High Power Outdoor Wireless Access Point with Built-in AP Controller website www.hawkingtech.com e-mail techsupport@hawkingtech.com © COPYRIGHT 2017 HAWKING TECHNOLOGIES,INC. ALL RIGHTS RESERVED.
1 COPYRIGHT Copyright ©2017 by Hawking Technologies, Inc. All rights reserved.
2 4. Consult the dealer or an experienced radio technician for help. FCC Caution This equipment must be installed and operated in accordance with provided instructions and a minimum 20 cm spacing must be provided between computer mounted antenna and person’s body (excluding extremities of hands, wrist and feet) during wireless modes of operation. This device complies with Part 15 of the FCC Rules.
3 Table of Contents Chapter I: Product Information..................................................................................................................... 7 1-1 Introduction ........................................................................................................................................ 7 1-2 Safety Information ............................................................................................................................ 10 1-3 System Requirements ...........
4 3-5-3 Wireless Setup ........................................................................................................................... 47 Chapter IV: System Settings ........................................................................................................................ 50 4-1 WAN Setup........................................................................................................................................ 50 4-1-1 Internet Connection Type: Static IP ...............
5 4-6-2 Root Password ........................................................................................................................... 78 4-6-3 Admin Login Methods: ............................................................................................................... 78 4-6-4 System Log Setup ....................................................................................................................... 79 4-6-5 Auto Reboot .........................................................
6 7-2-2 Device List ................................................................................................................................ 111 7-2-3 Batch Setup .............................................................................................................................. 111 7-3 AP Setup.......................................................................................................................................... 114 7-4 Group Setup .......................................
7 Chapter I: Product Information 1-1 Introduction Thank you for purchasing the HPOW5CM Hawking High Power Outdoor Wireless Access Point with Builtin AP Controller. This highly efficient access point is the best choice for Small office / Home office users. With the AP controller mode, it allows one unit to control all your HPOW5CMs Access Points on the network. It also allows computers and network devices to gain wireless access in several modes throughout their network.
8 NAT Proxy DNS Dynamic DNS NTP Client DMZ Virtual Server (Port Forwarding) Support MAC Filter Support IP Filter Support Layer-7 Protocol Filter and Content Filter Support Static Routing Support RIP and OSPF Dynamic Routing Bandwidth traffic Shaping Wireless Feature Transmission power control : 3%, 6%, 12.5%, 25%, 50%, 100% Channel selection : Manual or Auto Associated clients limitation : 64 No. of ESSID (Virtual AP ): 8 No. of Max.
9 802.11i WPA2 (PSK + CCMP/ AES) 802.11i WPA2 (802.1x certification + CCMP/ AES) Setting for TKIP/ CCMP/ AES key’s refreshing period Hidden ESSID support Setting for “Deny ANY “ connection request MAC ACL No. of registered RADIUS servers : 2 VLAN assignment on ESSID VLAN tag over WDS Support WEP and AES data encryption over WDS link Quality of Service Download and Upload traffic control IEEE802.
10 1-2 Safety Information In order to keep the safety of users and property, please follow these safety instructions: 1. This access point is designed for outdoor use and is weather resistant. 2. DO NOT put this access point at or near hot or humid places, like kitchens or bathrooms. Also, do not leave this access point in the car in summer. 3. DO NOT pull any connected cable with force; disconnect them from the access point first. 4.
11 1-4 Package Contents Before you start to use this access point, please check if there’s anything missing in the package, and contact your place of purchase or contact Hawking Technologies.
12 (4) (5) (6) (7) LAN1 (PoE) Ethernet port LED indicator for LAN1 Power LED Grounding Connection: Grounding cable can protect this device from lightning strikes and buildup of static electricity. Grounding cable not included in the package. We suggest 16-18 AWG grounding cable. (8) LED for strong/weak WiFi Signal Indicator for Client Bridge, Repeater, WISP (9) Ethernet cable guide ports. These can be popped out to guide your Ethernet cables out of the device.
13 Chapter II: System and Network Setup 2-1 Build Network Connection Please follow the following instructions to build the network connection between your new HPOW5CM access point and your computers and other network devices: 1. Remove cover from device. Press the center tab (you may need a flathead screwdriver) and the cover should be able to be removed with a small amount of force. 2. Connect the A/C power adapter to the wall socket, and then connect it to the ‘Power’ socket of the PoE injector.
14 4. Configure the IP Address of your computer to be in the same range as the HPOW5CM (see section 23) Log into the setup page to configure the HPOW5CM 2-2 Definitions of HPOW5CM Supported Modes The HPOW5CM supports 6 different modes.
15 When AP Controller mode is setup, one HPOW5CM is setup to control multiple HPOW5CM’s on the network. The HPOW5CM in AP controller mode can set IPs, configure wireless settings, monitor wireless status, upgrade firmware and remotely controll multiple HPOW5CMs. The other HPOW5CMs must be in AP mode. Go to section 3-1 When AP mode is chosen, the system can be configured as a standard wireless access point. In this mode, the device can be used as an Access Point for wireless client connection.
16 When Client Bridge + Repeater AP Mode is chosen, the system can be configured in bridged mode. In this mode, the device can connect to other Access Points via a wireless link and be used to bridge wired clients to the network.
17 In this mode, the device can connect to other Access Points via a wireless link and be used to bridge wired clients to the network and work as a wireless repeater for wireless devices. All Ethernet ports and repeater access points are bridged together. Go to section 3-3 When WISP mode is chosen, the system can be configured in Wireless repeater mode. In this mode, the device can wirelessly connect to a WISP (wireless internet service provider), ie. Another wireless AP, HotSpot, etc.
18 When Router AP mode is chosen, the system can be configured as a Wireless Router. In this mode, the device is supposed to be connected to internet via ADSL/Cable Modem. The NAT is enabled and PCs in LAN/WLAN port share the same IP to ISP through the WAN port. The connection type can be setup in WAN page by using static IP, Dynamic IP, PPPoE or PPTP client.
19 First, right click on ‘Start’ button (or left click if this is Windows 7 or below), then choose Control Panel. Under Network and Internet, choose View Network Status and Tasks, then choose Change Adapter Settings on the left hand column. Right-click Ethernet (or Local Area Connection), then select ‘Properties’. Ethernet (Local Area Connection) Properties window will appear, select ‘Internet Protocol Version 4 (TCP / IPv4), and then click ‘Properties’ 2.
20
21 2-3-2 Mac OS X IP Address Setup Go to your System Preferences, go to Network. Select your Ethernet adapter. Make sure next to “Configure IPv4”, you have it set under “Manually” IP Address 192.168.2.20 Subnet Mask: 255.255.255.
22 After the IP address setup is complete, please open your web browser. In the address field, please type: ‘192.168.2.254’ and press enter.
23 Chapter III: Setup Wizard This section will outline how to access the setup wizard and configure each of the modes in the HPOW5CM 3-1 Controller AP Mode When AP Controller mode is selected, one HPOW5CM is setup to control multiple HPOW5CM’s in AP mode on the network. The HPOW5CM in AP controller mode can set IPs, configure wireless settings, monitor wireless status, upgrade firmware and remotely controll multiple HPOW5CMs. Note: the other HPOW5CMs can only be in AP Mode.
24 The device will now reboot. Now, open your browser and go to 192.168.2.254. It should take you back into the settings page. Click on “Wizard”. Click “Next” 3-1-1 Setup Wizard This section is optional and will only setup the IP settings and the AP settings in CAP mode. You can change the default IP of the device here if required. By default, the IP is 192.168.2.254 Choose your DNS type.
25 3-1-1-1 Wireless Setup This page is used to define the parameters for the wireless for the CAP Mode. In CAP Mode, the HPOW5CM can also act as an access point. ESSID: This is the wireless broadcast name. By default, it is ‘Hawking_HPOW5CM’ but you can change it to whatever you want.
26 Use this option only when you want to allow any user to use your wireless access point, and you are not concerned about unauthorized access to your files and/or transfers over your network.
27 Check the device you want to import and click “Import”. This will add the AP you selected to your Controller. You can also change the IP address settings of the devices Check the device and then go to the Update IP address and Netmask and make your changes. Click ‘Apply and Reboot’ 3-1-2-1 Batch setup Go to AP Control-Batch Setup.
28 Check the devices you want to Batch Setup under “Device List” Under VLAN List, you should see options to configure VLAN, Authentication Profile, Gateway & DNS, time Server, Management, Wireless Basic Setup, Wireless Advanced Setup, VAP setup, Upgrade and
29 Reboot. For more information go to section 7-2 After you make your changes, be sure to choose “Reboot” and Apply so the changes take effect.
30 3-2 AP Mode When AP mode is chosen, the system can be configured as a standard wireless access point. In this mode, the device can be used as an Access Point for wireless client connection. All Ethernet ports wand wireless interfaces are bridged together. This section provides a detailed explanation for users on how to configure AP mode. Log into the settings page, go to system and select “Operating Mode” Choose AP Mode and click save & reboot. The device will now reboot.
31 3-2-1 LAN setup You can change the default IP of the device here if required. By default, the IP is 192.168.2.254 Choose your DNS type. By default, it will be received automatically but if you have a preferred DNS or you have to specify one, please choose “specify” and enter in your values. 3-2-2 Wireless Setup This page is used to define the parameters for the wireless LAN clients ESSID: This is the wireless broadcast name.
32 3-2-2-1 Authentication (Wireless Security) This section allows you to set up wireless security to prevent any unauthorized access to your wireless network Open System (security disabled) When you select this mode, data encryption is disabled, and every wireless device in proximity will be able to connect your wireless access point if no other security measure is enabled Use this option only when you want to allow any user to use your wireless access point, and you are not concerned about unauthoriz
33 Pre-shared Enter the information for pre-shared key; the format of the information shall according to the key type selected. Pre-shared key can be either entered as a 256-bit secret in 64 HEX digits format, or 8 to 63 ASCII characters Hawking recommends using WPA2-PSK w/ AES cipher type as your default level of security. Click Finish and the device will automatically restart and save your settings.
34 Choose ClientBridge Mode and click save & reboot. The device will now reboot. Now, open your browser and go to 192.168.2.254. It should take you back into the settings page. Go to “Wizard”. Click “Next” 3-3-1 LAN setup You can change the default IP of the device here if required. By default, the IP is 192.168.2.254 Choose your DNS type. By default, it will be received automatically but if you have a preferred DNS or you have to specify one, please choose “specify” and enter in your values.
35 3-3-2 AP Station List Setup This page allows you to search for an available Access Point to Connect. Click “Site Survey” for it to automatically scan for a network to connect to. Site Survey: Press this button for the device to automatically scan for wireless networks. After it scans, a list of wireless networks in the area will appear. Click “Setup” to connect to this network.
36 ESSID: After you click setup, the name of the wireless network you wish to connect to will appear here. You can also manually enter the name or click on “Site Survey” for the device to scan for wireless networks. Authentication After you click setup, the security type of the wireless network you wish to connect to will appear here. Type in your key to connect.
37 This allows you to create a repeater AP and set SSID to your wireless network. Enable this if you want the device to act as a wireless repeater. If your choose disable, the device will be configured ONLY as a client bridge. If you click enable, you can set the settings for the repeater. This page is used to define the parameters for the wireless LAN clients ESSID: This is the wireless broadcast name in repeater mode. By default, it is ‘Default’ but you can change it to whatever you want.
38 Cipher Type: AES is short for Advanced Encryption Standard, The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plain text into the final output of ciphertext. Each round consists of several processing steps, including one that depends on the encryption key. A set of reverse rounds are applied to transform ciphertext back into the original plaintext using the same encryption key.
39 When WISP Mode is chosen, the system can be configured in Wireless Internet repeater mode. In this mode, the device can wirelessly connect to a WISP (wireless internet service provider), ie. Another wireless AP, HotSpot, etc. It can then wirelessly repeat the signal and can even act as a router for these signals. NAT is enabled and wired and wireless computers can share the same IP range. This section provides a detailed explanation for users on how to configure this mode.
40 3-4-1 WAN Settings and DNS Setings Choose your mode. Most ISPs use “Dynamic IP”. If you are unsure, please contact your ISP. Refer to Section 4-1 for a more in-depth explanation of these settings. Enter your hostname settings if you have one. You may leave it blank if it is not required. Choose your DNS type. By default, it will be received automatically but if you have a preferred DNS or you have to specify one, please choose “specify” and enter in your values.
41 3-4-3 AP Station List Setup This page allows you to search for an available Access Point to Connect. Click “Site Survey” for it to automatically scan for a network to connect to.
42 Site Survey: Press this button for the device to automatically scan for wireless networks. After it scans, a list of wireless networks in the area will appear. Click “Setup” to connect to this network. ESSID: After you click setup, the name of the wireless network you wish to connect to will appear here. You can also manually enter the name or click on “Site Survey” for the device to scan for wireless networks.
43 3-4-4-1 Authentication (Wireless Security) This section allows you to set up wireless security to prevent any unauthorized access to your wireless network Open System (security disabled) When you select this mode, data encryption is disabled, and every wireless device in proximity will be able to connect your wireless access point if no other security measure is enabled Use this option only when you want to allow any user to use your wireless access point, and you are not concerned about unauthori
44 Click Finish and the device will automatically restart and save your settings. After you have finished, this device will act as a Wireless Internet Service Provider. The device just needs be powered on via the PData Out port on the PoE adapter and can be standalone (you can also connect any wired clients to the 10/100 Data in Port on LAN2). Please change your computer IP address back to “Obtain an IP automatically.
45 Choose Router Mode and click save & reboot. The device will now reboot. After the device has finished rebooting, you will have to make changes to your computer’s physical connection. See below. The physical setup is slightly different than the standard setup. Plug your computer into LAN2 on the access point. Plug your ISP’s modem into the PoE ‘10/100 data in’ port. Now, open your browser and go to 192.168.2.254. It should take you back into the settings page. Go to system and select “Setup Wizard”.
46 3-5-1 WAN Settings and DNS Settings Choose your mode. Most ISPs use “Dynamic IP”. If you are unsure, please contact your ISP. Refer to Section 4-1 for a more in-depth explanation of these settings. Enter your hostname settings if you have one. You may leave it blank if it is not required. Choose your DNS type. By default, it will be received automatically but if you have a preferred DNS or you have to specify one, please choose “specify” and enter in your values.
47 3-5-3 Wireless Setup This page is used to define the parameters for the wireless LAN clients ESSID: This is the wireless broadcast name. By default, it is ‘Hawking_HPOW5CM’ but you can change it to whatever you want.
48 3-5-3-1 Authentication (Wireless Security) This section allows you to set up wireless security to prevent any unauthorized access to your wireless network Open System (security disabled) When you select this mode, data encryption is disabled, and every wireless device in proximity will be able to connect your wireless access point if no other security measure is enabled Use this option only when you want to allow any user to use your wireless access point, and you are not concerned about unauthorize
49 Settings can be modified via the VLAN setup after configuration is complete. See section 4-3.
50 Chapter IV: System Settings Under this heading, several settings can be changed to configure this device 4-1 WAN Setup Click under system, WAN setup. (This feature is only available under Router and WISP mode) 4-1-1 Internet Connection Type: Static IP Static IP users can manually setup the WAN IP w/ a static IP provided by the Internet Service Provider (ISP). IP Address, IP Netmask (subnet mask), IP Gateway are all provided by the ISP. Contact them if you are not sure.
51 Hostname: (optional). If your ISP uses dynamic IP addresses, you may need to enter a hostname provided by the ISP. 4-1-3 Internet Connection Type: PPPoE PPPoE users need to manually enter their ISP provided username/password. Please contact them if you are not sure. Username: Enter user name for PPPoE connection Password: Enter user name for PPPoE connection. MTU: By default, it is 1492 bytes. Consult with your ISP for correct MTU setting.
52 Reconnect Mode: Always on – A connection to internet is always maintained On Demand – A connection to internet is made as needed Manual – Click on the “Connect” button on “WAN information” in the overview page to connect to the internet. 4-1-4 Internet Connection Type: PPTP The Point-to-Point Tunneling Protocol (PPTP) mode enables the implementation of secure multiprotocol Virtual Private Networks (VPN) through public networks.
53 PPTP Server IP Address: The IP address of the PPTP Server WAN IP: IP Address of the WAN port IP Netmask (Subnet): The subnet mask of the WAN port PPTP Server IP address: The IP address of the PPTP server MTU: By default, it is 1492 bytes. Consult with your ISP for correct MTU setting.
54 Default MAC Address: Keep the default MAC address of WAN port on the system. Manual MAC Address: Enter the MAC address registered with your ISP. 4-2 LAN Setup Setup local IP Address/Netmask/Gateway/DNS and management. (This feature is only available under Router and WISP mode) 4-2-1 LAN IP Setup The administrator can set it to obtain (Dynamic IP) an IP automatically or manually setup (Static IP) the LAN IP address of the device.
55 IP Address: The IP address of the LAN port; default IP address is 192.168.2.254 Netmask: The Subnet mask of the LAN port; default Netmask is 255.255.255.0 4-2-2 DNS Check “No default DNS server” (default) or “Specify a DNS server IP” to setup a system DNS. Primary: The IP Address of the Primary DNS server Secondary: The IP address of the secondary DNS server 4-2-3 802.
56 4-3 VLAN Setup The VLAN setup is used to configure VLANs. Click under System, VLAN Setup. VLAN Mode: Number of VLANs (6 supported) VLAN Flag: Modes that are supported IP Address: IP address assigned to VLAN Netmask: Subnet Mask assigned to VLAN RADIO: WiFi frequency supported Action: Click “Network” button for configuring VLAN settings 4-3-1 VLAN Network Settings Click the Network button next to the VLAN you want to configure.
57 VLAN Mode: Enable/Disable to enable VLAN IP/Netmask Setup: Assign an IP address for specific VLAN Access Point: Enable/Disable the Wireless Radio 802.1d Spanning Tree: The spanning tree network protocol provides a loop free topology for a bridged LAN between LAN interface and 8 WDS interfaces from wds0 to wds7. The Spanning Tree Protocol, also referred to as STP, is defined in the IEEE 802.1d standard.
58 Control Port: Select one of the VLANs to be managed AP. ETH VLAN Tag Setup: Enable/Disable and create your tags 4-3-2 VLAN DHCP Service Devices connected to the system can obtain an IP address automatically when this service is enabled.
59 DHCP: Check Enable button to activate this function or Disable to deactivate this service. Start IP / End IP: Specify the range of IP addresses to be used by the DHCP server when assigning IP address to clients. The default range IP address is 192.168.2.10 to 192.168.2.70. Netmask: Set IP Netmask, Default 255.255.255.0 DNS1 IP: Enter IP address of the first DNS server; this field is required. DNS2 IP: Enter IP address of the second DNS server; this is optional.
60 WINS IP: Enter IP address of the Windows Internet Name Service (WINS) server; this is optional. Domain: Enter the domain name for this network. Lease Time: The IP addresses given out by the DHCP server will only be valid for the duration specified by the lease time. Increasing the time ensure client operation without interruptions, but could introduce potential conflicts.
61 4-3-3 VLAN Access Point For each Virtual AP, users can configure general settings and security. Click “edit” on the Virtual AP you wish to edit. ESSID: Extended Service Set ID indicates the SSID which the clients used to connect to the VAP. ESSID will determine the service type of a client which is assigned to the specified VAP. SSID Visibility: Select this option to enable the SSID to broadcast in your network.
62 period. Notice: IAPP only used on WPA-PSK and WPA2-PSK security type. Only one of VAPs can be enabled. Authentication: Choose your type of security you want to use for this Access Point Open System: Data are unencrypted during transmission when this option is selected. WPA-PSK (or WPA2-PSK): WPA-PSK is short for W-Fi Protected Access-PreShared Key.
63 TKIP is short for “Temporal Key Integrity Protocol. TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven’t been tampered with. Group Key Update Period: This time interval for re-keying GTK (broadcast/multicast encryption keys) in seconds. Enter the time-length required; the default time is 600 seconds. Passphrase: Enter the information for pre-shared key; the format of the information shall according to the key type selected.
64 Group Key Update Interval: This time interval for re-keying GTK (broadcast/multicast encryption keys) in seconds. Enter the time-length required; the default time is 600 seconds. Authentication RADIUS Server Settings Radius Server: Enter the IP address of the Authentication RADIUS server. Radius Port: The port number used by Authentication RADIUS server. Use the default 1812 or enter port number specified. Radius Secret: The secret key for system to communicate with Authentication RADIUS server.
65 Action: Select the desired access control type from the drop-down list; the options are Disable, Allow or Reject. Only Allow List MAC: Define certain wireless clients in the list which will have granted access to the Access Point while the access will be denied for all the remaining clients – Action Type is set to “Only Allow List MAC”.
66 Fast Roaming: Enable or Disable the feature here. Default is disabled. Mobility Domain: MDID is used to indicate a group of Aps (within an ESS, ie. Sharing the same SSID) between which a STA can use Fast BSS Transition. Please enter 2-octet identifier as a hex string. R0 Key Lifetime: Default lifetime of the PMK-RO in minutes, the default is 10000, administrator can set 1-65535 Reassoc deadline: Default: 1000 Reassociation deadline in time units (Tus / 1.024 ms; range 1000-65535).
67 To enable roaming between multiple AP devices, the first AP must key in the MAC address of the second AP and vice versa. The NAS Identifier and 128-bit key should be identical on both Aps. This will enable device roaming between both APs. Mac Address: Administrators must enter the MAC address of the other AP NAS Identifier: Enter 1-48 octets of network domain name 128-bit Key: Enter shared key R0 Key Holder List After setting up R0 Key Holder, the information will appear on this list.
68 Mac Address: Administrators must enter the MAC address of the other AP NAS Identifier: Enter 1-48 octets of network domain name 128-bit Key: Enter shared key R1 Key Holder List After setting up R1 Key Holder, the information will appear on this list. 4-4 Authentication This function is for web authentication. It supports authentication for local users / Radius Servers / 0Auth2.0 and Guest. The system supports 7 VLANs with web authentication.
69 #: Displays 7 VLANs Authentication: Displays VLAN # and whether enable/disable web authentication Action: Choose authentication or select drop down. 4-4-1 Authentication Click on the authentication button to get into the basic settings Authentication: Enable/disable Multiple Login: Set one account or multiple users to simultaneously login (0 = not limited) Login Timeout: After account login with no traffic, system with automatically timeout. Enter time in minutes.
70 4-4-2 Guest If enabled, the administrator can set guest count limit / login time, type and flow control Service: Enable/Disable Login Type: One Time: login to start counting until end of time Multiple Times: logout time will stop counting until the next relogin to start counting Count Limit: Set guest limit
71 Login Time: With a certain timefame with no traffic, system will auto logout QoS: Restrict traffic of guest. Set user upload/download traffic 4-4-3 Local User Create a local user account for web login Username: User account Password: Account password 4-4-4 OAuth2.0 Supports Facebook and Google by default. Users can add additional OAuth2.0 servers through UI settings. #: Display items. Active: Display on/off status for the authentication. Provider: Display authentication server.
72 POP3 Server: Enable/Disable Display Name: Set the display name based on POP3 user/client Host: Host Server Name Port: Port number for Host Server Connect Type: STARTTLS, SSL/TTL or none. POP3 Server Test: Test to see if the settings are operating correctly. 4-4-6 Customize Page This function allows the user to customize the user login page. This supports multiple languages and HTML editing. Page Setup Template: Administrator can select Enable or disable.
73 Select enable to active default Login Page Select disable to activate HTML Source Code Window for Customization 4-4-7 Customize Language User can create other languages for login page.
74 4-4-8 Walled Garden This function provides certain free services or advertisement web pages for users to access the websites listed before login and authentication. User without the network access right can still have a chance to experience the actual network service free of charge in Walled Garden URL list. Display Name: Set name of Website. IP Address/Domain: Set IP or Domain of the Open the website. Full URL: Set full website name.
75 4-5 DHCP Setup Devices connected to the system can obtain an IP address automatically when this service is enabled.
76 DHCP: Check Enable button to activate this function or Disable to deactivate this service. Start IP / End IP: Specify the range of IP addresses to be used by the DHCP server when assigning IP address to clients. The default range IP address is 192.168.2.10 to 192.168.2.70, the netmask is 255.255.255.0 DNS1 IP: Enter IP address of the first DNS server; this field is required. DNS2 IP: Enter IP address of the second DNS server; this is optional.
77 Domain: Enter the domain name for this network. Lease Time: The IP addresses given out by the DHCP server will only be valid for the duration specified by the lease time. Increasing the time ensure client operation without interruptions, but could introduce potential conflicts. Lowering the lease time will avoid potential address conflicts, but might cause more interruptions to the client while it will acquire new IP addresses from the DHCP server.
78 4-6 Management Setup Administrators can setup system info, passwords and login methods. Click under System, Management 4-6-1 System Information System Name: Enter a desired name or use the default one. Description: Provide description of the system. Location: Enter geographical location information of the system.
79 Enable HTTP: Check to select HTTP Service. Enable HTTPS: Check to select HTTPS Service HTTPS Port: The default is 443 and the range is between 1 ~ 65535. Enable Telnet: Check to select Telnet Service Telnet Port : The default is 23 and the range is between 1 ~ 65535 Enable SSH: Check to select SSH Service SSH Port : Please The default is 22 and the range is between 1 ~ 65535. Click “Generate Key” button to generate RSA private key.
80 4-6-5 Auto Reboot The device can be set to auto reboot in a daily, weekly, or monthly setting. 4-7 Time Server Setup System time can be configured via this page, and manual setting or via a NTP server is supported. Please go to System, Time Server Local Time: Display the current system time. Mode: Select NTP Server or Manual Setup Time Using NTP Synchronize the system time with NTP server. System can autoupdate the system time.
81 Default NTP Server: Select the NTP Server from the drop-down list. Time Zone: Select a desired time zone from the drop-down list. Daylight saving time: Enable or disable Daylight saving. Setup Time Using Manual The user can manually set time/date Date: Set the date for system. Time: Set the time for system. 4-8 PoE PassThrough This device supports PoE Bridge function.
82 4-9 SNMP Setup SNMP is an application-layer protocol that provides a message format for communication between SNMP managers and agents. By enabling SNMP function, the administrator can obtain the system information remotely. You can access the settings by going to System, SNMP SNMP v2c Enable Check to enable SNMP v2c. RO Community: Set a community string to authorize read-only access. RW Community: Set a community string to authorize read/write access. SNMP v3 Enable Check to enable SNMP v3.
83 RO Password: Set a password to authorize read-only access. RW User: Set a community string to authorize read/write access. RW Password: Set a password to authorize read/write access. SNMP Trap Events such as cold start, interface up & down, and association & disassociation will report to an assigned server. Community: Set a community string required by the remote host computer that will receive trap messages or notices send by the system.
84 Chapter V: Wireless Setup 5-1 General Setup This section allows you to set the data transmission, channel and output power for the system 5-1-1 Radio Basic Setup MAC Address: The MAC address of the Wireless interface is displayed here. Country: This device only supports United States WiFi channels. Band Mode: Please select the wireless band you wish to use. By selecting different band setting, you’ll be able to allow or deny the wireless client of a certain band. If you select 802.
85 If you select 802.11n, the only wireless clients using 802.11n band will be able to connect to this access point. (Maximum 300Mbps for 802.11n clients) Auto Channel: Enable/Disable the function. If disabled, the WiFi channel will be fixed to the manually selected channel. Channel: Please select a channel from the dropdown list of ‘Channel Number’, You can choose any channel number you want to use, and almost all wireless clients can locate the channel you’re using automatically without any problem.
86 Tx/Rx Stream: 2 is the default setting. Using 1 will halve your speed. Channel Bandwidth: The "20/40” MHz option is usually best. The other option is available for special circumstances. Extension Channel: Only for Channel Bandwidth “40” MHz. Select the desired channel bonding for control. Upper supports 1-7 and lower supports 5-11 MCS: This parameter represents transmission rate. By default (Auto) the fastest possible transmission rate will be selected.
87 Aggregation Size: The Aggregation Size is in the range of 1024~65535, default is 50000. It determines the size (in Bytes) of the larger frame. 5-2 Advanced Settings The administrator can change the Slot Time, ACK Timeout, RTS threshold and fragmentation threshold settings for the system Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond. The default value is 100 msec. Access Point (AP) in IEEE 802.
88 which support power saving mode, when to wake up to receive multicast frame. DTIM is necessary and critical in wireless environment as a mechanism to fulfill power-saving synchronization. A DTIM interval is a count of the number of beacon frames that must occur before the access point sends the buffered multicast frames. For instance, if DTIM Interval is set to 3, then the Wi-Fi clients will expect to receive a multicast frame after receiving three Beacon frame.
89 As an Example, time-sensitive Voice & Video, and multimedia are given effectively higher priority for transmission (lower wait times for channel access), while other applications and traditional IP data which are less time-sensitive but often more data-intensive are expected to tolerate longer wait times. High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). Medium throughput and delay.
90 ACM bit: Admission Control Mandatory, ACM only takes effect on AC_VI and AC_VO. When you do not click Checkbox, it means that the ACM is controlled by the connecting AP. If you click Checkbox, it means that the Client is in charge No ACK policy bit: Acknowledgment Policy, WMM defines two ACK policies: Normal ACK and No ACK. Click “Checkbox” indicates “No ACK” When the no acknowledgement (No ACK) policy is used, the recipient does not acknowledge received packets during wireless packet exchange.
91 Open System: Data are unencrypted during transmission when this option is selected. Shared Key: WEP, Wired Equivalent Privacy, is a data encryption mechanism based on a 64-bit, or 128-bit. Select Shared Key as the security type from the drop down list as desired. Key Size: The key size of WEP encryption can be 64bit, 128bit. Key Index: You can select the Key which you want to use.
92 Cipher Type: You can chose use AES or TKIP with your WPA / WPA2 encryption method AES is short for Advanced Encryption Standard. The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext. Each round consists of several processing steps, including one that depends on the encryption key. A set of reverse rounds are applied to transform ciphertext back into the original plaintext using the same encryption key.
93 Access Point: Choose Enable or Disable Repeater AP function, the default is Disable ESSID: Extended Service Set ID. When users are browsing for available wireless networks, this is the SSID that will appear in the list.. SSID Visibility: By default, it is “Disable”. Enable this option to stop the SSID broadcast in your network. When disabled, people could easily obtain the SSID information with the site survey software and get access to the network if security is not turned on.
94 Open System: Data are unencrypted during transmission when this option is selected. WPA-PSK (or WPA2-PSK): WPA-PSK is short for W-Fi Protected Access-PreShared Key. WPA-SPK uses the same encryption way with WPA, and the only difference between them is that WPA-PSK recreates a simple shared key, instead of using the user’s certification. Cipher Type: You can chose use AES or TKIP with your WPA / WPA2 encryption method, AES is short for Advanced Encryption Standard.
95 TKIP is short for “Temporal Key Integrity Protocol. TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven’t been tampered with. Group Key Update Period: This time interval for re-keying GTK (broadcast/multicast encryption keys) in seconds. Enter the time-length required; the default time is 600 seconds. Passphrase: Enter the information for pre-shared key; the format of the information shall according to the key type selected.
96 Group Key Update Interval: This time interval for re-keying GTK (broadcast/multicast encryption keys) in seconds. Enter the time-length required; the default time is 600 seconds. Authentication RADIUS Server Settings Radius Server: Enter the IP address of the Authentication RADIUS server. Radius Port: The port number used by Authentication RADIUS server. Use the default 1812 or enter port number specified. Radius Secret: The secret key for system to communicate with Authentication RADIUS server.
97 5-6 Repeater AP MAC Filter For each Repeater AP, users can allow or reject clients based on their MAC address. Click on Wireless, Repeater AP MAC Filter Setup. (This feature is only available in Client Bridge + Repeater AP and WISP Modes) Action: Select the desired access control type from the drop-down list; the options are Disable, Allow or Reject.
98 WDS link is bidirectional and both side must support WDS. Access points know each other by MAC Address. In other words, each access point needs to include MAC address of its peer. Ensure all access points are configured with the same channel and own same security type settings. (This feature is only available in AP Mode) Security Type: Option is “Disable”, “WEP”, “TKIP” or “AES” from drop-down list. AES Key: Enter 8 to 63 ASCII or 64 HEX format AES key.
99 WDS Peer's MAC Address: Enter the MAC address of WDS peer. Note: All WDS peers need to have same WiFi Channel and same Security Type. 5-8 WDS Status This page shows the status of each WDS enabled device on the network. (This feature is only available in AP Mode) MAC Address: Display MAC address of WDS devices. RSSI: Indicate the RSSI of the respective WDS's link.
100 Chapter VI: Advanced Settings 6-1 DMZ DMZ is a setting associated with NAT functionality and is an alternative to setting up a Virtual Server (Port Forwarding). This feature opens all ports of DMZ host to internet users. Virtual Server rules have precedence over the DMZ rule. In order to use a range of ports available to different internal hosts, Virtual Server rules should be used. (This feature is only available in Router and WISP Modes) Service: The DMZ is disabled by default.
101 unicast or multicast packets on different protocols as shown in the IP Filter Setup. Important to note that IP filter rules has precedence over Virtual server rules. (This feature is only available in Router and WISP Modes) Click Edit to configure/edit a rule.
102 Policy: Deny to drop and Pass to allow per filter rules In/Out: Applies to Ingress or egress packets. Protocol: Supports TCP, UDP or ICMP. Source Address/Mask: Enter desired source IP address and netmask. i.e. 192.168.2.10/32. Source Port: Enter a port or a range of ports as start:end. i.e. port 20:80 Destination Address/Mask: Enter desired destination IP address and netmask. i.e. 192.168.1.10/32 Destination Port: Enter a port or a range of ports as start:end. i.e.
103 Total of 20 rules maximum allowed in the IP Filter List. All rules can be edited or removed from the List. When you create rules in the IP Filter List, the prior rules maintain higher priority. To allow limited access from a subnet to a destination network manager needs to create allow rules first and followed by deny rules. 6-3 MAC Filter Allows users to create MAC filter rules to allow or deny unicast or multicast packets from limited number of MAC addresses.
104 Click Edit to configure/edit a rule. Active: By Default, the service is disabled. Check Enable radial button to enable Virtual Server. Comment: Enter appropriate message for resource sharing via Virtual Server. Protocol Type: Select appropriate sessions, TCP or UDP, from shared host via multiple private ports. Public Port: A port or a range of ports may be specified as start:end; i.e. port 20:80 Private IP: Enter corresponding IP address of internal resource to share.
105 Click “Save” button to add Virtual Server rule to List. Total of maximum 20 rules are allowed in this List. All rules can be edited or removed from the List. When creating multiple Virtual Server rules, the prior rules have higher priority. The Virtual server rules have precedence over the DMZ rules when both rules exist. 6-5 Access Control Access Control allows you to block or allow specific kinds of Internet usage and traffic, such as Internet access, designated services, and websites.
106 Active: Check Enable button to activate this rule, and Disable to deactivate. Comment: Enter a descriptive name for this rule for identifying purposes. Protocol: Select Any or specify a protocol (TCP, UDP, ICMP, Content Filter and Application) from drop-down list. When you select ICMP or Layer 7 Application, the Local(LAN)/ Destination Port cannot be used.
107 Application: Choose the application you wish to block. A small list of presets are available Domain Filter MAC Address: Enter MAC address in valid MAC address format (aa.bb.cc.dd.ee.ff) and click “Add” button to add in the MAC group of each rule. Click “Remove” button can remove MAC address in the group of each rule. There are 10 MAC address maximum allowed in each rule. Local/Destination IP: Specify local(LAN)/ destination IP addresses range required for this rule.
108 6-6 Time Policy Users can define time policy for Service Domain, IP Filtering, MAC Filtering and Virtual Server. There are 10 policies that can be defined. Click Edit to configure/edit a policy Create a Policy: Select desired schedule for this policy. Time Schedule: Select desired day of week and time period for this policy.
109 Chapter VII: AP Control 7-1 Scan Device This page allows you to scan and add devices to the AP control list. Click scan under filter device. It will scan for all managed APs on the network and list them under Scan Results. Select the APs you wish to manage and click “Import” 7-1-1 Filter Device VLAN #: Select VLAN network to discover managed APs Default Password: Set Login system password by managed APs Sort: Select discovered Aps by type (IP or MAC).
110 7-1-2 Update IP Address & Netmask Control Port: Change VLAN network for managed APs. VLAN TAG: Set VLAN TAG ID for managed APs IP Address: Set IP address for managed APs. The IP address will auto increment.
111 7-2 Batch Setup This section allows you to filter by VLAN/Group and choose which Batch setup functions you want to setup. 7-2-1 VLAN List VLAN: When VLAN Tag Function is enabled (Please refer to 4.3 system VLAN setup), administrator can change VLAN tag for managed APs. Group: When AP groups are created (please refer to 7.4), administrators can select and change group settings for managed APs. Batch Setup: Administrators can centralize setting changes for managed APs. (See section 7.2.
112 VLAN setup: VLAN: VLAN Mode: Access Point0: 802.1d Spanning Tree: Control Port: IAPP The function: The function can select VLAN (see section 4-3-1) Administrator can enable or disable VLAN mode of the managed APs. Administrator can enable or disable 2.4GHz of the managed APs. Administrator can enable or disable the function. (See section 4-3-1) The function administrator can enable or disable of the managed APs (please refer to section 4.3.1) Administrator can enable or disable of the managed APs.
113 IP Setup: Administrator can set IP address and Netmask of the managed APs. ETH0/1 VLAN Tag Setup: Administrator can set VLAN Tag or disable VLAN function of the managed APs. Authentication Profile: After creating Profiles, See section 7-6 users can apply Authentication profiles Gateway & DNS: Setting Gateway and DNS for managed APs. Time Server: Setting System Time for managed APs.
114 7-3 AP Setup AP setup allows you to configure each individual AP you added to the Controller. You can edit the network settings, remove the devices from the controller or reboot them. VLAN: selected Desired VLAN for AP setup Setup: Administrators can modify IP address, system login passwords, web login port for managed APs. If administrator has to change AP devices, they can modify MAC address of new managed AP.
115 Create New Map: Click the button to create map. Map Name: Enter a map name Image URL: Enter the URL of the map image. Description: Enter a description of the map. Layout: Once the map is on the Map List, administrators can click on the “Layout” button in the action tab to map out the AP network. Managed APs will appear on the device list section of the layout page. Administrators can simply drag the AP to the correct location.
116 View: Once a device is placed, you can click the “View” button to monitor AP status and locations. 7-6 Authentication Profile Administrators can pre-set authentication conditions in the profile. For authentication, refer to 4.3.
117 Create New Profile: Create a new authentication profile. Edit: Click the Authentication button to Enable or Disable authentication function. See section 4-4 Click Dropdown to set authentication functions. See section 4-4 Action: Setup button can modify or delete for the authentication profile. 7-7 Status Check the status of each Access Point assigned to the Controller. Check their settings and network information.
118 Chapter VIII: Utilities 8-1 Profile Setting In this page you can save your current configuration, restore a previous saved configuration or restore all the settings in the system to the factory default settings. Save Settings to PC: Click Save button to save the current configuration to a local disk. Load Settings from PC: Click Browse button to locate a configuration file to restore, and then click Upload button to upload.
119 Upgrade Firmware: Upgrade firmware will support via Local PC, TFTP Server and HTTP URL upgrade 8-3 Network Utility The administrator can diagnose network connectivity via the PING or TRACEROUTE utility. Ping: This utility will help ping other devices on the network to verify connectivity. Ping utility, using ICMP packets, detects connectivity and latency between two network nodes. As result of that, packet loss and latency time are available in the Result field while running the PING test.
120 Traceroute: Allows tracing the hops from the device to a selected outgoing IP address. It should be used for the finding the route taken by ICMP packets across the network to the destination host. The test is started using the Start button, click Stop button to stopped test. Destination Host: Specifies the Destination Host for the finding the route taken by ICMP packets across the network. MAX Hop: Specifies the maximum number of hops (max time-to-live value) trace route will probe.
121 Chapter IX: Status 9-1 Overview Detailed information on the Device and Network can be viewed on this page. 9-2 Wireless Client Administrators can view the status of all Wireless users. 9-3 Online Users The status can display online users by captive portal.
122 Authentication: Display captive Portal Authentication function is on/off on VLANs Download Packets: Display total download packets amount information of the VLAN Upload Packets: Display total upload packets amount information of the VLAN Download Bytes: Display total download flow information of the VLAN Upload Bytes: Display total upload flow information of the VLAN Action: Click “Detail” to monitor all user’s use of network 9-4 Authentication Log by Captive Portal The authentication log ca
123 Chapter X: Hardware Install The HPOW5CM are designed with wall mounts and pole mounts for exterior installations. 10-1 Pole Mount Using the provided zip ties, secure the HPOW5CM through the holes on the back of the device. Make sure they are tight and secure. Make sure the pole itself is secure. Note: you will need an Ethernet cable long enough to go from the device to the PoE injector. The PoE injector is not weather proofed. We do not recommend any cabling over 100 feet in length.
124 10-2 Wall Mount Using the optional wall mount kit, first mount the wall mounting kit on a secure wall. Screw it in using the provided screws. Once secure, simply snap the HPOW5CM into the wall mount kit.
125
126 Note: you will need an Ethernet cable long enough to go from the device to the PoE injector. The PoE injector is not weather proofed. We do not recommend any cabling over 100 feet in length. Note2: Make sure you also use a long enough grounding cable (not included) to mount to your grounding point. We recommend 16-18 AWG grounding cable 10-3 Antenna Orientation Once you have mounted and connected HPOW5CM, be sure to note the signal pattern of the antenna.
127 Chapter XI: Appendix 11-1 Specifications Hardware Specification Base Platform AR9341 (AR1321) CPU Clock Speed 535 MHz Wireless Radio IEEE 802.11b/g/n Serial Port 1 * Console (Internal) Reset Switch Built-in Push-button momentary contact switch Standards Conformance IEEE 802.3 / IEEE 802.3u Ethernet Ports Flash On board : 8MB SDRAM On board : 32MB Built-In LED Indicators 1 x Power, 2 x LAN, 4 x WLAN (Signal LED Indicator) 2 x 10/100Mbps Ethernet ports (PoE Pass Through) IEEE 802.
128 Environmental & Mechanical Characteristics Operating Temperature -20 °C ~ 60 °C Storage Temperature -20 °C ~ 85 °C Operating Humidity 100% Non-Condensing Storage Humidity 100% Non-Condensing Built-in Antenna HPOW5CM: 5dBi, 2.4GHz Omni Antenna (H-Plane: 360, E-Plane: 60) Input Power 48 VDC Ethernet Connector 2 * Ethernet Connector Power Supply AC Input : 110 – 220V AV Power DC Output : 48 VDC, 0.5A input (PoE Power Injector, support up to 1A) Unit Weight 0.289KG Unit Dimensions 190.