Page 1 AT-TQ2403 Management Software User's Guide PN 613-001156 Rev. B...
Page 2 Allied Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.
Page 3 AT-TQ2403 Management Software User's Guide AFETY OTICE  Do not open service or change any component.  Only qualified technicians are allowed to service the equipment.  Observe safety precautions to avoid electric shock  Check voltage before connecting to the power supply.
Page 4 AT-TQ2403 - Management Software - User's Guide LECTRICAL AFETY AND MISSIONS TANDARDS This product meets the following standards. U.S. Federal Communications Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
Page 5 AT-TQ2403 Management Software User's Guide Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques; Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive EN 301 893 V1.4.1: (2007-07)
Page 6: Table Of Contents
Sales or Corporate Information ........................16 Management Software Updates .........................16 Tell Us What You Think ..........................16 Chapter 1: Preparing to Set Up the AT-TQ2403 Wireless Access Point ..........17 Setting Up the Administrator’s Computer ....................17 Setting Up the Wireless Client Computers ....................18 Understanding Dynamic and Static IP Addressing on the AT-TQ2403 Management Software...19...
Page 7 AT-TQ2403 Management Software User's Guide Navigating to Configuration Information for a Specific AP and Managing Standalone APs...37 Navigating to an AP by Using its IP Address in a URL................38 Chapter 5: Managing User Accounts .......................39 Navigating to User Management for Clustered Access Points ............39 Viewing User Accounts ..........................40...
Page 8 AT-TQ2403 - Management Software - User's Guide Ethernet (Wired) Settings...........................79 Wireless Settings............................79 Event Logs...............................79 Enabling or Disabling Persistence ......................80 Severity.................................80 Depth................................81 Log Relay Host for Kernel Messages ......................81 Understanding Remote Logging ......................81 Setting Up the Log Relay Host ........................82 Enabling or Disabling the Log Relay Host on the Status > Events Page .........82 Update Settings............................82...
Page 9 AT-TQ2403 Management Software User's Guide Chapter 17: Load Balancing ..........................116 Understanding Load Balancing ........................ 116 Identifying the Imbalance: Overworked or Under-utilized Access Points........116 Specifying Limits for Utilization and Client Associations..............116 Load Balancing and QoS ........................117 Navigating to Load Balancing Settings ....................117 Configuring Load Balancing........................
Page 10 WPA/WPA2 Enterprise (RADIUS) Client Using EAP-SIM Certificate........172 Configuring WPA/WPA2 Personal (PSK) Security on a Client............175 Configuring an External RADIUS Server to Recognize the AT-TQ2403 Wireless Access Point176 Obtaining a TLS-EAP Certificate for a Client....................180 Configuring RADIUS Server for VLAN tags..................183 Configuring a RADIUS server ......................
Page 11: At-Tq2403 Management Software User's Guide
AT-TQ2403 Management Software User's Guide Keyboard Shortcuts..........................268 Tab Completion and Help........................269 CLI Classes and Properties Reference ....................272 Glossary ................................274...
Page 12 AT-TQ2403 - Management Software - User's Guide IGURES Figure 1: Kick Start Welcome Dialog Box ....................... 22 Figure 2: Kick Start Search Results Dialog Box....................... 22 Figure 3: Administration Dialog Box ......................... 23 Figure 4: Log-in Dialog Box ............................24 Figure 5: Basic Settings Page ............................
Page 13 AT-TQ2403 Management Software User's Guide Figure 38: Ethernet (Wired) Settings Page....................... 89 Figure 39: Wireless Settings Page..........................95 Figure 40: Guest Login Setting Page ........................102 Figure 41: Guest Network Diagram Example ....................... 103 Figure 42: VWN Page ..............................104 Figure 43: Radio Setting Page ............................
Page 14 AT-TQ2403 - Management Software - User's Guide Figure 78: Radius Server Setting – Input New Radius Client ................178 Figure 79: Radius Server Setting – New Radius Client Setting ................179 Figure 80: Radius Server............................. 179 Figure 81: Web Security Alert ..........................180 Figure 82: Welcome Message from Certification Server ..................
Page 15: Preface
AT-TQ2403 Management Software. How This Guide is Organized This guide contains instructions on how to install AT-TQ2403 Management Software. This preface contains the following sections? Chapter 1 Overview, describes the features, LEDs and ports on the equipment.
Page 16: Contacting Allied Telesis
Products for return or repair must first be assigned a return materials authorization (RMA) number. A product sent to Allied Telesis without an RMA number will be returned to the sender at the sender’s expense. For instructions on how to obtain an RMA number, go to the Support section on our website at http://www.alliedtelesis.com.
Page 17: Chapter 1: Preparing To Set Up The At-Tq2403 Wireless Access Point
Chapter 1: Preparing to Set Up the AT -TQ2403 Wireless Access Point Before you plug in and boot a new AT-TQ2403 Management Software, review the following sections for a quick check of required hardware components, software, client configurations, and compatibility issues.
Page 18: Setting Up The Wireless Client Computers
AT-TQ2403 Management Software on the network. The wizard steps you through initial configuration of new access points, and provides a link to the AT-TQ2403 Management Software where you finish the basic setup process in a step-by-step mode and launch the network.
Page 19: Understanding Dynamic And Static Ip Addressing On The At-Tq2403 Management Software
(and specify a static IP addressing policy) or until a DHCP server is brought online. When you run Kick Start, it discovers the AT-TQ2403 Management Software on the network and lists their IP addresses and MAC addresses. Kick Start also provides a link to the administration web pages of each access point using the IP address in the URL.
Page 20: Recovering An Ip Address
AT-TQ2403 - Management Software - User's Guide Recovering an IP Address If you experience trouble communicating with the access point, you can recover a static IP address by resetting the access point configuration to the factory defaults (see “Backing up and Restoring a Configuration”), or you can get a dynamically assigned address by connecting the access point to a...
Page 21: Chapter 2: Setting Up The At-Tq2403 Management Software
Chapter 2: Setting up the AT -TQ2403 Management Software Setting up and deploying one or more AT-TQ2403 Management Software is in effect creating and launching a wireless network. The Kick Start utility and corresponding AT-TQ2403 Management Software Basic Settings web page simplify this process. This chapter contains procedures for setting up your AT-TQ2403 Management Software and the resulting wireless network.
Page 22: Figure 1: Kick Start Welcome Dialog Box
AT-TQ2403 - Management Software - User's Guide 2. Insert the AT-TQ2403 Wireless Access Point CD into the CD-ROM drive on your computer. The Kick Start Welcome dialog box is displayed, as shown in Figure 1 Figure 1: Kick Start Welcome Dialog Box 3.
Page 23: Logging In To The At-Tq2403 Management Software
IP address for any access point in a cluster. After your other access points are configured, you can also link to the AT-TQ2403 Management Software web pages using the IP address for any of the other AT-TQ2403 Management Software, for example http://IPAddressOfAccessPoint.
Page 24: Figure 4: Log-In Dialog Box
AT-TQ2403 - Management Software - User's Guide Password: friend Figure 4: Log-in Dialog Box Note: The user name can not be modified.  8. Enter the username and password and click OK When you log in for the first time, the Basic Settings page is displayed, as shown in Figure 5. This page displays the global settings for all access points that are members of the cluster and, if you specify automatic configuration, for any new access points that you add later.
Page 25: Configuring The Basic Settings And Starting The Wireless Network
Provide a minimal set of configuration information by defining the basic settings for your wireless network. These settings are all available on the Basic Settings page in the AT-TQ2403 Management Software, and are categorized into steps 1-3 on the web page.
Page 26  simultaneous configuration changes. If you have a network that includes multiple access points, and more than one administrator is logged on to the AT-TQ2403 Management Software’s web pages and making changes to the configuration, all access points in the cluster will stay in sync but there is no guarantee that all configuration changes specified by multiple users will be applied.
Page 27: Chapter 3: Configuring Basic Settings
AT-TQ2403 Management Software User's Guide Chapter 3: Configuring Basic Settings The basic configuration tasks are described in the following sections:  Navigating to Basic Settings  Review / Describe the Access Point  Provide Network Settings  Update Basic Settings ...
Page 28: Review / Describe The Access Point
Firmware Version Version information about the firmware currently installed on the access point. As new versions of the AT-TQ2403 Management Software firmware become available, you can upgrade the firmware on your access points to take advantages of new features and enhancements.
Page 29: Provide Network Settings
AP. You will need to reconnect to the new SSID after you save this new setting. Note: The AT-TQ2403 Management Software is not designed for multiple, simultaneous  configuration changes. If you have a network that includes multiple access points, and more...
Page 30: Update Basic Settings
AT-TQ2403 - Management Software - User's Guide Update Basic Settings Figure 9: Basic Settings Page Step 3 When you have reviewed the new configuration, click Update to apply the settings and deploy the access points as a wireless network. Basic Settings for a Standalone Access Point The Basic Settings tab for a standalone access point indicates only that the current mode is standalone.
Page 31: Chapter 4: Managing Access Points And Clusters
Chapter 4: Managing Access Points and Clusters The AT-TQ2403 Management Software shows current basic configuration settings for clustered access points (location, IP address, MAC address, status, and availability) and provides a way of navigating to the full configuration for specific APs if they are cluster members.
Page 32: Navigating To Access Points Management
Figure 11: Access Points Setting Page Understanding Clustering A key feature of the AT-TQ2403 Management Software is the ability to form a dynamic, configuration-aware group (called a cluster) with other AT-TQ2403 Management Software in a network in the same subnet. Access points can participate in a self-organizing cluster which makes it easier for you to deploy, administer, and secure your wireless network.
Page 33: What Kinds Of Aps Can Cluster Together
What Kinds of APs Can Cluster Together? A single AT-TQ2403 Wireless Access Point can form a cluster with itself (a "cluster of one") and with other AT-TQ2403 Wireless Access Points of the same model. In order to be members of the same cluster, access points must be: ...
Page 34: Cluster Formation
If it is unable to locate any other APs on the subnet with the same cluster name, then it establishes a new cluster on its own. When AT-TQ2403 enables cluster function, it sends out its configuration file to all the devices in the clustered group.
Page 35: Intra-Cluster Security
AT-TQ2403 Management Software User's Guide Intra-Cluster Security For purposes of ease-of-use, the clustering component is designed to let new devices join a cluster without strong authentication. However, communications of all data between access points in a cluster is protected against casual eavesdropping using Secure Sockets Layer (typically referred to as SSL). The assumption is that the private wired network to which the devices are connected is secure.
Page 36: Modifying The Location Description
Specifies the IP address for the access point. Each IP address is a link to the AT-TQ2403 Management Software web pages for that access point. You can use the links to navigate to the Administration Web pages for a specific access point.
Page 37: Stopping Clustering
Or you might want to configure and manage features on an access point that is running in standalone mode. In these cases, you can navigate to the AT-TQ2403 Management Software web interface for individual access points by clicking the IP address links on the Access Points page.
Page 38: Navigating To An Ap By Using Its Ip Address In A Url
AT-TQ2403 - Management Software - User's Guide All clustered access points are shown on the Cluster > Access Points page. To navigate to clustered access points, you can simply click on the IP address for a specific cluster member shown in the list.
Page 39: Chapter 5: Managing User Accounts
“WPA Enterprise” in Configuring Security) You have the option of using either the internal RADIUS server embedded in the AT-TQ2403 Management Software or an external RADIUS server that you provide. If you use the embedded RADIUS server, use this Administration Web page on the access point to set up and manage user accounts. If you are using an external RADIUS server, you will need to set up and manage user accounts on the Administrative interface for that server.
Page 40: Viewing User Accounts
AT-TQ2403 - Management Software - User's Guide Figure 13: User Management Page Viewing User Accounts User accounts are shown at the top of the screen under "User Accounts". The Username, Real name and Status (enabled or disabled) of the user are shown. You make modifications to an existing user account by first selecting the checkbox next to a user name and then choosing an action.
Page 41: Editing A User Account
AT-TQ2403 Management Software User's Guide Field Description Password Specify a password for this user. Passwords are strings of 4 to 256 characters. Please do not include '<' and '&'. When you have filled in the fields, click Add Account to add the account.
Page 42: Disabling A User Account
AT-TQ2403 - Management Software - User's Guide A user with an account that is enabled can log on to the wireless access points in your network as a client. Disabling a User Account To disable a user account, click the checkbox next to the username and click Disable.
Page 43: Chapter 6: Session Monitoring
AT-TQ2403 Management Software User's Guide Chapter 6: Session Monitoring The AT-TQ2403 Management Software provides real-time session monitoring information including which clients are associated with a particular access point, data rates, transmit/receive statistics, signal strength, and idle time. The following Session Monitoring topics are covered here: ...
Page 44 AT-TQ2403 - Management Software - User's Guide Note: A session is not the same as an association, which describes a client connection to a  particular access point. A client network connection can shift from one clustered AP to another within the context of the same session. A client station can roam between APs and maintain the session.
Page 45: Sorting Session Information
AT-TQ2403 Management Software User's Guide Field Description Rx Total Indicates number of total packets received by the client during the current session. Tx Total Indicates number of total packets transmitted to the client during this session. Error Rate Indicates the percentage of time frames dropped during transmission on this access point.
Page 46: Chapter 7: Channel Management
AT-TQ2403 - Management Software - User's Guide Chapter 7: Channel Management The following Channel Management topics are covered here:  Navigating to Channel Management  Understanding Channel Management  How it Works in a Nutshell  For the Curious: More About Overlapping Channels ...
Page 47: Understanding Channel Management
AT-TQ2403 Management Software User's Guide Understanding Channel Management When Channel Management is enabled, the AT-TQ2403 AP automatically assigns radio channels used by clustered access points to reduce mutual interference (or interference with other access points outside of its cluster). This maximizes Wi-Fi bandwidth and helps maintain the efficiency of communication over your wireless network.
Page 48: Configuring And Viewing Channel Management Settings
AT-TQ2403 - Management Software - User's Guide With automated channel management, APs in the cluster are automatically re-assigned to non-interfering channels as shown in below figure. Figure 18: After Channel Management Enable Configuring and Viewing Channel Management Settings The Channel Management page shows previous, current, and planned channel assignments for clustered access points.
Page 49: Viewing Current Channel Assignments And Setting Locks
AT-TQ2403 Management Software User's Guide Figure 19: After Channel Management Enable When automatic channel assignment is enabled, the Channel Manager periodically maps radio channels used by clustered access points and, if necessary, re-assigns channels on clustered APs to reduce interference (with cluster members or other APs outside the cluster).
Page 50: Viewing Last Proposed Set Of Changes
AT-TQ2403 - Management Software - User's Guide Viewing Last Proposed Set of Changes The Proposed Channel Assignments shows the last channel plan. The plan lists all access points in the cluster by IP Address, and shows the proposed channels for each AP. Locked channels will not be re-assigned and the optimization of channel distribution among APs will take into account the fact that locked APs must remain on their current channels.
Page 51: Update Advanced Settings
AT-TQ2403 Management Software User's Guide Field Description Change channels if Specify the minimum percentage of interference reduction a proposed interference is reduced plan must achieve in order to be applied. The default is 25 percent. by at least Use the drop-down menu to choose percentages ranging from 5% to 75%.
Page 52: Chapter 8: Wireless Neighborhood
AT-TQ2403 - Management Software - User's Guide Chapter 8: Wireless Neighborhood The Wireless Neighborhood view shows those access points within range of any access point in the cluster. This page provides a detailed view of neighboring access points including identifying information (SSIDs and MAC addresses) for each, cluster status (which are members and non-members), and statistical information such as the channel each AP is broadcasting on, signal strength, and so forth.
Page 53: Understanding Wireless Neighborhood Information
AT-TQ2403 Management Software User's Guide Understanding Wireless Neighborhood Information The Wireless Neighborhood shows all access points within range of every member of the cluster, shows which access points are within range of which cluster members, and distinguishes between cluster members and non-members.
Page 54 AT-TQ2403 - Management Software - User's Guide Field Description Cluster The Cluster list at the top of the table shows IP addresses for all access points in the cluster. (This is the same list of cluster members shown on the Cluster > Access Points tab described in “Navigating to Access Points...
Page 55: Viewing Details For A Cluster Member
AT-TQ2403 Management Software User's Guide Viewing Details for a Cluster Member To view details on a cluster member AP, click on the IP address of a cluster member at the top of the page. Figure 21: Cluster Member Setting Detail The following table explains the details shown about the selected AP.
Page 56 AT-TQ2403 - Management Software - User's Guide Field Description Channel Shows the channel on which the access point is currently broadcasting. The Channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving. The channel is set in Manage > Radio. (See “Configuring Radio...
Page 57: Chapter 9: Configuring Security
AT-TQ2403 Management Software User's Guide Chapter 9: Configuring Security The following sections describe how to configure Security settings on the AT-TQ2403 Management Software:  Understanding Security Issues on Wireless Networks  How Do I Know Which Security Mode to Use? ...
Page 58: Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms
 Encryption algorithm or formula the protocol uses to encode/decode the data Following is a list of the security modes available on the AT-TQ2403 Management Software along with a description of the key management, authentication, and encryption algorithms used in each mode. We include some suggestions as to when one mode might be more appropriate than another.
Page 59 AT-TQ2403 Management Software User's Guide + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key for data encryption. Key Management Encryption Algorithm User Authentication Static WEP uses a fixed key that An RC4 stream cipher is used If you set the Authentication is provided by the administrator.
Page 60 Encryption Standard (AES) Recommendations WPA Personal is not recommended for use with the AT-TQ2403 Management Software when WPA Enterprise is an option. We recommend that you use WPA Enterprise mode instead, unless you have interoperability issues that prevent you from using this mode.
Page 61 AT-TQ2403 Management Software User's Guide This security mode also provides backwards-compatibility for wireless clients that support only the original WPA. Key Management Encryption Algorithm User Authentication WPA Enterprise mode provides  Temporal Key Integrity Remote Authentication Dial-In User dynamically-generated keys that...
Page 62: Does Prohibiting The Broadcast Ssid Enhance Security
AT-TQ2403 - Management Software - User's Guide Does Prohibiting the Broadcast SSID Enhance Security? You can suppress (prohibit) this broadcast to discourage stations from automatically discovering your access point. When the AP’s broadcast SSID is suppressed, the network name will not be displayed in the List of Available Networks on a client station.
Page 63: Broadcast Ssid, Station Isolation, And Security Mode
AT-TQ2403 Management Software User's Guide Broadcast SSID, Station Isolation, and Security Mode To configure security on the access point, select a security mode and fill in the related fields as described in the following table. (Note you can also allow or prohibit the Broadcast SSID and enable/disable Station Isolation as extra precautions as mentioned below.)
Page 64: None (Plain-Text)
Security modes other than None (Plain-text) apply only to configuration of the "Internal" network. None (Plain-text) None (or Plain-text security) means any data transferred to and from the AT-TQ2403 Management Software is not encrypted. If you select None (Plain-text) as your security mode, no further options are configurable on the AP.
Page 65: Static Wep
AT-TQ2403 Management Software User's Guide For a minimum level of protection on a guest network, you can choose to suppress (prohibit) the broadcast of the SSID (network name) to discourage client stations from automatically discovering your access point. (See also “Does Prohibiting the Broadcast SSID Enhance...
Page 66 AT-TQ2403 - Management Software - User's Guide Field Description Transfer Key Select a key index from the drop-down menu. Key indexes 1 through 4 are available. Index The default is 1. The Transfer Key Index indicates which WEP key the access point will use to encrypt the data it transmits.
Page 67 AT-TQ2403 Management Software User's Guide Field Description Authentication The authentication algorithm defines the method used to determine whether a client station is allowed to associate with an access point when static WEP is the security mode. Specify the authentication algorithm you want to use by choosing one of the following options: ...
Page 68: Figure 25: Security Setting Page - Static Wep Setting Example
AT-TQ2403 - Management Software - User's Guide Example of Using Static WEP For a simple example, suppose you configure three WEP keys on the access point. In our example, the Transfer Key Index for the AP is set to "3". This means that the WEP key in slot "3" is the key the access point will use to encrypt the data it sends.
Page 69: Ieee 802.1X
MSCHAP V2. When configuring IEEE 802.1x mode, you have a choice of whether to use the embedded RADIUS server or an external RADIUS server that you provide. The AT-TQ2403 Management Software embedded RADIUS server supports Protected EAP (PEAP) and MSCHAP V2.
Page 70: Figure 28: Security Setting Page - Ieee802.1X Setting Page
Note: The RADIUS server is identified by its IP address and UDP port numbers for the different services it provides. On the current release of the AT-TQ2403 Management Software, the RADIUS server User Datagram Protocol (UDP) ports used by the access point are not configurable. (The AT-TQ2403 Management Software is hard-coded to use RADIUS server UDP port 1812 for authentication and port 1813 for accounting.)
Page 71: Wpa Personal
Radius Port Enter the Radius Port in the text box. The Radius Port is the port number of the RADIUS server. (The port of AT-TQ2403 internal RADIUS server is 1812.) Radius Key Enter the Radius Key in the text box.
Page 72: Figure 29: Security Setting Page - Wpa Personal Setting Page
AT-TQ2403 - Management Software - User's Guide If you selected WPA Personal Security Mode, provide the following: Figure 29: Security Setting Page – WPA Personal Setting Page Field Description WPA Versions Select the types of client stations you want to support: ...
Page 73: Wpa Enterprise
This security mode is backwards-compatible with wireless clients that support the original WPA. When configuring WPA Enterprise mode, you have a choice of whether to use the built-in RADIUS server or an external RADIUS server that you provide. The AT-TQ2403 Management Software built-in RADIUS server supports Protected EAP (PEAP) and MSCHAP V2.
Page 74: Figure 30: Security Setting Page - Wpa Enterprise Setting Page
AT-TQ2403 - Management Software - User's Guide Figure 30: Security Setting Page – WPA Enterprise Setting Page Field Description WPA Versions Select the types of client stations you want to support:  WPA  WPA2  Both WPA: If all client stations on the network support the original WPA but none support the newer WPA2, then select WPA.
Page 75 AT-TQ2403 Management Software User's Guide Field Description Cipher Suites Select the cipher you want to use:  TKIP  CCMP (AES)  Both Temporal Key Integrity Protocol (TKIP) is the default. TKIP: It provides a more secure encryption solution than WEP keys. The...
Page 76 Use internal radius You can choose whether to use the built-in authentication server provided server with the AT-TQ2403 Management Software, or you can use an external radius server.  To use the authentication server provided with the AT-TQ2403 Management Software, ensure the checkbox beside the Use internal radius server field is selected.
Page 77: Updating Settings
AT-TQ2403 Management Software User's Guide Field Description Require VLAN ID in Dynamic mode is enabled when you click the checkbox. Dynamic VLAN If you have enabled dynamic mode and try to establish wireless connection between wireless client and AP, the AP must receive VLAN ID information from Radius server in authentication process.
Page 78: Chapter 10: Maintenance And Monitoring
AT-TQ2403 - Management Software - User's Guide Chapter 10: Maintenance and Monitoring The maintenance and monitoring tasks described here all pertain to viewing and modifying settings on specific access points; not on a cluster configuration that is automatically shared by multiple access points.
Page 79: Ethernet (Wired) Settings
AT-TQ2403 Management Software User's Guide This page displays the current settings of the AT-TQ2403 Management Software. It displays the Ethernet (Wired) Settings and the Wireless Settings. Ethernet (Wired) Settings The Internal interface includes the Ethernet MAC Address, IP Address, Subnet Mask, and Associated Network Wireless Name (SSID).
Page 80: Enabling Or Disabling Persistence
AT-TQ2403 - Management Software - User's Guide Note: The AT-TQ2403 Management Software acquires its date and time information  using the network time protocol (NTP). This data is reported in UTC format (also known as Greenwich Mean Time). You need to convert the reported time to your local time.
Page 81: Depth
You cannot view Kernel Log messages directly from the Administration Web UI for an access point. You must first set up a remote server running a syslog process and acting as a syslog "log relay host" on your network. Then, you can configure the AT-TQ2403 Management Software to send its syslog messages to the remote server.
Page 82: Setting Up The Log Relay Host
Relay Host Specify the IP Address of the Relay Host. Note: If you are using AT-TQ2403 Wireless Operations Center, the Repository Server should receive the syslog messages from all access points. In this case, use the IP address of the Operations Venter Repository Server as the Relay Host.
Page 83: Events Log
AT-TQ2403 Management Software User's Guide Events Log The Events Log shows system events on the access point such as stations associating, being authenticated, and other occurrences. The real-time Events Log is always shown on the Status > Events Administration Web UI page for the access point you are monitoring. To clear all currently listed events, click Clear All.
Page 84: Associated Wireless Clients
A MAC address is a permanent, unique hardware address for any device that represents an interface to the network. The MAC address is assigned by the manufacturer. The AT-TQ2403 has a unique MAC address for each interface and has a different MAC address for each interface on each of its two radios.
Page 85: Link Integrity Monitoring
AP via the second layer of IEEE 802.1x security . Link Integrity Monitoring The AT-TQ2403 Management Software provides link integrity monitoring to continually verify its connection to each associated client (even when there is no data exchange occurring). To do this, the AP sends data packets to clients every few seconds when no other traffic is passing.
Page 86 AT-TQ2403 - Management Software - User's Guide Information provided on neighboring access points is described in the following table. Field Description MAC Address Shows the MAC address of the neighboring access point. A MAC address is a hardware address that uniquely identifies each node of a network.
Page 87 AT-TQ2403 Management Software User's Guide Field Description Band This indicates the IEEE 802.11 mode being used on this access point. (For example, IEEE 802.11a, IEEE 802.11b, IEEE 802.11g.) The number shown indicates the mode according to the following map:  2.4 indicates IEEE 802.11b mode or IEEE 802.11g mode ...
Page 88: Chapter 11: Setting The Ethernet (Wired) Interface
AT-TQ2403 - Management Software - User's Guide Chapter 11: Setting the Ethernet (Wired) Interface Ethernet (Wired) Settings describe the configuration of your Ethernet local area network (LAN). Note: The Ethernet Settings, including guest access, are not shared across the cluster.
Page 89: Setting The Dns Hostname
AT-TQ2403 Management Software User's Guide Figure 38: Ethernet (Wired) Settings Page Setting the DNS HostName Field Description DNS Hostname Enter the DNS name for the access point in the text box. This is the host name. It may be provided by your ISP or network administrator, or you can provide your own.
Page 90: Enabling Or Disabling Guest Access
Ethernet is the most common technology implementing a LAN. Wi-Fi (IEEE) is another very popular LAN technology. The AT-TQ2403 Management Software allows you to configure two different LANs on the same access point: one for a secure internal LAN and another for a public guest network with no security and little or no access to internal resources.
Page 91: Enabling Or Disabling Standby Power Saving
AT-TQ2403 Management Software User's Guide Field Description Virtual  Select Enabled to enable VLANs for the Internal network and for additional Wireless networks. (If you choose this option, you can run the Internal network on a Networks VLAN whether or not you have Guest Access configured and you can set up additional networks on VLANs using the Manage >...
Page 92 AT-TQ2403 - Management Software - User's Guide Field Description VLAN ID If you have enabled VWNs or Guest access via VLAN, this field will be enabled. Provide a number between 1 and 4094 for the Internal VLAN. This VLAN ID must not be the same as the Guest VLAN ID or a VWN VLAN ID.
Page 93 DNS servers and gateway. Static IP: It indicates that all network settings are provided manually. You must provide the IP address for the AT-TQ2403 Management Software, its subnet mask, the IP address of the default gateway, and the IP address of at least one DNS Nameserver.
Page 94: Configuring Guest Interface Ethernet (Wired) Settings
AT-TQ2403 - Management Software - User's Guide Field Description Static IP Address If you chose Static IP as the Connection Type, these fields will be enabled. Enter the Static IP Address in the text boxes. Subnet Mask Enter the Subnet Mask in the text boxes. You must obtain this information from your ISP or network administrator.
Page 95: Chapter 12: Setting The Wireless Interface
(802.11 Mode and Channel) and to the network interface to the access point (MAC address for access point and Wireless Network name, also known as SSID).The following sections describe how to configure the "Wireless" address and related settings on the AT-TQ2403 Management Software: ...
Page 96: Configuring 802.11D Regulatory Domain Support
(CLI) country codes for operation in a particular country. Country Domain Select the country where this device locates. Note: This item will not appear when AT-TQ2403 is sold to specific regions, hence you can not configure this item.
Page 97: Configuring The Radio Interface
Mode The Mode defines the Physical Layer (PHY) standard being used by the radio. The AT-TQ2403 is dual band access point with two radios. Select one of these modes: a mode for each Radio Interface. For Radio Interface 1 ...
Page 98: Configuring "Internal" Lan Wireless Settings
AT-TQ2403 - Management Software - User's Guide Field Description Channel Select the Channel. The range of channels and the default is determined by the Mode of the radio interface. The Channel defines the portion of the radio spectrum the radio uses for transmitting and receiving.
Page 99: Configuring "Guest" Network Wireless Settings
The Guest Settings describe the MAC Address (read-only) and wireless network name (SSID) for the Guest Network as described below. Configuring an access point with two different network names (SSIDs) allows you to leverage the Guest interface feature on the AT-TQ2403 Management Software. For more information, see “Setting up Guest...
Page 100: Chapter 13: Setting Up Guest Access
You can configure an AT-TQ2403 Management Software for the Guest interface in below way:  Configure the access point using a single network with VLANs by setting up the guest interface configuration options on the Administration Web pages for the AT-TQ2403 Management Software.
Page 101: Configuring The Guest Interface
AT-TQ2403 Management Software User's Guide Configuring the Guest Interface To configure the Guest interface on the AT-TQ2403 Management Software, perform these configuration steps: 1. Configure the access point to represent two virtually separate networks as described in the section below, “Configuring a Guest Network on a Virtual...
Page 102: Using The Guest Network As A Client
6. The guest client is now enabled to use the “guest” network Deployment Example In the figure below, the dotted red lines indicate dedicated guest connections. All access points and all connections (including guests) are administered from the same AT-TQ2403 Management Software Administration Web pages.
Page 103: Figure 41: Guest Network Diagram Example
AT-TQ2403 Management Software User's Guide Figure 41: Guest Network Diagram Example...
Page 104: Chapter 14: Configuring Virtual Wireless Networks
AT-TQ2403 - Management Software - User's Guide Chapter 14: Configuring Virtual Wireless Networks The following sections describe how to configure multiple wireless networks on Virtual LANs (VLANs):  Navigating to Virtual Wireless Network Settings  Configuring VLANs  Updating Settings Navigating to Virtual Wireless Network Settings To set up multiple networks on VLANs navigate to the Manage >...
Page 105: Configuring Vlans
AT-TQ2403 Management Software User's Guide Configuring VLANs Note:   To configure additional networks on VLANs, you must first enable Virtual Wireless Networks on the Ethernet Settings page. See “Enabling or Disabling Virtual Wireless Networks on the AP”.  If you configure VLANs, you may lose connectivity to the access point. First, be sure to verify that the switch and DHCP server you are using can support VLANs per the IEEE 802.1Q standard.
Page 106: Updating Settings
AT-TQ2403 - Management Software - User's Guide Field Description Broadcast SSID Select the Broadcast SSID setting by selecting the Broadcast SSID checkbox. By default, the access point broadcasts (allows) the Service Set Identifier (SSID) in its beacon frames. You can suppress (prohibit) this broadcast to discourage stations from automatically discovering your access point.
Page 107: Chapter 15: Configuring Radio Settings
AP beacon transmissions), transmit power, IEEE 802.11 mode in which the radio operates, and so on. The AT-TQ2403 Management Software comes configured as a dual band access point. The access point is capable of broadcasting in the following modes: ...
Page 108: Figure 43: Radio Setting Page
AT-TQ2403 - Management Software - User's Guide Figure 43: Radio Setting Page Field Description Radio Specify Radio One or Radio Two. The rest of the settings on this tab apply to the radio selected in this field. Be sure to configure settings for both radios.
Page 109 Field Description Mode The Mode defines the Physical Layer (PHY) standard being used by the radio. The AT-TQ2403 is available as a dual band access point. Select one of these modes: For Radio Interface 1  IEEE 802.11a  Atheros Turbo 5 GHz ...
Page 110 AT-TQ2403 - Management Software - User's Guide Field Description Broadcast/Multicast Setting a rate limit burst determines how much traffic bursts can be before all Rate Limit Burst traffic exceeds the rate limit. This burst limit allows intermittent bursts of traffic on a network above the set rate limit.
Page 111 AT-TQ2403 Management Software User's Guide Field Description DTIM Period All Beacon frames include a Traffic Information Map information element (TIM IE). In some beacon frames, the TIM IE includes a Delivery Traffic Information Map (DTIM) message. These special DTIM beacons are sent at an interval specified in the DTIM period.
Page 112 AT-TQ2403 - Management Software - User's Guide Field Description RTS Threshold Specify an RTS Threshold value between 0 and 2347. The RTS threshold specifies the packet size at which packet transmission is governed by the RTS/CTS transaction. If you specify a low threshold value, RTS packets will be sent more frequently.
Page 113: Updating Settings
AT-TQ2403 Management Software User's Guide Field Description Rate Sets Check the transmission rate sets you want the access point to support and the basic rate sets you want the access point to advertise. Rates are expressed in megabits per second.
Page 114: Chapter 16: Controlling Access By Mac Address Filtering
Figure 44: MAC Filtering Setting Page Using MAC Filtering This page allows you to control access to AT-TQ2403 Management Software based on Media Access Control (MAC) addresses. Based on how you set the filter, you can allow only client stations with a listed...
Page 115: Updating Settings
AT-TQ2403 Management Software User's Guide For the Guest interface, MAC Filtering settings apply to both BSSes. MAC Filtering settings apply to both radios. Note: Only 1024 MAC addresses are allowed. Field Description Filter To set the MAC Address Filter, click one of the following radio buttons: ...
Page 116: Chapter 17: Load Balancing
AT-TQ2403 - Management Software - User's Guide Chapter 17: Load Balancing The AT-TQ2403 Management Software allows you to balance the distribution of wireless client connections across multiple access points. Using load balancing, you can prevent scenarios where a single access point in your network shows performance degradation because it is handling a disproportionate share of the wireless traffic.
Page 117: Load Balancing And Qos
AT-TQ2403 Management Software User's Guide Load Balancing and QoS Load balancing also plays a part in contributing to Quality of Service (QoS) for Voice Over IP (VoIP) and other such time-sensitive applications competing for bandwidth and timely access to the air waves on a wireless network.
Page 118: Updating Settings
AT-TQ2403 - Management Software - User's Guide Field Description Load Balancing To enable load balancing on this access point, click Enable. To disable load balancing on this access point, click Disable. Utilization for No New Utilization rate limits relate to wireless bandwidth utilization.
Page 119: Chapter 18: Pre-Config Rogue Ap
When a MAC address does not match an entry in the Access Points list, a SNMP trap will be sent. SNMP traps enable an agent to notify the management station of significant events by sending an unsolicited SNMP message. The following sections describe how to use Pre-Config Rogue AP on the AT-TQ2403 Management Software: ...
Page 120: Using Pre-Config Rogue Ap
AT-TQ2403 - Management Software - User's Guide Using Pre-Config Rogue AP Field Description AP Detection To set AP Detection, click Enabled. Detection Interval Use the drop-down menu to specify the schedule for AP Detection. A range of intervals is provided, from "15 Minutes" to "4 Weeks". The default is "15 Minutes"...
Page 121: Chapter 19: Configuring Quality Of Service (Qos)
Quality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice-over-IP (VoIP), other types of audio, video, and streaming media as well as traditional IP data over the AT-TQ2403 Management Software.
Page 122: 802.11E And Wmm Standards Support
QoS Queues and Diff-Serv Code Point (DSCP) on Packets QoS on the AT-TQ2403 Management Software leverages WMM information in the IP packet header related to Diff-Serv Code Point (DSCP). Every IP packet sent over the network includes a DSCP field in the header that indicates how the data should be prioritized and transmitted over the network.
Page 123  Downstream from network to access point With WMM enabled, QoS settings on the AT-TQ2403 Management Software affect the first two of these; downstream traffic flowing from the access point to client station (AP EDCA parameters) and the upstream traffic flowing from the station to the access point (station EDCA parameters).
Page 124: Figure 47: Backoff Timer Diagram
Window size is reached. Packet Bursting for Better Performance The AT-TQ2403 Management Software includes 802.11e based packet bursting technology that increases data throughput and speed of transmission over the wireless network. Packet bursting enables the transmission of multiple packets without the extra overhead contention for the wireless medium. The effect of this is to increase network speed and data throughput.
Page 125: 802.1Q And Dscp Tags
AT-TQ2403 Management Software User's Guide 802.1q and DSCP tags IEEE 802.1q is an extension of the IEEE 802 standard and is responsible for QoS provision. One purpose of 802.1q is to prioritize network traffic at the data link/ MAC layer.
Page 126: Navigating To Qos Settings
Figure 49: QoS Setting Page Configuring QoS Queues Configuring Quality of Service (QoS) on the AT-TQ2403 Management Software consists of setting parameters on existing queues for different types of wireless traffic, and effectively specifying minimum and maximum wait times (via Contention Windows) for transmission. The settings described here apply...
Page 127: Configuring Ap Edca Parameters
AT-TQ2403 Management Software User's Guide Note:   For the Guest interface or VWNs (Virtual APs), QoS queue settings apply to the access point load as a whole (all BSSs together).  These settings apply to both radios but the traffic for each radio is queued independently.
Page 128 AT-TQ2403 - Management Software - User's Guide Field Description AIFS The Arbitration Inter-Frame Spacing (AIFS) specifies a wait time (in milliseconds) for data frames. (Inter-Frame Space) Valid values for AIFS are 1 through 255. For more information, see “EDCA Control of Data Frames and Arbitration Interframe Spaces”.
Page 129: Enabling/Disabling Wi-Fi Multimedia
With WMM enabled, QoS settings on the AT-TQ2403 Management Software control downstream traffic flowing from the access point to client station (AP EDCA parameters) and the upstream traffic flowing from the station to the access point (station EDCA parameters).
Page 130 AT-TQ2403 - Management Software - User's Guide Field Description Queue Queues are defined for different types of data transmitted from station-to-AP: Data 0 (Voice) Low latency and guaranteed bandwidth. Time-sensitive data such as VoIP should be sent to this queue.
Page 131: Updating Settings
AT-TQ2403 Management Software User's Guide Field Description cwMax (Maximum The value specified here in the Maximum Contention Window is the Contention Window) upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached.
Page 132: Chapter 20: Configuring The Wireless Distribution System (Wds)
This capability is critical in providing a seamless experience for roaming clients and for managing multiple wireless networks. It can also simplify the network infrastructure by reducing the amount of cabling required. The following sections describe how to configure the WDS on the AT-TQ2403 Management Software:  Understanding the Wireless Distribution System ...
Page 133: Using Wds To Extend The Network Beyond The Wired Coverage Area
AT-TQ2403 Management Software User's Guide Figure 50: Bridge Distant Wired LAN by WDS Diagram Using WDS to Extend the Network Beyond the Wired Coverage Area An ESS can extend the reach of the network into areas where cabling would be difficult, costly, or inefficient.
Page 134: Understanding Wpa (Psk) Data Encryption
AT-TQ2403 - Management Software - User's Guide For more information about the effectiveness of different security modes, see “Configuring Security”. This topic also covers use of the unencrypted security mode for AP-to-station traffic on the Guest network, which is intended for less sensitive data traffic.
Page 135: Configuring Wds Settings
AT-TQ2403 Management Software User's Guide Configuring WDS Settings The following notes summarize some critical guidelines regarding WDS configuration. Please read all the notes before proceeding with WDS configuration. Note:   When using WDS, be sure to configure WDS settings on both access points participating in the WDS link.
Page 136 AT-TQ2403 - Management Software - User's Guide Field Description Remote Address Specify the MAC address of the destination access point; that is, the access point to which data will be sent or "handed-off" and from which data will be received, in other words the AP to which you are creating the WDS bridge.
Page 137: Updating Settings
AT-TQ2403 Management Software User's Guide http://IPAddressOfAccessPoint where IPAddressOfAccessPoint is the address of MyAP1. 2. Navigate to the WDS tab on MyAP1 Administration Web pages. The MAC address for MyAP1 (the access point you are currently viewing) will show as the Local Address at the top of the page.
Page 138: Chapter 21: Configuring Simple Network Management Protocol (Snmp) On The Ap
SNMP manager when requested. Managed devices can be network nodes such as access point base stations, routers, switches, bridges, hubs, servers, or printers. The AT-TQ2403 Management Software can function as an SNMP managed device via the supported MIBs for seamless integration into network management systems such as HP OpenView.
Page 139: Supported Mibs
MIB. The AT-TQ2403 Management Software supports standard and proprietary SNMP MIBs as shown in the following table. The MIB definitions are included with this documentation. If you are viewing this page online, you can click each MIB name to link to the associated MIB definition.
Page 140: Navigating To Snmp Settings
To configure SNMP settings, navigate to Services > SNMP, and update the fields as described below. Figure 53: SNMP Setting Page Configuring SNMP Settings Start/stop control of SNMP agents, community password configuration, access to MIBs, and configuration of SNMP Trap destinations is provided through the AT-TQ2403 Management Software as described below.
Page 141 Enabling SET requests means that machines on the network can execute SET requests to the configured agent on the AP. Note: SET requests are restricted to the AT-TQ2403 System MIB.  To enable SNMP SET requests, click Enabled.  To disable SNMP SET requests, click Disabled.
Page 142: Configuring Snmp Traps
SNMP Traps facilitate asynchronous communication of messages from SNMP managed devices (like the AT-TQ2403 Management Software) to designated hosts. If a Network Management System (NMS) is responsible for monitoring a large number of devices on a network, it is not practical to periodically query every device on the network.
Page 143: Updating Snmp Settings
AT-TQ2403 Management Software User's Guide by sending a trap of the event. After receiving the event information, the manager can choose what action, if any, to take. Field Description Community name for traps Enter the global community string associated with SNMP traps.
Page 144: Chapter 22: Enabling The Network Time Protocol Server
The timestamp will be used to indicate the date and time of each event in log messages. See http://www.ntp.org for more general information on NTP. The following sections describe how to configure the AT-TQ2403 Management Software to use a specified NTP server: ...
Page 145: Enabling Or Disabling A Network Time Protocol (Ntp) Server
AT-TQ2403 Management Software User's Guide Enabling or Disabling a Network Time Protocol (NTP) Server To configure your access point to use a network time protocol (NTP) server, first enable the use of NTP, and then select the NTP server you want to use. (To shut down NTP service on the network, disable NTP on the access point.)
Page 146: Chapter 23: Backing Up And Restoring A Configuration
Chapter 23: Backing up and Restoring a Configuration You can save a copy of the current settings on the AT-TQ2403 Management Software to a backup configuration file. The backup file can be used at a later date to restore the access point to the previously saved configuration.
Page 147: Resetting Factory Default Configuration
AT-TQ2403 Management Software User's Guide Resetting Factory Default Configuration If you are experiencing problems with the AT-TQ2403 Management Software and have tried all other troubleshooting measures, use the Reset Configuration function. This will restore factory defaults and clear all settings, including settings such as a new password or wireless settings.
Page 148: Restoring The Configuration From A Previously Saved File
Now you should see the configuration settings restored to the original settings you retrieved from the Backup file. Rebooting the Access Point For maintenance purposes or as a troubleshooting measure, you can reboot the AT-TQ2403 Management Software as follows. 1. Click the Maintenance > Configuration tab.
Page 149: Upgrading The Firmware
2. Click the Reboot button. The AP will reboot. Upgrading the Firmware As new versions of the AT-TQ2403 Management Software firmware become available, you can upgrade the firmware on your devices to take advantages of new features and enhancements. Caution: It is strongly recommended that do not upgrade the firmware from a wireless client that is associated with the access point you are upgrading.
Page 150: Update
AT-TQ2403 - Management Software - User's Guide Figure 58: Upgrade Page Information about the current firmware version is displayed and an option to upgrade a new firmware image is provided. 2. If you know the path to the New Firmware Image file, enter it in the New Firmware Image textbox.
Page 151: Appendix A: Security Settings On Wireless Clients And Radius Server Setup
Configuring WPA/WPA2 Enterprise (RADIUS) Security on a Client  Configuring WPA/WPA2 Personal (PSK) Security on a Client  Configuring an External RADIUS Server to Recognize the AT-TQ2403 Management Software  Obtaining a TLS-EAP Certificate for a Client  Configuring RADIUS Server for VLAN tags...
Page 152: Network Infrastructure And Choosing Between Built-In Or External Authentication Server
IEEE 802.1x or WPA/WPA2 Enterprise (RADIUS) security mode. (The built-in authentication server uses EAP-PEAP authentication protocol.)  If the AT-TQ2403 Wireless Access Point is set up to use IEEE 802.1x mode and the Built-in Authentication Server, then configure wireless clients as described in “IEEE 802.1x Client Using EAP/PEAP”.
Page 153: Accessing The Microsoft Windows Wireless Client Security Settings
AT-TQ2403 Management Software User's Guide Accessing the Microsoft Windows Wireless Client Security Settings Generally, on Windows XP there are two ways to get to the security properties for a wireless client: 1. From the wireless connection icon on the Windows task bar: ...
Page 154: Configuring A Client To Access An Unsecure Network (No Security)
AT-TQ2403 - Management Software - User's Guide List of available networks will change depending on client location. Each network (or access point) that that is detected by the client shows up in this list. ("Refresh" updates the list with current information.) For each network you want to connect to, configure security settings on the client to match the security mode being used by that network.
Page 155: Configuring Static Wep Security On A Client
Different clients can use different keys to transmit data to the access point. (Or they can all use the same key, but this is less secure because it means one station can decrypt the data being sent by another.) If you configured the AT-TQ2403 Wireless Access Point to use Static WEP security mode…...
Page 156: Figure 62: Security Setting Page - Static Wep Setting Page
AT-TQ2403 - Management Software - User's Guide Figure 62: Security Setting Page – Static WEP Setting Page . . . then configure WEP security on each client as follows. Figure 63: Client Side Security Setting - Static WEP Setting Detail Association Tab...
Page 157: Configuring Ieee 802.1X Security On A Client
AT-TQ2403 Management Software User's Guide Field Setting Network Authentication "Open" or "Shared", depending on how you configured this option on the access point. Note: When the Authentication Algorithm on the access point is set to "Both", clients set to either Shared or Open can associate with the AP.
Page 158: Ieee 802.1X Client Using Eap/Peap
AP that is using an external RADIUS server, the client configuration process will differ somewhat from this example especially with regard to certificate validation. If you configured the AT-TQ2403 Wireless Access Point to use IEEE 802.1x security mode . . . Figure 64: Security Setting Page – IEEE802.1x Setting Page...
Page 159: Figure 65: Client Side Security Setting - Ieee802.1X Security Setting Detail
AT-TQ2403 Management Software User's Guide Figure 65: Client Side Security Setting - IEEE802.1x Security Setting Detail...
Page 160 AT-TQ2403 - Management Software - User's Guide 1. Configure the following settings on the Association tab on the Network Properties dialog. Association Tab Field Setting Network Authentication Open Data Encryption Note: An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each IEEE 802.11 frame.
Page 161: Ieee 802.1X Client Using Eap/Tls Certificate
4. Obtain a certificate for this client as described in “Obtaining a TLS-EAP Certificate for a Client”. If you configured the AT-TQ2403 Wireless Access Point to use IEEE 802.1x security mode with an external RADIUS server…...
Page 162: Figure 66: Security Setting Page - Ieee802.1X Setting Page
AT-TQ2403 - Management Software - User's Guide Figure 66: Security Setting Page – IEEE802.1x Setting Page . . . then configure IEEE 802.1x security with certificate authentication on each client as follows.
Page 163: Figure 67: Client Side Security Setting - Ieee802.1X Security Setting Detail
AT-TQ2403 Management Software User's Guide Figure 67: Client Side Security Setting - IEEE802.1x Security Setting Detail...
Page 164 AT-TQ2403 - Management Software - User's Guide 1. Configure the following settings on the Association tab on the Network Properties dialog. Association Tab Field Setting Network Authentication Open Data Encryption Note: An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each IEEE 802.11 frame.
Page 165: Configuring Wpa/Wpa2 Enterprise (Radius) Security On A Client
Authentication Protocol (EAP) known as "EAP/PEAP".  If you are using the Built-in Authentication server with "WPA/WPA2 Enterprise (RADIUS)" security mode on the AT-TQ2403 Wireless Access Point, then you will need to set up wireless clients to use PEAP. ...
Page 166: Figure 68: Security Setting Page - Wpa Enterprise Setting Page
AT-TQ2403 - Management Software - User's Guide Figure 68: Security Setting Page – WPA Enterprise Setting Page First set up user accounts on the access point (User Management tab)… Figure 69: User Management Page . . . then configure WPA security with PEAP authentication on each client as follows.
Page 167: Figure 70: Client Side Security Setting - Wpa Enterprise Setting Detail
AT-TQ2403 Management Software User's Guide Figure 70: Client Side Security Setting – WPA Enterprise Setting Detail...
Page 168 AT-TQ2403 - Management Software - User's Guide 1. Configure the following settings on the Association and Authentication tabs on the Network Properties dialog. Association Tab Field Setting Network Authentication Data Encryption TKIP or AES depending on how this option is configured on the access point.
Page 169: Wpa/Wpa2 Enterprise (Radius) Client Using Eap-Tls Certificate
How to Configure a Certificate Server at http://support.microsoft.com/default.aspx?scid=kb;en-us;318710#3 To use this type of security, you must do the following: 1. Add the AT-TQ2403 Wireless Access Point to the list of RADIUS server clients. (See “Configuring an External RADIUS Server to Recognize the AT-TQ2403 Wireless Access Point”.)
Page 170: Figure 71: Security Setting Page - Wpa Enterprise Setting Page
AT-TQ2403 - Management Software - User's Guide Figure 71: Security Setting Page – WPA Enterprise Setting Page . . . then configure WPA security with certificate authentication on each client as follows.
Page 171: Figure 72: Client Side Security Setting - Wpa Setting Detail
AT-TQ2403 Management Software User's Guide Figure 72: Client Side Security Setting – WPA Setting Detail...
Page 172: Wpa/Wpa2 Enterprise (Radius) Client Using Eap-Sim Certificate
AT-TQ2403 - Management Software - User's Guide 1. Configure the following settings on the Association tab on the Network Properties dialog. Association Tab Field Setting Network Authentication Data Encryption TKIP or AES depending on how this option is configured on the access point.
Page 173: Figure 73: Security Setting Page - Wpa Enterprise Setting Page
AT-TQ2403 Management Software User's Guide To use this type of security, you must do the following: 1. Add the AT-TQ2403 Wireless Access Point to the list of RADIUS server clients. (There are some kind of Radius server support EAP-SIM, such as : FreeRadius) 2.
Page 174: Figure 74: Client Side Security Setting - Wpa Setting Detail
AT-TQ2403 - Management Software - User's Guide Figure 74: Client Side Security Setting – WPA Setting Detail Configure the following settings on the “Security Settings” of the Intel PROSet dialog. Field Setting Network Authentication WPA2 – Enterprise Data Encryption TKIP or AES–CCMP depending on how this option is configured on the access point.
Page 175: Configuring Wpa/Wpa2 Personal (Psk) Security On A Client
Counter mode/CBC-MAC Protocol (CCMP) mechanisms. PSK employs a pre-shared key for an initial check of client credentials. If you configured the AT-TQ2403 Wireless Access Point to use WPA/WPA2 Personal (PSK) security mode. Figure 75: Security Setting Page – WPA Personal Setting Page .
Page 176 AT-TQ2403 Wireless Access Point. This section provides an example of configuring an external RADIUS server for the purposes of authenticating and authorizing TLS-EAP certificates from wireless clients of a particular AT-TQ2403 Wireless Access Point configured for either "WPA/WPA2 Enterprise (RADIUS)" or "IEEE 802.1x"...
Page 177 Please consult the documentation for your RADIUS server for information on setting up user accounts. The purpose of this procedure is to identify your AT-TQ2403 Wireless Access Point as a "client" to the RADIUS server. The RADIUS server can then handle authentication and authorization of wireless clients for the AP.
Page 178: Figure 77: Radius Server - Internet Authentication Service
2. In the left panel, right click on "RADIUS Clients" node and choose New > Radius Client from the popup menu. 3. On the first screen of the New RADIUS Client wizard provide information about the AT-TQ2403 Wireless Access Point to which you want your clients to connect: ...
Page 179: Figure 79: Radius Server Setting - New Radius Client Setting
AT-TQ2403 Management Software User's Guide 4. For the "Shared secret" enter the RADIUS Key you provided to the access point (on the Security page). Re-type the key to confirm. Figure 79: Radius Server Setting – New Radius Client Setting 5. Click Finish Figure 80: Radius Server The access point is now displayed as a client of the Authentication Server.
Page 180: Obtaining A Tls-Eap Certificate For A Client
AT-TQ2403 - Management Software - User's Guide Obtaining a TLS-EAP Certificate for a Client Note: If you want to use IEEE 802.1x mode with EAP-TLS certificates for authentication and  authorization of clients, you must have an external RADIUS server and a Public Key Authority Infrastructure (PKI), including a Certificate Authority (CA), server configured on your network.
Page 181: Figure 82: Welcome Message From Certification Server
AT-TQ2403 Management Software User's Guide Figure 82: Welcome Message from Certification Server 3. Click Request a certificate to get the login prompt for the RADIUS server. 4. Provide a valid user name and password to access the RADIUS server. Figure 83: Radius Server Log-in Page Note: The user name and password you need to provide here is for access to the ...
Page 182: Figure 85: User Certification Installation - Identifying Information
AT-TQ2403 - Management Software - User's Guide 6. Click Yes on the dialog displayed to install the certificate. Figure 85: User Certification Installation – Identifying Information 7. Click Submit to complete and click Yes to confirm the submittal on the popup dialog.
Page 183: Configuring Radius Server For Vlan Tags
In the case of AT-TQ2403 Wireless Access Point, if the user has selected to use an external RADIUS server (configured on the Security page) then an External RADIUS server will try to authenticate the user.
Page 184 AT-TQ2403 - Management Software - User's Guide In the case of FreeRADIUS server, the following options may be set in the users file to add the necessary attributes. example-userAuth-Type :=EAP, User-Password =="password" Tunnel-Tyep = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-ID = 7 Tunnel-Type and Tunnel-Medium-Type use the same values for all stations.
Page 185: Appendix B: Troubleshooting
AT-TQ2403 Management Software User's Guide Appendix B: Troubleshooting This section provides information about how to solve common problems you might encounter in the course of updating network configurations on networks served by multiple, clustered access points.  Wireless Distribution System (WDS) Problems and Solutions ...
Page 186: Bootloader Recovery
AT-TQ2403 - Management Software - User's Guide  Reset the access point from its Administration UI. To do this, go to http://IPAddressOfAccessPoint, navigate to Reset Configuration, and click the Reset button. (IP addresses for APs are on the Cluster > Access Points page for any cluster member.) ...
Page 187: Appendix C: Command Line Interface (Cli) For Ap Configuration
Appendix C: Command Line Interface (CLI) for AP Configuration In addition to the Web based user interface, the AT-TQ2403 Management Software includes a command line interface (CLI) for administering the access point. The CLI lets you view and modify status and configuration information.
Page 188: Comparison Of Settings Configurable With The Cli And Web Ui
Comparison of Settings Configurable with the CLI and Web UI The command line interface (CLI) and the Web user interface (UI) to the AT-TQ2403 Management Software are designed to suit the preferences and requirements for different types of users or scenarios.
Page 189 AT-TQ2403 Management Software User's Guide Feature or Setting Configurable from CLI Configurable from Web UI User Accounts User Database Backup and You cannot backup or restore a Restore user database from the CLI. Please use the Web UI to do this...
Page 190: How To Access The Cli For An Access Point
AP.) 3. You will be prompted for an Administrator user name and password for the access point. AT-TQ2403 login: Password: Enter the default Administrator username and password for the AT-TQ2403 Management...
Page 191: Ssh Connection To The Ap
Software (manager, friend), and press "Enter" after each. (The password is masked, so it will not be displayed on the screen.) When the user name and password is accepted, the screen displays the AT-TQ2403 Management Software help command prompt. AT-TQ2403 login: manager Password: friend Enter ‘help’...
Page 192: Quick View Of Commands And How To Get Help
Enter ‘help’ for help. When the user name and password is accepted, the screen displays the AT-TQ2403 Management Software help command prompt. AT-TQ2403# You are now ready to enter CLI commands at the command line prompt.
Page 193 AT-TQ2403 Management Software User's Guide Description Command The "get" command allows you to get the property values of existing instances of a class. Classes can be "named" or "unnamed". The command syntax is: get unnamed-class [ property ... | detail ] get named-class [ instance | all [ property ...
Page 194 AT-TQ2403 - Management Software - User's Guide Description Command The "set" command allows you to set the property values of existing instances of a class. set unnamed-class [ with qualifier-property qualifier-value ... to ] property value . . . The first argument is an unnamed class in the configuration.
Page 195: Getting Help On Commands At The Cli
AT-TQ2403 Management Software User's Guide Description Command The "add" command allows you to add a new instance or group of instances of a class. add unique-named-class instance [ property value ... ] add group-named-class instance [ property value ... ] add anonymous-class [ property value ...
Page 196 AT-TQ2403 - Management Software - User's Guide Hitting TAB once will attempt to complete the current command. If multiple completions exist, a beep will sound and no results will be displayed. Enter TAB again to display all available completions. ...
Page 197: Ready To Get Started
AT-TQ2403 Management Software User's Guide property, "get system version". Hit ENTER to display the output results of the command. For detailed examples on getting help, see “Keyboard Shortcuts and Tab Completion Help”. Ready to Get Started? If you know the four basic commands shown above (get, set, remove, and add) and how to get help at the CLI using tab completion, you are ready to get started.
Page 198: Understanding Cli Validation Of Configuration Settings
For more information, see “CLI Classes and Properties Reference”. Saving Configuration Changes The AT-TQ2403 Management Software maintains three different configurations.  Factory Default Configuration - This configuration consists of the default settings shipped with the access point.
Page 199: Basic Settings
AT-TQ2403 Management Software User's Guide  Running Configuration - The running configuration contains the settings with which the AP is currently running. When you view or update configuration settings through the command line interface (CLI) using get, set, add, and remove commands, you are viewing and changing values on the running configuration only.
Page 200 AT-TQ2403 - Management Software - User's Guide Feature or Setting CLI Command Get the Firmware Version for get system version the Access Point Get the Location of the get cluster location Access Point Set the Location for an set system location NewLocation...
Page 201 AT-TQ2403 Management Software User's Guide --------------------- ip 10.10.55.216 00:a0:c9:8c:c4:7e Get Common Information on All Interfaces for an AP The following example shows common information (including IP addresses) for all interfaces. AT-TQ2403# get interface all name type status mask ----------------------------------------------------------------------------------------------------------------- wlan0wds0...
Page 202 AT-TQ2403 - Management Software - User's Guide brvwn12 bridge down 00:00:00:00:00:00 brvwn1 bridge down 00:00:00:00:00:00 brvwn4 bridge down 00:00:00:00:00:00 brvwn14 bridge down 00:00:00:00:00:00 loopback 00:00:00:00:00:00 127.0.0.1 255.0.0.0 eth0 ethernet 00:5C:00:1C:00:1C Get the Firmware Version for the Access Point In the following example, the access point is running Firmware Version:1.0.0.9. Use the get command as shown to obtain the Firmware Version.
Page 203: Access Point And Cluster Settings
Get the Wireless Network Name (SSID) AT-TQ2403# get interface wlan0 ssid allied Set the Wireless Network Name (SSID) AT-TQ2403# set interface wlan0 ssid "Vicky’s AP" AT-TQ2403# get interface wlan0 ssid Vicky’s AP Access Point and Cluster Settings The command examples in this section show how to get the configuration for a cluster of access points.
Page 204: User Accounts
AT-TQ2403 - Management Software - User's Guide cluster-name vicky-cluster Determine only whether an AP is clustered or not The get cluster clustered command returns a value of 0 or 1. If the command returns a value of 1, then the AP is a member of a cluster. If the AP returns a value of 0, then the AP is in standalone mode.
Page 205 1. Add username "samantha": AT-TQ2403# add radius-user samantha 2. Provide a real name (Elizabeth Montgomery) for this user: AT-TQ2403# set radius-user samantha realname "Elizabeth Montgomery" 3. Set the user password for samantha to "bewitched"...
Page 206: Status
AT-TQ2403 - Management Software - User's Guide AT-TQ2403# set radius-user samantha password bewitched 4. Repeat this process to add some other users (endora, darren, and wally) AT-TQ2403# add radius-user endora AT-TQ2403# set radius-user endora realname "Agnes Moorhead" AT-TQ2403# set radius-user endora password scotch AT-TQ2403# add radius-user darren AT-TQ2403# set radius-user darren realname "Dick York"...
Page 207 AT-TQ2403 Management Software User's Guide Feature or Setting CLI Command Global commands to get details on all Basic get bss all detail Service Sets (BSSs). get access-point This is a useful command to use to get a comprehensive picture of how the AP is get vwn currently configured.
Page 208 AT-TQ2403 - Management Software - User's Guide Feature or Setting CLI Command Enable Remote Logging and Specify the Log As a prerequisite to remote logging, the Log Relay Host must be configured first as described in “Setting Up the Log Relay Host”.
Page 209 AT-TQ2403 Management Software User's Guide Get Current Settings for the Ethernet (Wired) Management Interface The following example shows how to use the CLI to get the Ethernet (Wired) settings for the Management interface for an access point. You can see by the output results of the command that the MAC address is 00:01:02:03:02:00, the IP address is 192.168.1.230 and the subnet mask is 255.255.255.0.
Page 210 AT-TQ2403 - Management Software - User's Guide Get the Network Name (SSID) for the Wireless Internal Interface The following example shows how to get the SSID of a Wireless Internal Interface. You can see from the value that is returned, that the SSID of this AP is "allied ".
Page 211 AT-TQ2403 Management Software User's Guide static-channel channel Property Value --------------------------------------------------------------------------------- tx-power tx-rx-status beacon-interval rts-threshold 2347 fragmentation-threshold 2346 super-ag atheros-xr load-balance-disassociation-utilization 0 load-balance-disassociation-stations load-balance-no-association-utilization 0 ap-detection station-isolation frequency 5180 rate-limit-enable rate-limit rate-limit-burst Get Status on Events AT-TQ2403# get log-entry number priority time...
Page 212 “Setting Up the Log Relay Host”.) Then, you can use the CLI to configure the AT-TQ2403 Management Software to send its syslog messages to the remote server. View Log Settings To view the current log settings:...
Page 213 To specify the Relay Host, provide either the IP Address or a DNS name for the Log Relay Host as parameters to the "set log relay-host" command as shown below. Note: If you are using AT-TQ2403 Wireless Operations Center, the Repository Server ...
Page 214 The syslog server is at the IP address 10.10.5.220  The AP is listening for syslog messages on the default port 514 Get Transmit / Receive Statistics AT-TQ2403# get interface wlan1 ip mac ssid tx-packets tx-bytes tx-errors rx-packets rx-bytes rx-errors Property...
Page 215 AT-TQ2403 Management Software User's Guide tx-packets -------------------------------------------------------------------------------------------------------------------- wlan1 00:0e:35:48:a7:ea Yes wlan1 00:11:95:df:83:b1 Yes AT-TQ2403# get association detail Property Value ---------------------------------- interface wlan1 station 00:0e:35:48:a7:ea authenticated associated rx-packets tx-packets rx-bytes 15880 tx-bytes tx-rate listen-interval last-rssi Property Value ---------------------------------- interface wlan1 station...
Page 216: Ethernet (Wired) Interface
AT-TQ2403 - Management Software - User's Guide ssid Service Set IDentifier (a.k.a., Network Name) supported-rates Supported rates list type Type (AP, Ad hoc, or Other) WPA security enabled To get the neighboring access points, type get detected-ap. AT-TQ2403# get detected-ap...
Page 217 AT-TQ2403 Management Software User's Guide Feature or Setting CLI Command Deny Management via WLAN Enable: set management deny-wlan-management-enabled 1 Ping Deny: Telnet set management deny-wlan-management-ping 1 HTTP set management deny-wlan-management-telnet 1 SNMP set management deny-wlan-management-http 1 TFTP set management deny-wlan-management-snmp 1...
Page 218 AT-TQ2403 - Management Software - User's Guide Note: For more information on DHCP and Static IP connection types, see the topic  “Understanding Dynamic and Static IP Addressing on the AT-TQ2403 Management Software”. To get the connection type: AT-TQ2403# get management dhcp-status In order to re-set the connection type from DHCP to Static IP, you must have a serial port connection to the AP because you will lose connectivity during the process of assigning a new static IP address.
Page 219 AT-TQ2403 Management Software User's Guide Re-Configure Static IP Addressing Values Note: This section assumes you have already set the AP to use Static IP Addressing and set  some initial values as described in “Get/Change the Connection Type (DHCP or Static IP)”.
Page 220: Wireless Interface
AT-TQ2403 - Management Software - User's Guide 2. Turn off Dynamic DNS Nameservers and re-check the settings: AT-TQ2403# set host dns-via-dhcp down AT-TQ2403# get host dns-via-dhcp down 3. Get the current IP addresses for the DNS Nameservers: AT-TQ2403# get host static-dns-1 10.10.3.9...
Page 221 Find out if Guest Access is Enabled The AT-TQ2403 Management Software ships with the Guest Access feature disabled by default. If you want to provide guest access on your AP you must enable this feature. For more information on enabling or disabling Guest Access, see “Enable or Disable Guest...
Page 222: Enable/Configure Guest Login Welcome Page
AT-TQ2403 - Management Software - User's Guide Caution:  You cannot use a ssh or telnet connection to configure VLANs, because you will lose network connectivity to the access point when you remove the bridge-port. Therefore, you must use a serial port connection to configure VLANs through the CLI.
Page 223: Configuring Virtual Wireless Networks (Vwns)
Thank you for using wireless Guest Access as provided by this AT-TQ2403. Upon clicking "Accept", you will gain access to our wireless guest network. This network allows complete access to the Internet but is external to the corporate network.
Page 224 AT-TQ2403 - Management Software - User's Guide Feature or Setting CLI Command Enable or Disable a VWN set vwn vwnx status up This will enable VWN x. set vwn vwnx status down This will disable VWN x. Where x is the VWN number. The VWN number can be between 1 and 14.
Page 225 VWNs. Once all VWNs are configured, you can up bring each one with the following command: AT-TQ2403# set vwn vwnx status up where x is the VWN number (1-14) Alternatively, if you want to disable a VWN, use the following CLI command:...
Page 226 SSID you set. To set the SSID for a VWN to "test lab vwn", use the following CLI command: AT-TQ2403# set interface wlan0vwn14 ssid "test lab vwn" AT-TQ2403# set interface wlan1vwn14 ssid "test lab vwn"...
Page 227: Example: Configuring Vwns
The following example shows commands for configuring WPA/WPA2 Enterprise (RADIUS) security mode, allowing "Both" WPA and WPA2 clients to authenticate and using a TKIP cipher suite: AT-TQ2403# set bss wlan0bssvwn1 open-system-authentication on AT-TQ2403# set bss wlan0bssvwn1 shared-key-authentication on AT-TQ2403# set bss wlan0bssvwn1 wpa-allowed on...
Page 228: Security
AT-TQ2403 - Management Software - User's Guide suite: AT-TQ2403# set bss wlan0bssvwn7 open-system-authentication on AT-TQ2403# set bss wlan1bssvwn7 open-system-authentication on AT-TQ2403# set bss wlan0bssvwn7 shared-key-authentication on AT-TQ2403# set bss wlan1bssvwn7 shared-key-authentication on AT-TQ2403# set bss wlan0bssvwn7 wpa-allowed on AT-TQ2403# set bss wlan1bssvwn7 wpa-allowed on...
Page 229 Prohibit) set bss wlan0bssInternal ignore-broadcast-ssid off Enable / Disable Station Isolation AT-TQ2403# set radio wlan0 station-isolation on AT-TQ2403# set radio wlan0 station-isolation off Set Security to Plain Text set interface wlan0 security plain-text Set Security to Static WEP See detailed example in “Set Security to Static...
Page 230 AT-TQ2403 - Management Software - User's Guide wpa-cipher-ccmp wpa-allowed wpa2-allowed rsn-preauthentication Set the Broadcast SSID (Allow or Prohibit) To set the Broadcast SSID to on (allow): AT-TQ2403# set bss wlan0bssInternal ignore-broadcast-ssid on To set the Broadcast SSID to off (prohibit):...
Page 231 6. Set the Authentication Algorithm 7. Get Current Security Settings After Re-Configuring to Static WEP Security Mode 1. Set the Security Mode AT-TQ2403# set interface wlan0 security static-wep 2. Set the Transfer Key Index The following commands set the Transfer Key Index to 4.
Page 232 AT-TQ2403 - Management Software - User's Guide 4. Set the Key Type Valid values for Key Type are ASCII or Hex. The following commands set the Key Type. Feature or Setting CLI Command To set the Key Type to ASCII:...
Page 233 For this example, we’ll set the authentication algorithm to Shared Key: AT-TQ2403# set bss wlan0bssInternal shared-key-authentication on AT-TQ2403# set bss wlan0bssInternal open-system-authentication off 7. Get Current Security Settings After Re-Configuring to Static WEP Security Mode Now we can use the "get"...
Page 234 AT-TQ2403 - Management Software - User's Guide status description Wireless - Internal 00:01:02:03:02:00 0.0.0.0 mask static-ip 0.0.0.0 static-mask rx-bytes rx-packets rx-errors rx-drop rx-fifo rx-frame rx-compressed rx-multicast tx-bytes tx-packets tx-errors tx-drop tx-fifo tx-colls tx-carrier tx-compressed hello priority port-isolation ssid allied wlan0bssInternal...
Page 235 5. Get Current Security Settings After Re-Configuring to IEEE 802.1x Security Mode 1. Set the Security Mode AT-TQ2403# set interface wlan0 security dot1x 2. Set the Authentication Server You can use the built-in authentication server on the access point or an external RADIUS server.
Page 236 AT-TQ2403 - Management Software - User's Guide For our example, we’ll disable RADIUS accounting since we’re using the built-in server: AT-TQ2403# set bss wlan0bssInternal radius-accounting off 5. Get Current Security Settings After Re-Configuring to IEEE 802.1x Security Mode Now we can use the "get" command again to view the updated security configuration and see the results of our new settings.
Page 237 For this example, we’ll set the access point to support Both WPA and WPA2 client stations: AT-TQ2403# set bss wlan0bssInternal wpa-allowed on AT-TQ2403# set bss wlan0bssInternal wpa2-allowed on 3. Set the Cipher Suites Set the cipher suite you want to use.
Page 238 AT-TQ2403 - Management Software - User's Guide Feature or Setting CLI Command To set the cipher suite to CCMP (AES) set bss wlan0bssInternal wpa-cipher-tkip off only: set bss wlan0bssInternal wpa-cipher-ccmp on CCMP (AES) - Counter mode/CBC- MAC Protocol (CCMP) is an encryption method for IEEE 802.11i...
Page 239 6. Set the RADIUS Key (For External RADIUS Server Only) 7. Enable RADIUS Accounting (External RADIUS Server Only) 8. Allow Non-WPA Clients 9. Get Current Security Settings After Re-Configuring to WPA/WPA2 Enterprise (RADIUS) 1. Set the Security Mode AT-TQ2403# set interface wlan0 security wpa-enterprise...
Page 240 AT-TQ2403 - Management Software - User's Guide 2. Set the WPA Versions Select the WPA version based on what types of client stations you want to support. Feature or Setting CLI Command To support WPA clients: set bss wlan0bssInternal wpa-allowed on...
Page 241 This option does not apply if you set the WPA Version to support "WPA" clients only because the original WPA does not support this pre-authentication For our example, we’ll disable pre-authentication. AT-TQ2403# set bss wlan0bssInternal rsn-preauthentication off 4. Set the Cipher Suites Set the cipher suite you want to use. The options are: Feature or Setting...
Page 242 AT-TQ2403 - Management Software - User's Guide To set the cipher suite to Both: set bss wlan0bssInternal wpa-cipher-tkip on Both - When the authentication algorithm set bss wlan0bssInternal wpa-cipher-ccmp on is set to "Both", both TKIP and AES clients can associate with the access point. WPA...
Page 243 For our example, we’ll enable RADIUS accounting for our external RADIUS server: AT-TQ2403# set bss wlan0bssInternal radius-accounting on 8. Allow Non-WPA Clients You can let non-WPA (802.11), un-authenticated client stations use this access point by setting the "wpa- allowed"...
Page 244: Radio Settings
AT-TQ2403 - Management Software - User's Guide mac-acl-name default radius-accounting radius-ip 142.77.1.1 radius-key KeepSecret radius-port 1812 radius-accounting-port 1813 vlan-tagged-interface open-system-authentication shared-key-authentication wpa-allow-non-wpa-stations wpa-cipher-tkip wpa-cipher-ccmp wpa-allowed wpa2-allowed rsn-preauthentication Radio Settings Note: Before configuring this feature, make sure you are familiar with the names of the ...
Page 245 AT-TQ2403 Management Software User's Guide This table shows a quick view of Radio Settings commands and links to detailed examples. Feature or Setting CLI Command Get Radio Settings get radio get radio wlan0 get radio wlan0 detail Get IEEE 802.11 Radio Mode...
Page 246 AT-TQ2403 - Management Software - User's Guide Get Radio Channel To get the current setting for radio Channel: AT-TQ2403# get radio wlan0 channel (The radio in this example is on Channel 36.) Get Basic Radio Settings To get basic current Radio settings:...
Page 247 AT-TQ2403 Management Software User's Guide rate-limit-enable rate-limit rate-limit-burst Get Supported Rate Set The Supported Rate Set is what the access point supports. The AP will automatically choose the most efficient rate based on factors like error rates and distance of client stations from the AP. For a list the recommended default supported rates per radio mode, see “2.
Page 248 AT-TQ2403 - Management Software - User's Guide Note: To get a list of all properties you can set on the AP radio, type the following at the  CLI prompt: set radio wlan0 [Space] [Tab] [Tab] 1. Turn the Radio On or Off 2.
Page 249 The following command sets the Wireless Mode to IEEE 802.11g: AT-TQ2403# set radio wlan0 mode g When you change the radio mode, typically you must change the basic and supported rates to match the mode. For a mapping of radio modes to basic and supported rates, see the table for this in step 6.
Page 250 AT-TQ2403 - Management Software - User's Guide Note that this setting for a "static-channel" only takes effect if the Channel Policy (channel-policy) is set to static. The channels available will depend on the radio mode of your access point and the country in which the AP is operating.
Page 251 (Atheros Dynamic Turbo 2.4 GHz / IEEE 802.11g) The following command adds "48" as a basic rate to wlan0 (the internal, wireless interface): AT-TQ2403# add basic-rate wlan0 rate 48 To get the basic rates currently configured for this AP: AT-TQ2403# get basic-rate...
Page 252 AT-TQ2403 - Management Software - User's Guide AT-TQ2403# get basic-rate name rate ------------------------- wlan1 5.5 wlan1 2 wlan1 1 wlan0 24 wlan0 12 wlan0 6 wlan0 48 The following command adds "9" as a supported rate to wlan0 (the internal, wireless interface): AT-TQ2403# add supported-rate wlan0 rate 9 To get the supported rates currently configured for this AP (using "wlan0"...
Page 253: Mac Filtering
Internal or Guest network, or (on a dual-radio AP) to radio "one" or radio "two". You can control access to AT-TQ2403 Management Software based on Media Access Control (MAC) addresses. Based on how you set the filter, you can allow only client stations with a listed MAC address or prevent access to the stations listed.
Page 254 AT-TQ2403 - Management Software - User's Guide 4. Getting Current MAC Filtering Settings: 5. Get the Type of MAC Filtering List Currently Set (Accept or Deny) 6. Get MAC Filtering List 1. Specify an Accept or Deny List To set up MAC filtering you first need to specify which type of list you want to configure...
Page 255: Load Balancing
AT-TQ2403 Management Software User's Guide AT-TQ2403# remove mac-acl default mac 00:01:02:03:04:04 4. Getting Current MAC Filtering Settings Get the Type of MAC Filtering List Currently Set (Accept or Deny) The following command shows which type of MAC filtering list is currently configured:...
Page 256: Quality Of Service
Quality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice-over-IP (VoIP), other types of audio, video, and streaming media as well as traditional IP data over the AT-TQ2403 Management Software.
Page 257 By default, Wi-Fi MultiMedia (WMM) is disabled on the access point. With WMM enabled, QoS settings on the AT-TQ2403 Management Software control both downstream traffic flowing from the access point to client station (AP EDCA parameters) and upstream traffic flowing from the station to the access point (station EDCA parameters).
Page 258 AT-TQ2403 - Management Software - User's Guide Station Enhanced Distributed Channel Access (EDCA) Parameters affect traffic flowing from the client station to the access point (station-to-AP). Keep in mind that station-to-AP parameters apply only when WMM is enabled as described in “Enable/Disable Wi-Fi Multimedia”.
Page 259 For example, this command sets the AIFS wait time on the AP Voice queue (data0) to 13 milliseconds. AT-TQ2403# set tx-queue wlan0 with queue data0 to aifs 13 View the results of this configuration update (bold in the command output highlights the modified value):...
Page 260 For example, this command sets the AP Video queue (data1) cwmin value to 15 and cwmax value to 31. AT-TQ2403# set tx-queue wlan0 with queue data1 cwmin 15 cwmax 31 View the results of this configuration update (bold in the command output highlights the modified...
Page 261 For example, this command sets the client station Video queue (vi) cwmin value to 15 and cwmax value to 31. AT-TQ2403# set wme-queue wlan0 with queue vi cwmin 7 cwmax 15 View the results of this configuration update (bold in the command output highlights the modified...
Page 262: Wireless Distribution System (Wds)
For example, this command sets the txop-limit on the station Voice queue (vo) to 49. AT-TQ2403# set wme-queue wlan0 with queue vo to txop-limit 49 View the results of this configuration update (bold in the command output highlights the modified value):...
Page 263 2. After setting the security on the access point, you also want to apply security settings to the WDS link: AT-TQ2403# set interface wlan0wds0 status up remote-mac 00:80:98:78:18:50 AT-TQ2403# set interface wlan0wds0 wds-ssid wds-test AT-TQ2403# set interface wlan0wds0 wds-wpa-psk-key 12345678...
Page 264: Simple Network Management Protocol (Snmp)
AP”.) The AT-TQ2403 Management Software can function as an SNMP managed device for seamless integration into network management systems such as HP OpenView. The following information describes how to use the CLI to start and stop SNMP agents, configure community password, get access to MIBs, and configure SNMP Trap destinations.
Page 265: Time Protocol
AT-TQ2403 Management Software User's Guide 4. Allow/Prohibit SNMP SET Commands set snmp rw-status up set snmp rw-status down 5. Set the read-write community name for permitted SETs set snmp rw-community <name> 6. Restrict the source of SNMP requests to only the designated hosts or subnets...
Page 266: Pre-Config Rogue Ap
AT-TQ2403 - Management Software - User's Guide AT-TQ2403# set ntp auto-sync up 4. Interval to Synchronize If Synchronize Automatically is enabled, the device will synchronize time with the NTP server at each specified interval. This interval is set in minutes.
Page 267: Reset The Ap To Factory Defaults
AT-TQ2403 Management Software User's Guide Reset the AP to Factory Defaults If you are experiencing extreme problems with the AT-TQ2403 Management Software and have tried all other troubleshooting measures, you can reset the access point. This will restore factory defaults and clear all settings, including settings such as a new password or wireless settings.
Page 268: Keyboard Shortcuts And Tab Completion Help
AT-TQ2403 - Management Software - User's Guide 2. Set the upgrade URL from the CLI. This URL should be the URL of the upgrade file on the web server. AT-TQ2403# set firmware-upgrade upgrade-url http://10.10.28.249/upgrade.img 3. It is good practice to check the validity of the upgrade file. Validate the file using the following...
Page 269: Tab Completion And Help
AT-TQ2403 Management Software User's Guide Action on CLI Keyboard Shortcut Move the cursor forward on the current line, one character at a time Ctrl-f Right Arrow Key Start over at a blank command prompt (abandons the input on the current line) Ctrl-c Remove one character on the current line.
Page 270 AT-TQ2403 - Management Software - User's Guide Add an instance to the running configuration factory-reset Reset the system to factory defaults Get property values of the running configuration reboot Reboot the system remove Remove instances in the running configuration save-running...
Page 271 AT-TQ2403 Management Software User's Guide access-point Guest, VLAN and VWN settings ap-list AP list for rogue AP detection Basic Service Set of radios channel-planner Channel planner settings cluster Clustering-based configuration settings config Configuration settings dhcp-client DHCP client settings dot11 IEEE 802.11 (all radios)
Page 272: Cli Classes And Properties Reference
Destination host for SNMP trap CLI Classes and Properties Reference Configuration information for the AT-TQ2403 is represented as a set of classes and objects. The following is a general introduction to the CLI classes and properties. For a reference guide to all CLI classes and properties, see the CLI Class and Properties Reference documentation.
Page 273: Figure 90: Kick Start Search Results Dialog Box
AT-TQ2403 Management Software User's Guide Figure 90: Kick Start Search Results Dialog Box...
Page 274: Glossary
AT-TQ2403 - Management Software - User's Guide Glossary 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z IEEE 802 (IEEE Std. 802-2001) is a family of standards for peer-to-peer communication over a LAN.
Page 275 AT-TQ2403 Management Software User's Guide 802.11a Turbo IEEE 802.11a Turbo is a proprietary variant of the 802.11a standard from Atheros Communications. supports accelerated data rates ranging from 6 to 108Mbps. Atheros Turbo 5 GHz is IEEE 802.11a Turbo mode. Atheros Turbo 2.4 GHz is IEEE 802.11g Turbo mode.
Page 276 AT-TQ2403 - Management Software - User's Guide 802.11i IEEE 802.11i is a comprehensive IEEE standard for security in a wireless local area network (WLAN) that describes Wi-Fi Protected Access 2 (WPA2). It defines enhancements to the MAC Layer to counter the some of the weaknesses of WEP.
Page 277 AT-TQ2403 Management Software User's Guide Access Point An access point is the communication hub for the devices on a WLAN, providing a connection or bridge between wireless and wired network devices. It supports a Wireless Networking Framework called Infrastructure Mode.
Page 278 AT-TQ2403 - Management Software - User's Guide frequency hopping spread spectrum, direct sequence spread spectrum, etc.).  The optional Traffic Indication Map (TIM) identifies stations, using power saving mode, that have data frames queued for them. Bridge A connection between two local area networks (LANs) using the same protocol, such as Ethernet or IEEE 802.1x.
Page 279 AT-TQ2403 Management Software User's Guide transnational authorities such as the Federal Communications Commission (FCC), European Telecommunications Standards Institute (ETSI), Korean Communications Commission, or the Telecom Engineering Center (TELEC). CSMA/CA Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is a low-level network arbitration/ contention protocol.
Page 280 AT-TQ2403 - Management Software - User's Guide The Document Object Model (DOM) is an interface that allows programs and scripts to dynamically access and update the content, structure, and style of documents. The DOM allows you to model the objects in an HTML or XML document (text, links, images, tables), defining the attributes of each object and how they can be manipulated.
Page 281 AT-TQ2403 Management Software User's Guide The Extended Rate Protocol refers to the protocol used by IEEE 802.11g stations (over 20 Mbps transmission rates at 2.4GHz) when paired with Orthogonal Frequency Division Multiplexing (OFDM). Built into ERP and the IEEE 802.11g standard is a scheme for effective interoperability of IEEE 802.11g stations with IEEE 802.11b nodes on the same channel.
Page 282 AT-TQ2403 - Management Software - User's Guide HTTPS The Secure Hypertext Transfer Protocol (HTTPS) is the secure version of HTTP, the communication protocol of the World Wide Web. HTTPS is built into the browser. If you are using HTTPS you will notice a closed lock icon at the bottom corner of your browser page.
Page 283 AT-TQ2403 Management Software User's Guide An IP address is partitioned into two portions: the network prefix and a host number on that network. A Subnet Mask is used to define the portions. There are two special host numbers:  The Network Address consists of a host number that is all zeroes (for example, 192.168.2.0).
Page 284 AT-TQ2403 - Management Software - User's Guide A Local Area Network (LAN) is a communications network covering a limited area, for example, the computers in your home that you want to network together or a couple of floors in a building. A LAN connects multiple computers and other network devices such as storage and printers.
Page 285 AT-TQ2403 Management Software User's Guide The Maximum Transmission Unit is the largest physical packet size, measured in bytes, that a network can transmit. Any messages larger than the MTU are fragmented into smaller packets before being sent. Multicast A Multicast sends the same message to a select group of recipients. Sending an e-mail message to a mailing list is an example of multicasting.
Page 286 AT-TQ2403 - Management Software - User's Guide with low-level protocols for communication and addressing. For example, protocols such as CSMA/CA and components like MAC addresses, and Frames are all defined and dealt with as a part of the Data-Link layer.
Page 287 AT-TQ2403 Management Software User's Guide The Point-to-Point Protocol is a standard for transmitting network layer datagrams (IP packets) over serial point-to-point links. PPP is designed to operate both over asynchronous connections and bit-oriented synchronous systems. PPPoE Point-to-Point Protocol over Ethernet (PPPoE) is a specification for connecting the users on a LAN to the Internet through a common broadband medium, such as a single DSL or cable modem line.
Page 288 AT-TQ2403 - Management Software - User's Guide In IEEE 802.11 parlance, roaming clients are mobile client stations or devices on a wireless network (WLAN) that require use of more than one Access Point (AP) as they move out of and into range of different base station service areas.
Page 289 AT-TQ2403 Management Software User's Guide SNMP Traps SNMP traps enable the asynchronous communication from network devices to managed agents. Setting SNMP traps saves on network resources and eliminates redundant SNMP requests. SSID The Service Set Identifier (SSID) is a thirty-two character key that uniquely identifies a wireless local area network.
Page 290 AT-TQ2403 - Management Software - User's Guide The Transmission Control Protocol (TCP) is built on top of Internet Protocol (IP). It adds reliable communication (guarantees delivery of data), flow-control, multiplexing (more than one simultaneous connection), and connection-oriented transmission (requires the receiver of a packet to acknowledge receipt to the sender).
Page 291 The nodes in a VLAN share resources and bandwidth, and are isolated on that network. The AT-TQ2403 Wireless AP supports the configuration of a wireless VLAN. This technology is leveraged on the access point for the "virtual" guest network feature.
Page 292 AT-TQ2403 - Management Software - User's Guide  Stations communicate through an Access Point in an Infrastructure Mode network. A single access point creates an infrastructure basic service set (BSS) whereas multiple access points are organized in an extended service set (ESS).

Allied Telesis AT-TQ2403 User Manual

Chapter 1: Preparing to Set up the AT-TQ2403 Wireless Access Point

Chapter 2: Setting up the AT-TQ2403 Management Software

Chapter 3: Configuring Basic Settings

Chapter 4: Managing Access Points and Clusters

Chapter 5: Managing User Accounts

Chapter 6: Session Monitoring

Chapter 7: Channel Management

Chapter 8: Wireless Neighborhood

Chapter 9: Configuring Security

Chapter 10: Maintenance and Monitoring

Chapter 11: Setting the Ethernet (Wired) Interface

Chapter 12: Setting the Wireless Interface

Chapter 13: Setting up Guest Access

Chapter 14: Configuring Virtual Wireless Networks

Chapter 15: Configuring Radio Settings

Chapter 16: Controlling Access by MAC Address Filtering

Chapter 17: Load Balancing

Chapter 18: Pre-Config Rogue AP

Chapter 19: Configuring Quality of Service (Qos)

Chapter 20: Configuring the Wireless Distribution System (WDS)

Chapter 21: Configuring Simple Network Management Protocol (SNMP) on the AP

Chapter 22: Enabling the Network Time Protocol Server

Chapter 23: Backing up and Restoring a Configuration

Appendix A: Security Settings on Wireless Clients and RADIUS Server Setup

Quick Links

Related Manuals for Allied Telesis AT-TQ2403

Summary of Contents for Allied Telesis AT-TQ2403