Академический Документы
Профессиональный Документы
Культура Документы
CONFIGURATION MANUAL
Version 2.0
Date: April, 2014
Description
Chapter1 Preface
Contents
1
PREFACE ............................................................................................................................. I
1.1
CONVENTIONS ........................................................................................................ I
1.2
SYMBOLS .................................................................................................................. I
OVERVIEW ............................................................................................................... 3
3.2
3.3
3.4
4.2
4.3
4.4
5.2
5.4
5.5
5.6
5.7
5.8
IP CONFIGURATIONS............................................................................................ 28
5.8.1 CONFIGURE STATIC IP ADDRESS ............................................................... 28
5.8.2 CONFIGURE IP FORWADING FEATURE ..................................................... 28
5.9
6.2
6.4
6.5
WLAN ..................................................................................................................... 81
6.5.1 AP CONFIGURATION .................................................................................. 82
6.5.2 WLAN GROUPS ........................................................................................... 84
6.5.3 TIME POLICY GROUPS ................................................................................ 87
6.5.4 AP POLICY APPLY ....................................................................................... 88
6.5.5 WLAN-VLAN ASSOCIATION ....................................................................... 88
6.6
STATISTICS .............................................................................................................. 88
6.6.1 AP INFORMATION ....................................................................................... 89
6.6.2 AP SOFTWARE UPGRADE ........................................................................... 91
ROGUE AP ............................................................................................................. 94
6.7.1 ROGUE AP ................................................................................................... 95
6.7.2 PERMITTED BSSID LIST .................................................................................. 95
6.7.3 PERMITTED SSID LIST .................................................................................... 96
6.8
LOG........................................................................................................................ 96
6.8.1 OPERATION LOG ........................................................................................ 96
6.8.2 OPERATION LOG HOLD TIME .................................................................... 98
6.8.3 ALARM LOG ................................................................................................ 98
6.8.4 AP LOG ........................................................................................................ 98
6.8.5 INTRUSION DETECTION LOG ...................................................................... 99
Content of Figures
Figure 5-1
Topology .................................................................................................................... 10
Figure 5-2
Figure 5-3
Figure 6-2
AC Configuration ...................................................................................................... 54
Figure 6-5
AC Hotstandby.......................................................................................................... 56
Figure 6-6
Figure 6-7
Figure 6-8
Figure 6-9
Content of Tables
Table 6-1
Table 6-2
AC Configuration ....................................................................................................... 54
Table 6-5
Table 6-6
Table 6-9
Preface
1.1
Conventions
Altai wireless access controller (hereinafter called AC) provides a
managemental platform for broadband wireless access service, which is
oriented to broadband wireless access ISP and enterprises with wireless
access. It fully supports the over-all operation and management solution for
broadband wireless access.
The manual introduces the system function, structure, specification, and
basic settings of Altai AC, as a convenience for engineerss maintenance.
1.2
Symbols
1.
Labels
Format
[
/
2.
Meaning
represents window name, menu, and data sheet, such aspromt New
Built Users
Multi-menus is separated by/. For example , ClickBasic Settings/AC
Upgrade means the screen prompt is to configure AC upgrade.
Safety Symbols
Meanings
Safety symbols:
Danger stands for a big potential harm
to human body if not avoided.
Warning stands for a big potential
damage to device or business if not
avoided.
Attention stands for a moderate
damage to device or business if not
avoided.
Danger Electricity!
electricity shock.
Be
aware
of
Danger Microwave!
microwave dager.
Be
aware
of
Product Introduction
2.1
Overview
Altai AC provides a managemental platform for broadband wireless
access service, which is oriented to broadband wireless access ISP and
enterprises with wireless access. It fully supports the over-all operation and
management solution for broadband wireless access.
Altai AC adopts advance technology of network processing and data
exchange bus. It provides a high forwarding compacity and protocol
processing ability, strengthening the processing of user management,
network security, accounting and netrwork management.
Altai AC provides various network access methods to support user
management with abundant network ptotocols and flexible accountings. It
provides different interface configurations and strict network security to avoid
attack from outside. Meanwhile it is easy to manage for a rich network
management methods.
System Features
3.1
Protocol Support
Support Ethernet Protocols like IEEE 802.3u, 802.3z, 802.3 , 802.1q, 802.1p,
802.3x
Support NAT
3.2
3.3
Support users mult-access like fixed port, VLAN, MAC/IP address, PPPOE
and DHCP
Support different service authorizations for various users, like time strategy,
flow stragety, bandwidth strategy and route strategy
Network Security
3.4
Network Management
4.1
4.2
1.
Before clean the device, please unplug the power plug. Dont wipe
device with a damp cloth, and no liquid cleaning at the same time.
2.
3.
4.
Keep room with good ventilation and keep device ventilation holes
clear.
5.
6.
Dont open the shell while device is running, and for safety consideration
try your best not to open the shell at will.
7.
Environment Requirements
The device must work in room. No matter where the device is laid down,
please make sure device runs under the following environment conditions.
1.
2.
Make sure the rack or platform where device laid with a good ventilation
system.
3.
Make sure the rack and platform is solid enough to bear the device and
other mounting accessories.
4.
Make sure the rack and platform with a good ground connection.
5.
The room should keep its temperature between 0 and 40, relative
humidity 5%~95%, dust(whose diameter5m) density 3 104 pieces
/m3.
4.3
Eclectrical Precautions
3.
While carry the borad please lay your hand on the holders. The
board not used should be stored with electrostatic shield
protection.
4.4
Tools Needed
Before installing the device please prepare the following tools.
1.
1 srewdriver
2.
3.
Initial Configuration
5.1
CLI Overview
The user interface is CLIComand-line Interface, which provides a
textual interface for terminal users. All the CLI commands consist of key words
and parameters.
CLI consist of several modes, under which the related commands will be
fully operated. Some commands can only run in related modes and some
others can sun in all modes. CLI will stop at user mode after booting, which
allows users to check system running state. However user mode could not
allow users to change system state, which could be modified in privileged
mode. With enable command, users can go to privileged mode.
In privileged mode input config terminal, users can go to global
configuration mode. By inputing disable, users will go back to user mode and
by <ctrl+z>, end, or exit will go back to privileged mode.
Input? could inquiry all available commands under the mode. While
input question mark, there would prompt a list of keywords.
Under any mode, using tab will fill in the whole command automatically.
While inputing some command, push tab will prompt a list of possible
commands. All the commands support uncomplete form like just a few words
to stand for the whole command. Of course the form should not be
ambiguous. For example conf can stand for configure, but co could not
stand for it because co could not make a distinction between configure and
copy.
Most command support keyword of no. With no command, the related
command will be deleted.
The following part will describe each mode.
5.1.1
User Mode
Login by telnet or console, you have to input user name and password. In
user mode, users can only inquire configurations except for system
configuration file.
5.1.2
Privileged Mode
After login user mode, input enable and the password of privileged mode,
you can login in privileged mode. In this mode, you can write and have some
complex operation. The system prompt ishostname.
5.1.3
5.1.4
5.1.5
System Description
There are three operation systems on AC for management platform,
access platform and fast forwarding platform.
5.1.6
5.1.7
Version Booting
Connect AC and version server as follows.
Figure 5-1
Topology
AC
System Booting
Power on
Boot System
Configure Mode
If found
Load Configuration File
Initialize COnfiguration
If system find the file, there will promt information of Press 'CTRL-C' to stop
running startup-config... and wait for 3 seconds. If users pressCTRL-C during
this time ,the configuration file will not be executed.
Figure 5-5
5.2
5.2.1
5.2.2
Login by Telnet
Input the IP address and the port number of 23.
5.3
5.3.1
5.3.2
Login by Telnet
Input the IP address of Management Platform, which should be the same
with that of the Access Platform. Port 87 is suggested.
5.3.3
Login by WEB
Open IE web brower and input https://x.x.x.x (the IP address of
Mangement Platform).
User Name: icac
Password: icaclogin
5.4
System Update
Before introduce the three update mehod, there are three points should be
aware.
Firstly, there are two platforms of management platform and access
platform. To visit management platform, the device must be connected with
an Ethernet interface. The IP and mask of the interface should be
configured both on management and access platform.
Secondly, IP address must be configured on the right interface. For
access platform, the interface should be the one physically connected. For
example, if interface0 is connected to version server then the IP must be
configured on interface0. However for management platform, the IP can
only be configured on interface7, which is a virtual interface and can
communicate with any interface on the access platform.
Thirdly, bootloader is a driver for system update. If there is a need to
update a new version, we will supply one.
5.4.1
Topology
Please make sure AC can communicate with version server and connect
ACs console interface.
Figure 5-9
MONITOR Update
AC
2.
Make sure there is a new version on version server. Suppose the version is
saved at d:\ Altai-AC with a file name as MIPS_1018L1.8V8.10_R29_T15
3.
Enable tftp server on version server and make its working directory as d:\
Altai-AC
4.
5.
Power on Altai AC
6.
7.
boot device
: gmac0
server
ip address
: 10.9.0.22
subnet mask
: 255.255.255.0
gateway
: 10.9.0.21
<-//subnet mask
<-//IP of gateway
: MIPS_1018L1.8V8.10_R29_T15
<-//version to be update
8.
input @@ and then press enter to trigger loading system. If it does not
work, input@@and press enter again.
9.
# cat /proc/rmi/mips-version
the running version:
MCR_rmios_1.0.8.10C31
MCR_vxWorks_1.0.8.10C42
cwc_1.0.1.8C48M_MIPS
MIPS_1018L1.8V8.10_R29_T15
dev-boot-version:C16
next-boot-active-version:version0
5.4.2
Update by FTP
Update by FTP needs to save the version to be update on AC. Each time
when AC reboots, system will read version information. There can be saved
two versions at most, version0andversion1.
1.
Topology
Please make sure AC can communicate with version server and connect
ACs console interface.
Figure 5-10
by FTP
AC
2.
3.
4.
# ifconfig
//optional command, by this you can show all the management pla
//requied command, to co
Link encap:Ethernet
HWaddr 00:08:D2:00:00:08
inet addr:221.162.62.137
Bcast:221.162.62.255
Mask:255.255.255.0
For a notice, if eth7 is not configured rightly, you can input ifconfig eth7
upand then configure it again.
5.
mode
Altai-AC (config-interface)# ip address 221.162.62.137 255.255.255.0
//configure IPan
d subnetmask for interface0. It is must be the same with that of eth7 interface.
After
configuration
running-config.
6.
to
check
the
information
withshow
# cat /proc/rmi/mips-version
MCR_rmios_1.0.8.10C29
MCR_vxWorks_1.0.8.10C39
cwc_1.0.1.8C46M_MIPS
MIPS_1018L1.8V8.10_R29_T13 //the running version is MIPS_1018R29T13
dev-boot-version:C16
next-boot-active-version:version0
V8.10_R29_T13)
7.
Upload new version on AC by FTP. Enable CMD and follow the steps
listed here.
D:\>cd /Altai-AC
If you need to update versions, input the following command. (Suppose version0 sta
nds for
8.10_R29_T15:
# version upgrade0
//reboot system
5.4.3
Update by WEB
The user can replace or upgrade Altai ACsystem software according to the
following steps.
1.
Topology
Please make sure AC can communicate with version server and connect
ACs console interface.
Figure 5-11
by WEB
AC
Configure IP address for management platform and access platform to make
sure that AC can visit version server. Please refer to Update by FTP for the
specific configuration methods.Assuming 221.162.62.137 is the interface
address
Open the web browser on the version server, and input the following
address in the address bar https://221.162.62.137.
Notice:
The beginning of Website is https. Click Yes while the following screen
prompt.
Figure 5-12
Security Alarm
Figure 5-13
ClickBasic Settings
, AC Upgrade,and AC upgrade screen will prompt
on the right. If you want to set version0 as the current version, please select
version0 and click Set as current version .
After updating the current version the following screen will prompt, and
dont reboot right away. If you want to modify the real version which Current
Finally, clickreboot. After reboot, the version update will take effect.
5.5
5.5.1
5.5.2
5.6
5.6.1
Global Configurations
Login Settings
hostname(config)#local-user
username
service-type all level priv-level
user
password
passsword
5.6.2
5.7
Interface Configurations
Fast Ethernet Interface and Gigabit Ethrenet Interface shoule be set in tht
form of subinterface. Please follow the steps listed here to configure.
5.7.1
Create a SubinterfaceRequired
Create VlanOptinal
Set IP AddressRequired
Create a Subinterface
Altai-AC(config)# interface GigabitEthernet interface-specifier
interface-specifier defines the interface in form of slot/port.subif. Slot stands
for the interface module, port the port number, and subtif the subintreface
number. For example,
Altai-AC(config)# interface GigabitEthernet 1/0.1
The command means subinterface1 is created on module1 and port 0.
For a notice, the fast Ethernet module number is 1 and the port number is from
0 to 5. The subinterface number could not be omitted and should lie in the
range of 0~255.
The command to configure Ethernet interface is the same with that of SFP
interface. For a physical interface, it could only be a SFP interface or an
Ethernet interface.
5.7.2
Set Vlan
If there is an existing VLAN, please configure the VLAN before you set IP
address for the created subinterface.
Altai-AC(config-interface)# vlan id vlan-id
5.7.3
Configure IP Address
IP Address can be a secondary assress except the primary address, but all the
IP Address in the system should not be crossovered.
Altai-AC(config-interface)# ip address ip_address ipMask [ secondary ]
5.7.4
5.7.5
5.7.6
5.7.7
5.7.8
Check Interface
Altai-AC# show interface gigabitEthernet 1/ port
The command above will display all the details on the interface, like interface
state,message statistics, and flow rate.
5.7.9
Application Example
The following example configures a Gigabit Ethernet Interface.
Altai-AC(config)# interface GigabitEthernet 1/0.0
Altai-AC(config-interface)# ip address 10.10.5.1 255.255.255.0
Altai-AC(config-interface)# duplex full
Altai-AC(config-interface)# end
Altai-AC#show interface gigabitEthernet 1/0
5.8
5.8.1
IP Configurations
Configure Static IP Address
Altai-AC(config)# ip route ipAddress ipMask ipNextHop
For example,
Altai-AC(config)# ip route 10.0.0.0 255.255.255.0 192.168.26.33
Altai-AC(config)# ip route 0.0.0.0 0.0.0.0 192.168.25.1
Notice:
The ipNextHop must be the IP Address of direct connected network. It could
not be any interfaces IP Address. If ipAddress and ipMask is configures as 0, it
stands for a default toute.
5.8.2
The following example means users can visit AC but can not visit each other.
Altai-AC(config)# ip forward bnas-access enable user-access disable
5.9
5.9.1
RADIUS Configurations
Overview
Remote Authentication Dial In User Service (RADIUS) is a
networking protocol that provides centralized Authentication, Authorization,
and Accounting (AAA) management for computers to connect and use a
network service. RADIUS is a client/server protocol that runs in the application
layer, using UDP as transport.
5.9.2
5.9.2.1
1.
2.
Configure IP AddressRequired
3.
4.
5.
Configure IP Address
The IP address for Radius Client should be a subinterfaces IP address, and the
subinterface should be able to reach Radius Server.
Altai-AC(radius-client)#ipaddress A.B.C.D
5.9.2.3
5.9.2.4
5.9.2.5
5.9.2.6
Application Example
Suppose there is subinterface with IP address 192.168.25.234, and Radius
Client can use this IP address to communicate with Radius Server. The
authentication poar numner is 1812 and the Account port number 1813.
Altai-AC(config)#radius-client
Altai-AC(radius-client)#ipaddress 192.168.25.234
Altai-AC(radius-client)# auth-port 1812
Altai-AC(radius-client)# exit all
With show command as follows, you can see the configuration has been
updated.
Altai-AC#show running-config
... ...
interface FastEthernet 1/0.3
vlan id 4095
ip address 192.168.25.234 255.255.255.0
radius-client
ipaddress 192.168.25.234
auth-port 1812
account-port 1813
... ...
Altai-AC#show radius client
5.10
5.10.1
Domain Configurations
Overview
Domain in this paper could stand for certain ISP, or kinds of service like
viewing webpage or VOD. It also could be the combinantion of ISP and
service.
5.10.2
5.10.3
5.10.3.1
Backup Server
The configuration of backup server is the same with master server.
Altai-AC(domain)# radius server I.J.K.L authentication
Altai-AC(domain)# radius server M.N.O.P accounting
That is to say the server configured first is master server and the other backup
server.
The following command is used to cancel configurations either on master or
backup server.
Altai-AC(domain)#no radius server x.x.x.x {authentication | accounting}
If the configuration on master server is canceld, the backup server will
become master server.
5.10.3.2
5.10.4
5.10.5
5.10.6
5.10.7
5.10.8
5.11
5.11.1
Notice:
All the service strategy only takes effect on the users who access after the
service is configured. If a strategy is modified, the users who access before
the modification will not be influenced.
5.11.2
5.11.2.1
5.11.2.2
Configure Bandwidth
Configure upstream and downstream bandwidth.
Altai-AC (rate-policy)# downstream number1 number2
Altai-AC (rate-policy)# upstream number3 number4
The unit for downstream and upstream broadband is bytes per second. The
meanding for each number is listed here.
5.11.2.3
5.11.3
5.11.3.1
5.11.3.2
portal
permit
ip 0.0.0.0
0.0.0.0
202.104.108.115
Example 2:
The following filtering rule allow any DNS package to pass through.
Altai-AC(config)# rule dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0
53
Example 3
Suppose user is located at 10.10.0.0 network, and the following rule allow
users to visit this network segment.
Altai-AC(config)# rule
255.255.0.0
5.11.3.3
255.255.0.0
10.10.0.0
5.11.3.4
5.11.3.5
5.11.3.6
5.11.4
5.11.4.1
5.11.4.2
5.11.4.3
5.11.4.4
5.12
5.12.1
x.x.x.x internal
5.12.2
Configure AC-name
Altai-AC(config)# ex-portal ac-name ACN.CTY.PRO.OPE
AC-Names format is wlanacname=ACN.CTY.PRO.OP. The attribute name
must be lowercase letter and the value number should follow the rules as
regulated.
Altai-AC(config)# ex-portal ac-name 0004.0543.531.00
5.12.3
5.13
101
0101053553100460
IP POOL Configurations
There are two types of ip-pool, layer2 ip-pool and layer3 ip-pool. Layer2
ip-pool is used for users who access by layer2 device and layer3 ip-pool for
users who access by layer3 device.
5.13.1
5.13.1.1
5.13.1.2
5.13.1.3
5.13.1.4
5.13.1.5
Configure proxyarp
Altai-AC(ip-pool)#proxyarp [enable|disable ]
5.13.2
5.13.2.1
5.13.2.2
5.13.2.3
5.13.2.4
Configure Reserved IP
The reserved IP will not be allocated to users, which is used to manage users.
Altai-AC(ip-pool)#reservedip A.B.C.D
5.13.2.5
5.13.2.6
Configure proxyarp
Altai-AC(ip-pool)#proxyarp [enable|disable ]
5.14
5.14.1
5.14.1.1
For example,
ip-pool AP
ipaddress 10.172.220.1 255.255.254.0
alloc-mode localdhcp
default-router 10.172.220.1
max-lease 3600
5.14.1.2
Configure option
Altai-AC(ip-pool)# option-60 enterprise-code 3902
5.14.1.4
5.14.2
5.14.2.1
5.14.2.2
Configuration Steps
1.
Configure Subinterfacerequired
There are to purpose to configure a subinterface.
First, by subinterface, radius client can communicate with radius server.
Second, the subinterface could be ACs uplink port.
2.
3.
4.
5.
7.
8.
9.
5.14.2.3
5.14.2.4
5.14.2.5
5.14.2.6
{ vlan | vlan-vlan}
For example, suppose the DHCP users accessed by port0 and VLAN10 will get
IP from ip-pool1.
Altai-AC(config)# ip pool ippool1 available-interface 0 vlan 10
For example, suppose the DHCP users accessed by port1-4 and any VALN will
get IP from ip-pool2.
Altai-AC(config)# ip pool ippool2 available-interface 1-4
5.14.2.7
5.14.2.8
2.
- port-id
vlan
- vlan-id
3.
Altai-AC#
show user
String
4.
Altai-AC# kick
List Elements
- kick mode(ip,user-name,mac,index)
String
5.
Altai-AC# release
A.B.C.D
6.
5.15
- user's ip address
debug radius
NAT Configurations
NAT includes three types of static NAT, dynamic NAT, and PAT (Port
Address Translation). Static NAT is to map an internal private IP to external
legal IP permanently. Dynamic NAT is to map legal external IP to internal
network. PAT is to map internal IP to external IPs different port. Usually we use
PAT.
5.15.1
Static NAT
1.
2.
Define subinterface
Altai-AC(config-interface)#ip nat outside
For a notice, to configure a subinterface, you have to configure an IP for
the interface and then configure ip nat outside. If you want to delete
and modify the subinterfaces IP, you have to delete ip nat outside first,
delete the IP of interface, and then configure interfaces IP and ip nat
outside.
ip
nat
static
inside
in_ipaddr
out_ipaddr
5.15.2
Dynamic NAT
1.
2.
Define subinterface
Altai-AC(config-interface)#ip nat outside
For a notice, to configure a subinterface, you have to configure an IP for
the interface and then configure ip nat outside. If you want to delete
and modify the subinterfaces IP, you have to delete ip nat outside first,
delete the IP of interface, and then configure interfaces IP and ip nat
outside.
3.
4.
5.
5.15.3
PAT
1.
2.
Define subinterface
4.
5.
5.16
5.16.1
5.16.2
Command
1.
3.
4.
5.
[no]preempt
Modevrgroup
Parametersenable preempt mode
6.
[no]threshold-priority num
Modevrgroup
Parameters: numthe priority of virtual group, range from 1 to 255
Descriptionconfigure the threshold for hot back group
7.
8.
WEB Configurations
6.1
Login by WEB
The URL is:https://10.1.1.310.1.1.3 is the IP of management platform
configured on Eth7.
The default user name is icac, and the password is icaclogin.
The login screen is displayed as follows.
Figure 6-2
Menu
Description
Basic Settings
Wireless Settings
Wireless Security
WLAN
Online AP
Statistics
Rogue AP
LOG
Change Password
Save
Configuration
Exit
6.2
Basic Settings
ClickBasic Settings,and the following screen will prompt.
On this screen the following functions will be configured,including AC
Configuration
, AC Hotstandby
, Radius Server
, AS Server
, NTP Server,
SYSLOG Server
AP
,
Version
Version
,
Server
Routing
,
Ethernet
,
Interface
Information,WAPI Certificate,AC Advanced,Tunnel Configuration,
Multiple Access Boards Configuration , AC Upgrade , System
Information,andAC License.
6.2.1
Basic Settings
AC Configuration
ClickBasic Settings/AC Configuration,and AC configuration screen will
prompt.
AC Configuration
Table 6-2
AC Configuration
Items
Description
AC Name
AC IP Address
Number
Connected APs
of
Number
Connected STAs
of
SNMP Community R
SNMP
R&W
AC Trap IP
Community
Items
6.2.2
Description
AC Trap IP2
Trap Community
Trap port
Loadbalance
User Isolation
Domain
AC Authentication
Longitude
Latitude
More
AC Hotstandby
Click Basic Configuration / AC Hotstandby , and AC hotstandby
configuration screen will prompt.
AC Hotstandby
Table 6-3
Items
6.2.3
Description
AC Hotstandby
AP Cold Standby
Data
Synchronization
Preempt Mode
Local IP
The
heartbeats
address
which
communicated with the client.
Peer IP
is
this
Radius Server
ClickBasic Settings/Radius Server,and radius servers configuration screen
will prompt.
Table 6-4
Items
Description
Type
Priority
IP Address
Port
Password
Items
Description
Re-enter
password
6.2.4
AS Server
ClickBasic Configuration/AS Server,and AC server configuration screen
will prompt.
6.2.5
Figure 6-8
AS Server Configuration
Table 6-5
AS Server Configuration
Items
Description
AS server IP
AS server port
NTP Server
ClickBasic Settings/NTP Server,and NTP configuration screen will
prompt.
AC NTP Configuration
Table 6-6
AC NTP Configuration
Items
6.2.6
Description
NTP Server
NTP Client
Server 1
Server 2
Server 3
Sync Interval
SYSLOG Configuration
ClickBasic Settings/SYSLOG Configuration,and SYSLOG configuration
screen will prompt.
Figure 6-10
SYSLOG Configuration
6.2.7
SYSLOG Configuration
Items
Description
Syslog Level
IP Address
Port
Operation
AP Version
ClickBasic Settings/AP Version, and AP version configuration screen will
prompt.
Figure 6-11
Table 6-8
Items
Description
Manufacturer
Manufacturer information.
Device Type
Items
6.2.8
Description
Hardware
Version
Update Type
Update
Feature
Target
Update
Feature
Upload Ways
Path Type
Full path
Relative path
Target
Updated File
Version Server
ClickBasic Settings/Version Server,and version server configuration screen
will prompt.
Figure 6-12
Figure 6-13
Table 6-9
Items
6.2.9
Description
Server IP
Port
UserName
Password
Confirm
Password
Transfer
Protocol
Routing
ClickBasic Settings/Routing,and route information of management
platform screen will prompt.
The following table will introduce the management platform route edit.
6.2.10
Description
Destination IP
The destination IP
Netmask
Next hop
6.2.11
WAPI Certificate
ClickBasic Settings/WAPI Certificate,and WAPI certificate screen will
prompt.
6.2.12
Description
Certificate Type
Path Type
Relative path
Full path
Certificate
Uploading
AC Advanced
ClickBasic Settings/AC Advanced,and AC advanced screen will prompt.
Description
AC
Configuration
Export
AC
Configuration
Import
Select
Configuration
to Reset
Factory Reset
Reboot AC
Warning:
To restore the factory default, and restart AC will affect the running business.
Please do not do such operation at will.
6.2.13
Tunnel Configuration
ClickBasic Settings/Tunnel Configuration,and tunnel configuration screen
will prompt.
Description
On: Enable tunnel mode.
Items
Description
Off: Disable tunnel mode.
6.2.14
Access
Platform IP
Port
Forwarding
Type
Switch of Data
Synchronization
Description
The slot number of access board.
Items
Access
IP
6.2.15
Description
Board
Port
Tunnel
address(IPv4)
Tunnel
address(IPv6)
Tunnel port
Tunnel Switch
Password(R)
Password(R&W)
AC Upgrade
ClickBasic Settings/AC Upgrade,and AC Upgrade screen will prompt.
Description
AC Version
AC Version
Upload
6.2.16
System Information
ClickBasic Settings/System Information,and system information screen
will prompt.It is the read-only screen.
6.2.17
AC License
ClickBasic Settings/AC License,and AC license screen will prompt.
Description
Device serial
Number
Status
Max
Number
6.3
AP
AC Device
Model
Hotstandby
Support(y/n)
Device ID
Upload
License File
Wireless Settings
Wireless settings includesWireless Basic,Wireless Advanced,Wireless
Channel,Payloadbalance,AP Background Scan,CAPWAP Timer.
6.3.1
Wireless Basic
ClickWireless Settings/Wireless Basic,and Wireless basic settings screen
will prompt.
Description
Radio ID
RF Switch
Power
Configuration
Items
Description
Percentage: Work in the designated power.
Actual Power: Work in the actual power.
Auto Power
Adjustment
Interval
Wireless
Mode
Work Rate
11N
Rate
Work
Space Flow
Items
Description
3*3
4*4
Channel
Bandwidth
Guard
Interval
A-MPDU
A-MSDU
11N
Mode
6.3.2
Work
Wireless Advanced
ClickWireless Settings/Wireless Advanced,and wireless advanced settings
screen will prompt.
Items
Layer2
port-isolate
IGMP
SNOOPING
Enabled:
function.
Disabled:
function.
Pre-certification
Roaming
Detection Time
for Roaming
Uplink Integrity
Disabled
Disconnect of AP Uplink
Disconnect of AP/AC CAPWA
Disconnect of link to a Certain
Action
Close AP RF
Reboot AP
NTP
Address
Server
NTP Synchronous
Interval
6.3.3
Description
Enable
IGMP
SNOOPING
Disable
IGMP
SNOOPING
Wireless Channel
Click Wireless Settings / Wireless Channel ,and wireless channel
configuration screen will prompt.
6.3.4
Description
Radio ID
1
2
Auto
channel
adjustment
Adjustment
Mode
Adjustment
Interval
Minimum
signa
standards
Payloadbalance
Click Wireless Settings / Payloadbalance ,and payloadbalance
configuration screen will prompt.
Items
Description
Payloadbalance
Switch
Enabled:
Enable
payloadbalance
function.When the number of user reaches
to a certain amount, payloadbalance
among APswill be adjusted automatically.
Disabled:
Disable
payloadbalance
function.
Payloadbalance
Type
Started
Threshold
Access Users
of
User
Control
Deviation
of
Load Balance
User Threshold
APs
is
APs
is
For example, suppose theconfiguration is set as follows, it stands for tthat the
payloadbalance function will be enabled when the flow value is 0kbps
between the two usersat least 2.If the flow d-value is 500kbps among users,
and the newcomer will be connected to the lower flow AP. When the flow is
more than 1000000000 KBPS, payloadbalance will take no effect.
6.3.5
AP Background Scan
Click Wireless Settings / AP Background Scan ,and AP background
scanning screen will prompt.
6.3.6
Description
Radio ID
Scanning
Channel
All-Channel
111b/g)
211b/g)
311b/g)
411b/g)
511b/g)
611b/g)
711b/g)
811b/g)
911b/g)
1011b/g)
1111b/g)
1211b/g)
1311b/g)
14911a)
15311a)
15711a)
16111a)
16511a)
Scanning
Enable
Scanning
Cycle
unit
is
CAPWAP Timer
ClickWireless Settings/CAPWAP Timer,and CAPWAP timer configuration
screen will prompt.
6.4
Description
Echo Timer
Discovery
Timer
No definition.
Keep-alive
time for AC
Wireless Security
Wireless security mainly includesMAC Filter,WLAN Security,Intrusion
Detection Settings , Dynamic Blacklist .The function in detail will be
introduced as follows.
6.4.1
MAC Filter
ClickWireless Security/MAC Filter,and MAC filter screen will prompt.
6.4.2
Description
MAC
Address 1
MAC
Address 2
MAC
Address 3
MAC
Address 4
WLAN Security
ClickWireless Security/WLAN Security,and WLAN security policy list screen
will prompt.
The following table will introduce WLAN security policy configuration items.
Description
Security Policy
ID
Security Policy
Name
Security Mode
Authentication
Mode
Key Length
64bit
128bit
152bit
Key Type
ASCII
Encryption
Method
SMS4
AES
TKIP
Key
Index
of
Default Key
Items
Description
Key 3: The default key is key 3.
Key 4: The default key is key 4.
6.4.3
Key 1
Key 2
Key 3
Key 4
Description
Spoofing
Attack
Detection
Switch
Flood Attack
Detection
Switch
Enabled:
function.
Disabled:
function.
Flood Attack
Detection
Threshold
Dynamic
Blacklist
Enabled:
Enable
dynamic
blacklist
function.When the number of flood attack
Enable
flood
attack
detection
Disable
flood
attack
detection
Items
Switch
Dynamic
Blacklist alive
time
6.4.4
Description
detected is more than the threshold, the user will
be pulled into blacklist.
Disabled: Disable dynamic blacklist function.
Set dynamic blacklist alive time.The default unit
is second, and the range is 60-3600.
Dynamic Blacklist
ClickWireless Security/Dynamic Blacklist,and dynamic blacklist screen
will prompt.
6.5
WLAN
WLAN mainly includesAP Configuration,WLAN Groups,Time Policy
Groups,AP Policy Apply,WLAN-VLAN Association.The function in detail
will be introduced as follows.
6.5.1
AP Configuration
ClickWLAN/AP Configuration, and AP Configuration screen will prompt.
Warning:
ClickDownload CSV Sampleto acquire instruction in detail of CSV file
layout.Youd better download this file in orde to avoid uploading abnormally.
ClickAdd AP+,and the following screen will prompt.
Description
AP
MAC
Address
AP Group
AP Number
AP number.
Location
AP Name
APs name
Description
APs description
6.5.2
WLAN Groups
ClickWLAN/WLAN Groups, and WLAN group configuration screen will
prompt.
Description
WLAN ID
WLAN Group
WLAN group
automatically.
Security Mode
which
is
generated
Items
Description
a WEP strategy in WLAN security
configuration WAPI Enable WAPI
encryption mode.
Security Policy
SSID
WLANs SSID.
SSID Mode
Vlan ID
VLANs ID.
QoS
Max number of
users
MAC
policy
Filtering
of
security
WLAN
strategy
security
Flow control
Downlink
SSID
Flow
Limit/Guarantee
Downlink
User
Flow
Limit/Guarantee
Tunnel Mode
Local Forwarding.
Concentrated
Forwarding:
To
use
concentrated forwarding fucntion, you
have to
enable the tunnel modefirst.
And the VLAN ID should not be
configured as 0.
Auth
MAC
The MAC
server.
Service
address
of
authentication
6.5.3
Input the name of time policy group,and clickAddto add new entry.Select
a entry need to modify, clickEdit group,and the following screen will
prompt.
Description
Policy ID
Policy ID.
Policy Name
Policy Type
Day
Week
Month
Year
All day
not
or
Start Time
End Time
Week
Month
Day
Operation
6.5.4
AP Policy Apply
ClickWLAN/AP Policy Apply, and AP policy apply screen will prompt.
On this screen WLAN group can be associated with different limit policies.
6.5.5
WLAN-VLAN Association
ClickWLAN/WLAN-VLAN Association, and WLAN-VLAN association
screen will prompt.
6.6
Statistics
Statistics mainly includesAP Information,AP Upgrate,Wireless
Interface Statistics,Wireless Users Statistics,Intrusion Detection Statistics,
Statistica Report Cycle. The function in detail will be introduced as follows.
6.6.1
AP Information
ClickStatistics/AP Information,and AP information screen will prompt.
Description
AP ID
APs ID
MAC
Address
IP Address
APs IP address
AP Group
AP group
AP Name
APs name
FP NO.
The RF number of AP
Online Time
Start Time
Last 3 Join
Time
Join Reason
Status
Details
There are three security modes to select, including 802.11i, WAPI, API&802.11i.
Select AP need to be set, clickParameters of AP Online Scanning,and the
following screen will prompt.
Description
Radio ID
Scanning
Channel
Scanning
Mode
Passive Scanning
Positive Scanning: The AP scans other APs
nearby positively.
Stop Scanning: Stop scanning operation.
Scanning
Cycle
6.6.2
AP Software Upgrade
ClickStatistics/AP Software Upgrade,and AP information screen will
prompt.
Figure 6-47 AP Software Upgrade
Description
Retries when
it fails
Numbers of
Simultaenous
AP
Time
of
upgrading
timeout
Click the button on the left of screen, and the following functions can be
realized.
ClickUpgradingto upgrade AP by software.
ClickCancel upgrading software,and cancel upgrading command like
APs status is waiting for upgrade or is upgrading and so on.
6.6.3
6.6.4
Description
AP IP
APs IP address
AP MAC
Access
Items
Description
Platform IP
6.6.5
User
MAC
Address
SSID
Session Id
Tunnel Id
The tunnels ID
Upline Time
Online time
6.6.6
6.7
Rogue AP
Rogue AP mainly includesRogue AP,Permitted BSSID List,Permitted
SSID List. The function in detail will be introduced as follows.
6.7.1
Rogue AP
ClickRogue AP/Rogue AP,and rogue AP list screen will prompt.
6.7.2
Description
BSSID
SSID
Radio ID
Channel
Signal
Strenth(dBm)
SNR
Data
Transfer Rate
MAC
Address
AP Type
Choose a BSSID in the rogue AP list to add in permitted BSSID list, and the
corresponding rogue AP will be turned into the lawful AP.
6.7.3
6.8
LOG
Log mainly includesOperation Log
, Operation Log Hold Time
, Alarm
Log,AP Log,Intrusion Detection Log. The function in detail will be
introduced as follows.
6.8.1
Operation Log
ClickLOG/Operation Log,and operation log screen will prompt.
ClickRemote Save +,and log will be uploaded to the FTP server specified.
6.8.2
Operation log hold time can be set on this screen,and the unit is day.
6.8.3
Alarm Log
ClickLOG/Alarm Log,and alarm log screen will prompt.
6.8.4
AP Log
ClickLOG/AP Log,and AP log screen will prompt.
6.8.5