Configuration Page

The Configuration page is a multi-tab page which allows you to configure the following options: The options that can be configured on this page are:

  • System
  • SSID
  • DHCP
  • WAN
  • Firewall
  • Firmware
 Wherever applicable, default values are shown.

System:
 The Configuration System tab displays and allows the user to configure general system information.

 The Login section allows the user to change the username and password for the access point.

 The Radio section allows the user to configure radio interface parameters. You can configure the parameters for both the 2.4 GHz and the 5 GHz radios. To set these parameters, first click the radio you want to configure from under the System tab.
 You can set the following parameters for each radio:
  • Status—Enable/disable the selected radio interface (i.e. 2.4 GHz or 5 GHz).
  • 802.11ac mode—Enable/disable the 802.11ac mode. This parameter is present only for the 5 GHz radio.
  • 802.11n mode—Enable/disable the 802.11n mode.
  • Bandwidth—Select the channel bandwidth. You can choose 20MHz, 40MHz, or 80MHz.
  • Channel Selection—Select a particular channel to operate in. For automatic selection, choose Auto.
 Click Apply to save your changes before existing this tab.

SSID:
 The Configuration SSID tab contains fields necessary for you to configure your personal SSIDs, for the 2.4 GHz and the 5 GHz radio interface.

 The Personal Network section allows the user to configure the following:
  • Enabled—Check this check box to set a personal SSID on this radio.
  • Broadcast—Check this check to broadcast the personal SSID on this radio.
  • SSID—Specify the personal SSID, which will be the network’s name.

 The MAC Filter section allows for MAC filtering. Check the Enabled check box to enable MAC filtering. Specify the MAC addresses that are to be allowed wireless access, in the table provided.

 The Security Section allows the user to configure security parameters for the selected SSID and radio interface. The following authenticated key management parameters can be configured:

  • WPA-PSK—Enable/disable WPA-PSK security.
  • WPA2/PSK—Enable/disable WPA2-PSK security. If you enable this, ensure that the client is configured for WPA2/PSK and AES encryption.
  • WPA Encryption—The WPA data encryption algorithm is set to AES.
  • WPA Passphrase—Enter a passphrase having 8 to 32 ASCII characters. The passphrase is case-sensitive.
 Click Apply to save your changes before existing this tab.

DHCP:
 The Configuration DHCP tab contains the fields necessary for configuring the LAN settings and the local DHCP server.

 The following parameters can be set for the LAN interface:

  • IP Address—Set the IP address.
  • Subnet Mask—Set the IP net mask.
  • Default Gateway—Set the default gateway.
  • DHCP Server—Enable/disable the DHCP server functionality on the LAN.
  • DHCP Starting IP Address—Set the start of the IP address range that the DHCP server will use.
  • DHCP Ending IP Address—Set the end of the IP address range that the DHCP server will use.
  • DHCP Lease Time (minutes)—Set the time for which the DHCP leases will be valid.
 Click Apply to save your changes before existing this tab.

WAN:
 The Configuration Wireless Access Network (WAN) tab contains the fields necessary for you to configure the IP address of the Wireless LAN controller on your access point.

 In the Controller section’s IP Address field, set the IP address of the primary wireless controller to which the AP will join.

 In the Uplink IP Configuration section, you can set the following parameters for IP configuration of the WAN port:
  • Static IP—Check this check box to specifying a static IP for the WAN port.
  • IP Address—Set the IP address of the connection.
  • Subnet Mask—Set the IP netmask of the connection.
  • Default Gateway—Set the IP address of the default gateway for the connection.
  • Domain Name—Enter the domain name as provided by your ISP. This is an optional field. The DNS configuration section is optional. You can set the following parameters here:
  • Primary DNS Server—Enter the IP address of a primary DNS server for resolving host names.
  • Secondary DNS Server—Enter the IP address of a secondary DNS server for resolving host names.
 Click Apply to save your changes before existing this tab.

Firewall:
 The Configuration Firewall tab contains fields to enable/disable the access point’s firewall and set various firewall parameters.

 Set the Firewall Status as Enabled to apply client filtering and port forwarding rules. To disable the firewall, from the drop-down list choose Disabled, and then click Apply. The firewall is disabled by default.

 The following firewall settings are available:
  • Block all TCP and UDP port traffic. By default all ports are blocked.
  • Selective unblocking of traffic based on application types such as HTTP, HTTPS, SSH, and FTP.
  • Unblocking of traffic based on LAN destination addresses, protocols and ports.
  • Port forwarding, with 10 or less total entries for separate port numbers.
 Sections and Precedence of Firewall Settings
 The following are the sections in the Firewall tab, listed in the order of precedence of the firewall settings:

 1. Port Forwarding
 2. DMZ
 3. Client Filtering

 Client Filtering
 The Client Filtering sections allows you to add filtering rules to filter traffic to clients, by specifying the following for each rule:

  • Set the rule for all LAN clients or only for clients in a specified IP address range.
    – To set the rule for all local clients, check the All Clients check box.
    – To set the rule for a range of IP address, specify the Local IP Address Range.

  • Set the rule to filter access to applications using the any of the following protocols: – FTP
    – Telnet
    – SMTP
    – DNS
    – TFTP
    – HTTP
    – POP3
    – NNTP
    – SNMP
    – HTTPS
    Select the required protocol for the rule by choosing it from the Protocol drop-down list.

  • Set the rule to filter the traffic to specified destination port range, or to TCP or UDP ports as a whole. Depending on your requirement, you can use the Destination Port Range fields, or select TCP or UDP from the Protocol drop-down list.

  • Set the rule as an allow or disallow rule for the combination of the aforementioned parameters. Check the Allow check box to make this an allow rule. Else, uncheck it.
 Port Forwarding
 The Port Forwards settings allow you to configure port forwarding rules for packets from WAN port to Local LAN clients and back. A maximum of 10 Port Forwards can be set, but their ranges should be of the same size and should not overlap. For each rule you can set the following parameters:
  • Protocol—You select either of the following options as per your requirements:
    – Select TCP or UDP and then set the WAN Port Start and WAN Port End values.
    – Select one of these protocols— FTP, Telnet, SMTP, DNS, TFTP, HTTP, POP3, NNTP, SNMP, or HTTPS
  • WAN port range—You can manually set this, using the WAN Port Start and WAN Port End fields, only if the protocol is specified as TCP or UDP. For all other protocols this range displays the pre-configured port number.
  • Local IP address—Specify the Local LAN client IP Address where the traffic is to be forwarded to.
  • LAN port range—Set this range using the Local Port Start and Local Port End fields.

 DMZ
 The DMZ feature allows one network computer connected to a local LAN or WLAN to be exposed to the Internet for using special-purpose services such as Internet gaming. The DMZ feature forwards all the ports terminating on a WAN IP, which is set as the DMZ IP Address, at the same time to one PC.
 The DMZ feature, if enabled, will forward all incoming WAN packets to the LAN machine, except the CAPWAP control/data and packets which are destined to any ports and which have a port forwarding rule. The DMZ feature is not applicable to corporate networks such as Remote-LAN and Corp WLAN.
 However, the Port Forwarding feature is more secure, compared to DMZ feature because the former only opens the ports you want to have opened, while DMZ opens all the ports of one computer, exposing the computer to the Internet/WAN.

Backup/Restore:
 The Backup/Restore tab allows the following functions:

  • To Backup the contents of the AP NVRAM (Backup configuration file) for archiving or management purposes. For this, click Backup button.
  • To Restore a configuration to the access point. For this, click Browse, browse to and select a configuration file, and then click Restore button..