Altai Access Controller Configuration Manual _ v2.0

8/20/2019 Altai Access Controller Configuration Manual _ v2.0

http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 1/110

ALTAI ACCESS CONTROLLER

CONFIGURATION MANUAL

Version 2.0

Date: April, 2014



Access Controller Configuration Manual

TPS14-04_rev2.0

Altai Technologies Ltd. All rights reserved

About this document

SummaryChapter Description

Chapter1 Preface Introduce the document briefely

Chapter2 Product Introduction Introduce the product

Chapter3 System Features Introduce system features

Chapter4 Peparation beforeInstallation

Introduce preparation befored device’s installation

Chapter5 Initial Configuration Introduce device’s booting and basic configurations

Chapter6 WEB Configurations Introduce WEB configurations

Chapter7 FAQ Introduce FAQ




TPS14-04_rev2.0


Contents

1

PREFACE ............................................................................................................................. I

1.1

CONVENTIONS ........................................................................................................ I

1.2

SYMBOLS .................................................................................................................. I

2

PRODUCT INTRODUCTION ............................................................................................... 3

2.1

OVERVIEW ............................................................................................................... 3

3

SYSTEM FEATURES ............................................................................................................. 3

3.1

PROTOCOL SUPPORT ............................................................................................. 3

3.2

USER MANAGEMENT AND BUSINESS SUPPORT .................................................... 4

3.3

NETWORK SECURITY ............................................................................................... 4

3.4

NETWORK MANAGEMENT ..................................................................................... 5

4

PREPARATION BEFORE INSTALLATION ............................................................................. 6

4.1

PRECAUTIONS BEFORE OPERATION...................................................................... 6

4.2

ENVIRONMENT REQUIREMENTS ............................................................................. 6

4.3

INSTALLATION SAFETY REQUIREMENTS .................................................................. 6

4.4

TOOLS NEEDED ....................................................................................................... 7

5

INITIAL CONFIGURATION ................................................................................................. 8

5.1

CLI OVERVIEW ........................................................................................................ 8

5.1.1

USER MODE ................................................................................................... 8

5.1.2

PRIVILEGED MODE ....................................................................................... 9

5.1.3

ROM MONITOR MODE ................................................................................. 9

5.1.4

GLOBAL CONFIGURATION MODE .............................................................. 9

5.1.5

SYSTEM DESCRIPTION ................................................................................... 9

5.1.6

SYSTEM IP ADDRESS CONFIGURATIONS ..................................................... 9

5.1.7

VERSION BOOTING ..................................................................................... 10

5.2

LOGIN ACCESS PLATFORM ................................................................................. 14

5.2.1

LOGIN BY CONSOLE INTERFACE ............................................................... 14

5.2.2

LOGIN BY TELNET ........................................................................................ 14




TPS14-04_rev2.0


5.3

LOGIN MANAGEMENT PLATFORM ..................................................................... 15

5.3.1

LOGIN BY CONSOLE INTERFACE ............................................................... 15

5.3.2

LOGIN BY TELNET ........................................................................................ 15

5.3.3

LOGIN BY WEB ............................................................................................ 15

5.4

SYSTEM UPDATE .................................................................................................... 16

5.4.1

UPDATE UNDER ROM MONITOR MODE ................................................... 17

5.4.2

UPDATE BY FTP ............................................................................................ 18

5.4.3

UPDATE BY WEB .......................................................................................... 21

5.5

UPLOAD/DOWNLOAD CONFIGURATION FILES ................................................. 24

5.5.1

UPLOAD CONFIGURATION FILES ............................................................... 24

5.5.2

DOWNLOAD CONFIGURATION FILES ....................................................... 25

5.6

GLOBAL CONFIGURATIONS ................................................................................ 25

5.6.1

LOGIN SETTINGS .......................................................................................... 25

5.6.2

SET SYSTEM NAME ....................................................................................... 25

5.7

INTERFACE CONFIGURATIONS ............................................................................ 26

5.7.1

CREATE A SUBINTERFACE ........................................................................... 26

5.7.2

SET VLAN ...................................................................................................... 26

5.7.3

CONFIGURE IP ADDRESS ............................................................................ 27

5.7.4

ENABLE OR DISABLE SUBINTERFACE ......................................................... 27

5.7.5

CONFIGURE THE WORK MODE FOR INTERFACE ..................................... 27

5.7.6

CONFIGURE WORK RATE FOR INTERFACE ............................................... 27

5.7.7

CONFIGURE INTERFACE’S DESCRIPTION................................................ 28

5.7.8

CHECK INTERFACE...................................................................................... 28

5.7.9

APPLICATION EXAMPLE ............................................................................. 28

5.8

IP CONFIGURATIONS ............................................................................................ 28

5.8.1

CONFIGURE STATIC IP ADDRESS ............................................................... 28

5.8.2

CONFIGURE IP FORWADING FEATURE ..................................................... 28

5.9

RADIUS CONFIGURATIONS .................................................................................. 29

5.9.1

OVERVIEW ................................................................................................... 29

5.9.2

CONFIGURE AC AS RADIUS CLIENT .......................................................... 29

5.10

DOMAIN CONFIGURATIONS ............................................................................... 31

5.10.1

OVERVIEW .................................................................................................. 31

5.10.2

DEFINE DOMAIN’S NAME ....................................................................... 31

5.10.3

CONFIGURE RADIUS SERVER .................................................................... 32




TPS14-04_rev2.0


5.10.4

CONFIGURE DNS SERVER ......................................................................... 32

5.10.5

CONFIGURE DOMAIN WITHOUT AUTHENTICATION AND ACCOUNTING33

5.10.6

CONFIGURE SERVICE STRATEGY FOR DOMAIN ..................................... 33

5.10.7

CONFIGURE REAL-TIME ACCOUNTING ................................................... 33

5.10.8

CHECK DOMAIN CONFIGURATIONS ...................................................... 34

5.11

SERVICE STRATEGY CONFIGURATIONS .............................................................. 34

5.11.1

OVERVIEW .................................................................................................. 34

5.11.2

BROADBAND STRATEGY CONFIGURATIONS .......................................... 34

5.11.3

FILTERING STRATEGY CONFIGURATIONS ................................................. 35

5.11.4

SERVICE STRATEGY CONFIGURATIONS ................................................... 38

5.12

INTERNAL PORTAL CONFIGURATIONS ................................................................ 38

5.12.1

CONFIGURE PORTAL SERVER ................................................................... 38

5.12.2

CONFIGURE AC-NAME ............................................................................. 39

5.12.3

CONFIGURE NAS-ID HOT-CODE .............................................................. 39

5.13

IP POOL CONFIGURATIONS ................................................................................ 39

5.13.1

CONFIGURE LAYER2 IP POOL .................................................................. 39

5.13.2

CONFIGURE LAYER3 IP POOL .................................................................. 41

5.14

BUSINESS APPLICATION CONFIGURATIONS ....................................................... 42

5.14.1

ADDRESS MANAGEMENT FOR FIT AP ...................................................... 42

5.14.2

BUSINESS CONFIGURATION FOR DHCP+WEB ACCESS ......................... 43

5.15

NAT CONFIGURATIONS ........................................................................................ 46

5.15.1

STATIC NAT ................................................................................................. 46

5.15.2

DYNAMIC NAT ........................................................................................... 47

5.15.3

PAT .............................................................................................................. 47

5.17

HOT STANDBY CONFIGURATIONS ....................................................................... 48

5.17.1

OVERVIEW .................................................................................................. 48

5.17.2

COMMAND ............................................................................................... 48

6

WEB CONFIGURATIONS ................................................................................................. 50

6.1

LOGIN BY WEB ...................................................................................................... 50

6.2

BASIC SETTINGS ..................................................................................................... 52

6.2.1

AC CONFIGURATION ................................................................................. 53

6.2.2

AC HOTSTANDBY ........................................................................................ 55

6.2.3

RADIUS SERVER ........................................................................................... 56

6.2.4

AS SERVER ................................................................................................... 58




TPS14-04_rev2.0


6.2.5

NTP SERVER .................................................................................................. 58

6.2.6

SYSLOG CONFIGURATION ......................................................................... 59

6.2.7

AP VERSION ................................................................................................. 60

6.2.8

VERSION SERVER ......................................................................................... 61

6.2.9

ROUTING ...................................................................................................... 62

6.2.10

ETHERNET INTERFACE INFORMATION ...................................................... 63

6.2.11

WAPI CERTIFICATE ..................................................................................... 63

6.2.12

AC ADVANCED ......................................................................................... 64

6.2.13

TUNNEL CONFIGURATION ........................................................................ 65

6.2.14

MULTIPLE ACCESS BOARDS CONFIGURATION ....................................... 66

6.2.15

AC UPGRADE ............................................................................................ 67

6.2.16

SYSTEM INFORMATION .............................................................................. 68

6.2.17

AC LICENSE ................................................................................................ 68

6.3

WIRELESS SETTINGS ............................................................................................... 69

6.3.1

WIRELESS BASIC........................................................................................... 70

6.3.2

WIRELESS ADVANCED ................................................................................ 72

6.3.3

WIRELESS CHANNEL .................................................................................... 73

6.3.4

PAYLOADBALANCE .................................................................................... 74

6.3.5

AP BACKGROUND SCAN .......................................................................... 75

6.3.6

CAPWAP TIMER ........................................................................................... 76

6.4

WIRELESS SECURITY ............................................................................................... 77

6.4.1

MAC FILTER .................................................................................................. 77

6.4.2

WLAN SECURITY .......................................................................................... 78

6.4.3

INTRUSION DETECTION SETTINGS ............................................................... 80

6.4.4

DYNAMIC BLACKLIST .................................................................................. 81

6.5

WLAN ..................................................................................................................... 81

6.5.1

AP CONFIGURATION .................................................................................. 82

6.5.2

WLAN GROUPS ........................................................................................... 84

6.5.3

TIME POLICY GROUPS ................................................................................ 87

6.5.4

AP POLICY APPLY ....................................................................................... 88

6.5.5

WLAN-VLAN ASSOCIATION ....................................................................... 88

6.6

STATISTICS .............................................................................................................. 88

6.6.1

AP INFORMATION ....................................................................................... 89

6.6.2

AP SOFTWARE UPGRADE ........................................................................... 91




TPS14-04_rev2.0


6.6.3

WIRELESS RADIO STATISTICS ....................................................................... 92

6.6.4

WIRELESS USER LIST ...................................................................................... 92

6.6.5

INTRUSION DETECTION STATISTICS ............................................................. 93

6.6.6

CYCLE OF REPORTING AP STATISTICS ....................................................... 93

6.7

ROGUE AP ............................................................................................................. 94

6.7.1

ROGUE AP ................................................................................................... 95

6.7.2

PERMITTED BSSID LIST .................................................................................. 95

6.7.3

PERMITTED SSID LIST .................................................................................... 96

6.8

LOG........................................................................................................................ 96

6.8.1

OPERATION LOG ........................................................................................ 96

6.8.2

OPERATION LOG HOLD TIME .................................................................... 98

6.8.3

ALARM LOG ................................................................................................ 98

6.8.4

AP LOG ........................................................................................................ 98

6.8.5

INTRUSION DETECTION LOG ...................................................................... 99




TPS14-04_rev2.0


Content of Figures

Figure 5-1 Topology .................................................................................................................... 10

Figure 5-2 System Booting .......................................................................................................... 11

Figure 5-3 Auto-boot procedure（management platform）............................................... 11

Figure 5-4 Configure the Dialog（Access Platform） ............................................................ 13

Figure 5-5 Configuration File Booting（Access Platform） .................................................... 13

Figure 5-6 Login access platform by console interface ........................................................ 14

Figure 5-7 Login Management Platform .................................................................................. 15

Figure 5-8 Login Management Platform by WEB .................................................................... 16

Figure 5-9 Topology under ROM MONITOR Update............................................................... 17

Figure 5-10 the Topology for Update by FTP ........................................................................... 19

Figure 5-11 the Topology for Update by WEB ......................................................................... 22

Figure 5-12 Security Alarm ......................................................................................................... 22

Figure 5-13 Access Controller Login Screen ............................................................................ 23

Figure 5-14 AC Upgrade ............................................................................................................... 23



Figure 6-1 Access Controller Login Screen .............................................................................. 51

Figure 6-2 Access Controller Main Menu ................................................................................. 51

Figure 6-3 Basic Settings ............................................................................................................. 53

Figure 6-4 AC Configuration ...................................................................................................... 54

Figure 6-5 AC Hotstandby.......................................................................................................... 56

Figure 6-6 Radius List ................................................................................................................... 57

Figure 6-7 Radius Servers Edit..................................................................................................... 57

Figure 6-8 AS Server Configuration ........................................................................................... 58

Figure 6-9 AC NTP Configuration .............................................................................................. 59

Figure 6-10 SYSLOG Configuration............................................................................................ 59

Figure 6-11 AP Version Information Edit ................................................................................... 60

Figure 6-12 Version Server List .................................................................................................... 61

Figure 6-13 Version Server Edit ................................................................................................... 61

Figure 6-14 Route Information of Management Platform ........................................................ 62

Figure 6-15 Management Platform Route Edit .......................................................................... 62

Figure 6-16 Ethernet Interface Information ................................................................................ 63




TPS14-04_rev2.0


Figure 6-17 WAPI Certificate ........................................................................................................ 63

Figure 6-18 WAPI Certificate Edit ................................................................................................. 63

Figure 6-19 AC Advanced ........................................................................................................... 64

Figure 6-20 Tunnel Configuration ................................................................................................. 65

Figure 6-21 Multiple Access Boards Configuration .................................................................... 66

Figure 6-22 Multiple Access Boards Configuration .................................................................... 66


Figure 6-24 AC Upgrade Success ................................................................................................ 67

Figure 6-25 System Information .................................................................................................... 68

Figure 6-26 AC License ................................................................................................................. 68

Figure 6-27 Wireless Basic Settings ............................................................................................... 70

Figure 6-28 Wireless Advanced Settings ..................................................................................... 72

Figure 6-29 Wireless Channel Configuration .............................................................................. 73

Figure 6-30 Payloadbalance Configuration .............................................................................. 74

Figure 6-31 Payloadbalance Configuration by Flow Control .................................................. 75

Figure 6-32 AP Background Scanning ........................................................................................ 76

Figure 6-33 CAPWAPTimer Configuration ................................................................................... 77

Figure 6-34 MAC Filter ................................................................................................................... 77

Figure 6-35 WLAN Security Policy List........................................................................................... 78

Figure 6-36 Intrusion Detection Settings ...................................................................................... 80

Figure 6-37 Dynamic Blacklist ....................................................................................................... 81

Figure 6-38 AP Configuration ....................................................................................................... 82

Figure 6-39 WLAN Group Configuration ..................................................................................... 84

Figure 6-40 Time Policy Group...................................................................................................... 87

Figure 6-41 Time Policy Group...................................................................................................... 87

Figure 6-42AP AP Policy Apply ..................................................................................................... 88

Figure 6-43 WLAN-VLAN Association ........................................................................................... 88

Figure 6-44 AP List .......................................................................................................................... 89

Figure 6-45 AP Security Mode ...................................................................................................... 89

Figure 6-46 Parameters of AP Online Scanning ......................................................................... 90

Figure 6-47 AP Software Upgrade ............................................................................................... 91

Figure 6-48 Configuration of AP upgrading ............................................................................... 91

Figure 6-49 Wireless Radio Statistics ............................................................................................. 92

Figure 6-50 Wireless User List ......................................................................................................... 92




TPS14-04_rev2.0


Figure 6-51 Cycle of Reporting AP Statistics ............................................................................... 93

Figure 6-52 Rogue AP List .............................................................................................................. 95

Figure 6-53 Permitted BSSID List .................................................................................................... 95

Figure 6-54 Permitted SSID List ...................................................................................................... 96

Figure 6-55 Operation Log Search .............................................................................................. 96

Figure 6-56 Operation Log Query Results ................................................................................... 97

Figure 6-57 Log Saving Remote FTP Server ................................................................................. 97

Figure 6-58 Alarm Log ................................................................................................................... 98

Figure 6-59 AP Log ......................................................................................................................... 98

Figure 6-60 Intrusion Detection Log .......................................................................................... 99

Content of Tables

Table 6-1 Description of Access Controller Main Menu ......................................................... 52

Table 6-2 AC Configuration ....................................................................................................... 54

Table 6-3 Configuration Parameters of AC Hotstandby ........................................................ 56

Table 6-4 Radius Server Configuration ..................................................................................... 57

Table 6-5 AS Server Configuration ............................................................................................ 58

Table 6-6 AC NTP Configuration ............................................................................................... 59

Table 6-7 SYSLOG Configuration............................................................................................... 60

Table 6-8 AP Version Information Edit ...................................................................................... 60

Table 6-9 Version Server Edit ...................................................................................................... 62

Table 6-10 Management Platform Route Edit ........................................................................... 63

Table 6-11 WAPI Certificate Edit .................................................................................................. 64

Table 6-12 AC Advanced ............................................................................................................ 65

Table 6-13 Tunnel Configuration.................................................................................................. 65

Table 6-14 Multiple Access Boards Configuration ..................................................................... 66

Table 6-15 AC Upgrade ................................................................................................................ 67

Table 6-16 AC License Parameter Settings ................................................................................ 69

Table 6-17 Wireless Basic Settings ................................................................................................ 70

Table 6-18 Wireless Advanced Settings ...................................................................................... 72

Table 6-19 Wireless Channel Configuration ............................................................................... 74

Table 6-20 Payloadbalance Configuration ............................................................................... 74

Table 6-21 AP Background Scanning ......................................................................................... 76




TPS14-04_rev2.0


Table 6-22 CAPWAP timer configuration .................................................................................... 77

Table 6-23 MAC Filter .................................................................................................................... 78

Table 6-24 WLAN Security Policy .................................................................................................. 79

Table 6-25 Intrusion Detection Settings ....................................................................................... 80

Table 6-26 AP Configuration ........................................................................................................ 83

Table 6-27 WLAN Configuration .................................................................................................. 85

Table 6-28 Time Policy Group....................................................................................................... 87

Table 6-29 AP List ........................................................................................................................... 89

Table 6-30 Parameters of AP Online Scanning .......................................................................... 90

Table 6-31 Configuration of AP upgrading ................................................................................ 91

Table 6-32 Wireless User List .......................................................................................................... 92

Table 6-33 Rogue AP Configuration ........................................................................................... 95




TPS14-04_rev2.0


1 Preface

1.1 Conventions

Altai wireless access controller (hereinafter called AC) provides a

managemental platform for broadband wireless access service, which is

oriented to broadband wireless access ISP and enterprises with wireless

access. It fully supports the over-all operation and management solution for

broadband wireless access.

The manual introduces the system function, structure, specification, and

basic settings of Altai AC, as a convenience for engineers’s maintenance.

1.2 Symbols

1. Labels

Format Meaning

[ ]―【】‖represents window name, menu, and data sheet, such as‖promt 【New

Built Users】‖

/Multi-menus is separated by―/‖. For example , ―Click 【Basic Settings】/【AC

Upgrade】‖ means the screen prompt is to configure AC upgrade.

2. Safety Symbols

The document adopts the following symbols to inform readers of safety

requirements. Please read them before use the device.

Safety Symbols Meanings

Safety symbols:

Danger stands for a big potential harm

to human body if not avoided.

Warning stands for a big potentialdamage to device or business if not

avoided.

Attention stands for a moderate

damage to device or business if not

avoided.




TPS14-04_rev2.0


Danger Electricity! Be aware ofelectricity shock.

Danger Laser! Be aware of laserdanger.

Danger Microwave! Be aware of

microwave dager.

Danger Hot! Be aware of hot danger.




TPS14-04_rev2.0


2 Product Introduction

2.1 Overview

Altai AC provides a managemental platform for broadband wireless

access service, which is oriented to broadband wireless access ISP and

enterprises with wireless access. It fully supports the over-all operation and

management solution for broadband wireless access.

Altai AC adopts advance technology of network processing and data

exchange bus. It provides a high forwarding compacity and protocol

processing ability, strengthening the processing of user management,

network security, accounting and netrwork management.

Altai AC provides various network access methods to support user

management with abundant network ptotocols and flexible accountings. It

provides different interface configurations and strict network security to avoid

attack from outside. Meanwhile it is easy to manage for a rich network

management methods.

3 System Features

3.1 Protocol Support

Support Ethernet Protocols like IEEE 802.3u, 802.3z, 802.3 , 802.1q, 802.1p,

802.3x

Support IP Protocols like IP, TCP, UDP, ICMP

Support static route protocols

Support protocols like TELNET, HTTP, FTP, RADIUS

Support DHCP Relay and DHCP Server

Support ARP, and PROXY ARP

Support NAT

Support IGMP Proxy




TPS14-04_rev2.0


3.2 User Management and Business Support

Support MAC, port, VLAN, and IP address binding

Support user’s mult-access like fixed port, VLAN, MAC/IP address, PPPOEand DHCP

Support users to get VLAN information automatically and support one

user only user one IP address

Support user business management

Support rate restriction, bandwidth restriction for users, and different

upstream or downstream bandwidth for various users

Support route strategy

Support various QoS strategies

Support RADIUS as proxy server to realize the function of authentication,

accounting and authorization

Support IP strategy for various users

Support back-up Radius Server and account checking server

Support different service authorizations for various users, like time strategy,

flow stragety, bandwidth strategy and route strategy

Supply informations pointed to users like syslog and staristics

Support VLAN authentication, local authentication, and local account

Support account block

Support PPPOE quick-dial

Support VLAN’s user number restriction

Support one or more ISP, at most 256

3.3 Network Security Support PAP and CHAP

Support RADIUS authenticaiton

Support users’ binding of MAC address, VLAN, Port, IP Address, and

sesstions

Support anti-attack for user’s DHCP IP address

Support secure network management

Support WEB authentication




TPS14-04_rev2.0


Support 802.1x authenticaiton

3.4 Network Management Specified network interface like 10M/100M/1000M Ethernet interface and

Console interface

Support specified port as network port

Support Telnet management

Support graded SNMP

Support dynamic online update




TPS14-04_rev2.0


4 Preparation before Installation

4.1 Precautions before Operation

To avoid personal injury and device harms, please follow the precautions

listed here.

1. Before clean the device, please unplug the power plug. Don’t wipe

device with a damp cloth, and no liquid cleaning at the same time.

2. Don’t lay the device near water or places too moisted.

3. Don’t lay device on unsteady chest or table.

4. Keep room with good ventilation and keep device ventilation holes

clear.

5. Make sure device is working under right voltage.

6. Don’t open the shell while device is running, and for safety consideration

try your best not to open the shell at will.

7. Wear an ESD wrist while replacing interface modules.

4.2 Environment Requirements

The device must work in room. No matter where the device is laid down,

please make sure device runs under the following environment conditions.

1. Make sure there is enough room for ventilation holes.

2. Make sure the rack or platform where device laid with a good ventilation

system.

3. Make sure the rack and platform is solid enough to bear the device and

other mounting accessories.

4. Make sure the rack and platform with a good ground connection.

5. The room should keep its temperature between 0℃ and 40℃, relative

humidity 5%~95%, dust(whose diameter≥5μm) density ≤3 × 104 pieces

/m3.

4.3 Installation Safety Requirements

1. Eclectrical Precautions




TPS14-04_rev2.0


To example device’s internal structure, please unplug all the power plug

and cables. Be care of voltage.

The chasiss needs no maintainence. Please do not open the shell.

2. To operate the chasiss, please follow the rules listed here.

（1） Before install or uninstall the chasiss, please cut off all the power.

（2） Do no changes to system, avoiding potential harms to devices or

engingeers.

（3） After maintainence, please tighten all the screws on board or

power.

3. ESD Harms Avoidance

Since the components are sensitive to Electro Static Discharge, please

follow the rules listed here.

（1） Wear an ESD wrist while operating any system board.

（2） While carry the borad please lay your hand on the holders. The

board not used should be stored with electrostatic shield

protection.

4.4 Tools Needed

Before installing the device please prepare the following tools.

1. ＃1 srewdriver

2. #12－24 screw or #10－32 screw

3. Corresponding socket wrench for power screw




TPS14-04_rev2.0


5 Initial Configuration

5.1 CLI Overview

The user interface is CLI（Comand-line Interface）, which provides a

textual interface for terminal users. All the CLI commands consist of key words

and parameters.

CLI consist of several modes, under which the related commands will be

fully operated. Some commands can only run in related modes and some

others can sun in all modes. CLI will stop at user mode after booting, whichallows users to check system running state. However user mode could not

allow users to change system state, which could be modified in privileged

mode. With ―enable‖ command, users can go to privileged mode.

In privileged mode input ―config terminal‖, users can go to global

configuration mode. By inputing disable, users will go back to user mode and

by <ctrl+z>, end, or exit will go back to privileged mode.

Input‖?‖ could inquiry all available commands under the mode. While

input question mark, there would prompt a list of keywords.

Under any mode, using tab will fill in the whole command automatically.

While inputing some command, push tab will prompt a list of possible

commands. All the commands support uncomplete form like just a few words

to stand for the whole command. Of course the form should not be

ambiguous. For example conf can stand for configure, but co could not

stand for it because co could not make a distinction between configure and

copy.

Most command support keyword of no. With ―no‖ command, the relatedcommand will be deleted.

The following part will describe each mode.

5.1.1 User Mode

Login by telnet or console, you have to input user name and password. In

user mode, users can only inquire configurations except for system

configuration file.




TPS14-04_rev2.0


In user mode, system prompt is【hostname】>.

5.1.2

Privileged Mode

After login user mode, input enable and the password of privileged mode,

you can login in privileged mode. In this mode, you can write and have some

complex operation. The system prompt is【hostname】＃.

5.1.3 ROM Monitor Mode

ROM Monitor Mode is a running mode under abnormal instance. While

the device is abnormally booting or the device could not find sytem image,

then AC will go into ROM Monitor mode, which allow you to boot the system

manually.

Of course you can go to ROM Monitor mode by input CTRL+C while

system is booting in 5 seconds with console interface connected.

5.1.4 Global Configuration Mode

Global configuration mode will allow you to configure AC. The command

will change the running mode and take effect immediately. In globalconfiguration mode, the command in user mode and privileged mode will be

useless. After login into privileged mode, you do not need to input any

password just input configure terminal, you will go to global configuration

mode. The system promt is【hostname（config）】＃.

5.1.5 System Description

There are three operation systems on AC for management platform,

access platform and fast forwarding platform.

5.1.6 System IP Address Configurations

For IPV4, all the IP address for management platform must be configured

in virtual port. For example, ifconfig eth7 12.12.12.1 netmask 255.255.255.0. At

the same time, the IP（12.12.12.1）must be configured in access platform

according to business. For the IP on access platform, to configure a default IP




TPS14-04_rev2.0


on management platform is enough. There is no need to copy all the IP of

acess platform.

5.1.7 Version Booting

Connect AC and version server as follows.

Figure 5-1 Topology

The following figure shows the procedures of system booting.

AC




TPS14-04_rev2.0


Figure 5-2 System Booting

Power on

Boot System

Load Operate System

Locate Operation System

Locate Configuration

File

Load Configuration File

Configure Mode

Initialize COnfiguration

If not found

If found

Power on AC and system will run POST( Power-On Self-Test，POST )

procedure to boot system.

The program will print information to control table and then boot

hardware component. After that the program will copy OS image to main

store. Before this, the program will print ―Booting in 5 units. Press Ctrl + C to

abort...‖ and wait for 5 seconds. If users press ―CTRL-C‖ during this time, system

will go ROM-monitor mode.If users not, system will boot automatically.

Figure 5-3 Auto-boot procedure（management platform）




TPS14-04_rev2.0


Connect console cable to access platform. After the power transferredto OS image, the software booting initializes like kernel booting, application

program booting, and network processor booting. After the booting, system

will look for the configuration file created and saved before from flash. If there

is no such file ,system will operate the Setup Dialog. Once finish the dialog, the

next booting will be loaded with default values.




TPS14-04_rev2.0


Figure 5-4 Configure the Dialog（Access Platform）

If system find the file, there will promt information of ―Press 'CTRL-C' to stop

running startup-config...‖ and wait for 3 seconds. If users press―CTRL-C‖ during

this time ,the configuration file will not be executed.

Figure 5-5 Configuration File Booting（Access Platform）

Right now the system boot successfully.




TPS14-04_rev2.0


5.2 Login Access Platform

5.2.1 Login by Console Interface

There are two console interfaces on front panel. Console0 is to manage

the Management Platform and Console1 the Access Platform. The Fast

Forwarding Platform is managed through the Access Plarform.

Connect to Console1 with baud rate 115200.

Figure 5-6 Login access platform by console interface

User Name: bnas

Password: bnas

Privileged Mode Password: super

5.2.2 Login by Telnet

Input the IP address and the port number of 23.

User Name: bnas




TPS14-04_rev2.0


Password: bnas

Privileged Mode Password: super

5.3 Login Management Platform

5.3.1 Login by Console Interface

Connect Console 0 Interface with baud rate 115200.

Figure 5-7 Login Management Platform

User Name: root

Password: fitap^_^

5.3.2 Login by Telnet

Input the IP address of Management Platform, which should be the same

with that of the Access Platform. Port 87 is suggested.

User Name: root

Password: fitap^_^

5.3.3 Login by WEB

Open IE web brower and input https://x.x.x.x (the IP address of

Mangement Platform).

User Name: icac

Password: icaclogin

https://x.x.x.x/

https://x.x.x.x/

https://x.x.x.x/




TPS14-04_rev2.0


Figure 5-8 Login Management Platform by WEB

5.4

System UpdateBefore introduce the three update mehod, there are three points should be

aware.

Firstly, there are two platforms of management platform and access

platform. To visit management platform, the device must be connected with

an Ethernet interface. The IP and mask of the interface should be

configured both on management and access platform.

Secondly, IP address must be configured on the right interface. For

access platform, the interface should be the one physically connected. For

example, if interface0 is connected to version server then the IP must be

configured on interface0. However for management platform, the IP can

only be configured on interface7, which is a virtual interface and can

communicate with any interface on the access platform.

Thirdly, bootloader is a driver for system update. If there is a need to

update a new version, we will supply one.




TPS14-04_rev2.0


5.4.1 Update under ROM MONITOR Mode

If there is need to change or update AC’s software, please follow the

following steps.

1. Topology

Please make sure AC can communicate with version server and connect

AC’s console interface.

Figure 5-9 Topology under ROM MONITOR Update

2. Make sure there is a new version on version server. Suppose the version is

saved at d:\ Altai-AC with a file name as MIPS_1018L1.8V8.10_R29_T15；

3. Enable tftp server on version server and make its working directory as d:\

Altai-AC；

4. Enable hyper terminal on version server and set the frequency as

115200B/S；

5. Power on Altai AC；

6. While seeing ―Booting in 5 units, Press Ctrl + C to abort...‖ please press

Ctrl-C in 5 seconds.

7. Input ―cc‖to configure version update parameters：

AC




TPS14-04_rev2.0


boot device : gmac0 <-//AC’s uplink port with version

server

ip address : 10.9.0.22 <-//IP of ethernet interface

subnet mask : 255.255.255.0 <-//subnet mask

gateway : 10.9.0.21 <-//IP of gateway

tftp host ip address : 10.9.0.21 <-//IP of version server or tftp server

ac file name : MIPS_1018L1.8V8.10_R29_T15 <-//version to be update

8. input ―@@‖ and then press enter to trigger loading system. If it does not

work, input―@@‖and press enter again.

9. After the system is successfully udated, system will go to management

platform. Show version information with―cat /proc/rmi/mips-version‖:

# cat /proc/rmi/mips-version

the running version:

MCR_rmios_1.0.8.10C31

MCR_vxWorks_1.0.8.10C42

cwc_1.0.1.8C48M_MIPS

MIPS_1018L1.8V8.10_R29_T15

dev-boot-version:C16

next-boot-active-version:version0

5.4.2 Update by FTP

Update by FTP needs to save the version to be update on AC. Each time

when AC reboots, system will read version information. There can be saved

two versions at most, ―version0‖and―version1‖.

1. Topology






TPS14-04_rev2.0


Figure 5-10 the Topology for Update by FTP

2. Save a new version on version server and suppose it is saved at

d:\Altai-AC with a file name of MIPS_1018L1.8V8.10_R29_T15 Version

name must start with―MIPS‖；

3. Enable ftp server and make its working directory as d:\Altai-AC；

4. Configure IP for management platform and access platform, and make

sure AC can visit version server. (suppose the IP is 221.162.62.137）.

Configure IP for management platform：

# ifconfig //optional command, by this you can show all the management pla

tform interface information

# ifconfig eth7 221.162.62.137 netmask 255.255.255.0 //requied command, to co

nfigure IP for management platform. No matter which interface is used on access pl

atform, the IP for management platform can only be configured on eth7.

# ifconfig eth7 //show IP of eth7 interface

eth7 Link encap:Ethernet HWaddr 00:08:D2:00:00:08

inet addr:221.162.62.137 Bcast:221.162.62.255 Mask:255.255.255.0

For a notice, if eth7 is not configured rightly, you can input ―ifconfig eth7

up‖and then configure it again.

5. Configure IP for access platform：

Suppose Altai AC is connected to version server by interface0.

AC




TPS14-04_rev2.0


Altai-AC (config)# interface GigabitEthernet 1/0.0 //enter interface0 configuration

mode

Altai-AC (config-interface)# ip address 221.162.62.137 255.255.255.0 //configure IPan

d subnetmask for interface0. It is must be the same with that of eth7 interface.

After configuration to check the information with―show

running-config‖.

6. Configure version server’s IP as 221.162.62.12（the IP must be in the same

network segment）. Input ―ping 221.162.62.12‖ on management and

access platform to make sure the two platforms can communicate with

version server. For a notice, you must press―CTRL-C‖ to stop the Ping

program on management platform.

Show version information on Altai AC.（optinal command）

# cat /proc/rmi/mips-version




MIPS_1018L1.8V8.10_R29_T13 //the running version is MIPS_1018R29T13


next-boot-active-version:version0 //if reboot version0 will be active( MIPS_1018L1.8

V8.10_R29_T13)

7. Upload new version on AC by FTP. Enable CMD and follow the steps

listed here.

D:\>cd /Altai-AC //enter into the save directory of MIPS_1018L1.8V8.10_R29_T15

D:\ Altai-AC>ftp 221.162.62.137 //login to AC’s management platform by FTP. With

command of―by‖, you can quit the ftp mode.

Connected to 221.162.62.137

… …

User (221.162.62.137:(none)): root //input user name of management platform and pre

ss enter.

331 User root OK. Password required

Password: //input password and press enter

230 OK. Current directory is /root

ftp> put MIPS_1018L1.8V8.10_R29_T15 //upload MIPS_1018L1.8V8.10_R29_T15 to manage

ment platform

… …

ftp: 发送 45223563 字节，用时 16.86Seconds 2682.46Kbytes/sec. //upload successfully

show the version updated on management platform

# ls

MIPS_1018L1.8V8.10_R29_T15 //the version has been uploaded to management platfo

rm




TPS14-04_rev2.0


If you need to update versions, input the following command. (Suppose version0 sta

nds for MIPS_1018L1.8V8.10_R29_T13 and the version to be update is MIPS_1018L1.8V

8.10_R29_T15）:

# version upgrade0 //update version0. If there is a need to update version1, then

change the command as version upgrade1

0:EXT2-fs warning: maximal mount count reached, running e2fsck is recommended

To activate version please input the following command, which will take effect on t

he next booting.

# version active0 //activate version0 0:Done.

Show version information.

# cat /proc/rmi/mips-versionthe running version:




MIPS_1018L1.8V8.10_R29_T13 //the running version is MIPS_1018R29T13


next-boot-active-version:version0 //for the next boot system will load version0

# reboot //reboot system

After reboot, input ―cat /proc/rmi/mips-version‖ on management

platform to show version information.

―version0‖is just a mark, standing for the new version updated.

―version1‖is also follow this principle.

There is no priority between version0 and version1. If you input―version

active0‖then version0 will be loaded at next reboot. Version 1 is the same

case. Svae two versions is just for backup use.

5.4.3 Update by WEB

The user can replace or upgrade Altai ACsystem software according to the

following steps.

1. Topology






TPS14-04_rev2.0


Figure 5-11 the Topology for Update by WEB

Configure IP address for management platform and access platform to make

sure that AC can visit version server. Please refer to ―Update by FTP‖ for the

specific configuration methods.（Assuming 221.162.62.137 is the interface

address）。

Open the web browser on the version server, and input the following

address in the address bar https://221.162.62.137.

Notice:

The beginning of Website is ―https‖. Click ―Yes‖ while the following screen

prompt.

Figure 5-12 Security Alarm

AC

https://221.162.62.137/

https://221.162.62.137/

https://221.162.62.137/

https://221.162.62.137/




TPS14-04_rev2.0


Input the user name of ―icac‖ and the password of‖icaclogin‖.

For a notice, the user name and password is case sensitive.

Figure 5-13 Access Controller Login Screen

Click 【Basic Settings】,【AC Upgrade】,and AC upgrade screen will prompt

on the right. If you want to set version0 as the current version, please select

version0 and click ‖Set as current version‖ .

Figure 5-14 AC Upgrade

After updating the current version the following screen will prompt, and

don’t reboot right away. If you want to modify the real version which ―Current




TPS14-04_rev2.0


Version‖ refers to,please click‖Browse‖,and select the version need to

upgrade. Click ―Upload‖ to wait for version’s upload.



Finally, click ‖reboot‖. After reboot, the version update will take effect.

5.5 Upload/Download Configuration Files

5.5.1 Upload Configuration Files

Users can upload configuration files to remote fit server to backup, in

case of accidental damage. You can upload the active configuration files or

other files specified.

For a notice, there are only two configuration files on system. One is the

running system in use and the other is the backup file on local.




TPS14-04_rev2.0


The following command can be used to upload configuration files.

ftp put filetype /tffs/nmconf [ localfile {/tffs/nmconf | /tffs/nmconf1} ]

remotefile filename

filetype－ type of the configuration files uploaded

localfile－name of the configuration file uploaded

remotefile－ the name of configuration file needs to be uploaded

5.5.2 Download Configuration Files

Users can download configuration files remotely to recover system.

ftp get filetype /tffs/nmconf remotefile filename

filetype－ type of the file

remotefile－ name of the file

5.6 Global Configurations

5.6.1 Login Settings

hostname(config)#local-user username user password passsword

service-type all level priv-level

hostname(config)#enable secret super

For a notice, three could be multiply user names and password but only one

privilieged name.

Default settings are listed here.

User Name: bnas

Password: bnas

Privilieged Mode Password: super

5.6.2 Set System Name

BNAS(config)# hostname Altai-AC

Altai-AC (config)#




TPS14-04_rev2.0


5.7 Interface Configurations

Fast Ethernet Interface and Gigabit Ethrenet Interface shoule be set in tht

form of subinterface. Please follow the steps listed here to configure. Create a Subinterface（Required）

Create Vlan（Optinal）

Set IP Address（Required）

Enable or Disable Subinterface（Optinal）

Configure the working mode of the interface（Optinal）

Configure the working rate of the interface（Optinal）

5.7.1 Create a Subinterface

Altai-AC(config)# interface GigabitEthernet interface-specifier

interface-specifier defines the interface in form of slot/port.subif. Slot stands

for the interface module, port the port number, and subtif the subintreface

number. For example,

Altai-AC(config)# interface GigabitEthernet 1/0.1

The command means subinterface1 is created on module1 and port 0.

For a notice, the fast Ethernet module number is 1 and the port number is from

0 to 5. The subinterface number could not be omitted and should lie in the

range of 0~255.

The command to configure Ethernet interface is the same with that of SFP

interface. For a physical interface, it could only be a SFP interface or an

Ethernet interface.

5.7.2 Set Vlan

If there is an existing VLAN, please configure the VLAN before you set IP

address for the created subinterface.

Altai-AC(config-interface)# vlan id vlan-id




TPS14-04_rev2.0


5.7.3 Configure IP Address

IP Address can be a secondary assress except the primary address, but all the

IP Address in the system should not be crossovered.

Altai-AC(config-interface)# ip address ip_address ipMask [ secondary ]

5.7.4 Enable or Disable Subinterface

Altai-AC(config-interface)# shutdown

Altai-AC(config-interface)# no shutdown

5.7.5 Configure the Work Mode for Interface

Configure the work mode for interface as auto, full-duplex, or half-duplex.

Altai-AC(config-interface)# duplex duplex-mode

For a notice, the work mode will take effect for the whole interface. If there

are plenty of subinterfaces are configured under a work mode, the last

configuration will take effect.

While constructing networks, please keep all the decives are working in the

same work mode.

5.7.6 Configure Work Rate for Interface

Configure interface’s work rate as auto, 1000m, 100m, 10m, fiber and copper.

Altai-AC(config-interface)# speed speed-mode

For a notice, the work rate will take effect on the whole interface. If there are

plenty of subinterfaces are configured under a work rate, the last

configuration will take effect.

While configure SFP interface as an electrical module, the work mode must

be speed mode, but while as a Ethernet interface, the mork mode could notbe configured as speed auto.

You can not configure the same interface both as SFP indteface and

Ethernet interface at the same time.

While constructing networks, please keep all the decives are working in the

same work rate.




TPS14-04_rev2.0


5.7.7 Configure Interface’s Description

Altai-AC(config-interface)#description String

5.7.8 Check Interface

Altai-AC# show interface gigabitEthernet 1/ port

The command above will display all the details on the interface, like interface

state,message statistics, and flow rate.

5.7.9 Application Example

The following example configures a Gigabit Ethernet Interface.

Altai-AC(config)# interface GigabitEthernet 1/0.0

Altai-AC(config-interface)# ip address 10.10.5.1 255.255.255.0

Altai-AC(config-interface)# duplex full

Altai-AC(config-interface)# end

Altai-AC#show interface gigabitEthernet 1/0

5.8 IP Configurations

5.8.1 Configure Static IP Address

Altai-AC(config)# ip route ipAddress ipMask ipNextHop

For example,

Altai-AC(config)# ip route 10.0.0.0 255.255.255.0 192.168.26.33

Altai-AC(config)# ip route 0.0.0.0 0.0.0.0 192.168.25.1

Notice:

The ipNextHop must be the IP Address of direct connected network. It could

not be any interface’s IP Address. If ipAddress and ipMask is configures as 0, it

stands for a default toute.

5.8.2 Configure IP Forwading Feature

There are two IP forwarding features. One is for user to visit AC and the other is

for users to visit each other. The two configurations should be set at the same

time.

Altai-AC(config)# ip forward bnas-access enable/disable user-access

enable/disable




TPS14-04_rev2.0


bnas-access is used to configure whetehr users can visit AC or not.

user-access is used to configure whetehr users can visit each other or not.

Notice:

This command is a global configuration, which will take effect on all users.

The following example means users can visit AC but can not visit each other.

Altai-AC(config)# ip forward bnas-access enable user-access disable

5.9 RADIUS Configurations

5.9.1 Overview

Remote Authentication Dial In User Service (RADIUS) is a

networking protocol that provides centralized Authentication, Authorization,

and Accounting (AAA) management for computers to connect and use a

network service. RADIUS is a client/server protocol that runs in the application

layer, using UDP as transport.

5.9.2 Configure AC as Radius Client

Before make any settings, please make sure there is a subinterface could

reach Radius Server.

1. Access to Radius Cilent Configuration Mode（Required）

2. Configure IP Address（Required）

3. Configure a Port to Authenticate（Optional）

4. Configure a Port to Account（Optional）

5. Check whether the configuration is taking effect or not.

5.9.2.1 Access Radius Client Configuration Mode

All the configuration should be set in radius client configuration mode.

Altai-AC(config)#radius-client

Altai-AC(radius-client)#

http://en.wikipedia.org/wiki/Communications_protocol

http://en.wikipedia.org/wiki/AAA_protocol

http://en.wikipedia.org/wiki/Application_Layer


http://en.wikipedia.org/wiki/User_Datagram_Protocol

http://en.wikipedia.org/wiki/User_Datagram_Protocol




http://en.wikipedia.org/wiki/AAA_protocol

http://en.wikipedia.org/wiki/Communications_protocol




TPS14-04_rev2.0


5.9.2.2 Configure IP Address

The IP address for Radius Client should be a subinterface’s IP address, and the

subinterface should be able to reach Radius Server.

Altai-AC(radius-client)#ipaddress A.B.C.D

5.9.2.3 Configure an Authentication UDP Port

The port number is 1645 by default. If there is a need to chage, please use the

following command.

Altai-AC(radius-client)# auth-port port

The port number should be the same with that of Radius Server.

The following command can change port number to default value.

Altai-AC(radius-client)# no auth-port

5.9.2.4 Configure an Account UDP Port

The port number is 1646 by default. If there is a need to chage, please use the

following command.

Altai-AC(radius-client)# account-port port

The port number should be the same with that of Radius Server.

The following command can change port number to default value.

Altai-AC(radius-client)# no account – port

5.9.2.5 To Confirm the Configuration with Show Command

Altai-AC# show running-config

Altai-AC# show radius client

5.9.2.6 Application Example

Suppose there is subinterface with IP address 192.168.25.234, and Radius

Client can use this IP address to communicate with Radius Server. The

authentication poar numner is 1812 and the Account port number 1813.

Altai-AC(config)#radius-client

Altai-AC(radius-client)#ipaddress 192.168.25.234

Altai-AC(radius-client)# auth-port 1812

Altai-AC(radius-client)# exit all




TPS14-04_rev2.0


With show command as follows, you can see the configuration has been

updated.

Altai-AC#show running-config

... ...

interface FastEthernet 1/0.3

vlan id 4095

ip address 192.168.25.234 255.255.255.0

radius-client

ipaddress 192.168.25.234

auth-port 1812

account-port 1813

... ...

Altai-AC#show radius client

5.10 Domain Configurations

5.10.1

Overview

Domain in this paper could stand for certain ISP, or kinds of service like

viewing webpage or VOD. It also could be the combinantion of ISP and

service.

5.10.2 Define Domain’s Name

Define domain’s name and access to a sub-configuration mode.

Altai-AC(config)# domain domainname

Users can input usrname@domainname to select a domain in web brower or

SIM Dialer.

Users can use default domain to access by configuring a domain named

―default‖.

Altai-AC(config)# domain default

If the domain name is not configured on AC or users do not input any domain

name, AC will put these users to a default domain to authenticate and

account.




TPS14-04_rev2.0


5.10.3 Configure Radius Server

There is a radius server for each domain and the radius server should be

configured in chapter 5.9. Therefore AC can choose different authentication

and accounting servers according to various domains.

Altai-AC(domain)# radius server A.B.C.D authentication

Altai-AC(domain)# radius server E.F.G.H accounting

Once users choose a domain, they actually slect an authentication server

and accounting server.

Meanwhile AC supports backup authentication server, accounting server,

and accounting checking server.

5.10.3.1 Backup Server

The configuration of backup server is the same with master server.

Altai-AC(domain)# radius server I.J.K.L authentication

Altai-AC(domain)# radius server M.N.O.P accounting

That is to say the server configured first is master server and the other backup

server.

The following command is used to cancel configurations either on master or

backup server.

Altai-AC(domain)#no radius server x.x.x.x {authentication | accounting}

If the configuration on master server is canceld, the backup server will

become master server.

5.10.3.2 Account Checking Server

Configure account checking server.

Altai-AC(domain)# radius server A.B.C.D dup-accounting

Cancel the configurations.

Altai-AC(domain)#no radius server A.B.C.D dup-accounting

5.10.4 Configure DNS Server

The radius server doesn’t issue DNS, users can use the DNS server configured

for domains. Othervise, users can use the DNS issued by radius server.

Altai-AC(domain)# dns A.B.C.D E.F.G.H




TPS14-04_rev2.0


A.B.C.D is the primary DNS IP address and E.F.G.H is that of secondary DNS.

For a notice, the DNS server configured in domain only takes effect on users

who assess by PPPOE but not DHCP and Fixed IP.

5.10.5 Configure Domain without Authentication and Accounting

If a domain is defined not to authenticate, then the users accessed by this

domain will be authenticate directly by AC. And AC will not send request

package to radius server to ask for authentication.

IF a domain is defined not to account, for the users accessed by this domain

will not be accounted. And AC will not send start and stop package to radius

server.

Altai-AC(domain)# aaa authentication none

Altai-AC(domain)# aaa accounting none

The following command will recover the domain as an accounting or

authentication domain.

Altai-AC(domain)# aaa authentication radius

Altai-AC(domain)# aaa accounting radius

Altai-AC(domain)# no aaa authentication

Altai-AC(domain)# no aaa accounting

5.10.6 Configure Service Strategy for Domain


Altai-AC(domain)# service-policy spname －spname is the service strategy

defined in AC.

5.10.7 Configure Real-time Accounting


Altai-AC(domain)# interim-time timenum － timenum is the interval for

real-time accounting.

Notice:

AC supports configuring real-time accounting interval and the interval

returned from radius server. If the two intervals exist at the same time, the

interval returned from radius server has a higher priority.




TPS14-04_rev2.0


5.10.8 Check Domain Configurations

Altai-AC # show domain-name domain-name

Altai-AC # show all domain-name

5.11 Service Strategy Configurations

5.11.1 Overview

Service strategy includes broadband and filtering strategy.

Broadband strategy can control data flow, which could meet ISP’s service for

different users. Filtering strategy will allow different users to asscess different

wensite.

Before specify service strategy to users, you must configure broadband, route

and filtering stragety. Please follow the following steps to configure.

Configure broadband and filtering strategy

Specify broadband and filtering strategy in service strategy list

According to different users choose different service strategy

Notice:

All the service strategy only takes effect on the users who access after theservice is configured. If a strategy is modified, the users who access before

the modification will not be influenced.

5.11.2 Broadband Strategy Configurations

5.11.2.1 Configure a Name for Broadband Strategy

Altai-AC(config)# rate-policy bandname

Altai-AC (rate-policy)#

5.11.2.2 Configure Bandwidth

Configure upstream and downstream bandwidth.

Altai-AC (rate-policy)# downstream number1 number2

Altai-AC (rate-policy)# upstream number3 number4

The unit for downstream and upstream broadband is bytes per second. The

meanding for each number is listed here.




TPS14-04_rev2.0


number1：the average bytes for each second in downstream

number2：the outbreak bytes for each second in downstream

number3：the average bytes for each second in upstream

number4：the outbreak bytes for each second in upstream

Notes:

The average flow control stands for the maximum data allowed in one

second. The outbreak flow control stands for the maximum data allowed in

0.25s.

The following command will delete the specified broadband strategy.

Altai-AC(config)# no rate-policy policyname

5.11.2.3 Show Broadband Strategy

Altai-AC # show rate-policy bandname

Altai-AC # show all rate-policy

5.11.3 Filtering Strategy Configurations

5.11.3.1 Overview

One filtering strategy consists of several filtering rules, at most 16.

To configure filtering strategy, you have to create filtering rules at first and

then assign them to filtering strategy.

5.11.3.2 Configure Filtering Rules

The following command is used to configure filtering rules.

rule rule-name {permit | deny} {ip | tcp | udp} src-ip src-mask [src-port]dest-ip dest-mask [dest-port]

·rule-name – the name of filtering rules, at most 15 characters

·permit – allow package to pass through

·deny – refuse package to pass through

·ip – operate on IP package

·tcp – operate on tcp package

·udp – operate on udp package




TPS14-04_rev2.0


·src-ip – the source IP of this filtering rule

·src-mask – the mack of source IP

·src-port – the port of source tcp/udp, which is optional

·dest-ip – the destination IP of this rule

·dest-mask – the mask of destination IP

·dest-port – the port of destination tcp/udp, which is optional

Notice:

1. While configuring filtering rules, you have to specify the operation of permit

or deny, the protocol of ip, tcp, or udp. If it is tcp or udp, you have to assign

tcp or udp port at the same time.

2. If the rule is configured for all IP address, the IP and mask should be set as

0.0.0.0.

3. If the rule is configured for one specified IP, the mask should be set as

255.255.255.255.

4. If the tcp or udp port is set as 0, the filtering rule will take effect on all tcp or

udp port.

Example 1:

Suppose portal’s IP is 202.104.108.115, the following fitering rule will allow users

tovisit Portal Server.

Altai-AC(config)# rule portal permit ip 0.0.0.0 0.0.0.0 202.104.108.115

255.255.255.255

Example 2:

The following filtering rule allow any DNS package to pass through.

Altai-AC(config)# rule dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0

53

Example 3：

Suppose user is located at 10.10.0.0 network, and the following rule allow

users to visit this network segment.

Altai-AC(config)# rule wan permit ip 10.10.0.0 255.255.0.0 10.10.0.0

255.255.0.0

5.11.3.3 Delete Filtering Rules

The command here will delete filtering rules.




TPS14-04_rev2.0


no rule rule-name

For example,

Altai-AC(config)# no rule wan

5.11.3.4 Configure Filtering Strategy

Configure a name for filtering strategy.

Altai-AC(config)# filter-policy filter-name

Altai-AC(filter-policy)#

Assign filtering rules for filtering strategy, at most 16.

Altai-AC(filter-policy)# fi lter-rule filter-nameFor example,

Altai-AC(config)# filter-policy wan-policy

Altai-AC(filter-policy)# filter-rule portal

Altai-AC(filter-policy)# filter-rule dns

Altai-AC(filter-policy)# fi lter-rule wan

Altai-AC(filter-policy)# end

5.11.3.5 Delete Filtering Strategy

Use no command to delete a defined filtering strategy.

Altai-AC(filter-policy)# no filter-rule filter-name

For example,

Altai-AC(filter-policy)# no filter-rule wan

5.11.3.6 Show Filtering Strategy

Altai-AC# show filter-policy filter-name

For example,

Altai-AC# show filter-policy wan




TPS14-04_rev2.0


5.11.4 Service Strategy Configurations

Service strategy is the conllection of broadband strategy, route strategy and

filtering strategy. One service stragtegy could not only consisit of broadband

and filtering strategy, but also of certain combination of the two strategies.

For a notice, if there is a filtering strategy configured in service strategy and

another independent filtering strategy configured, the independent filtering

strategy will take effect.

5.11.4.1 Configure a Name for Service Strategy

Altai-AC(config)# service-policy servicename

5.11.4.2 Configure Service Strategy

For one service strategy, there should be one broadband and filtering

strategy at most.

Altai-AC(service-policy)# rate-policy bandname

Altai-AC(service-policy)# filter -policy filterpolicyname

Altai-AC(service-policy)#exit

5.11.4.3 Delete Service Strategy

Use no command to delete seveice strategy defined. The command will not

delete the broadband, filtering or route strategy quoted.

Altai-AC(config)# no service-policy servicename

5.11.4.4 Show Service Strategy

show service-policy servicename

show all service-policy

5.12 Internal Portal Configurations

5.12.1 Configure Portal Server

Altai-AC(config)# portalserver x.x.x.x internal

The command here will configure IP address for portal server.




TPS14-04_rev2.0


5.12.2 Configure AC-name

Altai-AC(config)# ex-portal ac-name ACN.CTY.PRO.OPE

AC-Name’s format is wlanacname=ACN.CTY.PRO.OP. The attribute namemust be lowercase letter and the value number should follow the rules as

regulated.

Altai-AC(config)# ex-portal ac-name 0004.0543.531.00

5.12.3 Configure NAS-id Hot-code

Altai-AC(config)# vlan-nas-identifier vlan-id nas-id

NAS-ID is used to charge the data service of roaming, whose format is

HST.CTY.PRO.OPE.NAT（ The ―.‖ here is just a mark to identify. For real

configuration, only 16 numbers are enough.）. For example,

Altai-AC(config)# vlan-nas-identifier 101 0101053553100460

5.13 IP POOL Configurations

There are two types of ip-pool, layer2 ip-pool and layer3 ip-pool. Layer2

ip-pool is used for users who access by layer2 device and layer3 ip-pool for

users who access by layer3 device.

5.13.1 Configure Layer2 IP POOL

In network if the device connected to AC is layer2 access device, the

device should be configured a layer2 ip-pool. For AC as the gateway, it

should also be configured an IP in this ip-pool.

5.13.1.1 Configure a Name for IP Pool

Altai-AC(config)# ip-pool pool-name

Altai-AC(ip-pool)#

5.13.1.2 Configure a Range for IP Pool

Configure a range for ip pool and assign an IP for AC.

Altai-AC(ip-pool)#ipaddress DevBnasIp networkMask

Altai-AC(ip-pool)#ipaddress 10.0.1.1 255.255.255.0




TPS14-04_rev2.0


In the above esample, AC’s ip is 10.0.1.1 and the mask is 255.255.255.0.

Therefore,the range for this ip pool is 10.0.1.0~10.0.1.255. Except for the zero

address, the broadcast address and the address for AC, there are 253

addresses left.

5.13.1.3 Configure Allocation Mode for IP Pool

Thre are several allocation mode for IP pool like PPPOE, DHCP, RADIUS, FIXIP,

and LOCALDHCP.

Altai-AC(ip-pool)# alloc-mode mode [pppoe|dhcp|radius|fixip|localdhcp]

5.13.1.4 Assign Service Stratefy

Assign service strategy for ip pool.

Altai-AC(ip-pool)# service-policy service-name

Use no command to delete the service strategy for IP pool.

Altai-AC(ip-pool)# no service-policy [service-name]

For example, configure a service strategy named service-wan for ip pool.

Altai-AC(ip-pool)# service-policy service-wan

Notice:

For DHCP and FIXIP users, the service strategy used before autenticaion is

defined in ip pool and after authentication the service strategy will transfer to

that of radius server. For the prevelige of radius server is higher than that of

domain. If there is no service strategy defined neither in radius server nor

domain, then users will have no service limitation.

For PPPOE users, the service strategy defined in ip pool is useless before

authentication. Therefore if the allocation mode is PPPOE, threre is no need to

configure service strategy in ip pool. After authentication the service strategy

will be that of radius server. For the prevelige of radius server is higher than

that of domain. If there is no service strategy defined neither in radius server

nor domain, then users will have no service limitation.

For a suggestion, it is better not to quote filtering service in ip pool but to

quote service strategy which includes filtering strategy.

5.13.1.5 Configure proxyarp

Altai-AC(ip-pool)#proxyarp [enable|disable ]




TPS14-04_rev2.0


5.13.2 Configure Layer3 IP POOL

5.13.2.1

Configure a Name for IP PoolAltai-AC(config)# ip-pool pool-name l3

Altai-AC(ip-pool)#

5.13.2.2 Configure a Range for IP Pool

For layer3 ip pool, there is no need to configure an IP for AC but an IP for

next-hop route address.

Altai-AC(ip-pool)# ipnetwork ipnet ipmask nexthop

Altai-AC(ip-pool)# ipnetwork 10.10.0.0 255.255.0.0 10.9.0.1

5.13.2.3 Configure Allocation Mode for IP Pool

There is only three allocation mode support layer3 ip-pool, which is dhcp,

localdhcp, fixip.

Altai-AC(ip-pool)# alloc-mode [ dhcp ipadress | fixip ]

5.13.2.4 Configure Reserved IP

The reserved IP will not be allocated to users, which is used to manage users.

Altai-AC(ip-pool)#reservedip A.B.C.D

5.13.2.5 Assign Service Strategy

Assign service strategy for ip pool.

Altai-AC(ip-pool)# service-policy service-name

Use no command to delete service strategy.Altai-AC(ip-pool)# no service-policy [service-name]

For example, configure a service strategy named wan for ip pool.

Altai-AC(ip-pool)# service-policy wan

For DHCP and FIXIP users, the service strategy used before autenticaion is

defined in ip pool and after authentication the service strategy will transfer to

that of radius server. For the prevelige of radius server is higher than that of

domain. If there is no service strategy defined neither in radius server nor

domain, then users will have no service limitation.




TPS14-04_rev2.0


For a suggestion, it is better not to quote filtering service in ip pool but to

quote service strategy which includes filtering strategy.

5.13.2.6 Configure proxyarp

Altai-AC(ip-pool)#proxyarp [enable|disable ]

5.14 Business Application Configurations

5.14.1 Address Management for Fit AP

Usually the Fit AP in the network will be assigned a management IP through

the ip-pool with a certain dhcp option. The IP in this ip-pool will not be

allocated to users.

5.14.1.1 Configure ip-pool for DHCP

Configure the range, default gateway and least time.

Altai-AC(ip-pool)#ipaddress DevBnasIp networkMask

Altai-AC(ip-pool)# alloc-mode localdhcp

Altai-AC(ip-pool)# default-router gw

Altai-AC(ip-pool)# max-lease time

For example,

ip-pool AP

ipaddress 10.172.220.1 255.255.254.0

alloc-mode localdhcp

default-router 10.172.220.1

max-lease 3600

5.14.1.2 Bind Port and VLAN for IP-Pool

available-interface { port | port-port} vlan { vlan | vlan-vlan}

·port – port number

·port-port – port number range

·vlan – the port number of vlan

·vlan-vlan – the port number range of vlan

For example,

Altai-AC(ip-pool)# available-interface port 2 vlan 3333




TPS14-04_rev2.0


5.14.1.3 Configure option

Altai-AC(ip-pool)# option-60 enterprise-code 3902

5.14.1.4 Configure AC’s Address

Altai-AC(ip-pool)# option-60 ac-manage-ip A.B.C.D

5.14.2 Business Configuration for DHCP+WEB Access

5.14.2.1 Overview

There is no need to install client software for DHCP+WEB access. Users can be

authenticated through brower.

The following point should be aware.

Basic Authority is for DHCP and FIXIP users, which is authenticated from IP-pool.

Right now, the authority can be configured in ip-pool is service strategy and

authentication and accounting strategy.

Authority after authentication is also for DHCP and FIXIP users, but it is

authenticated by radius server.

The service strategy in ip-pool do not include filtering strategy, that is to say,

users can visit any website without limitation. Therefore for web authentication

business, the service strategy should include filtering syrategy which defines

the following filtering rules like only to visit portal server, only to visit dns port

(unp 53), and only to visit certain IP.

5.14.2.2 Configuration Steps

1. Configure Subinterface（required）；

There are to purpose to configure a subinterface.

First, by subinterface, radius client can communicate with radius server.

Second, the subinterface could be AC’s uplink port.

2. Configure RADIUS client（required）；

3. Configure Radius Server （required）；

4. Configure domain for users (required)；

5. Configure Portal Server related（required）；




TPS14-04_rev2.0


6. Configure broadband strategy, filtering strategy, and service strategy

（required）；

7. Configure service strategy in domain（optional）；

8. Assign IP for DHCP Server （required）；

9. Configure ip-pool for users（required）；

10. Configure service strategy in ip-pool（required）；

11. Configure gateway, DNS, lease time for DHCP Server ’s ip-pool

（required）；

12. bind port and vlan for ip-pool（required）；

5.14.2.3 Configure IP for DHCP Server

If the allocation mode for ip-pool is localdhcp, you should enable AC’s

dhcp server, which can be configured in global mode. The IP for dhcp server

can be any interface’s IP.

Altai-AC(config)＃ip dhcp server A.B.C.D

5.14.2.4 Configure Filtering Strategy for Authentication

The fitering strategy for authentication should include the following

filtering rules like only to visit portal server, only to visit dns port (unp 53), and

only to visit certain IP.

1）define filtering rules

rule portal permit ip 0.0.0.0 0.0.0.0 portal_ip 255.255.255.255

rule dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 53

2）encapsulate filtering strategy

filter-policy unauth

filter-rule portal

filter-rule dns

5.14.2.5 Configure ip-pool for DHCP

To configure ip-pool for DHCP Server, you have to configure default router,

max-lease time and DNS.

Altai-AC(config)# ip-pool dhcpsvrpool




TPS14-04_rev2.0


Altai-AC(ip-pool)# ipaddress 192.168.26.1 255.255.255.0

Altai-AC(ip-pool)# alloc-mode localdhcp

Altai-AC(ip-pool)# default-router 192.168.26.1

Altai-AC(ip-pool)# dns-server 220.120.64.194

Altai-AC(ip-pool)# max-lease 7200

Altai-AC(ip-pool)# filter-policy unauth

5.14.2.6 Bind Port and VLAN for ip-pool

The operation of binding port and VLAN for ip-pool is to make sure users

accessed by DHCP can get ip and basic authority from ip-pool.

available-interface { port | port-port} vlan { vlan | vlan-vlan}

For example, suppose the DHCP users accessed by port0 and VLAN10 will get

IP from ip-pool1.

Altai-AC(config)# ip pool ippool1 available-interface 0 vlan 10

For example, suppose the DHCP users accessed by port1-4 and any VALN will

get IP from ip-pool2.

Altai-AC(config)# ip pool ippool2 available-interface 1-4

5.14.2.7 Configure Detection Time for Idle Users

Users accessed by DHCP+WEB will be charged once they pass the

authentication. To save spending, AC supports the function of idle-detection.

If user data flow is lower than flow threshold in detection time, then the users

will be regarded as an idle user and the accounting will stop. The detection

time is 900s, which could be changed by the following command.

Altai-AC(config)# ip dhcp idle-interval interval threshold threshold

Altai-AC(config)# ip dhcp idle-interval 600 threshold 30000

In the above example, the detection time is adjusted to 600s and the flowthreshold is 30000 bytes.

Notice:

If the detection time is 0, then AC will not detect users.

Altai-AC(config)# ip dhcp idle-interval 0

5.14.2.8 Check and Debug

1. Show on-line users




TPS14-04_rev2.0


Altai-AC# show auth-user

String - NULL, or pool name, or domain name following with '@'

port - port-id

vlan - vlan-id

2. Show IP address assigned

Altai-AC# show dhcpuser

3. Show users’ information

Altai-AC# show user

String - user name, ip or mac

4. Force users off-line manually

Altai-AC# kick

List Elements - kick mode(ip,user-name,mac,index)String - ip user-name mac index

5. show dhcp ip assigned by manual release

Altai-AC# release

A.B.C.D - user's ip address

6. debug radius

5.15 NAT Configurations

NAT includes three types of static NAT, dynamic NAT, and PAT (Port

Address Translation). Static NAT is to map an internal private IP to external

legal IP permanently. Dynamic NAT is to map legal external IP to internal

network. PAT is to map internal IP to external IP’s different port. Usually we use

PAT.

5.15.1 Static NAT

1. Enable NAT function

Altai-AC(config)# ip nat router

2. Define subinterface

Altai-AC(config-interface)#ip nat outside

For a notice, to configure a subinterface, you have to configure an IP for

the interface and then configure ―ip nat outside‖. If you want to delete

and modify the subinterface’s IP, you have to delete ―ip nat outside‖ first,

delete the IP of interface, and then configure interface’s IP and ―ip nat

outside‖.




TPS14-04_rev2.0


3. Configure static NAT

Altai-AC(config)# ip nat static inside in_ipaddr out_ipaddr

255.255.255.255

For example, map internal IP 172.16.1.100 to external IP 221.8.9.10.

Altai-AC(config)# ip nat static inside 172.16.1.100 221.8.9.10 255.255.255.255

5.15.2 Dynamic NAT

1. Enbale NAT function








outside‖.

3. Define NATinternal ip-pool

Altai-AC(config)# ip nat pool pool_name ip_address ipMask

Altai-AC(config)# ip nat pool In-pool 10.223.160.1 255.255.254.0

4. Define NAT external ip-pool


Altai-AC(config)# ip nat pool Out-pool 221.1.2.3 255.255.255.128

5. Bind internal ip-pool and external ip-pool

Altai-AC(config)# ip nat inside In_pool Out_pool overload

For a notice, to delete a nat pool, you have to depart internal ip-pool

and external ip-pool with ―no‖ command and then delete ip-pool.

5.15.3 PAT

1. Enable NAT function






TPS14-04_rev2.0







outside‖.

3. Configure internal ip-pool


Altai-AC(config)# ip nat pool In-pool 10.223.160.1 255.255.254.0

4. Configure external ip-pool

Altai-AC(config)# ip nat pool pool_name ip_address ipMask Altai-AC(config)# ip nat pool Out-pool 221.1.2.3 255.255.255.128

5. Bind internal ip-pool and external ip-pool

Altai-AC(config)# ip nat inside In_pool Out_pool overload

5.16 Hot Standby Configurations

5.16.1 Overview

In upstream, the master AC and backup AC will occupy three IP in the

same network segment and two MAC address with VRRP protocol.

In operation and maintainence, the master AC and backup AC will use

different IP address and MAC address.

In business, the master AC and backup AC will use the other IP and the

same MAC.

The uplink port is open and the three IP address could be telnet.

In access side, the same port of master AC and backup AC share the same

MAC, but only the port on master AC will be open.

5.16.2 Command

1. [no] vrgroup groupid

Mode：config

Parameters：groupid – virtual group ID, range from 1 to 16；




TPS14-04_rev2.0


Description：configure virtual group；

2. [no] prioroty num

Mode：vrgroup

Parameters：num – the priority of virtual group, range from 1 to 255；

Description：configure the priority of virtual group；

3. [no] adver-interval interval

Mode：vrgroup

Parameters：interval – the heartbeat interval；

Description：configure the heartbeat interval；

4. [no] track-port GigabitEthernet String priority num

Mode：vrgroup

Parameters：String — listener port；

num – the priority of binding port， while the port is down ,the prioriry will

get low；

5. [no]preempt

Mode：vrgroup

Parameters：enable preempt mode；

6. [no]threshold-priority num

Mode：vrgroup

Parameters: num – the priority of virtual group, range from 1 to 255；

Description：configure the threshold for hot back group；

7. [no]attend A.B.C.D group groupid [vrip]

Mode：configure subinterface

Parameters：A.B.C.D – subinterface’s IP

Groupid – virtual group ID

Vrip – optional parameter, with it, the IP will attend the group as a

virtual IP, otherwise the IP will be regarded as a real IP.

Description：Configure IP for hot backup group, including virtual IP and

real IP. Add some IP to the group.

8. [no] vrip A.B.C.D group groupid




TPS14-04_rev2.0


Mode：configure subinterface

Parameters：A.B.C.D-must be the same port in the same network

segment

Groupid — must be the group existed

Description：configure IP for hot backup group and add some IP to a

group

9. Show hotstandby group-info Al l |current | groupid

Mode：Privileged Mode

Parameters：Al l —show all group’s important information

Current – show details of the running hot backup group

Groupid — show details of specified group

Description：show group’s information

6 WEB Configurations

6.1 Login by WEB

The URL is:https://10.1.1.3（10.1.1.3 is the IP of management platform

configured on Eth7）.

The default user name is icac, and the password is icaclogin.

The login screen is displayed as follows.

https://10.1.1.xn--30-7f0b.1.1./

https://10.1.1.xn--30-7f0b.1.1./

https://10.1.1.xn--30-7f0b.1.1./

https://10.1.1.xn--30-7f0b.1.1./

https://10.1.1.xn--30-7f0b.1.1./

https://10.1.1.xn--30-7f0b.1.1./




TPS14-04_rev2.0


Figure 6-1 Access Controller Login Screen

The device supports three languages mode,【Simplified Chinese】,【Traditional

Chinese】 ,and【 English】 .You can select the language environment

needed.Please input the user name and password,and click 【Login】.

The following screen will prompt.

The main menu includes:【Basic Settings】,【Wireless Settings】,【Wireless Security】,

【WLAN】,【Online AP】,【Statistics】,【Rogue AP】,【LOG】.【icac Logged】,

【Change Password】,and【Exit】are in the right above.

Figure 6-2 Access Controller Main Menu

The following table will introduce the main menu.




TPS14-04_rev2.0


Table 6-1 Description of Access Controller Main Menu

Menu Description

Basic Settings

The configuration of system essential information,

providing basic configuration of Altai AC like AP’s versioninformation management, loading version service

management and so on.

Wireless Settings The configuration of wireless setting and capwap timer.

Wireless Security The configuration of wireless security.

WLAN The configuration of WLAN management.

Online APThe configuration of online AP,including AP information’s

view,and the configuration of AP issued.

Statistics It provides statistics information of AP and user.

Rogue APIt provides rogue AP scan switch,and displays rogue AP

list.

LOG It provides operation log and security log.

Change Password Change the password.

SaveConfiguration

Click save button to save configurations.

ExitLog out management platform, and return to loginscreen.

The following chapters will introduce various function of WEB.

6.2 Basic Settings

Click 【Basic Settings】,and the following screen will prompt.

On this screen the following functions will be configured,including【AC

Configuration】,【AC Hotstandby】,【Radius Server 】,【AS Server 】,【NTP Server 】,

【SYSLOG Server 】,【AP Version】,【Version Server 】,【Routing】,【Ethernet Interface

Information】,【WAPI Certificate】,【AC Advanced】,【Tunnel Configuration】,

【Multiple Access Boards Configuration】 ,【 AC Upgrade】 ,【 System

Information】,and【AC License】.




TPS14-04_rev2.0


Figure 6-3 Basic Settings

6.2.1 AC Configuration

Click 【Basic Settings】/【AC Configuration】,and AC configuration screen will

prompt.




TPS14-04_rev2.0


Figure 6-4 AC Configuration

The configuration of AC in detail is displayed as follows.

Table 6-2 AC Configuration

Items Description

AC Name The name of AC.

AC IP Address The IP address of AC.

Number of

Connected APsThe number of AP connected.

Number of

Connected STAsThe number of wireless user connected.

SNMP Community RSNMP read-only command, and the default value ispublic.

SNMP Community

R&WSNMP read-write command, and the default is private.

AC Trap IP The IP address where the alarm message is sent.




TPS14-04_rev2.0


Items Description

AC Trap IP2The IP address where the alarm message is sent.You canset two tra IP at the same time.

Trap Community Trap command, and the default value is private.SNMP Port R&W SNMP read-write port,and the default value is 161.

Trap port Trap port,and the default value is 162.

LoadbalanceOn: Enable load balance function.Off: disable the function, and it is the default option

User IsolationOn: Enable user isolation function.

Off: Disable the function, and it is the default option.

Last polling time The last polling time.

Domain The nation domain where the device located.

AC Authentication

AC supports eight authentications.

no-auth: No authentication.

eap-sim: Eap-sim authentication.web: Web authentication.

eap-md5: Eap-md5 authentication.simAndweb: SimAndweb authentication.

simAndmd5: SimAndmd5 authentication.webAndmd5: WebAndmd5 authentication.

simAndwebAndmd5: SimAndwebAndmd5

authentication.

Use MAC as Index

On: While network administrator collecting information,

use MAC as index.Off: While network administrator collecting

information,use AP ID as index. This function is disabled by

default.

SNMP instantly collectOn: Enable SNMP instantly collecting switch.Off: Disable the function and it is the default option.

LongitudePlease fill in the longitude as the sample formatdisplayed.

Latitude Please fill in the latitude as the sample format displayed.

MoreClick More, and the advanced setting screen willprompt.

6.2.2 AC Hotstandby

Click 【 Basic Configuration】 /【AC Hotstandby】 , and AC hotstandbyconfiguration screen will prompt.




TPS14-04_rev2.0


Figure 6-5 AC Hotstandby

The following table will introduce the configuration parameters of AC

Hotstandby.

Table 6-3 Configuration Parameters of AC Hotstandby

Items Description

AC HotstandbyEnabled：Enable hotstandby function

Disabled：Disable hotstandby function

AP Cold StandbyEnabled：Enable cold standby function

Disabled：Disable cold standby function

Data

Synchronization

Enabled：Enable cold standby function

Disabled：Disable cold standby function

Preempt Mode

Enabled：Enable preempt mode. Under

this mode, AC with high priority will

become master AC. If the priority is thesame, then the AC with bigger IP will

become master AC.

Disabled：Disable preempt mode.

Local IPThe heartbeats address which iscommunicated with the client.

Peer IPThe heartbeats address which thismachine is linked to the client.

6.2.3 Radius Server

Click 【Basic Settings】/【Radius Server 】,and radius servers configuration screen

will prompt.




TPS14-04_rev2.0


Figure 6-6 Radius List

Select one radius server configuration,click 【Modify】,and the radius servers

edit screen will prompt.

Figure 6-7 Radius Servers Edit

The following table will introduce the configuration items.

Table 6-4 Radius Server Configuration

Items Description

Type

Authentication: the radius server to realize

authentication function.Account: the radius server to realize account

function.Checking: the radius server to realize checking

function.

PriorityPriority choice: the primary radius server.Reserve: the radius server reserved will be used

if priority server can’t work.

IP Address The IP address of radius server.

Port The port of radius server.

Password The password of account or checking




TPS14-04_rev2.0


Items Description

Re-enterpassword

Re-enter the password of radius server.

6.2.4 AS Server

Click 【Basic Configuration】/【AS Server 】,and AC server configuration screen

will prompt.

Figure 6-8 AS Server Configuration

Table 6-5 AS Server Configuration

Items Description

AS server IP The IP address of AS server.

AS server port The port of AS server.

6.2.5 NTP Server

Click 【Basic Settings】/【NTP Server 】,and NTP configuration screen will

prompt.




TPS14-04_rev2.0


Figure 6-9 AC NTP Configuration

Table 6-6 AC NTP Configuration

Items Description

NTP ServerOn: Set AC as NTP server, and AP or other clientwill e synchronize with AC.

Off: AC is not set as NTP server.

NTP Client

On: Set AC as NTP client, and it will synchronizewith NTP server automatically.

Off: AC is not set as NTP client.

Server 1 The IP address of NTP server.



Sync IntervalAC will synchronize with NTP server as the timesetting passed.

6.2.6 SYSLOG Configuration

Click 【Basic Settings】/【SYSLOG Configuration】,and SYSLOG configuration

screen will prompt.

Figure 6-10 SYSLOG Configuration




TPS14-04_rev2.0


Table 6-7 SYSLOG Configuration

Items Description

Syslog Level

Emergency: System logs like the system can’t

work.alert: Alarm logs like the system will shut down.

critical: important logs like users login and log out.

error: The error logs like some process goes wrong.warning: Warning logs like user’s authentication is

failed.

notice: Notice logs like system needs to beupdated.

informational: informational logs like the recordsof IP visited.

debug: Debug logs.

IP Address The IP address of syslog server.

Port The port of syslog,and the default port is 514.

OperationClick 【Apply】,and the SYSLOG configuration will

be used.

6.2.7 AP Version

Click 【Basic Settings】/【AP Version】, and AP version configuration screen will

prompt.

Figure 6-11 AP Version Information Edit

Table 6-8 AP Version Information Edit

Items Description

Manufacturer Manufacturer information.

Device Type Device type information.




TPS14-04_rev2.0


Items Description

HardwareVersion

Hardware version information.

Update Type

1: Firmware. If there is no need to update,please choose this option.

2: Software. Update through software.

3: Configuration file. Update throughconfiguration file.

UpdateFeature

The description of update feature.

Target

Update

Feature

The description of target update feature.

Upload Ways It includes WEB upload and manual upload.

Path TypeFull path

Relative pathTarget

Updated FileClick 【Browse】,and select target update file.

6.2.8 Version Server

Click 【Basic Settings】/【Version Server 】,and version server configuration screen

will prompt.

Figure 6-12 Version Server List

Select a list,click 【Modify】,and version server edit screen will prompt.

Figure 6-13 Version Server Edit




TPS14-04_rev2.0


The following table will introduce the version server edit.

Table 6-9 Version Server Edit

Items Description

Server IP The IP address of version server.

Port The port of verion server.

UserName Please input the user name.

Password Please input the password.

Confirm

PasswordPlease input the password again.

Transfer

Protocol

AC supports four transfer protocols.

ftp

tftp

httphttps

6.2.9 Routing

Click 【Basic Settings】/【Routing】,and route information of management

platform screen will prompt.

Figure 6-14 Route Information of Management Platform

Click 【Add】,and the management platform route edit screen will prompt.

Figure 6-15 Management Platform Route Edit

The following table will introduce the management platform route edit.




TPS14-04_rev2.0


Table 6-10 Management Platform Route Edit

Items Description

Destination IP The destination IP

Netmask The subnet network netmask

Next hop The next hop network address

6.2.10 Ethernet Interface Information

Click 【Basic Settings】/【Ethernet Interface Information】,and ethernet interface

information screen will prompt.

Figure 6-16 Ethernet Interface Information

Notice: The information on screen of read-only can’t be added, modified

and deleted.

6.2.11 WAPI Certificate

Click 【Basic Settings】/【WAPI Certificate】,and WAPI certificate screen will

prompt.

Figure 6-17 WAPI Certificate

Click 【Add】to prompt the following screen.

Figure 6-18 WAPI Certificate Edit




TPS14-04_rev2.0


The following table will introduce WAPI certificate edit.

Table 6-11 WAPI Certificate Edit

Items Description

Certificate Type

There are three certificate types：

Server

APCA

Path TypeRelative pathFull path

Certificate

Uploading

Click 【Browse】,and select the certificate

need to be uploaded.

6.2.12 AC Advanced

Click 【Basic Settings】/【AC Advanced】,and AC advanced screen will prompt.

Figure 6-19 AC Advanced

The following table will introduce AC advanced.




TPS14-04_rev2.0


Table 6-12 AC Advanced

Items Description

AC

ConfigurationExport

Click 【Download】,and the AC configuration

will be exported.

ACConfiguration

Import

Click 【Browse】to select the configuration file

to be imported,and click 【Import】.

Select

Configuration

to Reset

You can select the following configuration.Business configuration: The configuration onthe screen（except for AC name）.

System configuration: The configuration ofmanagement platform.

Factory Reset Click 【Reset】to reset default configurations.,

Reboot AC Click 【Reboot】,and it will reboot AC.

Warning:

To restore the factory default, and restart AC will affect the running business.

Please do not do such operation at will.

6.2.13 Tunnel Configuration

Click 【Basic Settings】/【Tunnel Configuration】,and tunnel configuration screenwill prompt.

Figure 6-20 Tunnel Configuration

The following table will introduce the tunnel configuration items.

Table 6-13 Tunnel Configuration

Items Description

Mode Switch On: Enable tunnel mode.




TPS14-04_rev2.0


Items Description

Off: Disable tunnel mode.

AccessPlatform IP

IP address of access platform which enablestunnel mode

Port The default port is 5248.

Forwarding

Type

It supports three tunnel modes.1-MACBridge

2-Reserve

3-802.11 frame tunnel mode

Switch of DataSynchronization

On: Enable data synchronization function.Off: Disable data synchronization function.

6.2.14 Multiple Access Boards Configuration

Click 【Basic Settings】/【Multiple Access Boards Configuration】,and thefollowing screen will prompt.

Figure 6-21 Multiple Access Boards Configuration

Click 【New Access Board】to prompt the following screen.

Figure 6-22 Multiple Access Boards Configuration

The following table will introduce multiple access boards’ configuration.

Table 6-14 Multiple Access Boards Configuration

Items Description

Slot No. The slot number of access board.




TPS14-04_rev2.0


Items Description

Access BoardIP

The IP address of access board.

Port The port that access platform andmanagement platform to communicate.

Tunneladdress(IPv4)

The Tunnel IP address in the form of IPv4

Tunneladdress(IPv6)

Tunnel IP address in the form of IPv6.

Tunnel port The tunnel port number.

Tunnel SwitchOn: Enable tunnel.Off：Disable tunnel.

Password(R)Read-only command,and the default valueis public.

Password(R&W) Read-write command,and the default valueis private.

6.2.15 AC Upgrade

Click 【Basic Settings】/【AC Upgrade】,and AC Upgrade screen will prompt.


The following table will introduce AC upgrade items.

Table 6-15 AC Upgrade

Items Description

AC Version

AC supports version 0 and version 1.

Click 【Set as Current Version】,and the version

selected will be set as current version.

AC VersionUpload

Click 【 Browse】 to select files need to be

updated,and click 【Upload】.

Upgrade successfully screen will prompt.

Figure 6-24 AC Upgrade Success




TPS14-04_rev2.0


6.2.16 System Information

Click 【Basic Settings】/【System Information】,and system information screen

will prompt.It is the read-only screen.

Figure 6-25 System Information

Click 【Refresh】,and you can acquire the newest system information.

6.2.17 AC License

Click 【Basic Settings】/【AC License】,and AC license screen will prompt.

Figure 6-26 AC License




TPS14-04_rev2.0


The following table will introduce AC license parameter settings.

Table 6-16 AC License Parameter Settings

Items Description

Device serialNumber

The serial number of device.Click 【Download

Device File】to export device file.

StatusThe status of License.Please click 【 Refresh

Information】to update license information.

Max APNumber

The max number of AP supported.

AC DeviceModel

The model of AC device.

Hotstandby

Support(y/n)Whether to support hotstanfby function or not.

Device ID Number of the device.

Upload

License File

Click 【Browse】to select the file needed,and

click 【Upload】to upload the files.

6.3 Wireless Settings

Wireless settings includes【Wireless Basic】,【Wireless Advanced】,【Wireless

Channel】,【Payloadbalance】,【AP Background Scan】,【CAPWAP Timer 】.




TPS14-04_rev2.0


They are global configurations to AP. The following part will introduce them

independently.

6.3.1 Wireless Basic

Click 【Wireless Settings】/【Wireless Basic】,and Wireless basic settings screen

will prompt.

Figure 6-27 Wireless Basic Settings

The following table will introduce wireless basic settings.

Table 6-17 Wireless Basic Settings

Items Description

Radio ID Select the radio id of AP.

RF Switch

On: Enable RF, and wireless user can search to

the SSID issued.Off: Disable RF, and wireless user can not

search to the SSID issued.

Power

Configuration

There are three ways.

Adjust Power Automat: When nearby AP power

increases, the device power willdecrease.When nearby AP power weaken, the

device will increase, which is up to the change

of environment.




TPS14-04_rev2.0


Items Description

Percentage: Work in the designated power.

Actual Power: Work in the actual power.

Auto PowerAdjustment

Interval

AP power will be adjusted as the time intervalpassed, and the default unit is minute.

WirelessMode

There are eight wireless rate modes to beselected.

802.11b Only(2.4G)

802.11g Only(2.4G)802.11n Only(2.4G)

802.11b and 802.11g (2.4G)

802.11n802.11b and 802.11g (2.4G)

802.11a Only(5G)

802.11n and 802.11a (5G)

Work Rate

There are thirteen work rate to be selected.Select Automatically: AP work rate is relatedwith the environment like the direction and

distance of antenna.

1Mbps2Mbps

5.5Mbps

6Mbps9Mbps

11Mbps

12Mbps18Mbps

24Mbps36Mbps

48Mbps

54Mbps

11N Work

Rate

802.11n RF rate configures by MCS (Modulationand Coding Scheme) index value torealize.There are seventeen 11N work rate to

be selected.

Auto：AP selects work rate independently.

MCS Index0MCS Index1MCS Index2

MCS Index3MCS Index4

MCS Index5


MCS Index8


MCS Index11


MCS Index14

MCS Index15

Space FlowThere are four space flows to be selected.1*12*2




TPS14-04_rev2.0


Items Description

3*3

4*4

Channel

Bandwidth

There are four channel bandwidths to beselected.

20MHzAuto 20/40 MHz：20MHz、40MHz self-adaption

40-MHz

40+MHz

GuardInterval

There two settings to be selected.

Long（800us）

Short（400us）

A-MPDUOn: Enable A-MPDU function to increase thewireless network throughput.

Off: Disable A-MPDU function.

A-MSDUOn: Enable A-MSDU function to increase MACtransmission efficiency.

Off: Disable A-MSDU function.

11N WorkMode

There are two 11N work modes to be selected.

HT-MixedHT-Greenfield

6.3.2 Wireless Advanced

Click 【Wireless Settings】/【Wireless Advanced】,and wireless advanced settings

screen will prompt.

Figure 6-28 Wireless Advanced Settings

The following table will introduce wireless advanced settings items.

Table 6-18 Wireless Advanced Settings




TPS14-04_rev2.0


Items Description

Layer2

port-isolate

Select layer 2 port-isolate mode.

Layer 2 Isolation Disabled

Isolate UnicastIsolate Multicast

Isolate Broadcast

Isolate All

IGMPSNOOPING

Enabled: Enable IGMP SNOOPINGfunction.Disabled: Disable IGMP SNOOPING

function.

Pre-certificationEnabled: Enable pre-certification function.

Disabled: Disable pre-certification function.

RoamingEnabled: Enable roaming function.Disabled: Disable roaming function.

Detection Timefor Roaming Input the detection time for roaming,andthe default unit is seconds.

Uplink Integrity

Disabled

Disconnect of AP UplinkDisconnect of AP/AC CAPWA

Disconnect of link to a Certain

ActionClose AP RFReboot AP

NTP Server

AddressNTP server IP address.

NTP SynchronousInterval

NTP synchronous interval.The default unit isminutes, and the default range value is

1-1092.

6.3.3 Wireless Channel

Click 【Wireless Settings】 /【Wireless Channel】 ,and wireless channel

configuration screen will prompt.

Figure 6-29 Wireless Channel Configuration




TPS14-04_rev2.0


The following table will introduce wireless channel configuration items.

Table 6-19 Wireless Channel Configuration

Items Description

Radio ID12

Autochannel

adjustment

Enabled: Enable auto channel adjustment

function,and AP will select channelautomatically.

Disabled: Disable auto channel adjustmentfunction.

Adjustment

Mode

Adjust when starts.

Periodic adjustment.

Adjustment

Interval

Input adjustive interval, and the default unit is

minutes.

Minimumsigna

standards

Input minimum signa standards.The default unitis dbm,and the range is from -90 to 10.

6.3.4 Payloadbalance

Click 【 Wireless Settings 】 / 【 Payloadbalance】 ,and payloadbalance

configuration screen will prompt.

Figure 6-30 Payloadbalance Configuration

The following table will introduce payloadbalance configuration items.

Table 6-20 Payloadbalance Configuration




TPS14-04_rev2.0


Items Description

Payloadbalance

Switch

Enabled: Enable payloadbalancefunction.When the number of user reachesto a certain amount, payloadbalance

among APswill be adjusted automatically.Disabled: Disable payloadbalancefunction.

Payloadbalance

Type

User: Payloadbalance among APs is

decided by the number of user.

Flow: Payloadbalance among APs isdecided by flow.

StartedThreshold of

Access Users

Enable payloadbalance function when

the threshold set is exceeded.

User ControlDeviation of

Load Balance

When user control deviation of loadbalance is exceeded, new access user will

be related to the AP with lower load.

User ThresholdWhen user threshold is exceeded,payloadbalance function will take no

effect

For example, suppose theconfiguration is set as follows, it stands for tthat the

payloadbalance function will be enabled when the flow value is 0kbps

between the two users（at least 2）.If the flow d-value is 500kbps among users,

and the newcomer will be connected to the lower flow AP. When the flow is

more than 1000000000 KBPS, payloadbalance will take no effect.

Figure 6-31 Payloadbalance Configuration by Flow Control

6.3.5 AP Background Scan

Click 【Wireless Settings】/【AP Background Scan】 ,and AP background

scanning screen will prompt.




TPS14-04_rev2.0


Figure 6-32 AP Background Scanning

The following table will introduce payloadbalance configuration parameters.

Table 6-21 AP Background Scanning

Items Description

Radio ID Input radio ID,and the range is 1~31.

ScanningChannel

All-Channel

1（11b/g)

2（11b/g)

3（11b/g)

4（11b/g)

5（11b/g)

6（11b/g)

7（11b/g)8（11b/g)

9（11b/g)

10（11b/g)

11（11b/g)

12（11b/g)

13（11b/g)

149（11a)

153（11a)

157（11a)

161（11a)

165（11a)

Scanning

Enable

On: Enable backgrounf scanning function.

Off: Disable backgrounf scanning function.

ScanningCycle

Input scanning cycle.The default unit issecond,and the range is 0~65535.

6.3.6 CAPWAP Timer

Click 【Wireless Settings】/【CAPWAP Timer 】,and CAPWAP timer configuration

screen will prompt.




TPS14-04_rev2.0


Figure 6-33 CAPWAPTimer Configuration

The following table will introduce CAPWAP timer configuration items.

Table 6-22 CAPWAP timer configuration

Items Description

Echo TimerThe interval time for AP to send keep alivemessage.

Discovery

TimerNo definition.

Keep-alivetime for AC

The time for AC to detect AP.

6.4 Wireless Security

Wireless security mainly includes【MAC Filter 】,【WLAN Security】,【Intrusion

Detection Settings】 ,【Dynamic Blacklist】 .The function in detail will be

introduced as follows.

6.4.1 MAC Filter

Click 【Wireless Security】/【MAC Filter 】,and MAC filter screen will prompt.

Figure 6-34 MAC Filter




TPS14-04_rev2.0


The following table will introduce MAC filter configuration items.

Table 6-23 MAC Filter

Items DescriptionMACAddress 1

Input MAC address like AA-BB-CC-DD-EE-FF.

MACAddress 2

Input MAC address like AA-BB-CC-DD-EE-FF.

MAC

Address 3Input MAC address like AA-BB-CC-DD-EE-FF.

MAC

Address 4Input MAC address like AA-BB-CC-DD-EE-FF.

6.4.2 WLAN Security

Click 【Wireless Security】/【WLAN Security】,and WLAN security policy list screen

will prompt.

Figure 6-35 WLAN Security Policy List

Click 【Add】to prompt WLAN security policy configuration screen.




TPS14-04_rev2.0


The following table will introduce WLAN security policy configuration items.

Table 6-24 WLAN Security Policy

Items Description

Security PolicyID

The ID for security policy, which is generatedautomatically.

Security Policy

NameInput security policy name.

Security Mode

Please enter the security mode.

WEP

802.11iWAPI

Authentication

Mode

If 802.11i is selected as security mode, andtwo authentication modes will be displayed

as follows.

WPA/WPA2-PSKWPA/WPA2(EAP)

if WAPI is selected as security mode, and twoauthentication modes will be displayed as

follows.

WAPI-PSKWAPI Certificate(Primary install wap

certificate)

Key Length

64bit128bit

152bit

Key Type ASCII

Encryption

Method

SMS4

AES

TKIP

Key Input the key.

Index of

Default KeyKey 1: The default key is key 1.Key 2: The default key is key 2.




TPS14-04_rev2.0


Items Description

Key 3: The default key is key 3.

Key 4: The default key is key 4.

Key 1 Please input key 1.




6.4.3 Intrusion Detection Settings

Click 【Wireless Security】/【Intrusion Detection Settings】,and intrusion detection

settings screen will prompt.

Figure 6-36 Intrusion Detection Settings

The following table will introduce intrusion detection settings.

Table 6-25 Intrusion Detection Settings

Items Description

Spoofing

Attack

DetectionSwitch

Enabled: Enable spoofing attack detection

function.

Disabled: Disable spoofing attack detectionfunction.

Flood AttackDetection

Switch

Enabled: Enable flood attack detectionfunction.

Disabled: Disable flood attack detection

function.

Flood AttackDetectionThreshold

Set flood attack detection threshold,and therange value is 1-6000.

Dynamic

Blacklist

Enabled: Enable dynamic blacklist

function.When the number of flood attack




TPS14-04_rev2.0


Items Description

Switch detected is more than the threshold, the user will

be pulled into blacklist.

Disabled: Disable dynamic blacklist function.

DynamicBlacklist alivetime

Set dynamic blacklist alive time.The default unitis second, and the range is 60-3600.

6.4.4 Dynamic Blacklist

Click 【Wireless Security】/【Dynamic Blacklist】,and dynamic blacklist screen

will prompt.

Figure 6-37 Dynamic Blacklist

Select an invasion MAC,and click 【Add to static blacklist】.The MAC will besaved in the blacklist permanently.

Select【Attack Type】,and MAC address under the attack type will be

displayed.The attack type which the device supports includes flood

attack(Unknown Type),flood attack(Authentication),flood

attack(Deauthentication),flood attack(Assocation),flood

attack(Disassocation),flood attack(Reassocation),flood attack(Probe

Request),flood attack(null data),flood attack(action),spoof attack(Unknown

Type),spoof attack(Authentication),spoof attack(Deauthentication),spoof

attack(Assocation),spoof attack(Disassocation).

6.5 WLAN

WLAN mainly includes【AP Configuration】,【WLAN Groups】,【Time Policy

Groups】,【AP Policy Apply】,【WLAN-VLAN Association】.The function in detail

will be introduced as follows.




TPS14-04_rev2.0


6.5.1 AP Configuration

Click 【WLAN】/【AP Configuration】, and AP Configuration screen will prompt.

Figure 6-38 AP Configuration

The screen will display AP group information, supporting information displayedafter filtering and information’s export. For example:

Step one,Click 【Import CSV file】,and the following screen will prompt.

Step two,Click 【Browse】,and you can select CSV file needed.Please click

【Upload】,and the following screen will prompt.

Step three,Click 【

Add Import】

to add new AP group informton.Click 【

AllReplace】,and the old AP group information will be replaced. Click add

import button,and the following screen will prompt.

Click 【Confirm】,and the following screen will prompt.




TPS14-04_rev2.0


Step four,Click 【Return】,and upload the system file successfully.

Warning:

Click 【Download CSV Sample】to acquire instruction in detail of CSV file

layout.You’d better download this file in orde to avoid uploading abnormally.

Click 【Add AP+】,and the following screen will prompt.

The following table will introduce AP configuration items.

Table 6-26 AP Configuration

Items Description

AP MACAddress

The MAC address of AP. Please fill in theform of 00-18-7D-09-16-49.

AP GroupDefault Group: AP group is the defaultgroup.

Test Group: AP group is the test group.

AP Number AP number.

Location AP’s geographic location

AP Name AP’s name

Description AP’s description




TPS14-04_rev2.0


6.5.2 WLAN Groups

Click 【WLAN】/【WLAN Groups】, and WLAN group configuration screen will

prompt.

Figure 6-39 WLAN Group Configuration

This screen displays the WLAN group.Click 【Edit Group】,and modify WLAN

group information.Input new WLAN group name ,and click 【Add】to add new

group.

Click the default group’s【Edit Group】,and the following screen will prompt.

Click 【Add】,and WLAN configuration screen will prompt.




TPS14-04_rev2.0


The following table will introduce WLAN configuration.

Table 6-27 WLAN Configuration

Items Description

WLAN IDWLAN’s ID number, which is generated

automatically.

WLAN GroupWLAN group which is generatedautomatically.

Security Mode

Open: Disable encryption mode.

WEP: Enable WEP encryption mode. To

enable WEP mode, you have to create a

WEP strategy in WLAN securityconfiguration.

802.11i: Enable 802.11i encryption mode.

To enable WEP mode, you have to create




TPS14-04_rev2.0


Items Description

a WEP strategy in WLAN security

configuration WAPI ： Enable WAPI

encryption mode.

Security Policy

Select the SSID of security strategy

configured in WLAN securityconfiguration.

SSID WLAN’s SSID.

SSID Mode

Broadcast: Broadcast WLAN’s SSID, and

the user can search to the WLAN.

Hide: The user can’t search to the WLAN.

Vlan ID VLAN’s ID.

QoSEnabled: Enable QoS function to optimizequality of the network service.

Disabled: Disable QoS function.

Max number ofusers

The max number of users which is allowedto access.

MAC Filteringpolicy

OPEN：Set no filtering strategy.

Whitelist: The MAC address of whitelist canaccess WLAN.

Blacklist: he MAC address of whitelist can

not access WLAN.

Flow control

AC supports three flow control modes.

Fixed flow

Guaranteed minimum flowBased on the number of users

Downlink SSID

FlowLimit/Guarantee

Configure downlink flow control based onSSID.

Downlink User

FlowLimit/Guarantee

Configure downlink flow control based on

users connected to the SSID.

Uplink SSID FlowLimit/Guarantee

Configure uplink flow control based onSSID.

Uplink User FlowLimit/Guarantee

Configure uplink flow control based onusers connected to the SSID.

Tunnel Mode

Local Forwarding.

Concentrated Forwarding: To use

concentrated forwarding fucntion, you

have to enable the tunnel modefirst.And the VLAN ID should not be

configured as 0.

EAP Auth Type Select EAP authentication type.

Auth Service

MAC

The MAC address of authentication

server.




TPS14-04_rev2.0


6.5.3 Time Policy Groups

Click 【WLAN】/【Time Policy Groups】, and time policy group screen will

prompt.

Figure 6-40 Time Policy Group

Input the name of time policy group,and click 【Add】to add new entry.Select

a entry need to modify, click 【Edit group】,and the following screen will

prompt.

Figure 6-41 Time Policy Group

The following table will introduce time policy group items.

Table 6-28 Time Policy Group

Items Description

Policy ID Policy ID.

Policy Name Name of the policy.

Policy Type

Day

WeekMonth

Year

All day ornot

Yes: Policy applys to every day.No: Please set start time and end time.

Start Time The time when policy takes effect.

End Time The time when policy lose effectiveness.

Week Select the week when the plocy take effect.

Month Select the month when the policy take effect.

Day Select the day when the policy take effect.

Operation Save: Save the time policy.




TPS14-04_rev2.0


6.5.4 AP Policy Apply

Click 【WLAN】/【AP Policy Apply】, and AP policy apply screen will prompt.

Figure 6-42AP AP Policy Apply

On this screen WLAN group can be associated with different limit policies.

6.5.5 WLAN-VLAN Association

Click 【WLAN】/【WLAN-VLAN Association】, and WLAN-VLAN association

screen will prompt.

Figure 6-43 WLAN-VLAN Association

On this screen WLAN group can associate to relevant VLAN group.

6.6 Statistics

Statistics mainly includes【AP Information】,【AP Upgrate】,【Wireless

Interface Statistics】,【Wireless Users Statistics】,【Intrusion Detection Statistics】,

【Statistica Report Cycle】. The function in detail will be introduced as follows.




TPS14-04_rev2.0


6.6.1 AP Information

Click 【Statistics】/【AP Information】,and AP information screen will prompt.

Figure 6-44 AP List

The following table will introduce AP information configuration items.

Table 6-29 AP List

Items Description

AP ID AP’s ID

MACAddress

AP’s MAC address

IP Address AP’s IP address

AP Group AP group

AP Name AP’s name

FP NO. The RF number of AP

Online Time AP’s online time Start Time The time AP starts up

Last 3 Join

TimeThe last three timeof AP’s joining

Join Reason Reason of AP’s joining.

Status

ALL: Display AP’s status.

Configuration: Display APs in the configurationstatus.

Run: Display APs in the run status.

Idle: Display APs in the Idle status.

Details

Click 【Details】 to show detail information ,

including AP basic information , wireless

configuration, software and hardwareconfiguration, and user information list.

Select the AP need to be set,and click 【Load Balance】to configurate load

balance.

Select the AP need to be set,click 【Security Mode】,and the following screen

will prompt.

Figure 6-45 AP Security Mode




TPS14-04_rev2.0


There are three security modes to select, including 802.11i, WAPI, API&802.11i.

Select AP need to be set, click 【Parameters of AP Online Scanning】,and the

following screen will prompt.

Figure 6-46 Parameters of AP Online Scanning

Table 6-30 Parameters of AP Online Scanning

Items Description

Radio ID Select the radio id need to be set.

ScanningChannel

11a: Select a channel like Full Channel,

149,153,157,161,165 to realize scanning.11b/g: Select a channel like Full Channel, 1-13

channels to realize scanning.

Scanning

Mode

Passive Scanning

Positive Scanning: The AP scans other APs

nearby positively.Stop Scanning: Stop scanning operation.

ScanningCycle

Cycle of scanning.The unit is second, and therange is from 0 to 65535.

Click 【Recovery Factory Set】to reset all the APs.

Click 【System Reboot】,and reboot the AP selected.




TPS14-04_rev2.0


6.6.2 AP Software Upgrade

Click 【Statistics】/【AP Software Upgrade】,and AP information screen will

prompt.

Figure 6-47 AP Software Upgrade

Click 【Software Upgrade Setting】,and the following screen will prompt.

Figure 6-48 Configuration of AP upgrading

The following table will introduce configuration of AP upgrading.

Table 6-31 Configuration of AP upgrading

Items Description

Retries whenit fails

The number of retry after upgrading fails

Numbers of

Simultaenous

AP

The number of AP’thatupgradsat the same

time.

Time ofupgrading

timeout

The time for AP to update. If AP does notsuccessfully upgrade during this time, then the

upgrade fails

Click the button on the left of screen, and the following functions can be

realized.

Click 【Upgrading】to upgrade AP by software.

Click 【Cancel upgrading software】,and cancel upgrading command like

AP’s status is waiting for upgrade or is upgrading and so on.




TPS14-04_rev2.0


Click 【Upgrade configured file】to update AP by configured file.

Click 【Upgrade WAPI certificate】to update AP by WAPI certificate.

Click 【Reboot AP】to restart AP.

6.6.3 Wireless Radio Statistics

Click 【Statistics】/【Wireless Radio Statistics】,and wireless radio statistics

screen will prompt.

Figure 6-49 Wireless Radio Statistics

Click 【Wireless Mode Configuration】,【Wireless Channel Configuration】,

【Wireless Power Configuration】,and the AP selected can be configurated

for wireless mode,channel or power. Please refer to 5.3.1 wireless settings

basic configuration and 5.3.3 wireless channel configuration to get

parameters introduction in detail.

6.6.4 Wireless User List

Click 【Statistics】/【Wireless User List】,and wireless user list screen will prompt.

Figure 6-50 Wireless User List

The following table will introduce wireless user list items.

Table 6-32 Wireless User List

Items Description

AP IP AP’s IP address

AP MAC AP’s MAC address

Access IP address of the access platform.




TPS14-04_rev2.0


Items Description

Platform IP

User MACAddress

MAC address of the user.

SSID WLAN SSID which is used

Session Id Session ID which is used

Tunnel Id The tunnel’s ID

Upline Time Online time

6.6.5 Intrusion Detection Statistics

Click 【Statistics】/【Intrusion Detection Statistics】,and intrusion detection

statistics screen will prompt.

6.6.6 Cycle of Reporting AP Statistics

Click 【Statistics】/【Cycle of Reporting AP Statistics】,and cycle of reporting

AP statistics screen will prompt.

Figure 6-51 Cycle of Reporting AP Statistics




TPS14-04_rev2.0


6.7 Rogue AP

Rogue AP mainly includes【Rogue AP】,【Permitted BSSID List】,【Permitted

SSID List】. The function in detail will be introduced as follows.




TPS14-04_rev2.0


6.7.1 Rogue AP

Click 【Rogue AP】/【Rogue AP】,and rogue AP list screen will prompt.

Figure 6-52 Rogue AP List

Enable rogue AP scanning function, and configure the 5.2.5 AP background

scanning fucntion at the same time will realize the function of rogue APscanning.

The following table will introduce rogue AP configuration items.

Table 6-33 Rogue AP Configuration

Items Description

BSSID Rogue AP’s BSSID

SSID Rogue AP’s SSID

Radio ID Rogue AP’s radio id

Channel Rogue AP’s channel

SignalStrenth(dBm)

Rogue AP’s signal strength

SNR Rogue AP’s SNR

DataTransfer Rate

Rogue AP’s transfer rate

MACAddress

The MAC address of scanning AP.

AP TypeDisplay the scanned AP type. Generally the APdisplayed is rouge AP.

6.7.2 Permitted BSSID List

Click 【Rogue AP】/【Permitted BSSID List】,and permitted BSSID list screen

will prompt.

Figure 6-53 Permitted BSSID List




TPS14-04_rev2.0


Choose a BSSID in the rogue AP list to add in permitted BSSID list, and the

corresponding rogue AP will be turned into the lawful AP.

6.7.3 Permitted SSID List

Click 【Rogue AP】/【Permitted SSID List】,and permitted SSID list screen willprompt.

Figure 6-54 Permitted SSID List

Choose a SSID of rogue AP to add in permitted SSID list, and the

corresponding rogue AP will be turned into the lawful AP.

6.8 LOG

Log mainly includes【Operation Log】,【Operation Log Hold Time】,【Alarm

Log】,【AP Log】,【Intrusion Detection Log】. The function in detail will be

introduced as follows.

6.8.1 Operation Log

Click 【LOG】/【Operation Log】,and operation log screen will prompt.

Figure 6-55 Operation Log Search




TPS14-04_rev2.0


This screen can query user operation log,including User Login,WLAN,User

Quit,Group Policy,Basic Settings,AP Group List,Rogue AP.Select the operation

need to search in the 【 Operation Type】 option. For example,select

userlogin ,click 【Search】,and the following screen will prompt.

Figure 6-56 Operation Log Query Results

Click 【Remote Save +】,and log will be uploaded to the FTP server specified.

Figure 6-57 Log Saving Remote FTP Server




TPS14-04_rev2.0


6.8.2 Operation Log Hold Time

Click 【LOG】/【Operation Log Hold Time】,and operation log hold time

screen will prompt.

Operation log hold time can be set on this screen,and the unit is day.

6.8.3 Alarm Log

Click 【LOG】/【Alarm Log】,and alarm log screen will prompt.

Figure 6-58 Alarm Log

Click 【Download】and log can be saved to the location.

6.8.4 AP Log

Click 【LOG】/【AP Log】,and AP log screen will prompt.

Figure 6-59 AP Log




TPS14-04_rev2.0

Enable SYSLOG switch,and SYSLOG server can be configured.

6.8.5 Intrusion Detection Log

Click 【LOG】/【Intrusion Detection Log】,and intrusion detection log screen will

prompt.

Figure 6-60 Intrusion Detection Log

Altai Access Controller Configuration Manual _ v2.0

Documents

Transcript of Altai Access Controller Configuration Manual _ v2.0