Linksys LAPN300 User Manual
  1. Manuals
  2. Brands
  3. Linksys Manuals
  4. Wireless Access Point
  5. LAPN300
  6. User manual

Linksys LAPN300 User Manual

Wireless-n300 access point with poe
Hide thumbs Also See for LAPN300:
Table of Contents

Advertisement

Quick Links

User Guide
LAPN300
Wireless-N300
Access Point with POE
Model # LAPN300
1

Advertisement

Table of Contents
loading

Related Manuals for Linksys LAPN300

Summary of Contents for Linksys LAPN300

  • Page 1 User Guide LAPN300 Wireless-N300 Access Point with POE Model # LAPN300...

  • Page 2: Table Of Contents

    Contents Chapter 1 – Quick Start Guide ............................5 Mounting Guide ................................... 6 Wall Installation ................................6 Ceiling Installation ................................. 6 Chapter 2 – Access Point Setup ............................8 Overview ....................................8 Set up using a web browser ............................8 Setup wizard ..................................
  • Page 3 WDS ..................................... 44 Workgroup Bridge ................................48 Advanced Settings ................................. 50 Captive Portal................................... 54 Global Configuration ..............................54 Portal Profiles ................................55 Local User ..................................57 Local Group ................................... 58 Web Customization ..............................59 Profile Association..............................61 Client Information ............................... 62 Client Information Screen ............................
  • Page 4 Overview .................................... 83 Wireless LAN Terminology ............................83 Modes ....................................83 SSID/ESSID .................................. 83 Channels..................................84 WEP ....................................84 WPA-PSK ..................................85 WPA2-PSK ..................................85 WPA-Enterprise ................................85 WPA2-Enterprise ................................ 85 802.1x .................................... 86 Appendix C – PC and Server Configuration ....................... 87 Overview ....................................

  • Page 5: Chapter 1 - Quick Start Guide

    Chapter 1 -- - Quick Start Guide LAPN300 Package Contents Linksys Wireless Access Point • Quick Start Guide • Ethernet Cable • AC Power Adapter • CD with Documentation • Mounting Bracket • Mounting Kit • Ceiling Mount Back Plate •...

  • Page 6: Mounting Guide

    LAPN300 is 12.5 W. Make sure your PoE switch or PoE injector is 802.3af-capable or 802.3at-capable to provide sufficient power to access point. NOTE: When both PoE and AC power adapter are connected to access point, device will get power from PoE as higher precedence.
  • Page 7 6. Slide the device into the bracket. Turn access point clockwise until it locks. 7. Replace tile in ceiling. IMPORTANT—Improper or insecure mounting could result in damage to the device or personal injury. Linksys is not responsible for damages caused by improper mounting.

  • Page 8: Chapter 2 - Access Point Setup

    Chapter 2 – Access Point Setup Overview This chapter describes the setup procedure to connect the wireless access point to your LAN, and configure it as an access point for your wireless stations. Wireless stations may also require configuration. For details, see Appendix C - Wireless Station Configuration.
  • Page 9 3. Type in default username: admin, and password: admin. 4. Click Login to launch the browser-based setup and follow the on-screen instructions. Figure 1: Password Dialog If you can't connect—It is likely that your PC’s IP address is incompatible with the wireless access point’s IP address.

  • Page 10: Setup Wizard

    Setup wizard The first time you connect to the wireless access point, run the Setup Wizard to configure the device. 1. Click the Quick Start tab on the main menu. Figure 2: Setup Wizard 2. On the first screen, click Launch. 3.
  • Page 11 4. Configure the time zone, date and time for the device on System Settings screen. Figure 3: Setup Wizard - System Settings 5. On the IPv4 Address screen (Figure 4) configure the IP address of the device then click Next. Figure 4: Setup Wizard - IPv4...
  • Page 12 6. Set the SSID information on the Wireless Network screen. Click Next. If you want to configure more than 4 SSIDs, go to Configuration > Wireless >Basic Settings. The access point supports up to 8 SSIDs. Figure 5: Setup Wizard - Wireless Network 7.
  • Page 13 Figure 6: Setup Wizard - Wireless Security 8. On the Summary screen, check the data to make sure they are correct and then click Submit to save the changes. Figure 7: Setup Wizard - Summary 9. Click Finish to leave the wizard.
  • Page 14 Figure 8: Setup Wizard - Finish...

  • Page 15: User Accounts

    User accounts Manage user accounts. The access point supports up to 5 users: one administrator and four normal users. Figure 9: User Accounts User Accounts Screen User Account Table User Name Enter the User Name to connect to the access point’s admin interface.

  • Page 16: Time

    Time Figure 10: Time Screen Time Screen Time Current Time Display current date and time of the system. Manually Set date and time manually. When enabled (default setting) the access point will get the current time Automatically from a public time server. Time Zone Choose the time zone for your location from the drop-down list.

  • Page 17: Log Settings

    Log settings Record various types of activity on the access point. This data is useful for troubleshooting, but enabling all logs will generate a large amount of data and adversely affect performance. Figure 11: Log Settings Screen...

  • Page 18: Log Settings Screen

    Log Settings Screen Log Types Log Types Select events to log. Checking all options increases the size of the log, so enable only events you believe are required. Email Alert Email Alert Enable email alert function. SMTP Server Enter the email server that is used to send logs. It can be an IPv4 address or a domain name.

  • Page 19: Management Access

    Management access Configure the management methods of the access point. Figure 12: Management Access Screen Management Access Screen Web Access HTTP HTTP (Hyper Text Transfer Protocol) is the standard for transferring files (text, graphic images and other multimedia files) on the World Wide Web. Enable to allow Web access by HTTP protocol.
  • Page 20 HTTPS Port Specify the port for HTTPS. It can be 443 (default) or from 1024 to 65535. From Wireless Enable wireless devices to connect to access point’s admin page. Disabled by default. Access Control By default, no IP addresses are prohibited from accessing the device’s admin page.
  • Page 21 SNMPv3 Settings SNMPv3 Settings Configure the SNMPv3 settings if you want to use SNMPv3. Username: Enter the username. It includes 0 to 32 characters. Special characters are allowed. Authentication Protocol: None or HMAC-MD5. Authentication Key: 8 to 32 characters. Special characters are allowed.

  • Page 22: Ssl Certificate

    SSL certificate Manage SSL certificate used by HTTPS. Figure 13: SSL Certificate Screen SSL Certificate Screen Export/Restore to/from Local PC Export SSL Click to export the SSL certificate. Certificate Install Certificate Browse to choose the certificate file. Click Install Certificate button. Export to TFTP Server Destination File Enter the name of the destination file.

  • Page 23: Network Setup

    Network setup Configure basic device settings, VLAN settings and settings for the LAN interface, including static or dynamic IPv4/IPv6 address assignment. Figure 14: Network Setup Screen Network Setup Screen TCP/IP Host Name Assign a host name to this access point. Host name consists of 1 to 15 characters.

  • Page 24: Advanced

    Untagged Specifies a number between 1 and 4094 for the untagged VLAN ID VLAN ID. The default is 1. Traffic on the VLAN that you specify in this field is not be tagged with a VLAN ID when forwarded to the network. Untagged VLAN ID field is active only when untagged VLAN is enabled.

  • Page 25: Advanced Screen

    Advanced Screen Port Settings Auto If enabled, Port Speed and Duplex Mode will become grey Negotiation and cannot be configured. If disabled, Port Speed and Duplex Mode can be configured. Operational Current Auto Negotiation mode of the Ethernet port. Auto Negotiation Port Speed Select the speed of the Ethernet port.

  • Page 26: Wireless Screens

    Discovery Settings Bonjour Enable if administrator wants the access point to be discovered by Bonjour enabled devices automatically. If VLAN is enabled, the discovery packets will be sent out via management VLAN only. The access point supports http and https services. LLDP Enable if administrator wants the access point to be discovered by switch by LLDP protocol.

  • Page 27: Basic Settings

    Basic Settings Basic Settings provides the essential configuration for your wireless radio and SSID. You should be able to set up your wireless network with these essential parameters configured. Advanced wireless settings, such as Band Steering, Channel Bandwidth, etc., will be on Configuration > Wireless > Advanced Settings screen.

  • Page 28: Security Settings

    SSID Settings SSID Name Enter the desired SSID Name. Each SSID must have a unique name. The name includes 1 to 32 characters Broadcast Enable or disable the broadcast of the SSID. When the access point does not broadcast its SSID, the network name is not shown in the list of available networks on a client station.

  • Page 29: Security Mode

    SSID Settings Screen Security Select the desired SSID from the drop-down list. Select SSID Security Mode Select the desired security method from the list. Security Mode Disabled - No security. Anyone using the correct SSID can connect to your network. •...
  • Page 30 Security Settings – WEP This is the 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong. Figure 18: WEP Wireless Security Screen WEP Screen Authentication Select Open System or Shared Key. All wireless stations must use the same method.
  • Page 31 Security Settings - WPA2-Personal This is a further development of WPA-Personal, and offers even greater security. Figure19: WPA2-Personal Wireless Security Screen WPA2-Personal Screen WPA2-Personal WPA Algorithm The encryption method is AES. Wireless stations must also use AES. Pre-shared Key Enter the key value. It is 8 to 63 ASCII characters or 64 HEX characters.
  • Page 32 Security Settings - WPA/WPA2-Personal This method, sometimes called Mixed Mode, allows clients to use either WPA-Personal or WPA2- Personal. Figure 20: WPA/WPA2-Personal Wireless Security Screen WPA/WPA2-Personal Screen WPA/WPA2-Personal WPA Algorithm The encryption method is TKIP or AES. Pre-shared Key Enter the key value. It is 8 to 63 ASCII characters or 64 HEX characters.
  • Page 33 Security Settings - WPA2-Enterprise This version of WPA2-Enterprise requires a RADIUS Server on your LAN to provide the client authentication. Data transmissions are encrypted using the WPA2 standard. Figure 21: WPA2-Enterprise Wireless Security Screen WPA2-Enterprise Screen WPA2-Enterprise Enter the IP address of the RADIUS Server on your network. Primary Server Enter the port number used for connections to the RADIUS Server.
  • Page 34 Security Settings - WPA/WPA2-Enterprise This version of WPA2-Enterprise requires a RADIUS Server on your LAN to provide the client authentication. Data transmissions are encrypted using either the WPA or WPA2 standard. Figure 22: WPA/WPA2-Enterprise Wireless Security Screen WPA/WPA2-Enterprise Screen WPA/WPA2-Enterprise Primary Server Enter the IP address of the RADIUS Server on your network.
  • Page 35 Key Renewal Specify the value of Group Key Renewal. It is a value Timeout from 600 to 36000 sec, and default is 3600 sec. WPA automatically changes secret keys after a certain period of time. The group key interval is the period of time between automatic changes of the group key, which all devices on the network share.
  • Page 36 RADIUS Screen Authentication Server Primary Server Enter the IP address of the RADIUS Server on your network. Primary Server Port Enter the port number used for connections to the RADIUS Server. It is a value from 1 to 65534, and default is 1812.

  • Page 37: Rogue Ap Detection

    Rogue AP Detection Detect an unexpected or unauthorized access point installed in a secure network environment. Figure 24: Rogue AP Screen Rogue AP Screen Rogue AP Enable or disable Rogue AP Detection. Detected Rogue AP List Trust Action Click to move the AP to the Trusted AP List. MAC Address The MAC address of the Rogue AP.

  • Page 38: Scheduler

    Trusted AP List Untrust Action Click to move the AP to the Rogue AP List. MAC Address The MAC address of the Trusted AP. SSID The SSID of the Trusted AP. Channel The channel of the Trusted AP. Security The security method of the Trusted AP. Signal The signal level of the Trusted AP.
  • Page 39 Scheduler Screen Wireless Enable or disable wireless scheduler on the radio. It is Scheduler disabled by default. If disabled, even if some SSIDs are associated with profiles, they will be always active. Scheduler Operational Status Status The operational status of the scheduler. Reason The detailed reason for the scheduler operational status.

  • Page 40: Scheduler Association

    Scheduler Association Associate defined scheduler profiles with SSIDs. Figure 26: Scheduler Association Screen Scheduler Association Screen Scheduler Association SSID The index of SSID. SSID Name The name of the SSID. Profile Name Choose the profile that is associated with the SSID. If the profile associated with the SSID is deleted, then the association will be removed.

  • Page 41: Connection Control

    Connection Control Exclude or allow only listed client stations to authenticate with the access point. Figure 27: Connection Control Screen Connection Control Screen SSID Select the desired SSID from the list. Connection Select the option from the drop-down list as desired. Control Type Allow only following MAC addresses to Local: Choose either...

  • Page 42: Rate Limit

    Rate Limit Limit downstream and upstream rate of SSIDs. Figure 28: Rate Limit Screen Rate Limit Screen Rate Limit SSID The index of SSID. SSID Name The name of the SSID. Upstream Enter a maximum upstream for the SSID. The range is from Rate 0 to 200 Mbps;...

  • Page 43: Quality Of Service (Qos)

    Quality of Service (QoS) Specify priorities for different traffic coming from your wireless client. Lower priority traffic will be slowed down to allow greater throughput or less delay for high priority traffic. Figure 29: QoS Screen QoS Screen QoS Settings SSID The index of SSID.

  • Page 44: Wds

    With Wireless Distribution System (WDS) you can expand a wireless network through multiple access points instead of linking them with a wired backbone. WDS only works and interacts with LAPN300, LAPN600, LAPAC1200 or LAPAC1750 devices. The access point can act as WDS Root or WDS Station: •...
  • Page 45 WDS screen Spanning Tree (Recommended if you configure WDS connections) Spanning Tree When enabled, STP helps prevent switching loops. WDS Root Interface Enable or Disable the WDS Root. Status Be sure the following settings on WDS Root device are determined and configured. The WDS Station must use the same settings as Root afterwards.
  • Page 46 Allowed VLAN Enter the list of VLANs accepted by the WDS Root. List When VLAN is enabled, WDS Root receives from WDS Stations only packets in the VLAN list. Packets not in the list will be dropped. The VLAN list is only applicable when VLAN is enabled. The VLAN list includes 1 to 16 VLAN IDs separated by ","...
  • Page 47 Remote MAC MAC address of the access point on the other end of the Address WDS link. Optional WDS Station connects to remote WDS Root by matching SSIDs, When there is more than one remote WDS Root with the same SSID, the WDS Station can differentiate them by MAC address.

  • Page 48: Workgroup Bridge

    Workgroup Bridge Extend the accessibility of a remote network. In Workgroup Bridge mode, the access point acts as a wireless station on the wireless LAN. It can bridge traffic between a remote wired network and a wireless LAN. When Workgroup Bridge is enabled, SSID configuration still works to provide wireless services to clients.
  • Page 49 Workgroup Bridge Screen Workgroup Bridge Status Status Enable or disable Workgroup Bridge function. Workgroup Bridge can only be enabled when VLAN function is disabled. Before configuring Workgroup Bridge, make sure all devices in Workgroup Bridge have the following identical settings. •...

  • Page 50: Advanced Settings

    Security Mode Select the desired mode from the list. • Disabled • WPA-Personal • WPA2-Personal • WPA-Enterprise • WPA2-Enterprise Connection Connected or Not Connected. Status Advanced Settings Configure advanced parameters. Figure 32: Advanced Settings Advanced Settings Screen Band Steering Band Steering Enable or disable Band Steering function.
  • Page 51 Isolation Isolation between Define whether to isolate traffic between SSIDs. If SSIDs enabled, wireless clients in different SSIDs cannot communicate with each other. Enabled by default. Advanced Parameters Worldwide Mode Worldwide Mode (802.11d) enables the access point (802.11d) to direct connected wireless devices to radio settings specific to where in the world the devices are in use.
  • Page 52 DTIM Interval Enter the Delivery Traffic Information Map (DTIM) period, an integer from 1 to 255 beacons. The default is 1 beacon. The DTIM message is an element included in some beacon frames. It indicates which client stations, currently sleeping in low-power mode, have data buffered on the access point awaiting pickup.
  • Page 53 Fragmentation Enter the fragmentation threshold, an integer from Threshold 256 to 2346. The default is 2346. The fragmentation threshold is a way of limiting the size of packets (frames) transmitted over the network. If a packet exceeds the fragmentation threshold you set, the fragmentation function is activated and the packet is sent as multiple 802.11 frames.

  • Page 54: Captive Portal

    Captive Portal There are seven configuration screens: • Global Configuration • Portal Profiles • Local User Local Group • • Web Customization • Profile Association • Client Information Global Configuration Change settings and modify captive portal authentication access port number if needed. Figure 33: Global Configuration Global Configuration Screen Captive Portal...

  • Page 55: Portal Profiles

    Additional HTTP HTTP portal authentication uses HTTP Port management port by default. You can configure an additional port for that process. HTTP Port Define an additional port for HTTP protocol. The value can be 80 or 1024 to 65535 and is 80 by default. If Additional HTTP Port is enabled, the HTTP Port must be different from the HTTP port in "Administration"...
  • Page 56 Portal Profiles Screen Portal Profiles Captive Portal Select a profile to configure. Profile Protocol Select the protocol used to access the Portal Authentication web server. It can be HTTP or HTTPS. Authentication Select an authentication method for clients. Local - The access point uses a local database to authenticate wireless clients.

  • Page 57: Local User

    Radius Authentication Primary Server Enter the IP address of the RADIUS Server on your network. Primary Server Port Enter the port number used for connections to the RADIUS Server. Primary Shared Enter the key value to match the RADIUS Server. Secret Backup Server The Backup Authentication Server will be used when...

  • Page 58: Local Group

    Local User Screen User Name Enter the name of the user account. The user name includes 1 to 32 characters. Special characters except ':' and ';' are allowed. Password Enter the New Password of the user account. The password must be between 4 and 32 characters in length.

  • Page 59: Web Customization

    Members User members of the selected group. You can select one user and click ">>" button to remove it. Other Users Other users which don't belong to the selected group. You can select one user and click "<<" button to add it into the group.
  • Page 60 Font Color The HTML code for the font color in 6-digit hexadecimal format. The default is #FFFFFF. Welcome Title Customize text to go with your logo. The default is Welcome to the Wireless Network. Login Instruction Customize text to go with the login box. Default text for different authentication options: •...

  • Page 61: Profile Association

    Profile Association Associate defined Captive Portal profiles with SSIDs. Figure 38: Profile Association Profile Association Screen SSID A list of available SSIDs. SSID Name The name of the SSID. Profile Name Choose the profile that is associated with the SSID. If the profile associated with the SSID is deleted, then the association will be removed.

  • Page 62: Client Information

    Client Information View the status of wireless clients that are authenticated by Captive Portal. Figure 39: Client Information Client Information Screen MAC address of the client. MAC Address IP address of the client. IP Address User name used by the client to log in. User Name Name of the SSID to which the client is connected.

  • Page 63: Chapter 3 - System Status

    Chapter 3 – System Status System Summary Provides the system status of the access point. Figure 40: System Summary Screen System Summary Screen System Summary Device SKU The SKU is often used to identify device model number and region. Firmware Version The version of the firmware currently installed.

  • Page 64: Lan Status

    LAN Status LAN Status displays settings, and status of LAN interface. Figure 41: LAN Status Screen LAN Status Screen VLAN VLAN Enabled or disabled (default). Untagged VLAN Enabled (default) or disabled. If enabled (default), traffic is untagged when VLAN ID is equal to Untagged VLAN ID and untagged traffic can be accepted by LAN port.
  • Page 65 Management Displays the Management VLAN ID. The VLAN associated with the IP VLAN address you use to connect to the access point. Provide a number between 1 and 4094 for the Management VLAN ID. The default is 1. This VLAN is also the default untagged VLAN. If you already have a management VLAN configured on your network with a different VLAN ID, you must change the VLAN ID of the management VLAN on the access point.

  • Page 66: Wireless Status

    Wireless Status Wireless Status displays settings and status of the wireless radio and SSID. Figure 42: Wireless Status Screen Wireless Status Screen Radio Status Indicates whether the radio is enabled. Radio Status Current 802.11mode (a/b/g/n) of the radio. Mode The channel currently in use. Channel Current channel bandwidth of the radio.
  • Page 67 Current scheduler status of the SSID. Scheduler State • No scheduler is enabled on the SSID, or the SSID is disabled by administrator. • Active The SSID is enabled. • Inactive The SSID is disabled. WDS Root Status Status of the WDS Root: Enabled or Disabled. Local MAC MAC Address of the WDS Root.

  • Page 68: Wireless Clients

    Workgroup Bridge Status of the Workgroup Bridge: enabled or disabled. Status MAC address of the Workgroup Bridge. Local MAC SSID of the destination access point on the other end of the Remote SSID Workgroup Bridge link to which data is sent and from which data is received.

  • Page 69: Statistics

    Wireless Clients Screen Select Your Wireless Interface Wireless Select the desired interface from the list. The interfaces Interface include eight SSIDs. Connected Clients SSID Name Name of the SSID to which the client connects. Client MAC The MAC address of the client. SSID MAC MAC of the SSID to which the client connects.

  • Page 70: Log View

    Statistics Screen Transmit/Recei Total Packets - The total packets sent (in Transmit table) or received (in Received table) by the interface. Total Bytes - The total bytes sent (in Transmit table) or received (in Received table) by the interface. Total Dropped Packets - The total number of dropped packets sent (in Transmit table) or received (in Received table) by the interface.
  • Page 71 Log View Screen Log Messages Log Messages Show the log messages. Buttons Refresh Update the data on screen. Save Save the log to a file on your PC. Clear Delete the existing logs from your device.

  • Page 72: Chapter 4 - Maintenance

    Chapter 4 – Maintenance Overview Maintenance This chapter covers features available on the wireless access point’s menu. Maintenance • Firmware Upgrade Configuration Backup/Restore • • Factory Default • Reboot Diagnostics • Ping Test • Packet Capture • Diagnostic Log...

  • Page 73: Firmware Upgrade

    Firmware Upgrade The firmware (software) in the wireless access point can be upgraded by using HTTP/HTTPS, or TFTP. Check the Linksys support website (http://www.linksys.com/support) and download the latest firmware release to your storage such as PC. Then, perform firmware upgrade by following the steps below.

  • Page 74: Configuration Backup/Restore

    Configuration Backup/Restore Configuration backup/restore allows you to download the configuration file from the access point to external storage. You can save to your PC or networked storage, or upload a previously saved configuration file from external storage to your access point. It is highly recommended you save one extra copy of the configuration file to external storage after you are done with access point setup.
  • Page 75 Configuration Backup/Restore Screen Backup/Restore to/from Local PC Backup Once you have the access point working properly, you Configuration should back up the settings to a file on your computer. You can later restore the access point's settings from this file, if necessary. To create a backup file of the current settings, click Backup.

  • Page 76: Factory Default

    Factory Default It’s highly recommended you save your current configuration file before you restore to factory default settings. To save your current configuration file, click Maintenance > Configuration Backup/Restore. Select and click Save. Figure 48: Factory Default Screen Factory Default Screen Factory Default When you restore to factory defaults your current configuration file will be deleted and the system will...

  • Page 77: Reboot

    Reboot Reboot power cycles the device. The current configuration file will remain after reboot. Figure 49: Reboot Screen Reboot Screen Device Reboot Select and click Save to power cycle the access point.

  • Page 78: Ping Test

    Ping Test Determine the accessibility of a host on the network. Figure 50: Ping Test Screen Ping Test Screen General IP Type Enter the IP type of destination address. IP or URL Address Enter the IP address or domain name that you want to ping.

  • Page 79: Packet Capture

    Packet Capture Capture and store received and transmitted 802.3 packets based on one specified network interface. Network interface can be SSID or LAN. Figure 51: Packet Capture Screen Packet Capture Screen Network Interface Select the desired network interface from the drop- down list.

  • Page 80: Diagnostic Log

    Diagnostic Log Diagnostic Log provides system detail information such as configuration file, system status and statistics data, hardware information, operational status. The information is useful in troubleshooting and working with technical support. Figure 52: Diagnostic Screen Diagnostic Log Screen Download Click to download the device diagnostic log into a local file.

  • Page 81: Appendix A - Troubleshooting

    Appendix A -- - Troubleshooting Overview This chapter covers some common problems encountered while using the wireless access point, and some possible solutions to them. If you follow the suggested steps and the wireless access point still does not function properly, contact your dealer for further advice. General Problems Problem 1: I can't find the access point on my network.
  • Page 82 Figure 53: Ping If your PC uses a fixed (static) IP address, ensure that it is using an IP address that is in the network segment (subnet) with the wireless access point. On Windows PCs, you can use Control Panel->Network to check the properties for the TCP/IP protocol.

  • Page 83: Appendix B - About Wireless Lans

    Appendix B -- - About Wireless LANs Overview Wireless networks have their own terms and jargon. You should understand these terms in order to configure and operate a wireless LAN. Wireless LAN Terminology Modes Wireless LANs can work in either of two modes: •...

  • Page 84: Channels

    Different access points within an ESS can use different channels. To reduce interference, it is recommended that adjacent access points SHOULD use different channels. As wireless stations are physically moved through the area covered by an ESS, they will automatically change to the access point that has the least interference or best performance.

  • Page 85: Wpa-Psk

    WPA-PSK In WPA-PSK, like WEP, data is encrypted before transmission. WPA is more secure than WEP. The PSK (Pre-shared Key) must be entered on each wireless station. The 256-bit encryption key is derived from the PSK, and changes frequently. WPA2-PSK This is a further development of WPA-PSK, and offers even greater security, using the AES (Advanced Encryption Standard) method of encryption.
  • Page 86 802.1x This uses the 802.1X standard for client authentication, and WEP for data encryption. If possible, you should use WPA-Enterprise instead, because WPA encryption is much stronger than WEP encryption. If this option is used: The access point must have a "client login" on the RADIUS server. •...

  • Page 87: Appendix C - Pc And Server Configuration

    Appendix C -- - PC and Server Configuration Overview All wireless stations need to have settings that match the wireless access point. These settings depend on the mode in which the access point is being used. • If using WEP or WPA2-PSK, it is only necessary to ensure that each wireless station's settings match those of the wireless access point, as described below.

  • Page 88: Using Wpa2-Enterprise

    Wireless On each client, wireless security must be set to WPA2- Security PSK. The Pre-shared Key entered on the access point must • also be entered on each wireless client. The Encryption method (e.g. TKIP, AES) must be set to •...

  • Page 89: Server Setup (Windows 2000 Server)

    • There must be a ‘‘client login’’ for the wireless access point itself. The wireless access point will use its default name as its client login name. (However, your RADIUS server may ignore this and use the IP address instead.) Shared Key Security Shared Secret...
  • Page 90 Figure 53: Components Screen 4. Click Next. Enterprise root CA , and click Next. 5. Select the Figure 54: Certification Screen...
  • Page 91 6. Enter the information for the Certificate Authority, and click Next. Figure 55: CA Screen 7. Click Next if you don't want to change the CA's configuration data. 8. Installation will warn you that Internet Information Services are running, and must be stopped before continuing.

  • Page 92: Dhcp Server Configuration

    DHCP Server Configuration 1. Click on Start > Programs > Administrative Tools > DHCP New Scope 2. Right-click on the server entry, and select Figure 56: DHCP Screen 3. Click Next when the New Scope Wizard begins. 4. Enter the name and description for the scope, click Next.
  • Page 93 5. Define the IP address range. Change the subnet mask if necessary. Click Next. Figure 57: IP Address Screen 6. Add exclusions in the address fields if required. If no exclusions are required, leave it blank. Click Next. 7. Change the Lease Duration time if preferred. Click Next. 8.
  • Page 94 10. For the parent domain, enter the domain you specified for the domain controller setup, and enter the server's address for the IP address. Click Next. Figure 58: DNS Screen 11. If you don't want a WINS server, just click Next. Yes, I want to activate this scope now 12.

  • Page 95: Certificate Authority Setup

    Certificate Authority Setup 1. Select Start > Programs > Administrative Tools > Certification Authority. 2. Right-click Policy Settings, and select New > Certificate to Issue. Figure 59: Certificate Authority Screen Authenticated Session Smartcard Logon 3. Select (select more than one by holding down the Ctrl key).
  • Page 96 4. Select Start > Programs > Administrative Tools > Active Directory Users and Computers. 5. Right-click on your active directory domain, and select Properties. Figure 61: Active Directory Screen...
  • Page 97 6. Select the Group Policy tab, choose Default Domain Policy then click Edit. Figure 62: Group Policy Tab...
  • Page 98 7. Select Computer Configuration > Windows Settings > Security Settings > Public Key Policies, right-click Automatic Certificate Request Settings > New > Automatic Certificate Request. Figure 63: Group Policy Screen 8. When the Certificate Request Wizard appears, click Next. 9. Select Computer, click Next. Figure 64: Certificate Template Screen Next 10.

  • Page 99: Internet Authentication Service (Radius) Setup

    Start 12. Click > ; type ‘‘cmd‘‘ and press Enter. secedit /refreshpolicy machine_policy” Enter “ (This command may take a few minutes to take effect. Internet Authentication Service (RADIUS) Setup 1. Select Start > Programs > Administrative Tools > Internet Authentication Service. 2.
  • Page 100 8. Click Add... Day-And-Time- If you don't want to set any restrictions and a condition is required, select Restrictions , and click Add... Figure 66: Attribute Screen Permitted Next 9. Click , then OK. Select Grant remote access permission 10. Select .

  • Page 101: Remote Access Login For Users

    Edit Profile... Authentication Extensible Authentication 11. Click and select the tab. Enable Protocol Smart Card or other Certificate , and select . Deselect other authentication methods listed. Click OK. Figure 67: Authentication Screen 12. Select if you don't want to view the help for EAP. Click Finish. Remote Access Login for Users 1.

  • Page 102: 802.1X Client Setup On Windows Xp

    3. Select the Dial-in tab, and enable Allow access. Click OK. Figure 68: Dial-in Screen 802.1x Client Setup on Windows XP Windows XP ships with a complete 802.1x client implementation. If using Windows 2000, you can install SP3 (Service Pack 3) to gain the same functionality. If you don't have either of these systems, you must use the 802.1x client software provided with your wireless adapter.

  • Page 103: Client Certificate Setup

    The following instructions assume that: • You are using Windows XP You are connecting to a Windows 2000 server for authentication. • • You already have a login (User-name and password) on the Windows 2000 server. Client Certificate Setup 1. Connect to a network that doesn't require port authentication. Address 2.
  • Page 104 Request a certificate 4. On the first screen (below), select , click Next. Figure 70: Wireless CA Screen...
  • Page 105 5. Select User certificate request and select User Certificate, click Next. Figure 71: Request Type Screen...
  • Page 106 6. Click Submit. Figure 72: Identifying Information Screen...
  • Page 107 7. A message will be displayed and the certificate will be returned to you. Install this certificate Click Figure 73: Certificate Issued Screen 8. You will receive a confirmation message. Click Yes. Figure 74: Root Certificate Screen 9. Certificate setup is now complete.

  • Page 108: 802.1X Authentication Setup

    802.1x Authentication Setup Start > Control Panel > Network Open the properties for the wireless connection, by selecting Connections. Wireless Network Connection Properties Right-click on the , and select Authentication Enable network access control using IEEE 3. Select the Tab, and ensure that 802.1X Smart Card or other Certificate is selected, and...

  • Page 109: Encryption Settings

    Encryption Settings The encryption settings must match the access point’s on the wireless network you wish to join. • Windows XP will detect any available wireless networks, and allow you to configure each network independently. • Your network administrator can advise you of the correct settings for each network. 802.1x networks typically use EAP-TLS.
  • Page 110 Available Networks Configure 2. Select the wireless network from the list, and click 3. Select and enter the correct values, as advised by your Network Administrator. Data encryption For example, to use EAP-TLS, you would enable , and click the checkbox for The key is provided for me automatically the setting , as shown below.

  • Page 111: Using 802.1X Mode (Without Wpa)

    Using 802.1x Mode (without WPA) This is very similar to using WPA-Enterprise. The key is provided for me The only difference is that on your client, you must NOT enable the setting automatically Instead, you must enter the WEP key manually, ensuring it matches the WEP key used on the access point.
  • Page 112 BELKIN, LINKSYS and many product names and logos are trademarks of the Belkin group of companies. Third-party trademarks mentioned are the property of their respective owners. © 2016 Belkin International, Inc. and/or its affiliates. All rights reserved. PNKPG-00089 RevB00...

Table of Contents