User Guide LAPAC1750PRO
Linksys Table of Contents Table of Contents Section 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . 1 Administrator’s Computer Requirements . . . . . . . . . . . . . . . 1 Wireless Client Requirements . . . . . . . . . . . . . . . . . . . . . . 2 Online Help, Supported Browsers, and Limitations . . . . . . . . . 2 Dynamic and Static IP Addressing on the AP . . . . . . . . . . . . . 3 Installing the Access Point .
Linksys Section 1: Getting Started The LAPAC1750PRO® Access Point provides continuous, high-speed access between wireless devices and Ethernet devices. It is an advanced, standardsbased solution for wireless networking in businesses of any size. The access point (AP) enables wireless local area network (WLAN) deployment while providing state-of-the-art wireless networking features. The access point can operate in one modes: Standalone Mode.
Linksys Section 1: Getting Started Web Browser and Operating System Configuration and administration of the access point is provided through a Web-based user interface hosted on the access point. We recommend using one of the following supported Web browsers to access the access point Administration Web pages: • Microsoft® Internet Explorer® version 9.x or 11.x (with up-to-date patch level for either major version) • Mozilla Firefox version 26.x • Google Chrome version 32.x • Safari version 5.
Linksys Section 1: Getting Started Figure 1: Administrator UI Online Help note: If you do not have a DHCP server on your internal network, and do not plan to use one, the first thing you must do after powering on the access point is change the connection type from DHCP to static IP. You can either assign a new static IP address to the AP or continue using the default address.
Linksys •• To use a LAN connection, connect one end of an Ethernet cable to the network port on the access point and the other end to the same hub where your PC is connected, as shown in the following figure. The hub or switch you use must permit broadcast signals from the access point to reach all other devices on the network.
Linksys Section 1: Getting Started Figure 2: System Summary Page For information about how to configure the 802.1X user name and password, see “802.1X Supplicant” on page 94. Configuring the Ethernet Settings The default Ethernet settings, which include DHCP and VLAN information, might not work for all networks. By default, the DHCP client on the access point automatically broadcasts requests for network information.
Linksys Configuring IEEE 802.1X Authentication On networks that use IEEE 802.1X, port-based network access control, a supplicant (client) cannot gain access to the network until the 802.1X authenticator grants access. If your network uses 802.1X, you must configure 802.1X authentication information that the AP can supply to the authenticator. If your network uses IEEE 802.1X see “802.1X Supplicant” on page 94 for information about how to configure 802.1X by using the Web interface.
Linksys Section 2: Viewing Access Point System Status Section 2: Viewing Access Point System Status System Summary From the System Summary page, you can view various information about the access point (AP), including IP and MAC address information. Table 3 describes the fields and configuration options on the System Summary page. Table 3: System Summary Page This section describes the information you can view from the tabs under the Status and Statistics heading on the Administration Web UI.
Linksys MAC Address Firmware Version Section 2: Viewing Access Point System Status Shows the MAC address of the AP. The address shown here is the MAC address associated with the management interface. This is the address by which the AP is known externally to other networks. Shows version information about the firmware currently installed on the AP. As new versions of the WLAN AP firmware become available, you can upgrade the firmware on your AP. Hardware Version Identifies the AP hardware version.
Linksys Section 2: Viewing Access Point System Status LAN Status (Management Interface) To change the wired settings, click the Edit link. After you click Edit, you are redirected to the VLAN and IPv4 Address page. LAN Status shows information about the internal Ethernet interface, which is the primary interface used to manage the AP.
Linksys Mode Channel Operational Bandwidth Section 2: Viewing Access Point System Status The Physical Layer (PHY) standard the radio uses: •• IEEE 802.11b/g — 802.11b and 802.11g clients can connect to the AP. •• IEEE 802.11b/g/n — 802.11b, 802.11g, and 802.11n clients operating in the 2.4-GHz frequency can connect to the AP. •• IEEE 802.11n — Only 802.11n clients operating in the 2.4-GHz frequency can connect to the AP. •• IEEE 802.11a — Only 802.11a clients can connect to the AP.
Linksys Section 2: Viewing Access Point System Status WLAN Bytes Transmitted Total bytes transmitted by the AP on this radio interface. Multiple Retry Count Number of times an MSDU is successfully transmitted after more than one retry. WLAN Packets Received Dropped Number of packets received by the AP on this radio interface that were dropped. RTS Success Count Count of CTS frames received in response to an RTS frame.
Linksys Section 2: Viewing Access Point System Status Interface Statistics The Interface Statistics page provides some basic information about the AP and a real-time display of transmit and receive statistics for the Ethernet interface on the AP, and for the VAPs on both radio interfaces. All transmit and receive statistics shown are totals since the AP was last started. If you reboot the AP, these figures indicate transmit and receive totals since the reboot.
Linksys Section 2: Viewing Access Point System Status Workgroup Bridge Total Bytes The Workgroup Bridge page displays packet and byte counts for traffic between stations on a workgroup bridge. The information in the following table is available for each network interface that is configured as a workgroup bridge interface. Figure 6: Workgroup Bridge The total number of Sent/Received bytes bridged between the wired clients in the workgroup bridge and the wireless network.
Linksys Status Section 2: Viewing Access Point System Status The Authenticated and Associated Status shows the underlying IEEE 802.11 authentication and association status, which is present no matter which type of security the client uses to connect to the AP. This status does not show other (IEEE 802.1X) authentication or association status.
Linksys Section 2: Viewing Access Point System Status TSPEC Client Associations The TSPEC Client Association Status and Statistics page provides information about the TSPEC client data transmitted and received by this access point. Table 10 shows voice and video packets transmitted and received by the association, along with status information. TS Identifier TSPEC Traffic Session Identifier (range 0-7). Access Category TS Access Category (voice or video). Direction The traffic direction for this TS.
Linksys From Station To Station Section 2: Viewing Access Point System Status The number of packets and bytes received from the wireless client, and the number of packets and bytes that were dropped after being received. Also, the number of packets: •• in excess of an admitted TSPEC. •• for which no TSPEC has been established when admission is required by the AP.
Linksys Section 2: Viewing Access Point System Status Table 11: TSPEC Status and Statistics Field Description Interface Indicates the name of the Radio or VAP interface. Access Category Indicates Current Access Category associated with this Traffic Stream (voice or video). Status Indicates whether the TSPEC session is enabled (up) or disabled (down) for the corresponding Access Category. Note: This is a configuration status (does not necessarily represent the current session activity).
Linksys Section 2: Viewing Access Point System Status Email Alert Status System Log The Email Alert Status page provides information about the email alerts sent based on the syslog messages generated in the AP. From the System Log page, you can view the most recent system log generated by this AP. To view the Email Alert Operational Status, click the System Status > Email Alert Status tab. To view the Email Alert Operational Status, click the System Status > System Log tab.
Linksys Section 3: Configuring the Access Point •• Administration •• LAN •• Wireless •• Security •• QoS and Access Control •• SNMP •• Captive Portal •• Cluster Section 3: Configuring the Access Point System Settings From the System Settings page, you can change the administrator password and system settings e.g. device name, system contact.
Linksys Device Name Section 3: Configuring the Access Point Name your AP. This name appears only on the Basic Settings page and is used to identify the AP to the administrator. A valid name is 1 to 64 alphanumeric characters, and can include letters, digits, hyphens and spaces. System Contact Enter the name, e-mail address, or phone number of the person to contact regarding issues related to the AP. System Location Enter the physical location of the AP, for example Conference Room A.
Linksys Section 3: Configuring the Access Point Table 16: Time Settings Field Description System Clock Source Set the system time. •• To permit the AP to poll an NTP server, select Network Time Protocol (NTP). •• To manually configure the time and date, select Manually. When this option is selected, the AP does not attempt to poll an NTP server. NTP Server IPv4/ If NTP is enabled, specify the NTP server to use.
Linksys Section 3: Configuring the Access Point Configuring Persistent Logging Options If the system unexpectedly reboots, log messages can be useful to diagnose the cause. However, log messages are erased when the system reboots unless you enable persistent logging. Caution! Enabling persistent logging can wear out the flash (non-volatile) memory and degrade network performance. You should only enable persistent logging to debug a problem.
Linksys Section 3: Configuring the Access Point Enabling or Disabling the Log Relay Host on the Log Settings Page To enable and configure Log Relaying on the Log Settings page, set the Log Relay options as described in the following table, and then click Save. Table 18: Log Relay Host Field Description Relay Log Select Enabled to allow the access point to send log messages to a remote host. Select Disabled to keep all log messages on the local system.
Linksys From Email Address Log Duration Urgent Message Severity Section 3: Configuring the Access Point Specify the email address that appears in the From field of alert messages sent from the AP, for example AP23@foo.com. The address can be a maximum of 255 characters and can contain only printable characters. By default, no address is configured. This duration, in minutes, determines how frequently the non critical messages are sent to the SMTP Server. The range is 30-1440 minutes.
Linksys Section 3: Configuring the Access Point note: After you configure the Email Alert settings, you must click Save to apply the changes and save the changes to startup configuration file. note: Hostnames are composed of a series of labels joined with dots, as are all domain names. Each label must be between 1 and 63 characters long, and the entire hostname (including dots) has a maximum of 253 characters.
Linksys Section 3: Configuring the Access Point HTTP/HTTPS Service The AP can be managed through HTTP or secure HTTP (HTTPS) sessions. By default both HTTP and HTTPS access are enabled. Either access type can be disabled separately. To configure Web server settings, click the Services > Web Server tab. Figure 18: HTTP/HTTPS Service Table 21: HTTP/HTTPS Service Field Description HTTP Server Status Enable or disable access through HTTP. This setting is independent of the HTTPS server status setting.
Linksys Generate Certificate Section 3: Configuring the Access Point SSL Click Generate to generate a new HTTP SSL certificate for the secure Web server. This should be done once the access point has an IP address to ensure that the common name for the certificate matches the IP address of the access point. Generating a new SSL certificate will restart the secure Web server. The secure connection will not work until the new certificate is accepted on the browser.
Linksys Section 3: Configuring the Access Point Discovery - LLDP Discovery - Bonjour Link Layer Discovery Protocol (LLDP) is defined by the IEEE 802.1AB standard and allows the access point to advertise information about itself such as the system name, port name, system capabilities, and power requirements. This information can help you identify system topology and detect bad configurations on the LAN.
Linksys Section 3: Configuring the Access Point LAN Figure 21: VLAN and IPv4 Address This section describes how to manage the access point and contains the following subsections: •• VLAN and IPv4 Address •• IPv6 Address •• IPv6 Tunnel The configuration pages for the features in this section are located under the Manage heading on the Administration Web UI. VLAN and IPv4 Address The default wired interface settings, which include DHCP and VLAN information, might not work for all networks.
Linksys VLAN Tagging Section 3: Configuring the Access Point If you disable the untagged VLAN, all traffic is tagged with a VLAN ID. By default all traffic on the access point uses VLAN 1, which is the default untagged VLAN. This means that all traffic is untagged until you disable the untagged VLAN, change the untagged traffic VLAN ID, or change the VLAN ID for a VAP or client using RADIUS. Untagged VLAN ID Provide a number between 1 and 4094 for the untagged VLAN ID.
Linksys Section 3: Configuring the Access Point Table 26: IPv6 Address Settings Field Description IPv6 Connection Type Select the option to determine how the IPv6 address for the management interface is configured: •• DHCPv6 — The Access Point acquires its IPv6 address, DNS, and gateway information from a DHCPv6 server. •• Static IPv6 — You must enter information in the Static IPv6 Address, Prefix length, and Default Gateway fields.
Linksys Section 3: Configuring the Access Point IPv6 Tunnel Table 27: IPv6 Tunnel Settings The access point supports the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), which enables the AP to transmit IPv6 packets over the LAN encapsulated within IPv4 packets. The protocol enables the access point to communicate with remote IPv6-capable hosts even when the LAN that connects them does not support IPv6.
Linksys note: DNS name is composed of a series of labels joined with dots, as are all domain names. Each label must be between 1 and 63 characters long, and the entire hostname (including dots) has a maximum of 253 characters. Section 3: Configuring the Access Point Wireless The wireless features are located under the Configuration heading on the administration Web UI.
Linksys Section 3: Configuring the Access Point Radio Table 28: Radio Settings Radio settings directly control the behavior of the radio devices in the AP, and determine how and what type of electromagnetic waves the AP emits. Different settings display depending on the mode you select. All settings are described in Table 28. Field Description Radio Select Radio 1 or Radio 2 to specify which radio to configure. Radio 1 stands for 2.4GHz radio, and Radio 2 stands for 5GHz radio.
Linksys Mode Section 3: Configuring the Access Point The Mode defines the Physical Layer (PHY) standard the radio uses. Note: The modes available depend on the country code setting and radio. Select one of the following modes for each radio interface: •• IEEE 802.11b/g — 802.11b and 802.11g clients can connect to the AP. •• IEEE 802.11b/g/n — 802.11b, 802.11g, and 802.11n clients operating in the 2.4-GHz frequency can connect to the AP. •• IEEE 802.11n — Only 802.11n clients operating in the 2.
Linksys Channel Section 3: Configuring the Access Point Select the Channel. The range of available channels is determined by the mode of the radio interface and the country code setting. If you select Auto for the channel setting, the AP scans available channels and selects a channel where no traffic is detected. Primary Channel (802.11n modes only) The channel defines the portion of the radio spectrum the radio uses for transmitting and receiving.
Linksys Multidomain Regulatory Mode Section 3: Configuring the Access Point This feature is configurable on a per radio basis. By default it is enabled. Protection Multidomain Regulatory Mode (World Mode) causes the AP to broadcast which country it is operating in as a part of its beacons and probe responses. This allows client stations to operate in any country without reconfiguration. You can disable (Off ) these protection mechanisms.
Linksys Section 3: Configuring the Access Point Fragmentation Specify a number between 256 and 2,346 to set the Threshold frame size threshold in bytes. RTS Threshold The RTS threshold indicates the number of octets in an MPDU, below which an RTS/CTS handshake is not performed. The fragmentation threshold is a way of limiting the size of packets (frames) transmitted over the network.
Linksys Legacy Rate Sets Section 3: Configuring the Access Point Check the transmission rate sets you want the AP to support and the basic rate sets you want the AP to advertise: •• Rates are expressed in megabits per second. •• Supported Rate Sets indicate rates that the AP supports. You can check multiple rates (click a check box to select or deselect a rate). The AP will automatically choose the most efficient rate based on factors like error rates and distance of client stations from the AP.
Linksys Section 3: Configuring the Access Point TSPEC Video ACM Limit Specify an upper limit on the amount of traffic the AP attempts to transmit on the wireless medium using a video admission control to gain access. TSPEC AP Inactivity Timeout Specify the amount of time for an AP to detect a downlink TS as idle before deleting it. TSPEC Station Inactivity Timeout Specify the amount of time for an AP to detect an uplink TS as idle before deleting it.
Linksys Section 3: Configuring the Access Point Figure 25: Viewing Rogue AP Detection Action The available action depends on which list an AP is in. •• If the AP is in the Detected Rogue AP List, the Grant button is available. Click Grant to move the AP from the Detected Rogue AP List to the Trusted AP List. •• If the AP is in the Trusted AP List, the Delete button is available. Click Delete to move the AP from the Trusted AP list to the Detected Rogue AP List.
Linksys SSID Privacy Section 3: Configuring the Access Point The Service Set Identifier (SSID) for the AP. Last Beacon The SSID is an alphanumeric string of up to 32 characters that uniquely identifies a wireless local area network. It is also referred to as the Network Name. Shows the date and time of the last beacon received from this AP. Rates Shows supported and basic (advertised) rate sets for the neighboring AP. Rates are shown in megabits per second (Mbps).
Linksys Section 3: Configuring the Access Point Virtual Access Point (VAP) Figure 26: Virtual Access Points (VAP) Virtual Access Points (VAPs) segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of Ethernet VLANs. VAPs simulate multiple APs in one physical AP. Each radio supports up to 8 VAPs. For each VAP you can customize the security mode to control wireless client access. Each VAP can also have a unique SSID.
Linksys VLAN ID Section 3: Configuring the Access Point When a wireless client connects to the AP using this VAP, the AP tags all traffic from the wireless client with the VLAN ID you enter in this field unless you enter the untagged VLAN ID or use a RADIUS server to assign a wireless client to a VLAN. The range for the VLAN ID is 1–4094.
Linksys Security Section 3: Configuring the Access Point Select one of the following Security modes for this VAP: •• None •• Static WEP •• IEEE802.1X •• WPA Personal •• WPA Enterprise If you select a security mode other than None, additional fields appear. These fields are explained below. Note: The security mode you set here is specifically for this VAP. MAC Authentication Type You can configure a global list of MAC addresses that are allowed or denied access to the network.
Linksys Section 3: Configuring the Access Point Table 31: Static WEP Field Description Transfer Key Index The Transfer Key Index indicates which WEP key the AP uses to encrypt the data it transmits with WPA devices. Key indexes 1 through 4 are available. The default is 1. Key Length Select the length of the key: Key Type WEP Keys •• 64 bits •• 128 bits Select the length of the key: •• ASCII •• Hex There are four WEP keys can be set.
Linksys Section 3: Configuring the Access Point WPA Personal WPA Personal is a Wi-Fi Alliance IEEE 802.11i standard, which includes AESCCMP and TKIP mechanisms. It employs a pre-shared key (instead of using IEEE 802.1X and EAP as is used in the Enterprise WPA security mode). The PSK is used for an initial check of credentials only. This security mode is backwards-compatible for wireless clients that support the original WPA. Key The pre-shared key is the shared secret key for WPA Personal.
Linksys Section 3: Configuring the Access Point Enable If for WPA versions you select only WPA2 or both WPA pre-authentication and WPA2, you can enable pre-authentication for WPA2 clients. Click Enable pre-authentication if you want WPA2 wireless clients to send a pre-authentication packet. The pre-authentication information will be relayed from the AP the client is currently using to the target AP. Enabling this feature can help speed up authentication for roaming clients who connect to multiple APs.
Linksys Enable RADIUS Accounting Section 3: Configuring the Access Point Select this option to track and measure the resources a particular user has consumed such as system time, amount of data transmitted and received, and so on. If you enable RADIUS accounting, it is enabled for the primary RADIUS server and all backup servers. Active Server The RADIUS IP address and key for up to four RADIUS servers can be configured on the AP.
Linksys Section 3: Configuring the Access Point Figure 27: Scheduler Configuration Table 34: Scheduler Configuration Field Description Global Scheduler Mode A global switch to enable or disable the scheduler feature. The default is Disable. Scheduler Operational Status Status The operational status of the scheduler. The range is up or down. The default is down. Reason Provides additional information about the status.
Linksys Start Time End Time Section 3: Configuring the Access Point The time when the radio or VAP will be operationally enabled. The time is in HH:MM 24-hour format. The range is <00-23>:<00-59>. The default is 00:00. The time when the radio or VAP will be operationally disabled. The time is in HH:MM 24-hour format. The range is <00-23>:<00-59>. The default is 00:00.
Linksys Section 3: Configuring the Access Point Table 35: Scheduler Association Settings Field Description Per-Radio Scheduler Association Radio Identifies the radio associated with the rest of the information in the row. Scheduler Profile Select the scheduler profile to associate with Radio 1 or Radio 2. Operational Status The operational status of the scheduler, which is either up or down.
Linksys Section 3: Configuring the Access Point Table 36: Bandwidth Utilization Field Description Bandwidth To enable load balancing on this AP, click Enabled. Utilization To disable load balancing on this AP, click Disabled. Maximum Provide the percentage of network bandwidth utilization allowed on the radio before the AP stops accepting new client associations. Utilization The default is 0, which means that all new associations will be allowed regardless of the utilization rate.
Linksys Section 3: Configuring the Access Point note: Global MAC Authentication settings apply to all VAPs on both radios. Table 37: MAC Filtering Field Description Filter To set the MAC Address Filter, select one of the following options: •• Allow only stations in the list. Any station that is not in the stations list is denied access to the network through the AP. •• Block all stations in list. Only the stations that appear in the list are denied access to the network through the AP.
Linksys WDS Bridge Section 3: Configuring the Access Point Figure 31: WDS Bridge The Wireless Distribution System (WDS) allows you to connect multiple Access Points. With WDS, APs communicate with one another without wires in a standardized way. This capability is critical in providing a seamless experience for roaming clients and for managing multiple wireless networks. It can also simplify the network infrastructure by reducing the amount of cabling required.
Linksys Section 3: Configuring the Access Point Before you configure WDS on the AP, note the following guidelines: •• When using WDS, be sure to configure WDS settings on both APs participating in the WDS link. •• You can have only one WDS link between any pair of APs. That is, a remote MAC address may appear only once on the WDS Bridge page for a particular AP. •• Both APs participating in a WDS link must be on the same radio channel and using the same IEEE 802.11 mode.
Linksys Section 3: Configuring the Access Point WPA/PSK on WDS Links The following table describes the additional fields that appear when you select WPA/PSK as the encryption type. note: In order to configure WPA-PSK on any WDS link, VAP0 of the selected radio must be configured for WPA-PSK or WPA-Enterprise. Table 40: WPA/PSK on WDS Links Field Description Encryption WPA (PSK) SSID Enter an appropriate name for the new WDS link you have created.
Linksys The devices connected to the wired interface of the access point, as well as the downstream stations associated to the access point’s access point interface can access the network connected by the infrastructure client interface. To allow the bridging of packets, the VLAN configuration for the access point interface and wired interface should match that of the infrastructure client interface.
Linksys Section 3: Configuring the Access Point Table 41: Workgroup Bridge Field Description Workgroup Bridge Mode Set the administrative mode of the Workgroup Bridge feature. Radio Select the radio on which to configure Workgroup Bridge mode. Infrastructure Client Interface VLAN ID The VLAN associated with the BSS. SSID The SSID of the Basic Service Set (BSS). The BSS includes upstream access point and all of its connected clients (STAs).
Linksys Section 3: Configuring the Access Point QoS Figure 33: QoS Quality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice-over-IP (VoIP), other types of audio, video, and streaming media, as well as traditional IP data over the access point.
Linksys Queue AIFS (Inter-Frame Space) Section 3: Configuring the Access Point Queues are defined for different types of data transmitted from AP-to-station: cwMax (Maximum Contention Window) The value specified for the Maximum Contention Window is the upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. •• Data 0 (Voice) — High priority queue, minimum delay.
Linksys Wi-Fi Multimedia Section 3: Configuring the Access Point Wi-Fi Multimedia (WMM) is enabled by default. With WMM enabled, QoS prioritization and coordination of wireless medium access is on. With WMM enabled, QoS settings on the access point control downstream traffic flowing from the AP to client station (AP EDCA parameters) and the upstream traffic flowing from the station to the AP (station EDCA parameters).
Linksys APSD Section 3: Configuring the Access Point Select On to enable Automatic Power Save Delivery (APSD), which is a power management method. APSD is recommended if VoIP phones access the network through the AP. note: After you configure the QoS settings, you must click Save to apply the changes and save the changes to startup configuration file. Changing some settings might cause the AP to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity.
Linksys Section 3: Configuring the Access Point Virtual Access Point Settings describes the fields and configuration options on the VAP page. RADIUS Key Table 43: RADIUS Server Settings Field Description RADIUS IP Address Type Specify the IP version that the RADIUS server uses. RADIUS IP Address RADIUS IPv6 Address Enter the IPv4 or IPv6 address for the primary global RADIUS server.
Linksys 802.1X Supplicant 802.1X Supplicant settings allow the access point to gain access to a secured wired network. Use these settings to enable the access point as an 802.1X supplicant (client) on the wired network. An MD5 user name and password can be configured to allow the access point to authenticate via 802.1X. On networks that use IEEE 802.1X, port-based network access control, a supplicant cannot gain access to the network until the 802.1X authenticator grants access. If your network uses 802.
Linksys Section 3: Configuring the Access Point Upload Method Select the method to use for uploading a certificate file to the AP, which is either HTTP/HTTPS (upload by Web browser) or TFTP (upload by TFTP server). Filename Specify the path and filename of the certificate file: •• For HTTP uploads, click Browse to find the location where the certificate file is stored. Select the file to upload to the access point. Click Upload to initiate the file transfer.
Linksys Section 3: Configuring the Access Point Global Settings Table 45: QoS Global Settings The client QoS features on the access point provide additional control over certain QoS aspects of wireless clients that connect to the network, such as the amount of bandwidth an individual client is allowed to send and receive. To control general categories of traffic, such as HTTP traffic or traffic from a specific subnet, you can configure ACLs and assign them to one or more VAPs.
Linksys Section 3: Configuring the Access Point ACL Type Down Select the type of ACL to apply to traffic in the outbound (down) direction, which can be one of the following: ACL Name Down •• IPv4: The ACL examines IPv4 packets for matches to ACL rules •• IPv6: The ACL examines IPv6 packets for matches to ACL rules •• MAC: The ACL examines layer 2 frames for matches to ACL rules Select the name of the ACL applied to traffic in the outbound (down) direction.
Linksys Section 3: Configuring the Access Point Figure 37: ACL Table 46: ACL Configuration Field Description ACL ACL Name Enter a name to identify the ACL. The name can contain from 1–31 alphanumeric characters and the following special characters: hyphen, underscore, backslash and colon. Spaces are not allowed. ACL Type Select the type of ACL to configure: •• IPv4 •• IPv6 •• MAC IPv4 and IPv6 ACLs control access to network resources based on Layer 3 and Layer 4 criteria.
Linksys Section 3: Configuring the Access Point Action Specifies whether the ACL rule permits or denies an action. •• When you select Permit, the rule allows all traffic that meets the rule criteria to enter or exit the AP (depending on the ACL direction you select). Traffic that does not meet the criteria is dropped. •• When you select Deny, the rule blocks all traffic that meets the rule criteria from entering or exiting the AP (depending on the ACL direction you select).
Linksys Source Port Destination Address Section 3: Configuring the Access Point Select this field to include a source port in the match condition for the rule. The source port is identified in the datagram header. Once you select the field, choose the port name or enter the port number. Select From List Select the keyword associated with the source port to match: •• ftp •• ftpdata •• http •• smtp •• snmp •• telnet •• tftp •• www Each of these keywords translates into its equivalent port number.
Linksys IP TOS Mask Section 3: Configuring the Access Point Enter an IP TOS mask value to identify the bit positions in the TOS Bits value that are used for comparison against the IP TOS field in a packet. The TOS Mask value is a two-digit hexadecimal number from 00 to ff, representing an inverted (i.e. wildcard) mask. The zero-valued bits in the TOS Mask denote the bit positions in the TOS Bits value that are used for comparison against the IP TOS field of a packet.
Linksys EtherType Section 3: Configuring the Access Point Select the EtherType field to compare the match criteria against the value in the header of an Ethernet frame. Select an EtherType keyword or enter an EtherType value to specify the match criteria. Select from List Select Select one of the following protocol types: •• appletalk •• arp •• ipv4 •• ipv6 •• ipx •• netbios •• pppoe Match to Value Enter a custom protocol identifier to which packets are matched.
Linksys Section 3: Configuring the Access Point Defining DiffServ Figure 38: QoS DiffServ Class Map To use DiffServ for Client QoS, use the Configuration > Qos and Access Control > Class Map and Configuration > Qos and Access Control > Policy Map pages to define the following categories and their criteria: • Class: create classes and define class criteria • Policy: create policies, associate classes with policies, and define policy statements Once you define the class and associate it with a policy, app
Linksys Section 3: Configuring the Access Point Table 47: DiffServ Class Map Field Protocol Description Class Map Configuration Class Map Name The name can range from 1 to 31 alphanumeric characters. Match Layer 3 Protocol Specify whether to classify IPv4 or IPv6 packets. Match Criteria Configuration Class Map Name Select name of the class to configure. Use the fields in the Match Criteria Configuration area to match packets to a class.
Linksys Section 3: Configuring the Access Point Destination IP Address Select this field to require a packet’s destination IP address to match the address listed here. Enter an IP address in the appropriate field to apply this criterion. Destination IP Mask Enter the destination IP address mask. The mask for DiffServ is a network-style bit mask in IP dotted decimal format indicating which part(s) of the destination IP Address to use for matching against packet content. A DiffServ mask of 255.255.255.
Linksys Destination Port Section 3: Configuring the Access Point Select this field to include a destination port in the match condition for the rule. The destination port is identified in the datagram header. Once you select the field, choose the port name or enter the port number. Select From List Select the keyword associated with the destination port to match: •• ftp •• ftpdata •• http •• smtp •• snmp •• telnet •• tftp •• www Each of these keywords translates into its equivalent port number.
Linksys Section 3: Configuring the Access Point Destination MAC Mask Enter the destination MAC address mask specifying which bits in the destination MAC to compare against an Ethernet frame. An f indicates that the address bit is significant, and a 0 indicates that the address bit is to be ignored. A MAC mask of ff:ff:ff:ff:ff:ff matches a single MAC address.
Linksys Section 3: Configuring the Access Point Figure 39: QoS DiffServ Policy Map Table 48: DiffServ Policy Map Field Description Policy Map Name Enter then name of the policy map to add. The name can contain up to 31 alphanumeric characters. Policy Map Name (Policy Class Definition) Select the policy to associate with a member class. Class Map Name Select the member class to associate with this policy name. Police Simple Select this option to establish the traffic policing style for the class.
Linksys Mark Class of Service Section 3: Configuring the Access Point Select this field to mark all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header. If the packet does not already contain this header, one is inserted. The CoS value is an integer from 0–7. Mark IP DSCP Select this field to mark all packets for the associated traffic stream with the IP DSCP value you select from the list or specify.
Linksys Section 3: Configuring the Access Point Bandwidth Shows the maximum allowed transmission rate from the Limit Up client to the AP in bits per second (bps). The valid range is 0–4294967295 bps. Bandwidth Shows the maximum allowed transmission rate from the Limit AP to the client in bits per second (bps). The valid range is Down 0–4294967295 bps.
Linksys Section 3: Configuring the Access Point Figure 41: SNMP-General UDP Port By default an SNMP agent only listens to requests from port 161. However, you can configure this so the agent listens to requests on another port. Enter the port number on which you want the SNMP agents to listen to requests. The valid range is 1-65535. Note: This is a global SNMP parameter that applies to SNMPv1, SNMPv2c, and SNMPv3. Read Only Community Enter a read-only community name.
Linksys NMS IPv4 Address/Name NMS IPv6 Address/Name Section 3: Configuring the Access Point Specify the IPv4 DNS hostname or subnet of the machines that can execute get and set requests to the managed devices. The valid range is 1-256 characters. As with community names, this provides a level of security on SNMP settings. The SNMP agent will only accept requests from the hostname or subnet specified here.
Linksys Section 3: Configuring the Access Point Views Table 51: SNMP Views A MIB view is a family of view subtrees, which is a pairing of an OID subtree value together with a bit string mask value. Each MIB view is defined by two sets of view subtrees, included in or excluded from the MIB view. You can create MIB views to control the OID range that SNMP users can access. Note that the access point supports a maximum of 16 views.
Linksys Section 3: Configuring the Access Point Groups SNMP groups allow you to combine users into groups of different authorization and access privileges. Each group is associated with one of three security levels: •• .noAuthNoPriv. •• .authNoPriv. •• .authPriv. Read and/or write access to management objects (MIBs) for each group is controlled by associating a MIB view to a group for read and write access, separately.
Linksys Write Views Read Views SNMP Groups Section 3: Configuring the Access Point Select the write access to management objects (MIBs) for the group: •• write-all — The group can create, alter, and delete MIBs. •• write-none — The group is not allowed to create, alter, or delete MIBS. Select the read access to management objects (MIBs) for the group: •• view-all — The group is allowed to view and read all MIBs. •• view-none — The group cannot view or read MIBs.
Linksys Section 3: Configuring the Access Point Table 53: SNMP Targets Field Description IPv4/IPv6 Address Enter the IP address of the remote SNMP target (receiver). Port Enter the UDP port to use for sending SNMP targets. Users Enter the name of the SNMP user to associate with the target. To configure SNMP users, see “Users” on page 125 SNMP Targets This field shows the SNMP targets configured on the access point.
Linksys Authentication Key Section 3: Configuring the Access Point If you specify MD5 as the authentication type, enter a password to enable the SNMP agent to authenticate requests sent by the user. Note: The passphrase must be between 8 and 32 characters in length. If you wish to use a space in the phrase, you must use quotation marks – ex: “Admin 123” – or the phrase will be truncated as Admin.
Linksys Global Configuration The Captive Portal (CP) feature allows you to block wireless clients from accessing the network until user verification has been established. Use the CP Global Configuration page to control the administrative state of the CP feature and configure global settings that affect all captive portal instances configured on the AP. Click the Configuration > Captive Portal > Global Configuration tab to access the page, which the following figure shows.
Linksys Instance Configuration Section 3: Configuring the Access Point Figure 47: CP Instance Configuration You can create up to two Captive Portal instances; each CP instance is a defined set of instance parameters. Instances can be associated with one or more VAPs. Different instances can be configured to respond differently to users as they attempt to access the associated VAP. Click the Configuration > Captive Portal > Instance Configuration tab to access the page.
Linksys Section 3: Configuring the Access Point Table 56: Captive Portal Instance Configuration Field Description Captive Portal Instances Select an existing instance to view or configure its settings, or select Create to configure a new CP instance. The access point supports two instances. If both instances have been configured, you must delete an instance before you can create a new one. Instance Name This field is available only if Create is selected from the Captive Portal Instances field.
Linksys Section 3: Configuring the Access Point Global RADIUS If the Verification Mode is RADIUS, select to specify that the default Global RADIUS server list is used to authenticating clients. If you want the CP feature to use a different set of RADIUS servers, clear this setting and configure the servers in the fields on this page. RADIUS Accounting Enables tracking and measuring the resources a particular user has consumed, such as system time and amount of data transmitted and received.
Linksys Instance Association Use the Instance Association page to associate a CP instance to a VAP. The associated CP instance settings will apply to users who attempt to authenticate on the VAP. Click the Configuration > Captive Portal > Instance Association tab to access the page, which the following figure shows.
Linksys Section 3: Configuring the Access Point Figure 49: Web Portal Customization Table 58: Web Portal Customization Field Description Captive Portal Locale To create a new Web locale, select Create from the available menu. To view or update an existing Web locale, select its name from the menu. Captive Portal Web Local Parameters Web Locale Name This field is displayed only if Create is selected from the Captive Portal Web Locale menu. Enter a Web Locale Name to assign to the page.
Linksys Section 3: Configuring the Access Point Foreground color The HTML code for the foreground color in 6-digit hexadecimal format. The range is from 1 to 32 characters. The default is #999999. Background color The HTML code for the background color in 6-digit hexadecimal format. The range is from 1 to 32 characters. The default is #BFBFBF. Separator The HTML code for the color of the thick horizontal line that separates the page header from the page body, in 6-digit hexadecimal format.
Linksys Section 3: Configuring the Access Point Welcome Content The text that displays when the client has connected to the network. The range is from 0 to 256 characters. The default is: You are now authorized and connected to the network. Delete Locale To delete the current locale, select this option and click Save. Web Customization Preview Upload Custom Images When users initiate access to a VAP that is associated to a captive portal instance, an authentication page displays.
Linksys Section 3: Configuring the Access Point Table 60: Captive Portal Upload Custom Images Field Description Upload Web Customization Image To select an image to upload to the AP for use in the CP authentication page, click Browse and browse to the image to upload. After you select the appropriate image, click Upload. Delete Web Customization Image To remove an image that has been uploaded, select the name of the image from the available menu and click Delete.
Linksys Section 3: Configuring the Access Point Local Users You can configure a captive portal instance to accommodate both guest users and authorized users. Guest users do not have assigned user names and passwords. Authorized users provide a valid user name and password that must first be validated against a local database or RADIUS server. Authorized users are typically assigned to a CP instance that is associated with a different VAP than guest users.
Linksys Group Name Section 3: Configuring the Access Point Select the group to which the user belongs. Each CP instance is configured to support a particular group of users. Maximum Bandwidth The maximum upload speed, in megabits per Upstream second, that a client can transmit traffic when using the captive portal. This setting limits the client’s bandwidth used to send data into the network. The range is from 0 to 300 Mbps. The default is 0.
Linksys Section 3: Configuring the Access Point VAP ID The VAP that the user is associated with. Radio ID The ID of the radio. Because the WAP321 has a single radio, this field always displays Radio1. Captive Portal ID The ID of the Captive Portal instance to which the user is associated. Session Timeout The time remaining, in seconds, for the CP session to be valid. After the time reaches zero, the client is deauthenticated.
Linksys Section 3: Configuring the Access Point Cluster Clustering Single and Dual Radio APs The access point supports AP clusters. A cluster provides a single point of administration and lets you view, deploy, configure, and secure the wireless network as a single entity rather than a series of separate wireless devices. •• Access Points •• Sessions •• Channel Management •• Wireless Neighborhood Clusters can contain a mixture of APs with two radios and APs with a single radio.
Linksys Section 3: Configuring the Access Point Table 66: Access Points in the Cluster Field Description Status If the status field is visible, then the AP is enabled for clustering. If clustering is not enabled, then the AP is operating in stand-alone mode and none of the information in this table is visible. To disable clustering on the AP, click Stop Clustering. Location Description of where the access point is physically located.
Linksys There may be situations, however, when you want to view or manage information on a particular access point. For example, you might want to check status information such as client associations or events for an access point. In this case, you can navigate to the Administration Web interface for individual access points by clicking the IP address links on the Access Points tab. All clustered access points are shown on the Cluster > Access Points page.
Linksys Rate Section 3: Configuring the Access Point The speed at which this access point is transferring data to the specified client. The data transmission rate is measured in megabits per second (Mbps). This value should fall within the range of the advertised rate set for the mode in use on the access point. For example, 6 to 54 Mbps for 802.11a. Signal Indicates the strength of the radio frequency (RF) signal the client receives from the access point.
Linksys Figure 58: Cluster Channel Management Section 3: Configuring the Access Point Stopping/Starting Automatic Channel Assignment By default, automatic channel assignment is disabled (off ). note: Channel Management overrides the default cluster behavior, which is to synchronize radio channels of all APs across a cluster. When Channel Management is enabled, the radio channel is not synced across the cluster to other APs.
Linksys Section 3: Configuring the Access Point Viewing Current Channel Assignments and Setting Locks Viewing the Last Proposed Set of Changes The Current Channel Assignments section shows a list of all access points in the cluster by IP address. The display shows the band on which each AP is broadcasting (a/b/g/n), the current channel used by each AP, and an option to lock an AP on its current radio channel so that it cannot be re-assigned to another.
Linksys Section 3: Configuring the Access Point Table 71: Channel Management Advanced Settings Field Description Change channels if interference is reduced by at least Specify the minimum percentage of interference reduction a proposed plan must achieve in order to be applied. The default is 75 percent. Use the drop-down menu to choose percentages ranging from 5 percent to 75 percent.
Linksys Section 3: Configuring the Access Point Figure 59: Wireless Neighborhood Table 72: Wireless Neighborhood Information Field Description Display neighboring APs Click one of the following radio buttons to change the view: •• In cluster — Shows only neighbor APs that are members of the cluster •• Not in cluster — Shows only neighbor APs that are not cluster members •• Both — Shows all neighbor APs (cluster members and non-members) Cluster The Cluster list at the top of the table shows IP address
Linksys Section 3: Configuring the Access Point Viewing Details for a Cluster Member To view details on a cluster member AP, click on the IP address of a cluster member at the top of the page. The following figure shows the Neighbor Details for Radio 1 of the AP with an IP address of 192.168.20.97. Figure 60: Details for a Cluster Member AP Signal Indicates the strength of the radio signal emitting from this access point as measured in decibels (Db).
Linksys Section 4: Maintenance of the Access Point Section 4: Maintenance of the Access Point Figure 61: Firmware Maintenance This section describes how to maintain the access point and see system detailed information.
Linksys Use the buttons to perform the following tasks: •• Switch: Use the secondary image as the primary image. The change takes effect the next time the AP boots. For more information, see Switching Firmware Image. •• Upgrade: Upload the specified firmware image to the AP. For more information about the firmware upgrade procedures, see Firmware Upgrade. Click Maintenance > Firmware to display the Manage Firmware page.
Linksys 5. Click OK to confirm the upgrade and start the process. note: The firmware upgrade process begins once you click Upgrade and then OK in the popup confirmation window. The upgrade process may take several minutes during which time the access point will be unavailable. Do not power down the access point while the upgrade is in process. When the upgrade is complete, the access point restarts. The AP resumes normal operation with the same configuration settings it had before the upgrade. 6.
Linksys Section 4: Maintenance of the Access Point Figure 62: Configuration Backup/Restore note: File name should not contain spaces, < , > , | , \ , / , : , (, ), & , ; , # , ?, *, $, %, ‘, “, and successive ‘.’ . 3. Enter the IP address of the TFTP server. 4. Click Backup to save the file. Use the following steps to save a copy of the current settings on an AP to a backup configuration file by using HTTP: 1. Select HTTP for Download Method. 2. Click the Backup button.
Linksys Restoring Configuration You can use HTTP or TFTP to transfer files to and from the access point. After you download a configuration file to the management station, you can manually edit the file, which is in XML format. Then, you can upload the edited configuration file to apply those configuration settings to the AP. Section 4: Maintenance of the Access Point 2. User the Browse button to select the file to restore. 3. Click the Restore button.
Linksys Packet Capture 1. Wireless packet capture operates in two modes: •• Capture file mode •• Remote capture mode Section 4: Maintenance of the Access Point Figure 63: Packet Capture Configuration For capture file mode, captured packets are stored in a file on the access point. The AP can transfer the file to a TFTP server. The file is formatted in pcap format and can be examined using tools such as Wireshark and OmniPeek.
Linksys Section 4: Maintenance of the Access Point Packet Capture Status Client Filter Enable Packet Capture Status allows you to view the status of packet capture on the AP. Table 75 describes the fields to configure the packet capture status. Table 75: Packet Capture Status Field Description Current Capture Status Shows whether packet capture is running or stopped. Packet Capture Time Shows elapsed capture time. Packet Capture File Size Shows the current capture file size.
Linksys Section 4: Maintenance of the Access Point Table 77: Packet File Capture Field Description Capture Interface Select an AP Capture Interface name from the drop-down menu. AP capture interface names are eligible for packet capture are the following: •• brtrunk - Linux bridge interface in the AP •• eth0 - 802.3 traffic on the Ethernet port. •• wlan0 - VAP0 traffic on radio 1. •• wlan0wds0 ~ wlan0wds3 — Traffic on the specified WDS interface.
Linksys In remote capture mode, traffic is sent to the PC running Wireshark via one of the network interfaces. Depending on where the Wireshark tool is located the traffic can be sent on an Ethernet interface or one of the radios. In order to avoid a traffic flood caused by tracing the trace packets, the AP automatically installs a capture filter to filter out all packets destined to the Wireshark application.
Visit linksys.com/support for award-winning technical support © 2014 Belkin International, Inc. and/or its affiliates. All rights reserved. BELKIN, LINKSYS and many product names and logos are trademarks of the Belkin group of companies. Third-party trademarks mentioned are the property of their respective owners. LNKPG-00129 Rev.