H3c-technologies H3C WA3600 Series Access Points Manuel d'utilisateur

H3C WA Series Access PointsWeb-Based Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document versio

v Recommended configuration procedure ··········································································································· 194

87 Loopback configuration You can check whether an Ethernet port works normally by performing the Ethernet port loopback test, during which the port

88 Table 43 Configuration items Item Description Testing type External. Sets the loopback test type, which can be selected between External and Inter

89 MAC address configuration NOTE: • MAC address configurations related to interfaces apply only to Layer 2 Ethernet interfaces. • This chapter

90 Figure 86 MAC address table of the device Configuring a MAC address entry 1. Select Network > MAC from the navigation tree. The system autom

91 Figure 88 Create a MAC address entry 3. Configure the MAC address entry as described in Table 44. 4. Click Apply. Table 44 Configuration item

92 Figure 89 Set the aging time for MAC address entries 3. Set the aging time as described in Table 45. 4. Click Apply. Table 45 Configuration it

93 Figure 90 Create a static MAC address entry

94 VLAN configuration Overview Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. As t

95 Creating a VLAN 1. Select Network > VLAN from the navigation tree. The system automatically selects the VLAN tab and enters the page as shown

96 Figure 94 Modify a VLAN 3. Configure the description and port members for the VLAN as described in Table 46. 4. Click Apply. Table 46 Configur

vi Workgroup bridge mode overview ····················································································································

97 3. Click the icon for the port to be modified to enter the page as shown in Figure 96. Figure 96 Modify a port 4. Configure the port as des

98 VLAN configuration example Network requirements As shown in Figure 97: • GigabitEthernet 1/0/1 on both devices are hybrid ports with VLAN 1 as th

99 Figure 99 Configure GigabitEthernet 1/0/1 as a tagged member of VLAN 2 and VLANs 6 through 50 d. Click Apply. A dialog box appears asking you t

100 • VLAN 1 is the default VLAN, which cannot be manually created or removed. • Some VLANs are reserved for special purposes. You cannot manually

101 ARP configuration Overview Introduction to ARP The Address Resolution Protocol (ARP) is used to resolve an IP address into an Ethernet MAC addres

102 Figure 101 ARP Table configuration page Creating a static ARP entry 1. Select Network > ARP Management from the navigation tree to enter th

103 Item Description Advanced Options VLAN ID. Enter a VLAN ID and specify a port for the static ARP entry. IMPORTANT: The VLAN ID must be the ID of

104 Static ARP configuration example Network requirements To enhance communication security between the AP and the router, configure static ARP entri

105 IGMP snooping configuration Internet Group Management Protocol (IGMP) snooping is a multicast constraining mechanism that runs on Layer 2 devices

106 Recommended configuration procedure Step Remarks 1. Enabling IGMP snooping globally Required By default, IGMP snooping is disabled. 2. Configu

vii Configuration procedure ··························································································································

107 Figure 107 Basic IGMP snooping configurations Configuring IGMP snooping on a VLAN 1. Select Network > IGMP snooping from the navigation tre

108 4. Click Apply. Table 50 Configuration items Item Description VLAN ID This field displays the ID of the VLAN to be configured. IGMP snooping En

109 Figure 109 Advanced configuration 3. Configure IGMP snooping on a port as described in Table 51. 4. Click Apply. Table 51 Configuration item

110 Displaying IGMP snooping multicast entry information 1. Select Network > IGMP snooping from the navigation tree to enter the basic configurat

111 IGMP snooping configuration example Network requirements • As shown in Figure 112, Router A connects to a multicast source (Source) through Ethe

112 2. Enable IGMP snooping and the function of dropping unknown multicast data on VLAN 1 (where GigabitEthernet 1/0/1 and WLAN-BSS 1 reside by defa

113 Figure 116 Information about an IGMP snooping multicast entry

114 IPv4 and IPv6 routing configuration NOTE: The term router in this document refers to routers and APs with the routing functions. Overview Upo

115 Figure 117 IPv4 active route table Table 53 Field description Field Description Destination IP Address Destination IP address and subnet mask o

116 Figure 118 Create an IPv4 static route 3. Specify relevant information as described in Table 54. 4. Click Apply. Table 54 Configuration ite

viii Configuring band navigation ·····················································································································

117 Item Description Interface Select the outgoing interface. You can select any available Layer 3 interface, for example, a virtual interface, of t

118 Creating an IPv6 static route 1. Select Network > IPv6 Routing from the navigation tree. 2. Click the Create tab to enter the IPv6 static ro

119 Item Description Interface Select the outgoing interface. You can select any available Layer 3 interface, for example, a virtual interface, of t

120 Figure 122 Configure a default route Verifying the configuration 1. Display the route table: Enter the IPv4 route page of Switch A, Switch B,

121 IPv6 static route configuration example Network requirements The IP addresses of devices are shown in Figure 123. IPv6 static routes must be conf

122 Figure 124 Configure a default route Verifying the configuration 1. Display the route table: Enter the IPv6 route page of Switch A, Switch B,

123 0.00% packet loss round-trip min/avg/max = 62/62/63 ms Configuration guidelines When you configure a static route, follow these guideline

124 DHCP overview NOTE: After the DHCP client is enabled on an interface, the interface can dynamically obtain an IP address andother configuratio

125 Step Remarks 3. Enabling the DHCP server on an interface Optional With the DHCP server enabled on an interface, upon receiving a client's r

126 2. Select the Static option in the Address Pool field to view all static address pools. 3. Click Add to enter the page shown in Figure 127. Fi

1 About the WA series access points Web-based configuration guide The H3C WA series access points Web-based configuration guide describes the software

127 Item Description Gateway Address Enter the gateway addresses for the client. A DHCP client that wants to access an external host needs to send re

128 Figure 128 Create a dynamic address pool 4. Configure the dynamic address pool as described in Table 58. 5. Click Apply. Table 58 Configurati

129 Item Description Gateway Address Enter the gateway addresses for the client. DHCP clients that want to access hosts outside the local subnet requ

130 Table 59 Field description Item Description IP Address Assigned IP address. Client MAC Address/Client ID Client MAC address or client ID bound

131 Figure 131 Enable DHCP 2. Enable the DHCP server on VLAN-interface 1: (This operation can be omitted because the DHCP server is enabled on the

132 − Enter 10.1.1.2 for Gateway Address. c. Click Apply. Figure 133 Configure a dynamic address pool for the DHCP server

133 DNS configuration Overview Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain names into correspo

134 Configuring dynamic domain name resolution Step Remarks 1. Configuring dynamic domain name resolution Required Enable dynamic domain name resol

135 Table 60 Configuration items Item Description Host Name Configure the mapping between a host name and an IP address in the static domain mane tab

136 Figure 137 Add a DNS server address Adding a domain name suffix 1. Select Network > DNS from the navigation tree 2. Click the Dynamic tab

2 Table 2 Feature matrix Module Feature WA2600 series WA3600 series Device Optical Ethernet interface Supported on the WA2620X-AGNP Not supported. De

137 dynamic domain name resolution. The IP address of the DNS server is 2.1.1.2/16 and the DNS server has a com domain, which stores the mapping betw

138 a. In Figure 141, right click zone com, and then select New Host. Figure 141 Add a host b. In the dialog box as shown in Figure 142, enter h

139 Configuring the AP 1. Enable dynamic DNS: a. Select Network > DNS from the navigation tree. b. Click the Dynamic tab to enter the page show

140 c. Click Apply. Figure 145 Add a domain name suffix Verifying the configuration Use the ping host command on the AP to verify that the commun

141 PPPoE Overview Point-to-Point Protocol over Ethernet (PPPoE) uses the client/server model. It establishes point-to-point links over Ethernet, and

142 Figure 148 PPPoE client information 2. Click Add to enter the page for creating a PPPoE client, as shown in 2. Figure 149 Create a PPPoE clie

143 Task Remarks IP Config Configure the way the dialer interface obtains its IP address: • None: Not configure IP address • Static Address: Static

144 Figure 150 Statistic information Table 62 Field description Field Description Interface Ethernet interface where the PPPoE session belongs. Thi

145 Figure 151 Summary information Table 63 Field description Field Description Session Number PPPoE session ID. Dialer Interface Number Number of

146 Configuring the PPPoE client 1. Create a PPPoE client: a. Select Network > PPPoE from the navigation tree. The system automatically enters

3 Quick Start The Quick Start wizard leads you through basic configuration procedures to quickly make your device available for use. Quick Start wiza

147 1. Select Network > PPPoE from the navigation tree of the AP and click the Session tab. 2. Select Summary Information from the Information T

148 Service management Overview The service management module provides the following types of services: Telnet, SSH, SFTP, HTTP and HTTPS. You can en

149 Configuring service management 1. Select Network > Service from the navigation tree to enter the service management configuration page, as sh

150 Item Description HTTPS Enable HTTPS service. Specifies whether to enable the HTTPS service. The HTTPS service is disabled by default. Port Numbe

151 Diagnostic tools Overview Ping You can use the ping function to check whether a device with a specified address is reachable, and to examine netw

152 Ping operation IPv4 ping operation 1. Select Diagnostic Tools > Ping from the navigation tree to enter the IPv4 Ping configuration page. 2.

153 Figure 157 IPv4 ping operation results IPv6 ping operation 1. Select Diagnostic Tools > Ping from the navigation tree. 2. Enter the IPv6 p

154 Figure 158 IPv6 ping 4. Enter the IPv6 address or host name of the destination device in the Destination IP address or host name field. 5. Se

155 Figure 159 IPv6 ping operation results Trace route operation NOTE: • The web interface does not support trace route on IPv6 addresses. • B

156 Figure 160 Trace Route configuration page 3. Enter the destination IP address or host name. 4. Click Start to execute the trace route command

4 Figure 2 Basic configuration page 2. Configure the parameters as described in Table 3. Table 3 Configuration items Item Description System Name

157 Web overview The device provides web-based configuration interfaces for visual device management and maintenance. Figure 162 Web-based network ma

158 NOTE: • The PC where you configure the device is not necessarily the web-based network management terminal.A web-based network management term

159 • Title area—On the left, displays the path of the current configuration interface in the navigation area; on the right, provides the Save butto

160 Function menu Description User level Set idle timeout Display and configure the idle timeout period for a logged-in user. Configure Device Maint

161 Function menu Description User level Configure SNMP. Configure Loopback Test Perform the loopback test on Ethernet interfaces. Configure Networ

162 Function menu Description User level DNS Static Domain Name Resolution Display, create, modify, or delete a static host name-to-IP address mappi

163 Function menu Description User level Parameter Setting Display radio parameters. Monitor Configure radio parameters. Configure Channel Scan Di

164 Function menu Description User level Guest Display guest users' configuration information. Monitor Add, modify, and remove guest users. Ma

165 Function menu Description User level ACL IPv4 Display Display IPv4 ACL configuration information. Monitor Add Add an IPv4 ACL. Configure Bas

166 Function menu Description User level Add Add a class. Configure Setup Configure the classification rules for a class. Configure Delete Dele

5 Figure 3 Admin configuration page 2. Configure the parameters as described in Table 4. Table 4 Configuration items Item Description Password Sp

167 Common web interface elements Common buttons and icons Table 66 Common buttons and icons Button and icon Description Bring the configuration on

168 Figure 165 Content display by pages Searching function The web interface provides you with the basic and advanced searching functions to displa

169 Figure 167 Advanced search Take the ARP table shown in Figure 165 as an example. To search for the ARP entries with 000f at the beginning of th

170 Figure 169 Advanced search function example (II) Figure 170 Advanced search function example (III) Sorting function The web interface provide

171 Figure 171 Basic sorting function example (based on IP address in the descending order) Configuration guidelines • The web-based configuration

172 Troubleshooting web browser Failure to access the device through the web interface Symptom You can ping the device successfully, and log in to th

173 The dialog box Security Settings appears. 4. Enable these functions: Run ActiveX controls and plug-ins, script ActiveX controls marked safe for

174 Figure 174 Firefox web browser setting

175 Radio configuration Radio frequency (RF) refers to electrical signals that can be transferred over the space to a long distance. 802.11b/g in the

176 Item Description 802.11n IMPORTANT: The option is available only when the AP supports 802.11n and the radio mode is 802.11n. Bandwidth Mode 802.

6 Figure 4 IP configuration page 2. Configure the parameters as described in Table 5. Table 5 Configuration items Item Description IP Address Spec

177 4. Expand Advanced Setup. Figure 176 Radio setup (advanced setup) 5. Configure the radio as described in Table 68. 6. Click Apply. Table 68

178 Item Description Fragment Threshold Specify the maximum length of frames that can be transmitted without fragmentation. When the length of a fram

179 Item Description Short Retry Threshold Number of retransmission attempts for unicast frames smaller than the RTS/CTS threshold if no acknowledgme

180 Table 69 Configuration items Item Description 802.11a Configure rates (in Mbps) for 802.11a. By default: • Mandatory rates are 6, 12, and 24. •

181 MCS index Number of spatial streams Modulation Data rate (Mbps) 800ns GI 400ns GI 4 1 16-QAM 39.0 43.3 5 1 64-QAM 52.0 57.8 6 1 64-QAM 58.5 65

182 MCS index Number of spatial streams Modulation Data rate (Mbps) 800ns GI 400ns GI 11 2 16-QAM 108.0 120.0 12 2 16-QAM 162.0 180.0 13 2 64-QAM

183 Item Description Multicast MCS Set the multicast MCS for 802.11n. The multicast MCS is adopted only when all the clients use 802.11n. If a non 80

184 Figure 179 Setting channel calibration NOTE: When an AP uses the radio whose working channel is auto to establish a WDS link, the auto Dynami

185 Figure 180 Setting parameters 3. Configure calibration parameters as described in Table 74. 4. Click Apply. Table 74 Configuration items Item

186 Item Description 802.11g Protection Mode • RTS/CTS—Use RTS/CTS mode to implement 802.11g protection. Before sending data to a client, an AP send

Copyright © 2003-2013, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmi

7 Figure 5 Wireless configuration page 2. Configure the parameters as described in Table 6. Table 6 Configuration items Item Description Primary S

187 Figure 181 Setting channel scanning 3. Configure channel scanning as described in Table 75. Table 75 Configuration items Item Description Scan

188 Item Description 5GHz Excluded Channel/2.4GHz Excluded Channel To avoid selecting improper channels, you can exclude specific channels from autom

189 • Monitor mode As shown in Figure 183, when AP 2 operates in monitor mode, it monitors all devices in the WLAN through scanning 802.11 frames an

190 Figure 185 Setting AP operating mode 3. Configure the AP operating mode as described in Table 76. 4. Click Apply. Table 76 Configuration item

191 Figure 186 Displaying detection record NOTE: At present, APs, wireless bridges, clients, and ad hoc devices can be detected. Configuring the

192 Figure 188 Displaying history record NOTE: If an entry in the detection record is not refreshed within the aging time, it is deleted from the

193 AAA configuration The web interface supports configuring Internet Service Provider (ISP) domains and configuring AAA methods for ISP domains. AAA

194 Configuring AAA Configuration prerequisites • To deploy local authentication, configure local users on the access device as described in "U

195 Figure 191 Domain Setup page 2. Configure an ISP domain as described in Table 77. 3. Click Apply. Table 77 Configuration items Item Descripti

196 Figure 192 Authentication method configuration page 3. Configure authentication methods for different types of users in the domain, as describ

8 Figure 6 RADIUS configuration page 4. Configure the parameters as described in Table 7. Table 7 Configuration items Item Description Service Typ

197 Item Description Login AuthN Configure the authentication method and secondary authentication method for login users. Options include: • HWTACAC

198 Table 79 Configuration items Item Description Select an ISP domain Select the ISP domain for which you want to specify authentication methods. De

199 Configuring accounting methods for the domain 1. Select Authentication > AAA from the navigation tree. 2. Click the Accounting tab to enter

200 Item Description LAN-access Accounting Configure the accounting method and secondary accounting method for LAN access users. Options include: •

201 The local user management page appears. b. Click Add. c. Enter telnet as the username. d. Enter abcd as the password. e. Enter abcd again to

202 Figure 197 Configure ISP domain test 3. Configure the ISP domain to use local authentication for login users: a. Select Authentication > A

203 4. Configure the ISP domain to use local authorization for login users: a. Select Authentication > AAA from the navigation tree. b. Click t

204 RADIUS configuration RADIUS overview The Remote Authentication Dial-In User Service (RADIUS) protocol is the most commonly used protocol for impl

205 Figure 201 RADIUS scheme configuration page 3. Enter a scheme name. 4. Select a server type and a username format. Table 81 Configuration ite

206 Figure 202 Common configuration area 6. Configure the advanced parameters.

9 Encryption configuration Select the Encrypt box on the wireless configuration page to enter the encryption configuration page shown in Figure 7. Fi

207 Table 82 Configuration items Item Description Authentication Key Set the shared key for RADIUS authentication packets and that for RADIUS account

208 Item Description Realtime Accounting Interval Set the interval for sending real-time accounting information. The interval must be a multiple of 3

209 Item Description Send accounting-on packets Enable or disable the accounting-on feature. The accounting-on feature enables a device to send accou

210 Item Description Key Specify the shared key for communication with the RADIUS server. If no shared key is specified here, the shared key specifie

211 h. Select the AP from the device list or manually add the AP (with the IP address 10.1.1.2). NOTE: The IP address of the added access device

212 Figure 206 Device management user configuration page Configuring the AP 1. Configure the RADIUS scheme system: a. Select Authentication >

213 Figure 207 RADIUS authentication server configuration page f. In the RADIUS Server Configuration area, click Add to enter the RADIUS server co

214 Figure 209 RADIUS scheme configuration 2. Create the ISP domain bbb: a. From the navigation tree, select Authentication > AAA. The domain

215 Figure 210 Create an ISP domain 3. Configure an authentication method for the ISP domain: a. Click the Authentication tab. b. Select the do

216 4. Configure an authorization method for the ISP domain: a. Click the Authorization tab. b. Select the domain name bbb. c. Select the Defaul

10 Item Description Key ID Select the WEP key index, which can be 1, 2, 3, or 4. Each number represents one of the four static keys of WEP. The selec

217 Figure 213 Configure an accounting method for the ISP domain 6. Enable the Telnet service: a. From the navigation tree, select Network > S

218 • If you remove the accounting server used for online users, the device cannot send real-time accounting requests and stop-accounting messages f

219 HWTACACS configuration HWTACACS overview HW Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on

220 Step Remarks 3. Configuring HWTACACS parameters Optional. This section describes how to configure the parameters that are necessary for informat

221 Table 85 Configuration items Configuration item Description Server Type Select the type of the server to be configured, which can be Authenticat

222 Figure 217 HWTACACS parameter configuration 3. Configure HWTACACS parameters as described in Table 86. 4. Click Apply. Table 86 Configuration

223 Item Description Stop-Accounting Buffer Enable or disable buffering stop-accounting requests without responses in the device. Since stop-accounti

224 Item Description Unit of Packets Specify the unit for data packets sent to the HWTACACS server for traffic accounting. Options include: • packet

225 Figure 219 Create an HWTACACS scheme 2. Configure the HWTACACS authentication server: a. Select Authentication Server as the server type. b.

226 b. Click the Parameter Configuration tab. c. Select the username format without-domain. d. Click Apply. Figure 221 Configure the parameters fo

11 Item Description Preshared Key Type • pass-phrase—Enter a PSK in the form of a character string. You should enter a string that can be displayed

227 Figure 222 Create an ISP domain 7. Configure an authentication method for the ISP domain: a. Click the Authentication tab. b. Select the do

228 8. Configure an authorization method for the ISP domain: a. Click the Authorization tab. b. Select the domain name test. c. Select the Defau

229 Figure 225 Configure an accounting method for the ISP domain 10. Log in to the CLI, enable Telnet service, and configure the AP to use AAA for

230 Number of users Real-time accounting interval (in minutes) 500 to 999 12 ≥1000 ≥15

231 User configuration User overview This module allows you to configure local users, user groups, and guests. Local user A local user is an account

232 Figure 226 Local user list 2. Click Add. The local user configuration page appears. On this page, you can create a local user of any type exce

233 Item Description Password Specify a password for the local user and confirm the password. The two passwords must be identical. IMPORTANT: Leadi

234 Item Description ACL Specify the ACL to be used by the access device to restrict the access of the local user after the user passes authenticatio

235 Table 89 Configuration items Item Description Group-name Specify a name for the user group. Level Select an authorization level for the user gro

236 3. Click Add to enter the guest configuration page. Figure 231 Guest configuration page 4. Configure a single guest or a batch of guests as d

12 Configuration summary 1. On the radio configuration page, click Next. The configuration summary page appears, displaying all configurations you h

237 Procedure for a guest administrator to configure a guest NOTE: Guest administrators can manage only guest accounts and can only manage guest ac

238 Certificate management PKI overview The Public Key Infrastructure (PKI) is a general security infrastructure for providing information security t

239 You can specify the PKI certificate request mode for a PKI domain. Different PKI certificate request modes require different configurations. Reco

240 Step Remarks 5. Requesting a local certificate Required. When requesting a certificate, an entity introduces itself to the CA by providing its i

241 Step Remarks 2. Creating a PKI domain Required. Create a PKI domain, setting the certificate request mode to Auto. Before requesting a PKI certi

242 Figure 235 PKI entity configuration page 3. Configure the parameters as described Table 91. 4. Click Apply. Table 91 Configuration items Item

243 2. Click the Domain tab to enter the page displaying existing PKI domains. Figure 236 PKI domain list 3. Click Add to enter the PKI domain c

244 Item Description Institution Select the authority for certificate request. • CA—Indicates that the entity requests a certificate from a CA. • R

245 Item Description CRL Update PeriodCRL update period, that is, the interval at which the PKI entity downloads the latest CRLs. This item is availa

246 Destroying the RSA key pair 1. Select Authentication > Certificate Management from the navigation tree. 2. Click the Certificate tab to ente

13 • The AP provides a plain-text wireless service with SSID service. • 802.11n (2.4 GHz) is adopted to inter-work with the existing 802.11g networ

247 Item Description Enable Offline Mode Click this box to retrieve a certificate in offline mode (that is, by an out-of-band means like FTP, disk, o

248 2. Click the Certificate tab to enter the page displaying existing PKI certificates. 3. Click Request Cert to enter the local certificate requ

249 2. Select the CRL tab to enter the page displaying CRLs. Figure 245 CRL page 3. Click Retrieve CRL to retrieve the CRL of a domain. 4. Click

250 Figure 247 Network diagram Configuring the CA server 1. Create a CA server named myca. In this example, you must first configure the basic att

251 Figure 248 Configure a PKI entity 2. Create a PKI domain. a. Click the Domain tab b. Click Add. c. Enter torsa as the PKI domain name. d.

252 Figure 249 Configure a PKI domain 3. Generate an RSA key pair. a. Click the Certificate tab. b. Click Create Key. c. Enter 1024 as the key

253 e. Click Apply. Figure 251 Retrieve the CA certificate 5. Request a local certificate. a. Click the Certificate tab. b. Click Request Cert.

254 Verifying the configuration After the configuration, select Authentication > Certificate Management > Certificate from the navigation tree

255 Wireless service Wireless Local Area Networks (WLAN) have become very popular because they are very easy to setup and use, and low cost. Generall

256 Figure 254 Establish a client access Scanning A wireless client can get the surrounding wireless network information in two ways, passive scann

14 Figure 13 Radio configuration page 3. Check and apply the configurations: Click Next to enter the configuration summary page. If you want to m

257 A client sends a probe request (with a specified SSID): When the wireless client is configured to access a specific wireless network or has alrea

258 Figure 258 Open system authentication process • Shared key authentication Figure 259 shows a shared key authentication process. The two partie

259 • Receiving a data frame from a client which is unauthenticated. • Receiving a PS-poll frame from a client which is unauthenticated. 2. Dissoc

260 CTR with CBC-MAC protocol (CCMP) is based on the CCM of the AES encryption algorithm. CCM combines CTR for confidentiality and CBC-MAC for authen

261 Figure 260 Local MAC authentication • Remote MAC authentication: Remote Authentication Dial-In User Service (RADIUS) based MAC authentication.

262 802.11n As the next generation wireless LAN technology, 802.11n supports both 2.4GHz and 5GHz bands. It provides higher throughput to customers b

263 Point to point bridge connection In this network, WDS uses two devices to form a bridge between two LANs, and interconnect the two LANs. In actua

264 Figure 264 Self topology detection and bridging Repeater mode overview An AP acting as a repeater can set up a link with another AP through a W

265 Figure 266 Network diagram LAN Segment

266 Configuring wireless service Configuring access service Recommended configuration procedure Step Remarks 1. Creating a wireless service Requir

15 Figure 14 Network diagram Configuring the AP 1. Perform basic configurations: From the navigation tree, select Quick Start to enter the home pa

267 Figure 268 Create a wireless service 3. Configure the wireless service as described in Table 95. 4. Click Apply. Table 95 Configuration items

268 Figure 269 Configure clear type wireless service 3. Configure the basic settings for the clear type wireless service as described in Table 96.

269 Figure 270 Advanced settings for the clear type wireless service 3. Configure the advanced settings for the clear type wireless service as des

270 Figure 271 Security settings for the clear type wireless service 3. Configure the security settings for the clear type wireless service as des

271 Item Description Port Mode • mac-authentication—Perform MAC address authentication on users. • mac-else-userlogin-secure—This mode is the combi

272 Figure 272 mac-authentication port security configuration page Table 99 Configuration items Item Description Port Mode mac-authentication—MAC-b

273 Figure 273 userlogin-secure/userlogin-secure-ext port security configuration page (userlogin-secure is taken for example) Table 100 Configurati

274 Item Description Handshake • Enable—Enable the online user handshake function so that the device can periodically send handshake messages to a u

275 Table 101 Configuration items Item Description Port Mode • mac-else-userlogin-secure—This mode is the combination of the mac-authentication and

276 Item Description Multicast Trigger • Enable—Enable the multicast trigger function of 802.1X to send multicast trigger messages to the clients per

16 Figure 16 Encryption configuration page e. Click Next to enter the radio configuration page. f. To perform radio configuration:  Select th

277 2. Click the icon corresponding to the target crypto type wireless service. The page for configuring advanced settings for the crypto type wir

278 Item Description Management Right Web interface management right of online clients. • Disable—Disable the web interface management right of onlin

279 Figure 277 Security settings for the crypto type wireless service 3. Configure the security settings for the crypto type wireless service as d

280 Item Description Security IE Wireless service type (IE information carried in the beacon or probe response frame): • WPA—Wi-Fi Protected Access.

281 Item Description Port Security See Table 98. Parameters such as authentication type and encryption type determine the port mode. For more informa

282 Item Description Domain Select an existing domain from the list. The default domain is system. To create a domain, select Authentication > AA

283 Security parameter dependencies For a clear-type wireless service or crypto-type wireless service, the security parameter dependencies are descri

284 Binding an AP radio to a wireless service 1. Select Wireless Service > Access Service from the navigation tree. 2. Click the Bind link of th

285 Configuring WDS service Configuring WDS service 1. Select Wireless Service > WDS from the navigation tree. 2. Click the WDS Setup tab to ent

286 Configuring a neighbor MAC address NOTE: If no neighbor MAC address is configured for an AP, the AP can establish a WDS link with any other AP

Preface The H3C WA Series Access Points Web-based Configuration Guide describes the web functions of the WA series, such as quick start, Web overview,

17 Click Next to enter the configuration summary page. If you want to modify certain configurations, click Back to return to the previous pages; if

287 Figure 285 Configure advanced WDS 4. Configure advanced WDS settings as described in Table 108. 5. Click Apply. Table 108 Configuration items

288 Item Description STP The following loop types may exist in a WDS network: . .When a loop exists in the network, you can block redundant link

289 Item Description VLAN (Tagged) Enter the ID of the VLAN whose packets are to be sent tagged. VLAN (Tagged) indicates that the port sends the traf

290 NOTE: • A radio enabled with auto DFS and WDS works in a non-radar channel. • When you select auto-DFS, if no WDS link is established, a temp

291 Figure 288 Repeater mode Configuring the workgroup bridge Enabling the client mode 1. Select Wireless Service > Client Mode from the naviga

292 With the client mode enabled, you can check the existing wireless services in the wireless service list. Figure 290 Check the wireless service l

293 Item Remarks CipherSuit Set the data encryption mode, which can be: • Clear—No encryption • WEP—WEP encryption • TKIP/AES-CCMP—TKIP/AES-CCMP e

294 Figure 293 Display statistics Wireless access configuration examples Wireless service configuration example Network requirements As shown in Fi

295 3. Bind an AP radio to a wireless service a. Select Wireless Service > Access Service from the navigation tree. b. Click the Bind link at t

296 Figure 298 Enable 802.11n radio Verifying the configuration • The client can successfully associate with the AP and access the WLAN network. •

18 Figure 19 Wireless configuration page c. Click Next to enter the encryption configuration page. d. To perform encryption configuration:  S

297 Figure 300 Network diagram Configuring the AP 1. Configure the fat AP interface: a. Assign an IP address to the fat AP:  Select Network >

298 b. Click Add. c. On the page that appears, enter the service name office, select the wireless service type clear, and click Apply. d. On the p

299 Figure 304 Network diagram Configuring the AP 1. Assign an IP address to the fat AP: a. Select Network > VLAN to create a VLAN on the fat

300 Figure 306 Security setup 4. Bind an AP radio to a wireless service a. Select Wireless Service > Access Service from the navigation tree.

301 Figure 308 Enable the wireless service 6. Enable 802.11n radio (By default, 802.11n radio is enabled. Therefore, this step is optional. ) Sele

302 Figure 309 Configure the client The client has the same preshared PSK key as the AP, so the client can associate with the AP.

303 Figure 310 The client is associated with the AP Verifying the configuration • The same PSK pre-shared key is configured on the client. The cli

304 b. Select Device > Interface Management to assign an IP address to the VLAN interface. 2. Configure a wireless service: a. Select Wireless

305 Figure 313 Security setup 4. Bind an AP radio to a wireless service a. Select Wireless Service > Access Service from the navigation tree.

306 b. Select the mac-auth box. c. Click Enable. Figure 315 Enable the wireless service 6. Configure a MAC authentication list a. Select Wirele

19  Use default settings for other parameters. g. Click Next. Figure 21 Radio configuration page 3. Check and apply the configurations: Click

307 Figure 317 Configure the client Verifying the configuration • If the MAC address of the client is in the MAC authentication list, the client c

308 • The IP address of the AP is 10.18.1.1. On the AP, configure the shared key for communication with the RADIUS server as expert, and configure t

309 b. Optional: On the Domain Setup tab, create a new ISP domain. This example uses the default domain system. c. On the Authentication tab, sele

310 Figure 322 Configure the AAA accounting method for the ISP domain 4. Configure wireless service a. Select Wireless Service > Access Servic

311 Figure 324 Security setup 6. Bind an AP radio to a wireless service a. Select Wireless Service > Access Service from the navigation tree.

312 Figure 326 Enable the wireless service 8. Optional: Enable 802.11n radio (By default, 802.11n radio is enabled.) Select Radio > Radio from

313 Figure 327 Add access device 2. Add service. a. Select the Service tab. b. Select Access Service > Access Device from the navigation tree

314 Figure 329 Add account Configuring the RADIUS server (iMC v5) NOTE: The following takes the iMC (iMC PLAT 5.0 and iMC UAM 5.0) as an example

315 b. Select User Access Manager > Service Configuration from the navigation tree. c. Click Add. d. On the page that appears, set the service

316 Remote 802.1X authentication configuration example Network requirements Perform remote 802.1X authentication on the client. • A RADIUS server (a

20 Summary Device information You can view the following information on the Device Info menu: • Device information • System resource state • Devic

317 Figure 334 Configure RADIUS 3. Configure AAA a. Select Authentication > AAA from the navigation tree. b. Optional: On the Domain Setup ta

318 Figure 336 Configure the AAA authorization method for the ISP domain e. On the Accounting tab, select the ISP domain name system, select the A

319 Figure 338 Create a wireless service 5. Configure 802.1X authentication After you create a wireless service, you enter the wireless service co

320 b. Click the Bind link at the right side of the wireless service mac-auth to enter the page as shown in Figure 340. c. Select the box with radi

321 d. On the page that appears, enter the shared key expert, enter the authentication and accounting ports 1812 and 1813, select LAN Access Service

322 Figure 343 Add service 3. Add account. a. Select the User tab. b. Select User > All Access Users from the navigation tree. c. Click Add.

323 Configuring the RADIUS server (iMC v5) NOTE: The following takes the iMC (iMC PLAT 5.0 and iMC UAM 5.0) as an example to illustrate the basic

324 Figure 346 Add a service 3. Add an account. a. Select the User tab. b. Select User > All Access Users from the navigation tree. c. Clic

325 3. On the Wireless Networks tab, select wireless network with the SSID dot1x, and then click Properties. The dot1x Properties window appears. 4.

326 Figure 348 Configure the wireless card (I)

21 Select a refresh mode in the Refresh Period list. • If you select a specific refresh period (for example, 1 minute), the system periodically refr

327 Figure 349 Configure the wireless card (II)

328 Figure 350 Configure the wireless card (III) Verifying the configuration • After entering the username user and password dot1x in the popup di

329 Figure 351 Network diagram Configuring the AP 1. Assign an IP address to the fat AP: a. Select Network > VLAN to create a VLAN on the fat

330 g. Disable Handshake and Multicast Trigger (recommended). h. Click Apply. Figure 353 Security setup 6. Bind an AP radio to a wireless servic

331 Figure 355 Enable the wireless service 8. Optional: Enable 802.11n radio (802.11n radio is enabled by default.). Select Radio > Radio from

332 Figure 356 Configure the wireless card (I) 4. On the Authentication tab, select Protected EAP (PEAP) from the EAP type list, and click Propert

333 Figure 357 Configure the wireless card (II)

334 Figure 358 Configure the wireless card (III) Verifying the configuration • After the user enters the username user and password dot1x in the p

335 Configuring the AP 1. Assign an IP address to the fat AP: a. Select Network > VLAN to create a VLAN on the fat AP. b. Select Device > I

336 Figure 362 Enable the wireless service 5. Enable 802.11n(2.4GHz) radio (By default, 802.11n(2.4GHz) radio is enabled.) Select Radio > Radi

22 Item Description Status Display interface status. • —The interface is up and is connected. • —The interface is up, but not connected. • —The in

337 Configuration guidelines Note the following guidelines when you configure 802.11n: • Select Radio > Radio from the navigation tree, select th

338 Figure 366 WDS setup page b. Click the corresponding icon of the target radio unit. c. On the page that appears, select the Pass Phrase box

339 Figure 368 Configure the working channel 4. Enable 802.11n(5GHz) radio (By default, 802.11n(5GHz) is enabled.). Select Radio > Radio from t

340 Figure 370 The page displaying WDS information Configuration guidelines The output information of a WDS link includes: neighbor MAC address, lo

341 Configuration guidelines Note the following guidelines when you configure WDS: • Configure a neighbor MAC address for each radio interface (othe

342 Figure 373 WDS setup page b. Click the icon in the Operation column of the target 802.11n (2.4GHz) radio mode. c. Select the Pass Phrase bo

343 Figure 375 Configure the same channel 3. Enable 802.11n (2.4GHz) radio (By default, 802.11n (2.4GHz) is enabled.). Select Radio > Radio fr

344 Figure 377 Configure the access service NOTE: When you configure access service on the repeater, make sure the radio mode of the repeater is

345 Figure 379 The page displaying radio information Workgroup bridge mode configuration example Network requirements As shown in Figure 380, an AP

346 a. Select Wireless Service > Client Mode from the navigation tree. b. Click Connect Setup. c. On the page that appears, select the box corr

23 Figure 23 Displaying detailed information about WLAN service (clear type) Table 15 Field description Field Description Service Template Number

347 Figure 383 SET CODE Verifying the configuration On the AP shown in Figure 380, select Summary > Client from the navigation tree to enter the

348 NOTE: To configure VLAN information about the WLAN uplink interface of the workgroup bridge, make sure theVLAN ID of the WLAN uplink interface

349 Configuring ACL and QoS NOTE: Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document. Overview Introduction

350 QoS refers to the ability to provide improved service by solving the core issues such as delay, jitter, and packet loss ratio in the packet forwa

351 Step Remarks 3. Configuring a rule for a basic IPv4 ACL Required. Complete one of the three steps according to the ACL category. 4. Configurin

352 Figure 386 Adding a time range 3. Configure the time range information. 4. Click Apply. Table 111 Configuration items Item Description Time

353 2. Click the Add tab to enter the IPv4 ACL adding page. Figure 387 Adding an IPv4 ACL 3. Configure the IPv4 ACL information as described in T

354 Figure 388 Configuring an basic IPv4 ACL 3. Configure a basic IPv4 ACL as described in Table 113. 4. Click Add. Table 113 Configuration item

355 Item Description Check Logging Select this option to log matching IPv4 packets. A log entry contains the ACL rule number, action on the matching

356 Figure 389 Configuring an advanced IPv4 ACL 3. Configure an advanced IPv4 ACL rule as described in Table 114. 4. Click Add. Table 114 Config

24 Figure 24 Displaying detailed information about WLAN service (crypto type) Table 16 Field description Field Description Service Template Number

357 Item Description Rule ID Select the Rule ID option and enter a number for the rule. If you do not specify the rule number, the system assigns on

358 Item Description TCP/UDP Port TCP Connection Established Select this option to make the rule match packets used for establishing and maintaining

359 Figure 390 Configuring a rule for an Ethernet frame header ACL 3. Configure an Ethernet frame header IPv4 ACL rule as described in Table 115.

360 Item Description MAC Address Filter Source MAC Address Select the Source MAC Address option and enter a source MAC address and wildcard. Source

361 Figure 391 Adding an IPv6 ACL 3. Configure the IPv6 ACL information as described in Table 116. 4. Click Apply. Table 116 Configuration items

362 Figure 392 Configuring a rule for a basic IPv6 ACL 3. Configure the basic IPv6 ACL rule information as described in Table 117. 4. Click Add.

363 Item Description Source IP Address Select the Source IP Address option and enter a source IPv6 address and prefix length. The IPv6 address must

364 4. Click Add. Table 118 Configuration items Item Description Select Access Control List (ACL) Select the advanced IPv6 ACL for which you want t

365 Item Description TCP/UDP Port Source Operation Select the operations and enter the source port numbers and destination port numbers as required.

366 Figure 394 Configuring priority trust mode 2. Configure the priority trust mode of the interfaces as described in Table 119. 3. Click Apply.

25 Field Description Maximum clients per BSS Maximum number of associated clients per BSS. Displaying statistics of WLAN service Figure 25 Displayi

367 Item Description (Select the ports) Specify the ports to be configured. Click the ports to be configured in the port list. You can select one or

368 Step Remarks 6. Configuring classifier-behavior associations for the policy Required. Associate a traffic behavior with a class in the QoS poli

369 Item Description Operation Specify the logical relationship between rules of the classifier. • And—Specifies the relationship between the rules

370 Figure 396 Configuring classification rules 3. Configuration classification rules as described in Table 121. 4. Click Apply. A progress dial

371 Item Description DSCP Define a rule to match DSCP values. If multiple such rules are configured for a class, the new configuration does not over

372 Item Description MAC Source MAC Define a rule to match a source MAC address. If multiple such rules are configured for a class, the new configur

373 Figure 397 Adding a traffic behavior Configuring actions for a traffic behavior 1. Select QoS > Behavior from the navigation tree. 2. Clic

374 Figure 398 Setting a traffic behavior 3. Configure the traffic behavior actions as described in Table 122. 4. Click Apply. A progress dialog

375 Item Description CAR Enable/Disable Enable or disable CAR. CIR Set the committed information rate (CIR), the average traffic rate. CBS Set the

376 Item Description Filter Configure the packet filtering action. After selecting the Filter option, select one item in the following list: • Perm

26 Displaying radio Displaying WLAN services bound to a radio Select Summary > Radio from the navigation tree, click the specified radio unit, and

377 Figure 400 Setting a policy 3. Configure classifier-behavior associations as described in Table 123. 4. Click Apply. Table 123 Configuration

378 Figure 401 Applying a policy to a port 3. Select a policy and apply the policy to the specified ports as described in Table 124. 4. Click Ap

379 Figure 402 Service policy 2. Click the icon for a wireless service to enter the service policy setup page. Figure 403 Service policy setup

380 Item Remarks Inbound Policy Apply the QoS policy to the packets received by the wireless service. Outbound Policy Apply the QoS policy to the p

381 Figure 405 Defining a time range covering 8:00 to 18:00 every day 2. Add an advanced IPv4 ACL: a. Select QoS > ACL IPv4 from the navigatio

382 Figure 406 Adding an advanced IPv4 ACL 3. Define an ACL rule for traffic to the FTP server: a. Click the Advanced Setup tab. b. Select 3000

383 Figure 407 Defining an ACL rule for traffic to the FTP server 4. Add a class: a. Select QoS > Classifier from the navigation tree. b. Cli

384 Figure 408 Adding a class 5. Define classification rules. a. Click the Setup tab. b. elect the class name class1 in the list. Select the AC

385 Figure 409 Defining classification rules 6. Add a traffic behavior: a. Select QoS > Behavior from the navigation tree. b. Click the Add t

386 Figure 410 Adding a traffic behavior 7. Configure actions for the traffic behavior: a. Click the Setup tab. b. elect behavior1 in the list.

Symbols Convention Description WARNING An alert that calls attention to important information that if not understood or followed can result in person

27 Figure 28 Displaying detailed radio information Table 17 Field description Field Description WLAN-Radio1/0/1 current state Link state of WLAN-

387 Figure 411 Configuring actions for the behavior 8. Add a policy: a. Select QoS > QoS Policy from the navigation tree. b. Click the Add ta

388 Figure 412 Adding a policy 9. Configure classifier-behavior associations for the policy. a. Click the Setup tab. b. Select policy1. Select

389 Figure 414 Applying the QoS policy in the inbound direction of wireless service service1 Verifying the configuration After you complete these c

390 Configuring wireless QoS Overview An 802.11 network offers wireless access based on the carrier sense multiple access with collision avoidance (C

391 WMM protocol overview The distributed coordination function (DCF) in 802.11 stipulates that access points (APs) and clients use the CSMA/CA acces

392 To use a high-priority access category, a client must send a request to the AP. The AP returns a positive or negative response based on either of

393 Figure 416 Wireless QoS 2. Select the option in front of the radio unit to be configured. 3. Click Enable. By default, WMM is enabled. NO

394 3. Configure SVP mapping as described in Table 126. 4. Click Apply. Table 126 Configuration items Item Description Radio Displays the selecte

395 By default, the QoS Service tab is displayed. 2. Click the icon for the desired radio to enter the page for configuring wireless QoS. 3. On

396 Setting EDCA parameters for wireless clients 1. Select QoS > Wireless QoS from the navigation tree. By default, the QoS Service tab is displ

28 Field Description HT protection mode 802.11n protection modes: • no protection mode(0)—The clients associated with the AP, and the wireless devic

397 NOTE: • ECWmin cannot be greater than ECWmax. • If all clients operate in 802.11b radio mode, set TXOPLimit to 188 and 102 for AC-VI and AC-V

398 Field Description Radio chip max TXOPLimit Maximum TXOPLimit allowed by the radio chip. Radio chip max ECWmax Maximum ECWmax allowed by the ra

399 Displaying client statistics 1. Select QoS > Wireless QoS from the navigation tree. 2. Click the Client Statistics tab to enter the page di

400 Field Description Downlink CAC packets Number of downlink CAC packets. Downlink CAC bytes Number of downlink CAC bytes. Downgrade packets Num

401 Item Description Direction Traffic direction, which can be: • Inbound—Traffic from clients to the AP. • Outbound—Traffic from the AP to clients

402 Figure 425 Setting the reference radio bandwidth 3. Set the reference radio bandwidth as described in Table 135. 4. Click Apply. Table 135 Co

403 Figure 426 Setting guaranteed bandwidth 2. Set the guaranteed bandwidth as described in Table 136. 3. Click Apply. Table 136 Configuration

404 Displaying guaranteed bandwidth settings 1. Select QoS > Wireless QoS from the navigation tree. 2. Click the Bandwidth Guarantee tab. 3.

405 b. Make sure that WMM is enabled. Figure 430 Wireless QoS configuration page c. Select the radio unit to be configured on the list and click

406 maximum number of users allowed in high-priority access categories, which is 10 in this example, the request is allowed. The system decreases the

29 Field Description Output: 3436 packets, 492500 bytes : 3016 unicasts, 424408 bytes : 320 multicasts/broadcasts, 42994 bytes :

407 • Check that traffic from Client1 is rate limited to around 128 kbps, so is traffic from Client2. Dynamic rate limiting configuration example Ne

408 1. When only Client1 accesses the WLAN through SSID service2, its traffic can pass through at a rate as high as 8000 kbps. 2. When both Client1

409 Figure 438 Setting the reference radio bandwidth e. Click the icon for 802.11a to enter the page for setting guaranteed bandwidth. f. Set t

410 Verifying the configuration • Send traffic from the AP to the three clients at a rate lower than 10000 kbps. The rate of traffic from the AP to

411 Advanced settings Advanced settings overview District code Radio frequencies for countries and regions vary based on country regulations. A distr

412 Figure 442 Network diagram for uplink interface monitoring (a radio interface acts as the uplink interface) Channel busy test The channel busy

413 Figure 443 Multicast data transmission when multicast optimization is enabled With multicast optimization enabled, the AP listens to the IGMP r

414 Figure 444 Setting a district code 2. Configure a district code as described in Table 137. 3. Click Apply. Table 137 Configuration items Item

415 Figure 446 Configuring continuous transmitting mode 2. Click the icon corresponding to the target radio to enter the page for configuring tr

416 Configuring uplink interface monitoring 1. Select Advanced > Uplink Monitor from the navigation tree. Figure 449 Configuring uplink interface

30 Field Description Signal Quality —If the signal strength indicator is represented by no signal bar, it indicates that RSSI=0. —If the signal stren

417 Figure 451 Testing channel busy rate 3. Configure channel busy test as described in Table 139. 4. Click Start. Table 139 Configuration items

418 • The fast association function is disabled. By default, the fast association function is disabled. For more information about fast association,

419 Item Description Max Denial Count Maximum denial count of client association requests. If a client has been denied more than the maximum times on

420 Table 141 Configuration items Item Description Aging Time Specify the aging time for multicast optimization entries. If the AP does not receive a

421 Table 142 Field description Field Description Total Clients Total number of clients served by multicast optimization. If a client joins multiple

422 1. Configure wireless service: a. Select Wireless Service > Access Service from the navigation tree. b. Click Add. c. On the page that app

423 Figure 457 Configuring band navigation Verifying the configuration Client 1 and Client 2 are associated to the 5 GHz radio of the AP, and Clien

424 3. Click Apply. 4. Select the target wireless service. 5. Click Enable. Figure 459 Configuring multicast optimization Verifying the configur

425 WLAN security configuration WLAN security overview 802.11 networks are susceptible to a wide array of threats such as unauthorized access points

426 At present, spoofing attack detection counters this type of attack by detecting broadcast de-authentication and disassociation frames sent on beh

31 Table 19 Field description Field Description MAC Address MAC address of the client. AID Association ID of the client. User Name Username of the

427 Figure 460 Configuring WIDS 2. Configure WIDS as described in Table 143. 3. Click Apply. Table 143 Configuration items Item Description Floo

428 Figure 462 Displaying statistics Configuring the blacklist and white list functions Configuring dynamic blacklist 1. Select Security > Filt

429 NOTE: At present, these attacks can be detected through a dynamic blacklist: Assoc-Flood, Reassoc-Flood, Disassoc-Flood, ProbeReq-Flood, Action

430 Figure 465 Configuring white list 4. Add a white list as described in Table 146. 5. Click Apply. Table 146 Configuration items Item Descripti

431 User isolation If an AP has the user isolation feature enabled, clients associated with it are isolated at Layer 2. As shown in Figure 466, after

432 Index A B C D E F H I L M O P Q R S T U V W A AAA configuration example,200 AAA overview,193 Access service,255 ACL/QoS configuration example,38

433 Creating an IPv4 static route,115 Creating an IPv6 static route,118 D Device information,20 DHCP server configuration example,13 0 Diagnostic

434 Recommended configuration procedure,133 Recommended configuration procedure,106 Recommended configuration procedure,124 Removing a file,51 Rem

32 Field Description Client Type Client type such as WPA2 (RSN), WPA, or Pre-RSN. Authentication Method Authentication method such as open system o

33 Figure 31 Displaying client statistics NOTE: To view the IP address of the client, enable the ARP snooping function in system view through com

34 Displaying RF ping information Radio Frequency Ping (RF Ping) is a ping function performed on wireless links. This function enables you to get the

35 Device basic information configuration The device basic information feature provides you the following functions: • Set the system name of the de

36 Figure 34 Configuring web idle timeout period 3. Set the web idle timeout period for a logged-in user. 4. Click Apply.

Category Documents Purposes your AP. Configuration guides Describe software features and configuration procedures. Command references Provide a qui

37 Device maintenance configuration Software upgrade A boot file, also known as the system software or device software, is an application file used t

38 Item Description File Type Specify the type of the boot file for the next boot: • Main—Boots the device. • Backup—Boots the device when the main

39  If you have selected the box before "Check configuration with next startup configuration file", the system checks the configuration b

40 NOTE: • The generation of the diagnostic file will take a period of time. During this process, do not perform anyoperation on the web page. •

41 System time configuration You must configure a correct system time so that the device can work with other devices properly. The device supports se

42 Configuring the system time 1. Select Device > System Time from the navigation tree. The calendar page appears. Figure 40 Calendar page 2.

43 Log management configuration System logs contain a large amount of network and device information, including running status and configuration chan

44 TIP: • You can click Reset to clear all system logs saved in the log buffer on the web interface. • You can click Refresh to manually refresh t

45 Figure 42 Set loghost 3. Configure the log host as described in Table 26. 4. Click Apply. Table 26 Configuration item Item Description Loghost

46 Figure 43 Syslog configuration page 3. Configure buffer capacity and refresh interval as described in Table 27. 4. Click Apply. Table 27 Confi

i Contents About the WA series access points Web-based configuration guide ····································································· 1App

47 Configuration management Backing up configuration NOTE: When backing up a configuration file, back up the configuration file with the extension

48 The page for restoring configuration appears. Figure 45 Configuration restore page 3. Click the upper Browse button. The file upload dialog box

49 Figure 46 Save configuration confirmation Common 1. Select Device > Configuration from the navigation tree. 2. Click the Save tab. The page

50 File management configuration The device saves useful files (such as host software, configuration file) into the storage device, and the system pr

51 The File Download dialog box appears. You can select to open the file or to save the file to a specified path. Uploading a file NOTE: Uploading

52 Interface management configuration NOTE: Support for interface types varies with device models. An interface is the point of interaction or c

53 Figure 49 Interface management page 2. Click an interface name in the Name column to display the statistics of that interface. The page for dis

54 Creating an interface 1. Select Device > Interface from the navigation tree The page in Figure 49 appears. 2. Click Add. The page for creatin

55 Item Description VID This parameter is available only for Layer 3 Ethernet subinterfaces. If you are creating a Layer 3 Ethernet subinterface, se

56 Item Description IPv6 Config Set the way for the interface to obtain an IPv6 link-local address, including: • None: Select this option if you do n

ii Log management configuration ······················································································································

57 Table 29 Configuration items Item Description Port State Enables or disables the interface. In some cases, modification to the interface parameter

58 Item Description MDI Set the Medium Dependent Interface (MDI) mode for the interface. Two types of Ethernet cables can be used to connect Ethernet

59 Item Description Multicast Suppression Set multicast suppression. You can suppress multicast traffic by percentage or by PPS as follows: • ratio:

60 Figure 53 Modify a Layer 3 physical interface 3. Modify the information about the Layer 3 interface. The configuration items of modifying the L

61 Item Description Interface Status Display and set the interface status. • The display of Connected indicates that the current status of the inter

62 Figure 55 Create VLAN-interface 100 c. Select Vlan-interface from the Interface Name list, enter the interface ID 100, select the Static Addres

63 TR-069 configuration TR-069 is a technology specification initiated and developed by the Digital Subscriber's Line (DSL) Forum. It defines th

64 1. Select Device > TR-069 from the navigation tree. The TR-069 configuration page appears. Figure 57 TR-069 configuration page 2. Configure

65 Configuration guidelines When you configure TR-069, follow these guidelines: • TR-069 configuration through ACS is of higher priority than that t

66 User management configuration In the user management part, you can perform the following configuration: • Create a local user, and set the passwo

iii VLAN configuration ·······························································································································

67 Item Description Access Level Set the access level for a user. Users of different levels can perform different operations. Web user levels, from l

68 Table 34 Configuration items Item Description Create/Remove Set the operation type: • Create: Configure or modify the super password. • Remove:

69 SNMP configuration SNMP overview Simple Network Management Protocol (SNMP) offers the communication rules between a management device and the mana

70 Table 35 SNMPv1 or SNMPv2c configuration task list Task Remarks Enabling SNMP Required The SNMP agent function is disabled by default. IMPORTANT:

71 Enabling SNMP 1. Select Device > SNMP from the navigation tree. The SNMP configuration page appears. Figure 61 Setup page 2. Configure SNMP

72 Table 37 Configuration items Item Description SNMP Enable or disable SNMP agent. Local Engine ID Configure the local engine ID. The validity of a

73 Figure 63 Create an SNMP view (1) 4. Enter the view name. 5. Click Apply. The page in Figure 64 appears. Figure 64 Create an SNMP view (2) 6

74 Adding rules to an SNMP view 1. Select Device > SNMP from the navigation tree. 2. Click the View tab. The page in Figure 62 appears. 3. Clic

75 Figure 67 Create an SNMP Community 4. Configure SNMP community settings as described in Table 39. 5. Click Apply. Table 39 Configuration items

76 Figure 68 SNMP group 3. Click Add. The Add SNMP Group page appears. Figure 69 Create an SNMP group 4. Configure SNMP group settings as desc

iv Adding a domain name suffix ·······················································································································

77 Item Description Notify View Select the notify view of the SNMP group, that is, the view that can send trap messages. If no notify view is configu

78 Figure 71 Create an SNMP user 4. Configure SNMP user settings as described in Table 41. 5. Click Apply. Table 41 Configuration items Item Desc

79 Item Description Authentication Password Set the authentication password when the security level is Auth/NoPriv or Auth/Priv. The confirm authenti

80 Figure 73 Add a target host of SNMP traps 6. Configure the settings for the target host as described in Table 42. 7. Click Apply. Table 42 Con

81 Displaying SNMP packet statistics Select Device > SNMP from the navigation tree. The page for displaying SNMP packet statistics appears. Figure

82 a. Select Device > SNMP from the navigation tree. The Setup page appears. Figure 76 Enable SNMP b. Select the Enable option. c. Select the

83 Figure 78 Create an SNMP view (2) e. Select the Included radio box, enter the MIB subtree OID interfaces, and click Add. f. Click Apply. A co

84 Figure 80 Create an SNMP group c. Enter group1 in the field of Group Name, select view1 from the Read View box, and select view1 from the Write

85 Figure 81 Create an SNMP user 5. Enable the agent to send SNMP traps. a. Click the Trap tab The page in Figure 82 appears. b. Select the Enab

86 The page in Figure 83 appears. b. Select the destination IP address type as IPv4/Domain, enter the destination address 1.1.1.2, enter the user na