AT-TQ2403 Management Software User's Guide PN 613-001156 Rev.
AT-TQ2403 - Management Software - User's Guide Copyright © 2011 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation.
AT-TQ2403 Management Software User's Guide SAFETY NOTICE Do not open service or change any component. Only qualified technicians are allowed to service the equipment. Observe safety precautions to avoid electric shock Check voltage before connecting to the power supply. Connecting to the wrong voltage will damage the equipment. LIMITATION OF LIABILITY AND DAMAGES THE PRODUCT AND THE SOFTWARES WITHIN ARE PROVIDED "AS IS," BASIS.
AT-TQ2403 - Management Software - User's Guide ELECTRICAL SAFETY AND EMISSIONS STANDARDS This product meets the following standards. U.S. Federal Communications Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
AT-TQ2403 Management Software User's Guide Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques; Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive EN 301 893 V1.4.1: (2007-07) Broadband Radio Access Networks (BRAN); 5 GHz high performance RLAN; Harmonized EN covering essential requirements of article 3.
AT-TQ2403 - Management Software - User's Guide CONTENTS Preface ....................................................................................................................................................................15 Purpose of This Guide .................................................................................................................................15 How This Guide is Organized................................................................................................
AT-TQ2403 Management Software User's Guide Navigating to Configuration Information for a Specific AP and Managing Standalone APs...........37 Navigating to an AP by Using its IP Address in a URL..........................................................................38 Chapter 5: Managing User Accounts ...............................................................................................................39 Navigating to User Management for Clustered Access Points ...................................
AT-TQ2403 - Management Software - User's Guide Ethernet (Wired) Settings...........................................................................................................................79 Wireless Settings...........................................................................................................................................79 Event Logs..............................................................................................................................................
AT-TQ2403 Management Software User's Guide Chapter 17: Load Balancing ............................................................................................................................ 116 Understanding Load Balancing ................................................................................................................ 116 Identifying the Imbalance: Overworked or Under-utilized Access Points.................................. 116 Specifying Limits for Utilization and Client Associations..
AT-TQ2403 - Management Software - User's Guide Appendix A: Security Settings on Wireless Clients and RADIUS Server Setup................................. 151 Network Infrastructure and Choosing Between Built-in or External Authentication Server ... 152 Make Sure the Wireless Client Software is Up-to-Date ................................................................... 152 Accessing the Microsoft Windows Wireless Client Security Settings ...........................................
AT-TQ2403 Management Software User's Guide Keyboard Shortcuts................................................................................................................................ 268 Tab Completion and Help..................................................................................................................... 269 CLI Classes and Properties Reference .................................................................................................. 272 Glossary ........................
AT-TQ2403 - Management Software - User's Guide FIGURES Figure 1: Kick Start Welcome Dialog Box ............................................................................................................... 22 Figure 2: Kick Start Search Results Dialog Box....................................................................................................... 22 Figure 3: Administration Dialog Box ............................................................................................................
AT-TQ2403 Management Software User's Guide 13 Figure 38: Ethernet (Wired) Settings Page............................................................................................................... 89 Figure 39: Wireless Settings Page............................................................................................................................... 95 Figure 40: Guest Login Setting Page ............................................................................................................
AT-TQ2403 - Management Software - User's Guide Figure 78: Radius Server Setting – Input New Radius Client ............................................................................. 178 Figure 79: Radius Server Setting – New Radius Client Setting .......................................................................... 179 Figure 80: Radius Server.............................................................................................................................................
AT-TQ2403 Management Software User's Guide 15 Preface Purpose of This Guide This guide is intended for customers and/or network administrators who are responsible for installing and maintaining the AT-TQ2403 Management Software. How This Guide is Organized This guide contains instructions on how to install AT-TQ2403 Management Software. This preface contains the following sections? Chapter 1 Overview, describes the features, LEDs and ports on the equipment.
AT-TQ2403 - Management Software - User's Guide Contacting Allied Telesis This section provides Allied Telesis contact information for technical support as well as sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesis Knowledge Base: http://www.alliedtelesis.com/support/kb.aspx. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
AT-TQ2403 Management Software User's Guide 17 Chapter 1: Preparing to Set Up the AT-TQ2403 Wireless Access Point Before you plug in and boot a new AT-TQ2403 Management Software, review the following sections for a quick check of required hardware components, software, client configurations, and compatibility issues. Make sure you have everything you need ready to go for a successful launch and test of your new (or extended) wireless network.
AT-TQ2403 - Management Software - User's Guide The administration web browser must have JavaScript enabled to support the interactive features of the administration interface. It must also support HTTP uploads to use the firmware upgrade feature. AT-TQ2403 Software and Documentation CD This CD contains the Kick Start utility and the software documentation.
AT-TQ2403 Management Software User's Guide 19 username and password, certificate, or similar user identity proof. Security modes are Static WEP, IEEE 802.1x, WPA with RADIUS server, and WPA-PSK. For information on configuring security on the access point, see “Configuring Security”.
AT-TQ2403 - Management Software - User's Guide Recovering an IP Address If you experience trouble communicating with the access point, you can recover a static IP address by resetting the access point configuration to the factory defaults (see “Backing up and Restoring a Configuration”), or you can get a dynamically assigned address by connecting the access point to a network that has DHCP.
AT-TQ2403 Management Software User's Guide 21 Chapter 2: Setting up the AT-TQ2403 Management Software Setting up and deploying one or more AT-TQ2403 Management Software is in effect creating and launching a wireless network. The Kick Start utility and corresponding AT-TQ2403 Management Software Basic Settings web page simplify this process. This chapter contains procedures for setting up your AT-TQ2403 Management Software and the resulting wireless network.
AT-TQ2403 - Management Software - User's Guide 2. Insert the AT-TQ2403 Wireless Access Point CD into the CD-ROM drive on your computer. The Kick Start Welcome dialog box is displayed, as shown in Figure 1 Figure 1: Kick Start Welcome Dialog Box 3. Click Next to search for access points Wait for the search to complete, or until Kick Start has found your new access points, as shown in Figure 2.
AT-TQ2403 Management Software User's Guide 23 4. Review the list of access points found Kick Start detects the IP addresses of AT-TQ2403 Management Software. Access points are listed with their locations, media access control (MAC) addresses, and IP addresses, as shown in Figure 2. If you are installing the first access point on a single-access-point network, only one entry is displayed on this screen. 5. Verify the MAC addresses against the hardware labels for each access point.
AT-TQ2403 - Management Software - User's Guide Password: friend Figure 4: Log-in Dialog Box Note: The user name can not be modified. 8. Enter the username and password and click OK When you log in for the first time, the Basic Settings page is displayed, as shown in Figure 5. This page displays the global settings for all access points that are members of the cluster and, if you specify automatic configuration, for any new access points that you add later.
AT-TQ2403 Management Software User's Guide 25 Configuring the Basic Settings and Starting the Wireless Network Provide a minimal set of configuration information by defining the basic settings for your wireless network. These settings are all available on the Basic Settings page in the AT-TQ2403 Management Software, and are categorized into steps 1-3 on the web page. Configuring the Basic Settings 9.
AT-TQ2403 - Management Software - User's Guide prevent others from seeing your password as you type. Confirm New Password Retype the new administrator password to confirm that you typed it as you intended. Network Name (SSID) Enter a name for the wireless network as a character string. This name will apply to all access points on this network. As you add more access points, they will share this SSID. The Service Set Identifier (SSID) is an alphanumeric string of up to 32 characters.
AT-TQ2403 Management Software User's Guide 27 Chapter 3: Configuring Basic Settings The basic configuration tasks are described in the following sections: Navigating to Basic Settings Review / Describe the Access Point Provide Network Settings Update Basic Settings Basic Settings for a Standalone Access Point Setting User Interface Scheme Preferences Navigation Navigating to Basic Settings To configure initial settings, click Basic Settings.
AT-TQ2403 - Management Software - User's Guide Review / Describe the Access Point Figure 7: Basic Settings Page Step 1 Field Description IP Address Shows IP address assigned to this access point. This field is not editable because the IP address is already assigned (either via DHCP, or statically through the Ethernet Settings page as described in “Configuring Guest Interface Ethernet (Wired) Settings”). MAC Address Shows the MAC address of the access point.
AT-TQ2403 Management Software User's Guide 29 Provide Network Settings Figure 8: Basic Settings Step 2 Field Description Current Password Enter the current administrator password. You must correctly enter the current password before you are able to change it. New Password Enter a new administrator password. The characters you enter will be displayed as " * " characters to prevent others from seeing your password as you type. The Administrator password must be a string of up to 8 characters.
AT-TQ2403 - Management Software - User's Guide Update Basic Settings Figure 9: Basic Settings Page Step 3 When you have reviewed the new configuration, click Update to apply the settings and deploy the access points as a wireless network. Basic Settings for a Standalone Access Point The Basic Settings tab for a standalone access point indicates only that the current mode is standalone. If you want to add the current access point to an existing cluster, navigate to the Cluster > Access Point tab.
AT-TQ2403 Management Software User's Guide 31 Chapter 4: Managing Access Points and Clusters The AT-TQ2403 Management Software shows current basic configuration settings for clustered access points (location, IP address, MAC address, status, and availability) and provides a way of navigating to the full configuration for specific APs if they are cluster members. Standalone access points or those which are not members of this cluster do not show up in this listing.
AT-TQ2403 - Management Software - User's Guide Navigating to Access Points Management To view or edit information on access points in a cluster, click the Cluster > Access Points tab. Figure 11: Access Points Setting Page Understanding Clustering A key feature of the AT-TQ2403 Management Software is the ability to form a dynamic, configuration-aware group (called a cluster) with other AT-TQ2403 Management Software in a network in the same subnet.
AT-TQ2403 Management Software User's Guide 33 What Kinds of APs Can Cluster Together? A single AT-TQ2403 Wireless Access Point can form a cluster with itself (a "cluster of one") and with other AT-TQ2403 Wireless Access Points of the same model.
AT-TQ2403 - Management Software - User's Guide When Channel Planning is enabled, the radio Channel is not synced across the cluster.
AT-TQ2403 Management Software User's Guide 35 Intra-Cluster Security For purposes of ease-of-use, the clustering component is designed to let new devices join a cluster without strong authentication. However, communications of all data between access points in a cluster is protected against casual eavesdropping using Secure Sockets Layer (typically referred to as SSL). The assumption is that the private wired network to which the devices are connected is secure.
AT-TQ2403 - Management Software - User's Guide Field Description Mac Address Media Access Control (MAC) address of the access point. A MAC address is a permanent, unique hardware address for any device that represents an interface to the network. The MAC address is assigned by the manufacturer. You cannot change the MAC address. It is provided here for informational purposes as a unique identifier for the access point. The address shown here is the MAC address for the bridge (br0).
AT-TQ2403 Management Software User's Guide 37 Stopping Clustering To stop clustering and remove a particular access point from a cluster, do the following. 1. Go to the Administration Web pages for the access point you want to remove from the cluster. 2. Click the Cluster > Access Points tab. 3. Click the Stop Clustering button to remove the access point from the Cluster. The change will be reflected under Status for that access point; the access point will now show as standalone (instead of cluster).
AT-TQ2403 - Management Software - User's Guide All clustered access points are shown on the Cluster > Access Points page. To navigate to clustered access points, you can simply click on the IP address for a specific cluster member shown in the list.
AT-TQ2403 Management Software User's Guide 39 Chapter 5: Managing User Accounts The AT-TQ2403 Management Software includes user management capabilities for controlling client access to access points. User management and authentication must always be used in conjunction with the following two security modes, which require use of a RADIUS server for user authentication and management. IEEE 802.1x mode (see “IEEE 802.
AT-TQ2403 - Management Software - User's Guide Figure 13: User Management Page Viewing User Accounts User accounts are shown at the top of the screen under "User Accounts". The Username, Real name and Status (enabled or disabled) of the user are shown. You make modifications to an existing user account by first selecting the checkbox next to a user name and then choosing an action. (See “Editing a User Account”.) Adding a User To create a new user, do the following: 1.
AT-TQ2403 Management Software User's Guide Field Description Password Specify a password for this user. 41 Passwords are strings of 4 to 256 characters. Please do not include '<' and '&'. 2. When you have filled in the fields, click Add Account to add the account. The new user is then displayed in "User Accounts". The user account is enabled by default when you first create it. Note: A limit of 100 user accounts per access point is imposed by the Administration user interface.
AT-TQ2403 - Management Software - User's Guide A user with an account that is enabled can log on to the wireless access points in your network as a client. Disabling a User Account To disable a user account, click the checkbox next to the username and click Disable. A user with an account that is disabled cannot log on to the wireless access points in your network as a client. However, the user remains in the database and can be enabled later as needed.
AT-TQ2403 Management Software User's Guide 43 Chapter 6: Session Monitoring The AT-TQ2403 Management Software provides real-time session monitoring information including which clients are associated with a particular access point, data rates, transmit/receive statistics, signal strength, and idle time.
AT-TQ2403 - Management Software - User's Guide Note: A session is not the same as an association, which describes a client connection to a particular access point. A client network connection can shift from one clustered AP to another within the context of the same session. A client station can roam between APs and maintain the session. Details about the session information shown is described below. Field Description User Indicates the client user name of IEEE 802.1x clients.
AT-TQ2403 Management Software User's Guide Field Description Rx Total Indicates number of total packets received by the client during the current session. Tx Total Indicates number of total packets transmitted to the client during this session. Error Rate Indicates the percentage of time frames dropped during transmission on this access point.
AT-TQ2403 - Management Software - User's Guide Chapter 7: Channel Management The following Channel Management topics are covered here: Navigating to Channel Management Understanding Channel Management How it Works in a Nutshell For the Curious: More About Overlapping Channels Example: A Network Before and After Channel Management Configuring and Viewing Channel Management Settings Stopping/Starting Automatic Channel Assignment Viewing Current Channel Assignments and Settin
AT-TQ2403 Management Software User's Guide 47 Understanding Channel Management When Channel Management is enabled, the AT-TQ2403 AP automatically assigns radio channels used by clustered access points to reduce mutual interference (or interference with other access points outside of its cluster). This maximizes Wi-Fi bandwidth and helps maintain the efficiency of communication over your wireless network.
AT-TQ2403 - Management Software - User's Guide With automated channel management, APs in the cluster are automatically re-assigned to non-interfering channels as shown in below figure. Figure 18: After Channel Management Enable Configuring and Viewing Channel Management Settings The Channel Management page shows previous, current, and planned channel assignments for clustered access points. By default, automatic channel assignment is disabled.
AT-TQ2403 Management Software User's Guide 49 Figure 19: After Channel Management Enable When automatic channel assignment is enabled, the Channel Manager periodically maps radio channels used by clustered access points and, if necessary, re-assigns channels on clustered APs to reduce interference (with cluster members or other APs outside the cluster). Note: Channel Management overrides the default cluster behavior, which is to synchronize radio channels of all APs across a cluster.
AT-TQ2403 - Management Software - User's Guide Viewing Last Proposed Set of Changes The Proposed Channel Assignments shows the last channel plan. The plan lists all access points in the cluster by IP Address, and shows the proposed channels for each AP. Locked channels will not be re-assigned and the optimization of channel distribution among APs will take into account the fact that locked APs must remain on their current channels.
AT-TQ2403 Management Software User's Guide Field 51 Description Change channels if Specify the minimum percentage of interference reduction a proposed interference is reduced plan must achieve in order to be applied. The default is 25 percent. by at least Use the drop-down menu to choose percentages ranging from 5% to 75%. This setting lets you set a gating factor for channel reassignment so that the network is not continually disrupted for minimal gains in efficiency.
AT-TQ2403 - Management Software - User's Guide Chapter 8: Wireless Neighborhood The Wireless Neighborhood view shows those access points within range of any access point in the cluster. This page provides a detailed view of neighboring access points including identifying information (SSIDs and MAC addresses) for each, cluster status (which are members and non-members), and statistical information such as the channel each AP is broadcasting on, signal strength, and so forth.
AT-TQ2403 Management Software User's Guide 53 Understanding Wireless Neighborhood Information The Wireless Neighborhood shows all access points within range of every member of the cluster, shows which access points are within range of which cluster members, and distinguishes between cluster members and non-members.
AT-TQ2403 - Management Software - User's Guide Field Description Cluster The Cluster list at the top of the table shows IP addresses for all access points in the cluster. (This is the same list of cluster members shown on the Cluster > Access Points tab described in “Navigating to Access Points Management”.) If there is only one AP in the cluster, only a single IP address column will be displayed here; indicating that the AP is "clustered with itself".
AT-TQ2403 Management Software User's Guide 55 Viewing Details for a Cluster Member To view details on a cluster member AP, click on the IP address of a cluster member at the top of the page. Figure 21: Cluster Member Setting Detail The following table explains the details shown about the selected AP. Field Description SSID The Service Set Identifier (SSID) for the access point. A Guest network and an internal network running on the same access point must always have two different network names.
AT-TQ2403 - Management Software - User's Guide Field Description Channel Shows the channel on which the access point is currently broadcasting. The Channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving. The channel is set in Manage > Radio. (See “Configuring Radio Settings”.) Rate Shows the rate (in megabits per second) at which this access point is currently transmitting. The current rate will always be one of the rates shown in Supported Rates.
AT-TQ2403 Management Software User's Guide 57 Chapter 9: Configuring Security The following sections describe how to configure Security settings on the AT-TQ2403 Management Software: Understanding Security Issues on Wireless Networks How Do I Know Which Security Mode to Use? Comparison of Security Modes for Key Management, Authentication and Encryption Algorithms Does Prohibiting the Broadcast SSID Enhance Security? Navigating to Security Settings Configuring Security Settings Upda
AT-TQ2403 - Management Software - User's Guide and also may be the right convenience trade-off for other scenarios where the priority is making it as easy as possible for clients to connect. (See “Does Prohibiting the Broadcast SSID Enhance Security?”) Following is a brief discussion of what factors make one mode more secure than another, a description of each mode offered, and when to use each mode.
AT-TQ2403 Management Software User's Guide 59 + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key for data encryption. Key Management Encryption Algorithm User Authentication Static WEP uses a fixed key that is provided by the administrator. WEP keys are indexed in different slots (up to four on the AT-TQ2403 Management Software). An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame.
AT-TQ2403 - Management Software - User's Guide Additionally, compatibility issues may be cumbersome because of the variety of authentication methods supported and the lack of a standard implementation method. Therefore, IEEE 802.1x mode is not as secure a solution as Wi-Fi Protected Access (WPA) or WPA2. If, you cannot use WPA because some of your client stations do not have WPA, then a better solution than using IEEE 802.1x mode is to use WPA Enterprise mode.
AT-TQ2403 Management Software User's Guide 61 This security mode also provides backwards-compatibility for wireless clients that support only the original WPA. Key Management Encryption Algorithm User Authentication WPA Enterprise mode provides dynamically-generated keys that are periodically refreshed. Temporal Key Integrity Protocol (TKIP) Remote Authentication Dial-In User Service (RADIUS) There are different Unicast keys for each station.
AT-TQ2403 - Management Software - User's Guide Does Prohibiting the Broadcast SSID Enhance Security? You can suppress (prohibit) this broadcast to discourage stations from automatically discovering your access point. When the AP’s broadcast SSID is suppressed, the network name will not be displayed in the List of Available Networks on a client station. Instead, the client must have the exact network name configured in the supplicant before it will be able to connect.
AT-TQ2403 Management Software User's Guide 63 Broadcast SSID, Station Isolation, and Security Mode To configure security on the access point, select a security mode and fill in the related fields as described in the following table. (Note you can also allow or prohibit the Broadcast SSID and enable/disable Station Isolation as extra precautions as mentioned below.) Field Description Broadcast SSID To enable the Broadcast SSID, select the checkbox directly beside it.
AT-TQ2403 - Management Software - User's Guide Field Description Security Mode Select the Security Mode. Select one of the following: None (Plain-text) Static WEP IEEE 802.1x WPA Personal WPA Enterprise For a Guest network, the only security mode that can be applied is None (Plain-text). (For more information, see “Setting up Guest Access”.) Security modes other than None (Plain-text) apply only to configuration of the "Internal" network.
AT-TQ2403 Management Software User's Guide For a minimum level of protection on a guest network, you can choose to suppress (prohibit) the broadcast of the SSID (network name) to discourage client stations from automatically discovering your access point. (See also “Does Prohibiting the Broadcast SSID Enhance Security?”). For more about the Guest network, see “Setting up Guest Access”. Static WEP Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks.
AT-TQ2403 - Management Software - User's Guide Field Description Transfer Key Index Select a key index from the drop-down menu. Key indexes 1 through 4 are available. The default is 1. The Transfer Key Index indicates which WEP key the access point will use to encrypt the data it transmits.
AT-TQ2403 Management Software User's Guide 67 Field Description Authentication The authentication algorithm defines the method used to determine whether a client station is allowed to associate with an access point when static WEP is the security mode. Specify the authentication algorithm you want to use by choosing one of the following options: Open System Shared Key Note: You can also select both the Open System and Shared Key checkboxes.
AT-TQ2403 - Management Software - User's Guide Example of Using Static WEP For a simple example, suppose you configure three WEP keys on the access point. In our example, the Transfer Key Index for the AP is set to "3". This means that the WEP key in slot "3" is the key the access point will use to encrypt the data it sends.
AT-TQ2403 Management Software User's Guide If you have a second client station, that station also needs to have one of the WEP keys defined on the AP. You could give it the same WEP key you gave to the first station. Or for a more secure solution, you could give the second station a different WEP key (key 2, for example) so that the two stations cannot decrypt each other’s transmissions.
AT-TQ2403 - Management Software - User's Guide If you selected IEEE 802.1x Security Mode, provide the following: Figure 28: Security Setting Page – IEEE802.1x Setting Page Field Description Use internal radius You can choose whether to use the built-in authentication server provided with server the AT-TQ2403 Management Software, or you can use an external radius server.
AT-TQ2403 Management Software User's Guide Field Description Radius IP Enter the Radius IP in the text box. The Radius IP is the IP address of the RADIUS server. You can configure two RADIUS servers. The secondary server only when the first server is not available. If the IP address of secondary server is “0.0.0.0”, it implies to disable secondary server. (The AT-TQ2403 Management Software internal authentication server is 127.0.0.
AT-TQ2403 - Management Software - User's Guide If you selected WPA Personal Security Mode, provide the following: Figure 29: Security Setting Page – WPA Personal Setting Page Field Description WPA Versions Select the types of client stations you want to support: WPA WPA2 Both WPA: If all client stations on the network support the original WPA but none support the newer WPA2, then select WPA.
AT-TQ2403 Management Software User's Guide Field Description Cipher Suites Select the cipher suite you want to use: TKIP CCMP (AES) Both Temporal Key Integrity Protocol (TKIP) is the default. TKIP: It provides a more secure encryption solution than WEP keys. The TKIP process more frequently changes the encryption key used and better ensures that the same key will not be re-used to encrypt data (a weakness of WEP). TKIP uses a 128-bit "temporal key" shared by clients and access points.
AT-TQ2403 - Management Software - User's Guide Figure 30: Security Setting Page – WPA Enterprise Setting Page Field Description WPA Versions Select the types of client stations you want to support: WPA WPA2 Both WPA: If all client stations on the network support the original WPA but none support the newer WPA2, then select WPA. WPA2: If all client stations on the network support WPA2, we suggest using WPA2 which provides the best security per the IEEE 802.11i standard.
AT-TQ2403 Management Software User's Guide Field Description Cipher Suites Select the cipher you want to use: 75 TKIP CCMP (AES) Both Temporal Key Integrity Protocol (TKIP) is the default. TKIP: It provides a more secure encryption solution than WEP keys. The TKIP process more frequently changes the encryption key used and better ensures that the same key will not be re-used to encrypt data (a weakness of WEP). TKIP uses a 128-bit "temporal key" shared by clients and access points.
AT-TQ2403 - Management Software - User's Guide Field Description Use internal radius server You can choose whether to use the built-in authentication server provided with the AT-TQ2403 Management Software, or you can use an external radius server. To use the authentication server provided with the AT-TQ2403 Management Software, ensure the checkbox beside the Use internal radius server field is selected.
AT-TQ2403 Management Software User's Guide Field 77 Description Require VLAN ID in Dynamic mode is enabled when you click the checkbox. Dynamic VLAN If you have enabled dynamic mode and try to establish wireless connection between wireless client and AP, the AP must receive VLAN ID information from Radius server in authentication process. Otherwise, the AP will reject wireless connection to the wireless client. The default setting is unchecked the checkbox, which means dynamic mode is disable.
AT-TQ2403 - Management Software - User's Guide Chapter 10: Maintenance and Monitoring The maintenance and monitoring tasks described here all pertain to viewing and modifying settings on specific access points; not on a cluster configuration that is automatically shared by multiple access points. Therefore, it is important to ensure that you are accessing the Administration Web pages for the particular access point you want to configure.
AT-TQ2403 Management Software User's Guide This page displays the current settings of the AT-TQ2403 Management Software. It displays the Ethernet (Wired) Settings and the Wireless Settings. Ethernet (Wired) Settings The Internal interface includes the Ethernet MAC Address, IP Address, Subnet Mask, and Associated Network Wireless Name (SSID). The Guest interface includes the MAC Address, VLAN ID, and Associated Network Wireless Name (SSID).
AT-TQ2403 - Management Software - User's Guide Note: The AT-TQ2403 Management Software acquires its date and time information using the network time protocol (NTP). This data is reported in UTC format (also known as Greenwich Mean Time). You need to convert the reported time to your local time. For information on setting the network time protocol, see “Enabling the Network Time Protocol Server”. Enabling or Disabling Persistence Persistence can be enabled or disabled from the Events tabbed page.
AT-TQ2403 Management Software User's Guide all messages with a severity level between 4 and 0 will appear in the Event log. Therefore, less severe messages and notices will be ignored.
AT-TQ2403 - Management Software - User's Guide Setting Up the Log Relay Host To use Kernel Log relaying, you must configure a remote server to receive the syslog messages. This procedure will vary depending on the type of machine you use as the remote log host. Following is an example of how to configure a remote Linux server using the syslog daemon. Note: The syslog process will default to use port 514. We recommend keeping this default port.
AT-TQ2403 Management Software User's Guide Events Log The Events Log shows system events on the access point such as stations associating, being authenticated, and other occurrences. The real-time Events Log is always shown on the Status > Events Administration Web UI page for the access point you are monitoring. To clear all currently listed events, click Clear All.
AT-TQ2403 - Management Software - User's Guide Field Description IP Address IP Address for the access point. MAC Address Media Access Control (MAC) address for the specified interface. A MAC address is a permanent, unique hardware address for any device that represents an interface to the network. The MAC address is assigned by the manufacturer. The AT-TQ2403 has a unique MAC address for each interface and has a different MAC address for each interface on each of its two radios.
AT-TQ2403 Management Software User's Guide The associated stations are displayed along with information about packet traffic transmitted and received for each station. Note: The Authenticated and Associated Status shows only the underlying IEEE 802.11 authentication/association, which will be present in all Security modes. It does not refer to or show IEEE 802.1x authentication/association.
AT-TQ2403 - Management Software - User's Guide Information provided on neighboring access points is described in the following table. Field Description MAC Address Shows the MAC address of the neighboring access point. A MAC address is a hardware address that uniquely identifies each node of a network. Radio If the access point that is "doing the detecting" of neighboring APs is a two-radio access point, the Radio field is included.
AT-TQ2403 Management Software User's Guide 87 Field Description Band This indicates the IEEE 802.11 mode being used on this access point. (For example, IEEE 802.11a, IEEE 802.11b, IEEE 802.11g.) The number shown indicates the mode according to the following map: 2.4 indicates IEEE 802.11b mode or IEEE 802.11g mode 5 indicates IEEE 802.11a mode 5 Turbo indicates Atheros Turbo 5 GHz mode Channel Shows the channel on which the access point is currently broadcasting.
AT-TQ2403 - Management Software - User's Guide Chapter 11: Setting the Ethernet (Wired) Interface Ethernet (Wired) Settings describe the configuration of your Ethernet local area network (LAN). Note: The Ethernet Settings, including guest access, are not shared across the cluster. These settings must be configured individually on the Administration pages for each access point.
AT-TQ2403 Management Software User's Guide Figure 38: Ethernet (Wired) Settings Page Setting the DNS HostName Field Description DNS Hostname Enter the DNS name for the access point in the text box. This is the host name. It may be provided by your ISP or network administrator, or you can provide your own. The rules for system names are: This name can be up to 20 characters long. Only letters, numbers and hyphens are allowed. No hyphens can be used at the beginning or end of the DNS name.
AT-TQ2403 - Management Software - User's Guide Enabling or Disabling Guest Access You can provide controlled guest access over an isolated network and a secure internal LAN on the same AT-TQ2403 Management Software. Configuring an Internal LAN and a Guest Network A Local Area Network (LAN) is a communications network covering a limited area, for example, one floor of a building. A LAN connects multiple computers and other network devices like storage and printers.
AT-TQ2403 Management Software User's Guide Field Description Virtual Wireless Networks Select Enabled to enable VLANs for the Internal network and for additional networks. (If you choose this option, you can run the Internal network on a VLAN whether or not you have Guest Access configured and you can set up additional networks on VLANs using the Manage > VWN tab as described in “Configuring Virtual Wireless Networks”.
AT-TQ2403 - Management Software - User's Guide Field Description VLAN ID If you have enabled VWNs or Guest access via VLAN, this field will be enabled. Provide a number between 1 and 4094 for the Internal VLAN. This VLAN ID must not be the same as the Guest VLAN ID or a VWN VLAN ID. Check with the Network Administrator regarding the VLAN and DHCP configurations. Management VLAN ID If you have enabled VWNs or Guest access via VLAN, this field will be enabled.
AT-TQ2403 Management Software User's Guide 93 Field Description Secure Management You can restrict access to management IP interface to the specified client. Select Enabled to enable Secure Management feature. Only the specified client can access the management IP interface (Web pages, telnet) of this access point. Select Disabled to disable Secure Management feature. Anyone can access the management IP interface of this access point.
AT-TQ2403 - Management Software - User's Guide Field Description Static IP Address If you chose Static IP as the Connection Type, these fields will be enabled. Enter the Static IP Address in the text boxes. Subnet Mask Enter the Subnet Mask in the text boxes. You must obtain this information from your ISP or network administrator. Default Gateway Enter the Default Gateway in the text boxes.
AT-TQ2403 Management Software User's Guide Chapter 12: Setting the Wireless Interface Wireless settings describe aspects of the local area network (LAN) related specifically to the radio device in the access point (802.11 Mode and Channel) and to the network interface to the access point (MAC address for access point and Wireless Network name, also known as SSID).
AT-TQ2403 - Management Software - User's Guide Configuring 802.11d Regulatory Domain Support You can enable or disable IEEE 802.11d Regulatory Domain Support to broadcast the access point country code information as described below. Field Description 802.11d Regulatory Domain Support Enabling support for IEEE 802.11d on the access point causes the AP to broadcast which country it is operating in as a part of its beacons: To enable 802.11d regulatory domain support, click Enabled. To disable 802.
AT-TQ2403 Management Software User's Guide If you are operating in an 802.11h enabled domain, then the channel selection of the BSS will always be "Auto". Even if another channel has been has been configured, this will be ignored and autochannel selection will occur. When 802.11h is enabled, the initial boot-up time will increase by a minimum of sixty seconds. This is the minimum time required to scan the selected channel for radar interference. Setting up WDS links may be difficult when 802.
AT-TQ2403 - Management Software - User's Guide Field Description Channel Select the Channel. The range of channels and the default is determined by the Mode of the radio interface. The Channel defines the portion of the radio spectrum the radio uses for transmitting and receiving.
AT-TQ2403 Management Software User's Guide Field Description Wireless Network Name (SSID) Enter the SSID for the internal WLAN. 99 The Service Set Identifier (SSID) is a string of up to 32 characters that uniquely identifies a wireless local area network. It is also referred to as the Network Name. Two SSIDs are shown: one for each Radio on the Internal interface.
AT-TQ2403 - Management Software - User's Guide Chapter 13: Setting up Guest Access Out-of-the-box Guest Interface features allow you to configure the AT-TQ2403 Management Software for controlled guest access to an isolated network. You can configure the same access point to broadcast and function as two different wireless networks: a secure "Internal" LAN and a public "Guest" network. Guest clients can access the guest network without a username or password.
AT-TQ2403 Management Software User's Guide 101 Configuring the Guest Interface To configure the Guest interface on the AT-TQ2403 Management Software, perform these configuration steps: 1. Configure the access point to represent two virtually separate networks as described in the section below, “Configuring a Guest Network on a Virtual LAN”. 2. Set up the guest Welcome screen for the guest captive portal as described in the section below, “Configuring the Welcome Screen (Captive Portal)”.
AT-TQ2403 - Management Software - User's Guide 1. Navigate to the Manage > Guest Login tab. Figure 40: Guest Login Setting Page 2. Choose Enabled to activate the Welcome screen. 3. In the Welcome Screen Text field, type the text message you would like guest clients to see on the captive portal. The maximum length of this text is 1,000 characters. 4. Click Update to apply the changes.
AT-TQ2403 Management Software User's Guide Figure 41: Guest Network Diagram Example 103
AT-TQ2403 - Management Software - User's Guide Chapter 14: Configuring Virtual Wireless Networks The following sections describe how to configure multiple wireless networks on Virtual LANs (VLANs): Navigating to Virtual Wireless Network Settings Configuring VLANs Updating Settings Navigating to Virtual Wireless Network Settings To set up multiple networks on VLANs navigate to the Manage > VWN tab, and update the fields as described below.
AT-TQ2403 Management Software User's Guide 105 Configuring VLANs Note: To configure additional networks on VLANs, you must first enable Virtual Wireless Networks on the Ethernet Settings page. See “Enabling or Disabling Virtual Wireless Networks on the AP”. If you configure VLANs, you may lose connectivity to the access point. First, be sure to verify that the switch and DHCP server you are using can support VLANs per the IEEE 802.1Q standard.
AT-TQ2403 - Management Software - User's Guide Field Description Broadcast SSID Select the Broadcast SSID setting by selecting the Broadcast SSID checkbox. By default, the access point broadcasts (allows) the Service Set Identifier (SSID) in its beacon frames. You can suppress (prohibit) this broadcast to discourage stations from automatically discovering your access point.
AT-TQ2403 Management Software User's Guide 107 Chapter 15: Configuring Radio Settings The following sections describe how to configure Radio Settings on the AT-TQ2403 Management Software: Understanding Radio Settings Navigating to Radio Settings Updating Settings Understanding Radio Settings Radio settings directly control the behavior of the radio device in the access point and its interaction with the physical medium; that is, how/what type of electromagnetic waves the AP emits.
AT-TQ2403 - Management Software - User's Guide Figure 43: Radio Setting Page Field Description Radio Specify Radio One or Radio Two. The rest of the settings on this tab apply to the radio selected in this field. Be sure to configure settings for both radios. Note: Radio One (5GHz band) might not be available in the specific country domains. Therefore, you could not configure this radio. Status Specify whether you want the radio on or off by clicking On or Off.
AT-TQ2403 Management Software User's Guide 109 Field Description Mode The Mode defines the Physical Layer (PHY) standard being used by the radio. The AT-TQ2403 is available as a dual band access point. Select one of these modes: For Radio Interface 1 IEEE 802.11a Atheros Turbo 5 GHz Atheros Dynamic Turbo 5 GHz For Radio Interface 2 IEEE 802.11b IEEE 802.11g Atheros Turbo 2.4 GHz Atheros Dynamic Turbo 2.
AT-TQ2403 - Management Software - User's Guide Field Description Broadcast/Multicast Rate Limit Burst Setting a rate limit burst determines how much traffic bursts can be before all traffic exceeds the rate limit. This burst limit allows intermittent bursts of traffic on a network above the set rate limit. The default and maximum rate limit burst setting is 75 packets per second. Super AG Enabling Super AG provides better performance by increasing radio throughput.
AT-TQ2403 Management Software User's Guide 111 Field Description DTIM Period All Beacon frames include a Traffic Information Map information element (TIM IE). In some beacon frames, the TIM IE includes a Delivery Traffic Information Map (DTIM) message. These special DTIM beacons are sent at an interval specified in the DTIM period.
AT-TQ2403 - Management Software - User's Guide Field Description RTS Threshold Specify an RTS Threshold value between 0 and 2347. The RTS threshold specifies the packet size at which packet transmission is governed by the RTS/CTS transaction. If you specify a low threshold value, RTS packets will be sent more frequently. This will consume more bandwidth and reduce the throughput of the packet.
AT-TQ2403 Management Software User's Guide 113 Field Description Rate Sets Check the transmission rate sets you want the access point to support and the basic rate sets you want the access point to advertise. Rates are expressed in megabits per second. Supported Rate Sets indicate rates that the access point supports. You can check multiple rates (click a checkbox to select or de-select a rate).
AT-TQ2403 - Management Software - User's Guide Chapter 16: Controlling Access by MAC Address Filtering A Media Access Control (MAC) address is a hardware address that uniquely identifies each node of a network. All IEEE 802 network devices share a common 48-bit MAC address format, usually displayed as a string of 12 hexadecimal digits separated by colons, for example FE:DC:BA:09:87:65. Each wireless network interface card (NIC) used by a wireless client has a unique MAC address.
AT-TQ2403 Management Software User's Guide 115 For the Guest interface, MAC Filtering settings apply to both BSSes. MAC Filtering settings apply to both radios. Note: Only 1024 MAC addresses are allowed. Field Description Filter To set the MAC Address Filter, click one of the following radio buttons: Allow only stations in the list Block all stations in list Stations List To add a MAC Address to Stations List, enter its 48-bit MAC address into the lower text boxes, then click Add.
AT-TQ2403 - Management Software - User's Guide Chapter 17: Load Balancing The AT-TQ2403 Management Software allows you to balance the distribution of wireless client connections across multiple access points. Using load balancing, you can prevent scenarios where a single access point in your network shows performance degradation because it is handling a disproportionate share of the wireless traffic.
AT-TQ2403 Management Software User's Guide 117 Load Balancing and QoS Load balancing also plays a part in contributing to Quality of Service (QoS) for Voice Over IP (VoIP) and other such time-sensitive applications competing for bandwidth and timely access to the air waves on a wireless network. For more information about configuring your network for QoS, see “Configuring Quality of Service (QoS)”.
AT-TQ2403 - Management Software - User's Guide Field Description Load Balancing To enable load balancing on this access point, click Enable. To disable load balancing on this access point, click Disable. Utilization for No New Associations Utilization rate limits relate to wireless bandwidth utilization. Provide a bandwidth utilization rate percentage limit for this access point to indicate when to stop accepting new client associations.
AT-TQ2403 Management Software User's Guide 119 Chapter 18: Pre-Config Rogue AP Pre-config Rogue Configuration notifies you when access points are not in the Access Points list. Access points are filtered by MAC address, a hardware ID number that uniquely identifies each node of a network. A MAC address consists of a string of twelve (12) hexadecimal digits separated by colons, for example FE:DC:BA:09:87:65. These settings apply to the internal and guest networks of both radios.
AT-TQ2403 - Management Software - User's Guide Using Pre-Config Rogue AP Field Description AP Detection To set AP Detection, click Enabled. Detection Interval Use the drop-down menu to specify the schedule for AP Detection. A range of intervals is provided, from "15 Minutes" to "4 Weeks". The default is "15 Minutes" Access Points List To add a MAC Address to the Access Point List, enter the 48-bit MAC address into the lower text boxes, then click Add.
AT-TQ2403 Management Software User's Guide 121 Chapter 19: Configuring Quality of Service (QoS) Quality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice-over-IP (VoIP), other types of audio, video, and streaming media as well as traditional IP data over the AT-TQ2403 Management Software.
AT-TQ2403 - Management Software - User's Guide 802.11e and WMM Standards Support QoS describes a range of technologies for controlling data streams on shared network connections. The IEEE 802.11e task group has defined a QoS standard for transmission quality and availability of service on wireless networks.
AT-TQ2403 Management Software User's Guide 123 is sent to this queue. Data 3 (Background). Lowest priority queue, high throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). Using the QoS settings on the Administration UI, you can configure Enhanced Distributed Channel Access (EDCA) parameters that determine how each queue is treated when it is sent by the access point to the client or by the client to the access point.
AT-TQ2403 - Management Software - User's Guide is based on CSMA/CA protocol, defines the interframe space (IFS) between data frames. Data frames wait for an amount of time defined as the arbitration interframe space (AIFS) before transmitting. This parameter is configurable.
AT-TQ2403 Management Software User's Guide 125 802.1q and DSCP tags IEEE 802.1q is an extension of the IEEE 802 standard and is responsible for QoS provision. One purpose of 802.1q is to prioritize network traffic at the data link/ MAC layer. The 802.1q tag includes a three-bit field for prioritization, which allows packets to be grouped into various traffic classes. Eight priority levels are defined. The highest priority is seven, which might go to network- critical traffic (voice).
AT-TQ2403 - Management Software - User's Guide The table below outlines the VLAN priority and DSCP values. Table 1 VLAN Priority VLAN Priority Priority DSCP value 0 Best Effort 0 1 Background 16 2 Background 8 3 Best Effort 24 4 Video 32 5 Video 40 6 Voice 48 7 Voice 56 Navigating to QoS Settings To set up queues for QoS, navigate to the Services > QoS tab, and configure settings as described below.
AT-TQ2403 Management Software User's Guide 127 Note: For the Guest interface or VWNs (Virtual APs), QoS queue settings apply to the access point load as a whole (all BSSs together). These settings apply to both radios but the traffic for each radio is queued independently.
AT-TQ2403 - Management Software - User's Guide Field Description AIFS The Arbitration Inter-Frame Spacing (AIFS) specifies a wait time (in milliseconds) for data frames. (Inter-Frame Space) Valid values for AIFS are 1 through 255. For more information, see “EDCA Control of Data Frames and Arbitration Interframe Spaces”. cwMin (Minimum Contention Window) This parameter is input to the algorithm that determines the initial random backoff wait time ("window") for retry of a transmission.
AT-TQ2403 Management Software User's Guide Field Description Max. Burst Length AP EDCA Parameter Only (The Max. Burst Length applies only to traffic flowing from the access point to the client station.) 129 This value specifies (in milliseconds) the Maximum Burst Length allowed for packet bursts on the wireless network. A packet burst is a collection of multiple frames transmitted without header information. The decreased overhead results in higher throughput and better performance.
AT-TQ2403 - Management Software - User's Guide Field Description Queue Queues are defined for different types of data transmitted from station-to-AP: Data 0 (Voice) Low latency and guaranteed bandwidth. Time-sensitive data such as VoIP should be sent to this queue. Data 1(Video) Guaranteed bandwidth. Time-sensitive video data and any streams that have a fixed bandwidth should be sent to this queue. Data 2 (best effort) Most traditional IP data is sent to this queue.
AT-TQ2403 Management Software User's Guide 131 Field Description cwMax (Maximum Contention Window) The value specified here in the Maximum Contention Window is the upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. Once the Maximum Contention Window size is reached, retries will continue until a maximum number of retries allowed is reached.
AT-TQ2403 - Management Software - User's Guide Chapter 20: Configuring the Wireless Distribution System (WDS) The AT-TQ2403 Management Software lets you connect multiple access points using a Wireless Distribution System (WDS). WDS allows access points to communicate with one another wirelessly. This capability is critical in providing a seamless experience for roaming clients and for managing multiple wireless networks.
AT-TQ2403 Management Software User's Guide 133 Figure 50: Bridge Distant Wired LAN by WDS Diagram Using WDS to Extend the Network Beyond the Wired Coverage Area An ESS can extend the reach of the network into areas where cabling would be difficult, costly, or inefficient. For example, suppose you have an access point which is connected to the network by Ethernet and serving multiple client stations in one area ("East Wing" in our example) but cannot reach others which are out of range.
AT-TQ2403 - Management Software - User's Guide For more information about the effectiveness of different security modes, see “Configuring Security”. This topic also covers use of the unencrypted security mode for AP-to-station traffic on the Guest network, which is intended for less sensitive data traffic. Understanding WPA (PSK) Data Encryption Wi-Fi Protected Access (Pre-Shared Key) or WPA (PSK) is a more robust form of security than Static WEP.
AT-TQ2403 Management Software User's Guide 135 Configuring WDS Settings The following notes summarize some critical guidelines regarding WDS configuration. Please read all the notes before proceeding with WDS configuration. Note: When using WDS, be sure to configure WDS settings on both access points participating in the WDS link. You can have only one WDS link between any pair of access points. That is, a remote MAC address may appear only once on the WDS page for a particular access point.
AT-TQ2403 - Management Software - User's Guide Field Description Remote Address Specify the MAC address of the destination access point; that is, the access point to which data will be sent or "handed-off" and from which data will be received, in other words the AP to which you are creating the WDS bridge. Click the arrow to the right of the Remote Address field to see a list of all the available MAC Addresses and their associated SSIDs on the network.
AT-TQ2403 Management Software User's Guide 137 http://IPAddressOfAccessPoint where IPAddressOfAccessPoint is the address of MyAP1. 2. Navigate to the WDS tab on MyAP1 Administration Web pages. The MAC address for MyAP1 (the access point you are currently viewing) will show as the Local Address at the top of the page. 3. Configure a WDS interface for data exchange with MyAP2.
AT-TQ2403 - Management Software - User's Guide Chapter 21: Configuring Simple Network Management Protocol (SNMP) on the AP The following sections describe supported SNMP MIBs, and show how to configure SNMP settings on the AT-TQ2403 Management Software: Understanding SNMP Supported MIBs Navigating to SNMP Settings Configuring SNMP Settings Configuring SNMP Traps Updating SNMP Settings Understanding SNMP Simple Network Management Protocol (SNMP) defines a standard for recording,
AT-TQ2403 Management Software User's Guide 139 Figure 52: SNMP Setting Diagram Supported MIBs MIBs are a collection of objects or files that exist in a virtual database on a network. SNMP uses a specific set of commands and queries to obtain information from the MIB. The AT-TQ2403 Management Software supports standard and proprietary SNMP MIBs as shown in the following table. The MIB definitions are included with this documentation.
AT-TQ2403 - Management Software - User's Guide Category MIB Level of Support Standard IEEE MIB Bridge-MIB Partial, read-only support including root bridge We do not implement the optional StaticTable.
AT-TQ2403 Management Software User's Guide 141 Field Description SNMP Enabled/Disabled You can choose whether or not you want to enable SNMP on your network. By default SNMP is Enabled. To enable SNMP, click Enabled. To disable SNMP, click Disabled. You must click Update to save your settings. Note: If you do not enable SNMP, all remaining fields on the SNMP page will be disabled. Read-only community name for permitted GETs Enter a read-only community name.
AT-TQ2403 - Management Software - User's Guide Field Description Restrict the source of SNMP requests to only the designated hosts or subnets You can restrict the source of permitted SNMP requests. To restrict the source of permitted SNMP requests, click Enabled. To permit any source submitting an SNMP request, click Disabled. Hostname or subnet of Network Management System Specify the DNS hostname or subnet of the machines that can execute GET and SET requests to the managed devices.
AT-TQ2403 Management Software User's Guide 143 by sending a trap of the event. After receiving the event information, the manager can choose what action, if any, to take. Field Description Community name for traps Enter the global community string associated with SNMP traps. Traps sent from the device will provide this string as a community name. Hostname Enter the DNS hostname of the computer to which you want to send SNMP traps.
AT-TQ2403 - Management Software - User's Guide Chapter 22: Enabling the Network Time Protocol Server The Network Time Protocol (NTP) is an Internet standard protocol that synchronizes computer clock times on your network. NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems. NTP sends periodic time requests to servers, using the returned time stamp to adjust its clock.
AT-TQ2403 Management Software User's Guide 145 Enabling or Disabling a Network Time Protocol (NTP) Server To configure your access point to use a network time protocol (NTP) server, first enable the use of NTP, and then select the NTP server you want to use. (To shut down NTP service on the network, disable NTP on the access point.) Field Description Network Time Protocol (NTP) NTP provides a way for the access point to obtain and maintain its time from a server on the network.
AT-TQ2403 - Management Software - User's Guide Chapter 23: Backing up and Restoring a Configuration You can save a copy of the current settings on the AT-TQ2403 Management Software to a backup configuration file. The backup file can be used at a later date to restore the access point to the previously saved configuration.
AT-TQ2403 Management Software User's Guide 147 Resetting Factory Default Configuration If you are experiencing problems with the AT-TQ2403 Management Software and have tried all other troubleshooting measures, use the Reset Configuration function. This will restore factory defaults and clear all settings, including settings such as a new password or wireless settings. 1. Click the Maintenance > Configuration tab. Figure 56: Configuration Setting Detail 2. Click the Reset button.
AT-TQ2403 - Management Software - User's Guide You can keep the default file name (config.cbk) or rename the backup file, but be sure to save the file with a .cbk extension. Restoring the Configuration from a Previously Saved File To restore the configuration on an access point to previously saved settings: 1. Select the backup configuration file you want to use, either by typing the full path and file name in the Restore textbox or click Browse and select the file.
AT-TQ2403 Management Software User's Guide 149 Figure 57: Configuration Setting Page 2. Click the Reboot button. The AP will reboot. Upgrading the Firmware As new versions of the AT-TQ2403 Management Software firmware become available, you can upgrade the firmware on your devices to take advantages of new features and enhancements. Caution: It is strongly recommended that do not upgrade the firmware from a wireless client that is associated with the access point you are upgrading.
AT-TQ2403 - Management Software - User's Guide Figure 58: Upgrade Page Information about the current firmware version is displayed and an option to upgrade a new firmware image is provided. 2. If you know the path to the New Firmware Image file, enter it in the New Firmware Image textbox. Otherwise, click the Browse button and locate the firmware image file. Update 1. Click Update to apply the new firmware image.
AT-TQ2403 Management Software User's Guide 151 Appendix A: Security Settings on Wireless Clients and RADIUS Server Setup Typically, users will configure security on their wireless clients for access to many different networks (access points). The list of "Available Networks" will change depending on the location of the client and which APs are online and detectable in that location.
AT-TQ2403 - Management Software - User's Guide Network Infrastructure and Choosing Between Built-in or External Authentication Server Network security configurations including Public Key Infrastructures (PKI), Remote Authentication Dial-in User Server (RADIUS) servers, and Certificate Authority (CA) can vary a great deal from one organization to the next in terms of how they provide Authentication, Authorization, and Accounting (AAA).
AT-TQ2403 Management Software User's Guide 153 Accessing the Microsoft Windows Wireless Client Security Settings Generally, on Windows XP there are two ways to get to the security properties for a wireless client: 1. From the wireless connection icon on the Windows task bar: Right-click on the Wireless connection icon in your Windows task bar and select View available wireless networks.
AT-TQ2403 - Management Software - User's Guide List of available networks will change depending on client location. Each network (or access point) that that is detected by the client shows up in this list. ("Refresh" updates the list with current information.) For each network you want to connect to, configure security settings on the client to match the security mode being used by that network.
AT-TQ2403 Management Software User's Guide 155 If you do have security configured on a client for properties of an unsecure network, the security settings actually can prevent successful access to the network because of the mismatch between client and access point security configurations. To configure the client to not use any security, bring up the client Network Properties dialog and configure the following settings.
AT-TQ2403 - Management Software - User's Guide Figure 62: Security Setting Page – Static WEP Setting Page . . . then configure WEP security on each client as follows.
AT-TQ2403 Management Software User's Guide 157 Field Setting Network Authentication "Open" or "Shared", depending on how you configured this option on the access point. Note: When the Authentication Algorithm on the access point is set to "Both", clients set to either Shared or Open can associate with the AP. Clients configured to use WEP in Shared mode must have a valid WEP key in order to associate with the AP.
AT-TQ2403 - Management Software - User's Guide IEEE 802.1x Client Using EAP/PEAP The Built-In Authentication Server on the AT-TQ2403 Management Software uses Protected Extensible Authentication Protocol (EAP) referred to here as "EAP/PEAP". If you are using the Built-in Authentication server with "IEEE 802.1x" Security mode on the AT-TQ2403 Wireless Access Point, then you will need to set up wireless clients to use PEAP. Additionally, you may have an external RADIUS server that uses EAP/PEAP.
AT-TQ2403 Management Software User's Guide Figure 65: Client Side Security Setting - IEEE802.
AT-TQ2403 - Management Software - User's Guide 1. Configure the following settings on the Association tab on the Network Properties dialog. Association Tab Field Setting Network Authentication Open Data Encryption WEP Note: An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each IEEE 802.11 frame. This is the same encryption algorithm as is used for Static WEP; therefore, the data encryption method configured on the client for this mode is WEP.
AT-TQ2403 Management Software User's Guide 161 Logging on to the Wireless Network with an IEEE 802.1x PEAP Client IEEE 802.1x PEAP clients should now be able to associate with the access point. Client users will be prompted for a user name and password to authenticate with the network. IEEE 802.1x Client Using EAP/TLS Certificate Extensible Authentication Protocol (EAP) Transport Layer Security (TLS), or EAP-TLS, is an authentication protocol that supports the use of smart cards and certificates.
AT-TQ2403 - Management Software - User's Guide Figure 66: Security Setting Page – IEEE802.1x Setting Page . . . then configure IEEE 802.1x security with certificate authentication on each client as follows.
AT-TQ2403 Management Software User's Guide Figure 67: Client Side Security Setting - IEEE802.
AT-TQ2403 - Management Software - User's Guide 1. Configure the following settings on the Association tab on the Network Properties dialog. Association Tab Field Setting Network Authentication Open Data Encryption WEP Note: An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each IEEE 802.11 frame. This is the same encryption algorithm as is used for Static WEP; therefore, the data encryption method configured on the client for this mode is WEP.
AT-TQ2403 Management Software User's Guide 165 Configuring WPA/WPA2 Enterprise (RADIUS) Security on a Client Wi-Fi Protected Access 2 (WPA2) with Remote Authentication Dial-In User Service (RADIUS) is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes Advanced Encryption Standard (AES), Counter mode/CBC-MAC Protocol (CCMP), and Temporal Key Integrity Protocol (TKIP) mechanisms. This mode requires the use of a RADIUS server to authenticate users.
AT-TQ2403 - Management Software - User's Guide Figure 68: Security Setting Page – WPA Enterprise Setting Page First set up user accounts on the access point (User Management tab)… Figure 69: User Management Page . . . then configure WPA security with PEAP authentication on each client as follows.
AT-TQ2403 Management Software User's Guide Figure 70: Client Side Security Setting – WPA Enterprise Setting Detail 167
AT-TQ2403 - Management Software - User's Guide 1. Configure the following settings on the Association and Authentication tabs on the Network Properties dialog. Association Tab Field Setting Network Authentication WPA Data Encryption TKIP or AES depending on how this option is configured on the access point. Note: When the Cipher Suite on the access point is set to "Both", then TKIP clients with a valid TKIP key and AES clients with a valid CCMP (AES) key can associate with the access point. 2.
AT-TQ2403 Management Software User's Guide 169 WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate Extensible Authentication Protocol (EAP) Transport Layer Security (TLS), or EAP-TLS, is an authentication protocol that supports the use of smart cards and certificates. You have the option of using EAP-TLS with both WPA/WPA2 Enterprise (RADIUS) and IEEE 802.1x modes if you have an external RADIUS server on the network to support it. Note: If you want to use IEEE 802.
AT-TQ2403 - Management Software - User's Guide Figure 71: Security Setting Page – WPA Enterprise Setting Page . . . then configure WPA security with certificate authentication on each client as follows.
AT-TQ2403 Management Software User's Guide Figure 72: Client Side Security Setting – WPA Setting Detail 171
AT-TQ2403 - Management Software - User's Guide 1. Configure the following settings on the Association tab on the Network Properties dialog. Association Tab Field Setting Network Authentication WPA Data Encryption TKIP or AES depending on how this option is configured on the access point. Note: When the Cipher Suite on the access point is set to "Both", then TKIP clients with a valid TKIP key and AES clients with a valid CCMP (AES) key can associate with the access point. 2.
AT-TQ2403 Management Software User's Guide 173 To use this type of security, you must do the following: 1. Add the AT-TQ2403 Wireless Access Point to the list of RADIUS server clients. (There are some kind of Radius server support EAP-SIM, such as : FreeRadius) 2. Configure the AT-TQ2403 Wireless Access Point to use your RADIUS server (by providing the RADIUS server IP address as part of the "WPA/WPA2 Enterprise [RADIUS]" security mode settings). 3.
AT-TQ2403 - Management Software - User's Guide Figure 74: Client Side Security Setting – WPA Setting Detail Configure the following settings on the “Security Settings” of the Intel PROSet dialog. Field Setting Network Authentication WPA2 – Enterprise Data Encryption TKIP or AES–CCMP depending on how this option is configured on the access point.
AT-TQ2403 Management Software User's Guide 175 Configuring WPA/WPA2 Personal (PSK) Security on a Client Wi-Fi Protected Access (WPA) with Pre-Shared Key (PSK) is a Wi-Fi Alliance subset of IEEE 802.11i, which includes Temporal Key Integrity Protocol (TKIP), Advanced Encryption Algorithm (AES), and Counter mode/CBC-MAC Protocol (CCMP) mechanisms. PSK employs a pre-shared key for an initial check of client credentials.
AT-TQ2403 - Management Software - User's Guide Association Tab Field Setting Network Authentication WPA – PSK Data Encryption TKIP or AES depending on how this option is configured on the access point.
AT-TQ2403 Management Software User's Guide 177 procedures will vary depending on the RADIUS server you use and how you configure it. For this example, we use the Internet Authentication Service that comes with Microsoft Windows 2003 server. Note: This document does not describe how to set up Administrative users on the RADIUS server. In this example, we assume you already have RADIUS server user accounts configured.
AT-TQ2403 - Management Software - User's Guide Figure 77: Radius Server – Internet Authentication Service 2. In the left panel, right click on "RADIUS Clients" node and choose New > Radius Client from the popup menu. 3. On the first screen of the New RADIUS Client wizard provide information about the AT-TQ2403 Wireless Access Point to which you want your clients to connect: A logical (friendly) name for the access point. (You might want to use DNS name or location.
AT-TQ2403 Management Software User's Guide 179 4. For the "Shared secret" enter the RADIUS Key you provided to the access point (on the Security page). Re-type the key to confirm. Figure 79: Radius Server Setting – New Radius Client Setting 5. Click Finish Figure 80: Radius Server The access point is now displayed as a client of the Authentication Server.
AT-TQ2403 - Management Software - User's Guide Obtaining a TLS-EAP Certificate for a Client Note: If you want to use IEEE 802.1x mode with EAP-TLS certificates for authentication and authorization of clients, you must have an external RADIUS server and a Public Key Authority Infrastructure (PKI), including a Certificate Authority (CA), server configured on your network. It is beyond the scope of this document to describe these configuration of the RADIUS server, PKI, and CA server.
AT-TQ2403 Management Software User's Guide Figure 82: Welcome Message from Certification Server 3. Click Request a certificate to get the login prompt for the RADIUS server. 4. Provide a valid user name and password to access the RADIUS server. Figure 83: Radius Server Log-in Page Note: The user name and password you need to provide here is for access to the RADIUS server, for which you will already have user accounts configured at this point.
AT-TQ2403 - Management Software - User's Guide 6. Click Yes on the dialog displayed to install the certificate. Figure 85: User Certification Installation – Identifying Information 7. Click Submit to complete and click Yes to confirm the submittal on the popup dialog. Figure 86: User Certification Installation – Submit 8. Click Install this certificate to install the newly issued certificate on your client station.
AT-TQ2403 Management Software User's Guide 183 Figure 87: User Certification Installation – Certification Issued A success message is displayed indicating the certificate is now installed on the client. Figure 88: User Certification Installation – Certification Installed Configuring RADIUS Server for VLAN tags A VLAN is a grouping of ports on a switch or a grouping of ports on different switches.
AT-TQ2403 - Management Software - User's Guide In the case of FreeRADIUS server, the following options may be set in the users file to add the necessary attributes. example-userAuth-Type :=EAP, User-Password =="password" Tunnel-Tyep = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-ID = 7 Tunnel-Type and Tunnel-Medium-Type use the same values for all stations. Tunnel-Private-Group-ID is the selected VLAN ID, however it can be different for each user.
AT-TQ2403 Management Software User's Guide 185 Appendix B:Troubleshooting This section provides information about how to solve common problems you might encounter in the course of updating network configurations on networks served by multiple, clustered access points.
AT-TQ2403 - Management Software - User's Guide Reset the access point from its Administration UI. To do this, go to http://IPAddressOfAccessPoint, navigate to Reset Configuration, and click the Reset button. (IP addresses for APs are on the Cluster > Access Points page for any cluster member.) Physically reset the access point by pressing the Reset button on the device. BootLoader Recovery If you power off the AP during the firmware upgrading process, the AP may no longer boot.
AT-TQ2403 Management Software User's Guide 187 Appendix C: Command Line Interface (CLI) for AP Configuration In addition to the Web based user interface, the AT-TQ2403 Management Software includes a command line interface (CLI) for administering the access point. The CLI lets you view and modify status and configuration information. From the client station perspective, even a single deployed AT-TQ2403 Management Software broadcasting its "network name" to clients constitutes a wireless network.
AT-TQ2403 - Management Software - User's Guide Upgrade the Firmware Keyboard Shortcuts and Tab Completion Help CLI Classes and Properties Reference Comparison of Settings Configurable with the CLI and Web UI The command line interface (CLI) and the Web user interface (UI) to the AT-TQ2403 Management Software are designed to suit the preferences and requirements for different types of users or scenarios. Most administrators will probably use both UIs in different contexts.
AT-TQ2403 Management Software User's Guide 189 Feature or Setting Configurable from CLI Configurable from Web UI User Accounts Yes Yes User Database Backup and Restore You cannot backup or restore a Yes user database from the CLI. Please use the Web UI to do this as described in Backing Up and Restoring a User Database. Sessions The CLI does not provide session monitoring information. Yes Use the Web UI to view client sessions.
AT-TQ2403 - Management Software - User's Guide Feature or Setting Configurable from CLI Configurable from Web UI Time Protocol Yes Yes Reboot the AP Yes Yes Reset the AP to Factory Defaults Yes Yes Upgrade the Firmware Yes Yes How to Access the CLI for an Access Point You can use any of these methods to access the command line interface (CLI) for the access point or wireless network: Telnet Connection to the AP SSH Connection to the AP Telnet Connection to the AP If you know alr
AT-TQ2403 Management Software User's Guide 191 Software (manager, friend), and press "Enter" after each. (The password is masked, so it will not be displayed on the screen.) When the user name and password is accepted, the screen displays the AT-TQ2403 Management Software help command prompt. AT-TQ2403 login: manager Password: friend Enter ‘help’ for help. You are now ready to enter CLI commands at the command line prompt.
AT-TQ2403 - Management Software - User's Guide This brings up the SSH command window and establishes a connection to the access point. The login prompt is displayed. login as: 3. Enter the default Administrator username and password for the AT-TQ2403 Management Software (manager, friend), and press "Enter" after each. (The password is masked, so it will not be displayed on the screen.) login as: manager admin@192.168.1.230's password: Enter ‘help’ for help.
AT-TQ2403 Management Software User's Guide CLI Command Description get The "get" command allows you to get the property values of existing instances of a class. 193 Classes can be "named" or "unnamed". The command syntax is: get unnamed-class [ property ... | detail ] get named-class [ instance | all [ property ... | name | detail ] ] The rest of the command line is optional. If provided, it is either a list of one or more properties, or the keyword detail.
AT-TQ2403 - Management Software - User's Guide CLI Command Description set The "set" command allows you to set the property values of existing instances of a class. set unnamed-class [ with qualifier-property qualifier-value ... to ] property value . . . The first argument is an unnamed class in the configuration. After this is an optional qualifier that restricts the set to only some instances. For singleton classes (with only one instance) no qualifier is needed.
AT-TQ2403 Management Software User's Guide 195 CLI Command Description Add The "add" command allows you to add a new instance or group of instances of a class. add unique-named-class instance [ property value ... ] add group-named-class instance [ property value ... ] add anonymous-class [ property value ... ] For example: add radius-user wally Note: If you’re adding an instance to a unique-named class, you must assign the instance a name not already in use by any other instance of that class.
AT-TQ2403 - Management Software - User's Guide Hitting TAB once will attempt to complete the current command. If multiple completions exist, a beep will sound and no results will be displayed. Enter TAB again to display all available completions. Example 1: At a blank command line, hit TAB twice to get a list of all commands.
AT-TQ2403 Management Software User's Guide 197 property, "get system version". Hit ENTER to display the output results of the command. For detailed examples on getting help, see “Keyboard Shortcuts and Tab Completion Help”. Ready to Get Started? If you know the four basic commands shown above (get, set, remove, and add) and how to get help at the CLI using tab completion, you are ready to get started.
AT-TQ2403 - Management Software - User's Guide Interface Description brvwnx The bridge interface for Virtual Wireless Network (VWN) where "x" indicates the number of the VWN. wlan0 The wireless (radio) interface for the Internal network. wlan0guest The wireless (radio) interface for the Guest network. wlan0vwnx The wireless interface for Virtual Wireless Network (VWN) where "x" indicates the number of the VWN.
AT-TQ2403 Management Software User's Guide 199 Running Configuration - The running configuration contains the settings with which the AP is currently running. When you view or update configuration settings through the command line interface (CLI) using get, set, add, and remove commands, you are viewing and changing values on the running configuration only.
AT-TQ2403 - Management Software - User's Guide Feature or Setting CLI Command Get the Firmware Version for the Access Point get system version Get the Location of the Access Point get cluster location Set the Location for an Access Point set system location NewLocation For example: set system location hallway or set system location "Vicky’s Office" Set the Password set system password NewPassword For example: set system password admin Get the Wireless Network Name (SSID) get interface wlan0
AT-TQ2403 Management Software User's Guide --------------------ip 10.10.55.216 mac 00:a0:c9:8c:c4:7e Get Common Information on All Interfaces for an AP The following example shows common information (including IP addresses) for all interfaces.
AT-TQ2403 - Management Software - User's Guide brvwn12 brvwn1 brvwn4 brvwn14 lo eth0 bridge bridge bridge bridge loopback ethernet down down down down up up 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 127.0.0.1 00:5C:00:1C:00:1C 255.0.0.0 Get the Firmware Version for the Access Point In the following example, the access point is running Firmware Version:1.0.0.9. Use the get command as shown to obtain the Firmware Version.
AT-TQ2403 Management Software User's Guide 203 Get the Wireless Network Name (SSID) AT-TQ2403# get interface wlan0 ssid allied Set the Wireless Network Name (SSID) AT-TQ2403# set interface wlan0 ssid "Vicky’s AP" AT-TQ2403# get interface wlan0 ssid Vicky’s AP Access Point and Cluster Settings The command examples in this section show how to get the configuration for a cluster of access points. These settings generally correspond to those on the Cluster > Access Points tab in the Web UI.
AT-TQ2403 - Management Software - User's Guide cluster-name vicky-cluster Determine only whether an AP is clustered or not The get cluster clustered command returns a value of 0 or 1. If the command returns a value of 1, then the AP is a member of a cluster. If the AP returns a value of 0, then the AP is in standalone mode. AT-TQ2403# get cluster clustered 1 Determine the name of the cluster your AP is part of The get cluster cluster-name command tells you the name of the cluster your AP is part of.
AT-TQ2403 Management Software User's Guide Feature or Setting 205 CLI Command To set the user’s real name: set radius-user UserName RealName For example: set radius-user samantha realname "Elizabeth Montgomery" or set radius-user samantha realname Elizabeth Montgomery To set user’s password: set radius-user UserName password Password For example: set radius-user samantha password bewitched Save the new user account details save-running Remove a User Account: remove radius-user UserName Get All U
AT-TQ2403 - Management Software - User's Guide AT-TQ2403# set radius-user samantha password bewitched 4.
AT-TQ2403 Management Software User's Guide Feature or Setting Global commands to get details on all Basic Service Sets (BSSs). This is a useful command to use to get a comprehensive picture of how the AP is currently configured.
AT-TQ2403 - Management Software - User's Guide Feature or Setting CLI Command Enable Remote Logging and Specify the Log As a prerequisite to remote logging, the Log Relay Host must be configured first as described in “Setting Up the Log Relay Host”.
AT-TQ2403 Management Software User's Guide 209 Get Current Settings for the Ethernet (Wired) Management Interface The following example shows how to use the CLI to get the Ethernet (Wired) settings for the Management interface for an access point. You can see by the output results of the command that the MAC address is 00:01:02:03:02:00, the IP address is 192.168.1.230 and the subnet mask is 255.255.255.0.
AT-TQ2403 - Management Software - User's Guide Get the Network Name (SSID) for the Wireless Internal Interface The following example shows how to get the SSID of a Wireless Internal Interface. You can see from the value that is returned, that the SSID of this AP is "allied ". AT-TQ2403# get interface wlan0 ssid allied Get current Wireless (Radio) Settings The following examples show how to use the CLI to get wireless radio settings on an access point, such as mode, channel, and so on.
AT-TQ2403 Management Software User's Guide static-channel channel 211 36 36 Property Value --------------------------------------------------------------------------------tx-power 100 tx-rx-status up beacon-interval 100 rts-threshold 2347 fragmentation-threshold 2346 super-ag no atheros-xr no load-balance-disassociation-utilization 0 load-balance-disassociation-stations 0 load-balance-no-association-utilization 0 ap-detection off station-isolation off frequency 5180 wme off rate-limit-enable off rate-limi
AT-TQ2403 - Management Software - User's Guide You can set a Severity of between 0 (most severe) and 7 (least severe). Setting a Severity of 7 will result in all persistent messages being sent to the Event Log. However, if you set a Severity of 4, only messages with a Severity between 0 and 4 will be sent to the Event Log.
AT-TQ2403 Management Software User's Guide 213 AT-TQ2403# get log Property Value ---------------------------------depth 128 persistence no severity 7 relay-enabled 0 relay-host relay-port 514 When you start a new AP, the Log Relay Host is disabled. From the above output for the "get log" command, you can identify the following about the Log Relay Host (syslog server): The syslog server is disabled (because "relay-enabled" is set to "0") No IP address or Host Name is specified for the syslog server.
AT-TQ2403 - Management Software - User's Guide AT-TQ2403# set log relay-host myserver Specify the Relay Port To specify the Relay Port for the syslog server: set log relay-port Number_Of_LogRelayPort Where Number_Of_LogRelayPort is the port number for the Log Relay Host.
AT-TQ2403 Management Software User's Guide 215 tx-packets -------------------------------------------------------------------------------------------------------------------wlan1 00:0e:35:48:a7:ea Yes Yes 98 1 wlan1 00:11:95:df:83:b1 Yes Yes 320 27 AT-TQ2403# get association detail Property Value ---------------------------------interface wlan1 station 00:0e:35:48:a7:ea authenticated Yes associated Yes rx-packets 98 tx-packets 1 rx-bytes 15880 tx-bytes 78 tx-rate 540 listen-interval 10 last-rssi 44 Proper
AT-TQ2403 - Management Software - User's Guide ssid supported-rates type wpa Service Set IDentifier (a.k.a., Network Name) Supported rates list Type (AP, Ad hoc, or Other) WPA security enabled To get the neighboring access points, type get detected-ap.
AT-TQ2403 Management Software User's Guide 217 Feature or Setting CLI Command Deny Management via WLAN Enable: set management deny-wlan-management-enabled 1 Deny: Ping Telnet set management deny-wlan-management-ping 1 HTTP set management deny-wlan-management-telnet 1 SNMP set management deny-wlan-management-http 1 TFTP set management deny-wlan-management-snmp 1 set management deny-wlan-management-tftp 1 Get/Change the Connection Type See detailed example in “Get/Change the Connection Type (DHC
AT-TQ2403 - Management Software - User's Guide Note: For more information on DHCP and Static IP connection types, see the topic “Understanding Dynamic and Static IP Addressing on the AT-TQ2403 Management Software”. To get the connection type: AT-TQ2403# get management dhcp-status up In order to re-set the connection type from DHCP to Static IP, you must have a serial port connection to the AP because you will lose connectivity during the process of assigning a new static IP address.
AT-TQ2403 Management Software User's Guide 219 Re-Configure Static IP Addressing Values Note: This section assumes you have already set the AP to use Static IP Addressing and set some initial values as described in “Get/Change the Connection Type (DHCP or Static IP)”. If you are using static IP addressing on the access point (instead of DHCP), you may want to reconfigure the static IP address, subnet mask, default gateway, or DNS name servers.
AT-TQ2403 - Management Software - User's Guide 2. Turn off Dynamic DNS Nameservers and re-check the settings: AT-TQ2403# set host dns-via-dhcp down AT-TQ2403# get host dns-via-dhcp down 3. Get the current IP addresses for the DNS Nameservers: AT-TQ2403# get host static-dns-1 10.10.3.9 AT-TQ2403# get host static-dns-2 10.10.3.11 4. Re-set the IP addresses for the DNS Nameservers as desired: AT-TQ2403# set host static-dns-1 10.10.3.10 AT-TQ2403# get host static-dns-1 10.10.3.
AT-TQ2403 Management Software User's Guide 221 Note: Before configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI”. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface, the Internal or Guest network, or (on a dual-radio AP) to radio "one" or radio "two".
AT-TQ2403 - Management Software - User's Guide Caution: You cannot use a ssh or telnet connection to configure VLANs, because you will lose network connectivity to the access point when you remove the bridge-port. Therefore, you must use a serial port connection to configure VLANs through the CLI. Be sure to verify that the switch and DHCP server you are using can support VLANs per the IEEE 802.1Q standard.
AT-TQ2403 Management Software User's Guide 223 welcome-screen-text Thank you for using wireless Guest Access as provided by this AT-TQ2403. Upon clicking "Accept", you will gain access to our wireless guest network. This network allows complete access to the Internet but is external to the corporate network. Please note that this network is not configured to provide any level of wireless security.
AT-TQ2403 - Management Software - User's Guide Feature or Setting Enable or Disable a VWN CLI Command set vwn vwnx status up This will enable VWN x. set vwn vwnx status down This will disable VWN x. Where x is the VWN number. The VWN number can be between 1 and 14. Get the VLAN ID of a VWN get vwn vwnx vlan-id Where x is the VWN number. The VWN number can be between 1 and 14. Set the VLAN ID of a VWN set vwn vwnx vlan-id Where vlan-id is a value between 1 and 4096.
AT-TQ2403 Management Software User's Guide Feature or Setting CLI Command Configure Security on the VWN Configuring security on a VWN is the same process as configuring security on an access point. The same options are available. For more information, see “Configure Security on the VWN”. 225 Find out whether VWNs are enabled or not Use the following command to determine if VWNs are enabled. If status is "down", VWNs are disabled. If status is "up", VWNs are enabled.
AT-TQ2403 - Management Software - User's Guide Get the SSID of a VWN In this example, suppose you want to determine the SSID of VWN 14 on an AP. AT-TQ2403# get interface wlan0vwn14 ssid myoffice Set the SSID for a VWN The SSID for a wireless network can be any alphanumeric string, up to a maximum of 32 characters. The SSID you set for a particular VWN will apply to all APs in the cluster. If you add any additional APs to that cluster, they too will share the SSID you set.
AT-TQ2403 Management Software User's Guide 227 use wlan1vwn. For information on the options for configuring security on an access point, see “Security”.
AT-TQ2403 - Management Software - User's Guide suite: AT-TQ2403# set bss wlan0bssvwn7 open-system-authentication on AT-TQ2403# set bss wlan1bssvwn7 open-system-authentication on AT-TQ2403# set bss wlan0bssvwn7 shared-key-authentication on AT-TQ2403# set bss wlan1bssvwn7 shared-key-authentication on AT-TQ2403# set bss wlan0bssvwn7 wpa-allowed on AT-TQ2403# set bss wlan1bssvwn7 wpa-allowed on AT-TQ2403# set bss wlan0bssvwn7 wpa2-allowed on AT-TQ2403# set bss wlan1bssvwn7 wpa2-allowed on AT-TQ2403# set bs
AT-TQ2403 Management Software User's Guide Feature or Setting 229 CLI Command Get Detailed Description of Current Security get bss wlan0bssInternal detail get interface wlan0 detail Set the Broadcast SSID (Allow or Prohibit) set bss wlan0bssInternal ignore-broadcast-ssid on set bss wlan0bssInternal ignore-broadcast-ssid off Enable / Disable Station Isolation AT-TQ2403# set radio wlan0 station-isolation on AT-TQ2403# set radio wlan0 station-isolation off Set Security to Plain Text set interface wl
AT-TQ2403 - Management Software - User's Guide wpa-cipher-ccmp wpa-allowed wpa2-allowed rsn-preauthentication off on on off Set the Broadcast SSID (Allow or Prohibit) To set the Broadcast SSID to on (allow): AT-TQ2403# set bss wlan0bssInternal ignore-broadcast-ssid on To set the Broadcast SSID to off (prohibit): AT-TQ2403# set bss wlan0bssInternal ignore-broadcast-ssid off Enable / Disable Station Isolation AT-TQ2403# get interface br0 port-isolation off AT-TQ2403# set radio wlan0 station-isolation
AT-TQ2403 Management Software User's Guide 231 Set Security to Static WEP 1. Set the Security Mode 2. Set the Transfer Key Index 3. Set the Key Length 4. Set the Key Type 5. Set the WEP Keys 6. Set the Authentication Algorithm 7. Get Current Security Settings After Re-Configuring to Static WEP Security Mode 1. Set the Security Mode AT-TQ2403# set interface wlan0 security static-wep 2. Set the Transfer Key Index The following commands set the Transfer Key Index to 4.
AT-TQ2403 - Management Software - User's Guide 4. Set the Key Type Valid values for Key Type are ASCII or Hex. The following commands set the Key Type. Feature or Setting CLI Command To set the Key Type to ASCII: set interface wlan0 wep-key-ascii yes To set the Key Type to Hex: set interface wlan0 wep-key-ascii no For our example, we’ll set the Key Type to ASCII: AT-TQ2403# set interface wlan0 wep-key-ascii yes 5.
AT-TQ2403 Management Software User's Guide Feature or Setting To set Authentication Algorithm to Both: 233 CLI Command set bss wlan0bssInternal open-system-authentication on set bss wlan0bssInternal shared-key-authentication on For this example, we’ll set the authentication algorithm to Shared Key: AT-TQ2403# set bss wlan0bssInternal shared-key-authentication on AT-TQ2403# set bss wlan0bssInternal open-system-authentication off 7.
AT-TQ2403 - Management Software - User's Guide status description mac ip mask static-ip static-mask rx-bytes rx-packets rx-errors rx-drop rx-fifo rx-frame rx-compressed rx-multicast tx-bytes tx-packets tx-errors tx-drop tx-fifo tx-colls tx-carrier tx-compressed stp fd hello priority port-isolation ssid bss security wpa-personal-key wep-key-ascii wep-key-length wep-default-key wep-key-1 wep-key-2 wep-key-3 wep-key-4 wep-key-mapping-length multicast-received-frame-count vlan-interface vlan-id radio remot
AT-TQ2403 Management Software User's Guide 235 5. Get Current Security Settings After Re-Configuring to IEEE 802.1x Security Mode 1. Set the Security Mode AT-TQ2403# set interface wlan0 security dot1x 2. Set the Authentication Server You can use the built-in authentication server on the access point or an external RADIUS server. Note: To use the built-in authentication server, set the RADIUS IP address to that used by the built-in server (127.0.0.
AT-TQ2403 - Management Software - User's Guide For our example, we’ll disable RADIUS accounting since we’re using the built-in server: AT-TQ2403# set bss wlan0bssInternal radius-accounting off 5. Get Current Security Settings After Re-Configuring to IEEE 802.1x Security Mode Now we can use the "get" command again to view the updated security configuration and see the results of our new settings.
AT-TQ2403 Management Software User's Guide 237 2. Set the WPA Versions Select the WPA version based on what types of client stations you want to support. Feature or Setting CLI Command To support WPA clients: set bss wlan0bssInternal wpa-allowed on WPA: If all client stations on the network support the original WPA but none support the newer WPA2, then use WPA.
AT-TQ2403 - Management Software - User's Guide Feature or Setting CLI Command To set the cipher suite to CCMP (AES) only: set bss wlan0bssInternal wpa-cipher-tkip off set bss wlan0bssInternal wpa-cipher-ccmp on CCMP (AES) - Counter mode/CBCMAC Protocol (CCMP) is an encryption method for IEEE 802.11i that uses the Advanced Encryption Algorithm (AES).
AT-TQ2403 Management Software User's Guide 239 wpa-personal The following command gets details on how the internal network is configured, including details on Security.
AT-TQ2403 - Management Software - User's Guide 2. Set the WPA Versions Select the WPA version based on what types of client stations you want to support. Feature or Setting CLI Command To support WPA clients: set bss wlan0bssInternal wpa-allowed on WPA: If all client stations on the network support the original WPA but none support the newer WPA2, then use WPA.
AT-TQ2403 Management Software User's Guide Feature or Setting 241 CLI Command set bss wlan0bssInternal rsn-preauthentication on To enable pre-authentication for WPA2 clients: Enable pre-authentication if you want WPA2 wireless clients to send pre-authentication packet. The pre-authentication information will be relayed from the access point the client is currently using to the target access point.
AT-TQ2403 - Management Software - User's Guide To set the cipher suite to Both: set bss wlan0bssInternal wpa-cipher-tkip on Both - When the authentication algorithm is set to "Both", both TKIP and AES clients can associate with the access point. WPA clients must have either a valid TKIP key or a valid CCMP (AES) key to be able to associate with the AP.
AT-TQ2403 Management Software User's Guide 243 Note: RADIUS accounting is not supported by the built-in server, so if you are using the built-in server make sure that RADIUS accounting is off.
AT-TQ2403 - Management Software - User's Guide mac-acl-name radius-accounting radius-ip radius-key radius-port radius-accounting-port vlan-tagged-interface open-system-authentication shared-key-authentication wpa-allow-non-wpa-stations wpa-cipher-tkip wpa-cipher-ccmp wpa-allowed wpa2-allowed rsn-preauthentication default on 142.77.1.
AT-TQ2403 Management Software User's Guide 245 This table shows a quick view of Radio Settings commands and links to detailed examples. Feature or Setting CLI Command Get Radio Settings get radio get radio wlan0 get radio wlan0 detail Get IEEE 802.
AT-TQ2403 - Management Software - User's Guide Get Radio Channel To get the current setting for radio Channel: AT-TQ2403# get radio wlan0 channel 36 (The radio in this example is on Channel 36.
AT-TQ2403 Management Software User's Guide rate-limit-enable rate-limit rate-limit-burst 247 off 50 75 Get Supported Rate Set The Supported Rate Set is what the access point supports. The AP will automatically choose the most efficient rate based on factors like error rates and distance of client stations from the AP. For a list the recommended default supported rates per radio mode, see “2. Set the Radio Mode”.
AT-TQ2403 - Management Software - User's Guide Note: To get a list of all properties you can set on the AP radio, type the following at the CLI prompt: set radio wlan0 [Space] [Tab] [Tab] 1. Turn the Radio On or Off 2. Set the Radio Mode 3. Enable or Disable Super AG 4. Set the Channel Policy 5. Set the Radio Channel 6. Configure Basic and Supported Rate Sets 7. Set the Beacon Interval 8. Set the DTIM Period 9. Set the Fragmentation Threshold 10. Set the RTS Threshold 1.
AT-TQ2403 Management Software User's Guide Feature or Setting 249 CLI Command Atheros Turbo 2.4 GHz set radio wlan0 mode turbo-g Atheros Dynamic Turbo 2.4 GHz set radio wlan0 mode dynamic-turbo-g The following command sets the Wireless Mode to IEEE 802.11g: AT-TQ2403# set radio wlan0 mode g When you change the radio mode, typically you must change the basic and supported rates to match the mode. For a mapping of radio modes to basic and supported rates, see the table for this in step 6.
AT-TQ2403 - Management Software - User's Guide Note that this setting for a "static-channel" only takes effect if the Channel Policy (channel-policy) is set to static. The channels available will depend on the radio mode of your access point and the country in which the AP is operating. The following mappings of modes to channel sets assume the AP is operating in the United States (country code is "us"). For more information on setting the channel policy, see “4. Set the Channel Policy”.
AT-TQ2403 Management Software User's Guide 251 Radio Mode Basic Rates Supported Rates g 11, 5.5, 2, 1 Mbps 54, 48, 36, 24, 18, 12, 11, 9, 6, 5.5, 2, 1 Mbps (IEEE 802.11g) Note: Including rates 24, 12, and 6 as Supported Rates for "g" mode will prevent "b" clients from connecting since they do not support these rates, but will allow "g" clients to connect since they are required by the standard to support these rates.
AT-TQ2403 - Management Software - User's Guide AT-TQ2403# get basic-rate name rate ------------------------wlan1 5.
AT-TQ2403 Management Software User's Guide 253 multicast and broadcast packets buffered at the AP will be transmitted immediately after the transmission of this beacon frame. The measurement is in beacon intervals. Specify a DTIM period within a range of 1 - 255 beacons. For example, if you set this to "1" clients will check for buffered data on the AP at every beacon. If you set this to "2", clients will check on every other beacon. The following command sets the DTIM interval to 3.
AT-TQ2403 - Management Software - User's Guide 4. Getting Current MAC Filtering Settings: 5. Get the Type of MAC Filtering List Currently Set (Accept or Deny) 6. Get MAC Filtering List 1.
AT-TQ2403 Management Software User's Guide 255 AT-TQ2403# remove mac-acl default mac 00:01:02:03:04:04 4.
AT-TQ2403 - Management Software - User's Guide Quality of Service Note: Before configuring this feature from the CLI, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI”. The interface name referenced in a command determines if a setting applies to a wired or wireless interface, the Internal or Guest network, or (on a dual-radio AP) to radio "one" or radio "two".
AT-TQ2403 Management Software User's Guide Feature or Setting 257 CLI Command Setting Minimum and Maximum On the AP: Contention Windows (cwmin, cwmax) set tx-queue wlan0 with queue Queue_Name to cwmin cwmin_Value cwmax cwmax_Value On a client station: set wme-queue wlan0 with queue Queue_Name to cwmin cwmin_Value cwmax cwmax_Value See examples in “Setting Minimum and Maximum Contention Windows (cwmin, cwmax)”.
AT-TQ2403 - Management Software - User's Guide Station Enhanced Distributed Channel Access (EDCA) Parameters affect traffic flowing from the client station to the access point (station-to-AP). Keep in mind that station-to-AP parameters apply only when WMM is enabled as described in “Enable/Disable Wi-Fi Multimedia”.
AT-TQ2403 Management Software User's Guide wlan1 wlan1 wlan0 wlan0 wlan0 wlan0 be bk vo vi be bk 3 7 2 2 3 7 15 15 3 7 15 15 259 1023 1023 7 15 1023 1023 0 0 47 94 0 0 Set Arbitration Interframe Spaces (AIFS) Arbitration Inter-Frame Spacing (AIFS) specifies a wait time (in milliseconds) for data frames. Valid values for AIFS are 1-255.
AT-TQ2403 - Management Software - User's Guide wlan1 wlan1 wlan1 wlan0 wlan0 wlan0 wlan0 vi be bk vo vi be bk 2 3 7 14 2 3 7 7 15 15 3 7 15 15 15 1023 1023 7 15 1023 1023 94 0 0 47 94 0 0 Setting Minimum and Maximum Contention Windows (cwmin, cwmax) The Minimum Contention Window (cwmin) sets the upper limit (in milliseconds) of the range from which the initial random backoff wait time is determined.
AT-TQ2403 Management Software User's Guide 261 cwmax_Value Where Queue_Name is the queue on the station to which you want the setting to apply and cwmin_Value and cwmax_Value are the values (in milliseconds) you want to specify for contention back-off windows. For example, this command sets the client station Video queue (vi) cwmin value to 15 and cwmax value to 31.
AT-TQ2403 - Management Software - User's Guide Set Transmission Opportunity Limit (txop-limit) for WMM client stations The Transmission Opportunity Limit (txop-limit) specifies an interval of time (in milliseconds) when a WMM client station has the right to initiate transmissions on the wireless network. The txop-limit applies only to the client stations (station-to-AP traffic).
AT-TQ2403 Management Software User's Guide 263 AT-TQ2403# set interface wlan0wds0 remote-mac MAC_Address_Of_Remote_AP For example: AT-TQ2403# set interface wlan0wds0 remote-mac 00:E0:B8:76:1B:14 Setting Security for a WDS link to WPA-Personal The WPA (PSK) security setting can only be set on the WDS link if you have set security on both APs to either WPA Personal or WPA Enterprise. 1.
AT-TQ2403 - Management Software - User's Guide priority port-isolation ssid bss security wpa-personal-key wep-key-ascii no wep-key-length 104 wep-default-key wep-key-1 ep-key-2 wep-key-3 wep-key-4 wep-key-mapping-length multicast-received-frame-count vlan-interface vlan-id radio wlan0 remote-mac 00:80:98:78:18:50 wep-key wds-ssid wds-test wds-security-policy wpa-personal wds-wpa-psk-key 12345678 Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) defines a standard for
AT-TQ2403 Management Software User's Guide 265 4. Allow/Prohibit SNMP SET Commands set snmp rw-status up set snmp rw-status down 5. Set the read-write community name for permitted SETs set snmp rw-community 6. Restrict the source of SNMP requests to only the designated hosts or subnets set snmp source-status up set snmp source-status down When "source-status" is enabled (up), the AP accepts SNMP only from designated hosts or subnets.
AT-TQ2403 - Management Software - User's Guide AT-TQ2403# set ntp auto-sync up 4. Interval to Synchronize If Synchronize Automatically is enabled, the device will synchronize time with the NTP server at each specified interval. This interval is set in minutes. AT-TQ2403# set ntp sync-intv 20 5. Time zone Specify the time zone where the device locates. The time zone determines the local time when the device is synchronizing time with the NTP server. AT-TQ2403# set ntp time-offset 480 6.
AT-TQ2403 Management Software User's Guide 267 Reset the AP to Factory Defaults If you are experiencing extreme problems with the AT-TQ2403 Management Software and have tried all other troubleshooting measures, you can reset the access point. This will restore factory defaults and clear all settings, including settings such as a new password or wireless settings. You will be prompted to confirm whether you do want to reset the system.
AT-TQ2403 - Management Software - User's Guide 2. Set the upgrade URL from the CLI. This URL should be the URL of the upgrade file on the web server. AT-TQ2403# set firmware-upgrade upgrade-url http://10.10.28.249/upgrade.img 3. It is good practice to check the validity of the upgrade file. Validate the file using the following command: AT-TQ2403# set firmware-upgrade validate yes AT-TQ2403# get firmware-upgrade progress validation success validation success 4.
AT-TQ2403 Management Software User's Guide 269 Action on CLI Keyboard Shortcut Move the cursor forward on the current line, one character at a time Ctrl-f Right Arrow Key Start over at a blank command prompt (abandons the input on the current line) Ctrl-c Remove one character on the current line. Ctrl-h Remove the last word in the current command. Ctrl-W (Clears one word at a time from the current command line, always starting with the last word on the line.
AT-TQ2403 - Management Software - User's Guide add factory-reset get reboot remove save-running set Example 2: Type "get " TAB TAB (including a space after get) to see a list of all property options for the get command.
AT-TQ2403 Management Software User's Guide access-point ap-list bss channel-planner cluster config dhcp-client dot11 firmware-upgrade host interface log mac-acl management ntp portal radio radius-user serial snmp ssh static-ip-route system telnet traphost tx-queue untagged-vlan vwn web-server wme-queue 271 Guest, VLAN and VWN settings AP list for rogue AP detection Basic Service Set of radios Channel planner settings Clustering-based configuration settings Configuration settings DHCP client settings IEE
AT-TQ2403 - Management Software - User's Guide AT-TQ2403# remove ap-list AP list for rogue AP detection basic-rate Basic rates of radios bridge-port Bridge ports of bridge interfaces bss Basic Service Set of radios interface Network interface mac-acl MAC address access list item radius-user RADIUS user supported-rate Supported rates of radios traphost Destination host for SNMP trap CLI Classes and Properties Reference Configuration information for the AT-TQ2403 is represented as a set of classes and o
AT-TQ2403 Management Software User's Guide Figure 90: Kick Start Search Results Dialog Box 273
AT-TQ2403 - Management Software - User's Guide Glossary 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0-9 802 IEEE 802 (IEEE Std. 802-2001) is a family of standards for peer-to-peer communication over a LAN. These technologies use a shared-medium, with information broadcast for all stations to receive. The basic communications capabilities provided are packet-based.
AT-TQ2403 Management Software User's Guide 275 802.11a Turbo IEEE 802.11a Turbo is a proprietary variant of the 802.11a standard from Atheros Communications. It supports accelerated data rates ranging from 6 to 108Mbps. Atheros Turbo 5 GHz is IEEE 802.11a Turbo mode. Atheros Turbo 2.4 GHz is IEEE 802.11g Turbo mode. 802.11b IEEE 802.11b (IEEE Std. 802.11b-1999) is an enhancement of the initial 802.11 PHY to include 5.5 Mbps and 11 Mbps data rates.
AT-TQ2403 - Management Software - User's Guide 802.11i IEEE 802.11i is a comprehensive IEEE standard for security in a wireless local area network (WLAN) that describes Wi-Fi Protected Access 2 (WPA2). It defines enhancements to the MAC Layer to counter the some of the weaknesses of WEP. It incorporates stronger encryption techniques than the original Wi-Fi Protected Access (WPA), such as Advanced Encryption Standard (AES). The original WPA, which can be considered a subset of 802.
AT-TQ2403 Management Software User's Guide 277 A Access Point An access point is the communication hub for the devices on a WLAN, providing a connection or bridge between wireless and wired network devices. It supports a Wireless Networking Framework called Infrastructure Mode. When one access point is connected to a wired network and supports a set of wireless stations, it is referred to as a basic service set (BSS). An extended service set (ESS) is created by combining two or more BSSs.
AT-TQ2403 - Management Software - User's Guide frequency hopping spread spectrum, direct sequence spread spectrum, etc.). The optional Traffic Indication Map (TIM) identifies stations, using power saving mode, that have data frames queued for them. Bridge A connection between two local area networks (LANs) using the same protocol, such as Ethernet or IEEE 802.1x. Broadcast A Broadcast sends the same message at the same time to everyone.
AT-TQ2403 Management Software User's Guide 279 transnational authorities such as the Federal Communications Commission (FCC), the European Telecommunications Standards Institute (ETSI), the Korean Communications Commission, or the Telecom Engineering Center (TELEC). CSMA/CA Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is a low-level network arbitration/ contention protocol. A station listens to the media and attempts to transmit a packet when the channel is quiet.
AT-TQ2403 - Management Software - User's Guide The Document Object Model (DOM) is an interface that allows programs and scripts to dynamically access and update the content, structure, and style of documents. The DOM allows you to model the objects in an HTML or XML document (text, links, images, tables), defining the attributes of each object and how they can be manipulated. Further details about the DOM can be found at the W3C.
AT-TQ2403 Management Software User's Guide 281 The Extended Rate Protocol refers to the protocol used by IEEE 802.11g stations (over 20 Mbps transmission rates at 2.4GHz) when paired with Orthogonal Frequency Division Multiplexing (OFDM). Built into ERP and the IEEE 802.11g standard is a scheme for effective interoperability of IEEE 802.11g stations with IEEE 802.11b nodes on the same channel. Legacy IEEE 802.11b devices cannot detect the ERP-OFDM signals used by IEEE 802.
AT-TQ2403 - Management Software - User's Guide HTTPS The Secure Hypertext Transfer Protocol (HTTPS) is the secure version of HTTP, the communication protocol of the World Wide Web. HTTPS is built into the browser. If you are using HTTPS you will notice a closed lock icon at the bottom corner of your browser page. All data sent via HTTPS is encrypted, thus ensuring secure transactions take place. I IAPP The Inter Access Point Protocol (IAPP) is an IEEE standard (802.
AT-TQ2403 Management Software User's Guide 283 An IP address is partitioned into two portions: the network prefix and a host number on that network. A Subnet Mask is used to define the portions. There are two special host numbers: The Network Address consists of a host number that is all zeroes (for example, 192.168.2.0). The Broadcast Address consists of a host number that is all ones (for example, 192.168.2.255). There are a finite number of IP addresses that can exist.
AT-TQ2403 - Management Software - User's Guide LAN A Local Area Network (LAN) is a communications network covering a limited area, for example, the computers in your home that you want to network together or a couple of floors in a building. A LAN connects multiple computers and other network devices such as storage and printers. Ethernet is the most common technology implementing a LAN. Wireless Ethernet (802.11) is another very popular LAN technology (also see WLAN).
AT-TQ2403 Management Software User's Guide 285 MTU The Maximum Transmission Unit is the largest physical packet size, measured in bytes, that a network can transmit. Any messages larger than the MTU are fragmented into smaller packets before being sent. Multicast A Multicast sends the same message to a select group of recipients. Sending an e-mail message to a mailing list is an example of multicasting.
AT-TQ2403 - Management Software - User's Guide with low-level protocols for communication and addressing. For example, protocols such as CSMA/CA and components like MAC addresses, and Frames are all defined and dealt with as a part of the Data-Link layer. Layer 3, the Network layer, defines the how to determine the best path for information traversing the network. Packets and logical IP Addresses operate on the network layer.
AT-TQ2403 Management Software User's Guide 287 The Point-to-Point Protocol is a standard for transmitting network layer datagrams (IP packets) over serial point-to-point links. PPP is designed to operate both over asynchronous connections and bit-oriented synchronous systems. PPPoE Point-to-Point Protocol over Ethernet (PPPoE) is a specification for connecting the users on a LAN to the Internet through a common broadband medium, such as a single DSL or cable modem line.
AT-TQ2403 - Management Software - User's Guide In IEEE 802.11 parlance, roaming clients are mobile client stations or devices on a wireless network (WLAN) that require use of more than one Access Point (AP) as they move out of and into range of different base station service areas. IEEE 802.11f defines a standard by which APs can communicate information about client associations and disassociations in support of roaming clients.
AT-TQ2403 Management Software User's Guide 289 SNMP Traps SNMP traps enable the asynchronous communication from network devices to managed agents. Setting SNMP traps saves on network resources and eliminates redundant SNMP requests. SSID The Service Set Identifier (SSID) is a thirty-two character key that uniquely identifies a wireless local area network. It is also referred to as the Network Name. There are no restrictions on the characters that may be used in an SSID. Static IP Address See IP Address.
AT-TQ2403 - Management Software - User's Guide T TCP The Transmission Control Protocol (TCP) is built on top of Internet Protocol (IP). It adds reliable communication (guarantees delivery of data), flow-control, multiplexing (more than one simultaneous connection), and connection-oriented transmission (requires the receiver of a packet to acknowledge receipt to the sender). It also guarantees that packets will be delivered in the same order in which they were sent.
AT-TQ2403 Management Software User's Guide 291 V VLAN A virtual LAN (VLAN) is a software-based, logical grouping of devices on a network that allow them to act as if they are connected to a single physical network, even though they may not be. The nodes in a VLAN share resources and bandwidth, and are isolated on that network. The AT-TQ2403 Wireless AP supports the configuration of a wireless VLAN. This technology is leveraged on the access point for the "virtual" guest network feature.
AT-TQ2403 - Management Software - User's Guide Stations communicate through an Access Point in an Infrastructure Mode network. A single access point creates an infrastructure basic service set (BSS) whereas multiple access points are organized in an extended service set (ESS). WLAN Wireless Local Area Network (WLAN) is a LAN that uses high-frequency radio waves rather than wires to communicate between its nodes.