At the heart of all wireless AP configurations on the NWA/WAC are profiles. A profile represents a group of saved settings that you can use across any number of connected APs. You can set up the following wireless profile types:
• Radio - This profile type defines the properties of an AP’s radio transmitter. You can have a maximum of 32 radio profiles on the NWA/WAC.
• SSID - This profile type defines the properties of a single wireless network signal broadcast by an AP. Each radio on a single AP can broadcast up to 8 SSIDs. You can have a maximum of 32 SSID profiles on the NWA/WAC.
• Security - This profile type defines the security settings used by a single SSID. It controls the encryption method required for a wireless client to associate itself with the SSID. You can have a maximum of 32 security profiles on the NWA/WAC.
• MAC Filtering - This profile provides an additional layer of security for an SSID, allowing you to block access or allow access to that SSID based on wireless client MAC addresses. If a client’s MAC address is on the list, then it is either allowed or denied, depending on how you set up the MAC Filter profile. You can have a maximum of 32 MAC filtering profiles on the NWA/WAC.
• Layer-2 Isolation - This profile defines the MAC addresses of the devices that you want to allow the associated wireless clients to have access to when layer-2 isolation is enabled.
This screen allows you to create radio profiles for the NWA/WAC. A radio profile is a list of settings that an NWA/WAC can use to configure its radio transmitter(s).
Note: You can have a maximum of 32 radio profiles on the NWA/WAC.
Label |
Description |
---|---|
Add |
Click this to add a new radio profile. |
Edit |
Click this to edit the selected radio profile. |
Remove |
Click this to remove the selected radio profile. |
Activate |
To turn on an entry, select it and click Activate. |
Inactivate |
To turn off an entry, select it and click Inactivate. |
Object Reference |
Click this to view which other objects are linked to the selected radio profile. |
# |
This field is a sequential value, and it is not associated with a specific user. |
Status |
This field shows whether or not the entry is activated. A yellow bulb signifies that this rule is active. A gray bulb signifies that this rule is not active. |
Profile Name |
This field indicates the name assigned to the radio profile. |
Frequency Band |
This field indicates the frequency band which this radio profile is configured to use. |
Apply |
Click Apply to save your changes back to the NWA/WAC. |
Reset |
Click Reset to return the screen to its last-saved settings. |
This screen allows you to create a new radio profile or edit an existing one.
The SSID screens allow you to configure three different types of profiles for your networked APs: an SSID list, which can assign specific SSID configurations to your APs; a security list, which can assign specific encryption methods to the APs when allowing wireless clients to connect to them; and a MAC filter list, which can limit connections to an AP based on wireless clients MAC addresses.
This screen allows you to create and manage SSID configurations that can be used by the APs. An SSID, or Service Set IDentifier, is basically the name of the wireless network to which a wireless client can connect. The SSID appears as readable text to any device capable of scanning for wireless frequencies (such as the WiFi adapter in a laptop), and is displayed as the wireless network name when a person makes a connection to it.
Note: You can have a maximum of 32 SSID profiles on the NWA/WAC.
Label |
Description |
---|---|
Add |
Click this to add a new SSID profile. |
Edit |
Click this to edit the selected SSID profile. |
Remove |
Click this to remove the selected SSID profile. |
Object Reference |
Click this to view which other objects are linked to the selected SSID profile (for example, radio profile). |
# |
This field is a sequential value, and it is not associated with a specific user. |
Profile Name |
This field indicates the name assigned to the SSID profile. |
SSID |
This field indicates the SSID name as it appears to wireless clients. |
Security Profile |
This field indicates which (if any) security profile is associated with the SSID profile. |
QOS |
This field indicates the QoS type associated with the SSID profile. |
MAC Filtering Profile |
This field indicates which (if any) MAC filter Profile is associated with the SSID profile. |
Layer-2 Isolation Profile |
This field indicates which (if any) layer-2 isolation Profile is associated with the SSID profile. |
VLAN ID |
This field indicates the VLAN ID associated with the SSID profile. |
This screen allows you to create a new SSID profile or edit an existing one.
Label |
Description |
---|---|
Create new Object |
Select an object type from the list to create a new one associated with this SSID profile. |
Profile Name |
Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. |
SSID |
Enter the SSID name for this profile. This is the name visible on the network to wireless clients. Enter up to 32 characters, spaces and underscores are allowed. |
Security Profile |
Select a security profile from this list to associate with this SSID. If none exist, you can use the Create new Object menu to create one. Note: It is highly recommended that you create security profiles for all of your SSIDs to enhance your network security. |
MAC Filtering Profile |
Select a MAC filtering profile from the list to associate with this SSID. If none exist, you can use the Create new Object menu to create one. MAC filtering allows you to limit the wireless clients connecting to your network through a particular SSID by wireless client MAC addresses. Any clients that have MAC addresses not in the MAC filtering profile of allowed addresses are denied connections. The disable setting means no MAC filtering is used. |
Layer-2 Isolation Profile |
Select a layer-2 isolation profile from the list to associate with this SSID. If none exist, you can use the Create new Object menu to create one. Layer-2 isolation allows you to prevent wireless clients associated with your NWA/WAC from communicating with other wireless clients, APs, computers or routers in a network. The disable setting means no layer-2 isolation is used. |
QoS |
Select a Quality of Service (QoS) access category to associate with this SSID. Access categories minimize the delay of data packets across a wireless network. Certain categories, such as video or voice, are given a higher priority due to the time sensitive nature of their data packets. QoS access categories are as follows: disable: Turns off QoS for this SSID. All data packets are treated equally and not tagged with access categories. WMM: Enables automatic tagging of data packets. The NWA/WAC assigns access categories to the SSID by examining data as it passes through it and making a best guess effort. If something looks like video traffic, for instance, it is tagged as such. WMM_VOICE: All wireless traffic to the SSID is tagged as voice data. This is recommended if an SSID is used for activities like placing and receiving VoIP phone calls. WMM_VIDEO: All wireless traffic to the SSID is tagged as video data. This is recommended for activities like video conferencing. WMM_BEST_EFFORT: All wireless traffic to the SSID is tagged as “best effort,” meaning the data travels the best route it can without displacing higher priority traffic. This is good for activities that do not require the best bandwidth throughput, such as surfing the Internet. WMM_BACKGROUND: All wireless traffic to the SSID is tagged as low priority or “background traffic”, meaning all other access categories take precedence over this one. If traffic from an SSID does not have strict throughput requirements, then this access category is recommended. For example, an SSID that only has network printers connected to it. |
VLAN ID |
Enter a VLAN ID for the NWA/WAC to use to tag traffic originating from this SSID. |
Hidden SSID |
Select this if you want to “hide” your SSID from wireless clients. This tells any wireless clients in the vicinity of the AP using this SSID profile not to display its SSID name as a potential connection. Not all wireless clients respect this flag and display it anyway. When a SSID is “hidden” and a wireless client cannot see it, the only way you can connect to the SSID is by manually entering the SSID name in your wireless connection setup screen(s) (these vary by client, client connectivity software, and operating system). |
Enable Intra-BSS Traffic Blocking |
Select this option to prevent crossover traffic from within the same SSID on the NWA/WAC. |
OK |
Click OK to save your changes back to the NWA/WAC. |
Cancel |
Click Cancel to exit this screen without saving your changes. |
This screen allows you to manage wireless security configurations that can be used by your SSIDs. Wireless security is implemented strictly between the AP broadcasting the SSID and the stations that are connected to it.
Note: You can have a maximum of 32 security profiles on the NWA/WAC.
Label |
Description |
---|---|
Add |
Click this to add a new security profile. |
Edit |
Click this to edit the selected security profile. |
Remove |
Click this to remove the selected security profile. |
Object Reference |
Click this to view which other objects are linked to the selected security profile (for example, SSID profile). |
# |
This field is a sequential value, and it is not associated with a specific user. |
Profile Name |
This field indicates the name assigned to the security profile. |
Security Mode |
This field indicates this profile’s security mode (if any). |
This screen allows you to create a new security profile or edit an existing one.
Note: This screen’s options change based on the Security Mode selected. Only the default screen is displayed here.
Label |
Description |
---|---|
Profile Name |
Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. |
Security Mode |
Select a security mode from the list: none, wep, wpa2, or wpa2-mix. |
Radius Server Type |
This shows External and the NWA/WAC uses an external RADIUS server for authentication. |
Primary / Secondary Radius Server Activate |
Select this to have the NWA/WAC use the specified RADIUS server. |
Radius Server IP Address |
Enter the IP address of the RADIUS server to be used for authentication. |
Radius Server Port |
Enter the port number of the RADIUS server to be used for authentication. |
Radius Server Secret |
Enter the shared secret password of the RADIUS server to be used for authentication. |
Primary / Secondary Accounting Server Activate |
Select the check box to enable user accounting through an external authentication server. |
Accounting Server IP Address |
Enter the IP address of the external accounting server in dotted decimal notation. |
Accounting Server Port |
Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. |
Accounting Share Secret |
Enter a password (up to 128 alphanumeric characters) as the key to be shared between the external accounting server and the NWA/WAC. The key must be the same on the external accounting server and your NWA/WAC. The key is not sent over the network. |
Accounting Interim Update |
This field is available only when you enable user accounting through an external authentication server. Select this to have the NWA/WAC send subscriber status updates to the accounting server at the interval you specify. |
Interim Update Interval |
Specify the time interval for how often the NWA/WAC is to send a subscriber status update to the accounting server. |
802.1X |
Select this to enable 802.1x secure authentication. |
ReAuthentication Timer |
Enter the interval (in seconds) between authentication requests. Enter a 0 for unlimited requests. |
WEP Authentication Settings |
|
Idle Timeout |
Enter the idle interval (in seconds) that a client can be idle before authentication is discontinued. |
Authentication Type |
Select a WEP authentication method. Choices are Open or Share key. Share key is only available if you are not using 802.1x. |
Key Length |
Select the bit-length of the encryption key to be used in WEP connections. If you select WEP-64: • Enter 10 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (for example, 0x11AA22BB33) for each Key used. or • Enter 5 ASCII characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (for example, MyKey) for each Key used. If you select WEP-128: • Enter 26 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (for example, 0x00112233445566778899AABBCC) for each Key used. or • Enter 13 ASCII characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (for example, MyKey12345678) for each Key used. |
Key 1~4 |
Based on your Key Length selection, enter the appropriate length hexadecimal or ASCII key. |
WPA2/WPA2-Mix Authentication Settings |
|
PSK |
This field is available when you select the wpa2, or wpa2-mix security mode. Select this option to use a Pre-Shared Key with WPA2 encryption. |
Pre-Shared Key |
Enter a pre-shared key of between 8 and 63 case-sensitive ASCII characters (including spaces and symbols) or 64 hexadecimal characters. |
Cipher Type |
Select an encryption cipher type from the list. • auto - This automatically chooses the best available cipher based on the cipher in use by the wireless client that is attempting to make a connection. • aes - This is the Advanced Encryption Standard encryption method. It is a more recent development over TKIP and considerably more robust. Not all wireless clients may support this. |
Idle Timeout |
Enter the interval (in seconds) that a client can be idle before authentication is discontinued. |
Group Key Update Timer |
Enter the interval (in seconds) at which the AP updates the group WPA2 encryption key. |
Management Frame Protection |
This field is available only when you select wpa2 in the Security Mode field and set Cipher Type to aes. Data frames in 802.11 WLANs can be encrypted and authenticated with WEP, WPA or WPA2. But 802.11 management frames, such as beacon/probe response, association request, association response, de-authentication and disassociation are always unauthenticated and unencrypted. IEEE 802.11w Protected Management Frames allows APs to use the existing security mechanisms (encryption and authentication methods defined in IEEE 802.11i WPA/WPA2) to protect management frames. This helps prevent wireless DoS attacks. Select the check box to enable management frame protection (MFP) to add security to 802.11 management frames. Select Optional if you do not require the wireless clients to support MFP. Management frames will be encrypted if the clients support MFP. Select Required and wireless clients must support MFP in order to join the NWA/WAC’s wireless network. |
OK |
Click OK to save your changes back to the NWA/WAC. |
Cancel |
Click Cancel to exit this screen without saving your changes. |
This screen allows you to create and manage security configurations that can be used by your SSIDs.
Note: You can have a maximum of 32 MAC filtering profiles on the NWA/WAC.
Label |
Description |
---|---|
Add |
Click this to add a new MAC filtering profile. |
Edit |
Click this to edit the selected MAC filtering profile. |
Remove |
Click this to remove the selected MAC filtering profile. |
Object Reference |
Click this to view which other objects are linked to the selected MAC filtering profile (for example, SSID profile). |
# |
This field is a sequential value, and it is not associated with a specific user. |
Profile Name |
This field indicates the name assigned to the MAC filtering profile. |
Filter Action |
This field indicates this profile’s filter action (if any). |
This screen allows you to create a new MAC filtering profile or edit an existing one.
Note: Each MAC filtering profile can include a maximum of 512 MAC addresses.
Label |
Description |
---|---|
Profile Name |
Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. |
Filter Action |
Select allow to permit the wireless client with the MAC addresses in this profile to connect to the network through the associated SSID; select deny to block the wireless clients with the specified MAC addresses. |
Add |
Click this to add a MAC address to the profile’s list. |
Edit |
Click this to edit the selected MAC address in the profile’s list. |
Remove |
Click this to remove the selected MAC address from the profile’s list. |
# |
This field is a sequential value, and it is not associated with a specific user. |
MAC |
This field specifies a MAC address associated with this profile. You can click the MAC address to make it editable. |
Description |
This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. |
OK |
Click OK to save your changes back to the NWA/WAC. |
Cancel |
Click Cancel to exit this screen without saving your changes. |
Layer-2 isolation is used to prevent wireless clients associated with your NWA/WAC from communicating with other wireless clients, APs, computers or routers in a network.
The client can communicate with other wireless clients only if Intra-BSS Traffic blocking is disabled.
Note: Intra-BSS Traffic Blocking is activated when you enable layer-2 isolation.
MAC addresses that are not listed in the layer-2 isolation table are blocked from communicating with the NWA/WAC’s wireless clients except for broadcast packets. Layer-2 isolation does not check the traffic between wireless clients that are associated with the same AP. Intra-BSS traffic allows wireless clients associated with the same AP to communicate with each other.
This screen allows you to specify devices you want the users on your wireless networks to access.
Label |
Description |
---|---|
Add |
Click this to add a new MAC filtering profile. |
Edit |
Click this to edit the selected MAC filtering profile. |
Remove |
Click this to remove the selected MAC filtering profile. |
Object Reference |
Click this to view which other objects are linked to the selected MAC filtering profile (for example, SSID profile). |
# |
This field is a sequential value, and it is not associated with a specific user. |
Profile Name |
This field indicates the name assigned to the layer-2 isolation profile. |
Add/Edit Layer-2 Isolation Profile
This screen allows you to create a new layer-2 isolation profile or edit an existing one.
Note: You need to know the MAC address of each wireless client, AP, computer or router that you want to allow to communicate with the NWA/WAC's wireless clients.
Label |
Description |
---|---|
Profile Name |
Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. |
Add |
Click this to add a MAC address to the profile’s list. |
Edit |
Click this to edit the selected MAC address in the profile’s list. |
Remove |
Click this to remove the selected MAC address from the profile’s list. |
# |
This field is a sequential value, and it is not associated with a specific user. |
MAC |
This field specifies a MAC address associated with this profile. You can click the MAC address to make it editable. |
Description |
This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. |
OK |
Click OK to save your changes back to the NWA/WAC. |
Cancel |
Click Cancel to exit this screen without saving your changes. |