1. Manuals
  2. Brands
  3. 4IPNET Manuals
  4. Wireless Access Point
  5. EAP260
  6. User manual

4IPNET EAP260 User Manual

Hide thumbs Also See for EAP260:
Table of Contents

Advertisement

Quick Links

Download this manual
EAP260 V1.20
Enterprise Access Point

Advertisement

Table of Contents
loading

Related Manuals for 4IPNET EAP260

Summary of Contents for 4IPNET EAP260

  • Page 1 EAP260 V1.20 Enterprise Access Point...
  • Page 2 4IPNET, INC. Disclaimer 4IPNET, INC. does not assume any liability arising out the application or use of any products, or software described herein. Neither does it convey any license under its parent rights not the parent rights of others.

  • Page 3: Table Of Contents

    Before You Start ..........................6 1.1 Preface..............................6 1.2 Document Conventions........................6 1.3 Package Content..........................7 System Overview and Getting Started .....................8 2.1 Introduction of 4ipnet EAP260 ......................8 2.2 Hardware Description ........................9 2.3 Hardware Installation........................11 2.4 Console Interface..........................12 2.5 Access Web Management Interface .....................14 Connect your AP to your Network ....................18...
  • Page 4 User’s Manual EAP260 Enterprise Access Point ENGLISH 7.4.2 Backup & Restore ......................76 7.4.3 System Upgrade ......................77 7.4.4 Reboot ..........................78 7.4.5 Upload Certificate ......................79 7.4.6 WAPI Certificate ......................80 7.4.7 Channel Analysis ......................81 Copyright © 4IPNET, INC.
  • Page 5 User’s Manual EAP260 Enterprise Access Point ENGLISH 7.4.7 Channel Analysis Copyright © 4IPNET, INC.
  • Page 6 User’s Manual EAP260 Enterprise Access Point ENGLISH 7.5 Status ..............................82 7.5.1 Overview .........................82 7.5.2 Associated Clients ......................84 7.5.3 Repeater .........................85 7.5.4 Event Log........................86 7.6 Online Help .............................87 Copyright © 4IPNET, INC.

  • Page 7: Before You Start

    This manual is intended for system integrators, field engineers, and network administrators to set up 4ipnet’s EAP260 802.11n/b/g 2.4GHz MIMO Access Point in their network environments. It contains step- by-step procedures and visual examples to guide MIS staff or individuals with basic network system knowledge to complete the installation.

  • Page 8: Package Content

    User’s Manual EAP260 Enterprise Access Point ENGLISH 1.3 Package Content The standard package of EAP260 includes:  4ipnet EAP260  Quick Installation Guide (QIG)  CD-ROM (with User’s Manual and QIG)  Console Cable  Ethernet Cable  Power Adapter (DC 5V) ...

  • Page 9: System Overview And Getting Started

    2. System Overview and Getting Started 2.1 Introduction of 4ipnet EAP260 The 4ipnet EAP260 Enterprise Access Point embedded with 802.11 n/b/g 2.4GHz MIMO radio in dust- proof metal housing is designed for wireless connectivity in enterprise or industrial environments of all dimensions.

  • Page 10: Hardware Description

    2.2 Hardware Description This section depicts the hardware information including all panel description. Front Panel Figure 1 EAP260 Front Panel WES button Press and hold for 5 seconds to initiate Master WES process. Press and release to initiate Slave WES process.
  • Page 11 User’s Manual EAP260 Enterprise Access Point ENGLISH Rear Panel Figure 2 EAP260 Rear Panel Antenna connector Reverse SMA connectors for attaching antenna as shown in figure 2. Uplink port Offers uplink connection. This port can be used to connect to a controller, gateway, or directly to the Internet.

  • Page 12: Hardware Installation

    2. Connect the EAP260 to your network device. Connect one end of the Ethernet cable to the Uplink port of EAP260 and the other end of the cable to a switch, a router, or a hub. EAP260 is then connected to your existing wired LAN network.

  • Page 13: Console Interface

    Enterprise Access Point ENGLISH 2.4 Console Interface Use this port to enter the console interface for the administrator to check the IP address of EAP260 and reset the device to default if the admin password is forgotten. 1. In order to connect to the console port of EAP260, a console, modem cable and a terminal simulation program, such as the Hyper Terminal are needed.
  • Page 14 When resetting the device to default from the console interface, enter “reset2def” for login and password. Confirm “yes” and EAP260 will begin the reset process. When the login prompt reappears, the device has completed the reset to default process and the LAN IP is reset to 192.168.1.1.

  • Page 15: Access Web Management Interface

    To access the web management interface (WMI), connect the administrator PC to the LAN port of EAP260 via an Ethernet cable. Then, set a static IP Address on the same subnet mask as the EAP260 in TCP/IP settings of your PC, such as the following example: IP Address: 192.168.1.100...
  • Page 16 User’s Manual EAP260 Enterprise Access Point ENGLISH The Web Management Interface - System Overview Page Copyright © 4IPNET, INC.
  • Page 17 To logout, simply click on the Logout button at the upper right hand corner of the interface to return to the Administrator Login Page. Click OK to logout. Logout Logout Prompt For security reasons, it is strongly recommended to change the administrator’s password upon the completion of all configuration settings Copyright © 4IPNET, INC.
  • Page 18 It is strongly recommended to make a backup copy of your configuration settings.  After the EAP260’s network configuration is completed, please remember to change the IP Address of your PC Connection Properties back to its original settings in order to ensure that your PC functions properly in its real network environments.

  • Page 19: Connect Your Ap To Your Network

    LAN port and provide wireless access to your network. After having prepared the EAP260’s hardware for configuration, set the TCP/IP settings of administrator’s computer to have a static IP Address of 192.168.1.10 and Subnet Mask of 255.255.255.0.
  • Page 20 The alternative method is NTP. Upon selecting NTP under the Time field, the configuration changes to allow up to two NTP servers. Simply enter a local NTP server’s IP Address (if available) or search online for an NTP server nearest to you. Set the time zone and click SAVE. Copyright © 4IPNET, INC.
  • Page 21 Mode to DHCP; otherwise, set Mode to Static and fill in the required fields marked with a red asterisk (IP Address, Netmask, Gateway, and Primary DNS Server) with the appropriate values for the network. Click SAVE when you are finished to save changes that have been made. Copyright © 4IPNET, INC.
  • Page 22 On this page, select the Band with which the AP is to broadcast its signal. The rest of the fields are optional and can be configured at another time. Click SAVE if any changes have been made. Copyright © 4IPNET, INC.
  • Page 23 VAP-1). Click on the Overview tab to proceed. Virtual AP Overview Page On this page click the hyperlink in the row and column that corresponds with VAP-1’s State. This will bring up the following page. VAP Configuration Page (VAP-1 shown) Copyright © 4IPNET, INC.
  • Page 24 VAP will be used for; otherwise, leave it as default. VLAN ID can be chosen at another time. Click SAVE to save all changes up to this point and Reboot the system to apply these revised settings. Congratulations! After reboot, the AP can start to operate with these revised settings. Copyright © 4IPNET, INC.

  • Page 25: Adding Virtual Access Points

    Enterprise Access Point ENGLISH 4. Adding Virtual Access Points EAP260 possesses the feature of multi-ESSID; namely, it can behave as multiple virtual access points, providing different levels of services from the same physical AP device. Please click on the Wireless icon to review the VAP Overview page.
  • Page 26 A VLAN ID can be provided to indicate the traffic through this particular VAP. It may allow further management/control (e.g. access rights and Internet usage, etc) of each VAP with a management gateway. Click SAVE and then Reboot for the changes to take effect. Copyright © 4IPNET, INC.

  • Page 27: Secure Your Ap

    VAP Overview Page On the VAP Overview page, check the table to confirm the VAP State. If it is Enabled, skip to Step 2. If not, click on to proceed with VAP Configuration for that particular VAP. Copyright © 4IPNET, INC.
  • Page 28 First, click on the corresponding cell in the column labeled Security Type. This hyperlink will direct the user to the following Security Settings page. Security Settings Page (VAP-1 as shown for example) Select the desired Security Type from the drop-down menu, which includes None, WEP, 802.1X, WPA-PSK, and WPA-RADIUS. Copyright © 4IPNET, INC.
  • Page 29  WEP Key Index: Select a key index from 1 through 4. The WEP key index is a number that specifies which WEP key is used for the encryption of wireless frames during data transmission.  WEP Keys: Provide the pre-defined WEP key value; the system supports up to 4 sets of WEP keys. Copyright © 4IPNET, INC.
  • Page 30 Accounting Port: The port number used by the RADIUS server for accounting purposes. Specify a port number or use the default, 1813. Accounting Interim Update Interval: The system will update accounting information to the RADIUS server every interval period. Copyright © 4IPNET, INC.
  • Page 31  Pre-shared Key: Enter the key value for the pre-shared key; the format of the key value depends on the key type selected.  Group Key Update Period: The time interval for the Group Key to be renewed; the time unit is in seconds. Copyright © 4IPNET, INC.
  • Page 32 Accounting Interim Update Interval: The system will update accounting information to the RADIUS server every interval period. When these configurations are finished and MAC restriction is not needed, click SAVE and Reboot the system. Otherwise, click on the Overview tab and proceed to the next step. Copyright © 4IPNET, INC.
  • Page 33 MAC. MAC ACL Allow List An empty Allow List means that there are no allowed MAC addresses. Make sure at least the MAC of the modifying system is included (e.g. network administrator’s computer) Copyright © 4IPNET, INC.
  • Page 34 MAC ACL Deny List: This means that all client devices are granted with access to the system except those listed in the Deny List (“denied MAC addresses”). The administrator can allow any denied MAC address to connect to the system temporarily by checking Enable. MAC ACL Deny List Copyright © 4IPNET, INC.
  • Page 35 Please note that each VAP MAC ACL and its security type (shown on the Security Settings page) share the same RADIUS configuration. RADIUS ACL Click SAVE and Reboot upon completing the related configurations to take effect. Copyright © 4IPNET, INC.

  • Page 36: Create A Wds Bridge Between Two Aps

    WDS link creation is convenient for extending network coverage where running wires is not an option, effectively transferring the traffic to the other end of WLAN/LAN through the EAP260. Since this is a peer to peer connection, both EAP260s will be configured the same way.
  • Page 37 Network Settings Page Please select Enable in the field labeled Layer2 STP. This will prevent data from looping or creating a broadcast storm. Click SAVE when completed, and then Reboot to allow updated settings to take effect. Copyright © 4IPNET, INC.

  • Page 38: Web Management Interface Configuration

    Enterprise Access Point ENGLISH 7. Web Management Interface Configuration This chapter will guide the user through the EAP260’s detailed settings. The following table shows all the User Interface (UI) functions of 4ipnet’s EAP260 Enterprise Access Point. The Web Management Interface (WMI) is the page where the status is displayed, control is issued and parameters are configured.
  • Page 39  Note: After clicking SAVE, the following message will appear: “Some modification has been saved and will take effect after Reboot.” All online users will be disconnected during reboot or restart. Copyright © 4IPNET, INC.

  • Page 40: System

     Location: The information on geographical location of the system for the administrator to locate the system easily.  Time  Device Time: Display the current time of the system.  Time Zone: Select an appropriate time zone from the drop-down list box. Copyright © 4IPNET, INC.
  • Page 41  Time: Synchronize the system time by reachable NTP servers or manual setup. Enable NTP: By selecting Enabled NTP, EAP260 can synchronize its system time with the NTP server automatically. When this method is chosen, at least one NTP server's IP address or domain name must be provided.

  • Page 42: Network Interface

     Layer 2 STP: If the EAP260 is set up to bridge other network components, this option can be enabled to prevent undesired loops because a broadcasting storm may occur in a multi-switch environment where broadcast packets are forwarded in an endless loop between switches. Moreover, a broadcast storm may consume most of available system resources in addition to available bandwidth.

  • Page 43: Port

    Enterprise Access Point ENGLISH 7.1.3 Port The physical Ethernet ports of EAP260 can be configured to append a VLAN tag for upstream delivery.  Port: Selectable from LAN1 ~ LAN4. For each physical LAN port, administrator can choose to configure a desired VLAN ID to be bundled with traffic going upstream from this particular port.
  • Page 44 VLAN ID. In other words, administrator who wants to access the WMI must send management traffic with the same VLAN ID such as connecting to a specific VAP with the same VLAN ID. Enter a value between 1 and 4094 for the VLAN ID if the option is enabled. Copyright © 4IPNET, INC.
  • Page 45  Server IP: The IP address of the Syslog server that will receive the reported events.  Server Port: The port number of the Syslog server.  Syslog Level: Select the desired level of received events from the drop-down menu. Copyright © 4IPNET, INC.

  • Page 46: Capwap

    7.1.5 CAPWAP CAPWAP is a standard interoperable protocol that enables a controller to manage a collection of wireless access points. There are 5 methods of auto AP discovery, namely DNS SRV, DHCP option, Broadcast, Multicast, and Static. Copyright © 4IPNET, INC.
  • Page 47 S ti ta c Discovery: Using Static approach to discover access controller.  AC Address: The IP address of access controller. If it can not discover the first AC, it will try to discover the second AC. Copyright © 4IPNET, INC.

  • Page 48: Ipv6

    Enterprise Access Point ENGLISH 7.1.6 IPv6 EAP260 supports IPv6 and IPv4 dual stack addressing capability. IPv6 by default is disabled but it can be enabled on this tab page. Mode: There are two options for acquiring an IPv6 address for this device.

  • Page 49: Wireless

    An overall status is collected on this page, including ESSID, State, Security Type, MAC ACL, and Advanced Settings, where EAP260 features 8 VAPs with respective settings. In this table, please click on the hyperlink to further configure each individual VAP.
  • Page 50 State: The hyperlink showing Enable or Disable links to the VAP Configuration page. VAP – State Page  Security Type: The hyperlink showing the security type links to the Security Settings Page. VAP – Security Type Page Copyright © 4IPNET, INC.
  • Page 51 MAC ACL: The hyperlink showing Allow or Disable links to the Access Control Settings Page. VAP – MAC ACL Page  Advanced Settings: The advanced settings hyperlink links to the Advanced Wireless Settings Page. VAP – Advanced Settings Page Copyright © 4IPNET, INC.

  • Page 52: General

    Transmit Power: The signal strength transmitted from the system can be selected among Auto, Highest, High, Medium, Low, and Lowest from the drop-down menu.  ACK Timeout: It indicates a period of time when the system waits for an Acknowledgement frame Copyright © 4IPNET, INC.
  • Page 53 1M, 2M, 5.5M, 11M, 12M, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 802.11n+802.11g 18M, 24M, 36M, 48M, 11, 12, 13 54M, MCS0~15 *Please note that available values above will vary depen4ding on the regulation of different countries. Copyright © 4IPNET, INC.

  • Page 54: Vap Configuration

    VAP. It can be coupled with different service level like a variety of wireless security types.  VLAN ID: EAP260 supports tagged VLANs (virtual LANs). To enable VLAN function, each VAP shall be given a unique VLAN ID with valid values ranging from 1 to 4094.

  • Page 55: Security

    Enterprise Access Point ENGLISH 7.2.4 Security EAP260 supports various wireless authentication and data encryption methods in each VAP profile. With this, the administrator can provide different service levels to clients. The security type includes None, WEP, 802.1X, WPA-PSK, and WPA-RADIUS.
  • Page 56 Host: Enter the IP address or domain name of the RADIUS server. Authentication Port: The port number used by the RADIUS server. Specify a port number or use the default, 1812. Secret Key: The secret key for the system to communicate with the RADIUS server. Copyright © 4IPNET, INC.
  • Page 57  Pre-shared Key: Enter the key value for the pre-shared key; the format of the key value depends on the key type selected.  Group Key Update Period: The time interval for the Group Key to be renewed; the time unit is in seconds. Copyright © 4IPNET, INC.
  • Page 58 Accounting Port: The port number used by the RADIUS server for accounting purposes. Specify a port number or use the default, 1813. Accounting Interim Update Interval: The system will update accounting information to the RADIUS server every interval period. Copyright © 4IPNET, INC.

  • Page 59: Repeater

    User’s Manual EAP260 Enterprise Access Point ENGLISH 7.2.5 Repeater To extend wireless network coverage, EAP260 supports 3 options of Repeater type, None, WDS or Universal Repeater; selecting None will turn this function off. Universal Repeater  If Universal Repeater is selected, please provide the SSID of upper-bound AP for uplink connection;...
  • Page 60 Enterprise Access Point ENGLISH  If WDS is selected, EAP260 can support up to 4 WDS links to its peer APs. Security Type (None, WEP, or WPA/PSK) can be configured to decide which encryption is to be used for WDS connections respectively.

  • Page 61: Advanced

    The RTS mechanism will be activated if the data size exceeds the value provided. A lower RTS Threshold setting can be useful in areas where many client devices are associating with EAP260 or in areas where the clients are far apart and can detect only EAP260 but not each other.
  • Page 62 IAPP-enabled access points in the same wireless LAN.  IGMP Snooping: By enabling IGMP snooping, IGMP packets are transferred via the EAP260’s network interface and the IP multicast host. Registration information is recorded and sorted into multicast groups.

  • Page 63: Access Control

    Enterprise Access Point ENGLISH 7.2.7 Access Control On this page, the network administrator can restrict the total number of clients connected to the EAP260, as well as specify particular MAC addresses that can or cannot access the device. Access Control Settings Page ...
  • Page 64 Disable, until the administrator re-Enables the listed MAC. MAC Allow List An empty Allow List means that there is no allowed MAC address. Make sure at least the  Note: MAC of the management system is included (e.g. network administrator’s computer) Copyright © 4IPNET, INC.
  • Page 65 MAC ACL Deny List: When selecting MAC ACL Deny List, all client devices are granted with access to the system except those listed in the Deny List (“denied MAC addresses”). The administrator can allow any denied MAC address to connect to the system temporarily by checking Disable. Deny List Copyright © 4IPNET, INC.
  • Page 66 ACL is selected, all incoming MAC addresses will be authenticated by an external RADIUS. Please note that each VAP’s MAC ACL and its security type (shown on the Security Settings page) share the same RADIUS configuration. RADIUS ACL Copyright © 4IPNET, INC.

  • Page 67: Site Survey

    WEP: Click Setup to configure the WEP setting for associating with the target AP. The following configuration box will then appear at the bottom of the screen. Security settings configured here must be the same as the target AP. Copyright © 4IPNET, INC.
  • Page 68 WPA-PSK: Click Setup to configure the WPA-PSK setting for associating with the target The following configuration box will then appear at the bottom of the screen. Information provided here must be consistent with the security settings of the target AP. Copyright © 4IPNET, INC.

  • Page 69: Firewall

    Remark: Shows the note of this rule.  Setting: 4 actions are available; Del denotes to delete the rule, Ed denotes to edit the rule, In denotes to insert a rule, and Mv denotes to move the rule. Copyright © 4IPNET, INC.
  • Page 70 Service (when EtherType is IPv4): Select the available upper layer protocols/services from the drop-  down list.  DSAP/SSAP (when EtherType is IEEE 802.3): The value can be further specified for the fields in 802.2 LLC frame header. Copyright © 4IPNET, INC.
  • Page 71 In in the Setting column of firewall list will lead to the following page for detail configuration with rule ID for the current inserted rule. From this page, the rule can be edited form scratch or from an existing rule for revision. Copyright © 4IPNET, INC.
  • Page 72 SAVE button is clicked and system is rebooted, the order of rules will be updated. Please make sure all desired rules (state of rule) are checked and saved in the overview page; the rules will be enforced upon system reboot. Copyright © 4IPNET, INC.

  • Page 73: Service

    (when EtherType is IPv4). EAP260 provides a list of rules to block or pass traffic of layer-3 or above protocols. These services are available to choose from a drop-down list of layer2 firewall rule edit page with Ether Type IPv4. The first 28 entries are default services and the administrator can add/delete any extra desired services.

  • Page 74: Advanced

    ARP request. Other network nodes can still send their ARP requests; however, if their IP appears on the static list (with different MAC), their ARP requests will be dropped to prevent eavesdropping. If any settings are made, please click SAVE to save the configuration before leaving this page. Copyright © 4IPNET, INC.
  • Page 75 User’s Manual EAP260 Enterprise Access Point ENGLISH Copyright © 4IPNET, INC.

  • Page 76: Utilities

    Change Password Page The administrator can change password on this page. Enter the original password (“admin”) and new password, and then re-enter the new password in the Re-enter New Password field. Click SAVE to save the new password. Copyright © 4IPNET, INC.

  • Page 77: Backup & Restore

    Enterprise Access Point ENGLISH 7.4.2 Backup & Restore This function is used to backup and restore the EAP260 settings. The EAP260 can also be restored to factory defaults using this function. It can be used to duplicate settings to other access points (backup settings of this system and then restore on another AP).

  • Page 78: System Upgrade

    Enterprise Access Point ENGLISH 7.4.3 System Upgrade The EAP260 provides a web firmware upload / upgrade feature. The administrator can download the latest firmware from the website and save it on the administrator’s PC. To upgrade the system firmware, click Browse to choose the new firmware file you downloaded onto your PC and then click Upload to execute the process.

  • Page 79: Reboot

    Web Management Interface again. The System Overview page will appear after a successful reboot. Occasionally, it is necessary to reboot the EAP260 to ensure that parameter changes are submitted. Reboot Page Copyright © 4IPNET, INC.

  • Page 80: Upload Certificate

    Certificate for a means of security verification for CAPWAP or other security needs to ensure the authenticity of this AP to other network entities.  Use Default Certificate: Click Use Default Certificate to use the default certificate and key. Copyright © 4IPNET, INC.

  • Page 81: Wapi Certificate

     Upload AE Certificate/Private Key: It provides flexibility to support customer’s own AE Certificate or Private Key for a means of security verification in order to ensure the authenticity of this AP to other network entities. Copyright © 4IPNET, INC.

  • Page 82: Channel Analysis

    1. The function will be automatically turned off whenever the operator leaves the page for 30  Note: seconds. 2. There can be only one person using this function at the same time. Copyright © 4IPNET, INC.

  • Page 83: Status

    This page is used to view the current condition and state of the system and it includes the following functions: Overview, Associated Clients, Repeater and Event Log. 7.5.1 Overview The System Overview page provides an overview of the system status for the administrator. System Overview Page Copyright © 4IPNET, INC.
  • Page 84 Table 3 Status Page's Organizational Layout Item Description System Name The system name of the EAP260. Firmware Version The current firmware version of the EAP260 The current firmware build number of the Build Number EAP260 System Location The location of the EAP260.

  • Page 85: Associated Clients

    SNR: The Signal to Noise Ratio of respective client’s association.  Idle Time: Time period that the associated client is inactive for; the time unit is in seconds.  Disconnect: Upon clicking Kick, the client will be disconnected from the system. Copyright © 4IPNET, INC.

  • Page 86: Repeater

    User’s Manual EAP260 Enterprise Access Point ENGLISH 7.5.3 Repeater The administrator can review detailed information of the repeater function on this page. Information of WDS/repeater’s status, traffic statistics, encryption and other details are provided. Repeater Status Page Copyright © 4IPNET, INC.

  • Page 87: Event Log

    Hostname: Indicates which host recorded this event. Note that all events on this page are local events, so the hostname in this field is always the same. In remote SYSLOG service however, this field will help the administrator identify which event is from this EAP260. ...

  • Page 88: Online Help

    7.6 Online Help The Help button is at the upper right corner of the display screen. Click Help for the Online Help window, and then click the hyperlink of the relevant information needed. Online Help Corner P/N: V12020120905 Copyright © 4IPNET, INC.

Table of Contents