FCC ID: 2AAS9-2251XW Dual Radio 802.11a/n+b/g/n Outdoor Access Point

 

Dual Radio 802.11a/n+b/g/n Outdoor Access Point BW2251 Users Guide v1.0 BW2251 User Guide v1.0 Nov. 2013 Copyright 2002-2013 BROWAN COMMUNICATIONS. This USER GUIDE is copyrighted with all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means without the written permission of BROWAN. Notice BROWAN reserves the right to change specifications without prior notice. While the information in this document has been compiled with great care, it may not be deemed an assurance of product characteristics. BROWAN shall be liable only to the degree specified in the terms of sale and delivery. The reproduction and distribution of the documentation and software supplied with this product and the use of its contents is subject to written authorization from BROWAN. Trademarks The product described in this book is a licensed product of BROWAN. Microsoft, Windows 95, Windows 98, Windows Millennium, Windows NT, Windows 2000, Windows XP, Windows 7,and MS-DOS are registered trademarks of the Microsoft Corporation. Novell is a registered trademark of Novell, Inc. MacOS is a registered trademark of Apple Computer, Inc. Java is a trademark of Sun Microsystems, Inc. Wi-Fi is a registered trademark of Wi-Fi Alliance. All other brand and product names are trademarks or registered trademarks of their respective holders. Page 1 of 187 BW2251 User Guide v1.0 Nov. 2013 FederalCommunicationCommissionInterferenceStatement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:

-

-

-

Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help.

-

FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. IMPORTANTNOTE:

RadiationExposureStatement:

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20cm between the radiator &

your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. Country Code selection feature to be disabled for products marketed to the US/CANADA Operations in the 5.15-5.25GHz / 5.470 ~ 5.725GHz band are restricted to indoor usage only. The band from 5600-5650MHz will be disabled by the software during the manufacturing and cannot be changed by the end user. This device meets all the other requirements specified in Part 15E, Section 15.407 of the FCC Rules. Professionalinstallationinstruction 1. Installation personal:

This product is designed for specific application and needs to be installed by a qualified personal who has RF and related rule knowledge. The general user shall not attempt to install or change the setting. 2. Installation location:

The product shall be installed at a location where the radiating antenna can be kept 20 cm from nearby person in normal operation condition to meet regulatory RF exposure requirement. 3. External antenna:

Use only the antennas which have been approved by the applicant.The non-approved antenna(s) may produce unwanted spurious or excessive RF transmitting power which may lead to the violation of FCC limit and is prohibited. 4. Installation procedure:

Please refer to users manual for the detail. 5. Warning:

Please carefully select the installation position and make sure that the final output power does not exceed the limit set force in relevant rules. The violation of the rule could lead to serious federal penalty. TerminalDopplerWeatherRadarInterference Any installation of this product within 35km of a Terminal Doppler Weather Radar (TDWR) location must be separated by at least 30MHz (center-to-center) from the TDWR operating frequency. A database of TDWR locations and their center frequencies can be found at the following URL:

http://www.spectrumbridge.com/udia/home.aspx. The installer is encouraged to register installations in the 5470-5725 frequency band at the same URL, where registration instructions are provided. Page 2 of 187 BW2251 User Guide v1.0 Contents Nov. 2013 Copyright ............................................................................................................................................. 1 Notice .................................................................................................................................................. 1 Trademarks ......................................................................................................................................... 1 Federal Communication Commission Interference Statement ........................................................... 2 CONTENTS ............................................................................................................................................ 3 ABOUT THIS GUIDE .............................................................................................................................. 6 Purpose ............................................................................................................................................... 6 Prerequisite Skills and Knowledge ...................................................................................................... 6 Conventions Used in this Document ................................................................................................... 6 CHAPTER 1 INTRODUCTION ............................................................................................................ 7 The Product Package .......................................................................................................................... 7 Product Overview ................................................................................................................................ 7 Features Highlight ............................................................................................................................... 8 CHAPTER 2 HARDWARE INSTALLATION ....................................................................................... 9 Hardware Introduction ......................................................................................................................... 9 General Overview ............................................................................................................................ 9 I/O Interface ..................................................................................................................................... 9 Bottom Cover ................................................................................................................................. 10 Back label ...................................................................................................................................... 11 Hardware Installation ......................................................................................................................... 12 LAN port with waterproof connector .............................................................................................. 12 Antenna connection and grounding ............................................................................................... 13 Waterproof tape ............................................................................................................................. 14 Mounting kit .................................................................................................................................... 15 Connect to the Power Source and Local Network ............................................................................ 16 Access to your access point .............................................................................................................. 16 Configuration .................................................................................................................................. 16 CHAPTER 3 REFERENCE MANUAL----AP MODE ......................................................................... 18 Web Interface .................................................................................................................................... 18 Status ................................................................................................................................................ 19 Status | Device Status ................................................................................................................... 19 Status | Wireless Status ................................................................................................................. 21 Status | Dynamic Bridge Status ..................................................................................................... 21 Status | Interface Statistics ............................................................................................................ 22 Network ............................................................................................................................................. 23 Network | Interface ......................................................................................................................... 23 Network | Bridge ............................................................................................................................ 24 Network | Attack Countermeasure ................................................................................................. 25 Network | RADIUS Server ............................................................................................................. 26 Network | RADIUS Properties ........................................................................................................ 30 Network | DHCP ............................................................................................................................. 31 Network | DHCP Lease .................................................................................................................. 35 Network | Link Integrity .................................................................................................................. 35 Network | WAPI Certificate Upload ................................................................................................ 37 Network | Tr069 Settings ............................................................................................................... 37 Wireless ............................................................................................................................................. 40 Wireless | Basic ............................................................................................................................. 40 Wireless | Advanced ...................................................................................................................... 46 Page 3 of 187 BW2251 User Guide v1.0 Nov. 2013 Wireless | WEP .............................................................................................................................. 55 Wireless | MAC ACL ...................................................................................................................... 57 Wireless | Layer 2 Isolation(Inter-BSS) .......................................................................................... 59 Wireless | Neighbor List ................................................................................................................. 61 Wireless | Priority 5G ..................................................................................................................... 62 User ................................................................................................................................................... 64 User | Users ................................................................................................................................... 64 User | Station Supervision ............................................................................................................. 66 Services ............................................................................................................................................. 67 Services | Telnet ............................................................................................................................ 67 Services | SNMP ............................................................................................................................ 68 Services | Time .............................................................................................................................. 69 Services | NTP ............................................................................................................................... 69 Services | Watchdog ...................................................................................................................... 72 System ............................................................................................................................................... 73 System | Administrator ................................................................................................................... 73 System | System Log ..................................................................................................................... 74 System | System Mode .................................................................................................................. 75 System | System Info ..................................................................................................................... 76 System | Configuration .................................................................................................................. 77 System | Reset and Reboot ........................................................................................................... 78 System | Local Upgrade ................................................................................................................ 79 System | TFTP Upgrade ................................................................................................................ 80 System | Location Settings ............................................................................................................ 81 CHAPTER 4 REFERENCE MANUAL----AP-ROUTER MODE ......................................................... 82 Web Interface .................................................................................................................................... 82 Status ................................................................................................................................................ 84 Status | Device Status ................................................................................................................... 84 Status | Wireless Status ................................................................................................................. 85 Status | Interface Statistics ............................................................................................................ 85 Network ............................................................................................................................................. 87 Network | Interface ......................................................................................................................... 87 Network | PPPoE ........................................................................................................................... 89 Network | L2TP .............................................................................................................................. 90 Network | RADIUS Server ............................................................................................................. 92 Network | RADIUS Properties ........................................................................................................ 96 Network | DNS ............................................................................................................................... 98 Network | DHCP ............................................................................................................................. 99 Network | DHCP Lease ................................................................................................................ 102 Network | Static Route ................................................................................................................. 102 Network | Attack Countermeasure ............................................................................................... 103 Network | Link Integrity ................................................................................................................ 103 Network | Tr069 Settings ............................................................................................................. 105 Wireless ........................................................................................................................................... 108 Wireless | Basic ........................................................................................................................... 108 Wireless | Advanced .................................................................................................................... 114 Wireless | WEP ............................................................................................................................ 121 Wireless | MAC ACL .................................................................................................................... 123 User ................................................................................................................................................. 126 User | Users ................................................................................................................................. 126 User | Station Supervision ........................................................................................................... 128 User | User ACL ........................................................................................................................... 129 User | Walled Garden .................................................................................................................. 131 User | WISP ................................................................................................................................. 132 User | Start Page ......................................................................................................................... 134 User | Customized UAM .............................................................................................................. 135 User | Pages ................................................................................................................................ 139 Page 4 of 187 BW2251 User Guide v1.0 Nov. 2013 User | Upload ............................................................................................................................... 141 User | HTTP Headers .................................................................................................................. 141 User | Remote Authentication ...................................................................................................... 142 Services ........................................................................................................................................... 143 Services | Telnet .......................................................................................................................... 143 Services | SNMP .......................................................................................................................... 143 Services | NTP ............................................................................................................................. 144 Services | Time ............................................................................................................................ 147 Services | Watchdog .................................................................................................................... 147 System ............................................................................................................................................. 149 System | Administrator ................................................................................................................. 149 System | System Log ................................................................................................................... 150 System | System Mode ................................................................................................................ 151 System | System Info ................................................................................................................... 152 System | Configuration ................................................................................................................ 153 System | Reset and Reboot ......................................................................................................... 154 System | Local Upgrade .............................................................................................................. 155 System | TFTP Upgrade .............................................................................................................. 156 System | Location Settings .......................................................................................................... 157 CHAPTER 5 USER PAGES (BASED ON XSL).............................................................................. 158 User Pages Overview ...................................................................................................................... 158 Welcome Page............................................................................................................................. 158 Login Page ................................................................................................................................... 158 Logout Page ................................................................................................................................. 159 Help Page .................................................................................................................................... 160 Unauthorized Page ...................................................................................................................... 161 Example for External Pages ........................................................................................................ 161 Example for Internal Pages ......................................................................................................... 164 Extended UAM ................................................................................................................................ 167 Parameters Sent to WAS ............................................................................................................. 169 CHAPTER 6 CUSTOMIZED USER PAGE (HTML) ........................................................................ 173 Set up your customized user page .................................................................................................. 173 FAQ ................................................................................................................................................. 178 APPENDIX .......................................................................................................................................... 179 A) Specification ............................................................................................................................... 179 B) Factory Defaults for the BW2251 ............................................................................................... 180 Network Interface Configuration Settings .................................................................................... 180 User Settings ............................................................................................................................... 182 System Settings ........................................................................................................................... 182 C) Location ID and ISO Country Codes .......................................................................................... 183 Page 5 of 187 BW2251 User Guide v1.0 Nov. 2013 About this Guide Purpose This document provides information and procedures on hardware installation, setup, configuration, and management of the high performance Outdoor Access Point BW2251. Prerequisite Skills and Knowledge To use this document effectively, you should have a working knowledge of Local Area Networking

(LAN) concepts and wireless Internet access infrastructures. In addition, you should be familiar with the following:

Hardware installers should have a working knowledge of basic electronics and mechanical assembly, and should understand related local building codes.

Network administrators should have a solid understanding of software installation procedures for network operating systems under Microsoft Windows 95, 98, Millennium, 2000, NT, and Windows XP and general networking operations and troubleshooting knowledge. Conventions Used in this Document The following typographic conventions and symbols are used throughout this document:

bold code Very important information. Failure to observe this may result in damage. Important information that should be observed. Additional information that may be helpful but which is not required. Menu commands, buttons and input fields are displayed in bold File names, directory names, form names, and system-generated output such as error messages are displayed in constant-width type

<value> Placeholder for certain values, e.g. user inputs

[value]

Input field format, limitations, and/or restrictions. Page 6 of 187 BW2251 User Guide v1.0 Nov. 2013 Chapter 1 Introduction Thank you for choosing the Outdoor Access Point BW2251. The BW2251 is fully compliant to 802.11a/b/g/n standard and provides the flexibility of different kinds of 802.11n, 802.11a, 802.11g or 802.11b clients access to the BW2251. With the high speed data rate(Max. 300Mbps) and security, feature rich software functionality, it provides the high performance wireless connection for the SMB, enterprise, and hotspot of public area. The Product Package The product comes with the following:

Item 1 2 3 4 5 Product Overview Flexibility and high performance BW2251 is a high-performance and feature-rich Outdoor Access Point. It provides high quality connectivity for Wi-Fi networks designed to support large hotspots. The platform providing powerful hardware processing ability and maximize its service coverage for deploying outdoor Wi-Fi networks.

Wireless AP router mode: NAT, Different IP subnet per BSSID, Support DHCP server or client.

Description Dual Radio 802.11a/n+b/g/n Outdoor Access Point (model: BW2251) Mounting kit(1 unit) Waterproof RJ-45 connector Antenna (optional) External power supply (optional, 48VDC Power adapter+PoE injector(BE3013) Support IEEE802.11a/b/g/n Wi-Fi standard. Qty 1 1 1 N/A N/A FAT AP with AP or AP Router mode configuration. Point to point or smart point to multi-point bridge.

Secure and reliable wireless networking BW2251 supports and meets industry security requirement of wide area networking professionals for secured wireless network:

Supports VLAN, up to 16 VLAN ID IEEE 802.1x/EAP with password, certificates and SIM card 64bits/128bits static and dynamic WEP encryption Supports Wi-Fi Protected Access (WPA/WPA2) with AES and TKIP support Layer 2 Isolation for preventing snooping on the same BSS MAC address filtering (ACL) for preventing illegal attacking from Internet Hidden SSID broadcast to prevent illegal users connection Built-in Web login authentication (UAM, AP Router mode)

Strong Anti-interference Dynamic Channel Allocation (DCA) solution automatically selects optimal operational frequency channel during power up and the periodically monitors the environment and adjusts for best operational channel. DCA enhances BW2251 performance and provide continuous coverage under high AP density wireless network environment. Page 7 of 187 BW2251 User Guide v1.0 Nov. 2013 Multiple BSSID Virtual AP Technology Supports up to16 BSSID and each can be configured independently to support range of security policies, authentication model, RADIUS servers and VLAN IDs. Each BSSID also can be set different priority based on 802.1p tag or 802.11e EDCA which enables WLAN client device to access wireless link QoS capabilities. Ease Installation and Deployment Power option includes an integrated IEEE 802.3at Power-over-Ethernet port enables effortless deployment in various environments. Easy and Secure Remote Management BW2251 supports secure remote management through HTTPS, CLISH, SNMP and TR-069(DMS) management.

Secure management via HTTPs, CLISH, SNMP Support TR-069 protocol Detail client survey and site survey Remote firmware update via WEB UI, BROWAN DMS server Backup/Restore configuration file Command Line Interface(CLI) with optional SSH Simple Network Management Protocol(V1,V2)

Features Highlight

Support IEEE802.11a/b/g/n Wi-Fi standard.

Superior Wireless Bridging Capability (PtP, PtMP)

Support up to 16 BSSID Virtual AP

Wi-Fi Protected Access (WPA and WPA2) with TKIP or AES

Wired Equivalent Privacy (WEP) using static or dynamic key of 64 or 128 bits

Anti-Interference with Dynamic Channel Allocation (DCA)

Hidden SSID for blocking illegal users accessing

Supports 802.1x authentication using EAP-TLS, EAP-TTLS, PEAP, and SIM

MAC Access Control List (ACL)

Layer2 Isolation for Peer to Peer client access protection

Built-in Web user login Authentication

DHCP server, DHCP client

Support up to 16 VLAN ID

RADIUS authentication

Wireless Quality of Service

Backup/Restore configuration settings

System Log, Save/Send System Log to remote log server with different log levels

NTP for clock Synchronization

Remote firmware upgrade via HTTP

Remote secure management by HTTPS and SNMP

Software watchdog supported Page 8 of 187 BW2251 User Guide v1.0 Nov. 2013 Chapter 2 Hardware Installation Hardware Introduction General Overview BW2251 equips with an aluminum-alloy frame-resistant with waterproof design housing is able to operate even under extreme weather conditions. Figure 1 BW2251 General View I/O Interface Antenna(2.4G) ETH/PoE Console Antenna(2.4G) Antenna(5G) Antenna(5G) Figure 2 BW2251 I/O interface Page 9 of 187 BW2251 User Guide v1.0 Nov. 2013 Bottom Cover The Bottom Cover of the BW2251 contains:

Item Connector 1 2 3 4 5 Description For console connection(RJ-45 interface) Connecting RJ-45 cable to Ethenet network and for PoE power supply. Console ETH/PoE Ant. connector WLAN 1(2.4G) N type antenna connector(mark with ANT1) Ant. connector WLAN 1(2.4G) N type antenna connector(mark with ANT2) Grounding Reset button Air convection Grounding contact. It is highly recommend to connect the grounding system in order protecting surge and lightning damage. Reboot or Reset device Press reset button to reboot device or keep press for more than 5 seconds to reset factory default configuration. Air convection hole for air convection and prevent steam accumulate within AP Ant. connector WLAN 2(5G) N type antenna connector(mark with 5G) Ant. connector WLAN 2(5G) N type antenna connector(mark with 5G) 6 7 8 9 Figure 3 Bottom Cover of the BW2251 Page 10 of 187 BW2251 User Guide v1.0 Back label The back label format as below. Nov. 2013 Figure 4 back label 1. Back Label with MAC address and S/N, model name, certificationetc. 2. MAC address. The label shows the WLAN interface MAC address of the device. WLAN 1:the radio MAC for 2.4G WLAN 2:the radio MAC for 5G The LAN MAC= WLAN 1 MAC + 1(Hex, AP mode) The WAN MAC=WLAN 1 MAC + 1(Hex, AP router mode) 3. Serial Number of the device. Page 11 of 187 BW2251 User Guide v1.0 Nov. 2013 Hardware Installation LAN port with waterproof connector The waterproof connector of LAN port is to lock to the corresponding contact on the device in order to be waterproof. Following the assemble instruction shown as below. It is recommend to use shielding(STP) RJ-45 cable to be grounding and shielding. strip cable sheath insert the sealing into clip and housing insert the screw nut into the housing insert the cable all the way through crimp the RJ45 plug insert the RJ45 plug into the housing, then secure the sealing nut tightly Page 12 of 187 Figure 5 Waterproof connector assembly BW2251 User Guide v1.0 Nov. 2013 Rotate the nut on the Ethernet contact until it has firmly locked to the RJ-45 connector on the device. Failing to do this may result in water leakage and poor contact. Figure 6 secure the waterproof RJ45 connector Antenna connection and grounding The BW2251 is equipped with N type connector for outdoor antenna connection. Connecting the N type antenna to the connector as shown on the right. Attach the grounding wire to be grounding to protect from the lightning damage. It is recommend that the length of grounding wire less than 3 meter and the cross-section area should be no smaller than 6mm2. Figure 7 secure antenna and grounding cable Connecting antenna before power on the device. Failing to do this may damage the device. Page 13 of 187 BW2251 User Guide v1.0 Nov. 2013 Waterproof tape The waterproof tape protect device from water leakage. Use the enclosed waterproof tape to wrap around the base of N type and RJ-45 connector which shown as following. Figure 8 waterproof tape The BW2251 equipped with aluminum housing already IP-68 rated waterproof. Page 14 of 187 BW2251 User Guide v1.0 Nov. 2013 Mounting kit Step 1 Assemble the supplied mount kit as shown below. The mount kit is made of two parts, mast holder and base. Assemble the mast holder first and combine these two parts. All the screws and nuts must be locked tightly and securely. Figure 9 mount kit assembly Step 2 Assemble the base of bracket on the back of the device and mount on the mast. All screws and nuts must be locked tightly and securely at this time also. Figure 10 mounting to the device and mast Page 15 of 187 BW2251 User Guide v1.0 Nov. 2013 Connect to the Power Source and Local Network BW2251 support IEEE 802.3at Power-over-Ethernet. BROWAN also provide 48VDC power supply and PoE injector(BE3013) for the PoE functionality. The 48VDC power supply and PoE injector(BE3013) is optional which is non-

compliant to 802.3at. Please contact with BROWAN for the requirement. Use the BROWAN BE3013 PoE injector+DC 48V power adapter:

Step 1 Place the Access Point on a flat work surface or mount it on the mast. Use the enclosed mount kit to mount BW2251 on the mast. Step 2 Connect DC 48V power supply to PoE injector DC jack. Step 3 Connect the Ethernet cable from the BW2251 to PoE injector P+data out port. Step 4 Connect Ethernet cable from PoE injector data in port to the computer or through LAN switch connect to your local network. Please refer to the figure shown as below. Figure 11 Connecting BW2251 to Power source and network by PoE Access to your access point Configuration Now it is ready to access and configure your access point. Open web browser and enter ip address. The default ip address for your new access point is:

IP 192.168.2.2 subnet 255.255.255.0 Page 16 of 187 BW2251 User Guide v1.0 Nov. 2013 Step 1 Step 2 Configure your PC with a static IP address on the 192.168.2.x subnet with mask 255.255.255.0. Connect the BW2251 into the same physical network as your PC. Open the Web browser and type the default IP address of the BW2251:

https://192.168.2.2/a.rg Enter the BW2251 administrator login details to access the Web management. The default administrator log on settings for all access point interfaces are:

User Name: admin Password: admin01 Continuously clicking Yes to proceed. Figure 12 Security alert Figure 13 login page Step 3 After successful administrator log on you will see the main page of the BW2251 Web interface:

Figure 14 Web interface Management Menu Now you are enabled to perform your configuration. Page 17 of 187 BW2251 User Guide v1.0 Nov. 2013 Chapter 3 Reference Manual----AP Mode This chapter describes the configuration of the BW2251 which works in AP mode using the Web Interface. The BW2251 Web Interface in AP mode is different from that in AP-Router mode. To change your BW2251 to AP-Router mode, please refer to System | System Mode . For the detailed configuration of BW2251 working in AP-Router mode, please refer to the next chapter: Chapter 4 Reference Manual----AP-Router Mode The web management main menu consists of the following sub menus:

Status device status showing

Network device settings affecting networking

Wireless device settings related to the wireless part of the BW2251

User device settings affecting the user interface

Services networking service settings of the BW2251

System device system settings directly applicable to the BW2251

Exit click exit and leave the web management then close your web-browser window. Web Interface The main web management menu is displayed at the top of the page after successfully logging into the system (see the figure below). From this menu all essential configuration pages are accessed. Figure 15 Main Configuration Management Menu The web management menu has the following structure:

Status Device Status show the status related with the whole device Wireless Status show the status of the two radios Dynamic Bridge Status show the dynamic bridge status of the two radios Interface Statistics show the status of each network interface Network Interface TCP/IP settings of BW2251 LAN (Bridge) port Bridge 802.1d settings of BW2251 bridge port Attack Countermeasure Anti-attack settings for protecting BW2251 RADIUS Server specify the accounting/authentication RADIUS server which is used by 802.1x or WPA RADIUS Properties specify the settings of the RADIUS properties, includes NAS server ID, RADIUS Retries and other settings DHCP specify the settings of DHCP server service DHCP lease display the DHCP lease information Link Integrity specify the status and settings of link integrity feature. Page 18 of 187 BW2251 User Guide v1.0 Nov. 2013 WAPI Certificate Upload configure the WAPI certificate Tr069 settings configure the remote management through TR069 ACS server(BROWAN DMS server) Wireless Basic specify the basic settings related with wireless part Advance specify the settings of multiple BSSID or Bridge WEP specify the WEP settings related with static WEP encryption MAC ACL MAC ACL settings for BW2251 Layer 2 Isolation Inter-BSS layer2 Isolation settings of BW2251 Neighbor list scan the neighbor AP of 2.4G/5G Priority 5G configure the 5G priority User Users show the connected users statistics list and log-out user function Station Supervision monitor station availability with ARP-pings settings Services Telnet Telnet/SSH service SNMP SNMP service Time manually set time NTP NTP settings of BW2251 Watchdog Enable the S/W or H/W watchdog of BW2251 System Administrator set access permission to your BW2251 System Log check the system log locally or specify address where to send system log file System Mode specify whether the BW2251 works in AP mode or in AP router mode System Info specify some device related information for BW2251 Configuration system configuration utilities, including Backup/Upload configuration Reset & Reboot reboot device and restore systems to factory default Local Upgrade upgrade firmware from local PC TFTP Upgrade upgrade firmware from tftp server Location settings define AP location(Longitude/Latitude) In the following sections, short references for all menu items are presented. Status Status | Device Status The Device Status page shows important information of system status and network configuration for the BW2251. Page 19 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 16 Device Status System Mode display whether the BW2251 works in AP mode or AP-Router mode System Version display the current firmware version This is important information for support requests and for preparing firmware upgrading Config version display current configure version Up Time indicate the time, expressed in days, hours and minutes since the system was last rebooted System Time show the current time of the BW2251 Wlan1 MAC show the MAC addresses of the wireless interfaces(2.4G) of the BW2251 Wlan2 MAC show the MAC addresses of the wireless interfaces(5G) of the BW2251 Free System Memory indicate the memory currently available in the BW2251 Total System Memory indicate the total memory in the BW2251 LAN Mode indicate static IP or DHCP client is used for BW2251 LAN IP address LAN MAC display the Ethernet MAC address LAN IP show the LAN IP address of BW2251 LAN Mask show the LAN Network Mask of BW2251 Gateway show the default gateway of BW2251 VLAN show the status of LAN Interface VLAN of BW2251 VLAN ID display VLAN ID if configure the VLAN Page 20 of 187 BW2251 User Guide v1.0 Nov. 2013 Status | Wireless Status The wireless status shows the information related with BW2251 wireless interfaces. Figure 17 Wireless Status Radio1/Radio2 wireless interfaces Channel indicate which channel is in use. Domain indicate regulatory domain set on the BW2251 Mode AP or Bridge mode is be used for this wireless interface Band specify which band is in use for wireless interface Total Connected Clients indicate number of the currently connected clients to your BW2251 Tx Power indicate radio transmit power of the BW2251 MAC ACL indicate the status of MAC ACL feature on BW2251 SSID Number indicate current number of enabled SSID on BW2251 Status | Dynamic Bridge Status The Dynamic Bridge status shows the status of wireless bridge links. Page 21 of 187 BW2251 User Guide v1.0 Nov. 2013 Status | Interface Statistics The Interface Statistics shows each network interface status, including Input / Output bytes, packets or error. Figure 18 Interface Statistics Interface Name show the name of each network interface, where ixp0 is related to LAN interface, wlan1_x is related to wireless sub-interface. Input Bytes (KB) show the total number of bytes received on the network interface. The bytes number is displayed in KB. Input Packets show the packets number received on the network interface. Input Errors show the packets number which contain errors preventing them from being received correctly. Output Bytes (KB) show the total number of bytes transmitted out of the network interface. The bytes number is displayed in KB. Output Packets show the packets number transmitted out of the network interface. Output Errors show the packets number which contain errors preventing them from being transmitted out correctly. Refresh get the updated network interface information. Page 22 of 187 BW2251 User Guide v1.0 Network Network | Interface Nov. 2013 Figure 19 Interface Configuration Table To change network interface configuration properties click the Edit button in the Action column. The status can be changed now:

Figure 20 Edit Interface Configuration Settings IP Address specify new interface IP address [in digits and dots notation, e.g. 192.168.2.2]. Netmask specify the subnet mask [[0-255].[0-255].[0-255].[0-255]].These numbers are a binary mask of the IP address, which defines IP address order and the number of IP addresses in the subnet Gateway Address interface gateway. For Bridge type interfaces, the gateway is always the gateway router Protocol specify static for setting IP address manually and dhcp for getting IP address dynamically acting as DHCP client VLAN Enable or disable VLAN on LAN (bridge) interface VLAN ID When enabled VLAN, specify the VLAN ID of it Save save the entered values. Cancel restore all previous values. Change status or leave in the default state if no editing is necessary and click the Save button. Figure 21 Apply or Discard Interface Configuration Changes Apply Changes save all changes in the interface table at once. Discard Changes restore all previous values. For such change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 23 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 22 Reboot Server Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. To reboot at once, click Reboot button and then it is necessary to wait a moment. And the message of reboot appears just like bellows:

Figure 23 Reboot Information Network | Bridge The Spanning Tree Protocol is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation the results from them. Specify STP(spanning tree protocol) status of 802.1d bridge here. Figure24 802.1d bridge STP settings STP Status Enable or disable the 802.1d STP for BW2251 Clicking Edit, the follow UI will be appear:

Figure 25 Edit bridge settings Page 24 of 187 BW2251 User Guide v1.0 Nov. 2013 Save save the entered values. Cancel restore all previous values. Click Save button for applying the changes that modified. Figure 26 Apply or Discard Bridge Settings Changes Apply Changes save all changes at once Discard Changes restore all previous values. Click Apply Changes and then follow the instruction to reboot the device for all modified settings applied. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Network | Attack Countermeasure To protect BW2251 from outside attack, anti-attack polices can be set here based on network needs. Figure 27 Attack Countermeasure settings Anti-DOS Status Enable or disable anti-dos policy for BW2251. This policy is for TCP DOS attack. Max Load The attack threshold. BW2251 think there is TCP DOS attack and do the Expire(seconds) If one client is considered as DOS attacker, BW2251 kicks it out and doesnt countermeasure if one clients TCP links exceed this threshold. let it connect again during the time that Expire set. Flow Control Status Enable or disable traffic flow control policy for BW2251. Max Load The attack throughput threshold. Duration(seconds) if traffic exceeds the value of Max Load during the whole time that Expire(seconds) If one client is considered as traffic flow attacker, BW2251 kicks it out and Duration set, BW2251 think there is traffic flow attack and implement the countermeasure. doesnt let it connect again during the time that Expire set. Page 25 of 187 BW2251 User Guide v1.0 Network | RADIUS Server Nov. 2013 Up to 32 different RADIUS servers can be configured in the RADIUS servers menu. By default, one RADIUS server is specified for the system:

Figure 28 RADIUS Servers Settings Details show the detail information of this RADIUS Server profile Edit edit the selected RADIUS Server entry you want to configure Delete delete the selected RADIUS Server entry. The last entry can not be deleted Add add new RADIUS server. Click Details, a similar page will be appeared as below:

Figure 29 Detail for Radius Server profile Name the new RADIUS server name which is used for selecting RADIUS server If a (default) appears on the right side of the Name entry, it means this RADIUS server profile is the default profile. Authentication IP show the IP address of Authentication RADIUS server Authentication Port show the network port used to communicate with the Authentication RADIUS server Page 26 of 187 BW2251 User Guide v1.0 Nov. 2013 Authentication Secret show the shared secret string that is used to make sure the integrity of data frames used for the Authentication RADIUS server Accounting IP show the IP address of Accounting RADIUS server If the Accounting IP address is 0.0.0.0, it means that the Accounting service is disabled. Accounting Port show the network port used to communicate with the Accounting RADIUS server Accounting Secret show the shared secret string that is used to make sure the integrity of data frames used for the Accounting RADIUS server User Password Md5sum Secret show whether user input password is calculated md5-sum before pass to RADIUS server or not. Back back to the RADIUS Server main page Edit edit the selected RADIUS Server profile Click Edit or click Add / Edit button in the main page to configure RADIUS server settings. Figure 30 Edit the RADIUS Servers profile Page 27 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 31 Add a new RADIUS Server's profile Name specify the new RADIUS server name which is used for selecting RADIUS server Default specify this RADIUS profile as default or not. When selected, the profile will be used as default Authentication IP specify the IP address of Authentication RADIUS server [dots and digits]

Authentication Port specify the network port used to communicate with the Authentication RADIUS server [1-65535]

Authentication Secret shared secret string that is used to make sure the integrity of data frames used for the Authentication RADIUS server Accounting IP specify the IP address of Accounting RADIUS server [dots and digits]

Accounting Port specify the network port used to communicate with the Accounting RADIUS server

[1-65535]

Accounting Secret shared secret string that is used to make sure the integrity of data frames used for the Accounting RADIUS server The default port value for authentication is 1812. The default port value for accounting is 1813. The port specified here must be the same with the one on the RADIUS server. User Password Md5sum Secret if enabled, user input password will be calculated md5-sum before pass to RADIUS server for more security [enabled/disabled]

This setting needs RADIUS server implement relevant configurations. Save save the entered values Cancel restore all previous values After adding a new RADIUS server or editing an existing one, a page appears similar to the following:

Page 28 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 32 Apply or Discard RADIUS Server Changes Details show the detail information of this RADIUS Server profile Edit edit the selected RADIUS Server entry you want to configure Delete delete the selected RADIUS Server entry. The last entry can not be deleted Add add new RADIUS server. Apply Changes to save all changes at once. Discard Changes restore all previous values. Click Apply Changes to apply all the changes. Then the follow similar page will appear:

Figure 33 Reboot Server Reboot restart the access point to make applied changes work. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Page 29 of 187 BW2251 User Guide v1.0 Nov. 2013 Network | RADIUS Properties General RADIUS settings are configured using the RADIUS Properties menu under the network:

Figure 34 RADIUS Properties settings RADIUS Retries retry count of sending RADIUS packets before giving up [0-99]

RADIUS Timeout (seconds) maximum amount of time before retrying RADIUS packets [1-999]

NAS Server ID name of the RADIUS client User Session Timeout (seconds) amount of time from the user side (no network carrier) before closing the connect [1-999999999]

User Accounting Update Interval (Seconds) period after which server should update accounting information [60-999999999]

User Accounting Update Retry (seconds) retry time period in which server should try to update accounting information before giving up [60-999999999]

User Idle Timeout (seconds) amount of user inactivity time, before automatically disconnecting user from the network [1-999999999]

Each setting in this table can be edited. Select RADIUS setting you need to update, click the edit next to the selected setting and change the value:

Figure 35 edit RADIUS properties Page 30 of 187 BW2251 User Guide v1.0 Nov. 2013 Use the save button to save an entered value. Now select another RADIUS property to edit, or Apply Changes and restart your AP if the configuration is finished:

Apply Changes click if RADIUS Properties configuration is finished Discard Changes restore all previous values Network | DHCP In AP mode, BW2251 can act as DHCP server. The DHCP (Dynamic Host Configuration Protocol) service is supported on layer 2 interfaces. DHCP server and DHCP relay are disabled by default. Figure 36 DHCP Settings Edit edit the DHCP settings To enable DHCP server click the Edit button. Figure 37 DHCP Settings Page 31 of 187 BW2251 User Guide v1.0 Nov. 2013 Status select status from the drop-down menu. Disabled disable the DHCP server service. DHCP Server enable the DHCP server service. Choose DHCP Server to enable DHCP server service. DHCP Server This DHCP server service enables clients on the LAN to request configuration information, such as IP address, from a server. Settings of the DHCP service can be viewed just like the follow page. Figure 38 DHCP server Settings By default, DHCP server is disabled. IP Address from / IP Address to specify the IP address range to be dynamically allocated by the DHCP server. Netmask enter the netmask for IP pool range. Gateway enter the gateway IP for wireless clients. WINS Address (Windows Internet Naming Service) specify server IP address if it is available on the network [dots and digits]. Lease Time specify the IP address lease interval in seconds [1-1000000]. Domain specify the DHCP domain name [optional, 1-128 sting]. DNS address specify the DNS servers IP address [in digits and dots notation]. DNS secondary address specify the secondary DNS servers IP address [in digits and dots notation]. Change status or leave in the default state if no editing is necessary and click the Save button. Page 32 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 39 Apply or Discard DHCP server Settings The DHCP server settings will be automatically adjusted to match the network interface settings. The Gateway of DHCP server settings must be same with the Gateway of BW2251 For each change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 33 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 40 Reboot information Reboot click the button to restart the server and apply the changes. If there is no other setting needed to be modified, click the Reboot button for applying all modifications. And if there are still other setting modifications needed, go ahead to finish all changes and then click Reboot button to restart and apply all settings together. When BW2251 network Interface uses DHCP to get IP address dynamically, DHCP server service cannot be enabled. When BW2251 uses DHCP to get IP address, the similar WEB UI will be appeared:

Figure 41 Warning information Page 34 of 187 BW2251 User Guide v1.0 Nov. 2013 Network | DHCP Lease This page display the DHCP lease information of wireless client which connect to the AP when DHCP server enable. Figure 42 DHCP lease information Host Name the host name of wireless client which associate to the access point. Mac Address the MAC address of wireless client which associate to the access point. IP Address the IP address of wireless client which associate to the access point. Expires in expire time of the wireless client which associate to the access point. Network | Link Integrity Specify Link Integrity features settings here. Enable Link Integrity, BW2251 will close wireless connections and kick out all the wireless clients when it detects that its Ethernet network cannot be accessed to the internet. Figure 43 Link Integrity settings Click Edit button to set the Link Integrity settings, the similar UI will be appeared as below:

Figure 44 Edit Link Integrity settings Status Enable or disable the feature of Link Integrity Target IP1 to Target IP5 IP addresses for BW2251 detecting if its Ethernet interface can access network. The AP will ping every IP address 15 times in sequence. As long as one ping is successful it will consider the network is no problem. If ping fail for all IP address specified it will consider Ethernet link fail and all associated wireless client will be logged out. The AP will continue to ping from first IP address. If ping success the wireless client will access AP again. Save save the entered values. Page 35 of 187 BW2251 User Guide v1.0 Nov. 2013 Cancel restore all previous values. Click Save, the similar apply changes UI will be appeared:

Figure 45 Apply or Discard Link Integrity Settings Apply Changes save all changes in the interface table at once. Discard Changes restore all previous values. Maximum 5 target IP can be specified. The BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 46 Reboot Server Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Page 36 of 187 BW2251 User Guide v1.0 Nov. 2013 Network | WAPI Certificate Upload WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese National Standard for Wireless LANs (GB 15629.11-2003), which was initiated to resolve the existing security loopholes (WEP) in WLAN international standard (ISO/IEC 8802-11). WAPI works by having a central Authentication Service Unit (ASU) which is known to both the wireless user and the access point and which acts as a central authority verifying both. The WAPI standard (draft JTC1/SC6/N14619) allows selection of the symmetric encryption algorithm, either AES or SMS4, which has been declassified in January 2006 and passed evaluation by independent experts. Figure 47 WAPI certification upload ASU Cert uploading the ASU certification AP Cert uploading the AP certification Network | Tr069 Settings TR-069 is the Broadband Forum technical specification entitled CPE WAN Management Protocol(CWMP). It defines an application layer protocol for remote management of end-user devices. As a bidirectional SOAP/HTTP-based protocol, it provides the communication between customer-

premises equipment(CPE) and Auto Configuration Servers(ACS server). It includes both a safe auto configuration and the control of other CPE management functions within an integrated framework. The protocol addressed the growing number of different internet access devices such as modems,routers,gateways,set-top-boxes,and VOIP-phones for the end users. The TR-069 standard was developed for automatic configuration of these devices with Auto Configuration Servers(ACS). configure the remote management through TR069 ACS server(eg:BROWAN DMS server) Figure 48 TR-069 settings Click Edit button and the similar page will be appeared. Page 37 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 49 edit TR-069 settings Status enable or disable TR-069 setting.[enable/disable]

ACS URL enter the ACS server URL. ACS UserName the user name for AP register to ACS server. ACS UserPassword the password for AP register to ACS server. Enable Periodic Inform when AP registered to the ACS server, it will automatically send inform message such as S/N,OUI,manufacturer and product name to the ACS server through TR-069 protocol in a periodic time. Periodic Inform Interval the inform interval.[in seconds, the value is 720~4294967295]

Connection Request UserName when the ACS pulling a task to AP/CPE such as firmware upgrade/downgrade, AP need the user name to verify the task sending from ACS server. Connection Request Password when the ACS pulling a task to AP/CPE such as firmware upgrade/downgrade, AP need the password to verify the task sending from ACS server. Contact the ACS server administrator to get the user name and password for Connection Request UserName and Connection Request Password otherwise the AP will not accept the task pulling by ACS server. After enter all field click save and apply changes button to take effect. Figure 50 save TR-069 settings Page 38 of 187 BW2251 User Guide v1.0 Nov. 2013 Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Page 39 of 187 BW2251 User Guide v1.0 Nov. 2013 Wireless Wireless | Basic Use the Wireless | Basic menu to configure wireless settings such as regulatory domain, channel, band, and power, layer 2 isolation. Click the edit button on the setting you need to change:

Figure 51 Basic Wireless Settings with static channel selection Figure 52 Basic Wireless Settings with auto channel selection(DCA) Page 40 of 187 BW2251 User Guide v1.0 Nov. 2013 Radio specify which wireless interface of BW2251.[wlan1(2.4G)/wlan2(5G)]

Mode show the radio operation mode. (AP mode or Bridge mode) Domain show the regulatory domain Static Channel / Auto Channel show the channel that the access point will use to transmit and receive information If DCA (Dynamic Channel Allocation) is enabled, this will show Auto Channel and its channel number is chosen in auto channel selection. If use static channel selection, this will show Static Channel and its channel number. DCA (Dynamic Channel Allocation) is useful feature to help choose the best channel automatically and reduce interference among many Access Points. Band show the working bands on which the radio is working. wlan1:four bands listed: 2.4GHz(11g only) , 2.4GHz(11n HT20) , 2.4GHz(11n HT20/40plus), 2.4GHz(11n HT20/40minus) wlan2: four bands listed:5GHz(11a), 5GHz(11n HT20) , 5GHz(11n HT20/40plus), 5GHz(11n HT20/40minus) . By default, the HT20/40 is recommended. Tx Power show the BW2251 transmission output power (without antenna gain) in dBm. RTS Threshold the AP sends Request to Send(RTS) frames to a particular receiving station and negotiates the sending of a data frame. After receiving an RTS, the wireless station responds with a Clear to Send(CTS) frame to acknowledge the right to begin transmission. The default value is 2347.[recommend]. Fragment Threshold It specifies the maximum size for a packet before data is fragmented into multiple packets. If you experience a high packet error rate, you may slightly increase the fragmentation threshold. Setting the fragmentation threshold too low may result in poor network performance. Only minor modifications of this value are recommended. The default value is 2347.[recommend]

Beacon Interval the Beacon Interval value indicates the frequency interval of the beacon. A beacon is a packet broadcast by the AP to synchronize the wireless network. DCA Enable or Disable DCA service. DCA can help to choose the best working channel automatically. And static channel selection will be forbidden if DCA is enabled. DCA(Dynamic Channel Allocation) solution automatically select the optimal operational frequency channel when power up and periodically monitors the environment and adjusts for the best operational frequency channel. DCA threshold specify the value (in minutes) of DCA threshold. This threshold is been used to judge if there is no wireless users connected during this time. And if yes, BW2251 will monitor the environment and adjust channel for the best operational one. If wireless network environment is stable which means auto channel selection neednt do frequently, set a big value for DCA threshold to gain a stable wireless users connection. If wireless network environment changes continually, frequent auto channel selection is needed. So set a relative small value for DCA threshold to let channel change based on wireless environment. Page 41 of 187 BW2251 User Guide v1.0 Nov. 2013 Wireless users will be kicked off when DCA is processing (new operational frequency channel takes effect). DCA optional channel show the channels only in which auto channel selection (DCA) will be processed to reduce interference. Only when DCA is enabled, DCA threshold and DCA optional channel will be shown. Preamble if your wireless device supports the short preamble and you are having trouble getting it to communicate with other 802.11b devices, make sure that it is set to use the long preamble. Auto: using long preamble when there are clients not supporting short preamble connected , otherwise using short preamble. The default is Auto.[recommend]

Short: always using short preamble. Long: always using long preamble. Slot Time show the slot time policy when working in 2.4GHz band. Auto: using long slot time when there are clients not supporting short slot time connection, otherwise using short slot time. The default is Auto.[recommend]

Short: always using short slot time. Long: always using long slot time. To Maximize the compatibility with some 11b clients, set both Preamble and Slot Time to long. Edit edit the wireless basic settings To change basic wireless setting properties click the Edit button in the Action column. The status can be changed now:

Figure 53 Edit Basic Wireless Settings with static channel selection Page 42 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 54 Edit Basic Wireless Settings with DCA enabled Radio Name specify wireless interface of BW2251 is shown Mode configure the radio operation mode. [AP mode or Dynamic Bridge mode]. There will be different configuration for the two mode within Wireless | Advanced menu. Please refer to corresponding chapter. Selecting the AP Mode:

Domain select the regulatory domain. Channel select the channel that the access point will use to transmit and receive information. If one channel is defined, it acts as default channel. Channels list will vary depending on selected regulatory domain and selected band. If you wish to operate more than one access point in overlapping coverage areas, we recommend at least four channels interval between the chosen channels. For example, for three Access Points in close proximity choose channels 1, 6 and 11 for 11b/g or channels 36, 40 and 64 for 11a. Band show the working bands on which the radio is working. wlan1:four bands listed: 2.4GHz(11g only) , 2.4GHz(11n HT20) , 2.4GHz(11n HT20/40plus), 2.4GHz(11n HT20/40minus) wlan2: four bands listed:5GHz(11a), 5GHz(11n HT20) , 5GHz(11n HT20/40plus), 5GHz(11n HT20/40minus) . TxPower the BW2251 transmission output power in dBm. The value of the TxPower varies according to channel and regulatory domain. RTS Threshold the AP sends Request to Send(RTS) frames to a particular receiving station and negotiates the sending of a data frame. After receiving an RTS, the wireless station responds with a Clear to Send(CTS) frame to acknowledge the right to begin transmission. The default value is 2347.[recommend]

Page 43 of 187 BW2251 User Guide v1.0 Nov. 2013 Fragment Threshold It specifies the maximum size for a packet before data is fragmented into multiple packets. If you experience a high packet error rate, you may slightly increase the fragmentation threshold. Setting the fragmentation threshold too low may result in poor network performance. Only minor modifications of this value are recommended. The default value is 2347.[recommend]

Beacon Interval the Beacon Interval value indicates the frequency interval of the beacon. A beacon is a packet broadcast by the AP to synchronize the wireless network. DCA Enable or Disable DCA service. DCA can help to choose the best working channel automatically. And static channel selection will be forbidden if DCA is enabled. DCA(Dynamic Channel Allocation) solution automatically select the optimal operational frequency channel when power up and periodically monitors the environment and adjusts for the best operational frequency channel. DCA threshold specify the value (in minutes) of DCA threshold. This threshold is been used to judge if there is no wireless users connected during this time. And if yes, BW2251 will monitor the environment and adjust channel for the best operational one. If wireless network environment is stable which means auto channel selection neednt do frequently, set a big value for DCA threshold to gain a stable wireless users connection. If wireless network environment changes continually, frequent auto channel selection is needed. So set a relative small value for DCA threshold to let channel change based on wireless environment. Wireless users will be kicked off when DCA is processing (new operational frequency channel takes effect). DCA optional channel specify the channels only in which auto channel selection (DCA) will choose for reducing interference reference. Only when DCA is enabled, DCA threshold and DCA optional channel will be shown. Preamble if your wireless device supports the short preamble and you are having trouble getting it to communicate with other 802.11b devices, make sure that it is set to use the long preamble. Auto: using long preamble when there are clients not supporting short preamble connected , otherwise using short preamble. The default is Auto.[recommend]

Short: always using short preamble. Long: always using long preamble. Slot Time specify the slot time policy when working in 2.4GHz band. Auto: using long slot time when there are clients not supporting short slot time connected in, otherwise using short slot time. The default is Auto.[recommend]

Short: always using short slot time. Long: always using long slot time. To Maximize the compatibility with some 11b clients, set both Preamble and Slot Time to long. Page 44 of 187 BW2251 User Guide v1.0 Configure the DynamicBridge Mode:

Nov. 2013 Figure 55 Edit Basic Wireless Settings with DynamicBridge mode All the parameters same with AP mode. For more detail with DynamicBridge setting please refer to Wireless | Advanced page in DynamicBridge mode. Change status or leave in the default state if no editing is necessary and click the Save button. Figure 56 Apply or Discard dynamicbridge setting For such change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 45 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 57 Reboot Server Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Wireless | Advanced BW2251 supports Multiple BSSID (MBSSID) function. You can configure up to 16 BSSIDs on BW2251 and assign different configuration settings to each BSSID. For wireless users, they can think BW2251 as single AP with multi-service supporting, including different security policy, different VLAN ID, different authentication etc. All the BSSIDs are active at the same time that means client devices can associate to the access point for specific service. Use the Wireless | Advanced menu to configure properties related to Multiple BSSID, including configure SSID, Hidden SSID, VLAN, and Security for each SSID. You can define different MBSSID if you configure AP mode in Wireless | Basic menu. Each BSSID can have its own SSID. In this case, Multiple BSSID is the same with Multiple ESSID. Wireless users can think BW2251 as multiple virtual APs, each supporting different service, and connects one SSID for the special services. There are different setting within wireless | advanced menu based on AP mode or DynamicBridge mode configured in Wireless | Basic menu. Page 46 of 187 BW2251 User Guide v1.0 Nov. 2013 AP Mode If you configure AP mode, the page will be shown as below in Wireless | Advanced menu. Figure 58 Advanced Wireless Setting (AP Mode) Radio specify wireless interface to be configured.[wlan1(2.4G/wlan2(5G)]

Mode show the current operation mode of this radio (AP or Bridge mode) Interface display the interface which corresponding to the SSID. Each Interface maps to a BSSID SSID SSID name for wireless client searching and associating. Hidden show the status of Hidden SSID feature[disable/enable]

Security show which security policy is used for this MBSSID entry Current Connect # show the number of current wireless clients associate to this MBSSID New create a new MBSSID entry Detail show the detail information of this MBSSID entry Edit edit the selected MBSSID entry you want to configure Delete delete the selected MBSSID entry. When in AP mode, you can not delete the last entry Refresh rescan the WEB page to get newer information Clicking New or Edit button to configure the SSID parameters. Describe as below:

Page 47 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 59 BSSID Setting -1 Radio show the wireless interface is being configured. Interface show the current sub-interface. Mode show the operation mode of current radio. SSID a unique ID for your wireless network. It is case sensitive and must not exceed 32 characters. The SSID is important for clients when connecting to the access point. Need Hidden SSID when enabled, the SSID of this Interface is invisible in the networks list while scanning the available networks for wireless client (SSID is not broadcasted with its Beacons). When disabled, the APs SSID is visible in the available network list

[enabled/disabled]. By default the Hidden SSID is disabled SSID status activated or deactivated the SSID. The default is activated SSID[check box]. Disable 11b enable/disable 11b client connection. [check box] to enable the function. Only 11n only 802.11n client can connected to the SSID. Disassociation low MCS low MCS client wont associate to the AP. [check box] to enable it. Max Station Number define maximum number of associated wireless client to this SSID. By default the number is maximum 127 client can be associated to the AP without check box. Or check box to enable limited client.[1~127]

Layer 2 Isolation Specify the layer 2 isolation policy. Enable Intra-BSS Layer 2 Isolation when enabled, the clients that connect in this same BSS cant visit each other. By default the intra-BSS layer 2 isolation is disabled. Intra-BSS layer2 isolation which enable or disable client isolation under same SSID. Inter-BSS layer2 isolation which enable or disable client isolation between different SSID. Please go to Wireless | Layer 2 Isolation(Inter-BSS) menu to configure inter-BSS layer 2 Isolation. Full layer 2 isolation need to set both intra-BSS and inter-BSS layer 2 isolation in the AP mode. Bandwidth enable/disable upstream/downstream bandwidth control per SSID. Page 48 of 187 BW2251 User Guide v1.0 Nov. 2013 Download bandwidth specified the maximum downstream in Mbps controlled by the SSID. Upload bandwidth specify the maximum upstream in Mbps controlled by the SSID. Figure 60 Multiple BSSID Setting -2 VLAN specify VLAN policy Enable VLAN when enabled, the outgoing packets from this SSID device will be tagged with VLAN ID and 802.1p tag. VLAN ID configure VLAN ID for each Multiple SSID devices. Valid numbers are from 1 to 4094 802.1p Tag configure 802.1p Tag for remote APCs or Routers QoS uses. Eight levels selective, Background(1), Spare(2), Best Effort(0), Excellent Effort(3), Controlled Load(4), Interactive Video(5), Interactive Voice(6), Network Contro(7) VLAN ID and 802.1p tag must cooperate with remote Router or APC. Interface priority specify the traffic priority for this SSID interface, which is implemented according to 802.11e EDCA and makes sure the wireless downlink QoS. This priority is based on SSID, which means different BSSID can have different traffic priority and the traffic of the same SSID has the same priority This traffic priority only makes sure the priority of downlink (from AP to wireless client). 8 levels priorities are supplied. 1, 2, 0, 3, 4, 5, 6, 7 is from lowest priority to highest priority. And if no special QoS is needed, leave priority to default (0). 0 means Best Effort priority. WMM BW2251 support WMM wireless clients and implement WMM QoS with the WMM clients.

[enable]

ESS in Tunnel Settings for ESS in tunnel. When enabled, BW2251 setup tunnel with remote AC for passing through layer3 network. Remote Server IP IP address of remote AC product that setup tunnel with BW2251 Page 49 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 61 Multiple BSSID Setting 3 Security specify the security policy WEP Wired Equivalent Privacy(WEP) is a security algorithm for IEEE 802.11 wireless networks. WEP Key Index select the default key Index to make it the Default key and encrypt the data before being transmitted. All stations, including this MSSID Entry, always transmit data encrypted using this Default Key. The key number (1, 2, 3, 4) is also transmitted. The receiving station will use the key number to determine which key to use for decryption. If the key value does not match with the transmitting station, the decryption will fail. The key value is set in Wireless | WEP web page 802.1x when selected, the MSSID entry will be configured as an 802.1x authenticator. It supports multiple authentication types based on EAP (Extensible Authentication Protocol) like EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-SIM. The privacy will be configured as dynamic WEP RADIUS Server Profile select your RADIUS server profile Please go to Network | RADIUS Server menu to configure your RADIUS server profile or add a new profile, and please refer to Network | RADIUS Server for its configuration. Dynamic WEP Encryption select whether using the dynamic 64-bits encryption, 128-bits encryption or without encryption Pass Through when enabled, client can access network whether it passed 802.1x authentication or not Only when 802.1x enabled and dynamic key disabled this option can be enabled. Page 50 of 187 BW2251 User Guide v1.0 Nov. 2013 WPA Wi-Fi Protected Access, When selected, the encrypt method will be WPA with RADIUS Sever WPA2 when selected, the security policy will be WPA2 with RADIUS server. In this mode, WPA client is not permitted to connect WPA2 MIXED when selected, WPA2 client and WPA client are all permitted to connect RADIUS Server Profile select your RADIUS server profile Please go to Network | RADIUS Server menu to configure your RADIUS server profile or add a new profile, and please refer to Network | RADIUS Server for its configuration. Algorithm choose WPA algorithm (TKIP, AES) Group Key Rekey Interval specify amount of minutes and WPA automatically will generate a new Group Key Figure 62 Multiple BSSID Setting 4 WPA-PSK when selected, the encrypt method will be WPA without RADIUS server WPA2-PSK when selected, the security policy will be WPA2 PSK without RADIUS server. In this mode, only WPA2 PSK client can connect with AP and WPA PSK client is not permitted to connect WPA2-PSK MIXED when selected, WPA2 PSK and WPA PSK clients are all permitted to connect with AP Use Pre-Shared Key specify more than 8 characters and less than 64 characters for WPA with pre-shared key encryption Algorithm choose WPA algorithm (TKIP, AES) Group Key Rekey Interval specify amount of minutes and WPA automatically will generate a new Group Key MAC Auth when selected, the MAC address of wireless client will be passed to RADIUS server for PAP authentication when it connects with BW2251. The MAC address of wireless client acts as username and password RADIUS Server Profile select the default radius server name Page 51 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 63 Multiple BSSID Setting 5 WAPI WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese National Standard for wireless LAN(GB15629.11-2003).(Only for China) It needs to upload WAPI certificate. AAA Server Profile select your RADIUS server profile WAPI-PSK the encrypt method will be WAPI without RADIUS server Encode Pre-shared key encode.[HEX/ASCII]

Use Pre-Shared key specify more than 8 characters and less than 64 characters for WPA with pre-shared key encryption Disabled when selected, you dont select any security policy Change status or leave in the default state if no editing is necessary and click the Save button. Figure 64 Apply or Discard the advanced Settings in AP mode For each change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 52 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 65 Reboot information Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. DynamicBridge Mode DynamicBridge is smart, high efficiency, high performance, easy deployment and easy configuration for point to multi-point bridge link. It enables BW2251 to automatically seek and associate nearby root AP and dynamically self-configure for wireless bridge connection. Whenever a bridge link is broken, the network will auto re-configure route to minimize the lost of WLAN operation. It also minimized the technician intervention and reduce cost of going on-site to re-establish transmission paths. Figure 66 Advanced Wireless Setting (Bridge Mode) Radio specify the wireless interface NodeType show the node type (root or normal) NetID Net ID for the association between root and normal(client) bridge link. It must be the same between root and normal(client) association. Security specify which security policy is used Edit edit the selected Bridge link entry you want to configure Clicking Edit to configure the bridge parameters. Page 53 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 67 Bridge Link Setting NodeType determine the AP as Root or client rule. As a root AP, the nearby bridge client will automatically associate to the root AP based on the signal quality. In case a bridge link is broken, the client AP will automatically seek the nearby root AP based on the best signal quality and same NetID to re-build a bridge link. For the client AP the NetID must same with root AP to distinguish which root AP is in the link table. And the frequency channel is determined by the root AP despite the client AP configured. NetID NetID is a very important element for the dynamicbridge link. The link between root and client AP will based on the same NetID to make the bridge link. Security specify the security policy of the bridge link. [WPA-PSK (AES)/disable]

WPAPSK-AES specify more than 8 characters and less than 64 characters for WPA with pre-shared key encryption Disable no data encryption for the bridge link. Click Save button to save the change of settings or Cancel button to discard the change Figure 68 Apply or Discard the advanced Settings in Bridge mode For each change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 69 Reboot information Page 54 of 187 BW2251 User Guide v1.0 Nov. 2013 Reboot click the button to restart the server and apply the changes. If there is no other setting needed to be modified, click the Reboot button for applying all modifications. And if there are still other setting modifications needed, go ahead to finish all changes and then click Reboot button to restart and apply all settings together. Wireless | WEP Use the Wireless | WEP menu to configure static WEP settings. This menu only set static WEP key value related with 4 key indexes. Enable or Disable static WEP is in the Wireless | Advance menu. Figure 70 WEP Settings Radio show the wireless interface. Click Edit to edit the existing wepkey1 to wepkey4. By default, four WEP keys are all set to aaaaa (ascii characters) or 6161616161

(hexadecimal characters). They can be modified according to requirement. Figure 71 Edit WEP Key Change status or leave in the default state if no editing is necessary and click the Save button. Page 55 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 72 Apply or Discard WEP Configuration For each change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 73 Reboot information Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Page 56 of 187 BW2251 User Guide v1.0 Nov. 2013 Wireless | MAC ACL Use the MAC ACL service to control the default access to the wireless interface of the BW2251 or define special access rules for mobile clients. Configure the ACL using the Wireless | MAC ACL menu:

Figure 74 MAC ACL Service Radio show the wireless interface. The wireless interface which is Bridge mode hasnt MAC ACL settings. Policy click the edit button to choose Allow, Deny or disable the access control service on device. By default the ACL service is disabled and all wireless clients connecting to the BW2251 are allowed

(no ACL rules are applied to the wireless clients) Select Allow means only the wireless clients whose MAC are listed in the MAC List would be permitted to access this AP. Other wireless client cannot access this AP. Select Deny means only the wireless clients whose MAC are listed in the MAC List would be prevented from accessing. Other wireless clients can access this AP. Select Disabled means no ACL service. Figure 75 MAC ACL settings You must create MAC List to work with Policy setting. The access control list is based on the network devices MAC address. In the MAC ACL Configuration table, you only need to specify the MAC address of wireless client. Click the Add button to create a new MAC entry:

Page 57 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 76 Add MAC entry MAC Address enter the physical address of the network device you need to (MAC address). The format is a list of colon separated hexadecimal numbers (for example: 00:90:4B:00:11:22) Save click the button to save the new MAC entry Figure 77 Apply or Discard MAC ACL Configuration Changes Apply Changes to save all changes made in the interface table at once Discard Changes restore all previous values For such change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 78 Reboot Server Page 58 of 187 BW2251 User Guide v1.0 Nov. 2013 Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Wireless | Layer 2 Isolation(Inter-BSS) Use the Layer 2 Isolation service to block inter-BSS communication of all users. Users can only access the AP connected, the gateway and devices in the allow MAC List. Please go to Wireless | Advanced page to configure intra-BSS communication of users in the same BSS. Full layer 2 isolation need to set both intra-BSS and inter-

BSS layer 2 isolation. The Wireless | layer 2 isolation setting page is only exist in AP mode as it is only for inter-BSS layer 2 isolation. There is no Wireless | layer 2 isolation setting page in AP-Router mode. Figure 79 layer 2 Isolation Service Edit edit the layer 2 isolation settings. To change layer 2 isolation setting properties click the Edit button. Figure 80 layer 2 Isolation Setting Status select status from the drop-down menu. disable disable the layer 2 isolation (Inter-BSS) service. enable enable the layer 2 isolation (Inter-BSS) service. Only when Inter-BSS Isolation is enabled, the entry of the allowed MAC list can be added. Figure 81 Allowed MAC List Page 59 of 187 BW2251 User Guide v1.0 Nov. 2013 The MAC addresses of AP and Gateway are always automatically added to allowed MAC list without manual configuration. Click the Add button to create a new MAC entry or click Edit button to edit the MAC entry:

Figure 82 Add MAC entry Name the new Allowed MAC name, which length range is 1 to 32. MAC Address enter the physical address of the network device (MAC address). The format is a list of colon separated hexadecimal numbers (for example: 00:90:4B:00:11:22) Save click the button to save the new Allowed MAC List entry Cancel discard change and restore all previous values For such change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 83 Save Allowed MAC List Changes Apply Changes save all changes Discard Changes restore all previous values Page 60 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 84 apply changes Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Wireless | Neighbor List The neighbor list will scan neighbor access point to show the RSSI, channeletc information in the environment. Figure 85 neighbor list Click Scan 2.4G or Scan 5G button. SSID the SSID of scanned access point MAC address the MAC address of scanned access point RSSI(dBm) the RSSI of scanned access point(in dBm) Channel the channel of scanned access point Co-Channel display if the neighbor access point channel same with BW2251.[Y,yes/N,no]

Adjacent Interference display the neighbor access point channel adjacent to BW2251.[Y,yes or N,no]. It is based on the neighbor within 4 channels of BW2251. For instance, if BW2251 channel is 6 then the neighbor access point will be marked Y if its channel is 2,3,4,5 or 7,8,9,10. Page 61 of 187 BW2251 User Guide v1.0 Nov. 2013 Wireless | Priority 5G The priority connection for dual band client. When the wlan1(2.4G) and wlan2(5G) configure same SSID, the 5G frequency will prior to 2.4G connection if the client support dual band frequency. Once WLAN1 and WLAN2 configure same SSID, the interface and SSID will display automatically. Otherwise there will be nothing display in this page. Figure 86 priority 5G Click Edit button to configure it. Figure 87 enable 5G priority Interface the interface of BW2251 SSID the SSID of BW2251.[both 2.4G and 5G]

Reject counter the counter that AP will reject 2.4G client connection Interval second the interval second during every reject counter Delay delay time of reject counter. Enable enable or disable the function.[check box or not]

Save/cancel save/cancel configuration Click apply changes or discard changes button to apply or discard the setting. Figure 88 apply/discard changes Reboot device Figure 89 reboot device Page 62 of 187 BW2251 User Guide v1.0 Nov. 2013 If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Page 63 of 187 BW2251 User Guide v1.0 Nov. 2013 User User | Users The User | Users menu shows the statistics of connected users. The user can be monitored and managed such as drop from the network. Figure 90 Users statistics User show the connected clients MAC address Interface show which BSS the client connected to User IP IP address, from which the users connection is established [digits and dots]

Authed indicate this client is authenticated or not Wireless Auth show the authentication method which user used to connect Time Length session duration since the user login [hh:mm:ss]

Idle Time amount of user inactivity time [hh:mm:ss]

Action view the statistics or kickoff the user. Detail click on user details to get more information about the client:

Kickoff logout the user. Page 64 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 91 Users Details MAC address hardware address of the network device from which the user is connected L2 Auth show layer2 authentication status, including all supported EAP type of 802.1x auth and MAC auth WISP WISP domain name where the user belongs Session ID the unique users session ID number. This can be used for troubleshooting purposes Remaining Time Length remaining users session time [hh:mm:ss]. Session time for user is defined in the RADIUS Server Idle time specify current idle time. Idle Timeout specify the time of user idle timout [hh:mm:ss]. When reach the time, the user will be logged out automatically. Input Bytes amount of data in bytes which the user network device has received [Bytes]

Output Bytes amount of data in bytes, transmitted by the user network device [Bytes]

Remaining Input/Output Bytes user session remaining input/output bytes. WISPr Operator can define the user session in bytes. Remaining bytes is received from RADIUS [Bytes/unlimited]

Page 65 of 187 BW2251 User Guide v1.0 Nov. 2013 Remaining Total Bytes user session remaining total bytes. WISPr Operator can define the user session in bytes. Remaining bytes is received from RADIUS [Bytes/unlimited]

Bandwidth Downstream/Upstream user upstream and downstream bandwidth [in bps]

Back returns to connect clients statistics list Kickoff click this button to logout the user from access point. Refresh click the button to refresh users statistics User | Station Supervision The Station Supervision function is used to monitor the connected host station availability. This monitoring is performed with ping. If the specified number of ping failures is reached (failure count), the user is logged out from the BW2251. Figure 92 Station Supervision To adjust the ping interval/failure count, click the Edit button. Figure 93 Edit Station Supervision Interval define interval of sending ping to host [in seconds]

Failure Count failure count value after which the user is logged out from the system Save save station supervision settings Cancel cancel changes Change status or leave in the default state if no editing is necessary and click the Save button. Figure 94 Apply or Discard Station Supervision Changes Apply Changes to save all changes made in the interface table at once Discard Changes restore all previous values Page 66 of 187 BW2251 User Guide v1.0 Nov. 2013 For such change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 95 Reboot Server Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Services Services | Telnet Use Services | Telnet menu to manage the telnet/SSH service of your BW2251. Figure 96 System Configuration settings Telnet Service Enable or disable telnet service of BW2251 SSH Service Enable or disable SSH service of BW2251 The default of these two services are all Enabled. The current IETF SSH (SSHv2) is supported for security of accessing BW2251 via telnet/CLISH. Page 67 of 187 BW2251 User Guide v1.0 Nov. 2013 Services | SNMP SNMP is the standard protocol that regulates network management over the Internet. To communicate with SNMP manager you must set up the same SNMP communities and identifiers on both ends: manager and agent. Use the Services | SNMP menu to change current SNMP configuration. Figure 97 SNMP settings Readonly community community name is used in SNMP version 1 and version 2c. Read-only

(public) community allows reading values, but denies any attempt to change values [1-32 all ASCII printable characters, no spaces]

Readwrite community community name is used in SNMP version 1 and version 2c. Read-write

(private) community allows to read and (where possible) change values [1-32 all ASCII printable characters, no spaces]

Default Trap community the default SNMP community name used for traps without specified communities. The default community by most systems is "public". The community string must match the community string used by the SNMP network management system (NMS) [1-32 all ASCII printable characters, no spaces]

HeartBeat Trap Interval defined the AP sending the trap interval to the SNMP server.[second]

Trap Configuration Table:

You can configure your SNMP agent to send SNMP Traps (and/or inform notifications) under the defined host (SNMP manager) and community name (optional). Click Add to add a new SNMP manager or Delete to delete a specific SNMP manager. Clicking Add:

Figure 98 Add SNMP Trap Host IP enter SNMP manager IP address [dots and digits]

Host Port enter the port number the trap messages should be send through [number]

Trap Type select trap message type [v1/v2/inform]

Page 68 of 187 BW2251 User Guide v1.0 Nov. 2013 Community specify the community name at a SNMP trap message. This community will be used in trap messages to authenticate the SNMP manager. If not defined, the default trap community name will be used (specified in the SNMP table) [1-32 all ASCII printable characters, no spaces]

Save save all current settings Cancel restore the last settings Services | Time Configure the system time manually under Services | Time Settings menu. Figure 99 Time Settings Click Edit to change current system time. Figure 100 Edit Date and Time Settings Date [yy/mm/dd]

Time [hour/minute]

Change the Date and Time or leave in the default value if no editing is necessary and click the Apply button. Thus the modified time will be taken effect at once. No reboot is needed. If NTP is enabled, the local time cannot be modified. Since BW2251 hasnt RTC (real-time clock), the system time will back to 1970/01/01 00:00 after reboot. Services | NTP NTP (Network Time Protocol) is used to synchronize the system time with the selected network NTP server. Use the Services | NTP menu to configure the NTP service:

Page 69 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 101 NTP Settings NTP Status specify enable or disable this NTP service Time Zone specify the time zone for NTP service Delete delete the existed NTP server Edit edit the settings of the existed NTP server Add add a new NTP server setting for synchronizing time Clicking Add button to add a new NTP server:

Figure 102 Add new NTP server setting Two NTP servers can be configured under Services | NTP menu. And only IP address is accepted for NTP server. Adding at least one NTP server before enable NTP service. The Name of NTP server should be unique. Change status or leave in the default state if no editing is necessary and click the Save button. Figure 103 Save the NTP server Changes Page 70 of 187 BW2251 User Guide v1.0 Nov. 2013 Change the Time Zone for your own local time and change the NTP status to enable or disable. Figure 104 Edit Time Zone setting/NTP status Click Save button to save new Time Zone setting. Figure 105 Apply or Discard Time Zone/NTP status Changes For each change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 106 Reboot information Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Page 71 of 187 BW2251 User Guide v1.0 Nov. 2013 Services | Watchdog BW2251 supports watchdog function for the reliability. Use Services | Watchdog to enable/disable watchdog service. Figure 107 Watchdog settings Click Edit button to edit software watchdog settings. The UI will appear as below:

Figure 108 edit Software Watchdog settings Status Enable or Disable software watchdog Check Interval the periodical time that software watchdog checks the whole file system of BW2251. The hardware watchdog function will protect device even the operation system crash. Figure 109 edit hardware watchdog settings Status Enable or Disable hardware watchdog The default value is enabled for both Software Watchdog and Hardware Watchdog. It is strongly recommended to enable the watchdog function. Click Save and follow the UI instruction to apply changes and reboot the device for apply all the modified settings. Page 72 of 187 BW2251 User Guide v1.0 Nov. 2013 System System | Administrator The System | Administrator menu is for changing the administrators settings: username and password:

Figure 110 system security settings User Name administrator username for access to BW2251 (e.g. web interface, CLI mode) [1-32 symbols, spaces not allowed]

Old Password old password New Password new password value used for user authentication in the system [4-8 characters, spaces not allowed]

Confirm Password re-enter the new password to verify its accuracy Save click to save new administrator settings. Default administrator logon settings are:

User Name: admin Password:

admin01 Password length is from 4 to 8 characters. After filling in the right Old password and the New Password, clicking the Save button for taking effect immediately. After clicking Save button, the below UI will be shown to notify that the new password setting has been taken place:

Figure 111 system security settings save and take effect successfully Page 73 of 187 BW2251 User Guide v1.0 Nov. 2013 System | System Log Use the System | System Log menu to trace your AP system processes and get the system log locally or on the remote log server. Figure 112 System Log settings To enable the System Log remote sending function, click the Edit button on the Remote System Log table and choose the enabled option:

Figure 113 Configure Remote System Log Utility Remote Log Status choose disable/enable remote log function.[enabled/disabled]

Host IP specify the host IP address where to send the System Log messages [dots and digits]

Log Level specify the remote log message level you want to trace [critical, error, warning, info and debug]

Do not output debug log unless there are important issue needs to be clarified. Debug log will output all of the information so that it will severely drop down the network performance. BW2251 support standard sys. log server. Save save changes Cancel restore the previous values To view the System Log locally, click the Edit button on the Local System Log table and choose the enabled option:

Figure 114 Configure Local System Log Page 74 of 187 BW2251 User Guide v1.0 Nov. 2013 Local Log Status choose disable/enable local log [enabled/disabled]

Log Limit specify the maximum length of local log message in byte [20000-512000]

Log Level specify the local log message level you want to trace [critical, error, warning, info and debug]

Save save changes Cancel restore the previous values View view the log messages locally Click View button, a similar screen will appear as below:

Figure 115 View Local Log Messages Clear clear current log message Refresh get the updated log messages Return back to System Log page System | System Mode In this page, you can select the system mode of your BW2251. Figure 116 System Mode Settings Mode select whether the system mode of BW2251 is AP mode or AP Router mode AP The Ethernet interface and wireless interface will bridge into the same interface working as transparent access point. Page 75 of 187 BW2251 User Guide v1.0 Nov. 2013 AP Router A wireless router is a device that performs the functions of a router but also includes the functions of a wireless access point. Under this mode the Ethernet will act as WAN interface and wireless interface will be act as LAN. IP specify the IP address of current interface [dots and digits]

Netmask specify the subnet mask of current interface [dots and digits]

Gateway specify the gateway to other networks Protocol specify static for setting IP address manually and dhcp for getting IP address dynamically acting as DHCP client Apply and Reboot click the button to restart the device and apply all setting changes The BW2251 Web Interface in AP mode is different from that in AP-Router mode. For the detailed configuration of BW2251 working in AP-Router mode, please refer to the next chapter: Chapter 4 Reference Manual----AP-Router Mode System | System Info Administrator can self-define the device information including the system name, system location and system contact information of his BW2251. Figure 117 System info Settings System Name edit the system name, the column length range is 1 to 255. Figure 118 edit the system name System Location edit the system location, the column length range is 1 to 255. Figure 119 edit the system location System Contact edit the system contact, the column length range is 1 to 255. Page 76 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 120 edit the system contact Save click the button to save the change. Cancel restore all previous values System | Configuration Use the System | Configuration menu to download current configuration or restore specified configuration. Configuration Backup download current working system configuration for backup Configuration Upload upload system configuration for restore Figure 121 System Configuration settings Click the Preparation button to start saving the configuration file. Click the Download button to download current working configuration locally. Figure 122 Backup settings By default the device configuration name is cfgbackup.cfg. A configuration file name will be required when you download/save the configuration file. And please remember or re-name the file if necessary. The configuration file name should only include characters or numbers. Otherwise, this configuration file will not upload to BW2251. Page 77 of 187 BW2251 User Guide v1.0 Nov. 2013 You can upload saved configuration file any time you want to restore this configuration to the device by using the Browse button. Select the configuration file and upload it on the device:

Figure 123 Configuration Upload/Restore - 1 Click Upload for upload the specified configuration and then the similar UI appears Figure 124 Configuration Upload/Restore - 2 Click OK button to restore and AP will reboot immediately to take effect. Figure 125 Configuration Upload/Restore - 3 System | Reset and Reboot Use this function to reboot device or restore to factory default. Figure 126 System Reset setting Reboot reboot the device Reset reset System to Factory Defaults To reboot the device, click Reboot and then the below appears to make sure:

Figure 127 Reboot the device Page 78 of 187 BW2251 User Guide v1.0 Nov. 2013 To reset the device, click Reset and then the below appears to make sure:

Figure 128 Reset the device Click reset button the device will reset and reboot immediately to take effect. Please note that all settings including the administrator settings will be set back to the factory default when Reset is implement. System | Local Upgrade Upload Update your device firmware locally. Figure 129 Firmware Upgrade Click the Upload and then click the browse button to specify the full path of the new firmware image and click the Upload button:

Figure 130 Firmware Upgrade Click the Upgrade button to flash and upgrade the firmware. Please make sure the firmware is correct for BW2251. Otherwise the upgrade will be failed. Page 79 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 131 upgrade firmware Do not turn off the BW2251 during the firmware update process. It will backward to previous version in case upgrade failure. Update firmware will take about 4 minutes. System | TFTP Upgrade BW2251 support firmware upgrade via TFTP server. Figure 132 TFTP Firmware Upgrade Current firmware version Show the current firmware version. TFTP server IP address - Specify the IP address of TFTP server which firmware located. TFTP Time Out(Secs) Specify the TFTP server communication time out in second. Firmware Filename Specify the upgrade firmware name to be download. Figure 133 TFTP Firmware Upgrade setting Click Edit button to specify the TFTP server IP address,time out interval and firmware filename and save the configuration then press Download button to download the firmware. Page 80 of 187 BW2251 User Guide v1.0 Nov. 2013 Please make sure the firmware is correct for BW2251. Otherwise the upgrade will be failed. Do not turn off the BW2251 during the firmware update process. It will backward to previous version in case upgrade failure. System | Location Settings You can define the longitude and latitude for the device information or for the NMS to locate the device location. Figure 134 location setting Click edit to enter the Longitude and Latitude in digit and dot format. Figure 135 edit location[longitude/latitude]

Click save button to save it. Page 81 of 187 BW2251 User Guide v1.0 Nov. 2013 Chapter 4 Reference Manual----AP-Router Mode This chapter describes the configuration of the BW2251 which works in AP-Router mode using the Web Interface. The BW2251 Web Interface in AP-Router mode is different from that in AP mode. To change your BW2251 to AP mode, please refer to System | System Mode . For the detailed configuration of BW2251 working in AP mode, please refer to: Chapter 3 Reference Manual----AP Mode The web management main menu consists of the following sub menus:

Status device status showing

Network device settings affecting networking

Wireless device settings related to the wireless part of the BW2251

User device settings affecting the user interface

Services networking service settings of the BW2251

System device system settings directly applicable to the BW2251

Exit click exit and leave the web management then close your web-browser window. Web Interface The main web management menu is displayed at the top of the page after successfully logging into the system (see the figure below). From this menu all essential configuration pages are accessed. Figure 136 Main Configuration Management Menu The web management menu has the following structure:

Status Device Status show the status related with the whole device Wireless Status show the status of the wireless Interface Statistics show the status of each network interface Network Interface TCP/IP settings of BW2251 PPPoE Configure the PPPoE tunnel L2TP Configure the L2TP tunnel RADIUS Server specify the accounting/authentication RADIUS server which is used by 802.1x or WPA RADIUS Properties specify the settings of the RADIUS properties, includes NAS server ID, RADIUS Retries and other settings DNS define DNS server settigs DHCP specify the settings of DHCP server or DHCP relay service DHCP Lease display the DHCP lease information Static Route define new static route Page 82 of 187 BW2251 User Guide v1.0 Nov. 2013 Attack Countermeasure Anti-attack settings for protecting BW2251 Link Integrity specify the status and settings of link integrity feature. Tr069 settings configure the remote management through TR069 ACS server(BROWAN DMS server) Wireless Basic specify the basic settings related with wireless part Advance specify the settings of multiple BSSID or Bridge WEP specify the WEP settings related with static WEP encryption MAC ACL MAC ACL settings for BW2251 Load Balance specify the load balance settings of BW2251 User Users show the connected users statistics list and log-out user function Station Supervision monitor station availability with ARP-pings settings User ACL define packet filter rules Walled Garden free web site list WISP add new WISP on the system Start Page define start page URL Customized UAM customized user login and logout page based by HTML page Pages configure and upload user pages Upload upload new internal user pages HTTP Headers define http headers encoding and language Remote Authentication define external Web Application Server (WAS) to intercept/take part in the user authentication process Services Telnet Telnet/SSH service SNMP SNMP service NTP NTP settings of BW2251 Time manually set time Watchdog Enable the S/W or H/W watchdog of BW2251 System Administrator set access permission to your BW2251 System Log check the system log locally or specify address where to send system log file System Mode specify whether the BW2251 works in AP mode or in AP router mode System Info specify some device related information for BW2251 Configuration system configuration utilities, including Backup/Upload configuration Reset & Reboot reboot device and restore systems to factory default Local Upgrade upgrade firmware from local PC TFTP Upgrade upgrade firmware from tftp server Location settings define AP location(Longitude/Latitude) In the following sections, short references for all menu items are presented. Page 83 of 187 BW2251 User Guide v1.0 Nov. 2013 Status Status | Device Status The Device Status page shows important information of system status and network configuration for the BW2251. Figure 137 Device Status System Mode display the BW2251 works in AP mode or AP-Router mode System Version display the current version of the firmware loaded to the AP This is important information for support requests and for preparing firmware upgrading Config version display current configure version Up Time indicate the time, expressed in days, hours and minutes since the system was last rebooted System Time show the current time of the BW2251 WLAN1 MAC show the MAC addresses of the wireless interfaces of the BW2251[2G]

WLAN2 MAC show the MAC addresses of the wireless interfaces of the BW2251[5G]

Free System Memory indicate the memory currently available in the BW2251 Total System Memory indicate the total memory in the BW2251 WAN Mode indicate static IP or DHCP client is used for BW2251 WAN IP address WAN IP show the WAN IP address of BW2251 WAN Mask show the WAN Network Mask of BW2251 Gateway show the default gateway of BW2251 Page 84 of 187 BW2251 User Guide v1.0 Nov. 2013 Status | Wireless Status The wireless status shows the information related with BW2251 wireless interfaces. Figure 138 Wireless Status Radio1 show the wireless interface. Channel indicate which channel is in use. Domain indicate regulatory domain set on the BW2251 Mode AP or Bridge mode is be used for this wireless interface Band specify which band is in use for wireless interface Total Connected Clients indicate number of the currently connected clients to your BW2251 Tx Power indicate radio transmit power of the BW2251 MAC ACL indicate the status of MAC ACL feature on BW2251 SSID Number indicate current number of enabled SSID on BW2251 Status | Interface Statistics The Interface Statistics shows each network interface status, including Input / Output bytes, packets or error. Figure 139 Interface Statistics Interface Name show the name of each network interface, where ixp0 is related to LAN interface, wlan1_x is related to wireless sub-interface. Input Bytes (KB) show the total number of bytes received on the network interface. The bytes number is displayed in KB. Input Packets show the packets number received on the network interface. Input Errors show the packets number which contain errors preventing them from being received correctly. Output Bytes (KB) show the total number of bytes transmitted out of the network interface. The bytes number is displayed in KB. Page 85 of 187 BW2251 User Guide v1.0 Nov. 2013 Output Packets show the packets number transmitted out of the network interface. Output Errors show the packets number which contain errors preventing them from being transmitted out correctly. Refresh get the updated network interface information. Page 86 of 187 BW2251 User Guide v1.0 Nov. 2013 Network Network | Interface The AP-Router contains two kinds of network interfaces: eth1 is worked as wide area network (WAN) interface for Access Points; each BSS interface is worked as local area network (LAN) interface which bridge into the br0 interface. The WAN port connects to the Internet or the service providers backbone network. Each BSS can be looked as a virtual AP, wlan1_0 is the virtual AP for wireless network. All these interfaces are listed in the Network Interfaces page. All network interfaces available in the AP-Router are shown in the following table:

Figure 140 Network Interface Table To change network interface configuration properties click the Edit button in the Action column. The status can be changed now:

Figure 141 Edit Network Interfaces Settings - 1 Interface standard interface name. This name cannot be edited Status select the status of interface [enabled/disabled]

Do not disable the interface through which you are connected to the AP Router. Disabling such interface will lose your connection to the device. The interface eth1 can not be disabled. Type network type cannot be changed. There are two possible networking types:

LAN interface is used as local area network (LAN) gateway, and is connected to a LAN WAN interface is used to access the ISP network NAT select enable/disable the NAT service of current interface. If enabled, users can access the Internet under its network gateway address [enabled/disabled]

Web Auth select enable/disable the Web Login Authentication of current interface. With disabled authentication, the user from his LAN gets access to the Internet without any authentication. If enabled, authentication for Internet access is required for all users [enabled/disabled]

Page 87 of 187 BW2251 User Guide v1.0 Nov. 2013 Change status or leave in the default state if no editing is necessary and click the Continue button. Then the following parameters can be changed:

Figure 142 Edit Interface Configuration Settings - 2 IP Address specify new interface IP address [dots and digits]

Under ap-router mode,IP address of each interface should be configured different subnet; otherwise, you will receive an error message. Netmask specify the subnet mask [[0-255].[0-255].[0-255].[0-255]]. These numbers are a binary mask of the IP address, which defines IP address order and the number of IP addresses in the subnet Gateway interface gateway. For LAN type interfaces, the gateway is WAN interface. The gateway of the WAN interface is usually the gateway router of the ISP or other WAN network [Default gateway is marked with *]

Save save the entered values. Cancel restore all previous values. Figure 143 Apply or Discard Interface Configuration Changes Apply Changes save all changes in the interface table at once. Discard Changes restore all previous values. For such change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 88 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 144 Reboot Server Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Network | PPPoE The Point-to-Point Protocol over Ethernet(PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames. It is use mainly for DSL service. Click Edit button to enable or disable the service. Figure 145 PPPoE service Name service name Status change status for this service.[disable/enable]

Figure 146 change PPPoE service Enable the PPPoE service. Username enter the authorized user to connect to the server [text string, can not be empty]. The same username should be configured on the PPPoE server. Password the password of the user. [text string, can not be empty]

Page 89 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 147 edit PPPoE service Default WAN gateway specified in Network | Interface page will not be used, because all Internet traffic will be sent/received via the specified PPPoE server

(tunnel). Click Save and Apply Changes button to take effect the changes. Figure 148 apply changes Reboot click the button to restart the AP and apply all the changes. Figure 149 reboot and take effect all changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Network | L2TP Layer 2 Tunneling Protocol(L2TP) is a tunneling protocol used to support virtual private networks

(VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. Page 90 of 187 BW2251 User Guide v1.0 Nov. 2013 Click Edit button to enable or disable the service. Figure 150 L2TP services Name service name Status change status for this service.[disable/enable]

Server IP enter the server IP address. [in digits and dots notation, e.g. 192.168.2.2]

Username enter the user name. Password password for the authorized user. Timeout in case of connection fail, the interval to re-connect to the server. Figure 151 edit L2TP services Click Save button and Apply Changes button to save the change or discard changes button to discard the change Figure 152 save the changes Reboot click the button to restart the AP and apply all the changes. Page 91 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 153 reboot and take effect the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Network | RADIUS Server Up to 32 different RADIUS servers can be configured in the RADIUS servers menu. By default, one RADIUS server is specified for the system:

Figure 154 RADIUS Servers Settings Details show the detail information of this RADIUS Server profile Edit edit the selected RADIUS Server entry you want to configure Delete delete the selected RADIUS Server entry. The last entry can not be deleted Add add new RADIUS server. Click Details, a similar page will be appeared as below:

Page 92 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 155 Detail for Radius Server profile Name the new RADIUS server name which is used for selecting RADIUS server If a (default) appears on the right side of the Name entry, it means this RADIUS server profile is the default profile. Authentication IP show the IP address of Authentication RADIUS server Authentication Port show the network port used to communicate with the Authentication RADIUS server Authentication Secret show the shared secret string that is used to make sure the integrity of data frames used for the Authentication RADIUS server Accounting IP show the IP address of Accounting RADIUS server If the Accounting IP address is 0.0.0.0, it means that the Accounting service is disabled. Accounting Port show the network port used to communicate with the Accounting RADIUS server Accounting Secret show the shared secret string that is used to make sure the integrity of data frames used for the Accounting RADIUS server User Password Md5sum Secret show whether user input password is calculated md5-sum before pass to RADIUS server or not. Back back to the RADIUS Server main page Edit edit the selected RADIUS Server profile Click Edit or click Add / Edit button in the main page to configure RADIUS server settings. Page 93 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 156 Edit the RADIUS Servers profile Figure 157 Add a new RADIUS Server's profile Name specify the new RADIUS server name which is used for selecting RADIUS server Default specify this RADIUS profile as default or not. When selected, the profile will be used as default Authentication IP specify the IP address of Authentication RADIUS server [dots and digits]

Authentication Port specify the network port used to communicate with the Authentication RADIUS server [1-65535]

Authentication Secret shared secret string that is used to make sure the integrity of data frames used for the Authentication RADIUS server Accounting IP specify the IP address of Accounting RADIUS server [dots and digits]

Page 94 of 187 BW2251 User Guide v1.0 Nov. 2013 Accounting Port specify the network port used to communicate with the Accounting RADIUS server

[1-65535]

Accounting Secret shared secret string that is used to make sure the integrity of data frames used for the Accounting RADIUS server The default port value for authentication is 1812. The default port value for accounting is 1813. The port specified here must be the same with the one on the RADIUS server. User Password Md5sum Secret if enabled, user input password will be calculated md5-sum before pass to RADIUS server for more security [enabled/disabled]

This setting needs RADIUS server do relevant configurations. Save save the entered values Cancel restore all previous values After adding a new RADIUS server or editing an existing one, a page appears similar to the following:

Figure 158 Apply or Discard RADIUS Server Changes Details show the detail information of this RADIUS Server profile Edit edit the selected RADIUS Server entry you want to configure Delete delete the selected RADIUS Server entry. The last entry can not be deleted Add add new RADIUS server. Apply Changes to save all changes at once. Discard Changes restore all previous values. Click Apply Changes to apply all the changes. Then the follow similar page will appear:

Page 95 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 159 Reboot Server Reboot restart the access point to make applied changes work. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Network | RADIUS Properties General RADIUS settings are configured using the RADIUS Properties menu under the network:

Figure 160 RADIUS Properties settings RADIUS Retries retry count of sending RADIUS packets before giving up [0-99]

RADIUS Timeout (seconds) maximum amount of time before retrying RADIUS packets [1-999]

NAS Server ID name of the RADIUS client Page 96 of 187 BW2251 User Guide v1.0 Nov. 2013 User Session Timeout (seconds) amount of time from the user side (no network carrier) before closing the connect [1-999999999]

User Accounting Update Interval (Seconds) period after which server should update accounting information [60-999999999]

User Accounting Update Retry (seconds) retry time period in which server should try to update accounting information before giving up [60-999999999]

User Idle Timeout (seconds) amount of user inactivity time, before automatically disconnecting user from the network [1-999999999]

Bandwidth Up maximum bandwidth up at which corresponding user is allowed to transmit [bps]

Bandwidth Down maximum bandwidth down at which corresponding user is allowed to receive

[bps]

Each setting in this table can be edited. Select RADIUS setting you need to update, click the edit next to the selected setting and change the value:

Figure 161 edit RADIUS properties Use the save button to save an entered value. Now select another RADIUS property to edit, or Apply Changes and restart your AP if the configuration is finished:

Page 97 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 162 apply change RADIUS properties Apply Changes click if RADIUS Properties configuration is finished Discard Changes restore all previous values Network | DNS DNS (Domain Name Service) service allows BW2251 subscribers to enter URLs instead of IP addresses into their browser to reach the desired web site. You can enter the DNS server settings under the Network | DNS menu. The DNS server setting s table is displayed:

Figure 163 DNS Settings You can enter the primary and secondary DNS servers settings by click the edit button in the action column and type in the DNS servers IP address:

Figure 164 Edit DNS Settings Page 98 of 187 BW2251 User Guide v1.0 Nov. 2013 IP Address enter the primary or secondary DNS servers IP address [dots and digits]

Change status or leave in the default state if no editing is necessary and click the Save button. Figure 165 Apply or Discard DNS server Settings For each change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 166 Reboot information Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Network | DHCP In AP Router mode, the BW2251 can act as a DHCP Server. The DHCP (Dynamic Host Configuration Protocol) service is supported on the LAN interfaces. This service enables clients on the LAN to request configuration information, such as an IP address, from a server. This service can be viewed in the following table:

Figure 167 DHCP Configuration Page 99 of 187 BW2251 User Guide v1.0 Nov. 2013 Interface Name select which LAN interface to be configured.[only br0 interface in BW2251]

Select the interface, and then click Edit button, a similar screen will appear as below:

Figure 168 Set DHCP Mode Mode DHCP service mode [DHCP server/Disabled]

When DHCP Server is selected, a page appears similar to the following:

Figure 169 DHCP Server Settings IP Address from/IP Address to specify the IP address range supported for the DHCP service

[mandatory fields]

Netmask show the subnet mask of current interface Gateway show the interface gateway WINS (Windows Internet Naming Service) Address specify service IP address if it is available on the network [dots and digits]

Lease Time specify the IP address renewal in seconds [1-1000000]

Domain specify DHCP domain name [optional, 1-128 sting]

DNS Address specify the DNS servers IP address [digits and dots]

DNS Secondary Address specify the secondary DNS servers IP address [digits and dots]

The DNS address is same with the setting in the Network | DNS menu. Change status or leave in the default state if no editing is necessary and click the Save button. Page 100 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 170 Apply or Discard DHCP server Settings The DHCP server settings will be automatically adjusted to match the network interface settings. If all of the DHCP settings are correct, click Apply Changes, request for reboot server appears:

Figure 171 Reboot information Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Page 101 of 187 BW2251 User Guide v1.0 Nov. 2013 Network | DHCP Lease This page display the DHCP lease information of wireless client which connect to the AP when DHCP server enable. Figure 172 DHCP lease information Host Name the host name of wireless client which associate to the access point. Mac Address the MAC address of wireless client which associate to the access point. IP Address the IP address of wireless client which associate to the access point. Expires in expire time of the wireless client which associate to the access point. Network | Static Route Opening the Static Route Settings page you will find a list of all pre-configured routes, each consisting of the related interface, the destination IP address, the gateway and the subnet mask. The Routing Table content shows how the router will handle data packets received on an interface with specific destination addresses. By default no static routes are defined on the system:

Figure 173 Static Route Page A routing rule is defined by the target subnet (target IP address and subnet mask), interface and/or gateway where to route the target traffic. A data packet that is directed to the target network is routed to the specified AC interface or to another gateway router. To add a new static route for the system, click the new button under the action column and specify the following parameters:

Figure 174 Add New Route Interface choose device interface for the route Status set new static route status: [enabled/disabled]

Gateway enter the gateway address for the route. 0.0.0.0 stands for the default gateway of the selected interface [IP address]. The gateway is in the same subnet with selected interface. Target IP address enter host IP or network address to be routed to [IP address]

In this case the class C network(192.168.234.x) is reachable. Netmask enter the target network netmask [dots and digits]

Page 102 of 187 BW2251 User Guide v1.0 Save save the new route Cancel restore all previous values Nov. 2013 Figure 175 Save New Route Static route will take effect immediately after click save button. Network | Attack Countermeasure To protect BW2251 from outside attack, anti-attack polices can be set here based on network needs. Figure 176 Attack Countermeasure settings Anti-DOS Status Enable or disable anti-dos policy for BW2251. This policy is for TCP DOS attack. Max Load The attack threshold. BW2251 think there is TCP DOS attack and do the Expire(seconds) If one client is considered as DOS attacker, BW2251 kicks it out and doesnt countermeasure if one clients TCP links exceed this threshold. let it connect again during the time that Expire set. Flow Control Status Enable or disable traffic flow control policy for BW2251. Max Load The attack throughput threshold. Duration(seconds) if traffic exceeds the value of Max Load during the whole time that Duration set, BW2251 think there is traffic flow attack and do the countermeasure. Expire(seconds) If one client is considered as traffic flow attacker, BW2251 kicks it out and doesnt let it connect again during the time that Expire set. Network | Link Integrity Specify Link Integrity features settings here. Enable Link Integrity, BW2251 will close wireless connections and kick out all the wireless clients when it detects that its Ethernet network cannot access to the internet. Figure 177 Link Integrity settings Page 103 of 187 BW2251 User Guide v1.0 Nov. 2013 Click Edit button to set the Link Integrity settings, the similar UI will be appeared as below:

Figure 178 Edit Link Integrity settings Status Enable or disable the feature of Link Integrity Target IP1 to Target IP5 IP addresses for BW2251 detecting if its Ethernet interface can access network. The AP will ping every IP address 15 times in sequence. As long as one ping is success it will consider the network is reachable. If ping fail for all IP address specified it will consider Ethernet link fail and all associated wireless client will be logged out. The AP will continue to ping from first IP address. If ping success the wireless will be enable again and client can access the AP. Save save the entered values. Cancel restore all previous values. Click Save, the similar apply changes UI will be appeared:

Figure 179 Apply or Discard Link Integrity Settings Apply Changes save all changes in the interface table at once. Discard Changes restore all previous values. Maximum 5 target IP can be siecified. The BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 104 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 180 Reboot Server Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Network | Tr069 Settings TR-069 is the Broadband Forum technical specification entitled CPE WAN Management Protocol(CWMP). It defines an application layer protocol for remote management of end-user devices. As a bidirectional SOAP/HTTP-based protocol, it provides the communication between customer-

premises equipment(CPE) and Auto Configuration Servers(ACS server). It includes both a safe auto configuration and the control of other CPE management functions within an integrated framework. The protocol addressed the growing number of different internet access devices such as modems,routers,gateways,set-top-boxes,and VOIP-phones for the end users. The TR-069 standard was developed for automatic configuration of these devices with Auto Configuration Servers(ACS). configure the remote management through TR069 ACS server(eg:BROWAN DMS server) Figure 181 TR-069 settings Click Edit button and the similar page will be appeared. Page 105 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 182 edit TR-069 settings Status enable or disable TR-069 setting.[enable/disable]

ACS URL enter the ACS server URL. ACS UserName the user name for AP register to ACS server. ACS UserPassword the password for AP register to ACS server. Enable Periodic Inform when AP registered to the ACS server, it will automatically send inform message such as S/N,OUI,manufacturer and product name to the ACS server through TR-069 protocol in a periodic time. Periodic Inform Interval the inform interval.[in seconds, the value is 720~4294967295]

Connection Request UserName when the ACS pulling a task to AP/CPE such as firmware upgrade/downgrade, AP need the user name to verify the task sending from ACS server. Connection Request Password when the ACS pulling a task to AP/CPE such as firmware upgrade/downgrade, AP need the password to verify the task sending from ACS server. Contact the ACS server administrator to get the user name and password for Connection Request UserName and Connection Request Password otherwise the AP will not accept the task pulling by ACS server. After enter all field click save and apply changes button to take effect. Figure 183 save TR-069 settings Page 106 of 187 BW2251 User Guide v1.0 Nov. 2013 Reboot click the button to restart the server and apply the changes. Figure 184 reboot device If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Page 107 of 187 BW2251 User Guide v1.0 Nov. 2013 Wireless Wireless | Basic Use the Wireless | Basic menu to configure wireless settings such as regulatory domain, channel, band, and power, layer 2 isolation. Click the edit button on the setting you need to change:

Figure 185 Basic Wireless Settings with static channel selection Figure 186 Basic Wireless Settings with auto channel selection(DCA) Page 108 of 187 BW2251 User Guide v1.0 Nov. 2013 Radio specify which wireless interface of BW2251 is shown. [wlan1(2.4G)/wlan2(5G)]

Mode show the radio operation mode. (AP mode or Bridge mode) Domain show the regulatory domain Static Channel / Auto Channel show the channel that the access point will use to transmit and receive information If DCA (Dynamic Channel Allocation) is enabled, this will show Auto Channel and its channel number is chosen in auto channel selection. If use static channel selection, this will show Static Channel and its channel number. DCA (Dynamic Channel Allocation) is useful feature to help choose the best channel automatically and reduce interference among many Access Points. Band show the working bands on which the radio is working. wlan1:four bands listed: 2.4GHz(11g only) , 2.4GHz(11n HT20) , 2.4GHz(11n HT20/40plus), 2.4GHz(11n HT20/40minus) wlan2: four bands listed:5GHz(11a), 5GHz(11n HT20) , 5GHz(11n HT20/40plus), 5GHz(11n HT20/40minus) . By default, the HT20/40 is recommended. Tx Power show the BW2251 transmission output power (without antenna gain) in dBm. RTS Threshold the AP sends Request to Send(RTS) frames to a particular receiving station and negotiates the sending of a data frame. After receiving an RTS, the wireless station responds with a Clear to Send(CTS) frame to acknowledge the right to begin transmission. The default value is 2347.[recommend]. Fragment Threshold It specifies the maximum size for a packet before data is fragmented into multiple packets. If you experience a high packet error rate, you may slightly increase the fragmentation threshold. Setting the fragmentation threshold too low may result in poor network performance. Only minor modifications of this value are recommended. The default value is 2347.[recommend]

Beacon Interval the Beacon Interval value indicates the frequency interval of the beacon. A beacon is a packet broadcast by the AP to synchronize the wireless network. DCA Enable or Disable DCA service. DCA can help to choose the best working channel automatically. And static channel selection will be forbidden if DCA is enabled. DCA(Dynamic Channel Allocation) solution automatically select the optimal operational frequency channel when power up and periodically monitors the environment and adjusts for the best operational frequency channel. DCA threshold specify the value (in minutes) of DCA threshold. This threshold is been used to judge if there is no wireless users connected during this time. And if yes, BW2251 will monitor the environment and adjust channel for the best operational one. If wireless network environment is stable which means auto channel selection neednt do frequently, set a big value for DCA threshold to gain a stable wireless users connection. If wireless network environment changes continually, frequent auto channel selection is needed. So set a relative small value for DCA threshold to let channel change based on wireless environment. Page 109 of 187 BW2251 User Guide v1.0 Nov. 2013 Wireless users will be kicked off when DCA is processing (new operational frequency channel takes effect). DCA optional channel show the channels only in which auto channel selection (DCA) will be processed to reduce interference. Only when DCA is enabled, DCA threshold and DCA optional channel will be shown. Preamble if your wireless device supports the short preamble and you are having trouble getting it to communicate with other 802.11b devices, make sure that it is set to use the long preamble. Auto: using long preamble when there are clients not supporting short preamble connected , otherwise using short preamble. The default is Auto.[recommend]

Short: always using short preamble. Long: always using long preamble. Slot Time show the slot time policy when working in 2.4GHz band. Auto: using long slot time when there are clients not supporting short slot time connected in, otherwise using short slot time. The Switching between long and short slot time is automatic. Short: always using short slot time. Long: always using long slot time. To Maximize the compatibility with some 11b clients, set both Preamble and Slot Time to long. Edit edit the wireless basic settings To change basic wireless setting properties click the Edit button in the Action column. The status can be changed now:

Figure 187 Edit Basic Wireless Settings with static channel selection Page 110 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 188 Edit Basic Wireless Settings with DCA enabled Radio Name specify wireless interface of BW2251 is shown Mode configure the radio operation mode. In AP-Router mode, the radio only support AP mode for wireless client connection. Domain select the regulatory domain. Channel select the channel that the access point will use to transmit and receive information. If one channel is defined, it acts as default channel. Channels list will vary depending on selected regulatory domain and selected band. If you wish to operate more than one access point in overlapping coverage areas, we recommend at least four channels interval between the chosen channels. For example, for three Access Points in close proximity choose channels 1, 6 and 11 for 11b/g or channels 36, 40 and 64 for 11a. Band show the working bands on which the radio is working. wlan1:four bands listed: 2.4GHz(11g only) , 2.4GHz(11n HT20) , 2.4GHz(11n HT20/40plus), 2.4GHz(11n HT20/40minus) wlan2: four bands listed:5GHz(11a), 5GHz(11n HT20) , 5GHz(11n HT20/40plus), 5GHz(11n HT20/40minus) . TxPower the BW2251 transmission output power in dBm. The value of the TxPower varies according to channel and regulatory domain. RTS Threshold the AP sends Request to Send(RTS) frames to a particular receiving station and negotiates the sending of a data frame. After receiving an RTS, the wireless station responds with a Clear to Send(CTS) frame to acknowledge the right to begin transmission. The default value is 2347.[recommend]

Page 111 of 187 BW2251 User Guide v1.0 Nov. 2013 Fragment Threshold It specifies the maximum size for a packet before data is fragmented into multiple packets. If you experience a high packet error rate, you may slightly increase the fragmentation threshold. Setting the fragmentation threshold too low may result in poor network performance. Only minor modifications of this value are recommended. The default value is 2347.[recommend]

Beacon Interval the Beacon Interval value indicates the frequency interval of the beacon. A beacon is a packet broadcast by the AP to synchronize the wireless network. DCA Enable or Disable DCA service. DCA can help to choose the best working channel automatically. And static channel selection will be forbidden if DCA is enabled. DCA(Dynamic Channel Allocation) solution automatically select the optimal operational frequency channel when power up and periodically monitors the environment and adjusts for the best operational frequency channel. DCA threshold specify the value (in minutes) of DCA threshold. This threshold is been used to judge if there is no wireless users connected during this time. And if yes, BW2251 will monitor the environment and adjust channel for the best operational one. If wireless network environment is stable which means auto channel selection neednt do frequently, set a big value for DCA threshold to gain a stable wireless users connection. If wireless network environment changes continually, frequent auto channel selection is needed. So set a relative small value for DCA threshold to let channel change based on wireless environment. Wireless users will be kicked off when DCA is processing (new operational frequency channel takes effect). DCA optional channel specify the channels only in which auto channel selection (DCA) will choose for reducing interference reference. Only when DCA is enabled, DCA threshold and DCA optional channel will be shown. Preamble if your wireless device supports the short preamble and you are having trouble getting it to communicate with other 802.11b devices, make sure that it is set to use the long preamble. Auto: using long preamble when there are clients not supporting short preamble connected , otherwise using short preamble. The default is Auto.[recommend]

Short: always using short preamble. Long: always using long preamble. Slot Time specify the slot time policy when working in 2.4GHz band. Auto: using long slot time when there are clients not supporting short slot time connection, otherwise using short slot time. The default is Auto.[recommend]

Short: always using short slot time. Long: always using long slot time. To Maximize the compatibility with some 11b clients, set both Preamble and Slot Time to long. Change status or leave in the default state if no editing is necessary and click the Save button. Page 112 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 189 Apply or Discard Basic Wireless Settings with Static Channel selection Figure 190 Apply or Discard Basic Wireless Settings with DCA enabled For such change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 113 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 191 Reboot Server Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Wireless | Advanced BW2251 supports Multiple BSSID (MBSSID) function. You can configure up to 16 BSSIDs on BW2251 and assign different configuration settings to each BSSID. For wireless users, they can think BW2251 as single AP with multi service supporting, including different security policy, different VLAN ID, different authentication etc. All the BSSIDs are active at the same time that means client devices can associate to the access point for specific service. Use the Wireless | Advanced menu to configure properties related to Multiple BSSID, including configure SSID, Hidden SSID, VLAN, and Security for each SSID. Each BSSID can have its own SSID. In this case, Multiple BSSID is the same with Multiple ESSID. Wireless users can think BW2251 as multiple virtual APs, each supporting different service, and connects one SSID for the special services. Page 114 of 187 BW2251 User Guide v1.0 AP Mode Nov. 2013 Figure 192 Advanced Wireless Setting (AP Mode) Radio specify wireless interface to be configured. [wlan1(2.4G/wlan2(5G)]

Mode show the current operation mode of this radio (AP or Bridge) Interface display the interface which corresponding to the SSID. Each Interface maps to a BSSID SSID SSID name for wireless client searching and associating. Hidden show the status of Hidden SSID feature[disable/enable]

Security show which security policy is used for this MBSSID entry Current Connect # show the number of current wireless clients associate to this MBSSID New create a new MBSSID entry Detail show the detail information of this MBSSID entry Edit edit the selected MBSSID entry you want to configure Delete delete the selected MBSSID entry. When in AP mode, you can not delete the last entry Refresh rescan the WEB page to get newer information Clicking New or Edit button to configure the SSID parameters. Describe as below:

Page 115 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 193 BSSID Setting -1 Radio show the wireless interface is being configured. Interface show the current sub-interface. Mode show the operation mode of current radio. SSID a unique ID for your wireless network. It is case sensitive and must not exceed 32 characters. The SSID is important for clients when connecting to the access point. Need Hidden SSID when enabled, the SSID of this Interface is invisible in the networks list while scanning the available networks for wireless client (SSID is not broadcasted with its Beacons). When disabled, the APs SSID is visible in the available network list

[enabled/disabled]. By default the Hidden SSID is disabled SSID status activated or deactivated the SSID. The default is activated SSID[check box]. Disable 11b enable/disable 11b client connection. [check box] to enable the function. Only 11n only 802.11n client can connected to the SSID. Disassociation low MCS low MCS client wont associate to the AP. [check box] to enable it. Max Station Number define maximum number of associated wireless client to this SSID. By default the number is maximum 127 client can be associated to the AP without check box. Or check box to enable limited client.[1~127]

Layer 2 Isolation Specify the layer 2 isolation policy. Enable Intra-BSS Layer 2 Isolation when enabled, the clients that connect in this same BSS cant visit each other. By default the intra-BSS layer 2 isolation is disabled. Intra-BSS layer2 isolation which enable or disable client isolation under same SSID. Inter-BSS layer2 isolation which enable or disable client isolation between different SSID. Please go to Wireless | Layer 2 Isolation(Inter-BSS) menu to configure inter-BSS layer 2 Isolation. Full layer 2 isolation need to set both intra-BSS and inter-BSS layer 2 isolation in the AP mode. Bandwidth enable/disable upstream/downstream bandwidth control per SSID. Page 116 of 187 BW2251 User Guide v1.0 Nov. 2013 Download bandwidth specified the maximum downstream in Mbps controlled by the SSID. Upload bandwidth specify the maximum upstream in Mbps controlled by the SSID. Figure 194 Multiple BSSID Setting -2 VLAN specify VLAN policy Enable VLAN when enabled, the outgoing packets from this SSID device will be tagged with VLAN ID and 802.1p tag. VLAN ID configure VLAN ID for each Multiple SSID devices. Valid numbers are from 1 to 4094 802.1p Tag configure 802.1p Tag for remote APCs or Routers QoS uses. Eight levels selective, Background(1), Spare(2), Best Effort(0), Excellent Effort(3), Controlled Load(4), Interactive Video(5), Interactive Voice(6), Network Contro(7) VLAN ID and 802.1p tag must cooperate with remote Router or APC. Interface priority specify the traffic priority for this SSID interface, which is implemented according to 802.11e EDCA and makes sure the wireless downlink QoS. This priority is based on SSID, which means different BSSID can have different traffic priority and the traffic of the same SSID has the same priority This traffic priority only makes sure the priority of downlink (from AP to wireless client). 8 levels priorities are supplied. 1, 2, 0, 3, 4, 5, 6, 7 is from lowest priority to highest priority. And if no special QoS is needed, leave priority to default (0). 0 means Best Effort priority. WMM BW2251 support WMM wireless clients and implement WMM QoS with the WMM clients.

[enable]

ESS in Tunnel Settings for ESS in tunnel. When enabled, BW2251 setup tunnel with remote AC for passing through layer3 network. Remote Server IP IP address of remote AC product that setup tunnel with BW2251 Page 117 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 195 Multiple BSSID Setting 3 Security specify the security policy WEP Wired Equivalent Privacy(WEP) is a security algorithm for IEEE 802.11 wireless networks. WEP Key Index select the default key Index to make it the Default key and encrypt the data before being transmitted. All stations, including this MSSID Entry, always transmit data encrypted using this Default Key. The key number (1, 2, 3, 4) is also transmitted. The receiving station will use the key number to determine which key to use for decryption. If the key value does not match with the transmitting station, the decryption will fail. The key value is set in Wireless | WEP web page 802.1x when selected, the MSSID entry will be configured as an 802.1x authenticator. It supports multiple authentication types based on EAP (Extensible Authentication Protocol) like EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-SIM. The privacy will be configured as dynamic WEP RADIUS Server Profile select your RADIUS server profile Please go to Network | RADIUS Server menu to configure your RADIUS server profile or add a new profile, and please refer to Network | RADIUS Server for its configuration. Dynamic WEP Encryption select whether using the dynamic 64-bits encryption, 128-bits encryption or without encryption Pass Through when enabled, client can access network whether it passed 802.1x authentication or not Only when 802.1x enabled and dynamic key disabled this option can be enabled. Page 118 of 187 BW2251 User Guide v1.0 Nov. 2013 WPA Wi-Fi Protected Access, When selected, the encrypt method will be WPA with RADIUS Sever WPA2 when selected, the security policy will be WPA2 with RADIUS server. In this mode, WPA client is not permitted to connect WPA2 MIXED when selected, WPA2 client and WPA client are all permitted to connect RADIUS Server Profile select your RADIUS server profile Please go to Network | RADIUS Server menu to configure your RADIUS server profile or add a new profile, and please refer to Network | RADIUS Server for its configuration. Algorithm choose WPA algorithm (TKIP, AES) Group Key Rekey Interval specify amount of minutes and WPA automatically will generate a new Group Key Figure 196 Multiple BSSID Setting 4 WPA-PSK when selected, the encrypt method will be WPA without RADIUS server WPA2-PSK when selected, the security policy will be WPA2 PSK without RADIUS server. In this mode, only WPA2 PSK client can connect with AP and WPA PSK client is not permitted to connect WPA2-PSK MIXED when selected, WPA2 PSK and WPA PSK clients are all permitted to connect with AP Use Pre-Shared Key specify more than 8 characters and less than 64 characters for WPA with pre-shared key encryption Algorithm choose WPA algorithm (TKIP, AES) Group Key Rekey Interval specify amount of minutes and WPA automatically will generate a new Group Key MAC Auth when selected, the MAC address of wireless client will be passed to RADIUS server for PAP authentication when it connects with BW2251. The MAC address of wireless client acts as username and password RADIUS Server Profile select the default radius server name Page 119 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 197 Multiple BSSID Setting 5 WAPI WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese National Standard for wireless LAN(GB15629.11-2003).(Only for China) It needs to upload WAPI certificate. AAA Server Profile select your RADIUS server profile WAPI-PSK the encrypt method will be WAPI without RADIUS server Encode Pre-shared key encode.[HEX/ASCII]

Use Pre-Shared key specify more than 8 characters and less than 64 characters for WPA with pre-shared key encryption Disabled when selected, you dont select any security policy Change status or leave in the default state if no editing is necessary and click the Save button. Figure 198 Apply or Discard the advanced Settings in AP mode For each change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 120 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 199 Reboot information Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Wireless | WEP Use the Wireless | WEP menu to configure static WEP settings. This menu only set static WEP key value related with 4 key indexes. Enable or Disable static WEP is in the Wireless | Advance menu. Figure 200 WEP Settings Page 121 of 187 BW2251 User Guide v1.0 Nov. 2013 Radio show the wireless interface. Click Edit to edit the existing wepkey1 to wepkey4. By default, four WEP keys are all set to aaaaa (ascii characters) or 6161616161

(hexadecimal characters). They can be modified according to requirement. Figure 201 Edit WEP Key Change status or leave in the default state if no editing is necessary and click the Save button. Figure 202 Apply or Discard WEP Configuration For each change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 122 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 203 Reboot information Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Wireless | MAC ACL Use the MAC ACL service to control the default access to the wireless interface of the BW2251 or define special access rules for mobile clients. Configure the ACL using the Wireless | MAC ACL menu:

Figure 204 MAC ACL Service Radio show the wireless interface. The wireless interface which is Bridge mode hasnt MAC ACL settings. Policy click the edit button to choose Allow, Deny or disable the access control service on device. By default the ACL service is disabled and all wireless clients connecting to the BW2251 are allowed

(no ACL rules are applied to the wireless clients) Page 123 of 187 BW2251 User Guide v1.0 Nov. 2013 Select Allow means only the wireless clients whose MAC are listed in the MAC List would be permitted to access this AP. Other wireless client cannot access this AP. Select Deny means only the wireless clients whose MAC are listed in the MAC List would be prevented from accessing. Other wireless clients can access this AP. Select Disabled means no ACL service. Figure 205 MAC ACL settings You must create MAC List to work with Policy setting. The access control list is based on the network devices MAC address. In the MAC ACL Configuration table, you only need to specify the MAC address of wireless client. Click the Add button to create a new MAC entry:

Figure 206 Add MAC entry MAC Address enter the physical address of the network device you need to (MAC address). The format is a list of colon separated hexadecimal numbers (for example: 00:90:4B:00:11:22) Save click the button to save the new MAC entry Figure 207 Apply or Discard MAC ACL Configuration Changes Apply Changes to save all changes made in the interface table at once Page 124 of 187 BW2251 User Guide v1.0 Nov. 2013 Discard Changes restore all previous values For such change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 208 Reboot Server Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Page 125 of 187 BW2251 User Guide v1.0 Nov. 2013 User User | Users The User | Users menu shows the statistics of connected users. The user can be monitored and managed such as drop from the network. Figure 209 Users statistics User show the connected clients MAC address Interface show which BSS the client connected to User IP IP address, from which the users connection is established [digits and dots]

Authed indicate this client is authenticated or not WEB Auth/L2 Auth show the authentication method which user uses to connect Time Length session duration since the user login [hh:mm:ss]

Idle Time amount of user inactivity time [hh:mm:ss]

Action view the statistics or kickoff the user. Detail click on user details to get more information about the client:

Kickoff logout the user. Page 126 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 210 Users Details User login user name interface the interface that wireless client associated. User IP the IP address of wireless client. MAC address hardware address of the network device from which the user is connected WEB Auth/L2 Auth show web authentication and layer2 authentication status, layer2 authentication include all supported EAP type of 802.1x auth and MAC auth WISP WISP domain name where the user belongs Session ID the unique users session ID number. This can be used for troubleshooting purposes Remaining Time Length remaining users session time [hh:mm:ss]. Session time for user is defined in the RADIUS Server Idle time specify current idle time. Idle Timeout specify the time of user idle timout [hh:mm:ss]. When reach the time, the user will be logged out automatically. Page 127 of 187 BW2251 User Guide v1.0 Nov. 2013 Input Bytes amount of data in bytes which the user network device has received [Bytes]

Output Bytes amount of data in bytes, transmitted by the user network device [Bytes]

Remaining Input/Output Bytes user session remaining input/output bytes. WISPr Operator can define the user session in bytes. Remaining bytes is received from RADIUS [Bytes/unlimited]

Remaining Total Bytes user session remaining total bytes. WISPr Operator can define the user session in bytes. Remaining bytes is received from RADIUS [Bytes/unlimited]

Bandwidth Downstream/Upstream user upstream and downstream bandwidth [in bps]

Back returns to connect clients statistics list Kickoff click this button to logout the user from access point. Refresh click the button to refresh users statistics User | Station Supervision The Station Supervision function is used to monitor the connected host station availability. This monitoring is performed with ping. If the specified number of ping failures is reached (failure count), the user is logged out from the BW2251. Figure 211 Station Supervision To adjust the ping interval/failure count, click the Edit button. Figure 212 Edit Station Supervision Interval define interval of sending ping to host [in seconds]

Failure Count failure count value after which the user is logged out from the system Save save station supervision settings Cancel cancel changes Change status or leave in the default state if no editing is necessary and click the Save button. Page 128 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 213 Apply or Discard Station Supervision Changes Apply Changes to save all changes at once Discard Changes restore all previous values For such change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 214 Reboot Server Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. User | User ACL User ACL provide high flexibility for administrator to define the rules for BW2251 to filter the packets which will forward or masquerade by it. Figure 215 User ACL To add a new rule, just click the Add button. Figure 216 Create a new rule (first step) Page 129 of 187 BW2251 User Guide v1.0 Nov. 2013 First step select the rule policy [drop/accept/masquerade] to deal with packet and the packet type

[all/TCP/UDP/ICMP] and which interface the rule will act on. Policy define the policy of client through the access point. It supports three types of rules: DROP, ACCEPT and MASQUERADE. The appropriate policy defines what to do if the data packet received matches the rule Protocol network protocol which the rule affects. Can be specified as one of TCP/UDP/ICMP or any In Interface the data packet to the current interface must obey the rule Out Interface the data packet from the current interface must obey the rule Figure 217 Create a new rule (second step) Second step select the type of source IP and destination IP [special IP/any IP]. Figure 218 Create a new rule (third step) Third step choose the type of source port and destination port [any port/special port]. Figure 219 Create a new rule (fourth step) Fourth step, fill out the source IP address and destination IP address (including IP address and net mask, if you choose any IP in second step, you need not fill out the IP address); fill out the source port and destination port (if you select any port in third step or select protocol ICMP/all, you need not fill out the port). Figure 220 Create a new rule (fifth step) After complete the rule configuration, click the apply changes button to save your configuration. You can also re-order your rules if you have many rules configured and arrange the priority of them. The rule with index 1 has the highest priority; with index 2 has the second high priority and so on. Figure 221 re-order rules Click Edit Sort button of one rule to re-order its priority and then select the index number, click Save button to save your changes. Page 130 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 222 Apply or Discard User ACL Changes Apply Changes to save all changes of User ACL at once Discard Changes restore all previous values Please be careful to use the DROP policy. For example, if DROP tcp for any source IP, BW2251 web UI will not be accessed. User | Walled Garden The walled garden is an environment that controls the user's access to Web content and services. It is to define a free, restricted service set for a user do not logged into the system. Use the User |

walled garden menu to view or change the free URLs or hosts:

Figure 223 Walled Garden New URL click the new URL button and enter the new URL and its description. Save entered information by clicking the update button:

Figure 224 Add New URL part 1 URL for User define full URL address. Ex:[http://www.test.com]

String to Display site description visible to user listed on the welcome and login page:

Page 131 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 225 Walled Garden link in the Welcome Page New Host If you need to define hosts (web servers) for walled garden, specify hosts by clicking the new host button and click the update button:

Figure 226 Walled Garden Host Type select the data traffic protocol for host server [TCP/UDP]. Host Web server address [IP address or host name]. Netmask enter the network mask to specify the host servers network. Port network port, which is used to reach the host [1-65535]. For standard protocols use the default ports:

Protocol HTTP HTTPS FTP Port 80 443 21 User | WISP Different WISPs (Wireless Internet Service Providers) can be associated with appropriate RADIUS servers and device interfaces using the User | WISP menu:

Figure 227 WISP Menu Domain policy means BW2251 use which policy to fetch WISP name from user name then to judge user belong which domain. Page 132 of 187 BW2251 User Guide v1.0 Nov. 2013 Up to 32 WISP entries can be defined using the User | WISP menu. The owner can use three policies to judge the WISP name from user name:

1. username follow the format: username@WISPdomain 2. username follow the format: WISPdomain/username 3. use prefix of username as wisp name, the range of prefix length is from 2 to 6 Figure 228 Domain Policy Add WISP click to define WISP for RADIUS server Figure 229 Define New WISP Name new WISP domain name [string, up to 256 symbols, no space, dot or dash allowed]

RADIUS Name select RADIUS for new WISP from list box [non editable]

Save click the button to save the new WISP Cancel restore all previous values Figure 230 Apply or Discard Changes of WISP settings BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Page 133 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 231 Reboot information Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. User | Start Page The start page is the default web page where users will be redirected after log-on. This value will be overwritten by the WISP RADIUS attribute no.4 Redirection-URL if provided in the authentication response message. Use the User | Start Page menu to view or change the start page URL:

Figure 232 Start Page The administrator can change the start page by clicking the Edit button. The value entry field will change into an editable field:

Figure 233 Edit Start Page Value enter new redirection URL of start page in valid format [http://www.startpageurl.com]

Save click the button to save new settings Cancel restores all previous values Page 134 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 234 Apply or Discard Changes of Start Page BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 235 reboot device Reboot click the button to restart the server and apply the changes. If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. User | Customized UAM Customized UAM let owner upload their own login and logout page to BW2251 to apply with enterprise style or do advertisements. User customized page is based on HTML. BW2251 support internal and external customized UAM. Internal means user can upload their html login and logout page to BW2251. External means BW2251 will go to an external web server to fetch login and logout page the local and push to web login client. Please contact with BROWAN if you need the internal customized UAM template sample. Customized UAM in default is disabled. Click the Edit button on the setting you need to change:

Figure 236 Customized UAM page Page 135 of 187 BW2251 User Guide v1.0 Nov. 2013 Use SSL select enable or disable to use SSL encryption for the HTTP session of the user login page Customize Page enable the configuration if you want to use customized UAM function After successfully enabled customized UAM configuration, this configuration page will be extended to the follow page which includes three columns. Figure 237 Customized UAM enabled First is Customized UAM status configuration:

Pop Logout Page after user successful web login, if this item is enabled, BW2251 will pop out a logout page for user. In default this setting is enabled if customized page is enabled Logout Pages Dimension for the difference of logout pages dimension which make by customer, BW2251 will use this data to pop out users customized logout page Use External Page if this item is enabled, BW2251 will fetch login and logout page from an external web server Second is update html files, for user delete or upload login and logout pages. There also has two URL point to example page in html format for login and logout page which user can reference to make their own pages. The third is uploaded file list, where user can find which files have been uploaded. Press upload button on second column will coming into upload files pages:

Page 136 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 238 Upload Pages Login File is for customized login page; Logout File is for customized logout page. Additional file 01~10 is for uploading picture and CSS files. Current support picture file format is JPG, GIF, PNG and CSS. Picture and CSS files name need be consistent with your login or logout html pages. The login and logout html file can be what ever you want. Dont forget fill out the Logout pages dimension, or logon user maybe can only see part of your logout page. After select the file you want, press upload button and the files will upload to BW2251. after successful upload files, you can see the page below:

Page 137 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 239 Flash upload files OK After successful flash the files, uploaded files will appear in uploaded file list. Next is an example for customized login and logout page. Figure 240 Example login and logout page For external page, enabled the Use External Page as below. Page 138 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 241 External Page Configuration Fill out the external login page and external logout page [http://host IP address:port/path]. BW2251 would auto-update the external page every 7200 seconds or you change the interval update time. External page example will be found in the links under the last line. In External page mode, BW2251 will only fetch the login and logout html page to local, the picture or the CSS file which link on the customized login/logout page will not be fetch. So the link to the picture and CSS file on user customized html file need to be an absolute address which point to the external web server. BW2251 would use the default login or logout page if user did not upload the customized pages or BW2251 did not get the external page from the external login/logout page IP. User | Pages Detailed description about user page customization is given in the Chapter 5 User Pages. The welcome/login/logout/help pages can be easily changed to user defined pages by choosing the edit menu. The pages configuration menu is displayed by default:

Page 139 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 242 Available User Pages for Configuration Login/Logout/Help/Unauthorized pages settings detailed description is given in the Chapter 5 User Pages. Only Welcome page settings reference is provided here. Welcome first page the user gets when he/she opens its browser and enters the URL. Internal choose this option when using the internal user pages templates. External choose this option when uploading your own user pages templates. Redirect choose this option when using the Extended UAM function (see Chapter 5 User Pages.). Status choose enable/disable welcome page status. Note that redirect option with status disabled would work. Location enter location for external templates or redirect (e.g. WAS IP address). Figure 243 Redirect User Pages Welcome page with redirect option selected redirects the user authentication process to the specified location. The user welcome/login/logout page can be implemented as simple HTML (not required to use the .XSL or default user pages templates) in such case. The redirect location URL should be specified in Walled Garden URL, otherwise the redirect would NOT WORK. Figure 244 Caching Option Page 140 of 187 BW2251 User Guide v1.0 Nov. 2013 Caching option can be used for caching the external uploaded user pages (available choice:

enabled/disabled) Clear click the button to clear cached user pages. Controller cache is also cleared after device reboot/reset. User | Upload Please contact with BROWAN if you need the user pages template sample. Figure 245 Upload Page Delete click the button to delete earlier uploaded files from controller memory. Upload click the button to select and upload new user pages. How to upload user pages see in the Chapter 5 User Pages. User | HTTP Headers System administrator can set HTML headers encoding and language settings for BW2251 web management interface and new uploaded user pages. Select User | HTTP Headers menu:

Figure 246 HTTP Headers Settings BW2251 device supports some http META tags. Syntax of such META tags:

<META HTTP-EQUIV="name" CONTENT="content">

Currently BW2251 supports Content-Type and Content-Language tags:

Content-Type is used to define document char set (used, when text has non-Latin letters, like language letters).

Content-Language may be used to declare the natural language of the document. BW2251 automatically adds defined content-type and content-language to generated XML. Then user pages (.XSL) templates will use these parameters to generate the output HTML. Click the change button to define new headers of the web management interface on user pages templates. The default HTML encoding is ISO-8859-1, language = English. Enable the HTTP header status and default values appear:

Page 141 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 247 Set HTTP Headers The system administrator can set his own header encoding and language settings. Use the HTML 4.01 specification to define the header encoding and language. User | Remote Authentication Read more about the extended UAM feature in Chapter 5 User Pages, section:

Extended UAM The Remote Authentication feature under the User menu allows an external Web Application Server

(WAS) to intercept/take part in the user authentication process, and to log on and log off users externally. It provides a means to query user session information as well. By default such remote authentication is disabled:

Figure 248 Remote Authentication Click the edit button next to appropriate settings to specify remote authentication parameters:

Figure 249 Enable Remote Authentication Remote Authentication select status: [enabled/disabled]. Shared Secret enter password for WAS to communicate with AC [sting (4-32), no spaces allowed]. The shared secret must match that configured on the WAS. This shared secret allows the WAS to initiate a secure (SSL) command session with the BW2251 to pass login commands. Page 142 of 187 BW2251 User Guide v1.0 Nov. 2013 Services Services | Telnet Use Services | Telnet menu to manage the telnet/SSH service of your BW2251. Figure 250 System Configuration settings Telnet Service Enable or disable telnet service of BW2251 SSH Service Enable or disable SSH service of BW2251 The default of these two services are all Enabled. The current IETF SSH (SSHv2) is supported for security of accessing BW2251 via telnet/CLISH. Services | SNMP SNMP is the standard protocol that regulates network management over the Internet. To communicate with SNMP manager you must set up the same SNMP communities and identifiers on both ends: manager and agent. Use the Services | SNMP menu to change current SNMP configuration. Figure 251 SNMP settings Readonly community community name is used in SNMP version 1 and version 2c. Read-only

(public) community allows reading values, but denies any attempt to change values [1-32 all ASCII printable characters, no spaces]

Readwrite community community name is used in SNMP version 1 and version 2c. Read-write

(private) community allows to read and (where possible) change values [1-32 all ASCII printable characters, no spaces]

Default Trap community the default SNMP community name used for traps without specified communities. The default community by most systems is "public". The community string must match the community string used by the SNMP network management system (NMS) [1-32 all ASCII printable characters, no spaces]

Page 143 of 187 BW2251 User Guide v1.0 Nov. 2013 HeartBeat Trap Interval define the interval that AP send trap information to the server.[in seconds]

Trap Configuration Table:

You can configure your SNMP agent to send SNMP Traps (and/or inform notifications) under the defined host (SNMP manager) and community name (optional). Figure 252 SNMP Trap table settings Click Add to add a new SNMP manager or Delete to delete a specific SNMP manager. Clicking Add:

Figure 253 Add SNMP Trap Host IP enter SNMP manager IP address [dots and digits]

Host Port enter the port number the trap messages should be send through [number]

Trap Type select trap message type [v1/v2/inform]

Community specify the community name at a SNMP trap message. This community will be used in trap messages to authenticate the SNMP manager. If not defined, the default trap community name will be used (specified in the SNMP table) [1-32 all ASCII printable characters, no spaces]

Save save all current settings Cancel restore the last settings Services | NTP NTP (Network Time Protocol) is used to synchronize the system time with the selected network NTP server. Use the Services | NTP menu to configure the NTP service:

Figure 254 NTP Settings Page 144 of 187 BW2251 User Guide v1.0 Nov. 2013 NTP Status specify enable or disable this NTP service Time Zone specify the time zone for NTP service Delete delete the existed NTP server Edit edit the settings of the existed NTP server Add add a new NTP server setting for synchronizing time Clicking Add button to add a new NTP server:

Figure 255 Add new NTP server setting Two NTP servers can be configured under Services | NTP menu. And only IP address is accepted for NTP server. Please enter at least one NTP server when enable NTP service. The Name of NTP server should be unique. Change status or leave in the default state if no editing is necessary and click the Save button. Figure 256 Save the NTP server Changes Change the Time Zone for your own local time and change the NTP status to enable or disable. Page 145 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 257 Edit Time Zone setting/NTP status Click Save button to save new Time Zone setting. Figure 258 Apply or Discard Time Zone/NTP status Changes For each change of settings, the BW2251 needs to be restarted to apply all settings changes when clicking Apply Changes. Request for reboot server appears:

Figure 259 Reboot information Page 146 of 187 BW2251 User Guide v1.0 Nov. 2013 Reboot click the button to restart the server and apply the changes If there is no other settings needed to be modified, click the Reboot button to apply all changes. If there are any other settings need to be changed, continuously to finish and apply all changes and then click Reboot button to restart and take effect for all settings. Services | Time Configure the system time manually under Services | Time menu. Figure 260 Time Settings Click Edit to change current system time. Figure 261 Edit Date and Time Settings Change the Date and Time or leave in the default value if no editing is necessary and click the Apply button. Thus the modified time will be taken effect at once. No reboot is needed. If NTP is enabled, the local time cannot be modified. Since BW2251 hasnt RTC (real-time clock), the system time will back to 1970/01/01 00:00 after reboot. Services | Watchdog BW2251 supply watchdog function for the reliability. Use Services | Watchdog to enable/disable watchdog service. Figure 262 Watchdog settings Page 147 of 187 BW2251 User Guide v1.0 Nov. 2013 Click Edit button to edit watchdog settings. The similar UI will be appeared like below:

Figure 263 edit Software Watchdog settings Status Enable or Disable software watchdog Check Interval the periodical time that software watchdog checks the whole file system of BW2251. The hardware watchdog function will protect device even the operation system crash. Figure 264 edit hardware watchdog settings Status Enable or Disable hardware watchdog The default value is enabled for both Software Watchdog and Hardware Watchdog. It is strongly recommended to enable the watchdog function. Click Save and follow the UI instruction to apply changes and reboot the device for apply all the modified settings. Page 148 of 187 BW2251 User Guide v1.0 Nov. 2013 System System | Administrator The System | Administrator menu is for changing the administrators settings: username and password:

Figure 265 system security settings User Name administrator username for access to BW2251 (e.g. web interface, CLI mode) [1-32 symbols, spaces not allowed]

Old Password old password value New Password new password value used for user authentication in the system [4-8 characters, spaces not allowed]

Confirm Password re-enter the new password to verify its accuracy Save click to save new administrator settings. Default administrator logon settings are:

User Name: admin Password:

admin01 Password length is from 4 to 8 characters. After filling in the right Old password and the New Password, clicking the Save button for taking effect immediately. After clicking Save button, the below UI will be shown to notify that the new password setting has been taken place:

Figure 266 system security settings save and take effect successfully Page 149 of 187 BW2251 User Guide v1.0 Nov. 2013 System | System Log Use the System | System Log menu to trace your AP system processes and get the system log locally or on the remote log server. Figure 267 System Log settings To enable the System Log remote sending function, click the Edit button on the Remote System Log table and choose the enabled option:

Figure 268 Configure Remote System Log Utility Remote Log Status choose disable/enable remote log [enabled/disabled]

Host IP specify the host IP address where to send the System Log messages [dots and digits]

Log Level specify the remote log message level you want to trace [critical, error, warning, info and debug]

Do not output debug log unless there are important issue needs to be clarified. Debug log will output all of the information so that it will severely drop down the network performance. BW2251 support standard sys. log server. Save save changes Cancel restore the previous values To view the System Log locally, click the Edit button on the Local System Log table and choose the enabled option:

Figure 269 Configure Local System Log Page 150 of 187 BW2251 User Guide v1.0 Nov. 2013 Local Log Status choose disable/enable local log [enabled/disabled]

Log Limit specify the maximum length of local log message in byte [20000-512000]

Log Level specify the local log message level you want to trace [critical, error, warning, info and debug]

Save save changes Cancel restore the previous values View view the log messages locally Click View button, a similar screen will appear as below:

Figure 270 View Local Log Messages Clear clear current log message Refresh get the updated log messages Return back to System Log page System | System Mode In this page, you can select the system mode of your BW2251. Figure 271 System Mode Settings Page 151 of 187 BW2251 User Guide v1.0 Nov. 2013 Mode select whether the system mode of BW2251 is AP mode or AP Router mode IP specify the IP address of current interface [dots and digits]

Netmask specify the subnet mask of current interface [dots and digits]

Gateway specify the gateway to other networks Protocol specify static for setting IP address manually and dhcp for getting IP address dynamically acting as DHCP client Apply and Reboot click the button to restart the device and apply all setting changes The Web Interface in AP-Router mode is different from that in AP mode. For the detailed configuration of BW2251 working in AP mode, please refer to: Chapter 3 Reference Manual----AP Mode System | System Info Administrator can self-define the device information including the system name, system location and system contact information of his BW2251. Figure 272 System info Settings System Name edit the system name, the column length range is 1 to 255. Figure 273 edit the system name System Location edit the system location, the column length range is 1 to 255. Figure 274 edit the system laocation System Contact edit the system contact, the column length range is 1 to 255. Page 152 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 275 edit the system contact information Save click the button to save the change. Cancel restore all previous values System | Configuration Use the System | Configuration menu to download current configuration or restore specified configuration. Configuration Backup download current working system configuration for backup Configuration Upload upload system configuration for restore Figure 276 System Configuration settings Click the Preparation button to start saving the configuration file. Click the Download button to download current working configuration locally. Figure 277 Backup settings By default the device configuration name is cfgbackup.cfg. A configuration file name will be required when you download/save the configuration file. And please remember or re-name the file if necessary. The configuration file name should only include characters or numbers. Otherwise, this configuration file will not upload to BW2251. Page 153 of 187 BW2251 User Guide v1.0 Nov. 2013 You can upload saved configuration file any time you want to restore this configuration to the device by using the Browse button. Select the configuration file and upload it on the device:

Figure 278 Configuration Upload/Restore - 1 Click Upload for upload the specified configuration and then the similar UI appears Figure 279 Configuration Upload/Restore - 2 Click OK button to restore and AP will reboot immediately to take effect. Figure 280 Configuration Upload/Restore - 3 System | Reset and Reboot Use this function to reboot device or restore to factory default. Figure 281 System Reset setting Reboot reboot the device Reset reset System to Factory Defaults To reboot the device, click Reboot and then the below appears to make sure:

Figure 282 Reboot the device Page 154 of 187 BW2251 User Guide v1.0 Nov. 2013 To reset the device, click Reset and then the below appears to make sure:

Figure 283 Reset the device Click reset button the device will reset and reboot immediately to take effect. Please note that all settings including the administrator settings will be set back to the factory default when Reset is implement. System | Local Upgrade Upload Update your device firmware locally. Figure 284 Firmware Upgrade Click the Upload and then click the browse button to specify the full path of the new firmware image and click the Upload button:

Figure 285 Firmware Upgrade Click the Upgrade button to flash and upgrade the firmware. Please make sure the firmware is correct for BW2251. Otherwise the upgrade will be failed. Page 155 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 286 upgrade firmware Do not turn off the BW2251 during the firmware update process. It will backward to previous version in case upgrade failure. Update firmware will take about 4 minutes. System | TFTP Upgrade BW2251 support firmware upgrade via TFTP server. Figure 287 TFTP Firmware Upgrade Current firmware version Show the current firmware version. TFTP server IP address - Specify the IP address of TFTP server which firmware located. TFTP Time Out(Secs) Specify the TFTP server communication time out in second. Firmware Filename Specify the upgrade firmware name to be download. Figure 288 TFTP Firmware Upgrade setting Click Edit button to specify the TFTP server IP address,time out interval and firmware filename and save the configuration then press Download button to download the firmware. Page 156 of 187 BW2251 User Guide v1.0 Nov. 2013 Please make sure the firmware is correct for BW2251. Otherwise the upgrade will be failed. Do not turn off the BW2251 during the firmware update process. It will backward to previous version in case upgrade failure. System | Location Settings You can define the longitude and latitude for the device information or for the NMS to locate the device location. Figure 289 location setting Click edit to enter the Longitude and Latitude in digit and dot format. Figure 290 edit location[longitude/latitude]

Click save button to save it. Page 157 of 187 BW2251 User Guide v1.0 Chapter 5 User Pages (Based on XSL) Nov. 2013 This chapter describes the user pages based on XSL format. Detailed instructions on how to change and upload new user pages are given below. When launching his/her web browser the user's initial HTTP request will be redirected to an operator defined set of web pages, further called the "user pages". User pages are:

Welcome page the first page presented to the user.

Login page subscriber authentication page, allows the user to login to the network.

Logout page small pop-up window for logged-on user statistics and log-out function.

Help page get help with the login process.

Unauthorized page this page is displayed when web login or EAP login methods are disabled on the BW2251 for subscribers.

The following mentioned user pages are factory default. The operator/owner can upload new templates for all user pages based on their designed. Contact with BROWAN if you need the User Pages templates samples. User Pages Overview Welcome Page Welcome page is the first page a subscriber receives when he starts his web browser and enters any URL. By default its a very simple page and provides only a link to the login page. Figure 291 Welcome Page The operator/owner can change the welcome page according to their designed. See more details in section: Changing User Pages. Login Page The subscriber gets to the login page after clicking the link on the welcome page. The login page is loaded from the BW2251. To get access to the network, the user should enter his authentication settings: login name and password and click the login button:

Page 158 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 292 Simple Login Page The login name and password can be obtained from your Hotspot Operator. The login page also displays subscribers logical and physical network addresses (IP and MAC). Once authenticated, a start page appears. In addition, a smaller logout window (page) pops up. The operator/owner can change the login page according to its needs. See more details in section: Changing User Pages. Logout Page Make sure the JavaScript is enabled on your Web browser; otherwise you will not receive the logout page. The Logout page contains the detailed subscribers session information and provides function for logging out of the network:

Figure 293 Logout Page Detailed subscribers session information includes:

Page 159 of 187 BW2251 User Guide v1.0 Nov. 2013 Logout button click the button to logout from the network. The log-out pop-up window closes. Bill button display subscribers billing information (not include current session). Passwd button click the button to change subscribers password. User subscribers login name. User IP subscribers logical network name (IP address). MAC Address subscribers physical network address. time length subscribers time length from client log on in format: [hours: minutes: seconds]. Download/upload bytes subscribers session download and upload statistics in bytes. Download/upload bytes left session download and upload bytes left for subscriber limited from RADIUS [in B, KB, MB, GB and unlimited]. Total bytes left session total (download and upload) bytes left for subscriber limited form RADIUS

[in B, KB, MB, GB and unlimited]. time length left time length left in format: [hours: minutes: seconds]. Bandwidth downstream/upstream available upstream and downstream bandwidth for subscriber limited from RADIUS [in bps]. Refresh button click the button to refresh the subscriber session information. The operator/owner can change the logout page interface according to its needs. See more details in section: Changing User Pages.. All session details are further accessible via the operator XML interface. Help Page Figure 294 Get help page Click on the get help link in the login page for help tips related to network registration. A page appears similar to the following:

Figure 295 Get help page The operator/owner can change the help page according to its needs. See more details in section: Changing User Pages. Page 160 of 187 BW2251 User Guide v1.0 Nov. 2013 Unauthorized Page If web log-on method (UAM) or EAP-based authentication methods are disabled on the AC and the subscriber attempts to login to the network, he will receive the following page:

Figure 296 Get help page The operator/owner can change the unauthorized page according to its needs. See more details in section: Changing User Pages. Changing User Pages As the operator/owner you can modify the user pages freely according to your personal needs and preferences. User Page templates can be either stored locally on the AC or on an external web server. Use the user interface | configuration menu to modify user pages. There are two ways to change and store new user page templates:

External linking new user page templates from an external server. Internal upload new templates to local memory. Supported user pages template formats:

XSL (Extensible Style sheet Language) for welcome/login/logout/one click pages. HTML (Hypertext Markup Language for help/unauthorized pages. The welcome, Login and logout pages must be in .XSL format. The following image formats are supported for new templates. Other formats are not accepted:

PNG

GIF

JPG The following examples demonstrate the use of internal and external user pages. Contact with BROWAN if you need the User Pages templates samples. Example for External Pages Step 1 Step 2 Prepare your new user pages template for each user page:

welcome/login/logout/help/unauthorized. Under the user interface | configuration | pages menu select the user page you want to change (e.g. login) Page 161 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 297 - configure external pages Step 3 Choose the external option under the use column:

Figure 298 - configure external pages Step 4 Specify the new user page location in the location field (http://servername/filelocation):

Figure 299 - configure external pages Do not to upload different type of formats. It will not be displayed properly. Step 5 Save entered changes with the apply changes button:

Page 162 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 300 - configure external pages Step 6 Check for new uploaded user page (e.g. login):

Figure 301 - login page If at anytime you wish to restore factory default user pages, click the reset button under the system | reset & reboot menu. Page 163 of 187 BW2251 User Guide Sep. 2013 Example for Internal Pages We will use the user pages templates to show the example how to upload the internal pages. Follow the steps below:

Contact with BROWAN if you need the User Pages templates samples. Step 1 Ensure that internal option is selected for all user pages you want to change. By default internal option is defined for all pages:

Figure 302 - internal pages Step 2 Under the user | upload menu click the upload button to upload new prepared user pages:

Figure 303 - upload page The memory space in the AP for internal user pages is limited to 1 MB. Specify the location of new user page templates by clicking the browse button or enter the location manually. Specify the location for the additional files of new user page templates: images and a cascading style sheet file (css) by clicking the browse button or enter the location manually:

Step 3 BW2251 User Guide v1.0 Nov. 2013 Figure 304 - upload template files Step 4 Step 5 Click the upload button to upload specified templates and files. You do not need to upload all additional files at once. You can repeat the upload process a number of times until all necessary images are uploaded. Check for the newly uploaded user pages and images to ensure that everything is uploaded and displayed correctly. Go to the link:

https://<device-IP-address>/ to get to the new user welcome page:

Figure 305 - customize welcome page Click the here link or enter the link directly:

https://<device-IP-address>/login.user to get to the new user login page:

Page 165 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 306 - customize login page If at anytime you wish to restore the factory default user pages, click the reset button under the system | reset & reboot menu. Page 166 of 187 BW2251 User Guide v1.0 Nov. 2013 Extended UAM The Extensions feature (User menu) allows an external Web Application Server (WAS) to intercept/take part in the user authentication process externally log on and log off the user as necessary. It provides means to query user session information as well. See the following schemes to understand how the remote client authentication works. Scheme 1:

The remote authentication method when clients authentication request is re-directed to the external server (WAS):

WAS RADIUS Server Client AC 2. Fetch XSL 6. WAS tries to authenticate client 7. AC sends request to RADIUS 1. Initial Request 3. Renders HTML 4. Direct client communication with WAS 5. Client sends his/her login and password 9. WAS reports client status:

authenticated or not 8. RADIUS reply authenticated or not Figure 307 Client Remote Authentication Scheme (1) The Client initiates (1) authentication process. AC intercepts any access to the Internet via HTTP and redirects the client to the welcome, or login URL on AC. In order to render the custom login screen HTML page, the AC must be configured to (2) fetch .XSL script from a remote server, which in this case is a Web Application Server (WAS), or have custom .XSL uploaded on the AC. There is the ability to enable caching of .XSL scripts (see: User | Pages), thus avoiding fetching of the same document every time a client requests authentication. The AC (3) uses .XSL script to render HTML output, which is done by feeding a XML document to a parsed and prepared for rendering .XSL script. The latter XML document contains all needed information for Web Application Server like user name, password (if one was entered), user IP address, MAC address and NAS-Id. Custom .XSL script must generate initial welcome/login screen so that it embeds all the needed information in a HTML FORM element as hidden elements and POST data not back to the AC, but to the Web Application Server (5). Thereafter the client communicates directly with the Web Application Server. Page 167 of 187 BW2251 User Guide v1.0 Nov. 2013 When the Web Application server has all needed data from the client, it must try to authenticate (6) the client. Authentication is done by the RADIUS server but through the AC. At this step the shared secret is used to make the connection between the WAS and the AC. The AC re-sends the authentication request to the RADIUS server (7). Depending on the status, appropriate authentication status must be returned back to the WAS but through the AC (8). In step (9), the Web Application Server knows the client authentication status and reports success or failure back to the client. The Web Application Server (WAS) must be configured as a free site in the Walled Garden area. There is an ability to skip the rendering initial user pages from the .XSL. See the following scheme when the user initial request is redirected to the specified location. Scheme 2:

The remote authentication method when client with proxy authentication request is re-directed to the external server (WAS):

WAS RADIUS Server Client AC 1. Initial Request 2. Replay with HTTP redirect 3. Direct client communication with WAS 4. Client sends his/her login and password 8. WAS reports client status:

authenticated or not 5. WAS tries to authenticate client 6. AC sends request to RADIUS 7. RADIUS replay authenticated or not Figure 308 Client Remote Authentication Scheme (2) The initial client request (1) can be redirected to the specified location, as redirection URL on the Web Application server. In such case the client who wants to authenticate gets the redirection from AC (2). In other words the AC intercepts any access to the Internet via HTTP and redirects the client to the defined welcome, or login URL on WAS (also see: User | Pages). The further actions are the same as described in the Scheme 1 (Figure 307 Client Remote Authentication Scheme (1)). The WAS location URL under welcome page redirect must be configured as a free site in the Walled Garden area. To define such redirection URL use the user | pages menu. Enable welcome page, set the redirect setting and specify the redirect location for such authentication process (also see: User | Pages). Page 168 of 187 BW2251 User Guide v1.0 Nov. 2013 Parameters Sent to WAS Parameters that are send to the external server (WAS) using the remote user authentication method

(UAM). Parameter Description nasid NAS server ID value nasip WAN IP address for WAS clientip mac ourl sslport lang Lanip Client IP address Client MAC address Initial URL where not authorized client enter to his/her browser and tries to browse. After authentication the client is redirected in this URL HTTPS port number of AC (by default: 443). Parameter "accept-language" from client browser request The IP address of the LAN interface the user is connected to. Comments Can be specified under the Network | RADIUS Properties menu Can be changed or specified under the Network | Interface menu. Cannot be defined manually. Cannot be defined manually. Optional. Not configurable. Optional. Can be changed or specified under the Network | Interface menu. In order to logon, log-off or get user status WAS submits POST request to the following URLs:

1. Remote user logon Script name: pplogon.user Parameters:

shared secret, to protect page from accidental use IP address of user to be logged on. secret ip Username Username of the user to be logged on. password Password of the user to be logged on. All parameters are required. Script call example:

https://P720/pplogon.user?secret=sharedSecret&ip=<user_IP_address>&username

=userName&password=UserPassword Script produces XML output:

<logon>

<status>Ok</status>

<error>0</error>

<description>User logged on.</description>

<replymessage>Hello user!</replymessage>

</logon>

Response status and error codes:

status OK Not checked No IP No username description User is logged on. Logon information not checked. No user IP address supplied. No username supplied. error 0 100 101 102 Page 169 of 187 BW2251 User Guide v1.0 Nov. 2013 103 104 105 110 111 112 113 114 115 120 Disabled Remote authentication is disabled. Bad secret Incorrect shared secret supplied. No password No user password. OK User already logged on. Failed to authorize Failed to authorize user. Bad password Incorrect username or/and password. Network failed Network connection failed. Accounting error Accounting error. Too many users Too many users connected. Unknown authorization error Unknown authorization error.

<replymessage> is RADIUS Reply-Message attribute value. If RADIUS responds with Reply-

Message(s), they are added to logon response. If RADIUS does not responds with Reply-Message,

<replymessage> attribute is not added to output XML. 2. Remote user log-off Script name: pplogoff.user Parameters:

shared secret, to protect page from accidental use IP address of user to be logged off. secret ip username Username of the user to be logged off. AC address of the user to be logged off. mac All parameters are required, except the IP and MAC. At least one of IP and MAC addresses should be supplied. If supplied only IP, user is checked and logged off by username and IP. If IP and MAC addresses are supplied, then user is checked and logged off by username, IP and MAC addresses. Script call example:

https://P720/pplogoff.user?secret=sharedSecret&username=UserName&ip=<user_I P_address>

Script produces XML output:

<logoff>

<status>Ok</status>

<error>0</error>

<description>User logged off.</description>

</logoff>

Response statuses and error codes:

status OK Not checked No username Disabled Bad secret No IP/MAC Description User is logged off. Logoff information not checked. No username supplied. Remote authentication is disabled. Incorrect shared secret supplied. No user IP and/or MAC address supplied. User with supplied MAC address not error 0 100 102 103 104 106 Page 170 of 187 No user by MAC 121 BW2251 User Guide v1.0 Nov. 2013 No user by IP No user by IP and MAC Failed to logoff Cannot resolve IP Unknown logoff error 122 123 131 132 140 found. User with supplied IP address and username not found. User with supplied IP, MAC addresses and username not found. Failed to logoff user. Cannot resolve user IP. Unknown logoff error. 3. Remote user status

Script name: ppstatus.user

Parameters:

secret ip

username shared secret, to protect page from accidental use IP address of user to get status. Username of the user to get status. All parameters are required. Script call example:

https://P720/ppstatus.user?secret=sharedSecret&username=UserName&ip=<user_I P_address>

Script produces XML output:

XML output, when some error occurs:

<ppstatus>

<status>No user by IP</status>

<error>122</error>

<description>User with supplied IP address not found.</description>

</ppstatus>

Response statuses and error codes:

status OK Not checked No IP No username Disabled Bad secret No user by IP error 0 100 101 102 103 104 122 No user by IP and username 141 description User status is ok. Status information not checked. No user IP address supplied. No username supplied. Remote authentication is disabled. Incorrect shared secret supplied User with supplied IP address not found. User with supplied IP address and username not found.

XML output when no errors and user statistics got successfully:

<ppstatus>

<status>Ok</status>

<error>0</error>

<description>Got user status.</description>

Page 171 of 187 BW2251 User Guide v1.0 Nov. 2013

<entry id="1">g17</entry>

<entry id="2">192.168.2.117</entry>

<entry id="3">200347C92B63</entry>

<entry id="4">00:00:05</entry>

<entry id="5">3E64C7967A36</entry>

<entry id="6">00:01:10</entry>

<entry id="7">0 bytes</entry>

<entry id="8">0 bytes</entry>

<entry id="9">testlab</entry>

<entry id="10">unlimited</entry>

<entry id="11">unlimited</entry>

<entry id="12">unlimited</entry>

<entry id="13">32 Mbps</entry>

<entry id="14">32 Mbps</entry>

<entry id="15">04:59:55</entry>

<entry id="16">EAP</entry>

</ppstatus>

Status detailed information by ID:

id 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 description User name User IP address User MAC address Session time Session ID User idle time Output bytes Input bytes User WISP name Remaining bytes Remaining output bytes Remaining input bytes Bandwidth upstream Bandwidth downstream Remaining session time Authentication method Page 172 of 187 BW2251 User Guide v1.0 Nov. 2013 Chapter 6 Customized User page (HTML) This chapter assist you on configuring BW2251 customized login/logout pages using the BROWAN sample templates. There are coffee bar and general samples. User can also create a personalized login/logout pages based on the provided sample templates. Contact with BROWAN if you need the templates samples. Set up your customized user page Step1. Configure and Upload Customized Login/Logout Page files Login BW2251 as super administrator and go to User | Customized UAM. In order to configure BW2251 using the customized login/logout page, Customize Page status must be set to enable. To enable Customized Page, edit the Customize page status(User | Customized UAM) and set to Enabled. See the diagram below:

Figure 309 enable customize page status Figure 310 customize page status is enabled To start to upload the customized template files, click the upload button. (We will use the coffee bar style template files that BROWAN provided for this demonstration). After clicking the upload button, an Update Custom UAM Files screen will appear. (See diagram below). Page 173 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 311 upload files Enter the physical path and filename of the coffee template files, or click the browse button to search the coffee template files are located. The first two items are for login.html and logout.html files only. Additional files are for CSS and image files, such as jpg, gif, png and etc. Page 174 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 312 upload login.html After entering all the template files, press upload button to start the uploading files to BW2251. Only ten Additional files can be uploaded at one time. To upload more additional file, repeat the same upload process in step 2-4, but please be aware of the first two items are only for login.html and logout.html files. Image files can only be uploaded to Additional file fields Figure 313 upload other files Once all files are uploaded successfully, a list of Uploaded File List will show. Page 175 of 187 BW2251 User Guide v1.0 Nov. 2013 Figure 314 files have been uploaded Verify if all files are uploaded successfully Step2. Configure the pixels of logout window. The README file in each template directory contains the information of the pixels settings for the logout page. Enter the width size and height size setting of logout page and press the Save button. E.g. the coffee bar template, the suggested size of logout page is 760 x 601. Figure 315 set the pixels of logout window Step3. Everything is ready Now, any users that access the internet via the BW2251 will see the new personalized login and logout pages. Lets look at the new appearance of login and logout page based on the coffee bar template. Make sure your computer is in the same network with BW2251 and enter https://device IP address for the customized page test. Page 176 of 187 BW2251 User Guide v1.0 Nov. 2013

:

Figure 316 example of coffee bar login page Figure 317 example of coffee bar logout page Page 177 of 187 BW2251 User Guide v1.0 Nov. 2013 FAQ 1. Question: How to add some links that could be accessed without authentication?

Answer: These authentication-free sites for users are so called walled garden area. Please refer to the users guide to do the relating settings. 2. Question: How to hide the user login session information from my customers?

Answer: You can find these set of html code in logout.html we provided:

<td width="265" valign="top"><iframe src="logout.user?cmd=status" width="250"

height="240" marginwidth="0" marginheight="0" scrolling="yes"

frameborder="0"></iframe></td>

These set of code uses an embedded window to show the session data in logout window. Comment them with HTML comments language <!-- and //--> will hide the session data in logout window. 3. Question: If I dont want the logout window to pop-up to users, how could I do?

Answer: Please login BW2251 and go to User | Customized UAM to disable pop logout page. 4. Question: If I close the logout window, how can I logout?

Answer: 1. just un-plug your wireless card, or un-plug your network cable if you use a wired card. 2. Open a browser window, and input the URL: logout.usr, then you will be redirect to logout window. Page 178 of 187 Nov. 2013 BW2251 User Guide v1.0 Appendix A) Specification Wireless Standard Data Rate Transmit Power

(adjustable RF power) Ant. connectors Encryption DynamicBridge Interface LAN Console Management Interfaces Software Update Reset Physical Specification Dimension Weight Environment Specification Operating Power Supply POE Warranty 1 years Package Contents

BW2251 Outdoor Access Point

Mount kit

Related Products Controllers:

Access Points:

IEEE 802.11a/b/g/n 802.11n :

300,270,240,200.180,150,120,100,54,48,36,24,18,12,11,9,6,5.5,2,1Mbps 802.11a : 54,48,36,24,18,12,9,6Mbps 802.11g : 54,48,36,24,18,12,9,6Mbps 802.11b : 11,5.5,2,1Mbps (auto fallback) Max. 27 dBm 2dBm

(Maximum power will vary by channel, rate and regulatory domain) 4 N type connectors WPA/WPA2TKIP and CCMP-AES, Dynamic/static 64bits and 128bits WEP Up to 31 bridge links 10/100/100Mb Ethernet, auto sensing, RJ-45 1 for RJ-45 interface HTTPs, Secure Telnet(SSHv2), SNMP Remote software update via HTTPs H/W and S/W restore factory default 230 mm x 200 mm x 65 mm 1800100g Temperature

-30C to +60C Humidity 10%~90%, non-condensing IEEE802.3at, IEEE802.3af-2003 compliance

RJ-45 waterproof connector

BG-6020G/G-4200 Public Access Controller BW1253 single radio 802.11a/b/g/n hotspot indoor access point BW1254 dual radio 802.11a/b/g/n hotspot indoor access point Page 179 of 187 BW2251 User Guide v1.0 Nov. 2013 B) Factory Defaults for the BW2251 Network Interface Configuration Settings Operation Mode Mode Network | Interface AP Mode (Default) Interface Type IP Address Netmask Gateway AP Router Mode Interface Type IP Address Netmask Gateway Network | RADIUS Properties RADIUS Retries RADIUS Timeout NAS Server ID User Session Timeout User Accounting Update Interval User Accounting Update Retry User Idle Timeout Bandwidth Up Bandwidth Down Network | RADIUS Servers Name Type IP Address Port Secret Type IP Address Port Secret User Password Md5sum Secret Network | DHCP Server DHCP Server Status AP br0 LAN 192.168.2.2 255.255.255.0 0.0.0.0 eth0 WAN 192.168.2.2 255.255.255.0 192.168.2.1 5 2

-

72000 600 60 900 512 Kbits 512 Kbits DEFAULT (default) Authentication 0.0.0.0 1812 password (case sensitive) Accounting 0.0.0.0 1813 secret (case sensitive) disabled Disabled Page 180 of 187 BW2251 User Guide v1.0 Nov. 2013 192.168.3.2 192.168.3.254 255.255.255.0 192.168.3.1 0.0.0.0 86400 0.0.0.0 0.0.0.0 Primary 0.0.0.0 Secondary 0.0.0.0 IP Address from IP Address to Netmask Gateway WINS Address Lease Time (seconds) DNS address DNS Secondary address Network | DNS (only for AP router mode) Type IP Address Type IP Address Network | Static Route (only for AP router mode) No routes are defined on system. WISP No WISP defined on system. Wireless | Basic WLAN1 Regulatory Domain Channels Wireless Band Total Output Power(EIRP) RTS Threshold Layer2 Isolation Operation Mode WLAN2 Regulatory Domain Channels Wireless Band Total Output Power(EIRP) RTS Threshold Layer2 Isolation Operation Mode Wireless | Advanced WLAN1 SSID Hidden SSID Security WLAN2 SSID Hidden SSID Security BW2251-11ng Disabled Disabled BW2251-11na Disabled Disabled FCC 11(static) 2.4GHz(11n HT20) 14dBm 2347bytes disabled AP FCC 36(static) 5GHz(11n HT20) 13dBm 2347bytes disabled AP Page 181 of 187 BW2251 User Guide v1.0 Nov. 2013 Wireless | MSSID No multiple BSSID entry Wireless | WEP Status Key1 to Key4 Wireless |MAC ACL ACL Policy Disabled aaaaa Disabled User Settings User | Customized UAM (Only for AP router mode) Disabled Use SSL Customize Page Disabled User | Station Supervision Interval Failure count User | WISP(Only for AP router mode) Domain Policy No WISP defined on system 20 3 Username@domain System Settings System | Administrator Super administrator:

Username: admin (case sensitive) Password: admin01 (case sensitive) Enabled public private public System | SNMP SNMP Service Readonly Community Readwrite Community Default Trap Community There are no SNMP traps on system. System | Telnet Telnet Service SSH Service System | NTP NTP Service Time Zone There are no NTP Server settings on system. System | Time Enabled Enabled Disabled GMT-12:00 Page 182 of 187 Nov. 2013 BW2251 User Guide v1.0 Date System | System Log Remote Log Status Host IP Log Level Local Log Status Log Limit(bytes) Log Level 1970/01/01 Disabled 192.168.2.1 info Enabled 102400 info C) Location ID and ISO Country Codes This list states the country names (official short names in English) in alphabetical order as given in ISO 3166-1 and the corresponding ISO 3166-1-alpha-2 code elements. It lists 239 official short names and code elements. Location ID AF AL DZ AS AD Afghanistan Albania Algeria American Samoa Andorra Location ID LI LT LU MO MK Country Country Liechtenstein Lithuania Luxembourg Macao Macedonia, the former Yugoslav republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, federated states of Moldova, republic of Monaco Mongolia Montserrat MG MW MY MV ML MT MH MQ MR MU YT MX FM MD MC MN MS Page 183 of 187 Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize AO AI AQ AG AR AM AW AU AT AZ BS BH BD BB BY BE BZ BW2251 User Guide v1.0 Nov. 2013 MA Benin MZ Bermuda MM Bhutan NA Bolivia NR Bosnia and Herzegovina NP Botswana NL Bouvet island AN Brazil NC British Indian ocean territory NZ Brunei Darussalam NI Bulgaria NE Burkina Faso NG Burundi NU Cambodia NF Cameroon MP Canada NO Cape Verde OM Cayman islands PK Central African republic PW Chad PS Chile PA China PG Christmas island PY Cocos (keeling) islands PE Colombia PH Comoros Congo PN Congo, the democratic republic of the PL PT Cook islands PR Costa Rica Cte d'ivoire QA RE Croatia RO Cuba Cyprus RU RW Czech republic SH Denmark Djibouti KN LC Dominica PM Dominican republic Ecuador VC WS Egypt Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk island Northern Mariana islands Norway Oman Pakistan Palau Palestinian territory, occupied Panama Papua new guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Runion Romania Russian federation Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the grenadines Samoa Page 184 of 187 BJ BM BT BO BA BW BV BR IO BN BG BF BI KH CM CA CV KY CF TD CL CN CX CC CO KM CG CD CK CR CI HR CU CY CZ DK DJ DM DO EC EG BW2251 User Guide v1.0 Nov. 2013 El Salvador Equatorial guinea Eritrea Estonia Ethiopia Falkland islands (malvinas) Faroe islands Fiji Finland France French Guiana French Polynesia French southern territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guinea-Bissau Guyana Haiti Heard island and McDonald islands Holy see (Vatican city state) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic republic of Iraq Ireland Israel SM ST SA SN SC SL SG SK SI SB SO ZA GS ES LK SD SR SJ SZ SE CH SY TW TJ TZ TH TL TG TK TO TT TN TR TM TC TV UG UA AE GB US San Marino Sao tome and Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon islands Somalia South Africa South Georgia and the south sandwich islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayan Swaziland Sweden Switzerland Syrian Arab republic Taiwan, province of china Tajikistan Tanzania, united republic of Thailand Timor-leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos islands Tuvalu Uganda Ukraine United Arab emirates United kingdom United states Page 185 of 187 SV GQ ER EE ET FK FO FJ FI FR GF PF TF GA GM GE DE GH GI GR GL GD GP GU GT GN GW GY HT HM VA HN HK HU IS IN ID IR IQ IE IL BW2251 User Guide v1.0 Nov. 2013 Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea, democratic people's republic of Korea, republic of Kuwait Kyrgyzstan Lao people's democratic republic Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya UM UY UZ VU VE VN VG VI WF EH YE YU ZM ZW United states minor outlying islands Uruguay Uzbekistan Vanuatu Vatican city state see holy see Venezuela Viet nam Virgin islands, British Virgin islands, u.s. Wallis and Futuna Western Sahara Yemen Yugoslavia Zaire see Congo, the democratic republic of the Zambia Zimbabwe Page 186 of 187 IT JM JP JO KZ KE KI KP KR KW KG LA LV LB LS LR LY