP is not supported by 802.11n standard. If selected TKIP, the 802.11n’s devices will be limited to 802.11g transfer rate, i.e. up to 54 Mbps 4. Enter interval time in second in Group Key Update Interval. 86400 is default setting. This entry is optional. 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN with WAPI Authentication Figure 98 - 5G WLAN # Security Setting: WAPI Authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select WAPI on Authentication Mode 3. Select SMS4 in Cipher Mode 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 99 - Two-Cert Mode Certification Installation Figure 100 - Three-Cert Mode Certification Installation 6. Click Browse to select suitable certifications 7. Click Upload to upload the selected certifications to CPE 8. Click Install to install certifications 9. Enter IP address of AS server on AS IP Address 10. Enter service port of AS server in AS Port 11. Enter interval time between 60 and 2147483647s in Unicast Key Update Interval; 86400 is default setting.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Configure WLAN with WAPI-PSK Authentication Figure 101 - 5G WLAN # Security Setting: WAPI-PSK Authentication 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > WLAN Security 2. Select WAPI on Authentication Mode 3. Select SMS4 in Cipher Mode 4. Enter in an ASCII string between 8 and 63 characters or a HEX string with 64 characters long in Pass Phrase that users will use to connect to the wireless network. 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.2.7 Configure ACL Setting Figure 102 – 5G WLAN #ACL Setting 1. Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > ACL Setting 2. Select appropriate option on Access Control List; options include Disable ACL is disabled Enabled – Default ACL is enabled. The MAC addresses Allow which are specified in the ACL will consider as Deny.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4.3.2.8 Configure WLAN # QoS Please refer to Quality of Service (QoS) on page 129 4.3.2.9 Configure WLAN # Bandwidth Control Figure 103 – 5G WLAN # Bandwidth Control 1. Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > Bandwidth Control 2. Specify the uplink and downlink limitation under Based on WLAN for the particular WLAN Or specify the uplink and downlink limitation under Based on Station for each associated station.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 5. Advanced Radio Settings Advanced radio settings are available on each radio interface; these settings include Frame Aggregation, Data Rate setting, Medium Access Protection Mechanism, Spatial Stream, and Throughput Optimization mechanism. Caution: - Inappropriate configuration may bring negative impact on the network performance - Only technically advanced users who have sufficient knowledge about WLAN technology should use the advanced wireless settings.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 5.2. Data Rate Setting The fact is that low data rate transmissions consume more air time than high data rates. It may affect the system performance. By disabling low data rates, AP rules out some remote clients with poor signal strength and hence low link data rate, preventing them from consuming too much air time and leaves the air time for higher data rates transmissions. In this way, overall system performance can be improved.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 transferring multicast packets. Otherwise, CPE uses the selected data rate for multicast packet transmission under any condition. 3. Click Submit 4. Click Save & Apply from the top on the right.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 5.3. Frame Aggregation Frame aggregation allows the device to send multiple frames per single access to the medium by combining frames together into one larger frame. Figure 106 – Frame Aggregation Configuration 1. 2.4G Radio: Go to Configuration > Wireless > Radio0(2.4G) > Advanced > Advanced Settings 5G Radio: Go to Configuration > Wireless > Radio1(5G) > Advanced > Advanced Settings 2. Click AMPDU checkbox to enable aggregation of MAC protocol data unit (MPDU) 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 3. Select the maximum number of transmission between 1 and 3 on Max Rx Streams 4. Click Submit 5. Click Save & Apply from the top on the right. 5.5. Delivery Traffic Indication Message (DTIM) time According to the 802.11 standards, a Delivery Traffic Indication Map (DTIM) period value is a number that determines how often a beacon frame includes a Delivery Traffic Indication Message, and this number is included in each beacon frame. The 802.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 when a node is visible from a wireless access point (AP), but not from other nodes communicating with that AP. This leads to difficulties in media access control sublayer. IEEE 802.11 uses 802.11 RTS/CTS acknowledgment and handshake packets to partly overcome the hidden node problem. Figure 109 – Protection Mode Setting 1. 2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 default setting. 4. Click Submit 5. Click Save & Apply from the top on the right. 5.7. Beacon interval of BSS Beacon interval stands for the time interval of beacon transmissions of each supported BSS. The unit is in term of millisecond (ms). The beacon interval can be configured between 40 and 3500ms. The default setting is 100ms, i.e. 10 beacons per second. Figure 110 – Beacon Interval Setting 1. 2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 5G Interface: Go to Configuration > Wireless > Radio1(5G) > Advanced > Advanced Settings 2. Select Nearby AP List checkbox to enable that CPE sniffs the surrounding AP periodically; The result list is shown on the corresponding radios’ status information 3. Click Submit 4. Click Save & Apply from the top on the right. 5.9. IGMP Snooping CPE acts as a Layer 2 device when it is configured as Switch mode.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 113 – Multicast Traffic Setting 1. 2.4G Interface: Go to Configuration > Wireless > Radio0(2.4G) > Advanced > Advanced Settings 5G Interface: Go to Configuration > Wireless > Radio1(5G) > Advanced > Advanced Settings 2. Select Multicast Traffic checkbox to enable that CPE processes multicast traffic in WLANs 3. Click Submit 4. Click Save & Apply from the top on the right.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 6. VLAN Configuration VLAN is layer-2 network domain that may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers. Note: - 6.1 VLAN is applicable on Switch mode ONLY Configure Radio Settings Please refer to Radios Setting on Page 17 to complete the radio settings 6.2 Enable VLAN Figure 114 – VLAN Setting 1. Go to Configuration > Network > VLAN 2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 6.3 Create VLAN Profile Figure 115 – VLAN Profile Setting 1. Go to Configuration > Network > VLAN > VLAN Profile 2. Click Add VLAN 3. Enter an identification number between 1 and 4094 on VLAN ID that is an unique identification representing a VLAN 4. Enter valid IP Address on IPv4 Address of CPE device in the VLAN 5. Enter valid IP subnet mask on IPv4 Subnet Mask of the VLAN 6.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 116 – Management VLAN Setting 1. Go to Configuration > Network > VLAN > VLAN Profile 2. Click Management VLAN checkbox on the row with appropriate VLAN ID 3. Click Submit Note: - IP address of Management VLAN is same as IP address of WAN Setting 6.5 Assign VLAN Profile on Interface as Access Port Access port belongs to a single VLAN and does not provide any identifying marks on the frames that are passed between devices.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4. Select appropriate VLAN ID on VLAN that indicate which VLAN the interface belongs to 5. Click Submit 6.6 Assign VLAN Profile on Interface as Trunk Port 1. Go to Configuration > Network > VLAN > Interfaces 2. Click Edit on the row with appropriate interface 3. Select Trunk checkbox 4. Select appropriate VLAN ID on PVID as default VLAN ID of the interface 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 7. Network Time Protocol (NTP) Settings For successful and proper communication between various elements in a network, time synchronization between the elements and across the network is critical. Network Time Protocol (NTP), a networking protocol for clock synchronization, is required to obtain the precise time from a server and to regulate the local time in each network element. The NTP server on CPE devices is set to 0.pool.ntp.org by default.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 - If providing NTP server’s domain name in NTP Server IP, you must provide valid DNS server information (Refer to Assign an IP Address to CPE Device on page 14 for more detail) 8. STP Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. Figure 119 – STP Setting 1. Go to Configuration > Network > General > STP Setting 2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 9. Safe Mode Safe Mode is used for detecting the backhaul link integrity. If the AP loses its backhaul connectivity, it forces the clients to re-associate with another AP by changing its SSID to a default Safe Mode_X, where X is the MAC address of the radio interface in hexadecimal. This mechanism protects the client from connecting to the AP which has no backhaul to the Internet end.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 121 – Quality of Service (WMM) 1. 2.4G Interface: Go to Configuration > Wireless > Radio0(2.4G) > QoS 5G Interface: Go to Configuration > Wireless > Radio1(5G) > QoS 2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 122 – 2.4G WLAN # QoS 1. 2.4G Interface: Go to Configuration > Wireless > Radio0(2.4G) > WLAN > WLAN # > QoS 5G Interface: Go to Configuration > Wireless > Radio1(5G) > WLAN > WLAN # > QoS 2. Select Enable DSCP-to-WMM Mapping checkbox that CPE provides different QoS to the incoming packet with the corresponding DSCP value 3. Enter DSCP value on Best Effort (BE), Background (BK), Video (VI), and Voice (VO); these entry is optional 4. Click Submit 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 11.1. IP Gateway " Step 1: Configure WAN IP Setting Refer to Assign an IP Address to CPE Device on page 14 for more detail " Step 2: Configure Radio Settings Please refer to Radios Setting on Page 17 to complete the radio settings " Step 3: Enable Gateway Mode Figure 123 – Network Setting 1. Go to Configuration > Network > Network Setting 2. Select Gateway Mode on Network Setting 3. Click Submit " Step 4: Configure LAN IP Setting Figure 124 – LAN Setting (IPv4) 1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 " Step 5: Assign Interface(s) as WAN Interface Figure 126 – WAN Interface Assignment 1. Go to Configuration > Network > WAN/LAN Interface Assignment 2. Click at the end of WAN row 3. Select appropriate interface(s) on WAN Interfaces list that acts as WAN interface. 4. Click Submit " Step 6: Assign Interface(s) as LAN Interface 1. Go to Configuration > Network > WAN/LAN Interface Assignment 2. Click at the end of LAN row 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 - DHCP Server is applicable on Gateway mode ONLY " Step 1: Configure as Gateway Mode Refer to IP Gateway on page 132 for more detail " Step 2: Enable DHCP Server Figure 127 – DHCP Server Setting 1. Go to Configuration > Network > DHCP 2. Select Server Mode on DHCP Server 3. Click Submit " Step 3: Assign IP Address Range for Leasing on DHCP Server Figure 128 – Address Pool Setting 1. Go to Configuration > Network > DHCP 2. Click on any Pool ID 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 - All IP address for leasing MUST be within the LAN IP subnet (Refer to Step 4: Configure LAN IP Setting on page 132 for more detail) " Step 4: Apply Submitted Configurations on the CPE Device 1. Click Save & Apply from the top on the right. 11.3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 130 – Port Forward Setting 1. Go to Configuration > Network > Port Forward 2. Click on any ID 3. Click Enable checkbox to enable port forward profile 4. Enter the host’s IP address on Local IP Address that provides service to hosts on WAN interface(s) 5. Enter the service listening port of the host on Local Port that provides service to hosts on WAN interface(s) 6. Select suitable protocol(s) on Protocol Type. Options include TCP & UDP TCP UDP 7.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 12. Thin AP Figure 131 – Thin AP Setting Thin AP stands for AP simply passes wireless network traffic to the switch, performing few complex tasks locally. All encryption, authentication, and policy settings generally occur on a central switch or controller, to which multiple thin access points are connected, rather than on the AP itself. Access controller or equivalent platform is required if thin AP is enabled 1. Go to Configuration > Thin AP 2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 13. Web UI Administration 13.1. Auto Refreshment Figure 132 – Auto Refreshment Setting 1. Click Configuration > System > WEB Setting 2. Select appropriate refresh interval on Auto Refresh Interval that Web UI refreshes itself automatically. Options include: Disable Refresh manually 5s 10s 20s Refresh every 5 seconds 30s 40s Refresh every 30 seconds Refresh every 10 seconds (Default Setting) Refresh every 20 seconds Refresh every 40 seconds 3. Click Submit 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 13.3. HTTPS Certification CPE devices support both HTTP and HTTPS connection for their web UI. Certificate management allows network administrator to upload their own certifications for HTTPS connection. Figure 134 – Certificate Management 1. Go to Administration > Certificate 2. Click Browse on Http Cert File and select suitable certification file for HTTPS connection 3. Click Upload on Http Cert File to upload certification 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 13.4. User Administration CPE device allows network administrator to manage user account and privilege for accessing Web UI via local authentication and/or RADIUS authentication. Table 4 describes the authentication setting on CPE device.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 13.4.1.2 1. 2. 3. 4. 5. Modify guest account’s password Go to Administration > User Admin Select guest in UserName Type a new password in Password Type a new password again in Confirm Password Click Submit Note: - Please login as admin for modifying password 13.4.2 RADIUS authentication 1. Go to Administration > User Admin > Login Authentication Setting 2. Select RADIUS authentication or RADIUS + Local authentication in Authentication Type 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 8. Left Secondary RADIUS Secret blank if no backup RADIUS server is available 9. Click Submit 10.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 14. Device Configuration & Firmware Management 14.1. Backup & Restore Device Configuration Network administrator backups / restores CPE device’s settings via web UI. Backup Device Configuration Figure 136 – Backup configuration 1. Go to Administration > Backup/Restore > Backup Configuration File 2. Click Create backup and save configuration file Restore Device Configuration Figure 137 – Restore configuration 1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 14.2. Firmware Update Network administrator updates (upgrades or downgrades) CPE device’s firmware via web UI. Figure 138 – Firmware Update 1. Go to Administration > Firmware Update 2. Click Browse, then select suitable firmware image file (.bin) 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 14.3. Factory Default Network administrator restores CPE device’s settings as default settings via web UI. Figure 139 – Restore to Factory Default 1. Go to Administration > Factory Default 2. Select Keep Network Address settings checkbox for keeping IP address and subnet mask settings; otherwise, deselect the checkbox 3. Click Restore to Factory Default 14.4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 wireless Contain settings about radio interfaces, including radio enabling, WLAN settings … etc 5. Save the modified files 6. Go to Administration > Customization > Default Configuration Customization 7. Click Browse, then select the modified customization file 8. Click Install Caution: - Do not unzip the file during edit; otherwise, error may appear after uploading the customization file. 7-zip is recommended software to use in customization.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 15. SNMP Simple Network Management Protocol (SNMP) is a Network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security. Figure 141 – SNMP Setting 1. Go to Administration > User Admin > SNMP 2. Select Enable SNMP checkbox to enable SNMP function 3.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 16. Logging Configuration 16.1. System Logs Figure 142 – Syslog Setting 1. Go to Configuration > System > Logging Settings 2. Select Enable Syslog checkbox to enable system logging function 3. Type in IP address of the remote syslog server that AP sends system logs instantaneously. 0.0.0.0 denote that AP saves the syslog in its local memory 4.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Informational - Normal operational messages - may be harvested for reporting, measuring throughput, etc. - no action required. (Default Setting) Debug - Info useful to developers for debugging the application, not useful during operations. 5. Click Submit 6. Click Save & Apply 16.2. Historical Statistic Figure 143 – Historical Statistics Setting 1. Go to Configuration > System > Logging Settings 2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 17. Monitor Your CPE Device 17.1. System Status Overview Figure 144 – Status Overview Status overview provides the summary of vital information on the device’s status. Information includes system status, thin AP status, network status, and interfaces status. 17.1.1 System Status Figure 145 – System Status System status provides basic information and real time status of device.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 using Time of Day – system time of device Uptime – indicate operation time of device from last time boot up / reboot 17.1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 IPv4 Subnet Mask – indicate the subnetwork device belongs to IPv4 Default Gateway – indicate a node that helps device to another network. IPv4 DNS Server - indicate a node that provides DNS service for the device The following information is available if IPv6 option is enabled.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 17.1.4 Interfaces Interfaces provide the real time status of all interfaces on the CPE device. Figure 149 – Interfaces 14.4.1.1 Ethernet (eth0) / Ethernet (eth1) MAC – MAC address of Ethernet 0/1 interface Link – indicate the status and operating mode of Ethernet 0/1 Transmit – indicate the traffic and instant throughput of transmission on Ethernet 0/1 Receive – indicate the traffic and instant throughput of receive operation on Ethernet 0 /1 Radio0 (2.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Busy – indicate busy of operating channel 17.2. Radio0 (2.4G) / Radio1 (5G) Status 17.2.1 Radio0 (2.4G) / Radio1 (5G) Status Information Figure 150 – Radio0 (2.4G) Status Information 17.2.1.1 Radio Settings Radio Status – indicate the current status of Radio 0/1 interface MAC – MAC address of Radio 0/1 interface Radio Channel - indicate operating frequency (channel) of Radio 0/1 Wireless Mode – indicate 802.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 17.2.1.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 17.2.2 Radio0 (2.4G) / Radio1 (5G) Association List Figure 151 – Radio0 (2.4G) Association List 17.2.2.1 WAN It shows the current status of all operating WLAN on Radio 0/1 interface. The information includes WLAN ID, SSID, MAC Address, authentication mode, cipher mode, number of associated clients, instant throughput, and total traffic of each operating WLAN respectively. 17.2.2.2 Station List It shows the real time status of first 50 associated stations.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Figure 152 – Radio0 (2.4G) Connection Info 17.2.3.1 STA Info It shows station information on Radio 0. The information includes MAC Address, Authentication Mode, Unicast Cipher, Multicast Cipher, and State. 17.2.3.2 AP Info It shows remote AP information on Radio 0. The information includes MAC Address, SSID, SNR (dB), RSSI (dBm), Channel, Max Data Rate, Throughput of uplink and downlink, Data Rate of uplink and downlink, and Connected Status.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 17.3. Ethernet Status Figure 153 – Ethernet Status It shows the current status of Ethernet interfaces. The information includes Port, MAC Address, Auto-negotiation, Speed, Duplex, Link Detected, instant throughput of uplink and downlink and traffic of of uplink and downlink on Ethernet 0 and Ethernet 1 respectively.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 18. Tools for Deployment / Operation / Troubleshooting 18.1. System Logs Figure 154 –Logs In order to realize easier monitoring and diagnosis, CPE products provide log function for system information, association activity, and alarm event.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 Download historical statistical data 1. Go to Status > Logs 2. Click Download Historical Data 18.3. Channel Scan Network administrator and engineer collect the status of 2.4GHz radio and 5GHz radio in the surrounding area. Throughout this tool, network administrator and engineer collect noise floor, percentage of channel busy, and the number of BSS in particular radio channels.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 round-trip time between CPE and the host over an Internet Protocol (IP) network by using ping tool. Figure 157 – Ping Test 1. Go to Tools > Diagnosis > Ping 2. Type target IP address / host name in Ping IP Address/Host Name 3. Specify how many ICMP (ping) packet that CPE sends to the target host in Packet Count; 4 is default setting. This entry is optional. 4. Specify the packet size of ICMP packet in Packet Size; 56 is default setting. This entry is optional. 5.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 1. Go to Tools > Diagnosis > traceroute 2. Type target IP address / host name in Destination IP Address/Host Name 3. Click Enable Resolve IP addresses checkbox to enable IP address to domain name translation; this entry is optional 4. Specify timeout interval between 1s and 100s in Timeout for traceroute test; this entry is optional 5. Specify TTL value between 1 and 100 in Pings Per TTL; 3 is default setting. This entry is optional 6.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 18.7. Watchdog Watchdog is an electronic timer that is used to detect and recover from system malfunctions. That is timer for periodic reboot. Schedule Reboot Figure 160 – Schedule Reboot 17.3.2.1 Periodic reboot 1. Go to Tools > Watchdog > Schedule Reboot 2. Select Periodic Reboot checkbox to enable reboot scheduler 3. Select Radom Delay checkbox to enable a random delay on scheduled rebooting time.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 4. Enter username on FTP Server User Name for logging in remote FTP server 5. Enter password on FTP Server Password for logging in remote FTP server 6. Enter IP address of remote FTP server on FTP Server IP Address 7. Specify service port of remote FTP server on FTP Server Port; 21 is default setting 8. Select exact time and day(s) in Schedule Mode for uploading log to FTP server; Or select a countdown timer (minute) in Periodic Mode for uploading log to FTP server 9.
濖濣濘激濅濇濈濋激濔濖激濦激濜澳濖瀂瀁濹濼濺瀈瀅濴瀇濼瀂瀁澳濠濴瀁瀈濴濿澳 19. Product Information CPE product shows the information about product information, hardware, software and company information in About tab.
RF exposure statement: The transmitter must not be colocated or operated in conjunction with any other antenna or transmitter. This equipment complies with the FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20cm between the radiator and any part of your body.