peplink PePLink Surf User manual
PePLink Surf
User’s Manual
Document Version : 2.6
Firmware Version : 6.0.4
Date : 2006-02-10
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 2 of 30
Table of Content
1 Copyright 3
2 Disclaimer 3
3 Product Description 4
3.1 Features 4
3.2 Hardware Setup 5
3.3 LED Description 6
4 Using the PePLink Surf 7
4.1 First Time Setup 8
4.2 Settings Details 11
4.3 Advanced Settings: Port Forward 13
4.4 WPA/WPA2 with 802.1x Authentication 14
4.5 Test the Setup 17
4.6 Firmware Upgrade 18
4.7 Debug Page 19
4.8 Restore to Factory Defaults 20
4.9 System Settings 21
5 Appendix - Demo CA and Server Certification Generation Instructions 26
5.1 Prerequisite 26
5.2 Create your own Certificate Authority (CA) 26
5.3 Create a server certificate request from your servers 27
5.4 Sign the server certificate with your own CA 28
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 3 of 30
1 Copyright
Copyright © 2006 by PePLink Ltd.
The content of this documentation may not be reproduced in any part or as
a whole without the prior written permission of PePLink Ltd.
2 Disclaimer
PePLink does not assume any liability arising out of the application or use of
any products, or software described herein. Neither does it convey any
license under its patent right nor the patent rights of others. PePLink
further reserves the right to make changes in any products described herein
without notice. This documentation is subject to change without notice.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 4 of 30
3 Product Description
PePLink Surf, formerly known as MANGA Surf, is a Wi-Fi Station Mode (Client)
Router with WPA, WPA2 and 802.1x supplicant support. It is designed to
act as a Wireless router which connects to Wireless Broadband Internet
Service and allows LAN users to access the Internet via it.
It associates to a service provider and authenticates using 802.1x (if needed)
on start up. Upon successful association and authentication, it will acquire
an IP address from the service provider using DHCP. A DHCP server is
built-in on its LAN port. Network Address Translation is performed for all
outbound connections. Thus it supports multiple terminals to access the
Internet simultaneously.
3.1 Features
• 10/100 Ethernet interface with auto-crossover detection
• Reset button for restoring settings to factory defaults
• Signal strength LED for showing the current signal strength
• WPA/WPA2-Personal and WPA/WPA2-Enterprise support
• Network Address Translation
(NAT) routing
• Built-in DHCP server
• Inbound port range forwarding
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 5 of 30
3.2 Hardware Setup
1. Attach the provided antenna to the left most antenna connector
2. Connect the LAN port to the computer’s Ethernet port with an
Ethernet cable.
3. Connect the end of the included power adapter to the power
socket (labeled “DC 5V”) on PePLink Surf.
4. Power on the power adaptor.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 6 of 30
3.3 LED Description
LED Color Status Description
Green On Power is onPower
Off Power is off
Green Solid Received signal is Excellent, Very Good and Good
Green Blinking Received signal is Low
Amber Blinking Received signal is Very Low
Amber Solid No wireless signal is detected
Status
Off Booting up / Upgrading firmware
Green On Ethernet is connected
Green Blinking Sending/Receiving data
LAN
Off Ethernet is not connected
Green On Associated with an access point
Green Blinking Sending/Receiving data
Wi-Fi
Off Not associated with any access point
This is the Signal Strength and Status LED state conversion table.
Received
Signal Strength
Status LED Indication on the web
based power meter
> -70 Solid Green Excellent
-70 to -74 Solid Green Very good
-75 to -79 Solid Green Good
-80 to -84 Blinking Green Low
-85 to -87 Blinking Amber Very Low
-87 to -89 Blinking Amber Very Low
-89 < Blinking Amber Very Low
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 7 of 30
4 Using the PePLink Surf
You should set up your computer’s LAN interface to obtain an IP address
automatically. If you do so, you should have set it up correctly.
In order to do so, select the “Start” menu, “Control Panel” and then
“Network Connections”. Right click on the “Local Area Connection” icon,
choose “Properties”, double click on the item “Internet Protocol (TCP/IP)”
from the list. On the screen, just set it as follows:
Click the “OK” button to confirm the change.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 8 of 30
4.1 First Time Setup
On your PC, start a web browser, e.g. Internet Explorer, Mozilla Firefox, etc.
Visit an Internet web site. If you are not associated to an access point, you
should be redirected to a logon page. Or you can go also go to this URL
http://192.168.20.1/
The page will look like this.
Once it is associated to an access point, you can also access the page from
this URL:
https://wan.ip.addr.here:8000/
Login ID and password are “admin” and “MSurf000”.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 9 of 30
Click the “Advanced Config” button to enter the parameters of the access
point to associate to. You should see this screen:
In the field “SSID” under Wireless Settings, input the access point’s SSID
(sometimes it is called “network name”). According to the setting of the
Access Point you are associating to, you may choose different
“Authentication setting”.
If “Static WEP key” or “WPA/WPA2-Personal” is selected, input the
Encryption Key field as well.
Click the “Save” button at the bottom to complete.
You can now click the “Connect” link on the top bar and then click the
“Connect” button to associate with the access point.
There are also options of “802.1x with dynamic WEP key” and
“WPA/WPA2-Enterprise”. For their details, please refer to chapter 4.4 .
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 10 of 30
At this point, you are associated with the access point. You may now close
the web browser and open a new one to start web browsing.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 11 of 30
4.2 Settings Details
LAN Interface: To configure the LAN interface’s IP address and subnet
mask.
DHCP Server: To configure to enable the built-in DHCP server or not. If
enabled, the IP address range can be configured.
Wireless Settings:
SSID: To configure the SSID / ESSID / Network Name of the wireless
network to associate to.
Radio Mode: It allows the user to choose between radio modulations
support. E.g. 802.11b/g, 802.11g only, 802.11b, etc. The available
settings depend on the Wi-Fi module installed on the device.
Note: Under 802.11
g
only mode, 802.11b rates are used durin
g
access point association.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 12 of 30
Bit Rate: To fix the 802.11 transmit bit rate. Available options depend on
the Radio Mode chosen. If “auto” is chosen, the device will choose the best
bit rate dynamically and automatically.
Authentication: Available options are Open, Static WEP Key, 802.1x with
dynamic WEP key, WPA/WPA2-Enterprise and WPA/WPA2-Personal. The
selection should be according to the setting of the access point you are
associating to. Data transferred are encrypted under all modes except the
Open mode. When Static WEP Key or WPA/WPA2-Personal is chosen, you
should enter an encryption key in the Encryption Key field. For 802.1x and
WPA/WPA2-Enterprise options, please refer to chapter 4.4 .
Preferred AP: The MAC address of a preferred access point can be entered
here. When the preferred access point is found and its signal strength is
higher than the “Min Signal Strength”, it will connect to this preferred access
point, no matter the other access points are found even they have higher
signal strength or the same SSID.
WAI redirection: If the device is not connected to an access point, and the
user is accessing an Internet web site, the settings control whether to
redirect the web access to the web admin interface page or not. If this is
disabled and the device is not connected, the browser will then show web
access error. The user can still access the web admin interface by
accessing to the device’s LAN IP address. By default, it’s
http://192.168.20.1 .
Restore factory settings: To restore the device to factory default settings.
After clicked, the settings will be restored to factory defaults and the device
will be restarted.
Reboot: To restart the device.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 13 of 30
4.3 Advanced Settings: Port Forward
The PePLink Surf supports forwarding inbound TCP and UDP connections to
servers on the LAN.
For example, if your PC is hosting a web server and you want to let Internet
users access it, you should define a rule on a role. Enter “80” and “80” for
the Port Range. Select “TCP” for the protocol. Enter the PC’s IP address to
the “IP Address” field.
Click the “Save” button to save and apply the changes.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 14 of 30
4.4 WPA/WPA2 with 802.1x Authentication
The PePLink Surf supports authentication and encryption methods of
“802.1x with dynamic WEP key encryption” and WPA/WPA2-Enterprise. A
radius server can be used to perform authentication based on the IEEE
standard 802.1x with EAP-TTLS.
To set it up, you have to configure the PePLink Surf, the access point and a
radius server.
By default, EAP-TTLS/CHAP is used as the EAP authentication method. You
can change this setting in the System Settings page. Please refer to
chapter 4.9.3 .
4.4.1 Configure the PePLink Surf
To enable the 802.1x authentication, you can go to the CPE Setup page,
choose “WPA” for the Authentication setting and leave the WEP key setting
empty.
Certificate checking
By default, the PePLink Surf does not verify the radius server’s
certificate. If you would like to check the certificate, you can use a
command-line based FTP client to upload your certificate to the
PePLink Surf.
1. ftp to the PePLink Surf (default IP is 192.168.20.1)
2. Type the login ID and password: “root” and “MSurf000
”
3. cd /etc/1x
4. put root.pem
5. bye
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 15 of 30
4.4.2 Access Point
Access point set up procedure is different from one brand to the others.
Here are some necessary configuration parameters to be configured in the
access point:
- Enable WPA2 with 802.1x authentication
- Enter the radius server IP address, port number and the secret (for the
provided radius server config mentioned in 4.4.3 , the secret is
“testing123”)
4.4.3 Radius Server
The commercial radius server, Radiator, is used in the set up. It is a product
of Open System Consultants Pty Ltd.
Radiator version 3.9 is known to be interoperable. Any version above 3.9
should work too. Just follow the server’s installation guide to install it on a
server.
After installed, you should put the root cert file and server cert file to a
directory, update radiator’s configuration file and the users files.
A demo CA cert file (cacert.pem), a server cert file (server_cert.pem) and
a server key file (/etc/radiator/server_key.pem) are pre-generated and
attached. You can generate them by yourself by following the instructions
in the Appendix. Put the files to the directory /etc/radiator.
A sample Radiator configuration file is as follows. Save it as radius.cfg
and put it under /etc/radiator.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 16 of 30
To change user login name and password, just edit the file
/etc/radiator/users. A sample user entry is like this:
Then start the radius server by executing this:
Now the Radiator server’s setup completed.
AuthPort 1812
AcctPort 1813
LogDir /var/log/radius
DbDir /etc/radiator
Trace 4
<Client DEFAULT>
Secret testing123
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy FILE>
Filename /etc/radiator/users
EAPType TTLS
EAPTLS_CAFile /etc/radiator/cacert.pem
EAPTLS_CertificateFile /etc/radiator/server_cert.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/radiator/server_key.pem
EAPTLS_RandomFile /dev/urandom
EAPTLS_PrivateKeyPassword demoserver
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
</AuthBy>
AcctLogFileName /etc/1x/radius_detail
</Realm>
demoid1 User-Password=demopass1
Service-Type = Framed-User
/usr/bin/radiusd -config_file /etc/radiator/radius.cfg
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 17 of 30
4.5 Test the Setup
To test to setup, you can now go to the PePLink Surf’s Main page, enter the
user name and password. The realm (the text box next to the “@” sign)
value can be left empty. Then click the Connect button.
After connected, you should see:
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 18 of 30
4.6 Firmware Upgrade
The PePLink Surf is able to check whether a newer firmware (the software
running on the PePLink Surf) is available. To do so, click the link “Firmware
Upgrade” on the top bar. You will see this screen:
Click the “Check for new firmware” on the screen. If there is a firmware
available, you can simply click a “Download and Upgrade” button.
During an upgrade, please do not interrupt the process.
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 19 of 30
4.7 Debug Page
A debug page is provided for advanced network troubleshooting.
This page shows the unit’s firmware version, hardware version, serial
number, LAN MAC address, Wi-Fi MAC address, supported Wi-Fi modes,
scanned access points’ information and WAN connection information.
For the Scanned AP section, the scanned result may not be up to date. You
can click the “Scan again” button to update the scanned AP list. But note
that, while it is connected to an AP, clicking the button may drop the
connection.
On the page bottom, you are allowed to download a debug dump file and
configuration file. In case you need to contact PePLink for technical
PePLink Surf User’s Manual v2.6
Copyright ©1999-2006 PePLink Ltd. All Rights Reserved Page 20 of 30
4.8 Restore to Factory Defaults
To restore the PePLink Surf to factory defaults, there are two methods.
If you are able to access the web admin interface, go to the “CPE Setup”
page, and click the “Restore and Reboot” button.
Otherwise, you can also power up the unit and wait for about 1 min. Then
press the Reset button at the rear side of the unit using a pin and then hold
it for 5 secs. The unit will restore the settings to factory defaults and
reboot.
Table of contents
Other peplink Wireless Router manuals
peplink
peplink Pepwave Surf SOHO User manual
peplink
peplink Pepwave MAX Series User manual
peplink
peplink 210 User manual
peplink
peplink PEPWAVE AP Pro Series User manual
peplink
peplink MAX BR1 Mini User manual
peplink
peplink Pepwave MAX BR1 IP67 Operating instructions
peplink
peplink PEPWAVE HD2 Dome Operating instructions
peplink
peplink Pepwave MAX Series User manual
