How to Use This Guide This guide includes detailed information on Edgecore access point (AP) software, including how to operate and use the management functions of APs. To deploy APs effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all software features.
Page 4
How to Use This Guide Conventions The following conventions are used throughout this guide to show information: Note: Emphasizes important information or calls your attention to related features or instructions. Caution: Alerts you to a potential hazard that could cause loss of data, or damage the system or equipment.
Page 5
How to Use This Guide July 2023 Revision This is the 11th revision of this guide. It is valid for software release v12.4.1 and includes the following changes: Added OpenRoaming, see “OpenRoaming” on page 57 “Wireless Networks — OpenRoaming” on page 76 Modified broadcast rate, see “Physical Radio Settings”...
Page 6
How to Use This Guide January 2023 Revision This is the ninth revision of this guide. It is valid for software release v12.3.0 and includes the following changes: Updated QR code Onboarding, see “QR Code Onboarding” on page 26 Updated wireless status, see “Wireless Status”...
Page 7
How to Use This Guide Modified the default value for Minimum Signal Allowed, see “Physical Radio Settings” on page 64 Added 160MHz channel bandwidth option, see “Physical Radio Settings” on page 64 Removed uCentral cloud option from the Setup Wizard. ...
Page 8
How to Use This Guide Added PoE Out setting, see “Ethernet Settings” on page 45 Added caution on firmware upgrades in uCentral mode, see “Upgrading Firmware” on page 87 April 2022 Revision This is the fifth revision of this guide. It is valid for software release v11.6.0 and includes the following changes: Added Client mode, see “Physical Radio Settings”...
Page 9
How to Use This Guide Updated wireless network settings, see “Wireless Networks — Network Settings” on page 74 Updated wireless open mesh settings, see “Wireless Networks — Open Mesh Settings” on page 77 Added Telnet settings, see “Telnet” on page 90 ...
Contents How to Use This Guide Contents Figures Tables Section I Getting Started 1 Introduction Configuration Options Zero-Touch Provisioning Connecting to the Web Interface LAN Port Connection AP Setup Wizard QR Code Onboarding Mesh AP Configuration Main Menu Dashboard Common Web Page Buttons Section II Web Configuration 2 Status Information...
Page 11
Contents 3 Network Settings Internet Settings IPv6 Settings Ethernet Settings LAN Settings Firewall Rules Port Forwarding Hotspot Settings Network Settings OpenRoaming DHCP Snooping ARP Inspection DHCP Relay 4 Wireless Settings Radio Settings Physical Radio Settings Wireless Networks — General Settings Wireless Networks —...
Page 12
Contents User Accounts Services Telnet Edgecore Networks Discovery Tool Web Server Remote System Log Setup Network Time SNMP Multicast DNS LLDP Diagnostics Ping Traceroute Nslookup Speed Test Device Discovery Section III Appendices A Troubleshooting Problems Accessing the Management Interface Using System Logs –...
Section I Getting Started This section provides an overview of the access point, and introduces some basic concepts about wireless networking. It also describes the basic settings required to access the management interface. This section includes these chapters: “Introduction” on page 18 ...
Introduction The access point (AP) runs software that includes a network management agent. The agent offers a variety of management options, including a web-based interface. The AP can also be accessed through Secure Shell (SSH) for configuration using a command line interface (CLI). Note: This manual describes the configuration interface for stand-alone mode.
Chapter 1 | Introduction Configuration Options Configuration Options The access point’s web agent allows you to configure AP parameters, monitor wireless connections, and display statistics using a standard web browser. The AP’s web management interface can be accessed from any computer attached to the network.
Chapter 1 | Introduction Connecting to the Web Interface Connecting to the Web Interface For first-time access to the AP’s web management interface, you can connect a PC directly to one of the AP’s LAN ports or use the quick-setup QR code (printed on a label next to the AP’s ports).
Chapter 1 | Introduction AP Setup Wizard AP Setup Wizard The Setup Wizard is designed to help you configure the basic settings required to get the AP up and running. Step 1 Select How the AP will be Managed — To manage the AP using the Edgecore ecCLOUD controller, select “Yes, I will manage this device by ecCloud controller,”...
Chapter 1 | Introduction AP Setup Wizard Step 2 CAPWAP Setup — When EWS-Series Controller management is selected, you can set the mode for discovering the controller. Once the AP has discovered the controller on the network it can then send a CAPWAP (Control And Provisioning of Wireless Access Points) join request.
Chapter 1 | Introduction AP Setup Wizard Figure 4: Wireless Setup Step 4 Network Setup — For AP stand-alone mode, you also have the option to configure the IP address mode used to provide an IP address for the Internet access port. The default IP Address Mode is DHCP and other options include Static IP and PPPoE.
Chapter 1 | Introduction AP Setup Wizard Step 5 Change Your Password — Set a new password for management access to the AP (the default user name is “admin” with password “admin”). The password must be 6-20 ASCII characters (case sensitive with no special characters). Figure 6: Change Password Note: For information on changing user names and passwords, see...
Page 25
Chapter 1 | Introduction AP Setup Wizard Note: The country code selection is for non-US models only and is not available to any US models. Per FCC regulation, all Wi-Fi products marketed in the US must be fixed to US operation channels only. Step 7 After completing the Setup Wizard, click “Done.”...
Chapter 1 | Introduction QR Code Onboarding QR Code Onboarding For quick set up and registration of your AP with the ecCLOUD controller, you can scan the QR code on the AP using a phone. Follow these steps: Power on the AP. Connect the AP to the Internet.
Chapter 1 | Introduction QR Code Onboarding Figure 9: Setup Wizard - Detect Network Select to manage the AP using the ecCLOUD controller or to manage the AP in stand-alone mode. Figure 10: Setup Wizard - Device Management Stand-Alone Mode: Use the default wireless network setting or customize the network name and password.
Chapter 1 | Introduction QR Code Onboarding Figure 12: ecCLOUD Login Page If you already have an ecCLOUD account, log in and select a site for the AP. The AP is automatically registered for cloud management. Modify the device name, login password, SSID, and security key. After you tap “Save,” wait about five minutes for the cloud controller to configure the AP.
Chapter 1 | Introduction Main Menu If you do not have an ecCLOUD account, tap “I want to register” and set up an account. Create a cloud and site before confirming the regulatory country. After tapping “Next,” the AP is then automatically registered for cloud management.
Chapter 1 | Introduction Main Menu Dashboard After logging in to the web interface, the dashboard displays. The dashboard shows basic settings for the AP, including Internet status, local network settings, and wireless radio status. Figure 14: The Dashboard Common Web Page The list below describes the common buttons found on many of the web Buttons management pages:...
Section II Web Configuration This section provides details on configuring the access point using the web browser interface. This section includes these chapters: “Status Information” on page 32 “Network Settings” on page 41 “Wireless Settings” on page 63 ...
Status Information The Dashboard displays information on the current system configuration, including Internet status, local network settings, wireless radio status, traffic graphs, and services. This chapter includes the following sections: “General Status” on page 33 “Network Status” on page 35 ...
Chapter 2 | Status Information General Status General Status The General Status section shows descriptive information about the AP. Figure 16: General Status Information The following items are displayed in the “Port Status” section: Ethernet Port #0 — Shows the status of the WAN Ethernet port, including link- ...
Page 34
Chapter 2 | Status Information General Status IPv6 Address — The IPv6 address of the Internet connection. Netmask — The subnet mask of the IP address. Gateway — The IP address of the gateway router that is used when a ...
Chapter 2 | Status Information Network Status Network Status The Network Status section shows information about local network connections. Figure 17: Local Networks The following items are displayed in this section: Name — Shows information on the name of the local network. ...
Chapter 2 | Status Information Wireless Status Wireless Status The Wireless Status section shows information about the radio settings and associated clients. Figure 20: Wireless Status Note that you can click the red button next to an associated client to force disconnection.
Page 38
Chapter 2 | Status Information Wireless Status Tx Power — The power of the radio signals transmitted from the AP. Channel — The radio channel the access point uses to communicate with wireless clients. The available channels depend on the 802.11 Mode, Channel Bandwidth, and Country Code settings.
Figure 21: Traffic Graphs Services The Services section shows the status of the Edgecore cloud management agent. Figure 22: Services Edge-core Networks Cloud Agent Status — Shows whether or not the agent for the cloud controller is enabled. – 39 –...
Page 40
Hotspot (Chilli) — Shows whether or not hotspot services are enabled. Click on this field to open the Hotspot Settings menu. Edge-core Networks EWS-Series Controller — Shows if the CAPWAP service is enabled for management of the AP through an EWS-Series controller.
Network Settings This chapter describes basic network settings on the access point. It includes the following sections: “Internet Settings” on page 42 “Ethernet Settings” on page 45 “LAN Settings” on page 48 “Firewall Rules” on page 50 ...
Chapter 3 | Network Settings Internet Settings Internet Settings The Internet Settings page configures the basic Internet settings for the AP, such as the source port, IP aliases, as well as the host name and maximum MTU size. Figure 23: Internet Settings The following items are displayed on this page: IP Address Mode —...
Chapter 3 | Network Settings Internet Settings Figure 24: IP Address Mode – Static IP Static IP — To configure a static IP address for the selected Ethernet interface, the following items must be specified. IP Address — Specifies an IP address for the access point. Valid IP ...
Chapter 3 | Network Settings Internet Settings Figure 25: IP Address Mode – PPPoE PPPoE — To obtain an IP address for the selected Ethernet interface using PPPoE, the following items must be specified. Service Name — The service name assigned for the PPPoE ...
Chapter 3 | Network Settings Ethernet Settings IPv6 Settings Enables you to configure the method used to provide an IPv6 address for the Internet access port. Figure 26: IPv6 Settings The following items are displayed on this section of the page: IP Address Mode —...
Chapter 3 | Network Settings Ethernet Settings Ethernet Port #2 — Shows the status of the LAN Ethernet port 2. Figure 27: Ethernet Settings – Internet Source The following status message is displayed if an interface is set as the Internet source: “This interface is the internet source for this product.
Chapter 3 | Network Settings Ethernet Settings In the following figure, Ethernet Port 0 and Ethernet Port 1 are both attached to the WAN. Figure 29: Bridge to Internet Route to Internet — Configures an interface to be a member of the LAN. ...
Chapter 3 | Network Settings LAN Settings PoE Out — (EAP104 only) Enables the PoE Out feature when the PoE source is detected as 802.3at, otherwise the PoE Out feature is disabled. When set to “Off,” PoE Out is always disabled. (Default: On) CAPWAP Tunnel Interface —...
Page 49
Chapter 3 | Network Settings LAN Settings The following items are displayed on this page: IP Address — Specifies the IP address for the local network or guest network. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.
Chapter 3 | Network Settings Firewall Rules Firewall Rules Firewall filtering restricts connection parameters to limit the risk of intrusion. The firewall settings allow you to define a sequential list of rules that filter traffic based on source and destination IP addresses and ports. Ingress packets are tested against the filter rules one by one.
Chapter 3 | Network Settings Hotspot Settings Internal IP address — The internal destination IP address. Internal Port — The internal destination protocol port. (Range: 1-65535) Hotspot Settings The Hotspot Settings page can configure Internet access to the general public in places such as coffee houses, libraries and hospitals.
Page 53
Chapter 3 | Network Settings Hotspot Settings No Authentication — This option shows the hotspot guest your customized, locally hosted captive portal splash page, and will not require the guest to login before accessing the Internet. If you fill out the (optional) terms of service text, the guest will be required to accept these before they can access the Internet.
Chapter 3 | Network Settings Hotspot Settings RADIUS Server If you click set the mode to External Captive Portal Service or Local Splash page with External RADIUS, the following section is displayed. Figure 35: Hotspot Settings (RADIUS Settings) The following items are displayed on this page: Enable RADIUS Auth —...
Chapter 3 | Network Settings Hotspot Settings Local ID — Local RADIUS server identifier. Local Name — Local RADIUS server name NAS ID — Local RADIUS server operation identifier. Captive Portal Settings The following section is displayed for all hotspot mode options. Figure 36: Hotspot Settings (Captive Portal Settings) The following items are displayed on this page: HTTPS —...
Page 56
Chapter 3 | Network Settings Hotspot Settings Captive Portal URL — Host name of Internet service portal for the hotspot. The captive portal forces a hotspot client to access a welcome web page (normally used for authentication) before gaining further access to the Internet. The welcome page may require authentication and/or payment.
Chapter 3 | Network Settings OpenRoaming OpenRoaming OpenRoaming provides a standard for public-access Wi-Fi networks to support seamless roaming between wireless networks. An OpenRoaming network advertises its public Wi-Fi capabilities and services so that clients can decide if they want to connect to the network.
Page 58
Chapter 3 | Network Settings OpenRoaming Chargeable public network — A network that is available to all users, but requires a fee. Free Public Network — A network that is available to all users without any fees. Personal device network — A network for peripheral connectivity in an ...
Page 59
Chapter 3 | Network Settings OpenRoaming Wall Garden — A list of web sites to which unauthenticated users are allowed to navigate. Enter a list of space or newline-delimited host names and IP addresses. Venue Name Information — Configures a list of up to 10 venue names. ...
Chapter 3 | Network Settings DHCP Snooping DHCP Snooping DHCP snooping is used to validate and filter DHCP messages received by the AP. When DHCP snooping is enabled, DHCP messages received from a device not listed in the DHCP snooping table are dropped. You can add known and trusted DHCP servers to the table by specifying their MAC and IP addresses.
Chapter 3 | Network Settings ARP Inspection ARP Inspection ARP Inspection is a security feature that validates the MAC Address bindings for Address Resolution Protocol packets. It provides protection against ARP traffic with invalid MAC-to-IP address bindings, which forms the basis for certain “man-in-the middle”...
Chapter 3 | Network Settings DHCP Relay DHCP Relay When DHCP relay is enabled, the AP as an agent for all clients and sends all broadcast DHCP requests directly to a specified DHCP server. The DHCP server IP address and port must be configured, and optionally a backup server. With DHCP relay enabled, the circuit ID can be set on the VLAN settings or LAN settings page.
Wireless Settings This chapter describes the wireless settings on the access point. It includes the following sections: “Radio Settings” on page 64 “VLAN Settings” on page 78 – 63 –...
Chapter 4 | Wireless Settings Radio Settings Radio Settings The IEEE 802.11 wireless interfaces include configuration options for radio signal characteristics and wireless security features. The access point can operate in several radio modes, 802.11b+g+n/ax (2.4 GHz) or 802.11a/a+n/ac+a+n/ax (5 GHz). Note that the dual-band access points can operate at 2.4 GHz and 5 GHz at the same time.
Chapter 4 | Wireless Settings Radio Settings Figure 42: Physical Settings for Radio 2.4 GHz The following items are displayed on this page: Status — Enables or disables the wireless service on this interface. Mode — Selects the mode in which the AP will function. ...
Page 66
Chapter 4 | Wireless Settings Radio Settings Channel Bandwidth — The AP options for channel bandwidth include 20, 40 80, and 160 MHz. The available channel bandwidth is dependent on the 802.11 Mode. (Default: 20 MHz on 2.4 GHz Radio, 80 MHz on 5 GHz Radio; Options: 20 MHz, 40 MHz, 80MHz, 160MHz) 20MHz —...
Page 67
Chapter 4 | Wireless Settings Radio Settings TXOP Limit (Transmit Opportunity Limit) – The maximum time an AC transmit queue has access to the wireless medium. When an AC queue is granted a transmit opportunity, it can transmit data for a time up to the TXOP Limit.
Chapter 4 | Wireless Settings Radio Settings clients to dynamically discover and roam between WLANs. This feature also makes it easier for hackers to break into your home network. Because SSIDs are not encrypted, it is easy to grab one by snooping the WLAN looking for SSID broadcast messages coming from the AP.
Page 70
Chapter 4 | Wireless Settings Radio Settings small office networks that may not have the resources to configure and maintain a RADIUS server, WPA provides a simple operating mode that uses just a pre-shared password for network access. The Pre-Shared Key mode uses a common password for user authentication that is manually entered on the access point and all wireless clients.
Page 71
Chapter 4 | Wireless Settings Radio Settings WPA2-PSK — Clients using WPA2 with a Pre-shared Key are accepted for authentication. WPA was introduced as an interim solution for the vulnerability of WEP pending the ratification of the IEEE 802.11i wireless security standard. In effect, the WPA security features are a subset of the 802.11i standard.
Page 72
Chapter 4 | Wireless Settings Radio Settings Radius Auth Server — Specifies the IP address or host name of the backup RADIUS authentication server. Radius Auth Port — The UDP port number used by the backup RADIUS server for authentication messages. (Range: 1024-65535; Default: 1812) Radius Auth Secret —...
Page 73
Chapter 4 | Wireless Settings Radio Settings WPA3 provides more robust password-based authentication called Simultaneous Authentication of Equals (SAE), which replaces Pre-Share Key (PSK) in WPA2-Personal. This technology prevents offline dictionary attacks so that data traffic can be transmitted securely. WPA3 Personal Transition —...
Chapter 4 | Wireless Settings Radio Settings 802.11r — Provides a method for fast transition roaming between APs. Before clients roam to a new AP, the initial handshake and encryption calculations are performed in advance, which results in a fast hand off without the need for re- authentication.
Page 75
Chapter 4 | Wireless Settings Radio Settings Network Behavior — One of the following connection methods must be specified. (Default: Route to Internet) Bridge to Internet — Configures an interface as attached to the WAN. Traffic from this interface is directly bridged into the Internet. (See Figure 29, “Bridge to Internet", on page 47.) Route to Internet —...
Chapter 4 | Wireless Settings Radio Settings CAPWAP Tunnel Interface — When the AP system management is set to EWS-Series Controller mode (see “System Settings” on page 82), the CAPWAP (Control And Provisioning of Wireless Access Points) protocol tunnel mode can be configured.
Chapter 4 | Wireless Settings Radio Settings OpenRoaming Settings — Click to access the OpenRoaming profile settings page. See “OpenRoaming” on page 57 for profile configuration. Wireless Networks — Open Mesh is a network of interconnected node APs, of which only one has a Open Mesh Settings wired connection to the network (and the Internet).
Chapter 4 | Wireless Settings VLAN Settings Network Name — The network to be routed. The default is “Default local network” as displayed under LAN Settings – Local Network. Wireless Networks — Figure 48: Advanced Radio Settings Advanced Radio Settings The following items are displayed in this section of the Wireless Settings page: Tx Power —...
Chapter 4 | Wireless Settings VLAN Settings Wireless clients associated to the access point can be assigned to a VLAN. Wireless clients are assigned to the VLAN for the VAP interface with which they are associated. The access point only allows traffic tagged with correct VLAN IDs to be forwarded to associated clients on each VAP interface.
Page 80
Chapter 4 | Wireless Settings VLAN Settings Ports — The Ethernet ports assigned to the specified VLAN. Members — The SSID of a VAP configured to be a member of the specified VLAN. This option is configured under Radio Settings (Network Settings – Network Behavior).
System Settings This chapter describes maintenance settings on the access point. It includes the following sections: “System Settings” on page 82 “Maintenance” on page 84 “Upload Certificate” on page 87 “User Accounts” on page 88 “Services” on page 89 ...
Chapter 5 | System Settings System Settings System Settings The System Settings page can be used to enable the AP to be managed from the Edgecore ecCLOUD controller or EWS-Series Controller, and configure general descriptive information about the AP. Figure 50: System Settings The following items are displayed on this page: Management —...
Page 83
Chapter 5 | System Settings System Settings EWS-Series Controller — When selected, the following parameters are displayed: CAPWAP — Enables CAPWAP (Control And Provisioning of Wireless Access Points) protocol tunnel mode. DNS SRV Discovery — The AP uses DNS server records to discover ...
Chapter 5 | System Settings Maintenance Configurable” setting. See “Wireless Networks — General Settings” on page LED Enable — Enables the LED indicators on the AP. (Default: Enabled) Language — Selects the web interface language. (Options: English, Japanese; Default: English) Maintenance The Maintenance page supports general maintenance tasks including displaying the system log, downloading a diagnostics log, rebooting the device, restoring...
Chapter 5 | System Settings Maintenance Displaying The access point saves event and error messages to a local system log database. System Logs The log messages include the date and time, device name, message type, and message details. Figure 52: System Log Downloading the Click “Diagnostics Log”...
Chapter 5 | System Settings Maintenance Resetting the The Reset page allows you to reset the access point to the factory defaults. Note Access Point that all user configured information will be lost. You will have to re-enter the default user name and password to re-gain management access to this device.
Chapter 5 | System Settings Upload Certificate Upgrading Firmware You can upgrade new access point software from a local file on the management workstation. New software may be provided periodically from Edgecore. After upgrading new software, you must reboot the access point to implement the new code.
Chapter 5 | System Settings User Accounts Figure 57: Upload Certificate The following items are displayed on this page: Upload Certificate — Click to upload a security certificate and private key from a trusted certification authority. Use Default Certificate — Click to reset to use the AP’s default certificate. ...
Chapter 5 | System Settings Services Password — The user password. (Range: 6-20 ASCII characters, case sensitive, no special characters) Services The Services page allows you to control SSH management access to the AP, configure NTP time servers, and configure iBeacon settings. The Secure Shell (SSH) can act as a secure replacement for Telnet.
Chapter 5 | System Settings Services Telnet Telnet is a remote management tool that can be used to configure the access point from anywhere in the network. However, note that Telnet is not secure from hostile attacks. Figure 60: Telnet Server Settings The following items are displayed on this page: Telnet Server —...
Chapter 5 | System Settings Services Web Server A Web browser provides the primary method of managing the access point. Both HTTP and HTTPS service can be accessed independently. If you enable HTTPS, you must indicate this in the URL: https://device:port_number] When you start HTTPS, the connection is established in this way: The client authenticates the server using the server’s digital certificate.
Chapter 5 | System Settings Services Remote System Log Use this feature to send log messages to a Syslog server. Setup Figure 63: Remote System Log Settings The following items are displayed on this page: Remote Syslog — Enables the logging of debug or error messages to the ...
Chapter 5 | System Settings Services Figure 64: NTP Settings The following items are displayed on this page: Local Time — Displays the local time as day of week, month, hour:minute:second, year, based on Universal Time Coordinates. NTP Service — Enables or disables sending of requests for time updates. ...
Chapter 5 | System Settings Services SNMP Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. It is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
Chapter 5 | System Settings Services SNMPv3 User — SNMP protocol version 3 provides secure access by account authentication and data encryption. An SNMP v3 user can be defined by clicking the “Add new” button. Name — The user name used to access the SNMP service. ...
Chapter 5 | System Settings Services Tx Interval (seconds) — Sets the periodic transmit interval for LLDP advertisements. (Range: 5-32768 seconds; Default: 30 seconds) Tx Hold (time(s)) — Configures a time-to-live (TTL) value sent in the LLDP advertisements as shown in the formula below. (Range: 2-10; Default: 4) The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending device if it does not transmit updates in a timely manner.
Chapter 5 | System Settings Diagnostics BLE Scan — (EAP101 and EAP104 only) Scans for all BLE devices, including these four types: EddyStone-UID, EddyStone-URL, EddyStone-TLM, and ibeacon. Figure 69: BLE Scan Diagnostics The Diagnostics page provides Ping, Traceroute, Nslookup, and Speed Test tools for troubleshooting connectivity problems.
Chapter 5 | System Settings Device Discovery Nslookup Enter a hostname or IP address and click to run the Nslookup tool. Figure 72: Network Utilities - Nslookup Speed Test Enter a hostname or IP address of a Netperf server to test the speed between the AP and server.
Troubleshooting Problems Accessing the Management Interface Table 1: Troubleshooting Chart Symptom Action Cannot connect using a Be sure the AP is powered up. web browser Check network cabling between the management station and the Check that you have a valid network connection to the AP and ...
Page 101
Chapter A | Troubleshooting Using System Logs Contact Edgecore and send a detailed description of the problem, along with all of the information mentioned in the above steps. – 101 –...
Need help?
Do you have a question about the EAP102 and is the answer not in the manual?
Questions and answers