The information contained herein is subject to change without notice. This document is for informational purposes only and does not set forth any warranty,
expressed or implied, concerning any equipment, equipment feature, or service offered by Edgecore Networks Corporation. Edgecore Networks Corporation
shall not be liable for technical or editorial errors or omissions contained herein.
User Manual Enterprise Access Point Table of Content Edgecore Enterprise Access Point Quick Deployment ......................3 Log in to the AP ................................3 General Information Configuration ..........................5 Connect the AP to the Network ..........................6 Navigating the Web Management Interface ........................11 System ....................................
Page 3
User Manual Enterprise Access Point Upload Certificate ..............................57 Background Scan ............................... 58 Discovery Utility ................................ 59 Network Utilities ............................... 60 Status ....................................61 Overview ................................... 61 Interfaces................................... 63 Associated Clients ..............................64 DHCP Lease ................................65 Link Status ................................. 65 Event Log ...................................
User Manual Enterprise Access Point 1. Edgecore Enterprise Access Point Quick Deployment To set up The AP for the first time, administrators need to perform initial configuration to assign an IP address and other information necessary for the AP to communicate with the local gateways and for the AP to allow Wi-Fi devices to connect to the wired network.
Page 5
User Manual Enterprise Access Point 3. System Overview page of the WMI will appear after login. 4. Change the administrator’s password for security reasons Click on the Utilities icon on the main menu, and select the Change Password tab. Enter the New Password and retype it in the Re-enter New Password field.
User Manual Enterprise Access Point General Information onfiguration Go to System General page (Home > System > General) to configure general information for the AP. 1. System Information: Enter appropriate system related information (Name, Description, and Location), by which administrators will be able to identify the AP in the network. 2.
User Manual Enterprise Access Point onnect the AP to the Network The following instructions are the basic steps to establish the wireless coverage of your network. The AP will connect to the wired network through its LAN port and enable wireless access to your network. 1.
Page 8
User Manual Enterprise Access Point Virtual Access Point (VAP): VAP feature allows a single physical AP device (with a unique, single BSSID) to present itself as multiple discrete APs, as shown in the example diagram below; Each VAP can be independently enabled or disabled, with its own settings (e.g. SSID, Network Mode, VLAN ID, Security, etc.), such that the AP is able to support different clients through multiple SSIDs.
Page 9
User Manual Enterprise Access Point Select the specific VAP profile (in this case, “RF Card A: VAP-1”). The basic settings of the VAP are collected in the profile as follows: VAP: Disable or Enable this VAP. Profile Name: Name of the VAP profile for identity / management purposes. ESSID: Extended Service Set Identifier (ESSID) serves as an identifier for clients to associate with the specific VAP.
Page 10
User Manual Enterprise Access Point NAT mode: the VAP operates like a Network Address Translation (NAT) device with a built-in DHCP server on this SSID such that client devices will be assigned a dynamic IP address from the configured DHCP pool on this SSID. After NAT conversion, the source IP address of client traffic seen by the uplink gateway/switch will be the IP address of the AP (in this case, 192.168.1.10, as shown in the diagram below).
Page 11
User Manual Enterprise Access Point 3. Configure General Wireless Settings Under Home > Wireless > General, there are global settings for RF Card A and B. RF Card A is operating in 2.4 GHz band and RF Card B is operating in 5 GHz band, both of which are enabled by default. For initial configuration, you might want to change the default basic settings shown below: RF Card A: 2.4 GHZ, 802.11g+802.11n, Antenna Mode 2T2R, Channel Width 40 MHz, Channel 6 RF Card B: 5 GHz, 802.11ac, Antenna Mode 2T2R, Channel Width 80 MHz, Channel 36...
User Manual Enterprise Access Point 2. Navigating the Web Management Interface The APs have a web-based interface for configuration and management. This chapter will guide users through the AP’s detailed settings. The AP can be set as AP mode or CPE mode, and the two modes will have different Menu for each other.
User Manual Enterprise Access Point 3. System Upon clicking the System icon, administrators can utilize this section for general configurations of the General System Information Name: The system name used to identify this system. Description: Further information about the system (e.g. device model, firmware version, and active date).
Page 14
User Manual Enterprise Access Point Manually set up: Set the system clock manually. This is the default method and requires setup every time when the system starts up. Simply choose a time zone, enter the date and the time accordingly, and click SAVE. Click APPLY after an alert message “*Some modifications have been saved and will take effect after APPLY.”...
User Manual Enterprise Access Point Network Interface On this page, the network settings of the device can be configured; fields with a red asterisk (i.e. IP Address, Netmask, Default Gateway, and Primary DNS Server) are mandatory. Mode – Static: The administrator can manually set up the static LAN IP address. All required fields are marked with a red asterisk.
Page 16
User Manual Enterprise Access Point LLDP: LLDP (Link Layer Discovery Protocol) is an IEEE standard protocol (IEEE 802.1ab) that defines messages, encapsulated in Ethernet frames for the purpose of giving devices a means of announcing basic device information to other devices on the LAN (Local Area Network) through periodic retransmissions out every (TxInterval * TxHold) seconds.
User Manual Enterprise Access Point Port Port: Select one Port for further configuration. VLAN ID: Enable selected implies that network traffic sent upstream from this LAN port will be tagged with the VLAN ID configured in the field below. Disable selected implies that traffic from this LAN port will not be tagged with a VLAN ID.
User Manual Enterprise Access Point DHCP Server When one VAP is enabled to operate in NAT mode, associated client devices will be assigned a dynamic DHCP IP address from the configured DHCP pool on the SSID. The NAT and DHCP mode can be executed without tunnel or managed by Edgecore WLAN controller with split tunnel.
User Manual Enterprise Access Point Management VLAN for Management: When this is enabled, management traffic from the system will be tagged with a VLAN ID. In other words, administrators who need to access the WMI must send management traffic with the same VLAN ID such as connecting to a specific VAP with the same VLAN ID. Enter a value between 1 and 4094 for the VLAN ID if the option is enabled.
User Manual Enterprise Access Point CAPWAP CAPWAP is a standard interoperable protocol that enables a controller to manage a collection of wireless access points. There are 5 methods of auto AP discovery, namely DNS SRV, DHCP option, Broadcast, Multicast, and Static. CAPWAP: Enable or Disable the CAPWAP feature.
User Manual Enterprise Access Point To Managed by WLAN Controller with Complete Tunnel Complete Tunnel uses the CAPWAP protocol to communicate with an Access Point so that all management traffic, authentication traffic and data traffic from the service area AP provided are transmitted back to the Controller, before forwarding data traffic to the internet.
Page 22
User Manual Enterprise Access Point 4. On AP: to check the AP WMI showing Data Channel is “Active” with the VAP tunnel status in “Green” light on the System Overview page 5. On AP: to reconfirm the specific VAP Configuration is under Complete Tunnel...
User Manual Enterprise Access Point To Managed by WLAN Controller with Complete Tunnel For Split tunnel, only user authentication related traffic will be directed back to the controller. For authenticated users, data traffic will go to the Internet through the local network directly. The user data can be transmitted with a shorter path and the network load of the controller can also be reduced.
Page 24
User Manual Enterprise Access Point 5. On AP: to reconfirm the specific VAP Configuration is under Split Tunnel...
User Manual Enterprise Access Point IPv6 IPv6 and IPv4 dual stack addressing capability is supported. Status: IPv6 by default is disabled but it can be enabled on this tab page. Mode: There are two options for acquiring an IPv6 address for this device. Static: Configuring IPv6 address manually via this option if you have already acquired a permanent IPv6 address for operation.
User Manual Enterprise Access Point iBeacon iBeacon is a technology, introduced by Apple in 2013, enabling new location awareness services. When properly configured, the AP becomes an iBeacon-compatible hardware transmitter which broadcasts information to nearby devices via Bluetooth Low Energy (BLE; a wireless connectivity technology). The UUID, Major and Minor are the identifying parameters used to make up the key component of the iBeacon "Advertising Packets"...
User Manual Enterprise Access Point RTLS To implement a Wi-Fi based location solution, customers can enable this feature to integrate the AP with the dedicated Linkyfi (Edgecore technology partner) server of Real Time Location System (RTLS), which is part of Linkyfi Location Engine - an advanced software solution for indoor location and real-time navigation in all types of venues.
User Manual Enterprise Access Point 4. Wireless This section includes the following functions: VAP Overview, General, VAP Configuration, Security, Repeater, Advanced, Access Control and Hotspot 2.0. The Edgecore Access Point supports up to sixteen Virtual Access Points (VAPs) per RF card. Each VAP can have its own settings (e.g. ESSID, VLAN ID, security settings, etc.).
Page 29
User Manual Enterprise Access Point State: The hyperlink showing Enable or Disable links to the VAP Configuration page. VAP – State Page Security Type: The hyperlink showing the security type links to the Security Settings Page. VAP – Security Type Page MAC ACL: The hyperlink showing Allow or Disable links to the Access Control Settings Page.
Page 30
User Manual Enterprise Access Point Hotspot 2.0: The advanced settings hyperlink links to the Hotspot 2.0 Page. VAP – Hotspot 2.0 Page...
User Manual Enterprise Access Point General AP’s system general wireless settings can be configured Antenna Option (OAP100 Only): The device comprises four antennas, two for 2.4GHz and two for 5GHz. There are two options for different services. Hotspot: Use for hotspot purposes. Two 2.4GHz adopt omni antennas, used to providing services for clients;...
Page 32
User Manual Enterprise Access Point Select the number of spatial streams for the RF card – select 1T1R for one spatial Antenna Mode: Select 1T1R for one spatial stream or 2T2R for two spatial streams. Channel Width : Double (available when Band is 802.11g+802.11n or 802.11a+802.11n or 802.11ac) channel bandwidth to 40 MHz or 80 MHz to enhance throughput.
Page 33
User Manual Enterprise Access Point Idle Timeout (s): Client disconnects when inactivity reaches the configured amount of time in seconds, where default = 300s. Band Steering: When enabled, clients with 5GHz connectivity will be steered towards the 5GHz band to reduce congestion in the 2.4GHz band.
User Manual Enterprise Access Point VAP Config This section provides configuration of each Virtual Access Point with settings such as Profile Name, ESSID, and VLAN ID. To enable specific VAP, select the VAP from the drop-down list of Profile Name. VAP: Disable or Enable this VAP.
Page 35
User Manual Enterprise Access Point Network Mode – mode: the VAP operates like a Network Address Translation (NAT) device with a built-in DHCP server on this SSID such that client devices will be assigned a dynamic IP address from the configured DHCP pool on this SSID.
User Manual Enterprise Access Point Security The AP supports various wireless authentication and data encryption methods in each VAP profile. With this, the administrator can provide different service levels to clients. The security type includes Open, WEP, WPA-Personal, WPA-Enterprise, and OSEN. Open: Authentication is not required and data is not encrypted during transmission.
Page 37
User Manual Enterprise Access Point WPA-Personal: WPA-Personal is a Pre-Shared Key (PSK) authentication method. 802.11r Roaming: Roaming is possible for clients within the same Mobility Domain on different APs with the same Encryption Key. Security Settings: WPA-Personal Cipher Suite: Select an encryption method from WPA2 or WPA2/WPA. Protected Management Frames: Select Disable, Optional or Mandatory.
Page 38
User Manual Enterprise Access Point WPA-Enterprise: When selected, the RADIUS authentication and data encryption will both be enabled. Security Settings: WPA-Enterprise Cipher Suite: Select an encryption method from WPA2 or WPA2/WPA. Protected Management Frames: Select Disable, Optional or Mandatory. Roaming Target AP List (when 802.11r is enabled ) Group Key Update Period: The time interval for the Group Key to be renewed;...
Page 39
User Manual Enterprise Access Point • Accounting Port: The port number used by the RADIUS server for accounting purposes. Specify a port number or use the default, 1813. • Accounting Interim Update Interval: The system will update accounting information to the RADIUS server every interval period.
User Manual Enterprise Access Point Repeater The AP is capable of utilizing WDS to extend wireless network coverage. It supports up to 8 WDS links to its peer APs per radio. Fill in remote peer’s MAC address and click SAVE to proceed. WDS: Enable or Disable the selected WDS Link profile.
User Manual Enterprise Access Point Advanced The administrator can adjust the following parameters to improve network communication performance if a poor connection occurs. RTS Threshold: Enter a value between 1 and 2346. RTS (Request to Send) Threshold determines the packet size at which the system issues a request to send (RTS) before sending the fragment to prevent the hidden node problem.
Page 42
User Manual Enterprise Access Point IAPP: IAPP (Inter Access Point Protocol) is a protocol by which access points share information about the stations connected to them. When this function is enabled, the system will automatically broadcast information of associated wireless stations to its peer access points. This will help wireless stations roam smoothly among IAPP-enabled access points in the same wireless LAN.
User Manual Enterprise Access Point Access Control On this page, the network administrator can restrict the total number of clients connected to the Access Point, as well as specify particular MAC addresses that can or cannot access the device. Maximum Number of Clients: The default policy is unlimited access without any authentication requirement.
Page 44
User Manual Enterprise Access Point Access Control Type – MAC ACL Deny List: When selecting MAC ACL Deny List, all client devices are granted access to the system except those listed in the Deny List (“denied MAC addresses”). The administrator can allow any denied MAC address to connect to the system temporarily by checking Disable.
User Manual Enterprise Access Point Hotspot 2.0 Hotspot 2.0 is also known as WiFi Certified Passpoint initiated by the WiFi Alliance to provide better bandwidth and services for public WiFi subscribers. Status: Enable or Disable Hotspot 2.0 Internet Access: Enable if this network provides access to the internet Access Network Type Private: Home and Enterprise Networks Private and Guest Access: Enterprises offering guest connectivity...
Page 46
User Manual Enterprise Access Point Network Authentication Type: The additional steps to acquire access for an unsecure network Acceptance of terms and conditions Online enrollment supported: may require user accounting HTTP/HTTPS redirection: the URL to which the browser is redirected is indicated DNS redirection: Note that the Hotspot 2.0 specification forbids network operators from supporting protocols that are not interoperable with DNSSEC.
User Manual Enterprise Access Point Site Survey (CPE mode only) The system is able to scan and display surrounding available access points (APs). The administrator can select an AP to be associated with the system on this page. Site Survey is a useful tool to provide information on the surrounding wireless environment; available APs are shown with their respective SSID, MAC Address, Channel, Rate setting, Signal reading and Security type.
User Manual Enterprise Access Point 5. Firewall The system provides an added security feature, Layer2 Firewall, in addition to the typical AP security. Layer2 Firewall offers a firewall function that is tailored specifically for Layer2 traffic, providing another choice of shield against possible security threats coming from/going to WLAN (AP interfaces); hence, besides firewall policies configured on gateways, this extra security feature will assist to mitigate possible security breach.
Page 49
User Manual Enterprise Access Point To delete a specific rule, Del in the Setting column of firewall list will lead to the following page for removal confirmation. After the SAVE button is clicked and system is rebooted, the rule will be removed. To edit a specific rule, Ed in the Setting column of the firewall list will lead to the following page for detail configuration.
Page 50
User Manual Enterprise Access Point Action: The rule can be chosen to be Block or Pass. Remark: Any note of this rule can be specified here. When the configuration for firewall rule is completed; please click SAVE and Reboot system to let the firewall rule take effect.
User Manual Enterprise Access Point Service The administrator can add or delete firewall services here; the services in this list will become options to choose in firewall rule (when EtherType is IPv4). The Access Point provides a list of rules to block or pass traffic of layer-3 or above protocols. These services are available to choose from a drop-down list of layer2 firewall rule edit page with Ether Type IPv4.
User Manual Enterprise Access Point Advanced At Firewall > Advanced, more advanced settings on firewall rules can be configured, providing extra security enhancement against DHCP and ARP traffic traversing the available interfaces of the system. Trust Interface: Each VAP interface can be checked individually to mark as trusted interfaces; security enforcements on DHCP/ARP like DHCP snooping and ARP inspection will be carried out on non-trusted interfaces.
User Manual Enterprise Access Point IP/Port Forwarding (CPE mode only) A certain part of the network can be exposed to the Internet in a limited and controlled way for special- purpose Internet services such as on-line game or video conferencing on this page. Please ensure that the internal port to be used is not occupied by other applications.
User Manual Enterprise Access Point DMZ (CPE mode only) The DMZ (Demilitarized Zone) allows one local computer or server (used as a DMZ host) to be exposed to the Internet for special-purpose Internet services such as functioning as a web server. External users can access the DMZ host without authentication.
User Manual Enterprise Access Point 6. Utilities The following utility features on this page allow the administrator to maintain the system: Change Password, Backup & Restore, System Upgrade, Reboot, Upload Certificate, Channel Analysis, Background Scan. Change Password To protect the Web Management Interface from unauthorized access, it is highly recommended to change the administrator’s password to a secure password.
User Manual Enterprise Access Point Backup & Restore This function is used to backup and restore the Access Point’s settings. The AP can also be restored to factory default using this function. It can be used to duplicate settings to other access points (backup settings of this system and then restore on another AP).
User Manual Enterprise Access Point System Upgrade There are two methods of firmware upgrade: via the WMI or via a TFTP server. The administrator can obtain the latest firmware from the Edgecore Support Team. To upgrade the firmware, click “Choose File”...
User Manual Enterprise Access Point Upload Certificate This function is used to configure a valid certificate for security validation required in CAPWAP. Upload Certificate: It provides flexibility to support customer’s own Certificate, Private Key, or Trusted Certificate for a means of security verification for CAPWAP or other security needs to ensure the authenticity of this AP to other network entities.
User Manual Enterprise Access Point Background Scan The Access Point is capable of doing background scanning without affecting service. This works in complement with Channel Analysis so administrators have a complete overview of the wireless environment. The Scan Whole Channel button triggers the AP to scan all channels in the configured band. Note that the Radio is only capable of scanning in its configured band.
User Manual Enterprise Access Point Discovery Utility The network administrators need to access or change some information without entering AP interface, such as forget the IP address of the AP, forget the admin’s password, or configure the IP address of the All they need to do is connect Edgecore AP within the same Layer 2 from the ports of the current system, and press the “Search”...
User Manual Enterprise Access Point Network Utilities Ping: It allows administrator to detect a device using IP address or Host domain name to see if it is alive or not. Trace Route: It allows administrator to recover the real path of packets from the gateway to a destination using IP address or Host domain name.
User Manual Enterprise Access Point 7. Status The following function tabs present the current condition and state of the system: Overview, Interfaces, Associated Clients, DHCP Lease, Link Status, Event Log, Wireless Log, and Monitor. Overview The System Overview page provides an overview of the system status for the administrator. Clicking Plot button (OAP100 only) shows the plot of Direction/Inclination.
Page 63
User Manual Enterprise Access Point Clicking Plot button shows the real time plot of CPU/RAM usage. Left click and drag the mouse to zoom in the desired regions. Double click on the graph to return the plot to its original scale.:...
User Manual Enterprise Access Point Interfaces Traffic information is available per interface. Recorded data includes Packets In, Packets Out, Traffic In (kb), and Traffic Out (kb). A real time plot is also available for each interface, whose time axis is configurable with the following options: 1 minute, 2 minutes, 5 minutes, or 10 minutes.
User Manual Enterprise Access Point Associated Clients The administrator can remotely oversee the status of all associated clients on this page. When a low SNR is found here, the administrator can tune the corresponding parameters or investigate the settings of associated clients to improve network communication performance.
User Manual Enterprise Access Point DHCP Lease When any VAP operates in NAT mode, DHCP Lease information will be displayed in this table. Link Status The administrator can review detailed information of the repeater function at Status > Link Status. Information of WDS status, traffic statistics, encryption and other details are provided.
User Manual Enterprise Access Point Event Log The Event Log provides a record of system event. Administrators can monitor the system status by checking this log. Internal storage is limited so it is recommended to back up all logs via an external Syslog Server.
User Manual Enterprise Access Point Wireless Log This Wireless Log keeps track of client association and WDS connection related activities. Administrators can monitor the system status by checking this log. Internal storage is limited so it is recommended to back up all logs via an external Syslog Server. Each entry in the Wireless Log represents an event record;...
User Manual Enterprise Access Point Monitor Multiple monitor charts provide a quick overview on the AP’s performance in time dimension. Begin and End time for each chart can be selected for filtering data. Left click on the mouse to zoom in on desired regions.
User Manual Enterprise Access Point UPnP (CPE mode only) The table provides information about the UPnP overview such as Protocol, Internal Port, External Port, and IP Address. IGD Portmap: No: The item number of an UPnP device. Protocol: The Protocol used by the UPnP device. Internal Port: The internal port number of the UPnP device.
User Manual Enterprise Access Point 8. Console Interface Via the console port, administrators are able to enter the console interface to reset the AP to its factory default settings. In order to connect to the console port of a The AP, a console cable, and a terminal simulation program (e.g.
User Manual Enterprise Access Point Remote Connection by SSH Interface The system supports access to the console interface via SSH. Typically SSH utilizes Port 22 and would require the WAN IP address for access. To reset the system to factory default through the console interface, Login as “reset2def” and enter “reset2def”...
Need help?
Do you have a question about the ECW5410-L and is the answer not in the manual?
Questions and answers