Introduction

Annotation

Modern tendencies of telecommunication development necessitate operators to search for the most optimal technologies, allowing to satisfy rapidly growing needs of subscribers, maintaining at the same time consistency of business processes, development flexibility and reduction of costs of various services provision. Wireless technologies are spinning up more and more and have paced a huge way for short time from unstable low-speed communication networks of low radius to broadband networks equitable to speed of wired networks with high criteria to the quality of provided services.

WEP-3ax are dedicated to be installed inside buildings as an access points and to create a seamless wireless network using several identical access points ("Roaming") on a large area.

This manual specifies intended purpose, main technical parameters, design, safe operation rules, installation and configuration recommendations for WEP-3ax.

Symbols

Notes and warnings

Device description

Purpose

The WEP-3ax wireless access points are designed to provide users with access to high-speed and safe network.

The devices are dedicated to create L2 wireless networks interfacing with a wired network. WEP-3ax is connected to a wired network via 100/1000/2500M Ethernet interface and arranges high-speed access to the Internet for devices supporting Wi-Fi technology at 2.4 and 5 GHz.

The devices have two radio interfaces to organize two physical wireless networks.

WEP-3ax supports up-to-date requirements to service quality and allow transmitting more important traffic in higher priorities queues. Prioritization is based on the main QoS technologies: CoS (Special tags in the VLAN packet field) and ToS (tags in the IP packet field).

Support for traffic shaping on each VAP allows to fully manage service quality and restrictions, both for all subscribers and for everyone in particular.

The devices are designed to be installed in offices, state buildings, conference halls, laboratories, hotels, etc. The creation of virtual access points with different types of encryption allows clients to delimit access rights among users and groups of users.

Device specification

Interfaces:

• 1 port of Ethernet 100/1000/2500BASE-T (RJ-45) with PoE+ support;
• Wi-Fi 2.4 GHz IEEE 802.11b/g/n/ax;
• Wi-Fi 5 GHz IEEE 802.11a/n/ac/aх.

Functions:

WLAN capabilities:

• Support for IEEE 802.11a/b/g/n/ac/ax standards;
• Support for roaming IEEE 802.11r/k/v;
• Data aggregation, including A-MPDU (Tx/Rx) and A-MSDU (Rx);
• WMM-based priorities and packet planning;
• Wireless bridges (WDS);
• Dynamic frequency selection (DFS);
• Support for hidden SSID;
• 32 virtual access points;
• Third-party access point detection;
• Spectrum analyzer;
• Channel auto-selection;
• BSS coloring.

Network functions:

• Auto-negotiation of speed, duplex mode and switching between MDI and MDI-X modes;
• Support for VLAN;
• NTP;
• GRE;
• DHCP client.

QoS functions:

• Bandwidth limiting for each SSID;
• Client data rate limiting for each SSID;
• Support for prioritization by CoS and DSCP.

Security:

• Centralized authorization via RADIUS server (802.1X WPA/WPA2/WPA3 Enterprise);
• WPA/WPA2/WPA3 data encryption;
• Support for Captive Portal;
• Support for WIDS/WIPS¹.

Figure 1 shows WEP-3ax application diagram.

Figure 1 – WEP-3ax application diagram

Device technical parameters

Table 1 – Main Specifications

¹ WIDS/WIPS support is provided under the license. 

Radiation patterns

Radiation patterns for the embedded antennas are given below.

Design

WEP-3ax is enclosed in a plastic case.

Device main panel

The main panel layout of the device is shown in Figure 2.

Figure 2 – Main panel of the device

The following light indicators, connectors and controls are located on the main panel of WEP-3ax (Table 2).

Table 2 – Description of indicators, ports and controls

Light indication

The current device state is displayed by Wi-Fi, LAN, Power indicators. The possible states of indicators are described in Table 3.

Table 3 – Light indication of device state

Reset to the default configuration

The device can be reset to the factory configuration using the "F” button. Press and hold the "F" button until the "Power" indicator starts flashing. The device will automatically reboot. DHCP client will be launched by default. If the address is not obtained via DHCP, the device will have the default IP address — 192.168.1.10, and the following netmask — 255.255.255.0.

Delivery package

The delivery package includes:

• WEP-3ax wireless access point;
• Mounting kit;
• User manual on a CD (optionally);
• Technical passport.

Rules and recommendations for device installation

This section defines safety rules, installation recommendations, setup procedure and the device starting procedure.

Safety rules

1. Do not install the device close to heat sources or at rooms with temperature below 5 °C or higher 40 °C.
2. Do not use the device in places with high humidity. Do not expose the device to smoke, dust, water, mechanical vibrations or shocks.
3. Do not open the device case. There are no user serviceable parts inside.

Installation recommendations

1. Recommended mounting position: horizontal, on the ceiling.
2. Before installing the device and turning it on, check the device for visible mechanical defects. If defects are observed, stop the device installation, fill in the corresponding act and contact the supplier.
3. If the device has been exposed to the cold for a long period of time, let it warm up at room temperature for two hours before starting work. If the device has been exposed to high humidity for a long period of time, let it stay under normal conditions for at least 12 hours before turning it on.
4. During the device installation, follow these rules to ensure the best Wi-Fi coverage:
   1. Install the device at the center of a wireless network;
   2. Minimize the number of obstacles (walls, ceilings, furniture and etc.) between access point and other wireless network devices;
   3. Do not install the device near (about 2 m) electrical and radio devices;
   4. It is not recommended to use radiophone and other equipment operating at the frequency of 2.4 GHz, 5 GHz in Wi-Fi effective radius;
   5. Obstacles in the form of glass/metal constructions, brick/concrete walls, water cans and mirrors can significantly reduce Wi-Fi action radius. It is not recommended to place the device inside a false ceiling as metal frame causes multipath signal propagation and signal attenuation.
5. When installing several access points, cell action radius should overlap with action radius of a neighboring cell at the level from -65 to -70 dBm. It is allowed to reduce the signal level to -75 dBm at cell boundaries, if it is not intended to use VoIP, video streaming and other sensitive to losses traffic in wireless network. 

Calculating the number of required access points

To calculate the required number of access points, evaluate the required coverage zone. For a more accurate assessment, it is necessary to make a radio examination of the room. Approximate coverage radius of confident reception of WEP-3ax access points when mounted on the ceiling in a typical office space: 2.4 GHz — 40–50 m, 5 GHz — 20–30 m. If there are no obstacles, the coverage area is up to 100 m for the 2.4 GHz band and up to 60 m for the 5 GHz band. 
Table 4 describes approximate attenuation values.

Table 4 – Attenuation values

Channel selection for neighboring access points

It is recommended to set non-overlapping channels to avoid interchannel interference among neighboring access points.

Figure 3 – General diagram of frequency channel overlap in the range of 2.4 GHz 

For the example of channel allocation scheme among neighboring access points in the 2.4 GHz band when channel width is 20 MHz, see Figure 4.

Figure 4 – Scheme of channel allocation among neighboring access points in the 2.4 GHz band when channel width is 20 MHz

Similarly, the procedure of channel allocation is recommended to save for access point allocation between floors, see Figure 5.

Figure 5 – Scheme of channel allocation between neighboring access points that are located between floors

With a channel width of 40 MHz there are no non-overlapping channels in the 2.4 GHz band. In such cases, it is required to select channels maximally separated from each other.

Figure 6 – Channels used in the 5 GHz band when channel width is 20, 40 or 80 MHz

Device installation

The device should be installed on the plain surface (wall, ceiling) in accordance with the safety instruction and recommendations listed above.
The device delivery package includes required mounting kit to attach the device to plain surface.

Wall mounting procedure

1. Fix the plastic bracket (included in the delivery package) to the wall. An example of placing the plastic bracket is shown in Figure 7.

Figure 7 – Attaching the bracket to a wall

• When installing the bracket, pass wires through the corresponding channels on the bracket, see Figure 7.
• Align the screw holes on the bracket with the same holes on the surface. Using a screwdriver, secure the bracket with screws to the surface.

2. Install the device. 

• Connect cables to the corresponding connectors of the device. Description of the connectors is given in the Design section.
• Align the device with the bracket and fix the position by pulling it down.

False ceiling mounting procedure 

1 — metal bracket; 2 — Armstrong panel; 3 — plastic bracket; 4 — screws; 5 — device.

Figure 8 – Mounting on a false ceiling

1. Attach metal and plastic brackets to a ceiling as shown in Figure 8.

• Fasten the plastic bracket (3) with the metal bracket (1) on the false ceiling in the following order: metal bracket -> Armstrong panel -> plastic bracket.
• Cut the hole in the Armstrong panel. The size of the hole should be equal to a hole of the metal bracket. Pass the wires through the hole.
• Align holes in the metal bracket with holes of the Armstrong panel and the plastic bracket. Next, align the screw holes on the plastic bracket with the same holes on the metal bracket. Use a screwdriver to fix brackets with screws.

2. Install the device.

• Connect cables to the corresponding connectors of the device. Description of the connectors is given in the Design section.
• Align the device with the plastic bracket and secure the position by turning the device clockwise.

Removing the device from the bracket

To remove the device from the bracket:

1. Pull the device up (Figure 7).
2. Remove the device.

Device management via the web interface

Getting started

To get started, connect to the device via WAN interface using a web browser:

1. Open a web browser, for example, Firefox, Opera, Chrome.

2. Enter the device IP address in the browser address bar.

When the device is successfully detected, username and password request page will be shown in the browser window:

3. Enter username into "Login" and password into "Password" field.

4. Click "Log In". A menu for monitoring the status of the device will open in a browser window.

5. If necessary, select the information display language. Russian and English languages are available for web interface of WEP-3ax. 

Applying configuration and discarding changes

1. Applying configuration 

The WEP-3ax web interface has a visual indication of the current status of the setting applying process (Table 5). 

Table 5 – Visual indication of the current status of the setting application process

2. Discarding changes

The button for discarding changes appears as follows: .

Web interface basic elements

Navigation elements of the web interface are shown in the figure below.

User interface window is divided into five general areas:

1. Menu tabs categorize the submenu tabs: Monitoring, Radio, VAP, WDS, Network Settings, External Services, System.
2. Interface language selection and Logout button designed to end a session in the web interface under a given user.
3. Submenu tabs allow one to control settings field.
4. Device configuration field displays data and configuration.
5. Information field displays the firmware and web interface versions.

"Monitoring" menu

In the "Monitoring" menu, the current system state can be viewed.

"Wi-Fi Clients" submenu

The "Wi-Fi clients" submenu displays information about the status of connected Wi-Fi clients.

• # – number of the connected device in the list;
• Hostname – network name of the device;
• IP Address – IP address of the connected device;
• MAC – MAC address of the connected device;
• Interface – WEP-3ax interface for interaction with the connected device;
• Link Capacity – parameter that displays how effectively the access point uses modulation to transmit. It is calculated based on the number of packets transmitted on each modulation to the client, and reduction factors. The maximum value is 100 % (it means that all packets are transmitted to the client at maximum modulation for the maximum nss type supported by the client). The minimum value is 2 % (in case when packets are transmitted on nss1mcs0 modulation for a client with MIMO support). The parameter value is calculated for the last 10 seconds;
• Link Quality – parameter that displays the state of the link to the client, calculated based on the number of retransmit packets sent to the client. The maximum value is 100 % (all transmitted packets were sent on the first attempt), the minimum value is 0 % (no packets were successfully sent to the client). The parameter value is calculated for the last 10 seconds;
• Link Quality Common – parameter that displays the status of the link to the client, calculated based on the number of retransmit packets sent to the client. The maximum value is 100 % (all transmitted packets were sent on the first attempt), the minimum value is 0 % (no packets were successfully sent to the client). The parameter value is calculated for the entire time of the client connection;
• RSSI – received signal level, dBm;
• SNR – signal/noise ratio, dB;
• TxRate – channel data rate of transmission, Mbps;
• RxRate – channel data rate of reception, Mbps;
• Tx BW – transmission bandwidth, MHz;
• Rx BW – reception bandwidth, MHz;
• Uptime – Wi-Fi client connection uptime.

To display more detailed information on a particular client, select it from the list. A detailed description includes the following options: 

• Total TX/RX, bytes – number of bytes sent/received on the connected device;
• Total TX/RX, packets – number of packets sent/received on the connected device;
• Data TX/RX, bytes – number of data bytes sent/received on the connected device;
• Data TX/RX, packets – number of data packets sent/received on the connected device;
• Fails, packets – number of packets sent with errors on the connected device;
• TX Period Retry, packets – number of retries of transmission to the connected device for the last 10 seconds;
• TX Retry Count, packets – number of retries of transmission to the connected device during the entire connection;
• Actual TX/RX Rate, kbps – current traffic transmission rate at the moment.

"Traffic Statistics" submenu

The “Traffic Statistics” section displays the graphs of the transmitted/received traffic speed for the last 3 minutes, as well as statistics on the amount of transmitted/received traffic since the access point was turned on. 

The WLAN0 and WLAN1 Tx/Rx graphs show the rate of transmitted/received traffic via Radio 2.4 GHz (WLAN0) and Radio 5 GHz (WLAN1) interfaces for the last 3 minutes. The gragh is automatically updated every 2 seconds.

The LAN Tx/Rx graph shows the speed of the transmitted/received traffic via Ethernet interface of the access point for the last 3 minutes. The graph is automatically updated every 2 seconds.  

"Transmit" table description:

• Interface – name of the interface;
• Total Packets – number of successfully sent packets;
• Total Bytes – number of successfully sent bytes;
• Total Drop – number of rejected packets;
• Errors – number of errors.

"Receive" table description:

• Interface – name of the interface;
• Total Packets – number of successfully received packets;
• Total Bytes – number of successfully received bytes;
• Total Drop – number of rejected packets;
• Errors – number of errors.

"Scan Environment" submenu

The "Scan Environment" submenu allows scanning the surrounding radio to detect neighboring access points.

Click "Scan" to start the environment scanning process. When the process is completed, the page will display a list of detected access points and information about them:

• Last scan was... – last scan date and time;
• Range – specifies the range of 2.4 GHz or 5 GHz in which the access point was detected;
• SSID – SSID of the detected access point;
• Security Mode – security mode of the detected access point;
• MAC – MAC address of the detected access point;
• Channel/Bandwidth – radio channel on which the detected access point operates;
• RSSI – the level with which the device receives the signal of the detected access point, dBm.

"Spectrum Analyzer" submenu

In the "Spectrum Analyzer" submenu, the spectrum analyzer is started and monitored.

The WEP-3ax devices have the ability to run a spectrum analyzer on the 2.4 GHz and 5 GHz radio interfaces.

Running the spectrum analyzer on radio interfaces

Click "Scan" to start the spectrum analyzer. The information window to the right of the button displays the time in seconds that has elapsed since the start of scanning. The time of the spectrum analyzer on the Radio 2.4 GHz radio interface does not exceed 26 seconds, on the Radio 5 GHz does not exceed 34 seconds.  

• Last scan was... – last scan date and time;
• Channels list – list of channels to be scanned;
• Channel – number of the channel on which the scan was performed;
• Load – information about radio channel load, expressed as a percentage.

"Events" submenu

The “Events” submenu provides a list of events occurring on the device in real time. The event log contains the following information:

• Date and Time – date and time when the event was generated;
• Type – category and severity level of the event;
• Service – name of the process that generated the message;
• Message – event description.

Table 6 – Description of event severity levels

To receive new messages in the event log, click "Refresh".

If necessary, all old messages can be deleted from the log by clicking “Clear”.

"Network Information" submenu

In the "Network Information" submenu, general network settings of the device can be viewed. 

WAN Status:

• Interface – name of the interface;
• Protocol – protocol used for access to WAN;
• IP Address – device IP address in external network;
• RX Bytes – number of bytes received on WAN;
• TX Bytes – number of bytes sent from WAN.

Ethernet:

• Link Status – Ethernet port status;
• Speed – Ethernet port connection speed;
• Duplex – data transfer mode:
  • Full – full duplex;
  • Half – half-duplex.

ARP:
The ARP table contains mapping information between the IP and MAC addresses of neighboring network devices:

• IP Address – device IP address;
• MAC – device MAC address.

Routes:

• Interface – name of the bridge interface;
• Destination – IP address of destination host or subnet that the route is established to;
• Gateway – gateway IP address that allows for the access to the Destination;
• Netmask – subnet mask;
• Flags – certain route characteristics. The following flag values exist:
  • U – means that the route is created and passable;
  • H – identifies the route to the specific host;
  • G – means that the route lies through the external gateway; System network interface provides routes in the network with direct connection. All other routes lie through the external gateways. G flag is used for all routes except for the routes in the direct connection networks;
  • R – indicates that the route was most likely created by a dynamic routing protocol running on the local system using the reinstate parameter;
  • D – indicates that the route was added as a result of receiving an ICMP Redirect Message. When the system learns the route from the ICMP Redirect message, the route will be added into the routing table in order to exclude redirection of the following packets intended for the same destination;
  • M – means that the route was modified – likely by a dynamic routing protocol running on a local system with the "mod" parameter applied;
  • A – points to a buffered route to which an entry in the ARP table corresponds;
  • C – means that the route source is the core routing buffer;
  • L – indicates that the destination of the route is one of the addresses of this computer. Such "local routes" exist in the routing buffer only;
  • B – means that the route destination is a broadcasting address. Such "broadcast routes" exist in the routing buffer only;
  • I – indicates that the route is connected to a ring (loopback) interface for a purpose other than to access the ring network. Such "internal routes" exist in the routing buffer only;
  • ! – means that datagrams sent to this address will be rejected by the system.

"Radio Information" submenu

The "Radio Information" submenu displays the current status of WEP-3ax radio interfaces. 

Radio interfaces of an access point may be in two states: "On" and "Off". The status of each of the radio interfaces is reflected in the "Status" parameter.
Radio status depends on whether a given radio interface has virtual access points (VAP) enabled. If there is at least one active VAP on the radio interface, Radio will be in the "On" status, otherwise it will be in "Off" status.

Depending on Radio status, the following information is available for monitoring:

"Off":

• Status – radio interface status.

"On":

• Status – radio interface status;
• Mode – radio interface operation mode according to IEEE 802.11 standards;
• Channel – number of the wireless channel on which the radio interface operates;
• Channel Bandwidth – the bandwidth of the channel where the radio interface operates, MHz;
• Transmit Power Output – actual power of the transmitter, dBm.

"Device Information" submenu

The "Device Information" submenu displays main WEP-3ax parameters. 

• Product – device model name;
• Hardware Version – device hardware version;
• Factory MAC Address – device WAN interface MAC address, set by the manufacturer; 
• Serial Number – device serial number, set by the manufacturer;
• Software Version – device firmware version;
• Backup Version – previously installed firmware version;
• Boot Version – device firmware boot version;
• System Time – current time and date, set in the system;
• Uptime – time since the last start or restart of the device;
• CPU Usage – average percentage of CPU load for the last 5 seconds;
• Memory Usage – percentage of the device memory usage.

"Radio" menu

In the "Radio" menu, the wireless interface can be configured.

"Radio 2.4 GHz" submenu

In the "Radio 2.4 GHz" submenu, the main parameters of the radio interface of the device operating in the 2.4 GHz band can be configured. 

• Mode – interface operation mode according to the following standards:
  • IEEE 802.11ax;
  • IEEE 802.11b/g/n;
  • IEEE 802.11b/g/n/ax.
• Auto Channel – when checked, the device will automatically select the least loaded radio channel for the Wi-Fi interface. Removing the flag opens the access to install the static operation channel;
• Channel – select channel for data transmission;
• Use Limit Channels – when checked, the access point will use a user-defined list of channels to work in automatic channel selection mode. If the "Use Limit Channels" flag is not checked or there are no channels in the list, the access point will select the operation channel from all available channels in the given band. The 2.4 GHz band channels: 1–13;
• Channel Bandwidth, MHz – the bandwidth of the channel where the radio interface operates. Can take a value of 20 or 40 MHz;
• Primary Channel – the parameter can only be changed if the bandwidth of a statically specified channel is equal to 40 MHz. The 40 MHz channel can be considered as consisting of two 20 MHz channels, which border in the frequency range. These two 20 MHz channels are called primary and secondary channels. The primary channel is used by clients who only support 20 MHz channel bandwidth:
  • Upper – the primary channel will be the upper 20 MHz channel in the 40 MHz band;
  • Lower – the primary channel will be the lower 20 MHz channel in the 40 MHz band.
• Transmit Power Limit, dBm – transmitting Wi-Fi signal power adjustment, dBm. May take values between 6 and 16 dBm.

In the "Advanced" section, the advanced radio interface parameters of the device can be configured.

• OBSS Coexistence – automatic channel bandwidth reduction when the channel is loaded. When checked, the mode is enabled;
• Short Guard Interval – support for Short Guard interval. Access point transmits data using 400 ns Guard interval (instead of 800 ns) to clients which also support Short GI;
• STBC – Space-Time Block Coding method dedicated to improve data transmission reliability. When checked, the device transmits one data flow through several antennas. When unchecked, the device does not transmit one data flow through several antennas;
• Beacon Interval, ms – Beacon frame sending period. The frames are sent to detect access points. The parameter takes values from 20 to 2000 ms, by default – 100 ms;
• Fragmentation Threshold – frame fragmentation threshold, bytes. The parameter takes values 256–2346, by default – 2346;
• RTS Threshold – specifies the number of bytes over which the Request to Send will be sent. Decreasing this value can improve the performance of the access point when there are a lot of connected clients.
  However this reduces general throughput of wireless network. The parameter takes values from 0 to 2347, by default – 2347;
• Frame Aggregation – enable support for AMPDU/AMSDU;
• Short Preamble – use of the packet short preamble;
• Airtime Fairness – over-the-air radio accessibility feature. When checked, the function is active – the airtime is distributed evenly among users;
• DHCP Snooping Mode – selection of DHCP option 82 processing policy. Available values for selection:
  • ignore – option 82 processing is disabled. Default value;
  • remove – access point deletes the value of option 82;
  • replace – access point substitutes or replaces the value of option 82. When selecting this value to edit, the following parameters are opened:
    • DHCP Option 82 CID Format – replacement of the CID parameter value, can take values:
      • APMAC-SSID – replacement of the CID parameter value to <MAC address of the access point>-<SSID name>. Default value;
      • SSID – replacement of the CID parameter value to SSID name, to which the client is connected;
      • custom – replacement of the CID parameter value to the value specified in the "Option 82 Unique CID";
        • Option 82 Unique CID – an arbitrary string of up to 52 characters that will be passed to the CID. If the parameter value is not set, the point will change the CID to the default value — APMAC-SSID.
    • DHCP Option 82 RID Format – replacement of the RID parameter value, can take the following values:
      • ClientMAC – change the RID content to the MAC address of the client device. Default value;
      • APMAC – change the RID content to the MAC address of the access point;
      • APdomain – change the RID content to the domain in which the access point is located;
      • custom – change the RID content to the value specified in the "Option 82 Unique RID";
        • Option 82 Unique RID – an arbitrary string of up to 63 characters that will be passed to the RID. If the parameter value is not set, the point will change the RID to the default value — ClientMAC.
    • DHCP Option 82 MAC Format – selection of octet delimiters of the MAC address, which is transmitted in CID and RID:
      • AA:BB:CC:DD:EE:FF – the delimiter is a colon (:). Default value;
      • AA-BB-CC-DD-EE-FF – the delimiter is a dash (-).

"Radio 5 GHz" submenu

In the "Radio 5 GHz" submenu, the main parameters of the radio interface of the device operating in the 5 GHz band can be configured. 

• Mode – interface operation mode according to the following standards:
  • IEEE 802.11ax;
  • IEEE 802.11a/n/ac;
  • IEEE 802.11a/n/ac/ax.
• Auto Channel – when checked, the device will automatically select the least loaded radio channel for the Wi-Fi interface. Removing the flag opens the access to install the static operation channel;
• Channel – select channel for data transmission;
• Use Limit Channels – when checked, the access point will use a user-defined list of channels to work in automatic channel selection mode. If the "Use Limit Channels" flag is not checked or there are no channels in the list, the access point will select the operation channel from all available channels in the given band. The 5 GHz band channels: 36–64, 132–144, 149–165;
• Channel Bandwidth, MHz – channel bandwidth, on which the access point operates. The parameter may take values of 20, 40 and 80 MHz;
• Primary Channel – the parameter can only be changed if the bandwidth of a statically specified channel is equal to 40 MHz. The 40 MHz channel can be considered as consisting of two 20 MHz channels, which border in the frequency range. These two 20 MHz channels are called primary and secondary channels. The primary channel is used by clients who only support 20 MHz channel bandwidth:
  • Upper – the primary channel will be the upper 20 MHz channel in the 40 MHz band;
  • Lower – the primary channel will be the lower 20 MHz channel in the 40 MHz band.
• Transmit Power Limit, dBm – transmitting Wi-Fi signal power adjustment, dBm. May take values between 10 and 19 dBm.

In the "Advanced" section, the advanced radio interface parameters of the device can be configured.

• OBSS Coexistence – automatic channel bandwidth reduction when the channel is loaded. When checked, the mode is enabled;
• DFS Support – dynamic frequency selection mechanism. The mechanism demands wireless devices to scan environment and avoid using channels which coincide with radiolocation system's channels at 5 GHz:
  • Disabled – the mechanism is disabled. DFS channels are not available for selection;
  • Enabled – the mechanism is enabled;
  • Forced – the mechanism is disabled. DFS channels are available for selection.
• Short Guard Interval – support for Short Guard interval. Access point transmits data using 400 ns Guard interval (instead of 800 ns) to clients which also support Short GI;
• STBC – Space-Time Block Coding method dedicated to improve data transmission reliability. When checked, the device transmits one data flow through several antennas. When unchecked, the device does not transmit one data flow through several antennas;
• Beacon Interval, ms – Beacon frame sending period. The frames are sent to detect access points. The parameter takes values from 20 to 2000 ms, by default – 100 ms;
• Fragmentation Threshold – frame fragmentation threshold, bytes. The parameter takes values 256–2346, by default – 2346;
• RTS Threshold – after what quantity of bytes the Request to Send will be sent. Decreasing this value can improve access point operation when there are a lot of clients connected. However, this reduces general throughout of wireless network. The parameter takes values from 0 to 65535, by default – 2347;
• Frame Aggregation – enable support for AMPDU/AMSDU;
• Short Preamble – use of the packet short preamble;
• Airtime Fairness – over-the-air radio accessibility feature. When checked, the function is active – the airtime is distributed evenly among users;
• DHCP Snooping Mode – selection of DHCP option 82 processing policy. Available values for selection:
  • ignore – option 82 processing is disabled. Default value;
  • remove – access point deletes the value of option 82;
  • replace – access point substitutes or replaces the value of option 82. When selecting this value to edit, the following parameters are opened:
    • DHCP Option 82 CID Format – replacement of the CID parameter value, can take values:
      • APMAC-SSID – replacement of the CID parameter value to <MAC address of the access point>-<SSID name>. Default value;
      • SSID – replacement of the CID parameter value to SSID name, to which the client is connected;
      • custom – replacement of the CID parameter value to the value specified in the "Option 82 Unique CID";
        • Option 82 Unique CID – an arbitrary string of up to 52 characters that will be passed to the CID. If the parameter value is not set, the point will change the CID to the default value — APMAC-SSID.
    • DHCP Option 82 RID Format – replacement of the RID parameter value, can take the following values:
      • ClientMAC – change the RID content to the MAC address of the client device. Default value;
      • APMAC – change the RID content to the MAC address of the access point;
      • APdomain – change the RID content to the domain in which the access point is located;
      • custom – change the RID content to the value specified in the "Option 82 Unique RID";
        • Option 82 Unique RID – an arbitrary string of up to 63 characters that will be passed to the RID. If the parameter value is not set, the point will change the RID to the default value — ClientMAC.
    • DHCP Option 82 MAC Format – selection of octet delimiters of the MAC address, which is transmitted in CID and RID:
      • AA:BB:CC:DD:EE:FF – the delimiter is a colon (:). Default value;
      • AA-BB-CC-DD-EE-FF – the delimiter is a dash (-).

"Advanced" submenu

In the "Advanced" submenu, the advanced device radio interface parameters can be configured.

• Global Isolation – when checked, traffic isolation between clients of different VAPs and different radio interfaces is enabled.

To apply a new configuration and save setting to non-volatile memory, click "Apply". Click "Cancel" to discard the changes.

"VAP" menu

In the "VAP" menu, virtual Wi-Fi access points (VAPs) can be configured. 

"Summary" submenu

The "Summary" submenu displays the settings of all VAPs on the Radio 2.4 GHz and the Radio 5 GHz radio interfaces.

Only the first four VAPs of each radio interface are displayed on the page by default. To see a full list of available VAPs, click "Show all". Click "Minimize" to return the display of VAPs number in the list to its original state.

• VAP0..15 – the sequence number of the virtual access point;
• Enabled – when checked, the virtual access point is enabled, otherwise it is disabled;
• Security Mode – the type of data encryption used on the virtual access point;
• VLAN ID – VLAN number from which the tag will be removed when transmitting Wi-Fi traffic to clients connected to this VAP. When traffic flows in the opposite direction, untagged traffic from clients will be tagged with VLAN ID (when VLAN Trunk mode is disabled);
• SSID – virtual wireless network name;
• Broadcast SSID – when checked, SSID broadcasting is on, otherwise it is disabled;
• Band Steer – when checked, the client's priority connection to the 5 GHz network is active. For this function to work, it is required to create a VAP with the same SSID on each radio interface, and activate the "Band Steer" option on them;
• VLAN Trunk – when checked, tagged traffic is transmitted to the subscriber;
• General Mode – when checked, transmission of untagged traffic jointly with tagged traffic is allowed (available when Trunk VLAN mode is enabled);
• General VLAN ID – a tag will be removed from the specified VLAN ID and the traffic of this VLAN will be transmitted to the client without a tag. When traffic passes in the opposite direction, untagged traffic will be tagged with General VLAN ID;
• Station Isolation – when checked, traffic isolation between clients in the same VAP is enabled.

To apply a new configuration and save setting to non-volatile memory, click "Apply". Click "Cancel" to discard the changes.

"VAP" submenu

Common Settings

• Enabled – when checked, the virtual access point is enabled, otherwise it is disabled;
• VLAN ID – VLAN number from which the tag will be removed when transmitting Wi-Fi traffic to clients connected to this VAP. When traffic flows in the opposite direction, untagged traffic from clients will be tagged with VLAN ID (when VLAN Trunk mode is disabled);
• SSID – virtual wireless network name;
• Broadcast SSID – when checked, SSID broadcasting is on, otherwise it is disabled;
• Band Steer – when checked, the client's priority connection to the 5 GHz network is active. For this function to work, you need to create a VAP with the same SSID on each radio interface, and activate the "Band Steer" option on them;
• VLAN Trunk – when checked, tagged traffic is transmitted to the subscriber;
• General Mode – when checked, transmission of untagged traffic jointly with tagged traffic is allowed (available when Trunk VLAN mode is enabled);
• General VLAN ID – a tag will be removed from the specified VLAN ID and the traffic of this VLAN will be transmitted to the client without a tag. When traffic passes in the opposite direction, untagged traffic will be tagged with General VLAN ID;
• Station Isolation – when checked, traffic isolation between clients in the same VAP is enabled;
• 802.11k/v – enable 802.11k/v support on the virtual access point;
• Priority – select prioritization means. Defines the field on the basis of which the traffic transmitted to the radio interface will be distributed in WMM queues:
  • DSCP – will analyze the priority from the DSCP field of the IP packet header;
  • 802.1p – will analyze the priority from the CoS (Class of Service) field of the tagged packets.
• Minimal Signal – when checked, the function of disabling the client Wi-Fi equipment at low signal level (Minimal Signal) is enabled. The following parameters should be configured for the functionality to operate:
  • Minimal Signal Level – signal level in dBm below which the client equipment is disconnected from the virtual network;
  • Roaming Signal Level – roaming sensitivity level in dBm, below which the client equipment is switched to another access point. The parameter should be lower than the Minimal Signal: If Minimal Signal = -75 dBm, then the Roaming Signal Level should be equal to -70 dBm, for example;
  • Minimal Signal Timeout – the period of time after which the decision is made to disconnect the client equipment from the virtual network.
• Security Mode – wireless access security mode:
  • Off – do not use encryption for data transfer. The access point is available for any subscriber to connect;
  • WPA, WPA2, WPA/WPA2, WPA2/WPA3, WPA3 – encryption methods, if one of these methods is chosen, the following setting will be available:
    • WPA Key – key/password required to connect to the virtual access point. The length of the key is from 8 to 63 characters.
  • WPA-Enterprise, WPA2-Enterprise, WPA3-Enterprise, WPA/WPA2-Enterprise, WPA2/WPA3-Enterprise – wireless channel encryption mode, in which the client is authorized on the centralized RADIUS server. To configure this security mode, specify the parameters of the RADIUS server. 

• MFP – management frame protection (available for WPA2, WPA3, WPA2/WPA3, WPA2-Enterprise, WPA3-Enterprise, WPA2/WPA3-Enterprise security modes. When choosing other security modes, MFP is set to "Disabled" state. When WPA3 security mode is chosen, MFP is set to "Enabled" state):
  • Not required – MFP is disabled;
  • Capable – MFP works if client supports MFP. Clients without MFP support can be connected to this VAP;
  • Required – MFP is enabled, clients without MFP support can not be connected to this VAP.
• 802.11r – fast roaming works only with clients supporting the IEEE 802.11r standard. The 802.11r roaming is possible only between VAPs with WPA2, WPA3, WPA2/WPA3, WPA2-Enterprise, WPA3-Enterprise, WPA2/WPA3-Enterprise security modes.
  • 802.11r Support – enable 802.11r support on the VAP;
  • Manual – when checked, it is possible to manually set-up roaming parameters;
  • FT-over-DS – enable the "Over the DS" mode;
  • R0-key-holder-id – a unique key for a given VAP, for example, a serial key number;
  • R1-key-holder-id – MAC address of VAP (it can be seen using the ifconfig command);
  • Mobility Domain – number of group within which the roaming can be completed. Accepts values from 0 to 65535;
  • Remote-MAC:
    • MAC – MAC address of the remote accesss point VAP interface. Maiximum number – 256;
    • Remote-R0-key-holder-id – a unique key, should match “R0-key-holder-id ” on the VAP of the remote AP;
    • Remote-R1-key-holder-id – MAC address of VAP on the remote AP;
    • RRB-key-R0 – random key. It should not match "RRB-key-R1", but definitely should match the “RRB key R1” of the remote AP. The key length – 16 characters;
    • RRB-key-R1 – random key. It should not match "RRB-key-R0", but definitely should match the “RRB key R0” of the remote AP. The key length – 16 characters.

RADIUS Server

• Domain – user domain;
• Authentication IP – RADIUS server address;
• Authentication Port – port of the RADIUS server that used for authentication and authorization;
• Authentication Shared Secret – key for the RADIUS server used for authentication and authorization;
• Enable Accounting – when checked, "Accounting" messages will be sent to the RADIUS server;
• Use Other Settings For Accounting:
  • Accounting IP – address of the RADIUS server, used for accounting;
  • Accounting Port – port that will be used to collect accounting on the RADIUS server;
  • Accounting Shared Secret – password for the RADIUS server used for accounting.
• Enable Periodic Accounting – enable periodic sending of "Accounting" messages to the RADIUS server:
  • Accounting Interval – interval for sending the "Accounting" messages to the RADIUS server in seconds.
• Backup RADIUS – when checked, a table appears where the backup RADIUS servers can be added. If the primary RADIUS server is unavailable, requests will be sent to backup RADIUS servers listed in the table. The parameters in the table correspond to the parameters described above. In total up to 4 backup RADIUS servers can be added.

ACL

MAC address authentification.

• Mode:
  • Off – disbale MAC address authentification; 
  • RADIUS – enable user RADIUS MAC authentication.
• Policy:
  • allow – for the current SSID the selected list will be white (the access is allowed for devices from the list); 
  • deny – for the current SSID the selected list will be black (the access is denied for devices from the list).

Captive Portal

For such security modes as Off, WPA, WPA2, WPA/WPA2, WPA3, WPA2/WPA3 captive portal setting is available on the VAP.

• Enable – when checked, authorization of users in the network will be performed via the virtual portal;
• Virtual Portal Name – name of the virtual portal to which the user will be redirected when connecting to the network;
• Redirect URL – address of the external virtual portal to which the user will be redirected when connecting to the network.

RADIUS

• Enable Accounting – when checked, "Accounting" messages will be sent to the RADIUS server;
• Domain – user domain;
• Accounting IP – address of the RADIUS server, used for accounting;
• Accounting Port – port that will be used to collect accounts on the RADIUS server;
• Accounting Shared Secret – password for the RADIUS server used for accounting;
• Enable Periodic Accounting – enable periodic sending of "Accounting" messages to the RADIUS server:
  • Accounting Interval – interval for sending the "Accounting" messages to the RADIUS server in seconds.

Shapers

• Enable – enable a configuration field;
• VAP Limit Down – restriction of bandwidth in the direction from the access point to the clients (in total) connected to this VAP, Kbps;
• VAP Limit Up – restriction of bandwidth in the direction from the clients (in total) connected to this VAP, to the access point, Kbps;
• STA Limit Down – restriction of bandwidth in the direction from the access point to the clients (each separately) connected to this VAP, Kbps;
• STA Limit Up – restriction of bandwidth in the direction from the clients (each separately) connected to this VAP, to the access point, Kbps.

To apply a new configuration and save setting to non-volatile memory, click "Apply". Click "Cancel" to discard the changes.

"WDS" menu

In the “WDS” menu, wireless bridges between WEP-3ax are configured.

"WDS" submenu

In the "2.4 GHz" and "5 GHz" tabs of the "WDS" submenu, select the radio interface of the device on which a wireless bridge should be built. 

• Interface – selecting and enabling the WDS interface on which the wireless bridge will be built;
• MAC address – MAC address of the radio interface on the remote device to which the wireless bridge is configured. The MAC address of the radio interface can be found in the remote device web interface, Monitoring/Radio information submenu. To configure WDS on the Radio 2.4 GHz, it is required to specify the MAC address of the remote device Radio 2.4 GHz. The configuration of WDS on the Radio 5 GHz is done in the same way — the MAC address of the remote device Radio 5 GHz is specified. 
• Security Mode – security mode of access to the wireless network:
  • Off – disable the encryption for data transmission;
  • WPA2 – encryption method, when selected the following settings will be available:
    • SSID – Wi-Fi network name;
    • WPA Key – key/password required for connection to the remote access point. The key length is from 8 to 63 characters.

To apply a new configuration and save setting to non-volatile memory, click "Apply". Click "Cancel" to discard the changes.

"Network settings" menu

"System Configuration" submenu

• Hostname – network name of the device, specified by string from 1 to 63 characters; latin uppercase and lowercase letters, numbers, hyphen '-' (hyphen can not be the last character in the name);           
• AP Location – domain of the EMS management system tree host where the access point is located;
• Management VLAN:
  • Disabled – Management VLAN is not used;
  • Terminating – mode in which the management VLAN is terminated at the access point; in this case, clients connected via the radio interface do not have access to this VLAN;
  • Forwarding – mode in which the management VLAN is also transmitted to the radio interface (with the appropriate VAP configuration).
• VLAN ID – VLAN ID used to access the device, takes values 1–4094;
• Protocol – select protocol for connection of the device via Ethernet interface to service provider network:
  • DHCP – operation mode, when IP address, subnet mask, DNS server address, default gateway and other parameters required for operation are obtained from DHCP server automatically;
  • Static – operation mode where IP address and all the necessary parameters for WAN interface are assigned statically. If "Static" is selected, the following parameters will be available to set:
    • Static IP – IP address of the device WAN interface in the provider network;
    • Netmask – external subnet mask;
    • Gateway – address, to which the packet is sent, if the route in routing table is not found for it.
  • Primary DNS Server, Secondary DNS Server – IP addresses of DNS servers. If addresses of DNS servers are not allocated automatically via DHCP, set them manually.

To apply a new configuration and save setting to non-volatile memory, click "Apply". Click "Cancel" to discard the changes.

"Access" submenu

In the "Access" submenu, access to the device via the web interface, Telnet, SSH, NETCONF and SNMP can be configured.

• To enable access to the device via the web interface via HTTP protocol, check the box next to "WEB". In the window that appears, it is possible to change the HTTP port (by default, 80). The range of acceptable values of ports, in addition to the default, is from 1025 to 65535 inclusive;

• To enable access to the device via the web interface via HTTPS protocol, check the box next to "WEB-HTTPS". In the window that appears, it is possible to change the HTTPS port (by default, 443). The range of acceptable values of ports, in addition to the default, is from 1025 to 65535 inclusive;

  Note that the ports for the HTTP and HTTPS protocols should not have the same value.

• To enable access to the device via Telnet, check the box next to "Telnet";
• To enable access to the device via SSH, check the box next to "SSH";
• To enable access to the device via NETCONF, check the box next to "NETCONF". 

To change the parameters of the access point SNMP agent, it is necessary to check the "SNMP" box and click the "SNMP", a list of parameters available for editing will appear:

• roCommunity – password for parameter reading (common: public);
• rwCommunity – password for parameter writing (common: private);
• TrapSink – IP address or domain name of SNMPv1-trap message recipient in HOST [COMMUNITY [PORT]] format;
• Trap2Sink – IP address or domain name of SNMPv2-trap message recipient in HOST [COMMUNITY [PORT]] format;
• InformSink – IP address or domain name of Inform message recipient in HOST [COMMUNITY [PORT]] format;
• Sys Name – device name;
• Sys Contact – device vendor contact information;
• Sys Location – device location information;
• Trap Community – password which is contained in traps (by default: trap).

To apply a new configuration and save setting to non-volatile memory, click "Apply". Click "Cancel" to discard the changes.

"External Services" menu

"Captive Portal" submenu

The "Captive Portal" submenu is designed to enable and configure the APB service at the access point.

The APB service is used to provide portal roaming of clients between access points connected to the service.

• Enable – when checked, the point will connect to the APB service, the address of which is specified in the "Roaming Service URL" field, to provide portal roaming of clients;
• Roaming Service URL – APB service address to support roaming in the portal authorization mode. Specified as: "ws://<host>:<port>/apb/broadcast".

To apply a new configuration and save setting to non-volatile memory, click "Apply". Click "Cancel" to discard the changes.

"System" menu

In the "System" menu, the user can configure system, time, device access via different protocols, change password and update device firmware.

"Device Firmware Upgrade" submenu

The "Device Firmware Upgrade" submenu is intended for upgrading the device firmware.

• Active Version – installed firmware version, which is operating at the moment;
• Backup Version – installed firmware version which can be used in case of problems with the current active firmware version;
  • Set Active – button that allows making a backup version of the firmware active, this will require a reboot of the device. The active firmware version will not be set as a backup.

Firmware upgrading

Download the firmware file from http://eltex-co.com/support/downloads/ and save it on your computer. To do this, click "Choose File" in the Firmware Image field and specify the path to the firmware file in .tar.gz format.
To start the update process, click "Start Upgrading". The process may take several minutes (its current status will be shown on the page). The device will automatically reboot when the upgrade is completed.

"Configuration" submenu

In the "Configuration" submenu, the current configuration can be saved and updated.

Backup Configuration

To save current device configuration to local computer click "Download".

Restore Configuration

To download the configuration file saved on the local computer, use the Restore Configuration item. To update the device configuration, click "Choose File" and specify a file (in .tar.gz format) and click "Upload File". Uploaded configuration will be applied automatically and does not require device reboot. 

Reset to Default Configuration

To reset all the settings to default values, click "Reset". If the "Save access setting" box is checked, then those settings that are responsible for access to the device (IP address settings, Telnet/SSH/SNMP/Netconf/web access settings) will be saved.

"Reboot" submenu

To reboot the device, click "Reboot". The device reboot process takes about 1 minute.

"Password" submenu

When logging in via web interface, administrator (default password: password) has the full access to the device: read/write any settings, full device status monitoring.
To change the password, enter the new password first in the "Password" field, then repeat this password in the "Confirm Password" field and click "Apply" to save the configuration.

"Log" submenu

The "Log" submenu is intended to configure the output of various kinds of system debugging messages in order to detect the causes of problems in the device operation. 

• Mode – Syslog agent operation mode:
  • Local File – log information is stored in a local file and is available in the device web interface on the "Monitoring/Events" tab;
  • Server and File – log information is sent to a remote Syslog server and stored in a local file.
• Syslog Server Address – IP address or domain name of the Syslog server;
• Syslog Server Port – port for incoming Syslog server messages (default: 514, valid values: from 1 to 65535);
• File Size – maximum size of the log file (valid values: 1–1000 kB).

"Date and Time" submenu

In the "Date and Time" submenu, the time can be set up manually or using the time synchronization protocol (NTP).

Manual

• Date and Time device – date and time set on the device. Click "Edit" if the correction is necessary;
  • Date, Time – set the current date and time or click "Set current date and time" to synchronize with the device;
• Time Zone – allows setting the time zone according to the nearest city for your region from the list;
• Enable daylight saving time – when checked, automatic daylight saving change will be performed automatically within the defined time period:
  • DST Start – day and time, when daylight saving time is starting;
  • DST End – day and time, when daylight saving time is ending;
  • DST Offset (minutes) – time period in minutes, on which time offset is performing.

NTP Server

• Date and Time device – date and time set on the device at the current moment;
• NTP Server – time synchronization server IP address/domain name. Specify an address or select from an existing list;
• Time Zone – allows setting the time zone according to the nearest city for your region from the list;
• Alternative NTP Addresses – in case when the primary time synchronization server is not available, the device will contact additional time synchronization servers. To add an address to the list, click "Add" and enter the IP address or domain name of the server in the displayed window. To remove an address from the list,  click  in the corresponding line. 

To apply a new configuration and store settings into the non-volatile memory, click "Apply". To discard changes click "Cancel". 

Device management via the command line

Connection to the device

By default, WEP-3ax is configured to receive the address via DHCP. If this does not happen, it is possible to connect to the device using the factory IP address.

Connection to the device is performed via SSH/Telnet:

Network parameters configuration

Network parameters configuration using the set-management-vlan-mode utility

Virtual Wi-Fi access points (VAPs) configuration

When configuring a VAP, remember that the interface names in the 2.4 GHz range start with wlan0, in the 5 GHz range with wlan1.

Table 7 – Commands for configuring security mode on VAP

Below are examples of VAP configuration with different security modes for Radio 5 GHz (wlan1).

Configuration of VAP without encryption

Configuration of VAP with WPA-Personal security mode

Configuration of VAP with Enterprise authorization

Configuration of VAP with Captive Portal

Configuration of VAP with RADIUS MAC authorization

Configuration of backup RADIUS server on VAP

Advanced VAP settings

802.11r configuration

This type of roaming is only available for client devices that support 802.11r.

802.11r roaming is only possible between VAPs with security modes: WPA2 Personal and WPA2 Enterprise.
For instructions on configuring a VAP with different security modes, see section WEP-3ax. User manual#Configuration of VAP with WPA-Personal security mode.

Each VAP on access points should be configured individually, such as AP1(wlan1)↔AP2(wlan1), AP1(wlan0)↔AP2(wlan0), AP1(wlan1)↔AP3(wlan1), etc.

Below is an example of how to configure 802.11r on two access points: AP1 and AP2.

802.11r configuration via AirTune

For 802.11r auto-configuration on the access point via AirTune enable 802.11r functionality and interaction with the AirTune. 
Below is an example of how to configure 802.11r via AirTune. 

AirTune service configuration is described in the SoftWLC controller documentation. 

802.11k configuration

802.11k roaming can be organized between any networks (open/encrypted). If the access point is configured to work with the 802.11k protocol, then, when the client connects, the access point sends a list of "friendly" access points to which the client can switch while roaming. The list contains information about the MAC addresses of access points and the channels on which they operate.

Using 802.11k reduces the time it takes the client to find another network when roaming because the client does not have to scan for channels where there are no target access points available for switching.

This type of roaming is only available for client devices that support 802.11k.

Below is an example of how to configure 802.11k on an access point – making a list of "friendly" access points.

802.11k configuration via AirTune

For 802.11k auto-configuration on the access point via AirTune, enable 802.11k functionality on SSID and interaction with the AirTune. 
Below is an example of how to configure 802.11k via AirTune.

AirTune service configuration is described in the SoftWLC controller documentation. 

802.11v configuration

802.11v roaming can be organized between any networks (open/encrypted). If an access point is configured to work with 802.11v, then during its operation the device sends a special packet (BSS Transition) to the client side recommending that the client roams. Whether or not the client device will follow the access point's recommendation is impossible to guarantee, because the decision to switch to another access point is ultimately made by the client side. In conjunction with the 802.11k standard, in a message with a recommendation to switch the client is also sent a list of recommended roaming access points, indicating on what channel each point works and what standard (IEEE 802.11n/ac/ax). Then the client analyzes the air and make a decision depending on the signal level, channel load, the configuration of the remote access point.

This type of roaming is only available for client devices that support 802.11v.

Radio configuration

In Radio, automatic selection of the operating channel is used by default. To set the channel manually or to change the power, use the following commands:

Advanced Radio settings

DHCP option 82 configuration

Operation mode of DHCP snooping:

• ignore – option 82 processing is disabled. Default value;
• replace – access point substitutes or replaces the value of option 82;
• remove – access points removes the value of option 82. 

If on the radio interface the option 82 processing policy is configured to replace, the following parameters become available for configuration:

WDS configuration

Below is the configuration of a WDS connection on the Radio 5 GHz interface (wlan1).

The remote access point is configured in the same way.

System settings

Device firmware upgrade

Device configuration management

Device reboot

Setting the date and time

Advanced system settings

APB service configuration 

The APB service is used to provide portal roaming of clients between access points connected to the service. 

Configuration of tcpdump utility

The tcpdump utility is designed to analyze and intercept network traffic. This utility allows to intercept traffic from various access point interfaces for further analysis, to change recording parameters (time limits, file size), as well as to send the finished file via TFTP to the server.

Commands for using tcpdump utility

Configuration of IGMP

In the igmp-config section the user can configure the following parameters: enabled, query-interval, querycount, query-resp-interval. Default: enabled true.

Monitoring

Wi-Fi Clients

 index                    | 0
 hw-addr                  | ac:c4:13:1c:aa:aa
 hw-addr                  | 62:33:e6:73:bf:ec
 authenticated            | yes
 associated               | yes
 authorized               | yes
 ip-addr                  | 192.168.40.248
 hostname                 | Pixel-6
 identity                 | ivanov.ivan
 domain                   | enterprise.service.root
 rssi-1                   | -64
 rssi-2                   | -66
 rssi-3                   | 0
 rssi-4                   | 0
 noise-1                  | -94
 noise-2                  | -95
 noise-3                  | 0
 noise-4                  | 0
 snr-1                    | 30
 snr-2                    | 29
 snr-3                    | 0
 snr-4                    | 0
 tx-rate                  | HE NSS2-MCS11 2xLTF GI 0.8us 286.8
 rx-rate                  | HE NSS2-MCS9 2xLTF GI 0.8us 229.4
 actual-tx-rate           | 5
 actual-rx-rate           | 4
 tx-fails                 | 1
 tx-retry-count           | 0
 rx-retry-count           | 328
 tx-bw                    | 20
 rx-bw                    | 20
 tx-period-retry          | 0
 link-capacity            | 100%
 link-quality             | 100%
 link-quality-common      | 100%
 uptime                   | 00:13:46
 interface                | wlan1-vap2
 ssid                     | Eltex-Test
 using-802.11r            | yes
 using-802.11k            | no
 using-802.11v            | no
 wireless-mode            | ax
 name                     | wlan1-vap2:sta-0

  Rate                  Transmitted            Received                
---------------------------------------------------------------------
 Total Packets:       | 50807                | 2527                 |
 TX success:          | 100                  |                      |
 Total Bytes:         | 20608509             | 491365               |
 Data Packets:        | 50803                | 2522                 |
 Data Bytes:          | 20608377             | 490906               |
 Mgmt Packets:        | 4                    | 5                    |
 Mgmt Bytes:          | 132                  | 459                  |
 Dropped Packets:     | 0                    | 772                  |
 Dropped Bytes:       | 0                    | 18495                |
 Lost Packets:        | 1                    |                      |
---------------------------------------------------------------------
 
 Rate                  Transmitted            Received                
---------------------------------------------------------------------
 ofdm6                | 0              |   0%|            829 |  35%|
 he-nss1-mcs0         | 0              |   0%|              1 |   0%|
 he-nss1-mcs8         | 0              |   0%|              7 |   0%|
 he-nss1-mcs11        | 0              |   0%|              2 |   0%|
 he-nss2-mcs0         | 0              |   0%|              1 |   0%|
 he-nss2-mcs1         | 0              |   0%|              1 |   0%|
 he-nss2-mcs2         | 0              |   0%|              4 |   0%|
 he-nss2-mcs3         | 0              |   0%|             12 |   0%|
 he-nss2-mcs4         | 0              |   0%|            161 |   6%|
 he-nss2-mcs5         | 0              |   0%|             92 |   3%|
 he-nss2-mcs6         | 19             |   0%|            182 |   7%|
 he-nss2-mcs7         | 165            |   1%|            196 |   8%|
 he-nss2-mcs8         | 228            |   2%|            213 |   9%|
 he-nss2-mcs9         | 553            |   4%|            227 |   9%|
 he-nss2-mcs10        | 92             |   0%|            254 |  10%|
 he-nss2-mcs11        | 10335          |  90%|            176 |   7%|
---------------------------------------------------------------------

Device information

   system-time: 09:19:58 22.03.2022
   uptime: 13 d 00:51:28
   software-version: 1.10.0 build 105
   uboot-version: 1.10.0 build 105
   secondary-software-version: 1.10.0 build 99
   boot-version: 1.4.1 build 6
   memory-usage: 36
   memory-free: 638
   memory-used: 368
   memory-total: 1006
   cpu: 0.18
   is-default-config: false
   board-type: WEP-3ax
   hw-platform: WEP-3ax
   factory-mac: CC:9D:A2:xx:xx:xx
   factory-serial-number: WP42001953
   hw-revision: 2v2
   tunnel-ip: 10.24.201.148
   last-reboot-reason: firmware update

Network information

   interface: br0
   protocol: dhcp
   ip-address: 192.168.1.15
   mac: e8:28:c1:xx:xx:xx
   mask: 255.255.255.0
   gateway: 192.168.1.1
   DNS-1: 192.168.1.253
   DNS-2: 172.16.7.40
   rx-bytes: 82542744
   rx-packets: 1119782
   tx-bytes: 2281191
   tx-packets: 8853

   link: up
   speed: 1000
   duplex: enabled
   rx-bytes: 82842279
   rx-packets: 1124216
   tx-bytes: 2283061
   tx-packets: 8875

#        ip                mac              
--------------------------------------------
0        192.168.1.1       02:00:48:xx:xx:xx
1        192.168.1.151     2c:fd:a1:xx:xx:xx

Destination       Gateway           Mask              Flags      Interface 
--------------------------------------------------------------------------
0.0.0.0           192.168.1.1      0.0.0.0            UG         br0       
192.168.1.0       0.0.0.0          255.255.255.0      U          br0  

Port     Device ID           Port ID          System Name        Capabilities   TTL    
------   -----------------   --------------   ----------------   ------------   -----  
eth0     e0:d9:e3:eb:66:80   gi1/0/10                                           120

Wireless interfaces

   wlan0:
      name: wlan0
      hwaddr: CC:9D:A2:xx:xx:xx
      status: on
      channel: 1
      bandwidth: 20
      frequency: 2412
      power: 16.0
      mode: bgnax
   wlan1:
      hwaddr: CC:9D:A2:xx:xx:xx
      status: on
      channel: 36
      bandwidth: 20
      frequency: 5180
      power: 19.0
      mode: anacax

Event log

Feb 25 05:00:19 WEP-3ax syslog.info syslogd: started: BusyBox v1.30.1

Feb 25 05:00:20 WEP-3ax daemon.info networkd[907]: Networkd started

Feb 25 05:00:26 WEP-3ax daemon.info networkd[907]: DHCP-client: Interface br0 obtained lease on 192.168.1.15.

Feb 25 05:14:59 WEP-3ax auth.info login[1738]: root login on 'pts/0'

Feb 25 05:57:22 WEP-3ax daemon.info networkd[907]: DHCP-client: Interface br0 renew lease on 192.168.1.15.

Feb 25 06:22:55 WEP-3ax daemon.info configd[651]: The AP startup configuration was updated successfully.

Scan Environment

SSID                             |Mode |Security|MAC               |Channel|RSSI, dBm|Bandwidth, MHz
---------------------------------|-----|--------|------------------|-------|---------|--------------
HOT_SSID                         |     |off     |e8:28:c1:da:cf:f2 |1      |-40      |20            
EltexWiFi                        |     |off     |e8:28:c1:fc:d2:c0 |1      |-63      |20            
Eltex-Local                      |     |wpa/wpa2|e8:28:c1:fc:d6:40 |1      |-30      |20            
test_wpa                         |     |wpa/wpa2|a8:f9:4b:b0:22:a3 |1      |-46      |20            
EltexWiFi2.4G                    |     |wpa/wpa2|e2:d9:e3:98:36:bd |5      |-62      |20            
Nikitenko_2.4                    |     |off     |aa:f9:4b:2d:04:f3 |11     |-65      |20            
Eltex-Local                      |     |wpa/wpa2|e8:28:c1:da:cf:01 |11     |-56      |20               
BRAS-Guest                       |     |off     |e8:28:c1:da:cf:06 |48     |-66      |20            
Eltex-Guest                      |     |off     |e8:28:c1:da:cf:07 |48     |-68      |20            
Eltex-Local                      |     |wpa/wpa2|e8:28:c1:da:cf:08 |48     |-68      |20            
WEP-2L_open                      |     |off     |e8:28:c1:da:cf:09 |48     |-68      |20                                                
EltexWiFi5G                      |     |wpa2    |e2:d9:e3:9f:6b:8c |153    |-76      |80            
!wep3ax_test5                    |     |off     |e8:28:c1:fc:74:30 |157    |-81      |80            
test_1                           |     |off     |a8:f9:4b:17:02:33 |161    |-71      |20                
...

Spectrum Analyzer

The WEP-3ax has the possibility to run the spectrum analyzer on radio interfaces wlan0 (2.4 GHz) and wlan1 (5 GHz). Below are the commands to start and monitor the spectrum analyzer.

Interface:    wlan0 last scanned channel:  11
 Channel| CCA
       1|  70%
       6|   0%
      11|  38%

Interface:    wlan1 last scanned channel:  48
 Channel| CCA
      36|   8%
      40|   7%
      44|   9%
      48|   6%

 wlan0:
 State - Idle
 Last run time - Thu Jul  1 16:31:46 2021
 Channel| CCA
       1|  70%
       6|   0%
      11|  38%

 wlan1:
 State - Idle
 Last run time - Thu Jul  1 16:32:53 2021
 Channel| CCA
      36|   8%
      40|   7%
      44|   9%
      48|   6%

The list of changes