Linksys LAPN600 User Manual
  1. Manuals
  2. Brands
  3. Linksys Manuals
  4. Access point
  5. LAPN600
  6. User manual

Linksys LAPN600 User Manual

Wireless-n600 dual band access point with poe
Hide thumbs Also See for LAPN600:
Table of Contents

Advertisement

Quick Links

Download this manual
LAPN600
Wireless-N600 Dual Band
Access Point with PoE
User's Guide

Advertisement

Table of Contents
loading

Related Manuals for Linksys LAPN600

Summary of Contents for Linksys LAPN600

  • Page 1 LAPN600 Wireless-N600 Dual Band Access Point with PoE User's Guide...

  • Page 3: Table Of Contents

    ABLE OF ONTENTS   CHAPTER 1 QUICK START GUIDE ................... 1   Package Contents ......................1   Physical Details ........................1   Mounting Guide ......................... 3   CHAPTER 2 ACCESS POINT SETUP .................. 4   Overview ..........................4   Setup using a Web Browser ....................4  ...
  • Page 4   APPENDIX C PC AND SERVER CONFIGURATION ............ 72   Overview .......................... 72   Using WEP ........................72   Using WPA2-PSK ......................73   Using WPA2-Enterprise ....................74   802.1x Server Setup (Windows 2000 Server) ..............75   802.1x Client Setup on Windows XP ................85 Using 802.1x Mode (without WPA) ................

  • Page 5: Chapter 1 Quick Start Guide

    Ethernet Port - Connect a wired network device to this port. This port supports PoE (Power over Ethernet) with a PoE switch or PoE injector. LAPN300 can be powered on from an 802.3af/802.3at compliance source, and LAPN600 is powered on from an 802.3at compliance source.
  • Page 6 NOTE: If connected to a PoE switch or PoE injector, PoE will take precedence over an AC power adapter. Reset Button - Press and hold this button for less than 15 seconds to power cycle device. Press and hold for longer than 15 seconds to reset the device to factory default settings.

  • Page 7: Mounting Guide

    6. Connect the Ethernet cable and/or AC power adapter to your device 7. Slide the device into the bracket. Turn access point clockwise until it locks. IMPORTANT Improper or insecure mounting could result in damage to the device or personal injury. Linksys is not responsible for damages caused by improper mounting.

  • Page 8: Chapter 2 Access Point Setup

    Chapter 2 Access Point Setup Overview This chapter describes the setup procedure to connect the wireless access point to your LAN, and configure it as an access point for your wireless stations. Wireless stations may also require configuration. For details, see Appendix C - Wireless Station Configuration.
  • Page 9 Figure 1: Password Dialog 5. From the status screen menu configure for your environment. Details of these screens and settings are described in the following sections of this chapter. 6. You may also wish to change the admin password on the User Accounts screen, accessed from the Configuration menu.

  • Page 10: Setup Wizard

    Setup Wizard The first time you connect to the wireless access point, run the Setup Wizard to configure the device. 1. Click the Quick Start link on the main menu Figure 2: Setup Wizard 2. On the first screen, click Launch. 3.
  • Page 11 Figure 4: Setup Wizard - IPv4 6. Set the SSID information on the Wireless Network screen. Click Next. Figure 5: Setup Wizard - Wireless Network 7. On the Wireless Security Screen (Figure 8) configure the wireless security settings for the device.
  • Page 12 8. On the Summary screen, check the data to make sure they are correct and then click Submit to save the changes. Figure 7: Setup Wizard - Summary 9. Click Finish to leave the wizard. Figure 8: Setup Wizard - Finish...

  • Page 13: User Accounts

    User Accounts Click User Accounts on the Administration menu to manage user accounts. The access point supports up to 5 users: one administrator and four normal users. Figure 9: User Accounts Data - User Accounts Screen User Account Table User Name Enter the User Name to connect to the access point’s admin interface.

  • Page 14: Time Screen

    Time Screen Click Time on the Administration menu to configure system time of the device. Figure 10: Time Screen Data - Time Screen Time Current Time Display current date and time of the system. Manually Set date and time manually. Automatically When enabled (default setting) the access point will get the current time from a public time server.
  • Page 15 Enter the secondary NTP server. It can be an IPv4 address or a domain NTP Server 2 name. Valid characters include alphanumeric characters, "_", "-" and ".". Maximum length is 64 characters.

  • Page 16: Log Settings Screen

    Log Settings Screen The logs record various types of activity on the access point. This data is useful for trouble- shooting, but enabling all logs will generate a large amount of data and adversely affect performance. Figure 11: Log Settings Screen Data - Logs Screen Log Types Select events to log.
  • Page 17 Username Enter the Username to login to your SMTP server. The Username can include up to 32 characters. Special characters are allowed. Password Enter the Password to login to your SMTP server. The Password can include up to 32 characters. Special characters are allowed.

  • Page 18: Management Access Screen

    Management Access Screen You can use the Management page to configure the management methods of the access point. Figure 12: Management Access Screen Data - Management Access Screen Web Access HTTP (Hyper Text Transfer Protocol) is the standard for HTTP transferring files (text, graphic images and other multimedia files) on the World Wide Web.
  • Page 19 From Wireless Enable wireless devices to connect to access point’s admin page. Disabled by default. Access Control By default, no IP addresses are prohibited from accessing the device’s admin page. You can enable access control and enter specified IP addresses for access. Four IPv4 and four IPv6 ad- dresses can be specified.
  • Page 20 Trap Community Enter the Trap Community server. It includes 1 to 32 characters. Special characters are allowed. Trap Destination Two Trap Community servers are supported: can be IPv4 or IPv6.

  • Page 21: Ssl Certificate Screen

    SSL Certificate Screen This screen can be used to manage SSL certificate used by HTTPS. Figure 13: SSL Certificate Screen Data - SSL Certificate Screen Export/Restore to/from Local PC Export SSL Click to export the SSL certificate. Certificate Install Certificate Browse to choose the certificate file.
  • Page 22 Restore from TFTP Server Enter the name of the source file. Source File TFTP Server Enter the IP address for the TFTP server. Only support IPv4 address here. Install Click to install the file to the device.

  • Page 23: Network Setup Screen

    Network Setup Screen Use this screen to configure basic device settings, VLAN settings and settings for the LAN interface, including static or dynamic IPv4/IPv6 address assignment. Figure 14: Network Setup Screen Data - Network Setup Screen TCP/IP Host Name Assign a host name to this access point. Host name consists of 1 to 15 characters.
  • Page 24 Untagged VLAN Specifies a number between 1 and 4094 for the untagged VLAN ID. The default is 1. Traffic on the VLAN that you specify in this field is not be tagged with a VLAN ID when forwarded to the network. Untagged VLAN ID field is active only when untagged VLAN is enabled.

  • Page 25: Advanced Screen

    Advanced Screen Use this screen to configure advanced network settings of the access point. Figure 15: Advanced Screen Data - Advanced Screen Port Settings Auto Negotiation If enabled, Port Speed and Duplex Mode will become grey and cannot be configured. If disabled, Port Speed and Duplex Mode can be configured.
  • Page 26 Enable or disable flow control of the Ethernet port. Flow Control 802.1x Supplicant 802.1x Enable if your network requires this access point to use 802.1X Supplicant authentication in order to operate. This feature supports following two kinds of authentication: Authentication •...

  • Page 27: Wireless Screens

    Wireless Screens There are ten configuration screens: • Basic Settings • Security • Rogue AP Detection • Scheduler • Scheduler Association • Connection Control • Rate Limit • • Workgroup Bridge • Advanced Settings Basic Settings Basic Settings provides the essential configuration for your wireless radio and SSIDs. You should able to set up your wireless network with these essential parameters configured.
  • Page 28 Data - Wireless Basic Settings Screen Basic Wireless Settings Wireless Radio Select the wireless radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Enable Radio Enable or disable the wireless radio. Wireless Mode Select the desired option for radio 1: •...

  • Page 29: Security Settings

    Security Settings Use this screen to configure security settings of SSIDs to provide data protection over the wireless network Figure 17: Security Settings Data - SSID Settings Screen Security Select SSID Select the desired SSID from the drop-down list. Select the desired security method from the list. Security Mode Security Settings •...
  • Page 30 • Each user must authenticate on the RADIUS Server. This is usually done using digital certificates. • Each user's wireless client must support 802.1x and provide the RADIUS authentica- tion data when required. • All data transmission is encrypted using the WPA2 standard. Keys are automatically generated, so no key input is required.
  • Page 31 Security Settings - WEP This is the 802.11b standard. Data is encrypted before transmission, but the encryption system is not very strong. Figure 18: WEP Wireless Security Screen Data - WEP Screen Select Open System or Shared Key. All wireless stations must use the Authentication same method.
  • Page 32 Security Settings - WPA2-Personal This is a further development of WPA-Personal, and offers even greater security. Figure 19: WPA2-Personal Wireless Security Screen Data - WPA2-Personal Screen WPA2-Personal WPA Algorithm The encryption method is AES. Wireless stations must also use AES. Pre-shared Key Enter the key value.
  • Page 33 Security Settings - WPA/WPA2-Personal This method, sometimes called Mixed Mode, allows clients to use either WPA-Personal or WPA2-Personal. Figure 20: WPA/WPA2-Personal Wireless Security Screen Data - WPA/WPA2-Personal Screen WPA/WPA2-Personal WPA Algorithm The encryption method is TKIP or AES. Enter the key value. It is 8 to 63 ASCII characters or 64 HEX Pre-shared Key characters.
  • Page 34 Security Settings - WPA2-Enterprise This version of WPA2-Enterprise requires a RADIUS Server on your LAN to provide the client authentication. Data transmissions are encrypted using the WPA2 standard. Figure 21: WPA2-Enterprise Wireless Security Screen Data - WPA2-Enterprise Screen WPA2-Enterprise Primary Server Enter the IP address of the RADIUS Server on your network.
  • Page 35 Key Renewal Timeout Specify the value of Group Key Renewal. It is a value from 600 to 36000, and default is 3600. WPA automatically changes secret keys after a certain period of time. The group key interval is the period of time in between automatic changes of the group key, which all devices on the network share.
  • Page 36 Security Settings - WPA/WPA2-Enterprise WPA/WPA2-Enterprise requires a RADIUS Server on your LAN to provide the client authen- tication. Data transmissions are encrypted using WPA2 standard. Figure 22: WPA/WPA2-Enterprise Wireless Security Screen Data - WPA/WPA2-Enterprise Screen WPA/WPA2-Enterprise Enter the IP address of the RADIUS Server on your network. Primary Server Primary Server Port Enter the port number used for connections to the RADIUS...
  • Page 37 Key Renewal Timeout Specify the value of Group Key Renewal. It is a value from 600 to 36000, and default is 3600. WPA automatically changes secret keys after a certain period of time. The group key interval is the period of time between automatic changes of the group key, which all devices on the network share.
  • Page 38 RADIUS Use RADIUS server for authentication and dynamic WEP key generation for data encryption. Figure 23: RADIUS Settings Data - RADIUS Screen Authentication Server Enter the IP address of the RADIUS Server on your network. Primary Server Primary Server Port Enter the port number used for connections to the RADIUS Server.

  • Page 39: Rogue Ap Detection

    Rogue AP Detection Rogue AP detection is used to detect the unexpected or unauthorized access point installed in a secure network environment. Figure 24: Rogue AP Screen Data - Rogue AP Screen Select the desired radio from the list. Wireless Radio Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz.
  • Page 40 The MAC address of the Trusted AP. MAC Address SSID The SSID of the Trusted AP. Channel The channel of the Trusted AP. Security The security method of the Trusted AP. The signal level of the Trusted AP. Signal New MAC Add one trusted AP by MAC address.

  • Page 41: Scheduler

    Scheduler Configure a rule with a specific time interval for SSIDs to be operational. Automate enabling or disabling SSIDs based on the profile definition. Support up to 16 profiles and each profile can include 4 time rules. Figure 25: Scheduler Screen Data - Scheduler Screen Wireless Scheduler Enable or disable wireless scheduler on the radio.
  • Page 42 The detailed reason for the scheduler operational status. It includes Reason following situations. • System time is outdated. Scheduler is inactive because system time is outdated. • Administrative Mode is disabled. Scheduler is disabled by administrator. • Active Scheduler is active. Scheduler Profile configuration New Profile Name Enter the name for new profile.

  • Page 43: Scheduler Association

    Scheduler Association Associate defined scheduler profiles with SSIDs. Figure 26: Scheduler Association Screen Data - Scheduler Association Screen Wireless Radio Select the desired radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Scheduler Association The index of SSID.

  • Page 44: Connection Control

    Connection Control Exclude or allow only listed client stations to authenticate with the access point. Figure 27: Connection Control Screen Data - Connection Control Screen Select the desired SSID from the list. SSID Select the option from the drop-down list as desired. Connection Type •...

  • Page 45: Rate Limit

    Rate Limit Limit downstream and upstream rate of SSIDs. Figure 28: Rate Limit Screen Data - Rate Limit Screen Select the desired radio from the list. Wireless Radio Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Rate Limit The index of SSID.

  • Page 46: Qos

    The QoS (Quality of Service) feature allows you to specify priorities for different traffic coming from your wireless client. Lower priority traffic will be slowed down to allow greater throughput or less delay for high priority traffic. Figure 29: QoS Screen Data - QoS Screen QoS Setting Select the desired radio from the list.
  • Page 47 Enable or disable WMM. WMM (Wi-Fi Multimedia) is a component of the IEEE 802.11e wireless LAN standard for QoS. WMM provides prioritization of wireless data packets from different applications based on four access categories: voice, video, best effort, and background. For an application to receive the benefits of WMM QoS, both it and the client running that application have to have WMM enabled.

  • Page 48: Workgroup Bridge

    Workgroup Bridge Workgroup Bridge feature enables the access point to extend the accessibility of a remote network. In Workgroup Bridge mode, the access point acts as a wireless station (STA) on the wireless LAN. It can bridge traffic between a remote wired network and a wireless LAN. When Workgroup Bridge is enabled, SSID configuration still works to provide wireless services to clients.
  • Page 49 Workgroup Bridge Status Enable or disable Workgroup Bridge function. Status Before configuring Workgroup Bridge, make sure all devices in Workgroup Bridge have the following identical settings. • Radio • IEEE 802.11 Mode • Channel Bandwidth • Channel (Auto is not recommended) Infrastructure Client Interface Enter the name of the SSID to which Workgroup Bridge will connect.

  • Page 50: Advanced Settings

    If your country or region is not listed, please check with your local government agency or Linksys’s website for more information on which channels to use. Note: The country code function is for non-US model...
  • Page 51 Band Steering Band Steering Enable or disable Band Steering function. Band Steering is a technology that detects whether the wireless client is dual-band capable. If it is, band steering pushes the client to connect to the less-congested 5 GHz network. It does this by actively blocking the client’s attempts to connect with the 2.4GHz network.
  • Page 52 DTIM Interval Enter the Delivery Traffic Information Map (DTIM) period, an integer from 1 to 255 beacons. The default is 1 beacon. The DTIM message is an element included in some beacon frames. It indicates which client stations, currently sleeping in low-power mode, have data buffered on the access point await- ing pickup.

  • Page 53: Chapter 3 Operation And Status

    Chapter 3 Operation and Status Operation You may need to perform the following operations on a regular basis. • If using the Access Control feature, update the Trusted PC database as required. (See Access Control in Chapter 2 for details.) •...
  • Page 54 Data - System Summary Screen System Summary Device SKU The SKU is often used to identify device model number and region. Firmware Version The version of the firmware currently installed. Firmware Checksum The checksum of the firmware running in the access point. The MAC (physical) address of the wireless access point.

  • Page 55: Lan Status

    LAN Status LAN Status displays settings, and status of LAN interface. Figure 33: LAN Status Screen Data - LAN Status VLAN VLAN Enabled or disabled (default). Untagged VLAN Enabled (default) or disabled. When enabled, and if its VLAN ID is equal to Untagged VLAN ID, all traffic is untagged when sent from LAN ports.
  • Page 56 Management VLAN Displays the Management VLAN ID. The VLAN associated with the IP address you use to connect to the access point. Provide a number between 1 and 4094 for the Management VLAN ID. The default is 1. This VLAN is also the default untagged VLAN. If you already have a management VLAN configured on your network with a different VLAN ID, you must change the VLAN ID of the man- agement VLAN on the access point.

  • Page 57: Wireless Status

    Wireless Status Wireless Status displays settings and status of wireless radios and SSIDs. Figure 34: Wireless Status Screen Data - Wireless Status Radio Status Select the desired radio from the list. Wireless Radio Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. Indicates whether the radio is enabled.
  • Page 58 Status Status of the SSID, enabled or disabled. MAC Address of the SSID. MAC Address VLAN ID VLAN ID of the SSID. Priority The 802.1p priority of the SSID. Current scheduler status of the SSID. Scheduler State • N/A No scheduler is enabled on the SSID, or the SSID is disabled by administrator.

  • Page 59: Wireless Clients

    Wireless Clients Wireless Clients displays list of connected clients based on each wireless interface. Figure 35: Wireless Clients Screen Data - Wireless Clients Wireless Interface Select the desired interface from the list. The interfaces include 8 SSIDs per radio. Name of the SSID to which the client connects. SSID Name Client MAC The MAC address of the client.

  • Page 60: Statistics

    Statistics Statistics provides real-time transmitted and received statistics data based on each SSID per Radio, and LAN interface. Figure 36: Statistics Screen Data - Statistics Wireless Radio Select the desired radio from the list. Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz. •...

  • Page 61: Log View

    Log View Log View shows a list of system events that are generated by each single log entry, such as login attempts and configuration changes. Figure 37: Log View Screen Data - Log View Log Messages Log Messages Show the log messages. Buttons Update the data on screen.

  • Page 62: Chapter 4 Access Point Management

    The firmware (software) in the wireless access point can be upgraded by using HTTP/HTTPS, or TFTP. Check Linksys support website (http://www.linksys.com/business/support) and download the latest firmware release to your storage such as PC. Then, perform firmware upgrade by following the steps below.
  • Page 63 Figure 38: Firmware Upgrade Screen To perform the firmware upgrade from local PC: 1. Click the Browse button and navigate to the location of the upgrade file. 2. Select the upgrade file. Its name will appear in the Upgrade File field. 3.

  • Page 64: Configuration

    Configuration Configuration backup/restore allows you to download the configuration file from device to external storage, e.g., your PC, or network storage, or to upload a previously saved configura- tion file from external storage to device. It is highly recommended you save one extra copy of the configuration file to external storage after you are done with access point setup.
  • Page 65 Backup/Restore to/from TFTP server Backup To create a backup file of the current settings: Configuration 1. Enter the destination file name you plan to save in TFTP server. 2. Enter the IP address for the TFTP server. Only support IPv4 address here.

  • Page 66: Factory Default

    Factory Default It’s highly recommended you save your current configuration file before you restore to factory default settings. To save your current configuration file, click Maintenance Configuration Backup/Restore. Figure 40: Factory Default Screen Data - Factory Default Screen Factory Default If Yes radio button is clicked and Save button is pressed, your current configuration file will be deleted, and the system will reboot.

  • Page 67: Reboot

    Reboot Reboot power cycles the device. The current configuration file will remain after reboot. Figure 41: Reboot Screen Data - Reboot Screen Device Reboot If Yes radio button is checked, device will power cycle after Save button is pressed.

  • Page 68: Ping Test

    Ping Test Ping Test is used to determine the accessibility of a host on the network. Figure 42: Ping Test Screen Data - Ping Test Screen General Enter the IP type of destination address. IP Type IP or URL Address Enter the IP address or domain name that you want to ping.

  • Page 69: Packet Capture

    Packet Capture Packet Capture is used to capture and store 802.3 packets received and transmitted by the access point based on one specified network interface. Network interface can be radio, SSID or LAN. Figure 43: Packet Size Screen Data - Packet Size Screen Network Interface Select the desired network interface from the drop-down list.

  • Page 70: Diagnostic Log

    Diagnostic Log Diagnostic Log provides system detail information, such as configuration file, system status and statistics data, hardware information, operational status. The information is useful in troubleshooting and working with technical support. Figure 44: Diagnostic Screen Data - Diagnostic Screen Download Click to download the device diagnostic log into a local file.

  • Page 71: Appendix A Troubleshooting

    Appendix A Troubleshooting Overview This chapter covers some common problems encountered while using the wireless access point, and some possible solutions to them. If you follow the suggested steps and the wireless access point still does not function properly, contact your dealer for further advice. General Problems Problem 1: I can't find new access point on my network.
  • Page 72 If there is no DHCP Server found, the wireless access point will roll back to an IP address and mask of 192.168.1.252 and 255.255.255.0. Problem 2: My PC can't connect to the LAN via the wireless access point. Solution 2: Check the following: •...

  • Page 73: Appendix B About Wireless Lans

    Appendix B About Wireless LANs Overview Wireless networks have their own terms and jargon. It is necessary to understand many of these terms in order to configure and operate a wireless LAN. Wireless LAN Terminology Modes Wireless LANs can work in either of two (2) modes: •...
  • Page 74 As wireless stations are physically moved through the area covered by an ESS, they will automatically change to the access point that has the least interference or best performance. This capability is called Roaming. (Access points do not have or require roaming capabili- ties.) Channels The wireless channel sets the radio frequency used for communication.
  • Page 75 WPA-Enterprise This version of WPA requires a RADIUS server on your LAN to provide the client authentica- tion according to the 802.1X standard. Data transmissions are encrypted using the WPA standard. If this option is used: • The access point must have a "client login" on the RADIUS server. •...

  • Page 76: Appendix C Pc And Server Configuration

    Appendix C PC and Server Configuration Overview All wireless stations need to have settings that match the wireless access point. These settings depend on the mode in which the access point is being used. • If using WEP or WPA2-PSK, it is only necessary to ensure that each wireless station's settings match those of the wireless access point, as described below.

  • Page 77: Using Wpa2-Psk

    Using WPA2-PSK For each of the following items, each wireless station must have the same settings as the wireless access point. Mode On each PC, the mode must be set to Infrastructure. This must match the value used on the wireless access point. SSID (ESSID) The default value is LinksysSMB24G for radio 1 and LinksysSMB5G for radio 2.

  • Page 78: Using Wpa2-Enterprise

    Using WPA2-Enterprise This is the most secure and most complex system. WPA-Enterprise mode provides greater security and centralized management, but it is more complex to configure. Wireless Station Configuration For each of the following items, each wireless station must have the same settings as the wireless access point.

  • Page 79: 802.1X Server Setup (Windows 2000 Server)

    802.1x Server Setup (Windows 2000 Server) This section describes using Microsoft Internet Authentication Server as the RADIUS server, since it is the most common RADIUS server available that supports the EAP-TLS authentica- tion method. The following services on the Windows 2000 Domain Controller (PDC) are also required. •...
  • Page 80 Figure 46: Components Screen 4. Click Next. 5. Select the Enterprise root CA, and click Next. Figure 47: Certification Screen 6. Enter the information for the Certificate Authority, and click Next.
  • Page 81 Figure 48: CA Screen 7. Click Next if you don't want to change the CA's configuration data. 8. Installation will warn you that Internet Information Services are running, and must be stopped before continuing. Click OK, then Finish. DHCP server configuration 1.
  • Page 82 Figure 50: IP Address Screen 6. Add exclusions in the address fields if required. If no exclusions are required, leave it blank. Click Next. 7. Change the Lease Duration time if preferred. Click Next. 8. Select Yes, I want to configure these options now, and click Next. 9.
  • Page 83 Certificate Authority Setup 1. Select Start -> Programs -> Administrative Tools -> Certification Authority. 2. Right-click Policy Settings, and select New -> Certificate to Issue. Figure 52: Certificate Authority Screen 3. Select Authenticated Session and Smartcard Logon (select more than one by holding down the Ctrl key).
  • Page 84 Figure 54: Active Directory Screen 6. Select the Group Policy tab, choose Default Domain Policy then click Edit. Figure 55: Group Policy Tab 7. Select Computer Configuration -> Windows Settings -> Security Settings -> Public Key Policies, right-click Automatic Certificate Request Settings -> New -> Automatic Certifi- cate Request.
  • Page 85 Figure 56: Group Policy Screen 8. When the Certificate Request Wizard appears, click Next. 9. Select Computer, click Next. Figure 57: Certificate Template Screen 10. Ensure that your Certificate Authority is checked, click Next. 11. Review the policy change information and click Finish. 12.
  • Page 86 Internet Authentication Service (RADIUS) Setup 1. Select Start -> Programs -> Administrative Tools -> Internet Authentication Service 2. Right-click on Clients, and select New Client. Figure 58: Service Screen 3. Enter a name for the access point, click Next. 4. Enter the address or name of the wireless access point, and set the shared secret, as entered on the Security Settings of the wireless access point.
  • Page 87 11. Click Edit Profile... and select the Authentication tab. Enable Extensible Authentication Protocol, and select Smart Card or other Certificate. Deselect other authentication me- thods listed. Click OK. Figure 60: Authentication Screen 12. Select No if you don't want to view the help for EAP. Click Finish.
  • Page 88 Remote Access Login for Users 1. Select Start -> Programs -> Administrative Tools -> Active Directory Users and Comput- ers. 2. Double click on the user who you want to enable. 3. Select the Dial-in tab, and enable Allow access. Click OK. Figure 61: Dial-in Screen...

  • Page 89: 802.1X Client Setup On Windows Xp

    802.1x Client Setup on Windows XP Windows XP ships with a complete 802.1x client implementation. If using Windows 2000, you can install SP3 (Service Pack 3) to gain the same functionality. If you don't have either of these systems, you must use the 802.1x client software provided with your wireless adapter.
  • Page 90 Figure 63: Wireless CA Screen 5. Select User certificate request and select User Certificate, click Next. Figure 64: Request Type Screen 6. Click Submit.
  • Page 91 Figure 65: Identifying Information Screen 7. A message will be displayed and the certificate will be returned to you. Click Install this certificate. Figure 66: Certificate Issued Screen 8. You will receive a confirmation message. Click Yes.
  • Page 92 Figure 67: Root Certificate Screen 9. Certificate setup is now complete. 802.1x Authentication Setup 1. Open the properties for the wireless connection, by selecting Start - Control Panel - Network Connections. 2. Right-click on the Wireless Network Connection, and select Properties. 3.
  • Page 93 • Your network administrator can advise you of the correct settings for each network. 802.1x networks typically use EAP-TLS. This is a dynamic key system, so there is no need to enter key values. Enabling Encryption To enable encryption for a wireless network, follow this procedure. 1.
  • Page 94 Figure 70: Properties Screen Setup for Windows XP and 802.1x client is now complete.

  • Page 95: Using 802.1X Mode (Without Wpa)

    Using 802.1x Mode (without WPA) This is very similar to using WPA-Enterprise. The only difference is that on your client, you must NOT enable the setting The key is pro- vided for me automatically. Instead, you must enter the WEP key manually, ensuring it matches the WEP key used on the access point.

  • Page 96: Regulatory Approvals

    Regulatory Approvals Federal Communication Commission Interference Statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.

  • Page 97: Radiation Exposure Statement

    Caution (i) the device for operation in the band 5150-5250 MHz is only for indoor use to reduce the potential for harmful interference to co-channel mobile satellite systems; (ii) high-power radars are allocated as primary users (i.e. priority users) of the bands 5250- 5350 MHz and 5650-5850 MHz and that these radars could cause interference and/or damage to LE-LAN devices.

Table of Contents