IEEE 802.11a+g Access Point User’s Guide IEEE 802.11A+G ACCESS POINT User’s Guide Version 1.
Copyright Statement No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, whether electronic, mechanical, photocopying, recording or otherwise without the prior writing of the publisher. Windows™ 95/98/Me and Windows™ 2000/XP are trademarks of Microsoft® Corp. Pentium is trademark of Intel. All copyright reserved.
IEEE 802.11a+g Access Point User’s Guide Table of Contents System Management .......................... 26 Regulatory Information.............4 MAC Filtering Settings ........................ 29 Introducing the 802.11A+G ACCESS POINT ...5 SSID Settings ...................................... 30 Overview of the 802.11 a+g Access Point Wireless Settings ................................ 31 ...............................................................5 Operational Mode................................
Regulatory Information Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
1 Chapter Introducing the 802.11A+G ACCESS POINT Overview of the 802.11 a+g Access Point The 802.11A+G ACCESS POINT is an access-point based on IEEE 802.11a+g based 2.4GHz and 5 GHz radio technology. It contains an 802.11a+g and a full-duplex 10/100 LAN interfaces. The 802.11A+G ACCESS POINT can function as a simple Access Point (AP), and act as the center point of a wireless network supporting a data rate of up to 54 Mbps.
802.11A+G ACCESS POINT Features Compliant with draft 802.11a, 802.11b and 802.11g standards with roaming capability. Support of the standard access point mode for connection to wireless clients. Support of the repeater mode to extend infrastructure coverage. Support of the WDS mode for interconnecting LAN segments. Built-in DHCP Server to assign IP addresses to wired/wireless clients automatically. Static assignment or DHCP client to set the device IP address.
IEEE 802.11a+g Access Point User’s Guide Network Configuration Examples A group of wireless stations communicating with each other is called a Basic Service Set (BSS) and is identified by a unique SSID. When an 802.11A+G ACCESS POINT is used, it can be configured to operate in the following three network configurations AS AN ACCESS POINT When configured in the Access Point mode, the 802.11A+G ACCESS POINT allows a group of wireless stations to communicate with each other through it.
AS A STAND-ALONE REPEATER The purpose of a repeater is to expand an existing infrastructure BSS. When configured to operate in the Repeater Mode, the 802.11A+G ACCESS POINTs sit between wireless stations and a “root” AP whose BSS is being expanded, as shown below: AS A POINT TO MULTI-POINTS BRIDGE When configured to operate in the Wireless Distribution System (WDS) Mode, the 802.
IEEE 802.11a+g Access Point User’s Guide Setting Up the device The 802.11A+G ACCESS POINT can be managed remotely by a PC through either the wired or wireless network. To do this, the 802.11A+G ACCESS POINT must first be assigned an IP address, which can be done using one of the following two methods. STATIC IP The default IP address of the LAN interface of an 802.11A+G ACCESS POINT is a private IP address of 192.168.1.1, and a network mask of 255.255.255.0.
2 Chapter Installing the 802.11A+G ACCESS POINT This section describes the installation procedure for the 802.11A+G ACCESS POINT. It starts with a summary of the content of the package you have purchased, followed by steps of how to power up and connect the 802.11A+G ACCESS POINT. Finally, this section explains how to configure a Windows PC to communicate with the 802.11A+G ACCESS POINT. What’s in the Box? The 802.11A+G ACCESS POINT package contains the following items: One 802.
Connecting the Cables The Back Panel of the 802.11A+G ACCESS POINT appears as follows: Follow these steps to install your 802.11A+G ACCESS POINT: Step 1. Connect a LAN hub to the LAN port on the 802.11A+G ACCESS POINT using the supplied LAN cable. Step 2. Connect the power adapter to an electrical outlet and the 802.11A+G ACCESS POINT. Configuration Steps Required for the 802.11A+G ACCESS POINT This section describes configuration required for the 802.
Connect the PC to the 802.11A+G ACCESS POINT and change its configuration to a static IP address based on your network environment. For example, if there is a DHCP server that assigns IP addresses from the range 192.168.23.10 - 192.168.23.254 to DHCP client devices, it can reserve 192.168.23.10 for the 802.11A+G ACCESS POINT and then the address pool with the DHCP server becomes 192.168.23.11 – 192.168.23.254.
installed, go to Step 8. Otherwise, select Add to install it now. Step 4. In the new Network Component Type window, select Protocol. In the new Select Network Protocol window, select Microsoft in the Manufacturers area. Step 5. In the Network Protocols area of the same window, select TCP/IP, then click OK. You may need your Win95/98 CD to complete the installation. After TCP/IP installation is complete, go back to the Network window shown in Step 4. Step 6.
A Look at the Front Panel The LEDs on the front of the 802.11A+G ACCESS POINT reflect the operational status of the unit. The status of the LAN, the wireless, and power can be monitored from this display. Power LAN Wireless 802.
Connecting More Devices Through A Hub To The 802.11A+G ACCESS POINT The 802.11A+G ACCESS POINT provides an RJ45 LAN interface that you can use to connect to a PC or an external hub. Step 1.
3 Chapter Basic Configuration of the 802.11A+G ACCESS POINT This section describes the basic configuration procedure for the 802.11A+G ACCESS POINT. It describes how to set up the 802.11A+G ACCESS POINT for wireless connections, and the configuration of the local LAN environment. The 802.11A+G ACCESS POINT is designed so that all basic configuration may be effected through the a standard Web browser such as Microsoft Internet Explorer.
The Home Page of the 802.11A+G ACCESS POINT screen will appear, with its main menu displayed on the right hand side of the window. The main menu includes the following choices: Setup Wizard, Device Status, Advanced Settings, System Tools, and Help; these can be used to navigate to other menus. Logging On If you attempt to access a configuration item from the browser menu, an administrator login screen will appear, prompting you for the password in order to log on.
TIME SETTINGS After logging in, the time settings page appears. The device time is automatically set to the local time of the management PC at the first time a connection is made. To modify the device’s time, modify the appropriate fields, then click NEXT.
The Device IP setting screen allows you to configure the IP address and subnet of the device. Although you can rely on a DHCP server to assign an IP address to the 802.11A+G ACCESS POINT automatically, it is recommended that you configure a static IP address manually in most applications. If you choose to assign the IP address manually, check the button that says “Assign static IP to this device” and then fill in the following fields IP Address and IP Subnet Mask: These values default to 192.168.1.
If you choose to use a DHCP Server to acquire an IP address for the 802.11A+G Access Point automatically, check the button that says, “Use the DHCP protocol to automatically get the IP address for this device”. Then click Next to go to the next screen. Again, as a reminder, it is recommended that your 802.11A+G ACCESS POINT should be assigned a static IP address in order to make it easy for you to manage the device later on.
Disable SSID Broadcasting: An access point periodically broadcasts its SSID along with other information, which allows client stations to learn its existence while searching for access points in a wireless network. Check Disable if you do not want the device to broadcast the SSID. WLAN mode: The wireless module is IEEE 802.11g and 802.11b compliant, and choosing “11g/b” allows both 802.11b and 802.11g client stations to get associated. 802.11g However, choosing “11g” allows only 802.
WEP allows you to use data encryption to secure your data from being eavesdropped by malicious people. It allows 3 types of key: 64 (WEP64), 128 (WEP128), and 152 (WEP152) bits. You can configure up to 4 keys using either ASCII or Hexadecimal format. Key Settings: The length of a WEP64 key must be equal to 5 bytes, a WEP128 key is 13 bytes, and a WEP152 key is 16 bytes. For WEP64 and WEP128, you can just enter a passphrase and click the GENERATE button to generate the four keys.
802.1x allows users to leverage a RADIUS server to do association authentications. You can also enable dynamic WEP keys (64, 128, 152-bit) to have data encryption. Here you do not have to enter the WEP key manually because it will be generated automatically and dynamically. NOTE: After you have finished the configuration wizard, you have to configure the Radius Settings in Advanced Settings in order to make the 802.1x function work.
Wi-Fi Protected Access (WPA) with Pre-Shared Key (PSK) provides better security than WEP keys. It does not require a RADIUS server in order to provide association authentication, but you do have to enter a shared key for the authentication purpose. The encryption key is generated automatically and dynamically. Pre-shared Key: This is an ASCII string with 8 to 63 characters. Please make sure that both the 802.11A+G ACCESS POINT and the wireless client stations use the same key.
Wi-Fi Protected Access (WPA) requires a RADIUS server available in order to do authentication (same as 802.1x), thus there is no shared key required. The Encryption Type and Group Rekey Interval settings are same as WPA-PSK. Finish Setup Wizard and Save Your Settings After stepping through the Wizard’s pages, you can press the FINISH button for your modification to take effect. This also makes your new settings saved into the permanent memory on your system.
Congratulations! You are now ready to use the 802.11A+G ACCESS POINT. Note: If you change the device’s IP address, as soon as you click on FINISH you will no longer be able to communicate with your 802.11A+G ACCESS POINT. You need to change your IP address and then re-boot your computer in order to resume the communication.
Clicking the System Management button to configure system related parameters to for the 802.11A+G ACCESS POINT. Management Utility Port Definition: The standard port settings for the HTTP Web server and the Telnet utility may be replaced by entering new port numbers in these fields. Management Session Time-out: This setting specifies the duration of idle time (inactivity) before a web browser or telnet management session times out. The default time-out value is 10 minutes.
Bridge: You can enable/disable the 802.1d STP (Spanning Tree Protocol) function on the bridge of WLAN and Ethernet (i.e. the LAN interface). Enable this function can detect loops in your LAN environment and then protect the LAN from being saturated with infinite loop traffic. Syslog: Syslog is an IETF (Internet Engineering Task Force - the Internet standards body)conformant standard for logging system events (RFC-3164). When the 802.11A+G ACCESS POINT encounters an error or warning condition (e.g.
System Location: Description of where your 802.11a+g Access Point is physically located. It is an alphanumeric string of up to 60 characters. System Contact: Contact information for the system administrator responsible for managing your 802.11a+g Access Point. It is an alphanumeric string of up to 60 characters. Community String For Read: If you intend the access point to be managed from a remote SNMP management station, you need to configure a read-only “community string” for readonly operation.
To add a MAC address into the table, enter a mnemonic name and the MAC address, then click ADD. The table lists all configured MAC Filter entries. To delete entries, check the corresponding select boxes and then press DELETE SELECTED SSID Settings The Access Point can allow user to set up different SSID settings - Enable VLAN, QoS or DiffServ QoS. Each this SSID setting is based on which Security Policy.
Wireless Settings Beacon Interval: The 802.11A+G ACCESS POINT broadcasts beacon frames regularly to announce its existence. The beacon Interval specifies how often beacon frames are transmitted - in time unit of milliseconds. The default value is 100, and a valid value should be between 1 and 65,535. RTS Threshold: RTS/CTS frames are used to gain control of the medium for transmission.
DTIM Interval: The 802.11A+G ACCESS POINT buffers packets for stations that operate in the power-saving mode. The Delivery Traffic Indication Message (DTIM) informs such power-conserving stations that there are packets waiting to be received by them. The DTIM interval specifies how often the beacon frame should contain DTIMs. It should have a value between 1 to 255, with a default value of 3. User Limitation: Input what’s the maximum users can connect with Access Point through SSID.
Radius Settings Radius servers provide centralized authentication services to wireless clients. Two Radius servers can be defined: one acts as a primary, and the other acts as a backup. Two user authentication methods can be enabled: one based on MAC address filter, the other based on 802.1x EAP authentication. MAC address filtering based authentication requires a MAC address filter table to be created in either the 802.
acts as an authenticator, and it relays authentication messages between the RADIUS server and client devices being authenticated. IEEE 802.1x EAP authentication is enabled by selecting the Security Policy as 802.1x or WPA, and this selection is in the Wireless Settings under Setup Wizard. Enable MAC Address Access Control: Check this option to enable MAC address access control through a RADIUS server.
DoS Settings A Denial of Service attack is one where the attacker tries to make some resource too busy to answer legitimate requests, or to deny legitimate users access to your machine. Authentication fails: an illegal wireless client who failed time to associate with our system due to authentication failure. Broadcast storm filtering: Someone sending broadcast packets to our system or other clients rapidly and continuously, this makes our system too busy to process other legitimate request.
4 Chapter Managing the 802.11A+G ACCESS POINT This Chapter covers other management aspects of your 802.11A+G ACCESS POINT: How to view the device status How to view the system log How to upgrade the firmware of your 802.11A+G ACCESS POINT How to save or restore configuration changes How to reset the configuration to the factory default. How to reboot your 802.
This is at the left-bottom corner of the Device Status window. How to View the System Log The 802.11A+G ACCESS POINT maintains a system log that you can use to track events that have occurred in the system. Such event messages can sometimes be helpful in determining the cause of a problem that you may have encountered. You can select System Log on the left side of the Device Status window to view log events recorded in the system.
Bridge Table The bridge table shows all MAC entries learned from the wired LAN interface, wireless clients, and WDS peers (if running in the WDS mode). You can check this table by clicking Bridge Table at the left side of the Device Status window.
Radio Table Radio table lists current Mode, channel, client associated with them and transmit packet, received packet, data error.
Upgrading Firmware You can upgrade the firmware of your 802.11A+G ACCESS POINT (the software that controls your 802.11A+G ACCESS POINT’s operation). Normally, this is done when a new version of firmware offers new features that you want, or solves problems that you have encountered with the current version.
Step 2 To update the 802.11A+G ACCESS POINT firmware, first download the firmware from the distributor’s web site to your local disk, and then from the above screen enter the path and filename of the firmware file (or click Browse to locate the firmware file). Next, Click the Upgrade button to start. The new firmware will begin being loaded to your 802.11A+G ACCESS POINT. After a message appears telling you that the operation is completed, you need to reset the system to have the new firmware take effect.
Step 2 Enter the path of the configuration file to save-to/restore-from (or click the Browse button to locate the configuration file). Then click the SAVE TO FILE button to save the current configuration into the specified file, or click the RESTORE FROM FILE button to restore the system configuration from the specified file. How to reset the configuration to the factory default You can reset the configuration of your 802.11A+G ACCESS POINT to the factory default settings.
How to Reboot your 802.11A+G ACCESS POINT You can reset your 802.11A+G ACCESS POINT from the Browser. To reset it: Step 1 Select Reboot System from the System Tools menu, you will see the following screen: Step 2 Click YES to reboot the 802.11A+G ACCESS POINT. Note: Resetting the 802.11A+G ACCESS POINT disconnects any active clients, and therefore will disrupt any current data traffic.
5 Chapter Command Line Interface This chapter describes the Command Line Interface (CLI) for the 802.11 a+g Access Point. The CLI is accessible through a Telnet session. General guidelines When the 802.11 a+g Access Point is powered up, the user can use a standard telnet application from a PC connected to the network to perform configuration and management functions. This is done by typing the telnet command, “telnet ” (the default is 192.168.1.
to edit the command from the end. Up to 15 previously entered commands can be invoked through ^p’s and ^n’s. If a keyword is expected when the user types “ ?”, all valid keywords will be displayed. The command typed in so far will then be displayed again along with the cursor sitting at the end, waiting for the user to continue.
wlan means the Wireless port; <> specifies the arguments of the command, <1-4> means a number between 1 to 4; [ ] indicates an optional parameter | is used to separate alternative choices of parameters or keywords; {} encloses all alternative keywords; MacAddr, or XX-XX-XX-XX-XX-XX means any MAC address in hexadecimal format, where each XX can be 00, 01, ... 99, 0A, 0B, 0C, 0D, 0E, 0F, 10, 11,… FF; ipAddr, netmask, or xxx.xxx.xxx.
Description: Disable the management function from a WLAN connected user. enable upnp Description: Enable the UPnP function. enable wlan management Description: Enable the management function from a WLAN connected user. help Description: Show help descriptions on CLI. logout Description: Logout the current CLI management session. ping Description: Show help descriptions on CLI. reset system Description: Reboot the system. Any configuration not saved (e.g. by “save config”) will be lost.
Description: Set the IP address for the device LAN interface. set system location Description: Configure a string describing the system location information. This is the value of the SNMP system location MIB. set system name Description: Configuring a string for the system name. This is also the value of the SNMP system name MIB.
Description: Add a MAC filter with the specified name (a mnemonic name) and MAC address. delete mac filter Description: Delete the MAC filter with the specified name. set mac filter mode Description: Set the MAC filter mode. show mac filter [] Description: Display the MAC filter entry with the specified name. If no name is specified, this command display all currently configured MAC filter entries.
(4) Diagnostics Commands disable log Description: Disable the log function on the specified facility. disable syslogd Description: Disable the remote log function. disable trace Description: Disable the trace function on the specified facility. enable log [] Description: Enable the log function with the specified log level on the specified facility. If no log level is specified, the previously configured log level is used.
Description: Configure the primary/secondary RADIUS server settings. This is a multi-line command, and you have to enter the IP address and port number of the server, shared secret, and enable/disable. change password Description: Change the password for management, including HTTP and TELNET. disable radius mac authentication Description: Disable the use of external RADIUS servers for MAC address access control.
6 Chapter Text Configuration The text configuration provides another way for users to configure the 802.11 a+g Access Point. Users can save the system current configuration onto a file on PC, edit the configuration file, and then restore the system configuration with the configuration file. For details regarding the save and restore configuration operations, please read the HOW TO SAVE OR RESTORE CONFIGURATION CHANGES section in the MANAGING YOUR 802.11A+G Access Point chapter.
[Manufacture] Version = 1.00 This is used by the system itself, and this should be put as the first section in a configuration file. Users should not modify anything in this section. [Password] Password=000000 Password: the password for system management. [Time] TimeZone = +09:00 System Time Configuration [Device] IPType=static IPAddress=192.168.1.1 IPNetmask=255.255.255.0 GatewayIP=192.168.1.254 DNSIP=168.95.1.3 IPType=dhcp [ISP] ISPType=static ISPStaticIP=100.0.0.1 ISPNetmask=255.255.0.
ISPType=pptp PPTPLocalIP=11.0.0.10 PPTPNetmask=255.255.255.0 PPTPRemoteIP=11.0.0.1 PPTPUserName=name PPTPPassword=password PPTPIdleTimeout=time For PPPoE ‘unnumbered_link’ session type: KeepPrivateLan: keep the private LAN or not (‘enable’ or ‘disable’). UnnumberedIP: the IP address of the private LAN if ‘KeepPrivateLan’ is ‘enable’ UnnumberedNetmask: the subnet mask of the private LAN if ‘KeepPrivateLan’ is ‘enable’ For ‘pptp’ type: PPTPLocalIP: the local IP address for establishing the PPTP tunnel.
TPNetBios: whether enable NetBIOS traffic pattern on the session (‘enable’, ‘disable’). The following items can appear more than one in a multiple PPPoE entry: TPRuleIPRange: specify an IP address range traffic pattern. TPRuleNetwork: specify an IP network traffic pattern. TPRulePortRange: specify a port range traffic pattern. TPRuleKeyword: specify a keyword traffic pattern.
function for each SSID configured (‘enable’, ‘disable’). [SSID Entry] PrimarySSID=wlan SSID=wlan SecurityPolicy=none SSID Entry Configuration PrimarySSID: specify the primary SSID, which must be included in the following SSID entries. SecurityPolicy=wep There could be more than one entries (max 4 entries), each entry contains the following items: WEPAutoGenerateKey=enable WEPPassPhrase=pass phrase WEPPassPhraseLength=64 SSID: a SSID of the WLAN.
For both ‘wpa-psk’ and ‘wpa’ types WPAEncryptionTypp: encryption protocol types (‘tkip’, ‘ccmp’, ‘both’). WPAGroupRekeyInterval: group key re-key interval (unit: sec). If ‘VLANState’ in [VLAN] is ‘enable’, the following items can be included: VLANID: the VLAN ID of the bridge that the SSID belongs to. VLANPriority: the 802.1p priority value of the packets came from the stations using the SSID. If ‘DiffServState’ in [DiffServ] is ‘enable’, the following item can be configured.
(‘enable’, ‘disable’) [Syslog] SyslogLevel=3 SyslogState=disable Syslog Configuration SyslogState=enable SyslogdIP=102.2.2.2 SyslogLevel: syslog level, lower is severer and less events will be logged. SyslogState: whether enable the remote log function (‘enable’, ‘disable’). SyslogdIP: the IP address of the remote syslog daemon if ‘SyslogState’ is ‘enable’. [EmailLog] Email Log Configuration EmailLogState=enable EmailLogServer=sned.mail.com EmailLogMailAddr=user@recvm ail.
[MACFilter] MACFilterPolicy =disable MAC Filter Configuration MACFilterPolicy: MAC Filter policy (‘disable’, ‘deny’, ‘grant’). [MACFilterEntry] MAC Filter Entry Configuration MACFilterName=name MACFilterMAC=00-01-30-05-70- There could be multiple entries (max 1024 entries), aa each entry contains the following items: MACFilterName: a mnemonic name for the entry. MACFilterMAC: the MAC address that the filter will be applied on.
VLANPrio5=high VLANPrio6=highest VLANPrio7=highest SchedulingScheme=htb HTBBwRatioHighest=10 HTBBwRatioHigh=20 HTBBwRatioNormal=40 HTBBwRatioLow=40 configured). VLANPrioi (i = 0, 1, 2, …, 7): the corresponding priority level for this VLAN 802.1p value (‘low’, ‘high’, ‘highest’). SchedulingScheme: the QoS scheduling scheme (‘sp’, ‘htb’).
Product Specification Product Name IEEE 802.11a+g SOHO Access Point Control Number Core Logic, CPU Core Logic, WLAN OS CA8-5 Atheros 5312 @ 220 MHz Atheros 5112 (802.11a), Atheros (802.11b/g) Linux® 2.4.18 • IEEE 802.11a/b/g • IEEE 802.1d Spanning Tree • IEEE 802.1x • IEEE 802.3u Ethernet protocol • Infrastructure • Bridge Mode (WDS) • Repeater Mode IEEE 802.11a Standard: 54, 48, 36, 24, 18, 12, 9 & 6 Mbps with auto fallback IEEE 802.
Certificate • • • • SRRC/CCC DGT CE Wi-Fi Class 5 GHz 802.11a, Wi-Fi Class 2.4 GHz 802.
