Instruction/ maintenance manual of the product AT-WA7500 Allied Telesis
Go to page of 339
Access Points AT-WA7500 AT-WA7501 ◆ Installation and User’s Guide VERSION 2.3 ® PN 613-000066 Rev C.
Copyright © 2005 Allied Telesyn, Inc. 3200 North First Street, San Jose, CA 95134 USA All rights reserved. No part of this publication may be reproduc ed without prior written permission from Allied Telesyn, Inc.
3 Preface .............. .............. .............. .............. .............. .............. .............. .............. .............. ... .............. .............. .............. .... 7 Document Conventions ............. ...............
Contents 4 Connecting Power Over Ethernet ........................ ................. ................. .............. ................. ........ ......... .............. .............. 59 External Antenna Placement Guidelines ........... ........ ....
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 5 Chapter 6 Configuring Security ...................... .............. .............. .............. .............. .............. .............. .............. ....... ..................... 169 Understanding Security .
Contents 6 Using the AP Monitor .................. ................. ...... .............. .............. .............. .............. .......... ............... .............. .............. . 266 Entering the AP Monitor ... ............ ...........
7 Pr eface This manual provides you with information about the features o f the Allied Telesyn AT-WA7500 and AT-WA7501 access points with software release 2.0 (or later). This manual also descr ibes how to install, configure, operate, maintain, and troubleshoot the access po ints.
Preface 8 Document Conventions This document uses the following conventions: Note Notes provide additional informatio n. Caution Cautions inform you t hat performing or omitting a spe cific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a sp ecific action may result in bodily injury.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 9 Where to Find Web-based Guides The installation and user guides for all Allie d Telesyn products are available in Portable Document Format (PDF) from on our web site at www.alliedtelesyn.com .
Preface 10 Contacting Allied Telesyn This section provides Allied Telesyn contact information f or technical support as well as sales or corporate informat ion. Online Support You can request technical sup port online by accessing the Allied T elesyn Knowledge Base from the following web site: www.
11 Chapter 1 Getting S tarted This chapter introduces the Alli ed Telesyn AT-WA7500 and AT-WA7501 access points, explains their feat ures, and describe s how you can use them to expand your data collection network.
Chapter 1: Get ting Started 12 Which Allied Telesyn Access Prod ucts Does This Manual Support? This system manual supports the AT-WA7500 and AT-WA7501 access points with softwa re release 2.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 13 Overview of the AT-WA7500 and AT-WA7501 Access Point Products The Allied Telesyn AT-WA7500 and AT-WA7501 a ccess points deliver reliable and seamless wireless p erf ormance to almost any operational environment.
Chapter 1: Get ting Started 14 Figure 1. Access Point Architecture Access points are multiport (Ethernet-to-wireless) bridges, and because wireless end devices operate similarly to other Ethernet devices, all your existing Ethernet applications will work with the wireless network without any special networking software.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 15 Features This table lists the features of the access points. T able 1. Access Point Feature Comp arison Feature A T-W A 7500 A T-W A7501 Acc.
Chapter 1: Get ting Started 16 * The 802.11g radio is sometimes ref erred to as the 802.11b/g radio because it can be configured to communicate wit h any 802.11b and 802.11g radios that have the same SSID and security settings. For details, see “About the Radios” on page 9 7.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 17 reservation (including a fragment ation threshold and a reservation threshold). A T -W A7500 Configuration Wizard: Y ou can use the configuration wizard to help you configure and maint ain your access point network.
Chapter 1: Get ting Started 18 This illustration shows the LEDs that are on the AT-WA7501 access point. For help understanding these LEDs, see the LED Descriptions table on page 17. Figure 2. AT-WA7501 LEDs This illustration shows the LEDs that are on the AT-WA7500 access point.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 19 Understanding the Ports The access point may have up to four ports. To access the ports on the AT-WA7 501, you must remove the cable access door. To remove the AT-WA7501 cable access door 1. Unscrew the two thumbscrews on the cable access door.
Chapter 1: Get ting Started 20 Figure 4. AT-WA7501 Ports The AT-WA7500 ports are located on the bottom of the access poin t. This illustration shows the ports that are o n the AT-WA7500. For help understanding these ports, see the Port Descriptions table on page 19.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 21 How the Access Point Fi ts in Your Network In general, the access point forwards data from wireless end devices to the wired Ethernet network.
Chapter 1: Get ting Started 22 In a simple wireless network, the access point that is con nected to the wired network serves as a transpar ent bridge be tween the wired network and wireless end devices. To install a simple wireless network 1. Configure the initial IP address.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 23 Allied Telesyn recommends that you always impleme nt some type of security. Using Multiple Access Points and Roaming Wireless End Devices For larger or more complex en vironments, you can install multiple access points so wireless end devices can roam fro m one access point to another.
Chapter 1: Get ting Started 24 2. Configure the LAN I D. For help, see “Configuring the Spanning Tree Parameters” on page 136. 3. Configure one of the access points to be a root access point. For help, see “About the Primary LAN an d the Root Access Point” on page 131.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 25 The access points communicate with each o ther through the spanning tree. The wireless end devices are confi gure d as stations with LAN ID set to 0 and SSID set to Op3rat!ons.
Chapter 1: Get ting Started 26 Figure 10. Access Point as a WAP WAPs send data from end devices to the access points via wireless hops. Wireless hops are formed when data from end d evices move from one access point to another access point through the radio ports.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 27 3. (802.11g and 802.11b) Configure the station radio in the WAP to communicate with one of the master radio service sets in the access point: a. From the main menu, click the link corresp onding to the station radio.
Chapter 1: Get ting Started 28 e. In the Primary service set SSID (Network Name) field, type the SSID that matches the SSID o f the end device radio. In this example, the SSID is Manufacturing.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 29 You need to configure the wire less end devices to have the same SSID, LAN ID, and frequency as the WAP radio. You do not need to configure any secondary LAN settings because th e WAP is not connected to a secondary LAN.
Chapter 1: Get ting Started 30 You need to configure the wirele ss end devices to have the same SSID, LAN ID, and frequency as the WAP radio. You do not need to configure any secondary LAN settings because the WAP is not connected to a secondary LAN. Allied Telesyn recommends that you always implement some type of security.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 31 with access points that are ac ting as point-to-point b ridges. Figure 13. Access Points as Point-to-Point Bridges Point-to-point bridges send data from end devices on the seconda ry LAN to the root access point via wireless hops.
Chapter 1: Get ting Started 32 You may also need to adju st the flooding parameters. Here are some recommendations: If there are no end devices on the seconda ry LAN, the bridge on the secondary LAN can use the defaul t flooding settings. The Seconda ry LAN Flooding p arameter is disa bled.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 33 c. In the Secondary LAN Bridge Priority field, enter a numb er other than zero. d. In the Secondary LAN Flooding field, choose Enabled. 6. Configure the spanning tree settings for the point-to-point brid ge on the primary LAN.
Chapter 1: Get ting Started 34 c. In the Primary service set Node Type f ield, choose Master. d. In the Primary service set SSID (Network Name) field, type the SSID. In this example, the SSID is Manufacturing. e. Click Submit Changes. 10. Configure the spann ing tree settings for the point-to-p oint bridge on the primary LAN: a.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 35 Allied Telesyn recommends that you imple ment some type of security. T able 9. 802.11g Point-to-Point Bridges Parameter Se ttings Screen Parameter Bridge Primar y LAN (Root) Bridge Secondary LAN (Designated Bridge) 802.
Chapter 1: Get ting Started 36 Example - Configuring an 802.11a Point-to-Multipoint Bridge In this example, each access point only has one 802.1 1a radio. Since the 802.11a radio can function as a master an d a station, wireless end devices can communicate with eith er access point.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 37 Using Dual Radio Access Points for Redundancy You can configure AT-WA7500 units and AT-WA75 01 units that have two 802.11g radios, two 802.11b radios, or two 802.11a radios to provide redundancy for your network.
Chapter 1: Get ting Started 38 Configuring the Access Point (Setting the IP Address) The access point will work out of the box if you are using a DHCP server to assign it an IP address. By default, th e access point is configured to be a DHCP client and will resp ond to offers from any DHCP server.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 39 To use the Allied Telesyn AT-WA7 500 Configuration Wizard Note To use the AT-WA7500 Configuratio n Wizard, you must have a PC that is running Windows 95-OSR 2/98SE/ ME or Windows NT4/2000/ XP.
Chapter 1: Get ting Started 40 5. Proceed with the IP Address conf iguration by following the on-screen menus. Using a Communications Program You can use a communications program (such as HyperTerminal) to set the initial IP address for the access point.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 41 4. Press Enter when the message “Starting system” appe ars on your PC screen. The Username field appears. 5. In the Username field type the d efault user name “atilan”, and then press Enter.
Chapter 1: Get ting Started 42 IP Address - A unique IP address. IP Subnet Mask - The subnet mask that matches the other devices in your network. IP Router (Gateway) - If the access point will communicate with devices on another subne t, enter the address of the router that will forwa rd frames.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 43 To use a web browser interface 1. Determine the IP address of the access point. I f a DHCP server assigned the IP address, you must get the IP address from the DHCP server. 2. Start the web browser application.
Chapter 1: Get ting Started 44 5. Click Login. The TCP/IP Settings screen app ears. Y our web browser session is established. Note Although you can use several diffe rent methods to manage the access point remotely, this m anual assumes you are using a web browser.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 45 2. From a command prompt, type: telnet IPaddress whe re IPaddress is the IP address of the access poin t. 3. Press Enter. 4. If necessary, enter the user name and press Enter. Then, ente r the password and press Enter.
Chapter 1: Get ting Started 46 Saving Configuration Changes When you are done configuring the access po int, you may want to activate your changes immediately or you may want to save the changes n ow and activate them later. If you choose to ac tivate the changes later, they will become active the next time the access point is booted.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 47 Using a Web Browser Interface 1. On the menu bar, click Save/Discard Changes. This screen appears. 2. Resolve any error messages list ed under the heading Possible Configurations Errors. For help, se e “Using the Co nfiguration Error Messages” on page 240.
Chapter 1: Get ting Started 48 Using a Telnet Session 1. From the Access Point Configuration me nu, choose Save Configuration. 2. Choose Reboot to reboot the access point and immedia tely use your new active configuration.
49 Chapter 2 Installing the Access Points This chapter explains how t o install the Allied Telesyn AT-WA7500 and AT-WA7501 access points in your d ata collection network, provides some tips on how to position access points to improve your network performance, and provid es some external antenna guid elines.
Chapter 2: Inst alling the Access Po ints 50 Installation Guidelines Allied Telesyn recommends that you have an Allied Telesyn-certif ied RF specialist conduct a site survey to de termine the ideal locations for all your Allied Telesyn wireless net work devices.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 51 Other Acce ss Points Access points that are configured for th e same frequency and that are in the same radio coverage area may inter fere with each other and decrease throughput.
Chapter 2: Inst alling the Access Po ints 52 Installing the AT-WA7501 You can place the AT-WA7501 horizontally or vertically on a desk or counter. If you want to mount the AT-WA7501 to a wall or b eam.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 53 option. For help, see “Connectin g to Your Fiber Optic Network” on page 55. To connect the AT-WA7501 to the Ethernet network Attach .
Chapter 2: Inst alling the Access Po ints 54 Installing the AT-WA7500 You can place the AT-WA7500 horizontally on a desk or coun ter. The AT-WA7500 also ships with a mounting bracket that lets you mount it vertically to a wall.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 55 Connecting to Your Fiber Optic Ne twork You can order your AT-WA7501 access point with a fib er optic option. Using an appropriate patch cord and adapter (as described in the next section), you can connect your access point to: an MT -RJ network.
Chapter 2: Inst alling the Access Po ints 56 Note All cables must be multimode, 62.5/125 µm. Connecting to an MT-RJ Network To connect to an MT-RJ network, you need: a patch cord with a female MT.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 57 2. Connect the access point to your network as shown in the next two illustrations. Note The patch cord shown above must conne ct to the access point with a female MT-RJ connector. For de tails, see “Using a nd Purchasing the Required Patch Cord and Adapter” on page 55.
Chapter 2: Inst alling the Access Po ints 58 a patch cord with a female MT -RJ connector to insert into the access point’s male MT -RJ fiber optic port, and an ST connector to insert into the ST adapter . an adapter for connecting the p atch cord to the ST network.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 59 Connecting Power Over Ethernet The AT-WA7500 is powered by power over Ethernet. The AT-WA7501 can be powered by AC power or by power ove r Ethernet or both. For all access points, you need a power bri dge .
Chapter 2: Inst alling the Access Po ints 60 External Antenna Placement Guidelines Antennas and their placement play a vi tal role when installing a wireless network. Every wireless network environment presents its own unique obstacles. Therefore, the exact range that you will achie ve with each access point is difficult to determine.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 61 Allied Telesyn recommends that you use two ant ennas for each radio to achieve optimal performance (a ntenna diversity) of the radios.
Chapter 2: Inst alling the Access Po ints 62 Follow the recommended antenna sep aration precisely when using the closest distance s. Movement of as little as 3.05 cm (1.2 in) may strongly affect pe rformance. Y ou should choose the greatest dist ance possible within the constraints of your en vironment.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 63 When antenna diversity is enabled, both po rts can receive, but only the primary port transmits. To achieve optimum placement for th e two antennas, you must place the tra nsmit/receive antenna so that it is within range of all the radios that the receive-only antenna can hear.
64 Chapter 3 Configuring the Ethernet Network This chapter explains how t o configure the AT-WA7500 and AT-WA7501 access points so that they communi cate with your Ethernet network.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 65 Configuring the TCP/IP Settings If you are using a DHCP server to aut omatically assign an IP address to the access point, go to “Configuring the Access Point as a DHCP Client” on page 67.
Chapter 3: Config uring the Ethernet Network 66 4. If you want to configure the access point a s a NAT server, see “About Network Address Translation (NAT)” on page 7 5. 5. If you want to configure the access p oint to send ARP requests, see “Configuring the Access Point to Send ARP Requests” on page 76.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 67 Configuring the Access Point as a DHCP Client You can use a DHCP server to automatically a ssign an IP address and other TCP/IP settings to your access point; that is, th e access point can act as a DHCP client.
Chapter 3: Config uring the Ethernet Network 68 To configure the access point as a DHCP client 1. From the menu, click TCP/IP Se ttings. The TCP/IP Se ttings screen appears. 2. Configure the DHCP parameters to make this access point a DHCP client. For help, see the next table.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 69 3. Click Submit Changes to save your cha nges. To activate your changes, from the menu bar clic k Save/Discard Ch anges, and then click Save Changes and Reboot. For he lp, see “Saving Configuration Changes” on page 46.
Chapter 3: Config uring the Ethernet Network 70 Configuring the Access Point as a DHCP Server You can configur e the access point as a simple DHCP server that provides DHCP server functions fo r small installations where no other DHCP server is available.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 71 To configure the access point as a DHCP server 1. From the menu, click TCP/IP Settings. The TCP/IP Settings scre en appears. 2. Verify that the IP Address field, IP Subnet Mask field, and IP Router field are configured.
Chapter 3: Config uring the Ethernet Network 72 4. Click Submit Changes to save your change s. DHCP Server Setup appears in the menu. DHCP User Class Leave the field blan k if you want this access point to respond to requests from any client. Or enter the DHCP user class identifier as defined in RFC 3 004.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 73 5. From the menu, click DHCP Serv er Setup. The DHCP Server Setup screen appears. 6. Configure the DHCP server.
Chapter 3: Config uring the Ethernet Network 74 Supported DHCP Server Options When the access point is acting as a DHCP server, it issues IP address leases to configure the IP a ddress, along with the DNS addresses, DNS suffixes, IP subnet mask, and IP router.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 75 Unsupported DHCP Server Options When the access point is acting as a DHCP serve r, it does not support any DHCP options other than those list ed. The DHCP server disregards any DHCP options that are not explicitly req uired by the DHCP specification.
Chapter 3: Config uring the Ethernet Network 76 To configure the access point as a NAT server 1. From the menu, click TCP/IP Se ttings. The TCP/IP Se ttings screen appears. 2. Verify that the IP Address fi eld and IP Subnet Mask field are configured. For help, see “Configuring the TCP/IP Settings” on page 65.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 77 Configuring Other Ethernet or Fiber Optic Settings Many of the standard Ethernet or fiber optic settings are configured in the TCP/IP Settings screen. For help, see “Configuring the TCP/IP Settings” on page 65.
Chapter 3: Config uring the Ethernet Network 78 T able 17. Ethernet Parameter Descriptions Parameter Explanation Port T ype Appears only if the access point has a fiber optic port.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 79 Configuring the Ethernet Address Table If you have a secondary LAN, you should configure the Ethernet address table in the designated bridge or WAP on the seco ndary LAN. This table contains all the MAC addresses on the secondary LAN that a re communicating with the primary L AN.
Chapter 3: Config uring the Ethernet Network 80 Configuring Ethernet Filters You can set both Ethernet a nd IP tunnel filters, and you can creat e protocol filters for both predefined and use r-defined protocol types. In addition, you can define arbitrary fr a me filters based on frame content.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 81 To set frame type filters 1. From the main menu, click Ethernet > Frame Type F ilters. The Frame Type Filters screen appears. 2. For each frame type field, check or clear t he Allow/Pass check box to configure if the frame types are allo wed to pass or are dropped.
Chapter 3: Config uring the Ethernet Network 82 5. If you set the Scope field to Unlist ed for any of the frame types, you must also configure predefined subty pe filters or customizable subtype filters. For help, see the n ext section, “Using Predefined Subtype Filters” on page 83 or “Customizing Subtype F ilters” on page 83.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 83 Using Predefined Subtype Filters You can configure the access point to pass or drop ce rtain predefined frame subtypes. To configure predefined subtype filters 1. From the main menu, click Ethe rnet > Predefined Subtyp e Filters.
Chapter 3: Config uring the Ethernet Network 84 To customize subtype filters 1. From the main menu, click Ethernet > Customizable Subtype Filters. The Customizable Subtype Filters screen appears. 2. For each subtype field, check or clear the Allow/Pass check box to configure if the subt ypes are allowed to pass or are dropped.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 85 Example This example shows you how to use customizable filters to allow only the wireless end devices (DHCP clients) communicating with the access point (DHCP server) to receive TCP/IP se ttings.
Chapter 3: Config uring the Ethernet Network 86 Configuring Advanced Filters You can configure advance d filters if you need more flexibility in you r filtering. Settings for adva nced filters execute after those for other filters; that is, advanced filters are only applie d if the fra me has passed the other filters.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 87 2. Enter up to 22 value IDs and values. 3. Click Submit Changes to save your cha nges. To activate your changes, from the menu bar clic k Save/Discard Ch anges, and then click Save Changes and Reboot.
Chapter 3: Config uring the Ethernet Network 88 2. Configure the filter expr essions parameters. For help, see the next table. 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save /Discard Changes, and then click Save Changes and Reboot.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 89 Example 1 This example shows you how to use Ethernet filters to filter all traffic that passes through the access point to the wireless network except for traffic for specified MAC addresses.
Chapter 3: Config uring the Ethernet Network 90 T able 22. Example 1 - Filter Values V alue ID V alue Description 1 ff f f ff f f ff f f Allows multicast traf fic to enter the wireless network, which is nec essary fo r IP end devices to communicate 2 00 02 2d 04 b7 a4 The MAC address of an end device you want to be able to communicate.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 91 For this example, set these filter expressions. You must enter a filter expression for each Value ID in the Filter Values menu. In this example, only the Ex prSeq and t he Value ID values change.
Chapter 3: Config uring the Ethernet Network 92 Example 2 This example shows how to use Ethernet filters to discard all DIX IP multicast frames except those from selected devices. Three entries have a value ID of 3 to demonstrate how to enter a list. All en tries with the same value ID belong to the same list.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 93 Set the first filter expression as shown below. T able 25. Example 2 – First Filter Expression Parameter V alue Explanation ExprSeq 1 The first exp ression that is executed. Y ou must have an expression for each V alue ID that is listed in the Filter V alues menu.
Chapter 3: Config uring the Ethernet Network 94 Set the second filter ex pression as shown belo w. T able 26. Example 2 – Second Filter Expression Parameter V alue Explanation ExprSeq 2 The second expression that is execu ted. Offset 12 Checks for the DIX IP frame type, which start s 12 bytes from the destination address.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 95 Set the third filter expression as shown below. T able 27. Example 2 – Third Filter Expression Parameter V alue Explanation ExprSeq 3 The third expression that is executed. Offset 6 Checks the source Ethernet address, which start s 6 bytes from the destination address.
96 Chapter 4 Configuring the Radios This chapter explains how t o configure the radios in the AT-WA750 0 and AT-WA7501 access points so that they communicate with your wireless end devices. This chapter covers these topics: “About the Radios” on p age 97 “Configuring the 802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 97 About the Radios The AT-WA7500 and AT-WA7501 access products may contain on e or two radios. You can use access points that contain two differe nt types of radios to support two differe nt types of wireless networks, such as legacy networks.
Chapter 4: Con figuring the Radio s 98 Configuring the 802.11g Radio You can configure the 8 02.11g radio to communicate with other 802.11g and 802.11b radios that have the same: SSID (Network Name) Security For each radio, you can assign up to four service sets, creating one primary service set and up to three seconda ry service sets.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 99 2. Configure the parameters for the radio. For help, see the next table. 3. Configure the advanced parameters for the rad io. For help, see “Configuring 802.11g Radio Advanced Parameters” on page 102 .
Chapter 4: Con figuring the Radio s 100 Node T ype Configure the 802.11g radio to master, station, or disabled: Master: The radio always operates in Master mode. The radio becomes active to accept connections for wireless devices when the access point joins the spanning tree.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 101 The 802.11g and 802.11b ch annels that are allowed in a given country may change without notice.
Chapter 4: Con figuring the Radio s 102 Configuring 802.11g Radio Advanced Parameters You can configur e advanced parameters for the 802.11g radio p rimary service set. These settings are shar e d by any secondary service sets defined for the radio. To configure advanced parameters 1.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 103 T able 31. 802.11g Radio Advanced Parameter Descriptions Parameter Description Client T ype/Performance Specifies if this radio will communicate with 802.11b and/or 802.11g radio s: 11b/11g with range reliability (Not Wi-Fi): Allows clients with 802.
Chapter 4: Con figuring the Radio s 104 Power Output Level* Set the transmitted power level: Maximum (63 mW): Sets the output power to the highest level supported by th e radio. Medium (32 mW): Sets the output power to 3 dB lower than the highest level supported by the radio.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 105 Fragmentation Threshold Specifies the largest data frame tha t can be transmitted without fragmentation. Range is 256 to 1600. On certain radios, the fragmentation does not occur unless the radio detects interference.
Chapter 4: Con figuring the Radio s 106 Disallow SSID (Network Name) of ‘ANY (Master radio only) Determines if end devices tha t have their SSID set to ANY or are left blank (empty) can associate with this radio. Clear this check box to allow these end devices to associate with this radio .
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 107 Configuring 802.11g Radio Inbound Filters You can configure inbound filters for the 802.11g radio primary service se t. These settings are shared by any sec ondary service sets defined for the radio.
Chapter 4: Con figuring the Radio s 108 2. For each frame type, check or clear each check box. For help, see th e next table. 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save /Discard Changes, and then click Save Changes and Reboot.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 109 3. From the main menu, click Apply Ho t Settings to save your changes to the “active” configuration file (a s defined in “Saving Configuration Changes” on page 46). The Apply Ho t Settings screen appears.
Chapter 4: Con figuring the Radio s 110 Configuring the 802.11b Radio The 802.11b radio will communicat e with other 802.11b radios that have the same: SSID (Network Name) Security To configure the 802.11b radio 1. From the main menu, click 802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 111 T able 33. 802.11b Radio Parameter Descriptions Parameter Description Node T ype Configure the 802.1 1b radio as a master or station. Y ou can also disable the radio. SSID (Network Name) Enter the SSID (network name) for this radio.
Chapter 4: Con figuring the Radio s 112 Configuring 802.11b Radio Advanced Parameters 1. From the main menu, click 802.11b Radio > Advanced Configuration. The Advanced Configuration screen appears. 2. Configure the advanced parameters. For help, see the next table.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 113 Basic Rate Choose the rate at which the access point transmits multicast and b eacon frames. In general, higher speeds mean shorter range and lower speeds mean longe r range. Do not set this rate higher than the maximum rate at which yo ur end devices can receive multicast frames.
Chapter 4: Con figuring the Radio s 114 Enable Load Balancing Determines if end devices can distrib ute their connections across multiple access points.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 115 Configuring 802.11b Radio Inbound Filters When configuring a master rad io, you can filter different types of wirele ss traffic that it may receive. You may want t o use this feature by itself or with an access control list (ACL) to help secure your ne twork.
Chapter 4: Con figuring the Radio s 116 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save /Discard Changes, and then click Save Changes and Reboot. For help , see “Saving Configuration Changes” on page 46.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 117 Configuring a SpectraLink Network SpectraLink wireless telephone system s simplify network infrastructure and network management by combining voice a nd data traffic over one wireless network, leveraging 802.
Chapter 4: Con figuring the Radio s 118 2. In the Data/Voice Settings field, choose either Data and SpectraLink Traffic or SpectraLink Traffic Only. F or help, see “Configuring 802.11b Radio Advanced Parameters” on page 112. 3. Check the Allow Data Rate Fallback check box.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 119 Configuring the 802.11a Radio The 802.11a radio will communicate with other 802.11a radios that have the same: SSID (Network Name) Security For each radio, you can assign up to four SSIDs, creating one primary service set and up to three secondary service sets.
Chapter 4: Con figuring the Radio s 120 If your screen does not look like the previous one, your primary service set may be configured as station (instead of master), so that the secondary service sets are not available, as shown next. 2. Configure the parameters for the radio.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 121 5. Click Submit Changes to save your cha nges. To activate your changes, from the menu bar clic k Save/Discard Ch anges, and then click Save Changes and Reboot. For he lp, see “Saving Configuration Changes” on page 46.
Chapter 4: Con figuring the Radio s 122 Node T ype Configure the 802.11a radio to master, station, or disabled: Master: The radio operates in Master mode when it sees the root access point on its Ethernet port. If it cannot see the root, it operate s in Master/ Station mode and tr ies to find the root through its radio port.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 123 Channels marked with an asterisk (*) a re not available in the mid- range radio. If you set the Frequency p arameter to Dynamic, turbo channels are never selected.
Chapter 4: Con figuring the Radio s 124 Configuring 802.11a Radio Advanced Parameters 1. From the main menu, click 802.11a Radio > Advanced Configuration. The Advanced Configuration screen appears. 2. Configure the advanced parameters. For help, see the next table.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 125 Data Rate Choose the rate at which the access point transmits data. In general, higher speed s mean shorter range and lower speeds mean longer range. If you choose the S peed Mode to be 802.
Chapter 4: Con figuring the Radio s 126 Configuring 802.11a Radio Inbound Filters When configuring a master radio, you can filter different types of wireless traffic that it may receive. You may want to use this feature by itself or with an access control list (ACL) to help secure your network.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 127 Note If any of the devices are also DHCP clients, you need to check the Allow DHCP check box. To configure 802.11a radio inbound f ilters 1. From the main menu, click 802.11a Ra dio > Inbound Filters.
Chapter 4: Con figuring the Radio s 128 Allow DHCP Determines if this radio accepts DHCP frames. The DHCP frames must match UDP destination port 67 and ARP .
129 Chapter 5 Configuring the Spanning T r ee This chapter explains how t o configure the AT-WA7500 and AT-WA7501 access points so that they create a spa nning tree topology.
Chapter 5: Config uring the Spanning Tree 130 About the Access Point Spanning Tree AT-WA7500 and AT-WA7501 access points with th e same LAN ID arrange themselves into a self-organized ne twork using a spanning tree topology.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 131 About the Primary LAN and the Root Access Point The primary LAN (also called the root IP subnet) contains the root access point, which initiates the spanning tree.
Chapter 5: Config uring the Spanning Tree 132 3. Configure the LAN I D. All access points that want to participate in th e spanning tree must have the same LAN ID. 4. Set the Root Priority parameter to be the highest nu mber of all access points on the primary LAN.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 133 The designated bridge must be configured so that the Secondary LAN Bridge Priority value is a non-zero numb er .
Chapter 5: Config uring the Spanning Tree 134 About Ethernet Bridging/Data Link Tunneling Ethernet bridging is simply forwardin g a frame received on the radio port to the Ethernet port, and vice versa . Using this default mode, the access point acts as a bridge between the wirele ss and wired networks.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 135 3. On all other access points on the primary LAN, clear the Enab le Ethernet Bridging check box. 4. Make sure that the Root Priority parameter for a ll other access points is less than the root access poin t.
Chapter 5: Config uring the Spanning Tree 136 Configuring the Spanni ng Tree Parameters When you configure the spanning tree par ameters, yo u identify the access point as part of the spanning tree .
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 137 4. (Optional) Configure security by clicking Configure Spanning Tre e Security. For help, see “Creating a Secure Spanning Tre e” on page 181. T able 42. Spanning Tree Parameter Descriptions Parameter Explanation AP Name Enter a unique name fo r this access point.
Chapter 5: Config uring the Spanning Tree 138 Rightmost LED Behavior Choosing Spanning Tree Root Indicator causes the LED to blink if the access point is configured as the root and remain on if an erro r is detected. Enable Ethernet Bridging Determines how frames from end device s are moved between the wired and wireless networks.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 139 Secondary LAN Flooding (Outbound) Appears for Designated Bridge only. Specifies the types of fram es it forwards from the primary LAN to th.
Chapter 5: Config uring the Spanning Tree 140 About IP Tunnels The physical boundary of a network is usually define d by the existence of an IP router. Before IP tunnels techn ology was developed, wireless end devices could only operate within the limited coverage area of their own network and could not roam across IP subnet bound aries.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 141 IP tunnels use encapsulation to establish a virtual LAN (VLAN) seg ment through IP routers. The VLAN segment includ es the root IP subnet and logically extends to include end dev ices attache d to access point s on remote IP subnets.
Chapter 5: Config uring the Spanning Tree 142 When an access point at the endpoin t of the IP tunnel receives data from an end device, it uses a standard IP protocol called Generic Router Encapsulation (GRE) to encap sulate the data into a frame.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 143 2. Make sure that the root access point and the access point at the endpoint of the IP tunnel have the same LAN ID.
Chapter 5: Config uring the Spanning Tree 144 Using One IP Multicast Address for Multiple IP Tunnels IP tunneling supports IP multicast a nd Internet Group Management Protocol (IGMP). IP multicast provides an idea l way to distribute IP hello messages.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 145 3. Make sure that the root access point and the access point at the endpoint of the IP tunnel have the same LAN ID.
Chapter 5: Config uring the Spanning Tree 146 away from their root IP subnet. Unicast frames are not flooded. Unicast frames a re only forwarded outbound through an IP tunnel if the destination address identifies an end device that has roamed to a remote IP subne t.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 147 Frame Types That Are Never Forwarded Certain frame types are never forwar ded through IP tunnels. Fra me types that are never forwarded include IP fr ames used for coordinating routers and MAC frames used for coordinating bridges.
Chapter 5: Config uring the Spanning Tree 148 Configuring IP Tunnels For guidelines, see “About IP Tunnels” on page 140. To configure the IP Tunnels screen 1. From the main menu, click IP Tunnels. The IP Tu nnels screen appears. 2. Configure the IP tunnels pa rameters.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 149 Configuring the IP Address List On the root access point and root can didates, the IP address list contains the IP addresses or DNS na mes of all the access points at the endpoint o f the IP tunnels.
Chapter 5: Config uring the Spanning Tree 150 2. If you enabled IGMP, enter the Class D IP multicast addre ss. The default is 224.0.1.65. 3. Enter the IP addresses or DNS names of a ll the access points that can be the endpoints of IP tunnels. 4. Click Submit Changes to save your changes.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 151 through an IP tunnel by the root access po int unless the destination IP address belongs to the root IP subnet. (Frames are only forward ed outbound to end devices that have roamed away from the root IP subnet.
Chapter 5: Config uring the Spanning Tree 152 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save /Discard Changes, and then click Save Changes and Reboot. For help , see “Saving Configuration Changes” on page 46.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 153 Using Predefined Subtype Filters You can configure the access point to pass or drop ce rtain predefined frame subtypes. To configure predefined subtype filters 1. From the main menu, click IP Tunnels > Predefined Subtype Filters.
Chapter 5: Config uring the Spanning Tree 154 Subtype: Selects the frame subtype you wish to configure. Value: The next table de scribes fr ame subtypes and their values. The value must be two hex pairs. When a match is found between frame subtype and value, the specified action is taken.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 155 DIX-IPX-Socket Socket value in hexadecimal. DIX-EtherT ype S pecify the registered DIX type in hexadecimal. SNAP-IP-TCP-Port Port value in hexadecimal. SNAP-IP-UDP-Port Port value in hexadecimal.
Chapter 5: Config uring the Spanning Tree 156 Filter Examples These examples illustrate how to set both Ethern et and IP tunnel filters to optimize network performance. The next illustration includ es: wireless end devices using TCP/IP to communicate with other devices.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 157 Example 1 The root (AP1), AP3, AP5, and AP6 service only wirele ss end devices. These access poin ts need to pass IP traffic, but not pass IPX traffic tha t does not need to be forwarded t o the primary or secondary LAN.
Chapter 5: Config uring the Spanning Tree 158 For this example, set these options on the Ethe rnet Frame Type Filters screen. In the Predefined Subtype Filter s screen, set the 802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 159 Example 3 If you have a DHCP server o n a Windows NT server and you wa nt to use this DHCP server to assign TCP/IP parameters to end devices on a remote IP subnet, you need to set thes e filters to allow for the necessary IP tunneling.
Chapter 5: Config uring the Spanning Tree 160 Comparing IP Tunnels to Mobile IP The AT-WA7500 and AT-WA7501 access points support IP tunnelin g, which allows end devices to ro am across different subnets (routers) without having to change IP addresses.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 161 S pecial network software S tandard network feature. No additional network software is required.
Chapter 5: Config uring the Spanning Tree 162 Configuring Global Parameters Global parameters are configured on the root access po int and on any other access point that is a root candidate (does not have a root priority of 0). The root access point sends these se ttings to all oth er access points in the spanning tree.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 163 2. Configure the Global Flooding par ameters. For help, see th e next table. 3. Click Submit Changes to save your cha nges. To activate your changes, from the menu bar clic k Save/Discard Ch anges, and then click Save Changes and Reboot.
Chapter 5: Config uring the Spanning Tree 164 Allow Multicast Outbound to T erminals Appears only if Multicast Flooding is enabled. Determines if outbound multicast fra mes with unknown destination addresses are flooded toward end devices. T ypically , this parameter is checked.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 165 Configuring Global RF Parameters Use global RF paramete rs to set various parameters on the access points.
Chapter 5: Config uring the Spanning Tree 166 The Global RF Parameters screen appears. 2. Configure the global RF para meters. Click the links in the Global RF Parameters menu to set more parameters.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 167 3. Click Submit Changes to save your cha nges. To activate your changes, from the menu bar clic k Save/Discard Ch anges, and then click Save Changes and Reboot. For he lp, see “Saving Configuration Changes” on page 46.
Chapter 5: Config uring the Spanning Tree 168 S-UHF/902 MHz Awake Time (S-UHF and 902 MHz radios only) S pecifies the amount of time that a wireless end device stays awake wh en radios are inactive. A sleeping device is less responsive to radio activity; however , the longer a device is kept fully awake, the larger the drain on th e battery .
169 Chapter 6 Configuring Security This chapter explains how to use different security solutions to ensure that you have a secure wireless network. This chapter covers these topics: “Understandi.
Chapter 6: Config uring Security 170 Understanding Security The AT-WA7500 and AT-WA7501 access points provide many differe nt security features and solutions t hat you can use to create a secure wireless network. To create a secure wireless network, you need to be concerned about: securing your backbone.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 171 These security features and solutio ns are listed below in the order of amount of security and ease of use (most basic/least secure to most secure).
Chapter 6: Config uring Security 172 Use an 802.1x security solution. 8 02. 1x security provides a framework to authenticate user traf fic to a protected wireless network. Using 802.1x security provides secure dat a transmission by creating a secure spanning tree a nd dynamically rotating the WEP keys.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 173 802.11b radio is configured with no security and you expect it to associate with the secondary 1 service set.
Chapter 6: Config uring Security 174 Controlling Access to Access Point Menus There are several ways that you can manage who can configu re and manage the access points in your network: Enable/disable access methods. Set up individual logins. Change the default logins an d create a read-only login.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 175 To enable or disable access methods 1. From the main menu, click Secu rity. The Security scree n appears. 2. Enable or disable the access metho ds that users can use to connect to the access point.
Chapter 6: Config uring Security 176 Setting Up Logins To ensure login security for configurin g or maintaining the access points, you should either use a password server (typically an EAS or another RADIUS server) or change the defau lt user name and password.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 177 Note Each time the service password lo gin attempt fails, the process may take up to 8 seconds. If you do not want to enable RADIUS authorization, you should chan ge the default login user name and password.
Chapter 6: Config uring Security 178 5. Configure the password server by cl icking Sele ct a RADIUS server for login authorization. The RADIUS Server List screen appears. 6. For each password server, enter the IP address o r DNS name, enter the shared secret key, port number, and check the Lo gin check box.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 179 To set up logins 1. From the main menu, click Security > Passwords. The Passwords screen appears. 2. Verify that the Use RADIUS fo r Login Authorization check box is cleared. 3. Click Submit Changes to save your cha nges.
Chapter 6: Config uring Security 180 T able 51. Password Parameter Descriptions Parameter Description Use RADIUS for Login Authorization Determines if you are using a p assword server to authenticate end devices tha t can communicate with this access point.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 181 Creating a Secure Spanning Tree When you configure a radio to u se 802.1x security, you automatically enable spanning tree security, which can be used for both wired and wireless access points (WAPs).
Chapter 6: Config uring Security 182 To create a secure spanning tree Note You do not need to perform t his procedure if you are implementing an 802.1x security solution. 802.1x authenticat ion automatically enables secure IAPP and secure wi reless hops.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 183 6. Click Submit Changes to save your cha nges. To activate your changes, from the menu bar clic k Save/Discard Ch anges, and then click Save Changes and Reboot. For he lp, see “Saving Configuration Changes” on page 46.
Chapter 6: Config uring Security 184 Enabling Secure Communications Be tween Access Points and End Devices There are several ways that you can ensure secure communications between access points and wireless end devices in your n etwork: Use an access control list (ACL).
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 185 To use an ACL 1. From the main menu, click Security an d then click the radio service set you are configuring. The appropriate radio screen appears. 2. Check the Enable ACL Client Author ization check bo x if you want to use an ACL to authorize end devices to communicate with the network.
Chapter 6: Config uring Security 186 7. Configure the RADIUS server by clicking Select a RADIUS server for ACL authorization. The RADIUS Server List scree n appears. 8. For each RADIUS server, enter the IP address or DNS name, enter the shared secret key, port number, and check the ACL or Login check box.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 187 Configuring VLANs Virtual LANs (VLANs) make it easy to create and manage logical groups of wireless end devices that communicate as if th ey were on the same LAN. You can group all wireless users on a particular VLAN in order to manage the IP address space differently.
Chapter 6: Config uring Security 188 To configure a VLAN 1. From the main menu, click Spanning Tree Settings. Th e Spanning Tree Settings screen appears. 2. Check or clear the Enable GVRP for VLAN check bo x:. Check the check box if the VL AN switch is configured to dynamically configure its port s based on the end devices’ nee ds.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 189 5. Under the Security link, click t he radio service set you want to configure for the VLAN. This screen appears. 6. In the VLAN field, enter the VLAN number that encapsulate s all frames received on this radio port.
Chapter 6: Config uring Security 190 Since static WEP keys can be difficult to update, the AT-WA7500 and AT-WA7501 access products let you enter up to four WEP keys, and then pick a WEP transmit key (1-4). It is easier to rota te the WEP transmit key than to individually change all the WEP keys.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 191 3. Click Submit Changes to save your cha nges. This screen appears. 4. Configure the parameters for WEP configuration. To ensure maximum security, configure each WEP key with a different WEP code.
Chapter 6: Config uring Security 192 Implementing an 802.1x Security Solution You can implement 802.1x security in your network. The IEEE 802.1x standard provides an authe ntication protocol for 802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 193 Any device with an EAP-TLS supplicant (end device or child access point) needs both the CA certificate an d the server certificate. If the child access point is using SW AP and is an authenticator , it does not need any certificates loaded on it.
Chapter 6: Config uring Security 194 2. In the Security Level field, select Dynamic WEP/802.1x. 3. Click Submit Changes to save your changes. Th is screen appears. 4. In the Key Rotation Period ( Minutes) field, enter how often (in minutes) the access point generates a new WEP key to d istribute to the end devices.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 195 5. Click Submit Changes to save your cha nges. To activate your changes, from the menu bar clic k Save/Discard Ch anges, and then click Save Changes and Reboot. For he lp, see “Saving Configuration Changes” on page 46.
Chapter 6: Config uring Security 196 Enabling Secure Communica tions Between Access Points When you configure a radio to use 802.1x security, you automatically enable spanning tree security, which can be used for both wired access points and WAPs. A secure spannin g tree has two functions: 1.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 197 SWAP. Note that SWAP authentication is susceptible to d owngrade attacks from rogue supplicants as it is easie r to break SWAP than TLS or TTLS. Configuring Spanning Tree Security Note If you are implementing an 802.
Chapter 6: Config uring Security 198 5. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save /Discard Changes, and then click Save Changes and Reboot. For help , see “Saving Configuration Changes” on page 46.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 199 Configuring Wi- Fi Protected Access (WPA) Security Wi-Fi Protected Access (WPA) is a strongly enhanced, interoperable Wi-Fi security that addresses many of the vulnerab ilities of Wired Equivalent Privacy (WEP).
Chapter 6: Config uring Security 200 To configure WPA security 1. From the main menu, click Security a nd then click the radio service set you are configuring. The ap propriate radio screen appears. 2. In the Security Level field, choose either WPA - PSK or WPA - 802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 201 To continue configuring WPA se curity for WPA – 802.1x mode 1. Configure the RADIUS server by clicking Select a RADIUS se rver for 802.1x authentica tion. The RADIUS Server List screen appears.
Chapter 6: Config uring Security 202 Configuring WPA PSK Security T able 54. WPA PSK Security Parameter Descriptions Parameter Explanation Multicast Encryption T ype Indicates that TKIP is used as the data encryption method for broadcast and multicast for this radio port.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 203 Configuring WPA 802.1x Security T able 55. WPA 802.1x Security Parameter Descriptions Parameter Explanation Multicast Encryption T ype Allows you to select the dat a encryption method for broadcast and multicast for this radio p ort.
204 Chapter 7 Configuring the Embedded Authentication Server (EAS) This chapter explains how t o configure the embedded authentication server (EAS) in your access point for different security solutions to ensure that you have a secure wireless network.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 205 About the Embedded Authen tication Server (EAS) The AT-WA7500 and AT-WA7501 access points have an e mbedded authentication server (EAS), which is an internal RADIUS server. In your network, you can use the EAS on any access point.
Chapter 7: Config uring the Embedded Auth entication Server (EAS) 206 About Certificates Certificates encrypt communication b etween the internal RADIUS server, RADIUS clients, and the supplicants and HTTPS clients.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 207 representative. Or you can install certificates from a third-party certificate authority. Note Access points also come with a default server certificate (ValidforHTTPSOnly).
Chapter 7: Config uring the Embedded Auth entication Server (EAS) 208 Installing and Uninstalling Certificates Once you have determined that you need to in stall a certificate, use this procedure. To install certificates 1. From the main menu, click Security > Certificate Det ails.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 209 To uninstall all certificates Note If you follow the procedure to uninstall a ll certificates, you will lose the unique server certificate and the trusted CA certificate. You will need to contact your local Allied Telesyn representative to purchase new certificates.
Chapter 7: Config uring the Embedded Auth entication Server (EAS) 210 Configuring the EAS Once you decide which access p oint will be co nfigured to use its EAS, you need to enable the EAS on that access point and configure its databa se. To configure the EAS 1.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 211 To enable the EAS 1. Log in to the acce ss point whose EAS you are enabling. 2. From the main menu, click Security > Embedded Au thentication Server. The Embedded Authentication Serve r screen appears.
Chapter 7: Config uring the Embedded Auth entication Server (EAS) 212 Configuring the Database The EAS database contains up to 128 cl ients that this access point authorizes for logins, RADIUS clients, ACL clients, and 802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 213 Note Allied Telesyn recommends that when you a re done configuring the database, you export it and save the file in a safe place . If you restore the access point to its default configu ration, the database is not saved.
Chapter 7: Config uring the Embedded Auth entication Server (EAS) 214 8. Click Save/Discard changes, and then click Save Changes witho ut Reboot. T able 59.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 215 Using the Rejected List The Rejected List screen displays the users and devices that ha ve been rejected by the EAS. You can use this list to discover which users and devices may need to be added to the database.
Chapter 7: Config uring the Embedded Auth entication Server (EAS) 216 4. Add users and devices to the dat abase. For help see “Adding Entries to the Database” on page 216. Adding Entries to the Database When you accept TTLS/PAP and PEAP/GTC entries, they are added to the database and require no further configuration.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 217 Clearing the Rejected List To clear the rejected list, you can either reboot the acce ss point or perform these steps. 1. Click Select All Entries. A check box appears next to all entries. 2.
Chapter 7: Config uring the Embedded Auth entication Server (EAS) 218 3. If you are not using the secure web browser, click “A secure session is available.” Repeat Steps 1 and 2. 4. Click Export the EAS database from this access point. A F ile Download dialog bo x appears.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 219 6. Choose the location and filename of the database. If you use the *.CSV extension, you ca n import it into Microsoft Excel, which recognizes it as a comma separated text file. 7. Click Save.
220 Chapter 8 Managing, T r oubleshooting, and Upgrading Access Points This chapter explains how t o manage, maintain, troubleshoot, an d upgrade the access products.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 221 Managing the Access Points There are several methods that you can u se to manage the access points: Wavelink Avalanche client management system: You can insta ll the Wavelink Avalanche system to help you manage your wireless network.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 222 The enabler is already installed on acce ss points with software release 2.0 or later.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 223 To configure your access points to use Avalanche 1. From the main menu, click Network Management. The Network Management page appears. 2. In the Avalanche Agent Na me field, enter the IP address or DNS name of the console.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 224 5. Verify that the Allow Avalanch e Access check box is checked. 6. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save /Discard Changes, and then click Save Changes and Reboot.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 225 3. Install the software package using the Avala nche Management Console. 4. Schedule access point updates or manually initiate an update using the console.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 226 Using Simple Network Management Protocol (SNMP) The access point can be managed using Simple Network Manage ment Protocol (SNMP); that is, you access the access point from an SNMP management station.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 227 SNMP Secret Community Specify a password that provides read and write access and lets the user chan ge the community strings. This password can be from 1 to 15 characters and is case sensitive.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 228 Maintaining the Access Points The Maintenance menu lets you view different parameters con figured for the access point, including connections , port statistics, and a configuration summary.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 229 T able 64. AP Connections Screen Fields Display Field Description S panning T ree Connection S tatus Indicates the current status of this access point in relation to the spanning tree: This access point is root: This acce ss point has formed a spanning tree and is serving as root.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 230 MAC Address Shows the address of the connected device. If another access point is connecte d to this access point, you see the Ethernet MAC address. If a WAP is connected to this access p oint, you see the radio MAC address.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 231 Viewing AP Neighbors The AP Neighbors screen provides information on all the access point s (even hidden access points) in the area. It displays information gathe red by the radios receiving beacons from other so urces as it operates on a specific channel.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 232 To view AP neighbors From the menu, click Maintenance > AP Neighbors. The AP Neighbors screen appears. For help interpreting the informa tion on this read-only screen, see the next table.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 233 Capabilities This information is derived from the capability information sent in the beacon. Capabilities ma y include: ESS: Set for an access point and cleared for an end device or ad-hoc device.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 234 Viewing Port Statistics The Port Statistics screen shows t he to tal number of frames and bytes that the access point has received and tra nsmitted since it was last booted. You can also view graphs of inbo und and outbound packets for the port.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 235 Viewing DHCP Status The DHCP Status screen shows a stat us report for the DHCP client or DHCP server. If the access point is a DHCP ser ver and if the Permanently Save IP Address Mappings check box is checked, you can delete entries from the server’s permanent address map.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 236 Viewing the Events Log The Events Log screen shows a the events that have been logged by this access point. These events are cleared when the access point lose s power or is rebooted.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 237 Viewing the About This Access Point Screen This screen shows information a bout the access point, such as the software version, radio versions, and MAC addresses.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 238 4. Click the button under the Configuration Summary title to switch between displaying all configuration settings a nd displaying the configuration settings that are diffe rent from the factory default settings.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 239 Restoring the Access Point to the Default Configuration You may need to restore the access point to the factory default configuration. For a list of the defa ult settings, see Appendix B, “Default Settings.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 240 Troubleshooting the Access Points This section provides you with information on the installatio n, configuration, and operatio n of the access point.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 241 3. Click each error message to jump to the co nfiguration screen where you can resolve the possible configuration error. The configuration error messages are listed in the next table . Most are self explanatory , but a few require additional information.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 242 All SSID values must be unique per physical radio. While configuring multiple service sets, you did not specify a unique SSID (network name) for each service set. For help, see “Configuring the 802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 243 The access point is set to originate IP tunnels but no there are no tunnel IP addresses. On the IP T unnels screen, Mode is set to Originate if Root, but no IP addresses have been added to the IP Addresses screen.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 244 The IP Address and IP Router must share the same subnet. For help, see “Configuring the TCP/IP Settings” on page 65. The IP Subnet Mask is invalid. For help, see “Configuring the TCP/IP Settings” on page 65.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 245 Troubleshooting With the LEDs When the access point boots, it performs internal diagnostics and the LEDs display the pattern shown in the next t able. Y ou have enabled the embedded authentication server but you have not installed a server certificate to identify this device.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 246 After the AT-WA7500 or AT-WA7501 successfully boots, the LEDs displa y one of these patterns: General Troubleshooting Only Boot ROM code is available on access point. Load new files.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 247 The Power LED is not on. 1.Make su re the powe r cable is firmly plugged into the AT-WA7501 access point and the power source. Or make sure th e Ethernet cable is firmly plugged into the AT-WA7500 access point and the power over Ethernet bridge.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 248 Y ou cannot connect to the access point using a web browser . 1.Verify that you are not using a crossover cable if connected to a hub or a switch. Verify that you are using a crossover cable if connected directly to the PC or server.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 249 The end device cannot connect to the network. From the Maintenance menu, choose AP Connections and verify that the MAC address of your end device appears on your PC screen. If it do es not appear , your end device is not communicating with the access point.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 250 Y ou need to verify the static WEP keys. Y ou cannot verify the WEP keys. The keys are encrypted af ter you enter them and are never displayed aga in. Y ou may need to reconfigure your access point s and end devices to reset the WEP keys.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 251 Troubleshooting the Radios If you are having problems communicati ng with your wireless netwo rk, you can use the access point LEDs, error messa ges, Radio MAC Ping, or ICMP Echo to troubleshoot any radio problems.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 252 In this table, “Radio A” refers to the rad io in slot 1 and “Radio B” refers to the radio in slot 2. These error messages may appear for e ither radio. Using Radio MAC Ping (802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 253 ping will have their MAC address listed with a hype rlink. 2. Click a MAC address hyperlink. The access po int pings the device, and then this screen appears showing the resu lts. By default, the Refresh Mode is Manual.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 254 Using ICMP Echo ICMP (Internet Control Message Protoc ol) echo lets yo u ping devices using their IP address. ICMP echo c an only be used if the access point has determined the IP address of the end device or another access point.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 255 2. Click an IP address hyperlink. The access po int pings the device, and then the Ping Utility screen appears showing the results. Note The information on this screen varies with the type of request sent and the capabilities of the medium throug h which it is sent.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 256 To view the Security Events log From the menu, click Security > Se curity Event s. The Security Event s log appears. For help understanding the events, see the next table.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 257 Note If you use an SNMP management station or another n etwork management tool, the age represents how much time has passed since the access point was booted th at this event occurred.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 258 Recovering a Failed Access Point Note Do not use this procedure to upgrade your access point software. For help, see “Upgrading the Access Points” on page 261. You should never need to use this procedure.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 259 You can recover a failed access point usin g a Windows NT4/2000/XP PC. The procedure is explained in the next su bsection. Using a Windows NT4/2000/XP PC You can use a Windows NT4/2000/XP PC and a command prompt to recover a failed access point.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 260 Once the TFTP transfer is complete, the access point will begin booting the image that was just p a ssed to it. This image is only resident in RAM. If you reboot the access point o r if the access point loses power , the AP824X.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 261 Upgrading the Access Points For optimal performance, you sho uld install the most current software version on all the access points in your network.
Chapter 8: Managin g, Troubleshooting, a nd Upgrading Access Po ints 262 Note If you have not already copied the upgr ade file to your PC, follow the instructions in “Upgrading the Access Points” on page 261. 4. Click Upgrade to start the upgrade.
263 Chapter 9 Additional Access Point Featur es This chapter explains some of the more a dvanced ways that you can maintain the access points. This chapter cove rs these topics: “Underst anding .
Chapter 9: Additi onal Access Point Fe atures 264 Understanding the Access Point Segments The AT-WA7500 and AT-WA7501 access points contain on e flash memory segment, as well as temporary memory (RAM). Several of the comma nds described in this cha pter require that you specify the segment where a file is located on th e access point.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 265 Understanding Transparent Files The AT-WA7500 and AT-WA7501 access points with software release 2.2 support transparent files, which are file s without file headers. Transparent files all have the date May 14, 2002 (5-14-20 02) and have no version.
Chapter 9: Additi onal Access Point Fe atures 266 Using the AP M onitor The AP (access point ROM) monitor is system software that lets yo u manipulate the access point files and file segments. You can only access the AP monitor through the serial port using a communi cations program.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 267 To list AP monitor commands Press any key (except the letter B, wh ich reboots the access p oint), and then press Enter . A list of AP monitor commands appears. B Purpose: Reboots the access point.
Chapter 9: Additi onal Access Point Fe atures 268 MR Purpose: Displays the manufacturing record for the access point. Use the MR command to display the MAC address, configuration string, and serial number for your access point . Syntax: MR SR Purpose: Sets the baud rate of the access point.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 269 To display CAM commands T ype any letter or number other than B and press Enter . The CAM commands appear on the screen. Using Test Mode Commands Within the AP monitor, Test mode lets you perform certain test funct ions.
Chapter 9: Additi onal Access Point Fe atures 270 To display test commands T y pe any letter or number other than B and pr ess Enter . The test commands appear on the screen.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 271 To list service commands Press any key (except the letter B, wh ich reboots the access p oint), and then press Enter . The service commands appear on the screen. Many of the commands that are av ailable in Ser vice mode are also available in the AP monitor or Co nsole Command mode.
Chapter 9: Additi onal Access Point Fe atures 272 To make segment 2 the active boot segment and segment 4 the active data segment, enter: FB 2 4 You can use an asterisk instead of a se gment name if you want to leave that segment unchanged.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 273 FDEL Purpose: Deletes a particular file. Note When you use the FDEL command, the file is marked as invalid and remains in the file system. To reclaim the file space, you must erase the entire segment.
Chapter 9: Additi onal Access Point Fe atures 274 To erase the contents of the memory card, enter: FE APP: FFR Purpose: Runs a program f, from a locatio n s. Syntax: FFR f ( s ) where: f is the program name. s is the optional segment locatio n of the program.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 275 where: f is the FPGA configuration filename. s is the optional segment where you want to load th e configuration file.
Chapter 9: Additi onal Access Point Fe atures 276 Using Command Console Mode You can use the Command Console mode to ma nipulate some access point files and file segments. You can also use Command Console mode to upgrade access points using TFTP and script files.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 277 Using the Commands Several of these commands require that you enter filenames. To indicate the segment where the file is located, you precede the filename with either a segment number or name followed by a colon.
Chapter 9: Additi onal Access Point Fe atures 278 FD Purpose: Displays the flash file system directory, which includes information about the boot file and file type: E (executable ), D (data), and T (transparent). Use this command to en sure that the correct version of the file is in the active boot segment.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 279 FE Purpose: Erases all the files in a particular segment, including th ose that have been “deleted” with FDEL. To recover th e files after they have been erased, you must reload them from another so urce.
Chapter 9: Additi onal Access Point Fe atures 280 In general, TFTP client sessions shoul d fail only if the server is not responding either because it is busy serving oth er clients or because it has not been started.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 281 The following command gets file UAP.DNL from a d irectory on a PC server with IP address 1.2.3.4 and stores it in the flash memory seg ment on the access point. TFTP GET 1.2.3. 4 C:STARTU PUAP.
Chapter 9: Additi onal Access Point Fe atures 282 Example: The following command takes file AP824X.PRG that is saved in the active boot drive on the access point client and sto res it in the flash memory segment on the access poin t server that has IP address 1.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 283 TFTP SERVER STOP Purpose: When you are done transferring files, you can stop the access point from being a TFTP server by using this comman d.
Chapter 9: Additi onal Access Point Fe atures 284 Using sdvars Commands Use sdvars commands to manipulate certain software downloa d variables. Sdvars commands supp ort both GET and SET arguments.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 285 sdvars set starttime Purpose: Sets the internal variable starttime. Sta rttime is a countdown time; that is, when zero is reache d, the software download process be gins.
Chapter 9: Additi onal Access Point Fe atures 286 sdvars set ch eckpoint 2 TFTP get * ap82 4x.prg 1 sdvars set ch eckpoint 3 reboot When the software download is started, you can use SNMP to query its progress by reading the checkpoint variable.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 287 Example: To change the inactive boot and data se gments to active at the next reboot, enter: sdvars set seta ctivepoin ters both sdvars set.
Chapter 9: Additi onal Access Point Fe atures 288 Creating Script Files You can create a script file that exe cutes a series of commands. For example, when you upgrade the access point, you typically need to erase the flash memory segment, download the new files, and reboot using the new software.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 289 file tftp g et * soft warecert .dnl 1: file tftp g et * soft wareclos ed.dnl 1: file tftp g et * soft waredisc inca.dnl 1: file tftp g et * soft wareeasd b.dnl 1: file tftp g et * soft wareecho .
Chapter 9: Additi onal Access Point Fe atures 290 Legacy Sample Script for Upgrading Any Access Point This sample script file was created for older access points with multiple segments.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 291 Copying Files To and From the Access Point You can accomplish a variety of file import /export tasks from the File Import/Export screen. In the menu bar, click File Import/Export, and the File Import and Export screen appears.
Chapter 9: Additi onal Access Point Fe atures 292 Importing or Exporting an EAS RADIUS Database File To import or export an EAS RADIUS database file 1. Click Read or write the EAS RA DIUS database. The EAS Database Import/Export screen appears. 2. To import a file, enter of select the n ame of the database file to import and click Import Database.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 293 Transferring Files Using Your Web Browser To transfer files to the acce ss point using your web browser 1. Click Transfer files to this device using your browser. Th e File Import screen appears.
Chapter 9: Additi onal Access Point Fe atures 294 Viewing and Copying Files Using Your Web Browser To view and copy files from the access point using your web browser 1. Click View the file system direct ory fro m this device using your browser. The File System Directory screen appears.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 295 Transferring Files to and from a TFTP Server To transfer files to and fr om a TFTP server 1. Click Transfer files to or from this device using the TFTP client. The TFTP Client screen appears.
Chapter 9: Additi onal Access Point Fe atures 296 Starting or Stopping the TFTP Server To start or stop the TFTP server 1. Click Start or stop the TFTP se rver. The TFTP Server screen appears. 2. Click Stop Server to stop the TFT P server. Or click Start Server to start the TFTP server.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 297 2. In the Server IP Address field, ty pe the IP address of a n active TFTP server from which the software downl oad script file will be retrieved. 3. In the Script File Name field, type the name of a file on the TFTP server that contains the commands that de fine the download process.
298 Appendix A Specifications This appendix contains AT-WA7500 and AT-WA7501 specifications for reference purposes only. Actual product performance and compliance with local telecommunications regulatio ns may vary from country to country. Allied Telesyn only ships products that are type approved in the destination cou ntry.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 299 AT-7500 Access Point T able 80. A T -7500 T echnical S pecifications Dimensions H x L x W 4.
Appendix A: Specifica tions 300 AT-7501 Access Point T able 81. A T -7501 T echnical S pecifications Dimensions H x L x W 9.5 cm x 35.0 cm x 2 3.6 cm (3.8 in x 14.0 in x 5.8 in) Weight 2.63 kg (5. 8 lb) AC electrical rating S tandard: ~100 to 240V , 1.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 301 Serial port maximum dat a rate 1 15,200 bps Management interfaces W eb browser-bas ed manager , text-based menu system, serial port, T elnet, SNMP SNMP agent RFC 1213 (MIB-2), RFC 1398 (dot3), RFC 1493 (Bridge), 802.
Appendix A: Specifica tions 302 Radio Specifications IEEE 802.11g IEEE 802.11b T able 82. IEEE 802.1 1g Radio T echnical S pecifications Frequency band 2.4 to 2.5 GHz worldwide T y pe Direct sequence, spread spectrum Modulation Direct sequence, spread spectrum (CCK, DQPSK, DBPSK) Power output 63 mW (18 dBm) Basic data ra te 1 1, 5.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 303 IEEE 802.11a Channels 1 1 (North America), 13 (Europe), 4 (France), 14 (Japan). 1 (Israel) Range (1 1 Mbps) 160 m (525 ft) open en vironmen.
Appendix A: Specifica tions 304 Range (depending on environment) 248 m (813.7 f t) 6 Mbps 240 m (787.4 f t) 12 Mbps 175 m (574.2 f t) 18 Mbps 132 m (433.1 f t) 24 Mbps 56 m (183.7 f t) 36 Mbps 37 m (121.4 f t) 48 Mbps 19 m (62.3 f t) 54 Mbps Receiver sensitivity (54 Mbps) -68 dBm T able 84.
305 Appendix B Default Settings This appendix provides factory defaul ts for ref erence purposes only. The factory default sett ings for the access points are listed in this section. You can record the settings for your installation in each table for reference.
Appendix B: Default Settin gs 306 TCP/IP Settings Menu Defaults T able 85. TCP/IP Settings Menu Defaults Parameter Name Range Default Y our Site? IP Address 4 nodes, 0 to 255 or DNS name 0.0.0.0 IP Subnet Mask 4 nodes, 0 to 255 255.255.255.0 IP Router (Gateway ) 4 nodes, 0 to 255 0.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 307 DHCP for Access Point Network Use Any Available DHCP Server , Only Use Access Point DHCP Server Use Any Availa ble DHCP Server Auto ARP Minutes 0 to 120 5 T able 85.
Appendix B: Default Settin gs 308 DHCP Server Setup Menu Defaults T able 86. DHCP Server Setup Menu Default s Parameter Name Range Default Y our Site? Low Address 4 nodes, 0 to 255 10.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 309 IEEE 802.11g Radio Menu Defaults T able 87. 802.1 1g Radio Menu Default s Parameter Name Range Default Y our Site? Frequency Channel 1 to 1.
Appendix B: Default Settin gs 310 Antenna Control T wo Antennas/ One Antenna One Antenna Mixed Mode Performance Optimize Mixed (802.1 1b and 802.1 1g), Optimize for 802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 311 IEEE 802.11b Radio Menu Defaults T able 88. 802.1 1b Radio Menu Default s Parameter Name Range Default Y our Site? Node T y pe Master , S t.
Appendix B: Default Settin gs 312 Enable Medium Density Distribution Check/Clear Clear Data/Voice Settings Data T raffic Only , Data a nd Sp e c t r a L i n k Tr a f f i c , Sp e c t r a L i n k Tr a .
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 313 IEEE 802.11a Radio Menu Defaults T able 89. 802.1 1a Radio Menu Default s Parameter Name Range Default Y our Site? Frequency Dynamic, 36, 4.
Appendix B: Default Settin gs 314 Reservation Threshold (2347 to Disable) 1 to 65535 2347 Fragmentation Threshold 256 to 2346 2346 Disallow Network Name of ‘ANY’ Check/Clear Clear Beacon Period 20.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 315 Spanning Tree Settings Menu Defaults T able 90. S panning T ree Setting Menu Default s Parameter Name Range Default Y our Site? AP Name 0 t.
Appendix B: Default Settin gs 316 Global Flooding Menu Defaults T able 91. Global Flooding Menu Default s Parameter Name Range Default Y our Site? Multicast Flooding Universal , Hierarchical, Disabled.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 317 Global RF Parameters Menu Defaults T able 92. Global RF Parameters Menu Defaults Parameter Name Range Default Y our Site? Perform RFC1042/D.
Appendix B: Default Settin gs 318 3 through 20 T wo sets of hexadecimal pair s 00 through FF . 00 00 T able 92. Global RF Parameters Menu Default s Parameter Name Range Default Y our Site?.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 319 Telnet Gateway Configuration Menu Defaults T able 93. T e lnet Gateway Configuration Menu Default s Parameter Name Range Default Y our Site.
Appendix B: Default Settin gs 320 Ethernet Configuration Menu Defaults T able 94. Ethernet Configuration Menu Default s Parameter Name Range Default Y our Site? Port T ype 10/100 Mb T wisted- Pair 100.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 321 Ethernet Advanced Filters Menu Defaults T able 95. Ethernet Advanced Filters Menu Default s Parameter Name Range Default Y our Site? Custom.
Appendix B: Default Settin gs 322 IP Tunnels Menu Defaults Tunnels Filter Menu Defaults T able 96. IP T unnels Menu Defaults Parameter Name Range Default Y our Site? Mode Listen, Originate If Root, Disabled Listen Enable IGMP (Appears if Mode is Listen) Check/Clear Clear Multicast Address (Appears if Enable IGMP is checked) 4 nodes, 0 to 255 224.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 323 SubType DIX-IP-TCP-Port, DIX-IP-UDP-Port, DIX-IP-Protocol, DIX-IPX-Socket, DIX-EtherT ype, SNAP-IP-TCP- Port, SNAP -IP-UDP- Port, SNAP -IP-Protocol, SNAP -IPX-Socket, SNAP -EtherT ype, 802.3-IPX-Socket, 802.
Appendix B: Default Settin gs 324 Network Management Menu Defaults Instant On Menu Defaults T able 98. Network Management Menu Default s Parameter Name Range Default Y our Site? SNMP Read Community 1 .
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 325 Security Menu Defaults Passwords Menu Defaults T able 100. Security Menu Defaults Parameter Name Range Default Y our Site? Browser Access S.
Appendix B: Default Settin gs 326 IEEE 802.11 (g, b or a) Radio Security Menu Defaults Password 1 to 32 characters (Not case sensitive ) atilan Read Only Password 1 to 32 characters (Not case sensitive ) (blank) Allow Service Password Check/Clear Check T able 101.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 327 If Security Level is S tatic WEP WEP Transmit Key 1, 2, 3, or 4 1 WEP Key 1 to 4 5 ASCII characters (or hex pairs) to 16 ACSII characters (or hex pairs) 8021 1 If Security Level is Dynamic WEP/802.
Appendix B: Default Settin gs 328 RADIUS Server List Menu Defaults Spanning Tree Security Menu Defaults T able 103. RADIUS Server List Menu Defaults Parameter Name Range Default Y our Site? IP Address/ DNS name 4 nodes, 0 to 255 or DNS name 0.0.0.0 Secret Key 16 to 32 bytes (factory def ault) Port 1-65535 Recommended range is 49152-65535 1812 802.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 329 Embedded Authentication Server Menu Defaults Password 1 to 31 characters anonymous Verify CA Certificate Check/Clea r Clear T able 104. S panning T ree Security Menu Defaults Parameter Name Range Default Y our Site? T able 105.
330 Appendix C Glossary ARP (Address Resolution Protocol) cache A table that stores IP addresses and their corresponding MAC addresses. The access point maintains an ARP cache and can act as an ARP server. BFSK (Binary Frequency Shift Key) A broadcasting method that len gthens the range but halves the throughput as compared to the QFSK method.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 331 To enable data link tunneling, disab le Ethernet bridging. designated bridge Also called a secondary LAN b ridge. An access point that is assigned the role of bridging frames destined for or received from a secondary LAN.
Appendix C: Glossary 332 Ethernet bridging When an access point receives wireless traffic and the destination address is known, it forwards frames to the port with the shortest path t o the destination address.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 333 IGMP (Internet Group Management Protocol) A standard protocol that lets you originate multiple IP tunnels using one IP multicast address. IGMP allows IP mult icast frames to be routed to remote IP subnets that have hosts participati ng in the multicast group.
Appendix C: Glossary 334 activity. The MIB for the access point is available from the Allied Telesyn web site at www.alliedtelesyn.com. multicast address A form of broadcast address throug h which copies of the frame are delivered to a subset of all possi ble destinations that have a common multicast address.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 335 point-to-point bridge See also wireless bridg e. A bridge that connects two wired networks wit h similar architectures.
Appendix C: Glossary 336 root port The access point port that provides the inbou nd connection to the spanning tree. The root port provide s a link to a parent access point. Note that a root access point does not have a root port. root IP subnet Also called the home IP subnet and primary LAN.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 337 with the MIB to obtain information about network act ivity. spanning tree A form of network organization in wh ich each device on the network has only one path to the root.
Appendix C: Glossary 338 to the home subnet of the end device. If the end device has roamed to another subnet, the frame must be forwarded to the remote subnet where the end device currently resides. unicast address A unique Ethernet address assigne d to a single device on the n etwork.
AT-WA7500 and AT-WA7501 Installation and User ’s Guide 339 WPA (Wi-Fi Protected Access) A feature that can be implemented in the 802.11g, 802.11b, and 802. 11a radios for security in a wireless net work. WPA is a strongly enhanced, interoperable Wi-Fi security protocol that addresses man y of the vulnerabilities of WEP.
An important point after buying a device Allied Telesis AT-WA7500 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Allied Telesis AT-WA7500 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Allied Telesis AT-WA7500 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Allied Telesis AT-WA7500 you will learn all the available features of the product, as well as information on its operation. The information that you get Allied Telesis AT-WA7500 will certainly help you make a decision on the purchase.
If you already are a holder of Allied Telesis AT-WA7500, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Allied Telesis AT-WA7500.
However, one of the most important roles played by the user manual is to help in solving problems with Allied Telesis AT-WA7500. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Allied Telesis AT-WA7500 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center