Introduction

Annotation

Modern tendencies of telecommunication development necessitate operators to search for the most optimal technologies, allowing you to satisfy drastically growing needs of subscribers, maintaining at the same time consistency of business processes, development flexibility and reduction of costs of various services provision. Wireless technologies are spinning up more and more and have paced a huge way for short time from unstable low-speed communication networks of low radius to broadband networks equitable to speed of wired networks with high criteria to the quality of provided services. WEP-2ac and WEP-2ac Smart are Wi-Fi access points of the Enterprise class. The devices are dedicated to be installed inside buildings as access points and to create a seamless wireless network using several identical access points (roaming) on a large area.
This manual specifies intended purpose, main technical parameters, design, installation procedure, safe operation rules and installation recommendations for these devices.

Symbols

Notes and warnings

Device description

Purpose

WEP-2ac and WEP-2ac Smart wireless access points (hereinafter the devices) are designed to provide users with access to a high-speed and safe network.

The device is dedicated to create L2 wireless networks interfacing with a wired network. WEP-2ac and WEP-2ac Smart are connected to a wired network via 10/100/1000M Ethernet interface and arrange high-speed access to the Internet for devices supporting Wi-Fi technology at 2.4 and 5 GHz.

The devices have two radio interfaces to organize two physical wireless networks.

WEP-2ac and WEP-2ac Smart support up-to-date requirements to service quality and allows transmitting more important traffic in higher priorities queues. Prioritization is based on main QoS technologies: CoS (special tags in VLAN packet field) and ToS (tags in IP packet field). Besides the standard methods of prioritization, devices allow assigning demands for traffic transmission almost in every packet field from MAC to TCP/UDP port. The ACL rules and shaping allow controlling access, quality of service and restrictions for all subscribers as well as for each subscriber individually.
The devices are designed to be installed in offices, state buildings, conference halls, laboratories, hotels, etc. The creation of virtual access points with different types of encryption allows clients to delimit access rights among users and groups of users.

Device specifications

Interfaces:

• 1 port of Ethernet 10/100/1000BASE-T (RJ-45) with PoE+ support;

• Wi-Fi 2.4 GHz IEEE 802.11b/g/n;

• Wi-Fi 5 GHz IEEE 802.11a/n/ac;

• Console RJ-45.

Functions:

WLAN capabilities:

• support for IEEE 802.11a/b/g/n/ac standards;
• data aggregation, including A-MPDU (Tx/Rx) and A-MSDU (Rx);
• WMM-based priorities and packet planning;
• Dynamic Frequency Selection (DFS);
• support for hidden SSID;
• 32 virtual access points;
• third-party access point detection;
• Workgroup Bridge;
• WDS;
• MESH;
• APSD.

Network functions:

• autonegotiation of speed, duplex mode and switching between MDI and MDI-X modes;
• support for VLAN;
• support for 802.11k/r;
• DHCP client;
• support for IPv6;
• LLDP;
• ACL; 
• SNMP;
• GRE.

Cluster operating mode:

• organizing a cluster with capacity of up to 64 access points;
• auto synchronization of access point configurations in a cluster;
• auto update of access points firmware in a cluster;
• Single Management IP – united address to control access points in a cluster;
• automatic distribution of frequency channels among access points;
• automatic distribution of output power level among access points.

QoS functions:

• priority and profile-based packet scheduling;
• bandwidth limiting for each SSID;
• changing WMM parameters for each radio interface.

Security:

• e-mail notification about system events;
• centralized authorization via RADIUS server (802.1X WPA/WPA2 Enterprise);
• WPA/WPA2;
• Captive Portal;
• support for Internet Protocol Security (IPSec);
• support for WIDS/WIPS.

The figure below shows WEP-2ac application scheme.

Figure 1 – WEP-2ac application scheme

Device technical parameters

Table 1 — Main specifications

¹Defined by Transmit Power Limit and Transmit Power Control regulators

Radiation patterns

Radiation patterns for the embedded antennas are given below.

2.4 GHz
5 GHz

Design 

WEP-2ac and WEP-2ac Smart are housed in a plastic case.

Device main panel

The main panel layout of the device is depicted in Fig. 2.

Figure 2 – Main panel layout of the device

The following light indicators, connectors and controls are located on the main panel of WEP-2ac and WEP-2ac Smart:

Table 2 – Description of ports and controls

Light indication

The current device state is displayed by Wi-Fi, LAN, Power indicators. The list of possible LED states is given below. 

Table 3 – Light indication of device state

Reset to the default settings

In order to reset the device to factory settings, press and hold the 'F' button until Power indicator starts flashing. Device will be rebooted automatically. DHCP client will be launched by default. If the address is not received via DHCP the device will have IP address — 192.168.1.10, subnet mask — 255.255.255.0 and User Name/Password to access via Web interface: admin/password.

Delivery package

The delivery package includes:

• Wireless access point WEP-2ac/WEP-2ac Smart;
• Mounting kit;
• User manual on a CD (optional);
• Technical passport.

Installation order

This section defines safety rules, installation recommendations, setup procedure and the device starting procedure.

Safety rules

1. Do not install the device close to heat sources or in rooms with temperature below 5 °C or above 40 °C.
2. Do not use the device in places with high humidity. Do not expose the device to smoke, dust, water, mechanical vibrations or shocks.
3. Do not open the device case. There are no user serviceable parts inside.

Installation recommendations

1. The recommended mounting position: horizontal, on a ceiling.
2. Before installing and enabling the device, check it for visible mechanical defects. If defects are observed, stop the device installation, draw up corresponding act and contact the supplier.
3. If the device has been exposed for a long time at a low temperature, it must be left to stand for two hours at room temperature before use. After a long stay of the device in conditions of high humidity, let it stand under normal conditions for at least 12 hours before switching on.
4. During the device installation, follow these rules to ensure the best Wi-Fi coverage:
   1. Install the device at the center of a wireless network;
   2. Minimize the number of obstacles (walls, roof, furniture and etc.) between access point and other wireless network devices;
   3. Do not install the device near (about 2 m) electrical and radio devices;
   4. It is not recommended to use radiophone and other equipment operating on the frequency of 2.4 GHz, 5 GHz in Wi-Fi effective radius;
   5. Obstacles like glass/metal constructions, brick/concrete walls, water cans and mirrors can significantly reduce Wi-Fi action radius. It is not recommended to place the device inside a false ceiling as metal frame causes multipath signal propagation and signal attenuation.
5. During the installation of several access points, cell action radius must overlap with action radius of a neighbouring cell at level of -65 ÷ -70 dBm. Decreasing of the signal level on cells borders to -75 dBm is permitted if it involves the use of VoIP, streaming video and other traffic that is sensitive to losses in wireless network.

Calculating the number of required access points

To calculate the required number of access points, evaluate the required coverage zone. For a more accurate assessment, it is necessary to make a radio examination of the room. Approximate radius of coverage area of WEP-2ac with a good-quality signal in case of mounting on a ceiling in typical office: 2.4 GHz 40-50 m, 5 GHz: 20-30 m. In the absence of obstacles, the coverage radius: 2.4 GHz up to 100 m; 5 GHz up to 60 m.
The table below describes rough attenuation values.

Table 4 – Attenuation values

Channel selection for neighboring access points

It is recommended to set nonoverlapping channels to avoid interchannel interference among neighbouring access points.

Figure 3 – General diagram of frequency channel closure in the range of 2.4 GHz 

For the example of channel allocation scheme among neighboring access points in frequency range of 2.4 GHz when channel width is 20 MHz, see Figure 4.

Figure 4 – Diagram of channel allocation among neighboring access points in the frequency range of 2.4 GHz when channel width is 20 MHz

Similarly, the procedure of channel allocation is recommended to save for access point allocation between floors, see Figure 5.

Figure 5 – Diagram of channel allocation between neighboring access points that are located between floors

When width of used channel is 40 MHz there is no non-overlapping channels in frequency range of 2.4 GHz. In such cases, select channels maximally separated from each other.

Figure 6 – Channels used in range of 5 GHz when channel width is 20, 40 or 80 MHz

Device installation

The device should be attached to plain surface (wall or ceiling) in accordance with the safety instruction and recommendations listed above.
The device delivery package includes required mounting kit to attach the device to plain surface.

Wall mounting

1. Fix the bracket (included in the delivery package) to the wall:

 
Figure 7 – Attaching the bracket to a wall

1. 1. The figure shows the bracket allocation;
   2. When installing the bracket, pass wires through the corresponding grooves of the bracket, see figure 7;
   3. Pass the wires into the corresponding grooves on the bracket while installing the bracket. Screw the brackets to the device surface by using screwdriver.

2. Install the device.

Figure 8 – Device installation (front view)

1. Connect cables to corresponding connector of the device.
   Description of the connectors is given in Design section.
2. Align the device and bracket together, fix the position, turning clockwise. 

Installing to false ceiling

1 – metal bracket; 2 – Armstrong panel; 3 – plastic bracket; 4 – device.

Figure 9 – Mounting to a false ceiling

1. Fasten metal and plastic bracket on a ceiling as shown in the figure 9.
   1. The plastic bracket (3) should be joined with the metal one (1) on the ceiling in the following order: metal bracket -> Armstrong panel -> plastic bracket.
   2. Cut the hole in the Armstrong panel. The size of the hole should be equal to hole of metal bracket. Conduct wires through the hole.
   3. Align holes in metal bracket with holes of Armstrong panel and plastic bracket. Align together three screw holes on the plastic bracket and the screw holes on the metal bracket. Screw the brackets to the device surface by using a screwdriver.
2. Install the device.
   1. Connect cables to corresponding connector of the device. Description of the connectors is given in Design section.
   2. Align the device and plastic bracket together, fix the position, turning clockwise.

Removing the device from the bracket

For removing the device from the bracket:

1. Turn the device counterclockwise;
2. Remove the device.

Device management via the web interface

Getting started

Connect network cable to the PoE interface of the access point and to the PoE switch/injector. Next, connect a PC to the injector or switch:

1. Open a web browser, for example, Firefox, Opera, Chrome.

2. Enter the device IP address in the browser address bar.

   IP address by default: 192.168.1.10, subnet mask: 255.255.255.0.

   The device can obtain IP address via DHCP. Until then, it is available at the factory IP address.

   When the device is successfully detected, username and password request page will be shown in the browser window.

   

3. Enter username into 'User Name' and password into 'Password' field.

   Factory default authorization settings: User Name – admin, Password – password.

4. Click the 'Logon' button. A menu for monitoring the status of the device will open in a browser window. 

Web interface basic elements

Navigation elements of the web interface are shown in figure below.

User interface window is divided into three general areas:

1. Tabs of the device settings menu.
2. Main configuration field of the selected tab.
3. Information on the selected menu section. 

'Basic Settings' menu

In the 'Basic Settings' menu, basic information about the device is displayed. This menu provides the ability to change the password for accessing the device and configure the speed of the Console port.

Review Description of this Access Point – this section provides information about network settings of the device and firmware version.

• IP Address – IP address of the device;
• MAC Address – MAC address of the device;
• Firmware Version – firmware version;
• Uptime – operation time;
• CPU Usage – average percentage of CPU usage over the last 10 seconds;
• Memory Usage – percentage of device physical memory usage. 

Device Information – main information about the device.

• Product Identifier – device identifier;
• Hardware Version – hardware version;
• Serial Number – serial number of the device;
• Device Name – system name of the device;
• Device Description – device description.

Provide Network Settings – in this section, password for accessing the device web/CLI configurator can be changed.

• New Password – new password;
• Confirm new password – confirmation of new password. 

Serial Settings – Console interface settings.

• Baud Rate – data transfer rate via Console interface, bps. By default, the parameter is 115200. May take values 9600, 19200, 38400, 57600, 115200.

System Settings – in this section, system settings of the device can be changed.

• System Name – system name of the device;
• System Contact – contact information for communication with the administrator;
• System Location – information about the physical location of the device.

To apply a new configuration and save setting to non-volatile memory, click 'Apply'. 

'Status' menu

The 'Status' menu displays current state of the system, provides information about the state of the device interfaces, events registered on the device, connected clients, radio environment and device radio statistics.

'Interfaces' submenu

The 'Interfaces' submenu provides information about the current state of wired interfaces and wireless network settings.

To quickly switch to the configuration menu of the wired interface 'Wired Settings' or the wireless interface 'Wireless Settings', click on the link 'Edit' in the corresponding section.

Wired Settings – provides information about the current state of the wired interface:

• MAC Address – MAC address of the Ethernet interface of the device;
• VLAN ID – VLAN number for device management;
• IP Address – IP address for device management;
• Subnet Mask – IPv4 network management mask;
• IPv6 Address – IPv6 network management mask;
• IPv6 Autoconfigured Global Addresses – the list of automatically configured IPv6 addresses;
• IPv6 Link Local Address – automatically configured local IPv6 address;
• IPv6-DNS-1 – address of the first DNS server in IPv6 network;
• IPv6-DNS-2 – address of the second DNS server in IPv6 network;
• DNS-1 – address of the first DNS server in IPv4 network;
• DNS-2 – address of the second DNS server in IPv4 network;
• Default Gateway – default gateway in IPv4 network.

Wireless Settings – provides information about the current state of wireless interfaces:

• Radio One Status – operation state of the first radio interface;
• Radio Two Status – operation state of the second radio interface;
• MAC Address – MAC address of the interface;
• Mode – radio interface operating mode according to IEEE 802.11 standards;
• Channel – number of the wireless channel on which the radio interface operates;
• Operational bandwidth – bandwidth of the channel on which the radio interface operates, MHz;
• Transmit Power Output – actual radiated transmitter power, dBm.

When clicking the 'Show interfaces table' link in 'Wired Settings' and 'Wireless Settings' sections, an interface table becomes available containing the following information:

• Interface – name of the access point interface;

• Status – interface status;

• MAC Address – interface MAC address;
• VLAN ID – VLAN identifier used on the interface;
• Name (SSID) – wireless network name.

To hide the table, click the 'Hide interfaces table' link.

To update information on the page, click the 'Refresh' button.

'Events' submenu

'Events' submenu displays a list of events that occur with the device, as well as configure event redirection to a third-party SYSLOG server.

Options – in this section, the following message log parameters can be configured: severity level and number of messages stored in the non-volatile memory of the device.

• Persistence – way to save informational messages:
  • Enabled – when this flag is set, log events will be saved to non-volatile memory.
  • Disabled – when this flag is set, the events will be saved in volatile memory. Messages in volatile memory will be cleared when the system is rebooted.
• Severity – the severity level of the message to be saved in non-volatile memory. Description of severity levels is given in table below.

Table 5 – Description of event severity categories

• Depth – maximum number of messages that can be stored in volatile memory. When this threshold is exceeded, the message that is stored in the system the longest is overwritten with a new message. The parameter takes values in the range from 1 to 512. The default value is 512.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

Relay Options – in this section, sending informational messages from the device to a third-party server is configured.

• Relay Log – enable/disable sending informational messages from the device to a third-party server:
  • Enabled – when the flag is set, sending is enabled;
  • Disabled – when the flag is set, sending is disabled.
• Relay Host – the address of the server to which the messages are redirected. The IPv4 address, IPv6 address, or domain name of the remote server can be set.
• Relay Port – number of the port (layer 4), to which messages are redirected. The parameter may take values in range from 1 to 65535. Default value – 514.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

Events – in this section, a list of real-time information messages containing the following information can be viewed:

• Time Setting (NTP) – time when event was generated;
• Type – event severity level (table 5);
• Service – the name of the process that generated the message;
• Description – event description.

To update information in the 'Events' section, click 'Refresh'.

To clear all messages, click 'Clear All'.

'Transmit/Receive' submenu

In the 'Transmit/Receive' submenu graphs of the speed of receiving/transmitting traffic for the last 10 minutes are displayed, as well as information on the amount of transmitted/received traffic since the access point was turned on.

'Transmit/Receive' graphs description

The LAN Tx/Rx diagram displays the speed of the transmitted/received traffic via the access point's Ethernet interface over the last 10 minutes. The diagram is automatically updated every 30 seconds.
The WLAN Tx/Rx displays the speed of transmitted/received traffic via radio interfaces of the access point over the last 10 minutes. The diagram is automatically updated every 30 seconds.

'Transmit' table description:

• Interface – name of the interface;
• Total packets – number of successfully sent packets;
• Total bytes – number of successfully sent bytes;
• Total Drop Packets – number of packets dropped when sent;
• Total Drop Bytes – number of bytes dropped when sent;
• Errors – number of errors.

'Receive' table description:

• Interface – name of the interface;
• Total packets – number of successfully received packets;
• Total bytes – number of successfully received bytes;
• Total Drop Packets – number of packets dropped on receipt;
• Total Drop Bytes – number of bytes dropped on receipt;
• Errors – number of errors. 

To update information on the page, click 'Refresh'.

'Wireless Multicast Forwarding Statistic' submenu

In the 'Wireless Multicast Forwarding Statistic' submenu statistics on the operation of Wireless Multicast Forwarding is displayed.

'Transmit/Receive Statistics' table description:

• Interface – name of the interface.
• Mcast-Data-Frames – number of the multicast frames received by access point;
• Mcast-Data-Fwd – number of the multicast frames received by clients;
• Mcast-Data-Flooded – number of the multicast frames sent to all ports;
• Mcast-Data-Sentup – number of the multicast frames sent;
• Mcast-Data-Dropped – number of the multicast frames dropped.

'IGMP Statictics' table description:

• Interface – name of the interface;
• Igmp-Frames – number of IGMP frames received by access point;
• Igmp-Frames-Fwd – number of IGMP frames received by clients;
• Igmp-Frames-Sentup – number of IGMP frames sent to all ports;
• Mfdb-Cache-Hits – number of packets sent to known multicast address;
• Mfdb-Cache-Misses – number of packets sent to unknown multicast address.

'Multicast-Group' table description:

• Interface – name of the interface;
• Multicast-Group – IP address of the multicast group;
• Stations – MAC address of the multicast group client;
• Packets – number of received packets of multicast group clients. 

'Client Associations' submenu

In the 'Client Associations' submenu information about clients connected to the access point and statistics of transmitted/received traffic for each client is displayed.

• SSID – wireless interface name and virtual access point name on the interface to which the client is connected. For example, wlan0vap2 means that the client is associated with Radio 1 VAP2; the entry wlan1 means that the client is associated with VAP0 on Radio2;
• Station – MAC address of the client;
• IP Address – IP address of the client;
• Hostname – device network name;
• Uptime – duration of the client session;
• RSSI – received signal level, dBm;
• SNR – signal/noise ratio, dB;
• Noise – noise level, dBm;
• Link Quality – parameter that displays the status of the link to the client, calculated based on the number of retransmit packets sent to the client. The maximum value is 100% (all transmitted packets were sent on the first attempt), the minimum value is 0% (no packets were successfully sent to the client);
• Rate Quality – parameter that displays the status of the link to the client, calculated based on the number of retransmit packets sent to the client for the modulation that is currently in use. The maximum value is 100% (all transmitted packets on this modulation were sent on the first attempt),  the minimum value is 0% (none of the packets on this modulation to the client was successfully sent);

• Link Capacity – parameter that reflects the effectiveness of the use of a modulation access point on the transmission. It is calculated based on the number of packets transmitted on each modulation to the client, and the reduction factors. The maximum value is 100% (means that all packets are transmitted to the client at maximum modulation for the maximum nss type supported by the client). The minimum value is 2% (in the case when the packets are transmitted to the modulation nss1mcs0 for a client with MIMO 3x3 support). For clients connected without using AMPDU, the parameter is not supported;

• Status Authorized – authorization status.

Clicking on the MAC address of a client reveals detailed information about its operation and statistics of transmitted/received traffic for this client.

• MAC – MAC address of the client;
• AID – unique connection identifier;
• SSID – name of the network to which the client is connected;
• Mode – IEEE 802.11 standard in which the client operates;
• RSSI – signal level from the client, dBm;
• VLAN – VLAN number of the virtual access point;
• Tx actual rate – current data transfer rate towards the client, kbps;
• Tx/Rx Packets – number of packets sent and received from the client;
• Tx/Rx Drop Packets – number of dropped packets in both directions (for transmission and reception);
• Tx/Rx Bytes – number of transmitted and received information (in bytes);
• Tx/Rx Drop Bytes – number of dropped information in both directions (for transmission and reception, in bytes);
• Tx/Rx Rate – channel rate in two directions, Mbps;
• Connection time – session duration;
• Bandwidth – channel bandwidth, on which the client operates, MHz;
• PS Mode – sleep mode: off – the client is up, on – the client is in sleep mode;
• Auth Mode – security type;
• Encryption – encryption type;
• Listen Interval – number of beacon frames after which the client should check for traffic for (in case of sleep);
• Rx actual rate – current data transfer rate towards the access point, kbps.

'Tx/Rx Statistics' table description:

• MCS – modulation;
• Rx Pkts – number of packets received from the client on each modulation;
• Tx Pkts – number of packets transmitted to the client on each modulation;
• Tx Succ Pkts – number of packets successfully transmitted to the client;
• Tx Retries – percentage of duplicated packets towards the client;
• Tx Period Retries – percentage of retransmitted packets in the last period (10 seconds).

To update information on the page, click 'Refresh'.

'TSPEC Client Associations' submenu

In the 'TSPEC Client Associations' submenu information about client Tspec data transmitted and received using this access point is displayed.

• Network – wireless interface name and name of the virtual access point on the interface the client is connected to. For example, wlan0vap2 entry means that the client is associated with Radio1 through VAP2 virtual access point; wlan1 entry means that the client is associated with VAP0 on Radio2;
• Station – MAC address of the client;
• TS Identifier – TSPEC traffic flow identifier. May take values from 0 to 7;
• Access Category – access category (Voice or Video);
• Direction – traffic direction (Uplink/Downlink/Bidirectional);
• User Priority – user priority;
• Medium Time – average time that a traffic flow occupies a transmission medium;
• Excess Usage Events – amount of time the client exceeded the average transfer time;
• VAP – number of the virtual access point;
• MAC Address – MAC address of the access point;
• SSID – name of the wireless network;
• From Station – information about traffic transmitted from wireless client to access point;
• To Station – information about the traffic transmitted from access point to client:
  • Packets – number of transmitted packets;
  • Bytes – number of transmitted bytes.

To update information on the page, click 'Refresh'. 

'Rogue AP Detection' submenu

In the 'Rogue AP Detection' submenu, information about all wireless access points that the device detects in its network is displayed.

To update information on the page, click 'Refresh'.

• AP Detection for Radio 1/AP Detection for Radio 2 – enable detection of third-party access points in the background for Radio1 and Radio2.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

Detected Rogue AP List – this section provides information about all wireless access points that the device detects in its network.

Button 'Delete Old' is used to delete records of inactive devices in a radio environment.

• Action – if access point is in the list of discovered, then clicking 'Grant' button will transfer it to the list of trusted access points 'Known AP List';
• MAC – MAC address of the access point;
• Radio – radio interface that was used to discover rogue access point;
• Beacon Int. – interval for sending a beacon packet by access point;
• Type – type of detected device:
  • AP – access point;
  • Ad hoc – decentralized client device.
• SSID – name of the wireless network;
• Privacy – access point security mode operation status:
  • On – security mode is disabled;
  • Off – security mode is enabled.
• WPA – WPA encryption state: Off – disabled, On – enabled;
• Band – frequency spectrum of the access point: 2.4 GHz or 5 GHz;
• Channel [BandWidth] – used frequency channel and bandwidth;
• Channel Blocks – range of channels used by the access point;
• Signal – signal level received from the access point, dBm. Hovering the pointer over a graphical representation of a signal displays the numerical indicators of this signal;
• Beacons – total number of beacon packets received from the access point since it was discovered;
• Last Beacon – date and time when the last beacon packet was received from the access point;
• Rates – list of channel rates supported by this access point. 

Known AP List – the table lists the trusted access points.

To remove access point from the black list, click 'Delete', after removing from the 'Known AP List', access point will be added to the list of detected access points.

Save Known AP List to a file – in this section, 'Known AP List' is saved to the file. To save click 'Save'.

Import Known AP List from a file – in this section, 'Known AP List' is loaded from file.

• Replace – imported list of trusted access points will completely replace the current list of trusted access points;
• Merge – trusted access points from the imported list will be added to access points currently in the imported list.

To load the file, click 'Browse', select a file to upload and click 'Import'.  

'TSPEC Status and Statistics' submenu

In the 'TSPEC Status and Statistics' submenu, information about TSPEC sessions on radio interfaces is displayed.

'AP Status' and 'VAP Status' tables description:

• Interface – name of the interface;
• Access Category – access category (Voice, Video, Best Effort, Background);
• Status – session status;
• Active TS – number of current active traffic flows;
• TS Clients – number of clients;
• Medium Time Admitted – average time that a traffic flow occupies a transmission medium;
• Medium Time Unallocated – average band idle time in this category.

'Transmit' table description:

• Radio – name of the radio interface;
• Access Category – access category (Voice, Video, Best Effort, Background);
• Total Packets – total number of packets of this access category sent by radio interface;
• Total Bytes – total number of bytes of this access category sent by radio interface;
• Interface – number of the virtual access point;
• Total Voice Packets – total number of packets of Voice category sent from this VAP;
• Total Voice Bytes – total number of bytes of Voice category sent from this VAP;
• Total Video Packets – total number of packets of Video category sent from this VAP;
• Total Video Bytes – total number of bytes of Video category sent from this VAP;
• Total Best Effort Packets – total number of packets of Best Effort category sent from this VAP;
• Total Best Effort Bytes – total number of bytes of Best Effort category sent from this VAP;
• Total Background Packets –  total number of packets of Background category sent from this VAP;
• Total Background Bytes – total number of bytes of Background category sent from this VAP.

'Receive' table description:

• Radio – name of the radio interface;
• Access Category – access category (Voice, Video, Best Effort, Background);
• Total Packets – total number of packets of this access category received by radio interface;
• Total Bytes – total number of bytes of this access category received by radio interface;
• Interface – number of the virtual access point;
• Total Voice Packets – total number of packets of Voice category received on this VAP;
• Total Voice Bytes – total number of bytes of Voice category received on this VAP;
• Total Video Packets – total number of packets of Video category received on this VAP;
• Total Video Bytes – total number of bytes of Video category received on this VAP;
• Total Best Effort Packets – total number of packets of Best Effort category received on this VAP;
• Total Best Effort Bytes – total number of bytes of Best Effort category received on this VAP;
• Total Background Packets – total number of packets of Background category received on this VAP;
• Total Background Bytes – total number of bytes of Background category received on this VAP.

To update information on the page, click 'Refresh'. 

'TSPEC AP Statistics' submenu

In the 'TSPEC AP Statistics' submenu, statistics on the number of transmitted/received traffic flows of various categories is displayed (Voice, Video, Best Effort, Background).

• TSPEC Statistics Summary for Voice ACM – total number of accepted and rejected traffic flows of the Voiсe category;
• TSPEC Statistics Summary for Video ACM – total number of accepted and rejected traffic flows of the Video category;
• TSPEC Statistics Summary for Best Effort ACM – total number of accepted and rejected traffic flows of the Best Effort category;
• TSPEC Statistics Summary for Background ACM – total number of accepted and rejected traffic flows of the Background category.

To update information on the page, click 'Refresh'.

'Radio Statistics' submenu

In the 'Radio Statistics' submenu detailed information about packets and bytes transmitted/received over the wireless interface is displayed.

Set the flag next to the name of the radio interface for which detailed information should be displayed (Radio 1 or Radio 2):

• WLAN Packets Received – total number of packets received by the access point through this radio interface;
• WLAN Bytes Received – total number of bytes received by the access point through this radio interface;
• WLAN Packets Transmitted – total number of packets transmitted by the access point through this radio interface;
• WLAN Bytes Transmitted – total number of bytes transmitted by the access point through this radio interface;
• WLAN Packets Receive Dropped – number of packets received by the access point through this radio interface that were dropped;
• WLAN Bytes Receive Dropped – number of bytes received by the access point through this radio interface that were dropped;
• WLAN Packets Transmit Dropped – number of packets transmitted by the access point through this radio interface that were dropped;
• WLAN Bytes Transmit Dropped – number of bytes transmitted by the access point through this radio interface that were dropped;;
• Fragments Received – number of received packets fragments;
• Fragments Transmitted – number of transmitted packets fragments;
• Multicast Frames Received – number of received multicast frames;
• Multicast Frames Transmitted – number of transmitted multicast frames;
• Duplicate Frame Count – number of duplicate frames;
• Failed Transmit Count – number of packets not transmitted due to error;  
• Transmit Retry Count – number of resent packets;
• Multiple Retry Count – number of packets resent multiple times;
• RTS Success Count –number of confirmation packets of readiness to receive traffic (CTS);
• RTS Failure Count – number of packets that did not receive confirmation of readiness to receive (CTS);
• ACK Failure Count – number of packets that did not receive confirmation of successful reception (ACK);
• FCS Error Count – number of frames that failed the checksum check;
• Transmitted Frame Count – number of successfully transmitted frames;
• WEP Undecryptable Count – number of packets that failed to decrypt (WEP).

To update information on the page, click 'Refresh'. 

'Email Alert Status' submenu

In the 'Email Alert Status' submenu information about sent e-mail messages generated based on the event log is displayed.
Messages sending can be configured in the 'Email Alert' submenu located in the 'Services' menu.

• Email Alert Status – status of the e-mail notification on the device operation:
  • Up – notification is enabled;
  • Down – notification is disabled.
• Number of Email Sent – total number of messages sent at the moment;
• Number of Email Failed – total number of messages failed at the moment;
• Time Since Last Email Sent – date and time the last message was sent.

To update information on the page, click 'Refresh'.

'Manage' menu

'Ethernet Settings' submenu

In the 'Ethernet Settings' submenu network settings of the device are performed.

• Hostname – network name of the device. May contain from 1 to 63 characters and consist of Latin uppercase and lowercase letters, numbers, hyphen '-' (the hyphen cannot be the last character in the device network name);
• MAC Address – MAC address of the device Ethernet interface;
• Management VLAN ID – VLAN identifier used to access the device. May take values from 1 to 4094. By default – 1;
• Untagged VLAN – switch LAN ports to access mode, in which a VLAN tag is added for incoming untagged traffic and removed from outgoing:
  • Enabled – enable access mode for LAN ports;
  • Disabled – disable access mode for LAN ports.
• Untagged VLAN ID – VLAN identifier that will be assigned to untagged traffic received on the device and removed from outgoing traffic. May take values from 1 to 4094. By default – 1;
• Connection Type – selection of the method for setting IP address on the management interface which will be used to connect the WAN interface of the device to the carrier's service network:
  • DHCP – operating mode when IP address, subnet, DNS server address, default gateway and other parameters required for networking will be obtained from the DHCP server automatically;
  • Static IP – operating mode when IP address and all parameters required for networking assigned to WAN interface statically. When selecting the 'Static IP' type, the following parameters will become available for editing:
    • Static IP Address – IP address of the device in carrier's network;
    • Subnet Mask – external subnet mask;
    • Default Gateway – IP address to which the packet is sent if no route is found for it in the routing table;
    • DNS Nameservers – domain name server addresses (used to determine IP address of the device from its domain name):
      • Dynamic – DNS servers obtained via DHCP will be used;
      • Manual – DNS servers have to be manually specified.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Management IPv6' submenu

In the 'Management IPv6' submenu IPv6 address for device management access is configured.

• IPv6 Connection Type – choice of using static (Static IPv6) or dynamic (DHCPv6) IPv6 address of the device;;
• IPv6 Admin Mode – access to the device via IPv6 protocol:
  • Enable – access is allowed;
  • Disable – access is denied.
• IPv6 Auto Config Admin Mode – IPv6 address configuration mode:
  • Enable – used;
  • Disable – not used.

When setting 'Static IPv6' type in 'IPv6 Connection Type' parameter, the following parameters will become available for editing:

• Static IPv6 Address – static IPv6 address of the device. Access point can have a static IPv6 address, even if the addresses have already been configured automatically through 'Auto Config';
• Static IPv6 Address Prefix Length – static IPv6 address prefix. May take value from 0 to 128. By default – 0;
• Static IPv6 Address Status – view status of statically configured IPv6 address. The parameter takes the following values:
  • Operational – current operational;
  • Tentative – backup.
• IPv6 Autoconfigured global Addresses – list of valid IPv6 addresses on the device;
• IPv6 Link Local Address – local IPv6 address set on LAN interface. This address is not configurable and is assigned automatically;
• Default IPv6 Gateway – default gateway for IPv6;
• IPV6 DNS Nameservers – domain name server addresses (used to determine the IP address of a device from its domain name):
  • Dynamic – DNS servers obtained via DHCP will be used;
  • Manual – DNS servers have to be specified manually.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'IPv6 Tunnel' submenu

In the 'IPv6 Tunnel' submenu IPv6 tunneling inside IPv4 is configured. ISATAP protocol is used (Intra-Site Automatic Tunnel Addressing Protocol – intra-site tunneling protocol). The ISATAP protocol encapsulates IPv6 packets into IPv4 packets for transmission over an IPv4 network. Support for this functionality allows the device to communicate with remote IPv6 hosts.

• ISATAP Status – ISATAP operating mode:
  • Enabled – operation via ISATAP is allowed;
  • Disabled – operation via ISATAP is denied.
• ISATAP Capable Host – IP address or DNS name of ISATAP router. Value – isatap;
• ISATAP Query Interval – time interval between DNS queries. May take value from 120 to 3600 seconds. By default – 120 seconds;
• ISATAP Solicitation Interval – time interval between ISATAP router poll messages. May take value from 120 to 3600 seconds. By default – 120 seconds;
• ISATAP IPv6 Link Local Address – local IPv6 address of the device;
• ISATAP IPv6 Global Address – global IPv6 address of the device.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'Wireless Settings' submenu

In the 'Wireless Settings' submenu, wireless Wi-Fi network is configured. The device has 2 independent physical radio interfaces, each of which operates in its own mode and range. Radio 1 operates in 5 GHz, Radio 2 in 2.4 GHz.

This section of the menu provides separate settings for each radio interface.

• Country – name of the country where access point operates. Depending on the value set, the frequency band and transmitter power restrictions applicable in that country will be applied. The list of available frequency channels depends on the set country, which affects the automatic channel selection in the Channel = Auto mode. If the client equipment is licensed for use in another region, it will not be possible to establish a connection with the access point.

  Selecting the wrong region can lead to compatibility issues with different client devices.

• Transmit Power Control – setting the limit mode of the Transmit Power Limit parameter (the parameter available for Russia):
  • On – maximum EIRP value is limited in accordance with the legislation of the Russian Federation and does not exceed 100 mW (16 dBm transmitter power for the 2.4 GHz band, 19 dBm transmitter power for the 5 GHz band);
  • Off – maximum EIRP value is limited by the physical characteristics of the transmitter. For WEP-2ac and WEP-2ac Smart maximum EIRP value for the 2.4 GHz band – 18 dBm, for 5 GHz band – 21 dBm.
• TSPEC Violation Interval – time interval, in seconds, for which the access point should report via the event log or SNMP trap about attached clients that do not support the required admission procedures. May take value from 0 to 900 seconds. By default – 300 seconds;
• Global Isolation – when checked, traffic isolation between clients of different VAP and different radio interfaces is enabled;
• Radio Interface – radio interface status:
  • On – when the flag is set, radio interface is active;
  • Off – when the flag is set, radio interface is disabled.
• MAC Address – MAC address of the radio interface;
• Mode – selection of the wireless interface operating mode according to IEEE 802.11 standards;
• Channel – channel number for wireless network operation. When 'auto' is selected, a channel with a lower level of interference is automatically detected;
• Airtime Fairness – radio accessibility function:
  • On – when the flag is set, the function is active. Airtime is evenly distributed among users;
  • Off – the function is disabled.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Radio' submenu

In the 'Radio' submenu, advanced settings of the wireless Wi-Fi network are performed for each radio interface.

• Radio – wireless Wi-Fi interface selection. Radio 1 operates in 5 GHz band, Radio 2 operates in 2.4 GHz band;
• Status – state of configured Wi-Fi interface:
  • On – when the Wi-Fi flag is set, the interface is enabled;
  • Off – when the Wi-Fi flag is set, the interface is disabled.
• Mode – selection of the wireless interface operating mode according to IEEE 802.11 standards.
  • For Radio 1, operating in 5 GHz:
    
    • IEEE 802.11a – 5 GHz frequency band, maximum transmission rate is 54Mbps;
    • IEEE 802.11a/n/ac – 5 GHz frequency band, maximum transmission rate is 866 Mbps;
    • IEEE 802.11n/ac – 5 GHz frequency band, maximum transmission rate is 866 Mbps. Only IEEE 802.11n/ac compatible clients can be connected.
  • For Radio 2, operating in 2.4 GHz:
    • IEEE 802.11b/g – 2.4 GHz frequency band, maximum transmission rate is 54 Mbps;
    • IEEE 802.11b/g/n – 2.4 GHz frequency band, maximum transmission rate is 300 Mbps;
    • 2.4 GHz IEEE 802.11n – 2.4 GHz frequency band, maximum transmission rate is 300 Mbps. Only IEEE 802.11n compatible clients can be connected.
• Channel – radio channel selection for Wi-Fi interface operation. When 'auto' is selected, a channel with a lower level of interference is automatically detected (taking into account selected region), which runs the least number of access points;
• Channel  Update  Period – time period after which the optimal channel will be automatically selected;
• Limit Channels – list of channels from which the access point can choose the best channel for operating in the 'Auto' mode;

• Channel Bandwidth – channel bandwidth;

• Primary Channel – the parameter can only be changed if the bandwidth of a statically specified channel is equal to 40 MHz.The 40 MHz channel can be considered as consisting of two 20 MHz channels, which border in the frequency range. These two 20 MHz channels are called primary and secondary channels. The primary channel is used by IEEE 802.11n clients which support only 20 MHz channel bandwidth.
  
  • Upper – the primary channel will be the upper 20 MHz channel in the 40 MHz band;
  • Lower – the primary channel will be the lower 20 MHz channel in the 40 MHz band.

• Transmit Power Limit – transmitting Wi-Fi signal power adjustment, dBm.

  • When Transmit Power Control is enabled, the parameter may take the following values:

    • in 2.4 GHz frequency range (Radio 2) – from 8 to 16, by default – 16;

    • in 5 GHz frequency range (Radio 1) on WEP-2ac – from 1 to 19, on WEP-2ac Smart – from 11 to 19, by default – 19.

  • When Transmit Power Control is disabled, the parameter may take the following values:

    • in 2.4 GHz frequency range (Radio 2) – from 8 to 18, by default – 18;

    • in 5 GHz frequency range (Radio 1) on WEP-2ac – from 1 to 21, on WEP-2ac Smart – from 11 to 21, by default – 21.

To go to the extended parameters list, click the button with the '+' symbol next to 'Advanced settings':

• OBSS Coexistence  – mode of automatic change of channel width from 40 MHz to 20 MHz when radio is loaded:
  • On – the mode is enabled;
  • Off – the mode is disabled.
• DFS Support  – dynamic frequency selection mechanism. he mechanism demands wireless devices to scan environment and avoid using channels which coincide with radiolocation system's channels at 5 GHz. The field is available for editing only in the settings of the Radio 1 interface operating in the 5 GHz frequency band. The parameter may take the following values:
  
  • On – DFS support is enabled;
  • Off – DFS support is disabled.
• Multidomain  Regulatory  Mode – the mode of information transmission by the device about the set region in Beacon frame service messages:
  • Enable – the mode is enabled;
  • Disable – the mode is disabled.
• Short Guard Interval Supported – support for Short Guard Interval. Reducing the guard interval increases throughput. The field is available for editing when selected radio interface operating mode includes the IEEE 802.11n standard. The parameter may take the following values:
  
  • Yes – access point transmits data using a 400 ns guard interval when communicating with clients that also support a short guard interval;
  • No – access point transmits data using a 800 ns guard interval;
• STBC Mode – method of space-time block coding aimed at improving the reliability of data transmission. The field is available for editing when selected radio interface operating mode includes the IEEE 802.11n standard. The parameter may take the following values:
  
  • Yes – the device transmits one data flow through several antennas;
  • No – the device does not transmit one data flow through several antennas.
• Protection – inter-station interference prevention operating mode:
  • Auto – the mode is enabled;
  • Off – the mode is disabled.
• Beacon Interval – beacon frames transmission period. The frames are sent to detect access points. The parameter may take values from 20 to 2000 ms. By default – 100 ms.

• DTIM Period – time interval before sending a signal to a wireless client in sleep mode to indicate that a data packet is awaiting delivery. The parameter may take values from 1 to 255 ms. By default – 2 ms;
• Fragmentation  Threshold – frame fragmentation threshold in bytes. The parameter may take values from 256 to 2346. By default – 2346;
• RTS Threshold – specifies the number of bytes over which the transfer request is sent (Request to Send). Decreasing this value may improve the performance of the access point when there are a large number of connected clients, but it reduces the overall throughput of the wireless network. The parameter may take values from 0 to 2347. By default – 2347;
• Maximum Stations – maximum allowable number of clients connected to radio interface. The parameter may take values from 0 to 200. By default – 200;
• VLAN List – list of VLANs allowed to broadcast (used in conjunction with VlanTrunk mode on VAP). VLAN List setting is used if more than one VLAN needs to be transmitted towards the client device. The setting is relevant for the VAP–VlanTrunk operating mode. Maximum number of VLANs that can be specified in the list– 20;
• Fixed Multicast Rate – selection of a fixed transmission rate for multicast traffic. If 'Auto' is selected, speed selection is automatic;
• Frame-burst Support – mode to increase downstream throughput.

• DHCP Replication – replication of DHCP packets towards the client:
  • On – unicast;
  • Off – broadcast.
• ARP Suppression – ARP request conversion mechanism from Broadcast to Unicast;
• DHCP Snooping Mode – option 82 processing policy control:
  • Ignore – option 82 processing is disabled on the access point. Set by default;
  • Remove – access point deletes option 82 value;
  • Replace – access point substitutes or replaces option 82 value. When this value is set, the following parameters become available for editing:
    • DHCP Option 82 CID Format:
      • String – access point changes the contents of the Circuit-ID to a value that is manually configured in the 'DHCP Option 82 CID String' field;
      • APMAC-SSID – access point changes the contents of the Circuit-ID to entry of the <MAC address of the access point> type; <name of the SSID to which the client is connected>. Set by default;
      • SSID – access point changes the contents of the Circuit-ID to the SSID the client is connected to. 

    • DHCP Option 82 CID String – value from 1 to 52 characters which will be transmitted in the Circuit-ID if 'String' is specified in the 'DHCP Option 82 CID Format' parameter. Only Latin letters and numbers are allowed, and '.', '-', '_' characters;

      If 'DHCP Option 82 CID Format' is set to 'String' and the 'DHCP Option 82 CID String' field is left blank, then the access point will change the contents of the Circuit-ID to the default value: 'APMAC-SSID'.

    • DHCP Option 82 RID Format:
      • String – access point changes the contents of the Remote-ID to the value that is configured manually in the 'DHCP Option 82 RID String' field;
      • ClientMAC – access point changes the contents of the Remote-ID to MAC address of the client device. Default value;
      • APMAC – access point changes the contents of the Remote-ID to its MAC address;
      • APdomain – access point changes the contents of the Remote-ID to the name of the last domain in the tree, specified in the AP-Location parameter in the device settings.

    • DHCP Option 82 RID String – value from 1 to 63 characters, which will be sent to Remote-ID if in 'DHCP Option 82 RID Format' parameter 'String' is specified. Only Latin letters and numbers are allowed, and '.', '-', '_' characters.

      If 'DHCP Option 82 CID Format' is set to 'String' and the 'DHCP Option 82 CID String' field is left blank, then the access point will change the contents of the Circuit-ID to the default value: 'ClientMAC'.

    • DHCP Option 82 MAC Format – parameter defines the format of MAC addresses that are sent to CID and RID. May take values:
      
      • default – MAC address is sent in the usual format, the same as in the 'Client-Ethernet-Address' option of the DHCP packet. In this case, the MAC address is usually in lower case letters and the separator is ':', for example 'aa:bb:cc:dd:ee:ff'. In the packet, it will be sent in ASCII encoding. The value is set by default;
      • radius – MAC address is sent in the RADIUS format. In this case, all letters are converted to uppercase, and '-' acts as a separator. Example 'AA-BB-CC-DD-EE-FF'. In the packet, it will be sent in ASCII encoding.
• MCS Rate Set – selection of supported wireless data transmission channel rates determined by IEEE 802.11n/ac standards specifications;
• Legacy Rate Sets – supported and broadcast by the access point sets of channel rates;
• Broadcast/Multicast Rate Limit – when the flag is set, the transmission of broadcast/multicast traffic over the wireless network is restricted. When the flag is set, the following fields become available for editing:
  • Rate Limit – data transfer rate threshold, pps. By default – 50 pps.;
  • Rate Limit Burst – maximum value of traffic burst, pps. By default – 75 pps.
• VHT Features – enable/disable support for VHT rates. VHT feature enables support for 256QAM. Supported for the IEEE 802.11ac standard.

To go to the TSPEC settings, click the button with the '+' symbol next to 'TSPEC Settings':

• TSPEC Mode – selection of TSPEC operating mode. By default – off (disabled). May take the following values:
  
  • On – access point processes TSPEC requests from clients. Use this setting if the access point handles traffic from QoS-compliant devices such as certified Wi-Fi phones.
  • Off – access point ignores TSPEC requests from clients. Use this setting if you do not want to use TSPEC for QoS-compliant devices.
• TSPEC Voice ACM Mode – regulates mandatory admission control (ACM) for the Voice traffic category. By default – off. May take the following values:
  
  • On – the client needs to send a request to the access point before sending or receiving Voice traffic flow.
  • Off – the client can send and receive Voice traffic without requiring a valid TSPEC; access point ignores Voice TSPEC requests from clients.
• TSPEC Voice ACM Limit – defines the limit of Voice traffic volume. The parameter may take values from 0 to 90%. By default – 20%.
• TSPEC FBT Voice ACM Limit – defines an upper limit on Voice traffic volume for roaming clients on a given access point using a fast BSS transition. The parameter may take values from 0 to 90%. By default – 0%.
• TSPEC Video ACM Mode – regulates mandatory admission control (ACM) for the Video traffic category. By default – off. May take the following values:
  
  • On – the client needs to send a request to the access point before sending or receiving Video traffic flow.
  • Off – the client can send and receive Video traffic without need for a request.
• TSPEC Video ACM Limit – defines an upper limit on Video traffic volume. The parameter may take values from 0 to 90%. By default – 15%.
• TSPEC FBT Video ACM Limit – defines an upper limit on Video traffic volume for roaming clients on a given access point using a fast BSS transition. The parameter may take values from 0 to 90%. By default – 0%.
• TSPEC BE ACM Mode – regulates mandatory admission control for the Best Effort traffic category. By default – off. May take the following values:
  
  • On – the client needs to send a request to the access point before sending or receiving Best Effort traffic category;
  • Off – the client can send and receive Best Effort traffic category without need for a request.
• TSPEC BE ACM Limit – defines an upper limit on Best Effort traffic volume for roaming clients on a given access point using a fast BSS transition. The parameter may take values from 0 to 90%. By default – 0%.
• TSPEC BK ACM Mode – regulates mandatory admission control for the Background traffic category. By default – off. The parameter may take the following values:
  
  • On – the client needs to send a request to the access point before sending or receiving Background traffic category;
  • Off – the client can send and receive Background traffic category without need for a request.
• TSPEC BK ACM Limit – defines an upper limit on Background traffic volume for roaming clients on a given access point using a fast BSS transition. The parameter may take values from 0 to 90%. By default – 0%.
• TSPEC AP Inactivity Timeout – time after which inactive clients will be removed from the access point (the downlink flow is checked). The parameter may take values from 0 to 120 seconds. By default – 30 seconds.
• TSPEC Station Inactivity Timeout – time after which inactive clients will be removed from the access point (the uplink flow is checked). The parameter may take values from 0 to 120 seconds. By default – 30 seconds.
• TSPEC Legacy WMM Queue Map Mode – select On to receive traffic of various categories on queues operating in AKM.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'Scheduler' submenu

In the 'Scheduler' submenu, access point scheduler is configured. Using the settings of this menu, operating time of a specific radio interface or virtual access point can be configured.

• Global Scheduler Mode – enable/disable scheduler:
  • Enable – scheduler is enabled;
  • Disable – scheduler is disabled.

Scheduler Operational Status – this section provides information about the status of the scheduler:

• Status – scheduler operational status. The parameter may take the following values: Up (enabled) or Down (disabled). By default – Down;
• Reason – additional information about scheduler status:
  • IsActive – operational state;
  • ConfigDown – scheduler is disabled, no global settings;
  • TimeNotSet – scheduler is enabled, system time is not set on the device;
  • ManagedMode – scheduler is enabled, the device is in management mode;
• Scheduler Profile – name of the scheduler profile to create. May contain from 1 to 32 characters.

To add profile to the system, enter a name in the 'Scheduler Profile' field and click the 'Add' button.

Rule Configuration – in this section, scheduler profile parameters are configured:

• Select Profile – name of the previously created profile for which the settings will be configured;
• Set Schedule – day of the week the scheduler runs. The parameter may take the following values:
  • Daily – every day;
  • Weekday – working days;
  • Weekend – weekends;
  • On – specific day of the week, which is selected from the drop-down list. May take the following values: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday;
• Start Time – radio interface or VAP activation time. Specified as hh:mm;
• End Time – radio interface or VAP off time. Specified as hh:mm.

To add new profile rule, click the 'Add Rule' button.

To delete a rule, select the rule in the list and click the 'Remove Rule' button.

To change the rule settings, select the rule and click the 'Modify Rule' button.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Scheduler Association' submenu

In the 'Scheduler Association' submenu, scheduler rules created in the 'Scheduler' submenu are bound to VAPs or radio interfaces.

In the 'Scheduler Profile' column next to the Radio or VAP number to which you want to apply the previously created scheduler rule, set the name of the scheduler profile.

Values in the 'Operational Status' column are informational and indicate the status in which the VAP or the radio interface of the access point is located: up – enabled, down – disabled.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'VAP' submenu

In the 'VAP' submenu virtual access points on Wi-Fi interfaces are configured, as well as RADIUS server parameters. Up to 16 virtual access points can be configured on each radio interface.

Global RADIUS Server Settings – in this section, global settings for authorization via the RADIUS protocol are performed:

• RADIUS Domain – user domain;
• RADIUS IP Address Type – selection of IPv4 or IPv6 for access to the RADIUS server;
• RADIUS IP Address – main RADIUS server address. If the main RADIUS server is unavailable, requests will be sent to the backup servers specified in the fields RADIUS IP Address-1, RADIUS IP Address-2, RADIUS IP Address-3;
• RADIUS IP Address-1, 2, 3 – backup RADIUS server addresses. If the main RADIUS server is unavailable, requests will be sent to the backup servers;
• RADIUS Key – password for authorization on the main RADIUS server;
• RADIUS Key-1, 2, 3 – passwords for authorization on backup RADIUS servers;
• Enable RADIUS Accounting – when the flag is set, 'Accounting' messages will be sent to the RADIUS server.

Configuring Virtual Access Points:

• Radio – selection of the radio interface for VAP configuration. Radio 1 – VAP configuration in 5 GHz band, Radio 2 – VAP configuration in 2.4 GHz band;
• VAP – number of the virtual access point on the radio interface;
• Enabled – when the flag is set, virtual access point is enabled, otherwise it is disabled:
• VLAN ID – VLAN number that will be tagged when transmitting Wi-Fi traffic to clients connected to this VAP. When traffic flows in the opposite direction, untagged traffic from clients will be tagged with VLAN ID (when VLAN Trunk mode is disabled);
• SSID – wireless network name;
• Broadcast SSID – when checked, SSID broadcasting is on, otherwise it is disabled;
• Station Isolation – when checked, traffic isolation between clients within the same VAP is enabled;
• Band Steer – when checked, priority client connection to 5 GHz network is active. For the functionality to work, create a VAP with the same SSID on each radio interface and activate the 'Band Steer' parameter on them;
• 802.11k – enable support for 802.11k standard on VAP. 802.11k roaming requires client support for the standard. Using the functionality is possible only when using the Airtune service;
• DSCP Priority – when checked, analyzes priority from the DSCP field of the IP packet header; when unchecked, analyzes priority from the CoS (Class of Service) field of the tagged packets;
• VLAN Trunk – when checked, tagged traffic is transmitted to the subscriber;
• General Mode – when checked, transmission of untagged traffic jointly with tagged traffic is allowed (available when Trunk VLAN mode is enabled);
• General VLAN ID – a tag will be removed from the specified VLAN ID and the traffic of this VLAN will pass to the client without a tag. When traffic passes in the opposite direction, untagged traffic will be tagged with General VLAN ID;
• VLAN Priority – level 3 priority that will be assigned to packets coming from a client connected to this VAP and transmitted further to the wired network;
• Security – wireless access security mode:
  • None – no encryption for data transmission. Access point is available for connection of any client;
  • WPA Personal – WPA and WPA2 encryption. When this mode is selected, the following settings are available:

• • • WPA Versions – encryption versions: WPA-TKIP, WPA2-AES;
    • Key – WPA key. The key length is from 8 to 63 characters.
    • Broadcast Key Refresh Rate – broadcast key update interval. May take values from 0 to 86400. By default – 0.
    • MFP – client frame protection mode configuration: 
      
      • Not Required – do not use the protection; 
      • Capable – use protection when possible;
      • Required – protection is mandatory, all clients must support CCX5.

• WPA Enterprise – wireless channel encryption mode, in which the client is authorized on the centralized RADIUS server. To configure this security mode, specify the parameters of the RADIUS server (it is possible to use up to 4 RADIUS servers simultaneously, but specifying one active at the moment). the domain, security mode protocol versions, and keys for each RADIUS server must also be specified. When this mode is selected, the following settings are available:
  
  • WPA Versions – encryption versions: WPA-TKIP, WPA2-AES;
  • Enable Pre-authentication – when checked, the pre-authentication procedure for WPA2 wireless clients is used. Pre-authentication allows a mobile client to authenticate to another nearby access point while remaining 'bound' to its primary access point. This reduces the amount of time communication is not available for a roaming client while waiting for RADIUS authentication in a forwarding process;
  • MFP – client frame protection mode configuration:
    
    • Not Required – do not use the protection; 
    • Capable – use protection when possible.
  • Use Global RADIUS Server Settings – when checked, Global RADIUS Server Settings specified at the top of the page will be used. To use a separate RADIUS server for VAP, uncheck the box and enter the IP address, password of the RADIUS server, and other data in the following fields:
    
    • RADIUS Domain – user domain;
    • RADIUS IP Address Type – IPv4 or IPv6 protocol selection to access the RADIUS server;
    • RADIUS IP Address – main RADIUS server address. ПIf the main RADIUS server is unavailable, requests will be sent to the backup servers specified in the fields RADIUS IP Address-1, RADIUS IP Address-2, RADIUS IP Address-3;
    • RADIUS IP Address-1, 2, 3 – backup RADIUS server addresses. If the main RADIUS server is unavailable, requests will be sent to the backup servers;
    • RADIUS Key – password for authorization on the main RADIUS server;
    • RADIUS Key-1, 2, 3 – passwords for authorization on backup RADIUS servers;
    • Enable RADIUS Accounting – when the flag is set, 'Accounting' messages will be sent to the RADIUS server.
  • Active Server – select which of the four RADIUS servers the VAP should contact to authenticate wireless clients.
  • Broadcast Key Refresh Rate – broadcast (group) key update interval for clients of this VAP. The parameter may take values from 0 to 86400 seconds. By default – 0. The 0 value indicates that the broadcast key is not updated. Broadcast key is not updated when Fast Transition is enabled on VAP (IEEE 802.11r).
  • Session Key Refresh Rate – session key update interval for each client of this VAP. The parameter may take values from 30 to 86400 seconds. By default – 0. The 0 value indicates that the session key is not updated.
• MAC Auth Type – client authentication mode by MAC address:
  • Disabled – do not use client authentication by MAC address;
  • RADIUS – use client authentication by MAC address via RADIUS server;
  • Local – use client authentication by MAC address using the local address list generated on this access point. 

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'VAP Minimal Signal' submenu

In the 'VAP Minimal Signal' submenu, function of disabling client Wi-Fi equipment when signal level received from it is low can be configured. Used to optimize the seamlessness of roaming on the network.

• Radio – select the configured radio interface;
• VAP – number of virtual access points;
• Minimal signal Enabled – when checked, Minimal Signal feature is enabled;
• Minimal signal, dBm – signal level in dBm, below which the client equipment is disconnected. May take values from -100 to -1;
• Check signal timeout, s – time interval, after which a decision is made to turn off client equipment. May take values from 1 to 300 seconds. By default – 10 seconds.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'Fast Bss Transition' submenu

In the 'Fast Bss Transition' submenu, 802.11r roaming between base stations is configured.

Fast Bss Transition parameters:

• Radio – radio interface selection on which FBT will be configured;
• VAP – number of the virtual access point on which FBT will be configured;
• Fast Transition Mode – activating the fast transfer of the basic set of services to speed up the authentication process on the access point:
  • On – function is enabled;
  • Off – function is disabled.
• FT over DS – enabling the exchange mechanism between base stations over wired network. If it is necessary to roam, the client sends an FT Action Request Frame to the current access point with the necessary authorization data. The current access point encapsulates the given frame and forwards to the target access point over the wired network. The target AP asserts fast authentication capability with an encapsulated message to the current access point FT Action Response Frame. Current access point forwards this message to the client. After the process is completed, the client sends a Reassociation request to the target access point. When the FT over DS function is disabled, FT over AIR works, in which case the client is authorized on the target access point using the following standard authentication frames:
  • On – function is enabled;
  • Off – function is disabled.
• Mobility Domain – number of the group within which roaming can be made. May take values from 0 to 65535. By default – 0;
• R0 Key Holder – PMK-R0 key. May contain from 1 to 48 characters. Optionally used as the identifier of the NAS that will be sent in the Radius Access Request message;
• R1 Key Holder – PMK-R1 key in the xx:xx:xx:xx:xx:xx MAC address format;
• Reassociation Deadline – maximum allowed 'Reassociation' request from the station waiting time. May take values from 1000 to 4294967295 ms. By default – 1000 ms.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

After specifying the basic parameters, it is necessary to configure interaction with access points between which roaming will be carried out by setting the MAC addresses of access points and keys.

• MAC Address – MAC address of access point participating in roaming;
• NAS ID – NAS identifier, takes the value specified in R0 Key Holder;
• R1 Key Holder – PMK-R1 key in the xx:xx:xx:xx:xx:xx MAC address format;
• RRB Key – key to encrypt RRM messages 16 characters long.

To add new entry to the table, click 'Add'.

To remove entry from the table, select the line and click 'Remove'.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Passpoint' submenu

Passpoint is a feature that allows users to seamlessly migrate from 3G/4G networks to Wi-Fi networks. 

Passpoint supports the following authentication types: 

• EAP-TLS (certificate-based identification), 
• EAP-SIM (identification based on GSM SIM card data), 
• EAP-AKA (identification based on UMTS USIM data),
• EAP-TTLS with MS-CHAPv2 (username and password request, server certificate).

Select the radio interface and virtual access point on which Passpoint will run and fill in the fields below (if necessary). 

• Radio – radio interface on which to activate the Passpoint function;
• VAP – virtual access point (SSID), on which to activate the Passpoint function. 

Internetwork parameters 802.11u (Passpoint parameters):

• 802.11u Status – enable/disable Passpoint;
• Internet Access – enable/disable Internet Access;
• ASRA (Additional Step Required for Access) – add/remove additional authorization step when gaining access;
• Network Access Type – type of interaction with the access network:
  • Private Network – private network;
  • Private Network with Guest Access – private network with guest access;
  • Chargeable Public Network – chargeable public network;
  • Free Public Network – free public network;
  • Emergency Services Only Network – network for emergency services and ambulance services; 
  • Personal Device Network – personal device network;
  • Test or Experimental – test network;
  • Wildcard – interaction through vouchers (wildcard certificate);
• Interworking HESSID – MAC address, the same for all access points of the same network.

Information about the access type (IP Address Type Availability Information):

• IPv4 – access configuration via IPv4 protocol;
• IPv6 – access configuration via IPv6 protocol.

Network Authentication Type List:

• Auth Type – select the type of authentication in the field:
  • Not Configured – authentication type not set;
  • Acceptance of Term and Conditions – authentication with acceptance of the user agreement;
  • Online Enrollment – online registration;
  • HTTP/HTTPS Redirection – HTTP/HTTPS redirect;
  • DNS Redirection – DNS redirect.
• Redirect URL – field for entering URL to which the redirect will be performed. Available with the following authentication types: Acceptance of Term and Conditions, HTTP/HTTPS Redirection, DNS Redirection.

Information about the installation location (Venue Details):

• Venue Group – installation site category defined by the IEEE 802.11u standard:
  • Unspecified – not specified;
  • Assembly – crowded places (stadiums, theaters, restaurants, train stations, airports, etc.);
  • Business – banks, offices, research centers, etc.;
  • Educational – training centers;
  • Factory and Industrial – industrial buildings;
  • Institutional – state institutions;
  • Mercantile – commercial (trade) organizations;
  • Residential – housing estates;
  • Storage – storages/warehouses;
  • Utility and Miscellaneous – public services, etc.;
  • Vehicular – transport;
  • Outdoor – outdoor (city parks, recreation areas, stops, kiosks);
  • Reserved – private territories.
• Venue Type – location type. Available options depend on the location category selected above.

List of access point locations (Venue Name List):

• Venue Name – location name of the access point;
• Language Code – language. 

List of organizations (Roaming Consortium List):

• OUI Name – organization unique identifier (OUI);
• Is Beacon – add OUI to beacon (Yes), do not add OUI to beacon (No).

3GPP Cellular Network Information List:

• Country Code – country code;
• Network Code – network code.

Domain List:

Enter domains in the free fields.

Realm list:

• Realm Name – name of the realm;
• Encoding – encoding (RFC4282, UTF8);
• EAP and Auth Information – protocol and authentication information;
  
• Modify – configure authentication type and parameters;
• Reset – reset settings.

Passpoint ANQP Parameters Configurations:

• Passpoint Status – enable/disable Passpoint;
• Passpoint Capability – determine if the device supports Passpoint;
• DGAF Disabled Status – enable/disable forwarding of downstream multicast address frames (for multicast). When an access point transmits frames containing HS2.0 indication element with DGAF Disable set to disable, the mobile device must discard all received Unicast IP packets that have been decrypted with the group key;
• ANQP 4 frame – enable/выключить disable 4 GAS frame exchange;
• Gas Come Back Delay – GAS Comeback in TU depends on ANQP 4 frame setting;
• Proxy ARP Status – enable/disable Proxy ARP;
• Operating Class Indicator: 
  • Operating Class 81 – operation in the 2.4 GHz band; 
  • Operating Class 115 – operation in the 5 GHz band; 
  • Operating Class 81&115 – simultaneous operation in the 2.4 and 5 GHz bands.
• Anonymous NAI – set anonymous network access ID (NAI – Network Access Identifier);
• L2 Traffic Inspection – enable/disable L2 traffic control and filtering (available for access points that have a built-in traffic control and filtering function);
• ICMPv4 Echo – filtering feature for ICMPv4 Echo requests.

Carriers who can connect Passpoint on this access point (Operator Friendly Name List):

• Operator Name – carrier name;
• Language Code – language;
• QoS Map ID – QoS Map identifier.

Home realms list (NAI Home Realm Query List):

• Home Realm – home realm;
• Encoding – encoding (RFC4282 or UTF8).

List of possible connections (Connection Capability List):

• Protocol – protocol that can be used for connection:
  • ICMP (0x1) – ICMP;
    
  • TCP (0x6) – TCP;
  • UDP (0x11) – UDP;
    
  • ESP (0x32) – ESP.
    
• Port – port that can be used for connection;
• Status – connection status:
  • Closed – connection with given parameters is closed;
  • Open – connection with given parameters is open;
  • Unknown – connection status is unknown.

List of providers for which online registration is available (OSU Provider List):

• OSU SSID – network identifier for online registration;
• OSU  Friendly Name – internet provider name;
  
• OSU Desc – online registration server description;
• OSU Language Code – online registration language code;
• OSU Server URI – online registration server URL;
• OSU NAI – network access identifier for online registration;
• OSU Method – online registration method;
• OSU Icon – internet provider logo.

WAN Metrics Information:

• Link Status – connection state:
  • Link up – connection is active;
  • Link Down – connection is inactive;
  • Link Test – connection is in test mode.
• Symmetric Link – connection is symmetrical (Symetric Link) or asymmetrical (Not Symmetric Link);
• At Capacity – throughput;
• Down Link speed – downstream speed;
• Up Link speed – upstream speed;
• Down Link Load – downstream load;
• Up Link Load – upstream load;
• Lmd – Load Measurement Duration.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Wireless Multicast Forwarding' submenu

In the 'Wireless Multicast Forwarding' submenu, multicast packet redirection is configured.

• Radio – radio interface selection;
• VAP – number of the virtual access point;
• Enabled – if the flag is set, virtual access point is active, otherwise – inactive;
• WMF-Enable – if the flag is set, the function of redirecting multicast packets on the virtual access point is active, otherwise – inactive.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'WDS' submenu

In the 'WDS' submenu, communication between access points via a wireless network can be configured,

• Tunneling – option available only when using GRE:
  • Off – GRE is not used, the Tunneling option is disabled;
  • Master – access point is connected to network via Ethernet interface;
  • Slave – access point is connected to Master via radio interface.
• Spanning Tree Mode – STP protocol operating mode to prevent network loops:
  • Enabled – when the flag is set, the STP protocol is allowed for use. Recommended to enable when using WDS;
  • Disable – when the flag is set, the STP protocol is disabled.
• Radio – radio interface selection. Radio 1 – WDS will be deployed in 5 GHz band, Radio 2 – WDS will be deployed in 2.4 GHz band;
• Local Address – view MAC address of the current radio interface;
• Remote Address – MAC address of the radio interface of the access point with which the collaboration is intended. MAC address of the radio interface can be viewed on the 'Status' / 'Interfaces' tab;
• Connection Status – connection status;
• Signal – signal level with which the current access point sees the opposite access point with which the WDS is configured, dBm;
• Encryption – select encryption mode:
  • None – do not use encryption;
  • WPA (PSK) – WPA and WPA2 encryption, when selected, the following settings will be available:
    • SSID – Wi-Fi network name;
    • Key – WPA key. The key length is from 8 to 63 characters.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

To update information on the page, click 'Refresh'. 

'MAC Authentication' submenu

In the 'MAC Authentication' submenu, white/black lists of MAC addresses of clients that are allowed/denied to connect to this access point can be configured.

• Global policy – selection of MAC address filtering list during authentication;
  • Allow only stations in list – when the flag is set, white list of MAC addresses will be formed;
  • Block all stations in list – when the flag is set, black list of MAC addresses will be formed.

• Access List – selecting existing lists of MAC addresses or creating a new list:
  • Create – creating a new list:
    • New acl name – enter a name for the new MAC address list and click the 'Update' button to create it.

• Default – standard empty list of MAC addresses. When this list or any other previously created list is selected, the following fields will be available for editing:
  • Delete Access List – when setting the flag and then clicking on the 'Update' button, the selected Access List will be deleted. The default list cannot be deleted;
  • Stations List – list of MAC addresses of clients that are allowed/denied access.

To add MAC address to the filtering list, in the 'Access List' parameter, select the desired list and enter the MAC address to add. Then click the 'Add' button. MAC address will appear in the 'Station List' section.

To remove MAC address from the list in the 'Station List' section, select the entry and click the 'Remove' button.

• Radio – radio interface selection;
• VAP – number of the virtual access point;
• SSID – name of the virtual access point;
• ACL – selecting a list of MAC addresses to bind to the selected SSID;
• Policy Mode – configuring white/black lists of MAC addresses:
  • Global – for the current SSID, the selected list of MAC addresses will match the global flag
  • Allow – for the current SSID, the selected list will be white (devices from the list are allowed access);
  • Block – for the current SSID, the selected list will be black (devices from the list are denied access).

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Load Balancing' submenu

In the 'Load Balancing' submenu, the restriction of clients ability to connect to the access point is configured, depending on the utilization of the channel.

• Load Balancing – load balancing:
  • Enabled – load balancing is enabled;
  • Disabled – load balancing is disabled.
• Utilization for No New Associations – bandwidth utilization level of the access point, above which the connection of new clients is prohibited, set in%. By default – 0.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Authentication' submenu

In the 'Authentication' submenu, the access point is configured in client mode using the 802.1X protocol to pass the authentication procedure on higher-level equipment.

Supplicant Configuration – in this section, the following authentication parameters are configured:

• 802.1X Supplicant – enable/disable access point operation in client mode via 802.1X protocol:
  • Enabled – enable;  
  • Disabled – disable.
• EAP Method – user authentication encryption algorithm. Possible values: MD5, PEAP, TLS;
• Username – user name. The parameter may contain from 1 to 64 characters;
• Password – password. The parameter may contain from 1 to 64 characters.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

Certificate File Status – in the section, information about HTTP SSL certificate status can be viewed:

• Certificate File Present – indicates if an HTTP SSL certificate file is present. Possible values: yes, no. By default there is no certificate – no.
• Certificate Expiration Date – date indicating when the HTTP SSL certificate file will expire. If the certificate is missing, the message 'Not Present' is displayed.
  

Certificate File Upload – in this section, the HTTP SSL Certificate file is loaded.

• Upload Method – HTTP SSL certificate file upload method:
  • HTTP – uploading certificate over HTTP. If choosing this method, click the 'Select File' button, select the file to load to the device;
  • TFTP – uploading certificate over TFTP. If choosing this method, fill in the following fields:
    • Filename – certificate file name;
    • Server IP – server IP address.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

To update information on the page, click 'Refresh'.

'Management ACL' submenu

In the 'Management ACL' submenu, device management access lists are configured via Web, Telnet, SSH, SNMP.

• Management ACL Mode – use of device management access lists:
  • Enabled – when the flag is set, the functionality is enabled;
  • Disabled – when the flag is set, the functionality is disabled.
• IP Address 1...5 – list of the IPv4 hosts that have access to the device management;
• IPv6 Address 1...5 – list of the IPv6 hosts that have access to the device management.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'OTT Settings' submenu

In the 'OTT Settings' submenu, OTT (Over the Top) parameters are configured to build IPsec or GRE tunnels inside an IPSec connection from an access point.

• Service Activator URL – service activator URL, specified in the https://<xxx.xxx.xxx.xxx / Domain name>:<Port>;
• IPsec Remote Gateway – gateway for IPsec, specified in the  format of IP address or domain name;
• IPsec Operation Status – set the flag to enable a configurable IPsec connection;
• XAUTH User – user name for extended authorization, necessary for the mode config mechanism to work . The parameter may contain from 4 to 16 characters;
• XAUTH Password – username for extended authorization, necessary for the mode config mechanism to work . The parameter may contain from 8 to 48 characters .

To go to the extended list of options, click the button with the '+' symbol next to 'Advanced Settings':

IKE Proposal:

• IKE Authentication Algorithm –  choice of IKE hashing algorithm, designed to check the integrity of data ;
• IKE DH Group – choice of Diffie-Hellman algorithm, used to establish a shared secret in an insecure network ;
• IKE Encryption Algorithm – choice of encryption algorithm for phase 1 IPsec connection.

IKE Policy:

• Use ISAKMP Mode Config –  activate the mode of automatically obtaining a virtual address, a remote subnet, addresses for raising GRE tunnels from ESR, to which connect via IPSec;
• IKE Lifetime – IKE lifetime (phase 1), must be identical on both sides of the IKE/IPsec connection .  The parameter takes values from 180 to 86400 seconds. By default – 86400 seconds;
• Use NAT-T – the flag must be enabled if the access point is behind NAT;
• IPsec NAT Keepalive –  frequency of sending keepalive packets when working through NAT, so that NAT translation is preserved on upstream routers when the client is not active for a long time . The parameter takes values from 0 to 300 seconds. By default –180 seconds;
  
• IPsec Password –  password for IKE/ISPEC connection. The parameter may contain from 8 to 48 characters ;
  
• Use XAUTH Password – if the flag is set, the previously set XAUTH Password will be used for the IKE/ISPEC connection. If the flag is not set, the password specified in the IPsec Password field will be used. The field is available if Use ISAKMP Mode Config is enabled.
  

IKE Gateway – section and all its parameters are available for editing, if Use ISAKMP Mode Config is in off state:

• IPsec Local Address – client address that uses local network as IKE with a subnet mask of 255.255.255.255 (/32);
• IPsec Remote Network – remote IKE subnetwork;
  
• IPsec Remote Mask – remote IKE network mask.

IPsec Proposal:

• IPsec Authentication Algorithm – IPsec hashing algorithm for checking data integrity;
• IPsec DH Group – Diffie-Hellman algorithm, used to establish a shared secret in an insecure network;
• IPsec Encryption Algorithm – encryption algorithm for phase 1 of IPsec connection.

IPsec Policy:

• IPsec DPD Delay – interval for sending packets to detect a connection break. If there are no responses from the opposite
  side of the IPsec VPN to 5 packets in a row, the access point will consider the VPN to be broken and will restart the IPsec VPN from its side. The parameter may take values from 5 to 600 seconds. By default – 180 seconds;
  
• IPsec Child SA Lifetime – IPsec VPN SA lifetime (phase 2), must be the same on both sides of the IKE/IPsec tunnel. Must be lower than IKE Lifetime. The parameter may take values from  180 to 86400 seconds. By default – 3600 seconds.
  

IPsec VPN:

• Force Establish Tunnel – enable to establish IPsec VPN connection immediately. Otherwise, the IPsec VPN connection will be established upon request.

GRE Over IPsec:

• Use GRE Mode – enable or disable GRE over IPsec. When enabled, the following parameters are available for editing:
  
  • GRE Over IPsec Mgmt – GRE IP address for management tunnel;
  • GRE Over IPsec Data – GRE IP address for data management tunnel;
  • GRE MTU Offset – specifies MTU reduction for GRE tunnels. GRE tunnels will be assigned an MTU based on a calculation of 1500 – GRE MTU Offset. The parameter may take values from  0 to 220;
  • GRE Ping Counter –  check that GRE tunnel is still up by sending ping to GRE IP-management every 10 seconds. This value determines how many ping packets can be lost before the access point restarts the IPsec connection. The parameter takes values from 3 to 60.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'Mesh'* submenu

In the 'Mesh' submenu, communication between access points via a wireless Mesh network is configured.

Mesh General Settings – in this section, general Mesh parameters are configured.

• Autopeer Status – autoconfiguration status of the access point. Must be disabled on the wired point (Root) and enabled on the wireless ones.
• Spanning Tree Mode – STP protocol operating mode to prevent loops in the network;
• Tunneling – available only when using GRE:
  • Off – GRE is not used, the Tunneling option is disabled;
  • Master – access point is connected to the network via Ethernet interface;
  • Slave – access point is connected to the Master point via radio interface.

Mesh Interface Settings – in this section, interface is configured for Mesh organization. The section is available only on the Root point, i.e. when the Autopeer Status is off.

• Radio – selection of the radio interface for organizing Mesh;

• Interface – interface used to organize Mesh;
• Status – state of the configured Mesh interface;;
• Mesh ID – name of the Mesh network;
• Mesh Encryption – use Mesh network with encryption (on – enable, off – disable);
• Mesh Root – assign an access point as a controller in the Mesh network (must be an entry point/wired);
• Root Address – MAC interface address of the access point that is the controller (filled in automatically);
• Mesh Interface Address – MAC address of the Mesh interface of the configured access point.

Mesh Mac Authentication – in the section, members of the Mesh network can be added/removed.

• Allowed – access points added to the 'Allowed' list are allowed to access the Mesh network:
  • Delete From Access List – remove the selected MAC address from the list of allowed addresses.
• Blocked – access points added to the 'Blocked' list are denied access to the Mesh network:
  • Delete From Block List – remove the selected MAC address from the list of denied addresses.
• Access Request – list of access points that sent a request to connect to the Mesh network:
  • Access – adding access point to the white list (access is allowed);
  • Block – adding access point to the black list (access denied).

To add an access point to the Allowed/Blocked list manually, enter the point's MAC address in the 'Add mac' field and click the corresponding button:

• Access – adding access point to the white list;
• Block – adding access point to the black list.
  

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'Mesh Monitoring'* submenu

In the 'Mesh Monitoring' submenu, statistics and status of connections in the Mesh network are displayed.

Mesh Neighbor Nodes – in this section, a table with statistics of connections with neighboring access points is displayed.

Stats Update – when clicking the button, the statistics in the table will be updated;

Auto Update – automatic table update (data is updated once a second);

• MAC Address – MAC address of the Mesh interface of the neighboring access point;
• Link State – connection state;
• RSSI – signal level from a neighboring access point;
• Uptime – duration of the connection with the access point;
• Tx Total – number of successfully sent packets;
• Rx Total – number of successfully received packets;
• Tx Retry Count – number of resent packets;
• Rx Retried Count – number of received packets resent;
• Tx Actual Rate – current data transfer rate, in kbps;
• Rx Actual Rate – current data reception rate, in kbps.

Mesh Network – table with information about Mesh network members is displayed.

Update Graph – when clicking the button, the information in the table and graph will be updated;

Auto update – automatic update of the table and graph (data is updated every 10 seconds);

• MAC Address – MAC address of the network member Mesh interface;
• Device Name – device system name;
• IP Address – device IP address;
• Firmware Version – firmware version;
• Last Update – time of the last synchronization with the device.

The monitoring section contains a graph with a constructed Mesh network diagram. Based on the table and graph, the network can be analyzed. This will allow assessing the correct location of access points across the coverage area and indicate problem areas, as well as help to monitor the network in real time.

'Services' menu

In the 'Services' menu, built-in services of the access point are configured.

'Bonjour' submenu

In the 'Bonjour' submenu, the Bonjour service is configure. The services allows wireless access points and their services to discover each other within the local network using entries in the multicast Domain Name System (mDNS).

• Bonjour Status – Bonjour service status:
  • Enabled – if the flag is set, the service is active;
  • Disabled – if the flag is set, the service is disabled.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Web Server' submenu

In the 'Web Server' submenu, access to the access point via web interface is configured.

• HTTPS Server Status – HTTPS server status:
  • Enabled – if the flag is set, connection to the device web interface will be via secure HTTP protocol (HTTPS);
  • Disabled – if the flag is set, connection to the device web interface is not available via HTTPS protocol.
• HTTP Server Status – HTTPS server status, this parameter does not depend on the state of the settings of the 'HTTPS Server Status' parameter:
  
  • Enabled – if the flag is set, connection to the device web-interface will be allowed via HTTP protocol;
  • Disabled – if the flag is set, connection to the device web-interface is not available via the HTTP protocol.
• HTTP Port – port number for HTTP traffic transmission. The parameter takes values from 1025 to 65535. By default – 80;
• HTTPS Port – port number for HTTPS traffic transmission. The parameter takes values from 1025 to 65535. By default – 443;
• Maximum Sessions – number of web sessions, including HTTP and HTTPs, that can be running at the same time. The parameter takes values from 1 to 10 sessions. By default – 5;
• Session Timeout (minutes) – period of time after which the system will automatically exit the web interface if the user has not been active. The parameter takes values from 1 to 1440 minutes. By default – 60 minutes.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

Generate HTTP SSL Certificate – in this section, by clicking the 'Update button', a new HTTP SSL certificate is generated for secure access to the web server. This action must be performed when obtaining an IP address so that the name of the certificate matches the IP address of the device. When a new certificate is created, the security web server will be started. The secure connection will not function until the new certificate is applied in the browser.

HTTP SSL Certificate File Status – in this section, information about the HTTP SSL certificate is provided.:

• Certificate File Present – indicates if an SSL HTTP certificate is present;
• Certificate Expiration Date – date until which the certificate is valid;
• Certificate Issuer Common Name – name of the certificate.

To Get the Current HTTP SSL Certificate – in this section, the current HTTP SSL certificate is saved, which can later be used as a backup file:

• Download Method – HTTP SSL certificate saving method:
  • HTTP – file will be saved via HTTP to PC;
  • TFTP – certificate will be saved on the TFTP server; when specifying this method, the following fields must be filled in:
    • HTTP SSL Certificate File – certificate file name specified as a string of up to 256 characters;
    • Server IP – IPv4 or IPv6 address of the TFTP server that will be used to upload the file.

To save the HTTP SSL certificate file, click the 'Download' button.

To upload a HTTP SSL Certificate from a PC or a TFTP Server – in this section, the HTTP SSL Certificate file is uploaded:

• Upload Method – method for uploading an HTTP SSL certificate file:
  • HTTP – via HTTP. When specifying this method, click the 'Select file' button, specify the file to be downloaded to the device;
  • TFTP – via a TFTP server. When specifying this method, fill in the following fields:
    • HTTP SSL Certificate File – certificate file name specified as a string of up to 256 characters;
    • Server IP – IPv4 or IPv6 address of the TFTP server that will be used to upload the file. 

To upload the file to the device, click the 'Upload' button.

'SSH' submenu

In the 'SSH' submenu, access to the device via SSH protocol is configured.

SSH is a secure protocol for remote device management. Unlike Telnet, the SSH protocol encrypts all traffic, including transmitted passwords.

SSH Status – status of access to device via SSH protocol:

• Enabled – if the flag is set, access is allowed;
• Disabled – if the flag is set, access is denied.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Telnet' submenu

In the 'Telnet' submenu, access to device via Telnet protocol is configured.
Telnet is a protocol for organizing management over a network. Allows remotely connecting to the gateway from a computer for configuration and management.

Telnet Status – status of access to device via Telnet protocol:

• Enabled – if the flag is set, access is allowed;
• Disabled – if the flag is set, access is denied.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'QoS' submenu

In the 'QoS' submenu, the Quality of Service functions are configured. QoS is configured for each radio interface.
QQoS is used to ensure minimum latency in the transmission of data for services such as voice over IP (VoIP), real-time video, and other time-sensitive services.

Radio – radio interface for which QoS will be configured;

• EDCA Template – template with predefined EDCA parameters:
  • Default – default settings;
  • Optimized for Voice – optimal settings for voice transmission;
  • Custom – user settings.
• AP EDCA Parameters – table of settings for access point parameters (traffic is transmitted from the access point to the client):
  
  • Queue – predefined queues for various types of traffic:
  • Data 0 (Voice) – high priority queue, minimum delays. This queue automatically handles time-sensitive data such as VoIP and streaming video;
  • Data 1 (Video) – high priority queue, minimum delays. Time-sensitive video data is automatically processed in this queue;
  • Data 2 (best effort) – medium priority queue, average throughput and delay. Most traditional IP data is sent to this queue;
  • Data 3 (Background) – low priority queue, high throughput;
  • AIFS (Arbitration Inter-Frame Spacing) – defines the waiting time for data frames. The parameter takes values from 1 to 15, and is measured in slots;
  • cwMin – initial value of waiting time before resending a frame. The parameter takes values 1, 3, 7, 15, 31, 63, 127, 255, 511, 1023 in milliseconds. The cwMin value cannot exceed the cwMax value;
  • cwMax – maximum waiting time before resending a frame. The parameter takes values 1, 3, 7, 15, 31, 63, 127, 255, 511, 1023 in milliseconds. The cwMax value must be greater than the cwMin value;
  • Max. Burst  – parameter is used only for data transmitted from the access point to the client station. The maximum packet length allowed for wireless queues is 0-999.
• Wi-Fi MultiMedia (WMM) – state of the WiFi Multimedia function, which allows optimizing the transmission of multimedia traffic over a wireless environment:
  • Enable – function is enabled;
  • Disable – function is disabled.
• Station EDCA Parameters – table of client station settings (traffic is transmitted from the client station to the access point):
  • Description of the Queue, AIFS, cwMin, cwMax parameters is given above;
  • TXOP Limit – parameter is used only for data transmitted from the client station to the access point. Transmit capability - time interval in milliseconds, when a client WME station has rights to initiate data transmission over the wireless medium to the access point, the maximum value is 65535 milliseconds.
• No Acknowledgement – if the 'On' flag is set, the access point should not recognize QosNoAck frames as a class of service value; 
• APSD – if the 'On' flag is set, the APSD delivery power saving mode, which is a power management method, will be enabled. This mode is recommended if network access is provided for VoIP phones through an access point.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'Email Alert' submenu

In the 'Email Alert' submenu, sending of service information by e-mail can be configured.

In the 'Email Alert Global Configuration' section, global settings for the function of sending Email messages are set.

• Admin Mode – state of the function of sending Email messages on the access point::
  
  • Up – function is enabled;
  • Down – function is disabled.
• From Address – sender's mailing address specified as a string of up to 255 characters;
• Log Duration – time intervals for sending non-critical messages. The parameter takes values from 30 to 1440. By default – 30;
• Urgent Message Severity – severity level of messages that will be sent immediately;
• Non Urgent Severity – severity level of messages that will be sent within 'Log Duration' intervals.

In the 'Email Alert Mail Server Configuration' section, mail server and client are configured.

• Mail Server Address – mail server address, a string of the XXX.XXX.XXX.XXX format;
• Mail Server Security – authentication protocol on the mail server: Open, TLSv1. By default – Open;
• Mail Server Port – mail server port number. The parameter takes values from 0 to 65535. By default– 25;
• Username – mail client name specified as a string of up to 64 characters;
• Password – mail client password specified as a string of up to 64 characters.

In the 'Email Alert Message Configuration' parameters of the alarm message are configured:

• To Address 1 – address of the first message recipient;
• To Address 2 – address of the second message recipient;
• To Address 3 – address of the third message recipient;
• Email Subject – text in the email subject.

To send a test message, click the 'Test Mail' button.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'LLDP' submenu

In the 'LLDP' submenu, operation of the LLDP (Link Layer Discovery Protocol) protocol is configured.

• LLDP Mode – state of the LLDP protocol:
  • Enabled – when the flag is set, LLDP is active;
  • Disabled – when the flag is set, LLDP is disabled.
• TX Interval – LLDP message sending interval. The parameter takes values from 5 to 32768 seconds. By default – 30 seconds;
• POE Priority – priority sent in the 'Extended Power Information' field.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'SNMP' submenu

In the 'SNMP' submenu, device management via SNMP can be configured. 

• SNMP – enable/disable device management via SNMP:
  • Enabled – when the flag is set, SNMP is active;
  • Disabled – when the flag is set, SNMP is disabled;
• Read-only community name – password for read-only requests, specified as string from 1 to 256 characters long;
• Port number the SNMP agent will listen to – port number for receiving/sending SNMP messages. The parameter takes values from 1025 to 65535. By default – 161;
• Allow SNMP set requests – enable/disable device configuration via SNMP:
  • Enabled – enable device configuration via SNMP:
    • Read-write community name – password for read-write requests, specified as string from 1 to 256 characters long;
  • Disabled – disable device configuration via SNMP;
• Restrict the source of SNMP requests to only the designated hosts or subnets – accept SNMP requests only from the specified addresses. IP address specified as XXX.XXX.XXX.XXX or host name. If enabled, fill in the following parameters:
  • Hostname, Address, or Subnet of Network Management System – name, address or IPv4 network from which SNMP requests are allowed to be received;
  • IPv6 hostname, address, or subnet of Network Management System – name, address or IPv6 network from which SNMP requests are allowed to be received.

Trap Destinations – configuring the sending of SNMP traps to a remote server:

• Enabled – enable trap sending;
• Host Type – specify whether the enabled host is an IPv4 host or an IPv6 host.
  
• SNMP version – SNMP protocol version;
  
• Community Name – enter community name specified as string from 1 to 256 characters long;
• Hostname or IP or IPv6 Address – enter DNS name or server IP address, to which the access point will send SNMP traps. 
  

In the 'Debug Settings' section sending of debug messages is configured.

• Debugging Output Tokens – identifier of the group of debugging messages;
• Dump Sent and Received SNMP Packets – output of the received and transmitted SNMP messages to the log;
• Logs to – log output location:
  • Don't Log – do not output the log;
  • Standart Error, Standart Output – output to the console;
  • File – output to the file;
  • Syslog – Syslog output;
• Logs to Specified Files – specifying a file for log output;
• Logs Priority Level – level of output logs specified at log output to the console or file;
• Logs Priority Range – specifying the range of log levels for Syslog output;
• Transport – transport protocol used to transmit SNMP messages.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Time Settings (NTP)' submenu

In the 'Time Settings (NTP)' submenu local time of the device can be configured.

• System Time (24 HR) – current system time;
• Set System Time – selection of the time setting method:
  • Using Network Time Protocol (NTP) – automatic installation using the NTP protocol;

  • Manually – manual time installation. 

Automatic installation using NTP protocol (Using Network Time Protocol (NTP) is selected):

• • NTP Server IPv4/IPv6 Address/Name – IPv4 address, IPv6 address or NTP server host name. If a server is not specified, the name of the server received in the DHCP option will be used;
  • NTP Alternative Server IPv4/IPv6 Address/Name и NTP Alternative Server 2 IPv4/IPv6 Address/Name – specify IPv4 address, IPv6 address host name of the additional NTP servers. If a server is not specified, the name of the server received in the DHCP option will be used.

Manual time installation (Manually is selected):

• • System Date – date installation;
  • System Time (24 HR) – system time installation in 24-hour format.

• Time Zone – time zone, Russia (Moscow) is installed by default;
• Adjust Time for Daylight Savings – when selected, daylight saving change will be performed automatically. When the flag is set, the fallowing fields are available:
  • DST Start (24 HR) – time when daylight saving time is starting;
  • DST End (24 HR) – time when daylight saving time is ending;
  • DST Offset (minutes) – set time offset (in minutes).
    

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'SNMPv3' menu

In the 'SNMPv3' menu, SNMP protocol version 3 is being configured.

'SNMPv3 Views' submenu

In the 'SNMPv3 Views' menu, a description of the OID tree or subtree is formed, as well as the inclusion or exclusion of the subtree from the view.

• View Name – name of the MIB tree or subtree specified as string of up to 32 characters;
• Type – include or exclude the MIB subtree from the view:
  • included – include MIB subtree;
  • excluded – exclude MIB subtree.
• OID – OID string describing the subtree to be included or excluded from the view, specified as string of up to 256 characters;
• Mask – mask specified in the xx.xx.xx....(.) format not longer than 47 characters, used to form the required subtree within the specified OID;
• SNMPv3 Views – list of existing rules.

To add a rule, click 'Add'.

To remove rule from the 'SNMPv3 Views' field, select entry and click 'Remove'.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'SNMPv3 Groups' submenu

In the 'SNMPv3 Groups' submenu groups are formed with different security levels applied to tree and subtree browsing rules.

• Name – group name specified as string of up to 32 characters;
• Security Level – security level for the group:
  • noAuthentication-noPrivacy – authentication and data encryption are not used;
  • Authentication-noPrivacy – authentication is used, but data encryption is not used. When sending SNMP messages, an MD5 key and password are used for authentication;
  • Authentication-Privacy – authentication and data encryption are used. When sending SNMP messages, an MD5 key/password is used for authentication, and a DES key/password is used for data encryption.
• Write Views – selection of the OID tree/subtree available for writing:
  • view-all – group can create, modify and delete MIBs;
  • view-none – group is not allowed to create, modify, or delete MIBs.
• Read Views – selection of OID tree/subtree available for reading:
  • view-all – group is allowed to view and read all MIB files;
  • view-none – group is not allowed to view and read MIB files.
• SNMPv3 GROUPS – list of existing groups.

To add a rule, click 'Add'.

To remove group from the 'SNMPv3 GROUPS' field, select entry and click 'Remove'.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'SNMPv3 Users' submenu

'SNMPv3 Users' submenu is used to create users and their access parameters that work with the device via the SNMPv3 protocol.

• Name – user name specified as string of up to 32 characters;
• Group – group created in the 'SNMPv3 Groups' submenu;
• Authentication type – authentication type for using SNMP request:
  
  • MD5 – MD5 authentication is required for SNMPv3 user requests;
  • None – no authentication is required when sending SNMPv3 requests from this user.
• Authentication Key – authentication key specified as string from 8 to 32 characters. It is used if the 'MD5' value is selected in the 'Authentication type' field;
• Encryption Type – encryption type:
  
  • DES – use the DES encryption algorithm for user SNMPv3 requests;
  • None – no encryption is required when sending SNMPv3 requests from this user.
• Encryption Key – encryption key specified as string from 8 to 32 characters. It is used if the 'DES' value is selected in the 'Encryption Type' field.

To add a user, click 'Add'.

To remove group from the 'SNMPv3 USERS' field, select entry and click 'Remove'.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'SNMPv3 Targets' submenu

In the 'SNMPv3 Targets' to configure sending of traps from the device to a specific IP address, UDP port, and user.

• IPv4/IPv6 Address – IPv4 or IPv6 address to which traps will be sent;
• Port – UDP port to which the traps will be sent. The parameter takes values from 1 to 65535;
• Users – name of the user to which the traps will be sent.

To add rule for trap sending, click 'Add'.

To remove rule for trap sending from the 'SNMPv3 TARGETS' field, select entry and click 'Remove'.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'Maintenance' menu

'Maintenance' menu is intended for general device management: uploading, downloading, setting the default configuration, updating firmware, rebooting the device, as well as for debugging operations: sniffing traffic passing through the access point and uploading diagnostic information on the device.

'Configuration' submenu

The uploading and downloading of the device configuration, resetting of the device to its default configuration, and rebooting of the device can be performed by the 'Configuration' submenu.

To Restore the Factory Default Configuration – reset device to factory defaults.

To reset the device configuration to factory settings, click the 'Reset' button. After the reset, the device will automatically reboot. The whole process will take a few minutes.

To Save the Current Configuration to a Backup File – downloading the current configuration to a backup file, followed by loading the file to a remote server. Loading the configuration file from the device can be done via HTTP and TFTP protocols.

• Download via HTTP. Set the 'Download Method' flag to 'HTTP'. Click the 'Download' button, in the dialog box, select the path to save the file to the PC.
• Download via TFTP. Set the 'Download Method' flag to 'TFTP'. In the 'Configuration File' field, specify the file name where the device configuration will be saved. The file name must contain the .xml extension. In the 'Server IP' field, enter the IP address of the TFTP server where the backup file will be saved. Click the 'Download' button to start downloading the file.

To Restore the Configuration from a Previously Saved File – upload previously saved configuration file to the access point. Uploading the configuration to the device can be done via HTTP and TFTP protocols.

• Upload via HTTP. Set the 'Upload Method' flag to 'HTTP'. Click 'Choose file', and in the dialog box, select the path to the saved backup file on the PC. Click the 'Restore' button to start downloading the configuration file to the device.
• Upload via TFTP. Set the 'Upload Method' flag to 'TFTP'. In the 'Filename' field, enter the name of the file that will be downloaded to the device. The file name must contain the .xml extension. In the 'Server IP' field, enter the IP address of the TFTP server where the backup file is saved. Click the 'Restore' button to start downloading the file.

To Save the Startup Configuration to a Backup File or to Mirror file – upload the current configuration to a backup file in the non-volatile memory of the device and load the saved configuration from the non-volatile memory of the device.

• Source File Name – configuration source file name (Startup or Backup).
• Destination File Name – name of the file where the selected configuration will be written.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

Rebooting the Access Point – software reboot of the device.

To reboot the device, click 'Reboot'. 

'Upgrade' submenu

In the 'Upgrade', the device firmware is upgraded and changed.

The physical memory of the device contains two firmware images at the same time. If one of the device images fails, then the boot will be performed from another firmware image. Only one image can be active on a device at a time.

• Model – device model;
• Firmware Version – device firmware version:
  
  • Primary Image – firmware version of the active image (current firmware version);
  • Secondary Image – firmware version of the backup image (not in use at the moment).
• Switch – load the device firmware from a backup image. When this operation is performed, the active image will go into the standby state, and the standby image will go into the active state. The device will automatically reboot and set the backup firmware as active.

Updating the device firmware. When updating the device firmware, the firmware file is downloaded to the device and becomes active (Primary Image). In this case, the current image is moved to the 'Secondary Image' position. The device automatically reboots and the access point boots with firmware that matches the downloaded image. Downloading the firmware file to the device can be done via HTTP or TFTP protocol.
The firmware file can be uploaded to the device using either the HTTP or TFTP protocols.

Upload via HTTP. Set the 'Upload Method' flag to 'HTTP'. Click the 'Browse' button. In the dialog box, select the path to the firmware file on the PC. Click the 'Upgrade' button to start uploading the selected firmware file to the device.

Upload via TFTP. Set the 'Upload Method' flag to 'TFTP'. In the 'Image Filename' field, specify the name of the firmware file that will be uploaded to the device. The file name must contain the .tar extension. In the 'Server IP' field, enter the IP address of the TFTP server where the firmware file is saved. Click the 'Upgrade' button to start uploading the file.

'Packet Capture' submenu

The 'Packet Capture' provides the ability to generate and upload a traffic dump from one of the device's interfaces to a .pcap file. After selecting the parameters for recording a traffic dump, starting recording, stopping recording and uploading a file, the dump can be analyzed with special programs, for example, Wireshark.

To update information on the page, click 'Refresh'.

Packet Capture Status – in this section, information about the status of the traffic dump recording and the capability to stop the process can be viewed.

• Current Capture Status – current status of traffic dump recording (recording started/stopped);
• Packet Capture Time – traffic dump recording time;
• Packet Capture File Size – size of the recorded traffic dump.

To stop recording a traffic dump, click 'Stop Capture'.

Packet Capture Configuration – in the section, parameters for recording a traffic dump can be configured:

• Capture Beacons – if the flag is set to 'Enabled' – write Beacon packets to the dump, if the flag is set to 'Disabled' – do not write;
• Promiscuous Capture – if the flag is set to 'Enabled' – write to the dump all packets received by the radio interface, including packets not intended for this access point;
• Client Filter Enable – if the flag is set, only those packets that come from a specific user will be written to the dump. When enabling this feature, the following field must be filled in:
  • Client Filter MAC Address – MAC address of the client whose traffic should be filtered into the dump.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

Packet File Capture – in the section, parameters for recording a traffic dump can be configured:

• Capture Interface – name of the interface of the device from which the traffic dump will be recorded (eth0 – GE1, wlan0vap1 – virtual network 1 on wireless interface 0);
• Capture Duration – duration of the dump recording. The parameter takes values from 10 to 3600 seconds. The default is 60 seconds;
• Max Capture File Size – maximum dump size. The parameter takes values from 64 to 4096 KB. The default is 1024 KB.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

To start writing a traffic dump to a file with the specified parameters, click 'Start File Capture'.

Remote Packet Capture – in the section, a remote recording of a traffic dump is performed:

The device supports the RPCAP protocol, which allows recording a traffic dump from the device interface on a remote machine online.

• Remote Capture Port – port number that is used to connect to a remote machine. The parameter takes values from 1025 to 65530. The default is 2002.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

To start the RPCAP server on the device, click 'Start Remote Capture'.

After starting the RPCAP server on the device, connect to the access point on the remote machine. To connect remotely, use the RPCAP protocol, specify the device IP address and the port set in Remote Capture Port. For example, this can be done using the Wireshark program. Then, get a list of interfaces for sniffing from the device, select one of them and start dumping from the remote interface.

Packet Capture File Download – in the section, a recorded file with a traffic dump is downloaded. The dump can be downloaded via HTTP or TFTP protocol:

• Download via HTTP. The 'Use TFTP to Download the Capture File' must be unchecked. Click the 'Download' button and in the dialog box select the path to save the dump to PC;
• Download via TFTP. The ' Use TFTP to Download the Capture File' flag must be set. In the 'TFTP Server Filename' specify the name of the file in which the traffic dump will be saved on the TFTP server. The file name must contain the .pcap extension. In the 'Server IP' field, enter the IP address of the TFTP server to which the traffic dump will be sent. Click the 'Download' button to start uploading the dump.

'Support Information' submenu

In the 'Support Information' submenu, the current information about the device (amount of memory, running processes, configuration) is downloaded as a text file. This information can be used to analyze the status of the device, diagnose problems, and identify problems.

Download – downloading a text file in RTF format from the device to PC via HTTP. After clicking this button, a dialog box will appear where the path on the local computer needs to be specified to save the file. 

'Cluster' menu

The 'Cluster' menu describes the operation and configuration of devices in cluster mode. The cluster mode allows configuring only one access point (master) on the network, the remaining points, when connected to the network, will find the master on the network and copy the configuration from it. Subsequently, when changes are made to the configuration of one of the access points, these changes are applied to all points in the cluster.

'Access Points' submenu

In the 'Access Points' submenu, cluster mode can be enabled/disabled, state of the mode and composition of access points in the cluster can be monitored, and basic parameters of the cluster can be configured.

In the first block of settings, the status of the cluster is viewed and the device is started/stopped in this mode.

• Clustering – cluster operating mode:
  • Off – cluster is disabled;
  • On – cluster is enabled;
  • SoftWLC – cluster is disabled, mode for operation with SoftWLC.

The table lists the access points that are in the same cluster. Based on the information presented in the table, it can be determined:

• Location – description of the physical location of the access point. It is filled in on each access point by the administrator in the 'Clustering Options' section;
• MAC Address – MAC address of the access point in the cluster;
• IP Address – IP address of the access point in the cluster;
• Cluster-Priority – priority of the access point in the cluster. The access point with the maximum value of this parameter becomes the Master point. The parameter is set on each access point by the administrator in the 'Clustering Options' section. If the parameter is not set, the access point with the lowest MAC address becomes the master point in the cluster;
• Cluster-Controller – parameter indicating which access point is the Master point in this cluster. The parameter can take the following values: yes – the point is a Master point; no – the point is not a Master point.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

To update information on the page, click 'Refresh'.

Clustering Options – in the section, the basic parameters of the cluster are configured.

• Location – description of the physical location of the access point. Used to display in monitoring tables for easy analysis and network management;
• Cluster Name – cluster name. The access point will connect only to the cluster which name is specified in this parameter. By default – default;
• Clustering IP Version – version of the IP protocol used to exchange control information between cluster devices;
• Cluster-Priority – access point priority in the cluster. The parameter takes values from 0 to 255. The default is 0. Supported only for IPv4 networks. The master in the cluster is the point that has the highest cluster priority. If the parameter is not set, the access point with the lowest MAC address becomes the master point in the cluster.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

Single IP Management – in this section, the additional address of the master in the cluster is set.

During operation, the master point of the cluster may change due to various situations, for example, the master point has failed or a new access point with a higher priority or a lower MAC address has been added to the network. In order to be able to connect to the Master point, regardless of which point is currently the master, assign a 'Cluster Management Address'.

If a connection is established by the 'Cluster Management Address', the user is guaranteed to connect to the device that is the master in the cluster. In case of a master change in the cluster, the 'Cluster Management Address' also moves to the new access point.

• Cluster Management Address – unique IPv4 address, at which the cluster master point will be available. This address must be on the cluster subnet and not be the same as the IP address of other devices on the network.

When this parameter is set on one access point of the cluster, all other points in the cluster will automatically learn about this setting.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

Secure Join Clustering – in this section, security of the cluster connection is configured.

• Secure Mode – enable/disable cluster security. If Enabled, then only those access points that have the same password specified in the 'Pass Phrase' field can join the cluster;
• Pass Phrase – cluster security password. The password must contain between 8 and 63 characters. Valid characters: uppercase and lowercase letters, numbers, and special characters such as @ and #;;
  
• Reauthentication Timeout – period of time after which re-authentication will occur. The parameter takes values from 300 to 86400 seconds. The default is 300 seconds.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Sessions' submenu

In the 'Sessions' submenu,  the parameters of client sessions connected to access points located in the cluster can be viewed. Each client is identified by the MAC address and access point to which it is currently connected.
A maximum of 20 clients can be listed in the table. All clients connected to this access point can be viewed in the 'Status' → 'Client Associations'.

• AP Location – description of the physical location of the access point;
• User MAC – MAC address of the client's wireless device;
• Rate – data transfer rate between the access point and a specific client, Mbps;
• Signal – signal level received from the access point;
• Rх Total – total number of packets received by the client during this session;
• Tx Total – total number of packets transmitted from the client during this session;
• Error Rate – percentage of resent packets.

'Radio Resource Management' submenu

In the 'Radio Resource Management' submenu, automatic selection of access point channels can be managed.

In cluster mode, each access point sets the channel numbers on which nearby access points operate in the same cluster, and also performs a spectral analysis of background noise by third-party access points. At set intervals, access points recalculate the overall spectral structure of the medium and select a channel so that it is the least noisy, and access points which coverage areas overlap are on different channels.

To start the process of spectral analysis of the environment and selection of the optimal channel for each access point in the cluster, click the 'Start' button. To stop the process, click the 'Stop' button. 

The 'Current Channel Assignments' contains the current list of access points in the cluster and their parameters:

• IP Address – IP address of the access point in the cluster;
• Radio – MAC address of the radio interface of the access point in the cluster;
• Band – set of standards currently supported by the radio interface of the access point in the cluster;
• Channel – frequency channel in the cluster;
• Status – operation status of the radio interface of the access point in the cluster;
• Locked – blocking the channel change. If the flag is set, when the optimal channel is selected by all access points, this air interface will use the previous channel for any outcome of the optimal channel selection.

Click 'Apply' to apply the changes.

Click 'Refresh' to refresh data in the 'Current Channel Assignments'.

The 'Proposed Channel Assignments' table provides the information about the possible values of the channel to which the radio interface of the access point will switch in case of starting the recalculation of the optimality of the channel selection:

• IP Address – IP address of the access point in the cluster;
• Radio – MAC address of the radio interface of the access point in the cluster;
• Proposed Channel – channel number to which the radio interface of the access point will switch in case of recalculation of the channel selection optimality.

Advanced – in this section, advanced settings are performed:

• Change channels if interference is reduced by at least – percentage gain in reducing the noise level for making a decision to switch to another channel. If, during the analysis of the environment, the access point detects that switching to another channel will result in a noise level decrease greater than the specified amount in this parameter, the decision will be made to switch to another channel. The value setting range for this parameter is between 5% and 75%;
• Refresh when access point is added to the cluster – recalculate the overall spectral structure of the environment and select the optimal channel for access points if a new access point joins the cluster;
• Determine if there is better set of channel settings every – time interval after which the overall spectral structure of the environment is recalculated and the optimal channel for access points is selected.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

In the 'Transmit Power Control' section, access points that are in the same cluster, at set intervals, perform a spectral analysis of the air and recalculate the powers set on access points in the cluster in such a way as to have as little influence as possible on each other. By default, optimization is performed when there is a change in the cluster composition.

To start the auto-tuning process for each access point in the cluster, click the 'Start' button. To stop the process, click the 'Stop' button.

• RSSI Threshold 2.4 GHz – RSSI level threshold in the 2.4 GHz band. The parameter takes values from -100 to -30. Default is -65;
• RSSI Threshold 5 GHz – RSSI level threshold in the 5 GHz band. The parameter takes values from -100 to -30. Default is -70;
• Interval – time interval between optimization cycles. The parameter takes values from 1800 to 86400 seconds. The default value is 0, which means that power optimization is performed once, then only when there is a change in the cluster composition.

Advanced – in this section, advanced settings are performed:

• Minimal Tx Power – minimum output power level of the access point. The parameter takes values from 6 to 30. The default is 10;
• Active Scan Mode – when the flag is set, the active scanning mode is used, when it is disabled, it is passive;
• Debug Mode – when the flag is set, sending debug messages to the access point console is enabled.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

After auto-tuning optimization is completed, the results of scanning all access points in the cluster, the level of influence of points on each other, as well as the changed output power of access points can be observed in the 'Monitoring' window.

'Wireless Neighborhood' submenu

The 'Wireless Neighborhood' submenu contains a table of correspondence between access points located in the cluster and wireless networks detected by these devices. This table shows which wireless networks each access point detects and what signal strength it receives from them.

Based on this table, a spectral analysis of the entire network can be performed, and the impact of interference on each access point can be evaluated. This will enable the assessment of the correct location of access points across the coverage area and identification of problem areas where the level of interference may affect the quality of services.

The top line of the table displays information on each radio interface of access points located in the cluster. The far left column 'Neighbors' contains information on wireless networks that are visible to devices in the cluster.

The signal level from each wireless network is indicated in the upper right corner of the table cell.

The table is formed in such a way that its first rows display wireless networks formed by the cluster itself, followed by the names of third-party networks.

The 'Display Neighboring APs' parameter configures the display of information in the table:

• In cluster – when the flag is set, the table will display information only about those wireless networks that are configured on access points located in the cluster;
• Not in cluster – when the flag is set, the table will display information only about those wireless networks that are configured on access points that are not in the cluster;
• Both – when the flag is set, the table will display information about all networks.

'Cluster Firmware Upgrade' submenu

In the 'Cluster Firmware Upgrade' submenu, a firmware update can be performed on all devices included in the cluster.

When updating the firmware of the cluster devices, the firmware file will be downloaded to each device and set to the 'Primary Image' position. The update process automatically reboots devices with firmware that matches the new image. The firmware installed earlier on the cluster devices will be saved and moved to the 'Secondary Image' position (backup version of the firmware).

• Members – serial number of the access point in the cluster;
• IP Address – IP address of the access point in the cluster;
• MAC Address – MAC address of the access point located in the cluster;
• Device – access point type;
• Firmware Version – current version of the access point firmware;
• Firmware-transfer-status – status of the firmware update process on the access point;
• Firmware-transfer-progress-bar – status of the firmware upload process to the access point;

Updating the device firmware. The firmware file can be uploaded to the device using either the HTTP or TFTP protocols.

Upload via HTTP. Set the 'Upload Method' flag to 'HTTP'. Click the 'Browse' button. In the dialog box, select the path to the firmware file on the PC. Click the 'Start-Upgrade' button to start uploading the selected firmware file to the device.

Upload via TFTP. Set the 'Upload Method' flag to 'TFTP'. In the 'Image Filename' field, specify the name of the firmware file that will be uploaded to the device. he file name must contain the .tar extension. In the 'Server IP' field, enter the IP address of the TFTP server where the firmware file is saved. Click the 'Start-Upgrade' button to start uploading the file.

Click the 'Stop' button to interrupt the device update process.

In the 'Overall Upgrade Status' field, the generalized status of the firmware upgrade process on the access points is displayed.

'Captive Portal' menu

In the 'Captive portal' menu, the portal to which clients are redirected for authorization when connecting to the Internet can be configured.

Thus, the Wi-Fi network can be switched to open mode by removing encryption, while still restricting access to network resources. Connection to network resources will be implemented through web authorization.

'Global Configuration' submenu

In the 'Global Configuration', general parameters of the portal and monitor the current number of created objects can be configured.

• Captive Portal Mode – portal operation status:
  • Enabled – when the flag is set, the portal is used;
  • Disabled – when the flag is set, the portal is not used.
• Authentication Timeout – time period in seconds, during which the client can enter authorization data on the portal page to gain access to the network. If the interval is exceeded, refresh the page or reconnect to the network. The parameter takes values from 60 to 600 seconds. The default is 300 seconds;
• Roaming Service URL – APB service address for hotspot roaming support. Specified in the format: 'ws://host:port/path';
• Roaming No Action Timeout – time after which the access point will delete outdated/inactive records about clients in roaming. The parameter takes values from 0 to 86400 minutes. The default is 720 minutes;
• Instance Count – number of portal instances configured on the access point.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Instance Configuration' submenu

In the 'Instance Configuration' submenu, portals are created and configured.

To create new portal in the 'Captive Portal Instances' field, select 'Create' and in the 'Instance Name' field specify the name of the new portal. The portal name can contain from 1 to 32 characters. To create a portal, click the 'Update' button.

To proceed to work with the portal, select its name in the 'Captive Portal Instances' field:

• Instance ID – portal number;
• Admin Mode – portal operating mode:
  • Enable – enabled;
  • Disabled – disabled.
• Verification – user authentication method:
  • Cportal – method in which Captive Portal performs user authentication on the Radius server;
  • RADIUS – for authorization, user must be registered on the Radius server;
• Virtual Portal Name – virtual portal name;
• Global Radius – global authorization settings for the RADIUS protocol:
  
  • Off – disabled;
  • On – enabled. Selection of this option allows for the editing of the following fields:
    • Radius Accounting – when enabled, 'Accounting' messages will be sent to the RADIUS server:
      • On – enabled;
      • Off – disabled.
    • Raduis Domain – user domain;
    • Radius IP Network – select the IPv4 or IPv6 protocol to access the RADIUS server;
    • Radius IP – address of the main RADIUS server. If the primary RADIUS server is unavailable, requests will be sent to backup RADIUS servers;
    • Radius Backup IP  1, 2, 3 – backup RADIUS server address;
    • Radius Key – password for authorization on the main RADIUS server;
    • Radius Backup Key 1, 2, 3 – password for authorization on the backup RADIUS server 1, 2, 3;
• External URL – address of the external Captive Portal to which the user will be redirected when connecting to the hotspot network;
• Away Time – time during which the user authentication record on the access point is valid after it is dissociated. If the client does not re-authenticate within this time, the entry will be deleted. The parameter takes values from 0 to 1440 minutes. The default is 60 minutes;
• Session Timeout – session lifetime timeout. The user is automatically logged out of the portal after a specified period of time. The parameter takes values from 0 to 1440 minutes. Default 0 – no timeout applied;
• Max Bandwidth Upstream – maximum traffic transfer rate from the subscriber. The parameter takes values from 0 to 1331200 Kbps. Default 0 – unlimited;
• Max Bandwidth Downstream – maximum rate of traffic transfer to the subscriber. The parameter takes values from 0 to 1331200 Kbps. Default 0 – unlimited;
• Delete Instance – to delete this portal, set the flag and click the 'Update' button. Default portals cannot be deleted.

To apply a new configuration and save setting to non-volatile memory, click 'Update'. 

'VAP Configuration' submenu

In the 'VAP Configuration' submenu, portal can be bound to the virtual Wi-Fi networks of the VAP.

• Radio – number the Wi-Fi interface being configured .

The table assigns a portal to each virtual network by its name.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Authenticated Clients' submenu

In the 'Authenticated Clients' submenu, list of clients that have successfully authenticated on the portal is displayed.

To update information on the page, click 'Refresh'.

• Total Number of Authenticated Clients – number of successfully authorized clients at this point in time;
• MAC Address – client MAC address;
• IP Address – client IP address;
• User Name – username with which the client was authenticated on the portal;
• Protocol Mode – protocol used for the HTTP/HTTPS connection;
• Verify Mode – authorization method on the portal;
• VAP ID – virtual network number;
• Radio ID – radio interface number;
• Captive Portal ID – number of the portal the client is associated with;
• Session Timeout – remaining session lifetime;
• Away Timeout – remaining lifetime of the client authentication record;
• Rx Packets – number of packets received from the client;
• Tx Packets – number of packets sent to the client;
• Rx Bytes – number of UAP bytes received from the user;
• Tx Bytes – number of UAP bytes transmitted by the user.

'Failed Authentication Clients' submenu

The 'Failed Authentication Clients' contains a list of clients with failed authorization on the portal.

To update information on the page, click 'Refresh'.

• MAC Address – client MAC address;
• IP Address – client IP address;
• User Name – username with which the client was authenticated on the portal;
• Verify Mode – authorization method on the portal;
• VAP ID – virtual network number;
• Radio ID – radio interface number;
• Captive Portal ID – number of the portal the client is associated with;
• Failure Time – time the error occurred.

'Client QoS' menu

The 'Client QoS' menu is intended for finer tuning of the QoS of client traffic flows. Client QoS allows configuring the prioritization of individual traffic flows, limiting the bandwidth for each client.

'VAP QoS Parameters' submenu

In the 'VAP QoS Parameters' submenu allows for the global enabling of all Client QoS settings (Class MAP, Policy MAP, Bandwidth Limit) and the assignment of previously generated traffic prioritization rules.

• Client QoS Global Admin Mode – use of Client QoS on the entire access point globally:
  • Enable – enable;
  • Disabled – disable.
• Radio – selection of the radio interface on which Client QoS will be configured;
• VAP – selection of a virtual access point on which Client QoS will be configured;
• Client QoS Mode – use of Client QoS on the selected VAP:
  • Enable – enable;
  • Disabled – disable.
• Bandwidth Limit Down – bandwidth limit from the access point to each client, kbps. The parameter takes values from 0 to 866700 kbps. If 0 is assigned, then the bandwidth limit is not applied. Any non-zero value is rounded up to a multiple of 64 kbps;
• Bandwidth Limit Up – bandwidth limit from each client to the access point, kbps. The parameter takes values from 0 to 866700 kbps. If 0 is assigned, then the bandwidth limit is not applied. Any non-zero value is rounded up to a multiple of 64 kbps;
• DiffServ Policy Down – name of the Policy profile to be applied to traffic sent in the direction from the access point to the client;
• DiffServ Policy Up – name of the Policy profile that should be applied to traffic sent in the direction from the client to the access point;
• VAP Limit Down – bandwidth limit from the access point to clients (in total) connected to this VAP, kbps. The parameter takes values from 0 to 866700 kbps. If 0 is assigned, then the restriction is not applied. Any non-zero value is rounded up to a multiple of 64 kbps;
• VAP Limit Up – bandwidth limit from the clients (in total) to the access point, kbps. The parameter takes values from 0 to 866700 kbps. If 0 is assigned, then the restriction is not applied. Any non-zero value is rounded up to a multiple of 64 kbps.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Class Map' submenu

In the 'Class Map' submenu, traffic classification is configured. Based on the unique features of the packets of a certain traffic flow, the class of belonging of the packets to this flow is formed. In the future, this class will be used for prioritization operations of various flows, united by a common feature.

Class Map Configuration – in the section, a traffic classification profile is created.

• Class Map Name – profile name;
• Match Layer 3 Protocol – protocol by which the classification will take place (IPv4 or IPv6). Depending on the choice of protocol, a different set of fields will be offered, according to which traffic will be classified.

To create a new traffic class, specify the class name in the 'Class Map Name' field and click the 'Add Class Map' button.

Match Criteria Configuration – in this section, criteria for the traffic class are configured.

• Class Map Name – selection of the traffic class for which the attributes of belonging to the class will be configured;
• Match Every – if flag is set, the traffic will be assigned to this class, regardless of the contents of the fields in its header. If the flag is not set, then it is required to specify the values of the required traffic fields that must be associated with this class;
• Protocol – Protocol field value inIPv4 packet;
• Source IP Address – IP address value of the packet sender;
• Source IP Mask – mask indicating the significance of the bits in the IP address, based on which the packet is classified;
• Source IPv6 Prefix Len – length of the sender IPv6 address prefix;
• Destination IP Address – IP address value of the packet recipient;
• Destination IP Mask – mask indicating the significance of the bits in the IP address, based on which the packet is classified;
• Destination IPv6 Prefix Len – length of the recipient IPv6 address prefix;
• Source Port – sender port (Layer 4);
• Destination Port – recipient port (Layer 4);
• EtherType – EtherType field value, indicating the type of protocol used in the packet;
• Class Of Service – CoS field value, indicating the priority of the packet on Layer 2 of the packet;
• Source MAC Address – MAC address value of the packet sender;
• Destination MAC Address – MAC address value of the packet recipient;
• VLAN ID – VLAN field value in the packet;
• IP DSCP – DSCP field value in the IP packet header;
• IP Precedence – Precedence field value in the IP packet header;
• IP TOS Bits – TOS field value in the IP packet header;
• IP TOS Mask – mask indicating the significance of the bits in the TOS field, based on which the packet is classified;
• IPv6 Flow Label – Flow Label field value.

To delete a class, check the box next to 'Delete Class Map' and click the 'Update' button.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Policy Map' submenu

The 'Policy Map' submenu is intended for configuring bandwidth for a traffic stream classified according to a common feature, marking the priority of this traffic class at the Layer 2 and Layer 3 levels (CoS, DSCP, Precedence), as well as for making a decision about passing this traffic or about its blocking.

In this submenu, 'Policy Map' profile is formed, for which the previously created 'Class Map' traffic classifiers are sequentially assigned. For each classifier, the operations to be performed with the given type of traffic are indicated.

Policy Map Configuration – in this section, a new Policy Map profile is being created.

• Policy Map Name – Policy Map name profile.

To add a new profile, enter profile name in the 'Police Map Name' field and click the 'Add Policy Map' button.

Policy Class Definition – in this section, traffic classifiers are configured.

• Policy Map Name – 'Policy Map' profile name, in which further configuration of operations for traffic classifiers will be performed;
• Class Map Name – traffic classifier previously created in the 'Class Map' submenu.

Operations to be performed with this type of traffic:

• Police Simple – simplified configuration in which two parameters are set:
  • Committed Rate – guaranteed transmission rate for this type of traffic;
  • Committed Burst – traffic bursts limitation.
• Send – when the flag is set, all packets of the corresponding traffic flow will be sent if the Class Map criteria are met;
• Drop – when the flag is set, all packets of the corresponding traffic flow will be dropped if the Class Map criteria are met;
• Mark Class Of Service – when the flag is set, all packets of the corresponding traffic flow will be marked with the specified CoS value. The parameter takes a value from 0 to 7;
• Mark IP Dscp – when the flag is set, all packets of the corresponding traffic flow will be marked with the specified IP-DSCP value. The value can be selected from the list or specified;
• Mark IP Precedence – when the flag is set, all packets of the corresponding traffic flow will be marked with the specified IP Precedence value. The parameter takes a value from 0 to 7;
• Disassociate Class Map – set the flag and click the 'Update' button to remove the association of this Class Map and Policy Map;
• Member Classes – list of all Class Maps that are associated with the selected Policy Map. If the class is not associated with a policy, this field is empty;
• Delete Policy Map – set the flag and click the 'Update' button to delete the Policy Map specified in the Policy Map Name.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

'Client Configuration' submenu

In the 'Client Configuration' submenu, current QoS configuration in effect for a specific client connected to the access point can be viewed.

• Station – select the client connected to the access point;
• Global QoS Mode – use of Client QoS on the entire access point globally:
  • Up – enabled;
  • Down – disabled.
• Client QoS Mode – use of Client QoS on the selected VAP:
  • Enable – enabled;
  • Disabled – disabled.
• Bandwidth Limit Up – limiting the traffic bandwidth from each client to the access point, bps;
• Bandwidth Limit Down – limiting the traffic bandwidth from the access point to each client, bps;
• ACL Type Up – type of traffic from the client to the access point, for which the ACL rules will be applied;
• ACL Name Up – name of the ACL profile that should be applied to traffic going from the client to the access point;
• ACL Type Down – type of traffic from the access point to the client for which the ACL rules will be applied;
• ACL Name Down – name of the ACL profile that should be applied to traffic coming from the access point to the client;
• DiffServ Policy Up – name of the Policy profile that should be applied to traffic going from the client to the access point;
• DiffServ Policy Down – name of the Policy profile to be applied to traffic going from the access point to the client. 

'Workgroup Bridge' menu

'Workgroup Bridge' submenu

'Workgroup Bridge' is intended for configuring the device in the wireless client mode using one of the wireless interfaces.

• Workgroup Bridge Mode – enable/disable client mode on the interface:
  • Up – enabled;
  • Down – disabled.
• Radio – select wireless interface on which the client mode is enabled. Radio 1 operates on the 5 GHz band, Radio 2 operates on the 2.4 GHz band;
• WGB ARP-Timeout – ARP table entry lifetime in WGB mode. The parameter takes a value from 1 to 1440 minutes. The default is 5 minutes.

Upstream Interface – configuring interface that will be a wireless client and connect to a third-party access point.

• VLAN ID – VLAN number used on the access point;
• SSID – name of the access point to which the connection is made;
• Roam Threshold – name of the access point to which the connection is made;
• Security – security mode configured on the VAP of the access point to which the connection is made:
  • None – do not use encryption for data transfer. The point is open for access by any client;
  • WPA Personal – connection mode to an access point using the WPA-TKIP or WPA2-AES security mechanism. When this mode is selected, the following settings will be available for editing:

• WPA Versions – version of the security protocol used (WPA-TKIP or WPA2-AES);
• MFP – configuring client frame protection mode:
  • Not Required – do not use protection;
  • Capable – use protection when possible;
  • Required – use of protection is mandatory, all clients must support CCX5.
• Key – key/password required for authorization on the access point;
• WPA Enterprise – access point connection mode using authorization and authentication on an upstream RADIUS server. When this mode is selected, the following settings will be available for editing:

• WPA Versions – version of the security protocol used (WPA-TKIP or WPA2-AES);
• MFP – configuring client frame protection mode:
  • Not Required – do not use protection;
  • Capable – use protection when possible;
  • Required – use of protection is mandatory, all clients must support CCX5.
• EAP Method – selection of the authentication protocol (peap or tls);
• Username – user name used for authorization on the RADIUS server;
• Password – user password used for authorization on the RADIUS server;
• Connection Status – connection status to the access point.

Downstream Interface – configuring the interface that acts as an access point.

• Status – enable/disable the downstream interface:
  • Up – interface is enabled;
  • Down – interface is disabled.
• VLAN ID – VLAN number in which network traffic for this access point will be transmitted;
• SSID – wireless network name;
• Broadcast SSID – enable/disable wireless network broadcasting:
  • On – broadcasting is enabled;
  • Off – broadcasting is disabled.
• Security – broadcasting is enabled:
  • None – do not use encryption for data transfer. The point is open for access by any client;
  • WPA Personal – connection mode to an access point using the WPA-TKIP or WPA2-AES security mechanism. When this mode is selected, the following settings will be available for editing:

• WPA Versions – version of the security protocol used (WPA-TKIP or WPA2-AES).

If WPA-TKIP is selected, the following fields will be available for configuration:

• • Key – key/password required for authorization on the access point;
  • Broadcast Key Refresh Rate – group key update time interval. The parameter takes values from 0 to 86400.

If WPA2-AES is selected, the following fields will be available for configuration:

• • Key – key/password required for authorization on the access point;
  • Broadcast Key Refresh Rate – group key update time interval. The parameter takes values from 0 to 86400;
  • MFP – configuring client frame protection mode:
    • Not Required – do not use protection;
    • Capable – use protection when possible;
    • Required – use of protection is mandatory, all clients must support CCX5.

MAC Auth Type – user authentication mode based on their MAC address:

• • Disabled – do not use user authentication by MAC address;
  • RADIUS – use user authentication by MAC address using RADIUS server;
  • Local – use user authentication by MAC address using the local address list generated on this access point.

To apply a new configuration and save setting to non-volatile memory, click 'Update'.

To update information on the page, click 'Refresh'.

'Workgroup Bridge Transmit/Receive' submenu

'Workgroup Bridge Transmit/Receive' provides statistics on transmitted/received traffic on interfaces formed in the Work Group Bridge mode.

To update information on the page, click 'Refresh'.

• Interface – interface name;
• Status – interface operation status;
• VLAN  ID – VLAN number assigned to the interface;
• Name (SSID) – name of the wireless network configured for the interface.

'Transmit' section provides statistics on the transmitted traffic.

'Receive' provides statistics on the received traffic.

• Interface – interface name;
• Total  packets – total number of transmitted/received packets;
• Total  bytes – total number of bytes sent/received.

Managing the device using the command line 

This section describes various ways to connect to the command line interface (CLI) of an access point, as well as the basic commands for managing the device through the CLI.

There are three methods available for connecting to an access point.

• Serial port or COM port;
• Telnet, insecure connection;
• SSH, secure connection.

Connecting to CLI via COM port

To use this type of connection, the personal computer must either have a built-in COM port or must be supplied with a USB-to-COM adapter cable. A terminal program must also be installed on the computer, for example, Hyperterminal, PuTTY, SecureCRT.

The access point (Console port) connects directly to the computer using a console cable. For access to the device console a terminal program is used.

RJ45-DB9 console cable is required (not supplied with the device) to connect to the access point via COM port.

RJ45-DB9 console cable pinout 

The example is shown in the following figure:

Step 1. Using a console cable, connect the CONSOLE port of the access point to the computer's COM port. The console cable may require drivers depending on your computer's operating system.

Step 2. Launch terminal program and create new connection. In the 'Connect via' drop-down list, select the preferred COM port. The COM port (port number) is determined by the device manager, for example, COM4. Set the port parameters according to Table 6. Click the OK button.

Table 6 – COM port parameters

Step 3. Click the 'Connection' button. Log in to the device's CLI.

Default login information:

• User name: admin;
• Password: password.

Connecting via Telnet

Telnet connection is more versatile than COM port connection. The disadvantage of such a connection, compared to COM port connection, is that there are no access point initialization messages. Connection to the CLI can be made both directly at the installation site of the device, and from a remote workstation via IP network.
To connect to an access point, a personal computer must have a network card. Additionally, a network cable (Patching Cord RJ-45) is required (not supplied with the device).
To connect via Telnet, programs such as PuTTY, HyperTerminal, SecureCRT can be used. 

Step 1. Connect the network cable from the PoE port of the injector to the Ethernet port of the access point (for WEP-2ac, this is GE (PoE) port), and the network cable from the Data port of the injector to the network card of the computer.

Step 2. Start, for example, PuTTY. Specify IP address of the access node. Figure 10 shows 192.168.10.10 as an example.

• Access point IP address, by default – 192.168.1.10;
• Port, by default – 23;
• Connection type – Telnet.

Click the 'Open' button.

Figure 10 – Telnet client startup

Step 3. Log in to the access point CLI.

Default login information:

• login: admin;
• password: password.

Connecting via Secure Shell

Secure Shell (SSH) connection is similar in functionality to a Telnet connection. Unlike Telnet, Secure Shell encrypts all traffic, including passwords. This ensures secure remote connections over public IP networks.
To connect to an access node, a personal computer must have a network card. SSH client program must be installed on the computer, for example, PuTTY , HyperTerminal, SecureCRT. Additionally, a network cable (Patching Cord RJ-45) is required (not supplied with the device).

Step 1. Connect the network cable from the PoE port of the injector to the Ethernet port of the access point (for WEP-2ac, this is GE (PoE) port), and the network cable from the Data port of the injector to the network card of the computer.

Step 2. Start, for example, PuTTY. Specify IP address of the access node. Figure 11 shows 192.168.10.10 as an example.

• Access point IP address, by default – 192.168.1.10;
• Port, by default – 22;
• Connection type – SSH.

Click the 'Open' button.

Figure 11 – SSH client startup

Step 3. Log in to the access point CLI.

Default login information:

• login: admin;
• password: password.

Getting started in the access point CLI

In addition to the web configurator, CLI provides an alternative method for specialists to interact with a device. The following section outlines general guidelines for working in the CLI.
The access point configuration is represented by a set of classes (command continuation) and objects (command start). The access point console provides access to the use of such objects:

• get
• set
• add
• remove

Command line rules

To simplify the use of the command line, the interface supports automatic completion of commands. This function is activated when an incomplete command is typed and the <Tab> key is pressed.

Another feature to help using the command line is context help. At any stage of entering a command, a hint about the next elements of the command can be obtained by pressing the <Tab> key twice.

For convenience of using the command line, support for hot keys has been implemented. The list of hot keys is presented in Table 7.

Table 7 – Description of CLI command line hotkeys

Interface notations

This section describes the interface naming used when configuring the device.

To obtain the description in the CLI, execute the get interface all description command. For more detailed information about all interfaces, use the get interface all command. The interfaces are described in Table 8.

Table 8 – Interface notations

Saving configuration changes

There are several instances of configurations in the system:

 – Factory configuration. The configuration includes default settings. To return to the factory configuration, use the factory-reset command or the 'F' function button on the device case. To do this, hold the 'F' button until the 'Power' indicator starts flashing.

 – Boot configuration. The boot configuration stores settings that will be used the next time the access point boots (for example, after a reboot). To save the changes made in the CLI to the boot configuration, execute the save-running or set config startup running command – the current configuration will be copied to the boot configuration;

– Current configuration. The access point configuration that is currently applied. When using the get, set, add, remove commands, only the current configuration is viewed and changed. If the changes are not saved, they will be lost after rebooting the access point.

CLI commands description

The get command

The get  command allows viewing the set field values in classes. Classes are divided into classes without a name (unnamed-class) and with a name (named-class).

Syntax

Example

1. An example of using the 'get' command in a class without a name with one set of values:

The access point has only one set of options for log files, this command displays information about the options of log files.

2. Example of using the 'get' command in a class without a name with multiple values:

The file stores a continuous sequence of logs without being split into files. The command displays the entire sequence of data contained in the log file. 

3. Example of using the 'get' command in a class with a name with multiple values:

There is a set of bss class values that are typed in this command. This command displays information about set of basic services called wlan1bssvap3.

4. Example of using the 'get' command in a class with a name to get all values:

The set command

The set command sets the values of fields in classes.

Syntax

Example

Example of configuring SSID, parameters of Radio interface, and setting a static IP address:

The add command

The add command adds a new subclass or a group of subclasses containing a specific set of values to simplify hardware configuration.

Syntax

Example

Example of configuring basic channel rate on Radio interface:

The remove command

The remove command removes the created subclasses.

Syntax

Example

Example of deleting basic channel rate settings on Radio interface:

Additional commands

The access point command line interface also includes the following commands, listed in Table 9.

Table 9 – Additional commands

Configuring an access point via the CLI

This section provides an example of configuring the WEP-2ac access point using the command line interface.
After connecting to an access point (as described in the Managing the device using the command line section), it is required to configure network parameters if they have not been configured before.

Configuring network parameters

Configuring wireless interfaces

By default, radio interfaces use automatic selection of the operating channel. To manually set the channel or change the power, use the following commands:

Additional settings for wireless interfaces

Virtual Wi-Fi access points (VAP) configuration

Configuring VAP without encryption 

Configuring VAP with WPA-Personal security mode

Configuring VAP with Enterprise authorization

Configuring Global RADIUS parameters

Configuring RADIUS server for a specific VAP

Example of configuring RADIUS server parameters for VAP0 Radio1 (5 GHz):

Configuring VAP with portal authorization

To configure VAP with portal authorization:

1. Create VAP without encryption (described in detail in the  Configuring VAP without encryption section);
2. Configure portal on the access point;
3. Assign portal to the previously configured VAP.

Configuring portal

To configure Captive Portal for VAP0 on Radio 1, make changes to the previously created portal template – cp-instance wlan0bssvap0. To configure a portal, for example, for VAP12 on Radio 2, edit portal template under the wlan1bssvap12 name.

Example of configuring portal for VAP0 on Radio 1.

Binding portal to VAP

By default, a portal with the name of a particular VAP is associated with a given VAP, but it is possible to associate a portal with multiple VAPs. Below is an example of binding a wlan0bssvap0 portal to VAP3 on Radio 2.

It is also possible to bind the portal to two VAPs of the same name located on all radio interfaces of the access point.

Advanced VAP settings

Configuring Cluster

Configuring WDS

Example of WDS configuration on Radio 1 (5 GHz).

Before configuring WDS on access points, it is required to turn off the Cluster, configure the radio interface and VAP.

8 WDS connections can be configured on the access point in total. WDS interfaces on the point are named as follows: wlan0wdsX, where X is a number from 0 to 7.
Below is an example of configuring WDS without encryption and with the wpa-personal encryption type on the wlan0wds0 interface.

Configuring WGB

Example of WGB configuration on Radio 1 (5 GHz).

Before configuring WGB on access points, it is required to turn off the Cluster, configure the radio interface and VAP.

After preliminary configuration, it is necessary to configure parameters of the 'Upstream Interface' – an interface for connecting to an access point in client mode. Below are examples of the 'Upstream Interface' WGB configuration with different types of encryption.

Configuring Upstream Interface

If necessary, the 'Downstream Interface' interface can be configured, which acts as an access point for client devices connection.

Configuring Downstream Interface

Configuring WGB-ARP-Timeout

System settings

Firmware update

To update the firmware via TFTP protocol, upload the WEP-2ac-1.22.XXtar.gz firmware file to the TFTP server and run the following command:

To update the firmware via HTTP, upload the WEP-2ac-1.22.XXtar.gz firmware file to the HTTP server and run the following commands:

Device configuration management

Device reboot

Configuring authentication mode

Configuring date and time

Configuring sending of SNMP traps

Configuring APB

Monitoring

Wi-Fi clients

Property               Value                                                                                                                                                                                       
--------------------------------------------------                                                                                                                                                                 
interface              wlan0vap1                                                                                                                                                                                   
station                62:3b:f9:4d:ac:27                                                                                                                                                                           
authenticated          Yes                                                                                                                                                                                         
associated             Yes                                                                                                                                                                                         
authorized             Yes                                                                                                                                                                                         
ip-address             10.24.80.74                                                                                                                                                                                 
hostname               HUAWEI_P40_Pro-81afe9c34a                                                                                                                                                                   
fw-version                                                                                                                                                                                                         
board-type                                                                                                                                                                                                         
rx-packets             318                                                                                                                                                                                         
tx-packets             293                                                                                                                                                                                         
rx-bytes               64360                                                                                                                                                                                       
tx-bytes               158746                                                                                                                                                                                      
tx-rate                156                                                                                                                                                                                         
rx-rate                156                                                                                                                                                                                         
tx-actual-rate         0                                                                                                                                                                                           
rx-actual-rate         0                                                                                                                                                                                           
tx-modulation          VHT  LDPC  MCS8  NSS2 20MHz                                                                                                                                                                 
rx-modulation          VHT  LDPC  MCS8  NSS2 20MHz                                                                                                                                                                 
listen-interval        10                                                                                                                                                                                          
last-rssi              -48                                                                                                                                                                                         
last-snr               44 dB                                                                                                                                                                                       
noise                  -92 dBm                                                                                                                                                                                     
tx-link-quality        100%                                                                                                                                                                                        
tx-rate-quality        100%                                                                                                                                                                                        
tx-link-capacity       100% (not changed)                                                                                                                                                                          
tx-drop-bytes          0                                                                                                                                                                                           
rx-drop-bytes          0                                                                                                                                                                                           
tx-drop-packets        0                                                                                                                                                                                           
rx-drop-packets        0                                                                                                                                                                                           
client-qos-enabled     Disabled                                                                                                                                                                                    
bw-limit-up            0                                                                                                                                                                                           
bw-limit-down          0                                                                                                                                                                                           
acl-type-up            None                                                                                                                                                                                        
acl-up                                                                                                                                                                                                             
acl-type-down          None                                                                                                                                                                                        
acl-down                                                                                                                                                                                                           
policy-up                                                                                                                                                                                                          
policy-down                                                                                                                                                                                                        
ts-violate-rx-packets                                                                                                                                                                                              
ts-violate-tx-packets                                                                                                                                                                                              
uptime                 00:00:00                                                                                                                                                                                    
identity               tutu                                                                                                                                                                                        
domain                 enterprise.service.root                                                                                                                                                                     
supported-channels     36-64,132-140,149-165                                                                                                                                                                       
using-802.11r          No                                                                                                                                                                                          
using-802.11k          No                                                                                                                                                                                          
mode                   802.11ac                                                                                                                                                                                    
aid                    1                                                                                                                                                                                           
ps-mode                0                                                                                                                                                                                           
vlan-id                10                                                                                                                                                                                          
auth-mode              WPA2                                                                                                                                                                                        
encryption             AES-CCMP                                                                                                                                                                                    
eltex-serial-number                                                                                                                                                                                                
assoc-duration         0.001337                                                                                                                                                                                    
auth-duration          2.525727                                                                                                                                                                                    
dhcp-start-duration    0.000000                                                                                                                                                                                    
dhcp-end-duration      0.019971                                                                                                                                                                                    
count-dhcp-dis         0                                                                                                                                                                                           
count-dhcp-off         0                                                                                                                                                                                           
count-dhcp-req         1                                                                                                                                                                                           
count-dhcp-ack         1                                                                                                                                                                                           

Device information

Property                                 Value                                                                                                                                                                     
---------------------------------------------------------------------                                                                                                                                              
username                                 admin                                                                                                                                                                     
model                                    Eltex WEP-2ac                                                                                                                                                             
version                                  1.22.X.X                                                                                                                                                                  
altversion                               1.22.X.X                                                                                                                                                                  
build-year                               2021                                                                                                                                                                      
build-date                               2021.03.18 13:42 +07                                                                                                                                                      
loader-version                           1.22.X.X                                                                                                                                                                  
platform                                 bcm947452acnrm                                                                                                                                                            
uptime                                   0 days, 0 hours, 5 minutes                                                                                                                                                
system-time                              Tue Apr 27 2021 06:02:52 MST                                                                                                                                              
time-zone                                Russia (Moscow)                                                                                                                                                           
enable-dst                               off                                                                                                                                                                       
dst-start                                March.Second.Sunday/02:00                                                                                                                                                 
dst-end                                  November.First.Sunday/02:00                                                                                                                                               
dst-offset                               60                                                                                                                                                                        
country                                  RU                                                                                                                                                                        
country-mode                             on                                                                                                                                                                        
full-isolation                           on                                                                                                                                                                        
tunneling-over-wds                       off                                                                                                                                                                       
force-allow-eth                          off                                                                                                                                                                       
power-source                                                                                                                                                                                                       
nmode-supported                          Y                                                                                                                                                                         
forty-mhz-supported-g                    Y                                                                                                                                                                         
forty-mhz-supported-a                    Y                                                                                                                                                                         
eighty-mhz-supported-a                   Y                                                                                                                                                                         
base-mac                                 e8:28:c1:c1:27:60                                                                                                                                                         
base-mac-status                          on                                                                                                                                                                        
serial-number                            WP12034181                                                                                                                                                                
country-code-is-configurable             on                                                                                                                                                                        
system-name                                                                                                                                                                                                        
system-contact                           admin@example.com                                                                                                                                                         
system-location                          Default                                                                                                                                                                   
band-plan                                                                                                                                                                                                          
lastboot                                 success                                                                                                                                                                   
wpa-personal-key-min-complexity-support  off                                                                                                                                                                       
wpa-personal-key-min-character-class     3                                                                                                                                                                         
wpa-personal-key-min-length              8                                                                                                                                                                         
wpa-personal-key-max-length              63                                                                                                                                                                        
wpa-personal-key-different-from-current  no                                                                                                                                                                        
password-min-complexity-support          off                                                                                                                                                                       
password-min-character-class             3                                                                                                                                                                         
password-min-length                      8                                                                                                                                                                         
password-max-length                      64                                                                                                                                                                        
password-aging-support                   off                                                                                                                                                                       
password-aging-time                      180                                                                                                                                                                       
password-different-from-current          yes                                  

Network information

Property                    Value                                                                                                                                                                                  
---------------------------------------------                                                                                                                                                                      
vlan-id                     1                                                                                                                                                                                      
mtu                         1500                                                                                                                                                                                   
interface                   brtrunk                                                                                                                                                                                
tunnel-ip                                                                                                                                                                                                          
static-ip                   192.168.1.10                                                                                                                                                                           
static-mask                 255.255.255.0                                                                                                                                                                          
ip                          100.110.0.242                                                                                                                                                                          
mask                        255.255.254.0                                                                                                                                                                          
mac                         E8:28:C1:C1:27:60                                                                                                                                                                      
ap-location                 eltex.root                                                                                                                                                                             
dhcp-status                 up                                                                                                                                                                                     
static-ipv6                 ::                                                                                                                                                                                     
static-ipv6-mask                                                                                                                                                                                                   
ipv6                                                                                                                                                                                                               
ipv6-mask                                                                                                                                                                                                          
sw-ratelimit-enable         up                                                                                                                                                                                     
sw-ratelimit-timer          100                                                                                                                                                                                    
ucast-prom-ratelimit        150000                                                                                                                                                                                 
ucast-sw-ratelimit-mode     auto                                                                                                                                                                                   
ucast-sw-ratelimit          120000                                                                                                                                                                                 
ucast-sw-gre-ratelimit      10500                                                                                                                                                                                  
mcast-sw-ratelimit          10000                                                                                                                                                                                  
bcast-sw-ratelimit          1000                                                                                                                                                                                   
arp-req-sw-ratelimit        500                                                                                                                                                                                    
vlan-lock                   up                                                                                                                                                                                     
ipv6-status                 down                                                                                                                                                                                   
ipv6-autoconfig-status      down                                                                                                                                                                                   
static-ipv6                 ::                                                                                                                                                                                     
static-ipv6-prefix-length   0                                                                                                                                                                                      
static-ipv6-addr-status                                                                                                                                                                                            
dhcp6-status                up                                                                                                                                                                                     
autoconfig-link-local                                                                                                                                                                                              
autoconfig-ipv6-global-all                                                                                                                                                                                         

Property     Value                                                                                                                                                                                                 
------------------------                                                                                                                                                                                           
destination  0.0.0.0                                                                                                                                                                                               
mask         0.0.0.0                                                                                                                                                                                               
gateway      100.110.0.1                                                                                                                                                                                           
table        254  

Property                 Value                                                                                                                                                                                     
------------------------------------------                                                                                                                                                                         
status                   up                                                                                                                                                                                        
server                   100.110.1.253                                                                                                                                                                             
alternative-server       100.110.0.22                                                                                                                                                                              
alternative-server2      0.ru.pool.ntp.org                                                                                                                                                                         
dhcp_server              100.110.1.252                                                                                                                                                                             
dhcp_alt_server                                                                                                                                                                                                    
dhcp_alt_server2                                                                                                                                                                                                   
manual-daily-drift-secs  0 

Wireless interfaces

Property                        Value                                                                                                                                                                              
-------------------------------------------------------                                                                                                                                                            
status                          up                                                                                                                                                                                 
description                     IEEE 802.11a                                                                                                                                                                       
static-mac                                                                                                                                                                                                         
channel-policy                  best                                                                                                                                                                               
channel-update                  1440                                                                                                                                                                               
mode                            a-n-ac                                                                                                                                                                             
tpc                             off                                                                                                                                                                                
scb-timeout                     120                                                                                                                                                                                
atf                             on                                                                                                                                                                                 
ampdu_atf_us                    4000                                                                                                                                                                               
ampdu_atf_min_us                1000                                                                                                                                                                               
dot11h                          off                                                                                                                                                                                
dot11d                          up                                                                                                                                                                                 
static-channel                  36                                                                                                                                                                                 
channel                         56                                                                                                                                                                                 
tx-power-dbm                    19                                                                                                                                                                                 
tx-power-dbm-max                19                                                                                                                                                                                 
tx-power-dbm-min                1                                                                                                                                                                                  
tx-power-output                 0.00                                                                                                                                                                               
tx-chain                        3                                                                                                                                                                                  
beacon-interval                 100                                                                                                                                                                                
rts-threshold                   2347                                                                                                                                                                               
fragmentation-threshold         2346                                                                                                                                                                               
arp-suppression                 on                                                                                                                                                                                 
ap-detection                    on                                                                                                                                                                                 
limit-channels                  36 40 44 48 52 56 60 64                                                                                                                                                            
operational-bandwidth           20                                                                                                                                                                                 
n-bandwidth                     20                                                                                                                                                                                 
n-primary-channel               lower                                                                                                                                                                              
protection                      auto                                                                                                                                                                               
edca-template                   custom                                                                                                                                                                             
short-guard-interval-supported  no                                                                                                                                                                                 
stbc-mode                       auto                                                                                                                                                                               
ldpc-mode                       auto                                                                                                                                                                               
dhcp-snooping-mode              ignore                                                                                                                                                                             
dhcp-option-82-string                                                                                                                                                                                              
coex-mode                       on                                                                                                                                                                                 
vlan-list                                                                                                                                                                                                          
wme                             on                                                                                                                                                                                 
wme-noack                       off                                                                                                                                                                                
wme-apsd                        on                                                                                                                                                                                 
rate-limit-enable               off                                                                                                                                                                                
rate-limit                      50                                                                                                                                                                                 
rate-limit-burst                75                                                                                                                                                                                 
stp-block-enable                on                                                                                                                                                                                 
wlan-util                       8                                                                                                                                                                                  
num-stations                    0                                                                                                                                                                                  
wds-status                      down                                                                                                                                                                               
fixed-multicast-rate            auto                                                                                                                                                                               
fixed-tx-modulation             auto                                                                                                                                                                               
max-stations                    200                                                                                                                                                                                
dtim-period                     2                                                                                                                                                                                  
reinit-period                   0                                                                                                                                                                                  
scheduler-profile-name                                                                                                                                                                                             
operational-mode                up                                                                                                                                                                                 
scheduler-operational-mode                                                                                                                                                                                         
vht-mode                        on                                                                                                                                                                                 
vht-features                    off                                                                                                                                                                                
rsdb-mode                                                                                                                                                                                                          
frame-burst                     off                                                                                                                                                                                
spectrum-analyser-start                                                                                                                                                                                            
spectrum-analyser-status        Not ready                                                                                                                                                                          
spectrum-analyser-results       Not ready                                                                                                                                                                          
rrm-block-tpc                                                                                                                                                                                                      
rrm-block-dca                                                                                                                                                                                                      
ampdu                           up                                                                                                                                                                                 
amsdu                           up                                                                                                                                                                                 
olpc-cal-period                 300                                                                                                                                                                                
olpc-channel                    yes          

Property                        Value                                                                                                                                                                              
--------------------------------------------                                                                                                                                                                       
status                          up                                                                                                                                                                                 
description                     IEEE 802.11g                                                                                                                                                                       
static-mac                                                                                                                                                                                                         
channel-policy                  best                                                                                                                                                                               
channel-update                  1440                                                                                                                                                                               
mode                            bg-n                                                                                                                                                                               
tpc                             off                                                                                                                                                                                
scb-timeout                     120                                                                                                                                                                                
atf                             on                                                                                                                                                                                 
ampdu_atf_us                    4000                                                                                                                                                                               
ampdu_atf_min_us                1000                                                                                                                                                                               
dot11h                          off                                                                                                                                                                                
dot11d                          up                                                                                                                                                                                 
static-channel                  6                                                                                                                                                                                  
channel                         11                                                                                                                                                                                 
tx-power-dbm                    16                                                                                                                                                                                 
tx-power-dbm-max                16                                                                                                                                                                                 
tx-power-dbm-min                5                                                                                                                                                                                  
tx-power-output                 15.25                                                                                                                                                                              
tx-chain                        3                                                                                                                                                                                  
beacon-interval                 100                                                                                                                                                                                
rts-threshold                   1025                                                                                                                                                                               
fragmentation-threshold         1024                                                                                                                                                                               
arp-suppression                 on                                                                                                                                                                                 
ap-detection                    on                                                                                                                                                                                 
limit-channels                  1 6 11                                                                                                                                                                             
operational-bandwidth           20                                                                                                                                                                                 
n-bandwidth                     20                                                                                                                                                                                 
n-primary-channel               lower                                                                                                                                                                              
protection                      auto                                                                                                                                                                               
edca-template                   custom                                                                                                                                                                             
short-guard-interval-supported  no                                                                                                                                                                                 
stbc-mode                       auto                                                                                                                                                                               
ldpc-mode                       auto                                                                                                                                                                               
dhcp-snooping-mode              ignore                                                                                                                                                                             
dhcp-option-82-string                                                                                                                                                                                              
coex-mode                       on                                                                                                                                                                                 
vlan-list                                                                                                                                                                                                          
wme                             on                                                                                                                                                                                 
wme-noack                       off                                                                                                                                                                                
wme-apsd                        on                                                                                                                                                                                 
rate-limit-enable               off                                                                                                                                                                                
rate-limit                      50                                                                                                                                                                                 
rate-limit-burst                75                                                                                                                                                                                 
stp-block-enable                on                                                                                                                                                                                 
wlan-util                       88                                                                                                                                                                                 
num-stations                    0                                                                                                                                                                                  
wds-status                      down                                                                                                                                                                               
fixed-multicast-rate            auto                                                                                                                                                                               
fixed-tx-modulation             auto                                                                                                                                                                               
max-stations                    200                                                                                                                                                                                
dtim-period                     2                                                                                                                                                                                  
reinit-period                   0                                                                                                                                                                                  
scheduler-profile-name                                                                                                                                                                                             
operational-mode                up                                                                                                                                                                                 
scheduler-operational-mode                                                                                                                                                                                         
vht-mode                                                                                                                                                                                                           
vht-features                    off                                                                                                                                                                                
rsdb-mode                                                                                                                                                                                                          
frame-burst                     off                                                                                                                                                                                
spectrum-analyser-start                                                                                                                                                                                            
spectrum-analyser-status        Not ready                                                                                                                                                                          
spectrum-analyser-results       Not ready                                                                                                                                                                          
rrm-block-tpc                                                                                                                                                                                                      
rrm-block-dca                                                                                                                                                                                                      
ampdu                           up                                                                                                                                                                                 
amsdu                           down                                                                                                                                                                               
olpc-cal-period                 300                                                                                                                                                                                
olpc-channel                    no                                                                                                                                                                                 

WDS

Property                Value
-------------------------------------------------------------
type                    wds
status                  up
description             Wireless Distribution System - Link 1
mac                     E8:28:C1:C1:27:60
ip                      
mask                    
static-ip               
static-mask             
rx-bytes                8235818
rx-packets              38800
rx-errors               0
tx-bytes                172159433
tx-packets              263429
tx-errors               0
tx-drop-bytes           0
rx-drop-bytes           0
tx-drop-packets         0
rx-drop-packets         0
ts-vo-rx-packets        0
ts-vo-tx-packets        0
ts-vo-rx-bytes          0
ts-vo-tx-bytes          0
ts-vi-rx-packets        0
ts-vi-tx-packets        0
ts-vi-rx-bytes          0
ts-vi-tx-bytes          0
ts-be-rx-packets        0
ts-be-tx-packets        0
ts-be-rx-bytes          0
ts-be-tx-bytes          0
ts-bk-rx-packets        0
ts-bk-tx-packets        0
ts-bk-rx-bytes          0
ts-bk-tx-bytes          0
priority                128
port-isolation          
auto-negotiation        
speed                   
duplex                  
link-status             
link-uptime             
intf-speed              
duplex-mode             
green-ethernet-mode     
ssid                    
bss                     
security                
wep-key-ascii           no
wep-key-length          104
wep-default-key         
wep-key-mapping-length  
vlan-interface          
vlan-id                 
radio                   wlan0
remote-mac              A8:F9:4B:B7:8B:C0
remote-rssi             -16
wep-key                 
operational-status      up
wds-link-uptime         00:00:46
wds-ssid                WDS
wds-security-policy     wpa-personal
wds-wpa-psk-key         12345678

WGB

Property       Value
--------------------
wgbridge-mode  up
radio          wlan0
debug          

Property           Value
-----------------------------------------------------
ssid               AP-ssid
security           wpa-personal
wep-key-ascii      no
wep-key-length     104
wep-default-key    1
wpa-allowed        off
wpa2-allowed       on
upstream-bssid     
vlan-id            1
connection-status  Associated to AP a8:f9:4b:b7:8b:c0
rx-bytes           8337952
rx-packets         50212
rx-errors          0
tx-bytes           306207
tx-packets         913
tx-errors          0
iface              wlan0upstrm
eap-user           
eap-method         peap
debug              
cert-present       no
cert-exp-date      Not Present
mfp                mfp-not-reqd
roam-threshold     -75
roam-delta         10

Property                    Value
----------------------------------------
ssid                        Client-ssid
security                    wpa-personal
wep-key-ascii               no
wep-key-length              104
wep-default-key             1
wep-key-mapping-length      
status                      up
ignore-broadcast-ssid       off
open-system-authentication  on
shared-key-authentication   off
wpa-cipher-tkip             on
wpa-cipher-ccmp             on
wpa-allowed                 on
wpa2-allowed                on
broadcast-key-refresh-rate  0
vlan-id                     1
rx-bytes                    6522
rx-packets                  40
rx-errors                   0
tx-bytes                    8439
tx-packets                  34
tx-errors                   0
iface                       wlan0dwstrm
mfp                         mfp-not-reqd

Cluster

Property            Value                                                                                                                                                                                          
---------------------------------                                                                                                                                                                                  
clustered           1                                                                                                                                                                                              
location            floor-2                                                                                                                                                                                        
cluster-name        test                                                                                                                                                                                           
ipversion           ipv4                                                                                                                                                                                           
member-count        2                                                                                                                                                                                              
clustering-allowed  true                                                                                                                                                                                           
compat              WEP-2ac                                                                                                                                                                                        
operational-mode    1                                                                                                                                                                                              
cluster-ipaddr      192.168.0.222                                                                                                                                                                                  
priority            255                                                                                                                                                                                            
reauth-timeout      300                                                                                                                                                                                            
secure-mode         1                                                                                                                                                                                              
pass-set            1                                                                                                                                                                                              
secure-mode-status  Enabled                                                                                                                                                                                        
trace-debug         0                   

Property            Value                                                                                                                                                                                          
-------------------------------------                                                                                                                                                                              
mac                 A8:F9:4B:B7:8B:C0                                                                                                                                                                              
ip                  192.168.0.58                                                                                                                                                                                   
compat              WEP-2ac                                                                                                                                                                                        
location            floor-1                                                                                                                                                                                        
uptime              120                                                                                                                                                                                            
is-dominant         true                                                                                                                                                                                           
priority            0                                                                                                                                                                                              
firmware-version    1.22.X.X                                                                                                                                                                                     
cluster-controller  no                                                                                                                                                                                             
                                                                                                                                                                                                                   
Property            Value                                                                                                                                                                                          
-------------------------------------                                                                                                                                                                              
mac                 E8:28:C1:C1:27:60                                                                                                                                                                              
ip                  192.168.0.135                                                                                                                                                                                  
compat              WEP-2ac                                                                                                                                                                                        
location            floor-2                                                                                                                                                                                        
uptime              124                                                                                                                                                                                            
is-dominant         false                                                                                                                                                                                          
priority            255                                                                                                                                                                                            
firmware-version    1.22.X.X                                                                                                                                                                                       
cluster-controller  yes  

Property         Value                                                                                                                                                                                             
-----------------------------------------------------------                                                                                                                                                        
upgrade                                                                                                                                                                                                            
upgrade-url      tftp://192.168.1.7/WEP-2ac-1.22.X.X.tar.gz                                                                                                                                                        
upgrade-method   selective                                                                                                                                                                                         
upgrade-status   Completed                                                                                                                                                                                         
                                                                                                                                                                                                                   
upgrade-members  192.168.0.58

ip             mac                fw-download-status                                                                                                                                                               
----------------------------------------------------                                                                                                                                                               
192.168.0.58   A8:F9:4B:B7:8B:C0  Success                                                                                                                                                                          
192.168.0.135  E8:28:C1:C1:27:60  None    

Event log

Property  Value                                                                                                                                                                                                    
--------------------------------------------------------------------------                                                                                              
number    1                                                                                                                                                                                                        
priority  debug                                                                                                                                                                                                    
time      Apr 27 2021 05:32:50                                                                                                                                                                                     
daemon    hostapd[17753]                                                                                                                                                                                           
message   Station 62:3b:f9:4d:ac:27 associated, time = 0.001337                                                                                                                                                    
                                                                                                                                                                                                                   
Property  Value                                                                                                                                                                                                    
-------------------------------------------------------------------------                                                                                              
number    2                                                                                                                                                                                                        
priority  debug                                                                                                                                                                                                    
time      Apr 27 2021 05:32:50                                                                                                                                                                                     
daemon    hostapd[17753]                                                                                                                                                                                           
message   station: 62:3b:f9:4d:ac:27 associated rssi -49(-49)                                                                                                                                                      
                                                                                                                                                                                                                   
Property  Value                                                                                                                                                                                                   
--------------------------------------------------------------------------                                                                                              
number    3                                                                                                                                                                                                        
priority  info                                                                                                                                                                                                     
time      Apr 27 2021 05:32:50                                                                                                                                                                                     
daemon    hostapd[17753]                                                                                                                                                                                           
message   STA 62:3b:f9:4d:ac:27 associated with BSSID e8:28:c1:c1:27:61                                                                                                                                            
                                                                                                                                                                                                                   
Property  Value                                                                                                                                                                                                    
--------------------------------------------------------------------------
number    4                                                                                                                                                                                                        
priority  info                                                                                                                                                                                                     
time      Apr 27 2021 05:32:50                                                                                                                                                                                     
daemon    hostapd[17753]                                                                                                                                                                                           
message   Assoc request from 62:3b:f9:4d:ac:27 BSSID e8:28:c1:c1:27:61 SSID Test_Enterprise                                                                                                                                                                                                                                                       

Environment scan

Environment scan provides information about all wireless access points that the device detects around itself.

mac                type  privacy  ssid                channel  signal                                                                                                                                              
---------------------------------------------------------------------                                                                                                                                              
e0:d9:e3:50:71:e0  AP    On       i-OTT-ent-06        56       -61                                                                                                                                                 
e0:d9:e3:50:71:e1  AP    Off      i-OTT-06-portal     56       -61                                                                                                                                                 
e8:28:c1:d7:3c:24  AP    Off      i-200               11       -45                                                                                                                                                 
a8:f9:4b:17:02:20  AP    Off      (Non Broadcasting)  11       -56                                                                                                                                                 
e8:28:c1:cf:d9:14  AP    On       RT-WiFi-5278        11       -61                                                                                                                                                 
e0:d9:e3:8a:38:50  AP    Off      GPB_Free            11       -53  

Spectrum analyzer

Spectrum analyzer provides information on channel congestion in the 2.4 and 5 GHz bands. Spectrum analyzer scans the channels specified in the limit-channels parameter in the radio interface settings. The result is displayed as a percentage.

Property                   Value                                                                                                                                                                                   
-------------------------------------------------------
name                       wlan0                                                                                                                                                                                   
spectrum-analyser-results                                                                                                                                                                                          
  36:     52  | ***********                                                                                                                                                                                        
  40:     52  | ***********                                                                                                                                                                                        
  44:     15  | ****                                                                                                                                                                                               
  48:     13  | ***                                                                                                                                                                                                
  52:      9  | **                                                                                                                                                                                                 
  56:      4  | *                                                                                                                                                                                                  
  60:      5  | **                                                                                                                                                                                                 
  64:     10  | ***                                                                                                                                                                                                
Optimal 20MHz channel: 56                                                                                                                                                                                          
Optimal 40MHz channel: 52l                                                                                                                                                                                         
Optimal 80MHz channel: 56/80                                                                                                                                                                                       
                                                                                                                                                                                                                                                                                                                                                                                                                                    
Property                   Value                                                                                                                                                                                   
--------------------------------------------------------
name                       wlan1                                                                                                                                                                                   
spectrum-analyser-results                                                                                                                                                                                          
   1:     92  | *******************                                                                                                                                                                                
   6:     84  | *****************                                                                                                                                                                                  
  11:     88  | ******************                                                                                                                                                                                 
Optimal 20MHz channel: 11 

Appendix. List of the main classes and subclasses of the commands