22Mbps Wireless Access Point / Bridge WAP-1966 User’s Manual
Copyright Copyright 2003 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of PLANET.
Federal Communication Commission (FCC) Radiation Exposure Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less than 20 cm(8 inches) during normal operation.
TABLE OF CONTENTS CHAPTER 1 INTRODUCTION .................................................................................................. 1 1.1 PACKAGE CONTENTS ......................................................................................................... 1 1.2 SYSTEM REQUIREMENTS .................................................................................................... 1 1.3 FEATURES .....................................................................................................
CHAPTER 6 TROUBLESHOOTING.......................................................................................
Chapter 1 Introduction Thank you for purchasing WAP-1966. This device features the latest innovation wireless technology making the wireless networking world happened. This manual guides you on how to install and properly use the WAP-1966 in order to take full advantage of its features. 1.
Point-to-MultiPoint) • Provide Windows-based configuration utility and Web Configuration 1.4 Specification Standard IEEE 802.11b Compliant Signal Type DSSS (Direct Sequence Spread Spectrum) Modulation QPSK / BPSK / CCK / PBCC Port One 10/100BASE-TX Antenna 1 x Dipole Antenna Data Encryption 64 bit / 128 bit / 256bit WEP encryption Frequency 2.4GHz - 2.4835GHz Channel 11 Channels (US, Canada) 13 Channels (Europe) 14 Channels (Japan) Data Rate 1/2/5.
Chapter 2 Hardware Installation Before you proceed with the installation, it is necessary that you have enough information about the WAP-1966. 1. Locate an optimum location for the WAP-1966. The best place for your WAP-1966 is usually at the center of your wireless network, with line of sight to all of your mobile stations. 2. Assemble the antenna to WAP-1966. Try to place them to a position that can best cover your wireless network. The antenna’s position will enhance the receiving sensitivity. 3.
Chapter 3 Configuring the Wireless Access Point 3.1 Configure through Web Browser Web configuration provides a user-friendly graphical user interface (web pages) to manage your WAP-1966. An AP with an assigned IP address (e.g. http://192.168.1.1) will allow you to monitor and configure via web browser (e.g., MS Internet Explorer or Netscape). 1. Open your web browser. 2. Enter the IP address of your WAP-1966 in the address field (default IP address is http://192.168.1.1).
The default password for administrator (login name is “admin”) is “admin”. You can change the Password in this step. Click “Next>”. Step 2. Set the SSID and Channel Enter the SSID of your WLAN and select the frequency channel. Click “Next>”. Step 3. Set Encryption You can enable WEP encryption and set WEP key in this screen. Click “Next>” to continue. Step 4.
Please click the “Restart” button to save the settings and restart WAP-1966. In the following web page, please click “Close” to close the Setup Wizard window. 3.1.2 Status: You can check your WAP-1966 settings and status in this screen. You can click the “View Log” button, and then the screen below will appear. You can view the logged message here. You can also clear or refresh the log record.
3.1.3 Basic Settings: You can set the AP Name, ESSID, Channel and WEP function to this Access Point. After configuration, please click Apply to save your settings. AP Name: The host name of the WAP-1966. access point. This can be any name for you to easily identify this SSID: The SSID is the name shared among all points in the wireless network system, must be identical for all points.
IP address: This address is a unique numbers that identifies a computer or device on the WAN or LAN. These numbers are usually shown in groups separated by periods, for example: 123.123.23.2. Subnet Mask: Subnets allow network traffic between hosts to be separated based on the network's configuration. In IP networking, traffic takes the form of packets. IP subnets advance network security and performance to some level by organizing hosts into logical groups.
AP Mode: WAP-1966 has four operation modes. By default, it is set to AP mode. AP: This mode is set to WAP-1966 by default. This connects your wireless PCs to a wired network. In most cases, no change is necessary. Up to 63 wireless clients can be connected through WAP-1966. AP Client: A WAP-1966 set to AP Client mode is able to talk to one WAP-1966 functioning in AP mode and wireless client within its range. This mode allows your WAP-1966 client to be the wirelessly bridged to the main WAP-1966.
and 2432. This value should remain at its default setting of 2,432. Should you encounter inconsistent data flow, only minor modifications are recommended. Fragmentation Threshold: This field is used to specify the fragmentation threshold. Enter a value between 256 and 2346. If you experience a high packet error rate, try to slightly increase your Fragmentation Threshold. The value should remain at its default setting of 2,346. Setting the Fragmentation Threshold too low may result in poor performance.
Password: Enter the new password in the "AP Password New" field and again in the next field to confirm. Click on "Apply" to execute the password change. The Password is case-sensitive, and can be made up of any keyboard characters. The new password must be between 0 and 15 characters in length. MAC Filters: Filter function is for the administrator to authorize who can gain network access through the Access Point by using MAC address filtering.
Enable/Disable: Enable or disable 802.1X authentication of WAP-1966. Encryption Key: Select one of the Encryption key length options. It should be set the same length as WEP key. Select one of the Encryption key lifetime options. Once the lifetime expires, the Encryption key will be renewed by RADIUS server. RADIUS Server 1: Enter the IP address, communicate port number, and shared secret key of your primary RADIUS server.
devices on a network. It is commonly used for network administrators to communicate with multiple devices (hub, switch, router ……) for configuring and monitoring while convenient for troubleshooting but no miscellaneous platform consideration. The built-in SNMP is an agent, which watches the status of it self. The Network Management Station (A computer attached to network with SNMP management program well installed) can be used to access it.
4. Please click “Finish” to complete the software installation. 3.2.2 22M AP Utility configuration on your desktop, please double click this icon After installing utility, you can found the icon to run the configuration utility and select each option to setup your Access Point as you need. After settings in each option, please press “Apply” to save. It will show you the dialog box to enter User Name and Password. By default, the User Name and Password is “admin”.
3.2.2.1 Link Information When the configuration utility starts, it will show you the first option “Link Information”. You can view the first Access Point’s current setting. Note: If you have many WAP-1966, all the WAP-1966s will list in “Available AP”. You can select the WAP-1966 that you want to check, then you can see the settings of the WAP-1966. 3.2.2.
Basic Settings: ESSID: ESSID is used by all wireless devices within the wireless network. The ESSID value must be the same on all stations and Access points in this WLAN. Channel: Select the appropriate channel from the list provided to correspond with your network settings, between 1 and 13 (in ETSI). All wireless devices with the same ESSID will automatically use this channel to communicate with this access point.
Transmission Rates: You may select transmission rate to “1-2Mbps”, “1-2-5.5-11Mbps” or “1-2-5.5-11-22Mbps”. Preamble Type: The preamble defines the length of the CRC block for communication between the Access Point and roaming Network Card. Long preamble ensure the network card to communicate with access point more reliably. Verify that you have selected the appropriate preamble type and click the Apply button to set it.
Antenna Transmit power: Used to control the transmit power of the WAP-1966. options are available: 100%, 50%, 25% and 12.5%. Four 3.2.2.3 IP Settings DHCP: DHCP is a protocol for dynamically assigning IP addresses to networked computers. With DHCP, a computer can automatically be given an exclusive IP address each time it logs on to a network--making IP address management an easier job for network administrators.
3.2.2.4 WEP Settings Data Encryption: Select this option when you want to enable WEP function. Auth. Mode: Open Authentication: With this setting, any station in the WLAN can receives and transmits data from the Access Point (null authentication). Shared Authentication: With this setting, only stations using shared key encryption identified by the Access Point are allowed to associate with it.
3.2.2.5 802.1x Settings 802.1X Function: Enable or disable 802.1X authentication of WAP-1966. Encryption Key: Select one of the Encryption key length options. It should be set the same length as WEP key. Select one of the Encryption key lifetime options. Once the lifetime expires, the Encryption key will be renewed by RADIUS server. RADIUS Server 1: Enter the IP address, communicate port number, and shared secret key of your primary RADIUS server.
Chapter 4 802.1X Authentication Setup 4.1 802.1X Infrastructure An 802.1X Infrastructure is composed of three major components: Authenticator, Authentication server, and Supplicant. Authentication server: An entity that provides an authentication service to an authenticator. This service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the services provided by the authenticator.
5. The RADIUS server responds to the client with its digital certificate. 6. The client validates the digital certificate, and replies its own digital certificate to the RADIUS server. 7. The RADIUS server validates client’s digital certificate. 8. The client and RADIUS server derive encryption keys. 9. The RADIUS server sends WAP-1966 a RADIUS ACCEPT message, including the client’s WEP key. 10.
6. Enter the information that you want for your Certificate Service, and click “Next” to continue. 7. Go to Start > Program > Administrative Tools > Certificate Authority. 8. Right-click on the “Policy Setting”, select “new”. 9. Select “Certificate to Issue”. 10. Select “Authenticated Session” and “Smartcard Logon” by holding down to the Ctrl key, and click “OK” to continue.
11. Go to Start > Program > Administrative Tools > Active Directory Users and Computers. 12. Right-click on domain, and select ”Properties” to continue. 13. Select “Group Policy” tab and click “Properties” to continue.
14. Go to “Computer Configuration” > “Security Settings” > “Public Key Policies” 15. Right-click “Automatic Certificate Request Setting”, and select “New” 16. Click “Automatic Certificate Request ...
17. The Automatic Certificate Request Setup Wizard will guide you through the Automatic Certificate Request setup, simply click “Next” through to the last step. 18. Click “Finish” to complete the Automatic Certificate Request Setup 19. Go to Start > Run, and type “command” and click “Enter” to open Command Prompt. 20. Type “secedit/refreshpolicy machine_policy” to refresh policy. Adding Internet Authentication Service 21. Go to Start > Control Panel > Add or Remove Programs. 22.
Setting Internet Authentication Service 24. Go to Start > Program > Administrative Tools > Internet Authentication Service. 25. Right-click “Client”, and select “New Client”. 26. Enter the IP address of WAP-1966 in the Client address text field, a memorable name for WAP-1966 in the Client-Vendor text field, the access password used by WAP-1966 in the Shared secret text field. Re-type the password in the Confirmed shared secret text field.
27. Click “Finish”. 28. In the Internet Authentication Service, right-click “Remote Access Policies” 29. Select “New Remote Access Policy”. 30. Select “Day-And-Time-Restriction”, and click “Add” to continue.
31. Unless you want to specify the active duration for 802.1X authentication, click “OK” to accept for having 802.1x authentication enabled at all times. 32. Select “Grant remote access permission”, and click “Next” to continue.
33. Click “Edit Profile”. For TLS Authentication Setup (Steps 34 ~ 35) 34. Select “Authentication” Tab. 35. Enable “Extensible Authentication Protocol”, and select “Smart Card or other Certificate” for TLS authentication. Click “OK”. Then go to step 38.
For MD5 Authentication Setup (Steps 36 ~ 37) 36. Select “Authentication” Tab. 37. Enable “Extensible Authentication Protocol”. Select “MD5-Challenge” and enable “Encrypted Authentication (CHAP)” for MD5 authentication. Click “OK”.
38. Select “Internet Authentication Service (Local)”, click on “Action” from top panel. Then click “Register Service in Active Directory”. 39. Go to Start > Program > Administrative Tools > Active Directory Users and Computers. 40. Right click on the domain, and select “Properties”. 41. Select “Group Policy” tab, and click “Edit” to edit the Group Policy.
42. Go to “Computer Configuration” > “Windows Settings” > “Security Settings” > “Account Policies” > “Password Policies”. Double click on “Store password using reversible encryption for all users in the domain”.
43. Click “Define this policy setting”, select “Enabled”, and click “OK” to continue. 44. Go to Start > Program > Administrative Tools > Active Directory Users and Computers. 45. Go to Users. Right-click on the user that you are granting access, and select “Properties”. 46. Go to “Account” tab, and enable “Store password using reversible encryption”. 47. Click “Apply” to continue.
48. Go to the “Dial-in” tab, and check “Allow access” option for Remote Access Permission and “No Call-back” for Callback Options. Then click “OK”.
4.3 Authenticator Setup 1. For EAP-MD5 Authentication, WEP key must be set previously. Go to Basic Settings. Enable WEP key, and enter a desired key string. You can skip this step if using EAP-TLS Authentication. 2. Click on 802.1X for detailed configuration. 3. Enable 802.1X Authentication by selecting “Enable”. 4. If EAP-MD5 is used, you can leave the settings in Encryption Key Length and Lifetime as default.
by RADIUS server. 5. Enter the IP address, Port number, and Shared Secret Key used by the Primary Radius Server. 6. Enter the IP address, Port number, and Shared Secret Key used by the Secondary Radius Server. 7. Click “Apply”. The 802.1x settings will take effect right after WAP-1966 reboots itself. You can also use utility to configure 802.1X settings. The procedures are similar to above described. 4.4 Wireless Client Setup Windows XP is originally 802.1X support.
5. Click “Properties” of one available wireless network, which you want to associate with. 6. Select “Data encryption (WEP enabled)” option, but leave other options unselected.
7. Enter the network key in “Network key” text box. The string must be the same as the first set of WEP key which you set to WAP-1966. 8. Click “OK”. 9. Select “Authentication” tab. 10. Select “Enable network access control using IEEE 802.1X” to enable 802.1x authentication. 11. Select “MD-5 Challenge” from the drop-down list box for EAP type. 12. Click “OK”.
13. When wireless client has associated with WAP-19665, a user authentication notice appears in system tray. Click on the notice to continue. 14. Enter the user name, password and the logon domain that your account belongs. 15. Click “OK” to complete the validation process. 4.4.2 EAP-TLS Authentication Get Digital Certificate from Server The following procedures are based on obtaining a certificate from Windows 2000 Server which acts as a CA server.
dialog box will prompt you to enter user name and password. 2. Enter a valid user name and password, then click “OK” to continue. 3. Select “Request a certificate”, and click “Next” to continue. 4. Select “User Certificate request”, and click “Next” to continue.
5. Click “Submit >” to continue. 6. The Certificate Service is now processing the certificate request.
7. The certificate is issued by the server, click “Install this certificate” to download and store the certificate to your local computer. 8. Click “Yes” to store the certificate to your local computer. 9. Certificate is now installed. Wireless Adapter Setup 1. Go to Start > Control Panel, double-click on “Network Connections”.
2. Right-click on the Wireless Network Connection which using WL-3555. 3. Click “Properties” to open up the Properties setting window. 4. Click on the “Wireless Network” tab. 5. Click “Properties” of one available wireless network, which you want to associate with.
6. Select “The key is provided for me automatically” option. 7. Click “OK”. 8. Click “Authentication” tab 9. Select “Enable network access control using IEEE 802.1X” option to enable 802.1x authentication.
10. Select “Smart Card or other Certificate” from the drop-down list box for EAP type. 11. Click “OK”. 12. When wireless client has associated with WAP-1966, Windows XP will prompt you to select a certificate for wireless network connection. If you only have one certificate in local computer, system will automatically use it for authenticate. If you have multiple certificates in local computer, click on the network connection icon in the system tray to continue. 13.
14. Make sure this certificate is issued by correct server, and click “OK” to complete the authentication process.
Chapter 5 Application This chapter describe the four operating mode of your WAP-1966. The four working modes of WAP-1966 are Access Point, Access Point Client Mode, Wireless Bridge mode and Multiple Bridge mode. 5.1 Access Point mode With this mode, your Wireless network connection could act as following. Any of your IEEE802.11b end nodes should found the nearest Access Point to communication with any other Wireless end-nodes or the wired Ethernet network.
5.3 Wireless Bridge mode The Wireless Bridge mode help to make the two Ethernet networks connected without any wire. With two WAP-1966s in this mode, the two LANs in distance can communicate to each other. This could be deployed if the networks are hard to make the wire in between. Please be noted, please key in the MAC address to make the WAP-1966 communicate with a specific remote Access Point, you can find the MAC address either from the utility or from the label under the Access Point.
transmission rate to communicate with each other. In a large network, please consider using management device to reduce the network broadcast to the wireless network. 5.5 Repeater mode When WAP-1966 works in repeater mode, it will repeat the wireless signal from AP to wireless client or from wireless client to AP. Thus, the distance between wireless client to AP can be double.
Chapter 6 Troubleshooting This chapter gives tips on how to configure the communication software. This chapter provides solutions to problems usually encountered during the installation and operation of the Wireless Network Access Point. Read the description below to solve your problems. Can I run an application from a remote computer over the wireless network? This will depend on whether or not the application is designed to be used over a network.
An integrated wireless and wired LAN is called an Infrastructure configuration. Infrastructure is applicable to enterprise scale for wireless access to central database, or wireless application for mobile workers. What is Roaming? Roaming is the ability of a portable computer user to communicate continuously while moving freely throughout an area greater than that covered by a single Wireless Network Access Point.
