User Manual

HeliOS
Software Release v1.1.5

www.ignitenet.com
U se r M a n u a l

IgniteNet HeliOS
Cloud-Enabled Enterprise Access Point Software

FW1.1.5
E052017-ST-R03
150000000056A
 How to Use This Guide

This guide includes detailed information on IgniteNet access point (AP) software,
including how to operate and use the management functions of APs. To deploy APs
effectively and ensure trouble-free operation, you should first read the relevant
sections in this guide so that you are familiar with all software features.

Who Should Read This guide is for network administrators who are responsible for operating and
This Guide? maintaining network equipment. The guide assumes a basic working knowledge of
LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network
Management Protocol (SNMP).

How This Guide The organization of this guide is based on the AP’s web management interface. An
is Organized introduction and initial configuration information is also provided.

The guide includes these sections:

◆ Section I “Getting Started” — Includes an introduction to AP management and

initial configuration settings.

◆ Section II “Web Configuration” — Includes all management options available

through the web interface.

◆ Section III “Appendices” — Includes information on troubleshooting AP

management access.

Related This guide focuses on AP software configuration, it does not cover hardware
Documentation installation of an AP. For specific information on how to install an AP, see the
following guide:

Quick Start Guide

For all safety information and regulatory statements, see the following documents:

Quick Start Guide

Safety and Regulatory Information

– 3 –
How to Use This Guide

Conventions The following conventions are used throughout this guide to show information:

Note: Emphasizes important information or calls your attention to related features

or instructions.

Caution: Alerts you to a potential hazard that could cause loss of data, or damage
the system or equipment.

Revision History This section summarizes the changes in each revision of this guide.

May 2017 Revision

This is the third revision of this guide. It is valid for software release v1.1.5. It
includes the following changes:

Table 1: Revision History (v1.1.5)

Description of Changes

Updated:

“AP Setup” on page 15

“Wireless Status” on page 25
“Internet Settings” on page 29
“LAN Settings” on page 35
“Hotspot Settings” on page 36
“Physical Radio Settings” on page 45
“Wireless Networks — General Settings” on page 48
“Wireless Networks — Security Settings” on page 50
“Wireless Networks —Advanced Radio Settings” on page 54
“System Settings” on page 61
Added:

“Remote System Log Setup” on page 71

– 4 –
 How to Use This Guide

May 2016 Revision

This is the second revision of this guide. It is valid for software release v1.1.2. It
includes the following changes:

Table 2: Revision History (v1.1.2)

Description of Changes

Updated:

“Port Status” on page 20

“Wireless Status” on page 25
“Internet Settings” on page 29
“Hotspot Settings” on page 36
“System Settings” on page 61
“Physical Radio Settings” on page 45
“Wireless Networks — Security Settings” on page 50
“System Settings” on page 61
“Services” on page 67
Deleted:

Setup Wizard
Internet Status

November 2015 Revision

This is the first revision of this guide. It is valid for software release v1.1.1.

– 5 –
 Contents

How to Use This Guide 3

Contents 6

Figures 9

Tables 11

Section I Getting Started 12

1 Introduction 13
Configuration Options 13
Network Connections 14
Connecting to the Web Interface 14
AP Setup 15
Main Menu 17
Dashboard 18
Common Web Page Buttons 18

Section II Web Configuration 19

2 Status Information 20
Port Status 20
Internet Status 21
Device Information 22
Interface Information 22
Local Networks 23
Wireless Status 25
Traffic Graphs 27
Services 27

– 6 –
 Contents

3 Network Settings 29
Internet Settings 29
Ethernet Settings 32
LAN Settings 35
Hotspot Settings 36
Firewall Rules 42
Port Forwarding 43

4 Wireless Settings 44
Radio Settings 44
Physical Radio Settings 45
Wireless Networks — General Settings 48
Wireless Networks — Security Settings 50
Wireless Networks — Network Settings 53
Wireless Networks —Advanced Radio Settings 54
VLAN Settings 58

5 System Settings 60
System Settings 61
Maintenance 63
Displaying System Logs 64
Downloading the Troubleshooting Log 64
Rebooting the Access Point 64
Resetting the Access Point 65
Backing Up Configuration Settings 65
Restoring Configuration Settings 65
Upgrading Firmware 66
User Accounts 66
Services 67
SSH 67
IgniteNet Discovery Tool 68
Telnet 68
Web Server 68
Network Time 69
SNMP 70

– 7 –
Contents

Remote System Log Setup 71

Diagnostics 72

Section III Appendices 73

A Troubleshooting 74
Problems Accessing the Management Interface 74
Using System Logs 74

Index 76

– 8 –
 Figures

Figure 1: Select Your Country 15

Figure 2: Select Cloud Managed 16
Figure 3: The Dashboard 18
Figure 4: Set Configuration Changes 18
Figure 5: Dashboard (Tabs) 20
Figure 6: Port Status 20
Figure 7: Internet Information 21
Figure 8: Device Information 22
Figure 9: Interface Information 22
Figure 10: Local Networks 23
Figure 11: ARP Table 24
Figure 12: DHCP Leases 24
Figure 13: Wireless Status 25
Figure 14: Traffic Graphs 27
Figure 15: Services 27
Figure 16: Internet Settings 29
Figure 17: IP Address Mode – Static IP 30
Figure 18: IP Address Mode – PPPoE 31
Figure 19: IP Alias 31
Figure 20: Ethernet Settings – Internet Source 32
Figure 21: Ethernet Settings – Network Behavior 33
Figure 22: Bridge to Internet 33
Figure 23: Route to Internet 34
Figure 24: Network – LAN Settings 35
Figure 25: Hotspot Settings (Network Settings) 37
Figure 26: Hotspot Settings (RADIUS Settings) 39
Figure 27: Hotspot Settings (Captive Portal Settings) 40
Figure 28: Firewall Rules 42
Figure 29: Port Forwarding 43

– 9 –
Figures

Figure 30: Radio Settings (Physical Settings for Radio 0) 45

Figure 31: Radio Settings (Physical Settings for Radio 1) 45
Figure 32: Radio Settings (General Settings) 48
Figure 33: WMM Backoff Wait Times 50
Figure 34: Wireless Security Settings 50
Figure 35: Wireless Network Settings 53
Figure 36: Advanced Radio Settings 54
Figure 37: Configuring VLANs 59
Figure 38: System Settings 61
Figure 39: Device Status LEDs 62
Figure 40: Maintenance 63
Figure 41: System Log 64
Figure 42: Rebooting the Access Point 64
Figure 43: Resetting to Defaults 65
Figure 44: Restoring Configuration Settings 65
Figure 45: Upgrading Firmware 66
Figure 46: User Accounts 66
Figure 47: SSH Server Settings 67
Figure 48: IgniteNet Discovery Tool Settings 68
Figure 49: Telnet Server Settings 68
Figure 50: Web Server Settings 69
Figure 51: NTP Settings 70
Figure 52: SNMP Settings 70
Figure 53: Remote Log Settings 71
Figure 54: Diagnostics 72

– 10 –
 Tables

Table 1: Revision History (v1.1.5) 4

Table 2: Revision History (v1.1.2) 5
Table 2: Radio Channels 47
Table 3: WMM Access Categories 49
Table 4: 802.11 Data Rates 55
Table 5: Device Status LEDs (Stand-alone Mode) 62
Table 6: Device Status LEDs (Cloud-managed Mode) 62
Table 7: Troubleshooting Chart 74

– 11 –
Section I
Getting Started

This section provides an overview of the access point, and introduces some basic
concepts about wireless networking. It also describes the basic settings required to
access the management interface.

This section includes these chapters:

◆ “Introduction” on page 13

– 12 –
 1 Introduction

The access point (AP) runs software that includes a network management agent.
The agent offers a variety of management options, including SNMP and a web-
based interface. The AP can also be accessed via Telnet or SSH for configuration
using a command line interface (CLI).

Note: This manual describes the configuration interface for stand-alone mode.
Refer to the IgniteNet Cloud Controller User Manual for information on configuring
the AP through the cloud interface.

Configuration Options
The access point’s web agent allows you to configure AP parameters, monitor
wireless connections, and display statistics using a standard web browser such as
Internet Explorer 11 or later, Mozilla Firefox 51 or later, and Google Chrome 56 or
later. The AP’s web management interface can be accessed from any computer
attached to the network.

The CLI program can be accessed remotely by a Telnet or Secure Shell (SSH)
connection over the network. The CLI is used primarily for technical support.

The AP’s management agent also supports SNMP (Simple Network Management
Protocol). This SNMP agent permits the AP to be managed from any computer in
the network using network management software.

The AP’s web interface and SNMP agent allow you to perform management
functions such as:

◆ Set management access user names and passwords

◆ Configure IP settings

◆ Configure SNMP parameters

◆ Configure 2.4 GHz and 5 GHz radio settings

◆ Control access through wireless security settings

◆ Filter packets using Access Control Lists (ACLs)

– 13 –
Chapter 1 | Introduction
Network Connections

◆ Download system firmware

◆ Download or upload configuration files

◆ Display system information and statistics

Network Connections
Prior to accessing the AP’s management agent through a network connection, you
must first configure it with a valid IP address, subnet mask, and default gateway
using the web interface, or the DHCP protocol.

The AP has a static default management address of 192.168.2.1 and a subnet mask
of 255.255.255.0. If the AP’s default IP address is not compatible with your network
or a DHCP server is not available, the AP’s IP address must be configured manually
through the web interface.

First connect to the AP’s Ethernet 1 port and log in to the web interface, as
described in “Connecting to the Web Interface” on page 14. Follow the steps
described in “AP Setup” on page 15 to select your country and specify one of the
configuration methods. Then configure the AP with an IP address that is
compatible with your network, as described under “LAN Settings” on page 35.

Once the AP’s IP settings are configured for your network, you can access the AP’s
management agent from anywhere within the attached network. The AP can be
managed by any computer using a web browser, or from a network computer using
SNMP network management software.

Connecting to the Web Interface

The AP offers a user-friendly web-based management interface for the
configuration of all the unit’s features. Any PC directly attached to the unit can
access the management interface using a web browser, such as Internet Explorer
11 or later, Mozilla Firefox 51 or later, and Google Chrome 56 or later.

You may want to make initial configuration changes by connecting a PC directly to

the AP’s LAN port. The AP has a default management IP address of 192.168.2.1 and
a subnet mask of 255.255.255.0. You must set your PC IP address to be on the same
subnet as the AP (that is, the PC and AP addresses must both start with192.168.2.x).

To access the AP’s web management interface, follow these steps:

1. Use your web browser to connect to the management interface using the
default IP address of 192.168.2.1.

– 14 –
 Chapter 1 | Introduction
AP Setup

2. Log in to the interface by entering the default user name “root” with the
password “admin123”, then click Login.

Note: It is strongly recommended to change the default user name and password
the first time you access the web interface. For information on changing user
names and passwords, see “User Accounts” on page 66.

AP Setup
AP Setup is designed to help you configure the basic settings required to get the
AP up and running.

Step 1 Select Your Country — Select the access point’s country of operation from the
drop-down menu. You must set the AP’s country code to be sure that the radios
operate according to permitted local regulations. That is, setting the country code
restricts operation of the AP to the radio channels and transmit power levels
permitted for wireless networks in the specified country.

Figure 1: Select Your Country

Caution: You must set the country code to the country of operation. Setting the
country code ensures that the radios operate within the local regulations specified
for wireless networks.

– 15 –
Chapter 1 | Introduction
AP Setup

Note: The country code selection is for non-US models only and is not available to
any US models. Per FCC regulation, all Wi-Fi products marketed in the US must be
fixed to US operation channels only.

Step 2 Select to Cloud Manage AP or Stand-Alone — To manage the AP using the

IgniteNet Cloud controller, select “Yes, I will manage this device with the IgniteNet
Cloud controller,” and then click “Done.” Otherwise, select “No, I will be operating
this device in stand-alone mode” and continue to the Main Menu.

Figure 2: Select Cloud Managed

If you select to manage the AP using the IgniteNet Cloud controller, go to

cloud.ignitenet.com to register your AP. Log in and select Devices from the menu.
Click Add Device and enter the AP serial number and MAC address to register the
AP with your cloud network. The serial number and MAC address can be found on
the product packaging or label.

Note: This manual describes the configuration interface for stand-alone mode.
Refer to the IgniteNet Cloud Controller User Manual for information on configuring
the AP through the cloud interface.

– 16 –
 Chapter 1 | Introduction
Main Menu

Main Menu
The web interface Main Menu provides access to all the configuration settings
available for the AP.

To configure settings, click the relevant Main Menu item. Each Main Menu item is
summarized below with links to the relevant section in this guide where the
configuration parameters are described in detail:

◆ Dashboard — The dashboard shows basic settings for the AP, including
general status (port status, Internet connection, device designation, and
interface information), local network settings, wireless radio status, traffic
graphs, and services. See “Status Information” on page 20.

◆ Network — Configures Internet, Ethernet, LAN, hotspot, firewall rules, and port
forwarding settings. See “Network Settings” on page 29.

◆ Wireless — Configures 5 GHz Radio, 2.4 GHz Radio, and VLAN settings. See
“Wireless Settings” on page 44

◆ System — Configures System (including cloud agent and various system

settings), Maintenance (such as view log, troubleshooting log, reboot, reset
defaults, backup defaults, restore defaults, and firmware upgrade), User
Accounts, and Services (management access methods), and Diagnostics
(including ping, traceroute).

– 17 –
Chapter 1 | Introduction
Main Menu

Dashboard After logging in to the web interface, the dashboard displays. The dashboard shows
basic settings for the AP, including Internet status, local network settings, wireless
radio status, and traffic graphs, and services.

Figure 3: The Dashboard

Common Web Page The list below describes the common buttons found on many of the web
Buttons management pages:

◆ Save – Applies the new parameters and saves them to temporary RAM
memory. Also displays a message at the top of the screen to inform you that the
changes have not yet been saved to Flash memory. The running configuration
will not be saved upon a reboot unless you click the “Apply” button.

Figure 4: Set Configuration Changes

◆ Apply – Saves the current configuration so that it is retained after a restart.

◆ Revert – Cancels newly entered settings and restores the originals.

◆ Welcome > Logout – Open the Welcome list and click Logout to end the web
management session.

◆ Welcome > View Users – Open the Welcome list and click View Users to open
the User Accounts menu.

– 18 –
Section II
Web Configuration

This section provides details on configuring the access point using the web
browser interface.

This section includes these chapters:

◆ “Status Information” on page 20

◆ “Network Settings” on page 29

◆ “Wireless Settings” on page 44

◆ “System Settings” on page 60

– 19 –
 2 Status Information

The Dashboard displays information on the current system configuration, including

Internet status, local network settings, wireless radio status, traffic graphs, and
services. From the Site Menu, open the Advanced Setup page to display the
following tabs:

Figure 5: Dashboard (Tabs)

Status Information includes the following sections:

◆ “Port Status” on page 20

◆ “Internet Status” on page 21

◆ “Device Information” on page 22

◆ “Interface Information” on page 22

◆ “Local Networks” on page 23

◆ “Wireless Status” on page 25

◆ “Traffic Graphs” on page 27

◆ “Services” on page 27

Port Status
The Port Status section shows information about Ethernet port connections.

Figure 6: Port Status

– 20 –
 Chapter 2 | Status Information
Internet Status

The following items are displayed in this section:

◆ Ethernet Port #0 — Shows the status of the WAN Ethernet port, including link-
up state, speed, and duplex mode.

◆ Ethernet Port #1 — Shows the status of the LAN Ethernet port 1, including
link-up state, speed, and duplex mode.

◆ Ethernet Port #2 — Shows the status of the LAN Ethernet port 2, including
link-up state, speed, and duplex mode.

Internet Status
The Internet Info section shows information about the Internet connection.

Figure 7: Internet Information

The following items are displayed in this section:

◆ Internet Status — Shows whether or not the Internet connection is up.

◆ Internet Source — The Ethernet port connected to the Internet. By default,

this is Ethernet Port 0.

◆ IP Address — IP address of the Internet connection.

◆ Mode — Shows if the IP address is a static setting or set by DHCP.

◆ Netmask — The subnet mask of the IP address.

◆ Gateway — The IP address of the gateway router that is used when a

destination address is not on the local subnet.

– 21 –
Chapter 2 | Status Information
Device Information

◆ DNS — The IP address of the Domain Name Server on the network. A DNS
maps numerical IP addresses to domain names and can be used to identify
network hosts by familiar names instead of the IP addresses.

Device Information
The Device Info section shows descriptive information about the AP.

Figure 8: Device Information

The following items are displayed in this section:

◆ The software version number.

◆ The serial number of the physical access point.

◆ The system MAC address of the access point.

◆ Length of time the management agent has been up.

◆ The last 1-minute, 5-minute and 15-minute CPU load average.

Interface Information
The Interface Info section shows information about additional interfaces
connected to the Internet.

Figure 9: Interface Information

– 22 –
 Chapter 2 | Status Information
Local Networks

The following items are displayed in this section:

◆ Ports Bridged to Internet — Additional interfaces attached directly to the

Internet. Lists interfaces attached to the WAN (that is, the Internet).

◆ Routed Ports — By default, all interfaces are configured as a member of the

LAN. In this figure, Ethernet Port 1, Wireless LAN 0 (5 GHz Radio), and Wireless
LAN 1 (2.4 GHz Radio) are all included in the LAN. Traffic from these interfaces is
routed across the access point through Ethernet Port 0 to the Internet. (This is
also called route to Internet.)

Local Networks
The Local Networks section shows information about the local network connection.

Figure 10: Local Networks

The following items are displayed in this section:

◆ Name — Shows information on the name of the local network.

◆ Network Info — Shows whether the local network uses static or dynamic
configuration, and the network mask.

◆ DHCP Server — Shows if DHCP service is enabled on this network.

◆ Members — Shows the ports and wireless radios attached to this network.
(Click on any of these interfaces to open the corresponding configuraton page.)

◆ View ARP Table — Shows the ARP cache.

◆ View DHCP Leases — Shows DHCP leases.

– 23 –
Chapter 2 | Status Information
Local Networks

Figure 11: ARP Table

Figure 12: DHCP Leases

– 24 –
 Chapter 2 | Status Information
Wireless Status

Wireless Status
The Wireless Status section shows information about the radio settings and
associated clients.

Figure 13: Wireless Status

The following items are displayed in this section:

◆ Radio # — Indicates the 5 GHz or 2.4 GHz wireless interface.

■ Radio Status — Shows if the wireless interface is enabled or disabled.

– 25 –
Chapter 2 | Status Information
Wireless Status

■ Op Mode — Shows if the wireless interface is configured to operate in an

access point mode or client mode.

■ Channel — The radio channel the access point uses to communicate with
wireless clients. The available channels depend on the 802.11 Mode1,
Channel Bandwidth1, and Country Code settings2.

■ IEEE Mode — The 802.11 wireless LAN standards supported by the AP.

■ Tx Power — The power of the radio signals transmitted from the AP.

■ Total Clients — The total number of clients attached to this interface.

◆ SSID # — Service set identifier. Clients that want to connect to the wireless
network through an access point must set their SSIDs to the same as that of the
access point.

■ Name — A unique identifier for the local wireless network.

■ Security — Shows whether or not security has been enabled.

■ BSSID — The basic service set identifier. This is the MAC address of the AP
generated by combining the 24 bit Organization Unique Identifier (OUI, the
manufacturer's identity) and the manufacturer's assigned 24-bit identifier
for the radio chipset in the AP.

■ Associated clients — Shows detailed information about clients. Click on the

update icon to refresh the client list.

■ Name — Client name.

■ MAC Address — The MAC address of the wireless client.

■ IP Address — The IP address assigned to the wireless client.

■ Signal — Signal strength (TX/RX) in dBm.

■ SNR — Sound to Noise Ratio, that is the level of signal strength to the level
of background noise.

■ Duration — The time the wireless client has been associated.

■ Client TX Rate — The data transmit rate to the wireless client.

■ Client RX Rate — The data receive rate from the wireless client.

■ TX Bytes — The number of bytes transmited to the wireless client.

1. See “Radio Settings” on page 44.

2. See “AP Setup” on page 15.

– 26 –
 Chapter 2 | Status Information
Traffic Graphs

■ RX Bytes — The number of bytes received from the wireless client.

■ TX Packets — The number of packets transmited to the wireless client.

■ RX Packets — The number of packets received from the wireless client

Traffic Graphs
The Traffic Graphs section shows the data rate for the Ethernet ports and wireless
interfaces.

Figure 14: Traffic Graphs

Services
The Services section shows the status of the IgniteNet cloud management agent.

Figure 15: Services

– 27 –
Chapter 2 | Status Information
Services

◆ IgniteNet Cloud Agent Status — Shows that the agent for the cloud controller
is disabled.

◆ Hotspot (CoovaChilli) — Shows whether or not hotspot services are enabled.

Click on this field to open the Hotspot Settings menu.

– 28 –
 3 Network Settings

This chapter describes basic network settings on the access point. It includes the
following sections:

◆ “Internet Settings” on page 29

◆ “Ethernet Settings” on page 32

◆ “LAN Settings” on page 35

◆ “Hotspot Settings” on page 36

◆ “Firewall Rules” on page 42

◆ “Port Forwarding” on page 43

Internet Settings
The Internet Settings page configures the basic Internet settings for the AP, such as
the source port, IP aliases, as well as the host name and maximum MTU size.

Figure 16: Internet Settings

The following items are displayed on this page:

◆ Internet Source — The Ethernet port used to access the Internet.

(Default: Ethernet Port 0; Options: Ethernet Port 0-2)

– 29 –
Chapter 3 | Network Settings
Internet Settings

◆ IP Address Mode — The method used to provide an IP address for the Internet
access port. (Default: DHCP; Options: DHCP, Static IP, PPPoE)

■ DHCP — Configuration options displayed for DHCP are shown in Figure 16,
“Internet Settings", on page 29.

■ Static IP — To configure a static IP address for the selected Ethernet

interface, the following items must be specified.

■ PPPoE — To obtain an IP address for the selected Ethernet interface using

PPPoE, the following items must be specified.

Figure 17: IP Address Mode – Static IP

■ IP Address — Specifies an IP address for the access point. Valid IP

addresses consist of four decimal numbers, 0 to 255, separated by
periods. (Default: 192.168.1.1)

■ Subnet Mask — Indicates the local subnet mask.

(Default: 255.255.255.0)

■ Default Gateway — The IP address of the default gateway, which is

used if the requested destination address is not on the local subnet.
If you have management stations, DNS, RADIUS, or other network
servers located on another subnet, type the IP address of the default
gateway router in the text field provided.

■ DNS Servers — The IP address of Domain Name Servers on the

network. A DNS maps numerical IP addresses to domain names and
can be used to identify network hosts by familiar names instead of the
IP addresses.
If you have a DNS servers located on the local network, type the IP
address in the text fields provided.

– 30 –
 Chapter 3 | Network Settings
Internet Settings

■ Mgmt VLAN — Select this option to enable a management VLAN on this

devvice. Once you enable this option, you will no longer be able to access
this device on any of built-in the local networks (like 192.168.2.1 for
example). You will only be able to access the device from the specified
VLAN network. If this device’s IP mode is set to DHCP, it will also request a
new IP address in the subnet range assigned to the VLAN network.

Figure 18: IP Address Mode – PPPoE

■ Service Name — The service name assigned for the PPPoE connection.
The service name is normally optional, but may be required by some
service providers. (Range: 1-32 alphanumeric characters)

■ User Name — The user name specified by the service provider.

(Range: 1-32 characters)

■ Password — The password specified by the service provider.

(Range: 1-32 characters)

■ IP Aliases — Adds a static IPv4 address under which the access point
can also be reached.

Figure 19: IP Alias

◆ MTU Size — Sets the size of the maximum transmission unit (MTU) for packets
sent on this interface. (Range: 1400-1500 bytes; Default 1500 bytes)

– 31 –
Chapter 3 | Network Settings
Ethernet Settings

Ethernet Settings
The Ethernet Settings page configures the network behavior of the Ethernet ports,
indicating that a port provides an Internet connection for wireless clients attached
to the local network (routed to the Internet), is bridged directly to the Internet,
connected to the guest network, or provides hotspot service.

The following items are common for all pages under Ethernet Settings:

◆ Status — Enables or disables this port. (Default: ON)

◆ Auto-negotiation — Enables or disables auto-negotiation for a given

interface. (Default: ON)
1000BASE-T does not support forced mode. Auto-negotiation should always be
used to establish a connection over any 1000BASE-T port.
When auto-negotiation is enabled, the access point will negotiate the best
settings for a link based on advertised capabilities.

Figure 20: Ethernet Settings – Internet Source

The following status message is displayed if an interface is set as the Internet

source:

◆ “This port is the internet source for this product. Configure Internet Settings”
If more than one interface is connected to the Internet, only the last configured
interface is used.

– 32 –
 Chapter 3 | Network Settings
Ethernet Settings

Figure 21: Ethernet Settings – Network Behavior

The following items are displayed on this page:

◆ Network Behavior — For the Ethernet port which is not providing Internet
access, one of the following connection methods must be specified.
(Default: Route to Internet)

■ Bridge to Internet — Configures an interface to be attached to the WAN.

Traffic from this interface is directly bridged into the Internet. If an Ethernet
port is bridged to the Internet, management access cannot be made by a
direct connection to this port. However, if another Ethernet port or radio
interface is within the LAN (routed to the Internet) the access point can be
managed through this interface by a PC which is configured with an IP
address in the same subnet.

In the following figure, Ethernet Port 0 and Ethernet Port 1 are both
attached to the WAN.

Figure 22: Bridge to Internet

■ Route to Internet — Configures an interface to be a member of the LAN.

Traffic from this interface is routed across the access point and out through
an interface which is bridged directly to the Internet. By default, Ethernet

– 33 –
Chapter 3 | Network Settings
Ethernet Settings

Port 1 is routed to Internet, allowing management access via a direct

connection to a PC configured with an address in the same subnet.

Figure 23: Route to Internet

■ Network Name — The network to be routed. The default is “Default

local network” as displayed under LAN Settings – Local Networks.

■ Add to Guest Network — This port can only access the guest network.

■ Hotspot Controlled — This port can only access hotspot services.

■ Configure Hotspot — Opens the Hotspot Settings page.

– 34 –
 Chapter 3 | Network Settings
LAN Settings

LAN Settings
The LAN Settings page configures the LAN settings for the local network, guest
network, and other custom networks, including IP interface setting, DHCP server
settings, STP administrative status, and UPnP administrative status.

Figure 24: Network – LAN Settings

The following items are displayed on this page:

◆ Members — The interfaces attached to the local area network.

◆ IP Address — Specifies the IP address for the local network or guest network.
Valid IP addresses consist of four decimal numbers, 0 to 255, separated by
periods. (Default: 192.168.2.1)

◆ Subnet Mask — Indicates the local subnet mask. (Default: 255.255.255.0)

◆ MTU Size — Sets the size of the maximum transmission unit (MTU) for packets
sent on this network.

– 35 –
Chapter 3 | Network Settings
Hotspot Settings

◆ IP Aliases — Adds a static IPv4 address under which the access point can also
be reached.

◆ DHCP Server — Enables/disables DHCP on this network. (Default: Enabled)

■ DHCP Start — First address in the address pool. (Range: 1-256;

Default: x.x.x.100)

■ DHCP Limit — Maximum number of addresses in the address pool.

(Range: 1-254; Default: 150)

■ DHCP Lease Time — The duration that an IP address is assigned to a DHCP

client.

◆ STP — Enables or disables processing of Spanning Tree Protocol messages.

(Default: Disabled)

◆ UPnP — Enables or disables Universal Plug-and-Play broadcast messages.

(Default: Disabled)

◆ Smart Isolation — Enables network traffic to be restricted to the specified

network:

■ Disable (full access) — There is no traffic isolation. Clients can access the
Internet and other devices on the local LAN.

■ Internet access only — Traffic from this network can only be routed to and
from the Internet.

■ LAN access only — Traffic from this network is restriced to local LAN
devices only.

◆ Add Custom LAN — Click this button to create additional networks with their
own custom settings. You can create up to 10 custom LANs.

Hotspot Settings
The Hotspot Settings page can configure Internet access to the general public in
places such as coffee houses, libraries and hospitals. Specific access rights may also
be defined through a RADIUS server.

Network Settings
This section includes the option to enable or disable hotspot service, hotspot mode
options, and network settings.

– 36 –
 Chapter 3 | Network Settings
Hotspot Settings

Figure 25: Hotspot Settings (Network Settings)

The following items are displayed on this page:

◆ Enable Hotspot Service — Enables or disables hotspot service. A hotspot is a

physical location where people may obtain Internet access, typically using Wi-Fi
technology, via a wireless local area network using a router connected to an
internet service provider.

◆ Mode — Hotspot service types include the following options:

■ External Captive Portal Service — This option will show the hotspot
guest an externally hosted captive portal splash page and may prompt
them to login, depending on how you've configured your service settings.
Choose this option if you've signed up with a third-party captive portal
service provider such as Cloud4Wi or HotSpotSystem.

■ No Authentication — This option shows the hotspot guest your

customized, locally hosted captive portal splash page, and will not require
the guest to login before accessing the internet. If you fill out the (optional)
terms of service text, the guest will be required to accept these before they
can access the internet.

■ Simple Password-Only Splash Page — This option will show the hotspot
guest your customized, locally hosted captive portal splash page, and will
require them to enter a simple password to login and access the internet. If
you fill out the (optional) terms of service text, the guest will be required to
accept these before they can access the internet.

■ Local Spash Page with External RADIUS — This option shows the
hotspot guest your customized, locally hosted captive portal splash page,
and will require them to enter a valid RADIUS username and password to
login and access the internet. If you fill out the (optional) terms of service

– 37 –
Chapter 3 | Network Settings
Hotspot Settings

text, the guest will be required to accept these before they can access the
internet.

◆ Network IP — Specifies the IP address for the hotspot. Valid IP addresses

consist of four decimal numbers, 0 to 255, separated by periods. (Default:
192.168.182.1)

If your WAN subnet conflicts with any of the local networks (even the custom
ones you create), the AP will automatically change the subnet of the local
network.

◆ Network Mask — Network mask for the associated IP subnet. This mask
identifies the host address bits used for routing to specific subnets.

◆ DHCP Start — Starting number of (last numeric field) in address pool.

(Range: 1-254; Default: 10)

◆ DHCP End — Ending number of (last numeric field) in address pool.

(Range: 1-254; Default: 254)

◆ DHCP Lease Time — The duration that an IP address is assigned to a DHCP

client. (Range: 600-43200 seconds; Default: 600 seconds)

◆ DNS 1 — The IP address of the primary Domain Name Server on the network. A
DNS maps numerical IP addresses to domain names and can be used to identify
network hosts by familiar names instead of the IP addresses.

◆ DNS 2 — The secondary DNS server available to DHCP clients.

◆ DNS Domain Name — The domain name used to resolve incomplete host
names via the Domain Name System. (Range: 1-32 characters)

◆ DHCP Gateway — Configure the DHCP gate IP addres if you want to use an
external DHCP server instead of the internal one.

◆ DHCP Gateway Port — The listening port used by the DHCP gateway.

– 38 –
 Chapter 3 | Network Settings
Hotspot Settings

RADIUS Server

If you click set the mode to External Captive Portal Service or Local Splash page
with External RADIUS, the following section is displayed.

Figure 26: Hotspot Settings (RADIUS Settings)

The following items are displayed on this page:

◆ Enable RADIUS Auth — Enables or disables client authenticastion via a

RADIUS server.

◆ RADIUS Server 1 — IP address or host name of the primary RADIUS server.

◆ RADIUS Server 2 — IP address or host name of the secondary RADIUS server.

◆ RADIUS Shared Secret — A shared text string used to encrypt messages

between the access point and the RADIUS server. Be sure that the same text
string is specified on the RADIUS server. Do not use blank spaces in the string.
(Range: 1-255 characters).

◆ RADIUS Auth Port — RADIUS server UDP port used for authentication
messages. (Range: 1-65535, Default: 1812)

◆ RADIUS Acct Port — RADIUS server UDP port used for accounting messages.
(Range: 1-65535, Default: 1813)

◆ Enable RadSec — An authentication and authorization protocol for

transporting RADIUS datagrams over TCP and TLS. RadSec replaces UDP used

– 39 –
Chapter 3 | Network Settings
Hotspot Settings

in the initial RADIUS design, providing a reliable transport protocol and more
extensive security for the packet payload.

◆ RADIUS Auth Method — Selelcts the encryption method to use for messages
between the AP and the RADIUS server; CHAP, PAP, or MSCHAPv2. The
encryption method must match that used by the RADIUS server.

◆ Local ID — Local RADIUS server identifier.

◆ Local Name — Local RADIUS server name

◆ NAS ID — Local RADIUS server operation identifier.

Captive Portal Settings

The following section is displayed for all hotspot mode options.

Figure 27: Hotspot Settings (Captive Portal Settings)

– 40 –
 Chapter 3 | Network Settings
Hotspot Settings

The following items are displayed on this page:

◆ Captive Portal URL — Host name of Internet service portal for the hotspot.
The captive portal forces a hotspot client to access a welcome web page
(normally used for authentication) before gaining further access to the Internet.
The welcome page may require authentication and/or payment.

◆ Captive Portal Secret — The password used for logging into the hotspot.

◆ Customize Splash Page — This option is shown for all hotspot service options
other than External Captive Portal Service. If enabled, fill in information for the
title, background color, logo image file, and optional terms and conditions.

◆ Session Timeout — The maximum time a client can stay attached to the
hotspot. (Range: 0-86400 seconds)

◆ Idle Timeout — The maximum a connection can remain inactive before it is

closed. (Range: 0-86400 seconds)

◆ Landing URL — Indicates the URL to which the user is directed after logging in
to the captive portal.

◆ Swap Octets — Swap the values of the reported "input octets" and "output
octets". This option only appears under External Captive Portal Service.

◆ Walled Garden — A list of web sites to which unauthenticated users are

allowed to navigate.

◆ Auth White List — A list of MAC addresses that are allowed to bypass the
captive portal to access the internet.

– 41 –
Chapter 3 | Network Settings
Firewall Rules

Firewall Rules
Firewall filtering restricts connection parameters to limit the risk of intrusion. The
AP allows you ti define a sequential list of rules which filter traffic based on source
and destination IP addresses and ports. This AP tests ingress packets against the
filter rules one by one. A packet will be accepted as soon as it matches a permit rule,
or dropped as soon as it matches a deny rule. If no rules match, the packet is either
accepted or dropped depending on the default policy setting.

Figure 28: Firewall Rules

The following items are displayed on this page:

◆ Enabled — Enables or disables the

◆ Name — User defined name for filtering rule. (Range: 1-30 characters)

◆ Target — The action to take when a packet is matched. (Options: Accept,

Reject, Drop, Mark, Notrack; Default: Accept) A description of these options can
be found in https://wiki.openwrt.org/doc/uci/firewall.

◆ Family — The IP address family. (Options: Any, IPv4, IPv6; Default: Any)

◆ Source — The source interface. (Options: guest, LAN, WAN)

◆ Source IP — The source IP address. Valid IP addresses consist of four decimal

numbers, 0 to 255, separated by periods. IPv6 addresses must consist of 8
colon-separated 16-bit hexadecimal values. One double colon may be used in
the address to indicate the appropriate number of zeros required to fill the
undefined fields.

◆ Source port — The source protocol port. (Range: 1-65535)

◆ Protocol — The protocol type. (Options: Any, TCP+UDP, TCP, UDP, ICMP;
Default: TCP+UDP)

◆ Destination — The destination interface. (Options: guest, LAN, WAN)

◆ Destination IP — The destination IP address.

– 42 –
 Chapter 3 | Network Settings
Port Forwarding

◆ Destination port — The destination protocol port. (Range: 1-65535)

Port Forwarding
Port Forwarding can be used to map an inbound protocol type (TCP/UDP) and port
to an "internal" IP address and port. The internal (local) IP addresses are the IP
addresses assigned to local devices at the edge of a network, and the external IP
address is the IP address assigned to the AP interface. This allows remote users to
access different servers on your local network using your single public IP address.

Remote users accessing services such as web or FTP at your local site thorugh your
public IP address, are redirected (mapped) to other local server IP addresses and
TCP/UDP port numbers. For example, if you set Type/Public Port to TCP/80 (HTTP or
web) and the Private IP/Port to 192.168.3.9/80, then all HTTP requests from outside
users are forwarded to 192.168.3.9 on port 80. Therefore, by just using your external
IP address provided by your ISP, Internet users can access the services they need at
the local addresses to which you redirect them.

Figure 29: Port Forwarding

The following items are displayed on this page:

◆ Enabled — Enables port forwarding.

◆ Name — User defined name. (Range: 1-30 characters)

◆ Protocol — Set the protocol to which port forwarding is applied. (Options: TCP,
UDP, TCP+UDP)

◆ External Port — The TCP/UDP port number. (Range: 1-65535)

The more common TCP service port numbers include: HTTP: 80, FTP: 21,
Telnet: 23, and POP3: 110.

◆ Internal IP address — The internal destination IP address.

◆ Internal Port — The internal destination protocol port. (Range: 1-65535)

– 43 –
 4 Wireless Settings

This chapter describes the wireless settings on the access point. It includes the
following sections:

◆ “Radio Settings” on page 44

◆ “VLAN Settings” on page 58

Radio Settings
The IEEE 802.11 wireless interfaces include configuration options for radio signal
characteristics and wireless security features.

The access point can operate in several radio modes, 802.11a/a+n/ac+a+n (5 GHz)
or 802.11b+g/b+g+n (2.4 GHz). Supported modes depend on the access point
model. Note that the dual-band access points can operate at 2.4 GHz and 5 GHz at
the same time. The web interface identifies the radio configuration pages as:

◆ Radio 0 — the 5 GHz 802.11a/n/ac radio interface

◆ Radio 1 — the 2.4 GHz 802.11b/g/n radio interface

Each radio supports 8 virtual access point (VAP) interfaces based on the SSIDs,
referred to as SSID1 ~ SSID8. Each VAP functions as a separate access point, and can
be configured with its own Service Set Identification (SSID) and security settings.
However, most radio signal parameters apply to all VAP interfaces. Traffic to specific
VAPs can be segregated based on user groups or application traffic. The clients
associate with each VAP in the same way as they would with separate physical
access points. The AP supports up to a total of 128 wireless clients across all SSID
interfaces per radio.

– 44 –
 Chapter 4 | Wireless Settings
Radio Settings

Physical Radio Figure 30: Radio Settings (Physical Settings for Radio 0)
Settings

Figure 31: Radio Settings (Physical Settings for Radio 1)

The following items are displayed on this page:

◆ Status — Enables or disables the wireless service on this interface.

◆ Mode — Selects the mode in which the AP will function.

■ Access Point (Auto-WDS) — The AP operates as an access point in WDS

mode, which accepts connections from APs in Client WDS mode. (This is
the default setting.)
In this mode, the AP provides services to clients as a normal access point.
WDS is used to automatically search for and connect to other AP nodes
using the same SSID and security settings.

– 45 –
Chapter 4 | Wireless Settings
Radio Settings

■ Client — The AP can provide a wireless connection to another AP. In this

mode, it can pass information from or to locally wired hosts, but does not
provide services to any wireless clients.

■ Client WDS — The AP operates as a client station in WDS mode, which can
connect to other access points in Auto-WDS mode. Connection to another
AP can be made automatically by other access points operating in Auto-
WDS mode.

■ Point-to-Point Master — (Outdoor APs only) Sets the AP radio as the

Master in a point-to-point wireless link between two IgniteNet units. A
point-to-point wireless link requires one unit set as Master and the other
set to Slave. Links to any non-IgniteNet units will not work.

■ Point-to-Point Slave — (Outdoor APs only) Sets the AP radio as the Slave
in a point-to-point wireless link between two IgniteNet units.

◆ 802.11 Mode — Defines the radio operation mode.

■ Radio 0 (5 GHz Radio) — Default: 11a+n; Options: 11a, 11a+n, 11ac+a+n

■ Radio 1 (2.4 GHz Radio) — Default: 11b+g+n; Options: 11b+g+n

◆ Channel Bandwidth — The AP options for channel bandwidth include 20, 40

and 80 MHz. Using 20 MHz gives an 802.11g connection a speed of 54 Mbps
and an 802.11n connection a speed of up to 108 Mbps, and ensures backward
compliance for slower 802.11b devices. Setting the channel bandwidth to
40 MHz provides a connection speed for 802.11n of up to 300 Mbps. Using a
channel bandwidth of 80MHz provides a connection speed up to 866.7 Mbps.
(Default: 20 MHz; Range: 20 MHz, 40 MHz, 80MHz)

◆ Channel — The radio channel that the access point uses to communicate with
wireless clients. When multiple access points are deployed in the same area, set
the channel on neighboring access points at least five channels apart to avoid
interference with each other. For example, for 11g/n 20 MHz mode you can
deploy up to three access points in the same area using channels 1, 6, 11. Note
that wireless clients automatically set the channel to the same as that used by
the access point to which it is linked. (The available channels are dependent on
the 802.11 Mode, Channel Bandwidth, and Country Code settings.)

– 46 –
 Chapter 4 | Wireless Settings
Radio Settings

Selecting Auto enables the access point to automatically select an unoccupied

radio channel. (Default: Auto)

Table 2: Radio Channels

Radio 0 (5 GHz) Radio 1 (2.4 GHz)

Radio Channels* Frequency (GHz) Radio Channels Frequency (GHz)

Auto Auto scan Auto Auto scan

36 5.180 1 2.412

40 5.200 2 2.417

44 5.220 3 2.422

48 5.240 4 2.427

149 5.745 5 2.432

153 5.765 6 2.437

157 5.785 7 2.422

161 5.805 8 2.447

165 5.825 9 2.452

10 2.457

11 2.462

* Supported channels depend on the 802.11 mode and channel bandwidth.

◆ Beacon Interval — The rate at which beacon signals are transmitted from the
access point. The beacon signals allow wireless clients to maintain contact with
the access point. They also carry power-management and other information.
(Range: 100-1024 TUs; Default: 100 TUs)

◆ Bandsteering — When enabled, clients that support 2.4 GHz and 5 GHz are
first connected to the 5 GHz radio. This feature helps balance the client load
over the two radio bands. Note that both radios must have configured SSIDs
that match for this feature to fully operate.

◆ Max Clients — The maximum number of clients which can attach to this radio.
For example, if your AP has a lot of clients that support both 5 Ghz and 2.4 Ghz,
and you enable bandsteering, all of the clients will attempt to connect to the 5
Ghz radio only. In order to balance the clients out among the two radios, you
can specify the maximum number of clients that are allowed to connect on the
5 Ghz radio. This will effectively push some of the clients back to the 2.4 Ghz
radio.

◆ 20/40MHz Coexist — For Radio#1 (2.4 GHz), allows 802.11n 20 MHz and
40 MHz channel bandwidths to operate together in the same network.
(Default: Enabled)

– 47 –
Chapter 4 | Wireless Settings
Radio Settings

Wireless Networks — Figure 32: Radio Settings (General Settings)

General Settings

The following items are displayed in this section of the Wireless Settings page:

◆ Status — Enables or disables the wireless service on this VAP.

◆ SSID — The name of the basic service set provided by a Virtual Access Point
(VAP) interface. Clients that want to connect to the network through the access
point must set their SSID to the same as that of the access point’s VAP interface.
(Default: IgniteNet0-# (where # is 1-8) for 5 GHz, IgniteNet1-# (where # is 1-8) for
2.4 GHz; Range: 1-32 characters)

◆ Site Survey — Scans for all wireless networks that are broadcasting their SSID.

◆ Broadcast — The SSID can be broadcast at regular intervals so that wireless

stations searching for a network connection can discover it. This allows wireless
clients to dynamically discover and roam between WLANs. This feature also
makes it easier for hackers to break into your home network. Because SSIDs are
not encrypted, it is easy to grab one by snooping the WLAN looking for SSID
broadcast messages coming from the AP. (Default: Enabled)

◆ Client Isolation — When enabled, wireless clients can talk to the LAN, and
reach the Internet if such connection is available, but they cannot
communicate with one another. (Default Disabled)

◆ WMM — Sets the WMM operational mode on the access point. When enabled,
the parameters for each Access Category (AC) queue will be employed on the
access point and QoS capabilities advertised to WMM-enabled clients.
(Default: Enabled)

Wireless networks offer an equal opportunity for all devices to transmit data
from any type of application. Although this is acceptable for most applications,
multimedia applications (with audio and video data) are particularly sensitive
to the delay and throughput variations that result from this “equal opportunity”
wireless access method. For multimedia applications to run well over a wireless
network, a Quality of Service (QoS) mechanism is required to prioritize traffic
types and provide an “enhanced opportunity” wireless access method.

– 48 –
 Chapter 4 | Wireless Settings
Radio Settings

The access point implements QoS using the Wi-Fi Multimedia (WMM) standard.
Using WMM, the access point is able to prioritize traffic and optimize
performance when multiple applications compete for wireless network
bandwidth at the same time. WMM employs techniques that are a subset of the
IEEE 802.11e QoS standard and it enables the access point to inter-operate with
both WMM-enabled clients and other devices that may lack any WMM
functionality.

Access Categories — WMM defines four access categories (ACs): voice, video,
best effort, and background. These categories correspond to traffic priority
levels and are mapped to IEEE 802.1D priority tags (see Figure 3, “WMM Access
Categories", on page 49). The direct mapping of the four ACs to 802.1D
priorities is specifically intended to facilitate inter operability with other wired
network QoS policies. While the four ACs are specified for specific types of
traffic, WMM allows the priority levels to be configured to match any network-
wide QoS policy. WMM also specifies a protocol that access points can use to
communicate the configured traffic priority levels to QoS-enabled wireless
clients.

Table 3: WMM Access Categories

Access WMM Description 802.1D
Category Designation Tags

AC_VO (AC3) Voice Highest priority, minimum delay. Time-sensitive 7, 6

data such as VoIP (Voice over IP) calls.

AC_VI (AC2) Video High priority, minimum delay. Time-sensitive data 5, 4

such as streaming video.

AC_BE (AC0) Best Effort Normal priority, medium delay and throughput. 0, 3
Data only affected by long delays. Data from
applications or devices that lack QoS capabilities.

AC_BK (AC1) Background Lowest priority. Data with no delay or throughput 2, 1

requirements, such as bulk data transfers.

WMM Operation — WMM uses traffic priority based on the four ACs; Voice,
Video, Best Effort, and Background. The higher the AC priority, the higher the
probability that data is transmitted.

When the access point forwards traffic, WMM adds data packets to four
independent transmit queues, one for each AC, depending on the 802.1D
priority tag of the packet. Data packets without a priority tag are always added
to the Best Effort AC queue. From the four queues, an internal “virtual” collision
resolution mechanism first selects data with the highest priority to be granted a
transmit opportunity. Then the same collision resolution mechanism is used
externally to determine which device has access to the wireless medium.

– 49 –
Chapter 4 | Wireless Settings
Radio Settings

For each AC queue, the collision resolution mechanism is dependent on two

timing parameters:

■ AIFSN (Arbitration Inter-Frame Space Number), a number used to calculate

the minimum time between data frames

■ CW (Contention Window), a number used to calculate a random backoff

time

After a collision detection, a backoff wait time is calculated. The total wait time
is the sum of a minimum wait time (Arbitration Inter-Frame Space, or AIFS)
determined from the AIFSN, and a random backoff time calculated from a value
selected from zero to the CW. The CW value varies within a configurable range.
It starts at CWMin and doubles after every collision up to a maximum value,
CWMax. After a successful transmission, the CW value is reset to its CWMin
value.

Figure 33: WMM Backoff Wait Times

Time

CWMin CWMax

High Priority AIFS Random Backoff

Minimum Wait Time Random Wait Time

CWMin CWMax

Low Priority AIFS Random Backoff

Minimum Wait Time Random Wait Time

For high-priority traffic, the AIFSN and CW values are smaller. The smaller values
equate to less backoff and wait time, and therefore more transmit
opportunities.

◆ Minimum signal allowed — Only allows clients to associate to this SSID if their
signal strength (SNR) is equal or greater than the specified value. Setting the
value to zero disables this feature. (Default: 0, disabled)

Wireless Networks — Figure 34: Wireless Security Settings

Security Settings

– 50 –
 Chapter 4 | Wireless Settings
Radio Settings

The following items are displayed in this section of the Wireless Settings page:

◆ Method — Sets the wireless security method for each VAP, including
association mode, encryption, and authentication. (Default: No Security)

■ No Security — The VAP broadcasts a beacon signal including the

configured SSID. Wireless clients with an SSID setting of “any” can read the
SSID from the beacon and automatically set their SSID to allow immediate
connection.

■ WPA-PSK — For enterprise deployment, WPA requires a RADIUS

authentication server to be configured on the wired network. However, for
small office networks that may not have the resources to configure and
maintain a RADIUS server, WPA provides a simple operating mode that uses
just a pre-shared password for network access. The Pre-Shared Key mode
uses a common password for user authentication that is manually entered
on the access point and all wireless clients. The PSK mode uses the same
TKIP packet encryption and key management as WPA in the enterprise,
providing a robust and manageable alternative for small networks.

■ Encryption — Data encryption uses one of the following methods:

■ CCMP (AES) — AES-CCMP is used as the multicast encryption

cipher. AES-CCMP is the standard encryption cipher required for
WPA2. (This is the default setting.)

■ Auto: TKIP + CCMP (AES) — The encryption method used by the

client is discovered by the access point.

■ Key — WPA is used to encrypt data transmitted between wireless

clients and the VAP. WPA uses static shared keys (fixed-length
hexadecimal or alphanumeric strings) that are manually distributed to
all clients that want to use the network.
String length must be 8 to 63 ASCII characters (letters and numbers).
No special characters are allowed.

■ WPA2-PSK: Clients using WPA2 with a Pre-shared Key are accepted for
authentication.
WPA was introduced as an interim solution for the vulnerability of WEP
pending the ratification of the IEEE 802.11i wireless security standard. In
effect, the WPA security features are a subset of the 802.11i standard. WPA2
includes the now ratified 802.11i standard, but also offers backward
compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK
modes of operation and support for TKIP encryption.
Refer to WPA-PSK for a description of encryption methods and the key.

■ WPA-EAP — WPA employs a combination of several technologies to

provide an enhanced security solution for 802.11 wireless networks. A

– 51 –
Chapter 4 | Wireless Settings
Radio Settings

RADIUS server is used for authentication, and can also be used for
accounting.
Refer to WPA-PSK for a description of encryption methods.

RADIUS Settings

A RADIUS server must be specified for the access point to implement IEEE
802.1X network access control and Wi-Fi Protected Access (WPA) wireless
security.
In addition, you can configure a RADIUS Accounting server to receive user-
session accounting information from the access point. RADIUS Accounting
can be used to provide valuable information on user activity in the
network.

Note: This guide assumes that you have already configured RADIUS server(s) to
support the access point. Configuration of RADIUS server software is beyond the
scope of this guide, refer to the documentation provided with the RADIUS server
software.

■ Radius Auth Server — Specifies the IP address or host name of the

RADIUS authentication server.

■ Radius Auth Port — The UDP port number used by the RADIUS server
for authentication messages. (Range: 1024-65535; Default: 1812)

■ Radius Auth Secret — A shared text string used to encrypt messages

between the access point and the RADIUS server. Be sure that the same
text string is specified on the RADIUS authentication server. Do not use
blank spaces in the string. (Maximum length: 255 characters)

■ Backup Radius Auth — Specifies the IP address or host name of the

backup RADIUS authentication server.

■ Radius Auth Port — The UDP port number used by the backup
RADIUS server for authentication messages. (Range: 1024-65535;
Default: 1812)

■ Radius Auth Secret — A shared text string used to encrypt

messages between the access point and the RADIUS server. Be sure
that the same text string is specified on the backup RADIUS
authentication server. Do not use blank spaces in the string.
(Maximum length: 255 characters)

■ Radius Acct Server — Specifies the IP address or host name of the

RADIUS accounting server.

■ Radius Acct Port — The UDP port number used by the RADIUS server
for accounting messages. (Range: 1024-65535; Default: 1813)

– 52 –
 Chapter 4 | Wireless Settings
Radio Settings

■ Radius Acct Secret — A shared text string used to encrypt messages

between the access point and the RADIUS server. Be sure that the same
text string is specified on the RADIUS accounting server. Do not use
blank spaces in the string. (Maximum length: 255 characters)

■ WPA2-EAP — WPA was introduced as an interim solution for the

vulnerability of WEP pending the ratification of the IEEE 802.11i wireless
security standard. In effect, the WPA security features are a subset of the
802.11i standard. WPA2 includes the now ratified 802.11i standard, but also
offers backward compatibility with WPA. Therefore, WPA2 includes the
same 802.1X and PSK modes of operation and support for TKIP encryption.
A RADIUS server is used for authentication, and can also be used to
accounting.
Refer to WPA-PSK for a description of encryption methods.
Refer to WPA-EAP for a information on configuring the RADIUS server.

◆ Radius MAC Auth — The MAC address of the associating station is sent to a
configured RADIUS server for authentication. (Default: Disabled)

◆ Access Control List — Wireless clients can be authenticated for network access
by checking their MAC address against the local database configured on the
access point. (Default: OFF)

■ Policy — The MAC list can be configured to either allow or deny network
access to specified clients. (Default: Allow all MACs on list)

■ Filtered MACs — List of client MAC addresses.

Wireless Networks — Figure 35: Wireless Network Settings

Network Settings

The following items are displayed in this section of the Wireless Settings page:

◆ Network Behavior — One of the following connection methods must be

specified. (Default: Route to Internet)

■ Bridge to Internet — Configures an interface as attached to the WAN.

Traffic from this interface is directly bridged into the Internet. (See
Figure 22, “Bridge to Internet", on page 33.)

– 53 –
Chapter 4 | Wireless Settings
Radio Settings

■ Route to Internet — Configures an interface as a member of the LAN.

Traffic from this interface is routed across the access point and out through
an interface which is bridged to the Internet. (See Figure 23, “Route to
Internet", on page 34.)

■ Network Name — The network to be routed. The default is “Default

local network” as displayed under LAN Settings – Local Network.

■ Add to Guest Network — This interface can only support the guest
network.

■ Hotspot Controlled — This interface can only support hotspot services.

■ Configure Hotspot — Opens Hotspot Settings page.

■ VLAN Tag Traffic — Tags any packets passing from this VAP (virtual access
point) to the associated Ethernet port as configured under “VLAN Settings”
on page 58. (Range: 4-4094)

◆ Limit Upload — Enables rate limiting of traffic from the VAP interface as it is
passed to the wired network. You can set a maximum rate in Kbytes per second.
(Range: 256-10048576 Kbytes per second; Default: OFF)

◆ Limit Download — Enables rate limiting of traffic from the wired network as it
is passed to the VAP interface. You can set a maximum rate in kbytes per
second. (Range: 256-10048576 Kbytes per second; Default: OFF)

Wireless Networks — Figure 36: Advanced Radio Settings

Advanced Radio
Settings

– 54 –
 Chapter 4 | Wireless Settings
Radio Settings

The following items are displayed in this section of the Wireless Settings page:

◆ 802.11 Rates — The minimum data rate at which the AP transmits packets on
the wireless interface.

Table 4: 802.11 Data Rates

Option Rate (Max) Coding Method Radio 0 (5 GHz) Radio 1 (2.4 GHz)

Auto Auto Based on signal strength √ √

1M 1 Mbps CKK √

2M 2 Mbps CKK √

5.5M 5.5 Mbps CKK √

11M 11 Mbps CKK √

6M 6 Mbps OFDM √ √

9M 9 Mbps OFDM √ √

12M 12 Mbps OFDM √ √

18M 18 Mbps OFDM √ √

24M 24 Mbps OFDM √ √

36M 36 Mbps OFDM √ √

48M 48 Mbps OFDM √ √

54M 54 Mbps OFDM √ √

MCS0 15 Mbps BPSK, single stream √ √

MCS1 30 Mbps QPSK, single stream √ √

MCS2 45 Mbps QPSK, single stream √ √

MCS3 60 Mbps 16-QAM, single stream √ √

MCS4 90 Mbps 16-QAM, single stream √ √

MCS5 120 Mbps 64-QAM, single stream √ √

MCS6 135 Mbps 64-QAM, single stream √ √

MCS7 150 Mbps 64-QAM, single stream √ √

MCS8 30 Mbps BPSK, double stream √ √

MCS9 60 Mbps QPSK, double stream √ √

MCS10 90 Mbps QPSK, double stream √ √

MCS11 120 Mbps 16-QAM, double stream √ √

MCS12 180 Mbps 16-QAM, double stream √ √

MCS13 240 Mbps 64-QAM, double stream √ √

MCS14 270 Mbps 64-QAM, double stream √ √

MCS15 300 Mbps 64-QAM, double stream √ √

NSS1-MCS0 32.5 Mbps BPSK, single stream √

– 55 –
Chapter 4 | Wireless Settings
Radio Settings

Table 4: 802.11 Data Rates (Continued)

Option Rate (Max) Coding Method Radio 0 (5 GHz) Radio 1 (2.4 GHz)

NSS1-MCS1 65 Mbps QPSK, single stream √

NSS1-MCS2 97.5 Mbps QPSK, single stream √

NSS1-MCS3 130 Mbps 16-QAM, single stream √

NSS1-MCS4 195 Mbps 16-QAM, single stream √

NSS1-MCS5 260 Mbps 64-QAM, single stream √

NSS1-MCS6 292.5 Mbps 64-QAM, single stream √

NSS1-MCS7 325 Mbps 64-QAM, single stream √

NSS1-MCS8 390 Mbps 256-QAM, single stream √

NSS1-MCS9 433.3 Mbps 256-QAM, single stream √

NSS2-MCS0 65 Mbps BPSK, double stream √

NSS2-MCS1 130 Mbps QPSK, double stream √

NSS2-MCS2 195 Mbps QPSK, double stream √

NSS2-MCS3 260 Mbps 16-QAM, double stream √

NSS2-MCS4 390 Mbps 16-QAM, double stream √

NSS2-MCS5 520 Mbps 64-QAM, double stream √

NSS2-MCS6 585 Mbps 64-QAM, double stream √

NSS2-MCS7 650 Mbps 64-QAM, double stream √

NSS2-MCS8 780 Mbps 256-QAM, double stream √

NSS2-MCS9 866.7 Mbps 256-QAM, double stream √

◆ Tx Power — Adjusts the power of the radio signals transmitted from the access
point. The higher the transmission power, the farther the transmission range.
Power selection is not just a trade off between coverage area and maximum
supported clients. You also have to ensure that high-power signals do not
interfere with the operation of other radio devices in the service area. (The
range of power settings and defaults are dependent on the AP model and the
Country setting.)

◆ ACK Timeout — Sets the acknowledgement timeout, which is used primarily

for long-distance connections. This timeout is used to make an adjustment for
link distance. It is based on the amount of time, in microseconds, that it should
take to transmit a frame to the other end of the link, be processed by the
receiving device, and have the ACK frame created and returned to the sending
device. (Range: 0-255 microseconds; Default: 0 microseconds)

◆ Fragmentation Thresh. — Sets the maximum frame size above which packets
are fragmented. This reduces the time required to transmit the frame, and
therefore reduces the probability that it will be corrupted (at the cost of more
data overhead). (Range: 256-2346 bytes; Default: 2346 bytes)

– 56 –
 Chapter 4 | Wireless Settings
Radio Settings

◆ RTS Thresh. — Sets the packet size threshold at which a Request to Send (RTS)
frame must be sent to a receiving station prior to the sending station starting
communications. The access point sends CTS frames to a receiving station to
negotiate the sending of a data frame. After receiving an RTS frame, the access
point sends a CTS (clear to send) frame to notify the sending station that it can
start sending data.
If the RTS threshold is set to 1, the access point always sends RTS signals. If set
to 2347, the access point never sends RTS signals. If set to any other value, and
the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to
Send / Clear to Send) mechanism will be enabled.
The access points contending for the medium may not be aware of each other.
The RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 1-2347
bytes: Default: 2347 bytes)

◆ SGI — The 802.11n draft specifies two guard intervals: 400ns (short) and 800ns
(long). Support of the 400ns Short Guard Interval is optional for transmit and
receive. The purpose of a guard interval is to introduce immunity to
propagation delays, echoes, and reflections to which digital data is normally
very sensitive. Enabling the SGI sets it to 400ns. (Default: Enabled)

◆ STBC — Space-time Block Coding sends multiple copies of the same data over
a number of antennas, using the various received versions to improve the
reliability of data transfer. The transmitted signal may traverse a difficult
environment with scattering, reflection, and refraction which may then be
further corrupted by thermal noise in the receiver, so some of the received
copies will be better than others. This redundancy results in a higher chance of
being able to use one or more of the received copies to correctly decode the
received signal. (Default: Disabled)

◆ AMPDU — Enables or disables the use of Aggregated MAC Protocol Data Units.
Physical layer (PHY) data rate improvements do not increase real throughput
beyond a point because of 802.11 protocol overheads. The main media access
control feature that provides a performance improvement is aggregation.
Aggregation of MAC protocol data units (MPDUs) is referred to as MPDU
aggregation or (A-MPDU). (Default: Enabled)

◆ Block Multicast Forwarding — Use this feature to guarantee that no multicast

traffic is flooded to clients attached to this radio. If unknown multicast traffic is
flooded, there might be security issues.

– 57 –
Chapter 4 | Wireless Settings
VLAN Settings

VLAN Settings
VLANs (virtual local area networks) are turned off by default. If turned on they will
automatically tag any packets passed to the LAN port from the relevant VAP (virtual
access point).

The access point can employ VLAN tagging to control access to network resources
and increase security. VLANs separate traffic passing between the access point,
associated clients, and the wired network. You can create up to 12 VLAN tagged
networks.

Note the following points about the access point’s VLAN support:

◆ If an Ethernet LAN port on the access point is assigned a VLAN ID, any traffic
entering that port must be also tagged with the same VLAN ID.

◆ Wireless clients associated to the access point can be assigned to a VLAN.

Wireless clients are assigned to the VLAN for the VAP interface with which they
are associated. The access point only allows traffic tagged with correct VLAN
IDs to be forwarded to associated clients on each VAP interface.

◆ When VLAN support is enabled on the access point, traffic passed to the wired
network is tagged with the appropriate VLAN ID. When an Ethernet port on the
access point is configured as a VLAN member, traffic received from the wired
network must also be tagged with the same VLAN ID. Received traffic that has
an unknown VLAN ID or no VLAN tag is dropped.

◆ When VLAN support is disabled, the access point does not tag traffic passed to
the wired network and ignores the VLAN tags on any received frames.

◆ Network IP range conflict detection and resolution — The AP has two built-in
local networks - one “main” network, and the more secure “guest” network. By
default, the subnet ranges of these networks is set to 192.168.2.1 and
192.168.3.1, respectively.

If your network is already configured to use one of these subnets, when you
plug in your network cable to the WAN port of your AP, there would normally
be an IP conflict in the local AP's network and your upstream network.

Howver, if your WAN subnet conflicts with any of the local networks (even the
custom ones you create), the AP will automatically change the subnet of the
local network.

Note: Before enabling VLAN tagging on the access point, be sure to configure the
attached network switch port to support tagged VLAN frames for the VLAN IDs
configured on the access point. Otherwise, connectivity to the access point will be
lost when you enable the VLAN feature.

– 58 –
 Chapter 4 | Wireless Settings
VLAN Settings

Figure 37: Configuring VLANs

The following items are displayed on this page:

◆ VLAN ID — A VLAN identifier to be assigned. (Range: 4-4094)

(VLANs 1-3 are reserved for internal use.)

◆ Ports — The Ethernet ports assigned to the specified VLAN.

◆ SSIDs — The SSID of a VAP configured to be a member of the specified VLAN.

This option is configured under Radio Settings (Network Settings – Network
Behavior).

– 59 –
5 System Settings

This chapter describes maintenance settings on the access point. It includes the
following sections:

◆ “System Settings” on page 61

◆ “Maintenance” on page 63

◆ “User Accounts” on page 66

◆ “Services” on page 67

◆ “Diagnostics” on page 72

– 60 –
 Chapter 5 | System Settings
System Settings

System Settings
The System Settings page can be used to enable the AP to be managed from the
IgniteNet Cloud controller and configure general descriptive information about the
AP, such as the system identification name and local time.

Figure 38: System Settings

The following items are displayed on this page:

◆ Controller URL — Links to the IgniteNet Cloud Controller management site.

◆ Enable agent — Set to “On” to manage this AP from the IgniteNet Cloud
controller. Click on the link to cloud.ignitenet.com where you can create an
account and register your AP.

◆ Host Name — An alias for the AP, enabling the device to be uniquely identified
on the network. (Default: IgniteNet; Range: 0-50 characters)

◆ Enable reset button — Enables or disables the hardware reset button.

– 61 –
Chapter 5 | System Settings
System Settings

◆ Enable cloud status LED — Supported on Sunspot and Spark. This LED will be
red when the AP is managed in standalone mode, and cyan when mananged
using the IgniteNet cloud controller.

Figure 39: Device Status LEDs

When your device is running in stand-alone mode, the LEDs indicate the
following conditions:
Table 5: Device Status LEDs (Stand-alone Mode)
State Definition

Red The AP has not been configured for the first time, or cannot connect to
the Internet.

Cyan The AP is operating normally.

When your device is in cloud-managed mode, the LEDs indicate the following
conditions:
Table 6: Device Status LEDs (Cloud-managed Mode)
State Definition

Solid Green The AP is successfully connected to the cloud controller and is operating
normally.

Blinking Green Configuration settings are in the process of being pushed to the device from
the cloud

Red The AP cannot contact the controller or is not registered to the cloud yet

Solid Cyan The AP is booting up

Blinking Cyan The AP is running a remote packet capture

Solid Blue The AP is upgrading its firmware

Blinking Blue The AP is downloading new firmware

◆ Local Time — The local time, given as day of week, month, time, year.

◆ Number of boot retries — The maximum number of bootup retries before

switching to the next boot bank. (Range: 1-254; Default: 3)

– 62 –
 Chapter 5 | System Settings
Maintenance

Maintenance
The Maintenance page supports general maintenance tasks including displaying
the system log or troubleshooting log, rebooting the device, restoring factory
defaults, backing up or restoring configuration settings, and upgrading firmware.

Figure 40: Maintenance

– 63 –
Chapter 5 | System Settings
Maintenance

Displaying The access point saves event and error messages to a local system log database.
System Logs The log messages include the date and time, device name, message type, and
message details.

Figure 41: System Log

Downloading the Click “Troubleshooting Log” to download the log file to the management
Troubleshooting Log workstation. In Windows, a GNU Zip (*.tar.gz) file is stored in the Downloads folder.
The troubleshooting log file contains information that can help IgniteNet resolve
technical issues with the AP.

Rebooting the The Reboot page allows you to reboot the access point.
Access Point
Figure 42: Rebooting the Access Point

– 64 –
 Chapter 5 | System Settings
Maintenance

Resetting the The Reset page allows you to reset the access point to the factory defaults. Note
Access Point that all user configured information will be lost. You will have to re-enter the
default user name and password to re-gain management access to this device.

Figure 43: Resetting to Defaults

Note: It is also possible to reboot or reset the access point by inserting a pin in the
pin hole labeled “Reset” on the connector panel of the access point and:
◆ press 2 seconds to reboot the access point;
◆ press 5 seconds to reset the access point to the factory defaults.

Backing Up The Backup function allows you to back up the access point’s configuration to a
Configuration management workstation. In Windows, a GNU Zip (*.tar.gz) file will be stored in the
Settings Downloads folder. This is a sample file name: backup-IgniteNet-2017-05-
03.tar.gz.cpt

Restoring The Restore page allows you to upload configuration settings from a management
Configuration workstation. The specified file must be one that was previously backed up from the
Settings access point.
Figure 44: Restoring Configuration Settings

– 65 –
Chapter 5 | System Settings
User Accounts

Upgrading Firmware You can upgrade new access point software from a local file on the management
workstation. New software may be provided periodically from IgniteNet.
After upgrading new software, you must reboot the access point to implement the
new code. Until a reboot occurs, the access point will continue to run the software
it was using before the upgrade started. The access point supports dual software
images, so if newly loaded software is corrupted, the alternate image will be used
on the next reboot. Configuration settings are stored separately from the software,
so the current settings will always be used for any new software. However, note
that if the current configurtion settings are corrupted, the system defaults will be
used.

Figure 45: Upgrading Firmware

User Accounts
The User Accounts page allows you to control management access to the AP based
on manually configured user names and passwords.

Figure 46: User Accounts

The following items are displayed on this page:

◆ Enabled — Click to enable or disable the user account.

– 66 –
 Chapter 5 | System Settings
Services

◆ Username — The name of the user. (Range: 3-15 ASCII characters, no special
characters)

◆ Password — The user password. (Range: 3-15 ASCII characters, case sensitive,
no special characters)

Services
The Services page allows you to control remote management access to the AP and
configure NTP time servers.

The Telnet, Web, and SNMP management interfaces are enabled and open to
access from the Internet. To provide more security, specific services can be disabled
and management access prevented from the Internet.

SSH The Secure Shell (SSH) can act as a secure replacement for Telnet. The SSH protocol
uses generated public keys to encrypt all data transfers passing between the access
point and SSH-enabled management station clients and ensures that data traveling
over the network arrives unaltered. Clients can then securely use the local user
name and password for access authentication.
Note that SSH client software needs to be installed on the management station to
access the access point for management via the SSH protocol.

Figure 47: SSH Server Settings

The following items are displayed on this page:

◆ SSH Server — Enables or disables SSH access to the access point.

(Default: Enabled)

◆ Port — Sets the TCP port number for the SSH server on the access point.
(Range: 1-65535; Default: 22)

◆ Allow SSH from WAN — Allows SSH management access from the WAN.

– 67 –
Chapter 5 | System Settings
Services

IgniteNet Discovery The IgniteNet Discovery agent allows the AP to be discovered by other devices on
Tool the local network or over the Internet.

Figure 48: IgniteNet Discovery Tool Settings

The following items are displayed on this page:

◆ Discovery Agent — Enables or disables IgniteNet Discovery. (Default: Enabled)

◆ Allow over WAN — Allows discovery tool access from the WAN.

Telnet Telnet is a remote management tool that can be used to configure the access point
from anywhere in the network. However, note that Telnet is not secure from hostile
attacks.

Figure 49: Telnet Server Settings

The following items are displayed on this page:

◆ Telnet Server — Enables or disables Telnet access to the access point.

(Default: Enabled)

◆ Port — Sets the TCP port number for the Telnet server on the access point.
(Range: 1-65535; Default: 23)

◆ Allow Telnet from WAN — Allows Telnet management access from the WAN.

Web Server A Web browser provides the primary method of managing the access point. Both
HTTP and HTTPS service can be accessed independently. If you enable HTTPS, you
must indicate this in the URL: https://device:port_number]

When you start HTTPS, the connection is established in this way:

◆ The client authenticates the server using the server’s digital certificate.

– 68 –
 Chapter 5 | System Settings
Services

◆ The client and server negotiate a set of security protocols to use for the
connection.
◆ The client and server generate session keys for encrypting and decrypting data.
◆ The client and server establish a secure encrypted connection.
◆ A padlock icon should appear in the status bar for most browsers.

Figure 50: Web Server Settings

The following items are displayed on this page:

◆ HTTP Port — The TCP port to be used by the HTTP Web browser interface.
(Range: 1-65535; Default: 80)

◆ Allow HTTP from WAN — Allows HTTP management access from the WAN.

◆ HTTPS Port — The TCP port to be used by the HTTPS Web browser interface.
(Range: 1-65535; Default: 443)

◆ Allow HTTPS from WAN — Allows HTTPS management access from the WAN.

Network Time Network Time Protocol (NTP) allows the access point to set its internal clock based
on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time
on the access point enables the system log to record meaningful dates and times
for event entries. If the clock is not set, the access point will only record the time
from the factory default set at the last bootup.
The access point acts as an NTP client, periodically sending time synchronization
requests to specified time servers. The access point will attempt to poll each server
in the configured sequence to receive a time update.

– 69 –
Chapter 5 | System Settings
Services

Figure 51: NTP Settings

The following items are displayed on this page:

◆ Local Time — Displays the local time as day of week, month,

hour:minute:second, year, based on Universal Time Coordinates.

◆ NTP Service — Enables or disables sending of requests for time updates.

(Default: Enabled)

◆ NTP Servers — Sets the host names for time servers. The switch attempts to
update the time from the first server, if this fails it attempts an update from the
next server in the sequence. To configure additional servers, click the “+”
button to open a new edit field.

◆ Timezone — To display a time corresponding to your local time, choose one of

the predefined time zones from the scroll-down list.

SNMP Simple Network Management Protocol (SNMP) is a communication protocol

designed specifically for managing devices on a network. It is typically used to
configure these devices for proper operation in a network environment, as well as
to monitor them to evaluate performance or detect potential problems.

Figure 52: SNMP Settings

– 70 –
 Chapter 5 | System Settings
Services

The following items are displayed on this page:

◆ SNMP Server — Enables or disables SNMP on the access point.

(Default: Enabled)

◆ Contact — Administrator responsible for the access point.

◆ Community String — A community string that acts like a password and

permits access to the SNMP protocol. (Range: 1-32 characters, case sensitive;
Default: public)
The default string “public” provides read-only access to the access point’s
Management Information (MIB) database.

◆ Allow SNMP from WAN — Allows SNMP management access from the WAN.

Remote System Log Use this feature to send log messages to syslog servers or other management
Setup stations.

Figure 53: Remote Log Settings

The following items are displayed on this page:

◆ Remote Syslog — Enables/disables the logging of debug or error messages to

the remote logging process. (Default: Disabled)

◆ Server IP — Specifies the IP address of a remote server which will be sent

syslog messages.

◆ Server Port — Specifies the UDP port number used by the remote server.
(Range: 1-65535)

◆ Log Prefix — Sets the prefix for the log file sent to the specified server. The file
suffix “log” is used.

– 71 –
Chapter 5 | System Settings
Diagnostics

Diagnostics
The Diagnostics page provides Ping, Traceroute, and Nslookup tools for
troubleshooting connectivity problems.

Enter a hostname or IP address and click to run the tool.

Figure 54: Diagnostics

– 72 –
Section III
Appendices

This section provides additional information and includes these items:

◆ “Troubleshooting” on page 74

– 73 –
 A Troubleshooting

Problems Accessing the Management Interface

Table 7: Troubleshooting Chart
Symptom Action

Cannot connect using ◆ Be sure the AP is powered up.

Telnet, web browser, or
SNMP software
◆ Check network cabling between the management station and the
AP.
◆ Check that you have a valid network connection to the AP and
that intermediate switch ports have not been disabled.
◆ Be sure you have configured the AP with a valid IP address, subnet
mask and default gateway.
◆ Be sure the management station has an IP address in the same
subnet as the AP’s IP.
◆ If you are trying to connect to the AP using a tagged VLAN group,
your management station, and the ports connecting intermediate
switches in the network, must be configured with the appropriate
tag.
◆ If you cannot connect using Telnet, you may have exceeded the
maximum number of concurrent Telnet/SSH sessions permitted.
Try connecting again at a later time.

Forgot or lost the password ◆ Reset the AP to factory defaults using its Reset button.

Using System Logs

If a fault does occur, refer to the Quick Start Guide to ensure that the problem you
encountered is actually caused by the AP. If the problem appears to be caused by
the AP, follow these steps:

1. Enable SNMP in the System > Services menu.

2. Enable SNMP access from the WAN when connecting from a remote location.

3. Repeat the sequence of commands or other actions that lead up to the error.

4. Make a list of the commands or circumstances that led to the fault. Also make a
list of any error messages displayed.

5. Record all relevant system settings.

– 74 –
 Appendix A | Troubleshooting
Using System Logs

6. Display the log file through the System > Maintenance page, and copy the
information from the log file.

7. Download the Troubleshooting Log to a file from the System > Maintenance
page.

8. Contact your distributor’s service engineer, and send a detailed description of

the problem, along with all of the information mentioned in the above steps.

– 75 –
 Index

A E
accounting event logs 64
RADIUS server 39
AMPDU 57
authentication 51 F
pre-shared key 51 filter
RADIUS server 39, 51, 52 between wireless clients 48
HTTP from WAN 69
HTTPS from WAN 69
B management access 67
Bandsteering 47 VLANs 58
bridge mode 33, 53 firmware
displaying version 22
upgrading 66
C
captive portal 41
channel G
active 26 gateway address 14, 30, 74
bandwidth 46
restrictions 15
selection 46 H
community string, SNMP 71 hotspot, configuration 36
configuration settings HTTP 68
restoring 65 port specification 69
saving 65 HTTPS 68
country code 26, 46 port specification 69
selection 14, 15
CTS, clear to send 57
I
IEEE 802.11a/ac/n 44
D configuring interface 46
data rate, selecting 55 radio channel 46
device status, displaying 25 IEEE 802.11b/g/n 44
DHCP 14, 30 configuring interface 46
hotspot settings 38 radio channel 46
lease time 38 IEEE 802.1X 51, 53
leases 23 initial configuration 14
server settings 35 introduction 13
server status 23 IP address 33
DNS 22 DHCP 30
domain name 38 DNS server 22, 30, 38
IP address 38 Ethernet interface 30
server address 30 gateway 30
downloading software 66 guest network 35
hotspot 38
Internet connection 21

– 76 –
 Index

local network 35 RTS, threshold 57

management 14
management, configuring 14
network mask 21 S
PPPoE 30 SGI 57
RADIUS server 39 shared key 51
static 30 SNMP 13
wireless client 26 allow from WAN 71
community string 71
enabling 71
L SNTP 69
LAN port software
status 21 displaying version 22
log messages 64 upgrading 66
SSID 26, 44, 45, 48, 51, 59
status information
M Ethernet ports 20
MAC address interfaces 22
authentication 53 Internet 21
wireless client 26 local network 23
management IP address 14 wireless 25
STBC 57
STP, spanning tree protocol 36
N subnet mask 14, 23, 30, 35, 38, 74
NTP system log 64
enabling 70 system software, upgrading 66
servers 70

T
P time zone 70
password transmit power 15
captive portal secret 41 configuring 56
community string 71
default 15
PPPoE 31 U
pre-shared key 51 upgrading software 66
user account 66 user password 15, 67
PPPoE, configuring 30
pre-shared key 51
V
VLAN, configuration 58
R
radio channel
active 26 W
configuring 46 WAN port, status 21
RADIUS 51, 52 WDS 45
configuring for IEEE 802.1X 52 WMM 48, 49
configuring for WPA 52 WPA 51
configuring local settings 39 WPA, pre-shared key 51
IP address 39 WPA2 51
RadSec, RADIUS server 39
rate limiting 54
remote system log 71
reset button 61
router mode 33, 54

– 77 –
HeliOS User Manual
E052017-ST-R03
150000000056A