nms user manual...en-series wireless access point in ap controller mode or 50 aps can be managed...
TRANSCRIPT
NMS USER MANUAL WAP-EN Series Wireless Access Points
Version 1.2, June 2017
2
Copyright
Copyright©2017ComtrendCorporation.Allrightsreserved.TheinformationcontainedhereinisproprietarytoComtrendCorporation.Nopartofthisdocumentmaybetranslated,transcribed,reproduced,inanyform,orbyanymeanswithoutthepriorwrittenconsentofComtrendCorporation.
Thisprogramisfreesoftware:youcanredistributeitand/ormodifyitunderthetermsoftheGNUGeneralPublicLicenseaspublishedbytheFreeSoftwareFoundation,eitherversion3oftheLicense,or(atyouroption)anylaterversion.
Thisprogramisdistributedinthehopethatitwillbeuseful,butWITHOUTANYWARRANTY;withouteventheimpliedwarrantyofMERCHANTABILITYorFITNESSFORAPARTICULARPURPOSE.SeetheGNUGeneralPublicLicenseformoredetails.
YoushouldhavereceivedacopyoftheGNUGeneralPublicLicensealongwiththisprogram.Ifnot,seehttp://www.gnu.org/licenses/ NOTE: Thisdocumentissubjecttochangewithoutnotice.
3
I.ProductInformationTheNetworkManagementSuite(NMS)supportsthecentralmanagementofagroupofaccesspoints,otherwiseknownasanAPArray.NMScanbeinstalledononeaccesspointandsupportupto5accesspointsoronaWirelessLANController(WLC)andsupportupto50accesspoints. Accesspointscanbedeployedandconfiguredaccordingtoyourrequirements. Thisflexibilitycreatesapowerfulnetworkarchitecturewhichcanbeeasilymanagedandexpandedinthefuture.TheeasytouseinterfaceandafullrangeoffunctionalitymaketheNMSsystemidealforsmallandmid-sizedofficeenvironments.
4
Table of Contents I.ProductInformation............................................................................................................................................3II.QuickSetup..............................................................................................................................................................7
III.SoftwareLayout..............................................................................................................................................10
IV.Features...........................................................................................................................................................15IV-1. LOGIN,LOGOUT&RESTART..........................................................................................................................15IV-2. DASHBOARD..................................................................................................................................................17IV-2-1. SystemInformation....................................................................................................................................18IV-2-2. DevicesInformation...................................................................................................................................18IV-2-3. ManagedAP...............................................................................................................................................19IV-2-4. ManagedAPGroup....................................................................................................................................20IV-2-5. ActiveClients..............................................................................................................................................21IV-2-6. ActiveUsers...............................................................................................................................................21IV-3. ZONEPLAN....................................................................................................................................................22IV-4. NMSMONITOR..............................................................................................................................................24IV-4-1. AccessPoint...............................................................................................................................................24IV-4-1-1. ManagedAP............................................................................................................................................24IV-4-1-2. ManagedAPGroup.................................................................................................................................26IV-4-2. WLAN.........................................................................................................................................................28IV-4-2-1. ActiveWLAN...........................................................................................................................................28IV-4-2-2. ActiveWLANGroup................................................................................................................................29IV-4-3. Clients.........................................................................................................................................................29IV-4-3-1. ActiveClients...........................................................................................................................................29IV-4-4. Users.........................................................................................................................................................30IV-4-4-1. ActiveUsers.........................................................................................................................................30IV-4-4-2. UsersLog................................................................................................................................................30IV-4-5. RogueDevices..........................................................................................................................................31IV-4-6. Information..............................................................................................................................................32IV-4-6-1. AllEvents/Activities................................................................................................................................32IV-4-6-2. APMonitoring........................................................................................................................................32IV-4-6-3.SSIDOverview............................................................................................................................................33 .................................................................................................................................................................................34IV-5. NMSSettings.................................................................................................................................................35IV-5-1. AccessPoint...............................................................................................................................................35IV-5-2. WLAN.........................................................................................................................................................46IV-5-3. RADIUS.......................................................................................................................................................50IV-5-4. AccessControl............................................................................................................................................56IV-5-5. GuestNetwork...........................................................................................................................................59
5
IV-5-6. Users..........................................................................................................................................................62IV-5-7-1. Add/EditGuestPortal..............................................................................................................................66IV-5-7-1-1.FrontDeskURL........................................................................................................................................67IV-5-7-1-2. FrontDeskPrintout..............................................................................................................................69IV-5-7-1-3.GuestPortalType....................................................................................................................................70IV-5-7-1-4.GuestPortalCustomization.....................................................................................................................71IV-5-9. Schedule....................................................................................................................................................74IV-5-10. SmartRoaming........................................................................................................................................76IV-5-11. DeviceMonitoring...................................................................................................................................78IV-5-12. FirmwareUpgrade...................................................................................................................................79IV-5-13. Advanced..................................................................................................................................................80IV-5-13-1. SystemSecurity....................................................................................................................................80V-5-13-2. Date&Time..........................................................................................................................................80V-5-13-3. SystemAccounts...................................................................................................................................81IV-6. LocalNetwork................................................................................................................................................83IV-6-1. NetworkSettings........................................................................................................................................83IV-6-1-1. LAN-SideIPAddress................................................................................................................................83IV-6-1-2. LANPortSettings....................................................................................................................................86IV-6-1-3. VLAN........................................................................................................................................................87IV-6-2. 2.4GHz11bgn(NotavailableontheWLC-6404)........................................................................................88IV-6-2-1. Basic........................................................................................................................................................88IV-6-2-2. Advanced................................................................................................................................................89IV-6-2-3. Security...................................................................................................................................................91IV-6-2-3-1. NoAuthentication..............................................................................................................................92IV-6-2-3-2. WEP....................................................................................................................................................92IV-6-2-3-3. IEEE802.1x/EAP..................................................................................................................................93IV-6-2-3-4. WPA-PSK............................................................................................................................................93IV-6-2-3-5. WPA-EAP............................................................................................................................................93IV-6-2-3-6. AdditionalAuthentication..................................................................................................................94IV-6-2-4. WDS.........................................................................................................................................................95IV-6-3. 5GHz11ac11an(NotavailableontheWLC-6404)..................................................................................97IV-6-3-1. Basic........................................................................................................................................................97IV-6-3-2. Advanced................................................................................................................................................99IV-6-3-3. Security.................................................................................................................................................100IV-6-3-4. WDS.......................................................................................................................................................102IV-6-4. WPS(NotavailableontheWLC-6404).....................................................................................................103IV-6-5. RADIUS(NotavailableontheWLC-6404)................................................................................................104IV-6-5-1. RADIUSSettings....................................................................................................................................106IV-6-5-2. InternalServer......................................................................................................................................107IV-6-5-3. RADIUSAccounts..................................................................................................................................109IV-6-6. MACFilter(NotavailableontheWLC-6404)...........................................................................................111
6
IV-6-7. WMM(NotavailableontheWLC-6404)..................................................................................................113IV-6-8. InternalServer..........................................................................................................................................114IV-6-8-1. InternalRADIUSServer.........................................................................................................................114IV-6-8-2. RADIUSAccounts..................................................................................................................................116IV-6-9. Schedule...................................................................................................................................................117IV-7. LocalSettings...............................................................................................................................................118IV-7-1. OperationMode(NotavailableontheWLC-6404)..................................................................................118IV-7-2. SystemSettings........................................................................................................................................118IV-7-2-1. SystemInformation...............................................................................................................................118IV-7-2-2. WirelessClients(NotavailableontheWLC-6404)................................................................................121IV-7-2-3. WirelessMonitor(NotavailableontheWLC-6404).............................................................................122IV-7-2-4. Log.........................................................................................................................................................123IV-7-3. Management............................................................................................................................................125IV-7-3-1. Admin..................................................................................................................................................125IV-7-3-2. DateandTime.....................................................................................................................................127IV-7-3-3. SyslogServer.......................................................................................................................................128IV-7-3-4. I’mHere..............................................................................................................................................129IV-7-4. Advanced..................................................................................................................................................130IV-7-4-1. LEDSettings...........................................................................................................................................130IV-7-4-2. UpdateFirmware................................................................................................................................130IV-7-4-3. Save/RestoreSettings.........................................................................................................................132IV-7-4-4. FactoryDefault....................................................................................................................................133IV-7-4-5. Reboot.................................................................................................................................................133IV-8. Toolbox........................................................................................................................................................134IV-8-1. NetworkConnectivity.............................................................................................................................134IV-8-1-1. Ping.....................................................................................................................................................134IV-8-1-2. TraceRoute.........................................................................................................................................134
V.BestPractice...................................................................................................................................................135HowtoCreateandLinkWLAN&AccessPointGroups...........................................................................................135
7
II.QuickSetupOnedeviceisdesignatedastheAPController(master)andotherconnectedAPsaredesignatedasManagedAPs(slaves).UsingtheNMSyoucanmonitor,configureandmanageallManagedAPs.Upto5APscanbemanagedfromanEN-SeriesWirelessAccessPointinAPControllerModeor50APscanbemanagedfromadedicatedWLC-6404WirelessAccessPointController.Followthestepsbelow:1. ConnectallAPstoanEthernetorPoEswitchwhichisconnectedtoa
gateway/router.
YoucanuseyourrouterasaDHCPserveroryoucanlaterconfigureyourAPControllerasaDHCPserver.
2. EnsureallAPsarepoweredonandchecktheLEDstatus.
8
3. ConnecttheAPController,whichwillmanageallotherconnectedAPs,topowerandturnthedeviceon.
4. ConnectacomputertotheAPControllerusinganEthernetcable. 5. OpenawebbrowserandentertheAPController’sIPaddressinthe
addressfield.ThedefaultIPaddressislistedintheUserManualforyourcontroller. Typicallyitiseither192.168.2.1or192.168.2.2.
DHCPisenabledontheaccesspointbydefault.ConsulttheDHCPTableofyournetworkfortheController’sIPAddress.IfnoDHCPServiceisfound,theaccesspointwilldefaulttothedefaultIPaddresslistedintheUserManual.TypicaldefaultIPaddressesareeither192.168.2.1or192.168.2.2.Yourcomputer’sIPaddressmustbeinthesamesubnetastheAPController. 192.168.2.10isbeingusedinthisexample.
6. Entertheusername&passwordtologin.Thedefaultusername&
passwordareadmin&1234respectively.
9
7. IfusinganEN-SeriesAPasacontroller,youwillarriveattheAccessPointInformationscreen. Goto!“OperationMode”andselect“APControllerMode”fromthedropdownmenutoinitiateControllerMode.
8. Click“Apply”tosavethesettings.
9. YourControllerAP&ManagedAPsshouldbefullyfunctional.Usethetop
menutonavigatearoundtheNMS.
UseLocalNetwork&LocalSettingstoconfigureyourControllerAP.UseDashboard,ZonePlan,NMSMonitor&NMSSettingstoconfigureManagedAPs.UseToolboxtodiagnoseconnectionissues.
10
III.SoftwareLayoutThetopmenufeatures7panels:Dashboard,ZonePlan,NMSMonitor,NMSSettings,LocalNetwork,LocalSettings&Toolbox.
Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfigurationanddevicebeingusedasacontroller.
Dashboard
TheDashboardpaneldisplaysanoverviewofyournetworkandkeysysteminformation,withquicklinkstoaccessconfigurationoptionsforManagedAPsandManagedAPgroups.Eachpanelcanberefreshed,collapsedormovedaccordingtoyourpreference. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)
11
ZonePlan
ZonePlandisplaysacustomizablelivemapofManagedAPsforavisualrepresentationofyournetworkcoverage.EachAPiconcanbemovedaroundthemap,andabackgroundimagecanbeuploadedforuser-definedlocationprofilesusingNMSSettings! ZoneEdit.OptionscanbeconfiguredusingthemenuontherightsideandsignalstrengthisdisplayedforeachAP. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)
NMSMonitor
TheNMSMonitorpanelprovidesmoredetailedmonitoringinformationabouttheAPArraythanfoundontheDashboard,groupedaccordingtocategoriesinthemenudowntheleftside. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)
12
NMSSettings
NMSSettingsprovidesextensiveconfigurationoptionsfortheAPArray.Youcanmanageeachaccesspoint,assignaccesspointsintogroups,manageWLAN,RADIUSaswellasupgradefirmwareacrossmultipleaccesspoints.TheZonePlancanalsobeconfiguredusing“ZoneEdit”. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)
LocalNetwork
LocalNetworksettingsareforyourAPController.YoucanconfiguretheIPaddressandDHCPserveroftheAPControllerinadditionto2.4GHz&5GhzWi-Fiandsecurity,withWPS,RADIUSserver,MACfilteringandWMMsettings
13
alsoavailable. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)
LocalSettings
LocalSettingsareforyourAPController.Youcansettheoperationmodeandviewnetworksettings(clientsandlogs)specificallyfortheAPController,aswellasothermanagementsettingssuchasdate/time,adminaccounts,firmwareandreset. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)
14
Toolbox
TheToolboxpanelprovidesanetworkdiagnostictools:pingandtraceroute.
15
IV.FeaturesDescriptionsofthefunctionsofeachmainpanelDashboard,ZonePlan,NMSMonitor,NMSSettings,LocalNetwork,LocalSettings&Toolboxcanbefoundbelow. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.) WhenusingtheNMS,click“Apply”tosavechanges:
Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfiguration.
IV-1. LOGIN,LOGOUT&RESTART
ItisrecommendedthatyoulogintotheAPControllertomakeconfigurationchangestoManagedAPs.
LOGIN
1. ConnectacomputertothedesignatedAPControllerusinganEthernetcable:
2. OpenawebbrowserandentertheAPController’sIPaddressinthe
addressfield.ThedefaultIPaddressislistedintheUserManualforyourcontroller. Typicallyitiseither192.168.2.1or192.168.2.2.
Yourcomputer’sIPaddressmustbeinthesamesubnetastheAPController.RefertoV-1.ConfiguringyourIPAddressformorehelp.
DHCPisenabledontheaccesspointbydefault. ConsulttheDHCPTableofyournetworkfortheController’sIPAddress. IfnoDHCPServiceisfound,theaccesspointwilldefaulttothedefaultIPaddresslistedintheUserManual. TypicaldefaultIPaddressesareeither192.168.2.1or192.168.2.2.
16
IfusingaDHCPserveronthenetwork,itisadvisedtouseyourDHCPserver’ssettingstoassigntheAPControllerastaticIPaddress.
3. Entertheusername&passwordtologin.Thedefaultusername&
passwordareadmin&1234.RESTARTYoucanrestartyourAPControlleroranyManagedAPusingtheNMS.TorestartyourAPControllergotoLocalSettings! Advanced! Rebootandclick“Reboot”.TorestartManagedAPsclicktheRestarticonforthespecifiedAPontheDashboard:
17
IV-2. DASHBOARDThedashboarddisplaysanoverviewofyourAParray:
Usetheblueiconsabovetorefreshorcollapseeachpanelinthedashboard.Clickanddragtomoveapaneltosuityourpreference.Youcansetthedashboardtoauto-refreshevery1minute,30secondsordisableauto-refresh:
18
IV-2-1.SystemInformationSystemInformationdisplaysinformationabouttheAPController:ProductName(model),HostName,MACAddress,IPAddress,FirmwareVersion,SystemTime,Uptime,CPUUsageandMemoryUsage.
IV-2-2.DevicesInformationDevicesInformationisasummaryofthenumberofalldevicesinthelocalnetwork:AccessPoints,ClientsConnected,andRogue(unidentified)Devices.
19
IV-2-3.ManagedAP
ManagedAPdisplaysinformationabouteachManagedAPinthelocalnetwork:Index(referencenumber),MACAddress,DeviceName,Model,IPAddress,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccesspoint,andStatus(connected,connectingordisconnected).
ThesearchfunctioncanbeusedtolocateaspecificManagedAP.Typeinthesearchboxandthelistwillupdate:
TheStatusicondisplaysgrey(disconnected),yellow(connecting)orgreen(connected)foreachManagedAP.EachManagedAPhas“Action”iconswiththefollowingfunctions:
1. DisallowRemovetheManagedAPfromtheAParrayanddisableconnectivity.
2. EditEditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint).
3. BlinkLEDTheManagedAP’sLEDwillflashtemporarilytohelpidentify&locateaccesspoints.
4. BuzzerTheManagedAP’sbuzzerwillsoundtemporarilytohelpidentify&locateaccesspoints.
5. NetworkConnectivityGotothe“NetworkConnectivity”paneltoperformapingortraceroute.
6. RestartRestartstheManagedAP.
20
IV-2-4.ManagedAPGroupManagedAPscanbegroupedaccordingtoyourrequirements.ManagedAPGroupdisplaysinformationabouteachManagedAPgroupinthelocalnetwork:GroupName,MACAddress,DeviceName,Model,IPAddress,No.ofClientsconnectedtoeachaccesspoint,andStatus(connectedordisconnected).ToeditManagedAPGroupsgotoNMSSettings! AccessPoint(refertoIV-5-1.AccessPoint).
ThesearchfunctioncanbeusedtolocateaspecificManagedAPGroup.Typeinthesearchboxandthelistwillupdate:
TheStatusicondisplaysgrey(disconnected),yellow(connecting)orgreen(connected)foreachindividualManagedAP.EachManagedAPhas“Action”iconswiththefollowingfunctions:
1. DisallowRemovetheManagedAPfromtheAParrayanddisableconnectivity.
2. EditEditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint)
3. BlinkLED
TheManagedAP’sLEDwillflashtemporarilytohelpidentify&locateaccesspoints.
4. BuzzerTheManagedAP’sbuzzerwillsoundtemporarilytohelpidentify&locateaccesspoints.
5. NetworkConnectivityGotothe“NetworkConnectivity”paneltoperformapingortraceroute.
21
6. Restart
RestartstheManagedAP.
IV-2-5.ActiveClients
ActiveClientsdisplaysinformationabouteachclientinthelocalnetwork:Index(referencenumber),ClientMACAddress,DeviceName,Model,IPAddress,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccesspoint,andStatus(onoroff).
Thesearchfunctioncanbeusedtolocateaspecificclient.Typeinthesearchboxandthelistwillupdate:
IV-2-6.ActiveUsers
ActiveUsersdisplaysinformationabouteachuserinthelocalnetwork:Index(referencenumber),UserName,MACAddress,IPAddress,SSID,Creator,CreationTime,ExpireTime,UsagePercentage,Vendor,PlatformandAction.
Thesearchfunctioncanbeusedtolocateaspecificuser.Typeinthesearchboxandthelistwillupdate:
22
IV-3. ZONEPLANTheZonePlancanbefullycustomizedtomatchyournetworkenvironment.YoucanmovetheAPiconsandselectdifferentlocationimages(uploadlocationimagesinNMSSettings! ZoneEdit)tocreateavisualmapofyourAParray.
Usethemenuonthesidetomakeadjustmentsandmouse-overanAPiconinthezonemaptoseemoreinformation.ClickanAPiconinthezonemaptoselectitanddisplayactionicons.ClickanddraganAPicontomovetheiconaroundthezonemap.ThesignalstrengthforeachAPisdisplayedaccordingtothe“Signal”keyinthemenuontherightside:
Location Selectapre-definedlocationfromthedropdownmenu.WhenyouuploadalocationimageinNMSSettings! ZoneEdit,itwillbeavailableforselectionhere.
23
APGroup YoucanselectanAPGrouptodisplayinthezonemap.EditAPGroupsinNMSSettings! AccessPoint.
Search UsethesearchboxtoquicklylocateanAP.Radio UsethecheckboxestodisplayAPsaccording
to2.4GHzor5GHzwirelessradiofrequency. Signal Signalstrengthkeyforthesignalstrength
displayaroundeachAPinthezonemap.Zoom Usetheslidertoadjustthezoomlevelofthe
map.Transparency Usetheslidertoadjustthetransparencyof
locationimages.Scale Zonemapscale.Device/Number Displaysnumberandtypeofdevicesinthe
zonemap.
24
IV-4. NMSMONITORIV-4-1.AccessPoint
IV-4-1-1. ManagedAPDisplaysinformationabouteachManagedAPinthelocalnetwork:Index(referencenumber),MACAddress,DeviceName,Model,IPAddress,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccesspoint,andStatus(connected,connectingordisconnected).
ThesearchfunctioncanbeusedtolocateaspecificManagedAP.Typeinthesearchboxandthelistwillupdate:
TheStatusicondisplaysthestatusofeachManagedAP.StatusIcons
Icon Color Status Definition
Grey Disconnected
ManagedAPisdisconnected. CheckthenetworkconnectionandensuretheManagedAPisinthesameIPsubnetastheAPController.
Red
AuthenticationFailedOrIncompatibleNMSVersion
SystemsecuritymustbethesameforallaccesspointsintheAParray.Pleasechecksecuritysettings(refertoIV-5-12-1.SystemSecurity).AccesspointsmustusethesameversionofNMSastheController. UsetheAPController’sfirmwareupgradefunction(refertoIV-5-11.FirmwareUpgrade)tosynchronizetheNMSversion.
25
Orange ConfiguringorUpgrading
ManagedAPismakingconfigurationchangesorupgradingthefirmware.
Yellow Connecting ManagedAPisconnecting.
Green Connected ManagedAPisconnected.
Blue Waitingfor
Approval ManagedAPiswaitingforapproval.
EachManagedAPhas“Action”iconswiththefollowingfunctions:
1. DisallowRemovetheManagedAPfromtheAParrayanddisableconnectivity.
1. EditEditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint).
2. BlinkLED
TheManagedAP’sLEDwillflashtemporarilytohelpidentify&locateaccesspoints.
3. BuzzerTheManagedAP’sbuzzerwillsoundtemporarilytohelpidentify&locateaccesspoints.
4. NetworkConnectivityGotothe“NetworkConnectivity”paneltoperformapingortraceroute.
5. RestartRestartstheManagedAP.
26
IV-4-1-2. ManagedAPGroupManagedAPscanbegroupedaccordingtoyourrequirements.ManagedAPGroupdisplaysinformationabouteachManagedAPgroupinthelocalnetwork:GroupName,MACAddress,DeviceName,Model,IPAddress,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccesspoint,andStatus(connectedordisconnected).ToeditManagedAPGroupsgotoNMSSettings! AccessPoint(refertoIV-5-1.AccessPoint).
ThesearchfunctioncanbeusedtolocateaspecificManagedAPGroup.Typeinthesearchboxandthelistwillupdate:
TheStatusicondisplaysgrey(disconnected),red(authenticationfailed/incompatibleNMSversion),orange(upgradingfirmware),yellow(connecting),green(connected)orblue(waitingforapproval)foreachindividualManagedAP.RefertoIV-4-1-1.ManagedAP:StatusIconsforfulldescriptions.EachManagedAPhas“Action”iconswiththefollowingfunctions:
2. DisallowRemovetheManagedAPfromtheAParrayanddisableconnectivity.
27
3. EditEditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint).
4. BlinkLED
TheManagedAP’sLEDwillflashtemporarilytohelpidentify&locateaccesspoints.
5. BuzzerTheManagedAP’sbuzzerwillsoundtemporarilytohelpidentify&locateaccesspoints.
6. NetworkConnectivityGotothe“NetworkConnectivity”paneltoperformapingortraceroute.
7. RestartRestartstheManagedAP.
28
IV-4-2.WLAN
IV-4-2-1. ActiveWLANDisplaysinformationabouteachSSIDintheAPArray:Index(referencenumber),Name/SSID,VLANID,Authentication,Encryption,IPAddressandAdditionalAuthentication.ToconfigureencryptionandVLANsforManagedAPsgotoNMSSettings! WLAN.ThesearchfunctioncanbeusedtolocateaspecificSSID.Typeinthesearchboxandthelistwillupdate:
29
IV-4-2-2. ActiveWLANGroupWLANgroupscanbecreatedaccordingtoyourpreference.ActiveWLANGroupdisplaysinformationaboutWLANgroup:GroupName,Name/SSID,VLANID,Authentication,Encryption,IPAddressandAdditionalAuthentication.
ThesearchfunctioncanbeusedtolocateaspecificActiveWLANGroup.Typeinthesearchboxandthelistwillupdate:
IV-4-3.Clients
IV-4-3-1. ActiveClientsDisplaysinformationaboutclientscurrentlyconnectedtotheAPArray:Index(referencenumber),ClientMACAddress,APMACAddress,WLAN(SSID),UserName,Radio(2.4GHzor5GHz),SignalStrengthreceivedbyClient,ConnectedTime,IdleTime,Tx&Rx(DatatransmittedandreceivedbyClientinKB),andtheVendoroftheclientdevice.Youcansetordisabletheauto-refreshtimefortheclientlistorclick“Refresh”tomanuallyrefresh.
Thesearchfunctioncanbeusedtolocateaspecificclient.Typeinthesearchboxandthelistwillupdate:
30
IV-4-4. Users
IV-4-4-1. ActiveUsersDisplaysinformationabouteachuserinthelocalnetworkviaguestportals:Index(referencenumber),UserName,MACAddress,IPAddress,SSID,Creator,CreateTime,ExpireTime,UsagePercentage,TrafficProgress,Vendorand Platformoftheuserdevice.
Thesearchfunctioncanbeusedtolocateaspecificclient.Typeinthesearchboxandthelistwillupdate:
IV-4-4-2. UsersLogDisplaysadetailedinformationlogofusersandactivityonthenetworkviaguestportals:ID,DateandTimeofentry,Categoryofentry,Severity,Users,Event/Activitiesdetails.
Thesearchfunctioncanbeusedtolocateaspecificclient.Typeinthesearchboxandthelistwillupdate:
31
IV-4-5. RogueDevicesRogueaccesspointdetectioncanidentifyanyunauthorizedaccesspointswhichmayhavebeeninstalledinthenetwork.Click“Start”toscanforroguedevices:
UnknownRogueDevicesdisplaysinformationaboutroguedevicesdiscoveredduringthescan:Index(referencenumber),Channel,SSID,MACAddress,Security,SignalStrength,Type,VendorandAction.
Thesearchfunctioncanbeusedtolocateaknownroguedevice.Typeinthesearchboxandthelistwillupdate:
32
IV-4-6. Information
IV-4-6-1. AllEvents/ActivitiesDisplaysalogoftime-stampedeventsforeachaccesspointintheArray–usethedropdownmenutoselectanaccesspointandviewthelog.
IV-4-6-2. APMonitoringDisplaysgraphicalmonitoringinformationaboutaccesspointsintheArrayfor2.4GHz&5GHz:TrafficTx(datatransmittedinMB),TrafficRx(datareceivedinMB),No.ofClients,WirelessChannel,TxPower(wirelessradiopower),CPUUsageandMemoryUsage.
Usethedropdownmenustoselectanaccesspointanddate.Youcansetordisabletheauto-refreshtimeforthedata:
33
IV-4-6-3.SSIDOverviewDisplaysgraphicalmonitoringinformationaboutdifferentSSIDsfor2.4GHz&5GHz,includingTrafficTx(datatransmittedinKbps),TrafficRx(datareceivedinKbps),andalsotheClientNumberforeachSSID. YoucanuseRefreshtorunthemanualrefresh:
2.4GHz&5GHzTrafficshowscurrentlyhowmuchTx/Rxtraffic(inKBps)utilizedineachSSID.Thebluediagramrepresentsthe2.4GHzradioband,andthegreendiagramrepresentsthe5GHzradioband.
34
ClientNumbershowscurrentlyhowmanycurrentusersoneachSSID.Thebluediagramrepresentsthe2.4GHzradioband,andthegreendiagramrepresentsthe5GHzradioband.
35
IV-5. NMSSettings
IV-5-1.AccessPointDisplaysinformationabouteachaccesspointandaccesspointgroupinthelocalnetworkandallowsyoutoeditaccesspointsandeditoraddaccesspointgroups.Thesearchfunctioncanbeusedtolocateanaccesspointoraccesspointgroup.Typeinthesearchboxandthelistwillupdate:
TheStatusicondisplaysgrey(disconnected),red(authenticationfailed/incompatibleNMSversion),orange(upgradingfirmware),yellow(connecting),green(connected)orblue(waitingforapproval)foreachindividualManagedAP.RefertoIV-4-1-1.ManagedAP:StatusIconsforfulldescriptions.The“Action”iconsenableyoutoallowordisallowanaccesspoint:
Selectanaccesspointoraccesspointgroupusingthecheck-boxesandclick“Edit”tomakeconfigurations,orclick“Add”toaddanewaccesspointgroup:
36
TheAccessPointSettingspanelcanenableordisableAutoApproveforallManagedAPs.Whenenabled,ManagedAPswillautomaticallyjointheAPArraywiththeControllerAP.Whendisabled,ManagedAPsmustbemanuallyapprovedtojointheAPArraywiththeControllerAP.
AccessPointSettingsAutoApprove EnableordisableAutoApproveforall
ManagedAPs.TomanuallyapproveaManagedAP,use“theallowAction”iconforthespecifiedaccesspoint:EditAccessPointConfigureyourselectedaccesspointonyourLAN.YoucansettheaccesspointasaDHCPclientorspecifyastaticIPaddressforyouraccesspoint,andassigntheaccesspointtoanAPgroup,aswellasedit2.4GHz&5GHzwirelessradiosettings.Aneventslogisdisplayedatthebottomofthepage.YoucanalsouseProfileSettingstoassigntheaccesspointtoWLAN,RADIUSandAccessControlgroupsindependentlyfromAccessPointGroupsettings.Checkthe“OverrideGroupSettings”boxtousedifferentindividualsettingsforaccesspointsassignedtoAPGroups:
37
BasicSettingsName Edittheaccesspointname.Thedefaultname
isAP+MACaddress.Description Enteradescriptionoftheaccesspointfor
referencee.g.2ndFloorOffice.MACAddress DisplaysMACaddress.APGroup UsethedropdownmenutoassigntheAPto
anAPGroup.YoucaneditAPGroupsfromtheNMSSettings! AccessPointpage.
IPAddressAssignment
Select“DHCPClient”foryouraccesspointtobeassignedadynamicIPaddressfromyourrouter’sDHCPserver,orselect“StaticIP”tomanuallyspecifyastatic/fixedIPaddressforyouraccesspoint(below).Checkthebox“OverrideGroupSetting”iftheAPisamemberofanAPGroupandyouwishtouseadifferentsettingthantheAPGroupsetting.
IPAddress SpecifytheIPaddresshere.ThisIPaddresswillbeassignedtoyouraccesspointandwillreplacethedefaultIPaddress.
SubnetMask Specifyasubnetmask.Thedefaultvalueis
38
255.255.255.0DefaultGateway ForDHCPusers,select“FromDHCP”toget
defaultgatewayfromyourDHCPserveror“User-Defined”toenteragatewaymanually.ForstaticIPusers,thedefaultvalueisblank.
PrimaryDNS DHCPuserscanselect“FromDHCP”togetprimaryDNSserver’sIPaddressfromDHCPor“User-Defined”tomanuallyenteravalue.ForstaticIPusers,thedefaultvalueisblank.
SecondaryDNS DHCPuserscanselect“FromDHCP”togetsecondaryDNSserver’sIPaddressfromDHCPor“User-Defined”tomanuallyenteravalue.ForstaticIPusers,thedefaultvalueisblank.
RadioSettingsWireless Enableordisabletheaccesspoint’s2.4GHzor
5GHzwirelessradio.Whendisabled,noSSIDsonthatfrequencywillbeactive.
Band Selectthewirelessstandardusedfortheaccesspoint.Combinationsof802.11b,
39
802.11g,802.11n&802.11accanbeselected.AutoPilot Enable/disableautochannelselection.Auto
channelselectionwillautomaticallysetthewirelesschannelfortheaccesspoint’s2.4GHzor5GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanually.
AutoPilotRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel.
AutoPilotInterval Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference.
ChannelBandwidth SetthechannelbandwidthoruseAuto(automaticallyselectbasedoninterferencelevel).
BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients.
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthevaluesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoint.
AdvancedSettingsContentionSlot Select“Short”or“Long”–thisvalueisusedfor
contentionwindowsinWMM(seeIV-6-7.WMM).
PreambleType Setthewirelessradiopreambletype.Thepreambletypein802.11basedwirelesscommunicationdefinesthelengthoftheCRC(CyclicRedundancyCheck)blockforcommunicationbetweentheaccesspointandroamingwirelessadapters.Thedefaultvalueis“ShortPreamble”.
GuardInterval Settheguardinterval. Ashorterintervalcanimproveperformance.
40
802.11gProtection Enable/disable802.11gprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
802.11nProtection Enable/disable802.11nprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
DTIMPeriod SettheDTIM(deliverytrafficindicationmessage)periodvalueofthewirelessradio.Thedefaultvalueis1.
RTSThreshold SettheRTSthresholdofthewirelessradio.Thedefaultvalueis2347.
FragmentThreshold
Setthefragmentthresholdofthewirelessradio.Thedefaultvalueis2346.
MulticastRate Setthetransferrateformulticastpacketsorusethe“Auto”setting.
TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower. Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal.
BeaconInterval Setthebeaconintervalofthewirelessradio.Thedefaultvalueis100.
Stationidletimeout
Settheintervalforkeepalivemessagesfromtheaccesspointtoawirelessclienttoverifyifthestationisstillalive/active.
41
ProfileSettingsWLANGroup Assigntheaccesspoint’s2.4GHzor5GHz
SSID(s)toaWLANGroup.YoucaneditWLANgroupsinNMSSettings! WLAN.
RADIUSGroup Assigntheaccesspoint’s2.4GHzSSID(s)toaRADIUSgroup.YoucaneditRADIUSgroupsinNMSSettings! RADIUS.
AccessControlGroup
Assigntheaccesspoint’s2.4GHzSSID(s)toaRADIUSgroup.YoucaneditRADIUSgroupsinNMSSettings! AccessControl
Add/EditAccessPointGroupConfigureyourselectedaccesspointgroup.Accesspointgroupsettingsapplytoallaccesspointsinthegroup,unlessindividuallysettooverridegroupsettings.YoucanuseProfileGroupSettingstoassigntheaccesspointgrouptoWLAN,RADIUSandAccessControlgroups.TheGroupSettingspanelcanbeusedtoquicklymoveaccesspointsbetweenexistinggroups:selectanaccesspointandusethedropdownmenuorsearchtoselectaccesspointgroupsanduse<<and>>arrowstomoveAPsbetweengroups.
BasicGroupSettingsName Edittheaccesspointgroupname.Description Enteradescriptionoftheaccesspointgroup
forreferencee.g.2ndFloorOfficeGroup.
42
RadioGroupSettingsWireless Enableordisabletheaccesspointgroup’s
2.4GHzor5GHzwirelessradio.Whendisabled,noSSIDsonthatfrequencywillbeactive.
Band Selectthewirelessstandardusedfortheaccesspointgroup.Combinationsof802.11b,802.11g,802.11n&802.11accanbeselected.
AutoPilot Enable/disableautochannelselection.Autochannelselectionwillautomaticallysetthewirelesschannelfortheaccesspointgroup’s2.4GHzor5GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanually.
AutoPilotRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel.
AutoPilotInterval Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference.
ChannelBandwidth SetthechannelbandwidthoruseAuto
43
(automaticallyselectbasedoninterferencelevel).
BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients.
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthevaluesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoints.
AdvancedSettingsContentionSlot Select“Short”or“Long”–thisvalueisusedfor
contentionwindowsinWMM(seeIV-6-7.WMM).
PreambleType Setthewirelessradiopreambletype.Thepreambletypein802.11basedwirelesscommunicationdefinesthelengthoftheCRC(CyclicRedundancyCheck)blockforcommunicationbetweentheaccesspointandroamingwirelessadapters.Thedefaultvalueis“ShortPreamble”.
GuardInterval Settheguardinterval. Ashorterintervalcanimproveperformance.
802.11gProtection Enable/disable802.11gprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
802.11nProtection Enable/disable802.11nprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
DTIMPeriod SettheDTIM(deliverytrafficindicationmessage)periodvalueofthewirelessradio.Thedefaultvalueis1.
44
RTSThreshold SettheRTSthresholdofthewirelessradio.Thedefaultvalueis2347.
FragmentThreshold
Setthefragmentthresholdofthewirelessradio.Thedefaultvalueis2346.
MulticastRate Setthetransferrateformulticastpacketsorusethe“Auto”setting.
TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower. Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal.
BeaconInterval Setthebeaconintervalofthewirelessradio.Thedefaultvalueis100.
Stationidletimeout
Settheintervalforkeepalivemessagesfromtheaccesspointtoawirelessclienttoverifyifthestationisstillalive/active.
ProfileGroupSettingsWLANGroup Assigntheaccesspointgroup’s2.4GHzor
45
5GHzSSIDstoaWLANGroup.YoucaneditWLANgroupsinNMSSettings! WLAN.
RADIUSGroup Assigntheaccesspointgroup’s2.4GHzSSIDstoaRADIUSgroup.YoucaneditRADIUSgroupsinNMSSettings! RADIUS.
AccessControlGroup
Assigntheaccesspoint’s2.4GHzSSIDstoaRADIUSgroup.YoucaneditRADIUSgroupsinNMSSettings! AccessControl.
46
IV-5-2.WLANDisplaysinformationabouteachWLANandWLANgroupinthelocalnetworkandallowsyoutoaddoreditWLANs&WLANGroups.WhenyouaddaWLANGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.ThesearchfunctioncanbeusedtolocateaWLANorWLANGroup.Typeinthesearchboxandthelistwillupdate:
SelectaWLANorWLANGroupusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewWLANorWLANGroup:
47
Add/EditWLAN
WLANSettingsName/ESSID EdittheWLANname(SSID).Description EnteradescriptionoftheSSIDforreference
e.g.2ndFloorOfficeHR.SSID SelectwhichSSIDtoconfiguresecurity
settingsfor.VLANID SpecifytheVLANID.BroadcastSSID EnableordisableSSIDbroadcast.When
enabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID.
WirelessClientIsolation
Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspots
48
andcanpreventbruteforceattacksonclients’usernamesandpasswords.
LoadBalancing LoadbalancinglimitsthenumberofwirelessclientsconnectedtoanSSID.Setaloadbalancingvalue(maximum50).
AuthenticationMethod
Selectanauthenticationmethodfromthedropdownmenu.
AdditionalAuthentication
Selectanadditionalauthenticationmethodfromthedropdownmenu.
Varioussecurityoptions(wirelessdataencryption)areavailable.Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertopreventunauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsofnumbers,lettersandsymbols,andchangeyourpasswordregularly.
PleaserefertoIV-6-2-3.Securityformoreinformationonauthenticationandadditionalauthenticationtypes.
WLANAdvancedSettingsRSSIThreshold SetaRSSIThresholdlevel.
49
Add/EditWLANGroupWhenyouaddaWLANGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.
WLANGroupSettingsName EdittheWLANGroupname.Description EnteradescriptionoftheWLANGroupfor
referencee.g.2ndFloorOfficeHRGroup.Members SelectSSIDstoincludeinthegroupusingthe
checkboxesandassignVLANIDs.
50
IV-5-3.RADIUSDisplaysinformationaboutExternal&InternalRADIUSServers,AccountsandGroupsandallowsyoutoaddoreditRADIUSServers,Accounts&Groups.WhenyouaddaRADIUSGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.ThesearchfunctioncanbeusedtolocateaRADIUSServer,AccountorGroup.Typeinthesearchboxandthelistwillupdate:
Makeaselectionusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewWLANorWLANGroup:
51
Add/EditExternalRADIUSServer
Name EnteranamefortheRADIUSServer.Description EnteradescriptionoftheRADIUSServerfor
reference.RADIUSServer EntertheRADIUSserverhostIPaddress.
AuthenticationPort
SettheUDPportusedintheauthenticationprotocoloftheRADIUSserver.Valuemustbebetween1–65535.
SharedSecret Enterasharedsecret/passwordbetween1–99charactersinlength.Thisshouldmatchthe“MAC-RADIUS”password.
SessionTimeout Setadurationofsessiontimeoutinsecondsbetween0–86400.
Accounting EnableordisableRADIUSaccounting.
AccountingPort Whenaccountingisenabled(above),settheUDPportusedintheaccountingprotocoloftheRADIUSserver.Valuemustbebetween1–65535.
52
Add/EditInternalRADIUSServer
UploadEAPCertificateFile
EAPCertificateFileFormat
DisplaystheEAPcertificatefileformat:PCK#12(*.pfx/*.p12)
EAPCertificateFile Click“Upload”toopenanewwindowandselectthelocationofanEAPcertificatefiletouse.Ifnocertificatefileisuploaded,theinternalRADIUSserverwilluseaself-madecertificate.
InternalRADIUSServer
Name EnteranamefortheInternalRADIUSServer.
Description EnteradescriptionoftheInternalRADIUSServerforreference.
EAPCertificateFileFormat
DisplaystheEAPcertificatefileformat:PCK#12(*.pfx/*.p12)
EAPCertificateFile Click“Upload”toopenanewwindowandselectthelocationofanEAPcertificatefiletouse.Ifnocertificatefileisuploaded,theinternalRADIUSserverwilluseaself-madecertificate.
53
EAPInternalAuthentication
SelectEAPinternalauthenticationtypefromthedropdownmenu.
SharedSecret Enterasharedsecret/passwordforusebetweentheinternalRADIUSserverandRADIUSclient.Thesharedsecretshouldbe1–99charactersinlength.
SessionTimeout Setadurationofsessiontimeoutinsecondsbetween0–86400.
TerminationAction Selectatermination-actionattribute:“Reauthentication”sendsaRADIUSrequesttotheaccesspoint,“Not-Reathentication”sendsadefaulttermination-actionattributetotheaccesspoint,“Not-Send”notermination-actionattributeissenttotheaccesspoint.
Add/EditRADIUSAccounts
TheinternalRADIUSservercanauthenticateupto256useraccounts.The“RADIUSAccounts”pageallowsyoutoconfigureandmanageusers.
54
RADIUSAccountsUserName Entertheusernameshere,separatedby
commas.Add Click“Add”toaddtheusertotheuser
registrationlist.Reset Cleartextfromtheusernamebox.
UserRegistrationListSelect Checktheboxtoselectauser.UserName Displaystheusername.Password Displaysifspecifiedusernamehasapassword
(configured)ornot(notconfigured).Customize Click“Edit”toopenanewfieldtoset/edita
passwordforthespecifiedusername(below).
DeleteSelected Deleteselecteduserfromtheuserregistrationlist.
DeleteAll Deleteallusersfromtheuserregistrationlist.
EditUserRegistrationListUserName Existingusernameisdisplayedhereandcan
beeditedaccordingtoyourpreference.Password Enteroreditapasswordforthespecifieduser.
55
Add/EditRADIUSGroup
WhenyouaddaRADIUSGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.
RADIUSGroupSettingsGroupName EdittheRADIUSGroupname.Description EnteradescriptionoftheRADIUSGroupfor
reference.2.4GHzRADIUS Enable/Disableprimary&secondaryRADIUS
serversfor2.4GHz.5GHzRADIUS Enable/Disableprimary&secondaryRADIUS
serversfor5GHz.Members AddRADIUSuseraccountstotheRADIUS
group(Maximum5).
56
IV-5-4.AccessControl
MACAccessControlisasecurityfeaturethatcanhelptopreventunauthorizedusersfromconnectingtoyouraccesspoint.Thisfunctionallowsyoutodefinealistofnetworkdevicespermittedtoconnecttotheaccesspoint.DevicesareeachidentifiedbytheiruniqueMACaddress.IfadevicewhichisnotonthelistofpermittedMACaddressesattemptstoconnecttotheaccesspoint,itwillbedenied.TheAccessControlpaneldisplaysinformationaboutMACAccessControl&MACAccessControlGroupsandGroupsandallowsyoutoaddoreditMACAccessControl&MACAccessControlGroupsettings.WhenyouaddanAccessControlGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.ThesearchfunctioncanbeusedtolocateaMACaddressorMACAccessControlGroup.Typeinthesearchboxandthelistwillupdate:
Makeaselectionusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewMACAddressorMACAccessControlGroup:
57
Add/EditMACAccessControl
AddMACAddress EnteraMACaddressofcomputerornetworkdevicemanuallye.g.‘aa-bb-cc-dd-ee-ff’orentermultipleMACaddressesseparatedwithcommas,e.g.‘aa-bb-cc-dd-ee-ff,aa-bb-cc-dd-ee-gg’
Add Click“Add”toaddtheMACaddresstotheMACaddressfilteringtable.
Reset Clearallfields.MACaddressentrieswillbelistedinthe“MACAddressFilteringTable”.Selectanentryusingthe“Select”checkbox.
Select Deleteselectedorallentriesfromthetable.MACAddress TheMACaddressislistedhere.DeleteSelected DeletetheselectedMACaddressfromthe
list.DeleteAll DeleteallentriesfromtheMACaddress
filteringtable.Export Click“Export”tosaveacopyoftheMAC
filteringtable.Anewwindowwillpopupforyoutoselectalocationtosavethefile.
58
Add/EditMACAccessControlGroupWhenyouaddanAccessControlGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.
MACFilterGroupSettingsGroupName EdittheMACAccessControlGroupname.Description EnteradescriptionoftheMACAccessControl
Groupforreference.Action Select“Blacklist”todenyaccesstospecified
MACaddressesinthegroup,andselect“Whitelist”topermitaccesstospecifiedMACaddressinthegroup.
Members AddMACaddressestothegroup.
59
IV-5-5.GuestNetworkYoucansetupanadditional“Guest”Wi-FinetworksoguestuserscanenjoyWi-Ficonnectivitywithoutaccessingyourprimarynetworks.The“Guest”screendisplayssettingsforyourguestWi-Finetwork.TheGuestNetworkpaneldisplaysinformationaboutGuestNetworksandGuestNetworkGroupsandallowsyoutoaddoreditGuestNetworkandGuestNetworkGroupsettings.WhenyouaddaGuestNetworkGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.ThesearchfunctioncanbeusedtolocateaGuestNetworkorGuestNetworkGroup.Typeinthesearchboxandthelistwillupdate:
Makeaselectionusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewGuestNetworkorGuestNetworkGroup.
60
Add/EditGuestNetwork
GuestNetworkSettingsName/ESSID EdittheGuestNetworkname(SSID).Description EnteradescriptionoftheGuestNetworkfor
referencee.g.2ndFloorOfficeHR.VLANID SpecifytheVLANID.BroadcastSSID EnableordisableSSIDbroadcast.When
enabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID.
WirelessClient Enableordisablewirelessclientisolation.
61
Isolation Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords.
LoadBalancing LoadbalancinglimitsthenumberofwirelessclientsconnectedtoanSSID.Setaloadbalancingvalue(maximum50).
AuthenticationMethod
Selectanauthenticationmethodfromthedropdownmenu.
AdditionalAuthentication
Selectanadditionalauthenticationmethodfromthedropdownmenu.
Varioussecurityoptions(wirelessdataencryption)areavailable.Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertopreventunauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsofnumbers,lettersandsymbols,andchangeyourpasswordregularly.
GuestAccessPolicyGuestPortal Selectaguestportaltouseforthisguest
SSID.GuestportalscanbeconfiguredinNMSSettings! GuestPortal.
TrafficShaping Enableordisabletrafficshapingfortheguestnetwork.
Downlink EnteradownlinklimitinMB.Uplink EnteranuplinklimitinMB.IPFiltering Select“Deny”or“Allow”todenyorallow
specifiedIPaddressestoaccesstheguestnetwork.Select“Disable”todisableIPfiltering.
Rules EnterIPaddressestobefilteredaccordingto
62
theDenyorAllowrulespecifiedaboveandchecktheboxforeachIPaddresstobefiltered.
GuestNetworkAdvancedSettingsScheduleGroup AssignguestSSIDtoaspecifiedschedule
(schedulemustbepre-configuredinNMSSettings! Schedule.)
Add/EditGuestNetworkGroupWhenyouaddaGuestNetworkGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.
GuestNetworkGroupSettingsGroupName EdittheGuestNetworkGroupname.Description EnteradescriptionoftheGuestNetworkfor
reference.Members AddSSIDstotheGuestNetworkgroup.You
canoverrideindividualVLANID&schedulesettingsandassignadifferentVLANIDorschedule.
IV-5-6.UsersUseraccountscanbecreated,monitoredandmanagedforusewiththecontroller’sguestportalfunction.GuestportalsettingscanbefoundatIV-5-7.GuestPortal(NMSSettings!GuestPortal).
63
Whenaguestportalisenabled,userswhoconnecttotheGuestSSIDwillautomaticallyarriveatthecustomizableguestportalpage.Fromthereauseraccountloginisrequiredtoaccessthenetwork.Theseuseraccountsarecreatedandgroupedhere,andthenselectedastheAuthenticationUserGroupatNMSSettings! GuestPortal.TheguestportalalsogeneratesaFrontDeskURLwhichallowsstaff/adminstologinandquicklycreate/manageuseraccountsandexpirytimes,andgenerate&printticketswithlogincredentialstogivetoguestusers.Thesestaff/adminaccountsarecreatedandgroupedhere,andselectedastheFrontDeskUserGroupatNMSSettings! GuestPortal.InformationontheUserspageisdisplayedabouteachuseraccountanduseraccountgroup. Thesearchfunctioncanbeusedtolocateauserorusergroup.Typeinthesearchboxandthelistwillupdate:
TheStatusicondisplaysgrey(loggedout),yellow(expired),red(locked)orgreen(active)foreachuser.TheActioniconscanlock/unlockorrevive(anexpired)useraccount. Selectauserorusergroupusingthecheck-boxesandclick“Edit”tomakeconfigurations,orclick“Add”toaddnewusersandgroups:
64
Add/EditUser
UserSettingsName Edittheuseraccountname.Description Enteradescriptionoftheuseraccountname
e.g.GuestPortal1Password Specifyapasswordfortheaccount.ConfirmPassword Confirmthepasswordfortheaccount. UserGroup Assigntheuseraccounttoausergroupsoit
canbeutilizedbytheguestportal.
Add/EditUserGroup
UserGroupSettingsName Edittheusergroupname.Description Enteradescriptionoftheusergroupname
e.g.FrontDeskorGuestUsers.RoleType SelectwhetherthegroupisforGuestPortal
usersorFrontDeskmanagers.Members Selectwhichuseraccountstoincludeinthe
group.
65
IV-5-7.GuestPortal
Displaysinformationaboutguestportalsandallowsyoutoeditguestportalsettings.GuestportalsrequireuserstobecreatedatNMSSettings! Users.Whenaguestportalisenabled,userswhoconnecttotheGuestSSIDwillautomaticallyarriveatthecustomizableguestportalpage.Fromthereauseraccountloginisrequiredtoaccessthenetwork.TheseuseraccountsarecreatedandgroupedatNMSSettings! Users,andthenselectedastheAuthenticationUserGrouphere.TheguestportalalsogeneratesaFrontDeskURLwhichallowsstaff/adminstologinandquicklycreate/manageuseraccountsandexpirytimes,andgenerate&printticketswithlogincredentialstogivetoguestusers.Thesestaff/adminaccountsarecreatedandgroupedatNMSSettings! UsersandthenselectedastheFrontDeskUserGrouphere.
GuestPortalSettingsIdleTimeout Specifyadurationofidletimeafterwhichthe
guestportalwilltimeout.LoginPasswordRetryLockout
Specifynumberofincorrectloginattemptsbeforetheuseraccountislocked.
66
IV-5-7-1. Add/EditGuestPortal
Addaguestportaloreditanexistingguestportalforusewiththeguestnetwork.
GuestPortalSettingsName Editthenameoftheguestportalfor
reference.Description Enteradescriptionoftheguestportalfor
reference.GuestPortalType Selectaguestportaltype.Referbelowfor
moreinformationaboutavailabletypes.AuthenticationServer
Selectanauthenticationserver:LocalDatabaseisthedefaultsetting.
FrontDeskUserGroup
Selectausergroupforfrontdeskaccess.
FrontDeskGenerationURL
DisplaystheURLofyourFrontDeskpage.Seebelowformoreinformation.
FrontDeskPrintoutMessage
EditthecontentofFrontDeskprintoutticket.Referbelowformoreinformation.
AuthenticationUserGroup
Selectausergroupforlogintotheguestnetwork.
LandingPage Specifyalandingpageforusersaftersuccessfullogin.
67
IV-5-7-1-1.FrontDeskURL
GotothisURLinawebbrowserandmembersoftheFrontDeskUserGroupcanlogintocreateguestaccounts,setexpirylimitsandprintouttickets.
GuestPortalTypeDynamicmustbeselectedtouseFrontDesk.
1. LoginwithanaccountfromtheFrontDeskUserGroup(NMSSettings! Users).
2. TheGuestAccountWizardallowsyoutosetupanewuseraccountand
configurethevalidperiod&SSID,oruploadabulkguestlistin.csvformat.ClickNexttocontinue.
68
3. Asummaryofthenewaccount(s)isdisplayedwithquicklinkstoprintticketsforindividualorallnewaccounts.
4. TheGuestAccountMonitordisplaysallguestaccountsalongwithstatusandquickactioniconstoprint,reviveexpiredaccountsorlock/unlock(disable/enable)accounts.Yellow: ExpiredRed: LockedGrey: LoggedoutGreen: Active
Mouseoverastatusoractioniconforadescription,andusethearrowstoreorderthelistaccordingtoS/NorStatus.
Anytimeyouchoosetoprintaccount(s)yourbrowserwillopenaprintdialogboxwhereyoucanselectyourprintdestinationandconfigureprintsettingsasusual:
69
IV-5-7-1-2. FrontDeskPrintout
EditandpreviewthecontentoftheFrontDeskprintoutinthetextboxusingthevariableslistedintheDefinitionTable.E.g.(USERNAME)willdisplayontheprintoutasthespecifiedusername.
GuestPortalTypeDynamicmustbeselectedtouseFrontDesk.
70
IV-5-7-1-3.GuestPortalType
Fourtypesofguestportalareavailablefromthedropdownmenu:
Free Redirectsuserstothespecifiedlandingpage,withnouserloginrequired.
ServiceLevelAgreement Requiresuserstoaccepttermsandconditions,
withnouserloginrequired.StaticUsers Requiresuserloginandaccepttermsand
conditions.UsersmustbecreatedinNMSatNMSSettings! Users.FrontDeskisnotused.
DynamicUsers Requiresuserloginandaccepttermsand
conditions.AllowsFrontDesktocreateuseraccountsinadditiontoNMS.
71
IV-5-7-1-4.GuestPortalCustomization
Guestportalcustomizationvariesaccordingtoguestportaltype.ClickEdittomakechanges.
LoginPortalSettingsHeaderImage Selectan800x200headerimage.LogoImage Selecta200x50logoimage.TitleMessage Enteratitlemessagefortheguestportal
page.BackgroundColor SpecifyabackgroundcolorasaHEXvalue. TermsofUse Enteryourtermsofuse.
72
IV-5-8.ZoneEdit
ZoneEditdisplaysinformationaboutzonesforusewiththeZonePlanfeatureandallowsyoutoaddoreditzones.Thesearchfunctioncanbeusedtofindexistingzones.Typeinthesearchboxandthelistwillupdate:
Makeaselectionusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewzone.
73
Add/EditZone
UploadZoneImageChooseFile Clicktolocateanimagefiletobedisplayedas
amapintheZonePlanfeature.Typicallyafloorplanimageisuseful.
ZoneSettingName/Location Enteranameofthezone/location.Description Enteradescriptionofthezone/locationfor
reference.Members Assignaccesspointstothespecified
zone/locationforusewiththeZonePlanfeature.
74
IV-5-9.ScheduleYoucandefineschedulesaccordingtoday,starttimeandendtime-andgroupmultipleschedulestogetherintoschedulegroups.SchedulegroupscanbeassignedtoWLANs,WLANGroups&GuestNetworkatNMSSettings! WLANandNMSSettings! GuestNetwork.
Add/EditScheduleUsethecheckboxesanddrop-downmenustosetupyourschedule.
75
Add/EditScheduleGroup
WLANGroupSettingsName Edittheschedulegroupname.Description Enteradescriptionoftheschedulegroupfor
reference.Members Selectindividualschedulestoincludeinthe
schedulegroupusingthecheckboxes.
76
IV-5-10. SmartRoaming
SmartRoamingenablesyoutosetuptheRoaminggroupsandtheUsedWLANSSID,WANGroupandAPNumber.Beforesetuptheroaminggroup,theWLANSettingsneedtobeconfiguredfirst.Forexample,pleaseclickNMSSettings>>WLAN,check2.4GHzSSID,andthenclickEdit.
Configure802.11kasEnable.Pleasenote,don'tconfiguretheAuthenticationasOPEN.ThenclickSaveandApply.Pleasewaitabout3minutes.
77
RoamingGroupSettingProcedure:
(1) EnterNameofthissetting.(2) Enter4characteristicsonMobilityDomain. (3) Enter32characteristicsonEncryptionKey. (4) SelectWLANGroup,andselectWLAN. (5) ItwilldisplayAPsusingthisWLANSetting. (6) ClickEditiconon1stAP. (7) Enter2ndAPMACAddress,clickSaveandClose.(8) ClickEditiconon2ndAP. (9) Enter1stAPMACAddress,clickSaveandClose.
78
Then,clickSaveandApply,andwaitabout3minutes.Congratulations,youhaveconfigured802.11rand802.11ksuccessfully.
IV-5-11. DeviceMonitoring
DevicemonitoringenablesyoutospecifyandmonitorthestatusanyIPdevicesonthenetworksuchasIPcameras.Thedescriptionandstatusofeachdeviceisdisplayedinthetable.
AddorEditIPdevicesbyenteringtheIPaddress.
79
IV-5-12. FirmwareUpgradeFirmwareUpgradeallowsyoutoupgradefirmwaretoAccessPointGroups.First,uploadthefirmwarefilefromalocaldiskorexternalFTPserver:locatethefileandclick“Upload”or“Check”.ThetablebelowwilldisplaytheFirmwareName,FirmwareVersion,NMSVersion,ModelandSize.Thenclick“UpgradeAll”toupgradeallaccesspointsintheArrayorselectAccessPointgroupsfromthelistusingcheck-boxesandclick“UpgradeSelected”toupgradeonlyselectedaccesspoints.
80
IV-5-13. Advanced
IV-5-13-1. SystemSecurityConfiguretheNMSsystemnameandsecuritykeyforcommunicationbetweenAPControllerandManagedAPs.
V-5-13-2. Date&TimeConfigurethedate×ettingsoftheAPArray.Thedateandtimeoftheaccesspointscanbeconfiguredmanuallyorcanbesynchronizedwithatimeserver.
DateandTimeSettingsLocalTime Settheaccesspoint’sdateandtimemanually
usingthedropdownmenus.AcquireCurrentTimefromyourPC
Click“AcquireCurrentTimefromYourPC”toentertherequiredvaluesautomaticallyaccordingtoyourcomputer’scurrenttimeanddate.
81
NTPTimeServerUseNTP TheaccesspointalsosupportsNTP(Network
TimeProtocol)forautomatictimeanddatesetup.
ServerName EnterthehostnameorIPaddressofthetimeserverifyouwish.
UpdateInterval Specifyafrequency(inhours)fortheaccesspointtoupdate/synchronizewiththeNTPserver.
TimeZoneTimeZone Selectthetimezoneofyourcountry/region.If
yourcountry/regionisnotlisted,pleaseselectanothercountry/regionwhosetimezoneisthesameasyours.
V-5-13-3. SystemAccountsImporttheAPIKeywhichwasreceivedGoogleDevelopers.ThisisfortheOnlineMapfeatureinZonePlanpage.GraphicalzoneplanswithGoogleMapsintegrationandsetupwizardsareavailableforexpandingandmanaginglargenetworkswithmultipleaccesspointsNote: Pleasegotohttps://console.developers.google.com/flows/enableapi?apiid=maps_backend&keyType=CLIENT_SIDE&reusekey=truetoapplyforanAPIkeyfirsttoutilizethisfeatureset.
82
83
IV-6. LocalNetwork
IV-6-1.NetworkSettings
IV-6-1-1. LAN-SideIPAddressThe“LAN-sideIPaddress”pageallowsyoutoconfigureyourAPControlleronyourLocalAreaNetwork(LAN).YoucanenabletheaccesspointtodynamicallyreceiveanIPaddressfromyourrouter’sDHCPserveroryoucanspecifyastaticIPaddressforyouraccesspoint,aswellasconfigureDNSservers.YoucanalsosetyourAPControllerasaDHCPservertoassignIPaddressestootherdevicesonyourLAN.
LAN-sideIPAddressIPAddressAssignment
Select“StaticIP”tomanuallyspecifyastatic/fixedIPaddressforyouraccesspoint.Select“DHCPClient”foryouraccesspointtobeassignedadynamicIPaddressfromyourrouter’sDHCPserver,orselect“DHCPServer”foryouraccesspointtoactasaDHCPserverandassignIPaddressesonyourLAN.
StaticIPAddressIPAddress SpecifytheIPaddresshere.ThisIPaddress
willbeassignedtoyouraccesspointandwillreplacethedefaultIPaddress.
SubnetMask Specifyasubnetmask.Thedefaultvalueis255.255.255.0
DefaultGateway ForDHCPusers,select“FromDHCP”togetdefaultgatewayfromyourDHCPserveror
84
“User-Defined”toenteragatewaymanually.ForstaticIPusers,thedefaultvalueisblank.
PrimaryDNSAddress
ForstaticIPusers,thedefaultvalueisblank.
SecondaryDNSAddress
ForstaticIPusers,thedefaultvalueisblank.
DHCPClientIPAddress When“DHCPClient”isselectedthisvalue
cannotbemodified.SubnetMask When“DHCPClient”isselectedthisvalue
cannotbemodified.DefaultGateway Select“FromDHCP”orselect“User-Defined”
andenteradefaultgateway.PrimaryDNSAddress
Select“FromDHCP”orselect“User-Defined”andenteraprimaryDNSaddress.
SecondaryDNSAddress
Select“FromDHCP”orselect“User-Defined”andenterasecondaryDNSaddress.
85
DHCPServerIPAddress SpecifytheIPaddresshere.ThisIPaddress
willbeassignedtoyouraccesspointandwillreplacethedefaultIPaddress.
SubnetMask Specifyasubnetmask.Thedefaultvalueis255.255.255.0
IPAddressRange EnterthestartandendIPaddressoftheIPaddressrangewhichyouraccesspoint’sDHCPserverwillassigntodevicesonthenetwork.
DomainName Enteradomainname.LeaseTime Selectaleasetimefromthedropdown
menu.IPaddresseswillbeassignedforthisperiodoftime.
DefaultGateway Enteradefaultgateway.PrimaryDNSAddress
EnteraprimaryDNSaddress.
SecondaryDNSAddress
EnterasecondaryDNSaddress.
Youraccesspoint’sDHCPservercanbeconfiguredtoassignstatic(fixed)IPaddressestospecifiednetworkdevices,identifiedbytheiruniqueMACaddress:
DHCPServerStaticIPAddressMACAddress EntertheMACaddressofthenetworkdevice
86
tobeassignedastaticIPaddress.IPAddress SpecifytheIPaddresstoassignthedevice.Add ClicktoassigntheIPaddresstothedevice.
IV-6-1-2. LANPortSettingsThe“LANPort”pageallowsyoutoconfigurethesettingsforyourAPControllerswiredLAN(Ethernet)ports.
WiredLANPort IdentifiesLANport1or2.Enable Enable/disablespecifiedLANport.Speed&Duplex Selectaspeed&duplextypeforspecifiedLAN
port,orusethe“Auto”value.LANportscanoperateupto1000Mbpsandfull-duplexenablessimultaneousdatapacketstransfer/receive.
FlowControl Enable/disableflowcontrol.Flowcontrolcanpausenewsessionrequestuntilcurrentdataprocessingiscomplete,inordertoavoiddeviceoverloadsunderheavytraffic.
802.3az Enable/disable802.3az.802.3azisanEnergyEfficientEthernetfeaturewhichdisablesunusedinterfacestoreducepowerusage.
87
IV-6-1-3. VLANThe“VLAN”(VirtualLocalAreaNetwork)pageenablesyoutoconfigureVLANsettings.AVLANisalocalareanetworkwhichmapsworkstationsvirtuallyinsteadofphysicallyandallowsyoutogrouptogetherorisolateusersfromeachother.VLANIDs1–4094aresupported.
VLANIDsintherange1–4094aresupported.
VLANInterfaceWiredLANPort/Wireless
IdentifiesLANport1or2andwirelessSSIDs(2.4GHzor5GHz).
VLANMode Select“TaggedPort”or“UntaggedPort”forspecifiedLANinterface.
VLANID SetaVLANIDforspecifiedinterface,if“UntaggedPort”isselected.
ManagementVLANVLANID SpecifytheVLANIDofthemanagementVLAN.
OnlythehostsbelongingtothesameVLANcanmanagethedevice.
88
IV-6-2.2.4GHz11bgn(NotavailableontheWLC-6404)The“2.4GHz11bgn”menuallowsyoutoviewandconfigureinformationforyouraccesspoint’s2.4GHzwirelessnetworkacrossfourcategories:Basic,Advanced,SecurityandWDS.
IV-6-2-1. BasicThe“Basic”screendisplaysbasicsettingsforyouraccesspoint’s2.4GHzWi-Finetwork(s).
Whenautochannelisdisabled,selectawirelesschannelmanually:
Channel Selectawirelesschannelfrom1–11.ChannelBandwidth Setthechannelbandwidth:20MHz(lower
performancebutlessinterference),40MHz(higherperformancebutpotentiallyhigherinterference)orAuto(automaticallyselectbasedoninterferencelevel).
BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients.
89
IV-6-2-2. Advanced
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthevaluesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoint.
ContentionSlot Select“Short”or“Long”–thisvalueisusedfor
contentionwindowsinWMM(seeIV-6-7.WMM).
PreambleType Setthewirelessradiopreambletype.Thepreambletypein802.11basedwirelesscommunicationdefinesthelengthoftheCRC(CyclicRedundancyCheck)blockforcommunicationbetweentheaccesspointandroamingwirelessadapters.Thedefaultvalueis“ShortPreamble”.
GuardInterval Settheguardinterval. Ashorterintervalcanimproveperformance.
802.11gProtection Enable/disable802.11gprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
90
802.11nProtection Enable/disable802.11nprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
DTIMPeriod SettheDTIM(deliverytrafficindicationmessage)periodvalueofthewirelessradio.Thedefaultvalueis1.
RTSThreshold SettheRTSthresholdofthewirelessradio.Thedefaultvalueis2347.
FragmentThreshold
Setthefragmentthresholdofthewirelessradio.Thedefaultvalueis2346.
MulticastRate Setthetransferrateformulticastpacketsorusethe“Auto”setting.
TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower. Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal.
BeaconInterval Setthebeaconintervalofthewirelessradio.Thedefaultvalueis100.
Stationidletimeout
Settheintervalforkeepalivemessagesfromtheaccesspointtoawirelessclienttoverifyifthestationisstillalive/active.
91
IV-6-2-3. Security
Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertopreventunauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsofnumbers,lettersandsymbols,andchangeyourpasswordregularly.
SSID SelectwhichSSIDtoconfiguresecuritysettingsfor.
BroadcastSSID EnableordisableSSIDbroadcast.Whenenabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID.
WirelessClientIsolation
Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords.
92
LoadBalancing LoadbalancinglimitsthenumberofwirelessclientsconnectedtoanSSID.Setaloadbalancingvalue(maximum50).
AuthenticationMethod
Selectanauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod.
AdditionalAuthentication
Selectanadditionalauthenticationmethodfromthedropdownmenuandrefertotheinformationbelow(IV-6-2-3-6.)appropriateforyourmethod.
IV-6-2-3-1. NoAuthentication
Authenticationisdisabledandnopassword/keyisrequiredtoconnecttotheaccesspoint.
Disablingwirelessauthenticationisnotrecommended.Whendisabled,anybodywithinrangecanconnecttoyourdevice’sSSID.
IV-6-2-3-2. WEP
WEP(WiredEquivalentPrivacy)isabasicencryptiontype.ForahigherlevelofsecurityconsiderusingWPAencryption.
KeyLength Select64-bitor128-bit.128-bitismoresecurethan64-bitandisrecommended.
KeyType Choosefrom“ASCII”(anyalphanumericalcharacter0-9,a-zandA-Z)or“Hex”(anycharactersfrom0-9,a-fandA-F).
DefaultKey Selectwhichencryptionkey(1–4below)isthedefaultkey.Forsecuritypurposes,youcansetuptofourkeys(below)andchangewhichisthedefaultkey.
EncryptionKey1–4
Enteryourencryptionkey/passwordaccordingtotheformatyouselectedabove.
93
IV-6-2-3-3. IEEE802.1x/EAP
KeyLength Select64-bitor128-bit.128-bitismoresecurethan64-bitandisrecommended.
IV-6-2-3-4. WPA-PSK
WPA-PSKisasecurewirelessencryptiontypewithstrongdataprotectionanduserauthentication,utilizing128-bitencryptionkeys.
WPAType SelectfromWPA/WPA2MixedMode-PSK,WPA2orWPAonly.WPA2issaferthanWPAonly,butnotsupportedbyallwirelessclients.Pleasemakesureyourwirelessclientsupportsyourselection.
Encryption Select“TKIP/AESMixedMode”or“AES”encryptiontype.
KeyRenewalInterval
Specifyafrequencyforkeyrenewalinminutes.
Pre-SharedKeyType
Choosefrom“Passphrase”(8–63alphanumericcharacters)or“Hex”(upto64charactersfrom0-9,a-fandA-F).
Pre-SharedKey Pleaseenterasecuritykey/passwordaccordingtotheformatyouselectedabove.
IV-6-2-3-5. WPA-EAP
WPAType SelectfromWPA/WPA2MixedMode-EAP,WPA2-EAPorWPA-EAP.
Encryption Select“TKIP/AESMixedMode”or“AES”encryptiontype.
KeyRenewalInterval
Specifyafrequencyforkeyrenewalinminutes.
WPA-EAPmustbedisabledtouseMAC-RADIUSauthentication.
94
IV-6-2-3-6. AdditionalAuthentication
Additionalwirelessauthenticationmethodscanalsobeused:MACAddressFilterRestrictwirelessclientsaccessbasedonMACaddressspecifiedintheMACfiltertable.
SeeIV-6-6.MACFiltertoconfigureMACfiltering.MACFilter&MAC-RADIUSAuthenticationRestrictwirelessclientsaccessusingbothoftheaboveMACfiltering&RADIUSauthenticationmethods.MAC-RADIUSAuthenticationRestrictwirelessclientsaccessbasedonMACaddressviaaRADIUSserver,orpasswordauthenticationviaaRADIUSserver.
SeeIV-6-5.RADIUStoconfigureRADIUSservers.
WPSmustbedisabledtouseMAC-RADIUSauthentication.SeeIV-6-4.forWPSsettings.
MACRADIUSPassword
SelectwhethertouseMACaddressorpasswordauthenticationviaRADIUSserver.Ifyouselect“Usethefollowingpassword”,enterthepasswordinthefieldbelow.Thepasswordshouldmatchthe“SharedSecret”usedinIV-6-5.RADIUS.
95
IV-6-2-4. WDS
WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogetherinanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.
WhenusingWDS,configuretheIPaddressofeachaccesspointtobeinthesamesubnetandensurethereisonlyoneactiveDHCPserveramongconnectedaccesspoints,preferablyontheWANside.
WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.Allaccesspointsshouldusethesamewirelesschannelandencryptionmethod.
96
2.4GHzWDSFunctionality Select“WDSwithAP”touseWDSwithaccess
pointor“WDSDedicatedMode”touseWDSandalsoblockcommunicationwithregularwirelessclients.WhenWDSisused,eachaccesspointshouldbeconfiguredwithcorrespondingMACaddresses,wirelesschannelandwirelessencryptionmethod.
LocalMACAddress DisplaystheMACaddressofyouraccesspoint.
WDSPeerSettingsWDS# EntertheMACaddressforuptofourother
WDSdevicesyouwishtoconnect.
WDSVLANVLANMode SpecifytheWDSVLANmodeto“Untagged
Port”or“TaggedPort”.VLANID SpecifytheWDSVLANIDwhen“Untagged
Port”isselectedabove.
WDSEncryptionmethodEncryption Selectwhethertouse“None”or“AES”
encryptionandenterapre-sharedkeyforAESconsistingof8-63alphanumericcharacters.
97
IV-6-3. 5GHz11ac11an(NotavailableontheWLC-6404)
The“5GHz11ac11an”menuallowsyoutoviewandconfigureinformationforyouraccesspoint’s5GHzwirelessnetworkacrossfourcategories:Basic,Advanced,SecurityandWDS.
IV-6-3-1. Basic
The“Basic”screendisplaysbasicsettingsforyouraccesspoint’s5GHzWi-Finetwork(s).
Wireless Enableordisabletheaccesspoint’s5GHzwirelessradio.Whendisabled,no5GHzSSIDswillbeactive.
Band Selectthewirelessstandardusedforthe
98
accesspoint.Combinationsof802.11a,802.11n&802.11accanbeselected.
EnableSSIDNumber SelecthowmanySSIDstoenableforthe5GHzfrequencyfromthedropdownmenu.Amaximumof16canbeenabled.
SSID# EntertheSSIDnameforthespecifiedSSID(upto16).TheSSIDcanconsistofanycombinationofupto32alphanumericcharacters.
VLANID SpecifyaVLANIDforeachSSID.AutoChannel Enable/disableautochannelselection.Auto
channelselectionwillautomaticallysetthewirelesschannelfortheaccesspoint’s5GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanuallyasshowninthenexttable.
AutoChannelRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel.
AutoChannelInterval
Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference.
ChannelBandwidth Setthechannelbandwidth:20MHz(lowerperformancebutlessinterference),Auto40/20MHzorAuto80/40/20MHz(automaticallyselectbasedoninterferencelevel).
BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients.
Whenautochannelisdisabled,selectawirelesschannelmanually:
Channel Selectawirelesschannel.ChannelBandwidth Setthechannelbandwidth:20MHz(lower
performancebutlessinterference),Auto40/20MHzorAuto80/40/20MHz(automaticallyselectbasedoninterferencelevel).
99
BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients.
IV-6-3-2. Advanced
Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthevaluesonthispageunlessyouarealreadyfamiliarwiththesefunctions.
Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoint.
GuardInterval Settheguardinterval.Ashorterintervalcan
improveperformance.802.11nProtection Enable/disable802.11nprotection,which
increasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)
DTIMPeriod SettheDTIM(deliverytrafficindicationmessage)periodvalueofthewirelessradio.Thedefaultvalueis1.
RTSThreshold SettheRTSthresholdofthewirelessradio.Thedefaultvalueis2347.
FragmentThreshold
Setthefragmentthresholdofthewirelessradio.Thedefaultvalueis2346.
MulticastRate Setthetransferrateformulticastpacketsorusethe“Auto”setting.
100
TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower.Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal.
BeaconInterval Setthebeaconintervalofthewirelessradio.Thedefaultvalueis100.
Stationidletimeout
Settheintervalforkeepalivemessagesfromtheaccesspointtoawirelessclienttoverifyifthestationisstillalive/active.
IV-6-3-3. Security
Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.
It’sessentialtoconfigurewirelesssecurityinordertopreventunauthorisedaccesstoyournetwork.
Selecthard-to-guesspasswordswhichincludecombinationsofnumbers,lettersandsymbols,andchangeyourpasswordregularly.
SSID SelectwhichSSIDtoconfiguresecuritysettingsfor.
101
BroadcastSSID EnableordisableSSIDbroadcast.Whenenabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID.
WirelessClientIsolation
Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords.
LoadBalancing LoadbalancinglimitsthenumberofwirelessclientsconnectedtoanSSID.Setaloadbalancingvalue(maximum50).
AuthenticationMethod
Selectanauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod.
AdditionalAuthentication
Selectanadditionalauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod.
PleasereferbacktoIV-6-2-3.Securityformoreinformationonauthenticationandadditionalauthenticationtypes.
102
IV-6-3-4. WDS
WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogetherinanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.
WhenusingWDS,configuretheIPaddressofeachaccesspointtobeinthesamesubnetandensurethereisonlyoneactiveDHCPserveramongconnectedaccesspoints,preferablyontheWANside.
WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.Allaccesspointsshouldusethesamewirelesschannelandencryptionmethod.
5GHzWDSModeWDSFunctionality Select“WDSwithAP”touseWDSwithaccess
pointor“WDSDedicatedMode”touseWDSandalsoblockcommunicationwithregularwirelessclients.WhenWDSisused,eachaccesspointshouldbeconfiguredwithcorrespondingMACaddresses,wirelesschannelandwirelessencryptionmethod.
LocalMACAddress DisplaystheMACaddressofyouraccesspoint.
103
WDSPeerSettingsWDS# EntertheMACaddressforuptofourother
WDAdevicesyouwishtoconnect.
WDSVLANVLANMode SpecifytheWDSVLANmodeto“Untagged
Port”or“TaggedPort”.VLANID SpecifytheWDSVLANIDwhen“Untagged
Port”isselectedabove.
WDSEncryptionEncryption Selectwhethertouse“None”or“AES”
encryptionandenterapre-sharedkeyforAESwith8-63alphanumericcharacters.
IV-6-4.WPS(NotavailableontheWLC-6404)
Wi-FiProtectedSetupisasimplewaytoestablishconnectionsbetweenWPScompatibledevices.WPScanbeactivatedoncompatibledevicesbypushingaWPSbuttononthedeviceorfromwithinthedevice’sfirmware/configurationinterface(knownasPBCor“PushButtonConfiguration”).WhenWPSisactivatedinthecorrectmannerandatthecorrecttimefortwocompatibledevices,theywillautomaticallyconnect.“PINcodeWPS”isavariationofPBCwhichincludestheadditionaluseofaPINcodebetweenthetwodevicesforverification.
Pleaserefertomanufacturer’sinstructionsforyourotherWPSdevice.
104
WPS Check/uncheckthisboxtoenable/disableWPSfunctionality.WPSmustbedisabledwhenusingMAC-RADIUSauthentication(seeIV-6-2-3-6.&IV-6-5).
ProductPIN DisplaystheWPSPINcodeofthedevice,used
forPINcodeWPS.YouwillberequiredtoenterthisPINcodeintoanotherWPSdeviceforPINcodeWPS.Click“GeneratePIN”togenerateanewWPSPINcode.
Push-ButtonWPS Click“Start”toactivateWPSontheaccesspointforapproximately2minutes.Thishasthesameeffectasphysicallypushingtheaccesspoint’sWPSbutton.
WPSbyPIN EnterthePINcodeofanotherWPSdeviceandclick“Start”toattempttoestablishaWPSconnectionforapproximately2minutes.
WPSStatus WPSsecuritystatusisdisplayedhere.Click
“Release”tocleartheexistingstatus.
IV-6-5.RADIUS(NotavailableontheWLC-6404)
TheRADIUSsubmenuallowsyoutoconfiguretheaccesspoint’sRADIUSserversettings,categorizedintothreesubmenus:RADIUSsettings,InternalServerandRADIUSaccounts.ARADIUSserverprovidesuser-basedauthenticationtoimprovesecurityandofferwirelessclientcontrol–userscanbeauthenticatedbeforegainingaccesstoanetwork.
105
Theaccesspointcanutilizebothaprimaryandsecondary(backup)RADIUSserverforeachofitswirelessfrequencies(2.4GHz&5GHz).ExternalRADIUSserverscanbeusedortheaccesspoint’sinternalRADIUSservercanbeused.
TouseRADIUSservers,goto“LocalNetwork”!“Security”!“AdditionalAuthentication”andselect“MACRADIUSAuthentication”(seeIV-6-2-3.&IV-6-3-3).
106
IV-6-5-1. RADIUSSettings
ConfiguretheRADIUSserversettingsfor2.4GHz&5GHz.EachfrequencycanuseaninternalorexternalRADIUSserver.
107
RADIUSType Select“Internal”tousetheaccesspoint’sbuilt-inRADIUSserveror“external”touseanexternalRADIUSserver.
RADIUSServer EntertheRADIUSserverhostIPaddress.
AuthenticationPort
SettheUDPportusedintheauthenticationprotocoloftheRADIUSserver.Valuemustbebetween1–65535.
SharedSecret Enterasharedsecret/passwordbetween1–99charactersinlength.Thisshouldmatchthe“MAC-RADIUS”passwordusedinIV-3-1-3-6orIV-3-2-3.
SessionTimeout Setadurationofsessiontimeoutinsecondsbetween0–86400.
Accounting EnableordisableRADIUSaccounting.
AccountingPort Whenaccountingisenabled(above),settheUDPportusedintheaccountingprotocoloftheRADIUSserver.Valuemustbebetween1–65535.
IV-6-5-2. InternalServer
Theaccesspointfeaturesabuilt-inRADIUSserverwhichcanbeconfiguredasshownbelowusedwhen“Internal”isselectedfor“RADIUSType”inthe“LocalNetwork”!“RADIUSSettings”menu.
TouseRADIUSservers,goto“WirelessSettings”!“Security”“AdditionalAuthentication”andselect“MACRADIUSAuthentication”(seeIV-6-2-3.&IV-6-3-3).
108
InternalServer Check/unchecktoenable/disabletheaccess
point’sinternalRADIUSserver.EAPInternalAuthentication
SelectEAPinternalauthenticationtypefromthedropdownmenu.
EAPCertificateFileFormat
DisplaystheEAPcertificatefileformat:PCK#12(*.pfx/*.p12)
EAPCertificateFile Click“Upload”toopenanewwindowandselectthelocationofanEAPcertificatefiletouse.Ifnocertificatefileisuploaded,theinternalRADIUSserverwilluseaself-madecertificate.
SharedSecret Enterasharedsecret/passwordforusebetweentheinternalRADIUSserverandRADIUSclient.Thesharedsecretshouldbe1–99charactersinlength.Thisshouldmatchthe“MAC-RADIUS”passwordusedinIV-6-2-3-6orIV-6-3-3.
SessionTimeout Setadurationofsessiontimeoutinsecondsbetween0–86400.
TerminationAction Selectatermination-actionattribute:“Reauthentication”sendsaRADIUSrequesttotheaccesspoint,“Not-Reathentication”sendsadefaulttermination-actionattributetotheaccesspoint,“Not-Send”notermination-actionattributeissenttotheaccesspoint.
109
IV-6-5-3. RADIUSAccounts
TheinternalRADIUSservercanauthenticateupto256useraccounts.The“RADIUSAccounts”pageallowsyoutoconfigureandmanageusers.
UserName Entertheusernameshere,separatedby
commas.Add Click“Add”toaddtheusertotheuser
registrationlist.Reset Cleartextfromtheusernamebox.
Select Checktheboxtoselectauser.UserName Displaystheusername.Password Displaysifspecifiedusernamehasapassword
(configured)ornot(notconfigured).Customize Click“Edit”toopenanewfieldtoset/edita
110
passwordforthespecifiedusername(below).
DeleteSelected Deleteselecteduserfromtheuserregistration
list.DeleteAll Deleteallusersfromtheuserregistrationlist.
EditUserRegistrationList
UserName Existingusernameisdisplayedhereandcan
beeditedaccordingtoyourpreference.Password Enteroreditapasswordforthespecifieduser.
111
IV-6-6.MACFilter(NotavailableontheWLC-6404)
Macfilteringisasecurityfeaturethatcanhelptopreventunauthorizedusersfromconnectingtoyouraccesspoint.Thisfunctionallowsyoutodefinealistofnetworkdevicespermittedtoconnecttotheaccesspoint.DevicesareeachidentifiedbytheiruniqueMACaddress.IfadevicewhichisnotonthelistofpermittedMACaddressesattemptstoconnecttotheaccesspoint,itwillbedenied.
ToenableMACfiltering,goto“LocalSettings”!“Security”!“AdditionalAuthentication”andselect“MACFilter”(seeIV-6-2-3.&IV-6-3-3).
TheMACaddressfilteringtableisdisplayedbelow:
112
AddMACAddress EnteraMACaddressofcomputerornetwork
devicemanuallye.g.‘aa-bb-cc-dd-ee-ff’orentermultipleMACaddressesseparatedwithcommas,e.g.‘aa-bb-cc-dd-ee-ff,aa-bb-cc-dd-ee-gg’
Add Click“Add”toaddtheMACaddresstotheMACaddressfilteringtable.
Reset Clearallfields.MACaddressentrieswillbelistedinthe“MACAddressFilteringTable”.Selectanentryusingthe“Select”checkbox.
Select Deleteselectedorallentriesfromthetable.MACAddress TheMACaddressislistedhere.DeleteSelected DeletetheselectedMACaddressfromthe
list.DeleteAll DeleteallentriesfromtheMACaddress
filteringtable.Export Click“Export”tosaveacopyoftheMAC
filteringtable.Anewwindowwillpopupforyoutoselectalocationtosavethefile.
113
IV-6-7.WMM(NotavailableontheWLC-6404)
Wi-FiMultimedia(WMM)isaWi-FiAllianceinteroperabilitycertificationbasedontheIEEE802.11estandard,whichprovidesQualityofService(QoS)featurestoIEE802.11networks.WMMprioritizestrafficaccordingtofourcategories:background,besteffort,videoandvoice.
ConfiguringWMMconsistsofadjustingparametersonqueuesfordifferentcategoriesofwirelesstraffic.Trafficissenttothefollowingqueues:Background Low
PriorityHighthroughput,nontimesensitivebulkdatae.g.FTP
BestEffort MediumPriority
TraditionalIPdata,mediumthroughputanddelay.
Video HighPriority
Timesensitivevideodatawithminimumtimedelay.
Voice HighPriority
TimesensitivedatasuchasVoIPandstreamingmediawithminimumtimedelay.
Queuesautomaticallyprovideminimumtransmissiondelaysforvideo,voice,multimediaandcriticalapplications.Thevaluescanfurtherbeadjustedmanually:
114
CWMin MinimumContentionWindow(milliseconds):
Thisvalueisinputtotheinitialrandombackoffwaittimealgorithmforretryofadataframetransmission.Thebackoffwaittimewillbegeneratedbetween0andthisvalue.Iftheframeisnotsent,therandombackoffvalueisdoubleduntilthevaluereachesthenumberdefinedbyCWMax(below).TheCWMinvaluemustbelowerthantheCWMaxvalue.Thecontentionwindowschemehelpstoavoidframecollisionsanddeterminepriorityofframetransmission.Ashorterwindowhasahigherprobability(priority)oftransmission.
CWMax MaximumContentionWindow(milliseconds):Thisvalueistheupperlimittorandombackoffvaluedoubling(seeabove).
AIFSN ArbitrationInter-FrameSpace(milliseconds):SpecifiesadditionaltimebetweenwhenachannelgoesidleandtheAP/clientsendsdataframes.TrafficwithalowerAIFSNvaluehasahigherpriority.
TxOP TransmissionOpportunity(milliseconds):ThemaximumintervaloftimeanAP/clientcantransmit.Thismakeschannelaccessmoreefficientlyprioritized.Avalueof0meansonlyoneframepertransmission.Agreatervalueeffectshigherpriority.
IV-6-8.InternalServer
IV-6-8-1. InternalRADIUSServer
Thecontrollerfeaturesabuilt-inRADIUSserverwhichcanbeconfiguredasshownbelowusedwhen“Internal”isselectedfor“RADIUSType”inthe“LocalNetwork”!“RADIUSSettings”menu.
TouseRADIUSservers,goto“WirelessSettings”!“Security”“AdditionalAuthentication”andselect“MACRADIUSAuthentication”(seeIV-6-2-3.&IV-6-3-3).
115
InternalServer Check/unchecktoenable/disabletheaccesspoint’sinternalRADIUSserver.
EAPInternalAuthentication
SelectEAPinternalauthenticationtypefromthedropdownmenu.
EAPCertificateFileFormat
DisplaystheEAPcertificatefileformat:PCK#12(*.pfx/*.p12)
EAPCertificateFile Click“Upload”toopenanewwindowandselectthelocationofanEAPcertificatefiletouse.Ifnocertificatefileisuploaded,theinternalRADIUSserverwilluseaself-madecertificate.
SharedSecret Enterasharedsecret/passwordforusebetweentheinternalRADIUSserverandRADIUSclient.Thesharedsecretshouldbe1–99charactersinlength.Thisshouldmatchthe“MAC-RADIUS”passwordusedinIV-6-2-3-6orIV-6-3-3.
SessionTimeout Setadurationofsessiontimeoutinsecondsbetween0–86400.
TerminationAction Selectatermination-actionattribute:“Reauthentication”sendsaRADIUSrequesttotheaccesspoint,“Not-Reathentication”sendsadefaulttermination-actionattributetotheaccesspoint,“Not-Send”notermination-actionattributeissenttotheaccesspoint.
116
IV-6-8-2. RADIUSAccountsTheinternalRADIUSservercanauthenticateupto256useraccounts.The“RADIUSAccounts”pageallowsyoutoconfigureandmanageusers.
UserName Entertheusernameshere,separatedby
commas.Add Click“Add”toaddtheusertotheuser
registrationlist.Reset Cleartextfromtheusernamebox.
Select Checktheboxtoselectauser.UserName Displaystheusername.Password Displaysifspecifiedusernamehasapassword
(configured)ornot(notconfigured).Customize Click“Edit”toopenanewfieldtoset/edita
passwordforthespecifiedusername(below).
117
DeleteSelected Deleteselecteduserfromtheuserregistrationlist.
DeleteAll Deleteallusersfromtheuserregistrationlist.
EditUserRegistrationList
UserName Existingusernameisdisplayedhereandcan
beeditedaccordingtoyourpreference.Password Enteroreditapasswordforthespecifieduser.
IV-6-9.ScheduleScheduleallowstheusertoconfigurespecifictimesanddateswhentheradioofthewirelessaccountwillbedisabled. Thisisdesignedtopreventunwantedaccessduringnon-applicationhours.
118
IV-7. LocalSettings
IV-7-1.OperationMode(NotavailableontheWLC-6404)
Settheoperationmodeoftheaccesspoint.APmodeisastandaloneaccesspoint,APcontrollermodeactsasthedesignatedmasteroftheAParray,andManagedAPmodeactsasaslaveAPwithintheAParray.
IV-7-2.SystemSettings
IV-7-2-1. SystemInformation
The“SystemInformation”pagedisplaysbasicsysteminformationabouttheaccesspoint.
119
SystemModel Displaysthemodelnumberoftheaccess
point.ProductName Displaystheproductnameforreference,
whichconsistsof“AP”plustheMACaddress.Uptime Displaysthetotaltimesincethedevicewas
turnedon.BootFrom Displaysinformationforthebooted
hardware,bootedfromeitherUSBorinternalmemory.
Version Displaysthefirmwareversion.MACAddress Displaystheaccesspoint’sMACaddress.ManagementVLANID
DisplaysthemanagementVLANID.
IPAddress DisplaystheIPaddressofthisdevice.Click“Refresh”toupdatethisvalue.
Default Gateway DisplaystheIPaddressofthedefaultgateway.
DNS IPaddressofDNS(DomainNameServer)DHCPServer IPaddressofDHCPServer.
WiredLANPortSettingsWiredLANPort SpecifieswhichLANport(1or2).Status DisplaysthestatusofthespecifiedLANport
120
(connectedordisconnected).VLANMode/ID DisplaystheVLANmode(taggedoruntagged)
andVLANIDforthespecifiedLANport.SeeIV-6-1-3.VLAN
Wireless2.4GHz(5GHz)Status Displaysthestatusofthe2.4GHzor5GHz
wireless(enabledordisabled).MACAddress Displaystheaccesspoint’sMACaddress.Channel Displaysthechannelnumberthespecified
wirelessfrequencyisusingforbroadcast.TransmitPower Displaysthewirelessradiotransmitpower
levelasapercentage.
Wireless2.4GHZ(5GHz)/SSIDSSID DisplaystheSSIDname(s)forthespecified
frequency.AuthenticationMethod
DisplaystheauthenticationmethodforthespecifiedSSID.SeeIV-6.WirelessSettings
EncryptionType DisplaystheencryptiontypeforthespecifiedSSID.SeeIV-6.WirelessSettings
VLANID DisplaystheVLANIDforthespecifiedSSID.SeeIV-6-1-3.VLAN
AdditionalAuthentication
DisplaystheadditionalauthenticationtypeforthespecifiedSSID.SeeIV-6.WirelessSettings
WirelessClientIsolation
DisplayswhetherwirelessclientisolationisinuseforthespecifiedSSID.SeeIV-6-1-3.VLAN
Wireless2.4GHZ(5GHz)/WDSStatusMACAddress Displaysthepeeraccesspoint’sMACaddress.EncryptionType Displaystheencryptiontypeforthespecified
WDS.SeeIV-6-2-4.WDSVLANMode/ID DisplaystheVLANIDforthespecifiedWDS.
SeeIV-6-2-4.WDS
Refresh Clicktorefreshallinformation.
121
IV-7-2-2. WirelessClients(NotavailableontheWLC-6404)
The“WirelessClients”pagedisplaysinformationaboutallwirelessclientsconnectedtotheaccesspointonthe2.4GHzor5GHzfrequency.
RefreshtimeAutoRefreshTime Selectatimeintervalfortheclienttablelistto
automaticallyrefresh.ManualRefresh Clickrefreshtomanuallyrefreshtheclient
table.
2.4GHz(5GHz)WLANClientTableSSID DisplaystheSSIDwhichtheclientis
connectedto.MACAddress DisplaystheMACaddressoftheclient.Tx Displaysthetotaldatapacketstransmittedby
thespecifiedclient.Rx Displaysthetotaldatapacketsreceivedby
thespecifiedclient.Signal(%) Displaysthewirelesssignalstrengthforthe
specifiedclient.ConnectedTime Displaysthetotaltimethewirelessclienthas
beenconnectedtotheaccesspoint.IdleTime Clientidletimeisthetimeforwhichtheclient
hasnottransmittedanydatapacketsi.e.isidle.
Vendor Thevendoroftheclient’swirelessadapterisdisplayedhere.
122
IV-7-2-3. WirelessMonitor(NotavailableontheWLC-6404)
WirelessMonitorisatoolbuiltintotheaccesspointtoscanandmonitorthesurroundingwirelessenvironment.Selectafrequencyandclick“Scan”todisplayalistofallSSIDswithinrangealongwithrelevantdetailsforeachSSID.
WirelessMonitorSiteSurvey Selectwhichfrequency(orboth)toscan,and
click“Scan”tobegin.ChannelSurveyResult
Afterascaniscomplete,click“Export”tosavetheresultstolocalstorage.
SiteSurveyResultsCh Displaysthechannelnumberusedbythe
specifiedSSID.SSID DisplaystheSSIDidentifiedbythescan.MACAddress DisplaystheMACaddressofthewireless
router/accesspointforthespecifiedSSID.Security Displaystheauthentication/encryptiontype
ofthespecifiedSSID.Signal(%) Displaysthecurrentsignalstrengthofthe
SSID.Type Displaysthe802.11wirelessnetworking
standard(s)ofthespecifiedSSID.Vendor Displaysthevendorofthewireless
router/accesspointforthespecifiedSSID.
123
IV-7-2-4. Log
Thesystemlogdisplayssystemoperationinformationsuchasuptimeandconnectionprocesses.Thisinformationisusefulfornetworkadministrators.
Whenthelogisfull,oldentriesareoverwritten.
Save Clicktosavethelogasafileonyourlocalcomputer.
Clear Clearalllogentries.Refresh Refreshthecurrentlog.
124
Thefollowinginformation/eventsarerecordedbythelog:" USB
Mount&unmount" WirelessClient
Connected&disconnectedKeyexchangesuccess&fail
" AuthenticationAuthenticationfailorsuccessful.
" Association Successorfail
" WPSM1-M8messagesWPSsuccess
" ChangeSettings" SystemBoot
Displayscurrentmodelname" NTPClient" WiredLink
LANPortlinkstatusandspeedstatus" ProxyARP
ProxyARPmodulestart&stop" Bridge
Bridgestart&stop." SNMP
SNMPserverstart&stop." HTTP
HTTPstart&stop." HTTPS
HTTPSstart&stop." SSH
SSH-clientserverstart&stop." Telnet
Telnet-clientserverstartorstop." WLAN(2.4G)
WLAN(2.4G]channelstatusandcountry/regionstatus" WLAN(5G)
WLAN(5G)channelstatusandcountry/regionstatus" ADT
125
IV-7-3.Management
IV-7-3-1. Admin
Youcanchangethepasswordusedtologintothebrowser-basedconfigurationinterfacehere.Itisadvisedtodosoforsecuritypurposes.
Ifyouchangetheadministratorpassword,pleasemakeanoteofthenewpassword.Intheeventthatyouforgetthispasswordandareunabletologintothebrowserbasedconfigurationinterface,seeIV-7-4-4.FactoryDefaultforhowtoresettheaccesspoint.
AccounttoManageThisDeviceAdministratorName
Settheaccesspoint’sadministratorname.Thisisusedtologintothebrowserbasedconfigurationinterfaceandmustbebetween4-16alphanumericcharacters(casesensitive).
AdministratorPassword
Settheaccesspoint’sadministratorpassword.Thisisusedtologintothebrowserbasedconfigurationinterfaceandmustbebetween
126
4-32alphanumericcharacters(casesensitive).
AdvancedSettingsProductName Edittheproductnameaccordingtoyour
preferenceconsistingof1-32alphanumericcharacters.Thisnameisusedforreferencepurposes.
ManagementProtocol
Check/unchecktheboxestoenable/disablespecifiedmanagementinterfaces(seebelow).WhenSNMPisenabled,completetheSNMPfieldsbelow.
SNMPVersion SelectSNMPversionappropriateforyourSNMPmanager.
SNMPGetCommunity
EnteranSNMPGetCommunitynameforverificationwiththeSNMPmanagerforSNMP-GETrequests.
SNMPSetCommunity
EnteranSNMPSetCommunitynameforverificationwiththeSNMPmanagerforSNMP-SETrequests.
SNMPTrap EnableordisableSNMPTraptonotifySNMPmanagerofnetworkerrors.
SNMPTrapCommunity
EnteranSNMPTrapCommunitynameforverificationwiththeSNMPmanagerforSNMP-TRAPrequests.
SNMPTrapManager
SpecifytheIPaddressorsevername(2-128alphanumericcharacters)oftheSNMPmanager.
HTTPInternetbrowserHTTPprotocolmanagementinterfaceHTTPSInternetbrowserHTTPSprotocolmanagementinterfaceTELNETClientterminalwithtelnetprotocolmanagementinterfaceSSHClientterminalwithSSHprotocolversion1or2managementinterfaceSNMPSimpleNetworkManagementProtocol.SNMPv1,v2&v3protocolsupported.SNMPv2canbeusedwithcommunitybasedauthentication.SNMPv3usesuser-basedsecuritymodel(USM)architecture.
127
IV-7-3-2. DateandTime
Youcanconfigurethetimezonesettingsofyouraccesspointhere.Thedateandtimeofthedevicecanbeconfiguredmanuallyorcanbesynchronizedwithatimeserver.
DateandTimeSettingsLocalTime Settheaccesspoint’sdateandtimemanually
usingthedropdownmenus.AcquireCurrentTimefromyourPC
Click“AcquireCurrentTimefromYourPC”toentertherequiredvaluesautomaticallyaccordingtoyourcomputer’scurrenttimeanddate.
NTPTimeServerUseNTP TheaccesspointalsosupportsNTP(Network
TimeProtocol)forautomatictimeanddatesetup.
ServerName EnterthehostnameorIPaddressofthetimeserverifyouwish.
UpdateInterval Specifyafrequency(inhours)fortheaccesspointtoupdate/synchronizewiththeNTPserver.
TimeZoneTimeZone Selectthetimezoneofyourcountry/region.If
128
yourcountry/regionisnotlisted,pleaseselectanothercountry/regionwhosetimezoneisthesameasyours.
IV-7-3-3. SyslogServer
Thesystemlogcanbesenttoaserver,attachedtoUSBstorageorsentviaemail.
SyslogServerSettingsTransferLogs Check/unchecktheboxtoenable/disablethe
useofasyslogserver,andenterahostname,domainorIPaddressfortheserver,consistingofupto128alphanumericcharacters.
CopyLogstoAttachedUSBDevice
Check/unchecktheboxtoenable/disablecopyinglogstoattachedUSBstorage.
SyslogEmailSettingsEmailLogs Check/unchecktheboxtoenable/disableemail
logs.Whenenabled,thelogwillbeemailedaccordingtothesettingsbelow.
EmailSubject Enterthesubjectlineoftheemailwhichwillbesentcontainingthelog.
SMTPServerAddress
SpecifytheSMTPserveraddressforthesenderemailaccount.
SMTPServerPort SpecifytheSMTPserverportforthesenderemailaccount.
129
SenderEmail Enterthesender’semailaddress.ReceiverEmail Specifytheemailrecipientofthelog.Authentication Select“Disable”,“SSL”or“TLS”accordingto
youremailauthentication.Account Whenauthenticationisusedabove,enterthe
accountname.Password Whenauthenticationisusedabove,enterthe
password.
IV-7-3-4. I’mHere
Theaccesspointfeaturesabuilt-inbuzzerwhichcansoundoncommandusingthe“I’mHere”page.Thisisusefulfornetworkadministratorsandengineersworkingincomplexnetworkenvironmentstolocatetheaccesspoint.
Thebuzzerisloud!
DurationofSound Setthedurationforwhichthebuzzerwill
soundwhenthe“SoundBuzzer”buttonisclicked.
SoundBuzzer Activatethebuzzersoundfortheabovespecifieddurationoftime.
130
IV-7-4.Advanced
Wi-FiMultimedia(WMM)isaWi-FiAllianceinteroperabilitycertificationbasedontheIEEE802.11estandard,whichprovidesQualityofService(QoS)featurestoIEE802.11networks.WMMprioritizestrafficaccordingtofourcategories:background,besteffort,videoandvoice.
IV-7-4-1. LEDSettings
Theaccesspoint’sLEDscanbemanuallyenabledordisabledaccordingtoyourpreference.
PowerLED Selectonoroff.DiagLED Selectonoroff.
IV-7-4-2. UpdateFirmware
The“Firmware”pageallowsyoutoupdatethesystemfirmwaretoamorerecentversion.Updatedfirmwareversionsoftenofferincreasedperformanceandsecurity,aswellasbugfixes.
Thisfirmwareupdateisforanindividualaccesspoint.ToupdatefirmwareformultipleaccesspointsintheAParray,gotoNMSSettings! FirmwareUpgrade.
Donotswitchoffordisconnecttheaccesspointduringafirmwareupgrade,asthiscoulddamagethedevice.
131
UpdateFirmwareFrom
Select“afileonyourPC”touploadfirmwarefromyourlocalcomputerorfromanattachedUSBdevice.
FirmwareUpdateFile Click“Browse”toopenanewwindowtolocateandselectthefirmwarefileinyourcomputer.
Update Click“Update”touploadthespecifiedfirmwarefiletoyouraccesspoint.
132
IV-7-4-3. Save/RestoreSettings
Theaccesspoint’s“Save/RestoreSettings”pageenablesyoutosave/backuptheaccesspoint’scurrentsettingsasafiletoyourlocalcomputeroraUSBdeviceattachedtotheaccesspoint,andrestoretheaccesspointtopreviouslysavedsettings.
Save/RestoreSettingsUsingDevice Select“UsingyourPC”tosavetheaccess
point’ssettingstoyourlocalcomputerortoanattachedUSBdevice.
SaveSettingstoPCSaveSettings Click“Save”tosavesettingsandanew
windowwillopentospecifyalocationtosavethesettingsfile.Youcanalsocheckthe“Encrypttheconfigurationfilewithapassword”boxandenterapasswordtoprotectthefileinthefieldunderneath,ifyouwish.
RestoreSettingsfromPCRestoreSettings Clickthebrowsebuttontofindapreviously
savedsettingsfileonyourcomputer,thenclick“Restore”toreplaceyourcurrentsettings.Ifyoursettingsfileisencryptedwithapassword,checkthe“Openfilewithpassword”boxandenterthepasswordinthefieldunderneath.
133
IV-7-4-4. FactoryDefault
Iftheaccesspointmalfunctionsorisnotresponding,thenitisrecommendedthatyourebootthedevice(seeIV-7-4-5.)orresetthedevicebacktoitsfactorydefaultsettings.Youcanresettheaccesspointbacktoitsdefaultsettingsusingthisfeatureifthelocationoftheaccesspointisnotconvenienttoaccesstheresetbutton.
FactoryDefault Click“FactoryDefault”torestoresettingsto
thefactorydefault.Apop-upwindowwillappearandaskyoutoconfirm.
Afterresettingtofactorydefaults,pleasewaitfortheaccesspointtoresetandrestart.
IV-7-4-5. Reboot
Iftheaccesspointmalfunctionsorisnotresponding,thenitisrecommendedthatyourebootthedeviceorresettheaccesspointbacktoitsfactorydefaultsettings(seeIV-7-4-4).Youcanreboottheaccesspointremotelyusingthisfeature.
Reboot Click“Reboot”torebootthedevice.A
countdownwillindicatetheprogressofthereboot.
134
IV-8. Toolbox
IV-8-1. NetworkConnectivity
IV-8-1-1. Ping
PingisacomputernetworkadministrationutilityusedtotestwhetheraparticularhostisreachableacrossanIPnetworkandtomeasuretheround-triptimeforsentmessages.
DestinationAddress Entertheaddressofthehost. Execute Clickexecutetopingthehost.
IV-8-1-2. TraceRoute
Tracerouteisadiagnostictoolfordisplayingtheroute(path)andmeasuringtransitdelaysofpacketsacrossanIPnetwork.
DestinationAddress Entertheaddressofthehost. Execute Clickexecutetoexecutethetraceroute
command.
135
V.BestPractice
HowtoCreateandLinkWLAN&AccessPointGroupsYoucanuseNMStocreateindividualSSIDsandgroupmultipleSSIDstogetherintoWLANgroups.YoucanthenassignindividualaccesspointstousethoseWLANgroupsettingsand/orgroupmultipleaccesspointstogetherintoaccesspointgroups,whichyoucanalsoassigntouseWLANgroupsettings.Followtheexamplebelowto:A.CreateaWLANgroup.B.Createanaccesspointgroup.C.AssigntheaccesspointgrouptousetheSSIDgroupsettings.A.
1. GotoNMSSettings! WLANandclick“Add”intheWLANpanel:
2. EnteranSSIDnameandsetauthentication/encryptionandclick“Apply”:
3. ThenewSSIDwillbedisplayedintheWLANpanel.RepeattoaddadditionalSSIDsaccordingtoyourpreference,andthenclick“Add”intheWLANGrouppanel:
4. EnteranamefortheSSIDgroupandchecktheboxestoselectwhich
SSIDstoincludewithinthegroup.Click“Apply”whendone.
136
5. ThenewWLANgroupwillbedisplayedintheWLANGrouppanel.RepeattoaddadditionalWLANgroupsaccordingtoyourpreference:
B.
1. GotoNMSSettings! AccessPointandclick“Add”intheAccessPointGroupPanel:
2. EnteraNameandthenscrolldowntotheGroupSettingspanelanduse
the<<buttontoaddselectedaccesspointsintoyourgroupfromtheboxontherightside.Click“Apply”whendone.
137
3. ThenewaccesspointgroupwillbedisplayedintheAccessPointGrouppanel.Repeattoaddadditionalaccesspointgroupsaccordingtoyourpreference:
C.
1. GotoNMSSettings! AccessPointandselectanaccesspointgroupusingthecheckboxesintheAccessPointGrouppanel.Click“Edit”:
2. ScrolldowntotheProfileGroupSettingspanelandcheckthe“OverrideGroupSettings”boxforWLANGroup(2.4GHzand/or5GHz).SelectyourWLANgroupfromthedrop-downmenuandclick“Apply”:
3. Repeatforotheraccesspointgroupsaccordingtoyourpreference.
COPYRIGHTCopyright©2017bythiscompany.Allrightsreserved.Nopartofthispublicationmaybereproduced,transmitted,transcribed,storedinaretrievalsystem,ortranslatedintoanylanguageorcomputerlanguage,inanyformorbyanymeans,electronic,mechanical,magnetic,optical,chemical,manualorotherwise,withoutthepriorwrittenpermissionofthiscompanyThiscompanymakesnorepresentationsorwarranties,eitherexpressedorimplied,withrespecttothecontentshereofandspecificallydisclaimsanywarranties,merchantabilityorfitnessforanyparticularpurpose.Anysoftwaredescribedinthismanualissoldorlicensed"asis".Shouldtheprogramsprovedefectivefollowingtheirpurchase,thebuyer(andnotthiscompany,itsdistributor,oritsdealer)assumestheentirecostofallnecessaryservicing,repair,andanyincidentalorconsequentialdamagesresultingfromanydefectinthesoftware.Further,thiscompanyreservestherighttorevisethispublicationandtomakechangesfromtimetotimeinthecontentsthereofwithoutobligationtonotifyanypersonofsuchrevisionorchanges.