Edimax Pro NMS User Manual 10-2014 / v1.
Contents I. Product Information .............................................................................. 5 II. Quick Setup ........................................................................................... 6 III. Software Layout ...................................................................................12 IV. Features ...............................................................................................19 2 IV-1. IV-2. IV-2-1. LOGIN, LOGOUT & RESTART ......................
IV-5-8-2. Date & Time .................................................................................................................69 IV-6. Local Network ............................................................................................................ 71 IV-6-1. Network Settings .................................................................................................................71 IV-6-1-1. LAN-Side IP Address .......................................................................
IV-7-4. Advanced ...........................................................................................................................118 IV-7-4-1. LED Settings ...............................................................................................................118 IV-7-4-2. Update Firmware .....................................................................................................118 IV-7-4-3. Save/Restore Settings ...................................................................
I. Product Information Edimax Pro Network Management Suite (NMS) supports the central management of a group of access points, otherwise known as an AP Array. NMS can be installed on one access point and support up to 8 Edimax Pro access points with no additional wireless controller required, reducing costs and facilitating efficient remote AP management.
II. Quick Setup Edimax Pro NMS is simple to setup. An overview of the system is shown below: One AP (access point) is designated as the AP Controller (master) and other connected Edimax Pro APs are automatically designated as Managed APs (slaves). Using Edimax Pro NMS you can monitor, configure and manage all Managed APs (up to 8) from the single AP Controller.
Follow the steps below: Ensure you have the latest firmware from the Edimax website for your Edimax Pro products. 1. Connect all APs to an Ethernet or PoE switch which is connected to a gateway/router. 2. Ensure all APs are powered on and check LEDs.
3. Designate one AP as the AP Controller which will manage all other connected APs (up to 8). 4. Connect a computer to the designated AP Controller using an Ethernet cable.
5. Open a web browser and enter the AP Controller’s IP address in the address field. The default IP address is 192.168.2.2 Your computer’s IP address must be in the same subnet as the AP Controller. Refer to V-1. Configuring your IP Address for help. If you changed the AP Controller’s IP address, or if your gateway/router uses a DHCP server, ensure you enter the correct IP address. Refer to your gateway/router’s settings. 6. Enter the username & password to login.
8. Click “Apply” to save the settings. 9. Edimax Pro NMS includes a wizard to quickly setup the SSID & security for Managed APs. Click “Wizard” in the top right corner to begin. 10. Follow the instructions on-screen to complete Steps 1, 2 & 3 and click “Finish” to save the settings.
If any of your Managed APs are not found during Step 2 AP Discovery, reset the Managed AP to its factory default settings. Refer to the Managed AP’s user manual for help. 11. Your AP Controller & Managed APs should be fully functional. Use the top menu to navigate around Edimax Pro NMS. Use Dashboard, Zone Plan, NMS Monitor & NMS Settings to configure Managed APs. Use Local Network & Local Settings to configure your AP Controller.
III. Software Layout The top menu features 7 panels: Dashboard, Zone Plan, NMS Monitor, NMS Settings, Local Network, Local Settings & Toolbox. Dashboard The Dashboard panel displays an overview of your network and key system information, with quick links to access configuration options for Managed APs and Managed AP groups. Each panel can be refreshed, collapsed or moved according to your preference.
Zone Plan Zone Plan displays a customizable live map of Managed APs for a visual representation of your network coverage. Each AP icon can be moved around the map, and a background image can be uploaded for user-defined location profiles using NMS Settings Zone Edit. Options can be configured using the menu on the right side and signal strength is displayed for each AP.
NMS Monitor The NMS Monitor panel provides more detailed monitoring information about the AP Array than found on the Dashboard, grouped according to categories in the menu down the left side.
NMS Settings NMS Settings provides extensive configuration options for the AP Array. You can manage each access point, assign access points into groups, manage WLAN, RADIUS & guest network settings as well as upgrade firmware across multiple access points. The Zone Plan can also be configured using “Zone Edit”.
Local Network Local Network settings are for your AP Controller. You can configure the IP address and DHCP server of the AP Controller in addition to 2.4GHz & 5Ghz Wi-Fi and security, with WPS, RADIUS server, MAC filtering and WMM settings also available.
Local Settings Local Settings are for your AP Controller. You can set the operation mode and view network settings (clients and logs) specifically for the AP Controller, as well as other management settings such as date/time, admin accounts, firmware and reset.
Toolbox The Toolbox panel provides a network diagnostic tools: ping and traceroute.
IV. Features Descriptions of the functions of each main panel Dashboard, Zone Plan, NMS Monitor, NMS Settings, Local Network, Local Settings & Toolbox can be found below. When using Edimax NMS, click “Apply” to save changes: Screenshots displayed are examples. The information shown on your screen will vary depending on your configuration. IV-1. LOGIN, LOGOUT & RESTART It is recommended that you login to the AP Controller to make configurations to Managed APs. LOGIN 1.
Your computer’s IP address must be in the same subnet as the AP Controller. Refer to V-1. Configuring your IP Address for more help. If you changed the AP Controller’s IP address, or if your gateway/router uses a DHCP server, ensure you enter the correct IP address. Refer to your gateway/router’s settings. If using a DHCP server on the network, it is advised to use your DHCP server’s settings to assign the AP Controller a static IP address. 3. Enter the username & password to login.
IV-2. DASHBOARD The dashboard displays an overview of your AP array: Use the blue icons above to refresh or collapse each panel in the dashboard. Click and drag to move a panel to suit your preference.
IV-2-1. System Information System Information displays information about the AP Controller: Product Name (model), Host Name, MAC Address, IP Address, Firmware Version, System Time and Uptime (time the access point has been on). IV-2-2. Devices Information Devices Information is a summary of the number of all devices in the local network: Access Points, Clients Connected, and Rogue (unidentified) Devices.
IV-2-3. Managed AP Managed AP displays information about each Managed AP in the local network: Index (reference number), MAC Address, Device Name, Model, IP Address, 2.4GHz & 5GHz Wireless Channel Number, No. of Clients connected to each access point, and Status (connected, connecting or disconnected). The search function can be used to locate a specific Managed AP.
5. Network Connectivity Go to the “Network Connectivity” panel to perform a ping or traceroute. 6. Restart Restarts the Managed AP. IV-2-4. Managed AP Group Managed APs can be grouped according to your requirements. Managed AP Group displays information about each Managed AP group in the local network: Group Name, MAC Address, Device Name, Model, IP Address, 2.4GHz & 5GHz Wireless Channel Number, No. of Clients connected to each access point, and Status (connected or disconnected).
2. Edit Edit various settings for the Managed AP (refer to IV-5-1. Access Point) 3. Blink LED The Managed AP’s LED will flash temporarily to help identify & locate access points. 4. Buzzer The Managed AP’s buzzer will sound temporarily to help identify & locate access points. 5. Network Connectivity Go to the “Network Connectivity” panel to perform a ping or traceroute. 6. Restart Restarts the Managed AP. IV-2-5.
IV-3. ZONE PLAN The Zone Plan can be fully customized to match your network environment. You can move the AP icons and select different location images (upload location images in NMS Settings Zone Edit) to create a visual map of your AP array. Use the menu on the right side to make adjustments and mouse-over an AP icon in the zone map to see more information.
Click and drag an AP icon to move the icon around the zone map. The signal strength for each AP is displayed according to the “Signal” key in the menu on the right side: Location AP Group Search Radio Signal Zoom Transparency Scale 27 Select a pre-defined location from the drop down menu. When you upload a location image in NMS Settings Zone Edit, it will be available for selection here. You can select an AP Group to display in the zone map. Edit AP Groups in NMS Settings Access Point.
Device/Number 28 Displays number and type of devices in the zone map.
IV-4. NMS MONITOR IV-4-1. Access Point IV-4-1-1. Managed AP Displays information about each Managed AP in the local network: Index (reference number), MAC Address, Device Name, Model, IP Address, 2.4GHz & 5GHz Wireless Channel Number, No. of Clients connected to each access point, and Status (connected, connecting or disconnected). The search function can be used to locate a specific Managed AP. Type in the search box and the list will update: The Status icon displays the status of each Managed AP.
use the AP Controller’s firmware upgrade function (refer to IV-5-7. Firmware Upgrade). Please wait while the Managed AP makes Configuring or Orange configurations or while the firmware is Upgrading upgrading. Please wait while Managed AP is Yellow Connecting connecting. Managed AP is connected. Green Connected Blue Waiting for Approval Managed AP is waiting for approval. Refer to IV-5-1. Access Point: Auto Approval. Note: Eight Managed APs are supported.
5. Restart Restarts the Managed AP. IV-4-1-2. Managed AP Group Managed APs can be grouped according to your requirements. Managed AP Group displays information about each Managed AP group in the local network: Group Name, MAC Address, Device Name, Model, IP Address, 2.4GHz & 5GHz Wireless Channel Number, No. of Clients connected to each access point, and Status (connected or disconnected). To edit Managed AP Groups go to NMS Settings Access Point (refer to IV-5-1. Access Point).
3. Edit Edit various settings for the Managed AP (refer to IV-5-1. Access Point). 4. Blink LED The Managed AP’s LED will flash temporarily to help identify & locate access points. 5. Buzzer The Managed AP’s buzzer will sound temporarily to help identify & locate access points. 6. Network Connectivity Go to the “Network Connectivity” panel to perform a ping or traceroute. 7. Restart Restarts the Managed AP.
IV-4-2. WLAN IV-4-2-1. Active WLAN Displays information about each SSID in the AP Array: Index (reference number), Name/SSID, VLAN ID, Authentication, Encryption, IP Address and Additional Authentication. To configure encryption and VLANs for Managed APs go to NMS Settings WLAN. The search function can be used to locate a specific SSID.
IV-4-2-2. Active WLAN Group WLAN groups can be created according to your preference. Active WLAN Group displays information about WLAN group: Group Name, Name/SSID, VLAN ID, Authentication, Encryption, IP Address and Additional Authentication. The search function can be used to locate a specific Active WLAN Group. Type in the search box and the list will update: IV-4-3. Clients IV-4-3-1.
IV-4-4. Rogue Devices Rogue access point detection can identify any unauthorized access points which may have been installed in the network. Click “Start” to scan for rogue devices: Unknown Rogue Devices displays information about rogue devices discovered during the scan: Index (reference number), Channel, SSID, MAC Address, Security, Signal Strength, Type, Vendor and Action. The search function can be used to locate a known rogue device.
IV-4-5. Information IV-4-5-1. All Events/Activities Displays a log of time-stamped events for each access point in the Array – use the drop down menu to select an access point and view the log.
IV-4-5-2. Monitoring Displays graphical monitoring information about access points in the Array for 2.4GHz & 5GHz: Traffic Tx (data transmitted in MB), Traffic Rx (data received in MB), No. of Clients, Wireless Channel, Tx Power (wireless radio power), CPU Usage and Memory Usage. Use the drop down menus to select an access point and date.
IV-5. NMS Settings IV-5-1. Access Point Displays information about each access point and access point group in the local network and allows you to edit access points and edit or add access point groups. The search function can be used to locate an access point or access point group.
Select an access point or access point group using the check-boxes and click “Edit” to make configurations, or click “Add” to add a new access point group: The Access Point Settings panel can enable or disable Auto Approve for all Managed APs. When enabled, Managed APs will automatically join the AP Array with the Controller AP. When disabled, Managed APs must be manually approved to join the AP Array with the Controller AP.
Basic Settings Name Description MAC Address AP Group IP Address Assignment IP Address Subnet Mask 40 Edit the access point name. The default name is AP + MAC address. Enter a description of the access point for reference e.g. 2nd Floor Office. Displays MAC address. Use the drop down menu to assign the AP to an AP Group. You can edit AP Groups from the NMS Settings Access Point page.
Default Gateway Primary DNS Secondary DNS Radio Settings Wireless Band 41 255.255.255.0 For DHCP users, select “From DHCP” to get default gateway from your DHCP server or “User-Defined” to enter a gateway manually. For static IP users, the default value is blank. DHCP users can select “From DHCP” to get primary DNS server’s IP address from DHCP or “User-Defined” to manually enter a value. For static IP users, the default value is blank.
Auto Pilot Auto Pilot Range Auto Pilot Interval Channel Bandwidth BSS BasicRateSet 802.11g, 802.11n & 802.11ac can be selected. Enable/disable auto channel selection. Auto channel selection will automatically set the wireless channel for the access point’s 2.4GHz or 5GHz frequency based on availability and potential interference. When disabled, select a channel manually. Select a range from which the auto channel setting (above) will choose a channel.
802.11g Protection Enable/disable 802.11g protection, which increases reliability but reduces bandwidth (clients will send Request to Send (RTS) to access point, and access point will broadcast Clear to Send (CTS), before a packet is sent from client.) 802.11n Protection Enable/disable 802.11n protection, which increases reliability but reduces bandwidth (clients will send Request to Send (RTS) to access point, and access point will broadcast Clear to Send (CTS), before a packet is sent from client.
WLAN Group Guest Network Group RADIUS Group Access Control Group 44 Assign the access point’s 2.4GHz or 5GHz SSID(s) to a WLAN Group. You can edit WLAN groups in NMS Settings WLAN. Assign the access point’s 2.4GHz or 5GHz SSID(s) to a Guest Network Group. You can edit Guest Network groups in NMS Settings Guest Network. Assign the access point’s 2.4GHz SSID(s) to a RADIUS group. You can edit RADIUS groups in NMS Settings RADIUS. Assign the access point’s 2.4GHz SSID(s) to a RADIUS group.
Add/Edit Access Point Group Configure your selected access point group. Access point group settings apply to all access points in the group, unless individually set to override group settings. You can use Profile Group Settings to assign the access point group to WLAN, Guest Network, RADIUS and Access Control groups.
Radio Group Settings Wireless Enable or disable the access point group’s 2.4GHz or 5GHz wireless radio. When disabled, no SSIDs on that frequency will be active. Band Select the wireless standard used for the access point group. Combinations of 802.11b, 802.11g, 802.11n & 802.11ac can be selected. Auto Pilot Enable/disable auto channel selection. Auto channel selection will automatically set the wireless channel for the access point group’s 2.
Preamble Type Set the wireless radio preamble type. The preamble type in 802.11 based wireless communication defines the length of the CRC (Cyclic Redundancy Check) block for communication between the access point and roaming wireless adapters. The default value is “Short Preamble”. Guard Interval Set the guard interval. A shorter interval can improve performance. 802.11g Protection Enable/disable 802.
Profile Group Settings WLAN Group Assign the access point group’s 2.4GHz or 5GHz SSIDs to a WLAN Group. You can edit WLAN groups in NMS Settings WLAN. Guest Network Assign the access point group’s 2.4GHz or Group 5GHz SSIDs to a Guest Network Group. You can edit Guest Network groups in NMS Settings Guest Network. RADIUS Group Assign the access point group’s 2.4GHz SSIDs to a RADIUS group. You can edit RADIUS groups in NMS Settings RADIUS. Access Control Assign the access point’s 2.
IV-5-2. WLAN Displays information about each WLAN and WLAN group in the local network and allows you to add or edit WLANs & WLAN Groups. When you add a WLAN Group, it will be available for selection in NMS Settings Access Point access point Profile Settings & access point group Profile Group Settings (IV-5-1.) The search function can be used to locate a WLAN or WLAN Group.
Add/Edit WLAN WLAN Settings Name/ESSID Description SSID VLAN ID Broadcast SSID Wireless Client Isolation 50 Edit the WLAN name (SSID). Enter a description of the SSID for reference e.g. 2nd Floor Office HR. Select which SSID to configure security settings for. Specify the VLAN ID. Enable or disable SSID broadcast. When enabled, the SSID will be visible to clients as an available Wi-Fi network.
Load Balancing Authentication Method Additional Authentication and can prevent brute force attacks on clients’ usernames and passwords. Load balancing limits the number of wireless clients connected to an SSID. Set a load balancing value (maximum 50). Select an authentication method from the drop down menu. Select an additional authentication method from the drop down menu. Various security options (wireless data encryption) are available.
Add/Edit WLAN Group When you add a WLAN Group, it will be available for selection in NMS Settings Access Point access point Profile Settings & access point group Profile Group Settings (IV-5-1.) WLAN Group Settings Name Edit the WLAN Group name. Description Enter a description of the WLAN Group for reference e.g. 2nd Floor Office HR Group. Members Select SSIDs to include in the group using the checkboxes and assign VLAN IDs.
IV-5-3. RADIUS Displays information about External & Internal RADIUS Servers, Accounts and Groups and allows you to add or edit RADIUS Servers, Accounts & Groups. When you add a RADIUS Group, it will be available for selection in NMS Settings Access Point access point Profile Settings & access point group Profile Group Settings (IV-5-1.) The search function can be used to locate a RADIUS Server, Account or Group.
Add/Edit External RADIUS Server Name Description RADIUS Server Authentication Port Shared Secret Session Timeout Accounting Accounting Port 54 Enter a name for the RADIUS Server. Enter a description of the RADIUS Server for reference. Enter the RADIUS server host IP address. Set the UDP port used in the authentication protocol of the RADIUS server. Value must be between 1 – 65535. Enter a shared secret/password between 1 – 99 characters in length.
Add/Edit Internal RADIUS Server Upload EAP Certificate File EAP Certificate File Format EAP Certificate File Displays the EAP certificate file format: PCK#12(*.pfx/*.p12) Click “Upload” to open a new window and select the location of an EAP certificate file to use. If no certificate file is uploaded, the internal RADIUS server will use a self-made certificate. Internal RADIUS Server Name Enter a name for the Internal RADIUS Server.
EAP Internal Authentication Shared Secret Select EAP internal authentication type from the drop down menu. Enter a shared secret/password for use between the internal RADIUS server and RADIUS client. The shared secret should be 1 – 99 characters in length. Session Timeout Set a duration of session timeout in seconds between 0 – 86400.
RADIUS Accounts User Name Add Reset Enter the user names here, separated by commas. Click “Add” to add the user to the user registration list. Clear text from the user name box. User Registration List Select Check the box to select a user. User Name Displays the user name. Password Displays if specified user name has a password (configured) or not (not configured). Customize Click “Edit” to open a new field to set/edit a password for the specified user name (below).
Add/Edit RADIUS Group When you add a RADIUS Group, it will be available for selection in NMS Settings Access Point access point Profile Settings & access point group Profile Group Settings (IV-5-1.) RADIUS Group Settings Group Name Edit the RADIUS Group name. Description Enter a description of the RADIUS Group for reference. 2.4GHz RADIUS Enable/Disable primary & secondary RADIUS servers for 2.4GHz. 5GHz RADIUS Enable/Disable primary & secondary RADIUS servers for 5GHz.
IV-5-4. Access Control MAC Access Control is a security feature that can help to prevent unauthorized users from connecting to your access point. This function allows you to define a list of network devices permitted to connect to the access point. Devices are each identified by their unique MAC address. If a device which is not on the list of permitted MAC addresses attempts to connect to the access point, it will be denied.
Add/Edit MAC Access Control Add MAC Address Add Reset Enter a MAC address of computer or network device manually e.g. ‘aa-bb-cc-dd-ee-ff’ or enter multiple MAC addresses separated with commas, e.g. ‘aa-bb-cc-dd-ee-ff,aa-bb-cc-dd-ee-gg’ Click “Add” to add the MAC address to the MAC address filtering table. Clear all fields. MAC address entries will be listed in the “MAC Address Filtering Table”. Select an entry using the “Select” checkbox.
Add/Edit MAC Access Control Group When you add an Access Control Group, it will be available for selection in NMS Settings Access Point access point Profile Settings & access point group Profile Group Settings (IV-5-1.) MAC Filter Group Settings Group Name Edit the MAC Access Control Group name. Description Enter a description of the MAC Access Control Group for reference.
IV-5-5. Guest Network You can setup an additional “Guest” Wi-Fi network so guest users can enjoy Wi-Fi connectivity without accessing your primary networks. The “Guest” screen displays settings for your guest Wi-Fi network. The Guest Network panel displays information about Guest Networks and Guest Network Groups and allows you to add or edit Guest Network and Guest Network Group settings.
Add/Edit Guest Network Guest Network Settings Name/ESSID Edit the Guest Network name (SSID). Description Enter a description of the Guest Network for reference e.g. 2nd Floor Office HR. VLAN ID Specify the VLAN ID. Broadcast SSID Enable or disable SSID broadcast. When enabled, the SSID will be visible to clients as an available Wi-Fi network. When disabled, the SSID will not be visible as an available Wi-Fi network to clients – clients must manually enter the SSID in order to connect.
Load Balancing WMM Authentication Method Additional Authentication clients’ usernames and passwords. Load balancing limits the number of wireless clients connected to an SSID. Set a load balancing value (maximum 50). Enable or disable WMM (Wi-Fi Multimedia) traffic prioritizing. Select an authentication method from the drop down menu. Select an additional authentication method from the drop down menu. Various security options (wireless data encryption) are available.
Add/Edit Guest Network Group When you add a Guest Network Group, it will be available for selection in NMS Settings Access Point access point Profile Settings & access point group Profile Group Settings (IV-5-1.) Guest Network Group Settings Group Name Edit the Guest Network Group name. Description Enter a description of the Guest Network for reference. Members Add SSIDs to the Guest Network group.
IV-5-6. Zone Edit Zone Edit displays information about zones for use with the Zone Plan feature and allows you to add or edit zones. The search function can be used to find existing zones. Type in the search box and the list will update: Make a selection using the check-boxes and click “Edit” or click “Add” to add a new zone.
Add/Edit Zone Upload Zone Image Choose File Click to locate an image file to be displayed as a map in the Zone Plan feature. Typically a floor plan image is useful. Zone Setting Name/Location Enter a name of the zone/location. Description Enter a description of the zone/location for reference. Members Assign access points to the specified zone/location for use with the Zone Plan feature.
IV-5-7. Firmware Upgrade Firmware Upgrade allows you to upgrade firmware to Access Point Groups. First, upload the firmware file from a local disk or external FTP server: locate the file and click “Upload” or “Check”. The table below will display the Firmware Name, Firmware Version, NMS Version, Model and Size. Then click “Upgrade All” to upgrade all access points in the Array or select Access Point groups from the list using check-boxes and click “Upgrade Selected” to upgrade only selected access points.
IV-5-8. Advanced IV-5-8-1. System Security Configure the NMS system login name and password. IV-5-8-2. Date & Time Configure the date & time settings of the AP Array. The date and time of the access points can be configured manually or can be synchronized with a time server. Date and Time Settings Local Time Set the access point’s date and time manually using the drop down menus.
NTP Time Server Use NTP Server Name Update Interval Time Zone Time Zone 70 The access point also supports NTP (Network Time Protocol) for automatic time and date setup. Enter the host name or IP address of the time server if you wish. Specify a frequency (in hours) for the access point to update/synchronize with the NTP server. Select the time zone of your country/ region. If your country/region is not listed, please select another country/region whose time zone is the same as yours.
IV-6. Local Network IV-6-1. Network Settings IV-6-1-1. LAN-Side IP Address The “LAN-side IP address” page allows you to configure your AP Controller on your Local Area Network (LAN). You can enable the access point to dynamically receive an IP address from your router’s DHCP server or you can specify a static IP address for your access point, as well as configure DNS servers. You can also set your AP Controller as a DHCP server to assign IP addresses to other devices on your LAN.
Subnet Mask Default Gateway Primary DNS Address Secondary DNS Address DHCP Client IP Address Subnet Mask Default Gateway Primary DNS Address Secondary DNS Address 72 replace the default IP address. Specify a subnet mask. The default value is 255.255.255.0 For DHCP users, select “From DHCP” to get default gateway from your DHCP server or “User-Defined” to enter a gateway manually. For static IP users, the default value is blank. For static IP users, the default value is blank.
DHCP Server IP Address Subnet Mask IP Address Range Domain Name Lease Time Default Gateway Primary DNS Address Secondary DNS Address Specify the IP address here. This IP address will be assigned to your access point and will replace the default IP address. Specify a subnet mask. The default value is 255.255.255.0 Enter the start and end IP address of the IP address range which your access point’s DHCP server will assign to devices on the network. Enter a domain name.
IP Address Add to be assigned a static IP address. Specify the IP address to assign the device. Click to assign the IP address to the device. IV-6-1-2. LAN Port Settings The “LAN Port” page allows you to configure the settings for your AP Controllers wired LAN (Ethernet) ports. Wired LAN Port Enable Speed & Duplex Flow Control 802.3az 74 Identifies LAN port 1 or 2. Enable/disable specified LAN port. Select a speed & duplex type for specified LAN port, or use the “Auto” value.
IV-6-1-3. VLAN The “VLAN” (Virtual Local Area Network) page enables you to configure VLAN settings. A VLAN is a local area network which maps workstations virtually instead of physically and allows you to group together or isolate users from each other. VLAN IDs 1 – 4094 are supported. VLAN IDs in the range 1 – 4094 are supported. VLAN Interface Wired LAN Port/Wireless VLAN Mode VLAN ID Identifies LAN port 1 or 2 and wireless SSIDs (2.4GHz or 5GHz).
IV-6-2. 2.4GHz 11bgn The “2.4GHz 11bgn” menu allows you to view and configure information for your access point’s 2.4GHz wireless network across four categories: Basic, Advanced, Security and WDS. IV-6-2-1. Basic The “Basic” screen displays basic settings for your access point’s 2.4GHz Wi-Fi network(s). Wireless Enable or disable the access point’s 2.4GHz wireless radio. When disabled, no 2.4GHz SSIDs will be active. Band Select the wireless standard used for the access point. Combinations of 802.
to 16). The SSID can consist of any combination of up to 32 alphanumeric characters. VLAN ID Specify a VLAN ID for each SSID. Auto Channel Enable/disable auto channel selection. Auto channel selection will automatically set the wireless channel for the access point’s 2.4GHz frequency based on availability and potential interference. When disabled, select a channel manually as shown in the next table. Auto Channel Range Select a range from which the auto channel setting (above) will choose a channel.
IV-6-2-2. Advanced These settings are for experienced users only. Please do not change any of the values on this page unless you are already familiar with these functions. Changing these settings can adversely affect the performance of your access point. Contention Slot Preamble Type Guard Interval 802.11g Protection 78 Select “Short” or “Long” – this value is used for contention windows in WMM (see IV-6-7. WMM). Set the wireless radio preamble type. The preamble type in 802.
802.11n Protection Enable/disable 802.11n protection, which increases reliability but reduces bandwidth (clients will send Request to Send (RTS) to access point, and access point will broadcast Clear to Send (CTS), before a packet is sent from client.) DTIM Period Set the DTIM (delivery traffic indication message) period value of the wireless radio. The default value is 1. RTS Threshold Set the RTS threshold of the wireless radio. The default value is 2347.
IV-6-2-3. Security The access point provides various security options (wireless data encryption). When data is encrypted, information transmitted wirelessly cannot be read by anyone who does not know the correct encryption key. It’s essential to configure wireless security in order to prevent unauthorised access to your network. Select hard-to-guess passwords which include combinations of numbers, letters and symbols, and change your password regularly.
Load Balancing Authentication Method Additional Authentication Load balancing limits the number of wireless clients connected to an SSID. Set a load balancing value (maximum 50). Select an authentication method from the drop down menu and refer to the information below appropriate for your method. Select an additional authentication method from the drop down menu and refer to the information below (IV-6-2-3-6.) appropriate for your method. IV-6-2-3-1.
IV-6-2-3-3. IEEE802.1x/EAP Key Length Select 64-bit or 128-bit. 128-bit is more secure than 64-bit and is recommended. IV-6-2-3-4. WPA-PSK WPA-PSK is a secure wireless encryption type with strong data protection and user authentication, utilizing 128-bit encryption keys. WPA Type Encryption Key Renewal Interval Pre-Shared Key Type Pre-Shared Key Select from WPA/WPA2 Mixed Mode-PSK, WPA2 or WPA only. WPA2 is safer than WPA only, but not supported by all wireless clients.
IV-6-2-3-6. Additional Authentication Additional wireless authentication methods can also be used: MAC Address Filter Restrict wireless clients access based on MAC address specified in the MAC filter table. See IV-6-6.MAC Filter to configure MAC filtering. MAC Filter & MAC-RADIUS Authentication Restrict wireless clients access using both of the above MAC filtering & RADIUS authentication methods.
IV-6-2-4. WDS Wireless Distribution System (WDS) can bridge/repeat access points together in an extended network. WDS settings can be configured as shown below. When using WDS, configure the IP address of each access point to be in the same subnet and ensure there is only one active DHCP server among connected access points, preferably on the WAN side. WDS must be configured on each access point, using correct MAC addresses. All access points should use the same wireless channel and encryption method.
2.4GHz WDS Functionality Select “WDS with AP” to use WDS with access point or “WDS Dedicated Mode” to use WDS and also block communication with regular wireless clients. When WDS is used, each access point should be configured with corresponding MAC addresses, wireless channel and wireless encryption method. Local MAC Address Displays the MAC address of your access point. WDS Peer Settings WDS # WDS VLAN VLAN Mode VLAN ID Enter the MAC address for up to four other WDS devices you wish to connect.
IV-6-3. 5GHz 11ac 11an The “5GHz 11ac 11an” menu allows you to view and configure information for your access point’s 5GHz wireless network across four categories: Basic, Advanced, Security and WDS. IV-6-3-1. Basic The “Basic” screen displays basic settings for your access point’s 5GHz Wi-Fi network (s). Wireless Enable or disable the access point’s 5GHz wireless radio. When disabled, no 5GHz SSIDs will be active. Band Select the wireless standard used for the access point. Combinations of 802.11a, 802.
SSID# Enter the SSID name for the specified SSID (up to 16). The SSID can consist of any combination of up to 32 alphanumeric characters. VLAN ID Specify a VLAN ID for each SSID. Auto Channel Enable/disable auto channel selection. Auto channel selection will automatically set the wireless channel for the access point’s 5GHz frequency based on availability and potential interference. When disabled, select a channel manually as shown in the next table.
IV-6-3-2. Advanced These settings are for experienced users only. Please do not change any of the values on this page unless you are already familiar with these functions. Changing these settings can adversely affect the performance of your access point. Guard Interval Set the guard interval. A shorter interval can improve performance. 802.11n Protection Enable/disable 802.
Beacon Interval Station idle timeout 89 Set the beacon interval of the wireless radio. The default value is 100. Set the interval for keepalive messages from the access point to a wireless client to verify if the station is still alive/active.
IV-6-3-3. Security The access point provides various security options (wireless data encryption). When data is encrypted, information transmitted wirelessly cannot be read by anyone who does not know the correct encryption key. It’s essential to configure wireless security in order to prevent unauthorised access to your network. Select hard-to-guess passwords which include combinations of numbers, letters and symbols, and change your password regularly.
Load Balancing Authentication Method Additional Authentication Load balancing limits the number of wireless clients connected to an SSID. Set a load balancing value (maximum 50). Select an authentication method from the drop down menu and refer to the information below appropriate for your method. Select an additional authentication method from the drop down menu and refer to the information below appropriate for your method. Please refer back to IV-6-2-3.
IV-6-3-4. WDS Wireless Distribution System (WDS) can bridge/repeat access points together in an extended network. WDS settings can be configured as shown below. When using WDS, configure the IP address of each access point to be in the same subnet and ensure there is only one active DHCP server among connected access points, preferably on the WAN side. WDS must be configured on each access point, using correct MAC addresses. All access points should use the same wireless channel and encryption method.
WDS # WDS VLAN VLAN Mode VLAN ID WDS Encryption Encryption 93 Enter the MAC address for up to four other WDA devices you wish to connect. Specify the WDS VLAN mode to “Untagged Port” or “Tagged Port”. Specify the WDS VLAN ID when “Untagged Port” is selected above. Select whether to use “None” or “AES” encryption and enter a pre-shared key for AES with 8-63 alphanumeric characters.
IV-6-4. WPS Wi-Fi Protected Setup is a simple way to establish connections between WPS compatible devices. WPS can be activated on compatible devices by pushing a WPS button on the device or from within the device’s firmware/configuration interface (known as PBC or “Push Button Configuration”). When WPS is activated in the correct manner and at the correct time for two compatible devices, they will automatically connect.
WPS Status WPS security status is displayed here. Click “Release” to clear the existing status. IV-6-5. RADIUS The RADIUS sub menu allows you to configure the access point’s RADIUS server settings, categorized into three submenus: RADIUS settings, Internal Server and RADIUS accounts. A RADIUS server provides user-based authentication to improve security and offer wireless client control – users can be authenticated before gaining access to a network.
IV-6-5-1. RADIUS Settings Configure the RADIUS server settings for 2.4GHz & 5GHz. Each frequency can use an internal or external RADIUS server.
RADIUS Type Select “Internal” to use the access point’s built-in RADIUS server or “external” to use an external RADIUS server. RADIUS Server Enter the RADIUS server host IP address. Authentication Port Set the UDP port used in the authentication protocol of the RADIUS server. Value must be between 1 – 65535. Enter a shared secret/password between 1 – 99 characters in length. This should match the “MAC-RADIUS” password used in IV-3-1-3-6 or IV-3-2-3.
Internal Server Check/uncheck to enable/disable the access point’s internal RADIUS server. EAP Internal Select EAP internal authentication type from Authentication the drop down menu. EAP Certificate File Displays the EAP certificate file format: Format PCK#12(*.pfx/*.p12) EAP Certificate File Click “Upload” to open a new window and select the location of an EAP certificate file to use. If no certificate file is uploaded, the internal RADIUS server will use a self-made certificate.
IV-6-5-3. RADIUS Accounts The internal RADIUS server can authenticate up to 256 user accounts. The “RADIUS Accounts” page allows you to configure and manage users. User Name Add Reset Select User Name Password Customize 99 Enter the user names here, separated by commas. Click “Add” to add the user to the user registration list. Clear text from the user name box. Check the box to select a user. Displays the user name. Displays if specified user name has a password (configured) or not (not configured).
Delete Selected Delete All Delete selected user from the user registration list. Delete all users from the user registration list. Edit User Registration List User Name Password 100 Existing user name is displayed here and can be edited according to your preference. Enter or edit a password for the specified user.
IV-6-6. MAC Filter Mac filtering is a security feature that can help to prevent unauthorized users from connecting to your access point. This function allows you to define a list of network devices permitted to connect to the access point. Devices are each identified by their unique MAC address. If a device which is not on the list of permitted MAC addresses attempts to connect to the access point, it will be denied.
Add Reset commas, e.g. ‘aa-bb-cc-dd-ee-ff,aa-bb-cc-dd-ee-gg’ Click “Add” to add the MAC address to the MAC address filtering table. Clear all fields. MAC address entries will be listed in the “MAC Address Filtering Table”. Select an entry using the “Select” checkbox. Select MAC Address Delete Selected Delete All Export 102 Delete selected or all entries from the table. The MAC address is listed here. Delete the selected MAC address from the list. Delete all entries from the MAC address filtering table.
IV-6-7. WMM Wi-Fi Multimedia (WMM) is a Wi-Fi Alliance interoperability certification based on the IEEE 802.11e standard, which provides Quality of Service (QoS) features to IEE 802.11 networks. WMM prioritizes traffic according to four categories: background, best effort, video and voice. Configuring WMM consists of adjusting parameters on queues for different categories of wireless traffic.
CWMax AIFSN TxOP 104 be generated between 0 and this value. If the frame is not sent, the random backoff value is doubled until the value reaches the number defined by CWMax (below). The CWMin value must be lower than the CWMax value. The contention window scheme helps to avoid frame collisions and determine priority of frame transmission. A shorter window has a higher probability (priority) of transmission.
IV-7. Local Settings IV-7-1. Operation Mode Set the operation mode of the access point. AP mode is a standalone access point, AP controller mode acts as the designated master of the AP array, and Managed AP mode acts as a slave AP within the AP array. IV-7-2. Network Settings IV-7-2-1. System Information The “System Information” page displays basic system information about the access point.
System Model Product Name Uptime Boot From Version MAC Address Management VLAN ID IP Address Default Gateway DNS DHCP Server Displays the model number of the access point. Displays the product name for reference, which consists of “AP” plus the MAC address. Displays the total time since the device was turned on. Displays information for the booted hardware, booted from either USB or internal memory. Displays the firmware version. Displays the access point’s MAC address. Displays the management VLAN ID.
VLAN Mode/ID (connected or disconnected). Displays the VLAN mode (tagged or untagged) and VLAN ID for the specified LAN port. See IV-6-1-3. VLAN Wireless 2.4GHz (5GHz) Status Displays the status of the 2.4GHz or 5GHz wireless (enabled or disabled). MAC Address Displays the access point’s MAC address. Channel Displays the channel number the specified wireless frequency is using for broadcast. Transmit Power Displays the wireless radio transmit power level as a percentage. Wireless 2.
IV-7-2-2. Wireless Clients The “Wireless Clients” page displays information about all wireless clients connected to the access point on the 2.4GHz or 5GHz frequency. Refresh time Auto Refresh Time Manual Refresh Select a time interval for the client table list to automatically refresh. Click refresh to manually refresh the client table. 2.4GHz (5GHz) WLAN Client Table SSID Displays the SSID which the client is connected to. MAC Address Displays the MAC address of the client.
IV-7-2-3. Wireless Monitor Wireless Monitor is a tool built into the access point to scan and monitor the surrounding wireless environment. Select a frequency and click “Scan” to display a list of all SSIDs within range along with relevant details for each SSID. Wireless Monitor Site Survey Channel Survey Result Site Survey Results Ch SSID MAC Address Security Signal (%) Type Vendor 109 Select which frequency (or both) to scan, and click “Scan” to begin.
IV-7-2-4. Log The system log displays system operation information such as up time and connection processes. This information is useful for network administrators. When the log is full, old entries are overwritten. Save Clear Refresh 110 Click to save the log as a file on your local computer. Clear all log entries. Refresh the current log.
The following information/events are recorded by the log: USB Mount & unmount Wireless Client Connected & disconnected Key exchange success & fail Authentication Authentication fail or successful. Association Success or fail WPS M1 - M8 messages WPS success Change Settings System Boot Displays current model name NTP Client Wired Link LAN Port link status and speed status Proxy ARP Proxy ARP module start & stop Bridge Bridge start & stop. SNMP SNMP server start & stop.
IV-7-3. Management IV-7-3-1. Admin You can change the password used to login to the browser-based configuration interface here. It is advised to do so for security purposes. If you change the administrator password, please make a note of the new password. In the event that you forget this password and are unable to login to the browser based configuration interface, see IV-7-4-4. Factory Default for how to reset the access point.
4-32 alphanumeric characters (case sensitive). Advanced Settings Product Name Management Protocol SNMP Version SNMP Get Community SNMP Set Community SNMP Trap SNMP Trap Community SNMP Trap Manager Edit the product name according to your preference consisting of 1-32 alphanumeric characters. This name is used for reference purposes. Check/uncheck the boxes to enable/disable specified management interfaces (see below). When SNMP is enabled, complete the SNMP fields below.
IV-7-3-2. Date and Time You can configure the time zone settings of your access point here. The date and time of the device can be configured manually or can be synchronized with a time server. Date and Time Settings Local Time Set the access point’s date and time manually using the drop down menus. Acquire Current Click “Acquire Current Time from Your PC” to Time from your PC enter the required values automatically according to your computer’s current time and date.
your country/region is not listed, please select another country/region whose time zone is the same as yours.
IV-7-3-3. Syslog Server The system log can be sent to a server, attached to USB storage or sent via email. Syslog Server Settings Transfer Logs Check/uncheck the box to enable/disable the use of a syslog server, and enter a host name, domain or IP address for the server, consisting of up to 128 alphanumeric characters. Copy Logs to Check/uncheck the box to enable/disable Attached USB Device copying logs to attached USB storage.
your email authentication. When authentication is used above, enter the account name. When authentication is used above, enter the password. Account Password IV-7-3-4. I’m Here The access point features a built-in buzzer which can sound on command using the “I’m Here” page. This is useful for network administrators and engineers working in complex network environments to locate the access point.
IV-7-4. Advanced Wi-Fi Multimedia (WMM) is a Wi-Fi Alliance interoperability certification based on the IEEE 802.11e standard, which provides Quality of Service (QoS) features to IEE 802.11 networks. WMM prioritizes traffic according to four categories: background, best effort, video and voice. IV-7-4-1. LED Settings The access point’s LEDs can be manually enabled or disabled according to your preference. Power LED Diag LED IV-7-4-2. Select on or off. Select on or off.
Do not switch off or disconnect the access point during a firmware upgrade, as this could damage the device. Update Firmware From Select “a file on your PC” to upload firmware from your local computer or from an attached USB device. Firmware Update File Click “Browse” to open a new window to locate and select the firmware file in your computer. Update Click “Update” to upload the specified firmware file to your access point.
IV-7-4-3. Save/Restore Settings The access point’s “Save/Restore Settings” page enables you to save/backup the access point’s current settings as a file to your local computer or a USB device attached to the access point, and restore the access point to previously saved settings. Save / Restore Settings Using Device Select “Using your PC” to save the access point’s settings to your local computer or to an attached USB device.
password” box and enter the password in the field underneath.
IV-7-4-4. Factory Default If the access point malfunctions or is not responding, then it is recommended that you reboot the device (see IV-7-4-5.) or reset the device back to its factory default settings. You can reset the access point back to its default settings using this feature if the location of the access point is not convenient to access the reset button. Factory Default Click “Factory Default” to restore settings to the factory default. A pop-up window will appear and ask you to confirm.
IV-8. Toolbox IV-8-1. IV-8-1-1. Network Connectivity Ping Ping is a computer network administration utility used to test whether a particular host is reachable across an IP network and to measure the round-trip time for sent messages. Destination Address Execute IV-8-1-2. Enter the address of the host. Click execute to ping the host. Trace Route Traceroute is a diagnostic tool for displaying the route (path) and measuring transit delays of packets across an IP network.
V. Appendix V-1. Configuring your IP address The access point uses the default IP address 192.168.2.2. In order to access the browser based configuration interface, you need to modify the IP address of your computer to be in the same IP address subnet e.g. 192.168.2.x (x = 3 – 254). The procedure for modifying your IP address varies across different operating systems; please follow the guide appropriate for your operating system. In the following examples we use the IP address 192.168.2.
V-1-1. 1. Windows XP Click the “Start” button (it should be located in the lower-left corner of your computer), then click “Control Panel”. Double-click the “Network and Internet Connections” icon, click “Network Connections”, and then double-click “Local Area Connection”. The “Local Area Connection Status” window will then appear, click “Properties”. 2. Select “Use the following IP address”, then input the following values: IP address: 192.168.2.10 Subnet Mask: 255.255.255.0 Click ‘OK’ when finished.
V-1-2. 1. Windows Vista Click the “Start” button (it should be located in the lower-left corner of your computer), then click “Control Panel”. Click “View Network Status and Tasks”, then click “Manage Network Connections”. Right-click “Local Area Network”, then select “Properties”. The “Local Area Connection Properties” window will then appear, select “Internet Protocol Version 4 (TCP / IPv4)”, and then click “Properties”. 2.
V-1-3. Windows 7 1. Click the “Start” button (it should be located in the lower-left corner of your computer), then click “Control Panel”. 2. Under “Network and Internet” click “View network status and tasks”. 3. Click “Local Area Connection”.
4. 130 Click “Properties”.
5.Select “Internet Protocol Version 4 (TCP/IPv4) and then click “Properties”. 6. Select “Use the following IP address”, then input the following values: IP address: 192.168.2.10 Subnet Mask: 255.255.255.0 Click ‘OK’ when finished.
V-1-4. Windows 8 1. From the Windows 8 Start screen, you need to switch to desktop mode. Move your curser to the bottom left of the screen and click. 2. In desktop mode, click the File Explorer icon in the bottom left of the screen, as shown below.
3. Right click “Network” and then select “Properties”. 4.
side. 5. 135 Choose your connection and right click, then select “Properties”.
6. Select “Internet Protocol Version 4 (TCP/IPv4) and then click “Properties”. 7. Select “Use the following IP address”, then input the following values: IP address: 192.168.2.10 Subnet Mask: 255.255.255.0 Click ‘OK’ when finished.
V-1-5. 1. Mac Have your Macintosh computer operate as usual, and click on “System Preferences” 2. In System Preferences, click on “Network”. 3. Click on “Ethernet” in the left panel. 4. Open the drop-down menu labeled “Configure IPv4” and select “Manually”.
5. Enter the IP address 192.168.2.10 and subnet mask 255.255.255.0. Click on “Apply” to save the changes.
VI. Best Practice VI-1. How to Create and Link WLAN & Access Point Groups You can use NMS to create individual SSIDs and group multiple SSIDs together into WLAN groups. You can then assign individual access points to use those WLAN group settings and/or group multiple access points together into access point groups, which you can also assign to use WLAN group settings. Follow the example below to: A. Create a WLAN group. B. Create an access point group. C.
3. The new SSID will be displayed in the WLAN panel. Repeat to add additional SSIDs according to your preference, and then click “Add” in the WLAN Group panel: 4. Enter a name for the SSID group and check the boxes to select which SSIDs to include within the group. Click “Apply” when done.
5. The new WLAN group will be displayed in the WLAN Group panel. Repeat to add additional WLAN groups according to your preference: B. 1.
2. Enter a Name and then scroll down to the Group Settings panel and use the << button to add selected access points into your group from the box on the right side. Click “Apply” when done. 3. The new access point group will be displayed in the Access Point Group panel.
C. 1. Go to NMS Settings Access Point and select an access point group using the checkboxes in the Access Point Group panel.
2. Scroll down to the Profile Group Settings panel and check the “Override Group Settings” box for WLAN Group (2.4GHz and/or 5GHz). Select your WLAN group from the drop-down menu and click “Apply”: 3. Repeat for other access point groups according to your preference.
COPYRIGHT Copyright Edimax Technology Co., Ltd. all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission from Edimax Technology Co., Ltd. Edimax Technology Co., Ltd.
