Page 2
* Neither the name of Allied Telesis, Inc. nor the names of the respective companies above may be used to endorse or promote products derived from this software without specific prior written permission.
Page 3
Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.
Contents Preface ....................................13 Safety Symbols Used in this Document ........................14 Contacting Allied Telesis ...............................15 Chapter 1: Getting Started ..............................17 Features ..................................18 Management Tools................................21 Web Browser................................21 Vista Manager EX and AWC Plug-in........................21 SNMPv1, SNMPv2c, and SNMPv3 ........................22 Starting the First Management Session ........................23 Connecting the Access Point to a Computer ......................23...
Page 6
TQ6000 GEN2 Access Points User’s Guide Cascade Mode ...............................72 Configuring the LAN2 Port .............................73 Displaying the Status of LAN Port ..........................75 Chapter 5: 2.4GHz and 5GHz Radios ..........................77 Configuring the Radios ..............................78 Configuring Basic Radio Settings ...........................78 Configuring Advanced Radio Settings........................81 Displaying Radio Status ..............................87 Dynamic Frequency Selection ............................90 Setting the Country Code Setting ..........................91...
Page 7
Contents Configuring MAC Access Control Settings ........................153 Configuring IEEE802.11u Integration of Wireless Services ..................155 Configuring Passpoint ..............................156 Chapter 8: Quality of Service ............................157 Introduction to Quality of Service ..........................158 Configuring QoS Basic Settings ..........................160 Configuring AP EDCA Parameters..........................161 Configuring Station EDCA Parameters ........................164 Chapter 9: Maintenance ..............................167 Downloading the Configuration of the Access Point to Your Computer ..............168 Restoring a Configuration to the Access Point ......................169...
The models included in this manual are: TQ6702 GEN2 TQm6702 GEN2 TQ6602 GEN2 TQm6602 GEN2 This preface contains the following sections: “Safety Symbols Used in this Document” on page 14 “Contacting Allied Telesis” on page 15 ...
TQ6000 GEN2 Access Points User’s Guide Safety Symbols Used in this Document This document uses the following conventions. Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Warranty - View a list of products to see if Allied Telesis warranty applies to the product you purchased and register your warranty. Allied Telesis Helpdesk - Contact a support representative.
Chapter 1 Getting Started Here are the sections in this chapter: “Features” on page 18 “Management Tools” on page 21 “Starting the First Management Session” on page 23 “Starting a Management Session” on page 26 “Management Windows” on page 28 ...
TQ6000 GEN2 Access Points User’s Guide Features Hardware features include: One 2.4GHz radio One 5GHz radio Internal omni-directional antennas Two 100/1000Mbps/2.5G/5G Ethernet ports with RJ-45 connectors Note The LAN2 port is not supported. PoE+ Class 4 powered device ...
Chapter 1: Getting Started Management Tools The access points support the following management tools. Web Browser The access point has a web browser management interface for configuring the device from your management workstations. The web browser interface allows you to manage one unit at a time and supports both non-secure HTTP and secure HTTPS management sessions.
TQ6000 GEN2 Access Points User’s Guide SNMPv1, You can use SNMPv1, SNMPv2c, and SNMPv3 to view the parameter settings of the access point. The MIB is available from Allied Telesis SNMPv2c, and website. For instructions on how to configure the access point for SNMP, SNMPv3 see “Configuring SNMPv1, SNMPv2, and SNMPv3”...
Chapter 1: Getting Started Starting the First Management Session After you install and power on the access point, it queries the subnet on the LAN1 port for a DHCP server. If a DHCP server responds to its query, the unit uses the IP address the server assigns to it. If there is no DHCP server, the access point uses the default IP address.
TQ6000 GEN2 Access Points User’s Guide Starting the First To start the management session with a direct Ethernet connection between your computer and the LAN1 port on the access point, perform Management the following procedure: Session with a Direct Note Connection If the access point uses PoE as a power source, you cannot perform this procedure because it requires a direct connection between your...
Chapter 1: Getting Started Starting the First This procedure explains how to start the first management session on the access point when the LAN port is connected to an Ethernet switch on a Management network that does not have a DHCP server. To start the management Session without a session, perform the following procedure: DHCP Server...
TQ6000 GEN2 Access Points User’s Guide Starting a Management Session This section explains how to start a management session on the access point from your management workstation, using a web browser. The procedure assumes that the access point has already been assigned an IP address, either manually or from a DHCP server.
Page 27
Chapter 1: Getting Started Note If you use HTTPS management, your web browser might display a warning message stating that the site certificate is invalid. If this occurs, select an appropriate option to continue to the web site. To avoid the message in future management sessions, make the web site a trusted site in your web browser.
TQ6000 GEN2 Access Points User’s Guide Management Windows This section has a brief overview of the management windows and menus. The main parts of the management windows are identified in Figure 2. Navigator Sub-menu Main Menu Content Figure 2. Sample Management Window Main Menu The main menu is displayed on the left side of the windows and consists of the following selections:...
Chapter 1: Getting Started If the main menu is not displayed, the window might be too small to display the menu and content together. To display the main menu, you can either enlarge the window or click the main menu button, shown in Figure 3. Clicking the main menu button displays the menu over the content window.
TQ6000 GEN2 Access Points User’s Guide Saving and Applying Your Changes You need to click the SAVE & APPLY button to save and activate your changes when you are finished configuring the parameters in a management window. The button is located in the bottom of the windows. When you click the button, the access point immediately activates your changes and saves them in its configuration file.
Chapter 1: Getting Started Ending Management Sessions You should always log off when you are finished managing the unit. To log off, select Account > Logout. Click OK at the confirmation prompt. For added security, close your web browser.
TQ6000 GEN2 Access Points User’s Guide What to Configure First Here are suggestions on what to configure during the first management session: 1. Set the country code. Refer to “Setting the Country Code Setting” on page 91. Note The country codes for units sold in North America, Japan, and Taiwan are preset and cannot be changed.
Chapter 2 Monitoring This chapter has the following procedures: “Displaying Basic System Information” on page 34 “Displaying VAP and LAN Port Statistics” on page 37 “Displaying the System Log” on page 39 “Displaying Neighbor AP” on page 41 ...
TQ6000 GEN2 Access Points User’s Guide Displaying Basic System Information To display basic information about the access point, such as its firmware version number and MAC address, perform the following procedure: 1. Select Monitoring > Status from the main menu. 2.
Page 35
Chapter 2: Monitoring Table 2. System Window (Continued) Item Name Description System Time Displays the date and time. To set the date and time, refer to “Manually Setting the Date and Time” on page 53 or “Setting the Date and Time with the Network Time Protocol (NTP)”...
Page 36
TQ6000 GEN2 Access Points User’s Guide Table 2. System Window (Continued) Item Name Description DNS Server Displays the current DNS server address. Refer to “Assigning a Dynamic IP Address from a DHCP Server” on page 44 or “Assigning a Static IPv4 Address to the Access Point”...
Chapter 2: Monitoring Displaying VAP and LAN Port Statistics To view VAP and LAN port status and statistics, select Monitoring > Statistics window. See Figure 5. Figure 5. Statistics Window The columns are defined in Table 3 on page 38.
TQ6000 GEN2 Access Points User’s Guide Table 3. Statistics Window Column Description Interface Displays the LAN port and VAPs 0 to 15 on Radio1 and Radio2. Status Displays the status (up or down) of the interface. Packets Received Displays the total number of packets received on the interface.
Chapter 2: Monitoring Displaying the System Log You can monitor the operations of the access point by viewing the messages in its system log. The events and the vital information about system activity help you identify and solve system problems. The messages are divided into the eight severity levels listed in Table 4: Table 4.
Chapter 2: Monitoring Displaying Neighbor AP To view information about all access points on the channels that the access point detects, select Monitoring > Neighbor AP from the main menu. Refer to Figure 7. Figure 7. Neighbor AP Window The columns are defined in Table 5. Table 5.
TQ6000 GEN2 Access Points User’s Guide Displaying Associated Clients To view the active wireless clients on the VAPs of the access point, select Monitoring > Associated Clients from the main menu. Refer to Figure 8. Figure 8. Associated Client Window The columns are defined in Table 6.
Chapter 3 System Settings This chapter contains the following procedures: “Assigning a Dynamic IP Address from a DHCP Server” on page 44 “Assigning a Static IPv4 Address to the Access Point” on page 47 “Setting the Date and Time with the Network Time Protocol (NTP)” on ...
TQ6000 GEN2 Access Points User’s Guide Assigning a Dynamic IP Address from a DHCP Server This section explains how to activate the DHCP client so that the access point receives its IP address from a DHCP server on your network. The unit uses the address to communicate with devices on your network, such as management workstations, syslog servers, and RADIUS servers.
Chapter 3: System Settings 4. Configure the fields by referring to Table 7. Table 7. Network DHCP Window Parameter Description Hostname Enter a hostname for the access point. Here are the guidelines: - The hostname can be from 1 to 63 alphanumeric characters.
Page 46
TQ6000 GEN2 Access Points User’s Guide Table 7. Network DHCP Window (Continued) Parameter Description Virtual IP Address Assigns a virtual IP address for Captive Portal. for Captive Portal Wireless clients use the virtual address instead of the device’s actual IP address to log on to captive portals.
Chapter 3: System Settings Assigning a Static IPv4 Address to the Access Point This section explains how to manually assign an IP address to the access point. The unit uses the address to communicate with devices on your network, such as management workstations, syslog servers, and RADIUS servers.
TQ6000 GEN2 Access Points User’s Guide 4. Configure the field values by referring to Table 8. Table 8. Network Static IP Selection Window Item Name Description Host Name Enter a host name for the access point. Here are the guidelines: - The host name can be from 1 to 63 alphanumeric characters.
Page 49
Chapter 3: System Settings Table 8. Network Static IP Selection Window (Continued) Item Name Description Virtual IP Assigns a virtual IP address to the wireless access Address for point. Wireless clients use the virtual address instead of Captive Portal the device’s actual IP address to log on to captive portals.
TQ6000 GEN2 Access Points User’s Guide Setting the Date and Time with the Network Time Protocol (NTP) The access point has a Network Time Protocol (NTP) client for setting its date and time from an Simple Network Time Protocol (SNTP) server on your network or the Internet.
Chapter 3: System Settings 4. Configure the fields by referring to Table 9. Table 9. Time Window - NTP Option Item Name Description Select Network time protocol (NTP) to Set System Time synchronize the date and time of the product with the NTP server.
TQ6000 GEN2 Access Points User’s Guide Table 9. Time Window - NTP Option (Continued) Item Name Description NTP Server Specify the SNTP server using one of the following methods: - IP address (example, 12.34.56.78) - Fully qualified domain name (FQDN) (example, ntp.mydomain.com) Here are the guidelines: - You can specify only one server.
(Jan 1 00: 00: 00 2018) when the device is reset or powered off. Note Allied Telesis recommends using an SNTP server to set the date and time. For instructions, refer to “Setting the Date and Time with the Network Time Protocol (NTP)” on page 50.
TQ6000 GEN2 Access Points User’s Guide 3. Configure the parameters by referring to Table 10. Table 10. Time Window - Manually Option Field Description Select Manually. This is the default. Set System Time Current System Displays the current date and time settings. Time (24 HR) Click the AUTO button to set the date and time on the access point according to your...
HTTP management is non-secure, meaning the packets exchanged between the access point and your workstation are sent in clear text, leaving them vulnerable to snooping. For this reason, Allied Telesis recommends using HTTPS to manage the access point. To configure the above functions, perform the following procedure: 1.
TQ6000 GEN2 Access Points User’s Guide 3. Configure the fields by referring to Table 11. Table 11. Web Window Field Description Maximum Sessions Specify the maximum number of active management sessions the access point will support at one time. Here are the guidelines: - The range is 1 to 10 sessions.
Chapter 3: System Settings Configuring SNMPv1, SNMPv2, and SNMPv3 You can use SNMP to view the settings and client statistics on the access point, and receive traps. Here are the guidelines: You cannot use SNMP to change the settings on the access point. ...
TQ6000 GEN2 Access Points User’s Guide Figure 16. SNMP Window - SNMP Enabled 4. Configure the parameters by referring to Table 12. Table 12. SNMP Window Field Description Status Use this option to activate or deactivate the SNMP agent on the access point. The options are explained here: - Enabled: Select this option to activate the SNMP agent and trap settings.
Page 59
Chapter 3: System Settings Table 12. SNMP Window (Continued) Field Description Read-Only Specifies the community name. Community Name (SNMPv1 and SNMPv2c only) Port Specify the port number for SNMP. The range is 1 to 65535. The default is 161. Restrict the Source Restricts the use of SNMP to specific subnets of SNMP Requests or individual workstations.
Page 60
TQ6000 GEN2 Access Points User’s Guide Table 12. SNMP Window (Continued) Field Description Only allow from the Specify management workstations permitted designated hosts to use SNMP to view the device. This or subnets parameter applies only to SNMPv1 and SNMPv2c. (Only when the Here are guidelines: Restrict the source...
TQ6000 GEN2 Access Points User’s Guide Sending Log Messages to a Syslog Server To configure the access point to send the log messages to a syslog server on your network, perform the following procedure: 1. Select Settings > System from the main menu. 2.
Page 63
Chapter 3: System Settings Table 13. Log Window for Syslog Client (Continued) Field Description Log Relay Select one of the following: - Enabled: Activates the syslog client to transmit the event messages to your syslog server. - Disabled: Deactivates the syslog client to stop the access point from transmitting event messages.
TQ6000 GEN2 Access Points User’s Guide Enabling or Disabling the LEDs The access point has an Eco Mode. When activated, it turns off the LEDs on the top panel. You might activate the mode when you are not using the LEDS to monitor or troubleshoot the device.
Chapter 3: System Settings Configuring PoE Negotiation with Link Layer Discovery Protocol (LLDP) This feature is applicable when the access point is powered by Power over Ethernet (PoE) and the LAN1 port is connected to a network device that supports LLDP Media Endpoint Devices (LLDP-MED). LLDP and LLDP-MED allow Ethernet network devices to receive and/or transmit device-related information from/to directly connected devices on the network that are also using the protocols, and to store the information...
TQ6000 GEN2 Access Points User’s Guide Figure 19. LLDP Window 3. Select one of the following from the PoE Negotiation: Enabled: Enables PoE negotiation. The access point transmits the Extended Power Management TLV on the LAN1 port. Disabled: Disables PoE negotiation. This is the default setting. ...
Chapter 3: System Settings Enabling or Disabling the Reset Button This section explains how to enable or disable the Reset button on the rear panel of the access point. You use the Reset button to restore the default settings to the device. If the unit is installed in a non-secure area, you might disable the button to prevent unauthorized individuals from pressing it and disrupting the operations of your wireless network.
Chapter 4 LAN Port This chapter describes the following procedures: “Enabling the Management VLAN Tag” on page 70 “Displaying the Status of LAN Port” on page 75 ...
TQ6000 GEN2 Access Points User’s Guide Enabling the Management VLAN Tag You can enable or disable Management VLAN Tag on the LAN Settings window. Guidelines for Here are the guidelines to enabling the management VLAN Tag: Management When the management VLAN is disabled, the default setting, the ...
Chapter 4: LAN Port Configuring the LAN2 Port The access point has two Ethernet ports, labeled LAN1 and LAN2. You use the ports to connect the wireless access point to your wired network. Here are their basic properties: The default setting for LAN1 port is enabled. You cannot disable it. ...
TQ6000 GEN2 Access Points User’s Guide Note Do not enable and cable the LAN2 port until you have configured the other network device for the static LAG. Cascade Mode The LAN2 port has a Cascade mode. The mode allows you to use the port to connect another device to your network.
Chapter 4: LAN Port Configuring the To configure the LAN2 port, perform the following procedure: LAN2 Port 1. Select Settings > LAN from the main menu. See Figure 25 on page Figure 25. LAN Settings Window - LAN2 Port Configuration The window has two sections.
Page 74
TQ6000 GEN2 Access Points User’s Guide 3. Click the SAVE & APPLY button to save and update your configuration. If you enabled the Static LAG mode, the access point automatically combines LAN1 and LAN2 ports into a static LAG. Configure the ports on the other network device as a static LAG and connect LAN1 and LAN2 ports to it.
Chapter 4: LAN Port Displaying the Status of LAN Port To display the status of LAN port, perform the following procedure: 1. Select Monitoring > Status from the main menu. 2. Select LAN1 or LAN2 from the sub-menu. See Figure 26. Figure 26.
Page 76
TQ6000 GEN2 Access Points User’s Guide Table 15. Status of LAN1 or LAN2 Window (Continued) Item Name Description Duplex Mode Displays the duplex mode of the port, as follows: - Full: Full-duplex. - Half: Half-duplex. PoE Mode Displays the PoE mode.
Chapter 5 2.4GHz and 5GHz Radios This chapter has the following procedures: “Configuring the Radios” on page 78 “Displaying Radio Status” on page 87 “Dynamic Frequency Selection” on page 90 “Setting the Country Code Setting” on page 91 ...
TQ6000 GEN2 Access Poinst User’s Guide Configuring the Radios The radio settings are divided into two groups: “Configuring Basic Radio Settings” next “Configuring Advanced Radio Settings” on page 81 Configuring To configure the basic settings for Radio1 or Radio2, perform the following procedure: Basic Radio Settings...
Chapter 5: 2.4GHz and 5GHz Radios Table 16. Basic Radio Settings Window Field Description Country Select the country code that applies to your country or region. The country code ensures that the device operates in compliance with the codes and regulations of your region or country.
Page 80
TQ6000 GEN2 Access Poinst User’s Guide Table 16. Basic Radio Settings Window (Continued) Field Description Mode Select the communications protocol for Radio2 from (Radio2) the pull-down menu. The selections are listed here: - IEEE 802.11a: The access point accepts 802.11a clients.
Chapter 5: 2.4GHz and 5GHz Radios Table 16. Basic Radio Settings Window (Continued) Field Description Bandwidth Select the bandwidth for Radio2 from the pull-down (Radio2) menu. The available bandwidths for IEEE 802.11n/ac/ax are listed here: - 20 MHz. This is the default setting. - 40 MHz - 80 MHz - 80+80 MHz...
TQ6000 GEN2 Access Poinst User’s Guide Figure 28. Advanced Radio Settings Window 4. Configure the parameters by referring to Table 17. Table 17. Advanced Radio Settings Window Field Description Maximum Clients Use this option to specify the maximum number of wireless clients that a radio will support at one time.
Page 83
Chapter 5: 2.4GHz and 5GHz Radios Table 17. Advanced Radio Settings Window (Continued) Field Description Client Isolation Enable or disable Client Isolation. When the feature is enabled, the access point does not allow wireless clients in the same VAP to communicate with each other.
Page 84
TQ6000 GEN2 Access Poinst User’s Guide Table 17. Advanced Radio Settings Window (Continued) Field Description Multicast Tx Rate Select the maximum amount of multicast packets the radio can transmit per second. The default values are listed here: - 2.4GHz Radio1: 11Mbps - 5GHz Radio2: 6Mbps Airtime Fairness Airtime Fairness equalizes airtime among VAPs.
Page 85
Chapter 5: 2.4GHz and 5GHz Radios Table 17. Advanced Radio Settings Window (Continued) Field Description MU-MIMO Multi-user, Multiple Input, Multiple Output (MU-MIMO) helps increase the number of simultaneous users a single access point can support. The options are: - Disabled: MU-MIMO is disabled. This is the default setting.
Page 86
TQ6000 GEN2 Access Poinst User’s Guide Table 17. Advanced Radio Settings Window (Continued) Field Description Off-channel CAC Off-channel CAC is a mandate for a 5GHz radio to detect radar systems, stop transmitting, and (Radio 2 only) switch to another channel to avoid interfering with the radar systems.
Chapter 5: 2.4GHz and 5GHz Radios Displaying Radio Status To display operational information about a radio, perform the following procedure: 1. Select Monitoring > Status from the main menu. 2. Select Radio1 or Radio2 from the sub-menu. You can view only one radio at a time.
TQ6000 GEN2 Access Poinst User’s Guide Note The radio status window for Radio2 includes a DFS (Dynamic Frequency Selection) field. For information, see “Dynamic Frequency Selection” on page 90. The fields are defined in Table 18. Table 18. Radio Status Window Field Description MAC Address...
Page 89
Chapter 5: 2.4GHz and 5GHz Radios Table 18. Radio Status Window (Continued) Field Description Displays the status of DFS (Dynamic Frequency Selection). For background information, refer to (Radio2 only) “Dynamic Frequency Selection” on page 90. The possible states are listed here: - IDLE: DFS is inactive because the radio is using a W52 or W58 channel.
TQ6000 GEN2 Access Poinst User’s Guide Dynamic Frequency Selection Dynamic frequency selection (DFS) is an industry standard that defines how wireless access points are to respond to the presence of radar signals on 5GHz channels. The standard states that a wireless access point that detects radar signals on its current 5GHz channel has to stop transmitting and select another channel to avoid interfering with the signals.
Chapter 5: 2.4GHz and 5GHz Radios Setting the Country Code Setting Note You cannot change the country code on units sold in North America, Japan, Canada, or Taiwan. You should set the country code setting of the access point as soon as you install the unit so that it operates in compliance with the codes and regulations of your region or country.
Chapter 6 Wireless Distribution System Bridges This chapter contains the procedures for managing Wireless Distribution Bridges. The chapter contains the following sections: “Introduction to Wireless Distribution Bridges” on page 94 “WDS Bridge Elements” on page 97 “Guidelines” on page 99 ...
TQ6000 GEN2 Access Poinst User’s Guide Introduction to Wireless Distribution Bridges A wireless distribution system (WDS) bridge is a wireless connection between access points that allows units to forward traffic directly to each other over a wireless connection, as if they were connected with a physical Ethernet wire.
Chapter 6: Wireless Distribution System Bridges Additionally, because the access points have to use the same channel, you have to select the channel manually, instead of using the default auto channel setting. In the example in Figure 32, the parent and children are using Radio2 and channel 40 for the WDS bridge.
TQ6000 GEN2 Access Poinst User’s Guide Child 3 Child 2 Radio1 Radio2 Radio2 Channel 10 Channel 40 Channel 40 Child 1 Child 4 Child 5 Parent Parent To Wired Access Point A Network Access Point B Figure 33. Example of an Access Point as Both Parent and Child Note Only one parent should be connected to the wired network.
Chapter 6: Wireless Distribution System Bridges WDS Bridge Elements This section describes the various elements of a WDS bridge. Radio You can use Radio1 or Radio2 for a WDS bridge. Here are the guidelines: The access points must all use the same radio for a bridge. ...
TQ6000 GEN2 Access Poinst User’s Guide Note You cannot use WPA Enterprise on VAP0 of a WDS bridge. Dynamic Dynamic frequency selection (DFS) is an industry standard that defines how wireless access points are to respond to the presence of radar Frequency signals on 5GHz channels.
An access point can be a parent in one bridge and a child in another. The WDS bridge feature on these access points is not compatible with the same feature on other products from Allied Telesis or other companies.
for the bridges. The security level can be none or WPA Personal. Allied Telesis recommends using WPA Personal security. The settings must be the same on all the access points of a WDS bridge. To prepare an access point for a WDS bridge, perform the following procedure: 1.
Page 101
Chapter 6: Wireless Distribution System Bridges 9. Click the SAVE & APPLY button to save and update the configuration, or click the View QR code button to view the QR code. Note The access point disables VAPs 1 to 15 on the same radio. 10.
Chapter 7 Virtual Access Points This chapter contains the procedures for managing virtual access points (VAPs). The chapter contains the following sections: “VAP Introduction” on page 104 “Configuring Basic VAP Parameters” on page 105 “Generating a Quick Response (QR) Code for a VAP” on page 108 ...
“Configuring VAP Security” on page 110 VAP Guidelines Here are guidelines to configuring VAP: Each radio can have up to eight VAPs. Allied Telesis recommends no more than five VAPs per radio for best performance. The VAPs are numbered from 0 to 15.
Chapter 7: Virtual Access Points Configuring Basic VAP Parameters To configure basic VAP settings, perform the following procedure: 1. Select Settings > VAP / Security from the main menu. 2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1. You can configure only one radio at a time.
TQ6000 GEN2 Access Points User’s Guide Table 19. Virtual Access Point Tab Field Description Status Enable or disable the VAP. Here are the guidelines. - A disabled VAP does not forward any ingress or egress traffic. - The default setting for VAP0 is enabled. - The default setting for VAP1 to VAP15 is disabled.
Page 107
Chapter 7: Virtual Access Points Table 19. Virtual Access Point Tab (Continued) Field Description VLAN ID Enter a VID for the VAP. Here are the guidelines: - The range is 1 to 4094. - The default is VID 1. - A VAP can have only one VID. - You can assign the same VID to more than one VAP.
TQ6000 GEN2 Access Points User’s Guide Generating a Quick Response (QR) Code for a VAP You can generate a QR code for an individual VAP on the access point. Wireless clients can scan the QR code to join the VAP on the access point without having to manually enter the information.
TQ6000 GEN2 Access Points User’s Guide Configuring VAP Security The procedures for configuring VAP security is provided in the following sections: “No Security” on page 110 “Static WEP” on page 111 “WPA Personal (Pre-Shared Key)” on page 113 ...
Chapter 7: Virtual Access Points Figure 36. None Selection in the VAP Security Tab 6. Click the SAVE & APPLY button to save and update the configuration, or configure other VAPs and save the configurations at once later. Static WEP To configure a VAP for Static WEP security, perform the following procedure: Note...
Chapter 7: Virtual Access Points Table 20. Static WEP Security Tab (Continued) Field Description Key Length Select a key length. The options are: - 128 bits. This is the default setting. - 64 bits Key Type Seelect a key type: The options are: - Hex: Enter keys in hexadecimalnumbers.
TQ6000 GEN2 Access Points User’s Guide Note You can configure multiple VAPs without saving each VAP configuration page. You can save multiple VAP configurations all at once by clicking the SAVE & APPLY button. 4. Select the Security tab. 5. Select WPA Personal from the Mode pull-down menu. See Figure 38 on page 114.
Page 115
Chapter 7: Virtual Access Points Table 21. WPA Personal Security Tab (Continued) Field Description WPA Version Select the WPA version. The options are listed here: - WPA and WPA2: Select this option if the VAP has both WPA and WPA2 clients. - WPA2: Select this option if clients support WPA2 only.
TQ6000 GEN2 Access Points User’s Guide Table 21. WPA Personal Security Tab (Continued) Field Description IEEE802.11w Control IEEE 802.11w management frame (MFP) protection. The options are available only when the WPA version is WPA2. - Disabled: Disable Management frame protection. This is the default.
Chapter 7: Virtual Access Points Figure 39. WPA Enterprise Security Tab 6. Configure the parameters by referring to Table 22. Table 22. WPA Enterprise Security Tab Field Description Mode Select WPA Enterprise.
Page 118
TQ6000 GEN2 Access Points User’s Guide Table 22. WPA Enterprise Security Tab (Continued) Field Description WPA Version Select the WPA version for the VPA. The options are listed: - WPA and WPA2 - Select this option if the VAP has both WPA and WPA2 clients.
Page 119
Chapter 7: Virtual Access Points Table 22. WPA Enterprise Security Tab (Continued) Field Description Pre- Pre-authentication can speed up authentication authentication process for roaming clients . The access point forwards pre-authentication information from wireless clients to the next access points as they associate with different access points.
Page 120
TQ6000 GEN2 Access Points User’s Guide Table 22. WPA Enterprise Security Tab (Continued) Field Description Secondary Enter the IPv4 address of a secondary RADIUS server. RADIUS This field is optional. The access point sends Server IP authentication requests to this address if the primary RADIUS server does not respond to requests.
Chapter 7: Virtual Access Points Configuring MAC Access Control The access point has the MAC Access Control feature to add security to VAPs by authenticating the MAC addresses of wireless clients. The access point forwards traffic from only approved addresses. You have the following options for MAC Access Control: “Disabling MAC Access Control”...
TQ6000 GEN2 Access Points User’s Guide 5. Select Disabled from the MAC Access Control pull-down menu. See Figure 40 on page 121. This is the default setting. 6. Click the SAVE & APPLY button to save and update the configuration, or configure other VAPs and save the configurations at once later.
Chapter 7: Virtual Access Points Note You can configure multiple VAPs without saving each VAP configuration page. You can save multiple VAP configurations all at once by clicking the SAVE & APPLY button. 4. Select the MAC Access Control tab. See Figure 40 on page 121. 5.
Page 124
TQ6000 GEN2 Access Points User’s Guide Table 23. MAC Address List + External RADIUS Window (Continued) Field Description Primary RADIUS Enter the shared secret key for the primary RADIUS Server Key server. Here are the guidelines: - The key can be up to 128 alphanumeric characters.
Chapter 7: Virtual Access Points Table 23. MAC Address List + External RADIUS Window (Continued) Field Description User-Password Specify the password for the MAC addresses. The Format Format choices are listed here: - User Name: The MAC addresses are used as the password.
TQ6000 GEN2 Access Points User’s Guide Note You can configure multiple VAPs without saving each VAP configuration page. You can save multiple VAP configurations all at once by clicking the SAVE & APPLY button. 4. Select the MAC Access Control tab. See Figure 40 on page 121. 5.
Chapter 7: Virtual Access Points Authenticating This section contains the procedure for authenticating wireless clients on VAPs with the access point's on-board MAC address list. The list consists Using MAC of the MAC addresses of wireless clients that the access point is to accept Address List or reject on the VAPs.
TQ6000 GEN2 Access Points User’s Guide 6. Click the SAVE & APPLY button to save and update the configuration, or configure other VAPs and save the configurations at once later. 7. Or click VIEW QR CODE to generate a QR code. Application Application Proxy authenticates wireless clients using the AMF Application Proxy in the AMF Security controller.
Chapter 7: Virtual Access Points Configuring Captive Portal Captive Portal is a a web page that wireless clients view before their access is granted. Captive Portal pages usually identify the owners of the wireless networks or require wireless clients to agree to the terms of use. Captive Portal pages can require wireless clients to login, require information such as their email addresses, prior to allowing access to the networks.
TQ6000 GEN2 Access Points User’s Guide No Captive Portal To disable Captive Portal, perform the following procedure: 1. Select Settings > VAP / Security from the main menu. 2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1. You can configure only one radio at a time.
Chapter 7: Virtual Access Points When you want to display one web page with a Agree button to wireless client without authenticating wireless clients, perform the following Authentication procedure: and Web Page Stored in the 1. Select Settings > VAP / Security from the main menu. Access Point 2.
TQ6000 GEN2 Access Points User’s Guide Figure 45. Capital Portal Window - Click-Through 7. Configure the parameters described in Table 24. Table 24. Captive Portal - Click-Through Field Description Authentication Enable or disable Authentication Page Proxy on the Page Proxy Captive Portal: - Enabled: The access point uses other web server’s authentication page via proxy with Captive Portal.
Page 133
Chapter 7: Virtual Access Points Table 24. Captive Portal - Click-Through (Continued) Field Description Agreement Enter Conditions of Use or other information to Message display the introductory web page. The text can include HTML formatting and display codes. This field is available only when Authentication Page Proxy is disabled.
TQ6000 GEN2 Access Points User’s Guide Table 24. Captive Portal - Click-Through (Continued) Field Description Walled Garden Enter the URLs of up to fifty approved HTTP web sites that wireless clients can access through the captive portals on the access point, without having to log on.
Chapter 7: Virtual Access Points Figure 46. Capital Portal - Click-Through and Authentication Page Proxy 7. Specify the URL of your Page Proxy Server in the Base URL field. 8. Configure the rest of parameters by referring Table 24 on page 132. 9.
TQ6000 GEN2 Access Points User’s Guide Note You can configure multiple VAPs without saving each VAP configuration page. You can save multiple VAP configurations all at once by clicking the SAVE & APPLY button. 4. Select the Captive Portal tab. 5.
Chapter 7: Virtual Access Points Table 25. Captive Portal - External Page Redirect Field Description External Page URL Enter a URL that is directed to wireless clients when they access to the access point. Redirect Type (after Select the action to occur after the clients click user is the Agree button.
TQ6000 GEN2 Access Points User’s Guide Table 25. Captive Portal - External Page Redirect (Continued) Field Description RADIUS Port Enter the RADIUS port number of the RADIUS server. If you entered IP addresses for both primary and secondary servers, the units must be using the same port number.
Chapter 7: Virtual Access Points Note You can configure multiple VAPs without saving each VAP configuration page. You can save multiple VAP configurations all at once by clicking the SAVE & APPLY button. 4. Select the Captive Portal tab. 5. Select External RADIUS from the Captive Portal pull-down menu. See Figure 48 on page 139.
TQ6000 GEN2 Access Points User’s Guide Table 26. Captive Portal - External RADIUS and Proxy Field Description Authentication page Proxy See Table 24 on page 132. Base URL Redirect Type (after user is authenticated) Primary RADIUS Server IP Primary RADIUS Server Key Secondary See Table 25 on page 137.
Chapter 7: Virtual Access Points 3. Select a VAP to configure from the next sub-menu. The default is VAP0. Note You can configure multiple VAPs without saving each VAP configuration page. You can save multiple VAP configurations all at once by clicking the SAVE & APPLY button. 4.
TQ6000 GEN2 Access Points User’s Guide Table 27. Captive Portal - External RADIUS and Proxy Field Description Authentication See Table 24 on page 132. page Proxy Redirect Type (after user is authenticated) Primary RADIUS Server IP Primary RADIUS Server Key Secondary See Table 25 on page 137.
Chapter 7: Virtual Access Points Requirements for the click_through_login.html and click_through_login_fail.html Here is a list of requirements: You must include a <form> element with the method attribute specified to “post” and no action attribute. In the <form> element, you must include a <button> tag or an ...
TQ6000 GEN2 Access Points User’s Guide Requirements for the radius_login.html and radius_login_fail.html Here is a list of requirements: You must include a <form> element with the method attribute specified to “post” and no action attribute. In the <form> element, you must include an <input> tag with the ...
Chapter 7: Virtual Access Points Port Numbers The following port numbers are used with the IP address of the access point: 8080 for HTTP http://[access point’s IP address]:8080/ auth?redirect=[wireless client’s originally requested URL] 8443 for HTTPS http://[access point’s IPv4 address]:8443/ auth?redirect=[wireless client’s originally requested URL]...
TQ6000 GEN2 Access Points User’s Guide Viewing Fast Roaming The access point supports IEEE802.11k/v/r for high-speed roaming wireless clients. Guidelines for Here are the guidelines: Fast Roaming You cannot configure Fast Roaming on the access point. Configuring the settings requires Vista Manager EX and AWC. When the Security is set to WPA Personal or WPA Enterprise, you ...
Chapter 7: Virtual Access Points Figure 52. Fast Roaming Window 5. View the parameter values by referring to Table 28. Note When the Security is set to WPA Enterprise or WPA Personal, you can view the Fast Roaming settings, but cannot change them. Configuring the settings requires Vista Manager EX and AWC.
TQ6000 GEN2 Access Points User’s Guide Table 28. Fast Roaming IEEE802.11r (Continued) Field Description Mobility Domain Shows the domain name of the access point that provides Fast Roaming. Here are the guidelines: - The name consists of 4 alphanumeric characters. - The key is not case-sensitive.
Chapter 7: Virtual Access Points Viewing To view whether Fast Roaming IEEE802.11v is enabled or disabled, perform the following procedure: IEEE802.11v WNM Status Note You cannot enable or disable Fast Roaming on the access point. Enabling or disabling requires Vista Manager EX and AWC. 1.
TQ6000 GEN2 Access Points User’s Guide Configuring Advanced Settings To configure advanced VAP settings, perform the following procedure: 1. Select Settings > VAP / Security from the main menu. 2. Select Radio1 or Radio2 from the sub-menu. The default is Radio1. You can configure only one radio at a time.
Chapter 7: Virtual Access Points Table 29. VAP Advanced Field Description Inactivity Timer Not supported. The value is always 300 seconds. Duplicate AUTH Controls how the access point responds when it Received receives authentication requests from wireless clients that has been already authenticated. Note To use this feature, the IEEE802.11w (MFP) field must be set to “Disabled.”...
Page 152
TQ6000 GEN2 Access Points User’s Guide Table 29. VAP Advanced (Continued) Field Description Proxy ARP Proxy ARP allows the access point to respond to Address Resolution Protocol (ARP) queries for the target IP address that is not on that network. The options are: - Enabled: Proxy ARP is enabled.
Chapter 7: Virtual Access Points Configuring MAC Access Control Settings This section explains how to add security to VAPs by having the access point authenticate the MAC addresses of wireless clients. It forwards wireless traffic from only approved addresses. The device can authenticate MAC addresses with its on-board MAC address filter, an external RADIUS server, or both.
Page 154
TQ6000 GEN2 Access Points User’s Guide This is the default setting. Allow: Select this option to have the access point accept association requests from the wireless clients whose MAC addresses you enter in the filter, and to reject association requests from all other clients.
Chapter 8 Quality of Service This chapter describes the following procedures: “Introduction to Quality of Service” on page 158 “Configuring QoS Basic Settings” on page 160 “Configuring AP EDCA Parameters” on page 161 “Configuring Station EDCA Parameters” on page 164 ...
TQ6000 GEN2 Access Points User’s Guide Introduction to Quality of Service Each radio in the access point has four QoS egress queues and four ingress queues. There are parameters that control the manner in which the device stores and handles packets in the queues. You should not adjust these values unless you are familiar with QoS.
Chapter 8: Quality of Service Configuring AP EDCA Parameters Table 31 defines the AP EDCA parameters in the QoS window in Figure 55 on page 159. Table 31. QoS Window - AP EDCA Parameters Parameter Description Data Type (Queue) Lists the four egress queues: - Data 0 (Voice): High priority queue, with low latency and guaranteed bandwidth.
Page 162
TQ6000 GEN2 Access Points User’s Guide Table 31. QoS Window - AP EDCA Parameters (Continued) Parameter Description cwMin (Minimum Enter a value (in milliseconds) to be the lower Contention limit of the range from which the access point Window) determines the initial random back-off wait time.for resending packets during transmission conflicts.
Page 163
Chapter 8: Quality of Service Table 31. QoS Window - AP EDCA Parameters (Continued) Parameter Description Max. Burst Specifies the maximum burst length (in seconds) for packet bursts on the wireless network. A packet burst is a collection of multiple frames transmitted without header information.
TQ6000 GEN2 Access Points User’s Guide Configuring Station EDCA Parameters Table 32 defines the Station EDCA parameters in the QoS window in Figure 55 on page 159. Table 32. QoS Window - Station EDCA Parameters Parameter Description Data Type (Queue) Specifies the four ingress queues: - Data 0 (Voice) - High priority queue, with minimum delay.
Page 165
Chapter 8: Quality of Service Table 32. QoS Window - Station EDCA Parameters (Continued) Parameter Description cwMin (Minimum Enter a value (in milliseconds) to be the lower Contention limit of the range from which the station Window) determines the initial random back-off wait time.for resending packets during transmission conflicts.
Page 166
TQ6000 GEN2 Access Points User’s Guide Table 32. QoS Window - Station EDCA Parameters (Continued) Parameter Description TXOP Limit Select the Transmission Opportunity (TXOP) limit. It defines the time intervals that a WME client has the right to initiate transmission to the access point.
Chapter 9 Maintenance This chapter has the following procedures: “Downloading the Configuration of the Access Point to Your Computer” on page 168 “Restoring a Configuration to the Access Point” on page 169 “Restoring the Default Settings to the Access Point” on page 170 ...
TQ6000 GEN2 Access Points User’s Guide Downloading the Configuration of the Access Point to Your Computer This procedure explains how to download the configuration of the access point as a file to your computer. You might perform this procedure to maintain a history of the configurations of the unit so that you can easily restore a configuration, if needed.
Chapter 9: Maintenance Restoring a Configuration to the Access Point This procedure explains how to restore a configuration to the access point. You might perform this procedure to restore a previous configuration to the device, to configure a replacement unit, or to configure multiple access points with the same configuration.
TQ6000 GEN2 Access Points User’s Guide Restoring the Default Settings to the Access Point This procedure explains how to restore the default settings on the access point. Review the following information before performing the procedure: The manager name and password are reset to “manager” and ...
Please review the following information before performing the procedure: The procedure assumes you have already obtained the new image file from the Allied Telesis web site and stored it on your computer or network server. The configuration settings of the access point are retained when a ...
TQ6000 GEN2 Access Points User’s Guide Figure 57. Upgrade Window The version number of the current firmware is displayed in the Firmware Information section of the window. 2. Click the Browse button next to the New Firmware Image field and locate the new image file on your computer or network server.
Chapter 9: Maintenance Rebooting the Access Point This section explains how to reboot the access point. You might reboot the device if it is experiencing a problem. Caution The device does not forward network traffic while it reboots. Some E113 network traffic may be lost.
TQ6000 GEN2 Access Points User’s Guide Collecting Technical Support Information to a File If you contact Allied Telesis for technical assistance with the access point, you may be instructed to send Allied Telesis technical support information. Technical support information helps Allied Telesis technicians troubleshoot problems with the device.
Page 175
It is case sensitive. Spaces are not allowed. Be sure to send the key to the technicians at Allied Telesis. The factory default is blank. The file is sent in clear text if you do not enter a key.
Chapter 10 Account Menu This chapter contains the following procedures: “Changing the Manager’s Login Name and Password” on page 178 “Setting the Language of the Web Browser Interface” on page 180 ...
Changing the name and password does not affect your current management session. Note Allied Telesis strongly recommends changing the factory default password during the first management session to protect the device from unauthorized access. To change the login name and password of the manager account, perform the following procedure: 1.
Page 179
Chapter 10: Account Menu 3. To change the password, select the Current Password field and enter the account’s current password. The default password: friend To display the password as alphanumeric characters or asterisks, click the green, double arrow symbol. 4.
TQ6000 GEN2 Access Points User’s Guide Setting the Language of the Web Browser Interface The access point can display the web browser interface in either English or Japanese. The default is English. To set the language, perform the following procedure: 1.