Page 1 Link Series Access Control System Link Series Access Control System Web User Guide Web User Guide Link1000ACS & Link2000ACS Link1000ACS & Link2000ACS www.intcomcorp.com © 2017 All rights reserved. International Communications Corp.
Page 2 ICC Networking’s industry-leading flexible unified Access Control System (ACS) platform with ICC Networking’s industry-leading flexible unified Access Control System (ACS) platform with enhanced capabilities, has added software features, enhanced Security with 11 different Wireless enhanced capabilities, has added software features, enhanced Security with 11 different Wireless...
Page 3: Documentation
This is the Link Series ACS Wireless Web Interface User’s Manual. It contains instructions to conﬁgure the wireless components of the This is the Link Series ACS Wireless Web Interface User’s Manual. It contains instructions to conﬁgure the wireless components of the Link Series ACS Access Control WLAN (Link1000ACS and Link2000ACS) and any of its associated access points (AP).
Page 4: Safety Precautions
Safety precautions For safe and efﬁcient use, read the following information. Text conventions Table 0-1: Text conventions Icon Description Emphasizes information to improve product use. NOTE IMPORTANT Indicates important information or instructions that must be followed. CAUTION Indicates how to avoid equipment damage or faulty application. Issues warnings to avoid personal injury.
Page 5: Table Of Contents
Table of Contents Intended audience ..................i 4.6 Radius accounting mode ..............17 Documentation .................... i 4.7 Radius accounting server ..............17 Contact information ..................i 4.8 Client-QoS global mode ..............17 Icons ....................... i 4.9 Country code ..................18 4.10 Peer group ID ..................18 4.11 Cluster priority ..................18 Safety precautions ..............ii Text conventions ..................ii...
Page 6 Chapter 8: Discovery ............36 Chapter 14: AP image upgrade ........... 58 8.1 IP discovery..................36 14.1 AP manual upgrade conﬁguration ..........58 8.1.1 Enable and disable IP discovery ..........36 8.1.2 Add IP of L3/IP discovery ............36 Chapter 15: Load balance ............ 63 8.1.3 Delete IP address from L3/IP discovery list ......36 15.1 Create template ................63 8.2 L2 VLAN discovery ................36...
Page 7 20.4.1 AP RF scan status ..............88 20.4.2 AP RF scan detail ..............88 20.4.3 Client dynamic blacklist ............90 Chapter 21: Management ........... 91 21.1 Basic conﬁguration ................91 21.1.1 Login user conﬁguration .............91 21.1.2 Login user authentication method conﬁguration ....92 21.1.3 Login user security IP management ........93 21.1.4 Basic conﬁguration...............93 21.1.5 Save current running-conﬁguration ........94 21.2 SNMP conﬁguration .................95...
Page 8: Chapter 1: Introduction To Web Page Configuration
Chapter 1: Introduction to Web Page Conﬁguration This chapter details the Web conﬁguration page. 1.1 Conﬁguration preparation Manage the Link2000ACS by connecting to the Web via an Ethernet interface. 1.1.1 Computer requirements • Compatible operating systems (Win XP /Win 7 /Win 8 /Mac OS 10.6/7)
Page 9 Step 2: Set up the network connection (as shown with Windows 7 ® Click Start. Select Control Panel. Click View network status and tasks, and then click Local Area Connection. The Local Area Connection Status dialog box will appear, as shown in Figure 1-2. Figure 1-2: Local area connection status Click Properties to open the Local Area Connection Properties dialog box, as shown in Figure 1-3.
Page 10 Select Internet Protocol Version 4 (TCP/IPv4), and then click Properties to open the Internet Protocol (TCP/IP) Properties dialog box. Select Use the following IP address, type the IP address (between 192.168.1.2 and 192.168.1.254) and the subnet mask (255.255.255.0), then click OK. Figure 1-4: Internet protocol (TCP/IP) properties Step 3: Use PING command to ensure the connection status between the PC and the Link2000ACS.
Page 11 Figure 1-5: Dialog box for command lines Step 4: Cancel proxy server. If the current PC uses the proxy server to access the Internet, the proxy server must be disabled. Complete the following steps to disable the proxy server: 1. In Internet Explorer, select Tools, and then select Internet Options to open the Internet Options window. 2.
Page 12: Web Interface Introduction
1.2 Web interface introduction 1.2.1 Log in to the Link2000ACS Open the Web browser, type the IP address 192.168.1.1 in the address bar, and press ENTER to open the login page for the Link2000ACS. Type the username and password (the default username is admin, and the password is admin), click Login, or press ENTER to open the Web Conﬁguration page.
Page 13: Menu Introduction
1.2.3 Menu introduction On the top right of the main Graphical User Interface (GUI) screen there are three ﬁelds; user account name, Save Conﬁguration and Logout. • user account name - The name of the user’s login account. Admin will be displayed if the user is logged in under an admin account. A user can create multiple login accounts with various privilege levels as discussed in Chapter 21.
Page 14 Menu Page Page Function Management Switch Basic Conﬁguration Login User Conﬁguration Login User Authentication Method Conﬁguration Login User Security IP Management Basic Conﬁguration Save Current Running-Conﬁguration SNMP Conﬁguration SNMP Authentication SNMP Management Community Managers Conﬁgure SNMP Manager Security IP SNMP Statistics SSH Management Switch on-off SSH SSH Management...
Page 15: Exiting The Web Interface Of The Link2000Acs
1.2.4 Exiting the Web interface of the Link2000ACS Click Logout to exit and return to the Login page. The chapters that follow describe how to enable and conﬁgure various features offered by the icXchange solution. To properly access ® the advanced conﬁguration options for a particular feature, the feature must ﬁrst be enabled by following the conﬁguration steps for that feature as described in this user manual.
Page 16: Chapter 2: Dashboard
Chapter 2: Dashboard The dashboard includes four parts: System Info, Managed AP, Device Info, and Support. 2.1 System info System Info for the Link2000ACS is as follows: The information in the ﬁgure is as follows: • Name: the name of the Link2000ACS is Link2000ACS. •...
Page 17: Managed Access Point
2.2 Managed access point Managed AP shows the MAC Address, Location, IP Address, Proﬁle, Software Version, Status, Conﬁguration Status and Age. • MAC Address: AP’s MAC address • Location: location of AP • IP Address: IP address of AP • Proﬁle: proﬁle that the AP belongs to •...
Page 18: Chapter 3: Fast Configuration
Chapter 3: Fast conﬁguration Click WLAN Conﬁguration->Fast Conﬁguration to conﬁgure the WLAN functions, including the WLAN managed IP address, AP groups, and the basic network conﬁguration. This conﬁguration is submitted to the Link2000ACS. Note: Fast Conﬁguration is a simple way to perform initial conﬁgurations on the Link2000ACS. However, using the Fast Conﬁguration option will overwrite all previous conﬁgurations that were previously conﬁgured on the Link2000ACS.
Page 19: Ap Group Configuration
3.2 AP group conﬁguration AP Group Conﬁguration adds and updates the ID and hardware type of the AP group. Example: Type 2 in the Group ID box. Select 22 - ARC2000MAP, Indoor Dual Band Radio 802.11N as the corresponding AP Hardware Type, and then click Add to add them to the page.
Page 20: Security
3.3.2 Security Security can conﬁgure the access control of the security authentication. The methods of authentication include Static WEP, WEP IEEE802.1x, WPA/WPA2 Personal, and WPA/WPA2 Enterprise. 3.3.2.1 WEP mode Select WEP to access the quick WEP authentication conﬁguration. Under WEP, there are two types of modes: Static WEP and WEP IEEE802.1x.
Page 21 3.3.2.2 WPA/WPA2 Select WPA/WPA2 to conﬁgure the WPA/WPA2 authentication. There are two modes: WPA Personal and WPA Enterprise. Conﬁguration for WPA personal is the same as WLAN Conﬁguration->Networks->WPA Personal (detailed in Chapter 5: Networks). WPA Enterprise has the same conﬁguration as WEP 802.1x. Choose the WPA Enterprise button to enter into the conﬁguration. Example: Type the Radius as radius.
Page 22: Chapter 4: System Configuration
Chapter 4: System conﬁguration Click WLAN Conﬁguration->System Conﬁguration to open the System Conﬁguration page. From this page, the corresponding parameters under WLAN global mode can be conﬁgured. The ﬁgure is as follows: 4.1 WLAN enable Select WLAN Enable to enable the WLAN function. The Link2000ACS WLAN service can only be used after selecting this option. If it is not selected, all WLAN functions on the Link2000ACS will be disabled, and WLAN service will be stopped.
Page 23: Ap Authentication Mode
Clear the Auto IP Assign Mode check box to disable the auto IP assign mode, and then type a static IP address manually. When conﬁguring the static IP, the address of the existing loopback or L3 interfaces should be chosen; otherwise, it will not be effective, and the WLAN function will not function properly.
Page 24: Radius Authentication Server
If Radius is selected, the user must choose a server name from the Radius server group list (it should be conﬁgured ﬁrst, as shown in Chapter 7: Security authentication). The authentication request will be sent to the selected Radius server. 4.5 Radius authentication server Conﬁgure the Radius authentication server by typing radius.
Page 25: Country Code
4.9 Country code The Country Code drop-down list is used to conﬁgure the country code of the Link2000ACS and AP. US – United States is the default. The conﬁgured country code must conform to the country of the device’s location due to the necessary lawful channels of different countries.
Page 26: Chapter 5: Networks
Chapter 5: Networks 5.1 Conﬁgure network ID The default network ID is network1. Either select the existing network to conﬁgure, or create a new network. Click WLAN Conﬁguration ->Networks, and choose a network. For example, modify the SSID of network 8 as wlan. 5.2 Conﬁgure authentication mode The network includes multiple authentication modes.
Page 27: Static Wep Authentication Mode
5.2.2 Static WEP authentication mode Static WEP sets the authentication mode as security mode static-wep. The WEP key is needed when connecting to the network. The WEP authentication mode includes open system and shared key. The WEP key type includes ASCII and HEX. The length includes 64-bit and 128-bit security.
Page 28: Wpa Personal
5.2.4 WPA personal WPA Personal sets the conﬁguration as security mode wpa-personal. It requires the WPA password for the association when connecting to the network. There are three modes: WPA, WPA2, and WPA/WPA2. There are two WPA ciphers: TKIP and CCMP. Example: Select WPA Personal from the Authentication Mode drop-down list, select WPA/WPA2 from the WPA Versions drop-down list, select CCMP from the WPA Ciphers drop-down list, type 12345678 in the WPA Key ﬁeld, and type 300 in the Bcast Key Refresh Rate ﬁeld.
Page 29: Configure Vlan
5.3 Conﬁgure VLAN Type the VLAN ID in the VLAN box, and then bind it to the network. (The VLAN ID ﬁeld belongs to the Network page, and when the user inputs any VLAN ID here, it automatically binds to the network currently being modiﬁed. Binding in this instance means tying a VLAN ID to a particular IP network.) This VLAN ID is the data VLAN that the client uses.
Page 30: Client Qos
5.6 Client QoS The Client QoS controls the client’s rate and access through the network conﬁguration. There are three forms: 1. Client QoS bandwidth limit up and down 2. Client QoS access control up and down 3. Client QoS DiffServ policy up and down Select the Client-Qos Mode check box: Wireless Web Interface User’s Manual...
Page 31: Chapter 6: Ap Group Management
Chapter 6: AP group management AP Group MangementMRes is used to manage multiple APs. Multiple APs can be added and managed in one AP group. Click WLAN Conﬁguration->AP Group Management to open into the AP Group Management page. The user can conﬁgure each of the AP group items and submit them to the Link2000ACS.
Page 32: Normal Attribute
6.1.1 Normal attribute Click New or Modify to open the AP group’s Normal Attribute page. The user can enter the basic conﬁguration information of the AP group from this page. Example: Type the ID as 2 and the Group Name as Group2. Select the Hardware Type as 22 and the Load Balance Template as 7 – Traffic. Click OK.
Page 33: Radio
2. Click Modify to the right of the AP to modify it. The AP MAC address cannot be modiﬁed, but the channels and power can be. Select the Channel to be 6 and the Power to be 0. Click Submit. 3.
Page 34: Vap
6.1.4 VAP VAP conﬁgures the networks used by all APs in the AP group. Select the Status check box next to the VAP that needs to be enabled, and then select the network name. Click Edit to conﬁgure the network (detailed in Chapter 5: Networks). Click OK. VAP: Abbreviation for Virtual Access Point.
Page 35: Qos
6.1.5 QoS Custom QoS policies and rules can be created in the QoS section of the WebGUI. For optimal user experience, all key ﬁelds are conﬁgured by default. Example: Select the Template as Custom. Select the WMM Mode check box. Each of the EDCA parameters are conﬁgured as the default value.
Page 36: Tspec
6.1.6 TSPEC Trafﬁc Speciﬁcations (TSPEC) parameters can be conﬁgured here for the AP group or groups. Generally, the conﬁgured default values are appropriate for most users. Only advanced users should conﬁgure these parameters. Example: Select Enable for the TSPEC Mode. Select Enable for the Voice ACM Mode and Video ACM Mode. Type the limit and timeout as the default values, and click OK.
Page 37: Apply Ap Group
1. Click Modify to the right of AP group 5 to modify it. Click Copy to the right of AP group 2. AP group 5 will be modiﬁed, and its conﬁguration will be the same as AP group 2. 6.3 Apply AP group Click Apply to the right of the AP group to send the conﬁguration to the APs.
Page 38: Chapter 7: Security Authentication
Chapter 7: Security authentication The Security Authentication module includes Radius and LDAP conﬁguration. Radius conﬁguration includes Global Conﬁguration, Radius Authentication Server Conﬁguration, Radius Accounting Server Conﬁguration, Radius Group Manage, and Radius Conﬁguration. 7.1 Radius conﬁguration 7.1.1 Global conﬁguration Prior to enabling the Radius authentication and accounting service, conﬁgure an accounting server and an authentication server. (The server conﬁguration is covered in Section 7.1.2) After conﬁguring the accounting and authentication servers, select the Radius Authentication Status check box to enable the Radius function.
Page 39: Radius Authentication Server Configuration
7.1.2 Radius authentication server conﬁguration Radius Authentication Conﬁguration corresponds to the radius-server authentication host command and can conﬁgure the address of the authentication server. Example: Conﬁgure the Server IP Address as 192.168.1.15. Select the Primary Authentication Server check box, as shown in the following ﬁgure: Click Add.
Page 40: Radius Group Manage
Click Add. The default Accounting Server Port is 1813. If deleting the accounting server, select it, and then click Delete. Prior to deleting the last accounting server, the Radius Accounting Server must be disabled. Click Submit to save the conﬁguration. 7.1.4 Radius group manage Radius Group Manage corresponds to the aaa group server radius command.
Page 41: Ldap Configuration
7.2 LDAP conﬁguration LDAP Conﬁguration corresponds to the ldap server + subsequent conﬁguration command and is mainly used by the portal authentication server and user management server. The main conﬁguration items include the following: • Server IP Address: the LDAP server IP address. •...
Page 42 After conﬁguring, select Modify to modify the conﬁgured LDAP server. The user can also delete the conﬁgured LDAP server by clicking Delete. Wireless Web Interface User’s Manual...
Page 43: Chapter 8: Discovery
Chapter 8: Discovery 8.1 IP discovery 8.1.1 Enable and disable IP discovery Click WLAN Conﬁguration->Discovery->L3/IP Discovery, select Enable, and then click Submit. This enables the L3 discovery. If the check box is not selected, the L3 discovery will be disabled. 8.1.2 Add IP of L3/IP discovery Type the IP address in the Destination IP Address box, and then click Add to add it into the discovery list.
Page 44: Add Vlan Of L2/Vlan Discovery
8.2.2 Add VLAN of L2/VLAN discovery Type the VLAN in the VLAN text box, and then click Add to add it into the discovery list. 8.2.3 Delete VLAN from L2 VLAN discovery list Select the VLAN that needs to be deleted, and then click Delete. The VLAN will be deleted. Wireless Web Interface User’s Manual...
Page 45: Chapter 9: Provisioning
Chapter 9: Provisioning Click WLAN Conﬁguration->Provisioning to open the Provisioning page, which will conﬁgure the AP and the Link2000ACS. 9.1 AP provisioning AP Provisioning conﬁgures the AP for provisioning through the Link2000ACS Access Control Switch. It will provision an AP that was added into the cluster, and also provision an AP that is not added to the cluster (AP reprovisioning).
Page 46: Ac Provisioning
9.2 AC provisioning AC Provisioning adds the Link2000ACS into the cluster. This Link2000ACS needs to obtain the certiﬁcates of all ACs in the cluster. Every Link2000ACS in the cluster needs to obtain the certiﬁcate of that AC. Any Link2000ACS in the cluster can achieve the certiﬁcate transit among the Link2000ACSs.
Page 47: Mutual Authentication
9.3 Mutual authentication Mutual Authentication can be enabled to avoid the risk of an unknown device joining the cluster. This function allows only devices with a certiﬁcate to pass authentication and join the cluster by issuing the X.509 certiﬁcate. Example: 1.
Page 48: Chapter 10: Provisioning Over Nat
Chapter 10: Provisioning over NAT The icXchange solution can be deployed over a NAT environment. NAT (Network Address Translation or Network Address Translator) ® is the translation of an Internet Protocol address used within one network to a different IP address known within another network. This allows users to utilize the icXchange access point products in remote ofﬁce environments for enterprise deployments, and in multi-client ®...
Page 49: Nat Provisioning Configuration
10.1 NAT provisioning conﬁguration Both the icXchange APs and the Link2000ACS access controller must be conﬁgured to complete the NAT conﬁguration. ® 10.1.1 NAT ports The Link2000ACS and associated access points use TCP ports 57776-57779 to communicate over NAT. Set a policy on your NAT ﬁrewalls, gateways, and/or routers to open TCP ports 57776-57779 to all associated icXchange devices on the local and remote networks.
Page 50: Link2000Acs Access Controller Nat Configuration
10.2 Link2000ACS access controller NAT conﬁguration 10.2.1 NAT ports The Link2000ACS and associated access points use TCP ports 57776-57779 to communicate over NAT. Set a policy on your NAT ﬁrewalls, gateways and/or routers to open TCP ports 57776-57779 to all associated icXchange devices on the local and remote networks.
Page 51 3. Enter the AP’s MAC address, for example, f8-f7-d3-00-03-60 and click Add. Click OK. 4. Select Provisioning from the left navigation bar to check the AP Provisioning status. A static route may need to be created for the trafﬁc to flow correctly across the NAT setup. Click Wired Conﬁguration > Route Conﬁguration>...
Page 52: Chapter 11: Wids Security
Chapter 11: WIDS security Click WLAN Conﬁguration->WIDS Security to open the WIDS Security page, which includes three modules: WIDS AP Conﬁguration, WIDS Client Conﬁguration, and Known Client. Every module occupies one rectangular box , and they can be used to conﬁgure the WIDS AP conﬁguration, WIDS client conﬁguration, and black and white list.
Page 53: Wids Ap Configuration
11.1 WIDS AP conﬁguration Click WLAN Conﬁguration->WIDS Security->WIDS AP Conﬁguration to select Enable or Disable for each item option, as shown in the following ﬁgure: • Administrator conﬁgured rogue AP – enables the rogue AP detection conﬁgured by the administrator. •...
Page 54: Wids Client Configuration
• Rogue Detected Trap Interval (seconds) – default value is 300s. • AP De-Authentication Attack – enables or disables the rogue AP mitigation function. • AP De-Authentication Attack Lifetime (seconds) – conﬁgures the AP de-authentication attack lifetime; default value is 600s 11.2 WIDS client conﬁguration Click WLAN Conﬁguration->WIDS Security->WIDS Client Conﬁguration to conﬁgure.
Page 55: Known Client
• Conﬁgured De-Authentication Requests Rate Test – enables or disables the de-authentication requests frame flood attacks detection. • Maximum Authentication Failures Test – enables or disables detection of the maximum failed authentications. • Rogue Detected Trap Interval – identiﬁes the periodic rate that the AC sends a trap to detect rogue clients in the network. •...
Page 56: Black/White List Configuration
11.3.2 Black/white list conﬁguration Go to the black/white list conﬁguration section under the Known Client module to type the client MAC, Description, and Authentication Action, and then click Add. • MAC – client MAC. • Description – client description information. •...
Page 57: Chapter 12: Captive Portal
Chapter 12: Captive portal Click WLAN Conﬁguration->Captive Portal to open the Captive Portal Conﬁguration page. The parameters of portal access authentication can be conﬁgured. 12.1 Global conﬁguration Select the Enable check box to enable the captive portal function globally. Clear the check box to disable this function. This function includes the captive portal function on the Link2000ACS and AP.
Page 58: Captive Portal Authentication Type
12.2 Captive portal authentication type Captive Portal Authentication Type includes an external and internal portal. Select Internal Portal or External Portal to choose the captive portal authentication type. 12.3 Portal server conﬁguration Portal Server Conﬁguration will add or delete the portal Server Name, IP Address, Port, and Server Key. •...
Page 59: Free Resource Configuration
3. Click Modify to the right of the portal server of wlan_portal to modify the IP Address, Port, and Server Key. Note: The Server Name cannot be modiﬁed. 12.4 Free resource conﬁguration The Free Resource Conﬁguration is a walled garden function used to access the free resource in the Captive Portal module. Conﬁguring this rule allows a speciﬁc client to access the speciﬁc network resource without portal authentication.
Page 60: Mac Portal Configuration
3. Click Modify to the right of the Free Resource ID to modify the source IP/Mask Length and the Destination IP/Mask Length. Note: The Free Resource ID cannot be modiﬁed. 12.5 MAC portal conﬁguration The MAC Portal function is used for special users in the network. The administrator can conﬁgure some users to let them connect to the network without portal authentiction.
Page 61: Portal Instance Configuration
12.6 Portal instance conﬁguration • Instance ID – conﬁgures the Captive Portal ID; ranges from 1 to 10. The system supports 10 CP conﬁgurations at most. • Instance Name – appoint a CP name. • Protocol Mode – the protocol mode that the CP supports. It includes HTTP and HTTPS.
Page 62 • Max Receive Bytes – conﬁgures the max bytes that the user allows to be received. The default value is 0, which means that there is no byte limit. • Max Total Bytes – conﬁgures the max bytes that the user allows to be sent and received. The default value is 0, which means that there is no byte limit.
Page 63: Chapter 13: Configuration Push
Chapter 13: Conﬁguration push Click WLAN Conﬁguration->WLAN Advanced Conﬁguration->Conﬁguration Push to open the Conﬁguration Push page, which includes two modules: Conﬁguration Push and Conﬁguration Push Option. The user can select the other Link2000ACSs in the cluster, conﬁgure each of the options to be pushed, and conﬁgure to push. 13.1 Conﬁguration push Conﬁguration Push displays the IP address of the Link2000ACSs in the cluster.
Page 64 After opening the Conﬁguration Push Option, select Enable or Disable for each option. Click Submit, and the conﬁguration will be saved. Wireless Web Interface User’s Manual...
Page 65: Chapter 14: Ap Image Upgrade
Chapter 14: AP image upgrade 14.1 AP manual upgrade conﬁguration In AP Manual Upgrade Conﬁguration, the controller loads an AP ﬁrmware version ﬁle directly to single or multiple APs to perform ﬁrmware updates. 1. Click The Table for AP Hardware Type Supported by Image Type link to determine the hardware type. Click Hide The Table for AP Hardware Type Supported by Image Type to hide this information on the screen.
Page 66 2. Click Add to start the AP image URL Conﬁguration. The following page will generate: Select an image type from the AP Image Type drop-down list. From the Server Type drop-down list, select FTP or TFTP. The following ﬁgure shows the FTP conﬁguration: Wireless Web Interface User’s Manual...
Page 67 The FTP username and password should be consistent. If the ﬁle is in the server root directory, it cannot be typed. If it is not in the root directory, the File Name should be entered. Click OK to complete this conﬁguration. The following ﬁgure shows the TFTP conﬁguration.
Page 68 • Group Size: the number of simultaneous FTP or TFTP threads to update in the batch. • Image Download Type: click the proper Image Download Type to upgrade the AP with the speciﬁc image type. The Image Download Type drop-down list includes none, 1–5, and all images. Image type will default to all images by clicking the Submit button. •...
Page 69 When the upgrade is complete, the following window will appear: Wireless Web Interface User’s Manual...
Page 70: Chapter 15: Load Balance
Chapter 15: Load balance Click WLAN Conﬁguration->Advanced Conﬁguration->Load Balance to open up the Load Balance Conﬁguration page to conﬁgure parameters. 15.1 Create template The Load Balance Template 1 is disabled by default, and it cannot be deleted. Click New to conﬁgure the new Load Balance Template. The new ID cannot be the same as the existing ID: The load balance includes Session and Trafﬁc.
Page 71: Ap Profile Associated Load Balance Template
15.2 AP proﬁle associated load balance template After creating the Load Balance Template, the template must be added to the AP proﬁle in AP Group Management, and the conﬁguration must be pushed to AP group by clicking the Apply link. After this procedure is complete, the template will be effective. Click WLAN Conﬁguration->AP Group Management to ﬁnd the group ID (AP proﬁle) to be bound to the load balance, and then click Modify.
Page 72: Chapter 16: Data Transfer
Chapter 16: Data transfer Click WLAN Conﬁguration->Advanced Conﬁguration->Data Transfer to conﬁgure the Centralized L2 Tunnel Conﬁguration. 16.1 Centralized L2 tunnel conﬁguration 16.1.1 VLAN conﬁg Add the data VLAN into the centralized tunnel through VLAN Conﬁg to achieve the centralized transfer. Example: Type 10 into the VLAN text box, and then click Add.
Page 73: Station Isolation Vlan
16.1.2 Station isolation VLAN The users under the Station Isolation VLAN will be isolated from each other. The station isolation VLAN must ﬁrst exist in the centralized VLAN, and then it can be created and added. From the Station Isolation VLAN drop-down list, select Add, Remove, or Delete All. •...
Page 74: Chapter 17: Time Limit Policy
Chapter 17: Time limit policy The Time Limit Policy conﬁgures the user on-line time, including Network Time Limit Conﬁguration and Radio Time Limit Conﬁguration. The network time limit conﬁguration is based on the network, and it limits clients’ access to the network by disabling VAP. The radio time limit conﬁguration is under the radio, and it limits clients’...
Page 75: Radio Time Limit Configuration
17.2 Radio time limit conﬁguration Select the AP Group ID from the drop-down list to conﬁgure the policy under this AP group. Select Radio ID from the drop-down list to choose the radio to be conﬁgured. The cyclical policy conﬁguration disables this radio and limits the network access in this time. When conﬁguring the UTC policy, the user can select Up or Down for the radio status, allowing the radio to be enabled or disabled.
Page 76: Chapter 18: Organization Unique Identifier (Oui)
Chapter 18: Organization unique identiﬁer (OUI) 18.1 Add OUI Click WLAN Conﬁguration->WLAN Advanced Conﬁguration->OUI to type the OUI Value (its format is xx-xx-xx). Type the OUI Description, and then click Add. 18.2 Delete OUI Click WLAN Conﬁguration->WLAN Advanced Conﬁguration->OUI. Select the OUI to be deleted, and click Delete. Wireless Web Interface User’s Manual...
Page 77: Chapter 19: Trap And Syslog
Chapter 19: Trap and syslog Click WLAN Conﬁguration->Advanced Conﬁguration->Trap and Syslog to open the Trap and Syslog Conﬁguration page for the SNMP trap and syslog conﬁguration. 19.1 SNMP traps Prior to enabling SNMP trap, conﬁgure the items in the SNMP management dialog box . On the Management->SNMP Conﬁguration->SNMP Management page, select Open for the SNMP Agent state, and then click Apply to enable the SNMP management on/off.
Page 78: Syslog Configuration
19.2 Syslog conﬁguration View the syslog information on the syslog server through the Syslog Conﬁguration. 19.2.1 Wireless syslog conﬁguration On the Wireless Syslog Conﬁguration page, select the available options from the drop-down menu to enable/disable the wireless syslog. After conﬁguring, click Submit to save the conﬁguration. Users can view the conﬁgured wireless syslog on the syslog server. 19.2.2 Captive portal syslog conﬁguration On the Captive Portal Syslog Conﬁguration page, select to enable or disable each option of the captive portal syslog.
Page 79: Chapter 20: Monitor
Chapter 20: Monitor Click Monitor to view and monitor the AC, AP, Wireless Client, and RF Scan. 20.1 AC Click Monitor->Link2000ACS to open the Link2000ACS Monitor page to monitor the cluster and status/statistics. Wireless Web Interface User’s Manual...
Page 80: Cluster
20.1.1 Cluster Click Monitor->Link2000ACS to open the Link2000ACS Monitor page to view the cluster information including the Link2000ACS Operational Status, Cluster Controller, Basic Information, Global Statistics, Distributed Tunnel Statistics, TSPEC Status, and TSPEC Statistics. Wireless Web Interface User’s Manual...
Page 81 20.1.1.1 The Link2000ACS operational status Wireless Global Status/Statistics in the cluster includes the Link2000ACS Operational Status, IP Address, and Peer Switch Number. The IP address is the wireless IP address, as shown in the following ﬁgure: 20.1.1.2 Cluster controller • Cluster Controller – displays Yes or No. Yes indicates that the local Link2000ACS is the cluster controller; No indicates that it is not the cluster controller.
Page 82 20.1.1.4 Global Statistics The Global Statistics of the local Link2000ACS is shown as follows: 20.1.1.5 Distributed tunnel statistics The Distributed Tunnel Statistics of the local Link2000ACS is shown as follows: 20.1.1.6 TSPEC status The TSPEC Status of the Link2000ACS is shown as follows: 20.1.1.7 TSPEC Statistics The TSPEC Statistics of the Link2000ACS is shown as follows: Wireless Web Interface User’s Manual...
Page 83: Each Ac Status/Statistics
20.1.2 Each AC status/statistics Click Monitor->AC to open the Link2000ACS Monitor page. Scroll down to view Each AC Status/Statistics. Use the drop-down box to access clustered ACs. Infomation includes basic AC information, AC statistics, TSPEC status and TSPEC statistics. It can monitor the Link2000ACS status.
Page 84 20.1.2.2 Basic AC information Basic AC information includes Total AP Count, Managed AP, Discovered AP, Connection Failed AP, Maximum Managed AP, Total Clients, Cluster Priority, AP Image Download Mode, WLAN Utilization, etc. , as shown in the following ﬁgure: 20.1.2.3 AC statistics AC Statistics are shown as follows: 20.1.2.4 TSPEC Status The TSPEC Status is shown as follows:...
Page 85: Basic Ap Information
20.2 AP Click Monitor->AP to open the AP Monitor page to monitor the basic AP information, AP detail, and the failure AP list. The user can delete the failed managed AP. 20.2.1 Basic AP information Basic AP Information includes MAC Address (*)-Peer Managed, Location, IP Address, AP Group, Software Version, Status, Conﬁguration Status, and Age.
Page 86: Ap Detail
20.2.2 AP detail Click View Detail on the Monitor->AP page to view the AP detail that includes Managed AP Status, Radio Detail, Neighbor APs, Neighbor Clients, VAP, VAP TSPEC, and Distributed Tunneling Status. Click View Detail again, or click Cancel to exit the AP Detail page. 20.2.2.1 Managed AP status From the Managed AP MAC Address list select the MAC address and view the corresponding AP status detail.
Page 87 20.2.2.2 Radio detail Radio Detail includes Supported Channels, Channel, Authenticated Clients, Channel Bandwidth, Fixed Channel Indicator, Fixed Power Indicator, Manual Channel Adjustment Status, Manual Power Adjustment Status, WLAN Utilization (%), Total Neighbors, TSPEC Status, etc. Select either 1-off for Radio 1 or 2-802.11a/n for Radio 2 to monitor their status, as shown in the following ﬁgure (Radio 1 detailed): If a dual band radio is being monitored, Radio 2 detail is shown as follows: Wireless Web Interface User’s Manual...
Page 88 20.2.2.3 Neighbor APs APs can detect the surrounding RF in real time, including neighbor APs and neighbor clients. The neighbor APs’ information is shown as follows: • Neighbor AP MAC – detected AP MAC • SSID – SSID of AP network •...
Page 89: Failure Ap List
20.2.2.6 VAP TSPEC Select the VAP ID list to view the corresponding TSPEC status of VAP as shown in the following ﬁgure: 20.2.2.7 Distributed tunneling status Distributed Tunneling Status includes Clients using AP as home, Multicast Replications, Clients using AP as Associate, VLAN with Max Multicast Replications, and Distributed Tunnels (including Home AP terminal and Association AP terminal).
Page 90: Wireless Client
20.3 Wireless client Click Monitor->Wireless Client to conﬁgure the associated and detected clients’ information. 20.3.1 Associated client list The associated client list displays the information of the associated clients including: • MAC Address – the client’s MAC address (the MAC address with asterisk is the address of the associated client on the peer switch) •...
Page 91: Associated Client Detail
Click View Detail to view the associated clients’ details, which are shown in the following section. Click Disassociate to disassociate the current selected client. Click Disassociate All to disassociate all clients. Click Refresh to refresh the list. Example: Select the client to be disassociated, click Disassociate, and then click Refresh. This client will be disassociated. Note: The disassociated client may become associated again automatically.
Page 92: Detected Client List
20.3.2.2 Associated client’s QoS status If the client is associated with the conﬁgured QoS network, the client’s QoS status can be viewed as follows: 20.3.2.3 Associated client’s neighbor AP status The Associated Client’s Neighbor AP is the neighbor AP that the client scanned including the associated AP. This client only scanned the AP associated with itself but did not scan the other AP: 20.3.3 Detected client list The Detected Client List includes the client associated with AP and the scanned client.
Page 93: Detected Client Detail
20.3.4 Detected client detail Click View Detail to view the detected client detail. 20.3.4.1 Detected client status Select the client in the MAC Address drop-down list to view Detected Client Status. If this client is rogue, click Acknowledge to clear this client. 20.3.4.2 WIDS client’s rogue classiﬁcation For the selected clients, WIDS Client’s Rogue Classiﬁcation can display the rogue classiﬁcation status of this client, as shown in the following ﬁgure:...
Page 94 • Test Description – detail WIDS client’s rogue classiﬁcation. • Condition Detected – false indicates that this item does not meet the rogue detection condition; true indicates that this rogue detection is founded and it is the rogue client. • Reporting MAC Address – indicates the AP that reports the information. If the MAC address is all 0s, no AP reports the client’s test item.
Page 95: Rf Scan
20.4 RF scan Click Monitor->RF Scan to open the RF Scan page. It includes AP RF scan status and client dynamic blacklist. 20.4.1 AP RF scan status AP RF Scan Status shows all the APs’ scanned information: The AP RF scan status list describes all the APs’ statuses scanned in the wireless network. The AP monitors the RF environment including client and AP information.
Page 96 20.4.2.1 AP RF scan status Select the AP in the AP RF Scan Detail drop-down list to view detailed information. • MAC Address – the MAC address of the scanned AP • BSSID – the MAC address of the associated VAP •...
Page 97: Client Dynamic Blacklist
20.4.2.2 AP triangulation status AP Triangulation Status shows the neighbor AP information for the AP location. The location information includes three radios that are not in sentry mode and three radios that are in sentry mode. The AP triangulation status is as follows: 20.4.2.3 WIDS AP rogue classiﬁcation The scanned AP can determine if the AP is rogue AP through WIDS.
Page 98: Chapter 21: Management
Chapter 21: Management 21.1 Basic conﬁguration Click Management->Switch Basic Conﬁguration to conﬁgure Login user conﬁguration, Login user authentication method conﬁguration, Login user security IP management, and Basic Conﬁguration. Users can also Save the current running-conﬁguration, set the AC to factory default and warm reboot the AC with or without saving the current conﬁguration. 21.1.1 Login user conﬁguration Click Management->Switch basic conﬁguration->Login user conﬁguration to add or delete the user information.
Page 99: Login User Authentication Method Configuration
21.1.2 Login user authentication method conﬁguration Click Management->Switch Basic Conﬁguration->Login user authentication method conﬁguration to conﬁgure the VTY (the login methods of Telnet and SSH), Web, Console methods and the login user authentication method and priority. The Login methods include Console, VTY (including Telnet and SSH),and Web. The Authentication method must be Local, Radius, or Tacacs.
Page 100: Login User Security Ip Management
21.1.3 Login user security IP management Click Management->Switch Basic Conﬁguration->Login User Security IP Management to conﬁgure the security IP address used by Telnet and HTTP methods. Prior to conﬁguring the security IP address, the IP addresses for logging into the switch is not limited. After conﬁguring, only a user originating from a security IP address can log in to the switch for conﬁguration.
Page 101: Save Current Running-Configuration
2. Conﬁgure exec timeout. Example: Type the Timeout (Minute) as 6 and the Timeout (Second) as 6, and then click Apply to conﬁgure a six minute and six second timeout for exec commands. 3. Switch name conﬁguration. Example: Type the Switch Name as Switch, and click Apply to conﬁgure a switch name. •...
Page 102: Snmp Configuration
2. Save current conﬁguration before reboot? – select Yes or No. Click Apply. 3. Reboot with the default conﬁguration – click Apply to clear all the current conﬁgurations in the switch and restart the switch to factory default. 21.2 SNMP conﬁguration Click Management->SNMP Conﬁguration to conﬁgure the SNMP function.
Page 103 21.2.1.1 Users Click Management->SNMP Conﬁguration->SNMP Authentication->Users to add or delete SNMPv3 users. • SNMP username – the username; range is from 1 to 32 characters • SNMP group – the group name that the user belongs to; range is from 1 to 32 characters •...
Page 104 21.2.1.2 Groups Click Management->SNMP Conﬁguration->SNMP Authentication->Groups to add or delete SNMPv3 groups. • SNMP group – the user group name of SNMP; range is from 1 to 32 characters • Security level – the security level of the group: noAuthNoPriv is no authentication and no privacy; AuthNoPriv is authentication but no privacy;...
Page 105 21.2.1.3 Views Click Management->SNMP Conﬁguration->SNMP Authentication->Views to add or delete SNMPv3 views. • SNMP view – conﬁgures the view (community) name; range is from 1 to 32 characters • OID – the OID or the corresponding node name; range is from 1 to 255 characters •...
Page 106: Snmp Management
21.2.2 SNMP management Click Management->SNMP Conﬁguration->SNMP management to conﬁgure the SNMP Agent state, RMON state, Trap state, and Security IP state. Example: Select the SNMP Agent state as Open, the RMON state as Open, the Trap state as Open, and the Security IP state as Close. Click Apply.
Page 107: Configure Snmp Manager Security Ip
2. Trap manager conﬁguration Click Management->SNMP Conﬁguration->community managers to conﬁgure the community string and the IP address that receives the SNMP trap message. • Trap receiver – the IP address that receives the trap message • Community string (1 to 255 characters) – used to receive the trap message •...
Page 108: Snmp Statistics
21.2.5 SNMP Statistics Click Management->SNMP Conﬁguration->SNMP Statistics to display the SNMP statistics. 21.3 SSH management Secure Shell (SSH) connections use a trusted SSL certiﬁcate for user logon to the web GUI interfaces. Browsers, such as Internet Explorer ® Firefox , Safari and Chrome , come preinstalled with a predetermined set of root certiﬁcates.
Page 109: Switch On-Off Ssh
Click Management->SSH management to conﬁgure the SSH function. Note: Enable the SSH prior to conﬁguring. Select Switch on-off SSH as Open, and then click Apply. 21.3.1 Switch on-off SSH Click Management->SSH management->Switch on-off SSH to open or close the SSH function. 21.3.2 SSH management Click Management->SSH management->SSH management to conﬁgure SSH timeout management and SSH reauthentication management and to create SSH RSA key.
Page 110: Firmware Update
SSH timeout management – conﬁgures SSH timeout management; the range is from 10 to 600 seconds, and the default value is 180 seconds. SSH reauthentication management – conﬁgures SSH reauthentication management; the range is from 1 to 10, and the default value is 3. SSH RSA key –...
Page 111 1. TFTP service includes: • TFTP client service – conﬁgures the TFTP client • TFTP server service – conﬁgures the TFTP server 2. FTP service includes: • FTP client service – conﬁgures the FTP client • FTP server service – conﬁgures the FTP server Wireless Web Interface User’s Manual...
Page 112: Tftp Client Service
21.4.1 TFTP client service Click Manage->Firmware update->TFTP service->TFTP client service to open the conﬁguration page: • Server IP address – the IP address of the TFTP server • Local ﬁle name – destination ﬁle name; the range is from 1 to 100 characters •...
Page 113: Tftp Server Service
21.4.2 TFTP server service Click Manage->Firmware update->TFTP service->TFTP server service to open the conﬁguration page. • TFTP server state – the server state; includes Open and Close • TFTP timeout – the timeout • TFTP retransmit times – the times of retransmission •...
Page 114: Ftp Client Service
21.4.3 FTP client service Click Manage->ﬁrmware update->FTP service->FTP client service to open the conﬁguration page. • Server IP address – the IP address of the FTPserver • User name – the user name; range is from 1 to 100 characters •...
Page 115: Ftp Server Service
21.4.4 FTP server service Click Manage->Firmware update->FTP service->FTP server service to open the conﬁguration page. It includes the FTP server service and FTP user name, as well as password setting. The glossary in FTP server service is below: • FTP server state – the server state, which includes Open and Close •...
Page 116: Telnet Server Configuration
21.5 Telnet server conﬁguration Click Management->Telnet server conﬁguration to conﬁgure Telnet server state and Max number of telnet access connections. 21.5.1 Telnet server state Click Management->Telnet server conﬁguration->Telnet server state to conﬁgure. Example: Select the Telnet server state as Open, and then click Apply to start the Telnet server. 21.5.2 Max numbers of telnet access connection Click Management->Telnet server conﬁguration->Max Numbers of Telnet access connection to conﬁgure.
Page 117: Maintenance And Debugging Command
21.6 Maintenance and debugging command Click Management-> Maintenance and debugging command to open the conﬁguration page. The content includes: • Debug command – the connection status of the tested switch • show clock – the current time • show CPU usage – the CPU usage information under the current running status •...
Page 118: Debug Command
21.6.1 Debug command Click Management->Maintenance And Debugging Command->Debug Command to open the Conﬁguration page and conﬁgure basic host conﬁguration, PING, and traceroute. 1. Basic conﬁguration – conﬁgures the mapping between the switch and the IP address. Example: Type the Host name as AC and the IP address as 192.168.1.1. Select Operation Add and then click Apply. 2.
Page 119: Others
3. Traceroute The entries are as follows: • IP address – the destination IP address • Host name – name of the host • Hops – maximum number of hops • Timeout – packet timeout 21.6.2 Others The other conﬁgurations in the Maintenance and Debugging Command are simpler. Users can click the conﬁguration tab to retrieve the corresponding information (they will not be listed one by one).
Page 120 4. Show the flash ﬁle as follows: Wireless Web Interface User’s Manual...
Page 121: Regulatory And Compliance
This product does not contain any user serviceable components. Any unauthorized product changes or modiﬁcations will invalidate ICC’s warranty and all applicable regulatory certiﬁcations and approvals. Only antennas speciﬁed for your region by ICC can be used with this product. The use of external ampliﬁers or non-ICC antennas may invalidate regulatory certiﬁcations and approvals.
Page 122 US Government Printing Ofﬁce, Washington, DC 20402. Stock No. 004-000-0034504. ICC is not responsible for any radio or television interference caused by unauthorized modiﬁcation of the devices included with this ICC Wireless 11b/g PoE Access Point, Model icXchange , or the substitution or attachment of connecting cables and equipment other than ®...
Page 123 Safety compliance notice This device has been tested and certiﬁed according to the following safety standards and is intended for use only in information technology equipment, which has been tested to these or other equivalent standards: • EN60950-1 • IEC 60950-1 •...
Page 124: Warranty
® ICC warrants that for a period of two (2) years from the invoice date on the authorized ICC distributor’s invoice that the Software supplied by ICC will perform substantially in accordance with the speciﬁcations set forth in the icXchange user guide accompanying the Product.
Page 125 International Business Machines Corporation. All other trademarks are property of their respective owners. Test results and examples are subject to unique business conditions, client IT environment, ICC products deployed, and other factors. These results may not be typical; your results may vary.

This manual is also suitable for:

Link1000acs Link2000acs

ICC Link Series Web User Manual

Chapter 1: Introduction to Web Page Configuration

Chapter 2: Dashboard

Chapter 3: Fast Configuration

Chapter 4: System Configuration

Chapter 5: Networks

Chapter 6: AP Group Management

Chapter 7: Security Authentication

Chapter 8: Discovery

Chapter 9: Provisioning

Chapter 10: Provisioning over NAT

Chapter 11: WIDS Security

Chapter 12: Captive Portal

Chapter 13: Configuration Push

Chapter 14: AP Image Upgrade

Chapter 15: Load Balance

Chapter 16: Data Transfer

Chapter 17: Time Limit Policy

Chapter 18: Organization Unique Identifier (OUI)

Chapter 19: Trap and Syslog

Chapter 20: Monitor

Chapter 21: Management

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ICC Link Series

Summary of Contents for ICC Link Series

This manual is also suitable for:

Table of Contents