User Guide LAPN300 Wireless-N300 Access Point with POE Model LAPN300 1
Contents Chapter 1 - LAPN300........................................................................................................................................................... 5 Mounting Guide................................................................................................................................................................... 6 Wall Installation ................................................................................................................................
Workgroup Bridge ........................................................................................................................................................... 50 Advanced Settings ......................................................................................................................................................... 52 Captive Portal...................................................................................................................................................
Appendix A – Troubleshooting ........................................................................................................................................ 92 Overview ............................................................................................................................................................................ 92 General Problems .............................................................................................................................................
Chapter 1 - LAPN300 Package Contents • Linksys Wireless Access Point • Quick Start Guide • Ethernet Cable • AC Power Adapter • CD with Documentation • Mounting Bracket • Mounting Kit • Ceiling Mount Back Plate • Drilling Layout Template Physical Details • LED—There is one LED for the device. LED Color Green Blue Red Activity Status Blinking System is booting. Solid System is normal; no wireless device connected. Blinking Software upgrade in process.
o NOTE: When both PoE and AC power adapter are connected to access point, device will get power from PoE as higher precedence. o • Using Cat5e or better cable is highly recommended. Reset Button—Press and hold this button for less than 15 seconds to power cycle device. Press and hold for longer than 15 seconds to reset the device to factory default settings. Mounting Guide To avoid overheating, do not install your access point if ambient temperatures exceed 104°F (40°C).
5. Connect the Ethernet cable and/or AC power adapter to your device 6. Slide the device into the bracket. Turn access point clockwise until it locks. 7. Replace tile in ceiling. IMPORTANT—Improper or insecure mounting could result in damage to the device or personal injury. Linksys is not responsible for damages caused by improper mounting.
Chapter 2 --- Access Point Setup Overview This chapter describes the setup procedure to connect the wireless access point to your LAN, and configure it as an access point for your wireless stations. Wireless stations may also require configuration. For details, see Appendix C - Wireless Station Configuration. The wireless access point can be configured using a web browser. Set up using a web browser Your browser must support JavaScript.
3. Type in default username: admin, and password: admin. 4. Click Login to launch the browser-based setup and follow the on-screen instructions. Figure 1: Password Dialog If you can't connect—It is likely that your PC’s IP address is incompatible with the wireless access point’s IP address. This can happen if your LAN does not have a DHCP Server. If there is no DHCP server in your network, the access point will fall back to its default IP address: 192.168.1.252, with a network mask of 255.255.255.0.
Setup wizard The first time you connect to the wireless access point, run the Setup Wizard to configure the device. 1. Click the Quick Start tab on the main menu. Figure 2: Setup Wizard 2. On the first screen, click Launch. 3. Set the password on the Device Password screen, if desired.
4. Configure the time zone, date and time for the device on System Settings screen. Figure 3: Setup Wizard - System Settings 5. On the IPv4 Address screen (Figure 4) configure the IP address of the device then click Next.
6. Set the SSID information on the Wireless Network screen. Click Next. If you want to configure more than 4 SSIDs, go to Configuration > Wireless >Basic Settings. The access point supports up to 8 SSIDs. Figure 5: Setup Wizard - Wireless Network 7. On the Wireless Security screen (Figure 6) configure the wireless security settings for the device. Click Next. If you are looking for security options that are not available in the wizard, go to Configuration > Wireless > Security page.
Figure 6: Setup Wizard - Wireless Security 8. On the Summary screen, check the data to make sure they are correct and then click Submit to save the changes. Figure 7: Setup Wizard - Summary 9. Click Finish to leave the wizard.
Administration User accounts Manage user accounts. The access point supports up to 5 users: one administrator and four normal users.
User Accounts Screen User Account Table User Name Enter the User Name to connect to the access point’s admin interface. User Name is effective once you save settings. User Name can include up to 63 characters. Special characters are allowed. User Level Only administrator account has Read/Write permission to the access point’s admin interface. All other accounts have Read Only permission. New Password Enter the Password to connect to the access point’s admin interface.
Time Screen Time Current Time Display current date and time of the system. Manually Set date and time manually. Automatically When enabled (default setting) the access point will get the current time from a public time server. Time Zone Choose the time zone for your location from the drop-down list. If your location observes daylight saving time, enable “Automatically adjust clock for daylight saving changes.” Start Time Specify the start time of daylight saving.
Log settings Record various types of activity on the access point. This data is useful for troubleshooting, but enabling all logs will generate a large amount of data and adversely affect performance.
Log Settings Screen Log Types Log Types Select events to log. Checking all options increases the size of the log, so enable only events you believe are required. Email Alert Email Alert Enable email alert function. SMTP Server Enter the email server that is used to send logs. It can be an IPv4 address or a domain name. Valid characters include alphanumeric characters, "_", "" and ".". Maximum length is 64 characters. Data Encryption Enable if you want to use data encryption.
Management access Configure the management methods of the access point. Figure 12: Management Access Screen Management Access Screen Web Access HTTP HTTP (Hyper Text Transfer Protocol) is the standard for transferring files (text, graphic images and other multimedia files) on the World Wide Web. Enable to allow Web access by HTTP protocol. HTTP Port Specify the port for HTTP. It can be 80 (default) or from 1024 to 65535.
HTTPS HTTPS (Hypertext Transfer Protocol Secure) can provide more secure communication with the SSL/TLS protocol, which support data encryption to HTTP clients and servers. Enable to allow Web access by HTTPS protocol. HTTPS Port Specify the port for HTTPS. It can be 443 (default) or from 1024 to 65535. From Wireless Enable wireless devices to connect to access point’s admin page. Disabled by default. Access Control By default, no IP addresses are prohibited from accessing the device’s admin page.
Set Community Enter the name of Set Community. Set Community is used to write data into the access point. The Set Community includes 1 to 32 characters. Special characters are allowed. SNMPv3 Settings SNMPv3 Settings Configure the SNMPv3 settings if you want to use SNMPv3. Username: Enter the username. It includes 0 to 32 characters. Special characters are allowed. Authentication Protocol: None or HMAC-MD5. Authentication Key: 8 to 32 characters. Special characters are allowed.
SSL certificate Manage SSL certificate used by HTTPS. Figure 13: SSL Certificate Screen SSL Certificate Screen Export/Restore to/from Local PC Export SSL Certificate Click to export the SSL certificate. Install Certificate Browse to choose the certificate file. Click Install Certificate button. Export to TFTP Server Destination File Enter the name of the destination file. TFTP Server Enter the IPv4 address for the TFTP server. Export Click to export the SSL certificate to the TFTP server.
LED Enable or disable the LED on the top cover of LAPN300. LED LED Display If disabled, the LED will be off even when the access point is working. By default, LED is enabled (on).
LAN Network setup Configure basic device settings, VLAN settings and settings for the LAN interface, including static or dynamic IPv4/IPv6 address assignment. Figure 14: Network Setup Screen Network Setup Screen TCP/IP Host Name Assign a host name to this access point. Host name consists of 1 to 15 characters. Valid characters include AZ, a-z, 0-9 and -. Hyphen character cannot be first and last character of hostname and hostname cannot be composed of all digits. VLAN Enables or disables VLAN function.
Untagged VLAN Enables or disables VLAN tagging. If enabled (default), traffic is untagged when VLAN ID is equal to Untagged VLAN ID and untagged traffic can be accepted by LAN port. If disabled, traffic from the LAN port is always tagged and only tagged traffic can be accepted from LAN port. By default all traffic on the access point uses VLAN 1, the default untagged VLAN. Untagged VLAN ID Specifies a number between 1 and 4094 for the untagged VLAN ID. The default is 1.
Advanced Configure advanced network settings of the access point. Figure 15: Advanced Screen Advanced Screen Port Settings Auto Negotiation If enabled, Port Speed and Duplex Mode will become grey and cannot be configured. If disabled, Port Speed and Duplex Mode can be configured. Operational Auto Negotiation Current Auto Negotiation mode of the Ethernet port. Port Speed Select the speed of the Ethernet port. Available only when Auto Negotiation is disabled.
802.1x Supplicant 802.1x Supplicant Enable if your network requires this access point to use 802.1X authentication in order to operate. Authentication This feature supports following two kinds of authentication: • Authentication via MAC Address Select this if you want to use MAC address for authentication. The access point uses lowercase MAC address for Name and Password, like xxxxxxxxxxxx. • Authentication via Name and Password Select this if you want to use name and password for authentication.
IGMP/MLD Snooping IGMP Snooping IGMP (Internet Group Management Protocol) is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. IGMP is an integral part of IP multicast. IGMP snooping streamlines multicast traffic handling by examining (snooping) IGMP membership report messages from interested hosts, multicast traffic is limited to the subset of ports on which the hosts reside.
Wireless Basic Settings Basic Settings provides the essential configuration for your wireless radio and SSID. You should be able to set up your wireless network with these essential parameters configured. Advanced wireless settings, such as Band Steering, Channel Bandwidth, etc., will be on Configuration > Wireless > Advanced Settings screen. Click Basic Settings on the Wireless menu.
Wireless Channel Select wireless channel of the radio. If Auto is selected, the access point will select the best available channel when device boots up. If you experience lost connections and/or slow data transfers experiment with manually setting different channels to see which is the best. SSID Settings SSID Name Enter the desired SSID Name. Each SSID must have a unique name. The name includes 1 to 32 characters Broadcast Enable or disable the broadcast of the SSID.
Security Configure security settings of SSIDs to provide data protection over the wireless network. Figure 17: Security Settings SSID Settings Screen Security Select SSID Select the desired SSID from the drop-down list. Security Mode Select the desired security method from the list. Security Mode • Disabled - No security. Anyone using the correct SSID can connect to your network. • WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.
• WPA2-Enterprise - Requires a RADIUS Server on your LAN to provide the client authentication according to the 802.1x standard. Data transmissions are encrypted using the WPA2 standard. If this option is selected: o This access point must have a client login on the RADIUS Server. o Each user must authenticate on the RADIUS Server. This is usually done using digital certificates. o Each user's wireless client must support 802.1x and provide the RADIUS authentication data when required.
WEP Screen WEP Authentication Type Select Open System or Shared Key. All wireless stations must use the same method. Default Transmit Key Select a transmit key. WEP Encryption Select an encryption option, and ensure your wireless stations have the same setting: • 64-Bit Encryption - Keys are 10 Hex characters. • Passphrase 128-Bit Encryption - Keys are 26 Hex characters. Generate a key or keys instead of entering them directly.
WPA2-Personal Screen WPA2-Personal WPA Algorithm The encryption method is AES. Wireless stations must also use AES. Pre-shared Key Enter the key value. It is 8 to 63 ASCII characters or 64 HEX characters. Other wireless stations must use the same key. Key Renewal Specify the value of Group Key Renewal. It’s a value from 600 to 36000 and default is 3600 seconds. WPA automatically changes secret keys after a certain period of time.
WPA/WPA2-Personal Screen WPA/WPA2-Personal WPA Algorithm The encryption method is TKIP or AES. Pre-shared Key Enter the key value. It is 8 to 63 ASCII characters or 64 HEX characters. Other wireless stations must use the same key. Key Renewal Specify the value of Group Key Renewal. It’s a value from 600 to 36000, and default is 3600 seconds. WPA automatically changes secret keys after a certain period of time.
WPA2-Enterprise Screen WPA2-Enterprise Primary Server Enter the IP address of the RADIUS Server on your network. Primary Server Port Enter the port number used for connections to the RADIUS Server. It is a value from 1 to 65534, and default is 1812. Primary Shared Secret Enter the key value to match the RADIUS Server. It consists of 1 to 64 Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available.
WPA/WPA2-Enterprise Screen WPA/WPA2-Enterprise Primary Server Enter the IP address of the RADIUS Server on your network. Primary Server Port Enter the port number used for connections to the RADIUS Server. It is a value from 1 to 65534, and default is 1812. Primary Shared Enter the key value to match the RADIUS Server. It Secret consists of 1 to 64 characters. Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available.
RADIUS Use RADIUS server for authentication and dynamic WEP key generation for data encryption. Figure 23: RADIUS Settings RADIUS Screen Authentication Server Primary Server Enter the IP address of the RADIUS Server on your network. Primary Server Port Enter the port number used for connections to the RADIUS Server. It is a value from 1 to 65534, and default is 1812. Primary Shared Secret Enter the key value to match the RADIUS Server. It consists of 1 to 64 characters.
Rogue AP Detection Detect an unexpected or unauthorized access point installed in a secure network environment. Figure 24: Rogue AP Screen Rogue AP Screen Rogue AP Enable or disable Rogue AP Detection. Detected Rogue AP List Action Click Trust to move the AP to the Trusted AP List. MAC Address The MAC address of the Rogue AP. SSID The SSID of the Rogue AP. Channel The channel of the Rogue AP. Security The security method of the Rogue AP. Signal The signal level of the Rogue AP.
Trusted AP List Action Click Untrust to move the AP to the Rogue AP List. MAC Address The MAC address of the Trusted AP. SSID The SSID of the Trusted AP. Channel The channel of the Trusted AP. Security The security method of the Trusted AP. Signal The signal level of the Trusted AP. New MAC Address Add one trusted AP by MAC address. Scheduler Configure a rule with a specific time interval for SSIDs to be operational. Automate enabling or disabling SSIDs based on the profile definition.
Scheduler Screen Wireless Scheduler Enable or disable wireless scheduler on the radio. It is disabled by default. If disabled, even if some SSIDs are associated with profiles, they will be always active. Scheduler Operational Status Status The operational status of the scheduler. Reason The detailed reason for the scheduler operational status. It includes the following situations. • System time is outdated. Scheduler is inactive because system time is outdated. • Administrative Mode is disabled.
Scheduler Association Associate defined scheduler profiles with SSIDs. Figure 26: Scheduler Association Screen Scheduler Association Screen Scheduler Association SSID The index of SSID. SSID Name The name of the SSID. Profile Name Choose the profile that is associated with the SSID. If the profile associated with the SSID is deleted, then the association will be removed. If "None" is selected, it means no scheduler profile is associated. Interface Status The Status of the SSID.
Connection Control Exclude or allow only listed client stations to authenticate with the access point. Figure 27: Connection Control Screen Connection Control Screen SSID Select the desired SSID from the list. Connection Control Type Select the option from the drop-down list as desired. Local: Choose either Allow only following MAC addresses to connect to wireless network or Prevent following MAC addresses from connection to wireless network.
Rate Limit Limit downstream and upstream rate of SSIDs. Figure 28: Rate Limit Screen Rate Limit Screen Rate Limit SSID The index of SSID. SSID Name The name of the SSID. Upstream Rate Enter a maximum upstream for the SSID. The range is from 0 to 200 Mbps; 0 means no limitation. Upstream is for traffic from wireless client to access point. Downstream Rate Enter a maximum downstream for the SSID. The range is from 0 to 200 Mbps; 0 means no limitation.
Quality of Service (QoS) Specify priorities for different traffic coming from your wireless client. Lower priority traffic will be slowed down to allow greater throughput or less delay for high priority traffic. Figure 29: QoS Screen QoS Screen QoS Settings SSID The index of SSID. SSID Name The name of the SSID. VLAN ID The VLAN ID of the SSID. Priority Select the priority level from the list. VLAN must be enabled in order to set priority. The 802.
WMM Enable or disable WMM. WMM (Wi-Fi Multimedia) is a component of the IEEE 802.11e wireless LAN standard for QoS. WMM provides prioritization of wireless data packets from different applications based on four access categories: voice, video, best effort, and background. For an application to receive the benefits of WMM QoS, both it and the client running that application have to have WMM enabled.
WDS screen Spanning Tree (Recommended if you configure WDS connections) Spanning Tree When enabled, STP helps prevent switching loops. WDS Root Interface Status Enable or Disable the WDS Root. Be sure the following settings on WDS Root device are determined and configured. The WDS Station must use the same settings as Root afterwards. • IEEE 802.11 Mode • Channel Bandwidth • Channel (Auto is not recommended) Note—To change IEEE 802.11 Mode and Channel settings, go to Wireless Basic Settings.
Allowed VLAN List Enter the list of VLANs accepted by the WDS Root. When VLAN is enabled, WDS Root receives from WDS Stations only packets in the VLAN list. Packets not in the list will be dropped. The VLAN list is only applicable when VLAN is enabled. The VLAN list includes 1 to 16 VLAN IDs separated by "," such as "100,200,300,400,500,600,700,800". Security Settings Setting can be Disabled, WPA-Personal, WPA2-Personal, WPA2-Enterprise or WPA/WPA2-Enterprise.
Remote MAC Address MAC address of the access point on the other end of the WDS link. Optional WDS Station connects to remote WDS Root by matching SSIDs, When there is more than one remote WDS Root with the same SSID, the WDS Station can differentiate them by MAC address. The format is xx:xx:xx:xx:xx:xx. VLAN List Enter the list of VLANs that are accepted by the WDS Station. When VLAN is enabled, the WDS Station forwards to the remote WDS Root only packets in the VLAN list.
Workgroup Bridge Extend the accessibility of a remote network. In Workgroup Bridge mode, the access point acts as a wireless station on the wireless LAN. It can bridge traffic between a remote wired network and a wireless LAN. When Workgroup Bridge is enabled, SSID configuration still works to provide wireless services to clients. All access points participating in Workgroup Bridge must have the identical settings for Radio interface, IEEE 802.11 mode, Channel Bandwidth, Channel (Auto is not recommended).
Workgroup Bridge Screen Status Status Enable or disable Workgroup Bridge function. Workgroup Bridge can only be enabled when VLAN function is disabled. Before configuring Workgroup Bridge, make sure all devices in Workgroup Bridge have the following identical settings. • IEEE 802.11 Mode • Channel Bandwidth • Channel (Auto is not recommended) Note: It is highly recommended that static channel is configured on both APs.
Security Mode Connection Status Select the desired mode from the list. • Disabled • WPA-Personal • WPA2-Personal • • WPA-Enterprise WPA2-Enterprise Connected or Not Connected. Advanced Settings Configure advanced parameters.
Advanced Settings Screen Band Steering Band Steering Enable or disable Band Steering function. Band Steering is a technology that detects whether the wireless client is dual-band capable. If it is, band steering pushes the client to connect to the lesscongested 5 GHz network. It does this by actively blocking the client’s attempts to connect with the 2.4GHz network. Isolation Isolation between SSIDs Define whether to isolate traffic between SSIDs.
DTIM Interval Enter the Delivery Traffic Information Map (DTIM) period, an integer from 1 to 255 beacons. The default is 1 beacon. The DTIM message is an element included in some beacon frames. It indicates which client stations, currently sleeping in low-power mode, have data buffered on the access point awaiting pickup. The DTIM period that you specify indicates how often the clients served by this WAP device should check for buffered data still on the access point awaiting pickup.
Fragmentation Threshold Enter the fragmentation threshold, an integer from 256 to 2346. The default is 2346. The fragmentation threshold is a way of limiting the size of packets (frames) transmitted over the network. If a packet exceeds the fragmentation threshold you set, the fragmentation function is activated and the packet is sent as multiple 802.11 frames. If the packet being transmitted is equal to or less than the threshold, fragmentation is not used.
Captive Portal There are seven configuration screens: • Global Configuration • Portal Profiles • Local User • Local Group • Web Customization • Profile Association • Client Information Global Configuration Change settings and modify captive portal authentication access port number if needed.
Global Configuration Screen Captive Portal Captive Portal is disabled by default. Authentication Timeout The number of seconds the access point keeps an authentication session open with a wireless client. If the client fails to enter authentication credentials within the timeout period, the client may need to refresh the web authentication page. The range is from 60 to 600 seconds. Default is 300. Additional HTTP Port HTTP portal authentication uses the HTTP management port by default.
Portal Profiles Define detailed settings for Captive Portal profile. Create up to two profiles. Figure 34: Portal Profiles Portal Profiles Screen Portal Profiles Captive Portal Profile Select a profile to configure. Protocol Select the protocol used to access the Portal Authentication web server. It can be HTTP or HTTPS.
Authentication Select an authentication method for clients. Local - The access point uses a local database to authenticate wireless clients. Radius - The access point uses a database on a remote RADIUS server to authenticate wireless clients. The RADIUS server must support EAP-MD5. Password Only - Wireless clients only need a password. Username is unnecessary. No Password - Wireless clients accept defined terms to access the wireless network. Password and username both are unnecessary.
Primary Shared Secret Enter the key value to match the RADIUS Server. Backup Server The Backup Authentication Server will be used when the Primary Authentication Server is not available. Backup Server Port Enter the port number used for connections to the Backup RADIUS Server. Backup Shared Secret Enter the key value to match the Backup RADIUS Server. Password Only Authentication Password The password for the profile. Wireless clients only need one password to access the wireless network.
Local User Screen User Name Enter the name of the user account. The user name includes 1 to 32 characters. Special characters except ':' and ';' are allowed. Password Enter the New Password of the user account. The password must be between 4 and 32 characters in length. Special characters except ':' and ';' are allowed. Confirm New Password Re-enter the new password to confirm it. Local Group Configure group settings.
Local Group Screen Group Name Enter the name of the new group. The group name includes 1 to 32 characters. Special characters except ':' and ';' are allowed. Click Add. Group Selection Select one group to delete or configure its user members. Members User members of the selected group. You can select one user and click ">>" button to remove it. Other Users Other users which don't belong to the selected group. You can select one user and click "<<" button to add it into the group.
Web Customization Screen Profile Select a profile to configure. New Logo Upload Logos display in the web page. Select an image file from your local PC and click Upload to add to the images available to select in the next step. Formats .gif, .png and .jpg are supported. File size cannot exceed 5KB. One profile can support one default and one new logo image. If a second new logo is uploaded, it will replace the first new logo. Logo Selection Select a logo image from the list.
Terms of Use Label Customize the text to go with the checkbox. Enter up to 128 characters. The default is "Check here to indicate that you have read and accepted the following Terms of Use." Terms of Use Customize the text to go with Terms of Use. Enter up to 512 characters. The default is "Terms of Use". Success Text Customize the text that shows when the client has been authenticated. The default is "You have logged on successfully! Please keep this window open when using the wireless network.
Profile Association Screen SSID A list of available SSIDs. SSID Name The name of the SSID. Profile Name Choose the profile that is associated with the SSID. If the profile associated with the SSID is deleted, then the association will be removed. If None is selected, it means no profile is associated. Client Information View the status of wireless clients that are authenticated by Captive Portal.
Client Information Screen MAC Address MAC address of the client. IP Address IP address of the client. User Name User name used by the client to log in. SSID Name Name of the SSID to which the client is connected. Online Time How long the client has been online. Measured in seconds. Away Timeout The time remaining before de-authentication of a client that disconnects from the SSID. The timer starts when the client disconnect from the SSID. If the time reaches 0, the client is de-authenticated.
Cluster The cluster function provides a centralized method to administer and control wireless services across multiple devices. When access points are clustered, you can view, deploy, configure, and secure the wireless network as a single entity. Note—Firmware version 1.1.0 or above support cluster feature. If your device has legacy firmware installed, download the latest one from www.linksys.com/support. When you select the firmware file, if the firmware installed in your device is version 1.0.14.
Settings & Status Manage the AP cluster function. Choose a member type. Type Disabled------Disable the cluster function. Master------Enable the cluster function and assign the access point to be the master. Note— If system detects there is one Master already existed in the same cluster, the new access point that likes to become master will be assigned to slave automatically. Slave------Enable the cluster function and assign the access point to be the slave.
Master 69
Status Disabled------Cluster function is disabled. Active------Cluster function is enabled and master is active. Active (Backup Master)------Cluster function is enabled and backup master is active. Inactive (Cannot reach the master)------Cluster function is enabled but it's inactive because device cannot reach the master. Member Number Number of the members active in the cluster. If an access point joins the cluster but is powered off or cannot reach the master, it is not counted.
Client Sessions See the status of wireless clients within the cluster. The session is the period of time in which a user on a client device (station) with a unique MAC address maintains a connection with the wireless network. The session begins when the WLAN client logs on to the network, and the session ends when the WLAN client either logs off intentionally or loses the connection for some other reason.
IP Address IP address of the access point to which the client connects. Location Location of the access point to which the client connects. SSID SSID name of the access point to which the client connects. User MAC MAC address of the client. Online Time Displays how long this client has been online since it is authenticated. Unit is second. Link Rate Indicates the link rate of the client. Unit is Mbps. Signal The signal strength of the client is displayed. Unit is dBm.
Channel Management Manage the channel assignments for access points within a cluster. When channel management is enabled, the access point automatically assigns radio channels within a cluster. Auto channel assignment reduces mutual interference (or interference with other access points outside of its cluster) and maximizes Wi-Fi bandwidth to help maintain efficient communication over the wireless network.
Auto Channel Auto Channel Access point scans available Wi-Fi channels and changes the channel if better network performance is possible. Disabled by default. Scan Day Choose the day of the week when Auto Channel scans Wi-Fi channels. You may choose specific days or have the access point scan and select the best channel daily. Scan Time Choose the time of day when Auto Channel performs scan.
System Status System Summary Provides the system status of the access point. Figure 40: System Summary Screen System Summary Screen System Summary Device SKU The SKU is often used to identify device model number and region. Firmware Version The version of the firmware currently installed. Firmware Checksum The checksum of the firmware running in the access point. Local MAC Address The MAC (physical) address of the wireless access point. Serial Number The serial number of the device.
LAN Status LAN Status displays settings, and status of LAN interface. Figure 41: LAN Status Screen LAN Status Screen VLAN VLAN Enabled or disabled (default). Untagged VLAN Enabled (default) or disabled. If enabled (default), traffic is untagged when VLAN ID is equal to Untagged VLAN ID and untagged traffic can be accepted by LAN port. If disabled, traffic from the LAN port is always tagged and only tagged traffic can be accepted from LAN port.
IPv4/v6 IP Address The IP address of the wireless access point. Subnet Mask The Network Mask (Subnet Mask) for the IP address above. Default Gateway Enter the gateway for the LAN segment to which the wireless access point is attached (the same value as the PCs on that LAN segment). Primary DNS The primary DNS address provided by the DHCP server or configured manually. Secondary DNS The secondary DNS address provided by the DHCP server or configured manually.
SSID Status Interface SSID index. SSID Name Name of the SSID. Status Status of the SSID, enabled or disabled. MAC Address MAC address of the SSID. VLAN ID VLAN ID of the SSID. Priority The 802.1p priority of the SSID. Scheduler Current scheduler status of the SSID. State • N/A No scheduler is enabled on the SSID, or the SSID is disabled by administrator. • Active The SSID is enabled. • Inactive The SSID is disabled. WDS Root Status Status of the WDS Root: Enabled or Disabled.
Remote SSID SSID of the destination access point which is on the other end of the WDS link to which data is sent or handed-off and from which data is received. Remote MAC MAC Address of the destination access point which is on the other end of the WDS link to which data is sent or handed-off and from which data is received. Connection Status Status of the WDS Station. It can be Disabled, Connected or Not Connected. Workgroup Bridge Status Status of the Workgroup Bridge: enabled or disabled.
Wireless Clients Screen Select Your Wireless Interface Wireless Interface Select the desired interface from the list. The interfaces include eight SSIDs. Connected Clients SSID Name Name of the SSID to which the client connects. Client MAC The MAC address of the client. SSID MAC MAC of the SSID to which the client connects. Link Rate The link rate of the client. Measured in Mbps. RSSI The signal strength of the client. Measured in dBm. Online Time How long this client has been online.
Statistics Screen Transmit/Recei ve Total Packets - The total packets sent (in Transmit table) or received (in Received table) by the interface. Total Bytes - The total bytes sent (in Transmit table) or received (in Received table) by the interface. Total Dropped Packets - The total number of dropped packets sent (in Transmit table) or received (in Received table) by the interface.
Log View Screen Log Messages Log Messages Show the log messages. Buttons Refresh Update the data on screen. Save Save the log to a file on your PC. Clear Delete the existing logs from your device.
Maintenance This chapter covers features available on the wireless access point’s Maintenance menu.
Firmware Upgrade The firmware (software) in the wireless access point can be upgraded by using HTTP/HTTPS, or TFTP. Check the Linksys support website (http://www.linksys.com/support) and download the latest firmware release to your storage such as PC. Then, perform firmware upgrade by following the steps below. During firmware upgrade, do not power off device or disconnect the Ethernet cable. The access point will reboot automatically after firmware upgrade is completed.
Configuration Backup/Restore Configuration backup/restore allows you to download the configuration file from the access point to external storage. You can save to your PC or networked storage, or upload a previously saved configuration file from external storage to your access point. It is highly recommended you save one extra copy of the configuration file to external storage after you are done with access point setup.
Configuration Backup/Restore Screen Backup/Restore to/from Local PC Backup Configuration Once you have the access point working properly, you should back up the settings to a file on your computer. You can later restore the access point's settings from this file, if necessary. To create a backup file of the current settings, click Backup. If you don't have your browser set up to save downloaded files automatically, locate where you want to save the file, rename it if you like, and click Save.
Factory Default It’s highly recommended you save your current configuration file before you restore to factory default settings. To save your current configuration file, click Maintenance > Configuration Backup/Restore. Select Yes and click Save. Figure 48: Factory Default Screen Factory Default Screen Factory Default To restore your access point to its factory defaults, select an option and click Save.
Reboot Reboot power cycles the device. The current configuration file will remain after reboot. Figure 49: Reboot Screen Reboot Screen Device Reboot Select Yes and click Save to power cycle the access point.
Ping Test Determine the accessibility of a host on the network. Figure 50: Ping Test Screen Ping Test Screen General IP Type Enter the IP type of destination address. IP or URL Address Enter the IP address or domain name that you want to ping. Packet Size Enter the size of the packet. Times to Ping Select the desired number from the drop-list.
Packet Capture Capture and store received and transmitted 802.3 packets based on one specified network interface. Network interface can be SSID or LAN. Figure 51: Packet Capture Screen Packet Capture Screen Network Interface Select the desired network interface from the dropdown list. The interface can be SSID or Ethernet. Start Capture Click to start the capture. You will be asked to specify a local file to store the packets. Stop Capture Click to stop the capture.
Diagnostic Log Diagnostic Log provides system detail information such as configuration file, system status and statistics data, hardware information, operational status. The information is useful in troubleshooting and working with technical support. Figure 52: Diagnostic Screen Diagnostic Log Screen Download Click to download the device diagnostic log into a local file.
Appendix A --- Troubleshooting Overview This chapter covers some common problems encountered while using the wireless access point, and some possible solutions to them. If you follow the suggested steps and the wireless access point still does not function properly, contact your dealer for further advice. General Problems Problem 1: I can't find the access point on my network.
Figure 53: Ping If your PC uses a fixed (static) IP address, ensure that it is using an IP address that is in the network segment (subnet) with the wireless access point. On Windows PCs, you can use Control Panel->Network to check the properties for the TCP/IP protocol. If there is no DHCP server found, the wireless access point will roll back to an IP address and mask of 192.168.1.252 and 255.255.255.0. Problem 2: My PC can't connect to the LAN via the wireless access point.
Appendix B --- About Wireless LANs Overview Wireless networks have their own terms and jargon. You should understand these terms in order to configure and operate a wireless LAN. Wireless LAN Terminology Modes Wireless LANs can work in either of two modes: • Ad-hoc • Infrastructure Ad-hoc Mode Ad-hoc mode does not require an access point or a wired (Ethernet) LAN. Wireless stations, e.g., notebook PCs with wireless cards, communicate directly with each other.
Different access points within an ESS can use different channels. To reduce interference, it is recommended that adjacent access points SHOULD use different channels. As wireless stations are physically moved through the area covered by an ESS, they will automatically change to the access point that has the least interference or best performance. This capability is called Roaming. (Access points do not have or require roaming capabilities.
WPA-PSK In WPA-PSK, like WEP, data is encrypted before transmission. WPA is more secure than WEP. The PSK (Pre-shared Key) must be entered on each wireless station. The 256-bit encryption key is derived from the PSK, and changes frequently. WPA2-PSK This is a further development of WPA-PSK, and offers even greater security, using the AES (Advanced Encryption Standard) method of encryption. It should be used if possible.
802.1x This uses the 802.1X standard for client authentication, and WEP for data encryption. If possible, you should use WPA-Enterprise instead, because WPA encryption is much stronger than WEP encryption. If this option is used: • The access point must have a "client login" on the RADIUS server. • Each user must have a "user login" on the RADIUS server. • Each user's wireless client must support 802.1X and provide the login data when required.
Appendix C --- PC and Server Configuration Overview All wireless stations need to have settings that match the wireless access point. These settings depend on the mode in which the access point is being used. • If using WEP or WPA2-PSK, it is only necessary to ensure that each wireless station's settings match those of the wireless access point, as described below. • For 802.1x modes, configuration is much more complex.
Wireless Security On each client, wireless security must be set to WPA2PSK. • The Pre-shared Key entered on the access point must also be entered on each wireless client. • The Encryption method (e.g. TKIP, AES) must be set to match the access point. Using WPA2-Enterprise This is the most secure and most complex system. WPA-Enterprise mode provides greater security and centralized management, but it is more complex to configure.
• There must be a ‘‘client login’’ for the wireless access point itself. The wireless access point will use its default name as its client login name. (However, your RADIUS server may ignore this and use the IP address instead.) The Shared Key, set on the Security Screen of the access point, must match the Shared Secret value on the RADIUS server. Encryption settings must be correct. 802.
3. Ensure that the following components are selected. a. Certificate Services. After enabling this, you will see a warning that the computer cannot be renamed and joined after installing certificate services. Select Yes to select certificate services and continue. b. World Wide Web Server. Select World Wide Web Server on the Internet Information Services (IIS) component. c.
Figure 54: Certification Screen 6. Enter the information for the Certificate Authority, and click Next. Figure 55: CA Screen 7. Click Next if you don't want to change the CA's configuration data. 8. Installation will warn you that Internet Information Services are running, and must be stopped before continuing. Click OK, then Finish.
DHCP Server Configuration 1. Click on Start > Programs > Administrative Tools > DHCP 2. Right-click on the server entry, and select New Scope. Figure 56: DHCP Screen 3. Click Next when the New Scope Wizard begins. 4. Enter the name and description for the scope, click Next. 5. Define the IP address range. Change the subnet mask if necessary. Click Next.
6. Add exclusions in the address fields if required. If no exclusions are required, leave it blank. Click Next. 7. Change the Lease Duration time if preferred. Click Next. 8. Select Yes, I want to configure these options now, and click Next. 9. Enter the router address for the current subnet. The router address may be left blank if there is no router. Click Next. 10. For the parent domain, enter the domain you specified for the domain controller setup, and enter the server's address for the IP address.
Certificate Authority Setup 1. Select Start > Programs > Administrative Tools > Certification Authority. 2. Right-click Policy Settings, and select New > Certificate to Issue. Figure 59: Certificate Authority Screen 3. Select Authenticated Session and Smartcard Logon (select more than one by holding down the Ctrl key). Click OK.
4. Select Start > Programs > Administrative Tools > Active Directory Users and Computers. 5. Right-click on your active directory domain, and select Properties. Figure 61: Active Directory Screen 6. Select the Group Policy tab, choose Default Domain Policy then click Edit.
7. Select Computer Configuration > Windows Settings > Security Settings > Public Key Policies, right-click Automatic Certificate Request Settings > New > Automatic Certificate Request. Figure 63: Group Policy Screen 8. When the Certificate Request Wizard appears, click Next. 9. Select Computer, click Next. Figure 64: Certificate Template Screen 10. Ensure that your Certificate Authority is checked, click Next. 11. Review the policy change information and click Finish. 12.
Internet Authentication Service (RADIUS) Setup 1. Select Start > Programs > Administrative Tools > Internet Authentication Service. 2. Right-click on Clients, and select New Client. Figure 65: Service Screen 3. Enter a name for the access point, click Next. 4. Enter the address or name of the wireless access point, and set the shared secret, as entered on the Security Settings of the wireless access point. 5. Click Finish. 6. Right-click on Remote Access Policies, select New Remote Access Policy. 7.
8. Click Add... If you don't want to set any restrictions and a condition is required, select Day-And-TimeRestrictions, and click Add... Figure 66: Attribute Screen 9. Click Permitted, then OK. Select Next. 10. Select Grant remote access permission. Click Next.
11. Click Edit Profile... and select the Authentication tab. Enable Extensible Authentication Protocol, and select Smart Card or other Certificate. Deselect other authentication methods listed. Click OK. Figure 67: Authentication Screen 12. Select No if you don't want to view the help for EAP. Click Finish. Remote Access Login for Users 1. Select Start > Programs > Administrative Tools > Active Directory Users and Computers. 2. Double click on the user who you want to enable.
3. Select the Dial-in tab, and enable Allow access. Click OK. Figure 68: Dial-in Screen 802.1x Client Setup on Windows XP Windows XP ships with a complete 802.1x client implementation. If using Windows 2000, you can install SP3 (Service Pack 3) to gain the same functionality. If you don't have either of these systems, you must use the 802.1x client software provided with your wireless adapter. Refer to your vendor's documentation for setup instructions.
The following instructions assume that: • You are using Windows XP • You are connecting to a Windows 2000 server for authentication. • You already have a login (User-name and password) on the Windows 2000 server. Client Certificate Setup 1. Connect to a network that doesn't require port authentication. 2. Start your Web browser. In the Address box, enter the IP address of the Windows 2000 Server, followed by “/certsrv”. Example: http://192.168.0.2/certsrv 3.
4. On the first screen (below), select Request a certificate, click Next. Figure 70: Wireless CA Screen 5. Select User certificate request and select User Certificate, click Next.
6. Click Submit. Figure 72: Identifying Information Screen 7. A message will be displayed and the certificate will be returned to you. Click Install this certificate.
8. You will receive a confirmation message. Click Yes. Figure 74: Root Certificate Screen 9. Certificate setup is now complete.
802.1x Authentication Setup 1. Open the properties for the wireless connection, by selecting Start > Control Panel > Network Connections. 2. Right-click on the Wireless Network Connection, and select Properties. 3. Select the Authentication Tab, and ensure that Enable network access control using IEEE 802.1X is selected, and Smart Card or other Certificate is selected from the EAP type.
Encryption Settings The encryption settings must match the access point’s on the wireless network you wish to join. • Windows XP will detect any available wireless networks, and allow you to configure each network independently. • Your network administrator can advise you of the correct settings for each network. 802.1x networks typically use EAP-TLS. This is a dynamic key system, so there is no need to enter key values.
3. Select and enter the correct values, as advised by your Network Administrator. For example, to use EAP-TLS, you would enable Data encryption, and click the checkbox for the setting The key is provided for me automatically, as shown below. Figure 77: Properties Screen Setup for Windows XP and 802.1x client is now complete.
Using 802.1x Mode (without WPA) This is very similar to using WPA-Enterprise. The only difference is that on your client, you must NOT enable the setting The key is provided for me automatically. Instead, you must enter the WEP key manually, ensuring it matches the WEP key used on the access point. Figure 78: Properties Screen Note—On some systems, the 64-bit WEP key is shown as 40-bit and the 128-bit WEP key is shown as 104-bit.
BELKIN, LINKSYS and many product names and logos are trademarks of the Belkin group of companies. Third-party trademarks mentioned are the property of their respective owners. © 2016 Belkin International, Inc. and/or its affiliates. All rights reserved.
