Instruction/ maintenance manual of the product WAP-4060PE Planet
Go to page of 89
54/108 M bps Super G Wireless LAN M anaged Access Point WAP-4060PE User ’ s Manual.
ii Cop y right Copyright ã 2005 by PLANET Technology Corp. All rights reserved. No part of this publica- tion may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated .
iii R&TTE Compliance Statement This equipment complies w ith all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIA M ENT AND THE COUNCIL OF 9 M arch 1999 on radio equipment and teleco.
i T ABLE OF C ONTENTS CH A PTER 1 IN T RODUC T IO N ......................................................................... .1 1.1 Package Content s .......................................................................................... .1 1.2 S y stem Requirement s .
ii 4.6.2 802.1x Authentication Setu p ................................................................. . 49 4.7 Using 802.1x M ode ( w ithout WP A ) ............................................................. . 52 CH A PTER 5 OPER A T ION A ND S T A T U S .
1 Ch a pte r 1 I n trod uc tio n W AP-4060PE is an IEEE 802.11g W ireless Access Point w ith PoE. Catering to the enterprise demands, W AP-4060PE enhances security and management features, including multiple SSIDs, VLAN support, W PA support, RADIUS M AC authentication, rogue AP detection, and so on.
2 n Provide W indo w s-base utility, W eb, and CLI (Command Line Interface) Configuration n SN M P support 1.4 Ph y sical Details Front p anel S T A T US On - Error condition. Off - Nor m al operation. Blinking - During start up, and w hen the Fir m w are is being upgraded.
3 3. Continue holding the Reset Button until the Status (Red) LED blin k s T W ICE. 4. Release the Reset Button. T he f actor y de f ault con f iguration has no w been restored, and the W AP-4060PE is read y f or use. L A N (PoE) Use a standard LAN cable (RJ45 connectors) to connect this port to a 10Base T or 100Base T hub on y our LAN.
4 Management W eb based configuration RADIUS Accounting RADIUS-On feature RADIUS Accounting update CLI M essage Log Access Control list file support Configuration file Backup/Restore Statistics support Device discovery program W indo w s Utility Super G mode Up to 108 M bps 802.
5 M oreover, the original antenna of W AP-4060PE can be replaced w ith other e x ternal an- tennas to e x tend the coverage. Please check the specification of the antenna you w ant to use, and make sure it can be used on W AP-4060PE. 4. WL A N t y pe If W AP-4060PE is installed in an 802.
6 Ch a pte r 2 I n st a ll a tio n 2.1 General Installation Be f ore y ou proceed w ith the installation, it is necessar y that y ou have enough in f or m a- tion about the W AP-4060PE.
7 Ch a pte r 3 A cce ss Poi n t S e t u p 3.1 O v er v ie w T his chapter describes the setup procedure to m a k e the W AP-4060PE a valid device on y our LAN, and to f unction as an Access Point f or y our W ireless Stations. T he W AP-4060PE can be con f igured using either the supplied W indo w s utilit y or the W eb Bro w ser 3.
8 IP address The IP address for the W AP-4060PE. M A C A ddress The hard w are or physical address of the W AP-4060PE. IEEE Standard The w ireless standard or standards used by the W AP-4060PE (e.g. 802.11b, 802.11g) FW Version The current Firm w are version installed in the W AP-4060PE.
9 T hese are the de f ault values. T he pass w ord can and should be changed. Al w a y s enter the current user na m e and pass w ord, as set on the Admin Login screen. 4. Y ou w ill then see the Status screen, w hich displa y s the current settings and status.
10 3.4 A ccess Control T his f eature allo w s y ou to bloc k certain access f ro m un k no w n or distrusted w ireless stations. Clic k Access Control on the m enu to vie w a screen li k e the f ollo w ing. Data - A ccess Control Screen Enable Use this chec k box to Enable or Disable this f eature as desired.
11 Data - T rusted Wireless Stations T rusted Wireless Stations Here lists ass W ireless Stations w hich y ou have designated as “ T rusted ” . Other Wireless Stations Here lists all W ireless Stations detected b y the W AP-4060PE, w hich y ou have not designated as " T rusted".
12 A dd T o add a T rusted Station w hich is not in the "Other W ireless Stations" list, enter the required data and clic k this button. Clear Clear the Name and Address f ields. 3.5 Securit y Profiles Securit y Pro f iles contain the SSID and all the securit y settings o f this W AP-4060PE.
13 Data - Securit y Profiles Screen Profile Profile List All available pro f iles are listed. For each pro f ile, the f ollo w ing data is displa y ed: · * (star sign) I f displa y ed be f ore the na m e o f the pro f ile, this indicates the pro f ile is currentl y enabled.
14 802.11b/g Bridge M ode Select the pri m ar y pro f ile f or 802.11b and 802.11g Bridge Mode. T his setting deter m ines the SSID and securit y settings used f or the Bridge connection to the re m ote AP.
15 Data - VL A N Configuation Screen VL A N – Client T raffic Profile Each pro f ile is listed, w hether currentl y enabled or not. Y ou can assign tra ff ic f ro m each pro f ile (SSID) to a di ff erent VLAN i f de- sired. T o assign m ultiple pro f iles to the sa m e VLAN, just enter the sa m e VLAN ID f or each pro f ile.
16 Specified VL A N ID I f selected, y ou can enter the desired VLAN ID. Nor m all y , this ID should be one o f the client VLAN IDs de f ined above. 3.6 Configure Securit y Profile T his screen is displa y ed w hen y ou select a Pro f ile on the Securit y Pro f iles screen, and clic k the Configure button.
17 I f this option is selected: · T his W AP-4060PE m ust have a "client login" on the Radius Server. · Each user m ust have a "user login" on the Radius Server. · Each user's w ireless client m ust support 802.1x and provide the login data w hen required.
18 the Securit y page, or the Radius-based MAC authentication sub-screen, de- pending on the securit y m ethod used. · On the W AP-4060PE, enable the Radius-based MAC authentication f eature on the screen belo w . 6. Add Users on the Radius server as required.
19 WEP Ke y Index I f this f ield is visible, select the desired k e y index. An y value can be used, provided it m atches the value on the Radius Server. 3.6.5 U A M UAM (Universal Access Method) is intended f or use in Internet ca f es, Hot Spots, and other sites w here the W AP-4060PE is used to provide Internet Access.
20 · Ensure the W AP-4060PE has the correct address, port nu m ber, and shared k e y f or login to y our Radius Server. T hese para m eters are entered either on the Securit y page, or the UAM sub-screen, depending on the securit y m ethod used. 2. On y our W eb Server, create a suitable w elco m e page.
21 Data - U A M Screen Enable Enable this i f y ou w ant to use this f eature. See the section above f or details o f using UAM. Internal Web-based A uthentication I f selected, then w hen a user f irst tries to access the Internet, the y w ill be bloc k ed, and re-directed to the built-in login page.
22 Data - WEP Screen WEP Data Encr y ption Select the desired option, and ensure y our W ireless stations have the identical setting: · 64 Bit Encr y ption - Ke y s are 10 Hex (5 ASCII) characters. · 128 Bit Encr y ption - Ke y s are 26 Hex (13 ASCII) charac- ters.
23 Passphrase Use this to generate a k e y or k e y s, instead o f entering the m directl y . Enter a w ord or group o f printable characters in the Passphrase box and clic k the "Generate Ke y " button to auto- m aticall y con f igure the W EP Ke y (s).
24 · T KIP - Unicast (point-to-point) trans m issions are en- cr y pted using T KIP, and m ulticast (broadcast) trans m issions are not encr y pted. · T KIP + 64 bit WEP - Unicast (point-to-point) trans m is- sions are encr y pted using T KIP, and m ulticast (broadcast) trans m issions are encr y pted using 64 bit W EP.
25 Data - WP A -802.1x Screen WP A -802.1x Radius Ser v er A ddress Enter the na m e or IP address o f the Radius Server on y our net w or k . Radius Port Enter the port nu m ber used f or connections to the Radius Server.
26 WP A Encr y ption Select the desired option. Other W ireless Stations m ust use the sa m e m ethod. · T KIP - Unicast (point-to-point) trans m issions are en- cr y pted using T KIP, and m ulticast (broadcast) trans m issions are not encr y pted.
27 3.6.9 Securit y Settings - 802.1x T his uses the 802.1x standard f or client authentication, and W EP f or data encr y ption. I f possible, y ou should use W PA-802.
28 WEP Ke y Size Select the desired option: · 64 Bit - Ke y s are 10 Hex (5 ASCII) characters. · 128 Bit - Ke y s are 26 Hex (13 ASCII) characters. · 152 Bit - Ke y s are 32 Hex (16 ASCII) characters. D y namic WEP Ke y Clic k this i f y ou w ant the W EP k e y s to be auto m aticall y generated.
29 3.7 S y stem Screen Clic k S y ste m on the m enu to vie w a screen li k e the f ollo w ing. Data - S y stem Screen Identification A ccess Point Name Enter a suitable na m e f or this W AP-4060PE. Description I f desired, y ou can enter a description f or the W AP-4060PE.
30 WINS Enable WINS I f y our LAN has a W INS server, y ou can enable this to have this AP register w ith the W INS server. WINS Ser v er Name/IP A d- dress Enter the na m e or IP address o f y our W INS server. 3.8 2.4GHz Wireless T here are t w o con f iguration screens available: · Basic Settings · Advanced 3.
31 Data - Basic Settings Screen Operation Wireless M ode Select the desired option: · Disable - select this i f f or so m e reason y ou do not w ant this AP to trans m it or receive at all. · 802.11b and 802.11g - this is the de f ault setting, and w ill allo w connections b y both 802.
32 A P M ode Both Bridge m ode and AP m ode can be used si m ultaneousl y , unless AP m ode is "Client/Repeater". Select the desired AP m ode: · None (disable) - Disable AP m ode. Use this i f y ou w ant this W AP-4060PE to act as Bridge onl y .
33 In P TM P mode, onl y allo w specified A Ps T his is onl y f unctional i f using Point-to-Multi-Point Bridge (P T MP) m ode. I f enabled, y ou can speci f y the MAC addresses o f the APs w hich are allo w ed to connect to this AP. T o speci f y the allo w ed APs: 1.
34 Data - A d v anced Settings Screen Basic Rate Basic Rate T he Basic Rate is used f or broadcasting. It does not deter m ine the data trans m ission rate, w hich is deter m ined b y the "Mode" setting on the Basic screen. Select the desired option.
35 R T S/C T S T hreshold Enter the pre f erred setting bet w een 256 and 2346. Nor- m all y , this can be le f t at the de f ault value. Preamble T y pe Select the desired option. T he de f ault is "Long". T he "Short" setting ta k es less ti m e w hen used in a good envi- ron m ent.
36 Ch a pte r 4 P C an d S e rv e r C o n fig u r a tio n 4.1 O v er v ie w All W ireless Stations need to have settings w hich m atch the W ireless Access Point.
37 Securit y · T he Pre-shared Key entered on the W AP-4060PE m ust also be entered on each W ireless client. · T he Encr y ption m ethod (e.g. T KIP, AES) m ust be set to m atch the W AP-4060PE. 4.4 Using WP A -802.1x T his is the m ost secure and m ost co m plex s y ste m .
38 · dhcpd · dns · rras · w ebserver (IIS) · Radius Server (Internet Authentication Service) · Certi f icate Authorit y 4.5.1 Windo w s 2000 Domain Controller Setup 1. Run dcpromo.exe f ro m the co mm and pro m pt. 2. Follo w all o f the de f ault pro m pts, ensure that DNS is installed and enabled during installation.
39 6. Enter the in f or m ation f or the Certi f icate Authorit y , and clic k Next . 7. Clic k Next i f y ou don't w ant to change the CA's con f iguration data. 8. Installation w ill w arn y ou that Internet In f or m ation Services are running, and m ust be stopped be f ore continuing.
40 3. Clic k Next w hen the Ne w Scope W i z ard Begins. 4. Enter the na m e and description f or the scope, clic k Next . 5. De f ine the IP address range. Change the subnet m as k i f necessar y . Clic k Next . 6. Add exclusions in the address f ields i f required.
41 11. I f y ou don't w ant a W INS server, just clic k Next . 12. Select Yes, I want to activate this scope now . Clic k Next , then Finish . 13. Right-clic k on the server, and select Authori ze . It m a y ta k e a f e w m inutes to co m- plete.
42 4. Select Start - Programs - Administrative Tools - Active Directory Users and Com- puters . 5. Right-clic k on y our active director y do m ain, and select Properties. 6. Select the Group Policy tab, choose Default Domain Policy then clic k Edit .
43 7. Select Computer Configuration - W indows Settings - Security Settings - Public Key Policies , right-clic k Automatic Certificate Request Settings - New - Automatic Cer- tificate Request . 8. W hen the Certi f icate Request W i z ard appears, clic k Next .
44 10. Ensure that y our certi f icate authorit y is chec k ed, then clic k Next . 11. Revie w the polic y change in f or m ation and clic k Finish . 12. Clic k Start - Run , t y pe cmd and press enter. Enter secedit /refreshpolicy machine_policy T his co mm and m a y ta k e a f e w m inutes to ta k e e ff ect.
45 9. Clic k Permitted , then OK . Select Next . 10. Select Grant remote access permission . Clic k Next . 11. Clic k Edit Profile... and select the Authentication tab. Enable Extensible Authenti- cation Protocol , and select Smart Card or other Certificate .
46 3. Select the Dial-in tab, and enable Allow access . Clic k OK . 4.6 802.1x Client Setup on Windo w s XP W indo w s XP ships w ith a co m plete 802.1x client i m ple m entation. I f using W indo w s 2000, y ou can install SP3 (Service Pac k 3) to gain the sa m e f unctionalit y .
47 4. On the f irst screen (belo w ), select Request a certificate , clic k Next . 5. Select User certificate request and select User Certificate , the clic k Next .
48 6. Clic k Submit . 7. A m essage w ill be displa y ed, then the certi f icate w ill be returned to y ou. Clic k Install this certificate ..
49 8. . Y ou w ill receive a con f ir m ation m essage. Clic k Yes . 9. Certi f icate setup is no w co m plete. 4.6.2 802.1x A uthentication Setup 1. Open the properties f or the w ireless connection, b y selecting Start - Control Panel - Network Connections.
50 Encr y ption Settings T he Encr y ption settings m ust m atch the APs ( W AP-4060PE) on the W ireless net w or k y ou w ant to join. · W indo w s XP w ill detect an y available W ireless net w or k s, and allo w y ou to con f ig- ure each net w or k independentl y .
51 2. Select the w ireless net w or k f ro m the Available Networks list, and clic k Configure . 3. Select and enter the correct values, as advised b y y our Net w or k Ad m inistrator.
52 4.7 Using 802.1x M ode ( w ithout WP A ) T he procedures are si m ilar to using W PA-802.1x. T he onl y di ff erence is that on y our client, y ou m ust NO T enable the setting: The key is provided for me automatically . Instead, y ou m ust enter the W EP k e y m anuall y , ensuring it m atches the W EP k e y used on the Access Point.
53 Ch a pte r 5 O p e r a tio n an d St a t u s 5.1 Operation Once both the W A P-4060PE and the PCs are configured, operation is automatic. Ho w ever, y ou m a y need to per f or m the f ollo w ing operations on a regular basis. · I f using the Access Control f eature, update the Trusted PC database as required.
54 Data - Status Screen A ccess Point A ccess Point Name T he current na m e w ill be displa y ed. M A C A ddress T he MAC (ph y sical) address o f the W AP-4060PE. Domain T he region or do m ain, as selected on the S y ste m screen. Firm w are Version T he version o f the f ir m w are currentl y installed.
55 5.3.1 Statistics Screen T his screen is displa y ed w hen the 2.4GH z Statistics button on the Status screen is clic k ed. It sho w s details o f the tra ff ic f lo w ing through the W AP-4060PE.
56 M ulticast Packets Nu m ber o f Broadcast pac k ets trans m itted to or received f ro m W ireless Stations, using Multicast trans m ission. M anagement Nu m ber o f Manage m ent pac k ets trans m itted to or received f ro m W ireless Stations. Control Nu m ber o f Control pac k ets trans m itted to or received f ro m W ireless Stations.
57 5.3.3 A cti v it y Log T his screen is displa y ed w hen the Log button on the Status screen is clic k ed. Data - A cti v it y Log Data Current T ime T he s y ste m date and ti m e is displa y ed. Log T he Log sho w s details o f the connections to the W AP- 4060PE.
58 5.3.4 Station List T his screen is displa y ed w hen the Stations button on the Status screen is clic k ed. Data - Station List Screen Station List Name T he na m e o f each W ireless Station is displa y ed. I f the na m e is not k no w n, "un k no w n" is displa y ed f or the na m e.
59 Ch a pte r 6 Mana g e m en t 6.1 O v er v ie w T his Chapter covers the f ollo w ing f eatures, available on the W AP-4060PE ’ s M anage- ment m enu. · Ad m in Login · Auto Con f ig/Update · Con f ig File · Log Settings · Rogue APs · SNMP · Upgrade Fir m w are 6.
60 Change A dmin Pass- w ord I f y ou w ish to change the Ad m in pass w ord, chec k this f ield and enter the ne w login pass w ord in the f ields belo w . Ne w Pass w ord Enter the desired login pass w ord. Repeat Ne w Pass w ord Re-enter the desired login pass w ord.
61 Data - A uto Config/Update Screen A dmin Connections Perform A uto Configuration on this A P next restart I f chec k ed, this AP w ill per f or m Auto Con f iguration the next ti m e it restarts. · T he w ired LAN (NO T the W ireless LAN) w ill be searched f or co m patible APs.
62 Pro v ide "Respond to A uto-configuration" setting I f enabled, the "Respond to Auto-con f iguration" setting on this AP is supplied to the AP m a k ing the Auto- con f iguration request. I f disabled, the AP m a k ing the Auto-con f iguration request w ill k eep its existing setting.
63 Data - Config File Screen Backup Sa v e a cop y of current settings Once y ou have the W AP-4060PE w or k ing properl y , y ou should bac k up the settings to a f ile on y our co m puter. Y ou can later restore the settings f ro m this f ile, i f necessar y .
64 6.5 Log Settings (S y slog) I f y ou have a log server on y our LAN, this screen allo w s y ou to con f igure the W AP- 4060PE to send log data to y our log server. Data - Log Settings Screen S y slog Ser v er Select the desired Option: · Disable - S y slog server is not used.
65 Data - Rogue A P Screen Enable Detection Enable Detection T o use this f eature, enable the "Enable Rogue AP De- tection" chec k box, and select the desired w ireless band and ti m e interval. Scan Select the desired W ireless band to scan to Rogue APs and enter the desired ti m e interval bet w een each scan.
66 Data - SNMP Screen General Enable SN M P Use this to enable or disable SNMP as required Communit y Enter the co mm unit y string, usuall y either "Public" or "Private". A ccess Rights Select the desired option: · Read-onl y - Data can be read, but not changed.
67 6.8 Upgrade Firm w are T he fir mw are (soft w are) in the Wireless A ccess P oint can be upgraded using y our Web Bro w ser. You m ust first do w nload the upgrade file, and then select Upgrade Firmware in the M anage- m ent section of the m enu. You w ill see a screen like the follo w ing.
68 Append i x A Sp ec ifi ca tio n s M odel W AP-4060PE Standard IEEE 802.11b, 802.11g Signal Type DSSS (Direct Sequence Spread Spectrum) M odulation OFD M w ith BPSK, QPSK, 16QA M , 64QA M , DBPSK, DQPSK, CCK Port 10/100 M bps RJ-45 port * 1, 802.3af compliant Antenna Connector Reverse S M A male * 1 Output Po w er 18dBm 802.
69 M anagement W eb based configuration RADIUS Accounting RADIUS-On feature RADIUS Accounting update CLI M essage Log Access Control list file support Configuration file Backup/Restore Statistics support Device discovery program W indo w s Utility Super G mode Up to 108 M bps 802.
70 Append i x B T ro u bl e s h ooti n g Problem 1: Can't connect to the W A P-4060PE to configure it. Solution 1: Chec k the f ollo w ing: · T he W AP-4060PE is properl y installed, LAN connections are OK, and it is po w ered ON. Chec k the LEDs f or port status.
71 Append i x C C omm an d Li ne I n t e rf ace I f desired, the Co mm and Line Inter f ace (CLI) can be used f or con f iguration. T his creates the possibilit y o f creating scripts to per f or m co mm on con f iguration changes.
72 4. Use the “ Connect ” co mm and to start the connection. 5. Y ou w ill be pro m pted f or a user na m e and pass w ord. Enter the current user na m e and pass w ord f or the AP y ou are connecting to. T he de f ault values are admin f or the User Na m e, and pass w ord f or the Pass w ord.
73 get 11gonl y Displa y 11g Onl y Allo w ed get 11gopti m i z e Displa y 11g Opti m i z ation Level get 11goverlapbss Displa y Overlapping BSS Protection get acl Displa y Access Control List get agin.
74 get ctst y pe Displa y C T S t y pe get do m ainsu ff ix Displa y Do m ain Na m e Server su ff ix get dti m Displa y Data Beacon Rate (D T IM) get enableANI Displa y Adaptive Noise I mm unit y Cont.
75 get overRidetxpo w er Displa y T x po w er override get operationMode Displa y Operation Mode get po w er Displa y T rans m it Po w er Setting get quietAc k CtsAllow Displa y i f Ac k /Cts f ra m e.
76 get w ds Displa y W DS Mode get w ep Displa y Encr y ption Mode get w ireless m ode Displa y W ireless LAN Mode get 80211d Displa y 802.11d m ode get http Displa y http Enable/Disable get HttpPort .
77 get f tpLogin Displa y F T P Login Na m e get f tpPass w ord Displa y F T P Pass w ord get activeCurrentPro- f ile Displa y active Current Pro f ile get pro f ileNa m e Displa y Pro f ile Na m e ge.
78 get trapRecvIp Displa y T rap Receiver IP get w dsMacList Displa y W DS Mac Address List get enable W ireless- Client Displa y W ireless Client Enable/Disable get isolation T y pe Displa y Isolatio.
79 set authentication Set Authentication T y pe set autochannelse- lect Set Auto Channel Selection set basic11b Set Use o f Basic 11b Rates set basic11g Set Use o f Basic 11g Rates set beaconinterval .
80 set f rag m entthresh- old Set Frag m ent T hreshold set f requenc y Set Radio Frequenc y (MH z ) set gate w a y Set Gate w a y IP Address set gbeaconrate Set 11g Beacon Rate set group k e y update Set Group Ke y Update Interval (in Seconds) set gdra f t5 Set 11g Dra f t 5.
81 set radiusport Set RADIUS port nu m ber set radiussecret Set RADIUS shared secret set rate Set Data Rate set rate Set Data Rate set rate Set Data Rate set rate Set Data Rate set rate Set Data Rate .
82 set w ireless m ode Set W ireless LAN Mode set 80211d Set 802.11d m ode set http Set http Enable/Disable set HttpPort Set http port nu m ber set https Set https Enable/Disable set HttpsPort Set htt.
83 set activeCurrentPro- f ile Set active Current Pro f ile set pro f ileNa m e Set Pro f ile Na m e set pro f ileVlanId Set Pro f ile Vlan Id set APPri m ar y Pro f ile Set AP's Pri m ar y Pro f.
84 set dhcpMode Set Dhcp Mode set w dsMacList Set W DS Mac Address List set enable W ireless- Client Set W ireless Client Enable/Disable set isolation T y pe Set Isolation T y pe set w insEnable Set W.
An important point after buying a device Planet WAP-4060PE (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Planet WAP-4060PE yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Planet WAP-4060PE - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Planet WAP-4060PE you will learn all the available features of the product, as well as information on its operation. The information that you get Planet WAP-4060PE will certainly help you make a decision on the purchase.
If you already are a holder of Planet WAP-4060PE, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Planet WAP-4060PE.
However, one of the most important roles played by the user manual is to help in solving problems with Planet WAP-4060PE. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Planet WAP-4060PE along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
