NMS USER MANUAL - ComtrendDescriptions of the functions of each main panel Dashboard, Zone Plan, NMS...

NMS USER MANUAL WAP-EN Series Wireless Access Points

Version 1.2, June 2017

2

Copyright

Copyright©2017ComtrendCorporation.Allrightsreserved.TheinformationcontainedhereinisproprietarytoComtrendCorporation.Nopartofthisdocumentmaybetranslated,transcribed,reproduced,inanyform,orbyanymeanswithoutthepriorwrittenconsentofComtrendCorporation.

Thisprogramisfreesoftware:youcanredistributeitand/ormodifyitunderthetermsoftheGNUGeneralPublicLicenseaspublishedbytheFreeSoftwareFoundation,eitherversion3oftheLicense,or(atyouroption)anylaterversion.

Thisprogramisdistributedinthehopethatitwillbeuseful,butWITHOUTANYWARRANTY;withouteventheimpliedwarrantyofMERCHANTABILITYorFITNESSFORAPARTICULARPURPOSE.SeetheGNUGeneralPublicLicenseformoredetails.

YoushouldhavereceivedacopyoftheGNUGeneralPublicLicensealongwiththisprogram.Ifnot,seehttp://www.gnu.org/licenses/ NOTE: Thisdocumentissubjecttochangewithoutnotice.

3

I.ProductInformationTheNetworkManagementSuite(NMS)supportsthecentralmanagementofagroupofaccesspoints,otherwiseknownasanAPArray.NMScanbeinstalledononeaccesspointandsupportupto5accesspointsoronaWirelessLANController(WLC)andsupportupto50accesspoints. Accesspointscanbedeployedandconfiguredaccordingtoyourrequirements. Thisflexibilitycreatesapowerfulnetworkarchitecturewhichcanbeeasilymanagedandexpandedinthefuture.TheeasytouseinterfaceandafullrangeoffunctionalitymaketheNMSsystemidealforsmallandmid-sizedofficeenvironments.

4

Table of Contents I.ProductInformation............................................................................................................................................3II.QuickSetup..............................................................................................................................................................7

III.SoftwareLayout..............................................................................................................................................10

IV.Features...........................................................................................................................................................15IV-1. LOGIN,LOGOUT&RESTART..........................................................................................................................15IV-2. DASHBOARD..................................................................................................................................................17IV-2-1. SystemInformation....................................................................................................................................18IV-2-2. DevicesInformation...................................................................................................................................18IV-2-3. ManagedAP...............................................................................................................................................19IV-2-4. ManagedAPGroup....................................................................................................................................20IV-2-5. ActiveClients..............................................................................................................................................21IV-2-6. ActiveUsers...............................................................................................................................................21IV-3. ZONEPLAN....................................................................................................................................................22IV-4. NMSMONITOR..............................................................................................................................................24IV-4-1. AccessPoint...............................................................................................................................................24IV-4-1-1. ManagedAP............................................................................................................................................24IV-4-1-2. ManagedAPGroup.................................................................................................................................26IV-4-2. WLAN.........................................................................................................................................................28IV-4-2-1. ActiveWLAN...........................................................................................................................................28IV-4-2-2. ActiveWLANGroup................................................................................................................................29IV-4-3. Clients.........................................................................................................................................................29IV-4-3-1. ActiveClients...........................................................................................................................................29IV-4-4. Users.........................................................................................................................................................30IV-4-4-1. ActiveUsers.........................................................................................................................................30IV-4-4-2. UsersLog................................................................................................................................................30IV-4-5. RogueDevices..........................................................................................................................................31IV-4-6. Information..............................................................................................................................................32IV-4-6-1. AllEvents/Activities................................................................................................................................32IV-4-6-2. APMonitoring........................................................................................................................................32IV-4-6-3.SSIDOverview............................................................................................................................................33 .................................................................................................................................................................................34IV-5. NMSSettings.................................................................................................................................................35IV-5-1. AccessPoint...............................................................................................................................................35IV-5-2. WLAN.........................................................................................................................................................46IV-5-3. RADIUS.......................................................................................................................................................50IV-5-4. AccessControl............................................................................................................................................56IV-5-5. GuestNetwork...........................................................................................................................................59

5

IV-5-6. Users..........................................................................................................................................................62IV-5-7-1. Add/EditGuestPortal..............................................................................................................................66IV-5-7-1-1.FrontDeskURL........................................................................................................................................67IV-5-7-1-2. FrontDeskPrintout..............................................................................................................................69IV-5-7-1-3.GuestPortalType....................................................................................................................................70IV-5-7-1-4.GuestPortalCustomization.....................................................................................................................71IV-5-9. Schedule....................................................................................................................................................74IV-5-10. SmartRoaming........................................................................................................................................76IV-5-11. DeviceMonitoring...................................................................................................................................78IV-5-12. FirmwareUpgrade...................................................................................................................................79IV-5-13. Advanced..................................................................................................................................................80IV-5-13-1. SystemSecurity....................................................................................................................................80V-5-13-2. Date&Time..........................................................................................................................................80V-5-13-3. SystemAccounts...................................................................................................................................81IV-6. LocalNetwork................................................................................................................................................83IV-6-1. NetworkSettings........................................................................................................................................83IV-6-1-1. LAN-SideIPAddress................................................................................................................................83IV-6-1-2. LANPortSettings....................................................................................................................................86IV-6-1-3. VLAN........................................................................................................................................................87IV-6-2. 2.4GHz11bgn(NotavailableontheWLC-6404)........................................................................................88IV-6-2-1. Basic........................................................................................................................................................88IV-6-2-2. Advanced................................................................................................................................................89IV-6-2-3. Security...................................................................................................................................................91IV-6-2-3-1. NoAuthentication..............................................................................................................................92IV-6-2-3-2. WEP....................................................................................................................................................92IV-6-2-3-3. IEEE802.1x/EAP..................................................................................................................................93IV-6-2-3-4. WPA-PSK............................................................................................................................................93IV-6-2-3-5. WPA-EAP............................................................................................................................................93IV-6-2-3-6. AdditionalAuthentication..................................................................................................................94IV-6-2-4. WDS.........................................................................................................................................................95IV-6-3. 5GHz11ac11an(NotavailableontheWLC-6404)..................................................................................97IV-6-3-1. Basic........................................................................................................................................................97IV-6-3-2. Advanced................................................................................................................................................99IV-6-3-3. Security.................................................................................................................................................100IV-6-3-4. WDS.......................................................................................................................................................102IV-6-4. WPS(NotavailableontheWLC-6404).....................................................................................................103IV-6-5. RADIUS(NotavailableontheWLC-6404)................................................................................................104IV-6-5-1. RADIUSSettings....................................................................................................................................106IV-6-5-2. InternalServer......................................................................................................................................107IV-6-5-3. RADIUSAccounts..................................................................................................................................109IV-6-6. MACFilter(NotavailableontheWLC-6404)...........................................................................................111

6

IV-6-7. WMM(NotavailableontheWLC-6404)..................................................................................................113IV-6-8. InternalServer..........................................................................................................................................114IV-6-8-1. InternalRADIUSServer.........................................................................................................................114IV-6-8-2. RADIUSAccounts..................................................................................................................................116IV-6-9. Schedule...................................................................................................................................................117IV-7. LocalSettings...............................................................................................................................................118IV-7-1. OperationMode(NotavailableontheWLC-6404)..................................................................................118IV-7-2. SystemSettings........................................................................................................................................118IV-7-2-1. SystemInformation...............................................................................................................................118IV-7-2-2. WirelessClients(NotavailableontheWLC-6404)................................................................................121IV-7-2-3. WirelessMonitor(NotavailableontheWLC-6404).............................................................................122IV-7-2-4. Log.........................................................................................................................................................123IV-7-3. Management............................................................................................................................................125IV-7-3-1. Admin..................................................................................................................................................125IV-7-3-2. DateandTime.....................................................................................................................................127IV-7-3-3. SyslogServer.......................................................................................................................................128IV-7-3-4. I’mHere..............................................................................................................................................129IV-7-4. Advanced..................................................................................................................................................130IV-7-4-1. LEDSettings...........................................................................................................................................130IV-7-4-2. UpdateFirmware................................................................................................................................130IV-7-4-3. Save/RestoreSettings.........................................................................................................................132IV-7-4-4. FactoryDefault....................................................................................................................................133IV-7-4-5. Reboot.................................................................................................................................................133IV-8. Toolbox........................................................................................................................................................134IV-8-1. NetworkConnectivity.............................................................................................................................134IV-8-1-1. Ping.....................................................................................................................................................134IV-8-1-2. TraceRoute.........................................................................................................................................134

V.BestPractice...................................................................................................................................................135HowtoCreateandLinkWLAN&AccessPointGroups...........................................................................................135

7

II.QuickSetupOnedeviceisdesignatedastheAPController(master)andotherconnectedAPsaredesignatedasManagedAPs(slaves).UsingtheNMSyoucanmonitor,configureandmanageallManagedAPs.Upto5APscanbemanagedfromanEN-SeriesWirelessAccessPointinAPControllerModeor50APscanbemanagedfromadedicatedWLC-6404WirelessAccessPointController.Followthestepsbelow:1. ConnectallAPstoanEthernetorPoEswitchwhichisconnectedtoa

gateway/router.

YoucanuseyourrouterasaDHCPserveroryoucanlaterconfigureyourAPControllerasaDHCPserver.

2. EnsureallAPsarepoweredonandchecktheLEDstatus.

8

3. ConnecttheAPController,whichwillmanageallotherconnectedAPs,topowerandturnthedeviceon.

4. ConnectacomputertotheAPControllerusinganEthernetcable. 5. OpenawebbrowserandentertheAPController’sIPaddressinthe

addressfield.ThedefaultIPaddressislistedintheUserManualforyourcontroller. Typicallyitiseither192.168.2.1or192.168.2.2.

DHCPisenabledontheaccesspointbydefault.ConsulttheDHCPTableofyournetworkfortheController’sIPAddress.IfnoDHCPServiceisfound,theaccesspointwilldefaulttothedefaultIPaddresslistedintheUserManual.TypicaldefaultIPaddressesareeither192.168.2.1or192.168.2.2.Yourcomputer’sIPaddressmustbeinthesamesubnetastheAPController. 192.168.2.10isbeingusedinthisexample.

6. Entertheusername&passwordtologin.Thedefaultusername&

passwordareadmin&1234respectively.

9

7. IfusinganEN-SeriesAPasacontroller,youwillarriveattheAccessPointInformationscreen. Goto!“OperationMode”andselect“APControllerMode”fromthedropdownmenutoinitiateControllerMode.

8. Click“Apply”tosavethesettings.

9. YourControllerAP&ManagedAPsshouldbefullyfunctional.Usethetop

menutonavigatearoundtheNMS.

UseLocalNetwork&LocalSettingstoconfigureyourControllerAP.UseDashboard,ZonePlan,NMSMonitor&NMSSettingstoconfigureManagedAPs.UseToolboxtodiagnoseconnectionissues.

10

III.SoftwareLayoutThetopmenufeatures7panels:Dashboard,ZonePlan,NMSMonitor,NMSSettings,LocalNetwork,LocalSettings&Toolbox.

Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfigurationanddevicebeingusedasacontroller.

Dashboard

TheDashboardpaneldisplaysanoverviewofyournetworkandkeysysteminformation,withquicklinkstoaccessconfigurationoptionsforManagedAPsandManagedAPgroups.Eachpanelcanberefreshed,collapsedormovedaccordingtoyourpreference. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)

11

ZonePlan

ZonePlandisplaysacustomizablelivemapofManagedAPsforavisualrepresentationofyournetworkcoverage.EachAPiconcanbemovedaroundthemap,andabackgroundimagecanbeuploadedforuser-definedlocationprofilesusingNMSSettings! ZoneEdit.OptionscanbeconfiguredusingthemenuontherightsideandsignalstrengthisdisplayedforeachAP. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)

NMSMonitor

TheNMSMonitorpanelprovidesmoredetailedmonitoringinformationabouttheAPArraythanfoundontheDashboard,groupedaccordingtocategoriesinthemenudowntheleftside. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)

12

NMSSettings

NMSSettingsprovidesextensiveconfigurationoptionsfortheAPArray.Youcanmanageeachaccesspoint,assignaccesspointsintogroups,manageWLAN,RADIUSaswellasupgradefirmwareacrossmultipleaccesspoints.TheZonePlancanalsobeconfiguredusing“ZoneEdit”. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)

LocalNetwork

LocalNetworksettingsareforyourAPController.YoucanconfiguretheIPaddressandDHCPserveroftheAPControllerinadditionto2.4GHz&5GhzWi-Fiandsecurity,withWPS,RADIUSserver,MACfilteringandWMMsettings

13

alsoavailable. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)

LocalSettings

LocalSettingsareforyourAPController.Youcansettheoperationmodeandviewnetworksettings(clientsandlogs)specificallyfortheAPController,aswellasothermanagementsettingssuchasdate/time,adminaccounts,firmwareandreset. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.)

14

Toolbox

TheToolboxpanelprovidesanetworkdiagnostictools:pingandtraceroute.

15

IV.FeaturesDescriptionsofthefunctionsofeachmainpanelDashboard,ZonePlan,NMSMonitor,NMSSettings,LocalNetwork,LocalSettings&Toolboxcanbefoundbelow. (AvailablesettingswillvarydependingonthedevicebeingusedasanAPController.) WhenusingtheNMS,click“Apply”tosavechanges:

Screenshotsdisplayedareexamples.Theinformationshownonyourscreenwillvarydependingonyourconfiguration.

IV-1. LOGIN,LOGOUT&RESTART

ItisrecommendedthatyoulogintotheAPControllertomakeconfigurationchangestoManagedAPs.

LOGIN

1. ConnectacomputertothedesignatedAPControllerusinganEthernetcable:

2. OpenawebbrowserandentertheAPController’sIPaddressinthe

addressfield.ThedefaultIPaddressislistedintheUserManualforyourcontroller. Typicallyitiseither192.168.2.1or192.168.2.2.

Yourcomputer’sIPaddressmustbeinthesamesubnetastheAPController.RefertoV-1.ConfiguringyourIPAddressformorehelp.

DHCPisenabledontheaccesspointbydefault. ConsulttheDHCPTableofyournetworkfortheController’sIPAddress. IfnoDHCPServiceisfound,theaccesspointwilldefaulttothedefaultIPaddresslistedintheUserManual. TypicaldefaultIPaddressesareeither192.168.2.1or192.168.2.2.

16

IfusingaDHCPserveronthenetwork,itisadvisedtouseyourDHCPserver’ssettingstoassigntheAPControllerastaticIPaddress.

3. Entertheusername&passwordtologin.Thedefaultusername&

passwordareadmin&1234.RESTARTYoucanrestartyourAPControlleroranyManagedAPusingtheNMS.TorestartyourAPControllergotoLocalSettings! Advanced! Rebootandclick“Reboot”.TorestartManagedAPsclicktheRestarticonforthespecifiedAPontheDashboard:

17

IV-2. DASHBOARDThedashboarddisplaysanoverviewofyourAParray:

Usetheblueiconsabovetorefreshorcollapseeachpanelinthedashboard.Clickanddragtomoveapaneltosuityourpreference.Youcansetthedashboardtoauto-refreshevery1minute,30secondsordisableauto-refresh:

18

IV-2-1.SystemInformationSystemInformationdisplaysinformationabouttheAPController:ProductName(model),HostName,MACAddress,IPAddress,FirmwareVersion,SystemTime,Uptime,CPUUsageandMemoryUsage.

IV-2-2.DevicesInformationDevicesInformationisasummaryofthenumberofalldevicesinthelocalnetwork:AccessPoints,ClientsConnected,andRogue(unidentified)Devices.

19

IV-2-3.ManagedAP

ManagedAPdisplaysinformationabouteachManagedAPinthelocalnetwork:Index(referencenumber),MACAddress,DeviceName,Model,IPAddress,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccesspoint,andStatus(connected,connectingordisconnected).

ThesearchfunctioncanbeusedtolocateaspecificManagedAP.Typeinthesearchboxandthelistwillupdate:

TheStatusicondisplaysgrey(disconnected),yellow(connecting)orgreen(connected)foreachManagedAP.EachManagedAPhas“Action”iconswiththefollowingfunctions:

1. DisallowRemovetheManagedAPfromtheAParrayanddisableconnectivity.

2. EditEditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint).

3. BlinkLEDTheManagedAP’sLEDwillflashtemporarilytohelpidentify&locateaccesspoints.

4. BuzzerTheManagedAP’sbuzzerwillsoundtemporarilytohelpidentify&locateaccesspoints.

5. NetworkConnectivityGotothe“NetworkConnectivity”paneltoperformapingortraceroute.

6. RestartRestartstheManagedAP.

20

IV-2-4.ManagedAPGroupManagedAPscanbegroupedaccordingtoyourrequirements.ManagedAPGroupdisplaysinformationabouteachManagedAPgroupinthelocalnetwork:GroupName,MACAddress,DeviceName,Model,IPAddress,No.ofClientsconnectedtoeachaccesspoint,andStatus(connectedordisconnected).ToeditManagedAPGroupsgotoNMSSettings! AccessPoint(refertoIV-5-1.AccessPoint).

ThesearchfunctioncanbeusedtolocateaspecificManagedAPGroup.Typeinthesearchboxandthelistwillupdate:

TheStatusicondisplaysgrey(disconnected),yellow(connecting)orgreen(connected)foreachindividualManagedAP.EachManagedAPhas“Action”iconswiththefollowingfunctions:


2. EditEditvarioussettingsfortheManagedAP(refertoIV-5-1.AccessPoint)

3. BlinkLED

TheManagedAP’sLEDwillflashtemporarilytohelpidentify&locateaccesspoints.



21

6. Restart

RestartstheManagedAP.

IV-2-5.ActiveClients

ActiveClientsdisplaysinformationabouteachclientinthelocalnetwork:Index(referencenumber),ClientMACAddress,DeviceName,Model,IPAddress,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccesspoint,andStatus(onoroff).

Thesearchfunctioncanbeusedtolocateaspecificclient.Typeinthesearchboxandthelistwillupdate:

IV-2-6.ActiveUsers

ActiveUsersdisplaysinformationabouteachuserinthelocalnetwork:Index(referencenumber),UserName,MACAddress,IPAddress,SSID,Creator,CreationTime,ExpireTime,UsagePercentage,Vendor,PlatformandAction.

Thesearchfunctioncanbeusedtolocateaspecificuser.Typeinthesearchboxandthelistwillupdate:

22

IV-3. ZONEPLANTheZonePlancanbefullycustomizedtomatchyournetworkenvironment.YoucanmovetheAPiconsandselectdifferentlocationimages(uploadlocationimagesinNMSSettings! ZoneEdit)tocreateavisualmapofyourAParray.

Usethemenuonthesidetomakeadjustmentsandmouse-overanAPiconinthezonemaptoseemoreinformation.ClickanAPiconinthezonemaptoselectitanddisplayactionicons.ClickanddraganAPicontomovetheiconaroundthezonemap.ThesignalstrengthforeachAPisdisplayedaccordingtothe“Signal”keyinthemenuontherightside:

Location Selectapre-definedlocationfromthedropdownmenu.WhenyouuploadalocationimageinNMSSettings! ZoneEdit,itwillbeavailableforselectionhere.

23

APGroup YoucanselectanAPGrouptodisplayinthezonemap.EditAPGroupsinNMSSettings! AccessPoint.

Search UsethesearchboxtoquicklylocateanAP.Radio UsethecheckboxestodisplayAPsaccording

to2.4GHzor5GHzwirelessradiofrequency. Signal Signalstrengthkeyforthesignalstrength

displayaroundeachAPinthezonemap.Zoom Usetheslidertoadjustthezoomlevelofthe

map.Transparency Usetheslidertoadjustthetransparencyof

locationimages.Scale Zonemapscale.Device/Number Displaysnumberandtypeofdevicesinthe

zonemap.

24

IV-4. NMSMONITORIV-4-1.AccessPoint

IV-4-1-1. ManagedAPDisplaysinformationabouteachManagedAPinthelocalnetwork:Index(referencenumber),MACAddress,DeviceName,Model,IPAddress,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccesspoint,andStatus(connected,connectingordisconnected).

ThesearchfunctioncanbeusedtolocateaspecificManagedAP.Typeinthesearchboxandthelistwillupdate:

TheStatusicondisplaysthestatusofeachManagedAP.StatusIcons

Icon Color Status Definition

Grey Disconnected

ManagedAPisdisconnected. CheckthenetworkconnectionandensuretheManagedAPisinthesameIPsubnetastheAPController.

Red

AuthenticationFailedOrIncompatibleNMSVersion

SystemsecuritymustbethesameforallaccesspointsintheAParray.Pleasechecksecuritysettings(refertoIV-5-12-1.SystemSecurity).AccesspointsmustusethesameversionofNMSastheController. UsetheAPController’sfirmwareupgradefunction(refertoIV-5-11.FirmwareUpgrade)tosynchronizetheNMSversion.

25

Orange ConfiguringorUpgrading

ManagedAPismakingconfigurationchangesorupgradingthefirmware.

Yellow Connecting ManagedAPisconnecting.

Green Connected ManagedAPisconnected.

Blue WaitingforApproval ManagedAPiswaitingforapproval.

EachManagedAPhas“Action”iconswiththefollowingfunctions:



2. BlinkLED





26

IV-4-1-2. ManagedAPGroupManagedAPscanbegroupedaccordingtoyourrequirements.ManagedAPGroupdisplaysinformationabouteachManagedAPgroupinthelocalnetwork:GroupName,MACAddress,DeviceName,Model,IPAddress,2.4GHz&5GHzWirelessChannelNumber,No.ofClientsconnectedtoeachaccesspoint,andStatus(connectedordisconnected).ToeditManagedAPGroupsgotoNMSSettings! AccessPoint(refertoIV-5-1.AccessPoint).

ThesearchfunctioncanbeusedtolocateaspecificManagedAPGroup.Typeinthesearchboxandthelistwillupdate:

TheStatusicondisplaysgrey(disconnected),red(authenticationfailed/incompatibleNMSversion),orange(upgradingfirmware),yellow(connecting),green(connected)orblue(waitingforapproval)foreachindividualManagedAP.RefertoIV-4-1-1.ManagedAP:StatusIconsforfulldescriptions.EachManagedAPhas“Action”iconswiththefollowingfunctions:


27


4. BlinkLED





28

IV-4-2.WLAN

IV-4-2-1. ActiveWLANDisplaysinformationabouteachSSIDintheAPArray:Index(referencenumber),Name/SSID,VLANID,Authentication,Encryption,IPAddressandAdditionalAuthentication.ToconfigureencryptionandVLANsforManagedAPsgotoNMSSettings! WLAN.ThesearchfunctioncanbeusedtolocateaspecificSSID.Typeinthesearchboxandthelistwillupdate:

29

IV-4-2-2. ActiveWLANGroupWLANgroupscanbecreatedaccordingtoyourpreference.ActiveWLANGroupdisplaysinformationaboutWLANgroup:GroupName,Name/SSID,VLANID,Authentication,Encryption,IPAddressandAdditionalAuthentication.

ThesearchfunctioncanbeusedtolocateaspecificActiveWLANGroup.Typeinthesearchboxandthelistwillupdate:

IV-4-3.Clients

IV-4-3-1. ActiveClientsDisplaysinformationaboutclientscurrentlyconnectedtotheAPArray:Index(referencenumber),ClientMACAddress,APMACAddress,WLAN(SSID),UserName,Radio(2.4GHzor5GHz),SignalStrengthreceivedbyClient,ConnectedTime,IdleTime,Tx&Rx(DatatransmittedandreceivedbyClientinKB),andtheVendoroftheclientdevice.Youcansetordisabletheauto-refreshtimefortheclientlistorclick“Refresh”tomanuallyrefresh.


30

IV-4-4. Users

IV-4-4-1. ActiveUsersDisplaysinformationabouteachuserinthelocalnetworkviaguestportals:Index(referencenumber),UserName,MACAddress,IPAddress,SSID,Creator,CreateTime,ExpireTime,UsagePercentage,TrafficProgress,Vendorand Platformoftheuserdevice.


IV-4-4-2. UsersLogDisplaysadetailedinformationlogofusersandactivityonthenetworkviaguestportals:ID,DateandTimeofentry,Categoryofentry,Severity,Users,Event/Activitiesdetails.


31

IV-4-5. RogueDevicesRogueaccesspointdetectioncanidentifyanyunauthorizedaccesspointswhichmayhavebeeninstalledinthenetwork.Click“Start”toscanforroguedevices:

UnknownRogueDevicesdisplaysinformationaboutroguedevicesdiscoveredduringthescan:Index(referencenumber),Channel,SSID,MACAddress,Security,SignalStrength,Type,VendorandAction.

Thesearchfunctioncanbeusedtolocateaknownroguedevice.Typeinthesearchboxandthelistwillupdate:

32

IV-4-6. Information

IV-4-6-1. AllEvents/ActivitiesDisplaysalogoftime-stampedeventsforeachaccesspointintheArray–usethedropdownmenutoselectanaccesspointandviewthelog.

IV-4-6-2. APMonitoringDisplaysgraphicalmonitoringinformationaboutaccesspointsintheArrayfor2.4GHz&5GHz:TrafficTx(datatransmittedinMB),TrafficRx(datareceivedinMB),No.ofClients,WirelessChannel,TxPower(wirelessradiopower),CPUUsageandMemoryUsage.

Usethedropdownmenustoselectanaccesspointanddate.Youcansetordisabletheauto-refreshtimeforthedata:

33

IV-4-6-3.SSIDOverviewDisplaysgraphicalmonitoringinformationaboutdifferentSSIDsfor2.4GHz&5GHz,includingTrafficTx(datatransmittedinKbps),TrafficRx(datareceivedinKbps),andalsotheClientNumberforeachSSID. YoucanuseRefreshtorunthemanualrefresh:

2.4GHz&5GHzTrafficshowscurrentlyhowmuchTx/Rxtraffic(inKBps)utilizedineachSSID.Thebluediagramrepresentsthe2.4GHzradioband,andthegreendiagramrepresentsthe5GHzradioband.

34

ClientNumbershowscurrentlyhowmanycurrentusersoneachSSID.Thebluediagramrepresentsthe2.4GHzradioband,andthegreendiagramrepresentsthe5GHzradioband.

35

IV-5. NMSSettings

IV-5-1.AccessPointDisplaysinformationabouteachaccesspointandaccesspointgroupinthelocalnetworkandallowsyoutoeditaccesspointsandeditoraddaccesspointgroups.Thesearchfunctioncanbeusedtolocateanaccesspointoraccesspointgroup.Typeinthesearchboxandthelistwillupdate:

TheStatusicondisplaysgrey(disconnected),red(authenticationfailed/incompatibleNMSversion),orange(upgradingfirmware),yellow(connecting),green(connected)orblue(waitingforapproval)foreachindividualManagedAP.RefertoIV-4-1-1.ManagedAP:StatusIconsforfulldescriptions.The“Action”iconsenableyoutoallowordisallowanaccesspoint:

Selectanaccesspointoraccesspointgroupusingthecheck-boxesandclick“Edit”tomakeconfigurations,orclick“Add”toaddanewaccesspointgroup:

36

TheAccessPointSettingspanelcanenableordisableAutoApproveforallManagedAPs.Whenenabled,ManagedAPswillautomaticallyjointheAPArraywiththeControllerAP.Whendisabled,ManagedAPsmustbemanuallyapprovedtojointheAPArraywiththeControllerAP.

AccessPointSettingsAutoApprove EnableordisableAutoApproveforall

ManagedAPs.TomanuallyapproveaManagedAP,use“theallowAction”iconforthespecifiedaccesspoint:EditAccessPointConfigureyourselectedaccesspointonyourLAN.YoucansettheaccesspointasaDHCPclientorspecifyastaticIPaddressforyouraccesspoint,andassigntheaccesspointtoanAPgroup,aswellasedit2.4GHz&5GHzwirelessradiosettings.Aneventslogisdisplayedatthebottomofthepage.YoucanalsouseProfileSettingstoassigntheaccesspointtoWLAN,RADIUSandAccessControlgroupsindependentlyfromAccessPointGroupsettings.Checkthe“OverrideGroupSettings”boxtousedifferentindividualsettingsforaccesspointsassignedtoAPGroups:

37

BasicSettingsName Edittheaccesspointname.Thedefaultname

isAP+MACaddress.Description Enteradescriptionoftheaccesspointfor

referencee.g.2ndFloorOffice.MACAddress DisplaysMACaddress.APGroup UsethedropdownmenutoassigntheAPto

anAPGroup.YoucaneditAPGroupsfromtheNMSSettings! AccessPointpage.

IPAddressAssignment

Select“DHCPClient”foryouraccesspointtobeassignedadynamicIPaddressfromyourrouter’sDHCPserver,orselect“StaticIP”tomanuallyspecifyastatic/fixedIPaddressforyouraccesspoint(below).Checkthebox“OverrideGroupSetting”iftheAPisamemberofanAPGroupandyouwishtouseadifferentsettingthantheAPGroupsetting.

IPAddress SpecifytheIPaddresshere.ThisIPaddresswillbeassignedtoyouraccesspointandwillreplacethedefaultIPaddress.

SubnetMask Specifyasubnetmask.Thedefaultvalueis

38

255.255.255.0DefaultGateway ForDHCPusers,select“FromDHCP”toget

defaultgatewayfromyourDHCPserveror“User-Defined”toenteragatewaymanually.ForstaticIPusers,thedefaultvalueisblank.

PrimaryDNS DHCPuserscanselect“FromDHCP”togetprimaryDNSserver’sIPaddressfromDHCPor“User-Defined”tomanuallyenteravalue.ForstaticIPusers,thedefaultvalueisblank.

SecondaryDNS DHCPuserscanselect“FromDHCP”togetsecondaryDNSserver’sIPaddressfromDHCPor“User-Defined”tomanuallyenteravalue.ForstaticIPusers,thedefaultvalueisblank.

RadioSettingsWireless Enableordisabletheaccesspoint’s2.4GHzor

5GHzwirelessradio.Whendisabled,noSSIDsonthatfrequencywillbeactive.

Band Selectthewirelessstandardusedfortheaccesspoint.Combinationsof802.11b,

39

802.11g,802.11n&802.11accanbeselected.AutoPilot Enable/disableautochannelselection.Auto

channelselectionwillautomaticallysetthewirelesschannelfortheaccesspoint’s2.4GHzor5GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanually.

AutoPilotRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel.

AutoPilotInterval Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference.

ChannelBandwidth SetthechannelbandwidthoruseAuto(automaticallyselectbasedoninterferencelevel).

BSSBasicRateSet SetaBasicServiceSet(BSS)rate:thisisaseriesofratestocontrolcommunicationframesforwirelessclients.

Thesesettingsareforexperiencedusersonly.Pleasedonotchangeanyofthevaluesonthispageunlessyouarealreadyfamiliarwiththesefunctions.

Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoint.

AdvancedSettingsContentionSlot Select“Short”or“Long”–thisvalueisusedfor

contentionwindowsinWMM(seeIV-6-7.WMM).

PreambleType Setthewirelessradiopreambletype.Thepreambletypein802.11basedwirelesscommunicationdefinesthelengthoftheCRC(CyclicRedundancyCheck)blockforcommunicationbetweentheaccesspointandroamingwirelessadapters.Thedefaultvalueis“ShortPreamble”.

GuardInterval Settheguardinterval. Ashorterintervalcanimproveperformance.

40

802.11gProtection Enable/disable802.11gprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)

802.11nProtection Enable/disable802.11nprotection,whichincreasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)

DTIMPeriod SettheDTIM(deliverytrafficindicationmessage)periodvalueofthewirelessradio.Thedefaultvalueis1.

RTSThreshold SettheRTSthresholdofthewirelessradio.Thedefaultvalueis2347.

FragmentThreshold

Setthefragmentthresholdofthewirelessradio.Thedefaultvalueis2346.

MulticastRate Setthetransferrateformulticastpacketsorusethe“Auto”setting.

TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower. Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal.

BeaconInterval Setthebeaconintervalofthewirelessradio.Thedefaultvalueis100.

Stationidletimeout

Settheintervalforkeepalivemessagesfromtheaccesspointtoawirelessclienttoverifyifthestationisstillalive/active.

41

ProfileSettingsWLANGroup Assigntheaccesspoint’s2.4GHzor5GHz

SSID(s)toaWLANGroup.YoucaneditWLANgroupsinNMSSettings! WLAN.

RADIUSGroup Assigntheaccesspoint’s2.4GHzSSID(s)toaRADIUSgroup.YoucaneditRADIUSgroupsinNMSSettings! RADIUS.

AccessControlGroup

Assigntheaccesspoint’s2.4GHzSSID(s)toaRADIUSgroup.YoucaneditRADIUSgroupsinNMSSettings! AccessControl

Add/EditAccessPointGroupConfigureyourselectedaccesspointgroup.Accesspointgroupsettingsapplytoallaccesspointsinthegroup,unlessindividuallysettooverridegroupsettings.YoucanuseProfileGroupSettingstoassigntheaccesspointgrouptoWLAN,RADIUSandAccessControlgroups.TheGroupSettingspanelcanbeusedtoquicklymoveaccesspointsbetweenexistinggroups:selectanaccesspointandusethedropdownmenuorsearchtoselectaccesspointgroupsanduse>arrowstomoveAPsbetweengroups.

BasicGroupSettingsName Edittheaccesspointgroupname.Description Enteradescriptionoftheaccesspointgroup

forreferencee.g.2ndFloorOfficeGroup.

42

RadioGroupSettingsWireless Enableordisabletheaccesspointgroup’s

2.4GHzor5GHzwirelessradio.Whendisabled,noSSIDsonthatfrequencywillbeactive.

Band Selectthewirelessstandardusedfortheaccesspointgroup.Combinationsof802.11b,802.11g,802.11n&802.11accanbeselected.

AutoPilot Enable/disableautochannelselection.Autochannelselectionwillautomaticallysetthewirelesschannelfortheaccesspointgroup’s2.4GHzor5GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanually.

AutoPilotRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel.

AutoPilotInterval Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference.

ChannelBandwidth SetthechannelbandwidthoruseAuto

43

(automaticallyselectbasedoninterferencelevel).



Changingthesesettingscanadverselyaffecttheperformanceofyouraccesspoints.

AdvancedSettingsContentionSlot Select“Short”or“Long”–thisvalueisusedfor







44


FragmentThreshold





Stationidletimeout


ProfileGroupSettingsWLANGroup Assigntheaccesspointgroup’s2.4GHzor

45

5GHzSSIDstoaWLANGroup.YoucaneditWLANgroupsinNMSSettings! WLAN.

RADIUSGroup Assigntheaccesspointgroup’s2.4GHzSSIDstoaRADIUSgroup.YoucaneditRADIUSgroupsinNMSSettings! RADIUS.

AccessControlGroup

Assigntheaccesspoint’s2.4GHzSSIDstoaRADIUSgroup.YoucaneditRADIUSgroupsinNMSSettings! AccessControl.

46

IV-5-2.WLANDisplaysinformationabouteachWLANandWLANgroupinthelocalnetworkandallowsyoutoaddoreditWLANs&WLANGroups.WhenyouaddaWLANGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.ThesearchfunctioncanbeusedtolocateaWLANorWLANGroup.Typeinthesearchboxandthelistwillupdate:

SelectaWLANorWLANGroupusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewWLANorWLANGroup:

47

Add/EditWLAN

WLANSettingsName/ESSID EdittheWLANname(SSID).Description EnteradescriptionoftheSSIDforreference

e.g.2ndFloorOfficeHR.SSID SelectwhichSSIDtoconfiguresecurity

settingsfor.VLANID SpecifytheVLANID.BroadcastSSID EnableordisableSSIDbroadcast.When

enabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID.

WirelessClientIsolation

Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspots

48

andcanpreventbruteforceattacksonclients’usernamesandpasswords.

LoadBalancing LoadbalancinglimitsthenumberofwirelessclientsconnectedtoanSSID.Setaloadbalancingvalue(maximum50).

AuthenticationMethod

Selectanauthenticationmethodfromthedropdownmenu.

AdditionalAuthentication

Selectanadditionalauthenticationmethodfromthedropdownmenu.

Varioussecurityoptions(wirelessdataencryption)areavailable.Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.

It’sessentialtoconfigurewirelesssecurityinordertopreventunauthorisedaccesstoyournetwork.

Selecthard-to-guesspasswordswhichincludecombinationsofnumbers,lettersandsymbols,andchangeyourpasswordregularly.

PleaserefertoIV-6-2-3.Securityformoreinformationonauthenticationandadditionalauthenticationtypes.

WLANAdvancedSettingsRSSIThreshold SetaRSSIThresholdlevel.

49

Add/EditWLANGroupWhenyouaddaWLANGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.

WLANGroupSettingsName EdittheWLANGroupname.Description EnteradescriptionoftheWLANGroupfor

referencee.g.2ndFloorOfficeHRGroup.Members SelectSSIDstoincludeinthegroupusingthe

checkboxesandassignVLANIDs.

50

IV-5-3.RADIUSDisplaysinformationaboutExternal&InternalRADIUSServers,AccountsandGroupsandallowsyoutoaddoreditRADIUSServers,Accounts&Groups.WhenyouaddaRADIUSGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.ThesearchfunctioncanbeusedtolocateaRADIUSServer,AccountorGroup.Typeinthesearchboxandthelistwillupdate:

Makeaselectionusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewWLANorWLANGroup:

51

Add/EditExternalRADIUSServer

Name EnteranamefortheRADIUSServer.Description EnteradescriptionoftheRADIUSServerfor

reference.RADIUSServer EntertheRADIUSserverhostIPaddress.

AuthenticationPort

SettheUDPportusedintheauthenticationprotocoloftheRADIUSserver.Valuemustbebetween1–65535.

SharedSecret Enterasharedsecret/passwordbetween1–99charactersinlength.Thisshouldmatchthe“MAC-RADIUS”password.

SessionTimeout Setadurationofsessiontimeoutinsecondsbetween0–86400.

Accounting EnableordisableRADIUSaccounting.

AccountingPort Whenaccountingisenabled(above),settheUDPportusedintheaccountingprotocoloftheRADIUSserver.Valuemustbebetween1–65535.

52

Add/EditInternalRADIUSServer

UploadEAPCertificateFile

EAPCertificateFileFormat

DisplaystheEAPcertificatefileformat:PCK#12(*.pfx/*.p12)

EAPCertificateFile Click“Upload”toopenanewwindowandselectthelocationofanEAPcertificatefiletouse.Ifnocertificatefileisuploaded,theinternalRADIUSserverwilluseaself-madecertificate.

InternalRADIUSServer

Name EnteranamefortheInternalRADIUSServer.

Description EnteradescriptionoftheInternalRADIUSServerforreference.

EAPCertificateFileFormat

DisplaystheEAPcertificatefileformat:PCK#12(*.pfx/*.p12)

EAPCertificateFile Click“Upload”toopenanewwindowandselectthelocationofanEAPcertificatefiletouse.Ifnocertificatefileisuploaded,theinternalRADIUSserverwilluseaself-madecertificate.

53

EAPInternalAuthentication

SelectEAPinternalauthenticationtypefromthedropdownmenu.

SharedSecret Enterasharedsecret/passwordforusebetweentheinternalRADIUSserverandRADIUSclient.Thesharedsecretshouldbe1–99charactersinlength.

SessionTimeout Setadurationofsessiontimeoutinsecondsbetween0–86400.

TerminationAction Selectatermination-actionattribute:“Reauthentication”sendsaRADIUSrequesttotheaccesspoint,“Not-Reathentication”sendsadefaulttermination-actionattributetotheaccesspoint,“Not-Send”notermination-actionattributeissenttotheaccesspoint.

Add/EditRADIUSAccounts

TheinternalRADIUSservercanauthenticateupto256useraccounts.The“RADIUSAccounts”pageallowsyoutoconfigureandmanageusers.

54

RADIUSAccountsUserName Entertheusernameshere,separatedby

commas.Add Click“Add”toaddtheusertotheuser

registrationlist.Reset Cleartextfromtheusernamebox.

UserRegistrationListSelect Checktheboxtoselectauser.UserName Displaystheusername.Password Displaysifspecifiedusernamehasapassword

(configured)ornot(notconfigured).Customize Click“Edit”toopenanewfieldtoset/edita

passwordforthespecifiedusername(below).

DeleteSelected Deleteselecteduserfromtheuserregistrationlist.

DeleteAll Deleteallusersfromtheuserregistrationlist.

EditUserRegistrationListUserName Existingusernameisdisplayedhereandcan

beeditedaccordingtoyourpreference.Password Enteroreditapasswordforthespecifieduser.

55

Add/EditRADIUSGroup

WhenyouaddaRADIUSGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.

RADIUSGroupSettingsGroupName EdittheRADIUSGroupname.Description EnteradescriptionoftheRADIUSGroupfor

reference.2.4GHzRADIUS Enable/Disableprimary&secondaryRADIUS

serversfor2.4GHz.5GHzRADIUS Enable/Disableprimary&secondaryRADIUS

serversfor5GHz.Members AddRADIUSuseraccountstotheRADIUS

group(Maximum5).

56

IV-5-4.AccessControl

MACAccessControlisasecurityfeaturethatcanhelptopreventunauthorizedusersfromconnectingtoyouraccesspoint.Thisfunctionallowsyoutodefinealistofnetworkdevicespermittedtoconnecttotheaccesspoint.DevicesareeachidentifiedbytheiruniqueMACaddress.IfadevicewhichisnotonthelistofpermittedMACaddressesattemptstoconnecttotheaccesspoint,itwillbedenied.TheAccessControlpaneldisplaysinformationaboutMACAccessControl&MACAccessControlGroupsandGroupsandallowsyoutoaddoreditMACAccessControl&MACAccessControlGroupsettings.WhenyouaddanAccessControlGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.ThesearchfunctioncanbeusedtolocateaMACaddressorMACAccessControlGroup.Typeinthesearchboxandthelistwillupdate:

Makeaselectionusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewMACAddressorMACAccessControlGroup:

57

Add/EditMACAccessControl

AddMACAddress EnteraMACaddressofcomputerornetworkdevicemanuallye.g.‘aa-bb-cc-dd-ee-ff’orentermultipleMACaddressesseparatedwithcommas,e.g.‘aa-bb-cc-dd-ee-ff,aa-bb-cc-dd-ee-gg’

Add Click“Add”toaddtheMACaddresstotheMACaddressfilteringtable.

Reset Clearallfields.MACaddressentrieswillbelistedinthe“MACAddressFilteringTable”.Selectanentryusingthe“Select”checkbox.

Select Deleteselectedorallentriesfromthetable.MACAddress TheMACaddressislistedhere.DeleteSelected DeletetheselectedMACaddressfromthe

list.DeleteAll DeleteallentriesfromtheMACaddress

filteringtable.Export Click“Export”tosaveacopyoftheMAC

filteringtable.Anewwindowwillpopupforyoutoselectalocationtosavethefile.

58

Add/EditMACAccessControlGroupWhenyouaddanAccessControlGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.

MACFilterGroupSettingsGroupName EdittheMACAccessControlGroupname.Description EnteradescriptionoftheMACAccessControl

Groupforreference.Action Select“Blacklist”todenyaccesstospecified

MACaddressesinthegroup,andselect“Whitelist”topermitaccesstospecifiedMACaddressinthegroup.

Members AddMACaddressestothegroup.

59

IV-5-5.GuestNetworkYoucansetupanadditional“Guest”Wi-FinetworksoguestuserscanenjoyWi-Ficonnectivitywithoutaccessingyourprimarynetworks.The“Guest”screendisplayssettingsforyourguestWi-Finetwork.TheGuestNetworkpaneldisplaysinformationaboutGuestNetworksandGuestNetworkGroupsandallowsyoutoaddoreditGuestNetworkandGuestNetworkGroupsettings.WhenyouaddaGuestNetworkGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.ThesearchfunctioncanbeusedtolocateaGuestNetworkorGuestNetworkGroup.Typeinthesearchboxandthelistwillupdate:

Makeaselectionusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewGuestNetworkorGuestNetworkGroup.

60

Add/EditGuestNetwork

GuestNetworkSettingsName/ESSID EdittheGuestNetworkname(SSID).Description EnteradescriptionoftheGuestNetworkfor

referencee.g.2ndFloorOfficeHR.VLANID SpecifytheVLANID.BroadcastSSID EnableordisableSSIDbroadcast.When

enabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID.

WirelessClient Enableordisablewirelessclientisolation.

61

Isolation Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords.



Selectanauthenticationmethodfromthedropdownmenu.


Selectanadditionalauthenticationmethodfromthedropdownmenu.

Varioussecurityoptions(wirelessdataencryption)areavailable.Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.



GuestAccessPolicyGuestPortal Selectaguestportaltouseforthisguest

SSID.GuestportalscanbeconfiguredinNMSSettings! GuestPortal.

TrafficShaping Enableordisabletrafficshapingfortheguestnetwork.

Downlink EnteradownlinklimitinMB.Uplink EnteranuplinklimitinMB.IPFiltering Select“Deny”or“Allow”todenyorallow

specifiedIPaddressestoaccesstheguestnetwork.Select“Disable”todisableIPfiltering.

Rules EnterIPaddressestobefilteredaccordingto

62

theDenyorAllowrulespecifiedaboveandchecktheboxforeachIPaddresstobefiltered.

GuestNetworkAdvancedSettingsScheduleGroup AssignguestSSIDtoaspecifiedschedule

(schedulemustbepre-configuredinNMSSettings! Schedule.)

Add/EditGuestNetworkGroupWhenyouaddaGuestNetworkGroup,itwillbeavailableforselectioninNMSSettings! AccessPointaccesspointProfileSettings&accesspointgroupProfileGroupSettings.

GuestNetworkGroupSettingsGroupName EdittheGuestNetworkGroupname.Description EnteradescriptionoftheGuestNetworkfor

reference.Members AddSSIDstotheGuestNetworkgroup.You

canoverrideindividualVLANID&schedulesettingsandassignadifferentVLANIDorschedule.

IV-5-6.UsersUseraccountscanbecreated,monitoredandmanagedforusewiththecontroller’sguestportalfunction.GuestportalsettingscanbefoundatIV-5-7.GuestPortal(NMSSettings!GuestPortal).

63

Whenaguestportalisenabled,userswhoconnecttotheGuestSSIDwillautomaticallyarriveatthecustomizableguestportalpage.Fromthereauseraccountloginisrequiredtoaccessthenetwork.Theseuseraccountsarecreatedandgroupedhere,andthenselectedastheAuthenticationUserGroupatNMSSettings! GuestPortal.TheguestportalalsogeneratesaFrontDeskURLwhichallowsstaff/adminstologinandquicklycreate/manageuseraccountsandexpirytimes,andgenerate&printticketswithlogincredentialstogivetoguestusers.Thesestaff/adminaccountsarecreatedandgroupedhere,andselectedastheFrontDeskUserGroupatNMSSettings! GuestPortal.InformationontheUserspageisdisplayedabouteachuseraccountanduseraccountgroup. Thesearchfunctioncanbeusedtolocateauserorusergroup.Typeinthesearchboxandthelistwillupdate:

TheStatusicondisplaysgrey(loggedout),yellow(expired),red(locked)orgreen(active)foreachuser.TheActioniconscanlock/unlockorrevive(anexpired)useraccount. Selectauserorusergroupusingthecheck-boxesandclick“Edit”tomakeconfigurations,orclick“Add”toaddnewusersandgroups:

64

Add/EditUser

UserSettingsName Edittheuseraccountname.Description Enteradescriptionoftheuseraccountname

e.g.GuestPortal1Password Specifyapasswordfortheaccount.ConfirmPassword Confirmthepasswordfortheaccount. UserGroup Assigntheuseraccounttoausergroupsoit

canbeutilizedbytheguestportal.

Add/EditUserGroup

UserGroupSettingsName Edittheusergroupname.Description Enteradescriptionoftheusergroupname

e.g.FrontDeskorGuestUsers.RoleType SelectwhetherthegroupisforGuestPortal

usersorFrontDeskmanagers.Members Selectwhichuseraccountstoincludeinthe

group.

65

IV-5-7.GuestPortal

Displaysinformationaboutguestportalsandallowsyoutoeditguestportalsettings.GuestportalsrequireuserstobecreatedatNMSSettings! Users.Whenaguestportalisenabled,userswhoconnecttotheGuestSSIDwillautomaticallyarriveatthecustomizableguestportalpage.Fromthereauseraccountloginisrequiredtoaccessthenetwork.TheseuseraccountsarecreatedandgroupedatNMSSettings! Users,andthenselectedastheAuthenticationUserGrouphere.TheguestportalalsogeneratesaFrontDeskURLwhichallowsstaff/adminstologinandquicklycreate/manageuseraccountsandexpirytimes,andgenerate&printticketswithlogincredentialstogivetoguestusers.Thesestaff/adminaccountsarecreatedandgroupedatNMSSettings! UsersandthenselectedastheFrontDeskUserGrouphere.

GuestPortalSettingsIdleTimeout Specifyadurationofidletimeafterwhichthe

guestportalwilltimeout.LoginPasswordRetryLockout

Specifynumberofincorrectloginattemptsbeforetheuseraccountislocked.

66

IV-5-7-1. Add/EditGuestPortal

Addaguestportaloreditanexistingguestportalforusewiththeguestnetwork.

GuestPortalSettingsName Editthenameoftheguestportalfor

reference.Description Enteradescriptionoftheguestportalfor

reference.GuestPortalType Selectaguestportaltype.Referbelowfor

moreinformationaboutavailabletypes.AuthenticationServer

Selectanauthenticationserver:LocalDatabaseisthedefaultsetting.

FrontDeskUserGroup

Selectausergroupforfrontdeskaccess.

FrontDeskGenerationURL

DisplaystheURLofyourFrontDeskpage.Seebelowformoreinformation.

FrontDeskPrintoutMessage

EditthecontentofFrontDeskprintoutticket.Referbelowformoreinformation.

AuthenticationUserGroup

Selectausergroupforlogintotheguestnetwork.

LandingPage Specifyalandingpageforusersaftersuccessfullogin.

67

IV-5-7-1-1.FrontDeskURL

GotothisURLinawebbrowserandmembersoftheFrontDeskUserGroupcanlogintocreateguestaccounts,setexpirylimitsandprintouttickets.

GuestPortalTypeDynamicmustbeselectedtouseFrontDesk.

1. LoginwithanaccountfromtheFrontDeskUserGroup(NMSSettings! Users).

2. TheGuestAccountWizardallowsyoutosetupanewuseraccountand

configurethevalidperiod&SSID,oruploadabulkguestlistin.csvformat.ClickNexttocontinue.

68

3. Asummaryofthenewaccount(s)isdisplayedwithquicklinkstoprintticketsforindividualorallnewaccounts.

4. TheGuestAccountMonitordisplaysallguestaccountsalongwithstatusandquickactioniconstoprint,reviveexpiredaccountsorlock/unlock(disable/enable)accounts.Yellow: ExpiredRed: LockedGrey: LoggedoutGreen: Active

Mouseoverastatusoractioniconforadescription,andusethearrowstoreorderthelistaccordingtoS/NorStatus.

Anytimeyouchoosetoprintaccount(s)yourbrowserwillopenaprintdialogboxwhereyoucanselectyourprintdestinationandconfigureprintsettingsasusual:

69

IV-5-7-1-2. FrontDeskPrintout

EditandpreviewthecontentoftheFrontDeskprintoutinthetextboxusingthevariableslistedintheDefinitionTable.E.g.(USERNAME)willdisplayontheprintoutasthespecifiedusername.

GuestPortalTypeDynamicmustbeselectedtouseFrontDesk.

70

IV-5-7-1-3.GuestPortalType

Fourtypesofguestportalareavailablefromthedropdownmenu:

Free Redirectsuserstothespecifiedlandingpage,withnouserloginrequired.

ServiceLevelAgreement Requiresuserstoaccepttermsandconditions,

withnouserloginrequired.StaticUsers Requiresuserloginandaccepttermsand

conditions.UsersmustbecreatedinNMSatNMSSettings! Users.FrontDeskisnotused.

DynamicUsers Requiresuserloginandaccepttermsand

conditions.AllowsFrontDesktocreateuseraccountsinadditiontoNMS.

71

IV-5-7-1-4.GuestPortalCustomization

Guestportalcustomizationvariesaccordingtoguestportaltype.ClickEdittomakechanges.

LoginPortalSettingsHeaderImage Selectan800x200headerimage.LogoImage Selecta200x50logoimage.TitleMessage Enteratitlemessagefortheguestportal

page.BackgroundColor SpecifyabackgroundcolorasaHEXvalue. TermsofUse Enteryourtermsofuse.

72

IV-5-8.ZoneEdit

ZoneEditdisplaysinformationaboutzonesforusewiththeZonePlanfeatureandallowsyoutoaddoreditzones.Thesearchfunctioncanbeusedtofindexistingzones.Typeinthesearchboxandthelistwillupdate:

Makeaselectionusingthecheck-boxesandclick“Edit”orclick“Add”toaddanewzone.

73

Add/EditZone

UploadZoneImageChooseFile Clicktolocateanimagefiletobedisplayedas

amapintheZonePlanfeature.Typicallyafloorplanimageisuseful.

ZoneSettingName/Location Enteranameofthezone/location.Description Enteradescriptionofthezone/locationfor

reference.Members Assignaccesspointstothespecified

zone/locationforusewiththeZonePlanfeature.

74

IV-5-9.ScheduleYoucandefineschedulesaccordingtoday,starttimeandendtime-andgroupmultipleschedulestogetherintoschedulegroups.SchedulegroupscanbeassignedtoWLANs,WLANGroups&GuestNetworkatNMSSettings! WLANandNMSSettings! GuestNetwork.

Add/EditScheduleUsethecheckboxesanddrop-downmenustosetupyourschedule.

75

Add/EditScheduleGroup

WLANGroupSettingsName Edittheschedulegroupname.Description Enteradescriptionoftheschedulegroupfor

reference.Members Selectindividualschedulestoincludeinthe

schedulegroupusingthecheckboxes.

76

IV-5-10. SmartRoaming

SmartRoamingenablesyoutosetuptheRoaminggroupsandtheUsedWLANSSID,WANGroupandAPNumber.Beforesetuptheroaminggroup,theWLANSettingsneedtobeconfiguredfirst.Forexample,pleaseclickNMSSettings>>WLAN,check2.4GHzSSID,andthenclickEdit.

Configure802.11kasEnable.Pleasenote,don'tconfiguretheAuthenticationasOPEN.ThenclickSaveandApply.Pleasewaitabout3minutes.

77

RoamingGroupSettingProcedure:

(1) EnterNameofthissetting.(2) Enter4characteristicsonMobilityDomain. (3) Enter32characteristicsonEncryptionKey. (4) SelectWLANGroup,andselectWLAN. (5) ItwilldisplayAPsusingthisWLANSetting. (6) ClickEditiconon1stAP. (7) Enter2ndAPMACAddress,clickSaveandClose.(8) ClickEditiconon2ndAP. (9) Enter1stAPMACAddress,clickSaveandClose.

78

Then,clickSaveandApply,andwaitabout3minutes.Congratulations,youhaveconfigured802.11rand802.11ksuccessfully.

IV-5-11. DeviceMonitoring

DevicemonitoringenablesyoutospecifyandmonitorthestatusanyIPdevicesonthenetworksuchasIPcameras.Thedescriptionandstatusofeachdeviceisdisplayedinthetable.

AddorEditIPdevicesbyenteringtheIPaddress.

79

IV-5-12. FirmwareUpgradeFirmwareUpgradeallowsyoutoupgradefirmwaretoAccessPointGroups.First,uploadthefirmwarefilefromalocaldiskorexternalFTPserver:locatethefileandclick“Upload”or“Check”.ThetablebelowwilldisplaytheFirmwareName,FirmwareVersion,NMSVersion,ModelandSize.Thenclick“UpgradeAll”toupgradeallaccesspointsintheArrayorselectAccessPointgroupsfromthelistusingcheck-boxesandclick“UpgradeSelected”toupgradeonlyselectedaccesspoints.

80

IV-5-13. Advanced

IV-5-13-1. SystemSecurityConfiguretheNMSsystemnameandsecuritykeyforcommunicationbetweenAPControllerandManagedAPs.

V-5-13-2. Date&TimeConfigurethedate&timesettingsoftheAPArray.Thedateandtimeoftheaccesspointscanbeconfiguredmanuallyorcanbesynchronizedwithatimeserver.

DateandTimeSettingsLocalTime Settheaccesspoint’sdateandtimemanually

usingthedropdownmenus.AcquireCurrentTimefromyourPC

Click“AcquireCurrentTimefromYourPC”toentertherequiredvaluesautomaticallyaccordingtoyourcomputer’scurrenttimeanddate.

81

NTPTimeServerUseNTP TheaccesspointalsosupportsNTP(Network

TimeProtocol)forautomatictimeanddatesetup.

ServerName EnterthehostnameorIPaddressofthetimeserverifyouwish.

UpdateInterval Specifyafrequency(inhours)fortheaccesspointtoupdate/synchronizewiththeNTPserver.

TimeZoneTimeZone Selectthetimezoneofyourcountry/region.If

yourcountry/regionisnotlisted,pleaseselectanothercountry/regionwhosetimezoneisthesameasyours.

V-5-13-3. SystemAccountsImporttheAPIKeywhichwasreceivedGoogleDevelopers.ThisisfortheOnlineMapfeatureinZonePlanpage.GraphicalzoneplanswithGoogleMapsintegrationandsetupwizardsareavailableforexpandingandmanaginglargenetworkswithmultipleaccesspointsNote: Pleasegotohttps://console.developers.google.com/flows/enableapi?apiid=maps_backend&keyType=CLIENT_SIDE&reusekey=truetoapplyforanAPIkeyfirsttoutilizethisfeatureset.

83

IV-6. LocalNetwork

IV-6-1.NetworkSettings

IV-6-1-1. LAN-SideIPAddressThe“LAN-sideIPaddress”pageallowsyoutoconfigureyourAPControlleronyourLocalAreaNetwork(LAN).YoucanenabletheaccesspointtodynamicallyreceiveanIPaddressfromyourrouter’sDHCPserveroryoucanspecifyastaticIPaddressforyouraccesspoint,aswellasconfigureDNSservers.YoucanalsosetyourAPControllerasaDHCPservertoassignIPaddressestootherdevicesonyourLAN.

LAN-sideIPAddressIPAddressAssignment

Select“StaticIP”tomanuallyspecifyastatic/fixedIPaddressforyouraccesspoint.Select“DHCPClient”foryouraccesspointtobeassignedadynamicIPaddressfromyourrouter’sDHCPserver,orselect“DHCPServer”foryouraccesspointtoactasaDHCPserverandassignIPaddressesonyourLAN.

StaticIPAddressIPAddress SpecifytheIPaddresshere.ThisIPaddress

willbeassignedtoyouraccesspointandwillreplacethedefaultIPaddress.

SubnetMask Specifyasubnetmask.Thedefaultvalueis255.255.255.0

DefaultGateway ForDHCPusers,select“FromDHCP”togetdefaultgatewayfromyourDHCPserveror

84

“User-Defined”toenteragatewaymanually.ForstaticIPusers,thedefaultvalueisblank.

PrimaryDNSAddress

ForstaticIPusers,thedefaultvalueisblank.

SecondaryDNSAddress

ForstaticIPusers,thedefaultvalueisblank.

DHCPClientIPAddress When“DHCPClient”isselectedthisvalue

cannotbemodified.SubnetMask When“DHCPClient”isselectedthisvalue

cannotbemodified.DefaultGateway Select“FromDHCP”orselect“User-Defined”

andenteradefaultgateway.PrimaryDNSAddress

Select“FromDHCP”orselect“User-Defined”andenteraprimaryDNSaddress.

SecondaryDNSAddress

Select“FromDHCP”orselect“User-Defined”andenterasecondaryDNSaddress.

85

DHCPServerIPAddress SpecifytheIPaddresshere.ThisIPaddress

willbeassignedtoyouraccesspointandwillreplacethedefaultIPaddress.

SubnetMask Specifyasubnetmask.Thedefaultvalueis255.255.255.0

IPAddressRange EnterthestartandendIPaddressoftheIPaddressrangewhichyouraccesspoint’sDHCPserverwillassigntodevicesonthenetwork.

DomainName Enteradomainname.LeaseTime Selectaleasetimefromthedropdown

menu.IPaddresseswillbeassignedforthisperiodoftime.

DefaultGateway Enteradefaultgateway.PrimaryDNSAddress

EnteraprimaryDNSaddress.

SecondaryDNSAddress

EnterasecondaryDNSaddress.

Youraccesspoint’sDHCPservercanbeconfiguredtoassignstatic(fixed)IPaddressestospecifiednetworkdevices,identifiedbytheiruniqueMACaddress:

DHCPServerStaticIPAddressMACAddress EntertheMACaddressofthenetworkdevice

86

tobeassignedastaticIPaddress.IPAddress SpecifytheIPaddresstoassignthedevice.Add ClicktoassigntheIPaddresstothedevice.

IV-6-1-2. LANPortSettingsThe“LANPort”pageallowsyoutoconfigurethesettingsforyourAPControllerswiredLAN(Ethernet)ports.

WiredLANPort IdentifiesLANport1or2.Enable Enable/disablespecifiedLANport.Speed&Duplex Selectaspeed&duplextypeforspecifiedLAN

port,orusethe“Auto”value.LANportscanoperateupto1000Mbpsandfull-duplexenablessimultaneousdatapacketstransfer/receive.

FlowControl Enable/disableflowcontrol.Flowcontrolcanpausenewsessionrequestuntilcurrentdataprocessingiscomplete,inordertoavoiddeviceoverloadsunderheavytraffic.

802.3az Enable/disable802.3az.802.3azisanEnergyEfficientEthernetfeaturewhichdisablesunusedinterfacestoreducepowerusage.

87

IV-6-1-3. VLANThe“VLAN”(VirtualLocalAreaNetwork)pageenablesyoutoconfigureVLANsettings.AVLANisalocalareanetworkwhichmapsworkstationsvirtuallyinsteadofphysicallyandallowsyoutogrouptogetherorisolateusersfromeachother.VLANIDs1–4094aresupported.

VLANIDsintherange1–4094aresupported.

VLANInterfaceWiredLANPort/Wireless

IdentifiesLANport1or2andwirelessSSIDs(2.4GHzor5GHz).

VLANMode Select“TaggedPort”or“UntaggedPort”forspecifiedLANinterface.

VLANID SetaVLANIDforspecifiedinterface,if“UntaggedPort”isselected.

ManagementVLANVLANID SpecifytheVLANIDofthemanagementVLAN.

OnlythehostsbelongingtothesameVLANcanmanagethedevice.

88

IV-6-2.2.4GHz11bgn(NotavailableontheWLC-6404)The“2.4GHz11bgn”menuallowsyoutoviewandconfigureinformationforyouraccesspoint’s2.4GHzwirelessnetworkacrossfourcategories:Basic,Advanced,SecurityandWDS.

IV-6-2-1. BasicThe“Basic”screendisplaysbasicsettingsforyouraccesspoint’s2.4GHzWi-Finetwork(s).

Whenautochannelisdisabled,selectawirelesschannelmanually:

Channel Selectawirelesschannelfrom1–11.ChannelBandwidth Setthechannelbandwidth:20MHz(lower

performancebutlessinterference),40MHz(higherperformancebutpotentiallyhigherinterference)orAuto(automaticallyselectbasedoninterferencelevel).


89

IV-6-2-2. Advanced



ContentionSlot Select“Short”or“Long”–thisvalueisusedfor





90




FragmentThreshold





Stationidletimeout


91

IV-6-2-3. Security

Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.



SSID SelectwhichSSIDtoconfiguresecuritysettingsfor.

BroadcastSSID EnableordisableSSIDbroadcast.Whenenabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID.


Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords.

92



Selectanauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod.


Selectanadditionalauthenticationmethodfromthedropdownmenuandrefertotheinformationbelow(IV-6-2-3-6.)appropriateforyourmethod.

IV-6-2-3-1. NoAuthentication

Authenticationisdisabledandnopassword/keyisrequiredtoconnecttotheaccesspoint.

Disablingwirelessauthenticationisnotrecommended.Whendisabled,anybodywithinrangecanconnecttoyourdevice’sSSID.

IV-6-2-3-2. WEP

WEP(WiredEquivalentPrivacy)isabasicencryptiontype.ForahigherlevelofsecurityconsiderusingWPAencryption.

KeyLength Select64-bitor128-bit.128-bitismoresecurethan64-bitandisrecommended.

KeyType Choosefrom“ASCII”(anyalphanumericalcharacter0-9,a-zandA-Z)or“Hex”(anycharactersfrom0-9,a-fandA-F).

DefaultKey Selectwhichencryptionkey(1–4below)isthedefaultkey.Forsecuritypurposes,youcansetuptofourkeys(below)andchangewhichisthedefaultkey.

EncryptionKey1–4

Enteryourencryptionkey/passwordaccordingtotheformatyouselectedabove.

93

IV-6-2-3-3. IEEE802.1x/EAP

KeyLength Select64-bitor128-bit.128-bitismoresecurethan64-bitandisrecommended.

IV-6-2-3-4. WPA-PSK

WPA-PSKisasecurewirelessencryptiontypewithstrongdataprotectionanduserauthentication,utilizing128-bitencryptionkeys.

WPAType SelectfromWPA/WPA2MixedMode-PSK,WPA2orWPAonly.WPA2issaferthanWPAonly,butnotsupportedbyallwirelessclients.Pleasemakesureyourwirelessclientsupportsyourselection.

Encryption Select“TKIP/AESMixedMode”or“AES”encryptiontype.

KeyRenewalInterval

Specifyafrequencyforkeyrenewalinminutes.

Pre-SharedKeyType

Choosefrom“Passphrase”(8–63alphanumericcharacters)or“Hex”(upto64charactersfrom0-9,a-fandA-F).

Pre-SharedKey Pleaseenterasecuritykey/passwordaccordingtotheformatyouselectedabove.

IV-6-2-3-5. WPA-EAP

WPAType SelectfromWPA/WPA2MixedMode-EAP,WPA2-EAPorWPA-EAP.

Encryption Select“TKIP/AESMixedMode”or“AES”encryptiontype.

KeyRenewalInterval

Specifyafrequencyforkeyrenewalinminutes.

WPA-EAPmustbedisabledtouseMAC-RADIUSauthentication.

94

IV-6-2-3-6. AdditionalAuthentication

Additionalwirelessauthenticationmethodscanalsobeused:MACAddressFilterRestrictwirelessclientsaccessbasedonMACaddressspecifiedintheMACfiltertable.

SeeIV-6-6.MACFiltertoconfigureMACfiltering.MACFilter&MAC-RADIUSAuthenticationRestrictwirelessclientsaccessusingbothoftheaboveMACfiltering&RADIUSauthenticationmethods.MAC-RADIUSAuthenticationRestrictwirelessclientsaccessbasedonMACaddressviaaRADIUSserver,orpasswordauthenticationviaaRADIUSserver.

SeeIV-6-5.RADIUStoconfigureRADIUSservers.

WPSmustbedisabledtouseMAC-RADIUSauthentication.SeeIV-6-4.forWPSsettings.

MACRADIUSPassword

SelectwhethertouseMACaddressorpasswordauthenticationviaRADIUSserver.Ifyouselect“Usethefollowingpassword”,enterthepasswordinthefieldbelow.Thepasswordshouldmatchthe“SharedSecret”usedinIV-6-5.RADIUS.

95

IV-6-2-4. WDS

WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogetherinanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.

WhenusingWDS,configuretheIPaddressofeachaccesspointtobeinthesamesubnetandensurethereisonlyoneactiveDHCPserveramongconnectedaccesspoints,preferablyontheWANside.

WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.Allaccesspointsshouldusethesamewirelesschannelandencryptionmethod.

96

2.4GHzWDSFunctionality Select“WDSwithAP”touseWDSwithaccess

pointor“WDSDedicatedMode”touseWDSandalsoblockcommunicationwithregularwirelessclients.WhenWDSisused,eachaccesspointshouldbeconfiguredwithcorrespondingMACaddresses,wirelesschannelandwirelessencryptionmethod.

LocalMACAddress DisplaystheMACaddressofyouraccesspoint.

WDSPeerSettingsWDS# EntertheMACaddressforuptofourother

WDSdevicesyouwishtoconnect.

WDSVLANVLANMode SpecifytheWDSVLANmodeto“Untagged

Port”or“TaggedPort”.VLANID SpecifytheWDSVLANIDwhen“Untagged

Port”isselectedabove.

WDSEncryptionmethodEncryption Selectwhethertouse“None”or“AES”

encryptionandenterapre-sharedkeyforAESconsistingof8-63alphanumericcharacters.

97

IV-6-3. 5GHz11ac11an(NotavailableontheWLC-6404)

The“5GHz11ac11an”menuallowsyoutoviewandconfigureinformationforyouraccesspoint’s5GHzwirelessnetworkacrossfourcategories:Basic,Advanced,SecurityandWDS.

IV-6-3-1. Basic

The“Basic”screendisplaysbasicsettingsforyouraccesspoint’s5GHzWi-Finetwork(s).

Wireless Enableordisabletheaccesspoint’s5GHzwirelessradio.Whendisabled,no5GHzSSIDswillbeactive.

Band Selectthewirelessstandardusedforthe

98

accesspoint.Combinationsof802.11a,802.11n&802.11accanbeselected.

EnableSSIDNumber SelecthowmanySSIDstoenableforthe5GHzfrequencyfromthedropdownmenu.Amaximumof16canbeenabled.

SSID# EntertheSSIDnameforthespecifiedSSID(upto16).TheSSIDcanconsistofanycombinationofupto32alphanumericcharacters.

VLANID SpecifyaVLANIDforeachSSID.AutoChannel Enable/disableautochannelselection.Auto

channelselectionwillautomaticallysetthewirelesschannelfortheaccesspoint’s5GHzfrequencybasedonavailabilityandpotentialinterference.Whendisabled,selectachannelmanuallyasshowninthenexttable.

AutoChannelRange Selectarangefromwhichtheautochannelsetting(above)willchooseachannel.

AutoChannelInterval

Specifyafrequencyforhowoftentheautochannelsettingwillcheck/reassignthewirelesschannel.Check/uncheckthe“Changechannelevenifclientsareconnected”boxaccordingtoyourpreference.

ChannelBandwidth Setthechannelbandwidth:20MHz(lowerperformancebutlessinterference),Auto40/20MHzorAuto80/40/20MHz(automaticallyselectbasedoninterferencelevel).


Whenautochannelisdisabled,selectawirelesschannelmanually:

Channel Selectawirelesschannel.ChannelBandwidth Setthechannelbandwidth:20MHz(lower

performancebutlessinterference),Auto40/20MHzorAuto80/40/20MHz(automaticallyselectbasedoninterferencelevel).

99


IV-6-3-2. Advanced



GuardInterval Settheguardinterval.Ashorterintervalcan

improveperformance.802.11nProtection Enable/disable802.11nprotection,which

increasesreliabilitybutreducesbandwidth(clientswillsendRequesttoSend(RTS)toaccesspoint,andaccesspointwillbroadcastCleartoSend(CTS),beforeapacketissentfromclient.)



FragmentThreshold



100

TxPower Setthepoweroutputofthewirelessradio.Youmaynotrequire100%outputpower.Settingalowerpoweroutputcanenhancesecuritysincepotentiallymalicious/unknownusersindistantareaswillnotbeabletoaccessyoursignal.


Stationidletimeout


IV-6-3-3. Security

Theaccesspointprovidesvarioussecurityoptions(wirelessdataencryption).Whendataisencrypted,informationtransmittedwirelesslycannotbereadbyanyonewhodoesnotknowthecorrectencryptionkey.



SSID SelectwhichSSIDtoconfiguresecuritysettingsfor.

101

BroadcastSSID EnableordisableSSIDbroadcast.Whenenabled,theSSIDwillbevisibletoclientsasanavailableWi-Finetwork.Whendisabled,theSSIDwillnotbevisibleasanavailableWi-Finetworktoclients–clientsmustmanuallyentertheSSIDinordertoconnect.Ahidden(disabled)SSIDistypicallymoresecurethanavisible(enabled)SSID.


Enableordisablewirelessclientisolation.Wirelessclientisolationpreventsclientsconnectedtotheaccesspointfromcommunicatingwitheachotherandimprovessecurity.Typically,thisfunctionisusefulforcorporateenvironmentsorpublichotspotsandcanpreventbruteforceattacksonclients’usernamesandpasswords.



Selectanauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod.


Selectanadditionalauthenticationmethodfromthedropdownmenuandrefertotheinformationbelowappropriateforyourmethod.

PleasereferbacktoIV-6-2-3.Securityformoreinformationonauthenticationandadditionalauthenticationtypes.

102

IV-6-3-4. WDS

WirelessDistributionSystem(WDS)canbridge/repeataccesspointstogetherinanextendednetwork.WDSsettingscanbeconfiguredasshownbelow.

WhenusingWDS,configuretheIPaddressofeachaccesspointtobeinthesamesubnetandensurethereisonlyoneactiveDHCPserveramongconnectedaccesspoints,preferablyontheWANside.

WDSmustbeconfiguredoneachaccesspoint,usingcorrectMACaddresses.Allaccesspointsshouldusethesamewirelesschannelandencryptionmethod.

5GHzWDSModeWDSFunctionality Select“WDSwithAP”touseWDSwithaccess

pointor“WDSDedicatedMode”touseWDSandalsoblockcommunicationwithregularwirelessclients.WhenWDSisused,eachaccesspointshouldbeconfiguredwithcorrespondingMACaddresses,wirelesschannelandwirelessencryptionmethod.

LocalMACAddress DisplaystheMACaddressofyouraccesspoint.

103

WDSPeerSettingsWDS# EntertheMACaddressforuptofourother

WDAdevicesyouwishtoconnect.

WDSVLANVLANMode SpecifytheWDSVLANmodeto“Untagged

Port”or“TaggedPort”.VLANID SpecifytheWDSVLANIDwhen“Untagged

Port”isselectedabove.

WDSEncryptionEncryption Selectwhethertouse“None”or“AES”

encryptionandenterapre-sharedkeyforAESwith8-63alphanumericcharacters.

IV-6-4.WPS(NotavailableontheWLC-6404)

Wi-FiProtectedSetupisasimplewaytoestablishconnectionsbetweenWPScompatibledevices.WPScanbeactivatedoncompatibledevicesbypushingaWPSbuttononthedeviceorfromwithinthedevice’sfirmware/configurationinterface(knownasPBCor“PushButtonConfiguration”).WhenWPSisactivatedinthecorrectmannerandatthecorrecttimefortwocompatibledevices,theywillautomaticallyconnect.“PINcodeWPS”isavariationofPBCwhichincludestheadditionaluseofaPINcodebetweenthetwodevicesforverification.

Pleaserefertomanufacturer’sinstructionsforyourotherWPSdevice.

104

WPS Check/uncheckthisboxtoenable/disableWPSfunctionality.WPSmustbedisabledwhenusingMAC-RADIUSauthentication(seeIV-6-2-3-6.&IV-6-5).

ProductPIN DisplaystheWPSPINcodeofthedevice,used

forPINcodeWPS.Youwillbere

NMS USER MANUAL - ComtrendDescriptions of the functions of each main panel Dashboard, Zone Plan, NMS...

Documents

Transcript of NMS USER MANUAL - ComtrendDescriptions of the functions of each main panel Dashboard, Zone Plan, NMS...