Online Help
Organization of the Configuration Web:
System
System > General
- System Information: Fields "Name", "Description", and "Location" are used for remark
purpose. It is recommended to assign different information to each AP
that you have for easy identification.
- Time: Time settings allows the SYSTEM's system time to synchronized with
a NTP server or
set manually. When NTP server is used, "NTP server1" field must be filled
in with a valid NTP server IP or domain name; If FQDN (full qualified domain name) is used, the DNS server setting must also be activated.
System > Network
Interface
- Network Settings: Determine the way to obtain the SYSTEM's IP address, by DHCP or
set Statically .
- DHCP client: Select this option when you have an upstream DHCP
server in the wired or wireless network; Please make sure the network
connectivity are correct otherwise SYSTEM may not be able to successfully
acquire an IP address.
- Static setting: Static setting is for setting IP and networking
related parameters manually. The basic parameters to be set include IP address, subnet mask and Gateway.
- Primary and secondary DNS server: If any other hosts address of management service are given in FQDN format (Full qualified domain name), ensure at least one of these DNS server’s IP is correct.
- Layer 2 STP: Depends on the configuration of the SYSTEM (including
wired and wireless settings), when SYSTEM is configured to bridge several
networks, you need to enable STP.
System > Management
For easier maintenance, SNMP and remote SYSLOG services are provided
in the SYSTEM. The SYSTEM can be managed remotely in a
centralized manner.
- VLAN for Management: The Ethernet traffic from SYSTEM can be tagged with
a specific VLAN ID.
- SNMP Configuration: By enabling this SNMP service, the remote SNMP manager could obtain SYSTEM's system status.
- System Log: By enabling this service, the administrator can specify a remote
SYSLOG server which could remotely receive system log messages sent from SYSTEM; by reading the
SYSLOG message in the remote server, the administrator can review activities of all installed SYSTEM in the network.
System > GRE Tunnel
GRE Tunnels can be established between AP and Controller. This allows the AP to be deployed over different IP networks and yet capable of being incorporated into the central controller’s internal network.
- GRE Tunnel: Check "Enable" to establish GRE Tunnel with remote controller.
- Remote IP: The Controller’s IP address.
- Key: The shared key between the two devices.
- Interface: Network administrator can specify which of the interfaces’ or WDS link’s traffic will go through the established tunnel and back to the Controller.
System > CAPWAP
CAPWAP is a standard interoperable protocol that enables a controller to manage a collection of wireless access points. AP supports automatic discovery and management negotiation with 4ipnet WHG Controllers via CAPWAP protocol. Discovery priority is as follows: DNS SRV > DHCP option > Static Configuration > Multicast Discovery > Broadcast discovery.
- CAPWAP: For enabling or disabling CAPWAP support.
- Certificate Date Check: SSL Certificate validity check can be enabled or disabled. During CAPWAP negotiation, SSL certificate's validity (whether the Certificate has expired or not) should be checked. Therefore, when this option is enabled, NTP must be enabled and system time correct in order for a successful negotiation. When disabled, whether the uploaded Certificate has expired or not will not be checked.
- DNS SRV Discovery: Use DNS SRV to discover access controller.
- Domain Name Suffix: Enter the suffix of the access controller, such as example.com.
- DHCP Option Discovery: Use DHCP option to discover access controller.
- Broadcast Discovery: Use broadcast to discover access controller.
- Multicast Discovery: Use multicast to discover access controller.
- Static Discovery: Access Controller IP addresses can be statically configured for AP to discover. There are a total of 5 Access Controller IP entries.
- AC Address: The IP address of access controller. If it can not discover the first AC, it will try to discover the second AC and so on.
Wireless
Wireless > VAP Overview
- An overall status relating to wireless configurations are summarized in this page. SYSTEM has 8 Virtual APs (VAP), each having its own settings. In the table, we can click on the "Advanced Setting" to have
proceed with detailed configuration of the corresponding VAP.
Wireless > General
The items in this page are AP's RF settings, and will be applied to all VAPs.
Normally, the available RF configurations can be illustrated as:
Band |
Short Preamble |
Short Guard Interval |
Channel Width |
Channel |
Max Transmit Rate |
Transmit Power |
Disable |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
802.11b |
Disable/Enable |
N/A |
N/A |
Auto, 1~11, 13, or 14 |
1M, 2M, 5.5M, 11M |
Auto, Lowest, Low, Medium, High, Highest |
802.11g |
Disable/Enable |
N/A |
N/A |
Auto, 1~11 or 13 |
6M, 9M, 12M, 18M, 24M, 36M, 48M, 54M |
802.11b+802.11g |
Disable/Enable |
N/A |
N/A |
Auto, 1~11, 13, or 14 |
1M, 2M, 5.5M, 6M, 9M, 11M, 12M, 18M, 24M, 36M, 48M, 54M |
802.11g+802.11n |
Disable/Enable |
Disable/Enable |
20 MHz, 40 MHz |
Auto, 1~11, 13, or 14 |
1M, 2M, 5.5M, 6M, 9M, 11M, 12M, 18M, 24M, 36M, 48M, 54M,
MCS 0 ~ MCS 6 |
However, due to RF regulation in different nations, available values in the above table will differ.
ACK Timeout: Fill in an appropriate value for the SYSTEM to wait for
an acknowledgement frame to be sent back from a station before deciding timeout.
Beacon Interval: Enter the desired time interval for the access point
to send beacon signal.
Wireless > VAP Config
To enable each VAP in the SYSTEM, we need to configure each VAP
individually and the settings of each are described as follows:
- Profile Setting: Select the VAP profile that you wish to configure.
- VAP: Enable or disable the selected VAP.
- Profile Name: Give the profile an identity for management purpose.
- ESSID: Indicate the ESSID which the clients refers to when connecting
to this VAP.
- VLAN ID: SYSTEM supports tagged VLAN. To enable VLAN function, each VAP needs a unique VLAN ID; valid values are from 1 to 4094.
Wireless > Security
SYSTEM supports various user authentication and data encryption standards
in each VAP's profile, and thus depend on the desired security levels, you can provide
different service levels to clients. The security type includes:
- None: No authentication required.
- WEP: Supports key length of 64/128/152 bits.
- 802.1X: Provides RADIUS authentication and enhanced WEP.
- WPA-PSK: Provides shared key authentication in WPA data encryption.
- WPA-RADIUS: Authenticate user by RADIUS in WPA data encryption.
Wireless > Repeater
The system supports 3 options of Repeater types:
- None: Repeater is disabled.
- WDS: .Wireless Distribution System is chosen for Repeater type.
- WDS Profile: Select the WDS Link profile that you wish to use.
- WDS: To enable
or disable the respective WDS links.
- MAC Address: remote peer's MAC address
- Security Type: None, WEP, or WPA-PSK
- Universal Repeater: Universal Repeater is chosen for Repeater type.
- The SSID of Upper-Bound AP: Specify the SSID of the upper-bound AP that the system is used to extend that AP’s wireless service coverage.
- Security Type: None, WEP, or WPA-PSK
Wireless > Advanced
Mostly, the default settings should meet general requirements. If occasionally we need tune or debug the wireless network, we may take the following parameters for that purpose.
- VAP Name: Select the desired VAP profile to configure it's advances
wireless settings.
- RTS Threshold: To control station access to medium and to alleviate
the effect of the hidden node problem, we can tune this RTS threshold value. It should have a value
between 1-2346 and is default to 2346.
- Fragmentation Threshold: A frame larger than this threshold will be fragmented before the transmission. If significant numbers of collisions are occurring, we can try
setting a smaller value of the fragmentation threshold to see if it helps.
- DTIM Period: Input
the DTIM Interval that is generated within the periodic beacon at a specified
frequency. Higher DTIM will let the wireless client save energy more, but the
throughput will be lowered.
- Broadcast SSID: Disable this item will prevent the SYSTEM from broadcasting its SSID publicly.
- Wireless Station Isolation: By enabling this item, all stations in the same SYSTEM's coverage area can not communicate with each other.
- WMM: To decide which data streams are most important and assign them a higher traffic priority, we may enable this feature. Its default value is "disable".
- IAPP: To provide a better roaming capability for the stations among APs nearby the SYSTEM, we can enable this item. Its default value is "disable".
Wireless > Access Control
For each VAP profile, the SYSTEM supports various methods to authenticate clients from
using wireless LAN. The default policy is unlimited connections without
any authentication required. To restrict the station number of wireless
connections, just change the Maximum number of stations to a
desired number. For example, When the number of stations is set to 20,
only 20 stations are allowed to connect to this VAP.
For MAC ACL control, the supported methods include:
- Disable: no MAC address check required.
- Allow List: Deny all except allowing ones in the list.
- Deny List: Allow all except denying ones in the list.
- RADIUS ACL: Authenticate the associated MAC address by RADIUS.
The one selected in the Access Control Type will be activated.
Wireless > Site Survey
Site Survey is an useful
tool to provide information about the surrounding wireless environment;
available APs are shown with their respective SSID, MAC Address, Channel, Rate setting, Signal reading, and Security type. The administrator can click Setup or Connect to configure the wireless connection according to the mentioned readings.
Firewall
Firewall > Firewall List
Enable Layer 2 Firewall: If the function is enabled, the firewall rules in the list with checked state will be enforced.
Individual rule details can be edited, deleted, moved or inserted to different
priority.
Firewall > Service
Firewall Service: It
provides a list of customizable service protocols of layer-3 or above. These services
protocols are available to choose from drop-down
list of the layer 2 firewall rule edit page with EtherType to be IPv4.
The first 28 entries are default services and the administrator
can add/delete any extra desired services.
Firewall > Advanced Firewall Settings
- Trust Interface: VAP1~8,
WDS1~4, and LAN are available to check individually as trust interface;
trust interface will not carry out DHCP snooping and ARP inspection.
- DHCP Snooping: If
enabled, only DHCP replies from listed trusted DHCP MAC/IP pairs will
be accepted; verification will be performed only on non-trusted
interfaces.
- ARP Inspection: If enabled, MAC identity will be validated on ARP replies from non-trusted interfaces.
- Trust List Broadcast:
If ARP inspection is enabled, this option can be enabled to broadcast
valid MAC/IP binding pairs previously inspected to all interfaces.
- Static Trust List: If
ARP inspection is enabled, this option can be enabled to provide static
MAC/IP binding pairs that can be accepted in non-trusted interfaces.
Utilities
Utilities > Change Password
The administrator's account password can be changed here. Newly set password
will be verified before entering Web interface upon subsequent login. The login ID is "admin".
Utilities > Backup & Restore
The system can be restored to the default setting by clicking on Reset. The settings of the device can be backuped to a file. This file can be saved
for future recovery use. It can be used to duplicate settings to the other SYSTEM devices
(backup settings and then restore in another device). You may also restore the
SYSTEM to a previous configuration with a saved backup file.
Utilities > System Upgrade
Please make sure you have the correct firmware file. During firmware
update, please, don't turn off the power. This may permanently damage the AP
device.
Utilities > Reboot
At this page, you can reboot this AP remotely.
Utilities > Upload Certificate
AP's Certificate can be managed under this tab page.
- Upload Private Key: Upload the private key for decryption.
- Upload Certificate: Network Administrator can upload other certificates for SSL verification.
- Upload Trusted Certificate: Network Administrator can upload other trusted certificates for SSL verification.
- Use Default Certificate: When the network administrator wishes to use AP's default certificate and key, click this button and restart the AP.
Status
Status > Overview
This section provides an overview of the system's configuration for the administrator.
The description of the table is as follows:
Item
|
Description
|
System
|
System Name
|
The system name of the SYSTEM.
|
Firmware Version
|
The present firmware version of the system
|
Build Number
|
The present firmware build number of the system
|
Location
|
The location of the system
|
Site
|
The site of the system
|
Device Time
|
The system time of the SYSTEM.
|
System Up Time
|
The elapsed time that the system has been in operation.
|
LAN Interface
|
MAC Address
|
The MAC address of the LAN Interface.
|
IP Address
|
The IP address of the LAN Interface.
|
Subnet Mask
|
The Subnet Mask of the LAN Interface.
|
Gateway
|
The Gateway of the LAN Interface.
|
Radio Status
|
MAC Address
|
The MAC address of the RF interface
|
Band
|
The RF band in use.
|
Channel
|
The channel specified.
|
Tx Power
|
Transmit Power
level of RF interface
|
AP Status
|
Profile Name
|
The profile
name of AP
|
BSSID
|
Basic Service
Set ID
|
ESSID
|
Extended
Service Set ID
|
Security Type
|
Security type
of the Virtual AP.
|
Online Clients
|
The number of
online clients.
|
Status > Associated Clients
List all associated clients from all of the enabled VAPs. The administrator can use this
table to manage the clients or refer to the signal strength for debug
purposes.
Status > Repeater
The administrator can review detailed information of the repeater function on this page. Information of
each link's
status, mode and encryption is provided.
Status > Event Log
Event log provides the records of system activities. The administrator can monitor the system status by checking this log.
In the log, normally, each line represents an event record; within each line,
there are 4 fields:
- Date/Time: The time & date when the event happened
- Hostname: Indicate which host records this event. Note that all
events in this page are local events and this field are the same for all
entries.
However, in remote SYSLOG service, this field will help the network administrator identify which
event is from this system, Please refer to section Management
for remote SYSLOG configuration.
- Process Name (with square brackets): indicates the event generated by this running instance
- Description: Description of this event.
To save the file locally or clear all the records, press SAVE LOG or CLEAR button respectively.