Linksys Lapac1200 User manual

LAPAC1200

AC1200 Dual Band

Access Point

User Guide

Table of Contents

Linksys

CHAPTER 1 QUICK START GUIDE. . . . . . . . . . . . . . . . . . 1

Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Physical Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Mounting Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

CHAPTER 2 ACCESS POINT SETUP . . . . . . . . . . . . . . . . . 3

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Setup Using a Web Browser . . . . . . . . . . . . . . . . . . . . . . .3

Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Time Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Log Settings Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Management Access Screen . . . . . . . . . . . . . . . . . . . . . .8

SSL Certiﬁcate Screen. . . . . . . . . . . . . . . . . . . . . . . . . . .9

Network Setup Screen . . . . . . . . . . . . . . . . . . . . . . . . . 10

Advanced Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Basic Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Rogue AP Detection. . . . . . . . . . . . . . . . . . . . . . . . . . .19

Scheduler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Scheduler Association . . . . . . . . . . . . . . . . . . . . . . . . . 21

Connection Control . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Rate Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Workgroup Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

CHAPTER 3 OPERATION AND STATUS . . . . . . . . . . . . . .27

Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

System Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

LAN Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Wireless Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Wireless Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Log View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

CHAPTER 4 ACCESS POINT MANAGEMENT . . . . . . . . . . .32

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Firmware Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Conﬁguration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Factory Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Ping Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Packet Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Diagnostic Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

APPENDIX A TROUBLESHOOTING . . . . . . . . . . . . . . . . .37

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

General Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

APPENDIX B ABOUT WIRELESS LANS. . . . . . . . . . . . . . .38

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

Wireless LAN Terminology . . . . . . . . . . . . . . . . . . . . . . .38

Table of Contents

iii

Table of Contents

Linksys

APPENDIX C PC AND SERVER CONFIGURATION . . . . . . . .40

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

Using WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

Using WPA2-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Using WPA2-Enterprise . . . . . . . . . . . . . . . . . . . . . . . . .41

802.1x Server Setup (Windows 2000 Server) . . . . . . . . . . . 41

802.1x Client Setup on Windows XP. . . . . . . . . . . . . . . . .46

Using 802.1x Mode (without WPA). . . . . . . . . . . . . . . . . .49

Document Version: 1.0

All trademarks and trade names are the properties of their respective owners.

CHAPTER 1 Quick Start Guide

Linksys

CHAPTER 1 Quick Start Guide

Package Contents

• LinksysWirelessAccessPoint

• QuickStartGuide

• EthernetCable

• ACPowerAdapter

• CDwithDocumentation

• MountingBracket

• MountingKit

• CeilingMountBackPlate

• DrillingLayoutTemplate

Physical Details

There is one LED for the device.

LED

LED Color Activity Status

Green Blinking System is booting.

Solid System is normal; no wireless device

connected.

Blue Blinking Software upgrade in process.

Solid System is normal; at least one wireless

device connected.

Red Solid Booting process or update failed; hard

reset or service required.

Port and Button

Power Port - Connect the AC power adapter to this port.

NOTE: Use only the adapter that came with your access point.

Ethernet Port - Connect a wired network device to this port. This port supports

PoE (Power over Ethernet) with a PoE switch or PoE injector. LAPAC1750 can be

powered on from an 802.3at(PoE+) compliance source.

NOTE: When both PoE and AC power adapter are connected to access point,

device will get power from PoE as higher precedence.

Using Cat5e or better cable is highly recommended.

Reset Button - Press and hold this button for less than 15 seconds to power

cycle device. Press and hold for longer than 15 seconds to reset the device to

factory default settings.

CHAPTER 1 Quick Start Guide

Linksys

Mounting Guide

To avoid overheating, do not install your access point if ambient temperatures

exceed 104°F (40°C). Install on a flat, stable surface, near the center of your

wireless coverage area making sure not to block vents on the sides of the device

enclosure.

Wall Installation

1. Position drilling layout template at the desired location.

2. Drill four screw holes on the mounting surface. If your Ethernet cable is

routed behind the wall, mark Ethernet cable hole as well.

3. Secure the mounting bracket on the wall with anchors and screws.

4. If your Ethernet cable is routed behind the wall, cut or drill the Ethernet

cable hole you marked in Step 2. Feed the Ethernet cable through the hole.

5. Connect the Ethernet cable and/or AC power adapter to your device.

6. Slide the device into the bracket. Turn clockwise until it locks into place.

Ceiling Installation

1. Select ceiling tile for mounting and remove tile.

2. Position drilling layout template at the desired location.

3. Drill four screw holes and Ethernet cable hole on the surface of ceiling tile.

4. Place back plate on the opposite side of ceiling tile. Secure mounting

bracket to the ceiling tile with flathead screw and nut. Route the Ethernet

cable through the Ethernet cable hole.

5. Replace tile in ceiling.

6. Connect the Ethernet cable and/or AC power adapter to your device

7. Slide the device into the bracket. Turn access point clockwise until it locks.

IMPORTANT

Improper or insecure mounting could result in damage to the device or personal

injury. Linksys is not responsible for damages caused by improper mounting.

CHAPTER 2 Access Point Setup

Linksys

CHAPTER 2 Access Point Setup

Overview

This chapter describes the setup procedure to connect the wireless access point

to your LAN, and configure it as an access point for your wireless stations.

Wireless stations may also require configuration. For details, see Appendix C -

Wireless Station Configuration.

The wireless access point can be configured using a Web browser.

Setup using a Web Browser

Your browser must support JavaScript. The configuration program has been

tested on the following browsers:

• Firefox3.5orlater,Chrome8orlater,Safari5orlater

• InternetExplorer7orlater

Setup Procedure

Make sure device is powered on before you continue setup. If LED light is off,

check that AC power adapter, or PoE cable, is properly connected on both ends.

Access device’s browser-based setup:

1. Use the included cable to connect the access point to your network via a

network switch or router.

2. Open a web browser on a computer connected to your network. Enter the

IP address of your access point. By factory default, the IP address will be

assigned by a DHCP server (usually the network router). If there is no DHCP

server on your network, the default IP address is 192.168.1.252/255.255.255.0.

Note: Use a computer hardwired to the same network as your access point for

browser-based setup access. Access to browser-based setup via WiFi is disabled

by default.

3. Type in default username: “admin”, and password: “admin”.

4. Click Log in to launch the browser-based setup and follow the on-screen

instructions

Figure 1: Password Dialog

IF YOU CAN’T CONNECT:

It is likely that your PC’s IP address is incompatible with the wireless

access point’s IP address. This can happen if your LAN does not

have a DHCP Server. If there is no DHCP server in your network, the

access point will fall back to its default IP address: 192.168.1.252,

with a network mask of 255.255.255.0.

Or, if your PC’s IP address is not compatible with this, you must

change your PC’s IP address to an unused value in the range

192.168.1.1 ~ 192.168.1.254, with a network mask of 255.255.255.0.

See Appendix A - Windows TCP/IP for details for this procedure.

CHAPTER 2 Access Point Setup

Linksys

Setup Wizard

The first time you connect to the wireless access point, run the Setup Wizard to

configure the device.

1. Click the Quick Start link on the main menu

Figure 2: Setup Wizard

2. On the first screen, click Launch.

3. Set the password on the Device Password screen, if desired.

4. Configure the time zone, date and time for the device on System Settings

screen.

Figure 3: Setup Wizard - System Settings

5. On the IPv4 Address screen (Figure 4) configure the IP address of the device

then click Next. If you want to configure more than 4 SSIDs, please go to

Configuration → Wireless → Basic Settings. The access point supports up

to 8 SSIDs per radio.

Figure 4: Setup Wizard - IPv4

6. Set the SSID information on the Wireless Network screen. Click Next.

Figure 5: Setup Wizard - Wireless Network

7. On the Wireless Security Screen (Figure 6) configure the wireless security

settings for the device. Click Next. If you are looking for security options that

are not available in the wizard, go to Configuration →Wireless →Security

page. The access point supports more sophisticated security options there.

CHAPTER 2 Access Point Setup

Linksys

Figure 6: Setup Wizard - Wireless Security

8. On the Summary screen, check the data to make sure they are correct and

then click Submit to save the changes.

Figure 7: Setup Wizard - Summary

9. Click Finish to leave the wizard.

Figure 8: Setup Wizard - Finish

User Accounts

Click User Accounts on the Administration menu to manage user accounts. The

access point supports up to five users: one administrator and four normal users.

Figure 9: User Accounts

CHAPTER 2 Access Point Setup

Linksys

Data - User Accounts Screen

User Account Table

User Name Enter the User Name to connect to the access

point’s admin interface. User Name is effective

once you save settings.

User Name can include up to 63 characters. Special

characters are allowed.

User Level Only administrator account has Read/Write

permission to the access point’s admin interface.

All other accounts have Read Only permission.

New Password Enter the Password to connect to the access point’s

admin interface.

Password must be between 4 and 63 characters.

Special characters are allowed.

Confirm New Password Re-enter password.

Time Screen

Click Time on the Administration menu to configure system time of the device.

Figure 10: Time Screen

Data - Time Screen

Time

Current Time Display current date and time of the system.

Manually Set date and time manually.

Automatically When enabled (default setting) the access point will get the

current time from a public time server.

Time Zone Choose the time zone for your location from the drop-down

list. If your location observes daylight saving time, enable

“Automatically adjust clock for daylight saving changes.”

Start Time Specify the start time of daylight saving.

End Time Specify the end time of daylight saving.

Offset Select the adjusted time of daylight saving.

NTP

NTP Server 1 Enter the primary NTP server. It can be an IPv4 address or a

domain name.

Valid characters include alphanumeric characters, “_”, “-”

and “.”. Maximum length is 64 characters.

NTP Server 2 Enter the secondary NTP server. It can be an IPv4 address or

a domain name.

Valid characters include alphanumeric characters, “_”, “-”

and “.”. Maximum length is 64 characters.

CHAPTER 2 Access Point Setup

Linksys

Log Settings Screen

The logs record various types of activity on the access point. This data is useful

for troubleshooting, but enabling all logs will generate a large amount of data

and adversely affect performance.

Figure 11: Log Settings Screen

Data - Logs Screen

Log Types

Log Types Select events to log. Checking all options increase the

size of the log, so enable only events you believe are

required.

Email Alertt

Email Alert Enable email alert function.

SMTP Server Enter the email server that is used to send logs. It can

be an IPv4 address or a domain name.

Valid characters include alphanumeric characters, “_”,

“-” and “.”. Maximum length is 64 characters.

Data Encryption Enable if you want to use data encryption.

Port Enter the port for the SMTP server. The port is a value

from 1 to 65535 and default is 25.

Username Enter the Username to log in to your SMTP server.

The Username can include up to 32 characters. Special

characters are allowed.

Password Enter the Password to log in to your SMTP server.

The Password can include up to 32 characters. Special

characters are allowed.

Email Address for Logs Enter the email address the log messages are to be

sent to.

Valid characters include alphanumeric characters, “_”,

“-”, “.” and “@”. Maximum length is 64 characters.

Log Queue Length Enter the length of the queue: up to 500 log messages.

The default is 20 messages. When messages reach the

set length the queue will be sent to the specified email

address.

Log Time Threshold Enter the time threshold (in seconds) used to check if

the queue is full. It’s a value from 1 to 600 and default

is 600 seconds.

Syslog

Syslog Notification Enable Syslog notification.

IP Type Select the IP type of the syslog server: IPv4 or IPv6.

Server IP Address Enter the IPv4 or IPv6 address of syslog server here.

CHAPTER 2 Access Point Setup

Linksys

Management Access

You can use the Management Access page to configure the management

methods of the access point.

Figure 12: Management Access Screen

Data - Management Access Screen

Web Access

HTTP HTTP (Hyper Text Transfer Protocol) is the standard

for transferring files (text, graphic images and other

multimedia files) on the World Wide Web.

Enable to allow Web access by HTTP protocol.

HTTP Port Specify the port for HTTP. It can be 80 (default) or

from 1024 to 65535.

HTTP to HTTPS

Redirect

Enable to redirect Web access of HTTP to HTTPS

automatically.

This field is available only when HTTP access is

disabled.

HTTPS HTTPS (Hypertext Transfer Protocol Secure) can

provide more secure communication with the SSL/

TLS protocol, which support data encryption to

HTTP clients and servers.

Enable to allow Web access by HTTPS protocol.

HTTPS Port Specify the port for HTTPS. It can be 443 (default) or

from 1024 to 65535.

From Wireless Enable wireless devices to connect to access point’s

admin page. Disabled by default.

Access Control By default, no IP addresses are prohibited from

accessing the device’s admin page. You can

enable access control and enter specified IP

addresses for access. Four IPv4 and four IPv6

addresses can be specified.

SNMP Settings

SNMP Simple Network Management Protocol (SNMP) is a

network monitoring and management protocol.

Enable or disable SNMP function here. Disabled by

default.

Contact Enter contact information for the access point.

The contact includes 1 to 32 characters. Special

characters are allowed.

CHAPTER 2 Access Point Setup

Linksys

SSL Certificate

This screen can be used to manage SSL certificate used by HTTPS.

Figure 13: SSL Certificate Screen

Location Enter the area or location where the access point

resides.

The location includes 1 to 32 characters. Special

characters are allowed.

SNMPv1/v2 Settings

Get Community Enter the name of Get Community. Get Community

is used to read data from the access point and not

for writing data into the access point.

Get Community includes 1 to 32 characters. Special

characters are allowed.

Set Community Enter the name of Set Community. Set Community

is used to write data into the access point.

The Set Community includes 1 to 32 characters.

Special characters are allowed.

SNMPv3 Settings

SNMPv3 Settings Configure the SNMPv3 settings if you want to use

SNMPv3.

Username: Enter the username. It includes 0 to 32

characters. Special characters are allowed.

Authentication Protocol: None or HMAC-MD5.

Authentication Key: 8 to 32 characters. Special

characters are allowed.

Privacy Protocol: None or CBC-DES.

Privacy Key: 8 to 32 characters. Special characters

are allowed.

Access Control

Access Control When SNMP is enabled, any IP address can connect

to the access point’s admin page through SNMP.

You can enable access control to allow specified IP

addresses. Two IPv4 and two IPv6 addresses can be

specified.

SNMP Trap

Trap Community Enter the Trap Community server. It includes 1 to 32

characters. Special characters are allowed.

Trap Destination Two Trap Community servers are supported: can be

IPv4 or IPv6.

CHAPTER 2 Access Point Setup

Linksys

Data - SSL Certificate Screen

Export/Restore to/from Local PC

Export SSL

Certificate

Click to export the SSL certificate.

Install Certificate Browse to choose the certificate file. Click Install

Certificate button.

Export to TFTP Server

Destination File Enter the name of the destination file.

TFTP Server Enter the IPv4 address for the TFTP server.

Export Click to export the SSL certificate to the TFTP

server.

Restore from TFTP Server

Source File Enter the name of the source file.

TFTP Server Enter the IPv4 address for the TFTP server.

Install Click to install the file to the device.

Network Setup Screen

Use this screen to configure basic device settings, VLAN settings and settings

for the LAN interface, including static or dynamic IPv4/IPv6 address assignment.

Figure 14: Network Setup Screen

Data - Network Setup Screen

TCP/IP

Host Name Assign a host name to this access point. Host name

consists of 1 to 15 characters. Valid characters include

A-Z, a-z, 0-9 and -. Character cannot be first and last

character of hostname and hostname cannot be

composed of all digits.

VLAN Enables or disables VLAN function. Workgroup Bridge

can only be enabled when VLAN function is disabled.

Untagged VLAN Enables or disables VLAN tagging. If enabled (default),

traffic is untagged when VLAN ID is equal to Untagged

VLAN ID and un-tagged traffic can be accepted by LAN

port. If disabled, traffic from the LAN port is always

tagged and only tagged traffic can be accepted from

LAN port.

By default all traffic on the access point uses VLAN 1, the

default untagged VLAN.

Untagged VLAN ID Specifies a number between 1 and 4094 for the

untagged VLAN ID. The default is 1. Traffic on the

VLAN that you specify in this field is not be tagged

with a VLAN ID when forwarded to the network.

Untagged VLAN ID field is active only when untagged

VLAN is enabled.

VLAN 1 is the default for untagged VLAN.

Management

VLAN

The VLAN associated with the IP address you use to

connect to the access point. Provide a number between

1 and 4094 for the Management VLAN ID. The default

is 1.

IPv4/v6

IP Settings Select Automatic Configuration or Static IP Address.

IP Address Enter an unused IP address from the address range used

on your LAN.

Subnet Mask Enter the subnet mask for the IP address above.

Default Gateway Enter the gateway for the IP address above.

Primary DNS Enter the DNS address.

Secondary DNS Optional. If entered, this DNS will be used if the Primary

DNS does not respond.

CHAPTER 2 Access Point Setup

Linksys

Advanced Screen

Use this screen to configure advanced network settings of the access point.

Figure 15: Advanced Screen

Data - Advanced Screen

Port Settings

Auto

Negotiation

If enabled, Port Speed and Duplex Mode will become grey

and cannot be configured. If disabled, Port Speed and

Duplex Mode can be configured.

Operational

Auto

Negotiation

Current Auto Negotiation mode of the Ethernet port.

Port Speed Select the speed of the Ethernet port. Available only when

Auto Negotiation is disabled. The option can be 10M, 100M

or 1000M (default).

Operational

Port Speed

Displays the current port speed of the Ethernet port.

Duplex Mode Select the duplex mode of the Ethernet port. Available only

when Auto Negotiation is disabled. The option can be Half

or Full (default).

Operational

Duplex Mode

Displays the current duplex mode of the Ethernet port.

Flow Control Enable or disable flow control of the Ethernet port.

802.1x Supplicant

802.1x

Supplicant

Enable if your network requires this access point to use

802.1X authentication in order to operate.

Authentication This feature supports following two kinds of authentication:

Authentication via MAC Address

Select this if you want to use MAC address for authentication.

The access point uses lowercase MAC address for Name and

Password, like xxxxxxxxxxxx.

Authentication via Name and Password

Select this if you want to use name and password for

authentication.

Name - Enter the login name. The name includes 1 to 63

characters. Special characters are allowed.

Password - Enter the desired login password. The password

includes 4 to 63 characters. Special characters are allowed.

CHAPTER 2 Access Point Setup

Linksys

Discovery Settings

Bonjour Enable if administrator wants the access point to be

discovered by Bonjour enabled devices automatically. If

VLAN is enabled, the discovery packets will be sent out via

management VLAN only. The access point supports http

and https services.

LLDP Enable if administrator wants the access point to be

discovered by switch by LLDP protocol. Information such as

product name, device name, firmware version, IP address,

MAC address and so on will be advertised.

LLDP-MED Enable if administrator wants the access point to be

discovered by switch by LLDP-MED protocol. Information

such as product name, device name, firmware version, IP

address, MAC address and so on will be advertised.

Wireless Screens

There are ten configuration screens:

• BasicSettings

• Security

• RogueAPDetection

• Scheduler

• SchedulerAssociation

• ConnectionControl

• RateLimit

• QoS

• WorkgroupBridge

• AdvancedSettings

Basic Settings

Basic Settings provides the essential configuration for your wireless radio and

SSIDs. You should be able to set up your wireless network with these essential

parameters configured. Advanced wireless settings such as Band Steering,

Channel Bandwidth, etc., will be on Configuration → Wireless →Advanced

Settings screen.

Click Basic Settings on the Wireless menu.

Figure 16: Basic Settings Screen

CHAPTER 2 Access Point Setup

Linksys

Data - Wireless Basic Settings Screen

Basic Wireless Settings

Wireless Radio Select the wireless radio from the list.

Radio 1 is for 2.4 GHz, and Radio 2 is for 5 GHz.

Enable Radio Enable or disable the wireless radio.

Wireless Mode Select the desired option for radio 1:

G only - allow connection by 802.11G wireless stations only.

N only - allow connection by 802.11N wireless stations only.

B/G-Mixed - allow connection by 802.11B and G wireless

stations only.

B/G/N-Mixed (Default) - allow connections by 802.11N,

802.11B and 802.11G wireless stations.

Select the desired option for radio 2:

N/A-Mixed - allow connection by 802.11A and N wireless

stations only.

N only - allow connection by 802.11N wireless stations only.

AC only - allow connection by 802.11AC wireless stations only.

A/N/AC-Mixed - allow connection by 802.11A, 802.11N and

802.11AC wireless stations.

Wireless Channel Select wireless channel of the radio.

If Auto is selected, the access point will select the best

available channel when device boots up.

If you experience lost connections and/or slow data

transfers, experiment with manually setting different

channels to see which is the best.

SSID Settings

SSID Name Enter the desired SSID Name. Each SSID must have a

unique name. The name includes 1 to 32 characters.

Broadcast Enable or disable the broadcast of the SSID.

When the access point does not broadcast its SSID, the

network name is not shown in the list of available networks

on a client station. Instead, you must enter the exact

network name manually into the wireless connection

utility on the client so that it can connect.

Isolation Enable or disable isolation among clients of the SSID. If

enabled, wireless clients cannot communicate with others

in the same SSID.

Disabled by default.

VLAN ID Enter the VLAN ID of the SSID.

Used to tag packets which are received from the wireless

clients of the SSID and sent from Ethernet or Workgroup

Bridge interfaces.

Applicable only when VLAN function is enabled. VLAN

function can be configured in Configuration →LAN →

Network Setup screen.

Max Clients Enter the number of clients that can connect to the SSID.

The range is from 0 to 32, and 0 means no limit.

CHAPTER 2 Access Point Setup

Linksys

Security Settings

Use this screen to configure security settings of SSIDs to provide data protection

over the wireless network.

Figure 17: Security Settings

Data - Wireless Basic Settings Screen

Security

Select SSID Select the desired SSID from the drop-down list.

Security Mode Select the desired security method from the list.

Security Settings

• Disabled - No security. Anyone using the correct SSID can connect to

your network.

• WEP - The 802.11b standard. Data is encrypted before transmission, but

the encryption system is not very strong.

• WPA2-Personal - This is a further development of WPA-PSK, and offers even

greater security, using the AES (Advanced Encryption Standard) method.

This method, sometimes called Mixed Mode, allows clients to use either

WPA-Personal (with TKIP) or WPA2-Personal (with AES).

• WPA2-Enterprise - Requires a RADIUS Server on your LAN to provide the

client authentication according to the 802.1x standard. Data transmissions

are encrypted using the WPA2 standard.

If this option is selected:

•This access point must have a client login on the RADIUS Server.

•Each user must authenticate on the RADIUS Server. This is usually

done using digital certificates.

•Each user’s wireless client must support 802.1x and provide the

RADIUS authentication data when required.

•All data transmission is encrypted using the WPA2 standard. Keys

are automatically generated, so no key input is required.

• RADIUS - RADIUS mode utilizes RADIUS server for authentication and

dynamic WEP key generation for data encryption.

CHAPTER 2 Access Point Setup

Linksys

Security Settings - WEP

This is the 802.11b standard. Data is encrypted before transmission, but the

encryption system is not very strong.

Figure 18: WEP Wireless Security Screen

Data - WEP Screen

WEP

Authentication Select Open System or Shared Key. All wireless

stations must use the same method.

Default Transmit Key Select a transmit key.

WEP Encryption Select an encryption option, and ensure your

wireless stations have the same setting:

64-Bit Encryption - Keys are 10 Hex characters.

128-Bit Encryption - Keys are 26 Hex characters.

Passphrase Generate a key or keys instead of entering them

directly.Enter a word or groupof printable characters

in the Passphrase box and click the Generate button

to automatically configure the WEP key. It consists of

1 to 30 characters.

Key Value Enter a key in hexadecimal format.

Security Settings - WPA2-Personal

This is a further development of WPA-Personal, and offers even greater security.

Figure 19: WPA2-Personal Wireless Security Screen

Data - WPA2-Personal Screen

WPA2-Personal

WPA Algorithm The encryption method is AES. Wireless stations must also

use AES.

Pre-shared Key Enter the key value. It is 8 to 63 ASCII characters or 64 HEX

characters. Other wireless stations must use the same key.

Key Renewal Specify the value of Group Key Renewal. It’s a value from

600 to 36000 and default is 3600 seconds.

WPA automatically changes secret keys after a certain

period of time. The group key interval is the period of time

in between automatic changes of the group key, which all

devices on the network share.

Constantly keying the group key protects your network

against intrusion, as the would-be intruder must cope with

an ever-changing secret key.

CHAPTER 2 Access Point Setup

Linksys

Security Settings - WPA/WPA2-Personal

This method, sometimes called Mixed Mode, allows clients to use either WPA-

Personal or WPA2-Personal.

Figure 20: WPA/WPA2-Personal Wireless Security Screen

Data - WPA/WPA2-Personal Screen

WPA/WPA2-Personal

WPA Algorithm The encryption method is TKIP or AES.

Pre-shared Key Enter the key value. It is 8 to 63 ASCII characters or

64 HEX characters. Other wireless stations must

use the same key.

Key Renewal Specify the value of Group Key Renewal. It’s a value

from 600 to 36000, and default is 3600 seconds .

WPA automatically changes secret keys after a certain

period of time. The group key interval is the period

of time in between automatic changes of the group

key, which all devices on the network share.

Constantly keying the group key protects your

network against intrusion, as the would-be intruder

must cope with an ever-changing secret key.

Security Settings - WPA2-Enterprise

This version of WPA2-Enterprise requires a RADIUS Server on your LAN to

provide the client authentication. Data transmissions are encrypted using the

WPA2 standard.

Figure 21: WPA2-Enterprise Wireless Security Screen

CHAPTER 2 Access Point Setup

Linksys

Data - WPA2-Enterprise Screen

WPA2-Enterprise

Primary Server Enter the IP address of the RADIUS Server on your

network.

Primary Server Port Enter the port number used for connections to the

RADIUS Server. It is a value from 1 to 65534, and

default is 1812.

Primary Shared Secret Enter the key value to match the RADIUS Server. It

consists of 1 to 64 characters.

Backup Server The Backup Authentication Server will be used

when the Primary Authentication Server is not

available.

Backup Server Port Enter the port number used for connections to the

Backup RADIUS Server. It’s a value from 1 to 65534,

and default is 1812.

Backup Shared Secret Enter the key value to match the Backup RADIUS

Server. It consists of 1 to 64 characters.

WPA Algorithm The encryption method is AES.

Key Renewal Timeout Specify the value of Group Key Renewal. It is a value

from 600 to 36000, and default is 3600 seconds.

WPA automatically changes secret keys after a

certain period of time. The group key interval

is the period of time in between automatic

changes of the group key, which all devices on

the network share.

Constantly keying the group key protects your

network against intrusion, as the would-be intruder

must cope with an ever-changing secret key.

Security Settings - WPA/WPA2-Enterprise

WPA/WPA2-Enterprise requires a RADIUS Server on your LAN to provide the

client authen-tication. Data transmissions are encrypted using WPA2 standard.

Figure 22: WPA/WPA2-Enterprise Wireless Security Screen

Table of contents

Linksys LAPAC1200 User manual