Linksys LAPAC1750 User Manual
  1. Manuals
  2. Brands
  3. Linksys Manuals
  4. Wireless Access Point
  5. LAPAC1750
  6. User manual

Linksys LAPAC1750 User Manual

Dual-band wireless access point
Hide thumbs Also See for LAPAC1750:
Table of Contents

Advertisement

Quick Links

User Guide
AC1750 Dual-Band
Wireless Access Point
LAPAC1750
1

Advertisement

Table of Contents
loading

Related Manuals for Linksys LAPAC1750

Summary of Contents for Linksys LAPAC1750

  • Page 1 User Guide AC1750 Dual-Band Wireless Access Point LAPAC1750...

  • Page 2: Table Of Contents

    Contents Chapter 1 – Quick Start Guide ................4 Package Contents ........................... 4 Physical Details ............................4 Mounting Guide ............................5 Chapter 2 – Quick Start ..................7 Overview ..............................7 Setup using a web browser ........................7 Setup Wizard ............................. 8 Chapter 3 –...
  • Page 3 Appendix C - PC and Server Configuration ..........104 Overview ............................... 104 Using WEP ............................104 Using WPA2-PSK ..........................105 Using WPA2-Enterprise ........................105 802.1x Server Setup (Windows 2000 Server) ............... 106 802.1x Client Setup on Windows XP ..................117 Using 802.1x Mode (without WPA) ..................... 123...

  • Page 4: Chapter 1 - Quick Start Guide

    Chapter 1 -- - Quick Start Guide Package Contents Linksys Wireless Access Point • • Quick Start Guide • Ethernet Cable • AC Power Adapter • CD with Documentation • Mounting Bracket Mounting Kit • • Ceiling Mount Back Plate •...

  • Page 5: Mounting Guide

    Ethernet Port—Connect a wired network device to this port. This port supports PoE (Power over Ethernet) with a PoE switch or PoE injector. LAPAC1750 can be powered on from an 802.3at (PoE+) compliance source. Using CAT5e or better cable is highly recommended.
  • Page 6 6. Connect the Ethernet cable and/or AC power adapter to your device 7. Slide the device into the bracket. Turn access point clockwise until it locks. IMPORTANT—Improper or insecure mounting could result in damage to the device or personal injury. Linksys is not responsible for damages caused by improper mounting.

  • Page 7: Chapter 2 - Quick Start

    Chapter 2 -- - Quick Start Overview This chapter describes the setup procedure to connect the wireless access point to your LAN, and configure it as an access point for your wireless stations. Wireless stations may also require configuration. For details, see Appendix C - Wireless Station Configuration 104).

  • Page 8: Setup Wizard

    If you can't connect: It is likely that your PC’s IP address is incompatible with the wireless access point’s IP address. This can happen if your LAN does not have a DHCP Server. If there is no DHCP server in your network, the access point will fall back to its default IP address: 192.168.1.252, with a network mask of 255.255.255.0.
  • Page 9 2. On the first screen, click Launch... 3. Set the password on the Device Password screen, if desired. 4. Configure the time zone, date and time for the device on System Settings screen. Static Automatic 5. On the IPv4 Address screen configure the IP address of the device ( then click Next.
  • Page 10 6. Set the SSID information on the Wireless Network screen. Click Next. If you want to configure more than four SSIDs, go to Configuration > Wireless > Basic Settings. The access point supports up to eight SSIDs per radio. 7. On the Wireless Security Screen, configure the wireless security settings for the device. Click Next.
  • Page 11 8. On the Summary screen, check the data to make sure they are correct and then click Submit to save the changes. 9. Click Finish to leave the wizard.

  • Page 12: Chapter 3 - Configuration

    Chapter 3 -- - Configuration Administration User Accounts Go to Configuration > Administration and select User Accounts to manage user accounts. The access point supports up to five users: one administrator and four normal users.
  • Page 13 User Account Table User Name Enter the User Name to connect to the access point’s admin interface. User Name is effective once you save settings. User Name can include up to 63 characters. Special characters are allowed. User Level Only administrator account has Read/Write permission to the access point’s admin interface.

  • Page 14: Log Settings

    Time Current Time Display current date and time of the system. Manually Set date and time manually. Automatically When enabled (default setting) the access point will get the current time from a public time server. Time Zone Choose the time zone for your location from the drop-down list.
  • Page 16 Log Types Log Types Select events to log. Checking all options increase the size of the log, so enable only events you believe are required. Email Alert Email Alert Enable email alert function. SMTP Server Enter the e-mail server that is used to send logs. It can be an IPv4 address or a domain name.

  • Page 17: Management Access

    Management Access Management Access Go to Configuration > Administration and select page to configure the management methods of the access point.
  • Page 18 Web Access HTTP HTTP (Hyper Text Transfer Protocol) is the standard for transferring files (text, graphic images and other multimedia files) on the World Wide Web. Enable to allow Web access by HTTP protocol. HTTP Port Specify the port for HTTP. It can be 80 (default) or from 1024 to 65535.
  • Page 19 Location Enter the area or location where the access point resides. The location includes 1 to 32 characters. Special characters are allowed. SNMP v1/v2 Settings Get Community Enter the name of Get Community. Get Community is used to read data from the access point and not for writing data into the access point.

  • Page 20: Ssl Certificate

    SSL Certificate Go to Configuration > Administration and select SSL Certificate to manage the SSL certificate used by HTTPS.

  • Page 21: Lan

    Export/Restore to/from Local PC Click to export the SSL certificate. Export SSL Certificate Browse to choose the certificate file. Click Install Install Certificate Certificate. Export to TFTP Server Enter the name of the destination file. Destination File Enter the IP address for the TFTP server. Only support TFTP Server IPv4 address here.
  • Page 23 TCP/IP Host Name Assign a host name to this access point. Host name consists of 1 to 15 characters. Valid characters include A-Z, a-z, 0-9 and -. Character cannot be first and last character of hostname and hostname cannot be composed of all digits. VLAN Enables or disables VLAN function.
  • Page 24 Advanced Go to Configuration > LAN > Advanced this screen to configure advanced network settings of the access point.
  • Page 25 Port Settings Auto If enabled, Port Speed and Duplex Mode will become grey and cannot be configured. If disabled, Port Speed and Negotiation Duplex Mode can be configured. Operational Current Auto Negotiation mode of the Ethernet port. Auto Negotiation Port Speed Select the speed of the Ethernet port.
  • Page 26 Authentication This feature supports following two kinds of authentication: • Authentication via MAC Address Select this if you want to use MAC Address for authentication. The access point uses lowercase MAC address for Name and Password, like xxxxxxxxxxxx. • Authentication via Name and Password Select this if you want to use name and password for authentication.

  • Page 27: Wireless

    IGMP IGMP (Internet Group Management Protocol) is a communications protocol used by hosts and adjacent Snooping routers on IP networks to establish multicast group memberships. IGMP is an integral part of IP multicast. IGMP snooping streamlines multicast traffic handling by examining (snooping) IGMP membership report messages from interested hosts, multicast traffic is limited to the subset of ports on which the hosts reside.
  • Page 29 Basic Wireless Settings Wireless Select the wireless radio from the list. Radio Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Enable Radio Enable or disable the wireless radio. Wireless Select the desired option for radio 1: Mode G only - allow connection by 802.11G wireless stations only.
  • Page 30 Broadcast Enable or disable the broadcast of the SSID. When the access point does not broadcast its SSID, the network name is not shown in the list of available networks on a client station. Instead, you must enter the exact network name manually into the wireless connection utility on the client so that it can connect.
  • Page 31 Security Select SSID Select the desired SSID from the drop-down list. Security Mode Select the desired security method from the list. Security Mode • Disabled - No security. Anyone using the correct SSID can connect to your network. • WEP - The 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong.
  • Page 32 Each user's wireless client must support 802.1x and provide the RADIUS authentication data when required. All data transmission is encrypted using the WPA2 AES standard. Keys are automatically generated, so no key input is required. • WPA/WPA2-Enterprise – This method, sometimes called Mixed Mode, allows clients to use either WPA-Enterprise (with TKIP) or WPA2-Enterprise (with AES).
  • Page 33 Authentication Select Open System or Shared Key. All wireless stations must use the same method. Default Select a transmit key. Transmit Key WEP Encryption Select an encryption option, and ensure your wireless stations have the same setting: 64-Bit Encryption - Keys are 10 Hex characters. 128-Bit Encryption - Keys are 26 Hex characters.
  • Page 34 WPA2-Personal WPA Algorithm The encryption method is AES. Wireless stations must also use AES. Pre-shared Key Enter the key value. It is 8 to 63 ASCII characters or 64 HEX characters. Other wireless stations must use the same key. Key Renewal Specify the value of Group Key Renewal.
  • Page 35 WPA/WPA2-Personal WPA Algorithm The encryption method is TKIP or AES. Pre-shared Key Enter the key value. It is 8 to 63 ASCII characters or 64 HEX characters. Other wireless stations must use the same key. Key Renewal Specify the value of Group Key Renewal. It’s a value from 600 to 36000, and default is 3600.
  • Page 37 WPA2-Enterprise Primary Server Enter the IP address of the RADIUS Server on your network. Primary Server Port Enter the port number used for connections to the RADIUS Server. It is a value from 1 to 65534, and default is 1812. Primary Shared Enter the key value to match the RADIUS Server.
  • Page 39 WPA/WPA2-Enterprise Primary Server Enter the IP address of the RADIUS Server on your network. Primary Server Port Enter the port number used for connections to the RADIUS Server. It is a value from 1 to 65534, and default is 1812. Primary Shared Enter the key value to match the RADIUS Server.

  • Page 40: Rogue Ap Detection

    Authentication Server Primary Server Enter the IP address of the RADIUS Server on your network. Primary Server Port Enter the port number used for connections to the RADIUS Server. It is a value from 1 to 65534, and default is 1812. Primary Shared Enter the key value to match the RADIUS Server.
  • Page 42 Radio Wireless Radio Select the desired radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Rogue AP Enable or disable Rogue AP Detection on the selected radio. Detected Rogue AP List Action Click Trust to move the AP to the Trusted AP List.

  • Page 44: Scheduler Association

    Scheduler Wireless Enable or disable wireless scheduler on the radio. It is disabled by default. Scheduler If disabled, even if some SSIDs are associated with profiles, they will be always active. Scheduler Operational Status Status The operational status of the scheduler. Reason The detailed reason for the scheduler operational status.

  • Page 45: Connection Control

    Radio Wireless Radio Select the desired radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Scheduler Association SSID The index of SSID. SSID Name The name of the SSID. Profile Name Choose the profile that is associated with the SSID. If the profile associated with the SSID is deleted, then the association will be removed.

  • Page 47: Rate Limit

    SSID Select the desired SSID from the list. Control Type Select the option from the drop-down list as desired. • Local: Choose either “Allow only following MAC addresses to connect to wireless network” or “Prevent following MAC addresses from connection to wireless network.”...
  • Page 48 Radio Wireless Radio Select the desired radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Rate Limit SSID The index of SSID. SSID Name The name of the SSID. Upstream Enter a maximum upstream rate for the SSID. The range is from 0 to 300 Mbps for Radio 1 and from 0 to 800 Mbps Rate for Radio 2;...
  • Page 50 Go to Configuration > Wireless > WDS (Wireless Distribution System) to expand a wireless network through multiple access points instead of linking them with a wired backbone. WDS only works and interacts with LAPN300, LAPN600, LAPAC1200 or LAPAC1750 devices. The access point can act as WDS Root or WDS Station: •...
  • Page 52 Spanning Tree (recommended if you configure WDS connections) Spanning Tree When enabled, STP helps prevent switching loops. WDS Settings Radio Select the desired radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. WDS Root Interface Enable or Disable the WDS Root.
  • Page 53 Allowed VLAN Enter the list of VLANs accepted by the WDS Root. List When VLAN is enabled, WDS Root receives from WDS Stations only packets in the VLAN list. Packets not in the list will be dropped. The VLAN list is only applicable when VLAN is enabled. The VLAN list includes 1 to 16 VLAN IDs separated by ","...

  • Page 54: Workgroup Bridge

    Remote MAC MAC address of the access point on the other end of the WDS link. Optional Address WDS Station connects to remote WDS Root by matching SSIDs. When there is more than one remote WDS Root with the same SSID, the WDS Station can differentiate them by MAC address.
  • Page 56 Workgroup Bridge Radio Select the desired radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Workgroup Bridge Status Status Enable or disable Workgroup Bridge function. Before configuring Workgroup Bridge, make sure all devices in Workgroup Bridge have the following identical settings.

  • Page 57: Advanced Settings

    Security Mode Select the desired mode from the list. • Disabled • WPA-Personal • WPA2-Personal • WPA-Enterprise • WPA2-Enterprise Advanced Settings Go to Configuration > Wireless > Workgroup Bridge to configure advanced parameters of wireless radios.
  • Page 58 Band Steering Band Steering Enable or disable Band Steering function. Band Steering is a technology that detects whether the wireless client is dual-band capable. If it is, band steering pushes the client to connect to the less- congested 5 GHz network. It does this by actively blocking the client’s attempts to connect with the 2.4GHz network.
  • Page 59 CTS Protection CTS (Clear-To-Send) Protection Mode boosts the access point's ability to catch all Wireless-G Mode transmissions, but it severely decreases performance. By default, CTS Protection Mode is disabled, but the access point will automatically enable this feature when Wireless-G devices are not able to transmit to the access point in an environment with heavy 802.11b traffic.

  • Page 60: Captive Portal

    RTS Threshold Enter the Request to Send (RTS) Threshold value, an integer from 1 to 2347. The default is 2347 octets. The RTS threshold indicates the number of octets in a Medium Access Control Protocol Data Unit (MPDU) below which an RTS/CTS handshake is not performed. Changing the RTS threshold can help control traffic flow through the access point, especially one with a lot of clients.

  • Page 61: Global Configuration

    Captive Portal is a method of securing access to the Internet from within a wireless network. Users must enter authentication credentials before their wireless client devices can access the Internet. Global Configuration Go to Configuration > Captive Portal > Global Configuration to change settings and modify captive portal authentication access port number if needed.
  • Page 62 Captive Portal Enable or Disable Captive Portal function globally. Captive Portal is disabled by default. Authentication The number of seconds the access point keeps an authentication session open with a wireless client. If Timeout the client fails to enter authentication credentials within the timeout period, the client may need to refresh the web authentication page.
  • Page 64 Portal Profiles Captive Portal Select a profile to configure. Profile Protocol Select the protocol used to access the Portal Authentication web server. It can be HTTP or HTTPS. Authentication Select an authentication method for clients. Local - The access point uses a local database to authenticated wireless clients.
  • Page 65 Radius Authentication Primary Server Enter the IP address of the RADIUS Server on your network. Primary Server Port Enter the port number used for connections to the RADIUS Server. Primary Shared Enter the key value to match the RADIUS Server. Secret Backup Server The Backup Authentication Server will be used when...
  • Page 66 User Name Enter the name of the user account. The user name includes 1 to 32 characters. Special characters except ':' and ';' are allowed. Password Enter the password of the user account. The password must be between 4 and 32 characters in length.

  • Page 67: Web Customization

    Group Name Enter the name of the new group. The group name includes 1 to 32 characters. Special characters except ':' and ';' are allowed. Click Add. Group Selection Select one group to delete or configure its user members. Members User members of the selected group.
  • Page 69 Profile Select a profile to configure. New Logo Upload Logos display in the web page. Select an image file from your local PC and click Upload. Formats .gif, .png and .jpg are supported. File size cannot exceed 5KB. One profile can support one default and one new logo image.
  • Page 70 Terms of Use Customize the text to go with Terms of Use. Enter up to 512 characters. The default is "Terms of Use". Success Text Customize the text that shows when the client has been authenticated. The default is "You have logged on successfully! Please keep this window open when using the wireless network."...

  • Page 71: Client Information

    SSID A list of available SSIDs. SSID Name The name of the SSID. Profile Name Choose the profile that is associated with the SSID. If the profile associated with the SSID is deleted, then the association will be removed. None is selected, it means no profile is associated.

  • Page 72: Cluster

    The access points within a cluster must have the same management VLAN configured. A cluster can support 16 LAPAC1750 access points as long as they are same model number. In each cluster, one access point must be manually configured as the master access point. There can only be one master in a cluster.
  • Page 73 When firmware is upgraded on the master, all slaves within the same cluster will receive the upgrade. Clustered access points share these configurations: • User Accounts • SSID Settings • Rate Limit Time Settings Wireless Security • • • • Log Settings •...
  • Page 74 Settings & Status Configuration > Cluster > Settings & Status Go to to manage the AP cluster function. Choose a member type. Type Disabled—Disable the cluster function. Master—Enable the cluster function and assign the access point to be the master. Note—...
  • Page 75 Master...
  • Page 76 Status Disabled—Cluster function is disabled. Active—Cluster function is enabled and master is active. Active (Backup Master)—Cluster function is enabled and backup master is active. Inactive (Cannot reach the master)—Cluster function is enabled but it's inactive because device cannot reach the master. Member Number Number of the members active in the cluster.

  • Page 77: Channel Management

    The session is the period of time in which a user on a client device (station) with a unique MAC address maintains a connection with the wireless network. The session begins when the WLAN client logs on to the network, and the session ends when the WLAN client either logs off intentionally or loses the connection for some other reason.
  • Page 78 When channel management is enabled, the access point automatically assigns radio channels within a cluster. Auto channel assignment reduces mutual interference (or interference with other access points outside of its cluster) and maximizes Wi-Fi bandwidth to help maintain efficient communication over the wireless network.
  • Page 79 Auto Channel Auto Channel Access point scans available Wi-Fi channels and changes the channel if better network performance is possible. Disabled by default. Scan Day Choose the day of the week when Auto Channel scans Wi-Fi channels. You may choose specific days or have the access point scan and select the best channel daily.

  • Page 80: Chapter 4 - System Status

    Chapter 4 - System Status Status System Summary Go to System Status > Status > System Summary for status of the access point.

  • Page 81: Lan Status

    System Summary Device SKU The SKU is often used to identify device model number and region. Firmware Version The version of the firmware currently installed. Firmware The checksum of the firmware running in the access point. Checksum Hardware Version The version of the hardware. Local MAC The MAC (physical) address of the wireless access point.
  • Page 83 VLAN VLAN Enabled or disabled (default). Untagged VLAN Enabled (default) or disabled. When enabled, and if its VLAN ID is equal to Untagged VLAN ID, all traffic is untagged when sent from LAN ports. Untagged traffic can be accepted by LAN ports. If disabled, traffic is always tagged when sent from LAN port and only tagged traffic can be accepted from LAN port.

  • Page 84: Wireless Status

    IP Address The IP address of the wireless access point. Subnet Mask The Network Mask (Subnet Mask) for the IP address above. Default Gateway Enter the gateway for the LAN segment to which the wireless access point is attached (the same value as the PCs on that LAN segment).
  • Page 85 Radio Status Wireless Radio Select the desired radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Radio Status Indicates whether the radio is enabled. Mode Current 802.11mode (a/b/g/n/ac) of the radio. Channel The channel currently in use.

  • Page 86: Wireless Clients

    WDS Root Status Status of the WDS Root: Enabled or Disabled. Local SSID Name of the WDS Root. Local MAC MAC Address of the WDS Root. VLAN List VLAN List of the WDS Root. When VLAN function is enabled, WDS Root only receives packets in the VLAN list from WDS Stations and packets not in the list will be dropped.
  • Page 87 Go to System Status > Status > Wireless Clients to see connected clients based on each wireless interface. Wireless Select the desired interface from the list. The interfaces include eight SSIDs per radio. Interface SSID Name Name of the SSID to which the client connects. Client MAC The MAC address of the client.

  • Page 89: Log View

    Wireless Radio Select the desired radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Transmit/Receive • Total Packets—The total packets sent (in Transmit table) or received (in Received table) by the interface. •...
  • Page 90 Log Messages Log Messages Show the log messages. Buttons Refresh Update the data on screen. Save Save the log to a file on your PC. Clear Delete the existing logs from device.

  • Page 91: Chapter 5 - Maintenance

    Go to Maintenance > Maintenance > Firmware Upgrade to upgrade the firmware in the wireless access point by using HTTP/HTTPS, or TFTP. Check the Linksys support website (http://www.linksys.com/support) and download the latest firmware release to a storage device or PC. Perform the firmware upgrade by following the steps below.
  • Page 92 To perform the firmware upgrade from TFTP server: 1. Enter the IP address of the TFTP server and the source file. The source file is the firmware filename you stored in your TFTP server. Only IPv4 addresses are supported. 2. Click Upgrade. To perform a firmware upgrade from the Internet: 1.

  • Page 93: Factory Default

    Backup/Restore to/from Local PC Backup Once you have the access point working properly, you should back up the settings to a file on your computer. Configuration You can later restore the access point's settings from this file, if necessary. To create a backup file of the current settings: •...
  • Page 94 Factory Default To restore your access point to its factory defaults, select an option and click Save. • Reset Parameters that can share with Slaves ONLY When current AP is a master of a cluster, select this option to restore all sharable parameters of current AP and its slaves to factory defaults.

  • Page 95: Diagnostics

    Device Reboot If you click Save when the Yes radio button is selected, the device will power cycle. Diagnostics Ping Test Go to Maintenance > Diagnostics > Ping Test to determine the accessibility of a host on the network.

  • Page 96: Packet Capture

    General IP Type Enter the IP type of destination address. IP or URL Enter the IP address or domain name that you want to ping. Address Packet Size Enter the size of the packet. Times to Ping Select the desired number from the drop-list. •...

  • Page 97: Diagnostic Log

    Network Interface Select the desired network interface from the drop- down list. The interface can be Radio, SSID or Ethernet. Start Capture Click to start the capture. You will be asked to specify a local file to store the packets. Stop Capture Click to stop the capture.

  • Page 98: Appendix A - Troubleshooting

    Appendix A - Troubleshooting Overview This chapter covers some common problems encountered while using the wireless access point, and some possible solutions to them. If you follow the suggested steps and the wireless access point still does not function properly, contact your dealer for further advice. General Problems I can't find new access point on my network.
  • Page 99 If there is no DHCP Server found, the wireless access point will roll back to an IP address and mask of 192.168.1.252 and 255.255.255.0. My PC can't connect to the LAN via the wireless access point. Check the following: • The SSID and security settings on the PC match the settings on the access point.

  • Page 100: Appendix B - About Wireless Lans

    Appendix B - About Wireless LANs Overview Wireless networks have their own terms and jargon. You must understand many of these terms in order to configure and operate a wireless LAN. Wireless LAN Terminology Modes Wireless LANs can work in either of two (2) modes: Ad-hoc •...
  • Page 101 ESS/ESSID A group of wireless stations, and multiple access points all using the same ID (ESSID), form an Extended Service Set (ESS). Different access points within an ESS can use different channels. To reduce interference, it is recommended that adjacent access points use different channels. As wireless stations are physically moved through the area covered by an ESS, they will automatically change to the access point that has the least interference or best performance.
  • Page 102 WPA-PSK In WPA-PSK, like WEP, data is encrypted before transmission. WPA is more secure than WEP. The PSK (pre-shared key) must be entered on each wireless station. The 256-bit encryption key is derived from the PSK, and changes frequently. WPA2-PSK This is a further development of WPA-PSK, and offers even greater security, using the AES (Advanced Encryption Standard) method of encryption.
  • Page 103 If this option is used: • The access point must have a client login on the RADIUS server. • Each user must have a user login on the RADIUS server. • Each user's wireless client must support 802.1X and provide the login data when required.

  • Page 104: Appendix C - Pc And Server Configuration

    Appendix C - PC and Server Configuration Overview All wireless stations need to have settings that match the wireless access point. These settings depend on the mode in which the access point is being used. • If using WEP or WPA2-PSK, it is only necessary to ensure that each wireless station's settings match those of the wireless access point, as described below.

  • Page 105: Using Wpa2-Psk

    Using WPA2-PSK For each of the following items, each wireless station must have the same settings as the wireless access point. Mode On each PC, the mode must be set to Infrastructure. SSID (ESSID) This must match the value used on the wireless access point. The default value is LinksysSMB24G for radio 1 and LinksysSMB5G for radio 2.

  • Page 106: Server Setup (Windows 2000 Server)

    Mode On each PC, the mode must be set to Infrastructure. SSID (ESSID) This must match the value used on the wireless access point. The default value is LinksysSMB24G for radio 1 and LinksysSMB5G for radio 2 . Note—The SSID is case sensitive. 802.1x Each client must obtain a certificate for authentication for the RADIUS server.

  • Page 107: Windows 2000 Domain Controller Setup

    • webserver (IIS) • RADIUS Server (Internet Authentication Service) • Certificate Authority Windows 2000 Domain Controller Setup 1. Run dcpromo.exe from the command prompt. 2. Follow all of the default prompts, ensure that DNS is installed and enabled during installation. Services Installation 1.

  • Page 108: Dhcp Server Configuration

    6. Enter the information for the Certificate Authority, and click Next. 7. Click Next if you don't want to change the CA's configuration data. 8. Installation will warn you that Internet Information Services are running, and must be stopped before continuing. Click OK, then Finish. DHCP server configuration 1.
  • Page 109 3. Click Next when the New Scope Wizard Begins. 4. Enter the name and description for the scope, click Next. 5. Define the IP address range. Change the subnet mask if necessary. Click Next. 6. Add exclusions in the address fields if required. If no exclusions are required, leave it blank.

  • Page 110: Certificate Authority Setup

    10. For the parent domain, enter the domain you specified for the domain controller setup, and enter the server's address for the IP address. Click Next. 11. If you don't want a WINS server, just click Next. 12. Select Yes, I want to activate this scope now. Click Next, then Finish. 13.
  • Page 111 4. Select Start > Programs > Administrative Tools > Active Directory Users and Computers. 5. Right-click on your active directory domain, and select Properties. 6. Select the Group Policy tab, choose Default Domain Policy then click Edit.
  • Page 112 7. Select Computer Configuration > Windows Settings > Security Settings > Public Key Policies, right-click Automatic Certificate Request Settings > New > Automatic Certificate Request. 8. When the Certificate Request Wizard appears, click Next. 9. Select Computer, click Next.
  • Page 113 10. Ensure that your Certificate Authority is checked, click Next. 11. Review the policy change information and click Finish. Start ” 12. Click > , type “cmd and press Enter. Enter “secedit /refreshpolicy machine_policy”. This command may take a few minutes to take effect.
  • Page 114 Internet Authentication Service (RADIUS) Setup 1. Select Start > Programs > Administrative Tools > Internet Authentication Service. 2. Right-click on Clients, and select New Client. 3. Enter a name for the access point, click Next. 4. Enter the address or name of the wireless access point, and set the shared secret, as entered on the Security Settings of the wireless access point.
  • Page 115 9. Click Permitted, then OK. Select Next. Grant remote access permission 10. Select . Click Next. 11. Click Edit Profile... and select the Authentication tab. Enable Extensible Authentication Protocol, and select Smart Card other Certificate. Deselect other authentication methods listed. Click OK.
  • Page 116 12. Select No if you don't want to view the help for EAP. Click Finish.

  • Page 117: 802.1X Client Setup On Windows Xp

    Remote Access Login for Users 1. Select Start > Programs > Administrative Tools > Active Directory Users and Computers. 2. Double-click on the user who you want to enable. 3. Select the Dial-in tab, and enable Allow access. Click OK. 802.1x Client Setup on Windows XP Windows XP ships with a complete 802.1x client implementation.

  • Page 118: Client Certificate Setup

    Client Certificate Setup 1. Connect to a network that doesn't require port authentication. 2. Start your Web browser. In the address box, enter the IP address of the Windows 2000 Server, followed by “/certsrv”, e.g., “http://192.168.0.2/certsrv”. 3. You will be prompted for a user name and password. Enter the User name and Password assigned to you by your network administrator, and click OK.
  • Page 119 5. Select User certificate request and select User Certificate, click Next. 6. Click Submit.
  • Page 120 7. A message will be displayed and the certificate will be returned to you. Click Install this certificate. 8. You will receive a confirmation message. Click Yes.

  • Page 121: X Authentication Setup

    9. Certificate setup is now complete. 802.1x Authentication Setup 1. Select Start > Control Panel > Network Connections. 2. Right-click on the Wireless Network Connection, and select Properties. 3. Select the Authentication tab, and ensure that Enable network access control using IEEE 802.1X is selected, and Smart Card or other Certificate is selected from the EAP type.
  • Page 122 Encryption Settings The encryption settings must match the access point’s on the wireless network you wish to join. Windows XP will detect any available wireless networks, and allow you to configure each • network independently. Your network administrator can advise you of the correct settings for each network. •...

  • Page 123: Using 802.1X Mode (Without Wpa)

    4. Setup for Windows XP and 802.1x client is now complete. Using 802.1x Mode (without WPA) This is very similar to using WPA-Enterprise. The only difference is that on your client, you must NOT enable the setting The key is provided for me automatically.
  • Page 124 Note—On some systems, the 64-bit WEP key is shown as 40-bit and the 128-bit WEP key is shown as 104-bit. This difference arises because the key input by the user is 24 bits less than the key size used for encryption.
  • Page 125 LNKPG-00113 Rev. B00...

Table of Contents